1
2
3
4
5#include <linux/compat.h>
6#include <linux/kernel.h>
7#include <linux/errno.h>
8#include <linux/string.h>
9#include <linux/module.h>
10#include <linux/blkdev.h>
11#include <linux/capability.h>
12#include <linux/completion.h>
13#include <linux/cdrom.h>
14#include <linux/ratelimit.h>
15#include <linux/slab.h>
16#include <linux/times.h>
17#include <linux/uio.h>
18#include <linux/uaccess.h>
19
20#include <scsi/scsi.h>
21#include <scsi/scsi_ioctl.h>
22#include <scsi/scsi_cmnd.h>
23#include <scsi/sg.h>
24
25struct blk_cmd_filter {
26 unsigned long read_ok[BLK_SCSI_CMD_PER_LONG];
27 unsigned long write_ok[BLK_SCSI_CMD_PER_LONG];
28};
29
30static struct blk_cmd_filter blk_default_cmd_filter;
31
32
33const unsigned char scsi_command_size_tbl[8] =
34{
35 6, 10, 10, 12,
36 16, 12, 10, 10
37};
38EXPORT_SYMBOL(scsi_command_size_tbl);
39
40static int sg_get_version(int __user *p)
41{
42 static const int sg_version_num = 30527;
43 return put_user(sg_version_num, p);
44}
45
46static int scsi_get_idlun(struct request_queue *q, int __user *p)
47{
48 return put_user(0, p);
49}
50
51static int scsi_get_bus(struct request_queue *q, int __user *p)
52{
53 return put_user(0, p);
54}
55
56static int sg_get_timeout(struct request_queue *q)
57{
58 return jiffies_to_clock_t(q->sg_timeout);
59}
60
61static int sg_set_timeout(struct request_queue *q, int __user *p)
62{
63 int timeout, err = get_user(timeout, p);
64
65 if (!err)
66 q->sg_timeout = clock_t_to_jiffies(timeout);
67
68 return err;
69}
70
71static int max_sectors_bytes(struct request_queue *q)
72{
73 unsigned int max_sectors = queue_max_sectors(q);
74
75 max_sectors = min_t(unsigned int, max_sectors, INT_MAX >> 9);
76
77 return max_sectors << 9;
78}
79
80static int sg_get_reserved_size(struct request_queue *q, int __user *p)
81{
82 int val = min_t(int, q->sg_reserved_size, max_sectors_bytes(q));
83
84 return put_user(val, p);
85}
86
87static int sg_set_reserved_size(struct request_queue *q, int __user *p)
88{
89 int size, err = get_user(size, p);
90
91 if (err)
92 return err;
93
94 if (size < 0)
95 return -EINVAL;
96
97 q->sg_reserved_size = min(size, max_sectors_bytes(q));
98 return 0;
99}
100
101
102
103
104
105static int sg_emulated_host(struct request_queue *q, int __user *p)
106{
107 return put_user(1, p);
108}
109
110static void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter)
111{
112
113 __set_bit(TEST_UNIT_READY, filter->read_ok);
114 __set_bit(REQUEST_SENSE, filter->read_ok);
115 __set_bit(READ_6, filter->read_ok);
116 __set_bit(READ_10, filter->read_ok);
117 __set_bit(READ_12, filter->read_ok);
118 __set_bit(READ_16, filter->read_ok);
119 __set_bit(READ_BUFFER, filter->read_ok);
120 __set_bit(READ_DEFECT_DATA, filter->read_ok);
121 __set_bit(READ_CAPACITY, filter->read_ok);
122 __set_bit(READ_LONG, filter->read_ok);
123 __set_bit(INQUIRY, filter->read_ok);
124 __set_bit(MODE_SENSE, filter->read_ok);
125 __set_bit(MODE_SENSE_10, filter->read_ok);
126 __set_bit(LOG_SENSE, filter->read_ok);
127 __set_bit(START_STOP, filter->read_ok);
128 __set_bit(GPCMD_VERIFY_10, filter->read_ok);
