1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * History: |
4 | * Started: Aug 9 by Lawrence Foard (entropy@world.std.com), |
5 | * to allow user process control of SCSI devices. |
6 | * Development Sponsored by Killy Corp. NY NY |
7 | * |
8 | * Original driver (sg.c): |
9 | * Copyright (C) 1992 Lawrence Foard |
10 | * Version 2 and 3 extensions to driver: |
11 | * Copyright (C) 1998 - 2014 Douglas Gilbert |
12 | */ |
13 | |
14 | static int sg_version_num = 30536; /* 2 digits for each component */ |
15 | #define SG_VERSION_STR "3.5.36" |
16 | |
17 | /* |
18 | * D. P. Gilbert (dgilbert@interlog.com), notes: |
19 | * - scsi logging is available via SCSI_LOG_TIMEOUT macros. First |
20 | * the kernel/module needs to be built with CONFIG_SCSI_LOGGING |
21 | * (otherwise the macros compile to empty statements). |
22 | * |
23 | */ |
24 | #include <linux/module.h> |
25 | |
26 | #include <linux/fs.h> |
27 | #include <linux/kernel.h> |
28 | #include <linux/sched.h> |
29 | #include <linux/string.h> |
30 | #include <linux/mm.h> |
31 | #include <linux/errno.h> |
32 | #include <linux/mtio.h> |
33 | #include <linux/ioctl.h> |
34 | #include <linux/major.h> |
35 | #include <linux/slab.h> |
36 | #include <linux/fcntl.h> |
37 | #include <linux/init.h> |
38 | #include <linux/poll.h> |
39 | #include <linux/moduleparam.h> |
40 | #include <linux/cdev.h> |
41 | #include <linux/idr.h> |
42 | #include <linux/seq_file.h> |
43 | #include <linux/blkdev.h> |
44 | #include <linux/delay.h> |
45 | #include <linux/blktrace_api.h> |
46 | #include <linux/mutex.h> |
47 | #include <linux/atomic.h> |
48 | #include <linux/ratelimit.h> |
49 | #include <linux/uio.h> |
50 | #include <linux/cred.h> /* for sg_check_file_access() */ |
51 | |
52 | #include <scsi/scsi.h> |
53 | #include <scsi/scsi_cmnd.h> |
54 | #include <scsi/scsi_dbg.h> |
55 | #include <scsi/scsi_device.h> |
56 | #include <scsi/scsi_driver.h> |
57 | #include <scsi/scsi_eh.h> |
58 | #include <scsi/scsi_host.h> |
59 | #include <scsi/scsi_ioctl.h> |
60 | #include <scsi/scsi_tcq.h> |
61 | #include <scsi/sg.h> |
62 | |
63 | #include "scsi_logging.h" |
64 | |
65 | #ifdef CONFIG_SCSI_PROC_FS |
66 | #include <linux/proc_fs.h> |
67 | static char *sg_version_date = "20140603" ; |
68 | |
69 | static int sg_proc_init(void); |
70 | #endif |
71 | |
72 | #define SG_ALLOW_DIO_DEF 0 |
73 | |
74 | #define SG_MAX_DEVS (1 << MINORBITS) |
75 | |
76 | /* SG_MAX_CDB_SIZE should be 260 (spc4r37 section 3.1.30) however the type |
77 | * of sg_io_hdr::cmd_len can only represent 255. All SCSI commands greater |
78 | * than 16 bytes are "variable length" whose length is a multiple of 4 |
79 | */ |
80 | #define SG_MAX_CDB_SIZE 252 |
81 | |
82 | #define SG_DEFAULT_TIMEOUT mult_frac(SG_DEFAULT_TIMEOUT_USER, HZ, USER_HZ) |
83 | |
84 | static int sg_big_buff = SG_DEF_RESERVED_SIZE; |
85 | /* N.B. This variable is readable and writeable via |
86 | /proc/scsi/sg/def_reserved_size . Each time sg_open() is called a buffer |
87 | of this size (or less if there is not enough memory) will be reserved |
88 | for use by this file descriptor. [Deprecated usage: this variable is also |
89 | readable via /proc/sys/kernel/sg-big-buff if the sg driver is built into |
90 | the kernel (i.e. it is not a module).] */ |
91 | static int def_reserved_size = -1; /* picks up init parameter */ |
92 | static int sg_allow_dio = SG_ALLOW_DIO_DEF; |
93 | |
94 | static int scatter_elem_sz = SG_SCATTER_SZ; |
95 | static int scatter_elem_sz_prev = SG_SCATTER_SZ; |
96 | |
97 | #define SG_SECTOR_SZ 512 |
98 | |
99 | static int sg_add_device(struct device *); |
100 | static void sg_remove_device(struct device *); |
101 | |
102 | static DEFINE_IDR(sg_index_idr); |
103 | static DEFINE_RWLOCK(sg_index_lock); /* Also used to lock |
104 | file descriptor list for device */ |
105 | |
106 | static struct class_interface sg_interface = { |
107 | .add_dev = sg_add_device, |
108 | .remove_dev = sg_remove_device, |
109 | }; |
110 | |
111 | typedef struct sg_scatter_hold { /* holding area for scsi scatter gather info */ |
112 | unsigned short k_use_sg; /* Count of kernel scatter-gather pieces */ |
113 | unsigned sglist_len; /* size of malloc'd scatter-gather list ++ */ |
114 | unsigned bufflen; /* Size of (aggregate) data buffer */ |
115 | struct page **pages; |
116 | int page_order; |
117 | char dio_in_use; /* 0->indirect IO (or mmap), 1->dio */ |
118 | unsigned char cmd_opcode; /* first byte of command */ |
119 | } Sg_scatter_hold; |
120 | |
121 | struct sg_device; /* forward declarations */ |
122 | struct sg_fd; |
123 | |
124 | typedef struct sg_request { /* SG_MAX_QUEUE requests outstanding per file */ |
125 | struct list_head entry; /* list entry */ |
126 | struct sg_fd *parentfp; /* NULL -> not in use */ |
127 | Sg_scatter_hold data; /* hold buffer, perhaps scatter list */ |
128 | sg_io_hdr_t ; /* scsi command+info, see <scsi/sg.h> */ |
129 | unsigned char sense_b[SCSI_SENSE_BUFFERSIZE]; |
130 | char res_used; /* 1 -> using reserve buffer, 0 -> not ... */ |
131 | char orphan; /* 1 -> drop on sight, 0 -> normal */ |
132 | char sg_io_owned; /* 1 -> packet belongs to SG_IO */ |
133 | /* done protected by rq_list_lock */ |
134 | char done; /* 0->before bh, 1->before read, 2->read */ |
135 | struct request *rq; |
136 | struct bio *bio; |
137 | struct execute_work ew; |
138 | } Sg_request; |
139 | |
140 | typedef struct sg_fd { /* holds the state of a file descriptor */ |
141 | struct list_head sfd_siblings; /* protected by device's sfd_lock */ |
142 | struct sg_device *parentdp; /* owning device */ |
143 | wait_queue_head_t read_wait; /* queue read until command done */ |
144 | rwlock_t rq_list_lock; /* protect access to list in req_arr */ |
145 | struct mutex f_mutex; /* protect against changes in this fd */ |
146 | int timeout; /* defaults to SG_DEFAULT_TIMEOUT */ |
147 | int timeout_user; /* defaults to SG_DEFAULT_TIMEOUT_USER */ |
148 | Sg_scatter_hold reserve; /* buffer held for this file descriptor */ |
149 | struct list_head rq_list; /* head of request list */ |
150 | struct fasync_struct *async_qp; /* used by asynchronous notification */ |
151 | Sg_request req_arr[SG_MAX_QUEUE]; /* used as singly-linked list */ |
152 | char force_packid; /* 1 -> pack_id input to read(), 0 -> ignored */ |
153 | char cmd_q; /* 1 -> allow command queuing, 0 -> don't */ |
154 | unsigned char next_cmd_len; /* 0: automatic, >0: use on next write() */ |
155 | char keep_orphan; /* 0 -> drop orphan (def), 1 -> keep for read() */ |
156 | char mmap_called; /* 0 -> mmap() never called on this fd */ |
157 | char res_in_use; /* 1 -> 'reserve' array in use */ |
158 | struct kref f_ref; |
159 | struct execute_work ew; |
160 | } Sg_fd; |
161 | |
162 | typedef struct sg_device { /* holds the state of each scsi generic device */ |
163 | struct scsi_device *device; |
164 | wait_queue_head_t open_wait; /* queue open() when O_EXCL present */ |
165 | struct mutex open_rel_lock; /* held when in open() or release() */ |
166 | int sg_tablesize; /* adapter's max scatter-gather table size */ |
167 | u32 index; /* device index number */ |
168 | struct list_head sfds; |
169 | rwlock_t sfd_lock; /* protect access to sfd list */ |
170 | atomic_t detaching; /* 0->device usable, 1->device detaching */ |
171 | bool exclude; /* 1->open(O_EXCL) succeeded and is active */ |
172 | int open_cnt; /* count of opens (perhaps < num(sfds) ) */ |
173 | char sgdebug; /* 0->off, 1->sense, 9->dump dev, 10-> all devs */ |
174 | char name[DISK_NAME_LEN]; |
175 | struct cdev * cdev; /* char_dev [sysfs: /sys/cdev/major/sg<n>] */ |
176 | struct kref d_ref; |
177 | } Sg_device; |
178 | |
179 | /* tasklet or soft irq callback */ |
180 | static enum rq_end_io_ret sg_rq_end_io(struct request *rq, blk_status_t status); |
181 | static int sg_start_req(Sg_request *srp, unsigned char *cmd); |
182 | static int sg_finish_rem_req(Sg_request * srp); |
183 | static int sg_build_indirect(Sg_scatter_hold * schp, Sg_fd * sfp, int buff_size); |
184 | static ssize_t sg_new_read(Sg_fd * sfp, char __user *buf, size_t count, |
185 | Sg_request * srp); |
186 | static ssize_t sg_new_write(Sg_fd *sfp, struct file *file, |
187 | const char __user *buf, size_t count, int blocking, |
188 | int read_only, int sg_io_owned, Sg_request **o_srp); |
189 | static int sg_common_write(Sg_fd * sfp, Sg_request * srp, |
190 | unsigned char *cmnd, int timeout, int blocking); |
191 | static int sg_read_oxfer(Sg_request * srp, char __user *outp, int num_read_xfer); |
192 | static void sg_remove_scat(Sg_fd * sfp, Sg_scatter_hold * schp); |
193 | static void sg_build_reserve(Sg_fd * sfp, int req_size); |
194 | static void sg_link_reserve(Sg_fd * sfp, Sg_request * srp, int size); |
195 | static void sg_unlink_reserve(Sg_fd * sfp, Sg_request * srp); |
196 | static Sg_fd *sg_add_sfp(Sg_device * sdp); |
197 | static void sg_remove_sfp(struct kref *); |
198 | static Sg_request *sg_get_rq_mark(Sg_fd * sfp, int pack_id, bool *busy); |
199 | static Sg_request *sg_add_request(Sg_fd * sfp); |
200 | static int sg_remove_request(Sg_fd * sfp, Sg_request * srp); |
201 | static Sg_device *sg_get_dev(int dev); |
202 | static void sg_device_destroy(struct kref *kref); |
203 | |
204 | #define sizeof(struct sg_header) |
205 | #define SZ_SG_IO_HDR sizeof(sg_io_hdr_t) |
206 | #define SZ_SG_IOVEC sizeof(sg_iovec_t) |
207 | #define SZ_SG_REQ_INFO sizeof(sg_req_info_t) |
208 | |
209 | #define sg_printk(prefix, sdp, fmt, a...) \ |
210 | sdev_prefix_printk(prefix, (sdp)->device, (sdp)->name, fmt, ##a) |
211 | |
212 | /* |
213 | * The SCSI interfaces that use read() and write() as an asynchronous variant of |
214 | * ioctl(..., SG_IO, ...) are fundamentally unsafe, since there are lots of ways |
215 | * to trigger read() and write() calls from various contexts with elevated |
216 | * privileges. This can lead to kernel memory corruption (e.g. if these |
217 | * interfaces are called through splice()) and privilege escalation inside |
218 | * userspace (e.g. if a process with access to such a device passes a file |
219 | * descriptor to a SUID binary as stdin/stdout/stderr). |
220 | * |
221 | * This function provides protection for the legacy API by restricting the |
222 | * calling context. |
223 | */ |
224 | static int sg_check_file_access(struct file *filp, const char *caller) |
225 | { |
226 | if (filp->f_cred != current_real_cred()) { |
227 | pr_err_once("%s: process %d (%s) changed security contexts after opening file descriptor, this is not allowed.\n" , |
228 | caller, task_tgid_vnr(current), current->comm); |
229 | return -EPERM; |
230 | } |
231 | return 0; |
232 | } |
233 | |
234 | static int sg_allow_access(struct file *filp, unsigned char *cmd) |
235 | { |
236 | struct sg_fd *sfp = filp->private_data; |
237 | |
238 | if (sfp->parentdp->device->type == TYPE_SCANNER) |
239 | return 0; |
240 | if (!scsi_cmd_allowed(cmd, open_for_write: filp->f_mode & FMODE_WRITE)) |
241 | return -EPERM; |
242 | return 0; |
243 | } |
244 | |
245 | static int |
246 | open_wait(Sg_device *sdp, int flags) |
247 | { |
248 | int retval = 0; |
249 | |
250 | if (flags & O_EXCL) { |
251 | while (sdp->open_cnt > 0) { |
252 | mutex_unlock(lock: &sdp->open_rel_lock); |
253 | retval = wait_event_interruptible(sdp->open_wait, |
254 | (atomic_read(&sdp->detaching) || |
255 | !sdp->open_cnt)); |
256 | mutex_lock(&sdp->open_rel_lock); |
257 | |
258 | if (retval) /* -ERESTARTSYS */ |
259 | return retval; |
260 | if (atomic_read(v: &sdp->detaching)) |
261 | return -ENODEV; |
262 | } |
263 | } else { |
