Gitiles
Code Review Sign In
192.168.1.100 / T103 / 13eb6a97dabf274443d07c46a6ec8b3392553f08 / . / src / kernel / linux / v4.14 / drivers / scsi / sg.c
blob: f2f628d38acbfd407d42d652228f1bd98a99a08e [file] [log] [blame]
rjw1f884582022-01-06 17:20:42 +0800[diff] [blame]1/*
2 * History:
3 * Started: Aug 9 by Lawrence Foard (entropy@world.std.com),
4 * to allow user process control of SCSI devices.
5 * Development Sponsored by Killy Corp. NY NY
6 *
7 * Original driver (sg.c):
8 * Copyright (C) 1992 Lawrence Foard
9 * Version 2 and 3 extensions to driver:
10 * Copyright (C) 1998 - 2014 Douglas Gilbert
11 *
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2, or (at your option)
15 * any later version.
16 *
17 */
18
19static int sg_version_num = 30536; /* 2 digits for each component */
20#define SG_VERSION_STR "3.5.36"
21
22/*
23 * D. P. Gilbert (dgilbert@interlog.com), notes:
24 * - scsi logging is available via SCSI_LOG_TIMEOUT macros. First
25 * the kernel/module needs to be built with CONFIG_SCSI_LOGGING
26 * (otherwise the macros compile to empty statements).
27 *
28 */
29#include <linux/module.h>
30
31#include <linux/fs.h>
32#include <linux/kernel.h>
33#include <linux/sched.h>
34#include <linux/string.h>
35#include <linux/mm.h>
36#include <linux/errno.h>
37#include <linux/mtio.h>
38#include <linux/ioctl.h>
39#include <linux/slab.h>
40#include <linux/fcntl.h>
41#include <linux/init.h>
42#include <linux/poll.h>
43#include <linux/moduleparam.h>
44#include <linux/cdev.h>
45#include <linux/idr.h>
46#include <linux/seq_file.h>
47#include <linux/blkdev.h>
48#include <linux/delay.h>
49#include <linux/blktrace_api.h>
50#include <linux/mutex.h>
51#include <linux/atomic.h>
52#include <linux/ratelimit.h>
53#include <linux/uio.h>
54#include <linux/cred.h> /* for sg_check_file_access() */
55
56#include "scsi.h"
57#include <scsi/scsi_dbg.h>
58#include <scsi/scsi_host.h>
59#include <scsi/scsi_driver.h>
60#include <scsi/scsi_ioctl.h>
61#include <scsi/sg.h>
62
63#include "scsi_logging.h"
64
65#ifdef CONFIG_SCSI_PROC_FS
66#include <linux/proc_fs.h>
67static char *sg_version_date = "20140603";
68
69static int sg_proc_init(void);
70static void sg_proc_cleanup(void);
71#endif
72
73#define SG_ALLOW_DIO_DEF 0
74
75#define SG_MAX_DEVS 32768
76
77/* SG_MAX_CDB_SIZE should be 260 (spc4r37 section 3.1.30) however the type
78 * of sg_io_hdr::cmd_len can only represent 255. All SCSI commands greater
79 * than 16 bytes are "variable length" whose length is a multiple of 4
80 */
81#define SG_MAX_CDB_SIZE 252
82
83#define SG_DEFAULT_TIMEOUT mult_frac(SG_DEFAULT_TIMEOUT_USER, HZ, USER_HZ)
84
85int sg_big_buff = SG_DEF_RESERVED_SIZE;
86/* N.B. This variable is readable and writeable via
87 /proc/scsi/sg/def_reserved_size . Each time sg_open() is called a buffer
88 of this size (or less if there is not enough memory) will be reserved
89 for use by this file descriptor. [Deprecated usage: this variable is also
90 readable via /proc/sys/kernel/sg-big-buff if the sg driver is built into
91 the kernel (i.e. it is not a module).] */
92static int def_reserved_size = -1; /* picks up init parameter */
93static int sg_allow_dio = SG_ALLOW_DIO_DEF;
94
95static int scatter_elem_sz = SG_SCATTER_SZ;
96static int scatter_elem_sz_prev = SG_SCATTER_SZ;
97
98#define SG_SECTOR_SZ 512
99
100static int sg_add_device(struct device *, struct class_interface *);
101static void sg_remove_device(struct device *, struct class_interface *);
102
103static DEFINE_IDR(sg_index_idr);
104static DEFINE_RWLOCK(sg_index_lock); /* Also used to lock
105 file descriptor list for device */
106
107static struct class_interface sg_interface = {
108 .add_dev = sg_add_device,
109 .remove_dev = sg_remove_device,
110};
111
112typedef struct sg_scatter_hold { /* holding area for scsi scatter gather info */
113 unsigned short k_use_sg; /* Count of kernel scatter-gather pieces */
114 unsigned sglist_len; /* size of malloc'd scatter-gather list ++ */
115 unsigned bufflen; /* Size of (aggregate) data buffer */
116 struct page **pages;
117 int page_order;
118 char dio_in_use; /* 0->indirect IO (or mmap), 1->dio */
119 unsigned char cmd_opcode; /* first byte of command */
120} Sg_scatter_hold;
121
122struct sg_device; /* forward declarations */
123struct sg_fd;
124
125typedef struct sg_request { /* SG_MAX_QUEUE requests outstanding per file */
126 struct list_head entry; /* list entry */
127 struct sg_fd *parentfp; /* NULL -> not in use */
128 Sg_scatter_hold data; /* hold buffer, perhaps scatter list */
129 sg_io_hdr_t header; /* scsi command+info, see <scsi/sg.h> */
130 unsigned char sense_b[SCSI_SENSE_BUFFERSIZE];
131 char res_used; /* 1 -> using reserve buffer, 0 -> not ... */
132 char orphan; /* 1 -> drop on sight, 0 -> normal */
133 char sg_io_owned; /* 1 -> packet belongs to SG_IO */
134 /* done protected by rq_list_lock */
135 char done; /* 0->before bh, 1->before read, 2->read */
136 struct request *rq;
137 struct bio *bio;
138 struct execute_work ew;
139} Sg_request;
140
141typedef struct sg_fd { /* holds the state of a file descriptor */
142 struct list_head sfd_siblings; /* protected by device's sfd_lock */
143 struct sg_device *parentdp; /* owning device */
144 wait_queue_head_t read_wait; /* queue read until command done */
145 rwlock_t rq_list_lock; /* protect access to list in req_arr */
146 struct mutex f_mutex; /* protect against changes in this fd */
147 int timeout; /* defaults to SG_DEFAULT_TIMEOUT */
148 int timeout_user; /* defaults to SG_DEFAULT_TIMEOUT_USER */
149 Sg_scatter_hold reserve; /* buffer held for this file descriptor */
150 struct list_head rq_list; /* head of request list */
151 struct fasync_struct *async_qp; /* used by asynchronous notification */
152 Sg_request req_arr[SG_MAX_QUEUE]; /* used as singly-linked list */
153 char force_packid; /* 1 -> pack_id input to read(), 0 -> ignored */
154 char cmd_q; /* 1 -> allow command queuing, 0 -> don't */
155 unsigned char next_cmd_len; /* 0: automatic, >0: use on next write() */
156 char keep_orphan; /* 0 -> drop orphan (def), 1 -> keep for read() */
157 char mmap_called; /* 0 -> mmap() never called on this fd */
158 char res_in_use; /* 1 -> 'reserve' array in use */
159 struct kref f_ref;
160 struct execute_work ew;
161} Sg_fd;
162
163typedef struct sg_device { /* holds the state of each scsi generic device */
164 struct scsi_device *device;
165 wait_queue_head_t open_wait; /* queue open() when O_EXCL present */
166 struct mutex open_rel_lock; /* held when in open() or release() */
167 int sg_tablesize; /* adapter's max scatter-gather table size */
168 u32 index; /* device index number */
169 struct list_head sfds;
170 rwlock_t sfd_lock; /* protect access to sfd list */
171 atomic_t detaching; /* 0->device usable, 1->device detaching */
172 bool exclude; /* 1->open(O_EXCL) succeeded and is active */
173 int open_cnt; /* count of opens (perhaps < num(sfds) ) */
174 char sgdebug; /* 0->off, 1->sense, 9->dump dev, 10-> all devs */
175 struct gendisk *disk;
176 struct cdev * cdev; /* char_dev [sysfs: /sys/cdev/major/sg<n>] */
177 struct kref d_ref;
178} Sg_device;
179
180/* tasklet or soft irq callback */
181static void sg_rq_end_io(struct request *rq, blk_status_t status);
182static int sg_start_req(Sg_request *srp, unsigned char *cmd);
183static int sg_finish_rem_req(Sg_request * srp);
184static int sg_build_indirect(Sg_scatter_hold * schp, Sg_fd * sfp, int buff_size);
185static ssize_t sg_new_read(Sg_fd * sfp, char __user *buf, size_t count,
186 Sg_request * srp);
187static ssize_t sg_new_write(Sg_fd *sfp, struct file *file,
188 const char __user *buf, size_t count, int blocking,
189 int read_only, int sg_io_owned, Sg_request **o_srp);
190static int sg_common_write(Sg_fd * sfp, Sg_request * srp,
191 unsigned char *cmnd, int timeout, int blocking);
192static int sg_read_oxfer(Sg_request * srp, char __user *outp, int num_read_xfer);
193static void sg_remove_scat(Sg_fd * sfp, Sg_scatter_hold * schp);
194static void sg_build_reserve(Sg_fd * sfp, int req_size);
195static void sg_link_reserve(Sg_fd * sfp, Sg_request * srp, int size);
196static void sg_unlink_reserve(Sg_fd * sfp, Sg_request * srp);
197static Sg_fd *sg_add_sfp(Sg_device * sdp);
198static void sg_remove_sfp(struct kref *);
199static Sg_request *sg_get_rq_mark(Sg_fd * sfp, int pack_id);
200static Sg_request *sg_add_request(Sg_fd * sfp);
201static int sg_remove_request(Sg_fd * sfp, Sg_request * srp);
202static Sg_device *sg_get_dev(int dev);
203static void sg_device_destroy(struct kref *kref);
204
205#define SZ_SG_HEADER sizeof(struct sg_header)
206#define SZ_SG_IO_HDR sizeof(sg_io_hdr_t)
207#define SZ_SG_IOVEC sizeof(sg_iovec_t)
208#define SZ_SG_REQ_INFO sizeof(sg_req_info_t)
209
210#define sg_printk(prefix, sdp, fmt, a...) \
211 sdev_prefix_printk(prefix, (sdp)->device, \
212 (sdp)->disk->disk_name, fmt, ##a)
213
214/*
215 * The SCSI interfaces that use read() and write() as an asynchronous variant of
216 * ioctl(..., SG_IO, ...) are fundamentally unsafe, since there are lots of ways
217 * to trigger read() and write() calls from various contexts with elevated
218 * privileges. This can lead to kernel memory corruption (e.g. if these
219 * interfaces are called through splice()) and privilege escalation inside
220 * userspace (e.g. if a process with access to such a device passes a file
221 * descriptor to a SUID binary as stdin/stdout/stderr).
222 *
223 * This function provides protection for the legacy API by restricting the
224 * calling context.
225 */
226static int sg_check_file_access(struct file *filp, const char *caller)
227{
228 if (filp->f_cred != current_real_cred()) {
229 pr_err_once("%s: process %d (%s) changed security contexts after opening file descriptor, this is not allowed.\n",
230 caller, task_tgid_vnr(current), current->comm);
231 return -EPERM;
232 }
233 if (uaccess_kernel()) {
234 pr_err_once("%s: process %d (%s) called from kernel context, this is not allowed.\n",
235 caller, task_tgid_vnr(current), current->comm);
236 return -EACCES;
237 }
238 return 0;
239}
240
241static int sg_allow_access(struct file *filp, unsigned char *cmd)
242{
243 struct sg_fd *sfp = filp->private_data;
244
245 if (sfp->parentdp->device->type == TYPE_SCANNER)
246 return 0;
247
248 return blk_verify_command(cmd, filp->f_mode & FMODE_WRITE);
249}
250
251static int
252open_wait(Sg_device *sdp, int flags)
253{
254 int retval = 0;
255
256 if (flags & O_EXCL) {
257 while (sdp->open_cnt > 0) {
258 mutex_unlock(&sdp->open_rel_lock);
259 retval = wait_event_interruptible(sdp->open_wait,
260 (atomic_read(&sdp->detaching) ||
261 !sdp->open_cnt));
262 mutex_lock(&sdp->open_rel_lock);
263
264 if (retval) /* -ERESTARTSYS */
265 return retval;
266 if (atomic_read(&sdp->detaching))
267 return -ENODEV;
268 }
269 } else {
270 while (sdp->exclude) {
271 mutex_unlock(&sdp->open_rel_lock);
272 retval = wait_event_interruptible(sdp->open_wait,
273 (atomic_read(&sdp->detaching) ||
274 !sdp->exclude));
275 mutex_lock(&sdp->open_rel_lock);
276
277 if (retval) /* -ERESTARTSYS */
278 return retval;
279 if (atomic_read(&sdp->detaching))
280 return -ENODEV;
281 }
282 }
283
284 return retval;
285}
286
287/* Returns 0 on success, else a negated errno value */
288static int
289sg_open(struct inode *inode, struct file *filp)
290{
291 int dev = iminor(inode);
292 int flags = filp->f_flags;
293 struct request_queue *q;
294 Sg_device *sdp;
295 Sg_fd *sfp;
296 int retval;
297
298 nonseekable_open(inode, filp);
299 if ((flags & O_EXCL) && (O_RDONLY == (flags & O_ACCMODE)))
300 return -EPERM; /* Can't lock it with read only access */
301 sdp = sg_get_dev(dev);
302 if (IS_ERR(sdp))
303 return PTR_ERR(sdp);
304
305 SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp,
306 "sg_open: flags=0x%x\n", flags));
307
308 /* This driver's module count bumped by fops_get in <linux/fs.h> */
309 /* Prevent the device driver from vanishing while we sleep */
310 retval = scsi_device_get(sdp->device);
311 if (retval)
312 goto sg_put;
313
314 retval = scsi_autopm_get_device(sdp->device);
315 if (retval)
316 goto sdp_put;
317
318 /* scsi_block_when_processing_errors() may block so bypass
319 * check if O_NONBLOCK. Permits SCSI commands to be issued
320 * during error recovery. Tread carefully. */
321 if (!((flags & O_NONBLOCK) ||
322 scsi_block_when_processing_errors(sdp->device))) {
323 retval = -ENXIO;
324 /* we are in error recovery for this device */
325 goto error_out;
326 }
327
328 mutex_lock(&sdp->open_rel_lock);
329 if (flags & O_NONBLOCK) {
330 if (flags & O_EXCL) {
331 if (sdp->open_cnt > 0) {
332 retval = -EBUSY;
333 goto error_mutex_locked;
334 }
335 } else {
336 if (sdp->exclude) {
337 retval = -EBUSY;
338 goto error_mutex_locked;
339 }
340 }
341 } else {
342 retval = open_wait(sdp, flags);
343 if (retval) /* -ERESTARTSYS or -ENODEV */
344 goto error_mutex_locked;
345 }
346
347 /* N.B. at this point we are holding the open_rel_lock */
348 if (flags & O_EXCL)
349 sdp->exclude = true;
350
351 if (sdp->open_cnt < 1) { /* no existing opens */
352 sdp->sgdebug = 0;
353 q = sdp->device->request_queue;
354 sdp->sg_tablesize = queue_max_segments(q);
355 }
356 sfp = sg_add_sfp(sdp);
357 if (IS_ERR(sfp)) {
358 retval = PTR_ERR(sfp);
359 goto out_undo;
360 }
361
362 filp->private_data = sfp;
363 sdp->open_cnt++;
364 mutex_unlock(&sdp->open_rel_lock);
365
366 retval = 0;
367sg_put:
368 kref_put(&sdp->d_ref, sg_device_destroy);
369 return retval;
370
371out_undo:
372 if (flags & O_EXCL) {
373 sdp->exclude = false; /* undo if error */
374 wake_up_interruptible(&sdp->open_wait);
375 }
376error_mutex_locked:
377 mutex_unlock(&sdp->open_rel_lock);
378error_out:
379 scsi_autopm_put_device(sdp->device);
380sdp_put:
381 scsi_device_put(sdp->device);
382 goto sg_put;
383}
384
385/* Release resources associated with a successful sg_open()
386 * Returns 0 on success, else a negated errno value */
387static int
388sg_release(struct inode *inode, struct file *filp)
389{
390 Sg_device *sdp;
391 Sg_fd *sfp;
392
393 if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
394 return -ENXIO;
395 SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, "sg_release\n"));
396
397 mutex_lock(&sdp->open_rel_lock);
398 scsi_autopm_put_device(sdp->device);
399 kref_put(&sfp->f_ref, sg_remove_sfp);
400 sdp->open_cnt--;
401
402 /* possibly many open()s waiting on exlude clearing, start many;
403 * only open(O_EXCL)s wait on 0==open_cnt so only start one */
404 if (sdp->exclude) {
405 sdp->exclude = false;
406 wake_up_interruptible_all(&sdp->open_wait);
407 } else if (0 == sdp->open_cnt) {
408 wake_up_interruptible(&sdp->open_wait);
409 }
410 mutex_unlock(&sdp->open_rel_lock);
411 return 0;
412}
413
414static ssize_t
415sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos)
416{
417 Sg_device *sdp;
418 Sg_fd *sfp;
419 Sg_request *srp;
420 int req_pack_id = -1;
421 sg_io_hdr_t *hp;
422 struct sg_header *old_hdr = NULL;
423 int retval = 0;
424
425 /*
426 * This could cause a response to be stranded. Close the associated
427 * file descriptor to free up any resources being held.
428 */
429 retval = sg_check_file_access(filp, __func__);
430 if (retval)
431 return retval;
432
433 if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
434 return -ENXIO;
435 SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp,
436 "sg_read: count=%d\n", (int) count));
437
438 if (!access_ok(VERIFY_WRITE, buf, count))
439 return -EFAULT;
440 if (sfp->force_packid && (count >= SZ_SG_HEADER)) {
441 old_hdr = kmalloc(SZ_SG_HEADER, GFP_KERNEL);
442 if (!old_hdr)
443 return -ENOMEM;
444 if (__copy_from_user(old_hdr, buf, SZ_SG_HEADER)) {
445 retval = -EFAULT;
446 goto free_old_hdr;
447 }
448 if (old_hdr->reply_len < 0) {
449 if (count >= SZ_SG_IO_HDR) {
450 sg_io_hdr_t *new_hdr;
451 new_hdr = kmalloc(SZ_SG_IO_HDR, GFP_KERNEL);
452 if (!new_hdr) {
453 retval = -ENOMEM;
454 goto free_old_hdr;
455 }
456 retval =__copy_from_user
457 (new_hdr, buf, SZ_SG_IO_HDR);
458 req_pack_id = new_hdr->pack_id;
459 kfree(new_hdr);
460 if (retval) {
461 retval = -EFAULT;
462 goto free_old_hdr;
463 }
464 }
465 } else
466 req_pack_id = old_hdr->pack_id;
467 }
468 srp = sg_get_rq_mark(sfp, req_pack_id);
469 if (!srp) { /* now wait on packet to arrive */
470 if (atomic_read(&sdp->detaching)) {
471 retval = -ENODEV;
472 goto free_old_hdr;
473 }
474 if (filp->f_flags & O_NONBLOCK) {
475 retval = -EAGAIN;
476 goto free_old_hdr;
477 }
478 retval = wait_event_interruptible(sfp->read_wait,
479 (atomic_read(&sdp->detaching) ||
480 (srp = sg_get_rq_mark(sfp, req_pack_id))));
481 if (atomic_read(&sdp->detaching)) {
482 retval = -ENODEV;
483 goto free_old_hdr;
484 }
485 if (retval) {
486 /* -ERESTARTSYS as signal hit process */
487 goto free_old_hdr;
488 }
489 }
490 if (srp->header.interface_id != '\0') {
491 retval = sg_new_read(sfp, buf, count, srp);
492 goto free_old_hdr;
493 }
494
495 hp = &srp->header;
496 if (old_hdr == NULL) {
497 old_hdr = kmalloc(SZ_SG_HEADER, GFP_KERNEL);
498 if (! old_hdr) {
499 retval = -ENOMEM;
500 goto free_old_hdr;
501 }
502 }
503 memset(old_hdr, 0, SZ_SG_HEADER);
504 old_hdr->reply_len = (int) hp->timeout;
505 old_hdr->pack_len = old_hdr->reply_len; /* old, strange behaviour */
506 old_hdr->pack_id = hp->pack_id;
507 old_hdr->twelve_byte =
508 ((srp->data.cmd_opcode >= 0xc0) && (12 == hp->cmd_len)) ? 1 : 0;
509 old_hdr->target_status = hp->masked_status;
510 old_hdr->host_status = hp->host_status;
511 old_hdr->driver_status = hp->driver_status;
512 if ((CHECK_CONDITION & hp->masked_status) ||
513 (DRIVER_SENSE & hp->driver_status))
514 memcpy(old_hdr->sense_buffer, srp->sense_b,
515 sizeof (old_hdr->sense_buffer));
516 switch (hp->host_status) {
517 /* This setup of 'result' is for backward compatibility and is best
518 ignored by the user who should use target, host + driver status */
519 case DID_OK:
520 case DID_PASSTHROUGH:
521 case DID_SOFT_ERROR:
522 old_hdr->result = 0;
523 break;
524 case DID_NO_CONNECT:
525 case DID_BUS_BUSY:
526 case DID_TIME_OUT:
527 old_hdr->result = EBUSY;
528 break;
529 case DID_BAD_TARGET:
530 case DID_ABORT:
531 case DID_PARITY:
532 case DID_RESET:
533 case DID_BAD_INTR:
534 old_hdr->result = EIO;
535 break;
536 case DID_ERROR:
537 old_hdr->result = (srp->sense_b[0] == 0 &&
538 hp->masked_status == GOOD) ? 0 : EIO;
539 break;
540 default:
541 old_hdr->result = EIO;
542 break;
543 }
544
545 /* Now copy the result back to the user buffer. */
546 if (count >= SZ_SG_HEADER) {
547 if (__copy_to_user(buf, old_hdr, SZ_SG_HEADER)) {
548 retval = -EFAULT;
549 goto free_old_hdr;
550 }
551 buf += SZ_SG_HEADER;
552 if (count > old_hdr->reply_len)
553 count = old_hdr->reply_len;
554 if (count > SZ_SG_HEADER) {
555 if (sg_read_oxfer(srp, buf, count - SZ_SG_HEADER)) {
556 retval = -EFAULT;
557 goto free_old_hdr;
558 }
559 }
560 } else
561 count = (old_hdr->result == 0) ? 0 : -EIO;
562 sg_finish_rem_req(srp);
563 sg_remove_request(sfp, srp);
564 retval = count;
565free_old_hdr:
566 kfree(old_hdr);
567 return retval;
568}
569
570static ssize_t
571sg_new_read(Sg_fd * sfp, char __user *buf, size_t count, Sg_request * srp)
572{
573 sg_io_hdr_t *hp = &srp->header;
574 int err = 0, err2;
575 int len;
576
577 if (count < SZ_SG_IO_HDR) {
578 err = -EINVAL;
579 goto err_out;
580 }
581 hp->sb_len_wr = 0;
582 if ((hp->mx_sb_len > 0) && hp->sbp) {
583 if ((CHECK_CONDITION & hp->masked_status) ||
584 (DRIVER_SENSE & hp->driver_status)) {
585 int sb_len = SCSI_SENSE_BUFFERSIZE;
586 sb_len = (hp->mx_sb_len > sb_len) ? sb_len : hp->mx_sb_len;
587 len = 8 + (int) srp->sense_b[7]; /* Additional sense length field */
588 len = (len > sb_len) ? sb_len : len;
589 if (copy_to_user(hp->sbp, srp->sense_b, len)) {
590 err = -EFAULT;
591 goto err_out;
592 }
593 hp->sb_len_wr = len;
594 }
595 }
596 if (hp->masked_status || hp->host_status || hp->driver_status)
597 hp->info |= SG_INFO_CHECK;
598 if (copy_to_user(buf, hp, SZ_SG_IO_HDR)) {
599 err = -EFAULT;
600 goto err_out;
601 }
602err_out:
603 err2 = sg_finish_rem_req(srp);
604 sg_remove_request(sfp, srp);
605 return err ? : err2 ? : count;
606}
607
608static ssize_t
609sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos)
610{
611 int mxsize, cmd_size, k;
612 int input_size, blocking;
613 unsigned char opcode;
614 Sg_device *sdp;
615 Sg_fd *sfp;
616 Sg_request *srp;
617 struct sg_header old_hdr;
618 sg_io_hdr_t *hp;
619 unsigned char cmnd[SG_MAX_CDB_SIZE];
620 int retval;
621
622 retval = sg_check_file_access(filp, __func__);
623 if (retval)
624 return retval;
625
626 if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
627 return -ENXIO;
628 SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp,
629 "sg_write: count=%d\n", (int) count));
630 if (atomic_read(&sdp->detaching))
631 return -ENODEV;
632 if (!((filp->f_flags & O_NONBLOCK) ||
633 scsi_block_when_processing_errors(sdp->device)))
634 return -ENXIO;
635
636 if (!access_ok(VERIFY_READ, buf, count))
637 return -EFAULT; /* protects following copy_from_user()s + get_user()s */
638 if (count < SZ_SG_HEADER)
639 return -EIO;
640 if (__copy_from_user(&old_hdr, buf, SZ_SG_HEADER))
641 return -EFAULT;
642 blocking = !(filp->f_flags & O_NONBLOCK);
643 if (old_hdr.reply_len < 0)
644 return sg_new_write(sfp, filp, buf, count,
645 blocking, 0, 0, NULL);
646 if (count < (SZ_SG_HEADER + 6))
647 return -EIO; /* The minimum scsi command length is 6 bytes. */
648
649 if (!(srp = sg_add_request(sfp))) {
650 SCSI_LOG_TIMEOUT(1, sg_printk(KERN_INFO, sdp,
651 "sg_write: queue full\n"));
652 return -EDOM;
653 }
654 buf += SZ_SG_HEADER;
655 __get_user(opcode, buf);
656 mutex_lock(&sfp->f_mutex);
657 if (sfp->next_cmd_len > 0) {
658 cmd_size = sfp->next_cmd_len;
659 sfp->next_cmd_len = 0; /* reset so only this write() effected */
660 } else {
661 cmd_size = COMMAND_SIZE(opcode); /* based on SCSI command group */
662 if ((opcode >= 0xc0) && old_hdr.twelve_byte)
663 cmd_size = 12;
664 }
665 mutex_unlock(&sfp->f_mutex);
666 SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sdp,
667 "sg_write: scsi opcode=0x%02x, cmd_size=%d\n", (int) opcode, cmd_size));
668/* Determine buffer size. */
669 input_size = count - cmd_size;
670 mxsize = (input_size > old_hdr.reply_len) ? input_size : old_hdr.reply_len;
671 mxsize -= SZ_SG_HEADER;
672 input_size -= SZ_SG_HEADER;
673 if (input_size < 0) {
674 sg_remove_request(sfp, srp);
675 return -EIO; /* User did not pass enough bytes for this command. */
676 }
677 hp = &srp->header;
678 hp->interface_id = '\0'; /* indicator of old interface tunnelled */
679 hp->cmd_len = (unsigned char) cmd_size;
680 hp->iovec_count = 0;
681 hp->mx_sb_len = 0;
682 if (input_size > 0)
683 hp->dxfer_direction = (old_hdr.reply_len > SZ_SG_HEADER) ?
684 SG_DXFER_TO_FROM_DEV : SG_DXFER_TO_DEV;
685 else
686 hp->dxfer_direction = (mxsize > 0) ? SG_DXFER_FROM_DEV : SG_DXFER_NONE;
687 hp->dxfer_len = mxsize;
688 if ((hp->dxfer_direction == SG_DXFER_TO_DEV) ||
689 (hp->dxfer_direction == SG_DXFER_TO_FROM_DEV))
690 hp->dxferp = (char __user *)buf + cmd_size;
691 else
692 hp->dxferp = NULL;
693 hp->sbp = NULL;
694 hp->timeout = old_hdr.reply_len; /* structure abuse ... */
695 hp->flags = input_size; /* structure abuse ... */
696 hp->pack_id = old_hdr.pack_id;
697 hp->usr_ptr = NULL;
698 if (__copy_from_user(cmnd, buf, cmd_size)) {
699 sg_remove_request(sfp, srp);
700 return -EFAULT;
701 }
702 /*
703 * SG_DXFER_TO_FROM_DEV is functionally equivalent to SG_DXFER_FROM_DEV,
704 * but is is possible that the app intended SG_DXFER_TO_DEV, because there
705 * is a non-zero input_size, so emit a warning.
706 */
707 if (hp->dxfer_direction == SG_DXFER_TO_FROM_DEV) {
708 printk_ratelimited(KERN_WARNING
709 "sg_write: data in/out %d/%d bytes "
710 "for SCSI command 0x%x-- guessing "
711 "data in;\n program %s not setting "
712 "count and/or reply_len properly\n",
713 old_hdr.reply_len - (int)SZ_SG_HEADER,
714 input_size, (unsigned int) cmnd[0],
715 current->comm);
716 }
717 k = sg_common_write(sfp, srp, cmnd, sfp->timeout, blocking);
718 return (k < 0) ? k : count;
719}
720
721static ssize_t
722sg_new_write(Sg_fd *sfp, struct file *file, const char __user *buf,
723 size_t count, int blocking, int read_only, int sg_io_owned,
724 Sg_request **o_srp)
725{
726 int k;
727 Sg_request *srp;
728 sg_io_hdr_t *hp;
729 unsigned char cmnd[SG_MAX_CDB_SIZE];
730 int timeout;
731 unsigned long ul_timeout;
732
733 if (count < SZ_SG_IO_HDR)
734 return -EINVAL;
735 if (!access_ok(VERIFY_READ, buf, count))
736 return -EFAULT; /* protects following copy_from_user()s + get_user()s */
737
738 sfp->cmd_q = 1; /* when sg_io_hdr seen, set command queuing on */
739 if (!(srp = sg_add_request(sfp))) {
740 SCSI_LOG_TIMEOUT(1, sg_printk(KERN_INFO, sfp->parentdp,
741 "sg_new_write: queue full\n"));
742 return -EDOM;
743 }
744 srp->sg_io_owned = sg_io_owned;
745 hp = &srp->header;
746 if (__copy_from_user(hp, buf, SZ_SG_IO_HDR)) {
747 sg_remove_request(sfp, srp);
748 return -EFAULT;
749 }
750 if (hp->interface_id != 'S') {
751 sg_remove_request(sfp, srp);
752 return -ENOSYS;
753 }
754 if (hp->flags & SG_FLAG_MMAP_IO) {
755 if (hp->dxfer_len > sfp->reserve.bufflen) {
756 sg_remove_request(sfp, srp);
757 return -ENOMEM; /* MMAP_IO size must fit in reserve buffer */
758 }
759 if (hp->flags & SG_FLAG_DIRECT_IO) {
760 sg_remove_request(sfp, srp);
761 return -EINVAL; /* either MMAP_IO or DIRECT_IO (not both) */
762 }
763 if (sfp->res_in_use) {
764 sg_remove_request(sfp, srp);
765 return -EBUSY; /* reserve buffer already being used */
766 }
767 }
768 ul_timeout = msecs_to_jiffies(srp->header.timeout);
769 timeout = (ul_timeout < INT_MAX) ? ul_timeout : INT_MAX;
770 if ((!hp->cmdp) || (hp->cmd_len < 6) || (hp->cmd_len > sizeof (cmnd))) {
771 sg_remove_request(sfp, srp);
772 return -EMSGSIZE;
773 }
774 if (!access_ok(VERIFY_READ, hp->cmdp, hp->cmd_len)) {
775 sg_remove_request(sfp, srp);
776 return -EFAULT; /* protects following copy_from_user()s + get_user()s */
777 }
778 if (__copy_from_user(cmnd, hp->cmdp, hp->cmd_len)) {
779 sg_remove_request(sfp, srp);
780 return -EFAULT;
781 }
782 if (read_only && sg_allow_access(file, cmnd)) {
783 sg_remove_request(sfp, srp);
784 return -EPERM;
785 }
786 k = sg_common_write(sfp, srp, cmnd, timeout, blocking);
787 if (k < 0)
788 return k;
789 if (o_srp)
790 *o_srp = srp;
791 return count;
792}
793
794static int
795sg_common_write(Sg_fd * sfp, Sg_request * srp,
796 unsigned char *cmnd, int timeout, int blocking)
797{
798 int k, at_head;
799 Sg_device *sdp = sfp->parentdp;
800 sg_io_hdr_t *hp = &srp->header;
801
802 srp->data.cmd_opcode = cmnd[0]; /* hold opcode of command */
803 hp->status = 0;
804 hp->masked_status = 0;
805 hp->msg_status = 0;
806 hp->info = 0;
807 hp->host_status = 0;
808 hp->driver_status = 0;
809 hp->resid = 0;
810 SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp,
811 "sg_common_write: scsi opcode=0x%02x, cmd_size=%d\n",
812 (int) cmnd[0], (int) hp->cmd_len));
813
814 if (hp->dxfer_len >= SZ_256M) {
815 sg_remove_request(sfp, srp);
816 return -EINVAL;
817 }
818
819 k = sg_start_req(srp, cmnd);
820 if (k) {
821 SCSI_LOG_TIMEOUT(1, sg_printk(KERN_INFO, sfp->parentdp,
822 "sg_common_write: start_req err=%d\n", k));
823 sg_finish_rem_req(srp);
824 sg_remove_request(sfp, srp);
825 return k; /* probably out of space --> ENOMEM */
826 }
827 if (atomic_read(&sdp->detaching)) {
828 if (srp->bio) {
829 scsi_req_free_cmd(scsi_req(srp->rq));
830 blk_end_request_all(srp->rq, BLK_STS_IOERR);
831 srp->rq = NULL;
832 }
833
834 sg_finish_rem_req(srp);
835 sg_remove_request(sfp, srp);
836 return -ENODEV;
837 }
838
839 hp->duration = jiffies_to_msecs(jiffies);
840 if (hp->interface_id != '\0' && /* v3 (or later) interface */
841 (SG_FLAG_Q_AT_TAIL & hp->flags))
842 at_head = 0;
843 else
844 at_head = 1;
845
846 srp->rq->timeout = timeout;
847 kref_get(&sfp->f_ref); /* sg_rq_end_io() does kref_put(). */
848 blk_execute_rq_nowait(sdp->device->request_queue, sdp->disk,
849 srp->rq, at_head, sg_rq_end_io);
850 return 0;
851}
852
853static int srp_done(Sg_fd *sfp, Sg_request *srp)
854{
855 unsigned long flags;
856 int ret;
857
858 read_lock_irqsave(&sfp->rq_list_lock, flags);
859 ret = srp->done;
860 read_unlock_irqrestore(&sfp->rq_list_lock, flags);
861 return ret;
862}
863
864static int max_sectors_bytes(struct request_queue *q)
865{
866 unsigned int max_sectors = queue_max_sectors(q);
867
868 max_sectors = min_t(unsigned int, max_sectors, INT_MAX >> 9);
869
870 return max_sectors << 9;
871}
872
873static void
874sg_fill_request_table(Sg_fd *sfp, sg_req_info_t *rinfo)
875{
876 Sg_request *srp;
877 int val;
878 unsigned int ms;
879
880 val = 0;
881 list_for_each_entry(srp, &sfp->rq_list, entry) {
882 if (val >= SG_MAX_QUEUE)
883 break;
884 rinfo[val].req_state = srp->done + 1;
885 rinfo[val].problem =
886 srp->header.masked_status &
887 srp->header.host_status &
888 srp->header.driver_status;
889 if (srp->done)
890 rinfo[val].duration =
891 srp->header.duration;
892 else {
893 ms = jiffies_to_msecs(jiffies);
894 rinfo[val].duration =
895 (ms > srp->header.duration) ?
896 (ms - srp->header.duration) : 0;
897 }
898 rinfo[val].orphan = srp->orphan;
899 rinfo[val].sg_io_owned = srp->sg_io_owned;
900 rinfo[val].pack_id = srp->header.pack_id;
901 rinfo[val].usr_ptr = srp->header.usr_ptr;
902 val++;
903 }
904}
905
906static long
907sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
908{
909 void __user *p = (void __user *)arg;
910 int __user *ip = p;
911 int result, val, read_only;
912 Sg_device *sdp;
913 Sg_fd *sfp;
914 Sg_request *srp;
915 unsigned long iflags;
916
917 if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
918 return -ENXIO;
919
920 SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp,
921 "sg_ioctl: cmd=0x%x\n", (int) cmd_in));
922 read_only = (O_RDWR != (filp->f_flags & O_ACCMODE));
923
924 switch (cmd_in) {
925 case SG_IO:
926 if (atomic_read(&sdp->detaching))
927 return -ENODEV;
928 if (!scsi_block_when_processing_errors(sdp->device))
929 return -ENXIO;
930 if (!access_ok(VERIFY_WRITE, p, SZ_SG_IO_HDR))
931 return -EFAULT;
932 result = sg_new_write(sfp, filp, p, SZ_SG_IO_HDR,
933 1, read_only, 1, &srp);
934 if (result < 0)
935 return result;
936 result = wait_event_interruptible(sfp->read_wait,
937 (srp_done(sfp, srp) || atomic_read(&sdp->detaching)));
938 if (atomic_read(&sdp->detaching))
939 return -ENODEV;
940 write_lock_irq(&sfp->rq_list_lock);
941 if (srp->done) {
942 srp->done = 2;
943 write_unlock_irq(&sfp->rq_list_lock);
944 result = sg_new_read(sfp, p, SZ_SG_IO_HDR, srp);
945 return (result < 0) ? result : 0;
946 }
947 srp->orphan = 1;
948 write_unlock_irq(&sfp->rq_list_lock);
949 return result; /* -ERESTARTSYS because signal hit process */
950 case SG_SET_TIMEOUT:
951 result = get_user(val, ip);
952 if (result)
953 return result;
954 if (val < 0)
955 return -EIO;
956 if (val >= mult_frac((s64)INT_MAX, USER_HZ, HZ))
957 val = min_t(s64, mult_frac((s64)INT_MAX, USER_HZ, HZ),
958 INT_MAX);
959 sfp->timeout_user = val;
960 sfp->timeout = mult_frac(val, HZ, USER_HZ);
961
962 return 0;
963 case SG_GET_TIMEOUT: /* N.B. User receives timeout as return value */
964 /* strange ..., for backward compatibility */
965 return sfp->timeout_user;
966 case SG_SET_FORCE_LOW_DMA:
967 /*
968 * N.B. This ioctl never worked properly, but failed to
969 * return an error value. So returning '0' to keep compability
970 * with legacy applications.
