root/block/scsi_ioctl.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. sg_get_version
  2. scsi_get_idlun
  3. scsi_get_bus
  4. sg_get_timeout
  5. sg_set_timeout
  6. max_sectors_bytes
  7. sg_get_reserved_size
  8. sg_set_reserved_size
  9. sg_emulated_host
  10. blk_set_cmd_filter_defaults
  11. blk_verify_command
  12. blk_fill_sghdr_rq
  13. blk_complete_sghdr_rq
  14. sg_io
  15. sg_scsi_ioctl
  16. __blk_send_generic
  17. blk_send_start_stop
  18. scsi_cmd_ioctl
  19. scsi_verify_blk_ioctl
  20. scsi_cmd_blk_ioctl
  21. scsi_req_init
  22. blk_scsi_ioctl_init

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  * Copyright (C) 2001 Jens Axboe <axboe@suse.de>
   4  */
   5 #include <linux/kernel.h>
   6 #include <linux/errno.h>
   7 #include <linux/string.h>
   8 #include <linux/module.h>
   9 #include <linux/blkdev.h>
  10 #include <linux/capability.h>
  11 #include <linux/completion.h>
  12 #include <linux/cdrom.h>
  13 #include <linux/ratelimit.h>
  14 #include <linux/slab.h>
  15 #include <linux/times.h>
  16 #include <linux/uio.h>
  17 #include <linux/uaccess.h>
  18 
  19 #include <scsi/scsi.h>
  20 #include <scsi/scsi_ioctl.h>
  21 #include <scsi/scsi_cmnd.h>
  22 
  23 struct blk_cmd_filter {
  24         unsigned long read_ok[BLK_SCSI_CMD_PER_LONG];
  25         unsigned long write_ok[BLK_SCSI_CMD_PER_LONG];
  26 };
  27 
  28 static struct blk_cmd_filter blk_default_cmd_filter;
  29 
  30 /* Command group 3 is reserved and should never be used.  */
  31 const unsigned char scsi_command_size_tbl[8] =
  32 {
  33         6, 10, 10, 12,
  34         16, 12, 10, 10
  35 };
  36 EXPORT_SYMBOL(scsi_command_size_tbl);
  37 
  38 #include <scsi/sg.h>
  39 
  40 static int sg_get_version(int __user *p)
  41 {
  42         static const int sg_version_num = 30527;
  43         return put_user(sg_version_num, p);
  44 }
  45 
  46 static int scsi_get_idlun(struct request_queue *q, int __user *p)
  47 {
  48         return put_user(0, p);
  49 }
  50 
  51 static int scsi_get_bus(struct request_queue *q, int __user *p)
  52 {
  53         return put_user(0, p);
  54 }
  55 
  56 static int sg_get_timeout(struct request_queue *q)
  57 {
  58         return jiffies_to_clock_t(q->sg_timeout);
  59 }
  60 
  61 static int sg_set_timeout(struct request_queue *q, int __user *p)
  62 {
  63         int timeout, err = get_user(timeout, p);
  64 
  65         if (!err)
  66                 q->sg_timeout = clock_t_to_jiffies(timeout);
  67 
  68         return err;
  69 }
  70 
  71 static int max_sectors_bytes(struct request_queue *q)
  72 {
  73         unsigned int max_sectors = queue_max_sectors(q);
  74 
  75         max_sectors = min_t(unsigned int, max_sectors, INT_MAX >> 9);
  76 
  77         return max_sectors << 9;
  78 }
  79 
  80 static int sg_get_reserved_size(struct request_queue *q, int __user *p)
  81 {
  82         int val = min_t(int, q->sg_reserved_size, max_sectors_bytes(q));
  83 
  84         return put_user(val, p);
  85 }
  86 
  87 static int sg_set_reserved_size(struct request_queue *q, int __user *p)
  88 {
  89         int size, err = get_user(size, p);
  90 
  91         if (err)
  92                 return err;
  93 
  94         if (size < 0)
  95                 return -EINVAL;
  96 
  97         q->sg_reserved_size = min(size, max_sectors_bytes(q));
  98         return 0;
  99 }
 100 
 101 /*
 102  * will always return that we are ATAPI even for a real SCSI drive, I'm not
 103  * so sure this is worth doing anything about (why would you care??)
