block/scsi_ioctl.c at v5.5 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / block / scsi_ioctl.c
at v5.5 23 kB view raw
  1// SPDX-License-Identifier: GPL-2.0
  2/*
  3 * Copyright (C) 2001 Jens Axboe <axboe@suse.de>
  4 */
  5#include <linux/compat.h>
  6#include <linux/kernel.h>
  7#include <linux/errno.h>
  8#include <linux/string.h>
  9#include <linux/module.h>
 10#include <linux/blkdev.h>
 11#include <linux/capability.h>
 12#include <linux/completion.h>
 13#include <linux/cdrom.h>
 14#include <linux/ratelimit.h>
 15#include <linux/slab.h>
 16#include <linux/times.h>
 17#include <linux/uio.h>
 18#include <linux/uaccess.h>
 19
 20#include <scsi/scsi.h>
 21#include <scsi/scsi_ioctl.h>
 22#include <scsi/scsi_cmnd.h>
 23
 24struct blk_cmd_filter {
 25	unsigned long read_ok[BLK_SCSI_CMD_PER_LONG];
 26	unsigned long write_ok[BLK_SCSI_CMD_PER_LONG];
 27};
 28
 29static struct blk_cmd_filter blk_default_cmd_filter;
 30
 31/* Command group 3 is reserved and should never be used.  */
 32const unsigned char scsi_command_size_tbl[8] =
 33{
 34	6, 10, 10, 12,
 35	16, 12, 10, 10
 36};
 37EXPORT_SYMBOL(scsi_command_size_tbl);
 38
 39#include <scsi/sg.h>
 40
 41static int sg_get_version(int __user *p)
 42{
 43	static const int sg_version_num = 30527;
 44	return put_user(sg_version_num, p);
 45}
 46
 47static int scsi_get_idlun(struct request_queue *q, int __user *p)
 48{
 49	return put_user(0, p);
 50}
 51
 52static int scsi_get_bus(struct request_queue *q, int __user *p)
 53{
 54	return put_user(0, p);
 55}
 56
 57static int sg_get_timeout(struct request_queue *q)
 58{
 59	return jiffies_to_clock_t(q->sg_timeout);
 60}
 61
 62static int sg_set_timeout(struct request_queue *q, int __user *p)
 63{
 64	int timeout, err = get_user(timeout, p);
 65
 66	if (!err)
 67		q->sg_timeout = clock_t_to_jiffies(timeout);
 68
 69	return err;
 70}
 71
 72static int max_sectors_bytes(struct request_queue *q)
 73{
 74	unsigned int max_sectors = queue_max_sectors(q);
 75
 76	max_sectors = min_t(unsigned int, max_sectors, INT_MAX >> 9);
 77
 78	return max_sectors << 9;
 79}
 80
 81static int sg_get_reserved_size(struct request_queue *q, int __user *p)
 82{
 83	int val = min_t(int, q->sg_reserved_size, max_sectors_bytes(q));
 84
 85	return put_user(val, p);
 86}
 87
 88static int sg_set_reserved_size(struct request_queue *q, int __user *p)
 89{
 90	int size, err = get_user(size, p);
 91
 92	if (err)
 93		return err;
 94
 95	if (size < 0)
 96		return -EINVAL;
 97
 98	q->sg_reserved_size = min(size, max_sectors_bytes(q));
 99	return 0;
100}
101
102/*
103 * will always return that we are ATAPI even for a real SCSI drive, I'm not
104 * so sure this is worth doing anything about (why would you care??)
