]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - drivers/scsi/scsi_ioctl.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
UBUNTU: Ubuntu-5.15.0-39.42
[mirror_ubuntu-jammy-kernel.git] / drivers / scsi / scsi_ioctl.c
CommitLineData
457c8996 1// SPDX-License-Identifier: GPL-2.0-only
1da177e4
LT		 2/*
3 * Changes:
4 * Arnaldo Carvalho de Melo <acme@conectiva.com.br> 08/23/2000
5 * - get rid of some verify_areas and use __copy*user and __get/put_user
6 * for the ones that remain
7 */
8#include <linux/module.h>
9#include <linux/blkdev.h>
10#include <linux/interrupt.h>
11#include <linux/errno.h>
12#include <linux/kernel.h>
13#include <linux/sched.h>
14#include <linux/mm.h>
15#include <linux/string.h>
7c0f6ba6 16#include <linux/uaccess.h>
f2542a3b 17#include <linux/cdrom.h>
1da177e4
LT		 18
19#include <scsi/scsi.h>
beb40487 20#include <scsi/scsi_cmnd.h>
1da177e4
LT		 21#include <scsi/scsi_device.h>
22#include <scsi/scsi_eh.h>
23#include <scsi/scsi_host.h>
24#include <scsi/scsi_ioctl.h>
1da177e4
LT		 25#include <scsi/sg.h>
26#include <scsi/scsi_dbg.h>
27
28#include "scsi_logging.h"
29
30#define NORMAL_RETRIES 5
31#define IOCTL_NORMAL_TIMEOUT (10 * HZ)
1da177e4
LT		 32
33#define MAX_BUF PAGE_SIZE
34
32993523
CH		 35/**
36 * ioctl_probe -- return host identification
37 * @host: host to identify
38 * @buffer: userspace buffer for identification
39 *
40 * Return an identifying string at @buffer, if @buffer is non-NULL, filling
41 * to the length stored at * (int *) @buffer.
1da177e4 42 */
1da177e4
LT		 43static int ioctl_probe(struct Scsi_Host *host, void __user *buffer)
44{
45 unsigned int len, slen;
46 const char *string;
1da177e4 47
32993523 48 if (buffer) {
1da177e4
LT		 49 if (get_user(len, (unsigned int __user *) buffer))
50 return -EFAULT;
51
52 if (host->hostt->info)
53 string = host->hostt->info(host);
54 else
55 string = host->hostt->name;
56 if (string) {
57 slen = strlen(string);
58 if (len > slen)
59 len = slen + 1;
60 if (copy_to_user(buffer, string, len))
61 return -EFAULT;
62 }
63 }
32993523 64 return 1;
1da177e4
LT		 65}
66
1da177e4
LT		 67static int ioctl_internal_command(struct scsi_device *sdev, char *cmd,
68 int timeout, int retries)
69{
1da177e4
LT		 70 int result;
71 struct scsi_sense_hdr sshdr;
72
e5f73ce3
HR		 73 SCSI_LOG_IOCTL(1, sdev_printk(KERN_INFO, sdev,
74 "Trying ioctl with scsi command %d\n", *cmd));
1da177e4 75
1cf72699 76 result = scsi_execute_req(sdev, cmd, DMA_NONE, NULL, 0,
f4f4e47e 77 &sshdr, timeout, retries, NULL);
1da177e4 78
e5f73ce3
HR		 79 SCSI_LOG_IOCTL(2, sdev_printk(KERN_INFO, sdev,
80 "Ioctl returned 0x%x\n", result));
1da177e4 81
ced202f7
HR		 82 if (result < 0)
83 goto out;
464a00c9 84 if (scsi_sense_valid(&sshdr)) {
1da177e4
LT		 85 switch (sshdr.sense_key) {
86 case ILLEGAL_REQUEST:
87 if (cmd[0] == ALLOW_MEDIUM_REMOVAL)
88 sdev->lockable = 0;
89 else
e5f73ce3
HR		 90 sdev_printk(KERN_INFO, sdev,
91 "ioctl_internal_command: "
92 "ILLEGAL REQUEST "
93 "asc=0x%x ascq=0x%x\n",
94 sshdr.asc, sshdr.ascq);
1da177e4
LT		 95 break;
96 case NOT_READY: /* This happens if there is no disc in drive */
a75ad3c2 97 if (sdev->removable)
1da177e4 98 break;
df561f66 99 fallthrough;
1da177e4
LT		 100 case UNIT_ATTENTION:
101 if (sdev->removable) {
102 sdev->changed = 1;
1cf72699 103 result = 0; /* This is no longer considered an error */
1da177e4
LT		 104 break;
105 }
df561f66 106 fallthrough; /* for non-removable media */
3bf2ff67 107 default:
9ccfc756
JB		 108 sdev_printk(KERN_INFO, sdev,
109 "ioctl_internal_command return code = %x\n",
110 result);
d811b848 111 scsi_print_sense_hdr(sdev, NULL, &sshdr);
1da177e4
LT		 112 break;
113 }
114 }
ced202f7 115out:
e5f73ce3
HR		 116 SCSI_LOG_IOCTL(2, sdev_printk(KERN_INFO, sdev,
117 "IOCTL Releasing command\n"));
1da177e4
LT		 118 return result;
119}
120
121int scsi_set_medium_removal(struct scsi_device *sdev, char state)
122{
123 char scsi_cmd[MAX_COMMAND_SIZE];
124 int ret;
125
126 if (!sdev->removable || !sdev->lockable)
127 return 0;
128
129 scsi_cmd[0] = ALLOW_MEDIUM_REMOVAL;
130 scsi_cmd[1] = 0;
131 scsi_cmd[2] = 0;
132 scsi_cmd[3] = 0;
133 scsi_cmd[4] = state;
134 scsi_cmd[5] = 0;
135
136 ret = ioctl_internal_command(sdev, scsi_cmd,
137 IOCTL_NORMAL_TIMEOUT, NORMAL_RETRIES);
138 if (ret == 0)
139 sdev->locked = (state == SCSI_REMOVAL_PREVENT);
140 return ret;
141}
142EXPORT_SYMBOL(scsi_set_medium_removal);
143
1da177e4
LT		 144/*
145 * The scsi_ioctl_get_pci() function places into arg the value
146 * pci_dev::slot_name (8 characters) for the PCI device (if any).
