aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>2008-08-16 01:10:05 -0400
committerJens Axboe <jens.axboe@oracle.com>2008-08-27 03:50:19 -0400
commitabf5439370491dd6fbb4fe1a7939680d2a9bc9d4 (patch)
treeaa3630557fe4a4bc6313617f5770af30eec68515
parent1941246dd98089dd637f44d3bd4f6cc1c61aa9e4 (diff)
block: move cmdfilter from gendisk to request_queue
cmd_filter works only for the block layer SG_IO with SCSI block devices. It breaks scsi/sg.c, bsg, and the block layer SG_IO with SCSI character devices (such as st). We hit a kernel crash with them. The problem is that cmd_filter code accesses to gendisk (having struct blk_scsi_cmd_filter) via inode->i_bdev->bd_disk. It works for only SCSI block device files. With character device files, inode->i_bdev leads you to struct cdev. inode->i_bdev->bd_disk->blk_scsi_cmd_filter isn't safe. SCSI ULDs don't expose gendisk; they keep it private. bsg needs to be independent on any protocols. We shouldn't change ULDs to expose their gendisk. This patch moves struct blk_scsi_cmd_filter from gendisk to request_queue, a common object, which eveyone can access to. The user interface doesn't change; users can change the filters via /sys/block/. gendisk has a pointer to request_queue so the cmd_filter code accesses to struct blk_scsi_cmd_filter. Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
-rw-r--r--block/blk-core.c2
-rw-r--r--block/bsg.c44
-rw-r--r--block/cmd-filter.c118
-rw-r--r--block/scsi_ioctl.c94
-rw-r--r--drivers/scsi/sg.c11
-rw-r--r--include/linux/blkdev.h16
-rw-r--r--include/linux/genhd.h10
7 files changed, 132 insertions, 163 deletions
diff --git a/block/blk-core.c b/block/blk-core.c
index 4889eb86a39e..2cba5ef97b2b 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -582,6 +582,8 @@ blk_init_queue_node(request_fn_proc *rfn, spinlock_t *lock, int node_id)
582 582
583 q->sg_reserved_size = INT_MAX; 583 q->sg_reserved_size = INT_MAX;
584 584
585 blk_set_cmd_filter_defaults(&q->cmd_filter);
586
585 /* 587 /*
586 * all done 588 * all done
587 */ 589 */
diff --git a/block/bsg.c b/block/bsg.c
index 5a68b09a69ba..0aae8d7ba99c 100644
--- a/block/bsg.c
+++ b/block/bsg.c
@@ -45,8 +45,6 @@ struct bsg_device {
45 char name[BUS_ID_SIZE]; 45 char name[BUS_ID_SIZE];
46 int max_queue; 46 int max_queue;
47 unsigned long flags; 47 unsigned long flags;
48 struct blk_scsi_cmd_filter *cmd_filter;
49 mode_t *f_mode;
50}; 48};
51 49
52enum { 50enum {
@@ -174,7 +172,8 @@ unlock:
174} 172}
175 173
176static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq, 174static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq,
177 struct sg_io_v4 *hdr, struct bsg_device *bd) 175 struct sg_io_v4 *hdr, struct bsg_device *bd,
176 int has_write_perm)
178{ 177{
179 if (hdr->request_len > BLK_MAX_CDB) { 178 if (hdr->request_len > BLK_MAX_CDB) {
180 rq->cmd = kzalloc(hdr->request_len, GFP_KERNEL); 179 rq->cmd = kzalloc(hdr->request_len, GFP_KERNEL);
@@ -187,8 +186,7 @@ static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq,
187 return -EFAULT; 186 return -EFAULT;
188 187
189 if (hdr->subprotocol == BSG_SUB_PROTOCOL_SCSI_CMD) { 188 if (hdr->subprotocol == BSG_SUB_PROTOCOL_SCSI_CMD) {
190 if (blk_cmd_filter_verify_command(bd->cmd_filter, rq->cmd, 189 if (blk_verify_command(&q->cmd_filter, rq->cmd, has_write_perm))
191 bd->f_mode))
192 return -EPERM; 190 return -EPERM;
193 } else if (!capable(CAP_SYS_RAWIO)) 191 } else if (!capable(CAP_SYS_RAWIO))
194 return -EPERM; 192 return -EPERM;
@@ -244,7 +242,7 @@ bsg_validate_sgv4_hdr(struct request_queue *q, struct sg_io_v4 *hdr, int *rw)
244 * map sg_io_v4 to a request. 242 * map sg_io_v4 to a request.
