1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21static int sg_version_num = 30534;
22#define SG_VERSION_STR "3.5.34"
23
24
25
26
27
28
29
30
31#include <linux/module.h>
32
33#include <linux/fs.h>
34#include <linux/kernel.h>
35#include <linux/sched.h>
36#include <linux/string.h>
37#include <linux/mm.h>
38#include <linux/aio.h>
39#include <linux/errno.h>
40#include <linux/mtio.h>
41#include <linux/ioctl.h>
42#include <linux/slab.h>
43#include <linux/fcntl.h>
44#include <linux/init.h>
45#include <linux/poll.h>
46#include <linux/moduleparam.h>
47#include <linux/cdev.h>
48#include <linux/idr.h>
49#include <linux/seq_file.h>
50#include <linux/blkdev.h>
51#include <linux/delay.h>
52#include <linux/blktrace_api.h>
53#include <linux/mutex.h>
54#include <linux/ratelimit.h>
55
56#include "scsi.h"
57#include <scsi/scsi_dbg.h>
58#include <scsi/scsi_host.h>
59#include <scsi/scsi_driver.h>
60#include <scsi/scsi_ioctl.h>
61#include <scsi/sg.h>
62
63#include "scsi_logging.h"
64
65#ifdef CONFIG_SCSI_PROC_FS
66#include <linux/proc_fs.h>
67static char *sg_version_date = "20061027";
68
69static int sg_proc_init(void);
70static void sg_proc_cleanup(void);
71#endif
72
73#define SG_ALLOW_DIO_DEF 0
74
75#define SG_MAX_DEVS 32768
76
77
78
79
80
81
82
83
84
85
86#define MULDIV(X,MUL,DIV) ((((X % DIV) * MUL) / DIV) + ((X / DIV) * MUL))
87
88#define SG_DEFAULT_TIMEOUT MULDIV(SG_DEFAULT_TIMEOUT_USER, HZ, USER_HZ)
89
90int sg_big_buff = SG_DEF_RESERVED_SIZE;
91
92
93
94
95
96
97static int def_reserved_size = -1;
98static int sg_allow_dio = SG_ALLOW_DIO_DEF;
99
100static int scatter_elem_sz = SG_SCATTER_SZ;
101static int scatter_elem_sz_prev = SG_SCATTER_SZ;
102
103#define SG_SECTOR_SZ 512
104
105static int sg_add(struct device *, struct class_interface *);
106static void sg_remove(struct device *, struct class_interface *);
107
108static DEFINE_SPINLOCK(sg_open_exclusive_lock);
109
110static DEFINE_IDR(sg_index_idr);
111static DEFINE_RWLOCK(sg_index_lock);
112
113
114static struct class_interface sg_interface = {
115 .add_dev = sg_add,
116 .remove_dev = sg_remove,
117};
118
119typedef struct sg_scatter_hold {
120 unsigned short k_use_sg;
121 unsigned sglist_len;
122 unsigned bufflen;
123 struct page **pages;
124 int page_order;
125 char dio_in_use;
126 unsigned char cmd_opcode;
127} Sg_scatter_hold;
128
129struct sg_device;
130struct sg_fd;
131
132typedef struct sg_request {
133 struct sg_request *nextrp;
134 struct sg_fd *parentfp;
135 Sg_scatter_hold data;
136 sg_io_hdr_t header;
137 unsigned char sense_b[SCSI_SENSE_BUFFERSIZE];
138 char res_used;
139 char orphan;
140 char sg_io_owned;
141
142 char done;
143 struct request *rq;
144 struct bio *bio;
145 struct execute_work ew;
146} Sg_request;
147
148typedef struct sg_fd {
149
150 struct list_head sfd_siblings;
151 struct sg_device *parentdp;
152 wait_queue_head_t read_wait;
153 rwlock_t rq_list_lock;
154 int timeout;
155 int timeout_user;
156 Sg_scatter_hold reserve;
157 unsigned save_scat_len;
158 Sg_request *headrp;
159 struct fasync_struct *async_qp;
160 Sg_request req_arr[SG_MAX_QUEUE];
161 char low_dma;
162 char force_packid;
163 char cmd_q;
164 char next_cmd_len;
165 char keep_orphan;
166 char mmap_called;
167 struct kref f_ref;
168 struct execute_work ew;
169} Sg_fd;
170
171typedef struct sg_device {
172 struct scsi_device *device;
173 wait_queue_head_t o_excl_wait;
174 int sg_tablesize;
175 u32 index;
176
177 struct list_head sfds;
178 volatile char detached;
179
180 char exclude;
181 char sgdebug;
182 struct gendisk *disk;
183 struct cdev * cdev;
184 struct kref d_ref;
185} Sg_device;
186
187
188static void sg_rq_end_io(struct request *rq, int uptodate);
189static int sg_start_req(Sg_request *srp, unsigned char *cmd);
190static int sg_finish_rem_req(Sg_request * srp);
191static int sg_build_indirect(Sg_scatter_hold * schp, Sg_fd * sfp, int buff_size);
192static ssize_t sg_new_read(Sg_fd * sfp, char __user *buf, size_t count,
193 Sg_request * srp);
194static ssize_t sg_new_write(Sg_fd *sfp, struct file *file,
195 const char __user *buf, size_t count, int blocking,
196 int read_only, int sg_io_owned, Sg_request **o_srp);
197static int sg_common_write(Sg_fd * sfp, Sg_request * srp,
198 unsigned char *cmnd, int timeout, int blocking);
199static int sg_read_oxfer(Sg_request * srp, char __user *outp, int num_read_xfer);
200static void sg_remove_scat(Sg_scatter_hold * schp);
201static void sg_build_reserve(Sg_fd * sfp, int req_size);
202static void sg_link_reserve(Sg_fd * sfp, Sg_request * srp, int size);
203static void sg_unlink_reserve(Sg_fd * sfp, Sg_request * srp);
204static Sg_fd *sg_add_sfp(Sg_device * sdp, int dev);
205static void sg_remove_sfp(struct kref *);
206static Sg_request *sg_get_rq_mark(Sg_fd * sfp, int pack_id);
207static Sg_request *sg_add_request(Sg_fd * sfp);
208static int sg_remove_request(Sg_fd * sfp, Sg_request * srp);
209static int sg_res_in_use(Sg_fd * sfp);
210static Sg_device *sg_get_dev(int dev);
211static void sg_put_dev(Sg_device *sdp);
212
213#define SZ_SG_HEADER sizeof(struct sg_header)
214#define SZ_SG_IO_HDR sizeof(sg_io_hdr_t)
215#define SZ_SG_IOVEC sizeof(sg_iovec_t)
216#define SZ_SG_REQ_INFO sizeof(sg_req_info_t)
217
218static int sg_allow_access(struct file *filp, unsigned char *cmd)
219{
220 struct sg_fd *sfp = filp->private_data;
221
222 if (sfp->parentdp->device->type == TYPE_SCANNER)
223 return 0;
224
225 return blk_verify_command(cmd, filp->f_mode & FMODE_WRITE);
226}
227
228static int get_exclude(Sg_device *sdp)
229{
230 unsigned long flags;
231 int ret;
232
233 spin_lock_irqsave(&sg_open_exclusive_lock, flags);
234 ret = sdp->exclude;
235 spin_unlock_irqrestore(&sg_open_exclusive_lock, flags);
236 return ret;
237}
238
239static int set_exclude(Sg_device *sdp, char val)
240{
241 unsigned long flags;
242
243 spin_lock_irqsave(&sg_open_exclusive_lock, flags);
244 sdp->exclude = val;
245 spin_unlock_irqrestore(&sg_open_exclusive_lock, flags);
246 return val;
247}
248
249static int sfds_list_empty(Sg_device *sdp)
250{
251 unsigned long flags;
252 int ret;
253
254 read_lock_irqsave(&sg_index_lock, flags);
255 ret = list_empty(&sdp->sfds);
256 read_unlock_irqrestore(&sg_index_lock, flags);
257 return ret;
258}
259
260static int
261sg_open(struct inode *inode, struct file *filp)
262{
263 int dev = iminor(inode);
264 int flags = filp->f_flags;
265 struct request_queue *q;
266 Sg_device *sdp;
267 Sg_fd *sfp;
268 int res;
269 int retval;
270
271 nonseekable_open(inode, filp);
272 SCSI_LOG_TIMEOUT(3, printk("sg_open: dev=%d, flags=0x%x\n", dev, flags));
273 sdp = sg_get_dev(dev);
274 if (IS_ERR(sdp)) {
275 retval = PTR_ERR(sdp);
276 sdp = NULL;
277 goto sg_put;
278 }
279
280
281
282 retval = scsi_device_get(sdp->device);
283 if (retval)
284 goto sg_put;
285
286 retval = scsi_autopm_get_device(sdp->device);
287 if (retval)
288 goto sdp_put;
289
290 if (!((flags & O_NONBLOCK) ||
291 scsi_block_when_processing_errors(sdp->device))) {
292 retval = -ENXIO;
293
294 goto error_out;
295 }
296
297 if (flags & O_EXCL) {
298 if (O_RDONLY == (flags & O_ACCMODE)) {
299 retval = -EPERM;
300 goto error_out;
301 }
302 if (!sfds_list_empty(sdp) && (flags & O_NONBLOCK)) {
303 retval = -EBUSY;
304 goto error_out;
305 }
306 res = wait_event_interruptible(sdp->o_excl_wait,
307 ((!sfds_list_empty(sdp) || get_exclude(sdp)) ? 0 : set_exclude(sdp, 1)));
308 if (res) {
309 retval = res;
310 goto error_out;
311 }
312 } else if (get_exclude(sdp)) {
313 if (flags & O_NONBLOCK) {
314 retval = -EBUSY;
315 goto error_out;
316 }
317 res = wait_event_interruptible(sdp->o_excl_wait, !get_exclude(sdp));
318 if (res) {
319 retval = res;
320 goto error_out;
321 }
322 }
323 if (sdp->detached) {
324 retval = -ENODEV;
325 goto error_out;
326 }
327 if (sfds_list_empty(sdp)) {
328 sdp->sgdebug = 0;
329 q = sdp->device->request_queue;
330 sdp->sg_tablesize = queue_max_segments(q);
