block/sed-opal.c

   1 /*
   2  * Copyright © 2016 Intel Corporation
   3  *
   4  * Authors:
   5  *    Scott  Bauer      <scott.bauer@intel.com>
   6  *    Rafael Antognolli <rafael.antognolli@intel.com>
   7  *
   8  * This program is free software; you can redistribute it and/or modify it
   9  * under the terms and conditions of the GNU General Public License,
  10  * version 2, as published by the Free Software Foundation.
  11  *
  12  * This program is distributed in the hope it will be useful, but WITHOUT
  13  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  14  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
  15  * more details.
  16  */
  17
  18 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
  19
  20 #include <linux/delay.h>
  21 #include <linux/device.h>
  22 #include <linux/kernel.h>
  23 #include <linux/list.h>
  24 #include <linux/genhd.h>
  25 #include <linux/slab.h>
  26 #include <linux/uaccess.h>
  27 #include <uapi/linux/sed-opal.h>
  28 #include <linux/sed-opal.h>
  29 #include <linux/string.h>
  30 #include <linux/kdev_t.h>
  31
  32 #include "opal_proto.h"
  33
  34 #define IO_BUFFER_LENGTH 2048
  35 #define MAX_TOKS 64
  36
  37 typedef int (*opal_step)(struct opal_dev *dev);
  38
  39 enum opal_atom_width {
  40         OPAL_WIDTH_TINY,
  41         OPAL_WIDTH_SHORT,
  42         OPAL_WIDTH_MEDIUM,
  43         OPAL_WIDTH_LONG,
  44         OPAL_WIDTH_TOKEN
  45 };
  46
  47 /*
  48  * On the parsed response, we don't store again the toks that are already
  49  * stored in the response buffer. Instead, for each token, we just store a
  50  * pointer to the position in the buffer where the token starts, and the size
  51  * of the token in bytes.
  52  */
  53 struct opal_resp_tok {
  54         const u8 *pos;
  55         size_t len;
  56         enum opal_response_token type;
  57         enum opal_atom_width width;
  58         union {
  59                 u64 u;
  60                 s64 s;
  61         } stored;
  62 };
  63
  64 /*
  65  * From the response header it's not possible to know how many tokens there are
  66  * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
  67  * if we start dealing with messages that have more than that, we can increase
  68  * this number. This is done to avoid having to make two passes through the
  69  * response, the first one counting how many tokens we have and the second one
  70  * actually storing the positions.
  71  */
  72 struct parsed_resp {
  73         int num;
  74         struct opal_resp_tok toks[MAX_TOKS];
  75 };
  76
  77 struct opal_dev {
  78         bool supported;
  79
  80         void *data;
  81         sec_send_recv *send_recv;
  82
  83         const opal_step *funcs;
  84         void **func_data;
  85         int state;
  86         struct mutex dev_lock;
  87         u16 comid;
  88         u32 hsn;
  89         u32 tsn;
  90         u64 align;
  91         u64 lowest_lba;
  92
  93         size_t pos;
  94         u8 cmd[IO_BUFFER_LENGTH];
  95         u8 resp[IO_BUFFER_LENGTH];
  96
  97         struct parsed_resp parsed;
  98         size_t prev_d_len;
  99         void *prev_data;
 100
 101         struct list_head unlk_lst;
 102 };
 103
 104
 105 static const u8 opaluid[][OPAL_UID_LENGTH] = {
 106         /* users */
 107         [OPAL_SMUID_UID] =
 108                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
 109         [OPAL_THISSP_UID] =
 110                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
 111         [OPAL_ADMINSP_UID] =
 112                 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
 113         [OPAL_LOCKINGSP_UID] =
 114                 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
 115         [OPAL_ENTERPRISE_LOCKINGSP_UID] =
 116                 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
 117         [OPAL_ANYBODY_UID] =
 118                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
 119         [OPAL_SID_UID] =
 120                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
 121         [OPAL_ADMIN1_UID] =
 122                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
 123         [OPAL_USER1_UID] =
 124                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
 125         [OPAL_USER2_UID] =
 126                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
 127         [OPAL_PSID_UID] =
 128                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
 129         [OPAL_ENTERPRISE_BANDMASTER0_UID] =
 130                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
 131         [OPAL_ENTERPRISE_ERASEMASTER_UID] =
 132                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
 133
 134         /* tables */
 135
 136         [OPAL_LOCKINGRANGE_GLOBAL] =
 137                 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
 138         [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
 139                 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
 140         [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
 141                 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
 142         [OPAL_MBRCONTROL] =
 143                 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
 144         [OPAL_MBR] =
 145                 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
 146         [OPAL_AUTHORITY_TABLE] =
 147                 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
 148         [OPAL_C_PIN_TABLE] =
 149                 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
 150         [OPAL_LOCKING_INFO_TABLE] =
 151                 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
 152         [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
 153                 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
 154
 155         /* C_PIN_TABLE object ID's */
 156
 157         [OPAL_C_PIN_MSID] =
 158                 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
 159         [OPAL_C_PIN_SID] =
 160                 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
 161         [OPAL_C_PIN_ADMIN1] =
 162                 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
 163
 164         /* half UID's (only first 4 bytes used) */
 165
 166         [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
 167                 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
 168         [OPAL_HALF_UID_BOOLEAN_ACE] =
 169                 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
 170
 171         /* special value for omitted optional parameter */
 172         [OPAL_UID_HEXFF] =
 173                 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
 174 };
 175
 176 /*
 177  * TCG Storage SSC Methods.
 178  * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
 179  * Section: 6.3 Assigned UIDs
 180  */
 181 static const u8 opalmethod[][OPAL_UID_LENGTH] = {
 182         [OPAL_PROPERTIES] =
 183                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
 184         [OPAL_STARTSESSION] =
 185                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
 186         [OPAL_REVERT] =
 187                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
 188         [OPAL_ACTIVATE] =
 189                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
 190         [OPAL_EGET] =
 191                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
 192         [OPAL_ESET] =
 193                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
 194         [OPAL_NEXT] =
 195                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
 196         [OPAL_EAUTHENTICATE] =
 197                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
 198         [OPAL_GETACL] =
 199                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
 200         [OPAL_GENKEY] =
 201                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
 202         [OPAL_REVERTSP] =
 203                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
 204         [OPAL_GET] =
 205                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
 206         [OPAL_SET] =
 207                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
 208         [OPAL_AUTHENTICATE] =
 209                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
 210         [OPAL_RANDOM] =
 211                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
 212         [OPAL_ERASE] =
 213                 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
 214 };
 215
 216 typedef int (cont_fn)(struct opal_dev *dev);
 217
 218 static int end_opal_session_error(struct opal_dev *dev);
 219
 220 struct opal_suspend_data {
 221         struct opal_lock_unlock unlk;
 222         u8 lr;
 223         struct list_head node;
 224 };
 225
 226 /*
 227  * Derived from:
 228  * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
 229  * Section: 5.1.5 Method Status Codes
 230  */
 231 static const char * const opal_errors[] = {
 232         "Success",
 233         "Not Authorized",
 234         "Unknown Error",
 235         "SP Busy",
 236         "SP Failed",
 237         "SP Disabled",
 238         "SP Frozen",
 239         "No Sessions Available",
 240         "Uniqueness Conflict",
 241         "Insufficient Space",
 242         "Insufficient Rows",
 243         "Invalid Function",
 244         "Invalid Parameter",
 245         "Invalid Reference",
 246         "Unknown Error",
 247         "TPER Malfunction",
 248         "Transaction Failure",
 249         "Response Overflow",
 250         "Authority Locked Out",
 251 };
 252
 253 static const char *opal_error_to_human(int error)
 254 {
 255         if (error == 0x3f)
 256                 return "Failed";
 257
 258         if (error >= ARRAY_SIZE(opal_errors) || error < 0)
 259                 return "Unknown Error";
 260
 261         return opal_errors[error];
 262 }
 263
 264 static void print_buffer(const u8 *ptr, u32 length)
 265 {
 266 #ifdef DEBUG
 267         print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
 268         pr_debug("\n");
 269 #endif
 270 }
 271
 272 static bool check_tper(const void *data)
 273 {
 274         const struct d0_tper_features *tper = data;
 275         u8 flags = tper->supported_features;
 276
 277         if (!(flags & TPER_SYNC_SUPPORTED)) {
 278                 pr_err("TPer sync not supported. flags = %d\n",
 279                        tper->supported_features);
 280                 return false;
 281         }
 282
 283         return true;
 284 }
 285
 286 static bool check_sum(const void *data)
 287 {
 288         const struct d0_single_user_mode *sum = data;
 289         u32 nlo = be32_to_cpu(sum->num_locking_objects);
 290
 291         if (nlo == 0) {
 292                 pr_err("Need at least one locking object.\n");
 293                 return false;
 294         }
 295
 296         pr_debug("Number of locking objects: %d\n", nlo);
 297
 298         return true;
 299 }
 300
 301 static u16 get_comid_v100(const void *data)
 302 {
 303         const struct d0_opal_v100 *v100 = data;
 304
 305         return be16_to_cpu(v100->baseComID);
 306 }
 307
 308 static u16 get_comid_v200(const void *data)
 309 {
 310         const struct d0_opal_v200 *v200 = data;
 311
 312         return be16_to_cpu(v200->baseComID);
 313 }
 314
 315 static int opal_send_cmd(struct opal_dev *dev)
 316 {
 317         return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
 318                               dev->cmd, IO_BUFFER_LENGTH,
 319                               true);
 320 }
 321
 322 static int opal_recv_cmd(struct opal_dev *dev)
 323 {
 324         return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
 325                               dev->resp, IO_BUFFER_LENGTH,
 326                               false);
 327 }
 328
 329 static int opal_recv_check(struct opal_dev *dev)
 330 {
 331         size_t buflen = IO_BUFFER_LENGTH;
 332         void *buffer = dev->resp;
 333         struct opal_header *hdr = buffer;
 334         int ret;
 335
 336         do {
 337                 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
 338                          hdr->cp.outstandingData,
 339                          hdr->cp.minTransfer);
 340
 341                 if (hdr->cp.outstandingData == 0 ||
 342                     hdr->cp.minTransfer != 0)
 343                         return 0;
 344
 345                 memset(buffer, 0, buflen);
 346                 ret = opal_recv_cmd(dev);
 347         } while (!ret);
 348
 349         return ret;
 350 }
 351
 352 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
 353 {
 354         int ret;
 355
 356         ret = opal_send_cmd(dev);
 357         if (ret)
 358                 return ret;
 359         ret = opal_recv_cmd(dev);
 360         if (ret)
 361                 return ret;
 362         ret = opal_recv_check(dev);
 363         if (ret)
 364                 return ret;
 365         return cont(dev);
 366 }
 367
 368 static void check_geometry(struct opal_dev *dev, const void *data)
 369 {
 370         const struct d0_geometry_features *geo = data;
 371
 372         dev->align = geo->alignment_granularity;
 373         dev->lowest_lba = geo->lowest_aligned_lba;
 374 }
 375
 376 static int next(struct opal_dev *dev)
 377 {
 378         opal_step func;
 379         int error = 0;
 380
 381         do {
 382                 func = dev->funcs[dev->state];
 383                 if (!func)
 384                         break;
 385
 386                 error = func(dev);
 387                 if (error) {
 388                         pr_err("Error on step function: %d with error %d: %s\n",
 389                                dev->state, error,
 390                                opal_error_to_human(error));
 391
 392                         /* For each OPAL command we do a discovery0 then we
 393                          * start some sort of session.
