Back to home page

OSCL-LXR
 
 

     

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * Changes:
0004  * Arnaldo Carvalho de Melo <acme@conectiva.com.br> 08/23/2000
0005  * - get rid of some verify_areas and use __copy*user and __get/put_user
0006  *   for the ones that remain
0007  */
0008 #include <linux/module.h>
0009 #include <linux/blkdev.h>
0010 #include <linux/interrupt.h>
0011 #include <linux/errno.h>
0012 #include <linux/kernel.h>
0013 #include <linux/sched.h>
0014 #include <linux/mm.h>
0015 #include <linux/string.h>
0016 #include <linux/uaccess.h>
0017 #include <linux/cdrom.h>
0018 
0019 #include <scsi/scsi.h>
0020 #include <scsi/scsi_cmnd.h>
0021 #include <scsi/scsi_device.h>
0022 #include <scsi/scsi_eh.h>
0023 #include <scsi/scsi_host.h>
0024 #include <scsi/scsi_ioctl.h>
0025 #include <scsi/sg.h>
0026 #include <scsi/scsi_dbg.h>
0027 
0028 #include "scsi_logging.h"
0029 
0030 #define NORMAL_RETRIES          5
0031 #define IOCTL_NORMAL_TIMEOUT            (10 * HZ)
0032 
0033 #define MAX_BUF PAGE_SIZE
0034 
0035 /**
0036  * ioctl_probe  --  return host identification
0037  * @host:   host to identify
0038  * @buffer: userspace buffer for identification
0039  *
0040  * Return an identifying string at @buffer, if @buffer is non-NULL, filling
0041  * to the length stored at * (int *) @buffer.
0042  */
0043 static int ioctl_probe(struct Scsi_Host *host, void __user *buffer)
0044 {
0045     unsigned int len, slen;
0046     const char *string;
0047 
0048     if (buffer) {
0049         if (get_user(len, (unsigned int __user *) buffer))
0050             return -EFAULT;
0051 
0052         if (host->hostt->info)
0053             string = host->hostt->info(host);
0054         else
0055             string = host->hostt->name;
0056         if (string) {
0057             slen = strlen(string);
0058             if (len > slen)
0059                 len = slen + 1;
0060             if (copy_to_user(buffer, string, len))
0061                 return -EFAULT;
0062         }
0063     }
0064     return 1;
0065 }
0066 
0067 static int ioctl_internal_command(struct scsi_device *sdev, char *cmd,
0068                   int timeout, int retries)
0069 {
0070     int result;
0071     struct scsi_sense_hdr sshdr;
0072 
0073     SCSI_LOG_IOCTL(1, sdev_printk(KERN_INFO, sdev,
0074                       "Trying ioctl with scsi command %d\n", *cmd));
0075 
0076     result = scsi_execute_req(sdev, cmd, DMA_NONE, NULL, 0,
0077                   &sshdr, timeout, retries, NULL);
0078 
0079     SCSI_LOG_IOCTL(2, sdev_printk(KERN_INFO, sdev,
0080                       "Ioctl returned  0x%x\n", result));
0081 
0082     if (result < 0)
0083         goto out;
0084     if (scsi_sense_valid(&sshdr)) {
0085         switch (sshdr.sense_key) {
0086         case ILLEGAL_REQUEST:
0087             if (cmd[0] == ALLOW_MEDIUM_REMOVAL)
0088                 sdev->lockable = 0;
0089             else
0090                 sdev_printk(KERN_INFO, sdev,
0091                         "ioctl_internal_command: "
0092                         "ILLEGAL REQUEST "
0093                         "asc=0x%x ascq=0x%x\n",
0094                         sshdr.asc, sshdr.ascq);
0095             break;
0096         case NOT_READY: /* This happens if there is no disc in drive */
0097             if (sdev->removable)
0098                 break;
0099             fallthrough;
0100         case UNIT_ATTENTION:
0101             if (sdev->removable) {
0102                 sdev->changed = 1;
0103                 result = 0; /* This is no longer considered an error */
0104                 break;
0105             }
0106             fallthrough;    /* for non-removable media */
0107         default:
0108             sdev_printk(KERN_INFO, sdev,
0109                     "ioctl_internal_command return code = %x\n",
0110                     result);
0111             scsi_print_sense_hdr(sdev, NULL, &sshdr);
0112             break;
0113         }
0114     }
0115 out:
0116     SCSI_LOG_IOCTL(2, sdev_printk(KERN_INFO, sdev,
0117                       "IOCTL Releasing command\n"));
0118     return result;
0119 }
0120 
0121 int scsi_set_medium_removal(struct scsi_device *sdev, char state)
0122 {
0123     char scsi_cmd[MAX_COMMAND_SIZE];
0124     int ret;
0125 
0126     if (!sdev->removable || !sdev->lockable)
0127            return 0;
0128 
0129     scsi_cmd[0] = ALLOW_MEDIUM_REMOVAL;
0130     scsi_cmd[1] = 0;
0131     scsi_cmd[2] = 0;
0132     scsi_cmd[3] = 0;
0133     scsi_cmd[4] = state;
0134     scsi_cmd[5] = 0;
0135 
0136     ret = ioctl_internal_command(sdev, scsi_cmd,
0137             IOCTL_NORMAL_TIMEOUT, NORMAL_RETRIES);
0138     if (ret == 0)
0139         sdev->locked = (state == SCSI_REMOVAL_PREVENT);
0140     return ret;
0141 }
0142 EXPORT_SYMBOL(scsi_set_medium_removal);
0143 
0144 /*
0145  * The scsi_ioctl_get_pci() function places into arg the value
0146  * pci_dev::slot_name (8 characters) for the PCI device (if any).
