1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19#include <linux/kernel.h>
20#include <linux/errno.h>
21#include <linux/string.h>
22#include <linux/module.h>
23#include <linux/blkdev.h>
24#include <linux/capability.h>
25#include <linux/completion.h>
26#include <linux/cdrom.h>
27#include <linux/slab.h>
28#include <linux/times.h>
29#include <asm/uaccess.h>
30
31#include <scsi/scsi.h>
32#include <scsi/scsi_ioctl.h>
33#include <scsi/scsi_cmnd.h>
34
35
36const unsigned char scsi_command_size_tbl[8] =
37{
38 6, 10, 10, 12,
39 16, 12, 10, 10
40};
41EXPORT_SYMBOL(scsi_command_size_tbl);
42
43#include <scsi/sg.h>
44
45static int sg_get_version(int __user *p)
46{
47 static const int sg_version_num = 30527;
48 return put_user(sg_version_num, p);
49}
50
51static int scsi_get_idlun(struct request_queue *q, int __user *p)
52{
53 return put_user(0, p);
54}
55
56static int scsi_get_bus(struct request_queue *q, int __user *p)
57{
58 return put_user(0, p);
59}
60
61static int sg_get_timeout(struct request_queue *q)
62{
63 return q->sg_timeout / (HZ / USER_HZ);
64}
65
66static int sg_set_timeout(struct request_queue *q, int __user *p)
67{
68 int timeout, err = get_user(timeout, p);
69
70 if (!err)
71 q->sg_timeout = timeout * (HZ / USER_HZ);
72
73 return err;
74}
75
76static int sg_get_reserved_size(struct request_queue *q, int __user *p)
77{
78 unsigned val = min(q->sg_reserved_size, q->max_sectors << 9);
79
80 return put_user(val, p);
81}
82
83static int sg_set_reserved_size(struct request_queue *q, int __user *p)
84{
85 int size, err = get_user(size, p);
86
87 if (err)
88 return err;
89
90 if (size < 0)
91 return -EINVAL;
92 if (size > (q->max_sectors << 9))
93 size = q->max_sectors << 9;
94
95 q->sg_reserved_size = size;
96 return 0;
97}
98
99
100
101
102
103static int sg_emulated_host(struct request_queue *q, int __user *p)
104{
105 return put_user(1, p);
106}
107
108void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter)
109{
110
111 __set_bit(TEST_UNIT_READY, filter->read_ok);
112 __set_bit(REQUEST_SENSE, filter->read_ok);
113 __set_bit(READ_6, filter->read_ok);
114 __set_bit(READ_10, filter->read_ok);
115 __set_bit(READ_12, filter->read_ok);
116 __set_bit(READ_16, filter->read_ok);
117 __set_bit(READ_BUFFER, filter->read_ok);
118 __set_bit(READ_DEFECT_DATA, filter->read_ok);
119 __set_bit(READ_CAPACITY, filter->read_ok);
120 __set_bit(READ_LONG, filter->read_ok);
121 __set_bit(INQUIRY, filter->read_ok);
122 __set_bit(MODE_SENSE, filter->read_ok);
123 __set_bit(MODE_SENSE_10, filter->read_ok);
124 __set_bit(LOG_SENSE, filter->read_ok);
125 __set_bit(START_STOP, filter->read_ok);
126 __set_bit(GPCMD_VERIFY_10, filter->read_ok);
127 __set_bit(VERIFY_16, filter->read_ok);
128 __set_bit(REPORT_LUNS, filter->read_ok);
129 __set_bit(SERVICE_ACTION_IN, filter->read_ok);
130 __set_bit(RECEIVE_DIAGNOSTIC, filter->read_ok);
131 __set_bit(MAINTENANCE_IN, filter->read_ok);
