1
2
3
4
5#include <linux/module.h>
6#include <linux/init.h>
7#include <linux/file.h>
8#include <linux/blkdev.h>
9#include <linux/cdev.h>
10#include <linux/jiffies.h>
11#include <linux/percpu.h>
12#include <linux/idr.h>
13#include <linux/bsg.h>
14#include <linux/slab.h>
15
16#include <scsi/scsi.h>
17#include <scsi/scsi_ioctl.h>
18#include <scsi/scsi_cmnd.h>
19#include <scsi/scsi_device.h>
20#include <scsi/scsi_driver.h>
21#include <scsi/sg.h>
22
23#define BSG_DESCRIPTION "Block layer SCSI generic (bsg) driver"
24#define BSG_VERSION "0.4"
25
26#define bsg_dbg(bd, fmt, ...) \
27 pr_debug("%s: " fmt, (bd)->name, ##__VA_ARGS__)
28
29struct bsg_device {
30 struct request_queue *queue;
31 spinlock_t lock;
32 struct hlist_node dev_list;
33 refcount_t ref_count;
34 char name[20];
35 int max_queue;
36};
37
38#define BSG_DEFAULT_CMDS 64
39#define BSG_MAX_DEVS 32768
40
41static DEFINE_MUTEX(bsg_mutex);
42static DEFINE_IDR(bsg_minor_idr);
43
44#define BSG_LIST_ARRAY_SIZE 8
45static struct hlist_head bsg_device_list[BSG_LIST_ARRAY_SIZE];
46
47static struct class *bsg_class;
48static int bsg_major;
49
50static inline struct hlist_head *bsg_dev_idx_hash(int index)
51{
52 return &bsg_device_list[index & (BSG_LIST_ARRAY_SIZE - 1)];
53}
54
55#define uptr64(val) ((void __user *)(uintptr_t)(val))
56
57static int bsg_scsi_check_proto(struct sg_io_v4 *hdr)
58{
59 if (hdr->protocol != BSG_PROTOCOL_SCSI ||
60 hdr->subprotocol != BSG_SUB_PROTOCOL_SCSI_CMD)
61 return -EINVAL;
62 return 0;
63}
64
65static int bsg_scsi_fill_hdr(struct request *rq, struct sg_io_v4 *hdr,
66 fmode_t mode)
67{
68 struct scsi_request *sreq = scsi_req(rq);
69
70 if (hdr->dout_xfer_len && hdr->din_xfer_len) {
71 pr_warn_once("BIDI support in bsg has been removed.\n");
72 return -EOPNOTSUPP;
73 }
74
75 sreq->cmd_len = hdr->request_len;
76 if (sreq->cmd_len > BLK_MAX_CDB) {
77 sreq->cmd = kzalloc(sreq->cmd_len, GFP_KERNEL);
78 if (!sreq->cmd)
79 return -ENOMEM;
80 }
81
82 if (copy_from_user(sreq->cmd, uptr64(hdr->request), sreq->cmd_len))
83 return -EFAULT;
84 if (blk_verify_command(sreq->cmd, mode))
85 return -EPERM;
86 return 0;
87}
88
89static int bsg_scsi_complete_rq(struct request *rq, struct sg_io_v4 *hdr)
90{
91 struct scsi_request *sreq = scsi_req(rq);
92 int ret = 0;
93
94
95
96
97 hdr->device_status = sreq->result & 0xff;
98 hdr->transport_status = host_byte(sreq->result);
99 hdr->driver_status = 0;
100 if (scsi_status_is_check_condition(sreq->result))
101 hdr->driver_status = DRIVER_SENSE;
102 hdr->info = 0;
103 if (hdr->device_status || hdr->transport_status || hdr->driver_status)
104 hdr->info |= SG_INFO_CHECK;
105 hdr->response_len = 0;
106
107 if (sreq->sense_len && hdr->response) {
108 int len = min_t(unsigned int, hdr->max_response_len,
109 sreq->sense_len);
110
111 if (copy_to_user(uptr64(hdr->response), sreq->sense, len))
112 ret = -EFAULT;
113 else
114 hdr->response_len = len;
115 }
116
117 if (rq_data_dir(rq) == READ)
118 hdr->din_resid = sreq->resid_len;
119 else
120 hdr->dout_resid = sreq->resid_len;
121
122 return ret;
123}
124
125static void bsg_scsi_free_rq(struct request *rq)
126{
127 scsi_req_free_cmd(scsi_req(rq));
128}
129
130static const struct bsg_ops bsg_scsi_ops = {
131 .check_proto = bsg_scsi_check_proto,
132 .fill_hdr = bsg_scsi_fill_hdr,
133 .complete_rq = bsg_scsi_complete_rq,
134 .free_rq = bsg_scsi_free_rq,
135};
136
137static int bsg_sg_io(struct request_queue *q, fmode_t mode, void __user *uarg)
138{
139 struct request *rq;
140 struct bio *bio;
141 struct sg_io_v4 hdr;
142 int ret;
143
144 if (copy_from_user(&hdr, uarg, sizeof(hdr)))
145 return -EFAULT;
146
147 if (!q->bsg_dev.class_dev)
148 return -ENXIO;
149
150 if (hdr.guard != 'Q')
151 return -EINVAL;
152 ret = q->bsg_dev.ops->check_proto(&hdr);
153 if (ret)
154 return ret;
155
156 rq = blk_get_request(q, hdr.dout_xfer_len ?