264 | while (sdp->exclude) { |
265 | mutex_unlock(lock: &sdp->open_rel_lock); |
266 | retval = wait_event_interruptible(sdp->open_wait, |
267 | (atomic_read(&sdp->detaching) || |
268 | !sdp->exclude)); |
269 | mutex_lock(&sdp->open_rel_lock); |
270 | |
271 | if (retval) /* -ERESTARTSYS */ |
272 | return retval; |
273 | if (atomic_read(v: &sdp->detaching)) |
274 | return -ENODEV; |
275 | } |
276 | } |
277 | |
278 | return retval; |
279 | } |
280 | |
281 | /* Returns 0 on success, else a negated errno value */ |
282 | static int |
283 | sg_open(struct inode *inode, struct file *filp) |
284 | { |
285 | int dev = iminor(inode); |
286 | int flags = filp->f_flags; |
287 | struct request_queue *q; |
288 | Sg_device *sdp; |
289 | Sg_fd *sfp; |
290 | int retval; |
291 | |
292 | nonseekable_open(inode, filp); |
293 | if ((flags & O_EXCL) && (O_RDONLY == (flags & O_ACCMODE))) |
294 | return -EPERM; /* Can't lock it with read only access */ |
295 | sdp = sg_get_dev(dev); |
296 | if (IS_ERR(ptr: sdp)) |
297 | return PTR_ERR(ptr: sdp); |
298 | |
299 | SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, |
300 | "sg_open: flags=0x%x\n" , flags)); |
301 | |
302 | /* This driver's module count bumped by fops_get in <linux/fs.h> */ |
303 | /* Prevent the device driver from vanishing while we sleep */ |
304 | retval = scsi_device_get(sdp->device); |
305 | if (retval) |
306 | goto sg_put; |
307 | |
308 | retval = scsi_autopm_get_device(sdp->device); |
309 | if (retval) |
310 | goto sdp_put; |
311 | |
312 | /* scsi_block_when_processing_errors() may block so bypass |
313 | * check if O_NONBLOCK. Permits SCSI commands to be issued |
314 | * during error recovery. Tread carefully. */ |
315 | if (!((flags & O_NONBLOCK) || |
316 | scsi_block_when_processing_errors(sdp->device))) { |
317 | retval = -ENXIO; |
318 | /* we are in error recovery for this device */ |
319 | goto error_out; |
320 | } |
321 | |
322 | mutex_lock(&sdp->open_rel_lock); |
323 | if (flags & O_NONBLOCK) { |
324 | if (flags & O_EXCL) { |
325 | if (sdp->open_cnt > 0) { |
326 | retval = -EBUSY; |
327 | goto error_mutex_locked; |
328 | } |
329 | } else { |
330 | if (sdp->exclude) { |
331 | retval = -EBUSY; |
332 | goto error_mutex_locked; |
333 | } |
334 | } |
335 | } else { |
336 | retval = open_wait(sdp, flags); |
337 | if (retval) /* -ERESTARTSYS or -ENODEV */ |
338 | goto error_mutex_locked; |
339 | } |
340 | |
341 | /* N.B. at this point we are holding the open_rel_lock */ |
342 | if (flags & O_EXCL) |
343 | sdp->exclude = true; |
344 | |
345 | if (sdp->open_cnt < 1) { /* no existing opens */ |
346 | sdp->sgdebug = 0; |
347 | q = sdp->device->request_queue; |
348 | sdp->sg_tablesize = queue_max_segments(q); |
349 | } |
350 | sfp = sg_add_sfp(sdp); |
351 | if (IS_ERR(ptr: sfp)) { |
352 | retval = PTR_ERR(ptr: sfp); |
353 | goto out_undo; |
354 | } |
355 | |
356 | filp->private_data = sfp; |
357 | sdp->open_cnt++; |
358 | mutex_unlock(lock: &sdp->open_rel_lock); |
359 | |
360 | retval = 0; |
361 | sg_put: |
362 | kref_put(kref: &sdp->d_ref, release: sg_device_destroy); |
363 | return retval; |
364 | |
365 | out_undo: |
366 | if (flags & O_EXCL) { |
367 | sdp->exclude = false; /* undo if error */ |
368 | wake_up_interruptible(&sdp->open_wait); |
369 | } |
370 | error_mutex_locked: |
371 | mutex_unlock(lock: &sdp->open_rel_lock); |
372 | error_out: |
373 | scsi_autopm_put_device(sdp->device); |
374 | sdp_put: |
375 | scsi_device_put(sdp->device); |
376 | goto sg_put; |
377 | } |
378 | |
379 | /* Release resources associated with a successful sg_open() |
380 | * Returns 0 on success, else a negated errno value */ |
381 | static int |
382 | sg_release(struct inode *inode, struct file *filp) |
383 | { |
384 | Sg_device *sdp; |
385 | Sg_fd *sfp; |
386 | |
387 | if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp))) |
388 | return -ENXIO; |
389 | SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, "sg_release\n" )); |
390 | |
391 | mutex_lock(&sdp->open_rel_lock); |
392 | scsi_autopm_put_device(sdp->device); |
393 | kref_put(kref: &sfp->f_ref, release: sg_remove_sfp); |
394 | sdp->open_cnt--; |
395 | |
396 | /* possibly many open()s waiting on exlude clearing, start many; |
397 | * only open(O_EXCL)s wait on 0==open_cnt so only start one */ |
398 | if (sdp->exclude) { |
399 | sdp->exclude = false; |
400 | wake_up_interruptible_all(&sdp->open_wait); |
401 | } else if (0 == sdp->open_cnt) { |
402 | wake_up_interruptible(&sdp->open_wait); |
403 | } |
404 | mutex_unlock(lock: &sdp->open_rel_lock); |
405 | return 0; |
406 | } |
407 | |
408 | static int get_sg_io_pack_id(int *pack_id, void __user *buf, size_t count) |
409 | { |
410 | struct sg_header __user *old_hdr = buf; |
411 | int reply_len; |
412 | |
413 | if (count >= SZ_SG_HEADER) { |
414 | /* negative reply_len means v3 format, otherwise v1/v2 */ |
415 | if (get_user(reply_len, &old_hdr->reply_len)) |
416 | return -EFAULT; |
417 | |
418 | if (reply_len >= 0) |
419 | return get_user(*pack_id, &old_hdr->pack_id); |
420 | |
421 | if (in_compat_syscall() && |
422 | count >= sizeof(struct compat_sg_io_hdr)) { |
423 | struct compat_sg_io_hdr __user *hp = buf; |
424 | |
425 | return get_user(*pack_id, &hp->pack_id); |
426 | } |
427 | |
428 | if (count >= sizeof(struct sg_io_hdr)) { |
429 | struct sg_io_hdr __user *hp = buf; |
430 | |
431 | return get_user(*pack_id, &hp->pack_id); |
432 | } |
433 | } |
434 | |
435 | /* no valid header was passed, so ignore the pack_id */ |
436 | *pack_id = -1; |
437 | return 0; |
438 | } |
439 | |
440 | static ssize_t |
441 | sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos) |
442 | { |
443 | Sg_device *sdp; |
444 | Sg_fd *sfp; |
445 | Sg_request *srp; |
446 | int req_pack_id = -1; |
447 | bool busy; |
448 | sg_io_hdr_t *hp; |
449 | struct sg_header *old_hdr; |
450 | int retval; |
451 | |
452 | /* |
453 | * This could cause a response to be stranded. Close the associated |
454 | * file descriptor to free up any resources being held. |
455 | */ |
456 | retval = sg_check_file_access(filp, caller: __func__); |
457 | if (retval) |
458 | return retval; |
459 | |
460 | if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp))) |
461 | return -ENXIO; |
462 | SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, |
463 | "sg_read: count=%d\n" , (int) count)); |
464 | |
465 | if (sfp->force_packid) |
466 | retval = get_sg_io_pack_id(pack_id: &req_pack_id, buf, count); |
467 | if (retval) |
468 | return retval; |
469 | |
470 | srp = sg_get_rq_mark(sfp, pack_id: req_pack_id, busy: &busy); |
471 | if (!srp) { /* now wait on packet to arrive */ |
472 | if (filp->f_flags & O_NONBLOCK) |
473 | return -EAGAIN; |
474 | retval = wait_event_interruptible(sfp->read_wait, |
475 | ((srp = sg_get_rq_mark(sfp, req_pack_id, &busy)) || |
476 | (!busy && atomic_read(&sdp->detaching)))); |
477 | if (!srp) |
478 | /* signal or detaching */ |
479 | return retval ? retval : -ENODEV; |
480 | } |
481 | if (srp->header.interface_id != '\0') |
482 | return sg_new_read(sfp, buf, count, srp); |
483 | |
484 | hp = &srp->header; |
485 | old_hdr = kzalloc(SZ_SG_HEADER, GFP_KERNEL); |
486 | if (!old_hdr) |
487 | return -ENOMEM; |
488 | |
489 | old_hdr->reply_len = (int) hp->timeout; |
490 | old_hdr->pack_len = old_hdr->reply_len; /* old, strange behaviour */ |
491 | old_hdr->pack_id = hp->pack_id; |
492 | old_hdr->twelve_byte = |
493 | ((srp->data.cmd_opcode >= 0xc0) && (12 == hp->cmd_len)) ? 1 : 0; |
494 | old_hdr->target_status = hp->masked_status; |
495 | old_hdr->host_status = hp->host_status; |
496 | old_hdr->driver_status = hp->driver_status; |
497 | if ((CHECK_CONDITION & hp->masked_status) || |
498 | (srp->sense_b[0] & 0x70) == 0x70) { |
499 | old_hdr->driver_status = DRIVER_SENSE; |
500 | memcpy(old_hdr->sense_buffer, srp->sense_b, |
501 | sizeof (old_hdr->sense_buffer)); |
502 | } |
503 | switch (hp->host_status) { |
504 | /* This setup of 'result' is for backward compatibility and is best |
505 | ignored by the user who should use target, host + driver status */ |
506 | case DID_OK: |
507 | case DID_PASSTHROUGH: |
508 | case DID_SOFT_ERROR: |
509 | old_hdr->result = 0; |
510 | break; |
511 | case DID_NO_CONNECT: |
512 | case DID_BUS_BUSY: |
513 | case DID_TIME_OUT: |
514 | old_hdr->result = EBUSY; |
515 | break; |
516 | case DID_BAD_TARGET: |
517 | case DID_ABORT: |
518 | case DID_PARITY: |
519 | case DID_RESET: |
520 | case DID_BAD_INTR: |
521 | old_hdr->result = EIO; |
522 | break; |
523 | case DID_ERROR: |
524 | old_hdr->result = (srp->sense_b[0] == 0 && |
525 | hp->masked_status == GOOD) ? 0 : EIO; |
526 | break; |
527 | default: |
528 | old_hdr->result = EIO; |
529 | break; |
530 | } |
531 | |
532 | /* Now copy the result back to the user buffer. */ |
533 | if (count >= SZ_SG_HEADER) { |
534 | if (copy_to_user(to: buf, from: old_hdr, SZ_SG_HEADER)) { |
535 | retval = -EFAULT; |
536 | goto free_old_hdr; |
537 | } |
538 | buf += SZ_SG_HEADER; |
539 | if (count > old_hdr->reply_len) |
540 | count = old_hdr->reply_len; |
541 | if (count > SZ_SG_HEADER) { |
542 | if (sg_read_oxfer(srp, outp: buf, num_read_xfer: count - SZ_SG_HEADER)) { |
543 | retval = -EFAULT; |
544 | goto free_old_hdr; |
545 | } |
546 | } |
547 | } else |
548 | count = (old_hdr->result == 0) ? 0 : -EIO; |
549 | sg_finish_rem_req(srp); |
550 | sg_remove_request(sfp, srp); |
551 | retval = count; |
552 | free_old_hdr: |
553 | kfree(objp: old_hdr); |
554 | return retval; |
555 | } |
556 | |
557 | static ssize_t |
558 | sg_new_read(Sg_fd * sfp, char __user *buf, size_t count, Sg_request * srp) |
559 | { |
560 | sg_io_hdr_t *hp = &srp->header; |
561 | int err = 0, err2; |
562 | int len; |
563 | |
564 | if (in_compat_syscall()) { |
565 | if (count < sizeof(struct compat_sg_io_hdr)) { |
566 | err = -EINVAL; |
567 | goto err_out; |
568 | } |
569 | } else if (count < SZ_SG_IO_HDR) { |
570 | err = -EINVAL; |
571 | goto err_out; |
572 | } |
573 | hp->sb_len_wr = 0; |
574 | if ((hp->mx_sb_len > 0) && hp->sbp) { |
575 | if ((CHECK_CONDITION & hp->masked_status) || |
576 | (srp->sense_b[0] & 0x70) == 0x70) { |
577 | int sb_len = SCSI_SENSE_BUFFERSIZE; |
578 | sb_len = (hp->mx_sb_len > sb_len) ? sb_len : hp->mx_sb_len; |
579 | len = 8 + (int) srp->sense_b[7]; /* Additional sense length field */ |
580 | len = (len > sb_len) ? sb_len : len; |
581 | if (copy_to_user(to: hp->sbp, from: srp->sense_b, n: len)) { |
582 | err = -EFAULT; |
583 | goto err_out; |
584 | } |
585 | hp->driver_status = DRIVER_SENSE; |
586 | hp->sb_len_wr = len; |
587 | } |
588 | } |
589 | if (hp->masked_status || hp->host_status || hp->driver_status) |
590 | hp->info |= SG_INFO_CHECK; |
591 | err = put_sg_io_hdr(hdr: hp, argp: buf); |
592 | err_out: |
593 | err2 = sg_finish_rem_req(srp); |
594 | sg_remove_request(sfp, srp); |
595 | return err ? : err2 ? : count; |
596 | } |
597 | |
598 | static ssize_t |
599 | sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos) |
600 | { |
601 | int mxsize, cmd_size, k; |
602 | int input_size, blocking; |
603 | unsigned char opcode; |
604 | Sg_device *sdp; |
605 | Sg_fd *sfp; |
606 | Sg_request *srp; |
607 | struct sg_header old_hdr; |
608 | sg_io_hdr_t *hp; |
609 | unsigned char cmnd[SG_MAX_CDB_SIZE]; |
610 | int retval; |
611 | |
612 | retval = sg_check_file_access(filp, caller: __func__); |
613 | if (retval) |
614 | return retval; |
615 | |
616 | if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp))) |
617 | return -ENXIO; |
618 | SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, |
619 | "sg_write: count=%d\n" , (int) count)); |
