Commit | Line | Data |
---|---|---|
457c8996 | 1 | // SPDX-License-Identifier: GPL-2.0-only |
1da177e4 LT |
2 | /* |
3 | * Changes: | |
4 | * Arnaldo Carvalho de Melo <acme@conectiva.com.br> 08/23/2000 | |
5 | * - get rid of some verify_areas and use __copy*user and __get/put_user | |
6 | * for the ones that remain | |
7 | */ | |
8 | #include <linux/module.h> | |
9 | #include <linux/blkdev.h> | |
10 | #include <linux/interrupt.h> | |
11 | #include <linux/errno.h> | |
12 | #include <linux/kernel.h> | |
13 | #include <linux/sched.h> | |
14 | #include <linux/mm.h> | |
15 | #include <linux/string.h> | |
7c0f6ba6 | 16 | #include <linux/uaccess.h> |
f2542a3b | 17 | #include <linux/cdrom.h> |
1da177e4 LT |
18 | |
19 | #include <scsi/scsi.h> | |
beb40487 | 20 | #include <scsi/scsi_cmnd.h> |
1da177e4 LT |
21 | #include <scsi/scsi_device.h> |
22 | #include <scsi/scsi_eh.h> | |
23 | #include <scsi/scsi_host.h> | |
24 | #include <scsi/scsi_ioctl.h> | |
1da177e4 LT |
25 | #include <scsi/sg.h> |
26 | #include <scsi/scsi_dbg.h> | |
27 | ||
28 | #include "scsi_logging.h" | |
29 | ||
30 | #define NORMAL_RETRIES 5 | |
31 | #define IOCTL_NORMAL_TIMEOUT (10 * HZ) | |
1da177e4 LT |
32 | |
33 | #define MAX_BUF PAGE_SIZE | |
34 | ||
32993523 CH |
35 | /** |
36 | * ioctl_probe -- return host identification | |
37 | * @host: host to identify | |
38 | * @buffer: userspace buffer for identification | |
39 | * | |
40 | * Return an identifying string at @buffer, if @buffer is non-NULL, filling | |
41 | * to the length stored at * (int *) @buffer. | |
1da177e4 | 42 | */ |
1da177e4 LT |
43 | static int ioctl_probe(struct Scsi_Host *host, void __user *buffer) |
44 | { | |
45 | unsigned int len, slen; | |
46 | const char *string; | |
1da177e4 | 47 | |
32993523 | 48 | if (buffer) { |
1da177e4 LT |
49 | if (get_user(len, (unsigned int __user *) buffer)) |
50 | return -EFAULT; | |
51 | ||
52 | if (host->hostt->info) | |
53 | string = host->hostt->info(host); | |
54 | else | |
55 | string = host->hostt->name; | |
56 | if (string) { | |
57 | slen = strlen(string); | |
58 | if (len > slen) | |
59 | len = slen + 1; | |
60 | if (copy_to_user(buffer, string, len)) | |
61 | return -EFAULT; | |
62 | } | |
63 | } | |
32993523 | 64 | return 1; |
1da177e4 LT |
65 | } |
66 | ||
1da177e4 LT |
67 | static int ioctl_internal_command(struct scsi_device *sdev, char *cmd, |
68 | int timeout, int retries) | |
69 | { | |
1da177e4 LT |
70 | int result; |
71 | struct scsi_sense_hdr sshdr; | |
7dfe0b5e MC |
72 | const struct scsi_exec_args exec_args = { |
73 | .sshdr = &sshdr, | |
74 | }; | |
1da177e4 | 75 | |
e5f73ce3 HR |
76 | SCSI_LOG_IOCTL(1, sdev_printk(KERN_INFO, sdev, |
77 | "Trying ioctl with scsi command %d\n", *cmd)); | |
1da177e4 | 78 | |
7dfe0b5e MC |
79 | result = scsi_execute_cmd(sdev, cmd, REQ_OP_DRV_IN, NULL, 0, timeout, |
80 | retries, &exec_args); | |
1da177e4 | 81 | |
e5f73ce3 HR |
82 | SCSI_LOG_IOCTL(2, sdev_printk(KERN_INFO, sdev, |
83 | "Ioctl returned 0x%x\n", result)); | |
1da177e4 | 84 | |
ced202f7 HR |
85 | if (result < 0) |
86 | goto out; | |
464a00c9 | 87 | if (scsi_sense_valid(&sshdr)) { |
1da177e4 LT |
88 | switch (sshdr.sense_key) { |
89 | case ILLEGAL_REQUEST: | |
90 | if (cmd[0] == ALLOW_MEDIUM_REMOVAL) | |
91 | sdev->lockable = 0; | |
92 | else | |
e5f73ce3 HR |
93 | sdev_printk(KERN_INFO, sdev, |
94 | "ioctl_internal_command: " | |
95 | "ILLEGAL REQUEST " | |
96 | "asc=0x%x ascq=0x%x\n", | |
97 | sshdr.asc, sshdr.ascq); | |
1da177e4 LT |
98 | break; |
99 | case NOT_READY: /* This happens if there is no disc in drive */ | |
a75ad3c2 | 100 | if (sdev->removable) |
1da177e4 | 101 | break; |
df561f66 | 102 | fallthrough; |
1da177e4 LT |
103 | case UNIT_ATTENTION: |
104 | if (sdev->removable) { | |
105 | sdev->changed = 1; | |
1cf72699 | 106 | result = 0; /* This is no longer considered an error */ |
1da177e4 LT |
107 | break; |
108 | } | |
df561f66 | 109 | fallthrough; /* for non-removable media */ |
3bf2ff67 | 110 | default: |
9ccfc756 JB |
111 | sdev_printk(KERN_INFO, sdev, |
112 | "ioctl_internal_command return code = %x\n", | |
113 | result); | |
d811b848 | 114 | scsi_print_sense_hdr(sdev, NULL, &sshdr); |
1da177e4 LT |
115 | break; |
116 | } | |
117 | } | |
ced202f7 | 118 | out: |
e5f73ce3 HR |
119 | SCSI_LOG_IOCTL(2, sdev_printk(KERN_INFO, sdev, |