132 __set_bit(GPCMD_READ_BUFFER_CAPACITY, filter->read_ok);
133
134
135 __set_bit(GPCMD_PLAY_CD, filter->read_ok);
136 __set_bit(GPCMD_PLAY_AUDIO_10, filter->read_ok);
137 __set_bit(GPCMD_PLAY_AUDIO_MSF, filter->read_ok);
138 __set_bit(GPCMD_PLAY_AUDIO_TI, filter->read_ok);
139 __set_bit(GPCMD_PAUSE_RESUME, filter->read_ok);
140
141
142 __set_bit(GPCMD_READ_CD, filter->read_ok);
143 __set_bit(GPCMD_READ_CD_MSF, filter->read_ok);
144 __set_bit(GPCMD_READ_DISC_INFO, filter->read_ok);
145 __set_bit(GPCMD_READ_CDVD_CAPACITY, filter->read_ok);
146 __set_bit(GPCMD_READ_DVD_STRUCTURE, filter->read_ok);
147 __set_bit(GPCMD_READ_HEADER, filter->read_ok);
148 __set_bit(GPCMD_READ_TRACK_RZONE_INFO, filter->read_ok);
149 __set_bit(GPCMD_READ_SUBCHANNEL, filter->read_ok);
150 __set_bit(GPCMD_READ_TOC_PMA_ATIP, filter->read_ok);
151 __set_bit(GPCMD_REPORT_KEY, filter->read_ok);
152 __set_bit(GPCMD_SCAN, filter->read_ok);
153 __set_bit(GPCMD_GET_CONFIGURATION, filter->read_ok);
154 __set_bit(GPCMD_READ_FORMAT_CAPACITIES, filter->read_ok);
155 __set_bit(GPCMD_GET_EVENT_STATUS_NOTIFICATION, filter->read_ok);
156 __set_bit(GPCMD_GET_PERFORMANCE, filter->read_ok);
157 __set_bit(GPCMD_SEEK, filter->read_ok);
158 __set_bit(GPCMD_STOP_PLAY_SCAN, filter->read_ok);
159
160
161 __set_bit(WRITE_6, filter->write_ok);
162 __set_bit(WRITE_10, filter->write_ok);
163 __set_bit(WRITE_VERIFY, filter->write_ok);
164 __set_bit(WRITE_12, filter->write_ok);
165 __set_bit(WRITE_VERIFY_12, filter->write_ok);
166 __set_bit(WRITE_16, filter->write_ok);
167 __set_bit(WRITE_LONG, filter->write_ok);
168 __set_bit(WRITE_LONG_2, filter->write_ok);
169 __set_bit(ERASE, filter->write_ok);
170 __set_bit(GPCMD_MODE_SELECT_10, filter->write_ok);
171 __set_bit(MODE_SELECT, filter->write_ok);
172 __set_bit(LOG_SELECT, filter->write_ok);
173 __set_bit(GPCMD_BLANK, filter->write_ok);
174 __set_bit(GPCMD_CLOSE_TRACK, filter->write_ok);
175 __set_bit(GPCMD_FLUSH_CACHE, filter->write_ok);
176 __set_bit(GPCMD_FORMAT_UNIT, filter->write_ok);
177 __set_bit(GPCMD_REPAIR_RZONE_TRACK, filter->write_ok);
178 __set_bit(GPCMD_RESERVE_RZONE_TRACK, filter->write_ok);
179 __set_bit(GPCMD_SEND_DVD_STRUCTURE, filter->write_ok);
180 __set_bit(GPCMD_SEND_EVENT, filter->write_ok);
181 __set_bit(GPCMD_SEND_KEY, filter->write_ok);
182 __set_bit(GPCMD_SEND_OPC, filter->write_ok);
183 __set_bit(GPCMD_SEND_CUE_SHEET, filter->write_ok);
184 __set_bit(GPCMD_SET_SPEED, filter->write_ok);
185 __set_bit(GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL, filter->write_ok);
186 __set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok);
187 __set_bit(GPCMD_SET_STREAMING, filter->write_ok);
188}
189EXPORT_SYMBOL_GPL(blk_set_cmd_filter_defaults);
190
191static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq,
192 struct sg_io_hdr *hdr, struct file *file)
193{
194 if (copy_from_user(rq->cmd, hdr->cmdp, hdr->cmd_len))
