tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork

Configure Feed

Select the types of activity you want to include in your feed.

kernel / block / scsi_ioctl.c
at v3.9 753 lines 20 kB view raw
1/* 2 * Copyright (C) 2001 Jens Axboe <axboe@suse.de> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License version 2 as 6 * published by the Free Software Foundation. 7 * 8 * This program is distributed in the hope that it will be useful, 9 * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 * 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public Licens 15 * along with this program; if not, write to the Free Software 16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111- 17 * 18 */ 19#include <linux/kernel.h> 20#include <linux/errno.h> 21#include <linux/string.h> 22#include <linux/module.h> 23#include <linux/blkdev.h> 24#include <linux/capability.h> 25#include <linux/completion.h> 26#include <linux/cdrom.h> 27#include <linux/ratelimit.h> 28#include <linux/slab.h> 29#include <linux/times.h> 30#include <asm/uaccess.h> 31 32#include <scsi/scsi.h> 33#include <scsi/scsi_ioctl.h> 34#include <scsi/scsi_cmnd.h> 35 36struct blk_cmd_filter { 37 unsigned long read_ok[BLK_SCSI_CMD_PER_LONG]; 38 unsigned long write_ok[BLK_SCSI_CMD_PER_LONG]; 39}; 40 41static struct blk_cmd_filter blk_default_cmd_filter; 42 43/* Command group 3 is reserved and should never be used. */ 44const unsigned char scsi_command_size_tbl[8] = 45{ 46 6, 10, 10, 12, 47 16, 12, 10, 10 48}; 49EXPORT_SYMBOL(scsi_command_size_tbl); 50 51#include <scsi/sg.h> 52 53static int sg_get_version(int __user *p) 54{ 55 static const int sg_version_num = 30527; 56 return put_user(sg_version_num, p); 57} 58 59static int scsi_get_idlun(struct request_queue *q, int __user *p) 60{ 61 return put_user(0, p); 62} 63 64static int scsi_get_bus(struct request_queue *q, int __user *p) 65{ 66 return put_user(0, p); 67} 68 69static int sg_get_timeout(struct request_queue *q) 70{ 71 return jiffies_to_clock_t(q->sg_timeout); 72} 73 74static int sg_set_timeout(struct request_queue *q, int __user *p) 75{ 76 int timeout, err = get_user(timeout, p); 77 78 if (!err) 79 q->sg_timeout = clock_t_to_jiffies(timeout); 80 81 return err; 82} 83 84static int sg_get_reserved_size(struct request_queue *q, int __user *p) 85{ 86 unsigned val = min(q->sg_reserved_size, queue_max_sectors(q) << 9); 87 88 return put_user(val, p); 89} 90 91static int sg_set_reserved_size(struct request_queue *q, int __user *p) 92{ 93 int size, err = get_user(size, p); 94 95 if (err) 96 return err; 97 98 if (size < 0) 99 return -EINVAL; 100 if (size > (queue_max_sectors(q) << 9)) 101 size = queue_max_sectors(q) << 9; 102 103 q->sg_reserved_size = size; 104 return 0; 105} 106 107/* 108 * will always return that we are ATAPI even for a real SCSI drive, I'm not 109 * so sure this is worth doing anything about (why would you care??) 110 */ 111static int sg_emulated_host(struct request_queue *q, int __user *p) 112{ 113 return put_user(1, p); 114} 115 116static void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter) 117{ 118 /* Basic read-only commands */ 119 __set_bit(TEST_UNIT_READY, filter->read_ok); 120 __set_bit(REQUEST_SENSE, filter->read_ok); 121 __set_bit(READ_6, filter->read_ok); 122 __set_bit(READ_10, filter->read_ok); 123 __set_bit(READ_12, filter->read_ok); 124 __set_bit(READ_16, filter->read_ok); 125 __set_bit(READ_BUFFER, filter->read_ok); 126 __set_bit(READ_DEFECT_DATA, filter->read_ok); 127 __set_bit(READ_CAPACITY, filter->read_ok); 128 __set_bit(READ_LONG, filter->read_ok); 129 __set_bit(INQUIRY, filter->read_ok); 130 __set_bit(MODE_SENSE, filter->read_ok); 131 __set_bit(MODE_SENSE_10, filter->read_ok); 132 __set_bit(LOG_SENSE, filter->read_ok); 133 __set_bit(START_STOP, filter->read_ok); 134 __set_bit(GPCMD_VERIFY_10, filter->read_ok); 135 __set_bit(VERIFY_16, filter->read_ok); 136 __set_bit(REPORT_LUNS, filter->read_ok); 137 __set_bit(SERVICE_ACTION_IN, filter->read_ok); 138 __set_bit(RECEIVE_DIAGNOSTIC, filter->read_ok); 139 __set_bit(MAINTENANCE_IN, filter->read_ok); 140 __set_bit(GPCMD_READ_BUFFER_CAPACITY, filter->read_ok); 141 142 /* Audio CD commands */ 143 __set_bit(GPCMD_PLAY_CD, filter->read_ok); 144 __set_bit(GPCMD_PLAY_AUDIO_10, filter->read_ok); 145 __set_bit(GPCMD_PLAY_AUDIO_MSF, filter->read_ok); 146 __set_bit(GPCMD_PLAY_AUDIO_TI, filter->read_ok); 147 __set_bit(GPCMD_PAUSE_RESUME, filter->read_ok); 148 149 /* CD/DVD data reading */ 150 __set_bit(GPCMD_READ_CD, filter->read_ok); 151 __set_bit(GPCMD_READ_CD_MSF, filter->read_ok); 152 __set_bit(GPCMD_READ_DISC_INFO, filter->read_ok); 153 __set_bit(GPCMD_READ_CDVD_CAPACITY, filter->read_ok); 154 __set_bit(GPCMD_READ_DVD_STRUCTURE, filter->read_ok); 155 __set_bit(GPCMD_READ_HEADER, filter->read_ok); 156 __set_bit(GPCMD_READ_TRACK_RZONE_INFO, filter->read_ok); 157 __set_bit(GPCMD_READ_SUBCHANNEL, filter->read_ok); 158 __set_bit(GPCMD_READ_TOC_PMA_ATIP, filter->read_ok); 159 __set_bit(GPCMD_REPORT_KEY, filter->read_ok); 160 __set_bit(GPCMD_SCAN, filter->read_ok); 161 __set_bit(GPCMD_GET_CONFIGURATION, filter->read_ok); 162 __set_bit(GPCMD_READ_FORMAT_CAPACITIES, filter->read_ok); 163 __set_bit(GPCMD_GET_EVENT_STATUS_NOTIFICATION, filter->read_ok); 164 __set_bit(GPCMD_GET_PERFORMANCE, filter->read_ok); 165 __set_bit(GPCMD_SEEK, filter->read_ok); 166 __set_bit(GPCMD_STOP_PLAY_SCAN, filter->read_ok); 167 168 /* Basic writing commands */ 169 __set_bit(WRITE_6, filter->write_ok); 170 __set_bit(WRITE_10, filter->write_ok); 171 __set_bit(WRITE_VERIFY, filter->write_ok); 172 __set_bit(WRITE_12, filter->write_ok); 173 __set_bit(WRITE_VERIFY_12, filter->write_ok); 174 __set_bit(WRITE_16, filter->write_ok); 175 __set_bit(WRITE_LONG, filter->write_ok); 176 __set_bit(WRITE_LONG_2, filter->write_ok); 177 __set_bit(ERASE, filter->write_ok); 178 __set_bit(GPCMD_MODE_SELECT_10, filter->write_ok); 179 __set_bit(MODE_SELECT, filter->write_ok); 180 __set_bit(LOG_SELECT, filter->write_ok); 181 __set_bit(GPCMD_BLANK, filter->write_ok); 182 __set_bit(GPCMD_CLOSE_TRACK, filter->write_ok); 183 __set_bit(GPCMD_FLUSH_CACHE, filter->write_ok); 184 __set_bit(GPCMD_FORMAT_UNIT, filter->write_ok); 185 __set_bit(GPCMD_REPAIR_RZONE_TRACK, filter->write_ok); 186 __set_bit(GPCMD_RESERVE_RZONE_TRACK, filter->write_ok); 187 __set_bit(GPCMD_SEND_DVD_STRUCTURE, filter->write_ok); 188 __set_bit(GPCMD_SEND_EVENT, filter->write_ok); 189 __set_bit(GPCMD_SEND_KEY, filter->write_ok); 190 __set_bit(GPCMD_SEND_OPC, filter->write_ok); 191 __set_bit(GPCMD_SEND_CUE_SHEET, filter->write_ok); 192 __set_bit(GPCMD_SET_SPEED, filter->write_ok); 193 __set_bit(GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL, filter->write_ok); 194 __set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok); 195 __set_bit(GPCMD_SET_STREAMING, filter->write_ok); 196 __set_bit(GPCMD_SET_READ_AHEAD, filter->write_ok); 197} 198 199int blk_verify_command(unsigned char *cmd, fmode_t has_write_perm) 200{ 201 struct blk_cmd_filter *filter = &blk_default_cmd_filter; 202 203 /* root can do any command. */ 204 if (capable(CAP_SYS_RAWIO)) 205 return 0; 206 207 /* if there's no filter set, assume we're filtering everything out */ 208 if (!filter) 209 return -EPERM; 210 211 /* Anybody who can open the device can do a read-safe command */ 212 if (test_bit(cmd[0], filter->read_ok)) 213 return 0; 214 215 /* Write-safe commands require a writable open */ 216 if (test_bit(cmd[0], filter->write_ok) && has_write_perm) 217 return 0; 218 219 return -EPERM; 220} 221EXPORT_SYMBOL(blk_verify_command); 222 223static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq, 224 struct sg_io_hdr *hdr, fmode_t mode) 225{ 226 if (copy_from_user(rq->cmd, hdr->cmdp, hdr->cmd_len)) 227 return -EFAULT; 228 if (blk_verify_command(rq->cmd, mode & FMODE_WRITE)) 229 return -EPERM; 230 231 /* 232 * fill in request structure 233 */ 234 rq->cmd_len = hdr->cmd_len; 235 rq->cmd_type = REQ_TYPE_BLOCK_PC; 236 237 rq->timeout = msecs_to_jiffies(hdr->timeout); 238 if (!rq->timeout) 239 rq->timeout = q->sg_timeout; 240 if (!rq->timeout) 241 rq->timeout = BLK_DEFAULT_SG_TIMEOUT; 242 if (rq->timeout < BLK_MIN_SG_TIMEOUT) 243 rq->timeout = BLK_MIN_SG_TIMEOUT; 244 245 return 0; 246} 247 248static int blk_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr, 249 struct bio *bio) 250{ 251 int r, ret = 0; 252 253 /* 254 * fill in all the output members 255 */ 256 hdr->status = rq->errors & 0xff; 257 hdr->masked_status = status_byte(rq->errors); 258 hdr->msg_status = msg_byte(rq->errors); 259 hdr->host_status = host_byte(rq->errors); 260 hdr->driver_status = driver_byte(rq->errors); 261 hdr->info = 0; 262 if (hdr->masked_status || hdr->host_status || hdr->driver_status) 263 hdr->info |= SG_INFO_CHECK; 264 hdr->resid = rq->resid_len; 265 hdr->sb_len_wr = 0; 266 267 if (rq->sense_len && hdr->sbp) { 268 int len = min((unsigned int) hdr->mx_sb_len, rq->sense_len); 269 270 if (!copy_to_user(hdr->sbp, rq->sense, len)) 271 hdr->sb_len_wr = len; 272 else 273 ret = -EFAULT; 274 } 275 276 r = blk_rq_unmap_user(bio); 277 if (!ret) 278 ret = r; 279 blk_put_request(rq); 280 281 return ret; 282} 283 284static int sg_io(struct request_queue *q, struct gendisk *bd_disk, 285 struct sg_io_hdr *hdr, fmode_t mode) 286{ 287 unsigned long start_time; 288 