[PATCH 0/4] sed-opal: keyrings, discovery, revert and key store

[PATCH 0/4] sed-opal: keyrings, discovery, revert and key store

[gjoyce]

From: Greg Joyce <gjoyce@linux.vnet.ibm.com>

The current TCG SED Opal implementation in the block
driver requires that authentication keys be provided
in an ioctl so that they can be presented to the
underlying SED Opal capable drive. Currently, the key
is typically entered by a user with an application
like sedutil or sedcli. While this process works, it
does not lend itself to automation like unlock by a udev
rule.

Extend the SED block driver so it can alternatively
obtain a key from a sed-opal kernel keyring. The SED
ioctls will indicate the source of the key, either
directly in the ioctl data or from the keyring.

Two new SED ioctls have also been added. These are:
  1) IOC_OPAL_REVERT_LSP to revert LSP state
  2) IOC_OPAL_DISCOVERY to discover drive capabilities/state

Also, for platforms that have a permanent key store, the
platform may provide unique platform dependent functions
to read/write variables. The SED block driver has been
modified to attempt to read a key from the platform key
store. If successful, the key value is saved in the kernel
sed-opal keyring. If the platform does not support a
permanent key store, the read will fail and a key will
not be added to the keyring.


Greg Joyce (4):
  block: sed-opal: Implement IOC_OPAL_DISCOVERY
  block: sed-opal: Implement IOC_OPAL_REVERT_LSP
  block: sed-opal: keyring support for SED Opal keys.
  arch_vars: create arch specific permanent store

 block/opal_proto.h            |   4 +
 block/sed-opal.c              | 274 +++++++++++++++++++++++++++++++++-
 include/linux/arch_vars.h     |  23 +++
 include/linux/sed-opal.h      |   5 +
 include/uapi/linux/sed-opal.h |  24 ++-
 lib/Makefile                  |   2 +-
 lib/arch_vars.c               |  25 ++++
 7 files changed, 350 insertions(+), 7 deletions(-)
 create mode 100644 include/linux/arch_vars.h
 create mode 100644 lib/arch_vars.c

-- 
gjoyce@linux.vnet.ibm.com

[PATCH 1/4] block: sed-opal: Implement IOC_OPAL_DISCOVERY

[gjoyce]

From: Greg Joyce <gjoyce@linux.vnet.ibm.com>

When IOC_OPAL_DISCOVERY is called, the opal_discovery structure is
passed down to the "discovery0" step, instead of NULL for the
normal cases during all other commands. The processing of the
received discovery data in opal_discovery0_end() then checks for
a non-NULL structure pointer, and if found will copy the raw
discovery data to the provided user buffer. If the user buffer is NULL
then no data is copied. If the user buffer is too small, then not
all data is copied. In all cases, the return value is the length
of the actual data received from the drive.
---
 block/sed-opal.c              | 38 ++++++++++++++++++++++++++++++++---
 include/linux/sed-opal.h      |  1 +
 include/uapi/linux/sed-opal.h |  7 +++++++
 3 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/block/sed-opal.c b/block/sed-opal.c
index 9700197000f2..4b9a7ffbf00f 100644
--- a/block/sed-opal.c
+++ b/block/sed-opal.c
@@ -426,8 +426,11 @@ static int execute_steps(struct opal_dev *dev,
 	return error;
 }
 
-static int opal_discovery0_end(struct opal_dev *dev)
+static int opal_discovery0_end(struct opal_dev *dev, void *data)
 {
+	struct opal_discovery *discv_out = data; /* may be NULL */
+	u8 __user *buf_out;
+	u64 len_out;
 	bool found_com_id = false, supported = true, single_user = false;
 	const struct d0_header *hdr = (struct d0_header *)dev->resp;
 	const u8 *epos = dev->resp, *cpos = dev->resp;
@@ -443,6 +446,15 @@ static int opal_discovery0_end(struct opal_dev *dev)
 		return -EFAULT;
 	}
 
+	if (discv_out) {
+		buf_out = (u8 __user *)(uintptr_t)discv_out->data;
+		len_out = min(discv_out->size, (u64)hlen);
+		if (buf_out && copy_to_user(buf_out, dev->resp, len_out)) {
+			return -EFAULT;
+		}
+		discv_out->size = hlen; /* actual size of data */
+	}
+
 	epos += hlen; /* end of buffer */
 	cpos += sizeof(*hdr); /* current position on buffer */
 
@@ -517,13 +529,13 @@ static int opal_discovery0(struct opal_dev *dev, void *data)
 	if (ret)
 		return ret;
 
-	return opal_discovery0_end(dev);
+	return opal_discovery0_end(dev, data);
 }
 
 static int opal_discovery0_step(struct opal_dev *dev)
 {
 	const struct opal_step discovery0_step = {
-		opal_discovery0,
+		opal_discovery0, NULL
 	};
 
 	return execute_step(dev, &discovery0_step, 0);
@@ -2179,6 +2191,22 @@ static int opal_secure_erase_locking_range(struct opal_dev *dev,
 	return ret;
 }
 
+static int opal_get_discv(struct opal_dev *dev, struct opal_discovery *discv)
+{
+	const struct opal_step discovery0_step = {
+		opal_discovery0, discv
+	};
+	int ret = 0;
+
+	mutex_lock(&dev->dev_lock);
+	setup_opal_dev(dev);
+	ret = execute_step(dev, &discovery0_step, 0);
+	mutex_unlock(&dev->dev_lock);
+	if (ret)
+		return ret;
+	return discv->size; /* modified to actual length of data */
+}
+
 static int opal_erase_locking_range(struct opal_dev *dev,
 				    struct opal_session_info *opal_session)
 {
@@ -2685,6 +2713,10 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
 	case IOC_OPAL_GENERIC_TABLE_RW:
 		ret = opal_generic_read_write_table(dev, p);
 		break;
+	case IOC_OPAL_DISCOVERY:
+		ret = opal_get_discv(dev, p);
+		break;
+
 	default:
 		break;
 	}
diff --git a/include/linux/sed-opal.h b/include/linux/sed-opal.h
index 1ac0d712a9c3..9197b7a628f2 100644
--- a/include/linux/sed-opal.h
+++ b/include/linux/sed-opal.h
@@ -43,6 +43,7 @@ static inline bool is_sed_ioctl(unsigned int cmd)
 	case IOC_OPAL_MBR_DONE:
 	case IOC_OPAL_WRITE_SHADOW_MBR:
 	case IOC_OPAL_GENERIC_TABLE_RW:
+	case IOC_OPAL_DISCOVERY:
 		return true;
 	}
 	return false;
diff --git a/include/uapi/linux/sed-opal.h b/include/uapi/linux/sed-opal.h
index 6f5af1a84213..114636c19d31 100644
--- a/include/uapi/linux/sed-opal.h
+++ b/include/uapi/linux/sed-opal.h
@@ -132,6 +132,12 @@ struct opal_read_write_table {
 	__u64 priv;
 };
 
+struct opal_discovery {
+	__u64 data;
+	__u64 size;
+};
+
+
 #define IOC_OPAL_SAVE		    _IOW('p', 220, struct opal_lock_unlock)
 #define IOC_OPAL_LOCK_UNLOCK	    _IOW('p', 221, struct opal_lock_unlock)
 #define IOC_OPAL_TAKE_OWNERSHIP	    _IOW('p', 222, struct opal_key)
@@ -148,5 +154,6 @@ struct opal_read_write_table {
 #define IOC_OPAL_MBR_DONE           _IOW('p', 233, struct opal_mbr_done)
 #define IOC_OPAL_WRITE_SHADOW_MBR   _IOW('p', 234, struct opal_shadow_mbr)
 #define IOC_OPAL_GENERIC_TABLE_RW   _IOW('p', 235, struct opal_read_write_table)
+#define IOC_OPAL_DISCOVERY          _IOW('p', 236, struct opal_discovery)
 
 #endif /* _UAPI_SED_OPAL_H */
-- 
gjoyce@linux.vnet.ibm.com

[PATCH 2/4] block: sed-opal: Implement IOC_OPAL_REVERT_LSP

[gjoyce]

From: Greg Joyce <gjoyce@linux.vnet.ibm.com>

This is used in conjunction with IOC_OPAL_REVERT_TPR to return a drive to
Original Factory State without erasing the data. If IOC_OPAL_REVERT_LSP
is called with opal_revert_lsp.options bit OPAL_PRESERVE set prior
to calling IOC_OPAL_REVERT_TPR, the drive global locking range will not
be erased.
---
 block/opal_proto.h            |  4 ++++
 block/sed-opal.c              | 42 ++++++++++++++++++++++++++++++++++-
 include/linux/sed-opal.h      |  1 +
 include/uapi/linux/sed-opal.h |  9 ++++++++
 4 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/block/opal_proto.h b/block/opal_proto.h
index b486b3ec7dc4..6127c08267f8 100644
--- a/block/opal_proto.h
+++ b/block/opal_proto.h
@@ -210,6 +210,10 @@ enum opal_parameter {
 	OPAL_SUM_SET_LIST = 0x060000,
 };
 
+enum opal_revertlsp {
+	OPAL_KEEP_GLOBAL_RANGE_KEY = 0x060000,
+};
+
 /* Packets derived from:
  * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
  * Secion: 3.2.3 ComPackets, Packets & Subpackets
diff --git a/block/sed-opal.c b/block/sed-opal.c
index 4b9a7ffbf00f..feba36e54ae0 100644
--- a/block/sed-opal.c
+++ b/block/sed-opal.c
@@ -448,7 +448,7 @@ static int opal_discovery0_end(struct opal_dev *dev, void *data)
 
 	if (discv_out) {
 		buf_out = (u8 __user *)(uintptr_t)discv_out->data;
-		len_out = min(discv_out->size, (u64)hlen);
+		len_out = min_t(u64, discv_out->size, hlen);
 		if (buf_out && copy_to_user(buf_out, dev->resp, len_out)) {
 			return -EFAULT;
 		}
@@ -1592,6 +1592,26 @@ static int internal_activate_user(struct opal_dev *dev, void *data)
 	return finalize_and_send(dev, parse_and_check_status);
 }
 