245 */ 243 */
246static struct request * 244static struct request *
247bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr) 245bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr, int has_write_perm)
248{ 246{
249 struct request_queue *q = bd->queue; 247 struct request_queue *q = bd->queue;
250 struct request *rq, *next_rq = NULL; 248 struct request *rq, *next_rq = NULL;
@@ -266,7 +264,7 @@ bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr)
266 rq = blk_get_request(q, rw, GFP_KERNEL); 264 rq = blk_get_request(q, rw, GFP_KERNEL);
267 if (!rq) 265 if (!rq)
268 return ERR_PTR(-ENOMEM); 266 return ERR_PTR(-ENOMEM);
269 ret = blk_fill_sgv4_hdr_rq(q, rq, hdr, bd); 267 ret = blk_fill_sgv4_hdr_rq(q, rq, hdr, bd, has_write_perm);
270 if (ret) 268 if (ret)
271 goto out; 269 goto out;
272 270
@@ -568,25 +566,6 @@ static inline void bsg_set_block(struct bsg_device *bd, struct file *file)
568 set_bit(BSG_F_BLOCK, &bd->flags); 566 set_bit(BSG_F_BLOCK, &bd->flags);
569} 567}
570 568
571static void bsg_set_cmd_filter(struct bsg_device *bd,
572 struct file *file)
573{
574 struct inode *inode;
575 struct gendisk *disk;
576
577 if (!file)
578 return;
579
580 inode = file->f_dentry->d_inode;
581 if (!inode)
582 return;
583
584 disk = inode->i_bdev->bd_disk;
585
586 bd->cmd_filter = &disk->cmd_filter;
587 bd->f_mode = &file->f_mode;
588}
589
590/* 569/*
591 * Check if the error is a "real" error that we should return. 570 * Check if the error is a "real" error that we should return.
592 */ 571 */
@@ -608,7 +587,6 @@ bsg_read(struct file *file, char __user *buf, size_t count, loff_t *ppos)
608 dprintk("%s: read %Zd bytes\n", bd->name, count); 587 dprintk("%s: read %Zd bytes\n", bd->name, count);
609 588
610 bsg_set_block(bd, file); 589 bsg_set_block(bd, file);
611 bsg_set_cmd_filter(bd, file);
612 590
613 bytes_read = 0; 591 bytes_read = 0;
614 ret = __bsg_read(buf, count, bd, NULL, &bytes_read); 592 ret = __bsg_read(buf, count, bd, NULL, &bytes_read);
@@ -621,7 +599,7 @@ bsg_read(struct file *file, char __user *buf, size_t count, loff_t *ppos)
621} 599}
622 600
623static int __bsg_write(struct bsg_device *bd, const char __user *buf, 601static int __bsg_write(struct bsg_device *bd, const char __user *buf,
624 size_t count, ssize_t *bytes_written) 602 size_t count, ssize_t *bytes_written, int has_write_perm)
625{ 603{
626 struct bsg_command *bc; 604 struct bsg_command *bc;
627 struct request *rq; 605 struct request *rq;
@@ -652,7 +630,7 @@ static int __bsg_write(struct bsg_device *bd, const char __user *buf,
652 /* 630 /*
653 * get a request, fill in the blanks, and add to request queue 631 * get a request, fill in the blanks, and add to request queue
654 */ 632 */
655 rq = bsg_map_hdr(bd, &bc->hdr); 633 rq = bsg_map_hdr(bd, &bc->hdr, has_write_perm);
656 if (IS_ERR(rq)) { 634 if (IS_ERR(rq)) {
657 ret = PTR_ERR(rq); 635 ret = PTR_ERR(rq);
658 rq = NULL; 636 rq = NULL;
@@ -683,10 +661,11 @@ bsg_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos)
683 dprintk("%s: write %Zd bytes\n", bd->name, count); 661 dprintk("%s: write %Zd bytes\n", bd->name, count);
684 662
685 bsg_set_block(bd, file); 663 bsg_set_block(bd, file);
686 bsg_set_cmd_filter(bd, file);
687 664
688 bytes_written = 0; 665 bytes_written = 0;
