search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic()
[drm/drm-misc.git] / drivers / scsi / scsi_ioctl.c
blob6f6c5973c3ea95d91af230689084b68e6a8d3f32
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Changes:
4 * Arnaldo Carvalho de Melo <acme@conectiva.com.br> 08/23/2000
5 * - get rid of some verify_areas and use __copy*user and __get/put_user
6 * for the ones that remain
7 */
8 #include <linux/module.h>
9 #include <linux/blkdev.h>
10 #include <linux/interrupt.h>
11 #include <linux/errno.h>
12 #include <linux/kernel.h>
13 #include <linux/sched.h>
14 #include <linux/mm.h>
15 #include <linux/string.h>
16 #include <linux/uaccess.h>
17 #include <linux/cdrom.h>
18
19 #include <scsi/scsi.h>
20 #include <scsi/scsi_cmnd.h>
21 #include <scsi/scsi_device.h>
22 #include <scsi/scsi_eh.h>
23 #include <scsi/scsi_host.h>
24 #include <scsi/scsi_ioctl.h>
25 #include <scsi/sg.h>
26 #include <scsi/scsi_dbg.h>
27
28 #include "scsi_logging.h"
29
30 #define NORMAL_RETRIES 5
31 #define IOCTL_NORMAL_TIMEOUT (10 * HZ)
32
33 #define MAX_BUF PAGE_SIZE
34
35 /**
36 * ioctl_probe -- return host identification
37 * @host: host to identify
38 * @buffer: userspace buffer for identification
39 *
40 * Return an identifying string at @buffer, if @buffer is non-NULL, filling
41 * to the length stored at * (int *) @buffer.
42 */
43 static int ioctl_probe(struct Scsi_Host *host, void __user *buffer)
44 {
45 unsigned int len, slen;
46 const char *string;
47
48 if (buffer) {
49 if (get_user(len, (unsigned int __user *) buffer))
50 return -EFAULT;
51
52 if (host->hostt->info)
53 string = host->hostt->info(host);
54 else
55 string = host->hostt->name;
56 if (string) {
57 slen = strlen(string);
58 if (len > slen)
59 len = slen + 1;
60 if (copy_to_user(buffer, string, len))
61 return -EFAULT;
62 }
63 }
64 return 1;
65 }
66
67 static int ioctl_internal_command(struct scsi_device *sdev, char *cmd,
68 int timeout, int retries)
69 {
70 int result;
71 struct scsi_sense_hdr sshdr;
72 const struct scsi_exec_args exec_args = {
73 .sshdr = &sshdr,
74 };
75
76 SCSI_LOG_IOCTL(1, sdev_printk(KERN_INFO, sdev,
77 "Trying ioctl with scsi command %d\n", *cmd));
78
79 result = scsi_execute_cmd(sdev, cmd, REQ_OP_DRV_IN, NULL, 0, timeout,
80 retries, &exec_args);
81
82 SCSI_LOG_IOCTL(2, sdev_printk(KERN_INFO, sdev,
83 "Ioctl returned 0x%x\n", result));
84
85 if (result < 0)
86 goto out;
87 if (scsi_sense_valid(&sshdr)) {
88 switch (sshdr.sense_key) {
89 case ILLEGAL_REQUEST:
90 if (cmd[0] == ALLOW_MEDIUM_REMOVAL)
91 sdev->lockable = 0;
92 else
93 sdev_printk(KERN_INFO, sdev,
94 "ioctl_internal_command: "
95 "ILLEGAL REQUEST "
96 "asc=0x%x ascq=0x%x\n",
97 sshdr.asc, sshdr.ascq);
98 break;
99 case NOT_READY: /* This happens if there is no disc in drive */
100 if (sdev->removable)
101 break;
102 fallthrough;
103 case UNIT_ATTENTION:
104 if (sdev->removable) {
105 sdev->changed = 1;
106 result = 0; /* This is no longer considered an error */
107 break;
108 }
109 fallthrough; /* for non-removable media */
110 default:
111 sdev_printk(KERN_INFO, sdev,
112 "ioctl_internal_command return code = %x\n",
113 result);
114 scsi_print_sense_hdr(sdev, NULL, &sshdr);
115 break;
116 }
117 }
118 out:
119 SCSI_LOG_IOCTL(2, sdev_printk(KERN_INFO, sdev,
120 "IOCTL Releasing command\n"));
121 return result;
122 }
123
124 int scsi_set_medium_removal(struct scsi_device *sdev, char state)
125 {
126 char scsi_cmd[MAX_COMMAND_SIZE];
127 int ret;
128
129 if (!sdev->removable || !sdev->lockable)
130 return 0;
131
132 scsi_cmd[0] = ALLOW_MEDIUM_REMOVAL;
133 scsi_cmd[1] = 0;
134 scsi_cmd[2] = 0;
135 scsi_cmd[3] = 0;
136 scsi_cmd[4] = state;
137 scsi_cmd[5] = 0;
138
139 ret = ioctl_internal_command(sdev, scsi_cmd,
140 IOCTL_NORMAL_TIMEOUT, NORMAL_RETRIES);
141 if (ret == 0)
142 sdev->locked = (state == SCSI_REMOVAL_PREVENT);
143 return ret;
144 }
145 EXPORT_SYMBOL(scsi_set_medium_removal);
146
147 /*
148 * The scsi_ioctl_get_pci() function places into arg the value
149 * pci_dev::slot_name (8 characters) for the PCI device (if any).
150 * Returns: 0 on success
151 * -ENXIO if there isn't a PCI device pointer
152 * (could be because the SCSI driver hasn't been
153 * updated yet, or because it isn't a SCSI
154 * device)
155 * any copy_to_user() error on failure there
156 */
157 static int scsi_ioctl_get_pci(struct scsi_device *sdev, void __user *arg)
158 {
159 struct device *dev = scsi_get_device(sdev->host);
160 const char *name;
161
162 if (!dev)
163 return -ENXIO;
164
165 name = dev_name(dev);
166
167 /* compatibility with old ioctl which only returned
168 * 20 characters */
169 return copy_to_user(arg, name, min(strlen(name), (size_t)20))
170 ? -EFAULT: 0;
171 }
172
173 static int sg_get_version(int __user *p)
174 {
175 static const int sg_version_num = 30527;
176 return put_user(sg_version_num, p);
177 }
178
179 static int sg_set_timeout(struct scsi_device *sdev, int __user *p)
180 {
181 int timeout, err = get_user(timeout, p);
182
183 if (!err)
184 sdev->sg_timeout = clock_t_to_jiffies(timeout);
185
186 return err;
187 }
188
189 static int sg_get_reserved_size(struct scsi_device *sdev, int __user *p)
190 {
191 int val = min(sdev->sg_reserved_size,
192 queue_max_bytes(sdev->request_queue));
193
194 return put_user(val, p);
195 }
196
197 static int sg_set_reserved_size(struct scsi_device *sdev, int __user *p)
198 {
199 int size, err = get_user(size, p);
200
201 if (err)
202 return err;
203
204 if (size < 0)
205 return -EINVAL;
206
207 sdev->sg_reserved_size = min_t(unsigned int, size,
208 queue_max_bytes(sdev->request_queue));
209 return 0;
210 }
211
212 /*
213 * will always return that we are ATAPI even for a real SCSI drive, I'm not
214 * so sure this is worth doing anything about (why would you care??)
215 */
216 static int sg_emulated_host(struct request_queue *q, int __user *p)
217 {
218 return put_user(1, p);
219 }
220
221 static int scsi_get_idlun(struct scsi_device *sdev, void __user *argp)
222 {
223 struct scsi_idlun v = {
224 .dev_id = (sdev->id & 0xff) +
225 ((sdev->lun & 0xff) << 8) +
226 ((sdev->channel & 0xff) << 16) +
227 ((sdev->host->host_no & 0xff) << 24),
228 .host_unique_id = sdev->host->unique_id
229 };
230 if (copy_to_user(argp, &v, sizeof(struct scsi_idlun)))
231 return -EFAULT;
232 return 0;
233 }
234
235 static int scsi_send_start_stop(struct scsi_device *sdev, int data)
236 {
237 u8 cdb[MAX_COMMAND_SIZE] = { };
238
239 cdb[0] = START_STOP;
240 cdb[4] = data;
241 return ioctl_internal_command(sdev, cdb, START_STOP_TIMEOUT,
242 NORMAL_RETRIES);
243 }
244
245 /*
246 * Check if the given command is allowed.
247 *
248 * Only a subset of commands are allowed for unprivileged users. Commands used
249 * to format the media, update the firmware, etc. are not permitted.
250 */
251 bool scsi_cmd_allowed(unsigned char *cmd, bool open_for_write)
252 {
253 /* root can do any command. */
254 if (capable(CAP_SYS_RAWIO))
255 return true;
256
257 /* Anybody who can open the device can do a read-safe command */
258 switch (cmd[0]) {
259 /* Basic read-only commands */
260 case TEST_UNIT_READY:
261 case REQUEST_SENSE:
262 case READ_6:
263 case READ_10:
264 case READ_12:
265 case READ_16:
266 case READ_BUFFER:
267 case READ_DEFECT_DATA:
268 case READ_CAPACITY: /* also GPCMD_READ_CDVD_CAPACITY */
269 case READ_LONG:
270 case INQUIRY:
271 case MODE_SENSE:
272 case MODE_SENSE_10:
273 case LOG_SENSE:
274 case START_STOP:
275 case GPCMD_VERIFY_10:
276 case VERIFY_16:
277 case REPORT_LUNS:
278 case SERVICE_ACTION_IN_16:
279 case RECEIVE_DIAGNOSTIC:
280 case MAINTENANCE_IN: /* also GPCMD_SEND_KEY, which is a write command */
281 case GPCMD_READ_BUFFER_CAPACITY:
282 /* Audio CD commands */
283 case GPCMD_PLAY_CD:
284 case GPCMD_PLAY_AUDIO_10:
285 case GPCMD_PLAY_AUDIO_MSF:
286 case GPCMD_PLAY_AUDIO_TI:
287 case GPCMD_PAUSE_RESUME:
288 /* CD/DVD data reading */
289 case GPCMD_READ_CD:
290 case GPCMD_READ_CD_MSF:
291 case GPCMD_READ_DISC_INFO:
292 case GPCMD_READ_DVD_STRUCTURE:
293 case GPCMD_READ_HEADER:
294 case GPCMD_READ_TRACK_RZONE_INFO:
295 case GPCMD_READ_SUBCHANNEL:
296 case GPCMD_READ_TOC_PMA_ATIP:
297 case GPCMD_REPORT_KEY:
298 case GPCMD_SCAN:
299 case GPCMD_GET_CONFIGURATION:
300 case GPCMD_READ_FORMAT_CAPACITIES:
301 case GPCMD_GET_EVENT_STATUS_NOTIFICATION:
302 case GPCMD_GET_PERFORMANCE:
303 case GPCMD_SEEK:
304 case GPCMD_STOP_PLAY_SCAN:
305 /* ZBC */
306 case ZBC_IN:
307 return true;
308 /* Basic writing commands */
309 case WRITE_6:
310 case WRITE_10:
311 case WRITE_VERIFY:
312 case WRITE_12:
313 case WRITE_VERIFY_12:
314 case WRITE_16:
315 case WRITE_LONG:
316 case WRITE_LONG_2:
317 case WRITE_SAME:
318 case WRITE_SAME_16:
319 case WRITE_SAME_32:
320 case ERASE:
321 case GPCMD_MODE_SELECT_10:
322 case MODE_SELECT:
323 case LOG_SELECT:
324 case GPCMD_BLANK:
325 case GPCMD_CLOSE_TRACK:
326 case GPCMD_FLUSH_CACHE:
327 case GPCMD_FORMAT_UNIT:
328 case GPCMD_REPAIR_RZONE_TRACK:
329 case GPCMD_RESERVE_RZONE_TRACK:
330 case GPCMD_SEND_DVD_STRUCTURE:
331 case GPCMD_SEND_EVENT:
332 case GPCMD_SEND_OPC:
333 case GPCMD_SEND_CUE_SHEET:
334 case GPCMD_SET_SPEED:
335 case GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL:
336 case GPCMD_LOAD_UNLOAD:
337 case GPCMD_SET_STREAMING:
338 case GPCMD_SET_READ_AHEAD:
339 /* ZBC */
340 case ZBC_OUT:
341 return open_for_write;
342 default:
343 return false;
344 }
345 }
346 EXPORT_SYMBOL(scsi_cmd_allowed);
347
348 static int scsi_fill_sghdr_rq(struct scsi_device *sdev, struct request *rq,
349 struct sg_io_hdr *hdr, bool open_for_write)
350 {
351 struct scsi_cmnd *scmd = blk_mq_rq_to_pdu(rq);
352
353 if (hdr->cmd_len < 6)
354 return -EMSGSIZE;
355 if (copy_from_user(scmd->cmnd, hdr->cmdp, hdr->cmd_len))
356 return -EFAULT;
357 if (!scsi_cmd_allowed(scmd->cmnd, open_for_write))
358 return -EPERM;
359 scmd->cmd_len = hdr->cmd_len;
360
361 rq->timeout = msecs_to_jiffies(hdr->timeout);
362 if (!rq->timeout)
363 rq->timeout = sdev->sg_timeout;
364 if (!rq->timeout)
365 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
366 if (rq->timeout < BLK_MIN_SG_TIMEOUT)
367 rq->timeout = BLK_MIN_SG_TIMEOUT;
368
369 return 0;
370 }
371
372 static int scsi_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr,
373 struct bio *bio)
374 {
375 struct scsi_cmnd *scmd = blk_mq_rq_to_pdu(rq);
376 int r, ret = 0;
377
378 /*
379 * fill in all the output members
380 */
381 hdr->status = scmd->result & 0xff;
382 hdr->masked_status = sg_status_byte(scmd->result);
383 hdr->msg_status = COMMAND_COMPLETE;
384 hdr->host_status = host_byte(scmd->result);
385 hdr->driver_status = 0;
386 if (scsi_status_is_check_condition(hdr->status))
387 hdr->driver_status = DRIVER_SENSE;
388 hdr->info = 0;
389 if (hdr->masked_status || hdr->host_status || hdr->driver_status)
390 hdr->info |= SG_INFO_CHECK;
391 hdr->resid = scmd->resid_len;
392 hdr->sb_len_wr = 0;
393
394 if (scmd->sense_len && hdr->sbp) {
395 int len = min((unsigned int) hdr->mx_sb_len, scmd->sense_len);
396
397 if (!copy_to_user(hdr->sbp, scmd->sense_buffer, len))
398 hdr->sb_len_wr = len;
399 else
400 ret = -EFAULT;
401 }
402
403 r = blk_rq_unmap_user(bio);
404 if (!ret)
405 ret = r;
406
407 return ret;
408 }
409
410 static int sg_io(struct scsi_device *sdev, struct sg_io_hdr *hdr,
411 bool open_for_write)
412 {
413 unsigned long start_time;
414 ssize_t ret = 0;
415 int writing = 0;
416 int at_head = 0;
417 struct request *rq;
418 struct scsi_cmnd *scmd;
419 struct bio *bio;
420
421 if (hdr->interface_id != 'S')
422 return -EINVAL;
423
424 if (hdr->dxfer_len > (queue_max_hw_sectors(sdev->request_queue) << 9))
425 return -EIO;
426
427 if (hdr->dxfer_len)
428 switch (hdr->dxfer_direction) {
429 default:
430 return -EINVAL;
431 case SG_DXFER_TO_DEV:
432 writing = 1;
433 break;
434 case SG_DXFER_TO_FROM_DEV:
435 case SG_DXFER_FROM_DEV:
436 break;
437 }
438 if (hdr->flags & SG_FLAG_Q_AT_HEAD)
439 at_head = 1;
440
441 rq = scsi_alloc_request(sdev->request_queue, writing ?
442 REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);
443 if (IS_ERR(rq))
444 return PTR_ERR(rq);
445 scmd = blk_mq_rq_to_pdu(rq);
446
447 if (hdr->cmd_len > sizeof(scmd->cmnd)) {
448 ret = -EINVAL;
449 goto out_put_request;
450 }
451
452 ret = scsi_fill_sghdr_rq(sdev, rq, hdr, open_for_write);
453 if (ret < 0)
454 goto out_put_request;
455
456 ret = blk_rq_map_user_io(rq, NULL, hdr->dxferp, hdr->dxfer_len,
457 GFP_KERNEL, hdr->iovec_count && hdr->dxfer_len,
458 hdr->iovec_count, 0, rq_data_dir(rq));
459 if (ret)
460 goto out_put_request;
461
462 bio = rq->bio;
463 scmd->allowed = 0;
464
465 start_time = jiffies;
466
467 blk_execute_rq(rq, at_head);
468
469 hdr->duration = jiffies_to_msecs(jiffies - start_time);
470
471 ret = scsi_complete_sghdr_rq(rq, hdr, bio);
472
473 out_put_request:
474 blk_mq_free_request(rq);
475 return ret;
476 }
477
478 /**
479 * sg_scsi_ioctl -- handle deprecated SCSI_IOCTL_SEND_COMMAND ioctl
480 * @q: request queue to send scsi commands down
481 * @open_for_write: is the file / block device opened for writing?
482 * @sic: userspace structure describing the command to perform
483 *
484 * Send down the scsi command described by @sic to the device below
485 * the request queue @q.
486 *
487 * Notes:
488 * - This interface is deprecated - users should use the SG_IO
489 * interface instead, as this is a more flexible approach to
490 * performing SCSI commands on a device.
491 * - The SCSI command length is determined by examining the 1st byte
492 * of the given command. There is no way to override this.
493 * - Data transfers are limited to PAGE_SIZE
494 * - The length (x + y) must be at least OMAX_SB_LEN bytes long to
495 * accommodate the sense buffer when an error occurs.
496 * The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that
497 * old code will not be surprised.
498 * - If a Unix error occurs (e.g. ENOMEM) then the user will receive
499 * a negative return and the Unix error code in 'errno'.
500 * If the SCSI command succeeds then 0 is returned.
501 * Positive numbers returned are the compacted SCSI error codes (4
502 * bytes in one int) where the lowest byte is the SCSI status.
503 */
504 static int sg_scsi_ioctl(struct request_queue *q, bool open_for_write,
505 struct scsi_ioctl_command __user *sic)
506 {
507 struct request *rq;
508 int err;
509 unsigned int in_len, out_len, bytes, opcode, cmdlen;
510 struct scsi_cmnd *scmd;
511 char *buffer = NULL;
512
513 if (!sic)
514 return -EINVAL;
515
516 /*
517 * get in an out lengths, verify they don't exceed a page worth of data
518 */
519 if (get_user(in_len, &sic->inlen))
520 return -EFAULT;
521 if (get_user(out_len, &sic->outlen))
522 return -EFAULT;
523 if (in_len > PAGE_SIZE || out_len > PAGE_SIZE)
524 return -EINVAL;
525 if (get_user(opcode, &sic->data[0]))
526 return -EFAULT;
527
528 bytes = max(in_len, out_len);
529 if (bytes) {
530 buffer = kzalloc(bytes, GFP_NOIO | GFP_USER | __GFP_NOWARN);
531 if (!buffer)
532 return -ENOMEM;
533
534 }
535
536 rq = scsi_alloc_request(q, in_len ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);
537 if (IS_ERR(rq)) {
538 err = PTR_ERR(rq);
539 goto error_free_buffer;
540 }
541 scmd = blk_mq_rq_to_pdu(rq);
542
543 cmdlen = COMMAND_SIZE(opcode);
544
545 /*
546 * get command and data to send to device, if any
547 */
548 err = -EFAULT;
549 scmd->cmd_len = cmdlen;
550 if (copy_from_user(scmd->cmnd, sic->data, cmdlen))
551 goto error;
552
553 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
554 goto error;
555
556 err = -EPERM;
557 if (!scsi_cmd_allowed(scmd->cmnd, open_for_write))
558 goto error;
559
560 /* default. possible overridden later */
561 scmd->allowed = 5;
562
563 switch (opcode) {
564 case SEND_DIAGNOSTIC:
565 case FORMAT_UNIT:
566 rq->timeout = FORMAT_UNIT_TIMEOUT;
567 scmd->allowed = 1;
568 break;
569 case START_STOP:
570 rq->timeout = START_STOP_TIMEOUT;
571 break;
572 case MOVE_MEDIUM:
573 rq->timeout = MOVE_MEDIUM_TIMEOUT;
574 break;
575 case READ_ELEMENT_STATUS:
576 rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;
577 break;
578 case READ_DEFECT_DATA:
579 rq->timeout = READ_DEFECT_DATA_TIMEOUT;
580 scmd->allowed = 1;
581 break;
582 default:
583 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
584 break;
585 }
586
587 if (bytes) {
588 err = blk_rq_map_kern(q, rq, buffer, bytes, GFP_NOIO);
589 if (err)
590 goto error;
591 }
592
593 blk_execute_rq(rq, false);
594
595 err = scmd->result & 0xff; /* only 8 bit SCSI status */
596 if (err) {
597 if (scmd->sense_len && scmd->sense_buffer) {
598 /* limit sense len for backward compatibility */
599 if (copy_to_user(sic->data, scmd->sense_buffer,
600 min(scmd->sense_len, 16U)))
601 err = -EFAULT;
602 }
603 } else {
604 if (copy_to_user(sic->data, buffer, out_len))