105 */
106static int sg_emulated_host(struct request_queue *q, int __user *p)
107{
108	return put_user(1, p);
109}
110
111static void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter)
112{
113	/* Basic read-only commands */
114	__set_bit(TEST_UNIT_READY, filter->read_ok);
115	__set_bit(REQUEST_SENSE, filter->read_ok);
116	__set_bit(READ_6, filter->read_ok);
117	__set_bit(READ_10, filter->read_ok);
118	__set_bit(READ_12, filter->read_ok);
119	__set_bit(READ_16, filter->read_ok);
120	__set_bit(READ_BUFFER, filter->read_ok);
121	__set_bit(READ_DEFECT_DATA, filter->read_ok);
122	__set_bit(READ_CAPACITY, filter->read_ok);
123	__set_bit(READ_LONG, filter->read_ok);
124	__set_bit(INQUIRY, filter->read_ok);
125	__set_bit(MODE_SENSE, filter->read_ok);
126	__set_bit(MODE_SENSE_10, filter->read_ok);
127	__set_bit(LOG_SENSE, filter->read_ok);
128	__set_bit(START_STOP, filter->read_ok);
129	__set_bit(GPCMD_VERIFY_10, filter->read_ok);
130	__set_bit(VERIFY_16, filter->read_ok);
131	__set_bit(REPORT_LUNS, filter->read_ok);
132	__set_bit(SERVICE_ACTION_IN_16, filter->read_ok);
133	__set_bit(RECEIVE_DIAGNOSTIC, filter->read_ok);
134	__set_bit(MAINTENANCE_IN, filter->read_ok);
135	__set_bit(GPCMD_READ_BUFFER_CAPACITY, filter->read_ok);
136
137	/* Audio CD commands */
138	__set_bit(GPCMD_PLAY_CD, filter->read_ok);
139	__set_bit(GPCMD_PLAY_AUDIO_10, filter->read_ok);
140	__set_bit(GPCMD_PLAY_AUDIO_MSF, filter->read_ok);
141	__set_bit(GPCMD_PLAY_AUDIO_TI, filter->read_ok);
142	__set_bit(GPCMD_PAUSE_RESUME, filter->read_ok);
143
144	/* CD/DVD data reading */
145	__set_bit(GPCMD_READ_CD, filter->read_ok);
146	__set_bit(GPCMD_READ_CD_MSF, filter->read_ok);
147	__set_bit(GPCMD_READ_DISC_INFO, filter->read_ok);
148	__set_bit(GPCMD_READ_CDVD_CAPACITY, filter->read_ok);
149	__set_bit(GPCMD_READ_DVD_STRUCTURE, filter->read_ok);
150	__set_bit(GPCMD_READ_HEADER, filter->read_ok);
151	__set_bit(GPCMD_READ_TRACK_RZONE_INFO, filter->read_ok);
152	__set_bit(GPCMD_READ_SUBCHANNEL, filter->read_ok);
153	__set_bit(GPCMD_READ_TOC_PMA_ATIP, filter->read_ok);
154	__set_bit(GPCMD_REPORT_KEY, filter->read_ok);
155	__set_bit(GPCMD_SCAN, filter->read_ok);
156	__set_bit(GPCMD_GET_CONFIGURATION, filter->read_ok);
157	__set_bit(GPCMD_READ_FORMAT_CAPACITIES, filter->read_ok);
158	__set_bit(GPCMD_GET_EVENT_STATUS_NOTIFICATION, filter->read_ok);
159	__set_bit(GPCMD_GET_PERFORMANCE, filter->read_ok);
160	__set_bit(GPCMD_SEEK, filter->read_ok);
161	__set_bit(GPCMD_STOP_PLAY_SCAN, filter->read_ok);
162
163	/* Basic writing commands */
164	__set_bit(WRITE_6, filter->write_ok);
165	__set_bit(WRITE_10, filter->write_ok);
166	__set_bit(WRITE_VERIFY, filter->write_ok);
167	__set_bit(WRITE_12, filter->write_ok);
168	__set_bit(WRITE_VERIFY_12, filter->write_ok);
169	__set_bit(WRITE_16, filter->write_ok);
170	__set_bit(WRITE_LONG, filter->write_ok);
171	__set_bit(WRITE_LONG_2, filter->write_ok);
172	__set_bit(WRITE_SAME, filter->write_ok);
173	__set_bit(WRITE_SAME_16, filter->write_ok);
174	__set_bit(WRITE_SAME_32, filter->write_ok);
175	__set_bit(ERASE, filter->write_ok);
176	__set_bit(GPCMD_MODE_SELECT_10, filter->write_ok);
177	__set_bit(MODE_SELECT, filter->write_ok);
178	__set_bit(LOG_SELECT, filter->write_ok);
179	__set_bit(GPCMD_BLANK, filter->write_ok);
180	__set_bit(GPCMD_CLOSE_TRACK, filter->write_ok);
181	__set_bit(GPCMD_FLUSH_CACHE, filter->write_ok);
