Line data Source code
1 : // SPDX-License-Identifier: GPL-2.0
2 : /*
3 : * Copyright (C) 2001 Jens Axboe <axboe@suse.de>
4 : */
5 : #include <linux/compat.h>
6 : #include <linux/kernel.h>
7 : #include <linux/errno.h>
8 : #include <linux/string.h>
9 : #include <linux/module.h>
10 : #include <linux/blkdev.h>
11 : #include <linux/capability.h>
12 : #include <linux/completion.h>
13 : #include <linux/cdrom.h>
14 : #include <linux/ratelimit.h>
15 : #include <linux/slab.h>
16 : #include <linux/times.h>
17 : #include <linux/uio.h>
18 : #include <linux/uaccess.h>
19 :
20 : #include <scsi/scsi.h>
21 : #include <scsi/scsi_ioctl.h>
22 : #include <scsi/scsi_cmnd.h>
23 : #include <scsi/sg.h>
24 :
25 : struct blk_cmd_filter {
26 : unsigned long read_ok[BLK_SCSI_CMD_PER_LONG];
27 : unsigned long write_ok[BLK_SCSI_CMD_PER_LONG];
28 : };
29 :
30 : static struct blk_cmd_filter blk_default_cmd_filter;
31 :
32 : /* Command group 3 is reserved and should never be used. */
33 : const unsigned char scsi_command_size_tbl[8] =
34 : {
35 : 6, 10, 10, 12,
36 : 16, 12, 10, 10
37 : };
38 : EXPORT_SYMBOL(scsi_command_size_tbl);
39 :
40 0 : static int sg_get_version(int __user *p)
41 : {
42 0 : static const int sg_version_num = 30527;
43 0 : return put_user(sg_version_num, p);
44 : }
45 :
46 0 : static int scsi_get_idlun(struct request_queue *q, int __user *p)
47 : {
48 0 : return put_user(0, p);
49 : }
50 :
51 0 : static int scsi_get_bus(struct request_queue *q, int __user *p)
52 : {
53 0 : return put_user(0, p);
54 : }
55 :
56 0 : static int sg_get_timeout(struct request_queue *q)
57 : {
58 0 : return jiffies_to_clock_t(q->sg_timeout);
59 : }
60 :
61 0 : static int sg_set_timeout(struct request_queue *q, int __user *p)
62 : {
63 0 : int timeout, err = get_user(timeout, p);
64 :
65 0 : if (!err)
66 0 : q->sg_timeout = clock_t_to_jiffies(timeout);
67 :
68 0 : return err;
69 : }
70 :
71 0 : static int max_sectors_bytes(struct request_queue *q)
72 : {
73 0 : unsigned int max_sectors = queue_max_sectors(q);
74 :
75 0 : max_sectors = min_t(unsigned int, max_sectors, INT_MAX >> 9);
76 :
77 0 : return max_sectors << 9;
78 : }
79 :
80 0 : static int sg_get_reserved_size(struct request_queue *q, int __user *p)
81 : {
82 0 : int val = min_t(int, q->sg_reserved_size, max_sectors_bytes(q));
83 :
84 0 : return put_user(val, p);
85 : }
86 :
87 0 : static int sg_set_reserved_size(struct request_queue *q, int __user *p)
88 : {
89 0 : int size, err = get_user(size, p);
90 :
91 0 : if (err)
92 : return err;
93 :
94 0 : if (size < 0)
95 : return -EINVAL;
96 :
97 0 : q->sg_reserved_size = min(size, max_sectors_bytes(q));
98 0 : return 0;
99 : }
100 :
101 : /*
102 : * will always return that we are ATAPI even for a real SCSI drive, I'm not
103 : * so sure this is worth doing anything about (why would you care??)
