Merge tag 'sched-urgent-2023-10-21' of git://git.kernel.org/pub/scm/linux/kernel...
[platform/kernel/linux-rpi.git] / block / sed-opal.c
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright © 2016 Intel Corporation
4  *
5  * Authors:
6  *    Scott  Bauer      <scott.bauer@intel.com>
7  *    Rafael Antognolli <rafael.antognolli@intel.com>
8  */
9
10 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
11
12 #include <linux/delay.h>
13 #include <linux/device.h>
14 #include <linux/kernel.h>
15 #include <linux/list.h>
16 #include <linux/blkdev.h>
17 #include <linux/slab.h>
18 #include <linux/uaccess.h>
19 #include <uapi/linux/sed-opal.h>
20 #include <linux/sed-opal.h>
21 #include <linux/string.h>
22 #include <linux/kdev_t.h>
23 #include <linux/key.h>
24 #include <linux/key-type.h>
25 #include <keys/user-type.h>
26
27 #include "opal_proto.h"
28
29 #define IO_BUFFER_LENGTH 2048
30 #define MAX_TOKS 64
31
32 /* Number of bytes needed by cmd_finalize. */
33 #define CMD_FINALIZE_BYTES_NEEDED 7
34
35 static struct key *sed_opal_keyring;
36
37 struct opal_step {
38         int (*fn)(struct opal_dev *dev, void *data);
39         void *data;
40 };
41 typedef int (cont_fn)(struct opal_dev *dev);
42
43 enum opal_atom_width {
44         OPAL_WIDTH_TINY,
45         OPAL_WIDTH_SHORT,
46         OPAL_WIDTH_MEDIUM,
47         OPAL_WIDTH_LONG,
48         OPAL_WIDTH_TOKEN
49 };
50
51 /*
52  * On the parsed response, we don't store again the toks that are already
53  * stored in the response buffer. Instead, for each token, we just store a
54  * pointer to the position in the buffer where the token starts, and the size
55  * of the token in bytes.
56  */
57 struct opal_resp_tok {
58         const u8 *pos;
59         size_t len;
60         enum opal_response_token type;
61         enum opal_atom_width width;
62         union {
63                 u64 u;
64                 s64 s;
65         } stored;
66 };
67
68 /*
69  * From the response header it's not possible to know how many tokens there are
70  * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
71  * if we start dealing with messages that have more than that, we can increase
72  * this number. This is done to avoid having to make two passes through the
73  * response, the first one counting how many tokens we have and the second one
74  * actually storing the positions.
75  */
76 struct parsed_resp {
77         int num;
78         struct opal_resp_tok toks[MAX_TOKS];
79 };
80
81 struct opal_dev {
82         u32 flags;
83
84         void *data;
85         sec_send_recv *send_recv;
86
87         struct mutex dev_lock;
88         u16 comid;
89         u32 hsn;
90         u32 tsn;
91         u64 align; /* alignment granularity */
92         u64 lowest_lba;
93         u32 logical_block_size;
94         u8  align_required; /* ALIGN: 0 or 1 */
95
96         size_t pos;
97         u8 *cmd;
98         u8 *resp;
99
100         struct parsed_resp parsed;
101         size_t prev_d_len;
102         void *prev_data;
103
104         struct list_head unlk_lst;
105 };
106
107
108 static const u8 opaluid[][OPAL_UID_LENGTH] = {
109         /* users */
110         [OPAL_SMUID_UID] =
111                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
112         [OPAL_THISSP_UID] =
113                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
114         [OPAL_ADMINSP_UID] =
115                 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
116         [OPAL_LOCKINGSP_UID] =
117                 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
118         [OPAL_ENTERPRISE_LOCKINGSP_UID] =
119                 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
120         [OPAL_ANYBODY_UID] =
121                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
122         [OPAL_SID_UID] =
123                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
124         [OPAL_ADMIN1_UID] =
125                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
126         [OPAL_USER1_UID] =
127                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
128         [OPAL_USER2_UID] =
129                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
130         [OPAL_PSID_UID] =
131                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
132         [OPAL_ENTERPRISE_BANDMASTER0_UID] =
133                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
134         [OPAL_ENTERPRISE_ERASEMASTER_UID] =
135                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
136
137         /* tables */
138         [OPAL_TABLE_TABLE] =
139                 { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
140         [OPAL_LOCKINGRANGE_GLOBAL] =
141                 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
142         [OPAL_LOCKINGRANGE_ACE_START_TO_KEY] =
143                 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xD0, 0x01 },
144         [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
145                 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
146         [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
147                 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
148         [OPAL_MBRCONTROL] =
149                 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
150         [OPAL_MBR] =
151                 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
152         [OPAL_AUTHORITY_TABLE] =
153                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
154         [OPAL_C_PIN_TABLE] =
155                 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
156         [OPAL_LOCKING_INFO_TABLE] =
157                 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
158         [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
159                 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
160         [OPAL_DATASTORE] =
161                 { 0x00, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00, 0x00 },
162
163         /* C_PIN_TABLE object ID's */
164         [OPAL_C_PIN_MSID] =
165                 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
166         [OPAL_C_PIN_SID] =
167                 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
168         [OPAL_C_PIN_ADMIN1] =
169                 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
170
171         /* half UID's (only first 4 bytes used) */
172         [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
173                 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
174         [OPAL_HALF_UID_BOOLEAN_ACE] =
175                 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
176
177         /* special value for omitted optional parameter */
178         [OPAL_UID_HEXFF] =
179                 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
180 };
181
182 /*
183  * TCG Storage SSC Methods.
184  * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
185  * Section: 6.3 Assigned UIDs
186  */
187 static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
188         [OPAL_PROPERTIES] =
189                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
190         [OPAL_STARTSESSION] =
191                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
192         [OPAL_REVERT] =
193                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
194         [OPAL_ACTIVATE] =
195                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
196         [OPAL_EGET] =
197                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
198         [OPAL_ESET] =
199                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
200         [OPAL_NEXT] =
201                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
202         [OPAL_EAUTHENTICATE] =
203                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
204         [OPAL_GETACL] =
205                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
206         [OPAL_GENKEY] =
207                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
208         [OPAL_REVERTSP] =
209                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
210         [OPAL_GET] =
211                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
212         [OPAL_SET] =
213                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
214         [OPAL_AUTHENTICATE] =
215                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
216         [OPAL_RANDOM] =
217                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
218         [OPAL_ERASE] =
219                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
220 };
221
222 static int end_opal_session_error(struct opal_dev *dev);
223 static int opal_discovery0_step(struct opal_dev *dev);
224
225 struct opal_suspend_data {
226         struct opal_lock_unlock unlk;
227         u8 lr;
228         struct list_head node;
229 };
230
231 /*
232  * Derived from:
233  * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
234  * Section: 5.1.5 Method Status Codes
235  */
236 static const char * const opal_errors[] = {
237         "Success",
238         "Not Authorized",
239         "Unknown Error",
240         "SP Busy",
241         "SP Failed",
242         "SP Disabled",
243         "SP Frozen",
244         "No Sessions Available",
245         "Uniqueness Conflict",
246         "Insufficient Space",
247         "Insufficient Rows",
248         "Invalid Function",
249         "Invalid Parameter",
250         "Invalid Reference",
251         "Unknown Error",
252         "TPER Malfunction",
253         "Transaction Failure",
254         "Response Overflow",
255         "Authority Locked Out",
256 };
257
258 static const char *opal_error_to_human(int error)
259 {
260         if (error == 0x3f)
261                 return "Failed";
262
263         if (error >= ARRAY_SIZE(opal_errors) || error < 0)
264                 return "Unknown Error";
265
266         return opal_errors[error];
267 }
268
269 static void print_buffer(const u8 *ptr, u32 length)
270 {
271 #ifdef DEBUG
272         print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
273         pr_debug("\n");
274 #endif
275 }
276
277 /*
278  * Allocate/update a SED Opal key and add it to the SED Opal keyring.
279  */
280 static int update_sed_opal_key(const char *desc, u_char *key_data, int keylen)
281 {
282         key_ref_t kr;
283
284         if (!sed_opal_keyring)
285                 return -ENOKEY;
286
287         kr = key_create_or_update(make_key_ref(sed_opal_keyring, true), "user",
288                                   desc, (const void *)key_data, keylen,
289                                   KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
290                                   KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_BUILT_IN |
291                                         KEY_ALLOC_BYPASS_RESTRICTION);
292         if (IS_ERR(kr)) {
293                 pr_err("Error adding SED key (%ld)\n", PTR_ERR(kr));
294                 return PTR_ERR(kr);
295         }
296
297         return 0;
298 }
299
300 /*
301  * Read a SED Opal key from the SED Opal keyring.
302  */
303 static int read_sed_opal_key(const char *key_name, u_char *buffer, int buflen)
304 {
305         int ret;
306         key_ref_t kref;
307         struct key *key;
308
309         if (!sed_opal_keyring)
310                 return -ENOKEY;
311
312         kref = keyring_search(make_key_ref(sed_opal_keyring, true),
313                               &key_type_user, key_name, true);
314
315         if (IS_ERR(kref))
316                 ret = PTR_ERR(kref);
317
318         key = key_ref_to_ptr(kref);
319         down_read(&key->sem);
320         ret = key_validate(key);
321         if (ret == 0) {
322                 if (buflen > key->datalen)
323                         buflen = key->datalen;
324
325                 ret = key->type->read(key, (char *)buffer, buflen);
326         }
327         up_read(&key->sem);
328
329         key_ref_put(kref);
330
331         return ret;
332 }
333
334 static int opal_get_key(struct opal_dev *dev, struct opal_key *key)
335 {
336         int ret = 0;
337
338         switch (key->key_type) {
339         case OPAL_INCLUDED:
340                 /* the key is ready to use */
341                 break;
342         case OPAL_KEYRING:
343                 /* the key is in the keyring */
344                 ret = read_sed_opal_key(OPAL_AUTH_KEY, key->key, OPAL_KEY_MAX);
345                 if (ret > 0) {
346                         if (ret > U8_MAX) {
347                                 ret = -ENOSPC;
348                                 goto error;
349                         }
350                         key->key_len = ret;
351                         key->key_type = OPAL_INCLUDED;
352                 }
353                 break;
354         default:
355                 ret = -EINVAL;
356                 break;
357         }
358         if (ret < 0)
359                 goto error;
360
361         /* must have a PEK by now or it's an error */
362         if (key->key_type != OPAL_INCLUDED || key->key_len == 0) {
363                 ret = -EINVAL;
364                 goto error;
365         }
366         return 0;
367 error:
368         pr_debug("Error getting password: %d\n", ret);
369         return ret;
370 }
371
372 static bool check_tper(const void *data)
373 {
374         const struct d0_tper_features *tper = data;
375         u8 flags = tper->supported_features;
376
377         if (!(flags & TPER_SYNC_SUPPORTED)) {
378                 pr_debug("TPer sync not supported. flags = %d\n",
379                          tper->supported_features);
380                 return false;
381         }
382
383         return true;
384 }
385
386 static bool check_lcksuppt(const void *data)
387 {
388         const struct d0_locking_features *lfeat = data;
389         u8 sup_feat = lfeat->supported_features;
390
391         return !!(sup_feat & LOCKING_SUPPORTED_MASK);
392 }
393
394 static bool check_lckenabled(const void *data)
395 {
396         const struct d0_locking_features *lfeat = data;
397         u8 sup_feat = lfeat->supported_features;
398
399         return !!(sup_feat & LOCKING_ENABLED_MASK);
400 }
401
402 static bool check_locked(const void *data)
403 {
404         const struct d0_locking_features *lfeat = data;
405         u8 sup_feat = lfeat->supported_features;
406
407         return !!(sup_feat & LOCKED_MASK);
408 }
409
410 static bool check_mbrenabled(const void *data)
411 {
412         const struct d0_locking_features *lfeat = data;
413         u8 sup_feat = lfeat->supported_features;
414
415         return !!(sup_feat & MBR_ENABLED_MASK);
416 }
417
418 static bool check_mbrdone(const void *data)
419 {
420         const struct d0_locking_features *lfeat = data;
421         u8 sup_feat = lfeat->supported_features;
422
423         return !!(sup_feat & MBR_DONE_MASK);
424 }
425
426 static bool check_sum(const void *data)
427 {
428         const struct d0_single_user_mode *sum = data;
429         u32 nlo = be32_to_cpu(sum->num_locking_objects);
430
431         if (nlo == 0) {
432                 pr_debug("Need at least one locking object.\n");
433                 return false;
434         }
435
436         pr_debug("Number of locking objects: %d\n", nlo);
437
438         return true;
439 }
440
441 static u16 get_comid_v100(const void *data)
442 {
443         const struct d0_opal_v100 *v100 = data;
444
445         return be16_to_cpu(v100->baseComID);
446 }
447
448 static u16 get_comid_v200(const void *data)
449 {
450         const struct d0_opal_v200 *v200 = data;
451
452         return be16_to_cpu(v200->baseComID);
453 }
454
455 static int opal_send_cmd(struct opal_dev *dev)
456 {
457         return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
458                               dev->cmd, IO_BUFFER_LENGTH,
459                               true);
460 }
461
462 static int opal_recv_cmd(struct opal_dev *dev)
463 {
464         return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
465                               dev->resp, IO_BUFFER_LENGTH,
466                               false);
467 }
468
469 static int opal_recv_check(struct opal_dev *dev)
470 {
471         size_t buflen = IO_BUFFER_LENGTH;
472         void *buffer = dev->resp;
473         struct opal_header *hdr = buffer;
474         int ret;
475
476         do {
477                 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
478                          hdr->cp.outstandingData,
479                          hdr->cp.minTransfer);
480
481                 if (hdr->cp.outstandingData == 0 ||
482                     hdr->cp.minTransfer != 0)
483                         return 0;
484
485                 memset(buffer, 0, buflen);
486                 ret = opal_recv_cmd(dev);
487         } while (!ret);
488
489         return ret;
490 }
491
492 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
493 {
494         int ret;
495
496         ret = opal_send_cmd(dev);
497         if (ret)
498                 return ret;
499         ret = opal_recv_cmd(dev);
500         if (ret)
501                 return ret;
502         ret = opal_recv_check(dev);
503         if (ret)
504                 return ret;
505         return cont(dev);
506 }
507
508 static void check_geometry(struct opal_dev *dev, const void *data)
509 {
510         const struct d0_geometry_features *geo = data;
511
512         dev->align = be64_to_cpu(geo->alignment_granularity);
513         dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba);
514         dev->logical_block_size = be32_to_cpu(geo->logical_block_size);
515         dev->align_required = geo->reserved01 & 1;
516 }
517
518 static int execute_step(struct opal_dev *dev,
519                         const struct opal_step *step, size_t stepIndex)
520 {
521         int error = step->fn(dev, step->data);
522
523         if (error) {
524                 pr_debug("Step %zu (%pS) failed with error %d: %s\n",
525                          stepIndex, step->fn, error,
526                          opal_error_to_human(error));
527         }
528
529         return error;
530 }
531
532 static int execute_steps(struct opal_dev *dev,
533                          const struct opal_step *steps, size_t n_steps)
534 {
535         size_t state = 0;
536         int error;
537
538         /* first do a discovery0 */
539         error = opal_discovery0_step(dev);
540         if (error)
541                 return error;
542
543         for (state = 0; state < n_steps; state++) {
544                 error = execute_step(dev, &steps[state], state);
545                 if (error)
546                         goto out_error;
547         }
548
549         return 0;
550
551 out_error:
552         /*
553          * For each OPAL command the first step in steps starts some sort of
554          * session. If an error occurred in the initial discovery0 or if an
555          * error occurred in the first step (and thus stopping the loop with
556          * state == 0) then there was an error before or during the attempt to
557          * start a session. Therefore we shouldn't attempt to terminate a
558          * session, as one has not yet been created.