971 */
972 return 0;
973 case SG_GET_LOW_DMA:
974 return put_user((int) sdp->device->host->unchecked_isa_dma, ip);
975 case SG_GET_SCSI_ID:
976 if (!access_ok(VERIFY_WRITE, p, sizeof (sg_scsi_id_t)))
977 return -EFAULT;
978 else {
979 sg_scsi_id_t __user *sg_idp = p;
980
981 if (atomic_read(&sdp->detaching))
982 return -ENODEV;
983 __put_user((int) sdp->device->host->host_no,
984 &sg_idp->host_no);
985 __put_user((int) sdp->device->channel,
986 &sg_idp->channel);
987 __put_user((int) sdp->device->id, &sg_idp->scsi_id);
988 __put_user((int) sdp->device->lun, &sg_idp->lun);
989 __put_user((int) sdp->device->type, &sg_idp->scsi_type);
990 __put_user((short) sdp->device->host->cmd_per_lun,
991 &sg_idp->h_cmd_per_lun);
992 __put_user((short) sdp->device->queue_depth,
993 &sg_idp->d_queue_depth);
994 __put_user(0, &sg_idp->unused[0]);
995 __put_user(0, &sg_idp->unused[1]);
996 return 0;
997 }
998 case SG_SET_FORCE_PACK_ID:
999 result = get_user(val, ip);
1000 if (result)
1001 return result;
1002 sfp->force_packid = val ? 1 : 0;
1003 return 0;
1004 case SG_GET_PACK_ID:
1005 if (!access_ok(VERIFY_WRITE, ip, sizeof (int)))
1006 return -EFAULT;
1007 read_lock_irqsave(&sfp->rq_list_lock, iflags);
1008 list_for_each_entry(srp, &sfp->rq_list, entry) {
1009 if ((1 == srp->done) && (!srp->sg_io_owned)) {
1010 read_unlock_irqrestore(&sfp->rq_list_lock,
1011 iflags);
1012 __put_user(srp->header.pack_id, ip);
1013 return 0;
1014 }
1015 }
1016 read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
1017 __put_user(-1, ip);
1018 return 0;
1019 case SG_GET_NUM_WAITING:
1020 read_lock_irqsave(&sfp->rq_list_lock, iflags);
1021 val = 0;
1022 list_for_each_entry(srp, &sfp->rq_list, entry) {
1023 if ((1 == srp->done) && (!srp->sg_io_owned))
1024 ++val;
1025 }
1026 read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
1027 return put_user(val, ip);
1028 case SG_GET_SG_TABLESIZE:
1029 return put_user(sdp->sg_tablesize, ip);
1030 case SG_SET_RESERVED_SIZE:
1031 result = get_user(val, ip);
1032 if (result)
1033 return result;
1034 if (val < 0)
1035 return -EINVAL;
1036 val = min_t(int, val,
1037 max_sectors_bytes(sdp->device->request_queue));
1038 mutex_lock(&sfp->f_mutex);
1039 if (val != sfp->reserve.bufflen) {
1040 if (sfp->mmap_called ||
1041 sfp->res_in_use) {
1042 mutex_unlock(&sfp->f_mutex);
1043 return -EBUSY;
1044 }
1045
1046 sg_remove_scat(sfp, &sfp->reserve);
1047 sg_build_reserve(sfp, val);
1048 }
1049 mutex_unlock(&sfp->f_mutex);
1050 return 0;
1051 case SG_GET_RESERVED_SIZE:
1052 val = min_t(int, sfp->reserve.bufflen,
1053 max_sectors_bytes(sdp->device->request_queue));
1054 return put_user(val, ip);
1055 case SG_SET_COMMAND_Q:
1056 result = get_user(val, ip);
1057 if (result)
1058 return result;
1059 sfp->cmd_q = val ? 1 : 0;
1060 return 0;
1061 case SG_GET_COMMAND_Q:
1062 return put_user((int) sfp->cmd_q, ip);
1063 case SG_SET_KEEP_ORPHAN:
1064 result = get_user(val, ip);
1065 if (result)
1066 return result;
1067 sfp->keep_orphan = val;
1068 return 0;
1069 case SG_GET_KEEP_ORPHAN:
1070 return put_user((int) sfp->keep_orphan, ip);
1071 case SG_NEXT_CMD_LEN:
1072 result = get_user(val, ip);
1073 if (result)
1074 return result;
1075 if (val > SG_MAX_CDB_SIZE)
1076 return -ENOMEM;
1077 sfp->next_cmd_len = (val > 0) ? val : 0;
1078 return 0;
1079 case SG_GET_VERSION_NUM:
1080 return put_user(sg_version_num, ip);
1081 case SG_GET_ACCESS_COUNT:
1082 /* faked - we don't have a real access count anymore */
1083 val = (sdp->device ? 1 : 0);
1084 return put_user(val, ip);
1085 case SG_GET_REQUEST_TABLE:
1086 if (!access_ok(VERIFY_WRITE, p, SZ_SG_REQ_INFO * SG_MAX_QUEUE))
1087 return -EFAULT;
1088 else {
1089 sg_req_info_t *rinfo;
1090
1091 rinfo = kzalloc(SZ_SG_REQ_INFO * SG_MAX_QUEUE,
1092 GFP_KERNEL);
1093 if (!rinfo)
1094 return -ENOMEM;
1095 read_lock_irqsave(&sfp->rq_list_lock, iflags);
1096 sg_fill_request_table(sfp, rinfo);
1097 read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
1098 result = __copy_to_user(p, rinfo,
1099 SZ_SG_REQ_INFO * SG_MAX_QUEUE);
1100 result = result ? -EFAULT : 0;
1101 kfree(rinfo);
1102 return result;
1103 }
1104 case SG_EMULATED_HOST:
1105 if (atomic_read(&sdp->detaching))
1106 return -ENODEV;
1107 return put_user(sdp->device->host->hostt->emulated, ip);
1108 case SCSI_IOCTL_SEND_COMMAND:
1109 if (atomic_read(&sdp->detaching))
1110 return -ENODEV;
1111 if (read_only) {
1112 unsigned char opcode = WRITE_6;
1113 Scsi_Ioctl_Command __user *siocp = p;
1114
1115 if (copy_from_user(&opcode, siocp->data, 1))
1116 return -EFAULT;
1117 if (sg_allow_access(filp, &opcode))
1118 return -EPERM;
1119 }
1120 return sg_scsi_ioctl(sdp->device->request_queue, NULL, filp->f_mode, p);
1121 case SG_SET_DEBUG:
1122 result = get_user(val, ip);
1123 if (result)
1124 return result;
1125 sdp->sgdebug = (char) val;
1126 return 0;
1127 case BLKSECTGET:
1128 return put_user(max_sectors_bytes(sdp->device->request_queue),
1129 ip);
1130 case BLKTRACESETUP:
1131 return blk_trace_setup(sdp->device->request_queue,
1132 sdp->disk->disk_name,
1133 MKDEV(SCSI_GENERIC_MAJOR, sdp->index),
1134 NULL, p);
1135 case BLKTRACESTART:
1136 return blk_trace_startstop(sdp->device->request_queue, 1);
1137 case BLKTRACESTOP:
1138 return blk_trace_startstop(sdp->device->request_queue, 0);
1139 case BLKTRACETEARDOWN:
1140 return blk_trace_remove(sdp->device->request_queue);
1141 case SCSI_IOCTL_GET_IDLUN:
1142 case SCSI_IOCTL_GET_BUS_NUMBER:
1143 case SCSI_IOCTL_PROBE_HOST:
1144 case SG_GET_TRANSFORM:
1145 case SG_SCSI_RESET:
1146 if (atomic_read(&sdp->detaching))
1147 return -ENODEV;
1148 break;
1149 default:
1150 if (read_only)
1151 return -EPERM; /* don't know so take safe approach */
1152 break;
1153 }
1154
1155 result = scsi_ioctl_block_when_processing_errors(sdp->device,
1156 cmd_in, filp->f_flags & O_NDELAY);
1157 if (result)
1158 return result;
1159 return scsi_ioctl(sdp->device, cmd_in, p);
1160}
1161
1162#ifdef CONFIG_COMPAT
1163static long sg_compat_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
1164{
1165 Sg_device *sdp;
1166 Sg_fd *sfp;
1167 struct scsi_device *sdev;
1168
1169 if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
1170 return -ENXIO;
1171
1172 sdev = sdp->device;
1173 if (sdev->host->hostt->compat_ioctl) {
1174 int ret;
1175
1176 ret = sdev->host->hostt->compat_ioctl(sdev, cmd_in, (void __user *)arg);
1177
1178 return ret;
1179 }
1180
1181 return -ENOIOCTLCMD;
1182}
1183#endif
1184
1185static unsigned int
1186sg_poll(struct file *filp, poll_table * wait)
1187{
1188 unsigned int res = 0;
1189 Sg_device *sdp;
1190 Sg_fd *sfp;
1191 Sg_request *srp;
1192 int count = 0;
1193 unsigned long iflags;
1194
1195 sfp = filp->private_data;
1196 if (!sfp)
1197 return POLLERR;
1198 sdp = sfp->parentdp;
1199 if (!sdp)
1200 return POLLERR;
1201 poll_wait(filp, &sfp->read_wait, wait);
1202 read_lock_irqsave(&sfp->rq_list_lock, iflags);
1203 list_for_each_entry(srp, &sfp->rq_list, entry) {
1204 /* if any read waiting, flag it */
1205 if ((0 == res) && (1 == srp->done) && (!srp->sg_io_owned))
1206 res = POLLIN | POLLRDNORM;
1207 ++count;
1208 }
1209 read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
1210
1211 if (atomic_read(&sdp->detaching))
1212 res |= POLLHUP;
1213 else if (!sfp->cmd_q) {
1214 if (0 == count)
1215 res |= POLLOUT | POLLWRNORM;
1216 } else if (count < SG_MAX_QUEUE)
1217 res |= POLLOUT | POLLWRNORM;
1218 SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp,
1219 "sg_poll: res=0x%x\n", (int) res));
1220 return res;
1221}
1222
1223static int
1224sg_fasync(int fd, struct file *filp, int mode)
1225{
1226 Sg_device *sdp;
1227 Sg_fd *sfp;
1228
1229 if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
1230 return -ENXIO;
1231 SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp,
1232 "sg_fasync: mode=%d\n", mode));
1233
1234 return fasync_helper(fd, filp, mode, &sfp->async_qp);
1235}
1236
1237static int
1238sg_vma_fault(struct vm_fault *vmf)
1239{
1240 struct vm_area_struct *vma = vmf->vma;
1241 Sg_fd *sfp;
1242 unsigned long offset, len, sa;
1243 Sg_scatter_hold *rsv_schp;
1244 int k, length;
1245
1246 if ((NULL == vma) || (!(sfp = (Sg_fd *) vma->vm_private_data)))
1247 return VM_FAULT_SIGBUS;
1248 rsv_schp = &sfp->reserve;
1249 offset = vmf->pgoff << PAGE_SHIFT;
1250 if (offset >= rsv_schp->bufflen)
1251 return VM_FAULT_SIGBUS;
1252 SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sfp->parentdp,
1253 "sg_vma_fault: offset=%lu, scatg=%d\n",
1254 offset, rsv_schp->k_use_sg));
1255 sa = vma->vm_start;
1256 length = 1 << (PAGE_SHIFT + rsv_schp->page_order);
1257 for (k = 0; k < rsv_schp->k_use_sg && sa < vma->vm_end; k++) {
1258 len = vma->vm_end - sa;
1259 len = (len < length) ? len : length;
1260 if (offset < len) {
1261 struct page *page = nth_page(rsv_schp->pages[k],
1262 offset >> PAGE_SHIFT);
1263 get_page(page); /* increment page count */
1264 vmf->page = page;
1265 return 0; /* success */
1266 }
1267 sa += len;
1268 offset -= len;
1269 }
1270
1271 return VM_FAULT_SIGBUS;
1272}
1273
1274static const struct vm_operations_struct sg_mmap_vm_ops = {
1275 .fault = sg_vma_fault,
1276};
1277
1278static int
1279sg_mmap(struct file *filp, struct vm_area_struct *vma)
1280{
1281 Sg_fd *sfp;
1282 unsigned long req_sz, len, sa;
1283 Sg_scatter_hold *rsv_schp;
1284 int k, length;
1285 int ret = 0;
1286
1287 if ((!filp) || (!vma) || (!(sfp = (Sg_fd *) filp->private_data)))
1288 return -ENXIO;
1289 req_sz = vma->vm_end - vma->vm_start;
1290 SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sfp->parentdp,
1291 "sg_mmap starting, vm_start=%p, len=%d\n",
1292 (void *) vma->vm_start, (int) req_sz));
1293 if (vma->vm_pgoff)
1294 return -EINVAL; /* want no offset */
1295 rsv_schp = &sfp->reserve;
1296 mutex_lock(&sfp->f_mutex);
1297 if (req_sz > rsv_schp->bufflen) {
1298 ret = -ENOMEM; /* cannot map more than reserved buffer */
1299 goto out;
1300 }
1301
1302 sa = vma->vm_start;
1303 length = 1 << (PAGE_SHIFT + rsv_schp->page_order);
1304 for (k = 0; k < rsv_schp->k_use_sg && sa < vma->vm_end; k++) {
1305 len = vma->vm_end - sa;
1306 len = (len < length) ? len : length;
1307 sa += len;
1308 }
1309
1310 sfp->mmap_called = 1;
1311 vma->vm_flags |= VM_IO | VM_DONTEXPAND | VM_DONTDUMP;
1312 vma->vm_private_data = sfp;
1313 vma->vm_ops = &sg_mmap_vm_ops;
1314out:
1315 mutex_unlock(&sfp->f_mutex);
1316 return ret;
1317}
1318
1319static void
1320sg_rq_end_io_usercontext(struct work_struct *work)
1321{
1322 struct sg_request *srp = container_of(work, struct sg_request, ew.work);
1323 struct sg_fd *sfp = srp->parentfp;
1324
1325 sg_finish_rem_req(srp);
1326 sg_remove_request(sfp, srp);
1327 kref_put(&sfp->f_ref, sg_remove_sfp);
1328}
1329
1330/*
1331 * This function is a "bottom half" handler that is called by the mid
1332 * level when a command is completed (or has failed).
1333 */
1334static void
1335sg_rq_end_io(struct request *rq, blk_status_t status)
1336{
1337 struct sg_request *srp = rq->end_io_data;
1338 struct scsi_request *req = scsi_req(rq);
1339 Sg_device *sdp;
1340 Sg_fd *sfp;
1341 unsigned long iflags;
1342 unsigned int ms;
1343 char *sense;
1344 int result, resid, done = 1;
1345
1346 if (WARN_ON(srp->done != 0))
1347 return;
1348
1349 sfp = srp->parentfp;
1350 if (WARN_ON(sfp == NULL))
1351 return;
1352
1353 sdp = sfp->parentdp;
1354 if (unlikely(atomic_read(&sdp->detaching)))
1355 pr_info("%s: device detaching\n", __func__);
1356
1357 sense = req->sense;
1358 result = req->result;
1359 resid = req->resid_len;
1360
1361 SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sdp,
1362 "sg_cmd_done: pack_id=%d, res=0x%x\n",
1363 srp->header.pack_id, result));
1364 srp->header.resid = resid;
1365 ms = jiffies_to_msecs(jiffies);
1366 srp->header.duration = (ms > srp->header.duration) ?
1367 (ms - srp->header.duration) : 0;
1368 if (0 != result) {
1369 struct scsi_sense_hdr sshdr;
1370
1371 srp->header.status = 0xff & result;
1372 srp->header.masked_status = status_byte(result);
1373 srp->header.msg_status = msg_byte(result);
1374 srp->header.host_status = host_byte(result);
1375 srp->header.driver_status = driver_byte(result);
1376 if ((sdp->sgdebug > 0) &&
1377 ((CHECK_CONDITION == srp->header.masked_status) ||
1378 (COMMAND_TERMINATED == srp->header.masked_status)))
1379 __scsi_print_sense(sdp->device, __func__, sense,
1380 SCSI_SENSE_BUFFERSIZE);
1381
1382 /* Following if statement is a patch supplied by Eric Youngdale */
1383 if (driver_byte(result) != 0
1384 && scsi_normalize_sense(sense, SCSI_SENSE_BUFFERSIZE, &sshdr)
1385 && !scsi_sense_is_deferred(&sshdr)
1386 && sshdr.sense_key == UNIT_ATTENTION
1387 && sdp->device->removable) {
1388 /* Detected possible disc change. Set the bit - this */
1389 /* may be used if there are filesystems using this device */
1390 sdp->device->changed = 1;
1391 }
1392 }
1393
1394 if (req->sense_len)
1395 memcpy(srp->sense_b, req->sense, SCSI_SENSE_BUFFERSIZE);
1396
1397 /* Rely on write phase to clean out srp status values, so no "else" */
1398
1399 /*
1400 * Free the request as soon as it is complete so that its resources
1401 * can be reused without waiting for userspace to read() the
1402 * result. But keep the associated bio (if any) around until
1403 * blk_rq_unmap_user() can be called from user context.
1404 */
1405 srp->rq = NULL;
1406 scsi_req_free_cmd(scsi_req(rq));
1407 __blk_put_request(rq->q, rq);
1408
1409 write_lock_irqsave(&sfp->rq_list_lock, iflags);
1410 if (unlikely(srp->orphan)) {
1411 if (sfp->keep_orphan)
1412 srp->sg_io_owned = 0;
1413 else
1414 done = 0;
1415 }
1416 srp->done = done;
1417 write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
1418
1419 if (likely(done)) {
1420 /* Now wake up any sg_read() that is waiting for this
1421 * packet.
1422 */
1423 wake_up_interruptible(&sfp->read_wait);
1424 kill_fasync(&sfp->async_qp, SIGPOLL, POLL_IN);
1425 kref_put(&sfp->f_ref, sg_remove_sfp);
1426 } else {
1427 INIT_WORK(&srp->ew.work, sg_rq_end_io_usercontext);
1428 schedule_work(&srp->ew.work);
1429 }
1430}
1431
1432static const struct file_operations sg_fops = {
1433 .owner = THIS_MODULE,
1434 .read = sg_read,
1435 .write = sg_write,
1436 .poll = sg_poll,
1437 .unlocked_ioctl = sg_ioctl,
1438#ifdef CONFIG_COMPAT
1439 .compat_ioctl = sg_compat_ioctl,
1440#endif
1441 .open = sg_open,
1442 .mmap = sg_mmap,
1443 .release = sg_release,
1444 .fasync = sg_fasync,
1445 .llseek = no_llseek,
1446};
1447
1448static struct class *sg_sysfs_class;
1449
1450static int sg_sysfs_valid = 0;
1451
1452static Sg_device *
1453sg_alloc(struct gendisk *disk, struct scsi_device *scsidp)
1454{
1455 struct request_queue *q = scsidp->request_queue;
1456 Sg_device *sdp;
1457 unsigned long iflags;
1458 int error;
1459 u32 k;
1460
1461 sdp = kzalloc(sizeof(Sg_device), GFP_KERNEL);
1462 if (!sdp) {
1463 sdev_printk(KERN_WARNING, scsidp, "%s: kmalloc Sg_device "
1464 "failure\n", __func__);
1465 return ERR_PTR(-ENOMEM);
1466 }
1467
1468 idr_preload(GFP_KERNEL);
1469 write_lock_irqsave(&sg_index_lock, iflags);
1470
1471 error = idr_alloc(&sg_index_idr, sdp, 0, SG_MAX_DEVS, GFP_NOWAIT);
1472 if (error < 0) {
1473 if (error == -ENOSPC) {
1474 sdev_printk(KERN_WARNING, scsidp,
1475 "Unable to attach sg device type=%d, minor number exceeds %d\n",
1476 scsidp->type, SG_MAX_DEVS - 1);
1477 error = -ENODEV;
1478 } else {
1479 sdev_printk(KERN_WARNING, scsidp, "%s: idr "
1480 "allocation Sg_device failure: %d\n",
1481 __func__, error);
1482 }
1483 goto out_unlock;
1484 }
1485 k = error;
1486
1487 SCSI_LOG_TIMEOUT(3, sdev_printk(KERN_INFO, scsidp,
1488 "sg_alloc: dev=%d \n", k));
1489 sprintf(disk->disk_name, "sg%d", k);
1490 disk->first_minor = k;
1491 sdp->disk = disk;
1492 sdp->device = scsidp;
1493 mutex_init(&sdp->open_rel_lock);
1494 INIT_LIST_HEAD(&sdp->sfds);
1495 init_waitqueue_head(&sdp->open_wait);
1496 atomic_set(&sdp->detaching, 0);
1497 rwlock_init(&sdp->sfd_lock);
1498 sdp->sg_tablesize = queue_max_segments(q);
1499 sdp->index = k;
1500 kref_init(&sdp->d_ref);
1501 error = 0;
1502
1503out_unlock:
1504 write_unlock_irqrestore(&sg_index_lock, iflags);
1505 idr_preload_end();
1506
1507 if (error) {
1508 kfree(sdp);
1509 return ERR_PTR(error);
1510 }
1511 return sdp;
1512}
1513
1514static int
1515sg_add_device(struct device *cl_dev, struct class_interface *cl_intf)
1516{
1517 struct scsi_device *scsidp = to_scsi_device(cl_dev->parent);
1518 struct gendisk *disk;
1519 Sg_device *sdp = NULL;
1520 struct cdev * cdev = NULL;
1521 int error;
1522 unsigned long iflags;
1523
1524 disk = alloc_disk(1);
1525 if (!disk) {
1526 pr_warn("%s: alloc_disk failed\n", __func__);
1527 return -ENOMEM;
1528 }
1529 disk->major = SCSI_GENERIC_MAJOR;
1530
1531 error = -ENOMEM;
1532 cdev = cdev_alloc();
1533 if (!cdev) {
1534 pr_warn("%s: cdev_alloc failed\n", __func__);
1535 goto out;
1536 }
1537 cdev->owner = THIS_MODULE;
1538 cdev->ops = &sg_fops;
1539
1540 sdp = sg_alloc(disk, scsidp);
1541 if (IS_ERR(sdp)) {
1542 pr_warn("%s: sg_alloc failed\n", __func__);
1543 error = PTR_ERR(sdp);
1544 goto out;
1545 }
1546
1547 error = cdev_add(cdev, MKDEV(SCSI_GENERIC_MAJOR, sdp->index), 1);
1548 if (error)
1549 goto cdev_add_err;
1550
1551 sdp->cdev = cdev;
1552 if (sg_sysfs_valid) {
1553 struct device *sg_class_member;
1554
1555 sg_class_member = device_create(sg_sysfs_class, cl_dev->parent,
1556 MKDEV(SCSI_GENERIC_MAJOR,
1557 sdp->index),
1558 sdp, "%s", disk->disk_name);
1559 if (IS_ERR(sg_class_member)) {
1560 pr_err("%s: device_create failed\n", __func__);
1561 error = PTR_ERR(sg_class_member);
1562 goto cdev_add_err;
1563 }
1564 error = sysfs_create_link(&scsidp->sdev_gendev.kobj,
1565 &sg_class_member->kobj, "generic");
1566 if (error)
1567 pr_err("%s: unable to make symlink 'generic' back "
1568 "to sg%d\n", __func__, sdp->index);
1569 } else
1570 pr_warn("%s: sg_sys Invalid\n", __func__);
1571
1572 sdev_printk(KERN_NOTICE, scsidp, "Attached scsi generic sg%d "
1573 "type %d\n", sdp->index, scsidp->type);
1574
1575 dev_set_drvdata(cl_dev, sdp);
1576
1577 return 0;
1578
1579cdev_add_err:
1580 write_lock_irqsave(&sg_index_lock, iflags);
1581 idr_remove(&sg_index_idr, sdp->index);
1582 write_unlock_irqrestore(&sg_index_lock, iflags);
1583 kfree(sdp);
1584
1585out:
1586 put_disk(disk);
1587 if (cdev)
1588 cdev_del(cdev);
1589 return error;
1590}
1591
1592static void
1593sg_device_destroy(struct kref *kref)
1594{
1595 struct sg_device *sdp = container_of(kref, struct sg_device, d_ref);
1596 unsigned long flags;
1597
1598 /* CAUTION! Note that the device can still be found via idr_find()
1599 * even though the refcount is 0. Therefore, do idr_remove() BEFORE
1600 * any other cleanup.
1601 */
1602
1603 write_lock_irqsave(&sg_index_lock, flags);
1604 idr_remove(&sg_index_idr, sdp->index);
1605 write_unlock_irqrestore(&sg_index_lock, flags);
1606
1607 SCSI_LOG_TIMEOUT(3,
1608 sg_printk(KERN_INFO, sdp, "sg_device_destroy\n"));
1609
1610 put_disk(sdp->disk);
1611 kfree(sdp);
1612}
1613
1614static void
1615sg_remove_device(struct device *cl_dev, struct class_interface *cl_intf)
1616{
1617 struct scsi_device *scsidp = to_scsi_device(cl_dev->parent);
1618 Sg_device *sdp = dev_get_drvdata(cl_dev);
1619 unsigned long iflags;
1620 Sg_fd *sfp;
1621 int val;
1622
1623 if (!sdp)
1624 return;
1625 /* want sdp->detaching non-zero as soon as possible */
1626 val = atomic_inc_return(&sdp->detaching);
1627 if (val > 1)
1628 return; /* only want to do following once per device */
1629
1630 SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp,
1631 "%s\n", __func__));
1632
1633 read_lock_irqsave(&sdp->sfd_lock, iflags);
1634 list_for_each_entry(sfp, &sdp->sfds, sfd_siblings) {
1635 wake_up_interruptible_all(&sfp->read_wait);
1636 kill_fasync(&sfp->async_qp, SIGPOLL, POLL_HUP);
1637 }
1638 wake_up_interruptible_all(&sdp->open_wait);
1639 read_unlock_irqrestore(&sdp->sfd_lock, iflags);
1640
1641 sysfs_remove_link(&scsidp->sdev_gendev.kobj, "generic");
1642 device_destroy(sg_sysfs_class, MKDEV(SCSI_GENERIC_MAJOR, sdp->index));
1643 cdev_del(sdp->cdev);
1644 sdp->cdev = NULL;
1645
1646 kref_put(&sdp->d_ref, sg_device_destroy);
1647}
1648
1649module_param_named(scatter_elem_sz, scatter_elem_sz, int, S_IRUGO | S_IWUSR);
1650module_param_named(def_reserved_size, def_reserved_size, int,
1651 S_IRUGO | S_IWUSR);
1652module_param_named(allow_dio, sg_allow_dio, int, S_IRUGO | S_IWUSR);
1653
1654MODULE_AUTHOR("Douglas Gilbert");
1655MODULE_DESCRIPTION("SCSI generic (sg) driver");
1656MODULE_LICENSE("GPL");
1657MODULE_VERSION(SG_VERSION_STR);
1658MODULE_ALIAS_CHARDEV_MAJOR(SCSI_GENERIC_MAJOR);
1659
1660MODULE_PARM_DESC(scatter_elem_sz, "scatter gather element "
1661 "size (default: max(SG_SCATTER_SZ, PAGE_SIZE))");
1662MODULE_PARM_DESC(def_reserved_size, "size of buffer reserved for each fd");
1663MODULE_PARM_DESC(allow_dio, "allow direct I/O (default: 0 (disallow))");
1664
1665static int __init
1666init_sg(void)
1667{
1668 int rc;
1669
1670 if (scatter_elem_sz < PAGE_SIZE) {
1671 scatter_elem_sz = PAGE_SIZE;
1672 scatter_elem_sz_prev = scatter_elem_sz;
1673 }
1674 if (def_reserved_size >= 0)
1675 sg_big_buff = def_reserved_size;
1676 else
1677 def_reserved_size = sg_big_buff;
1678
1679 rc = register_chrdev_region(MKDEV(SCSI_GENERIC_MAJOR, 0),
1680 SG_MAX_DEVS, "sg");
1681 if (rc)
1682 return rc;
1683 sg_sysfs_class = class_create(THIS_MODULE, "scsi_generic");
1684 if ( IS_ERR(sg_sysfs_class) ) {
1685 rc = PTR_ERR(sg_sysfs_class);
1686 goto err_out;
1687 }
1688 sg_sysfs_valid = 1;
1689 rc = scsi_register_interface(&sg_interface);
1690 if (0 == rc) {
1691#ifdef CONFIG_SCSI_PROC_FS
1692 sg_proc_init();
1693#endif /* CONFIG_SCSI_PROC_FS */
1694 return 0;
1695 }
1696 class_destroy(sg_sysfs_class);
1697err_out:
1698 unregister_chrdev_region(MKDEV(SCSI_GENERIC_MAJOR, 0), SG_MAX_DEVS);
1699 return rc;
1700}
1701
1702static void __exit
1703exit_sg(void)
1704{
1705#ifdef CONFIG_SCSI_PROC_FS
1706 sg_proc_cleanup();
1707#endif /* CONFIG_SCSI_PROC_FS */
1708 scsi_unregister_interface(&sg_interface);
1709 class_destroy(sg_sysfs_class);
1710 sg_sysfs_valid = 0;
1711 unregister_chrdev_region(MKDEV(SCSI_GENERIC_MAJOR, 0),
1712 SG_MAX_DEVS);
1713 idr_destroy(&sg_index_idr);
1714}
1715
1716static int
1717sg_start_req(Sg_request *srp, unsigned char *cmd)
1718{
1719 int res;
1720 struct request *rq;
1721 struct scsi_request *req;
1722 Sg_fd *sfp = srp->parentfp;
1723 sg_io_hdr_t *hp = &srp->header;
1724 int dxfer_len = (int) hp->dxfer_len;
1725 int dxfer_dir = hp->dxfer_direction;
1726 unsigned int iov_count = hp->iovec_count;
1727 Sg_scatter_hold *req_schp = &srp->data;
1728 Sg_scatter_hold *rsv_schp = &sfp->reserve;
1729 struct request_queue *q = sfp->parentdp->device->request_queue;
1730 struct rq_map_data *md, map_data;
1731 int rw = hp->dxfer_direction == SG_DXFER_TO_DEV ? WRITE : READ;
1732 unsigned char *long_cmdp = NULL;
1733
1734 SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp,
1735 "sg_start_req: dxfer_len=%d\n",
1736 dxfer_len));
1737
1738 if (hp->cmd_len > BLK_MAX_CDB) {
1739 long_cmdp = kzalloc(hp->cmd_len, GFP_KERNEL);
1740 if (!long_cmdp)
1741 return -ENOMEM;
1742 }
1743
1744 /*
1745 * NOTE
1746 *
1747 * With scsi-mq enabled, there are a fixed number of preallocated
1748 * requests equal in number to shost->can_queue. If all of the
1749 * preallocated requests are already in use, then using GFP_ATOMIC with
1750 * blk_get_request() will return -EWOULDBLOCK, whereas using GFP_KERNEL
1751 * will cause blk_get_request() to sleep until an active command
1752 * completes, freeing up a request. Neither option is ideal, but
1753 * GFP_KERNEL is the better choice to prevent userspace from getting an
1754 * unexpected EWOULDBLOCK.