182	__set_bit(GPCMD_FORMAT_UNIT, filter->write_ok);
183	__set_bit(GPCMD_REPAIR_RZONE_TRACK, filter->write_ok);
184	__set_bit(GPCMD_RESERVE_RZONE_TRACK, filter->write_ok);
185	__set_bit(GPCMD_SEND_DVD_STRUCTURE, filter->write_ok);
186	__set_bit(GPCMD_SEND_EVENT, filter->write_ok);
187	__set_bit(GPCMD_SEND_KEY, filter->write_ok);
188	__set_bit(GPCMD_SEND_OPC, filter->write_ok);
189	__set_bit(GPCMD_SEND_CUE_SHEET, filter->write_ok);
190	__set_bit(GPCMD_SET_SPEED, filter->write_ok);
191	__set_bit(GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL, filter->write_ok);
192	__set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok);
193	__set_bit(GPCMD_SET_STREAMING, filter->write_ok);
194	__set_bit(GPCMD_SET_READ_AHEAD, filter->write_ok);
195}
196
197int blk_verify_command(unsigned char *cmd, fmode_t mode)
198{
199	struct blk_cmd_filter *filter = &blk_default_cmd_filter;
200
201	/* root can do any command. */
202	if (capable(CAP_SYS_RAWIO))
203		return 0;
204
205	/* Anybody who can open the device can do a read-safe command */
206	if (test_bit(cmd[0], filter->read_ok))
207		return 0;
208
209	/* Write-safe commands require a writable open */
210	if (test_bit(cmd[0], filter->write_ok) && (mode & FMODE_WRITE))
211		return 0;
212
213	return -EPERM;
214}
215EXPORT_SYMBOL(blk_verify_command);
216
217static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq,
218			     struct sg_io_hdr *hdr, fmode_t mode)
219{
220	struct scsi_request *req = scsi_req(rq);
221
222	if (copy_from_user(req->cmd, hdr->cmdp, hdr->cmd_len))
223		return -EFAULT;
224	if (blk_verify_command(req->cmd, mode))
225		return -EPERM;
226
227	/*
228	 * fill in request structure
229	 */
230	req->cmd_len = hdr->cmd_len;
231
232	rq->timeout = msecs_to_jiffies(hdr->timeout);
233	if (!rq->timeout)
234		rq->timeout = q->sg_timeout;
235	if (!rq->timeout)
236		rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
237	if (rq->timeout < BLK_MIN_SG_TIMEOUT)
238		rq->timeout = BLK_MIN_SG_TIMEOUT;
239
240	return 0;
241}
242
243static int blk_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr,
244				 struct bio *bio)
245{
246	struct scsi_request *req = scsi_req(rq);
247	int r, ret = 0;
248
249	/*
250	 * fill in all the output members
251	 */
252	hdr->status = req->result & 0xff;
253	hdr->masked_status = status_byte(req->result);
254	hdr->msg_status = msg_byte(req->result);
255	hdr->host_status = host_byte(req->result);
256	hdr->driver_status = driver_byte(req->result);
257	hdr->info = 0;
258	if (hdr->masked_status || hdr->host_status || hdr->driver_status)
259		hdr->info |= SG_INFO_CHECK;
260	hdr->resid = req->resid_len;
261	hdr->sb_len_wr = 0;
262
263	if (req->sense_len && hdr->sbp) {
264		int len = min((unsigned int) hdr->mx_sb_len, req->sense_len);
265
266		if (!copy_to_user(hdr->sbp, req->sense, len))
267			hdr->sb_len_wr = len;
268		else
269			ret = -EFAULT;
270	}
271
272	r = blk_rq_unmap_user(bio);
273	if (!ret)
274		ret = r;
275
276	return ret;
277}
278
279static int sg_io(struct request_queue *q, struct gendisk *bd_disk,
280		struct sg_io_hdr *hdr, fmode_t mode)
281{
282	unsigned long start_time;
283	ssize_t ret = 0;
284	int writing = 0;
285	int at_head = 0;
286	struct request *rq;
287	struct scsi_request *req;
288	struct bio *bio;
289
290	if (hdr->interface_id != 'S')
291		return -EINVAL;
292