620 | if (atomic_read(v: &sdp->detaching)) |
621 | return -ENODEV; |
622 | if (!((filp->f_flags & O_NONBLOCK) || |
623 | scsi_block_when_processing_errors(sdp->device))) |
624 | return -ENXIO; |
625 | |
626 | if (count < SZ_SG_HEADER) |
627 | return -EIO; |
628 | if (copy_from_user(to: &old_hdr, from: buf, SZ_SG_HEADER)) |
629 | return -EFAULT; |
630 | blocking = !(filp->f_flags & O_NONBLOCK); |
631 | if (old_hdr.reply_len < 0) |
632 | return sg_new_write(sfp, file: filp, buf, count, |
633 | blocking, read_only: 0, sg_io_owned: 0, NULL); |
634 | if (count < (SZ_SG_HEADER + 6)) |
635 | return -EIO; /* The minimum scsi command length is 6 bytes. */ |
636 | |
637 | buf += SZ_SG_HEADER; |
638 | if (get_user(opcode, buf)) |
639 | return -EFAULT; |
640 | |
641 | if (!(srp = sg_add_request(sfp))) { |
642 | SCSI_LOG_TIMEOUT(1, sg_printk(KERN_INFO, sdp, |
643 | "sg_write: queue full\n" )); |
644 | return -EDOM; |
645 | } |
646 | mutex_lock(&sfp->f_mutex); |
647 | if (sfp->next_cmd_len > 0) { |
648 | cmd_size = sfp->next_cmd_len; |
649 | sfp->next_cmd_len = 0; /* reset so only this write() effected */ |
650 | } else { |
651 | cmd_size = COMMAND_SIZE(opcode); /* based on SCSI command group */ |
652 | if ((opcode >= 0xc0) && old_hdr.twelve_byte) |
653 | cmd_size = 12; |
654 | } |
655 | mutex_unlock(lock: &sfp->f_mutex); |
656 | SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sdp, |
657 | "sg_write: scsi opcode=0x%02x, cmd_size=%d\n" , (int) opcode, cmd_size)); |
658 | /* Determine buffer size. */ |
659 | input_size = count - cmd_size; |
660 | mxsize = (input_size > old_hdr.reply_len) ? input_size : old_hdr.reply_len; |
661 | mxsize -= SZ_SG_HEADER; |
662 | input_size -= SZ_SG_HEADER; |
663 | if (input_size < 0) { |
664 | sg_remove_request(sfp, srp); |
665 | return -EIO; /* User did not pass enough bytes for this command. */ |
666 | } |
667 | hp = &srp->header; |
668 | hp->interface_id = '\0'; /* indicator of old interface tunnelled */ |
669 | hp->cmd_len = (unsigned char) cmd_size; |
670 | hp->iovec_count = 0; |
671 | hp->mx_sb_len = 0; |
672 | if (input_size > 0) |
673 | hp->dxfer_direction = (old_hdr.reply_len > SZ_SG_HEADER) ? |
674 | SG_DXFER_TO_FROM_DEV : SG_DXFER_TO_DEV; |
675 | else |
676 | hp->dxfer_direction = (mxsize > 0) ? SG_DXFER_FROM_DEV : SG_DXFER_NONE; |
677 | hp->dxfer_len = mxsize; |
678 | if ((hp->dxfer_direction == SG_DXFER_TO_DEV) || |
679 | (hp->dxfer_direction == SG_DXFER_TO_FROM_DEV)) |
680 | hp->dxferp = (char __user *)buf + cmd_size; |
681 | else |
682 | hp->dxferp = NULL; |
683 | hp->sbp = NULL; |
684 | hp->timeout = old_hdr.reply_len; /* structure abuse ... */ |
685 | hp->flags = input_size; /* structure abuse ... */ |
686 | hp->pack_id = old_hdr.pack_id; |
687 | hp->usr_ptr = NULL; |
688 | if (copy_from_user(to: cmnd, from: buf, n: cmd_size)) { |
689 | sg_remove_request(sfp, srp); |
690 | return -EFAULT; |
691 | } |
692 | /* |
693 | * SG_DXFER_TO_FROM_DEV is functionally equivalent to SG_DXFER_FROM_DEV, |
694 | * but is is possible that the app intended SG_DXFER_TO_DEV, because there |
695 | * is a non-zero input_size, so emit a warning. |
696 | */ |
697 | if (hp->dxfer_direction == SG_DXFER_TO_FROM_DEV) { |
698 | printk_ratelimited(KERN_WARNING |
699 | "sg_write: data in/out %d/%d bytes " |
700 | "for SCSI command 0x%x-- guessing " |
701 | "data in;\n program %s not setting " |
702 | "count and/or reply_len properly\n" , |
703 | old_hdr.reply_len - (int)SZ_SG_HEADER, |
704 | input_size, (unsigned int) cmnd[0], |
705 | current->comm); |
706 | } |
707 | k = sg_common_write(sfp, srp, cmnd, timeout: sfp->timeout, blocking); |
708 | return (k < 0) ? k : count; |
709 | } |
710 | |
711 | static ssize_t |
712 | sg_new_write(Sg_fd *sfp, struct file *file, const char __user *buf, |
713 | size_t count, int blocking, int read_only, int sg_io_owned, |
714 | Sg_request **o_srp) |
715 | { |
716 | int k; |
717 | Sg_request *srp; |
718 | sg_io_hdr_t *hp; |
719 | unsigned char cmnd[SG_MAX_CDB_SIZE]; |
720 | int timeout; |
721 | unsigned long ul_timeout; |
722 | |
723 | if (count < SZ_SG_IO_HDR) |
724 | return -EINVAL; |
725 | |
726 | sfp->cmd_q = 1; /* when sg_io_hdr seen, set command queuing on */ |
727 | if (!(srp = sg_add_request(sfp))) { |
728 | SCSI_LOG_TIMEOUT(1, sg_printk(KERN_INFO, sfp->parentdp, |
729 | "sg_new_write: queue full\n" )); |
730 | return -EDOM; |
731 | } |
732 | srp->sg_io_owned = sg_io_owned; |
733 | hp = &srp->header; |
734 | if (get_sg_io_hdr(hdr: hp, argp: buf)) { |
735 | sg_remove_request(sfp, srp); |
736 | return -EFAULT; |
737 | } |
738 | if (hp->interface_id != 'S') { |
739 | sg_remove_request(sfp, srp); |
740 | return -ENOSYS; |
741 | } |
742 | if (hp->flags & SG_FLAG_MMAP_IO) { |
743 | if (hp->dxfer_len > sfp->reserve.bufflen) { |
744 | sg_remove_request(sfp, srp); |
745 | return -ENOMEM; /* MMAP_IO size must fit in reserve buffer */ |
746 | } |
747 | if (hp->flags & SG_FLAG_DIRECT_IO) { |
748 | sg_remove_request(sfp, srp); |
749 | return -EINVAL; /* either MMAP_IO or DIRECT_IO (not both) */ |
750 | } |
751 | if (sfp->res_in_use) { |
752 | sg_remove_request(sfp, srp); |
753 | return -EBUSY; /* reserve buffer already being used */ |
754 | } |
755 | } |
756 | ul_timeout = msecs_to_jiffies(m: srp->header.timeout); |
757 | timeout = (ul_timeout < INT_MAX) ? ul_timeout : INT_MAX; |
758 | if ((!hp->cmdp) || (hp->cmd_len < 6) || (hp->cmd_len > sizeof (cmnd))) { |
759 | sg_remove_request(sfp, srp); |
760 | return -EMSGSIZE; |
761 | } |
762 | if (copy_from_user(to: cmnd, from: hp->cmdp, n: hp->cmd_len)) { |
763 | sg_remove_request(sfp, srp); |
764 | return -EFAULT; |
765 | } |
766 | if (read_only && sg_allow_access(filp: file, cmd: cmnd)) { |
767 | sg_remove_request(sfp, srp); |
768 | return -EPERM; |
769 | } |
770 | k = sg_common_write(sfp, srp, cmnd, timeout, blocking); |
771 | if (k < 0) |
772 | return k; |
773 | if (o_srp) |
774 | *o_srp = srp; |
775 | return count; |
776 | } |
777 | |
778 | static int |
779 | sg_common_write(Sg_fd * sfp, Sg_request * srp, |
780 | unsigned char *cmnd, int timeout, int blocking) |
781 | { |
782 | int k, at_head; |
783 | Sg_device *sdp = sfp->parentdp; |
784 | sg_io_hdr_t *hp = &srp->header; |
785 | |
786 | srp->data.cmd_opcode = cmnd[0]; /* hold opcode of command */ |
787 | hp->status = 0; |
788 | hp->masked_status = 0; |
789 | hp->msg_status = 0; |
790 | hp->info = 0; |
791 | hp->host_status = 0; |
792 | hp->driver_status = 0; |
793 | hp->resid = 0; |
794 | SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp, |
795 | "sg_common_write: scsi opcode=0x%02x, cmd_size=%d\n" , |
796 | (int) cmnd[0], (int) hp->cmd_len)); |
797 | |
798 | if (hp->dxfer_len >= SZ_256M) { |
799 | sg_remove_request(sfp, srp); |
800 | return -EINVAL; |
801 | } |
802 | |
803 | k = sg_start_req(srp, cmd: cmnd); |
804 | if (k) { |
805 | SCSI_LOG_TIMEOUT(1, sg_printk(KERN_INFO, sfp->parentdp, |
806 | "sg_common_write: start_req err=%d\n" , k)); |
807 | sg_finish_rem_req(srp); |
808 | sg_remove_request(sfp, srp); |
809 | return k; /* probably out of space --> ENOMEM */ |
810 | } |
811 | if (atomic_read(v: &sdp->detaching)) { |
812 | if (srp->bio) { |
813 | blk_mq_free_request(rq: srp->rq); |
814 | srp->rq = NULL; |
815 | } |
816 | |
817 | sg_finish_rem_req(srp); |
818 | sg_remove_request(sfp, srp); |
819 | return -ENODEV; |
820 | } |
821 | |
822 | hp->duration = jiffies_to_msecs(j: jiffies); |
823 | if (hp->interface_id != '\0' && /* v3 (or later) interface */ |
824 | (SG_FLAG_Q_AT_TAIL & hp->flags)) |
825 | at_head = 0; |
826 | else |
827 | at_head = 1; |
828 | |
829 | srp->rq->timeout = timeout; |
830 | kref_get(kref: &sfp->f_ref); /* sg_rq_end_io() does kref_put(). */ |
831 | srp->rq->end_io = sg_rq_end_io; |
832 | blk_execute_rq_nowait(rq: srp->rq, at_head); |
833 | return 0; |
834 | } |
835 | |
836 | static int srp_done(Sg_fd *sfp, Sg_request *srp) |
837 | { |
838 | unsigned long flags; |
839 | int ret; |
840 | |
841 | read_lock_irqsave(&sfp->rq_list_lock, flags); |
842 | ret = srp->done; |
843 | read_unlock_irqrestore(&sfp->rq_list_lock, flags); |
844 | return ret; |
845 | } |
846 | |
847 | static int max_sectors_bytes(struct request_queue *q) |
848 | { |
849 | unsigned int max_sectors = queue_max_sectors(q); |
850 | |
851 | max_sectors = min_t(unsigned int, max_sectors, INT_MAX >> 9); |
852 | |
853 | return max_sectors << 9; |
854 | } |
855 | |
856 | static void |
857 | sg_fill_request_table(Sg_fd *sfp, sg_req_info_t *rinfo) |
858 | { |
859 | Sg_request *srp; |
860 | int val; |
861 | unsigned int ms; |
862 | |
863 | val = 0; |
864 | list_for_each_entry(srp, &sfp->rq_list, entry) { |
865 | if (val >= SG_MAX_QUEUE) |
866 | break; |
867 | rinfo[val].req_state = srp->done + 1; |
868 | rinfo[val].problem = |
869 | srp->header.masked_status & |
870 | srp->header.host_status & |
871 | srp->header.driver_status; |
872 | if (srp->done) |
873 | rinfo[val].duration = |
874 | srp->header.duration; |
875 | else { |
876 | ms = jiffies_to_msecs(j: jiffies); |
877 | rinfo[val].duration = |
878 | (ms > srp->header.duration) ? |
879 | (ms - srp->header.duration) : 0; |
880 | } |
881 | rinfo[val].orphan = srp->orphan; |
882 | rinfo[val].sg_io_owned = srp->sg_io_owned; |
883 | rinfo[val].pack_id = srp->header.pack_id; |
884 | rinfo[val].usr_ptr = srp->header.usr_ptr; |
885 | val++; |
886 | } |
887 | } |
888 | |
889 | #ifdef CONFIG_COMPAT |
890 | struct compat_sg_req_info { /* used by SG_GET_REQUEST_TABLE ioctl() */ |
891 | char req_state; |
892 | char orphan; |
893 | char sg_io_owned; |
894 | char problem; |
895 | int pack_id; |
896 | compat_uptr_t usr_ptr; |
897 | unsigned int duration; |
898 | int unused; |
899 | }; |
900 | |
901 | static int put_compat_request_table(struct compat_sg_req_info __user *o, |
902 | struct sg_req_info *rinfo) |
903 | { |
904 | int i; |
905 | for (i = 0; i < SG_MAX_QUEUE; i++) { |
906 | if (copy_to_user(to: o + i, from: rinfo + i, offsetof(sg_req_info_t, usr_ptr)) || |
907 | put_user((uintptr_t)rinfo[i].usr_ptr, &o[i].usr_ptr) || |
908 | put_user(rinfo[i].duration, &o[i].duration) || |
909 | put_user(rinfo[i].unused, &o[i].unused)) |
910 | return -EFAULT; |
911 | } |
912 | return 0; |
913 | } |
914 | #endif |
915 | |
916 | static long |
917 | sg_ioctl_common(struct file *filp, Sg_device *sdp, Sg_fd *sfp, |
918 | unsigned int cmd_in, void __user *p) |
919 | { |
920 | int __user *ip = p; |
921 | int result, val, read_only; |
922 | Sg_request *srp; |
923 | unsigned long iflags; |
924 | |
925 | SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, |
926 | "sg_ioctl: cmd=0x%x\n" , (int) cmd_in)); |
927 | read_only = (O_RDWR != (filp->f_flags & O_ACCMODE)); |
928 | |
929 | switch (cmd_in) { |
930 | case SG_IO: |
931 | if (atomic_read(v: &sdp->detaching)) |
932 | return -ENODEV; |
933 | if (!scsi_block_when_processing_errors(sdp->device)) |
934 | return -ENXIO; |
935 | result = sg_new_write(sfp, file: filp, buf: p, SZ_SG_IO_HDR, |
936 | blocking: 1, read_only, sg_io_owned: 1, o_srp: &srp); |
937 | if (result < 0) |
938 | return result; |
939 | result = wait_event_interruptible(sfp->read_wait, |
940 | srp_done(sfp, srp)); |
941 | write_lock_irq(&sfp->rq_list_lock); |
942 | if (srp->done) { |
943 | srp->done = 2; |
944 | write_unlock_irq(&sfp->rq_list_lock); |
945 | result = sg_new_read(sfp, buf: p, SZ_SG_IO_HDR, srp); |
946 | return (result < 0) ? result : 0; |
947 | } |
948 | srp->orphan = 1; |
949 | write_unlock_irq(&sfp->rq_list_lock); |
950 | return result; /* -ERESTARTSYS because signal hit process */ |
951 | case SG_SET_TIMEOUT: |