689 ret = __bsg_write(bd, buf, count, &bytes_written); 666 ret = __bsg_write(bd, buf, count, &bytes_written,
667 file->f_mode & FMODE_WRITE);
668
690 *ppos = bytes_written; 669 *ppos = bytes_written;
691 670
692 /* 671 /*
@@ -792,7 +771,6 @@ static struct bsg_device *bsg_add_device(struct inode *inode,
792 bd->queue = rq; 771 bd->queue = rq;
793 772
794 bsg_set_block(bd, file); 773 bsg_set_block(bd, file);
795 bsg_set_cmd_filter(bd, file);
796 774
797 atomic_set(&bd->ref_count, 1); 775 atomic_set(&bd->ref_count, 1);
798 mutex_lock(&bsg_mutex); 776 mutex_lock(&bsg_mutex);
@@ -943,7 +921,7 @@ static long bsg_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
943 if (copy_from_user(&hdr, uarg, sizeof(hdr))) 921 if (copy_from_user(&hdr, uarg, sizeof(hdr)))
944 return -EFAULT; 922 return -EFAULT;
945 923
946 rq = bsg_map_hdr(bd, &hdr); 924 rq = bsg_map_hdr(bd, &hdr, file->f_mode & FMODE_WRITE);
947 if (IS_ERR(rq)) 925 if (IS_ERR(rq))
948 return PTR_ERR(rq); 926 return PTR_ERR(rq);
949 927
diff --git a/block/cmd-filter.c b/block/cmd-filter.c
index eec4404fd357..c705c33361a0 100644
--- a/block/cmd-filter.c
+++ b/block/cmd-filter.c
@@ -27,8 +27,8 @@
27#include <scsi/scsi.h> 27#include <scsi/scsi.h>
28#include <linux/cdrom.h> 28#include <linux/cdrom.h>
29 29
30int blk_cmd_filter_verify_command(struct blk_scsi_cmd_filter *filter, 30int blk_verify_command(struct blk_scsi_cmd_filter *filter,
31 unsigned char *cmd, mode_t *f_mode) 31 unsigned char *cmd, int has_write_perm)
32{ 32{
33 /* root can do any command. */ 33 /* root can do any command. */
34 if (capable(CAP_SYS_RAWIO)) 34 if (capable(CAP_SYS_RAWIO))
@@ -43,30 +43,11 @@ int blk_cmd_filter_verify_command(struct blk_scsi_cmd_filter *filter,
43 return 0; 43 return 0;
44 44
45 /* Write-safe commands require a writable open */ 45 /* Write-safe commands require a writable open */
46 if (test_bit(cmd[0], filter->write_ok) && (*f_mode & FMODE_WRITE)) 46 if (test_bit(cmd[0], filter->write_ok) && has_write_perm)
47 return 0; 47 return 0;
48 48
49 return -EPERM; 49 return -EPERM;
50} 50}
51EXPORT_SYMBOL(blk_cmd_filter_verify_command);
52
53int blk_verify_command(struct file *file, unsigned char *cmd)
54{
55 struct gendisk *disk;
56 struct inode *inode;
57
58 if (!file)
59 return -EINVAL;
60
61 inode = file->f_dentry->d_inode;
62 if (!inode)
63 return -EINVAL;
64
65 disk = inode->i_bdev->bd_disk;
66
67 return blk_cmd_filter_verify_command(&disk->cmd_filter,
68 cmd, &file->f_mode);
69}
70EXPORT_SYMBOL(blk_verify_command); 51EXPORT_SYMBOL(blk_verify_command);
71 52
72/* and now, the sysfs stuff */ 53/* and now, the sysfs stuff */
@@ -219,114 +200,27 @@ static struct kobj_type rcf_ktype = {
219 .default_attrs = default_attrs, 200 .default_attrs = default_attrs,
220}; 201};
221 202
222#ifndef MAINTENANCE_IN_CMD
223#define MAINTENANCE_IN_CMD 0xa3
224#endif
225
226static void rcf_set_defaults(struct blk_scsi_cmd_filter *filter)
227{
228 /* Basic read-only commands */
229 __set_bit(TEST_UNIT_READY, filter->read_ok);
230 __set_bit(REQUEST_SENSE, filter->read_ok);
231 __set_bit(READ_6, filter->read_ok);
232 __set_bit(READ_10, filter->read_ok);
233 __set_bit(READ_12, filter->read_ok);
234 __set_bit(READ_16, filter->read_ok);
