1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Changes: 4 * Arnaldo Carvalho de Melo <acme@conectiva.com.br> 08/23/2000 5 * - get rid of some verify_areas and use __copy*user and __get/put_user 6 * for the ones that remain 7 */ 8 #include <linux/module.h> 9 #include <linux/blkdev.h> 10 #include <linux/interrupt.h> 11 #include <linux/errno.h> 12 #include <linux/kernel.h> 13 #include <linux/sched.h> 14 #include <linux/mm.h> 15 #include <linux/string.h> 16 #include <linux/uaccess.h> 17 #include <linux/cdrom.h> 18 19 #include <scsi/scsi.h> 20 #include <scsi/scsi_cmnd.h> 21 #include <scsi/scsi_device.h> 22 #include <scsi/scsi_eh.h> 23 #include <scsi/scsi_host.h> 24 #include <scsi/scsi_ioctl.h> 25 #include <scsi/sg.h> 26 #include <scsi/scsi_dbg.h> 27 28 #include "scsi_logging.h" 29 30 #define NORMAL_RETRIES 5 31 #define IOCTL_NORMAL_TIMEOUT (10 * HZ) 32 33 #define MAX_BUF PAGE_SIZE 34 35 /** 36 * ioctl_probe -- return host identification 37 * @host: host to identify 38 * @buffer: userspace buffer for identification 39 * 40 * Return an identifying string at @buffer, if @buffer is non-NULL, filling 41 * to the length stored at * (int *) @buffer. 42 */ 43 static int ioctl_probe(struct Scsi_Host *host, void __user *buffer) 44 { 45 unsigned int len, slen; 46 const char *string; 47 48 if (buffer) { 49 if (get_user(len, (unsigned int __user *) buffer)) 50 return -EFAULT; 51 52 if (host->hostt->info) 53 string = host->hostt->info(host); 54 else 55 string = host->hostt->name; 56 if (string) { 57 slen = strlen(string); 58 if (len > slen) 59 len = slen + 1; 60 if (copy_to_user(buffer, string, len)) 61 return -EFAULT; 62 } 63 } 64 return 1; 65 } 66 67 static int ioctl_internal_command(struct scsi_device *sdev, char *cmd, 68 int timeout, int retries) 69 { 70 int result; 71 struct scsi_sense_hdr sshdr; 72 73 SCSI_LOG_IOCTL(1, sdev_printk(KERN_INFO, sdev, 74 "Trying ioctl with scsi command %d\n", *cmd)); 75 76 result = scsi_execute_req(sdev, cmd, DMA_NONE, NULL, 0, 77 &sshdr, timeout, retries, NULL); 78 79 SCSI_LOG_IOCTL(2, sdev_printk(KERN_INFO, sdev, 80 "Ioctl returned 0x%x\n", result)); 81 82 if (result < 0) 83 goto out; 84 if (scsi_sense_valid(&sshdr)) { 85 switch (sshdr.sense_key) { 86 case ILLEGAL_REQUEST: 87 if (cmd[0] == ALLOW_MEDIUM_REMOVAL) 88 sdev->lockable = 0; 89 else 90 sdev_printk(KERN_INFO, sdev, 91 "ioctl_internal_command: " 92 "ILLEGAL REQUEST " 93 "asc=0x%x ascq=0x%x\n", 94 sshdr.asc, sshdr.ascq); 95 break; 96 case NOT_READY: /* This happens if there is no disc in drive */ 97 if (sdev->removable) 98 break; 99 fallthrough; 100 case UNIT_ATTENTION: 101 if (sdev->removable) { 102 sdev->changed = 1; 103 result = 0; /* This is no longer considered an error */ 104 break; 105 } 106 fallthrough; /* for non-removable media */ 107 default: 108 sdev_printk(KERN_INFO, sdev, 109 "ioctl_internal_command return code = %x\n", 110 result); 111 scsi_print_sense_hdr(sdev, NULL, &sshdr); 112 break; 113 } 114 } 115 out: 116 SCSI_LOG_IOCTL(2, sdev_printk(KERN_INFO, sdev, 117 "IOCTL Releasing command\n")); 118 return result; 119 } 120 121 int scsi_set_medium_removal(struct scsi_device *sdev, char state) 122 { 123 char scsi_cmd[MAX_COMMAND_SIZE]; 124 int ret; 125 126 if (!sdev->removable || !sdev->lockable) 127 return 0; 128 129 scsi_cmd[0] = ALLOW_MEDIUM_REMOVAL; 130 scsi_cmd[1] = 0; 131 scsi_cmd[2] = 0; 132 scsi_cmd[3] = 0; 133 scsi_cmd[4] = state; 134 scsi_cmd[5] = 0; 135 136 ret = ioctl_internal_command(sdev, scsi_cmd, 137 IOCTL_NORMAL_TIMEOUT, NORMAL_RETRIES); 138 if (ret == 0) 139 sdev->locked = (state == SCSI_REMOVAL_PREVENT); 140 return ret; 141 } 142 EXPORT_SYMBOL(scsi_set_medium_removal); 143 144 /* 145 * The scsi_ioctl_get_pci() function places into arg the value 146 * pci_dev::slot_name (8 characters) for the PCI device (if any). 147 * Returns: 0 on success 148 * -ENXIO if there isn't a PCI device pointer 149 * (could be because the SCSI driver hasn't been 150 * updated yet, or because it isn't a SCSI 151 * device) 152 * any copy_to_user() error on failure there 153 */ 154 static int scsi_ioctl_get_pci(struct scsi_device *sdev, void __user *arg) 155 { 156 struct device *dev = scsi_get_device(sdev->host); 157 const char *name; 158 159 if (!dev) 160 return -ENXIO; 161 162 name = dev_name(dev); 163 164 /* compatibility with old ioctl which only returned 165 * 20 characters */ 166 return copy_to_user(arg, name, min(strlen(name), (size_t)20)) 167 ? -EFAULT: 0; 168 } 169 170 static int sg_get_version(int __user *p) 171 { 172 static const int sg_version_num = 30527; 173 return put_user(sg_version_num, p); 174 } 175 176 static int sg_set_timeout(struct scsi_device *sdev, int __user *p) 177 { 178 int timeout, err = get_user(timeout, p); 179 180 if (!err) 181 sdev->sg_timeout = clock_t_to_jiffies(timeout); 182 183 return err; 184 } 185 186 static int sg_get_reserved_size(struct scsi_device *sdev, int __user *p) 187 { 188 int val = min(sdev->sg_reserved_size, 189 queue_max_bytes(sdev->request_queue)); 190 191 return put_user(val, p); 192 } 193 194 static int sg_set_reserved_size(struct scsi_device *sdev, int __user *p) 195 { 196 int size, err = get_user(size, p); 197 198 if (err) 199 return err; 200 201 if (size < 0) 202 return -EINVAL; 203 204 sdev->sg_reserved_size = min_t(unsigned int, size, 205 queue_max_bytes(sdev->request_queue)); 206 return 0; 207 } 208 209 /* 210 * will always return that we are ATAPI even for a real SCSI drive, I'm not 211 * so sure this is worth doing anything about (why would you care??) 212 */ 213 static int sg_emulated_host(struct request_queue *q, int __user *p) 214 { 215 return put_user(1, p); 216 } 217 218 static int scsi_get_idlun(struct scsi_device *sdev, void __user *argp) 219 { 220 struct scsi_idlun v = { 221 .dev_id = (sdev->id & 0xff) + 222 ((sdev->lun & 0xff) << 8) + 223 ((sdev->channel & 0xff) << 16) + 224 ((sdev->host->host_no & 0xff) << 24), 225 .host_unique_id = sdev->host->unique_id 226 }; 227 if (copy_to_user(argp, &v, sizeof(struct scsi_idlun))) 228 return -EFAULT; 229 return 0; 230 } 231 232 static int scsi_send_start_stop(struct scsi_device *sdev, int data) 233 { 234 u8 cdb[MAX_COMMAND_SIZE] = { }; 235 236 cdb[0] = START_STOP; 237 cdb[4] = data; 238 return ioctl_internal_command(sdev, cdb, START_STOP_TIMEOUT, 239 NORMAL_RETRIES); 240 } 241 242 /* 243 * Check if the given command is allowed. 244 * 245 * Only a subset of commands are allowed for unprivileged users. Commands used 246 * to format the media, update the firmware, etc. are not permitted. 