1
2
3
4
5#include <linux/compat.h>
6#include <linux/kernel.h>
7#include <linux/errno.h>
8#include <linux/string.h>
9#include <linux/module.h>
10#include <linux/blkdev.h>
11#include <linux/capability.h>
12#include <linux/completion.h>
13#include <linux/cdrom.h>
14#include <linux/ratelimit.h>
15#include <linux/slab.h>
16#include <linux/times.h>
17#include <linux/uio.h>
18#include <linux/uaccess.h>
19
20#include <scsi/scsi.h>
21#include <scsi/scsi_ioctl.h>
22#include <scsi/scsi_cmnd.h>
23#include <scsi/sg.h>
24
25struct blk_cmd_filter {
26 unsigned long read_ok[BLK_SCSI_CMD_PER_LONG];
27 unsigned long write_ok[BLK_SCSI_CMD_PER_LONG];
28};
29
30static struct blk_cmd_filter blk_default_cmd_filter;
31
32
33const unsigned char scsi_command_size_tbl[8] =
34{
35 6, 10, 10, 12,
36 16, 12, 10, 10
37};
38EXPORT_SYMBOL(scsi_command_size_tbl);
39
40static int sg_get_version(int __user *p)
41{
42 static const int sg_version_num = 30527;
43 return put_user(sg_version_num, p);
44}
45
46static int scsi_get_idlun(struct request_queue *q, int __user *p)
47{
48 return put_user(0, p);
49}
50
51static int scsi_get_bus(struct request_queue *q, int __user *p)
52{
53 return put_user(0, p);
54}
55
56static int sg_get_timeout(struct request_queue *q)
57{
58 return jiffies_to_clock_t(q->sg_timeout);
59}
60
61static int sg_set_timeout(struct request_queue *q, int __user *p)
62{
63 int timeout, err = get_user(timeout, p);
64
65 if (!err)
66 q->sg_timeout = clock_t_to_jiffies(timeout);
67
68 return err;
69}
70
71static int max_sectors_bytes(struct request_queue *q)
72{
73 unsigned int max_sectors = queue_max_sectors(q);
74
75 max_sectors = min_t(unsigned int, max_sectors, INT_MAX >> 9);
76
77 return max_sectors << 9;
78}
79
80static int sg_get_reserved_size(struct request_queue *q, int __user *p)
81{
82 int val = min_t(int, q->sg_reserved_size, max_sectors_bytes(q));
83
84 return put_user(val, p);
85}
86
87static int sg_set_reserved_size(struct request_queue *q, int __user *p)
88{
89 int size, err = get_user(size, p);
90
91 if (err)
92 return err;
93
94 if (size < 0)
95 return -EINVAL;
96
97 q->sg_reserved_size = min(size, max_sectors_bytes(q));
98 return 0;
99}
100
101
102
103
104
105static int sg_emulated_host(struct request_queue *q, int __user *p)
106{
107 return put_user(1, p);
108}
109
110static void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter)
111{
112
113 __set_bit(TEST_UNIT_READY, filter->read_ok);
114 __set_bit(REQUEST_SENSE, filter->read_ok);
115 __set_bit(READ_6, filter->read_ok);
116 __set_bit(READ_10, filter->read_ok);
117 __set_bit(READ_12, filter->read_ok);
118 __set_bit(READ_16, filter->read_ok);
119 __set_bit(READ_BUFFER, filter->read_ok);
120 __set_bit(READ_DEFECT_DATA, filter->read_ok);
121 __set_bit(READ_CAPACITY, filter->read_ok);
122 __set_bit(READ_LONG, filter->read_ok);
123 __set_bit(INQUIRY, filter->read_ok);
124 __set_bit(MODE_SENSE, filter->read_ok);
125 __set_bit(MODE_SENSE_10, filter->read_ok);
126 __set_bit(LOG_SENSE, filter->read_ok);
127 __set_bit(START_STOP, filter->read_ok);
128 __set_bit(GPCMD_VERIFY_10, filter->read_ok);