104 : */
105 0 : static int sg_emulated_host(struct request_queue *q, int __user *p)
106 : {
107 0 : return put_user(1, p);
108 : }
109 :
110 1 : static void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter)
111 : {
112 : /* Basic read-only commands */
113 1 : __set_bit(TEST_UNIT_READY, filter->read_ok);
114 1 : __set_bit(REQUEST_SENSE, filter->read_ok);
115 1 : __set_bit(READ_6, filter->read_ok);
116 1 : __set_bit(READ_10, filter->read_ok);
117 1 : __set_bit(READ_12, filter->read_ok);
118 1 : __set_bit(READ_16, filter->read_ok);
119 1 : __set_bit(READ_BUFFER, filter->read_ok);
120 1 : __set_bit(READ_DEFECT_DATA, filter->read_ok);
121 1 : __set_bit(READ_CAPACITY, filter->read_ok);
122 1 : __set_bit(READ_LONG, filter->read_ok);
123 1 : __set_bit(INQUIRY, filter->read_ok);
124 1 : __set_bit(MODE_SENSE, filter->read_ok);
125 1 : __set_bit(MODE_SENSE_10, filter->read_ok);
126 1 : __set_bit(LOG_SENSE, filter->read_ok);
127 1 : __set_bit(START_STOP, filter->read_ok);
128 1 : __set_bit(GPCMD_VERIFY_10, filter->read_ok);
129 1 : __set_bit(VERIFY_16, filter->read_ok);
130 1 : __set_bit(REPORT_LUNS, filter->read_ok);
131 1 : __set_bit(SERVICE_ACTION_IN_16, filter->read_ok);
132 1 : __set_bit(RECEIVE_DIAGNOSTIC, filter->read_ok);
133 1 : __set_bit(MAINTENANCE_IN, filter->read_ok);
134 1 : __set_bit(GPCMD_READ_BUFFER_CAPACITY, filter->read_ok);
135 :
136 : /* Audio CD commands */
137 1 : __set_bit(GPCMD_PLAY_CD, filter->read_ok);
138 1 : __set_bit(GPCMD_PLAY_AUDIO_10, filter->read_ok);
139 1 : __set_bit(GPCMD_PLAY_AUDIO_MSF, filter->read_ok);
140 1 : __set_bit(GPCMD_PLAY_AUDIO_TI, filter->read_ok);
141 1 : __set_bit(GPCMD_PAUSE_RESUME, filter->read_ok);
142 :
143 : /* CD/DVD data reading */
144 1 : __set_bit(GPCMD_READ_CD, filter->read_ok);
145 1 : __set_bit(GPCMD_READ_CD_MSF, filter->read_ok);
146 1 : __set_bit(GPCMD_READ_DISC_INFO, filter->read_ok);
147 1 : __set_bit(GPCMD_READ_CDVD_CAPACITY, filter->read_ok);
148 1 : __set_bit(GPCMD_READ_DVD_STRUCTURE, filter->read_ok);
149 1 : __set_bit(GPCMD_READ_HEADER, filter->read_ok);
150 1 : __set_bit(GPCMD_READ_TRACK_RZONE_INFO, filter->read_ok);
151 1 : __set_bit(GPCMD_READ_SUBCHANNEL, filter->read_ok);
152 1 : __set_bit(GPCMD_READ_TOC_PMA_ATIP, filter->read_ok);
153 1 : __set_bit(GPCMD_REPORT_KEY, filter->read_ok);
154 1 : __set_bit(GPCMD_SCAN, filter->read_ok);
155 1 : __set_bit(GPCMD_GET_CONFIGURATION, filter->read_ok);
156 1 : __set_bit(GPCMD_READ_FORMAT_CAPACITIES, filter->read_ok);
157 1 : __set_bit(GPCMD_GET_EVENT_STATUS_NOTIFICATION, filter->read_ok);
158 1 : __set_bit(GPCMD_GET_PERFORMANCE, filter->read_ok);
159 1 : __set_bit(GPCMD_SEEK, filter->read_ok);
160 1 : __set_bit(GPCMD_STOP_PLAY_SCAN, filter->read_ok);
161 :
162 : /* Basic writing commands */
163 1 : __set_bit(WRITE_6, filter->write_ok);
164 1 : __set_bit(WRITE_10, filter->write_ok);
165 1 : __set_bit(WRITE_VERIFY, filter->write_ok);
166 1 : __set_bit(WRITE_12, filter->write_ok);
167 1 : __set_bit(WRITE_VERIFY_12, filter->write_ok);
168 1 : __set_bit(WRITE_16, filter->write_ok);
169 1 : __set_bit(WRITE_LONG, filter->write_ok);
170 1 : __set_bit(WRITE_LONG_2, filter->write_ok);
171 1 : __set_bit(WRITE_SAME, filter->write_ok);
172 1 : __set_bit(WRITE_SAME_16, filter->write_ok);
173 1 : __set_bit(WRITE_SAME_32, filter->write_ok);
174 1 : __set_bit(ERASE, filter->write_ok);
175 1 : __set_bit(GPCMD_MODE_SELECT_10, filter->write_ok);
176 1 : __set_bit(MODE_SELECT, filter->write_ok);
177 1 : __set_bit(LOG_SELECT, filter->write_ok);
178 1 : __set_bit(GPCMD_BLANK, filter->write_ok);
179 1 : __set_bit(GPCMD_CLOSE_TRACK, filter->write_ok);
180 1 : __set_bit(GPCMD_FLUSH_CACHE, filter->write_ok);
181 1 : __set_bit(GPCMD_FORMAT_UNIT, filter->write_ok);
182 1 : __set_bit(GPCMD_REPAIR_RZONE_TRACK, filter->write_ok);
