Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / ide / ide-floppy_ioctl.c
bloba22ca846701080d3721ef32fc72dc9b3038b02fd
1 /*
2 * ide-floppy IOCTLs handling.
3 */
5 #include <linux/kernel.h>
6 #include <linux/ide.h>
7 #include <linux/cdrom.h>
8 #include <linux/mutex.h>
10 #include <asm/unaligned.h>
12 #include <scsi/scsi_ioctl.h>
14 #include "ide-floppy.h"
17 * Obtain the list of formattable capacities.
18 * Very similar to ide_floppy_get_capacity, except that we push the capacity
19 * descriptors to userland, instead of our own structures.
21 * Userland gives us the following structure:
23 * struct idefloppy_format_capacities {
24 * int nformats;
25 * struct {
26 * int nblocks;
27 * int blocksize;
28 * } formats[];
29 * };
31 * userland initializes nformats to the number of allocated formats[] records.
32 * On exit we set nformats to the number of records we've actually initialized.
35 static DEFINE_MUTEX(ide_floppy_ioctl_mutex);
36 static int ide_floppy_get_format_capacities(ide_drive_t *drive,
37 struct ide_atapi_pc *pc,
38 int __user *arg)
40 struct ide_disk_obj *floppy = drive->driver_data;
41 int i, blocks, length, u_array_size, u_index;
42 int __user *argp;
43 u8 pc_buf[256], header_len, desc_cnt;
45 if (get_user(u_array_size, arg))
46 return -EFAULT;
48 if (u_array_size <= 0)
49 return -EINVAL;
51 ide_floppy_create_read_capacity_cmd(pc);
53 if (ide_queue_pc_tail(drive, floppy->disk, pc, pc_buf, pc->req_xfer)) {
54 printk(KERN_ERR "ide-floppy: Can't get floppy parameters\n");
55 return -EIO;
58 header_len = pc_buf[3];
59 desc_cnt = header_len / 8; /* capacity descriptor of 8 bytes */
61 u_index = 0;
62 argp = arg + 1;
65 * We always skip the first capacity descriptor. That's the current
66 * capacity. We are interested in the remaining descriptors, the
67 * formattable capacities.
69 for (i = 1; i < desc_cnt; i++) {
70 unsigned int desc_start = 4 + i*8;
72 if (u_index >= u_array_size)
73 break; /* User-supplied buffer too small */
75 blocks = be32_to_cpup((__be32 *)&pc_buf[desc_start]);
76 length = be16_to_cpup((__be16 *)&pc_buf[desc_start + 6]);
78 if (put_user(blocks, argp))
79 return -EFAULT;
81 ++argp;
83 if (put_user(length, argp))
84 return -EFAULT;
86 ++argp;
88 ++u_index;
91 if (put_user(u_index, arg))
92 return -EFAULT;
94 return 0;
97 static void ide_floppy_create_format_unit_cmd(struct ide_atapi_pc *pc,
98 u8 *buf, int b, int l,
99 int flags)
101 ide_init_pc(pc);
102 pc->c[0] = GPCMD_FORMAT_UNIT;
103 pc->c[1] = 0x17;
105 memset(buf, 0, 12);
106 buf[1] = 0xA2;
107 /* Default format list header, u8 1: FOV/DCRT/IMM bits set */
109 if (flags & 1) /* Verify bit on... */
110 buf[1] ^= 0x20; /* ... turn off DCRT bit */
111 buf[3] = 8;
113 put_unaligned(cpu_to_be32(b), (unsigned int *)(&buf[4]));
114 put_unaligned(cpu_to_be32(l), (unsigned int *)(&buf[8]));
115 pc->req_xfer = 12;
116 pc->flags |= PC_FLAG_WRITING;
119 static int ide_floppy_get_sfrp_bit(ide_drive_t *drive, struct ide_atapi_pc *pc)
121 struct ide_disk_obj *floppy = drive->driver_data;
122 u8 buf[20];
124 drive->atapi_flags &= ~IDE_AFLAG_SRFP;
126 ide_floppy_create_mode_sense_cmd(pc, IDEFLOPPY_CAPABILITIES_PAGE);
127 pc->flags |= PC_FLAG_SUPPRESS_ERROR;
129 if (ide_queue_pc_tail(drive, floppy->disk, pc, buf, pc->req_xfer))
130 return 1;
132 if (buf[8 + 2] & 0x40)
133 drive->atapi_flags |= IDE_AFLAG_SRFP;
135 return 0;
138 static int ide_floppy_format_unit(ide_drive_t *drive, struct ide_atapi_pc *pc,
139 int __user *arg)
141 struct ide_disk_obj *floppy = drive->driver_data;
142 u8 buf[12];
143 int blocks, length, flags, err = 0;
145 if (floppy->openers > 1) {
146 /* Don't format if someone is using the disk */
147 drive->dev_flags &= ~IDE_DFLAG_FORMAT_IN_PROGRESS;
148 return -EBUSY;
151 drive->dev_flags |= IDE_DFLAG_FORMAT_IN_PROGRESS;
154 * Send ATAPI_FORMAT_UNIT to the drive.