120 | "IOCTL Releasing command\n")); | |
1da177e4 LT |
121 | return result; |
122 | } | |
123 | ||
124 | int scsi_set_medium_removal(struct scsi_device *sdev, char state) | |
125 | { | |
126 | char scsi_cmd[MAX_COMMAND_SIZE]; | |
127 | int ret; | |
128 | ||
129 | if (!sdev->removable || !sdev->lockable) | |
130 | return 0; | |
131 | ||
132 | scsi_cmd[0] = ALLOW_MEDIUM_REMOVAL; | |
133 | scsi_cmd[1] = 0; | |
134 | scsi_cmd[2] = 0; | |
135 | scsi_cmd[3] = 0; | |
136 | scsi_cmd[4] = state; | |
137 | scsi_cmd[5] = 0; | |
138 | ||
139 | ret = ioctl_internal_command(sdev, scsi_cmd, | |
140 | IOCTL_NORMAL_TIMEOUT, NORMAL_RETRIES); | |
141 | if (ret == 0) | |
142 | sdev->locked = (state == SCSI_REMOVAL_PREVENT); | |
143 | return ret; | |
144 | } | |
145 | EXPORT_SYMBOL(scsi_set_medium_removal); | |
146 | ||
1da177e4 LT |
147 | /* |
148 | * The scsi_ioctl_get_pci() function places into arg the value | |
149 | * pci_dev::slot_name (8 characters) for the PCI device (if any). | |
150 | * Returns: 0 on success | |
151 | * -ENXIO if there isn't a PCI device pointer | |
152 | * (could be because the SCSI driver hasn't been | |
153 | * updated yet, or because it isn't a SCSI | |
154 | * device) | |
155 | * any copy_to_user() error on failure there | |
156 | */ | |
157 | static int scsi_ioctl_get_pci(struct scsi_device *sdev, void __user *arg) | |
158 | { | |
159 | struct device *dev = scsi_get_device(sdev->host); | |
71610f55 | 160 | const char *name; |
1da177e4 LT |
161 | |
162 | if (!dev) | |
163 | return -ENXIO; | |
71610f55 KS |
164 | |
165 | name = dev_name(dev); | |
166 | ||
167 | /* compatibility with old ioctl which only returned | |
168 | * 20 characters */ | |
169 | return copy_to_user(arg, name, min(strlen(name), (size_t)20)) | |
170 | ? -EFAULT: 0; | |
1da177e4 LT |
171 | } |
172 | ||
f2542a3b CH |
173 | static int sg_get_version(int __user *p) |
174 | { | |
175 | static const int sg_version_num = 30527; | |
176 | return put_user(sg_version_num, p); | |
177 | } | |
178 | ||
1e61c1a8 | 179 | static int sg_set_timeout(struct scsi_device *sdev, int __user *p) |
f2542a3b CH |
180 | { |
181 | int timeout, err = get_user(timeout, p); | |
182 | ||
183 | if (!err) | |
1e61c1a8 | 184 | sdev->sg_timeout = clock_t_to_jiffies(timeout); |
f2542a3b CH |
185 | |
186 | return err; | |
187 | } | |
188 | ||
1e61c1a8 | 189 | static int sg_get_reserved_size(struct scsi_device *sdev, int __user *p) |
f2542a3b | 190 | { |
1e61c1a8 CH |
191 | int val = min(sdev->sg_reserved_size, |
192 | queue_max_bytes(sdev->request_queue)); | |
f2542a3b CH |
193 | |
194 | return put_user(val, p); | |
195 | } | |
196 | ||
1e61c1a8 | 197 | static int sg_set_reserved_size(struct scsi_device *sdev, int __user *p) |
f2542a3b CH |
198 | { |
199 | int size, err = get_user(size, p); | |
200 | ||
201 | if (err) | |
202 | return err; | |
203 | ||
204 | if (size < 0) | |
205 | return -EINVAL; | |
206 | ||
1e61c1a8 CH |
207 | sdev->sg_reserved_size = min_t(unsigned int, size, |
208 | queue_max_bytes(sdev->request_queue)); | |
f2542a3b CH |
209 | return 0; |
210 | } | |
211 | ||
212 | /* | |
213 | * will always return that we are ATAPI even for a real SCSI drive, I'm not | |
214 | * so sure this is worth doing anything about (why would you care??) | |
215 | */ | |
216 | static int sg_emulated_host(struct request_queue *q, int __user *p) | |
217 | { | |
218 | return put_user(1, p); | |
219 | } | |
220 | ||
2102a5cc CH |
221 | static int scsi_get_idlun(struct scsi_device *sdev, void __user *argp) |
222 | { | |
223 | struct scsi_idlun v = { | |
224 | .dev_id = (sdev->id & 0xff) + | |
225 | ((sdev->lun & 0xff) << 8) + | |
226 | ((sdev->channel & 0xff) << 16) + | |
227 | ((sdev->host->host_no & 0xff) << 24), | |
228 | .host_unique_id = sdev->host->unique_id | |
229 | }; | |
230 | if (copy_to_user(argp, &v, sizeof(struct scsi_idlun))) | |
231 | return -EFAULT; | |
232 | return 0; | |
233 | } | |
234 | ||
51476187 | 235 | static int scsi_send_start_stop(struct scsi_device *sdev, int data) |
f2542a3b | 236 | { |
51476187 | 237 | u8 cdb[MAX_COMMAND_SIZE] = { }; |
f2542a3b | 238 | |
51476187 CH |
239 | cdb[0] = START_STOP; |
240 | cdb[4] = data; | |
241 | return ioctl_internal_command(sdev, cdb, START_STOP_TIMEOUT, | |
242 | NORMAL_RETRIES); | |
