Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.1 2026-03-31T13:04:00+00:00 2026-03-31T13:04:00+00:00 Milan Broz gmazyland@gmail.com 2026-03-10T09:53:49+00:00 urn:sha1:499d2d2f4cf9f16634db47b06dee9676611b897f The TCG Opal device could enter a state where no new session can be created, blocking even Discovery or PSID reset. While a power cycle or waiting for the timeout should work, there is another possibility for recovery: using the Stack Reset command. The Stack Reset command is defined in the TCG Storage Architecture Core Specification and is mandatory for all Opal devices (see Section 3.3.6 of the Opal SSC specification). This patch implements the Stack Reset command. Sending it should clear all active sessions immediately, allowing subsequent commands to run successfully. While it is a TCG transport layer command, the Linux kernel implements only Opal ioctls, so it makes sense to use the IOC_OPAL ioctl interface. The Stack Reset takes no arguments; the response can be success or pending. If the command reports a pending state, userspace can try to repeat it; in this case, the code returns -EBUSY. Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Ondrej Kozina <okozina@redhat.com> Link: https://patch.msgid.link/20260310095349.411287-1-gmazyland@gmail.com Signed-off-by: Jens Axboe <axboe@kernel.dk> 2026-03-09T20:29:59+00:00 Ondrej Kozina okozina@redhat.com 2026-02-06T14:17:58+00:00 urn:sha1:aca086ff27c3f67e81617e4b063d1126544a4f19 This adds the 'Reactivate' method as described in the "TCG Storage Opal SSC Feature Set: Single User Mode" document (ch. 3.1.1.1). The method enables switching an already active SED OPAL2 device, with appropriate firmware support for Single User Mode (SUM), to or from SUM. Signed-off-by: Ondrej Kozina <okozina@redhat.com> Reviewed-and-tested-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Jens Axboe <axboe@kernel.dk> 2026-03-09T20:29:59+00:00 Ondrej Kozina okozina@redhat.com 2026-02-06T14:17:57+00:00 urn:sha1:c6c9dc91cb5fd30d2e11e7f2ae570e614b013ee1 As desribed in ch. 3.1.1.1.1.3 of TCG Storage Opal SSC Feature Set: Single User Mode document. To be used later in Reactivate method implementation. Signed-off-by: Ondrej Kozina <okozina@redhat.com> Reviewed-and-tested-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Jens Axboe <axboe@kernel.dk> 2026-03-09T20:29:59+00:00 Ondrej Kozina okozina@redhat.com 2026-02-06T14:17:56+00:00 urn:sha1:a184058fb4d3cfcce1a2b4e021451dcc2e88d9c6 As desribed in ch. 3.1.1.1.1.2 of TCG Storage Opal SSC Feature Set: Single User Mode document. To be used later in Reactivate method implementation and in function for retrieving SUM device status. Signed-off-by: Ondrej Kozina <okozina@redhat.com> Reviewed-and-tested-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Jens Axboe <axboe@kernel.dk> 2026-03-09T20:29:59+00:00 Ondrej Kozina okozina@redhat.com 2026-02-06T14:17:55+00:00 urn:sha1:b26f29b6692f362a343f7cce2e716a16a8fee488 As described in ch. 6.3, Table 240 in TCG Storage Architecture Core Specification document. It's also referenced in TCG Storage Opal SSC Feature Set: Single User Mode document, ch. 3.1.1.1 Reactivate method. It will be used later in Reactivate method implemetation for sed-opal interface. Signed-off-by: Ondrej Kozina <okozina@redhat.com> Reviewed-and-tested-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Jens Axboe <axboe@kernel.dk> 2024-02-16T22:52:45+00:00 Greg Joyce gjoyce@linux.ibm.com 2024-02-16T21:04:17+00:00 urn:sha1:5429c8de56f6b2bd8f537df3a1e04e67b9c04282 The SED Opal response parsing function response_parse() does not handle the case of an empty atom in the response. This causes the entry count to be too high and the response fails to be parsed. Recognizing, but ignoring, empty atoms