+static int revert_lsp(struct opal_dev *dev, void *data)
+{
+	struct opal_revert_lsp *rev = data;
+	int err;
+
+	err = cmd_start(dev, opaluid[OPAL_THISSP_UID],
+			opalmethod[OPAL_REVERTSP]);
+	add_token_u8(&err, dev, OPAL_STARTNAME);
+	add_token_u64(&err, dev, OPAL_KEEP_GLOBAL_RANGE_KEY);
+	add_token_u8(&err, dev, (rev->options & OPAL_PRESERVE) ?
+			OPAL_TRUE : OPAL_FALSE);
+	add_token_u8(&err, dev, OPAL_ENDNAME);
+	if (err) {
+		pr_debug("Error building REVERT SP command.\n");
+		return err;
+	}
+
+	return finalize_and_send(dev, parse_and_check_status);
+}
+
 static int erase_locking_range(struct opal_dev *dev, void *data)
 {
 	struct opal_session_info *session = data;
@@ -2207,6 +2227,23 @@ static int opal_get_discv(struct opal_dev *dev, struct opal_discovery *discv)
 	return discv->size; /* modified to actual length of data */
 }
 
+static int opal_revertlsp(struct opal_dev *dev, struct opal_revert_lsp *rev)
+{
+	/* controller will terminate session */
+	const struct opal_step steps[] = {
+		{ start_admin1LSP_opal_session, &rev->key },
+		{ revert_lsp, rev }
+	};
+	int ret;
+
+	mutex_lock(&dev->dev_lock);
+	setup_opal_dev(dev);
+	ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
+	mutex_unlock(&dev->dev_lock);
+
+	return ret;
+}
+
 static int opal_erase_locking_range(struct opal_dev *dev,
 				    struct opal_session_info *opal_session)
 {
@@ -2713,6 +2750,9 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
 	case IOC_OPAL_GENERIC_TABLE_RW:
 		ret = opal_generic_read_write_table(dev, p);
 		break;
+	case IOC_OPAL_REVERT_LSP:
+		ret = opal_revertlsp(dev, p);
+		break;
 	case IOC_OPAL_DISCOVERY:
 		ret = opal_get_discv(dev, p);
 		break;
diff --git a/include/linux/sed-opal.h b/include/linux/sed-opal.h
index 9197b7a628f2..3a6082ff97e7 100644
--- a/include/linux/sed-opal.h
+++ b/include/linux/sed-opal.h
@@ -43,6 +43,7 @@ static inline bool is_sed_ioctl(unsigned int cmd)
 	case IOC_OPAL_MBR_DONE:
 	case IOC_OPAL_WRITE_SHADOW_MBR:
 	case IOC_OPAL_GENERIC_TABLE_RW:
+	case IOC_OPAL_REVERT_LSP:
 	case IOC_OPAL_DISCOVERY:
 		return true;
 	}
diff --git a/include/uapi/linux/sed-opal.h b/include/uapi/linux/sed-opal.h
index 114636c19d31..afbce867b906 100644
--- a/include/uapi/linux/sed-opal.h
+++ b/include/uapi/linux/sed-opal.h
@@ -51,6 +51,10 @@ struct opal_key {
 	__u8 key[OPAL_KEY_MAX];
 };
 
+enum opal_revert_lsp_opts {
+	OPAL_PRESERVE = 0x01,
+};
+
 struct opal_lr_act {
 	struct opal_key key;
 	__u32 sum;
@@ -137,6 +141,10 @@ struct opal_discovery {
 	__u64 size;
 };
 
+struct opal_revert_lsp {
+	struct opal_key key;
+	__u32 options;
+};
 
 #define IOC_OPAL_SAVE		    _IOW('p', 220, struct opal_lock_unlock)
 #define IOC_OPAL_LOCK_UNLOCK	    _IOW('p', 221, struct opal_lock_unlock)
@@ -155,5 +163,6 @@ struct opal_discovery {
 #define IOC_OPAL_WRITE_SHADOW_MBR   _IOW('p', 234, struct opal_shadow_mbr)
 #define IOC_OPAL_GENERIC_TABLE_RW   _IOW('p', 235, struct opal_read_write_table)
 #define IOC_OPAL_DISCOVERY          _IOW('p', 236, struct opal_discovery)
+#define IOC_OPAL_REVERT_LSP         _IOW('p', 237, struct opal_revert_lsp)
 
 #endif /* _UAPI_SED_OPAL_H */
-- 
gjoyce@linux.vnet.ibm.com

[PATCH 3/4] block: sed-opal: keyring support for SED Opal keys.

[gjoyce]

From: Greg Joyce <gjoyce@linux.vnet.ibm.com>

Extend the SED block driver so it can alternatively
obtain a key from a sed-opal kernel keyring. The SED
ioctls will indicate the source of the key, either
directly in the ioctl data or from the keyring.
---
 block/sed-opal.c              | 198 +++++++++++++++++++++++++++++++++-
 include/linux/sed-opal.h      |   3 +
 include/uapi/linux/sed-opal.h |   8 +-
 3 files changed, 205 insertions(+), 4 deletions(-)

diff --git a/block/sed-opal.c b/block/sed-opal.c
index feba36e54ae0..13c749e7b2fc 100644
--- a/block/sed-opal.c
+++ b/block/sed-opal.c
@@ -20,6 +20,10 @@
 #include <linux/sed-opal.h>
 #include <linux/string.h>
 #include <linux/kdev_t.h>
+#include <linux/key.h>
+#include <linux/key-type.h>
+#include <linux/arch_vars.h>
+#include <keys/user-type.h>
 
 #include "opal_proto.h"
 
@@ -29,6 +33,8 @@
 /* Number of bytes needed by cmd_finalize. */
 #define CMD_FINALIZE_BYTES_NEEDED 7
 
+static struct key *sed_opal_keyring;
+
 struct opal_step {
 	int (*fn)(struct opal_dev *dev, void *data);
 	void *data;
@@ -266,6 +272,107 @@ static void print_buffer(const u8 *ptr, u32 length)
 #endif
 }
 
+/*
+ * Allocate/update a SED Opal key and add it to the SED Opal keyring.
+ */
+static int update_sed_opal_key(const char *desc, u_char *key_data, int keylen)
+{
+	int ret;
+	struct key *key;
+
+	if (!sed_opal_keyring)
+		return -ENOKEY;
+
+	key = key_alloc(&key_type_user, desc, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
+				current_cred(),
+				KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
+				0,
+				NULL);
+	if (IS_ERR(key))
+		return PTR_ERR(key);
+
+	ret = key_instantiate_and_link(key, key_data, keylen,
+			sed_opal_keyring, NULL);
+	key_put(key);
+
+	return ret;
+}
+
+/*
+ * Read a SED Opal key from the SED Opal keyring.
+ */
+static int read_sed_opal_key(const char *key_name, u_char *buffer, int buflen)
+{
+	int ret;
+	key_ref_t kref;
+	struct key *key;
+
+	if (!sed_opal_keyring)
+		return -ENOKEY;
+
+	kref = keyring_search(make_key_ref(sed_opal_keyring, true),
+		&key_type_user,
+		key_name,
+		true);
+
+	if (IS_ERR(kref)) {
+		ret = PTR_ERR(kref);
+	} else {
+		key = key_ref_to_ptr(kref);
+		down_read(&key->sem);
+		ret = key_validate(key);
+		if (ret == 0) {
+			if (buflen > key->datalen)
+				buflen = key->datalen;
+
+			ret = key->type->read(key, (char *)buffer, buflen);
+		}
+		up_read(&key->sem);
+
+		key_ref_put(kref);
+	}
+
+	return ret;
+}
+
+static int opal_get_key(struct opal_dev *dev, struct opal_key *key)
+{
+	int ret = 0;
+
+	switch (key->key_type) {
+	case OPAL_INCLUDED:
+		/* the key is ready to use */
+		break;
+	case OPAL_KEYRING:
+		/* the key is in the keyring */
+		ret = read_sed_opal_key(OPAL_AUTH_KEY, key->key, OPAL_KEY_MAX);
+		if (ret > 0) {
+			if (ret > 255) {
+				ret = -ENOSPC;
+				goto error;
+			}
+			key->key_len = ret;
+			key->key_type = OPAL_INCLUDED;
+		}
+		break;
+	default:
+		ret = -EINVAL;
+		break;
+	}
+	if (ret < 0)
+		goto error;
+
+	/* must have a PEK by now or it's an error */
+	if (key->key_type != OPAL_INCLUDED || key->key_len == 0) {
+		ret = -EINVAL;
+		goto error;
+	}
+	return 0;
+error:
+	pr_debug("Error getting password: %d\n", ret);
+	return ret;
+}
+
 static bool check_tper(const void *data)
 {
 	const struct d0_tper_features *tper = data;
@@ -2203,6 +2310,9 @@ static int opal_secure_erase_locking_range(struct opal_dev *dev,
 	};
 	int ret;
 
+	ret = opal_get_key(dev, &opal_session->opal_key);
+	if (ret)
+		return ret;
 	mutex_lock(&dev->dev_lock);
 	setup_opal_dev(dev);
 	ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
@@ -2236,6 +2346,9 @@ static int opal_revertlsp(struct opal_dev *dev, struct opal_revert_lsp *rev)
 	};
 	int ret;
 
