]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blob - drivers/scsi/ch.c
projects / mirror_ubuntu-jammy-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
scsi: target: tcmu: Fix possible page UAF
[mirror_ubuntu-jammy-kernel.git] / drivers / scsi / ch.c
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * SCSI Media Changer device driver for Linux 2.6
4 *
5 * (c) 1996-2003 Gerd Knorr <kraxel@bytesex.org>
6 *
7 */
8
9 #define VERSION "0.25"
10
11 #include <linux/module.h>
12 #include <linux/init.h>
13 #include <linux/fs.h>
14 #include <linux/kernel.h>
15 #include <linux/mm.h>
16 #include <linux/major.h>
17 #include <linux/string.h>
18 #include <linux/errno.h>
19 #include <linux/interrupt.h>
20 #include <linux/blkdev.h>
21 #include <linux/completion.h>
22 #include <linux/compat.h>
23 #include <linux/chio.h> /* here are all the ioctls */
24 #include <linux/mutex.h>
25 #include <linux/idr.h>
26 #include <linux/slab.h>
27
28 #include <scsi/scsi.h>
29 #include <scsi/scsi_cmnd.h>
30 #include <scsi/scsi_driver.h>
31 #include <scsi/scsi_ioctl.h>
32 #include <scsi/scsi_host.h>
33 #include <scsi/scsi_device.h>
34 #include <scsi/scsi_eh.h>
35 #include <scsi/scsi_dbg.h>
36
37 #define CH_DT_MAX 16
38 #define CH_TYPES 8
39 #define CH_MAX_DEVS 128
40
41 MODULE_DESCRIPTION("device driver for scsi media changer devices");
42 MODULE_AUTHOR("Gerd Knorr <kraxel@bytesex.org>");
43 MODULE_LICENSE("GPL");
44 MODULE_ALIAS_CHARDEV_MAJOR(SCSI_CHANGER_MAJOR);
45 MODULE_ALIAS_SCSI_DEVICE(TYPE_MEDIUM_CHANGER);
46
47 static int init = 1;
48 module_param(init, int, 0444);
49 MODULE_PARM_DESC(init, \
50 "initialize element status on driver load (default: on)");
51
52 static int timeout_move = 300;
53 module_param(timeout_move, int, 0644);
54 MODULE_PARM_DESC(timeout_move,"timeout for move commands "
55 "(default: 300 seconds)");
56
57 static int timeout_init = 3600;
58 module_param(timeout_init, int, 0644);
59 MODULE_PARM_DESC(timeout_init,"timeout for INITIALIZE ELEMENT STATUS "
60 "(default: 3600 seconds)");
61
62 static int verbose = 1;
63 module_param(verbose, int, 0644);
64 MODULE_PARM_DESC(verbose,"be verbose (default: on)");
65
66 static int debug = 0;
67 module_param(debug, int, 0644);
68 MODULE_PARM_DESC(debug,"enable/disable debug messages, also prints more "
69 "detailed sense codes on scsi errors (default: off)");
70
71 static int dt_id[CH_DT_MAX] = { [ 0 ... (CH_DT_MAX-1) ] = -1 };
72 static int dt_lun[CH_DT_MAX];
73 module_param_array(dt_id, int, NULL, 0444);
74 module_param_array(dt_lun, int, NULL, 0444);
75
76 /* tell the driver about vendor-specific slots */
77 static int vendor_firsts[CH_TYPES-4];
78 static int vendor_counts[CH_TYPES-4];
79 module_param_array(vendor_firsts, int, NULL, 0444);
80 module_param_array(vendor_counts, int, NULL, 0444);
81
82 static const char * vendor_labels[CH_TYPES-4] = {
83 "v0", "v1", "v2", "v3"
84 };
85 // module_param_string_array(vendor_labels, NULL, 0444);
86
87 #define ch_printk(prefix, ch, fmt, a...) \
88 sdev_prefix_printk(prefix, (ch)->device, (ch)->name, fmt, ##a)
89
90 #define DPRINTK(fmt, arg...) \
91 do { \
92 if (debug) \
93 ch_printk(KERN_DEBUG, ch, fmt, ##arg); \
94 } while (0)
95 #define VPRINTK(level, fmt, arg...) \
96 do { \
97 if (verbose) \
98 ch_printk(level, ch, fmt, ##arg); \
99 } while (0)
100
101 /* ------------------------------------------------------------------- */
102
103 #define MAX_RETRIES 1
104
105 static struct class * ch_sysfs_class;