f2542a3b CH |
243 | } |
244 | ||
245 | /* | |
246 | * Check if the given command is allowed. | |
247 | * | |
248 | * Only a subset of commands are allowed for unprivileged users. Commands used | |
249 | * to format the media, update the firmware, etc. are not permitted. | |
250 | */ | |
251 | bool scsi_cmd_allowed(unsigned char *cmd, fmode_t mode) | |
252 | { | |
253 | /* root can do any command. */ | |
254 | if (capable(CAP_SYS_RAWIO)) | |
255 | return true; | |
256 | ||
257 | /* Anybody who can open the device can do a read-safe command */ | |
258 | switch (cmd[0]) { | |
259 | /* Basic read-only commands */ | |
260 | case TEST_UNIT_READY: | |
261 | case REQUEST_SENSE: | |
262 | case READ_6: | |
263 | case READ_10: | |
264 | case READ_12: | |
265 | case READ_16: | |
266 | case READ_BUFFER: | |
267 | case READ_DEFECT_DATA: | |
268 | case READ_CAPACITY: /* also GPCMD_READ_CDVD_CAPACITY */ | |
269 | case READ_LONG: | |
270 | case INQUIRY: | |
271 | case MODE_SENSE: | |
272 | case MODE_SENSE_10: | |
273 | case LOG_SENSE: | |
274 | case START_STOP: | |
275 | case GPCMD_VERIFY_10: | |
276 | case VERIFY_16: | |
277 | case REPORT_LUNS: | |
278 | case SERVICE_ACTION_IN_16: | |
279 | case RECEIVE_DIAGNOSTIC: | |
280 | case MAINTENANCE_IN: /* also GPCMD_SEND_KEY, which is a write command */ | |
281 | case GPCMD_READ_BUFFER_CAPACITY: | |
282 | /* Audio CD commands */ | |
283 | case GPCMD_PLAY_CD: | |
284 | case GPCMD_PLAY_AUDIO_10: | |
285 | case GPCMD_PLAY_AUDIO_MSF: | |
286 | case GPCMD_PLAY_AUDIO_TI: | |
287 | case GPCMD_PAUSE_RESUME: | |
288 | /* CD/DVD data reading */ | |
289 | case GPCMD_READ_CD: | |
290 | case GPCMD_READ_CD_MSF: | |
291 | case GPCMD_READ_DISC_INFO: | |
292 | case GPCMD_READ_DVD_STRUCTURE: | |
293 | case GPCMD_READ_HEADER: | |
294 | case GPCMD_READ_TRACK_RZONE_INFO: | |
295 | case GPCMD_READ_SUBCHANNEL: | |
296 | case GPCMD_READ_TOC_PMA_ATIP: | |
297 | case GPCMD_REPORT_KEY: | |
298 | case GPCMD_SCAN: | |
299 | case GPCMD_GET_CONFIGURATION: | |
300 | case GPCMD_READ_FORMAT_CAPACITIES: | |
301 | case GPCMD_GET_EVENT_STATUS_NOTIFICATION: | |
302 | case GPCMD_GET_PERFORMANCE: | |
303 | case GPCMD_SEEK: | |
304 | case GPCMD_STOP_PLAY_SCAN: | |
305 | /* ZBC */ | |
306 | case ZBC_IN: | |
307 | return true; | |
308 | /* Basic writing commands */ | |
309 | case WRITE_6: | |
310 | case WRITE_10: | |
311 | case WRITE_VERIFY: | |
312 | case WRITE_12: | |
313 | case WRITE_VERIFY_12: | |
314 | case WRITE_16: | |
315 | case WRITE_LONG: | |
316 | case WRITE_LONG_2: | |
317 | case WRITE_SAME: | |
318 | case WRITE_SAME_16: | |
319 | case WRITE_SAME_32: | |
320 | case ERASE: | |
321 | case GPCMD_MODE_SELECT_10: | |
322 | case MODE_SELECT: | |
323 | case LOG_SELECT: | |
324 | case GPCMD_BLANK: | |
325 | case GPCMD_CLOSE_TRACK: | |
326 | case GPCMD_FLUSH_CACHE: | |
327 | case GPCMD_FORMAT_UNIT: | |
328 | case GPCMD_REPAIR_RZONE_TRACK: | |
329 | case GPCMD_RESERVE_RZONE_TRACK: | |
330 | case GPCMD_SEND_DVD_STRUCTURE: | |
331 | case GPCMD_SEND_EVENT: | |
332 | case GPCMD_SEND_OPC: | |
333 | case GPCMD_SEND_CUE_SHEET: | |
334 | case GPCMD_SET_SPEED: | |
335 | case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL: | |
336 | case GPCMD_LOAD_UNLOAD: | |
337 | case GPCMD_SET_STREAMING: | |
338 | case GPCMD_SET_READ_AHEAD: | |
339 | /* ZBC */ | |
340 | case ZBC_OUT: | |
341 | return (mode & FMODE_WRITE); | |
342 | default: | |
343 | return false; | |
344 | } | |
345 | } | |
346 | EXPORT_SYMBOL(scsi_cmd_allowed); | |
347 | ||
1e61c1a8 | 348 | static int scsi_fill_sghdr_rq(struct scsi_device *sdev, struct request *rq, |
f2542a3b CH |
349 | struct sg_io_hdr *hdr, fmode_t mode) |
350 | { | |
ce70fd9a | 351 | struct scsi_cmnd *scmd = blk_mq_rq_to_pdu(rq); |
f2542a3b | 352 | |
20aaef52 TS |
353 | if (hdr->cmd_len < 6) |
354 | return -EMSGSIZE; | |
ce70fd9a | 355 | if (copy_from_user(scmd->cmnd, hdr->cmdp, hdr->cmd_len)) |
f2542a3b | 356 | return -EFAULT; |
ce70fd9a | 357 | if (!scsi_cmd_allowed(scmd->cmnd, mode)) |
f2542a3b | 358 | return -EPERM; |
ce70fd9a | 359 | scmd->cmd_len = hdr->cmd_len; |
f2542a3b CH |
360 | |
361 | rq->timeout = msecs_to_jiffies(hdr->timeout); | |
362 | if (!rq->timeout) | |
1e61c1a8 | 363 | rq->timeout = sdev->sg_timeout; |
f2542a3b CH |
364 | if (!rq->timeout) |