 104  */
 105 static int sg_emulated_host(struct request_queue *q, int __user *p)
 106 {
 107         return put_user(1, p);
 108 }
 109 
 110 static void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter)
 111 {
 112         /* Basic read-only commands */
 113         __set_bit(TEST_UNIT_READY, filter->read_ok);
 114         __set_bit(REQUEST_SENSE, filter->read_ok);
 115         __set_bit(READ_6, filter->read_ok);
 116         __set_bit(READ_10, filter->read_ok);
 117         __set_bit(READ_12, filter->read_ok);
 118         __set_bit(READ_16, filter->read_ok);
 119         __set_bit(READ_BUFFER, filter->read_ok);
 120         __set_bit(READ_DEFECT_DATA, filter->read_ok);
 121         __set_bit(READ_CAPACITY, filter->read_ok);
 122         __set_bit(READ_LONG, filter->read_ok);
 123         __set_bit(INQUIRY, filter->read_ok);
 124         __set_bit(MODE_SENSE, filter->read_ok);
 125         __set_bit(MODE_SENSE_10, filter->read_ok);
 126         __set_bit(LOG_SENSE, filter->read_ok);
 127         __set_bit(START_STOP, filter->read_ok);
 128         __set_bit(GPCMD_VERIFY_10, filter->read_ok);
 129         __set_bit(VERIFY_16, filter->read_ok);
 130         __set_bit(REPORT_LUNS, filter->read_ok);
 131         __set_bit(SERVICE_ACTION_IN_16, filter->read_ok);
 132         __set_bit(RECEIVE_DIAGNOSTIC, filter->read_ok);
 133         __set_bit(MAINTENANCE_IN, filter->read_ok);
 134         __set_bit(GPCMD_READ_BUFFER_CAPACITY, filter->read_ok);
 135 
 136         /* Audio CD commands */
 137         __set_bit(GPCMD_PLAY_CD, filter->read_ok);
 138         __set_bit(GPCMD_PLAY_AUDIO_10, filter->read_ok);
 139         __set_bit(GPCMD_PLAY_AUDIO_MSF, filter->read_ok);
 140         __set_bit(GPCMD_PLAY_AUDIO_TI, filter->read_ok);
 141         __set_bit(GPCMD_PAUSE_RESUME, filter->read_ok);
 142 
 143         /* CD/DVD data reading */
 144         __set_bit(GPCMD_READ_CD, filter->read_ok);
 145         __set_bit(GPCMD_READ_CD_MSF, filter->read_ok);
 146         __set_bit(GPCMD_READ_DISC_INFO, filter->read_ok);
 147         __set_bit(GPCMD_READ_CDVD_CAPACITY, filter->read_ok);
 148         __set_bit(GPCMD_READ_DVD_STRUCTURE, filter->read_ok);
 149         __set_bit(GPCMD_READ_HEADER, filter->read_ok);
 150         __set_bit(GPCMD_READ_TRACK_RZONE_INFO, filter->read_ok);
 151         __set_bit(GPCMD_READ_SUBCHANNEL, filter->read_ok);
 152         __set_bit(GPCMD_READ_TOC_PMA_ATIP, filter->read_ok);
 153         __set_bit(GPCMD_REPORT_KEY, filter->read_ok);
 154         __set_bit(GPCMD_SCAN, filter->read_ok);
 155         __set_bit(GPCMD_GET_CONFIGURATION, filter->read_ok);
 156         __set_bit(GPCMD_READ_FORMAT_CAPACITIES, filter->read_ok);
 157         __set_bit(GPCMD_GET_EVENT_STATUS_NOTIFICATION, filter->read_ok);
 158         __set_bit(GPCMD_GET_PERFORMANCE, filter->read_ok);
 159         __set_bit(GPCMD_SEEK, filter->read_ok);
 160         __set_bit(GPCMD_STOP_PLAY_SCAN, filter->read_ok);
 161 
 162         /* Basic writing commands */
 163         __set_bit(WRITE_6, filter->write_ok);
 164         __set_bit(WRITE_10, filter->write_ok);
 165         __set_bit(WRITE_VERIFY, filter->write_ok);
 166         __set_bit(WRITE_12, filter->write_ok);
 167         __set_bit(WRITE_VERIFY_12, filter->write_ok);
 168         __set_bit(WRITE_16, filter->write_ok);
 169         __set_bit(WRITE_LONG, filter->write_ok);
 170         __set_bit(WRITE_LONG_2, filter->write_ok);
 171         __set_bit(WRITE_SAME, filter->write_ok);
 172         __set_bit(WRITE_SAME_16, filter->write_ok);
