]>
Commit | Line | Data |
---|---|---|
457c8996 | 1 | // SPDX-License-Identifier: GPL-2.0-only |
1da177e4 LT |
2 | /* |
3 | * Changes: | |
4 | * Arnaldo Carvalho de Melo <acme@conectiva.com.br> 08/23/2000 | |
5 | * - get rid of some verify_areas and use __copy*user and __get/put_user | |
6 | * for the ones that remain | |
7 | */ | |
8 | #include <linux/module.h> | |
9 | #include <linux/blkdev.h> | |
10 | #include <linux/interrupt.h> | |
11 | #include <linux/errno.h> | |
12 | #include <linux/kernel.h> | |
13 | #include <linux/sched.h> | |
14 | #include <linux/mm.h> | |
15 | #include <linux/string.h> | |
7c0f6ba6 | 16 | #include <linux/uaccess.h> |
f2542a3b | 17 | #include <linux/cdrom.h> |
1da177e4 LT |
18 | |
19 | #include <scsi/scsi.h> | |
beb40487 | 20 | #include <scsi/scsi_cmnd.h> |
1da177e4 LT |
21 | #include <scsi/scsi_device.h> |
22 | #include <scsi/scsi_eh.h> | |
23 | #include <scsi/scsi_host.h> | |
24 | #include <scsi/scsi_ioctl.h> | |
1da177e4 LT |
25 | #include <scsi/sg.h> |
26 | #include <scsi/scsi_dbg.h> | |
27 | ||
28 | #include "scsi_logging.h" | |
29 | ||
30 | #define NORMAL_RETRIES 5 | |
31 | #define IOCTL_NORMAL_TIMEOUT (10 * HZ) | |
1da177e4 LT |
32 | |
33 | #define MAX_BUF PAGE_SIZE | |
34 | ||
32993523 CH |
35 | /** |
36 | * ioctl_probe -- return host identification | |
37 | * @host: host to identify | |
38 | * @buffer: userspace buffer for identification | |
39 | * | |
40 | * Return an identifying string at @buffer, if @buffer is non-NULL, filling | |
41 | * to the length stored at * (int *) @buffer. | |
1da177e4 | 42 | */ |
1da177e4 LT |
43 | static int ioctl_probe(struct Scsi_Host *host, void __user *buffer) |
44 | { | |
45 | unsigned int len, slen; | |
46 | const char *string; | |
1da177e4 | 47 | |
32993523 | 48 | if (buffer) { |
1da177e4 LT |
49 | if (get_user(len, (unsigned int __user *) buffer)) |
50 | return -EFAULT; | |
51 | ||
52 | if (host->hostt->info) | |
53 | string = host->hostt->info(host); | |
54 | else | |
55 | string = host->hostt->name; | |
56 | if (string) { | |
57 | slen = strlen(string); | |
58 | if (len > slen) | |
59 | len = slen + 1; | |
60 | if (copy_to_user(buffer, string, len)) | |
61 | return -EFAULT; | |
62 | } | |
63 | } | |
32993523 | 64 | return 1; |
1da177e4 LT |
65 | } |
66 | ||
1da177e4 LT |
67 | static int ioctl_internal_command(struct scsi_device *sdev, char *cmd, |
68 | int timeout, int retries) | |
69 | { | |
1da177e4 LT |
70 | int result; |
71 | struct scsi_sense_hdr sshdr; | |
72 | ||
e5f73ce3 HR |
73 | SCSI_LOG_IOCTL(1, sdev_printk(KERN_INFO, sdev, |
74 | "Trying ioctl with scsi command %d\n", *cmd)); | |
1da177e4 | 75 | |
1cf72699 | 76 | result = scsi_execute_req(sdev, cmd, DMA_NONE, NULL, 0, |
f4f4e47e | 77 | &sshdr, timeout, retries, NULL); |
1da177e4 | 78 | |
e5f73ce3 HR |
79 | SCSI_LOG_IOCTL(2, sdev_printk(KERN_INFO, sdev, |
80 | "Ioctl returned 0x%x\n", result)); | |
1da177e4 | 81 | |
ced202f7 HR |
82 | if (result < 0) |
83 | goto out; | |
464a00c9 | 84 | if (scsi_sense_valid(&sshdr)) { |
1da177e4 LT |
85 | switch (sshdr.sense_key) { |
86 | case ILLEGAL_REQUEST: | |
87 | if (cmd[0] == ALLOW_MEDIUM_REMOVAL) | |
88 | sdev->lockable = 0; | |
89 | else | |
e5f73ce3 HR |
90 | sdev_printk(KERN_INFO, sdev, |
91 | "ioctl_internal_command: " | |
92 | "ILLEGAL REQUEST " | |
93 | "asc=0x%x ascq=0x%x\n", | |
94 | sshdr.asc, sshdr.ascq); | |
1da177e4 LT |
95 | break; |
96 | case NOT_READY: /* This happens if there is no disc in drive */ | |
a75ad3c2 | 97 | if (sdev->removable) |
1da177e4 | 98 | break; |
df561f66 | 99 | fallthrough; |
1da177e4 LT |
100 | case UNIT_ATTENTION: |
101 | if (sdev->removable) { | |
102 | sdev->changed = 1; | |
1cf72699 | 103 | result = 0; /* This is no longer considered an error */ |
1da177e4 LT |
104 | break; |
105 | } | |
df561f66 | 106 | fallthrough; /* for non-removable media */ |
3bf2ff67 | 107 | default: |
9ccfc756 JB |
108 | sdev_printk(KERN_INFO, sdev, |
109 | "ioctl_internal_command return code = %x\n", | |
110 | result); | |
d811b848 | 111 | scsi_print_sense_hdr(sdev, NULL, &sshdr); |
1da177e4 LT |
112 | break; |
113 | } | |
114 | } | |
ced202f7 | 115 | out: |
e5f73ce3 HR |
116 | SCSI_LOG_IOCTL(2, sdev_printk(KERN_INFO, sdev, |
117 | "IOCTL Releasing command\n")); | |
1da177e4 LT |
118 | return result; |
119 | } | |
120 | ||
121 | int scsi_set_medium_removal(struct scsi_device *sdev, char state) | |