129 __set_bit(VERIFY_16, filter->read_ok);
130 __set_bit(REPORT_LUNS, filter->read_ok);
131 __set_bit(SERVICE_ACTION_IN_16, filter->read_ok);
132 __set_bit(RECEIVE_DIAGNOSTIC, filter->read_ok);
133 __set_bit(MAINTENANCE_IN, filter->read_ok);
134 __set_bit(GPCMD_READ_BUFFER_CAPACITY, filter->read_ok);
135
136
137 __set_bit(GPCMD_PLAY_CD, filter->read_ok);
138 __set_bit(GPCMD_PLAY_AUDIO_10, filter->read_ok);
139 __set_bit(GPCMD_PLAY_AUDIO_MSF, filter->read_ok);
140 __set_bit(GPCMD_PLAY_AUDIO_TI, filter->read_ok);
141 __set_bit(GPCMD_PAUSE_RESUME, filter->read_ok);
142
143
144 __set_bit(GPCMD_READ_CD, filter->read_ok);
145 __set_bit(GPCMD_READ_CD_MSF, filter->read_ok);
146 __set_bit(GPCMD_READ_DISC_INFO, filter->read_ok);
147 __set_bit(GPCMD_READ_CDVD_CAPACITY, filter->read_ok);
148 __set_bit(GPCMD_READ_DVD_STRUCTURE, filter->read_ok);
149 __set_bit(GPCMD_READ_HEADER, filter->read_ok);
150 __set_bit(GPCMD_READ_TRACK_RZONE_INFO, filter->read_ok);
151 __set_bit(GPCMD_READ_SUBCHANNEL, filter->read_ok);
152 __set_bit(GPCMD_READ_TOC_PMA_ATIP, filter->read_ok);
153 __set_bit(GPCMD_REPORT_KEY, filter->read_ok);
154 __set_bit(GPCMD_SCAN, filter->read_ok);
155 __set_bit(GPCMD_GET_CONFIGURATION, filter->read_ok);
156 __set_bit(GPCMD_READ_FORMAT_CAPACITIES, filter->read_ok);
157 __set_bit(GPCMD_GET_EVENT_STATUS_NOTIFICATION, filter->read_ok);
158 __set_bit(GPCMD_GET_PERFORMANCE, filter->read_ok);
159 __set_bit(GPCMD_SEEK, filter->read_ok);
160 __set_bit(GPCMD_STOP_PLAY_SCAN, filter->read_ok);
161
162
163 __set_bit(WRITE_6, filter->write_ok);
164 __set_bit(WRITE_10, filter->write_ok);
165 __set_bit(WRITE_VERIFY, filter->write_ok);
166 __set_bit(WRITE_12, filter->write_ok);
167 __set_bit(WRITE_VERIFY_12, filter->write_ok);
168 __set_bit(WRITE_16, filter->write_ok);
169 __set_bit(WRITE_LONG, filter->write_ok);
170 __set_bit(WRITE_LONG_2, filter->write_ok);
171 __set_bit(WRITE_SAME, filter->write_ok);
172 __set_bit(WRITE_SAME_16, filter->write_ok);
173 __set_bit(WRITE_SAME_32, filter->write_ok);
174 __set_bit(ERASE, filter->write_ok);
175 __set_bit(GPCMD_MODE_SELECT_10, filter->write_ok);
176 __set_bit(MODE_SELECT, filter->write_ok);
177 __set_bit(LOG_SELECT, filter->write_ok);
178 __set_bit(GPCMD_BLANK, filter->write_ok);
179 __set_bit(GPCMD_CLOSE_TRACK, filter->write_ok);
180 __set_bit(GPCMD_FLUSH_CACHE, filter->write_ok);
181 __set_bit(GPCMD_FORMAT_UNIT, filter->write_ok);
182 __set_bit(GPCMD_REPAIR_RZONE_TRACK, filter->write_ok);
183 __set_bit(GPCMD_RESERVE_RZONE_TRACK, filter->write_ok);
184 __set_bit(GPCMD_SEND_DVD_STRUCTURE, filter->write_ok);
185 __set_bit(GPCMD_SEND_EVENT, filter->write_ok);
186 __set_bit(GPCMD_SEND_KEY, filter->write_ok);
187 __set_bit(GPCMD_SEND_OPC, filter->write_ok);
188 __set_bit(GPCMD_SEND_CUE_SHEET, filter->write_ok);
189 __set_bit(GPCMD_SET_SPEED, filter->write_ok);
190 __set_bit(GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL, filter->write_ok);
191 __set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok);
192 __set_bit(GPCMD_SET_STREAMING, filter->write_ok);
193 __set_bit(GPCMD_SET_READ_AHEAD, filter->write_ok);
194
195