605 err = -EFAULT;
606 }
607
608 error:
609 blk_mq_free_request(rq);
610
611 error_free_buffer:
612 kfree(buffer);
613
614 return err;
615 }
616
617 int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp)
618 {
619 #ifdef CONFIG_COMPAT
620 if (in_compat_syscall()) {
621 struct compat_sg_io_hdr hdr32 = {
622 .interface_id = hdr->interface_id,
623 .dxfer_direction = hdr->dxfer_direction,
624 .cmd_len = hdr->cmd_len,
625 .mx_sb_len = hdr->mx_sb_len,
626 .iovec_count = hdr->iovec_count,
627 .dxfer_len = hdr->dxfer_len,
628 .dxferp = (uintptr_t)hdr->dxferp,
629 .cmdp = (uintptr_t)hdr->cmdp,
630 .sbp = (uintptr_t)hdr->sbp,
631 .timeout = hdr->timeout,
632 .flags = hdr->flags,
633 .pack_id = hdr->pack_id,
634 .usr_ptr = (uintptr_t)hdr->usr_ptr,
635 .status = hdr->status,
636 .masked_status = hdr->masked_status,
637 .msg_status = hdr->msg_status,
638 .sb_len_wr = hdr->sb_len_wr,
639 .host_status = hdr->host_status,
640 .driver_status = hdr->driver_status,
641 .resid = hdr->resid,
642 .duration = hdr->duration,
643 .info = hdr->info,
644 };
645
646 if (copy_to_user(argp, &hdr32, sizeof(hdr32)))
647 return -EFAULT;
648
649 return 0;
650 }
651 #endif
652
653 if (copy_to_user(argp, hdr, sizeof(*hdr)))
654 return -EFAULT;
655
656 return 0;
657 }
658 EXPORT_SYMBOL(put_sg_io_hdr);
659
660 int get_sg_io_hdr(struct sg_io_hdr *hdr, const void __user *argp)
661 {
662 #ifdef CONFIG_COMPAT
663 struct compat_sg_io_hdr hdr32;
664
665 if (in_compat_syscall()) {
666 if (copy_from_user(&hdr32, argp, sizeof(hdr32)))
667 return -EFAULT;
668
669 *hdr = (struct sg_io_hdr) {
670 .interface_id = hdr32.interface_id,
671 .dxfer_direction = hdr32.dxfer_direction,
672 .cmd_len = hdr32.cmd_len,
673 .mx_sb_len = hdr32.mx_sb_len,
674 .iovec_count = hdr32.iovec_count,
675 .dxfer_len = hdr32.dxfer_len,
676 .dxferp = compat_ptr(hdr32.dxferp),
677 .cmdp = compat_ptr(hdr32.cmdp),
678 .sbp = compat_ptr(hdr32.sbp),
679 .timeout = hdr32.timeout,
680 .flags = hdr32.flags,
681 .pack_id = hdr32.pack_id,
682 .usr_ptr = compat_ptr(hdr32.usr_ptr),
683 .status = hdr32.status,
684 .masked_status = hdr32.masked_status,
685 .msg_status = hdr32.msg_status,
686 .sb_len_wr = hdr32.sb_len_wr,
687 .host_status = hdr32.host_status,
688 .driver_status = hdr32.driver_status,
689 .resid = hdr32.resid,
690 .duration = hdr32.duration,
691 .info = hdr32.info,
692 };
693
694 return 0;
695 }
696 #endif
697
698 if (copy_from_user(hdr, argp, sizeof(*hdr)))
699 return -EFAULT;
700
701 return 0;
702 }
703 EXPORT_SYMBOL(get_sg_io_hdr);
704
705 #ifdef CONFIG_COMPAT
706 struct compat_cdrom_generic_command {
707 unsigned char cmd[CDROM_PACKET_SIZE];
708 compat_caddr_t buffer;
709 compat_uint_t buflen;
710 compat_int_t stat;
711 compat_caddr_t sense;
712 unsigned char data_direction;
713 unsigned char pad[3];
714 compat_int_t quiet;
715 compat_int_t timeout;
716 compat_caddr_t unused;
717 };
718 #endif
719
720 static int scsi_get_cdrom_generic_arg(struct cdrom_generic_command *cgc,
721 const void __user *arg)
722 {
723 #ifdef CONFIG_COMPAT
724 if (in_compat_syscall()) {
725 struct compat_cdrom_generic_command cgc32;
726
727 if (copy_from_user(&cgc32, arg, sizeof(cgc32)))
728 return -EFAULT;
729
730 *cgc = (struct cdrom_generic_command) {
731 .buffer = compat_ptr(cgc32.buffer),
732 .buflen = cgc32.buflen,
733 .stat = cgc32.stat,
734 .sense = compat_ptr(cgc32.sense),