 173         __set_bit(WRITE_SAME_32, filter->write_ok);
 174         __set_bit(ERASE, filter->write_ok);
 175         __set_bit(GPCMD_MODE_SELECT_10, filter->write_ok);
 176         __set_bit(MODE_SELECT, filter->write_ok);
 177         __set_bit(LOG_SELECT, filter->write_ok);
 178         __set_bit(GPCMD_BLANK, filter->write_ok);
 179         __set_bit(GPCMD_CLOSE_TRACK, filter->write_ok);
 180         __set_bit(GPCMD_FLUSH_CACHE, filter->write_ok);
 181         __set_bit(GPCMD_FORMAT_UNIT, filter->write_ok);
 182         __set_bit(GPCMD_REPAIR_RZONE_TRACK, filter->write_ok);
 183         __set_bit(GPCMD_RESERVE_RZONE_TRACK, filter->write_ok);
 184         __set_bit(GPCMD_SEND_DVD_STRUCTURE, filter->write_ok);
 185         __set_bit(GPCMD_SEND_EVENT, filter->write_ok);
 186         __set_bit(GPCMD_SEND_KEY, filter->write_ok);
 187         __set_bit(GPCMD_SEND_OPC, filter->write_ok);
 188         __set_bit(GPCMD_SEND_CUE_SHEET, filter->write_ok);
 189         __set_bit(GPCMD_SET_SPEED, filter->write_ok);
 190         __set_bit(GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL, filter->write_ok);
 191         __set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok);
 192         __set_bit(GPCMD_SET_STREAMING, filter->write_ok);
 193         __set_bit(GPCMD_SET_READ_AHEAD, filter->write_ok);
 194 }
 195 
 196 int blk_verify_command(unsigned char *cmd, fmode_t mode)
 197 {
 198         struct blk_cmd_filter *filter = &blk_default_cmd_filter;
 199 
 200         /* root can do any command. */
 201         if (capable(CAP_SYS_RAWIO))
 202                 return 0;
 203 
 204         /* Anybody who can open the device can do a read-safe command */
 205         if (test_bit(cmd[0], filter->read_ok))
 206                 return 0;
 207 
 208         /* Write-safe commands require a writable open */
 209         if (test_bit(cmd[0], filter->write_ok) && (mode & FMODE_WRITE))
 210                 return 0;
 211 
 212         return -EPERM;
 213 }
 214 EXPORT_SYMBOL(blk_verify_command);
 215 
 216 static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq,
 217                              struct sg_io_hdr *hdr, fmode_t mode)
 218 {
 219         struct scsi_request *req = scsi_req(rq);
 220 
 221         if (copy_from_user(req->cmd, hdr->cmdp, hdr->cmd_len))
 222                 return -EFAULT;
 223         if (blk_verify_command(req->cmd, mode))
 224                 return -EPERM;
 225 
 226         /*
 227          * fill in request structure
 228          */
 229         req->cmd_len = hdr->cmd_len;
 230 
 231         rq->timeout = msecs_to_jiffies(hdr->timeout);
 232         if (!rq->timeout)
 233                 rq->timeout = q->sg_timeout;
 234         if (!rq->timeout)
 235                 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
 236         if (rq->timeout < BLK_MIN_SG_TIMEOUT)
 237                 rq->timeout = BLK_MIN_SG_TIMEOUT;
 238 
 239         return 0;
 240 }
 241 
 242 static int blk_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr,
 243                                  struct bio *bio)
 244 {
 245         struct scsi_request *req = scsi_req(rq);
 246         int r, ret = 0;
 247 
 248         /*
 249          * fill in all the output members
 250          */
 251         hdr->status = req->result & 0xff;
 252         hdr->masked_status = status_byte(req->result);
 253         hdr->msg_status = msg_byte(req->result);
 254         hdr->host_status = host_byte(req->result);
 255         hdr->driver_status = driver_byte(req->result);
 256         hdr->info = 0;
 257         if (hdr->masked_status || hdr->host_status || hdr->driver_status)
 258                 hdr->info |= SG_INFO_CHECK;
 259         hdr->resid = req->resid_len;
 260         hdr->sb_len_wr = 0;
 261 
 262         if (req->sense_len && hdr->sbp) {
 263                 int len = min((unsigned int) hdr->mx_sb_len, req->sense_len);
 264 
 265                 if (!copy_to_user(hdr->sbp, req->sense, len))
 266                         hdr->sb_len_wr = len;
 267                 else
 268                         ret = -EFAULT;
 269         }
 270 
 271         r = blk_rq_unmap_user(bio);
 272         if (!ret)
 273                 ret = r;
 274 
 275         return ret;
 276 }
 277 
 278 static int sg_io(struct request_queue *q, struct gendisk *bd_disk,
 279                 struct sg_io_hdr *hdr, fmode_t mode)
 280 {
 281         unsigned long start_time;
 282         ssize_t ret = 0;
 283         int writing = 0;
 284         int at_head = 0;
 285         struct request *rq;
 286         struct scsi_request *req;
 287         struct bio *bio;
 288 
 289         if (hdr->interface_id != 'S')
 290                 return -EINVAL;
 291 
 292         if (hdr->dxfer_len > (queue_max_hw_sectors(q) << 9))
 293                 return -EIO;
 294 
 295         if (hdr->dxfer_len)
 296                 switch (hdr->dxfer_direction) {
 297                 default:
 298                         return -EINVAL;
 299                 case SG_DXFER_TO_DEV:
 300                         writing = 1;
 301                         break;
 302                 case SG_DXFER_TO_FROM_DEV:
 303                 case SG_DXFER_FROM_DEV:
 304                         break;
 305                 }
 306         if (hdr->flags & SG_FLAG_Q_AT_HEAD)
 307                 at_head = 1;
 308 
 309         ret = -ENOMEM;
 310         rq = blk_get_request(q, writing ? REQ_OP_SCSI_OUT : REQ_OP_SCSI_IN, 0);
 311         if (IS_ERR(rq))
 312                 return PTR_ERR(rq);
 313         req = scsi_req(rq);
 314 
 315         if (hdr->cmd_len > BLK_MAX_CDB) {
 316                 req->cmd = kzalloc(hdr->cmd_len, GFP_KERNEL);
 317                 if (!req->cmd)
 318                         goto out_put_request;
 319         }
 320 
 321         ret = blk_fill_sghdr_rq(q, rq, hdr, mode);
 322         if (ret < 0)
 323                 goto out_free_cdb;
 324 
 325         ret = 0;
 326         if (hdr->iovec_count) {
 327                 struct iov_iter i;
 328                 struct iovec *iov = NULL;
 329 
 330                 ret = import_iovec(rq_data_dir(rq),
 331                                    hdr->dxferp, hdr->iovec_count,
 332                                    0, &iov, &i);
 333                 if (ret < 0)
 334                         goto out_free_cdb;
 335 
 336                 /* SG_IO howto says that the shorter of the two wins */
 337                 iov_iter_truncate(&i, hdr->dxfer_len);
 338 
 339                 ret = blk_rq_map_user_iov(q, rq, NULL, &i, GFP_KERNEL);
 340                 kfree(iov);
 341         } else if (hdr->dxfer_len)
 342                 ret = blk_rq_map_user(q, rq, NULL, hdr->dxferp, hdr->dxfer_len,
 343                                       GFP_KERNEL);
 344 
 345         if (ret)
 346                 goto out_free_cdb;
 347 
 348         bio = rq->bio;
 349         req->retries = 0;
 350 
 351         start_time = jiffies;
 352 
 353         /* ignore return value. All information is passed back to caller
 354          * (if he doesn't check that is his problem).
