From: Ondrej Kozina <okozina@redhat.com>
To: linux-block@vger.kernel.org
Cc: bluca@debian.org, gmazyland@gmail.com, axboe@kernel.dk,
hch@infradead.org, brauner@kernel.org,
jonathan.derrick@linux.dev, Ondrej Kozina <okozina@redhat.com>
Subject: [PATCH v2 2/5] sed-opal: add helper for adding user authorities in ACE.
Date: Wed, 5 Apr 2023 13:12:20 +0200 [thread overview]
Message-ID: <20230405111223.272816-3-okozina@redhat.com> (raw)
In-Reply-To: <20230405111223.272816-1-okozina@redhat.com>
Move ACE construction away from add_user_to_lr routine
and refactor it to be used also in later code.
Also adds boolean operators defines from TCG Core
specification.
Signed-off-by: Ondrej Kozina <okozina@redhat.com>
Tested-by: Luca Boccassi <bluca@debian.org>
Tested-by: Milan Broz <gmazyland@gmail.com>
---
block/opal_proto.h | 9 +++++
block/sed-opal.c | 88 +++++++++++++++++++++++++++++++++++-----------
2 files changed, 77 insertions(+), 20 deletions(-)
diff --git a/block/opal_proto.h b/block/opal_proto.h
index 7152aa1f1a49..b045cbb9d76e 100644
--- a/block/opal_proto.h
+++ b/block/opal_proto.h
@@ -86,6 +86,15 @@ enum opal_response_token {
#define OPAL_MSID_KEYLEN 15
#define OPAL_UID_LENGTH_HALF 4
+/*
+ * Boolean operators from TCG Core spec 2.01 Section:
+ * 5.1.3.11
+ * Table 61
+ */
+#define OPAL_BOOLEAN_AND 0
+#define OPAL_BOOLEAN_OR 1
+#define OPAL_BOOLEAN_NOT 2
+
/* Enum to index OPALUID array */
enum opal_uid {
/* users */
diff --git a/block/sed-opal.c b/block/sed-opal.c
index d86d3e5f5a44..4d0253bc2bfd 100644
--- a/block/sed-opal.c
+++ b/block/sed-opal.c
@@ -1759,25 +1759,43 @@ static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
return finalize_and_send(dev, parse_and_check_status);
}
-static int add_user_to_lr(struct opal_dev *dev, void *data)
+static void add_authority_object_ref(int *err,
+ struct opal_dev *dev,
+ const u8 *uid,
+ size_t uid_len)
+{
+ add_token_u8(err, dev, OPAL_STARTNAME);
+ add_token_bytestring(err, dev,
+ opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
+ OPAL_UID_LENGTH/2);
+ add_token_bytestring(err, dev, uid, uid_len);
+ add_token_u8(err, dev, OPAL_ENDNAME);
+}
+
+static void add_boolean_object_ref(int *err,
+ struct opal_dev *dev,
+ u8 boolean_op)
+{
+ add_token_u8(err, dev, OPAL_STARTNAME);
+ add_token_bytestring(err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
+ OPAL_UID_LENGTH/2);
+ add_token_u8(err, dev, boolean_op);
+ add_token_u8(err, dev, OPAL_ENDNAME);
+}
+
+static int set_lr_boolean_ace(struct opal_dev *dev,
+ unsigned int opal_uid,
+ u8 lr,
+ const u8 *users,
+ size_t users_len)
{
u8 lr_buffer[OPAL_UID_LENGTH];
u8 user_uid[OPAL_UID_LENGTH];
- struct opal_lock_unlock *lkul = data;
+ u8 u;
int err;
- memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_RDLOCKED],
- OPAL_UID_LENGTH);
-
- if (lkul->l_state == OPAL_RW)
- memcpy(lr_buffer, opaluid[OPAL_LOCKINGRANGE_ACE_WRLOCKED],
- OPAL_UID_LENGTH);
-
- lr_buffer[7] = lkul->session.opal_key.lr;
-
- memcpy(user_uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
-
- user_uid[7] = lkul->session.who;
+ memcpy(lr_buffer, opaluid[opal_uid], OPAL_UID_LENGTH);
+ lr_buffer[7] = lr;
err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
@@ -1790,19 +1808,49 @@ static int add_user_to_lr(struct opal_dev *dev, void *data)
add_token_u8(&err, dev, OPAL_STARTLIST);
+ for (u = 0; u < users_len; u++) {
+ if (users[u] == OPAL_ADMIN1)
+ memcpy(user_uid, opaluid[OPAL_ADMIN1_UID],
+ OPAL_UID_LENGTH);
+ else {
+ memcpy(user_uid, opaluid[OPAL_USER1_UID],
+ OPAL_UID_LENGTH);
+ user_uid[7] = users[u];
+ }
+
+ add_authority_object_ref(&err, dev, user_uid, sizeof(user_uid));
- add_token_u8(&err, dev, OPAL_STARTNAME);
- add_token_bytestring(&err, dev,
- opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
- OPAL_UID_LENGTH/2);
- add_token_bytestring(&err, dev, user_uid, OPAL_UID_LENGTH);
- add_token_u8(&err, dev, OPAL_ENDNAME);
+ /*
+ * Add boolean operator in postfix only with
+ * two or more authorities being added in ACE
+ * expresion.