 394                          * If we haven't passed state 1 then there was an error
 395                          * on discovery0 or during the attempt to start a
 396                          * session. Therefore we shouldn't attempt to terminate
 397                          * a session, as one has not yet been created.
 398                          */
 399                         if (dev->state > 1)
 400                                 return end_opal_session_error(dev);
 401                 }
 402                 dev->state++;
 403         } while (!error);
 404
 405         return error;
 406 }
 407
 408 static int opal_discovery0_end(struct opal_dev *dev)
 409 {
 410         bool found_com_id = false, supported = true, single_user = false;
 411         const struct d0_header *hdr = (struct d0_header *)dev->resp;
 412         const u8 *epos = dev->resp, *cpos = dev->resp;
 413         u16 comid = 0;
 414         u32 hlen = be32_to_cpu(hdr->length);
 415
 416         print_buffer(dev->resp, hlen);
 417
 418         if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
 419                 pr_warn("Discovery length overflows buffer (%zu+%u)/%u\n",
 420                         sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
 421                 return -EFAULT;
 422         }
 423
 424         epos += hlen; /* end of buffer */
 425         cpos += sizeof(*hdr); /* current position on buffer */
 426
 427         while (cpos < epos && supported) {
 428                 const struct d0_features *body =
 429                         (const struct d0_features *)cpos;
 430
 431                 switch (be16_to_cpu(body->code)) {
 432                 case FC_TPER:
 433                         supported = check_tper(body->features);
 434                         break;
 435                 case FC_SINGLEUSER:
 436                         single_user = check_sum(body->features);
 437                         break;
 438                 case FC_GEOMETRY:
 439                         check_geometry(dev, body);
 440                         break;
 441                 case FC_LOCKING:
 442                 case FC_ENTERPRISE:
 443                 case FC_DATASTORE:
 444                         /* some ignored properties */
 445                         pr_debug("Found OPAL feature description: %d\n",
 446                                  be16_to_cpu(body->code));
 447                         break;
 448                 case FC_OPALV100:
 449                         comid = get_comid_v100(body->features);
 450                         found_com_id = true;
 451                         break;
 452                 case FC_OPALV200:
 453                         comid = get_comid_v200(body->features);
 454                         found_com_id = true;
 455                         break;
 456                 case 0xbfff ... 0xffff:
 457                         /* vendor specific, just ignore */
 458                         break;
 459                 default:
 460                         pr_debug("OPAL Unknown feature: %d\n",
 461                                  be16_to_cpu(body->code));
 462
 463                 }
 464                 cpos += body->length + 4;
 465         }
 466
 467         if (!supported) {
 468                 pr_debug("This device is not Opal enabled. Not Supported!\n");
 469                 return -EOPNOTSUPP;
 470         }
 471
 472         if (!single_user)
 473                 pr_debug("Device doesn't support single user mode\n");
 474
 475
 476         if (!found_com_id) {
 477                 pr_debug("Could not find OPAL comid for device. Returning early\n");
 478                 return -EOPNOTSUPP;;
 479         }
 480
 481         dev->comid = comid;
 482
 483         return 0;
 484 }
 485
 486 static int opal_discovery0(struct opal_dev *dev)
 487 {
 488         int ret;
 489
 490         memset(dev->resp, 0, IO_BUFFER_LENGTH);
 491         dev->comid = OPAL_DISCOVERY_COMID;
 492         ret = opal_recv_cmd(dev);
 493         if (ret)
 494                 return ret;
 495         return opal_discovery0_end(dev);
 496 }
 497
 498 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
 499 {
 500         if (*err)
 501                 return;
 502         if (cmd->pos >= IO_BUFFER_LENGTH - 1) {
 503                 pr_err("Error adding u8: end of buffer.\n");
 504                 *err = -ERANGE;
 505                 return;
 506         }
 507         cmd->cmd[cmd->pos++] = tok;
 508 }
 509
 510 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
 511                                   bool has_sign, int len)
 512 {
 513         u8 atom;
 514         int err = 0;
 515
 516         atom = SHORT_ATOM_ID;
 517         atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
 518         atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
 519         atom |= len & SHORT_ATOM_LEN_MASK;
 520
 521         add_token_u8(&err, cmd, atom);
 522 }
 523
 524 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
 525                                    bool has_sign, int len)
 526 {
 527         u8 header0;
 528
 529         header0 = MEDIUM_ATOM_ID;
 530         header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
 531         header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
 532         header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
 533         cmd->cmd[cmd->pos++] = header0;
 534         cmd->cmd[cmd->pos++] = len;
 535 }
 536
 537 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
 538 {
 539
 540         size_t len;
 541         int msb;
 542         u8 n;
 543
 544         if (!(number & ~TINY_ATOM_DATA_MASK)) {
 545                 add_token_u8(err, cmd, number);
 546                 return;
 547         }
 548
 549         msb = fls(number);
 550         len = DIV_ROUND_UP(msb, 4);
 551
 552         if (cmd->pos >= IO_BUFFER_LENGTH - len - 1) {
 553                 pr_err("Error adding u64: end of buffer.\n");
 554                 *err = -ERANGE;
 555                 return;
 556         }
 557         add_short_atom_header(cmd, false, false, len);
 558         while (len--) {
 559                 n = number >> (len * 8);
 560                 add_token_u8(err, cmd, n);
 561         }
 562 }
 563
 564 static void add_token_bytestring(int *err, struct opal_dev *cmd,
 565                                  const u8 *bytestring, size_t len)
 566 {
 567         size_t header_len = 1;
 568         bool is_short_atom = true;
 569
 570         if (*err)
 571                 return;
 572
 573         if (len & ~SHORT_ATOM_LEN_MASK) {
 574                 header_len = 2;
 575                 is_short_atom = false;
 576         }
 577
 578         if (len >= IO_BUFFER_LENGTH - cmd->pos - header_len) {
 579                 pr_err("Error adding bytestring: end of buffer.\n");
 580                 *err = -ERANGE;
 581                 return;
 582         }
 583
 584         if (is_short_atom)
 585                 add_short_atom_header(cmd, true, false, len);
 586         else
 587                 add_medium_atom_header(cmd, true, false, len);
 588
 589         memcpy(&cmd->cmd[cmd->pos], bytestring, len);
 590         cmd->pos += len;
 591
 592 }
 593
 594 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
 595 {
 596         if (length > OPAL_UID_LENGTH) {
 597                 pr_err("Can't build locking range. Length OOB\n");
 598                 return -ERANGE;
 599         }
 600
 601         memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
 602
 603         if (lr == 0)
 604                 return 0;
 605         buffer[5] = LOCKING_RANGE_NON_GLOBAL;
 606         buffer[7] = lr;
 607
 608         return 0;
 609 }
 610
 611 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
 612 {
 613         if (length > OPAL_UID_LENGTH) {
 614                 pr_err("Can't build locking range user, Length OOB\n");
 615                 return -ERANGE;
 616         }
 617
 618         memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
 619
 620         buffer[7] = lr + 1;
 621
 622         return 0;
 623 }
 624
 625 static void set_comid(struct opal_dev *cmd, u16 comid)
 626 {
 627         struct opal_header *hdr = (struct opal_header *)cmd->cmd;
 628
 629         hdr->cp.extendedComID[0] = comid >> 8;
 630         hdr->cp.extendedComID[1] = comid;
 631         hdr->cp.extendedComID[2] = 0;
 632         hdr->cp.extendedComID[3] = 0;
 633 }
 634
 635 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
 636 {
 637         struct opal_header *hdr;
 638         int err = 0;
 639
 640         add_token_u8(&err, cmd, OPAL_ENDOFDATA);
 641         add_token_u8(&err, cmd, OPAL_STARTLIST);
 642         add_token_u8(&err, cmd, 0);
 643         add_token_u8(&err, cmd, 0);
 644         add_token_u8(&err, cmd, 0);
 645         add_token_u8(&err, cmd, OPAL_ENDLIST);
 646
 647         if (err) {
 648                 pr_err("Error finalizing command.\n");
 649                 return -EFAULT;
 650         }
 651
 652         hdr = (struct opal_header *) cmd->cmd;
 653
 654         hdr->pkt.tsn = cpu_to_be32(tsn);
 655         hdr->pkt.hsn = cpu_to_be32(hsn);
 656
 657         hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
 658         while (cmd->pos % 4) {
 659                 if (cmd->pos >= IO_BUFFER_LENGTH) {
 660                         pr_err("Error: Buffer overrun\n");
 661                         return -ERANGE;
 662                 }
 663                 cmd->cmd[cmd->pos++] = 0;
 664         }
 665         hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
 666                                       sizeof(hdr->pkt));
 667         hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
 668
 669         return 0;
 670 }
 671
 672 static const struct opal_resp_tok *response_get_token(
 673                                 const struct parsed_resp *resp,
 674                                 int n)
 675 {
 676         const struct opal_resp_tok *tok;
 677
 678         if (n >= resp->num) {
 679                 pr_err("Token number doesn't exist: %d, resp: %d\n",
 680                        n, resp->num);
 681                 return ERR_PTR(-EINVAL);
 682         }
 683
 684         tok = &resp->toks[n];
 685         if (tok->len == 0) {
 686                 pr_err("Token length must be non-zero\n");
 687                 return ERR_PTR(-EINVAL);
 688         }
 689
 690         return tok;
 691 }
 692
 693 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
 694                                    const u8 *pos)
 695 {
 696         tok->pos = pos;
 697         tok->len = 1;
 698         tok->width = OPAL_WIDTH_TINY;
 699
 700         if (pos[0] & TINY_ATOM_SIGNED) {
 701                 tok->type = OPAL_DTA_TOKENID_SINT;
 702         } else {
 703                 tok->type = OPAL_DTA_TOKENID_UINT;
