OMAPDSS: VENC: fix NULL pointer dereference in DSS2 VENC sysfs debug attr on OMAP4
[zen-stable.git] / drivers / scsi / sr_ioctl.c
bloba3911c39ea50ae1f0ff98c2108f1b40377b314da
1 #include <linux/kernel.h>
2 #include <linux/mm.h>
3 #include <linux/fs.h>
4 #include <linux/errno.h>
5 #include <linux/string.h>
6 #include <linux/blkdev.h>
7 #include <linux/module.h>
8 #include <linux/blkpg.h>
9 #include <linux/cdrom.h>
10 #include <linux/delay.h>
11 #include <linux/slab.h>
12 #include <asm/io.h>
13 #include <asm/uaccess.h>
15 #include <scsi/scsi.h>
16 #include <scsi/scsi_dbg.h>
17 #include <scsi/scsi_device.h>
18 #include <scsi/scsi_eh.h>
19 #include <scsi/scsi_host.h>
20 #include <scsi/scsi_ioctl.h>
21 #include <scsi/scsi_cmnd.h>
23 #include "sr.h"
25 #if 0
26 #define DEBUG
27 #endif
29 /* The sr_is_xa() seems to trigger firmware bugs with some drives :-(
30 * It is off by default and can be turned on with this module parameter */
31 static int xa_test = 0;
33 module_param(xa_test, int, S_IRUGO | S_IWUSR);
35 /* primitive to determine whether we need to have GFP_DMA set based on
36 * the status of the unchecked_isa_dma flag in the host structure */
37 #define SR_GFP_DMA(cd) (((cd)->device->host->unchecked_isa_dma) ? GFP_DMA : 0)
40 static int sr_read_tochdr(struct cdrom_device_info *cdi,
41 struct cdrom_tochdr *tochdr)
43 struct scsi_cd *cd = cdi->handle;
44 struct packet_command cgc;
45 int result;
46 unsigned char *buffer;
48 buffer = kmalloc(32, GFP_KERNEL | SR_GFP_DMA(cd));
49 if (!buffer)
50 return -ENOMEM;
52 memset(&cgc, 0, sizeof(struct packet_command));
53 cgc.timeout = IOCTL_TIMEOUT;
54 cgc.cmd[0] = GPCMD_READ_TOC_PMA_ATIP;
55 cgc.cmd[8] = 12; /* LSB of length */
56 cgc.buffer = buffer;
57 cgc.buflen = 12;
58 cgc.quiet = 1;
59 cgc.data_direction = DMA_FROM_DEVICE;
61 result = sr_do_ioctl(cd, &cgc);
63 tochdr->cdth_trk0 = buffer[2];
64 tochdr->cdth_trk1 = buffer[3];
66 kfree(buffer);
67 return result;
70 static int sr_read_tocentry(struct cdrom_device_info *cdi,
71 struct cdrom_tocentry *tocentry)
73 struct scsi_cd *cd = cdi->handle;
74 struct packet_command cgc;
75 int result;
76 unsigned char *buffer;
78 buffer = kmalloc(32, GFP_KERNEL | SR_GFP_DMA(cd));
79 if (!buffer)
80 return -ENOMEM;
82 memset(&cgc, 0, sizeof(struct packet_command));
83 cgc.timeout = IOCTL_TIMEOUT;
84 cgc.cmd[0] = GPCMD_READ_TOC_PMA_ATIP;
85 cgc.cmd[1] |= (tocentry->cdte_format == CDROM_MSF) ? 0x02 : 0;
86 cgc.cmd[6] = tocentry->cdte_track;
87 cgc.cmd[8] = 12; /* LSB of length */
88 cgc.buffer = buffer;
89 cgc.buflen = 12;
90 cgc.data_direction = DMA_FROM_DEVICE;
92 result = sr_do_ioctl(cd, &cgc);
94 tocentry->cdte_ctrl = buffer[5] & 0xf;
95 tocentry->cdte_adr = buffer[5] >> 4;
96 tocentry->cdte_datamode = (tocentry->cdte_ctrl & 0x04) ? 1 : 0;