293	if (hdr->dxfer_len > (queue_max_hw_sectors(q) << 9))
294		return -EIO;
295
296	if (hdr->dxfer_len)
297		switch (hdr->dxfer_direction) {
298		default:
299			return -EINVAL;
300		case SG_DXFER_TO_DEV:
301			writing = 1;
302			break;
303		case SG_DXFER_TO_FROM_DEV:
304		case SG_DXFER_FROM_DEV:
305			break;
306		}
307	if (hdr->flags & SG_FLAG_Q_AT_HEAD)
308		at_head = 1;
309
310	ret = -ENOMEM;
311	rq = blk_get_request(q, writing ? REQ_OP_SCSI_OUT : REQ_OP_SCSI_IN, 0);
312	if (IS_ERR(rq))
313		return PTR_ERR(rq);
314	req = scsi_req(rq);
315
316	if (hdr->cmd_len > BLK_MAX_CDB) {
317		req->cmd = kzalloc(hdr->cmd_len, GFP_KERNEL);
318		if (!req->cmd)
319			goto out_put_request;
320	}
321
322	ret = blk_fill_sghdr_rq(q, rq, hdr, mode);
323	if (ret < 0)
324		goto out_free_cdb;
325
326	ret = 0;
327	if (hdr->iovec_count) {
328		struct iov_iter i;
329		struct iovec *iov = NULL;
330
331#ifdef CONFIG_COMPAT
332		if (in_compat_syscall())
333			ret = compat_import_iovec(rq_data_dir(rq),
334				   hdr->dxferp, hdr->iovec_count,
335				   0, &iov, &i);
336		else
337#endif
338			ret = import_iovec(rq_data_dir(rq),
339				   hdr->dxferp, hdr->iovec_count,
340				   0, &iov, &i);
341		if (ret < 0)
342			goto out_free_cdb;
343
344		/* SG_IO howto says that the shorter of the two wins */
345		iov_iter_truncate(&i, hdr->dxfer_len);
346
347		ret = blk_rq_map_user_iov(q, rq, NULL, &i, GFP_KERNEL);
348		kfree(iov);
349	} else if (hdr->dxfer_len)
350		ret = blk_rq_map_user(q, rq, NULL, hdr->dxferp, hdr->dxfer_len,
351				      GFP_KERNEL);
352
353	if (ret)
354		goto out_free_cdb;
355
356	bio = rq->bio;
357	req->retries = 0;
358
359	start_time = jiffies;
360
361	/* ignore return value. All information is passed back to caller
362	 * (if he doesn't check that is his problem).
363	 * N.B. a non-zero SCSI status is _not_ necessarily an error.
364	 */
365	blk_execute_rq(q, bd_disk, rq, at_head);
366
367	hdr->duration = jiffies_to_msecs(jiffies - start_time);
368
369	ret = blk_complete_sghdr_rq(rq, hdr, bio);
370
371out_free_cdb:
372	scsi_req_free_cmd(req);
373out_put_request:
374	blk_put_request(rq);
375	return ret;
376}
377
378/**
379 * sg_scsi_ioctl  --  handle deprecated SCSI_IOCTL_SEND_COMMAND ioctl
380 * @q:		request queue to send scsi commands down
381 * @disk:	gendisk to operate on (option)
382 * @mode:	mode used to open the file through which the ioctl has been
383 *		submitted
384 * @sic:	userspace structure describing the command to perform
385 *
386 * Send down the scsi command described by @sic to the device below
387 * the request queue @q.  If @file is non-NULL it's used to perform
388 * fine-grained permission checks that allow users to send down
389 * non-destructive SCSI commands.  If the caller has a struct gendisk
390 * available it should be passed in as @disk to allow the low level
391 * driver to use the information contained in it.  A non-NULL @disk
392 * is only allowed if the caller knows that the low level driver doesn't
393 * need it (e.g. in the scsi subsystem).
394 *
395 * Notes:
396 *   -  This interface is deprecated - users should use the SG_IO
397 *      interface instead, as this is a more flexible approach to
398 *      performing SCSI commands on a device.
399 *   -  The SCSI command length is determined by examining the 1st byte
400 *      of the given command. There is no way to override this.