952 | result = get_user(val, ip); |
953 | if (result) |
954 | return result; |
955 | if (val < 0) |
956 | return -EIO; |
957 | if (val >= mult_frac((s64)INT_MAX, USER_HZ, HZ)) |
958 | val = min_t(s64, mult_frac((s64)INT_MAX, USER_HZ, HZ), |
959 | INT_MAX); |
960 | sfp->timeout_user = val; |
961 | sfp->timeout = mult_frac(val, HZ, USER_HZ); |
962 | |
963 | return 0; |
964 | case SG_GET_TIMEOUT: /* N.B. User receives timeout as return value */ |
965 | /* strange ..., for backward compatibility */ |
966 | return sfp->timeout_user; |
967 | case SG_SET_FORCE_LOW_DMA: |
968 | /* |
969 | * N.B. This ioctl never worked properly, but failed to |
970 | * return an error value. So returning '0' to keep compability |
971 | * with legacy applications. |
972 | */ |
973 | return 0; |
974 | case SG_GET_LOW_DMA: |
975 | return put_user(0, ip); |
976 | case SG_GET_SCSI_ID: |
977 | { |
978 | sg_scsi_id_t v; |
979 | |
980 | if (atomic_read(v: &sdp->detaching)) |
981 | return -ENODEV; |
982 | memset(&v, 0, sizeof(v)); |
983 | v.host_no = sdp->device->host->host_no; |
984 | v.channel = sdp->device->channel; |
985 | v.scsi_id = sdp->device->id; |
986 | v.lun = sdp->device->lun; |
987 | v.scsi_type = sdp->device->type; |
988 | v.h_cmd_per_lun = sdp->device->host->cmd_per_lun; |
989 | v.d_queue_depth = sdp->device->queue_depth; |
990 | if (copy_to_user(to: p, from: &v, n: sizeof(sg_scsi_id_t))) |
991 | return -EFAULT; |
992 | return 0; |
993 | } |
994 | case SG_SET_FORCE_PACK_ID: |
995 | result = get_user(val, ip); |
996 | if (result) |
997 | return result; |
998 | sfp->force_packid = val ? 1 : 0; |
999 | return 0; |
1000 | case SG_GET_PACK_ID: |
1001 | read_lock_irqsave(&sfp->rq_list_lock, iflags); |
1002 | list_for_each_entry(srp, &sfp->rq_list, entry) { |
1003 | if ((1 == srp->done) && (!srp->sg_io_owned)) { |
1004 | read_unlock_irqrestore(&sfp->rq_list_lock, |
1005 | iflags); |
1006 | return put_user(srp->header.pack_id, ip); |
1007 | } |
1008 | } |
1009 | read_unlock_irqrestore(&sfp->rq_list_lock, iflags); |
1010 | return put_user(-1, ip); |
1011 | case SG_GET_NUM_WAITING: |
1012 | read_lock_irqsave(&sfp->rq_list_lock, iflags); |
1013 | val = 0; |
1014 | list_for_each_entry(srp, &sfp->rq_list, entry) { |
1015 | if ((1 == srp->done) && (!srp->sg_io_owned)) |
1016 | ++val; |
1017 | } |
1018 | read_unlock_irqrestore(&sfp->rq_list_lock, iflags); |
1019 | return put_user(val, ip); |
1020 | case SG_GET_SG_TABLESIZE: |
1021 | return put_user(sdp->sg_tablesize, ip); |
1022 | case SG_SET_RESERVED_SIZE: |
1023 | result = get_user(val, ip); |
1024 | if (result) |
1025 | return result; |
1026 | if (val < 0) |
1027 | return -EINVAL; |
1028 | val = min_t(int, val, |
1029 | max_sectors_bytes(sdp->device->request_queue)); |
1030 | mutex_lock(&sfp->f_mutex); |
1031 | if (val != sfp->reserve.bufflen) { |
1032 | if (sfp->mmap_called || |
1033 | sfp->res_in_use) { |
1034 | mutex_unlock(lock: &sfp->f_mutex); |
1035 | return -EBUSY; |
1036 | } |
1037 | |
1038 | sg_remove_scat(sfp, schp: &sfp->reserve); |
1039 | sg_build_reserve(sfp, req_size: val); |
1040 | } |
1041 | mutex_unlock(lock: &sfp->f_mutex); |
1042 | return 0; |
1043 | case SG_GET_RESERVED_SIZE: |
1044 | val = min_t(int, sfp->reserve.bufflen, |
1045 | max_sectors_bytes(sdp->device->request_queue)); |
1046 | return put_user(val, ip); |
1047 | case SG_SET_COMMAND_Q: |
1048 | result = get_user(val, ip); |
1049 | if (result) |
1050 | return result; |
1051 | sfp->cmd_q = val ? 1 : 0; |
1052 | return 0; |
1053 | case SG_GET_COMMAND_Q: |
1054 | return put_user((int) sfp->cmd_q, ip); |
1055 | case SG_SET_KEEP_ORPHAN: |
1056 | result = get_user(val, ip); |
1057 | if (result) |
1058 | return result; |
1059 | sfp->keep_orphan = val; |
1060 | return 0; |
1061 | case SG_GET_KEEP_ORPHAN: |
1062 | return put_user((int) sfp->keep_orphan, ip); |
1063 | case SG_NEXT_CMD_LEN: |
1064 | result = get_user(val, ip); |
1065 | if (result) |
1066 | return result; |
1067 | if (val > SG_MAX_CDB_SIZE) |
1068 | return -ENOMEM; |
1069 | sfp->next_cmd_len = (val > 0) ? val : 0; |
1070 | return 0; |
1071 | case SG_GET_VERSION_NUM: |
1072 | return put_user(sg_version_num, ip); |
1073 | case SG_GET_ACCESS_COUNT: |
1074 | /* faked - we don't have a real access count anymore */ |
1075 | val = (sdp->device ? 1 : 0); |
1076 | return put_user(val, ip); |
1077 | case SG_GET_REQUEST_TABLE: |
1078 | { |
1079 | sg_req_info_t *rinfo; |
1080 | |
1081 | rinfo = kcalloc(SG_MAX_QUEUE, SZ_SG_REQ_INFO, |
1082 | GFP_KERNEL); |
1083 | if (!rinfo) |
1084 | return -ENOMEM; |
1085 | read_lock_irqsave(&sfp->rq_list_lock, iflags); |
1086 | sg_fill_request_table(sfp, rinfo); |
1087 | read_unlock_irqrestore(&sfp->rq_list_lock, iflags); |
1088 | #ifdef CONFIG_COMPAT |
1089 | if (in_compat_syscall()) |
1090 | result = put_compat_request_table(o: p, rinfo); |
1091 | else |
1092 | #endif |
1093 | result = copy_to_user(to: p, from: rinfo, |
1094 | SZ_SG_REQ_INFO * SG_MAX_QUEUE); |
1095 | result = result ? -EFAULT : 0; |
1096 | kfree(objp: rinfo); |
1097 | return result; |
1098 | } |
1099 | case SG_EMULATED_HOST: |
1100 | if (atomic_read(v: &sdp->detaching)) |
1101 | return -ENODEV; |
1102 | return put_user(sdp->device->host->hostt->emulated, ip); |
1103 | case SCSI_IOCTL_SEND_COMMAND: |
1104 | if (atomic_read(v: &sdp->detaching)) |
1105 | return -ENODEV; |
1106 | return scsi_ioctl(sdev: sdp->device, open_for_write: filp->f_mode & FMODE_WRITE, |
1107 | cmd: cmd_in, arg: p); |
1108 | case SG_SET_DEBUG: |
1109 | result = get_user(val, ip); |
1110 | if (result) |
1111 | return result; |
1112 | sdp->sgdebug = (char) val; |
1113 | return 0; |
1114 | case BLKSECTGET: |
1115 | return put_user(max_sectors_bytes(sdp->device->request_queue), |
1116 | ip); |
1117 | case BLKTRACESETUP: |
1118 | return blk_trace_setup(q: sdp->device->request_queue, name: sdp->name, |
1119 | MKDEV(SCSI_GENERIC_MAJOR, sdp->index), |
1120 | NULL, arg: p); |
1121 | case BLKTRACESTART: |
1122 | return blk_trace_startstop(q: sdp->device->request_queue, start: 1); |
1123 | case BLKTRACESTOP: |
1124 | return blk_trace_startstop(q: sdp->device->request_queue, start: 0); |
1125 | case BLKTRACETEARDOWN: |
1126 | return blk_trace_remove(q: sdp->device->request_queue); |
1127 | case SCSI_IOCTL_GET_IDLUN: |
1128 | case SCSI_IOCTL_GET_BUS_NUMBER: |
1129 | case SCSI_IOCTL_PROBE_HOST: |
1130 | case SG_GET_TRANSFORM: |
1131 | case SG_SCSI_RESET: |
1132 | if (atomic_read(v: &sdp->detaching)) |
1133 | return -ENODEV; |
1134 | break; |
1135 | default: |
1136 | if (read_only) |
1137 | return -EPERM; /* don't know so take safe approach */ |
1138 | break; |
1139 | } |
1140 | |
1141 | result = scsi_ioctl_block_when_processing_errors(sdev: sdp->device, |
1142 | cmd: cmd_in, ndelay: filp->f_flags & O_NDELAY); |
1143 | if (result) |
1144 | return result; |
1145 | |
1146 | return -ENOIOCTLCMD; |
1147 | } |
1148 | |
1149 | static long |
1150 | sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) |
1151 | { |
1152 | void __user *p = (void __user *)arg; |
1153 | Sg_device *sdp; |
1154 | Sg_fd *sfp; |
1155 | int ret; |
1156 | |
1157 | if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp))) |
1158 | return -ENXIO; |
1159 | |
1160 | ret = sg_ioctl_common(filp, sdp, sfp, cmd_in, p); |
1161 | if (ret != -ENOIOCTLCMD) |
1162 | return ret; |
1163 | return scsi_ioctl(sdev: sdp->device, open_for_write: filp->f_mode & FMODE_WRITE, cmd: cmd_in, arg: p); |
1164 | } |
1165 | |
1166 | static __poll_t |
1167 | sg_poll(struct file *filp, poll_table * wait) |
1168 | { |
1169 | __poll_t res = 0; |
1170 | Sg_device *sdp; |
1171 | Sg_fd *sfp; |
1172 | Sg_request *srp; |
1173 | int count = 0; |
1174 | unsigned long iflags; |
1175 | |
1176 | sfp = filp->private_data; |
1177 | if (!sfp) |
1178 | return EPOLLERR; |
1179 | sdp = sfp->parentdp; |
1180 | if (!sdp) |
1181 | return EPOLLERR; |
1182 | poll_wait(filp, wait_address: &sfp->read_wait, p: wait); |
1183 | read_lock_irqsave(&sfp->rq_list_lock, iflags); |
1184 | list_for_each_entry(srp, &sfp->rq_list, entry) { |
1185 | /* if any read waiting, flag it */ |
1186 | if ((0 == res) && (1 == srp->done) && (!srp->sg_io_owned)) |
1187 | res = EPOLLIN | EPOLLRDNORM; |
1188 | ++count; |
1189 | } |
1190 | read_unlock_irqrestore(&sfp->rq_list_lock, iflags); |
1191 | |
1192 | if (atomic_read(v: &sdp->detaching)) |
1193 | res |= EPOLLHUP; |
1194 | else if (!sfp->cmd_q) { |
1195 | if (0 == count) |
1196 | res |= EPOLLOUT | EPOLLWRNORM; |
1197 | } else if (count < SG_MAX_QUEUE) |
1198 | res |= EPOLLOUT | EPOLLWRNORM; |
1199 | SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, |
1200 | "sg_poll: res=0x%x\n" , (__force u32) res)); |
1201 | return res; |
1202 | } |
1203 | |
1204 | static int |
1205 | sg_fasync(int fd, struct file *filp, int mode) |
1206 | { |
1207 | Sg_device *sdp; |
1208 | Sg_fd *sfp; |
1209 | |
1210 | if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp))) |
1211 | return -ENXIO; |
1212 | SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, |
1213 | "sg_fasync: mode=%d\n" , mode)); |
1214 | |
1215 | return fasync_helper(fd, filp, mode, &sfp->async_qp); |
1216 | } |
1217 | |
1218 | static vm_fault_t |
1219 | sg_vma_fault(struct vm_fault *vmf) |
1220 | { |
1221 | struct vm_area_struct *vma = vmf->vma; |
1222 | Sg_fd *sfp; |
1223 | unsigned long offset, len, sa; |
1224 | Sg_scatter_hold *rsv_schp; |
1225 | int k, length; |
1226 | |
1227 | if ((NULL == vma) || (!(sfp = (Sg_fd *) vma->vm_private_data))) |
1228 | return VM_FAULT_SIGBUS; |
1229 | rsv_schp = &sfp->reserve; |
1230 | offset = vmf->pgoff << PAGE_SHIFT; |
1231 | if (offset >= rsv_schp->bufflen) |
1232 | return VM_FAULT_SIGBUS; |
1233 | SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sfp->parentdp, |
1234 | "sg_vma_fault: offset=%lu, scatg=%d\n" , |
1235 | offset, rsv_schp->k_use_sg)); |
1236 | sa = vma->vm_start; |
1237 | length = 1 << (PAGE_SHIFT + rsv_schp->page_order); |
1238 | for (k = 0; k < rsv_schp->k_use_sg && sa < vma->vm_end; k++) { |
1239 | len = vma->vm_end - sa; |
1240 | len = (len < length) ? len : length; |
1241 | if (offset < len) { |
1242 | struct page *page = nth_page(rsv_schp->pages[k], |
1243 | offset >> PAGE_SHIFT); |
1244 | get_page(page); /* increment page count */ |
1245 | vmf->page = page; |
1246 | return 0; /* success */ |
1247 | } |
1248 | sa += len; |
1249 | offset -= len; |
1250 | } |
1251 | |
1252 | return VM_FAULT_SIGBUS; |
1253 | } |
1254 | |
1255 | static const struct vm_operations_struct sg_mmap_vm_ops = { |
1256 | .fault = sg_vma_fault, |
1257 | }; |
1258 | |
1259 | static int |
1260 | sg_mmap(struct file *filp, struct vm_area_struct *vma) |
1261 | { |
1262 | Sg_fd *sfp; |
1263 | unsigned long req_sz, len, sa; |
1264 | Sg_scatter_hold *rsv_schp; |
1265 | int k, length; |
1266 | int ret = 0; |
1267 | |
1268 | if ((!filp) || (!vma) || (!(sfp = (Sg_fd *) filp->private_data))) |
1269 | return -ENXIO; |
1270 | req_sz = vma->vm_end - vma->vm_start; |
1271 | SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sfp->parentdp, |
1272 | "sg_mmap starting, vm_start=%p, len=%d\n" , |
1273 | (void *) vma->vm_start, (int) req_sz)); |
1274 | if (vma->vm_pgoff) |
1275 | return -EINVAL; /* want no offset */ |
1276 | rsv_schp = &sfp->reserve; |
1277 | mutex_lock(&sfp->f_mutex); |
1278 | if (req_sz > rsv_schp->bufflen) { |
1279 | ret = -ENOMEM; /* cannot map more than reserved buffer */ |
1280 | goto out; |
1281 | } |
1282 | |
1283 | sa = vma->vm_start; |
1284 | length = 1 << (PAGE_SHIFT + rsv_schp->page_order); |
1285 | for (k = 0; k < rsv_schp->k_use_sg && sa < vma->vm_end; k++) { |