0147  * Returns: 0 on success
0148  *          -ENXIO if there isn't a PCI device pointer
0149  *                 (could be because the SCSI driver hasn't been
0150  *                  updated yet, or because it isn't a SCSI
0151  *                  device)
0152  *          any copy_to_user() error on failure there
0153  */
0154 static int scsi_ioctl_get_pci(struct scsi_device *sdev, void __user *arg)
0155 {
0156     struct device *dev = scsi_get_device(sdev->host);
0157     const char *name;
0158 
0159         if (!dev)
0160         return -ENXIO;
0161 
0162     name = dev_name(dev);
0163 
0164     /* compatibility with old ioctl which only returned
0165      * 20 characters */
0166         return copy_to_user(arg, name, min(strlen(name), (size_t)20))
0167         ? -EFAULT: 0;
0168 }
0169 
0170 static int sg_get_version(int __user *p)
0171 {
0172     static const int sg_version_num = 30527;
0173     return put_user(sg_version_num, p);
0174 }
0175 
0176 static int sg_set_timeout(struct scsi_device *sdev, int __user *p)
0177 {
0178     int timeout, err = get_user(timeout, p);
0179 
0180     if (!err)
0181         sdev->sg_timeout = clock_t_to_jiffies(timeout);
0182 
0183     return err;
0184 }
0185 
0186 static int sg_get_reserved_size(struct scsi_device *sdev, int __user *p)
0187 {
0188     int val = min(sdev->sg_reserved_size,
0189               queue_max_bytes(sdev->request_queue));
0190 
0191     return put_user(val, p);
0192 }
0193 
0194 static int sg_set_reserved_size(struct scsi_device *sdev, int __user *p)
0195 {
0196     int size, err = get_user(size, p);
0197 
0198     if (err)
0199         return err;
0200 
0201     if (size < 0)
0202         return -EINVAL;
0203 
0204     sdev->sg_reserved_size = min_t(unsigned int, size,
0205                        queue_max_bytes(sdev->request_queue));
0206     return 0;
0207 }
0208 
0209 /*
0210  * will always return that we are ATAPI even for a real SCSI drive, I'm not
0211  * so sure this is worth doing anything about (why would you care??)
0212  */
0213 static int sg_emulated_host(struct request_queue *q, int __user *p)
0214 {
0215     return put_user(1, p);
0216 }
0217 
0218 static int scsi_get_idlun(struct scsi_device *sdev, void __user *argp)
0219 {
0220     struct scsi_idlun v = {
0221         .dev_id = (sdev->id & 0xff) +
0222             ((sdev->lun & 0xff) << 8) +
0223             ((sdev->channel & 0xff) << 16) +
0224             ((sdev->host->host_no & 0xff) << 24),
0225         .host_unique_id = sdev->host->unique_id
0226     };
0227     if (copy_to_user(argp, &v, sizeof(struct scsi_idlun)))
0228         return -EFAULT;
0229     return 0;
0230 }
0231 
0232 static int scsi_send_start_stop(struct scsi_device *sdev, int data)
0233 {
0234     u8 cdb[MAX_COMMAND_SIZE] = { };
0235 
0236     cdb[0] = START_STOP;
0237     cdb[4] = data;
0238     return ioctl_internal_command(sdev, cdb, START_STOP_TIMEOUT,
0239                       NORMAL_RETRIES);
0240 }
0241 
0242 /*
0243  * Check if the given command is allowed.
0244  *
0245  * Only a subset of commands are allowed for unprivileged users. Commands used
0246  * to format the media, update the firmware, etc. are not permitted.