1755 *
1756 * With scsi-mq disabled, blk_get_request() with GFP_KERNEL usually
1757 * does not sleep except under memory pressure.
1758 */
1759 rq = blk_get_request(q, hp->dxfer_direction == SG_DXFER_TO_DEV ?
1760 REQ_OP_SCSI_OUT : REQ_OP_SCSI_IN, GFP_KERNEL);
1761 if (IS_ERR(rq)) {
1762 kfree(long_cmdp);
1763 return PTR_ERR(rq);
1764 }
1765 req = scsi_req(rq);
1766
1767 if (hp->cmd_len > BLK_MAX_CDB)
1768 req->cmd = long_cmdp;
1769 memcpy(req->cmd, cmd, hp->cmd_len);
1770 req->cmd_len = hp->cmd_len;
1771
1772 srp->rq = rq;
1773 rq->end_io_data = srp;
1774 req->retries = SG_DEFAULT_RETRIES;
1775
1776 if ((dxfer_len <= 0) || (dxfer_dir == SG_DXFER_NONE))
1777 return 0;
1778
1779 if (sg_allow_dio && hp->flags & SG_FLAG_DIRECT_IO &&
1780 dxfer_dir != SG_DXFER_UNKNOWN && !iov_count &&
1781 !sfp->parentdp->device->host->unchecked_isa_dma &&
1782 blk_rq_aligned(q, (unsigned long)hp->dxferp, dxfer_len))
1783 md = NULL;
1784 else
1785 md = &map_data;
1786
1787 if (md) {
1788 mutex_lock(&sfp->f_mutex);
1789 if (dxfer_len <= rsv_schp->bufflen &&
1790 !sfp->res_in_use) {
1791 sfp->res_in_use = 1;
1792 sg_link_reserve(sfp, srp, dxfer_len);
1793 } else if (hp->flags & SG_FLAG_MMAP_IO) {
1794 res = -EBUSY; /* sfp->res_in_use == 1 */
1795 if (dxfer_len > rsv_schp->bufflen)
1796 res = -ENOMEM;
1797 mutex_unlock(&sfp->f_mutex);
1798 return res;
1799 } else {
1800 res = sg_build_indirect(req_schp, sfp, dxfer_len);
1801 if (res) {
1802 mutex_unlock(&sfp->f_mutex);
1803 return res;
1804 }
1805 }
1806 mutex_unlock(&sfp->f_mutex);
1807
1808 md->pages = req_schp->pages;
1809 md->page_order = req_schp->page_order;
1810 md->nr_entries = req_schp->k_use_sg;
1811 md->offset = 0;
1812 md->null_mapped = hp->dxferp ? 0 : 1;
1813 if (dxfer_dir == SG_DXFER_TO_FROM_DEV)
1814 md->from_user = 1;
1815 else
1816 md->from_user = 0;
1817 }
1818
1819 if (iov_count) {
1820 struct iovec *iov = NULL;
1821 struct iov_iter i;
1822
1823 res = import_iovec(rw, hp->dxferp, iov_count, 0, &iov, &i);
1824 if (res < 0)
1825 return res;
1826
1827 iov_iter_truncate(&i, hp->dxfer_len);
1828 if (!iov_iter_count(&i)) {
1829 kfree(iov);
1830 return -EINVAL;
1831 }
1832
1833 res = blk_rq_map_user_iov(q, rq, md, &i, GFP_ATOMIC);
1834 kfree(iov);
1835 } else
1836 res = blk_rq_map_user(q, rq, md, hp->dxferp,
1837 hp->dxfer_len, GFP_ATOMIC);
1838
1839 if (!res) {
1840 srp->bio = rq->bio;
1841
1842 if (!md) {
1843 req_schp->dio_in_use = 1;
1844 hp->info |= SG_INFO_DIRECT_IO;
1845 }
1846 }
1847 return res;
1848}
1849
1850static int
1851sg_finish_rem_req(Sg_request *srp)
1852{
1853 int ret = 0;
1854
1855 Sg_fd *sfp = srp->parentfp;
1856 Sg_scatter_hold *req_schp = &srp->data;
1857
1858 SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp,
1859 "sg_finish_rem_req: res_used=%d\n",
1860 (int) srp->res_used));
1861 if (srp->bio)
1862 ret = blk_rq_unmap_user(srp->bio);
1863
1864 if (srp->rq) {
1865 scsi_req_free_cmd(scsi_req(srp->rq));
1866 blk_put_request(srp->rq);
1867 }
1868
1869 if (srp->res_used)
1870 sg_unlink_reserve(sfp, srp);
1871 else
1872 sg_remove_scat(sfp, req_schp);
1873
1874 return ret;
1875}
1876
1877static int
1878sg_build_sgat(Sg_scatter_hold * schp, const Sg_fd * sfp, int tablesize)
1879{
1880 int sg_bufflen = tablesize * sizeof(struct page *);
1881 gfp_t gfp_flags = GFP_ATOMIC | __GFP_NOWARN;
1882
1883 schp->pages = kzalloc(sg_bufflen, gfp_flags);
1884 if (!schp->pages)
1885 return -ENOMEM;
1886 schp->sglist_len = sg_bufflen;
1887 return tablesize; /* number of scat_gath elements allocated */
1888}
1889
1890static int
1891sg_build_indirect(Sg_scatter_hold * schp, Sg_fd * sfp, int buff_size)
1892{
1893 int ret_sz = 0, i, k, rem_sz, num, mx_sc_elems;
1894 int sg_tablesize = sfp->parentdp->sg_tablesize;
1895 int blk_size = buff_size, order;
1896 gfp_t gfp_mask = GFP_ATOMIC | __GFP_COMP | __GFP_NOWARN;
1897 struct sg_device *sdp = sfp->parentdp;
1898
1899 if (blk_size < 0)
1900 return -EFAULT;
1901 if (0 == blk_size)
1902 ++blk_size; /* don't know why */
1903 /* round request up to next highest SG_SECTOR_SZ byte boundary */
1904 blk_size = ALIGN(blk_size, SG_SECTOR_SZ);
1905 SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp,
1906 "sg_build_indirect: buff_size=%d, blk_size=%d\n",
1907 buff_size, blk_size));
1908
1909 /* N.B. ret_sz carried into this block ... */
1910 mx_sc_elems = sg_build_sgat(schp, sfp, sg_tablesize);
1911 if (mx_sc_elems < 0)
1912 return mx_sc_elems; /* most likely -ENOMEM */
1913
1914 num = scatter_elem_sz;
1915 if (unlikely(num != scatter_elem_sz_prev)) {
1916 if (num < PAGE_SIZE) {
1917 scatter_elem_sz = PAGE_SIZE;
1918 scatter_elem_sz_prev = PAGE_SIZE;
1919 } else
1920 scatter_elem_sz_prev = num;
1921 }
1922
1923 if (sdp->device->host->unchecked_isa_dma)
1924 gfp_mask |= GFP_DMA;
1925
1926 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
1927 gfp_mask |= __GFP_ZERO;
1928
1929 order = get_order(num);
1930retry:
1931 ret_sz = 1 << (PAGE_SHIFT + order);
1932
1933 for (k = 0, rem_sz = blk_size; rem_sz > 0 && k < mx_sc_elems;
1934 k++, rem_sz -= ret_sz) {
1935
1936 num = (rem_sz > scatter_elem_sz_prev) ?
