media: stv06xx: add missing descriptor sanity checks
[linux/fpc-iii.git] / drivers / scsi / sr_ioctl.c
blobffcf902da3901c5708ae76535b33162d1e83adb7
1 // SPDX-License-Identifier: GPL-2.0
2 #include <linux/kernel.h>
3 #include <linux/mm.h>
4 #include <linux/fs.h>
5 #include <linux/errno.h>
6 #include <linux/string.h>
7 #include <linux/blkdev.h>
8 #include <linux/module.h>
9 #include <linux/blkpg.h>
10 #include <linux/cdrom.h>
11 #include <linux/delay.h>
12 #include <linux/slab.h>
13 #include <asm/io.h>
14 #include <linux/uaccess.h>
16 #include <scsi/scsi.h>
17 #include <scsi/scsi_dbg.h>
18 #include <scsi/scsi_device.h>
19 #include <scsi/scsi_eh.h>
20 #include <scsi/scsi_host.h>
21 #include <scsi/scsi_ioctl.h>
22 #include <scsi/scsi_cmnd.h>
24 #include "sr.h"
26 #if 0
27 #define DEBUG
28 #endif
30 /* The sr_is_xa() seems to trigger firmware bugs with some drives :-(
31 * It is off by default and can be turned on with this module parameter */
32 static int xa_test = 0;
34 module_param(xa_test, int, S_IRUGO | S_IWUSR);
36 /* primitive to determine whether we need to have GFP_DMA set based on
37 * the status of the unchecked_isa_dma flag in the host structure */
38 #define SR_GFP_DMA(cd) (((cd)->device->host->unchecked_isa_dma) ? GFP_DMA : 0)
40 static int sr_read_tochdr(struct cdrom_device_info *cdi,
41 struct cdrom_tochdr *tochdr)
43 struct scsi_cd *cd = cdi->handle;
44 struct packet_command cgc;
45 int result;
46 unsigned char *buffer;
48 buffer = kmalloc(32, GFP_KERNEL | SR_GFP_DMA(cd));
49 if (!buffer)
50 return -ENOMEM;
52 memset(&cgc, 0, sizeof(struct packet_command));
53 cgc.timeout = IOCTL_TIMEOUT;
54 cgc.cmd[0] = GPCMD_READ_TOC_PMA_ATIP;
55 cgc.cmd[8] = 12; /* LSB of length */
56 cgc.buffer = buffer;
57 cgc.buflen = 12;
58 cgc.quiet = 1;
59 cgc.data_direction = DMA_FROM_DEVICE;
61 result = sr_do_ioctl(cd, &cgc);
63 tochdr->cdth_trk0 = buffer[2];
64 tochdr->cdth_trk1 = buffer[3];
66 kfree(buffer);
67 return result;
70 static int sr_read_tocentry(struct cdrom_device_info *cdi,
71 struct cdrom_tocentry *tocentry)
73 struct scsi_cd *cd = cdi->handle;
74 struct packet_command cgc;
75 int result;
76 unsigned char *buffer;
78 buffer = kmalloc(32, GFP_KERNEL | SR_GFP_DMA(cd));
79 if (!buffer)
80 return -ENOMEM;
82 memset(&cgc, 0, sizeof(struct packet_command));
83 cgc.timeout = IOCTL_TIMEOUT;
84 cgc.cmd[0] = GPCMD_READ_TOC_PMA_ATIP;
85 cgc.cmd[1] |= (tocentry->cdte_format == CDROM_MSF) ? 0x02 : 0;
86 cgc.cmd[6] = tocentry->cdte_track;
87 cgc.cmd[8] = 12; /* LSB of length */
88 cgc.buffer = buffer;
89 cgc.buflen = 12;
90 cgc.data_direction = DMA_FROM_DEVICE;
92 result = sr_do_ioctl(cd, &cgc);
94 tocentry->cdte_ctrl = buffer[5] & 0xf;
95 tocentry->cdte_adr = buffer[5] >> 4;
96 tocentry->cdte_datamode = (tocentry->cdte_ctrl & 0x04) ? 1 : 0;
97 if (tocentry->cdte_format == CDROM_MSF) {
98 tocentry->cdte_addr.msf.minute = buffer[9];
99 tocentry->cdte_addr.msf.second = buffer[10];
100 tocentry->cdte_addr.msf.frame = buffer[11];
101 } else
102 tocentry->cdte_addr.lba = (((((buffer[8] << 8) + buffer[9]) << 8)
103 + buffer[10]) << 8) + buffer[11];
