cxl/pmem: Introduce nvdimm_security_ops with ->get_flags() operation

cxl_mem-y := mem.o

cxl_pci-y := pci.o

cxl_acpi-y := acpi.o

cxl_pmem-y := pmem.o

cxl_pmem-y := pmem.o security.o

cxl_port-y := port.o

	CXL_CMD(GET_SCAN_MEDIA_CAPS, 0x10, 0x4, 0),

	CXL_CMD(SCAN_MEDIA, 0x11, 0, 0),

	CXL_CMD(GET_SCAN_MEDIA, 0, CXL_VARIABLE_PAYLOAD, 0),

	CXL_CMD(GET_SECURITY_STATE, 0, 0x4, 0),

};

/*

	CXL_MBOX_OP_GET_SCAN_MEDIA_CAPS	= 0x4303,

	CXL_MBOX_OP_SCAN_MEDIA		= 0x4304,

	CXL_MBOX_OP_GET_SCAN_MEDIA	= 0x4305,

	CXL_MBOX_OP_GET_SECURITY_STATE	= 0x4500,

	CXL_MBOX_OP_MAX			= 0x10000

};

#define CXL_CMD_FLAG_FORCE_ENABLE BIT(0)

};

#define CXL_PMEM_SEC_STATE_USER_PASS_SET	0x01

#define CXL_PMEM_SEC_STATE_MASTER_PASS_SET	0x02

#define CXL_PMEM_SEC_STATE_LOCKED		0x04

#define CXL_PMEM_SEC_STATE_FROZEN		0x08

#define CXL_PMEM_SEC_STATE_USER_PLIMIT		0x10

#define CXL_PMEM_SEC_STATE_MASTER_PLIMIT	0x20

int cxl_mbox_send_cmd(struct cxl_dev_state *cxlds, u16 opcode, void *in,

		      size_t in_size, void *out, size_t out_size);

int cxl_dev_state_identify(struct cxl_dev_state *cxlds);

#include "cxlmem.h"

#include "cxl.h"

extern const struct nvdimm_security_ops *cxl_security_ops;

/*

 * Ordered workqueue for cxl nvdimm device arrival and departure

 * to coordinate bus rescans when a bridge arrives and trigger remove

	set_bit(ND_CMD_GET_CONFIG_SIZE, &cmd_mask);

	set_bit(ND_CMD_GET_CONFIG_DATA, &cmd_mask);

	set_bit(ND_CMD_SET_CONFIG_DATA, &cmd_mask);

	nvdimm = nvdimm_create(cxl_nvb->nvdimm_bus, cxl_nvd, NULL, flags,

			       cmd_mask, 0, NULL);

	nvdimm = __nvdimm_create(cxl_nvb->nvdimm_bus, cxl_nvd, NULL, flags,

				 cmd_mask, 0, NULL, NULL, cxl_security_ops, NULL);

	if (!nvdimm) {

		rc = -ENOMEM;

		goto out;

// SPDX-License-Identifier: GPL-2.0-only

/* Copyright(c) 2022 Intel Corporation. All rights reserved. */

#include <linux/libnvdimm.h>

#include <asm/unaligned.h>

#include <linux/module.h>

#include <linux/async.h>

#include <linux/slab.h>

#include "cxlmem.h"

#include "cxl.h"

static unsigned long cxl_pmem_get_security_flags(struct nvdimm *nvdimm,

						 enum nvdimm_passphrase_type ptype)

{

	struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);

	struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;

	struct cxl_dev_state *cxlds = cxlmd->cxlds;

	unsigned long security_flags = 0;

	u32 sec_out;

	int rc;

	rc = cxl_mbox_send_cmd(cxlds, CXL_MBOX_OP_GET_SECURITY_STATE, NULL, 0,

			       &sec_out, sizeof(sec_out));

	if (rc < 0)

		return 0;

	if (ptype == NVDIMM_MASTER) {

		if (sec_out & CXL_PMEM_SEC_STATE_MASTER_PASS_SET)

			set_bit(NVDIMM_SECURITY_UNLOCKED, &security_flags);

		else

			set_bit(NVDIMM_SECURITY_DISABLED, &security_flags);

		if (sec_out & CXL_PMEM_SEC_STATE_MASTER_PLIMIT)

			set_bit(NVDIMM_SECURITY_FROZEN, &security_flags);

		return security_flags;

	}

	if (sec_out & CXL_PMEM_SEC_STATE_USER_PASS_SET) {

		if (sec_out & CXL_PMEM_SEC_STATE_FROZEN ||

		    sec_out & CXL_PMEM_SEC_STATE_USER_PLIMIT)

			set_bit(NVDIMM_SECURITY_FROZEN, &security_flags);

		if (sec_out & CXL_PMEM_SEC_STATE_LOCKED)

			set_bit(NVDIMM_SECURITY_LOCKED, &security_flags);

		else

			set_bit(NVDIMM_SECURITY_UNLOCKED, &security_flags);

	} else {

		set_bit(NVDIMM_SECURITY_DISABLED, &security_flags);

	}

	return security_flags;

}

static const struct nvdimm_security_ops __cxl_security_ops = {

	.get_flags = cxl_pmem_get_security_flags,

};

const struct nvdimm_security_ops *cxl_security_ops = &__cxl_security_ops;