106
107 typedef struct {
108 struct kref ref;
109 struct list_head list;
110 int minor;
111 char name[8];
112 struct scsi_device *device;
113 struct scsi_device **dt; /* ptrs to data transfer elements */
114 u_int firsts[CH_TYPES];
115 u_int counts[CH_TYPES];
116 u_int unit_attention;
117 u_int voltags;
118 struct mutex lock;
119 } scsi_changer;
120
121 static DEFINE_IDR(ch_index_idr);
122 static DEFINE_SPINLOCK(ch_index_lock);
123
124 static const struct {
125 unsigned char sense;
126 unsigned char asc;
127 unsigned char ascq;
128 int errno;
129 } ch_err[] = {
130 /* Just filled in what looks right. Hav'nt checked any standard paper for
131 these errno assignments, so they may be wrong... */
132 {
133 .sense = ILLEGAL_REQUEST,
134 .asc = 0x21,
135 .ascq = 0x01,
136 .errno = EBADSLT, /* Invalid element address */
137 },{
138 .sense = ILLEGAL_REQUEST,
139 .asc = 0x28,
140 .ascq = 0x01,
141 .errno = EBADE, /* Import or export element accessed */
142 },{
143 .sense = ILLEGAL_REQUEST,
144 .asc = 0x3B,
145 .ascq = 0x0D,
146 .errno = EXFULL, /* Medium destination element full */
147 },{
148 .sense = ILLEGAL_REQUEST,
149 .asc = 0x3B,
150 .ascq = 0x0E,
151 .errno = EBADE, /* Medium source element empty */
152 },{
153 .sense = ILLEGAL_REQUEST,
154 .asc = 0x20,
155 .ascq = 0x00,
156 .errno = EBADRQC, /* Invalid command operation code */
157 },{
158 /* end of list */
159 }
160 };
161
162 /* ------------------------------------------------------------------- */
163
164 static int ch_find_errno(struct scsi_sense_hdr *sshdr)
165 {
166 int i,errno = 0;
167
168 /* Check to see if additional sense information is available */
169 if (scsi_sense_valid(sshdr) &&
170 sshdr->asc != 0) {
171 for (i = 0; ch_err[i].errno != 0; i++) {
172 if (ch_err[i].sense == sshdr->sense_key &&
173 ch_err[i].asc == sshdr->asc &&
174 ch_err[i].ascq == sshdr->ascq) {
175 errno = -ch_err[i].errno;
176 break;
177 }
178 }
179 }
180 if (errno == 0)
181 errno = -EIO;
182 return errno;
183 }
184
185 static int
186 ch_do_scsi(scsi_changer *ch, unsigned char *cmd, int cmd_len,
187 void *buffer, unsigned buflength,
188 enum dma_data_direction direction)
189 {
190 int errno, retries = 0, timeout, result;
191 struct scsi_sense_hdr sshdr;
192
193 timeout = (cmd[0] == INITIALIZE_ELEMENT_STATUS)
194 ? timeout_init : timeout_move;
195
196 retry:
197 errno = 0;
198 result = scsi_execute_req(ch->device, cmd, direction, buffer,
199 buflength, &sshdr, timeout * HZ,
200 MAX_RETRIES, NULL);
201 if (result < 0)
202 return result;
203 if (scsi_sense_valid(&sshdr)) {
204 if (debug)
205 scsi_print_sense_hdr(ch->device, ch->name, &sshdr);
206 errno = ch_find_errno(&sshdr);
207
208 switch(sshdr.sense_key) {
209 case UNIT_ATTENTION:
210 ch->unit_attention = 1;
211 if (retries++ < 3)
212 goto retry;
213 break;
214 }
215 }
216 return errno;
217 }
218
219 /* ------------------------------------------------------------------------ */
220
221 static int
222 ch_elem_to_typecode(scsi_changer *ch, u_int elem)
223 {
224 int i;
225
226 for (i = 0; i < CH_TYPES; i++) {
227 if (elem >= ch->firsts[i] &&
228 elem < ch->firsts[i] +
229 ch->counts[i])
230 return i+1;
231 }
232 return 0;
233 }
234
235 static int
236 ch_read_element_status(scsi_changer *ch, u_int elem, char *data)
237 {
238 u_char cmd[12];
239 u_char *buffer;
240 int result;
241
242 buffer = kmalloc(512, GFP_KERNEL | GFP_DMA);
243 if(!buffer)
244 return -ENOMEM;
245
246 retry:
247 memset(cmd,0,sizeof(cmd));