331 }
332 if ((sfp = sg_add_sfp(sdp, dev)))
333 filp->private_data = sfp;
334 else {
335 if (flags & O_EXCL) {
336 set_exclude(sdp, 0);
337 wake_up_interruptible(&sdp->o_excl_wait);
338 }
339 retval = -ENOMEM;
340 goto error_out;
341 }
342 retval = 0;
343error_out:
344 if (retval) {
345 scsi_autopm_put_device(sdp->device);
346sdp_put:
347 scsi_device_put(sdp->device);
348 }
349sg_put:
350 if (sdp)
351 sg_put_dev(sdp);
352 return retval;
353}
354
355
356static int
357sg_release(struct inode *inode, struct file *filp)
358{
359 Sg_device *sdp;
360 Sg_fd *sfp;
361
362 if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
363 return -ENXIO;
364 SCSI_LOG_TIMEOUT(3, printk("sg_release: %s\n", sdp->disk->disk_name));
365
366 set_exclude(sdp, 0);
367 wake_up_interruptible(&sdp->o_excl_wait);
368
369 scsi_autopm_put_device(sdp->device);
370 kref_put(&sfp->f_ref, sg_remove_sfp);
371 return 0;
372}
373
374static ssize_t
375sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos)
376{
377 Sg_device *sdp;
378 Sg_fd *sfp;
379 Sg_request *srp;
380 int req_pack_id = -1;
381 sg_io_hdr_t *hp;
382 struct sg_header *old_hdr = NULL;
383 int retval = 0;
384
385 if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
386 return -ENXIO;
387 SCSI_LOG_TIMEOUT(3, printk("sg_read: %s, count=%d\n",
388 sdp->disk->disk_name, (int) count));
389
390 if (!access_ok(VERIFY_WRITE, buf, count))
391 return -EFAULT;
392 if (sfp->force_packid && (count >= SZ_SG_HEADER)) {
393 old_hdr = kmalloc(SZ_SG_HEADER, GFP_KERNEL);
394 if (!old_hdr)
395 return -ENOMEM;
396 if (__copy_from_user(old_hdr, buf, SZ_SG_HEADER)) {
397 retval = -EFAULT;
398 goto free_old_hdr;
399 }
400 if (old_hdr->reply_len < 0) {
401 if (count >= SZ_SG_IO_HDR) {
402 sg_io_hdr_t *new_hdr;
403 new_hdr = kmalloc(SZ_SG_IO_HDR, GFP_KERNEL);
404 if (!new_hdr) {
405 retval = -ENOMEM;
406 goto free_old_hdr;
407 }
408 retval =__copy_from_user
409 (new_hdr, buf, SZ_SG_IO_HDR);
410 req_pack_id = new_hdr->pack_id;
411 kfree(new_hdr);
412 if (retval) {
413 retval = -EFAULT;
414 goto free_old_hdr;
415 }
416 }
417 } else
418 req_pack_id = old_hdr->pack_id;
419 }
420 srp = sg_get_rq_mark(sfp, req_pack_id);
421 if (!srp) {
422 if (sdp->detached) {
423 retval = -ENODEV;
424 goto free_old_hdr;
425 }
426 if (filp->f_flags & O_NONBLOCK) {
427 retval = -EAGAIN;
428 goto free_old_hdr;
429 }
430 retval = wait_event_interruptible(sfp->read_wait,
431 (sdp->detached ||
432 (srp = sg_get_rq_mark(sfp, req_pack_id))));
433 if (sdp->detached) {
434 retval = -ENODEV;
435 goto free_old_hdr;
436 }
437 if (retval) {
438
439 goto free_old_hdr;
440 }
441 }
442 if (srp->header.interface_id != '\0') {
443 retval = sg_new_read(sfp, buf, count, srp);
444 goto free_old_hdr;
445 }
446
447 hp = &srp->header;
448 if (old_hdr == NULL) {
449 old_hdr = kmalloc(SZ_SG_HEADER, GFP_KERNEL);
450 if (! old_hdr) {
451 retval = -ENOMEM;
452 goto free_old_hdr;
453 }
454 }
455 memset(old_hdr, 0, SZ_SG_HEADER);
456 old_hdr->reply_len = (int) hp->timeout;
457 old_hdr->pack_len = old_hdr->reply_len;
458 old_hdr->pack_id = hp->pack_id;
459 old_hdr->twelve_byte =
460 ((srp->data.cmd_opcode >= 0xc0) && (12 == hp->cmd_len)) ? 1 : 0;
461 old_hdr->target_status = hp->masked_status;
462 old_hdr->host_status = hp->host_status;
463 old_hdr->driver_status = hp->driver_status;
464 if ((CHECK_CONDITION & hp->masked_status) ||
465 (DRIVER_SENSE & hp->driver_status))
466 memcpy(old_hdr->sense_buffer, srp->sense_b,
467 sizeof (old_hdr->sense_buffer));
468 switch (hp->host_status) {
469
470
471 case DID_OK:
472 case DID_PASSTHROUGH:
473 case DID_SOFT_ERROR:
474 old_hdr->result = 0;
475 break;
476 case DID_NO_CONNECT:
477 case DID_BUS_BUSY:
478 case DID_TIME_OUT:
479 old_hdr->result = EBUSY;
480 break;
481 case DID_BAD_TARGET:
482 case DID_ABORT:
483 case DID_PARITY:
484 case DID_RESET:
485 case DID_BAD_INTR:
486 old_hdr->result = EIO;
487 break;
488 case DID_ERROR:
489 old_hdr->result = (srp->sense_b[0] == 0 &&
490 hp->masked_status == GOOD) ? 0 : EIO;
491 break;
492 default:
493 old_hdr->result = EIO;
494 break;
495 }
496
497
498 if (count >= SZ_SG_HEADER) {
499 if (__copy_to_user(buf, old_hdr, SZ_SG_HEADER)) {
500 retval = -EFAULT;
501 goto free_old_hdr;
502 }
503 buf += SZ_SG_HEADER;
504 if (count > old_hdr->reply_len)
505 count = old_hdr->reply_len;
506 if (count > SZ_SG_HEADER) {
507 if (sg_read_oxfer(srp, buf, count - SZ_SG_HEADER)) {
508 retval = -EFAULT;
509 goto free_old_hdr;
510 }
511 }
512 } else
513 count = (old_hdr->result == 0) ? 0 : -EIO;
514 sg_finish_rem_req(srp);
515 retval = count;
516free_old_hdr:
517 kfree(old_hdr);
518 return retval;
519}
520
521static ssize_t
522sg_new_read(Sg_fd * sfp, char __user *buf, size_t count, Sg_request * srp)
523{
524 sg_io_hdr_t *hp = &srp->header;
525 int err = 0;
526 int len;
527
528 if (count < SZ_SG_IO_HDR) {
529 err = -EINVAL;
530 goto err_out;
531 }
532 hp->sb_len_wr = 0;
533 if ((hp->mx_sb_len > 0) && hp->sbp) {
534 if ((CHECK_CONDITION & hp->masked_status) ||
535 (DRIVER_SENSE & hp->driver_status)) {
536 int sb_len = SCSI_SENSE_BUFFERSIZE;
537 sb_len = (hp->mx_sb_len > sb_len) ? sb_len : hp->mx_sb_len;
538 len = 8 + (int) srp->sense_b[7];
539 len = (len > sb_len) ? sb_len : len;
540 if (copy_to_user(hp->sbp, srp->sense_b, len)) {
541 err = -EFAULT;
542 goto err_out;
543 }
544 hp->sb_len_wr = len;
545 }
546 }
547 if (hp->masked_status || hp->host_status || hp->driver_status)
548 hp->info |= SG_INFO_CHECK;
549 if (copy_to_user(buf, hp, SZ_SG_IO_HDR)) {
550 err = -EFAULT;
551 goto err_out;
552 }
553err_out:
554 err = sg_finish_rem_req(srp);
555 return (0 == err) ? count : err;
556}
557
558static ssize_t
559sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos)
560{
561 int mxsize, cmd_size, k;
562 int input_size, blocking;
563 unsigned char opcode;
564 Sg_device *sdp;
565 Sg_fd *sfp;
566 Sg_request *srp;
567 struct sg_header old_hdr;
568 sg_io_hdr_t *hp;
569 unsigned char cmnd[MAX_COMMAND_SIZE];
570
571 if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
572 return -ENXIO;
573 SCSI_LOG_TIMEOUT(3, printk("sg_write: %s, count=%d\n",
574 sdp->disk->disk_name, (int) count));
575 if (sdp->detached)
576 return -ENODEV;
577 if (!((filp->f_flags & O_NONBLOCK) ||
578 scsi_block_when_processing_errors(sdp->device)))
579 return -ENXIO;
580
581 if (!access_ok(VERIFY_READ, buf, count))
582 return -EFAULT;
583 if (count < SZ_SG_HEADER)
584 return -EIO;
585 if (__copy_from_user(&old_hdr, buf, SZ_SG_HEADER))
586 return -EFAULT;
587 blocking = !(filp->f_flags & O_NONBLOCK);
588 if (old_hdr.reply_len < 0)
589 return sg_new_write(sfp, filp, buf, count,
590 blocking, 0, 0, NULL);
591 if (count < (SZ_SG_HEADER + 6))
592 return -EIO;
593
594 if (!(srp = sg_add_request(sfp))) {
595 SCSI_LOG_TIMEOUT(1, printk("sg_write: queue full\n"));
596 return -EDOM;
597 }
598 buf += SZ_SG_HEADER;
599 __get_user(opcode, buf);
600 if (sfp->next_cmd_len > 0) {
601 if (sfp->next_cmd_len > MAX_COMMAND_SIZE) {
602 SCSI_LOG_TIMEOUT(1, printk("sg_write: command length too long\n"));
603 sfp->next_cmd_len = 0;
604 sg_remove_request(sfp, srp);
605 return -EIO;
606 }
607 cmd_size = sfp->next_cmd_len;
608 sfp->next_cmd_len = 0;
609 } else {
610 cmd_size = COMMAND_SIZE(opcode);
611 if ((opcode >= 0xc0) && old_hdr.twelve_byte)
612 cmd_size = 12;
613 }
614 SCSI_LOG_TIMEOUT(4, printk(
615 "sg_write: scsi opcode=0x%02x, cmd_size=%d\n", (int) opcode, cmd_size));
616
617 input_size = count - cmd_size;
618 mxsize = (input_size > old_hdr.reply_len) ? input_size : old_hdr.reply_len;
619 mxsize -= SZ_SG_HEADER;
620 input_size -= SZ_SG_HEADER;
621 if (input_size < 0) {
622 sg_remove_request(sfp, srp);
623 return -EIO;
624 }
625 hp = &srp->header;
626 hp->interface_id = '\0';
627 hp->cmd_len = (unsigned char) cmd_size;
628 hp->iovec_count = 0;
629 hp->mx_sb_len = 0;
630 if (input_size > 0)
631 hp->dxfer_direction = (old_hdr.reply_len > SZ_SG_HEADER) ?
