File: /usr/src/linux/drivers/scsi/scsi_ioctl.c
1 /*
2 * Changes:
3 * Arnaldo Carvalho de Melo <acme@conectiva.com.br> 08/23/2000
4 * - get rid of some verify_areas and use __copy*user and __get/put_user
5 * for the ones that remain
6 */
7 #define __NO_VERSION__
8 #include <linux/module.h>
9
10 #include <asm/io.h>
11 #include <asm/uaccess.h>
12 #include <asm/system.h>
13 #include <asm/page.h>
14
15 #include <linux/interrupt.h>
16 #include <linux/errno.h>
17 #include <linux/kernel.h>
18 #include <linux/sched.h>
19 #include <linux/mm.h>
20 #include <linux/string.h>
21
22 #include <linux/blk.h>
23 #include "scsi.h"
24 #include "hosts.h"
25 #include <scsi/scsi_ioctl.h>
26
27 #define NORMAL_RETRIES 5
28 #define IOCTL_NORMAL_TIMEOUT (10 * HZ)
29 #define FORMAT_UNIT_TIMEOUT (2 * 60 * 60 * HZ)
30 #define START_STOP_TIMEOUT (60 * HZ)
31 #define MOVE_MEDIUM_TIMEOUT (5 * 60 * HZ)
32 #define READ_ELEMENT_STATUS_TIMEOUT (5 * 60 * HZ)
33 #define READ_DEFECT_DATA_TIMEOUT (60 * HZ ) /* ZIP-250 on parallel port takes as long! */
34
35 #define MAX_BUF PAGE_SIZE
36
37 /*
38 * If we are told to probe a host, we will return 0 if the host is not
39 * present, 1 if the host is present, and will return an identifying
40 * string at *arg, if arg is non null, filling to the length stored at
41 * (int *) arg
42 */
43
44 static int ioctl_probe(struct Scsi_Host *host, void *buffer)
45 {
46 unsigned int len, slen;
47 const char *string;
48 int temp = host->hostt->present;
49
50 if (temp && buffer) {
51 if (get_user(len, (unsigned int *) buffer))
52 return -EFAULT;
53
54 if (host->hostt->info)
55 string = host->hostt->info(host);
56 else
57 string = host->hostt->name;
58 if (string) {
59 slen = strlen(string);
60 if (len > slen)
61 len = slen + 1;
62 if (copy_to_user(buffer, string, len))
63 return -EFAULT;
64 }
65 }
66 return temp;
67 }
68
69 /*
70
71 * The SCSI_IOCTL_SEND_COMMAND ioctl sends a command out to the SCSI host.
72 * The IOCTL_NORMAL_TIMEOUT and NORMAL_RETRIES variables are used.
73 *
74 * dev is the SCSI device struct ptr, *(int *) arg is the length of the
75 * input data, if any, not including the command string & counts,
76 * *((int *)arg + 1) is the output buffer size in bytes.
77 *
78 * *(char *) ((int *) arg)[2] the actual command byte.
79 *
80 * Note that if more than MAX_BUF bytes are requested to be transferred,
81 * the ioctl will fail with error EINVAL. MAX_BUF can be increased in
82 * the future by increasing the size that scsi_malloc will accept.
83 *
84 * This size *does not* include the initial lengths that were passed.
85 *
86 * The SCSI command is read from the memory location immediately after the
87 * length words, and the input data is right after the command. The SCSI
88 * routines know the command size based on the opcode decode.
89 *
90 * The output area is then filled in starting from the command byte.