248 cmd[0] = READ_ELEMENT_STATUS;
249 cmd[1] = ((ch->device->lun & 0x7) << 5) |
250 (ch->voltags ? 0x10 : 0) |
251 ch_elem_to_typecode(ch,elem);
252 cmd[2] = (elem >> 8) & 0xff;
253 cmd[3] = elem & 0xff;
254 cmd[5] = 1;
255 cmd[9] = 255;
256 if (0 == (result = ch_do_scsi(ch, cmd, 12,
257 buffer, 256, DMA_FROM_DEVICE))) {
258 if (((buffer[16] << 8) | buffer[17]) != elem) {
259 DPRINTK("asked for element 0x%02x, got 0x%02x\n",
260 elem,(buffer[16] << 8) | buffer[17]);
261 kfree(buffer);
262 return -EIO;
263 }
264 memcpy(data,buffer+16,16);
265 } else {
266 if (ch->voltags) {
267 ch->voltags = 0;
268 VPRINTK(KERN_INFO, "device has no volume tag support\n");
269 goto retry;
270 }
271 DPRINTK("READ ELEMENT STATUS for element 0x%x failed\n",elem);
272 }
273 kfree(buffer);
274 return result;
275 }
276
277 static int
278 ch_init_elem(scsi_changer *ch)
279 {
280 int err;
281 u_char cmd[6];
282
283 VPRINTK(KERN_INFO, "INITIALIZE ELEMENT STATUS, may take some time ...\n");
284 memset(cmd,0,sizeof(cmd));
285 cmd[0] = INITIALIZE_ELEMENT_STATUS;
286 cmd[1] = (ch->device->lun & 0x7) << 5;
287 err = ch_do_scsi(ch, cmd, 6, NULL, 0, DMA_NONE);
288 VPRINTK(KERN_INFO, "... finished\n");
289 return err;
290 }
291
292 static int
293 ch_readconfig(scsi_changer *ch)
294 {
295 u_char cmd[10], data[16];
296 u_char *buffer;
297 int result,id,lun,i;
298 u_int elem;
299
300 buffer = kzalloc(512, GFP_KERNEL | GFP_DMA);
301 if (!buffer)
302 return -ENOMEM;
303
304 memset(cmd,0,sizeof(cmd));
305 cmd[0] = MODE_SENSE;
306 cmd[1] = (ch->device->lun & 0x7) << 5;
307 cmd[2] = 0x1d;
308 cmd[4] = 255;
309 result = ch_do_scsi(ch, cmd, 10, buffer, 255, DMA_FROM_DEVICE);
310 if (0 != result) {
311 cmd[1] |= (1<<3);
312 result = ch_do_scsi(ch, cmd, 10, buffer, 255, DMA_FROM_DEVICE);
313 }
314 if (0 == result) {
315 ch->firsts[CHET_MT] =
316 (buffer[buffer[3]+ 6] << 8) | buffer[buffer[3]+ 7];
317 ch->counts[CHET_MT] =
318 (buffer[buffer[3]+ 8] << 8) | buffer[buffer[3]+ 9];
319 ch->firsts[CHET_ST] =
320 (buffer[buffer[3]+10] << 8) | buffer[buffer[3]+11];
321 ch->counts[CHET_ST] =
322 (buffer[buffer[3]+12] << 8) | buffer[buffer[3]+13];
323 ch->firsts[CHET_IE] =
324 (buffer[buffer[3]+14] << 8) | buffer[buffer[3]+15];
325 ch->counts[CHET_IE] =
326 (buffer[buffer[3]+16] << 8) | buffer[buffer[3]+17];
327 ch->firsts[CHET_DT] =
328 (buffer[buffer[3]+18] << 8) | buffer[buffer[3]+19];
329 ch->counts[CHET_DT] =
330 (buffer[buffer[3]+20] << 8) | buffer[buffer[3]+21];
331 VPRINTK(KERN_INFO, "type #1 (mt): 0x%x+%d [medium transport]\n",
332 ch->firsts[CHET_MT],
333 ch->counts[CHET_MT]);
334 VPRINTK(KERN_INFO, "type #2 (st): 0x%x+%d [storage]\n",
335 ch->firsts[CHET_ST],
336 ch->counts[CHET_ST]);
337 VPRINTK(KERN_INFO, "type #3 (ie): 0x%x+%d [import/export]\n",
338 ch->firsts[CHET_IE],
339 ch->counts[CHET_IE]);
340 VPRINTK(KERN_INFO, "type #4 (dt): 0x%x+%d [data transfer]\n",
341 ch->firsts[CHET_DT],
342 ch->counts[CHET_DT]);
343 } else {
344 VPRINTK(KERN_INFO, "reading element address assignment page failed!\n");
345 }
346
347 /* vendor specific element types */
348 for (i = 0; i < 4; i++) {
349 if (0 == vendor_counts[i])
350 continue;
351 if (NULL == vendor_labels[i])
352 continue;
353 ch->firsts[CHET_V1+i] = vendor_firsts[i];
354 ch->counts[CHET_V1+i] = vendor_counts[i];
355 VPRINTK(KERN_INFO, "type #%d (v%d): 0x%x+%d [%s, vendor specific]\n",
356 i+5,i+1,vendor_firsts[i],vendor_counts[i],
357 vendor_labels[i]);
358 }
359
