Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / staging / keucr / scsiglue.c
blobe1f3931d41e0c9b24ee75c5ea10506e5ae320ed8
1 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
3 #include <linux/slab.h>
4 #include <linux/module.h>
5 #include <linux/mutex.h>
7 #include <scsi/scsi.h>
8 #include <scsi/scsi_cmnd.h>
9 #include <scsi/scsi_devinfo.h>
10 #include <scsi/scsi_device.h>
11 #include <scsi/scsi_eh.h>
13 #include "usb.h"
14 #include "scsiglue.h"
15 #include "transport.h"
17 /* Host functions */
19 * host_info()
21 static const char *host_info(struct Scsi_Host *host)
23 /* pr_info("scsiglue --- host_info\n"); */
24 return "SCSI emulation for USB Mass Storage devices";
28 * slave_alloc()
30 static int slave_alloc(struct scsi_device *sdev)
32 struct us_data *us = host_to_us(sdev->host);
34 /* pr_info("scsiglue --- slave_alloc\n"); */
35 sdev->inquiry_len = 36;
37 blk_queue_update_dma_alignment(sdev->request_queue, (512 - 1));
39 if (us->subclass == USB_SC_UFI)
40 sdev->sdev_target->pdt_1f_for_no_lun = 1;
42 return 0;
46 * slave_configure()
48 static int slave_configure(struct scsi_device *sdev)
50 struct us_data *us = host_to_us(sdev->host);
52 /* pr_info("scsiglue --- slave_configure\n"); */
53 if (us->fflags & (US_FL_MAX_SECTORS_64 | US_FL_MAX_SECTORS_MIN)) {
54 unsigned int max_sectors = 64;
56 if (us->fflags & US_FL_MAX_SECTORS_MIN)
57 max_sectors = PAGE_CACHE_SIZE >> 9;
58 if (queue_max_sectors(sdev->request_queue) > max_sectors)
59 blk_queue_max_hw_sectors(sdev->request_queue,
60 max_sectors);
63 if (sdev->type == TYPE_DISK) {
64 if (us->subclass != USB_SC_SCSI &&
65 us->subclass != USB_SC_CYP_ATACB)
66 sdev->use_10_for_ms = 1;
67 sdev->use_192_bytes_for_3f = 1;
68 if (us->fflags & US_FL_NO_WP_DETECT)
69 sdev->skip_ms_page_3f = 1;
70 sdev->skip_ms_page_8 = 1;
71 if (us->fflags & US_FL_FIX_CAPACITY)
72 sdev->fix_capacity = 1;
73 if (us->fflags & US_FL_CAPACITY_HEURISTICS)
74 sdev->guess_capacity = 1;
75 if (sdev->scsi_level > SCSI_2)
76 sdev->sdev_target->scsi_level = sdev->scsi_level = SCSI_2;
77 sdev->retry_hwerror = 1;
78 sdev->allow_restart = 1;
79 sdev->last_sector_bug = 1;
80 } else {
81 sdev->use_10_for_ms = 1;
84 if ((us->protocol == USB_PR_CB || us->protocol == USB_PR_CBI) &&
85 sdev->scsi_level == SCSI_UNKNOWN)
86 us->max_lun = 0;
88 if (us->fflags & US_FL_NOT_LOCKABLE)
89 sdev->lockable = 0;
91 return 0;
94 /* This is always called with scsi_lock(host) held */
96 * queuecommand()
98 static int queuecommand_lck(struct scsi_cmnd *srb,
99 void (*done)(struct scsi_cmnd *))
101 struct us_data *us = host_to_us(srb->device->host);
103 /* pr_info("scsiglue --- queuecommand\n"); */
105 /* check for state-transition errors */
106 if (us->srb != NULL) {
107 /* pr_info("Error in %s: us->srb = %p\n"
108 __FUNCTION__, us->srb); */
109 return SCSI_MLQUEUE_HOST_BUSY;
112 /* fail the command if we are disconnecting */
113 if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) {
114 pr_info("Fail command during disconnect\n");
115 srb->result = DID_NO_CONNECT << 16;
116 done(srb);
117 return 0;
120 /* enqueue the command and wake up the control thread */
121 srb->scsi_done = done;
122 us->srb = srb;
123 complete(&us->cmnd_ready);
125 return 0;
128 static DEF_SCSI_QCMD(queuecommand)
130 /***********************************************************************
131 * Error handling functions
132 ***********************************************************************/
134 /* Command timeout and abort */
136 * command_abort()
138 static int command_abort(struct scsi_cmnd *srb)
140 struct us_data *us = host_to_us(srb->device->host);
142 /* pr_info("scsiglue --- command_abort\n"); */
144 scsi_lock(us_to_host(us));
145 if (us->srb != srb) {
146 scsi_unlock(us_to_host(us));
147 printk("-- nothing to abort\n");
148 return FAILED;
151 set_bit(US_FLIDX_TIMED_OUT, &us->dflags);
152 if (!test_bit(US_FLIDX_RESETTING, &us->dflags)) {
153 set_bit(US_FLIDX_ABORTING, &us->dflags);
154 usb_stor_stop_transport(us);
156 scsi_unlock(us_to_host(us));
158 /* Wait for the aborted command to finish */
159 wait_for_completion(&us->notify);
160 return SUCCESS;
163 /* This invokes the transport reset mechanism to reset the state of the
164 * device.