129 __set_bit(VERIFY_16, filter->read_ok);
130 __set_bit(REPORT_LUNS, filter->read_ok);
131 __set_bit(SERVICE_ACTION_IN_16, filter->read_ok);
132 __set_bit(RECEIVE_DIAGNOSTIC, filter->read_ok);
133 __set_bit(MAINTENANCE_IN, filter->read_ok);
134 __set_bit(GPCMD_READ_BUFFER_CAPACITY, filter->read_ok);
135
136
137 __set_bit(GPCMD_PLAY_CD, filter->read_ok);
138 __set_bit(GPCMD_PLAY_AUDIO_10, filter->read_ok);
139 __set_bit(GPCMD_PLAY_AUDIO_MSF, filter->read_ok);
140 __set_bit(GPCMD_PLAY_AUDIO_TI, filter->read_ok);
141 __set_bit(GPCMD_PAUSE_RESUME, filter->read_ok);
142
143
144 __set_bit(GPCMD_READ_CD, filter->read_ok);
145 __set_bit(GPCMD_READ_CD_MSF, filter->read_ok);
146 __set_bit(GPCMD_READ_DISC_INFO, filter->read_ok);
147 __set_bit(GPCMD_READ_CDVD_CAPACITY, filter->read_ok);
148 __set_bit(GPCMD_READ_DVD_STRUCTURE, filter->read_ok);
149 __set_bit(GPCMD_READ_HEADER, filter->read_ok);
150 __set_bit(GPCMD_READ_TRACK_RZONE_INFO, filter->read_ok);
151 __set_bit(GPCMD_READ_SUBCHANNEL, filter->read_ok);
152 __set_bit(GPCMD_READ_TOC_PMA_ATIP, filter->read_ok);
153 __set_bit(GPCMD_REPORT_KEY, filter->read_ok);
154 __set_bit(GPCMD_SCAN, filter->read_ok);
155 __set_bit(GPCMD_GET_CONFIGURATION, filter->read_ok);
156 __set_bit(GPCMD_READ_FORMAT_CAPACITIES, filter->read_ok);
157 __set_bit(GPCMD_GET_EVENT_STATUS_NOTIFICATION, filter->read_ok);
158 __set_bit(GPCMD_GET_PERFORMANCE, filter->read_ok);
159 __set_bit(GPCMD_SEEK, filter->read_ok);
160 __set_bit(GPCMD_STOP_PLAY_SCAN, filter->read_ok);
161
162
163 __set_bit(WRITE_6, filter->write_ok);
164 __set_bit(WRITE_10, filter->write_ok);
165 __set_bit(WRITE_VERIFY, filter->write_ok);
166 __set_bit(WRITE_12, filter->write_ok);
167 __set_bit(WRITE_VERIFY_12, filter->write_ok);
168 __set_bit(WRITE_16, filter->write_ok);
169 __set_bit(WRITE_LONG, filter->write_ok);
170 __set_bit(WRITE_LONG_2, filter->write_ok);
171 __set_bit(WRITE_SAME, filter->write_ok);
172 __set_bit(WRITE_SAME_16, filter->write_ok);
173 __set_bit(WRITE_SAME_32, filter->write_ok);
174 __set_bit(ERASE, filter->write_ok);
175 __set_bit(GPCMD_MODE_SELECT_10, filter->write_ok);
176 __set_bit(MODE_SELECT, filter->write_ok);
177 __set_bit(LOG_SELECT, filter->write_ok);
178 __set_bit(GPCMD_BLANK, filter->write_ok);
179 __set_bit(GPCMD_CLOSE_TRACK, filter->write_ok);
180 __set_bit(GPCMD_FLUSH_CACHE, filter->write_ok);
181 __set_bit(GPCMD_FORMAT_UNIT, filter->write_ok);
182 __set_bit(GPCMD_REPAIR_RZONE_TRACK, filter->write_ok);
183 __set_bit(GPCMD_RESERVE_RZONE_TRACK, filter->write_ok);
184 __set_bit(GPCMD_SEND_DVD_STRUCTURE, filter->write_ok);
185 __set_bit(GPCMD_SEND_EVENT, filter->write_ok);
186 __set_bit(GPCMD_SEND_KEY, filter->write_ok);
187 __set_bit(GPCMD_SEND_OPC, filter->write_ok);
188 __set_bit(GPCMD_SEND_CUE_SHEET, filter->write_ok);
189 __set_bit(GPCMD_SET_SPEED, filter->write_ok);
190 __set_bit(GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL, filter->write_ok);
191 __set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok);
192 __set_bit(GPCMD_SET_STREAMING, filter->write_ok);
193 __set_bit(GPCMD_SET_READ_AHEAD, filter->write_ok);
