projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
scsi: mpt3sas: Add io_uring iopoll support
[linux-2.6-block.git] / drivers / scsi / scsi_ioctl.c
CommitLineData
457c8996 1// SPDX-License-Identifier: GPL-2.0-only
1da177e4
LT		 2/*
3 * Changes:
4 * Arnaldo Carvalho de Melo <acme@conectiva.com.br> 08/23/2000
5 * - get rid of some verify_areas and use __copy*user and __get/put_user
6 * for the ones that remain
7 */
8#include <linux/module.h>
9#include <linux/blkdev.h>
10#include <linux/interrupt.h>
11#include <linux/errno.h>
12#include <linux/kernel.h>
13#include <linux/sched.h>
14#include <linux/mm.h>
15#include <linux/string.h>
7c0f6ba6 16#include <linux/uaccess.h>
f2542a3b 17#include <linux/cdrom.h>
1da177e4
LT		 18
19#include <scsi/scsi.h>
beb40487 20#include <scsi/scsi_cmnd.h>
1da177e4
LT		 21#include <scsi/scsi_device.h>
22#include <scsi/scsi_eh.h>
23#include <scsi/scsi_host.h>
24#include <scsi/scsi_ioctl.h>
1da177e4
LT		 25#include <scsi/sg.h>
26#include <scsi/scsi_dbg.h>
27
28#include "scsi_logging.h"
29
30#define NORMAL_RETRIES 5
31#define IOCTL_NORMAL_TIMEOUT (10 * HZ)
1da177e4
LT		 32
33#define MAX_BUF PAGE_SIZE
34
32993523
CH		 35/**
36 * ioctl_probe -- return host identification
37 * @host: host to identify
38 * @buffer: userspace buffer for identification
39 *
40 * Return an identifying string at @buffer, if @buffer is non-NULL, filling
41 * to the length stored at * (int *) @buffer.
1da177e4 42 */
1da177e4
LT		 43static int ioctl_probe(struct Scsi_Host *host, void __user *buffer)
44{
45 unsigned int len, slen;
46 const char *string;
1da177e4 47
32993523 48 if (buffer) {
1da177e4
LT		 49 if (get_user(len, (unsigned int __user *) buffer))
50 return -EFAULT;
51
52 if (host->hostt->info)
53 string = host->hostt->info(host);
54 else
55 string = host->hostt->name;
56 if (string) {
57 slen = strlen(string);
58 if (len > slen)
59 len = slen + 1;
60 if (copy_to_user(buffer, string, len))
61 return -EFAULT;
62 }
63 }
32993523 64 return 1;
1da177e4
LT		 65}
66
1da177e4
LT		 67static int ioctl_internal_command(struct scsi_device *sdev, char *cmd,
68 int timeout, int retries)
69{
1da177e4
LT		 70 int result;
71 struct scsi_sense_hdr sshdr;
72
e5f73ce3
HR		 73 SCSI_LOG_IOCTL(1, sdev_printk(KERN_INFO, sdev,
74 "Trying ioctl with scsi command %d\n", *cmd));
1da177e4 75
1cf72699 76 result = scsi_execute_req(sdev, cmd, DMA_NONE, NULL, 0,
f4f4e47e 77 &sshdr, timeout, retries, NULL);
1da177e4 78
e5f73ce3
HR		 79 SCSI_LOG_IOCTL(2, sdev_printk(KERN_INFO, sdev,
80 "Ioctl returned 0x%x\n", result));
1da177e4 81
ced202f7
HR		 82 if (result < 0)
83 goto out;
464a00c9 84 if (scsi_sense_valid(&sshdr)) {
1da177e4
LT		 85 switch (sshdr.sense_key) {
86 case ILLEGAL_REQUEST:
87 if (cmd[0] == ALLOW_MEDIUM_REMOVAL)
88 sdev->lockable = 0;
89 else
e5f73ce3
HR		 90 sdev_printk(KERN_INFO, sdev,
91 "ioctl_internal_command: "
92 "ILLEGAL REQUEST "
93 "asc=0x%x ascq=0x%x\n",
94 sshdr.asc, sshdr.ascq);
1da177e4
LT		 95 break;
96 case NOT_READY: /* This happens if there is no disc in drive */
a75ad3c2 97 if (sdev->removable)
1da177e4 98 break;
df561f66 99 fallthrough;
1da177e4
LT		 100 case UNIT_ATTENTION:
101 if (sdev->removable) {
102 sdev->changed = 1;
1cf72699 103 result = 0; /* This is no longer considered an error */
1da177e4
LT		 104 break;
105 }
df561f66 106 fallthrough; /* for non-removable media */
3bf2ff67 107 default:
9ccfc756
JB		 108 sdev_printk(KERN_INFO, sdev,
109 "ioctl_internal_command return code = %x\n",
110 result);
d811b848 111 scsi_print_sense_hdr(sdev, NULL, &sshdr);
1da177e4
LT		 112 break;
113 }
114 }
ced202f7 115out:
e5f73ce3
HR		 116 SCSI_LOG_IOCTL(2, sdev_printk(KERN_INFO, sdev,
117 "IOCTL Releasing command\n"));
1da177e4
LT		 118 return result;
119}
120
121int scsi_set_medium_removal(struct scsi_device *sdev, char state)
122{
123 char scsi_cmd[MAX_COMMAND_SIZE];
124 int ret;
125
126 if (!sdev->removable || !sdev->lockable)
127 return 0;
128
129 scsi_cmd[0] = ALLOW_MEDIUM_REMOVAL;
130 scsi_cmd[1] = 0;
131 scsi_cmd[2] = 0;
132 scsi_cmd[3] = 0;
133 scsi_cmd[4] = state;
134 scsi_cmd[5] = 0;
135
136 ret = ioctl_internal_command(sdev, scsi_cmd,
137 IOCTL_NORMAL_TIMEOUT, NORMAL_RETRIES);
138 if (ret == 0)
139 sdev->locked = (state == SCSI_REMOVAL_PREVENT);
140 return ret;
141}
142EXPORT_SYMBOL(scsi_set_medium_removal);
143
1da177e4
LT		 144/*
145 * The scsi_ioctl_get_pci() function places into arg the value
146 * pci_dev::slot_name (8 characters) for the PCI device (if any).
