xref: /openbmc/linux/drivers/scsi/sg.c (revision d5cb9783536a41df9f9cba5b0a1d78047ed787f7)
1 /*
2  *  History:
3  *  Started: Aug 9 by Lawrence Foard (entropy@world.std.com),
4  *           to allow user process control of SCSI devices.
5  *  Development Sponsored by Killy Corp. NY NY
6  *
7  * Original driver (sg.c):
8  *        Copyright (C) 1992 Lawrence Foard
9  * Version 2 and 3 extensions to driver:
10  *        Copyright (C) 1998 - 2005 Douglas Gilbert
11  *
12  *  Modified  19-JAN-1998  Richard Gooch <rgooch@atnf.csiro.au>  Devfs support
13  *
14  * This program is free software; you can redistribute it and/or modify
15  * it under the terms of the GNU General Public License as published by
16  * the Free Software Foundation; either version 2, or (at your option)
17  * any later version.
18  *
19  */
20 
21 static int sg_version_num = 30533;	/* 2 digits for each component */
22 #define SG_VERSION_STR "3.5.33"
23 
24 /*
25  *  D. P. Gilbert (dgilbert@interlog.com, dougg@triode.net.au), notes:
26  *      - scsi logging is available via SCSI_LOG_TIMEOUT macros. First
27  *        the kernel/module needs to be built with CONFIG_SCSI_LOGGING
28  *        (otherwise the macros compile to empty statements).
29  *
30  */
31 #include <linux/config.h>
32 #include <linux/module.h>
33 
34 #include <linux/fs.h>
35 #include <linux/kernel.h>
36 #include <linux/sched.h>
37 #include <linux/string.h>
38 #include <linux/mm.h>
39 #include <linux/errno.h>
40 #include <linux/mtio.h>
41 #include <linux/ioctl.h>
42 #include <linux/fcntl.h>
43 #include <linux/init.h>
44 #include <linux/poll.h>
45 #include <linux/smp_lock.h>
46 #include <linux/moduleparam.h>
47 #include <linux/devfs_fs_kernel.h>
48 #include <linux/cdev.h>
49 #include <linux/seq_file.h>
50 #include <linux/blkdev.h>
51 #include <linux/delay.h>
52 #include <linux/scatterlist.h>
53 
54 #include "scsi.h"
55 #include <scsi/scsi_dbg.h>
56 #include <scsi/scsi_host.h>
57 #include <scsi/scsi_driver.h>
58 #include <scsi/scsi_ioctl.h>
59 #include <scsi/sg.h>
60 
61 #include "scsi_logging.h"
62 
63 #ifdef CONFIG_SCSI_PROC_FS
64 #include <linux/proc_fs.h>
65 static char *sg_version_date = "20050908";
66 
67 static int sg_proc_init(void);
68 static void sg_proc_cleanup(void);
69 #endif
70 
71 #ifndef LINUX_VERSION_CODE
72 #include <linux/version.h>
73 #endif				/* LINUX_VERSION_CODE */
74 
75 #define SG_ALLOW_DIO_DEF 0
76 #define SG_ALLOW_DIO_CODE /* compile out by commenting this define */
77 
78 #define SG_MAX_DEVS 32768
79 
80 /*
81  * Suppose you want to calculate the formula muldiv(x,m,d)=int(x * m / d)
82  * Then when using 32 bit integers x * m may overflow during the calculation.
83  * Replacing muldiv(x) by muldiv(x)=((x % d) * m) / d + int(x / d) * m
84  * calculates the same, but prevents the overflow when both m and d
85  * are "small" numbers (like HZ and USER_HZ).
86  * Of course an overflow is inavoidable if the result of muldiv doesn't fit
87  * in 32 bits.
88  */
89 #define MULDIV(X,MUL,DIV) ((((X % DIV) * MUL) / DIV) + ((X / DIV) * MUL))
90 
91 #define SG_DEFAULT_TIMEOUT MULDIV(SG_DEFAULT_TIMEOUT_USER, HZ, USER_HZ)
92 
93 int sg_big_buff = SG_DEF_RESERVED_SIZE;
94 /* N.B. This variable is readable and writeable via
95    /proc/scsi/sg/def_reserved_size . Each time sg_open() is called a buffer
96    of this size (or less if there is not enough memory) will be reserved
97    for use by this file descriptor. [Deprecated usage: this variable is also
98    readable via /proc/sys/kernel/sg-big-buff if the sg driver is built into
99    the kernel (i.e. it is not a module).] */
100 static int def_reserved_size = -1;	/* picks up init parameter */
101 static int sg_allow_dio = SG_ALLOW_DIO_DEF;
102 
103 #define SG_SECTOR_SZ 512
104 #define SG_SECTOR_MSK (SG_SECTOR_SZ - 1)
105 
106 #define SG_DEV_ARR_LUMP 32	/* amount to over allocate sg_dev_arr by */
107 
108 static int sg_add(struct class_device *, struct class_interface *);
109 static void sg_remove(struct class_device *, struct class_interface *);
110 
111 static Scsi_Request *dummy_cmdp;	/* only used for sizeof */
112 
113 static DEFINE_RWLOCK(sg_dev_arr_lock);	/* Also used to lock
114 							   file descriptor list for device */
115 
116 static struct class_interface sg_interface = {
117 	.add		= sg_add,
118 	.remove		= sg_remove,
119 };
120 
121 typedef struct sg_scatter_hold { /* holding area for scsi scatter gather info */
122 	unsigned short k_use_sg; /* Count of kernel scatter-gather pieces */
123 	unsigned short sglist_len; /* size of malloc'd scatter-gather list ++ */
124 	unsigned bufflen;	/* Size of (aggregate) data buffer */
125 	unsigned b_malloc_len;	/* actual len malloc'ed in buffer */
126 	void *buffer;		/* Data buffer or scatter list (k_use_sg>0) */
127 	char dio_in_use;	/* 0->indirect IO (or mmap), 1->dio */
128 	unsigned char cmd_opcode; /* first byte of command */
129 } Sg_scatter_hold;
130 
131 struct sg_device;		/* forward declarations */
132 struct sg_fd;
133 
134 typedef struct sg_request {	/* SG_MAX_QUEUE requests outstanding per file */
135 	Scsi_Request *my_cmdp;	/* != 0  when request with lower levels */
136 	struct sg_request *nextrp;	/* NULL -> tail request (slist) */
137 	struct sg_fd *parentfp;	/* NULL -> not in use */
138 	Sg_scatter_hold data;	/* hold buffer, perhaps scatter list */
139 	sg_io_hdr_t header;	/* scsi command+info, see <scsi/sg.h> */
140 	unsigned char sense_b[sizeof (dummy_cmdp->sr_sense_buffer)];
141 	char res_used;		/* 1 -> using reserve buffer, 0 -> not ... */
142 	char orphan;		/* 1 -> drop on sight, 0 -> normal */
143 	char sg_io_owned;	/* 1 -> packet belongs to SG_IO */
144 	volatile char done;	/* 0->before bh, 1->before read, 2->read */
145 } Sg_request;
146 
147 typedef struct sg_fd {		/* holds the state of a file descriptor */
148 	struct sg_fd *nextfp;	/* NULL when last opened fd on this device */
149 	struct sg_device *parentdp;	/* owning device */
150 	wait_queue_head_t read_wait;	/* queue read until command done */
151 	rwlock_t rq_list_lock;	/* protect access to list in req_arr */
152 	int timeout;		/* defaults to SG_DEFAULT_TIMEOUT      */
153 	int timeout_user;	/* defaults to SG_DEFAULT_TIMEOUT_USER */
154 	Sg_scatter_hold reserve;	/* buffer held for this file descriptor */
155 	unsigned save_scat_len;	/* original length of trunc. scat. element */
156 	Sg_request *headrp;	/* head of request slist, NULL->empty */
157 	struct fasync_struct *async_qp;	/* used by asynchronous notification */
158 	Sg_request req_arr[SG_MAX_QUEUE];	/* used as singly-linked list */
159 	char low_dma;		/* as in parent but possibly overridden to 1 */
160 	char force_packid;	/* 1 -> pack_id input to read(), 0 -> ignored */
161 	volatile char closed;	/* 1 -> fd closed but request(s) outstanding */
162 	char cmd_q;		/* 1 -> allow command queuing, 0 -> don't */
163 	char next_cmd_len;	/* 0 -> automatic (def), >0 -> use on next write() */
164 	char keep_orphan;	/* 0 -> drop orphan (def), 1 -> keep for read() */
165 	char mmap_called;	/* 0 -> mmap() never called on this fd */
166 } Sg_fd;
167 
168 typedef struct sg_device { /* holds the state of each scsi generic device */
169 	struct scsi_device *device;
170 	wait_queue_head_t o_excl_wait;	/* queue open() when O_EXCL in use */
171 	int sg_tablesize;	/* adapter's max scatter-gather table size */
172 	Sg_fd *headfp;		/* first open fd belonging to this device */
173 	volatile char detached;	/* 0->attached, 1->detached pending removal */
174 	volatile char exclude;	/* opened for exclusive access */
175 	char sgdebug;		/* 0->off, 1->sense, 9->dump dev, 10-> all devs */
176 	struct gendisk *disk;
177 	struct cdev * cdev;	/* char_dev [sysfs: /sys/cdev/major/sg<n>] */
178 } Sg_device;
179 
180 static int sg_fasync(int fd, struct file *filp, int mode);
181 static void sg_cmd_done(Scsi_Cmnd * SCpnt);	/* tasklet or soft irq callback */
182 static int sg_start_req(Sg_request * srp);
183 static void sg_finish_rem_req(Sg_request * srp);
184 static int sg_build_indirect(Sg_scatter_hold * schp, Sg_fd * sfp, int buff_size);
185 static int sg_build_sgat(Sg_scatter_hold * schp, const Sg_fd * sfp,
186 			 int tablesize);
187 static ssize_t sg_new_read(Sg_fd * sfp, char __user *buf, size_t count,
188 			   Sg_request * srp);
189 static ssize_t sg_new_write(Sg_fd * sfp, const char __user *buf, size_t count,
190 			    int blocking, int read_only, Sg_request ** o_srp);
191 static int sg_common_write(Sg_fd * sfp, Sg_request * srp,
192 			   unsigned char *cmnd, int timeout, int blocking);
193 static int sg_u_iovec(sg_io_hdr_t * hp, int sg_num, int ind,
194 		      int wr_xf, int *countp, unsigned char __user **up);
195 static int sg_write_xfer(Sg_request * srp);
196 static int sg_read_xfer(Sg_request * srp);
197 static int sg_read_oxfer(Sg_request * srp, char __user *outp, int num_read_xfer);
198 static void sg_remove_scat(Sg_scatter_hold * schp);
199 static void sg_build_reserve(Sg_fd * sfp, int req_size);
200 static void sg_link_reserve(Sg_fd * sfp, Sg_request * srp, int size);
201 static void sg_unlink_reserve(Sg_fd * sfp, Sg_request * srp);
202 static char *sg_page_malloc(int rqSz, int lowDma, int *retSzp);
203 static void sg_page_free(char *buff, int size);
204 static Sg_fd *sg_add_sfp(Sg_device * sdp, int dev);
205 static int sg_remove_sfp(Sg_device * sdp, Sg_fd * sfp);
206 static void __sg_remove_sfp(Sg_device * sdp, Sg_fd * sfp);
207 static Sg_request *sg_get_rq_mark(Sg_fd * sfp, int pack_id);
208 static Sg_request *sg_add_request(Sg_fd * sfp);
209 static int sg_remove_request(Sg_fd * sfp, Sg_request * srp);
210 static int sg_res_in_use(Sg_fd * sfp);
211 static int sg_allow_access(unsigned char opcode, char dev_type);
212 static int sg_build_direct(Sg_request * srp, Sg_fd * sfp, int dxfer_len);
213 static Sg_device *sg_get_dev(int dev);
214 static inline unsigned char *sg_scatg2virt(const struct scatterlist *sclp);
215 #ifdef CONFIG_SCSI_PROC_FS
216 static int sg_last_dev(void);
217 #endif
218 
219 static Sg_device **sg_dev_arr = NULL;
220 static int sg_dev_max;
221 static int sg_nr_dev;
222 
223 #define SZ_SG_HEADER sizeof(struct sg_header)
224 #define SZ_SG_IO_HDR sizeof(sg_io_hdr_t)
225 #define SZ_SG_IOVEC sizeof(sg_iovec_t)
226 #define SZ_SG_REQ_INFO sizeof(sg_req_info_t)
227 
228 static int
229 sg_open(struct inode *inode, struct file *filp)
230 {
231 	int dev = iminor(inode);
232 	int flags = filp->f_flags;
233 	Sg_device *sdp;
234 	Sg_fd *sfp;
235 	int res;
236 	int retval;
237 
238 	nonseekable_open(inode, filp);
239 	SCSI_LOG_TIMEOUT(3, printk("sg_open: dev=%d, flags=0x%x\n", dev, flags));
240 	sdp = sg_get_dev(dev);
241 	if ((!sdp) || (!sdp->device))
242 		return -ENXIO;
243 	if (sdp->detached)
244 		return -ENODEV;
245 
246 	/* This driver's module count bumped by fops_get in <linux/fs.h> */
247 	/* Prevent the device driver from vanishing while we sleep */
248 	retval = scsi_device_get(sdp->device);
249 	if (retval)
250 		return retval;
251 
252 	if (!((flags & O_NONBLOCK) ||
253 	      scsi_block_when_processing_errors(sdp->device))) {
254 		retval = -ENXIO;
255 		/* we are in error recovery for this device */
256 		goto error_out;
257 	}
258 
259 	if (flags & O_EXCL) {
260 		if (O_RDONLY == (flags & O_ACCMODE)) {
261 			retval = -EPERM; /* Can't lock it with read only access */
262 			goto error_out;
263 		}
264 		if (sdp->headfp && (flags & O_NONBLOCK)) {
265 			retval = -EBUSY;
266 			goto error_out;
267 		}
268 		res = 0;
269 		__wait_event_interruptible(sdp->o_excl_wait,
270 			((sdp->headfp || sdp->exclude) ? 0 : (sdp->exclude = 1)), res);
271 		if (res) {
272 			retval = res;	/* -ERESTARTSYS because signal hit process */
273 			goto error_out;
274 		}
275 	} else if (sdp->exclude) {	/* some other fd has an exclusive lock on dev */
276 		if (flags & O_NONBLOCK) {
277 			retval = -EBUSY;
278 			goto error_out;
279 		}
280 		res = 0;
281 		__wait_event_interruptible(sdp->o_excl_wait, (!sdp->exclude),
282 					   res);
283 		if (res) {
284 			retval = res;	/* -ERESTARTSYS because signal hit process */
285 			goto error_out;
286 		}
287 	}
288 	if (sdp->detached) {
289 		retval = -ENODEV;
290 		goto error_out;
291 	}
292 	if (!sdp->headfp) {	/* no existing opens on this device */
293 		sdp->sgdebug = 0;
294 		sdp->sg_tablesize = sdp->device->host->sg_tablesize;
295 	}
296 	if ((sfp = sg_add_sfp(sdp, dev)))
297 		filp->private_data = sfp;
298 	else {
299 		if (flags & O_EXCL)
300 			sdp->exclude = 0;	/* undo if error */
301 		retval = -ENOMEM;
302 		goto error_out;
303 	}
304 	return 0;
305 
306       error_out:
307 	scsi_device_put(sdp->device);
308 	return retval;
309 }
310 
311 /* Following function was formerly called 'sg_close' */
312 static int
313 sg_release(struct inode *inode, struct file *filp)
314 {
315 	Sg_device *sdp;
316 	Sg_fd *sfp;
317 
318 	if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
319 		return -ENXIO;
320 	SCSI_LOG_TIMEOUT(3, printk("sg_release: %s\n", sdp->disk->disk_name));
321 	sg_fasync(-1, filp, 0);	/* remove filp from async notification list */
322 	if (0 == sg_remove_sfp(sdp, sfp)) {	/* Returns 1 when sdp gone */
323 		if (!sdp->detached) {
324 			scsi_device_put(sdp->device);
325 		}
326 		sdp->exclude = 0;
327 		wake_up_interruptible(&sdp->o_excl_wait);
328 	}
329 	return 0;
330 }
331 
332 static ssize_t
333 sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos)
334 {
335 	Sg_device *sdp;
336 	Sg_fd *sfp;
337 	Sg_request *srp;
338 	int req_pack_id = -1;
339 	sg_io_hdr_t *hp;
340 	struct sg_header *old_hdr = NULL;
341 	int retval = 0;
342 
343 	if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
344 		return -ENXIO;
345 	SCSI_LOG_TIMEOUT(3, printk("sg_read: %s, count=%d\n",
346 				   sdp->disk->disk_name, (int) count));
347 	if (!access_ok(VERIFY_WRITE, buf, count))
348 		return -EFAULT;
349 	if (sfp->force_packid && (count >= SZ_SG_HEADER)) {
350 		old_hdr = kmalloc(SZ_SG_HEADER, GFP_KERNEL);
351 		if (!old_hdr)
352 			return -ENOMEM;
353 		if (__copy_from_user(old_hdr, buf, SZ_SG_HEADER)) {
354 			retval = -EFAULT;
355 			goto free_old_hdr;
356 		}
357 		if (old_hdr->reply_len < 0) {
358 			if (count >= SZ_SG_IO_HDR) {
359 				sg_io_hdr_t *new_hdr;
360 				new_hdr = kmalloc(SZ_SG_IO_HDR, GFP_KERNEL);
361 				if (!new_hdr) {
362 					retval = -ENOMEM;
363 					goto free_old_hdr;
364 				}
365 				retval =__copy_from_user
366 				    (new_hdr, buf, SZ_SG_IO_HDR);
367 				req_pack_id = new_hdr->pack_id;
368 				kfree(new_hdr);
369 				if (retval) {
370 					retval = -EFAULT;
371 					goto free_old_hdr;
372 				}
373 			}
374 		} else
375 			req_pack_id = old_hdr->pack_id;
376 	}
377 	srp = sg_get_rq_mark(sfp, req_pack_id);
378 	if (!srp) {		/* now wait on packet to arrive */
379 		if (sdp->detached) {
380 			retval = -ENODEV;
381 			goto free_old_hdr;
382 		}
383 		if (filp->f_flags & O_NONBLOCK) {
384 			retval = -EAGAIN;
385 			goto free_old_hdr;
386 		}
387 		while (1) {
388 			retval = 0; /* following macro beats race condition */
389 			__wait_event_interruptible(sfp->read_wait,
390 				(sdp->detached ||
391 				(srp = sg_get_rq_mark(sfp, req_pack_id))),
392 				retval);
393 			if (sdp->detached) {
394 				retval = -ENODEV;
395 				goto free_old_hdr;
396 			}
397 			if (0 == retval)
398 				break;
399 
400 			/* -ERESTARTSYS as signal hit process */
401 			goto free_old_hdr;
402 		}
403 	}
404 	if (srp->header.interface_id != '\0') {
405 		retval = sg_new_read(sfp, buf, count, srp);
406 		goto free_old_hdr;
407 	}
408 
409 	hp = &srp->header;
410 	if (old_hdr == NULL) {
411 		old_hdr = kmalloc(SZ_SG_HEADER, GFP_KERNEL);
412 		if (! old_hdr) {
413 			retval = -ENOMEM;
414 			goto free_old_hdr;
415 		}
416 	}
417 	memset(old_hdr, 0, SZ_SG_HEADER);
418 	old_hdr->reply_len = (int) hp->timeout;
419 	old_hdr->pack_len = old_hdr->reply_len; /* old, strange behaviour */
420 	old_hdr->pack_id = hp->pack_id;
421 	old_hdr->twelve_byte =
422 	    ((srp->data.cmd_opcode >= 0xc0) && (12 == hp->cmd_len)) ? 1 : 0;
423 	old_hdr->target_status = hp->masked_status;
424 	old_hdr->host_status = hp->host_status;
425 	old_hdr->driver_status = hp->driver_status;
426 	if ((CHECK_CONDITION & hp->masked_status) ||
427 	    (DRIVER_SENSE & hp->driver_status))
428 		memcpy(old_hdr->sense_buffer, srp->sense_b,
429 		       sizeof (old_hdr->sense_buffer));
430 	switch (hp->host_status) {
431 	/* This setup of 'result' is for backward compatibility and is best
432 	   ignored by the user who should use target, host + driver status */
433 	case DID_OK:
434 	case DID_PASSTHROUGH:
435 	case DID_SOFT_ERROR:
436 		old_hdr->result = 0;
437 		break;
438 	case DID_NO_CONNECT:
439 	case DID_BUS_BUSY:
440 	case DID_TIME_OUT:
441 		old_hdr->result = EBUSY;
442 		break;
443 	case DID_BAD_TARGET:
444 	case DID_ABORT:
445 	case DID_PARITY:
446 	case DID_RESET:
447 	case DID_BAD_INTR:
448 		old_hdr->result = EIO;
449 		break;
450 	case DID_ERROR:
451 		old_hdr->result = (srp->sense_b[0] == 0 &&
452 				  hp->masked_status == GOOD) ? 0 : EIO;
453 		break;
454 	default:
455 		old_hdr->result = EIO;
456 		break;
457 	}
458 
459 	/* Now copy the result back to the user buffer.  */
460 	if (count >= SZ_SG_HEADER) {
461 		if (__copy_to_user(buf, old_hdr, SZ_SG_HEADER)) {
462 			retval = -EFAULT;
463 			goto free_old_hdr;
464 		}
465 		buf += SZ_SG_HEADER;
466 		if (count > old_hdr->reply_len)
467 			count = old_hdr->reply_len;
468 		if (count > SZ_SG_HEADER) {
469 			if (sg_read_oxfer(srp, buf, count - SZ_SG_HEADER)) {
470 				retval = -EFAULT;
471 				goto free_old_hdr;
472 			}
473 		}
474 	} else
475 		count = (old_hdr->result == 0) ? 0 : -EIO;
476 	sg_finish_rem_req(srp);
477 	retval = count;
478 free_old_hdr:
479 	if (old_hdr)
480 		kfree(old_hdr);
481 	return retval;
482 }
483 
484 static ssize_t
485 sg_new_read(Sg_fd * sfp, char __user *buf, size_t count, Sg_request * srp)
486 {
487 	sg_io_hdr_t *hp = &srp->header;
488 	int err = 0;
489 	int len;
490 
491 	if (count < SZ_SG_IO_HDR) {
492 		err = -EINVAL;
493 		goto err_out;
494 	}
495 	hp->sb_len_wr = 0;
496 	if ((hp->mx_sb_len > 0) && hp->sbp) {
497 		if ((CHECK_CONDITION & hp->masked_status) ||
498 		    (DRIVER_SENSE & hp->driver_status)) {
499 			int sb_len = sizeof (dummy_cmdp->sr_sense_buffer);
500 			sb_len = (hp->mx_sb_len > sb_len) ? sb_len : hp->mx_sb_len;
501 			len = 8 + (int) srp->sense_b[7];	/* Additional sense length field */
502 			len = (len > sb_len) ? sb_len : len;
503 			if (copy_to_user(hp->sbp, srp->sense_b, len)) {
504 				err = -EFAULT;
505 				goto err_out;
506 			}
507 			hp->sb_len_wr = len;
508 		}
509 	}
510 	if (hp->masked_status || hp->host_status || hp->driver_status)
511 		hp->info |= SG_INFO_CHECK;
512 	if (copy_to_user(buf, hp, SZ_SG_IO_HDR)) {
513 		err = -EFAULT;
514 		goto err_out;
515 	}
516 	err = sg_read_xfer(srp);
517       err_out:
518 	sg_finish_rem_req(srp);
519 	return (0 == err) ? count : err;
520 }
521 
522 static ssize_t
523 sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos)
524 {
525 	int mxsize, cmd_size, k;
526 	int input_size, blocking;
527 	unsigned char opcode;
528 	Sg_device *sdp;
529 	Sg_fd *sfp;
530 	Sg_request *srp;
531 	struct sg_header old_hdr;
532 	sg_io_hdr_t *hp;
533 	unsigned char cmnd[sizeof (dummy_cmdp->sr_cmnd)];
534 
535 	if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
536 		return -ENXIO;
537 	SCSI_LOG_TIMEOUT(3, printk("sg_write: %s, count=%d\n",
538 				   sdp->disk->disk_name, (int) count));
539 	if (sdp->detached)
540 		return -ENODEV;
541 	if (!((filp->f_flags & O_NONBLOCK) ||
542 	      scsi_block_when_processing_errors(sdp->device)))
543 		return -ENXIO;
544 
545 	if (!access_ok(VERIFY_READ, buf, count))
546 		return -EFAULT;	/* protects following copy_from_user()s + get_user()s */
547 	if (count < SZ_SG_HEADER)
548 		return -EIO;
549 	if (__copy_from_user(&old_hdr, buf, SZ_SG_HEADER))
550 		return -EFAULT;
551 	blocking = !(filp->f_flags & O_NONBLOCK);
552 	if (old_hdr.reply_len < 0)
553 		return sg_new_write(sfp, buf, count, blocking, 0, NULL);
554 	if (count < (SZ_SG_HEADER + 6))
555 		return -EIO;	/* The minimum scsi command length is 6 bytes. */
556 
557 	if (!(srp = sg_add_request(sfp))) {
558 		SCSI_LOG_TIMEOUT(1, printk("sg_write: queue full\n"));
559 		return -EDOM;
560 	}
561 	buf += SZ_SG_HEADER;
562 	__get_user(opcode, buf);
563 	if (sfp->next_cmd_len > 0) {
564 		if (sfp->next_cmd_len > MAX_COMMAND_SIZE) {
565 			SCSI_LOG_TIMEOUT(1, printk("sg_write: command length too long\n"));
566 			sfp->next_cmd_len = 0;
567 			sg_remove_request(sfp, srp);
568 			return -EIO;
569 		}
570 		cmd_size = sfp->next_cmd_len;
571 		sfp->next_cmd_len = 0;	/* reset so only this write() effected */
572 	} else {
573 		cmd_size = COMMAND_SIZE(opcode);	/* based on SCSI command group */
574 		if ((opcode >= 0xc0) && old_hdr.twelve_byte)
575 			cmd_size = 12;
576 	}
577 	SCSI_LOG_TIMEOUT(4, printk(
578 		"sg_write:   scsi opcode=0x%02x, cmd_size=%d\n", (int) opcode, cmd_size));
579 /* Determine buffer size.  */
580 	input_size = count - cmd_size;
581 	mxsize = (input_size > old_hdr.reply_len) ? input_size : old_hdr.reply_len;
582 	mxsize -= SZ_SG_HEADER;
583 	input_size -= SZ_SG_HEADER;
584 	if (input_size < 0) {
585 		sg_remove_request(sfp, srp);
586 		return -EIO;	/* User did not pass enough bytes for this command. */
587 	}
588 	hp = &srp->header;
589 	hp->interface_id = '\0';	/* indicator of old interface tunnelled */
590 	hp->cmd_len = (unsigned char) cmd_size;
591 	hp->iovec_count = 0;
592 	hp->mx_sb_len = 0;
593 	if (input_size > 0)
594 		hp->dxfer_direction = (old_hdr.reply_len > SZ_SG_HEADER) ?
595 		    SG_DXFER_TO_FROM_DEV : SG_DXFER_TO_DEV;
596 	else
597 		hp->dxfer_direction = (mxsize > 0) ? SG_DXFER_FROM_DEV : SG_DXFER_NONE;
598 	hp->dxfer_len = mxsize;
599 	hp->dxferp = (char __user *)buf + cmd_size;
600 	hp->sbp = NULL;
601 	hp->timeout = old_hdr.reply_len;	/* structure abuse ... */
602 	hp->flags = input_size;	/* structure abuse ... */
603 	hp->pack_id = old_hdr.pack_id;
604 	hp->usr_ptr = NULL;
605 	if (__copy_from_user(cmnd, buf, cmd_size))
606 		return -EFAULT;
607 	/*
608 	 * SG_DXFER_TO_FROM_DEV is functionally equivalent to SG_DXFER_FROM_DEV,
609 	 * but is is possible that the app intended SG_DXFER_TO_DEV, because there
610 	 * is a non-zero input_size, so emit a warning.
611 	 */
612 	if (hp->dxfer_direction == SG_DXFER_TO_FROM_DEV)
613 		if (printk_ratelimit())
614 			printk(KERN_WARNING
615 			       "sg_write: data in/out %d/%d bytes for SCSI command 0x%x--"
616 			       "guessing data in;\n" KERN_WARNING "   "
617 			       "program %s not setting count and/or reply_len properly\n",
618 			       old_hdr.reply_len - (int)SZ_SG_HEADER,
619 			       input_size, (unsigned int) cmnd[0],
620 			       current->comm);
621 	k = sg_common_write(sfp, srp, cmnd, sfp->timeout, blocking);
622 	return (k < 0) ? k : count;
623 }
624 
625 static ssize_t
626 sg_new_write(Sg_fd * sfp, const char __user *buf, size_t count,
627 	     int blocking, int read_only, Sg_request ** o_srp)
628 {
629 	int k;
630 	Sg_request *srp;
631 	sg_io_hdr_t *hp;
632 	unsigned char cmnd[sizeof (dummy_cmdp->sr_cmnd)];
633 	int timeout;
634 	unsigned long ul_timeout;
635 
636 	if (count < SZ_SG_IO_HDR)
637 		return -EINVAL;
638 	if (!access_ok(VERIFY_READ, buf, count))
639 		return -EFAULT; /* protects following copy_from_user()s + get_user()s */
640 
641 	sfp->cmd_q = 1;	/* when sg_io_hdr seen, set command queuing on */
642 	if (!(srp = sg_add_request(sfp))) {
643 		SCSI_LOG_TIMEOUT(1, printk("sg_new_write: queue full\n"));
644 		return -EDOM;
645 	}
646 	hp = &srp->header;
647 	if (__copy_from_user(hp, buf, SZ_SG_IO_HDR)) {
648 		sg_remove_request(sfp, srp);
649 		return -EFAULT;
650 	}
651 	if (hp->interface_id != 'S') {
652 		sg_remove_request(sfp, srp);
653 		return -ENOSYS;
654 	}
655 	if (hp->flags & SG_FLAG_MMAP_IO) {
656 		if (hp->dxfer_len > sfp->reserve.bufflen) {
657 			sg_remove_request(sfp, srp);
658 			return -ENOMEM;	/* MMAP_IO size must fit in reserve buffer */
659 		}
660 		if (hp->flags & SG_FLAG_DIRECT_IO) {
661 			sg_remove_request(sfp, srp);
662 			return -EINVAL;	/* either MMAP_IO or DIRECT_IO (not both) */
663 		}
664 		if (sg_res_in_use(sfp)) {
665 			sg_remove_request(sfp, srp);
666 			return -EBUSY;	/* reserve buffer already being used */
667 		}
668 	}
669 	ul_timeout = msecs_to_jiffies(srp->header.timeout);
670 	timeout = (ul_timeout < INT_MAX) ? ul_timeout : INT_MAX;
671 	if ((!hp->cmdp) || (hp->cmd_len < 6) || (hp->cmd_len > sizeof (cmnd))) {
672 		sg_remove_request(sfp, srp);
673 		return -EMSGSIZE;
674 	}
675 	if (!access_ok(VERIFY_READ, hp->cmdp, hp->cmd_len)) {
676 		sg_remove_request(sfp, srp);
677 		return -EFAULT;	/* protects following copy_from_user()s + get_user()s */
678 	}
679 	if (__copy_from_user(cmnd, hp->cmdp, hp->cmd_len)) {
680 		sg_remove_request(sfp, srp);
681 		return -EFAULT;
682 	}
683 	if (read_only &&
684 	    (!sg_allow_access(cmnd[0], sfp->parentdp->device->type))) {
685 		sg_remove_request(sfp, srp);
686 		return -EPERM;
687 	}
688 	k = sg_common_write(sfp, srp, cmnd, timeout, blocking);
689 	if (k < 0)
690 		return k;
691 	if (o_srp)
692 		*o_srp = srp;
693 	return count;
694 }
695 
696 static int
697 sg_common_write(Sg_fd * sfp, Sg_request * srp,
698 		unsigned char *cmnd, int timeout, int blocking)
699 {
700 	int k;
701 	Scsi_Request *SRpnt;
702 	Sg_device *sdp = sfp->parentdp;
703 	sg_io_hdr_t *hp = &srp->header;
704 	request_queue_t *q;
705 
706 	srp->data.cmd_opcode = cmnd[0];	/* hold opcode of command */
707 	hp->status = 0;
708 	hp->masked_status = 0;
709 	hp->msg_status = 0;
710 	hp->info = 0;
711 	hp->host_status = 0;
712 	hp->driver_status = 0;
713 	hp->resid = 0;
714 	SCSI_LOG_TIMEOUT(4, printk("sg_common_write:  scsi opcode=0x%02x, cmd_size=%d\n",
715 			  (int) cmnd[0], (int) hp->cmd_len));
716 
717 	if ((k = sg_start_req(srp))) {
718 		SCSI_LOG_TIMEOUT(1, printk("sg_write: start_req err=%d\n", k));
719 		sg_finish_rem_req(srp);
720 		return k;	/* probably out of space --> ENOMEM */
721 	}
722 	if ((k = sg_write_xfer(srp))) {
723 		SCSI_LOG_TIMEOUT(1, printk("sg_write: write_xfer, bad address\n"));
724 		sg_finish_rem_req(srp);
725 		return k;
726 	}
727 	if (sdp->detached) {
728 		sg_finish_rem_req(srp);
729 		return -ENODEV;
730 	}
731 	SRpnt = scsi_allocate_request(sdp->device, GFP_ATOMIC);
732 	if (SRpnt == NULL) {
733 		SCSI_LOG_TIMEOUT(1, printk("sg_write: no mem\n"));
734 		sg_finish_rem_req(srp);
735 		return -ENOMEM;
736 	}
737 
738 	srp->my_cmdp = SRpnt;
739 	q = SRpnt->sr_device->request_queue;
740 	SRpnt->sr_request->rq_disk = sdp->disk;
741 	SRpnt->sr_sense_buffer[0] = 0;
742 	SRpnt->sr_cmd_len = hp->cmd_len;
743 	SRpnt->sr_use_sg = srp->data.k_use_sg;
744 	SRpnt->sr_sglist_len = srp->data.sglist_len;
745 	SRpnt->sr_bufflen = srp->data.bufflen;
746 	SRpnt->sr_underflow = 0;
747 	SRpnt->sr_buffer = srp->data.buffer;
748 	switch (hp->dxfer_direction) {
749 	case SG_DXFER_TO_FROM_DEV:
750 	case SG_DXFER_FROM_DEV:
751 		SRpnt->sr_data_direction = DMA_FROM_DEVICE;
752 		break;
753 	case SG_DXFER_TO_DEV:
754 		SRpnt->sr_data_direction = DMA_TO_DEVICE;
755 		break;
756 	case SG_DXFER_UNKNOWN:
757 		SRpnt->sr_data_direction = DMA_BIDIRECTIONAL;
758 		break;
759 	default:
760 		SRpnt->sr_data_direction = DMA_NONE;
761 		break;
762 	}
763 	SRpnt->upper_private_data = srp;
764 	srp->data.k_use_sg = 0;
765 	srp->data.sglist_len = 0;
766 	srp->data.bufflen = 0;
767 	srp->data.buffer = NULL;
768 	hp->duration = jiffies_to_msecs(jiffies);
769 /* Now send everything of to mid-level. The next time we hear about this
770    packet is when sg_cmd_done() is called (i.e. a callback). */
771 	scsi_do_req(SRpnt, (void *) cmnd,
772 		    (void *) SRpnt->sr_buffer, hp->dxfer_len,
773 		    sg_cmd_done, timeout, SG_DEFAULT_RETRIES);
774 	/* dxfer_len overwrites SRpnt->sr_bufflen, hence need for b_malloc_len */
775 	return 0;
776 }
777 
778 static int
779 sg_srp_done(Sg_request *srp, Sg_fd *sfp)
780 {
781 	unsigned long iflags;
782 	int done;
783 
784 	read_lock_irqsave(&sfp->rq_list_lock, iflags);
785 	done = srp->done;
786 	read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
787 	return done;
788 }
789 
790 static int
791 sg_ioctl(struct inode *inode, struct file *filp,
792 	 unsigned int cmd_in, unsigned long arg)
793 {
794 	void __user *p = (void __user *)arg;
795 	int __user *ip = p;
796 	int result, val, read_only;
797 	Sg_device *sdp;
798 	Sg_fd *sfp;
799 	Sg_request *srp;
800 	unsigned long iflags;
801 
802 	if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
803 		return -ENXIO;
804 	SCSI_LOG_TIMEOUT(3, printk("sg_ioctl: %s, cmd=0x%x\n",
805 				   sdp->disk->disk_name, (int) cmd_in));
806 	read_only = (O_RDWR != (filp->f_flags & O_ACCMODE));
807 
808 	switch (cmd_in) {
809 	case SG_IO:
810 		{
811 			int blocking = 1;	/* ignore O_NONBLOCK flag */
812 
813 			if (sdp->detached)
814 				return -ENODEV;
815 			if (!scsi_block_when_processing_errors(sdp->device))
816 				return -ENXIO;
817 			if (!access_ok(VERIFY_WRITE, p, SZ_SG_IO_HDR))
818 				return -EFAULT;
819 			result =
820 			    sg_new_write(sfp, p, SZ_SG_IO_HDR,
821 					 blocking, read_only, &srp);
822 			if (result < 0)
823 				return result;
824 			srp->sg_io_owned = 1;
825 			while (1) {
826 				result = 0;	/* following macro to beat race condition */
827 				__wait_event_interruptible(sfp->read_wait,
828 					(sdp->detached || sfp->closed || sg_srp_done(srp, sfp)),
829 							   result);
830 				if (sdp->detached)
831 					return -ENODEV;
832 				if (sfp->closed)
833 					return 0;	/* request packet dropped already */
834 				if (0 == result)
835 					break;
836 				srp->orphan = 1;
837 				return result;	/* -ERESTARTSYS because signal hit process */
838 			}
839 			write_lock_irqsave(&sfp->rq_list_lock, iflags);
840 			srp->done = 2;
841 			write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
842 			result = sg_new_read(sfp, p, SZ_SG_IO_HDR, srp);
843 			return (result < 0) ? result : 0;
844 		}
845 	case SG_SET_TIMEOUT:
846 		result = get_user(val, ip);
847 		if (result)
848 			return result;
849 		if (val < 0)
850 			return -EIO;
851 		if (val >= MULDIV (INT_MAX, USER_HZ, HZ))
852 		    val = MULDIV (INT_MAX, USER_HZ, HZ);
853 		sfp->timeout_user = val;
854 		sfp->timeout = MULDIV (val, HZ, USER_HZ);
855 
856 		return 0;
857 	case SG_GET_TIMEOUT:	/* N.B. User receives timeout as return value */
858 				/* strange ..., for backward compatibility */
859 		return sfp->timeout_user;
860 	case SG_SET_FORCE_LOW_DMA:
861 		result = get_user(val, ip);
862 		if (result)
863 			return result;
864 		if (val) {
865 			sfp->low_dma = 1;
866 			if ((0 == sfp->low_dma) && (0 == sg_res_in_use(sfp))) {
867 				val = (int) sfp->reserve.bufflen;
868 				sg_remove_scat(&sfp->reserve);
869 				sg_build_reserve(sfp, val);
870 			}
871 		} else {
872 			if (sdp->detached)
873 				return -ENODEV;
874 			sfp->low_dma = sdp->device->host->unchecked_isa_dma;
875 		}
876 		return 0;
877 	case SG_GET_LOW_DMA:
878 		return put_user((int) sfp->low_dma, ip);
879 	case SG_GET_SCSI_ID:
880 		if (!access_ok(VERIFY_WRITE, p, sizeof (sg_scsi_id_t)))
881 			return -EFAULT;
882 		else {
883 			sg_scsi_id_t __user *sg_idp = p;
884 
885 			if (sdp->detached)
886 				return -ENODEV;
887 			__put_user((int) sdp->device->host->host_no,
888 				   &sg_idp->host_no);
889 			__put_user((int) sdp->device->channel,
890 				   &sg_idp->channel);
891 			__put_user((int) sdp->device->id, &sg_idp->scsi_id);
892 			__put_user((int) sdp->device->lun, &sg_idp->lun);
893 			__put_user((int) sdp->device->type, &sg_idp->scsi_type);
894 			__put_user((short) sdp->device->host->cmd_per_lun,
895 				   &sg_idp->h_cmd_per_lun);
896 			__put_user((short) sdp->device->queue_depth,
897 				   &sg_idp->d_queue_depth);
898 			__put_user(0, &sg_idp->unused[0]);
899 			__put_user(0, &sg_idp->unused[1]);
900 			return 0;
901 		}
902 	case SG_SET_FORCE_PACK_ID:
903 		result = get_user(val, ip);
904 		if (result)
905 			return result;
906 		sfp->force_packid = val ? 1 : 0;
907 		return 0;
908 	case SG_GET_PACK_ID:
909 		if (!access_ok(VERIFY_WRITE, ip, sizeof (int)))
910 			return -EFAULT;
911 		read_lock_irqsave(&sfp->rq_list_lock, iflags);
912 		for (srp = sfp->headrp; srp; srp = srp->nextrp) {
913 			if ((1 == srp->done) && (!srp->sg_io_owned)) {
914 				read_unlock_irqrestore(&sfp->rq_list_lock,
915 						       iflags);
916 				__put_user(srp->header.pack_id, ip);
917 				return 0;
918 			}
919 		}
920 		read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
921 		__put_user(-1, ip);
922 		return 0;
923 	case SG_GET_NUM_WAITING:
924 		read_lock_irqsave(&sfp->rq_list_lock, iflags);
925 		for (val = 0, srp = sfp->headrp; srp; srp = srp->nextrp) {
926 			if ((1 == srp->done) && (!srp->sg_io_owned))
927 				++val;
928 		}
929 		read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
930 		return put_user(val, ip);
931 	case SG_GET_SG_TABLESIZE:
932 		return put_user(sdp->sg_tablesize, ip);
933 	case SG_SET_RESERVED_SIZE:
934 		result = get_user(val, ip);
935 		if (result)
936 			return result;
937                 if (val < 0)
938                         return -EINVAL;
939 		if (val != sfp->reserve.bufflen) {
940 			if (sg_res_in_use(sfp) || sfp->mmap_called)
941 				return -EBUSY;
942 			sg_remove_scat(&sfp->reserve);
943 			sg_build_reserve(sfp, val);
944 		}
945 		return 0;
946 	case SG_GET_RESERVED_SIZE:
947 		val = (int) sfp->reserve.bufflen;
948 		return put_user(val, ip);
949 	case SG_SET_COMMAND_Q:
950 		result = get_user(val, ip);
951 		if (result)
952 			return result;
953 		sfp->cmd_q = val ? 1 : 0;
954 		return 0;
955 	case SG_GET_COMMAND_Q:
956 		return put_user((int) sfp->cmd_q, ip);
957 	case SG_SET_KEEP_ORPHAN:
958 		result = get_user(val, ip);
959 		if (result)
960 			return result;
961 		sfp->keep_orphan = val;
962 		return 0;
963 	case SG_GET_KEEP_ORPHAN:
964 		return put_user((int) sfp->keep_orphan, ip);
965 	case SG_NEXT_CMD_LEN:
966 		result = get_user(val, ip);
967 		if (result)
968 			return result;
969 		sfp->next_cmd_len = (val > 0) ? val : 0;
970 		return 0;
971 	case SG_GET_VERSION_NUM:
972 		return put_user(sg_version_num, ip);
973 	case SG_GET_ACCESS_COUNT:
974 		/* faked - we don't have a real access count anymore */
975 		val = (sdp->device ? 1 : 0);
976 		return put_user(val, ip);
977 	case SG_GET_REQUEST_TABLE:
978 		if (!access_ok(VERIFY_WRITE, p, SZ_SG_REQ_INFO * SG_MAX_QUEUE))
979 			return -EFAULT;
980 		else {
981 			sg_req_info_t *rinfo;
982 			unsigned int ms;
983 
984 			rinfo = kmalloc(SZ_SG_REQ_INFO * SG_MAX_QUEUE,
985 								GFP_KERNEL);
986 			if (!rinfo)
987 				return -ENOMEM;
988 			read_lock_irqsave(&sfp->rq_list_lock, iflags);
989 			for (srp = sfp->headrp, val = 0; val < SG_MAX_QUEUE;
990 			     ++val, srp = srp ? srp->nextrp : srp) {
991 				memset(&rinfo[val], 0, SZ_SG_REQ_INFO);
992 				if (srp) {
993 					rinfo[val].req_state = srp->done + 1;
994 					rinfo[val].problem =
995 					    srp->header.masked_status &
996 					    srp->header.host_status &
997 					    srp->header.driver_status;
998 					if (srp->done)
999 						rinfo[val].duration =
1000 							srp->header.duration;
1001 					else {
1002 						ms = jiffies_to_msecs(jiffies);
1003 						rinfo[val].duration =
1004 						    (ms > srp->header.duration) ?
1005 						    (ms - srp->header.duration) : 0;
1006 					}
1007 					rinfo[val].orphan = srp->orphan;
1008 					rinfo[val].sg_io_owned =
1009 							srp->sg_io_owned;
1010 					rinfo[val].pack_id =
1011 							srp->header.pack_id;
1012 					rinfo[val].usr_ptr =
1013 							srp->header.usr_ptr;
1014 				}
1015 			}
1016 			read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
1017 			result = __copy_to_user(p, rinfo,
1018 						SZ_SG_REQ_INFO * SG_MAX_QUEUE);
1019 			result = result ? -EFAULT : 0;
1020 			kfree(rinfo);
1021 			return result;
1022 		}
1023 	case SG_EMULATED_HOST:
1024 		if (sdp->detached)
1025 			return -ENODEV;
1026 		return put_user(sdp->device->host->hostt->emulated, ip);
1027 	case SG_SCSI_RESET:
1028 		if (sdp->detached)
1029 			return -ENODEV;
1030 		if (filp->f_flags & O_NONBLOCK) {
1031 			if (scsi_host_in_recovery(sdp->device->host))
1032 				return -EBUSY;
1033 		} else if (!scsi_block_when_processing_errors(sdp->device))
1034 			return -EBUSY;
1035 		result = get_user(val, ip);
1036 		if (result)
1037 			return result;
1038 		if (SG_SCSI_RESET_NOTHING == val)
1039 			return 0;
1040 		switch (val) {
1041 		case SG_SCSI_RESET_DEVICE:
1042 			val = SCSI_TRY_RESET_DEVICE;
1043 			break;
1044 		case SG_SCSI_RESET_BUS:
1045 			val = SCSI_TRY_RESET_BUS;
1046 			break;
1047 		case SG_SCSI_RESET_HOST:
1048 			val = SCSI_TRY_RESET_HOST;
1049 			break;
1050 		default:
1051 			return -EINVAL;
1052 		}
1053 		if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
1054 			return -EACCES;
1055 		return (scsi_reset_provider(sdp->device, val) ==
1056 			SUCCESS) ? 0 : -EIO;
1057 	case SCSI_IOCTL_SEND_COMMAND:
1058 		if (sdp->detached)
1059 			return -ENODEV;
1060 		if (read_only) {
1061 			unsigned char opcode = WRITE_6;
1062 			Scsi_Ioctl_Command __user *siocp = p;
1063 
1064 			if (copy_from_user(&opcode, siocp->data, 1))
1065 				return -EFAULT;
1066 			if (!sg_allow_access(opcode, sdp->device->type))
1067 				return -EPERM;
1068 		}
1069 		return scsi_ioctl_send_command(sdp->device, p);
1070 	case SG_SET_DEBUG:
1071 		result = get_user(val, ip);
1072 		if (result)
1073 			return result;
1074 		sdp->sgdebug = (char) val;
1075 		return 0;
1076 	case SCSI_IOCTL_GET_IDLUN:
1077 	case SCSI_IOCTL_GET_BUS_NUMBER:
1078 	case SCSI_IOCTL_PROBE_HOST:
1079 	case SG_GET_TRANSFORM:
1080 		if (sdp->detached)
1081 			return -ENODEV;
1082 		return scsi_ioctl(sdp->device, cmd_in, p);
1083 	default:
1084 		if (read_only)
1085 			return -EPERM;	/* don't know so take safe approach */
1086 		return scsi_ioctl(sdp->device, cmd_in, p);
1087 	}
1088 }
1089 
1090 #ifdef CONFIG_COMPAT
1091 static long sg_compat_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
1092 {
1093 	Sg_device *sdp;
1094 	Sg_fd *sfp;
1095 	struct scsi_device *sdev;
1096 
1097 	if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
1098 		return -ENXIO;
1099 
1100 	sdev = sdp->device;
1101 	if (sdev->host->hostt->compat_ioctl) {
1102 		int ret;
1103 
1104 		ret = sdev->host->hostt->compat_ioctl(sdev, cmd_in, (void __user *)arg);
1105 
1106 		return ret;
1107 	}
1108 
1109 	return -ENOIOCTLCMD;
1110 }
1111 #endif
1112 
1113 static unsigned int
1114 sg_poll(struct file *filp, poll_table * wait)
1115 {
1116 	unsigned int res = 0;
1117 	Sg_device *sdp;
1118 	Sg_fd *sfp;
1119 	Sg_request *srp;
1120 	int count = 0;
1121 	unsigned long iflags;
1122 
1123 	if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp))
1124 	    || sfp->closed)
1125 		return POLLERR;
1126 	poll_wait(filp, &sfp->read_wait, wait);
1127 	read_lock_irqsave(&sfp->rq_list_lock, iflags);
1128 	for (srp = sfp->headrp; srp; srp = srp->nextrp) {
1129 		/* if any read waiting, flag it */
1130 		if ((0 == res) && (1 == srp->done) && (!srp->sg_io_owned))
1131 			res = POLLIN | POLLRDNORM;
1132 		++count;
1133 	}
1134 	read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
1135 
1136 	if (sdp->detached)
1137 		res |= POLLHUP;
1138 	else if (!sfp->cmd_q) {
1139 		if (0 == count)
1140 			res |= POLLOUT | POLLWRNORM;
1141 	} else if (count < SG_MAX_QUEUE)
1142 		res |= POLLOUT | POLLWRNORM;
1143 	SCSI_LOG_TIMEOUT(3, printk("sg_poll: %s, res=0x%x\n",
1144 				   sdp->disk->disk_name, (int) res));
1145 	return res;
1146 }
1147 
1148 static int
1149 sg_fasync(int fd, struct file *filp, int mode)
1150 {
1151 	int retval;
1152 	Sg_device *sdp;
1153 	Sg_fd *sfp;
1154 
1155 	if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
1156 		return -ENXIO;
1157 	SCSI_LOG_TIMEOUT(3, printk("sg_fasync: %s, mode=%d\n",
1158 				   sdp->disk->disk_name, mode));
1159 
1160 	retval = fasync_helper(fd, filp, mode, &sfp->async_qp);
1161 	return (retval < 0) ? retval : 0;
1162 }
1163 
1164 static inline unsigned char *
1165 sg_scatg2virt(const struct scatterlist *sclp)
1166 {
1167 	return (sclp && sclp->page) ?
1168 	    (unsigned char *) page_address(sclp->page) + sclp->offset : NULL;
1169 }
1170 
1171 /* When startFinish==1 increments page counts for pages other than the
1172    first of scatter gather elements obtained from __get_free_pages().
1173    When startFinish==0 decrements ... */
1174 static void
1175 sg_rb_correct4mmap(Sg_scatter_hold * rsv_schp, int startFinish)
1176 {
1177 	void *page_ptr;
1178 	struct page *page;
1179 	int k, m;
1180 
1181 	SCSI_LOG_TIMEOUT(3, printk("sg_rb_correct4mmap: startFinish=%d, scatg=%d\n",
1182 				   startFinish, rsv_schp->k_use_sg));
1183 	/* N.B. correction _not_ applied to base page of each allocation */
1184 	if (rsv_schp->k_use_sg) {	/* reserve buffer is a scatter gather list */
1185 		struct scatterlist *sclp = rsv_schp->buffer;
1186 
1187 		for (k = 0; k < rsv_schp->k_use_sg; ++k, ++sclp) {
1188 			for (m = PAGE_SIZE; m < sclp->length; m += PAGE_SIZE) {
1189 				page_ptr = sg_scatg2virt(sclp) + m;
1190 				page = virt_to_page(page_ptr);
1191 				if (startFinish)
1192 					get_page(page);
1193 				else {
1194 					if (page_count(page) > 0)
1195 						__put_page(page);
1196 				}
1197 			}
1198 		}
1199 	} else {		/* reserve buffer is just a single allocation */
1200 		for (m = PAGE_SIZE; m < rsv_schp->bufflen; m += PAGE_SIZE) {
1201 			page_ptr = (unsigned char *) rsv_schp->buffer + m;
1202 			page = virt_to_page(page_ptr);
1203 			if (startFinish)
1204 				get_page(page);
1205 			else {
1206 				if (page_count(page) > 0)
1207 					__put_page(page);
1208 			}
1209 		}
1210 	}
1211 }
1212 
1213 static struct page *
1214 sg_vma_nopage(struct vm_area_struct *vma, unsigned long addr, int *type)
1215 {
1216 	Sg_fd *sfp;
1217 	struct page *page = NOPAGE_SIGBUS;
1218 	void *page_ptr = NULL;
1219 	unsigned long offset;
1220 	Sg_scatter_hold *rsv_schp;
1221 
1222 	if ((NULL == vma) || (!(sfp = (Sg_fd *) vma->vm_private_data)))
1223 		return page;
1224 	rsv_schp = &sfp->reserve;
1225 	offset = addr - vma->vm_start;
1226 	if (offset >= rsv_schp->bufflen)
1227 		return page;
1228 	SCSI_LOG_TIMEOUT(3, printk("sg_vma_nopage: offset=%lu, scatg=%d\n",
1229 				   offset, rsv_schp->k_use_sg));
1230 	if (rsv_schp->k_use_sg) {	/* reserve buffer is a scatter gather list */
1231 		int k;
1232 		unsigned long sa = vma->vm_start;
1233 		unsigned long len;
1234 		struct scatterlist *sclp = rsv_schp->buffer;
1235 
1236 		for (k = 0; (k < rsv_schp->k_use_sg) && (sa < vma->vm_end);
1237 		     ++k, ++sclp) {
1238 			len = vma->vm_end - sa;
1239 			len = (len < sclp->length) ? len : sclp->length;
1240 			if (offset < len) {
1241 				page_ptr = sg_scatg2virt(sclp) + offset;
1242 				page = virt_to_page(page_ptr);
1243 				get_page(page);	/* increment page count */
1244 				break;
1245 			}
1246 			sa += len;
1247 			offset -= len;
1248 		}
1249 	} else {		/* reserve buffer is just a single allocation */
1250 		page_ptr = (unsigned char *) rsv_schp->buffer + offset;
1251 		page = virt_to_page(page_ptr);
1252 		get_page(page);	/* increment page count */
1253 	}
1254 	if (type)
1255 		*type = VM_FAULT_MINOR;
1256 	return page;
1257 }
1258 
1259 static struct vm_operations_struct sg_mmap_vm_ops = {
1260 	.nopage = sg_vma_nopage,
1261 };
1262 
1263 static int
1264 sg_mmap(struct file *filp, struct vm_area_struct *vma)
1265 {
1266 	Sg_fd *sfp;
1267 	unsigned long req_sz;
1268 	Sg_scatter_hold *rsv_schp;
1269 
1270 	if ((!filp) || (!vma) || (!(sfp = (Sg_fd *) filp->private_data)))
1271 		return -ENXIO;
1272 	req_sz = vma->vm_end - vma->vm_start;
1273 	SCSI_LOG_TIMEOUT(3, printk("sg_mmap starting, vm_start=%p, len=%d\n",
1274 				   (void *) vma->vm_start, (int) req_sz));
1275 	if (vma->vm_pgoff)
1276 		return -EINVAL;	/* want no offset */
1277 	rsv_schp = &sfp->reserve;
1278 	if (req_sz > rsv_schp->bufflen)
1279 		return -ENOMEM;	/* cannot map more than reserved buffer */
1280 
1281 	if (rsv_schp->k_use_sg) { /* reserve buffer is a scatter gather list */
1282 		int k;
1283 		unsigned long sa = vma->vm_start;
1284 		unsigned long len;
1285 		struct scatterlist *sclp = rsv_schp->buffer;
1286 
1287 		for (k = 0; (k < rsv_schp->k_use_sg) && (sa < vma->vm_end);
1288 		     ++k, ++sclp) {
1289 			if (0 != sclp->offset)
1290 				return -EFAULT;	/* non page aligned memory ?? */
1291 			len = vma->vm_end - sa;
1292 			len = (len < sclp->length) ? len : sclp->length;
1293 			sa += len;
1294 		}
1295 	} else {	/* reserve buffer is just a single allocation */
1296 		if ((unsigned long) rsv_schp->buffer & (PAGE_SIZE - 1))
1297 			return -EFAULT;	/* non page aligned memory ?? */
1298 	}
1299 	if (0 == sfp->mmap_called) {
1300 		sg_rb_correct4mmap(rsv_schp, 1);	/* do only once per fd lifetime */
1301 		sfp->mmap_called = 1;
1302 	}
1303 	vma->vm_flags |= VM_RESERVED;
1304 	vma->vm_private_data = sfp;
1305 	vma->vm_ops = &sg_mmap_vm_ops;
1306 	return 0;
1307 }
1308 
1309 /* This function is a "bottom half" handler that is called by the
1310  * mid level when a command is completed (or has failed). */
1311 static void
1312 sg_cmd_done(Scsi_Cmnd * SCpnt)
1313 {
1314 	Scsi_Request *SRpnt = NULL;
1315 	Sg_device *sdp = NULL;
1316 	Sg_fd *sfp;
1317 	Sg_request *srp = NULL;
1318 	unsigned long iflags;
1319 	unsigned int ms;
1320 
1321 	if (SCpnt && (SRpnt = SCpnt->sc_request))
1322 		srp = (Sg_request *) SRpnt->upper_private_data;
1323 	if (NULL == srp) {
1324 		printk(KERN_ERR "sg_cmd_done: NULL request\n");
1325 		if (SRpnt)
1326 			scsi_release_request(SRpnt);
1327 		return;
1328 	}
1329 	sfp = srp->parentfp;
1330 	if (sfp)
1331 		sdp = sfp->parentdp;
1332 	if ((NULL == sdp) || sdp->detached) {
1333 		printk(KERN_INFO "sg_cmd_done: device detached\n");
1334 		scsi_release_request(SRpnt);
1335 		return;
1336 	}
1337 
1338 	/* First transfer ownership of data buffers to sg_device object. */
1339 	srp->data.k_use_sg = SRpnt->sr_use_sg;
1340 	srp->data.sglist_len = SRpnt->sr_sglist_len;
1341 	srp->data.bufflen = SRpnt->sr_bufflen;
1342 	srp->data.buffer = SRpnt->sr_buffer;
1343 	/* now clear out request structure */
1344 	SRpnt->sr_use_sg = 0;
1345 	SRpnt->sr_sglist_len = 0;
1346 	SRpnt->sr_bufflen = 0;
1347 	SRpnt->sr_buffer = NULL;
1348 	SRpnt->sr_underflow = 0;
1349 	SRpnt->sr_request->rq_disk = NULL; /* "sg" _disowns_ request blk */
1350 
1351 	srp->my_cmdp = NULL;
1352 
1353 	SCSI_LOG_TIMEOUT(4, printk("sg_cmd_done: %s, pack_id=%d, res=0x%x\n",
1354 		sdp->disk->disk_name, srp->header.pack_id, (int) SRpnt->sr_result));
1355 	srp->header.resid = SCpnt->resid;
1356 	ms = jiffies_to_msecs(jiffies);
1357 	srp->header.duration = (ms > srp->header.duration) ?
1358 				(ms - srp->header.duration) : 0;
1359 	if (0 != SRpnt->sr_result) {
1360 		struct scsi_sense_hdr sshdr;
1361 
1362 		memcpy(srp->sense_b, SRpnt->sr_sense_buffer,
1363 		       sizeof (srp->sense_b));
1364 		srp->header.status = 0xff & SRpnt->sr_result;
1365 		srp->header.masked_status = status_byte(SRpnt->sr_result);
1366 		srp->header.msg_status = msg_byte(SRpnt->sr_result);
1367 		srp->header.host_status = host_byte(SRpnt->sr_result);
1368 		srp->header.driver_status = driver_byte(SRpnt->sr_result);
1369 		if ((sdp->sgdebug > 0) &&
1370 		    ((CHECK_CONDITION == srp->header.masked_status) ||
1371 		     (COMMAND_TERMINATED == srp->header.masked_status)))
1372 			scsi_print_req_sense("sg_cmd_done", SRpnt);
1373 
1374 		/* Following if statement is a patch supplied by Eric Youngdale */
1375 		if (driver_byte(SRpnt->sr_result) != 0
1376 		    && scsi_command_normalize_sense(SCpnt, &sshdr)
1377 		    && !scsi_sense_is_deferred(&sshdr)
1378 		    && sshdr.sense_key == UNIT_ATTENTION
1379 		    && sdp->device->removable) {
1380 			/* Detected possible disc change. Set the bit - this */
1381 			/* may be used if there are filesystems using this device */
1382 			sdp->device->changed = 1;
1383 		}
1384 	}
1385 	/* Rely on write phase to clean out srp status values, so no "else" */
1386 
1387 	scsi_release_request(SRpnt);
1388 	SRpnt = NULL;
1389 	if (sfp->closed) {	/* whoops this fd already released, cleanup */
1390 		SCSI_LOG_TIMEOUT(1, printk("sg_cmd_done: already closed, freeing ...\n"));
1391 		sg_finish_rem_req(srp);
1392 		srp = NULL;
1393 		if (NULL == sfp->headrp) {
1394 			SCSI_LOG_TIMEOUT(1, printk("sg...bh: already closed, final cleanup\n"));
1395 			if (0 == sg_remove_sfp(sdp, sfp)) {	/* device still present */
1396 				scsi_device_put(sdp->device);
1397 			}
1398 			sfp = NULL;
1399 		}
1400 	} else if (srp && srp->orphan) {
1401 		if (sfp->keep_orphan)
1402 			srp->sg_io_owned = 0;
1403 		else {
1404 			sg_finish_rem_req(srp);
1405 			srp = NULL;
1406 		}
1407 	}
1408 	if (sfp && srp) {
1409 		/* Now wake up any sg_read() that is waiting for this packet. */
1410 		kill_fasync(&sfp->async_qp, SIGPOLL, POLL_IN);
1411 		write_lock_irqsave(&sfp->rq_list_lock, iflags);
1412 		srp->done = 1;
1413 		wake_up_interruptible(&sfp->read_wait);
1414 		write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
1415 	}
1416 }
1417 
1418 static struct file_operations sg_fops = {
1419 	.owner = THIS_MODULE,
1420 	.read = sg_read,
1421 	.write = sg_write,
1422 	.poll = sg_poll,
1423 	.ioctl = sg_ioctl,
1424 #ifdef CONFIG_COMPAT
1425 	.compat_ioctl = sg_compat_ioctl,
1426 #endif
1427 	.open = sg_open,
1428 	.mmap = sg_mmap,
1429 	.release = sg_release,
1430 	.fasync = sg_fasync,
1431 };
1432 
1433 static struct class *sg_sysfs_class;
1434 
1435 static int sg_sysfs_valid = 0;
1436 
1437 static int sg_alloc(struct gendisk *disk, struct scsi_device *scsidp)
1438 {
1439 	Sg_device *sdp;
1440 	unsigned long iflags;
1441 	void *old_sg_dev_arr = NULL;
1442 	int k, error;
1443 
1444 	sdp = kmalloc(sizeof(Sg_device), GFP_KERNEL);
1445 	if (!sdp) {
1446 		printk(KERN_WARNING "kmalloc Sg_device failure\n");
1447 		return -ENOMEM;
1448 	}
1449 
1450 	write_lock_irqsave(&sg_dev_arr_lock, iflags);
1451 	if (unlikely(sg_nr_dev >= sg_dev_max)) {	/* try to resize */
1452 		Sg_device **tmp_da;
1453 		int tmp_dev_max = sg_nr_dev + SG_DEV_ARR_LUMP;
1454 		write_unlock_irqrestore(&sg_dev_arr_lock, iflags);
1455 
1456 		tmp_da = kmalloc(tmp_dev_max * sizeof(Sg_device *), GFP_KERNEL);
1457 		if (unlikely(!tmp_da))
1458 			goto expand_failed;
1459 
1460 		write_lock_irqsave(&sg_dev_arr_lock, iflags);
1461 		memset(tmp_da, 0, tmp_dev_max * sizeof(Sg_device *));
1462 		memcpy(tmp_da, sg_dev_arr, sg_dev_max * sizeof(Sg_device *));
1463 		old_sg_dev_arr = sg_dev_arr;
1464 		sg_dev_arr = tmp_da;
1465 		sg_dev_max = tmp_dev_max;
1466 	}
1467 
1468 	for (k = 0; k < sg_dev_max; k++)
1469 		if (!sg_dev_arr[k])
1470 			break;
1471 	if (unlikely(k >= SG_MAX_DEVS))
1472 		goto overflow;
1473 
1474 	memset(sdp, 0, sizeof(*sdp));
1475 	SCSI_LOG_TIMEOUT(3, printk("sg_alloc: dev=%d \n", k));
1476 	sprintf(disk->disk_name, "sg%d", k);
1477 	disk->first_minor = k;
1478 	sdp->disk = disk;
1479 	sdp->device = scsidp;
1480 	init_waitqueue_head(&sdp->o_excl_wait);
1481 	sdp->sg_tablesize = scsidp->host ? scsidp->host->sg_tablesize : 0;
1482 
1483 	sg_nr_dev++;
1484 	sg_dev_arr[k] = sdp;
1485 	write_unlock_irqrestore(&sg_dev_arr_lock, iflags);
1486 	error = k;
1487 
1488  out:
1489 	if (error < 0)
1490 		kfree(sdp);
1491 	kfree(old_sg_dev_arr);
1492 	return error;
1493 
1494  expand_failed:
1495 	printk(KERN_WARNING "sg_alloc: device array cannot be resized\n");
1496 	error = -ENOMEM;
1497 	goto out;
1498 
1499  overflow:
1500 	write_unlock_irqrestore(&sg_dev_arr_lock, iflags);
1501 	sdev_printk(KERN_WARNING, scsidp,
1502 		    "Unable to attach sg device type=%d, minor "
1503 		    "number exceeds %d\n", scsidp->type, SG_MAX_DEVS - 1);
1504 	error = -ENODEV;
1505 	goto out;
1506 }
1507 
1508 static int
1509 sg_add(struct class_device *cl_dev, struct class_interface *cl_intf)
1510 {
1511 	struct scsi_device *scsidp = to_scsi_device(cl_dev->dev);
1512 	struct gendisk *disk;
1513 	Sg_device *sdp = NULL;
1514 	struct cdev * cdev = NULL;
1515 	int error, k;
1516 
1517 	disk = alloc_disk(1);
1518 	if (!disk) {
1519 		printk(KERN_WARNING "alloc_disk failed\n");
1520 		return -ENOMEM;
1521 	}
1522 	disk->major = SCSI_GENERIC_MAJOR;
1523 
1524 	error = -ENOMEM;
1525 	cdev = cdev_alloc();
1526 	if (!cdev) {
1527 		printk(KERN_WARNING "cdev_alloc failed\n");
1528 		goto out;
1529 	}
1530 	cdev->owner = THIS_MODULE;
1531 	cdev->ops = &sg_fops;
1532 
1533 	error = sg_alloc(disk, scsidp);
1534 	if (error < 0) {
1535 		printk(KERN_WARNING "sg_alloc failed\n");
1536 		goto out;
1537 	}
1538 	k = error;