195 return -EFAULT;
196 if (blk_verify_command(&q->cmd_filter, rq->cmd,
197 file->f_mode & FMODE_WRITE))
198 return -EPERM;
199
200
201
202
203 rq->cmd_len = hdr->cmd_len;
204 rq->cmd_type = REQ_TYPE_BLOCK_PC;
205
206 rq->timeout = msecs_to_jiffies(hdr->timeout);
207 if (!rq->timeout)
208 rq->timeout = q->sg_timeout;
209 if (!rq->timeout)
210 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
211 if (rq->timeout < BLK_MIN_SG_TIMEOUT)
212 rq->timeout = BLK_MIN_SG_TIMEOUT;
213
214 return 0;
215}
216
217
218
219
220
221static int blk_unmap_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr)
222{
223 blk_rq_unmap_user(rq->bio);
224 blk_put_request(rq);
225 return 0;
226}
227
228static int blk_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr,
229 struct bio *bio)
230{
231 int r, ret = 0;
232
233
234
235
236 hdr->status = rq->errors & 0xff;
237 hdr->masked_status = status_byte(rq->errors);
238 hdr->msg_status = msg_byte(rq->errors);
239 hdr->host_status = host_byte(rq->errors);
240 hdr->driver_status = driver_byte(rq->errors);
241 hdr->info = 0;
242 if (hdr->masked_status || hdr->host_status || hdr->driver_status)
243 hdr->info |= SG_INFO_CHECK;
244 hdr->resid = rq->data_len;
245 hdr->sb_len_wr = 0;
246
247 if (rq->sense_len && hdr->sbp) {
248 int len = min((unsigned int) hdr->mx_sb_len, rq->sense_len);
249
250 if (!copy_to_user(hdr->sbp, rq->sense, len))
251 hdr->sb_len_wr = len;
252 else
253 ret = -EFAULT;
254 }
255
256 rq->bio = bio;
257 r = blk_unmap_sghdr_rq(rq, hdr);
258 if (ret)
259 r = ret;
260
261 return r;
262}
263
264static int sg_io(struct file *file, struct request_queue *q,
265 struct gendisk *bd_disk, struct sg_io_hdr *hdr)
266{
267 unsigned long start_time;
268 int writing = 0, ret = 0;
269 struct request *rq;
270 char sense[SCSI_SENSE_BUFFERSIZE];
271 struct bio *bio;
272
273 if (hdr->interface_id != 'S')
274 return -EINVAL;
275 if (hdr->cmd_len > BLK_MAX_CDB)
276 return -EINVAL;
277
278 if (hdr->dxfer_len > (q->max_hw_sectors << 9))
279 return -EIO;
280
281 if (hdr->dxfer_len)
282 switch (hdr->dxfer_direction) {
283 default:
284 return -EINVAL;
285 case SG_DXFER_TO_DEV:
286 writing = 1;
287 break;
288 case SG_DXFER_TO_FROM_DEV:
289 case SG_DXFER_FROM_DEV:
290 break;
291 }
292
293 rq = blk_get_request(q, writing ? WRITE : READ, GFP_KERNEL);
294 if (!rq)
295 return -ENOMEM;
296
297 if (blk_fill_sghdr_rq(q, rq, hdr, file)) {
298 blk_put_request(rq);
299 return -EFAULT;
300 }
301
302 if (hdr->iovec_count) {
303 const int size = sizeof(struct sg_iovec) * hdr->iovec_count;
304 struct sg_iovec *iov;
305
306 iov = kmalloc(size, GFP_KERNEL);
307 if (!iov) {
308 ret = -ENOMEM;
309 goto out;
310 }
311
312 if (copy_from_user(iov, hdr->dxferp, size)) {
313 kfree(iov);
314 ret = -EFAULT;
315 goto out;
316 }
317
318 ret = blk_rq_map_user_iov(q, rq, iov, hdr->iovec_count,
319 hdr->dxfer_len);
320 kfree(iov);
