vfs: check userland buffers before reading them.
[haiku.git] / src / add-ons / kernel / bus_managers / scsi / devices.cpp
blob1b760af8bdb79a5c7609c0f975bf53ad72665e63
1 /*
2 * Copyright 2004-2006, Haiku, Inc. All RightsReserved.
3 * Copyright 2002/03, Thomas Kurschel. All rights reserved.
5 * Distributed under the terms of the MIT License.
6 */
8 /*
9 Device node layer.
11 When a SCSI bus is registered, this layer scans for SCSI devices
12 and registers a node for each of them. Peripheral drivers are on
13 top of these nodes.
16 #include "scsi_internal.h"
18 #include <string.h>
19 #include <stdlib.h>
20 #include <stdio.h>
22 #include <algorithm>
25 /** free autosense request of device */
27 static void
28 scsi_free_autosense_request(scsi_device_info *device)
30 SHOW_FLOW0( 3, "" );
32 if (device->auto_sense_request != NULL) {
33 scsi_free_ccb(device->auto_sense_request);
34 device->auto_sense_request = NULL;
37 if (device->auto_sense_area > 0) {
38 delete_area(device->auto_sense_area);
39 device->auto_sense_area = 0;
44 /** free all data of device */
46 static void
47 scsi_free_device(scsi_device_info *device)
49 SHOW_FLOW0( 3, "" );
51 scsi_free_emulation_buffer(device);
52 scsi_free_autosense_request(device);
54 unregister_kernel_daemon(scsi_dma_buffer_daemon, device);
56 scsi_dma_buffer_free(&device->dma_buffer);
58 DELETE_BEN(&device->dma_buffer_lock);
59 delete_sem(device->dma_buffer_owner);
61 free(device);
65 /** copy string src without trailing zero to dst and remove trailing
66 * spaces size of dst is dst_size, size of src is dst_size-1
69 static void
70 beautify_string(char *dst, char *src, int dst_size)
72 int i;
74 memcpy(dst, src, dst_size - 1);
76 for (i = dst_size - 2; i >= 0; --i) {
77 if (dst[i] != ' ')
78 break;
81 dst[i + 1] = 0;
85 /** register new device */
87 status_t
88 scsi_register_device(scsi_bus_info *bus, uchar target_id,
89 uchar target_lun, scsi_res_inquiry *inquiry_data)
91 bool is_atapi, manual_autosense;
92 uint32 orig_max_blocks, max_blocks;
94 SHOW_FLOW0( 3, "" );
96 // ask for restrictions
97 bus->interface->get_restrictions(bus->sim_cookie,
98 target_id, &is_atapi, &manual_autosense, &max_blocks);
99 if (target_lun != 0)
100 dprintf("WARNING: SCSI target %d lun %d getting restrictions without lun\n",
101 target_id, target_lun);
103 // find maximum transfer blocks
104 // set default value to max (need something like ULONG_MAX here)
105 orig_max_blocks = ~0;
106 pnp->get_attr_uint32(bus->node, B_DMA_MAX_TRANSFER_BLOCKS, &orig_max_blocks,
107 true);
109 max_blocks = std::min(max_blocks, orig_max_blocks);
112 char vendor_ident[sizeof( inquiry_data->vendor_ident ) + 1];
113 char product_ident[sizeof( inquiry_data->product_ident ) + 1];
114 char product_rev[sizeof( inquiry_data->product_rev ) + 1];
115 device_attr attrs[] = {
116 // connection
117 { SCSI_DEVICE_TARGET_ID_ITEM, B_UINT8_TYPE, { ui8: target_id }},
118 { SCSI_DEVICE_TARGET_LUN_ITEM, B_UINT8_TYPE, { ui8: target_lun }},
120 // inquiry data (used for both identification and information)
121 { SCSI_DEVICE_INQUIRY_ITEM, B_RAW_TYPE,
122 { raw: { inquiry_data, sizeof( *inquiry_data ) }}},