122 | { | |
123 | char scsi_cmd[MAX_COMMAND_SIZE]; | |
124 | int ret; | |
125 | ||
126 | if (!sdev->removable || !sdev->lockable) | |
127 | return 0; | |
128 | ||
129 | scsi_cmd[0] = ALLOW_MEDIUM_REMOVAL; | |
130 | scsi_cmd[1] = 0; | |
131 | scsi_cmd[2] = 0; | |
132 | scsi_cmd[3] = 0; | |
133 | scsi_cmd[4] = state; | |
134 | scsi_cmd[5] = 0; | |
135 | ||
136 | ret = ioctl_internal_command(sdev, scsi_cmd, | |
137 | IOCTL_NORMAL_TIMEOUT, NORMAL_RETRIES); | |
138 | if (ret == 0) | |
139 | sdev->locked = (state == SCSI_REMOVAL_PREVENT); | |
140 | return ret; | |
141 | } | |
142 | EXPORT_SYMBOL(scsi_set_medium_removal); | |
143 | ||
1da177e4 LT |
144 | /* |
145 | * The scsi_ioctl_get_pci() function places into arg the value | |
146 | * pci_dev::slot_name (8 characters) for the PCI device (if any). | |
147 | * Returns: 0 on success | |
148 | * -ENXIO if there isn't a PCI device pointer | |
149 | * (could be because the SCSI driver hasn't been | |
150 | * updated yet, or because it isn't a SCSI | |
151 | * device) | |
152 | * any copy_to_user() error on failure there | |
153 | */ | |
154 | static int scsi_ioctl_get_pci(struct scsi_device *sdev, void __user *arg) | |
155 | { | |
156 | struct device *dev = scsi_get_device(sdev->host); | |
71610f55 | 157 | const char *name; |
1da177e4 LT |
158 | |
159 | if (!dev) | |
160 | return -ENXIO; | |
71610f55 KS |
161 | |
162 | name = dev_name(dev); | |
163 | ||
164 | /* compatibility with old ioctl which only returned | |
165 | * 20 characters */ | |
166 | return copy_to_user(arg, name, min(strlen(name), (size_t)20)) | |
167 | ? -EFAULT: 0; | |
1da177e4 LT |
168 | } |
169 | ||
f2542a3b CH |
170 | static int sg_get_version(int __user *p) |
171 | { | |
172 | static const int sg_version_num = 30527; | |
173 | return put_user(sg_version_num, p); | |
174 | } | |
175 | ||
1e61c1a8 | 176 | static int sg_set_timeout(struct scsi_device *sdev, int __user *p) |
f2542a3b CH |
177 | { |
178 | int timeout, err = get_user(timeout, p); | |
179 | ||
180 | if (!err) | |
1e61c1a8 | 181 | sdev->sg_timeout = clock_t_to_jiffies(timeout); |
f2542a3b CH |
182 | |
183 | return err; | |
184 | } | |
185 | ||
1e61c1a8 | 186 | static int sg_get_reserved_size(struct scsi_device *sdev, int __user *p) |
f2542a3b | 187 | { |
1e61c1a8 CH |
188 | int val = min(sdev->sg_reserved_size, |
189 | queue_max_bytes(sdev->request_queue)); | |
f2542a3b CH |
190 | |
191 | return put_user(val, p); | |
192 | } | |
193 | ||
1e61c1a8 | 194 | static int sg_set_reserved_size(struct scsi_device *sdev, int __user *p) |
f2542a3b CH |
195 | { |
196 | int size, err = get_user(size, p); | |
197 | ||
198 | if (err) | |
199 | return err; | |
200 | ||
201 | if (size < 0) | |
202 | return -EINVAL; | |
203 | ||
1e61c1a8 CH |
204 | sdev->sg_reserved_size = min_t(unsigned int, size, |
205 | queue_max_bytes(sdev->request_queue)); | |
f2542a3b CH |
206 | return 0; |
207 | } | |
208 | ||
209 | /* | |
210 | * will always return that we are ATAPI even for a real SCSI drive, I'm not | |
211 | * so sure this is worth doing anything about (why would you care??) | |
212 | */ | |
213 | static int sg_emulated_host(struct request_queue *q, int __user *p) | |
214 | { | |
215 | return put_user(1, p); | |
216 | } | |
217 | ||
2102a5cc CH |
218 | static int scsi_get_idlun(struct scsi_device *sdev, void __user *argp) |
219 | { | |
220 | struct scsi_idlun v = { | |
221 | .dev_id = (sdev->id & 0xff) + | |
222 | ((sdev->lun & 0xff) << 8) + | |
223 | ((sdev->channel & 0xff) << 16) + | |
224 | ((sdev->host->host_no & 0xff) << 24), | |
225 | .host_unique_id = sdev->host->unique_id | |
226 | }; | |
227 | if (copy_to_user(argp, &v, sizeof(struct scsi_idlun))) | |
228 | return -EFAULT; | |
229 | return 0; | |
230 | } | |
231 | ||
51476187 | 232 | static int scsi_send_start_stop(struct scsi_device *sdev, int data) |
f2542a3b | 233 | { |
51476187 | 234 | u8 cdb[MAX_COMMAND_SIZE] = { }; |
f2542a3b | 235 | |
51476187 CH |
236 | cdb[0] = START_STOP; |
237 | cdb[4] = data; | |
238 | return ioctl_internal_command(sdev, cdb, START_STOP_TIMEOUT, | |
239 | NORMAL_RETRIES); | |
f2542a3b CH |
240 | } |
241 | ||
242 | /* | |
243 | * Check if the given command is allowed. | |
244 | * | |
245 | * Only a subset of commands are allowed for unprivileged users. Commands used | |
246 | * to format the media, update the firmware, etc. are not permitted. | |