196 __set_bit(ZBC_OUT, filter->write_ok);
197 __set_bit(ZBC_IN, filter->read_ok);
198}
199
200int blk_verify_command(unsigned char *cmd, fmode_t mode)
201{
202 struct blk_cmd_filter *filter = &blk_default_cmd_filter;
203
204
205 if (capable(CAP_SYS_RAWIO))
206 return 0;
207
208
209 if (test_bit(cmd[0], filter->read_ok))
210 return 0;
211
212
213 if (test_bit(cmd[0], filter->write_ok) && (mode & FMODE_WRITE))
214 return 0;
215
216 return -EPERM;
217}
218EXPORT_SYMBOL(blk_verify_command);
219
220static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq,
221 struct sg_io_hdr *hdr, fmode_t mode)
222{
223 struct scsi_request *req = scsi_req(rq);
224
225 if (copy_from_user(req->cmd, hdr->cmdp, hdr->cmd_len))
226 return -EFAULT;
227 if (blk_verify_command(req->cmd, mode))
228 return -EPERM;
229
230
231
232
233 req->cmd_len = hdr->cmd_len;
234
235 rq->timeout = msecs_to_jiffies(hdr->timeout);
236 if (!rq->timeout)
237 rq->timeout = q->sg_timeout;
238 if (!rq->timeout)
239 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
240 if (rq->timeout < BLK_MIN_SG_TIMEOUT)
241 rq->timeout = BLK_MIN_SG_TIMEOUT;
242
243 return 0;
244}
245
246static int blk_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr,
247 struct bio *bio)
248{
249 struct scsi_request *req = scsi_req(rq);
250 int r, ret = 0;
251
252
253
254
255 hdr->status = req->result & 0xff;
256 hdr->masked_status = status_byte(req->result);
257 hdr->msg_status = msg_byte(req->result);
258 hdr->host_status = host_byte(req->result);
259 hdr->driver_status = driver_byte(req->result);
260 hdr->info = 0;
261 if (hdr->masked_status || hdr->host_status || hdr->driver_status)
262 hdr->info |= SG_INFO_CHECK;
263 hdr->resid = req->resid_len;
264 hdr->sb_len_wr = 0;
265
266 if (req->sense_len && hdr->sbp) {
267 int len = min((unsigned int) hdr->mx_sb_len, req->sense_len);
268
269 if (!copy_to_user(hdr->sbp, req->sense, len))
270 hdr->sb_len_wr = len;
271 else
272 ret = -EFAULT;
273 }
274
275 r = blk_rq_unmap_user(bio);
276 if (!ret)
277 ret = r;
278
279 return ret;
280}
281
282static int sg_io(struct request_queue *q, struct gendisk *bd_disk,
283 struct sg_io_hdr *hdr, fmode_t mode)
284{
285 unsigned long start_time;
286 ssize_t ret = 0;
287 int writing = 0;
288 int at_head = 0;
289 struct request *rq;
290 struct scsi_request *req;
291 struct bio *bio;
292
293 if (hdr->interface_id != 'S')
294 return -EINVAL;
295
296 if (hdr->dxfer_len > (queue_max_hw_sectors(q) << 9))
297 return -EIO;
298
299 if (hdr->dxfer_len)
300 switch (hdr->dxfer_direction) {
301 default:
302 return -EINVAL;
303 case SG_DXFER_TO_DEV:
304 writing = 1;
305 break;
306 case SG_DXFER_TO_FROM_DEV:
307 case SG_DXFER_FROM_DEV:
308 break;
309 }
310 if (hdr->flags & SG_FLAG_Q_AT_HEAD)
311 at_head = 1;
312
313 ret = -ENOMEM;
314 rq = blk_get_request(q, writing ? REQ_OP_SCSI_OUT : REQ_OP_SCSI_IN, 0);
315 if (IS_ERR(rq))
316 return PTR_ERR(rq);
317 req = scsi_req(rq);
318
319 if (hdr->cmd_len > BLK_MAX_CDB) {
320 req->cmd = kzalloc(hdr->cmd_len, GFP_KERNEL);
321 if (!req->cmd)
322 goto out_put_request;
323 }
324
325 ret = blk_fill_sghdr_rq(q, rq, hdr, mode);