147 * Returns: 0 on success
148 * -ENXIO if there isn't a PCI device pointer
149 * (could be because the SCSI driver hasn't been
150 * updated yet, or because it isn't a SCSI
151 * device)
152 * any copy_to_user() error on failure there
153 */
154static int scsi_ioctl_get_pci(struct scsi_device *sdev, void __user *arg)
155{
156 struct device *dev = scsi_get_device(sdev->host);
71610f55 157 const char *name;
1da177e4
LT		 158
159 if (!dev)
160 return -ENXIO;
71610f55
KS		 161
162 name = dev_name(dev);
163
164 /* compatibility with old ioctl which only returned
165 * 20 characters */
166 return copy_to_user(arg, name, min(strlen(name), (size_t)20))
167 ? -EFAULT: 0;
1da177e4
LT		 168}
169
f2542a3b
CH		 170static int sg_get_version(int __user *p)
171{
172 static const int sg_version_num = 30527;
173 return put_user(sg_version_num, p);
174}
175
1e61c1a8 176static int sg_set_timeout(struct scsi_device *sdev, int __user *p)
f2542a3b
CH		 177{
178 int timeout, err = get_user(timeout, p);
179
180 if (!err)
1e61c1a8 181 sdev->sg_timeout = clock_t_to_jiffies(timeout);
f2542a3b
CH		 182
183 return err;
184}
185
1e61c1a8 186static int sg_get_reserved_size(struct scsi_device *sdev, int __user *p)
f2542a3b 187{
1e61c1a8
CH		 188 int val = min(sdev->sg_reserved_size,
189 queue_max_bytes(sdev->request_queue));
f2542a3b
CH		 190
191 return put_user(val, p);
192}
193
1e61c1a8 194static int sg_set_reserved_size(struct scsi_device *sdev, int __user *p)
f2542a3b
CH		 195{
196 int size, err = get_user(size, p);
197
198 if (err)
199 return err;
200
201 if (size < 0)
202 return -EINVAL;
203
1e61c1a8
CH		 204 sdev->sg_reserved_size = min_t(unsigned int, size,
205 queue_max_bytes(sdev->request_queue));
f2542a3b
CH		 206 return 0;
207}
208
209/*
210 * will always return that we are ATAPI even for a real SCSI drive, I'm not
211 * so sure this is worth doing anything about (why would you care??)
212 */
213static int sg_emulated_host(struct request_queue *q, int __user *p)
214{
215 return put_user(1, p);
216}
217
2102a5cc
CH		 218static int scsi_get_idlun(struct scsi_device *sdev, void __user *argp)
219{
220 struct scsi_idlun v = {
221 .dev_id = (sdev->id & 0xff) +
222 ((sdev->lun & 0xff) << 8) +
223 ((sdev->channel & 0xff) << 16) +
224 ((sdev->host->host_no & 0xff) << 24),
225 .host_unique_id = sdev->host->unique_id
226 };
227 if (copy_to_user(argp, &v, sizeof(struct scsi_idlun)))
228 return -EFAULT;
229 return 0;
230}
231
51476187 232static int scsi_send_start_stop(struct scsi_device *sdev, int data)
f2542a3b 233{
51476187 234 u8 cdb[MAX_COMMAND_SIZE] = { };
f2542a3b 235
51476187
CH		 236 cdb[0] = START_STOP;
237 cdb[4] = data;
238 return ioctl_internal_command(sdev, cdb, START_STOP_TIMEOUT,
239 NORMAL_RETRIES);
f2542a3b
CH		 240}
241
242/*
243 * Check if the given command is allowed.
244 *
245 * Only a subset of commands are allowed for unprivileged users. Commands used
246 * to format the media, update the firmware, etc. are not permitted.