235 __set_bit(READ_BUFFER, filter->read_ok);
236 __set_bit(READ_DEFECT_DATA, filter->read_ok);
237 __set_bit(READ_CAPACITY, filter->read_ok);
238 __set_bit(READ_LONG, filter->read_ok);
239 __set_bit(INQUIRY, filter->read_ok);
240 __set_bit(MODE_SENSE, filter->read_ok);
241 __set_bit(MODE_SENSE_10, filter->read_ok);
242 __set_bit(LOG_SENSE, filter->read_ok);
243 __set_bit(START_STOP, filter->read_ok);
244 __set_bit(GPCMD_VERIFY_10, filter->read_ok);
245 __set_bit(VERIFY_16, filter->read_ok);
246 __set_bit(REPORT_LUNS, filter->read_ok);
247 __set_bit(SERVICE_ACTION_IN, filter->read_ok);
248 __set_bit(RECEIVE_DIAGNOSTIC, filter->read_ok);
249 __set_bit(MAINTENANCE_IN_CMD, filter->read_ok);
250 __set_bit(GPCMD_READ_BUFFER_CAPACITY, filter->read_ok);
251
252 /* Audio CD commands */
253 __set_bit(GPCMD_PLAY_CD, filter->read_ok);
254 __set_bit(GPCMD_PLAY_AUDIO_10, filter->read_ok);
255 __set_bit(GPCMD_PLAY_AUDIO_MSF, filter->read_ok);
256 __set_bit(GPCMD_PLAY_AUDIO_TI, filter->read_ok);
257 __set_bit(GPCMD_PAUSE_RESUME, filter->read_ok);
258
259 /* CD/DVD data reading */
260 __set_bit(GPCMD_READ_CD, filter->read_ok);
261 __set_bit(GPCMD_READ_CD_MSF, filter->read_ok);
262 __set_bit(GPCMD_READ_DISC_INFO, filter->read_ok);
263 __set_bit(GPCMD_READ_CDVD_CAPACITY, filter->read_ok);
264 __set_bit(GPCMD_READ_DVD_STRUCTURE, filter->read_ok);
265 __set_bit(GPCMD_READ_HEADER, filter->read_ok);
266 __set_bit(GPCMD_READ_TRACK_RZONE_INFO, filter->read_ok);
267 __set_bit(GPCMD_READ_SUBCHANNEL, filter->read_ok);
268 __set_bit(GPCMD_READ_TOC_PMA_ATIP, filter->read_ok);
269 __set_bit(GPCMD_REPORT_KEY, filter->read_ok);
270 __set_bit(GPCMD_SCAN, filter->read_ok);
271 __set_bit(GPCMD_GET_CONFIGURATION, filter->read_ok);
272 __set_bit(GPCMD_READ_FORMAT_CAPACITIES, filter->read_ok);
273 __set_bit(GPCMD_GET_EVENT_STATUS_NOTIFICATION, filter->read_ok);
274 __set_bit(GPCMD_GET_PERFORMANCE, filter->read_ok);
275 __set_bit(GPCMD_SEEK, filter->read_ok);
276 __set_bit(GPCMD_STOP_PLAY_SCAN, filter->read_ok);
277
278 /* Basic writing commands */
279 __set_bit(WRITE_6, filter->write_ok);
280 __set_bit(WRITE_10, filter->write_ok);
281 __set_bit(WRITE_VERIFY, filter->write_ok);
282 __set_bit(WRITE_12, filter->write_ok);
283 __set_bit(WRITE_VERIFY_12, filter->write_ok);
284 __set_bit(WRITE_16, filter->write_ok);
285 __set_bit(WRITE_LONG, filter->write_ok);
286 __set_bit(WRITE_LONG_2, filter->write_ok);
287 __set_bit(ERASE, filter->write_ok);
288 __set_bit(GPCMD_MODE_SELECT_10, filter->write_ok);
289 __set_bit(MODE_SELECT, filter->write_ok);
290 __set_bit(LOG_SELECT, filter->write_ok);
291 __set_bit(GPCMD_BLANK, filter->write_ok);
292 __set_bit(GPCMD_CLOSE_TRACK, filter->write_ok);
293 __set_bit(GPCMD_FLUSH_CACHE, filter->write_ok);
294 __set_bit(GPCMD_FORMAT_UNIT, filter->write_ok);
295 __set_bit(GPCMD_REPAIR_RZONE_TRACK, filter->write_ok);
296 __set_bit(GPCMD_RESERVE_RZONE_TRACK, filter->write_ok);
297 __set_bit(GPCMD_SEND_DVD_STRUCTURE, filter->write_ok);
298 __set_bit(GPCMD_SEND_EVENT, filter->write_ok);
299 __set_bit(GPCMD_SEND_KEY, filter->write_ok);
300 __set_bit(GPCMD_SEND_OPC, filter->write_ok);
301 __set_bit(GPCMD_SEND_CUE_SHEET, filter->write_ok);
302 __set_bit(GPCMD_SET_SPEED, filter->write_ok);
