tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

kernel / block / scsi_ioctl.c
at v5.8-rc2 900 lines 23 kB view raw
1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Copyright (C) 2001 Jens Axboe <axboe@suse.de> 4 */ 5#include <linux/compat.h> 6#include <linux/kernel.h> 7#include <linux/errno.h> 8#include <linux/string.h> 9#include <linux/module.h> 10#include <linux/blkdev.h> 11#include <linux/capability.h> 12#include <linux/completion.h> 13#include <linux/cdrom.h> 14#include <linux/ratelimit.h> 15#include <linux/slab.h> 16#include <linux/times.h> 17#include <linux/uio.h> 18#include <linux/uaccess.h> 19 20#include <scsi/scsi.h> 21#include <scsi/scsi_ioctl.h> 22#include <scsi/scsi_cmnd.h> 23#include <scsi/sg.h> 24 25struct blk_cmd_filter { 26 unsigned long read_ok[BLK_SCSI_CMD_PER_LONG]; 27 unsigned long write_ok[BLK_SCSI_CMD_PER_LONG]; 28}; 29 30static struct blk_cmd_filter blk_default_cmd_filter; 31 32/* Command group 3 is reserved and should never be used. */ 33const unsigned char scsi_command_size_tbl[8] = 34{ 35 6, 10, 10, 12, 36 16, 12, 10, 10 37}; 38EXPORT_SYMBOL(scsi_command_size_tbl); 39 40#include <scsi/sg.h> 41 42static int sg_get_version(int __user *p) 43{ 44 static const int sg_version_num = 30527; 45 return put_user(sg_version_num, p); 46} 47 48static int scsi_get_idlun(struct request_queue *q, int __user *p) 49{ 50 return put_user(0, p); 51} 52 53static int scsi_get_bus(struct request_queue *q, int __user *p) 54{ 55 return put_user(0, p); 56} 57 58static int sg_get_timeout(struct request_queue *q) 59{ 60 return jiffies_to_clock_t(q->sg_timeout); 61} 62 63static int sg_set_timeout(struct request_queue *q, int __user *p) 64{ 65 int timeout, err = get_user(timeout, p); 66 67 if (!err) 68 q->sg_timeout = clock_t_to_jiffies(timeout); 69 70 return err; 71} 72 73static int max_sectors_bytes(struct request_queue *q) 74{ 75 unsigned int max_sectors = queue_max_sectors(q); 76 77 max_sectors = min_t(unsigned int, max_sectors, INT_MAX >> 9); 78 79 return max_sectors << 9; 80} 81 82static int sg_get_reserved_size(struct request_queue *q, int __user *p) 83{ 84 int val = min_t(int, q->sg_reserved_size, max_sectors_bytes(q)); 85 86 return put_user(val, p); 87} 88 89static int sg_set_reserved_size(struct request_queue *q, int __user *p) 90{ 91 int size, err = get_user(size, p); 92 93 if (err) 94 return err; 95 96 if (size < 0) 97 return -EINVAL; 98 99 q->sg_reserved_size = min(size, max_sectors_bytes(q)); 100 return 0; 101} 102 103/* 104 * will always return that we are ATAPI even for a real SCSI drive, I'm not 105 * so sure this is worth doing anything about (why would you care??) 106 */ 107static int sg_emulated_host(struct request_queue *q, int __user *p) 108{ 109 return put_user(1, p); 110} 111 112static void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter) 113{ 114 /* Basic read-only commands */ 115 __set_bit(TEST_UNIT_READY, filter->read_ok); 116 __set_bit(REQUEST_SENSE, filter->read_ok); 117 __set_bit(READ_6, filter->read_ok); 118 __set_bit(READ_10, filter->read_ok); 119 __set_bit(READ_12, filter->read_ok); 120 __set_bit(READ_16, filter->read_ok); 121 __set_bit(READ_BUFFER, filter->read_ok); 