| Message ID | 20230322151604.401680-4-okozina@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | sed-opal: add command to read locking range attributes | expand |
On Wed, Mar 22, 2023 at 04:16:02PM +0100, Ondrej Kozina wrote: > Extend ACE set of locking range attributes accessible to user > authority. This patch allows user authority to get following > locking range attribues when user get added to locking range via > IOC_OPAL_ADD_USR_TO_LR: > > locking range start > locking range end > read lock enabled > write lock enabled > read locked > write locked > lock on reset > active key > > Note: Admin1 authority always remains in the ACE. Otherwise > it breaks current userspace expecting Admin1 in the ACE (sedutils). > > See TCG OPAL2 s.4.3.1.7 "ACE_Locking_RangeNNNN_Get_RangeStartToActiveKey". > > Signed-off-by: Ondrej Kozina <okozina@redhat.com> > Tested-by: Luca Boccassi <bluca@debian.org> > Tested-by: Milan Broz <gmazyland@gmail.com> > --- Seems fine, Acked-by: Christian Brauner <brauner@kernel.org>
On Wed, Mar 22, 2023 at 04:16:02PM +0100, Ondrej Kozina wrote: > +{ > + int err; > + struct opal_lock_unlock *lkul = data; > + const u8 users[] = { > + OPAL_ADMIN1, > + lkul->session.who > + }; > + > + err = set_lr_boolean_ace(dev, OPAL_LOCKINGRANGE_ACE_START_TO_KEY, > + lkul->session.opal_key.lr, users, ARRAY_SIZE(users)); Please avoid the overly long line here. Otherwise looks good: Reviewed-by: Christoph Hellwig <hch@lst.de>
diff --git a/block/opal_proto.h b/block/opal_proto.h index 7152aa1f1a49..6dfaea272db2 100644 --- a/block/opal_proto.h +++ b/block/opal_proto.h @@ -105,6 +105,7 @@ enum opal_uid { /* tables */ OPAL_TABLE_TABLE, OPAL_LOCKINGRANGE_GLOBAL, + OPAL_LOCKINGRANGE_ACE_START_TO_KEY, OPAL_LOCKINGRANGE_ACE_RDLOCKED, OPAL_LOCKINGRANGE_ACE_WRLOCKED, OPAL_MBRCONTROL, diff --git a/block/sed-opal.c b/block/sed-opal.c index 2c3e38df9c65..1ce61adc732c 100644 --- a/block/sed-opal.c +++ b/block/sed-opal.c @@ -132,6 +132,8 @@ static const u8 opaluid[][OPAL_UID_LENGTH] = { { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 }, [OPAL_LOCKINGRANGE_GLOBAL] = { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 }, + [OPAL_LOCKINGRANGE_ACE_START_TO_KEY] = + { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xD0, 0x01 }, [OPAL_LOCKINGRANGE_ACE_RDLOCKED] = { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 }, [OPAL_LOCKINGRANGE_ACE_WRLOCKED] = @@ -1835,6 +1837,26 @@ static int add_user_to_lr(struct opal_dev *dev, void *data) return finalize_and_send(dev, parse_and_check_status); } +static int add_user_to_lr_ace(struct opal_dev *dev, void *data) +{ + int err; + struct opal_lock_unlock *lkul = data; + const u8 users[] = { + OPAL_ADMIN1, + lkul->session.who + }; + + err = set_lr_boolean_ace(dev, OPAL_LOCKINGRANGE_ACE_START_TO_KEY, + lkul->session.opal_key.lr, users, ARRAY_SIZE(users)); + + if (err) { + pr_debug("Error building add user to locking ranges ACEs.\n"); + return err; + } + + return finalize_and_send(dev, parse_and_check_status); +} + static int lock_unlock_locking_range(struct opal_dev *dev, void *data) { u8 lr_buffer[OPAL_UID_LENGTH]; @@ -2372,6 +2394,7 @@ static int opal_add_user_to_lr(struct opal_dev *dev, const struct opal_step steps[] = { { start_admin1LSP_opal_session, &lk_unlk->session.opal_key }, { add_user_to_lr, lk_unlk }, + { add_user_to_lr_ace, lk_unlk }, { end_opal_session, } }; int ret;