735 .data_direction = cgc32.data_direction,
736 .quiet = cgc32.quiet,
737 .timeout = cgc32.timeout,
738 .unused = compat_ptr(cgc32.unused),
739 };
740 memcpy(&cgc->cmd, &cgc32.cmd, CDROM_PACKET_SIZE);
741 return 0;
742 }
743 #endif
744 if (copy_from_user(cgc, arg, sizeof(*cgc)))
745 return -EFAULT;
746
747 return 0;
748 }
749
750 static int scsi_put_cdrom_generic_arg(const struct cdrom_generic_command *cgc,
751 void __user *arg)
752 {
753 #ifdef CONFIG_COMPAT
754 if (in_compat_syscall()) {
755 struct compat_cdrom_generic_command cgc32 = {
756 .buffer = (uintptr_t)(cgc->buffer),
757 .buflen = cgc->buflen,
758 .stat = cgc->stat,
759 .sense = (uintptr_t)(cgc->sense),
760 .data_direction = cgc->data_direction,
761 .quiet = cgc->quiet,
762 .timeout = cgc->timeout,
763 .unused = (uintptr_t)(cgc->unused),
764 };
765 memcpy(&cgc32.cmd, &cgc->cmd, CDROM_PACKET_SIZE);
766
767 if (copy_to_user(arg, &cgc32, sizeof(cgc32)))
768 return -EFAULT;
769
770 return 0;
771 }
772 #endif
773 if (copy_to_user(arg, cgc, sizeof(*cgc)))
774 return -EFAULT;
775
776 return 0;
777 }
778
779 static int scsi_cdrom_send_packet(struct scsi_device *sdev, bool open_for_write,
780 void __user *arg)
781 {
782 struct cdrom_generic_command cgc;
783 struct sg_io_hdr hdr;
784 int err;
785
786 err = scsi_get_cdrom_generic_arg(&cgc, arg);
787 if (err)
788 return err;
789
790 cgc.timeout = clock_t_to_jiffies(cgc.timeout);
791 memset(&hdr, 0, sizeof(hdr));
792 hdr.interface_id = 'S';
793 hdr.cmd_len = sizeof(cgc.cmd);
794 hdr.dxfer_len = cgc.buflen;
795 switch (cgc.data_direction) {
796 case CGC_DATA_UNKNOWN:
797 hdr.dxfer_direction = SG_DXFER_UNKNOWN;
798 break;
799 case CGC_DATA_WRITE:
800 hdr.dxfer_direction = SG_DXFER_TO_DEV;
801 break;
802 case CGC_DATA_READ:
803 hdr.dxfer_direction = SG_DXFER_FROM_DEV;
804 break;
805 case CGC_DATA_NONE:
806 hdr.dxfer_direction = SG_DXFER_NONE;
807 break;
808 default:
809 return -EINVAL;
810 }
811
812 hdr.dxferp = cgc.buffer;
813 hdr.sbp = cgc.sense;
814 if (hdr.sbp)
815 hdr.mx_sb_len = sizeof(struct request_sense);
816 hdr.timeout = jiffies_to_msecs(cgc.timeout);
817 hdr.cmdp = ((struct cdrom_generic_command __user *) arg)->cmd;
818 hdr.cmd_len = sizeof(cgc.cmd);
819
820 err = sg_io(sdev, &hdr, open_for_write);
821 if (err == -EFAULT)
822 return -EFAULT;
823
824 if (hdr.status)
825 return -EIO;
826
827 cgc.stat = err;
828 cgc.buflen = hdr.resid;
829 if (scsi_put_cdrom_generic_arg(&cgc, arg))
830 return -EFAULT;
831
832 return err;
833 }
834
835 static int scsi_ioctl_sg_io(struct scsi_device *sdev, bool open_for_write,
836 void __user *argp)
837 {
838 struct sg_io_hdr hdr;
839 int error;
840
841 error = get_sg_io_hdr(&hdr, argp);
842 if (error)
843 return error;
844 error = sg_io(sdev, &hdr, open_for_write);
845 if (error == -EFAULT)
846 return error;
847 if (put_sg_io_hdr(&hdr, argp))
848 return -EFAULT;
849 return error;
850 }
851
852 /**
853 * scsi_ioctl - Dispatch ioctl to scsi device
854 * @sdev: scsi device receiving ioctl
855 * @open_for_write: is the file / block device opened for writing?
856 * @cmd: which ioctl is it
857 * @arg: data associated with ioctl
858 *
859 * Description: The scsi_ioctl() function differs from most ioctls in that it
860 * does not take a major/minor number as the dev field. Rather, it takes
861 * a pointer to a &struct scsi_device.