122 __set_bit(READ_DEFECT_DATA, filter->read_ok); 123 __set_bit(READ_CAPACITY, filter->read_ok); 124 __set_bit(READ_LONG, filter->read_ok); 125 __set_bit(INQUIRY, filter->read_ok); 126 __set_bit(MODE_SENSE, filter->read_ok); 127 __set_bit(MODE_SENSE_10, filter->read_ok); 128 __set_bit(LOG_SENSE, filter->read_ok); 129 __set_bit(START_STOP, filter->read_ok); 130 __set_bit(GPCMD_VERIFY_10, filter->read_ok); 131 __set_bit(VERIFY_16, filter->read_ok); 132 __set_bit(REPORT_LUNS, filter->read_ok); 133 __set_bit(SERVICE_ACTION_IN_16, filter->read_ok); 134 __set_bit(RECEIVE_DIAGNOSTIC, filter->read_ok); 135 __set_bit(MAINTENANCE_IN, filter->read_ok); 136 __set_bit(GPCMD_READ_BUFFER_CAPACITY, filter->read_ok); 137 138 /* Audio CD commands */ 139 __set_bit(GPCMD_PLAY_CD, filter->read_ok); 140 __set_bit(GPCMD_PLAY_AUDIO_10, filter->read_ok); 141 __set_bit(GPCMD_PLAY_AUDIO_MSF, filter->read_ok); 142 __set_bit(GPCMD_PLAY_AUDIO_TI, filter->read_ok); 143 __set_bit(GPCMD_PAUSE_RESUME, filter->read_ok); 144 145 /* CD/DVD data reading */ 146 __set_bit(GPCMD_READ_CD, filter->read_ok); 147 __set_bit(GPCMD_READ_CD_MSF, filter->read_ok); 148 __set_bit(GPCMD_READ_DISC_INFO, filter->read_ok); 149 __set_bit(GPCMD_READ_CDVD_CAPACITY, filter->read_ok); 150 __set_bit(GPCMD_READ_DVD_STRUCTURE, filter->read_ok); 151 __set_bit(GPCMD_READ_HEADER, filter->read_ok); 152 __set_bit(GPCMD_READ_TRACK_RZONE_INFO, filter->read_ok); 153 __set_bit(GPCMD_READ_SUBCHANNEL, filter->read_ok); 154 __set_bit(GPCMD_READ_TOC_PMA_ATIP, filter->read_ok); 155 __set_bit(GPCMD_REPORT_KEY, filter->read_ok); 156 __set_bit(GPCMD_SCAN, filter->read_ok); 157 __set_bit(GPCMD_GET_CONFIGURATION, filter->read_ok); 158 __set_bit(GPCMD_READ_FORMAT_CAPACITIES, filter->read_ok); 159 __set_bit(GPCMD_GET_EVENT_STATUS_NOTIFICATION, filter->read_ok); 160 __set_bit(GPCMD_GET_PERFORMANCE, filter->read_ok); 161 __set_bit(GPCMD_SEEK, filter->read_ok); 162 __set_bit(GPCMD_STOP_PLAY_SCAN, filter->read_ok); 163 164 /* Basic writing commands */ 165 __set_bit(WRITE_6, filter->write_ok); 166 __set_bit(WRITE_10, filter->write_ok); 167 __set_bit(WRITE_VERIFY, filter->write_ok); 168 __set_bit(WRITE_12, filter->write_ok); 169 __set_bit(WRITE_VERIFY_12, filter->write_ok); 170 __set_bit(WRITE_16, filter->write_ok); 171 __set_bit(WRITE_LONG, filter->write_ok); 172 __set_bit(WRITE_LONG_2, filter->write_ok); 173 __set_bit(WRITE_SAME, filter->write_ok); 174 __set_bit(WRITE_SAME_16, filter->write_ok); 175 __set_bit(WRITE_SAME_32, filter->write_ok); 176 __set_bit(ERASE, filter->write_ok); 177 __set_bit(GPCMD_MODE_SELECT_10, filter->write_ok); 178 __set_bit(MODE_SELECT, filter->write_ok); 179 __set_bit(LOG_SELECT, filter->write_ok); 180 __set_bit(GPCMD_BLANK, filter->write_ok); 181 __set_bit(GPCMD_CLOSE_TRACK, filter->write_ok); 182 __set_bit(GPCMD_FLUSH_CACHE, filter->write_ok); 183 __set_bit(GPCMD_FORMAT_UNIT, filter->write_ok); 184 __set_bit(GPCMD_REPAIR_RZONE_TRACK, filter->write_ok); 185 __set_bit(GPCMD_RESERVE_RZONE_TRACK, filter->write_ok); 186 __set_bit(GPCMD_SEND_DVD_STRUCTURE, filter->write_ok); 187 __set_bit(GPCMD_SEND_EVENT, filter->write_ok); 188 __set_bit(GPCMD_SEND_KEY, filter->write_ok); 189 __set_bit(GPCMD_SEND_OPC, filter->write_ok); 190 __set_bit(GPCMD_SEND_CUE_SHEET, filter->write_ok); 191 __set_bit(GPCMD_SET_SPEED, filter->write_ok); 192 __set_bit(GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL, filter->write_ok); 193 __set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok); 194 __set_bit(GPCMD_SET_STREAMING, filter->write_ok); 195 __set_bit(GPCMD_SET_READ_AHEAD, filter->write_ok); 196 197 /* ZBC Commands */ 198 __set_bit(ZBC_OUT, filter->write_ok); 199 __set_bit(ZBC_IN, filter->read_ok); 200} 201 202int blk_verify_command(unsigned char *cmd, fmode_t mode) 203{ 204 struct blk_cmd_filter *filter = &blk_default_cmd_filter; 205 206 /* root can do any command. */ 207 if (capable(CAP_SYS_RAWIO)) 208 return 0; 209 210 /* Anybody who can open the device can do a read-safe command */ 211 if (test_bit(cmd[0], filter->read_ok)) 212 return 0; 213 214 /* Write-safe commands require a writable open */ 215 if (test_bit(cmd[0], filter->write_ok) && (mode & FMODE_WRITE)) 216 return 0; 217 218 return -EPERM; 219} 220EXPORT_SYMBOL(blk_verify_command); 221 222static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq, 223 struct sg_io_hdr *hdr, fmode_t mode) 224{ 225 struct scsi_request *req = scsi_req(rq); 226 227 if (copy_from_user(req->cmd, hdr->cmdp, hdr->cmd_len)) 228 return -EFAULT; 229 if (blk_verify_command(req->cmd, mode)) 230 return -EPERM; 231 232 /* 233 * fill in request structure 234 */ 235 req->cmd_len = hdr->cmd_len; 236 237 rq->timeout = msecs_to_jiffies(hdr->timeout); 238 if (!rq->timeout) 239 rq->timeout = q->sg_timeout; 240 if (!rq->timeout) 241 rq->timeout = BLK_DEFAULT_SG_TIMEOUT; 242 if (rq->timeout < BLK_MIN_SG_TIMEOUT) 243 rq->timeout = BLK_MIN_SG_TIMEOUT; 244 245 return 0; 246} 247 248static int blk_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr, 249 struct bio *bio) 250{ 251 struct scsi_request *req = scsi_req(rq); 252 int r, ret = 0; 253 254 /* 255 * fill in all the output members 256 */ 257 hdr->status = req->result & 0xff; 258 hdr->masked_status = status_byte(req->result); 259 hdr->msg_status = msg_byte(req->result); 260 hdr->host_status = host_byte(req->result); 261 hdr->driver_status = driver_byte(req->result); 262 hdr->info = 0; 263 if (hdr->masked_status || hdr->host_status || hdr->driver_status) 264 hdr->info |= SG_INFO_CHECK; 265 hdr->resid = req->resid_len; 266 hdr->sb_len_wr = 0; 267 268 if (req->sense_len && hdr->sbp) { 269 int len = min((unsigned int) hdr->mx_sb_len, req->sense_len); 270 271 if (!copy_to_user(hdr->sbp, req->sense, len)) 272 hdr->sb_len_wr = len; 273 else 274 ret = -EFAULT; 275 } 276 277 r = blk_rq_unmap_user(bio); 278 if (!ret) 279 ret = r; 280 281 return ret; 282} 283 284static int sg_io(struct request_queue *q, struct gendisk *bd_disk, 285 struct sg_io_hdr *hdr, fmode_t mode) 286{ 287 unsigned long start_time; 288 ssize_t ret = 0; 289 int writing = 0; 290 int at_head = 0; 291 struct request *rq; 292 struct scsi_request *req; 293 struct bio *bio; 294 295 if (hdr->interface_id != 'S') 296 return -EINVAL; 297 298 if (hdr->dxfer_len > (queue_max_hw_sectors(q) << 9)) 299 return -EIO; 300 301 if (hdr->dxfer_len) 302 switch (hdr->dxfer_direction) { 