1286 | len = vma->vm_end - sa; |
1287 | len = (len < length) ? len : length; |
1288 | sa += len; |
1289 | } |
1290 | |
1291 | sfp->mmap_called = 1; |
1292 | vm_flags_set(vma, VM_IO | VM_DONTEXPAND | VM_DONTDUMP); |
1293 | vma->vm_private_data = sfp; |
1294 | vma->vm_ops = &sg_mmap_vm_ops; |
1295 | out: |
1296 | mutex_unlock(lock: &sfp->f_mutex); |
1297 | return ret; |
1298 | } |
1299 | |
1300 | static void |
1301 | sg_rq_end_io_usercontext(struct work_struct *work) |
1302 | { |
1303 | struct sg_request *srp = container_of(work, struct sg_request, ew.work); |
1304 | struct sg_fd *sfp = srp->parentfp; |
1305 | |
1306 | sg_finish_rem_req(srp); |
1307 | sg_remove_request(sfp, srp); |
1308 | kref_put(kref: &sfp->f_ref, release: sg_remove_sfp); |
1309 | } |
1310 | |
1311 | /* |
1312 | * This function is a "bottom half" handler that is called by the mid |
1313 | * level when a command is completed (or has failed). |
1314 | */ |
1315 | static enum rq_end_io_ret |
1316 | sg_rq_end_io(struct request *rq, blk_status_t status) |
1317 | { |
1318 | struct scsi_cmnd *scmd = blk_mq_rq_to_pdu(rq); |
1319 | struct sg_request *srp = rq->end_io_data; |
1320 | Sg_device *sdp; |
1321 | Sg_fd *sfp; |
1322 | unsigned long iflags; |
1323 | unsigned int ms; |
1324 | char *sense; |
1325 | int result, resid, done = 1; |
1326 | |
1327 | if (WARN_ON(srp->done != 0)) |
1328 | return RQ_END_IO_NONE; |
1329 | |
1330 | sfp = srp->parentfp; |
1331 | if (WARN_ON(sfp == NULL)) |
1332 | return RQ_END_IO_NONE; |
1333 | |
1334 | sdp = sfp->parentdp; |
1335 | if (unlikely(atomic_read(&sdp->detaching))) |
1336 | pr_info("%s: device detaching\n" , __func__); |
1337 | |
1338 | sense = scmd->sense_buffer; |
1339 | result = scmd->result; |
1340 | resid = scmd->resid_len; |
1341 | |
1342 | SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sdp, |
1343 | "sg_cmd_done: pack_id=%d, res=0x%x\n" , |
1344 | srp->header.pack_id, result)); |
1345 | srp->header.resid = resid; |
1346 | ms = jiffies_to_msecs(j: jiffies); |
1347 | srp->header.duration = (ms > srp->header.duration) ? |
1348 | (ms - srp->header.duration) : 0; |
1349 | if (0 != result) { |
1350 | struct scsi_sense_hdr sshdr; |
1351 | |
1352 | srp->header.status = 0xff & result; |
1353 | srp->header.masked_status = sg_status_byte(result); |
1354 | srp->header.msg_status = COMMAND_COMPLETE; |
1355 | srp->header.host_status = host_byte(result); |
1356 | srp->header.driver_status = driver_byte(result); |
1357 | if ((sdp->sgdebug > 0) && |
1358 | ((CHECK_CONDITION == srp->header.masked_status) || |
1359 | (COMMAND_TERMINATED == srp->header.masked_status))) |
1360 | __scsi_print_sense(sdp->device, name: __func__, sense_buffer: sense, |
1361 | SCSI_SENSE_BUFFERSIZE); |
1362 | |
1363 | /* Following if statement is a patch supplied by Eric Youngdale */ |
1364 | if (driver_byte(result) != 0 |
1365 | && scsi_normalize_sense(sense_buffer: sense, SCSI_SENSE_BUFFERSIZE, sshdr: &sshdr) |
1366 | && !scsi_sense_is_deferred(sshdr: &sshdr) |
1367 | && sshdr.sense_key == UNIT_ATTENTION |
1368 | && sdp->device->removable) { |
1369 | /* Detected possible disc change. Set the bit - this */ |
1370 | /* may be used if there are filesystems using this device */ |
1371 | sdp->device->changed = 1; |
1372 | } |
1373 | } |
1374 | |
1375 | if (scmd->sense_len) |
1376 | memcpy(srp->sense_b, scmd->sense_buffer, SCSI_SENSE_BUFFERSIZE); |
1377 | |
1378 | /* Rely on write phase to clean out srp status values, so no "else" */ |
1379 | |
1380 | /* |
1381 | * Free the request as soon as it is complete so that its resources |
1382 | * can be reused without waiting for userspace to read() the |
1383 | * result. But keep the associated bio (if any) around until |
1384 | * blk_rq_unmap_user() can be called from user context. |
1385 | */ |
1386 | srp->rq = NULL; |
1387 | blk_mq_free_request(rq); |
1388 | |
1389 | write_lock_irqsave(&sfp->rq_list_lock, iflags); |
1390 | if (unlikely(srp->orphan)) { |
1391 | if (sfp->keep_orphan) |
1392 | srp->sg_io_owned = 0; |
1393 | else |
1394 | done = 0; |
1395 | } |
1396 | srp->done = done; |
1397 | write_unlock_irqrestore(&sfp->rq_list_lock, iflags); |
1398 | |
1399 | if (likely(done)) { |
1400 | /* Now wake up any sg_read() that is waiting for this |
1401 | * packet. |
1402 | */ |
1403 | wake_up_interruptible(&sfp->read_wait); |
1404 | kill_fasync(&sfp->async_qp, SIGPOLL, POLL_IN); |
1405 | kref_put(kref: &sfp->f_ref, release: sg_remove_sfp); |
1406 | } else { |
1407 | INIT_WORK(&srp->ew.work, sg_rq_end_io_usercontext); |
1408 | schedule_work(work: &srp->ew.work); |
1409 | } |
1410 | return RQ_END_IO_NONE; |
1411 | } |
1412 | |
1413 | static const struct file_operations sg_fops = { |
1414 | .owner = THIS_MODULE, |
1415 | .read = sg_read, |
1416 | .write = sg_write, |
1417 | .poll = sg_poll, |
1418 | .unlocked_ioctl = sg_ioctl, |
1419 | .compat_ioctl = compat_ptr_ioctl, |
1420 | .open = sg_open, |
1421 | .mmap = sg_mmap, |
1422 | .release = sg_release, |
1423 | .fasync = sg_fasync, |
1424 | .llseek = no_llseek, |
1425 | }; |
1426 | |
1427 | static struct class *sg_sysfs_class; |
1428 | |
1429 | static int sg_sysfs_valid = 0; |
1430 | |
1431 | static Sg_device * |
1432 | sg_alloc(struct scsi_device *scsidp) |
1433 | { |
1434 | struct request_queue *q = scsidp->request_queue; |
1435 | Sg_device *sdp; |
1436 | unsigned long iflags; |
1437 | int error; |
1438 | u32 k; |
1439 | |
1440 | sdp = kzalloc(size: sizeof(Sg_device), GFP_KERNEL); |
1441 | if (!sdp) { |
1442 | sdev_printk(KERN_WARNING, scsidp, "%s: kmalloc Sg_device " |
1443 | "failure\n" , __func__); |
1444 | return ERR_PTR(error: -ENOMEM); |
1445 | } |
1446 | |
1447 | idr_preload(GFP_KERNEL); |
1448 | write_lock_irqsave(&sg_index_lock, iflags); |
1449 | |
1450 | error = idr_alloc(&sg_index_idr, ptr: sdp, start: 0, SG_MAX_DEVS, GFP_NOWAIT); |
1451 | if (error < 0) { |
1452 | if (error == -ENOSPC) { |
1453 | sdev_printk(KERN_WARNING, scsidp, |
1454 | "Unable to attach sg device type=%d, minor number exceeds %d\n" , |
1455 | scsidp->type, SG_MAX_DEVS - 1); |
1456 | error = -ENODEV; |
1457 | } else { |
1458 | sdev_printk(KERN_WARNING, scsidp, "%s: idr " |
1459 | "allocation Sg_device failure: %d\n" , |
1460 | __func__, error); |
1461 | } |
1462 | goto out_unlock; |
1463 | } |
1464 | k = error; |
1465 | |
1466 | SCSI_LOG_TIMEOUT(3, sdev_printk(KERN_INFO, scsidp, |
1467 | "sg_alloc: dev=%d \n" , k)); |
1468 | sprintf(buf: sdp->name, fmt: "sg%d" , k); |
1469 | sdp->device = scsidp; |
1470 | mutex_init(&sdp->open_rel_lock); |
1471 | INIT_LIST_HEAD(list: &sdp->sfds); |
1472 | init_waitqueue_head(&sdp->open_wait); |
1473 | atomic_set(v: &sdp->detaching, i: 0); |
1474 | rwlock_init(&sdp->sfd_lock); |
1475 | sdp->sg_tablesize = queue_max_segments(q); |
1476 | sdp->index = k; |
1477 | kref_init(kref: &sdp->d_ref); |
1478 | error = 0; |
1479 | |
1480 | out_unlock: |
1481 | write_unlock_irqrestore(&sg_index_lock, iflags); |
1482 | idr_preload_end(); |
1483 | |
1484 | if (error) { |
1485 | kfree(objp: sdp); |
1486 | return ERR_PTR(error); |
1487 | } |
1488 | return sdp; |
1489 | } |
1490 | |
1491 | static int |
1492 | sg_add_device(struct device *cl_dev) |
1493 | { |
1494 | struct scsi_device *scsidp = to_scsi_device(cl_dev->parent); |
1495 | Sg_device *sdp = NULL; |
1496 | struct cdev * cdev = NULL; |
1497 | int error; |
1498 | unsigned long iflags; |
1499 | |
1500 | if (!blk_get_queue(scsidp->request_queue)) { |
1501 | pr_warn("%s: get scsi_device queue failed\n" , __func__); |
1502 | return -ENODEV; |
1503 | } |
1504 | |
1505 | error = -ENOMEM; |
1506 | cdev = cdev_alloc(); |
1507 | if (!cdev) { |
1508 | pr_warn("%s: cdev_alloc failed\n" , __func__); |
1509 | goto out; |
1510 | } |
1511 | cdev->owner = THIS_MODULE; |
1512 | cdev->ops = &sg_fops; |
1513 | |
1514 | sdp = sg_alloc(scsidp); |
1515 | if (IS_ERR(ptr: sdp)) { |
1516 | pr_warn("%s: sg_alloc failed\n" , __func__); |
1517 | error = PTR_ERR(ptr: sdp); |
1518 | goto out; |
1519 | } |
1520 | |
1521 | error = cdev_add(cdev, MKDEV(SCSI_GENERIC_MAJOR, sdp->index), 1); |
1522 | if (error) |
1523 | goto cdev_add_err; |
1524 | |
1525 | sdp->cdev = cdev; |
1526 | if (sg_sysfs_valid) { |
1527 | struct device *sg_class_member; |
1528 | |
1529 | sg_class_member = device_create(cls: sg_sysfs_class, parent: cl_dev->parent, |
1530 | MKDEV(SCSI_GENERIC_MAJOR, |
1531 | sdp->index), |
1532 | drvdata: sdp, fmt: "%s" , sdp->name); |
1533 | if (IS_ERR(ptr: sg_class_member)) { |
1534 | pr_err("%s: device_create failed\n" , __func__); |
1535 | error = PTR_ERR(ptr: sg_class_member); |
1536 | goto cdev_add_err; |
1537 | } |
1538 | error = sysfs_create_link(kobj: &scsidp->sdev_gendev.kobj, |
1539 | target: &sg_class_member->kobj, name: "generic" ); |
1540 | if (error) |
1541 | pr_err("%s: unable to make symlink 'generic' back " |
1542 | "to sg%d\n" , __func__, sdp->index); |
1543 | } else |
1544 | pr_warn("%s: sg_sys Invalid\n" , __func__); |
1545 | |
1546 | sdev_printk(KERN_NOTICE, scsidp, "Attached scsi generic sg%d " |
1547 | "type %d\n" , sdp->index, scsidp->type); |
1548 | |
1549 | dev_set_drvdata(dev: cl_dev, data: sdp); |
1550 | |
1551 | return 0; |
1552 | |
1553 | cdev_add_err: |
1554 | write_lock_irqsave(&sg_index_lock, iflags); |
1555 | idr_remove(&sg_index_idr, id: sdp->index); |
1556 | write_unlock_irqrestore(&sg_index_lock, iflags); |
1557 | kfree(objp: sdp); |
1558 | |
1559 | out: |
1560 | if (cdev) |
1561 | cdev_del(cdev); |
1562 | blk_put_queue(scsidp->request_queue); |
1563 | return error; |
1564 | } |
1565 | |
1566 | static void |
1567 | sg_device_destroy(struct kref *kref) |
1568 | { |
1569 | struct sg_device *sdp = container_of(kref, struct sg_device, d_ref); |
1570 | struct request_queue *q = sdp->device->request_queue; |
1571 | unsigned long flags; |
1572 | |
1573 | /* CAUTION! Note that the device can still be found via idr_find() |
1574 | * even though the refcount is 0. Therefore, do idr_remove() BEFORE |
1575 | * any other cleanup. |
1576 | */ |
1577 | |
1578 | blk_trace_remove(q); |
1579 | blk_put_queue(q); |
1580 | |
1581 | write_lock_irqsave(&sg_index_lock, flags); |
1582 | idr_remove(&sg_index_idr, id: sdp->index); |
1583 | write_unlock_irqrestore(&sg_index_lock, flags); |
1584 | |
1585 | SCSI_LOG_TIMEOUT(3, |
1586 | sg_printk(KERN_INFO, sdp, "sg_device_destroy\n" )); |
1587 | |
1588 | kfree(objp: sdp); |
1589 | } |
1590 | |
1591 | static void |
1592 | sg_remove_device(struct device *cl_dev) |
1593 | { |
1594 | struct scsi_device *scsidp = to_scsi_device(cl_dev->parent); |
1595 | Sg_device *sdp = dev_get_drvdata(dev: cl_dev); |
1596 | unsigned long iflags; |
1597 | Sg_fd *sfp; |
1598 | int val; |
1599 | |
1600 | if (!sdp) |
1601 | return; |
1602 | /* want sdp->detaching non-zero as soon as possible */ |
1603 | val = atomic_inc_return(v: &sdp->detaching); |
1604 | if (val > 1) |
1605 | return; /* only want to do following once per device */ |
1606 | |
1607 | SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, |
1608 | "%s\n" , __func__)); |
1609 | |
1610 | read_lock_irqsave(&sdp->sfd_lock, iflags); |
1611 | list_for_each_entry(sfp, &sdp->sfds, sfd_siblings) { |
1612 | wake_up_interruptible_all(&sfp->read_wait); |
1613 | kill_fasync(&sfp->async_qp, SIGPOLL, POLL_HUP); |
1614 | } |
1615 | wake_up_interruptible_all(&sdp->open_wait); |
1616 | read_unlock_irqrestore(&sdp->sfd_lock, iflags); |
1617 | |
1618 | sysfs_remove_link(kobj: &scsidp->sdev_gendev.kobj, name: "generic" ); |
1619 | device_destroy(cls: sg_sysfs_class, MKDEV(SCSI_GENERIC_MAJOR, sdp->index)); |
1620 | cdev_del(sdp->cdev); |
1621 | sdp->cdev = NULL; |