0247  */
0248 bool scsi_cmd_allowed(unsigned char *cmd, fmode_t mode)
0249 {
0250     /* root can do any command. */
0251     if (capable(CAP_SYS_RAWIO))
0252         return true;
0253 
0254     /* Anybody who can open the device can do a read-safe command */
0255     switch (cmd[0]) {
0256     /* Basic read-only commands */
0257     case TEST_UNIT_READY:
0258     case REQUEST_SENSE:
0259     case READ_6:
0260     case READ_10:
0261     case READ_12:
0262     case READ_16:
0263     case READ_BUFFER:
0264     case READ_DEFECT_DATA:
0265     case READ_CAPACITY: /* also GPCMD_READ_CDVD_CAPACITY */
0266     case READ_LONG:
0267     case INQUIRY:
0268     case MODE_SENSE:
0269     case MODE_SENSE_10:
0270     case LOG_SENSE:
0271     case START_STOP:
0272     case GPCMD_VERIFY_10:
0273     case VERIFY_16:
0274     case REPORT_LUNS:
0275     case SERVICE_ACTION_IN_16:
0276     case RECEIVE_DIAGNOSTIC:
0277     case MAINTENANCE_IN: /* also GPCMD_SEND_KEY, which is a write command */
0278     case GPCMD_READ_BUFFER_CAPACITY:
0279     /* Audio CD commands */
0280     case GPCMD_PLAY_CD:
0281     case GPCMD_PLAY_AUDIO_10:
0282     case GPCMD_PLAY_AUDIO_MSF:
0283     case GPCMD_PLAY_AUDIO_TI:
0284     case GPCMD_PAUSE_RESUME:
0285     /* CD/DVD data reading */
0286     case GPCMD_READ_CD:
0287     case GPCMD_READ_CD_MSF:
0288     case GPCMD_READ_DISC_INFO:
0289     case GPCMD_READ_DVD_STRUCTURE:
0290     case GPCMD_READ_HEADER:
0291     case GPCMD_READ_TRACK_RZONE_INFO:
0292     case GPCMD_READ_SUBCHANNEL:
0293     case GPCMD_READ_TOC_PMA_ATIP:
0294     case GPCMD_REPORT_KEY:
0295     case GPCMD_SCAN:
0296     case GPCMD_GET_CONFIGURATION:
0297     case GPCMD_READ_FORMAT_CAPACITIES:
0298     case GPCMD_GET_EVENT_STATUS_NOTIFICATION:
0299     case GPCMD_GET_PERFORMANCE:
0300     case GPCMD_SEEK:
0301     case GPCMD_STOP_PLAY_SCAN:
0302     /* ZBC */
0303     case ZBC_IN:
0304         return true;
0305     /* Basic writing commands */
0306     case WRITE_6:
0307     case WRITE_10:
0308     case WRITE_VERIFY:
0309     case WRITE_12:
0310     case WRITE_VERIFY_12:
0311     case WRITE_16:
0312     case WRITE_LONG:
0313     case WRITE_LONG_2:
0314     case WRITE_SAME:
0315     case WRITE_SAME_16:
0316     case WRITE_SAME_32:
0317     case ERASE:
0318     case GPCMD_MODE_SELECT_10:
0319     case MODE_SELECT:
0320     case LOG_SELECT:
0321     case GPCMD_BLANK:
0322     case GPCMD_CLOSE_TRACK:
0323     case GPCMD_FLUSH_CACHE:
0324     case GPCMD_FORMAT_UNIT:
0325     case GPCMD_REPAIR_RZONE_TRACK:
0326     case GPCMD_RESERVE_RZONE_TRACK:
0327     case GPCMD_SEND_DVD_STRUCTURE:
0328     case GPCMD_SEND_EVENT:
0329     case GPCMD_SEND_OPC:
0330     case GPCMD_SEND_CUE_SHEET:
0331     case GPCMD_SET_SPEED:
0332     case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
0333     case GPCMD_LOAD_UNLOAD:
0334     case GPCMD_SET_STREAMING:
0335     case GPCMD_SET_READ_AHEAD:
0336     /* ZBC */
0337     case ZBC_OUT:
0338         return (mode & FMODE_WRITE);
0339     default:
0340         return false;
0341     }
0342 }
0343 EXPORT_SYMBOL(scsi_cmd_allowed);
0344 
0345 static int scsi_fill_sghdr_rq(struct scsi_device *sdev, struct request *rq,
0346         struct sg_io_hdr *hdr, fmode_t mode)
0347 {
0348     struct scsi_cmnd *scmd = blk_mq_rq_to_pdu(rq);
0349 
0350     if (hdr->cmd_len < 6)
0351         return -EMSGSIZE;
0352     if (copy_from_user(scmd->cmnd, hdr->cmdp, hdr->cmd_len))
0353         return -EFAULT;
0354     if (!scsi_cmd_allowed(scmd->cmnd, mode))
0355         return -EPERM;
0356     scmd->cmd_len = hdr->cmd_len;
0357 
0358     rq->timeout = msecs_to_jiffies(hdr->timeout);
0359     if (!rq->timeout)
0360         rq->timeout = sdev->sg_timeout;
0361     if (!rq->timeout)
0362         rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
0363     if (rq->timeout < BLK_MIN_SG_TIMEOUT)
0364         rq->timeout = BLK_MIN_SG_TIMEOUT;
0365 
0366     return 0;
0367 }
0368 
0369 static int scsi_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr,
0370         struct bio *bio)
0371 {