 355          * N.B. a non-zero SCSI status is _not_ necessarily an error.
 356          */
 357         blk_execute_rq(q, bd_disk, rq, at_head);
 358 
 359         hdr->duration = jiffies_to_msecs(jiffies - start_time);
 360 
 361         ret = blk_complete_sghdr_rq(rq, hdr, bio);
 362 
 363 out_free_cdb:
 364         scsi_req_free_cmd(req);
 365 out_put_request:
 366         blk_put_request(rq);
 367         return ret;
 368 }
 369 
 370 /**
 371  * sg_scsi_ioctl  --  handle deprecated SCSI_IOCTL_SEND_COMMAND ioctl
 372  * @q:          request queue to send scsi commands down
 373  * @disk:       gendisk to operate on (option)
 374  * @mode:       mode used to open the file through which the ioctl has been
 375  *              submitted
 376  * @sic:        userspace structure describing the command to perform
 377  *
 378  * Send down the scsi command described by @sic to the device below
 379  * the request queue @q.  If @file is non-NULL it's used to perform
 380  * fine-grained permission checks that allow users to send down
 381  * non-destructive SCSI commands.  If the caller has a struct gendisk
 382  * available it should be passed in as @disk to allow the low level
 383  * driver to use the information contained in it.  A non-NULL @disk
 384  * is only allowed if the caller knows that the low level driver doesn't
 385  * need it (e.g. in the scsi subsystem).
 386  *
 387  * Notes:
 388  *   -  This interface is deprecated - users should use the SG_IO
 389  *      interface instead, as this is a more flexible approach to
 390  *      performing SCSI commands on a device.
 391  *   -  The SCSI command length is determined by examining the 1st byte
 392  *      of the given command. There is no way to override this.
 393  *   -  Data transfers are limited to PAGE_SIZE
 394  *   -  The length (x + y) must be at least OMAX_SB_LEN bytes long to
 395  *      accommodate the sense buffer when an error occurs.
 396  *      The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that
 397  *      old code will not be surprised.
 398  *   -  If a Unix error occurs (e.g. ENOMEM) then the user will receive
 399  *      a negative return and the Unix error code in 'errno'.
 400  *      If the SCSI command succeeds then 0 is returned.
 401  *      Positive numbers returned are the compacted SCSI error codes (4
 402  *      bytes in one int) where the lowest byte is the SCSI status.