1622 | |
1623 | kref_put(kref: &sdp->d_ref, release: sg_device_destroy); |
1624 | } |
1625 | |
1626 | module_param_named(scatter_elem_sz, scatter_elem_sz, int, S_IRUGO | S_IWUSR); |
1627 | module_param_named(def_reserved_size, def_reserved_size, int, |
1628 | S_IRUGO | S_IWUSR); |
1629 | module_param_named(allow_dio, sg_allow_dio, int, S_IRUGO | S_IWUSR); |
1630 | |
1631 | MODULE_AUTHOR("Douglas Gilbert" ); |
1632 | MODULE_DESCRIPTION("SCSI generic (sg) driver" ); |
1633 | MODULE_LICENSE("GPL" ); |
1634 | MODULE_VERSION(SG_VERSION_STR); |
1635 | MODULE_ALIAS_CHARDEV_MAJOR(SCSI_GENERIC_MAJOR); |
1636 | |
1637 | MODULE_PARM_DESC(scatter_elem_sz, "scatter gather element " |
1638 | "size (default: max(SG_SCATTER_SZ, PAGE_SIZE))" ); |
1639 | MODULE_PARM_DESC(def_reserved_size, "size of buffer reserved for each fd" ); |
1640 | MODULE_PARM_DESC(allow_dio, "allow direct I/O (default: 0 (disallow))" ); |
1641 | |
1642 | #ifdef CONFIG_SYSCTL |
1643 | #include <linux/sysctl.h> |
1644 | |
1645 | static struct ctl_table sg_sysctls[] = { |
1646 | { |
1647 | .procname = "sg-big-buff" , |
1648 | .data = &sg_big_buff, |
1649 | .maxlen = sizeof(int), |
1650 | .mode = 0444, |
1651 | .proc_handler = proc_dointvec, |
1652 | }, |
1653 | }; |
1654 | |
1655 | static struct ctl_table_header *hdr; |
1656 | static void register_sg_sysctls(void) |
1657 | { |
1658 | if (!hdr) |
1659 | hdr = register_sysctl("kernel" , sg_sysctls); |
1660 | } |
1661 | |
1662 | static void unregister_sg_sysctls(void) |
1663 | { |
1664 | if (hdr) |
1665 | unregister_sysctl_table(table: hdr); |
1666 | } |
1667 | #else |
1668 | #define register_sg_sysctls() do { } while (0) |
1669 | #define unregister_sg_sysctls() do { } while (0) |
1670 | #endif /* CONFIG_SYSCTL */ |
1671 | |
1672 | static int __init |
1673 | init_sg(void) |
1674 | { |
1675 | int rc; |
1676 | |
1677 | if (scatter_elem_sz < PAGE_SIZE) { |
1678 | scatter_elem_sz = PAGE_SIZE; |
1679 | scatter_elem_sz_prev = scatter_elem_sz; |
1680 | } |
1681 | if (def_reserved_size >= 0) |
1682 | sg_big_buff = def_reserved_size; |
1683 | else |
1684 | def_reserved_size = sg_big_buff; |
1685 | |
1686 | rc = register_chrdev_region(MKDEV(SCSI_GENERIC_MAJOR, 0), |
1687 | SG_MAX_DEVS, "sg" ); |
1688 | if (rc) |
1689 | return rc; |
1690 | sg_sysfs_class = class_create(name: "scsi_generic" ); |
1691 | if ( IS_ERR(ptr: sg_sysfs_class) ) { |
1692 | rc = PTR_ERR(ptr: sg_sysfs_class); |
1693 | goto err_out; |
1694 | } |
1695 | sg_sysfs_valid = 1; |
1696 | rc = scsi_register_interface(&sg_interface); |
1697 | if (0 == rc) { |
1698 | #ifdef CONFIG_SCSI_PROC_FS |
1699 | sg_proc_init(); |
1700 | #endif /* CONFIG_SCSI_PROC_FS */ |
1701 | return 0; |
1702 | } |
1703 | class_destroy(cls: sg_sysfs_class); |
1704 | register_sg_sysctls(); |
1705 | err_out: |
1706 | unregister_chrdev_region(MKDEV(SCSI_GENERIC_MAJOR, 0), SG_MAX_DEVS); |
1707 | return rc; |
1708 | } |
1709 | |
1710 | static void __exit |
1711 | exit_sg(void) |
1712 | { |
1713 | unregister_sg_sysctls(); |
1714 | #ifdef CONFIG_SCSI_PROC_FS |
1715 | remove_proc_subtree("scsi/sg" , NULL); |
1716 | #endif /* CONFIG_SCSI_PROC_FS */ |
1717 | scsi_unregister_interface(&sg_interface); |
1718 | class_destroy(cls: sg_sysfs_class); |
1719 | sg_sysfs_valid = 0; |
1720 | unregister_chrdev_region(MKDEV(SCSI_GENERIC_MAJOR, 0), |
1721 | SG_MAX_DEVS); |
1722 | idr_destroy(&sg_index_idr); |
1723 | } |
1724 | |
1725 | static int |
1726 | sg_start_req(Sg_request *srp, unsigned char *cmd) |
1727 | { |
1728 | int res; |
1729 | struct request *rq; |
1730 | Sg_fd *sfp = srp->parentfp; |
1731 | sg_io_hdr_t *hp = &srp->header; |
1732 | int dxfer_len = (int) hp->dxfer_len; |
1733 | int dxfer_dir = hp->dxfer_direction; |
1734 | unsigned int iov_count = hp->iovec_count; |
1735 | Sg_scatter_hold *req_schp = &srp->data; |
1736 | Sg_scatter_hold *rsv_schp = &sfp->reserve; |
1737 | struct request_queue *q = sfp->parentdp->device->request_queue; |
1738 | struct rq_map_data *md, map_data; |
1739 | int rw = hp->dxfer_direction == SG_DXFER_TO_DEV ? ITER_SOURCE : ITER_DEST; |
1740 | struct scsi_cmnd *scmd; |
1741 | |
1742 | SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp, |
1743 | "sg_start_req: dxfer_len=%d\n" , |
1744 | dxfer_len)); |
1745 | |
1746 | /* |
1747 | * NOTE |
1748 | * |
1749 | * With scsi-mq enabled, there are a fixed number of preallocated |
1750 | * requests equal in number to shost->can_queue. If all of the |
1751 | * preallocated requests are already in use, then scsi_alloc_request() |
1752 | * will sleep until an active command completes, freeing up a request. |
1753 | * Although waiting in an asynchronous interface is less than ideal, we |
1754 | * do not want to use BLK_MQ_REQ_NOWAIT here because userspace might |
1755 | * not expect an EWOULDBLOCK from this condition. |
1756 | */ |
1757 | rq = scsi_alloc_request(q, opf: hp->dxfer_direction == SG_DXFER_TO_DEV ? |
1758 | REQ_OP_DRV_OUT : REQ_OP_DRV_IN, flags: 0); |
1759 | if (IS_ERR(ptr: rq)) |
1760 | return PTR_ERR(ptr: rq); |
1761 | scmd = blk_mq_rq_to_pdu(rq); |
1762 | |
1763 | if (hp->cmd_len > sizeof(scmd->cmnd)) { |
1764 | blk_mq_free_request(rq); |
1765 | return -EINVAL; |
1766 | } |
1767 | |
1768 | memcpy(scmd->cmnd, cmd, hp->cmd_len); |
1769 | scmd->cmd_len = hp->cmd_len; |
1770 | |
1771 | srp->rq = rq; |
1772 | rq->end_io_data = srp; |
1773 | scmd->allowed = SG_DEFAULT_RETRIES; |
1774 | |
1775 | if ((dxfer_len <= 0) || (dxfer_dir == SG_DXFER_NONE)) |
1776 | return 0; |
1777 | |
1778 | if (sg_allow_dio && hp->flags & SG_FLAG_DIRECT_IO && |
1779 | dxfer_dir != SG_DXFER_UNKNOWN && !iov_count && |
1780 | blk_rq_aligned(q, addr: (unsigned long)hp->dxferp, len: dxfer_len)) |
1781 | md = NULL; |
1782 | else |
1783 | md = &map_data; |
1784 | |
1785 | if (md) { |
1786 | mutex_lock(&sfp->f_mutex); |
1787 | if (dxfer_len <= rsv_schp->bufflen && |
1788 | !sfp->res_in_use) { |
1789 | sfp->res_in_use = 1; |
1790 | sg_link_reserve(sfp, srp, size: dxfer_len); |
1791 | } else if (hp->flags & SG_FLAG_MMAP_IO) { |
1792 | res = -EBUSY; /* sfp->res_in_use == 1 */ |
1793 | if (dxfer_len > rsv_schp->bufflen) |
1794 | res = -ENOMEM; |
1795 | mutex_unlock(lock: &sfp->f_mutex); |
1796 | return res; |
1797 | } else { |
1798 | res = sg_build_indirect(schp: req_schp, sfp, buff_size: dxfer_len); |
1799 | if (res) { |
1800 | mutex_unlock(lock: &sfp->f_mutex); |
1801 | return res; |
1802 | } |
1803 | } |
1804 | mutex_unlock(lock: &sfp->f_mutex); |
1805 | |
1806 | md->pages = req_schp->pages; |
1807 | md->page_order = req_schp->page_order; |
1808 | md->nr_entries = req_schp->k_use_sg; |
1809 | md->offset = 0; |
1810 | md->null_mapped = hp->dxferp ? 0 : 1; |
1811 | if (dxfer_dir == SG_DXFER_TO_FROM_DEV) |
1812 | md->from_user = 1; |
1813 | else |
1814 | md->from_user = 0; |
1815 | } |
1816 | |
1817 | res = blk_rq_map_user_io(rq, md, hp->dxferp, hp->dxfer_len, |
1818 | GFP_ATOMIC, iov_count, iov_count, 1, rw); |
1819 | if (!res) { |
1820 | srp->bio = rq->bio; |
1821 | |
1822 | if (!md) { |
1823 | req_schp->dio_in_use = 1; |
1824 | hp->info |= SG_INFO_DIRECT_IO; |
1825 | } |
1826 | } |
1827 | return res; |
1828 | } |
1829 | |
1830 | static int |
1831 | sg_finish_rem_req(Sg_request *srp) |
1832 | { |
1833 | int ret = 0; |
1834 | |
1835 | Sg_fd *sfp = srp->parentfp; |
1836 | Sg_scatter_hold *req_schp = &srp->data; |
1837 | |
1838 | SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp, |
1839 | "sg_finish_rem_req: res_used=%d\n" , |
1840 | (int) srp->res_used)); |
1841 | if (srp->bio) |
1842 | ret = blk_rq_unmap_user(srp->bio); |
1843 | |
1844 | if (srp->rq) |
1845 | blk_mq_free_request(rq: srp->rq); |
1846 | |
1847 | if (srp->res_used) |
1848 | sg_unlink_reserve(sfp, srp); |
1849 | else |
1850 | sg_remove_scat(sfp, schp: req_schp); |
1851 | |
1852 | return ret; |
1853 | } |
1854 | |
1855 | static int |
1856 | sg_build_sgat(Sg_scatter_hold * schp, const Sg_fd * sfp, int tablesize) |
1857 | { |
1858 | int sg_bufflen = tablesize * sizeof(struct page *); |
1859 | gfp_t gfp_flags = GFP_ATOMIC | __GFP_NOWARN; |
1860 | |
1861 | schp->pages = kzalloc(size: sg_bufflen, flags: gfp_flags); |
1862 | if (!schp->pages) |
1863 | return -ENOMEM; |
1864 | schp->sglist_len = sg_bufflen; |
1865 | return tablesize; /* number of scat_gath elements allocated */ |
1866 | } |
1867 | |
1868 | static int |
1869 | sg_build_indirect(Sg_scatter_hold * schp, Sg_fd * sfp, int buff_size) |
1870 | { |
1871 | int ret_sz = 0, i, k, rem_sz, num, mx_sc_elems; |
1872 | int sg_tablesize = sfp->parentdp->sg_tablesize; |
1873 | int blk_size = buff_size, order; |
1874 | gfp_t gfp_mask = GFP_ATOMIC | __GFP_COMP | __GFP_NOWARN | __GFP_ZERO; |
1875 | |
1876 | if (blk_size < 0) |
1877 | return -EFAULT; |
1878 | if (0 == blk_size) |
1879 | ++blk_size; /* don't know why */ |
1880 | /* round request up to next highest SG_SECTOR_SZ byte boundary */ |
1881 | blk_size = ALIGN(blk_size, SG_SECTOR_SZ); |
1882 | SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp, |
1883 | "sg_build_indirect: buff_size=%d, blk_size=%d\n" , |
1884 | buff_size, blk_size)); |
1885 | |
1886 | /* N.B. ret_sz carried into this block ... */ |
1887 | mx_sc_elems = sg_build_sgat(schp, sfp, tablesize: sg_tablesize); |
1888 | if (mx_sc_elems < 0) |
1889 | return mx_sc_elems; /* most likely -ENOMEM */ |
1890 | |
1891 | num = scatter_elem_sz; |
1892 | if (unlikely(num != scatter_elem_sz_prev)) { |
1893 | if (num < PAGE_SIZE) { |
1894 | scatter_elem_sz = PAGE_SIZE; |
1895 | scatter_elem_sz_prev = PAGE_SIZE; |
1896 | } else |
1897 | scatter_elem_sz_prev = num; |
1898 | } |
1899 | |
1900 | order = get_order(size: num); |
1901 | retry: |
1902 | ret_sz = 1 << (PAGE_SHIFT + order); |
1903 | |
1904 | for (k = 0, rem_sz = blk_size; rem_sz > 0 && k < mx_sc_elems; |
1905 | k++, rem_sz -= ret_sz) { |
1906 | |
1907 | num = (rem_sz > scatter_elem_sz_prev) ? |
1908 | scatter_elem_sz_prev : rem_sz; |
1909 | |
1910 | schp->pages[k] = alloc_pages(gfp: gfp_mask, order); |
1911 | if (!schp->pages[k]) |
1912 | goto out; |
1913 | |
1914 | if (num == scatter_elem_sz_prev) { |
1915 | if (unlikely(ret_sz > scatter_elem_sz_prev)) { |
1916 | scatter_elem_sz = ret_sz; |
1917 | scatter_elem_sz_prev = ret_sz; |
1918 | } |
1919 | } |
1920 | |
1921 | SCSI_LOG_TIMEOUT(5, sg_printk(KERN_INFO, sfp->parentdp, |
1922 | "sg_build_indirect: k=%d, num=%d, ret_sz=%d\n" , |
1923 | k, num, ret_sz)); |
1924 | } /* end of for loop */ |
1925 | |
1926 | schp->page_order = order; |
1927 | schp->k_use_sg = k; |
1928 | SCSI_LOG_TIMEOUT(5, sg_printk(KERN_INFO, sfp->parentdp, |
1929 | "sg_build_indirect: k_use_sg=%d, rem_sz=%d\n" , |
1930 | k, rem_sz)); |
1931 | |
1932 | schp->bufflen = blk_size; |
1933 | if (rem_sz > 0) /* must have failed */ |
1934 | return -ENOMEM; |
1935 | return 0; |
1936 | out: |
1937 | for (i = 0; i < k; i++) |
1938 | __free_pages(page: schp->pages[i], order); |
1939 | |
1940 | if (--order >= 0) |
1941 | goto retry; |
1942 | |
1943 | return -ENOMEM; |
1944 | } |
1945 | |
1946 | static void |
1947 | sg_remove_scat(Sg_fd * sfp, Sg_scatter_hold * schp) |
1948 | { |
1949 | SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp, |
1950 | "sg_remove_scat: k_use_sg=%d\n" , schp->k_use_sg)); |
1951 | if (schp->pages && schp->sglist_len > 0) { |
1952 | if (!schp->dio_in_use) { |
1953 | int k; |
1954 | |
1955 | for (k = 0; k < schp->k_use_sg && schp->pages[k]; k++) { |
1956 | SCSI_LOG_TIMEOUT(5, |
1957 | sg_printk(KERN_INFO, sfp->parentdp, |
1958 | "sg_remove_scat: k=%d, pg=0x%p\n" , |
1959 | k, schp->pages[k])); |
