[SCSI] unify SCSI_IOCTL_SEND_COMMAND implementations

We currently have two implementations of this obsolete ioctl, one in the block layer and one in the scsi code. Both of them have drawbacks. This patch kills the scsi layer version after updating the block version with the missing bits: - argument checking - use scatterlist I/O - set number of retries based on the submitted command This is the last user of non-S/G I/O except for the gdth driver, so getting this in ASAP and through the scsi tree would be nie to kill the non-S/G I/O path. Jens, what do you think about adding a check for non-S/G I/O in the midlayer? Thanks to Or Gerlitz for testing this patch. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
author: Christoph Hellwig <hch@lst.de> 2006-03-22 11:52:04 -0500
committer: James Bottomley <jejb@mulgrave.il.steeleye.com> 2006-04-13 11:13:15 -0400
commit: 21b2f0c803adaf00fce1b606c50b49ae8b106773 (patch)
tree: 1acc834df309041ed0c5681f4bd222fd3e113900
parent: 765fcab23d0a79ed7aab8da79766f5873d936f1b (diff)
5 files changed, 78 insertions, 207 deletions
diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
index 24f7af9d0abc..b33eda26e205 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -350,16 +350,51 @@ out:
        return ret;
 }
+/**
+ * sg_scsi_ioctl  --  handle deprecated SCSI_IOCTL_SEND_COMMAND ioctl
+ * @file:       file this ioctl operates on (optional)
+ * @q:          request queue to send scsi commands down
+ * @disk:       gendisk to operate on (option)
+ * @sic:        userspace structure describing the command to perform
+ *
+ * Send down the scsi command described by @sic to the device below
+ * the request queue @q.  If @file is non-NULL it's used to perform
+ * fine-grained permission checks that allow users to send down
+ * non-destructive SCSI commands.  If the caller has a struct gendisk
+ * available it should be passed in as @disk to allow the low level
+ * driver to use the information contained in it.  A non-NULL @disk
+ * is only allowed if the caller knows that the low level driver doesn't
+ * need it (e.g. in the scsi subsystem).
+ *
+ * Notes:
+ *   -  This interface is deprecated - users should use the SG_IO
+ *      interface instead, as this is a more flexible approach to
+ *      performing SCSI commands on a device.
+ *   -  The SCSI command length is determined by examining the 1st byte
+ *      of the given command. There is no way to override this.
+ *   -  Data transfers are limited to PAGE_SIZE
+ *   -  The length (x + y) must be at least OMAX_SB_LEN bytes long to
+ *      accommodate the sense buffer when an error occurs.
+ *      The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that
+ *      old code will not be surprised.
+ *   -  If a Unix error occurs (e.g. ENOMEM) then the user will receive
+ *      a negative return and the Unix error code in 'errno'.
+ *      If the SCSI command succeeds then 0 is returned.
+ *      Positive numbers returned are the compacted SCSI error codes (4
+ *      bytes in one int) where the lowest byte is the SCSI status.
+ */
 #define OMAX_SB_LEN 16          /* For backward compatibility */
+int sg_scsi_ioctl(struct file *file, struct request_queue *q,
-static int sg_scsi_ioctl(struct file *file, request_queue_t *q,
+                  struct gendisk *disk, struct scsi_ioctl_command __user *sic)
-                         struct gendisk *bd_disk, Scsi_Ioctl_Command __user *sic)
 {
        struct request *rq;
        int err;
        unsigned int in_len, out_len, bytes, opcode, cmdlen;
        char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE];
+        if (!sic)
+                return -EINVAL;
        /*
         * get in an out lengths, verify they don't exceed a page worth of data
         */
@@ -393,45 +428,53 @@ static int sg_scsi_ioctl(struct file *file, request_queue_t *q,
        if (copy_from_user(rq->cmd, sic->data, cmdlen))
                goto error;
-        if (copy_from_user(buffer, sic->data + cmdlen, in_len))
+        if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
                goto error;
        err = verify_command(file, rq->cmd);
        if (err)
                goto error;
+        /* default.  possible overriden later */
+        rq->retries = 5;
        switch (opcode) {