326 if (ret < 0)
327 goto out_free_cdb;
328
329 ret = 0;
330 if (hdr->iovec_count) {
331 struct iov_iter i;
332 struct iovec *iov = NULL;
333
334 ret = import_iovec(rq_data_dir(rq), hdr->dxferp,
335 hdr->iovec_count, 0, &iov, &i);
336 if (ret < 0)
337 goto out_free_cdb;
338
339
340 iov_iter_truncate(&i, hdr->dxfer_len);
341
342 ret = blk_rq_map_user_iov(q, rq, NULL, &i, GFP_KERNEL);
343 kfree(iov);
344 } else if (hdr->dxfer_len)
345 ret = blk_rq_map_user(q, rq, NULL, hdr->dxferp, hdr->dxfer_len,
346 GFP_KERNEL);
347
348 if (ret)
349 goto out_free_cdb;
350
351 bio = rq->bio;
352 req->retries = 0;
353
354 start_time = jiffies;
355
356
357
358
359
360 blk_execute_rq(q, bd_disk, rq, at_head);
361
362 hdr->duration = jiffies_to_msecs(jiffies - start_time);
363
364 ret = blk_complete_sghdr_rq(rq, hdr, bio);
365
366out_free_cdb:
367 scsi_req_free_cmd(req);
368out_put_request:
369 blk_put_request(rq);
370 return ret;
371}
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
408 struct scsi_ioctl_command __user *sic)
409{
410 enum { OMAX_SB_LEN = 16 };
411 struct request *rq;
412 struct scsi_request *req;
413 int err;
414 unsigned int in_len, out_len, bytes, opcode, cmdlen;
415 char *buffer = NULL;
416
417 if (!sic)
418 return -EINVAL;
419
420
421
422
423 if (get_user(in_len, &sic->inlen))
424 return -EFAULT;
425 if (get_user(out_len, &sic->outlen))
426 return -EFAULT;
427 if (in_len > PAGE_SIZE || out_len > PAGE_SIZE)
428 return -EINVAL;
429 if (get_user(opcode, sic->data))
430 return -EFAULT;
431
432 bytes = max(in_len, out_len);
433 if (bytes) {
434 buffer = kzalloc(bytes, q->bounce_gfp | GFP_USER| __GFP_NOWARN);
435 if (!buffer)
436 return -ENOMEM;
437
438 }
439
440 rq = blk_get_request(q, in_len ? REQ_OP_SCSI_OUT : REQ_OP_SCSI_IN, 0);
441 if (IS_ERR(rq)) {
442 err = PTR_ERR(rq);
443 goto error_free_buffer;
444 }
445 req = scsi_req(rq);
446
447 cmdlen = COMMAND_SIZE(opcode);
448
449
450
451
452 err = -EFAULT;
453 req->cmd_len = cmdlen;
454 if (copy_from_user(req->cmd, sic->data, cmdlen))
455 goto error;
456
457 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
458 goto error;
459
460 err = blk_verify_command(req->cmd, mode);
461 if (err)
462 goto error;
463
464
465 req->retries = 5;
466
467 switch (opcode) {
468 case SEND_DIAGNOSTIC:
469 case FORMAT_UNIT:
470 rq->timeout = FORMAT_UNIT_TIMEOUT;
471 req->retries = 1;
472 break;
473 case START_STOP:
474 rq->timeout = START_STOP_TIMEOUT;
475 break;
476 case MOVE_MEDIUM:
477 rq->timeout = MOVE_MEDIUM_TIMEOUT;
478 break;
479 case READ_ELEMENT_STATUS:
480 rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;
481 break;
482 case READ_DEFECT_DATA:
483 rq->timeout = READ_DEFECT_DATA_TIMEOUT;
484 req->retries = 1;
485 break;
486 default:
487 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
488 break;
489 }
490
491 if (bytes && blk_rq_map_kern(q, rq, buffer, bytes, GFP_NOIO)) {
492 err = DRIVER_ERROR << 24;
493 goto error;
494 }
495
496 blk_execute_rq(q, disk, rq, 0);
497
498 err = req->result & 0xff;
499 if (err) {
500 if (req->sense_len && req->sense) {
501 bytes = (OMAX_SB_LEN > req->sense_len) ?