360 /* look up the devices of the data transfer elements */
361 ch->dt = kcalloc(ch->counts[CHET_DT], sizeof(*ch->dt),
362 GFP_KERNEL);
363
364 if (!ch->dt) {
365 kfree(buffer);
366 return -ENOMEM;
367 }
368
369 for (elem = 0; elem < ch->counts[CHET_DT]; elem++) {
370 id = -1;
371 lun = 0;
372 if (elem < CH_DT_MAX && -1 != dt_id[elem]) {
373 id = dt_id[elem];
374 lun = dt_lun[elem];
375 VPRINTK(KERN_INFO, "dt 0x%x: [insmod option] ",
376 elem+ch->firsts[CHET_DT]);
377 } else if (0 != ch_read_element_status
378 (ch,elem+ch->firsts[CHET_DT],data)) {
379 VPRINTK(KERN_INFO, "dt 0x%x: READ ELEMENT STATUS failed\n",
380 elem+ch->firsts[CHET_DT]);
381 } else {
382 VPRINTK(KERN_INFO, "dt 0x%x: ",elem+ch->firsts[CHET_DT]);
383 if (data[6] & 0x80) {
384 VPRINTK(KERN_CONT, "not this SCSI bus\n");
385 ch->dt[elem] = NULL;
386 } else if (0 == (data[6] & 0x30)) {
387 VPRINTK(KERN_CONT, "ID/LUN unknown\n");
388 ch->dt[elem] = NULL;
389 } else {
390 id = ch->device->id;
391 lun = 0;
392 if (data[6] & 0x20) id = data[7];
393 if (data[6] & 0x10) lun = data[6] & 7;
394 }
395 }
396 if (-1 != id) {
397 VPRINTK(KERN_CONT, "ID %i, LUN %i, ",id,lun);
398 ch->dt[elem] =
399 scsi_device_lookup(ch->device->host,
400 ch->device->channel,
401 id,lun);
402 if (!ch->dt[elem]) {
403 /* should not happen */
404 VPRINTK(KERN_CONT, "Huh? device not found!\n");
405 } else {
406 VPRINTK(KERN_CONT, "name: %8.8s %16.16s %4.4s\n",
407 ch->dt[elem]->vendor,
408 ch->dt[elem]->model,
409 ch->dt[elem]->rev);
410 }
411 }
412 }
413 ch->voltags = 1;
414 kfree(buffer);
415
416 return 0;
417 }
418
419 /* ------------------------------------------------------------------------ */
420
421 static int
422 ch_position(scsi_changer *ch, u_int trans, u_int elem, int rotate)
423 {
424 u_char cmd[10];
425
426 DPRINTK("position: 0x%x\n",elem);
427 if (0 == trans)
428 trans = ch->firsts[CHET_MT];
429 memset(cmd,0,sizeof(cmd));
430 cmd[0] = POSITION_TO_ELEMENT;
431 cmd[1] = (ch->device->lun & 0x7) << 5;
432 cmd[2] = (trans >> 8) & 0xff;
433 cmd[3] = trans & 0xff;
434 cmd[4] = (elem >> 8) & 0xff;
435 cmd[5] = elem & 0xff;
436 cmd[8] = rotate ? 1 : 0;
437 return ch_do_scsi(ch, cmd, 10, NULL, 0, DMA_NONE);
438 }
439
440 static int
441 ch_move(scsi_changer *ch, u_int trans, u_int src, u_int dest, int rotate)
442 {
443 u_char cmd[12];
444
445 DPRINTK("move: 0x%x => 0x%x\n",src,dest);
446 if (0 == trans)
447 trans = ch->firsts[CHET_MT];
448 memset(cmd,0,sizeof(cmd));
449 cmd[0] = MOVE_MEDIUM;
450 cmd[1] = (ch->device->lun & 0x7) << 5;
451 cmd[2] = (trans >> 8) & 0xff;
452 cmd[3] = trans & 0xff;
453 cmd[4] = (src >> 8) & 0xff;
454 cmd[5] = src & 0xff;
455 cmd[6] = (dest >> 8) & 0xff;
456 cmd[7] = dest & 0xff;
457 cmd[10] = rotate ? 1 : 0;
458 return ch_do_scsi(ch, cmd, 12, NULL,0, DMA_NONE);
459 }
460
461 static int
462 ch_exchange(scsi_changer *ch, u_int trans, u_int src,
463 u_int dest1, u_int dest2, int rotate1, int rotate2)
464 {
465 u_char cmd[12];
466
467 DPRINTK("exchange: 0x%x => 0x%x => 0x%x\n",
468 src,dest1,dest2);
469 if (0 == trans)
470 trans = ch->firsts[CHET_MT];
471 memset(cmd,0,sizeof(cmd));
472 cmd[0] = EXCHANGE_MEDIUM;
473 cmd[1] = (ch->device->lun & 0x7) << 5;
474 cmd[2] = (trans >> 8) & 0xff;
475 cmd[3] = trans & 0xff;
476 cmd[4] = (src >> 8) & 0xff;
477 cmd[5] = src & 0xff;
478 cmd[6] = (dest1 >> 8) & 0xff;
479 cmd[7] = dest1 & 0xff;
480 cmd[8] = (dest2 >> 8) & 0xff;
481 cmd[9] = dest2 & 0xff;
482 cmd[10] = (rotate1 ? 1 : 0) | (rotate2 ? 2 : 0);