-                case SEND_DIAGNOSTIC:
+        case SEND_DIAGNOSTIC:
-                case FORMAT_UNIT:
+        case FORMAT_UNIT:
-                        rq->timeout = FORMAT_UNIT_TIMEOUT;
+                rq->timeout = FORMAT_UNIT_TIMEOUT;
-                        break;
+                rq->retries = 1;
-                case START_STOP:
+                break;
-                        rq->timeout = START_STOP_TIMEOUT;
+        case START_STOP:
-                        break;
+                rq->timeout = START_STOP_TIMEOUT;
-                case MOVE_MEDIUM:
+                break;
-                        rq->timeout = MOVE_MEDIUM_TIMEOUT;
+        case MOVE_MEDIUM:
-                        break;
+                rq->timeout = MOVE_MEDIUM_TIMEOUT;
-                case READ_ELEMENT_STATUS:
+                break;
-                        rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;
+        case READ_ELEMENT_STATUS:
-                        break;
+                rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;
-                case READ_DEFECT_DATA:
+                break;
-                        rq->timeout = READ_DEFECT_DATA_TIMEOUT;
+        case READ_DEFECT_DATA:
-                        break;
+                rq->timeout = READ_DEFECT_DATA_TIMEOUT;
-                default:
+                rq->retries = 1;
-                        rq->timeout = BLK_DEFAULT_TIMEOUT;
+                break;
-                        break;
+        default:
+                rq->timeout = BLK_DEFAULT_TIMEOUT;
+                break;
+        }
+        if (bytes && blk_rq_map_kern(q, rq, buffer, bytes, __GFP_WAIT)) {
+                err = DRIVER_ERROR << 24;
+                goto out;
        }
        memset(sense, 0, sizeof(sense));
        rq->sense = sense;
        rq->sense_len = 0;
-        rq->data = buffer;
-        rq->data_len = bytes;
        rq->flags |= REQ_BLOCK_PC;
-        rq->retries = 0;
-        blk_execute_rq(q, bd_disk, rq, 0);
+        blk_execute_rq(q, disk, rq, 0);
+out:
        err = rq->errors & 0xff;        /* only 8 bit SCSI status */
        if (err) {
                if (rq->sense_len && rq->sense) {
@@ -450,7 +493,7 @@ error:
        blk_put_request(rq);
        return err;
 }
+EXPORT_SYMBOL_GPL(sg_scsi_ioctl);
 /* Send basic block requests */
 static int __blk_send_generic(request_queue_t *q, struct gendisk *bd_disk, int cmd, int data)
diff --git a/drivers/scsi/scsi_ioctl.c b/drivers/scsi/scsi_ioctl.c
index 36e930066649..a89aff61d3d8 100644
--- a/drivers/scsi/scsi_ioctl.c
+++ b/drivers/scsi/scsi_ioctl.c
@@ -158,180 +158,6 @@ int scsi_set_medium_removal(struct scsi_device *sdev, char state)
 EXPORT_SYMBOL(scsi_set_medium_removal);
 /*
- * This interface is deprecated - users should use the scsi generic (sg)
- * interface instead, as this is a more flexible approach to performing
- * generic SCSI commands on a device.
- *
- * The structure that we are passed should look like:
- *
- * struct sdata {
- *  unsigned int inlen;      [i] Length of data to be written to device 
- *  unsigned int outlen;     [i] Length of data to be read from device 
- *  unsigned char cmd[x];    [i] SCSI command (6 <= x <= 12).
- *                           [o] Data read from device starts here.
- *                           [o] On error, sense buffer starts here.
- *  unsigned char wdata[y];  [i] Data written to device starts here.
- * };
- * Notes:
- *   -  The SCSI command length is determined by examining the 1st byte
- *      of the given command. There is no way to override this.
- *   -  Data transfers are limited to PAGE_SIZE (4K on i386, 8K on alpha).
- *   -  The length (x + y) must be at least OMAX_SB_LEN bytes long to
- *      accommodate the sense buffer when an error occurs.
- *      The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that
- *      old code will not be surprised.
- *   -  If a Unix error occurs (e.g. ENOMEM) then the user will receive
- *      a negative return and the Unix error code in 'errno'. 
- *      If the SCSI command succeeds then 0 is returned.
- *      Positive numbers returned are the compacted SCSI error codes (4 
- *      bytes in one int) where the lowest byte is the SCSI status.
- *      See the drivers/scsi/scsi.h file for more information on this.