+ * */
+ if (u > 0)
+ add_boolean_object_ref(&err, dev, OPAL_BOOLEAN_OR);
+ }
add_token_u8(&err, dev, OPAL_ENDLIST);
add_token_u8(&err, dev, OPAL_ENDNAME);
add_token_u8(&err, dev, OPAL_ENDLIST);
add_token_u8(&err, dev, OPAL_ENDNAME);
+ return err;
+}
+
+static int add_user_to_lr(struct opal_dev *dev, void *data)
+{
+ int err;
+ struct opal_lock_unlock *lkul = data;
+ const u8 users[] = {
+ lkul->session.who
+ };
+
+ err = set_lr_boolean_ace(dev,
+ lkul->l_state == OPAL_RW ?
+ OPAL_LOCKINGRANGE_ACE_WRLOCKED :
+ OPAL_LOCKINGRANGE_ACE_RDLOCKED,
+ lkul->session.opal_key.lr, users,
+ ARRAY_SIZE(users));
if (err) {
pr_debug("Error building add user to locking range command.\n");
return err;
--
2.31.1
next prev parent reply other threads:[~2023-04-05 11:13 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-22 15:15 [PATCH 0/5] sed-opal: add command to read locking range attributes Ondrej Kozina
2023-03-22 15:16 ` [PATCH 1/5] sed-opal: do not add user authority twice in boolean ace Ondrej Kozina
2023-03-29 14:15 ` Christian Brauner
2023-03-29 15:20 ` Ondrej Kozina
2023-04-04 15:23 ` Christoph Hellwig
2023-04-05 8:18 ` Christian Brauner
2023-03-22 15:16 ` [PATCH 2/5] sed-opal: add helper for adding user authorities in ACE Ondrej Kozina
2023-03-29 15:28 ` Christian Brauner
2023-04-04 15:25 ` Christoph Hellwig
2023-03-22 15:16 ` [PATCH 3/5] sed-opal: allow user authority to get locking range attributes Ondrej Kozina
2023-03-29 15:31 ` Christian Brauner
2023-04-04 15:26 ` Christoph Hellwig
2023-03-22 15:16 ` [PATCH 4/5] sed-opal: add helper to get multiple columns at once Ondrej Kozina
2023-03-29 15:32 ` Christian Brauner
2023-04-04 15:26 ` Christoph Hellwig
2023-03-22 15:16 ` [PATCH 5/5] sed-opal: Add command to read locking range parameters Ondrej Kozina
2023-04-04 15:27 ` Christoph Hellwig
2023-04-05 8:27 ` Christian Brauner
2023-04-05 9:39 ` Ondrej Kozina
2023-04-05 10:53 ` Luca Boccassi
2023-04-02 14:49 ` [PATCH 0/5] sed-opal: add command to read locking range attributes Luca Boccassi
2023-04-05 11:12 ` [PATCH v2 " Ondrej Kozina
2023-04-05 11:12 ` [PATCH v2 1/5] sed-opal: do not add same authority twice in boolean ace Ondrej Kozina
2023-04-05 11:12 ` Ondrej Kozina [this message]
2023-04-05 11:12 ` [PATCH v2 3/5] sed-opal: allow user authority to get locking range attributes Ondrej Kozina
2023-04-05 11:12 ` [PATCH v2 4/5] sed-opal: add helper to get multiple columns at once Ondrej Kozina
2023-04-05 11:12 ` [PATCH v2 5/5] sed-opal: Add command to read locking range parameters Ondrej Kozina
2023-04-05 13:46 ` [PATCH v2 0/5] sed-opal: add command to read locking range attributes Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230405111223.272816-3-okozina@redhat.com \
--to=okozina@redhat.com \
--cc=axboe@kernel.dk \
--cc=bluca@debian.org \
--cc=brauner@kernel.org \
--cc=gmazyland@gmail.com \
--cc=hch@infradead.org \
--cc=jonathan.derrick@linux.dev \
--cc=linux-block@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox