1 /*
2 * Changes:
3 * Arnaldo Carvalho de Melo <acme@conectiva.com.br> 08/23/2000
4 * - get rid of some verify_areas and use __copy*user and __get/put_user
5 * for the ones that remain
6 */
7 #define __NO_VERSION__
8 #include <linux/module.h>
9
10 #include <asm/io.h>
11 #include <asm/uaccess.h>
12 #include <asm/system.h>
13 #include <asm/page.h>
14
15 #include <linux/interrupt.h>
16 #include <linux/errno.h>
17 #include <linux/kernel.h>
18 #include <linux/sched.h>
19 #include <linux/mm.h>
20 #include <linux/string.h>
21
22 #include <linux/blk.h>
23 #include "scsi.h"
24 #include "hosts.h"
25 #include <scsi/scsi_ioctl.h>
26
27 #define NORMAL_RETRIES 5
28 #define IOCTL_NORMAL_TIMEOUT (10 * HZ)
29 #define FORMAT_UNIT_TIMEOUT (2 * 60 * 60 * HZ)
30 #define START_STOP_TIMEOUT (60 * HZ)
31 #define MOVE_MEDIUM_TIMEOUT (5 * 60 * HZ)
32 #define READ_ELEMENT_STATUS_TIMEOUT (5 * 60 * HZ)
33 #define READ_DEFECT_DATA_TIMEOUT (60 * HZ ) /* ZIP-250 on parallel port takes as long! */
34
35 #define MAX_BUF PAGE_SIZE
36
37 #define max(a,b) (((a) > (b)) ? (a) : (b))
38
39 /*
40 * If we are told to probe a host, we will return 0 if the host is not
41 * present, 1 if the host is present, and will return an identifying
42 * string at *arg, if arg is non null, filling to the length stored at
43 * (int *) arg
44 */
45
46 static int ioctl_probe(struct Scsi_Host *host, void *buffer)
47 {
48 unsigned int len, slen;
49 const char *string;
50 int temp = host->hostt->present;
51
52 if (temp && buffer) {
53 if (get_user(len, (unsigned int *) buffer))
54 return -EFAULT;
55
56 if (host->hostt->info)
57 string = host->hostt->info(host);
58 else
59 string = host->hostt->name;
60 if (string) {
61 slen = strlen(string);
62 if (len > slen)
63 len = slen + 1;
64 if (copy_to_user(buffer, string, len))
65 return -EFAULT;
66 }
67 }
68 return temp;
69 }
70
71 /*
72
73 * The SCSI_IOCTL_SEND_COMMAND ioctl sends a command out to the SCSI host.
74 * The IOCTL_NORMAL_TIMEOUT and NORMAL_RETRIES variables are used.
75 *
76 * dev is the SCSI device struct ptr, *(int *) arg is the length of the
77 * input data, if any, not including the command string & counts,
78 * *((int *)arg + 1) is the output buffer size in bytes.
79 *
80 * *(char *) ((int *) arg)[2] the actual command byte.
81 *
82 * Note that if more than MAX_BUF bytes are requested to be transfered,
83 * the ioctl will fail with error EINVAL. MAX_BUF can be increased in
84 * the future by increasing the size that scsi_malloc will accept.
85 *
86 * This size *does not* include the initial lengths that were passed.
87 *
88 * The SCSI command is read from the memory location immediately after the
89 * length words, and the input data is right after the command. The SCSI
90 * routines know the command size based on the opcode decode.
91 *
92 * The output area is then filled in starting from the command byte.
93 */
94
95 static int ioctl_internal_command(Scsi_Device * dev, char *cmd,
96 int timeout, int retries)
97 {
98 int result;
99 Scsi_Request *SRpnt;
100 Scsi_Device *SDpnt;
101
102
103 SCSI_LOG_IOCTL(1, printk("Trying ioctl with scsi command %d\n", cmd[0]));
104 SRpnt = scsi_allocate_request(dev);
105
106 SRpnt->sr_data_direction = SCSI_DATA_NONE;
107 scsi_wait_req(SRpnt, cmd, NULL, 0, timeout, retries);
108
109 SCSI_LOG_IOCTL(2, printk("Ioctl returned 0x%x\n", SRpnt->sr_result));
110
111 if (driver_byte(SRpnt->sr_result) != 0)
112 switch (SRpnt->sr_sense_buffer[2] & 0xf) {
113 case ILLEGAL_REQUEST:
114 if (cmd[0] == ALLOW_MEDIUM_REMOVAL)
115 dev->lockable = 0;
116 else
117 printk("SCSI device (ioctl) reports ILLEGAL REQUEST.\n");
118 break;
119 case NOT_READY: /* This happens if there is no disc in drive */
120 if (dev->removable && (cmd[0] != TEST_UNIT_READY)) {
121 printk(KERN_INFO "Device not ready. Make sure there is a disc in the drive.\n");
122 break;
123 }
124 case UNIT_ATTENTION:
125 if (dev->removable) {
126 dev->changed = 1;
127 SRpnt->sr_result = 0; /* This is no longer considered an error */
128 /* gag this error, VFS will log it anyway /axboe */
129 /* printk(KERN_INFO "Disc change detected.\n"); */
130 break;
131 };
132 default: /* Fall through for non-removable media */
133 printk("SCSI error: host %d id %d lun %d return code = %x\n",
134 dev->host->host_no,
135 dev->id,
136 dev->lun,
137 SRpnt->sr_result);
138 printk("\tSense class %x, sense error %x, extended sense %x\n",
139 sense_class(SRpnt->sr_sense_buffer[0]),
140 sense_error(SRpnt->sr_sense_buffer[0]),
141 SRpnt->sr_sense_buffer[2] & 0xf);
142
143 };
144
145 result = SRpnt->sr_result;
146
147 SCSI_LOG_IOCTL(2, printk("IOCTL Releasing command\n"));
148 SDpnt = SRpnt->sr_device;
149 scsi_release_request(SRpnt);
150 SRpnt = NULL;
151
152 return result;
153 }
154
155 /*
156 * This interface is depreciated - users should use the scsi generic (sg)
157 * interface instead, as this is a more flexible approach to performing
158 * generic SCSI commands on a device.
159 *
160 * The structure that we are passed should look like:
161 *
162 * struct sdata {
163 * unsigned int inlen; [i] Length of data to be written to device
164 * unsigned int outlen; [i] Length of data to be read from device
165 * unsigned char cmd[x]; [i] SCSI command (6 <= x <= 12).
166 * [o] Data read from device starts here.
167 * [o] On error, sense buffer starts here.
168 * unsigned char wdata[y]; [i] Data written to device starts here.
169 * };
170 * Notes:
171 * - The SCSI command length is determined by examining the 1st byte
172 * of the given command. There is no way to override this.
173 * - Data transfers are limited to PAGE_SIZE (4K on i386, 8K on alpha).
174 * - The length (x + y) must be at least OMAX_SB_LEN bytes long to
175 * accomodate the sense buffer when an error occurs.
176 * The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that
177 * old code will not be surprised.
178 * - If a Unix error occurs (e.g. ENOMEM) then the user will receive
179 * a negative return and the Unix error code in 'errno'.
180 * If the SCSI command succeeds then 0 is returned.
181 * Positive numbers returned are the compacted SCSI error codes (4
182 * bytes in one int) where the lowest byte is the SCSI status.
183 * See the drivers/scsi/scsi.h file for more information on this.
184 *
185 */
186 #define OMAX_SB_LEN 16 /* Old sense buffer length */
187
188 int scsi_ioctl_send_command(Scsi_Device * dev, Scsi_Ioctl_Command * sic)
189 {
190 char *buf;
191 unsigned char cmd[MAX_COMMAND_SIZE];
192 char *cmd_in;
193 Scsi_Request *SRpnt;
194 Scsi_Device *SDpnt;
195 unsigned char opcode;
196 int inlen, outlen, cmdlen;
197 int needed, buf_needed;
198 int timeout, retries, result;
199 int data_direction;
200
201 if (!sic)
202 return -EINVAL;
203 /*
204 * Verify that we can read at least this much.