559          */
560         if (state > 0)
561                 end_opal_session_error(dev);
562
563         return error;
564 }
565
566 static int opal_discovery0_end(struct opal_dev *dev, void *data)
567 {
568         struct opal_discovery *discv_out = data; /* may be NULL */
569         u8 __user *buf_out;
570         u64 len_out;
571         bool found_com_id = false, supported = true, single_user = false;
572         const struct d0_header *hdr = (struct d0_header *)dev->resp;
573         const u8 *epos = dev->resp, *cpos = dev->resp;
574         u16 comid = 0;
575         u32 hlen = be32_to_cpu(hdr->length);
576
577         print_buffer(dev->resp, hlen);
578         dev->flags &= OPAL_FL_SUPPORTED;
579
580         if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
581                 pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
582                          sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
583                 return -EFAULT;
584         }
585
586         if (discv_out) {
587                 buf_out = (u8 __user *)(uintptr_t)discv_out->data;
588                 len_out = min_t(u64, discv_out->size, hlen);
589                 if (buf_out && copy_to_user(buf_out, dev->resp, len_out))
590                         return -EFAULT;
591
592                 discv_out->size = hlen; /* actual size of data */
593         }
594
595         epos += hlen; /* end of buffer */
596         cpos += sizeof(*hdr); /* current position on buffer */
597
598         while (cpos < epos && supported) {
599                 const struct d0_features *body =
600                         (const struct d0_features *)cpos;
601
602                 switch (be16_to_cpu(body->code)) {
603                 case FC_TPER:
604                         supported = check_tper(body->features);
605                         break;
606                 case FC_SINGLEUSER:
607                         single_user = check_sum(body->features);
608                         if (single_user)
609                                 dev->flags |= OPAL_FL_SUM_SUPPORTED;
610                         break;
611                 case FC_GEOMETRY:
612                         check_geometry(dev, body);
613                         break;
614                 case FC_LOCKING:
615                         if (check_lcksuppt(body->features))
616                                 dev->flags |= OPAL_FL_LOCKING_SUPPORTED;
617                         if (check_lckenabled(body->features))
618                                 dev->flags |= OPAL_FL_LOCKING_ENABLED;
619                         if (check_locked(body->features))
620                                 dev->flags |= OPAL_FL_LOCKED;
621                         if (check_mbrenabled(body->features))
622                                 dev->flags |= OPAL_FL_MBR_ENABLED;
623                         if (check_mbrdone(body->features))
624                                 dev->flags |= OPAL_FL_MBR_DONE;
625                         break;
626                 case FC_ENTERPRISE:
627                 case FC_DATASTORE:
628                         /* some ignored properties */
629                         pr_debug("Found OPAL feature description: %d\n",
630                                  be16_to_cpu(body->code));
631                         break;
632                 case FC_OPALV100:
633                         comid = get_comid_v100(body->features);
634                         found_com_id = true;
635                         break;
636                 case FC_OPALV200:
637                         comid = get_comid_v200(body->features);
638                         found_com_id = true;
639                         break;
640                 case 0xbfff ... 0xffff:
641                         /* vendor specific, just ignore */
642                         break;
643                 default:
644                         pr_debug("OPAL Unknown feature: %d\n",
645                                  be16_to_cpu(body->code));
646
647                 }
648                 cpos += body->length + 4;
649         }
650
651         if (!supported) {
652                 pr_debug("This device is not Opal enabled. Not Supported!\n");
653                 return -EOPNOTSUPP;
654         }
655
656         if (!single_user)
657                 pr_debug("Device doesn't support single user mode\n");
658
659
660         if (!found_com_id) {
661                 pr_debug("Could not find OPAL comid for device. Returning early\n");
662                 return -EOPNOTSUPP;
663         }
664
665         dev->comid = comid;
666
667         return 0;
668 }
669
670 static int opal_discovery0(struct opal_dev *dev, void *data)
671 {
672         int ret;
673
674         memset(dev->resp, 0, IO_BUFFER_LENGTH);
675         dev->comid = OPAL_DISCOVERY_COMID;
676         ret = opal_recv_cmd(dev);
677         if (ret)
678                 return ret;
679
680         return opal_discovery0_end(dev, data);
681 }
682
683 static int opal_discovery0_step(struct opal_dev *dev)
684 {
685         const struct opal_step discovery0_step = {
686                 opal_discovery0, NULL
687         };
688
689         return execute_step(dev, &discovery0_step, 0);
690 }
691
692 static size_t remaining_size(struct opal_dev *cmd)
693 {
694         return IO_BUFFER_LENGTH - cmd->pos;
695 }
696
697 static bool can_add(int *err, struct opal_dev *cmd, size_t len)
698 {
699         if (*err)
700                 return false;
701
702         if (remaining_size(cmd) < len) {
703                 pr_debug("Error adding %zu bytes: end of buffer.\n", len);
704                 *err = -ERANGE;
705                 return false;
706         }
707
708         return true;
709 }
710
711 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
712 {
713         if (!can_add(err, cmd, 1))
714                 return;
715
716         cmd->cmd[cmd->pos++] = tok;
717 }
718
719 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
720                                   bool has_sign, int len)
721 {
722         u8 atom;
723         int err = 0;
724
725         atom = SHORT_ATOM_ID;
726         atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
727         atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
728         atom |= len & SHORT_ATOM_LEN_MASK;
729
730         add_token_u8(&err, cmd, atom);
731 }
732
733 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
734                                    bool has_sign, int len)
735 {
736         u8 header0;
737
738         header0 = MEDIUM_ATOM_ID;
739         header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
740         header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
741         header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
742
743         cmd->cmd[cmd->pos++] = header0;
744         cmd->cmd[cmd->pos++] = len;
745 }
746
747 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
748 {
749         size_t len;
750         int msb;
751
752         if (!(number & ~TINY_ATOM_DATA_MASK)) {
753                 add_token_u8(err, cmd, number);
754                 return;
755         }
756
757         msb = fls64(number);
758         len = DIV_ROUND_UP(msb, 8);
759
760         if (!can_add(err, cmd, len + 1)) {
761                 pr_debug("Error adding u64: end of buffer.\n");
762                 return;
763         }
764         add_short_atom_header(cmd, false, false, len);
765         while (len--)
766                 add_token_u8(err, cmd, number >> (len * 8));
767 }
768
769 static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
770 {
771         size_t header_len = 1;
772         bool is_short_atom = true;
773
774         if (len & ~SHORT_ATOM_LEN_MASK) {
775                 header_len = 2;
776                 is_short_atom = false;
777         }
778
779         if (!can_add(err, cmd, header_len + len)) {
780                 pr_debug("Error adding bytestring: end of buffer.\n");
781                 return NULL;
782         }
783
784         if (is_short_atom)
785                 add_short_atom_header(cmd, true, false, len);
786         else
787                 add_medium_atom_header(cmd, true, false, len);
788
789         return &cmd->cmd[cmd->pos];
790 }
791
792 static void add_token_bytestring(int *err, struct opal_dev *cmd,
793                                  const u8 *bytestring, size_t len)
794 {
795         u8 *start;
796
797         start = add_bytestring_header(err, cmd, len);
798         if (!start)
799                 return;
800         memcpy(start, bytestring, len);
801         cmd->pos += len;
802 }
803
804 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
805 {
806         if (length > OPAL_UID_LENGTH) {
807                 pr_debug("Can't build locking range. Length OOB\n");
808                 return -ERANGE;
809         }
810
811         memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
812
813         if (lr == 0)
814                 return 0;
815
816         buffer[5] = LOCKING_RANGE_NON_GLOBAL;
817         buffer[7] = lr;
818
819         return 0;
820 }
821
822 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
823 {
824         if (length > OPAL_UID_LENGTH) {
825                 pr_debug("Can't build locking range user. Length OOB\n");
826                 return -ERANGE;
827         }
828
829         memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
830
831         buffer[7] = lr + 1;
832
833         return 0;
834 }
835
836 static void set_comid(struct opal_dev *cmd, u16 comid)
837 {
838         struct opal_header *hdr = (struct opal_header *)cmd->cmd;
839
840         hdr->cp.extendedComID[0] = comid >> 8;
841         hdr->cp.extendedComID[1] = comid;
842         hdr->cp.extendedComID[2] = 0;
843         hdr->cp.extendedComID[3] = 0;
844 }
845
846 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
847 {
848         struct opal_header *hdr;
849         int err = 0;
850
851         /*
852          * Close the parameter list opened from cmd_start.
853          * The number of bytes added must be equal to
854          * CMD_FINALIZE_BYTES_NEEDED.