183 1 : __set_bit(GPCMD_RESERVE_RZONE_TRACK, filter->write_ok);
184 1 : __set_bit(GPCMD_SEND_DVD_STRUCTURE, filter->write_ok);
185 1 : __set_bit(GPCMD_SEND_EVENT, filter->write_ok);
186 1 : __set_bit(GPCMD_SEND_KEY, filter->write_ok);
187 1 : __set_bit(GPCMD_SEND_OPC, filter->write_ok);
188 1 : __set_bit(GPCMD_SEND_CUE_SHEET, filter->write_ok);
189 1 : __set_bit(GPCMD_SET_SPEED, filter->write_ok);
190 1 : __set_bit(GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL, filter->write_ok);
191 1 : __set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok);
192 1 : __set_bit(GPCMD_SET_STREAMING, filter->write_ok);
193 1 : __set_bit(GPCMD_SET_READ_AHEAD, filter->write_ok);
194 :
195 : /* ZBC Commands */
196 1 : __set_bit(ZBC_OUT, filter->write_ok);
197 1 : __set_bit(ZBC_IN, filter->read_ok);
198 1 : }
199 :
200 0 : int blk_verify_command(unsigned char *cmd, fmode_t mode)
201 : {
202 0 : struct blk_cmd_filter *filter = &blk_default_cmd_filter;
203 :
204 : /* root can do any command. */
205 0 : if (capable(CAP_SYS_RAWIO))
206 : return 0;
207 :
208 : /* Anybody who can open the device can do a read-safe command */
209 0 : if (test_bit(cmd[0], filter->read_ok))
210 : return 0;
211 :
212 : /* Write-safe commands require a writable open */
213 0 : if (test_bit(cmd[0], filter->write_ok) && (mode & FMODE_WRITE))
214 0 : return 0;
215 :
216 : return -EPERM;
217 : }
218 : EXPORT_SYMBOL(blk_verify_command);
219 :
220 0 : static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq,
221 : struct sg_io_hdr *hdr, fmode_t mode)
222 : {
223 0 : struct scsi_request *req = scsi_req(rq);
224 :
225 0 : if (copy_from_user(req->cmd, hdr->cmdp, hdr->cmd_len))
226 : return -EFAULT;
227 0 : if (blk_verify_command(req->cmd, mode))
228 : return -EPERM;
229 :
230 : /*
231 : * fill in request structure
232 : */
233 0 : req->cmd_len = hdr->cmd_len;
234 :
235 0 : rq->timeout = msecs_to_jiffies(hdr->timeout);
236 0 : if (!rq->timeout)
237 0 : rq->timeout = q->sg_timeout;
238 0 : if (!rq->timeout)
239 0 : rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
240 0 : if (rq->timeout < BLK_MIN_SG_TIMEOUT)
241 0 : rq->timeout = BLK_MIN_SG_TIMEOUT;
242 :
243 : return 0;
244 : }
245 :
246 0 : static int blk_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr,
247 : struct bio *bio)
248 : {
249 0 : struct scsi_request *req = scsi_req(rq);
250 0 : int r, ret = 0;
251 :
252 : /*
253 : * fill in all the output members
254 : */
255 0 : hdr->status = req->result & 0xff;
256 0 : hdr->masked_status = status_byte(req->result);
257 0 : hdr->msg_status = msg_byte(req->result);
258 0 : hdr->host_status = host_byte(req->result);
259 0 : hdr->driver_status = driver_byte(req->result);
260 0 : hdr->info = 0;
261 0 : if (hdr->masked_status || hdr->host_status || hdr->driver_status)
262 0 : hdr->info |= SG_INFO_CHECK;
263 0 : hdr->resid = req->resid_len;
264 0 : hdr->sb_len_wr = 0;
265 :
266 0 : if (req->sense_len && hdr->sbp) {
267 0 : int len = min((unsigned int) hdr->mx_sb_len, req->sense_len);
268 :
269 0 : if (!copy_to_user(hdr->sbp, req->sense, len))
270 0 : hdr->sb_len_wr = len;
271 : else
272 : ret = -EFAULT;
273 : }
274 :
275 0 : r = blk_rq_unmap_user(bio);
276 0 : if (!ret)
277 0 : ret = r;
278 :
279 0 : return ret;
280 : }
281 :
282 0 : static int sg_io(struct request_queue *q, struct gendisk *bd_disk,
283 : struct sg_io_hdr *hdr, fmode_t mode)
284 : {
285 0 : unsigned long start_time;
286 0 : ssize_t ret = 0;
287 0 : int writing = 0;
288 0 : int at_head = 0;
289 0 : struct request *rq;
290 0 : struct scsi_request *req;
291 0 : struct bio *bio;
292 :
293 0 : if (hdr->interface_id != 'S')
294 : return -EINVAL;
295 :
296 0 : if (hdr->dxfer_len > (queue_max_hw_sectors(q) << 9))
297 : return -EIO;
298 :
299 0 : if (hdr->dxfer_len)
300 0 : switch (hdr->dxfer_direction) {
301 : default:
302 : return -EINVAL;
