search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
bpf: Prevent memory disambiguation attack
[linux/fpc-iii.git] / drivers / usb / storage / scsiglue.c
blobc267f2812a046db0920670e3834a8dbb472f534d
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Driver for USB Mass Storage compliant devices
4 * SCSI layer glue code
5 *
6 * Current development and maintenance by:
7 * (c) 1999-2002 Matthew Dharm (mdharm-usb@one-eyed-alien.net)
8 *
9 * Developed with the assistance of:
10 * (c) 2000 David L. Brown, Jr. (usb-storage@davidb.org)
11 * (c) 2000 Stephen J. Gowdy (SGowdy@lbl.gov)
12 *
13 * Initial work by:
14 * (c) 1999 Michael Gee (michael@linuxspecific.com)
15 *
16 * This driver is based on the 'USB Mass Storage Class' document. This
17 * describes in detail the protocol used to communicate with such
18 * devices. Clearly, the designers had SCSI and ATAPI commands in
19 * mind when they created this document. The commands are all very
20 * similar to commands in the SCSI-II and ATAPI specifications.
21 *
22 * It is important to note that in a number of cases this class
23 * exhibits class-specific exemptions from the USB specification.
24 * Notably the usage of NAK, STALL and ACK differs from the norm, in
25 * that they are used to communicate wait, failed and OK on commands.
26 *
27 * Also, for certain devices, the interrupt endpoint is used to convey
28 * status of a command.
29 */
30
31 #include <linux/module.h>
32 #include <linux/mutex.h>
33
34 #include <scsi/scsi.h>
35 #include <scsi/scsi_cmnd.h>
36 #include <scsi/scsi_devinfo.h>
37 #include <scsi/scsi_device.h>
38 #include <scsi/scsi_eh.h>
39
40 #include "usb.h"
41 #include "scsiglue.h"
42 #include "debug.h"
43 #include "transport.h"
44 #include "protocol.h"
45
46 /*
47 * Vendor IDs for companies that seem to include the READ CAPACITY bug
48 * in all their devices
49 */
50 #define VENDOR_ID_NOKIA 0x0421
51 #define VENDOR_ID_NIKON 0x04b0
52 #define VENDOR_ID_PENTAX 0x0a17
53 #define VENDOR_ID_MOTOROLA 0x22b8
54
55 /***********************************************************************
56 * Host functions
57 ***********************************************************************/
58
59 static const char* host_info(struct Scsi_Host *host)
60 {
61 struct us_data *us = host_to_us(host);
62 return us->scsi_name;
63 }
64
65 static int slave_alloc (struct scsi_device *sdev)
66 {
67 struct us_data *us = host_to_us(sdev->host);
68
69 /*
70 * Set the INQUIRY transfer length to 36. We don't use any of
71 * the extra data and many devices choke if asked for more or
72 * less than 36 bytes.
73 */
74 sdev->inquiry_len = 36;
75
76 /*
77 * USB has unusual DMA-alignment requirements: Although the
78 * starting address of each scatter-gather element doesn't matter,
79 * the length of each element except the last must be divisible
80 * by the Bulk maxpacket value. There's currently no way to
81 * express this by block-layer constraints, so we'll cop out
82 * and simply require addresses to be aligned at 512-byte
83 * boundaries. This is okay since most block I/O involves
84 * hardware sectors that are multiples of 512 bytes in length,
85 * and since host controllers up through USB 2.0 have maxpacket
86 * values no larger than 512.
87 *
88 * But it doesn't suffice for Wireless USB, where Bulk maxpacket
89 * values can be as large as 2048. To make that work properly
90 * will require changes to the block layer.
91 */
92 blk_queue_update_dma_alignment(sdev->request_queue, (512 - 1));
93
94 /* Tell the SCSI layer if we know there is more than one LUN */
95 if (us->protocol == USB_PR_BULK && us->max_lun > 0)
96 sdev->sdev_bflags |= BLIST_FORCELUN;
97
98 return 0;
99 }
100
101 static int slave_configure(struct scsi_device *sdev)
102 {
103 struct us_data *us = host_to_us(sdev->host);
104
105 /*
106 * Many devices have trouble transferring more than 32KB at a time,
107 * while others have trouble with more than 64K. At this time we
108 * are limiting both to 32K (64 sectores).
