1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19#include <linux/kernel.h>
20#include <linux/errno.h>
21#include <linux/string.h>
22#include <linux/module.h>
23#include <linux/blkdev.h>
24#include <linux/capability.h>
25#include <linux/completion.h>
26#include <linux/cdrom.h>
27#include <linux/slab.h>
28#include <linux/times.h>
29#include <asm/uaccess.h>
30
31#include <scsi/scsi.h>
32#include <scsi/scsi_ioctl.h>
33#include <scsi/scsi_cmnd.h>
34
35
36const unsigned char scsi_command_size_tbl[8] =
37{
38 6, 10, 10, 12,
39 16, 12, 10, 10
40};
41EXPORT_SYMBOL(scsi_command_size_tbl);
42
43#include <scsi/sg.h>
44
45static int sg_get_version(int __user *p)
46{
47 static const int sg_version_num = 30527;
48 return put_user(sg_version_num, p);
49}
50
51static int scsi_get_idlun(struct request_queue *q, int __user *p)
52{
53 return put_user(0, p);
54}
55
56static int scsi_get_bus(struct request_queue *q, int __user *p)
57{
58 return put_user(0, p);
59}
60
61static int sg_get_timeout(struct request_queue *q)
62{
63 return jiffies_to_clock_t(q->sg_timeout);
64}
65
66static int sg_set_timeout(struct request_queue *q, int __user *p)
67{
68 int timeout, err = get_user(timeout, p);
69
70 if (!err)
71 q->sg_timeout = clock_t_to_jiffies(timeout);
72
73 return err;
74}
75
76static int sg_get_reserved_size(struct request_queue *q, int __user *p)
77{
78 unsigned val = min(q->sg_reserved_size, q->max_sectors << 9);
79
80 return put_user(val, p);
81}
82
83static int sg_set_reserved_size(struct request_queue *q, int __user *p)
84{
85 int size, err = get_user(size, p);
86
87 if (err)
88 return err;
89
90 if (size < 0)
91 return -EINVAL;
92 if (size > (q->max_sectors << 9))
93 size = q->max_sectors << 9;
94
95 q->sg_reserved_size = size;
96 return 0;
97}
98
99
100
101
102
103static int sg_emulated_host(struct request_queue *q, int __user *p)
104{
105 return put_user(1, p);
106}
107
108void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter)
109{
110
111 __set_bit(TEST_UNIT_READY, filter->read_ok);
112 __set_bit(REQUEST_SENSE, filter->read_ok);
113 __set_bit(READ_6, filter->read_ok);
114 __set_bit(READ_10, filter->read_ok);
115 __set_bit(READ_12, filter->read_ok);
116 __set_bit(READ_16, filter->read_ok);
117 __set_bit(READ_BUFFER, filter->read_ok);
118 __set_bit(READ_DEFECT_DATA, filter->read_ok);
119 __set_bit(READ_CAPACITY, filter->read_ok);
120 __set_bit(READ_LONG, filter->read_ok);
121 __set_bit(INQUIRY, filter->read_ok);
122 __set_bit(MODE_SENSE, filter->read_ok);
123 __set_bit(MODE_SENSE_10, filter->read_ok);
124 __set_bit(LOG_SENSE, filter->read_ok);
125 __set_bit(START_STOP, filter->read_ok);
126 __set_bit(GPCMD_VERIFY_10, filter->read_ok);
127 __set_bit(VERIFY_16, filter->read_ok);
128 __set_bit(REPORT_LUNS, filter->read_ok);
129 __set_bit(SERVICE_ACTION_IN, filter->read_ok);
130 __set_bit(RECEIVE_DIAGNOSTIC, filter->read_ok);
131 __set_bit(MAINTENANCE_IN, filter->read_ok);
132 __set_bit(GPCMD_READ_BUFFER_CAPACITY, filter->read_ok);
133
134
135 __set_bit(GPCMD_PLAY_CD, filter->read_ok);
136 __set_bit(GPCMD_PLAY_AUDIO_10, filter->read_ok);
137 __set_bit(GPCMD_PLAY_AUDIO_MSF, filter->read_ok);