97 if (tocentry->cdte_format == CDROM_MSF) {
98 tocentry->cdte_addr.msf.minute = buffer[9];
99 tocentry->cdte_addr.msf.second = buffer[10];
100 tocentry->cdte_addr.msf.frame = buffer[11];
101 } else
102 tocentry->cdte_addr.lba = (((((buffer[8] << 8) + buffer[9]) << 8)
103 + buffer[10]) << 8) + buffer[11];
105 kfree(buffer);
106 return result;
109 #define IOCTL_RETRIES 3
111 /* ATAPI drives don't have a SCMD_PLAYAUDIO_TI command. When these drives
112 are emulating a SCSI device via the idescsi module, they need to have
113 CDROMPLAYTRKIND commands translated into CDROMPLAYMSF commands for them */
115 static int sr_fake_playtrkind(struct cdrom_device_info *cdi, struct cdrom_ti *ti)
117 struct cdrom_tocentry trk0_te, trk1_te;
118 struct cdrom_tochdr tochdr;
119 struct packet_command cgc;
120 int ntracks, ret;
122 ret = sr_read_tochdr(cdi, &tochdr);
123 if (ret)
124 return ret;
126 ntracks = tochdr.cdth_trk1 - tochdr.cdth_trk0 + 1;
128 if (ti->cdti_trk1 == ntracks)
129 ti->cdti_trk1 = CDROM_LEADOUT;
130 else if (ti->cdti_trk1 != CDROM_LEADOUT)
131 ti->cdti_trk1 ++;
133 trk0_te.cdte_track = ti->cdti_trk0;
134 trk0_te.cdte_format = CDROM_MSF;
135 trk1_te.cdte_track = ti->cdti_trk1;
136 trk1_te.cdte_format = CDROM_MSF;
138 ret = sr_read_tocentry(cdi, &trk0_te);
139 if (ret)
140 return ret;
141 ret = sr_read_tocentry(cdi, &trk1_te);
142 if (ret)
143 return ret;
145 memset(&cgc, 0, sizeof(struct packet_command));
146 cgc.cmd[0] = GPCMD_PLAY_AUDIO_MSF;
147 cgc.cmd[3] = trk0_te.cdte_addr.msf.minute;
148 cgc.cmd[4] = trk0_te.cdte_addr.msf.second;
149 cgc.cmd[5] = trk0_te.cdte_addr.msf.frame;
150 cgc.cmd[6] = trk1_te.cdte_addr.msf.minute;
151 cgc.cmd[7] = trk1_te.cdte_addr.msf.second;
152 cgc.cmd[8] = trk1_te.cdte_addr.msf.frame;
153 cgc.data_direction = DMA_NONE;
154 cgc.timeout = IOCTL_TIMEOUT;
155 return sr_do_ioctl(cdi->handle, &cgc);
158 static int sr_play_trkind(struct cdrom_device_info *cdi,
159 struct cdrom_ti *ti)
162 struct scsi_cd *cd = cdi->handle;
163 struct packet_command cgc;
164 int result;
166 memset(&cgc, 0, sizeof(struct packet_command));
167 cgc.timeout = IOCTL_TIMEOUT;
168 cgc.cmd[0] = GPCMD_PLAYAUDIO_TI;
169 cgc.cmd[4] = ti->cdti_trk0;
170 cgc.cmd[5] = ti->cdti_ind0;
171 cgc.cmd[7] = ti->cdti_trk1;
172 cgc.cmd[8] = ti->cdti_ind1;
173 cgc.data_direction = DMA_NONE;
175 result = sr_do_ioctl(cd, &cgc);
176 if (result == -EDRIVE_CANT_DO_THIS)
177 result = sr_fake_playtrkind(cdi, ti);
179 return result;
182 /* We do our own retries because we want to know what the specific
183 error code is. Normally the UNIT_ATTENTION code will automatically
184 clear after one error */
186 int sr_do_ioctl(Scsi_CD *cd, struct packet_command *cgc)
188 struct scsi_device *SDev;
189 struct scsi_sense_hdr sshdr;
190 int result, err = 0, retries = 0;