247 */
248bool scsi_cmd_allowed(unsigned char *cmd, fmode_t mode)
249{
250 /* root can do any command. */
251 if (capable(CAP_SYS_RAWIO))
252 return true;
253
254 /* Anybody who can open the device can do a read-safe command */
255 switch (cmd[0]) {
256 /* Basic read-only commands */
257 case TEST_UNIT_READY:
258 case REQUEST_SENSE:
259 case READ_6:
260 case READ_10:
261 case READ_12:
262 case READ_16:
263 case READ_BUFFER:
264 case READ_DEFECT_DATA:
265 case READ_CAPACITY: /* also GPCMD_READ_CDVD_CAPACITY */
266 case READ_LONG:
267 case INQUIRY:
268 case MODE_SENSE:
269 case MODE_SENSE_10:
270 case LOG_SENSE:
271 case START_STOP:
272 case GPCMD_VERIFY_10:
273 case VERIFY_16:
274 case REPORT_LUNS:
275 case SERVICE_ACTION_IN_16:
276 case RECEIVE_DIAGNOSTIC:
277 case MAINTENANCE_IN: /* also GPCMD_SEND_KEY, which is a write command */
278 case GPCMD_READ_BUFFER_CAPACITY:
279 /* Audio CD commands */
280 case GPCMD_PLAY_CD:
281 case GPCMD_PLAY_AUDIO_10:
282 case GPCMD_PLAY_AUDIO_MSF:
283 case GPCMD_PLAY_AUDIO_TI:
284 case GPCMD_PAUSE_RESUME:
285 /* CD/DVD data reading */
286 case GPCMD_READ_CD:
287 case GPCMD_READ_CD_MSF:
288 case GPCMD_READ_DISC_INFO:
289 case GPCMD_READ_DVD_STRUCTURE:
290 case GPCMD_READ_HEADER:
291 case GPCMD_READ_TRACK_RZONE_INFO:
292 case GPCMD_READ_SUBCHANNEL:
293 case GPCMD_READ_TOC_PMA_ATIP:
294 case GPCMD_REPORT_KEY:
295 case GPCMD_SCAN:
296 case GPCMD_GET_CONFIGURATION:
297 case GPCMD_READ_FORMAT_CAPACITIES:
298 case GPCMD_GET_EVENT_STATUS_NOTIFICATION:
299 case GPCMD_GET_PERFORMANCE:
300 case GPCMD_SEEK:
301 case GPCMD_STOP_PLAY_SCAN:
302 /* ZBC */
303 case ZBC_IN:
304 return true;
305 /* Basic writing commands */
306 case WRITE_6:
307 case WRITE_10:
308 case WRITE_VERIFY:
309 case WRITE_12:
310 case WRITE_VERIFY_12:
311 case WRITE_16:
312 case WRITE_LONG:
313 case WRITE_LONG_2:
314 case WRITE_SAME:
315 case WRITE_SAME_16:
316 case WRITE_SAME_32:
317 case ERASE:
318 case GPCMD_MODE_SELECT_10:
319 case MODE_SELECT:
320 case LOG_SELECT:
321 case GPCMD_BLANK:
322 case GPCMD_CLOSE_TRACK:
323 case GPCMD_FLUSH_CACHE:
324 case GPCMD_FORMAT_UNIT:
325 case GPCMD_REPAIR_RZONE_TRACK:
326 case GPCMD_RESERVE_RZONE_TRACK:
327 case GPCMD_SEND_DVD_STRUCTURE:
328 case GPCMD_SEND_EVENT:
329 case GPCMD_SEND_OPC:
330 case GPCMD_SEND_CUE_SHEET:
331 case GPCMD_SET_SPEED:
332 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
333 case GPCMD_LOAD_UNLOAD:
334 case GPCMD_SET_STREAMING:
335 case GPCMD_SET_READ_AHEAD:
336 /* ZBC */
337 case ZBC_OUT:
338 return (mode & FMODE_WRITE);
339 default:
340 return false;
341 }
342}
343EXPORT_SYMBOL(scsi_cmd_allowed);
344
1e61c1a8 345static int scsi_fill_sghdr_rq(struct scsi_device *sdev, struct request *rq,
f2542a3b
CH		 346 struct sg_io_hdr *hdr, fmode_t mode)
347{
348 struct scsi_request *req = scsi_req(rq);
349
350 if (copy_from_user(req->cmd, hdr->cmdp, hdr->cmd_len))
351 return -EFAULT;
352 if (!scsi_cmd_allowed(req->cmd, mode))
353 return -EPERM;
354
355 /*
356 * fill in request structure
357 */
358 req->cmd_len = hdr->cmd_len;
359
360 rq->timeout = msecs_to_jiffies(hdr->timeout);
361 if (!rq->timeout)
1e61c1a8 362 rq->timeout = sdev->sg_timeout;
f2542a3b
CH		 363 if (!rq->timeout)
364 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
365 if (rq->timeout < BLK_MIN_SG_TIMEOUT)
366 rq->timeout = BLK_MIN_SG_TIMEOUT;
367
368 return 0;
369}
370
371static int scsi_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr,
372 struct bio *bio)
373{
374 struct scsi_request *req = scsi_req(rq);
375 int r, ret = 0;
376
377 /*
378 * fill in all the output members
379 */
380 hdr->status = req->result & 0xff;
381 hdr->masked_status = status_byte(req->result);
382 hdr->msg_status = COMMAND_COMPLETE;
383 hdr->host_status = host_byte(req->result);