91 */
92
93 static int ioctl_internal_command(Scsi_Device * dev, char *cmd,
94 int timeout, int retries)
95 {
96 int result;
97 Scsi_Request *SRpnt;
98 Scsi_Device *SDpnt;
99
100
101 SCSI_LOG_IOCTL(1, printk("Trying ioctl with scsi command %d\n", cmd[0]));
102 if (NULL == (SRpnt = scsi_allocate_request(dev))) {
103 printk("SCSI internal ioctl failed, no memory\n");
104 return -ENOMEM;
105 }
106
107 SRpnt->sr_data_direction = SCSI_DATA_NONE;
108 scsi_wait_req(SRpnt, cmd, NULL, 0, timeout, retries);
109
110 SCSI_LOG_IOCTL(2, printk("Ioctl returned 0x%x\n", SRpnt->sr_result));
111
112 if (driver_byte(SRpnt->sr_result) != 0)
113 switch (SRpnt->sr_sense_buffer[2] & 0xf) {
114 case ILLEGAL_REQUEST:
115 if (cmd[0] == ALLOW_MEDIUM_REMOVAL)
116 dev->lockable = 0;
117 else
118 printk("SCSI device (ioctl) reports ILLEGAL REQUEST.\n");
119 break;
120 case NOT_READY: /* This happens if there is no disc in drive */
121 if (dev->removable && (cmd[0] != TEST_UNIT_READY)) {
122 printk(KERN_INFO "Device not ready. Make sure there is a disc in the drive.\n");
123 break;
124 }
125 case UNIT_ATTENTION:
126 if (dev->removable) {
127 dev->changed = 1;
128 SRpnt->sr_result = 0; /* This is no longer considered an error */
129 /* gag this error, VFS will log it anyway /axboe */
130 /* printk(KERN_INFO "Disc change detected.\n"); */
131 break;
132 };
133 default: /* Fall through for non-removable media */
134 printk("SCSI error: host %d id %d lun %d return code = %x\n",
135 dev->host->host_no,
136 dev->id,
137 dev->lun,
138 SRpnt->sr_result);
139 printk("\tSense class %x, sense error %x, extended sense %x\n",
140 sense_class(SRpnt->sr_sense_buffer[0]),
141 sense_error(SRpnt->sr_sense_buffer[0]),
142 SRpnt->sr_sense_buffer[2] & 0xf);
143
144 };
145
146 result = SRpnt->sr_result;
147
148 SCSI_LOG_IOCTL(2, printk("IOCTL Releasing command\n"));
149 SDpnt = SRpnt->sr_device;
150 scsi_release_request(SRpnt);
151 SRpnt = NULL;
152
153 return result;
154 }
155
156 /*
157 * This interface is depreciated - users should use the scsi generic (sg)
158 * interface instead, as this is a more flexible approach to performing
159 * generic SCSI commands on a device.
160 *
161 * The structure that we are passed should look like:
162 *
163 * struct sdata {
164 * unsigned int inlen; [i] Length of data to be written to device
165 * unsigned int outlen; [i] Length of data to be read from device
166 * unsigned char cmd[x]; [i] SCSI command (6 <= x <= 12).
167 * [o] Data read from device starts here.
168 * [o] On error, sense buffer starts here.
169 * unsigned char wdata[y]; [i] Data written to device starts here.
170 * };
171 * Notes:
172 * - The SCSI command length is determined by examining the 1st byte
173 * of the given command. There is no way to override this.
174 * - Data transfers are limited to PAGE_SIZE (4K on i386, 8K on alpha).
175 * - The length (x + y) must be at least OMAX_SB_LEN bytes long to
176 * accomodate the sense buffer when an error occurs.
177 * The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that
178 * old code will not be surprised.
179 * - If a Unix error occurs (e.g. ENOMEM) then the user will receive
180 * a negative return and the Unix error code in 'errno'.
181 * If the SCSI command succeeds then 0 is returned.
182 * Positive numbers returned are the compacted SCSI error codes (4
183 * bytes in one int) where the lowest byte is the SCSI status.
184 * See the drivers/scsi/scsi.h file for more information on this.
185 *
186 */
187 #define OMAX_SB_LEN 16 /* Old sense buffer length */
188
189 int scsi_ioctl_send_command(Scsi_Device * dev, Scsi_Ioctl_Command * sic)
190 {
191 char *buf;
192 unsigned char cmd[MAX_COMMAND_SIZE];
193 char *cmd_in;
194 Scsi_Request *SRpnt;
195 Scsi_Device *SDpnt;
196 unsigned char opcode;
197 unsigned int inlen, outlen, cmdlen;
198 unsigned int needed, buf_needed;
199 int timeout, retries, result;
200 int data_direction;
201
202 if (!sic)
203 return -EINVAL;
204 /*
205 * Verify that we can read at least this much.