401 *   -  Data transfers are limited to PAGE_SIZE
402 *   -  The length (x + y) must be at least OMAX_SB_LEN bytes long to
403 *      accommodate the sense buffer when an error occurs.
404 *      The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that
405 *      old code will not be surprised.
406 *   -  If a Unix error occurs (e.g. ENOMEM) then the user will receive
407 *      a negative return and the Unix error code in 'errno'.
408 *      If the SCSI command succeeds then 0 is returned.
409 *      Positive numbers returned are the compacted SCSI error codes (4
410 *      bytes in one int) where the lowest byte is the SCSI status.
411 */
412int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
413		struct scsi_ioctl_command __user *sic)
414{
415	enum { OMAX_SB_LEN = 16 };	/* For backward compatibility */
416	struct request *rq;
417	struct scsi_request *req;
418	int err;
419	unsigned int in_len, out_len, bytes, opcode, cmdlen;
420	char *buffer = NULL;
421
422	if (!sic)
423		return -EINVAL;
424
425	/*
426	 * get in an out lengths, verify they don't exceed a page worth of data
427	 */
428	if (get_user(in_len, &sic->inlen))
429		return -EFAULT;
430	if (get_user(out_len, &sic->outlen))
431		return -EFAULT;
432	if (in_len > PAGE_SIZE || out_len > PAGE_SIZE)
433		return -EINVAL;
434	if (get_user(opcode, sic->data))
435		return -EFAULT;
436
437	bytes = max(in_len, out_len);
438	if (bytes) {
439		buffer = kzalloc(bytes, q->bounce_gfp | GFP_USER| __GFP_NOWARN);
440		if (!buffer)
441			return -ENOMEM;
442
443	}
444
445	rq = blk_get_request(q, in_len ? REQ_OP_SCSI_OUT : REQ_OP_SCSI_IN, 0);
446	if (IS_ERR(rq)) {
447		err = PTR_ERR(rq);
448		goto error_free_buffer;
449	}
450	req = scsi_req(rq);
451
452	cmdlen = COMMAND_SIZE(opcode);
453
454	/*
455	 * get command and data to send to device, if any
456	 */
457	err = -EFAULT;
458	req->cmd_len = cmdlen;
459	if (copy_from_user(req->cmd, sic->data, cmdlen))
460		goto error;
461
462	if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
463		goto error;
464
465	err = blk_verify_command(req->cmd, mode);
466	if (err)
467		goto error;
468
469	/* default.  possible overriden later */
470	req->retries = 5;
471
472	switch (opcode) {
473	case SEND_DIAGNOSTIC:
474	case FORMAT_UNIT:
475		rq->timeout = FORMAT_UNIT_TIMEOUT;
476		req->retries = 1;
477		break;
478	case START_STOP:
479		rq->timeout = START_STOP_TIMEOUT;
480		break;
481	case MOVE_MEDIUM:
482		rq->timeout = MOVE_MEDIUM_TIMEOUT;
483		break;
484	case READ_ELEMENT_STATUS:
485		rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;
486		break;
487	case READ_DEFECT_DATA:
488		rq->timeout = READ_DEFECT_DATA_TIMEOUT;
489		req->retries = 1;
490		break;
491	default:
492		rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
493		break;
494	}
495
496	if (bytes && blk_rq_map_kern(q, rq, buffer, bytes, GFP_NOIO)) {
497		err = DRIVER_ERROR << 24;
498		goto error;
499	}
500
501	blk_execute_rq(q, disk, rq, 0);
502
503	err = req->result & 0xff;	/* only 8 bit SCSI status */
504	if (err) {
505		if (req->sense_len && req->sense) {
506			bytes = (OMAX_SB_LEN > req->sense_len) ?