502 req->sense_len : OMAX_SB_LEN;
503 if (copy_to_user(sic->data, req->sense, bytes))
504 err = -EFAULT;
505 }
506 } else {
507 if (copy_to_user(sic->data, buffer, out_len))
508 err = -EFAULT;
509 }
510
511error:
512 blk_put_request(rq);
513
514error_free_buffer:
515 kfree(buffer);
516
517 return err;
518}
519EXPORT_SYMBOL_GPL(sg_scsi_ioctl);
520
521
522static int __blk_send_generic(struct request_queue *q, struct gendisk *bd_disk,
523 int cmd, int data)
524{
525 struct request *rq;
526 int err;
527
528 rq = blk_get_request(q, REQ_OP_SCSI_OUT, 0);
529 if (IS_ERR(rq))
530 return PTR_ERR(rq);
531 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
532 scsi_req(rq)->cmd[0] = cmd;
533 scsi_req(rq)->cmd[4] = data;
534 scsi_req(rq)->cmd_len = 6;
535 blk_execute_rq(q, bd_disk, rq, 0);
536 err = scsi_req(rq)->result ? -EIO : 0;
537 blk_put_request(rq);
538
539 return err;
540}
541
542static inline int blk_send_start_stop(struct request_queue *q,
543 struct gendisk *bd_disk, int data)
544{
545 return __blk_send_generic(q, bd_disk, GPCMD_START_STOP_UNIT, data);
546}
547
548int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp)
549{
550#ifdef CONFIG_COMPAT
551 if (in_compat_syscall()) {
552 struct compat_sg_io_hdr hdr32 = {
553 .interface_id = hdr->interface_id,
554 .dxfer_direction = hdr->dxfer_direction,
555 .cmd_len = hdr->cmd_len,
556 .mx_sb_len = hdr->mx_sb_len,
557 .iovec_count = hdr->iovec_count,
558 .dxfer_len = hdr->dxfer_len,
559 .dxferp = (uintptr_t)hdr->dxferp,
560 .cmdp = (uintptr_t)hdr->cmdp,
561 .sbp = (uintptr_t)hdr->sbp,
562 .timeout = hdr->timeout,
563 .flags = hdr->flags,
564 .pack_id = hdr->pack_id,
565 .usr_ptr = (uintptr_t)hdr->usr_ptr,
566 .status = hdr->status,
567 .masked_status = hdr->masked_status,
568 .msg_status = hdr->msg_status,
569 .sb_len_wr = hdr->sb_len_wr,
570 .host_status = hdr->host_status,
571 .driver_status = hdr->driver_status,
572 .resid = hdr->resid,
573 .duration = hdr->duration,
574 .info = hdr->info,
575 };
576
577 if (copy_to_user(argp, &hdr32, sizeof(hdr32)))
578 return -EFAULT;
579
580 return 0;
581 }
582#endif
583
584 if (copy_to_user(argp, hdr, sizeof(*hdr)))
585 return -EFAULT;
586
587 return 0;
588}
589EXPORT_SYMBOL(put_sg_io_hdr);
590
591int get_sg_io_hdr(struct sg_io_hdr *hdr, const void __user *argp)
592{
593#ifdef CONFIG_COMPAT
594 struct compat_sg_io_hdr hdr32;
595
596 if (in_compat_syscall()) {
597 if (copy_from_user(&hdr32, argp, sizeof(hdr32)))
598 return -EFAULT;
599
600 *hdr = (struct sg_io_hdr) {
601 .interface_id = hdr32.interface_id,
602 .dxfer_direction = hdr32.dxfer_direction,
603 .cmd_len = hdr32.cmd_len,
604 .mx_sb_len = hdr32.mx_sb_len,
605 .iovec_count = hdr32.iovec_count,
606 .dxfer_len = hdr32.dxfer_len,
607 .dxferp = compat_ptr(hdr32.dxferp),
608 .cmdp = compat_ptr(hdr32.cmdp),
609 .sbp = compat_ptr(hdr32.sbp),
610 .timeout = hdr32.timeout,
611 .flags = hdr32.flags,
612 .pack_id = hdr32.pack_id,
613 .usr_ptr = compat_ptr(hdr32.usr_ptr),
614 .status = hdr32.status,
615 .masked_status = hdr32.masked_status,
616 .msg_status = hdr32.msg_status,
617 .sb_len_wr = hdr32.sb_len_wr,
618 .host_status = hdr32.host_status,