147 * Returns: 0 on success
148 * -ENXIO if there isn't a PCI device pointer
149 * (could be because the SCSI driver hasn't been
150 * updated yet, or because it isn't a SCSI
151 * device)
152 * any copy_to_user() error on failure there
153 */
154static int scsi_ioctl_get_pci(struct scsi_device *sdev, void __user *arg)
155{
156 struct device *dev = scsi_get_device(sdev->host);
71610f55 157 const char *name;
1da177e4
LT		 158
159 if (!dev)
160 return -ENXIO;
71610f55
KS		 161
162 name = dev_name(dev);
163
164 /* compatibility with old ioctl which only returned
165 * 20 characters */
166 return copy_to_user(arg, name, min(strlen(name), (size_t)20))
167 ? -EFAULT: 0;
1da177e4
LT		 168}
169
f2542a3b
CH		 170static int sg_get_version(int __user *p)
171{
172 static const int sg_version_num = 30527;
173 return put_user(sg_version_num, p);
174}
175
1e61c1a8 176static int sg_set_timeout(struct scsi_device *sdev, int __user *p)
f2542a3b
CH		 177{
178 int timeout, err = get_user(timeout, p);
179
180 if (!err)
1e61c1a8 181 sdev->sg_timeout = clock_t_to_jiffies(timeout);
f2542a3b
CH		 182
183 return err;
184}
185
1e61c1a8 186static int sg_get_reserved_size(struct scsi_device *sdev, int __user *p)
f2542a3b 187{
1e61c1a8
CH		 188 int val = min(sdev->sg_reserved_size,
189 queue_max_bytes(sdev->request_queue));
f2542a3b
CH		 190
191 return put_user(val, p);
192}
193
1e61c1a8 194static int sg_set_reserved_size(struct scsi_device *sdev, int __user *p)
f2542a3b
CH		 195{
196 int size, err = get_user(size, p);
197
198 if (err)
199 return err;
200
201 if (size < 0)
202 return -EINVAL;
203
1e61c1a8
CH		 204 sdev->sg_reserved_size = min_t(unsigned int, size,
205 queue_max_bytes(sdev->request_queue));
f2542a3b
CH		 206 return 0;
207}
208
209/*
210 * will always return that we are ATAPI even for a real SCSI drive, I'm not
211 * so sure this is worth doing anything about (why would you care??)
212 */
213static int sg_emulated_host(struct request_queue *q, int __user *p)
214{
215 return put_user(1, p);
216}
217
2102a5cc
CH		 218static int scsi_get_idlun(struct scsi_device *sdev, void __user *argp)
219{
220 struct scsi_idlun v = {
221 .dev_id = (sdev->id & 0xff) +
222 ((sdev->lun & 0xff) << 8) +
223 ((sdev->channel & 0xff) << 16) +
224 ((sdev->host->host_no & 0xff) << 24),
225 .host_unique_id = sdev->host->unique_id
226 };
227 if (copy_to_user(argp, &v, sizeof(struct scsi_idlun)))
228 return -EFAULT;
229 return 0;
230}
231
51476187 232static int scsi_send_start_stop(struct scsi_device *sdev, int data)
f2542a3b 233{
51476187 234 u8 cdb[MAX_COMMAND_SIZE] = { };
f2542a3b 235
51476187
CH		 236 cdb[0] = START_STOP;
237 cdb[4] = data;
238 return ioctl_internal_command(sdev, cdb, START_STOP_TIMEOUT,
239 NORMAL_RETRIES);
f2542a3b
CH		 240}
241
242/*
243 * Check if the given command is allowed.
244 *
245 * Only a subset of commands are allowed for unprivileged users. Commands used
246 * to format the media, update the firmware, etc. are not permitted.