507				req->sense_len : OMAX_SB_LEN;
508			if (copy_to_user(sic->data, req->sense, bytes))
509				err = -EFAULT;
510		}
511	} else {
512		if (copy_to_user(sic->data, buffer, out_len))
513			err = -EFAULT;
514	}
515	
516error:
517	blk_put_request(rq);
518
519error_free_buffer:
520	kfree(buffer);
521
522	return err;
523}
524EXPORT_SYMBOL_GPL(sg_scsi_ioctl);
525
526/* Send basic block requests */
527static int __blk_send_generic(struct request_queue *q, struct gendisk *bd_disk,
528			      int cmd, int data)
529{
530	struct request *rq;
531	int err;
532
533	rq = blk_get_request(q, REQ_OP_SCSI_OUT, 0);
534	if (IS_ERR(rq))
535		return PTR_ERR(rq);
536	rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
537	scsi_req(rq)->cmd[0] = cmd;
538	scsi_req(rq)->cmd[4] = data;
539	scsi_req(rq)->cmd_len = 6;
540	blk_execute_rq(q, bd_disk, rq, 0);
541	err = scsi_req(rq)->result ? -EIO : 0;
542	blk_put_request(rq);
543
544	return err;
545}
546
547static inline int blk_send_start_stop(struct request_queue *q,
548				      struct gendisk *bd_disk, int data)
549{
550	return __blk_send_generic(q, bd_disk, GPCMD_START_STOP_UNIT, data);
551}
552
553#ifdef CONFIG_COMPAT
554struct compat_sg_io_hdr {
555	compat_int_t interface_id;	/* [i] 'S' for SCSI generic (required) */
556	compat_int_t dxfer_direction;	/* [i] data transfer direction  */
557	unsigned char cmd_len;		/* [i] SCSI command length ( <= 16 bytes) */
558	unsigned char mx_sb_len;	/* [i] max length to write to sbp */
559	unsigned short iovec_count;	/* [i] 0 implies no scatter gather */
560	compat_uint_t dxfer_len;	/* [i] byte count of data transfer */
561	compat_uint_t dxferp;		/* [i], [*io] points to data transfer memory
562						or scatter gather list */
563	compat_uptr_t cmdp;		/* [i], [*i] points to command to perform */
564	compat_uptr_t sbp;		/* [i], [*o] points to sense_buffer memory */
565	compat_uint_t timeout;		/* [i] MAX_UINT->no timeout (unit: millisec) */
566	compat_uint_t flags;		/* [i] 0 -> default, see SG_FLAG... */
567	compat_int_t pack_id;		/* [i->o] unused internally (normally) */
568	compat_uptr_t usr_ptr;		/* [i->o] unused internally */
569	unsigned char status;		/* [o] scsi status */
570	unsigned char masked_status;	/* [o] shifted, masked scsi status */
571	unsigned char msg_status;	/* [o] messaging level data (optional) */
572	unsigned char sb_len_wr;	/* [o] byte count actually written to sbp */
573	unsigned short host_status;	/* [o] errors from host adapter */
574	unsigned short driver_status;	/* [o] errors from software driver */
575	compat_int_t resid;		/* [o] dxfer_len - actual_transferred */
576	compat_uint_t duration;		/* [o] time taken by cmd (unit: millisec) */
577	compat_uint_t info;		/* [o] auxiliary information */
578};
579#endif
580
581int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp)
582{
583#ifdef CONFIG_COMPAT
584	if (in_compat_syscall()) {
585		struct compat_sg_io_hdr hdr32 =  {
586			.interface_id	 = hdr->interface_id,
587			.dxfer_direction = hdr->dxfer_direction,
588			.cmd_len	 = hdr->cmd_len,
589			.mx_sb_len	 = hdr->mx_sb_len,
590			.iovec_count	 = hdr->iovec_count,
591			.dxfer_len	 = hdr->dxfer_len,
592			.dxferp		 = (uintptr_t)hdr->dxferp,
593			.cmdp		 = (uintptr_t)hdr->cmdp,