194
195
196 __set_bit(ZBC_OUT, filter->write_ok);
197 __set_bit(ZBC_IN, filter->read_ok);
198}
199
200int blk_verify_command(unsigned char *cmd, fmode_t mode)
201{
202 struct blk_cmd_filter *filter = &blk_default_cmd_filter;
203
204
205 if (capable(CAP_SYS_RAWIO))
206 return 0;
207
208
209 if (test_bit(cmd[0], filter->read_ok))
210 return 0;
211
212
213 if (test_bit(cmd[0], filter->write_ok) && (mode & FMODE_WRITE))
214 return 0;
215
216 return -EPERM;
217}
218EXPORT_SYMBOL(blk_verify_command);
219
220static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq,
221 struct sg_io_hdr *hdr, fmode_t mode)
222{
223 struct scsi_request *req = scsi_req(rq);
224
225 if (copy_from_user(req->cmd, hdr->cmdp, hdr->cmd_len))
226 return -EFAULT;
227 if (blk_verify_command(req->cmd, mode))
228 return -EPERM;
229
230
231
232
233 req->cmd_len = hdr->cmd_len;
234
235 rq->timeout = msecs_to_jiffies(hdr->timeout);
236 if (!rq->timeout)
237 rq->timeout = q->sg_timeout;
238 if (!rq->timeout)
239 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
240 if (rq->timeout < BLK_MIN_SG_TIMEOUT)
241 rq->timeout = BLK_MIN_SG_TIMEOUT;
242
243 return 0;
244}
245
246static int blk_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr,
247 struct bio *bio)
248{
249 struct scsi_request *req = scsi_req(rq);
250 int r, ret = 0;
251
252
253
254
255 hdr->status = req->result & 0xff;
256 hdr->masked_status = status_byte(req->result);
257 hdr->msg_status = msg_byte(req->result);
258 hdr->host_status = host_byte(req->result);
259 hdr->driver_status = driver_byte(req->result);
260 hdr->info = 0;
261 if (hdr->masked_status || hdr->host_status || hdr->driver_status)
262 hdr->info |= SG_INFO_CHECK;
263 hdr->resid = req->resid_len;
264 hdr->sb_len_wr = 0;
265
266 if (req->sense_len && hdr->sbp) {
267 int len = min((unsigned int) hdr->mx_sb_len, req->sense_len);
268
269 if (!copy_to_user(hdr->sbp, req->sense, len))
270 hdr->sb_len_wr = len;
271 else
272 ret = -EFAULT;
273 }
274
275 r = blk_rq_unmap_user(bio);
276 if (!ret)
277 ret = r;
278
279 return ret;
280}
281
282static int sg_io(struct request_queue *q, struct gendisk *bd_disk,
283 struct sg_io_hdr *hdr, fmode_t mode)
284{
285 unsigned long start_time;
286 ssize_t ret = 0;
287 int writing = 0;
288 int at_head = 0;
289 struct request *rq;
290 struct scsi_request *req;
291 struct bio *bio;
292
293 if (hdr->interface_id != 'S')
294 return -EINVAL;
295
296 if (hdr->dxfer_len > (queue_max_hw_sectors(q) << 9))
297 return -EIO;
298
299 if (hdr->dxfer_len)
300 switch (hdr->dxfer_direction) {
301 default:
302 return -EINVAL;
303 case SG_DXFER_TO_DEV:
304 writing = 1;
305 break;
306 case SG_DXFER_TO_FROM_DEV:
307 case SG_DXFER_FROM_DEV:
308 break;
309 }
310 if (hdr->flags & SG_FLAG_Q_AT_HEAD)
311 at_head = 1;
312
313 ret = -ENOMEM;
314 rq = blk_get_request(q, writing ? REQ_OP_SCSI_OUT : REQ_OP_SCSI_IN, 0);
315 if (IS_ERR(rq))
316 return PTR_ERR(rq);
317 req = scsi_req(rq);
318
319 if (hdr->cmd_len > BLK_MAX_CDB) {
320 req->cmd = kzalloc(hdr->cmd_len, GFP_KERNEL);
321 if (!req->cmd)
322 goto out_put_request;
323 }
324
325 ret = blk_fill_sghdr_rq(q, rq, hdr, mode);