int writing = 0, ret = 0; 289 struct request *rq; 290 char sense[SCSI_SENSE_BUFFERSIZE]; 291 struct bio *bio; 292 293 if (hdr->interface_id != 'S') 294 return -EINVAL; 295 if (hdr->cmd_len > BLK_MAX_CDB) 296 return -EINVAL; 297 298 if (hdr->dxfer_len > (queue_max_hw_sectors(q) << 9)) 299 return -EIO; 300 301 if (hdr->dxfer_len) 302 switch (hdr->dxfer_direction) { 303 default: 304 return -EINVAL; 305 case SG_DXFER_TO_DEV: 306 writing = 1; 307 break; 308 case SG_DXFER_TO_FROM_DEV: 309 case SG_DXFER_FROM_DEV: 310 break; 311 } 312 313 rq = blk_get_request(q, writing ? WRITE : READ, GFP_KERNEL); 314 if (!rq) 315 return -ENOMEM; 316 317 if (blk_fill_sghdr_rq(q, rq, hdr, mode)) { 318 blk_put_request(rq); 319 return -EFAULT; 320 } 321 322 if (hdr->iovec_count) { 323 const int size = sizeof(struct sg_iovec) * hdr->iovec_count; 324 size_t iov_data_len; 325 struct sg_iovec *sg_iov; 326 struct iovec *iov; 327 int i; 328 329 sg_iov = kmalloc(size, GFP_KERNEL); 330 if (!sg_iov) { 331 ret = -ENOMEM; 332 goto out; 333 } 334 335 if (copy_from_user(sg_iov, hdr->dxferp, size)) { 336 kfree(sg_iov); 337 ret = -EFAULT; 338 goto out; 339 } 340 341 /* 342 * Sum up the vecs, making sure they don't overflow 343 */ 344 iov = (struct iovec *) sg_iov; 345 iov_data_len = 0; 346 for (i = 0; i < hdr->iovec_count; i++) { 347 if (iov_data_len + iov[i].iov_len < iov_data_len) { 348 kfree(sg_iov); 349 ret = -EINVAL; 350 goto out; 351 } 352 iov_data_len += iov[i].iov_len; 353 } 354 355 /* SG_IO howto says that the shorter of the two wins */ 356 if (hdr->dxfer_len < iov_data_len) { 357 hdr->iovec_count = iov_shorten(iov, 358 hdr->iovec_count, 359 hdr->dxfer_len); 360 iov_data_len = hdr->dxfer_len; 361 } 362 363 ret = blk_rq_map_user_iov(q, rq, NULL, sg_iov, hdr->iovec_count, 364 iov_data_len, GFP_KERNEL); 365 kfree(sg_iov); 366 } else if (hdr->dxfer_len) 367 ret = blk_rq_map_user(q, rq, NULL, hdr->dxferp, hdr->dxfer_len, 368 GFP_KERNEL); 369 370 if (ret) 371 goto out; 372 373 bio = rq->bio; 374 memset(sense, 0, sizeof(sense)); 375 rq->sense = sense; 376 rq->sense_len = 0; 377 rq->retries = 0; 378 379 start_time = jiffies; 380 381 /* ignore return value. All information is passed back to caller 382 * (if he doesn't check that is his problem). 383 * N.B. a non-zero SCSI status is _not_ necessarily an error. 384 */ 385 blk_execute_rq(q, bd_disk, rq, 0); 386 387 hdr->duration = jiffies_to_msecs(jiffies - start_time); 388 389 return blk_complete_sghdr_rq(rq, hdr, bio); 390out: 391 blk_put_request(rq); 392 return ret; 393} 394 395/** 396 * sg_scsi_ioctl -- handle deprecated SCSI_IOCTL_SEND_COMMAND ioctl 397 * @file: file this ioctl operates on (optional) 398 * @q: request queue to send scsi commands down 399 * @disk: gendisk to operate on (option) 400 * @sic: userspace structure describing the command to perform 401 * 402 * Send down the scsi command described by @sic to the device below 403 * the request queue @q. If @file is non-NULL it's used to perform 404 * fine-grained permission checks that allow users to send down 405 * non-destructive SCSI commands. If the caller has a struct gendisk 406 * available it should be passed in as @disk to allow the low level 407 * driver to use the information contained in it. A non-NULL @disk 408 * is only allowed if the caller knows that the low level driver doesn't 409 * need it (e.g. in the scsi subsystem). 