632 SG_DXFER_TO_FROM_DEV : SG_DXFER_TO_DEV;
633 else
634 hp->dxfer_direction = (mxsize > 0) ? SG_DXFER_FROM_DEV : SG_DXFER_NONE;
635 hp->dxfer_len = mxsize;
636 if (hp->dxfer_direction == SG_DXFER_TO_DEV)
637 hp->dxferp = (char __user *)buf + cmd_size;
638 else
639 hp->dxferp = NULL;
640 hp->sbp = NULL;
641 hp->timeout = old_hdr.reply_len;
642 hp->flags = input_size;
643 hp->pack_id = old_hdr.pack_id;
644 hp->usr_ptr = NULL;
645 if (__copy_from_user(cmnd, buf, cmd_size))
646 return -EFAULT;
647
648
649
650
651
652 if (hp->dxfer_direction == SG_DXFER_TO_FROM_DEV) {
653 static char cmd[TASK_COMM_LEN];
654 if (strcmp(current->comm, cmd)) {
655 printk_ratelimited(KERN_WARNING
656 "sg_write: data in/out %d/%d bytes "
657 "for SCSI command 0x%x-- guessing "
658 "data in;\n program %s not setting "
659 "count and/or reply_len properly\n",
660 old_hdr.reply_len - (int)SZ_SG_HEADER,
661 input_size, (unsigned int) cmnd[0],
662 current->comm);
663 strcpy(cmd, current->comm);
664 }
665 }
666 k = sg_common_write(sfp, srp, cmnd, sfp->timeout, blocking);
667 return (k < 0) ? k : count;
668}
669
670static ssize_t
671sg_new_write(Sg_fd *sfp, struct file *file, const char __user *buf,
672 size_t count, int blocking, int read_only, int sg_io_owned,
673 Sg_request **o_srp)
674{
675 int k;
676 Sg_request *srp;
677 sg_io_hdr_t *hp;
678 unsigned char cmnd[MAX_COMMAND_SIZE];
679 int timeout;
680 unsigned long ul_timeout;
681
682 if (count < SZ_SG_IO_HDR)
683 return -EINVAL;
684 if (!access_ok(VERIFY_READ, buf, count))
685 return -EFAULT;
686
687 sfp->cmd_q = 1;
688 if (!(srp = sg_add_request(sfp))) {
689 SCSI_LOG_TIMEOUT(1, printk("sg_new_write: queue full\n"));
690 return -EDOM;
691 }
692 srp->sg_io_owned = sg_io_owned;
693 hp = &srp->header;
694 if (__copy_from_user(hp, buf, SZ_SG_IO_HDR)) {
695 sg_remove_request(sfp, srp);
696 return -EFAULT;
697 }
698 if (hp->interface_id != 'S') {
699 sg_remove_request(sfp, srp);
700 return -ENOSYS;
701 }
702 if (hp->flags & SG_FLAG_MMAP_IO) {
703 if (hp->dxfer_len > sfp->reserve.bufflen) {
704 sg_remove_request(sfp, srp);
705 return -ENOMEM;
706 }
707 if (hp->flags & SG_FLAG_DIRECT_IO) {
708 sg_remove_request(sfp, srp);
709 return -EINVAL;
710 }
711 if (sg_res_in_use(sfp)) {
712 sg_remove_request(sfp, srp);
713 return -EBUSY;
714 }
715 }
716 ul_timeout = msecs_to_jiffies(srp->header.timeout);
717 timeout = (ul_timeout < INT_MAX) ? ul_timeout : INT_MAX;
718 if ((!hp->cmdp) || (hp->cmd_len < 6) || (hp->cmd_len > sizeof (cmnd))) {
719 sg_remove_request(sfp, srp);
720 return -EMSGSIZE;
721 }
722 if (!access_ok(VERIFY_READ, hp->cmdp, hp->cmd_len)) {
723 sg_remove_request(sfp, srp);
724 return -EFAULT;
725 }
726 if (__copy_from_user(cmnd, hp->cmdp, hp->cmd_len)) {
727 sg_remove_request(sfp, srp);
728 return -EFAULT;
729 }
730 if (read_only && sg_allow_access(file, cmnd)) {
731 sg_remove_request(sfp, srp);
732 return -EPERM;
733 }
734 k = sg_common_write(sfp, srp, cmnd, timeout, blocking);
735 if (k < 0)
736 return k;
737 if (o_srp)
738 *o_srp = srp;
739 return count;
740}
741
742static int
743sg_common_write(Sg_fd * sfp, Sg_request * srp,
744 unsigned char *cmnd, int timeout, int blocking)
745{
746 int k, data_dir;
747 Sg_device *sdp = sfp->parentdp;
748 sg_io_hdr_t *hp = &srp->header;
749
750 srp->data.cmd_opcode = cmnd[0];
751 hp->status = 0;
752 hp->masked_status = 0;
753 hp->msg_status = 0;
754 hp->info = 0;
755 hp->host_status = 0;
756 hp->driver_status = 0;
757 hp->resid = 0;
758 SCSI_LOG_TIMEOUT(4, printk("sg_common_write: scsi opcode=0x%02x, cmd_size=%d\n",
759 (int) cmnd[0], (int) hp->cmd_len));
760
761 k = sg_start_req(srp, cmnd);
762 if (k) {
763 SCSI_LOG_TIMEOUT(1, printk("sg_common_write: start_req err=%d\n", k));
764 sg_finish_rem_req(srp);
765 return k;
766 }
767 if (sdp->detached) {
768 if (srp->bio)
769 blk_end_request_all(srp->rq, -EIO);
770 sg_finish_rem_req(srp);
771 return -ENODEV;
772 }
773
774 switch (hp->dxfer_direction) {
775 case SG_DXFER_TO_FROM_DEV:
776 case SG_DXFER_FROM_DEV:
777 data_dir = DMA_FROM_DEVICE;
778 break;
779 case SG_DXFER_TO_DEV:
780 data_dir = DMA_TO_DEVICE;
781 break;
782 case SG_DXFER_UNKNOWN:
783 data_dir = DMA_BIDIRECTIONAL;
784 break;
785 default:
786 data_dir = DMA_NONE;
787 break;
788 }
789 hp->duration = jiffies_to_msecs(jiffies);
790
791 srp->rq->timeout = timeout;
792 kref_get(&sfp->f_ref);
793 blk_execute_rq_nowait(sdp->device->request_queue, sdp->disk,
794 srp->rq, 1, sg_rq_end_io);
795 return 0;
796}
797
798static int srp_done(Sg_fd *sfp, Sg_request *srp)
799{
800 unsigned long flags;
801 int ret;
802
803 read_lock_irqsave(&sfp->rq_list_lock, flags);
804 ret = srp->done;
805 read_unlock_irqrestore(&sfp->rq_list_lock, flags);
806 return ret;
807}
808
809static long
810sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
811{
812 void __user *p = (void __user *)arg;
813 int __user *ip = p;
814 int result, val, read_only;
815 Sg_device *sdp;
816 Sg_fd *sfp;
817 Sg_request *srp;
818 unsigned long iflags;
819
820 if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
821 return -ENXIO;
822
823 SCSI_LOG_TIMEOUT(3, printk("sg_ioctl: %s, cmd=0x%x\n",
824 sdp->disk->disk_name, (int) cmd_in));
825 read_only = (O_RDWR != (filp->f_flags & O_ACCMODE));
826
827 switch (cmd_in) {
828 case SG_IO:
829 if (sdp->detached)
830 return -ENODEV;
831 if (!scsi_block_when_processing_errors(sdp->device))
832 return -ENXIO;
833 if (!access_ok(VERIFY_WRITE, p, SZ_SG_IO_HDR))
834 return -EFAULT;
835 result = sg_new_write(sfp, filp, p, SZ_SG_IO_HDR,
836 1, read_only, 1, &srp);
837 if (result < 0)
838 return result;
839 result = wait_event_interruptible(sfp->read_wait,
840 (srp_done(sfp, srp) || sdp->detached));
841 if (sdp->detached)
842 return -ENODEV;
843 write_lock_irq(&sfp->rq_list_lock);
844 if (srp->done) {
845 srp->done = 2;
846 write_unlock_irq(&sfp->rq_list_lock);
847 result = sg_new_read(sfp, p, SZ_SG_IO_HDR, srp);
848 return (result < 0) ? result : 0;
849 }
850 srp->orphan = 1;
851 write_unlock_irq(&sfp->rq_list_lock);
852 return result;
853 case SG_SET_TIMEOUT:
854 result = get_user(val, ip);
855 if (result)
856 return result;
857 if (val < 0)
858 return -EIO;
859 if (val >= MULDIV (INT_MAX, USER_HZ, HZ))
860 val = MULDIV (INT_MAX, USER_HZ, HZ);
861 sfp->timeout_user = val;
862 sfp->timeout = MULDIV (val, HZ, USER_HZ);
863
864 return 0;
865 case SG_GET_TIMEOUT:
866
867 return sfp->timeout_user;
868 case SG_SET_FORCE_LOW_DMA:
869 result = get_user(val, ip);
870 if (result)
871 return result;
872 if (val) {
873 sfp->low_dma = 1;
874 if ((0 == sfp->low_dma) && (0 == sg_res_in_use(sfp))) {
875 val = (int) sfp->reserve.bufflen;
876 sg_remove_scat(&sfp->reserve);
877 sg_build_reserve(sfp, val);
878 }
879 } else {
880 if (sdp->detached)
881 return -ENODEV;
882 sfp->low_dma = sdp->device->host->unchecked_isa_dma;
883 }
884 return 0;
885 case SG_GET_LOW_DMA:
886 return put_user((int) sfp->low_dma, ip);
887 case SG_GET_SCSI_ID:
888 if (!access_ok(VERIFY_WRITE, p, sizeof (sg_scsi_id_t)))
889 return -EFAULT;
890 else {
891 sg_scsi_id_t __user *sg_idp = p;
892
893 if (sdp->detached)
894 return -ENODEV;
895 __put_user((int) sdp->device->host->host_no,
896 &sg_idp->host_no);
897 __put_user((int) sdp->device->channel,
898 &sg_idp->channel);
899 __put_user((int) sdp->device->id, &sg_idp->scsi_id);
900 __put_user((int) sdp->device->lun, &sg_idp->lun);
901 __put_user((int) sdp->device->type, &sg_idp->scsi_type);
902 __put_user((short) sdp->device->host->cmd_per_lun,
903 &sg_idp->h_cmd_per_lun);
904 __put_user((short) sdp->device->queue_depth,
905 &sg_idp->d_queue_depth);
906 __put_user(0, &sg_idp->unused[0]);
907 __put_user(0, &sg_idp->unused[1]);
908 return 0;
909 }
910 case SG_SET_FORCE_PACK_ID:
911 result = get_user(val, ip);
912 if (result)
913 return result;
914 sfp->force_packid = val ? 1 : 0;
915 return 0;
916 case SG_GET_PACK_ID:
917 if (!access_ok(VERIFY_WRITE, ip, sizeof (int)))
918 return -EFAULT;
919 read_lock_irqsave(&sfp->rq_list_lock, iflags);
920 for (srp = sfp->headrp; srp; srp = srp->nextrp) {
921 if ((1 == srp->done) && (!srp->sg_io_owned)) {
922 read_unlock_irqrestore(&sfp->rq_list_lock,
923 iflags);
924 __put_user(srp->header.pack_id, ip);
925 return 0;
926 }
927 }
928 read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
929 __put_user(-1, ip);
930 return 0;
931 case SG_GET_NUM_WAITING:
932 read_lock_irqsave(&sfp->rq_list_lock, iflags);
933 for (val = 0, srp = sfp->headrp; srp; srp = srp->nextrp) {
934 if ((1 == srp->done) && (!srp->sg_io_owned))
935 ++val;
936 }
937 read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
938 return put_user(val, ip);
939 case SG_GET_SG_TABLESIZE:
940 return put_user(sdp->sg_tablesize, ip);
941 case SG_SET_RESERVED_SIZE:
942 result = get_user(val, ip);
943 if (result)
944 return result;
945 if (val < 0)
946 return -EINVAL;
947 val = min_t(int, val,
948 queue_max_sectors(sdp->device->request_queue) * 512);
949 if (val != sfp->reserve.bufflen) {
950 if (sg_res_in_use(sfp) || sfp->mmap_called)
951 return -EBUSY;
952 sg_remove_scat(&sfp->reserve);
953 sg_build_reserve(sfp, val);
954 }
955 return 0;
956 case SG_GET_RESERVED_SIZE:
957 val = min_t(int, sfp->reserve.bufflen,
958 queue_max_sectors(sdp->device->request_queue) * 512);
959 return put_user(val, ip);
960 case SG_SET_COMMAND_Q:
961 result = get_user(val, ip);
962 if (result)
963 return result;
964 sfp->cmd_q = val ? 1 : 0;
965 return 0;
966 case SG_GET_COMMAND_Q:
967 return put_user((int) sfp->cmd_q, ip);
968 case SG_SET_KEEP_ORPHAN:
969 result = get_user(val, ip);
970 if (result)
971 return result;
972 sfp->keep_orphan = val;
973 return 0;
974 case SG_GET_KEEP_ORPHAN:
975 return put_user((int) sfp->keep_orphan, ip);
976 case SG_NEXT_CMD_LEN:
977 result = get_user(val, ip);
978 if (result)
979 return result;
980 sfp->next_cmd_len = (val > 0) ? val : 0;
981 return 0;
982 case SG_GET_VERSION_NUM:
983 return put_user(sg_version_num, ip);
984 case SG_GET_ACCESS_COUNT:
985
986 val = (sdp->device ? 1 : 0);
987 return put_user(val, ip);
988 case SG_GET_REQUEST_TABLE:
989 if (!access_ok(VERIFY_WRITE, p, SZ_SG_REQ_INFO * SG_MAX_QUEUE))
990 return -EFAULT;
991 else {
992 sg_req_info_t *rinfo;
993 unsigned int ms;
994
995 rinfo = kmalloc(SZ_SG_REQ_INFO * SG_MAX_QUEUE,
996 GFP_KERNEL);
997 if (!rinfo)
998 return -ENOMEM;
999 read_lock_irqsave(&sfp->rq_list_lock, iflags);
1000 for (srp = sfp->headrp, val = 0; val < SG_MAX_QUEUE;
1001 ++val, srp = srp ? srp->nextrp : srp) {
1002 memset(&rinfo[val], 0, SZ_SG_REQ_INFO);
1003 if (srp) {
1004 rinfo[val].req_state = srp->done + 1;
1005 rinfo[val].problem =
1006 srp->header.masked_status &
1007 srp->header.host_status &
1008 srp->header.driver_status;
1009 if (srp->done)
1010 rinfo[val].duration =
1011 srp->header.duration;
1012 else {
1013 ms = jiffies_to_msecs(jiffies);
1014 rinfo[val].duration =
1015 (ms > srp->header.duration) ?
