tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / block / scsi_ioctl.c
at v5.13 23 kB view raw
1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Copyright (C) 2001 Jens Axboe <axboe@suse.de> 4 */ 5#include <linux/compat.h> 6#include <linux/kernel.h> 7#include <linux/errno.h> 8#include <linux/string.h> 9#include <linux/module.h> 10#include <linux/blkdev.h> 11#include <linux/capability.h> 12#include <linux/completion.h> 13#include <linux/cdrom.h> 14#include <linux/ratelimit.h> 15#include <linux/slab.h> 16#include <linux/times.h> 17#include <linux/uio.h> 18#include <linux/uaccess.h> 19 20#include <scsi/scsi.h> 21#include <scsi/scsi_ioctl.h> 22#include <scsi/scsi_cmnd.h> 23#include <scsi/sg.h> 24 25struct blk_cmd_filter { 26 unsigned long read_ok[BLK_SCSI_CMD_PER_LONG]; 27 unsigned long write_ok[BLK_SCSI_CMD_PER_LONG]; 28}; 29 30static struct blk_cmd_filter blk_default_cmd_filter; 31 32/* Command group 3 is reserved and should never be used. */ 33const unsigned char scsi_command_size_tbl[8] = 34{ 35 6, 10, 10, 12, 36 16, 12, 10, 10 37}; 38EXPORT_SYMBOL(scsi_command_size_tbl); 39 40static int sg_get_version(int __user *p) 41{ 42 static const int sg_version_num = 30527; 43 return put_user(sg_version_num, p); 44} 45 46static int scsi_get_idlun(struct request_queue *q, int __user *p) 47{ 48 return put_user(0, p); 49} 50 51static int scsi_get_bus(struct request_queue *q, int __user *p) 52{ 53 return put_user(0, p); 54} 55 56static int sg_get_timeout(struct request_queue *q) 57{ 58 return jiffies_to_clock_t(q->sg_timeout); 59} 60 61static int sg_set_timeout(struct request_queue *q, int __user *p) 62{ 63 int timeout, err = get_user(timeout, p); 64 65 if (!err) 66 q->sg_timeout = clock_t_to_jiffies(timeout); 67 68 return err; 69} 70 71static int max_sectors_bytes(struct request_queue *q) 72{ 73 unsigned int max_sectors = queue_max_sectors(q); 74 75 max_sectors = min_t(unsigned int, max_sectors, INT_MAX >> 9); 76 77 return max_sectors << 9; 78} 79 80static int sg_get_reserved_size(struct request_queue *q, int __user *p) 81{ 82 int val = min_t(int, q->sg_reserved_size, max_sectors_bytes(q)); 83 84 return put_user(val, p); 85} 86 87static int sg_set_reserved_size(struct request_queue *q, int __user *p) 88{ 89 int size, err = get_user(size, p); 90 91 if (err) 92 return err; 93 94 if (size < 0) 95 return -EINVAL; 96 97 q->sg_reserved_size = min(size, max_sectors_bytes(q)); 98 return 0; 99} 100 101/* 102 * will always return that we are ATAPI even for a real SCSI drive, I'm not 103 * so sure this is worth doing anything about (why would you care??) 104 */ 105static int sg_emulated_host(struct request_queue *q, int __user *p) 106{ 107 return put_user(1, p); 108} 109 110static void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter) 111{ 112 /* Basic read-only commands */ 113 __set_bit(TEST_UNIT_READY, filter->read_ok); 114 __set_bit(REQUEST_SENSE, filter->read_ok); 115 __set_bit(READ_6, filter->read_ok); 116 __set_bit(READ_10, filter->read_ok); 117 __set_bit(READ_12, filter->read_ok); 118 __set_bit(READ_16, filter->read_ok); 119 __set_bit(READ_BUFFER, filter->read_ok); 