138 __set_bit(GPCMD_PLAY_AUDIO_TI, filter->read_ok);
139 __set_bit(GPCMD_PAUSE_RESUME, filter->read_ok);
140
141
142 __set_bit(GPCMD_READ_CD, filter->read_ok);
143 __set_bit(GPCMD_READ_CD_MSF, filter->read_ok);
144 __set_bit(GPCMD_READ_DISC_INFO, filter->read_ok);
145 __set_bit(GPCMD_READ_CDVD_CAPACITY, filter->read_ok);
146 __set_bit(GPCMD_READ_DVD_STRUCTURE, filter->read_ok);
147 __set_bit(GPCMD_READ_HEADER, filter->read_ok);
148 __set_bit(GPCMD_READ_TRACK_RZONE_INFO, filter->read_ok);
149 __set_bit(GPCMD_READ_SUBCHANNEL, filter->read_ok);
150 __set_bit(GPCMD_READ_TOC_PMA_ATIP, filter->read_ok);
151 __set_bit(GPCMD_REPORT_KEY, filter->read_ok);
152 __set_bit(GPCMD_SCAN, filter->read_ok);
153 __set_bit(GPCMD_GET_CONFIGURATION, filter->read_ok);
154 __set_bit(GPCMD_READ_FORMAT_CAPACITIES, filter->read_ok);
155 __set_bit(GPCMD_GET_EVENT_STATUS_NOTIFICATION, filter->read_ok);
156 __set_bit(GPCMD_GET_PERFORMANCE, filter->read_ok);
157 __set_bit(GPCMD_SEEK, filter->read_ok);
158 __set_bit(GPCMD_STOP_PLAY_SCAN, filter->read_ok);
159
160
161 __set_bit(WRITE_6, filter->write_ok);
162 __set_bit(WRITE_10, filter->write_ok);
163 __set_bit(WRITE_VERIFY, filter->write_ok);
164 __set_bit(WRITE_12, filter->write_ok);
165 __set_bit(WRITE_VERIFY_12, filter->write_ok);
166 __set_bit(WRITE_16, filter->write_ok);
167 __set_bit(WRITE_LONG, filter->write_ok);
168 __set_bit(WRITE_LONG_2, filter->write_ok);
169 __set_bit(ERASE, filter->write_ok);
170 __set_bit(GPCMD_MODE_SELECT_10, filter->write_ok);
171 __set_bit(MODE_SELECT, filter->write_ok);
172 __set_bit(LOG_SELECT, filter->write_ok);
173 __set_bit(GPCMD_BLANK, filter->write_ok);
174 __set_bit(GPCMD_CLOSE_TRACK, filter->write_ok);
175 __set_bit(GPCMD_FLUSH_CACHE, filter->write_ok);
176 __set_bit(GPCMD_FORMAT_UNIT, filter->write_ok);
177 __set_bit(GPCMD_REPAIR_RZONE_TRACK, filter->write_ok);
178 __set_bit(GPCMD_RESERVE_RZONE_TRACK, filter->write_ok);
179 __set_bit(GPCMD_SEND_DVD_STRUCTURE, filter->write_ok);
180 __set_bit(GPCMD_SEND_EVENT, filter->write_ok);
181 __set_bit(GPCMD_SEND_KEY, filter->write_ok);
182 __set_bit(GPCMD_SEND_OPC, filter->write_ok);
183 __set_bit(GPCMD_SEND_CUE_SHEET, filter->write_ok);
184 __set_bit(GPCMD_SET_SPEED, filter->write_ok);
185 __set_bit(GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL, filter->write_ok);
186 __set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok);
187 __set_bit(GPCMD_SET_STREAMING, filter->write_ok);
188 __set_bit(GPCMD_SET_READ_AHEAD, filter->write_ok);
189}
190EXPORT_SYMBOL_GPL(blk_set_cmd_filter_defaults);
191
192static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq,
193 struct sg_io_hdr *hdr, fmode_t mode)
194{
195 if (copy_from_user(rq->cmd, hdr->cmdp, hdr->cmd_len))
196 return -EFAULT;
197 if (blk_verify_command(&q->cmd_filter, rq->cmd, mode & FMODE_WRITE))
198 return -EPERM;
199
200
201
202
203 rq->cmd_len = hdr->cmd_len;
204 rq->cmd_type = REQ_TYPE_BLOCK_PC;
205
206 rq->timeout = msecs_to_jiffies(hdr->timeout);
207 if (!rq->timeout)
208 rq->timeout = q->sg_timeout;
209 if (!rq->timeout)
210 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
211 if (rq->timeout < BLK_MIN_SG_TIMEOUT)