1016 (ms - srp->header.duration) : 0;
1017 }
1018 rinfo[val].orphan = srp->orphan;
1019 rinfo[val].sg_io_owned =
1020 srp->sg_io_owned;
1021 rinfo[val].pack_id =
1022 srp->header.pack_id;
1023 rinfo[val].usr_ptr =
1024 srp->header.usr_ptr;
1025 }
1026 }
1027 read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
1028 result = __copy_to_user(p, rinfo,
1029 SZ_SG_REQ_INFO * SG_MAX_QUEUE);
1030 result = result ? -EFAULT : 0;
1031 kfree(rinfo);
1032 return result;
1033 }
1034 case SG_EMULATED_HOST:
1035 if (sdp->detached)
1036 return -ENODEV;
1037 return put_user(sdp->device->host->hostt->emulated, ip);
1038 case SG_SCSI_RESET:
1039 if (sdp->detached)
1040 return -ENODEV;
1041 if (filp->f_flags & O_NONBLOCK) {
1042 if (scsi_host_in_recovery(sdp->device->host))
1043 return -EBUSY;
1044 } else if (!scsi_block_when_processing_errors(sdp->device))
1045 return -EBUSY;
1046 result = get_user(val, ip);
1047 if (result)
1048 return result;
1049 if (SG_SCSI_RESET_NOTHING == val)
1050 return 0;
1051 switch (val) {
1052 case SG_SCSI_RESET_DEVICE:
1053 val = SCSI_TRY_RESET_DEVICE;
1054 break;
1055 case SG_SCSI_RESET_TARGET:
1056 val = SCSI_TRY_RESET_TARGET;
1057 break;
1058 case SG_SCSI_RESET_BUS:
1059 val = SCSI_TRY_RESET_BUS;
1060 break;
1061 case SG_SCSI_RESET_HOST:
1062 val = SCSI_TRY_RESET_HOST;
1063 break;
1064 default:
1065 return -EINVAL;
1066 }
1067 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
1068 return -EACCES;
1069 return (scsi_reset_provider(sdp->device, val) ==
1070 SUCCESS) ? 0 : -EIO;
1071 case SCSI_IOCTL_SEND_COMMAND:
1072 if (sdp->detached)
1073 return -ENODEV;
1074 if (read_only) {
1075 unsigned char opcode = WRITE_6;
1076 Scsi_Ioctl_Command __user *siocp = p;
1077
1078 if (copy_from_user(&opcode, siocp->data, 1))
1079 return -EFAULT;
1080 if (sg_allow_access(filp, &opcode))
1081 return -EPERM;
1082 }
1083 return sg_scsi_ioctl(sdp->device->request_queue, NULL, filp->f_mode, p);
1084 case SG_SET_DEBUG:
1085 result = get_user(val, ip);
1086 if (result)
1087 return result;
1088 sdp->sgdebug = (char) val;
1089 return 0;
1090 case SCSI_IOCTL_GET_IDLUN:
1091 case SCSI_IOCTL_GET_BUS_NUMBER:
1092 case SCSI_IOCTL_PROBE_HOST:
1093 case SG_GET_TRANSFORM:
1094 if (sdp->detached)
1095 return -ENODEV;
1096 return scsi_ioctl(sdp->device, cmd_in, p);
1097 case BLKSECTGET:
1098 return put_user(queue_max_sectors(sdp->device->request_queue) * 512,
1099 ip);
1100 case BLKTRACESETUP:
1101 return blk_trace_setup(sdp->device->request_queue,
1102 sdp->disk->disk_name,
1103 MKDEV(SCSI_GENERIC_MAJOR, sdp->index),
1104 NULL,
1105 (char *)arg);
1106 case BLKTRACESTART:
1107 return blk_trace_startstop(sdp->device->request_queue, 1);
1108 case BLKTRACESTOP:
1109 return blk_trace_startstop(sdp->device->request_queue, 0);
1110 case BLKTRACETEARDOWN:
1111 return blk_trace_remove(sdp->device->request_queue);
1112 default:
1113 if (read_only)
1114 return -EPERM;
1115 return scsi_ioctl(sdp->device, cmd_in, p);
1116 }
1117}
1118
1119#ifdef CONFIG_COMPAT
1120static long sg_compat_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
1121{
1122 Sg_device *sdp;
1123 Sg_fd *sfp;
1124 struct scsi_device *sdev;
1125
1126 if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
1127 return -ENXIO;
1128
1129 sdev = sdp->device;
1130 if (sdev->host->hostt->compat_ioctl) {
1131 int ret;
1132
1133 ret = sdev->host->hostt->compat_ioctl(sdev, cmd_in, (void __user *)arg);
1134
1135 return ret;
1136 }
1137
1138 return -ENOIOCTLCMD;
1139}
1140#endif
1141
1142static unsigned int
1143sg_poll(struct file *filp, poll_table * wait)
1144{
1145 unsigned int res = 0;
1146 Sg_device *sdp;
1147 Sg_fd *sfp;
1148 Sg_request *srp;
1149 int count = 0;
1150 unsigned long iflags;
1151
1152 sfp = filp->private_data;
1153 if (!sfp)
1154 return POLLERR;
1155 sdp = sfp->parentdp;
1156 if (!sdp)
1157 return POLLERR;
1158 poll_wait(filp, &sfp->read_wait, wait);
1159 read_lock_irqsave(&sfp->rq_list_lock, iflags);
1160 for (srp = sfp->headrp; srp; srp = srp->nextrp) {
1161
1162 if ((0 == res) && (1 == srp->done) && (!srp->sg_io_owned))
1163 res = POLLIN | POLLRDNORM;
1164 ++count;
1165 }
1166 read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
1167
1168 if (sdp->detached)
1169 res |= POLLHUP;
1170 else if (!sfp->cmd_q) {
1171 if (0 == count)
1172 res |= POLLOUT | POLLWRNORM;
1173 } else if (count < SG_MAX_QUEUE)
1174 res |= POLLOUT | POLLWRNORM;
1175 SCSI_LOG_TIMEOUT(3, printk("sg_poll: %s, res=0x%x\n",
1176 sdp->disk->disk_name, (int) res));
1177 return res;
1178}
1179
1180static int
1181sg_fasync(int fd, struct file *filp, int mode)
1182{
1183 Sg_device *sdp;
1184 Sg_fd *sfp;
1185
1186 if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
1187 return -ENXIO;
1188 SCSI_LOG_TIMEOUT(3, printk("sg_fasync: %s, mode=%d\n",
1189 sdp->disk->disk_name, mode));
1190
1191 return fasync_helper(fd, filp, mode, &sfp->async_qp);
1192}
1193
1194static int
1195sg_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
1196{
1197 Sg_fd *sfp;
1198 unsigned long offset, len, sa;
1199 Sg_scatter_hold *rsv_schp;
1200 int k, length;
1201
1202 if ((NULL == vma) || (!(sfp = (Sg_fd *) vma->vm_private_data)))
1203 return VM_FAULT_SIGBUS;
1204 rsv_schp = &sfp->reserve;
1205 offset = vmf->pgoff << PAGE_SHIFT;
1206 if (offset >= rsv_schp->bufflen)
1207 return VM_FAULT_SIGBUS;
1208 SCSI_LOG_TIMEOUT(3, printk("sg_vma_fault: offset=%lu, scatg=%d\n",
1209 offset, rsv_schp->k_use_sg));
1210 sa = vma->vm_start;
1211 length = 1 << (PAGE_SHIFT + rsv_schp->page_order);
1212 for (k = 0; k < rsv_schp->k_use_sg && sa < vma->vm_end; k++) {
1213 len = vma->vm_end - sa;
1214 len = (len < length) ? len : length;
1215 if (offset < len) {
1216 struct page *page = nth_page(rsv_schp->pages[k],
1217 offset >> PAGE_SHIFT);
1218 get_page(page);
1219 vmf->page = page;
1220 return 0;
1221 }
1222 sa += len;
1223 offset -= len;
1224 }
1225
1226 return VM_FAULT_SIGBUS;
1227}
1228
1229static const struct vm_operations_struct sg_mmap_vm_ops = {
1230 .fault = sg_vma_fault,
1231};
1232
1233static int
1234sg_mmap(struct file *filp, struct vm_area_struct *vma)
1235{
1236 Sg_fd *sfp;
1237 unsigned long req_sz, len, sa;
1238 Sg_scatter_hold *rsv_schp;
1239 int k, length;
1240
1241 if ((!filp) || (!vma) || (!(sfp = (Sg_fd *) filp->private_data)))
1242 return -ENXIO;
1243 req_sz = vma->vm_end - vma->vm_start;
1244 SCSI_LOG_TIMEOUT(3, printk("sg_mmap starting, vm_start=%p, len=%d\n",
1245 (void *) vma->vm_start, (int) req_sz));
1246 if (vma->vm_pgoff)
1247 return -EINVAL;
1248 rsv_schp = &sfp->reserve;
1249 if (req_sz > rsv_schp->bufflen)
1250 return -ENOMEM;
1251
1252 sa = vma->vm_start;
1253 length = 1 << (PAGE_SHIFT + rsv_schp->page_order);
1254 for (k = 0; k < rsv_schp->k_use_sg && sa < vma->vm_end; k++) {
1255 len = vma->vm_end - sa;
1256 len = (len < length) ? len : length;
1257 sa += len;
1258 }
1259
1260 sfp->mmap_called = 1;
1261 vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
1262 vma->vm_private_data = sfp;
1263 vma->vm_ops = &sg_mmap_vm_ops;
1264 return 0;
1265}
1266
1267static void sg_rq_end_io_usercontext(struct work_struct *work)
1268{
1269 struct sg_request *srp = container_of(work, struct sg_request, ew.work);
1270 struct sg_fd *sfp = srp->parentfp;
1271
1272 sg_finish_rem_req(srp);
1273 kref_put(&sfp->f_ref, sg_remove_sfp);
1274}
1275
1276
1277
1278
1279
1280static void sg_rq_end_io(struct request *rq, int uptodate)
1281{
1282 struct sg_request *srp = rq->end_io_data;
1283 Sg_device *sdp;
1284 Sg_fd *sfp;
1285 unsigned long iflags;
1286 unsigned int ms;
1287 char *sense;
1288 int result, resid, done = 1;
1289
1290 if (WARN_ON(srp->done != 0))
1291 return;
1292
1293 sfp = srp->parentfp;
1294 if (WARN_ON(sfp == NULL))
1295 return;
1296
1297 sdp = sfp->parentdp;
1298 if (unlikely(sdp->detached))
1299 printk(KERN_INFO "sg_rq_end_io: device detached\n");
1300
1301 sense = rq->sense;
1302 result = rq->errors;
1303 resid = rq->resid_len;
1304
1305 SCSI_LOG_TIMEOUT(4, printk("sg_cmd_done: %s, pack_id=%d, res=0x%x\n",
1306 sdp->disk->disk_name, srp->header.pack_id, result));
1307 srp->header.resid = resid;
1308 ms = jiffies_to_msecs(jiffies);
1309 srp->header.duration = (ms > srp->header.duration) ?