410 * 411 * Notes: 412 * - This interface is deprecated - users should use the SG_IO 413 * interface instead, as this is a more flexible approach to 414 * performing SCSI commands on a device. 415 * - The SCSI command length is determined by examining the 1st byte 416 * of the given command. There is no way to override this. 417 * - Data transfers are limited to PAGE_SIZE 418 * - The length (x + y) must be at least OMAX_SB_LEN bytes long to 419 * accommodate the sense buffer when an error occurs. 420 * The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that 421 * old code will not be surprised. 422 * - If a Unix error occurs (e.g. ENOMEM) then the user will receive 423 * a negative return and the Unix error code in 'errno'. 424 * If the SCSI command succeeds then 0 is returned. 425 * Positive numbers returned are the compacted SCSI error codes (4 426 * bytes in one int) where the lowest byte is the SCSI status. 427 */ 428#define OMAX_SB_LEN 16 /* For backward compatibility */ 429int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, 430 struct scsi_ioctl_command __user *sic) 431{ 432 struct request *rq; 433 int err; 434 unsigned int in_len, out_len, bytes, opcode, cmdlen; 435 char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE]; 436 437 if (!sic) 438 return -EINVAL; 439 440 /* 441 * get in an out lengths, verify they don't exceed a page worth of data 442 */ 443 if (get_user(in_len, &sic->inlen)) 444 return -EFAULT; 445 if (get_user(out_len, &sic->outlen)) 446 return -EFAULT; 447 if (in_len > PAGE_SIZE || out_len > PAGE_SIZE) 448 return -EINVAL; 449 if (get_user(opcode, sic->data)) 450 return -EFAULT; 451 452 bytes = max(in_len, out_len); 453 if (bytes) { 454 buffer = kzalloc(bytes, q->bounce_gfp | GFP_USER| __GFP_NOWARN); 455 if (!buffer) 456 return -ENOMEM; 457 458 } 459 460 rq = blk_get_request(q, in_len ? WRITE : READ, __GFP_WAIT); 461 462 cmdlen = COMMAND_SIZE(opcode); 463 464 /* 465 * get command and data to send to device, if any 466 */ 467 err = -EFAULT; 468 rq->cmd_len = cmdlen; 469 if (copy_from_user(rq->cmd, sic->data, cmdlen)) 470 goto error; 471 472 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) 473 goto error; 474 475 err = blk_verify_command(rq->cmd, mode & FMODE_WRITE); 476 if (err) 477 goto error; 478 479 /* default. possible overriden later */ 480 rq->retries = 5; 481 482 switch (opcode) { 483 case SEND_DIAGNOSTIC: 484 case FORMAT_UNIT: 485 rq->timeout = FORMAT_UNIT_TIMEOUT; 486 rq->retries = 1; 487 break; 488 case START_STOP: 489 rq->timeout = START_STOP_TIMEOUT; 490 break; 491 case MOVE_MEDIUM: 492 rq->timeout = MOVE_MEDIUM_TIMEOUT; 493 break; 494 case READ_ELEMENT_STATUS: 495 rq->timeout = READ_ELEMENT_STATUS_TIMEOUT; 496 break; 497 case READ_DEFECT_DATA: 498 rq->timeout = READ_DEFECT_DATA_TIMEOUT; 499 rq->retries = 1; 