303 0 : case SG_DXFER_TO_DEV:
304 0 : writing = 1;
305 0 : break;
306 : case SG_DXFER_TO_FROM_DEV:
307 : case SG_DXFER_FROM_DEV:
308 : break;
309 : }
310 0 : if (hdr->flags & SG_FLAG_Q_AT_HEAD)
311 0 : at_head = 1;
312 :
313 0 : ret = -ENOMEM;
314 0 : rq = blk_get_request(q, writing ? REQ_OP_SCSI_OUT : REQ_OP_SCSI_IN, 0);
315 0 : if (IS_ERR(rq))
316 0 : return PTR_ERR(rq);
317 0 : req = scsi_req(rq);
318 :
319 0 : if (hdr->cmd_len > BLK_MAX_CDB) {
320 0 : req->cmd = kzalloc(hdr->cmd_len, GFP_KERNEL);
321 0 : if (!req->cmd)
322 0 : goto out_put_request;
323 : }
324 :
325 0 : ret = blk_fill_sghdr_rq(q, rq, hdr, mode);
326 0 : if (ret < 0)
327 0 : goto out_free_cdb;
328 :
329 0 : ret = 0;
330 0 : if (hdr->iovec_count) {
331 0 : struct iov_iter i;
332 0 : struct iovec *iov = NULL;
333 :
334 0 : ret = import_iovec(rq_data_dir(rq), hdr->dxferp,
335 : hdr->iovec_count, 0, &iov, &i);
336 0 : if (ret < 0)
337 0 : goto out_free_cdb;
338 :
339 : /* SG_IO howto says that the shorter of the two wins */
340 0 : iov_iter_truncate(&i, hdr->dxfer_len);
341 :
342 0 : ret = blk_rq_map_user_iov(q, rq, NULL, &i, GFP_KERNEL);
343 0 : kfree(iov);
344 0 : } else if (hdr->dxfer_len)
345 0 : ret = blk_rq_map_user(q, rq, NULL, hdr->dxferp, hdr->dxfer_len,
346 : GFP_KERNEL);
347 :
348 0 : if (ret)
349 0 : goto out_free_cdb;
350 :
351 0 : bio = rq->bio;
352 0 : req->retries = 0;
353 :
354 0 : start_time = jiffies;
355 :
356 : /* ignore return value. All information is passed back to caller
357 : * (if he doesn't check that is his problem).
358 : * N.B. a non-zero SCSI status is _not_ necessarily an error.
359 : */
360 0 : blk_execute_rq(bd_disk, rq, at_head);
361 :
362 0 : hdr->duration = jiffies_to_msecs(jiffies - start_time);
363 :
364 0 : ret = blk_complete_sghdr_rq(rq, hdr, bio);
365 :
366 0 : out_free_cdb:
367 0 : scsi_req_free_cmd(req);
368 0 : out_put_request:
369 0 : blk_put_request(rq);
370 0 : return ret;
371 : }
372 :
373 : /**
374 : * sg_scsi_ioctl -- handle deprecated SCSI_IOCTL_SEND_COMMAND ioctl
375 : * @q: request queue to send scsi commands down
376 : * @disk: gendisk to operate on (option)
377 : * @mode: mode used to open the file through which the ioctl has been
378 : * submitted
379 : * @sic: userspace structure describing the command to perform
380 : *
381 : * Send down the scsi command described by @sic to the device below
382 : * the request queue @q. If @file is non-NULL it's used to perform
383 : * fine-grained permission checks that allow users to send down
384 : * non-destructive SCSI commands. If the caller has a struct gendisk
385 : * available it should be passed in as @disk to allow the low level
386 : * driver to use the information contained in it. A non-NULL @disk
387 : * is only allowed if the caller knows that the low level driver doesn't
388 : * need it (e.g. in the scsi subsystem).
389 : *
390 : * Notes:
391 : * - This interface is deprecated - users should use the SG_IO
392 : * interface instead, as this is a more flexible approach to
393 : * performing SCSI commands on a device.
394 : * - The SCSI command length is determined by examining the 1st byte
395 : * of the given command. There is no way to override this.
396 : * - Data transfers are limited to PAGE_SIZE
397 : * - The length (x + y) must be at least OMAX_SB_LEN bytes long to
398 : * accommodate the sense buffer when an error occurs.
399 : * The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that
400 : * old code will not be surprised.
401 : * - If a Unix error occurs (e.g. ENOMEM) then the user will receive
402 : * a negative return and the Unix error code in 'errno'.
403 : * If the SCSI command succeeds then 0 is returned.
404 : * Positive numbers returned are the compacted SCSI error codes (4
405 : * bytes in one int) where the lowest byte is the SCSI status.
