1
2
3
4
5
6
7
8#include <linux/module.h>
9#include <linux/blkdev.h>
10#include <linux/interrupt.h>
11#include <linux/errno.h>
12#include <linux/kernel.h>
13#include <linux/sched.h>
14#include <linux/mm.h>
15#include <linux/string.h>
16#include <linux/uaccess.h>
17#include <linux/cdrom.h>
18
19#include <scsi/scsi.h>
20#include <scsi/scsi_cmnd.h>
21#include <scsi/scsi_device.h>
22#include <scsi/scsi_eh.h>
23#include <scsi/scsi_host.h>
24#include <scsi/scsi_ioctl.h>
25#include <scsi/sg.h>
26#include <scsi/scsi_dbg.h>
27
28#include "scsi_logging.h"
29
30#define NORMAL_RETRIES 5
31#define IOCTL_NORMAL_TIMEOUT (10 * HZ)
32
33#define MAX_BUF PAGE_SIZE
34
35
36
37
38
39
40
41
42
43static int ioctl_probe(struct Scsi_Host *host, void __user *buffer)
44{
45 unsigned int len, slen;
46 const char *string;
47
48 if (buffer) {
49 if (get_user(len, (unsigned int __user *) buffer))
50 return -EFAULT;
51
52 if (host->hostt->info)
53 string = host->hostt->info(host);
54 else
55 string = host->hostt->name;
56 if (string) {
57 slen = strlen(string);
58 if (len > slen)
59 len = slen + 1;
60 if (copy_to_user(buffer, string, len))
61 return -EFAULT;
62 }
63 }
64 return 1;
65}
66
67static int ioctl_internal_command(struct scsi_device *sdev, char *cmd,
68 int timeout, int retries)
69{
70 int result;
71 struct scsi_sense_hdr sshdr;
72
73 SCSI_LOG_IOCTL(1, sdev_printk(KERN_INFO, sdev,
74 "Trying ioctl with scsi command %d\n", *cmd));
75
76 result = scsi_execute_req(sdev, cmd, DMA_NONE, NULL, 0,
77 &sshdr, timeout, retries, NULL);
78
79 SCSI_LOG_IOCTL(2, sdev_printk(KERN_INFO, sdev,
80 "Ioctl returned 0x%x\n", result));
81
82 if (result < 0)
83 goto out;
84 if (scsi_sense_valid(&sshdr)) {
85 switch (sshdr.sense_key) {
86 case ILLEGAL_REQUEST:
87 if (cmd[0] == ALLOW_MEDIUM_REMOVAL)
88 sdev->lockable = 0;
89 else
90 sdev_printk(KERN_INFO, sdev,
91 "ioctl_internal_command: "
92 "ILLEGAL REQUEST "
93 "asc=0x%x ascq=0x%x\n",
94 sshdr.asc, sshdr.ascq);
95 break;
96 case NOT_READY:
97 if (sdev->removable)
98 break;
99 fallthrough;
100 case UNIT_ATTENTION:
101 if (sdev->removable) {
102 sdev->changed = 1;
103 result = 0;
104 break;
105 }
106 fallthrough;
107 default:
108 sdev_printk(KERN_INFO, sdev,
109 "ioctl_internal_command return code = %x\n",
110 result);
111 scsi_print_sense_hdr(sdev, NULL, &sshdr);
112 break;
113 }
114 }
115out:
116 SCSI_LOG_IOCTL(2, sdev_printk(KERN_INFO, sdev,
117 "IOCTL Releasing command\n"));
118 return result;
119}
120
121int scsi_set_medium_removal(struct scsi_device *sdev, char state)
122{
123 char scsi_cmd[MAX_COMMAND_SIZE];
124 int ret;
125
126 if (!sdev->removable || !sdev->lockable)
127 return 0;
128
129 scsi_cmd[0] = ALLOW_MEDIUM_REMOVAL;
130 scsi_cmd[1] = 0;
131 scsi_cmd[2] = 0;
132 scsi_cmd[3] = 0;
133 scsi_cmd[4] = state;
134 scsi_cmd[5] = 0;
135
136 ret = ioctl_internal_command(sdev, scsi_cmd,
