From patchwork Wed Jul 6 02:39:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Joyce X-Patchwork-Id: 12907260 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F427CCA47B for ; Wed, 6 Jul 2022 02:39:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231347AbiGFCj4 (ORCPT ); Tue, 5 Jul 2022 22:39:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40592 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231296AbiGFCjz (ORCPT ); Tue, 5 Jul 2022 22:39:55 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0986B19036; Tue, 5 Jul 2022 19:39:54 -0700 (PDT) Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 2661bpoX020311; Wed, 6 Jul 2022 02:39:41 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=hTsLsaJMr39nJGJiGOXeNBWEo6ZFt0KhvdY2AJSDn5k=; b=n4JA1ZrWQRRxe7zXKYCuD20zUSeQjAWOTMn6Jo0A50lzxAFk+IRFhATgISQ2eyiPMfQP 2iKtGTQTLvm72xGXtXctFhPJklSXvmrUFlNCEKGVnJaQRTKu5UFxEX6fhEH9uyX8UrDB TCZf8dNaB973kJk5XUcNOFEp/gdBzMY6wR9xHEwzcZJkDttu8kKLei8Z+Po+RcaVymdz MzU2kbk8VbMu5rSbhn4chQK/XY5YnDxESRntaYoASX3opU/IRaVPfH1LKpdynY9TGg6C WpeIGuJ8VxYARIRJGro3xXntgRmbnHekyfO45VH6LhjH1Wd+ttNTC8xB7emcgSntNlE4 zQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3h50ng91vp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Jul 2022 02:39:41 +0000 Received: from m0098420.ppops.net (m0098420.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 2662YJYd031348; Wed, 6 Jul 2022 02:39:41 GMT Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3h50ng91vc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Jul 2022 02:39:40 +0000 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 2662aF9U006069; Wed, 6 Jul 2022 02:39:40 GMT Received: from b01cxnp23034.gho.pok.ibm.com (b01cxnp23034.gho.pok.ibm.com [9.57.198.29]) by ppma03dal.us.ibm.com with ESMTP id 3h4v5v1y4y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Jul 2022 02:39:39 +0000 Received: from b01ledav005.gho.pok.ibm.com (b01ledav005.gho.pok.ibm.com [9.57.199.110]) by b01cxnp23034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 2662ddhJ24379800 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 6 Jul 2022 02:39:39 GMT Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0F14CAE064; Wed, 6 Jul 2022 02:39:39 +0000 (GMT) Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 72691AE062; Wed, 6 Jul 2022 02:39:38 +0000 (GMT) Received: from rhel-laptop.ibm.com.com (unknown [9.160.24.101]) by b01ledav005.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 6 Jul 2022 02:39:38 +0000 (GMT) From: gjoyce@linux.vnet.ibm.com To: keyrings@vger.kernel.org Cc: gjoyce@ibm.com, dhowells@redhat.com, jarkko@kernel.org, andrzej.jakowski@intel.com, jonathan.derrick@linux.dev, drmiller.lnx@gmail.com, linux-block@vger.kernel.org, greg@gilhooley.com Subject: [PATCH 1/4] block: sed-opal: Implement IOC_OPAL_DISCOVERY Date: Tue, 5 Jul 2022 21:39:32 -0500 Message-Id: <20220706023935.875994-2-gjoyce@linux.vnet.ibm.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20220706023935.875994-1-gjoyce@linux.vnet.ibm.com> References: <20220706023935.875994-1-gjoyce@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: kpmRj8dtqV75W-wO3jd3Sa2d_KBo29rc X-Proofpoint-ORIG-GUID: 3pJQu3qzXzt9FmnioHgkcLnnEcpoJ99g X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-07-05_20,2022-06-28_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 malwarescore=0 priorityscore=1501 phishscore=0 clxscore=1015 suspectscore=0 adultscore=0 mlxscore=0 lowpriorityscore=0 spamscore=0 mlxlogscore=999 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2206140000 definitions=main-2207060008 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Greg Joyce When IOC_OPAL_DISCOVERY is called, the opal_discovery structure is passed down to the "discovery0" step, instead of NULL for the normal cases during all other commands. The processing of the received discovery data in opal_discovery0_end() then checks for a non-NULL structure pointer, and if found will copy the raw discovery data to the provided user buffer. If the user buffer is NULL then no data is copied. If the user buffer is too small, then not all data is copied. In all cases, the return value is the length of the actual data received from the drive. --- block/sed-opal.c | 38 ++++++++++++++++++++++++++++++++--- include/linux/sed-opal.h | 1 + include/uapi/linux/sed-opal.h | 7 +++++++ 3 files changed, 43 insertions(+), 3 deletions(-) diff --git a/block/sed-opal.c b/block/sed-opal.c index 9700197000f2..4b9a7ffbf00f 100644 --- a/block/sed-opal.c +++ b/block/sed-opal.c @@ -426,8 +426,11 @@ static int execute_steps(struct opal_dev *dev, return error; } -static int opal_discovery0_end(struct opal_dev *dev) +static int opal_discovery0_end(struct opal_dev *dev, void *data) { + struct opal_discovery *discv_out = data; /* may be NULL */ + u8 __user *buf_out; + u64 len_out; bool found_com_id = false, supported = true, single_user = false; const struct d0_header *hdr = (struct d0_header *)dev->resp; const u8 *epos = dev->resp, *cpos = dev->resp; @@ -443,6 +446,15 @@ static int opal_discovery0_end(struct opal_dev *dev) return -EFAULT; } + if (discv_out) { + buf_out = (u8 __user *)(uintptr_t)discv_out->data; + len_out = min(discv_out->size, (u64)hlen); + if (buf_out && copy_to_user(buf_out, dev->resp, len_out)) { + return -EFAULT; + } + discv_out->size = hlen; /* actual size of data */ + } + epos += hlen; /* end of buffer */ cpos += sizeof(*hdr); /* current position on buffer */ @@ -517,13 +529,13 @@ static int opal_discovery0(struct opal_dev *dev, void *data) if (ret) return ret; - return opal_discovery0_end(dev); + return opal_discovery0_end(dev, data); } static int opal_discovery0_step(struct opal_dev *dev) { const struct opal_step discovery0_step = { - opal_discovery0, + opal_discovery0, NULL }; return execute_step(dev, &discovery0_step, 0); @@ -2179,6 +2191,22 @@ static int opal_secure_erase_locking_range(struct opal_dev *dev, return ret; } +static int opal_get_discv(struct opal_dev *dev, struct opal_discovery *discv) +{ + const struct opal_step discovery0_step = { + opal_discovery0, discv + }; + int ret = 0; + + mutex_lock(&dev->dev_lock); + setup_opal_dev(dev); + ret = execute_step(dev, &discovery0_step, 0); + mutex_unlock(&dev->dev_lock); + if (ret) + return ret; + return discv->size; /* modified to actual length of data */ +} + static int opal_erase_locking_range(struct opal_dev *dev, struct opal_session_info *opal_session) { @@ -2685,6 +2713,10 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg) case IOC_OPAL_GENERIC_TABLE_RW: ret = opal_generic_read_write_table(dev, p); break; + case IOC_OPAL_DISCOVERY: + ret = opal_get_discv(dev, p); + break; + default: break; } diff --git a/include/linux/sed-opal.h b/include/linux/sed-opal.h index 1ac0d712a9c3..9197b7a628f2 100644 --- a/include/linux/sed-opal.h +++ b/include/linux/sed-opal.h @@ -43,6 +43,7 @@ static inline bool is_sed_ioctl(unsigned int cmd) case IOC_OPAL_MBR_DONE: case IOC_OPAL_WRITE_SHADOW_MBR: case IOC_OPAL_GENERIC_TABLE_RW: + case IOC_OPAL_DISCOVERY: return true; } return false; diff --git a/include/uapi/linux/sed-opal.h b/include/uapi/linux/sed-opal.h index 6f5af1a84213..114636c19d31 100644 --- a/include/uapi/linux/sed-opal.h +++ b/include/uapi/linux/sed-opal.h @@ -132,6 +132,12 @@ struct opal_read_write_table { __u64 priv; }; +struct opal_discovery { + __u64 data; + __u64 size; +}; + + #define IOC_OPAL_SAVE _IOW('p', 220, struct opal_lock_unlock) #define IOC_OPAL_LOCK_UNLOCK _IOW('p', 221, struct opal_lock_unlock) #define IOC_OPAL_TAKE_OWNERSHIP _IOW('p', 222, struct opal_key) @@ -148,5 +154,6 @@ struct opal_read_write_table { #define IOC_OPAL_MBR_DONE _IOW('p', 233, struct opal_mbr_done) #define IOC_OPAL_WRITE_SHADOW_MBR _IOW('p', 234, struct opal_shadow_mbr) #define IOC_OPAL_GENERIC_TABLE_RW _IOW('p', 235, struct opal_read_write_table) +#define IOC_OPAL_DISCOVERY _IOW('p', 236, struct opal_discovery) #endif /* _UAPI_SED_OPAL_H */ From patchwork Wed Jul 6 02:39:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Joyce X-Patchwork-Id: 12907261 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2D825C433EF for ; Wed, 6 Jul 2022 02:39:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231296AbiGFCj5 (ORCPT ); Tue, 5 Jul 2022 22:39:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40594 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231331AbiGFCj4 (ORCPT ); Tue, 5 Jul 2022 22:39:56 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 64BD11A3A9; Tue, 5 Jul 2022 19:39:55 -0700 (PDT) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 2660d9tX005605; Wed, 6 Jul 2022 02:39:42 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=Vi+P1DNQozFa6CcIM5hzHRVNAJQXUn7JpvCRGDmL7qk=; b=TaEl52IgalZ6c5RPo4boh2WbHmXp7WcNyxngzrCRtDYhn4EJilnJwmuRWGJFhww6RwH/ xrMbzAcUdFVBQTpBrYeVrxBmo//nXRlFi2qFywVehMnhkX2TkJpAObvC/Xj1t1AohmWq MLIrekA/GgHZaO9xQZDcwOpbHpWJRefttX6q5LkJJy803fJYxWYVV1efxdNIYK1HzMk0 jzCXp/vKb1rH9LyeG4zZW0MfzqyDhhmQH/URIvCNK8NSZluGo6cvXebToeZ8DuyXaH9T /no9hEvzyQ0o5hhL7ZqzY/BBu5bMOkY62kJUYCEtTYM0kRCECrbVh7o9t5SVfvae96rE iA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3h4vc6x85s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Jul 2022 02:39:42 +0000 Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 2662Qn2E021322; Wed, 6 Jul 2022 02:39:41 GMT Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3h4vc6x85e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Jul 2022 02:39:41 +0000 Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1]) by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 2662aVJ5016513; Wed, 6 Jul 2022 02:39:40 GMT Received: from b01cxnp23034.gho.pok.ibm.com (b01cxnp23034.gho.pok.ibm.com [9.57.198.29]) by ppma03wdc.us.ibm.com with ESMTP id 3h4ucnhudj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Jul 2022 02:39:40 +0000 Received: from b01ledav005.gho.pok.ibm.com (b01ledav005.gho.pok.ibm.com [9.57.199.110]) by b01cxnp23034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 2662ddSU14876998 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 6 Jul 2022 02:39:39 GMT Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B6E1CAE064; Wed, 6 Jul 2022 02:39:39 +0000 (GMT) Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 27569AE062; Wed, 6 Jul 2022 02:39:39 +0000 (GMT) Received: from rhel-laptop.ibm.com.com (unknown [9.160.24.101]) by b01ledav005.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 6 Jul 2022 02:39:39 +0000 (GMT) From: gjoyce@linux.vnet.ibm.com To: keyrings@vger.kernel.org Cc: gjoyce@ibm.com, dhowells@redhat.com, jarkko@kernel.org, andrzej.jakowski@intel.com, jonathan.derrick@linux.dev, drmiller.lnx@gmail.com, linux-block@vger.kernel.org, greg@gilhooley.com Subject: [PATCH 2/4] block: sed-opal: Implement IOC_OPAL_REVERT_LSP Date: Tue, 5 Jul 2022 21:39:33 -0500 Message-Id: <20220706023935.875994-3-gjoyce@linux.vnet.ibm.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20220706023935.875994-1-gjoyce@linux.vnet.ibm.com> References: <20220706023935.875994-1-gjoyce@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: EOmODtS1VOtlV9VEj9OJlVZvNwMDG8PD X-Proofpoint-GUID: OQf-RAiOZ0V2P5OvM9bNuZsdL3LJgAyv X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-07-06_02,2022-06-28_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 mlxscore=0 malwarescore=0 impostorscore=0 lowpriorityscore=0 spamscore=0 priorityscore=1501 clxscore=1015 mlxlogscore=999 suspectscore=0 adultscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2206140000 definitions=main-2207060008 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Greg Joyce This is used in conjunction with IOC_OPAL_REVERT_TPR to return a drive to Original Factory State without erasing the data. If IOC_OPAL_REVERT_LSP is called with opal_revert_lsp.options bit OPAL_PRESERVE set prior to calling IOC_OPAL_REVERT_TPR, the drive global locking range will not be erased. --- block/opal_proto.h | 4 ++++ block/sed-opal.c | 42 ++++++++++++++++++++++++++++++++++- include/linux/sed-opal.h | 1 + include/uapi/linux/sed-opal.h | 9 ++++++++ 4 files changed, 55 insertions(+), 1 deletion(-) diff --git a/block/opal_proto.h b/block/opal_proto.h index b486b3ec7dc4..6127c08267f8 100644 --- a/block/opal_proto.h +++ b/block/opal_proto.h @@ -210,6 +210,10 @@ enum opal_parameter { OPAL_SUM_SET_LIST = 0x060000, }; +enum opal_revertlsp { + OPAL_KEEP_GLOBAL_RANGE_KEY = 0x060000, +}; + /* Packets derived from: * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00 * Secion: 3.2.3 ComPackets, Packets & Subpackets diff --git a/block/sed-opal.c b/block/sed-opal.c index 4b9a7ffbf00f..feba36e54ae0 100644 --- a/block/sed-opal.c +++ b/block/sed-opal.c @@ -448,7 +448,7 @@ static int opal_discovery0_end(struct opal_dev *dev, void *data) if (discv_out) { buf_out = (u8 __user *)(uintptr_t)discv_out->data; - len_out = min(discv_out->size, (u64)hlen); + len_out = min_t(u64, discv_out->size, hlen); if (buf_out && copy_to_user(buf_out, dev->resp, len_out)) { return -EFAULT; } @@ -1592,6 +1592,26 @@ static int internal_activate_user(struct opal_dev *dev, void *data) return finalize_and_send(dev, parse_and_check_status); } +static int revert_lsp(struct opal_dev *dev, void *data) +{ + struct opal_revert_lsp *rev = data; + int err; + + err = cmd_start(dev, opaluid[OPAL_THISSP_UID], + opalmethod[OPAL_REVERTSP]); + add_token_u8(&err, dev, OPAL_STARTNAME); + add_token_u64(&err, dev, OPAL_KEEP_GLOBAL_RANGE_KEY); + add_token_u8(&err, dev, (rev->options & OPAL_PRESERVE) ? + OPAL_TRUE : OPAL_FALSE); + add_token_u8(&err, dev, OPAL_ENDNAME); + if (err) { + pr_debug("Error building REVERT SP command.