allows response handling to succeed. Signed-off-by: Greg Joyce <gjoyce@linux.ibm.com> Link: https://lore.kernel.org/r/20240216210417.3526064-2-gjoyce@linux.ibm.com Signed-off-by: Jens Axboe <axboe@kernel.dk> 2023-08-22T17:10:26+00:00 Greg Joyce gjoyce@linux.vnet.ibm.com 2023-07-21T21:15:33+00:00 urn:sha1:5c82efc1aee8eb0919aa67a0d2559de5a326bd7c This is used in conjunction with IOC_OPAL_REVERT_TPR to return a drive to Original Factory State without erasing the data. If IOC_OPAL_REVERT_LSP is called with opal_revert_lsp.options bit OPAL_PRESERVE set prior to calling IOC_OPAL_REVERT_TPR, the drive global locking range will not be erased. Signed-off-by: Greg Joyce <gjoyce@linux.vnet.ibm.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Jonathan Derrick <jonathan.derrick@linux.dev> Acked-by: Jarkko Sakkinen <jarkko@kernel.org> Link: https://lore.kernel.org/r/20230721211534.3437070-3-gjoyce@linux.vnet.ibm.com Signed-off-by: Jens Axboe <axboe@kernel.dk> 2023-04-05T13:46:25+00:00 Ondrej Kozina okozina@redhat.com 2023-04-05T11:12:21+00:00 urn:sha1:8be19a02f1e373d406b3d9e0c17a90c786c51c1f Extend ACE set of locking range attributes accessible to user authority. This patch allows user authority to get following locking range attribues when user get added to locking range via IOC_OPAL_ADD_USR_TO_LR: locking range start locking range end read lock enabled write lock enabled read locked write locked lock on reset active key Note: Admin1 authority always remains in the ACE. Otherwise it breaks current userspace expecting Admin1 in the ACE (sedutils). See TCG OPAL2 s.4.3.1.7 "ACE_Locking_RangeNNNN_Get_RangeStartToActiveKey". Signed-off-by: Ondrej Kozina <okozina@redhat.com> Tested-by: Luca Boccassi <bluca@debian.org> Tested-by: Milan Broz <gmazyland@gmail.com> Acked-by: Christian Brauner <brauner@kernel.org> Reviewed-by: Christoph Hellwig <hch@lst.de> Link: https://lore.kernel.org/r/20230405111223.272816-4-okozina@redhat.com Signed-off-by: Jens Axboe <axboe@kernel.dk> 2023-04-05T13:46:25+00:00 Ondrej Kozina okozina@redhat.com 2023-04-05T11:12:20+00:00 urn:sha1:175b654402a11b01870e823f4eaa913b27ed8a63 Move ACE construction away from add_user_to_lr routine and refactor it to be used also in later code. Also adds boolean operators defines from TCG Core specification. Signed-off-by: Ondrej Kozina <okozina@redhat.com> Tested-by: Luca Boccassi <bluca@debian.org> Tested-by: Milan Broz <gmazyland@gmail.com> Link: https://lore.kernel.org/r/20230405111223.272816-3-okozina@redhat.com Signed-off-by: Jens Axboe <axboe@kernel.dk> 2022-08-22T13:52:51+00:00 dougmill@linux.vnet.ibm.com dougmill@linux.vnet.ibm.com 2022-08-16T14:07:13+00:00 urn:sha1:c6ea70604249bc357ce09e9f8e16c29df0fb2fa2 Provide a mechanism to retrieve basic status information about the device, including the "supported" flag indicating whether SED-OPAL is supported. The information returned is from the various feature descriptors received during the discovery0 step, and so this ioctl does nothing more than perform the discovery0 step and then save the information received. See "struct opal_status" and OPAL_FL_* bits for the status information currently returned. This is necessary to be able to check whether a device is OPAL enabled, set up, locked or unlocked from userspace programs like systemd-cryptsetup and libcryptsetup. Right now we just have to assume the user 'knows' or blindly attempt setup/lock/unlock operations. Signed-off-by: Douglas Miller <dougmill@linux.vnet.ibm.com> Tested-by: Luca Boccassi <bluca@debian.org> Reviewed-by: Scott Bauer <sbauer@plzdonthack.me> Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org> Link: https://lore.kernel.org/r/20220816140713.84893-1-luca.boccassi@gmail.com Signed-off-by: Jens Axboe <axboe@kernel.dk>