406 : */
407 0 : int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
408 : struct scsi_ioctl_command __user *sic)
409 : {
410 0 : enum { OMAX_SB_LEN = 16 }; /* For backward compatibility */
411 0 : struct request *rq;
412 0 : struct scsi_request *req;
413 0 : int err;
414 0 : unsigned int in_len, out_len, bytes, opcode, cmdlen;
415 0 : char *buffer = NULL;
416 :
417 0 : if (!sic)
418 : return -EINVAL;
419 :
420 : /*
421 : * get in an out lengths, verify they don't exceed a page worth of data
422 : */
423 0 : if (get_user(in_len, &sic->inlen))
424 : return -EFAULT;
425 0 : if (get_user(out_len, &sic->outlen))
426 : return -EFAULT;
427 0 : if (in_len > PAGE_SIZE || out_len > PAGE_SIZE)
428 : return -EINVAL;
429 0 : if (get_user(opcode, sic->data))
430 : return -EFAULT;
431 :
432 0 : bytes = max(in_len, out_len);
433 0 : if (bytes) {
434 0 : buffer = kzalloc(bytes, q->bounce_gfp | GFP_USER| __GFP_NOWARN);
435 0 : if (!buffer)
436 : return -ENOMEM;
437 :
438 : }
439 :
440 0 : rq = blk_get_request(q, in_len ? REQ_OP_SCSI_OUT : REQ_OP_SCSI_IN, 0);
441 0 : if (IS_ERR(rq)) {
442 0 : err = PTR_ERR(rq);
443 0 : goto error_free_buffer;
444 : }
445 0 : req = scsi_req(rq);
446 :
447 0 : cmdlen = COMMAND_SIZE(opcode);
448 :
449 : /*
450 : * get command and data to send to device, if any
451 : */
452 0 : err = -EFAULT;
453 0 : req->cmd_len = cmdlen;
454 0 : if (copy_from_user(req->cmd, sic->data, cmdlen))
455 0 : goto error;
456 :
457 0 : if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
458 0 : goto error;
459 :
460 0 : err = blk_verify_command(req->cmd, mode);
461 0 : if (err)
462 0 : goto error;
463 :
464 : /* default. possible overriden later */
465 0 : req->retries = 5;
466 :
467 0 : switch (opcode) {
468 0 : case SEND_DIAGNOSTIC:
469 : case FORMAT_UNIT:
470 0 : rq->timeout = FORMAT_UNIT_TIMEOUT;
471 0 : req->retries = 1;
472 0 : break;
473 0 : case START_STOP:
474 0 : rq->timeout = START_STOP_TIMEOUT;
475 0 : break;
476 0 : case MOVE_MEDIUM:
477 0 : rq->timeout = MOVE_MEDIUM_TIMEOUT;
478 0 : break;
479 0 : case READ_ELEMENT_STATUS:
480 0 : rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;
481 0 : break;
482 0 : case READ_DEFECT_DATA:
483 0 : rq->timeout = READ_DEFECT_DATA_TIMEOUT;
484 0 : req->retries = 1;
485 0 : break;
486 0 : default:
487 0 : rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
488 0 : break;
489 : }
490 :
491 0 : if (bytes && blk_rq_map_kern(q, rq, buffer, bytes, GFP_NOIO)) {
492 0 : err = DRIVER_ERROR << 24;
493 0 : goto error;
494 : }
495 :
496 0 : blk_execute_rq(disk, rq, 0);
497 :
498 0 : err = req->result & 0xff; /* only 8 bit SCSI status */
499 0 : if (err) {
500 0 : if (req->sense_len && req->sense) {
501 0 : bytes = (OMAX_SB_LEN > req->sense_len) ?
502 : req->sense_len : OMAX_SB_LEN;
503 0 : if (copy_to_user(sic->data, req->sense, bytes))
504 0 : err = -EFAULT;
505 : }
506 : } else {
507 0 : if (copy_to_user(sic->data, buffer, out_len))
508 0 : err = -EFAULT;
509 : }
510 :
511 0 : error:
512 0 : blk_put_request(rq);
513 :
514 0 : error_free_buffer:
515 0 : kfree(buffer);
516 :
517 0 : return err;
518 : }
519 : EXPORT_SYMBOL_GPL(sg_scsi_ioctl);
520 :
521 : /* Send basic block requests */
522 0 : static int __blk_send_generic(struct request_queue *q, struct gendisk *bd_disk,
523 : int cmd, int data)
524 : {
525 0 : struct request *rq;
526 0 : int err;
527 :
528 0 : rq = blk_get_request(q, REQ_OP_SCSI_OUT, 0);
529 0 : if (IS_ERR(rq))
530 0 : return PTR_ERR(rq);