483
484 return ch_do_scsi(ch, cmd, 12, NULL, 0, DMA_NONE);
485 }
486
487 static void
488 ch_check_voltag(char *tag)
489 {
490 int i;
491
492 for (i = 0; i < 32; i++) {
493 /* restrict to ascii */
494 if (tag[i] >= 0x7f || tag[i] < 0x20)
495 tag[i] = ' ';
496 /* don't allow search wildcards */
497 if (tag[i] == '?' ||
498 tag[i] == '*')
499 tag[i] = ' ';
500 }
501 }
502
503 static int
504 ch_set_voltag(scsi_changer *ch, u_int elem,
505 int alternate, int clear, u_char *tag)
506 {
507 u_char cmd[12];
508 u_char *buffer;
509 int result;
510
511 buffer = kzalloc(512, GFP_KERNEL);
512 if (!buffer)
513 return -ENOMEM;
514
515 DPRINTK("%s %s voltag: 0x%x => \"%s\"\n",
516 clear ? "clear" : "set",
517 alternate ? "alternate" : "primary",
518 elem, tag);
519 memset(cmd,0,sizeof(cmd));
520 cmd[0] = SEND_VOLUME_TAG;
521 cmd[1] = ((ch->device->lun & 0x7) << 5) |
522 ch_elem_to_typecode(ch,elem);
523 cmd[2] = (elem >> 8) & 0xff;
524 cmd[3] = elem & 0xff;
525 cmd[5] = clear
526 ? (alternate ? 0x0d : 0x0c)
527 : (alternate ? 0x0b : 0x0a);
528
529 cmd[9] = 255;
530
531 memcpy(buffer,tag,32);
532 ch_check_voltag(buffer);
533
534 result = ch_do_scsi(ch, cmd, 12, buffer, 256, DMA_TO_DEVICE);
535 kfree(buffer);
536 return result;
537 }
538
539 static int ch_gstatus(scsi_changer *ch, int type, unsigned char __user *dest)
540 {
541 int retval = 0;
542 u_char data[16];
543 unsigned int i;
544
545 mutex_lock(&ch->lock);
546 for (i = 0; i < ch->counts[type]; i++) {
547 if (0 != ch_read_element_status
548 (ch, ch->firsts[type]+i,data)) {
549 retval = -EIO;
550 break;
551 }
552 put_user(data[2], dest+i);
553 if (data[2] & CESTATUS_EXCEPT)
554 VPRINTK(KERN_INFO, "element 0x%x: asc=0x%x, ascq=0x%x\n",
555 ch->firsts[type]+i,
556 (int)data[4],(int)data[5]);
557 retval = ch_read_element_status
558 (ch, ch->firsts[type]+i,data);
559 if (0 != retval)
560 break;
561 }
562 mutex_unlock(&ch->lock);
563 return retval;
564 }
565
566 /* ------------------------------------------------------------------------ */
567
568 static void ch_destroy(struct kref *ref)
569 {
570 scsi_changer *ch = container_of(ref, scsi_changer, ref);
571
572 ch->device = NULL;
573 kfree(ch->dt);
574 kfree(ch);
575 }
576
577 static int
578 ch_release(struct inode *inode, struct file *file)
579 {
580 scsi_changer *ch = file->private_data;
581
582 scsi_device_put(ch->device);
583 file->private_data = NULL;
584 kref_put(&ch->ref, ch_destroy);
585 return 0;
586 }
587
588 static int
589 ch_open(struct inode *inode, struct file *file)
590 {
591 scsi_changer *ch;
592 int minor = iminor(inode);
593
594 spin_lock(&ch_index_lock);
595 ch = idr_find(&ch_index_idr, minor);
596
597 if (ch == NULL || !kref_get_unless_zero(&ch->ref)) {
598 spin_unlock(&ch_index_lock);
599 return -ENXIO;
600 }
601 spin_unlock(&ch_index_lock);
602 if (scsi_device_get(ch->device)) {
603 kref_put(&ch->ref, ch_destroy);
604 return -ENXIO;
605 }
606 /* Synchronize with ch_probe() */
607 mutex_lock(&ch->lock);
608 file->private_data = ch;
609 mutex_unlock(&ch->lock);
610 return 0;
611 }
612
613 static int
614 ch_checkrange(scsi_changer *ch, unsigned int type, unsigned int unit)
615 {
616 if (type >= CH_TYPES || unit >= ch->counts[type])
617 return -1;
618 return 0;
619 }
620
621 struct changer_element_status32 {
622 int ces_type;
623 compat_uptr_t ces_data;
624 };
625 #define CHIOGSTATUS32 _IOW('c', 8, struct changer_element_status32)
626
627 static long ch_ioctl(struct file *file,