303 __set_bit(GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL, filter->write_ok);
304 __set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok);
305 __set_bit(GPCMD_SET_STREAMING, filter->write_ok);
306}
307
308int blk_register_filter(struct gendisk *disk) 203int blk_register_filter(struct gendisk *disk)
309{ 204{
310 int ret; 205 int ret;
311 struct blk_scsi_cmd_filter *filter = &disk->cmd_filter; 206 struct blk_scsi_cmd_filter *filter = &disk->queue->cmd_filter;
312 struct kobject *parent = kobject_get(disk->holder_dir->parent); 207 struct kobject *parent = kobject_get(disk->holder_dir->parent);
313 208
314 if (!parent) 209 if (!parent)
315 return -ENODEV; 210 return -ENODEV;
316 211
317 ret = kobject_init_and_add(&filter->kobj, &rcf_ktype, parent, 212 ret = kobject_init_and_add(&filter->kobj, &rcf_ktype, parent,
318 "%s", "cmd_filter"); 213 "%s", "cmd_filter");
319 214
320 if (ret < 0) 215 if (ret < 0)
321 return ret; 216 return ret;
322 217
323 rcf_set_defaults(filter);
324 return 0; 218 return 0;
325} 219}
326 220
327void blk_unregister_filter(struct gendisk *disk) 221void blk_unregister_filter(struct gendisk *disk)
328{ 222{
329 struct blk_scsi_cmd_filter *filter = &disk->cmd_filter; 223 struct blk_scsi_cmd_filter *filter = &disk->queue->cmd_filter;
330 224
331 kobject_put(&filter->kobj); 225 kobject_put(&filter->kobj);
332 kobject_put(disk->holder_dir->parent); 226 kobject_put(disk->holder_dir->parent);
diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
index 12a5182173f6..d01ef5ee427e 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -105,12 +105,96 @@ static int sg_emulated_host(struct request_queue *q, int __user *p)
105 return put_user(1, p); 105 return put_user(1, p);
106} 106}
107 107
108void blk_set_cmd_filter_defaults(struct blk_scsi_cmd_filter *filter)
109{
110 /* Basic read-only commands */
111 __set_bit(TEST_UNIT_READY, filter->read_ok);
112 __set_bit(REQUEST_SENSE, filter->read_ok);
113 __set_bit(READ_6, filter->read_ok);
114 __set_bit(READ_10, filter->read_ok);
115 __set_bit(READ_12, filter->read_ok);
116 __set_bit(READ_16, filter->read_ok);
117 __set_bit(READ_BUFFER, filter->read_ok);
118 __set_bit(READ_DEFECT_DATA, filter->read_ok);
119 __set_bit(READ_CAPACITY, filter->read_ok);
120 __set_bit(READ_LONG, filter->read_ok);
121 __set_bit(INQUIRY, filter->read_ok);
122 __set_bit(MODE_SENSE, filter->read_ok);
123 __set_bit(MODE_SENSE_10, filter->read_ok);
124 __set_bit(LOG_SENSE, filter->read_ok);
125 __set_bit(START_STOP, filter->read_ok);
126 __set_bit(GPCMD_VERIFY_10, filter->read_ok);
127 __set_bit(VERIFY_16, filter->read_ok);
128 __set_bit(REPORT_LUNS, filter->read_ok);
129 __set_bit(SERVICE_ACTION_IN, filter->read_ok);
130 __set_bit(RECEIVE_DIAGNOSTIC, filter->read_ok);
131 __set_bit(MAINTENANCE_IN, filter->read_ok);
132 __set_bit(GPCMD_READ_BUFFER_CAPACITY, filter->read_ok);
133
134 /* Audio CD commands */
135 __set_bit(GPCMD_PLAY_CD, filter->read_ok);
136 __set_bit(GPCMD_PLAY_AUDIO_10, filter->read_ok);
137 __set_bit(GPCMD_PLAY_AUDIO_MSF, filter->read_ok);
138 __set_bit(GPCMD_PLAY_AUDIO_TI, filter->read_ok);
139 __set_bit(GPCMD_PAUSE_RESUME, filter->read_ok);
140
141 /* CD/DVD data reading */
142 __set_bit(GPCMD_READ_CD, filter->read_ok);