303 default: 304 return -EINVAL; 305 case SG_DXFER_TO_DEV: 306 writing = 1; 307 break; 308 case SG_DXFER_TO_FROM_DEV: 309 case SG_DXFER_FROM_DEV: 310 break; 311 } 312 if (hdr->flags & SG_FLAG_Q_AT_HEAD) 313 at_head = 1; 314 315 ret = -ENOMEM; 316 rq = blk_get_request(q, writing ? REQ_OP_SCSI_OUT : REQ_OP_SCSI_IN, 0); 317 if (IS_ERR(rq)) 318 return PTR_ERR(rq); 319 req = scsi_req(rq); 320 321 if (hdr->cmd_len > BLK_MAX_CDB) { 322 req->cmd = kzalloc(hdr->cmd_len, GFP_KERNEL); 323 if (!req->cmd) 324 goto out_put_request; 325 } 326 327 ret = blk_fill_sghdr_rq(q, rq, hdr, mode); 328 if (ret < 0) 329 goto out_free_cdb; 330 331 ret = 0; 332 if (hdr->iovec_count) { 333 struct iov_iter i; 334 struct iovec *iov = NULL; 335 336#ifdef CONFIG_COMPAT 337 if (in_compat_syscall()) 338 ret = compat_import_iovec(rq_data_dir(rq), 339 hdr->dxferp, hdr->iovec_count, 340 0, &iov, &i); 341 else 342#endif 343 ret = import_iovec(rq_data_dir(rq), 344 hdr->dxferp, hdr->iovec_count, 345 0, &iov, &i); 346 if (ret < 0) 347 goto out_free_cdb; 348 349 /* SG_IO howto says that the shorter of the two wins */ 350 iov_iter_truncate(&i, hdr->dxfer_len); 351 352 ret = blk_rq_map_user_iov(q, rq, NULL, &i, GFP_KERNEL); 353 kfree(iov); 354 } else if (hdr->dxfer_len) 355 ret = blk_rq_map_user(q, rq, NULL, hdr->dxferp, hdr->dxfer_len, 356 GFP_KERNEL); 357 358 if (ret) 359 goto out_free_cdb; 360 361 bio = rq->bio; 362 req->retries = 0; 363 364 start_time = jiffies; 365 366 /* ignore return value. All information is passed back to caller 367 * (if he doesn't check that is his problem). 368 * N.B. a non-zero SCSI status is _not_ necessarily an error. 369 */ 370 blk_execute_rq(q, bd_disk, rq, at_head); 371 372 hdr->duration = jiffies_to_msecs(jiffies - start_time); 373 374 ret = blk_complete_sghdr_rq(rq, hdr, bio); 375 376out_free_cdb: 377 scsi_req_free_cmd(req); 378out_put_request: 379 blk_put_request(rq); 380 return ret; 381} 382 383/** 384 * sg_scsi_ioctl -- handle deprecated SCSI_IOCTL_SEND_COMMAND ioctl 385 * @q: request queue to send scsi commands down 386 * @disk: gendisk to operate on (option) 387 * @mode: mode used to open the file through which the ioctl has been 388 * submitted 389 * @sic: userspace structure describing the command to perform 390 * 391 * Send down the scsi command described by @sic to the device below 392 * the request queue @q. If @file is non-NULL it's used to perform 393 * fine-grained permission checks that allow users to send down 394 * non-destructive SCSI commands. If the caller has a struct gendisk 395 * available it should be passed in as @disk to allow the low level 396 * driver to use the information contained in it. A non-NULL @disk 397 * is only allowed if the caller knows that the low level driver doesn't 398 * need it (e.g. in the scsi subsystem). 399 * 400 * Notes: 401 * - This interface is deprecated - users should use the SG_IO 402 * interface instead, as this is a more flexible approach to 403 * performing SCSI commands on a device. 404 * - The SCSI command length is determined by examining the 1st byte 405 * of the given command. There is no way to override this. 406 * - Data transfers are limited to PAGE_SIZE 407 * - The length (x + y) must be at least OMAX_SB_LEN bytes long to 408 * accommodate the sense buffer when an error occurs. 