0372     struct scsi_cmnd *scmd = blk_mq_rq_to_pdu(rq);
0373     int r, ret = 0;
0374 
0375     /*
0376      * fill in all the output members
0377      */
0378     hdr->status = scmd->result & 0xff;
0379     hdr->masked_status = status_byte(scmd->result);
0380     hdr->msg_status = COMMAND_COMPLETE;
0381     hdr->host_status = host_byte(scmd->result);
0382     hdr->driver_status = 0;
0383     if (scsi_status_is_check_condition(hdr->status))
0384         hdr->driver_status = DRIVER_SENSE;
0385     hdr->info = 0;
0386     if (hdr->masked_status || hdr->host_status || hdr->driver_status)
0387         hdr->info |= SG_INFO_CHECK;
0388     hdr->resid = scmd->resid_len;
0389     hdr->sb_len_wr = 0;
0390 
0391     if (scmd->sense_len && hdr->sbp) {
0392         int len = min((unsigned int) hdr->mx_sb_len, scmd->sense_len);
0393 
0394         if (!copy_to_user(hdr->sbp, scmd->sense_buffer, len))
0395             hdr->sb_len_wr = len;
0396         else
0397             ret = -EFAULT;
0398     }
0399 
0400     r = blk_rq_unmap_user(bio);
0401     if (!ret)
0402         ret = r;
0403 
0404     return ret;
0405 }
0406 
0407 static int sg_io(struct scsi_device *sdev, struct sg_io_hdr *hdr, fmode_t mode)
0408 {
0409     unsigned long start_time;
0410     ssize_t ret = 0;
0411     int writing = 0;
0412     int at_head = 0;
0413     struct request *rq;
0414     struct scsi_cmnd *scmd;
0415     struct bio *bio;
0416 
0417     if (hdr->interface_id != 'S')
0418         return -EINVAL;
0419 
0420     if (hdr->dxfer_len > (queue_max_hw_sectors(sdev->request_queue) << 9))
0421         return -EIO;
0422 
0423     if (hdr->dxfer_len)
0424         switch (hdr->dxfer_direction) {
0425         default:
0426             return -EINVAL;
0427         case SG_DXFER_TO_DEV:
0428             writing = 1;
0429             break;
0430         case SG_DXFER_TO_FROM_DEV:
0431         case SG_DXFER_FROM_DEV:
0432             break;
0433         }
0434     if (hdr->flags & SG_FLAG_Q_AT_HEAD)
0435         at_head = 1;
0436 
0437     rq = scsi_alloc_request(sdev->request_queue, writing ?
0438                  REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);
0439     if (IS_ERR(rq))
0440         return PTR_ERR(rq);
0441     scmd = blk_mq_rq_to_pdu(rq);
0442 
0443     if (hdr->cmd_len > sizeof(scmd->cmnd)) {
0444         ret = -EINVAL;
0445         goto out_put_request;
0446     }
0447 
0448     ret = scsi_fill_sghdr_rq(sdev, rq, hdr, mode);
0449     if (ret < 0)
0450         goto out_put_request;
0451 
0452     ret = 0;
0453     if (hdr->iovec_count && hdr->dxfer_len) {
0454         struct iov_iter i;
0455         struct iovec *iov = NULL;
0456 
0457         ret = import_iovec(rq_data_dir(rq), hdr->dxferp,
0458                    hdr->iovec_count, 0, &iov, &i);
0459         if (ret < 0)
0460             goto out_put_request;
0461 
0462         /* SG_IO howto says that the shorter of the two wins */
0463         iov_iter_truncate(&i, hdr->dxfer_len);
0464 
0465         ret = blk_rq_map_user_iov(rq->q, rq, NULL, &i, GFP_KERNEL);
0466         kfree(iov);
0467     } else if (hdr->dxfer_len)
0468         ret = blk_rq_map_user(rq->q, rq, NULL, hdr->dxferp,
0469                       hdr->dxfer_len, GFP_KERNEL);
0470 
0471     if (ret)
0472         goto out_put_request;
0473 
0474     bio = rq->bio;
0475     scmd->allowed = 0;
0476 
0477     start_time = jiffies;
0478 
0479     blk_execute_rq(rq, at_head);
0480 
0481     hdr->duration = jiffies_to_msecs(jiffies - start_time);
0482 
0483     ret = scsi_complete_sghdr_rq(rq, hdr, bio);
0484 
0485 out_put_request:
0486     blk_mq_free_request(rq);
0487     return ret;
0488 }
0489 
0490 /**
0491  * sg_scsi_ioctl  --  handle deprecated SCSI_IOCTL_SEND_COMMAND ioctl
0492  * @q:      request queue to send scsi commands down
0493  * @mode:   mode used to open the file through which the ioctl has been
0494  *      submitted
0495  * @sic:    userspace structure describing the command to perform
0496  *
0497  * Send down the scsi command described by @sic to the device below
0498  * the request queue @q.