120 __set_bit(READ_DEFECT_DATA, filter->read_ok); 121 __set_bit(READ_CAPACITY, filter->read_ok); 122 __set_bit(READ_LONG, filter->read_ok); 123 __set_bit(INQUIRY, filter->read_ok); 124 __set_bit(MODE_SENSE, filter->read_ok); 125 __set_bit(MODE_SENSE_10, filter->read_ok); 126 __set_bit(LOG_SENSE, filter->read_ok); 127 __set_bit(START_STOP, filter->read_ok); 128 __set_bit(GPCMD_VERIFY_10, filter->read_ok); 129 __set_bit(VERIFY_16, filter->read_ok); 130 __set_bit(REPORT_LUNS, filter->read_ok); 131 __set_bit(SERVICE_ACTION_IN_16, filter->read_ok); 132 __set_bit(RECEIVE_DIAGNOSTIC, filter->read_ok); 133 __set_bit(MAINTENANCE_IN, filter->read_ok); 134 __set_bit(GPCMD_READ_BUFFER_CAPACITY, filter->read_ok); 135 136 /* Audio CD commands */ 137 __set_bit(GPCMD_PLAY_CD, filter->read_ok); 138 __set_bit(GPCMD_PLAY_AUDIO_10, filter->read_ok); 139 __set_bit(GPCMD_PLAY_AUDIO_MSF, filter->read_ok); 140 __set_bit(GPCMD_PLAY_AUDIO_TI, filter->read_ok); 141 __set_bit(GPCMD_PAUSE_RESUME, filter->read_ok); 142 143 /* CD/DVD data reading */ 144 __set_bit(GPCMD_READ_CD, filter->read_ok); 145 __set_bit(GPCMD_READ_CD_MSF, filter->read_ok); 146 __set_bit(GPCMD_READ_DISC_INFO, filter->read_ok); 147 __set_bit(GPCMD_READ_CDVD_CAPACITY, filter->read_ok); 148 __set_bit(GPCMD_READ_DVD_STRUCTURE, filter->read_ok); 149 __set_bit(GPCMD_READ_HEADER, filter->read_ok); 150 __set_bit(GPCMD_READ_TRACK_RZONE_INFO, filter->read_ok); 151 __set_bit(GPCMD_READ_SUBCHANNEL, filter->read_ok); 152 __set_bit(GPCMD_READ_TOC_PMA_ATIP, filter->read_ok); 153 __set_bit(GPCMD_REPORT_KEY, filter->read_ok); 154 __set_bit(GPCMD_SCAN, filter->read_ok); 155 __set_bit(GPCMD_GET_CONFIGURATION, filter->read_ok); 156 __set_bit(GPCMD_READ_FORMAT_CAPACITIES, filter->read_ok); 157 __set_bit(GPCMD_GET_EVENT_STATUS_NOTIFICATION, filter->read_ok); 158 __set_bit(GPCMD_GET_PERFORMANCE, filter->read_ok); 159 __set_bit(GPCMD_SEEK, filter->read_ok); 160 __set_bit(GPCMD_STOP_PLAY_SCAN, filter->read_ok); 161 162 /* Basic writing commands */ 163 __set_bit(WRITE_6, filter->write_ok); 164 __set_bit(WRITE_10, filter->write_ok); 165 __set_bit(WRITE_VERIFY, filter->write_ok); 166 __set_bit(WRITE_12, filter->write_ok); 167 __set_bit(WRITE_VERIFY_12, filter->write_ok); 168 __set_bit(WRITE_16, filter->write_ok); 169 __set_bit(WRITE_LONG, filter->write_ok); 170 __set_bit(WRITE_LONG_2, filter->write_ok); 171 __set_bit(WRITE_SAME, filter->write_ok); 172 __set_bit(WRITE_SAME_16, filter->write_ok); 173 __set_bit(WRITE_SAME_32, filter->write_ok); 174 __set_bit(ERASE, filter->write_ok); 175 __set_bit(GPCMD_MODE_SELECT_10, filter->write_ok); 176 __set_bit(MODE_SELECT, filter->write_ok); 177 __set_bit(LOG_SELECT, filter->write_ok); 178 __set_bit(GPCMD_BLANK, filter->write_ok); 179 __set_bit(GPCMD_CLOSE_TRACK, filter->write_ok); 180 __set_bit(GPCMD_FLUSH_CACHE, filter->write_ok); 181 __set_bit(GPCMD_FORMAT_UNIT, filter->write_ok); 182 __set_bit(GPCMD_REPAIR_RZONE_TRACK, filter->write_ok); 183 __set_bit(GPCMD_RESERVE_RZONE_TRACK, filter->write_ok); 184 __set_bit(GPCMD_SEND_DVD_STRUCTURE, filter->write_ok); 185 __set_bit(GPCMD_SEND_EVENT, filter->write_ok); 186 __set_bit(GPCMD_SEND_KEY, filter->write_ok); 187 __set_bit(GPCMD_SEND_OPC, filter->write_ok); 188 __set_bit(GPCMD_SEND_CUE_SHEET, filter->write_ok); 189 __set_bit(GPCMD_SET_SPEED, filter->write_ok); 190 __set_bit(GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL, filter->write_ok); 191 __set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok); 192 __set_bit(GPCMD_SET_STREAMING, filter->write_ok); 193 __set_bit(GPCMD_SET_READ_AHEAD, filter->write_ok); 194 195 /* ZBC Commands */ 196 __set_bit(ZBC_OUT, filter->write_ok); 197 __set_bit(ZBC_IN, filter->read_ok); 198} 199 200int blk_verify_command(unsigned char *cmd, fmode_t mode) 201{ 202 struct blk_cmd_filter *filter = &blk_default_cmd_filter; 203 204 /* root can do any command. */ 205 if (capable(CAP_SYS_RAWIO)) 206 return 0; 207 208 /* Anybody who can open the device can do a read-safe command */ 209 if (test_bit(cmd[0], filter->read_ok)) 210 return 0; 211 212 /* Write-safe commands require a writable open */ 213 if (test_bit(cmd[0], filter->write_ok) && (mode & FMODE_WRITE)) 214 return 0; 215 216 return -EPERM; 217} 218EXPORT_SYMBOL(blk_verify_command); 219 220static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq, 221 struct sg_io_hdr *hdr, fmode_t mode) 222{ 223 struct scsi_request *req = scsi_req(rq); 224 225 if (copy_from_user(req->cmd, hdr->cmdp, hdr->cmd_len)) 226 return -EFAULT; 227 if (blk_verify_command(req->cmd, mode)) 228 return -EPERM; 229 230 /* 231 * fill in request structure 232 */ 233 req->cmd_len = hdr->cmd_len; 234 235 rq->timeout = msecs_to_jiffies(hdr->timeout); 236 if (!rq->timeout) 237 rq->timeout = q->sg_timeout; 238 if (!rq->timeout) 239 rq->timeout = BLK_DEFAULT_SG_TIMEOUT; 240 if (rq->timeout < BLK_MIN_SG_TIMEOUT) 241 rq->timeout = BLK_MIN_SG_TIMEOUT; 242 243 return 0; 244} 245 246static int blk_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr, 247 struct bio *bio) 248{ 249 struct scsi_request *req = scsi_req(rq); 250 int r, ret = 0; 251 252 /* 253 * fill in all the output members 254 */ 255 hdr->status = req->result & 0xff; 256 hdr->masked_status = status_byte(req->result); 257 hdr->msg_status = msg_byte(req->result); 258 hdr->host_status = host_byte(req->result); 259 hdr->driver_status = driver_byte(req->result); 260 hdr->info = 0; 261 if (hdr->masked_status || hdr->host_status || hdr->driver_status) 262 hdr->info |= SG_INFO_CHECK; 263 hdr->resid = req->resid_len; 264 hdr->sb_len_wr = 0; 265 266 if (req->sense_len && hdr->sbp) { 267 int len = min((unsigned int) hdr->mx_sb_len, req->sense_len); 268 269 if (!copy_to_user(hdr->sbp, req->sense, len)) 270 hdr->sb_len_wr = len; 271 else 272 ret = -EFAULT; 273 } 274 275 r = blk_rq_unmap_user(bio); 276 if (!ret) 277 ret = r; 278 279 return ret; 280} 281 282static int sg_io(struct request_queue *q, struct gendisk *bd_disk, 283 struct sg_io_hdr *hdr, fmode_t mode) 284{ 285 unsigned long start_time; 286 ssize_t ret = 0; 287 int writing = 0; 288 int at_head = 0; 289 struct request *rq; 290 struct scsi_request *req; 291 struct bio *bio; 292 293 if (hdr->interface_id != 'S') 294 return -EINVAL; 295 296 if (hdr->dxfer_len > (queue_max_hw_sectors(q) << 9)) 297 return -EIO; 298 299 if (hdr->dxfer_len) 300 switch (hdr->dxfer_direction) { 301 default: 302 return -EINVAL; 303 case SG_DXFER_TO_DEV: 304 writing = 1; 305 break; 306 case SG_DXFER_TO_FROM_DEV: 307 case SG_DXFER_FROM_DEV: 308 break; 309 } 310 if (hdr->flags & SG_FLAG_Q_AT_HEAD) 311 at_head = 1; 312 313 ret = -ENOMEM; 314 rq = blk_get_request(q, writing ? REQ_OP_SCSI_OUT : REQ_OP_SCSI_IN, 0); 315 if (IS_ERR(rq)) 316 return PTR_ERR(rq); 317 req = scsi_req(rq); 318 319 if (hdr->cmd_len > BLK_MAX_CDB) { 320 req->cmd = kzalloc(hdr->cmd_len, GFP_KERNEL); 321 if (!req->cmd) 322 goto out_put_request; 323 } 324 325 ret = blk_fill_sghdr_rq(q, rq, hdr, mode); 326 if (ret < 0) 327 goto out_free_cdb; 328 329 ret = 0; 330 if (hdr->iovec_count) { 331 struct iov_iter i; 332 struct iovec *iov = NULL; 333 334 ret = import_iovec(rq_data_dir(rq), hdr->dxferp, 335 hdr->iovec_count, 0, &iov, &i); 336 if (ret < 0) 337 goto out_free_cdb; 338 339 /* SG_IO howto says that the shorter of the two wins */ 340 iov_iter_truncate(&i, hdr->dxfer_len); 341 342 ret = blk_rq_map_user_iov(q, rq, NULL, &i, GFP_KERNEL); 343 kfree(iov); 344 } else if (hdr->dxfer_len) 345 ret = blk_rq_map_user(q, rq, NULL, hdr->dxferp, hdr->dxfer_len, 346 GFP_KERNEL); 347 348 if (ret) 349 goto out_free_cdb; 350 351 bio = rq->bio; 352 req->retries = 0; 353 354 start_time = jiffies; 355 356 blk_execute_rq(bd_disk, rq, at_head); 357 358 hdr->duration = jiffies_to_msecs(jiffies - start_time); 359 360 ret = blk_complete_sghdr_rq(rq, hdr, bio); 361 362out_free_cdb: 363 scsi_req_free_cmd(req); 364out_put_request: 365 blk_put_request(rq); 366 return ret; 367} 368 369/** 370 * sg_scsi_ioctl -- handle deprecated SCSI_IOCTL_SEND_COMMAND ioctl 371 * @q: request queue to send scsi commands down 372 * @disk: gendisk to operate on (option) 373 * @mode: mode used to open the file through which the ioctl has been 374 * submitted 375 * @sic: userspace structure describing the command to perform 376 * 377 * Send down the scsi command described by @sic to the device below 378 * the request queue @q. If @file is non-NULL it's used to perform 379 * fine-grained permission checks that allow users to send down 380 * non-destructive SCSI commands. If the caller has a struct gendisk 381 * available it should be passed in as @disk to allow the low level 382 * driver to use the information contained in it. A non-NULL @disk 383 * is only allowed if the caller knows that the low level driver doesn't 384 * need it (e.g. in the scsi subsystem). 385 * 386 * Notes: 387 * - This interface is deprecated - users should use the SG_IO 388 * interface instead, as this is a more flexible approach to 389 * performing SCSI commands on a device. 390 * - The SCSI command length is determined by examining the 1st byte 391 * of the given command. There is no way to override this. 392 * - Data transfers are limited to PAGE_SIZE 393 * - The length (x + y) must be at least OMAX_SB_LEN bytes long to 394 * accommodate the sense buffer when an error occurs. 395 * The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that 396 * old code will not be surprised. 