124 // some more info for driver loading
125 { SCSI_DEVICE_TYPE_ITEM, B_UINT8_TYPE, { ui8: inquiry_data->device_type }},
126 { SCSI_DEVICE_VENDOR_ITEM, B_STRING_TYPE, { string: vendor_ident }},
127 { SCSI_DEVICE_PRODUCT_ITEM, B_STRING_TYPE, { string: product_ident }},
128 { SCSI_DEVICE_REVISION_ITEM, B_STRING_TYPE, { string: product_rev }},
130 // description of peripheral drivers
131 { B_DEVICE_BUS, B_STRING_TYPE, { string: "scsi" }},
133 // extra restriction of maximum number of blocks per transfer
134 { B_DMA_MAX_TRANSFER_BLOCKS, B_UINT32_TYPE, { ui32: max_blocks }},
136 // atapi emulation
137 { SCSI_DEVICE_IS_ATAPI_ITEM, B_UINT8_TYPE, { ui8: is_atapi }},
138 // manual autosense
139 { SCSI_DEVICE_MANUAL_AUTOSENSE_ITEM, B_UINT8_TYPE, { ui8: manual_autosense }},
140 { NULL }
143 beautify_string(vendor_ident, inquiry_data->vendor_ident, sizeof(vendor_ident));
144 beautify_string(product_ident, inquiry_data->product_ident, sizeof(product_ident));
145 beautify_string(product_rev, inquiry_data->product_rev, sizeof(product_rev));
147 return pnp->register_node(bus->node, SCSI_DEVICE_MODULE_NAME, attrs,
148 NULL, NULL);
151 return B_OK;
155 // create data structure for a device
156 static scsi_device_info *
157 scsi_create_device(device_node *node, scsi_bus_info *bus,
158 int target_id, int target_lun)
160 scsi_device_info *device;
162 SHOW_FLOW0( 3, "" );
164 device = (scsi_device_info *)malloc(sizeof(*device));
165 if (device == NULL)
166 return NULL;
168 memset(device, 0, sizeof(*device));
170 device->lock_count = device->blocked[0] = device->blocked[1] = 0;
171 device->sim_overflow = 0;
172 device->queued_reqs = NULL;
173 device->bus = bus;
174 device->target_id = target_id;
175 device->target_lun = target_lun;
176 device->valid = true;
177 device->node = node;
179 scsi_dma_buffer_init(&device->dma_buffer);
181 if (INIT_BEN(&device->dma_buffer_lock, "dma_buffer") < 0)
182 goto err;
184 device->dma_buffer_owner = create_sem(1, "dma_buffer");
185 if (device->dma_buffer_owner < 0)
186 goto err2;
188 register_kernel_daemon(scsi_dma_buffer_daemon, device, 5 * 10);
190 return device;
192 err2:
193 DELETE_BEN(&device->dma_buffer_lock);
194 err:
195 free(device);
196 return NULL;
200 /** prepare autosense request.
201 * this cannot be done on demand but during init as we may
202 * have run out of ccbs when we need it
205 static status_t
206 scsi_create_autosense_request(scsi_device_info *device)
208 scsi_ccb *request;
209 unsigned char *buffer;
210 scsi_cmd_request_sense *cmd;
211 size_t total_size;
213 SHOW_FLOW0( 3, "" );
215 device->auto_sense_request = request = scsi_alloc_ccb(device);
216 if (device->auto_sense_request == NULL)
217 return B_NO_MEMORY;
219 total_size = SCSI_MAX_SENSE_SIZE + sizeof(physical_entry);
220 total_size = (total_size + B_PAGE_SIZE - 1) & ~(B_PAGE_SIZE - 1);
222 // allocate buffer for space sense data and S/G list
223 device->auto_sense_area = create_area("auto_sense", (void**)&buffer,
224 B_ANY_KERNEL_ADDRESS, B_PAGE_SIZE, B_32_BIT_FULL_LOCK, 0);
225 // TODO: Use B_FULL_LOCK, if addresses >= 4 GB are supported!