1310 (ms - srp->header.duration) : 0;
1311 if (0 != result) {
1312 struct scsi_sense_hdr sshdr;
1313
1314 srp->header.status = 0xff & result;
1315 srp->header.masked_status = status_byte(result);
1316 srp->header.msg_status = msg_byte(result);
1317 srp->header.host_status = host_byte(result);
1318 srp->header.driver_status = driver_byte(result);
1319 if ((sdp->sgdebug > 0) &&
1320 ((CHECK_CONDITION == srp->header.masked_status) ||
1321 (COMMAND_TERMINATED == srp->header.masked_status)))
1322 __scsi_print_sense("sg_cmd_done", sense,
1323 SCSI_SENSE_BUFFERSIZE);
1324
1325
1326 if (driver_byte(result) != 0
1327 && scsi_normalize_sense(sense, SCSI_SENSE_BUFFERSIZE, &sshdr)
1328 && !scsi_sense_is_deferred(&sshdr)
1329 && sshdr.sense_key == UNIT_ATTENTION
1330 && sdp->device->removable) {
1331
1332
1333 sdp->device->changed = 1;
1334 }
1335 }
1336
1337
1338 write_lock_irqsave(&sfp->rq_list_lock, iflags);
1339 if (unlikely(srp->orphan)) {
1340 if (sfp->keep_orphan)
1341 srp->sg_io_owned = 0;
1342 else
1343 done = 0;
1344 }
1345 srp->done = done;
1346 write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
1347
1348 if (likely(done)) {
1349
1350
1351
1352 wake_up_interruptible(&sfp->read_wait);
1353 kill_fasync(&sfp->async_qp, SIGPOLL, POLL_IN);
1354 kref_put(&sfp->f_ref, sg_remove_sfp);
1355 } else {
1356 INIT_WORK(&srp->ew.work, sg_rq_end_io_usercontext);
1357 schedule_work(&srp->ew.work);
1358 }
1359}
1360
1361static const struct file_operations sg_fops = {
1362 .owner = THIS_MODULE,
1363 .read = sg_read,
1364 .write = sg_write,
1365 .poll = sg_poll,
1366 .unlocked_ioctl = sg_ioctl,
1367#ifdef CONFIG_COMPAT
1368 .compat_ioctl = sg_compat_ioctl,
1369#endif
1370 .open = sg_open,
1371 .mmap = sg_mmap,
1372 .release = sg_release,
1373 .fasync = sg_fasync,
1374 .llseek = no_llseek,
1375};
1376
1377static struct class *sg_sysfs_class;
1378
1379static int sg_sysfs_valid = 0;
1380
1381static Sg_device *sg_alloc(struct gendisk *disk, struct scsi_device *scsidp)
1382{
1383 struct request_queue *q = scsidp->request_queue;
1384 Sg_device *sdp;
1385 unsigned long iflags;
1386 int error;
1387 u32 k;
1388
1389 sdp = kzalloc(sizeof(Sg_device), GFP_KERNEL);
1390 if (!sdp) {
1391 printk(KERN_WARNING "kmalloc Sg_device failure\n");
1392 return ERR_PTR(-ENOMEM);
1393 }
1394
1395 idr_preload(GFP_KERNEL);
1396 write_lock_irqsave(&sg_index_lock, iflags);
1397
1398 error = idr_alloc(&sg_index_idr, sdp, 0, SG_MAX_DEVS, GFP_NOWAIT);
1399 if (error < 0) {
1400 if (error == -ENOSPC) {
1401 sdev_printk(KERN_WARNING, scsidp,
1402 "Unable to attach sg device type=%d, minor number exceeds %d\n",
1403 scsidp->type, SG_MAX_DEVS - 1);
1404 error = -ENODEV;
1405 } else {
1406 printk(KERN_WARNING
1407 "idr allocation Sg_device failure: %d\n", error);
1408 }
1409 goto out_unlock;
1410 }
1411 k = error;
1412
1413 SCSI_LOG_TIMEOUT(3, printk("sg_alloc: dev=%d \n", k));
1414 sprintf(disk->disk_name, "sg%d", k);
1415 disk->first_minor = k;
1416 sdp->disk = disk;
1417 sdp->device = scsidp;
1418 INIT_LIST_HEAD(&sdp->sfds);
1419 init_waitqueue_head(&sdp->o_excl_wait);
1420 sdp->sg_tablesize = queue_max_segments(q);
1421 sdp->index = k;
1422 kref_init(&sdp->d_ref);
1423 error = 0;
1424
1425out_unlock:
1426 write_unlock_irqrestore(&sg_index_lock, iflags);
1427 idr_preload_end();
1428
1429 if (error) {
1430 kfree(sdp);
1431 return ERR_PTR(error);
1432 }
1433 return sdp;
1434}
1435
1436static int
1437sg_add(struct device *cl_dev, struct class_interface *cl_intf)
1438{
1439 struct scsi_device *scsidp = to_scsi_device(cl_dev->parent);
1440 struct gendisk *disk;
1441 Sg_device *sdp = NULL;
1442 struct cdev * cdev = NULL;
1443 int error;
1444 unsigned long iflags;
1445
1446 disk = alloc_disk(1);
1447 if (!disk) {
1448 printk(KERN_WARNING "alloc_disk failed\n");
1449 return -ENOMEM;
1450 }
1451 disk->major = SCSI_GENERIC_MAJOR;
1452
1453 error = -ENOMEM;
1454 cdev = cdev_alloc();
1455 if (!cdev) {
1456 printk(KERN_WARNING "cdev_alloc failed\n");
1457 goto out;
1458 }
1459 cdev->owner = THIS_MODULE;
1460 cdev->ops = &sg_fops;
1461
1462 sdp = sg_alloc(disk, scsidp);
1463 if (IS_ERR(sdp)) {
1464 printk(KERN_WARNING "sg_alloc failed\n");
1465 error = PTR_ERR(sdp);
1466 goto out;
1467 }
1468
1469 error = cdev_add(cdev, MKDEV(SCSI_GENERIC_MAJOR, sdp->index), 1);
1470 if (error)
1471 goto cdev_add_err;
1472
1473 sdp->cdev = cdev;
1474 if (sg_sysfs_valid) {
1475 struct device *sg_class_member;
1476
1477 sg_class_member = device_create(sg_sysfs_class, cl_dev->parent,
1478 MKDEV(SCSI_GENERIC_MAJOR,
1479 sdp->index),
1480 sdp, "%s", disk->disk_name);
1481 if (IS_ERR(sg_class_member)) {
1482 printk(KERN_ERR "sg_add: "
1483 "device_create failed\n");
1484 error = PTR_ERR(sg_class_member);
1485 goto cdev_add_err;
1486 }
1487 error = sysfs_create_link(&scsidp->sdev_gendev.kobj,
1488 &sg_class_member->kobj, "generic");
1489 if (error)
1490 printk(KERN_ERR "sg_add: unable to make symlink "
1491 "'generic' back to sg%d\n", sdp->index);
1492 } else
1493 printk(KERN_WARNING "sg_add: sg_sys Invalid\n");
1494
1495 sdev_printk(KERN_NOTICE, scsidp,
1496 "Attached scsi generic sg%d type %d\n", sdp->index,
1497 scsidp->type);
1498
1499 dev_set_drvdata(cl_dev, sdp);
1500
1501 return 0;
1502
1503cdev_add_err:
1504 write_lock_irqsave(&sg_index_lock, iflags);
1505 idr_remove(&sg_index_idr, sdp->index);
1506 write_unlock_irqrestore(&sg_index_lock, iflags);
1507 kfree(sdp);
1508
1509out:
1510 put_disk(disk);
1511 if (cdev)
1512 cdev_del(cdev);
1513 return error;
1514}
1515
1516static void sg_device_destroy(struct kref *kref)
1517{
1518 struct sg_device *sdp = container_of(kref, struct sg_device, d_ref);
1519 unsigned long flags;
1520
1521
1522
1523
1524
1525
1526 write_lock_irqsave(&sg_index_lock, flags);
1527 idr_remove(&sg_index_idr, sdp->index);
1528 write_unlock_irqrestore(&sg_index_lock, flags);
1529
1530 SCSI_LOG_TIMEOUT(3,
1531 printk("sg_device_destroy: %s\n",
1532 sdp->disk->disk_name));
1533
1534 put_disk(sdp->disk);
1535 kfree(sdp);
1536}
1537
1538static void sg_remove(struct device *cl_dev, struct class_interface *cl_intf)
1539{
1540 struct scsi_device *scsidp = to_scsi_device(cl_dev->parent);
1541 Sg_device *sdp = dev_get_drvdata(cl_dev);
1542 unsigned long iflags;
1543 Sg_fd *sfp;
1544
1545 if (!sdp || sdp->detached)
1546 return;
1547
1548 SCSI_LOG_TIMEOUT(3, printk("sg_remove: %s\n", sdp->disk->disk_name));
1549
1550
1551 write_lock_irqsave(&sg_index_lock, iflags);
1552 sdp->detached = 1;
1553 list_for_each_entry(sfp, &sdp->sfds, sfd_siblings) {
1554 wake_up_interruptible(&sfp->read_wait);
1555 kill_fasync(&sfp->async_qp, SIGPOLL, POLL_HUP);
1556 }
1557 write_unlock_irqrestore(&sg_index_lock, iflags);
1558
1559 sysfs_remove_link(&scsidp->sdev_gendev.kobj, "generic");
1560 device_destroy(sg_sysfs_class, MKDEV(SCSI_GENERIC_MAJOR, sdp->index));
1561 cdev_del(sdp->cdev);
1562 sdp->cdev = NULL;
1563
1564 sg_put_dev(sdp);
1565}
1566
1567module_param_named(scatter_elem_sz, scatter_elem_sz, int, S_IRUGO | S_IWUSR);
1568module_param_named(def_reserved_size, def_reserved_size, int,
1569 S_IRUGO | S_IWUSR);
1570module_param_named(allow_dio, sg_allow_dio, int, S_IRUGO | S_IWUSR);
1571
1572MODULE_AUTHOR("Douglas Gilbert");
1573MODULE_DESCRIPTION("SCSI generic (sg) driver");
1574MODULE_LICENSE("GPL");
1575MODULE_VERSION(SG_VERSION_STR);
1576MODULE_ALIAS_CHARDEV_MAJOR(SCSI_GENERIC_MAJOR);
1577
1578MODULE_PARM_DESC(scatter_elem_sz, "scatter gather element "
1579 "size (default: max(SG_SCATTER_SZ, PAGE_SIZE))");
1580MODULE_PARM_DESC(def_reserved_size, "size of buffer reserved for each fd");
1581MODULE_PARM_DESC(allow_dio, "allow direct I/O (default: 0 (disallow))");
1582
1583static int __init
1584init_sg(void)
1585{
1586 int rc;
1587
1588 if (scatter_elem_sz < PAGE_SIZE) {
1589 scatter_elem_sz = PAGE_SIZE;
1590 scatter_elem_sz_prev = scatter_elem_sz;
1591 }
1592 if (def_reserved_size >= 0)
1593 sg_big_buff = def_reserved_size;
1594 else
1595 def_reserved_size = sg_big_buff;
1596
1597 rc = register_chrdev_region(MKDEV(SCSI_GENERIC_MAJOR, 0),
1598 SG_MAX_DEVS, "sg");
1599 if (rc)
1600 return rc;
1601 sg_sysfs_class = class_create(THIS_MODULE, "scsi_generic");
1602 if ( IS_ERR(sg_sysfs_class) ) {
1603 rc = PTR_ERR(sg_sysfs_class);
1604 goto err_out;
1605 }
1606 sg_sysfs_valid = 1;
1607 rc = scsi_register_interface(&sg_interface);
1608 if (0 == rc) {
1609#ifdef CONFIG_SCSI_PROC_FS
1610 sg_proc_init();
1611#endif
1612 return 0;
1613 }
1614 class_destroy(sg_sysfs_class);
1615err_out:
1616 unregister_chrdev_region(MKDEV(SCSI_GENERIC_MAJOR, 0), SG_MAX_DEVS);
1617 return rc;
1618}
1619
1620static void __exit
1621exit_sg(void)
1622{
1623#ifdef CONFIG_SCSI_PROC_FS
1624 sg_proc_cleanup();
1625#endif
1626 scsi_unregister_interface(&sg_interface);
1627 class_destroy(sg_sysfs_class);
1628 sg_sysfs_valid = 0;
1629 unregister_chrdev_region(MKDEV(SCSI_GENERIC_MAJOR, 0),
1630 SG_MAX_DEVS);
1631 idr_destroy(&sg_index_idr);
1632}
1633
1634static int sg_start_req(Sg_request *srp, unsigned char *cmd)
1635{
1636 int res;
1637 struct request *rq;
1638 Sg_fd *sfp = srp->parentfp;
1639 sg_io_hdr_t *hp = &srp->header;
1640 int dxfer_len = (int) hp->dxfer_len;
1641 int dxfer_dir = hp->dxfer_direction;
1642 unsigned int iov_count = hp->iovec_count;
1643 Sg_scatter_hold *req_schp = &srp->data;
1644 Sg_scatter_hold *rsv_schp = &sfp->reserve;
1645 struct request_queue *q = sfp->parentdp->device->request_queue;
1646 struct rq_map_data *md, map_data;
1647 int rw = hp->dxfer_direction == SG_DXFER_TO_DEV ? WRITE : READ;
1648
1649 SCSI_LOG_TIMEOUT(4, printk(KERN_INFO "sg_start_req: dxfer_len=%d\n",
1650 dxfer_len));
1651
1652 rq = blk_get_request(q, rw, GFP_ATOMIC);
1653 if (!rq)
1654 return -ENOMEM;
1655
1656 memcpy(rq->cmd, cmd, hp->cmd_len);
1657
1658 rq->cmd_len = hp->cmd_len;
1659 rq->cmd_type = REQ_TYPE_BLOCK_PC;
1660
1661 srp->rq = rq;
1662 rq->end_io_data = srp;
1663 rq->sense = srp->sense_b;
1664 rq->retries = SG_DEFAULT_RETRIES;
1665
1666 if ((dxfer_len <= 0) || (dxfer_dir == SG_DXFER_NONE))
1667 return 0;
1668
1669 if (sg_allow_dio && hp->flags & SG_FLAG_DIRECT_IO &&
1670 dxfer_dir != SG_DXFER_UNKNOWN && !iov_count &&
1671 !sfp->parentdp->device->host->unchecked_isa_dma &&
1672 blk_rq_aligned(q, (unsigned long)hp->dxferp, dxfer_len))