191 struct request_sense *sense = cgc->sense;
193 SDev = cd->device;
195 if (!sense) {
196 sense = kmalloc(SCSI_SENSE_BUFFERSIZE, GFP_KERNEL);
197 if (!sense) {
198 err = -ENOMEM;
199 goto out;
203 retry:
204 if (!scsi_block_when_processing_errors(SDev)) {
205 err = -ENODEV;
206 goto out;
209 memset(sense, 0, sizeof(*sense));
210 result = scsi_execute(SDev, cgc->cmd, cgc->data_direction,
211 cgc->buffer, cgc->buflen, (char *)sense,
212 cgc->timeout, IOCTL_RETRIES, 0, NULL);
214 scsi_normalize_sense((char *)sense, sizeof(*sense), &sshdr);
216 /* Minimal error checking. Ignore cases we know about, and report the rest. */
217 if (driver_byte(result) != 0) {
218 switch (sshdr.sense_key) {
219 case UNIT_ATTENTION:
220 SDev->changed = 1;
221 if (!cgc->quiet)
222 printk(KERN_INFO "%s: disc change detected.\n", cd->cdi.name);
223 if (retries++ < 10)
224 goto retry;
225 err = -ENOMEDIUM;
226 break;
227 case NOT_READY: /* This happens if there is no disc in drive */
228 if (sshdr.asc == 0x04 &&
229 sshdr.ascq == 0x01) {
230 /* sense: Logical unit is in process of becoming ready */
231 if (!cgc->quiet)
232 printk(KERN_INFO "%s: CDROM not ready yet.\n", cd->cdi.name);
233 if (retries++ < 10) {
234 /* sleep 2 sec and try again */
235 ssleep(2);
236 goto retry;
237 } else {
238 /* 20 secs are enough? */
239 err = -ENOMEDIUM;
240 break;
243 if (!cgc->quiet)
244 printk(KERN_INFO "%s: CDROM not ready. Make sure there is a disc in the drive.\n", cd->cdi.name);
245 #ifdef DEBUG
246 scsi_print_sense_hdr("sr", &sshdr);
247 #endif
248 err = -ENOMEDIUM;
249 break;
250 case ILLEGAL_REQUEST:
251 err = -EIO;
252 if (sshdr.asc == 0x20 &&
253 sshdr.ascq == 0x00)
254 /* sense: Invalid command operation code */
255 err = -EDRIVE_CANT_DO_THIS;
256 #ifdef DEBUG
257 __scsi_print_command(cgc->cmd);
258 scsi_print_sense_hdr("sr", &sshdr);
259 #endif
260 break;
261 default:
262 printk(KERN_ERR "%s: CDROM (ioctl) error, command: ", cd->cdi.name);
263 __scsi_print_command(cgc->cmd);
264 scsi_print_sense_hdr("sr", &sshdr);
265 err = -EIO;
269 /* Wake up a process waiting for device */
270 out:
271 if (!cgc->sense)
272 kfree(sense);
273 cgc->stat = err;
274 return err;
277 /* ---------------------------------------------------------------------- */
278 /* interface to cdrom.c */
280 int sr_tray_move(struct cdrom_device_info *cdi, int pos)
282 Scsi_CD *cd = cdi->handle;
283 struct packet_command cgc;
285 memset(&cgc, 0, sizeof(struct packet_command));
286 cgc.cmd[0] = GPCMD_START_STOP_UNIT;
287 cgc.cmd[4] = (pos == 0) ? 0x03 /* close */ : 0x02 /* eject */ ;
288 cgc.data_direction = DMA_NONE;
289 cgc.timeout = IOCTL_TIMEOUT;
290 return sr_do_ioctl(cd, &cgc);
293 int sr_lock_door(struct cdrom_device_info *cdi, int lock)
295 Scsi_CD *cd = cdi->handle;
297 return scsi_set_medium_removal(cd->device, lock ?