247 | */ | |
248 | bool scsi_cmd_allowed(unsigned char *cmd, fmode_t mode) | |
249 | { | |
250 | /* root can do any command. */ | |
251 | if (capable(CAP_SYS_RAWIO)) | |
252 | return true; | |
253 | ||
254 | /* Anybody who can open the device can do a read-safe command */ | |
255 | switch (cmd[0]) { | |
256 | /* Basic read-only commands */ | |
257 | case TEST_UNIT_READY: | |
258 | case REQUEST_SENSE: | |
259 | case READ_6: | |
260 | case READ_10: | |
261 | case READ_12: | |
262 | case READ_16: | |
263 | case READ_BUFFER: | |
264 | case READ_DEFECT_DATA: | |
265 | case READ_CAPACITY: /* also GPCMD_READ_CDVD_CAPACITY */ | |
266 | case READ_LONG: | |
267 | case INQUIRY: | |
268 | case MODE_SENSE: | |
269 | case MODE_SENSE_10: | |
270 | case LOG_SENSE: | |
271 | case START_STOP: | |
272 | case GPCMD_VERIFY_10: | |
273 | case VERIFY_16: | |
274 | case REPORT_LUNS: | |
275 | case SERVICE_ACTION_IN_16: | |
276 | case RECEIVE_DIAGNOSTIC: | |
277 | case MAINTENANCE_IN: /* also GPCMD_SEND_KEY, which is a write command */ | |
278 | case GPCMD_READ_BUFFER_CAPACITY: | |
279 | /* Audio CD commands */ | |
280 | case GPCMD_PLAY_CD: | |
281 | case GPCMD_PLAY_AUDIO_10: | |
282 | case GPCMD_PLAY_AUDIO_MSF: | |
283 | case GPCMD_PLAY_AUDIO_TI: | |
284 | case GPCMD_PAUSE_RESUME: | |
285 | /* CD/DVD data reading */ | |
286 | case GPCMD_READ_CD: | |
287 | case GPCMD_READ_CD_MSF: | |
288 | case GPCMD_READ_DISC_INFO: | |
289 | case GPCMD_READ_DVD_STRUCTURE: | |
290 | case GPCMD_READ_HEADER: | |
291 | case GPCMD_READ_TRACK_RZONE_INFO: | |
292 | case GPCMD_READ_SUBCHANNEL: | |
293 | case GPCMD_READ_TOC_PMA_ATIP: | |
294 | case GPCMD_REPORT_KEY: | |
295 | case GPCMD_SCAN: | |
296 | case GPCMD_GET_CONFIGURATION: | |
297 | case GPCMD_READ_FORMAT_CAPACITIES: | |
298 | case GPCMD_GET_EVENT_STATUS_NOTIFICATION: | |
299 | case GPCMD_GET_PERFORMANCE: | |
300 | case GPCMD_SEEK: | |
301 | case GPCMD_STOP_PLAY_SCAN: | |
302 | /* ZBC */ | |
303 | case ZBC_IN: | |
304 | return true; | |
305 | /* Basic writing commands */ | |
306 | case WRITE_6: | |
307 | case WRITE_10: | |
308 | case WRITE_VERIFY: | |
309 | case WRITE_12: | |
310 | case WRITE_VERIFY_12: | |
311 | case WRITE_16: | |
312 | case WRITE_LONG: | |
313 | case WRITE_LONG_2: | |
314 | case WRITE_SAME: | |
315 | case WRITE_SAME_16: | |
316 | case WRITE_SAME_32: | |
317 | case ERASE: | |
318 | case GPCMD_MODE_SELECT_10: | |
319 | case MODE_SELECT: | |
320 | case LOG_SELECT: | |
321 | case GPCMD_BLANK: | |
322 | case GPCMD_CLOSE_TRACK: | |
323 | case GPCMD_FLUSH_CACHE: | |
324 | case GPCMD_FORMAT_UNIT: | |
325 | case GPCMD_REPAIR_RZONE_TRACK: | |
326 | case GPCMD_RESERVE_RZONE_TRACK: | |
327 | case GPCMD_SEND_DVD_STRUCTURE: | |
328 | case GPCMD_SEND_EVENT: | |
329 | case GPCMD_SEND_OPC: | |
330 | case GPCMD_SEND_CUE_SHEET: | |
331 | case GPCMD_SET_SPEED: | |
332 | case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL: | |
333 | case GPCMD_LOAD_UNLOAD: | |
334 | case GPCMD_SET_STREAMING: | |
335 | case GPCMD_SET_READ_AHEAD: | |
336 | /* ZBC */ | |
337 | case ZBC_OUT: | |
338 | return (mode & FMODE_WRITE); | |
339 | default: | |
340 | return false; | |
341 | } | |
342 | } | |
343 | EXPORT_SYMBOL(scsi_cmd_allowed); | |
344 | ||
1e61c1a8 | 345 | static int scsi_fill_sghdr_rq(struct scsi_device *sdev, struct request *rq, |
f2542a3b CH |
346 | struct sg_io_hdr *hdr, fmode_t mode) |
347 | { | |
348 | struct scsi_request *req = scsi_req(rq); | |
349 | ||
8f435ae6 TS |
350 | if (hdr->cmd_len < 6) |
351 | return -EMSGSIZE; | |
f2542a3b CH |
352 | if (copy_from_user(req->cmd, hdr->cmdp, hdr->cmd_len)) |
353 | return -EFAULT; | |
354 | if (!scsi_cmd_allowed(req->cmd, mode)) | |
355 | return -EPERM; | |
356 | ||
357 | /* | |
358 | * fill in request structure | |
359 | */ | |
360 | req->cmd_len = hdr->cmd_len; | |
361 | ||
362 | rq->timeout = msecs_to_jiffies(hdr->timeout); | |
363 | if (!rq->timeout) | |
1e61c1a8 | 364 | rq->timeout = sdev->sg_timeout; |
f2542a3b CH |
365 | if (!rq->timeout) |
366 | rq->timeout = BLK_DEFAULT_SG_TIMEOUT; | |
367 | if (rq->timeout < BLK_MIN_SG_TIMEOUT) | |
368 | rq->timeout = BLK_MIN_SG_TIMEOUT; | |
369 | ||
370 | return 0; | |
371 | } | |
372 | ||
373 | static int scsi_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr, | |
374 | struct bio *bio) | |
375 | { | |
376 | struct scsi_request *req = scsi_req(rq); | |