397 * - If a Unix error occurs (e.g. ENOMEM) then the user will receive 398 * a negative return and the Unix error code in 'errno'. 399 * If the SCSI command succeeds then 0 is returned. 400 * Positive numbers returned are the compacted SCSI error codes (4 401 * bytes in one int) where the lowest byte is the SCSI status. 402 */ 403int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, 404 struct scsi_ioctl_command __user *sic) 405{ 406 enum { OMAX_SB_LEN = 16 }; /* For backward compatibility */ 407 struct request *rq; 408 struct scsi_request *req; 409 int err; 410 unsigned int in_len, out_len, bytes, opcode, cmdlen; 411 char *buffer = NULL; 412 413 if (!sic) 414 return -EINVAL; 415 416 /* 417 * get in an out lengths, verify they don't exceed a page worth of data 418 */ 419 if (get_user(in_len, &sic->inlen)) 420 return -EFAULT; 421 if (get_user(out_len, &sic->outlen)) 422 return -EFAULT; 423 if (in_len > PAGE_SIZE || out_len > PAGE_SIZE) 424 return -EINVAL; 425 if (get_user(opcode, sic->data)) 426 return -EFAULT; 427 428 bytes = max(in_len, out_len); 429 if (bytes) { 430 buffer = kzalloc(bytes, GFP_NOIO | GFP_USER | __GFP_NOWARN); 431 if (!buffer) 432 return -ENOMEM; 433 434 } 435 436 rq = blk_get_request(q, in_len ? REQ_OP_SCSI_OUT : REQ_OP_SCSI_IN, 0); 437 if (IS_ERR(rq)) { 438 err = PTR_ERR(rq); 439 goto error_free_buffer; 440 } 441 req = scsi_req(rq); 442 443 cmdlen = COMMAND_SIZE(opcode); 444 445 /* 446 * get command and data to send to device, if any 447 */ 448 err = -EFAULT; 449 req->cmd_len = cmdlen; 450 if (copy_from_user(req->cmd, sic->data, cmdlen)) 451 goto error; 452 453 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) 454 goto error; 455 456 err = blk_verify_command(req->cmd, mode); 457 if (err) 458 goto error; 459 460 /* default. possible overriden later */ 461 req->retries = 5; 462 463 switch (opcode) { 464 case SEND_DIAGNOSTIC: 465 case FORMAT_UNIT: 466 rq->timeout = FORMAT_UNIT_TIMEOUT; 467 req->retries = 1; 468 break; 469 case START_STOP: 470 rq->timeout = START_STOP_TIMEOUT; 471 break; 472 case MOVE_MEDIUM: 473 rq->timeout = MOVE_MEDIUM_TIMEOUT; 474 break; 475 case READ_ELEMENT_STATUS: 476 rq->timeout = READ_ELEMENT_STATUS_TIMEOUT; 477 break; 478 case READ_DEFECT_DATA: 479 rq->timeout = READ_DEFECT_DATA_TIMEOUT; 480 req->retries = 1; 481 break; 482 default: 483 rq->timeout = BLK_DEFAULT_SG_TIMEOUT; 484 break; 485 } 486 487 if (bytes && blk_rq_map_kern(q, rq, buffer, bytes, GFP_NOIO)) { 488 err = DRIVER_ERROR << 24; 489 goto error; 490 } 491 492 blk_execute_rq(disk, rq, 0); 493 494 err = req->result & 0xff; /* only 8 bit SCSI status */ 495 if (err) { 496 if (req->sense_len && req->sense) { 497 bytes = (OMAX_SB_LEN > req->sense_len) ? 