block/scsi_ioctl.c at v2.6.15-rc3

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / block / scsi_ioctl.c
at v2.6.15-rc3 589 lines 14 kB view raw
wrap content
  1/*
  2 * Copyright (C) 2001 Jens Axboe <axboe@suse.de>
  3 *
  4 * This program is free software; you can redistribute it and/or modify
  5 * it under the terms of the GNU General Public License version 2 as
  6 * published by the Free Software Foundation.
  7 *
  8 * This program is distributed in the hope that it will be useful,
  9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 10 *
 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 12 * GNU General Public License for more details.
 13 *
 14 * You should have received a copy of the GNU General Public Licens
 15 * along with this program; if not, write to the Free Software
 16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-
 17 *
 18 */
 19#include <linux/kernel.h>
 20#include <linux/errno.h>
 21#include <linux/string.h>
 22#include <linux/module.h>
 23#include <linux/blkdev.h>
 24#include <linux/completion.h>
 25#include <linux/cdrom.h>
 26#include <linux/slab.h>
 27#include <linux/times.h>
 28#include <asm/uaccess.h>
 29
 30#include <scsi/scsi.h>
 31#include <scsi/scsi_ioctl.h>
 32#include <scsi/scsi_cmnd.h>
 33
 34/* Command group 3 is reserved and should never be used.  */
 35const unsigned char scsi_command_size[8] =
 36{
 37	6, 10, 10, 12,
 38	16, 12, 10, 10
 39};
 40
 41EXPORT_SYMBOL(scsi_command_size);
 42
 43#define BLK_DEFAULT_TIMEOUT	(60 * HZ)
 44
 45#include <scsi/sg.h>
 46
 47static int sg_get_version(int __user *p)
 48{
 49	static int sg_version_num = 30527;
 50	return put_user(sg_version_num, p);
 51}
 52
 53static int scsi_get_idlun(request_queue_t *q, int __user *p)
 54{
 55	return put_user(0, p);
 56}
 57
 58static int scsi_get_bus(request_queue_t *q, int __user *p)
 59{
 60	return put_user(0, p);
 61}
 62
 63static int sg_get_timeout(request_queue_t *q)
 64{
 65	return q->sg_timeout / (HZ / USER_HZ);
 66}
 67
 68static int sg_set_timeout(request_queue_t *q, int __user *p)
 69{
 70	int timeout, err = get_user(timeout, p);
 71
 72	if (!err)
 73		q->sg_timeout = timeout * (HZ / USER_HZ);
 74
 75	return err;
 76}
 77
 78static int sg_get_reserved_size(request_queue_t *q, int __user *p)
 79{
 80	return put_user(q->sg_reserved_size, p);
 81}
 82
 83static int sg_set_reserved_size(request_queue_t *q, int __user *p)
 84{
 85	int size, err = get_user(size, p);
 86
 87	if (err)
 88		return err;
 89
 90	if (size < 0)
 91		return -EINVAL;
 92	if (size > (q->max_sectors << 9))
 93		size = q->max_sectors << 9;
 94
 95	q->sg_reserved_size = size;
 96	return 0;
 97}
 98
 99/*
100 * will always return that we are ATAPI even for a real SCSI drive, I'm not
101 * so sure this is worth doing anything about (why would you care??)