855          */
856         add_token_u8(&err, cmd, OPAL_ENDLIST);
857
858         add_token_u8(&err, cmd, OPAL_ENDOFDATA);
859         add_token_u8(&err, cmd, OPAL_STARTLIST);
860         add_token_u8(&err, cmd, 0);
861         add_token_u8(&err, cmd, 0);
862         add_token_u8(&err, cmd, 0);
863         add_token_u8(&err, cmd, OPAL_ENDLIST);
864
865         if (err) {
866                 pr_debug("Error finalizing command.\n");
867                 return -EFAULT;
868         }
869
870         hdr = (struct opal_header *) cmd->cmd;
871
872         hdr->pkt.tsn = cpu_to_be32(tsn);
873         hdr->pkt.hsn = cpu_to_be32(hsn);
874
875         hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
876         while (cmd->pos % 4) {
877                 if (cmd->pos >= IO_BUFFER_LENGTH) {
878                         pr_debug("Error: Buffer overrun\n");
879                         return -ERANGE;
880                 }
881                 cmd->cmd[cmd->pos++] = 0;
882         }
883         hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
884                                       sizeof(hdr->pkt));
885         hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
886
887         return 0;
888 }
889
890 static const struct opal_resp_tok *response_get_token(
891                                 const struct parsed_resp *resp,
892                                 int n)
893 {
894         const struct opal_resp_tok *tok;
895
896         if (!resp) {
897                 pr_debug("Response is NULL\n");
898                 return ERR_PTR(-EINVAL);
899         }
900
901         if (n >= resp->num) {
902                 pr_debug("Token number doesn't exist: %d, resp: %d\n",
903                          n, resp->num);
904                 return ERR_PTR(-EINVAL);
905         }
906
907         tok = &resp->toks[n];
908         if (tok->len == 0) {
909                 pr_debug("Token length must be non-zero\n");
910                 return ERR_PTR(-EINVAL);
911         }
912
913         return tok;
914 }
915
916 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
917                                    const u8 *pos)
918 {
919         tok->pos = pos;
920         tok->len = 1;
921         tok->width = OPAL_WIDTH_TINY;
922
923         if (pos[0] & TINY_ATOM_SIGNED) {
924                 tok->type = OPAL_DTA_TOKENID_SINT;
925         } else {
926                 tok->type = OPAL_DTA_TOKENID_UINT;
927                 tok->stored.u = pos[0] & 0x3f;
928         }
929
930         return tok->len;
931 }
932
933 static ssize_t response_parse_short(struct opal_resp_tok *tok,
934                                     const u8 *pos)
935 {
936         tok->pos = pos;
937         tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
938         tok->width = OPAL_WIDTH_SHORT;
939
940         if (pos[0] & SHORT_ATOM_BYTESTRING) {
941                 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
942         } else if (pos[0] & SHORT_ATOM_SIGNED) {
943                 tok->type = OPAL_DTA_TOKENID_SINT;
944         } else {
945                 u64 u_integer = 0;
946                 ssize_t i, b = 0;
947
948                 tok->type = OPAL_DTA_TOKENID_UINT;
949                 if (tok->len > 9) {
950                         pr_debug("uint64 with more than 8 bytes\n");
951                         return -EINVAL;
952                 }
953                 for (i = tok->len - 1; i > 0; i--) {
954                         u_integer |= ((u64)pos[i] << (8 * b));
955                         b++;
956                 }
957                 tok->stored.u = u_integer;
958         }
959
960         return tok->len;
961 }
962
963 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
964                                      const u8 *pos)
965 {
966         tok->pos = pos;
967         tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
968         tok->width = OPAL_WIDTH_MEDIUM;
969
970         if (pos[0] & MEDIUM_ATOM_BYTESTRING)
971                 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
972         else if (pos[0] & MEDIUM_ATOM_SIGNED)
973                 tok->type = OPAL_DTA_TOKENID_SINT;
974         else
975                 tok->type = OPAL_DTA_TOKENID_UINT;
976
977         return tok->len;
978 }
979
980 static ssize_t response_parse_long(struct opal_resp_tok *tok,
981                                    const u8 *pos)
982 {
983         tok->pos = pos;
984         tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
985         tok->width = OPAL_WIDTH_LONG;
986
987         if (pos[0] & LONG_ATOM_BYTESTRING)
988                 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
989         else if (pos[0] & LONG_ATOM_SIGNED)
990                 tok->type = OPAL_DTA_TOKENID_SINT;
991         else
992                 tok->type = OPAL_DTA_TOKENID_UINT;
993
994         return tok->len;
995 }
996
997 static ssize_t response_parse_token(struct opal_resp_tok *tok,
998                                     const u8 *pos)
999 {
1000         tok->pos = pos;
1001         tok->len = 1;
1002         tok->type = OPAL_DTA_TOKENID_TOKEN;
1003         tok->width = OPAL_WIDTH_TOKEN;
1004
1005         return tok->len;
1006 }
1007
1008 static int response_parse(const u8 *buf, size_t length,
1009                           struct parsed_resp *resp)
1010 {
1011         const struct opal_header *hdr;
1012         struct opal_resp_tok *iter;
1013         int num_entries = 0;
1014         int total;
1015         ssize_t token_length;
1016         const u8 *pos;
1017         u32 clen, plen, slen;
1018
1019         if (!buf)
1020                 return -EFAULT;
1021
1022         if (!resp)
1023                 return -EFAULT;
1024
1025         hdr = (struct opal_header *)buf;
1026         pos = buf;
1027         pos += sizeof(*hdr);
1028
1029         clen = be32_to_cpu(hdr->cp.length);
1030         plen = be32_to_cpu(hdr->pkt.length);
1031         slen = be32_to_cpu(hdr->subpkt.length);
1032         pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
1033                  clen, plen, slen);
1034
1035         if (clen == 0 || plen == 0 || slen == 0 ||
1036             slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
1037                 pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
1038                          clen, plen, slen);
1039                 print_buffer(pos, sizeof(*hdr));
1040                 return -EINVAL;
1041         }
1042
1043         if (pos > buf + length)
1044                 return -EFAULT;
1045
1046         iter = resp->toks;
1047         total = slen;
1048         print_buffer(pos, total);
1049         while (total > 0) {
1050                 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
1051                         token_length = response_parse_tiny(iter, pos);
1052                 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
1053                         token_length = response_parse_short(iter, pos);
1054                 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
1055                         token_length = response_parse_medium(iter, pos);
1056                 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
1057                         token_length = response_parse_long(iter, pos);
1058                 else /* TOKEN */
1059                         token_length = response_parse_token(iter, pos);
1060
1061                 if (token_length < 0)
1062                         return token_length;
1063
1064                 pos += token_length;
1065                 total -= token_length;
1066                 iter++;
1067                 num_entries++;
1068         }
1069
1070         resp->num = num_entries;
1071
1072         return 0;
1073 }
1074
1075 static size_t response_get_string(const struct parsed_resp *resp, int n,
1076                                   const char **store)
1077 {
1078         u8 skip;
1079         const struct opal_resp_tok *tok;
1080
1081         *store = NULL;
1082         tok = response_get_token(resp, n);
1083         if (IS_ERR(tok))
1084                 return 0;
1085
1086         if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
1087                 pr_debug("Token is not a byte string!\n");
1088                 return 0;
1089         }
1090
1091         switch (tok->width) {
1092         case OPAL_WIDTH_TINY:
1093         case OPAL_WIDTH_SHORT:
1094                 skip = 1;
1095                 break;
1096         case OPAL_WIDTH_MEDIUM:
1097                 skip = 2;
1098                 break;
1099         case OPAL_WIDTH_LONG:
1100                 skip = 4;
1101                 break;
1102         default:
1103                 pr_debug("Token has invalid width!\n");
1104                 return 0;
1105         }
1106
1107         *store = tok->pos + skip;
1108
1109         return tok->len - skip;
1110 }
1111
1112 static u64 response_get_u64(const struct parsed_resp *resp, int n)
1113 {
1114         const struct opal_resp_tok *tok;
1115
1116         tok = response_get_token(resp, n);
1117         if (IS_ERR(tok))
1118                 return 0;
1119
1120         if (tok->type != OPAL_DTA_TOKENID_UINT) {
1121                 pr_debug("Token is not unsigned int: %d\n", tok->type);
1122                 return 0;
1123         }
1124
1125         if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
1126                 pr_debug("Atom is not short or tiny: %d\n", tok->width);
1127                 return 0;
1128         }
1129
1130         return tok->stored.u;
1131 }
1132
1133 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
1134 {
1135         if (IS_ERR(token) ||
1136             token->type != OPAL_DTA_TOKENID_TOKEN ||
1137             token->pos[0] != match)
1138                 return false;
1139         return true;
1140 }
1141
1142 static u8 response_status(const struct parsed_resp *resp)
1143 {
1144         const struct opal_resp_tok *tok;
1145
1146         tok = response_get_token(resp, 0);
1147         if (response_token_matches(tok, OPAL_ENDOFSESSION))
1148                 return 0;
1149
1150         if (resp->num < 5)
1151                 return DTAERROR_NO_METHOD_STATUS;
1152
1153         tok = response_get_token(resp, resp->num - 5);
1154         if (!response_token_matches(tok, OPAL_STARTLIST))
1155                 return DTAERROR_NO_METHOD_STATUS;
1156
1157         tok = response_get_token(resp, resp->num - 1);
1158         if (!response_token_matches(tok, OPAL_ENDLIST))
1159                 return DTAERROR_NO_METHOD_STATUS;
1160
1161         return response_get_u64(resp, resp->num - 4);
1162 }
1163
1164 /* Parses and checks for errors */
1165 static int parse_and_check_status(struct opal_dev *dev)
1166 {
1167         int error;
1168
1169         print_buffer(dev->cmd, dev->pos);
1170
1171         error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
1172         if (error) {
1173                 pr_debug("Couldn't parse response.\n");
1174                 return error;
1175         }
1176
1177         return response_status(&dev->parsed);
1178 }
1179
1180 static void clear_opal_cmd(struct opal_dev *dev)
1181 {
1182         dev->pos = sizeof(struct opal_header);
1183         memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1184 }
1185
1186 static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1187 {
1188         int err = 0;
1189
1190         clear_opal_cmd(dev);
1191         set_comid(dev, dev->comid);
1192
1193         add_token_u8(&err, dev, OPAL_CALL);
1194         add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1195         add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1196
1197         /*
1198          * Every method call is followed by its parameters enclosed within
1199          * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1200          * parameter list here and close it later in cmd_finalize.
1201          */
1202         add_token_u8(&err, dev, OPAL_STARTLIST);
1203
1204         return err;
1205 }
1206
1207 static int start_opal_session_cont(struct opal_dev *dev)
1208 {
1209         u32 hsn, tsn;
1210         int error = 0;
1211
1212         error = parse_and_check_status(dev);
1213         if (error)
1214                 return error;
1215
1216         hsn = response_get_u64(&dev->parsed, 4);
1217         tsn = response_get_u64(&dev->parsed, 5);
1218
1219         if (hsn != GENERIC_HOST_SESSION_NUM || tsn < FIRST_TPER_SESSION_NUM) {
1220                 pr_debug("Couldn't authenticate session\n");
1221                 return -EPERM;
1222         }
1223
1224         dev->hsn = hsn;
1225         dev->tsn = tsn;
1226
1227         return 0;
1228 }
1229
1230 static void add_suspend_info(struct opal_dev *dev,
1231                              struct opal_suspend_data *sus)
1232 {
1233         struct opal_suspend_data *iter;
1234
1235         list_for_each_entry(iter, &dev->unlk_lst, node) {
1236                 if (iter->lr == sus->lr) {
1237                         list_del(&iter->node);
1238                         kfree(iter);
1239                         break;
1240                 }
1241         }
1242         list_add_tail(&sus->node, &dev->unlk_lst);
1243 }
1244
1245 static int end_session_cont(struct opal_dev *dev)
1246 {
1247         dev->hsn = 0;
1248         dev->tsn = 0;
1249
1250         return parse_and_check_status(dev);
1251 }
1252
1253 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1254 {
1255         int ret;
1256
1257         ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1258         if (ret) {
1259                 pr_debug("Error finalizing command buffer: %d\n", ret);
1260                 return ret;
1261         }
1262
1263         print_buffer(dev->cmd, dev->pos);
1264
1265         return opal_send_recv(dev, cont);
1266 }
1267
1268 static int generic_get_columns(struct opal_dev *dev, const u8 *table,
1269                                u64 start_column, u64 end_column)
1270 {
1271         int err;
1272
1273         err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1274
1275         add_token_u8(&err, dev, OPAL_STARTLIST);
1276
1277         add_token_u8(&err, dev, OPAL_STARTNAME);
1278         add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1279         add_token_u64(&err, dev, start_column);
1280         add_token_u8(&err, dev, OPAL_ENDNAME);
1281
1282         add_token_u8(&err, dev, OPAL_STARTNAME);
1283         add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1284         add_token_u64(&err, dev, end_column);
1285         add_token_u8(&err, dev, OPAL_ENDNAME);
1286
1287         add_token_u8(&err, dev, OPAL_ENDLIST);
1288
1289         if (err)
1290                 return err;
1291
1292         return finalize_and_send(dev, parse_and_check_status);
1293 }
1294
1295 /*
1296  * request @column from table @table on device @dev. On success, the column
1297  * data will be available in dev->resp->tok[4]
1298  */
1299 static int generic_get_column(struct opal_dev *dev, const u8 *table,
1300                               u64 column)
1301 {
1302         return generic_get_columns(dev, table, column, column);
1303 }
1304
1305 /*
1306  * see TCG SAS 5.3.2.3 for a description of the available columns
1307  *
1308  * the result is provided in dev->resp->tok[4]
1309  */
1310 static int generic_get_table_info(struct opal_dev *dev, const u8 *table_uid,
1311                                   u64 column)
1312 {
1313         u8 uid[OPAL_UID_LENGTH];
1314         const unsigned int half = OPAL_UID_LENGTH_HALF;
1315
1316         /* sed-opal UIDs can be split in two halves:
1317          *  first:  actual table index
1318          *  second: relative index in the table
1319          * so we have to get the first half of the OPAL_TABLE_TABLE and use the
1320          * first part of the target table as relative index into that table
1321          */
1322         memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
1323         memcpy(uid + half, table_uid, half);
1324
1325         return generic_get_column(dev, uid, column);
1326 }
1327
1328 static int gen_key(struct opal_dev *dev, void *data)
1329 {
1330         u8 uid[OPAL_UID_LENGTH];
1331         int err;
1332
1333         memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1334         kfree(dev->prev_data);
1335         dev->prev_data = NULL;
1336
1337         err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1338
1339         if (err) {
1340                 pr_debug("Error building gen key command\n");
1341                 return err;
1342
1343         }
1344
1345         return finalize_and_send(dev, parse_and_check_status);
1346 }
1347
1348 static int get_active_key_cont(struct opal_dev *dev)
1349 {
1350         const char *activekey;
1351         size_t keylen;
1352         int error = 0;
1353
1354         error = parse_and_check_status(dev);
1355         if (error)
1356                 return error;
1357
1358         keylen = response_get_string(&dev->parsed, 4, &activekey);
1359         if (!activekey) {
1360                 pr_debug("%s: Couldn't extract the Activekey from the response\n",
1361                          __func__);
1362                 return OPAL_INVAL_PARAM;
1363         }
1364
1365         dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1366
1367         if (!dev->prev_data)
1368                 return -ENOMEM;
1369
1370         dev->prev_d_len = keylen;
1371
1372         return 0;
1373 }
1374
1375 static int get_active_key(struct opal_dev *dev, void *data)
1376 {
1377         u8 uid[OPAL_UID_LENGTH];
1378         int err;
1379         u8 *lr = data;
1380
1381         err = build_locking_range(uid, sizeof(uid), *lr);
1382         if (err)
1383                 return err;
1384
1385         err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1386         if (err)
1387                 return err;
1388
1389         return get_active_key_cont(dev);
1390 }
1391
1392 static int generic_table_write_data(struct opal_dev *dev, const u64 data,
1393                                     u64 offset, u64 size, const u8 *uid)
1394 {
1395         const u8 __user *src = (u8 __user *)(uintptr_t)data;
1396         u8 *dst;
1397         u64 len;
1398         size_t off = 0;
1399         int err;
1400
1401         /* do we fit in the available space? */
1402         err = generic_get_table_info(dev, uid, OPAL_TABLE_ROWS);
1403         if (err) {
1404                 pr_debug("Couldn't get the table size\n");
1405                 return err;
1406         }
1407
1408         len = response_get_u64(&dev->parsed, 4);
1409         if (size > len || offset > len - size) {
1410                 pr_debug("Does not fit in the table (%llu vs. %llu)\n",
1411                           offset + size, len);
1412                 return -ENOSPC;
1413         }
1414
1415         /* do the actual transmission(s) */
1416         while (off < size) {
1417                 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1418                 add_token_u8(&err, dev, OPAL_STARTNAME);
1419                 add_token_u8(&err, dev, OPAL_WHERE);
1420                 add_token_u64(&err, dev, offset + off);
1421                 add_token_u8(&err, dev, OPAL_ENDNAME);
1422
1423                 add_token_u8(&err, dev, OPAL_STARTNAME);
1424                 add_token_u8(&err, dev, OPAL_VALUES);
1425
1426                 /*
1427                  * The bytestring header is either 1 or 2 bytes, so assume 2.