+	ret = opal_get_key(dev, &rev->key);
+	if (ret)
+		return ret;
 	mutex_lock(&dev->dev_lock);
 	setup_opal_dev(dev);
 	ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
@@ -2254,6 +2367,9 @@ static int opal_erase_locking_range(struct opal_dev *dev,
 	};
 	int ret;
 
+	ret = opal_get_key(dev, &opal_session->opal_key);
+	if (ret)
+		return ret;
 	mutex_lock(&dev->dev_lock);
 	setup_opal_dev(dev);
 	ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
@@ -2282,6 +2398,9 @@ static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
 	    opal_mbr->enable_disable != OPAL_MBR_DISABLE)
 		return -EINVAL;
 
+	ret = opal_get_key(dev, &opal_mbr->key);
+	if (ret)
+		return ret;
 	mutex_lock(&dev->dev_lock);
 	setup_opal_dev(dev);
 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
@@ -2307,6 +2426,9 @@ static int opal_set_mbr_done(struct opal_dev *dev,
 	    mbr_done->done_flag != OPAL_MBR_NOT_DONE)
 		return -EINVAL;
 
+	ret = opal_get_key(dev, &mbr_done->key);
+	if (ret)
+		return ret;
 	mutex_lock(&dev->dev_lock);
 	setup_opal_dev(dev);
 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
@@ -2328,6 +2450,9 @@ static int opal_write_shadow_mbr(struct opal_dev *dev,
 	if (info->size == 0)
 		return 0;
 
+	ret = opal_get_key(dev, &info->key);
+	if (ret)
+		return ret;
 	mutex_lock(&dev->dev_lock);
 	setup_opal_dev(dev);
 	ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
@@ -2384,6 +2509,9 @@ static int opal_add_user_to_lr(struct opal_dev *dev,
 		return -EINVAL;
 	}
 
+	ret = opal_get_key(dev, &lk_unlk->session.opal_key);
+	if (ret)
+		return ret;
 	mutex_lock(&dev->dev_lock);
 	setup_opal_dev(dev);
 	ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
@@ -2406,6 +2534,10 @@ static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psi
 
 	int ret;
 
+	ret = opal_get_key(dev, opal);
+
+	if (ret)
+		return ret;
 	mutex_lock(&dev->dev_lock);
 	setup_opal_dev(dev);
 	if (psid)
@@ -2468,6 +2600,9 @@ static int opal_lock_unlock(struct opal_dev *dev,
 	if (lk_unlk->session.who > OPAL_USER9)
 		return -EINVAL;
 
+	ret = opal_get_key(dev, &lk_unlk->session.opal_key);
+	if (ret)
+		return ret;
 	mutex_lock(&dev->dev_lock);
 	ret = __opal_lock_unlock(dev, lk_unlk);
 	mutex_unlock(&dev->dev_lock);
@@ -2490,6 +2625,9 @@ static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
 	if (!dev)
 		return -ENODEV;
 
+	ret = opal_get_key(dev, opal);
+	if (ret)
+		return ret;
 	mutex_lock(&dev->dev_lock);
 	setup_opal_dev(dev);
 	ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
@@ -2512,6 +2650,9 @@ static int opal_activate_lsp(struct opal_dev *dev,
 	if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
 		return -EINVAL;
 
+	ret = opal_get_key(dev, &opal_lr_act->key);
+	if (ret)
+		return ret;
 	mutex_lock(&dev->dev_lock);
 	setup_opal_dev(dev);
 	ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
@@ -2530,6 +2671,9 @@ static int opal_setup_locking_range(struct opal_dev *dev,
 	};
 	int ret;
 
+	ret = opal_get_key(dev, &opal_lrs->session.opal_key);
+	if (ret)
+		return ret;
 	mutex_lock(&dev->dev_lock);
 	setup_opal_dev(dev);
 	ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
@@ -2556,6 +2700,19 @@ static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
 	ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
 	mutex_unlock(&dev->dev_lock);
 
+	if (ret == 0) {
+		/* update keyring and arch var with new password */
+		ret = arch_write_variable(ARCH_VAR_OPAL_KEY, OPAL_AUTH_KEY,
+				opal_pw->new_user_pw.opal_key.key,
+				opal_pw->new_user_pw.opal_key.key_len);
+		if (ret != -EOPNOTSUPP)
+			pr_warn("error updating SED key: %d\n", ret);
+
+		ret = update_sed_opal_key(OPAL_AUTH_KEY,
+				opal_pw->new_user_pw.opal_key.key,
+				opal_pw->new_user_pw.opal_key.key_len);
+	}
+
 	return ret;
 }
 
@@ -2576,6 +2733,9 @@ static int opal_activate_user(struct opal_dev *dev,
 		return -EINVAL;
 	}
 
+	ret = opal_get_key(dev, &opal_session->opal_key);
+	if (ret)
+		return ret;
 	mutex_lock(&dev->dev_lock);
 	setup_opal_dev(dev);
 	ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
@@ -2662,6 +2822,9 @@ static int opal_generic_read_write_table(struct opal_dev *dev,
 {
 	int ret, bit_set;
 
+	ret = opal_get_key(dev, &rw_tbl->key);
+	if (ret)
+		return ret;
 	mutex_lock(&dev->dev_lock);
 	setup_opal_dev(dev);
 
@@ -2693,9 +2856,9 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
 	if (!capable(CAP_SYS_ADMIN))
 		return -EACCES;
 	if (!dev)
-		return -ENOTSUPP;
+		return -EOPNOTSUPP;
 	if (!dev->supported)
-		return -ENOTSUPP;
+		return -EOPNOTSUPP;
 
 	p = memdup_user(arg, _IOC_SIZE(cmd));
 	if (IS_ERR(p))
@@ -2756,7 +2919,6 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
 	case IOC_OPAL_DISCOVERY:
 		ret = opal_get_discv(dev, p);
 		break;
-
 	default:
 		break;
 	}
@@ -2765,3 +2927,33 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
 	return ret;
 }
 EXPORT_SYMBOL_GPL(sed_ioctl);
+
+static int __init sed_opal_init(void)
+{
+	int ret;
+	struct key *kr;
+	char init_sed_key[OPAL_KEY_MAX];
+	int keylen = OPAL_KEY_MAX;
+
+	kr = keyring_alloc(".sed_opal",
+		GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
+		(KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
+		KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE,
+		KEY_ALLOC_NOT_IN_QUOTA,
+		NULL, NULL);
+	if (IS_ERR(kr))
+		return PTR_ERR(kr);
+
+	sed_opal_keyring = kr;
+
+	if (arch_read_variable(ARCH_VAR_OPAL_KEY, OPAL_AUTH_KEY, init_sed_key,
+				&keylen) < 0) {
+		memset(init_sed_key, '\0', sizeof(init_sed_key));
+		keylen = OPAL_KEY_MAX;
+	}
+
+	ret = update_sed_opal_key(OPAL_AUTH_KEY, init_sed_key, keylen);
+
+	return ret;
+}
+late_initcall(sed_opal_init);
diff --git a/include/linux/sed-opal.h b/include/linux/sed-opal.h
index 3a6082ff97e7..ed21e47bf773 100644
--- a/include/linux/sed-opal.h
+++ b/include/linux/sed-opal.h
@@ -24,6 +24,9 @@ bool opal_unlock_from_suspend(struct opal_dev *dev);
 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv);
 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *ioctl_ptr);
 
+#define	OPAL_AUTH_KEY           "opal-boot-pin"
+#define	OPAL_AUTH_KEY_PREV      "opal-boot-pin-prev"
+
 static inline bool is_sed_ioctl(unsigned int cmd)
 {
 	switch (cmd) {
diff --git a/include/uapi/linux/sed-opal.h b/include/uapi/linux/sed-opal.h
index afbce867b906..aacaa4c8823f 100644
--- a/include/uapi/linux/sed-opal.h
+++ b/include/uapi/linux/sed-opal.h
@@ -44,10 +44,16 @@ enum opal_lock_state {
 	OPAL_LK = 0x04, /* 0100 */
 };
 
+enum opal_key_type {
+	OPAL_INCLUDED = 0,	/* key[] is the key */
+	OPAL_KEYRING,		/* key is in keyring */
+};
+
 struct opal_key {
 	__u8 lr;
 	__u8 key_len;
-	__u8 __align[6];
+	__u8 key_type;
+	__u8 __align[5];
 	__u8 key[OPAL_KEY_MAX];
 };
 
-- 
gjoyce@linux.vnet.ibm.com

[PATCH 4/4] arch_vars: create arch specific permanent store

[gjoyce]