365 | rq->timeout = BLK_DEFAULT_SG_TIMEOUT; | |
366 | if (rq->timeout < BLK_MIN_SG_TIMEOUT) | |
367 | rq->timeout = BLK_MIN_SG_TIMEOUT; | |
368 | ||
369 | return 0; | |
370 | } | |
371 | ||
372 | static int scsi_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr, | |
373 | struct bio *bio) | |
374 | { | |
5b794f98 | 375 | struct scsi_cmnd *scmd = blk_mq_rq_to_pdu(rq); |
f2542a3b CH |
376 | int r, ret = 0; |
377 | ||
378 | /* | |
379 | * fill in all the output members | |
380 | */ | |
dbb4c84d | 381 | hdr->status = scmd->result & 0xff; |
c9293c11 | 382 | hdr->masked_status = sg_status_byte(scmd->result); |
f2542a3b | 383 | hdr->msg_status = COMMAND_COMPLETE; |
dbb4c84d | 384 | hdr->host_status = host_byte(scmd->result); |
f2542a3b CH |
385 | hdr->driver_status = 0; |
386 | if (scsi_status_is_check_condition(hdr->status)) | |
387 | hdr->driver_status = DRIVER_SENSE; | |
388 | hdr->info = 0; | |
389 | if (hdr->masked_status || hdr->host_status || hdr->driver_status) | |
390 | hdr->info |= SG_INFO_CHECK; | |
a9a4ea11 | 391 | hdr->resid = scmd->resid_len; |
f2542a3b CH |
392 | hdr->sb_len_wr = 0; |
393 | ||
5b794f98 CH |
394 | if (scmd->sense_len && hdr->sbp) { |
395 | int len = min((unsigned int) hdr->mx_sb_len, scmd->sense_len); | |
f2542a3b | 396 | |
5b794f98 | 397 | if (!copy_to_user(hdr->sbp, scmd->sense_buffer, len)) |
f2542a3b CH |
398 | hdr->sb_len_wr = len; |
399 | else | |
400 | ret = -EFAULT; | |
401 | } | |
402 | ||
403 | r = blk_rq_unmap_user(bio); | |
404 | if (!ret) | |
405 | ret = r; | |
406 | ||
407 | return ret; | |
408 | } | |
409 | ||
a30e3441 | 410 | static int sg_io(struct scsi_device *sdev, struct sg_io_hdr *hdr, fmode_t mode) |
f2542a3b CH |
411 | { |
412 | unsigned long start_time; | |
413 | ssize_t ret = 0; | |
414 | int writing = 0; | |
415 | int at_head = 0; | |
416 | struct request *rq; | |
ce70fd9a | 417 | struct scsi_cmnd *scmd; |
f2542a3b CH |
418 | struct bio *bio; |
419 | ||
420 | if (hdr->interface_id != 'S') | |
421 | return -EINVAL; | |
422 | ||
1e61c1a8 | 423 | if (hdr->dxfer_len > (queue_max_hw_sectors(sdev->request_queue) << 9)) |
f2542a3b CH |
424 | return -EIO; |
425 | ||
426 | if (hdr->dxfer_len) | |
427 | switch (hdr->dxfer_direction) { | |
428 | default: | |
429 | return -EINVAL; | |
430 | case SG_DXFER_TO_DEV: | |
431 | writing = 1; | |
432 | break; | |
433 | case SG_DXFER_TO_FROM_DEV: | |
434 | case SG_DXFER_FROM_DEV: | |
435 | break; | |
436 | } | |
437 | if (hdr->flags & SG_FLAG_Q_AT_HEAD) | |
438 | at_head = 1; | |
439 | ||
68ec3b81 | 440 | rq = scsi_alloc_request(sdev->request_queue, writing ? |
1e61c1a8 | 441 | REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0); |
f2542a3b CH |
442 | if (IS_ERR(rq)) |
443 | return PTR_ERR(rq); | |
ce70fd9a | 444 | scmd = blk_mq_rq_to_pdu(rq); |
f2542a3b | 445 | |
ce70fd9a CH |
446 | if (hdr->cmd_len > sizeof(scmd->cmnd)) { |
447 | ret = -EINVAL; | |
448 | goto out_put_request; | |
f2542a3b CH |
449 | } |
450 | ||
1e61c1a8 | 451 | ret = scsi_fill_sghdr_rq(sdev, rq, hdr, mode); |
f2542a3b | 452 | if (ret < 0) |
ce70fd9a | 453 | goto out_put_request; |
f2542a3b | 454 | |
6732932c AG |
455 | ret = blk_rq_map_user_io(rq, NULL, hdr->dxferp, hdr->dxfer_len, |
456 | GFP_KERNEL, hdr->iovec_count && hdr->dxfer_len, | |
457 | hdr->iovec_count, 0, rq_data_dir(rq)); | |
f2542a3b | 458 | if (ret) |
ce70fd9a | 459 | goto out_put_request; |
f2542a3b CH |
460 | |
461 | bio = rq->bio; | |
6aded12b | 462 | scmd->allowed = 0; |
f2542a3b CH |
463 | |
464 | start_time = jiffies; | |
465 | ||
b84ba30b | 466 | blk_execute_rq(rq, at_head); |
f2542a3b CH |
467 | |
468 | hdr->duration = jiffies_to_msecs(jiffies - start_time); | |
469 | ||
470 | ret = scsi_complete_sghdr_rq(rq, hdr, bio); | |
471 | ||
f2542a3b | 472 | out_put_request: |
0bf6d96c | 473 | blk_mq_free_request(rq); |
f2542a3b CH |
474 | return ret; |
475 | } | |
476 | ||
477 | /** | |
478 | * sg_scsi_ioctl -- handle deprecated SCSI_IOCTL_SEND_COMMAND ioctl | |
479 | * @q: request queue to send scsi commands down | |
f2542a3b CH |
480 | * @mode: mode used to open the file through which the ioctl has been |
481 | * submitted | |
482 | * @sic: userspace structure describing the command to perform | |
483 | * | |
484 | * Send down the scsi command described by @sic to the device below | |