247 */
248bool scsi_cmd_allowed(unsigned char *cmd, fmode_t mode)
249{
250 /* root can do any command. */
251 if (capable(CAP_SYS_RAWIO))
252 return true;
253
254 /* Anybody who can open the device can do a read-safe command */
255 switch (cmd[0]) {
256 /* Basic read-only commands */
257 case TEST_UNIT_READY:
258 case REQUEST_SENSE:
259 case READ_6:
260 case READ_10:
261 case READ_12:
262 case READ_16:
263 case READ_BUFFER:
264 case READ_DEFECT_DATA:
265 case READ_CAPACITY: /* also GPCMD_READ_CDVD_CAPACITY */
266 case READ_LONG:
267 case INQUIRY:
268 case MODE_SENSE:
269 case MODE_SENSE_10:
270 case LOG_SENSE:
271 case START_STOP:
272 case GPCMD_VERIFY_10:
273 case VERIFY_16:
274 case REPORT_LUNS:
275 case SERVICE_ACTION_IN_16:
276 case RECEIVE_DIAGNOSTIC:
277 case MAINTENANCE_IN: /* also GPCMD_SEND_KEY, which is a write command */
278 case GPCMD_READ_BUFFER_CAPACITY:
279 /* Audio CD commands */
280 case GPCMD_PLAY_CD:
281 case GPCMD_PLAY_AUDIO_10:
282 case GPCMD_PLAY_AUDIO_MSF:
283 case GPCMD_PLAY_AUDIO_TI:
284 case GPCMD_PAUSE_RESUME:
285 /* CD/DVD data reading */
286 case GPCMD_READ_CD:
287 case GPCMD_READ_CD_MSF:
288 case GPCMD_READ_DISC_INFO:
289 case GPCMD_READ_DVD_STRUCTURE:
290 case GPCMD_READ_HEADER:
291 case GPCMD_READ_TRACK_RZONE_INFO:
292 case GPCMD_READ_SUBCHANNEL:
293 case GPCMD_READ_TOC_PMA_ATIP:
294 case GPCMD_REPORT_KEY:
295 case GPCMD_SCAN:
296 case GPCMD_GET_CONFIGURATION:
297 case GPCMD_READ_FORMAT_CAPACITIES:
298 case GPCMD_GET_EVENT_STATUS_NOTIFICATION:
299 case GPCMD_GET_PERFORMANCE:
300 case GPCMD_SEEK:
301 case GPCMD_STOP_PLAY_SCAN:
302 /* ZBC */
303 case ZBC_IN:
304 return true;
305 /* Basic writing commands */
306 case WRITE_6:
307 case WRITE_10:
308 case WRITE_VERIFY:
309 case WRITE_12:
310 case WRITE_VERIFY_12:
311 case WRITE_16:
312 case WRITE_LONG:
313 case WRITE_LONG_2:
314 case WRITE_SAME:
315 case WRITE_SAME_16:
316 case WRITE_SAME_32:
317 case ERASE:
318 case GPCMD_MODE_SELECT_10:
319 case MODE_SELECT:
320 case LOG_SELECT:
321 case GPCMD_BLANK:
322 case GPCMD_CLOSE_TRACK:
323 case GPCMD_FLUSH_CACHE:
324 case GPCMD_FORMAT_UNIT:
325 case GPCMD_REPAIR_RZONE_TRACK:
326 case GPCMD_RESERVE_RZONE_TRACK:
327 case GPCMD_SEND_DVD_STRUCTURE:
328 case GPCMD_SEND_EVENT:
329 case GPCMD_SEND_OPC:
330 case GPCMD_SEND_CUE_SHEET:
331 case GPCMD_SET_SPEED:
332 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
333 case GPCMD_LOAD_UNLOAD:
334 case GPCMD_SET_STREAMING:
335 case GPCMD_SET_READ_AHEAD:
336 /* ZBC */
337 case ZBC_OUT:
338 return (mode & FMODE_WRITE);
339 default:
340 return false;
341 }
342}
343EXPORT_SYMBOL(scsi_cmd_allowed);
344
1e61c1a8 345static int scsi_fill_sghdr_rq(struct scsi_device *sdev, struct request *rq,
f2542a3b
CH		 346 struct sg_io_hdr *hdr, fmode_t mode)
347{
348 struct scsi_request *req = scsi_req(rq);
349
8f435ae6
TS		 350 if (hdr->cmd_len < 6)
351 return -EMSGSIZE;
f2542a3b
CH		 352 if (copy_from_user(req->cmd, hdr->cmdp, hdr->cmd_len))
353 return -EFAULT;
354 if (!scsi_cmd_allowed(req->cmd, mode))
355 return -EPERM;
356
357 /*
358 * fill in request structure
359 */
360 req->cmd_len = hdr->cmd_len;
361
362 rq->timeout = msecs_to_jiffies(hdr->timeout);
363 if (!rq->timeout)
1e61c1a8 364 rq->timeout = sdev->sg_timeout;
f2542a3b
CH		 365 if (!rq->timeout)
366 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
367 if (rq->timeout < BLK_MIN_SG_TIMEOUT)
368 rq->timeout = BLK_MIN_SG_TIMEOUT;
369
370 return 0;
371}
372
373static int scsi_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr,
374 struct bio *bio)
375{
376 struct scsi_request *req = scsi_req(rq);
377 int r, ret = 0;
378
379 /*
380 * fill in all the output members
381 */
382 hdr->status = req->result & 0xff;
383 hdr->masked_status = status_byte(req->result);
384 hdr->msg_status = COMMAND_COMPLETE;