From: Greg Joyce <gjoyce@linux.vnet.ibm.com>

Platforms that have a permanent key store may provide unique
platform dependent functions to read/write variables. The
default (weak) functions return -EOPNOTSUPP unless overridden
by architecture/platform versions.
---
 include/linux/arch_vars.h | 23 +++++++++++++++++++++++
 lib/Makefile              |  2 +-
 lib/arch_vars.c           | 25 +++++++++++++++++++++++++
 3 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 include/linux/arch_vars.h
 create mode 100644 lib/arch_vars.c

diff --git a/include/linux/arch_vars.h b/include/linux/arch_vars.h
new file mode 100644
index 000000000000..b5eb5fcfb2ca
--- /dev/null
+++ b/include/linux/arch_vars.h
@@ -0,0 +1,23 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Platform variable opearations.
+ *
+ * Copyright (C) 2022 IBM Corporation
+ *
+ * These are the accessor functions (read/write) for architecture specific
+ * variables. Specific architectures can provide overrides.
+ *
+ */
+
+#include <linux/kernel.h>
+
+enum arch_variable_type {
+	ARCH_VAR_OPAL_KEY      = 0,     /* SED Opal Authentication Key */
+	ARCH_VAR_OTHER         = 1,     /* Other type of variable */
+	ARCH_VAR_MAX           = 1,     /* Maximum type value */
+};
+
+int arch_read_variable(enum arch_variable_type type, char *varname,
+		void *varbuf, u_int *varlen);
+int arch_write_variable(enum arch_variable_type type, char *varname,
+		void *varbuf, u_int varlen);
diff --git a/lib/Makefile b/lib/Makefile
index f99bf61f8bbc..b90c4cb0dbbb 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -48,7 +48,7 @@ obj-y += bcd.o sort.o parser.o debug_locks.o random32.o \
 	 bsearch.o find_bit.o llist.o memweight.o kfifo.o \
 	 percpu-refcount.o rhashtable.o \
 	 once.o refcount.o usercopy.o errseq.o bucket_locks.o \
-	 generic-radix-tree.o
+	 generic-radix-tree.o arch_vars.o
 obj-$(CONFIG_STRING_SELFTEST) += test_string.o
 obj-y += string_helpers.o
 obj-$(CONFIG_TEST_STRING_HELPERS) += test-string_helpers.o
diff --git a/lib/arch_vars.c b/lib/arch_vars.c
new file mode 100644
index 000000000000..b5362ef933dc
--- /dev/null
+++ b/lib/arch_vars.c
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Platform variable operations.
+ *
+ * Copyright (C) 2022 IBM Corporation
+ *
+ * These are the accessor functions (read/write) for architecture specific
+ * variables. Specific architectures can provide overrides.
+ *
+ */
+
+#include <linux/kernel.h>
+#include <linux/arch_vars.h>
+
+int __weak arch_read_variable(enum arch_variable_type type, char *varname,
+		void *varbuf, u_int *varlen)
+{
+	return -EOPNOTSUPP;
+}
+
+int __weak arch_write_variable(enum arch_variable_type type, char *varname,
+		void *varbuf, u_int varlen)
+{
+	return -EOPNOTSUPP;
+}
-- 
gjoyce@linux.vnet.ibm.com

Re: [PATCH 1/4] block: sed-opal: Implement IOC_OPAL_DISCOVERY

[Christoph Hellwig]

On Tue, Jul 05, 2022 at 09:39:32PM -0500, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> 
> When IOC_OPAL_DISCOVERY is called, the opal_discovery structure is
> passed down to the "discovery0" step, instead of NULL for the
> normal cases during all other commands. The processing of the
> received discovery data in opal_discovery0_end() then checks for
> a non-NULL structure pointer, and if found will copy the raw
> discovery data to the provided user buffer. If the user buffer is NULL
> then no data is copied. If the user buffer is too small, then not
> all data is copied. In all cases, the return value is the length
> of the actual data received from the drive.

You don't need to describe what you do, everyone familar with C can
discover that themsevels.  Explain why you do it.

Re: [PATCH 4/4] arch_vars: create arch specific permanent store

[Christoph Hellwig]

On Tue, Jul 05, 2022 at 09:39:35PM -0500, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> 
> Platforms that have a permanent key store may provide unique
> platform dependent functions to read/write variables. The
> default (weak) functions return -EOPNOTSUPP unless overridden
> by architecture/platform versions.

Which is none as of this patch set, as is the number of of users of
this API.  Did this slip in by accident?

Re: [PATCH 4/4] arch_vars: create arch specific permanent store

[Greg Joyce]

On Wed, 2022-07-06 at 01:11 -0700, Christoph Hellwig wrote:
> On Tue, Jul 05, 2022 at 09:39:35PM -0500, gjoyce@linux.vnet.ibm.com
> wrote:
> > From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > 
> > Platforms that have a permanent key store may provide unique
> > platform dependent functions to read/write variables. The
> > default (weak) functions return -EOPNOTSUPP unless overridden
> > by architecture/platform versions.
> 
> Which is none as of this patch set, as is the number of of users of
> this API.  Did this slip in by accident?

You are correct, there are currently no platforms that utilize this
key store interface. However, there is a pseries platform store that 
has a driver that will provide the interfaces. This is in a separate
patchset that is currently being submitted.

Re: [PATCH 4/4] arch_vars: create arch specific permanent store

[kernel test robot]

Hi,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on axboe-block/for-next]
[also build test ERROR on linus/master v5.19-rc5 next-20220706]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/gjoyce-linux-vnet-ibm-com/sed-opal-keyrings-discovery-revert-and-key-store/20220706-104204
base:   https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git for-next
config: sparc64-randconfig-r002-20220703 (https://download.01.org/0day-ci/archive/20220707/202207070041.gf2Xgary-lkp@intel.com/config)
compiler: sparc64-linux-gcc (GCC) 11.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/intel-lab-lkp/linux/commit/b984dda112cdbda6b41045bf63f790a3c2903c7a
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review gjoyce-linux-vnet-ibm-com/sed-opal-keyrings-discovery-revert-and-key-store/20220706-104204
        git checkout b984dda112cdbda6b41045bf63f790a3c2903c7a
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.3.0 make.cross W=1 O=build_dir ARCH=sparc64 SHELL=/bin/bash

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>

All error/warnings (new ones prefixed by >>):

   block/sed-opal.c: In function 'update_sed_opal_key':
>> block/sed-opal.c:286:15: error: implicit declaration of function 'key_alloc'; did you mean 'bdev_alloc'? [-Werror=implicit-function-declaration]
     286 |         key = key_alloc(&key_type_user, desc, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
         |               ^~~~~~~~~
         |               bdev_alloc
>> block/sed-opal.c:286:26: error: 'key_type_user' undeclared (first use in this function)
     286 |         key = key_alloc(&key_type_user, desc, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
         |                          ^~~~~~~~~~~~~
   block/sed-opal.c:286:26: note: each undeclared identifier is reported only once for each function it appears in
>> block/sed-opal.c:288:33: error: 'KEY_USR_VIEW' undeclared (first use in this function)
     288 |                                 KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
         |                                 ^~~~~~~~~~~~
>> block/sed-opal.c:288:48: error: 'KEY_USR_SEARCH' undeclared (first use in this function)
     288 |                                 KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
         |                                                ^~~~~~~~~~~~~~
>> block/sed-opal.c:288:65: error: 'KEY_USR_WRITE' undeclared (first use in this function)
     288 |                                 KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
         |                                                                 ^~~~~~~~~~~~~
>> block/sed-opal.c:294:15: error: implicit declaration of function 'key_instantiate_and_link'; did you mean 'd_instantiate_anon'? [-Werror=implicit-function-declaration]
     294 |         ret = key_instantiate_and_link(key, key_data, keylen,
         |               ^~~~~~~~~~~~~~~~~~~~~~~~
         |               d_instantiate_anon
   block/sed-opal.c: In function 'read_sed_opal_key':
>> block/sed-opal.c:307:9: error: unknown type name 'key_ref_t'; did you mean 'key_ref_put'?
     307 |         key_ref_t kref;
         |         ^~~~~~~~~
         |         key_ref_put
>> block/sed-opal.c:313:16: error: implicit declaration of function 'keyring_search' [-Werror=implicit-function-declaration]
     313 |         kref = keyring_search(make_key_ref(sed_opal_keyring, true),
         |                ^~~~~~~~~~~~~~
   block/sed-opal.c:314:18: error: 'key_type_user' undeclared (first use in this function)
     314 |                 &key_type_user,
         |                  ^~~~~~~~~~~~~
>> block/sed-opal.c:318:20: warning: passing argument 1 of 'IS_ERR' makes pointer from integer without a cast [-Wint-conversion]
     318 |         if (IS_ERR(kref)) {
         |                    ^~~~
         |                    |
         |                    int
   In file included from include/linux/container_of.h:6,
                    from include/linux/list.h:5,
                    from include/linux/rculist.h:10,
                    from include/linux/pid.h:5,
                    from include/linux/sched.h:14,
                    from include/linux/delay.h:23,
                    from block/sed-opal.c:12:
   include/linux/err.h:34:60: note: expected 'const void *' but argument is of type 'int'
      34 | static inline bool __must_check IS_ERR(__force const void *ptr)
         |                                                ~~~~~~~~~~~~^~~
>> block/sed-opal.c:319:31: warning: passing argument 1 of 'PTR_ERR' makes pointer from integer without a cast [-Wint-conversion]
     319 |                 ret = PTR_ERR(kref);
         |                               ^~~~
         |                               |
         |                               int
   In file included from include/linux/container_of.h:6,
                    from include/linux/list.h:5,
                    from include/linux/rculist.h:10,
                    from include/linux/pid.h:5,
                    from include/linux/sched.h:14,
                    from include/linux/delay.h:23,
                    from block/sed-opal.c:12:
   include/linux/err.h:29:61: note: expected 'const void *' but argument is of type 'int'
      29 | static inline long __must_check PTR_ERR(__force const void *ptr)
         |                                                 ~~~~~~~~~~~~^~~
>> block/sed-opal.c:322:31: error: invalid use of undefined type 'struct key'
     322 |                 down_read(&key->sem);
         |                               ^~
   block/sed-opal.c:325:41: error: invalid use of undefined type 'struct key'
     325 |                         if (buflen > key->datalen)
         |                                         ^~
   block/sed-opal.c:326:45: error: invalid use of undefined type 'struct key'
     326 |                                 buflen = key->datalen;
         |                                             ^~
   block/sed-opal.c:328:34: error: invalid use of undefined type 'struct key'
     328 |                         ret = key->type->read(key, (char *)buffer, buflen);
         |                                  ^~
   block/sed-opal.c:330:29: error: invalid use of undefined type 'struct key'
     330 |                 up_read(&key->sem);
         |                             ^~
   block/sed-opal.c: In function 'sed_opal_init':
>> block/sed-opal.c:2938:14: error: implicit declaration of function 'keyring_alloc'; did you mean 'warn_alloc'? [-Werror=implicit-function-declaration]
    2938 |         kr = keyring_alloc(".sed_opal",
         |              ^~~~~~~~~~~~~
         |              warn_alloc
>> block/sed-opal.c:2940:18: error: 'KEY_POS_ALL' undeclared (first use in this function)
    2940 |                 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
         |                  ^~~~~~~~~~~
>> block/sed-opal.c:2940:33: error: 'KEY_POS_SETATTR' undeclared (first use in this function)
    2940 |                 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
         |                                 ^~~~~~~~~~~~~~~
   block/sed-opal.c:2940:52: error: 'KEY_USR_VIEW' undeclared (first use in this function)
    2940 |                 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
         |                                                    ^~~~~~~~~~~~
>> block/sed-opal.c:2941:17: error: 'KEY_USR_READ' undeclared (first use in this function)
    2941 |                 KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE,
         |                 ^~~~~~~~~~~~
   block/sed-opal.c:2941:32: error: 'KEY_USR_SEARCH' undeclared (first use in this function)
    2941 |                 KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE,
         |                                ^~~~~~~~~~~~~~
   block/sed-opal.c:2941:49: error: 'KEY_USR_WRITE' undeclared (first use in this function)
    2941 |                 KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE,
         |                                                 ^~~~~~~~~~~~~
>> block/sed-opal.c:2942:17: error: 'KEY_ALLOC_NOT_IN_QUOTA' undeclared (first use in this function)
    2942 |                 KEY_ALLOC_NOT_IN_QUOTA,
         |                 ^~~~~~~~~~~~~~~~~~~~~~
   cc1: some warnings being treated as errors