137 IOCTL_NORMAL_TIMEOUT, NORMAL_RETRIES);
138 if (ret == 0)
139 sdev->locked = (state == SCSI_REMOVAL_PREVENT);
140 return ret;
141}
142EXPORT_SYMBOL(scsi_set_medium_removal);
143
144
145
146
147
148
149
150
151
152
153
154static int scsi_ioctl_get_pci(struct scsi_device *sdev, void __user *arg)
155{
156 struct device *dev = scsi_get_device(sdev->host);
157 const char *name;
158
159 if (!dev)
160 return -ENXIO;
161
162 name = dev_name(dev);
163
164
165
166 return copy_to_user(arg, name, min(strlen(name), (size_t)20))
167 ? -EFAULT: 0;
168}
169
170static int sg_get_version(int __user *p)
171{
172 static const int sg_version_num = 30527;
173 return put_user(sg_version_num, p);
174}
175
176static int sg_set_timeout(struct scsi_device *sdev, int __user *p)
177{
178 int timeout, err = get_user(timeout, p);
179
180 if (!err)
181 sdev->sg_timeout = clock_t_to_jiffies(timeout);
182
183 return err;
184}
185
186static int sg_get_reserved_size(struct scsi_device *sdev, int __user *p)
187{
188 int val = min(sdev->sg_reserved_size,
189 queue_max_bytes(sdev->request_queue));
190
191 return put_user(val, p);
192}
193
194static int sg_set_reserved_size(struct scsi_device *sdev, int __user *p)
195{
196 int size, err = get_user(size, p);
197
198 if (err)
199 return err;
200
201 if (size < 0)
202 return -EINVAL;
203
204 sdev->sg_reserved_size = min_t(unsigned int, size,
205 queue_max_bytes(sdev->request_queue));
206 return 0;
207}
208
209
210
211
212
213static int sg_emulated_host(struct request_queue *q, int __user *p)
214{
215 return put_user(1, p);
216}
217
218static int scsi_get_idlun(struct scsi_device *sdev, void __user *argp)
219{
220 struct scsi_idlun v = {
221 .dev_id = (sdev->id & 0xff) +
222 ((sdev->lun & 0xff) << 8) +
223 ((sdev->channel & 0xff) << 16) +
224 ((sdev->host->host_no & 0xff) << 24),
225 .host_unique_id = sdev->host->unique_id
226 };
227 if (copy_to_user(argp, &v, sizeof(struct scsi_idlun)))
228 return -EFAULT;
229 return 0;
230}
231
232static int scsi_send_start_stop(struct scsi_device *sdev, int data)
233{
234 u8 cdb[MAX_COMMAND_SIZE] = { };
235
236 cdb[0] = START_STOP;
237 cdb[4] = data;
238 return ioctl_internal_command(sdev, cdb, START_STOP_TIMEOUT,
239 NORMAL_RETRIES);
240}
241
242
243
244
245
246
247
248bool scsi_cmd_allowed(unsigned char *cmd, fmode_t mode)
249{
250
251 if (capable(CAP_SYS_RAWIO))
252 return true;
253
254
255 switch (cmd[0]) {
256
257 case TEST_UNIT_READY:
258 case REQUEST_SENSE:
259 case READ_6:
260 case READ_10:
261 case READ_12:
262 case READ_16:
263 case READ_BUFFER:
264 case READ_DEFECT_DATA:
265 case READ_CAPACITY:
266 case READ_LONG:
267 case INQUIRY:
268 case MODE_SENSE:
269 case MODE_SENSE_10:
270 case LOG_SENSE:
271 case START_STOP:
272 case GPCMD_VERIFY_10:
273 case VERIFY_16:
274 case REPORT_LUNS:
275 case SERVICE_ACTION_IN_16:
276 case RECEIVE_DIAGNOSTIC:
277 case MAINTENANCE_IN:
278 case GPCMD_READ_BUFFER_CAPACITY:
279
280 case GPCMD_PLAY_CD:
281 case GPCMD_PLAY_AUDIO_10:
282 case GPCMD_PLAY_AUDIO_MSF:
283 case GPCMD_PLAY_AUDIO_TI:
284 case GPCMD_PAUSE_RESUME:
285
286 case GPCMD_READ_CD:
287 case GPCMD_READ_CD_MSF:
288 case GPCMD_READ_DISC_INFO:
289 case GPCMD_READ_DVD_STRUCTURE:
290 case GPCMD_READ_HEADER:
291 case GPCMD_READ_TRACK_RZONE_INFO:
292 case GPCMD_READ_SUBCHANNEL:
293 case GPCMD_READ_TOC_PMA_ATIP:
294 case GPCMD_REPORT_KEY:
295 case GPCMD_SCAN:
296 case GPCMD_GET_CONFIGURATION:
297 case GPCMD_READ_FORMAT_CAPACITIES:
298 case GPCMD_GET_EVENT_STATUS_NOTIFICATION:
299 case GPCMD_GET_PERFORMANCE:
300 case GPCMD_SEEK:
301 case GPCMD_STOP_PLAY_SCAN:
302
303 case ZBC_IN:
304 return true;
305
306 case WRITE_6:
307 case WRITE_10:
308 case WRITE_VERIFY:
309 case WRITE_12:
310 case WRITE_VERIFY_12:
311 case WRITE_16:
312 case WRITE_LONG:
313 case WRITE_LONG_2:
314 case WRITE_SAME:
315 case WRITE_SAME_16:
316 case WRITE_SAME_32:
317 case ERASE:
318 case GPCMD_MODE_SELECT_10:
319 case MODE_SELECT:
320 case LOG_SELECT:
321 case GPCMD_BLANK:
322 case GPCMD_CLOSE_TRACK:
323 case GPCMD_FLUSH_CACHE:
324 case GPCMD_FORMAT_UNIT:
325 case GPCMD_REPAIR_RZONE_TRACK:
326 case GPCMD_RESERVE_RZONE_TRACK:
327 case GPCMD_SEND_DVD_STRUCTURE:
328 case GPCMD_SEND_EVENT:
329 case GPCMD_SEND_OPC:
330 case GPCMD_SEND_CUE_SHEET:
331 case GPCMD_SET_SPEED:
332 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
333 case GPCMD_LOAD_UNLOAD:
334 case GPCMD_SET_STREAMING:
335 case GPCMD_SET_READ_AHEAD:
336
337 case ZBC_OUT:
338 return (mode & FMODE_WRITE);
339 default:
340 return false;
341 }
342}
343EXPORT_SYMBOL(scsi_cmd_allowed);
344
345static int scsi_fill_sghdr_rq(struct scsi_device *sdev, struct request *rq,
346 struct sg_io_hdr *hdr, fmode_t mode)
347{
348 struct scsi_request *req = scsi_req(rq);
349
350 if (hdr->cmd_len < 6)
351 return -EMSGSIZE;
352 if (copy_from_user(req->cmd, hdr->cmdp, hdr->cmd_len))
353 return -EFAULT;
354 if (!scsi_cmd_allowed(req->cmd, mode))
355 return -EPERM;
356
357
358
359
360 req->cmd_len = hdr->cmd_len;
361
362 rq->timeout = msecs_to_jiffies(hdr->timeout);
363 if (!rq->timeout)
364 rq->timeout = sdev->sg_timeout;
365 if (!rq->timeout)
366 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
367 if (rq->timeout < BLK_MIN_SG_TIMEOUT)
368 rq->timeout = BLK_MIN_SG_TIMEOUT;
369
370 return 0;
371}
372
373static int scsi_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr,
374 struct bio *bio)
375{
376 struct scsi_request *req = scsi_req(rq);
377 int r, ret = 0;
378
379
380
381
382 hdr->status = req->result & 0xff;
383 hdr->masked_status = status_byte(req->result);
384 hdr->msg_status = COMMAND_COMPLETE;
385 hdr->host_status = host_byte(req->result);
386 hdr->driver_status = 0;
387 if (scsi_status_is_check_condition(hdr->status))
