Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Changes: |
| 3 | * Arnaldo Carvalho de Melo <acme@conectiva.com.br> 08/23/2000 |
| 4 | * - get rid of some verify_areas and use __copy*user and __get/put_user |
| 5 | * for the ones that remain |
| 6 | */ |
| 7 | #include <linux/module.h> |
| 8 | #include <linux/blkdev.h> |
| 9 | #include <linux/interrupt.h> |
| 10 | #include <linux/errno.h> |
| 11 | #include <linux/kernel.h> |
| 12 | #include <linux/sched.h> |
| 13 | #include <linux/mm.h> |
| 14 | #include <linux/string.h> |
| 15 | #include <asm/uaccess.h> |
| 16 | |
| 17 | #include <scsi/scsi.h> |
| 18 | #include <scsi/scsi_device.h> |
| 19 | #include <scsi/scsi_eh.h> |
| 20 | #include <scsi/scsi_host.h> |
| 21 | #include <scsi/scsi_ioctl.h> |
| 22 | #include <scsi/scsi_request.h> |
| 23 | #include <scsi/sg.h> |
| 24 | #include <scsi/scsi_dbg.h> |
| 25 | |
| 26 | #include "scsi_logging.h" |
| 27 | |
| 28 | #define NORMAL_RETRIES 5 |
| 29 | #define IOCTL_NORMAL_TIMEOUT (10 * HZ) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 30 | |
| 31 | #define MAX_BUF PAGE_SIZE |
| 32 | |
Christoph Hellwig | 3299352 | 2005-09-06 14:03:44 +0200 | [diff] [blame] | 33 | /** |
| 34 | * ioctl_probe -- return host identification |
| 35 | * @host: host to identify |
| 36 | * @buffer: userspace buffer for identification |
| 37 | * |
| 38 | * Return an identifying string at @buffer, if @buffer is non-NULL, filling |
| 39 | * to the length stored at * (int *) @buffer. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 40 | */ |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 41 | static int ioctl_probe(struct Scsi_Host *host, void __user *buffer) |
| 42 | { |
| 43 | unsigned int len, slen; |
| 44 | const char *string; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 45 | |
Christoph Hellwig | 3299352 | 2005-09-06 14:03:44 +0200 | [diff] [blame] | 46 | if (buffer) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 47 | if (get_user(len, (unsigned int __user *) buffer)) |
| 48 | return -EFAULT; |
| 49 | |
| 50 | if (host->hostt->info) |
| 51 | string = host->hostt->info(host); |
| 52 | else |
| 53 | string = host->hostt->name; |
| 54 | if (string) { |
| 55 | slen = strlen(string); |
| 56 | if (len > slen) |
| 57 | len = slen + 1; |
| 58 | if (copy_to_user(buffer, string, len)) |
| 59 | return -EFAULT; |
| 60 | } |
| 61 | } |
Christoph Hellwig | 3299352 | 2005-09-06 14:03:44 +0200 | [diff] [blame] | 62 | return 1; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 63 | } |
| 64 | |
| 65 | /* |
| 66 | |
| 67 | * The SCSI_IOCTL_SEND_COMMAND ioctl sends a command out to the SCSI host. |
| 68 | * The IOCTL_NORMAL_TIMEOUT and NORMAL_RETRIES variables are used. |
| 69 | * |
| 70 | * dev is the SCSI device struct ptr, *(int *) arg is the length of the |
| 71 | * input data, if any, not including the command string & counts, |
| 72 | * *((int *)arg + 1) is the output buffer size in bytes. |
| 73 | * |
| 74 | * *(char *) ((int *) arg)[2] the actual command byte. |
| 75 | * |
| 76 | * Note that if more than MAX_BUF bytes are requested to be transferred, |
| 77 | * the ioctl will fail with error EINVAL. |
| 78 | * |
| 79 | * This size *does not* include the initial lengths that were passed. |
| 80 | * |
| 81 | * The SCSI command is read from the memory location immediately after the |