594			.sbp		 = (uintptr_t)hdr->sbp,
595			.timeout	 = hdr->timeout,
596			.flags		 = hdr->flags,
597			.pack_id	 = hdr->pack_id,
598			.usr_ptr	 = (uintptr_t)hdr->usr_ptr,
599			.status		 = hdr->status,
600			.masked_status	 = hdr->masked_status,
601			.msg_status	 = hdr->msg_status,
602			.sb_len_wr	 = hdr->sb_len_wr,
603			.host_status	 = hdr->host_status,
604			.driver_status	 = hdr->driver_status,
605			.resid		 = hdr->resid,
606			.duration	 = hdr->duration,
607			.info		 = hdr->info,
608		};
609
610		if (copy_to_user(argp, &hdr32, sizeof(hdr32)))
611			return -EFAULT;
612
613		return 0;
614	}
615#endif
616
617	if (copy_to_user(argp, hdr, sizeof(*hdr)))
618		return -EFAULT;
619
620	return 0;
621}
622EXPORT_SYMBOL(put_sg_io_hdr);
623
624int get_sg_io_hdr(struct sg_io_hdr *hdr, const void __user *argp)
625{
626#ifdef CONFIG_COMPAT
627	struct compat_sg_io_hdr hdr32;
628
629	if (in_compat_syscall()) {
630		if (copy_from_user(&hdr32, argp, sizeof(hdr32)))
631			return -EFAULT;
632
633		*hdr = (struct sg_io_hdr) {
634			.interface_id	 = hdr32.interface_id,
635			.dxfer_direction = hdr32.dxfer_direction,
636			.cmd_len	 = hdr32.cmd_len,
637			.mx_sb_len	 = hdr32.mx_sb_len,
638			.iovec_count	 = hdr32.iovec_count,
639			.dxfer_len	 = hdr32.dxfer_len,
640			.dxferp		 = compat_ptr(hdr32.dxferp),
641			.cmdp		 = compat_ptr(hdr32.cmdp),
642			.sbp		 = compat_ptr(hdr32.sbp),
643			.timeout	 = hdr32.timeout,
644			.flags		 = hdr32.flags,
645			.pack_id	 = hdr32.pack_id,
646			.usr_ptr	 = compat_ptr(hdr32.usr_ptr),
647			.status		 = hdr32.status,
648			.masked_status	 = hdr32.masked_status,
649			.msg_status	 = hdr32.msg_status,
650			.sb_len_wr	 = hdr32.sb_len_wr,
651			.host_status	 = hdr32.host_status,
652			.driver_status	 = hdr32.driver_status,
653			.resid		 = hdr32.resid,
654			.duration	 = hdr32.duration,
655			.info		 = hdr32.info,
656		};
657
658		return 0;
659	}
660#endif
661
662	if (copy_from_user(hdr, argp, sizeof(*hdr)))
663		return -EFAULT;
664
665	return 0;
666}
667EXPORT_SYMBOL(get_sg_io_hdr);
668
669int scsi_cmd_ioctl(struct request_queue *q, struct gendisk *bd_disk, fmode_t mode,
670		   unsigned int cmd, void __user *arg)
671{
672	int err;
673
674	if (!q)
675		return -ENXIO;
676
677	switch (cmd) {
678		/*
679		 * new sgv3 interface
680		 */
681		case SG_GET_VERSION_NUM:
682			err = sg_get_version(arg);
683			break;
684		case SCSI_IOCTL_GET_IDLUN:
685			err = scsi_get_idlun(q, arg);
686			break;
687		case SCSI_IOCTL_GET_BUS_NUMBER:
688			err = scsi_get_bus(q, arg);
689			break;
690		case SG_SET_TIMEOUT:
691			err = sg_set_timeout(q, arg);
692			break;
693		case SG_GET_TIMEOUT:
694			err = sg_get_timeout(q);
695			break;
696		case SG_GET_RESERVED_SIZE:
697			err = sg_get_reserved_size(q, arg);
698			break;
699		case SG_SET_RESERVED_SIZE:
700			err = sg_set_reserved_size(q, arg);
701			break;
702		case SG_EMULATED_HOST:
703			err = sg_emulated_host(q, arg);
704			break;
705		case SG_IO: {
706			struct sg_io_hdr hdr;
707
708			err = get_sg_io_hdr(&hdr, arg);
709			if (err)
710				break;
711			err = sg_io(q, bd_disk, &hdr, mode);
712			if (err == -EFAULT)
713				break;
714
715			if (put_sg_io_hdr(&hdr, arg))
716				err = -EFAULT;
717			break;
718		}
719		case CDROM_SEND_PACKET: {