388 hdr->driver_status = DRIVER_SENSE;
389 hdr->info = 0;
390 if (hdr->masked_status || hdr->host_status || hdr->driver_status)
391 hdr->info |= SG_INFO_CHECK;
392 hdr->resid = req->resid_len;
393 hdr->sb_len_wr = 0;
394
395 if (req->sense_len && hdr->sbp) {
396 int len = min((unsigned int) hdr->mx_sb_len, req->sense_len);
397
398 if (!copy_to_user(hdr->sbp, req->sense, len))
399 hdr->sb_len_wr = len;
400 else
401 ret = -EFAULT;
402 }
403
404 r = blk_rq_unmap_user(bio);
405 if (!ret)
406 ret = r;
407
408 return ret;
409}
410
411static int sg_io(struct scsi_device *sdev, struct gendisk *disk,
412 struct sg_io_hdr *hdr, fmode_t mode)
413{
414 unsigned long start_time;
415 ssize_t ret = 0;
416 int writing = 0;
417 int at_head = 0;
418 struct request *rq;
419 struct scsi_request *req;
420 struct bio *bio;
421
422 if (hdr->interface_id != 'S')
423 return -EINVAL;
424
425 if (hdr->dxfer_len > (queue_max_hw_sectors(sdev->request_queue) << 9))
426 return -EIO;
427
428 if (hdr->dxfer_len)
429 switch (hdr->dxfer_direction) {
430 default:
431 return -EINVAL;
432 case SG_DXFER_TO_DEV:
433 writing = 1;
434 break;
435 case SG_DXFER_TO_FROM_DEV:
436 case SG_DXFER_FROM_DEV:
437 break;
438 }
439 if (hdr->flags & SG_FLAG_Q_AT_HEAD)
440 at_head = 1;
441
442 ret = -ENOMEM;
443 rq = scsi_alloc_request(sdev->request_queue, writing ?
444 REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);
445 if (IS_ERR(rq))
446 return PTR_ERR(rq);
447 req = scsi_req(rq);
448
449 if (hdr->cmd_len > BLK_MAX_CDB) {
450 req->cmd = kzalloc(hdr->cmd_len, GFP_KERNEL);
451 if (!req->cmd)
452 goto out_put_request;
453 }
454
455 ret = scsi_fill_sghdr_rq(sdev, rq, hdr, mode);
456 if (ret < 0)
457 goto out_free_cdb;
458
459 ret = 0;
460 if (hdr->iovec_count) {
461 struct iov_iter i;
462 struct iovec *iov = NULL;
463
464 ret = import_iovec(rq_data_dir(rq), hdr->dxferp,
465 hdr->iovec_count, 0, &iov, &i);
466 if (ret < 0)
467 goto out_free_cdb;
468
469
470 iov_iter_truncate(&i, hdr->dxfer_len);
471
472 ret = blk_rq_map_user_iov(rq->q, rq, NULL, &i, GFP_KERNEL);
473 kfree(iov);
474 } else if (hdr->dxfer_len)
475 ret = blk_rq_map_user(rq->q, rq, NULL, hdr->dxferp,
476 hdr->dxfer_len, GFP_KERNEL);
477
478 if (ret)
479 goto out_free_cdb;
480
481 bio = rq->bio;
482 req->retries = 0;
483
484 start_time = jiffies;
485
486 blk_execute_rq(disk, rq, at_head);
487
488 hdr->duration = jiffies_to_msecs(jiffies - start_time);
489
490 ret = scsi_complete_sghdr_rq(rq, hdr, bio);
491
492out_free_cdb:
493 scsi_req_free_cmd(req);
494out_put_request:
495 blk_mq_free_request(rq);
496 return ret;
497}
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533static int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk,
534 fmode_t mode, struct scsi_ioctl_command __user *sic)
535{
536 enum { OMAX_SB_LEN = 16 };
537 struct request *rq;
538 struct scsi_request *req;
539 int err;