 704                 tok->stored.u = pos[0] & 0x3f;
 705         }
 706
 707         return tok->len;
 708 }
 709
 710 static ssize_t response_parse_short(struct opal_resp_tok *tok,
 711                                     const u8 *pos)
 712 {
 713         tok->pos = pos;
 714         tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
 715         tok->width = OPAL_WIDTH_SHORT;
 716
 717         if (pos[0] & SHORT_ATOM_BYTESTRING) {
 718                 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
 719         } else if (pos[0] & SHORT_ATOM_SIGNED) {
 720                 tok->type = OPAL_DTA_TOKENID_SINT;
 721         } else {
 722                 u64 u_integer = 0;
 723                 ssize_t i, b = 0;
 724
 725                 tok->type = OPAL_DTA_TOKENID_UINT;
 726                 if (tok->len > 9) {
 727                         pr_warn("uint64 with more than 8 bytes\n");
 728                         return -EINVAL;
 729                 }
 730                 for (i = tok->len - 1; i > 0; i--) {
 731                         u_integer |= ((u64)pos[i] << (8 * b));
 732                         b++;
 733                 }
 734                 tok->stored.u = u_integer;
 735         }
 736
 737         return tok->len;
 738 }
 739
 740 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
 741                                      const u8 *pos)
 742 {
 743         tok->pos = pos;
 744         tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
 745         tok->width = OPAL_WIDTH_MEDIUM;
 746
 747         if (pos[0] & MEDIUM_ATOM_BYTESTRING)
 748                 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
 749         else if (pos[0] & MEDIUM_ATOM_SIGNED)
 750                 tok->type = OPAL_DTA_TOKENID_SINT;
 751         else
 752                 tok->type = OPAL_DTA_TOKENID_UINT;
 753
 754         return tok->len;
 755 }
 756
 757 static ssize_t response_parse_long(struct opal_resp_tok *tok,
 758                                    const u8 *pos)
 759 {
 760         tok->pos = pos;
 761         tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
 762         tok->width = OPAL_WIDTH_LONG;
 763
 764         if (pos[0] & LONG_ATOM_BYTESTRING)
 765                 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
 766         else if (pos[0] & LONG_ATOM_SIGNED)
 767                 tok->type = OPAL_DTA_TOKENID_SINT;
 768         else
 769                 tok->type = OPAL_DTA_TOKENID_UINT;
 770
 771         return tok->len;
 772 }
 773
 774 static ssize_t response_parse_token(struct opal_resp_tok *tok,
 775                                     const u8 *pos)
 776 {
 777         tok->pos = pos;
 778         tok->len = 1;
 779         tok->type = OPAL_DTA_TOKENID_TOKEN;
 780         tok->width = OPAL_WIDTH_TOKEN;
 781
 782         return tok->len;
 783 }
 784
 785 static int response_parse(const u8 *buf, size_t length,
 786                           struct parsed_resp *resp)
 787 {
 788         const struct opal_header *hdr;
 789         struct opal_resp_tok *iter;
 790         int num_entries = 0;
 791         int total;
 792         ssize_t token_length;
 793         const u8 *pos;
 794         u32 clen, plen, slen;
 795
 796         if (!buf)
 797                 return -EFAULT;
 798
 799         if (!resp)
 800                 return -EFAULT;
 801
 802         hdr = (struct opal_header *)buf;
 803         pos = buf;
 804         pos += sizeof(*hdr);
 805
 806         clen = be32_to_cpu(hdr->cp.length);
 807         plen = be32_to_cpu(hdr->pkt.length);
 808         slen = be32_to_cpu(hdr->subpkt.length);
 809         pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
 810                  clen, plen, slen);
 811
 812         if (clen == 0 || plen == 0 || slen == 0 ||
 813             slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
 814                 pr_err("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
 815                        clen, plen, slen);
 816                 print_buffer(pos, sizeof(*hdr));
 817                 return -EINVAL;
 818         }
 819
 820         if (pos > buf + length)
 821                 return -EFAULT;
 822
 823         iter = resp->toks;
 824         total = slen;
 825         print_buffer(pos, total);
 826         while (total > 0) {
 827                 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
 828                         token_length = response_parse_tiny(iter, pos);
 829                 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
 830                         token_length = response_parse_short(iter, pos);
 831                 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
 832                         token_length = response_parse_medium(iter, pos);
 833                 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
 834                         token_length = response_parse_long(iter, pos);
 835                 else /* TOKEN */
 836                         token_length = response_parse_token(iter, pos);
 837
 838                 if (token_length < 0)
 839                         return token_length;
 840
 841                 pos += token_length;
 842                 total -= token_length;
 843                 iter++;
 844                 num_entries++;
 845         }
 846
 847         if (num_entries == 0) {
 848                 pr_err("Couldn't parse response.\n");
 849                 return -EINVAL;
 850         }
 851         resp->num = num_entries;
 852
 853         return 0;
 854 }
 855
 856 static size_t response_get_string(const struct parsed_resp *resp, int n,
 857                                   const char **store)
 858 {
 859         *store = NULL;
 860         if (!resp) {
 861                 pr_err("Response is NULL\n");
 862                 return 0;
 863         }
 864
 865         if (n > resp->num) {
 866                 pr_err("Response has %d tokens. Can't access %d\n",
 867                        resp->num, n);
 868                 return 0;
 869         }
 870
 871         if (resp->toks[n].type != OPAL_DTA_TOKENID_BYTESTRING) {
 872                 pr_err("Token is not a byte string!\n");
 873                 return 0;
 874         }
 875
 876         *store = resp->toks[n].pos + 1;
 877         return resp->toks[n].len - 1;
 878 }
 879
 880 static u64 response_get_u64(const struct parsed_resp *resp, int n)
 881 {
 882         if (!resp) {
 883                 pr_err("Response is NULL\n");
 884                 return 0;
 885         }
 886
 887         if (n > resp->num) {
 888                 pr_err("Response has %d tokens. Can't access %d\n",
 889                        resp->num, n);
 890                 return 0;
 891         }
 892
 893         if (resp->toks[n].type != OPAL_DTA_TOKENID_UINT) {
 894                 pr_err("Token is not unsigned it: %d\n",
 895                        resp->toks[n].type);
 896                 return 0;
 897         }
 898
 899         if (!(resp->toks[n].width == OPAL_WIDTH_TINY ||
 900               resp->toks[n].width == OPAL_WIDTH_SHORT)) {
 901                 pr_err("Atom is not short or tiny: %d\n",
 902                        resp->toks[n].width);
 903                 return 0;
 904         }
 905
 906         return resp->toks[n].stored.u;
 907 }
 908
 909 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
 910 {
 911         if (IS_ERR(token) ||
 912             token->type != OPAL_DTA_TOKENID_TOKEN ||
 913             token->pos[0] != match)
 914                 return false;
 915         return true;
 916 }
 917
 918 static u8 response_status(const struct parsed_resp *resp)
 919 {
 920         const struct opal_resp_tok *tok;
 921
 922         tok = response_get_token(resp, 0);
 923         if (response_token_matches(tok, OPAL_ENDOFSESSION))
 924                 return 0;
 925
 926         if (resp->num < 5)
 927                 return DTAERROR_NO_METHOD_STATUS;
 928
 929         tok = response_get_token(resp, resp->num - 5);
 930         if (!response_token_matches(tok, OPAL_STARTLIST))
 931                 return DTAERROR_NO_METHOD_STATUS;
 932
 933         tok = response_get_token(resp, resp->num - 1);
 934         if (!response_token_matches(tok, OPAL_ENDLIST))
 935                 return DTAERROR_NO_METHOD_STATUS;
 936
 937         return response_get_u64(resp, resp->num - 4);
 938 }
 939
 940 /* Parses and checks for errors */
 941 static int parse_and_check_status(struct opal_dev *dev)
 942 {
 943         int error;
 944
 945         print_buffer(dev->cmd, dev->pos);
 946
 947         error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
 948         if (error) {
 949                 pr_err("Couldn't parse response.\n");
 950                 return error;
 951         }
 952
 953         return response_status(&dev->parsed);
 954 }
 955
 956 static void clear_opal_cmd(struct opal_dev *dev)
 957 {
 958         dev->pos = sizeof(struct opal_header);
 959         memset(dev->cmd, 0, IO_BUFFER_LENGTH);
 960 }
 961
 962 static int start_opal_session_cont(struct opal_dev *dev)
 963 {
 964         u32 hsn, tsn;
 965         int error = 0;
 966
 967         error = parse_and_check_status(dev);
 968         if (error)
 969                 return error;
 970
 971         hsn = response_get_u64(&dev->parsed, 4);
 972         tsn = response_get_u64(&dev->parsed, 5);
 973
 974         if (hsn == 0 && tsn == 0) {
 975                 pr_err("Couldn't authenticate session\n");
 976                 return -EPERM;
 977         }
 978
 979         dev->hsn = hsn;
 980         dev->tsn = tsn;
 981         return 0;
 982 }
 983
 984 static void add_suspend_info(struct opal_dev *dev,
 985                              struct opal_suspend_data *sus)
 986 {
 987         struct opal_suspend_data *iter;
 988
 989         list_for_each_entry(iter, &dev->unlk_lst, node) {
 990                 if (iter->lr == sus->lr) {
 991                         list_del(&iter->node);
 992                         kfree(iter);
 993                         break;
 994                 }
 995         }
 996         list_add_tail(&sus->node, &dev->unlk_lst);
 997 }
 998
 999 static int end_session_cont(struct opal_dev *dev)
1000 {
1001         dev->hsn = 0;
1002         dev->tsn = 0;
1003         return parse_and_check_status(dev);
1004 }
1005
1006 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1007 {
1008         int ret;
1009
1010         ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1011         if (ret) {
1012                 pr_err("Error finalizing command buffer: %d\n", ret);
1013                 return ret;
1014         }
1015
1016         print_buffer(dev->cmd, dev->pos);
1017
1018         return opal_send_recv(dev, cont);
1019 }
1020
1021 static int gen_key(struct opal_dev *dev)
1022 {
1023         const u8 *method;