212 rq->timeout = BLK_MIN_SG_TIMEOUT;
213
214 return 0;
215}
216
217static int blk_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr,
218 struct bio *bio)
219{
220 int r, ret = 0;
221
222
223
224
225 hdr->status = rq->errors & 0xff;
226 hdr->masked_status = status_byte(rq->errors);
227 hdr->msg_status = msg_byte(rq->errors);
228 hdr->host_status = host_byte(rq->errors);
229 hdr->driver_status = driver_byte(rq->errors);
230 hdr->info = 0;
231 if (hdr->masked_status || hdr->host_status || hdr->driver_status)
232 hdr->info |= SG_INFO_CHECK;
233 hdr->resid = rq->data_len;
234 hdr->sb_len_wr = 0;
235
236 if (rq->sense_len && hdr->sbp) {
237 int len = min((unsigned int) hdr->mx_sb_len, rq->sense_len);
238
239 if (!copy_to_user(hdr->sbp, rq->sense, len))
240 hdr->sb_len_wr = len;
241 else
242 ret = -EFAULT;
243 }
244
245 r = blk_rq_unmap_user(bio);
246 if (!ret)
247 ret = r;
248 blk_put_request(rq);
249
250 return ret;
251}
252
253static int sg_io(struct request_queue *q, struct gendisk *bd_disk,
254 struct sg_io_hdr *hdr, fmode_t mode)
255{
256 unsigned long start_time;
257 int writing = 0, ret = 0;
258 struct request *rq;
259 char sense[SCSI_SENSE_BUFFERSIZE];
260 struct bio *bio;
261
262 if (hdr->interface_id != 'S')
263 return -EINVAL;
264 if (hdr->cmd_len > BLK_MAX_CDB)
265 return -EINVAL;
266
267 if (hdr->dxfer_len > (q->max_hw_sectors << 9))
268 return -EIO;
269
270 if (hdr->dxfer_len)
271 switch (hdr->dxfer_direction) {
272 default:
273 return -EINVAL;
274 case SG_DXFER_TO_DEV:
275 writing = 1;
276 break;
277 case SG_DXFER_TO_FROM_DEV:
278 case SG_DXFER_FROM_DEV:
279 break;
280 }
281
282 rq = blk_get_request(q, writing ? WRITE : READ, GFP_KERNEL);
283 if (!rq)
284 return -ENOMEM;
285
286 if (blk_fill_sghdr_rq(q, rq, hdr, mode)) {
287 blk_put_request(rq);
288 return -EFAULT;
289 }
290
291 if (hdr->iovec_count) {
292 const int size = sizeof(struct sg_iovec) * hdr->iovec_count;
293 size_t iov_data_len;
294 struct sg_iovec *iov;
295
296 iov = kmalloc(size, GFP_KERNEL);
297 if (!iov) {
298 ret = -ENOMEM;
299 goto out;
300 }
301
302 if (copy_from_user(iov, hdr->dxferp, size)) {
303 kfree(iov);
304 ret = -EFAULT;
305 goto out;
306 }
307
308
309 iov_data_len = iov_length((struct iovec *)iov,
310 hdr->iovec_count);
311 if (hdr->dxfer_len < iov_data_len) {
312 hdr->iovec_count = iov_shorten((struct iovec *)iov,
313 hdr->iovec_count,
314 hdr->dxfer_len);
315 iov_data_len = hdr->dxfer_len;
316 }
317
318 ret = blk_rq_map_user_iov(q, rq, NULL, iov, hdr->iovec_count,
319 iov_data_len, GFP_KERNEL);
320 kfree(iov);
321 } else if (hdr->dxfer_len)
322 ret = blk_rq_map_user(q, rq, NULL, hdr->dxferp, hdr->dxfer_len,
323 GFP_KERNEL);
324
325 if (ret)
326 goto out;
327
328 bio = rq->bio;
329 memset(sense, 0, sizeof(sense));
330 rq->sense = sense;
331 rq->sense_len = 0;
332 rq->retries = 0;
333
334 start_time = jiffies;
335
336
337
338
339
340 blk_execute_rq(q, bd_disk, rq, 0);
341
342 hdr->duration = jiffies_to_msecs(jiffies - start_time);
343
344 return blk_complete_sghdr_rq(rq, hdr, bio);
345out:
346 blk_put_request(rq);
347 return ret;
348}
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383#define OMAX_SB_LEN 16
