1
2
3
4
5#include <linux/compat.h>
6#include <linux/kernel.h>
7#include <linux/errno.h>
8#include <linux/string.h>
9#include <linux/module.h>
10#include <linux/blkdev.h>
11#include <linux/capability.h>
12#include <linux/completion.h>
13#include <linux/cdrom.h>
14#include <linux/ratelimit.h>
15#include <linux/slab.h>
16#include <linux/times.h>
17#include <linux/uio.h>
18#include <linux/uaccess.h>
19
20#include <scsi/scsi.h>
21#include <scsi/scsi_ioctl.h>
22#include <scsi/scsi_cmnd.h>
23#include <scsi/sg.h>
24
25struct blk_cmd_filter {
26 unsigned long read_ok[BLK_SCSI_CMD_PER_LONG];
27 unsigned long write_ok[BLK_SCSI_CMD_PER_LONG];
28};
29
30static struct blk_cmd_filter blk_default_cmd_filter;
31
32
33const unsigned char scsi_command_size_tbl[8] =
34{
35 6, 10, 10, 12,
36 16, 12, 10, 10
37};
38EXPORT_SYMBOL(scsi_command_size_tbl);
39
40static int sg_get_version(int __user *p)
41{
42 static const int sg_version_num = 30527;
43 return put_user(sg_version_num, p);
44}
45
46static int scsi_get_idlun(struct request_queue *q, int __user *p)
47{
48 return put_user(0, p);
49}
50
51static int scsi_get_bus(struct request_queue *q, int __user *p)
52{
53 return put_user(0, p);
54}
55
56static int sg_get_timeout(struct request_queue *q)
57{
58 return jiffies_to_clock_t(q->sg_timeout);
59}
60
61static int sg_set_timeout(struct request_queue *q, int __user *p)
62{
63 int timeout, err = get_user(timeout, p);
64
65 if (!err)
66 q->sg_timeout = clock_t_to_jiffies(timeout);
67
68 return err;
69}
70
71static int max_sectors_bytes(struct request_queue *q)
72{
73 unsigned int max_sectors = queue_max_sectors(q);
74
75 max_sectors = min_t(unsigned int, max_sectors, INT_MAX >> 9);
76
77 return max_sectors << 9;
78}
79
80static int sg_get_reserved_size(struct request_queue *q, int __user *p)
81{
82 int val = min_t(int, q->sg_reserved_size, max_sectors_bytes(q));
83
84 return put_user(val, p);
85}
86
87static int sg_set_reserved_size(struct request_queue *q, int __user *p)
88{
89 int size, err = get_user(size, p);
90
91 if (err)
92 return err;
93
94 if (size < 0)
95 return -EINVAL;
96
97 q->sg_reserved_size = min(size, max_sectors_bytes(q));
98 return 0;
99}
100
101
102
103
104
105static int sg_emulated_host(struct request_queue *q, int __user *p)
106{
107 return put_user(1, p);
108}
109
110static void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter)
111{
112
113 __set_bit(TEST_UNIT_READY, filter->read_ok);
114 __set_bit(REQUEST_SENSE, filter->read_ok);
115 __set_bit(READ_6, filter->read_ok);
116 __set_bit(READ_10, filter->read_ok);
117 __set_bit(READ_12, filter->read_ok);
118 __set_bit(READ_16, filter->read_ok);
119 __set_bit(READ_BUFFER, filter->read_ok);
120 __set_bit(READ_DEFECT_DATA, filter->read_ok);
121 __set_bit(READ_CAPACITY, filter->read_ok);
122 __set_bit(READ_LONG, filter->read_ok);
123 __set_bit(INQUIRY, filter->read_ok);
124 __set_bit(MODE_SENSE, filter->read_ok);
125 __set_bit(MODE_SENSE_10, filter->read_ok);
126 __set_bit(LOG_SENSE, filter->read_ok);
127 __set_bit(START_STOP, filter->read_ok);
128 __set_bit(GPCMD_VERIFY_10, filter->read_ok);
129 __set_bit(VERIFY_16, filter->read_ok);