105 kfree(buffer);
106 return result;
109 #define IOCTL_RETRIES 3
111 /* ATAPI drives don't have a SCMD_PLAYAUDIO_TI command. When these drives
112 are emulating a SCSI device via the idescsi module, they need to have
113 CDROMPLAYTRKIND commands translated into CDROMPLAYMSF commands for them */
115 static int sr_fake_playtrkind(struct cdrom_device_info *cdi, struct cdrom_ti *ti)
117 struct cdrom_tocentry trk0_te, trk1_te;
118 struct cdrom_tochdr tochdr;
119 struct packet_command cgc;
120 int ntracks, ret;
122 ret = sr_read_tochdr(cdi, &tochdr);
123 if (ret)
124 return ret;
126 ntracks = tochdr.cdth_trk1 - tochdr.cdth_trk0 + 1;
128 if (ti->cdti_trk1 == ntracks)
129 ti->cdti_trk1 = CDROM_LEADOUT;
130 else if (ti->cdti_trk1 != CDROM_LEADOUT)
131 ti->cdti_trk1 ++;
133 trk0_te.cdte_track = ti->cdti_trk0;
134 trk0_te.cdte_format = CDROM_MSF;
135 trk1_te.cdte_track = ti->cdti_trk1;
136 trk1_te.cdte_format = CDROM_MSF;
138 ret = sr_read_tocentry(cdi, &trk0_te);
139 if (ret)
140 return ret;
141 ret = sr_read_tocentry(cdi, &trk1_te);
142 if (ret)
143 return ret;
145 memset(&cgc, 0, sizeof(struct packet_command));
146 cgc.cmd[0] = GPCMD_PLAY_AUDIO_MSF;
147 cgc.cmd[3] = trk0_te.cdte_addr.msf.minute;
148 cgc.cmd[4] = trk0_te.cdte_addr.msf.second;
149 cgc.cmd[5] = trk0_te.cdte_addr.msf.frame;
150 cgc.cmd[6] = trk1_te.cdte_addr.msf.minute;
151 cgc.cmd[7] = trk1_te.cdte_addr.msf.second;
152 cgc.cmd[8] = trk1_te.cdte_addr.msf.frame;
153 cgc.data_direction = DMA_NONE;
154 cgc.timeout = IOCTL_TIMEOUT;
155 return sr_do_ioctl(cdi->handle, &cgc);
158 static int sr_play_trkind(struct cdrom_device_info *cdi,
159 struct cdrom_ti *ti)
162 struct scsi_cd *cd = cdi->handle;
163 struct packet_command cgc;
164 int result;
166 memset(&cgc, 0, sizeof(struct packet_command));
167 cgc.timeout = IOCTL_TIMEOUT;
168 cgc.cmd[0] = GPCMD_PLAYAUDIO_TI;
169 cgc.cmd[4] = ti->cdti_trk0;
170 cgc.cmd[5] = ti->cdti_ind0;
171 cgc.cmd[7] = ti->cdti_trk1;
172 cgc.cmd[8] = ti->cdti_ind1;
173 cgc.data_direction = DMA_NONE;
175 result = sr_do_ioctl(cd, &cgc);
176 if (result == -EDRIVE_CANT_DO_THIS)
177 result = sr_fake_playtrkind(cdi, ti);
179 return result;
182 /* We do our own retries because we want to know what the specific
183 error code is. Normally the UNIT_ATTENTION code will automatically
184 clear after one error */
186 int sr_do_ioctl(Scsi_CD *cd, struct packet_command *cgc)
188 struct scsi_device *SDev;
189 struct scsi_sense_hdr local_sshdr, *sshdr = &local_sshdr;
190 int result, err = 0, retries = 0;
192 SDev = cd->device;
194 if (cgc->sshdr)
195 sshdr = cgc->sshdr;
197 retry:
198 if (!scsi_block_when_processing_errors(SDev)) {
199 err = -ENODEV;
200 goto out;
203 result = scsi_execute(SDev, cgc->cmd, cgc->data_direction,
204 cgc->buffer, cgc->buflen, NULL, sshdr,
205 cgc->timeout, IOCTL_RETRIES, 0, 0, NULL);
207 /* Minimal error checking. Ignore cases we know about, and report the rest. */
208 if (driver_byte(result) != 0) {
209 switch (sshdr->sense_key) {
210 case UNIT_ATTENTION:
211 SDev->changed = 1;
212 if (!cgc->quiet)
213 sr_printk(KERN_INFO, cd,