628 unsigned int cmd, unsigned long arg)
629 {
630 scsi_changer *ch = file->private_data;
631 int retval;
632 void __user *argp = (void __user *)arg;
633
634 retval = scsi_ioctl_block_when_processing_errors(ch->device, cmd,
635 file->f_flags & O_NDELAY);
636 if (retval)
637 return retval;
638
639 switch (cmd) {
640 case CHIOGPARAMS:
641 {
642 struct changer_params params;
643
644 params.cp_curpicker = 0;
645 params.cp_npickers = ch->counts[CHET_MT];
646 params.cp_nslots = ch->counts[CHET_ST];
647 params.cp_nportals = ch->counts[CHET_IE];
648 params.cp_ndrives = ch->counts[CHET_DT];
649
650 if (copy_to_user(argp, &params, sizeof(params)))
651 return -EFAULT;
652 return 0;
653 }
654 case CHIOGVPARAMS:
655 {
656 struct changer_vendor_params vparams;
657
658 memset(&vparams,0,sizeof(vparams));
659 if (ch->counts[CHET_V1]) {
660 vparams.cvp_n1 = ch->counts[CHET_V1];
661 strncpy(vparams.cvp_label1,vendor_labels[0],16);
662 }
663 if (ch->counts[CHET_V2]) {
664 vparams.cvp_n2 = ch->counts[CHET_V2];
665 strncpy(vparams.cvp_label2,vendor_labels[1],16);
666 }
667 if (ch->counts[CHET_V3]) {
668 vparams.cvp_n3 = ch->counts[CHET_V3];
669 strncpy(vparams.cvp_label3,vendor_labels[2],16);
670 }
671 if (ch->counts[CHET_V4]) {
672 vparams.cvp_n4 = ch->counts[CHET_V4];
673 strncpy(vparams.cvp_label4,vendor_labels[3],16);
674 }
675 if (copy_to_user(argp, &vparams, sizeof(vparams)))
676 return -EFAULT;
677 return 0;
678 }
679
680 case CHIOPOSITION:
681 {
682 struct changer_position pos;
683
684 if (copy_from_user(&pos, argp, sizeof (pos)))
685 return -EFAULT;
686
687 if (0 != ch_checkrange(ch, pos.cp_type, pos.cp_unit)) {
688 DPRINTK("CHIOPOSITION: invalid parameter\n");
689 return -EBADSLT;
690 }
691 mutex_lock(&ch->lock);
692 retval = ch_position(ch,0,
693 ch->firsts[pos.cp_type] + pos.cp_unit,
694 pos.cp_flags & CP_INVERT);
695 mutex_unlock(&ch->lock);
696 return retval;
697 }
698
699 case CHIOMOVE:
700 {
701 struct changer_move mv;
702
703 if (copy_from_user(&mv, argp, sizeof (mv)))
704 return -EFAULT;
705
706 if (0 != ch_checkrange(ch, mv.cm_fromtype, mv.cm_fromunit) ||
707 0 != ch_checkrange(ch, mv.cm_totype, mv.cm_tounit )) {
708 DPRINTK("CHIOMOVE: invalid parameter\n");
709 return -EBADSLT;
710 }
711
712 mutex_lock(&ch->lock);
713 retval = ch_move(ch,0,
714 ch->firsts[mv.cm_fromtype] + mv.cm_fromunit,
715 ch->firsts[mv.cm_totype] + mv.cm_tounit,
716 mv.cm_flags & CM_INVERT);
717 mutex_unlock(&ch->lock);
718 return retval;
719 }
720
721 case CHIOEXCHANGE:
722 {
723 struct changer_exchange mv;
724
725 if (copy_from_user(&mv, argp, sizeof (mv)))
726 return -EFAULT;
727
728 if (0 != ch_checkrange(ch, mv.ce_srctype, mv.ce_srcunit ) ||
729 0 != ch_checkrange(ch, mv.ce_fdsttype, mv.ce_fdstunit) ||
730 0 != ch_checkrange(ch, mv.ce_sdsttype, mv.ce_sdstunit)) {
731 DPRINTK("CHIOEXCHANGE: invalid parameter\n");
732 return -EBADSLT;
733 }
734
735 mutex_lock(&ch->lock);
736 retval = ch_exchange
737 (ch,0,
738 ch->firsts[mv.ce_srctype] + mv.ce_srcunit,
739 ch->firsts[mv.ce_fdsttype] + mv.ce_fdstunit,
740 ch->firsts[mv.ce_sdsttype] + mv.ce_sdstunit,
741 mv.ce_flags & CE_INVERT1, mv.ce_flags & CE_INVERT2);
742 mutex_unlock(&ch->lock);
743 return retval;
744 }
745
746 case CHIOGSTATUS:
747 {
748 struct changer_element_status ces;
749
750 if (copy_from_user(&ces, argp, sizeof (ces)))
751 return -EFAULT;
752 if (ces.ces_type < 0 || ces.ces_type >= CH_TYPES)
753 return -EINVAL;
754
755 return ch_gstatus(ch, ces.ces_type, ces.ces_data);