377 | int r, ret = 0; | |
378 | ||
379 | /* | |
380 | * fill in all the output members | |
381 | */ | |
382 | hdr->status = req->result & 0xff; | |
383 | hdr->masked_status = status_byte(req->result); | |
384 | hdr->msg_status = COMMAND_COMPLETE; | |
385 | hdr->host_status = host_byte(req->result); | |
386 | hdr->driver_status = 0; | |
387 | if (scsi_status_is_check_condition(hdr->status)) | |
388 | hdr->driver_status = DRIVER_SENSE; | |
389 | hdr->info = 0; | |
390 | if (hdr->masked_status || hdr->host_status || hdr->driver_status) | |
391 | hdr->info |= SG_INFO_CHECK; | |
392 | hdr->resid = req->resid_len; | |
393 | hdr->sb_len_wr = 0; | |
394 | ||
395 | if (req->sense_len && hdr->sbp) { | |
396 | int len = min((unsigned int) hdr->mx_sb_len, req->sense_len); | |
397 | ||
398 | if (!copy_to_user(hdr->sbp, req->sense, len)) | |
399 | hdr->sb_len_wr = len; | |
400 | else | |
401 | ret = -EFAULT; | |
402 | } | |
403 | ||
404 | r = blk_rq_unmap_user(bio); | |
405 | if (!ret) | |
406 | ret = r; | |
407 | ||
408 | return ret; | |
409 | } | |
410 | ||
1e61c1a8 | 411 | static int sg_io(struct scsi_device *sdev, struct gendisk *disk, |
f2542a3b CH |
412 | struct sg_io_hdr *hdr, fmode_t mode) |
413 | { | |
414 | unsigned long start_time; | |
415 | ssize_t ret = 0; | |
416 | int writing = 0; | |
417 | int at_head = 0; | |
418 | struct request *rq; | |
419 | struct scsi_request *req; | |
420 | struct bio *bio; | |
421 | ||
422 | if (hdr->interface_id != 'S') | |
423 | return -EINVAL; | |
424 | ||
1e61c1a8 | 425 | if (hdr->dxfer_len > (queue_max_hw_sectors(sdev->request_queue) << 9)) |
f2542a3b CH |
426 | return -EIO; |
427 | ||
428 | if (hdr->dxfer_len) | |
429 | switch (hdr->dxfer_direction) { | |
430 | default: | |
431 | return -EINVAL; | |
432 | case SG_DXFER_TO_DEV: | |
433 | writing = 1; | |
434 | break; | |
435 | case SG_DXFER_TO_FROM_DEV: | |
436 | case SG_DXFER_FROM_DEV: | |
437 | break; | |
438 | } | |
439 | if (hdr->flags & SG_FLAG_Q_AT_HEAD) | |
440 | at_head = 1; | |
441 | ||
442 | ret = -ENOMEM; | |
1e61c1a8 CH |
443 | rq = blk_get_request(sdev->request_queue, writing ? |
444 | REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0); | |
f2542a3b CH |
445 | if (IS_ERR(rq)) |
446 | return PTR_ERR(rq); | |
447 | req = scsi_req(rq); | |
448 | ||
449 | if (hdr->cmd_len > BLK_MAX_CDB) { | |
450 | req->cmd = kzalloc(hdr->cmd_len, GFP_KERNEL); | |
451 | if (!req->cmd) | |
452 | goto out_put_request; | |
453 | } | |
454 | ||
1e61c1a8 | 455 | ret = scsi_fill_sghdr_rq(sdev, rq, hdr, mode); |
f2542a3b CH |
456 | if (ret < 0) |
457 | goto out_free_cdb; | |
458 | ||
459 | ret = 0; | |
460 | if (hdr->iovec_count) { | |
461 | struct iov_iter i; | |
462 | struct iovec *iov = NULL; | |
463 | ||
464 | ret = import_iovec(rq_data_dir(rq), hdr->dxferp, | |
465 | hdr->iovec_count, 0, &iov, &i); | |
466 | if (ret < 0) | |
467 | goto out_free_cdb; | |
468 | ||
469 | /* SG_IO howto says that the shorter of the two wins */ | |
470 | iov_iter_truncate(&i, hdr->dxfer_len); | |
471 | ||
1e61c1a8 | 472 | ret = blk_rq_map_user_iov(rq->q, rq, NULL, &i, GFP_KERNEL); |
f2542a3b CH |
473 | kfree(iov); |
474 | } else if (hdr->dxfer_len) | |
1e61c1a8 CH |
475 | ret = blk_rq_map_user(rq->q, rq, NULL, hdr->dxferp, |
476 | hdr->dxfer_len, GFP_KERNEL); | |
f2542a3b CH |
477 | |
478 | if (ret) | |
479 | goto out_free_cdb; | |
480 | ||
481 | bio = rq->bio; | |
482 | req->retries = 0; | |
483 | ||
484 | start_time = jiffies; | |
485 | ||
1e61c1a8 | 486 | blk_execute_rq(disk, rq, at_head); |
f2542a3b CH |
487 | |
488 | hdr->duration = jiffies_to_msecs(jiffies - start_time); | |
489 | ||
490 | ret = scsi_complete_sghdr_rq(rq, hdr, bio); | |
491 | ||
492 | out_free_cdb: | |
493 | scsi_req_free_cmd(req); | |
494 | out_put_request: | |
495 | blk_put_request(rq); | |
496 | return ret; | |
497 | } | |
498 | ||
499 | /** | |
500 | * sg_scsi_ioctl -- handle deprecated SCSI_IOCTL_SEND_COMMAND ioctl | |
501 | * @q: request queue to send scsi commands down | |
502 | * @disk: gendisk to operate on (option) | |
503 | * @mode: mode used to open the file through which the ioctl has been | |
504 | * submitted | |
505 | * @sic: userspace structure describing the command to perform | |
506 | * | |
507 | * Send down the scsi command described by @sic to the device below | |
508 | * the request queue @q. If @file is non-NULL it's used to perform | |