130 __set_bit(REPORT_LUNS, filter->read_ok);
131 __set_bit(SERVICE_ACTION_IN_16, filter->read_ok);
132 __set_bit(RECEIVE_DIAGNOSTIC, filter->read_ok);
133 __set_bit(MAINTENANCE_IN, filter->read_ok);
134 __set_bit(GPCMD_READ_BUFFER_CAPACITY, filter->read_ok);
135
136
137 __set_bit(GPCMD_PLAY_CD, filter->read_ok);
138 __set_bit(GPCMD_PLAY_AUDIO_10, filter->read_ok);
139 __set_bit(GPCMD_PLAY_AUDIO_MSF, filter->read_ok);
140 __set_bit(GPCMD_PLAY_AUDIO_TI, filter->read_ok);
141 __set_bit(GPCMD_PAUSE_RESUME, filter->read_ok);
142
143
144 __set_bit(GPCMD_READ_CD, filter->read_ok);
145 __set_bit(GPCMD_READ_CD_MSF, filter->read_ok);
146 __set_bit(GPCMD_READ_DISC_INFO, filter->read_ok);
147 __set_bit(GPCMD_READ_CDVD_CAPACITY, filter->read_ok);
148 __set_bit(GPCMD_READ_DVD_STRUCTURE, filter->read_ok);
149 __set_bit(GPCMD_READ_HEADER, filter->read_ok);
150 __set_bit(GPCMD_READ_TRACK_RZONE_INFO, filter->read_ok);
151 __set_bit(GPCMD_READ_SUBCHANNEL, filter->read_ok);
152 __set_bit(GPCMD_READ_TOC_PMA_ATIP, filter->read_ok);
153 __set_bit(GPCMD_REPORT_KEY, filter->read_ok);
154 __set_bit(GPCMD_SCAN, filter->read_ok);
155 __set_bit(GPCMD_GET_CONFIGURATION, filter->read_ok);
156 __set_bit(GPCMD_READ_FORMAT_CAPACITIES, filter->read_ok);
157 __set_bit(GPCMD_GET_EVENT_STATUS_NOTIFICATION, filter->read_ok);
158 __set_bit(GPCMD_GET_PERFORMANCE, filter->read_ok);
159 __set_bit(GPCMD_SEEK, filter->read_ok);
160 __set_bit(GPCMD_STOP_PLAY_SCAN, filter->read_ok);
161
162
163 __set_bit(WRITE_6, filter->write_ok);
164 __set_bit(WRITE_10, filter->write_ok);
165 __set_bit(WRITE_VERIFY, filter->write_ok);
166 __set_bit(WRITE_12, filter->write_ok);
167 __set_bit(WRITE_VERIFY_12, filter->write_ok);
168 __set_bit(WRITE_16, filter->write_ok);
169 __set_bit(WRITE_LONG, filter->write_ok);
170 __set_bit(WRITE_LONG_2, filter->write_ok);
171 __set_bit(WRITE_SAME, filter->write_ok);
172 __set_bit(WRITE_SAME_16, filter->write_ok);
173 __set_bit(WRITE_SAME_32, filter->write_ok);
174 __set_bit(ERASE, filter->write_ok);
175 __set_bit(GPCMD_MODE_SELECT_10, filter->write_ok);
176 __set_bit(MODE_SELECT, filter->write_ok);
177 __set_bit(LOG_SELECT, filter->write_ok);
178 __set_bit(GPCMD_BLANK, filter->write_ok);
179 __set_bit(GPCMD_CLOSE_TRACK, filter->write_ok);
180 __set_bit(GPCMD_FLUSH_CACHE, filter->write_ok);
181 __set_bit(GPCMD_FORMAT_UNIT, filter->write_ok);
182 __set_bit(GPCMD_REPAIR_RZONE_TRACK, filter->write_ok);
183 __set_bit(GPCMD_RESERVE_RZONE_TRACK, filter->write_ok);
184 __set_bit(GPCMD_SEND_DVD_STRUCTURE, filter->write_ok);
185 __set_bit(GPCMD_SEND_EVENT, filter->write_ok);
186 __set_bit(GPCMD_SEND_KEY, filter->write_ok);
187 __set_bit(GPCMD_SEND_OPC, filter->write_ok);
188 __set_bit(GPCMD_SEND_CUE_SHEET, filter->write_ok);
189 __set_bit(GPCMD_SET_SPEED, filter->write_ok);
190 __set_bit(GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL, filter->write_ok);
191 __set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok);
192 __set_bit(GPCMD_SET_STREAMING, filter->write_ok);
193 __set_bit(GPCMD_SET_READ_AHEAD, filter->write_ok);
194
195
196 __set_bit(ZBC_OUT, filter->write_ok);