1428                  * There also needs to be enough space to accommodate the
1429                  * trailing OPAL_ENDNAME (1 byte) and tokens added by
1430                  * cmd_finalize.
1431                  */
1432                 len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
1433                           (size_t)(size - off));
1434                 pr_debug("Write bytes %zu+%llu/%llu\n", off, len, size);
1435
1436                 dst = add_bytestring_header(&err, dev, len);
1437                 if (!dst)
1438                         break;
1439
1440                 if (copy_from_user(dst, src + off, len)) {
1441                         err = -EFAULT;
1442                         break;
1443                 }
1444
1445                 dev->pos += len;
1446
1447                 add_token_u8(&err, dev, OPAL_ENDNAME);
1448                 if (err)
1449                         break;
1450
1451                 err = finalize_and_send(dev, parse_and_check_status);
1452                 if (err)
1453                         break;
1454
1455                 off += len;
1456         }
1457
1458         return err;
1459 }
1460
1461 static int generic_lr_enable_disable(struct opal_dev *dev,
1462                                      u8 *uid, bool rle, bool wle,
1463                                      bool rl, bool wl)
1464 {
1465         int err;
1466
1467         err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1468
1469         add_token_u8(&err, dev, OPAL_STARTNAME);
1470         add_token_u8(&err, dev, OPAL_VALUES);
1471         add_token_u8(&err, dev, OPAL_STARTLIST);
1472
1473         add_token_u8(&err, dev, OPAL_STARTNAME);
1474         add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1475         add_token_u8(&err, dev, rle);
1476         add_token_u8(&err, dev, OPAL_ENDNAME);
1477
1478         add_token_u8(&err, dev, OPAL_STARTNAME);
1479         add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1480         add_token_u8(&err, dev, wle);
1481         add_token_u8(&err, dev, OPAL_ENDNAME);
1482
1483         add_token_u8(&err, dev, OPAL_STARTNAME);
1484         add_token_u8(&err, dev, OPAL_READLOCKED);
1485         add_token_u8(&err, dev, rl);
1486         add_token_u8(&err, dev, OPAL_ENDNAME);
1487
1488         add_token_u8(&err, dev, OPAL_STARTNAME);
1489         add_token_u8(&err, dev, OPAL_WRITELOCKED);
1490         add_token_u8(&err, dev, wl);
1491         add_token_u8(&err, dev, OPAL_ENDNAME);
1492
1493         add_token_u8(&err, dev, OPAL_ENDLIST);
1494         add_token_u8(&err, dev, OPAL_ENDNAME);
1495
1496         return err;
1497 }
1498
1499 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1500                                    struct opal_user_lr_setup *setup)
1501 {
1502         int err;
1503
1504         err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1505                                         0, 0);
1506         if (err)
1507                 pr_debug("Failed to create enable global lr command\n");
1508
1509         return err;
1510 }
1511
1512 static int setup_locking_range(struct opal_dev *dev, void *data)
1513 {
1514         u8 uid[OPAL_UID_LENGTH];
1515         struct opal_user_lr_setup *setup = data;
1516         u8 lr;
1517         int err;
1518
1519         lr = setup->session.opal_key.lr;
1520         err = build_locking_range(uid, sizeof(uid), lr);
1521         if (err)
1522                 return err;
1523
1524         if (lr == 0)
1525                 err = enable_global_lr(dev, uid, setup);
1526         else {
1527                 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1528
1529                 add_token_u8(&err, dev, OPAL_STARTNAME);
1530                 add_token_u8(&err, dev, OPAL_VALUES);
1531                 add_token_u8(&err, dev, OPAL_STARTLIST);
1532
1533                 add_token_u8(&err, dev, OPAL_STARTNAME);
1534                 add_token_u8(&err, dev, OPAL_RANGESTART);
1535                 add_token_u64(&err, dev, setup->range_start);
1536                 add_token_u8(&err, dev, OPAL_ENDNAME);
1537
1538                 add_token_u8(&err, dev, OPAL_STARTNAME);
1539                 add_token_u8(&err, dev, OPAL_RANGELENGTH);
1540                 add_token_u64(&err, dev, setup->range_length);
1541                 add_token_u8(&err, dev, OPAL_ENDNAME);
1542
1543                 add_token_u8(&err, dev, OPAL_STARTNAME);
1544                 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1545                 add_token_u64(&err, dev, !!setup->RLE);
1546                 add_token_u8(&err, dev, OPAL_ENDNAME);
1547
1548                 add_token_u8(&err, dev, OPAL_STARTNAME);
1549                 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1550                 add_token_u64(&err, dev, !!setup->WLE);
1551                 add_token_u8(&err, dev, OPAL_ENDNAME);
1552
1553                 add_token_u8(&err, dev, OPAL_ENDLIST);
1554                 add_token_u8(&err, dev, OPAL_ENDNAME);
1555         }
1556         if (err) {
1557                 pr_debug("Error building Setup Locking range command.\n");
1558                 return err;
1559         }
1560
1561         return finalize_and_send(dev, parse_and_check_status);
1562 }
1563
1564 static int response_get_column(const struct parsed_resp *resp,
1565                                int *iter,
1566                                u8 column,
1567                                u64 *value)
1568 {
1569         const struct opal_resp_tok *tok;
1570         int n = *iter;
1571         u64 val;
1572
1573         tok = response_get_token(resp, n);
1574         if (IS_ERR(tok))
1575                 return PTR_ERR(tok);
1576
1577         if (!response_token_matches(tok, OPAL_STARTNAME)) {
1578                 pr_debug("Unexpected response token type %d.\n", n);
1579                 return OPAL_INVAL_PARAM;
1580         }
1581         n++;
1582
1583         if (response_get_u64(resp, n) != column) {
1584                 pr_debug("Token %d does not match expected column %u.\n",
1585                          n, column);
1586                 return OPAL_INVAL_PARAM;
1587         }
1588         n++;
1589
1590         val = response_get_u64(resp, n);
1591         n++;
1592
1593         tok = response_get_token(resp, n);
1594         if (IS_ERR(tok))
1595                 return PTR_ERR(tok);
1596
1597         if (!response_token_matches(tok, OPAL_ENDNAME)) {
1598                 pr_debug("Unexpected response token type %d.\n", n);
1599                 return OPAL_INVAL_PARAM;
1600         }
1601         n++;
1602
1603         *value = val;
1604         *iter = n;
1605
1606         return 0;
1607 }
1608
1609 static int locking_range_status(struct opal_dev *dev, void *data)
1610 {
1611         u8 lr_buffer[OPAL_UID_LENGTH];
1612         u64 resp;
1613         bool rlocked, wlocked;
1614         int err, tok_n = 2;
1615         struct opal_lr_status *lrst = data;
1616
1617         err = build_locking_range(lr_buffer, sizeof(lr_buffer),
1618                                   lrst->session.opal_key.lr);
1619         if (err)
1620                 return err;
1621
1622         err = generic_get_columns(dev, lr_buffer, OPAL_RANGESTART,
1623                                   OPAL_WRITELOCKED);
1624         if (err) {
1625                 pr_debug("Couldn't get lr %u table columns %d to %d.\n",
1626                          lrst->session.opal_key.lr, OPAL_RANGESTART,
1627                          OPAL_WRITELOCKED);
1628                 return err;
1629         }
1630
1631         /* range start */
1632         err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGESTART,
1633                                   &lrst->range_start);
1634         if (err)
1635                 return err;
1636
1637         /* range length */
1638         err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGELENGTH,
1639                                   &lrst->range_length);
1640         if (err)
1641                 return err;
1642
1643         /* RLE */
1644         err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKENABLED,
1645                                   &resp);
1646         if (err)
1647                 return err;
1648
1649         lrst->RLE = !!resp;
1650
1651         /* WLE */
1652         err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKENABLED,
1653                                   &resp);
1654         if (err)
1655                 return err;
1656
1657         lrst->WLE = !!resp;
1658
1659         /* read locked */
1660         err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKED, &resp);
1661         if (err)
1662                 return err;
1663
1664         rlocked = !!resp;
1665
1666         /* write locked */
1667         err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKED, &resp);
1668         if (err)
1669                 return err;
1670
1671         wlocked = !!resp;
1672
1673         /* opal_lock_state can not map 'read locked' only state. */
1674         lrst->l_state = OPAL_RW;
1675         if (rlocked && wlocked)
1676                 lrst->l_state = OPAL_LK;
1677         else if (wlocked)
1678                 lrst->l_state = OPAL_RO;
1679         else if (rlocked) {
1680                 pr_debug("Can not report read locked only state.\n");
1681                 return -EINVAL;
1682         }
1683
1684         return 0;
1685 }
1686
1687 static int start_generic_opal_session(struct opal_dev *dev,
1688                                       enum opal_uid auth,
1689                                       enum opal_uid sp_type,
1690                                       const char *key,
1691                                       u8 key_len)
1692 {
1693         u32 hsn;
1694         int err;
1695
1696         if (key == NULL && auth != OPAL_ANYBODY_UID)
1697                 return OPAL_INVAL_PARAM;
1698
1699         hsn = GENERIC_HOST_SESSION_NUM;
1700         err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1701                         opalmethod[OPAL_STARTSESSION]);
1702
1703         add_token_u64(&err, dev, hsn);
1704         add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1705         add_token_u8(&err, dev, 1);
1706
1707         switch (auth) {
1708         case OPAL_ANYBODY_UID:
1709                 break;
1710         case OPAL_ADMIN1_UID:
1711         case OPAL_SID_UID:
1712         case OPAL_PSID_UID:
1713                 add_token_u8(&err, dev, OPAL_STARTNAME);
1714                 add_token_u8(&err, dev, 0); /* HostChallenge */
1715                 add_token_bytestring(&err, dev, key, key_len);
1716                 add_token_u8(&err, dev, OPAL_ENDNAME);
1717                 add_token_u8(&err, dev, OPAL_STARTNAME);
1718                 add_token_u8(&err, dev, 3); /* HostSignAuth */
1719                 add_token_bytestring(&err, dev, opaluid[auth],
1720                                      OPAL_UID_LENGTH);
1721                 add_token_u8(&err, dev, OPAL_ENDNAME);
1722                 break;
1723         default:
1724                 pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1725                 return OPAL_INVAL_PARAM;
1726         }
1727
1728         if (err) {
1729                 pr_debug("Error building start adminsp session command.\n");
1730                 return err;
1731         }
1732
1733         return finalize_and_send(dev, start_opal_session_cont);
1734 }
1735
1736 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1737 {
1738         return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1739                                           OPAL_ADMINSP_UID, NULL, 0);
1740 }
1741
1742 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1743 {
1744         int ret;
1745         const u8 *key = dev->prev_data;
1746
1747         if (!key) {
1748                 const struct opal_key *okey = data;
1749
1750                 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1751                                                  OPAL_ADMINSP_UID,
1752                                                  okey->key,
1753                                                  okey->key_len);
1754         } else {
1755                 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1756                                                  OPAL_ADMINSP_UID,
1757                                                  key, dev->prev_d_len);
1758                 kfree(key);
1759                 dev->prev_data = NULL;
1760         }
1761
1762         return ret;
1763 }
1764
1765 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1766 {
1767         struct opal_key *key = data;
1768
1769         return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1770                                           OPAL_LOCKINGSP_UID,
1771                                           key->key, key->key_len);
1772 }
1773
1774 static int start_PSID_opal_session(struct opal_dev *dev, void *data)
1775 {
1776         const struct opal_key *okey = data;