409 * The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that 410 * old code will not be surprised. 411 * - If a Unix error occurs (e.g. ENOMEM) then the user will receive 412 * a negative return and the Unix error code in 'errno'. 413 * If the SCSI command succeeds then 0 is returned. 414 * Positive numbers returned are the compacted SCSI error codes (4 415 * bytes in one int) where the lowest byte is the SCSI status. 416 */ 417int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, 418 struct scsi_ioctl_command __user *sic) 419{ 420 enum { OMAX_SB_LEN = 16 }; /* For backward compatibility */ 421 struct request *rq; 422 struct scsi_request *req; 423 int err; 424 unsigned int in_len, out_len, bytes, opcode, cmdlen; 425 char *buffer = NULL; 426 427 if (!sic) 428 return -EINVAL; 429 430 /* 431 * get in an out lengths, verify they don't exceed a page worth of data 432 */ 433 if (get_user(in_len, &sic->inlen)) 434 return -EFAULT; 435 if (get_user(out_len, &sic->outlen)) 436 return -EFAULT; 437 if (in_len > PAGE_SIZE || out_len > PAGE_SIZE) 438 return -EINVAL; 439 if (get_user(opcode, sic->data)) 440 return -EFAULT; 441 442 bytes = max(in_len, out_len); 443 if (bytes) { 444 buffer = kzalloc(bytes, q->bounce_gfp | GFP_USER| __GFP_NOWARN); 445 if (!buffer) 446 return -ENOMEM; 447 448 } 449 450 rq = blk_get_request(q, in_len ? REQ_OP_SCSI_OUT : REQ_OP_SCSI_IN, 0); 451 if (IS_ERR(rq)) { 452 err = PTR_ERR(rq); 453 goto error_free_buffer; 454 } 455 req = scsi_req(rq); 456 457 cmdlen = COMMAND_SIZE(opcode); 458 459 /* 460 * get command and data to send to device, if any 461 */ 462 err = -EFAULT; 463 req->cmd_len = cmdlen; 464 if (copy_from_user(req->cmd, sic->data, cmdlen)) 465 goto error; 466 467 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) 468 goto error; 469 470 err = blk_verify_command(req->cmd, mode); 471 if (err) 472 goto error; 473 474 /* default. possible overriden later */ 475 req->retries = 5; 476 477 switch (opcode) { 478 case SEND_DIAGNOSTIC: 479 case FORMAT_UNIT: 480 rq->timeout = FORMAT_UNIT_TIMEOUT; 481 req->retries = 1; 482 break; 483 case START_STOP: 484 rq->timeout = START_STOP_TIMEOUT; 485 break; 486 case MOVE_MEDIUM: 487 rq->timeout = MOVE_MEDIUM_TIMEOUT; 488 break; 489 case READ_ELEMENT_STATUS: 490 rq->timeout = READ_ELEMENT_STATUS_TIMEOUT; 491 break; 492 case READ_DEFECT_DATA: 493 rq->timeout = READ_DEFECT_DATA_TIMEOUT; 494 req->retries = 1; 495 break; 496 default: 497 rq->timeout = BLK_DEFAULT_SG_TIMEOUT; 498 break; 499 } 500 501 if (bytes && blk_rq_map_kern(q, rq, buffer, bytes, GFP_NOIO)) { 502 err = DRIVER_ERROR << 24; 503 goto error; 504 } 505 506 blk_execute_rq(q, disk, rq, 0); 507 508 err = req->result & 0xff; /* only 8 bit SCSI status */ 509 if (err) { 510 if (req->sense_len && req->sense) { 511 bytes = (OMAX_SB_LEN > req->sense_len) ? 