197 __set_bit(ZBC_IN, filter->read_ok);
198}
199
200int blk_verify_command(unsigned char *cmd, fmode_t mode)
201{
202 struct blk_cmd_filter *filter = &blk_default_cmd_filter;
203
204
205 if (capable(CAP_SYS_RAWIO))
206 return 0;
207
208
209 if (test_bit(cmd[0], filter->read_ok))
210 return 0;
211
212
213 if (test_bit(cmd[0], filter->write_ok) && (mode & FMODE_WRITE))
214 return 0;
215
216 return -EPERM;
217}
218EXPORT_SYMBOL(blk_verify_command);
219
220static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq,
221 struct sg_io_hdr *hdr, fmode_t mode)
222{
223 struct scsi_request *req = scsi_req(rq);
224
225 if (copy_from_user(req->cmd, hdr->cmdp, hdr->cmd_len))
226 return -EFAULT;
227 if (blk_verify_command(req->cmd, mode))
228 return -EPERM;
229
230
231
232
233 req->cmd_len = hdr->cmd_len;
234
235 rq->timeout = msecs_to_jiffies(hdr->timeout);
236 if (!rq->timeout)
237 rq->timeout = q->sg_timeout;
238 if (!rq->timeout)
239 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
240 if (rq->timeout < BLK_MIN_SG_TIMEOUT)
241 rq->timeout = BLK_MIN_SG_TIMEOUT;
242
243 return 0;
244}
245
246static int blk_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr,
247 struct bio *bio)
248{
249 struct scsi_request *req = scsi_req(rq);
250 int r, ret = 0;
251
252
253
254
255 hdr->status = req->result & 0xff;
256 hdr->masked_status = status_byte(req->result);
257 hdr->msg_status = COMMAND_COMPLETE;
258 hdr->host_status = host_byte(req->result);
259 hdr->driver_status = 0;
260 if (scsi_status_is_check_condition(hdr->status))
261 hdr->driver_status = DRIVER_SENSE;
262 hdr->info = 0;
263 if (hdr->masked_status || hdr->host_status || hdr->driver_status)
264 hdr->info |= SG_INFO_CHECK;
265 hdr->resid = req->resid_len;
266 hdr->sb_len_wr = 0;
267
268 if (req->sense_len && hdr->sbp) {
269 int len = min((unsigned int) hdr->mx_sb_len, req->sense_len);
270
271 if (!copy_to_user(hdr->sbp, req->sense, len))
272 hdr->sb_len_wr = len;
273 else
274 ret = -EFAULT;
275 }
276
277 r = blk_rq_unmap_user(bio);
278 if (!ret)
279 ret = r;
280
281 return ret;
282}
283
284static int sg_io(struct request_queue *q, struct gendisk *bd_disk,
285 struct sg_io_hdr *hdr, fmode_t mode)
286{
287 unsigned long start_time;
288 ssize_t ret = 0;
289 int writing = 0;
290 int at_head = 0;
291 struct request *rq;
292 struct scsi_request *req;
293 struct bio *bio;
294
295 if (hdr->interface_id != 'S')
296 return -EINVAL;
297
298 if (hdr->dxfer_len > (queue_max_hw_sectors(q) << 9))
299 return -EIO;
300
301 if (hdr->dxfer_len)
302 switch (hdr->dxfer_direction) {
303 default:
304 return -EINVAL;
305 case SG_DXFER_TO_DEV:
306 writing = 1;
307 break;
308 case SG_DXFER_TO_FROM_DEV:
309 case SG_DXFER_FROM_DEV:
310 break;
311 }
312 if (hdr->flags & SG_FLAG_Q_AT_HEAD)
313 at_head = 1;
314
315 ret = -ENOMEM;
316 rq = blk_get_request(q, writing ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);
317 if (IS_ERR(rq))
318 return PTR_ERR(rq);
319 req = scsi_req(rq);
320
321 if (hdr->cmd_len > BLK_MAX_CDB) {
322 req->cmd = kzalloc(hdr->cmd_len, GFP_KERNEL);
323 if (!req->cmd)
324 goto out_put_request;
325 }
326