1937 scatter_elem_sz_prev : rem_sz;
1938
1939 schp->pages[k] = alloc_pages(gfp_mask | __GFP_ZERO, order);
1940 if (!schp->pages[k])
1941 goto out;
1942
1943 if (num == scatter_elem_sz_prev) {
1944 if (unlikely(ret_sz > scatter_elem_sz_prev)) {
1945 scatter_elem_sz = ret_sz;
1946 scatter_elem_sz_prev = ret_sz;
1947 }
1948 }
1949
1950 SCSI_LOG_TIMEOUT(5, sg_printk(KERN_INFO, sfp->parentdp,
1951 "sg_build_indirect: k=%d, num=%d, ret_sz=%d\n",
1952 k, num, ret_sz));
1953 } /* end of for loop */
1954
1955 schp->page_order = order;
1956 schp->k_use_sg = k;
1957 SCSI_LOG_TIMEOUT(5, sg_printk(KERN_INFO, sfp->parentdp,
1958 "sg_build_indirect: k_use_sg=%d, rem_sz=%d\n",
1959 k, rem_sz));
1960
1961 schp->bufflen = blk_size;
1962 if (rem_sz > 0) /* must have failed */
1963 return -ENOMEM;
1964 return 0;
1965out:
1966 for (i = 0; i < k; i++)
1967 __free_pages(schp->pages[i], order);
1968
1969 if (--order >= 0)
1970 goto retry;
1971
1972 return -ENOMEM;
1973}
1974
1975static void
1976sg_remove_scat(Sg_fd * sfp, Sg_scatter_hold * schp)
1977{
1978 SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp,
1979 "sg_remove_scat: k_use_sg=%d\n", schp->k_use_sg));
1980 if (schp->pages && schp->sglist_len > 0) {
1981 if (!schp->dio_in_use) {
1982 int k;
1983
1984 for (k = 0; k < schp->k_use_sg && schp->pages[k]; k++) {
1985 SCSI_LOG_TIMEOUT(5,
1986 sg_printk(KERN_INFO, sfp->parentdp,
1987 "sg_remove_scat: k=%d, pg=0x%p\n",
1988 k, schp->pages[k]));
1989 __free_pages(schp->pages[k], schp->page_order);
1990 }
1991
1992 kfree(schp->pages);
1993 }
1994 }
1995 memset(schp, 0, sizeof (*schp));
1996}
1997
1998static int
1999sg_read_oxfer(Sg_request * srp, char __user *outp, int num_read_xfer)
2000{
2001 Sg_scatter_hold *schp = &srp->data;
2002 int k, num;
2003
2004 SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, srp->parentfp->parentdp,
2005 "sg_read_oxfer: num_read_xfer=%d\n",
2006 num_read_xfer));
2007 if ((!outp) || (num_read_xfer <= 0))
2008 return 0;
2009
2010 num = 1 << (PAGE_SHIFT + schp->page_order);
2011 for (k = 0; k < schp->k_use_sg && schp->pages[k]; k++) {
2012 if (num > num_read_xfer) {
2013 if (__copy_to_user(outp, page_address(schp->pages[k]),
2014 num_read_xfer))
2015 return -EFAULT;
2016 break;
2017 } else {
2018 if (__copy_to_user(outp, page_address(schp->pages[k]),
2019 num))
2020 return -EFAULT;
2021 num_read_xfer -= num;
2022 if (num_read_xfer <= 0)
2023 break;
2024 outp += num;
2025 }
2026 }
2027
2028 return 0;
2029}
2030
2031static void
2032sg_build_reserve(Sg_fd * sfp, int req_size)
2033{
2034 Sg_scatter_hold *schp = &sfp->reserve;
2035
2036 SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp,
2037 "sg_build_reserve: req_size=%d\n", req_size));
2038 do {
2039 if (req_size < PAGE_SIZE)
2040 req_size = PAGE_SIZE;
2041 if (0 == sg_build_indirect(schp, sfp, req_size))
2042 return;
2043 else
2044 sg_remove_scat(sfp, schp);
2045 req_size >>= 1; /* divide by 2 */
2046 } while (req_size > (PAGE_SIZE / 2));
2047}
2048
2049static void
2050sg_link_reserve(Sg_fd * sfp, Sg_request * srp, int size)
2051{
2052 Sg_scatter_hold *req_schp = &srp->data;
2053 Sg_scatter_hold *rsv_schp = &sfp->reserve;
2054 int k, num, rem;
2055
2056 srp->res_used = 1;
2057 SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp,
2058 "sg_link_reserve: size=%d\n", size));
2059 rem = size;
2060
2061 num = 1 << (PAGE_SHIFT + rsv_schp->page_order);
2062 for (k = 0; k < rsv_schp->k_use_sg; k++) {
2063 if (rem <= num) {
2064 req_schp->k_use_sg = k + 1;
2065 req_schp->sglist_len = rsv_schp->sglist_len;
2066 req_schp->pages = rsv_schp->pages;
2067
2068 req_schp->bufflen = size;
2069 req_schp->page_order = rsv_schp->page_order;
2070 break;
2071 } else
2072 rem -= num;
2073 }
2074
2075 if (k >= rsv_schp->k_use_sg)
2076 SCSI_LOG_TIMEOUT(1, sg_printk(KERN_INFO, sfp->parentdp,
2077 "sg_link_reserve: BAD size\n"));
2078}
2079
2080static void
2081sg_unlink_reserve(Sg_fd * sfp, Sg_request * srp)
2082{
2083 Sg_scatter_hold *req_schp = &srp->data;
2084
2085 SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, srp->parentfp->parentdp,
2086 "sg_unlink_reserve: req->k_use_sg=%d\n",
2087 (int) req_schp->k_use_sg));
2088 req_schp->k_use_sg = 0;
2089 req_schp->bufflen = 0;
2090 req_schp->pages = NULL;
2091 req_schp->page_order = 0;
2092 req_schp->sglist_len = 0;
2093 srp->res_used = 0;
2094 /* Called without mutex lock to avoid deadlock */
2095 sfp->res_in_use = 0;
2096}
2097
2098static Sg_request *
2099sg_get_rq_mark(Sg_fd * sfp, int pack_id)
2100{
2101 Sg_request *resp;
2102 unsigned long iflags;
2103
2104 write_lock_irqsave(&sfp->rq_list_lock, iflags);
2105 list_for_each_entry(resp, &sfp->rq_list, entry) {
2106 /* look for requests that are ready + not SG_IO owned */
2107 if ((1 == resp->done) && (!resp->sg_io_owned) &&
2108 ((-1 == pack_id) || (resp->header.pack_id == pack_id))) {
2109 resp->done = 2; /* guard against other readers */
2110 write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2111 return resp;
2112 }
2113 }
2114 write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2115 return NULL;
2116}
2117
2118/* always adds to end of list */
2119static Sg_request *
2120sg_add_request(Sg_fd * sfp)
2121{
2122 int k;
2123 unsigned long iflags;
2124 Sg_request *rp = sfp->req_arr;
2125
2126 write_lock_irqsave(&sfp->rq_list_lock, iflags);
2127 if (!list_empty(&sfp->rq_list)) {
2128 if (!sfp->cmd_q)
2129 goto out_unlock;
2130
2131 for (k = 0; k < SG_MAX_QUEUE; ++k, ++rp) {
2132 if (!rp->parentfp)
2133 break;
2134 }
2135 if (k >= SG_MAX_QUEUE)
2136 goto out_unlock;
2137 }
2138 memset(rp, 0, sizeof (Sg_request));
2139 rp->parentfp = sfp;
2140 rp->header.duration = jiffies_to_msecs(jiffies);
2141 list_add_tail(&rp->entry, &sfp->rq_list);
2142 write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2143 return rp;
2144out_unlock:
2145 write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2146 return NULL;
2147}
2148
2149/* Return of 1 for found; 0 for not found */
2150static int
2151sg_remove_request(Sg_fd * sfp, Sg_request * srp)
2152{
2153 unsigned long iflags;
2154 int res = 0;
2155
2156 if (!sfp || !srp || list_empty(&sfp->rq_list))
2157 return res;
2158 write_lock_irqsave(&sfp->rq_list_lock, iflags);
2159 if (!list_empty(&srp->entry)) {
2160 list_del(&srp->entry);
2161 srp->parentfp = NULL;
2162 res = 1;
2163 }
2164 write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2165 return res;
2166}
2167
2168static Sg_fd *
2169sg_add_sfp(Sg_device * sdp)
2170{
2171 Sg_fd *sfp;
2172 unsigned long iflags;
2173 int bufflen;
2174
2175 sfp = kzalloc(sizeof(*sfp), GFP_ATOMIC | __GFP_NOWARN);
2176 if (!sfp)
2177 return ERR_PTR(-ENOMEM);
2178
2179 init_waitqueue_head(&sfp->read_wait);
2180 rwlock_init(&sfp->rq_list_lock);
2181 INIT_LIST_HEAD(&sfp->rq_list);
2182 kref_init(&sfp->f_ref);
2183 mutex_init(&sfp->f_mutex);
2184 sfp->timeout = SG_DEFAULT_TIMEOUT;
2185 sfp->timeout_user = SG_DEFAULT_TIMEOUT_USER;
2186 sfp->force_packid = SG_DEF_FORCE_PACK_ID;
2187 sfp->cmd_q = SG_DEF_COMMAND_Q;
2188 sfp->keep_orphan = SG_DEF_KEEP_ORPHAN;
2189 sfp->parentdp = sdp;
2190 write_lock_irqsave(&sdp->sfd_lock, iflags);
2191 if (atomic_read(&sdp->detaching)) {
2192 write_unlock_irqrestore(&sdp->sfd_lock, iflags);
2193 kfree(sfp);
2194 return ERR_PTR(-ENODEV);
2195 }
2196 list_add_tail(&sfp->sfd_siblings, &sdp->sfds);
2197 write_unlock_irqrestore(&sdp->sfd_lock, iflags);
2198 SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp,
2199 "sg_add_sfp: sfp=0x%p\n", sfp));
2200 if (unlikely(sg_big_buff != def_reserved_size))
2201 sg_big_buff = def_reserved_size;
2202
2203 bufflen = min_t(int, sg_big_buff,
2204 max_sectors_bytes(sdp->device->request_queue));
2205 sg_build_reserve(sfp, bufflen);
2206 SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp,
2207 "sg_add_sfp: bufflen=%d, k_use_sg=%d\n",
2208 sfp->reserve.bufflen,
2209 sfp->reserve.k_use_sg));
2210
2211 kref_get(&sdp->d_ref);
2212 __module_get(THIS_MODULE);
2213 return sfp;
2214}
2215
2216static void
2217sg_remove_sfp_usercontext(struct work_struct *work)
2218{
2219 struct sg_fd *sfp = container_of(work, struct sg_fd, ew.work);
2220 struct sg_device *sdp = sfp->parentdp;
2221 Sg_request *srp;
2222 unsigned long iflags;
2223
2224 /* Cleanup any responses which were never read(). */
2225 write_lock_irqsave(&sfp->rq_list_lock, iflags);
2226 while (!list_empty(&sfp->rq_list)) {
2227 srp = list_first_entry(&sfp->rq_list, Sg_request, entry);
2228 sg_finish_rem_req(srp);
2229 list_del(&srp->entry);
2230 srp->parentfp = NULL;
2231 }
2232 write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2233
2234 if (sfp->reserve.bufflen > 0) {
2235 SCSI_LOG_TIMEOUT(6, sg_printk(KERN_INFO, sdp,
2236 "sg_remove_sfp: bufflen=%d, k_use_sg=%d\n",
2237 (int) sfp->reserve.bufflen,
2238 (int) sfp->reserve.k_use_sg));
2239 sg_remove_scat(sfp, &sfp->reserve);
2240 }
2241
2242 SCSI_LOG_TIMEOUT(6, sg_printk(KERN_INFO, sdp,
2243 "sg_remove_sfp: sfp=0x%p\n", sfp));
2244 kfree(sfp);
2245
2246 scsi_device_put(sdp->device);
2247 kref_put(&sdp->d_ref, sg_device_destroy);
2248 module_put(THIS_MODULE);
2249}
2250
2251static void
2252sg_remove_sfp(struct kref *kref)
2253{
2254 struct sg_fd *sfp = container_of(kref, struct sg_fd, f_ref);
2255 struct sg_device *sdp = sfp->parentdp;
2256 unsigned long iflags;
2257
2258 write_lock_irqsave(&sdp->sfd_lock, iflags);
2259 list_del(&sfp->sfd_siblings);
2260 write_unlock_irqrestore(&sdp->sfd_lock, iflags);
2261
2262 INIT_WORK(&sfp->ew.work, sg_remove_sfp_usercontext);
2263 schedule_work(&sfp->ew.work);
2264}
2265
2266#ifdef CONFIG_SCSI_PROC_FS
2267static int
2268sg_idr_max_id(int id, void *p, void *data)
2269{
2270 int *k = data;
2271
2272 if (*k < id)
2273 *k = id;
2274
2275 return 0;
2276}
2277
2278static int
2279sg_last_dev(void)
2280{
2281 int k = -1;
2282 unsigned long iflags;
2283
2284 read_lock_irqsave(&sg_index_lock, iflags);
2285 idr_for_each(&sg_index_idr, sg_idr_max_id, &k);
2286 read_unlock_irqrestore(&sg_index_lock, iflags);
2287 return k + 1; /* origin 1 */
2288}
2289#endif
2290
2291/* must be called with sg_index_lock held */
2292static Sg_device *sg_lookup_dev(int dev)
2293{
2294 return idr_find(&sg_index_idr, dev);
2295}
2296
2297static Sg_device *
2298sg_get_dev(int dev)
2299{
2300 struct sg_device *sdp;
2301 unsigned long flags;
2302
2303 read_lock_irqsave(&sg_index_lock, flags);
2304 sdp = sg_lookup_dev(dev);
2305 if (!sdp)
2306 sdp = ERR_PTR(-ENXIO);
2307 else if (atomic_read(&sdp->detaching)) {
2308 /* If sdp->detaching, then the refcount may already be 0, in
2309 * which case it would be a bug to do kref_get().