1539 	sdp = sg_dev_arr[k];
1540 
1541 	devfs_mk_cdev(MKDEV(SCSI_GENERIC_MAJOR, k),
1542 			S_IFCHR | S_IRUSR | S_IWUSR | S_IRGRP,
1543 			"%s/generic", scsidp->devfs_name);
1544 	error = cdev_add(cdev, MKDEV(SCSI_GENERIC_MAJOR, k), 1);
1545 	if (error) {
1546 		devfs_remove("%s/generic", scsidp->devfs_name);
1547 		goto out;
1548 	}
1549 	sdp->cdev = cdev;
1550 	if (sg_sysfs_valid) {
1551 		struct class_device * sg_class_member;
1552 
1553 		sg_class_member = class_device_create(sg_sysfs_class, NULL,
1554 				MKDEV(SCSI_GENERIC_MAJOR, k),
1555 				cl_dev->dev, "%s",
1556 				disk->disk_name);
1557 		if (IS_ERR(sg_class_member))
1558 			printk(KERN_WARNING "sg_add: "
1559 				"class_device_create failed\n");
1560 		class_set_devdata(sg_class_member, sdp);
1561 		error = sysfs_create_link(&scsidp->sdev_gendev.kobj,
1562 					  &sg_class_member->kobj, "generic");
1563 		if (error)
1564 			printk(KERN_ERR "sg_add: unable to make symlink "
1565 					"'generic' back to sg%d\n", k);
1566 	} else
1567 		printk(KERN_WARNING "sg_add: sg_sys INvalid\n");
1568 
1569 	sdev_printk(KERN_NOTICE, scsidp,
1570 		    "Attached scsi generic sg%d type %d\n", k,scsidp->type);
1571 
1572 	return 0;
1573 
1574 out:
1575 	put_disk(disk);
1576 	if (cdev)
1577 		cdev_del(cdev);
1578 	return error;
1579 }
1580 
1581 static void
1582 sg_remove(struct class_device *cl_dev, struct class_interface *cl_intf)
1583 {
1584 	struct scsi_device *scsidp = to_scsi_device(cl_dev->dev);
1585 	Sg_device *sdp = NULL;
1586 	unsigned long iflags;
1587 	Sg_fd *sfp;
1588 	Sg_fd *tsfp;
1589 	Sg_request *srp;
1590 	Sg_request *tsrp;
1591 	int k, delay;
1592 
1593 	if (NULL == sg_dev_arr)
1594 		return;
1595 	delay = 0;
1596 	write_lock_irqsave(&sg_dev_arr_lock, iflags);
1597 	for (k = 0; k < sg_dev_max; k++) {
1598 		sdp = sg_dev_arr[k];
1599 		if ((NULL == sdp) || (sdp->device != scsidp))
1600 			continue;	/* dirty but lowers nesting */
1601 		if (sdp->headfp) {
1602 			sdp->detached = 1;
1603 			for (sfp = sdp->headfp; sfp; sfp = tsfp) {
1604 				tsfp = sfp->nextfp;
1605 				for (srp = sfp->headrp; srp; srp = tsrp) {
1606 					tsrp = srp->nextrp;
1607 					if (sfp->closed || (0 == sg_srp_done(srp, sfp)))
1608 						sg_finish_rem_req(srp);
1609 				}
1610 				if (sfp->closed) {
1611 					scsi_device_put(sdp->device);
1612 					__sg_remove_sfp(sdp, sfp);
1613 				} else {
1614 					delay = 1;
1615 					wake_up_interruptible(&sfp->read_wait);
1616 					kill_fasync(&sfp->async_qp, SIGPOLL,
1617 						    POLL_HUP);
1618 				}
1619 			}
1620 			SCSI_LOG_TIMEOUT(3, printk("sg_detach: dev=%d, dirty\n", k));
1621 			if (NULL == sdp->headfp) {
1622 				sg_dev_arr[k] = NULL;
1623 			}
1624 		} else {	/* nothing active, simple case */
1625 			SCSI_LOG_TIMEOUT(3, printk("sg_detach: dev=%d\n", k));
1626 			sg_dev_arr[k] = NULL;
1627 		}
1628 		sg_nr_dev--;
1629 		break;
1630 	}
1631 	write_unlock_irqrestore(&sg_dev_arr_lock, iflags);
1632 
1633 	if (sdp) {
1634 		sysfs_remove_link(&scsidp->sdev_gendev.kobj, "generic");
1635 		class_device_destroy(sg_sysfs_class, MKDEV(SCSI_GENERIC_MAJOR, k));
1636 		cdev_del(sdp->cdev);
1637 		sdp->cdev = NULL;
1638 		devfs_remove("%s/generic", scsidp->devfs_name);
1639 		put_disk(sdp->disk);
1640 		sdp->disk = NULL;
1641 		if (NULL == sdp->headfp)
1642 			kfree((char *) sdp);
1643 	}
1644 
1645 	if (delay)
1646 		msleep(10);	/* dirty detach so delay device destruction */
1647 }
1648 
1649 /* Set 'perm' (4th argument) to 0 to disable module_param's definition
1650  * of sysfs parameters (which module_param doesn't yet support).
1651  * Sysfs parameters defined explicitly below.
1652  */
1653 module_param_named(def_reserved_size, def_reserved_size, int, S_IRUGO);
1654 module_param_named(allow_dio, sg_allow_dio, int, S_IRUGO | S_IWUSR);
1655 
1656 MODULE_AUTHOR("Douglas Gilbert");
1657 MODULE_DESCRIPTION("SCSI generic (sg) driver");
1658 MODULE_LICENSE("GPL");
1659 MODULE_VERSION(SG_VERSION_STR);
1660 
1661 MODULE_PARM_DESC(def_reserved_size, "size of buffer reserved for each fd");
1662 MODULE_PARM_DESC(allow_dio, "allow direct I/O (default: 0 (disallow))");
1663 
1664 static int __init
1665 init_sg(void)
1666 {
1667 	int rc;
1668 
1669 	if (def_reserved_size >= 0)
1670 		sg_big_buff = def_reserved_size;
1671 
1672 	rc = register_chrdev_region(MKDEV(SCSI_GENERIC_MAJOR, 0),
1673 				    SG_MAX_DEVS, "sg");
1674 	if (rc)
1675 		return rc;
1676         sg_sysfs_class = class_create(THIS_MODULE, "scsi_generic");
1677         if ( IS_ERR(sg_sysfs_class) ) {
1678 		rc = PTR_ERR(sg_sysfs_class);
1679 		goto err_out;
1680         }
1681 	sg_sysfs_valid = 1;
1682 	rc = scsi_register_interface(&sg_interface);
1683 	if (0 == rc) {
1684 #ifdef CONFIG_SCSI_PROC_FS
1685 		sg_proc_init();
1686 #endif				/* CONFIG_SCSI_PROC_FS */
1687 		return 0;
1688 	}
1689 	class_destroy(sg_sysfs_class);
1690 err_out:
1691 	unregister_chrdev_region(MKDEV(SCSI_GENERIC_MAJOR, 0), SG_MAX_DEVS);
1692 	return rc;
1693 }
1694 
1695 static void __exit
1696 exit_sg(void)
1697 {
1698 #ifdef CONFIG_SCSI_PROC_FS
1699 	sg_proc_cleanup();
1700 #endif				/* CONFIG_SCSI_PROC_FS */
1701 	scsi_unregister_interface(&sg_interface);
1702 	class_destroy(sg_sysfs_class);
1703 	sg_sysfs_valid = 0;
1704 	unregister_chrdev_region(MKDEV(SCSI_GENERIC_MAJOR, 0),
1705 				 SG_MAX_DEVS);
1706 	if (sg_dev_arr != NULL) {
1707 		kfree((char *) sg_dev_arr);
1708 		sg_dev_arr = NULL;
1709 	}
1710 	sg_dev_max = 0;
1711 }
1712 
1713 static int
1714 sg_start_req(Sg_request * srp)
1715 {
1716 	int res;
1717 	Sg_fd *sfp = srp->parentfp;
1718 	sg_io_hdr_t *hp = &srp->header;
1719 	int dxfer_len = (int) hp->dxfer_len;
1720 	int dxfer_dir = hp->dxfer_direction;
1721 	Sg_scatter_hold *req_schp = &srp->data;
1722 	Sg_scatter_hold *rsv_schp = &sfp->reserve;
1723 
1724 	SCSI_LOG_TIMEOUT(4, printk("sg_start_req: dxfer_len=%d\n", dxfer_len));
1725 	if ((dxfer_len <= 0) || (dxfer_dir == SG_DXFER_NONE))
1726 		return 0;
1727 	if (sg_allow_dio && (hp->flags & SG_FLAG_DIRECT_IO) &&
1728 	    (dxfer_dir != SG_DXFER_UNKNOWN) && (0 == hp->iovec_count) &&
1729 	    (!sfp->parentdp->device->host->unchecked_isa_dma)) {
1730 		res = sg_build_direct(srp, sfp, dxfer_len);
1731 		if (res <= 0)	/* -ve -> error, 0 -> done, 1 -> try indirect */
1732 			return res;
1733 	}
1734 	if ((!sg_res_in_use(sfp)) && (dxfer_len <= rsv_schp->bufflen))
1735 		sg_link_reserve(sfp, srp, dxfer_len);
1736 	else {
1737 		res = sg_build_indirect(req_schp, sfp, dxfer_len);
1738 		if (res) {
1739 			sg_remove_scat(req_schp);
1740 			return res;
1741 		}
1742 	}
1743 	return 0;
1744 }
1745 
1746 static void
1747 sg_finish_rem_req(Sg_request * srp)
1748 {
1749 	Sg_fd *sfp = srp->parentfp;
1750 	Sg_scatter_hold *req_schp = &srp->data;
1751 
1752 	SCSI_LOG_TIMEOUT(4, printk("sg_finish_rem_req: res_used=%d\n", (int) srp->res_used));
1753 	if (srp->res_used)
1754 		sg_unlink_reserve(sfp, srp);
1755 	else
1756 		sg_remove_scat(req_schp);
1757 	sg_remove_request(sfp, srp);
1758 }
1759 
1760 static int
1761 sg_build_sgat(Sg_scatter_hold * schp, const Sg_fd * sfp, int tablesize)
1762 {
1763 	int ret_sz;
1764 	int elem_sz = sizeof (struct scatterlist);
1765 	int sg_bufflen = tablesize * elem_sz;
1766 	int mx_sc_elems = tablesize;
1767 
1768 	schp->buffer = sg_page_malloc(sg_bufflen, sfp->low_dma, &ret_sz);
1769 	if (!schp->buffer)
1770 		return -ENOMEM;
1771 	else if (ret_sz != sg_bufflen) {
1772 		sg_bufflen = ret_sz;
1773 		mx_sc_elems = sg_bufflen / elem_sz;
1774 	}
1775 	schp->sglist_len = sg_bufflen;
1776 	memset(schp->buffer, 0, sg_bufflen);
1777 	return mx_sc_elems;	/* number of scat_gath elements allocated */
1778 }
1779 
1780 #ifdef SG_ALLOW_DIO_CODE
1781 /* vvvvvvvv  following code borrowed from st driver's direct IO vvvvvvvvv */
1782 	/* hopefully this generic code will moved to a library */
1783 
1784 /* Pin down user pages and put them into a scatter gather list. Returns <= 0 if
1785    - mapping of all pages not successful
1786    - any page is above max_pfn
1787    (i.e., either completely successful or fails)
1788 */
1789 static int
1790 st_map_user_pages(struct scatterlist *sgl, const unsigned int max_pages,
1791 	          unsigned long uaddr, size_t count, int rw,
1792 	          unsigned long max_pfn)
1793 {
1794 	unsigned long end = (uaddr + count + PAGE_SIZE - 1) >> PAGE_SHIFT;
1795 	unsigned long start = uaddr >> PAGE_SHIFT;
1796 	const int nr_pages = end - start;
1797 	int res, i, j;
1798 	struct page **pages;
1799 
1800 	/* User attempted Overflow! */
1801 	if ((uaddr + count) < uaddr)
1802 		return -EINVAL;
1803 
1804 	/* Too big */
1805         if (nr_pages > max_pages)
1806 		return -ENOMEM;
1807 
1808 	/* Hmm? */
1809 	if (count == 0)
1810 		return 0;
1811 
1812 	if ((pages = kmalloc(max_pages * sizeof(*pages), GFP_ATOMIC)) == NULL)
1813 		return -ENOMEM;
1814 
1815         /* Try to fault in all of the necessary pages */
1816 	down_read(&current->mm->mmap_sem);
1817         /* rw==READ means read from drive, write into memory area */
1818 	res = get_user_pages(
1819 		current,
1820 		current->mm,
1821 		uaddr,
1822 		nr_pages,
1823 		rw == READ,
1824 		0, /* don't force */
1825 		pages,
1826 		NULL);
1827 	up_read(&current->mm->mmap_sem);
1828 
1829 	/* Errors and no page mapped should return here */
1830 	if (res < nr_pages)
1831 		goto out_unmap;
1832 
1833         for (i=0; i < nr_pages; i++) {
1834                 /* FIXME: flush superflous for rw==READ,
1835                  * probably wrong function for rw==WRITE
1836                  */
1837 		flush_dcache_page(pages[i]);
1838 		if (page_to_pfn(pages[i]) > max_pfn)
1839 			goto out_unlock;
1840 		/* ?? Is locking needed? I don't think so */
1841 		/* if (TestSetPageLocked(pages[i]))
1842 		   goto out_unlock; */
1843         }
1844 
1845 	/* Populate the scatter/gather list */
1846 	sgl[0].page = pages[0];
1847 	sgl[0].offset = uaddr & ~PAGE_MASK;
1848 	if (nr_pages > 1) {
1849 		sgl[0].length = PAGE_SIZE - sgl[0].offset;
1850 		count -= sgl[0].length;
1851 		for (i=1; i < nr_pages ; i++) {
1852 			sgl[i].offset = 0;
1853 			sgl[i].page = pages[i];
1854 			sgl[i].length = count < PAGE_SIZE ? count : PAGE_SIZE;
1855 			count -= PAGE_SIZE;
1856 		}
1857 	}
1858 	else {
1859 		sgl[0].length = count;
1860 	}
1861 
1862 	kfree(pages);
1863 	return nr_pages;
1864 
1865  out_unlock:
1866 	/* for (j=0; j < i; j++)
1867 	   unlock_page(pages[j]); */
1868 	res = 0;
1869  out_unmap:
1870 	if (res > 0)
1871 		for (j=0; j < res; j++)
1872 			page_cache_release(pages[j]);
1873 	kfree(pages);
1874 	return res;
1875 }
1876 
1877 
1878 /* And unmap them... */
1879 static int
1880 st_unmap_user_pages(struct scatterlist *sgl, const unsigned int nr_pages,
1881 		    int dirtied)
1882 {
1883 	int i;
1884 
1885 	for (i=0; i < nr_pages; i++) {
1886 		struct page *page = sgl[i].page;
1887 
1888 		/* XXX: just for debug. Remove when PageReserved is removed */
1889 		BUG_ON(PageReserved(page));
1890 		if (dirtied)
1891 			SetPageDirty(page);
1892 		/* unlock_page(page); */
1893 		/* FIXME: cache flush missing for rw==READ
1894 		 * FIXME: call the correct reference counting function
1895 		 */
1896 		page_cache_release(page);
1897 	}
1898 
1899 	return 0;
1900 }
1901 
1902 /* ^^^^^^^^  above code borrowed from st driver's direct IO ^^^^^^^^^ */
1903 #endif
1904 
1905 
1906 /* Returns: -ve -> error, 0 -> done, 1 -> try indirect */
1907 static int
1908 sg_build_direct(Sg_request * srp, Sg_fd * sfp, int dxfer_len)
1909 {
1910 #ifdef SG_ALLOW_DIO_CODE
1911 	sg_io_hdr_t *hp = &srp->header;
1912 	Sg_scatter_hold *schp = &srp->data;
1913 	int sg_tablesize = sfp->parentdp->sg_tablesize;
1914 	struct scatterlist *sgl;
1915 	int mx_sc_elems, res;
1916 	struct scsi_device *sdev = sfp->parentdp->device;
1917 
1918 	if (((unsigned long)hp->dxferp &
1919 			queue_dma_alignment(sdev->request_queue)) != 0)
1920 		return 1;
1921 	mx_sc_elems = sg_build_sgat(schp, sfp, sg_tablesize);
1922         if (mx_sc_elems <= 0) {
1923                 return 1;
1924         }
1925 	sgl = (struct scatterlist *)schp->buffer;
1926 	res = st_map_user_pages(sgl, mx_sc_elems, (unsigned long)hp->dxferp, dxfer_len,
1927 				(SG_DXFER_TO_DEV == hp->dxfer_direction) ? 1 : 0, ULONG_MAX);
1928 	if (res <= 0)
1929 		return 1;
1930 	schp->k_use_sg = res;
1931 	schp->dio_in_use = 1;
1932 	hp->info |= SG_INFO_DIRECT_IO;
1933 	return 0;
1934 #else
1935 	return 1;
1936 #endif
1937 }
1938 
1939 static int
1940 sg_build_indirect(Sg_scatter_hold * schp, Sg_fd * sfp, int buff_size)