509 | * fine-grained permission checks that allow users to send down | |
510 | * non-destructive SCSI commands. If the caller has a struct gendisk | |
511 | * available it should be passed in as @disk to allow the low level | |
512 | * driver to use the information contained in it. A non-NULL @disk | |
513 | * is only allowed if the caller knows that the low level driver doesn't | |
514 | * need it (e.g. in the scsi subsystem). | |
515 | * | |
516 | * Notes: | |
517 | * - This interface is deprecated - users should use the SG_IO | |
518 | * interface instead, as this is a more flexible approach to | |
519 | * performing SCSI commands on a device. | |
520 | * - The SCSI command length is determined by examining the 1st byte | |
521 | * of the given command. There is no way to override this. | |
522 | * - Data transfers are limited to PAGE_SIZE | |
523 | * - The length (x + y) must be at least OMAX_SB_LEN bytes long to | |
524 | * accommodate the sense buffer when an error occurs. | |
525 | * The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that | |
526 | * old code will not be surprised. | |
527 | * - If a Unix error occurs (e.g. ENOMEM) then the user will receive | |
528 | * a negative return and the Unix error code in 'errno'. | |
529 | * If the SCSI command succeeds then 0 is returned. | |
530 | * Positive numbers returned are the compacted SCSI error codes (4 | |
531 | * bytes in one int) where the lowest byte is the SCSI status. | |
532 | */ | |
08dc2f9b CH |
533 | static int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, |
534 | fmode_t mode, struct scsi_ioctl_command __user *sic) | |
f2542a3b CH |
535 | { |
536 | enum { OMAX_SB_LEN = 16 }; /* For backward compatibility */ | |
537 | struct request *rq; | |
538 | struct scsi_request *req; | |
539 | int err; | |
540 | unsigned int in_len, out_len, bytes, opcode, cmdlen; | |
541 | char *buffer = NULL; | |
542 | ||
543 | if (!sic) | |
544 | return -EINVAL; | |
545 | ||
546 | /* | |
547 | * get in an out lengths, verify they don't exceed a page worth of data | |
548 | */ | |
549 | if (get_user(in_len, &sic->inlen)) | |
550 | return -EFAULT; | |
551 | if (get_user(out_len, &sic->outlen)) | |
552 | return -EFAULT; | |
553 | if (in_len > PAGE_SIZE || out_len > PAGE_SIZE) | |
554 | return -EINVAL; | |
555 | if (get_user(opcode, sic->data)) | |
556 | return -EFAULT; | |
557 | ||
558 | bytes = max(in_len, out_len); | |
559 | if (bytes) { | |
560 | buffer = kzalloc(bytes, GFP_NOIO | GFP_USER | __GFP_NOWARN); | |
561 | if (!buffer) | |
562 | return -ENOMEM; | |
563 | ||
564 | } | |
565 | ||
566 | rq = blk_get_request(q, in_len ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0); | |
567 | if (IS_ERR(rq)) { | |
568 | err = PTR_ERR(rq); | |
569 | goto error_free_buffer; | |
570 | } | |
571 | req = scsi_req(rq); | |
572 | ||
573 | cmdlen = COMMAND_SIZE(opcode); | |
574 | ||
575 | /* | |
576 | * get command and data to send to device, if any | |
577 | */ | |
578 | err = -EFAULT; | |
579 | req->cmd_len = cmdlen; | |
580 | if (copy_from_user(req->cmd, sic->data, cmdlen)) | |
581 | goto error; | |
582 | ||
583 | if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) | |
584 | goto error; | |
585 | ||
586 | err = -EPERM; | |
587 | if (!scsi_cmd_allowed(req->cmd, mode)) | |
588 | goto error; | |
589 | ||
590 | /* default. possible overridden later */ | |
591 | req->retries = 5; | |
592 | ||
593 | switch (opcode) { | |
594 | case SEND_DIAGNOSTIC: | |
595 | case FORMAT_UNIT: | |
596 | rq->timeout = FORMAT_UNIT_TIMEOUT; | |
597 | req->retries = 1; | |
598 | break; | |
599 | case START_STOP: | |
600 | rq->timeout = START_STOP_TIMEOUT; | |
601 | break; | |
602 | case MOVE_MEDIUM: | |
603 | rq->timeout = MOVE_MEDIUM_TIMEOUT; | |
604 | break; | |
605 | case READ_ELEMENT_STATUS: | |
606 | rq->timeout = READ_ELEMENT_STATUS_TIMEOUT; | |
607 | break; | |
608 | case READ_DEFECT_DATA: | |
609 | rq->timeout = READ_DEFECT_DATA_TIMEOUT; | |
610 | req->retries = 1; | |
611 | break; | |
612 | default: | |
613 | rq->timeout = BLK_DEFAULT_SG_TIMEOUT; | |
614 | break; | |
615 | } | |
616 | ||
617 | if (bytes) { | |
618 | err = blk_rq_map_kern(q, rq, buffer, bytes, GFP_NOIO); | |
619 | if (err) | |
620 | goto error; | |
621 | } | |
622 | ||
623 | blk_execute_rq(disk, rq, 0); | |
624 | ||