298 SCSI_REMOVAL_PREVENT : SCSI_REMOVAL_ALLOW);
301 int sr_drive_status(struct cdrom_device_info *cdi, int slot)
303 struct scsi_cd *cd = cdi->handle;
304 struct scsi_sense_hdr sshdr;
305 struct media_event_desc med;
307 if (CDSL_CURRENT != slot) {
308 /* we have no changer support */
309 return -EINVAL;
311 if (!scsi_test_unit_ready(cd->device, SR_TIMEOUT, MAX_RETRIES, &sshdr))
312 return CDS_DISC_OK;
314 /* SK/ASC/ASCQ of 2/4/1 means "unit is becoming ready" */
315 if (scsi_sense_valid(&sshdr) && sshdr.sense_key == NOT_READY
316 && sshdr.asc == 0x04 && sshdr.ascq == 0x01)
317 return CDS_DRIVE_NOT_READY;
319 if (!cdrom_get_media_event(cdi, &med)) {
320 if (med.media_present)
321 return CDS_DISC_OK;
322 else if (med.door_open)
323 return CDS_TRAY_OPEN;
324 else
325 return CDS_NO_DISC;
329 * SK/ASC/ASCQ of 2/4/2 means "initialization required"
330 * Using CD_TRAY_OPEN results in an START_STOP_UNIT to close
331 * the tray, which resolves the initialization requirement.
333 if (scsi_sense_valid(&sshdr) && sshdr.sense_key == NOT_READY
334 && sshdr.asc == 0x04 && sshdr.ascq == 0x02)
335 return CDS_TRAY_OPEN;
338 * 0x04 is format in progress .. but there must be a disc present!
340 if (sshdr.sense_key == NOT_READY && sshdr.asc == 0x04)
341 return CDS_DISC_OK;
344 * If not using Mt Fuji extended media tray reports,
345 * just return TRAY_OPEN since ATAPI doesn't provide
346 * any other way to detect this...
348 if (scsi_sense_valid(&sshdr) &&
349 /* 0x3a is medium not present */
350 sshdr.asc == 0x3a)
351 return CDS_NO_DISC;
352 else
353 return CDS_TRAY_OPEN;
355 return CDS_DRIVE_NOT_READY;
358 int sr_disk_status(struct cdrom_device_info *cdi)
360 Scsi_CD *cd = cdi->handle;
361 struct cdrom_tochdr toc_h;
362 struct cdrom_tocentry toc_e;
363 int i, rc, have_datatracks = 0;
365 /* look for data tracks */
366 rc = sr_read_tochdr(cdi, &toc_h);
367 if (rc)
368 return (rc == -ENOMEDIUM) ? CDS_NO_DISC : CDS_NO_INFO;
370 for (i = toc_h.cdth_trk0; i <= toc_h.cdth_trk1; i++) {
371 toc_e.cdte_track = i;
372 toc_e.cdte_format = CDROM_LBA;
373 if (sr_read_tocentry(cdi, &toc_e))
374 return CDS_NO_INFO;
375 if (toc_e.cdte_ctrl & CDROM_DATA_TRACK) {
376 have_datatracks = 1;
377 break;
380 if (!have_datatracks)
381 return CDS_AUDIO;
383 if (cd->xa_flag)
384 return CDS_XA_2_1;
385 else
386 return CDS_DATA_1;
389 int sr_get_last_session(struct cdrom_device_info *cdi,
390 struct cdrom_multisession *ms_info)
392 Scsi_CD *cd = cdi->handle;
394 ms_info->addr.lba = cd->ms_offset;
395 ms_info->xa_flag = cd->xa_flag || cd->ms_offset > 0;
397 return 0;
400 int sr_get_mcn(struct cdrom_device_info *cdi, struct cdrom_mcn *mcn)
402 Scsi_CD *cd = cdi->handle;