384 hdr->driver_status = 0;
385 if (scsi_status_is_check_condition(hdr->status))
386 hdr->driver_status = DRIVER_SENSE;
387 hdr->info = 0;
388 if (hdr->masked_status || hdr->host_status || hdr->driver_status)
389 hdr->info |= SG_INFO_CHECK;
390 hdr->resid = req->resid_len;
391 hdr->sb_len_wr = 0;
392
393 if (req->sense_len && hdr->sbp) {
394 int len = min((unsigned int) hdr->mx_sb_len, req->sense_len);
395
396 if (!copy_to_user(hdr->sbp, req->sense, len))
397 hdr->sb_len_wr = len;
398 else
399 ret = -EFAULT;
400 }
401
402 r = blk_rq_unmap_user(bio);
403 if (!ret)
404 ret = r;
405
406 return ret;
407}
408
1e61c1a8 409static int sg_io(struct scsi_device *sdev, struct gendisk *disk,
f2542a3b
CH		 410 struct sg_io_hdr *hdr, fmode_t mode)
411{
412 unsigned long start_time;
413 ssize_t ret = 0;
414 int writing = 0;
415 int at_head = 0;
416 struct request *rq;
417 struct scsi_request *req;
418 struct bio *bio;
419
420 if (hdr->interface_id != 'S')
421 return -EINVAL;
422
1e61c1a8 423 if (hdr->dxfer_len > (queue_max_hw_sectors(sdev->request_queue) << 9))
f2542a3b
CH		 424 return -EIO;
425
426 if (hdr->dxfer_len)
427 switch (hdr->dxfer_direction) {
428 default:
429 return -EINVAL;
430 case SG_DXFER_TO_DEV:
431 writing = 1;
432 break;
433 case SG_DXFER_TO_FROM_DEV:
434 case SG_DXFER_FROM_DEV:
435 break;
436 }
437 if (hdr->flags & SG_FLAG_Q_AT_HEAD)
438 at_head = 1;
439
440 ret = -ENOMEM;
1e61c1a8
CH		 441 rq = blk_get_request(sdev->request_queue, writing ?
442 REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);
f2542a3b
CH		 443 if (IS_ERR(rq))
444 return PTR_ERR(rq);
445 req = scsi_req(rq);
446
447 if (hdr->cmd_len > BLK_MAX_CDB) {
448 req->cmd = kzalloc(hdr->cmd_len, GFP_KERNEL);
449 if (!req->cmd)
450 goto out_put_request;
451 }
452
1e61c1a8 453 ret = scsi_fill_sghdr_rq(sdev, rq, hdr, mode);
f2542a3b
CH		 454 if (ret < 0)
455 goto out_free_cdb;
456
457 ret = 0;
458 if (hdr->iovec_count) {
459 struct iov_iter i;
460 struct iovec *iov = NULL;
461
462 ret = import_iovec(rq_data_dir(rq), hdr->dxferp,
463 hdr->iovec_count, 0, &iov, &i);
464 if (ret < 0)
465 goto out_free_cdb;
466
467 /* SG_IO howto says that the shorter of the two wins */
468 iov_iter_truncate(&i, hdr->dxfer_len);
469
1e61c1a8 470 ret = blk_rq_map_user_iov(rq->q, rq, NULL, &i, GFP_KERNEL);
f2542a3b
CH		 471 kfree(iov);
472 } else if (hdr->dxfer_len)
1e61c1a8
CH		 473 ret = blk_rq_map_user(rq->q, rq, NULL, hdr->dxferp,
474 hdr->dxfer_len, GFP_KERNEL);
f2542a3b
CH		 475
476 if (ret)
477 goto out_free_cdb;
478
479 bio = rq->bio;
480 req->retries = 0;
481
482 start_time = jiffies;
483
1e61c1a8 484 blk_execute_rq(disk, rq, at_head);
f2542a3b
CH		 485
486 hdr->duration = jiffies_to_msecs(jiffies - start_time);
487
488 ret = scsi_complete_sghdr_rq(rq, hdr, bio);
489
490out_free_cdb:
491 scsi_req_free_cmd(req);
492out_put_request:
493 blk_put_request(rq);
494 return ret;
495}
496
497/**
498 * sg_scsi_ioctl -- handle deprecated SCSI_IOCTL_SEND_COMMAND ioctl
499 * @q: request queue to send scsi commands down
500 * @disk: gendisk to operate on (option)
501 * @mode: mode used to open the file through which the ioctl has been
502 * submitted
503 * @sic: userspace structure describing the command to perform
504 *
505 * Send down the scsi command described by @sic to the device below
506 * the request queue @q. If @file is non-NULL it's used to perform
507 * fine-grained permission checks that allow users to send down
508 * non-destructive SCSI commands. If the caller has a struct gendisk
509 * available it should be passed in as @disk to allow the low level
510 * driver to use the information contained in it. A non-NULL @disk
511 * is only allowed if the caller knows that the low level driver doesn't
512 * need it (e.g. in the scsi subsystem).