1960 | __free_pages(page: schp->pages[k], order: schp->page_order); |
1961 | } |
1962 | |
1963 | kfree(objp: schp->pages); |
1964 | } |
1965 | } |
1966 | memset(schp, 0, sizeof (*schp)); |
1967 | } |
1968 | |
1969 | static int |
1970 | sg_read_oxfer(Sg_request * srp, char __user *outp, int num_read_xfer) |
1971 | { |
1972 | Sg_scatter_hold *schp = &srp->data; |
1973 | int k, num; |
1974 | |
1975 | SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, srp->parentfp->parentdp, |
1976 | "sg_read_oxfer: num_read_xfer=%d\n" , |
1977 | num_read_xfer)); |
1978 | if ((!outp) || (num_read_xfer <= 0)) |
1979 | return 0; |
1980 | |
1981 | num = 1 << (PAGE_SHIFT + schp->page_order); |
1982 | for (k = 0; k < schp->k_use_sg && schp->pages[k]; k++) { |
1983 | if (num > num_read_xfer) { |
1984 | if (copy_to_user(to: outp, page_address(schp->pages[k]), |
1985 | n: num_read_xfer)) |
1986 | return -EFAULT; |
1987 | break; |
1988 | } else { |
1989 | if (copy_to_user(to: outp, page_address(schp->pages[k]), |
1990 | n: num)) |
1991 | return -EFAULT; |
1992 | num_read_xfer -= num; |
1993 | if (num_read_xfer <= 0) |
1994 | break; |
1995 | outp += num; |
1996 | } |
1997 | } |
1998 | |
1999 | return 0; |
2000 | } |
2001 | |
2002 | static void |
2003 | sg_build_reserve(Sg_fd * sfp, int req_size) |
2004 | { |
2005 | Sg_scatter_hold *schp = &sfp->reserve; |
2006 | |
2007 | SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp, |
2008 | "sg_build_reserve: req_size=%d\n" , req_size)); |
2009 | do { |
2010 | if (req_size < PAGE_SIZE) |
2011 | req_size = PAGE_SIZE; |
2012 | if (0 == sg_build_indirect(schp, sfp, buff_size: req_size)) |
2013 | return; |
2014 | else |
2015 | sg_remove_scat(sfp, schp); |
2016 | req_size >>= 1; /* divide by 2 */ |
2017 | } while (req_size > (PAGE_SIZE / 2)); |
2018 | } |
2019 | |
2020 | static void |
2021 | sg_link_reserve(Sg_fd * sfp, Sg_request * srp, int size) |
2022 | { |
2023 | Sg_scatter_hold *req_schp = &srp->data; |
2024 | Sg_scatter_hold *rsv_schp = &sfp->reserve; |
2025 | int k, num, rem; |
2026 | |
2027 | srp->res_used = 1; |
2028 | SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp, |
2029 | "sg_link_reserve: size=%d\n" , size)); |
2030 | rem = size; |
2031 | |
2032 | num = 1 << (PAGE_SHIFT + rsv_schp->page_order); |
2033 | for (k = 0; k < rsv_schp->k_use_sg; k++) { |
2034 | if (rem <= num) { |
2035 | req_schp->k_use_sg = k + 1; |
2036 | req_schp->sglist_len = rsv_schp->sglist_len; |
2037 | req_schp->pages = rsv_schp->pages; |
2038 | |
2039 | req_schp->bufflen = size; |
2040 | req_schp->page_order = rsv_schp->page_order; |
2041 | break; |
2042 | } else |
2043 | rem -= num; |
2044 | } |
2045 | |
2046 | if (k >= rsv_schp->k_use_sg) |
2047 | SCSI_LOG_TIMEOUT(1, sg_printk(KERN_INFO, sfp->parentdp, |
2048 | "sg_link_reserve: BAD size\n" )); |
2049 | } |
2050 | |
2051 | static void |
2052 | sg_unlink_reserve(Sg_fd * sfp, Sg_request * srp) |
2053 | { |
2054 | Sg_scatter_hold *req_schp = &srp->data; |
2055 | |
2056 | SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, srp->parentfp->parentdp, |
2057 | "sg_unlink_reserve: req->k_use_sg=%d\n" , |
2058 | (int) req_schp->k_use_sg)); |
2059 | req_schp->k_use_sg = 0; |
2060 | req_schp->bufflen = 0; |
2061 | req_schp->pages = NULL; |
2062 | req_schp->page_order = 0; |
2063 | req_schp->sglist_len = 0; |
2064 | srp->res_used = 0; |
2065 | /* Called without mutex lock to avoid deadlock */ |
2066 | sfp->res_in_use = 0; |
2067 | } |
2068 | |
2069 | static Sg_request * |
2070 | sg_get_rq_mark(Sg_fd * sfp, int pack_id, bool *busy) |
2071 | { |
2072 | Sg_request *resp; |
2073 | unsigned long iflags; |
2074 | |
2075 | *busy = false; |
2076 | write_lock_irqsave(&sfp->rq_list_lock, iflags); |
2077 | list_for_each_entry(resp, &sfp->rq_list, entry) { |
2078 | /* look for requests that are not SG_IO owned */ |
2079 | if ((!resp->sg_io_owned) && |
2080 | ((-1 == pack_id) || (resp->header.pack_id == pack_id))) { |
2081 | switch (resp->done) { |
2082 | case 0: /* request active */ |
2083 | *busy = true; |
2084 | break; |
2085 | case 1: /* request done; response ready to return */ |
2086 | resp->done = 2; /* guard against other readers */ |
2087 | write_unlock_irqrestore(&sfp->rq_list_lock, iflags); |
2088 | return resp; |
2089 | case 2: /* response already being returned */ |
2090 | break; |
2091 | } |
2092 | } |
2093 | } |
2094 | write_unlock_irqrestore(&sfp->rq_list_lock, iflags); |
2095 | return NULL; |
2096 | } |
2097 | |
2098 | /* always adds to end of list */ |
2099 | static Sg_request * |
2100 | sg_add_request(Sg_fd * sfp) |
2101 | { |
2102 | int k; |
2103 | unsigned long iflags; |
2104 | Sg_request *rp = sfp->req_arr; |
2105 | |
2106 | write_lock_irqsave(&sfp->rq_list_lock, iflags); |
2107 | if (!list_empty(head: &sfp->rq_list)) { |
2108 | if (!sfp->cmd_q) |
2109 | goto out_unlock; |
2110 | |
2111 | for (k = 0; k < SG_MAX_QUEUE; ++k, ++rp) { |
2112 | if (!rp->parentfp) |
2113 | break; |
2114 | } |
2115 | if (k >= SG_MAX_QUEUE) |
2116 | goto out_unlock; |
2117 | } |
2118 | memset(rp, 0, sizeof (Sg_request)); |
2119 | rp->parentfp = sfp; |
2120 | rp->header.duration = jiffies_to_msecs(j: jiffies); |
2121 | list_add_tail(new: &rp->entry, head: &sfp->rq_list); |
2122 | write_unlock_irqrestore(&sfp->rq_list_lock, iflags); |
2123 | return rp; |
2124 | out_unlock: |
2125 | write_unlock_irqrestore(&sfp->rq_list_lock, iflags); |
2126 | return NULL; |
2127 | } |
2128 | |
2129 | /* Return of 1 for found; 0 for not found */ |
2130 | static int |
2131 | sg_remove_request(Sg_fd * sfp, Sg_request * srp) |
2132 | { |
2133 | unsigned long iflags; |
2134 | int res = 0; |
2135 | |
2136 | if (!sfp || !srp || list_empty(head: &sfp->rq_list)) |
2137 | return res; |
2138 | write_lock_irqsave(&sfp->rq_list_lock, iflags); |
2139 | if (!list_empty(head: &srp->entry)) { |
2140 | list_del(entry: &srp->entry); |
2141 | srp->parentfp = NULL; |
2142 | res = 1; |
2143 | } |
2144 | write_unlock_irqrestore(&sfp->rq_list_lock, iflags); |
2145 | |
2146 | /* |
2147 | * If the device is detaching, wakeup any readers in case we just |
2148 | * removed the last response, which would leave nothing for them to |
2149 | * return other than -ENODEV. |
2150 | */ |
2151 | if (unlikely(atomic_read(&sfp->parentdp->detaching))) |
2152 | wake_up_interruptible_all(&sfp->read_wait); |
2153 | |
2154 | return res; |
2155 | } |
2156 | |
2157 | static Sg_fd * |
2158 | sg_add_sfp(Sg_device * sdp) |
2159 | { |
2160 | Sg_fd *sfp; |
2161 | unsigned long iflags; |
2162 | int bufflen; |
2163 | |
2164 | sfp = kzalloc(size: sizeof(*sfp), GFP_ATOMIC | __GFP_NOWARN); |
2165 | if (!sfp) |
2166 | return ERR_PTR(error: -ENOMEM); |
2167 | |
2168 | init_waitqueue_head(&sfp->read_wait); |
2169 | rwlock_init(&sfp->rq_list_lock); |
2170 | INIT_LIST_HEAD(list: &sfp->rq_list); |
2171 | kref_init(kref: &sfp->f_ref); |
2172 | mutex_init(&sfp->f_mutex); |
2173 | sfp->timeout = SG_DEFAULT_TIMEOUT; |
2174 | sfp->timeout_user = SG_DEFAULT_TIMEOUT_USER; |
2175 | sfp->force_packid = SG_DEF_FORCE_PACK_ID; |
2176 | sfp->cmd_q = SG_DEF_COMMAND_Q; |
2177 | sfp->keep_orphan = SG_DEF_KEEP_ORPHAN; |
2178 | sfp->parentdp = sdp; |
2179 | write_lock_irqsave(&sdp->sfd_lock, iflags); |
2180 | if (atomic_read(v: &sdp->detaching)) { |
2181 | write_unlock_irqrestore(&sdp->sfd_lock, iflags); |
2182 | kfree(objp: sfp); |
2183 | return ERR_PTR(error: -ENODEV); |
2184 | } |
2185 | list_add_tail(new: &sfp->sfd_siblings, head: &sdp->sfds); |
2186 | write_unlock_irqrestore(&sdp->sfd_lock, iflags); |
2187 | SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, |
2188 | "sg_add_sfp: sfp=0x%p\n" , sfp)); |
2189 | if (unlikely(sg_big_buff != def_reserved_size)) |
2190 | sg_big_buff = def_reserved_size; |
2191 | |
2192 | bufflen = min_t(int, sg_big_buff, |
2193 | max_sectors_bytes(sdp->device->request_queue)); |
2194 | sg_build_reserve(sfp, req_size: bufflen); |
2195 | SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, |
2196 | "sg_add_sfp: bufflen=%d, k_use_sg=%d\n" , |
2197 | sfp->reserve.bufflen, |
2198 | sfp->reserve.k_use_sg)); |
2199 | |
2200 | kref_get(kref: &sdp->d_ref); |
2201 | __module_get(THIS_MODULE); |
2202 | return sfp; |
2203 | } |
2204 | |
2205 | static void |
2206 | sg_remove_sfp_usercontext(struct work_struct *work) |
2207 | { |
2208 | struct sg_fd *sfp = container_of(work, struct sg_fd, ew.work); |
2209 | struct sg_device *sdp = sfp->parentdp; |
2210 | Sg_request *srp; |
2211 | unsigned long iflags; |
2212 | |
2213 | /* Cleanup any responses which were never read(). */ |
2214 | write_lock_irqsave(&sfp->rq_list_lock, iflags); |
2215 | while (!list_empty(head: &sfp->rq_list)) { |
2216 | srp = list_first_entry(&sfp->rq_list, Sg_request, entry); |
2217 | sg_finish_rem_req(srp); |
2218 | list_del(entry: &srp->entry); |
2219 | srp->parentfp = NULL; |
2220 | } |
2221 | write_unlock_irqrestore(&sfp->rq_list_lock, iflags); |
2222 | |
2223 | if (sfp->reserve.bufflen > 0) { |
2224 | SCSI_LOG_TIMEOUT(6, sg_printk(KERN_INFO, sdp, |
2225 | "sg_remove_sfp: bufflen=%d, k_use_sg=%d\n" , |
2226 | (int) sfp->reserve.bufflen, |
2227 | (int) sfp->reserve.k_use_sg)); |
2228 | sg_remove_scat(sfp, schp: &sfp->reserve); |
2229 | } |
2230 | |
2231 | SCSI_LOG_TIMEOUT(6, sg_printk(KERN_INFO, sdp, |
2232 | "sg_remove_sfp: sfp=0x%p\n" , sfp)); |
2233 | kfree(objp: sfp); |
2234 | |
2235 | scsi_device_put(sdp->device); |
2236 | kref_put(kref: &sdp->d_ref, release: sg_device_destroy); |
2237 | module_put(THIS_MODULE); |
2238 | } |
2239 | |
2240 | static void |
2241 | sg_remove_sfp(struct kref *kref) |
2242 | { |
2243 | struct sg_fd *sfp = container_of(kref, struct sg_fd, f_ref); |
2244 | struct sg_device *sdp = sfp->parentdp; |
2245 | unsigned long iflags; |
2246 | |
2247 | write_lock_irqsave(&sdp->sfd_lock, iflags); |
2248 | list_del(entry: &sfp->sfd_siblings); |
2249 | write_unlock_irqrestore(&sdp->sfd_lock, iflags); |
2250 | |
2251 | INIT_WORK(&sfp->ew.work, sg_remove_sfp_usercontext); |
2252 | schedule_work(work: &sfp->ew.work); |
2253 | } |
2254 | |
2255 | #ifdef CONFIG_SCSI_PROC_FS |
2256 | static int |
2257 | sg_idr_max_id(int id, void *p, void *data) |
2258 | { |
2259 | int *k = data; |
2260 | |
2261 | if (*k < id) |
2262 | *k = id; |
2263 | |
2264 | return 0; |
2265 | } |
2266 | |
2267 | static int |
2268 | sg_last_dev(void) |
2269 | { |
2270 | int k = -1; |
2271 | unsigned long iflags; |
2272 | |
2273 | read_lock_irqsave(&sg_index_lock, iflags); |
2274 | idr_for_each(&sg_index_idr, fn: sg_idr_max_id, data: &k); |
2275 | read_unlock_irqrestore(&sg_index_lock, iflags); |
2276 | return k + 1; /* origin 1 */ |
2277 | } |
2278 | #endif |
2279 | |
2280 | /* must be called with sg_index_lock held */ |
2281 | static Sg_device *sg_lookup_dev(int dev) |
2282 | { |
2283 | return idr_find(&sg_index_idr, id: dev); |
2284 | } |
2285 | |
2286 | static Sg_device * |
2287 | sg_get_dev(int dev) |
2288 | { |
2289 | struct sg_device *sdp; |
2290 | unsigned long flags; |
2291 | |
2292 | read_lock_irqsave(&sg_index_lock, flags); |
2293 | sdp = sg_lookup_dev(dev); |
2294 | if (!sdp) |
2295 | sdp = ERR_PTR(error: -ENXIO); |
2296 | else if (atomic_read(v: &sdp->detaching)) { |
2297 | /* If sdp->detaching, then the refcount may already be 0, in |
2298 | * which case it would be a bug to do kref_get(). |
2299 | */ |
2300 | sdp = ERR_PTR(error: -ENODEV); |
2301 | } else |
2302 | kref_get(kref: &sdp->d_ref); |
2303 | read_unlock_irqrestore(&sg_index_lock, flags); |
2304 | |
2305 | return sdp; |
2306 | } |
2307 | |
2308 | #ifdef CONFIG_SCSI_PROC_FS |
2309 | static int sg_proc_seq_show_int(struct seq_file *s, void *v); |