326 if (ret < 0)
327 goto out_free_cdb;
328
329 ret = 0;
330 if (hdr->iovec_count) {
331 struct iov_iter i;
332 struct iovec *iov = NULL;
333
334 ret = import_iovec(rq_data_dir(rq), hdr->dxferp,
335 hdr->iovec_count, 0, &iov, &i);
336 if (ret < 0)
337 goto out_free_cdb;
338
339
340 iov_iter_truncate(&i, hdr->dxfer_len);
341
342 ret = blk_rq_map_user_iov(q, rq, NULL, &i, GFP_KERNEL);
343 kfree(iov);
344 } else if (hdr->dxfer_len)
345 ret = blk_rq_map_user(q, rq, NULL, hdr->dxferp, hdr->dxfer_len,
346 GFP_KERNEL);
347
348 if (ret)
349 goto out_free_cdb;
350
351 bio = rq->bio;
352 req->retries = 0;
353
354 start_time = jiffies;
355
356 blk_execute_rq(bd_disk, rq, at_head);
357
358 hdr->duration = jiffies_to_msecs(jiffies - start_time);
359
360 ret = blk_complete_sghdr_rq(rq, hdr, bio);
361
362out_free_cdb:
363 scsi_req_free_cmd(req);
364out_put_request:
365 blk_put_request(rq);
366 return ret;
367}
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
404 struct scsi_ioctl_command __user *sic)
405{
406 enum { OMAX_SB_LEN = 16 };
407 struct request *rq;
408 struct scsi_request *req;
409 int err;
410 unsigned int in_len, out_len, bytes, opcode, cmdlen;
411 char *buffer = NULL;
412
413 if (!sic)
414 return -EINVAL;
415
416
417
418
419 if (get_user(in_len, &sic->inlen))
420 return -EFAULT;
421 if (get_user(out_len, &sic->outlen))
422 return -EFAULT;
423 if (in_len > PAGE_SIZE || out_len > PAGE_SIZE)
424 return -EINVAL;
425 if (get_user(opcode, sic->data))
426 return -EFAULT;
427
428 bytes = max(in_len, out_len);
429 if (bytes) {
430 buffer = kzalloc(bytes, GFP_NOIO | GFP_USER | __GFP_NOWARN);
431 if (!buffer)
432 return -ENOMEM;
433
434 }
435
436 rq = blk_get_request(q, in_len ? REQ_OP_SCSI_OUT : REQ_OP_SCSI_IN, 0);
437 if (IS_ERR(rq)) {
438 err = PTR_ERR(rq);
439 goto error_free_buffer;
440 }
441 req = scsi_req(rq);
442
443 cmdlen = COMMAND_SIZE(opcode);
444
445
446
447
448 err = -EFAULT;
449 req->cmd_len = cmdlen;
450 if (copy_from_user(req->cmd, sic->data, cmdlen))
451 goto error;
452
453 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
454 goto error;
455
456 err = blk_verify_command(req->cmd, mode);
457 if (err)
458 goto error;
459
460
461 req->retries = 5;
462
463 switch (opcode) {
464 case SEND_DIAGNOSTIC:
465 case FORMAT_UNIT:
466 rq->timeout = FORMAT_UNIT_TIMEOUT;
467 req->retries = 1;
468 break;
469 case START_STOP:
470 rq->timeout = START_STOP_TIMEOUT;
471 break;
472 case MOVE_MEDIUM:
473 rq->timeout = MOVE_MEDIUM_TIMEOUT;
474 break;
475 case READ_ELEMENT_STATUS:
476 rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;
477 break;
478 case READ_DEFECT_DATA:
479 rq->timeout = READ_DEFECT_DATA_TIMEOUT;
480 req->retries = 1;
481 break;
482 default:
483 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
484 break;
485 }
486
487 if (bytes && blk_rq_map_kern(q, rq, buffer, bytes, GFP_NOIO)) {
488 err = DRIVER_ERROR << 24;
489 goto error;
490 }
491
492 blk_execute_rq(disk, rq, 0);
493
494 err = req->result & 0xff;
495 if (err) {
496 if (req->sense_len && req->sense) {
497 bytes = (OMAX_SB_LEN > req->sense_len) ?