143 __set_bit(GPCMD_READ_CD_MSF, filter->read_ok);
144 __set_bit(GPCMD_READ_DISC_INFO, filter->read_ok);
145 __set_bit(GPCMD_READ_CDVD_CAPACITY, filter->read_ok);
146 __set_bit(GPCMD_READ_DVD_STRUCTURE, filter->read_ok);
147 __set_bit(GPCMD_READ_HEADER, filter->read_ok);
148 __set_bit(GPCMD_READ_TRACK_RZONE_INFO, filter->read_ok);
149 __set_bit(GPCMD_READ_SUBCHANNEL, filter->read_ok);
150 __set_bit(GPCMD_READ_TOC_PMA_ATIP, filter->read_ok);
151 __set_bit(GPCMD_REPORT_KEY, filter->read_ok);
152 __set_bit(GPCMD_SCAN, filter->read_ok);
153 __set_bit(GPCMD_GET_CONFIGURATION, filter->read_ok);
154 __set_bit(GPCMD_READ_FORMAT_CAPACITIES, filter->read_ok);
155 __set_bit(GPCMD_GET_EVENT_STATUS_NOTIFICATION, filter->read_ok);
156 __set_bit(GPCMD_GET_PERFORMANCE, filter->read_ok);
157 __set_bit(GPCMD_SEEK, filter->read_ok);
158 __set_bit(GPCMD_STOP_PLAY_SCAN, filter->read_ok);
159
160 /* Basic writing commands */
161 __set_bit(WRITE_6, filter->write_ok);
162 __set_bit(WRITE_10, filter->write_ok);
163 __set_bit(WRITE_VERIFY, filter->write_ok);
164 __set_bit(WRITE_12, filter->write_ok);
165 __set_bit(WRITE_VERIFY_12, filter->write_ok);
166 __set_bit(WRITE_16, filter->write_ok);
167 __set_bit(WRITE_LONG, filter->write_ok);
168 __set_bit(WRITE_LONG_2, filter->write_ok);
169 __set_bit(ERASE, filter->write_ok);
170 __set_bit(GPCMD_MODE_SELECT_10, filter->write_ok);
171 __set_bit(MODE_SELECT, filter->write_ok);
172 __set_bit(LOG_SELECT, filter->write_ok);
173 __set_bit(GPCMD_BLANK, filter->write_ok);
174 __set_bit(GPCMD_CLOSE_TRACK, filter->write_ok);
175 __set_bit(GPCMD_FLUSH_CACHE, filter->write_ok);
176 __set_bit(GPCMD_FORMAT_UNIT, filter->write_ok);
177 __set_bit(GPCMD_REPAIR_RZONE_TRACK, filter->write_ok);
178 __set_bit(GPCMD_RESERVE_RZONE_TRACK, filter->write_ok);
179 __set_bit(GPCMD_SEND_DVD_STRUCTURE, filter->write_ok);
180 __set_bit(GPCMD_SEND_EVENT, filter->write_ok);
181 __set_bit(GPCMD_SEND_KEY, filter->write_ok);
182 __set_bit(GPCMD_SEND_OPC, filter->write_ok);
183 __set_bit(GPCMD_SEND_CUE_SHEET, filter->write_ok);
184 __set_bit(GPCMD_SET_SPEED, filter->write_ok);
185 __set_bit(GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL, filter->write_ok);
186 __set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok);
187 __set_bit(GPCMD_SET_STREAMING, filter->write_ok);
188}
189EXPORT_SYMBOL_GPL(blk_set_cmd_filter_defaults);
190
108static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq, 191static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq,
109 struct sg_io_hdr *hdr, struct file *file) 192 struct sg_io_hdr *hdr, struct file *file)
110{ 193{
111 if (copy_from_user(rq->cmd, hdr->cmdp, hdr->cmd_len)) 194 if (copy_from_user(rq->cmd, hdr->cmdp, hdr->cmd_len))
112 return -EFAULT; 195 return -EFAULT;
113 if (blk_verify_command(file, rq->cmd)) 196 if (blk_verify_command(&q->cmd_filter, rq->cmd,
197 file->f_mode & FMODE_WRITE))
114 return -EPERM; 198 return -EPERM;
115 199
116 /* 200 /*
@@ -298,7 +382,7 @@ int sg_scsi_ioctl(struct file *file, struct request_queue *q,
298 struct gendisk *disk, struct scsi_ioctl_command __user *sic) 382 struct gendisk *disk, struct scsi_ioctl_command __user *sic)
299{ 383{
300 struct request *rq; 384 struct request *rq;
301 int err; 385 int err, write_perm = 0;