756 }
757 #ifdef CONFIG_COMPAT
758 case CHIOGSTATUS32:
759 {
760 struct changer_element_status32 ces32;
761
762 if (copy_from_user(&ces32, argp, sizeof(ces32)))
763 return -EFAULT;
764 if (ces32.ces_type < 0 || ces32.ces_type >= CH_TYPES)
765 return -EINVAL;
766
767 return ch_gstatus(ch, ces32.ces_type,
768 compat_ptr(ces32.ces_data));
769 }
770 #endif
771 case CHIOGELEM:
772 {
773 struct changer_get_element cge;
774 u_char ch_cmd[12];
775 u_char *buffer;
776 unsigned int elem;
777 int result,i;
778
779 if (copy_from_user(&cge, argp, sizeof (cge)))
780 return -EFAULT;
781
782 if (0 != ch_checkrange(ch, cge.cge_type, cge.cge_unit))
783 return -EINVAL;
784 elem = ch->firsts[cge.cge_type] + cge.cge_unit;
785
786 buffer = kmalloc(512, GFP_KERNEL | GFP_DMA);
787 if (!buffer)
788 return -ENOMEM;
789 mutex_lock(&ch->lock);
790
791 voltag_retry:
792 memset(ch_cmd, 0, sizeof(ch_cmd));
793 ch_cmd[0] = READ_ELEMENT_STATUS;
794 ch_cmd[1] = ((ch->device->lun & 0x7) << 5) |
795 (ch->voltags ? 0x10 : 0) |
796 ch_elem_to_typecode(ch,elem);
797 ch_cmd[2] = (elem >> 8) & 0xff;
798 ch_cmd[3] = elem & 0xff;
799 ch_cmd[5] = 1;
800 ch_cmd[9] = 255;
801
802 result = ch_do_scsi(ch, ch_cmd, 12,
803 buffer, 256, DMA_FROM_DEVICE);
804 if (!result) {
805 cge.cge_status = buffer[18];
806 cge.cge_flags = 0;
807 if (buffer[18] & CESTATUS_EXCEPT) {
808 cge.cge_errno = EIO;
809 }
810 if (buffer[25] & 0x80) {
811 cge.cge_flags |= CGE_SRC;
812 if (buffer[25] & 0x40)
813 cge.cge_flags |= CGE_INVERT;
814 elem = (buffer[26]<<8) | buffer[27];
815 for (i = 0; i < 4; i++) {
816 if (elem >= ch->firsts[i] &&
817 elem < ch->firsts[i] + ch->counts[i]) {
818 cge.cge_srctype = i;
819 cge.cge_srcunit = elem-ch->firsts[i];
820 }
821 }
822 }
823 if ((buffer[22] & 0x30) == 0x30) {
824 cge.cge_flags |= CGE_IDLUN;
825 cge.cge_id = buffer[23];
826 cge.cge_lun = buffer[22] & 7;
827 }
828 if (buffer[9] & 0x80) {
829 cge.cge_flags |= CGE_PVOLTAG;
830 memcpy(cge.cge_pvoltag,buffer+28,36);
831 }
832 if (buffer[9] & 0x40) {
833 cge.cge_flags |= CGE_AVOLTAG;
834 memcpy(cge.cge_avoltag,buffer+64,36);
835 }
836 } else if (ch->voltags) {
837 ch->voltags = 0;
838 VPRINTK(KERN_INFO, "device has no volume tag support\n");
839 goto voltag_retry;
840 }
841 kfree(buffer);
842 mutex_unlock(&ch->lock);
843
844 if (copy_to_user(argp, &cge, sizeof (cge)))
845 return -EFAULT;
846 return result;
847 }
848
849 case CHIOINITELEM:
850 {
851 mutex_lock(&ch->lock);
852 retval = ch_init_elem(ch);
853 mutex_unlock(&ch->lock);
854 return retval;
855 }
856
857 case CHIOSVOLTAG:
858 {
859 struct changer_set_voltag csv;
860 int elem;
861
862 if (copy_from_user(&csv, argp, sizeof(csv)))
863 return -EFAULT;
864
865 if (0 != ch_checkrange(ch, csv.csv_type, csv.csv_unit)) {
866 DPRINTK("CHIOSVOLTAG: invalid parameter\n");
867 return -EBADSLT;
868 }
869 elem = ch->firsts[csv.csv_type] + csv.csv_unit;
870 mutex_lock(&ch->lock);
871 retval = ch_set_voltag(ch, elem,
872 csv.csv_flags & CSV_AVOLTAG,
873 csv.csv_flags & CSV_CLEARTAG,
874 csv.csv_voltag);
875 mutex_unlock(&ch->lock);
876 return retval;
877 }
878
879 default:
880 return scsi_ioctl(ch->device, NULL, file->f_mode, cmd, argp);
881
882 }
883 }
884
885 /* ------------------------------------------------------------------------ */
886
887 static int ch_probe(struct device *dev)
888 {
889 struct scsi_device *sd = to_scsi_device(dev);
890 struct device *class_dev;
891 int ret;
892 scsi_changer *ch;
893