1777
1778         return start_generic_opal_session(dev, OPAL_PSID_UID,
1779                                           OPAL_ADMINSP_UID,
1780                                           okey->key,
1781                                           okey->key_len);
1782 }
1783
1784 static int start_auth_opal_session(struct opal_dev *dev, void *data)
1785 {
1786         struct opal_session_info *session = data;
1787         u8 lk_ul_user[OPAL_UID_LENGTH];
1788         size_t keylen = session->opal_key.key_len;
1789         int err = 0;
1790
1791         u8 *key = session->opal_key.key;
1792         u32 hsn = GENERIC_HOST_SESSION_NUM;
1793
1794         if (session->sum)
1795                 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1796                                          session->opal_key.lr);
1797         else if (session->who != OPAL_ADMIN1 && !session->sum)
1798                 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1799                                          session->who - 1);
1800         else
1801                 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1802
1803         if (err)
1804                 return err;
1805
1806         err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1807                         opalmethod[OPAL_STARTSESSION]);
1808
1809         add_token_u64(&err, dev, hsn);
1810         add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1811                              OPAL_UID_LENGTH);
1812         add_token_u8(&err, dev, 1);
1813         add_token_u8(&err, dev, OPAL_STARTNAME);
1814         add_token_u8(&err, dev, 0);
1815         add_token_bytestring(&err, dev, key, keylen);
1816         add_token_u8(&err, dev, OPAL_ENDNAME);
1817         add_token_u8(&err, dev, OPAL_STARTNAME);
1818         add_token_u8(&err, dev, 3);
1819         add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1820         add_token_u8(&err, dev, OPAL_ENDNAME);
1821
1822         if (err) {
1823                 pr_debug("Error building STARTSESSION command.\n");
1824                 return err;
1825         }
1826
1827         return finalize_and_send(dev, start_opal_session_cont);
1828 }
1829
1830 static int revert_tper(struct opal_dev *dev, void *data)
1831 {
1832         int err;
1833
1834         err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1835                         opalmethod[OPAL_REVERT]);
1836         if (err) {
1837                 pr_debug("Error building REVERT TPER command.\n");
1838                 return err;
1839         }
1840
1841         return finalize_and_send(dev, parse_and_check_status);
1842 }
1843
1844 static int internal_activate_user(struct opal_dev *dev, void *data)
1845 {
1846         struct opal_session_info *session = data;
1847         u8 uid[OPAL_UID_LENGTH];
1848         int err;
1849
1850         memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1851         uid[7] = session->who;
1852
1853         err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1854         add_token_u8(&err, dev, OPAL_STARTNAME);
1855         add_token_u8(&err, dev, OPAL_VALUES);
1856         add_token_u8(&err, dev, OPAL_STARTLIST);
1857         add_token_u8(&err, dev, OPAL_STARTNAME);
1858         add_token_u8(&err, dev, 5); /* Enabled */
1859         add_token_u8(&err, dev, OPAL_TRUE);
1860         add_token_u8(&err, dev, OPAL_ENDNAME);
1861         add_token_u8(&err, dev, OPAL_ENDLIST);
1862         add_token_u8(&err, dev, OPAL_ENDNAME);
1863
1864         if (err) {
1865                 pr_debug("Error building Activate UserN command.\n");
1866                 return err;
1867         }
1868
1869         return finalize_and_send(dev, parse_and_check_status);
1870 }
1871
1872 static int revert_lsp(struct opal_dev *dev, void *data)
1873 {
1874         struct opal_revert_lsp *rev = data;
1875         int err;
1876
1877         err = cmd_start(dev, opaluid[OPAL_THISSP_UID],
1878                         opalmethod[OPAL_REVERTSP]);
1879         add_token_u8(&err, dev, OPAL_STARTNAME);
1880         add_token_u64(&err, dev, OPAL_KEEP_GLOBAL_RANGE_KEY);
1881         add_token_u8(&err, dev, (rev->options & OPAL_PRESERVE) ?
1882                         OPAL_TRUE : OPAL_FALSE);
1883         add_token_u8(&err, dev, OPAL_ENDNAME);
1884         if (err) {
1885                 pr_debug("Error building REVERT SP command.\n");
1886                 return err;
1887         }
1888
1889         return finalize_and_send(dev, parse_and_check_status);
1890 }
1891
1892 static int erase_locking_range(struct opal_dev *dev, void *data)
1893 {
1894         struct opal_session_info *session = data;
1895         u8 uid[OPAL_UID_LENGTH];
1896         int err;
1897
1898         if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1899                 return -ERANGE;
1900
1901         err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1902
1903         if (err) {
1904                 pr_debug("Error building Erase Locking Range Command.\n");
1905                 return err;
1906         }
1907
1908         return finalize_and_send(dev, parse_and_check_status);
1909 }
1910
1911 static int set_mbr_done(struct opal_dev *dev, void *data)
1912 {
1913         u8 *mbr_done_tf = data;
1914         int err;
1915
1916         err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1917                         opalmethod[OPAL_SET]);
1918
1919         add_token_u8(&err, dev, OPAL_STARTNAME);
1920         add_token_u8(&err, dev, OPAL_VALUES);
1921         add_token_u8(&err, dev, OPAL_STARTLIST);
1922         add_token_u8(&err, dev, OPAL_STARTNAME);
1923         add_token_u8(&err, dev, OPAL_MBRDONE);
1924         add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1925         add_token_u8(&err, dev, OPAL_ENDNAME);
1926         add_token_u8(&err, dev, OPAL_ENDLIST);
1927         add_token_u8(&err, dev, OPAL_ENDNAME);
1928
1929         if (err) {
1930                 pr_debug("Error Building set MBR Done command\n");
1931                 return err;
1932         }
1933
1934         return finalize_and_send(dev, parse_and_check_status);
1935 }
1936
1937 static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1938 {
1939         u8 *mbr_en_dis = data;
1940         int err;
1941
1942         err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1943                         opalmethod[OPAL_SET]);
1944
1945         add_token_u8(&err, dev, OPAL_STARTNAME);
1946         add_token_u8(&err, dev, OPAL_VALUES);
1947         add_token_u8(&err, dev, OPAL_STARTLIST);
1948         add_token_u8(&err, dev, OPAL_STARTNAME);
1949         add_token_u8(&err, dev, OPAL_MBRENABLE);
1950         add_token_u8(&err, dev, *mbr_en_dis);
1951         add_token_u8(&err, dev, OPAL_ENDNAME);
1952         add_token_u8(&err, dev, OPAL_ENDLIST);
1953         add_token_u8(&err, dev, OPAL_ENDNAME);
1954
1955         if (err) {
1956                 pr_debug("Error Building set MBR done command\n");
1957                 return err;
1958         }
1959
1960         return finalize_and_send(dev, parse_and_check_status);
1961 }
1962
1963 static int write_shadow_mbr(struct opal_dev *dev, void *data)
1964 {
1965         struct opal_shadow_mbr *shadow = data;
1966
1967         return generic_table_write_data(dev, shadow->data, shadow->offset,
1968                                         shadow->size, opaluid[OPAL_MBR]);
1969 }
1970
1971 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1972                           struct opal_dev *dev)
1973 {
1974         int err;
1975
1976         err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1977
1978         add_token_u8(&err, dev, OPAL_STARTNAME);
1979         add_token_u8(&err, dev, OPAL_VALUES);
1980         add_token_u8(&err, dev, OPAL_STARTLIST);
1981         add_token_u8(&err, dev, OPAL_STARTNAME);
1982         add_token_u8(&err, dev, OPAL_PIN);
1983         add_token_bytestring(&err, dev, key, key_len);
1984         add_token_u8(&err, dev, OPAL_ENDNAME);
1985         add_token_u8(&err, dev, OPAL_ENDLIST);
1986         add_token_u8(&err, dev, OPAL_ENDNAME);
1987
1988         return err;
1989 }
1990
1991 static int set_new_pw(struct opal_dev *dev, void *data)
1992 {
1993         u8 cpin_uid[OPAL_UID_LENGTH];
1994         struct opal_session_info *usr = data;
1995
1996         memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1997
1998         if (usr->who != OPAL_ADMIN1) {
1999                 cpin_uid[5] = 0x03;
2000                 if (usr->sum)
2001                         cpin_uid[7] = usr->opal_key.lr + 1;
2002                 else
2003                         cpin_uid[7] = usr->who;
2004         }
2005
2006         if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
2007                            cpin_uid, dev)) {
2008                 pr_debug("Error building set password command.\n");
2009                 return -ERANGE;
2010         }
2011
2012         return finalize_and_send(dev, parse_and_check_status);
2013 }
2014
2015 static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
2016 {
2017         u8 cpin_uid[OPAL_UID_LENGTH];
2018         struct opal_key *key = data;
2019
2020         memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
2021
2022         if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
2023                 pr_debug("Error building Set SID cpin\n");
2024                 return -ERANGE;
2025         }
2026         return finalize_and_send(dev, parse_and_check_status);
2027 }
2028
2029 static void add_authority_object_ref(int *err,
2030                                      struct opal_dev *dev,
2031                                      const u8 *uid,
2032                                      size_t uid_len)
2033 {
2034         add_token_u8(err, dev, OPAL_STARTNAME);
2035         add_token_bytestring(err, dev,
2036                              opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
2037                              OPAL_UID_LENGTH/2);
2038         add_token_bytestring(err, dev, uid, uid_len);
2039         add_token_u8(err, dev, OPAL_ENDNAME);
2040 }
2041
2042 static void add_boolean_object_ref(int *err,
2043                                    struct opal_dev *dev,
2044                                    u8 boolean_op)
2045 {
2046         add_token_u8(err, dev, OPAL_STARTNAME);
2047         add_token_bytestring(err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
2048                              OPAL_UID_LENGTH/2);
2049         add_token_u8(err, dev, boolean_op);
2050         add_token_u8(err, dev, OPAL_ENDNAME);
2051 }
2052
2053 static int set_lr_boolean_ace(struct opal_dev *dev,
2054                               unsigned int opal_uid,
2055                               u8 lr,
2056                               const u8 *users,
2057                               size_t users_len)
2058 {
2059         u8 lr_buffer[OPAL_UID_LENGTH];
2060         u8 user_uid[OPAL_UID_LENGTH];
2061         u8 u;
2062         int err;
2063
2064         memcpy(lr_buffer, opaluid[opal_uid], OPAL_UID_LENGTH);
2065         lr_buffer[7] = lr;
2066
2067         err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
2068
2069         add_token_u8(&err, dev, OPAL_STARTNAME);
2070         add_token_u8(&err, dev, OPAL_VALUES);
2071
2072         add_token_u8(&err, dev, OPAL_STARTLIST);
2073         add_token_u8(&err, dev, OPAL_STARTNAME);
2074         add_token_u8(&err, dev, 3);
2075
2076         add_token_u8(&err, dev, OPAL_STARTLIST);
2077
2078         for (u = 0; u < users_len; u++) {
2079                 if (users[u] == OPAL_ADMIN1)
2080                         memcpy(user_uid, opaluid[OPAL_ADMIN1_UID],
2081                                OPAL_UID_LENGTH);
2082                 else {
2083                         memcpy(user_uid, opaluid[OPAL_USER1_UID],
2084                                OPAL_UID_LENGTH);
2085                         user_uid[7] = users[u];
2086                 }
2087
2088                 add_authority_object_ref(&err, dev, user_uid, sizeof(user_uid));
2089
2090                 /*
2091                  * Add boolean operator in postfix only with
2092                  * two or more authorities being added in ACE
2093                  * expresion.
2094                  * */
2095                 if (u > 0)
2096                         add_boolean_object_ref(&err, dev, OPAL_BOOLEAN_OR);
2097         }
2098
2099         add_token_u8(&err, dev, OPAL_ENDLIST);
2100         add_token_u8(&err, dev, OPAL_ENDNAME);
2101         add_token_u8(&err, dev, OPAL_ENDLIST);
2102         add_token_u8(&err, dev, OPAL_ENDNAME);
2103
2104         return err;
2105 }
2106
2107 static int add_user_to_lr(struct opal_dev *dev, void *data)
2108 {
2109         int err;
2110         struct opal_lock_unlock *lkul = data;
2111         const u8 users[] = {
2112                 lkul->session.who
2113         };
2114
2115         err = set_lr_boolean_ace(dev,
2116                                  lkul->l_state == OPAL_RW ?