625 | err = req->result & 0xff; /* only 8 bit SCSI status */ | |
626 | if (err) { | |
627 | if (req->sense_len && req->sense) { | |
628 | bytes = (OMAX_SB_LEN > req->sense_len) ? | |
629 | req->sense_len : OMAX_SB_LEN; | |
630 | if (copy_to_user(sic->data, req->sense, bytes)) | |
631 | err = -EFAULT; | |
632 | } | |
633 | } else { | |
634 | if (copy_to_user(sic->data, buffer, out_len)) | |
635 | err = -EFAULT; | |
636 | } | |
637 | ||
638 | error: | |
639 | blk_put_request(rq); | |
640 | ||
641 | error_free_buffer: | |
642 | kfree(buffer); | |
643 | ||
644 | return err; | |
645 | } | |
f2542a3b CH |
646 | |
647 | int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp) | |
648 | { | |
649 | #ifdef CONFIG_COMPAT | |
650 | if (in_compat_syscall()) { | |
651 | struct compat_sg_io_hdr hdr32 = { | |
652 | .interface_id = hdr->interface_id, | |
653 | .dxfer_direction = hdr->dxfer_direction, | |
654 | .cmd_len = hdr->cmd_len, | |
655 | .mx_sb_len = hdr->mx_sb_len, | |
656 | .iovec_count = hdr->iovec_count, | |
657 | .dxfer_len = hdr->dxfer_len, | |
658 | .dxferp = (uintptr_t)hdr->dxferp, | |
659 | .cmdp = (uintptr_t)hdr->cmdp, | |
660 | .sbp = (uintptr_t)hdr->sbp, | |
661 | .timeout = hdr->timeout, | |
662 | .flags = hdr->flags, | |
663 | .pack_id = hdr->pack_id, | |
664 | .usr_ptr = (uintptr_t)hdr->usr_ptr, | |
665 | .status = hdr->status, | |
666 | .masked_status = hdr->masked_status, | |
667 | .msg_status = hdr->msg_status, | |
668 | .sb_len_wr = hdr->sb_len_wr, | |
669 | .host_status = hdr->host_status, | |
670 | .driver_status = hdr->driver_status, | |
671 | .resid = hdr->resid, | |
672 | .duration = hdr->duration, | |
673 | .info = hdr->info, | |
674 | }; | |
675 | ||
676 | if (copy_to_user(argp, &hdr32, sizeof(hdr32))) | |
677 | return -EFAULT; | |
678 | ||
679 | return 0; | |
680 | } | |
681 | #endif | |
682 | ||
683 | if (copy_to_user(argp, hdr, sizeof(*hdr))) | |
684 | return -EFAULT; | |
685 | ||
686 | return 0; | |
687 | } | |
688 | EXPORT_SYMBOL(put_sg_io_hdr); | |
689 | ||
690 | int get_sg_io_hdr(struct sg_io_hdr *hdr, const void __user *argp) | |
691 | { | |
692 | #ifdef CONFIG_COMPAT | |
693 | struct compat_sg_io_hdr hdr32; | |
694 | ||
695 | if (in_compat_syscall()) { | |
696 | if (copy_from_user(&hdr32, argp, sizeof(hdr32))) | |
697 | return -EFAULT; | |
698 | ||
699 | *hdr = (struct sg_io_hdr) { | |
700 | .interface_id = hdr32.interface_id, | |
701 | .dxfer_direction = hdr32.dxfer_direction, | |
702 | .cmd_len = hdr32.cmd_len, | |
703 | .mx_sb_len = hdr32.mx_sb_len, | |
704 | .iovec_count = hdr32.iovec_count, | |
705 | .dxfer_len = hdr32.dxfer_len, | |
706 | .dxferp = compat_ptr(hdr32.dxferp), | |
707 | .cmdp = compat_ptr(hdr32.cmdp), | |
708 | .sbp = compat_ptr(hdr32.sbp), | |
709 | .timeout = hdr32.timeout, | |
710 | .flags = hdr32.flags, | |
711 | .pack_id = hdr32.pack_id, | |
712 | .usr_ptr = compat_ptr(hdr32.usr_ptr), | |
713 | .status = hdr32.status, | |
714 | .masked_status = hdr32.masked_status, | |
715 | .msg_status = hdr32.msg_status, | |
716 | .sb_len_wr = hdr32.sb_len_wr, | |
717 | .host_status = hdr32.host_status, | |
718 | .driver_status = hdr32.driver_status, | |
719 | .resid = hdr32.resid, | |
720 | .duration = hdr32.duration, | |
721 | .info = hdr32.info, | |
722 | }; | |
723 | ||
724 | return 0; | |
725 | } | |
726 | #endif | |
727 | ||
728 | if (copy_from_user(hdr, argp, sizeof(*hdr))) | |
729 | return -EFAULT; | |
730 | ||
731 | return 0; | |
732 | } | |
733 | EXPORT_SYMBOL(get_sg_io_hdr); | |
734 | ||
735 | #ifdef CONFIG_COMPAT | |
736 | struct compat_cdrom_generic_command { | |
737 | unsigned char cmd[CDROM_PACKET_SIZE]; | |
738 | compat_caddr_t buffer; | |
739 | compat_uint_t buflen; | |
740 | compat_int_t stat; | |
741 | compat_caddr_t sense; | |
742 | unsigned char data_direction; | |
743 | unsigned char pad[3]; | |
744 | compat_int_t quiet; | |
745 | compat_int_t timeout; | |
746 | compat_caddr_t unused; | |
747 | }; | |
748 | #endif | |
749 | ||
750 | static int scsi_get_cdrom_generic_arg(struct cdrom_generic_command *cgc, | |
751 | const void __user *arg) | |
752 | { | |
753 | #ifdef CONFIG_COMPAT | |
754 | if (in_compat_syscall()) { | |
755 | struct compat_cdrom_generic_command cgc32; | |
756 | ||
757 | if (copy_from_user(&cgc32, arg, sizeof(cgc32))) | |
758 | return -EFAULT; | |
759 | ||
760 | *cgc = (struct cdrom_generic_command) { | |
761 | .buffer = compat_ptr(cgc32.buffer), | |