1024         u8 uid[OPAL_UID_LENGTH];
1025         int err = 0;
1026
1027         clear_opal_cmd(dev);
1028         set_comid(dev, dev->comid);
1029
1030         memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1031         method = opalmethod[OPAL_GENKEY];
1032         kfree(dev->prev_data);
1033         dev->prev_data = NULL;
1034
1035         add_token_u8(&err, dev, OPAL_CALL);
1036         add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1037         add_token_bytestring(&err, dev, opalmethod[OPAL_GENKEY],
1038                              OPAL_UID_LENGTH);
1039         add_token_u8(&err, dev, OPAL_STARTLIST);
1040         add_token_u8(&err, dev, OPAL_ENDLIST);
1041
1042         if (err) {
1043                 pr_err("Error building gen key command\n");
1044                 return err;
1045
1046         }
1047         return finalize_and_send(dev, parse_and_check_status);
1048 }
1049
1050 static int get_active_key_cont(struct opal_dev *dev)
1051 {
1052         const char *activekey;
1053         size_t keylen;
1054         int error = 0;
1055
1056         error = parse_and_check_status(dev);
1057         if (error)
1058                 return error;
1059         keylen = response_get_string(&dev->parsed, 4, &activekey);
1060         if (!activekey) {
1061                 pr_err("%s: Couldn't extract the Activekey from the response\n",
1062                        __func__);
1063                 return OPAL_INVAL_PARAM;
1064         }
1065         dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1066
1067         if (!dev->prev_data)
1068                 return -ENOMEM;
1069
1070         dev->prev_d_len = keylen;
1071
1072         return 0;
1073 }
1074
1075 static int get_active_key(struct opal_dev *dev)
1076 {
1077         u8 uid[OPAL_UID_LENGTH];
1078         int err = 0;
1079         u8 *lr;
1080
1081         clear_opal_cmd(dev);
1082         set_comid(dev, dev->comid);
1083         lr = dev->func_data[dev->state];
1084
1085         err = build_locking_range(uid, sizeof(uid), *lr);
1086         if (err)
1087                 return err;
1088
1089         err = 0;
1090         add_token_u8(&err, dev, OPAL_CALL);
1091         add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1092         add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1093         add_token_u8(&err, dev, OPAL_STARTLIST);
1094         add_token_u8(&err, dev, OPAL_STARTLIST);
1095         add_token_u8(&err, dev, OPAL_STARTNAME);
1096         add_token_u8(&err, dev, 3); /* startCloumn */
1097         add_token_u8(&err, dev, 10); /* ActiveKey */
1098         add_token_u8(&err, dev, OPAL_ENDNAME);
1099         add_token_u8(&err, dev, OPAL_STARTNAME);
1100         add_token_u8(&err, dev, 4); /* endColumn */
1101         add_token_u8(&err, dev, 10); /* ActiveKey */
1102         add_token_u8(&err, dev, OPAL_ENDNAME);
1103         add_token_u8(&err, dev, OPAL_ENDLIST);
1104         add_token_u8(&err, dev, OPAL_ENDLIST);
1105         if (err) {
1106                 pr_err("Error building get active key command\n");
1107                 return err;
1108         }
1109
1110         return finalize_and_send(dev, get_active_key_cont);
1111 }
1112
1113 static int generic_lr_enable_disable(struct opal_dev *dev,
1114                                      u8 *uid, bool rle, bool wle,
1115                                      bool rl, bool wl)
1116 {
1117         int err = 0;
1118
1119         add_token_u8(&err, dev, OPAL_CALL);
1120         add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1121         add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1122
1123         add_token_u8(&err, dev, OPAL_STARTLIST);
1124         add_token_u8(&err, dev, OPAL_STARTNAME);
1125         add_token_u8(&err, dev, OPAL_VALUES);
1126         add_token_u8(&err, dev, OPAL_STARTLIST);
1127
1128         add_token_u8(&err, dev, OPAL_STARTNAME);
1129         add_token_u8(&err, dev, 5); /* ReadLockEnabled */
1130         add_token_u8(&err, dev, rle);
1131         add_token_u8(&err, dev, OPAL_ENDNAME);
1132
1133         add_token_u8(&err, dev, OPAL_STARTNAME);
1134         add_token_u8(&err, dev, 6); /* WriteLockEnabled */
1135         add_token_u8(&err, dev, wle);
1136         add_token_u8(&err, dev, OPAL_ENDNAME);
1137
1138         add_token_u8(&err, dev, OPAL_STARTNAME);
1139         add_token_u8(&err, dev, OPAL_READLOCKED);
1140         add_token_u8(&err, dev, rl);
1141         add_token_u8(&err, dev, OPAL_ENDNAME);
1142
1143         add_token_u8(&err, dev, OPAL_STARTNAME);
1144         add_token_u8(&err, dev, OPAL_WRITELOCKED);
1145         add_token_u8(&err, dev, wl);
1146         add_token_u8(&err, dev, OPAL_ENDNAME);
1147
1148         add_token_u8(&err, dev, OPAL_ENDLIST);
1149         add_token_u8(&err, dev, OPAL_ENDNAME);
1150         add_token_u8(&err, dev, OPAL_ENDLIST);
1151         return err;
1152 }
1153
1154 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1155                                    struct opal_user_lr_setup *setup)
1156 {
1157         int err;
1158
1159         err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1160                                         0, 0);
1161         if (err)
1162                 pr_err("Failed to create enable global lr command\n");
1163         return err;
1164 }
1165
1166 static int setup_locking_range(struct opal_dev *dev)
1167 {
1168         u8 uid[OPAL_UID_LENGTH];
1169         struct opal_user_lr_setup *setup;
1170         u8 lr;
1171         int err = 0;
1172
1173         clear_opal_cmd(dev);
1174         set_comid(dev, dev->comid);
1175
1176         setup = dev->func_data[dev->state];
1177         lr = setup->session.opal_key.lr;
1178         err = build_locking_range(uid, sizeof(uid), lr);
1179         if (err)
1180                 return err;
1181
1182         if (lr == 0)
1183                 err = enable_global_lr(dev, uid, setup);
1184         else {
1185                 add_token_u8(&err, dev, OPAL_CALL);
1186                 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1187                 add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1188                                      OPAL_UID_LENGTH);
1189
1190                 add_token_u8(&err, dev, OPAL_STARTLIST);
1191                 add_token_u8(&err, dev, OPAL_STARTNAME);
1192                 add_token_u8(&err, dev, OPAL_VALUES);
1193                 add_token_u8(&err, dev, OPAL_STARTLIST);
1194
1195                 add_token_u8(&err, dev, OPAL_STARTNAME);
1196                 add_token_u8(&err, dev, 3); /* Ranges Start */
1197                 add_token_u64(&err, dev, setup->range_start);
1198                 add_token_u8(&err, dev, OPAL_ENDNAME);
1199
1200                 add_token_u8(&err, dev, OPAL_STARTNAME);
1201                 add_token_u8(&err, dev, 4); /* Ranges length */
1202                 add_token_u64(&err, dev, setup->range_length);
1203                 add_token_u8(&err, dev, OPAL_ENDNAME);
1204
1205                 add_token_u8(&err, dev, OPAL_STARTNAME);
1206                 add_token_u8(&err, dev, 5); /*ReadLockEnabled */
1207                 add_token_u64(&err, dev, !!setup->RLE);
1208                 add_token_u8(&err, dev, OPAL_ENDNAME);
1209
1210                 add_token_u8(&err, dev, OPAL_STARTNAME);
1211                 add_token_u8(&err, dev, 6); /*WriteLockEnabled*/
1212                 add_token_u64(&err, dev, !!setup->WLE);
1213                 add_token_u8(&err, dev, OPAL_ENDNAME);
1214
1215                 add_token_u8(&err, dev, OPAL_ENDLIST);
1216                 add_token_u8(&err, dev, OPAL_ENDNAME);
1217                 add_token_u8(&err, dev, OPAL_ENDLIST);
1218
1219         }
1220         if (err) {
1221                 pr_err("Error building Setup Locking range command.\n");
1222                 return err;
1223
1224         }
1225
1226         return finalize_and_send(dev, parse_and_check_status);
1227 }
1228
1229 static int start_generic_opal_session(struct opal_dev *dev,
1230                                       enum opal_uid auth,
1231                                       enum opal_uid sp_type,
1232                                       const char *key,
1233                                       u8 key_len)
1234 {
1235         u32 hsn;
1236         int err = 0;
1237
1238         if (key == NULL && auth != OPAL_ANYBODY_UID) {
1239                 pr_err("%s: Attempted to open ADMIN_SP Session without a Host" \
1240                        "Challenge, and not as the Anybody UID\n", __func__);
1241                 return OPAL_INVAL_PARAM;
1242         }
1243
1244         clear_opal_cmd(dev);
1245
1246         set_comid(dev, dev->comid);
1247         hsn = GENERIC_HOST_SESSION_NUM;
1248
1249         add_token_u8(&err, dev, OPAL_CALL);
1250         add_token_bytestring(&err, dev, opaluid[OPAL_SMUID_UID],
1251                              OPAL_UID_LENGTH);
1252         add_token_bytestring(&err, dev, opalmethod[OPAL_STARTSESSION],
1253                              OPAL_UID_LENGTH);
1254         add_token_u8(&err, dev, OPAL_STARTLIST);
1255         add_token_u64(&err, dev, hsn);
1256         add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1257         add_token_u8(&err, dev, 1);
1258
1259         switch (auth) {
1260         case OPAL_ANYBODY_UID:
1261                 add_token_u8(&err, dev, OPAL_ENDLIST);
1262                 break;
1263         case OPAL_ADMIN1_UID:
1264         case OPAL_SID_UID:
1265                 add_token_u8(&err, dev, OPAL_STARTNAME);
1266                 add_token_u8(&err, dev, 0); /* HostChallenge */
1267                 add_token_bytestring(&err, dev, key, key_len);
1268                 add_token_u8(&err, dev, OPAL_ENDNAME);
1269                 add_token_u8(&err, dev, OPAL_STARTNAME);
1270                 add_token_u8(&err, dev, 3); /* HostSignAuth */
1271                 add_token_bytestring(&err, dev, opaluid[auth],
1272                                      OPAL_UID_LENGTH);
1273                 add_token_u8(&err, dev, OPAL_ENDNAME);
1274                 add_token_u8(&err, dev, OPAL_ENDLIST);
1275                 break;
1276         default:
1277                 pr_err("Cannot start Admin SP session with auth %d\n", auth);
1278                 return OPAL_INVAL_PARAM;
1279         }
1280
1281         if (err) {
1282                 pr_err("Error building start adminsp session command.\n");
1283                 return err;
1284         }
1285
1286         return finalize_and_send(dev, start_opal_session_cont);
1287 }
1288
1289 static int start_anybodyASP_opal_session(struct opal_dev *dev)
1290 {
1291         return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1292                                           OPAL_ADMINSP_UID, NULL, 0);
1293 }
1294
1295 static int start_SIDASP_opal_session(struct opal_dev *dev)