\n"); + return err; + } + + return finalize_and_send(dev, parse_and_check_status); +} + static int erase_locking_range(struct opal_dev *dev, void *data) { struct opal_session_info *session = data; @@ -2207,6 +2227,23 @@ static int opal_get_discv(struct opal_dev *dev, struct opal_discovery *discv) return discv->size; /* modified to actual length of data */ } +static int opal_revertlsp(struct opal_dev *dev, struct opal_revert_lsp *rev) +{ + /* controller will terminate session */ + const struct opal_step steps[] = { + { start_admin1LSP_opal_session, &rev->key }, + { revert_lsp, rev } + }; + int ret; + + mutex_lock(&dev->dev_lock); + setup_opal_dev(dev); + ret = execute_steps(dev, steps, ARRAY_SIZE(steps)); + mutex_unlock(&dev->dev_lock); + + return ret; +} + static int opal_erase_locking_range(struct opal_dev *dev, struct opal_session_info *opal_session) { @@ -2713,6 +2750,9 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg) case IOC_OPAL_GENERIC_TABLE_RW: ret = opal_generic_read_write_table(dev, p); break; + case IOC_OPAL_REVERT_LSP: + ret = opal_revertlsp(dev, p); + break; case IOC_OPAL_DISCOVERY: ret = opal_get_discv(dev, p); break; diff --git a/include/linux/sed-opal.h b/include/linux/sed-opal.h index 9197b7a628f2..3a6082ff97e7 100644 --- a/include/linux/sed-opal.h +++ b/include/linux/sed-opal.h @@ -43,6 +43,7 @@ static inline bool is_sed_ioctl(unsigned int cmd) case IOC_OPAL_MBR_DONE: case IOC_OPAL_WRITE_SHADOW_MBR: case IOC_OPAL_GENERIC_TABLE_RW: + case IOC_OPAL_REVERT_LSP: case IOC_OPAL_DISCOVERY: return true; } diff --git a/include/uapi/linux/sed-opal.h b/include/uapi/linux/sed-opal.h index 114636c19d31..afbce867b906 100644 --- a/include/uapi/linux/sed-opal.h +++ b/include/uapi/linux/sed-opal.h @@ -51,6 +51,10 @@ struct opal_key { __u8 key[OPAL_KEY_MAX]; }; +enum opal_revert_lsp_opts { + OPAL_PRESERVE = 0x01, +}; + struct opal_lr_act { struct opal_key key; __u32 sum; @@ -137,6 +141,10 @@ struct opal_discovery { __u64 size; }; +struct opal_revert_lsp { + struct opal_key key; + __u32 options; +}; #define IOC_OPAL_SAVE _IOW('p', 220, struct opal_lock_unlock) #define IOC_OPAL_LOCK_UNLOCK _IOW('p', 221, struct opal_lock_unlock) @@ -155,5 +163,6 @@ struct opal_discovery { #define IOC_OPAL_WRITE_SHADOW_MBR _IOW('p', 234, struct opal_shadow_mbr) #define IOC_OPAL_GENERIC_TABLE_RW _IOW('p', 235, struct opal_read_write_table) #define IOC_OPAL_DISCOVERY _IOW('p', 236, struct opal_discovery) +#define IOC_OPAL_REVERT_LSP _IOW('p', 237, struct opal_revert_lsp) #endif /* _UAPI_SED_OPAL_H */ From patchwork Wed Jul 6 02:39:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Joyce X-Patchwork-Id: 12907262 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C1D82CCA47F for ; Wed, 6 Jul 2022 02:39:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231317AbiGFCj4 (ORCPT ); Tue, 5 Jul 2022 22:39:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40580 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230398AbiGFCjz (ORCPT ); Tue, 5 Jul 2022 22:39:55 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5DDE31A040; Tue, 5 Jul 2022 19:39:54 -0700 (PDT) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 2661jjmo016578; Wed, 6 Jul 2022 02:39:43 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=eX401jgj8Z+tvyXDT4HHnKDckUSn3nVU1+qAKIyjn5E=; b=ckW/QTEzBw8l8hiejlKaJgJLV1Svc9UYqXPKtKtbqxv0rfnWI355e9mckLq1sj9UeVgl Qj4VgG6HhvwBV6JthHtWwzng6Lxs+xYMNgkWfWUG2RkFQJMudKJLCrKzF5lF8SEd+N7/ ofhuqrYYRyZw58ACom/24luGJ3xq3sy1GdSqpvxe5O3Zv5EhxCFe9d4VkBMA3LC7rLIm w7kc119ApjzfkXiSNAwIaA1Lizzfyhc9TySC8Neo7aG8uNm7Cl8xOgVmUMFeB3BdB/Lr Jnt8UMiKB80HdKcrblcHU4gKmaJaSG/ESzYU5JJY1TCtxhs2AAml6M85WkXLiBsWuN3u iQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3h5111gvt6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Jul 2022 02:39:43 +0000 Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 2662cB35008169; Wed, 6 Jul 2022 02:39:42 GMT Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3h5111gvsr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Jul 2022 02:39:42 +0000 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 2662ZfwL026797; Wed, 6 Jul 2022 02:39:41 GMT Received: from b01cxnp22035.gho.pok.ibm.com (b01cxnp22035.gho.pok.ibm.com [9.57.198.25]) by ppma01dal.us.ibm.com with ESMTP id 3h4ud7a8ye-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Jul 2022 02:39:41 +0000 Received: from b01ledav005.gho.pok.ibm.com (b01ledav005.gho.pok.ibm.com [9.57.199.110]) by b01cxnp22035.