540 unsigned int in_len, out_len, bytes, opcode, cmdlen;
541 char *buffer = NULL;
542
543 if (!sic)
544 return -EINVAL;
545
546
547
548
549 if (get_user(in_len, &sic->inlen))
550 return -EFAULT;
551 if (get_user(out_len, &sic->outlen))
552 return -EFAULT;
553 if (in_len > PAGE_SIZE || out_len > PAGE_SIZE)
554 return -EINVAL;
555 if (get_user(opcode, sic->data))
556 return -EFAULT;
557
558 bytes = max(in_len, out_len);
559 if (bytes) {
560 buffer = kzalloc(bytes, GFP_NOIO | GFP_USER | __GFP_NOWARN);
561 if (!buffer)
562 return -ENOMEM;
563
564 }
565
566 rq = scsi_alloc_request(q, in_len ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);
567 if (IS_ERR(rq)) {
568 err = PTR_ERR(rq);
569 goto error_free_buffer;
570 }
571 req = scsi_req(rq);
572
573 cmdlen = COMMAND_SIZE(opcode);
574
575
576
577
578 err = -EFAULT;
579 req->cmd_len = cmdlen;
580 if (copy_from_user(req->cmd, sic->data, cmdlen))
581 goto error;
582
583 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
584 goto error;
585
586 err = -EPERM;
587 if (!scsi_cmd_allowed(req->cmd, mode))
588 goto error;
589
590
591 req->retries = 5;
592
593 switch (opcode) {
594 case SEND_DIAGNOSTIC:
595 case FORMAT_UNIT:
596 rq->timeout = FORMAT_UNIT_TIMEOUT;
597 req->retries = 1;
598 break;
599 case START_STOP:
600 rq->timeout = START_STOP_TIMEOUT;
601 break;
602 case MOVE_MEDIUM:
603 rq->timeout = MOVE_MEDIUM_TIMEOUT;
604 break;
605 case READ_ELEMENT_STATUS:
606 rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;
607 break;
608 case READ_DEFECT_DATA:
609 rq->timeout = READ_DEFECT_DATA_TIMEOUT;
610 req->retries = 1;
611 break;
612 default:
613 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
614 break;
615 }
616
617 if (bytes) {
618 err = blk_rq_map_kern(q, rq, buffer, bytes, GFP_NOIO);
619 if (err)
620 goto error;
621 }
622
623 blk_execute_rq(disk, rq, 0);
624
625 err = req->result & 0xff;
626 if (err) {
627 if (req->sense_len && req->sense) {
628 bytes = (OMAX_SB_LEN > req->sense_len) ?
629 req->sense_len : OMAX_SB_LEN;
630 if (copy_to_user(sic->data, req->sense, bytes))
631 err = -EFAULT;
632 }
633 } else {
634 if (copy_to_user(sic->data, buffer, out_len))
635 err = -EFAULT;
636 }
637
638error:
639 blk_mq_free_request(rq);
640
641error_free_buffer:
642 kfree(buffer);
643
644 return err;
645}
646
647int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp)
648{
649#ifdef CONFIG_COMPAT
650 if (in_compat_syscall()) {
651 struct compat_sg_io_hdr hdr32 = {
652 .interface_id = hdr->interface_id,
653 .dxfer_direction = hdr->dxfer_direction,
654 .cmd_len = hdr->cmd_len,
655 .mx_sb_len = hdr->mx_sb_len,
656 .iovec_count = hdr->iovec_count,
657 .dxfer_len = hdr->dxfer_len,
658 .dxferp = (uintptr_t)hdr->dxferp,
659 .cmdp = (uintptr_t)hdr->cmdp,
660 .sbp = (uintptr_t)hdr->sbp,
661 .timeout = hdr->timeout,
662 .flags = hdr->flags,
663 .pack_id = hdr->pack_id,