385 hdr->host_status = host_byte(req->result);
386 hdr->driver_status = 0;
387 if (scsi_status_is_check_condition(hdr->status))
388 hdr->driver_status = DRIVER_SENSE;
389 hdr->info = 0;
390 if (hdr->masked_status || hdr->host_status || hdr->driver_status)
391 hdr->info |= SG_INFO_CHECK;
392 hdr->resid = req->resid_len;
393 hdr->sb_len_wr = 0;
394
395 if (req->sense_len && hdr->sbp) {
396 int len = min((unsigned int) hdr->mx_sb_len, req->sense_len);
397
398 if (!copy_to_user(hdr->sbp, req->sense, len))
399 hdr->sb_len_wr = len;
400 else
401 ret = -EFAULT;
402 }
403
404 r = blk_rq_unmap_user(bio);
405 if (!ret)
406 ret = r;
407
408 return ret;
409}
410
1e61c1a8 411static int sg_io(struct scsi_device *sdev, struct gendisk *disk,
f2542a3b
CH		 412 struct sg_io_hdr *hdr, fmode_t mode)
413{
414 unsigned long start_time;
415 ssize_t ret = 0;
416 int writing = 0;
417 int at_head = 0;
418 struct request *rq;
419 struct scsi_request *req;
420 struct bio *bio;
421
422 if (hdr->interface_id != 'S')
423 return -EINVAL;
424
1e61c1a8 425 if (hdr->dxfer_len > (queue_max_hw_sectors(sdev->request_queue) << 9))
f2542a3b
CH		 426 return -EIO;
427
428 if (hdr->dxfer_len)
429 switch (hdr->dxfer_direction) {
430 default:
431 return -EINVAL;
432 case SG_DXFER_TO_DEV:
433 writing = 1;
434 break;
435 case SG_DXFER_TO_FROM_DEV:
436 case SG_DXFER_FROM_DEV:
437 break;
438 }
439 if (hdr->flags & SG_FLAG_Q_AT_HEAD)
440 at_head = 1;
441
442 ret = -ENOMEM;
1e61c1a8
CH		 443 rq = blk_get_request(sdev->request_queue, writing ?
444 REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);
f2542a3b
CH		 445 if (IS_ERR(rq))
446 return PTR_ERR(rq);
447 req = scsi_req(rq);
448
449 if (hdr->cmd_len > BLK_MAX_CDB) {
450 req->cmd = kzalloc(hdr->cmd_len, GFP_KERNEL);
451 if (!req->cmd)
452 goto out_put_request;
453 }
454
1e61c1a8 455 ret = scsi_fill_sghdr_rq(sdev, rq, hdr, mode);
f2542a3b
CH		 456 if (ret < 0)
457 goto out_free_cdb;
458
459 ret = 0;
460 if (hdr->iovec_count) {
461 struct iov_iter i;
462 struct iovec *iov = NULL;
463
464 ret = import_iovec(rq_data_dir(rq), hdr->dxferp,
465 hdr->iovec_count, 0, &iov, &i);
466 if (ret < 0)
467 goto out_free_cdb;
468
469 /* SG_IO howto says that the shorter of the two wins */
470 iov_iter_truncate(&i, hdr->dxfer_len);
471
1e61c1a8 472 ret = blk_rq_map_user_iov(rq->q, rq, NULL, &i, GFP_KERNEL);
f2542a3b
CH		 473 kfree(iov);
474 } else if (hdr->dxfer_len)
1e61c1a8
CH		 475 ret = blk_rq_map_user(rq->q, rq, NULL, hdr->dxferp,
476 hdr->dxfer_len, GFP_KERNEL);
f2542a3b
CH		 477
478 if (ret)
479 goto out_free_cdb;
480
481 bio = rq->bio;
482 req->retries = 0;
483
484 start_time = jiffies;
485
1e61c1a8 486 blk_execute_rq(disk, rq, at_head);
f2542a3b
CH		 487
488 hdr->duration = jiffies_to_msecs(jiffies - start_time);
489
490 ret = scsi_complete_sghdr_rq(rq, hdr, bio);
491
492out_free_cdb:
493 scsi_req_free_cmd(req);
494out_put_request:
495 blk_put_request(rq);
496 return ret;
497}
498
499/**
500 * sg_scsi_ioctl -- handle deprecated SCSI_IOCTL_SEND_COMMAND ioctl
501 * @q: request queue to send scsi commands down
502 * @disk: gendisk to operate on (option)
503 * @mode: mode used to open the file through which the ioctl has been
504 * submitted
505 * @sic: userspace structure describing the command to perform
506 *
507 * Send down the scsi command described by @sic to the device below
508 * the request queue @q. If @file is non-NULL it's used to perform
509 * fine-grained permission checks that allow users to send down
510 * non-destructive SCSI commands. If the caller has a struct gendisk
511 * available it should be passed in as @disk to allow the low level
512 * driver to use the information contained in it. A non-NULL @disk
513 * is only allowed if the caller knows that the low level driver doesn't
514 * need it (e.g. in the scsi subsystem).