327 ret = blk_fill_sghdr_rq(q, rq, hdr, mode);
328 if (ret < 0)
329 goto out_free_cdb;
330
331 ret = 0;
332 if (hdr->iovec_count) {
333 struct iov_iter i;
334 struct iovec *iov = NULL;
335
336 ret = import_iovec(rq_data_dir(rq), hdr->dxferp,
337 hdr->iovec_count, 0, &iov, &i);
338 if (ret < 0)
339 goto out_free_cdb;
340
341
342 iov_iter_truncate(&i, hdr->dxfer_len);
343
344 ret = blk_rq_map_user_iov(q, rq, NULL, &i, GFP_KERNEL);
345 kfree(iov);
346 } else if (hdr->dxfer_len)
347 ret = blk_rq_map_user(q, rq, NULL, hdr->dxferp, hdr->dxfer_len,
348 GFP_KERNEL);
349
350 if (ret)
351 goto out_free_cdb;
352
353 bio = rq->bio;
354 req->retries = 0;
355
356 start_time = jiffies;
357
358 blk_execute_rq(bd_disk, rq, at_head);
359
360 hdr->duration = jiffies_to_msecs(jiffies - start_time);
361
362 ret = blk_complete_sghdr_rq(rq, hdr, bio);
363
364out_free_cdb:
365 scsi_req_free_cmd(req);
366out_put_request:
367 blk_put_request(rq);
368 return ret;
369}
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
406 struct scsi_ioctl_command __user *sic)
407{
408 enum { OMAX_SB_LEN = 16 };
409 struct request *rq;
410 struct scsi_request *req;
411 int err;
412 unsigned int in_len, out_len, bytes, opcode, cmdlen;
413 char *buffer = NULL;
414
415 if (!sic)
416 return -EINVAL;
417
418
419
420
421 if (get_user(in_len, &sic->inlen))
422 return -EFAULT;
423 if (get_user(out_len, &sic->outlen))
424 return -EFAULT;
425 if (in_len > PAGE_SIZE || out_len > PAGE_SIZE)
426 return -EINVAL;
427 if (get_user(opcode, sic->data))
428 return -EFAULT;
429
430 bytes = max(in_len, out_len);
431 if (bytes) {
432 buffer = kzalloc(bytes, GFP_NOIO | GFP_USER | __GFP_NOWARN);
433 if (!buffer)
434 return -ENOMEM;
435
436 }
437
438 rq = blk_get_request(q, in_len ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);
439 if (IS_ERR(rq)) {
440 err = PTR_ERR(rq);
441 goto error_free_buffer;
442 }
443 req = scsi_req(rq);
444
445 cmdlen = COMMAND_SIZE(opcode);
446
447
448
449
450 err = -EFAULT;
451 req->cmd_len = cmdlen;
452 if (copy_from_user(req->cmd, sic->data, cmdlen))
453 goto error;
454
455 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
456 goto error;
457
458 err = blk_verify_command(req->cmd, mode);
459 if (err)
460 goto error;
461
462
463 req->retries = 5;
464
465 switch (opcode) {
466 case SEND_DIAGNOSTIC:
467 case FORMAT_UNIT:
468 rq->timeout = FORMAT_UNIT_TIMEOUT;
469 req->retries = 1;
470 break;
471 case START_STOP:
472 rq->timeout = START_STOP_TIMEOUT;
473 break;
474 case MOVE_MEDIUM:
475 rq->timeout = MOVE_MEDIUM_TIMEOUT;
476 break;
477 case READ_ELEMENT_STATUS:
478 rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;
479 break;
480 case READ_DEFECT_DATA:
481 rq->timeout = READ_DEFECT_DATA_TIMEOUT;
482 req->retries = 1;
483 break;
484 default:
485 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
486 break;
487 }
488
489 if (bytes) {
490 err = blk_rq_map_kern(q, rq, buffer, bytes, GFP_NOIO);
491 if (err)
492 goto error;
493 }
494
495 blk_execute_rq(disk, rq, 0);
496
497 err = req->result & 0xff;
498 if (err) {
499 if (req->sense_len && req->sense) {
500 bytes = (OMAX_SB_LEN > req->sense_len) ?