664 .usr_ptr = (uintptr_t)hdr->usr_ptr,
665 .status = hdr->status,
666 .masked_status = hdr->masked_status,
667 .msg_status = hdr->msg_status,
668 .sb_len_wr = hdr->sb_len_wr,
669 .host_status = hdr->host_status,
670 .driver_status = hdr->driver_status,
671 .resid = hdr->resid,
672 .duration = hdr->duration,
673 .info = hdr->info,
674 };
675
676 if (copy_to_user(argp, &hdr32, sizeof(hdr32)))
677 return -EFAULT;
678
679 return 0;
680 }
681#endif
682
683 if (copy_to_user(argp, hdr, sizeof(*hdr)))
684 return -EFAULT;
685
686 return 0;
687}
688EXPORT_SYMBOL(put_sg_io_hdr);
689
690int get_sg_io_hdr(struct sg_io_hdr *hdr, const void __user *argp)
691{
692#ifdef CONFIG_COMPAT
693 struct compat_sg_io_hdr hdr32;
694
695 if (in_compat_syscall()) {
696 if (copy_from_user(&hdr32, argp, sizeof(hdr32)))
697 return -EFAULT;
698
699 *hdr = (struct sg_io_hdr) {
700 .interface_id = hdr32.interface_id,
701 .dxfer_direction = hdr32.dxfer_direction,
702 .cmd_len = hdr32.cmd_len,
703 .mx_sb_len = hdr32.mx_sb_len,
704 .iovec_count = hdr32.iovec_count,
705 .dxfer_len = hdr32.dxfer_len,
706 .dxferp = compat_ptr(hdr32.dxferp),
707 .cmdp = compat_ptr(hdr32.cmdp),
708 .sbp = compat_ptr(hdr32.sbp),
709 .timeout = hdr32.timeout,
710 .flags = hdr32.flags,
711 .pack_id = hdr32.pack_id,
712 .usr_ptr = compat_ptr(hdr32.usr_ptr),
713 .status = hdr32.status,
714 .masked_status = hdr32.masked_status,
715 .msg_status = hdr32.msg_status,
716 .sb_len_wr = hdr32.sb_len_wr,
717 .host_status = hdr32.host_status,
718 .driver_status = hdr32.driver_status,
719 .resid = hdr32.resid,
720 .duration = hdr32.duration,
721 .info = hdr32.info,
722 };
723
724 return 0;
725 }
726#endif
727
728 if (copy_from_user(hdr, argp, sizeof(*hdr)))
729 return -EFAULT;
730
731 return 0;
732}
733EXPORT_SYMBOL(get_sg_io_hdr);
734
735#ifdef CONFIG_COMPAT
736struct compat_cdrom_generic_command {
737 unsigned char cmd[CDROM_PACKET_SIZE];
738 compat_caddr_t buffer;
739 compat_uint_t buflen;
740 compat_int_t stat;
741 compat_caddr_t sense;
742 unsigned char data_direction;
743 unsigned char pad[3];
744 compat_int_t quiet;
745 compat_int_t timeout;
746 compat_caddr_t unused;
747};
748#endif
749
750static int scsi_get_cdrom_generic_arg(struct cdrom_generic_command *cgc,
751 const void __user *arg)
752{
753#ifdef CONFIG_COMPAT
754 if (in_compat_syscall()) {
755 struct compat_cdrom_generic_command cgc32;
756
757 if (copy_from_user(&cgc32, arg, sizeof(cgc32)))
758 return -EFAULT;
759
760 *cgc = (struct cdrom_generic_command) {
761 .buffer = compat_ptr(cgc32.buffer),
762 .buflen = cgc32.buflen,
763 .stat = cgc32.stat,
764 .sense = compat_ptr(cgc32.sense),
765 .data_direction = cgc32.data_direction,
766 .quiet = cgc32.quiet,
767 .timeout = cgc32.timeout,
768 .unused = compat_ptr(cgc32.unused),
769 };
770 memcpy(&cgc->cmd, &cgc32.cmd, CDROM_PACKET_SIZE);
771 return 0;
772 }