0499  *
0500  * Notes:
0501  *   -  This interface is deprecated - users should use the SG_IO
0502  *      interface instead, as this is a more flexible approach to
0503  *      performing SCSI commands on a device.
0504  *   -  The SCSI command length is determined by examining the 1st byte
0505  *      of the given command. There is no way to override this.
0506  *   -  Data transfers are limited to PAGE_SIZE
0507  *   -  The length (x + y) must be at least OMAX_SB_LEN bytes long to
0508  *      accommodate the sense buffer when an error occurs.
0509  *      The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that
0510  *      old code will not be surprised.
0511  *   -  If a Unix error occurs (e.g. ENOMEM) then the user will receive
0512  *      a negative return and the Unix error code in 'errno'.
0513  *      If the SCSI command succeeds then 0 is returned.
0514  *      Positive numbers returned are the compacted SCSI error codes (4
0515  *      bytes in one int) where the lowest byte is the SCSI status.
0516  */
0517 static int sg_scsi_ioctl(struct request_queue *q, fmode_t mode,
0518         struct scsi_ioctl_command __user *sic)
0519 {
0520     struct request *rq;
0521     int err;
0522     unsigned int in_len, out_len, bytes, opcode, cmdlen;
0523     struct scsi_cmnd *scmd;
0524     char *buffer = NULL;
0525 
0526     if (!sic)
0527         return -EINVAL;
0528 
0529     /*
0530      * get in an out lengths, verify they don't exceed a page worth of data
0531      */
0532     if (get_user(in_len, &sic->inlen))
0533         return -EFAULT;
0534     if (get_user(out_len, &sic->outlen))
0535         return -EFAULT;
0536     if (in_len > PAGE_SIZE || out_len > PAGE_SIZE)
0537         return -EINVAL;
0538     if (get_user(opcode, sic->data))
0539         return -EFAULT;
0540 
0541     bytes = max(in_len, out_len);
0542     if (bytes) {
0543         buffer = kzalloc(bytes, GFP_NOIO | GFP_USER | __GFP_NOWARN);
0544         if (!buffer)
0545             return -ENOMEM;
0546 
0547     }
0548 
0549     rq = scsi_alloc_request(q, in_len ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);
0550     if (IS_ERR(rq)) {
0551         err = PTR_ERR(rq);
0552         goto error_free_buffer;
0553     }
0554     scmd = blk_mq_rq_to_pdu(rq);
0555 
0556     cmdlen = COMMAND_SIZE(opcode);
0557 
0558     /*
0559      * get command and data to send to device, if any
0560      */
0561     err = -EFAULT;
0562     scmd->cmd_len = cmdlen;
0563     if (copy_from_user(scmd->cmnd, sic->data, cmdlen))
0564         goto error;
0565 
0566     if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
0567         goto error;
0568 
0569     err = -EPERM;
0570     if (!scsi_cmd_allowed(scmd->cmnd, mode))
0571         goto error;
0572 
0573     /* default.  possible overridden later */
0574     scmd->allowed = 5;
0575 
0576     switch (opcode) {
0577     case SEND_DIAGNOSTIC:
0578     case FORMAT_UNIT:
0579         rq->timeout = FORMAT_UNIT_TIMEOUT;
0580         scmd->allowed = 1;
0581         break;
0582     case START_STOP:
0583         rq->timeout = START_STOP_TIMEOUT;
0584         break;
0585     case MOVE_MEDIUM:
0586         rq->timeout = MOVE_MEDIUM_TIMEOUT;
0587         break;
0588     case READ_ELEMENT_STATUS:
0589         rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;
0590         break;
0591     case READ_DEFECT_DATA:
0592         rq->timeout = READ_DEFECT_DATA_TIMEOUT;
0593         scmd->allowed = 1;
0594         break;
0595     default:
0596         rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
0597         break;
0598     }
0599 
0600     if (bytes) {
0601         err = blk_rq_map_kern(q, rq, buffer, bytes, GFP_NOIO);
0602         if (err)
0603             goto error;
0604     }
0605 
0606     blk_execute_rq(rq, false);
0607 
0608     err = scmd->result & 0xff;  /* only 8 bit SCSI status */
0609     if (err) {
0610         if (scmd->sense_len && scmd->sense_buffer) {
0611             /* limit sense len for backward compatibility */
0612             if (copy_to_user(sic->data, scmd->sense_buffer,
0613                      min(scmd->sense_len, 16U)))
0614                 err = -EFAULT;
0615         }
0616     } else {
0617         if (copy_to_user(sic->data, buffer, out_len))
0618             err = -EFAULT;