321 } else if (hdr->dxfer_len)
322 ret = blk_rq_map_user(q, rq, hdr->dxferp, hdr->dxfer_len);
323
324 if (ret)
325 goto out;
326
327 bio = rq->bio;
328 memset(sense, 0, sizeof(sense));
329 rq->sense = sense;
330 rq->sense_len = 0;
331 rq->retries = 0;
332
333 start_time = jiffies;
334
335
336
337
338
339 blk_execute_rq(q, bd_disk, rq, 0);
340
341 hdr->duration = jiffies_to_msecs(jiffies - start_time);
342
343 return blk_complete_sghdr_rq(rq, hdr, bio);
344out:
345 blk_put_request(rq);
346 return ret;
347}
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382#define OMAX_SB_LEN 16
383int sg_scsi_ioctl(struct file *file, struct request_queue *q,
384 struct gendisk *disk, struct scsi_ioctl_command __user *sic)
385{
386 struct request *rq;
387 int err, write_perm = 0;
388 unsigned int in_len, out_len, bytes, opcode, cmdlen;
389 char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE];
390
391 if (!sic)
392 return -EINVAL;
393
394
395
396
397 if (get_user(in_len, &sic->inlen))
398 return -EFAULT;
399 if (get_user(out_len, &sic->outlen))
400 return -EFAULT;
401 if (in_len > PAGE_SIZE || out_len > PAGE_SIZE)
402 return -EINVAL;
403 if (get_user(opcode, sic->data))
404 return -EFAULT;
405
406 bytes = max(in_len, out_len);
407 if (bytes) {
408 buffer = kzalloc(bytes, q->bounce_gfp | GFP_USER| __GFP_NOWARN);
409 if (!buffer)
410 return -ENOMEM;
411
412 }
413
414 rq = blk_get_request(q, in_len ? WRITE : READ, __GFP_WAIT);
415
416 cmdlen = COMMAND_SIZE(opcode);
417
418
419
420
421 err = -EFAULT;
422 rq->cmd_len = cmdlen;
423 if (copy_from_user(rq->cmd, sic->data, cmdlen))
424 goto error;
425
426 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
427 goto error;
428
429
430 if (file && (file->f_mode & FMODE_WRITE))
431 write_perm = 1;
432
433 err = blk_verify_command(&q->cmd_filter, rq->cmd, write_perm);
434 if (err)
435 goto error;
436
437
438 rq->retries = 5;
439
440 switch (opcode) {
441 case SEND_DIAGNOSTIC:
442 case FORMAT_UNIT:
443 rq->timeout = FORMAT_UNIT_TIMEOUT;
444 rq->retries = 1;
445 break;
446 case START_STOP:
447 rq->timeout = START_STOP_TIMEOUT;
448 break;
449 case MOVE_MEDIUM:
450 rq->timeout = MOVE_MEDIUM_TIMEOUT;
451 break;
452 case READ_ELEMENT_STATUS:
453 rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;
454 break;
455 case READ_DEFECT_DATA:
456 rq->timeout = READ_DEFECT_DATA_TIMEOUT;
457 rq->retries = 1;
458 break;
459 default:
460 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
461 break;
462 }
463
464 if (bytes && blk_rq_map_kern(q, rq, buffer, bytes, __GFP_WAIT)) {
465 err = DRIVER_ERROR << 24;
466 goto out;
467 }
468
469 memset(sense, 0, sizeof(sense));
470 rq->sense = sense;
471 rq->sense_len = 0;
472 rq->cmd_type = REQ_TYPE_BLOCK_PC;
473
474 blk_execute_rq(q, disk, rq, 0);
475
476out:
477 err = rq->errors & 0xff;
478 if (err) {
479 if (rq->sense_len && rq->sense) {
480 bytes = (OMAX_SB_LEN > rq->sense_len) ?