247 */ 248 bool scsi_cmd_allowed(unsigned char *cmd, fmode_t mode) 249 { 250 /* root can do any command. */ 251 if (capable(CAP_SYS_RAWIO)) 252 return true; 253 254 /* Anybody who can open the device can do a read-safe command */ 255 switch (cmd[0]) { 256 /* Basic read-only commands */ 257 case TEST_UNIT_READY: 258 case REQUEST_SENSE: 259 case READ_6: 260 case READ_10: 261 case READ_12: 262 case READ_16: 263 case READ_BUFFER: 264 case READ_DEFECT_DATA: 265 case READ_CAPACITY: /* also GPCMD_READ_CDVD_CAPACITY */ 266 case READ_LONG: 267 case INQUIRY: 268 case MODE_SENSE: 269 case MODE_SENSE_10: 270 case LOG_SENSE: 271 case START_STOP: 272 case GPCMD_VERIFY_10: 273 case VERIFY_16: 274 case REPORT_LUNS: 275 case SERVICE_ACTION_IN_16: 276 case RECEIVE_DIAGNOSTIC: 277 case MAINTENANCE_IN: /* also GPCMD_SEND_KEY, which is a write command */ 278 case GPCMD_READ_BUFFER_CAPACITY: 279 /* Audio CD commands */ 280 case GPCMD_PLAY_CD: 281 case GPCMD_PLAY_AUDIO_10: 282 case GPCMD_PLAY_AUDIO_MSF: 283 case GPCMD_PLAY_AUDIO_TI: 284 case GPCMD_PAUSE_RESUME: 285 /* CD/DVD data reading */ 286 case GPCMD_READ_CD: 287 case GPCMD_READ_CD_MSF: 288 case GPCMD_READ_DISC_INFO: 289 case GPCMD_READ_DVD_STRUCTURE: 290 case GPCMD_READ_HEADER: 291 case GPCMD_READ_TRACK_RZONE_INFO: 292 case GPCMD_READ_SUBCHANNEL: 293 case GPCMD_READ_TOC_PMA_ATIP: 294 case GPCMD_REPORT_KEY: 295 case GPCMD_SCAN: 296 case GPCMD_GET_CONFIGURATION: 297 case GPCMD_READ_FORMAT_CAPACITIES: 298 case GPCMD_GET_EVENT_STATUS_NOTIFICATION: 299 case GPCMD_GET_PERFORMANCE: 300 case GPCMD_SEEK: 301 case GPCMD_STOP_PLAY_SCAN: 302 /* ZBC */ 303 case ZBC_IN: 304 return true; 305 /* Basic writing commands */ 306 case WRITE_6: 307 case WRITE_10: 308 case WRITE_VERIFY: 309 case WRITE_12: 310 case WRITE_VERIFY_12: 311 case WRITE_16: 312 case WRITE_LONG: 313 case WRITE_LONG_2: 314 case WRITE_SAME: 315 case WRITE_SAME_16: 316 case WRITE_SAME_32: 317 case ERASE: 318 case GPCMD_MODE_SELECT_10: 319 case MODE_SELECT: 320 case LOG_SELECT: 321 case GPCMD_BLANK: 322 case GPCMD_CLOSE_TRACK: 323 case GPCMD_FLUSH_CACHE: 324 case GPCMD_FORMAT_UNIT: 325 case GPCMD_REPAIR_RZONE_TRACK: 326 case GPCMD_RESERVE_RZONE_TRACK: 327 case GPCMD_SEND_DVD_STRUCTURE: 328 case GPCMD_SEND_EVENT: 329 case GPCMD_SEND_OPC: 330 case GPCMD_SEND_CUE_SHEET: 331 case GPCMD_SET_SPEED: 332 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL: 333 case GPCMD_LOAD_UNLOAD: 334 case GPCMD_SET_STREAMING: 335 case GPCMD_SET_READ_AHEAD: 336 /* ZBC */ 337 case ZBC_OUT: 338 return (mode & FMODE_WRITE); 339 default: 340 return false; 341 } 342 } 343 EXPORT_SYMBOL(scsi_cmd_allowed); 344 345 static int scsi_fill_sghdr_rq(struct scsi_device *sdev, struct request *rq, 346 struct sg_io_hdr *hdr, fmode_t mode) 347 { 348 struct scsi_cmnd *scmd = blk_mq_rq_to_pdu(rq); 349 350 if (hdr->cmd_len < 6) 351 return -EMSGSIZE; 352 if (copy_from_user(scmd->cmnd, hdr->cmdp, hdr->cmd_len)) 353 return -EFAULT; 354 if (!scsi_cmd_allowed(scmd->cmnd, mode)) 355 return -EPERM; 356 scmd->cmd_len = hdr->cmd_len; 357 358 rq->timeout = msecs_to_jiffies(hdr->timeout); 359 if (!rq->timeout) 360 rq->timeout = sdev->sg_timeout; 361 if (!rq->timeout) 362 rq->timeout = BLK_DEFAULT_SG_TIMEOUT; 363 if (rq->timeout < BLK_MIN_SG_TIMEOUT) 364 rq->timeout = BLK_MIN_SG_TIMEOUT; 365 366 return 0; 367 } 368 369 static int scsi_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr, 370 struct bio *bio) 371 { 372 struct scsi_cmnd *scmd = blk_mq_rq_to_pdu(rq); 373 int r, ret = 0; 374 375 /* 376 * fill in all the output members 377 */ 378 hdr->status = scmd->result & 0xff; 379 hdr->masked_status = sg_status_byte(scmd->result); 380 hdr->msg_status = COMMAND_COMPLETE; 381 hdr->host_status = host_byte(scmd->result); 382 hdr->driver_status = 0; 383 if (scsi_status_is_check_condition(hdr->status)) 384 hdr->driver_status = DRIVER_SENSE; 385 hdr->info = 0; 386 if (hdr->masked_status || hdr->host_status || hdr->driver_status) 387 hdr->info |= SG_INFO_CHECK; 388 hdr->resid = scmd->resid_len; 389 hdr->sb_len_wr = 0; 390 391 if (scmd->sense_len && hdr->sbp) { 392 int len = min((unsigned int) hdr->mx_sb_len, scmd->sense_len); 393 394 if (!copy_to_user(hdr->sbp, scmd->sense_buffer, len)) 395 hdr->sb_len_wr = len; 396 else 397 ret = -EFAULT; 398 } 399 400 r = blk_rq_unmap_user(bio); 401 if (!ret) 402 ret = r; 403 404 return ret; 405 } 406 407 static int sg_io(struct scsi_device *sdev, struct sg_io_hdr *hdr, fmode_t mode) 408 { 409 unsigned long start_time; 410 ssize_t ret = 0; 411 int writing = 0; 412 int at_head = 0; 413 struct request *rq; 414 struct scsi_cmnd *scmd; 415 struct bio *bio; 416 417 if (hdr->interface_id != 'S') 418 return -EINVAL; 419 420 if (hdr->dxfer_len > (queue_max_hw_sectors(sdev->request_queue) << 9)) 421 return -EIO; 422 423 if (hdr->dxfer_len) 424 switch (hdr->dxfer_direction) { 425 default: 426 return -EINVAL; 427 case SG_DXFER_TO_DEV: 428 writing = 1; 429 break; 430 case SG_DXFER_TO_FROM_DEV: 431 case SG_DXFER_FROM_DEV: 432 break; 433 } 434 if (hdr->flags & SG_FLAG_Q_AT_HEAD) 435 at_head = 1; 436 437 rq = scsi_alloc_request(sdev->request_queue, writing ? 438 REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0); 439 if (IS_ERR(rq)) 440 return PTR_ERR(rq); 441 scmd = blk_mq_rq_to_pdu(rq); 442 443 if (hdr->cmd_len > sizeof(scmd->cmnd)) { 444 ret = -EINVAL; 445 goto out_put_request; 446 } 447 448 ret = scsi_fill_sghdr_rq(sdev, rq, hdr, mode); 449 if (ret < 0) 450 goto out_put_request; 451 452 ret = blk_rq_map_user_io(rq, NULL, hdr->dxferp, hdr->dxfer_len, 453 GFP_KERNEL, hdr->iovec_count && hdr->dxfer_len, 454 hdr->iovec_count, 0, rq_data_dir(rq)); 455 if (ret) 456 goto out_put_request; 457 458 bio = rq->bio; 459 scmd->allowed = 0; 460 461 start_time = jiffies; 462 463 blk_execute_rq(rq, at_head); 464 465 hdr->duration = jiffies_to_msecs(jiffies - start_time); 466 467 ret = scsi_complete_sghdr_rq(rq, hdr, bio); 468 469 out_put_request: 470 blk_mq_free_request(rq); 471 return ret; 472 } 473 474 /** 475 * sg_scsi_ioctl -- handle deprecated SCSI_IOCTL_SEND_COMMAND ioctl 476 * @q: request queue to send scsi commands down 477 * @mode: mode used to open the file through which the ioctl has been 478 * submitted 479 * @sic: userspace structure describing the command to perform 480 * 481 * Send down the scsi command described by @sic to the device below 482 * the request queue @q. 483 * 484 * Notes: 485 * - This interface is deprecated - users should use the SG_IO 486 * interface instead, as this is a more flexible approach to 487 * performing SCSI commands on a device. 