403 struct packet_command cgc;
404 char *buffer = kmalloc(32, GFP_KERNEL | SR_GFP_DMA(cd));
405 int result;
407 if (!buffer)
408 return -ENOMEM;
410 memset(&cgc, 0, sizeof(struct packet_command));
411 cgc.cmd[0] = GPCMD_READ_SUBCHANNEL;
412 cgc.cmd[2] = 0x40; /* I do want the subchannel info */
413 cgc.cmd[3] = 0x02; /* Give me medium catalog number info */
414 cgc.cmd[8] = 24;
415 cgc.buffer = buffer;
416 cgc.buflen = 24;
417 cgc.data_direction = DMA_FROM_DEVICE;
418 cgc.timeout = IOCTL_TIMEOUT;
419 result = sr_do_ioctl(cd, &cgc);
421 memcpy(mcn->medium_catalog_number, buffer + 9, 13);
422 mcn->medium_catalog_number[13] = 0;
424 kfree(buffer);
425 return result;
428 int sr_reset(struct cdrom_device_info *cdi)
430 return 0;
433 int sr_select_speed(struct cdrom_device_info *cdi, int speed)
435 Scsi_CD *cd = cdi->handle;
436 struct packet_command cgc;
438 if (speed == 0)
439 speed = 0xffff; /* set to max */
440 else
441 speed *= 177; /* Nx to kbyte/s */
443 memset(&cgc, 0, sizeof(struct packet_command));
444 cgc.cmd[0] = GPCMD_SET_SPEED; /* SET CD SPEED */
445 cgc.cmd[2] = (speed >> 8) & 0xff; /* MSB for speed (in kbytes/sec) */
446 cgc.cmd[3] = speed & 0xff; /* LSB */
447 cgc.data_direction = DMA_NONE;
448 cgc.timeout = IOCTL_TIMEOUT;
450 if (sr_do_ioctl(cd, &cgc))
451 return -EIO;
452 return 0;
455 /* ----------------------------------------------------------------------- */
456 /* this is called by the generic cdrom driver. arg is a _kernel_ pointer, */
457 /* because the generic cdrom driver does the user access stuff for us. */
458 /* only cdromreadtochdr and cdromreadtocentry are left - for use with the */
459 /* sr_disk_status interface for the generic cdrom driver. */
461 int sr_audio_ioctl(struct cdrom_device_info *cdi, unsigned int cmd, void *arg)
463 switch (cmd) {
464 case CDROMREADTOCHDR:
465 return sr_read_tochdr(cdi, arg);
466 case CDROMREADTOCENTRY:
467 return sr_read_tocentry(cdi, arg);
468 case CDROMPLAYTRKIND:
469 return sr_play_trkind(cdi, arg);
470 default:
471 return -EINVAL;
475 /* -----------------------------------------------------------------------
476 * a function to read all sorts of funny cdrom sectors using the READ_CD
477 * scsi-3 mmc command
479 * lba: linear block address
480 * format: 0 = data (anything)
481 * 1 = audio
482 * 2 = data (mode 1)
483 * 3 = data (mode 2)
484 * 4 = data (mode 2 form1)
485 * 5 = data (mode 2 form2)
486 * blksize: 2048 | 2336 | 2340 | 2352
489 static int sr_read_cd(Scsi_CD *cd, unsigned char *dest, int lba, int format, int blksize)
491 struct packet_command cgc;
493 #ifdef DEBUG
494 printk("%s: sr_read_cd lba=%d format=%d blksize=%d\n",
495 cd->cdi.name, lba, format, blksize);