1296 {
1297         int ret;
1298         const u8 *key = dev->prev_data;
1299         struct opal_key *okey;
1300
1301         if (!key) {
1302                 okey = dev->func_data[dev->state];
1303                 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1304                                                  OPAL_ADMINSP_UID,
1305                                                  okey->key,
1306                                                  okey->key_len);
1307         } else {
1308                 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1309                                                  OPAL_ADMINSP_UID,
1310                                                  key, dev->prev_d_len);
1311                 kfree(key);
1312                 dev->prev_data = NULL;
1313         }
1314         return ret;
1315 }
1316
1317 static inline int start_admin1LSP_opal_session(struct opal_dev *dev)
1318 {
1319         struct opal_key *key = dev->func_data[dev->state];
1320
1321         return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1322                                           OPAL_LOCKINGSP_UID,
1323                                           key->key, key->key_len);
1324 }
1325
1326 static int start_auth_opal_session(struct opal_dev *dev)
1327 {
1328         u8 lk_ul_user[OPAL_UID_LENGTH];
1329         int err = 0;
1330
1331         struct opal_session_info *session = dev->func_data[dev->state];
1332         size_t keylen = session->opal_key.key_len;
1333         u8 *key = session->opal_key.key;
1334         u32 hsn = GENERIC_HOST_SESSION_NUM;
1335
1336         clear_opal_cmd(dev);
1337         set_comid(dev, dev->comid);
1338
1339         if (session->sum) {
1340                 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1341                                          session->opal_key.lr);
1342                 if (err)
1343                         return err;
1344
1345         } else if (session->who != OPAL_ADMIN1 && !session->sum) {
1346                 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1347                                          session->who - 1);
1348                 if (err)
1349                         return err;
1350         } else
1351                 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1352
1353         add_token_u8(&err, dev, OPAL_CALL);
1354         add_token_bytestring(&err, dev, opaluid[OPAL_SMUID_UID],
1355                              OPAL_UID_LENGTH);
1356         add_token_bytestring(&err, dev, opalmethod[OPAL_STARTSESSION],
1357                              OPAL_UID_LENGTH);
1358
1359         add_token_u8(&err, dev, OPAL_STARTLIST);
1360         add_token_u64(&err, dev, hsn);
1361         add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1362                              OPAL_UID_LENGTH);
1363         add_token_u8(&err, dev, 1);
1364         add_token_u8(&err, dev, OPAL_STARTNAME);
1365         add_token_u8(&err, dev, 0);
1366         add_token_bytestring(&err, dev, key, keylen);
1367         add_token_u8(&err, dev, OPAL_ENDNAME);
1368         add_token_u8(&err, dev, OPAL_STARTNAME);
1369         add_token_u8(&err, dev, 3);
1370         add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1371         add_token_u8(&err, dev, OPAL_ENDNAME);
1372         add_token_u8(&err, dev, OPAL_ENDLIST);
1373
1374         if (err) {
1375                 pr_err("Error building STARTSESSION command.\n");
1376                 return err;
1377         }
1378
1379         return finalize_and_send(dev, start_opal_session_cont);
1380 }
1381
1382 static int revert_tper(struct opal_dev *dev)
1383 {
1384         int err = 0;
1385
1386         clear_opal_cmd(dev);
1387         set_comid(dev, dev->comid);
1388
1389         add_token_u8(&err, dev, OPAL_CALL);
1390         add_token_bytestring(&err, dev, opaluid[OPAL_ADMINSP_UID],
1391                              OPAL_UID_LENGTH);
1392         add_token_bytestring(&err, dev, opalmethod[OPAL_REVERT],
1393                              OPAL_UID_LENGTH);
1394         add_token_u8(&err, dev, OPAL_STARTLIST);
1395         add_token_u8(&err, dev, OPAL_ENDLIST);
1396         if (err) {
1397                 pr_err("Error building REVERT TPER command.\n");
1398                 return err;
1399         }
1400
1401         return finalize_and_send(dev, parse_and_check_status);
1402 }
1403
1404 static int internal_activate_user(struct opal_dev *dev)
1405 {
1406         struct opal_session_info *session = dev->func_data[dev->state];
1407         u8 uid[OPAL_UID_LENGTH];
1408         int err = 0;
1409
1410         clear_opal_cmd(dev);
1411         set_comid(dev, dev->comid);
1412
1413         memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1414         uid[7] = session->who;
1415
1416         add_token_u8(&err, dev, OPAL_CALL);
1417         add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1418         add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1419         add_token_u8(&err, dev, OPAL_STARTLIST);
1420         add_token_u8(&err, dev, OPAL_STARTNAME);
1421         add_token_u8(&err, dev, OPAL_VALUES);
1422         add_token_u8(&err, dev, OPAL_STARTLIST);
1423         add_token_u8(&err, dev, OPAL_STARTNAME);
1424         add_token_u8(&err, dev, 5); /* Enabled */
1425         add_token_u8(&err, dev, OPAL_TRUE);
1426         add_token_u8(&err, dev, OPAL_ENDNAME);
1427         add_token_u8(&err, dev, OPAL_ENDLIST);
1428         add_token_u8(&err, dev, OPAL_ENDNAME);
1429         add_token_u8(&err, dev, OPAL_ENDLIST);
1430
1431         if (err) {
1432                 pr_err("Error building Activate UserN command.\n");
1433                 return err;
1434         }
1435
1436         return finalize_and_send(dev, parse_and_check_status);
1437 }
1438
1439 static int erase_locking_range(struct opal_dev *dev)
1440 {
1441         struct opal_session_info *session;
1442         u8 uid[OPAL_UID_LENGTH];
1443         int err = 0;
1444
1445         clear_opal_cmd(dev);
1446         set_comid(dev, dev->comid);
1447         session = dev->func_data[dev->state];
1448
1449         if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1450                 return -ERANGE;
1451
1452         add_token_u8(&err, dev, OPAL_CALL);
1453         add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1454         add_token_bytestring(&err, dev, opalmethod[OPAL_ERASE],
1455                              OPAL_UID_LENGTH);
1456         add_token_u8(&err, dev, OPAL_STARTLIST);
1457         add_token_u8(&err, dev, OPAL_ENDLIST);
1458
1459         if (err) {
1460                 pr_err("Error building Erase Locking Range Command.\n");
1461                 return err;
1462         }
1463         return finalize_and_send(dev, parse_and_check_status);
1464 }
1465
1466 static int set_mbr_done(struct opal_dev *dev)
1467 {
1468         u8 mbr_done_tf = *(u8 *)dev->func_data[dev->state];
1469         int err = 0;
1470
1471         clear_opal_cmd(dev);
1472         set_comid(dev, dev->comid);
1473
1474         add_token_u8(&err, dev, OPAL_CALL);
1475         add_token_bytestring(&err, dev, opaluid[OPAL_MBRCONTROL],
1476                              OPAL_UID_LENGTH);
1477         add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1478         add_token_u8(&err, dev, OPAL_STARTLIST);
1479         add_token_u8(&err, dev, OPAL_STARTNAME);
1480         add_token_u8(&err, dev, OPAL_VALUES);
1481         add_token_u8(&err, dev, OPAL_STARTLIST);
1482         add_token_u8(&err, dev, OPAL_STARTNAME);
1483         add_token_u8(&err, dev, 2); /* Done */
1484         add_token_u8(&err, dev, mbr_done_tf); /* Done T or F */
1485         add_token_u8(&err, dev, OPAL_ENDNAME);
1486         add_token_u8(&err, dev, OPAL_ENDLIST);
1487         add_token_u8(&err, dev, OPAL_ENDNAME);
1488         add_token_u8(&err, dev, OPAL_ENDLIST);
1489
1490         if (err) {
1491                 pr_err("Error Building set MBR Done command\n");
1492                 return err;
1493         }
1494
1495         return finalize_and_send(dev, parse_and_check_status);
1496 }
1497
1498 static int set_mbr_enable_disable(struct opal_dev *dev)
1499 {
1500         u8 mbr_en_dis = *(u8 *)dev->func_data[dev->state];
1501         int err = 0;
1502
1503         clear_opal_cmd(dev);
1504         set_comid(dev, dev->comid);
1505
1506         add_token_u8(&err, dev, OPAL_CALL);
1507         add_token_bytestring(&err, dev, opaluid[OPAL_MBRCONTROL],
1508                              OPAL_UID_LENGTH);
1509         add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1510         add_token_u8(&err, dev, OPAL_STARTLIST);
1511         add_token_u8(&err, dev, OPAL_STARTNAME);
1512         add_token_u8(&err, dev, OPAL_VALUES);
1513         add_token_u8(&err, dev, OPAL_STARTLIST);
1514         add_token_u8(&err, dev, OPAL_STARTNAME);
1515         add_token_u8(&err, dev, 1);
1516         add_token_u8(&err, dev, mbr_en_dis);
1517         add_token_u8(&err, dev, OPAL_ENDNAME);
1518         add_token_u8(&err, dev, OPAL_ENDLIST);
1519         add_token_u8(&err, dev, OPAL_ENDNAME);
1520         add_token_u8(&err, dev, OPAL_ENDLIST);
1521
1522         if (err) {
1523                 pr_err("Error Building set MBR done command\n");
1524                 return err;
1525         }
1526
1527         return finalize_and_send(dev, parse_and_check_status);
1528 }
1529
1530 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1531                           struct opal_dev *dev)
1532 {
1533         int err = 0;
1534
1535         clear_opal_cmd(dev);
1536         set_comid(dev, dev->comid);
1537
1538         add_token_u8(&err, dev, OPAL_CALL);
1539         add_token_bytestring(&err, dev, cpin_uid, OPAL_UID_LENGTH);
1540         add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1541                              OPAL_UID_LENGTH);
1542         add_token_u8(&err, dev, OPAL_STARTLIST);
1543         add_token_u8(&err, dev, OPAL_STARTNAME);
1544         add_token_u8(&err, dev, OPAL_VALUES);
1545         add_token_u8(&err, dev, OPAL_STARTLIST);
1546         add_token_u8(&err, dev, OPAL_STARTNAME);
1547         add_token_u8(&err, dev, 3); /* PIN */
1548         add_token_bytestring(&err, dev, key, key_len);
1549         add_token_u8(&err, dev, OPAL_ENDNAME);
1550         add_token_u8(&err, dev, OPAL_ENDLIST);
1551         add_token_u8(&err, dev, OPAL_ENDNAME);
1552         add_token_u8(&err, dev, OPAL_ENDLIST);
1553
1554         return err;
1555 }
1556
1557 static int set_new_pw(struct opal_dev *dev)
1558 {
1559         u8 cpin_uid[OPAL_UID_LENGTH];
1560         struct opal_session_info *usr = dev->func_data[dev->state];
1561
1562
1563         memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
1564
1565         if (usr->who != OPAL_ADMIN1) {
1566                 cpin_uid[5] = 0x03;