488 * - The SCSI command length is determined by examining the 1st byte 489 * of the given command. There is no way to override this. 490 * - Data transfers are limited to PAGE_SIZE 491 * - The length (x + y) must be at least OMAX_SB_LEN bytes long to 492 * accommodate the sense buffer when an error occurs. 493 * The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that 494 * old code will not be surprised. 495 * - If a Unix error occurs (e.g. ENOMEM) then the user will receive 496 * a negative return and the Unix error code in 'errno'. 497 * If the SCSI command succeeds then 0 is returned. 498 * Positive numbers returned are the compacted SCSI error codes (4 499 * bytes in one int) where the lowest byte is the SCSI status. 500 */ 501 static int sg_scsi_ioctl(struct request_queue *q, fmode_t mode, 502 struct scsi_ioctl_command __user *sic) 503 { 504 struct request *rq; 505 int err; 506 unsigned int in_len, out_len, bytes, opcode, cmdlen; 507 struct scsi_cmnd *scmd; 508 char *buffer = NULL; 509 510 if (!sic) 511 return -EINVAL; 512 513 /* 514 * get in an out lengths, verify they don't exceed a page worth of data 515 */ 516 if (get_user(in_len, &sic->inlen)) 517 return -EFAULT; 518 if (get_user(out_len, &sic->outlen)) 519 return -EFAULT; 520 if (in_len > PAGE_SIZE || out_len > PAGE_SIZE) 521 return -EINVAL; 522 if (get_user(opcode, &sic->data[0])) 523 return -EFAULT; 524 525 bytes = max(in_len, out_len); 526 if (bytes) { 527 buffer = kzalloc(bytes, GFP_NOIO | GFP_USER | __GFP_NOWARN); 528 if (!buffer) 529 return -ENOMEM; 530 531 } 532 533 rq = scsi_alloc_request(q, in_len ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0); 534 if (IS_ERR(rq)) { 535 err = PTR_ERR(rq); 536 goto error_free_buffer; 537 } 538 scmd = blk_mq_rq_to_pdu(rq); 539 540 cmdlen = COMMAND_SIZE(opcode); 541 542 /* 543 * get command and data to send to device, if any 544 */ 545 err = -EFAULT; 546 scmd->cmd_len = cmdlen; 547 if (copy_from_user(scmd->cmnd, sic->data, cmdlen)) 548 goto error; 549 550 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) 551 goto error; 552 553 err = -EPERM; 554 if (!scsi_cmd_allowed(scmd->cmnd, mode)) 555 goto error; 556 557 /* default. possible overridden later */ 558 scmd->allowed = 5; 559 560 switch (opcode) { 561 case SEND_DIAGNOSTIC: 562 case FORMAT_UNIT: 563 rq->timeout = FORMAT_UNIT_TIMEOUT; 564 scmd->allowed = 1; 565 break; 566 case START_STOP: 567 rq->timeout = START_STOP_TIMEOUT; 568 break; 569 case MOVE_MEDIUM: 570 rq->timeout = MOVE_MEDIUM_TIMEOUT; 571 break; 572 case READ_ELEMENT_STATUS: 573 rq->timeout = READ_ELEMENT_STATUS_TIMEOUT; 574 break; 575 case READ_DEFECT_DATA: 576 rq->timeout = READ_DEFECT_DATA_TIMEOUT; 577 scmd->allowed = 1; 578 break; 579 default: 580 rq->timeout = BLK_DEFAULT_SG_TIMEOUT; 581 break; 582 } 583 584 if (bytes) { 585 err = blk_rq_map_kern(q, rq, buffer, bytes, GFP_NOIO); 586 if (err) 587 goto error; 588 } 589 590 blk_execute_rq(rq, false); 591 592 err = scmd->result & 0xff; /* only 8 bit SCSI status */ 593 if (err) { 594 if (scmd->sense_len && scmd->sense_buffer) { 595 /* limit sense len for backward compatibility */ 596 if (copy_to_user(sic->data, scmd->sense_buffer, 597 min(scmd->sense_len, 16U))) 598 err = -EFAULT; 599 } 600 } else { 601 if (copy_to_user(sic->data, buffer, out_len)) 