205 */
206 if (verify_area(VERIFY_READ, sic, sizeof(Scsi_Ioctl_Command)))
207 return -EFAULT;
208
209 __get_user(inlen, &sic->inlen);
210 __get_user(outlen, &sic->outlen);
211
212 /*
213 * We do not transfer more than MAX_BUF with this interface.
214 * If the user needs to transfer more data than this, they
215 * should use scsi_generics (sg) instead.
216 */
217 if (inlen > MAX_BUF)
218 return -EINVAL;
219 if (outlen > MAX_BUF)
220 return -EINVAL;
221
222 cmd_in = sic->data;
223 __get_user(opcode, cmd_in);
224
225 needed = buf_needed = (inlen > outlen ? inlen : outlen);
226 if (buf_needed) {
227 buf_needed = (buf_needed + 511) & ~511;
228 if (buf_needed > MAX_BUF)
229 buf_needed = MAX_BUF;
230 buf = (char *) scsi_malloc(buf_needed);
231 if (!buf)
232 return -ENOMEM;
233 memset(buf, 0, buf_needed);
234 if( inlen == 0 ) {
235 data_direction = SCSI_DATA_READ;
236 } else if (outlen == 0 ) {
237 data_direction = SCSI_DATA_WRITE;
238 } else {
239 /*
240 * Can this ever happen?
241 */
242 data_direction = SCSI_DATA_UNKNOWN;
243 }
244
245 } else {
246 buf = NULL;
247 data_direction = SCSI_DATA_NONE;
248 }
249
250 /*
251 * Obtain the command from the user's address space.
252 */
253 cmdlen = COMMAND_SIZE(opcode);
254
255 if (verify_area(VERIFY_READ, cmd_in, cmdlen + inlen))
256 return -EFAULT;
257
258 __copy_from_user(cmd, cmd_in, cmdlen);
259
260 /*
261 * Obtain the data to be sent to the device (if any).
262 */
263 __copy_from_user(buf, cmd_in + cmdlen, inlen);
264
265 /*
266 * Set the lun field to the correct value.
267 */
268 cmd[1] = (cmd[1] & 0x1f) | (dev->lun << 5);
269
270 switch (opcode) {
271 case FORMAT_UNIT:
272 timeout = FORMAT_UNIT_TIMEOUT;
273 retries = 1;
274 break;
275 case START_STOP:
276 timeout = START_STOP_TIMEOUT;
277 retries = NORMAL_RETRIES;
278 break;
279 case MOVE_MEDIUM:
280 timeout = MOVE_MEDIUM_TIMEOUT;
281 retries = NORMAL_RETRIES;
282 break;
283 case READ_ELEMENT_STATUS:
284 timeout = READ_ELEMENT_STATUS_TIMEOUT;
285 retries = NORMAL_RETRIES;
286 break;
287 case READ_DEFECT_DATA:
288 timeout = READ_DEFECT_DATA_TIMEOUT;
289 retries = 1;
290 break;
291 default:
292 timeout = IOCTL_NORMAL_TIMEOUT;
293 retries = NORMAL_RETRIES;
294 break;
295 }
296
297 #ifndef DEBUG_NO_CMD
298
299
300 SRpnt = scsi_allocate_request(dev);
301 if( SRpnt == NULL )
302 {
303 return -EINTR;
304 }
305
306 SRpnt->sr_data_direction = data_direction;
307 scsi_wait_req(SRpnt, cmd, buf, needed, timeout, retries);
308
309 /*
310 * If there was an error condition, pass the info back to the user.