157 REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);
158 if (IS_ERR(rq))
159 return PTR_ERR(rq);
160
161 ret = q->bsg_dev.ops->fill_hdr(rq, &hdr, mode);
162 if (ret) {
163 blk_put_request(rq);
164 return ret;
165 }
166
167 rq->timeout = msecs_to_jiffies(hdr.timeout);
168 if (!rq->timeout)
169 rq->timeout = q->sg_timeout;
170 if (!rq->timeout)
171 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
172 if (rq->timeout < BLK_MIN_SG_TIMEOUT)
173 rq->timeout = BLK_MIN_SG_TIMEOUT;
174
175 if (hdr.dout_xfer_len) {
176 ret = blk_rq_map_user(q, rq, NULL, uptr64(hdr.dout_xferp),
177 hdr.dout_xfer_len, GFP_KERNEL);
178 } else if (hdr.din_xfer_len) {
179 ret = blk_rq_map_user(q, rq, NULL, uptr64(hdr.din_xferp),
180 hdr.din_xfer_len, GFP_KERNEL);
181 }
182
183 if (ret)
184 goto out_free_rq;
185
186 bio = rq->bio;
187
188 blk_execute_rq(NULL, rq, !(hdr.flags & BSG_FLAG_Q_AT_TAIL));
189 ret = rq->q->bsg_dev.ops->complete_rq(rq, &hdr);
190 blk_rq_unmap_user(bio);
191
192out_free_rq:
193 rq->q->bsg_dev.ops->free_rq(rq);
194 blk_put_request(rq);
195 if (!ret && copy_to_user(uarg, &hdr, sizeof(hdr)))
196 return -EFAULT;
197 return ret;
198}
199
200static struct bsg_device *bsg_alloc_device(void)
201{
202 struct bsg_device *bd;
203
204 bd = kzalloc(sizeof(struct bsg_device), GFP_KERNEL);
205 if (unlikely(!bd))
206 return NULL;
207
208 spin_lock_init(&bd->lock);
209 bd->max_queue = BSG_DEFAULT_CMDS;
210 INIT_HLIST_NODE(&bd->dev_list);
211 return bd;
212}
213
214static int bsg_put_device(struct bsg_device *bd)
215{
216 struct request_queue *q = bd->queue;
217
218 mutex_lock(&bsg_mutex);
219
220 if (!refcount_dec_and_test(&bd->ref_count)) {
221 mutex_unlock(&bsg_mutex);
222 return 0;
223 }
224
225 hlist_del(&bd->dev_list);
226 mutex_unlock(&bsg_mutex);
227
228 bsg_dbg(bd, "tearing down\n");
229
230
231
232
233 kfree(bd);
234 blk_put_queue(q);
235 return 0;
236}
237
238static struct bsg_device *bsg_add_device(struct inode *inode,
239 struct request_queue *rq,
240 struct file *file)
241{
242 struct bsg_device *bd;
243 unsigned char buf[32];
244
245 lockdep_assert_held(&bsg_mutex);
246
247 if (!blk_get_queue(rq))
248 return ERR_PTR(-ENXIO);
249
250 bd = bsg_alloc_device();
251 if (!bd) {
252 blk_put_queue(rq);
253 return ERR_PTR(-ENOMEM);
254 }
255
256 bd->queue = rq;
257
258 refcount_set(&bd->ref_count, 1);
259 hlist_add_head(&bd->dev_list, bsg_dev_idx_hash(iminor(inode)));
260
261 strncpy(bd->name, dev_name(rq->bsg_dev.class_dev), sizeof(bd->name) - 1);
262 bsg_dbg(bd, "bound to <%s>, max queue %d\n",
263 format_dev_t(buf, inode->i_rdev), bd->max_queue);
264
265 return bd;
266}
267
268static struct bsg_device *__bsg_get_device(int minor, struct request_queue *q)
269{
270 struct bsg_device *bd;
271
272 lockdep_assert_held(&bsg_mutex);
273
274 hlist_for_each_entry(bd, bsg_dev_idx_hash(minor), dev_list) {
275 if (bd->queue == q) {
276 refcount_inc(&bd->ref_count);
