Google Git
Sign in
kernel / pub / scm / linux / kernel / git / mbroz / linux / refs/heads/dm-cryptsetup^1..refs/heads/dm-cryptsetup / .
commitba712b07255bf426886e1e052ca36791e081feaa[log] [tgz]
authorMilan Broz <gmazyland@gmail.com>Tue Aug 01 14:54:07 2023 +0200
committerMilan Broz <gmazyland@gmail.com>Wed Aug 30 22:07:14 2023 +0200
treeba207f312e6583c47dcedf2ae83808bd0b885f8f
parentcab53aa52c1df79b141bf4b6f1fda1afbef444c1 [diff]
WIP: OPAL disks - allow to pass through command on USB mass storage.

USB mass storage device usually do not support SECURITY IN/OUT
SCSI commands, but can support ATA12 pass-thru command
(that is used by sedutils).

This patch
 - enables SCSI security flag for USB mass storage device by default
   (NOTE: we will need a quirk to disable it as some devices are buggy)

 - USB mass storage also disables SCSI command enumeration, so test
   for SECURITY IN/OUT in SCSI layer must fail.

 - adds optional wrapper to SCSI layer for ATA12 command as an alternative
   to SECURITY IN/OUT. This wrapper is used when detection of SECURITY IN
   support fails.

With changes above the TCG OPAL support works over most USB adapters.

Note that it uncovers many other bugs that need to be debugged more.

Signed-off-by: Milan Broz <gmazyland@gmail.com>

diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index 3c668cf..6665232d 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c

@@ -678,6 +678,32 @@
 			       &exec_args);
 	return ret <= 0 ? ret : -EIO;
 }
+
+static int sd_ata12_submit(void *data, u16 spsp, u8 secp, void *buffer,
+		size_t len, bool send)
+{
+	struct scsi_disk *sdkp = data;
+	struct scsi_device *sdev = sdkp->device;
+	u8 cdb[12] = { 0, };
+	const struct scsi_exec_args exec_args = {
+		.req_flags = BLK_MQ_REQ_PM,
+	};
+	int ret;
+
+	cdb[0] = ATA_12;
+	cdb[1] = (send ? 5 /* ATA_PROTOCOL_PIO_DATA_IN */ : 4 /* ATA_PROTOCOL_PIO_DATA_OUT */) << 1;
+	cdb[2] = 2 /* t_length */ | (1 << 2) /* byt_blok */ | ((send ?  0 : 1) << 3) /* t_dir */;
+	cdb[3] = secp;
+	put_unaligned_le16(len / 512, &cdb[4]);
+	put_unaligned_le16(spsp, &cdb[6]);
+	cdb[9] = send ? 0x5e /* ATA_CMD_TRUSTED_SND */: 0x5c /* ATA_CMD_TRUSTED_RCV */;
+
+	ret = scsi_execute_cmd(sdev, cdb, send ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN,
+			       buffer, len, SD_TIMEOUT, sdkp->max_retries,
+			       &exec_args);
+	return ret <= 0 ? ret : -EIO;
+}
+
 #endif /* CONFIG_BLK_SED_OPAL */
 
 /*
@@ -3691,8 +3717,11 @@
 		goto out;
 	}
 
-	if (sdkp->security) {
-		sdkp->opal_dev = init_opal_dev(sdkp, &sd_sec_submit);
+	if (sdp->security_supported) {
+		if (sdkp->security)
+		    sdkp->opal_dev = init_opal_dev(sdkp, &sd_sec_submit);
+		else
+		    sdkp->opal_dev = init_opal_dev(sdkp, &sd_ata12_submit);
 		if (sdkp->opal_dev)
 			sd_printk(KERN_NOTICE, sdkp, "supports TCG Opal\n");
 	}

diff --git a/drivers/usb/storage/scsiglue.c b/drivers/usb/storage/scsiglue.c
index c54e980..ef93813 100644
--- a/drivers/usb/storage/scsiglue.c
+++ b/drivers/usb/storage/scsiglue.c

@@ -209,6 +209,10 @@
 		/* Do not attempt to use WRITE SAME */
 		sdev->no_write_same = 1;
 
+		/* Allow security commands (OPAL) passthrough */
+		if (!(us->fflags & US_FL_IGNORE_OPAL))
+			sdev->security_supported = 1;
+
 		/*
 		 * Some disks return the total number of blocks in response
 		 * to READ CAPACITY rather than the highest block number.

diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h
index 9ab0dbb..46bc9fb 100644
--- a/drivers/usb/storage/unusual_devs.h
+++ b/drivers/usb/storage/unusual_devs.h

@@ -1476,6 +1476,17 @@
 		USB_SC_DEVICE, USB_PR_DEVICE, NULL,
 		US_FL_NO_WP_DETECT ),
 
+/*
+ * Realtek 9210 family set global write-protection flag
+ * for any OPAL locking range making device unusable
+ * Reported-by: Milan Broz <gmazyland@gmail.com>
+ */
+UNUSUAL_DEV( 0x0bda, 0x9210, 0x0000, 0xffff,
+		"Realtek",
+		"",
+		USB_SC_DEVICE, USB_PR_DEVICE, NULL,
+		US_FL_IGNORE_OPAL),
+
 UNUSUAL_DEV(  0x0d49, 0x7310, 0x0000, 0x9999,
 		"Maxtor",
 		"USB to SATA",

diff --git a/drivers/usb/storage/usb.c b/drivers/usb/storage/usb.c
index dfbd49f..96cf04f 100644
--- a/drivers/usb/storage/usb.c
+++ b/drivers/usb/storage/usb.c

@@ -482,7 +482,7 @@
 			US_FL_INITIAL_READ10 | US_FL_WRITE_CACHE |
 			US_FL_NO_ATA_1X | US_FL_NO_REPORT_OPCODES |
 			US_FL_MAX_SECTORS_240 | US_FL_NO_REPORT_LUNS |
-			US_FL_ALWAYS_SYNC);
+			US_FL_ALWAYS_SYNC | US_FL_IGNORE_OPAL);
 
 	p = quirks;
 	while (*p) {
@@ -571,6 +571,9 @@
 		case 'y':
 			f |= US_FL_ALWAYS_SYNC;
 			break;
+		case 'z':
+			f |= US_FL_IGNORE_OPAL;
+			break;
 		/* Ignore unrecognized flag characters */
 		}
 	}

diff --git a/include/linux/usb_usual.h b/include/linux/usb_usual.h
index 712363c..0181c94 100644
--- a/include/linux/usb_usual.h
+++ b/include/linux/usb_usual.h

@@ -88,6 +88,8 @@
 		/* Cannot handle WRITE_SAME */			\
 	US_FLAG(SENSE_AFTER_SYNC, 0x80000000)			\
 		/* Do REQUEST_SENSE after SYNCHRONIZE_CACHE */	\
+	US_FLAG(IGNORE_OPAL, 0x100000000)			\
+		/* Security commands (OPAL) are broken */	\
 
 #define US_FLAG(name, value)	US_FL_##name = value ,
 enum { US_DO_ALL_FLAGS };