773#endif
774 if (copy_from_user(cgc, arg, sizeof(*cgc)))
775 return -EFAULT;
776
777 return 0;
778}
779
780static int scsi_put_cdrom_generic_arg(const struct cdrom_generic_command *cgc,
781 void __user *arg)
782{
783#ifdef CONFIG_COMPAT
784 if (in_compat_syscall()) {
785 struct compat_cdrom_generic_command cgc32 = {
786 .buffer = (uintptr_t)(cgc->buffer),
787 .buflen = cgc->buflen,
788 .stat = cgc->stat,
789 .sense = (uintptr_t)(cgc->sense),
790 .data_direction = cgc->data_direction,
791 .quiet = cgc->quiet,
792 .timeout = cgc->timeout,
793 .unused = (uintptr_t)(cgc->unused),
794 };
795 memcpy(&cgc32.cmd, &cgc->cmd, CDROM_PACKET_SIZE);
796
797 if (copy_to_user(arg, &cgc32, sizeof(cgc32)))
798 return -EFAULT;
799
800 return 0;
801 }
802#endif
803 if (copy_to_user(arg, cgc, sizeof(*cgc)))
804 return -EFAULT;
805
806 return 0;
807}
808
809static int scsi_cdrom_send_packet(struct scsi_device *sdev, struct gendisk *disk,
810 fmode_t mode, void __user *arg)
811{
812 struct cdrom_generic_command cgc;
813 struct sg_io_hdr hdr;
814 int err;
815
816 err = scsi_get_cdrom_generic_arg(&cgc, arg);
817 if (err)
818 return err;
819
820 cgc.timeout = clock_t_to_jiffies(cgc.timeout);
821 memset(&hdr, 0, sizeof(hdr));
822 hdr.interface_id = 'S';
823 hdr.cmd_len = sizeof(cgc.cmd);
824 hdr.dxfer_len = cgc.buflen;
825 switch (cgc.data_direction) {
826 case CGC_DATA_UNKNOWN:
827 hdr.dxfer_direction = SG_DXFER_UNKNOWN;
828 break;
829 case CGC_DATA_WRITE:
830 hdr.dxfer_direction = SG_DXFER_TO_DEV;
831 break;
832 case CGC_DATA_READ:
833 hdr.dxfer_direction = SG_DXFER_FROM_DEV;
834 break;
835 case CGC_DATA_NONE:
836 hdr.dxfer_direction = SG_DXFER_NONE;
837 break;
838 default:
839 return -EINVAL;
840 }
841
842 hdr.dxferp = cgc.buffer;
843 hdr.sbp = cgc.sense;
844 if (hdr.sbp)
845 hdr.mx_sb_len = sizeof(struct request_sense);
846 hdr.timeout = jiffies_to_msecs(cgc.timeout);
847 hdr.cmdp = ((struct cdrom_generic_command __user *) arg)->cmd;
848 hdr.cmd_len = sizeof(cgc.cmd);
849
850 err = sg_io(sdev, disk, &hdr, mode);
851 if (err == -EFAULT)
852 return -EFAULT;
853
854 if (hdr.status)
855 return -EIO;
856
857 cgc.stat = err;
858 cgc.buflen = hdr.resid;
859 if (scsi_put_cdrom_generic_arg(&cgc, arg))
860 return -EFAULT;
861
862 return err;
863}
864
865static int scsi_ioctl_sg_io(struct scsi_device *sdev, struct gendisk *disk,
866 fmode_t mode, void __user *argp)
867{
868 struct sg_io_hdr hdr;
869 int error;
870
871 error = get_sg_io_hdr(&hdr, argp);
872 if (error)
873 return error;
874 error = sg_io(sdev, disk, &hdr, mode);
875 if (error == -EFAULT)
876 return error;
877 if (put_sg_io_hdr(&hdr, argp))
878 return -EFAULT;
879 return error;
880}
881
882
883
884
885
886
887
888
889
890
891
892
893
894int scsi_ioctl(struct scsi_device *sdev, struct gendisk *disk, fmode_t mode,
895 int cmd, void __user *arg)
896{