214 "disc change detected.\n");
215 if (retries++ < 10)
216 goto retry;
217 err = -ENOMEDIUM;
218 break;
219 case NOT_READY: /* This happens if there is no disc in drive */
220 if (sshdr->asc == 0x04 &&
221 sshdr->ascq == 0x01) {
222 /* sense: Logical unit is in process of becoming ready */
223 if (!cgc->quiet)
224 sr_printk(KERN_INFO, cd,
225 "CDROM not ready yet.\n");
226 if (retries++ < 10) {
227 /* sleep 2 sec and try again */
228 ssleep(2);
229 goto retry;
230 } else {
231 /* 20 secs are enough? */
232 err = -ENOMEDIUM;
233 break;
236 if (!cgc->quiet)
237 sr_printk(KERN_INFO, cd,
238 "CDROM not ready. Make sure there "
239 "is a disc in the drive.\n");
240 err = -ENOMEDIUM;
241 break;
242 case ILLEGAL_REQUEST:
243 err = -EIO;
244 if (sshdr->asc == 0x20 &&
245 sshdr->ascq == 0x00)
246 /* sense: Invalid command operation code */
247 err = -EDRIVE_CANT_DO_THIS;
248 break;
249 default:
250 err = -EIO;
254 /* Wake up a process waiting for device */
255 out:
256 cgc->stat = err;
257 return err;
260 /* ---------------------------------------------------------------------- */
261 /* interface to cdrom.c */
263 int sr_tray_move(struct cdrom_device_info *cdi, int pos)
265 Scsi_CD *cd = cdi->handle;
266 struct packet_command cgc;
268 memset(&cgc, 0, sizeof(struct packet_command));
269 cgc.cmd[0] = GPCMD_START_STOP_UNIT;
270 cgc.cmd[4] = (pos == 0) ? 0x03 /* close */ : 0x02 /* eject */ ;
271 cgc.data_direction = DMA_NONE;
272 cgc.timeout = IOCTL_TIMEOUT;
273 return sr_do_ioctl(cd, &cgc);
276 int sr_lock_door(struct cdrom_device_info *cdi, int lock)
278 Scsi_CD *cd = cdi->handle;
280 return scsi_set_medium_removal(cd->device, lock ?
281 SCSI_REMOVAL_PREVENT : SCSI_REMOVAL_ALLOW);
284 int sr_drive_status(struct cdrom_device_info *cdi, int slot)
286 struct scsi_cd *cd = cdi->handle;
287 struct scsi_sense_hdr sshdr;
288 struct media_event_desc med;
290 if (CDSL_CURRENT != slot) {
291 /* we have no changer support */
292 return -EINVAL;
294 if (!scsi_test_unit_ready(cd->device, SR_TIMEOUT, MAX_RETRIES, &sshdr))
295 return CDS_DISC_OK;
297 /* SK/ASC/ASCQ of 2/4/1 means "unit is becoming ready" */
298 if (scsi_sense_valid(&sshdr) && sshdr.sense_key == NOT_READY
299 && sshdr.asc == 0x04 && sshdr.ascq == 0x01)
300 return CDS_DRIVE_NOT_READY;
302 if (!cdrom_get_media_event(cdi, &med)) {
303 if (med.media_present)
304 return CDS_DISC_OK;
305 else if (med.door_open)
306 return CDS_TRAY_OPEN;
307 else
308 return CDS_NO_DISC;
312 * SK/ASC/ASCQ of 2/4/2 means "initialization required"
313 * Using CD_TRAY_OPEN results in an START_STOP_UNIT to close
314 * the tray, which resolves the initialization requirement.
316 if (scsi_sense_valid(&sshdr) && sshdr.sense_key == NOT_READY
317 && sshdr.asc == 0x04 && sshdr.ascq == 0x02)
318 return CDS_TRAY_OPEN;
321 * 0x04 is format in progress .. but there must be a disc present!
323 if (sshdr.sense_key == NOT_READY && sshdr.asc == 0x04)
324 return CDS_DISC_OK;
327 * If not using Mt Fuji extended media tray reports,
328 * just return TRAY_OPEN since ATAPI doesn't provide
329 * any other way to detect this...