302 unsigned int in_len, out_len, bytes, opcode, cmdlen; 386 unsigned int in_len, out_len, bytes, opcode, cmdlen;
303 char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE]; 387 char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE];
304 388
@@ -340,7 +424,11 @@ int sg_scsi_ioctl(struct file *file, struct request_queue *q,
340 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) 424 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
341 goto error; 425 goto error;
342 426
343 err = blk_verify_command(file, rq->cmd); 427 /* scsi_ioctl passes NULL */
428 if (file && (file->f_mode & FMODE_WRITE))
429 write_perm = 1;
430
431 err = blk_verify_command(&q->cmd_filter, rq->cmd, write_perm);
344 if (err) 432 if (err)
345 goto error; 433 goto error;
346 434
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index 3d36270a8b4d..9d28b9f74d90 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -641,6 +641,7 @@ sg_new_write(Sg_fd *sfp, struct file *file, const char __user *buf,
641 unsigned char cmnd[MAX_COMMAND_SIZE]; 641 unsigned char cmnd[MAX_COMMAND_SIZE];
642 int timeout; 642 int timeout;
643 unsigned long ul_timeout; 643 unsigned long ul_timeout;
644 struct request_queue *q;
644 645
645 if (count < SZ_SG_IO_HDR) 646 if (count < SZ_SG_IO_HDR)
646 return -EINVAL; 647 return -EINVAL;
@@ -689,7 +690,9 @@ sg_new_write(Sg_fd *sfp, struct file *file, const char __user *buf,
689 sg_remove_request(sfp, srp); 690 sg_remove_request(sfp, srp);
690 return -EFAULT; 691 return -EFAULT;
691 } 692 }
692 if (read_only && !blk_verify_command(file, cmnd)) { 693 q = sfp->parentdp->device->request_queue;
694 if (read_only && blk_verify_command(&q->cmd_filter, cmnd,
695 file->f_mode & FMODE_WRITE)) {
693 sg_remove_request(sfp, srp); 696 sg_remove_request(sfp, srp);
694 return -EPERM; 697 return -EPERM;
695 } 698 }
@@ -793,6 +796,7 @@ sg_ioctl(struct inode *inode, struct file *filp,
793 796
794 if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp))) 797 if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
795 return -ENXIO; 798 return -ENXIO;
799
796 SCSI_LOG_TIMEOUT(3, printk("sg_ioctl: %s, cmd=0x%x\n", 800 SCSI_LOG_TIMEOUT(3, printk("sg_ioctl: %s, cmd=0x%x\n",
797 sdp->disk->disk_name, (int) cmd_in)); 801 sdp->disk->disk_name, (int) cmd_in));
798 read_only = (O_RDWR != (filp->f_flags & O_ACCMODE)); 802 read_only = (O_RDWR != (filp->f_flags & O_ACCMODE));
@@ -1057,11 +1061,14 @@ sg_ioctl(struct inode *inode, struct file *filp,
1057 return -ENODEV; 1061 return -ENODEV;
1058 if (read_only) { 1062 if (read_only) {
1059 unsigned char opcode = WRITE_6; 1063 unsigned char opcode = WRITE_6;
1064 struct request_queue *q = sdp->device->request_queue;
1060 Scsi_Ioctl_Command __user *siocp = p; 1065 Scsi_Ioctl_Command __user *siocp = p;
1061 1066
1062 if (copy_from_user(&opcode, siocp->data, 1)) 1067 if (copy_from_user(&opcode, siocp->data, 1))
1063 return -EFAULT; 1068 return -EFAULT;
1064 if (!blk_verify_command(filp, &opcode)) 1069 if (blk_verify_command(&q->cmd_filter,
1070 &opcode,
1071 filp->f_mode & FMODE_WRITE))
1065 return -EPERM; 1072 return -EPERM;
1066 } 1073 }
1067 return sg_scsi_ioctl(filp, sdp->device->request_queue, NULL, p); 1074 return sg_scsi_ioctl(filp, sdp->device->request_queue, NULL, p);