500 break; 501 default: 502 rq->timeout = BLK_DEFAULT_SG_TIMEOUT; 503 break; 504 } 505 506 if (bytes && blk_rq_map_kern(q, rq, buffer, bytes, __GFP_WAIT)) { 507 err = DRIVER_ERROR << 24; 508 goto out; 509 } 510 511 memset(sense, 0, sizeof(sense)); 512 rq->sense = sense; 513 rq->sense_len = 0; 514 rq->cmd_type = REQ_TYPE_BLOCK_PC; 515 516 blk_execute_rq(q, disk, rq, 0); 517 518out: 519 err = rq->errors & 0xff; /* only 8 bit SCSI status */ 520 if (err) { 521 if (rq->sense_len && rq->sense) { 522 bytes = (OMAX_SB_LEN > rq->sense_len) ? 523 rq->sense_len : OMAX_SB_LEN; 524 if (copy_to_user(sic->data, rq->sense, bytes)) 525 err = -EFAULT; 526 } 527 } else { 528 if (copy_to_user(sic->data, buffer, out_len)) 529 err = -EFAULT; 530 } 531 532error: 533 kfree(buffer); 534 blk_put_request(rq); 535 return err; 536} 537EXPORT_SYMBOL_GPL(sg_scsi_ioctl); 538 539/* Send basic block requests */ 540static int __blk_send_generic(struct request_queue *q, struct gendisk *bd_disk, 541 int cmd, int data) 542{ 543 struct request *rq; 544 int err; 545 546 rq = blk_get_request(q, WRITE, __GFP_WAIT); 547 rq->cmd_type = REQ_TYPE_BLOCK_PC; 548 rq->timeout = BLK_DEFAULT_SG_TIMEOUT; 549 rq->cmd[0] = cmd; 550 rq->cmd[4] = data; 551 rq->cmd_len = 6; 552 err = blk_execute_rq(q, bd_disk, rq, 0); 553 blk_put_request(rq); 554 555 return err; 556} 557 558static inline int blk_send_start_stop(struct request_queue *q, 559 struct gendisk *bd_disk, int data) 560{ 561 return __blk_send_generic(q, bd_disk, GPCMD_START_STOP_UNIT, data); 562} 563 564int scsi_cmd_ioctl(struct request_queue *q, struct gendisk *bd_disk, fmode_t mode, 565 unsigned int cmd, void __user *arg) 566{ 567 int err; 568 569 if (!q) 570 return -ENXIO; 571 572 switch (cmd) { 573 /* 574 * new sgv3 interface 575 */ 576 case SG_GET_VERSION_NUM: 577 err = sg_get_version(arg); 578 break; 579 case SCSI_IOCTL_GET_IDLUN: 580 err = scsi_get_idlun(q, arg); 581 break; 582 case SCSI_IOCTL_GET_BUS_NUMBER: 583 err = scsi_get_bus(q, arg); 584 break; 585 case SG_SET_TIMEOUT: 586 err = sg_set_timeout(q, arg); 587 break; 588 case SG_GET_TIMEOUT: 589 err = sg_get_timeout(q); 590 break; 591 case SG_GET_RESERVED_SIZE: 592 err = sg_get_reserved_size(q, arg); 593 break; 594 case SG_SET_RESERVED_SIZE: 595 err = sg_set_reserved_size(q, arg); 596 break; 597 case SG_EMULATED_HOST: 598 err = sg_emulated_host(q, arg); 599 break; 600 case SG_IO: { 601 struct sg_io_hdr hdr; 602 603 err = -EFAULT; 604 if (copy_from_user(&hdr, arg, sizeof(hdr))) 605 break; 606 err = sg_io(q, bd_disk, &hdr, mode); 607 if (err == -EFAULT) 608 break; 609 610 if (copy_to_user(arg, &hdr, sizeof(hdr))) 611 err = -EFAULT; 612 break; 613 } 614 case CDROM_SEND_PACKET: { 615 struct cdrom_generic_command cgc; 616 struct sg_io_hdr hdr; 617 618 err = -EFAULT; 619 if (copy_from_user(&cgc, arg, sizeof(cgc))) 620 break; 621 cgc.timeout = clock_t_to_jiffies(cgc.timeout); 622 memset(&hdr, 0, sizeof(hdr)); 623 hdr.interface_id = 'S'; 624 hdr.cmd_len = sizeof(cgc.cmd); 625 hdr.dxfer_len = cgc.buflen; 626 err = 0; 627 switch (cgc.data_direction) { 628 case CGC_DATA_UNKNOWN: 629 