a30e3441 | 485 | * the request queue @q. |
f2542a3b CH |
486 | * |
487 | * Notes: | |
488 | * - This interface is deprecated - users should use the SG_IO | |
489 | * interface instead, as this is a more flexible approach to | |
490 | * performing SCSI commands on a device. | |
491 | * - The SCSI command length is determined by examining the 1st byte | |
492 | * of the given command. There is no way to override this. | |
493 | * - Data transfers are limited to PAGE_SIZE | |
494 | * - The length (x + y) must be at least OMAX_SB_LEN bytes long to | |
495 | * accommodate the sense buffer when an error occurs. | |
496 | * The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that | |
497 | * old code will not be surprised. | |
498 | * - If a Unix error occurs (e.g. ENOMEM) then the user will receive | |
499 | * a negative return and the Unix error code in 'errno'. | |
500 | * If the SCSI command succeeds then 0 is returned. | |
501 | * Positive numbers returned are the compacted SCSI error codes (4 | |
502 | * bytes in one int) where the lowest byte is the SCSI status. | |
503 | */ | |
a30e3441 CH |
504 | static int sg_scsi_ioctl(struct request_queue *q, fmode_t mode, |
505 | struct scsi_ioctl_command __user *sic) | |
f2542a3b | 506 | { |
f2542a3b | 507 | struct request *rq; |
f2542a3b CH |
508 | int err; |
509 | unsigned int in_len, out_len, bytes, opcode, cmdlen; | |
ce70fd9a | 510 | struct scsi_cmnd *scmd; |
f2542a3b CH |
511 | char *buffer = NULL; |
512 | ||
513 | if (!sic) | |
514 | return -EINVAL; | |
515 | ||
516 | /* | |
517 | * get in an out lengths, verify they don't exceed a page worth of data | |
518 | */ | |
519 | if (get_user(in_len, &sic->inlen)) | |
520 | return -EFAULT; | |
521 | if (get_user(out_len, &sic->outlen)) | |
522 | return -EFAULT; | |
523 | if (in_len > PAGE_SIZE || out_len > PAGE_SIZE) | |
524 | return -EINVAL; | |
4e80eef4 | 525 | if (get_user(opcode, &sic->data[0])) |
f2542a3b CH |
526 | return -EFAULT; |
527 | ||
528 | bytes = max(in_len, out_len); | |
529 | if (bytes) { | |
530 | buffer = kzalloc(bytes, GFP_NOIO | GFP_USER | __GFP_NOWARN); | |
531 | if (!buffer) | |
532 | return -ENOMEM; | |
533 | ||
534 | } | |
535 | ||
68ec3b81 | 536 | rq = scsi_alloc_request(q, in_len ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0); |
f2542a3b CH |
537 | if (IS_ERR(rq)) { |
538 | err = PTR_ERR(rq); | |
539 | goto error_free_buffer; | |
540 | } | |
ce70fd9a | 541 | scmd = blk_mq_rq_to_pdu(rq); |
f2542a3b CH |
542 | |
543 | cmdlen = COMMAND_SIZE(opcode); | |
544 | ||
545 | /* | |
546 | * get command and data to send to device, if any | |
547 | */ | |
548 | err = -EFAULT; | |
ce70fd9a CH |
549 | scmd->cmd_len = cmdlen; |
550 | if (copy_from_user(scmd->cmnd, sic->data, cmdlen)) | |
f2542a3b CH |
551 | goto error; |
552 | ||
553 | if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) | |
554 | goto error; | |
555 | ||
556 | err = -EPERM; | |
ce70fd9a | 557 | if (!scsi_cmd_allowed(scmd->cmnd, mode)) |
f2542a3b CH |
558 | goto error; |
559 | ||
560 | /* default. possible overridden later */ | |
6aded12b | 561 | scmd->allowed = 5; |
f2542a3b CH |
562 | |
563 | switch (opcode) { | |
564 | case SEND_DIAGNOSTIC: | |
565 | case FORMAT_UNIT: | |
566 | rq->timeout = FORMAT_UNIT_TIMEOUT; | |
6aded12b | 567 | scmd->allowed = 1; |
f2542a3b CH |
568 | break; |
569 | case START_STOP: | |
570 | rq->timeout = START_STOP_TIMEOUT; | |
571 | break; | |
572 | case MOVE_MEDIUM: | |
573 | rq->timeout = MOVE_MEDIUM_TIMEOUT; | |
574 | break; | |
575 | case READ_ELEMENT_STATUS: | |
576 | rq->timeout = READ_ELEMENT_STATUS_TIMEOUT; | |
577 | break; | |
578 | case READ_DEFECT_DATA: | |
579 | rq->timeout = READ_DEFECT_DATA_TIMEOUT; | |
6aded12b | 580 | scmd->allowed = 1; |
f2542a3b CH |
581 | break; |
582 | default: | |
583 | rq->timeout = BLK_DEFAULT_SG_TIMEOUT; | |
584 | break; | |
585 | } | |
586 | ||
587 | if (bytes) { | |
588 | err = blk_rq_map_kern(q, rq, buffer, bytes, GFP_NOIO); | |
589 | if (err) | |
590 | goto error; | |
591 | } | |
592 | ||
b84ba30b | 593 | blk_execute_rq(rq, false); |
f2542a3b | 594 | |
dbb4c84d | 595 | err = scmd->result & 0xff; /* only 8 bit SCSI status */ |
f2542a3b | 596 | if (err) { |
5b794f98 CH |
597 | if (scmd->sense_len && scmd->sense_buffer) { |
598 | /* limit sense len for backward compatibility */ | |