2310 */
2311 sdp = ERR_PTR(-ENODEV);
2312 } else
2313 kref_get(&sdp->d_ref);
2314 read_unlock_irqrestore(&sg_index_lock, flags);
2315
2316 return sdp;
2317}
2318
2319#ifdef CONFIG_SCSI_PROC_FS
2320
2321static struct proc_dir_entry *sg_proc_sgp = NULL;
2322
2323static char sg_proc_sg_dirname[] = "scsi/sg";
2324
2325static int sg_proc_seq_show_int(struct seq_file *s, void *v);
2326
2327static int sg_proc_single_open_adio(struct inode *inode, struct file *file);
2328static ssize_t sg_proc_write_adio(struct file *filp, const char __user *buffer,
2329 size_t count, loff_t *off);
2330static const struct file_operations adio_fops = {
2331 .owner = THIS_MODULE,
2332 .open = sg_proc_single_open_adio,
2333 .read = seq_read,
2334 .llseek = seq_lseek,
2335 .write = sg_proc_write_adio,
2336 .release = single_release,
2337};
2338
2339static int sg_proc_single_open_dressz(struct inode *inode, struct file *file);
2340static ssize_t sg_proc_write_dressz(struct file *filp,
2341 const char __user *buffer, size_t count, loff_t *off);
2342static const struct file_operations dressz_fops = {
2343 .owner = THIS_MODULE,
2344 .open = sg_proc_single_open_dressz,
2345 .read = seq_read,
2346 .llseek = seq_lseek,
2347 .write = sg_proc_write_dressz,
2348 .release = single_release,
2349};
2350
2351static int sg_proc_seq_show_version(struct seq_file *s, void *v);
2352static int sg_proc_single_open_version(struct inode *inode, struct file *file);
2353static const struct file_operations version_fops = {
2354 .owner = THIS_MODULE,
2355 .open = sg_proc_single_open_version,
2356 .read = seq_read,
2357 .llseek = seq_lseek,
2358 .release = single_release,
2359};
2360
2361static int sg_proc_seq_show_devhdr(struct seq_file *s, void *v);
2362static int sg_proc_single_open_devhdr(struct inode *inode, struct file *file);
2363static const struct file_operations devhdr_fops = {
2364 .owner = THIS_MODULE,
2365 .open = sg_proc_single_open_devhdr,
2366 .read = seq_read,
2367 .llseek = seq_lseek,
2368 .release = single_release,
2369};
2370
2371static int sg_proc_seq_show_dev(struct seq_file *s, void *v);
2372static int sg_proc_open_dev(struct inode *inode, struct file *file);
2373static void * dev_seq_start(struct seq_file *s, loff_t *pos);
2374static void * dev_seq_next(struct seq_file *s, void *v, loff_t *pos);
2375static void dev_seq_stop(struct seq_file *s, void *v);
2376static const struct file_operations dev_fops = {
2377 .owner = THIS_MODULE,
2378 .open = sg_proc_open_dev,
2379 .read = seq_read,
2380 .llseek = seq_lseek,
2381 .release = seq_release,
2382};
2383static const struct seq_operations dev_seq_ops = {
2384 .start = dev_seq_start,
2385 .next = dev_seq_next,
2386 .stop = dev_seq_stop,
2387 .show = sg_proc_seq_show_dev,
2388};
2389
2390static int sg_proc_seq_show_devstrs(struct seq_file *s, void *v);
2391static int sg_proc_open_devstrs(struct inode *inode, struct file *file);
2392static const struct file_operations devstrs_fops = {
2393 .owner = THIS_MODULE,
2394 .open = sg_proc_open_devstrs,
2395 .read = seq_read,
2396 .llseek = seq_lseek,
2397 .release = seq_release,
2398};
2399static const struct seq_operations devstrs_seq_ops = {
2400 .start = dev_seq_start,
2401 .next = dev_seq_next,
2402 .stop = dev_seq_stop,
2403 .show = sg_proc_seq_show_devstrs,
2404};
2405
2406static int sg_proc_seq_show_debug(struct seq_file *s, void *v);
2407static int sg_proc_open_debug(struct inode *inode, struct file *file);
2408static const struct file_operations debug_fops = {
2409 .owner = THIS_MODULE,
2410 .open = sg_proc_open_debug,
2411 .read = seq_read,
2412 .llseek = seq_lseek,
2413 .release = seq_release,
2414};
2415static const struct seq_operations debug_seq_ops = {
2416 .start = dev_seq_start,
2417 .next = dev_seq_next,
2418 .stop = dev_seq_stop,
2419 .show = sg_proc_seq_show_debug,
2420};
2421
2422
2423struct sg_proc_leaf {
2424 const char * name;
2425 const struct file_operations * fops;
2426};
2427
2428static const struct sg_proc_leaf sg_proc_leaf_arr[] = {
2429 {"allow_dio", &adio_fops},
2430 {"debug", &debug_fops},
2431 {"def_reserved_size", &dressz_fops},
2432 {"device_hdr", &devhdr_fops},
2433 {"devices", &dev_fops},
2434 {"device_strs", &devstrs_fops},
2435 {"version", &version_fops}
2436};
2437
2438static int
2439sg_proc_init(void)
2440{
2441 int num_leaves = ARRAY_SIZE(sg_proc_leaf_arr);
2442 int k;
2443
2444 sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL);
2445 if (!sg_proc_sgp)
2446 return 1;
2447 for (k = 0; k < num_leaves; ++k) {
2448 const struct sg_proc_leaf *leaf = &sg_proc_leaf_arr[k];
2449 umode_t mask = leaf->fops->write ? S_IRUGO | S_IWUSR : S_IRUGO;
2450 proc_create(leaf->name, mask, sg_proc_sgp, leaf->fops);
2451 }
2452 return 0;
2453}
2454
2455static void
2456sg_proc_cleanup(void)
2457{
2458 int k;
2459 int num_leaves = ARRAY_SIZE(sg_proc_leaf_arr);
2460
2461 if (!sg_proc_sgp)
2462 return;
2463 for (k = 0; k < num_leaves; ++k)
2464 remove_proc_entry(sg_proc_leaf_arr[k].name, sg_proc_sgp);
2465 remove_proc_entry(sg_proc_sg_dirname, NULL);
2466}
2467
2468
2469static int sg_proc_seq_show_int(struct seq_file *s, void *v)
2470{
2471 seq_printf(s, "%d\n", *((int *)s->private));
2472 return 0;
2473}
2474
2475static int sg_proc_single_open_adio(struct inode *inode, struct file *file)
2476{
2477 return single_open(file, sg_proc_seq_show_int, &sg_allow_dio);
2478}
2479
2480static ssize_t
2481sg_proc_write_adio(struct file *filp, const char __user *buffer,
2482 size_t count, loff_t *off)
2483{
2484 int err;
2485 unsigned long num;
2486
2487 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
2488 return -EACCES;
2489 err = kstrtoul_from_user(buffer, count, 0, &num);
2490 if (err)
2491 return err;
2492 sg_allow_dio = num ? 1 : 0;
2493 return count;
2494}
2495
2496static int sg_proc_single_open_dressz(struct inode *inode, struct file *file)
2497{
2498 return single_open(file, sg_proc_seq_show_int, &sg_big_buff);
2499}
2500
2501static ssize_t
2502sg_proc_write_dressz(struct file *filp, const char __user *buffer,
2503 size_t count, loff_t *off)
2504{
2505 int err;
2506 unsigned long k = ULONG_MAX;
2507
2508 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
2509 return -EACCES;
2510
2511 err = kstrtoul_from_user(buffer, count, 0, &k);
2512 if (err)
2513 return err;
2514 if (k <= 1048576) { /* limit "big buff" to 1 MB */
2515 sg_big_buff = k;
2516 return count;
2517 }
2518 return -ERANGE;
2519}
2520
2521static int sg_proc_seq_show_version(struct seq_file *s, void *v)
2522{
2523 seq_printf(s, "%d\t%s [%s]\n", sg_version_num, SG_VERSION_STR,
2524 sg_version_date);
2525 return 0;
2526}
2527
2528static int sg_proc_single_open_version(struct inode *inode, struct file *file)
2529{
2530 return single_open(file, sg_proc_seq_show_version, NULL);
2531}
2532
2533static int sg_proc_seq_show_devhdr(struct seq_file *s, void *v)
2534{
2535 seq_puts(s, "host\tchan\tid\tlun\ttype\topens\tqdepth\tbusy\tonline\n");
2536 return 0;
2537}
2538
2539static int sg_proc_single_open_devhdr(struct inode *inode, struct file *file)
2540{
2541 return single_open(file, sg_proc_seq_show_devhdr, NULL);
2542}
2543
2544struct sg_proc_deviter {
2545 loff_t index;
2546 size_t max;
2547};
2548
2549static void * dev_seq_start(struct seq_file *s, loff_t *pos)
2550{
2551 struct sg_proc_deviter * it = kmalloc(sizeof(*it), GFP_KERNEL);
2552
2553 s->private = it;
2554 if (! it)
2555 return NULL;
2556
2557 it->index = *pos;
2558 it->max = sg_last_dev();
2559 if (it->index >= it->max)
2560 return NULL;
2561 return it;
2562}
2563
2564static void * dev_seq_next(struct seq_file *s, void *v, loff_t *pos)
2565{
2566 struct sg_proc_deviter * it = s->private;
2567
2568 *pos = ++it->index;
2569 return (it->index < it->max) ? it : NULL;
2570}
2571
2572static void dev_seq_stop(struct seq_file *s, void *v)
2573{
2574 kfree(s->private);
2575}
2576
2577static int sg_proc_open_dev(struct inode *inode, struct file *file)
2578{
2579 return seq_open(file, &dev_seq_ops);
2580}
2581
2582static int sg_proc_seq_show_dev(struct seq_file *s, void *v)
2583{
2584 struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
2585 Sg_device *sdp;
2586 struct scsi_device *scsidp;
2587 unsigned long iflags;
2588
2589 read_lock_irqsave(&sg_index_lock, iflags);
2590 sdp = it ? sg_lookup_dev(it->index) : NULL;
2591 if ((NULL == sdp) || (NULL == sdp->device) ||
2592 (atomic_read(&sdp->detaching)))
2593 seq_puts(s, "-1\t-1\t-1\t-1\t-1\t-1\t-1\t-1\t-1\n");
2594 else {
2595 scsidp = sdp->device;
2596 seq_printf(s, "%d\t%d\t%d\t%llu\t%d\t%d\t%d\t%d\t%d\n",
2597 scsidp->host->host_no, scsidp->channel,
2598 scsidp->id, scsidp->lun, (int) scsidp->type,
2599 1,
2600 (int) scsidp->queue_depth,
2601 (int) atomic_read(&scsidp->device_busy),
2602 (int) scsi_device_online(scsidp));
2603 }
2604 read_unlock_irqrestore(&sg_index_lock, iflags);
2605 return 0;
2606}
2607
2608static int sg_proc_open_devstrs(struct inode *inode, struct file *file)
2609{
2610 return seq_open(file, &devstrs_seq_ops);
2611}
2612
2613static int sg_proc_seq_show_devstrs(struct seq_file *s, void *v)
2614{
2615 struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
2616 Sg_device *sdp;
2617 struct scsi_device *scsidp;
2618 unsigned long iflags;
2619
2620 read_lock_irqsave(&sg_index_lock, iflags);
2621 sdp = it ? sg_lookup_dev(it->index) : NULL;
2622 scsidp = sdp ? sdp->device : NULL;
2623 if (sdp && scsidp && (!atomic_read(&sdp->detaching)))
2624 seq_printf(s, "%8.8s\t%16.16s\t%4.4s\n",
2625 scsidp->vendor, scsidp->model, scsidp->rev);
2626 else
2627 seq_puts(s, "<no active device>\n");
2628 read_unlock_irqrestore(&sg_index_lock, iflags);
2629 return 0;
2630}
2631
2632/* must be called while holding sg_index_lock */
2633static void sg_proc_debug_helper(struct seq_file *s, Sg_device * sdp)
2634{
2635 int k, new_interface, blen, usg;
2636 Sg_request *srp;
2637 Sg_fd *fp;
2638 const sg_io_hdr_t *hp;
2639 const char * cp;
2640 unsigned int ms;
2641
2642 k = 0;
2643 list_for_each_entry(fp, &sdp->sfds, sfd_siblings) {
2644 k++;
2645 read_lock(&fp->rq_list_lock); /* irqs already disabled */
2646 seq_printf(s, " FD(%d): timeout=%dms bufflen=%d "
2647 "(res)sgat=%d low_dma=%d\n", k,
2648 jiffies_to_msecs(fp->timeout),
2649 fp->reserve.bufflen,
2650 (int) fp->reserve.k_use_sg,
2651 (int) sdp->device->host->unchecked_isa_dma);
2652 seq_printf(s, " cmd_q=%d f_packid=%d k_orphan=%d closed=0\n",
2653 (int) fp->cmd_q, (int) fp->force_packid,
2654 (int) fp->keep_orphan);
2655 list_for_each_entry(srp, &fp->rq_list, entry) {
2656 hp = &srp->header;
2657 new_interface = (hp->interface_id == '\0') ? 0 : 1;
2658 if (srp->res_used) {
2659 if (new_interface &&
2660 (SG_FLAG_MMAP_IO & hp->flags))
2661 cp = " mmap>> ";
2662 else
2663 cp = " rb>> ";
2664 } else {
2665 if (SG_INFO_DIRECT_IO_MASK & hp->info)
2666 cp = " dio>> ";
2667 else
2668 cp = " ";
2669 }
2670 seq_puts(s, cp);
2671 blen = srp->data.bufflen;
2672 usg = srp->data.k_use_sg;
2673 seq_puts(s, srp->done ?
2674 ((1 == srp->done) ? "rcv:" : "fin:")
2675 : "act:");
2676 seq_printf(s, " id=%d blen=%d",
2677 srp->header.pack_id, blen);
2678 if (srp->done)
2679 seq_printf(s, " dur=%d", hp->duration);
2680 else {
2681 ms = jiffies_to_msecs(jiffies);
2682 seq_printf(s, " t_o/elap=%d/%d",
2683 (new_interface ? hp->timeout :
2684 jiffies_to_msecs(fp->timeout)),
2685 (ms > hp->duration ? ms - hp->duration : 0));
2686 }
2687 seq_printf(s, "ms sgat=%d op=0x%02x\n", usg,
2688 (int) srp->data.cmd_opcode);
2689 }
2690 if (list_empty(&fp->rq_list))
2691 seq_puts(s, " No requests active\n");
2692 read_unlock(&fp->rq_list_lock);
2693 }
2694}
2695
2696static int sg_proc_open_debug(struct inode *inode, struct file *file)
2697{
2698 return seq_open(file, &debug_seq_ops);
2699}
2700
2701static int sg_proc_seq_show_debug(struct seq_file *s, void *v)
2702{
2703 struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
2704 Sg_device *sdp;
2705 unsigned long iflags;
2706
2707 if (it && (0 == it->index))
2708 seq_printf(s, "max_active_device=%d def_reserved_size=%d\n",
2709 (int)it->max, sg_big_buff);
2710
2711 read_lock_irqsave(&sg_index_lock, iflags);
2712 sdp = it ? sg_lookup_dev(it->index) : NULL;
2713 if (NULL == sdp)
2714 goto skip;
2715 read_lock(&sdp->sfd_lock);
2716 if (!list_empty(&sdp->sfds)) {
2717 seq_printf(s, " >>> device=%s ", sdp->disk->disk_name);
2718 if (atomic_read(&sdp->detaching))
2719 seq_puts(s, "detaching pending close ");
2720 else if (sdp->device) {
2721 struct scsi_device *scsidp = sdp->device;
2722
2723 seq_printf(s, "%d:%d:%d:%llu em=%d",
2724 scsidp->host->host_no,
2725 scsidp->channel, scsidp->id,
2726 scsidp->lun,
2727 scsidp->host->hostt->emulated);
2728 }
2729 seq_printf(s, " sg_tablesize=%d excl=%d open_cnt=%d\n",
2730 sdp->sg_tablesize, sdp->exclude, sdp->open_cnt);
2731 sg_proc_debug_helper(s, sdp);
2732 }
2733 read_unlock(&sdp->sfd_lock);
2734skip:
2735 read_unlock_irqrestore(&sg_index_lock, iflags);
2736 return 0;
2737}
2738
2739#endif /* CONFIG_SCSI_PROC_FS */
2740
2741module_init(init_sg);
2742module_exit(exit_sg);