0619     }
0620 
0621 error:
0622     blk_mq_free_request(rq);
0623 
0624 error_free_buffer:
0625     kfree(buffer);
0626 
0627     return err;
0628 }
0629 
0630 int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp)
0631 {
0632 #ifdef CONFIG_COMPAT
0633     if (in_compat_syscall()) {
0634         struct compat_sg_io_hdr hdr32 =  {
0635             .interface_id    = hdr->interface_id,
0636             .dxfer_direction = hdr->dxfer_direction,
0637             .cmd_len     = hdr->cmd_len,
0638             .mx_sb_len   = hdr->mx_sb_len,
0639             .iovec_count     = hdr->iovec_count,
0640             .dxfer_len   = hdr->dxfer_len,
0641             .dxferp      = (uintptr_t)hdr->dxferp,
0642             .cmdp        = (uintptr_t)hdr->cmdp,
0643             .sbp         = (uintptr_t)hdr->sbp,
0644             .timeout     = hdr->timeout,
0645             .flags       = hdr->flags,
0646             .pack_id     = hdr->pack_id,
0647             .usr_ptr     = (uintptr_t)hdr->usr_ptr,
0648             .status      = hdr->status,
0649             .masked_status   = hdr->masked_status,
0650             .msg_status  = hdr->msg_status,
0651             .sb_len_wr   = hdr->sb_len_wr,
0652             .host_status     = hdr->host_status,
0653             .driver_status   = hdr->driver_status,
0654             .resid       = hdr->resid,
0655             .duration    = hdr->duration,
0656             .info        = hdr->info,
0657         };
0658 
0659         if (copy_to_user(argp, &hdr32, sizeof(hdr32)))
0660             return -EFAULT;
0661 
0662         return 0;
0663     }
0664 #endif
0665 
0666     if (copy_to_user(argp, hdr, sizeof(*hdr)))
0667         return -EFAULT;
0668 
0669     return 0;
0670 }
0671 EXPORT_SYMBOL(put_sg_io_hdr);
0672 
0673 int get_sg_io_hdr(struct sg_io_hdr *hdr, const void __user *argp)
0674 {
0675 #ifdef CONFIG_COMPAT
0676     struct compat_sg_io_hdr hdr32;
0677 
0678     if (in_compat_syscall()) {
0679         if (copy_from_user(&hdr32, argp, sizeof(hdr32)))
0680             return -EFAULT;
0681 
0682         *hdr = (struct sg_io_hdr) {
0683             .interface_id    = hdr32.interface_id,
0684             .dxfer_direction = hdr32.dxfer_direction,
0685             .cmd_len     = hdr32.cmd_len,
0686             .mx_sb_len   = hdr32.mx_sb_len,
0687             .iovec_count     = hdr32.iovec_count,
0688             .dxfer_len   = hdr32.dxfer_len,
0689             .dxferp      = compat_ptr(hdr32.dxferp),
0690             .cmdp        = compat_ptr(hdr32.cmdp),
0691             .sbp         = compat_ptr(hdr32.sbp),
0692             .timeout     = hdr32.timeout,
0693             .flags       = hdr32.flags,
0694             .pack_id     = hdr32.pack_id,
0695             .usr_ptr     = compat_ptr(hdr32.usr_ptr),
0696             .status      = hdr32.status,
0697             .masked_status   = hdr32.masked_status,
0698             .msg_status  = hdr32.msg_status,
0699             .sb_len_wr   = hdr32.sb_len_wr,
0700             .host_status     = hdr32.host_status,
0701             .driver_status   = hdr32.driver_status,
0702             .resid       = hdr32.resid,
0703             .duration    = hdr32.duration,
0704             .info        = hdr32.info,
0705         };
0706 
0707         return 0;
0708     }
0709 #endif
0710 
0711     if (copy_from_user(hdr, argp, sizeof(*hdr)))
0712         return -EFAULT;
0713 
0714     return 0;
0715 }
0716 EXPORT_SYMBOL(get_sg_io_hdr);
0717 
0718 #ifdef CONFIG_COMPAT
0719 struct compat_cdrom_generic_command {
0720     unsigned char   cmd[CDROM_PACKET_SIZE];
0721     compat_caddr_t  buffer;
0722     compat_uint_t   buflen;
0723     compat_int_t    stat;
0724     compat_caddr_t  sense;
0725     unsigned char   data_direction;
0726     unsigned char   pad[3];
0727     compat_int_t    quiet;
0728     compat_int_t    timeout;
0729     compat_caddr_t  unused;
0730 };
0731 #endif
0732 
0733 static int scsi_get_cdrom_generic_arg(struct cdrom_generic_command *cgc,
0734                       const void __user *arg)
0735 {
0736 #ifdef CONFIG_COMPAT
0737     if (in_compat_syscall()) {
0738         struct compat_cdrom_generic_command cgc32;
0739 
0740         if (copy_from_user(&cgc32, arg, sizeof(cgc32)))
0741             return -EFAULT;
0742 