2117                                         OPAL_LOCKINGRANGE_ACE_WRLOCKED :
2118                                         OPAL_LOCKINGRANGE_ACE_RDLOCKED,
2119                                  lkul->session.opal_key.lr, users,
2120                                  ARRAY_SIZE(users));
2121         if (err) {
2122                 pr_debug("Error building add user to locking range command.\n");
2123                 return err;
2124         }
2125
2126         return finalize_and_send(dev, parse_and_check_status);
2127 }
2128
2129 static int add_user_to_lr_ace(struct opal_dev *dev, void *data)
2130 {
2131         int err;
2132         struct opal_lock_unlock *lkul = data;
2133         const u8 users[] = {
2134                 OPAL_ADMIN1,
2135                 lkul->session.who
2136         };
2137
2138         err = set_lr_boolean_ace(dev, OPAL_LOCKINGRANGE_ACE_START_TO_KEY,
2139                                  lkul->session.opal_key.lr, users,
2140                                  ARRAY_SIZE(users));
2141
2142         if (err) {
2143                 pr_debug("Error building add user to locking ranges ACEs.\n");
2144                 return err;
2145         }
2146
2147         return finalize_and_send(dev, parse_and_check_status);
2148 }
2149
2150 static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
2151 {
2152         u8 lr_buffer[OPAL_UID_LENGTH];
2153         struct opal_lock_unlock *lkul = data;
2154         u8 read_locked = 1, write_locked = 1;
2155         int err = 0;
2156
2157         if (build_locking_range(lr_buffer, sizeof(lr_buffer),
2158                                 lkul->session.opal_key.lr) < 0)
2159                 return -ERANGE;
2160
2161         switch (lkul->l_state) {
2162         case OPAL_RO:
2163                 read_locked = 0;
2164                 write_locked = 1;
2165                 break;
2166         case OPAL_RW:
2167                 read_locked = 0;
2168                 write_locked = 0;
2169                 break;
2170         case OPAL_LK:
2171                 /* vars are initialized to locked */
2172                 break;
2173         default:
2174                 pr_debug("Tried to set an invalid locking state... returning to uland\n");
2175                 return OPAL_INVAL_PARAM;
2176         }
2177
2178         err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
2179
2180         add_token_u8(&err, dev, OPAL_STARTNAME);
2181         add_token_u8(&err, dev, OPAL_VALUES);
2182         add_token_u8(&err, dev, OPAL_STARTLIST);
2183
2184         add_token_u8(&err, dev, OPAL_STARTNAME);
2185         add_token_u8(&err, dev, OPAL_READLOCKED);
2186         add_token_u8(&err, dev, read_locked);
2187         add_token_u8(&err, dev, OPAL_ENDNAME);
2188
2189         add_token_u8(&err, dev, OPAL_STARTNAME);
2190         add_token_u8(&err, dev, OPAL_WRITELOCKED);
2191         add_token_u8(&err, dev, write_locked);
2192         add_token_u8(&err, dev, OPAL_ENDNAME);
2193
2194         add_token_u8(&err, dev, OPAL_ENDLIST);
2195         add_token_u8(&err, dev, OPAL_ENDNAME);
2196
2197         if (err) {
2198                 pr_debug("Error building SET command.\n");
2199                 return err;
2200         }
2201
2202         return finalize_and_send(dev, parse_and_check_status);
2203 }
2204
2205
2206 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
2207 {
2208         u8 lr_buffer[OPAL_UID_LENGTH];
2209         u8 read_locked = 1, write_locked = 1;
2210         struct opal_lock_unlock *lkul = data;
2211         int ret;
2212
2213         clear_opal_cmd(dev);
2214         set_comid(dev, dev->comid);
2215
2216         if (build_locking_range(lr_buffer, sizeof(lr_buffer),
2217                                 lkul->session.opal_key.lr) < 0)
2218                 return -ERANGE;
2219
2220         switch (lkul->l_state) {
2221         case OPAL_RO:
2222                 read_locked = 0;
2223                 write_locked = 1;
2224                 break;
2225         case OPAL_RW:
2226                 read_locked = 0;
2227                 write_locked = 0;
2228                 break;
2229         case OPAL_LK:
2230                 /* vars are initialized to locked */
2231                 break;
2232         default:
2233                 pr_debug("Tried to set an invalid locking state.\n");
2234                 return OPAL_INVAL_PARAM;
2235         }
2236         ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
2237                                         read_locked, write_locked);
2238
2239         if (ret < 0) {
2240                 pr_debug("Error building SET command.\n");
2241                 return ret;
2242         }
2243
2244         return finalize_and_send(dev, parse_and_check_status);
2245 }
2246
2247 static int activate_lsp(struct opal_dev *dev, void *data)
2248 {
2249         struct opal_lr_act *opal_act = data;
2250         u8 user_lr[OPAL_UID_LENGTH];
2251         int err, i;
2252
2253         err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
2254                         opalmethod[OPAL_ACTIVATE]);
2255
2256         if (opal_act->sum) {
2257                 err = build_locking_range(user_lr, sizeof(user_lr),
2258                                           opal_act->lr[0]);
2259                 if (err)
2260                         return err;
2261
2262                 add_token_u8(&err, dev, OPAL_STARTNAME);
2263                 add_token_u64(&err, dev, OPAL_SUM_SET_LIST);
2264
2265                 add_token_u8(&err, dev, OPAL_STARTLIST);
2266                 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
2267                 for (i = 1; i < opal_act->num_lrs; i++) {
2268                         user_lr[7] = opal_act->lr[i];
2269                         add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
2270                 }
2271                 add_token_u8(&err, dev, OPAL_ENDLIST);
2272                 add_token_u8(&err, dev, OPAL_ENDNAME);
2273         }
2274
2275         if (err) {
2276                 pr_debug("Error building Activate LockingSP command.\n");
2277                 return err;
2278         }
2279
2280         return finalize_and_send(dev, parse_and_check_status);
2281 }
2282
2283 /* Determine if we're in the Manufactured Inactive or Active state */
2284 static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
2285 {
2286         u8 lc_status;
2287         int err;
2288
2289         err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
2290                                  OPAL_LIFECYCLE);
2291         if (err)
2292                 return err;
2293
2294         lc_status = response_get_u64(&dev->parsed, 4);
2295         /* 0x08 is Manufactured Inactive */
2296         /* 0x09 is Manufactured */
2297         if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
2298                 pr_debug("Couldn't determine the status of the Lifecycle state\n");
2299                 return -ENODEV;
2300         }
2301
2302         return 0;
2303 }
2304
2305 static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
2306 {
2307         const char *msid_pin;
2308         size_t strlen;
2309         int err;
2310
2311         err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
2312         if (err)
2313                 return err;
2314
2315         strlen = response_get_string(&dev->parsed, 4, &msid_pin);
2316         if (!msid_pin) {
2317                 pr_debug("Couldn't extract MSID_CPIN from response\n");
2318                 return OPAL_INVAL_PARAM;
2319         }
2320
2321         dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
2322         if (!dev->prev_data)
2323                 return -ENOMEM;
2324
2325         dev->prev_d_len = strlen;
2326
2327         return 0;
2328 }
2329
2330 static int write_table_data(struct opal_dev *dev, void *data)
2331 {
2332         struct opal_read_write_table *write_tbl = data;
2333
2334         return generic_table_write_data(dev, write_tbl->data, write_tbl->offset,
2335                                         write_tbl->size, write_tbl->table_uid);
2336 }
2337
2338 static int read_table_data_cont(struct opal_dev *dev)
2339 {
2340         int err;
2341         const char *data_read;
2342
2343         err = parse_and_check_status(dev);
2344         if (err)
2345                 return err;
2346
2347         dev->prev_d_len = response_get_string(&dev->parsed, 1, &data_read);
2348         dev->prev_data = (void *)data_read;
2349         if (!dev->prev_data) {
2350                 pr_debug("%s: Couldn't read data from the table.\n", __func__);
2351                 return OPAL_INVAL_PARAM;
2352         }
2353
2354         return 0;
2355 }
2356
2357 /*
2358  * IO_BUFFER_LENGTH = 2048
2359  * sizeof(header) = 56
2360  * No. of Token Bytes in the Response = 11
2361  * MAX size of data that can be carried in response buffer
2362  * at a time is : 2048 - (56 + 11) = 1981 = 0x7BD.
2363  */
2364 #define OPAL_MAX_READ_TABLE (0x7BD)
2365
2366 static int read_table_data(struct opal_dev *dev, void *data)
2367 {
2368         struct opal_read_write_table *read_tbl = data;
2369         int err;
2370         size_t off = 0, max_read_size = OPAL_MAX_READ_TABLE;
2371         u64 table_len, len;
2372         u64 offset = read_tbl->offset, read_size = read_tbl->size - 1;
2373         u8 __user *dst;
2374
2375         err = generic_get_table_info(dev, read_tbl->table_uid, OPAL_TABLE_ROWS);
2376         if (err) {
2377                 pr_debug("Couldn't get the table size\n");
2378                 return err;
2379         }
2380
2381         table_len = response_get_u64(&dev->parsed, 4);
2382
2383         /* Check if the user is trying to read from the table limits */
2384         if (read_size > table_len || offset > table_len - read_size) {
2385                 pr_debug("Read size exceeds the Table size limits (%llu vs. %llu)\n",
2386                           offset + read_size, table_len);
2387                 return -EINVAL;
2388         }
2389
2390         while (off < read_size) {
2391                 err = cmd_start(dev, read_tbl->table_uid, opalmethod[OPAL_GET]);
2392
2393                 add_token_u8(&err, dev, OPAL_STARTLIST);
2394                 add_token_u8(&err, dev, OPAL_STARTNAME);
2395                 add_token_u8(&err, dev, OPAL_STARTROW);
2396                 add_token_u64(&err, dev, offset + off); /* start row value */
2397                 add_token_u8(&err, dev, OPAL_ENDNAME);
2398
2399                 add_token_u8(&err, dev, OPAL_STARTNAME);
2400                 add_token_u8(&err, dev, OPAL_ENDROW);
2401
2402                 len = min(max_read_size, (size_t)(read_size - off));
2403                 add_token_u64(&err, dev, offset + off + len); /* end row value
2404                                                                */
2405                 add_token_u8(&err, dev, OPAL_ENDNAME);
2406                 add_token_u8(&err, dev, OPAL_ENDLIST);
2407
2408                 if (err) {
2409                         pr_debug("Error building read table data command.\n");
2410                         break;
2411                 }
2412
2413                 err = finalize_and_send(dev, read_table_data_cont);
2414                 if (err)
2415                         break;
2416
2417                 /* len+1: This includes the NULL terminator at the end*/
2418                 if (dev->prev_d_len > len + 1) {
2419                         err = -EOVERFLOW;
2420                         break;
2421                 }
2422
2423                 dst = (u8 __user *)(uintptr_t)read_tbl->data;
2424                 if (copy_to_user(dst + off, dev->prev_data, dev->prev_d_len)) {
2425                         pr_debug("Error copying data to userspace\n");
2426                         err = -EFAULT;
2427                         break;
2428                 }
2429                 dev->prev_data = NULL;
2430
2431                 off += len;
2432         }
2433
2434         return err;
2435 }
2436
2437 static int end_opal_session(struct opal_dev *dev, void *data)
2438 {
2439         int err = 0;
2440
2441         clear_opal_cmd(dev);
2442         set_comid(dev, dev->comid);
2443         add_token_u8(&err, dev, OPAL_ENDOFSESSION);
2444
2445         if (err < 0)
2446                 return err;
2447
2448         return finalize_and_send(dev, end_session_cont);
2449 }
2450
2451 static int end_opal_session_error(struct opal_dev *dev)
2452 {
2453         const struct opal_step error_end_session = {
2454                 end_opal_session,
2455         };
2456
2457         return execute_step(dev, &error_end_session, 0);
2458 }
2459
2460 static inline void setup_opal_dev(struct opal_dev *dev)
2461 {
2462         dev->tsn = 0;
2463         dev->hsn = 0;
2464         dev->prev_data = NULL;
2465 }
2466
2467 static int check_opal_support(struct opal_dev *dev)
2468 {
2469         int ret;
2470
2471         mutex_lock(&dev->dev_lock);
2472         setup_opal_dev(dev);
2473         ret = opal_discovery0_step(dev);
2474         if (!ret)
2475                 dev->flags |= OPAL_FL_SUPPORTED;
2476         mutex_unlock(&dev->dev_lock);
2477
2478         return ret;
2479 }
2480
2481 static void clean_opal_dev(struct opal_dev *dev)
2482 {
2483
2484         struct opal_suspend_data *suspend, *next;
2485
2486         mutex_lock(&dev->dev_lock);
2487         list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2488                 list_del(&suspend->node);
2489                 kfree(suspend);
2490         }
2491         mutex_unlock(&dev->dev_lock);
2492 }
2493
2494 void free_opal_dev(struct opal_dev *dev)
2495 {
2496         if (!dev)
2497                 return;
2498
2499         clean_opal_dev(dev);
2500         kfree(dev->resp);
2501         kfree(dev->cmd);
2502         kfree(dev);
2503 }
2504 EXPORT_SYMBOL(free_opal_dev);
2505
2506 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2507 {
2508         struct opal_dev *dev;
2509
2510         dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2511         if (!dev)
2512                 return NULL;
2513
2514         /*
2515          * Presumably DMA-able buffers must be cache-aligned. Kmalloc makes
2516          * sure the allocated buffer is DMA-safe in that regard.