vim +286 block/sed-opal.c

455a7b238cd6bc Scott Bauer 2017-02-03  274  
8a2b115580e8f7 Greg Joyce  2022-07-05  275  /*
8a2b115580e8f7 Greg Joyce  2022-07-05  276   * Allocate/update a SED Opal key and add it to the SED Opal keyring.
8a2b115580e8f7 Greg Joyce  2022-07-05  277   */
8a2b115580e8f7 Greg Joyce  2022-07-05  278  static int update_sed_opal_key(const char *desc, u_char *key_data, int keylen)
8a2b115580e8f7 Greg Joyce  2022-07-05  279  {
8a2b115580e8f7 Greg Joyce  2022-07-05  280  	int ret;
8a2b115580e8f7 Greg Joyce  2022-07-05  281  	struct key *key;
8a2b115580e8f7 Greg Joyce  2022-07-05  282  
8a2b115580e8f7 Greg Joyce  2022-07-05  283  	if (!sed_opal_keyring)
8a2b115580e8f7 Greg Joyce  2022-07-05  284  		return -ENOKEY;
8a2b115580e8f7 Greg Joyce  2022-07-05  285  
8a2b115580e8f7 Greg Joyce  2022-07-05 @286  	key = key_alloc(&key_type_user, desc, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
8a2b115580e8f7 Greg Joyce  2022-07-05  287  				current_cred(),
8a2b115580e8f7 Greg Joyce  2022-07-05 @288  				KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
8a2b115580e8f7 Greg Joyce  2022-07-05  289  				0,
8a2b115580e8f7 Greg Joyce  2022-07-05  290  				NULL);
8a2b115580e8f7 Greg Joyce  2022-07-05  291  	if (IS_ERR(key))
8a2b115580e8f7 Greg Joyce  2022-07-05  292  		return PTR_ERR(key);
8a2b115580e8f7 Greg Joyce  2022-07-05  293  
8a2b115580e8f7 Greg Joyce  2022-07-05 @294  	ret = key_instantiate_and_link(key, key_data, keylen,
8a2b115580e8f7 Greg Joyce  2022-07-05  295  			sed_opal_keyring, NULL);
8a2b115580e8f7 Greg Joyce  2022-07-05  296  	key_put(key);
8a2b115580e8f7 Greg Joyce  2022-07-05  297  
8a2b115580e8f7 Greg Joyce  2022-07-05  298  	return ret;
8a2b115580e8f7 Greg Joyce  2022-07-05  299  }
8a2b115580e8f7 Greg Joyce  2022-07-05  300  
8a2b115580e8f7 Greg Joyce  2022-07-05  301  /*
8a2b115580e8f7 Greg Joyce  2022-07-05  302   * Read a SED Opal key from the SED Opal keyring.
8a2b115580e8f7 Greg Joyce  2022-07-05  303   */
8a2b115580e8f7 Greg Joyce  2022-07-05  304  static int read_sed_opal_key(const char *key_name, u_char *buffer, int buflen)
8a2b115580e8f7 Greg Joyce  2022-07-05  305  {
8a2b115580e8f7 Greg Joyce  2022-07-05  306  	int ret;
8a2b115580e8f7 Greg Joyce  2022-07-05 @307  	key_ref_t kref;
8a2b115580e8f7 Greg Joyce  2022-07-05  308  	struct key *key;
8a2b115580e8f7 Greg Joyce  2022-07-05  309  
8a2b115580e8f7 Greg Joyce  2022-07-05  310  	if (!sed_opal_keyring)
8a2b115580e8f7 Greg Joyce  2022-07-05  311  		return -ENOKEY;
8a2b115580e8f7 Greg Joyce  2022-07-05  312  
8a2b115580e8f7 Greg Joyce  2022-07-05 @313  	kref = keyring_search(make_key_ref(sed_opal_keyring, true),
8a2b115580e8f7 Greg Joyce  2022-07-05  314  		&key_type_user,
8a2b115580e8f7 Greg Joyce  2022-07-05  315  		key_name,
8a2b115580e8f7 Greg Joyce  2022-07-05  316  		true);
8a2b115580e8f7 Greg Joyce  2022-07-05  317  
8a2b115580e8f7 Greg Joyce  2022-07-05 @318  	if (IS_ERR(kref)) {
8a2b115580e8f7 Greg Joyce  2022-07-05 @319  		ret = PTR_ERR(kref);
8a2b115580e8f7 Greg Joyce  2022-07-05  320  	} else {
8a2b115580e8f7 Greg Joyce  2022-07-05  321  		key = key_ref_to_ptr(kref);
8a2b115580e8f7 Greg Joyce  2022-07-05 @322  		down_read(&key->sem);
8a2b115580e8f7 Greg Joyce  2022-07-05  323  		ret = key_validate(key);
8a2b115580e8f7 Greg Joyce  2022-07-05  324  		if (ret == 0) {
8a2b115580e8f7 Greg Joyce  2022-07-05  325  			if (buflen > key->datalen)
8a2b115580e8f7 Greg Joyce  2022-07-05  326  				buflen = key->datalen;
8a2b115580e8f7 Greg Joyce  2022-07-05  327  
8a2b115580e8f7 Greg Joyce  2022-07-05  328  			ret = key->type->read(key, (char *)buffer, buflen);
8a2b115580e8f7 Greg Joyce  2022-07-05  329  		}
8a2b115580e8f7 Greg Joyce  2022-07-05  330  		up_read(&key->sem);
8a2b115580e8f7 Greg Joyce  2022-07-05  331  
8a2b115580e8f7 Greg Joyce  2022-07-05  332  		key_ref_put(kref);
8a2b115580e8f7 Greg Joyce  2022-07-05  333  	}
8a2b115580e8f7 Greg Joyce  2022-07-05  334  
8a2b115580e8f7 Greg Joyce  2022-07-05  335  	return ret;
8a2b115580e8f7 Greg Joyce  2022-07-05  336  }
8a2b115580e8f7 Greg Joyce  2022-07-05  337  

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

Re: [PATCH 4/4] arch_vars: create arch specific permanent store

[kernel test robot]

Hi,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on axboe-block/for-next]
[also build test ERROR on linus/master v5.19-rc5 next-20220707]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/gjoyce-linux-vnet-ibm-com/sed-opal-keyrings-discovery-revert-and-key-store/20220706-104204
base:   https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git for-next
config: arm-randconfig-r036-20220706 (https://download.01.org/0day-ci/archive/20220708/202207081010.mn8e8rca-lkp@intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project f553287b588916de09c66e3e32bf75e5060f967f)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install arm cross compiling tool for clang build
        # apt-get install binutils-arm-linux-gnueabi
        # https://github.com/intel-lab-lkp/linux/commit/b984dda112cdbda6b41045bf63f790a3c2903c7a
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review gjoyce-linux-vnet-ibm-com/sed-opal-keyrings-discovery-revert-and-key-store/20220706-104204
        git checkout b984dda112cdbda6b41045bf63f790a3c2903c7a
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=arm SHELL=/bin/bash

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>

All error/warnings (new ones prefixed by >>):