| 82 | * length words, and the input data is right after the command. The SCSI |
| 83 | * routines know the command size based on the opcode decode. |
| 84 | * |
| 85 | * The output area is then filled in starting from the command byte. |
| 86 | */ |
| 87 | |
| 88 | static int ioctl_internal_command(struct scsi_device *sdev, char *cmd, |
| 89 | int timeout, int retries) |
| 90 | { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 91 | int result; |
| 92 | struct scsi_sense_hdr sshdr; |
| 93 | |
| 94 | SCSI_LOG_IOCTL(1, printk("Trying ioctl with scsi command %d\n", *cmd)); |
| 95 | |
James Bottomley | 1cf7269 | 2005-08-28 11:27:01 -0500 | [diff] [blame] | 96 | result = scsi_execute_req(sdev, cmd, DMA_NONE, NULL, 0, |
James Bottomley | ea73a9f | 2005-08-28 11:33:52 -0500 | [diff] [blame] | 97 | &sshdr, timeout, retries); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 98 | |
James Bottomley | 1cf7269 | 2005-08-28 11:27:01 -0500 | [diff] [blame] | 99 | SCSI_LOG_IOCTL(2, printk("Ioctl returned 0x%x\n", result)); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 100 | |
James Bottomley | 1cf7269 | 2005-08-28 11:27:01 -0500 | [diff] [blame] | 101 | if ((driver_byte(result) & DRIVER_SENSE) && |
James Bottomley | ea73a9f | 2005-08-28 11:33:52 -0500 | [diff] [blame] | 102 | (scsi_sense_valid(&sshdr))) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 103 | switch (sshdr.sense_key) { |
| 104 | case ILLEGAL_REQUEST: |
| 105 | if (cmd[0] == ALLOW_MEDIUM_REMOVAL) |
| 106 | sdev->lockable = 0; |
| 107 | else |
| 108 | printk(KERN_INFO "ioctl_internal_command: " |
| 109 | "ILLEGAL REQUEST asc=0x%x ascq=0x%x\n", |
| 110 | sshdr.asc, sshdr.ascq); |
| 111 | break; |
| 112 | case NOT_READY: /* This happens if there is no disc in drive */ |
| 113 | if (sdev->removable && (cmd[0] != TEST_UNIT_READY)) { |
| 114 | printk(KERN_INFO "Device not ready. Make sure" |
| 115 | " there is a disc in the drive.\n"); |
| 116 | break; |
| 117 | } |
| 118 | case UNIT_ATTENTION: |
| 119 | if (sdev->removable) { |
| 120 | sdev->changed = 1; |
James Bottomley | 1cf7269 | 2005-08-28 11:27:01 -0500 | [diff] [blame] | 121 | result = 0; /* This is no longer considered an error */ |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 122 | break; |
| 123 | } |
| 124 | default: /* Fall through for non-removable media */ |
James Bottomley | 9ccfc75 | 2005-10-02 11:45:08 -0500 | [diff] [blame] | 125 | sdev_printk(KERN_INFO, sdev, |
| 126 | "ioctl_internal_command return code = %x\n", |
| 127 | result); |
James Bottomley | ea73a9f | 2005-08-28 11:33:52 -0500 | [diff] [blame] | 128 | scsi_print_sense_hdr(" ", &sshdr); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 129 | break; |
| 130 | } |
| 131 | } |
| 132 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 133 | SCSI_LOG_IOCTL(2, printk("IOCTL Releasing command\n")); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 134 | return result; |
| 135 | } |
| 136 | |
| 137 | int scsi_set_medium_removal(struct scsi_device *sdev, char state) |
| 138 | { |
| 139 | char scsi_cmd[MAX_COMMAND_SIZE]; |
| 140 | int ret; |
| 141 | |
| 142 | if (!sdev->removable || !sdev->lockable) |
| 143 | return 0; |
| 144 | |
| 145 | scsi_cmd[0] = ALLOW_MEDIUM_REMOVAL; |
| 146 | scsi_cmd[1] = 0; |
| 147 | scsi_cmd[2] = 0; |