102 */
103static int sg_emulated_host(request_queue_t *q, int __user *p)
104{
105	return put_user(1, p);
106}
107
108#define CMD_READ_SAFE	0x01
109#define CMD_WRITE_SAFE	0x02
110#define CMD_WARNED	0x04
111#define safe_for_read(cmd)	[cmd] = CMD_READ_SAFE
112#define safe_for_write(cmd)	[cmd] = CMD_WRITE_SAFE
113
114static int verify_command(struct file *file, unsigned char *cmd)
115{
116	static unsigned char cmd_type[256] = {
117
118		/* Basic read-only commands */
119		safe_for_read(TEST_UNIT_READY),
120		safe_for_read(REQUEST_SENSE),
121		safe_for_read(READ_6),
122		safe_for_read(READ_10),
123		safe_for_read(READ_12),
124		safe_for_read(READ_16),
125		safe_for_read(READ_BUFFER),
126		safe_for_read(READ_DEFECT_DATA),
127		safe_for_read(READ_LONG),
128		safe_for_read(INQUIRY),
129		safe_for_read(MODE_SENSE),
130		safe_for_read(MODE_SENSE_10),
131		safe_for_read(LOG_SENSE),
132		safe_for_read(START_STOP),
133		safe_for_read(GPCMD_VERIFY_10),
134		safe_for_read(VERIFY_16),
135
136		/* Audio CD commands */
137		safe_for_read(GPCMD_PLAY_CD),
138		safe_for_read(GPCMD_PLAY_AUDIO_10),
139		safe_for_read(GPCMD_PLAY_AUDIO_MSF),
140		safe_for_read(GPCMD_PLAY_AUDIO_TI),
141		safe_for_read(GPCMD_PAUSE_RESUME),
142
143		/* CD/DVD data reading */
144		safe_for_read(GPCMD_READ_BUFFER_CAPACITY),
145		safe_for_read(GPCMD_READ_CD),
146		safe_for_read(GPCMD_READ_CD_MSF),
147		safe_for_read(GPCMD_READ_DISC_INFO),
148		safe_for_read(GPCMD_READ_CDVD_CAPACITY),
149		safe_for_read(GPCMD_READ_DVD_STRUCTURE),
150		safe_for_read(GPCMD_READ_HEADER),
151		safe_for_read(GPCMD_READ_TRACK_RZONE_INFO),
152		safe_for_read(GPCMD_READ_SUBCHANNEL),
153		safe_for_read(GPCMD_READ_TOC_PMA_ATIP),
154		safe_for_read(GPCMD_REPORT_KEY),
155		safe_for_read(GPCMD_SCAN),
156		safe_for_read(GPCMD_GET_CONFIGURATION),
157		safe_for_read(GPCMD_READ_FORMAT_CAPACITIES),
158		safe_for_read(GPCMD_GET_EVENT_STATUS_NOTIFICATION),
159		safe_for_read(GPCMD_GET_PERFORMANCE),
160		safe_for_read(GPCMD_SEEK),
161		safe_for_read(GPCMD_STOP_PLAY_SCAN),
162
163		/* Basic writing commands */
164		safe_for_write(WRITE_6),
165		safe_for_write(WRITE_10),
166		safe_for_write(WRITE_VERIFY),
167		safe_for_write(WRITE_12),
168		safe_for_write(WRITE_VERIFY_12),
169		safe_for_write(WRITE_16),
170		safe_for_write(WRITE_LONG),
171		safe_for_write(WRITE_LONG_2),
172		safe_for_write(ERASE),
173		safe_for_write(GPCMD_MODE_SELECT_10),
174		safe_for_write(MODE_SELECT),
175		safe_for_write(LOG_SELECT),
176		safe_for_write(GPCMD_BLANK),
177		safe_for_write(GPCMD_CLOSE_TRACK),
178		safe_for_write(GPCMD_FLUSH_CACHE),
179		safe_for_write(GPCMD_FORMAT_UNIT),
180		safe_for_write(GPCMD_REPAIR_RZONE_TRACK),
181		safe_for_write(GPCMD_RESERVE_RZONE_TRACK),
182		safe_for_write(GPCMD_SEND_DVD_STRUCTURE),
183		safe_for_write(GPCMD_SEND_EVENT),
184		safe_for_write(GPCMD_SEND_KEY),
185		safe_for_write(GPCMD_SEND_OPC),
186		safe_for_write(GPCMD_SEND_CUE_SHEET),
187		safe_for_write(GPCMD_SET_SPEED),
188		safe_for_write(GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL),
189		safe_for_write(GPCMD_LOAD_UNLOAD),
190		safe_for_write(GPCMD_SET_STREAMING),