496 #endif
498 memset(&cgc, 0, sizeof(struct packet_command));
499 cgc.cmd[0] = GPCMD_READ_CD; /* READ_CD */
500 cgc.cmd[1] = ((format & 7) << 2);
501 cgc.cmd[2] = (unsigned char) (lba >> 24) & 0xff;
502 cgc.cmd[3] = (unsigned char) (lba >> 16) & 0xff;
503 cgc.cmd[4] = (unsigned char) (lba >> 8) & 0xff;
504 cgc.cmd[5] = (unsigned char) lba & 0xff;
505 cgc.cmd[8] = 1;
506 switch (blksize) {
507 case 2336:
508 cgc.cmd[9] = 0x58;
509 break;
510 case 2340:
511 cgc.cmd[9] = 0x78;
512 break;
513 case 2352:
514 cgc.cmd[9] = 0xf8;
515 break;
516 default:
517 cgc.cmd[9] = 0x10;
518 break;
520 cgc.buffer = dest;
521 cgc.buflen = blksize;
522 cgc.data_direction = DMA_FROM_DEVICE;
523 cgc.timeout = IOCTL_TIMEOUT;
524 return sr_do_ioctl(cd, &cgc);
528 * read sectors with blocksizes other than 2048
531 static int sr_read_sector(Scsi_CD *cd, int lba, int blksize, unsigned char *dest)
533 struct packet_command cgc;
534 int rc;
536 /* we try the READ CD command first... */
537 if (cd->readcd_known) {
538 rc = sr_read_cd(cd, dest, lba, 0, blksize);
539 if (-EDRIVE_CANT_DO_THIS != rc)
540 return rc;
541 cd->readcd_known = 0;
542 printk("CDROM does'nt support READ CD (0xbe) command\n");
543 /* fall & retry the other way */
545 /* ... if this fails, we switch the blocksize using MODE SELECT */
546 if (blksize != cd->device->sector_size) {
547 if (0 != (rc = sr_set_blocklength(cd, blksize)))
548 return rc;
550 #ifdef DEBUG
551 printk("%s: sr_read_sector lba=%d blksize=%d\n", cd->cdi.name, lba, blksize);
552 #endif
554 memset(&cgc, 0, sizeof(struct packet_command));
555 cgc.cmd[0] = GPCMD_READ_10;
556 cgc.cmd[2] = (unsigned char) (lba >> 24) & 0xff;
557 cgc.cmd[3] = (unsigned char) (lba >> 16) & 0xff;
558 cgc.cmd[4] = (unsigned char) (lba >> 8) & 0xff;
559 cgc.cmd[5] = (unsigned char) lba & 0xff;
560 cgc.cmd[8] = 1;
561 cgc.buffer = dest;
562 cgc.buflen = blksize;
563 cgc.data_direction = DMA_FROM_DEVICE;
564 cgc.timeout = IOCTL_TIMEOUT;
565 rc = sr_do_ioctl(cd, &cgc);
567 return rc;
571 * read a sector in raw mode to check the sector format
572 * ret: 1 == mode2 (XA), 0 == mode1, <0 == error
575 int sr_is_xa(Scsi_CD *cd)
577 unsigned char *raw_sector;
578 int is_xa;
580 if (!xa_test)
581 return 0;
583 raw_sector = kmalloc(2048, GFP_KERNEL | SR_GFP_DMA(cd));
584 if (!raw_sector)
585 return -ENOMEM;
586 if (0 == sr_read_sector(cd, cd->ms_offset + 16,
587 CD_FRAMESIZE_RAW1, raw_sector)) {
588 is_xa = (raw_sector[3] == 0x02) ? 1 : 0;
589 } else {
590 /* read a raw sector failed for some reason. */
591 is_xa = -1;
593 kfree(raw_sector);
594 #ifdef DEBUG
595 printk("%s: sr_is_xa: %d\n", cd->cdi.name, is_xa);
596 #endif
597 return is_xa;