| 148 | scsi_cmd[3] = 0; |
| 149 | scsi_cmd[4] = state; |
| 150 | scsi_cmd[5] = 0; |
| 151 | |
| 152 | ret = ioctl_internal_command(sdev, scsi_cmd, |
| 153 | IOCTL_NORMAL_TIMEOUT, NORMAL_RETRIES); |
| 154 | if (ret == 0) |
| 155 | sdev->locked = (state == SCSI_REMOVAL_PREVENT); |
| 156 | return ret; |
| 157 | } |
| 158 | EXPORT_SYMBOL(scsi_set_medium_removal); |
| 159 | |
| 160 | /* |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 161 | * The scsi_ioctl_get_pci() function places into arg the value |
| 162 | * pci_dev::slot_name (8 characters) for the PCI device (if any). |
| 163 | * Returns: 0 on success |
| 164 | * -ENXIO if there isn't a PCI device pointer |
| 165 | * (could be because the SCSI driver hasn't been |
| 166 | * updated yet, or because it isn't a SCSI |
| 167 | * device) |
| 168 | * any copy_to_user() error on failure there |
| 169 | */ |
| 170 | static int scsi_ioctl_get_pci(struct scsi_device *sdev, void __user *arg) |
| 171 | { |
| 172 | struct device *dev = scsi_get_device(sdev->host); |
| 173 | |
| 174 | if (!dev) |
| 175 | return -ENXIO; |
| 176 | return copy_to_user(arg, dev->bus_id, sizeof(dev->bus_id))? -EFAULT: 0; |
| 177 | } |
| 178 | |
| 179 | |
| 180 | /* |
| 181 | * the scsi_ioctl() function differs from most ioctls in that it does |
| 182 | * not take a major/minor number as the dev field. Rather, it takes |
| 183 | * a pointer to a scsi_devices[] element, a structure. |
| 184 | */ |
| 185 | int scsi_ioctl(struct scsi_device *sdev, int cmd, void __user *arg) |
| 186 | { |
| 187 | char scsi_cmd[MAX_COMMAND_SIZE]; |
| 188 | |
| 189 | /* No idea how this happens.... */ |
| 190 | if (!sdev) |
| 191 | return -ENXIO; |
| 192 | |
| 193 | /* |
| 194 | * If we are in the middle of error recovery, don't let anyone |
| 195 | * else try and use this device. Also, if error recovery fails, it |
| 196 | * may try and take the device offline, in which case all further |
| 197 | * access to the device is prohibited. |
| 198 | */ |
| 199 | if (!scsi_block_when_processing_errors(sdev)) |
| 200 | return -ENODEV; |
| 201 | |
| 202 | /* Check for deprecated ioctls ... all the ioctls which don't |
| 203 | * follow the new unique numbering scheme are deprecated */ |
| 204 | switch (cmd) { |
| 205 | case SCSI_IOCTL_SEND_COMMAND: |
| 206 | case SCSI_IOCTL_TEST_UNIT_READY: |
| 207 | case SCSI_IOCTL_BENCHMARK_COMMAND: |
| 208 | case SCSI_IOCTL_SYNC: |
| 209 | case SCSI_IOCTL_START_UNIT: |
| 210 | case SCSI_IOCTL_STOP_UNIT: |
| 211 | printk(KERN_WARNING "program %s is using a deprecated SCSI " |
| 212 | "ioctl, please convert it to SG_IO\n", current->comm); |
| 213 | break; |
| 214 | default: |
| 215 | break; |
| 216 | } |
| 217 | |
| 218 | switch (cmd) { |
| 219 | case SCSI_IOCTL_GET_IDLUN: |
| 220 | if (!access_ok(VERIFY_WRITE, arg, sizeof(struct scsi_idlun))) |
| 221 | return -EFAULT; |
| 222 | |
| 223 | __put_user((sdev->id & 0xff) |
| 224 | + ((sdev->lun & 0xff) << 8) |
| 225 | + ((sdev->channel & 0xff) << 16) |
| 226 | + ((sdev->host->host_no & 0xff) << 24), |
| 227 | &((struct scsi_idlun __user *)arg)->dev_id); |
| 228 | __put_user(sdev->host->unique_id, |
| 229 | &((struct scsi_idlun __user *)arg)->host_unique_id); |
| 230 | return 0; |
| 231 | case SCSI_IOCTL_GET_BUS_NUMBER: |
| 232 | return put_user(sdev->host->host_no, (int __user *)arg); |