191	};
192	unsigned char type = cmd_type[cmd[0]];
193
194	/* Anybody who can open the device can do a read-safe command */
195	if (type & CMD_READ_SAFE)
196		return 0;
197
198	/* Write-safe commands just require a writable open.. */
199	if (type & CMD_WRITE_SAFE) {
200		if (file->f_mode & FMODE_WRITE)
201			return 0;
202	}
203
204	/* And root can do any command.. */
205	if (capable(CAP_SYS_RAWIO))
206		return 0;
207
208	if (!type) {
209		cmd_type[cmd[0]] = CMD_WARNED;
210		printk(KERN_WARNING "scsi: unknown opcode 0x%02x\n", cmd[0]);
211	}
212
213	/* Otherwise fail it with an "Operation not permitted" */
214	return -EPERM;
215}
216
217static int sg_io(struct file *file, request_queue_t *q,
218		struct gendisk *bd_disk, struct sg_io_hdr *hdr)
219{
220	unsigned long start_time;
221	int writing = 0, ret = 0;
222	struct request *rq;
223	struct bio *bio;
224	char sense[SCSI_SENSE_BUFFERSIZE];
225	unsigned char cmd[BLK_MAX_CDB];
226
227	if (hdr->interface_id != 'S')
228		return -EINVAL;
229	if (hdr->cmd_len > BLK_MAX_CDB)
230		return -EINVAL;
231	if (copy_from_user(cmd, hdr->cmdp, hdr->cmd_len))
232		return -EFAULT;
233	if (verify_command(file, cmd))
234		return -EPERM;
235
236	if (hdr->dxfer_len > (q->max_sectors << 9))
237		return -EIO;
238
239	if (hdr->dxfer_len)
240		switch (hdr->dxfer_direction) {
241		default:
242			return -EINVAL;
243		case SG_DXFER_TO_FROM_DEV:
244		case SG_DXFER_TO_DEV:
245			writing = 1;
246			break;
247		case SG_DXFER_FROM_DEV:
248			break;
249		}
250
251	rq = blk_get_request(q, writing ? WRITE : READ, GFP_KERNEL);
252	if (!rq)
253		return -ENOMEM;
254
255	if (hdr->iovec_count) {
256		const int size = sizeof(struct sg_iovec) * hdr->iovec_count;
257		struct sg_iovec *iov;
258
259		iov = kmalloc(size, GFP_KERNEL);
260		if (!iov) {
261			ret = -ENOMEM;
262			goto out;
263		}
264
265		if (copy_from_user(iov, hdr->dxferp, size)) {
266			kfree(iov);
267			ret = -EFAULT;
268			goto out;
269		}
270
271		ret = blk_rq_map_user_iov(q, rq, iov, hdr->iovec_count);
272		kfree(iov);
273	} else if (hdr->dxfer_len)
274		ret = blk_rq_map_user(q, rq, hdr->dxferp, hdr->dxfer_len);
275
276	if (ret)
277		goto out;
278
279	/*
280	 * fill in request structure
281	 */
282	rq->cmd_len = hdr->cmd_len;
283	memcpy(rq->cmd, cmd, hdr->cmd_len);
284	if (sizeof(rq->cmd) != hdr->cmd_len)
285		memset(rq->cmd + hdr->cmd_len, 0, sizeof(rq->cmd) - hdr->cmd_len);
286
287	memset(sense, 0, sizeof(sense));
288	rq->sense = sense;
289	rq->sense_len = 0;
290
291	rq->flags |= REQ_BLOCK_PC;
292	bio = rq->bio;
293
294	/*
295	 * bounce this after holding a reference to the original bio, it's
296	 * needed for proper unmapping
297	 */
298	if (rq->bio)
299		blk_queue_bounce(q, &rq->bio);
300
301	rq->timeout = (hdr->timeout * HZ) / 1000;
302	if (!rq->timeout)
303		rq->timeout = q->sg_timeout;
304	if (!rq->timeout)
305		rq->timeout = BLK_DEFAULT_TIMEOUT;
306
307	start_time = jiffies;
308
309	/* ignore return value. All information is passed back to caller
310	 * (if he doesn't check that is his problem).
311	 * N.B. a non-zero SCSI status is _not_ necessarily an error.