0743         *cgc = (struct cdrom_generic_command) {
0744             .buffer     = compat_ptr(cgc32.buffer),
0745             .buflen     = cgc32.buflen,
0746             .stat       = cgc32.stat,
0747             .sense      = compat_ptr(cgc32.sense),
0748             .data_direction = cgc32.data_direction,
0749             .quiet      = cgc32.quiet,
0750             .timeout    = cgc32.timeout,
0751             .unused     = compat_ptr(cgc32.unused),
0752         };
0753         memcpy(&cgc->cmd, &cgc32.cmd, CDROM_PACKET_SIZE);
0754         return 0;
0755     }
0756 #endif
0757     if (copy_from_user(cgc, arg, sizeof(*cgc)))
0758         return -EFAULT;
0759 
0760     return 0;
0761 }
0762 
0763 static int scsi_put_cdrom_generic_arg(const struct cdrom_generic_command *cgc,
0764                       void __user *arg)
0765 {
0766 #ifdef CONFIG_COMPAT
0767     if (in_compat_syscall()) {
0768         struct compat_cdrom_generic_command cgc32 = {
0769             .buffer     = (uintptr_t)(cgc->buffer),
0770             .buflen     = cgc->buflen,
0771             .stat       = cgc->stat,
0772             .sense      = (uintptr_t)(cgc->sense),
0773             .data_direction = cgc->data_direction,
0774             .quiet      = cgc->quiet,
0775             .timeout    = cgc->timeout,
0776             .unused     = (uintptr_t)(cgc->unused),
0777         };
0778         memcpy(&cgc32.cmd, &cgc->cmd, CDROM_PACKET_SIZE);
0779 
0780         if (copy_to_user(arg, &cgc32, sizeof(cgc32)))
0781             return -EFAULT;
0782 
0783         return 0;
0784     }
0785 #endif
0786     if (copy_to_user(arg, cgc, sizeof(*cgc)))
0787         return -EFAULT;
0788 
0789     return 0;
0790 }
0791 
0792 static int scsi_cdrom_send_packet(struct scsi_device *sdev, fmode_t mode,
0793         void __user *arg)
0794 {
0795     struct cdrom_generic_command cgc;
0796     struct sg_io_hdr hdr;
0797     int err;
0798 
0799     err = scsi_get_cdrom_generic_arg(&cgc, arg);
0800     if (err)
0801         return err;
0802 
0803     cgc.timeout = clock_t_to_jiffies(cgc.timeout);
0804     memset(&hdr, 0, sizeof(hdr));
0805     hdr.interface_id = 'S';
0806     hdr.cmd_len = sizeof(cgc.cmd);
0807     hdr.dxfer_len = cgc.buflen;
0808     switch (cgc.data_direction) {
0809     case CGC_DATA_UNKNOWN:
0810         hdr.dxfer_direction = SG_DXFER_UNKNOWN;
0811         break;
0812     case CGC_DATA_WRITE:
0813         hdr.dxfer_direction = SG_DXFER_TO_DEV;
0814         break;
0815     case CGC_DATA_READ:
0816         hdr.dxfer_direction = SG_DXFER_FROM_DEV;
0817         break;
0818     case CGC_DATA_NONE:
0819         hdr.dxfer_direction = SG_DXFER_NONE;
0820         break;
0821     default:
0822         return -EINVAL;
0823     }
0824 
0825     hdr.dxferp = cgc.buffer;
0826     hdr.sbp = cgc.sense;
0827     if (hdr.sbp)
0828         hdr.mx_sb_len = sizeof(struct request_sense);
0829     hdr.timeout = jiffies_to_msecs(cgc.timeout);
0830     hdr.cmdp = ((struct cdrom_generic_command __user *) arg)->cmd;
0831     hdr.cmd_len = sizeof(cgc.cmd);
0832 
0833     err = sg_io(sdev, &hdr, mode);
0834     if (err == -EFAULT)
0835         return -EFAULT;
0836 
0837     if (hdr.status)
0838         return -EIO;
0839 
0840     cgc.stat = err;
0841     cgc.buflen = hdr.resid;
0842     if (scsi_put_cdrom_generic_arg(&cgc, arg))
0843         return -EFAULT;
0844 
0845     return err;
0846 }
0847 
0848 static int scsi_ioctl_sg_io(struct scsi_device *sdev, fmode_t mode,
0849         void __user *argp)
0850 {
0851     struct sg_io_hdr hdr;
0852     int error;
0853 
0854     error = get_sg_io_hdr(&hdr, argp);
0855     if (error)
0856         return error;
0857     error = sg_io(sdev, &hdr, mode);
0858     if (error == -EFAULT)
0859         return error;
0860     if (put_sg_io_hdr(&hdr, argp))
0861         return -EFAULT;
0862     return error;
0863 }
0864 
0865 /**
0866  * scsi_ioctl - Dispatch ioctl to scsi device
0867  * @sdev: scsi device receiving ioctl
0868  * @mode: mode the block/char device is opened with
0869  * @cmd: which ioctl is it
0870  * @arg: data associated with ioctl
0871  *
0872  * Description: The scsi_ioctl() function differs from most ioctls in that it
0873  * does not take a major/minor number as the dev field.  Rather, it takes
0874  * a pointer to a &struct scsi_device.