1941 {
1942 	int ret_sz;
1943 	int blk_size = buff_size;
1944 	unsigned char *p = NULL;
1945 
1946 	if ((blk_size < 0) || (!sfp))
1947 		return -EFAULT;
1948 	if (0 == blk_size)
1949 		++blk_size;	/* don't know why */
1950 /* round request up to next highest SG_SECTOR_SZ byte boundary */
1951 	blk_size = (blk_size + SG_SECTOR_MSK) & (~SG_SECTOR_MSK);
1952 	SCSI_LOG_TIMEOUT(4, printk("sg_build_indirect: buff_size=%d, blk_size=%d\n",
1953 				   buff_size, blk_size));
1954 	if (blk_size <= SG_SCATTER_SZ) {
1955 		p = sg_page_malloc(blk_size, sfp->low_dma, &ret_sz);
1956 		if (!p)
1957 			return -ENOMEM;
1958 		if (blk_size == ret_sz) {	/* got it on the first attempt */
1959 			schp->k_use_sg = 0;
1960 			schp->buffer = p;
1961 			schp->bufflen = blk_size;
1962 			schp->b_malloc_len = blk_size;
1963 			return 0;
1964 		}
1965 	} else {
1966 		p = sg_page_malloc(SG_SCATTER_SZ, sfp->low_dma, &ret_sz);
1967 		if (!p)
1968 			return -ENOMEM;
1969 	}
1970 /* Want some local declarations, so start new block ... */
1971 	{			/* lets try and build a scatter gather list */
1972 		struct scatterlist *sclp;
1973 		int k, rem_sz, num;
1974 		int mx_sc_elems;
1975 		int sg_tablesize = sfp->parentdp->sg_tablesize;
1976 		int first = 1;
1977 
1978 		/* N.B. ret_sz carried into this block ... */
1979 		mx_sc_elems = sg_build_sgat(schp, sfp, sg_tablesize);
1980 		if (mx_sc_elems < 0)
1981 			return mx_sc_elems;	/* most likely -ENOMEM */
1982 
1983 		for (k = 0, sclp = schp->buffer, rem_sz = blk_size;
1984 		     (rem_sz > 0) && (k < mx_sc_elems);
1985 		     ++k, rem_sz -= ret_sz, ++sclp) {
1986 			if (first)
1987 				first = 0;
1988 			else {
1989 				num =
1990 				    (rem_sz >
1991 				     SG_SCATTER_SZ) ? SG_SCATTER_SZ : rem_sz;
1992 				p = sg_page_malloc(num, sfp->low_dma, &ret_sz);
1993 				if (!p)
1994 					break;
1995 			}
1996 			sg_set_buf(sclp, p, ret_sz);
1997 
1998 			SCSI_LOG_TIMEOUT(5, printk("sg_build_build: k=%d, a=0x%p, len=%d\n",
1999 					  k, sg_scatg2virt(sclp), ret_sz));
2000 		}		/* end of for loop */
2001 		schp->k_use_sg = k;
2002 		SCSI_LOG_TIMEOUT(5, printk("sg_build_indirect: k_use_sg=%d, rem_sz=%d\n", k, rem_sz));
2003 		schp->bufflen = blk_size;
2004 		if (rem_sz > 0)	/* must have failed */
2005 			return -ENOMEM;
2006 	}
2007 	return 0;
2008 }
2009 
2010 static int
2011 sg_write_xfer(Sg_request * srp)
2012 {
2013 	sg_io_hdr_t *hp = &srp->header;
2014 	Sg_scatter_hold *schp = &srp->data;
2015 	int num_xfer = 0;
2016 	int j, k, onum, usglen, ksglen, res;
2017 	int iovec_count = (int) hp->iovec_count;
2018 	int dxfer_dir = hp->dxfer_direction;
2019 	unsigned char *p;
2020 	unsigned char __user *up;
2021 	int new_interface = ('\0' == hp->interface_id) ? 0 : 1;
2022 
2023 	if ((SG_DXFER_UNKNOWN == dxfer_dir) || (SG_DXFER_TO_DEV == dxfer_dir) ||
2024 	    (SG_DXFER_TO_FROM_DEV == dxfer_dir)) {
2025 		num_xfer = (int) (new_interface ? hp->dxfer_len : hp->flags);
2026 		if (schp->bufflen < num_xfer)
2027 			num_xfer = schp->bufflen;
2028 	}
2029 	if ((num_xfer <= 0) || (schp->dio_in_use) ||
2030 	    (new_interface
2031 	     && ((SG_FLAG_NO_DXFER | SG_FLAG_MMAP_IO) & hp->flags)))
2032 		return 0;
2033 
2034 	SCSI_LOG_TIMEOUT(4, printk("sg_write_xfer: num_xfer=%d, iovec_count=%d, k_use_sg=%d\n",
2035 			  num_xfer, iovec_count, schp->k_use_sg));
2036 	if (iovec_count) {
2037 		onum = iovec_count;
2038 		if (!access_ok(VERIFY_READ, hp->dxferp, SZ_SG_IOVEC * onum))
2039 			return -EFAULT;
2040 	} else
2041 		onum = 1;
2042 
2043 	if (0 == schp->k_use_sg) {	/* kernel has single buffer */
2044 		for (j = 0, p = schp->buffer; j < onum; ++j) {
2045 			res = sg_u_iovec(hp, iovec_count, j, 1, &usglen, &up);
2046 			if (res)
2047 				return res;
2048 			usglen = (num_xfer > usglen) ? usglen : num_xfer;
2049 			if (__copy_from_user(p, up, usglen))
2050 				return -EFAULT;
2051 			p += usglen;
2052 			num_xfer -= usglen;
2053 			if (num_xfer <= 0)
2054 				return 0;
2055 		}
2056 	} else {		/* kernel using scatter gather list */
2057 		struct scatterlist *sclp = (struct scatterlist *) schp->buffer;
2058 
2059 		ksglen = (int) sclp->length;
2060 		p = sg_scatg2virt(sclp);
2061 		for (j = 0, k = 0; j < onum; ++j) {
2062 			res = sg_u_iovec(hp, iovec_count, j, 1, &usglen, &up);
2063 			if (res)
2064 				return res;
2065 
2066 			for (; p; ++sclp, ksglen = (int) sclp->length,
2067 				  p = sg_scatg2virt(sclp)) {
2068 				if (usglen <= 0)
2069 					break;
2070 				if (ksglen > usglen) {
2071 					if (usglen >= num_xfer) {
2072 						if (__copy_from_user
2073 						    (p, up, num_xfer))
2074 							return -EFAULT;
2075 						return 0;
2076 					}
2077 					if (__copy_from_user(p, up, usglen))
2078 						return -EFAULT;
2079 					p += usglen;
2080 					ksglen -= usglen;
2081 					break;
2082 				} else {
2083 					if (ksglen >= num_xfer) {
2084 						if (__copy_from_user
2085 						    (p, up, num_xfer))
2086 							return -EFAULT;
2087 						return 0;
2088 					}
2089 					if (__copy_from_user(p, up, ksglen))
2090 						return -EFAULT;
2091 					up += ksglen;
2092 					usglen -= ksglen;
2093 				}
2094 				++k;
2095 				if (k >= schp->k_use_sg)
2096 					return 0;
2097 			}
2098 		}
2099 	}
2100 	return 0;
2101 }
2102 
2103 static int
2104 sg_u_iovec(sg_io_hdr_t * hp, int sg_num, int ind,
2105 	   int wr_xf, int *countp, unsigned char __user **up)
2106 {
2107 	int num_xfer = (int) hp->dxfer_len;
2108 	unsigned char __user *p = hp->dxferp;
2109 	int count;
2110 
2111 	if (0 == sg_num) {
2112 		if (wr_xf && ('\0' == hp->interface_id))
2113 			count = (int) hp->flags;	/* holds "old" input_size */
2114 		else
2115 			count = num_xfer;
2116 	} else {
2117 		sg_iovec_t iovec;
2118 		if (__copy_from_user(&iovec, p + ind*SZ_SG_IOVEC, SZ_SG_IOVEC))
2119 			return -EFAULT;
2120 		p = iovec.iov_base;
2121 		count = (int) iovec.iov_len;
2122 	}
2123 	if (!access_ok(wr_xf ? VERIFY_READ : VERIFY_WRITE, p, count))
2124 		return -EFAULT;
2125 	if (up)
2126 		*up = p;
2127 	if (countp)
2128 		*countp = count;
2129 	return 0;
2130 }
2131 
2132 static void
2133 sg_remove_scat(Sg_scatter_hold * schp)
2134 {
2135 	SCSI_LOG_TIMEOUT(4, printk("sg_remove_scat: k_use_sg=%d\n", schp->k_use_sg));
2136 	if (schp->buffer && (schp->sglist_len > 0)) {
2137 		struct scatterlist *sclp = (struct scatterlist *) schp->buffer;
2138 
2139 		if (schp->dio_in_use) {
2140 #ifdef SG_ALLOW_DIO_CODE
2141 			st_unmap_user_pages(sclp, schp->k_use_sg, TRUE);
2142 #endif
2143 		} else {
2144 			int k;
2145 
2146 			for (k = 0; (k < schp->k_use_sg) && sg_scatg2virt(sclp);
2147 			     ++k, ++sclp) {
2148 				SCSI_LOG_TIMEOUT(5, printk(
2149 				    "sg_remove_scat: k=%d, a=0x%p, len=%d\n",
2150 				    k, sg_scatg2virt(sclp), sclp->length));
2151 				sg_page_free(sg_scatg2virt(sclp), sclp->length);
2152 				sclp->page = NULL;
2153 				sclp->offset = 0;
2154 				sclp->length = 0;
2155 			}
2156 		}
2157 		sg_page_free(schp->buffer, schp->sglist_len);
2158 	} else if (schp->buffer)
2159 		sg_page_free(schp->buffer, schp->b_malloc_len);
2160 	memset(schp, 0, sizeof (*schp));
2161 }
2162 
2163 static int
2164 sg_read_xfer(Sg_request * srp)
2165 {
2166 	sg_io_hdr_t *hp = &srp->header;
2167 	Sg_scatter_hold *schp = &srp->data;
2168 	int num_xfer = 0;
2169 	int j, k, onum, usglen, ksglen, res;
2170 	int iovec_count = (int) hp->iovec_count;
2171 	int dxfer_dir = hp->dxfer_direction;
2172 	unsigned char *p;
2173 	unsigned char __user *up;
2174 	int new_interface = ('\0' == hp->interface_id) ? 0 : 1;
2175 
2176 	if ((SG_DXFER_UNKNOWN == dxfer_dir) || (SG_DXFER_FROM_DEV == dxfer_dir)
2177 	    || (SG_DXFER_TO_FROM_DEV == dxfer_dir)) {
2178 		num_xfer = hp->dxfer_len;
2179 		if (schp->bufflen < num_xfer)
2180 			num_xfer = schp->bufflen;
2181 	}
2182 	if ((num_xfer <= 0) || (schp->dio_in_use) ||
2183 	    (new_interface
2184 	     && ((SG_FLAG_NO_DXFER | SG_FLAG_MMAP_IO) & hp->flags)))
2185 		return 0;
2186 
2187 	SCSI_LOG_TIMEOUT(4, printk("sg_read_xfer: num_xfer=%d, iovec_count=%d, k_use_sg=%d\n",
2188 			  num_xfer, iovec_count, schp->k_use_sg));
2189 	if (iovec_count) {
2190 		onum = iovec_count;
2191 		if (!access_ok(VERIFY_READ, hp->dxferp, SZ_SG_IOVEC * onum))
2192 			return -EFAULT;
2193 	} else
2194 		onum = 1;
2195 
2196 	if (0 == schp->k_use_sg) {	/* kernel has single buffer */
2197 		for (j = 0, p = schp->buffer; j < onum; ++j) {
2198 			res = sg_u_iovec(hp, iovec_count, j, 0, &usglen, &up);
2199 			if (res)
2200 				return res;
2201 			usglen = (num_xfer > usglen) ? usglen : num_xfer;
2202 			if (__copy_to_user(up, p, usglen))
2203 				return -EFAULT;
2204 			p += usglen;
2205 			num_xfer -= usglen;
2206 			if (num_xfer <= 0)
2207 				return 0;
2208 		}
2209 	} else {		/* kernel using scatter gather list */
2210 		struct scatterlist *sclp = (struct scatterlist *) schp->buffer;
2211 
2212 		ksglen = (int) sclp->length;
2213 		p = sg_scatg2virt(sclp);
2214 		for (j = 0, k = 0; j < onum; ++j) {
2215 			res = sg_u_iovec(hp, iovec_count, j, 0, &usglen, &up);
2216 			if (res)
2217 				return res;
2218 
2219 			for (; p; ++sclp, ksglen = (int) sclp->length,
2220 				  p = sg_scatg2virt(sclp)) {
2221 				if (usglen <= 0)
2222 					break;
2223 				if (ksglen > usglen) {
2224 					if (usglen >= num_xfer) {
2225 						if (__copy_to_user
2226 						    (up, p, num_xfer))
2227 							return -EFAULT;
2228 						return 0;
2229 					}
2230 					if (__copy_to_user(up, p, usglen))
2231 						return -EFAULT;
2232 					p += usglen;
2233 					ksglen -= usglen;
2234 					break;
2235 				} else {
2236 					if (ksglen >= num_xfer) {
2237 						if (__copy_to_user
2238 						    (up, p, num_xfer))
2239 							return -EFAULT;
2240 						return 0;
2241 					}
2242 					if (__copy_to_user(up, p, ksglen))
2243 						return -EFAULT;
2244 					up += ksglen;
2245 					usglen -= ksglen;
2246 				}
2247 				++k;
2248 				if (k >= schp->k_use_sg)
2249 					return 0;
2250 			}
2251 		}
2252 	}
2253 	return 0;
2254 }
2255 
2256 static int
2257 sg_read_oxfer(Sg_request * srp, char __user *outp, int num_read_xfer)
2258 {
2259 	Sg_scatter_hold *schp = &srp->data;
2260 
2261 	SCSI_LOG_TIMEOUT(4, printk("sg_read_oxfer: num_read_xfer=%d\n",
2262 				   num_read_xfer));
2263 	if ((!outp) || (num_read_xfer <= 0))
2264 		return 0;
2265 	if (schp->k_use_sg > 0) {
2266 		int k, num;
2267 		struct scatterlist *sclp = (struct scatterlist *) schp->buffer;
2268 
2269 		for (k = 0; (k < schp->k_use_sg) && sg_scatg2virt(sclp);
2270 		     ++k, ++sclp) {
2271 			num = (int) sclp->length;
2272 			if (num > num_read_xfer) {
2273 				if (__copy_to_user
2274 				    (outp, sg_scatg2virt(sclp), num_read_xfer))
2275 					return -EFAULT;
2276 				break;
2277 			} else {
2278 				if (__copy_to_user
2279 				    (outp, sg_scatg2virt(sclp), num))
2280 					return -EFAULT;
2281 				num_read_xfer -= num;
2282 				if (num_read_xfer <= 0)
2283 					break;
2284 				outp += num;
2285 			}
2286 		}
2287 	} else {
2288 		if (__copy_to_user(outp, schp->buffer, num_read_xfer))
2289 			return -EFAULT;
2290 	}
2291 	return 0;
2292 }
2293 
2294 static void
2295 sg_build_reserve(Sg_fd * sfp, int req_size)
2296 {
2297 	Sg_scatter_hold *schp = &sfp->reserve;
2298 
2299 	SCSI_LOG_TIMEOUT(4, printk("sg_build_reserve: req_size=%d\n", req_size));
2300 	do {
2301 		if (req_size < PAGE_SIZE)
2302 			req_size = PAGE_SIZE;
2303 		if (0 == sg_build_indirect(schp, sfp, req_size))
2304 			return;
2305 		else
2306 			sg_remove_scat(schp);
2307 		req_size >>= 1;	/* divide by 2 */
2308 	} while (req_size > (PAGE_SIZE / 2));
2309 }
2310 
2311 static void
2312 sg_link_reserve(Sg_fd * sfp, Sg_request * srp, int size)
2313 {
2314 	Sg_scatter_hold *req_schp = &srp->data;
2315 	Sg_scatter_hold *rsv_schp = &sfp->reserve;
2316 
2317 	srp->res_used = 1;
2318 	SCSI_LOG_TIMEOUT(4, printk("sg_link_reserve: size=%d\n", size));
2319 	size = (size + 1) & (~1);	/* round to even for aha1542 */
2320 	if (rsv_schp->k_use_sg > 0) {
2321 		int k, num;
2322 		int rem = size;
2323 		struct scatterlist *sclp =
2324 		    (struct scatterlist *) rsv_schp->buffer;
2325 
2326 		for (k = 0; k < rsv_schp->k_use_sg; ++k, ++sclp) {
2327 			num = (int) sclp->length;
2328 			if (rem <= num) {
2329 				if (0 == k) {
2330 					req_schp->k_use_sg = 0;
2331 					req_schp->buffer = sg_scatg2virt(sclp);
2332 				} else {
2333 					sfp->save_scat_len = num;
2334 					sclp->length = (unsigned) rem;
2335 					req_schp->k_use_sg = k + 1;