894 if (sd->type != TYPE_MEDIUM_CHANGER)
895 return -ENODEV;
896
897 ch = kzalloc(sizeof(*ch), GFP_KERNEL);
898 if (NULL == ch)
899 return -ENOMEM;
900
901 idr_preload(GFP_KERNEL);
902 spin_lock(&ch_index_lock);
903 ret = idr_alloc(&ch_index_idr, ch, 0, CH_MAX_DEVS + 1, GFP_NOWAIT);
904 spin_unlock(&ch_index_lock);
905 idr_preload_end();
906
907 if (ret < 0) {
908 if (ret == -ENOSPC)
909 ret = -ENODEV;
910 goto free_ch;
911 }
912
913 ch->minor = ret;
914 sprintf(ch->name,"ch%d",ch->minor);
915 ret = scsi_device_get(sd);
916 if (ret) {
917 sdev_printk(KERN_WARNING, sd, "ch%d: failed to get device\n",
918 ch->minor);
919 goto remove_idr;
920 }
921
922 mutex_init(&ch->lock);
923 kref_init(&ch->ref);
924 ch->device = sd;
925 class_dev = device_create(ch_sysfs_class, dev,
926 MKDEV(SCSI_CHANGER_MAJOR, ch->minor), ch,
927 "s%s", ch->name);
928 if (IS_ERR(class_dev)) {
929 sdev_printk(KERN_WARNING, sd, "ch%d: device_create failed\n",
930 ch->minor);
931 ret = PTR_ERR(class_dev);
932 goto put_device;
933 }
934
935 mutex_lock(&ch->lock);
936 ret = ch_readconfig(ch);
937 if (ret) {
938 mutex_unlock(&ch->lock);
939 goto destroy_dev;
940 }
941 if (init)
942 ch_init_elem(ch);
943
944 mutex_unlock(&ch->lock);
945 dev_set_drvdata(dev, ch);
946 sdev_printk(KERN_INFO, sd, "Attached scsi changer %s\n", ch->name);
947
948 return 0;
949 destroy_dev:
950 device_destroy(ch_sysfs_class, MKDEV(SCSI_CHANGER_MAJOR, ch->minor));
951 put_device:
952 scsi_device_put(sd);
953 remove_idr:
954 idr_remove(&ch_index_idr, ch->minor);
955 free_ch:
956 kfree(ch);
957 return ret;
958 }
959
960 static int ch_remove(struct device *dev)
961 {
962 scsi_changer *ch = dev_get_drvdata(dev);
963
964 spin_lock(&ch_index_lock);
965 idr_remove(&ch_index_idr, ch->minor);
966 dev_set_drvdata(dev, NULL);
967 spin_unlock(&ch_index_lock);
968
969 device_destroy(ch_sysfs_class, MKDEV(SCSI_CHANGER_MAJOR,ch->minor));
970 scsi_device_put(ch->device);
971 kref_put(&ch->ref, ch_destroy);
972 return 0;
973 }
974
975 static struct scsi_driver ch_template = {
976 .gendrv = {
977 .name = "ch",
978 .owner = THIS_MODULE,
979 .probe = ch_probe,
980 .remove = ch_remove,
981 },
982 };
983
984 static const struct file_operations changer_fops = {
985 .owner = THIS_MODULE,
986 .open = ch_open,
987 .release = ch_release,
988 .unlocked_ioctl = ch_ioctl,
989 .compat_ioctl = compat_ptr_ioctl,
990 .llseek = noop_llseek,
991 };
992
993 static int __init init_ch_module(void)
994 {
995 int rc;
996
997 printk(KERN_INFO "SCSI Media Changer driver v" VERSION " \n");
998 ch_sysfs_class = class_create(THIS_MODULE, "scsi_changer");
999 if (IS_ERR(ch_sysfs_class)) {
1000 rc = PTR_ERR(ch_sysfs_class);
1001 return rc;
1002 }
1003 rc = register_chrdev(SCSI_CHANGER_MAJOR,"ch",&changer_fops);
1004 if (rc < 0) {
1005 printk("Unable to get major %d for SCSI-Changer\n",
1006 SCSI_CHANGER_MAJOR);
1007 goto fail1;
1008 }
1009 rc = scsi_register_driver(&ch_template.gendrv);
1010 if (rc < 0)
1011 goto fail2;
1012 return 0;
1013
1014 fail2:
1015 unregister_chrdev(SCSI_CHANGER_MAJOR, "ch");
1016 fail1:
1017 class_destroy(ch_sysfs_class);
1018 return rc;
1019 }
1020
1021 static void __exit exit_ch_module(void)
1022 {
1023 scsi_unregister_driver(&ch_template.gendrv);
1024 unregister_chrdev(SCSI_CHANGER_MAJOR, "ch");
1025 class_destroy(ch_sysfs_class);
1026 idr_destroy(&ch_index_idr);
1027 }
1028
1029 module_init(init_ch_module);
1030 module_exit(exit_ch_module);
Ubuntu Jammy Linux kernel mirror