498 req->sense_len : OMAX_SB_LEN; 499 if (copy_to_user(sic->data, req->sense, bytes)) 500 err = -EFAULT; 501 } 502 } else { 503 if (copy_to_user(sic->data, buffer, out_len)) 504 err = -EFAULT; 505 } 506 507error: 508 blk_put_request(rq); 509 510error_free_buffer: 511 kfree(buffer); 512 513 return err; 514} 515EXPORT_SYMBOL_GPL(sg_scsi_ioctl); 516 517/* Send basic block requests */ 518static int __blk_send_generic(struct request_queue *q, struct gendisk *bd_disk, 519 int cmd, int data) 520{ 521 struct request *rq; 522 int err; 523 524 rq = blk_get_request(q, REQ_OP_SCSI_OUT, 0); 525 if (IS_ERR(rq)) 526 return PTR_ERR(rq); 527 rq->timeout = BLK_DEFAULT_SG_TIMEOUT; 528 scsi_req(rq)->cmd[0] = cmd; 529 scsi_req(rq)->cmd[4] = data; 530 scsi_req(rq)->cmd_len = 6; 531 blk_execute_rq(bd_disk, rq, 0); 532 err = scsi_req(rq)->result ? -EIO : 0; 533 blk_put_request(rq); 534 535 return err; 536} 537 538static inline int blk_send_start_stop(struct request_queue *q, 539 struct gendisk *bd_disk, int data) 540{ 541 return __blk_send_generic(q, bd_disk, GPCMD_START_STOP_UNIT, data); 542} 543 544int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp) 545{ 546#ifdef CONFIG_COMPAT 547 if (in_compat_syscall()) { 548 struct compat_sg_io_hdr hdr32 = { 549 .interface_id = hdr->interface_id, 550 .dxfer_direction = hdr->dxfer_direction, 551 .cmd_len = hdr->cmd_len, 552 .mx_sb_len = hdr->mx_sb_len, 553 .iovec_count = hdr->iovec_count, 554 .dxfer_len = hdr->dxfer_len, 555 .dxferp = (uintptr_t)hdr->dxferp, 556 .cmdp = (uintptr_t)hdr->cmdp, 557 .sbp = (uintptr_t)hdr->sbp, 558 .timeout = hdr->timeout, 559 .flags = hdr->flags, 560 .pack_id = hdr->pack_id, 561 .usr_ptr = (uintptr_t)hdr->usr_ptr, 562 .status = hdr->status, 563 .masked_status = hdr->masked_status, 564 .msg_status = hdr->msg_status, 565 .sb_len_wr = hdr->sb_len_wr, 566 .host_status = hdr->host_status, 567 .driver_status = hdr->driver_status, 568 .resid = hdr->resid, 569 .duration = hdr->duration, 570 .info = hdr->info, 571 }; 572 573 if (copy_to_user(argp, &hdr32, sizeof(hdr32))) 574 return -EFAULT; 575 576 return 0; 577 } 578#endif 579 580 if (copy_to_user(argp, hdr, sizeof(*hdr))) 581 return -EFAULT; 582 583 return 0; 584} 585EXPORT_SYMBOL(put_sg_io_hdr); 586 587int get_sg_io_hdr(struct sg_io_hdr *hdr, const void __user *argp) 588{ 589#ifdef CONFIG_COMPAT 590 struct compat_sg_io_hdr hdr32; 591 592 if (in_compat_syscall()) { 593 if (copy_from_user(&hdr32, argp, sizeof(hdr32))) 594 return -EFAULT; 595 596 *hdr = (struct sg_io_hdr) { 597 .interface_id = hdr32.interface_id, 598 .dxfer_direction = hdr32.dxfer_direction, 599 .cmd_len = hdr32.cmd_len, 600 .mx_sb_len = hdr32.mx_sb_len, 601 .iovec_count = hdr32.iovec_count, 602 .dxfer_len = hdr32.dxfer_len, 603 .dxferp = compat_ptr(hdr32.dxferp), 604 .cmdp = compat_ptr(hdr32.cmdp), 605 .sbp = compat_ptr(hdr32.sbp), 606 .timeout = hdr32.timeout, 607 .flags = hdr32.flags, 608 .pack_id = hdr32.pack_id, 609 .usr_ptr = compat_ptr(hdr32.usr_ptr), 610 .status = hdr32.status, 611 .masked_status = hdr32.masked_status, 612 .msg_status = hdr32.msg_status, 613 .sb_len_wr = hdr32.sb_len_wr, 614 .host_status = hdr32.host_status, 615 .driver_status = hdr32.driver_status, 616 .resid = hdr32.resid, 617 .duration = hdr32.duration, 618 .info = hdr32.info, 619 }; 620 621 return 0; 622 } 623#endif 624 625 if (copy_from_user(hdr, argp, sizeof(*hdr))) 626 return -EFAULT; 627 628 return 0; 629} 630EXPORT_SYMBOL(get_sg_io_hdr); 631 632#ifdef CONFIG_COMPAT 633struct compat_cdrom_generic_command { 