531 0 : rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
532 0 : scsi_req(rq)->cmd[0] = cmd;
533 0 : scsi_req(rq)->cmd[4] = data;
534 0 : scsi_req(rq)->cmd_len = 6;
535 0 : blk_execute_rq(bd_disk, rq, 0);
536 0 : err = scsi_req(rq)->result ? -EIO : 0;
537 0 : blk_put_request(rq);
538 :
539 0 : return err;
540 : }
541 :
542 0 : static inline int blk_send_start_stop(struct request_queue *q,
543 : struct gendisk *bd_disk, int data)
544 : {
545 0 : return __blk_send_generic(q, bd_disk, GPCMD_START_STOP_UNIT, data);
546 : }
547 :
548 0 : int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp)
549 : {
550 : #ifdef CONFIG_COMPAT
551 0 : if (in_compat_syscall()) {
552 0 : struct compat_sg_io_hdr hdr32 = {
553 0 : .interface_id = hdr->interface_id,
554 0 : .dxfer_direction = hdr->dxfer_direction,
555 0 : .cmd_len = hdr->cmd_len,
556 0 : .mx_sb_len = hdr->mx_sb_len,
557 0 : .iovec_count = hdr->iovec_count,
558 0 : .dxfer_len = hdr->dxfer_len,
559 0 : .dxferp = (uintptr_t)hdr->dxferp,
560 0 : .cmdp = (uintptr_t)hdr->cmdp,
561 0 : .sbp = (uintptr_t)hdr->sbp,
562 0 : .timeout = hdr->timeout,
563 0 : .flags = hdr->flags,
564 0 : .pack_id = hdr->pack_id,
565 0 : .usr_ptr = (uintptr_t)hdr->usr_ptr,
566 0 : .status = hdr->status,
567 0 : .masked_status = hdr->masked_status,
568 0 : .msg_status = hdr->msg_status,
569 0 : .sb_len_wr = hdr->sb_len_wr,
570 0 : .host_status = hdr->host_status,
571 0 : .driver_status = hdr->driver_status,
572 0 : .resid = hdr->resid,
573 0 : .duration = hdr->duration,
574 0 : .info = hdr->info,
575 : };
576 :
577 0 : if (copy_to_user(argp, &hdr32, sizeof(hdr32)))
578 : return -EFAULT;
579 :
580 0 : return 0;
581 : }
582 : #endif
583 :
584 0 : if (copy_to_user(argp, hdr, sizeof(*hdr)))
585 0 : return -EFAULT;
586 :
587 : return 0;
588 : }
589 : EXPORT_SYMBOL(put_sg_io_hdr);
590 :
591 0 : int get_sg_io_hdr(struct sg_io_hdr *hdr, const void __user *argp)
592 : {
593 : #ifdef CONFIG_COMPAT
594 0 : struct compat_sg_io_hdr hdr32;
595 :
596 0 : if (in_compat_syscall()) {
597 0 : if (copy_from_user(&hdr32, argp, sizeof(hdr32)))
598 : return -EFAULT;
599 :
600 0 : *hdr = (struct sg_io_hdr) {
601 0 : .interface_id = hdr32.interface_id,
602 0 : .dxfer_direction = hdr32.dxfer_direction,
603 0 : .cmd_len = hdr32.cmd_len,
604 0 : .mx_sb_len = hdr32.mx_sb_len,
605 0 : .iovec_count = hdr32.iovec_count,
606 0 : .dxfer_len = hdr32.dxfer_len,
607 0 : .dxferp = compat_ptr(hdr32.dxferp),
608 0 : .cmdp = compat_ptr(hdr32.cmdp),
609 0 : .sbp = compat_ptr(hdr32.sbp),
610 0 : .timeout = hdr32.timeout,
611 0 : .flags = hdr32.flags,
612 0 : .pack_id = hdr32.pack_id,
613 0 : .usr_ptr = compat_ptr(hdr32.usr_ptr),
614 0 : .status = hdr32.status,
615 0 : .masked_status = hdr32.masked_status,
616 0 : .msg_status = hdr32.msg_status,
617 0 : .sb_len_wr = hdr32.sb_len_wr,
618 0 : .host_status = hdr32.host_status,
619 0 : .driver_status = hdr32.driver_status,
620 0 : .resid = hdr32.resid,
621 0 : .duration = hdr32.duration,
622 0 : .info = hdr32.info,
623 : };
624 :
625 0 : return 0;
626 : }
627 : #endif
628 :
629 0 : if (copy_from_user(hdr, argp, sizeof(*hdr)))
630 0 : return -EFAULT;
631 :
632 : return 0;
633 : }
634 : EXPORT_SYMBOL(get_sg_io_hdr);
635 :
636 : #ifdef CONFIG_COMPAT
637 : struct compat_cdrom_generic_command {
638 : unsigned char cmd[CDROM_PACKET_SIZE];
639 : compat_caddr_t buffer;
640 : compat_uint_t buflen;
641 : compat_int_t stat;
642 : compat_caddr_t sense;