599 | if (copy_to_user(sic->data, scmd->sense_buffer, | |
600 | min(scmd->sense_len, 16U))) | |
f2542a3b CH |
601 | err = -EFAULT; |
602 | } | |
603 | } else { | |
604 | if (copy_to_user(sic->data, buffer, out_len)) | |
605 | err = -EFAULT; | |
606 | } | |
607 | ||
608 | error: | |
0bf6d96c | 609 | blk_mq_free_request(rq); |
f2542a3b CH |
610 | |
611 | error_free_buffer: | |
612 | kfree(buffer); | |
613 | ||
614 | return err; | |
615 | } | |
f2542a3b CH |
616 | |
617 | int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp) | |
618 | { | |
619 | #ifdef CONFIG_COMPAT | |
620 | if (in_compat_syscall()) { | |
621 | struct compat_sg_io_hdr hdr32 = { | |
622 | .interface_id = hdr->interface_id, | |
623 | .dxfer_direction = hdr->dxfer_direction, | |
624 | .cmd_len = hdr->cmd_len, | |
625 | .mx_sb_len = hdr->mx_sb_len, | |
626 | .iovec_count = hdr->iovec_count, | |
627 | .dxfer_len = hdr->dxfer_len, | |
628 | .dxferp = (uintptr_t)hdr->dxferp, | |
629 | .cmdp = (uintptr_t)hdr->cmdp, | |
630 | .sbp = (uintptr_t)hdr->sbp, | |
631 | .timeout = hdr->timeout, | |
632 | .flags = hdr->flags, | |
633 | .pack_id = hdr->pack_id, | |
634 | .usr_ptr = (uintptr_t)hdr->usr_ptr, | |
635 | .status = hdr->status, | |
636 | .masked_status = hdr->masked_status, | |
637 | .msg_status = hdr->msg_status, | |
638 | .sb_len_wr = hdr->sb_len_wr, | |
639 | .host_status = hdr->host_status, | |
640 | .driver_status = hdr->driver_status, | |
641 | .resid = hdr->resid, | |
642 | .duration = hdr->duration, | |
643 | .info = hdr->info, | |
644 | }; | |
645 | ||
646 | if (copy_to_user(argp, &hdr32, sizeof(hdr32))) | |
647 | return -EFAULT; | |
648 | ||
649 | return 0; | |
650 | } | |
651 | #endif | |
652 | ||
653 | if (copy_to_user(argp, hdr, sizeof(*hdr))) | |
654 | return -EFAULT; | |
655 | ||
656 | return 0; | |
657 | } | |
658 | EXPORT_SYMBOL(put_sg_io_hdr); | |
659 | ||
660 | int get_sg_io_hdr(struct sg_io_hdr *hdr, const void __user *argp) | |
661 | { | |
662 | #ifdef CONFIG_COMPAT | |
663 | struct compat_sg_io_hdr hdr32; | |
664 | ||
665 | if (in_compat_syscall()) { | |
666 | if (copy_from_user(&hdr32, argp, sizeof(hdr32))) | |
667 | return -EFAULT; | |
668 | ||
669 | *hdr = (struct sg_io_hdr) { | |
670 | .interface_id = hdr32.interface_id, | |
671 | .dxfer_direction = hdr32.dxfer_direction, | |
672 | .cmd_len = hdr32.cmd_len, | |
673 | .mx_sb_len = hdr32.mx_sb_len, | |
674 | .iovec_count = hdr32.iovec_count, | |
675 | .dxfer_len = hdr32.dxfer_len, | |
676 | .dxferp = compat_ptr(hdr32.dxferp), | |
677 | .cmdp = compat_ptr(hdr32.cmdp), | |
678 | .sbp = compat_ptr(hdr32.sbp), | |
679 | .timeout = hdr32.timeout, | |
680 | .flags = hdr32.flags, | |
681 | .pack_id = hdr32.pack_id, | |
682 | .usr_ptr = compat_ptr(hdr32.usr_ptr), | |
683 | .status = hdr32.status, | |
684 | .masked_status = hdr32.masked_status, | |
685 | .msg_status = hdr32.msg_status, | |
686 | .sb_len_wr = hdr32.sb_len_wr, | |
687 | .host_status = hdr32.host_status, | |
688 | .driver_status = hdr32.driver_status, | |
689 | .resid = hdr32.resid, | |
690 | .duration = hdr32.duration, | |
691 | .info = hdr32.info, | |
692 | }; | |
693 | ||
694 | return 0; | |
695 | } | |
696 | #endif | |
697 | ||
698 | if (copy_from_user(hdr, argp, sizeof(*hdr))) | |
699 | return -EFAULT; | |
700 | ||
701 | return 0; | |
702 | } | |
703 | EXPORT_SYMBOL(get_sg_io_hdr); | |
704 | ||
705 | #ifdef CONFIG_COMPAT | |
706 | struct compat_cdrom_generic_command { | |
707 | unsigned char cmd[CDROM_PACKET_SIZE]; | |
708 | compat_caddr_t buffer; | |
709 | compat_uint_t buflen; | |
710 | compat_int_t stat; | |
711 | compat_caddr_t sense; | |
712 | unsigned char data_direction; | |
713 | unsigned char pad[3]; | |
714 | compat_int_t quiet; | |
715 | compat_int_t timeout; | |
716 | compat_caddr_t unused; | |
717 | }; | |
718 | #endif | |
719 | ||
720 | static int scsi_get_cdrom_generic_arg(struct cdrom_generic_command *cgc, | |
721 | const void __user *arg) | |
722 | { | |
723 | #ifdef CONFIG_COMPAT | |
724 | if (in_compat_syscall()) { | |
725 | struct compat_cdrom_generic_command cgc32; | |
726 | ||
727 | if (copy_from_user(&cgc32, arg, sizeof(cgc32))) | |
728 | return -EFAULT; | |
729 | ||
730 | *cgc = (struct cdrom_generic_command) { | |
731 | .buffer = compat_ptr(cgc32.buffer), | |