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
index e61f22be4d0e..d2d34e2774b2 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -280,6 +280,15 @@ struct blk_queue_tag {
280 atomic_t refcnt; /* map can be shared */ 280 atomic_t refcnt; /* map can be shared */
281}; 281};
282 282
283#define BLK_SCSI_MAX_CMDS (256)
284#define BLK_SCSI_CMD_PER_LONG (BLK_SCSI_MAX_CMDS / (sizeof(long) * 8))
285
286struct blk_scsi_cmd_filter {
287 unsigned long read_ok[BLK_SCSI_CMD_PER_LONG];
288 unsigned long write_ok[BLK_SCSI_CMD_PER_LONG];
289 struct kobject kobj;
290};
291
283struct request_queue 292struct request_queue
284{ 293{
285 /* 294 /*
@@ -398,6 +407,7 @@ struct request_queue
398#if defined(CONFIG_BLK_DEV_BSG) 407#if defined(CONFIG_BLK_DEV_BSG)
399 struct bsg_class_device bsg_dev; 408 struct bsg_class_device bsg_dev;
400#endif 409#endif
410 struct blk_scsi_cmd_filter cmd_filter;
401}; 411};
402 412
403#define QUEUE_FLAG_CLUSTER 0 /* cluster several segments into 1 */ 413#define QUEUE_FLAG_CLUSTER 0 /* cluster several segments into 1 */
@@ -833,11 +843,11 @@ extern int blkdev_issue_flush(struct block_device *, sector_t *);
833/* 843/*
834* command filter functions 844* command filter functions
835*/ 845*/
836extern int blk_verify_command(struct file *file, unsigned char *cmd); 846extern int blk_verify_command(struct blk_scsi_cmd_filter *filter,
837extern int blk_cmd_filter_verify_command(struct blk_scsi_cmd_filter *filter, 847 unsigned char *cmd, int has_write_perm);
838 unsigned char *cmd, mode_t *f_mode);
839extern int blk_register_filter(struct gendisk *disk); 848extern int blk_register_filter(struct gendisk *disk);
840extern void blk_unregister_filter(struct gendisk *disk); 849extern void blk_unregister_filter(struct gendisk *disk);
850extern void blk_set_cmd_filter_defaults(struct blk_scsi_cmd_filter *filter);
841 851
842#define MAX_PHYS_SEGMENTS 128 852#define MAX_PHYS_SEGMENTS 128
843#define MAX_HW_SEGMENTS 128 853#define MAX_HW_SEGMENTS 128
diff --git a/include/linux/genhd.h b/include/linux/genhd.h
index 118216f1bd3c..be4f5e5bfe06 100644
--- a/include/linux/genhd.h
+++ b/include/linux/genhd.h
@@ -110,15 +110,6 @@ struct hd_struct {
110#define GENHD_FL_SUPPRESS_PARTITION_INFO 32 110#define GENHD_FL_SUPPRESS_PARTITION_INFO 32
111#define GENHD_FL_FAIL 64 111#define GENHD_FL_FAIL 64
112 112
113#define BLK_SCSI_MAX_CMDS (256)
114#define BLK_SCSI_CMD_PER_LONG (BLK_SCSI_MAX_CMDS / (sizeof(long) * 8))
115
116struct blk_scsi_cmd_filter {
117 unsigned long read_ok[BLK_SCSI_CMD_PER_LONG];
118 unsigned long write_ok[BLK_SCSI_CMD_PER_LONG];
119 struct kobject kobj;
120};
121
122struct gendisk { 113struct gendisk {
123 int major; /* major number of driver */ 114 int major; /* major number of driver */
124 int first_minor; 115 int first_minor;
@@ -128,7 +119,6 @@ struct gendisk {
128 struct hd_struct **part; /* [indexed by minor] */ 119 struct hd_struct **part; /* [indexed by minor] */
129 struct block_device_operations *fops; 120 struct block_device_operations *fops;
130 struct request_queue *queue; 121 struct request_queue *queue;
131 struct blk_scsi_cmd_filter cmd_filter;
132 void *private_data; 122 void *private_data;
133 sector_t capacity; 123 sector_t capacity;
134 124