643 : unsigned char data_direction;
644 : unsigned char pad[3];
645 : compat_int_t quiet;
646 : compat_int_t timeout;
647 : compat_caddr_t unused;
648 : };
649 : #endif
650 :
651 0 : static int scsi_get_cdrom_generic_arg(struct cdrom_generic_command *cgc,
652 : const void __user *arg)
653 : {
654 : #ifdef CONFIG_COMPAT
655 0 : if (in_compat_syscall()) {
656 0 : struct compat_cdrom_generic_command cgc32;
657 :
658 0 : if (copy_from_user(&cgc32, arg, sizeof(cgc32)))
659 : return -EFAULT;
660 :
661 0 : *cgc = (struct cdrom_generic_command) {
662 0 : .buffer = compat_ptr(cgc32.buffer),
663 0 : .buflen = cgc32.buflen,
664 0 : .stat = cgc32.stat,
665 0 : .sense = compat_ptr(cgc32.sense),
666 0 : .data_direction = cgc32.data_direction,
667 0 : .quiet = cgc32.quiet,
668 0 : .timeout = cgc32.timeout,
669 0 : .unused = compat_ptr(cgc32.unused),
670 : };
671 0 : memcpy(&cgc->cmd, &cgc32.cmd, CDROM_PACKET_SIZE);
672 0 : return 0;
673 : }
674 : #endif
675 0 : if (copy_from_user(cgc, arg, sizeof(*cgc)))
676 0 : return -EFAULT;
677 :
678 : return 0;
679 : }
680 :
681 0 : static int scsi_put_cdrom_generic_arg(const struct cdrom_generic_command *cgc,
682 : void __user *arg)
683 : {
684 : #ifdef CONFIG_COMPAT
685 0 : if (in_compat_syscall()) {
686 0 : struct compat_cdrom_generic_command cgc32 = {
687 0 : .buffer = (uintptr_t)(cgc->buffer),
688 0 : .buflen = cgc->buflen,
689 0 : .stat = cgc->stat,
690 0 : .sense = (uintptr_t)(cgc->sense),
691 0 : .data_direction = cgc->data_direction,
692 0 : .quiet = cgc->quiet,
693 0 : .timeout = cgc->timeout,
694 0 : .unused = (uintptr_t)(cgc->unused),
695 : };
696 0 : memcpy(&cgc32.cmd, &cgc->cmd, CDROM_PACKET_SIZE);
697 :
698 0 : if (copy_to_user(arg, &cgc32, sizeof(cgc32)))
699 : return -EFAULT;
700 :
701 0 : return 0;
702 : }
703 : #endif
704 0 : if (copy_to_user(arg, cgc, sizeof(*cgc)))
705 0 : return -EFAULT;
706 :
707 : return 0;
708 : }
709 :
710 0 : static int scsi_cdrom_send_packet(struct request_queue *q,
711 : struct gendisk *bd_disk,
712 : fmode_t mode, void __user *arg)
713 : {
714 0 : struct cdrom_generic_command cgc;
715 0 : struct sg_io_hdr hdr;
716 0 : int err;
717 :
718 0 : err = scsi_get_cdrom_generic_arg(&cgc, arg);
719 0 : if (err)
720 : return err;
721 :
722 0 : cgc.timeout = clock_t_to_jiffies(cgc.timeout);
723 0 : memset(&hdr, 0, sizeof(hdr));
724 0 : hdr.interface_id = 'S';
725 0 : hdr.cmd_len = sizeof(cgc.cmd);
726 0 : hdr.dxfer_len = cgc.buflen;
727 0 : switch (cgc.data_direction) {
728 0 : case CGC_DATA_UNKNOWN:
729 0 : hdr.dxfer_direction = SG_DXFER_UNKNOWN;
730 0 : break;
731 0 : case CGC_DATA_WRITE:
732 0 : hdr.dxfer_direction = SG_DXFER_TO_DEV;
733 0 : break;
734 0 : case CGC_DATA_READ:
735 0 : hdr.dxfer_direction = SG_DXFER_FROM_DEV;
736 0 : break;
737 0 : case CGC_DATA_NONE:
738 0 : hdr.dxfer_direction = SG_DXFER_NONE;
739 0 : break;
740 : default:
741 : return -EINVAL;
742 : }
743 :
744 0 : hdr.dxferp = cgc.buffer;
745 0 : hdr.sbp = cgc.sense;
746 0 : if (hdr.sbp)
747 0 : hdr.mx_sb_len = sizeof(struct request_sense);
748 0 : hdr.timeout = jiffies_to_msecs(cgc.timeout);
749 0 : hdr.cmdp = ((struct cdrom_generic_command __user*) arg)->cmd;
750 0 : hdr.cmd_len = sizeof(cgc.cmd);
751 :
752 0 : err = sg_io(q, bd_disk, &hdr, mode);
753 0 : if (err == -EFAULT)
754 : return -EFAULT;
755 :
756 0 : if (hdr.status)
757 : return -EIO;
758 :
759 0 : cgc.stat = err;
760 0 : cgc.buflen = hdr.resid;
761 0 : if (scsi_put_cdrom_generic_arg(&cgc, arg))