167 * device_reset()
169 static int device_reset(struct scsi_cmnd *srb)
171 struct us_data *us = host_to_us(srb->device->host);
172 int result;
174 /* pr_info("scsiglue --- device_reset\n"); */
176 /* lock the device pointers and do the reset */
177 mutex_lock(&(us->dev_mutex));
178 result = us->transport_reset(us);
179 mutex_unlock(&us->dev_mutex);
181 return result < 0 ? FAILED : SUCCESS;
185 * bus_reset()
187 static int bus_reset(struct scsi_cmnd *srb)
189 struct us_data *us = host_to_us(srb->device->host);
190 int result;
192 /* pr_info("scsiglue --- bus_reset\n"); */
193 result = usb_stor_port_reset(us);
194 return result < 0 ? FAILED : SUCCESS;
198 * usb_stor_report_device_reset()
200 void usb_stor_report_device_reset(struct us_data *us)
202 int i;
203 struct Scsi_Host *host = us_to_host(us);
205 /* pr_info("scsiglue --- usb_stor_report_device_reset\n"); */
206 scsi_report_device_reset(host, 0, 0);
207 if (us->fflags & US_FL_SCM_MULT_TARG) {
208 for (i = 1; i < host->max_id; ++i)
209 scsi_report_device_reset(host, 0, i);
214 * usb_stor_report_bus_reset()
216 void usb_stor_report_bus_reset(struct us_data *us)
218 struct Scsi_Host *host = us_to_host(us);
220 /* pr_info("scsiglue --- usb_stor_report_bus_reset\n"); */
221 scsi_lock(host);
222 scsi_report_bus_reset(host, 0);
223 scsi_unlock(host);
226 /***********************************************************************
227 * /proc/scsi/ functions
228 ***********************************************************************/
230 /* we use this macro to help us write into the buffer */
231 #undef SPRINTF
232 #define SPRINTF(args...) \
233 do { if (pos < buffer+length) pos += sprintf(pos, ## args); } while (0)
236 * proc_info()
238 static int proc_info(struct Scsi_Host *host, char *buffer, char **start,
239 off_t offset, int length, int inout)
241 struct us_data *us = host_to_us(host);
242 char *pos = buffer;
243 const char *string;
245 /* pr_info("scsiglue --- proc_info\n"); */
246 if (inout)
247 return length;
249 /* print the controller name */
250 SPRINTF(" Host scsi%d: usb-storage\n", host->host_no);
252 /* print product, vendor, and serial number strings */
253 if (us->pusb_dev->manufacturer)
254 string = us->pusb_dev->manufacturer;
255 else if (us->unusual_dev->vendorName)
256 string = us->unusual_dev->vendorName;
257 else
258 string = "Unknown";
259 SPRINTF(" Vendor: %s\n", string);
260 if (us->pusb_dev->product)
261 string = us->pusb_dev->product;
262 else if (us->unusual_dev->productName)
263 string = us->unusual_dev->productName;
264 else
265 string = "Unknown";
266 SPRINTF(" Product: %s\n", string);
267 if (us->pusb_dev->serial)
268 string = us->pusb_dev->serial;
269 else
270 string = "None";
271 SPRINTF("Serial Number: %s\n", string);
273 /* show the protocol and transport */
274 SPRINTF(" Protocol: %s\n", us->protocol_name);
275 SPRINTF(" Transport: %s\n", us->transport_name);
277 /* show the device flags */
278 if (pos < buffer + length) {
279 pos += sprintf(pos, " Quirks:");
281 #define US_FLAG(name, value) \
282 if (us->fflags & value)\
283 pos += sprintf(pos, " " #name);
284 US_DO_ALL_FLAGS
285 #undef US_FLAG
287 *(pos++) = '\n';
290 /* Calculate start of next buffer, and return value. */
291 *start = buffer + offset;
293 if ((pos - buffer) < offset)
294 return 0;
295 else if ((pos - buffer - offset) < length)
296 return pos - buffer - offset;
297 else
298 return length;
301 /***********************************************************************
302 * Sysfs interface
303 ***********************************************************************/
305 /* Output routine for the sysfs max_sectors file */
307 * show_max_sectors()
309 static ssize_t show_max_sectors(struct device *dev,
310 struct device_attribute *attr, char *buf)
312 struct scsi_device *sdev = to_scsi_device(dev);
314 /* pr_info("scsiglue --- ssize_t show_max_sectors\n"); */
315 return sprintf(buf, "%u\n", queue_max_sectors(sdev->request_queue));
318 /* Input routine for the sysfs max_sectors file */
320 * store_max_sectors()
322 static ssize_t store_max_sectors(struct device *dev,
323 struct device_attribute *attr,
324 const char *buf, size_t count)
326 struct scsi_device *sdev = to_scsi_device(dev);
327 unsigned short ms;