109 */
110 if (us->fflags & (US_FL_MAX_SECTORS_64 | US_FL_MAX_SECTORS_MIN)) {
111 unsigned int max_sectors = 64;
112
113 if (us->fflags & US_FL_MAX_SECTORS_MIN)
114 max_sectors = PAGE_SIZE >> 9;
115 if (queue_max_hw_sectors(sdev->request_queue) > max_sectors)
116 blk_queue_max_hw_sectors(sdev->request_queue,
117 max_sectors);
118 } else if (sdev->type == TYPE_TAPE) {
119 /*
120 * Tapes need much higher max_sector limits, so just
121 * raise it to the maximum possible (4 GB / 512) and
122 * let the queue segment size sort out the real limit.
123 */
124 blk_queue_max_hw_sectors(sdev->request_queue, 0x7FFFFF);
125 } else if (us->pusb_dev->speed >= USB_SPEED_SUPER) {
126 /*
127 * USB3 devices will be limited to 2048 sectors. This gives us
128 * better throughput on most devices.
129 */
130 blk_queue_max_hw_sectors(sdev->request_queue, 2048);
131 }
132
133 /*
134 * Some USB host controllers can't do DMA; they have to use PIO.
135 * They indicate this by setting their dma_mask to NULL. For
136 * such controllers we need to make sure the block layer sets
137 * up bounce buffers in addressable memory.
138 */
139 if (!us->pusb_dev->bus->controller->dma_mask)
140 blk_queue_bounce_limit(sdev->request_queue, BLK_BOUNCE_HIGH);
141
142 /*
143 * We can't put these settings in slave_alloc() because that gets
144 * called before the device type is known. Consequently these
145 * settings can't be overridden via the scsi devinfo mechanism.
146 */
147 if (sdev->type == TYPE_DISK) {
148
149 /*
150 * Some vendors seem to put the READ CAPACITY bug into
151 * all their devices -- primarily makers of cell phones
152 * and digital cameras. Since these devices always use
153 * flash media and can be expected to have an even number
154 * of sectors, we will always enable the CAPACITY_HEURISTICS
155 * flag unless told otherwise.
156 */
157 switch (le16_to_cpu(us->pusb_dev->descriptor.idVendor)) {
158 case VENDOR_ID_NOKIA:
159 case VENDOR_ID_NIKON:
160 case VENDOR_ID_PENTAX:
161 case VENDOR_ID_MOTOROLA:
162 if (!(us->fflags & (US_FL_FIX_CAPACITY |
163 US_FL_CAPACITY_OK)))
164 us->fflags |= US_FL_CAPACITY_HEURISTICS;
165 break;
166 }
167
168 /*
169 * Disk-type devices use MODE SENSE(6) if the protocol
170 * (SubClass) is Transparent SCSI, otherwise they use
171 * MODE SENSE(10).
172 */
173 if (us->subclass != USB_SC_SCSI && us->subclass != USB_SC_CYP_ATACB)
174 sdev->use_10_for_ms = 1;
175
176 /*
177 *Many disks only accept MODE SENSE transfer lengths of
178 * 192 bytes (that's what Windows uses).
179 */
180 sdev->use_192_bytes_for_3f = 1;
181
182 /*
183 * Some devices don't like MODE SENSE with page=0x3f,
184 * which is the command used for checking if a device
185 * is write-protected. Now that we tell the sd driver
186 * to do a 192-byte transfer with this command the
187 * majority of devices work fine, but a few still can't
188 * handle it. The sd driver will simply assume those
189 * devices are write-enabled.
190 */
191 if (us->fflags & US_FL_NO_WP_DETECT)
192 sdev->skip_ms_page_3f = 1;
193
194 /*
195 * A number of devices have problems with MODE SENSE for
196 * page x08, so we will skip it.
197 */
198 sdev->skip_ms_page_8 = 1;
199
200 /* Some devices don't handle VPD pages correctly */
201 sdev->skip_vpd_pages = 1;
202
203 /* Do not attempt to use REPORT SUPPORTED OPERATION CODES */
204 sdev->no_report_opcodes = 1;
205
206 /* Do not attempt to use WRITE SAME */
207 sdev->no_write_same = 1;
208
209 /*
210 * Some disks return the total number of blocks in response
211 * to READ CAPACITY rather than the highest block number.