762 0 : return -EFAULT;
763 :
764 : return err;
765 : }
766 :
767 0 : int scsi_cmd_ioctl(struct request_queue *q, struct gendisk *bd_disk, fmode_t mode,
768 : unsigned int cmd, void __user *arg)
769 : {
770 0 : int err;
771 :
772 0 : if (!q)
773 : return -ENXIO;
774 :
775 0 : switch (cmd) {
776 : /*
777 : * new sgv3 interface
778 : */
779 : case SG_GET_VERSION_NUM:
780 0 : err = sg_get_version(arg);
781 0 : break;
782 : case SCSI_IOCTL_GET_IDLUN:
783 0 : err = scsi_get_idlun(q, arg);
784 0 : break;
785 : case SCSI_IOCTL_GET_BUS_NUMBER:
786 0 : err = scsi_get_bus(q, arg);
787 0 : break;
788 0 : case SG_SET_TIMEOUT:
789 0 : err = sg_set_timeout(q, arg);
790 0 : break;
791 : case SG_GET_TIMEOUT:
792 0 : err = sg_get_timeout(q);
793 0 : break;
794 0 : case SG_GET_RESERVED_SIZE:
795 0 : err = sg_get_reserved_size(q, arg);
796 0 : break;
797 0 : case SG_SET_RESERVED_SIZE:
798 0 : err = sg_set_reserved_size(q, arg);
799 0 : break;
800 : case SG_EMULATED_HOST:
801 0 : err = sg_emulated_host(q, arg);
802 0 : break;
803 0 : case SG_IO: {
804 0 : struct sg_io_hdr hdr;
805 :
806 0 : err = get_sg_io_hdr(&hdr, arg);
807 0 : if (err)
808 : break;
809 0 : err = sg_io(q, bd_disk, &hdr, mode);
810 0 : if (err == -EFAULT)
811 : break;
812 :
813 0 : if (put_sg_io_hdr(&hdr, arg))
814 0 : err = -EFAULT;
815 : break;
816 : }
817 0 : case CDROM_SEND_PACKET:
818 0 : err = scsi_cdrom_send_packet(q, bd_disk, mode, arg);
819 0 : break;
820 :
821 : /*
822 : * old junk scsi send command ioctl
823 : */
824 : case SCSI_IOCTL_SEND_COMMAND:
825 0 : printk(KERN_WARNING "program %s is using a deprecated SCSI ioctl, please convert it to SG_IO\n", current->comm);
826 0 : err = -EINVAL;
827 0 : if (!arg)
828 : break;
829 :
830 0 : err = sg_scsi_ioctl(q, bd_disk, mode, arg);
831 0 : break;
832 : case CDROMCLOSETRAY:
833 0 : err = blk_send_start_stop(q, bd_disk, 0x03);
834 0 : break;
835 : case CDROMEJECT:
836 0 : err = blk_send_start_stop(q, bd_disk, 0x02);
837 0 : break;
838 : default:
839 : err = -ENOTTY;
840 : }
841 :
842 0 : return err;
843 : }
844 : EXPORT_SYMBOL(scsi_cmd_ioctl);
845 :
846 0 : int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd)
847 : {
848 0 : if (bd && !bdev_is_partition(bd))
849 : return 0;
850 :
851 0 : if (capable(CAP_SYS_RAWIO))
852 0 : return 0;
853 :
854 : return -ENOIOCTLCMD;
855 : }
856 : EXPORT_SYMBOL(scsi_verify_blk_ioctl);
857 :
858 0 : int scsi_cmd_blk_ioctl(struct block_device *bd, fmode_t mode,
859 : unsigned int cmd, void __user *arg)
860 : {
861 0 : int ret;
862 :
863 0 : ret = scsi_verify_blk_ioctl(bd, cmd);
864 0 : if (ret < 0)
865 : return ret;
866 :
867 0 : return scsi_cmd_ioctl(bd->bd_disk->queue, bd->bd_disk, mode, cmd, arg);
868 : }
869 : EXPORT_SYMBOL(scsi_cmd_blk_ioctl);
870 :
871 : /**
872 : * scsi_req_init - initialize certain fields of a scsi_request structure
873 : * @req: Pointer to a scsi_request structure.
874 : * Initializes .__cmd[], .cmd, .cmd_len and .sense_len but no other members
875 : * of struct scsi_request.
876 : */
877 0 : void scsi_req_init(struct scsi_request *req)
878 : {
879 0 : memset(req->__cmd, 0, sizeof(req->__cmd));
880 0 : req->cmd = req->__cmd;
881 0 : req->cmd_len = BLK_MAX_CDB;
882 0 : req->sense_len = 0;
883 0 : }
884 : EXPORT_SYMBOL(scsi_req_init);
885 :
886 1 : static int __init blk_scsi_ioctl_init(void)
887 : {
888 1 : blk_set_cmd_filter_defaults(&blk_default_cmd_filter);
889 1 : return 0;
890 : }
891 : fs_initcall(blk_scsi_ioctl_init);
|