602 err = -EFAULT; 603 } 604 605 error: 606 blk_mq_free_request(rq); 607 608 error_free_buffer: 609 kfree(buffer); 610 611 return err; 612 } 613 614 int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp) 615 { 616 #ifdef CONFIG_COMPAT 617 if (in_compat_syscall()) { 618 struct compat_sg_io_hdr hdr32 = { 619 .interface_id = hdr->interface_id, 620 .dxfer_direction = hdr->dxfer_direction, 621 .cmd_len = hdr->cmd_len, 622 .mx_sb_len = hdr->mx_sb_len, 623 .iovec_count = hdr->iovec_count, 624 .dxfer_len = hdr->dxfer_len, 625 .dxferp = (uintptr_t)hdr->dxferp, 626 .cmdp = (uintptr_t)hdr->cmdp, 627 .sbp = (uintptr_t)hdr->sbp, 628 .timeout = hdr->timeout, 629 .flags = hdr->flags, 630 .pack_id = hdr->pack_id, 631 .usr_ptr = (uintptr_t)hdr->usr_ptr, 632 .status = hdr->status, 633 .masked_status = hdr->masked_status, 634 .msg_status = hdr->msg_status, 635 .sb_len_wr = hdr->sb_len_wr, 636 .host_status = hdr->host_status, 637 .driver_status = hdr->driver_status, 638 .resid = hdr->resid, 639 .duration = hdr->duration, 640 .info = hdr->info, 641 }; 642 643 if (copy_to_user(argp, &hdr32, sizeof(hdr32))) 644 return -EFAULT; 645 646 return 0; 647 } 648 #endif 649 650 if (copy_to_user(argp, hdr, sizeof(*hdr))) 651 return -EFAULT; 652 653 return 0; 654 } 655 EXPORT_SYMBOL(put_sg_io_hdr); 656 657 int get_sg_io_hdr(struct sg_io_hdr *hdr, const void __user *argp) 658 { 659 #ifdef CONFIG_COMPAT 660 struct compat_sg_io_hdr hdr32; 661 662 if (in_compat_syscall()) { 663 if (copy_from_user(&hdr32, argp, sizeof(hdr32))) 664 return -EFAULT; 665 666 *hdr = (struct sg_io_hdr) { 667 .interface_id = hdr32.interface_id, 668 .dxfer_direction = hdr32.dxfer_direction, 669 .cmd_len = hdr32.cmd_len, 670 .mx_sb_len = hdr32.mx_sb_len, 671 .iovec_count = hdr32.iovec_count, 672 .dxfer_len = hdr32.dxfer_len, 673 .dxferp = compat_ptr(hdr32.dxferp), 674 .cmdp = compat_ptr(hdr32.cmdp), 675 .sbp = compat_ptr(hdr32.sbp), 676 .timeout = hdr32.timeout, 677 .flags = hdr32.flags, 678 .pack_id = hdr32.pack_id, 679 .usr_ptr = compat_ptr(hdr32.usr_ptr), 680 .status = hdr32.status, 681 .masked_status = hdr32.masked_status, 682 .msg_status = hdr32.msg_status, 683 .sb_len_wr = hdr32.sb_len_wr, 684 .host_status = hdr32.host_status, 685 .driver_status = hdr32.driver_status, 686 .resid = hdr32.resid, 687 .duration = hdr32.duration, 688 .info = hdr32.info, 689 }; 690 691 return 0; 692 } 693 #endif 694 695 if (copy_from_user(hdr, argp, sizeof(*hdr))) 696 return -EFAULT; 697 698 return 0; 699 } 700 EXPORT_SYMBOL(get_sg_io_hdr); 701 702 #ifdef CONFIG_COMPAT 703 struct compat_cdrom_generic_command { 704 unsigned char cmd[CDROM_PACKET_SIZE]; 705 compat_caddr_t buffer; 706 compat_uint_t buflen; 707 compat_int_t stat; 708 compat_caddr_t sense; 709 unsigned char data_direction; 710 unsigned char pad[3]; 711 compat_int_t quiet; 712 compat_int_t timeout; 713 compat_caddr_t unused; 714 }; 715 #endif 716 717 static int scsi_get_cdrom_generic_arg(struct cdrom_generic_command *cgc, 718 const void __user *arg) 719 { 720 #ifdef CONFIG_COMPAT 721 if (in_compat_syscall()) { 722 struct compat_cdrom_generic_command cgc32; 723 724 if (copy_from_user(&cgc32, arg, sizeof(cgc32))) 725 return -EFAULT; 726 727 *cgc = (struct cdrom_generic_command) { 728 .buffer = compat_ptr(cgc32.buffer), 