619 .driver_status = hdr32.driver_status,
620 .resid = hdr32.resid,
621 .duration = hdr32.duration,
622 .info = hdr32.info,
623 };
624
625 return 0;
626 }
627#endif
628
629 if (copy_from_user(hdr, argp, sizeof(*hdr)))
630 return -EFAULT;
631
632 return 0;
633}
634EXPORT_SYMBOL(get_sg_io_hdr);
635
636#ifdef CONFIG_COMPAT
637struct compat_cdrom_generic_command {
638 unsigned char cmd[CDROM_PACKET_SIZE];
639 compat_caddr_t buffer;
640 compat_uint_t buflen;
641 compat_int_t stat;
642 compat_caddr_t sense;
643 unsigned char data_direction;
644 unsigned char pad[3];
645 compat_int_t quiet;
646 compat_int_t timeout;
647 compat_caddr_t unused;
648};
649#endif
650
651static int scsi_get_cdrom_generic_arg(struct cdrom_generic_command *cgc,
652 const void __user *arg)
653{
654#ifdef CONFIG_COMPAT
655 if (in_compat_syscall()) {
656 struct compat_cdrom_generic_command cgc32;
657
658 if (copy_from_user(&cgc32, arg, sizeof(cgc32)))
659 return -EFAULT;
660
661 *cgc = (struct cdrom_generic_command) {
662 .buffer = compat_ptr(cgc32.buffer),
663 .buflen = cgc32.buflen,
664 .stat = cgc32.stat,
665 .sense = compat_ptr(cgc32.sense),
666 .data_direction = cgc32.data_direction,
667 .quiet = cgc32.quiet,
668 .timeout = cgc32.timeout,
669 .unused = compat_ptr(cgc32.unused),
670 };
671 memcpy(&cgc->cmd, &cgc32.cmd, CDROM_PACKET_SIZE);
672 return 0;
673 }
674#endif
675 if (copy_from_user(cgc, arg, sizeof(*cgc)))
676 return -EFAULT;
677
678 return 0;
679}
680
681static int scsi_put_cdrom_generic_arg(const struct cdrom_generic_command *cgc,
682 void __user *arg)
683{
684#ifdef CONFIG_COMPAT
685 if (in_compat_syscall()) {
686 struct compat_cdrom_generic_command cgc32 = {
687 .buffer = (uintptr_t)(cgc->buffer),
688 .buflen = cgc->buflen,
689 .stat = cgc->stat,
690 .sense = (uintptr_t)(cgc->sense),
691 .data_direction = cgc->data_direction,
692 .quiet = cgc->quiet,
693 .timeout = cgc->timeout,
694 .unused = (uintptr_t)(cgc->unused),
695 };
696 memcpy(&cgc32.cmd, &cgc->cmd, CDROM_PACKET_SIZE);
697
698 if (copy_to_user(arg, &cgc32, sizeof(cgc32)))
699 return -EFAULT;
700
701 return 0;
702 }
703#endif
704 if (copy_to_user(arg, cgc, sizeof(*cgc)))
705 return -EFAULT;
706
707 return 0;
708}
709
710static int scsi_cdrom_send_packet(struct request_queue *q,
711 struct gendisk *bd_disk,
712 fmode_t mode, void __user *arg)
713{
714 struct cdrom_generic_command cgc;
715 struct sg_io_hdr hdr;
716 int err;
717
718 err = scsi_get_cdrom_generic_arg(&cgc, arg);
719 if (err)
720 return err;
721
722 cgc.timeout = clock_t_to_jiffies(cgc.timeout);
723 memset(&hdr, 0, sizeof(hdr));
724 hdr.interface_id = 'S';
725 hdr.cmd_len = sizeof(cgc.cmd);
726 hdr.dxfer_len = cgc.buflen;
727 switch (cgc.data_direction) {
728 case CGC_DATA_UNKNOWN:
729 hdr.dxfer_direction = SG_DXFER_UNKNOWN;
730 break;
731 case CGC_DATA_WRITE:
732 hdr.dxfer_direction = SG_DXFER_TO_DEV;
733 break;
734 case CGC_DATA_READ:
735 hdr.dxfer_direction = SG_DXFER_FROM_DEV;
736 break;
737 case CGC_DATA_NONE:
738 hdr.dxfer_direction = SG_DXFER_NONE;
739 break;
740 default:
741 return -EINVAL;
742 }
743
744 hdr.dxferp = cgc.buffer;
745 hdr.sbp = cgc.sense;
746 if (hdr.sbp)
747 hdr.mx_sb_len = sizeof(struct request_sense);