1567                 if (usr->sum)
1568                         cpin_uid[7] = usr->opal_key.lr + 1;
1569                 else
1570                         cpin_uid[7] = usr->who;
1571         }
1572
1573         if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
1574                            cpin_uid, dev)) {
1575                 pr_err("Error building set password command.\n");
1576                 return -ERANGE;
1577         }
1578
1579         return finalize_and_send(dev, parse_and_check_status);
1580 }
1581
1582 static int set_sid_cpin_pin(struct opal_dev *dev)
1583 {
1584         u8 cpin_uid[OPAL_UID_LENGTH];
1585         struct opal_key *key = dev->func_data[dev->state];
1586
1587         memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
1588
1589         if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
1590                 pr_err("Error building Set SID cpin\n");
1591                 return -ERANGE;
1592         }
1593         return finalize_and_send(dev, parse_and_check_status);
1594 }
1595
1596 static int add_user_to_lr(struct opal_dev *dev)
1597 {
1598         u8 lr_buffer[OPAL_UID_LENGTH];
1599         u8 user_uid[OPAL_UID_LENGTH];
1600         struct opal_lock_unlock *lkul;
1601         int err = 0;
1602
1603         clear_opal_cmd(dev);
1604         set_comid(dev, dev->comid);
1605
1606         lkul = dev->func_data[dev->state];
1607
1608         memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
1609                OPAL_UID_LENGTH);
1610
1611         if (lkul->l_state == OPAL_RW)
1612                 memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
1613                        OPAL_UID_LENGTH);
1614
1615         lr_buffer[7] = lkul->session.opal_key.lr;
1616
1617         memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1618
1619         user_uid[7] = lkul->session.who;
1620
1621         add_token_u8(&err, dev, OPAL_CALL);
1622         add_token_bytestring(&err, dev, lr_buffer, OPAL_UID_LENGTH);
1623         add_token_bytestring(&err, dev, opalmethod[OPAL_SET],
1624                              OPAL_UID_LENGTH);
1625
1626         add_token_u8(&err, dev, OPAL_STARTLIST);
1627         add_token_u8(&err, dev, OPAL_STARTNAME);
1628         add_token_u8(&err, dev, OPAL_VALUES);
1629
1630         add_token_u8(&err, dev, OPAL_STARTLIST);
1631         add_token_u8(&err, dev, OPAL_STARTNAME);
1632         add_token_u8(&err, dev, 3);
1633
1634         add_token_u8(&err, dev, OPAL_STARTLIST);
1635
1636
1637         add_token_u8(&err, dev, OPAL_STARTNAME);
1638         add_token_bytestring(&err, dev,
1639                              opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1640                              OPAL_UID_LENGTH/2);
1641         add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1642         add_token_u8(&err, dev, OPAL_ENDNAME);
1643
1644
1645         add_token_u8(&err, dev, OPAL_STARTNAME);
1646         add_token_bytestring(&err, dev,
1647                              opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
1648                              OPAL_UID_LENGTH/2);
1649         add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
1650         add_token_u8(&err, dev, OPAL_ENDNAME);
1651
1652
1653         add_token_u8(&err, dev, OPAL_STARTNAME);
1654         add_token_bytestring(&err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
1655                              OPAL_UID_LENGTH/2);
1656         add_token_u8(&err, dev, 1);
1657         add_token_u8(&err, dev, OPAL_ENDNAME);
1658
1659
1660         add_token_u8(&err, dev, OPAL_ENDLIST);
1661         add_token_u8(&err, dev, OPAL_ENDNAME);
1662         add_token_u8(&err, dev, OPAL_ENDLIST);
1663         add_token_u8(&err, dev, OPAL_ENDNAME);
1664         add_token_u8(&err, dev, OPAL_ENDLIST);
1665
1666         if (err) {
1667                 pr_err("Error building add user to locking range command.\n");
1668                 return err;
1669         }
1670
1671         return finalize_and_send(dev, parse_and_check_status);
1672 }
1673
1674 static int lock_unlock_locking_range(struct opal_dev *dev)
1675 {
1676         u8 lr_buffer[OPAL_UID_LENGTH];
1677         const u8 *method;
1678         struct opal_lock_unlock *lkul;
1679         u8 read_locked = 1, write_locked = 1;
1680         int err = 0;
1681
1682         clear_opal_cmd(dev);
1683         set_comid(dev, dev->comid);
1684
1685         method = opalmethod[OPAL_SET];
1686         lkul = dev->func_data[dev->state];
1687         if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1688                                 lkul->session.opal_key.lr) < 0)
1689                 return -ERANGE;
1690
1691         switch (lkul->l_state) {
1692         case OPAL_RO:
1693                 read_locked = 0;
1694                 write_locked = 1;
1695                 break;
1696         case OPAL_RW:
1697                 read_locked = 0;
1698                 write_locked = 0;
1699                 break;
1700         case OPAL_LK:
1701                 /* vars are initalized to locked */
1702                 break;
1703         default:
1704                 pr_err("Tried to set an invalid locking state... returning to uland\n");
1705                 return OPAL_INVAL_PARAM;
1706         }
1707
1708         add_token_u8(&err, dev, OPAL_CALL);
1709         add_token_bytestring(&err, dev, lr_buffer, OPAL_UID_LENGTH);
1710         add_token_bytestring(&err, dev, opalmethod[OPAL_SET], OPAL_UID_LENGTH);
1711         add_token_u8(&err, dev, OPAL_STARTLIST);
1712         add_token_u8(&err, dev, OPAL_STARTNAME);
1713         add_token_u8(&err, dev, OPAL_VALUES);
1714         add_token_u8(&err, dev, OPAL_STARTLIST);
1715
1716         add_token_u8(&err, dev, OPAL_STARTNAME);
1717         add_token_u8(&err, dev, OPAL_READLOCKED);
1718         add_token_u8(&err, dev, read_locked);
1719         add_token_u8(&err, dev, OPAL_ENDNAME);
1720
1721         add_token_u8(&err, dev, OPAL_STARTNAME);
1722         add_token_u8(&err, dev, OPAL_WRITELOCKED);
1723         add_token_u8(&err, dev, write_locked);
1724         add_token_u8(&err, dev, OPAL_ENDNAME);
1725
1726         add_token_u8(&err, dev, OPAL_ENDLIST);
1727         add_token_u8(&err, dev, OPAL_ENDNAME);
1728         add_token_u8(&err, dev, OPAL_ENDLIST);
1729
1730         if (err) {
1731                 pr_err("Error building SET command.\n");
1732                 return err;
1733         }
1734         return finalize_and_send(dev, parse_and_check_status);
1735 }
1736
1737
1738 static int lock_unlock_locking_range_sum(struct opal_dev *dev)
1739 {
1740         u8 lr_buffer[OPAL_UID_LENGTH];
1741         u8 read_locked = 1, write_locked = 1;
1742         const u8 *method;
1743         struct opal_lock_unlock *lkul;
1744         int ret;
1745
1746         clear_opal_cmd(dev);
1747         set_comid(dev, dev->comid);
1748
1749         method = opalmethod[OPAL_SET];
1750         lkul = dev->func_data[dev->state];
1751         if (build_locking_range(lr_buffer, sizeof(lr_buffer),
1752                                 lkul->session.opal_key.lr) < 0)
1753                 return -ERANGE;
1754
1755         switch (lkul->l_state) {
1756         case OPAL_RO:
1757                 read_locked = 0;
1758                 write_locked = 1;
1759                 break;
1760         case OPAL_RW:
1761                 read_locked = 0;
1762                 write_locked = 0;
1763                 break;
1764         case OPAL_LK:
1765                 /* vars are initalized to locked */
1766                 break;
1767         default:
1768                 pr_err("Tried to set an invalid locking state.\n");
1769                 return OPAL_INVAL_PARAM;
1770         }
1771         ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
1772                                         read_locked, write_locked);
1773
1774         if (ret < 0) {
1775                 pr_err("Error building SET command.\n");
1776                 return ret;
1777         }
1778         return finalize_and_send(dev, parse_and_check_status);
1779 }
1780
1781 static int activate_lsp(struct opal_dev *dev)
1782 {
1783         struct opal_lr_act *opal_act;
1784         u8 user_lr[OPAL_UID_LENGTH];
1785         u8 uint_3 = 0x83;
1786         int err = 0, i;
1787
1788         clear_opal_cmd(dev);
1789         set_comid(dev, dev->comid);
1790
1791         opal_act = dev->func_data[dev->state];
1792
1793         add_token_u8(&err, dev, OPAL_CALL);
1794         add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1795                              OPAL_UID_LENGTH);
1796         add_token_bytestring(&err, dev, opalmethod[OPAL_ACTIVATE],
1797                              OPAL_UID_LENGTH);
1798
1799
1800         if (opal_act->sum) {
1801                 err = build_locking_range(user_lr, sizeof(user_lr),
1802                                           opal_act->lr[0]);
1803                 if (err)
1804                         return err;
1805
1806                 add_token_u8(&err, dev, OPAL_STARTLIST);
1807                 add_token_u8(&err, dev, OPAL_STARTNAME);
1808                 add_token_u8(&err, dev, uint_3);
1809                 add_token_u8(&err, dev, 6);
1810                 add_token_u8(&err, dev, 0);
1811                 add_token_u8(&err, dev, 0);
1812
1813                 add_token_u8(&err, dev, OPAL_STARTLIST);
1814                 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1815                 for (i = 1; i < opal_act->num_lrs; i++) {
1816                         user_lr[7] = opal_act->lr[i];
1817                         add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
1818                 }
1819                 add_token_u8(&err, dev, OPAL_ENDLIST);
1820                 add_token_u8(&err, dev, OPAL_ENDNAME);
1821                 add_token_u8(&err, dev, OPAL_ENDLIST);
1822
1823         } else {
1824                 add_token_u8(&err, dev, OPAL_STARTLIST);
1825                 add_token_u8(&err, dev, OPAL_ENDLIST);
1826         }
1827
1828         if (err) {
1829                 pr_err("Error building Activate LockingSP command.\n");
1830                 return err;
1831         }
1832
1833         return finalize_and_send(dev, parse_and_check_status);
1834 }
1835
1836 static int get_lsp_lifecycle_cont(struct opal_dev *dev)
1837 {
1838         u8 lc_status;
1839         int error = 0;
1840
1841         error = parse_and_check_status(dev);
1842         if (error)
1843                 return error;
1844
1845         lc_status = response_get_u64(&dev->parsed, 4);
1846         /* 0x08 is Manufacured Inactive */
1847         /* 0x09 is Manufactured */
1848         if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
1849                 pr_err("Couldn't determine the status of the Lifcycle state\n");
1850                 return -ENODEV;