512 req->sense_len : OMAX_SB_LEN; 513 if (copy_to_user(sic->data, req->sense, bytes)) 514 err = -EFAULT; 515 } 516 } else { 517 if (copy_to_user(sic->data, buffer, out_len)) 518 err = -EFAULT; 519 } 520 521error: 522 blk_put_request(rq); 523 524error_free_buffer: 525 kfree(buffer); 526 527 return err; 528} 529EXPORT_SYMBOL_GPL(sg_scsi_ioctl); 530 531/* Send basic block requests */ 532static int __blk_send_generic(struct request_queue *q, struct gendisk *bd_disk, 533 int cmd, int data) 534{ 535 struct request *rq; 536 int err; 537 538 rq = blk_get_request(q, REQ_OP_SCSI_OUT, 0); 539 if (IS_ERR(rq)) 540 return PTR_ERR(rq); 541 rq->timeout = BLK_DEFAULT_SG_TIMEOUT; 542 scsi_req(rq)->cmd[0] = cmd; 543 scsi_req(rq)->cmd[4] = data; 544 scsi_req(rq)->cmd_len = 6; 545 blk_execute_rq(q, bd_disk, rq, 0); 546 err = scsi_req(rq)->result ? -EIO : 0; 547 blk_put_request(rq); 548 549 return err; 550} 551 552static inline int blk_send_start_stop(struct request_queue *q, 553 struct gendisk *bd_disk, int data) 554{ 555 return __blk_send_generic(q, bd_disk, GPCMD_START_STOP_UNIT, data); 556} 557 558int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp) 559{ 560#ifdef CONFIG_COMPAT 561 if (in_compat_syscall()) { 562 struct compat_sg_io_hdr hdr32 = { 563 .interface_id = hdr->interface_id, 564 .dxfer_direction = hdr->dxfer_direction, 565 .cmd_len = hdr->cmd_len, 566 .mx_sb_len = hdr->mx_sb_len, 567 .iovec_count = hdr->iovec_count, 568 .dxfer_len = hdr->dxfer_len, 569 .dxferp = (uintptr_t)hdr->dxferp, 570 .cmdp = (uintptr_t)hdr->cmdp, 571 .sbp = (uintptr_t)hdr->sbp, 572 .timeout = hdr->timeout, 573 .flags = hdr->flags, 574 .pack_id = hdr->pack_id, 575 .usr_ptr = (uintptr_t)hdr->usr_ptr, 576 .status = hdr->status, 577 .masked_status = hdr->masked_status, 578 .msg_status = hdr->msg_status, 579 .sb_len_wr = hdr->sb_len_wr, 580 .host_status = hdr->host_status, 581 .driver_status = hdr->driver_status, 582 .resid = hdr->resid, 583 .duration = hdr->duration, 584 .info = hdr->info, 585 }; 586 587 if (copy_to_user(argp, &hdr32, sizeof(hdr32))) 588 return -EFAULT; 589 590 return 0; 591 } 592#endif 593 594 if (copy_to_user(argp, hdr, sizeof(*hdr))) 595 return -EFAULT; 596 597 return 0; 598} 599EXPORT_SYMBOL(put_sg_io_hdr); 600 601int get_sg_io_hdr(struct sg_io_hdr *hdr, const void __user *argp) 602{ 603#ifdef CONFIG_COMPAT 604 struct compat_sg_io_hdr hdr32; 605 606 if (in_compat_syscall()) { 607 if (copy_from_user(&hdr32, argp, sizeof(hdr32))) 608 return -EFAULT; 609 610 *hdr = (struct sg_io_hdr) { 611 .interface_id = hdr32.interface_id, 612 .dxfer_direction = hdr32.dxfer_direction, 613 .cmd_len = hdr32.cmd_len, 614 .mx_sb_len = hdr32.mx_sb_len, 615 .iovec_count = hdr32.iovec_count, 616 .dxfer_len = hdr32.dxfer_len, 617 .dxferp = compat_ptr(hdr32.dxferp), 618 .cmdp = compat_ptr(hdr32.cmdp), 619 .sbp = compat_ptr(hdr32.sbp), 620 .timeout = hdr32.timeout, 621 .flags = hdr32.flags, 622 .pack_id = hdr32.pack_id, 623 .usr_ptr = compat_ptr(hdr32.usr_ptr), 624 .status = hdr32.status, 625 .masked_status = hdr32.masked_status, 626 .msg_status = hdr32.msg_status, 627 .sb_len_wr = hdr32.sb_len_wr, 628 .host_status = hdr32.host_status, 629 .driver_status = hdr32.driver_status, 630 .resid = hdr32.resid, 631 .duration = hdr32.duration, 632 .info = hdr32.info, 633 }; 634 635 return 0; 636 } 637#endif 638 639 if (copy_from_user(hdr, argp, sizeof(*hdr))) 640 return -EFAULT; 641 642 return 0; 