515 *
516 * Notes:
517 * - This interface is deprecated - users should use the SG_IO
518 * interface instead, as this is a more flexible approach to
519 * performing SCSI commands on a device.
520 * - The SCSI command length is determined by examining the 1st byte
521 * of the given command. There is no way to override this.
522 * - Data transfers are limited to PAGE_SIZE
523 * - The length (x + y) must be at least OMAX_SB_LEN bytes long to
524 * accommodate the sense buffer when an error occurs.
525 * The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that
526 * old code will not be surprised.
527 * - If a Unix error occurs (e.g. ENOMEM) then the user will receive
528 * a negative return and the Unix error code in 'errno'.
529 * If the SCSI command succeeds then 0 is returned.
530 * Positive numbers returned are the compacted SCSI error codes (4
531 * bytes in one int) where the lowest byte is the SCSI status.
532 */
08dc2f9b
CH		 533static int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk,
534 fmode_t mode, struct scsi_ioctl_command __user *sic)
f2542a3b
CH		 535{
536 enum { OMAX_SB_LEN = 16 }; /* For backward compatibility */
537 struct request *rq;
538 struct scsi_request *req;
539 int err;
540 unsigned int in_len, out_len, bytes, opcode, cmdlen;
541 char *buffer = NULL;
542
543 if (!sic)
544 return -EINVAL;
545
546 /*
547 * get in an out lengths, verify they don't exceed a page worth of data
548 */
549 if (get_user(in_len, &sic->inlen))
550 return -EFAULT;
551 if (get_user(out_len, &sic->outlen))
552 return -EFAULT;
553 if (in_len > PAGE_SIZE || out_len > PAGE_SIZE)
554 return -EINVAL;
555 if (get_user(opcode, sic->data))
556 return -EFAULT;
557
558 bytes = max(in_len, out_len);
559 if (bytes) {
560 buffer = kzalloc(bytes, GFP_NOIO | GFP_USER | __GFP_NOWARN);
561 if (!buffer)
562 return -ENOMEM;
563
564 }
565
566 rq = blk_get_request(q, in_len ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);
567 if (IS_ERR(rq)) {
568 err = PTR_ERR(rq);
569 goto error_free_buffer;
570 }
571 req = scsi_req(rq);
572
573 cmdlen = COMMAND_SIZE(opcode);
574
575 /*
576 * get command and data to send to device, if any
577 */
578 err = -EFAULT;
579 req->cmd_len = cmdlen;
580 if (copy_from_user(req->cmd, sic->data, cmdlen))
581 goto error;
582
583 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
584 goto error;
585
586 err = -EPERM;
587 if (!scsi_cmd_allowed(req->cmd, mode))
588 goto error;
589
590 /* default. possible overridden later */
591 req->retries = 5;
592
593 switch (opcode) {
594 case SEND_DIAGNOSTIC:
595 case FORMAT_UNIT:
596 rq->timeout = FORMAT_UNIT_TIMEOUT;
597 req->retries = 1;
598 break;
599 case START_STOP:
600 rq->timeout = START_STOP_TIMEOUT;
601 break;
602 case MOVE_MEDIUM:
603 rq->timeout = MOVE_MEDIUM_TIMEOUT;
604 break;
605 case READ_ELEMENT_STATUS:
606 rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;
607 break;
608 case READ_DEFECT_DATA:
609 rq->timeout = READ_DEFECT_DATA_TIMEOUT;
610 req->retries = 1;
611 break;
612 default:
613 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
614 break;
615 }
616
617 if (bytes) {
618 err = blk_rq_map_kern(q, rq, buffer, bytes, GFP_NOIO);
619 if (err)
620 goto error;
621 }
622
623 blk_execute_rq(disk, rq, 0);
624
625 err = req->result & 0xff; /* only 8 bit SCSI status */
626 if (err) {
627 if (req->sense_len && req->sense) {
628 bytes = (OMAX_SB_LEN > req->sense_len) ?