729 .buflen = cgc32.buflen, 730 .stat = cgc32.stat, 731 .sense = compat_ptr(cgc32.sense), 732 .data_direction = cgc32.data_direction, 733 .quiet = cgc32.quiet, 734 .timeout = cgc32.timeout, 735 .unused = compat_ptr(cgc32.unused), 736 }; 737 memcpy(&cgc->cmd, &cgc32.cmd, CDROM_PACKET_SIZE); 738 return 0; 739 } 740 #endif 741 if (copy_from_user(cgc, arg, sizeof(*cgc))) 742 return -EFAULT; 743 744 return 0; 745 } 746 747 static int scsi_put_cdrom_generic_arg(const struct cdrom_generic_command *cgc, 748 void __user *arg) 749 { 750 #ifdef CONFIG_COMPAT 751 if (in_compat_syscall()) { 752 struct compat_cdrom_generic_command cgc32 = { 753 .buffer = (uintptr_t)(cgc->buffer), 754 .buflen = cgc->buflen, 755 .stat = cgc->stat, 756 .sense = (uintptr_t)(cgc->sense), 757 .data_direction = cgc->data_direction, 758 .quiet = cgc->quiet, 759 .timeout = cgc->timeout, 760 .unused = (uintptr_t)(cgc->unused), 761 }; 762 memcpy(&cgc32.cmd, &cgc->cmd, CDROM_PACKET_SIZE); 763 764 if (copy_to_user(arg, &cgc32, sizeof(cgc32))) 765 return -EFAULT; 766 767 return 0; 768 } 769 #endif 770 if (copy_to_user(arg, cgc, sizeof(*cgc))) 771 return -EFAULT; 772 773 return 0; 774 } 775 776 static int scsi_cdrom_send_packet(struct scsi_device *sdev, fmode_t mode, 777 void __user *arg) 778 { 779 struct cdrom_generic_command cgc; 780 struct sg_io_hdr hdr; 781 int err; 782 783 err = scsi_get_cdrom_generic_arg(&cgc, arg); 784 if (err) 785 return err; 786 787 cgc.timeout = clock_t_to_jiffies(cgc.timeout); 788 memset(&hdr, 0, sizeof(hdr)); 789 hdr.interface_id = 'S'; 790 hdr.cmd_len = sizeof(cgc.cmd); 791 hdr.dxfer_len = cgc.buflen; 792 switch (cgc.data_direction) { 793 case CGC_DATA_UNKNOWN: 794 hdr.dxfer_direction = SG_DXFER_UNKNOWN; 795 break; 796 case CGC_DATA_WRITE: 797 hdr.dxfer_direction = SG_DXFER_TO_DEV; 798 break; 799 case CGC_DATA_READ: 800 hdr.dxfer_direction = SG_DXFER_FROM_DEV; 801 break; 802 case CGC_DATA_NONE: 803 hdr.dxfer_direction = SG_DXFER_NONE; 804 break; 805 default: 806 return -EINVAL; 807 } 808 809 hdr.dxferp = cgc.buffer; 810 hdr.sbp = cgc.sense; 811 if (hdr.sbp) 812 hdr.mx_sb_len = sizeof(struct request_sense); 813 hdr.timeout = jiffies_to_msecs(cgc.timeout); 814 hdr.cmdp = ((struct cdrom_generic_command __user *) arg)->cmd; 815 hdr.cmd_len = sizeof(cgc.cmd); 816 817 err = sg_io(sdev, &hdr, mode); 818 if (err == -EFAULT) 819 return -EFAULT; 820 821 if (hdr.status) 822 return -EIO; 823 824 cgc.stat = err; 825 cgc.buflen = hdr.resid; 826 if (scsi_put_cdrom_generic_arg(&cgc, arg)) 827 return -EFAULT; 828 829 return err; 830 } 831 832 static int scsi_ioctl_sg_io(struct scsi_device *sdev, fmode_t mode, 833 void __user *argp) 834 { 835 struct sg_io_hdr hdr; 836 int error; 837 838 error = get_sg_io_hdr(&hdr, argp); 839 if (error) 840 return error; 841 error = sg_io(sdev, &hdr, mode); 842 if (error == -EFAULT) 843 return error; 844 if (put_sg_io_hdr(&hdr, argp)) 845 return -EFAULT; 846 return error; 847 } 848 849 /** 850 * scsi_ioctl - Dispatch ioctl to scsi device 851 * @sdev: scsi device receiving ioctl 852 * @mode: mode the block/char device is opened with 853 * @cmd: which ioctl is it 854 * @arg: data associated with ioctl 855 * 856 * Description: The scsi_ioctl() function differs from most ioctls in that it 857 * does not take a major/minor number as the dev field. Rather, it takes 858 * a pointer to a &struct scsi_device. 