block: sed-opal: add ioctl IOC_OPAL_SET_SID_PW

After a SED drive is provisioned, there is no way to change the SID
password via the ioctl() interface. A new ioctl IOC_OPAL_SET_SID_PW
will allow the password to be changed. The valid current password is
required.

Signed-off-by: Greg Joyce <gjoyce@linux.ibm.com>
Reviewed-by: Daniel Wagner <dwagner@suse.de>
Link: https://lore.kernel.org/r/20240829175639.6478-2-gjoyce@linux.ibm.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/block/sed-opal.c b/block/sed-opal.c
index 598fd3e7fcc8e2a1d0a752e1265f1e4c2a09eae5..5a28f23f7f22c8966684dcc43fb07a45c0d9d134 100644 (file)
--- a/block/sed-opal.c
+++ b/block/sed-opal.c
@@ -3037,6 +3037,29 @@ static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
        return ret;
 }
 
+static int opal_set_new_sid_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
+{
+       int ret;
+       struct opal_key *newkey = &opal_pw->new_user_pw.opal_key;
+       struct opal_key *oldkey = &opal_pw->session.opal_key;
+
+       const struct opal_step pw_steps[] = {
+               { start_SIDASP_opal_session, oldkey },
+               { set_sid_cpin_pin, newkey },
+               { end_opal_session, }
+       };
+
+       if (!dev)
+               return -ENODEV;
+
+       mutex_lock(&dev->dev_lock);
+       setup_opal_dev(dev);
+       ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
+       mutex_unlock(&dev->dev_lock);
+
+       return ret;
+}
+
 static int opal_activate_user(struct opal_dev *dev,
                              struct opal_session_info *opal_session)
 {
@@ -3286,6 +3309,9 @@ int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
        case IOC_OPAL_DISCOVERY:
                ret = opal_get_discv(dev, p);
                break;
+       case IOC_OPAL_SET_SID_PW:
+               ret = opal_set_new_sid_pw(dev, p);
+               break;
 
        default:
                break;

diff --git a/include/linux/sed-opal.h b/include/linux/sed-opal.h
index 2ac50822554e8fd85663fced2b03c26fcc3aa4cd..80f33a93f94437f32964a7979597ad1193d464f5 100644 (file)
--- a/include/linux/sed-opal.h
+++ b/include/linux/sed-opal.h
@@ -52,6 +52,7 @@ static inline bool is_sed_ioctl(unsigned int cmd)
        case IOC_OPAL_GET_GEOMETRY:
        case IOC_OPAL_DISCOVERY:
        case IOC_OPAL_REVERT_LSP:
+       case IOC_OPAL_SET_SID_PW:
                return true;
        }
        return false;

diff --git a/include/uapi/linux/sed-opal.h b/include/uapi/linux/sed-opal.h
index d3994b7716bc68399ac768165baecf24fdd748bf..9025dd5a4f0ff97cb3b2127e79a63ca2a277e9c3 100644 (file)
--- a/include/uapi/linux/sed-opal.h
+++ b/include/uapi/linux/sed-opal.h
@@ -215,5 +215,6 @@ struct opal_revert_lsp {
 #define IOC_OPAL_GET_GEOMETRY       _IOR('p', 238, struct opal_geometry)
 #define IOC_OPAL_DISCOVERY          _IOW('p', 239, struct opal_discovery)
 #define IOC_OPAL_REVERT_LSP         _IOW('p', 240, struct opal_revert_lsp)
+#define IOC_OPAL_SET_SID_PW         _IOW('p', 241, struct opal_new_pw)
 
 #endif /* _UAPI_SED_OPAL_H */