329 /* pr_info("scsiglue --- ssize_t store_max_sectors\n"); */
330 if (sscanf(buf, "%hu", &ms) > 0 && ms <= SCSI_DEFAULT_MAX_SECTORS) {
331 blk_queue_max_hw_sectors(sdev->request_queue, ms);
332 return strlen(buf);
334 return -EINVAL;
337 static DEVICE_ATTR(max_sectors, S_IRUGO | S_IWUSR, show_max_sectors, store_max_sectors);
338 static struct device_attribute *sysfs_device_attr_list[] = {&dev_attr_max_sectors, NULL, };
340 /* this defines our host template, with which we'll allocate hosts */
343 * usb_stor_host_template()
345 struct scsi_host_template usb_stor_host_template = {
346 /* basic userland interface stuff */
347 .name = "eucr-storage",
348 .proc_name = "eucr-storage",
349 .proc_info = proc_info,
350 .info = host_info,
352 /* command interface -- queued only */
353 .queuecommand = queuecommand,
355 /* error and abort handlers */
356 .eh_abort_handler = command_abort,
357 .eh_device_reset_handler = device_reset,
358 .eh_bus_reset_handler = bus_reset,
360 /* queue commands only, only one command per LUN */
361 .can_queue = 1,
362 .cmd_per_lun = 1,
364 /* unknown initiator id */
365 .this_id = -1,
367 .slave_alloc = slave_alloc,
368 .slave_configure = slave_configure,
370 /* lots of sg segments can be handled */
371 .sg_tablesize = SG_ALL,
373 /* limit the total size of a transfer to 120 KB */
374 .max_sectors = 240,
376 /* merge commands... this seems to help performance, but
377 * periodically someone should test to see which setting is more
378 * optimal.
380 .use_clustering = 1,
382 /* emulated HBA */
383 .emulated = 1,
385 /* we do our own delay after a device or bus reset */
386 .skip_settle_delay = 1,
388 /* sysfs device attributes */
389 .sdev_attrs = sysfs_device_attr_list,
391 /* module management */
392 .module = THIS_MODULE
395 /* To Report "Illegal Request: Invalid Field in CDB */
396 unsigned char usb_stor_sense_invalidCDB[18] = {
397 [0] = 0x70, /* current error */
398 [2] = ILLEGAL_REQUEST, /* Illegal Request = 0x05 */
399 [7] = 0x0a, /* additional length */
400 [12] = 0x24 /* Invalid Field in CDB */
403 /***********************************************************************
404 * Scatter-gather transfer buffer access routines
405 ***********************************************************************/
408 * usb_stor_access_xfer_buf()
410 unsigned int usb_stor_access_xfer_buf(struct us_data *us, unsigned char *buffer,
411 unsigned int buflen, struct scsi_cmnd *srb, struct scatterlist **sgptr,
412 unsigned int *offset, enum xfer_buf_dir dir)
414 unsigned int cnt;
416 /* pr_info("transport --- usb_stor_access_xfer_buf\n"); */
417 struct scatterlist *sg = *sgptr;
419 if (!sg)
420 sg = scsi_sglist(srb);
422 cnt = 0;
423 while (cnt < buflen && sg) {
424 struct page *page = sg_page(sg) +
425 ((sg->offset + *offset) >> PAGE_SHIFT);
426 unsigned int poff = (sg->offset + *offset) & (PAGE_SIZE-1);
427 unsigned int sglen = sg->length - *offset;
429 if (sglen > buflen - cnt) {
430 /* Transfer ends within this s-g entry */
431 sglen = buflen - cnt;
432 *offset += sglen;
433 } else {
434 /* Transfer continues to next s-g entry */
435 *offset = 0;
436 sg = sg_next(sg);
439 while (sglen > 0) {
440 unsigned int plen = min(sglen,
441 (unsigned int)PAGE_SIZE - poff);
442 unsigned char *ptr = kmap(page);
444 if (dir == TO_XFER_BUF)
445 memcpy(ptr + poff, buffer + cnt, plen);
446 else
447 memcpy(buffer + cnt, ptr + poff, plen);
448 kunmap(page);
450 /* Start at the beginning of the next page */
451 poff = 0;
452 ++page;
453 cnt += plen;
454 sglen -= plen;
457 *sgptr = sg;
459 /* Return the amount actually transferred */
460 return cnt;
464 * Store the contents of buffer into srb's transfer
465 * buffer and set the SCSI residue.
468 * usb_stor_set_xfer_buf()
470 void usb_stor_set_xfer_buf(struct us_data *us, unsigned char *buffer,
471 unsigned int buflen, struct scsi_cmnd *srb, unsigned int dir)
473 unsigned int offset = 0;
474 struct scatterlist *sg = NULL;
476 /* pr_info("transport --- usb_stor_set_xfer_buf\n"); */
477 /* TO_XFER_BUF = 0, FROM_XFER_BUF = 1 */
478 buflen = min(buflen, scsi_bufflen(srb));
479 buflen = usb_stor_access_xfer_buf(us, buffer, buflen, srb,
480 &sg, &offset, dir);
481 if (buflen < scsi_bufflen(srb))
482 scsi_set_resid(srb, scsi_bufflen(srb) - buflen);