501 req->sense_len : OMAX_SB_LEN;
502 if (copy_to_user(sic->data, req->sense, bytes))
503 err = -EFAULT;
504 }
505 } else {
506 if (copy_to_user(sic->data, buffer, out_len))
507 err = -EFAULT;
508 }
509
510error:
511 blk_put_request(rq);
512
513error_free_buffer:
514 kfree(buffer);
515
516 return err;
517}
518EXPORT_SYMBOL_GPL(sg_scsi_ioctl);
519
520
521static int __blk_send_generic(struct request_queue *q, struct gendisk *bd_disk,
522 int cmd, int data)
523{
524 struct request *rq;
525 int err;
526
527 rq = blk_get_request(q, REQ_OP_DRV_OUT, 0);
528 if (IS_ERR(rq))
529 return PTR_ERR(rq);
530 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
531 scsi_req(rq)->cmd[0] = cmd;
532 scsi_req(rq)->cmd[4] = data;
533 scsi_req(rq)->cmd_len = 6;
534 blk_execute_rq(bd_disk, rq, 0);
535 err = scsi_req(rq)->result ? -EIO : 0;
536 blk_put_request(rq);
537
538 return err;
539}
540
541static inline int blk_send_start_stop(struct request_queue *q,
542 struct gendisk *bd_disk, int data)
543{
544 return __blk_send_generic(q, bd_disk, GPCMD_START_STOP_UNIT, data);
545}
546
547int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp)
548{
549#ifdef CONFIG_COMPAT
550 if (in_compat_syscall()) {
551 struct compat_sg_io_hdr hdr32 = {
552 .interface_id = hdr->interface_id,
553 .dxfer_direction = hdr->dxfer_direction,
554 .cmd_len = hdr->cmd_len,
555 .mx_sb_len = hdr->mx_sb_len,
556 .iovec_count = hdr->iovec_count,
557 .dxfer_len = hdr->dxfer_len,
558 .dxferp = (uintptr_t)hdr->dxferp,
559 .cmdp = (uintptr_t)hdr->cmdp,
560 .sbp = (uintptr_t)hdr->sbp,
561 .timeout = hdr->timeout,
562 .flags = hdr->flags,
563 .pack_id = hdr->pack_id,
564 .usr_ptr = (uintptr_t)hdr->usr_ptr,
565 .status = hdr->status,
566 .masked_status = hdr->masked_status,
567 .msg_status = hdr->msg_status,
568 .sb_len_wr = hdr->sb_len_wr,
569 .host_status = hdr->host_status,
570 .driver_status = hdr->driver_status,
571 .resid = hdr->resid,
572 .duration = hdr->duration,
573 .info = hdr->info,
574 };
575
576 if (copy_to_user(argp, &hdr32, sizeof(hdr32)))
577 return -EFAULT;
578
579 return 0;
580 }
581#endif
582
583 if (copy_to_user(argp, hdr, sizeof(*hdr)))
584 return -EFAULT;
585
586 return 0;
587}
588EXPORT_SYMBOL(put_sg_io_hdr);
589
590int get_sg_io_hdr(struct sg_io_hdr *hdr, const void __user *argp)
591{
592#ifdef CONFIG_COMPAT
593 struct compat_sg_io_hdr hdr32;
594
595 if (in_compat_syscall()) {
596 if (copy_from_user(&hdr32, argp, sizeof(hdr32)))
597 return -EFAULT;
598
599 *hdr = (struct sg_io_hdr) {
600 .interface_id = hdr32.interface_id,
601 .dxfer_direction = hdr32.dxfer_direction,
602 .cmd_len = hdr32.cmd_len,
603 .mx_sb_len = hdr32.mx_sb_len,
604 .iovec_count = hdr32.iovec_count,
605 .dxfer_len = hdr32.dxfer_len,
606 .dxferp = compat_ptr(hdr32.dxferp),
607 .cmdp = compat_ptr(hdr32.cmdp),
608 .sbp = compat_ptr(hdr32.sbp),
609 .timeout = hdr32.timeout,
610 .flags = hdr32.flags,
611 .pack_id = hdr32.pack_id,
612 .usr_ptr = compat_ptr(hdr32.usr_ptr),
613 .status = hdr32.status,
614 .masked_status = hdr32.masked_status,
615 .msg_status = hdr32.msg_status,
616 .sb_len_wr = hdr32.sb_len_wr,
617 .host_status = hdr32.host_status,