2517          */
2518         dev->cmd = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2519         if (!dev->cmd)
2520                 goto err_free_dev;
2521
2522         dev->resp = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2523         if (!dev->resp)
2524                 goto err_free_cmd;
2525
2526         INIT_LIST_HEAD(&dev->unlk_lst);
2527         mutex_init(&dev->dev_lock);
2528         dev->flags = 0;
2529         dev->data = data;
2530         dev->send_recv = send_recv;
2531         if (check_opal_support(dev) != 0) {
2532                 pr_debug("Opal is not supported on this device\n");
2533                 goto err_free_resp;
2534         }
2535
2536         return dev;
2537
2538 err_free_resp:
2539         kfree(dev->resp);
2540
2541 err_free_cmd:
2542         kfree(dev->cmd);
2543
2544 err_free_dev:
2545         kfree(dev);
2546
2547         return NULL;
2548 }
2549 EXPORT_SYMBOL(init_opal_dev);
2550
2551 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2552                                            struct opal_session_info *opal_session)
2553 {
2554         const struct opal_step erase_steps[] = {
2555                 { start_auth_opal_session, opal_session },
2556                 { get_active_key, &opal_session->opal_key.lr },
2557                 { gen_key, },
2558                 { end_opal_session, }
2559         };
2560         int ret;
2561
2562         ret = opal_get_key(dev, &opal_session->opal_key);
2563         if (ret)
2564                 return ret;
2565         mutex_lock(&dev->dev_lock);
2566         setup_opal_dev(dev);
2567         ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2568         mutex_unlock(&dev->dev_lock);
2569
2570         return ret;
2571 }
2572
2573 static int opal_get_discv(struct opal_dev *dev, struct opal_discovery *discv)
2574 {
2575         const struct opal_step discovery0_step = {
2576                 opal_discovery0, discv
2577         };
2578         int ret = 0;
2579
2580         mutex_lock(&dev->dev_lock);
2581         setup_opal_dev(dev);
2582         ret = execute_step(dev, &discovery0_step, 0);
2583         mutex_unlock(&dev->dev_lock);
2584         if (ret)
2585                 return ret;
2586         return discv->size; /* modified to actual length of data */
2587 }
2588
2589 static int opal_revertlsp(struct opal_dev *dev, struct opal_revert_lsp *rev)
2590 {
2591         /* controller will terminate session */
2592         const struct opal_step steps[] = {
2593                 { start_admin1LSP_opal_session, &rev->key },
2594                 { revert_lsp, rev }
2595         };
2596         int ret;
2597
2598         ret = opal_get_key(dev, &rev->key);
2599         if (ret)
2600                 return ret;
2601         mutex_lock(&dev->dev_lock);
2602         setup_opal_dev(dev);
2603         ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2604         mutex_unlock(&dev->dev_lock);
2605
2606         return ret;
2607 }
2608
2609 static int opal_erase_locking_range(struct opal_dev *dev,
2610                                     struct opal_session_info *opal_session)
2611 {
2612         const struct opal_step erase_steps[] = {
2613                 { start_auth_opal_session, opal_session },
2614                 { erase_locking_range, opal_session },
2615                 { end_opal_session, }
2616         };
2617         int ret;
2618
2619         ret = opal_get_key(dev, &opal_session->opal_key);
2620         if (ret)
2621                 return ret;
2622         mutex_lock(&dev->dev_lock);
2623         setup_opal_dev(dev);
2624         ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2625         mutex_unlock(&dev->dev_lock);
2626
2627         return ret;
2628 }
2629
2630 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2631                                           struct opal_mbr_data *opal_mbr)
2632 {
2633         u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
2634                 OPAL_TRUE : OPAL_FALSE;
2635
2636         const struct opal_step mbr_steps[] = {
2637                 { start_admin1LSP_opal_session, &opal_mbr->key },
2638                 { set_mbr_done, &enable_disable },
2639                 { end_opal_session, },
2640                 { start_admin1LSP_opal_session, &opal_mbr->key },
2641                 { set_mbr_enable_disable, &enable_disable },
2642                 { end_opal_session, }
2643         };
2644         int ret;
2645
2646         if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2647             opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2648                 return -EINVAL;
2649
2650         ret = opal_get_key(dev, &opal_mbr->key);
2651         if (ret)
2652                 return ret;
2653         mutex_lock(&dev->dev_lock);
2654         setup_opal_dev(dev);
2655         ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2656         mutex_unlock(&dev->dev_lock);
2657
2658         return ret;
2659 }
2660
2661 static int opal_set_mbr_done(struct opal_dev *dev,
2662                              struct opal_mbr_done *mbr_done)
2663 {
2664         u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ?
2665                 OPAL_TRUE : OPAL_FALSE;
2666
2667         const struct opal_step mbr_steps[] = {
2668                 { start_admin1LSP_opal_session, &mbr_done->key },
2669                 { set_mbr_done, &mbr_done_tf },
2670                 { end_opal_session, }
2671         };
2672         int ret;
2673
2674         if (mbr_done->done_flag != OPAL_MBR_DONE &&
2675             mbr_done->done_flag != OPAL_MBR_NOT_DONE)
2676                 return -EINVAL;
2677
2678         ret = opal_get_key(dev, &mbr_done->key);
2679         if (ret)
2680                 return ret;
2681         mutex_lock(&dev->dev_lock);
2682         setup_opal_dev(dev);
2683         ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2684         mutex_unlock(&dev->dev_lock);
2685
2686         return ret;
2687 }
2688
2689 static int opal_write_shadow_mbr(struct opal_dev *dev,
2690                                  struct opal_shadow_mbr *info)
2691 {
2692         const struct opal_step mbr_steps[] = {
2693                 { start_admin1LSP_opal_session, &info->key },
2694                 { write_shadow_mbr, info },
2695                 { end_opal_session, }
2696         };
2697         int ret;
2698
2699         if (info->size == 0)
2700                 return 0;
2701
2702         ret = opal_get_key(dev, &info->key);
2703         if (ret)
2704                 return ret;
2705         mutex_lock(&dev->dev_lock);
2706         setup_opal_dev(dev);
2707         ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2708         mutex_unlock(&dev->dev_lock);
2709
2710         return ret;
2711 }
2712
2713 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2714 {
2715         struct opal_suspend_data *suspend;
2716
2717         suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2718         if (!suspend)
2719                 return -ENOMEM;
2720
2721         suspend->unlk = *lk_unlk;
2722         suspend->lr = lk_unlk->session.opal_key.lr;
2723
2724         mutex_lock(&dev->dev_lock);
2725         setup_opal_dev(dev);
2726         add_suspend_info(dev, suspend);
2727         mutex_unlock(&dev->dev_lock);
2728
2729         return 0;
2730 }
2731
2732 static int opal_add_user_to_lr(struct opal_dev *dev,
2733                                struct opal_lock_unlock *lk_unlk)
2734 {
2735         const struct opal_step steps[] = {
2736                 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2737                 { add_user_to_lr, lk_unlk },
2738                 { add_user_to_lr_ace, lk_unlk },
2739                 { end_opal_session, }
2740         };
2741         int ret;
2742
2743         if (lk_unlk->l_state != OPAL_RO &&
2744             lk_unlk->l_state != OPAL_RW) {
2745                 pr_debug("Locking state was not RO or RW\n");
2746                 return -EINVAL;
2747         }
2748
2749         if (lk_unlk->session.who < OPAL_USER1 ||
2750             lk_unlk->session.who > OPAL_USER9) {
2751                 pr_debug("Authority was not within the range of users: %d\n",
2752                          lk_unlk->session.who);
2753                 return -EINVAL;
2754         }
2755
2756         if (lk_unlk->session.sum) {
2757                 pr_debug("%s not supported in sum. Use setup locking range\n",
2758                          __func__);
2759                 return -EINVAL;
2760         }
2761
2762         ret = opal_get_key(dev, &lk_unlk->session.opal_key);
2763         if (ret)
2764                 return ret;
2765         mutex_lock(&dev->dev_lock);
2766         setup_opal_dev(dev);
2767         ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2768         mutex_unlock(&dev->dev_lock);
2769
2770         return ret;
2771 }
2772
2773 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid)
2774 {
2775         /* controller will terminate session */
2776         const struct opal_step revert_steps[] = {
2777                 { start_SIDASP_opal_session, opal },
2778                 { revert_tper, }
2779         };
2780         const struct opal_step psid_revert_steps[] = {
2781                 { start_PSID_opal_session, opal },
2782                 { revert_tper, }
2783         };
2784
2785         int ret;
2786
2787         ret = opal_get_key(dev, opal);
2788
2789         if (ret)
2790                 return ret;
2791         mutex_lock(&dev->dev_lock);
2792         setup_opal_dev(dev);
2793         if (psid)
2794                 ret = execute_steps(dev, psid_revert_steps,
2795                                     ARRAY_SIZE(psid_revert_steps));
2796         else
2797                 ret = execute_steps(dev, revert_steps,
2798                                     ARRAY_SIZE(revert_steps));
2799         mutex_unlock(&dev->dev_lock);
2800
2801         /*
2802          * If we successfully reverted lets clean
2803          * any saved locking ranges.
2804          */
2805         if (!ret)
2806                 clean_opal_dev(dev);
2807
2808         return ret;
2809 }
2810
2811 static int __opal_lock_unlock(struct opal_dev *dev,
2812                               struct opal_lock_unlock *lk_unlk)
2813 {
2814         const struct opal_step unlock_steps[] = {
2815                 { start_auth_opal_session, &lk_unlk->session },
2816                 { lock_unlock_locking_range, lk_unlk },
2817                 { end_opal_session, }
2818         };
2819         const struct opal_step unlock_sum_steps[] = {
2820                 { start_auth_opal_session, &lk_unlk->session },
2821                 { lock_unlock_locking_range_sum, lk_unlk },
2822                 { end_opal_session, }
2823         };
2824
2825         if (lk_unlk->session.sum)
2826                 return execute_steps(dev, unlock_sum_steps,
2827                                      ARRAY_SIZE(unlock_sum_steps));
2828         else
2829                 return execute_steps(dev, unlock_steps,
2830                                      ARRAY_SIZE(unlock_steps));
2831 }
2832
2833 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2834 {
2835         u8 mbr_done_tf = OPAL_TRUE;
2836         const struct opal_step mbrdone_step[] = {
2837                 { start_admin1LSP_opal_session, key },
2838                 { set_mbr_done, &mbr_done_tf },
2839                 { end_opal_session, }
2840         };
2841
2842         return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2843 }
2844
2845 static void opal_lock_check_for_saved_key(struct opal_dev *dev,
2846                             struct opal_lock_unlock *lk_unlk)
2847 {
2848         struct opal_suspend_data *iter;
2849
2850         if (lk_unlk->l_state != OPAL_LK ||
2851                         lk_unlk->session.opal_key.key_len > 0)
2852                 return;
2853
2854         /*
2855          * Usually when closing a crypto device (eg: dm-crypt with LUKS) the
2856          * volume key is not required, as it requires root privileges anyway,
2857          * and root can deny access to a disk in many ways regardless.
2858          * Requiring the volume key to lock the device is a peculiarity of the
2859          * OPAL specification. Given we might already have saved the key if
2860          * the user requested it via the 'IOC_OPAL_SAVE' ioctl, we can use
2861          * that key to lock the device if no key was provided here, the
2862          * locking range matches and the appropriate flag was passed with
2863          * 'IOC_OPAL_SAVE'.
2864          * This allows integrating OPAL with tools and libraries that are used
2865          * to the common behaviour and do not ask for the volume key when
2866          * closing a device.