634 unsigned char cmd[CDROM_PACKET_SIZE]; 635 compat_caddr_t buffer; 636 compat_uint_t buflen; 637 compat_int_t stat; 638 compat_caddr_t sense; 639 unsigned char data_direction; 640 unsigned char pad[3]; 641 compat_int_t quiet; 642 compat_int_t timeout; 643 compat_caddr_t unused; 644}; 645#endif 646 647static int scsi_get_cdrom_generic_arg(struct cdrom_generic_command *cgc, 648 const void __user *arg) 649{ 650#ifdef CONFIG_COMPAT 651 if (in_compat_syscall()) { 652 struct compat_cdrom_generic_command cgc32; 653 654 if (copy_from_user(&cgc32, arg, sizeof(cgc32))) 655 return -EFAULT; 656 657 *cgc = (struct cdrom_generic_command) { 658 .buffer = compat_ptr(cgc32.buffer), 659 .buflen = cgc32.buflen, 660 .stat = cgc32.stat, 661 .sense = compat_ptr(cgc32.sense), 662 .data_direction = cgc32.data_direction, 663 .quiet = cgc32.quiet, 664 .timeout = cgc32.timeout, 665 .unused = compat_ptr(cgc32.unused), 666 }; 667 memcpy(&cgc->cmd, &cgc32.cmd, CDROM_PACKET_SIZE); 668 return 0; 669 } 670#endif 671 if (copy_from_user(cgc, arg, sizeof(*cgc))) 672 return -EFAULT; 673 674 return 0; 675} 676 677static int scsi_put_cdrom_generic_arg(const struct cdrom_generic_command *cgc, 678 void __user *arg) 679{ 680#ifdef CONFIG_COMPAT 681 if (in_compat_syscall()) { 682 struct compat_cdrom_generic_command cgc32 = { 683 .buffer = (uintptr_t)(cgc->buffer), 684 .buflen = cgc->buflen, 685 .stat = cgc->stat, 686 .sense = (uintptr_t)(cgc->sense), 687 .data_direction = cgc->data_direction, 688 .quiet = cgc->quiet, 689 .timeout = cgc->timeout, 690 .unused = (uintptr_t)(cgc->unused), 691 }; 692 memcpy(&cgc32.cmd, &cgc->cmd, CDROM_PACKET_SIZE); 693 694 if (copy_to_user(arg, &cgc32, sizeof(cgc32))) 695 return -EFAULT; 696 697 return 0; 698 } 699#endif 700 if (copy_to_user(arg, cgc, sizeof(*cgc))) 701 return -EFAULT; 702 703 return 0; 704} 705 706static int scsi_cdrom_send_packet(struct request_queue *q, 707 struct gendisk *bd_disk, 708 fmode_t mode, void __user *arg) 709{ 710 struct cdrom_generic_command cgc; 711 struct sg_io_hdr hdr; 712 int err; 713 714 err = scsi_get_cdrom_generic_arg(&cgc, arg); 715 if (err) 716 return err; 717 718 cgc.timeout = clock_t_to_jiffies(cgc.timeout); 719 memset(&hdr, 0, sizeof(hdr)); 720 hdr.interface_id = 'S'; 721 hdr.cmd_len = sizeof(cgc.cmd); 722 hdr.dxfer_len = cgc.buflen; 723 switch (cgc.data_direction) { 724 case CGC_DATA_UNKNOWN: 725 hdr.dxfer_direction = SG_DXFER_UNKNOWN; 726 break; 727 case CGC_DATA_WRITE: 728 hdr.dxfer_direction = SG_DXFER_TO_DEV; 729 break; 730 case CGC_DATA_READ: 731 hdr.dxfer_direction = SG_DXFER_FROM_DEV; 732 break; 733 case CGC_DATA_NONE: 734 hdr.dxfer_direction = SG_DXFER_NONE; 735 break; 736 default: 737 return -EINVAL; 738 } 739 740 hdr.dxferp = cgc.buffer; 741 hdr.sbp = cgc.sense; 742 if (hdr.sbp) 743 hdr.mx_sb_len = sizeof(struct request_sense); 744 hdr.timeout = jiffies_to_msecs(cgc.timeout); 745 hdr.cmdp = ((struct cdrom_generic_command __user*) arg)->cmd; 746 hdr.cmd_len = sizeof(cgc.cmd); 747 748 err = sg_io(q, bd_disk, &hdr, mode); 749 if (err == -EFAULT) 750 return -EFAULT; 751 752 if (hdr.status) 753 return -EIO; 754 755 cgc.stat = err; 756 cgc.buflen = hdr.resid; 757 if (scsi_put_cdrom_generic_arg(&cgc, arg)) 758 return -EFAULT; 759 760 return err; 761} 762 763int scsi_cmd_ioctl(struct request_queue *q, struct gendisk *bd_disk, fmode_t mode, 764 unsigned int cmd, void __user *arg) 765{ 766 int err; 767 768 if (!q) 769 return -ENXIO; 770 771 switch (cmd) { 772 /* 773 * new sgv3 interface 774 */ 775 case SG_GET_VERSION_NUM: 776 err = sg_get_version(arg); 777 break; 778 case SCSI_IOCTL_GET_IDLUN: 779 err = scsi_get_idlun(q, arg); 780 break; 781 case SCSI_IOCTL_GET_BUS_NUMBER: 782 err = scsi_get_bus(q, arg); 783 break; 784 case SG_SET_TIMEOUT: 785 err = sg_set_timeout(q, arg); 786 break; 787 case SG_GET_TIMEOUT: 788 err = sg_get_timeout(q); 789 break; 790 case SG_GET_RESERVED_SIZE: 791 err = sg_get_reserved_size(q, arg); 792 break; 793 case SG_SET_RESERVED_SIZE: 794 err = sg_set_reserved_size(q, arg); 795 break; 796 case SG_EMULATED_HOST: 797 err = sg_emulated_host(q, arg); 798 break; 799 case SG_IO: { 800 struct sg_io_hdr hdr; 801 802 err = get_sg_io_hdr(&hdr, arg); 803 if (err) 804 break; 805 err = sg_io(q, bd_disk, &hdr, mode); 806 if (err == -EFAULT) 807 break; 808 809 if (put_sg_io_hdr(&hdr, arg)) 810 err = -EFAULT; 811 break; 812 } 813 case CDROM_SEND_PACKET: 814 err = scsi_cdrom_send_packet(q, bd_disk, mode, arg); 815 break; 816 817 /* 818 * old junk scsi send command ioctl 819 */ 820 case SCSI_IOCTL_SEND_COMMAND: 821 printk(KERN_WARNING "program %s is using a deprecated SCSI ioctl, please convert it to SG_IO\n", current->comm); 822 err = -EINVAL; 823 if (!arg) 824 break; 825 826 err = sg_scsi_ioctl(q, bd_disk, mode, arg); 827 break; 828 case CDROMCLOSETRAY: 829 err = blk_send_start_stop(q, bd_disk, 0x03); 830 break; 831 case CDROMEJECT: 832 err = blk_send_start_stop(q, bd_disk, 0x02); 833 break; 834 default: 835 err = -ENOTTY; 836 } 837 838 return err; 839} 840EXPORT_SYMBOL(scsi_cmd_ioctl); 841 842int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd) 843{ 844 if (bd && !bdev_is_partition(bd)) 845 return 0; 846 847 if (capable(CAP_SYS_RAWIO)) 848 return 0; 849 850 return -ENOIOCTLCMD; 851} 852EXPORT_SYMBOL(scsi_verify_blk_ioctl); 853 854int scsi_cmd_blk_ioctl(struct block_device *bd, fmode_t mode, 855 unsigned int cmd, void __user *arg) 856{ 857 int ret; 858 859 ret = scsi_verify_blk_ioctl(bd, cmd); 860 if (ret < 0) 861 return ret; 862 863 return scsi_cmd_ioctl(bd->bd_disk->queue, bd->bd_disk, mode, cmd, arg); 864} 865EXPORT_SYMBOL(scsi_cmd_blk_ioctl); 866 867/** 868 * scsi_req_init - initialize certain fields of a scsi_request structure 869 * @req: Pointer to a scsi_request structure. 870 * Initializes .__cmd[], .cmd, .cmd_len and .sense_len but no other members 871 * of struct scsi_request. 872 */ 873void scsi_req_init(struct scsi_request *req) 874{ 875 memset(req->__cmd, 0, sizeof(req->__cmd)); 876 req->cmd = req->__cmd; 877 req->cmd_len = BLK_MAX_CDB; 878 req->sense_len = 0; 879} 880EXPORT_SYMBOL(scsi_req_init); 881 882static int __init blk_scsi_ioctl_init(void) 883{ 884 blk_set_cmd_filter_defaults(&blk_default_cmd_filter); 885 return 0; 886} 887fs_initcall(blk_scsi_ioctl_init);