859 */ 860 int scsi_ioctl(struct scsi_device *sdev, fmode_t mode, int cmd, 861 void __user *arg) 862 { 863 struct request_queue *q = sdev->request_queue; 864 struct scsi_sense_hdr sense_hdr; 865 866 /* Check for deprecated ioctls ... all the ioctls which don't 867 * follow the new unique numbering scheme are deprecated */ 868 switch (cmd) { 869 case SCSI_IOCTL_SEND_COMMAND: 870 case SCSI_IOCTL_TEST_UNIT_READY: 871 case SCSI_IOCTL_BENCHMARK_COMMAND: 872 case SCSI_IOCTL_SYNC: 873 case SCSI_IOCTL_START_UNIT: 874 case SCSI_IOCTL_STOP_UNIT: 875 printk(KERN_WARNING "program %s is using a deprecated SCSI " 876 "ioctl, please convert it to SG_IO\n", current->comm); 877 break; 878 default: 879 break; 880 } 881 882 switch (cmd) { 883 case SG_GET_VERSION_NUM: 884 return sg_get_version(arg); 885 case SG_SET_TIMEOUT: 886 return sg_set_timeout(sdev, arg); 887 case SG_GET_TIMEOUT: 888 return jiffies_to_clock_t(sdev->sg_timeout); 889 case SG_GET_RESERVED_SIZE: 890 return sg_get_reserved_size(sdev, arg); 891 case SG_SET_RESERVED_SIZE: 892 return sg_set_reserved_size(sdev, arg); 893 case SG_EMULATED_HOST: 894 return sg_emulated_host(q, arg); 895 case SG_IO: 896 return scsi_ioctl_sg_io(sdev, mode, arg); 897 case SCSI_IOCTL_SEND_COMMAND: 898 return sg_scsi_ioctl(q, mode, arg); 899 case CDROM_SEND_PACKET: 900 return scsi_cdrom_send_packet(sdev, mode, arg); 901 case CDROMCLOSETRAY: 902 return scsi_send_start_stop(sdev, 3); 903 case CDROMEJECT: 904 return scsi_send_start_stop(sdev, 2); 905 case SCSI_IOCTL_GET_IDLUN: 906 return scsi_get_idlun(sdev, arg); 907 case SCSI_IOCTL_GET_BUS_NUMBER: 908 return put_user(sdev->host->host_no, (int __user *)arg); 909 case SCSI_IOCTL_PROBE_HOST: 910 return ioctl_probe(sdev->host, arg); 911 case SCSI_IOCTL_DOORLOCK: 912 return scsi_set_medium_removal(sdev, SCSI_REMOVAL_PREVENT); 913 case SCSI_IOCTL_DOORUNLOCK: 914 return scsi_set_medium_removal(sdev, SCSI_REMOVAL_ALLOW); 915 case SCSI_IOCTL_TEST_UNIT_READY: 916 return scsi_test_unit_ready(sdev, IOCTL_NORMAL_TIMEOUT, 917 NORMAL_RETRIES, &sense_hdr); 918 case SCSI_IOCTL_START_UNIT: 919 return scsi_send_start_stop(sdev, 1); 920 case SCSI_IOCTL_STOP_UNIT: 921 return scsi_send_start_stop(sdev, 0); 922 case SCSI_IOCTL_GET_PCI: 923 return scsi_ioctl_get_pci(sdev, arg); 924 case SG_SCSI_RESET: 925 return scsi_ioctl_reset(sdev, arg); 926 } 927 928 #ifdef CONFIG_COMPAT 929 if (in_compat_syscall()) { 930 if (!sdev->host->hostt->compat_ioctl) 931 return -EINVAL; 932 return sdev->host->hostt->compat_ioctl(sdev, cmd, arg); 933 } 934 #endif 935 if (!sdev->host->hostt->ioctl) 936 return -EINVAL; 937 return sdev->host->hostt->ioctl(sdev, cmd, arg); 938 } 939 EXPORT_SYMBOL(scsi_ioctl); 940 941 /* 942 * We can process a reset even when a device isn't fully operable. 943 */ 944 int scsi_ioctl_block_when_processing_errors(struct scsi_device *sdev, int cmd, 945 bool ndelay) 946 { 947 if (cmd == SG_SCSI_RESET && ndelay) { 948 if (scsi_host_in_recovery(sdev->host)) 949 return -EAGAIN; 950 } else { 951 if (!scsi_block_when_processing_errors(sdev)) 952 return -ENODEV; 953 } 954 955 return 0; 956 } 957 EXPORT_SYMBOL_GPL(scsi_ioctl_block_when_processing_errors); 958