>> block/sed-opal.c:286:8: error: call to undeclared function 'key_alloc'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
           key = key_alloc(&key_type_user, desc, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
                 ^
>> block/sed-opal.c:286:19: error: use of undeclared identifier 'key_type_user'
           key = key_alloc(&key_type_user, desc, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
                            ^
>> block/sed-opal.c:288:5: error: use of undeclared identifier 'KEY_USR_VIEW'
                                   KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
                                   ^
>> block/sed-opal.c:288:20: error: use of undeclared identifier 'KEY_USR_SEARCH'
                                   KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
                                                  ^
>> block/sed-opal.c:288:37: error: use of undeclared identifier 'KEY_USR_WRITE'
                                   KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
                                                                   ^
>> block/sed-opal.c:294:8: error: call to undeclared function 'key_instantiate_and_link'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
           ret = key_instantiate_and_link(key, key_data, keylen,
                 ^
   block/sed-opal.c:294:8: note: did you mean 'd_instantiate_anon'?
   include/linux/dcache.h:223:24: note: 'd_instantiate_anon' declared here
   extern struct dentry * d_instantiate_anon(struct dentry *, struct inode *);
                          ^
   block/sed-opal.c:307:2: error: unknown type name 'key_ref_t'; did you mean 'key_perm_t'?
           key_ref_t kref;
           ^~~~~~~~~
           key_perm_t
   include/linux/key.h:31:18: note: 'key_perm_t' declared here
   typedef uint32_t key_perm_t;
                    ^
>> block/sed-opal.c:313:9: error: call to undeclared function 'keyring_search'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
           kref = keyring_search(make_key_ref(sed_opal_keyring, true),
                  ^
   block/sed-opal.c:314:4: error: use of undeclared identifier 'key_type_user'
                   &key_type_user,
                    ^
>> block/sed-opal.c:318:13: warning: incompatible integer to pointer conversion passing 'key_perm_t' (aka 'unsigned int') to parameter of type 'const void *' [-Wint-conversion]
           if (IS_ERR(kref)) {
                      ^~~~
   include/linux/err.h:34:60: note: passing argument to parameter 'ptr' here
   static inline bool __must_check IS_ERR(__force const void *ptr)
                                                              ^
   block/sed-opal.c:319:17: warning: incompatible integer to pointer conversion passing 'key_perm_t' (aka 'unsigned int') to parameter of type 'const void *' [-Wint-conversion]
                   ret = PTR_ERR(kref);
                                 ^~~~
   include/linux/err.h:29:61: note: passing argument to parameter 'ptr' here
   static inline long __must_check PTR_ERR(__force const void *ptr)
                                                               ^
>> block/sed-opal.c:322:17: error: incomplete definition of type 'struct key'
                   down_read(&key->sem);
                              ~~~^
   include/linux/key.h:33:8: note: forward declaration of 'struct key'
   struct key;
          ^
   block/sed-opal.c:325:20: error: incomplete definition of type 'struct key'
                           if (buflen > key->datalen)
                                        ~~~^
   include/linux/key.h:33:8: note: forward declaration of 'struct key'
   struct key;
          ^
   block/sed-opal.c:326:17: error: incomplete definition of type 'struct key'
                                   buflen = key->datalen;
                                            ~~~^
   include/linux/key.h:33:8: note: forward declaration of 'struct key'
   struct key;
          ^
   block/sed-opal.c:328:13: error: incomplete definition of type 'struct key'
                           ret = key->type->read(key, (char *)buffer, buflen);
                                 ~~~^
   include/linux/key.h:33:8: note: forward declaration of 'struct key'
   struct key;
          ^
   block/sed-opal.c:330:15: error: incomplete definition of type 'struct key'
                   up_read(&key->sem);
                            ~~~^
   include/linux/key.h:33:8: note: forward declaration of 'struct key'
   struct key;
          ^
>> block/sed-opal.c:2938:7: error: call to undeclared function 'keyring_alloc'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
           kr = keyring_alloc(".sed_opal",
                ^
>> block/sed-opal.c:2940:4: error: use of undeclared identifier 'KEY_POS_ALL'
                   (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
                    ^
>> block/sed-opal.c:2940:19: error: use of undeclared identifier 'KEY_POS_SETATTR'
                   (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
                                   ^
   block/sed-opal.c:2940:38: error: use of undeclared identifier 'KEY_USR_VIEW'
                   (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
                                                      ^
>> block/sed-opal.c:2941:3: error: use of undeclared identifier 'KEY_USR_READ'
                   KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE,
                   ^
   fatal error: too many errors emitted, stopping now [-ferror-limit=]
   2 warnings and 20 errors generated.


vim +/key_alloc +286 block/sed-opal.c

455a7b238cd6bc6 Scott Bauer 2017-02-03  274  
8a2b115580e8f7c Greg Joyce  2022-07-05  275  /*
8a2b115580e8f7c Greg Joyce  2022-07-05  276   * Allocate/update a SED Opal key and add it to the SED Opal keyring.
8a2b115580e8f7c Greg Joyce  2022-07-05  277   */
8a2b115580e8f7c Greg Joyce  2022-07-05  278  static int update_sed_opal_key(const char *desc, u_char *key_data, int keylen)
8a2b115580e8f7c Greg Joyce  2022-07-05  279  {
8a2b115580e8f7c Greg Joyce  2022-07-05  280  	int ret;
8a2b115580e8f7c Greg Joyce  2022-07-05  281  	struct key *key;
8a2b115580e8f7c Greg Joyce  2022-07-05  282  
8a2b115580e8f7c Greg Joyce  2022-07-05  283  	if (!sed_opal_keyring)
8a2b115580e8f7c Greg Joyce  2022-07-05  284  		return -ENOKEY;
8a2b115580e8f7c Greg Joyce  2022-07-05  285  
8a2b115580e8f7c Greg Joyce  2022-07-05 @286  	key = key_alloc(&key_type_user, desc, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
8a2b115580e8f7c Greg Joyce  2022-07-05  287  				current_cred(),
8a2b115580e8f7c Greg Joyce  2022-07-05 @288  				KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
8a2b115580e8f7c Greg Joyce  2022-07-05  289  				0,
8a2b115580e8f7c Greg Joyce  2022-07-05  290  				NULL);
8a2b115580e8f7c Greg Joyce  2022-07-05  291  	if (IS_ERR(key))
8a2b115580e8f7c Greg Joyce  2022-07-05  292  		return PTR_ERR(key);
8a2b115580e8f7c Greg Joyce  2022-07-05  293  
8a2b115580e8f7c Greg Joyce  2022-07-05 @294  	ret = key_instantiate_and_link(key, key_data, keylen,
8a2b115580e8f7c Greg Joyce  2022-07-05  295  			sed_opal_keyring, NULL);
8a2b115580e8f7c Greg Joyce  2022-07-05  296  	key_put(key);
8a2b115580e8f7c Greg Joyce  2022-07-05  297  
8a2b115580e8f7c Greg Joyce  2022-07-05  298  	return ret;
8a2b115580e8f7c Greg Joyce  2022-07-05  299  }
8a2b115580e8f7c Greg Joyce  2022-07-05  300  
8a2b115580e8f7c Greg Joyce  2022-07-05  301  /*
8a2b115580e8f7c Greg Joyce  2022-07-05  302   * Read a SED Opal key from the SED Opal keyring.
8a2b115580e8f7c Greg Joyce  2022-07-05  303   */
8a2b115580e8f7c Greg Joyce  2022-07-05  304  static int read_sed_opal_key(const char *key_name, u_char *buffer, int buflen)
8a2b115580e8f7c Greg Joyce  2022-07-05  305  {
8a2b115580e8f7c Greg Joyce  2022-07-05  306  	int ret;
8a2b115580e8f7c Greg Joyce  2022-07-05  307  	key_ref_t kref;
8a2b115580e8f7c Greg Joyce  2022-07-05  308  	struct key *key;
8a2b115580e8f7c Greg Joyce  2022-07-05  309  
8a2b115580e8f7c Greg Joyce  2022-07-05  310  	if (!sed_opal_keyring)
8a2b115580e8f7c Greg Joyce  2022-07-05  311  		return -ENOKEY;
8a2b115580e8f7c Greg Joyce  2022-07-05  312  
8a2b115580e8f7c Greg Joyce  2022-07-05 @313  	kref = keyring_search(make_key_ref(sed_opal_keyring, true),
8a2b115580e8f7c Greg Joyce  2022-07-05  314  		&key_type_user,
8a2b115580e8f7c Greg Joyce  2022-07-05  315  		key_name,
8a2b115580e8f7c Greg Joyce  2022-07-05  316  		true);
8a2b115580e8f7c Greg Joyce  2022-07-05  317  
8a2b115580e8f7c Greg Joyce  2022-07-05 @318  	if (IS_ERR(kref)) {
8a2b115580e8f7c Greg Joyce  2022-07-05  319  		ret = PTR_ERR(kref);
8a2b115580e8f7c Greg Joyce  2022-07-05  320  	} else {
8a2b115580e8f7c Greg Joyce  2022-07-05  321  		key = key_ref_to_ptr(kref);
8a2b115580e8f7c Greg Joyce  2022-07-05 @322  		down_read(&key->sem);
8a2b115580e8f7c Greg Joyce  2022-07-05  323  		ret = key_validate(key);
8a2b115580e8f7c Greg Joyce  2022-07-05  324  		if (ret == 0) {
8a2b115580e8f7c Greg Joyce  2022-07-05  325  			if (buflen > key->datalen)
8a2b115580e8f7c Greg Joyce  2022-07-05  326  				buflen = key->datalen;
8a2b115580e8f7c Greg Joyce  2022-07-05  327  
8a2b115580e8f7c Greg Joyce  2022-07-05  328  			ret = key->type->read(key, (char *)buffer, buflen);
8a2b115580e8f7c Greg Joyce  2022-07-05  329  		}
8a2b115580e8f7c Greg Joyce  2022-07-05  330  		up_read(&key->sem);
8a2b115580e8f7c Greg Joyce  2022-07-05  331  
8a2b115580e8f7c Greg Joyce  2022-07-05  332  		key_ref_put(kref);
8a2b115580e8f7c Greg Joyce  2022-07-05  333  	}
8a2b115580e8f7c Greg Joyce  2022-07-05  334  
8a2b115580e8f7c Greg Joyce  2022-07-05  335  	return ret;
8a2b115580e8f7c Greg Joyce  2022-07-05  336  }
8a2b115580e8f7c Greg Joyce  2022-07-05  337  

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

submitting corrected patch

[Greg Joyce]

[-- Attachment #1: Type: text/plain, Size: 12774 bytes --]

Hi,

Can I just send an amended patch to this email? I believe that it just
needed a dependency for a config option.