 403  */
 404 int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
 405                 struct scsi_ioctl_command __user *sic)
 406 {
 407         enum { OMAX_SB_LEN = 16 };      /* For backward compatibility */
 408         struct request *rq;
 409         struct scsi_request *req;
 410         int err;
 411         unsigned int in_len, out_len, bytes, opcode, cmdlen;
 412         char *buffer = NULL;
 413 
 414         if (!sic)
 415                 return -EINVAL;
 416 
 417         /*
 418          * get in an out lengths, verify they don't exceed a page worth of data
 419          */
 420         if (get_user(in_len, &sic->inlen))
 421                 return -EFAULT;
 422         if (get_user(out_len, &sic->outlen))
 423                 return -EFAULT;
 424         if (in_len > PAGE_SIZE || out_len > PAGE_SIZE)
 425                 return -EINVAL;
 426         if (get_user(opcode, sic->data))
 427                 return -EFAULT;
 428 
 429         bytes = max(in_len, out_len);
 430         if (bytes) {
 431                 buffer = kzalloc(bytes, q->bounce_gfp | GFP_USER| __GFP_NOWARN);
 432                 if (!buffer)
 433                         return -ENOMEM;
 434 
 435         }
 436 
 437         rq = blk_get_request(q, in_len ? REQ_OP_SCSI_OUT : REQ_OP_SCSI_IN, 0);
 438         if (IS_ERR(rq)) {
 439                 err = PTR_ERR(rq);
 440                 goto error_free_buffer;
 441         }
 442         req = scsi_req(rq);
 443 
 444         cmdlen = COMMAND_SIZE(opcode);
 445 
 446         /*
 447          * get command and data to send to device, if any
 448          */
 449         err = -EFAULT;
 450         req->cmd_len = cmdlen;
 451         if (copy_from_user(req->cmd, sic->data, cmdlen))
 452                 goto error;
 453 
 454         if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
 455                 goto error;
 456 
 457         err = blk_verify_command(req->cmd, mode);
 458         if (err)
 459                 goto error;
 460 
 461         /* default.  possible overriden later */
 462         req->retries = 5;
 463 
 464         switch (opcode) {
 465         case SEND_DIAGNOSTIC:
 466         case FORMAT_UNIT:
 467                 rq->timeout = FORMAT_UNIT_TIMEOUT;
 468                 req->retries = 1;
 469                 break;
 470         case START_STOP:
 471                 rq->timeout = START_STOP_TIMEOUT;
 472                 break;
 473         case MOVE_MEDIUM:
 474                 rq->timeout = MOVE_MEDIUM_TIMEOUT;
 475                 break;
 476         case READ_ELEMENT_STATUS:
 477                 rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;
 478                 break;
 479         case READ_DEFECT_DATA:
 480                 rq->timeout = READ_DEFECT_DATA_TIMEOUT;
 481                 req->retries = 1;
 482                 break;
 483         default:
 484                 rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
 485                 break;
 486         }
 487 
 488         if (bytes && blk_rq_map_kern(q, rq, buffer, bytes, GFP_NOIO)) {
 489                 err = DRIVER_ERROR << 24;
 490                 goto error;
 491         }
 492 
 493         blk_execute_rq(q, disk, rq, 0);
 494 
 495         err = req->result & 0xff;       /* only 8 bit SCSI status */
 496         if (err) {
 497                 if (req->sense_len && req->sense) {
 498                         bytes = (OMAX_SB_LEN > req->sense_len) ?