312	 */
313	blk_execute_rq(q, bd_disk, rq, 0);
314
315	/* write to all output members */
316	hdr->status = 0xff & rq->errors;
317	hdr->masked_status = status_byte(rq->errors);
318	hdr->msg_status = msg_byte(rq->errors);
319	hdr->host_status = host_byte(rq->errors);
320	hdr->driver_status = driver_byte(rq->errors);
321	hdr->info = 0;
322	if (hdr->masked_status || hdr->host_status || hdr->driver_status)
323		hdr->info |= SG_INFO_CHECK;
324	hdr->resid = rq->data_len;
325	hdr->duration = ((jiffies - start_time) * 1000) / HZ;
326	hdr->sb_len_wr = 0;
327
328	if (rq->sense_len && hdr->sbp) {
329		int len = min((unsigned int) hdr->mx_sb_len, rq->sense_len);
330
331		if (!copy_to_user(hdr->sbp, rq->sense, len))
332			hdr->sb_len_wr = len;
333	}
334
335	if (blk_rq_unmap_user(bio, hdr->dxfer_len))
336		ret = -EFAULT;
337
338	/* may not have succeeded, but output values written to control
339	 * structure (struct sg_io_hdr).  */
340out:
341	blk_put_request(rq);
342	return ret;
343}
344
345#define OMAX_SB_LEN 16          /* For backward compatibility */
346
347static int sg_scsi_ioctl(struct file *file, request_queue_t *q,
348			 struct gendisk *bd_disk, Scsi_Ioctl_Command __user *sic)
349{
350	struct request *rq;
351	int err;
352	unsigned int in_len, out_len, bytes, opcode, cmdlen;
353	char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE];
354
355	/*
356	 * get in an out lengths, verify they don't exceed a page worth of data
357	 */
358	if (get_user(in_len, &sic->inlen))
359		return -EFAULT;
360	if (get_user(out_len, &sic->outlen))
361		return -EFAULT;
362	if (in_len > PAGE_SIZE || out_len > PAGE_SIZE)
363		return -EINVAL;
364	if (get_user(opcode, sic->data))
365		return -EFAULT;
366
367	bytes = max(in_len, out_len);
368	if (bytes) {
369		buffer = kmalloc(bytes, q->bounce_gfp | GFP_USER| __GFP_NOWARN);
370		if (!buffer)
371			return -ENOMEM;
372
373		memset(buffer, 0, bytes);
374	}
375
376	rq = blk_get_request(q, in_len ? WRITE : READ, __GFP_WAIT);
377
378	cmdlen = COMMAND_SIZE(opcode);
379
380	/*
381	 * get command and data to send to device, if any
382	 */
383	err = -EFAULT;
384	rq->cmd_len = cmdlen;
385	if (copy_from_user(rq->cmd, sic->data, cmdlen))
386		goto error;
387
388	if (copy_from_user(buffer, sic->data + cmdlen, in_len))
389		goto error;
390
391	err = verify_command(file, rq->cmd);
392	if (err)
393		goto error;
394
395	switch (opcode) {
396		case SEND_DIAGNOSTIC:
397		case FORMAT_UNIT:
398			rq->timeout = FORMAT_UNIT_TIMEOUT;
399			break;
400		case START_STOP:
401			rq->timeout = START_STOP_TIMEOUT;
402			break;
403		case MOVE_MEDIUM:
404			rq->timeout = MOVE_MEDIUM_TIMEOUT;
405			break;
406		case READ_ELEMENT_STATUS:
407			rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;
408			break;
409		case READ_DEFECT_DATA:
410			rq->timeout = READ_DEFECT_DATA_TIMEOUT;
411			break;
412		default:
413			rq->timeout = BLK_DEFAULT_TIMEOUT;
414			break;
415	}
416
417	memset(sense, 0, sizeof(sense));
418	rq->sense = sense;
419	rq->sense_len = 0;
420
421	rq->data = buffer;
422	rq->data_len = bytes;
423	rq->flags |= REQ_BLOCK_PC;
424
425	blk_execute_rq(q, bd_disk, rq, 0);
426	err = rq->errors & 0xff;	/* only 8 bit SCSI status */
427	if (err) {
428		if (rq->sense_len && rq->sense) {
429			bytes = (OMAX_SB_LEN > rq->sense_len) ?