212 * If this device makes that mistake, tell the sd driver.
213 */
214 if (us->fflags & US_FL_FIX_CAPACITY)
215 sdev->fix_capacity = 1;
216
217 /*
218 * A few disks have two indistinguishable version, one of
219 * which reports the correct capacity and the other does not.
220 * The sd driver has to guess which is the case.
221 */
222 if (us->fflags & US_FL_CAPACITY_HEURISTICS)
223 sdev->guess_capacity = 1;
224
225 /* Some devices cannot handle READ_CAPACITY_16 */
226 if (us->fflags & US_FL_NO_READ_CAPACITY_16)
227 sdev->no_read_capacity_16 = 1;
228
229 /*
230 * Many devices do not respond properly to READ_CAPACITY_16.
231 * Tell the SCSI layer to try READ_CAPACITY_10 first.
232 * However some USB 3.0 drive enclosures return capacity
233 * modulo 2TB. Those must use READ_CAPACITY_16
234 */
235 if (!(us->fflags & US_FL_NEEDS_CAP16))
236 sdev->try_rc_10_first = 1;
237
238 /* assume SPC3 or latter devices support sense size > 18 */
239 if (sdev->scsi_level > SCSI_SPC_2)
240 us->fflags |= US_FL_SANE_SENSE;
241
242 /*
243 * USB-IDE bridges tend to report SK = 0x04 (Non-recoverable
244 * Hardware Error) when any low-level error occurs,
245 * recoverable or not. Setting this flag tells the SCSI
246 * midlayer to retry such commands, which frequently will
247 * succeed and fix the error. The worst this can lead to
248 * is an occasional series of retries that will all fail.
249 */
250 sdev->retry_hwerror = 1;
251
252 /*
253 * USB disks should allow restart. Some drives spin down
254 * automatically, requiring a START-STOP UNIT command.
255 */
256 sdev->allow_restart = 1;
257
258 /*
259 * Some USB cardreaders have trouble reading an sdcard's last
260 * sector in a larger then 1 sector read, since the performance
261 * impact is negligible we set this flag for all USB disks
262 */
263 sdev->last_sector_bug = 1;
264
265 /*
266 * Enable last-sector hacks for single-target devices using
267 * the Bulk-only transport, unless we already know the
268 * capacity will be decremented or is correct.
269 */
270 if (!(us->fflags & (US_FL_FIX_CAPACITY | US_FL_CAPACITY_OK |
271 US_FL_SCM_MULT_TARG)) &&
272 us->protocol == USB_PR_BULK)
273 us->use_last_sector_hacks = 1;
274
275 /* Check if write cache default on flag is set or not */
276 if (us->fflags & US_FL_WRITE_CACHE)
277 sdev->wce_default_on = 1;
278
279 /* A few buggy USB-ATA bridges don't understand FUA */
280 if (us->fflags & US_FL_BROKEN_FUA)
281 sdev->broken_fua = 1;
282
283 /* Some even totally fail to indicate a cache */
284 if (us->fflags & US_FL_ALWAYS_SYNC) {
285 /* don't read caching information */
286 sdev->skip_ms_page_8 = 1;
287 sdev->skip_ms_page_3f = 1;
288 /* assume sync is needed */
289 sdev->wce_default_on = 1;
290 }
291 } else {
292
293 /*
294 * Non-disk-type devices don't need to blacklist any pages
295 * or to force 192-byte transfer lengths for MODE SENSE.
296 * But they do need to use MODE SENSE(10).
297 */
298 sdev->use_10_for_ms = 1;
299
300 /* Some (fake) usb cdrom devices don't like READ_DISC_INFO */
301 if (us->fflags & US_FL_NO_READ_DISC_INFO)
302 sdev->no_read_disc_info = 1;
303 }
304
305 /*
306 * The CB and CBI transports have no way to pass LUN values
307 * other than the bits in the second byte of a CDB. But those
308 * bits don't get set to the LUN value if the device reports
309 * scsi_level == 0 (UNKNOWN). Hence such devices must necessarily
310 * be single-LUN.
311 */
312 if ((us->protocol == USB_PR_CB || us->protocol == USB_PR_CBI) &&
313 sdev->scsi_level == SCSI_UNKNOWN)
314 us->max_lun = 0;
315
316 /*
317 * Some devices choke when they receive a PREVENT-ALLOW MEDIUM
318 * REMOVAL command, so suppress those commands.
319 */
320 if (us->fflags & US_FL_NOT_LOCKABLE)
321 sdev->lockable = 0;
322
323 /*
324 * this is to satisfy the compiler, tho I don't think the
325 * return code is ever checked anywhere.
326 */
327 return 0;
328 }
329
330 static int target_alloc(struct scsi_target *starget)
331 {
332 struct us_data *us = host_to_us(dev_to_shost(starget->dev.parent));
333
334 /*
335 * Some USB drives don't support REPORT LUNS, even though they
336 * report a SCSI revision level above 2. Tell the SCSI layer
337 * not to issue that command; it will perform a normal sequential
338 * scan instead.
339 */
340 starget->no_report_luns = 1;
341
342 /*
343 * The UFI spec treats the Peripheral Qualifier bits in an
344 * INQUIRY result as reserved and requires devices to set them
345 * to 0. However the SCSI spec requires these bits to be set
346 * to 3 to indicate when a LUN is not present.
347 *
348 * Let the scanning code know if this target merely sets
349 * Peripheral Device Type to 0x1f to indicate no LUN.
350 */
351 if (us->subclass == USB_SC_UFI)
352 starget->pdt_1f_for_no_lun = 1;
353
354 return 0;
355 }
356
357 /* queue a command */
358 /* This is always called with scsi_lock(host) held */
359 static int queuecommand_lck(struct scsi_cmnd *srb,
360 void (*done)(struct scsi_cmnd *))
361 {
362 struct us_data *us = host_to_us(srb->device->host);
363
364 /* check for state-transition errors */
365 if (us->srb != NULL) {
366 printk(KERN_ERR USB_STORAGE "Error in %s: us->srb = %p\n",
367 __func__, us->srb);
368 return SCSI_MLQUEUE_HOST_BUSY;
369 }
370
371 /* fail the command if we are disconnecting */
372 if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) {
373 usb_stor_dbg(us, "Fail command during disconnect\n");
374 srb->result = DID_NO_CONNECT << 16;
375 done(srb);
376 return 0;
377 }
378
379 /* enqueue the command and wake up the control thread */
380 srb->scsi_done = done;
381 us->srb = srb;
382 complete(&us->cmnd_ready);
383
384 return 0;
385 }
386
387 static DEF_SCSI_QCMD(queuecommand)
388
389 /***********************************************************************
390 * Error handling functions
391 ***********************************************************************/
392
393 /* Command timeout and abort */
394 static int command_abort(struct scsi_cmnd *srb)
395 {
396 struct us_data *us = host_to_us(srb->device->host);
397
398 usb_stor_dbg(us, "%s called\n", __func__);
399
400 /*
401 * us->srb together with the TIMED_OUT, RESETTING, and ABORTING
402 * bits are protected by the host lock.
403 */
404 scsi_lock(us_to_host(us));
405
406 /* Is this command still active? */
407 if (us->srb != srb) {
408 scsi_unlock(us_to_host(us));
409 usb_stor_dbg(us, "-- nothing to abort\n");
410 return FAILED;
411 }
412
413 /*
414 * Set the TIMED_OUT bit. Also set the ABORTING bit, but only if
415 * a device reset isn't already in progress (to avoid interfering
416 * with the reset). Note that we must retain the host lock while
417 * calling usb_stor_stop_transport(); otherwise it might interfere
418 * with an auto-reset that begins as soon as we release the lock.
419 */
420 set_bit(US_FLIDX_TIMED_OUT, &us->dflags);
421 if (!test_bit(US_FLIDX_RESETTING, &us->dflags)) {
422 set_bit(US_FLIDX_ABORTING, &us->dflags);
423 usb_stor_stop_transport(us);
424 }
425 scsi_unlock(us_to_host(us));
426
427 /* Wait for the aborted command to finish */
428 wait_for_completion(&us->notify);
429 return SUCCESS;
430 }
431
432 /*
433 * This invokes the transport reset mechanism to reset the state of the
434 * device
435 */
436 static int device_reset(struct scsi_cmnd *srb)
437 {
438 struct us_data *us = host_to_us(srb->device->host);
439 int result;
440
441 usb_stor_dbg(us, "%s called\n", __func__);
442
443 /* lock the device pointers and do the reset */
444 mutex_lock(&(us->dev_mutex));
445 result = us->transport_reset(us);
446 mutex_unlock(&us->dev_mutex);
447
448 return result < 0 ? FAILED : SUCCESS;
449 }
450
451 /* Simulate a SCSI bus reset by resetting the device's USB port. */
452 static int bus_reset(struct scsi_cmnd *srb)
453 {
454 struct us_data *us = host_to_us(srb->device->host);
455 int result;
456
457 usb_stor_dbg(us, "%s called\n", __func__);
458
459 result = usb_stor_port_reset(us);
460 return result < 0 ? FAILED : SUCCESS;
461 }
462
463 /*
464 * Report a driver-initiated device reset to the SCSI layer.
465 * Calling this for a SCSI-initiated reset is unnecessary but harmless.
466 * The caller must own the SCSI host lock.
467 */
468 void usb_stor_report_device_reset(struct us_data *us)
469 {
470 int i;
471 struct Scsi_Host *host = us_to_host(us);
472
473 scsi_report_device_reset(host, 0, 0);
474 if (us->fflags & US_FL_SCM_MULT_TARG) {
475 for (i = 1; i < host->max_id; ++i)
476 scsi_report_device_reset(host, 0, i);
477 }
478 }
479
480 /*
481 * Report a driver-initiated bus reset to the SCSI layer.
482 * Calling this for a SCSI-initiated reset is unnecessary but harmless.
483 * The caller must not own the SCSI host lock.
484 */
485 void usb_stor_report_bus_reset(struct us_data *us)
486 {
487 struct Scsi_Host *host = us_to_host(us);
488
489 scsi_lock(host);
490 scsi_report_bus_reset(host, 0);
491 scsi_unlock(host);
492 }
493
494 /***********************************************************************
495 * /proc/scsi/ functions
496 ***********************************************************************/
497
498 static int write_info(struct Scsi_Host *host, char *buffer, int length)
499 {
500 /* if someone is sending us data, just throw it away */
501 return length;
502 }
503
504 static int show_info (struct seq_file *m, struct Scsi_Host *host)
505 {
506 struct us_data *us = host_to_us(host);
507 const char *string;
508
509 /* print the controller name */
510 seq_printf(m, " Host scsi%d: usb-storage\n", host->host_no);
511
512 /* print product, vendor, and serial number strings */
513 if (us->pusb_dev->manufacturer)
514 string = us->pusb_dev->manufacturer;
515 else if (us->unusual_dev->vendorName)
516 string = us->unusual_dev->vendorName;
517 else
518 string = "Unknown";
519 seq_printf(m, " Vendor: %s\n", string);
520 if (us->pusb_dev->product)
521 string = us->pusb_dev->product;
522 else if (us->unusual_dev->productName)
523 string = us->unusual_dev->productName;
524 else
525 string = "Unknown";
526 seq_printf(m, " Product: %s\n", string);
527 if (us->pusb_dev->serial)
528 string = us->pusb_dev->serial;
529 else
530 string = "None";
531 seq_printf(m, "Serial Number: %s\n", string);
532
533 /* show the protocol and transport */
534 seq_printf(m, " Protocol: %s\n", us->protocol_name);
535 seq_printf(m, " Transport: %s\n", us->transport_name);
536
537 /* show the device flags */
538 seq_printf(m, " Quirks:");
539
540 #define US_FLAG(name, value) \
541 if (us->fflags & value) seq_printf(m, " " #name);
542 US_DO_ALL_FLAGS
543 #undef US_FLAG
544 seq_putc(m, '\n');
545 return 0;
546 }
547
548 /***********************************************************************