720			struct cdrom_generic_command cgc;
721			struct sg_io_hdr hdr;
722
723			err = -EFAULT;
724			if (copy_from_user(&cgc, arg, sizeof(cgc)))
725				break;
726			cgc.timeout = clock_t_to_jiffies(cgc.timeout);
727			memset(&hdr, 0, sizeof(hdr));
728			hdr.interface_id = 'S';
729			hdr.cmd_len = sizeof(cgc.cmd);
730			hdr.dxfer_len = cgc.buflen;
731			err = 0;
732			switch (cgc.data_direction) {
733				case CGC_DATA_UNKNOWN:
734					hdr.dxfer_direction = SG_DXFER_UNKNOWN;
735					break;
736				case CGC_DATA_WRITE:
737					hdr.dxfer_direction = SG_DXFER_TO_DEV;
738					break;
739				case CGC_DATA_READ:
740					hdr.dxfer_direction = SG_DXFER_FROM_DEV;
741					break;
742				case CGC_DATA_NONE:
743					hdr.dxfer_direction = SG_DXFER_NONE;
744					break;
745				default:
746					err = -EINVAL;
747			}
748			if (err)
749				break;
750
751			hdr.dxferp = cgc.buffer;
752			hdr.sbp = cgc.sense;
753			if (hdr.sbp)
754				hdr.mx_sb_len = sizeof(struct request_sense);
755			hdr.timeout = jiffies_to_msecs(cgc.timeout);
756			hdr.cmdp = ((struct cdrom_generic_command __user*) arg)->cmd;
757			hdr.cmd_len = sizeof(cgc.cmd);
758
759			err = sg_io(q, bd_disk, &hdr, mode);
760			if (err == -EFAULT)
761				break;
762
763			if (hdr.status)
764				err = -EIO;
765
766			cgc.stat = err;
767			cgc.buflen = hdr.resid;
768			if (copy_to_user(arg, &cgc, sizeof(cgc)))
769				err = -EFAULT;
770
771			break;
772		}
773
774		/*
775		 * old junk scsi send command ioctl
776		 */
777		case SCSI_IOCTL_SEND_COMMAND:
778			printk(KERN_WARNING "program %s is using a deprecated SCSI ioctl, please convert it to SG_IO\n", current->comm);
779			err = -EINVAL;
780			if (!arg)
781				break;
782
783			err = sg_scsi_ioctl(q, bd_disk, mode, arg);
784			break;
785		case CDROMCLOSETRAY:
786			err = blk_send_start_stop(q, bd_disk, 0x03);
787			break;
788		case CDROMEJECT:
789			err = blk_send_start_stop(q, bd_disk, 0x02);
790			break;
791		default:
792			err = -ENOTTY;
793	}
794
795	return err;
796}
797EXPORT_SYMBOL(scsi_cmd_ioctl);
798
799int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd)
800{
801	if (bd && bd == bd->bd_contains)
802		return 0;
803
804	if (capable(CAP_SYS_RAWIO))
805		return 0;
806
807	return -ENOIOCTLCMD;
808}
809EXPORT_SYMBOL(scsi_verify_blk_ioctl);
810
811int scsi_cmd_blk_ioctl(struct block_device *bd, fmode_t mode,
812		       unsigned int cmd, void __user *arg)
813{
814	int ret;
815
816	ret = scsi_verify_blk_ioctl(bd, cmd);
817	if (ret < 0)
818		return ret;
819
820	return scsi_cmd_ioctl(bd->bd_disk->queue, bd->bd_disk, mode, cmd, arg);
821}
822EXPORT_SYMBOL(scsi_cmd_blk_ioctl);
823
824/**
825 * scsi_req_init - initialize certain fields of a scsi_request structure
826 * @req: Pointer to a scsi_request structure.
827 * Initializes .__cmd[], .cmd, .cmd_len and .sense_len but no other members
828 * of struct scsi_request.
829 */
830void scsi_req_init(struct scsi_request *req)
831{
832	memset(req->__cmd, 0, sizeof(req->__cmd));
833	req->cmd = req->__cmd;
834	req->cmd_len = BLK_MAX_CDB;
835	req->sense_len = 0;
836}
837EXPORT_SYMBOL(scsi_req_init);
838
839static int __init blk_scsi_ioctl_init(void)
840{
841	blk_set_cmd_filter_defaults(&blk_default_cmd_filter);
842	return 0;
843}
844fs_initcall(blk_scsi_ioctl_init);