331 if (scsi_sense_valid(&sshdr) &&
332 /* 0x3a is medium not present */
333 sshdr.asc == 0x3a)
334 return CDS_NO_DISC;
335 else
336 return CDS_TRAY_OPEN;
338 return CDS_DRIVE_NOT_READY;
341 int sr_disk_status(struct cdrom_device_info *cdi)
343 Scsi_CD *cd = cdi->handle;
344 struct cdrom_tochdr toc_h;
345 struct cdrom_tocentry toc_e;
346 int i, rc, have_datatracks = 0;
348 /* look for data tracks */
349 rc = sr_read_tochdr(cdi, &toc_h);
350 if (rc)
351 return (rc == -ENOMEDIUM) ? CDS_NO_DISC : CDS_NO_INFO;
353 for (i = toc_h.cdth_trk0; i <= toc_h.cdth_trk1; i++) {
354 toc_e.cdte_track = i;
355 toc_e.cdte_format = CDROM_LBA;
356 if (sr_read_tocentry(cdi, &toc_e))
357 return CDS_NO_INFO;
358 if (toc_e.cdte_ctrl & CDROM_DATA_TRACK) {
359 have_datatracks = 1;
360 break;
363 if (!have_datatracks)
364 return CDS_AUDIO;
366 if (cd->xa_flag)
367 return CDS_XA_2_1;
368 else
369 return CDS_DATA_1;
372 int sr_get_last_session(struct cdrom_device_info *cdi,
373 struct cdrom_multisession *ms_info)
375 Scsi_CD *cd = cdi->handle;
377 ms_info->addr.lba = cd->ms_offset;
378 ms_info->xa_flag = cd->xa_flag || cd->ms_offset > 0;
380 return 0;
383 int sr_get_mcn(struct cdrom_device_info *cdi, struct cdrom_mcn *mcn)
385 Scsi_CD *cd = cdi->handle;
386 struct packet_command cgc;
387 char *buffer = kmalloc(32, GFP_KERNEL | SR_GFP_DMA(cd));
388 int result;
390 if (!buffer)
391 return -ENOMEM;
393 memset(&cgc, 0, sizeof(struct packet_command));
394 cgc.cmd[0] = GPCMD_READ_SUBCHANNEL;
395 cgc.cmd[2] = 0x40; /* I do want the subchannel info */
396 cgc.cmd[3] = 0x02; /* Give me medium catalog number info */
397 cgc.cmd[8] = 24;
398 cgc.buffer = buffer;
399 cgc.buflen = 24;
400 cgc.data_direction = DMA_FROM_DEVICE;
401 cgc.timeout = IOCTL_TIMEOUT;
402 result = sr_do_ioctl(cd, &cgc);
404 memcpy(mcn->medium_catalog_number, buffer + 9, 13);
405 mcn->medium_catalog_number[13] = 0;
407 kfree(buffer);
408 return result;
411 int sr_reset(struct cdrom_device_info *cdi)
413 return 0;
416 int sr_select_speed(struct cdrom_device_info *cdi, int speed)
418 Scsi_CD *cd = cdi->handle;
419 struct packet_command cgc;
421 if (speed == 0)
422 speed = 0xffff; /* set to max */
423 else
424 speed *= 177; /* Nx to kbyte/s */
426 memset(&cgc, 0, sizeof(struct packet_command));
427 cgc.cmd[0] = GPCMD_SET_SPEED; /* SET CD SPEED */
428 cgc.cmd[2] = (speed >> 8) & 0xff; /* MSB for speed (in kbytes/sec) */
429 cgc.cmd[3] = speed & 0xff; /* LSB */
430 cgc.data_direction = DMA_NONE;
431 cgc.timeout = IOCTL_TIMEOUT;
433 if (sr_do_ioctl(cd, &cgc))
434 return -EIO;
435 return 0;
438 /* ----------------------------------------------------------------------- */
439 /* this is called by the generic cdrom driver. arg is a _kernel_ pointer, */
440 /* because the generic cdrom driver does the user access stuff for us. */
441 /* only cdromreadtochdr and cdromreadtocentry are left - for use with the */
442 /* sr_disk_status interface for the generic cdrom driver. */
444 int sr_audio_ioctl(struct cdrom_device_info *cdi, unsigned int cmd, void *arg)
446 switch (cmd) {
447 case CDROMREADTOCHDR:
448 return sr_read_tochdr(cdi, arg);
449 case CDROMREADTOCENTRY:
450 return sr_read_tocentry(cdi, arg);
451 case CDROMPLAYTRKIND:
452 return sr_play_trkind(cdi, arg);
453 default:
454 return -EINVAL;