430				rq->sense_len : OMAX_SB_LEN;
431			if (copy_to_user(sic->data, rq->sense, bytes))
432				err = -EFAULT;
433		}
434	} else {
435		if (copy_to_user(sic->data, buffer, out_len))
436			err = -EFAULT;
437	}
438	
439error:
440	kfree(buffer);
441	blk_put_request(rq);
442	return err;
443}
444
445int scsi_cmd_ioctl(struct file *file, struct gendisk *bd_disk, unsigned int cmd, void __user *arg)
446{
447	request_queue_t *q;
448	struct request *rq;
449	int close = 0, err;
450
451	q = bd_disk->queue;
452	if (!q)
453		return -ENXIO;
454
455	if (blk_get_queue(q))
456		return -ENXIO;
457
458	switch (cmd) {
459		/*
460		 * new sgv3 interface
461		 */
462		case SG_GET_VERSION_NUM:
463			err = sg_get_version(arg);
464			break;
465		case SCSI_IOCTL_GET_IDLUN:
466			err = scsi_get_idlun(q, arg);
467			break;
468		case SCSI_IOCTL_GET_BUS_NUMBER:
469			err = scsi_get_bus(q, arg);
470			break;
471		case SG_SET_TIMEOUT:
472			err = sg_set_timeout(q, arg);
473			break;
474		case SG_GET_TIMEOUT:
475			err = sg_get_timeout(q);
476			break;
477		case SG_GET_RESERVED_SIZE:
478			err = sg_get_reserved_size(q, arg);
479			break;
480		case SG_SET_RESERVED_SIZE:
481			err = sg_set_reserved_size(q, arg);
482			break;
483		case SG_EMULATED_HOST:
484			err = sg_emulated_host(q, arg);
485			break;
486		case SG_IO: {
487			struct sg_io_hdr hdr;
488
489			err = -EFAULT;
490			if (copy_from_user(&hdr, arg, sizeof(hdr)))
491				break;
492			err = sg_io(file, q, bd_disk, &hdr);
493			if (err == -EFAULT)
494				break;
495
496			if (copy_to_user(arg, &hdr, sizeof(hdr)))
497				err = -EFAULT;
498			break;
499		}
500		case CDROM_SEND_PACKET: {
501			struct cdrom_generic_command cgc;
502			struct sg_io_hdr hdr;
503
504			err = -EFAULT;
505			if (copy_from_user(&cgc, arg, sizeof(cgc)))
506				break;
507			cgc.timeout = clock_t_to_jiffies(cgc.timeout);
508			memset(&hdr, 0, sizeof(hdr));
509			hdr.interface_id = 'S';
510			hdr.cmd_len = sizeof(cgc.cmd);
511			hdr.dxfer_len = cgc.buflen;
512			err = 0;
513			switch (cgc.data_direction) {
514				case CGC_DATA_UNKNOWN:
515					hdr.dxfer_direction = SG_DXFER_UNKNOWN;
516					break;
517				case CGC_DATA_WRITE:
518					hdr.dxfer_direction = SG_DXFER_TO_DEV;
519					break;
520				case CGC_DATA_READ:
521					hdr.dxfer_direction = SG_DXFER_FROM_DEV;
522					break;
523				case CGC_DATA_NONE:
524					hdr.dxfer_direction = SG_DXFER_NONE;
525					break;
526				default:
527					err = -EINVAL;
528			}
529			if (err)
530				break;
531
532			hdr.dxferp = cgc.buffer;
533			hdr.sbp = cgc.sense;
534			if (hdr.sbp)
535				hdr.mx_sb_len = sizeof(struct request_sense);
536			hdr.timeout = cgc.timeout;
537			hdr.cmdp = ((struct cdrom_generic_command __user*) arg)->cmd;
538			hdr.cmd_len = sizeof(cgc.cmd);
539
540			err = sg_io(file, q, bd_disk, &hdr);
541			if (err == -EFAULT)
542				break;
543
544			if (hdr.status)
545				err = -EIO;
546
547			cgc.stat = err;
548			cgc.buflen = hdr.resid;
549			if (copy_to_user(arg, &cgc, sizeof(cgc)))
550				err = -EFAULT;
551
552			break;
553		}
554
555		/*
556		 * old junk scsi send command ioctl
557		 */
558		case SCSI_IOCTL_SEND_COMMAND:
559			printk(KERN_WARNING "program %s is using a deprecated SCSI ioctl, please convert it to SG_IO\n", current->comm);
560			err = -EINVAL;
561			if (!arg)
562				break;
563
564			err = sg_scsi_ioctl(file, q, bd_disk, arg);
565			break;
566		case CDROMCLOSETRAY:
567			close = 1;
568		case CDROMEJECT:
569			rq = blk_get_request(q, WRITE, __GFP_WAIT);
570			rq->flags |= REQ_BLOCK_PC;
571			rq->data = NULL;
572			rq->data_len = 0;
573			rq->timeout = BLK_DEFAULT_TIMEOUT;
574			memset(rq->cmd, 0, sizeof(rq->cmd));
575			rq->cmd[0] = GPCMD_START_STOP_UNIT;
576			rq->cmd[4] = 0x02 + (close != 0);
577			rq->cmd_len = 6;
578			err = blk_execute_rq(q, bd_disk, rq, 0);
579			blk_put_request(rq);
580			break;
581		default:
582			err = -ENOTTY;
583	}
584
585	blk_put_queue(q);
586	return err;
587}
588
589EXPORT_SYMBOL(scsi_cmd_ioctl);
Configure Feed

Configure Feed