- *
- */
-#define OMAX_SB_LEN 16          /* Old sense buffer length */
-int scsi_ioctl_send_command(struct scsi_device *sdev,
-                            struct scsi_ioctl_command __user *sic)
-{
-        char *buf;
-        unsigned char cmd[MAX_COMMAND_SIZE];
-        unsigned char sense[SCSI_SENSE_BUFFERSIZE];
-        char __user *cmd_in;
-        unsigned char opcode;
-        unsigned int inlen, outlen, cmdlen;
-        unsigned int needed, buf_needed;
-        int timeout, retries, result;
-        int data_direction;
-        gfp_t gfp_mask = GFP_KERNEL;
-        if (!sic)
-                return -EINVAL;
-        if (sdev->host->unchecked_isa_dma)
-                gfp_mask |= GFP_DMA;
-        /*
-         * Verify that we can read at least this much.
-         */
-        if (!access_ok(VERIFY_READ, sic, sizeof(Scsi_Ioctl_Command)))
-                return -EFAULT;
-        if(__get_user(inlen, &sic->inlen))
-                return -EFAULT;
-                
-        if(__get_user(outlen, &sic->outlen))
-                return -EFAULT;
-        /*
-         * We do not transfer more than MAX_BUF with this interface.
-         * If the user needs to transfer more data than this, they
-         * should use scsi_generics (sg) instead.
-         */
-        if (inlen > MAX_BUF)
-                return -EINVAL;
-        if (outlen > MAX_BUF)
-                return -EINVAL;
-        cmd_in = sic->data;
-        if(get_user(opcode, cmd_in))
-                return -EFAULT;
-        needed = buf_needed = (inlen > outlen ? inlen : outlen);
-        if (buf_needed) {
-                buf_needed = (buf_needed + 511) & ~511;
-                if (buf_needed > MAX_BUF)
-                        buf_needed = MAX_BUF;
-                buf = kzalloc(buf_needed, gfp_mask);
-                if (!buf)
-                        return -ENOMEM;
-                if (inlen == 0) {
-                        data_direction = DMA_FROM_DEVICE;
-                } else if (outlen == 0 ) {
-                        data_direction = DMA_TO_DEVICE;
-                } else {
-                        /*
-                         * Can this ever happen?
-                         */
-                        data_direction = DMA_BIDIRECTIONAL;
-                }
-        } else {
-                buf = NULL;
-                data_direction = DMA_NONE;
-        }
-        /*
-         * Obtain the command from the user's address space.
-         */
-        cmdlen = COMMAND_SIZE(opcode);
-        
-        result = -EFAULT;
-        if (!access_ok(VERIFY_READ, cmd_in, cmdlen + inlen))
-                goto error;
-        if(__copy_from_user(cmd, cmd_in, cmdlen))
-                goto error;
-        /*
-         * Obtain the data to be sent to the device (if any).
-         */
-        if(inlen && copy_from_user(buf, cmd_in + cmdlen, inlen))
-                goto error;
-        switch (opcode) {
-        case SEND_DIAGNOSTIC:
-        case FORMAT_UNIT:
-                timeout = FORMAT_UNIT_TIMEOUT;
-                retries = 1;
-                break;
-        case START_STOP:
-                timeout = START_STOP_TIMEOUT;
-                retries = NORMAL_RETRIES;
-                break;
-        case MOVE_MEDIUM:
-                timeout = MOVE_MEDIUM_TIMEOUT;
-                retries = NORMAL_RETRIES;
-                break;
-        case READ_ELEMENT_STATUS:
-                timeout = READ_ELEMENT_STATUS_TIMEOUT;
-                retries = NORMAL_RETRIES;
-                break;
-        case READ_DEFECT_DATA:
-                timeout = READ_DEFECT_DATA_TIMEOUT;
-                retries = 1;
-                break;
-        default:
-                timeout = IOCTL_NORMAL_TIMEOUT;
-                retries = NORMAL_RETRIES;
-                break;
-        }
-        result = scsi_execute(sdev, cmd, data_direction, buf, needed,
-                              sense, timeout, retries, 0);
-        /* 
-         * If there was an error condition, pass the info back to the user. 