277 goto found;
278 }
279 }
280 bd = NULL;
281found:
282 return bd;
283}
284
285static struct bsg_device *bsg_get_device(struct inode *inode, struct file *file)
286{
287 struct bsg_device *bd;
288 struct bsg_class_device *bcd;
289
290
291
292
293 mutex_lock(&bsg_mutex);
294 bcd = idr_find(&bsg_minor_idr, iminor(inode));
295
296 if (!bcd) {
297 bd = ERR_PTR(-ENODEV);
298 goto out_unlock;
299 }
300
301 bd = __bsg_get_device(iminor(inode), bcd->queue);
302 if (!bd)
303 bd = bsg_add_device(inode, bcd->queue, file);
304
305out_unlock:
306 mutex_unlock(&bsg_mutex);
307 return bd;
308}
309
310static int bsg_open(struct inode *inode, struct file *file)
311{
312 struct bsg_device *bd;
313
314 bd = bsg_get_device(inode, file);
315
316 if (IS_ERR(bd))
317 return PTR_ERR(bd);
318
319 file->private_data = bd;
320 return 0;
321}
322
323static int bsg_release(struct inode *inode, struct file *file)
324{
325 struct bsg_device *bd = file->private_data;
326
327 file->private_data = NULL;
328 return bsg_put_device(bd);
329}
330
331static int bsg_get_command_q(struct bsg_device *bd, int __user *uarg)
332{
333 return put_user(bd->max_queue, uarg);
334}
335
336static int bsg_set_command_q(struct bsg_device *bd, int __user *uarg)
337{
338 int queue;
339
340 if (get_user(queue, uarg))
341 return -EFAULT;
342 if (queue < 1)
343 return -EINVAL;
344
345 spin_lock_irq(&bd->lock);
346 bd->max_queue = queue;
347 spin_unlock_irq(&bd->lock);
348 return 0;
349}
350
351static long bsg_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
352{
353 struct bsg_device *bd = file->private_data;
354 void __user *uarg = (void __user *) arg;
355
356 switch (cmd) {
357
358
359
360 case SG_GET_COMMAND_Q:
361 return bsg_get_command_q(bd, uarg);
362 case SG_SET_COMMAND_Q:
363 return bsg_set_command_q(bd, uarg);
364
365
366
367
368 case SG_GET_VERSION_NUM:
369 case SCSI_IOCTL_GET_IDLUN:
370 case SCSI_IOCTL_GET_BUS_NUMBER:
371 case SG_SET_TIMEOUT:
372 case SG_GET_TIMEOUT:
373 case SG_GET_RESERVED_SIZE:
374 case SG_SET_RESERVED_SIZE:
375 case SG_EMULATED_HOST:
376 case SCSI_IOCTL_SEND_COMMAND:
377 return scsi_cmd_ioctl(bd->queue, NULL, file->f_mode, cmd, uarg);
378 case SG_IO:
379 return bsg_sg_io(bd->queue, file->f_mode, uarg);
380 default:
381 return -ENOTTY;
382 }
383}
384
385static const struct file_operations bsg_fops = {
386 .open = bsg_open,
387 .release = bsg_release,
388 .unlocked_ioctl = bsg_ioctl,
389 .compat_ioctl = compat_ptr_ioctl,
390 .owner = THIS_MODULE,
391 .llseek = default_llseek,
392};
393
394void bsg_unregister_queue(struct request_queue *q)
395{
396 struct bsg_class_device *bcd = &q->bsg_dev;
397
398 if (!bcd->class_dev)
399 return;
400
401 mutex_lock(&bsg_mutex);
402 idr_remove(&bsg_minor_idr, bcd->minor);
403 if (q->kobj.sd)
404 sysfs_remove_link(&q->kobj, "bsg");
405 device_unregister(bcd->class_dev);
406 bcd->class_dev = NULL;
407 mutex_unlock(&bsg_mutex);