384int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
385 struct scsi_ioctl_command __user *sic)
386{
387 struct request *rq;
388 int err;
389 unsigned int in_len, out_len, bytes, opcode, cmdlen;
390 char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE];
391
392 if (!sic)
393 return -EINVAL;
394
395
396
397
398 if (get_user(in_len, &sic->inlen))
399 return -EFAULT;
400 if (get_user(out_len, &sic->outlen))
401 return -EFAULT;
402 if (in_len > PAGE_SIZE || out_len > PAGE_SIZE)
403 return -EINVAL;
404 if (get_user(opcode, sic->data))
405 return -EFAULT;
406
407 bytes = max(in_len, out_len);
408 if (bytes) {
409 buffer = kzalloc(bytes, q->bounce_gfp | GFP_USER| __GFP_NOWARN);
410 if (!buffer)
411 return -ENOMEM;
412
413 }
414
415 rq = blk_get_request(q, in_len ? WRITE : READ, __GFP_WAIT);
416
417 cmdlen = COMMAND_SIZE(opcode);
418
419
420
421
422 err = -EFAULT;
423 rq->cmd_len = cmdlen;
424 if (copy_from_user(rq->cmd, sic->data, cmdlen))
425 goto error;
426
427 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
428 goto error;
429
430 err = blk_verify_command(&q->cmd_filter, rq->cmd, mode & FMODE_WRITE);
431 if (err)
432 goto error;
433
434
435 rq->retries = 5;
436
437 switch (opcode) {
438 case SEND_DIAGNOSTIC:
439 case FORMAT_UNIT:
440 rq->timeout = FORMAT_UNIT_TIMEOUT;
441 rq->retries = 1;
442 break;
443 case START_STOP:
444 rq->timeout = START_STOP_TIMEOUT;
445 break;
446 case MOVE_MEDIUM:
447 rq->timeout = MOVE_MEDIUM_TIMEOUT;
448 break;
449 case READ_ELEMENT_STATUS:
450 rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;
451 break;
452 case READ_DEFECT_DATA:
453 rq->timeout = READ_DEFECT_DATA_TIMEOUT;
454 rq->retries = 1;
455 break;
456 default:
457 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
458 break;
459 }
460
461 if (bytes && blk_rq_map_kern(q, rq, buffer, bytes, __GFP_WAIT)) {
462 err = DRIVER_ERROR << 24;
463 goto out;
464 }
465
466 memset(sense, 0, sizeof(sense));
467 rq->sense = sense;
468 rq->sense_len = 0;
469 rq->cmd_type = REQ_TYPE_BLOCK_PC;
470
471 blk_execute_rq(q, disk, rq, 0);
472
473out:
474 err = rq->errors & 0xff;
475 if (err) {
476 if (rq->sense_len && rq->sense) {
477 bytes = (OMAX_SB_LEN > rq->sense_len) ?
478 rq->sense_len : OMAX_SB_LEN;
479 if (copy_to_user(sic->data, rq->sense, bytes))
480 err = -EFAULT;
481 }
482 } else {
483 if (copy_to_user(sic->data, buffer, out_len))
484 err = -EFAULT;
485 }
486
487error:
488 kfree(buffer);
489 blk_put_request(rq);
490 return err;
491}
492EXPORT_SYMBOL_GPL(sg_scsi_ioctl);
493
494
495static int __blk_send_generic(struct request_queue *q, struct gendisk *bd_disk,
496 int cmd, int data)
497{
498 struct request *rq;
499 int err;
500
501 rq = blk_get_request(q, WRITE, __GFP_WAIT);
502 rq->cmd_type = REQ_TYPE_BLOCK_PC;
503 rq->data = NULL;
504 rq->data_len = 0;
505 rq->extra_len = 0;
506 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
507 rq->cmd[0] = cmd;
508 rq->cmd[4] = data;
509 rq->cmd_len = 6;
510 err = blk_execute_rq(q, bd_disk, rq, 0);
511 blk_put_request(rq);
512
513 return err;
514}
515
516static inline int blk_send_start_stop(struct request_queue *q,