-         */
-        if (result) {
-                int sb_len = sizeof(*sense);
-                sb_len = (sb_len > OMAX_SB_LEN) ? OMAX_SB_LEN : sb_len;
-                if (copy_to_user(cmd_in, sense, sb_len))
-                        result = -EFAULT;
-        } else {
-                if (outlen && copy_to_user(cmd_in, buf, outlen))
-                        result = -EFAULT;
-        }       
-error:
-        kfree(buf);
-        return result;
-}
-EXPORT_SYMBOL(scsi_ioctl_send_command);
-/*
 * The scsi_ioctl_get_pci() function places into arg the value
 * pci_dev::slot_name (8 characters) for the PCI device (if any).
 * Returns: 0 on success
@@ -409,7 +235,7 @@ int scsi_ioctl(struct scsi_device *sdev, int cmd, void __user *arg)
        case SCSI_IOCTL_SEND_COMMAND:
                if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
                        return -EACCES;
-                return scsi_ioctl_send_command(sdev, arg);
+                return sg_scsi_ioctl(NULL, sdev->request_queue, NULL, arg);
        case SCSI_IOCTL_DOORLOCK:
                return scsi_set_medium_removal(sdev, SCSI_REMOVAL_PREVENT);
        case SCSI_IOCTL_DOORUNLOCK:
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index 7405d0df95db..fcf9243dfa7d 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -1044,7 +1044,7 @@ sg_ioctl(struct inode *inode, struct file *filp,
                        if (!sg_allow_access(opcode, sdp->device->type))
                                return -EPERM;
                }
-                return scsi_ioctl_send_command(sdp->device, p);
+                return sg_scsi_ioctl(filp, sdp->device->request_queue, NULL, p);
        case SG_SET_DEBUG:
                result = get_user(val, ip);
                if (result)
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
index d0cac8b58de7..59e1259b1c40 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -17,6 +17,8 @@
 #include <asm/scatterlist.h>
+struct scsi_ioctl_command;
 struct request_queue;
 typedef struct request_queue request_queue_t;
 struct elevator_queue;
@@ -611,6 +613,8 @@ extern void blk_plug_device(request_queue_t *);
 extern int blk_remove_plug(request_queue_t *);
 extern void blk_recount_segments(request_queue_t *, struct bio *);
 extern int scsi_cmd_ioctl(struct file *, struct gendisk *, unsigned int, void __user *);
+extern int sg_scsi_ioctl(struct file *, struct request_queue *,
+                struct gendisk *, struct scsi_ioctl_command __user *);
 extern void blk_start_queue(request_queue_t *q);
 extern void blk_stop_queue(request_queue_t *q);
 extern void blk_sync_queue(struct request_queue *q);
diff --git a/include/scsi/scsi_ioctl.h b/include/scsi/scsi_ioctl.h
index d4be4d92d586..edb9525386da 100644
--- a/include/scsi/scsi_ioctl.h
+++ b/include/scsi/scsi_ioctl.h
@@ -41,8 +41,6 @@ typedef struct scsi_fctargaddress {
 } Scsi_FCTargAddress;
 extern int scsi_ioctl(struct scsi_device *, int, void __user *);
-extern int scsi_ioctl_send_command(struct scsi_device *,
-                                   struct scsi_ioctl_command __user *);
 extern int scsi_nonblockable_ioctl(struct scsi_device *sdev, int cmd,
                                   void __user *arg, struct file *filp);
author	Christoph Hellwig <hch@lst.de>	2006-03-22 11:52:04 -0500
committer	James Bottomley <jejb@mulgrave.il.steeleye.com>	2006-04-13 11:13:15 -0400
commit	21b2f0c803adaf00fce1b606c50b49ae8b106773 (patch)
tree	1acc834df309041ed0c5681f4bd222fd3e113900
parent	765fcab23d0a79ed7aab8da79766f5873d936f1b (diff)

diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c index 24f7af9d0abc..b33eda26e205 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c
@@ -350,16 +350,51 @@ out:
350	return ret;	350	return ret;
351	}	351	}
352		352
		353	/**
		354	* sg_scsi_ioctl -- handle deprecated SCSI_IOCTL_SEND_COMMAND ioctl
		355	* @file: file this ioctl operates on (optional)
		356	* @q: request queue to send scsi commands down
		357	* @disk: gendisk to operate on (option)
		358	* @sic: userspace structure describing the command to perform
		359	*
		360	* Send down the scsi command described by @sic to the device below
		361	* the request queue @q. If @file is non-NULL it's used to perform
		362	* fine-grained permission checks that allow users to send down
		363	* non-destructive SCSI commands. If the caller has a struct gendisk
		364	* available it should be passed in as @disk to allow the low level
		365	* driver to use the information contained in it. A non-NULL @disk
		366	* is only allowed if the caller knows that the low level driver doesn't
		367	* need it (e.g. in the scsi subsystem).