643} 644EXPORT_SYMBOL(get_sg_io_hdr); 645 646#ifdef CONFIG_COMPAT 647struct compat_cdrom_generic_command { 648 unsigned char cmd[CDROM_PACKET_SIZE]; 649 compat_caddr_t buffer; 650 compat_uint_t buflen; 651 compat_int_t stat; 652 compat_caddr_t sense; 653 unsigned char data_direction; 654 compat_int_t quiet; 655 compat_int_t timeout; 656 compat_caddr_t reserved[1]; 657}; 658#endif 659 660static int scsi_get_cdrom_generic_arg(struct cdrom_generic_command *cgc, 661 const void __user *arg) 662{ 663#ifdef CONFIG_COMPAT 664 if (in_compat_syscall()) { 665 struct compat_cdrom_generic_command cgc32; 666 667 if (copy_from_user(&cgc32, arg, sizeof(cgc32))) 668 return -EFAULT; 669 670 *cgc = (struct cdrom_generic_command) { 671 .buffer = compat_ptr(cgc32.buffer), 672 .buflen = cgc32.buflen, 673 .stat = cgc32.stat, 674 .sense = compat_ptr(cgc32.sense), 675 .data_direction = cgc32.data_direction, 676 .quiet = cgc32.quiet, 677 .timeout = cgc32.timeout, 678 .reserved[0] = compat_ptr(cgc32.reserved[0]), 679 }; 680 memcpy(&cgc->cmd, &cgc32.cmd, CDROM_PACKET_SIZE); 681 return 0; 682 } 683#endif 684 if (copy_from_user(cgc, arg, sizeof(*cgc))) 685 return -EFAULT; 686 687 return 0; 688} 689 690static int scsi_put_cdrom_generic_arg(const struct cdrom_generic_command *cgc, 691 void __user *arg) 692{ 693#ifdef CONFIG_COMPAT 694 if (in_compat_syscall()) { 695 struct compat_cdrom_generic_command cgc32 = { 696 .buffer = (uintptr_t)(cgc->buffer), 697 .buflen = cgc->buflen, 698 .stat = cgc->stat, 699 .sense = (uintptr_t)(cgc->sense), 700 .data_direction = cgc->data_direction, 701 .quiet = cgc->quiet, 702 .timeout = cgc->timeout, 703 .reserved[0] = (uintptr_t)(cgc->reserved[0]), 704 }; 705 memcpy(&cgc32.cmd, &cgc->cmd, CDROM_PACKET_SIZE); 706 707 if (copy_to_user(arg, &cgc32, sizeof(cgc32))) 708 return -EFAULT; 709 710 return 0; 711 } 712#endif 713 if (copy_to_user(arg, cgc, sizeof(*cgc))) 714 return -EFAULT; 715 716 return 0; 717} 718 719static int scsi_cdrom_send_packet(struct request_queue *q, 720 struct gendisk *bd_disk, 721 fmode_t mode, void __user *arg) 722{ 723 struct cdrom_generic_command cgc; 724 struct sg_io_hdr hdr; 725 int err; 726 727 err = scsi_get_cdrom_generic_arg(&cgc, arg); 728 if (err) 729 return err; 730 731 cgc.timeout = clock_t_to_jiffies(cgc.timeout); 732 memset(&hdr, 0, sizeof(hdr)); 733 hdr.interface_id = 'S'; 734 hdr.cmd_len = sizeof(cgc.cmd); 735 hdr.dxfer_len = cgc.buflen; 736 switch (cgc.data_direction) { 737 case CGC_DATA_UNKNOWN: 738 hdr.dxfer_direction = SG_DXFER_UNKNOWN; 739 break; 740 case CGC_DATA_WRITE: 741 hdr.dxfer_direction = SG_DXFER_TO_DEV; 742 break; 743 case CGC_DATA_READ: 744 hdr.dxfer_direction = SG_DXFER_FROM_DEV; 745 break; 746 case CGC_DATA_NONE: 747 hdr.dxfer_direction = SG_DXFER_NONE; 748 break; 749 default: 750 return -EINVAL; 751 } 752 753 hdr.dxferp = cgc.buffer; 754 hdr.sbp = cgc.sense; 755 if (hdr.sbp) 756 hdr.mx_sb_len = sizeof(struct request_sense); 757 hdr.timeout = jiffies_to_msecs(cgc.timeout); 758 hdr.cmdp = ((struct cdrom_generic_command __user*) arg)->cmd; 759 hdr.cmd_len = sizeof(cgc.cmd); 760 761 err = sg_io(q, bd_disk, &hdr, mode); 762 if (err == -EFAULT) 763 return -EFAULT; 764 