748 hdr.timeout = jiffies_to_msecs(cgc.timeout);
749 hdr.cmdp = ((struct cdrom_generic_command __user*) arg)->cmd;
750 hdr.cmd_len = sizeof(cgc.cmd);
751
752 err = sg_io(q, bd_disk, &hdr, mode);
753 if (err == -EFAULT)
754 return -EFAULT;
755
756 if (hdr.status)
757 return -EIO;
758
759 cgc.stat = err;
760 cgc.buflen = hdr.resid;
761 if (scsi_put_cdrom_generic_arg(&cgc, arg))
762 return -EFAULT;
763
764 return err;
765}
766
767int scsi_cmd_ioctl(struct request_queue *q, struct gendisk *bd_disk, fmode_t mode,
768 unsigned int cmd, void __user *arg)
769{
770 int err;
771
772 if (!q)
773 return -ENXIO;
774
775 switch (cmd) {
776
777
778
779 case SG_GET_VERSION_NUM:
780 err = sg_get_version(arg);
781 break;
782 case SCSI_IOCTL_GET_IDLUN:
783 err = scsi_get_idlun(q, arg);
784 break;
785 case SCSI_IOCTL_GET_BUS_NUMBER:
786 err = scsi_get_bus(q, arg);
787 break;
788 case SG_SET_TIMEOUT:
789 err = sg_set_timeout(q, arg);
790 break;
791 case SG_GET_TIMEOUT:
792 err = sg_get_timeout(q);
793 break;
794 case SG_GET_RESERVED_SIZE:
795 err = sg_get_reserved_size(q, arg);
796 break;
797 case SG_SET_RESERVED_SIZE:
798 err = sg_set_reserved_size(q, arg);
799 break;
800 case SG_EMULATED_HOST:
801 err = sg_emulated_host(q, arg);
802 break;
803 case SG_IO: {
804 struct sg_io_hdr hdr;
805
806 err = get_sg_io_hdr(&hdr, arg);
807 if (err)
808 break;
809 err = sg_io(q, bd_disk, &hdr, mode);
810 if (err == -EFAULT)
811 break;
812
813 if (put_sg_io_hdr(&hdr, arg))
814 err = -EFAULT;
815 break;
816 }
817 case CDROM_SEND_PACKET:
818 err = scsi_cdrom_send_packet(q, bd_disk, mode, arg);
819 break;
820
821
822
823
824 case SCSI_IOCTL_SEND_COMMAND:
825 printk(KERN_WARNING "program %s is using a deprecated SCSI ioctl, please convert it to SG_IO\n", current->comm);
826 err = -EINVAL;
827 if (!arg)
828 break;
829
830 err = sg_scsi_ioctl(q, bd_disk, mode, arg);
831 break;
832 case CDROMCLOSETRAY:
833 err = blk_send_start_stop(q, bd_disk, 0x03);
834 break;
835 case CDROMEJECT:
836 err = blk_send_start_stop(q, bd_disk, 0x02);
837 break;
838 default:
839 err = -ENOTTY;
840 }
841
842 return err;
843}
844EXPORT_SYMBOL(scsi_cmd_ioctl);
845
846int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd)
847{
848 if (bd && !bdev_is_partition(bd))
849 return 0;
850
851 if (capable(CAP_SYS_RAWIO))
852 return 0;
853
854 return -ENOIOCTLCMD;
855}
856EXPORT_SYMBOL(scsi_verify_blk_ioctl);
857
858int scsi_cmd_blk_ioctl(struct block_device *bd, fmode_t mode,
859 unsigned int cmd, void __user *arg)
860{
861 int ret;
862
863 ret = scsi_verify_blk_ioctl(bd, cmd);
864 if (ret < 0)
865 return ret;
866
867 return scsi_cmd_ioctl(bd->bd_disk->queue, bd->bd_disk, mode, cmd, arg);
868}
869EXPORT_SYMBOL(scsi_cmd_blk_ioctl);
870
871
872
873
874
875
876
877void scsi_req_init(struct scsi_request *req)
878{
879 memset(req->__cmd, 0, sizeof(req->__cmd));
880 req->cmd = req->__cmd;
881 req->cmd_len = BLK_MAX_CDB;
882 req->sense_len = 0;
883}
884EXPORT_SYMBOL(scsi_req_init);
885
886static int __init blk_scsi_ioctl_init(void)
887{
888 blk_set_cmd_filter_defaults(&blk_default_cmd_filter);
889 return 0;
890}
891fs_initcall(blk_scsi_ioctl_init);
892