481 rq->sense_len : OMAX_SB_LEN;
482 if (copy_to_user(sic->data, rq->sense, bytes))
483 err = -EFAULT;
484 }
485 } else {
486 if (copy_to_user(sic->data, buffer, out_len))
487 err = -EFAULT;
488 }
489
490error:
491 kfree(buffer);
492 blk_put_request(rq);
493 return err;
494}
495EXPORT_SYMBOL_GPL(sg_scsi_ioctl);
496
497
498static int __blk_send_generic(struct request_queue *q, struct gendisk *bd_disk,
499 int cmd, int data)
500{
501 struct request *rq;
502 int err;
503
504 rq = blk_get_request(q, WRITE, __GFP_WAIT);
505 rq->cmd_type = REQ_TYPE_BLOCK_PC;
506 rq->data = NULL;
507 rq->data_len = 0;
508 rq->extra_len = 0;
509 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
510 rq->cmd[0] = cmd;
511 rq->cmd[4] = data;
512 rq->cmd_len = 6;
513 err = blk_execute_rq(q, bd_disk, rq, 0);
514 blk_put_request(rq);
515
516 return err;
517}
518
519static inline int blk_send_start_stop(struct request_queue *q,
520 struct gendisk *bd_disk, int data)
521{
522 return __blk_send_generic(q, bd_disk, GPCMD_START_STOP_UNIT, data);
523}
524
525int scsi_cmd_ioctl(struct file *file, struct request_queue *q,
526 struct gendisk *bd_disk, unsigned int cmd, void __user *arg)
527{
528 int err;
529
530 if (!q || blk_get_queue(q))
531 return -ENXIO;
532
533 switch (cmd) {
534
535
536
537 case SG_GET_VERSION_NUM:
538 err = sg_get_version(arg);
539 break;
540 case SCSI_IOCTL_GET_IDLUN:
541 err = scsi_get_idlun(q, arg);
542 break;
543 case SCSI_IOCTL_GET_BUS_NUMBER:
544 err = scsi_get_bus(q, arg);
545 break;
546 case SG_SET_TIMEOUT:
547 err = sg_set_timeout(q, arg);
548 break;
549 case SG_GET_TIMEOUT:
550 err = sg_get_timeout(q);
551 break;
552 case SG_GET_RESERVED_SIZE:
553 err = sg_get_reserved_size(q, arg);
554 break;
555 case SG_SET_RESERVED_SIZE:
556 err = sg_set_reserved_size(q, arg);
557 break;
558 case SG_EMULATED_HOST:
559 err = sg_emulated_host(q, arg);
560 break;
561 case SG_IO: {
562 struct sg_io_hdr hdr;
563
564 err = -EFAULT;
565 if (copy_from_user(&hdr, arg, sizeof(hdr)))
566 break;
567 err = sg_io(file, q, bd_disk, &hdr);
568 if (err == -EFAULT)
569 break;
570
571 if (copy_to_user(arg, &hdr, sizeof(hdr)))
572 err = -EFAULT;
573 break;
574 }
575 case CDROM_SEND_PACKET: {
576 struct cdrom_generic_command cgc;
577 struct sg_io_hdr hdr;
578
579 err = -EFAULT;
580 if (copy_from_user(&cgc, arg, sizeof(cgc)))
581 break;
582 cgc.timeout = clock_t_to_jiffies(cgc.timeout);
583 memset(&hdr, 0, sizeof(hdr));
584 hdr.interface_id = 'S';
585 hdr.cmd_len = sizeof(cgc.cmd);
586 hdr.dxfer_len = cgc.buflen;
587 err = 0;
588 switch (cgc.data_direction) {
589 case CGC_DATA_UNKNOWN:
590 hdr.dxfer_direction = SG_DXFER_UNKNOWN;
591 break;
592 case CGC_DATA_WRITE:
593 hdr.dxfer_direction = SG_DXFER_TO_DEV;
594 break;
595 case CGC_DATA_READ:
596 hdr.dxfer_direction = SG_DXFER_FROM_DEV;
597 break;
598 case CGC_DATA_NONE:
599 hdr.dxfer_direction = SG_DXFER_NONE;
600 break;
601 default:
602 err = -EINVAL;
603 }
604 if (err)
605 break;
606
607 hdr.dxferp = cgc.buffer;
608 hdr.sbp = cgc.sense;
609 if (hdr.sbp)
610 hdr.mx_sb_len = sizeof(struct request_sense);
611 hdr.timeout = jiffies_to_msecs(cgc.timeout);
612 hdr.cmdp = ((struct cdrom_generic_command __user*) arg)->cmd;
613 hdr.cmd_len = sizeof(cgc.cmd);
614
615 err = sg_io(file, q, bd_disk, &hdr);
616 if (err == -EFAULT)
617 break;
618
619 if (hdr.status)
620 err = -EIO;
621
622 cgc.stat = err;
623 cgc.buflen = hdr.resid;
624 if (copy_to_user(arg, &cgc, sizeof(cgc)))
625 err = -EFAULT;
626
627 break;
628 }
629
630
631
632
633 case SCSI_IOCTL_SEND_COMMAND:
634 printk(KERN_WARNING "program %s is using a deprecated SCSI ioctl, please convert it to SG_IO\n", current->comm);
635 err = -EINVAL;
636 if (!arg)
637 break;
638
639 err = sg_scsi_ioctl(file, q, bd_disk, arg);
640 break;
641 case CDROMCLOSETRAY:
642 err = blk_send_start_stop(q, bd_disk, 0x03);
643 break;
644 case CDROMEJECT:
645 err = blk_send_start_stop(q, bd_disk, 0x02);
646 break;
647 default:
648 err = -ENOTTY;
649 }
650
651 blk_put_queue(q);
652 return err;
653}
654
655EXPORT_SYMBOL(scsi_cmd_ioctl);
656
657int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd)
658{
659 if (bd && bd == bd->bd_contains)
660 return 0;
661
662
663
664
665 switch (cmd) {
666 case SCSI_IOCTL_GET_IDLUN:
667 case SCSI_IOCTL_GET_BUS_NUMBER:
668 case SCSI_IOCTL_GET_PCI:
669 case SCSI_IOCTL_PROBE_HOST:
670 case SG_GET_VERSION_NUM:
671 case SG_SET_TIMEOUT:
672 case SG_GET_TIMEOUT:
673 case SG_GET_RESERVED_SIZE:
674 case SG_SET_RESERVED_SIZE:
675 case SG_EMULATED_HOST:
676 return 0;
677 case CDROM_GET_CAPABILITY:
678
679
680
681
682 return -ENOTTY;
683 default:
684 break;
685 }
686
687
688 if (printk_ratelimit())
689 printk(KERN_WARNING
690 "%s: sending ioctl %x to a partition!\n", current->comm, cmd);
691
692 return capable(CAP_SYS_RAWIO) ? 0 : -ENOTTY;
693}
694EXPORT_SYMBOL(scsi_verify_blk_ioctl);
695
696
697int scsi_cmd_blk_ioctl(struct file *file, struct block_device *bd,
698 unsigned int cmd, void __user *arg)
699{
700 int ret;
701
702 ret = scsi_verify_blk_ioctl(bd, cmd);
703 if (ret < 0)
704 return ret;
705
706 return scsi_cmd_ioctl(file, bd->bd_disk->queue, bd->bd_disk, cmd, arg);
707}
708EXPORT_SYMBOL(scsi_cmd_blk_ioctl);
709
710