2336 					req_schp->sglist_len =
2337 					    rsv_schp->sglist_len;
2338 					req_schp->buffer = rsv_schp->buffer;
2339 				}
2340 				req_schp->bufflen = size;
2341 				req_schp->b_malloc_len = rsv_schp->b_malloc_len;
2342 				break;
2343 			} else
2344 				rem -= num;
2345 		}
2346 		if (k >= rsv_schp->k_use_sg)
2347 			SCSI_LOG_TIMEOUT(1, printk("sg_link_reserve: BAD size\n"));
2348 	} else {
2349 		req_schp->k_use_sg = 0;
2350 		req_schp->bufflen = size;
2351 		req_schp->buffer = rsv_schp->buffer;
2352 		req_schp->b_malloc_len = rsv_schp->b_malloc_len;
2353 	}
2354 }
2355 
2356 static void
2357 sg_unlink_reserve(Sg_fd * sfp, Sg_request * srp)
2358 {
2359 	Sg_scatter_hold *req_schp = &srp->data;
2360 	Sg_scatter_hold *rsv_schp = &sfp->reserve;
2361 
2362 	SCSI_LOG_TIMEOUT(4, printk("sg_unlink_reserve: req->k_use_sg=%d\n",
2363 				   (int) req_schp->k_use_sg));
2364 	if ((rsv_schp->k_use_sg > 0) && (req_schp->k_use_sg > 0)) {
2365 		struct scatterlist *sclp =
2366 		    (struct scatterlist *) rsv_schp->buffer;
2367 
2368 		if (sfp->save_scat_len > 0)
2369 			(sclp + (req_schp->k_use_sg - 1))->length =
2370 			    (unsigned) sfp->save_scat_len;
2371 		else
2372 			SCSI_LOG_TIMEOUT(1, printk ("sg_unlink_reserve: BAD save_scat_len\n"));
2373 	}
2374 	req_schp->k_use_sg = 0;
2375 	req_schp->bufflen = 0;
2376 	req_schp->buffer = NULL;
2377 	req_schp->sglist_len = 0;
2378 	sfp->save_scat_len = 0;
2379 	srp->res_used = 0;
2380 }
2381 
2382 static Sg_request *
2383 sg_get_rq_mark(Sg_fd * sfp, int pack_id)
2384 {
2385 	Sg_request *resp;
2386 	unsigned long iflags;
2387 
2388 	write_lock_irqsave(&sfp->rq_list_lock, iflags);
2389 	for (resp = sfp->headrp; resp; resp = resp->nextrp) {
2390 		/* look for requests that are ready + not SG_IO owned */
2391 		if ((1 == resp->done) && (!resp->sg_io_owned) &&
2392 		    ((-1 == pack_id) || (resp->header.pack_id == pack_id))) {
2393 			resp->done = 2;	/* guard against other readers */
2394 			break;
2395 		}
2396 	}
2397 	write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2398 	return resp;
2399 }
2400 
2401 #ifdef CONFIG_SCSI_PROC_FS
2402 static Sg_request *
2403 sg_get_nth_request(Sg_fd * sfp, int nth)
2404 {
2405 	Sg_request *resp;
2406 	unsigned long iflags;
2407 	int k;
2408 
2409 	read_lock_irqsave(&sfp->rq_list_lock, iflags);
2410 	for (k = 0, resp = sfp->headrp; resp && (k < nth);
2411 	     ++k, resp = resp->nextrp) ;
2412 	read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2413 	return resp;
2414 }
2415 #endif
2416 
2417 /* always adds to end of list */
2418 static Sg_request *
2419 sg_add_request(Sg_fd * sfp)
2420 {
2421 	int k;
2422 	unsigned long iflags;
2423 	Sg_request *resp;
2424 	Sg_request *rp = sfp->req_arr;
2425 
2426 	write_lock_irqsave(&sfp->rq_list_lock, iflags);
2427 	resp = sfp->headrp;
2428 	if (!resp) {
2429 		memset(rp, 0, sizeof (Sg_request));
2430 		rp->parentfp = sfp;
2431 		resp = rp;
2432 		sfp->headrp = resp;
2433 	} else {
2434 		if (0 == sfp->cmd_q)
2435 			resp = NULL;	/* command queuing disallowed */
2436 		else {
2437 			for (k = 0; k < SG_MAX_QUEUE; ++k, ++rp) {
2438 				if (!rp->parentfp)
2439 					break;
2440 			}
2441 			if (k < SG_MAX_QUEUE) {
2442 				memset(rp, 0, sizeof (Sg_request));
2443 				rp->parentfp = sfp;
2444 				while (resp->nextrp)
2445 					resp = resp->nextrp;
2446 				resp->nextrp = rp;
2447 				resp = rp;
2448 			} else
2449 				resp = NULL;
2450 		}
2451 	}
2452 	if (resp) {
2453 		resp->nextrp = NULL;
2454 		resp->header.duration = jiffies_to_msecs(jiffies);
2455 		resp->my_cmdp = NULL;
2456 	}
2457 	write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2458 	return resp;
2459 }
2460 
2461 /* Return of 1 for found; 0 for not found */
2462 static int
2463 sg_remove_request(Sg_fd * sfp, Sg_request * srp)
2464 {
2465 	Sg_request *prev_rp;
2466 	Sg_request *rp;
2467 	unsigned long iflags;
2468 	int res = 0;
2469 
2470 	if ((!sfp) || (!srp) || (!sfp->headrp))
2471 		return res;
2472 	write_lock_irqsave(&sfp->rq_list_lock, iflags);
2473 	if (srp->my_cmdp)
2474 		srp->my_cmdp->upper_private_data = NULL;
2475 	prev_rp = sfp->headrp;
2476 	if (srp == prev_rp) {
2477 		sfp->headrp = prev_rp->nextrp;
2478 		prev_rp->parentfp = NULL;
2479 		res = 1;
2480 	} else {
2481 		while ((rp = prev_rp->nextrp)) {
2482 			if (srp == rp) {
2483 				prev_rp->nextrp = rp->nextrp;
2484 				rp->parentfp = NULL;
2485 				res = 1;
2486 				break;
2487 			}
2488 			prev_rp = rp;
2489 		}
2490 	}
2491 	write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2492 	return res;
2493 }
2494 
2495 #ifdef CONFIG_SCSI_PROC_FS
2496 static Sg_fd *
2497 sg_get_nth_sfp(Sg_device * sdp, int nth)
2498 {
2499 	Sg_fd *resp;
2500 	unsigned long iflags;
2501 	int k;
2502 
2503 	read_lock_irqsave(&sg_dev_arr_lock, iflags);
2504 	for (k = 0, resp = sdp->headfp; resp && (k < nth);
2505 	     ++k, resp = resp->nextfp) ;
2506 	read_unlock_irqrestore(&sg_dev_arr_lock, iflags);
2507 	return resp;
2508 }
2509 #endif
2510 
2511 static Sg_fd *
2512 sg_add_sfp(Sg_device * sdp, int dev)
2513 {
2514 	Sg_fd *sfp;
2515 	unsigned long iflags;
2516 
2517 	sfp = (Sg_fd *) sg_page_malloc(sizeof (Sg_fd), 0, NULL);
2518 	if (!sfp)
2519 		return NULL;
2520 	memset(sfp, 0, sizeof (Sg_fd));
2521 	init_waitqueue_head(&sfp->read_wait);
2522 	rwlock_init(&sfp->rq_list_lock);
2523 
2524 	sfp->timeout = SG_DEFAULT_TIMEOUT;
2525 	sfp->timeout_user = SG_DEFAULT_TIMEOUT_USER;
2526 	sfp->force_packid = SG_DEF_FORCE_PACK_ID;
2527 	sfp->low_dma = (SG_DEF_FORCE_LOW_DMA == 0) ?
2528 	    sdp->device->host->unchecked_isa_dma : 1;
2529 	sfp->cmd_q = SG_DEF_COMMAND_Q;
2530 	sfp->keep_orphan = SG_DEF_KEEP_ORPHAN;
2531 	sfp->parentdp = sdp;
2532 	write_lock_irqsave(&sg_dev_arr_lock, iflags);
2533 	if (!sdp->headfp)
2534 		sdp->headfp = sfp;
2535 	else {			/* add to tail of existing list */
2536 		Sg_fd *pfp = sdp->headfp;
2537 		while (pfp->nextfp)
2538 			pfp = pfp->nextfp;
2539 		pfp->nextfp = sfp;
2540 	}
2541 	write_unlock_irqrestore(&sg_dev_arr_lock, iflags);
2542 	SCSI_LOG_TIMEOUT(3, printk("sg_add_sfp: sfp=0x%p\n", sfp));
2543 	sg_build_reserve(sfp, sg_big_buff);
2544 	SCSI_LOG_TIMEOUT(3, printk("sg_add_sfp:   bufflen=%d, k_use_sg=%d\n",
2545 			   sfp->reserve.bufflen, sfp->reserve.k_use_sg));
2546 	return sfp;
2547 }
2548 
2549 static void
2550 __sg_remove_sfp(Sg_device * sdp, Sg_fd * sfp)
2551 {
2552 	Sg_fd *fp;
2553 	Sg_fd *prev_fp;
2554 
2555 	prev_fp = sdp->headfp;
2556 	if (sfp == prev_fp)
2557 		sdp->headfp = prev_fp->nextfp;
2558 	else {
2559 		while ((fp = prev_fp->nextfp)) {
2560 			if (sfp == fp) {
2561 				prev_fp->nextfp = fp->nextfp;
2562 				break;
2563 			}
2564 			prev_fp = fp;
2565 		}
2566 	}
2567 	if (sfp->reserve.bufflen > 0) {
2568 		SCSI_LOG_TIMEOUT(6,
2569 			printk("__sg_remove_sfp:    bufflen=%d, k_use_sg=%d\n",
2570 			(int) sfp->reserve.bufflen, (int) sfp->reserve.k_use_sg));
2571 		if (sfp->mmap_called)
2572 			sg_rb_correct4mmap(&sfp->reserve, 0);	/* undo correction */
2573 		sg_remove_scat(&sfp->reserve);
2574 	}
2575 	sfp->parentdp = NULL;
2576 	SCSI_LOG_TIMEOUT(6, printk("__sg_remove_sfp:    sfp=0x%p\n", sfp));
2577 	sg_page_free((char *) sfp, sizeof (Sg_fd));
2578 }
2579 
2580 /* Returns 0 in normal case, 1 when detached and sdp object removed */
2581 static int
2582 sg_remove_sfp(Sg_device * sdp, Sg_fd * sfp)
2583 {
2584 	Sg_request *srp;
2585 	Sg_request *tsrp;
2586 	int dirty = 0;
2587 	int res = 0;
2588 
2589 	for (srp = sfp->headrp; srp; srp = tsrp) {
2590 		tsrp = srp->nextrp;
2591 		if (sg_srp_done(srp, sfp))
2592 			sg_finish_rem_req(srp);
2593 		else
2594 			++dirty;
2595 	}
2596 	if (0 == dirty) {
2597 		unsigned long iflags;
2598 
2599 		write_lock_irqsave(&sg_dev_arr_lock, iflags);
2600 		__sg_remove_sfp(sdp, sfp);
2601 		if (sdp->detached && (NULL == sdp->headfp)) {
2602 			int k, maxd;
2603 
2604 			maxd = sg_dev_max;
2605 			for (k = 0; k < maxd; ++k) {
2606 				if (sdp == sg_dev_arr[k])
2607 					break;
2608 			}
2609 			if (k < maxd)
2610 				sg_dev_arr[k] = NULL;
2611 			kfree((char *) sdp);
2612 			res = 1;
2613 		}
2614 		write_unlock_irqrestore(&sg_dev_arr_lock, iflags);
2615 	} else {
2616 		/* MOD_INC's to inhibit unloading sg and associated adapter driver */
2617 		/* only bump the access_count if we actually succeeded in
2618 		 * throwing another counter on the host module */
2619 		scsi_device_get(sdp->device);	/* XXX: retval ignored? */
2620 		sfp->closed = 1;	/* flag dirty state on this fd */
2621 		SCSI_LOG_TIMEOUT(1, printk("sg_remove_sfp: worrisome, %d writes pending\n",
2622 				  dirty));
2623 	}
2624 	return res;
2625 }
2626 
2627 static int
2628 sg_res_in_use(Sg_fd * sfp)
2629 {
2630 	const Sg_request *srp;
2631 	unsigned long iflags;
2632 
2633 	read_lock_irqsave(&sfp->rq_list_lock, iflags);
2634 	for (srp = sfp->headrp; srp; srp = srp->nextrp)
2635 		if (srp->res_used)
2636 			break;
2637 	read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2638 	return srp ? 1 : 0;
2639 }
2640 
2641 /* If retSzp==NULL want exact size or fail */
2642 static char *
2643 sg_page_malloc(int rqSz, int lowDma, int *retSzp)
2644 {
2645 	char *resp = NULL;
2646 	gfp_t page_mask;
2647 	int order, a_size;
2648 	int resSz = rqSz;
2649 
2650 	if (rqSz <= 0)
2651 		return resp;
2652 
2653 	if (lowDma)
2654 		page_mask = GFP_ATOMIC | GFP_DMA | __GFP_NOWARN;
2655 	else
2656 		page_mask = GFP_ATOMIC | __GFP_NOWARN;
2657 
2658 	for (order = 0, a_size = PAGE_SIZE; a_size < rqSz;
2659 	     order++, a_size <<= 1) ;
2660 	resp = (char *) __get_free_pages(page_mask, order);
2661 	while ((!resp) && order && retSzp) {
2662 		--order;
2663 		a_size >>= 1;	/* divide by 2, until PAGE_SIZE */
2664 		resp = (char *) __get_free_pages(page_mask, order);	/* try half */
2665 		resSz = a_size;
2666 	}
2667 	if (resp) {
2668 		if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
2669 			memset(resp, 0, resSz);
2670 		if (retSzp)
2671 			*retSzp = resSz;
2672 	}
2673 	return resp;
2674 }
2675 
2676 static void
2677 sg_page_free(char *buff, int size)
2678 {
2679 	int order, a_size;
2680 
2681 	if (!buff)
2682 		return;
2683 	for (order = 0, a_size = PAGE_SIZE; a_size < size;
2684 	     order++, a_size <<= 1) ;
2685 	free_pages((unsigned long) buff, order);
2686 }
2687 
2688 #ifndef MAINTENANCE_IN_CMD
2689 #define MAINTENANCE_IN_CMD 0xa3
2690 #endif
2691 
2692 static unsigned char allow_ops[] = { TEST_UNIT_READY, REQUEST_SENSE,
2693 	INQUIRY, READ_CAPACITY, READ_BUFFER, READ_6, READ_10, READ_12,
2694 	READ_16, MODE_SENSE, MODE_SENSE_10, LOG_SENSE, REPORT_LUNS,
2695 	SERVICE_ACTION_IN, RECEIVE_DIAGNOSTIC, READ_LONG, MAINTENANCE_IN_CMD
2696 };
2697 
2698 static int
2699 sg_allow_access(unsigned char opcode, char dev_type)
2700 {
2701 	int k;
2702 
2703 	if (TYPE_SCANNER == dev_type)	/* TYPE_ROM maybe burner */
2704 		return 1;
2705 	for (k = 0; k < sizeof (allow_ops); ++k) {
2706 		if (opcode == allow_ops[k])
2707 			return 1;
2708 	}
2709 	return 0;
2710 }
2711 
2712 #ifdef CONFIG_SCSI_PROC_FS
2713 static int
2714 sg_last_dev(void)
2715 {
2716 	int k;
2717 	unsigned long iflags;
2718 
2719 	read_lock_irqsave(&sg_dev_arr_lock, iflags);
2720 	for (k = sg_dev_max - 1; k >= 0; --k)
2721 		if (sg_dev_arr[k] && sg_dev_arr[k]->device)
2722 			break;
2723 	read_unlock_irqrestore(&sg_dev_arr_lock, iflags);
2724 	return k + 1;		/* origin 1 */
2725 }
2726 #endif
2727 
2728 static Sg_device *
2729 sg_get_dev(int dev)
2730 {
2731 	Sg_device *sdp = NULL;
2732 	unsigned long iflags;
2733 
2734 	if (sg_dev_arr && (dev >= 0)) {
2735 		read_lock_irqsave(&sg_dev_arr_lock, iflags);
2736 		if (dev < sg_dev_max)
2737 			sdp = sg_dev_arr[dev];
2738 		read_unlock_irqrestore(&sg_dev_arr_lock, iflags);
2739 	}
2740 	return sdp;
2741 }
2742 
2743 #ifdef CONFIG_SCSI_PROC_FS
2744 
2745 static struct proc_dir_entry *sg_proc_sgp = NULL;
2746 
2747 static char sg_proc_sg_dirname[] = "scsi/sg";
2748 
2749 static int sg_proc_seq_show_int(struct seq_file *s, void *v);
2750 
2751 static int sg_proc_single_open_adio(struct inode *inode, struct file *file);
2752 static ssize_t sg_proc_write_adio(struct file *filp, const char __user *buffer,
2753 			          size_t count, loff_t *off);
2754 static struct file_operations adio_fops = {
2755 	/* .owner, .read and .llseek added in sg_proc_init() */
2756 	.open = sg_proc_single_open_adio,
2757 	.write = sg_proc_write_adio,
2758 	.release = single_release,
2759 };
2760 
2761 static int sg_proc_single_open_dressz(struct inode *inode, struct file *file);
2762 static ssize_t sg_proc_write_dressz(struct file *filp,
2763 		const char __user *buffer, size_t count, loff_t *off);
2764 static struct file_operations dressz_fops = {
2765 	.open = sg_proc_single_open_dressz,
2766 	.write = sg_proc_write_dressz,
2767 	.release = single_release,
2768 };
2769 
2770 static int sg_proc_seq_show_version(struct seq_file *s, void *v);
2771 static int sg_proc_single_open_version(struct inode *inode, struct file *file);
2772 static struct file_operations version_fops = {
2773 	.open = sg_proc_single_open_version,
2774 	.release = single_release,
2775 };
2776 
2777 static int sg_proc_seq_show_devhdr(struct seq_file *s, void *v);
2778 static int sg_proc_single_open_devhdr(struct inode *inode, struct file *file);
2779 static struct file_operations devhdr_fops = {
2780 	.open = sg_proc_single_open_devhdr,
2781 	.release = single_release,
2782 };
2783 
2784 static int sg_proc_seq_show_dev(struct seq_file *s, void *v);
2785 static int sg_proc_open_dev(struct inode *inode, struct file *file);
2786 static void * dev_seq_start(struct seq_file *s, loff_t *pos);
2787 static void * dev_seq_next(struct seq_file *s, void *v, loff_t *pos);
2788 static void dev_seq_stop(struct seq_file *s, void *v);
2789 static struct file_operations dev_fops = {
2790 	.open = sg_proc_open_dev,
2791 	.release = seq_release,
2792 };
2793 static struct seq_operations dev_seq_ops = {
2794 	.start = dev_seq_start,
2795 	.next  = dev_seq_next,
2796 	.stop  = dev_seq_stop,
2797 	.show  = sg_proc_seq_show_dev,
2798 };
2799 
2800 static int sg_proc_seq_show_devstrs(struct seq_file *s, void *v);
2801 static int sg_proc_open_devstrs(struct inode *inode, struct file *file);
2802 static struct file_operations devstrs_fops = {
2803 	.open = sg_proc_open_devstrs,
2804 	.release = seq_release,
2805 };
2806 static struct seq_operations devstrs_seq_ops = {
2807 	.start = dev_seq_start,
2808 	.next  = dev_seq_next,
2809 	.stop  = dev_seq_stop,
2810 	.show  = sg_proc_seq_show_devstrs,
2811 };
2812 
2813 static int sg_proc_seq_show_debug(struct seq_file *s, void *v);
2814 static int sg_proc_open_debug(struct inode *inode, struct file *file);
2815 static struct file_operations debug_fops = {
2816 	.open = sg_proc_open_debug,
2817 	.release = seq_release,
2818 };
2819 static struct seq_operations debug_seq_ops = {
2820 	.start = dev_seq_start,
2821 	.next  = dev_seq_next,
2822 	.stop  = dev_seq_stop,
2823 	.show  = sg_proc_seq_show_debug,
2824 };
2825 
2826 
2827 struct sg_proc_leaf {
2828 	const char * name;
2829 	struct file_operations * fops;
2830 };
2831 
2832 static struct sg_proc_leaf sg_proc_leaf_arr[] = {
2833 	{"allow_dio", &adio_fops},
2834 	{"debug", &debug_fops},
2835 	{"def_reserved_size", &dressz_fops},
2836 	{"device_hdr", &devhdr_fops},
2837 	{"devices", &dev_fops},
2838 	{"device_strs", &devstrs_fops},
2839 	{"version", &version_fops}
2840 };
2841 
2842 static int
2843 sg_proc_init(void)
2844 {
2845 	int k, mask;
2846 	int num_leaves =
2847 	    sizeof (sg_proc_leaf_arr) / sizeof (sg_proc_leaf_arr[0]);
2848 	struct proc_dir_entry *pdep;
2849 	struct sg_proc_leaf * leaf;
2850 
2851 	sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL);
2852 	if (!sg_proc_sgp)
2853 		return 1;
2854 	for (k = 0; k < num_leaves; ++k) {
2855 		leaf = &sg_proc_leaf_arr[k];
2856 		mask = leaf->fops->write ? S_IRUGO | S_IWUSR : S_IRUGO;
2857 		pdep = create_proc_entry(leaf->name, mask, sg_proc_sgp);
2858 		if (pdep) {
2859 			leaf->fops->owner = THIS_MODULE,
2860 			leaf->fops->read = seq_read,
2861 			leaf->fops->llseek = seq_lseek,
2862 			pdep->proc_fops = leaf->fops;
2863 		}
2864 	}
2865 	return 0;
2866 }
2867 
2868 static void
2869 sg_proc_cleanup(void)
2870 {
2871 	int k;
2872 	int num_leaves =
2873 	    sizeof (sg_proc_leaf_arr) / sizeof (sg_proc_leaf_arr[0]);
2874 
2875 	if (!sg_proc_sgp)
2876 		return;
2877 	for (k = 0; k < num_leaves; ++k)
2878 		remove_proc_entry(sg_proc_leaf_arr[k].name, sg_proc_sgp);
2879 	remove_proc_entry(sg_proc_sg_dirname, NULL);
2880 }
2881 
2882 
2883 static int sg_proc_seq_show_int(struct seq_file *s, void *v)
2884 {
2885 	seq_printf(s, "%d\n", *((int *)s->private));
2886 	return 0;
2887 }
2888 
2889 static int sg_proc_single_open_adio(struct inode *inode, struct file *file)
2890 {
2891 	return single_open(file, sg_proc_seq_show_int, &sg_allow_dio);
2892 }
2893 
2894 static ssize_t
2895 sg_proc_write_adio(struct file *filp, const char __user *buffer,
2896 		   size_t count, loff_t *off)
2897 {
2898 	int num;
2899 	char buff[11];
2900 
2901 	if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
2902 		return -EACCES;
2903 	num = (count < 10) ? count : 10;
2904 	if (copy_from_user(buff, buffer, num))
2905 		return -EFAULT;
2906 	buff[num] = '\0';
2907 	sg_allow_dio = simple_strtoul(buff, NULL, 10) ? 1 : 0;
2908 	return count;
2909 }
2910 
2911 static int sg_proc_single_open_dressz(struct inode *inode, struct file *file)
2912 {
2913 	return single_open(file, sg_proc_seq_show_int, &sg_big_buff);
2914 }
2915 
2916 static ssize_t
2917 sg_proc_write_dressz(struct file *filp, const char __user *buffer,
2918 		     size_t count, loff_t *off)
2919 {
2920 	int num;
2921 	unsigned long k = ULONG_MAX;
2922 	char buff[11];
2923 
2924 	if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
2925 		return -EACCES;
2926 	num = (count < 10) ? count : 10;
2927 	if (copy_from_user(buff, buffer, num))
2928 		return -EFAULT;
2929 	buff[num] = '\0';
2930 	k = simple_strtoul(buff, NULL, 10);
2931 	if (k <= 1048576) {	/* limit "big buff" to 1 MB */
2932 		sg_big_buff = k;
2933 		return count;
2934 	}
2935 	return -ERANGE;
2936 }
2937 
2938 static int sg_proc_seq_show_version(struct seq_file *s, void *v)
2939 {
2940 	seq_printf(s, "%d\t%s [%s]\n", sg_version_num, SG_VERSION_STR,
2941 		   sg_version_date);
2942 	return 0;
2943 }
2944 
2945 static int sg_proc_single_open_version(struct inode *inode, struct file *file)
2946 {
2947 	return single_open(file, sg_proc_seq_show_version, NULL);
2948 }
2949 
2950 static int sg_proc_seq_show_devhdr(struct seq_file *s, void *v)
2951 {
2952 	seq_printf(s, "host\tchan\tid\tlun\ttype\topens\tqdepth\tbusy\t"
2953 		   "online\n");
2954 	return 0;
2955 }
2956 
2957 static int sg_proc_single_open_devhdr(struct inode *inode, struct file *file)
2958 {
2959 	return single_open(file, sg_proc_seq_show_devhdr, NULL);
2960 }
2961 
2962 struct sg_proc_deviter {
2963 	loff_t	index;
2964 	size_t	max;
2965 };
2966 
2967 static void * dev_seq_start(struct seq_file *s, loff_t *pos)
2968 {
2969 	struct sg_proc_deviter * it = kmalloc(sizeof(*it), GFP_KERNEL);
2970 
2971 	s->private = it;
2972 	if (! it)
2973 		return NULL;
2974 
2975 	if (NULL == sg_dev_arr)
2976 		return NULL;
2977 	it->index = *pos;
2978 	it->max = sg_last_dev();
2979 	if (it->index >= it->max)
2980 		return NULL;
2981 	return it;
2982 }
2983 
2984 static void * dev_seq_next(struct seq_file *s, void *v, loff_t *pos)
2985 {
2986 	struct sg_proc_deviter * it = s->private;
2987 
2988 	*pos = ++it->index;
2989 	return (it->index < it->max) ? it : NULL;
2990 }
2991 
2992 static void dev_seq_stop(struct seq_file *s, void *v)
2993 {
2994 	kfree(s->private);
2995 }
2996 
2997 static int sg_proc_open_dev(struct inode *inode, struct file *file)
2998 {
2999         return seq_open(file, &dev_seq_ops);
3000 }
3001 
3002 static int sg_proc_seq_show_dev(struct seq_file *s, void *v)
3003 {
3004 	struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
3005 	Sg_device *sdp;
3006 	struct scsi_device *scsidp;
3007 
3008 	sdp = it ? sg_get_dev(it->index) : NULL;
3009 	if (sdp && (scsidp = sdp->device) && (!sdp->detached))
3010 		seq_printf(s, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\n",
3011 			      scsidp->host->host_no, scsidp->channel,
3012 			      scsidp->id, scsidp->lun, (int) scsidp->type,
3013 			      1,
3014 			      (int) scsidp->queue_depth,
3015 			      (int) scsidp->device_busy,
3016 			      (int) scsi_device_online(scsidp));
3017 	else
3018 		seq_printf(s, "-1\t-1\t-1\t-1\t-1\t-1\t-1\t-1\t-1\n");
3019 	return 0;
3020 }
3021 
3022 static int sg_proc_open_devstrs(struct inode *inode, struct file *file)
3023 {
3024         return seq_open(file, &devstrs_seq_ops);
3025 }
3026 
3027 static int sg_proc_seq_show_devstrs(struct seq_file *s, void *v)
3028 {
3029 	struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
3030 	Sg_device *sdp;
3031 	struct scsi_device *scsidp;
3032 
3033 	sdp = it ? sg_get_dev(it->index) : NULL;
3034 	if (sdp && (scsidp = sdp->device) && (!sdp->detached))
3035 		seq_printf(s, "%8.8s\t%16.16s\t%4.4s\n",
3036 			   scsidp->vendor, scsidp->model, scsidp->rev);
3037 	else
3038 		seq_printf(s, "<no active device>\n");
3039 	return 0;
3040 }
3041 
3042 static void sg_proc_debug_helper(struct seq_file *s, Sg_device * sdp)
3043 {
3044 	int k, m, new_interface, blen, usg;
3045 	Sg_request *srp;
3046 	Sg_fd *fp;
3047 	const sg_io_hdr_t *hp;
3048 	const char * cp;
3049 	unsigned int ms;
3050 
3051 	for (k = 0; (fp = sg_get_nth_sfp(sdp, k)); ++k) {
3052 		seq_printf(s, "   FD(%d): timeout=%dms bufflen=%d "
3053 			   "(res)sgat=%d low_dma=%d\n", k + 1,
3054 			   jiffies_to_msecs(fp->timeout),
3055 			   fp->reserve.bufflen,
3056 			   (int) fp->reserve.k_use_sg,
3057 			   (int) fp->low_dma);
3058 		seq_printf(s, "   cmd_q=%d f_packid=%d k_orphan=%d closed=%d\n",
3059 			   (int) fp->cmd_q, (int) fp->force_packid,
3060 			   (int) fp->keep_orphan, (int) fp->closed);
3061 		for (m = 0; (srp = sg_get_nth_request(fp, m)); ++m) {
3062 			hp = &srp->header;
3063 			new_interface = (hp->interface_id == '\0') ? 0 : 1;
3064 			if (srp->res_used) {
3065 				if (new_interface &&
3066 				    (SG_FLAG_MMAP_IO & hp->flags))
3067 					cp = "     mmap>> ";
3068 				else
3069 					cp = "     rb>> ";
3070 			} else {
3071 				if (SG_INFO_DIRECT_IO_MASK & hp->info)
3072 					cp = "     dio>> ";
3073 				else
3074 					cp = "     ";
3075 			}
3076 			seq_printf(s, cp);
3077 			blen = srp->my_cmdp ?
3078 				srp->my_cmdp->sr_bufflen : srp->data.bufflen;
3079 			usg = srp->my_cmdp ?
3080 				srp->my_cmdp->sr_use_sg : srp->data.k_use_sg;
3081 			seq_printf(s, srp->done ?
3082 				   ((1 == srp->done) ?  "rcv:" : "fin:")
3083 				   : (srp->my_cmdp ? "act:" : "prior:"));
3084 			seq_printf(s, " id=%d blen=%d",
3085 				   srp->header.pack_id, blen);
3086 			if (srp->done)
3087 				seq_printf(s, " dur=%d", hp->duration);
3088 			else {
3089 				ms = jiffies_to_msecs(jiffies);
3090 				seq_printf(s, " t_o/elap=%d/%d",
3091 					(new_interface ? hp->timeout :
3092 						  jiffies_to_msecs(fp->timeout)),
3093 					(ms > hp->duration ? ms - hp->duration : 0));
3094 			}
3095 			seq_printf(s, "ms sgat=%d op=0x%02x\n", usg,
3096 				   (int) srp->data.cmd_opcode);
3097 		}
3098 		if (0 == m)
3099 			seq_printf(s, "     No requests active\n");
3100 	}
3101 }
3102 
3103 static int sg_proc_open_debug(struct inode *inode, struct file *file)
3104 {
3105         return seq_open(file, &debug_seq_ops);
3106 }
3107 
3108 static int sg_proc_seq_show_debug(struct seq_file *s, void *v)
3109 {
3110 	struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
3111 	Sg_device *sdp;
3112 
3113 	if (it && (0 == it->index)) {
3114 		seq_printf(s, "dev_max(currently)=%d max_active_device=%d "
3115 			   "(origin 1)\n", sg_dev_max, (int)it->max);
3116 		seq_printf(s, " def_reserved_size=%d\n", sg_big_buff);
3117 	}
3118 	sdp = it ? sg_get_dev(it->index) : NULL;
3119 	if (sdp) {
3120 		struct scsi_device *scsidp = sdp->device;
3121 
3122 		if (NULL == scsidp) {
3123 			seq_printf(s, "device %d detached ??\n",
3124 				   (int)it->index);
3125 			return 0;
3126 		}
3127 
3128 		if (sg_get_nth_sfp(sdp, 0)) {
3129 			seq_printf(s, " >>> device=%s ",
3130 				sdp->disk->disk_name);
3131 			if (sdp->detached)
3132 				seq_printf(s, "detached pending close ");
3133 			else
3134 				seq_printf
3135 				    (s, "scsi%d chan=%d id=%d lun=%d   em=%d",
3136 				     scsidp->host->host_no,
3137 				     scsidp->channel, scsidp->id,
3138 				     scsidp->lun,
3139 				     scsidp->host->hostt->emulated);
3140 			seq_printf(s, " sg_tablesize=%d excl=%d\n",
3141 				   sdp->sg_tablesize, sdp->exclude);
3142 		}
3143 		sg_proc_debug_helper(s, sdp);
3144 	}
3145 	return 0;
3146 }
3147 
3148 #endif				/* CONFIG_SCSI_PROC_FS */
3149 
3150 module_init(init_sg);
3151 module_exit(exit_sg);
3152 MODULE_ALIAS_CHARDEV_MAJOR(SCSI_GENERIC_MAJOR);
3153