		368	*
		369	* Notes:
		370	* - This interface is deprecated - users should use the SG_IO
		371	* interface instead, as this is a more flexible approach to
		372	* performing SCSI commands on a device.
		373	* - The SCSI command length is determined by examining the 1st byte
		374	* of the given command. There is no way to override this.
		375	* - Data transfers are limited to PAGE_SIZE
		376	* - The length (x + y) must be at least OMAX_SB_LEN bytes long to
		377	* accommodate the sense buffer when an error occurs.
		378	* The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that
		379	* old code will not be surprised.
		380	* - If a Unix error occurs (e.g. ENOMEM) then the user will receive
		381	* a negative return and the Unix error code in 'errno'.
		382	* If the SCSI command succeeds then 0 is returned.
		383	* Positive numbers returned are the compacted SCSI error codes (4
		384	* bytes in one int) where the lowest byte is the SCSI status.
		385	*/
353	#define OMAX_SB_LEN 16 /* For backward compatibility */	386	#define OMAX_SB_LEN 16 /* For backward compatibility */
354		387	int sg_scsi_ioctl(struct file file, struct request_queue q,
355	static int sg_scsi_ioctl(struct file file, request_queue_t q,	388	struct gendisk disk, struct scsi_ioctl_command __user sic)
356	struct gendisk bd_disk, Scsi_Ioctl_Command __user sic)
357	{	389	{
358	struct request *rq;	390	struct request *rq;
359	int err;	391	int err;
360	unsigned int in_len, out_len, bytes, opcode, cmdlen;	392	unsigned int in_len, out_len, bytes, opcode, cmdlen;
361	char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE];	393	char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE];
362		394
		395	if (!sic)
		396	return -EINVAL;
		397
363	/*	398	/*
364	* get in an out lengths, verify they don't exceed a page worth of data	399	* get in an out lengths, verify they don't exceed a page worth of data
365	*/	400	*/
@@ -393,45 +428,53 @@ static int sg_scsi_ioctl(struct file file, request_queue_t q,
393	if (copy_from_user(rq->cmd, sic->data, cmdlen))	428	if (copy_from_user(rq->cmd, sic->data, cmdlen))
394	goto error;	429	goto error;
395		430
396	if (copy_from_user(buffer, sic->data + cmdlen, in_len))	431	if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
397	goto error;	432	goto error;
398		433
399	err = verify_command(file, rq->cmd);	434	err = verify_command(file, rq->cmd);
400	if (err)	435	if (err)
401	goto error;	436	goto error;
402		437
		438	/* default. possible overriden later */
		439	rq->retries = 5;
		440
403	switch (opcode) {	441	switch (opcode) {
404	case SEND_DIAGNOSTIC:	442	case SEND_DIAGNOSTIC:
405	case FORMAT_UNIT:	443	case FORMAT_UNIT:
406	rq->timeout = FORMAT_UNIT_TIMEOUT;	444	rq->timeout = FORMAT_UNIT_TIMEOUT;
407	break;	445	rq->retries = 1;
408	case START_STOP:	446	break;
409	rq->timeout = START_STOP_TIMEOUT;	447	case START_STOP:
410	break;	448	rq->timeout = START_STOP_TIMEOUT;
411	case MOVE_MEDIUM:	449	break;
412	rq->timeout = MOVE_MEDIUM_TIMEOUT;	450	case MOVE_MEDIUM:
413	break;	451	rq->timeout = MOVE_MEDIUM_TIMEOUT;
414	case READ_ELEMENT_STATUS:	452	break;
415	rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;	453	case READ_ELEMENT_STATUS:
416	break;	454	rq->timeout = READ_ELEMENT_STATUS_TIMEOUT;
417	case READ_DEFECT_DATA:	455	break;
418	rq->timeout = READ_DEFECT_DATA_TIMEOUT;	456	case READ_DEFECT_DATA:
419	break;	457	rq->timeout = READ_DEFECT_DATA_TIMEOUT;