1673 md = NULL;
1674 else
1675 md = &map_data;
1676
1677 if (md) {
1678 if (!sg_res_in_use(sfp) && dxfer_len <= rsv_schp->bufflen)
1679 sg_link_reserve(sfp, srp, dxfer_len);
1680 else {
1681 res = sg_build_indirect(req_schp, sfp, dxfer_len);
1682 if (res)
1683 return res;
1684 }
1685
1686 md->pages = req_schp->pages;
1687 md->page_order = req_schp->page_order;
1688 md->nr_entries = req_schp->k_use_sg;
1689 md->offset = 0;
1690 md->null_mapped = hp->dxferp ? 0 : 1;
1691 if (dxfer_dir == SG_DXFER_TO_FROM_DEV)
1692 md->from_user = 1;
1693 else
1694 md->from_user = 0;
1695 }
1696
1697 if (iov_count) {
1698 int len, size = sizeof(struct sg_iovec) * iov_count;
1699 struct iovec *iov;
1700
1701 iov = memdup_user(hp->dxferp, size);
1702 if (IS_ERR(iov))
1703 return PTR_ERR(iov);
1704
1705 len = iov_length(iov, iov_count);
1706 if (hp->dxfer_len < len) {
1707 iov_count = iov_shorten(iov, iov_count, hp->dxfer_len);
1708 len = hp->dxfer_len;
1709 }
1710
1711 res = blk_rq_map_user_iov(q, rq, md, (struct sg_iovec *)iov,
1712 iov_count,
1713 len, GFP_ATOMIC);
1714 kfree(iov);
1715 } else
1716 res = blk_rq_map_user(q, rq, md, hp->dxferp,
1717 hp->dxfer_len, GFP_ATOMIC);
1718
1719 if (!res) {
1720 srp->bio = rq->bio;
1721
1722 if (!md) {
1723 req_schp->dio_in_use = 1;
1724 hp->info |= SG_INFO_DIRECT_IO;
1725 }
1726 }
1727 return res;
1728}
1729
1730static int sg_finish_rem_req(Sg_request * srp)
1731{
1732 int ret = 0;
1733
1734 Sg_fd *sfp = srp->parentfp;
1735 Sg_scatter_hold *req_schp = &srp->data;
1736
1737 SCSI_LOG_TIMEOUT(4, printk("sg_finish_rem_req: res_used=%d\n", (int) srp->res_used));
1738 if (srp->rq) {
1739 if (srp->bio)
1740 ret = blk_rq_unmap_user(srp->bio);
1741
1742 blk_put_request(srp->rq);
1743 }
1744
1745 if (srp->res_used)
1746 sg_unlink_reserve(sfp, srp);
1747 else
1748 sg_remove_scat(req_schp);
1749
1750 sg_remove_request(sfp, srp);
1751
1752 return ret;
1753}
1754
1755static int
1756sg_build_sgat(Sg_scatter_hold * schp, const Sg_fd * sfp, int tablesize)
1757{
1758 int sg_bufflen = tablesize * sizeof(struct page *);
1759 gfp_t gfp_flags = GFP_ATOMIC | __GFP_NOWARN;
1760
1761 schp->pages = kzalloc(sg_bufflen, gfp_flags);
1762 if (!schp->pages)
1763 return -ENOMEM;
1764 schp->sglist_len = sg_bufflen;
1765 return tablesize;
1766}
1767
1768static int
1769sg_build_indirect(Sg_scatter_hold * schp, Sg_fd * sfp, int buff_size)
1770{
1771 int ret_sz = 0, i, k, rem_sz, num, mx_sc_elems;
1772 int sg_tablesize = sfp->parentdp->sg_tablesize;
1773 int blk_size = buff_size, order;
1774 gfp_t gfp_mask = GFP_ATOMIC | __GFP_COMP | __GFP_NOWARN;
1775
1776 if (blk_size < 0)
1777 return -EFAULT;
1778 if (0 == blk_size)
1779 ++blk_size;
1780
1781 blk_size = ALIGN(blk_size, SG_SECTOR_SZ);
1782 SCSI_LOG_TIMEOUT(4, printk("sg_build_indirect: buff_size=%d, blk_size=%d\n",
1783 buff_size, blk_size));
1784
1785
1786 mx_sc_elems = sg_build_sgat(schp, sfp, sg_tablesize);
1787 if (mx_sc_elems < 0)
1788 return mx_sc_elems;
1789
1790 num = scatter_elem_sz;
1791 if (unlikely(num != scatter_elem_sz_prev)) {
1792 if (num < PAGE_SIZE) {
1793 scatter_elem_sz = PAGE_SIZE;
1794 scatter_elem_sz_prev = PAGE_SIZE;
1795 } else
1796 scatter_elem_sz_prev = num;
1797 }
1798
1799 if (sfp->low_dma)
1800 gfp_mask |= GFP_DMA;
1801
1802 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
1803 gfp_mask |= __GFP_ZERO;
1804
1805 order = get_order(num);
1806retry:
1807 ret_sz = 1 << (PAGE_SHIFT + order);
1808
1809 for (k = 0, rem_sz = blk_size; rem_sz > 0 && k < mx_sc_elems;
1810 k++, rem_sz -= ret_sz) {
1811
1812 num = (rem_sz > scatter_elem_sz_prev) ?
1813 scatter_elem_sz_prev : rem_sz;
1814
1815 schp->pages[k] = alloc_pages(gfp_mask, order);
1816 if (!schp->pages[k])
1817 goto out;
1818
1819 if (num == scatter_elem_sz_prev) {
1820 if (unlikely(ret_sz > scatter_elem_sz_prev)) {
1821 scatter_elem_sz = ret_sz;
1822 scatter_elem_sz_prev = ret_sz;
1823 }
1824 }
1825
1826 SCSI_LOG_TIMEOUT(5, printk("sg_build_indirect: k=%d, num=%d, "
1827 "ret_sz=%d\n", k, num, ret_sz));
1828 }
1829
1830 schp->page_order = order;
1831 schp->k_use_sg = k;
1832 SCSI_LOG_TIMEOUT(5, printk("sg_build_indirect: k_use_sg=%d, "
1833 "rem_sz=%d\n", k, rem_sz));
1834
1835 schp->bufflen = blk_size;
1836 if (rem_sz > 0)
1837 return -ENOMEM;
1838 return 0;
1839out:
1840 for (i = 0; i < k; i++)
1841 __free_pages(schp->pages[i], order);
1842
1843 if (--order >= 0)
1844 goto retry;
1845
1846 return -ENOMEM;
1847}
1848
1849static void
1850sg_remove_scat(Sg_scatter_hold * schp)
1851{
1852 SCSI_LOG_TIMEOUT(4, printk("sg_remove_scat: k_use_sg=%d\n", schp->k_use_sg));
1853 if (schp->pages && schp->sglist_len > 0) {
1854 if (!schp->dio_in_use) {
1855 int k;
1856
1857 for (k = 0; k < schp->k_use_sg && schp->pages[k]; k++) {
1858 SCSI_LOG_TIMEOUT(5, printk(
1859 "sg_remove_scat: k=%d, pg=0x%p\n",
1860 k, schp->pages[k]));
1861 __free_pages(schp->pages[k], schp->page_order);
1862 }
1863
1864 kfree(schp->pages);
1865 }
1866 }
1867 memset(schp, 0, sizeof (*schp));
1868}
1869
1870static int
1871sg_read_oxfer(Sg_request * srp, char __user *outp, int num_read_xfer)
1872{
1873 Sg_scatter_hold *schp = &srp->data;
1874 int k, num;
1875
1876 SCSI_LOG_TIMEOUT(4, printk("sg_read_oxfer: num_read_xfer=%d\n",
1877 num_read_xfer));
1878 if ((!outp) || (num_read_xfer <= 0))
1879 return 0;
1880
1881 num = 1 << (PAGE_SHIFT + schp->page_order);
1882 for (k = 0; k < schp->k_use_sg && schp->pages[k]; k++) {
1883 if (num > num_read_xfer) {
1884 if (__copy_to_user(outp, page_address(schp->pages[k]),
1885 num_read_xfer))
1886 return -EFAULT;
1887 break;
1888 } else {
1889 if (__copy_to_user(outp, page_address(schp->pages[k]),
1890 num))
1891 return -EFAULT;
1892 num_read_xfer -= num;
1893 if (num_read_xfer <= 0)
1894 break;
1895 outp += num;
1896 }
1897 }
1898
1899 return 0;
1900}
1901
1902static void
1903sg_build_reserve(Sg_fd * sfp, int req_size)
1904{
1905 Sg_scatter_hold *schp = &sfp->reserve;
1906
1907 SCSI_LOG_TIMEOUT(4, printk("sg_build_reserve: req_size=%d\n", req_size));
1908 do {
1909 if (req_size < PAGE_SIZE)
1910 req_size = PAGE_SIZE;
1911 if (0 == sg_build_indirect(schp, sfp, req_size))
1912 return;
1913 else
1914 sg_remove_scat(schp);
1915 req_size >>= 1;
1916 } while (req_size > (PAGE_SIZE / 2));
1917}
1918
1919static void
1920sg_link_reserve(Sg_fd * sfp, Sg_request * srp, int size)
1921{
1922 Sg_scatter_hold *req_schp = &srp->data;
1923 Sg_scatter_hold *rsv_schp = &sfp->reserve;
1924 int k, num, rem;
1925
1926 srp->res_used = 1;
1927 SCSI_LOG_TIMEOUT(4, printk("sg_link_reserve: size=%d\n", size));
1928 rem = size;
1929
1930 num = 1 << (PAGE_SHIFT + rsv_schp->page_order);
1931 for (k = 0; k < rsv_schp->k_use_sg; k++) {
1932 if (rem <= num) {
1933 req_schp->k_use_sg = k + 1;
1934 req_schp->sglist_len = rsv_schp->sglist_len;
1935 req_schp->pages = rsv_schp->pages;
1936
1937 req_schp->bufflen = size;
1938 req_schp->page_order = rsv_schp->page_order;
1939 break;
1940 } else
1941 rem -= num;
1942 }
1943
1944 if (k >= rsv_schp->k_use_sg)
1945 SCSI_LOG_TIMEOUT(1, printk("sg_link_reserve: BAD size\n"));
1946}
1947
1948static void
1949sg_unlink_reserve(Sg_fd * sfp, Sg_request * srp)
1950{
1951 Sg_scatter_hold *req_schp = &srp->data;
1952
1953 SCSI_LOG_TIMEOUT(4, printk("sg_unlink_reserve: req->k_use_sg=%d\n",
1954 (int) req_schp->k_use_sg));
1955 req_schp->k_use_sg = 0;
1956 req_schp->bufflen = 0;
1957 req_schp->pages = NULL;
1958 req_schp->page_order = 0;
1959 req_schp->sglist_len = 0;
1960 sfp->save_scat_len = 0;
1961 srp->res_used = 0;
1962}
1963
1964static Sg_request *
1965sg_get_rq_mark(Sg_fd * sfp, int pack_id)
1966{
1967 Sg_request *resp;
1968 unsigned long iflags;
1969
1970 write_lock_irqsave(&sfp->rq_list_lock, iflags);
1971 for (resp = sfp->headrp; resp; resp = resp->nextrp) {
1972
1973 if ((1 == resp->done) && (!resp->sg_io_owned) &&
1974 ((-1 == pack_id) || (resp->header.pack_id == pack_id))) {
1975 resp->done = 2;
1976 break;
1977 }
1978 }
1979 write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
1980 return resp;
1981}
1982
1983
1984static Sg_request *
1985sg_add_request(Sg_fd * sfp)
1986{
1987 int k;
1988 unsigned long iflags;
1989 Sg_request *resp;
1990 Sg_request *rp = sfp->req_arr;
1991
1992 write_lock_irqsave(&sfp->rq_list_lock, iflags);
1993 resp = sfp->headrp;
1994 if (!resp) {
1995 memset(rp, 0, sizeof (Sg_request));
1996 rp->parentfp = sfp;
1997 resp = rp;
1998 sfp->headrp = resp;
1999 } else {
2000 if (0 == sfp->cmd_q)
2001 resp = NULL;
2002 else {
2003 for (k = 0; k < SG_MAX_QUEUE; ++k, ++rp) {
2004 if (!rp->parentfp)
2005 break;
2006 }
2007 if (k < SG_MAX_QUEUE) {
2008 memset(rp, 0, sizeof (Sg_request));
2009 rp->parentfp = sfp;
2010 while (resp->nextrp)
2011 resp = resp->nextrp;
2012 resp->nextrp = rp;
2013 resp = rp;
2014 } else
2015 resp = NULL;
2016 }
2017 }
2018 if (resp) {
2019 resp->nextrp = NULL;
2020 resp->header.duration = jiffies_to_msecs(jiffies);
2021 }
2022 write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2023 return resp;
2024}
2025
2026
2027static int
2028sg_remove_request(Sg_fd * sfp, Sg_request * srp)
2029{
2030 Sg_request *prev_rp;
2031 Sg_request *rp;
2032 unsigned long iflags;
2033 int res = 0;
2034
2035 if ((!sfp) || (!srp) || (!sfp->headrp))
2036 return res;
2037 write_lock_irqsave(&sfp->rq_list_lock, iflags);
2038 prev_rp = sfp->headrp;
2039 if (srp == prev_rp) {
2040 sfp->headrp = prev_rp->nextrp;
2041 prev_rp->parentfp = NULL;
2042 res = 1;
2043 } else {
2044 while ((rp = prev_rp->nextrp)) {
2045 if (srp == rp) {
2046 prev_rp->nextrp = rp->nextrp;
2047 rp->parentfp = NULL;
2048 res = 1;
2049 break;
2050 }
2051 prev_rp = rp;
2052 }
2053 }
2054 write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2055 return res;
2056}
2057
2058static Sg_fd *
2059sg_add_sfp(Sg_device * sdp, int dev)
2060{
2061 Sg_fd *sfp;
2062 unsigned long iflags;
2063 int bufflen;
2064
2065 sfp = kzalloc(sizeof(*sfp), GFP_ATOMIC | __GFP_NOWARN);
2066 if (!sfp)
2067 return NULL;
2068
2069 init_waitqueue_head(&sfp->read_wait);
2070 rwlock_init(&sfp->rq_list_lock);
2071
2072 kref_init(&sfp->f_ref);
2073 sfp->timeout = SG_DEFAULT_TIMEOUT;
2074 sfp->timeout_user = SG_DEFAULT_TIMEOUT_USER;
2075 sfp->force_packid = SG_DEF_FORCE_PACK_ID;
2076 sfp->low_dma = (SG_DEF_FORCE_LOW_DMA == 0) ?