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 2662deva37093778 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 6 Jul 2022 02:39:40 GMT Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6A83CAE062; Wed, 6 Jul 2022 02:39:40 +0000 (GMT) Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CEF64AE066; Wed, 6 Jul 2022 02:39:39 +0000 (GMT) Received: from rhel-laptop.ibm.com.com (unknown [9.160.24.101]) by b01ledav005.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 6 Jul 2022 02:39:39 +0000 (GMT) From: gjoyce@linux.vnet.ibm.com To: keyrings@vger.kernel.org Cc: gjoyce@ibm.com, dhowells@redhat.com, jarkko@kernel.org, andrzej.jakowski@intel.com, jonathan.derrick@linux.dev, drmiller.lnx@gmail.com, linux-block@vger.kernel.org, greg@gilhooley.com Subject: [PATCH 3/4] block: sed-opal: keyring support for SED Opal keys. Date: Tue, 5 Jul 2022 21:39:34 -0500 Message-Id: <20220706023935.875994-4-gjoyce@linux.vnet.ibm.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20220706023935.875994-1-gjoyce@linux.vnet.ibm.com> References: <20220706023935.875994-1-gjoyce@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: Qkn4WfdZhtgo3RwVVxTwbLaMzOAmQ4lk X-Proofpoint-GUID: n4D9cBLlDg3vDlhtiZbUJLjZ4DLAZfIJ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-07-06_02,2022-06-28_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 adultscore=0 mlxlogscore=999 clxscore=1015 priorityscore=1501 bulkscore=0 malwarescore=0 suspectscore=0 mlxscore=0 phishscore=0 lowpriorityscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2206140000 definitions=main-2207060008 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Greg Joyce Extend the SED block driver so it can alternatively obtain a key from a sed-opal kernel keyring. The SED ioctls will indicate the source of the key, either directly in the ioctl data or from the keyring. --- block/sed-opal.c | 198 +++++++++++++++++++++++++++++++++- include/linux/sed-opal.h | 3 + include/uapi/linux/sed-opal.h | 8 +- 3 files changed, 205 insertions(+), 4 deletions(-) diff --git a/block/sed-opal.c b/block/sed-opal.c index feba36e54ae0..13c749e7b2fc 100644 --- a/block/sed-opal.c +++ b/block/sed-opal.c @@ -20,6 +20,10 @@ #include #include #include +#include +#include +#include +#include #include "opal_proto.h" @@ -29,6 +33,8 @@ /* Number of bytes needed by cmd_finalize. */ #define CMD_FINALIZE_BYTES_NEEDED 7 +static struct key *sed_opal_keyring; + struct opal_step { int (*fn)(struct opal_dev *dev, void *data); void *data; @@ -266,6 +272,107 @@ static void print_buffer(const u8 *ptr, u32 length) #endif } +/* + * Allocate/update a SED Opal key and add it to the SED Opal keyring. + */ +static int update_sed_opal_key(const char *desc, u_char *key_data, int keylen) +{ + int ret; + struct key *key; + + if (!sed_opal_keyring) + return -ENOKEY; + + key = key_alloc(&key_type_user, desc, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, + current_cred(), + KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE, + 0, + NULL); + if (IS_ERR(key)) + return PTR_ERR(key); + + ret = key_instantiate_and_link(key, key_data, keylen, + sed_opal_keyring, NULL); + key_put(key); + + return ret; +} + +/* + * Read a SED Opal key from the SED Opal keyring. + */ +static int read_sed_opal_key(const char *key_name, u_char *buffer, int buflen) +{ + int ret; + key_ref_t kref; + struct key *key; + + if (!sed_opal_keyring) + return -ENOKEY; + + kref = keyring_search(make_key_ref(sed_opal_keyring, true), + &key_type_user, + key_name, + true); + + if (IS_ERR(kref)) { + ret = PTR_ERR(kref); + } else { + key = key_ref_to_ptr(kref); + down_read(&key->sem); + ret = key_validate(key); + if (ret == 0) { + if (buflen > key->datalen) + buflen = key->datalen; + + ret = key->type->read(key, (char *)buffer, buflen); + } + up_read(&key->sem); + + key_ref_put(kref); + } + + return ret; +} + +static int opal_get_key(struct opal_dev *dev, struct opal_key *key) +{ + int ret = 0; + + switch (key->key_type) { + case OPAL_INCLUDED: + /* the key is ready to use */ + break; + case OPAL_KEYRING: + /* the key is in the keyring */ + ret = read_sed_opal_key(OPAL_AUTH_KEY, key->key, OPAL_KEY_MAX); + if (ret > 0) { + if (ret > 255) { + ret = -ENOSPC; + goto error; + } + key->key_len = ret; + key->key_type = OPAL_INCLUDED; + } + break; + default: + ret = -EINVAL; + break; + } + if (ret < 