762 | .buflen = cgc32.buflen, | |
763 | .stat = cgc32.stat, | |
764 | .sense = compat_ptr(cgc32.sense), | |
765 | .data_direction = cgc32.data_direction, | |
766 | .quiet = cgc32.quiet, | |
767 | .timeout = cgc32.timeout, | |
768 | .unused = compat_ptr(cgc32.unused), | |
769 | }; | |
770 | memcpy(&cgc->cmd, &cgc32.cmd, CDROM_PACKET_SIZE); | |
771 | return 0; | |
772 | } | |
773 | #endif | |
774 | if (copy_from_user(cgc, arg, sizeof(*cgc))) | |
775 | return -EFAULT; | |
776 | ||
777 | return 0; | |
778 | } | |
779 | ||
780 | static int scsi_put_cdrom_generic_arg(const struct cdrom_generic_command *cgc, | |
781 | void __user *arg) | |
782 | { | |
783 | #ifdef CONFIG_COMPAT | |
784 | if (in_compat_syscall()) { | |
785 | struct compat_cdrom_generic_command cgc32 = { | |
786 | .buffer = (uintptr_t)(cgc->buffer), | |
787 | .buflen = cgc->buflen, | |
788 | .stat = cgc->stat, | |
789 | .sense = (uintptr_t)(cgc->sense), | |
790 | .data_direction = cgc->data_direction, | |
791 | .quiet = cgc->quiet, | |
792 | .timeout = cgc->timeout, | |
793 | .unused = (uintptr_t)(cgc->unused), | |
794 | }; | |
795 | memcpy(&cgc32.cmd, &cgc->cmd, CDROM_PACKET_SIZE); | |
796 | ||
797 | if (copy_to_user(arg, &cgc32, sizeof(cgc32))) | |
798 | return -EFAULT; | |
799 | ||
800 | return 0; | |
801 | } | |
802 | #endif | |
803 | if (copy_to_user(arg, cgc, sizeof(*cgc))) | |
804 | return -EFAULT; | |
805 | ||
806 | return 0; | |
807 | } | |
808 | ||
1e61c1a8 CH |
809 | static int scsi_cdrom_send_packet(struct scsi_device *sdev, struct gendisk *disk, |
810 | fmode_t mode, void __user *arg) | |
f2542a3b CH |
811 | { |
812 | struct cdrom_generic_command cgc; | |
813 | struct sg_io_hdr hdr; | |
814 | int err; | |
815 | ||
816 | err = scsi_get_cdrom_generic_arg(&cgc, arg); | |
817 | if (err) | |
818 | return err; | |
819 | ||
820 | cgc.timeout = clock_t_to_jiffies(cgc.timeout); | |
821 | memset(&hdr, 0, sizeof(hdr)); | |
822 | hdr.interface_id = 'S'; | |
823 | hdr.cmd_len = sizeof(cgc.cmd); | |
824 | hdr.dxfer_len = cgc.buflen; | |
825 | switch (cgc.data_direction) { | |
826 | case CGC_DATA_UNKNOWN: | |
827 | hdr.dxfer_direction = SG_DXFER_UNKNOWN; | |
828 | break; | |
829 | case CGC_DATA_WRITE: | |
830 | hdr.dxfer_direction = SG_DXFER_TO_DEV; | |
831 | break; | |
832 | case CGC_DATA_READ: | |
833 | hdr.dxfer_direction = SG_DXFER_FROM_DEV; | |
834 | break; | |
835 | case CGC_DATA_NONE: | |
836 | hdr.dxfer_direction = SG_DXFER_NONE; | |
837 | break; | |
838 | default: | |
839 | return -EINVAL; | |
840 | } | |
841 | ||
842 | hdr.dxferp = cgc.buffer; | |
843 | hdr.sbp = cgc.sense; | |
844 | if (hdr.sbp) | |
845 | hdr.mx_sb_len = sizeof(struct request_sense); | |
846 | hdr.timeout = jiffies_to_msecs(cgc.timeout); | |
847 | hdr.cmdp = ((struct cdrom_generic_command __user *) arg)->cmd; | |
848 | hdr.cmd_len = sizeof(cgc.cmd); | |
849 | ||
1e61c1a8 | 850 | err = sg_io(sdev, disk, &hdr, mode); |
f2542a3b CH |
851 | if (err == -EFAULT) |
852 | return -EFAULT; | |
853 | ||
854 | if (hdr.status) | |
855 | return -EIO; | |
856 | ||
857 | cgc.stat = err; | |
858 | cgc.buflen = hdr.resid; | |
859 | if (scsi_put_cdrom_generic_arg(&cgc, arg)) | |
860 | return -EFAULT; | |
861 | ||
862 | return err; | |
863 | } | |
864 | ||
1e61c1a8 | 865 | static int scsi_ioctl_sg_io(struct scsi_device *sdev, struct gendisk *disk, |
b2123d3b CH |
866 | fmode_t mode, void __user *argp) |
867 | { | |
868 | struct sg_io_hdr hdr; | |
869 | int error; | |
870 | ||
871 | error = get_sg_io_hdr(&hdr, argp); | |
872 | if (error) | |
873 | return error; | |
1e61c1a8 | 874 | error = sg_io(sdev, disk, &hdr, mode); |
b2123d3b CH |
875 | if (error == -EFAULT) |
876 | return error; | |
877 | if (put_sg_io_hdr(&hdr, argp)) | |
878 | return -EFAULT; | |
04a71cdc | 879 | return error; |
b2123d3b CH |
880 | } |
881 | ||
6fade450 CH |
882 | /** |
883 | * scsi_ioctl - Dispatch ioctl to scsi device | |
884 | * @sdev: scsi device receiving ioctl | |
2e27f576 CH |
885 | * @disk: disk receiving the ioctl |
886 | * @mode: mode the block/char device is opened with | |
6fade450 CH |
887 | * @cmd: which ioctl is it |
888 | * @arg: data associated with ioctl | |
889 | * | |
890 | * Description: The scsi_ioctl() function differs from most ioctls in that it | |
891 | * does not take a major/minor number as the dev field. Rather, it takes | |
