acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs

#include <linux/libnvdimm.h>

#include <linux/ndctl.h>

#include <linux/acpi.h>

#include <asm/smp.h>

#include "intel.h"

#include "nfit.h"

	return 0;

}

static int intel_security_change_key(struct nvdimm *nvdimm,

		const struct nvdimm_key_data *old_data,

		const struct nvdimm_key_data *new_data)

{

	struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm);

	struct {

		struct nd_cmd_pkg pkg;

		struct nd_intel_set_passphrase cmd;

	} nd_cmd = {

		.pkg = {

			.nd_command = NVDIMM_INTEL_SET_PASSPHRASE,

			.nd_family = NVDIMM_FAMILY_INTEL,

			.nd_size_in = ND_INTEL_PASSPHRASE_SIZE * 2,

			.nd_size_out = ND_INTEL_STATUS_SIZE,

			.nd_fw_size = ND_INTEL_STATUS_SIZE,

		},

	};

	int rc;

	if (!test_bit(NVDIMM_INTEL_SET_PASSPHRASE, &nfit_mem->dsm_mask))

		return -ENOTTY;

	if (old_data)

		memcpy(nd_cmd.cmd.old_pass, old_data->data,

				sizeof(nd_cmd.cmd.old_pass));

	memcpy(nd_cmd.cmd.new_pass, new_data->data,

			sizeof(nd_cmd.cmd.new_pass));

	rc = nvdimm_ctl(nvdimm, ND_CMD_CALL, &nd_cmd, sizeof(nd_cmd), NULL);

	if (rc < 0)

		return rc;

	switch (nd_cmd.cmd.status) {

	case 0:

		return 0;

	case ND_INTEL_STATUS_INVALID_PASS:

		return -EINVAL;

	case ND_INTEL_STATUS_NOT_SUPPORTED:

		return -EOPNOTSUPP;

	case ND_INTEL_STATUS_INVALID_STATE:

	default:

		return -EIO;

	}

}

static void nvdimm_invalidate_cache(void);

static int intel_security_unlock(struct nvdimm *nvdimm,

		const struct nvdimm_key_data *key_data)

{

	struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm);

	struct {

		struct nd_cmd_pkg pkg;

		struct nd_intel_unlock_unit cmd;

	} nd_cmd = {

		.pkg = {

			.nd_command = NVDIMM_INTEL_UNLOCK_UNIT,

			.nd_family = NVDIMM_FAMILY_INTEL,

			.nd_size_in = ND_INTEL_PASSPHRASE_SIZE,

			.nd_size_out = ND_INTEL_STATUS_SIZE,

			.nd_fw_size = ND_INTEL_STATUS_SIZE,

		},

	};

	int rc;

	if (!test_bit(NVDIMM_INTEL_UNLOCK_UNIT, &nfit_mem->dsm_mask))

		return -ENOTTY;

	memcpy(nd_cmd.cmd.passphrase, key_data->data,

			sizeof(nd_cmd.cmd.passphrase));

	rc = nvdimm_ctl(nvdimm, ND_CMD_CALL, &nd_cmd, sizeof(nd_cmd), NULL);

	if (rc < 0)

		return rc;

	switch (nd_cmd.cmd.status) {

	case 0:

		break;

	case ND_INTEL_STATUS_INVALID_PASS:

		return -EINVAL;

	default:

		return -EIO;

	}

	/* DIMM unlocked, invalidate all CPU caches before we read it */

	nvdimm_invalidate_cache();

	return 0;

}

/*

 * TODO: define a cross arch wbinvd equivalent when/if

 * NVDIMM_FAMILY_INTEL command support arrives on another arch.

 */

#ifdef CONFIG_X86

static void nvdimm_invalidate_cache(void)

{

	wbinvd_on_all_cpus();

}

#else

static void nvdimm_invalidate_cache(void)

{

	WARN_ON_ONCE("cache invalidation required after unlock\n");

}

#endif

static const struct nvdimm_security_ops __intel_security_ops = {

	.state = intel_security_state,

	.freeze = intel_security_freeze,

	.change_key = intel_security_change_key,

#ifdef CONFIG_X86

	.unlock = intel_security_unlock,

#endif

};

const struct nvdimm_security_ops *intel_security_ops = &__intel_security_ops;

	  Select Y if unsure.

config NVDIMM_KEYS

	def_bool y

	depends on ENCRYPTED_KEYS

	depends on (LIBNVDIMM=ENCRYPTED_KEYS) || LIBNVDIMM=m

endif

libnvdimm-$(CONFIG_BTT) += btt_devs.o

libnvdimm-$(CONFIG_NVDIMM_PFN) += pfn_devs.o

libnvdimm-$(CONFIG_NVDIMM_DAX) += dax_devs.o

libnvdimm-$(CONFIG_NVDIMM_KEYS) += security.o

		return rc;

	}

	/* reset locked, to be validated below... */

	/*

	 * The locked status bit reflects explicit status codes from the

	 * label reading commands, revalidate it each time the driver is

	 * activated and re-reads the label area.

	 */

	nvdimm_clear_locked(dev);

	ndd = kzalloc(sizeof(*ndd), GFP_KERNEL);

	get_device(dev);

	kref_init(&ndd->kref);

	/*

	 * Attempt to unlock, if the DIMM supports security commands,

	 * otherwise the locked indication is determined by explicit

	 * status codes from the label reading commands.

	 */

	rc = nvdimm_security_unlock(dev);

	if (rc < 0)

		dev_err(dev, "failed to unlock dimm: %d\n", rc);

	/*

	 * EACCES failures reading the namespace label-area-properties

	 * are interpreted as the DIMM capacity being locked but the

void nvdimm_set_aliasing(struct device *dev);

void nvdimm_set_locked(struct device *dev);

void nvdimm_clear_locked(struct device *dev);

#if IS_ENABLED(CONFIG_NVDIMM_KEYS)

int nvdimm_security_unlock(struct device *dev);

#else

static inline int nvdimm_security_unlock(struct device *dev)

{

	return 0;

}

#endif

struct nd_btt *to_nd_btt(struct device *dev);

struct nd_gen_sb {