498 req->sense_len : OMAX_SB_LEN;
499 if (copy_to_user(sic->data, req->sense, bytes))
500 err = -EFAULT;
501 }
502 } else {
503 if (copy_to_user(sic->data, buffer, out_len))
504 err = -EFAULT;
505 }
506
507error:
508 blk_put_request(rq);
509
510error_free_buffer:
511 kfree(buffer);
512
513 return err;
514}
515EXPORT_SYMBOL_GPL(sg_scsi_ioctl);
516
517
518static int __blk_send_generic(struct request_queue *q, struct gendisk *bd_disk,
519 int cmd, int data)
520{
521 struct request *rq;
522 int err;
523
524 rq = blk_get_request(q, REQ_OP_SCSI_OUT, 0);
525 if (IS_ERR(rq))
526 return PTR_ERR(rq);
527 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
528 scsi_req(rq)->cmd[0] = cmd;
529 scsi_req(rq)->cmd[4] = data;
530 scsi_req(rq)->cmd_len = 6;
531 blk_execute_rq(bd_disk, rq, 0);
532 err = scsi_req(rq)->result ? -EIO : 0;
533 blk_put_request(rq);
534
535 return err;
536}
537
538static inline int blk_send_start_stop(struct request_queue *q,
539 struct gendisk *bd_disk, int data)
540{
541 return __blk_send_generic(q, bd_disk, GPCMD_START_STOP_UNIT, data);
542}
543
544int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp)
545{
546#ifdef CONFIG_COMPAT
547 if (in_compat_syscall()) {
548 struct compat_sg_io_hdr hdr32 = {
549 .interface_id = hdr->interface_id,
550 .dxfer_direction = hdr->dxfer_direction,
551 .cmd_len = hdr->cmd_len,
552 .mx_sb_len = hdr->mx_sb_len,
553 .iovec_count = hdr->iovec_count,
554 .dxfer_len = hdr->dxfer_len,
555 .dxferp = (uintptr_t)hdr->dxferp,
556 .cmdp = (uintptr_t)hdr->cmdp,
557 .sbp = (uintptr_t)hdr->sbp,
558 .timeout = hdr->timeout,
559 .flags = hdr->flags,
560 .pack_id = hdr->pack_id,
561 .usr_ptr = (uintptr_t)hdr->usr_ptr,
562 .status = hdr->status,
563 .masked_status = hdr->masked_status,
564 .msg_status = hdr->msg_status,
565 .sb_len_wr = hdr->sb_len_wr,
566 .host_status = hdr->host_status,
567 .driver_status = hdr->driver_status,
568 .resid = hdr->resid,
569 .duration = hdr->duration,
570 .info = hdr->info,
571 };
572
573 if (copy_to_user(argp, &hdr32, sizeof(hdr32)))
574 return -EFAULT;
575
576 return 0;
577 }
578#endif
579
580 if (copy_to_user(argp, hdr, sizeof(*hdr)))
581 return -EFAULT;
582
583 return 0;
584}
585EXPORT_SYMBOL(put_sg_io_hdr);
586
587int get_sg_io_hdr(struct sg_io_hdr *hdr, const void __user *argp)
588{
589#ifdef CONFIG_COMPAT
590 struct compat_sg_io_hdr hdr32;
591
592 if (in_compat_syscall()) {
593 if (copy_from_user(&hdr32, argp, sizeof(hdr32)))
594 return -EFAULT;
595
596 *hdr = (struct sg_io_hdr) {
597 .interface_id = hdr32.interface_id,
598 .dxfer_direction = hdr32.dxfer_direction,
599 .cmd_len = hdr32.cmd_len,
600 .mx_sb_len = hdr32.mx_sb_len,
601 .iovec_count = hdr32.iovec_count,
602 .dxfer_len = hdr32.dxfer_len,
603 .dxferp = compat_ptr(hdr32.dxferp),
604 .cmdp = compat_ptr(hdr32.cmdp),
605 .sbp = compat_ptr(hdr32.sbp),
606 .timeout = hdr32.timeout,
607 .flags = hdr32.flags,
608 .pack_id = hdr32.pack_id,
609 .usr_ptr = compat_ptr(hdr32.usr_ptr),
610 .status = hdr32.status,
611 .masked_status = hdr32.masked_status,
612 .msg_status = hdr32.msg_status,
613 .sb_len_wr = hdr32.sb_len_wr,
614 .host_status = hdr32.host_status,