513 *
514 * Notes:
515 * - This interface is deprecated - users should use the SG_IO
516 * interface instead, as this is a more flexible approach to
517 * performing SCSI commands on a device.
518 * - The SCSI command length is determined by examining the 1st byte
519 * of the given command. There is no way to override this.
520 * - Data transfers are limited to PAGE_SIZE
521 * - The length (x + y) must be at least OMAX_SB_LEN bytes long to
522 * accommodate the sense buffer when an error occurs.
523 * The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that
524 * old code will not be surprised.
525 * - If a Unix error occurs (e.g. ENOMEM) then the user will receive
526 * a negative return and the Unix error code in 'errno'.
527 * If the SCSI command succeeds then 0 is returned.
528 * Positive numbers returned are the compacted SCSI error codes (4
529 * bytes in one int) where the lowest byte is the SCSI status.
530 */
08dc2f9b
CH		 531static int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk,
532 fmode_t mode, struct scsi_ioctl_command __user *sic)
f2542a3b
CH		 533{
534 enum { OMAX_SB_LEN = 16 }; /* For backward compatibility */
535 struct request *rq;
536 struct scsi_request *req;
537 int err;
538 unsigned int in_len, out_len, bytes, opcode, cmdlen;
539 char *buffer = NULL;
540
541 if (!sic)
542 return -EINVAL;
543
544 /*
545 * get in an out lengths, verify they don't exceed a page worth of data
546 */
547 if (get_user(in_len, &sic->inlen))
548 return -EFAULT;
549 if (get_user(out_len, &sic->outlen))
550 return -EFAULT;
551 if (in_len > PAGE_SIZE || out_len > PAGE_SIZE)
552 return -EINVAL;
553 if (get_user(opcode, sic->data))
554 return -EFAULT;
555
556 bytes = max(in_len, out_len);
557 if (bytes) {
558 buffer = kzalloc(bytes, GFP_NOIO | GFP_USER | __GFP_NOWARN);
559 if (!buffer)
560 return -ENOMEM;
561
562 }
563
564 rq = blk_get_request(q, in_len ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);
565 if (IS_ERR(rq)) {
566 err = PTR_ERR(rq);
567 goto error_free_buffer;
568 }
569 req = scsi_req(rq);
570
571 cmdlen = COMMAND_SIZE(opcode);
572
573 /*
574 * get command and data to send to device, if any
575 */
576 err = -EFAULT;
577 req->cmd_len = cmdlen;
578 if (copy_from_user(req->cmd, sic->data, cmdlen))
579 goto error;
580
581 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
582 goto error;
583
584 err = -EPERM;
585 if (!scsi_cmd_allowed(req->cmd, mode))
586 goto error;
587
588 /* default. possible overridden later */
589 req->retries = 5;
590
591 switch (opcode) {
592 case SEND_DIAGNOSTIC:
593 case FORMAT_UNIT:
594 rq->timeout = FORMAT_UNIT_TIMEOUT;
595 req->retries = 1;
596 break;
597 case START_STOP:
598 rq->timeout = START_STOP_TIMEOUT;
599 break;
600 case MOVE_MEDIUM:
601 rq->timeout = MOVE_MEDIUM_TIMEOUT;
602 break;
603 case READ_ELEMENT_STATUS:
604 rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;
605 break;
606 case READ_DEFECT_DATA:
607 rq->timeout = READ_DEFECT_DATA_TIMEOUT;
608 req->retries = 1;
609 break;
610 default:
611 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
612 break;
613 }
614
615 if (bytes) {
616 err = blk_rq_map_kern(q, rq, buffer, bytes, GFP_NOIO);
617 if (err)
618 goto error;
619 }
620
621 blk_execute_rq(disk, rq, 0);
622
623 err = req->result & 0xff; /* only 8 bit SCSI status */
624 if (err) {
625 if (req->sense_len && req->sense) {
626 bytes = (OMAX_SB_LEN > req->sense_len) ?