732 | .buflen = cgc32.buflen, | |
733 | .stat = cgc32.stat, | |
734 | .sense = compat_ptr(cgc32.sense), | |
735 | .data_direction = cgc32.data_direction, | |
736 | .quiet = cgc32.quiet, | |
737 | .timeout = cgc32.timeout, | |
738 | .unused = compat_ptr(cgc32.unused), | |
739 | }; | |
740 | memcpy(&cgc->cmd, &cgc32.cmd, CDROM_PACKET_SIZE); | |
741 | return 0; | |
742 | } | |
743 | #endif | |
744 | if (copy_from_user(cgc, arg, sizeof(*cgc))) | |
745 | return -EFAULT; | |
746 | ||
747 | return 0; | |
748 | } | |
749 | ||
750 | static int scsi_put_cdrom_generic_arg(const struct cdrom_generic_command *cgc, | |
751 | void __user *arg) | |
752 | { | |
753 | #ifdef CONFIG_COMPAT | |
754 | if (in_compat_syscall()) { | |
755 | struct compat_cdrom_generic_command cgc32 = { | |
756 | .buffer = (uintptr_t)(cgc->buffer), | |
757 | .buflen = cgc->buflen, | |
758 | .stat = cgc->stat, | |
759 | .sense = (uintptr_t)(cgc->sense), | |
760 | .data_direction = cgc->data_direction, | |
761 | .quiet = cgc->quiet, | |
762 | .timeout = cgc->timeout, | |
763 | .unused = (uintptr_t)(cgc->unused), | |
764 | }; | |
765 | memcpy(&cgc32.cmd, &cgc->cmd, CDROM_PACKET_SIZE); | |
766 | ||
767 | if (copy_to_user(arg, &cgc32, sizeof(cgc32))) | |
768 | return -EFAULT; | |
769 | ||
770 | return 0; | |
771 | } | |
772 | #endif | |
773 | if (copy_to_user(arg, cgc, sizeof(*cgc))) | |
774 | return -EFAULT; | |
775 | ||
776 | return 0; | |
777 | } | |
778 | ||
a30e3441 CH |
779 | static int scsi_cdrom_send_packet(struct scsi_device *sdev, fmode_t mode, |
780 | void __user *arg) | |
f2542a3b CH |
781 | { |
782 | struct cdrom_generic_command cgc; | |
783 | struct sg_io_hdr hdr; | |
784 | int err; | |
785 | ||
786 | err = scsi_get_cdrom_generic_arg(&cgc, arg); | |
787 | if (err) | |
788 | return err; | |
789 | ||
790 | cgc.timeout = clock_t_to_jiffies(cgc.timeout); | |
791 | memset(&hdr, 0, sizeof(hdr)); | |
792 | hdr.interface_id = 'S'; | |
793 | hdr.cmd_len = sizeof(cgc.cmd); | |
794 | hdr.dxfer_len = cgc.buflen; | |
795 | switch (cgc.data_direction) { | |
796 | case CGC_DATA_UNKNOWN: | |
797 | hdr.dxfer_direction = SG_DXFER_UNKNOWN; | |
798 | break; | |
799 | case CGC_DATA_WRITE: | |
800 | hdr.dxfer_direction = SG_DXFER_TO_DEV; | |
801 | break; | |
802 | case CGC_DATA_READ: | |
803 | hdr.dxfer_direction = SG_DXFER_FROM_DEV; | |
804 | break; | |
805 | case CGC_DATA_NONE: | |
806 | hdr.dxfer_direction = SG_DXFER_NONE; | |
807 | break; | |
808 | default: | |
809 | return -EINVAL; | |
810 | } | |
811 | ||
812 | hdr.dxferp = cgc.buffer; | |
813 | hdr.sbp = cgc.sense; | |
814 | if (hdr.sbp) | |
815 | hdr.mx_sb_len = sizeof(struct request_sense); | |
816 | hdr.timeout = jiffies_to_msecs(cgc.timeout); | |
817 | hdr.cmdp = ((struct cdrom_generic_command __user *) arg)->cmd; | |
818 | hdr.cmd_len = sizeof(cgc.cmd); | |
819 | ||
a30e3441 | 820 | err = sg_io(sdev, &hdr, mode); |
f2542a3b CH |
821 | if (err == -EFAULT) |
822 | return -EFAULT; | |
823 | ||
824 | if (hdr.status) | |
825 | return -EIO; | |
826 | ||
827 | cgc.stat = err; | |
828 | cgc.buflen = hdr.resid; | |
829 | if (scsi_put_cdrom_generic_arg(&cgc, arg)) | |
830 | return -EFAULT; | |
831 | ||
832 | return err; | |
833 | } | |
834 | ||
a30e3441 CH |
835 | static int scsi_ioctl_sg_io(struct scsi_device *sdev, fmode_t mode, |
836 | void __user *argp) | |
b2123d3b CH |
837 | { |
838 | struct sg_io_hdr hdr; | |
839 | int error; | |
840 | ||
841 | error = get_sg_io_hdr(&hdr, argp); | |
842 | if (error) | |
843 | return error; | |
a30e3441 | 844 | error = sg_io(sdev, &hdr, mode); |
b2123d3b CH |
845 | if (error == -EFAULT) |
846 | return error; | |
847 | if (put_sg_io_hdr(&hdr, argp)) | |
848 | return -EFAULT; | |
04a71cdc | 849 | return error; |
b2123d3b CH |
850 | } |
851 | ||
6fade450 CH |
852 | /** |
853 | * scsi_ioctl - Dispatch ioctl to scsi device | |
854 | * @sdev: scsi device receiving ioctl | |
2e27f576 | 855 | * @mode: mode the block/char device is opened with |
6fade450 CH |
856 | * @cmd: which ioctl is it |
857 | * @arg: data associated with ioctl | |
858 | * | |
859 | * Description: The scsi_ioctl() function differs from most ioctls in that it | |
860 | * does not take a major/minor number as the dev field. Rather, it takes | |
861 | * a pointer to a &struct scsi_device. | |
862 | */ | |