2867          */
2868         setup_opal_dev(dev);
2869         list_for_each_entry(iter, &dev->unlk_lst, node) {
2870                 if ((iter->unlk.flags & OPAL_SAVE_FOR_LOCK) &&
2871                                 iter->lr == lk_unlk->session.opal_key.lr &&
2872                                 iter->unlk.session.opal_key.key_len > 0) {
2873                         lk_unlk->session.opal_key.key_len =
2874                                 iter->unlk.session.opal_key.key_len;
2875                         memcpy(lk_unlk->session.opal_key.key,
2876                                 iter->unlk.session.opal_key.key,
2877                                 iter->unlk.session.opal_key.key_len);
2878                         break;
2879                 }
2880         }
2881 }
2882
2883 static int opal_lock_unlock(struct opal_dev *dev,
2884                             struct opal_lock_unlock *lk_unlk)
2885 {
2886         int ret;
2887
2888         if (lk_unlk->session.who > OPAL_USER9)
2889                 return -EINVAL;
2890
2891         mutex_lock(&dev->dev_lock);
2892         opal_lock_check_for_saved_key(dev, lk_unlk);
2893         ret = opal_get_key(dev, &lk_unlk->session.opal_key);
2894         if (!ret)
2895                 ret = __opal_lock_unlock(dev, lk_unlk);
2896         mutex_unlock(&dev->dev_lock);
2897
2898         return ret;
2899 }
2900
2901 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2902 {
2903         const struct opal_step owner_steps[] = {
2904                 { start_anybodyASP_opal_session, },
2905                 { get_msid_cpin_pin, },
2906                 { end_opal_session, },
2907                 { start_SIDASP_opal_session, opal },
2908                 { set_sid_cpin_pin, opal },
2909                 { end_opal_session, }
2910         };
2911         int ret;
2912
2913         if (!dev)
2914                 return -ENODEV;
2915
2916         ret = opal_get_key(dev, opal);
2917         if (ret)
2918                 return ret;
2919         mutex_lock(&dev->dev_lock);
2920         setup_opal_dev(dev);
2921         ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2922         mutex_unlock(&dev->dev_lock);
2923
2924         return ret;
2925 }
2926
2927 static int opal_activate_lsp(struct opal_dev *dev,
2928                              struct opal_lr_act *opal_lr_act)
2929 {
2930         const struct opal_step active_steps[] = {
2931                 { start_SIDASP_opal_session, &opal_lr_act->key },
2932                 { get_lsp_lifecycle, },
2933                 { activate_lsp, opal_lr_act },
2934                 { end_opal_session, }
2935         };
2936         int ret;
2937
2938         if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2939                 return -EINVAL;
2940
2941         ret = opal_get_key(dev, &opal_lr_act->key);
2942         if (ret)
2943                 return ret;
2944         mutex_lock(&dev->dev_lock);
2945         setup_opal_dev(dev);
2946         ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2947         mutex_unlock(&dev->dev_lock);
2948
2949         return ret;
2950 }
2951
2952 static int opal_setup_locking_range(struct opal_dev *dev,
2953                                     struct opal_user_lr_setup *opal_lrs)
2954 {
2955         const struct opal_step lr_steps[] = {
2956                 { start_auth_opal_session, &opal_lrs->session },
2957                 { setup_locking_range, opal_lrs },
2958                 { end_opal_session, }
2959         };
2960         int ret;
2961
2962         ret = opal_get_key(dev, &opal_lrs->session.opal_key);
2963         if (ret)
2964                 return ret;
2965         mutex_lock(&dev->dev_lock);
2966         setup_opal_dev(dev);
2967         ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2968         mutex_unlock(&dev->dev_lock);
2969
2970         return ret;
2971 }
2972
2973 static int opal_locking_range_status(struct opal_dev *dev,
2974                           struct opal_lr_status *opal_lrst,
2975                           void __user *data)
2976 {
2977         const struct opal_step lr_steps[] = {
2978                 { start_auth_opal_session, &opal_lrst->session },
2979                 { locking_range_status, opal_lrst },
2980                 { end_opal_session, }
2981         };
2982         int ret;
2983
2984         mutex_lock(&dev->dev_lock);
2985         setup_opal_dev(dev);
2986         ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2987         mutex_unlock(&dev->dev_lock);
2988
2989         /* skip session info when copying back to uspace */
2990         if (!ret && copy_to_user(data + offsetof(struct opal_lr_status, range_start),
2991                                 (void *)opal_lrst + offsetof(struct opal_lr_status, range_start),
2992                                 sizeof(*opal_lrst) - offsetof(struct opal_lr_status, range_start))) {
2993                 pr_debug("Error copying status to userspace\n");
2994                 return -EFAULT;
2995         }
2996
2997         return ret;
2998 }
2999
3000 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
3001 {
3002         const struct opal_step pw_steps[] = {
3003                 { start_auth_opal_session, &opal_pw->session },
3004                 { set_new_pw, &opal_pw->new_user_pw },
3005                 { end_opal_session, }
3006         };
3007         int ret;
3008
3009         if (opal_pw->session.who > OPAL_USER9  ||
3010             opal_pw->new_user_pw.who > OPAL_USER9)
3011                 return -EINVAL;
3012
3013         mutex_lock(&dev->dev_lock);
3014         setup_opal_dev(dev);
3015         ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
3016         mutex_unlock(&dev->dev_lock);
3017
3018         if (ret)
3019                 return ret;
3020
3021         /* update keyring with new password */
3022         ret = update_sed_opal_key(OPAL_AUTH_KEY,
3023                                   opal_pw->new_user_pw.opal_key.key,
3024                                   opal_pw->new_user_pw.opal_key.key_len);
3025
3026         return ret;
3027 }
3028
3029 static int opal_activate_user(struct opal_dev *dev,
3030                               struct opal_session_info *opal_session)
3031 {
3032         const struct opal_step act_steps[] = {
3033                 { start_admin1LSP_opal_session, &opal_session->opal_key },
3034                 { internal_activate_user, opal_session },
3035                 { end_opal_session, }
3036         };
3037         int ret;
3038
3039         /* We can't activate Admin1 it's active as manufactured */
3040         if (opal_session->who < OPAL_USER1 ||
3041             opal_session->who > OPAL_USER9) {
3042                 pr_debug("Who was not a valid user: %d\n", opal_session->who);
3043                 return -EINVAL;
3044         }
3045
3046         ret = opal_get_key(dev, &opal_session->opal_key);
3047         if (ret)
3048                 return ret;
3049         mutex_lock(&dev->dev_lock);
3050         setup_opal_dev(dev);
3051         ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
3052         mutex_unlock(&dev->dev_lock);
3053
3054         return ret;
3055 }
3056
3057 bool opal_unlock_from_suspend(struct opal_dev *dev)
3058 {
3059         struct opal_suspend_data *suspend;
3060         bool was_failure = false;
3061         int ret = 0;
3062
3063         if (!dev)
3064                 return false;
3065
3066         if (!(dev->flags & OPAL_FL_SUPPORTED))
3067                 return false;
3068
3069         mutex_lock(&dev->dev_lock);
3070         setup_opal_dev(dev);
3071
3072         list_for_each_entry(suspend, &dev->unlk_lst, node) {
3073                 dev->tsn = 0;
3074                 dev->hsn = 0;
3075
3076                 ret = __opal_lock_unlock(dev, &suspend->unlk);
3077                 if (ret) {
3078                         pr_debug("Failed to unlock LR %hhu with sum %d\n",
3079                                  suspend->unlk.session.opal_key.lr,
3080                                  suspend->unlk.session.sum);
3081                         was_failure = true;
3082                 }
3083
3084                 if (dev->flags & OPAL_FL_MBR_ENABLED) {
3085                         ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
3086                         if (ret)
3087                                 pr_debug("Failed to set MBR Done in S3 resume\n");
3088                 }
3089         }
3090         mutex_unlock(&dev->dev_lock);
3091
3092         return was_failure;
3093 }
3094 EXPORT_SYMBOL(opal_unlock_from_suspend);
3095
3096 static int opal_read_table(struct opal_dev *dev,
3097                            struct opal_read_write_table *rw_tbl)
3098 {
3099         const struct opal_step read_table_steps[] = {
3100                 { start_admin1LSP_opal_session, &rw_tbl->key },
3101                 { read_table_data, rw_tbl },
3102                 { end_opal_session, }
3103         };
3104         int ret = 0;
3105
3106         if (!rw_tbl->size)
3107                 return ret;
3108
3109         return execute_steps(dev, read_table_steps,
3110                              ARRAY_SIZE(read_table_steps));
3111 }
3112
3113 static int opal_write_table(struct opal_dev *dev,
3114                             struct opal_read_write_table *rw_tbl)
3115 {
3116         const struct opal_step write_table_steps[] = {
3117                 { start_admin1LSP_opal_session, &rw_tbl->key },
3118                 { write_table_data, rw_tbl },
3119                 { end_opal_session, }
3120         };
3121         int ret = 0;
3122
3123         if (!rw_tbl->size)
3124                 return ret;
3125
3126         return execute_steps(dev, write_table_steps,
3127                              ARRAY_SIZE(write_table_steps));
3128 }
3129
3130 static int opal_generic_read_write_table(struct opal_dev *dev,
3131                                          struct opal_read_write_table *rw_tbl)
3132 {
3133         int ret, bit_set;
3134
3135         ret = opal_get_key(dev, &rw_tbl->key);
3136         if (ret)
3137                 return ret;
3138         mutex_lock(&dev->dev_lock);
3139         setup_opal_dev(dev);
3140
3141         bit_set = fls64(rw_tbl->flags) - 1;
3142         switch (bit_set) {
3143         case OPAL_READ_TABLE:
3144                 ret = opal_read_table(dev, rw_tbl);
3145                 break;
3146         case OPAL_WRITE_TABLE:
3147                 ret = opal_write_table(dev, rw_tbl);
3148                 break;
3149         default:
3150                 pr_debug("Invalid bit set in the flag (%016llx).\n",
3151                          rw_tbl->flags);
3152                 ret = -EINVAL;
3153                 break;
3154         }
3155
3156         mutex_unlock(&dev->dev_lock);
3157
3158         return ret;
3159 }
3160
3161 static int opal_get_status(struct opal_dev *dev, void __user *data)
3162 {
3163         struct opal_status sts = {0};
3164
3165         /*
3166          * check_opal_support() error is not fatal,
3167          * !dev->supported is a valid condition
3168          */
3169         if (!check_opal_support(dev))
3170                 sts.flags = dev->flags;
3171         if (copy_to_user(data, &sts, sizeof(sts))) {
3172                 pr_debug("Error copying status to userspace\n");
3173                 return -EFAULT;
3174         }
3175         return 0;
3176 }
3177
3178 static int opal_get_geometry(struct opal_dev *dev, void __user *data)
3179 {
3180         struct opal_geometry geo = {0};
3181
3182         if (check_opal_support(dev))
3183                 return -EINVAL;
3184
3185         geo.align = dev->align_required;
3186         geo.logical_block_size = dev->logical_block_size;
3187         geo.alignment_granularity =  dev->align;
3188         geo.lowest_aligned_lba = dev->lowest_lba;
3189
3190         if (copy_to_user(data, &geo, sizeof(geo))) {
3191                 pr_debug("Error copying geometry data to userspace\n");
3192                 return -EFAULT;
3193         }
3194
3195         return 0;
3196 }
3197
3198 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
3199 {
3200         void *p;
3201         int ret = -ENOTTY;
3202
3203         if (!capable(CAP_SYS_ADMIN))
3204                 return -EACCES;
3205         if (!dev)
3206                 return -EOPNOTSUPP;
3207         if (!(dev->flags & OPAL_FL_SUPPORTED))
3208                 return -EOPNOTSUPP;
3209
3210         if (cmd & IOC_IN) {
3211                 p = memdup_user(arg, _IOC_SIZE(cmd));
3212                 if (IS_ERR(p))
3213                         return PTR_ERR(p);
3214         }
3215
3216         switch (cmd) {
3217         case IOC_OPAL_SAVE:
3218                 ret = opal_save(dev, p);
3219                 break;
3220         case IOC_OPAL_LOCK_UNLOCK:
3221                 ret = opal_lock_unlock(dev, p);
3222                 break;
3223         case IOC_OPAL_TAKE_OWNERSHIP:
3224                 ret = opal_take_ownership(dev, p);
3225                 break;
3226         case IOC_OPAL_ACTIVATE_LSP:
3227                 ret = opal_activate_lsp(dev, p);
3228                 break;
3229         case IOC_OPAL_SET_PW:
3230                 ret = opal_set_new_pw(dev, p);
3231                 break;
3232         case IOC_OPAL_ACTIVATE_USR:
3233                 ret = opal_activate_user(dev, p);
3234                 break;
3235         case IOC_OPAL_REVERT_TPR:
3236                 ret = opal_reverttper(dev, p, false);
3237                 break;
3238         case IOC_OPAL_LR_SETUP:
3239                 ret = opal_setup_locking_range(dev, p);
3240                 break;
3241         case IOC_OPAL_ADD_USR_TO_LR:
3242                 ret = opal_add_user_to_lr(dev, p);
3243                 break;
3244         case IOC_OPAL_ENABLE_DISABLE_MBR:
3245                 ret = opal_enable_disable_shadow_mbr(dev, p);
3246                 break;
3247         case IOC_OPAL_MBR_DONE:
3248                 ret = opal_set_mbr_done(dev, p);
3249                 break;
3250         case IOC_OPAL_WRITE_SHADOW_MBR:
3251                 ret = opal_write_shadow_mbr(dev, p);
3252                 break;
3253         case IOC_OPAL_ERASE_LR:
3254                 ret = opal_erase_locking_range(dev, p);
3255                 break;
3256         case IOC_OPAL_SECURE_ERASE_LR:
3257                 ret = opal_secure_erase_locking_range(dev, p);
3258                 break;
3259         case IOC_OPAL_PSID_REVERT_TPR:
3260                 ret = opal_reverttper(dev, p, true);
3261                 break;
3262         case IOC_OPAL_GENERIC_TABLE_RW:
3263                 ret = opal_generic_read_write_table(dev, p);
3264                 break;
3265         case IOC_OPAL_GET_STATUS:
3266                 ret = opal_get_status(dev, arg);
3267                 break;
3268         case IOC_OPAL_GET_LR_STATUS:
3269                 ret = opal_locking_range_status(dev, p, arg);
3270                 break;
3271         case IOC_OPAL_GET_GEOMETRY:
3272                 ret = opal_get_geometry(dev, arg);
3273                 break;
3274         case IOC_OPAL_REVERT_LSP:
3275                 ret = opal_revertlsp(dev, p);
3276                 break;
3277         case IOC_OPAL_DISCOVERY:
3278                 ret = opal_get_discv(dev, p);
3279                 break;
3280
3281         default:
3282                 break;
3283         }
3284
3285         if (cmd & IOC_IN)
3286                 kfree(p);
3287         return ret;
3288 }
3289 EXPORT_SYMBOL_GPL(sed_ioctl);
3290
3291 static int __init sed_opal_init(void)
3292 {
3293         struct key *kr;
3294
3295         kr = keyring_alloc(".sed_opal",
3296                            GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
3297                            (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
3298                            KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE,
3299                            KEY_ALLOC_NOT_IN_QUOTA,
3300                            NULL, NULL);
3301         if (IS_ERR(kr))
3302                 return PTR_ERR(kr);
3303
3304         sed_opal_keyring = kr;
3305
3306         return 0;
3307 }
3308 late_initcall(sed_opal_init);