0) + goto error; + + /* must have a PEK by now or it's an error */ + if (key->key_type != OPAL_INCLUDED || key->key_len == 0) { + ret = -EINVAL; + goto error; + } + return 0; +error: + pr_debug("Error getting password: %d\n", ret); + return ret; +} + static bool check_tper(const void *data) { const struct d0_tper_features *tper = data; @@ -2203,6 +2310,9 @@ static int opal_secure_erase_locking_range(struct opal_dev *dev, }; int ret; + ret = opal_get_key(dev, &opal_session->opal_key); + if (ret) + return ret; mutex_lock(&dev->dev_lock); setup_opal_dev(dev); ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps)); @@ -2236,6 +2346,9 @@ static int opal_revertlsp(struct opal_dev *dev, struct opal_revert_lsp *rev) }; int ret; + ret = opal_get_key(dev, &rev->key); + if (ret) + return ret; mutex_lock(&dev->dev_lock); setup_opal_dev(dev); ret = execute_steps(dev, steps, ARRAY_SIZE(steps)); @@ -2254,6 +2367,9 @@ static int opal_erase_locking_range(struct opal_dev *dev, }; int ret; + ret = opal_get_key(dev, &opal_session->opal_key); + if (ret) + return ret; mutex_lock(&dev->dev_lock); setup_opal_dev(dev); ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps)); @@ -2282,6 +2398,9 @@ static int opal_enable_disable_shadow_mbr(struct opal_dev *dev, opal_mbr->enable_disable != OPAL_MBR_DISABLE) return -EINVAL; + ret = opal_get_key(dev, &opal_mbr->key); + if (ret) + return ret; mutex_lock(&dev->dev_lock); setup_opal_dev(dev); ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps)); @@ -2307,6 +2426,9 @@ static int opal_set_mbr_done(struct opal_dev *dev, mbr_done->done_flag != OPAL_MBR_NOT_DONE) return -EINVAL; + ret = opal_get_key(dev, &mbr_done->key); + if (ret) + return ret; mutex_lock(&dev->dev_lock); setup_opal_dev(dev); ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps)); @@ -2328,6 +2450,9 @@ static int opal_write_shadow_mbr(struct opal_dev *dev, if (info->size == 0) return 0; + ret = opal_get_key(dev, &info->key); + if (ret) + return ret; mutex_lock(&dev->dev_lock); setup_opal_dev(dev); ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps)); @@ -2384,6 +2509,9 @@ static int opal_add_user_to_lr(struct opal_dev *dev, return -EINVAL; } + ret = opal_get_key(dev, &lk_unlk->session.opal_key); + if (ret) + return ret; mutex_lock(&dev->dev_lock); setup_opal_dev(dev); ret = execute_steps(dev, steps, ARRAY_SIZE(steps)); @@ -2406,6 +2534,10 @@ static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psi int ret; + ret = opal_get_key(dev, opal); + + if (ret) + return ret; mutex_lock(&dev->dev_lock); setup_opal_dev(dev); if (psid) @@ -2468,6 +2600,9 @@ static int opal_lock_unlock(struct opal_dev *dev, if (lk_unlk->session.who > OPAL_USER9) return -EINVAL; + ret = opal_get_key(dev, &lk_unlk->session.opal_key); + if (ret) + return ret; mutex_lock(&dev->dev_lock); ret = __opal_lock_unlock(dev, lk_unlk); mutex_unlock(&dev->dev_lock); @@ -2490,6 +2625,9 @@ static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal) if (!dev) return -ENODEV; + ret = opal_get_key(dev, opal); + if (ret) + return ret; mutex_lock(&dev->dev_lock); setup_opal_dev(dev); ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps)); @@ -2512,6 +2650,9 @@ static int opal_activate_lsp(struct opal_dev *dev, if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS) return -EINVAL; + ret = opal_get_key(dev, &opal_lr_act->key); + if (ret) + return ret; mutex_lock(&dev->dev_lock); setup_opal_dev(dev); ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps)); @@ -2530,6 +2671,9 @@ static int opal_setup_locking_range(struct opal_dev *dev, }; int ret; + ret = opal_get_key(dev, &opal_lrs->session.opal_key); + if (ret) + return ret; mutex_lock(&dev->dev_lock); setup_opal_dev(dev); ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps)); @@ -2556,6 +2700,19 @@ static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw) ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps)); mutex_unlock(&dev->dev_lock); + if (ret == 0) { + /* update keyring and arch var with new password */ + ret = arch_write_variable(ARCH_VAR_OPAL_KEY, OPAL_AUTH_KEY, + opal_pw->new_user_pw.opal_key.key, + opal_pw->new_user_pw.opal_key.key_len); + if (ret != -EOPNOTSUPP) + pr_warn("error updating SED key: %d\n", ret); + + ret = update_sed_opal_key(OPAL_AUTH_KEY, + opal_pw->new_user_pw.opal_key.key, + opal_pw->new_user_pw.opal_key.key_len); + } + return ret; } @@ -2576,6 +2733,9 @@ static int opal_activate_user(struct opal_dev *dev, return -EINVAL; } + ret = opal_get_key(dev, &opal_session->opal_key); + if (ret) + return ret; mutex_lock(&dev->dev_lock); setup_opal_dev(dev); ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps)); @@ -2662,6 +2822,9 @@ static int opal_generic_read_write_table(struct opal_dev *dev, { int ret, bit_set; + ret = opal_get_key(dev, &rw_tbl->key); + if (ret) + return ret; mutex_lock(&dev->dev_lock); setup_opal_dev(dev); @@ -2693,9 +2856,9 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg) if (!capable(CAP_SYS_ADMIN)) return -EACCES; if (!dev) - return -ENOTSUPP; + return -EOPNOTSUPP; if (!dev->supported) - return -ENOTSUPP; + return -EOPNOTSUPP; p = memdup_user(arg, _IOC_SIZE(cmd)); if (IS_ERR(p)) @@ -2756,7 +2919,6 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg) case IOC_OPAL_DISCOVERY: ret = opal_get_discv(dev, p); break; - default: break; } @@ -2765,3 +2927,33 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg) return ret; } EXPORT_SYMBOL_GPL(sed_ioctl); + +static int __init sed_opal_init(void) +{ + int ret; + struct key *kr; + char init_sed_key[OPAL_KEY_MAX]; + int keylen = OPAL_KEY_MAX; + + kr = keyring_alloc(".sed_opal", + GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(), + (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | + KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE, + KEY_ALLOC_NOT_IN_QUOTA, + NULL, NULL); + if (IS_ERR(kr)) + return PTR_ERR(kr); + + sed_opal_keyring = kr; + + if (arch_read_variable(ARCH_VAR_OPAL_KEY, OPAL_AUTH_KEY, init_sed_key, + &keylen) < 0) { + memset(init_sed_key, '\0', sizeof(init_sed_key)); + keylen = OPAL_KEY_MAX; + } + + ret = update_sed_opal_key(OPAL_AUTH_KEY, init_sed_key, keylen); + + return ret; +} +late_initcall(sed_opal_init); diff --git a/include/linux/sed-opal.h b/include/linux/sed-opal.h index 3a6082ff97e7..ed21e47bf773 100644 --- a/include/linux/sed-opal.h +++ b/include/linux/sed-opal.h @@ -24,6 +24,9 @@ bool opal_unlock_from_suspend(struct opal_dev *dev); struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv); int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *ioctl_ptr); +#define OPAL_AUTH_KEY "opal-boot-pin" +#define OPAL_AUTH_KEY_PREV "opal-boot-pin-prev" + static inline bool is_sed_ioctl(unsigned int cmd) { switch (cmd) { diff --git a/include/uapi/linux/sed-opal.h b/include/uapi/linux/sed-opal.h index afbce867b906..aacaa4c8823f 100644 --- a/include/uapi/linux/sed-opal.h +++ b/include/uapi/linux/sed-opal.h @@ -44,10 +44,16 @@ enum opal_lock_state { OPAL_LK = 0x04, /* 0100 */ }; +enum opal_key_type { + OPAL_INCLUDED = 0, /* key[] is the key */ + OPAL_KEYRING, /* key is in keyring */ +}; + struct opal_key { __u8 lr; __u8 key_len; - __u8 __align[6]; + __u8 key_type; + __u8 __align[5]; __u8 key[OPAL_KEY_MAX]; }; From patchwork Wed Jul 6 02:39:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Joyce X-Patchwork-Id: 12907258 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B65B3C43334 for ; Wed, 6 Jul 2022 02:39:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231181AbiGFCjv (ORCPT ); Tue, 5 Jul 2022 22:39:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40528 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230398AbiGFCju (ORCPT ); Tue, 5 Jul 2022 22:39:50 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B664F19036; Tue, 5 Jul 2022 19:39:49 -0700 (PDT) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 265NjLSg021742; Wed, 6 Jul 2022 02:39:44 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=Ma74owuT0GGYDtsyYsJ+X6lwf7BRKhoMhMn0eDirPGk=; b=p4Abw/Pc6fu3XariFF8pu+T4OT0kU6Z31Rx/bk76uWa1maenTgdyUpyhLL7eh6LVdE+S /BzbsLFY1PWkxu6nnD9qFLP6aeQi7iZtaahaYXg3+ggiDpNI67W4pKX5awfi5O61+87X cCPy1GpzHg5PdAVrk0mC12aXXDmJjSGJoW1irMdqoldLxO+GMjPjheO6zpWS5HN1gbH0 3m60983HUu3fDZF7+gYnvE/D+BdPaxRWt3HSYZWhqzPV4QgC8514ZirNrdH5Igt8Tsz5 odz/BZeviFzADVtlMBG2i3ua0vN6vgg5aGDoB/x7awkpdp6MjhaS1ik0JYDh+lilhEik /Q== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3h4y8ktsf0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Jul 2022 02:39:43 +0000 Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 2662ZijG026610; Wed, 6 Jul 2022 02:39:43 GMT Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3h4y8ktsed-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Jul 2022 02:39:43 +0000 Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 2662Z96A029433; Wed, 6 Jul 2022 02:39:41 GMT Received: from b01cxnp22036.gho.pok.ibm.com (b01cxnp22036.gho.pok.ibm.com [9.57.198.26]) by ppma02wdc.us.ibm.com with ESMTP id 3h4ucxhtry-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Jul 2022 02:39:41 +0000 Received: from b01ledav005.gho.pok.ibm.com (b01ledav005.gho.pok.ibm.com [9.57.199.110]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 2662dfvD6423324 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 6 Jul 2022 02:39:41 GMT Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1E705AE062; Wed, 6 Jul 2022 02:39:41 +0000 (GMT) Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 82D4FAE05C; Wed, 6 Jul 2022 02:39:40 +0000 (GMT) Received: from rhel-laptop.ibm.com.com (unknown [9.160.24.101]) by b01ledav005.