311 */
312 if (SRpnt->sr_result) {
313 int sb_len = sizeof(SRpnt->sr_sense_buffer);
314
315 sb_len = (sb_len > OMAX_SB_LEN) ? OMAX_SB_LEN : sb_len;
316 if (copy_to_user(cmd_in, SRpnt->sr_sense_buffer, sb_len))
317 return -EFAULT;
318 } else
319 if (copy_to_user(cmd_in, buf, outlen))
320 return -EFAULT;
321
322 result = SRpnt->sr_result;
323
324 SDpnt = SRpnt->sr_device;
325 scsi_release_request(SRpnt);
326 SRpnt = NULL;
327
328 if (buf)
329 scsi_free(buf, buf_needed);
330
331
332 return result;
333 #else
334 {
335 int i;
336 printk("scsi_ioctl : device %d. command = ", dev->id);
337 for (i = 0; i < cmdlen; ++i)
338 printk("%02x ", cmd[i]);
339 printk("\nbuffer =");
340 for (i = 0; i < 20; ++i)
341 printk("%02x ", buf[i]);
342 printk("\n");
343 printk("inlen = %d, outlen = %d, cmdlen = %d\n",
344 inlen, outlen, cmdlen);
345 printk("buffer = %d, cmd_in = %d\n", buffer, cmd_in);
346 }
347 return 0;
348 #endif
349 }
350
351 /*
352 * the scsi_ioctl() function differs from most ioctls in that it does
353 * not take a major/minor number as the dev field. Rather, it takes
354 * a pointer to a scsi_devices[] element, a structure.
355 */
356 int scsi_ioctl(Scsi_Device * dev, int cmd, void *arg)
357 {
358 char scsi_cmd[MAX_COMMAND_SIZE];
359
360 /* No idea how this happens.... */
361 if (!dev)
362 return -ENXIO;
363
364 /*
365 * If we are in the middle of error recovery, don't let anyone
366 * else try and use this device. Also, if error recovery fails, it
367 * may try and take the device offline, in which case all further
368 * access to the device is prohibited.
369 */
370 if (!scsi_block_when_processing_errors(dev)) {
371 return -ENODEV;
372 }
373 switch (cmd) {
374 case SCSI_IOCTL_GET_IDLUN:
375 if (verify_area(VERIFY_WRITE, arg, sizeof(Scsi_Idlun)))
376 return -EFAULT;
377
378 __put_user(dev->id
379 + (dev->lun << 8)
380 + (dev->channel << 16)
381 + ((dev->host->host_no & 0xff) << 24),
382 &((Scsi_Idlun *) arg)->dev_id);
383 __put_user(dev->host->unique_id, &((Scsi_Idlun *) arg)->host_unique_id);
384 return 0;
385 case SCSI_IOCTL_GET_BUS_NUMBER:
386 return put_user(dev->host->host_no, (int *) arg);
387 case SCSI_IOCTL_TAGGED_ENABLE:
388 if (!capable(CAP_SYS_ADMIN))
389 return -EACCES;
390 if (!dev->tagged_supported)
391 return -EINVAL;
392 dev->tagged_queue = 1;
393 dev->current_tag = 1;
394 return 0;
395 case SCSI_IOCTL_TAGGED_DISABLE:
396 if (!capable(CAP_SYS_ADMIN))
397 return -EACCES;
398 if (!dev->tagged_supported)
399 return -EINVAL;
400 dev->tagged_queue = 0;
401 dev->current_tag = 0;
402 return 0;
403 case SCSI_IOCTL_PROBE_HOST:
404 return ioctl_probe(dev->host, arg);
405 case SCSI_IOCTL_SEND_COMMAND:
406 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
407 return -EACCES;
408 return scsi_ioctl_send_command((Scsi_Device *) dev,
409 (Scsi_Ioctl_Command *) arg);