618 .driver_status = hdr32.driver_status,
619 .resid = hdr32.resid,
620 .duration = hdr32.duration,
621 .info = hdr32.info,
622 };
623
624 return 0;
625 }
626#endif
627
628 if (copy_from_user(hdr, argp, sizeof(*hdr)))
629 return -EFAULT;
630
631 return 0;
632}
633EXPORT_SYMBOL(get_sg_io_hdr);
634
635#ifdef CONFIG_COMPAT
636struct compat_cdrom_generic_command {
637 unsigned char cmd[CDROM_PACKET_SIZE];
638 compat_caddr_t buffer;
639 compat_uint_t buflen;
640 compat_int_t stat;
641 compat_caddr_t sense;
642 unsigned char data_direction;
643 unsigned char pad[3];
644 compat_int_t quiet;
645 compat_int_t timeout;
646 compat_caddr_t unused;
647};
648#endif
649
650static int scsi_get_cdrom_generic_arg(struct cdrom_generic_command *cgc,
651 const void __user *arg)
652{
653#ifdef CONFIG_COMPAT
654 if (in_compat_syscall()) {
655 struct compat_cdrom_generic_command cgc32;
656
657 if (copy_from_user(&cgc32, arg, sizeof(cgc32)))
658 return -EFAULT;
659
660 *cgc = (struct cdrom_generic_command) {
661 .buffer = compat_ptr(cgc32.buffer),
662 .buflen = cgc32.buflen,
663 .stat = cgc32.stat,
664 .sense = compat_ptr(cgc32.sense),
665 .data_direction = cgc32.data_direction,
666 .quiet = cgc32.quiet,
667 .timeout = cgc32.timeout,
668 .unused = compat_ptr(cgc32.unused),
669 };
670 memcpy(&cgc->cmd, &cgc32.cmd, CDROM_PACKET_SIZE);
671 return 0;
672 }
673#endif
674 if (copy_from_user(cgc, arg, sizeof(*cgc)))
675 return -EFAULT;
676
677 return 0;
678}
679
680static int scsi_put_cdrom_generic_arg(const struct cdrom_generic_command *cgc,
681 void __user *arg)
682{
683#ifdef CONFIG_COMPAT
684 if (in_compat_syscall()) {
685 struct compat_cdrom_generic_command cgc32 = {
686 .buffer = (uintptr_t)(cgc->buffer),
687 .buflen = cgc->buflen,
688 .stat = cgc->stat,
689 .sense = (uintptr_t)(cgc->sense),
690 .data_direction = cgc->data_direction,
691 .quiet = cgc->quiet,
692 .timeout = cgc->timeout,
693 .unused = (uintptr_t)(cgc->unused),
694 };
695 memcpy(&cgc32.cmd, &cgc->cmd, CDROM_PACKET_SIZE);
696
697 if (copy_to_user(arg, &cgc32, sizeof(cgc32)))
698 return -EFAULT;
699
700 return 0;
701 }
702#endif
703 if (copy_to_user(arg, cgc, sizeof(*cgc)))
704 return -EFAULT;
705
706 return 0;
707}
708
709static int scsi_cdrom_send_packet(struct request_queue *q,
710 struct gendisk *bd_disk,
711 fmode_t mode, void __user *arg)
712{
713 struct cdrom_generic_command cgc;
714 struct sg_io_hdr hdr;
715 int err;
716
717 err = scsi_get_cdrom_generic_arg(&cgc, arg);
718 if (err)
719 return err;
720
721 cgc.timeout = clock_t_to_jiffies(cgc.timeout);
722 memset(&hdr, 0, sizeof(hdr));
723 hdr.interface_id = 'S';
724 hdr.cmd_len = sizeof(cgc.cmd);
725 hdr.dxfer_len = cgc.buflen;
726 switch (cgc.data_direction) {
727 case CGC_DATA_UNKNOWN:
728 hdr.dxfer_direction = SG_DXFER_UNKNOWN;
729 break;
730 case CGC_DATA_WRITE:
731 hdr.dxfer_direction = SG_DXFER_TO_DEV;
732 break;
733 case CGC_DATA_READ:
734 hdr.dxfer_direction = SG_DXFER_FROM_DEV;
735 break;
736 case CGC_DATA_NONE:
737 hdr.dxfer_direction = SG_DXFER_NONE;
738 break;
739 default:
740 return -EINVAL;
741 }
742
743 hdr.dxferp = cgc.buffer;
744 hdr.sbp = cgc.sense;
745 if (hdr.sbp)
746 hdr.mx_sb_len = sizeof(struct request_sense);