627 req->sense_len : OMAX_SB_LEN;
628 if (copy_to_user(sic->data, req->sense, bytes))
629 err = -EFAULT;
630 }
631 } else {
632 if (copy_to_user(sic->data, buffer, out_len))
633 err = -EFAULT;
634 }
635
636error:
637 blk_put_request(rq);
638
639error_free_buffer:
640 kfree(buffer);
641
642 return err;
643}
f2542a3b
CH		 644
645int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp)
646{
647#ifdef CONFIG_COMPAT
648 if (in_compat_syscall()) {
649 struct compat_sg_io_hdr hdr32 = {
650 .interface_id = hdr->interface_id,
651 .dxfer_direction = hdr->dxfer_direction,
652 .cmd_len = hdr->cmd_len,
653 .mx_sb_len = hdr->mx_sb_len,
654 .iovec_count = hdr->iovec_count,
655 .dxfer_len = hdr->dxfer_len,
656 .dxferp = (uintptr_t)hdr->dxferp,
657 .cmdp = (uintptr_t)hdr->cmdp,
658 .sbp = (uintptr_t)hdr->sbp,
659 .timeout = hdr->timeout,
660 .flags = hdr->flags,
661 .pack_id = hdr->pack_id,
662 .usr_ptr = (uintptr_t)hdr->usr_ptr,
663 .status = hdr->status,
664 .masked_status = hdr->masked_status,
665 .msg_status = hdr->msg_status,
666 .sb_len_wr = hdr->sb_len_wr,
667 .host_status = hdr->host_status,
668 .driver_status = hdr->driver_status,
669 .resid = hdr->resid,
670 .duration = hdr->duration,
671 .info = hdr->info,
672 };
673
674 if (copy_to_user(argp, &hdr32, sizeof(hdr32)))
675 return -EFAULT;
676
677 return 0;
678 }
679#endif
680
681 if (copy_to_user(argp, hdr, sizeof(*hdr)))
682 return -EFAULT;
683
684 return 0;
685}
686EXPORT_SYMBOL(put_sg_io_hdr);
687
688int get_sg_io_hdr(struct sg_io_hdr *hdr, const void __user *argp)
689{
690#ifdef CONFIG_COMPAT
691 struct compat_sg_io_hdr hdr32;
692
693 if (in_compat_syscall()) {
694 if (copy_from_user(&hdr32, argp, sizeof(hdr32)))
695 return -EFAULT;
696
697 *hdr = (struct sg_io_hdr) {
698 .interface_id = hdr32.interface_id,
699 .dxfer_direction = hdr32.dxfer_direction,
700 .cmd_len = hdr32.cmd_len,
701 .mx_sb_len = hdr32.mx_sb_len,
702 .iovec_count = hdr32.iovec_count,
703 .dxfer_len = hdr32.dxfer_len,
704 .dxferp = compat_ptr(hdr32.dxferp),
705 .cmdp = compat_ptr(hdr32.cmdp),
706 .sbp = compat_ptr(hdr32.sbp),
707 .timeout = hdr32.timeout,
708 .flags = hdr32.flags,
709 .pack_id = hdr32.pack_id,
710 .usr_ptr = compat_ptr(hdr32.usr_ptr),
711 .status = hdr32.status,
712 .masked_status = hdr32.masked_status,
713 .msg_status = hdr32.msg_status,
714 .sb_len_wr = hdr32.sb_len_wr,
715 .host_status = hdr32.host_status,
716 .driver_status = hdr32.driver_status,
717 .resid = hdr32.resid,
718 .duration = hdr32.duration,
719 .info = hdr32.info,
720 };
721
722 return 0;
723 }
724#endif
725
726 if (copy_from_user(hdr, argp, sizeof(*hdr)))
727 return -EFAULT;
728
729 return 0;
730}
731EXPORT_SYMBOL(get_sg_io_hdr);
732
733#ifdef CONFIG_COMPAT
734struct compat_cdrom_generic_command {
735 unsigned char cmd[CDROM_PACKET_SIZE];
736 compat_caddr_t buffer;
737 compat_uint_t buflen;
738 compat_int_t stat;
739 compat_caddr_t sense;
740 unsigned char data_direction;
741 unsigned char pad[3];
742 compat_int_t quiet;
743 compat_int_t timeout;
744 compat_caddr_t unused;
745};
746#endif
747
748static int scsi_get_cdrom_generic_arg(struct cdrom_generic_command *cgc,
749 const void __user *arg)
750{
751#ifdef CONFIG_COMPAT
752 if (in_compat_syscall()) {
753 struct compat_cdrom_generic_command cgc32;
754
755 if (copy_from_user(&cgc32, arg, sizeof(cgc32)))
756 return -EFAULT;
757
758 *cgc = (struct cdrom_generic_command) {
759 .buffer = compat_ptr(cgc32.buffer),
760 .buflen = cgc32.buflen,
761 .stat = cgc32.stat,
762 .sense = compat_ptr(cgc32.sense),