206 */
207 if (verify_area(VERIFY_READ, sic, sizeof(Scsi_Ioctl_Command)))
208 return -EFAULT;
209
210 if(__get_user(inlen, &sic->inlen))
211 return -EFAULT;
212
213 if(__get_user(outlen, &sic->outlen))
214 return -EFAULT;
215
216 /*
217 * We do not transfer more than MAX_BUF with this interface.
218 * If the user needs to transfer more data than this, they
219 * should use scsi_generics (sg) instead.
220 */
221 if (inlen > MAX_BUF)
222 return -EINVAL;
223 if (outlen > MAX_BUF)
224 return -EINVAL;
225
226 cmd_in = sic->data;
227 if(get_user(opcode, cmd_in))
228 return -EFAULT;
229
230 needed = buf_needed = (inlen > outlen ? inlen : outlen);
231 if (buf_needed) {
232 buf_needed = (buf_needed + 511) & ~511;
233 if (buf_needed > MAX_BUF)
234 buf_needed = MAX_BUF;
235 buf = (char *) scsi_malloc(buf_needed);
236 if (!buf)
237 return -ENOMEM;
238 memset(buf, 0, buf_needed);
239 if( inlen == 0 ) {
240 data_direction = SCSI_DATA_READ;
241 } else if (outlen == 0 ) {
242 data_direction = SCSI_DATA_WRITE;
243 } else {
244 /*
245 * Can this ever happen?
246 */
247 data_direction = SCSI_DATA_UNKNOWN;
248 }
249
250 } else {
251 buf = NULL;
252 data_direction = SCSI_DATA_NONE;
253 }
254
255 /*
256 * Obtain the command from the user's address space.
257 */
258 cmdlen = COMMAND_SIZE(opcode);
259
260 result = -EFAULT;
261
262 if (verify_area(VERIFY_READ, cmd_in, cmdlen + inlen))
263 goto error;
264
265 if(__copy_from_user(cmd, cmd_in, cmdlen))
266 goto error;
267
268 /*
269 * Obtain the data to be sent to the device (if any).
270 */
271
272 if(copy_from_user(buf, cmd_in + cmdlen, inlen))
273 goto error;
274
275 /*
276 * Set the lun field to the correct value.
277 */
278 if (dev->scsi_level <= SCSI_2)
279 cmd[1] = (cmd[1] & 0x1f) | (dev->lun << 5);
280
281 switch (opcode) {
282 case FORMAT_UNIT:
283 timeout = FORMAT_UNIT_TIMEOUT;
284 retries = 1;
285 break;
286 case START_STOP:
287 timeout = START_STOP_TIMEOUT;
288 retries = NORMAL_RETRIES;
289 break;
290 case MOVE_MEDIUM:
291 timeout = MOVE_MEDIUM_TIMEOUT;
292 retries = NORMAL_RETRIES;
293 break;
294 case READ_ELEMENT_STATUS:
295 timeout = READ_ELEMENT_STATUS_TIMEOUT;
296 retries = NORMAL_RETRIES;
297 break;
298 case READ_DEFECT_DATA:
299 timeout = READ_DEFECT_DATA_TIMEOUT;
300 retries = 1;
301 break;
302 default:
303 timeout = IOCTL_NORMAL_TIMEOUT;
304 retries = NORMAL_RETRIES;
305 break;
306 }
307
308 #ifndef DEBUG_NO_CMD
309
310
311 SRpnt = scsi_allocate_request(dev);
312 if( SRpnt == NULL )
313 {
314 result = -EINTR;
315 goto error;
316 }
317
318 SRpnt->sr_data_direction = data_direction;
319 scsi_wait_req(SRpnt, cmd, buf, needed, timeout, retries);
320
321 /*
322 * If there was an error condition, pass the info back to the user.