862 */
863 int scsi_ioctl(struct scsi_device *sdev, bool open_for_write, int cmd,
864 void __user *arg)
865 {
866 struct request_queue *q = sdev->request_queue;
867 struct scsi_sense_hdr sense_hdr;
868
869 /* Check for deprecated ioctls ... all the ioctls which don't
870 * follow the new unique numbering scheme are deprecated */
871 switch (cmd) {
872 case SCSI_IOCTL_SEND_COMMAND:
873 case SCSI_IOCTL_TEST_UNIT_READY:
874 case SCSI_IOCTL_BENCHMARK_COMMAND:
875 case SCSI_IOCTL_SYNC:
876 case SCSI_IOCTL_START_UNIT:
877 case SCSI_IOCTL_STOP_UNIT:
878 printk(KERN_WARNING "program %s is using a deprecated SCSI "
879 "ioctl, please convert it to SG_IO\n", current->comm);
880 break;
881 default:
882 break;
883 }
884
885 switch (cmd) {
886 case SG_GET_VERSION_NUM:
887 return sg_get_version(arg);
888 case SG_SET_TIMEOUT:
889 return sg_set_timeout(sdev, arg);
890 case SG_GET_TIMEOUT:
891 return jiffies_to_clock_t(sdev->sg_timeout);
892 case SG_GET_RESERVED_SIZE:
893 return sg_get_reserved_size(sdev, arg);
894 case SG_SET_RESERVED_SIZE:
895 return sg_set_reserved_size(sdev, arg);
896 case SG_EMULATED_HOST:
897 return sg_emulated_host(q, arg);
898 case SG_IO:
899 return scsi_ioctl_sg_io(sdev, open_for_write, arg);
900 case SCSI_IOCTL_SEND_COMMAND:
901 return sg_scsi_ioctl(q, open_for_write, arg);
902 case CDROM_SEND_PACKET:
903 return scsi_cdrom_send_packet(sdev, open_for_write, arg);
904 case CDROMCLOSETRAY:
905 return scsi_send_start_stop(sdev, 3);
906 case CDROMEJECT:
907 return scsi_send_start_stop(sdev, 2);
908 case SCSI_IOCTL_GET_IDLUN:
909 return scsi_get_idlun(sdev, arg);
910 case SCSI_IOCTL_GET_BUS_NUMBER:
911 return put_user(sdev->host->host_no, (int __user *)arg);
912 case SCSI_IOCTL_PROBE_HOST:
913 return ioctl_probe(sdev->host, arg);
914 case SCSI_IOCTL_DOORLOCK:
915 return scsi_set_medium_removal(sdev, SCSI_REMOVAL_PREVENT);
916 case SCSI_IOCTL_DOORUNLOCK:
917 return scsi_set_medium_removal(sdev, SCSI_REMOVAL_ALLOW);
918 case SCSI_IOCTL_TEST_UNIT_READY:
919 return scsi_test_unit_ready(sdev, IOCTL_NORMAL_TIMEOUT,
920 NORMAL_RETRIES, &sense_hdr);
921 case SCSI_IOCTL_START_UNIT:
922 return scsi_send_start_stop(sdev, 1);
923 case SCSI_IOCTL_STOP_UNIT:
924 return scsi_send_start_stop(sdev, 0);
925 case SCSI_IOCTL_GET_PCI:
926 return scsi_ioctl_get_pci(sdev, arg);
927 case SG_SCSI_RESET:
928 return scsi_ioctl_reset(sdev, arg);
929 }
930
931 #ifdef CONFIG_COMPAT
932 if (in_compat_syscall()) {
933 if (!sdev->host->hostt->compat_ioctl)
934 return -EINVAL;
935 return sdev->host->hostt->compat_ioctl(sdev, cmd, arg);
936 }
937 #endif
938 if (!sdev->host->hostt->ioctl)
939 return -EINVAL;
940 return sdev->host->hostt->ioctl(sdev, cmd, arg);
941 }
942 EXPORT_SYMBOL(scsi_ioctl);
943
944 /*
945 * We can process a reset even when a device isn't fully operable.
946 */
947 int scsi_ioctl_block_when_processing_errors(struct scsi_device *sdev, int cmd,
948 bool ndelay)
949 {
950 if (cmd == SG_SCSI_RESET && ndelay) {
951 if (scsi_host_in_recovery(sdev->host))
952 return -EAGAIN;
953 } else {
954 if (!scsi_block_when_processing_errors(sdev))
955 return -ENODEV;
956 }
957
958 return 0;
959 }
960 EXPORT_SYMBOL_GPL(scsi_ioctl_block_when_processing_errors);
Kernel DRM miscellaneous fixes and cross-tree changes