410 case SCSI_IOCTL_DOORLOCK:
411 if (!dev->removable || !dev->lockable)
412 return 0;
413 scsi_cmd[0] = ALLOW_MEDIUM_REMOVAL;
414 scsi_cmd[1] = dev->lun << 5;
415 scsi_cmd[2] = scsi_cmd[3] = scsi_cmd[5] = 0;
416 scsi_cmd[4] = SCSI_REMOVAL_PREVENT;
417 return ioctl_internal_command((Scsi_Device *) dev, scsi_cmd,
418 IOCTL_NORMAL_TIMEOUT, NORMAL_RETRIES);
419 break;
420 case SCSI_IOCTL_DOORUNLOCK:
421 if (!dev->removable || !dev->lockable)
422 return 0;
423 scsi_cmd[0] = ALLOW_MEDIUM_REMOVAL;
424 scsi_cmd[1] = dev->lun << 5;
425 scsi_cmd[2] = scsi_cmd[3] = scsi_cmd[5] = 0;
426 scsi_cmd[4] = SCSI_REMOVAL_ALLOW;
427 return ioctl_internal_command((Scsi_Device *) dev, scsi_cmd,
428 IOCTL_NORMAL_TIMEOUT, NORMAL_RETRIES);
429 case SCSI_IOCTL_TEST_UNIT_READY:
430 scsi_cmd[0] = TEST_UNIT_READY;
431 scsi_cmd[1] = dev->lun << 5;
432 scsi_cmd[2] = scsi_cmd[3] = scsi_cmd[5] = 0;
433 scsi_cmd[4] = 0;
434 return ioctl_internal_command((Scsi_Device *) dev, scsi_cmd,
435 IOCTL_NORMAL_TIMEOUT, NORMAL_RETRIES);
436 break;
437 case SCSI_IOCTL_START_UNIT:
438 scsi_cmd[0] = START_STOP;
439 scsi_cmd[1] = dev->lun << 5;
440 scsi_cmd[2] = scsi_cmd[3] = scsi_cmd[5] = 0;
441 scsi_cmd[4] = 1;
442 return ioctl_internal_command((Scsi_Device *) dev, scsi_cmd,
443 START_STOP_TIMEOUT, NORMAL_RETRIES);
444 break;
445 case SCSI_IOCTL_STOP_UNIT:
446 scsi_cmd[0] = START_STOP;
447 scsi_cmd[1] = dev->lun << 5;
448 scsi_cmd[2] = scsi_cmd[3] = scsi_cmd[5] = 0;
449 scsi_cmd[4] = 0;
450 return ioctl_internal_command((Scsi_Device *) dev, scsi_cmd,
451 START_STOP_TIMEOUT, NORMAL_RETRIES);
452 break;
453 default:
454 if (dev->host->hostt->ioctl)
455 return dev->host->hostt->ioctl(dev, cmd, arg);
456 return -EINVAL;
457 }
458 return -EINVAL;
459 }
460
461 /*
462 * Just like scsi_ioctl, only callable from kernel space with no
463 * fs segment fiddling.
464 */
465
466 int kernel_scsi_ioctl(Scsi_Device * dev, int cmd, void *arg)
467 {
468 mm_segment_t oldfs;
469 int tmp;
470 oldfs = get_fs();
471 set_fs(get_ds());
472 tmp = scsi_ioctl(dev, cmd, arg);
473 set_fs(oldfs);
474 return tmp;
475 }
476
477 /*
478 * Overrides for Emacs so that we almost follow Linus's tabbing style.
479 * Emacs will notice this stuff at the end of the file and automatically
480 * adjust the settings for this buffer only. This must remain at the end
481 * of the file.
482 * ---------------------------------------------------------------------------
483 * Local variables:
484 * c-indent-level: 4
485 * c-brace-imaginary-offset: 0
486 * c-brace-offset: -4
487 * c-argdecl-indent: 4
488 * c-label-offset: -4
489 * c-continued-statement-offset: 4
490 * c-continued-brace-offset: 0
491 * indent-tabs-mode: nil
492 * tab-width: 8
493 * End:
494 */
495
This page was automatically generated by the
LXR engine.
Visit the LXR main site for more
information.