323 */
324
325 result = SRpnt->sr_result;
326
327 if (SRpnt->sr_result) {
328 int sb_len = sizeof(SRpnt->sr_sense_buffer);
329
330 sb_len = (sb_len > OMAX_SB_LEN) ? OMAX_SB_LEN : sb_len;
331 if (copy_to_user(cmd_in, SRpnt->sr_sense_buffer, sb_len))
332 result = -EFAULT;
333 } else {
334 if (copy_to_user(cmd_in, buf, outlen))
335 result = -EFAULT;
336 }
337
338 SDpnt = SRpnt->sr_device;
339 scsi_release_request(SRpnt);
340 SRpnt = NULL;
341
342 error:
343 if (buf)
344 scsi_free(buf, buf_needed);
345
346
347 return result;
348 #else
349 {
350 int i;
351 printk("scsi_ioctl : device %d. command = ", dev->id);
352 for (i = 0; i < cmdlen; ++i)
353 printk("%02x ", cmd[i]);
354 printk("\nbuffer =");
355 for (i = 0; i < 20; ++i)
356 printk("%02x ", buf[i]);
357 printk("\n");
358 printk("inlen = %d, outlen = %d, cmdlen = %d\n",
359 inlen, outlen, cmdlen);
360 printk("buffer = %d, cmd_in = %d\n", buffer, cmd_in);
361 }
362 return 0;
363 #endif
364 }
365
366 /*
367 * The scsi_ioctl_get_pci() function places into arg the value
368 * pci_dev::slot_name (8 characters) for the PCI device (if any).
369 * Returns: 0 on success
370 * -ENXIO if there isn't a PCI device pointer
371 * (could be because the SCSI driver hasn't been
372 * updated yet, or because it isn't a SCSI
373 * device)
374 * any copy_to_user() error on failure there
375 */
376 static int
377 scsi_ioctl_get_pci(Scsi_Device * dev, void *arg)
378 {
379
380 if (!dev->host->pci_dev) return -ENXIO;
381 return copy_to_user(arg, dev->host->pci_dev->slot_name,
382 sizeof(dev->host->pci_dev->slot_name));
383 }
384
385
386 /*
387 * the scsi_ioctl() function differs from most ioctls in that it does
388 * not take a major/minor number as the dev field. Rather, it takes
389 * a pointer to a scsi_devices[] element, a structure.
390 */
391 int scsi_ioctl(Scsi_Device * dev, int cmd, void *arg)
392 {
393 char scsi_cmd[MAX_COMMAND_SIZE];
394 char cmd_byte1;
395
396 /* No idea how this happens.... */
397 if (!dev)
398 return -ENXIO;
399
400 /*
401 * If we are in the middle of error recovery, don't let anyone
402 * else try and use this device. Also, if error recovery fails, it
403 * may try and take the device offline, in which case all further
404 * access to the device is prohibited.
405 */
406 if (!scsi_block_when_processing_errors(dev)) {
407 return -ENODEV;
408 }
409 cmd_byte1 = (dev->scsi_level <= SCSI_2) ? (dev->lun << 5) : 0;
410
411 switch (cmd) {
412 case SCSI_IOCTL_GET_IDLUN:
413 if (verify_area(VERIFY_WRITE, arg, sizeof(Scsi_Idlun)))
414 return -EFAULT;
415
416 __put_user((dev->id & 0xff)
417 + ((dev->lun & 0xff) << 8)
418 + ((dev->channel & 0xff) << 16)
419 + ((dev->host->host_no & 0xff) << 24),
420 &((Scsi_Idlun *) arg)->dev_id);
421 __put_user(dev->host->unique_id, &((Scsi_Idlun *) arg)->host_unique_id);
422 return 0;
423 case SCSI_IOCTL_GET_BUS_NUMBER:
424 return put_user(dev->host->host_no, (int *) arg);
425 case SCSI_IOCTL_TAGGED_ENABLE:
426 if (!capable(CAP_SYS_ADMIN))
427 return -EACCES;
428 if (!dev->tagged_supported)
429 return -EINVAL;
430 dev->tagged_queue = 1;
431 dev->current_tag = 1;
432 return 0;
433 case SCSI_IOCTL_TAGGED_DISABLE:
434 if (!capable(CAP_SYS_ADMIN))