615 .driver_status = hdr32.driver_status,
616 .resid = hdr32.resid,
617 .duration = hdr32.duration,
618 .info = hdr32.info,
619 };
620
621 return 0;
622 }
623#endif
624
625 if (copy_from_user(hdr, argp, sizeof(*hdr)))
626 return -EFAULT;
627
628 return 0;
629}
630EXPORT_SYMBOL(get_sg_io_hdr);
631
632#ifdef CONFIG_COMPAT
633struct compat_cdrom_generic_command {
634 unsigned char cmd[CDROM_PACKET_SIZE];
635 compat_caddr_t buffer;
636 compat_uint_t buflen;
637 compat_int_t stat;
638 compat_caddr_t sense;
639 unsigned char data_direction;
640 unsigned char pad[3];
641 compat_int_t quiet;
642 compat_int_t timeout;
643 compat_caddr_t unused;
644};
645#endif
646
647static int scsi_get_cdrom_generic_arg(struct cdrom_generic_command *cgc,
648 const void __user *arg)
649{
650#ifdef CONFIG_COMPAT
651 if (in_compat_syscall()) {
652 struct compat_cdrom_generic_command cgc32;
653
654 if (copy_from_user(&cgc32, arg, sizeof(cgc32)))
655 return -EFAULT;
656
657 *cgc = (struct cdrom_generic_command) {
658 .buffer = compat_ptr(cgc32.buffer),
659 .buflen = cgc32.buflen,
660 .stat = cgc32.stat,
661 .sense = compat_ptr(cgc32.sense),
662 .data_direction = cgc32.data_direction,
663 .quiet = cgc32.quiet,
664 .timeout = cgc32.timeout,
665 .unused = compat_ptr(cgc32.unused),
666 };
667 memcpy(&cgc->cmd, &cgc32.cmd, CDROM_PACKET_SIZE);
668 return 0;
669 }
670#endif
671 if (copy_from_user(cgc, arg, sizeof(*cgc)))
672 return -EFAULT;
673
674 return 0;
675}
676
677static int scsi_put_cdrom_generic_arg(const struct cdrom_generic_command *cgc,
678 void __user *arg)
679{
680#ifdef CONFIG_COMPAT
681 if (in_compat_syscall()) {
682 struct compat_cdrom_generic_command cgc32 = {
683 .buffer = (uintptr_t)(cgc->buffer),
684 .buflen = cgc->buflen,
685 .stat = cgc->stat,
686 .sense = (uintptr_t)(cgc->sense),
687 .data_direction = cgc->data_direction,
688 .quiet = cgc->quiet,
689 .timeout = cgc->timeout,
690 .unused = (uintptr_t)(cgc->unused),
691 };
692 memcpy(&cgc32.cmd, &cgc->cmd, CDROM_PACKET_SIZE);
693
694 if (copy_to_user(arg, &cgc32, sizeof(cgc32)))
695 return -EFAULT;
696
697 return 0;
698 }
699#endif
700 if (copy_to_user(arg, cgc, sizeof(*cgc)))
701 return -EFAULT;
702
703 return 0;
704}
705
706static int scsi_cdrom_send_packet(struct request_queue *q,
707 struct gendisk *bd_disk,
708 fmode_t mode, void __user *arg)
709{
710 struct cdrom_generic_command cgc;
711 struct sg_io_hdr hdr;
712 int err;
713
714 err = scsi_get_cdrom_generic_arg(&cgc, arg);
715 if (err)
716 return err;
717
718 cgc.timeout = clock_t_to_jiffies(cgc.timeout);
719 memset(&hdr, 0, sizeof(hdr));
720 hdr.interface_id = 'S';
721 hdr.cmd_len = sizeof(cgc.cmd);
722 hdr.dxfer_len = cgc.buflen;
723 switch (cgc.data_direction) {
724 case CGC_DATA_UNKNOWN:
725 hdr.dxfer_direction = SG_DXFER_UNKNOWN;
726 break;
727 case CGC_DATA_WRITE:
728 hdr.dxfer_direction = SG_DXFER_TO_DEV;
729 break;
730 case CGC_DATA_READ:
731 hdr.dxfer_direction = SG_DXFER_FROM_DEV;
732 break;
733 case CGC_DATA_NONE:
734 hdr.dxfer_direction = SG_DXFER_NONE;
735 break;
736 default:
737 return -EINVAL;
738 }
739
740 hdr.dxferp = cgc.buffer;
741 hdr.sbp = cgc.sense;
742 if (hdr.sbp)
743 hdr.mx_sb_len = sizeof(struct request_sense);