763 .data_direction = cgc32.data_direction,
764 .quiet = cgc32.quiet,
765 .timeout = cgc32.timeout,
766 .unused = compat_ptr(cgc32.unused),
767 };
768 memcpy(&cgc->cmd, &cgc32.cmd, CDROM_PACKET_SIZE);
769 return 0;
770 }
771#endif
772 if (copy_from_user(cgc, arg, sizeof(*cgc)))
773 return -EFAULT;
774
775 return 0;
776}
777
778static int scsi_put_cdrom_generic_arg(const struct cdrom_generic_command *cgc,
779 void __user *arg)
780{
781#ifdef CONFIG_COMPAT
782 if (in_compat_syscall()) {
783 struct compat_cdrom_generic_command cgc32 = {
784 .buffer = (uintptr_t)(cgc->buffer),
785 .buflen = cgc->buflen,
786 .stat = cgc->stat,
787 .sense = (uintptr_t)(cgc->sense),
788 .data_direction = cgc->data_direction,
789 .quiet = cgc->quiet,
790 .timeout = cgc->timeout,
791 .unused = (uintptr_t)(cgc->unused),
792 };
793 memcpy(&cgc32.cmd, &cgc->cmd, CDROM_PACKET_SIZE);
794
795 if (copy_to_user(arg, &cgc32, sizeof(cgc32)))
796 return -EFAULT;
797
798 return 0;
799 }
800#endif
801 if (copy_to_user(arg, cgc, sizeof(*cgc)))
802 return -EFAULT;
803
804 return 0;
805}
806
1e61c1a8
CH		 807static int scsi_cdrom_send_packet(struct scsi_device *sdev, struct gendisk *disk,
808 fmode_t mode, void __user *arg)
f2542a3b
CH		 809{
810 struct cdrom_generic_command cgc;
811 struct sg_io_hdr hdr;
812 int err;
813
814 err = scsi_get_cdrom_generic_arg(&cgc, arg);
815 if (err)
816 return err;
817
818 cgc.timeout = clock_t_to_jiffies(cgc.timeout);
819 memset(&hdr, 0, sizeof(hdr));
820 hdr.interface_id = 'S';
821 hdr.cmd_len = sizeof(cgc.cmd);
822 hdr.dxfer_len = cgc.buflen;
823 switch (cgc.data_direction) {
824 case CGC_DATA_UNKNOWN:
825 hdr.dxfer_direction = SG_DXFER_UNKNOWN;
826 break;
827 case CGC_DATA_WRITE:
828 hdr.dxfer_direction = SG_DXFER_TO_DEV;
829 break;
830 case CGC_DATA_READ:
831 hdr.dxfer_direction = SG_DXFER_FROM_DEV;
832 break;
833 case CGC_DATA_NONE:
834 hdr.dxfer_direction = SG_DXFER_NONE;
835 break;
836 default:
837 return -EINVAL;
838 }
839
840 hdr.dxferp = cgc.buffer;
841 hdr.sbp = cgc.sense;
842 if (hdr.sbp)
843 hdr.mx_sb_len = sizeof(struct request_sense);
844 hdr.timeout = jiffies_to_msecs(cgc.timeout);
845 hdr.cmdp = ((struct cdrom_generic_command __user *) arg)->cmd;
846 hdr.cmd_len = sizeof(cgc.cmd);
847
1e61c1a8 848 err = sg_io(sdev, disk, &hdr, mode);
f2542a3b
CH		 849 if (err == -EFAULT)
850 return -EFAULT;
851
852 if (hdr.status)
853 return -EIO;
854
855 cgc.stat = err;
856 cgc.buflen = hdr.resid;
857 if (scsi_put_cdrom_generic_arg(&cgc, arg))
858 return -EFAULT;
859
860 return err;
861}
862
1e61c1a8 863static int scsi_ioctl_sg_io(struct scsi_device *sdev, struct gendisk *disk,
b2123d3b
CH		 864 fmode_t mode, void __user *argp)
865{
866 struct sg_io_hdr hdr;
867 int error;
868
869 error = get_sg_io_hdr(&hdr, argp);
870 if (error)
871 return error;
1e61c1a8 872 error = sg_io(sdev, disk, &hdr, mode);
b2123d3b
CH		 873 if (error == -EFAULT)
874 return error;
875 if (put_sg_io_hdr(&hdr, argp))
876 return -EFAULT;
877 return 0;
878}
879
6fade450
CH		 880/**
881 * scsi_ioctl - Dispatch ioctl to scsi device
882 * @sdev: scsi device receiving ioctl
2e27f576
CH		 883 * @disk: disk receiving the ioctl
884 * @mode: mode the block/char device is opened with
6fade450
CH		 885 * @cmd: which ioctl is it
886 * @arg: data associated with ioctl
887 *
888 * Description: The scsi_ioctl() function differs from most ioctls in that it
889 * does not take a major/minor number as the dev field. Rather, it takes
890 * a pointer to a &struct scsi_device.