408}
409EXPORT_SYMBOL_GPL(bsg_unregister_queue);
410
411int bsg_register_queue(struct request_queue *q, struct device *parent,
412 const char *name, const struct bsg_ops *ops)
413{
414 struct bsg_class_device *bcd;
415 dev_t dev;
416 int ret;
417 struct device *class_dev = NULL;
418
419
420
421
422 if (!queue_is_mq(q))
423 return 0;
424
425 bcd = &q->bsg_dev;
426 memset(bcd, 0, sizeof(*bcd));
427
428 mutex_lock(&bsg_mutex);
429
430 ret = idr_alloc(&bsg_minor_idr, bcd, 0, BSG_MAX_DEVS, GFP_KERNEL);
431 if (ret < 0) {
432 if (ret == -ENOSPC) {
433 printk(KERN_ERR "bsg: too many bsg devices\n");
434 ret = -EINVAL;
435 }
436 goto unlock;
437 }
438
439 bcd->minor = ret;
440 bcd->queue = q;
441 bcd->ops = ops;
442 dev = MKDEV(bsg_major, bcd->minor);
443 class_dev = device_create(bsg_class, parent, dev, NULL, "%s", name);
444 if (IS_ERR(class_dev)) {
445 ret = PTR_ERR(class_dev);
446 goto idr_remove;
447 }
448 bcd->class_dev = class_dev;
449
450 if (q->kobj.sd) {
451 ret = sysfs_create_link(&q->kobj, &bcd->class_dev->kobj, "bsg");
452 if (ret)
453 goto unregister_class_dev;
454 }
455
456 mutex_unlock(&bsg_mutex);
457 return 0;
458
459unregister_class_dev:
460 device_unregister(class_dev);
461idr_remove:
462 idr_remove(&bsg_minor_idr, bcd->minor);
463unlock:
464 mutex_unlock(&bsg_mutex);
465 return ret;
466}
467
468int bsg_scsi_register_queue(struct request_queue *q, struct device *parent)
469{
470 if (!blk_queue_scsi_passthrough(q)) {
471 WARN_ONCE(true, "Attempt to register a non-SCSI queue\n");
472 return -EINVAL;
473 }
474
475 return bsg_register_queue(q, parent, dev_name(parent), &bsg_scsi_ops);
476}
477EXPORT_SYMBOL_GPL(bsg_scsi_register_queue);
478
479static struct cdev bsg_cdev;
480
481static char *bsg_devnode(struct device *dev, umode_t *mode)
482{
483 return kasprintf(GFP_KERNEL, "bsg/%s", dev_name(dev));
484}
485
486static int __init bsg_init(void)
487{
488 int ret, i;
489 dev_t devid;
490
491 for (i = 0; i < BSG_LIST_ARRAY_SIZE; i++)
492 INIT_HLIST_HEAD(&bsg_device_list[i]);
493
494 bsg_class = class_create(THIS_MODULE, "bsg");
495 if (IS_ERR(bsg_class))
496 return PTR_ERR(bsg_class);
497 bsg_class->devnode = bsg_devnode;
498
499 ret = alloc_chrdev_region(&devid, 0, BSG_MAX_DEVS, "bsg");
500 if (ret)
501 goto destroy_bsg_class;
502
503 bsg_major = MAJOR(devid);
504
505 cdev_init(&bsg_cdev, &bsg_fops);
506 ret = cdev_add(&bsg_cdev, MKDEV(bsg_major, 0), BSG_MAX_DEVS);
507 if (ret)
508 goto unregister_chrdev;
509
510 printk(KERN_INFO BSG_DESCRIPTION " version " BSG_VERSION
511 " loaded (major %d)\n", bsg_major);
512 return 0;
513unregister_chrdev:
514 unregister_chrdev_region(MKDEV(bsg_major, 0), BSG_MAX_DEVS);
515destroy_bsg_class:
516 class_destroy(bsg_class);
517 return ret;
518}
519
520MODULE_AUTHOR("Jens Axboe");
521MODULE_DESCRIPTION(BSG_DESCRIPTION);
522MODULE_LICENSE("GPL");
523
524device_initcall(bsg_init);
525