a30e3441 CH |
863 | int scsi_ioctl(struct scsi_device *sdev, fmode_t mode, int cmd, |
864 | void __user *arg) | |
1da177e4 | 865 | { |
2e27f576 | 866 | struct request_queue *q = sdev->request_queue; |
74a78ebd | 867 | struct scsi_sense_hdr sense_hdr; |
1da177e4 | 868 | |
1da177e4 LT |
869 | /* Check for deprecated ioctls ... all the ioctls which don't |
870 | * follow the new unique numbering scheme are deprecated */ | |
871 | switch (cmd) { | |
872 | case SCSI_IOCTL_SEND_COMMAND: | |
873 | case SCSI_IOCTL_TEST_UNIT_READY: | |
874 | case SCSI_IOCTL_BENCHMARK_COMMAND: | |
875 | case SCSI_IOCTL_SYNC: | |
876 | case SCSI_IOCTL_START_UNIT: | |
877 | case SCSI_IOCTL_STOP_UNIT: | |
878 | printk(KERN_WARNING "program %s is using a deprecated SCSI " | |
879 | "ioctl, please convert it to SG_IO\n", current->comm); | |
880 | break; | |
881 | default: | |
882 | break; | |
883 | } | |
884 | ||
f2542a3b CH |
885 | switch (cmd) { |
886 | case SG_GET_VERSION_NUM: | |
887 | return sg_get_version(arg); | |
888 | case SG_SET_TIMEOUT: | |
1e61c1a8 | 889 | return sg_set_timeout(sdev, arg); |
f2542a3b | 890 | case SG_GET_TIMEOUT: |
1e61c1a8 | 891 | return jiffies_to_clock_t(sdev->sg_timeout); |
f2542a3b | 892 | case SG_GET_RESERVED_SIZE: |
1e61c1a8 | 893 | return sg_get_reserved_size(sdev, arg); |
f2542a3b | 894 | case SG_SET_RESERVED_SIZE: |
1e61c1a8 | 895 | return sg_set_reserved_size(sdev, arg); |
f2542a3b CH |
896 | case SG_EMULATED_HOST: |
897 | return sg_emulated_host(q, arg); | |
b2123d3b | 898 | case SG_IO: |
a30e3441 | 899 | return scsi_ioctl_sg_io(sdev, mode, arg); |
f2542a3b | 900 | case SCSI_IOCTL_SEND_COMMAND: |
a30e3441 | 901 | return sg_scsi_ioctl(q, mode, arg); |
f2542a3b | 902 | case CDROM_SEND_PACKET: |
a30e3441 | 903 | return scsi_cdrom_send_packet(sdev, mode, arg); |
f2542a3b | 904 | case CDROMCLOSETRAY: |
51476187 | 905 | return scsi_send_start_stop(sdev, 3); |
f2542a3b | 906 | case CDROMEJECT: |
51476187 | 907 | return scsi_send_start_stop(sdev, 2); |
2102a5cc CH |
908 | case SCSI_IOCTL_GET_IDLUN: |
909 | return scsi_get_idlun(sdev, arg); | |
1da177e4 LT |
910 | case SCSI_IOCTL_GET_BUS_NUMBER: |
911 | return put_user(sdev->host->host_no, (int __user *)arg); | |
912 | case SCSI_IOCTL_PROBE_HOST: | |
913 | return ioctl_probe(sdev->host, arg); | |
1da177e4 LT |
914 | case SCSI_IOCTL_DOORLOCK: |
915 | return scsi_set_medium_removal(sdev, SCSI_REMOVAL_PREVENT); | |
916 | case SCSI_IOCTL_DOORUNLOCK: | |
917 | return scsi_set_medium_removal(sdev, SCSI_REMOVAL_ALLOW); | |
918 | case SCSI_IOCTL_TEST_UNIT_READY: | |
919 | return scsi_test_unit_ready(sdev, IOCTL_NORMAL_TIMEOUT, | |
74a78ebd | 920 | NORMAL_RETRIES, &sense_hdr); |
1da177e4 | 921 | case SCSI_IOCTL_START_UNIT: |
51476187 | 922 | return scsi_send_start_stop(sdev, 1); |
1da177e4 | 923 | case SCSI_IOCTL_STOP_UNIT: |
51476187 | 924 | return scsi_send_start_stop(sdev, 0); |
1da177e4 LT |
925 | case SCSI_IOCTL_GET_PCI: |
926 | return scsi_ioctl_get_pci(sdev, arg); | |
906d15fb CH |
927 | case SG_SCSI_RESET: |
928 | return scsi_ioctl_reset(sdev, arg); | |
1da177e4 | 929 | } |
1da177e4 | 930 | |
7eafd137 | 931 | #ifdef CONFIG_COMPAT |
6fade450 CH |
932 | if (in_compat_syscall()) { |
933 | if (!sdev->host->hostt->compat_ioctl) | |
934 | return -EINVAL; | |
7eafd137 | 935 | return sdev->host->hostt->compat_ioctl(sdev, cmd, arg); |
6fade450 | 936 | } |
7eafd137 | 937 | #endif |
6fade450 CH |
938 | if (!sdev->host->hostt->ioctl) |
939 | return -EINVAL; | |
940 | return sdev->host->hostt->ioctl(sdev, cmd, arg); | |
941 | } | |
942 | EXPORT_SYMBOL(scsi_ioctl); | |
7eafd137 | 943 | |
906d15fb CH |
944 | /* |
945 | * We can process a reset even when a device isn't fully operable. | |
1da177e4 | 946 | */ |
906d15fb CH |
947 | int scsi_ioctl_block_when_processing_errors(struct scsi_device *sdev, int cmd, |
948 | bool ndelay) | |
1da177e4 | 949 | { |
906d15fb | 950 | if (cmd == SG_SCSI_RESET && ndelay) { |
939647ee | 951 | if (scsi_host_in_recovery(sdev->host)) |
e9afccc5 | 952 | return -EAGAIN; |
906d15fb CH |
953 | } else { |
954 | if (!scsi_block_when_processing_errors(sdev)) | |
955 | return -ENODEV; | |
1da177e4 | 956 | } |
906d15fb CH |
957 | |
958 | return 0; | |
1da177e4 | 959 | } |
906d15fb | 960 | EXPORT_SYMBOL_GPL(scsi_ioctl_block_when_processing_errors); |