517 struct gendisk *bd_disk, int data)
518{
519 return __blk_send_generic(q, bd_disk, GPCMD_START_STOP_UNIT, data);
520}
521
522int scsi_cmd_ioctl(struct request_queue *q, struct gendisk *bd_disk, fmode_t mode,
523 unsigned int cmd, void __user *arg)
524{
525 int err;
526
527 if (!q || blk_get_queue(q))
528 return -ENXIO;
529
530 switch (cmd) {
531
532
533
534 case SG_GET_VERSION_NUM:
535 err = sg_get_version(arg);
536 break;
537 case SCSI_IOCTL_GET_IDLUN:
538 err = scsi_get_idlun(q, arg);
539 break;
540 case SCSI_IOCTL_GET_BUS_NUMBER:
541 err = scsi_get_bus(q, arg);
542 break;
543 case SG_SET_TIMEOUT:
544 err = sg_set_timeout(q, arg);
545 break;
546 case SG_GET_TIMEOUT:
547 err = sg_get_timeout(q);
548 break;
549 case SG_GET_RESERVED_SIZE:
550 err = sg_get_reserved_size(q, arg);
551 break;
552 case SG_SET_RESERVED_SIZE:
553 err = sg_set_reserved_size(q, arg);
554 break;
555 case SG_EMULATED_HOST:
556 err = sg_emulated_host(q, arg);
557 break;
558 case SG_IO: {
559 struct sg_io_hdr hdr;
560
561 err = -EFAULT;
562 if (copy_from_user(&hdr, arg, sizeof(hdr)))
563 break;
564 err = sg_io(q, bd_disk, &hdr, mode);
565 if (err == -EFAULT)
566 break;
567
568 if (copy_to_user(arg, &hdr, sizeof(hdr)))
569 err = -EFAULT;
570 break;
571 }
572 case CDROM_SEND_PACKET: {
573 struct cdrom_generic_command cgc;
574 struct sg_io_hdr hdr;
575
576 err = -EFAULT;
577 if (copy_from_user(&cgc, arg, sizeof(cgc)))
578 break;
579 cgc.timeout = clock_t_to_jiffies(cgc.timeout);
580 memset(&hdr, 0, sizeof(hdr));
581 hdr.interface_id = 'S';
582 hdr.cmd_len = sizeof(cgc.cmd);
583 hdr.dxfer_len = cgc.buflen;
584 err = 0;
585 switch (cgc.data_direction) {
586 case CGC_DATA_UNKNOWN:
587 hdr.dxfer_direction = SG_DXFER_UNKNOWN;
588 break;
589 case CGC_DATA_WRITE:
590 hdr.dxfer_direction = SG_DXFER_TO_DEV;
591 break;
592 case CGC_DATA_READ:
593 hdr.dxfer_direction = SG_DXFER_FROM_DEV;
594 break;
595 case CGC_DATA_NONE:
596 hdr.dxfer_direction = SG_DXFER_NONE;
597 break;
598 default:
599 err = -EINVAL;
600 }
601 if (err)
602 break;
603
604 hdr.dxferp = cgc.buffer;
605 hdr.sbp = cgc.sense;
606 if (hdr.sbp)
607 hdr.mx_sb_len = sizeof(struct request_sense);
608 hdr.timeout = jiffies_to_msecs(cgc.timeout);
609 hdr.cmdp = ((struct cdrom_generic_command __user*) arg)->cmd;
610 hdr.cmd_len = sizeof(cgc.cmd);
611
612 err = sg_io(q, bd_disk, &hdr, mode);
613 if (err == -EFAULT)
614 break;
615
616 if (hdr.status)
617 err = -EIO;
618
619 cgc.stat = err;
620 cgc.buflen = hdr.resid;
621 if (copy_to_user(arg, &cgc, sizeof(cgc)))
622 err = -EFAULT;
623
624 break;
625 }
626
627
628
629
630 case SCSI_IOCTL_SEND_COMMAND:
631 printk(KERN_WARNING "program %s is using a deprecated SCSI ioctl, please convert it to SG_IO\n", current->comm);
632 err = -EINVAL;
633 if (!arg)
634 break;
635
636 err = sg_scsi_ioctl(q, bd_disk, mode, arg);
637 break;
638 case CDROMCLOSETRAY:
639 err = blk_send_start_stop(q, bd_disk, 0x03);
640 break;
641 case CDROMEJECT:
642 err = blk_send_start_stop(q, bd_disk, 0x02);
643 break;
644 default:
645 err = -ENOTTY;
646 }
647
648 blk_put_queue(q);
649 return err;
650}
651
652EXPORT_SYMBOL(scsi_cmd_ioctl);
653