897 struct request_queue *q = sdev->request_queue;
898 struct scsi_sense_hdr sense_hdr;
899
900
901
902 switch (cmd) {
903 case SCSI_IOCTL_SEND_COMMAND:
904 case SCSI_IOCTL_TEST_UNIT_READY:
905 case SCSI_IOCTL_BENCHMARK_COMMAND:
906 case SCSI_IOCTL_SYNC:
907 case SCSI_IOCTL_START_UNIT:
908 case SCSI_IOCTL_STOP_UNIT:
909 printk(KERN_WARNING "program %s is using a deprecated SCSI "
910 "ioctl, please convert it to SG_IO\n", current->comm);
911 break;
912 default:
913 break;
914 }
915
916 switch (cmd) {
917 case SG_GET_VERSION_NUM:
918 return sg_get_version(arg);
919 case SG_SET_TIMEOUT:
920 return sg_set_timeout(sdev, arg);
921 case SG_GET_TIMEOUT:
922 return jiffies_to_clock_t(sdev->sg_timeout);
923 case SG_GET_RESERVED_SIZE:
924 return sg_get_reserved_size(sdev, arg);
925 case SG_SET_RESERVED_SIZE:
926 return sg_set_reserved_size(sdev, arg);
927 case SG_EMULATED_HOST:
928 return sg_emulated_host(q, arg);
929 case SG_IO:
930 return scsi_ioctl_sg_io(sdev, disk, mode, arg);
931 case SCSI_IOCTL_SEND_COMMAND:
932 return sg_scsi_ioctl(q, disk, mode, arg);
933 case CDROM_SEND_PACKET:
934 return scsi_cdrom_send_packet(sdev, disk, mode, arg);
935 case CDROMCLOSETRAY:
936 return scsi_send_start_stop(sdev, 3);
937 case CDROMEJECT:
938 return scsi_send_start_stop(sdev, 2);
939 case SCSI_IOCTL_GET_IDLUN:
940 return scsi_get_idlun(sdev, arg);
941 case SCSI_IOCTL_GET_BUS_NUMBER:
942 return put_user(sdev->host->host_no, (int __user *)arg);
943 case SCSI_IOCTL_PROBE_HOST:
944 return ioctl_probe(sdev->host, arg);
945 case SCSI_IOCTL_DOORLOCK:
946 return scsi_set_medium_removal(sdev, SCSI_REMOVAL_PREVENT);
947 case SCSI_IOCTL_DOORUNLOCK:
948 return scsi_set_medium_removal(sdev, SCSI_REMOVAL_ALLOW);
949 case SCSI_IOCTL_TEST_UNIT_READY:
950 return scsi_test_unit_ready(sdev, IOCTL_NORMAL_TIMEOUT,
951 NORMAL_RETRIES, &sense_hdr);
952 case SCSI_IOCTL_START_UNIT:
953 return scsi_send_start_stop(sdev, 1);
954 case SCSI_IOCTL_STOP_UNIT:
955 return scsi_send_start_stop(sdev, 0);
956 case SCSI_IOCTL_GET_PCI:
957 return scsi_ioctl_get_pci(sdev, arg);
958 case SG_SCSI_RESET:
959 return scsi_ioctl_reset(sdev, arg);
960 }
961
962#ifdef CONFIG_COMPAT
963 if (in_compat_syscall()) {
964 if (!sdev->host->hostt->compat_ioctl)
965 return -EINVAL;
966 return sdev->host->hostt->compat_ioctl(sdev, cmd, arg);
967 }
968#endif
969 if (!sdev->host->hostt->ioctl)
970 return -EINVAL;
971 return sdev->host->hostt->ioctl(sdev, cmd, arg);
972}
973EXPORT_SYMBOL(scsi_ioctl);
974
975
976
977
978int scsi_ioctl_block_when_processing_errors(struct scsi_device *sdev, int cmd,
979 bool ndelay)
980{
981 if (cmd == SG_SCSI_RESET && ndelay) {
982 if (scsi_host_in_recovery(sdev->host))
983 return -EAGAIN;
984 } else {
985 if (!scsi_block_when_processing_errors(sdev))
986 return -ENODEV;
987 }
988
989 return 0;
990}
991EXPORT_SYMBOL_GPL(scsi_ioctl_block_when_processing_errors);
992