2077 sdp->device->host->unchecked_isa_dma : 1;
2078 sfp->cmd_q = SG_DEF_COMMAND_Q;
2079 sfp->keep_orphan = SG_DEF_KEEP_ORPHAN;
2080 sfp->parentdp = sdp;
2081 write_lock_irqsave(&sg_index_lock, iflags);
2082 list_add_tail(&sfp->sfd_siblings, &sdp->sfds);
2083 write_unlock_irqrestore(&sg_index_lock, iflags);
2084 SCSI_LOG_TIMEOUT(3, printk("sg_add_sfp: sfp=0x%p\n", sfp));
2085 if (unlikely(sg_big_buff != def_reserved_size))
2086 sg_big_buff = def_reserved_size;
2087
2088 bufflen = min_t(int, sg_big_buff,
2089 queue_max_sectors(sdp->device->request_queue) * 512);
2090 sg_build_reserve(sfp, bufflen);
2091 SCSI_LOG_TIMEOUT(3, printk("sg_add_sfp: bufflen=%d, k_use_sg=%d\n",
2092 sfp->reserve.bufflen, sfp->reserve.k_use_sg));
2093
2094 kref_get(&sdp->d_ref);
2095 __module_get(THIS_MODULE);
2096 return sfp;
2097}
2098
2099static void sg_remove_sfp_usercontext(struct work_struct *work)
2100{
2101 struct sg_fd *sfp = container_of(work, struct sg_fd, ew.work);
2102 struct sg_device *sdp = sfp->parentdp;
2103
2104
2105 while (sfp->headrp)
2106 sg_finish_rem_req(sfp->headrp);
2107
2108 if (sfp->reserve.bufflen > 0) {
2109 SCSI_LOG_TIMEOUT(6,
2110 printk("sg_remove_sfp: bufflen=%d, k_use_sg=%d\n",
2111 (int) sfp->reserve.bufflen,
2112 (int) sfp->reserve.k_use_sg));
2113 sg_remove_scat(&sfp->reserve);
2114 }
2115
2116 SCSI_LOG_TIMEOUT(6,
2117 printk("sg_remove_sfp: %s, sfp=0x%p\n",
2118 sdp->disk->disk_name,
2119 sfp));
2120 kfree(sfp);
2121
2122 scsi_device_put(sdp->device);
2123 sg_put_dev(sdp);
2124 module_put(THIS_MODULE);
2125}
2126
2127static void sg_remove_sfp(struct kref *kref)
2128{
2129 struct sg_fd *sfp = container_of(kref, struct sg_fd, f_ref);
2130 struct sg_device *sdp = sfp->parentdp;
2131 unsigned long iflags;
2132
2133 write_lock_irqsave(&sg_index_lock, iflags);
2134 list_del(&sfp->sfd_siblings);
2135 write_unlock_irqrestore(&sg_index_lock, iflags);
2136 wake_up_interruptible(&sdp->o_excl_wait);
2137
2138 INIT_WORK(&sfp->ew.work, sg_remove_sfp_usercontext);
2139 schedule_work(&sfp->ew.work);
2140}
2141
2142static int
2143sg_res_in_use(Sg_fd * sfp)
2144{
2145 const Sg_request *srp;
2146 unsigned long iflags;
2147
2148 read_lock_irqsave(&sfp->rq_list_lock, iflags);
2149 for (srp = sfp->headrp; srp; srp = srp->nextrp)
2150 if (srp->res_used)
2151 break;
2152 read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2153 return srp ? 1 : 0;
2154}
2155
2156#ifdef CONFIG_SCSI_PROC_FS
2157static int
2158sg_idr_max_id(int id, void *p, void *data)
2159{
2160 int *k = data;
2161
2162 if (*k < id)
2163 *k = id;
2164
2165 return 0;
2166}
2167
2168static int
2169sg_last_dev(void)
2170{
2171 int k = -1;
2172 unsigned long iflags;
2173
2174 read_lock_irqsave(&sg_index_lock, iflags);
2175 idr_for_each(&sg_index_idr, sg_idr_max_id, &k);
2176 read_unlock_irqrestore(&sg_index_lock, iflags);
2177 return k + 1;
2178}
2179#endif
2180
2181
2182static Sg_device *sg_lookup_dev(int dev)
2183{
2184 return idr_find(&sg_index_idr, dev);
2185}
2186
2187static Sg_device *sg_get_dev(int dev)
2188{
2189 struct sg_device *sdp;
2190 unsigned long flags;
2191
2192 read_lock_irqsave(&sg_index_lock, flags);
2193 sdp = sg_lookup_dev(dev);
2194 if (!sdp)
2195 sdp = ERR_PTR(-ENXIO);
2196 else if (sdp->detached) {
2197
2198
2199
2200 sdp = ERR_PTR(-ENODEV);
2201 } else
2202 kref_get(&sdp->d_ref);
2203 read_unlock_irqrestore(&sg_index_lock, flags);
2204
2205 return sdp;
2206}
2207
2208static void sg_put_dev(struct sg_device *sdp)
2209{
2210 kref_put(&sdp->d_ref, sg_device_destroy);
2211}
2212
2213#ifdef CONFIG_SCSI_PROC_FS
2214
2215static struct proc_dir_entry *sg_proc_sgp = NULL;
2216
2217static char sg_proc_sg_dirname[] = "scsi/sg";
2218
2219static int sg_proc_seq_show_int(struct seq_file *s, void *v);
2220
2221static int sg_proc_single_open_adio(struct inode *inode, struct file *file);
2222static ssize_t sg_proc_write_adio(struct file *filp, const char __user *buffer,
2223 size_t count, loff_t *off);
2224static const struct file_operations adio_fops = {
2225 .owner = THIS_MODULE,
2226 .open = sg_proc_single_open_adio,
2227 .read = seq_read,
2228 .llseek = seq_lseek,
2229 .write = sg_proc_write_adio,
2230 .release = single_release,
2231};
2232
2233static int sg_proc_single_open_dressz(struct inode *inode, struct file *file);
2234static ssize_t sg_proc_write_dressz(struct file *filp,
2235 const char __user *buffer, size_t count, loff_t *off);
2236static const struct file_operations dressz_fops = {
2237 .owner = THIS_MODULE,
2238 .open = sg_proc_single_open_dressz,
2239 .read = seq_read,
2240 .llseek = seq_lseek,
2241 .write = sg_proc_write_dressz,
2242 .release = single_release,
2243};
2244
2245static int sg_proc_seq_show_version(struct seq_file *s, void *v);
2246static int sg_proc_single_open_version(struct inode *inode, struct file *file);
2247static const struct file_operations version_fops = {
2248 .owner = THIS_MODULE,
2249 .open = sg_proc_single_open_version,
2250 .read = seq_read,
2251 .llseek = seq_lseek,
2252 .release = single_release,
2253};
2254
2255static int sg_proc_seq_show_devhdr(struct seq_file *s, void *v);
2256static int sg_proc_single_open_devhdr(struct inode *inode, struct file *file);
2257static const struct file_operations devhdr_fops = {
2258 .owner = THIS_MODULE,
2259 .open = sg_proc_single_open_devhdr,
2260 .read = seq_read,
2261 .llseek = seq_lseek,
2262 .release = single_release,
2263};
2264
2265static int sg_proc_seq_show_dev(struct seq_file *s, void *v);
2266static int sg_proc_open_dev(struct inode *inode, struct file *file);
2267static void * dev_seq_start(struct seq_file *s, loff_t *pos);
2268static void * dev_seq_next(struct seq_file *s, void *v, loff_t *pos);
2269static void dev_seq_stop(struct seq_file *s, void *v);
2270static const struct file_operations dev_fops = {
2271 .owner = THIS_MODULE,
2272 .open = sg_proc_open_dev,
2273 .read = seq_read,
2274 .llseek = seq_lseek,
2275 .release = seq_release,
2276};
2277static const struct seq_operations dev_seq_ops = {
2278 .start = dev_seq_start,
2279 .next = dev_seq_next,
2280 .stop = dev_seq_stop,
2281 .show = sg_proc_seq_show_dev,
2282};
2283
2284static int sg_proc_seq_show_devstrs(struct seq_file *s, void *v);
2285static int sg_proc_open_devstrs(struct inode *inode, struct file *file);
2286static const struct file_operations devstrs_fops = {
2287 .owner = THIS_MODULE,
2288 .open = sg_proc_open_devstrs,
2289 .read = seq_read,
2290 .llseek = seq_lseek,
2291 .release = seq_release,
2292};
2293static const struct seq_operations devstrs_seq_ops = {
2294 .start = dev_seq_start,
2295 .next = dev_seq_next,
2296 .stop = dev_seq_stop,
2297 .show = sg_proc_seq_show_devstrs,
2298};
2299
2300static int sg_proc_seq_show_debug(struct seq_file *s, void *v);
2301static int sg_proc_open_debug(struct inode *inode, struct file *file);
2302static const struct file_operations debug_fops = {
2303 .owner = THIS_MODULE,
2304 .open = sg_proc_open_debug,
2305 .read = seq_read,
2306 .llseek = seq_lseek,
2307 .release = seq_release,
2308};
2309static const struct seq_operations debug_seq_ops = {
2310 .start = dev_seq_start,
2311 .next = dev_seq_next,
2312 .stop = dev_seq_stop,
2313 .show = sg_proc_seq_show_debug,
2314};
2315
2316
2317struct sg_proc_leaf {
2318 const char * name;
2319 const struct file_operations * fops;
2320};
2321
2322static const struct sg_proc_leaf sg_proc_leaf_arr[] = {
2323 {"allow_dio", &adio_fops},
2324 {"debug", &debug_fops},
2325 {"def_reserved_size", &dressz_fops},
2326 {"device_hdr", &devhdr_fops},
2327 {"devices", &dev_fops},
2328 {"device_strs", &devstrs_fops},
2329 {"version", &version_fops}
2330};
2331
2332static int
2333sg_proc_init(void)
2334{
2335 int num_leaves = ARRAY_SIZE(sg_proc_leaf_arr);
2336 int k;
2337
2338 sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL);
2339 if (!sg_proc_sgp)
2340 return 1;
2341 for (k = 0; k < num_leaves; ++k) {
2342 const struct sg_proc_leaf *leaf = &sg_proc_leaf_arr[k];
2343 umode_t mask = leaf->fops->write ? S_IRUGO | S_IWUSR : S_IRUGO;