435 return -EACCES;
436 if (!dev->tagged_supported)
437 return -EINVAL;
438 dev->tagged_queue = 0;
439 dev->current_tag = 0;
440 return 0;
441 case SCSI_IOCTL_PROBE_HOST:
442 return ioctl_probe(dev->host, arg);
443 case SCSI_IOCTL_SEND_COMMAND:
444 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
445 return -EACCES;
446 return scsi_ioctl_send_command((Scsi_Device *) dev,
447 (Scsi_Ioctl_Command *) arg);
448 case SCSI_IOCTL_DOORLOCK:
449 if (!dev->removable || !dev->lockable)
450 return 0;
451 scsi_cmd[0] = ALLOW_MEDIUM_REMOVAL;
452 scsi_cmd[1] = cmd_byte1;
453 scsi_cmd[2] = scsi_cmd[3] = scsi_cmd[5] = 0;
454 scsi_cmd[4] = SCSI_REMOVAL_PREVENT;
455 return ioctl_internal_command((Scsi_Device *) dev, scsi_cmd,
456 IOCTL_NORMAL_TIMEOUT, NORMAL_RETRIES);
457 break;
458 case SCSI_IOCTL_DOORUNLOCK:
459 if (!dev->removable || !dev->lockable)
460 return 0;
461 scsi_cmd[0] = ALLOW_MEDIUM_REMOVAL;
462 scsi_cmd[1] = cmd_byte1;
463 scsi_cmd[2] = scsi_cmd[3] = scsi_cmd[5] = 0;
464 scsi_cmd[4] = SCSI_REMOVAL_ALLOW;
465 return ioctl_internal_command((Scsi_Device *) dev, scsi_cmd,
466 IOCTL_NORMAL_TIMEOUT, NORMAL_RETRIES);
467 case SCSI_IOCTL_TEST_UNIT_READY:
468 scsi_cmd[0] = TEST_UNIT_READY;
469 scsi_cmd[1] = cmd_byte1;
470 scsi_cmd[2] = scsi_cmd[3] = scsi_cmd[5] = 0;
471 scsi_cmd[4] = 0;
472 return ioctl_internal_command((Scsi_Device *) dev, scsi_cmd,
473 IOCTL_NORMAL_TIMEOUT, NORMAL_RETRIES);
474 break;
475 case SCSI_IOCTL_START_UNIT:
476 scsi_cmd[0] = START_STOP;
477 scsi_cmd[1] = cmd_byte1;
478 scsi_cmd[2] = scsi_cmd[3] = scsi_cmd[5] = 0;
479 scsi_cmd[4] = 1;
480 return ioctl_internal_command((Scsi_Device *) dev, scsi_cmd,
481 START_STOP_TIMEOUT, NORMAL_RETRIES);
482 break;
483 case SCSI_IOCTL_STOP_UNIT:
484 scsi_cmd[0] = START_STOP;
485 scsi_cmd[1] = cmd_byte1;
486 scsi_cmd[2] = scsi_cmd[3] = scsi_cmd[5] = 0;
487 scsi_cmd[4] = 0;
488 return ioctl_internal_command((Scsi_Device *) dev, scsi_cmd,
489 START_STOP_TIMEOUT, NORMAL_RETRIES);
490 break;
491 case SCSI_IOCTL_GET_PCI:
492 return scsi_ioctl_get_pci(dev, arg);
493 break;
494 default:
495 if (dev->host->hostt->ioctl)
496 return dev->host->hostt->ioctl(dev, cmd, arg);
497 return -EINVAL;
498 }
499 return -EINVAL;
500 }
501
502 /*
503 * Just like scsi_ioctl, only callable from kernel space with no
504 * fs segment fiddling.
505 */
506
507 int kernel_scsi_ioctl(Scsi_Device * dev, int cmd, void *arg)
508 {
509 mm_segment_t oldfs;
510 int tmp;
511 oldfs = get_fs();
512 set_fs(get_ds());
513 tmp = scsi_ioctl(dev, cmd, arg);
514 set_fs(oldfs);
515 return tmp;
516 }
517
518 /*
519 * Overrides for Emacs so that we almost follow Linus's tabbing style.
520 * Emacs will notice this stuff at the end of the file and automatically
521 * adjust the settings for this buffer only. This must remain at the end
522 * of the file.
523 * ---------------------------------------------------------------------------
524 * Local variables:
525 * c-indent-level: 4
526 * c-brace-imaginary-offset: 0
527 * c-brace-offset: -4
528 * c-argdecl-indent: 4
529 * c-label-offset: -4
530 * c-continued-statement-offset: 4
531 * c-continued-brace-offset: 0
532 * indent-tabs-mode: nil
533 * tab-width: 8
534 * End:
535 */
536