 499                                 req->sense_len : OMAX_SB_LEN;
 500                         if (copy_to_user(sic->data, req->sense, bytes))
 501                                 err = -EFAULT;
 502                 }
 503         } else {
 504                 if (copy_to_user(sic->data, buffer, out_len))
 505                         err = -EFAULT;
 506         }
 507         
 508 error:
 509         blk_put_request(rq);
 510 
 511 error_free_buffer:
 512         kfree(buffer);
 513 
 514         return err;
 515 }
 516 EXPORT_SYMBOL_GPL(sg_scsi_ioctl);
 517 
 518 /* Send basic block requests */
 519 static int __blk_send_generic(struct request_queue *q, struct gendisk *bd_disk,
 520                               int cmd, int data)
 521 {
 522         struct request *rq;
 523         int err;
 524 
 525         rq = blk_get_request(q, REQ_OP_SCSI_OUT, 0);
 526         if (IS_ERR(rq))
 527                 return PTR_ERR(rq);
 528         rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
 529         scsi_req(rq)->cmd[0] = cmd;
 530         scsi_req(rq)->cmd[4] = data;
 531         scsi_req(rq)->cmd_len = 6;
 532         blk_execute_rq(q, bd_disk, rq, 0);
 533         err = scsi_req(rq)->result ? -EIO : 0;
 534         blk_put_request(rq);
 535 
 536         return err;
 537 }
 538 
 539 static inline int blk_send_start_stop(struct request_queue *q,
 540                                       struct gendisk *bd_disk, int data)
 541 {
 542         return __blk_send_generic(q, bd_disk, GPCMD_START_STOP_UNIT, data);
 543 }
 544 
 545 int scsi_cmd_ioctl(struct request_queue *q, struct gendisk *bd_disk, fmode_t mode,
 546                    unsigned int cmd, void __user *arg)
 547 {
 548         int err;
 549 
 550         if (!q)
 551                 return -ENXIO;
 552 
 553         switch (cmd) {
 554                 /*
 555                  * new sgv3 interface
 556                  */
 557                 case SG_GET_VERSION_NUM:
 558                         err = sg_get_version(arg);
 559                         break;
 560                 case SCSI_IOCTL_GET_IDLUN:
 561                         err = scsi_get_idlun(q, arg);
 562                         break;
 563                 case SCSI_IOCTL_GET_BUS_NUMBER:
 564                         err = scsi_get_bus(q, arg);
 565                         break;
 566                 case SG_SET_TIMEOUT:
 567                         err = sg_set_timeout(q, arg);
 568                         break;
 569                 case SG_GET_TIMEOUT:
 570                         err = sg_get_timeout(q);
 571                         break;
 572                 case SG_GET_RESERVED_SIZE:
 573                         err = sg_get_reserved_size(q, arg);
 574                         break;
 575                 case SG_SET_RESERVED_SIZE:
 576                         err = sg_set_reserved_size(q, arg);
 577                         break;
 578                 case SG_EMULATED_HOST:
 579                         err = sg_emulated_host(q, arg);
 580                         break;
 581                 case SG_IO: {
 582                         struct sg_io_hdr hdr;
 583 
 584                         err = -EFAULT;
 585                         if (copy_from_user(&hdr, arg, sizeof(hdr)))
 586                                 break;
 587                         err = sg_io(q, bd_disk, &hdr, mode);
 588                         if (err == -EFAULT)
 589                                 break;
 590 
 591                         if (copy_to_user(arg, &hdr, sizeof(hdr)))
 592                                 err = -EFAULT;
 593                         break;
 594                 }
 595                 case CDROM_SEND_PACKET: {
 596                         struct cdrom_generic_command cgc;
 597                         struct sg_io_hdr hdr;
 598 
 599                         err = -EFAULT;
 600                         if (copy_from_user(&cgc, arg, sizeof(cgc)))
 601                                 break;
 602                         cgc.timeout = clock_t_to_jiffies(cgc.timeout);
 603                         memset(&hdr, 0, sizeof(hdr));
 604                         hdr.interface_id = 'S';
 605                         hdr.cmd_len = sizeof(cgc.cmd);
 606                         hdr.dxfer_len = cgc.buflen;
 607                         err = 0;
 608                         switch (cgc.data_direction) {
 609                                 case CGC_DATA_UNKNOWN:
 610                                         hdr.dxfer_direction = SG_DXFER_UNKNOWN;
 611                                         break;
 612                                 case CGC_DATA_WRITE:
 613                                         hdr.dxfer_direction = SG_DXFER_TO_DEV;
 614                                         break;
 615                                 case CGC_DATA_READ:
 616                                         hdr.dxfer_direction = SG_DXFER_FROM_DEV;
 617                                         break;
 618                                 case CGC_DATA_NONE:
 619                                         hdr.dxfer_direction = SG_DXFER_NONE;
 620                                         break;
 621                                 default:
 622                                         err = -EINVAL;
 623                         }
 624                         if (err)
 625                                 break;
 626 
 627                         hdr.dxferp = cgc.buffer;
 628                         hdr.sbp = cgc.sense;
 629                         if (hdr.sbp)
 630                                 hdr.mx_sb_len = sizeof(struct request_sense);
 631                         hdr.timeout = jiffies_to_msecs(cgc.timeout);
 632                         hdr.cmdp = ((struct cdrom_generic_command __user*) arg)->cmd;
 633                         hdr.cmd_len = sizeof(cgc.cmd);
 634 
 635                         err = sg_io(q, bd_disk, &hdr, mode);
 636                         if (err == -EFAULT)
 637                                 break;
 638 
 639                         if (hdr.status)
 640                                 err = -EIO;
 641 
 642                         cgc.stat = err;
 643                         cgc.buflen = hdr.resid;
 644                         if (copy_to_user(arg, &cgc, sizeof(cgc)))
 645                                 err = -EFAULT;
 646 
 647                         break;
 648                 }
 649 
 650                 /*
 651                  * old junk scsi send command ioctl
 652                  */
 653                 case SCSI_IOCTL_SEND_COMMAND:
 654                         printk(KERN_WARNING "program %s is using a deprecated SCSI ioctl, please convert it to SG_IO\n", current->comm);
 655                         err = -EINVAL;
 656                         if (!arg)
 657                                 break;
 658 
 659                         err = sg_scsi_ioctl(q, bd_disk, mode, arg);
 660                         break;
 661                 case CDROMCLOSETRAY:
 662                         err = blk_send_start_stop(q, bd_disk, 0x03);
 663                         break;
 664                 case CDROMEJECT:
 665                         err = blk_send_start_stop(q, bd_disk, 0x02);
 666                         break;
 667                 default:
 668                         err = -ENOTTY;
 669         }
 670 
 671         return err;
 672 }
 673 EXPORT_SYMBOL(scsi_cmd_ioctl);
 674 
 675 int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd)
 676 {
 677         if (bd && bd == bd->bd_contains)
 678                 return 0;
 679 
 680         if (capable(CAP_SYS_RAWIO))
 681                 return 0;
 682 
 683         return -ENOIOCTLCMD;
 684 }
 685 EXPORT_SYMBOL(scsi_verify_blk_ioctl);
 686 
 687 int scsi_cmd_blk_ioctl(struct block_device *bd, fmode_t mode,
 688                        unsigned int cmd, void __user *arg)
 689 {
 690         int ret;
 691 
 692         ret = scsi_verify_blk_ioctl(bd, cmd);
 693         if (ret < 0)
 694                 return ret;
 695 
 696         return scsi_cmd_ioctl(bd->bd_disk->queue, bd->bd_disk, mode, cmd, arg);
 697 }
 698 EXPORT_SYMBOL(scsi_cmd_blk_ioctl);
 699 
 700 /**
 701  * scsi_req_init - initialize certain fields of a scsi_request structure
 702  * @req: Pointer to a scsi_request structure.
 703  * Initializes .__cmd[], .cmd, .cmd_len and .sense_len but no other members
 704  * of struct scsi_request.
 705  */
 706 void scsi_req_init(struct scsi_request *req)
 707 {
 708         memset(req->__cmd, 0, sizeof(req->__cmd));
 709         req->cmd = req->__cmd;
 710         req->cmd_len = BLK_MAX_CDB;
 711         req->sense_len = 0;
 712 }
 713 EXPORT_SYMBOL(scsi_req_init);
 714 
 715 static int __init blk_scsi_ioctl_init(void)
 716 {
 717         blk_set_cmd_filter_defaults(&blk_default_cmd_filter);
 718         return 0;
 719 }
 720 fs_initcall(blk_scsi_ioctl_init);

/* [<][>][^][v][top][bottom][index][help] */