block: move cmdfilter from gendisk to request_queue
cmd_filter works only for the block layer SG_IO with SCSI block
devices. It breaks scsi/sg.c, bsg, and the block layer SG_IO with SCSI
character devices (such as st). We hit a kernel crash with them.
The problem is that cmd_filter code accesses to gendisk (having struct
blk_scsi_cmd_filter) via inode->i_bdev->bd_disk. It works for only
SCSI block device files. With character device files, inode->i_bdev
leads you to struct cdev. inode->i_bdev->bd_disk->blk_scsi_cmd_filter
isn't safe.
SCSI ULDs don't expose gendisk; they keep it private. bsg needs to be
independent on any protocols. We shouldn't change ULDs to expose their
gendisk.
This patch moves struct blk_scsi_cmd_filter from gendisk to
request_queue, a common object, which eveyone can access to.
The user interface doesn't change; users can change the filters via
/sys/block/. gendisk has a pointer to request_queue so the cmd_filter
code accesses to struct blk_scsi_cmd_filter.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
diff --git a/block/bsg.c b/block/bsg.c
index 5a68b09..0aae8d7 100644
--- a/block/bsg.c
+++ b/block/bsg.c
@@ -45,8 +45,6 @@
char name[BUS_ID_SIZE];
int max_queue;
unsigned long flags;
- struct blk_scsi_cmd_filter *cmd_filter;
- mode_t *f_mode;
};
enum {
@@ -174,7 +172,8 @@
}
static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq,
- struct sg_io_v4 *hdr, struct bsg_device *bd)
+ struct sg_io_v4 *hdr, struct bsg_device *bd,
+ int has_write_perm)
{
if (hdr->request_len > BLK_MAX_CDB) {
rq->cmd = kzalloc(hdr->request_len, GFP_KERNEL);
@@ -187,8 +186,7 @@
return -EFAULT;
if (hdr->subprotocol == BSG_SUB_PROTOCOL_SCSI_CMD) {
- if (blk_cmd_filter_verify_command(bd->cmd_filter, rq->cmd,
- bd->f_mode))
+ if (blk_verify_command(&q->cmd_filter, rq->cmd, has_write_perm))
return -EPERM;
} else if (!capable(CAP_SYS_RAWIO))
return -EPERM;
@@ -244,7 +242,7 @@
* map sg_io_v4 to a request.
*/
static struct request *
-bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr)
+bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr, int has_write_perm)
{
struct request_queue *q = bd->queue;
struct request *rq, *next_rq = NULL;
@@ -266,7 +264,7 @@
rq = blk_get_request(q, rw, GFP_KERNEL);
if (!rq)
return ERR_PTR(-ENOMEM);
- ret = blk_fill_sgv4_hdr_rq(q, rq, hdr, bd);
+ ret = blk_fill_sgv4_hdr_rq(q, rq, hdr, bd, has_write_perm);
if (ret)
goto out;
@@ -568,25 +566,6 @@
set_bit(BSG_F_BLOCK, &bd->flags);
}
-static void bsg_set_cmd_filter(struct bsg_device *bd,
- struct file *file)
-{
- struct inode *inode;
- struct gendisk *disk;
-
- if (!file)
- return;
-
- inode = file->f_dentry->d_inode;
- if (!inode)
- return;
-
- disk = inode->i_bdev->bd_disk;
-
- bd->cmd_filter = &disk->cmd_filter;
- bd->f_mode = &file->f_mode;
-}
-
/*
* Check if the error is a "real" error that we should return.
*/
@@ -608,7 +587,6 @@
dprintk("%s: read %Zd bytes\n", bd->name, count);
bsg_set_block(bd, file);
- bsg_set_cmd_filter(bd, file);
bytes_read = 0;
ret = __bsg_read(buf, count, bd, NULL, &bytes_read);
@@ -621,7 +599,7 @@
}
static int __bsg_write(struct bsg_device *bd, const char __user *buf,
- size_t count, ssize_t *bytes_written)
+ size_t count, ssize_t *bytes_written, int has_write_perm)
{
struct bsg_command *bc;
struct request *rq;
@@ -652,7 +630,7 @@
/*
* get a request, fill in the blanks, and add to request queue
*/
- rq = bsg_map_hdr(bd, &bc->hdr);
+ rq = bsg_map_hdr(bd, &bc->hdr, has_write_perm);
if (IS_ERR(rq)) {
ret = PTR_ERR(rq);
rq = NULL;
@@ -683,10 +661,11 @@
dprintk("%s: write %Zd bytes\n", bd->name, count);
bsg_set_block(bd, file);
- bsg_set_cmd_filter(bd, file);
bytes_written = 0;
- ret = __bsg_write(bd, buf, count, &bytes_written);
+ ret = __bsg_write(bd, buf, count, &bytes_written,
+ file->f_mode & FMODE_WRITE);
+
*ppos = bytes_written;
/*
@@ -792,7 +771,6 @@
bd->queue = rq;
bsg_set_block(bd, file);
- bsg_set_cmd_filter(bd, file);
atomic_set(&bd->ref_count, 1);
mutex_lock(&bsg_mutex);
@@ -943,7 +921,7 @@
if (copy_from_user(&hdr, uarg, sizeof(hdr)))
return -EFAULT;
- rq = bsg_map_hdr(bd, &hdr);
+ rq = bsg_map_hdr(bd, &hdr, file->f_mode & FMODE_WRITE);
if (IS_ERR(rq))
return PTR_ERR(rq);