226 if (device->auto_sense_area < 0)
227 goto err;
229 request->data = buffer;
230 request->data_length = SCSI_MAX_SENSE_SIZE;
231 request->sg_list = (physical_entry *)(buffer + SCSI_MAX_SENSE_SIZE);
232 request->sg_count = 1;
234 get_memory_map(buffer, SCSI_MAX_SENSE_SIZE,
235 (physical_entry *)request->sg_list, 1);
237 // disable auto-autosense, just in case;
238 // make sure no other request overtakes sense request;
239 // buffer is/must be DMA safe as we cannot risk trouble with
240 // dynamically allocated DMA buffer
241 request->flags = SCSI_DIR_IN | SCSI_DIS_AUTOSENSE |
242 SCSI_ORDERED_QTAG | SCSI_DMA_SAFE;
244 cmd = (scsi_cmd_request_sense *)request->cdb;
245 request->cdb_length = sizeof(*cmd);
247 memset(cmd, 0, sizeof(*cmd));
248 cmd->opcode = SCSI_OP_REQUEST_SENSE;
249 cmd->lun = device->target_lun;
250 cmd->allocation_length = SCSI_MAX_SENSE_SIZE;
252 return B_OK;
254 err:
255 scsi_free_ccb(request);
256 return B_NO_MEMORY;
260 #define SET_BIT(field, bit) field[(bit) >> 3] |= 1 << ((bit) & 7)
262 static status_t
263 scsi_init_device(device_node *node, void **cookie)
265 const scsi_res_inquiry *inquiry_data = NULL;
266 uint8 target_id, target_lun, path_id;
267 scsi_bus_info *bus;
268 scsi_device_info *device;
269 status_t res;
270 size_t inquiry_data_len;
271 uint8 is_atapi, manual_autosense;
273 SHOW_FLOW0(3, "");
275 if (pnp->get_attr_uint8( node, SCSI_DEVICE_TARGET_ID_ITEM, &target_id, false) != B_OK
276 || pnp->get_attr_uint8( node, SCSI_DEVICE_TARGET_LUN_ITEM, &target_lun, false) != B_OK
277 || pnp->get_attr_uint8( node, SCSI_DEVICE_IS_ATAPI_ITEM, &is_atapi, false) != B_OK
278 || pnp->get_attr_uint8( node, SCSI_DEVICE_MANUAL_AUTOSENSE_ITEM, &manual_autosense, false) != B_OK
279 || pnp->get_attr_raw( node, SCSI_DEVICE_INQUIRY_ITEM,
280 (const void **)&inquiry_data, &inquiry_data_len, false) != B_OK
281 || inquiry_data_len != sizeof(*inquiry_data)) {
282 return B_ERROR;
286 device_node *parent = pnp->get_parent_node(node);
287 pnp->get_driver(parent, NULL, (void **)&bus);
288 pnp->put_node(parent);
291 device = scsi_create_device(node, bus, target_id, target_lun);
292 if (device == NULL)
293 return B_NO_MEMORY;
295 // never mind if there is no path - it might be an emulated controller
296 path_id = (uint8)-1;
298 pnp->get_attr_uint8(node, SCSI_BUS_PATH_ID_ITEM, &path_id, true);
300 device->inquiry_data = *inquiry_data;
302 // save restrictions
303 device->is_atapi = is_atapi;
304 device->manual_autosense = manual_autosense;
306 // size of device queue must be detected by trial and error, so
307 // we start with a really high number and see when the device chokes
308 device->total_slots = 4096;
310 // disable queuing if bus doesn't support it
311 if ((bus->inquiry_data.hba_inquiry & SCSI_PI_TAG_ABLE) == 0)
312 device->total_slots = 1;
314 // if there is no autosense, disable queuing to make sure autosense is
315 // not overtaken by other requests
316 if (device->manual_autosense)
317 device->total_slots = 1;
319 device->left_slots = device->total_slots;
321 // get autosense request if required
322 if (device->manual_autosense) {
323 if (scsi_create_autosense_request(device) != B_OK) {
324 res = B_NO_MEMORY;
325 goto err;
329 // if this is an ATAPI device, we need an emulation buffer
330 if (scsi_init_emulation_buffer(device, SCSI_ATAPI_BUFFER_SIZE) != B_OK) {
331 res = B_NO_MEMORY;
332 goto err;
335 memset(device->emulation_map, 0, sizeof(device->emulation_map));
337 if (device->is_atapi) {
338 SET_BIT(device->emulation_map, SCSI_OP_READ_6);
339 SET_BIT(device->emulation_map, SCSI_OP_WRITE_6);
340 SET_BIT(device->emulation_map, SCSI_OP_MODE_SENSE_6);
341 SET_BIT(device->emulation_map, SCSI_OP_MODE_SELECT_6);
342 SET_BIT(device->emulation_map, SCSI_OP_INQUIRY);