744 hdr.timeout = jiffies_to_msecs(cgc.timeout);
745 hdr.cmdp = ((struct cdrom_generic_command __user*) arg)->cmd;
746 hdr.cmd_len = sizeof(cgc.cmd);
747
748 err = sg_io(q, bd_disk, &hdr, mode);
749 if (err == -EFAULT)
750 return -EFAULT;
751
752 if (hdr.status)
753 return -EIO;
754
755 cgc.stat = err;
756 cgc.buflen = hdr.resid;
757 if (scsi_put_cdrom_generic_arg(&cgc, arg))
758 return -EFAULT;
759
760 return err;
761}
762
763int scsi_cmd_ioctl(struct request_queue *q, struct gendisk *bd_disk, fmode_t mode,
764 unsigned int cmd, void __user *arg)
765{
766 int err;
767
768 if (!q)
769 return -ENXIO;
770
771 switch (cmd) {
772
773
774
775 case SG_GET_VERSION_NUM:
776 err = sg_get_version(arg);
777 break;
778 case SCSI_IOCTL_GET_IDLUN:
779 err = scsi_get_idlun(q, arg);
780 break;
781 case SCSI_IOCTL_GET_BUS_NUMBER:
782 err = scsi_get_bus(q, arg);
783 break;
784 case SG_SET_TIMEOUT:
785 err = sg_set_timeout(q, arg);
786 break;
787 case SG_GET_TIMEOUT:
788 err = sg_get_timeout(q);
789 break;
790 case SG_GET_RESERVED_SIZE:
791 err = sg_get_reserved_size(q, arg);
792 break;
793 case SG_SET_RESERVED_SIZE:
794 err = sg_set_reserved_size(q, arg);
795 break;
796 case SG_EMULATED_HOST:
797 err = sg_emulated_host(q, arg);
798 break;
799 case SG_IO: {
800 struct sg_io_hdr hdr;
801
802 err = get_sg_io_hdr(&hdr, arg);
803 if (err)
804 break;
805 err = sg_io(q, bd_disk, &hdr, mode);
806 if (err == -EFAULT)
807 break;
808
809 if (put_sg_io_hdr(&hdr, arg))
810 err = -EFAULT;
811 break;
812 }
813 case CDROM_SEND_PACKET:
814 err = scsi_cdrom_send_packet(q, bd_disk, mode, arg);
815 break;
816
817
818
819
820 case SCSI_IOCTL_SEND_COMMAND:
821 printk(KERN_WARNING "program %s is using a deprecated SCSI ioctl, please convert it to SG_IO\n", current->comm);
822 err = -EINVAL;
823 if (!arg)
824 break;
825
826 err = sg_scsi_ioctl(q, bd_disk, mode, arg);
827 break;
828 case CDROMCLOSETRAY:
829 err = blk_send_start_stop(q, bd_disk, 0x03);
830 break;
831 case CDROMEJECT:
832 err = blk_send_start_stop(q, bd_disk, 0x02);
833 break;
834 default:
835 err = -ENOTTY;
836 }
837
838 return err;
839}
840EXPORT_SYMBOL(scsi_cmd_ioctl);
841
842int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd)
843{
844 if (bd && !bdev_is_partition(bd))
845 return 0;
846
847 if (capable(CAP_SYS_RAWIO))
848 return 0;
849
850 return -ENOIOCTLCMD;
851}
852EXPORT_SYMBOL(scsi_verify_blk_ioctl);
853
854int scsi_cmd_blk_ioctl(struct block_device *bd, fmode_t mode,
855 unsigned int cmd, void __user *arg)
856{
857 int ret;
858
859 ret = scsi_verify_blk_ioctl(bd, cmd);
860 if (ret < 0)
861 return ret;
862
863 return scsi_cmd_ioctl(bd->bd_disk->queue, bd->bd_disk, mode, cmd, arg);
864}
865EXPORT_SYMBOL(scsi_cmd_blk_ioctl);
866
867
868
869
870
871
872
873void scsi_req_init(struct scsi_request *req)
874{
875 memset(req->__cmd, 0, sizeof(req->__cmd));
876 req->cmd = req->__cmd;
877 req->cmd_len = BLK_MAX_CDB;
878 req->sense_len = 0;
879}
880EXPORT_SYMBOL(scsi_req_init);
881
882static int __init blk_scsi_ioctl_init(void)
883{
884 blk_set_cmd_filter_defaults(&blk_default_cmd_filter);
885 return 0;
886}
887fs_initcall(blk_scsi_ioctl_init);
888