-Greg

On Fri, 2022-07-08 at 10:35 +0800, kernel test robot wrote:
> Hi,
> 
> Thank you for the patch! Yet something to improve:
> 
> [auto build test ERROR on axboe-block/for-next]
> [also build test ERROR on linus/master v5.19-rc5 next-20220707]
> [If your patch is applied to the wrong git tree, kindly drop us a
> note.
> And when submitting patch, we suggest to use '--base' as documented
> in
> https://git-scm.com/docs/git-format-patch#_base_tree_information]
> 
> url:    
> https://github.com/intel-lab-lkp/linux/commits/gjoyce-linux-vnet-ibm-com/sed-opal-keyrings-discovery-revert-and-key-store/20220706-104204
> base:   
> https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git
>  for-next
> config: arm-randconfig-r036-20220706 (
> https://download.01.org/0day-ci/archive/20220708/202207081010.mn8e8rca-lkp(a)intel.com/config
> )
> compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project
> f553287b588916de09c66e3e32bf75e5060f967f)
> reproduce (this is a W=1 build):
>         wget 
> https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross
>  -O ~/bin/make.cross
>         chmod +x ~/bin/make.cross
>         # install arm cross compiling tool for clang build
>         # apt-get install binutils-arm-linux-gnueabi
>         # 
> https://github.com/intel-lab-lkp/linux/commit/b984dda112cdbda6b41045bf63f790a3c2903c7a
>         git remote add linux-review 
> https://github.com/intel-lab-lkp/linux
>         git fetch --no-tags linux-review gjoyce-linux-vnet-ibm-
> com/sed-opal-keyrings-discovery-revert-and-key-store/20220706-104204
>         git checkout b984dda112cdbda6b41045bf63f790a3c2903c7a
>         # save the config file
>         mkdir build_dir && cp config build_dir/.config
>         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross
> W=1 O=build_dir ARCH=arm SHELL=/bin/bash
> 
> If you fix the issue, kindly add following tag where applicable
> Reported-by: kernel test robot <lkp@intel.com>
> 
> All error/warnings (new ones prefixed by >>):
> 
> > > block/sed-opal.c:286:8: error: call to undeclared function
> > > 'key_alloc'; ISO C99 and later do not support implicit function
> > > declarations [-Wimplicit-function-declaration]
>            key = key_alloc(&key_type_user, desc, GLOBAL_ROOT_UID,
> GLOBAL_ROOT_GID,
>                  ^
> > > block/sed-opal.c:286:19: error: use of undeclared identifier
> > > 'key_type_user'
>            key = key_alloc(&key_type_user, desc, GLOBAL_ROOT_UID,
> GLOBAL_ROOT_GID,
>                             ^
> > > block/sed-opal.c:288:5: error: use of undeclared identifier
> > > 'KEY_USR_VIEW'
>                                    KEY_USR_VIEW | KEY_USR_SEARCH |
> KEY_USR_WRITE,
>                                    ^
> > > block/sed-opal.c:288:20: error: use of undeclared identifier
> > > 'KEY_USR_SEARCH'
>                                    KEY_USR_VIEW | KEY_USR_SEARCH |
> KEY_USR_WRITE,
>                                                   ^
> > > block/sed-opal.c:288:37: error: use of undeclared identifier
> > > 'KEY_USR_WRITE'
>                                    KEY_USR_VIEW | KEY_USR_SEARCH |
> KEY_USR_WRITE,
>                                                                    ^
> > > block/sed-opal.c:294:8: error: call to undeclared function
> > > 'key_instantiate_and_link'; ISO C99 and later do not support
> > > implicit function declarations [-Wimplicit-function-declaration]
>            ret = key_instantiate_and_link(key, key_data, keylen,
>                  ^
>    block/sed-opal.c:294:8: note: did you mean 'd_instantiate_anon'?
>    include/linux/dcache.h:223:24: note: 'd_instantiate_anon' declared
> here
>    extern struct dentry * d_instantiate_anon(struct dentry *, struct
> inode *);
>                           ^
>    block/sed-opal.c:307:2: error: unknown type name 'key_ref_t'; did
> you mean 'key_perm_t'?
>            key_ref_t kref;
>            ^~~~~~~~~
>            key_perm_t
>    include/linux/key.h:31:18: note: 'key_perm_t' declared here
>    typedef uint32_t key_perm_t;
>                     ^
> > > block/sed-opal.c:313:9: error: call to undeclared function
> > > 'keyring_search'; ISO C99 and later do not support implicit
> > > function declarations [-Wimplicit-function-declaration]
>            kref = keyring_search(make_key_ref(sed_opal_keyring,
> true),
>                   ^
>    block/sed-opal.c:314:4: error: use of undeclared identifier
> 'key_type_user'
>                    &key_type_user,
>                     ^
> > > block/sed-opal.c:318:13: warning: incompatible integer to pointer
> > > conversion passing 'key_perm_t' (aka 'unsigned int') to parameter
> > > of type 'const void *' [-Wint-conversion]
>            if (IS_ERR(kref)) {
>                       ^~~~
>    include/linux/err.h:34:60: note: passing argument to parameter
> 'ptr' here
>    static inline bool __must_check IS_ERR(__force const void *ptr)
>                                                               ^
>    block/sed-opal.c:319:17: warning: incompatible integer to pointer
> conversion passing 'key_perm_t' (aka 'unsigned int') to parameter of
> type 'const void *' [-Wint-conversion]
>                    ret = PTR_ERR(kref);
>                                  ^~~~
>    include/linux/err.h:29:61: note: passing argument to parameter
> 'ptr' here
>    static inline long __must_check PTR_ERR(__force const void *ptr)
>                                                                ^
> > > block/sed-opal.c:322:17: error: incomplete definition of type
> > > 'struct key'
>                    down_read(&key->sem);
>                               ~~~^
>    include/linux/key.h:33:8: note: forward declaration of 'struct
> key'
>    struct key;
>           ^
>    block/sed-opal.c:325:20: error: incomplete definition of type
> 'struct key'
>                            if (buflen > key->datalen)
>                                         ~~~^
>    include/linux/key.h:33:8: note: forward declaration of 'struct
> key'
>    struct key;
>           ^
>    block/sed-opal.c:326:17: error: incomplete definition of type
> 'struct key'
>                                    buflen = key->datalen;
>                                             ~~~^
>    include/linux/key.h:33:8: note: forward declaration of 'struct
> key'
>    struct key;
>           ^
>    block/sed-opal.c:328:13: error: incomplete definition of type
> 'struct key'
>                            ret = key->type->read(key, (char *)buffer,
> buflen);
>                                  ~~~^
>    include/linux/key.h:33:8: note: forward declaration of 'struct
> key'
>    struct key;
>           ^
>    block/sed-opal.c:330:15: error: incomplete definition of type
> 'struct key'
>                    up_read(&key->sem);
>                             ~~~^
>    include/linux/key.h:33:8: note: forward declaration of 'struct
> key'
>    struct key;
>           ^
> > > block/sed-opal.c:2938:7: error: call to undeclared function
> > > 'keyring_alloc'; ISO C99 and later do not support implicit
> > > function declarations [-Wimplicit-function-declaration]
>            kr = keyring_alloc(".sed_opal",
>                 ^
> > > block/sed-opal.c:2940:4: error: use of undeclared identifier
> > > 'KEY_POS_ALL'
>                    (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
>                     ^
> > > block/sed-opal.c:2940:19: error: use of undeclared identifier
> > > 'KEY_POS_SETATTR'
>                    (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
>                                    ^
>    block/sed-opal.c:2940:38: error: use of undeclared identifier
> 'KEY_USR_VIEW'
>                    (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
>                                                       ^
> > > block/sed-opal.c:2941:3: error: use of undeclared identifier
> > > 'KEY_USR_READ'
>                    KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE,
>                    ^
>    fatal error: too many errors emitted, stopping now [-ferror-
> limit=]
>    2 warnings and 20 errors generated.
> 
> 
> vim +/key_alloc +286 block/sed-opal.c
> 
> 455a7b238cd6bc6 Scott Bauer 2017-02-03  274  
> 8a2b115580e8f7c Greg Joyce  2022-07-05  275  /*
> 8a2b115580e8f7c Greg Joyce  2022-07-05  276   * Allocate/update a SED
> Opal key and add it to the SED Opal keyring.
> 8a2b115580e8f7c Greg Joyce  2022-07-05  277   */
> 8a2b115580e8f7c Greg Joyce  2022-07-05  278  static int
> update_sed_opal_key(const char *desc, u_char *key_data, int keylen)
> 8a2b115580e8f7c Greg Joyce  2022-07-05  279  {
> 8a2b115580e8f7c Greg Joyce  2022-07-05  280  	int ret;
> 8a2b115580e8f7c Greg Joyce  2022-07-05  281  	struct key *key;
> 8a2b115580e8f7c Greg Joyce  2022-07-05  282  
> 8a2b115580e8f7c Greg Joyce  2022-07-05  283  	if (!sed_opal_keyring)
> 8a2b115580e8f7c Greg Joyce  2022-07-05  284  		return -ENOKEY;
> 8a2b115580e8f7c Greg Joyce  2022-07-05  285  
> 8a2b115580e8f7c Greg Joyce  2022-07-05 @286  	key =
> key_alloc(&key_type_user, desc, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
> 8a2b115580e8f7c Greg Joyce  2022-07-05  287  				
> current_cred(),
> 8a2b115580e8f7c Greg Joyce  2022-07-05 @288  				
> KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
> 8a2b115580e8f7c Greg Joyce  2022-07-05  289  				
> 0,
> 8a2b115580e8f7c Greg Joyce  2022-07-05  290  				
> NULL);
> 8a2b115580e8f7c Greg Joyce  2022-07-05  291  	if (IS_ERR(key))
> 8a2b115580e8f7c Greg Joyce  2022-07-05  292  		return
> PTR_ERR(key);
> 8a2b115580e8f7c Greg Joyce  2022-07-05  293  
> 8a2b115580e8f7c Greg Joyce  2022-07-05 @294  	ret =
> key_instantiate_and_link(key, key_data, keylen,
> 8a2b115580e8f7c Greg Joyce  2022-07-05  295  			sed_opa
> l_keyring, NULL);
> 8a2b115580e8f7c Greg Joyce  2022-07-05  296  	key_put(key);
> 8a2b115580e8f7c Greg Joyce  2022-07-05  297  
> 8a2b115580e8f7c Greg Joyce  2022-07-05  298  	return ret;
> 8a2b115580e8f7c Greg Joyce  2022-07-05  299  }
> 8a2b115580e8f7c Greg Joyce  2022-07-05  300  
> 8a2b115580e8f7c Greg Joyce  2022-07-05  301  /*
> 8a2b115580e8f7c Greg Joyce  2022-07-05  302   * Read a SED Opal key
> from the SED Opal keyring.
> 8a2b115580e8f7c Greg Joyce  2022-07-05  303   */
> 8a2b115580e8f7c Greg Joyce  2022-07-05  304  static int
> read_sed_opal_key(const char *key_name, u_char *buffer, int buflen)
> 8a2b115580e8f7c Greg Joyce  2022-07-05  305  {
> 8a2b115580e8f7c Greg Joyce  2022-07-05  306  	int ret;
> 8a2b115580e8f7c Greg Joyce  2022-07-05  307  	key_ref_t kref;
> 8a2b115580e8f7c Greg Joyce  2022-07-05  308  	struct key *key;
> 8a2b115580e8f7c Greg Joyce  2022-07-05  309  
> 8a2b115580e8f7c Greg Joyce  2022-07-05  310  	if (!sed_opal_keyring)
> 8a2b115580e8f7c Greg Joyce  2022-07-05  311  		return -ENOKEY;
> 8a2b115580e8f7c Greg Joyce  2022-07-05  312  
> 8a2b115580e8f7c Greg Joyce  2022-07-05 @313  	kref =
> keyring_search(make_key_ref(sed_opal_keyring, true),
> 8a2b115580e8f7c Greg Joyce  2022-07-05  314  		&key_type_user,
> 8a2b115580e8f7c Greg Joyce  2022-07-05  315  		key_name,
> 8a2b115580e8f7c Greg Joyce  2022-07-05  316  		true);
> 8a2b115580e8f7c Greg Joyce  2022-07-05  317  
> 8a2b115580e8f7c Greg Joyce  2022-07-05 @318  	if (IS_ERR(kref)) {
> 8a2b115580e8f7c Greg Joyce  2022-07-05  319  		ret =
> PTR_ERR(kref);
> 8a2b115580e8f7c Greg Joyce  2022-07-05  320  	} else {
> 8a2b115580e8f7c Greg Joyce  2022-07-05  321  		key =
> key_ref_to_ptr(kref);
> 8a2b115580e8f7c Greg Joyce  2022-07-05 @322  		down_read(&key-
> > sem);
> 8a2b115580e8f7c Greg Joyce  2022-07-05  323  		ret =
> key_validate(key);
> 8a2b115580e8f7c Greg Joyce  2022-07-05  324  		if (ret == 0) {
> 8a2b115580e8f7c Greg Joyce  2022-07-05  325  			if
> (buflen > key->datalen)
> 8a2b115580e8f7c Greg Joyce  2022-07-05  326  				
> buflen = key->datalen;
> 8a2b115580e8f7c Greg Joyce  2022-07-05  327  
> 8a2b115580e8f7c Greg Joyce  2022-07-05  328  			ret =
> key->type->read(key, (char *)buffer, buflen);
> 8a2b115580e8f7c Greg Joyce  2022-07-05  329  		}
> 8a2b115580e8f7c Greg Joyce  2022-07-05  330  		up_read(&key-
> > sem);
> 8a2b115580e8f7c Greg Joyce  2022-07-05  331  
> 8a2b115580e8f7c Greg Joyce  2022-07-05  332  		key_ref_put(kre
> f);
> 8a2b115580e8f7c Greg Joyce  2022-07-05  333  	}
> 8a2b115580e8f7c Greg Joyce  2022-07-05  334  
> 8a2b115580e8f7c Greg Joyce  2022-07-05  335  	return ret;
> 8a2b115580e8f7c Greg Joyce  2022-07-05  336  }
> 8a2b115580e8f7c Greg Joyce  2022-07-05  337  
> 