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 6 Jul 2022 02:39:40 +0000 (GMT) From: gjoyce@linux.vnet.ibm.com To: keyrings@vger.kernel.org Cc: gjoyce@ibm.com, dhowells@redhat.com, jarkko@kernel.org, andrzej.jakowski@intel.com, jonathan.derrick@linux.dev, drmiller.lnx@gmail.com, linux-block@vger.kernel.org, greg@gilhooley.com Subject: [PATCH 4/4] arch_vars: create arch specific permanent store Date: Tue, 5 Jul 2022 21:39:35 -0500 Message-Id: <20220706023935.875994-5-gjoyce@linux.vnet.ibm.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20220706023935.875994-1-gjoyce@linux.vnet.ibm.com> References: <20220706023935.875994-1-gjoyce@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: cToQwtAFH72VDYP4kgea45nq_vM96nU3 X-Proofpoint-ORIG-GUID: kRZssnzPlhq-beCl4xrSAo7FiMMEZuov X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-07-06_02,2022-06-28_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 impostorscore=0 bulkscore=0 phishscore=0 priorityscore=1501 suspectscore=0 mlxscore=0 clxscore=1015 spamscore=0 mlxlogscore=999 lowpriorityscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2206140000 definitions=main-2207060008 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Greg Joyce Platforms that have a permanent key store may provide unique platform dependent functions to read/write variables. The default (weak) functions return -EOPNOTSUPP unless overridden by architecture/platform versions. Reported-by: kernel test robot Reported-by: kernel test robot --- include/linux/arch_vars.h | 23 +++++++++++++++++++++++ lib/Makefile | 2 +- lib/arch_vars.c | 25 +++++++++++++++++++++++++ 3 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 include/linux/arch_vars.h create mode 100644 lib/arch_vars.c diff --git a/include/linux/arch_vars.h b/include/linux/arch_vars.h new file mode 100644 index 000000000000..b5eb5fcfb2ca --- /dev/null +++ b/include/linux/arch_vars.h @@ -0,0 +1,23 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Platform variable opearations. + * + * Copyright (C) 2022 IBM Corporation + * + * These are the accessor functions (read/write) for architecture specific + * variables. Specific architectures can provide overrides. + * + */ + +#include + +enum arch_variable_type { + ARCH_VAR_OPAL_KEY = 0, /* SED Opal Authentication Key */ + ARCH_VAR_OTHER = 1, /* Other type of variable */ + ARCH_VAR_MAX = 1, /* Maximum type value */ +}; + +int arch_read_variable(enum arch_variable_type type, char *varname, + void *varbuf, u_int *varlen); +int arch_write_variable(enum arch_variable_type type, char *varname, + void *varbuf, u_int varlen); diff --git a/lib/Makefile b/lib/Makefile index f99bf61f8bbc..b90c4cb0dbbb 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -48,7 +48,7 @@ obj-y += bcd.o sort.o parser.o debug_locks.o random32.o \ bsearch.o find_bit.o llist.o memweight.o kfifo.o \ percpu-refcount.o rhashtable.o \ once.o refcount.o usercopy.o errseq.o bucket_locks.o \ - generic-radix-tree.o + generic-radix-tree.o arch_vars.o obj-$(CONFIG_STRING_SELFTEST) += test_string.o obj-y += string_helpers.o obj-$(CONFIG_TEST_STRING_HELPERS) += test-string_helpers.o diff --git a/lib/arch_vars.c b/lib/arch_vars.c new file mode 100644 index 000000000000..b5362ef933dc --- /dev/null +++ b/lib/arch_vars.c @@ -0,0 +1,25 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Platform variable operations. + * + * Copyright (C) 2022 IBM Corporation + * + * These are the accessor functions (read/write) for architecture specific + * variables. Specific architectures can provide overrides. + * + */ + +#include +#include + +int __weak arch_read_variable(enum arch_variable_type type, char *varname, + void *varbuf, u_int *varlen) +{ + return -EOPNOTSUPP; +} + +int __weak arch_write_variable(enum arch_variable_type type, char *varname, + void *varbuf, u_int varlen) +{ + return -EOPNOTSUPP; +}