629 req->sense_len : OMAX_SB_LEN;
630 if (copy_to_user(sic->data, req->sense, bytes))
631 err = -EFAULT;
632 }
633 } else {
634 if (copy_to_user(sic->data, buffer, out_len))
635 err = -EFAULT;
636 }
637
638error:
639 blk_put_request(rq);
640
641error_free_buffer:
642 kfree(buffer);
643
644 return err;
645}
f2542a3b
CH		 646
647int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp)
648{
649#ifdef CONFIG_COMPAT
650 if (in_compat_syscall()) {
651 struct compat_sg_io_hdr hdr32 = {
652 .interface_id = hdr->interface_id,
653 .dxfer_direction = hdr->dxfer_direction,
654 .cmd_len = hdr->cmd_len,
655 .mx_sb_len = hdr->mx_sb_len,
656 .iovec_count = hdr->iovec_count,
657 .dxfer_len = hdr->dxfer_len,
658 .dxferp = (uintptr_t)hdr->dxferp,
659 .cmdp = (uintptr_t)hdr->cmdp,
660 .sbp = (uintptr_t)hdr->sbp,
661 .timeout = hdr->timeout,
662 .flags = hdr->flags,
663 .pack_id = hdr->pack_id,
664 .usr_ptr = (uintptr_t)hdr->usr_ptr,
665 .status = hdr->status,
666 .masked_status = hdr->masked_status,
667 .msg_status = hdr->msg_status,
668 .sb_len_wr = hdr->sb_len_wr,
669 .host_status = hdr->host_status,
670 .driver_status = hdr->driver_status,
671 .resid = hdr->resid,
672 .duration = hdr->duration,
673 .info = hdr->info,
674 };
675
676 if (copy_to_user(argp, &hdr32, sizeof(hdr32)))
677 return -EFAULT;
678
679 return 0;
680 }
681#endif
682
683 if (copy_to_user(argp, hdr, sizeof(*hdr)))
684 return -EFAULT;
685
686 return 0;
687}
688EXPORT_SYMBOL(put_sg_io_hdr);
689
690int get_sg_io_hdr(struct sg_io_hdr *hdr, const void __user *argp)
691{
692#ifdef CONFIG_COMPAT
693 struct compat_sg_io_hdr hdr32;
694
695 if (in_compat_syscall()) {
696 if (copy_from_user(&hdr32, argp, sizeof(hdr32)))
697 return -EFAULT;
698
699 *hdr = (struct sg_io_hdr) {
700 .interface_id = hdr32.interface_id,
701 .dxfer_direction = hdr32.dxfer_direction,
702 .cmd_len = hdr32.cmd_len,
703 .mx_sb_len = hdr32.mx_sb_len,
704 .iovec_count = hdr32.iovec_count,
705 .dxfer_len = hdr32.dxfer_len,
706 .dxferp = compat_ptr(hdr32.dxferp),
707 .cmdp = compat_ptr(hdr32.cmdp),
708 .sbp = compat_ptr(hdr32.sbp),
709 .timeout = hdr32.timeout,
710 .flags = hdr32.flags,
711 .pack_id = hdr32.pack_id,
712 .usr_ptr = compat_ptr(hdr32.usr_ptr),
713 .status = hdr32.status,
714 .masked_status = hdr32.masked_status,
715 .msg_status = hdr32.msg_status,
716 .sb_len_wr = hdr32.sb_len_wr,
717 .host_status = hdr32.host_status,
718 .driver_status = hdr32.driver_status,
719 .resid = hdr32.resid,
720 .duration = hdr32.duration,
721 .info = hdr32.info,
722 };
723
724 return 0;
725 }
726#endif
727
728 if (copy_from_user(hdr, argp, sizeof(*hdr)))
729 return -EFAULT;
730
731 return 0;
732}
733EXPORT_SYMBOL(get_sg_io_hdr);
734
735#ifdef CONFIG_COMPAT
736struct compat_cdrom_generic_command {
737 unsigned char cmd[CDROM_PACKET_SIZE];
738 compat_caddr_t buffer;
739 compat_uint_t buflen;
740 compat_int_t stat;
741 compat_caddr_t sense;
742 unsigned char data_direction;
743 unsigned char pad[3];
744 compat_int_t quiet;
745 compat_int_t timeout;
746 compat_caddr_t unused;
747};
748#endif
749
750static int scsi_get_cdrom_generic_arg(struct cdrom_generic_command *cgc,
751 const void __user *arg)
752{
753#ifdef CONFIG_COMPAT
754 if (in_compat_syscall()) {
755 struct compat_cdrom_generic_command cgc32;
756
757 if (copy_from_user(&cgc32, arg, sizeof(cgc32)))
758 return -EFAULT;
759
760 *cgc = (struct cdrom_generic_command) {
761 .buffer = compat_ptr(cgc32.buffer),
762 .buflen = cgc32.buflen,
763 .stat = cgc32.stat,
764 .sense = compat_ptr(cgc32.sense),