2310 | |
2311 | static int sg_proc_single_open_adio(struct inode *inode, struct file *file); |
2312 | static ssize_t sg_proc_write_adio(struct file *filp, const char __user *buffer, |
2313 | size_t count, loff_t *off); |
2314 | static const struct proc_ops adio_proc_ops = { |
2315 | .proc_open = sg_proc_single_open_adio, |
2316 | .proc_read = seq_read, |
2317 | .proc_lseek = seq_lseek, |
2318 | .proc_write = sg_proc_write_adio, |
2319 | .proc_release = single_release, |
2320 | }; |
2321 | |
2322 | static int sg_proc_single_open_dressz(struct inode *inode, struct file *file); |
2323 | static ssize_t sg_proc_write_dressz(struct file *filp, |
2324 | const char __user *buffer, size_t count, loff_t *off); |
2325 | static const struct proc_ops dressz_proc_ops = { |
2326 | .proc_open = sg_proc_single_open_dressz, |
2327 | .proc_read = seq_read, |
2328 | .proc_lseek = seq_lseek, |
2329 | .proc_write = sg_proc_write_dressz, |
2330 | .proc_release = single_release, |
2331 | }; |
2332 | |
2333 | static int sg_proc_seq_show_version(struct seq_file *s, void *v); |
2334 | static int sg_proc_seq_show_devhdr(struct seq_file *s, void *v); |
2335 | static int sg_proc_seq_show_dev(struct seq_file *s, void *v); |
2336 | static void * dev_seq_start(struct seq_file *s, loff_t *pos); |
2337 | static void * dev_seq_next(struct seq_file *s, void *v, loff_t *pos); |
2338 | static void dev_seq_stop(struct seq_file *s, void *v); |
2339 | static const struct seq_operations dev_seq_ops = { |
2340 | .start = dev_seq_start, |
2341 | .next = dev_seq_next, |
2342 | .stop = dev_seq_stop, |
2343 | .show = sg_proc_seq_show_dev, |
2344 | }; |
2345 | |
2346 | static int sg_proc_seq_show_devstrs(struct seq_file *s, void *v); |
2347 | static const struct seq_operations devstrs_seq_ops = { |
2348 | .start = dev_seq_start, |
2349 | .next = dev_seq_next, |
2350 | .stop = dev_seq_stop, |
2351 | .show = sg_proc_seq_show_devstrs, |
2352 | }; |
2353 | |
2354 | static int sg_proc_seq_show_debug(struct seq_file *s, void *v); |
2355 | static const struct seq_operations debug_seq_ops = { |
2356 | .start = dev_seq_start, |
2357 | .next = dev_seq_next, |
2358 | .stop = dev_seq_stop, |
2359 | .show = sg_proc_seq_show_debug, |
2360 | }; |
2361 | |
2362 | static int |
2363 | sg_proc_init(void) |
2364 | { |
2365 | struct proc_dir_entry *p; |
2366 | |
2367 | p = proc_mkdir("scsi/sg" , NULL); |
2368 | if (!p) |
2369 | return 1; |
2370 | |
2371 | proc_create(name: "allow_dio" , S_IRUGO | S_IWUSR, parent: p, proc_ops: &adio_proc_ops); |
2372 | proc_create_seq("debug" , S_IRUGO, p, &debug_seq_ops); |
2373 | proc_create(name: "def_reserved_size" , S_IRUGO | S_IWUSR, parent: p, proc_ops: &dressz_proc_ops); |
2374 | proc_create_single("device_hdr" , S_IRUGO, p, sg_proc_seq_show_devhdr); |
2375 | proc_create_seq("devices" , S_IRUGO, p, &dev_seq_ops); |
2376 | proc_create_seq("device_strs" , S_IRUGO, p, &devstrs_seq_ops); |
2377 | proc_create_single("version" , S_IRUGO, p, sg_proc_seq_show_version); |
2378 | return 0; |
2379 | } |
2380 | |
2381 | |
2382 | static int sg_proc_seq_show_int(struct seq_file *s, void *v) |
2383 | { |
2384 | seq_printf(m: s, fmt: "%d\n" , *((int *)s->private)); |
2385 | return 0; |
2386 | } |
2387 | |
2388 | static int sg_proc_single_open_adio(struct inode *inode, struct file *file) |
2389 | { |
2390 | return single_open(file, sg_proc_seq_show_int, &sg_allow_dio); |
2391 | } |
2392 | |
2393 | static ssize_t |
2394 | sg_proc_write_adio(struct file *filp, const char __user *buffer, |
2395 | size_t count, loff_t *off) |
2396 | { |
2397 | int err; |
2398 | unsigned long num; |
2399 | |
2400 | if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO)) |
2401 | return -EACCES; |
2402 | err = kstrtoul_from_user(s: buffer, count, base: 0, res: &num); |
2403 | if (err) |
2404 | return err; |
2405 | sg_allow_dio = num ? 1 : 0; |
2406 | return count; |
2407 | } |
2408 | |
2409 | static int sg_proc_single_open_dressz(struct inode *inode, struct file *file) |
2410 | { |
2411 | return single_open(file, sg_proc_seq_show_int, &sg_big_buff); |
2412 | } |
2413 | |
2414 | static ssize_t |
2415 | sg_proc_write_dressz(struct file *filp, const char __user *buffer, |
2416 | size_t count, loff_t *off) |
2417 | { |
2418 | int err; |
2419 | unsigned long k = ULONG_MAX; |
2420 | |
2421 | if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO)) |
2422 | return -EACCES; |
2423 | |
2424 | err = kstrtoul_from_user(s: buffer, count, base: 0, res: &k); |
2425 | if (err) |
2426 | return err; |
2427 | if (k <= 1048576) { /* limit "big buff" to 1 MB */ |
2428 | sg_big_buff = k; |
2429 | return count; |
2430 | } |
2431 | return -ERANGE; |
2432 | } |
2433 | |
2434 | static int sg_proc_seq_show_version(struct seq_file *s, void *v) |
2435 | { |
2436 | seq_printf(m: s, fmt: "%d\t%s [%s]\n" , sg_version_num, SG_VERSION_STR, |
2437 | sg_version_date); |
2438 | return 0; |
2439 | } |
2440 | |
2441 | static int sg_proc_seq_show_devhdr(struct seq_file *s, void *v) |
2442 | { |
2443 | seq_puts(m: s, s: "host\tchan\tid\tlun\ttype\topens\tqdepth\tbusy\tonline\n" ); |
2444 | return 0; |
2445 | } |
2446 | |
2447 | struct sg_proc_deviter { |
2448 | loff_t index; |
2449 | size_t max; |
2450 | }; |
2451 | |
2452 | static void * dev_seq_start(struct seq_file *s, loff_t *pos) |
2453 | { |
2454 | struct sg_proc_deviter * it = kmalloc(size: sizeof(*it), GFP_KERNEL); |
2455 | |
2456 | s->private = it; |
2457 | if (! it) |
2458 | return NULL; |
2459 | |
2460 | it->index = *pos; |
2461 | it->max = sg_last_dev(); |
2462 | if (it->index >= it->max) |
2463 | return NULL; |
2464 | return it; |
2465 | } |
2466 | |
2467 | static void * dev_seq_next(struct seq_file *s, void *v, loff_t *pos) |
2468 | { |
2469 | struct sg_proc_deviter * it = s->private; |
2470 | |
2471 | *pos = ++it->index; |
2472 | return (it->index < it->max) ? it : NULL; |
2473 | } |
2474 | |
2475 | static void dev_seq_stop(struct seq_file *s, void *v) |
2476 | { |
2477 | kfree(objp: s->private); |
2478 | } |
2479 | |
2480 | static int sg_proc_seq_show_dev(struct seq_file *s, void *v) |
2481 | { |
2482 | struct sg_proc_deviter * it = (struct sg_proc_deviter *) v; |
2483 | Sg_device *sdp; |
2484 | struct scsi_device *scsidp; |
2485 | unsigned long iflags; |
2486 | |
2487 | read_lock_irqsave(&sg_index_lock, iflags); |
2488 | sdp = it ? sg_lookup_dev(dev: it->index) : NULL; |
2489 | if ((NULL == sdp) || (NULL == sdp->device) || |
2490 | (atomic_read(v: &sdp->detaching))) |
2491 | seq_puts(m: s, s: "-1\t-1\t-1\t-1\t-1\t-1\t-1\t-1\t-1\n" ); |
2492 | else { |
2493 | scsidp = sdp->device; |
2494 | seq_printf(m: s, fmt: "%d\t%d\t%d\t%llu\t%d\t%d\t%d\t%d\t%d\n" , |
2495 | scsidp->host->host_no, scsidp->channel, |
2496 | scsidp->id, scsidp->lun, (int) scsidp->type, |
2497 | 1, |
2498 | (int) scsidp->queue_depth, |
2499 | (int) scsi_device_busy(sdev: scsidp), |
2500 | (int) scsi_device_online(sdev: scsidp)); |
2501 | } |
2502 | read_unlock_irqrestore(&sg_index_lock, iflags); |
2503 | return 0; |
2504 | } |
2505 | |
2506 | static int sg_proc_seq_show_devstrs(struct seq_file *s, void *v) |
2507 | { |
2508 | struct sg_proc_deviter * it = (struct sg_proc_deviter *) v; |
2509 | Sg_device *sdp; |
2510 | struct scsi_device *scsidp; |
2511 | unsigned long iflags; |
2512 | |
2513 | read_lock_irqsave(&sg_index_lock, iflags); |
2514 | sdp = it ? sg_lookup_dev(dev: it->index) : NULL; |
2515 | scsidp = sdp ? sdp->device : NULL; |
2516 | if (sdp && scsidp && (!atomic_read(v: &sdp->detaching))) |
2517 | seq_printf(m: s, fmt: "%8.8s\t%16.16s\t%4.4s\n" , |
2518 | scsidp->vendor, scsidp->model, scsidp->rev); |
2519 | else |
2520 | seq_puts(m: s, s: "<no active device>\n" ); |
2521 | read_unlock_irqrestore(&sg_index_lock, iflags); |
2522 | return 0; |
2523 | } |
2524 | |
2525 | /* must be called while holding sg_index_lock */ |
2526 | static void sg_proc_debug_helper(struct seq_file *s, Sg_device * sdp) |
2527 | { |
2528 | int k, new_interface, blen, usg; |
2529 | Sg_request *srp; |
2530 | Sg_fd *fp; |
2531 | const sg_io_hdr_t *hp; |
2532 | const char * cp; |
2533 | unsigned int ms; |
2534 | |
2535 | k = 0; |
2536 | list_for_each_entry(fp, &sdp->sfds, sfd_siblings) { |
2537 | k++; |
2538 | read_lock(&fp->rq_list_lock); /* irqs already disabled */ |
2539 | seq_printf(m: s, fmt: " FD(%d): timeout=%dms bufflen=%d " |
2540 | "(res)sgat=%d low_dma=%d\n" , k, |
2541 | jiffies_to_msecs(j: fp->timeout), |
2542 | fp->reserve.bufflen, |
2543 | (int) fp->reserve.k_use_sg, 0); |
2544 | seq_printf(m: s, fmt: " cmd_q=%d f_packid=%d k_orphan=%d closed=0\n" , |
2545 | (int) fp->cmd_q, (int) fp->force_packid, |
2546 | (int) fp->keep_orphan); |
2547 | list_for_each_entry(srp, &fp->rq_list, entry) { |
2548 | hp = &srp->header; |
2549 | new_interface = (hp->interface_id == '\0') ? 0 : 1; |
2550 | if (srp->res_used) { |
2551 | if (new_interface && |
2552 | (SG_FLAG_MMAP_IO & hp->flags)) |
2553 | cp = " mmap>> " ; |
2554 | else |
2555 | cp = " rb>> " ; |
2556 | } else { |
2557 | if (SG_INFO_DIRECT_IO_MASK & hp->info) |
2558 | cp = " dio>> " ; |
2559 | else |
2560 | cp = " " ; |
2561 | } |
2562 | seq_puts(m: s, s: cp); |
2563 | blen = srp->data.bufflen; |
2564 | usg = srp->data.k_use_sg; |
2565 | seq_puts(m: s, s: srp->done ? |
2566 | ((1 == srp->done) ? "rcv:" : "fin:" ) |
2567 | : "act:" ); |
2568 | seq_printf(m: s, fmt: " id=%d blen=%d" , |
2569 | srp->header.pack_id, blen); |
2570 | if (srp->done) |
2571 | seq_printf(m: s, fmt: " dur=%d" , hp->duration); |
2572 | else { |
2573 | ms = jiffies_to_msecs(j: jiffies); |
2574 | seq_printf(m: s, fmt: " t_o/elap=%d/%d" , |
2575 | (new_interface ? hp->timeout : |
2576 | jiffies_to_msecs(j: fp->timeout)), |
2577 | (ms > hp->duration ? ms - hp->duration : 0)); |
2578 | } |
2579 | seq_printf(m: s, fmt: "ms sgat=%d op=0x%02x\n" , usg, |
2580 | (int) srp->data.cmd_opcode); |
2581 | } |
2582 | if (list_empty(head: &fp->rq_list)) |
2583 | seq_puts(m: s, s: " No requests active\n" ); |
2584 | read_unlock(&fp->rq_list_lock); |
2585 | } |
2586 | } |
2587 | |
2588 | static int sg_proc_seq_show_debug(struct seq_file *s, void *v) |
2589 | { |
2590 | struct sg_proc_deviter * it = (struct sg_proc_deviter *) v; |
2591 | Sg_device *sdp; |
2592 | unsigned long iflags; |
2593 | |
2594 | if (it && (0 == it->index)) |
2595 | seq_printf(m: s, fmt: "max_active_device=%d def_reserved_size=%d\n" , |
2596 | (int)it->max, sg_big_buff); |
2597 | |
2598 | read_lock_irqsave(&sg_index_lock, iflags); |
2599 | sdp = it ? sg_lookup_dev(dev: it->index) : NULL; |
2600 | if (NULL == sdp) |
2601 | goto skip; |
2602 | read_lock(&sdp->sfd_lock); |
2603 | if (!list_empty(head: &sdp->sfds)) { |
2604 | seq_printf(m: s, fmt: " >>> device=%s " , sdp->name); |
2605 | if (atomic_read(v: &sdp->detaching)) |
2606 | seq_puts(m: s, s: "detaching pending close " ); |
2607 | else if (sdp->device) { |
2608 | struct scsi_device *scsidp = sdp->device; |
2609 | |
2610 | seq_printf(m: s, fmt: "%d:%d:%d:%llu em=%d" , |
2611 | scsidp->host->host_no, |
2612 | scsidp->channel, scsidp->id, |
2613 | scsidp->lun, |
2614 | scsidp->host->hostt->emulated); |
2615 | } |
2616 | seq_printf(m: s, fmt: " sg_tablesize=%d excl=%d open_cnt=%d\n" , |
2617 | sdp->sg_tablesize, sdp->exclude, sdp->open_cnt); |
2618 | sg_proc_debug_helper(s, sdp); |
2619 | } |
2620 | read_unlock(&sdp->sfd_lock); |
2621 | skip: |
2622 | read_unlock_irqrestore(&sg_index_lock, iflags); |
2623 | return 0; |
2624 | } |
2625 | |
2626 | #endif /* CONFIG_SCSI_PROC_FS */ |
2627 | |
2628 | module_init(init_sg); |
2629 | module_exit(exit_sg); |
2630 | |