0875  */
0876 int scsi_ioctl(struct scsi_device *sdev, fmode_t mode, int cmd,
0877         void __user *arg)
0878 {
0879     struct request_queue *q = sdev->request_queue;
0880     struct scsi_sense_hdr sense_hdr;
0881 
0882     /* Check for deprecated ioctls ... all the ioctls which don't
0883      * follow the new unique numbering scheme are deprecated */
0884     switch (cmd) {
0885     case SCSI_IOCTL_SEND_COMMAND:
0886     case SCSI_IOCTL_TEST_UNIT_READY:
0887     case SCSI_IOCTL_BENCHMARK_COMMAND:
0888     case SCSI_IOCTL_SYNC:
0889     case SCSI_IOCTL_START_UNIT:
0890     case SCSI_IOCTL_STOP_UNIT:
0891         printk(KERN_WARNING "program %s is using a deprecated SCSI "
0892                "ioctl, please convert it to SG_IO\n", current->comm);
0893         break;
0894     default:
0895         break;
0896     }
0897 
0898     switch (cmd) {
0899     case SG_GET_VERSION_NUM:
0900         return sg_get_version(arg);
0901     case SG_SET_TIMEOUT:
0902         return sg_set_timeout(sdev, arg);
0903     case SG_GET_TIMEOUT:
0904         return jiffies_to_clock_t(sdev->sg_timeout);
0905     case SG_GET_RESERVED_SIZE:
0906         return sg_get_reserved_size(sdev, arg);
0907     case SG_SET_RESERVED_SIZE:
0908         return sg_set_reserved_size(sdev, arg);
0909     case SG_EMULATED_HOST:
0910         return sg_emulated_host(q, arg);
0911     case SG_IO:
0912         return scsi_ioctl_sg_io(sdev, mode, arg);
0913     case SCSI_IOCTL_SEND_COMMAND:
0914         return sg_scsi_ioctl(q, mode, arg);
0915     case CDROM_SEND_PACKET:
0916         return scsi_cdrom_send_packet(sdev, mode, arg);
0917     case CDROMCLOSETRAY:
0918         return scsi_send_start_stop(sdev, 3);
0919     case CDROMEJECT:
0920         return scsi_send_start_stop(sdev, 2);
0921     case SCSI_IOCTL_GET_IDLUN:
0922         return scsi_get_idlun(sdev, arg);
0923     case SCSI_IOCTL_GET_BUS_NUMBER:
0924         return put_user(sdev->host->host_no, (int __user *)arg);
0925     case SCSI_IOCTL_PROBE_HOST:
0926         return ioctl_probe(sdev->host, arg);
0927     case SCSI_IOCTL_DOORLOCK:
0928         return scsi_set_medium_removal(sdev, SCSI_REMOVAL_PREVENT);
0929     case SCSI_IOCTL_DOORUNLOCK:
0930         return scsi_set_medium_removal(sdev, SCSI_REMOVAL_ALLOW);
0931     case SCSI_IOCTL_TEST_UNIT_READY:
0932         return scsi_test_unit_ready(sdev, IOCTL_NORMAL_TIMEOUT,
0933                         NORMAL_RETRIES, &sense_hdr);
0934     case SCSI_IOCTL_START_UNIT:
0935         return scsi_send_start_stop(sdev, 1);
0936     case SCSI_IOCTL_STOP_UNIT:
0937         return scsi_send_start_stop(sdev, 0);
0938         case SCSI_IOCTL_GET_PCI:
0939                 return scsi_ioctl_get_pci(sdev, arg);
0940     case SG_SCSI_RESET:
0941         return scsi_ioctl_reset(sdev, arg);
0942     }
0943 
0944 #ifdef CONFIG_COMPAT
0945     if (in_compat_syscall()) {
0946         if (!sdev->host->hostt->compat_ioctl)
0947             return -EINVAL;
0948         return sdev->host->hostt->compat_ioctl(sdev, cmd, arg);
0949     }
0950 #endif
0951     if (!sdev->host->hostt->ioctl)
0952         return -EINVAL;
0953     return sdev->host->hostt->ioctl(sdev, cmd, arg);
0954 }
0955 EXPORT_SYMBOL(scsi_ioctl);
0956 
0957 /*
0958  * We can process a reset even when a device isn't fully operable.
0959  */
0960 int scsi_ioctl_block_when_processing_errors(struct scsi_device *sdev, int cmd,
0961         bool ndelay)
0962 {
0963     if (cmd == SG_SCSI_RESET && ndelay) {
0964         if (scsi_host_in_recovery(sdev->host))
0965             return -EAGAIN;
0966     } else {
0967         if (!scsi_block_when_processing_errors(sdev))
0968             return -ENODEV;
0969     }
0970 
0971     return 0;
0972 }
0973 EXPORT_SYMBOL_GPL(scsi_ioctl_block_when_processing_errors);
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!