765 .data_direction = cgc32.data_direction,
766 .quiet = cgc32.quiet,
767 .timeout = cgc32.timeout,
768 .unused = compat_ptr(cgc32.unused),
769 };
770 memcpy(&cgc->cmd, &cgc32.cmd, CDROM_PACKET_SIZE);
771 return 0;
772 }
773#endif
774 if (copy_from_user(cgc, arg, sizeof(*cgc)))
775 return -EFAULT;
776
777 return 0;
778}
779
780static int scsi_put_cdrom_generic_arg(const struct cdrom_generic_command *cgc,
781 void __user *arg)
782{
783#ifdef CONFIG_COMPAT
784 if (in_compat_syscall()) {
785 struct compat_cdrom_generic_command cgc32 = {
786 .buffer = (uintptr_t)(cgc->buffer),
787 .buflen = cgc->buflen,
788 .stat = cgc->stat,
789 .sense = (uintptr_t)(cgc->sense),
790 .data_direction = cgc->data_direction,
791 .quiet = cgc->quiet,
792 .timeout = cgc->timeout,
793 .unused = (uintptr_t)(cgc->unused),
794 };
795 memcpy(&cgc32.cmd, &cgc->cmd, CDROM_PACKET_SIZE);
796
797 if (copy_to_user(arg, &cgc32, sizeof(cgc32)))
798 return -EFAULT;
799
800 return 0;
801 }
802#endif
803 if (copy_to_user(arg, cgc, sizeof(*cgc)))
804 return -EFAULT;
805
806 return 0;
807}
808
1e61c1a8
CH		 809static int scsi_cdrom_send_packet(struct scsi_device *sdev, struct gendisk *disk,
810 fmode_t mode, void __user *arg)
f2542a3b
CH		 811{
812 struct cdrom_generic_command cgc;
813 struct sg_io_hdr hdr;
814 int err;
815
816 err = scsi_get_cdrom_generic_arg(&cgc, arg);
817 if (err)
818 return err;
819
820 cgc.timeout = clock_t_to_jiffies(cgc.timeout);
821 memset(&hdr, 0, sizeof(hdr));
822 hdr.interface_id = 'S';
823 hdr.cmd_len = sizeof(cgc.cmd);
824 hdr.dxfer_len = cgc.buflen;
825 switch (cgc.data_direction) {
826 case CGC_DATA_UNKNOWN:
827 hdr.dxfer_direction = SG_DXFER_UNKNOWN;
828 break;
829 case CGC_DATA_WRITE:
830 hdr.dxfer_direction = SG_DXFER_TO_DEV;
831 break;
832 case CGC_DATA_READ:
833 hdr.dxfer_direction = SG_DXFER_FROM_DEV;
834 break;
835 case CGC_DATA_NONE:
836 hdr.dxfer_direction = SG_DXFER_NONE;
837 break;
838 default:
839 return -EINVAL;
840 }
841
842 hdr.dxferp = cgc.buffer;
843 hdr.sbp = cgc.sense;
844 if (hdr.sbp)
845 hdr.mx_sb_len = sizeof(struct request_sense);
846 hdr.timeout = jiffies_to_msecs(cgc.timeout);
847 hdr.cmdp = ((struct cdrom_generic_command __user *) arg)->cmd;
848 hdr.cmd_len = sizeof(cgc.cmd);
849
1e61c1a8 850 err = sg_io(sdev, disk, &hdr, mode);
f2542a3b
CH		 851 if (err == -EFAULT)
852 return -EFAULT;
853
854 if (hdr.status)
855 return -EIO;
856
857 cgc.stat = err;
858 cgc.buflen = hdr.resid;
859 if (scsi_put_cdrom_generic_arg(&cgc, arg))
860 return -EFAULT;
861
862 return err;
863}
864
1e61c1a8 865static int scsi_ioctl_sg_io(struct scsi_device *sdev, struct gendisk *disk,
b2123d3b
CH		 866 fmode_t mode, void __user *argp)
867{
868 struct sg_io_hdr hdr;
869 int error;
870
871 error = get_sg_io_hdr(&hdr, argp);
872 if (error)
873 return error;
1e61c1a8 874 error = sg_io(sdev, disk, &hdr, mode);
b2123d3b
CH		 875 if (error == -EFAULT)
876 return error;
877 if (put_sg_io_hdr(&hdr, argp))
878 return -EFAULT;
04a71cdc 879 return error;
b2123d3b
CH		 880}
881
6fade450
CH		 882/**
883 * scsi_ioctl - Dispatch ioctl to scsi device
884 * @sdev: scsi device receiving ioctl
2e27f576
CH		 885 * @disk: disk receiving the ioctl
886 * @mode: mode the block/char device is opened with
6fade450
CH		 887 * @cmd: which ioctl is it
888 * @arg: data associated with ioctl
889 *
890 * Description: The scsi_ioctl() function differs from most ioctls in that it
891 * does not take a major/minor number as the dev field. Rather, it takes
892 * a pointer to a &struct scsi_device.