765 if (hdr.status) 766 return -EIO; 767 768 cgc.stat = err; 769 cgc.buflen = hdr.resid; 770 if (scsi_put_cdrom_generic_arg(&cgc, arg)) 771 return -EFAULT; 772 773 return err; 774} 775 776int scsi_cmd_ioctl(struct request_queue *q, struct gendisk *bd_disk, fmode_t mode, 777 unsigned int cmd, void __user *arg) 778{ 779 int err; 780 781 if (!q) 782 return -ENXIO; 783 784 switch (cmd) { 785 /* 786 * new sgv3 interface 787 */ 788 case SG_GET_VERSION_NUM: 789 err = sg_get_version(arg); 790 break; 791 case SCSI_IOCTL_GET_IDLUN: 792 err = scsi_get_idlun(q, arg); 793 break; 794 case SCSI_IOCTL_GET_BUS_NUMBER: 795 err = scsi_get_bus(q, arg); 796 break; 797 case SG_SET_TIMEOUT: 798 err = sg_set_timeout(q, arg); 799 break; 800 case SG_GET_TIMEOUT: 801 err = sg_get_timeout(q); 802 break; 803 case SG_GET_RESERVED_SIZE: 804 err = sg_get_reserved_size(q, arg); 805 break; 806 case SG_SET_RESERVED_SIZE: 807 err = sg_set_reserved_size(q, arg); 808 break; 809 case SG_EMULATED_HOST: 810 err = sg_emulated_host(q, arg); 811 break; 812 case SG_IO: { 813 struct sg_io_hdr hdr; 814 815 err = get_sg_io_hdr(&hdr, arg); 816 if (err) 817 break; 818 err = sg_io(q, bd_disk, &hdr, mode); 819 if (err == -EFAULT) 820 break; 821 822 if (put_sg_io_hdr(&hdr, arg)) 823 err = -EFAULT; 824 break; 825 } 826 case CDROM_SEND_PACKET: 827 err = scsi_cdrom_send_packet(q, bd_disk, mode, arg); 828 break; 829 830 /* 831 * old junk scsi send command ioctl 832 */ 833 case SCSI_IOCTL_SEND_COMMAND: 834 printk(KERN_WARNING "program %s is using a deprecated SCSI ioctl, please convert it to SG_IO\n", current->comm); 835 err = -EINVAL; 836 if (!arg) 837 break; 838 839 err = sg_scsi_ioctl(q, bd_disk, mode, arg); 840 break; 841 case CDROMCLOSETRAY: 842 err = blk_send_start_stop(q, bd_disk, 0x03); 843 break; 844 case CDROMEJECT: 845 err = blk_send_start_stop(q, bd_disk, 0x02); 846 break; 847 default: 848 err = -ENOTTY; 849 } 850 851 return err; 852} 853EXPORT_SYMBOL(scsi_cmd_ioctl); 854 855int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd) 856{ 857 if (bd && bd == bd->bd_contains) 858 return 0; 859 860 if (capable(CAP_SYS_RAWIO)) 861 return 0; 862 863 return -ENOIOCTLCMD; 864} 865EXPORT_SYMBOL(scsi_verify_blk_ioctl); 866 867int scsi_cmd_blk_ioctl(struct block_device *bd, fmode_t mode, 868 unsigned int cmd, void __user *arg) 869{ 870 int ret; 871 872 ret = scsi_verify_blk_ioctl(bd, cmd); 873 if (ret < 0) 874 return ret; 875 876 return scsi_cmd_ioctl(bd->bd_disk->queue, bd->bd_disk, mode, cmd, arg); 877} 878EXPORT_SYMBOL(scsi_cmd_blk_ioctl); 879 880/** 881 * scsi_req_init - initialize certain fields of a scsi_request structure 882 * @req: Pointer to a scsi_request structure. 883 * Initializes .__cmd[], .cmd, .cmd_len and .sense_len but no other members 884 * of struct scsi_request. 885 */ 886void scsi_req_init(struct scsi_request *req) 887{ 888 memset(req->__cmd, 0, sizeof(req->__cmd)); 889 req->cmd = req->__cmd; 890 req->cmd_len = BLK_MAX_CDB; 891 req->sense_len = 0; 892} 893EXPORT_SYMBOL(scsi_req_init); 894 895static int __init blk_scsi_ioctl_init(void) 896{ 897 blk_set_cmd_filter_defaults(&blk_default_cmd_filter); 898 return 0; 899} 900fs_initcall(blk_scsi_ioctl_init);