458 /* -----------------------------------------------------------------------
459 * a function to read all sorts of funny cdrom sectors using the READ_CD
460 * scsi-3 mmc command
462 * lba: linear block address
463 * format: 0 = data (anything)
464 * 1 = audio
465 * 2 = data (mode 1)
466 * 3 = data (mode 2)
467 * 4 = data (mode 2 form1)
468 * 5 = data (mode 2 form2)
469 * blksize: 2048 | 2336 | 2340 | 2352
472 static int sr_read_cd(Scsi_CD *cd, unsigned char *dest, int lba, int format, int blksize)
474 struct packet_command cgc;
476 #ifdef DEBUG
477 sr_printk(KERN_INFO, cd, "sr_read_cd lba=%d format=%d blksize=%d\n",
478 lba, format, blksize);
479 #endif
481 memset(&cgc, 0, sizeof(struct packet_command));
482 cgc.cmd[0] = GPCMD_READ_CD; /* READ_CD */
483 cgc.cmd[1] = ((format & 7) << 2);
484 cgc.cmd[2] = (unsigned char) (lba >> 24) & 0xff;
485 cgc.cmd[3] = (unsigned char) (lba >> 16) & 0xff;
486 cgc.cmd[4] = (unsigned char) (lba >> 8) & 0xff;
487 cgc.cmd[5] = (unsigned char) lba & 0xff;
488 cgc.cmd[8] = 1;
489 switch (blksize) {
490 case 2336:
491 cgc.cmd[9] = 0x58;
492 break;
493 case 2340:
494 cgc.cmd[9] = 0x78;
495 break;
496 case 2352:
497 cgc.cmd[9] = 0xf8;
498 break;
499 default:
500 cgc.cmd[9] = 0x10;
501 break;
503 cgc.buffer = dest;
504 cgc.buflen = blksize;
505 cgc.data_direction = DMA_FROM_DEVICE;
506 cgc.timeout = IOCTL_TIMEOUT;
507 return sr_do_ioctl(cd, &cgc);
511 * read sectors with blocksizes other than 2048
514 static int sr_read_sector(Scsi_CD *cd, int lba, int blksize, unsigned char *dest)
516 struct packet_command cgc;
517 int rc;
519 /* we try the READ CD command first... */
520 if (cd->readcd_known) {
521 rc = sr_read_cd(cd, dest, lba, 0, blksize);
522 if (-EDRIVE_CANT_DO_THIS != rc)
523 return rc;
524 cd->readcd_known = 0;
525 sr_printk(KERN_INFO, cd,
526 "CDROM does'nt support READ CD (0xbe) command\n");
527 /* fall & retry the other way */
529 /* ... if this fails, we switch the blocksize using MODE SELECT */
530 if (blksize != cd->device->sector_size) {
531 if (0 != (rc = sr_set_blocklength(cd, blksize)))
532 return rc;
534 #ifdef DEBUG
535 sr_printk(KERN_INFO, cd, "sr_read_sector lba=%d blksize=%d\n",
536 lba, blksize);
537 #endif
539 memset(&cgc, 0, sizeof(struct packet_command));
540 cgc.cmd[0] = GPCMD_READ_10;
541 cgc.cmd[2] = (unsigned char) (lba >> 24) & 0xff;
542 cgc.cmd[3] = (unsigned char) (lba >> 16) & 0xff;
543 cgc.cmd[4] = (unsigned char) (lba >> 8) & 0xff;
544 cgc.cmd[5] = (unsigned char) lba & 0xff;
545 cgc.cmd[8] = 1;
546 cgc.buffer = dest;
547 cgc.buflen = blksize;
548 cgc.data_direction = DMA_FROM_DEVICE;
549 cgc.timeout = IOCTL_TIMEOUT;
550 rc = sr_do_ioctl(cd, &cgc);
552 return rc;
556 * read a sector in raw mode to check the sector format
557 * ret: 1 == mode2 (XA), 0 == mode1, <0 == error
560 int sr_is_xa(Scsi_CD *cd)
562 unsigned char *raw_sector;
563 int is_xa;
565 if (!xa_test)
566 return 0;
568 raw_sector = kmalloc(2048, GFP_KERNEL | SR_GFP_DMA(cd));
569 if (!raw_sector)
570 return -ENOMEM;
571 if (0 == sr_read_sector(cd, cd->ms_offset + 16,
572 CD_FRAMESIZE_RAW1, raw_sector)) {
573 is_xa = (raw_sector[3] == 0x02) ? 1 : 0;
574 } else {
575 /* read a raw sector failed for some reason. */
576 is_xa = -1;
578 kfree(raw_sector);
579 #ifdef DEBUG
580 sr_printk(KERN_INFO, cd, "sr_is_xa: %d\n", is_xa);
581 #endif
582 return is_xa;