345 *cookie = device;
346 return B_OK;
348 err:
349 scsi_free_device(device);
350 return res;
354 static void
355 scsi_uninit_device(scsi_device_info *device)
357 SHOW_FLOW0(3, "");
359 scsi_free_device(device);
363 static void
364 scsi_device_removed(scsi_device_info *device)
366 SHOW_FLOW0(3, "");
368 if (device == NULL)
369 return;
371 // this must be atomic as no lock is used
372 device->valid = false;
376 /** get device info; create a temporary one if it's not registered
377 * (used during detection)
378 * on success, scan_lun_lock of bus is hold
381 status_t
382 scsi_force_get_device(scsi_bus_info *bus, uchar target_id,
383 uchar target_lun, scsi_device_info **res_device)
385 device_attr attrs[] = {
386 { SCSI_DEVICE_TARGET_ID_ITEM, B_UINT8_TYPE, { ui8: target_id }},
387 { SCSI_DEVICE_TARGET_LUN_ITEM, B_UINT8_TYPE, { ui8: target_lun }},
388 { NULL }
390 device_node *node;
391 status_t res;
392 driver_module_info *driver_interface;
393 scsi_device device;
395 SHOW_FLOW0(3, "");
397 // very important: only one can use a forced device to avoid double detection
398 acquire_sem(bus->scan_lun_lock);
400 // check whether device registered already
401 node = NULL;
402 pnp->get_next_child_node(bus->node, attrs, &node);
404 SHOW_FLOW(3, "%p", node);
406 if (node != NULL) {
407 // TODO: have a second look a this one!
408 // there is one - get it
409 res = pnp->get_driver(node, &driver_interface, (void **)&device);
410 if (res != B_OK)
411 pnp->put_node(node);
412 } else {
413 // device doesn't exist yet - create a temporary one
414 device = scsi_create_device(NULL, bus, target_id, target_lun);
415 if (device == NULL)
416 res = B_NO_MEMORY;
417 else
418 res = B_OK;
421 *res_device = device;
423 if (res != B_OK)
424 release_sem(bus->scan_lun_lock);
426 return res;
430 /** cleanup device received from scsi_force_get_device
431 * on return, scan_lun_lock of bus is released
434 void
435 scsi_put_forced_device(scsi_device_info *device)
437 scsi_bus_info *bus = device->bus;
439 SHOW_FLOW0(3, "");
441 if (device->node != NULL) {
442 // device is registered
443 pnp->put_node(device->node);
444 } else {
445 // device is temporary
446 scsi_free_device(device);
449 release_sem(bus->scan_lun_lock);
453 static uchar
454 scsi_reset_device(scsi_device_info *device)
456 SHOW_FLOW0(3, "");
458 if (device->node == NULL)
459 return SCSI_DEV_NOT_THERE;
461 return device->bus->interface->reset_device(device->bus->sim_cookie,
462 device->target_id, device->target_lun);
466 static status_t
467 scsi_ioctl(scsi_device_info *device, uint32 op, void *buffer, size_t length)
469 if (device->bus->interface->ioctl != NULL) {
470 return device->bus->interface->ioctl(device->bus->sim_cookie,
471 device->target_id, op, buffer, length);
474 return B_DEV_INVALID_IOCTL;
478 static status_t
479 std_ops(int32 op, ...)
481 switch (op) {
482 case B_MODULE_INIT:
484 // Link to SCSI bus.
485 // SCSI device driver must have SCSI bus loaded, but it calls its functions
486 // directly instead via official interface, so this pointer is never read.
487 module_info *dummy;
488 return get_module(SCSI_BUS_MODULE_NAME, &dummy);
490 case B_MODULE_UNINIT:
491 return put_module(SCSI_BUS_MODULE_NAME);
493 default:
494 return B_ERROR;
499 scsi_device_interface scsi_device_module = {
502 SCSI_DEVICE_MODULE_NAME,
504 std_ops
507 NULL, // supported devices
508 NULL, // register node
509 scsi_init_device,
510 (void (*)(void *)) scsi_uninit_device,
511 NULL, // register child devices
512 NULL, // rescan
513 (void (*)(void *)) scsi_device_removed
516 scsi_alloc_ccb,
517 scsi_free_ccb,
519 scsi_async_io,
520 scsi_sync_io,
521 scsi_abort,
522 scsi_reset_device,
523 scsi_term_io,
524 scsi_ioctl,