893 */
2e27f576
CH		 894int scsi_ioctl(struct scsi_device *sdev, struct gendisk *disk, fmode_t mode,
895 int cmd, void __user *arg)
1da177e4 896{
2e27f576 897 struct request_queue *q = sdev->request_queue;
74a78ebd 898 struct scsi_sense_hdr sense_hdr;
1da177e4 899
1da177e4
LT		 900 /* Check for deprecated ioctls ... all the ioctls which don't
901 * follow the new unique numbering scheme are deprecated */
902 switch (cmd) {
903 case SCSI_IOCTL_SEND_COMMAND:
904 case SCSI_IOCTL_TEST_UNIT_READY:
905 case SCSI_IOCTL_BENCHMARK_COMMAND:
906 case SCSI_IOCTL_SYNC:
907 case SCSI_IOCTL_START_UNIT:
908 case SCSI_IOCTL_STOP_UNIT:
909 printk(KERN_WARNING "program %s is using a deprecated SCSI "
910 "ioctl, please convert it to SG_IO\n", current->comm);
911 break;
912 default:
913 break;
914 }
915
f2542a3b
CH		 916 switch (cmd) {
917 case SG_GET_VERSION_NUM:
918 return sg_get_version(arg);
919 case SG_SET_TIMEOUT:
1e61c1a8 920 return sg_set_timeout(sdev, arg);
f2542a3b 921 case SG_GET_TIMEOUT:
1e61c1a8 922 return jiffies_to_clock_t(sdev->sg_timeout);
f2542a3b 923 case SG_GET_RESERVED_SIZE:
1e61c1a8 924 return sg_get_reserved_size(sdev, arg);
f2542a3b 925 case SG_SET_RESERVED_SIZE:
1e61c1a8 926 return sg_set_reserved_size(sdev, arg);
f2542a3b
CH		 927 case SG_EMULATED_HOST:
928 return sg_emulated_host(q, arg);
b2123d3b 929 case SG_IO:
1e61c1a8 930 return scsi_ioctl_sg_io(sdev, disk, mode, arg);
f2542a3b
CH		 931 case SCSI_IOCTL_SEND_COMMAND:
932 return sg_scsi_ioctl(q, disk, mode, arg);
933 case CDROM_SEND_PACKET:
1e61c1a8 934 return scsi_cdrom_send_packet(sdev, disk, mode, arg);
f2542a3b 935 case CDROMCLOSETRAY:
51476187 936 return scsi_send_start_stop(sdev, 3);
f2542a3b 937 case CDROMEJECT:
51476187 938 return scsi_send_start_stop(sdev, 2);
2102a5cc
CH		 939 case SCSI_IOCTL_GET_IDLUN:
940 return scsi_get_idlun(sdev, arg);
1da177e4
LT		 941 case SCSI_IOCTL_GET_BUS_NUMBER:
942 return put_user(sdev->host->host_no, (int __user *)arg);
943 case SCSI_IOCTL_PROBE_HOST:
944 return ioctl_probe(sdev->host, arg);
1da177e4
LT		 945 case SCSI_IOCTL_DOORLOCK:
946 return scsi_set_medium_removal(sdev, SCSI_REMOVAL_PREVENT);
947 case SCSI_IOCTL_DOORUNLOCK:
948 return scsi_set_medium_removal(sdev, SCSI_REMOVAL_ALLOW);
949 case SCSI_IOCTL_TEST_UNIT_READY:
950 return scsi_test_unit_ready(sdev, IOCTL_NORMAL_TIMEOUT,
74a78ebd 951 NORMAL_RETRIES, &sense_hdr);
1da177e4 952 case SCSI_IOCTL_START_UNIT:
51476187 953 return scsi_send_start_stop(sdev, 1);
1da177e4 954 case SCSI_IOCTL_STOP_UNIT:
51476187 955 return scsi_send_start_stop(sdev, 0);
1da177e4
LT		 956 case SCSI_IOCTL_GET_PCI:
957 return scsi_ioctl_get_pci(sdev, arg);
906d15fb
CH		 958 case SG_SCSI_RESET:
959 return scsi_ioctl_reset(sdev, arg);
1da177e4 960 }
1da177e4 961
7eafd137 962#ifdef CONFIG_COMPAT
6fade450
CH		 963 if (in_compat_syscall()) {
964 if (!sdev->host->hostt->compat_ioctl)
965 return -EINVAL;
7eafd137 966 return sdev->host->hostt->compat_ioctl(sdev, cmd, arg);
6fade450 967 }
7eafd137 968#endif
6fade450
CH		 969 if (!sdev->host->hostt->ioctl)
970 return -EINVAL;
971 return sdev->host->hostt->ioctl(sdev, cmd, arg);
972}
973EXPORT_SYMBOL(scsi_ioctl);
7eafd137 974
906d15fb
CH		 975/*
976 * We can process a reset even when a device isn't fully operable.
1da177e4 977 */
906d15fb
CH		 978int scsi_ioctl_block_when_processing_errors(struct scsi_device *sdev, int cmd,
979 bool ndelay)
1da177e4 980{
906d15fb 981 if (cmd == SG_SCSI_RESET && ndelay) {
939647ee 982 if (scsi_host_in_recovery(sdev->host))
e9afccc5 983 return -EAGAIN;
906d15fb
CH		 984 } else {
985 if (!scsi_block_when_processing_errors(sdev))
986 return -ENODEV;
1da177e4 987 }
906d15fb
CH		 988
989 return 0;
1da177e4 990}
906d15fb 991EXPORT_SYMBOL_GPL(scsi_ioctl_block_when_processing_errors);
Ubuntu Jammy Linux kernel mirror