892 | * a pointer to a &struct scsi_device. | |
893 | */ | |
2e27f576 CH |
894 | int scsi_ioctl(struct scsi_device *sdev, struct gendisk *disk, fmode_t mode, |
895 | int cmd, void __user *arg) | |
1da177e4 | 896 | { |
2e27f576 | 897 | struct request_queue *q = sdev->request_queue; |
74a78ebd | 898 | struct scsi_sense_hdr sense_hdr; |
1da177e4 | 899 | |
1da177e4 LT |
900 | /* Check for deprecated ioctls ... all the ioctls which don't |
901 | * follow the new unique numbering scheme are deprecated */ | |
902 | switch (cmd) { | |
903 | case SCSI_IOCTL_SEND_COMMAND: | |
904 | case SCSI_IOCTL_TEST_UNIT_READY: | |
905 | case SCSI_IOCTL_BENCHMARK_COMMAND: | |
906 | case SCSI_IOCTL_SYNC: | |
907 | case SCSI_IOCTL_START_UNIT: | |
908 | case SCSI_IOCTL_STOP_UNIT: | |
909 | printk(KERN_WARNING "program %s is using a deprecated SCSI " | |
910 | "ioctl, please convert it to SG_IO\n", current->comm); | |
911 | break; | |
912 | default: | |
913 | break; | |
914 | } | |
915 | ||
f2542a3b CH |
916 | switch (cmd) { |
917 | case SG_GET_VERSION_NUM: | |
918 | return sg_get_version(arg); | |
919 | case SG_SET_TIMEOUT: | |
1e61c1a8 | 920 | return sg_set_timeout(sdev, arg); |
f2542a3b | 921 | case SG_GET_TIMEOUT: |
1e61c1a8 | 922 | return jiffies_to_clock_t(sdev->sg_timeout); |
f2542a3b | 923 | case SG_GET_RESERVED_SIZE: |
1e61c1a8 | 924 | return sg_get_reserved_size(sdev, arg); |
f2542a3b | 925 | case SG_SET_RESERVED_SIZE: |
1e61c1a8 | 926 | return sg_set_reserved_size(sdev, arg); |
f2542a3b CH |
927 | case SG_EMULATED_HOST: |
928 | return sg_emulated_host(q, arg); | |
b2123d3b | 929 | case SG_IO: |
1e61c1a8 | 930 | return scsi_ioctl_sg_io(sdev, disk, mode, arg); |
f2542a3b CH |
931 | case SCSI_IOCTL_SEND_COMMAND: |
932 | return sg_scsi_ioctl(q, disk, mode, arg); | |
933 | case CDROM_SEND_PACKET: | |
1e61c1a8 | 934 | return scsi_cdrom_send_packet(sdev, disk, mode, arg); |
f2542a3b | 935 | case CDROMCLOSETRAY: |
51476187 | 936 | return scsi_send_start_stop(sdev, 3); |
f2542a3b | 937 | case CDROMEJECT: |
51476187 | 938 | return scsi_send_start_stop(sdev, 2); |
2102a5cc CH |
939 | case SCSI_IOCTL_GET_IDLUN: |
940 | return scsi_get_idlun(sdev, arg); | |
1da177e4 LT |
941 | case SCSI_IOCTL_GET_BUS_NUMBER: |
942 | return put_user(sdev->host->host_no, (int __user *)arg); | |
943 | case SCSI_IOCTL_PROBE_HOST: | |
944 | return ioctl_probe(sdev->host, arg); | |
1da177e4 LT |
945 | case SCSI_IOCTL_DOORLOCK: |
946 | return scsi_set_medium_removal(sdev, SCSI_REMOVAL_PREVENT); | |
947 | case SCSI_IOCTL_DOORUNLOCK: | |
948 | return scsi_set_medium_removal(sdev, SCSI_REMOVAL_ALLOW); | |
949 | case SCSI_IOCTL_TEST_UNIT_READY: | |
950 | return scsi_test_unit_ready(sdev, IOCTL_NORMAL_TIMEOUT, | |
74a78ebd | 951 | NORMAL_RETRIES, &sense_hdr); |
1da177e4 | 952 | case SCSI_IOCTL_START_UNIT: |
51476187 | 953 | return scsi_send_start_stop(sdev, 1); |
1da177e4 | 954 | case SCSI_IOCTL_STOP_UNIT: |
51476187 | 955 | return scsi_send_start_stop(sdev, 0); |
1da177e4 LT |
956 | case SCSI_IOCTL_GET_PCI: |
957 | return scsi_ioctl_get_pci(sdev, arg); | |
906d15fb CH |
958 | case SG_SCSI_RESET: |
959 | return scsi_ioctl_reset(sdev, arg); | |
1da177e4 | 960 | } |
1da177e4 | 961 | |
7eafd137 | 962 | #ifdef CONFIG_COMPAT |
6fade450 CH |
963 | if (in_compat_syscall()) { |
964 | if (!sdev->host->hostt->compat_ioctl) | |
965 | return -EINVAL; | |
7eafd137 | 966 | return sdev->host->hostt->compat_ioctl(sdev, cmd, arg); |
6fade450 | 967 | } |
7eafd137 | 968 | #endif |
6fade450 CH |
969 | if (!sdev->host->hostt->ioctl) |
970 | return -EINVAL; | |
971 | return sdev->host->hostt->ioctl(sdev, cmd, arg); | |
972 | } | |
973 | EXPORT_SYMBOL(scsi_ioctl); | |
7eafd137 | 974 | |
906d15fb CH |
975 | /* |
976 | * We can process a reset even when a device isn't fully operable. | |
1da177e4 | 977 | */ |
906d15fb CH |
978 | int scsi_ioctl_block_when_processing_errors(struct scsi_device *sdev, int cmd, |
979 | bool ndelay) | |
1da177e4 | 980 | { |
906d15fb | 981 | if (cmd == SG_SCSI_RESET && ndelay) { |
939647ee | 982 | if (scsi_host_in_recovery(sdev->host)) |
e9afccc5 | 983 | return -EAGAIN; |
906d15fb CH |
984 | } else { |
985 | if (!scsi_block_when_processing_errors(sdev)) | |
986 | return -ENODEV; | |
1da177e4 | 987 | } |
906d15fb CH |
988 | |
989 | return 0; | |
1da177e4 | 990 | } |
906d15fb | 991 | EXPORT_SYMBOL_GPL(scsi_ioctl_block_when_processing_errors); |