| 233 | case SCSI_IOCTL_PROBE_HOST: |
| 234 | return ioctl_probe(sdev->host, arg); |
| 235 | case SCSI_IOCTL_SEND_COMMAND: |
| 236 | if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO)) |
| 237 | return -EACCES; |
Christoph Hellwig | 21b2f0c | 2006-03-22 17:52:04 +0100 | [diff] [blame] | 238 | return sg_scsi_ioctl(NULL, sdev->request_queue, NULL, arg); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 239 | case SCSI_IOCTL_DOORLOCK: |
| 240 | return scsi_set_medium_removal(sdev, SCSI_REMOVAL_PREVENT); |
| 241 | case SCSI_IOCTL_DOORUNLOCK: |
| 242 | return scsi_set_medium_removal(sdev, SCSI_REMOVAL_ALLOW); |
| 243 | case SCSI_IOCTL_TEST_UNIT_READY: |
| 244 | return scsi_test_unit_ready(sdev, IOCTL_NORMAL_TIMEOUT, |
| 245 | NORMAL_RETRIES); |
| 246 | case SCSI_IOCTL_START_UNIT: |
| 247 | scsi_cmd[0] = START_STOP; |
| 248 | scsi_cmd[1] = 0; |
| 249 | scsi_cmd[2] = scsi_cmd[3] = scsi_cmd[5] = 0; |
| 250 | scsi_cmd[4] = 1; |
| 251 | return ioctl_internal_command(sdev, scsi_cmd, |
| 252 | START_STOP_TIMEOUT, NORMAL_RETRIES); |
| 253 | case SCSI_IOCTL_STOP_UNIT: |
| 254 | scsi_cmd[0] = START_STOP; |
| 255 | scsi_cmd[1] = 0; |
| 256 | scsi_cmd[2] = scsi_cmd[3] = scsi_cmd[5] = 0; |
| 257 | scsi_cmd[4] = 0; |
| 258 | return ioctl_internal_command(sdev, scsi_cmd, |
| 259 | START_STOP_TIMEOUT, NORMAL_RETRIES); |
| 260 | case SCSI_IOCTL_GET_PCI: |
| 261 | return scsi_ioctl_get_pci(sdev, arg); |
| 262 | default: |
| 263 | if (sdev->host->hostt->ioctl) |
| 264 | return sdev->host->hostt->ioctl(sdev, cmd, arg); |
| 265 | } |
| 266 | return -EINVAL; |
| 267 | } |
| 268 | EXPORT_SYMBOL(scsi_ioctl); |
| 269 | |
| 270 | /* |
| 271 | * the scsi_nonblock_ioctl() function is designed for ioctls which may |
| 272 | * be executed even if the device is in recovery. |
| 273 | */ |
| 274 | int scsi_nonblockable_ioctl(struct scsi_device *sdev, int cmd, |
| 275 | void __user *arg, struct file *filp) |
| 276 | { |
| 277 | int val, result; |
| 278 | |
| 279 | /* The first set of iocts may be executed even if we're doing |
| 280 | * error processing, as long as the device was opened |
| 281 | * non-blocking */ |
| 282 | if (filp && filp->f_flags & O_NONBLOCK) { |
James Bottomley | 939647e | 2005-09-18 15:05:20 -0500 | [diff] [blame] | 283 | if (scsi_host_in_recovery(sdev->host)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 284 | return -ENODEV; |
| 285 | } else if (!scsi_block_when_processing_errors(sdev)) |
| 286 | return -ENODEV; |
| 287 | |
| 288 | switch (cmd) { |
| 289 | case SG_SCSI_RESET: |
| 290 | result = get_user(val, (int __user *)arg); |
| 291 | if (result) |
| 292 | return result; |
| 293 | if (val == SG_SCSI_RESET_NOTHING) |
| 294 | return 0; |
| 295 | switch (val) { |
| 296 | case SG_SCSI_RESET_DEVICE: |
| 297 | val = SCSI_TRY_RESET_DEVICE; |
| 298 | break; |
| 299 | case SG_SCSI_RESET_BUS: |
| 300 | val = SCSI_TRY_RESET_BUS; |
| 301 | break; |
| 302 | case SG_SCSI_RESET_HOST: |
| 303 | val = SCSI_TRY_RESET_HOST; |
| 304 | break; |
| 305 | default: |
| 306 | return -EINVAL; |
| 307 | } |
| 308 | if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO)) |
| 309 | return -EACCES; |
| 310 | return (scsi_reset_provider(sdev, val) == |
| 311 | SUCCESS) ? 0 : -EIO; |
| 312 | } |
| 313 | return -ENODEV; |
| 314 | } |
| 315 | EXPORT_SYMBOL(scsi_nonblockable_ioctl); |