156 * Userland gives us the following structure:
158 * struct idefloppy_format_command {
159 * int nblocks;
160 * int blocksize;
161 * int flags;
162 * } ;
164 * flags is a bitmask, currently, the only defined flag is:
166 * 0x01 - verify media after format.
168 if (get_user(blocks, arg) ||
169 get_user(length, arg+1) ||
170 get_user(flags, arg+2)) {
171 err = -EFAULT;
172 goto out;
175 ide_floppy_get_sfrp_bit(drive, pc);
176 ide_floppy_create_format_unit_cmd(pc, buf, blocks, length, flags);
178 if (ide_queue_pc_tail(drive, floppy->disk, pc, buf, pc->req_xfer))
179 err = -EIO;
181 out:
182 if (err)
183 drive->dev_flags &= ~IDE_DFLAG_FORMAT_IN_PROGRESS;
184 return err;
188 * Get ATAPI_FORMAT_UNIT progress indication.
190 * Userland gives a pointer to an int. The int is set to a progress
191 * indicator 0-65536, with 65536=100%.
193 * If the drive does not support format progress indication, we just check
194 * the dsc bit, and return either 0 or 65536.
197 static int ide_floppy_get_format_progress(ide_drive_t *drive,
198 struct ide_atapi_pc *pc,
199 int __user *arg)
201 struct ide_disk_obj *floppy = drive->driver_data;
202 u8 sense_buf[18];
203 int progress_indication = 0x10000;
205 if (drive->atapi_flags & IDE_AFLAG_SRFP) {
206 ide_create_request_sense_cmd(drive, pc);
207 if (ide_queue_pc_tail(drive, floppy->disk, pc, sense_buf,
208 pc->req_xfer))
209 return -EIO;
211 if (floppy->sense_key == 2 &&
212 floppy->asc == 4 &&
213 floppy->ascq == 4)
214 progress_indication = floppy->progress_indication;
216 /* Else assume format_unit has finished, and we're at 0x10000 */
217 } else {
218 ide_hwif_t *hwif = drive->hwif;
219 unsigned long flags;
220 u8 stat;
222 local_irq_save(flags);
223 stat = hwif->tp_ops->read_status(hwif);
224 local_irq_restore(flags);
226 progress_indication = ((stat & ATA_DSC) == 0) ? 0 : 0x10000;
229 if (put_user(progress_indication, arg))
230 return -EFAULT;
232 return 0;
235 static int ide_floppy_lockdoor(ide_drive_t *drive, struct ide_atapi_pc *pc,
236 unsigned long arg, unsigned int cmd)
238 struct ide_disk_obj *floppy = drive->driver_data;
239 struct gendisk *disk = floppy->disk;
240 int prevent = (arg && cmd != CDROMEJECT) ? 1 : 0;
242 if (floppy->openers > 1)
243 return -EBUSY;
245 ide_set_media_lock(drive, disk, prevent);
247 if (cmd == CDROMEJECT)
248 ide_do_start_stop(drive, disk, 2);
250 return 0;
253 static int ide_floppy_format_ioctl(ide_drive_t *drive, struct ide_atapi_pc *pc,
254 fmode_t mode, unsigned int cmd,
255 void __user *argp)
257 switch (cmd) {
258 case IDEFLOPPY_IOCTL_FORMAT_SUPPORTED:
259 return 0;
260 case IDEFLOPPY_IOCTL_FORMAT_GET_CAPACITY:
261 return ide_floppy_get_format_capacities(drive, pc, argp);
262 case IDEFLOPPY_IOCTL_FORMAT_START:
263 if (!(mode & FMODE_WRITE))
264 return -EPERM;
265 return ide_floppy_format_unit(drive, pc, (int __user *)argp);
266 case IDEFLOPPY_IOCTL_FORMAT_GET_PROGRESS:
267 return ide_floppy_get_format_progress(drive, pc, argp);
268 default:
269 return -ENOTTY;
273 int ide_floppy_ioctl(ide_drive_t *drive, struct block_device *bdev,
274 fmode_t mode, unsigned int cmd, unsigned long arg)
276 struct ide_atapi_pc pc;
277 void __user *argp = (void __user *)arg;
278 int err;
280 mutex_lock(&ide_floppy_ioctl_mutex);
281 if (cmd == CDROMEJECT || cmd == CDROM_LOCKDOOR) {
282 err = ide_floppy_lockdoor(drive, &pc, arg, cmd);
283 goto out;
286 err = ide_floppy_format_ioctl(drive, &pc, mode, cmd, argp);
287 if (err != -ENOTTY)
288 goto out;
291 * skip SCSI_IOCTL_SEND_COMMAND (deprecated)
292 * and CDROM_SEND_PACKET (legacy) ioctls
294 if (cmd != CDROM_SEND_PACKET && cmd != SCSI_IOCTL_SEND_COMMAND)
295 err = scsi_cmd_blk_ioctl(bdev, mode, cmd, argp);
297 if (err == -ENOTTY)
298 err = generic_ide_ioctl(drive, bdev, cmd, arg);
300 out:
301 mutex_unlock(&ide_floppy_ioctl_mutex);
302 return err;