891 */
2e27f576
CH		 892int scsi_ioctl(struct scsi_device *sdev, struct gendisk *disk, fmode_t mode,
893 int cmd, void __user *arg)
1da177e4 894{
2e27f576 895 struct request_queue *q = sdev->request_queue;
74a78ebd 896 struct scsi_sense_hdr sense_hdr;
1da177e4 897
1da177e4
LT		 898 /* Check for deprecated ioctls ... all the ioctls which don't
899 * follow the new unique numbering scheme are deprecated */
900 switch (cmd) {
901 case SCSI_IOCTL_SEND_COMMAND:
902 case SCSI_IOCTL_TEST_UNIT_READY:
903 case SCSI_IOCTL_BENCHMARK_COMMAND:
904 case SCSI_IOCTL_SYNC:
905 case SCSI_IOCTL_START_UNIT:
906 case SCSI_IOCTL_STOP_UNIT:
907 printk(KERN_WARNING "program %s is using a deprecated SCSI "
908 "ioctl, please convert it to SG_IO\n", current->comm);
909 break;
910 default:
911 break;
912 }
913
f2542a3b
CH		 914 switch (cmd) {
915 case SG_GET_VERSION_NUM:
916 return sg_get_version(arg);
917 case SG_SET_TIMEOUT:
1e61c1a8 918 return sg_set_timeout(sdev, arg);
f2542a3b 919 case SG_GET_TIMEOUT:
1e61c1a8 920 return jiffies_to_clock_t(sdev->sg_timeout);
f2542a3b 921 case SG_GET_RESERVED_SIZE:
1e61c1a8 922 return sg_get_reserved_size(sdev, arg);
f2542a3b 923 case SG_SET_RESERVED_SIZE:
1e61c1a8 924 return sg_set_reserved_size(sdev, arg);
f2542a3b
CH		 925 case SG_EMULATED_HOST:
926 return sg_emulated_host(q, arg);
b2123d3b 927 case SG_IO:
1e61c1a8 928 return scsi_ioctl_sg_io(sdev, disk, mode, arg);
f2542a3b
CH		 929 case SCSI_IOCTL_SEND_COMMAND:
930 return sg_scsi_ioctl(q, disk, mode, arg);
931 case CDROM_SEND_PACKET:
1e61c1a8 932 return scsi_cdrom_send_packet(sdev, disk, mode, arg);
f2542a3b 933 case CDROMCLOSETRAY:
51476187 934 return scsi_send_start_stop(sdev, 3);
f2542a3b 935 case CDROMEJECT:
51476187 936 return scsi_send_start_stop(sdev, 2);
2102a5cc
CH		 937 case SCSI_IOCTL_GET_IDLUN:
938 return scsi_get_idlun(sdev, arg);
1da177e4
LT		 939 case SCSI_IOCTL_GET_BUS_NUMBER:
940 return put_user(sdev->host->host_no, (int __user *)arg);
941 case SCSI_IOCTL_PROBE_HOST:
942 return ioctl_probe(sdev->host, arg);
1da177e4
LT		 943 case SCSI_IOCTL_DOORLOCK:
944 return scsi_set_medium_removal(sdev, SCSI_REMOVAL_PREVENT);
945 case SCSI_IOCTL_DOORUNLOCK:
946 return scsi_set_medium_removal(sdev, SCSI_REMOVAL_ALLOW);
947 case SCSI_IOCTL_TEST_UNIT_READY:
948 return scsi_test_unit_ready(sdev, IOCTL_NORMAL_TIMEOUT,
74a78ebd 949 NORMAL_RETRIES, &sense_hdr);
1da177e4 950 case SCSI_IOCTL_START_UNIT:
51476187 951 return scsi_send_start_stop(sdev, 1);
1da177e4 952 case SCSI_IOCTL_STOP_UNIT:
51476187 953 return scsi_send_start_stop(sdev, 0);
1da177e4
LT		 954 case SCSI_IOCTL_GET_PCI:
955 return scsi_ioctl_get_pci(sdev, arg);
906d15fb
CH		 956 case SG_SCSI_RESET:
957 return scsi_ioctl_reset(sdev, arg);
1da177e4 958 }
1da177e4 959
7eafd137 960#ifdef CONFIG_COMPAT
6fade450
CH		 961 if (in_compat_syscall()) {
962 if (!sdev->host->hostt->compat_ioctl)
963 return -EINVAL;
7eafd137 964 return sdev->host->hostt->compat_ioctl(sdev, cmd, arg);
6fade450 965 }
7eafd137 966#endif
6fade450
CH		 967 if (!sdev->host->hostt->ioctl)
968 return -EINVAL;
969 return sdev->host->hostt->ioctl(sdev, cmd, arg);
970}
971EXPORT_SYMBOL(scsi_ioctl);
7eafd137 972
906d15fb
CH		 973/*
974 * We can process a reset even when a device isn't fully operable.
1da177e4 975 */
906d15fb
CH		 976int scsi_ioctl_block_when_processing_errors(struct scsi_device *sdev, int cmd,
977 bool ndelay)
1da177e4 978{
906d15fb 979 if (cmd == SG_SCSI_RESET && ndelay) {
939647ee 980 if (scsi_host_in_recovery(sdev->host))
e9afccc5 981 return -EAGAIN;
906d15fb
CH		 982 } else {
983 if (!scsi_block_when_processing_errors(sdev))
984 return -ENODEV;
1da177e4 985 }
906d15fb
CH		 986
987 return 0;
1da177e4 988}
906d15fb 989EXPORT_SYMBOL_GPL(scsi_ioctl_block_when_processing_errors);
Linux 6.x block layer and io_uring tree(s)