hdr.dxfer_direction = SG_DXFER_UNKNOWN; 630 break; 631 case CGC_DATA_WRITE: 632 hdr.dxfer_direction = SG_DXFER_TO_DEV; 633 break; 634 case CGC_DATA_READ: 635 hdr.dxfer_direction = SG_DXFER_FROM_DEV; 636 break; 637 case CGC_DATA_NONE: 638 hdr.dxfer_direction = SG_DXFER_NONE; 639 break; 640 default: 641 err = -EINVAL; 642 } 643 if (err) 644 break; 645 646 hdr.dxferp = cgc.buffer; 647 hdr.sbp = cgc.sense; 648 if (hdr.sbp) 649 hdr.mx_sb_len = sizeof(struct request_sense); 650 hdr.timeout = jiffies_to_msecs(cgc.timeout); 651 hdr.cmdp = ((struct cdrom_generic_command __user*) arg)->cmd; 652 hdr.cmd_len = sizeof(cgc.cmd); 653 654 err = sg_io(q, bd_disk, &hdr, mode); 655 if (err == -EFAULT) 656 break; 657 658 if (hdr.status) 659 err = -EIO; 660 661 cgc.stat = err; 662 cgc.buflen = hdr.resid; 663 if (copy_to_user(arg, &cgc, sizeof(cgc))) 664 err = -EFAULT; 665 666 break; 667 } 668 669 /* 670 * old junk scsi send command ioctl 671 */ 672 case SCSI_IOCTL_SEND_COMMAND: 673 printk(KERN_WARNING "program %s is using a deprecated SCSI ioctl, please convert it to SG_IO\n", current->comm); 674 err = -EINVAL; 675 if (!arg) 676 break; 677 678 err = sg_scsi_ioctl(q, bd_disk, mode, arg); 679 break; 680 case CDROMCLOSETRAY: 681 err = blk_send_start_stop(q, bd_disk, 0x03); 682 break; 683 case CDROMEJECT: 684 err = blk_send_start_stop(q, bd_disk, 0x02); 685 break; 686 default: 687 err = -ENOTTY; 688 } 689 690 return err; 691} 692EXPORT_SYMBOL(scsi_cmd_ioctl); 693 694int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd) 695{ 696 if (bd && bd == bd->bd_contains) 697 return 0; 698 699 /* Actually none of these is particularly useful on a partition, 700 * but they are safe. 701 */ 702 switch (cmd) { 703 case SCSI_IOCTL_GET_IDLUN: 704 case SCSI_IOCTL_GET_BUS_NUMBER: 705 case SCSI_IOCTL_GET_PCI: 706 case SCSI_IOCTL_PROBE_HOST: 707 case SG_GET_VERSION_NUM: 708 case SG_SET_TIMEOUT: 709 case SG_GET_TIMEOUT: 710 case SG_GET_RESERVED_SIZE: 711 case SG_SET_RESERVED_SIZE: 712 case SG_EMULATED_HOST: 713 return 0; 714 case CDROM_GET_CAPABILITY: 715 /* Keep this until we remove the printk below. udev sends it 716 * and we do not want to spam dmesg about it. CD-ROMs do 717 * not have partitions, so we get here only for disks. 718 */ 719 return -ENOIOCTLCMD; 720 default: 721 break; 722 } 723 724 if (capable(CAP_SYS_RAWIO)) 725 return 0; 726 727 /* In particular, rule out all resets and host-specific ioctls. */ 728 printk_ratelimited(KERN_WARNING 729 "%s: sending ioctl %x to a partition!\n", current->comm, cmd); 730 731 return -ENOIOCTLCMD; 732} 733EXPORT_SYMBOL(scsi_verify_blk_ioctl); 734 735int scsi_cmd_blk_ioctl(struct block_device *bd, fmode_t mode, 736 unsigned int cmd, void __user *arg) 737{ 738 int ret; 739 740 ret = scsi_verify_blk_ioctl(bd, cmd); 741 if (ret < 0) 742 return ret; 743 744 return scsi_cmd_ioctl(bd->bd_disk->queue, bd->bd_disk, mode, cmd, arg); 745} 746EXPORT_SYMBOL(scsi_cmd_blk_ioctl); 747 748static int __init blk_scsi_ioctl_init(void) 749{ 750 blk_set_cmd_filter_defaults(&blk_default_cmd_filter); 751 return 0; 752} 753fs_initcall(blk_scsi_ioctl_init);