Re: [PATCH 4/4] arch_vars: create arch specific permanent store

[Greg Joyce]

On Wed, 2022-07-20 at 00:50 -0700, Christoph Hellwig wrote:
> On Mon, Jul 18, 2022 at 04:01:56PM -0500, gjoyce@linux.vnet.ibm.com
> wrote:
> > From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> > 
> > Platforms that have a permanent key store may provide unique
> > platform dependent functions to read/write variables. The
> > default (weak) functions return -EOPNOTSUPP unless overridden
> > by architecture/platform versions.
> 
> This is still lacking any useful implementation.  It also seems to be
> used in patch 3 before it actually is used.
> 
> As the functionality seems optional I'd suggest to drop this patch
> for
> now and not call it from patch 3, and do a separate series later that
> adds the infrastructure, at leat one useful backend and the caller.

It's kind of a chicken and egg thing. I'd hoped to add the
infrastructure and follow it up with another pseries specific patchset
that provided platform specific implementations of those functions.

But I can break it up as you suggest. I'll include your other comments
as well as the keyring suggestion from Hannes.

Re: [PATCH 4/4] arch_vars: create arch specific permanent store

[Christoph Hellwig]

On Mon, Jul 18, 2022 at 04:01:56PM -0500, gjoyce@linux.vnet.ibm.com wrote:
> From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
> 
> Platforms that have a permanent key store may provide unique
> platform dependent functions to read/write variables. The
> default (weak) functions return -EOPNOTSUPP unless overridden
> by architecture/platform versions.

This is still lacking any useful implementation.  It also seems to be
used in patch 3 before it actually is used.

As the functionality seems optional I'd suggest to drop this patch for
now and not call it from patch 3, and do a separate series later that
adds the infrastructure, at leat one useful backend and the caller.

[PATCH 4/4] arch_vars: create arch specific permanent store

[gjoyce]

From: Greg Joyce <gjoyce@linux.vnet.ibm.com>

Platforms that have a permanent key store may provide unique
platform dependent functions to read/write variables. The
default (weak) functions return -EOPNOTSUPP unless overridden
by architecture/platform versions.

Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com>
---
 include/linux/arch_vars.h | 23 +++++++++++++++++++++++
 lib/Makefile              |  2 +-
 lib/arch_vars.c           | 25 +++++++++++++++++++++++++
 3 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 include/linux/arch_vars.h
 create mode 100644 lib/arch_vars.c

diff --git a/include/linux/arch_vars.h b/include/linux/arch_vars.h
new file mode 100644
index 000000000000..9c280ff9432e
--- /dev/null
+++ b/include/linux/arch_vars.h
@@ -0,0 +1,23 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Platform variable opearations.
+ *
+ * Copyright (C) 2022 IBM Corporation
+ *
+ * These are the accessor functions (read/write) for architecture specific
+ * variables. Specific architectures can provide overrides.
+ *
+ */
+
+#include <linux/kernel.h>
+
+enum arch_variable_type {
+	ARCH_VAR_OPAL_KEY      = 0,     /* SED Opal Authentication Key */
+	ARCH_VAR_OTHER         = 1,     /* Other type of variable */
+	ARCH_VAR_MAX           = 1,     /* Maximum type value */
+};
+
+int arch_read_variable(enum arch_variable_type type, char *varname,
+		       void *varbuf, u_int *varlen);
+int arch_write_variable(enum arch_variable_type type, char *varname,
+			void *varbuf, u_int varlen);
diff --git a/lib/Makefile b/lib/Makefile
index f99bf61f8bbc..b90c4cb0dbbb 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -48,7 +48,7 @@ obj-y += bcd.o sort.o parser.o debug_locks.o random32.o \
 	 bsearch.o find_bit.o llist.o memweight.o kfifo.o \
 	 percpu-refcount.o rhashtable.o \
 	 once.o refcount.o usercopy.o errseq.o bucket_locks.o \
-	 generic-radix-tree.o
+	 generic-radix-tree.o arch_vars.o
 obj-$(CONFIG_STRING_SELFTEST) += test_string.o
 obj-y += string_helpers.o
 obj-$(CONFIG_TEST_STRING_HELPERS) += test-string_helpers.o
diff --git a/lib/arch_vars.c b/lib/arch_vars.c
new file mode 100644
index 000000000000..e6f16d7d09c1
--- /dev/null
+++ b/lib/arch_vars.c
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Platform variable operations.
+ *
+ * Copyright (C) 2022 IBM Corporation
+ *
+ * These are the accessor functions (read/write) for architecture specific
+ * variables. Specific architectures can provide overrides.
+ *
+ */
+
+#include <linux/kernel.h>
+#include <linux/arch_vars.h>
+
+int __weak arch_read_variable(enum arch_variable_type type, char *varname,
+			      void *varbuf, u_int *varlen)
+{
+	return -EOPNOTSUPP;
+}
+
+int __weak arch_write_variable(enum arch_variable_type type, char *varname,
+			       void *varbuf, u_int varlen)
+{
+	return -EOPNOTSUPP;
+}
-- 
2.27.0