1851         }
1852
1853         return 0;
1854 }
1855
1856 /* Determine if we're in the Manufactured Inactive or Active state */
1857 static int get_lsp_lifecycle(struct opal_dev *dev)
1858 {
1859         int err = 0;
1860
1861         clear_opal_cmd(dev);
1862         set_comid(dev, dev->comid);
1863
1864         add_token_u8(&err, dev, OPAL_CALL);
1865         add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1866                              OPAL_UID_LENGTH);
1867         add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1868
1869         add_token_u8(&err, dev, OPAL_STARTLIST);
1870         add_token_u8(&err, dev, OPAL_STARTLIST);
1871
1872         add_token_u8(&err, dev, OPAL_STARTNAME);
1873         add_token_u8(&err, dev, 3); /* Start Column */
1874         add_token_u8(&err, dev, 6); /* Lifecycle Column */
1875         add_token_u8(&err, dev, OPAL_ENDNAME);
1876
1877         add_token_u8(&err, dev, OPAL_STARTNAME);
1878         add_token_u8(&err, dev, 4); /* End Column */
1879         add_token_u8(&err, dev, 6); /* Lifecycle Column */
1880         add_token_u8(&err, dev, OPAL_ENDNAME);
1881
1882         add_token_u8(&err, dev, OPAL_ENDLIST);
1883         add_token_u8(&err, dev, OPAL_ENDLIST);
1884
1885         if (err) {
1886                 pr_err("Error Building GET Lifecycle Status command\n");
1887                 return err;
1888         }
1889
1890         return finalize_and_send(dev, get_lsp_lifecycle_cont);
1891 }
1892
1893 static int get_msid_cpin_pin_cont(struct opal_dev *dev)
1894 {
1895         const char *msid_pin;
1896         size_t strlen;
1897         int error = 0;
1898
1899         error = parse_and_check_status(dev);
1900         if (error)
1901                 return error;
1902
1903         strlen = response_get_string(&dev->parsed, 4, &msid_pin);
1904         if (!msid_pin) {
1905                 pr_err("%s: Couldn't extract PIN from response\n", __func__);
1906                 return OPAL_INVAL_PARAM;
1907         }
1908
1909         dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
1910         if (!dev->prev_data)
1911                 return -ENOMEM;
1912
1913         dev->prev_d_len = strlen;
1914
1915         return 0;
1916 }
1917
1918 static int get_msid_cpin_pin(struct opal_dev *dev)
1919 {
1920         int err = 0;
1921
1922         clear_opal_cmd(dev);
1923         set_comid(dev, dev->comid);
1924
1925
1926         add_token_u8(&err, dev, OPAL_CALL);
1927         add_token_bytestring(&err, dev, opaluid[OPAL_C_PIN_MSID],
1928                              OPAL_UID_LENGTH);
1929         add_token_bytestring(&err, dev, opalmethod[OPAL_GET], OPAL_UID_LENGTH);
1930
1931         add_token_u8(&err, dev, OPAL_STARTLIST);
1932         add_token_u8(&err, dev, OPAL_STARTLIST);
1933
1934         add_token_u8(&err, dev, OPAL_STARTNAME);
1935         add_token_u8(&err, dev, 3); /* Start Column */
1936         add_token_u8(&err, dev, 3); /* PIN */
1937         add_token_u8(&err, dev, OPAL_ENDNAME);
1938
1939         add_token_u8(&err, dev, OPAL_STARTNAME);
1940         add_token_u8(&err, dev, 4); /* End Column */
1941         add_token_u8(&err, dev, 3); /* Lifecycle Column */
1942         add_token_u8(&err, dev, OPAL_ENDNAME);
1943
1944         add_token_u8(&err, dev, OPAL_ENDLIST);
1945         add_token_u8(&err, dev, OPAL_ENDLIST);
1946
1947         if (err) {
1948                 pr_err("Error building Get MSID CPIN PIN command.\n");
1949                 return err;
1950         }
1951
1952         return finalize_and_send(dev, get_msid_cpin_pin_cont);
1953 }
1954
1955 static int build_end_opal_session(struct opal_dev *dev)
1956 {
1957         int err = 0;
1958
1959         clear_opal_cmd(dev);
1960
1961         set_comid(dev, dev->comid);
1962         add_token_u8(&err, dev, OPAL_ENDOFSESSION);
1963         return err;
1964 }
1965
1966 static int end_opal_session(struct opal_dev *dev)
1967 {
1968         int ret = build_end_opal_session(dev);
1969
1970         if (ret < 0)
1971                 return ret;
1972         return finalize_and_send(dev, end_session_cont);
1973 }
1974
1975 static int end_opal_session_error(struct opal_dev *dev)
1976 {
1977         const opal_step error_end_session[] = {
1978                 end_opal_session,
1979                 NULL,
1980         };
1981         dev->funcs = error_end_session;
1982         dev->state = 0;
1983         return next(dev);
1984 }
1985
1986 static inline void setup_opal_dev(struct opal_dev *dev,
1987                                   const opal_step *funcs)
1988 {
1989         dev->state = 0;
1990         dev->funcs = funcs;
1991         dev->tsn = 0;
1992         dev->hsn = 0;
1993         dev->func_data = NULL;
1994         dev->prev_data = NULL;
1995 }
1996
1997 static int check_opal_support(struct opal_dev *dev)
1998 {
1999         static const opal_step funcs[] = {
2000                 opal_discovery0,
2001                 NULL
2002         };
2003         int ret;
2004
2005         mutex_lock(&dev->dev_lock);
2006         setup_opal_dev(dev, funcs);
2007         ret = next(dev);
2008         dev->supported = !ret;
2009         mutex_unlock(&dev->dev_lock);
2010         return ret;
2011 }
2012
2013 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2014 {
2015         struct opal_dev *dev;
2016
2017         dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2018         if (!dev)
2019                 return NULL;
2020
2021         INIT_LIST_HEAD(&dev->unlk_lst);
2022         mutex_init(&dev->dev_lock);
2023         dev->data = data;
2024         dev->send_recv = send_recv;
2025         if (check_opal_support(dev) != 0) {
2026                 pr_debug("Opal is not supported on this device\n");
2027                 kfree(dev);
2028                 return NULL;
2029         }
2030         return dev;
2031 }
2032 EXPORT_SYMBOL(init_opal_dev);
2033
2034 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2035                                            struct opal_session_info *opal_session)
2036 {
2037         void *data[3] = { NULL };
2038         static const opal_step erase_funcs[] = {
2039                 opal_discovery0,
2040                 start_auth_opal_session,
2041                 get_active_key,
2042                 gen_key,
2043                 end_opal_session,
2044                 NULL,
2045         };
2046         int ret;
2047
2048         mutex_lock(&dev->dev_lock);
2049         setup_opal_dev(dev, erase_funcs);
2050
2051         dev->func_data = data;
2052         dev->func_data[1] = opal_session;
2053         dev->func_data[2] = &opal_session->opal_key.lr;
2054
2055         ret = next(dev);
2056         mutex_unlock(&dev->dev_lock);
2057         return ret;
2058 }
2059
2060 static int opal_erase_locking_range(struct opal_dev *dev,
2061                                     struct opal_session_info *opal_session)
2062 {
2063         void *data[3] = { NULL };
2064         static const opal_step erase_funcs[] = {
2065                 opal_discovery0,
2066                 start_auth_opal_session,
2067                 erase_locking_range,
2068                 end_opal_session,
2069                 NULL,
2070         };
2071         int ret;
2072
2073         mutex_lock(&dev->dev_lock);
2074         setup_opal_dev(dev, erase_funcs);
2075
2076         dev->func_data = data;
2077         dev->func_data[1] = opal_session;
2078         dev->func_data[2] = opal_session;
2079
2080         ret = next(dev);
2081         mutex_unlock(&dev->dev_lock);
2082         return ret;
2083 }
2084
2085 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2086                                           struct opal_mbr_data *opal_mbr)
2087 {
2088         void *func_data[6] = { NULL };
2089         static const opal_step mbr_funcs[] = {
2090                 opal_discovery0,
2091                 start_admin1LSP_opal_session,
2092                 set_mbr_done,
2093                 end_opal_session,
2094                 start_admin1LSP_opal_session,
2095                 set_mbr_enable_disable,
2096                 end_opal_session,
2097                 NULL,
2098         };
2099         int ret;
2100
2101         if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2102             opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2103                 return -EINVAL;
2104
2105         mutex_lock(&dev->dev_lock);
2106         setup_opal_dev(dev, mbr_funcs);
2107         dev->func_data = func_data;
2108         dev->func_data[1] = &opal_mbr->key;
2109         dev->func_data[2] = &opal_mbr->enable_disable;
2110         dev->func_data[4] = &opal_mbr->key;
2111         dev->func_data[5] = &opal_mbr->enable_disable;
2112         ret = next(dev);
2113         mutex_unlock(&dev->dev_lock);
2114         return ret;
2115 }
2116
2117 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2118 {
2119         struct opal_suspend_data *suspend;
2120
2121         suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2122         if (!suspend)
2123                 return -ENOMEM;
2124
2125         suspend->unlk = *lk_unlk;
2126         suspend->lr = lk_unlk->session.opal_key.lr;
2127
2128         mutex_lock(&dev->dev_lock);
2129         setup_opal_dev(dev, NULL);
2130         add_suspend_info(dev, suspend);
2131         mutex_unlock(&dev->dev_lock);
2132         return 0;
2133 }
2134
2135 static int opal_add_user_to_lr(struct opal_dev *dev,
2136                                struct opal_lock_unlock *lk_unlk)
2137 {
2138         void *func_data[3] = { NULL };
2139         static const opal_step funcs[] = {
2140                 opal_discovery0,
2141                 start_admin1LSP_opal_session,
2142                 add_user_to_lr,
2143                 end_opal_session,
2144                 NULL
2145         };
2146         int ret;
2147
2148         if (lk_unlk->l_state != OPAL_RO &&
2149             lk_unlk->l_state != OPAL_RW) {
2150                 pr_err("Locking state was not RO or RW\n");
2151                 return -EINVAL;
2152         }
2153         if (lk_unlk->session.who < OPAL_USER1 &&
2154             lk_unlk->session.who > OPAL_USER9) {
2155                 pr_err("Authority was not within the range of users: %d\n",
2156                        lk_unlk->session.who);
2157                 return -EINVAL;
2158         }
2159         if (lk_unlk->session.sum) {
2160                 pr_err("%s not supported in sum. Use setup locking range\n",
2161                        __func__);
2162                 return -EINVAL;
2163         }
2164
2165         mutex_lock(&dev->dev_lock);
2166         setup_opal_dev(dev, funcs);
2167         dev->func_data = func_data;
2168         dev->func_data[1] = &lk_unlk->session.opal_key;
2169         dev->func_data[2] = lk_unlk;
2170         ret = next(dev);
2171         mutex_unlock(&dev->dev_lock);