549 * Sysfs interface
550 ***********************************************************************/
551
552 /* Output routine for the sysfs max_sectors file */
553 static ssize_t max_sectors_show(struct device *dev, struct device_attribute *attr, char *buf)
554 {
555 struct scsi_device *sdev = to_scsi_device(dev);
556
557 return sprintf(buf, "%u\n", queue_max_hw_sectors(sdev->request_queue));
558 }
559
560 /* Input routine for the sysfs max_sectors file */
561 static ssize_t max_sectors_store(struct device *dev, struct device_attribute *attr, const char *buf,
562 size_t count)
563 {
564 struct scsi_device *sdev = to_scsi_device(dev);
565 unsigned short ms;
566
567 if (sscanf(buf, "%hu", &ms) > 0) {
568 blk_queue_max_hw_sectors(sdev->request_queue, ms);
569 return count;
570 }
571 return -EINVAL;
572 }
573 static DEVICE_ATTR_RW(max_sectors);
574
575 static struct device_attribute *sysfs_device_attr_list[] = {
576 &dev_attr_max_sectors,
577 NULL,
578 };
579
580 /*
581 * this defines our host template, with which we'll allocate hosts
582 */
583
584 static const struct scsi_host_template usb_stor_host_template = {
585 /* basic userland interface stuff */
586 .name = "usb-storage",
587 .proc_name = "usb-storage",
588 .show_info = show_info,
589 .write_info = write_info,
590 .info = host_info,
591
592 /* command interface -- queued only */
593 .queuecommand = queuecommand,
594
595 /* error and abort handlers */
596 .eh_abort_handler = command_abort,
597 .eh_device_reset_handler = device_reset,
598 .eh_bus_reset_handler = bus_reset,
599
600 /* queue commands only, only one command per LUN */
601 .can_queue = 1,
602
603 /* unknown initiator id */
604 .this_id = -1,
605
606 .slave_alloc = slave_alloc,
607 .slave_configure = slave_configure,
608 .target_alloc = target_alloc,
609
610 /* lots of sg segments can be handled */
611 .sg_tablesize = SG_MAX_SEGMENTS,
612
613
614 /*
615 * Limit the total size of a transfer to 120 KB.
616 *
617 * Some devices are known to choke with anything larger. It seems like
618 * the problem stems from the fact that original IDE controllers had
619 * only an 8-bit register to hold the number of sectors in one transfer
620 * and even those couldn't handle a full 256 sectors.
621 *
622 * Because we want to make sure we interoperate with as many devices as
623 * possible, we will maintain a 240 sector transfer size limit for USB
624 * Mass Storage devices.
625 *
626 * Tests show that other operating have similar limits with Microsoft
627 * Windows 7 limiting transfers to 128 sectors for both USB2 and USB3
628 * and Apple Mac OS X 10.11 limiting transfers to 256 sectors for USB2
629 * and 2048 for USB3 devices.
630 */
631 .max_sectors = 240,
632
633 /*
634 * merge commands... this seems to help performance, but
635 * periodically someone should test to see which setting is more
636 * optimal.
637 */
638 .use_clustering = 1,
639
640 /* emulated HBA */
641 .emulated = 1,
642
643 /* we do our own delay after a device or bus reset */
644 .skip_settle_delay = 1,
645
646 /* sysfs device attributes */
647 .sdev_attrs = sysfs_device_attr_list,
648
649 /* module management */
650 .module = THIS_MODULE
651 };
652
653 void usb_stor_host_template_init(struct scsi_host_template *sht,
654 const char *name, struct module *owner)
655 {
656 *sht = usb_stor_host_template;
657 sht->name = name;
658 sht->proc_name = name;
659 sht->module = owner;
660 }
661 EXPORT_SYMBOL_GPL(usb_stor_host_template_init);
662
663 /* To Report "Illegal Request: Invalid Field in CDB */
664 unsigned char usb_stor_sense_invalidCDB[18] = {
665 [0] = 0x70, /* current error */
666 [2] = ILLEGAL_REQUEST, /* Illegal Request = 0x05 */
667 [7] = 0x0a, /* additional length */
668 [12] = 0x24 /* Invalid Field in CDB */
669 };
670 EXPORT_SYMBOL_GPL(usb_stor_sense_invalidCDB);
Linux with added FPC-III support