747 hdr.timeout = jiffies_to_msecs(cgc.timeout);
748 hdr.cmdp = ((struct cdrom_generic_command __user*) arg)->cmd;
749 hdr.cmd_len = sizeof(cgc.cmd);
750
751 err = sg_io(q, bd_disk, &hdr, mode);
752 if (err == -EFAULT)
753 return -EFAULT;
754
755 if (hdr.status)
756 return -EIO;
757
758 cgc.stat = err;
759 cgc.buflen = hdr.resid;
760 if (scsi_put_cdrom_generic_arg(&cgc, arg))
761 return -EFAULT;
762
763 return err;
764}
765
766int scsi_cmd_ioctl(struct request_queue *q, struct gendisk *bd_disk, fmode_t mode,
767 unsigned int cmd, void __user *arg)
768{
769 int err;
770
771 if (!q)
772 return -ENXIO;
773
774 switch (cmd) {
775
776
777
778 case SG_GET_VERSION_NUM:
779 err = sg_get_version(arg);
780 break;
781 case SCSI_IOCTL_GET_IDLUN:
782 err = scsi_get_idlun(q, arg);
783 break;
784 case SCSI_IOCTL_GET_BUS_NUMBER:
785 err = scsi_get_bus(q, arg);
786 break;
787 case SG_SET_TIMEOUT:
788 err = sg_set_timeout(q, arg);
789 break;
790 case SG_GET_TIMEOUT:
791 err = sg_get_timeout(q);
792 break;
793 case SG_GET_RESERVED_SIZE:
794 err = sg_get_reserved_size(q, arg);
795 break;
796 case SG_SET_RESERVED_SIZE:
797 err = sg_set_reserved_size(q, arg);
798 break;
799 case SG_EMULATED_HOST:
800 err = sg_emulated_host(q, arg);
801 break;
802 case SG_IO: {
803 struct sg_io_hdr hdr;
804
805 err = get_sg_io_hdr(&hdr, arg);
806 if (err)
807 break;
808 err = sg_io(q, bd_disk, &hdr, mode);
809 if (err == -EFAULT)
810 break;
811
812 if (put_sg_io_hdr(&hdr, arg))
813 err = -EFAULT;
814 break;
815 }
816 case CDROM_SEND_PACKET:
817 err = scsi_cdrom_send_packet(q, bd_disk, mode, arg);
818 break;
819
820
821
822
823 case SCSI_IOCTL_SEND_COMMAND:
824 printk(KERN_WARNING "program %s is using a deprecated SCSI ioctl, please convert it to SG_IO\n", current->comm);
825 err = -EINVAL;
826 if (!arg)
827 break;
828
829 err = sg_scsi_ioctl(q, bd_disk, mode, arg);
830 break;
831 case CDROMCLOSETRAY:
832 err = blk_send_start_stop(q, bd_disk, 0x03);
833 break;
834 case CDROMEJECT:
835 err = blk_send_start_stop(q, bd_disk, 0x02);
836 break;
837 default:
838 err = -ENOTTY;
839 }
840
841 return err;
842}
843EXPORT_SYMBOL(scsi_cmd_ioctl);
844
845int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd)
846{
847 if (bd && !bdev_is_partition(bd))
848 return 0;
849
850 if (capable(CAP_SYS_RAWIO))
851 return 0;
852
853 return -ENOIOCTLCMD;
854}
855EXPORT_SYMBOL(scsi_verify_blk_ioctl);
856
857int scsi_cmd_blk_ioctl(struct block_device *bd, fmode_t mode,
858 unsigned int cmd, void __user *arg)
859{
860 int ret;
861
862 ret = scsi_verify_blk_ioctl(bd, cmd);
863 if (ret < 0)
864 return ret;
865
866 return scsi_cmd_ioctl(bd->bd_disk->queue, bd->bd_disk, mode, cmd, arg);
867}
868EXPORT_SYMBOL(scsi_cmd_blk_ioctl);
869
870
871
872
873
874
875
876void scsi_req_init(struct scsi_request *req)
877{
878 memset(req->__cmd, 0, sizeof(req->__cmd));
879 req->cmd = req->__cmd;
880 req->cmd_len = BLK_MAX_CDB;
881 req->sense_len = 0;
882}
883EXPORT_SYMBOL(scsi_req_init);
884
885static int __init blk_scsi_ioctl_init(void)
886{
887 blk_set_cmd_filter_defaults(&blk_default_cmd_filter);
888 return 0;
889}
890fs_initcall(blk_scsi_ioctl_init);
891