2172         return ret;
2173 }
2174
2175 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal)
2176 {
2177         void *data[2] = { NULL };
2178         static const opal_step revert_funcs[] = {
2179                 opal_discovery0,
2180                 start_SIDASP_opal_session,
2181                 revert_tper, /* controller will terminate session */
2182                 NULL,
2183         };
2184         int ret;
2185
2186         mutex_lock(&dev->dev_lock);
2187         setup_opal_dev(dev, revert_funcs);
2188         dev->func_data = data;
2189         dev->func_data[1] = opal;
2190         ret = next(dev);
2191         mutex_unlock(&dev->dev_lock);
2192         return ret;
2193 }
2194
2195 static int __opal_lock_unlock_sum(struct opal_dev *dev)
2196 {
2197         static const opal_step ulk_funcs_sum[] = {
2198                 opal_discovery0,
2199                 start_auth_opal_session,
2200                 lock_unlock_locking_range_sum,
2201                 end_opal_session,
2202                 NULL
2203         };
2204
2205         dev->funcs = ulk_funcs_sum;
2206         return next(dev);
2207 }
2208
2209 static int __opal_lock_unlock(struct opal_dev *dev)
2210 {
2211         static const opal_step _unlock_funcs[] = {
2212                 opal_discovery0,
2213                 start_auth_opal_session,
2214                 lock_unlock_locking_range,
2215                 end_opal_session,
2216                 NULL
2217         };
2218
2219         dev->funcs = _unlock_funcs;
2220         return next(dev);
2221 }
2222
2223 static int opal_lock_unlock(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2224 {
2225         void *func_data[3] = { NULL };
2226         int ret;
2227
2228         if (lk_unlk->session.who < OPAL_ADMIN1 ||
2229             lk_unlk->session.who > OPAL_USER9)
2230                 return -EINVAL;
2231
2232         mutex_lock(&dev->dev_lock);
2233         setup_opal_dev(dev, NULL);
2234         dev->func_data = func_data;
2235         dev->func_data[1] = &lk_unlk->session;
2236         dev->func_data[2] = lk_unlk;
2237
2238         if (lk_unlk->session.sum)
2239                 ret = __opal_lock_unlock_sum(dev);
2240         else
2241                 ret = __opal_lock_unlock(dev);
2242
2243         mutex_unlock(&dev->dev_lock);
2244         return ret;
2245 }
2246
2247 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2248 {
2249         static const opal_step owner_funcs[] = {
2250                 opal_discovery0,
2251                 start_anybodyASP_opal_session,
2252                 get_msid_cpin_pin,
2253                 end_opal_session,
2254                 start_SIDASP_opal_session,
2255                 set_sid_cpin_pin,
2256                 end_opal_session,
2257                 NULL
2258         };
2259         void *data[6] = { NULL };
2260         int ret;
2261
2262         if (!dev)
2263                 return -ENODEV;
2264
2265         mutex_lock(&dev->dev_lock);
2266         setup_opal_dev(dev, owner_funcs);
2267         dev->func_data = data;
2268         dev->func_data[4] = opal;
2269         dev->func_data[5] = opal;
2270         ret = next(dev);
2271         mutex_unlock(&dev->dev_lock);
2272         return ret;
2273 }
2274
2275 static int opal_activate_lsp(struct opal_dev *dev, struct opal_lr_act *opal_lr_act)
2276 {
2277         void *data[4] = { NULL };
2278         static const opal_step active_funcs[] = {
2279                 opal_discovery0,
2280                 start_SIDASP_opal_session, /* Open session as SID auth */
2281                 get_lsp_lifecycle,
2282                 activate_lsp,
2283                 end_opal_session,
2284                 NULL
2285         };
2286         int ret;
2287
2288         if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2289                 return -EINVAL;
2290
2291         mutex_lock(&dev->dev_lock);
2292         setup_opal_dev(dev, active_funcs);
2293         dev->func_data = data;
2294         dev->func_data[1] = &opal_lr_act->key;
2295         dev->func_data[3] = opal_lr_act;
2296         ret = next(dev);
2297         mutex_unlock(&dev->dev_lock);
2298         return ret;
2299 }
2300
2301 static int opal_setup_locking_range(struct opal_dev *dev,
2302                                     struct opal_user_lr_setup *opal_lrs)
2303 {
2304         void *data[3] = { NULL };
2305         static const opal_step lr_funcs[] = {
2306                 opal_discovery0,
2307                 start_auth_opal_session,
2308                 setup_locking_range,
2309                 end_opal_session,
2310                 NULL,
2311         };
2312         int ret;
2313
2314         mutex_lock(&dev->dev_lock);
2315         setup_opal_dev(dev, lr_funcs);
2316         dev->func_data = data;
2317         dev->func_data[1] = &opal_lrs->session;
2318         dev->func_data[2] = opal_lrs;
2319         ret = next(dev);
2320         mutex_unlock(&dev->dev_lock);
2321         return ret;
2322 }
2323
2324 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
2325 {
2326         static const opal_step pw_funcs[] = {
2327                 opal_discovery0,
2328                 start_auth_opal_session,
2329                 set_new_pw,
2330                 end_opal_session,
2331                 NULL
2332         };
2333         void *data[3] = { NULL };
2334         int ret;
2335
2336         if (opal_pw->session.who < OPAL_ADMIN1 ||
2337             opal_pw->session.who > OPAL_USER9  ||
2338             opal_pw->new_user_pw.who < OPAL_ADMIN1 ||
2339             opal_pw->new_user_pw.who > OPAL_USER9)
2340                 return -EINVAL;
2341
2342         mutex_lock(&dev->dev_lock);
2343         setup_opal_dev(dev, pw_funcs);
2344         dev->func_data = data;
2345         dev->func_data[1] = (void *) &opal_pw->session;
2346         dev->func_data[2] = (void *) &opal_pw->new_user_pw;
2347
2348         ret = next(dev);
2349         mutex_unlock(&dev->dev_lock);
2350         return ret;
2351 }
2352
2353 static int opal_activate_user(struct opal_dev *dev,
2354                               struct opal_session_info *opal_session)
2355 {
2356         static const opal_step act_funcs[] = {
2357                 opal_discovery0,
2358                 start_admin1LSP_opal_session,
2359                 internal_activate_user,
2360                 end_opal_session,
2361                 NULL
2362         };
2363         void *data[3] = { NULL };
2364         int ret;
2365
2366         /* We can't activate Admin1 it's active as manufactured */
2367         if (opal_session->who < OPAL_USER1 &&
2368             opal_session->who > OPAL_USER9) {
2369                 pr_err("Who was not a valid user: %d\n", opal_session->who);
2370                 return -EINVAL;
2371         }
2372
2373         mutex_lock(&dev->dev_lock);
2374         setup_opal_dev(dev, act_funcs);
2375         dev->func_data = data;
2376         dev->func_data[1] = &opal_session->opal_key;
2377         dev->func_data[2] = opal_session;
2378         ret = next(dev);
2379         mutex_unlock(&dev->dev_lock);
2380         return ret;
2381 }
2382
2383 bool opal_unlock_from_suspend(struct opal_dev *dev)
2384 {
2385         struct opal_suspend_data *suspend;
2386         void *func_data[3] = { NULL };
2387         bool was_failure = false;
2388         int ret = 0;
2389
2390         if (!dev)
2391                 return false;
2392         if (!dev->supported)
2393                 return false;
2394
2395         mutex_lock(&dev->dev_lock);
2396         setup_opal_dev(dev, NULL);
2397         dev->func_data = func_data;
2398
2399         list_for_each_entry(suspend, &dev->unlk_lst, node) {
2400                 dev->state = 0;
2401                 dev->func_data[1] = &suspend->unlk.session;
2402                 dev->func_data[2] = &suspend->unlk;
2403                 dev->tsn = 0;
2404                 dev->hsn = 0;
2405
2406                 if (suspend->unlk.session.sum)
2407                         ret = __opal_lock_unlock_sum(dev);
2408                 else
2409                         ret = __opal_lock_unlock(dev);
2410                 if (ret) {
2411                         pr_warn("Failed to unlock LR %hhu with sum %d\n",
2412                                 suspend->unlk.session.opal_key.lr,
2413                                 suspend->unlk.session.sum);
2414                         was_failure = true;
2415                 }
2416         }
2417         mutex_unlock(&dev->dev_lock);
2418         return was_failure;
2419 }
2420 EXPORT_SYMBOL(opal_unlock_from_suspend);
2421
2422 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
2423 {
2424         void *p;
2425         int ret = -ENOTTY;
2426
2427         if (!capable(CAP_SYS_ADMIN))
2428                 return -EACCES;
2429         if (!dev)
2430                 return -ENOTSUPP;
2431         if (!dev->supported) {
2432                 pr_err("Not supported\n");
2433                 return -ENOTSUPP;
2434         }
2435
2436         p = memdup_user(arg,  _IOC_SIZE(cmd));
2437         if (IS_ERR(p))
2438                 return PTR_ERR(p);
2439
2440         switch (cmd) {
2441         case IOC_OPAL_SAVE:
2442                 ret = opal_save(dev, p);
2443                 break;
2444         case IOC_OPAL_LOCK_UNLOCK:
2445                 ret = opal_lock_unlock(dev, p);
2446                 break;
2447         case IOC_OPAL_TAKE_OWNERSHIP:
2448                 ret = opal_take_ownership(dev, p);
2449                 break;
2450         case IOC_OPAL_ACTIVATE_LSP:
2451                 ret = opal_activate_lsp(dev, p);
2452                 break;
2453         case IOC_OPAL_SET_PW:
2454                 ret = opal_set_new_pw(dev, p);
2455                 break;
2456         case IOC_OPAL_ACTIVATE_USR:
2457                 ret = opal_activate_user(dev, p);
2458                 break;
2459         case IOC_OPAL_REVERT_TPR:
2460                 ret = opal_reverttper(dev, p);
2461                 break;
2462         case IOC_OPAL_LR_SETUP:
2463                 ret = opal_setup_locking_range(dev, p);
2464                 break;
2465         case IOC_OPAL_ADD_USR_TO_LR:
2466                 ret = opal_add_user_to_lr(dev, p);
2467                 break;
2468         case IOC_OPAL_ENABLE_DISABLE_MBR:
2469                 ret = opal_enable_disable_shadow_mbr(dev, p);
2470                 break;
2471         case IOC_OPAL_ERASE_LR:
2472                 ret = opal_erase_locking_range(dev, p);
2473                 break;
2474         case IOC_OPAL_SECURE_ERASE_LR:
2475                 ret = opal_secure_erase_locking_range(dev, p);
2476                 break;
2477         default:
2478                 pr_warn("No such Opal Ioctl %u\n", cmd);
2479         }
2480
2481         kfree(p);
2482         return ret;
2483 }
2484 EXPORT_SYMBOL_GPL(sed_ioctl);