2344 proc_create(leaf->name, mask, sg_proc_sgp, leaf->fops);
2345 }
2346 return 0;
2347}
2348
2349static void
2350sg_proc_cleanup(void)
2351{
2352 int k;
2353 int num_leaves = ARRAY_SIZE(sg_proc_leaf_arr);
2354
2355 if (!sg_proc_sgp)
2356 return;
2357 for (k = 0; k < num_leaves; ++k)
2358 remove_proc_entry(sg_proc_leaf_arr[k].name, sg_proc_sgp);
2359 remove_proc_entry(sg_proc_sg_dirname, NULL);
2360}
2361
2362
2363static int sg_proc_seq_show_int(struct seq_file *s, void *v)
2364{
2365 seq_printf(s, "%d\n", *((int *)s->private));
2366 return 0;
2367}
2368
2369static int sg_proc_single_open_adio(struct inode *inode, struct file *file)
2370{
2371 return single_open(file, sg_proc_seq_show_int, &sg_allow_dio);
2372}
2373
2374static ssize_t
2375sg_proc_write_adio(struct file *filp, const char __user *buffer,
2376 size_t count, loff_t *off)
2377{
2378 int err;
2379 unsigned long num;
2380
2381 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
2382 return -EACCES;
2383 err = kstrtoul_from_user(buffer, count, 0, &num);
2384 if (err)
2385 return err;
2386 sg_allow_dio = num ? 1 : 0;
2387 return count;
2388}
2389
2390static int sg_proc_single_open_dressz(struct inode *inode, struct file *file)
2391{
2392 return single_open(file, sg_proc_seq_show_int, &sg_big_buff);
2393}
2394
2395static ssize_t
2396sg_proc_write_dressz(struct file *filp, const char __user *buffer,
2397 size_t count, loff_t *off)
2398{
2399 int err;
2400 unsigned long k = ULONG_MAX;
2401
2402 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
2403 return -EACCES;
2404
2405 err = kstrtoul_from_user(buffer, count, 0, &k);
2406 if (err)
2407 return err;
2408 if (k <= 1048576) {
2409 sg_big_buff = k;
2410 return count;
2411 }
2412 return -ERANGE;
2413}
2414
2415static int sg_proc_seq_show_version(struct seq_file *s, void *v)
2416{
2417 seq_printf(s, "%d\t%s [%s]\n", sg_version_num, SG_VERSION_STR,
2418 sg_version_date);
2419 return 0;
2420}
2421
2422static int sg_proc_single_open_version(struct inode *inode, struct file *file)
2423{
2424 return single_open(file, sg_proc_seq_show_version, NULL);
2425}
2426
2427static int sg_proc_seq_show_devhdr(struct seq_file *s, void *v)
2428{
2429 seq_printf(s, "host\tchan\tid\tlun\ttype\topens\tqdepth\tbusy\t"
2430 "online\n");
2431 return 0;
2432}
2433
2434static int sg_proc_single_open_devhdr(struct inode *inode, struct file *file)
2435{
2436 return single_open(file, sg_proc_seq_show_devhdr, NULL);
2437}
2438
2439struct sg_proc_deviter {
2440 loff_t index;
2441 size_t max;
2442};
2443
2444static void * dev_seq_start(struct seq_file *s, loff_t *pos)
2445{
2446 struct sg_proc_deviter * it = kmalloc(sizeof(*it), GFP_KERNEL);
2447
2448 s->private = it;
2449 if (! it)
2450 return NULL;
2451
2452 it->index = *pos;
2453 it->max = sg_last_dev();
2454 if (it->index >= it->max)
2455 return NULL;
2456 return it;
2457}
2458
2459static void * dev_seq_next(struct seq_file *s, void *v, loff_t *pos)
2460{
2461 struct sg_proc_deviter * it = s->private;
2462
2463 *pos = ++it->index;
2464 return (it->index < it->max) ? it : NULL;
2465}
2466
2467static void dev_seq_stop(struct seq_file *s, void *v)
2468{
2469 kfree(s->private);
2470}
2471
2472static int sg_proc_open_dev(struct inode *inode, struct file *file)
2473{
2474 return seq_open(file, &dev_seq_ops);
2475}
2476
2477static int sg_proc_seq_show_dev(struct seq_file *s, void *v)
2478{
2479 struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
2480 Sg_device *sdp;
2481 struct scsi_device *scsidp;
2482 unsigned long iflags;
2483
2484 read_lock_irqsave(&sg_index_lock, iflags);
2485 sdp = it ? sg_lookup_dev(it->index) : NULL;
2486 if (sdp && (scsidp = sdp->device) && (!sdp->detached))
2487 seq_printf(s, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\n",
2488 scsidp->host->host_no, scsidp->channel,
2489 scsidp->id, scsidp->lun, (int) scsidp->type,
2490 1,
2491 (int) scsidp->queue_depth,
2492 (int) scsidp->device_busy,
2493 (int) scsi_device_online(scsidp));
2494 else
2495 seq_printf(s, "-1\t-1\t-1\t-1\t-1\t-1\t-1\t-1\t-1\n");
2496 read_unlock_irqrestore(&sg_index_lock, iflags);
2497 return 0;
2498}
2499
2500static int sg_proc_open_devstrs(struct inode *inode, struct file *file)
2501{
2502 return seq_open(file, &devstrs_seq_ops);
2503}
2504
2505static int sg_proc_seq_show_devstrs(struct seq_file *s, void *v)
2506{
2507 struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
2508 Sg_device *sdp;
2509 struct scsi_device *scsidp;
2510 unsigned long iflags;
2511
2512 read_lock_irqsave(&sg_index_lock, iflags);
2513 sdp = it ? sg_lookup_dev(it->index) : NULL;
2514 if (sdp && (scsidp = sdp->device) && (!sdp->detached))
2515 seq_printf(s, "%8.8s\t%16.16s\t%4.4s\n",
2516 scsidp->vendor, scsidp->model, scsidp->rev);
2517 else
2518 seq_printf(s, "<no active device>\n");
2519 read_unlock_irqrestore(&sg_index_lock, iflags);
2520 return 0;
2521}
2522
2523
2524static void sg_proc_debug_helper(struct seq_file *s, Sg_device * sdp)
2525{
2526 int k, m, new_interface, blen, usg;
2527 Sg_request *srp;
2528 Sg_fd *fp;
2529 const sg_io_hdr_t *hp;
2530 const char * cp;
2531 unsigned int ms;
2532
2533 k = 0;
2534 list_for_each_entry(fp, &sdp->sfds, sfd_siblings) {
2535 k++;
2536 read_lock(&fp->rq_list_lock);
2537 seq_printf(s, " FD(%d): timeout=%dms bufflen=%d "
2538 "(res)sgat=%d low_dma=%d\n", k,
2539 jiffies_to_msecs(fp->timeout),
2540 fp->reserve.bufflen,
2541 (int) fp->reserve.k_use_sg,
2542 (int) fp->low_dma);
2543 seq_printf(s, " cmd_q=%d f_packid=%d k_orphan=%d closed=0\n",
2544 (int) fp->cmd_q, (int) fp->force_packid,
2545 (int) fp->keep_orphan);
2546 for (m = 0, srp = fp->headrp;
2547 srp != NULL;
2548 ++m, srp = srp->nextrp) {
2549 hp = &srp->header;
2550 new_interface = (hp->interface_id == '\0') ? 0 : 1;
2551 if (srp->res_used) {
2552 if (new_interface &&
2553 (SG_FLAG_MMAP_IO & hp->flags))
2554 cp = " mmap>> ";
2555 else
2556 cp = " rb>> ";
2557 } else {
2558 if (SG_INFO_DIRECT_IO_MASK & hp->info)
2559 cp = " dio>> ";
2560 else
2561 cp = " ";
2562 }
2563 seq_printf(s, cp);
2564 blen = srp->data.bufflen;
2565 usg = srp->data.k_use_sg;
2566 seq_printf(s, srp->done ?
2567 ((1 == srp->done) ? "rcv:" : "fin:")
2568 : "act:");
2569 seq_printf(s, " id=%d blen=%d",
2570 srp->header.pack_id, blen);
2571 if (srp->done)
2572 seq_printf(s, " dur=%d", hp->duration);
2573 else {
2574 ms = jiffies_to_msecs(jiffies);
2575 seq_printf(s, " t_o/elap=%d/%d",
2576 (new_interface ? hp->timeout :
2577 jiffies_to_msecs(fp->timeout)),
2578 (ms > hp->duration ? ms - hp->duration : 0));
2579 }
2580 seq_printf(s, "ms sgat=%d op=0x%02x\n", usg,
2581 (int) srp->data.cmd_opcode);
2582 }
2583 if (0 == m)
2584 seq_printf(s, " No requests active\n");
2585 read_unlock(&fp->rq_list_lock);
2586 }
2587}
2588
2589static int sg_proc_open_debug(struct inode *inode, struct file *file)
2590{
2591 return seq_open(file, &debug_seq_ops);
2592}
2593
2594static int sg_proc_seq_show_debug(struct seq_file *s, void *v)
2595{
2596 struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
2597 Sg_device *sdp;
2598 unsigned long iflags;
2599
2600 if (it && (0 == it->index)) {
2601 seq_printf(s, "max_active_device=%d(origin 1)\n",
2602 (int)it->max);
2603 seq_printf(s, " def_reserved_size=%d\n", sg_big_buff);
2604 }
2605
2606 read_lock_irqsave(&sg_index_lock, iflags);
2607 sdp = it ? sg_lookup_dev(it->index) : NULL;
2608 if (sdp && !list_empty(&sdp->sfds)) {
2609 struct scsi_device *scsidp = sdp->device;
2610
2611 seq_printf(s, " >>> device=%s ", sdp->disk->disk_name);
2612 if (sdp->detached)
2613 seq_printf(s, "detached pending close ");
2614 else
2615 seq_printf
2616 (s, "scsi%d chan=%d id=%d lun=%d em=%d",
2617 scsidp->host->host_no,
2618 scsidp->channel, scsidp->id,
2619 scsidp->lun,
2620 scsidp->host->hostt->emulated);
2621 seq_printf(s, " sg_tablesize=%d excl=%d\n",
2622 sdp->sg_tablesize, get_exclude(sdp));
2623 sg_proc_debug_helper(s, sdp);
2624 }
2625 read_unlock_irqrestore(&sg_index_lock, iflags);
2626 return 0;
2627}
2628
2629#endif
2630
2631module_init(init_sg);
2632module_exit(exit_sg);
2633