420	default:	458	rq->retries = 1;
421	rq->timeout = BLK_DEFAULT_TIMEOUT;	459	break;
422	break;	460	default:
		461	rq->timeout = BLK_DEFAULT_TIMEOUT;
		462	break;
		463	}
		464
		465	if (bytes && blk_rq_map_kern(q, rq, buffer, bytes, __GFP_WAIT)) {
		466	err = DRIVER_ERROR << 24;
		467	goto out;
423	}	468	}
424		469
425	memset(sense, 0, sizeof(sense));	470	memset(sense, 0, sizeof(sense));
426	rq->sense = sense;	471	rq->sense = sense;
427	rq->sense_len = 0;	472	rq->sense_len = 0;
428
429	rq->data = buffer;
430	rq->data_len = bytes;
431	rq->flags \|= REQ_BLOCK_PC;	473	rq->flags \|= REQ_BLOCK_PC;
432	rq->retries = 0;
433		474
434	blk_execute_rq(q, bd_disk, rq, 0);	475	blk_execute_rq(q, disk, rq, 0);
		476
		477	out:
435	err = rq->errors & 0xff; /* only 8 bit SCSI status */	478	err = rq->errors & 0xff; /* only 8 bit SCSI status */
436	if (err) {	479	if (err) {
437	if (rq->sense_len && rq->sense) {	480	if (rq->sense_len && rq->sense) {
@@ -450,7 +493,7 @@ error:
450	blk_put_request(rq);	493	blk_put_request(rq);
451	return err;	494	return err;
452	}	495	}
453		496	EXPORT_SYMBOL_GPL(sg_scsi_ioctl);
454		497
455	/* Send basic block requests */	498	/* Send basic block requests */
456	static int __blk_send_generic(request_queue_t q, struct gendisk bd_disk, int cmd, int data)	499	static int __blk_send_generic(request_queue_t q, struct gendisk bd_disk, int cmd, int data)


diff --git a/drivers/scsi/scsi_ioctl.c b/drivers/scsi/scsi_ioctl.c index 36e930066649..a89aff61d3d8 100644 --- a/drivers/scsi/scsi_ioctl.c +++ b/drivers/scsi/scsi_ioctl.c
@@ -158,180 +158,6 @@ int scsi_set_medium_removal(struct scsi_device *sdev, char state)
158	EXPORT_SYMBOL(scsi_set_medium_removal);	158	EXPORT_SYMBOL(scsi_set_medium_removal);
159		159
160	/*	160	/*
161	* This interface is deprecated - users should use the scsi generic (sg)
162	* interface instead, as this is a more flexible approach to performing
163	* generic SCSI commands on a device.
164	*
165	* The structure that we are passed should look like:
166	*
167	* struct sdata {
168	* unsigned int inlen; [i] Length of data to be written to device
169	* unsigned int outlen; [i] Length of data to be read from device
170	* unsigned char cmd[x]; [i] SCSI command (6 <= x <= 12).
171	* [o] Data read from device starts here.
172	* [o] On error, sense buffer starts here.
173	* unsigned char wdata[y]; [i] Data written to device starts here.
174	* };
175	* Notes:
176	* - The SCSI command length is determined by examining the 1st byte
177	* of the given command. There is no way to override this.
178	* - Data transfers are limited to PAGE_SIZE (4K on i386, 8K on alpha).
179	* - The length (x + y) must be at least OMAX_SB_LEN bytes long to
180	* accommodate the sense buffer when an error occurs.
181	* The sense buffer is truncated to OMAX_SB_LEN (16) bytes so that
182	* old code will not be surprised.
183	* - If a Unix error occurs (e.g. ENOMEM) then the user will receive
184	* a negative return and the Unix error code in 'errno'.
185	* If the SCSI command succeeds then 0 is returned.
186	* Positive numbers returned are the compacted SCSI error codes (4
187	* bytes in one int) where the lowest byte is the SCSI status.
188	* See the drivers/scsi/scsi.h file for more information on this.
189	*
190	*/
191	#define OMAX_SB_LEN 16 /* Old sense buffer length */
192
193	int scsi_ioctl_send_command(struct scsi_device *sdev,
194	struct scsi_ioctl_command __user *sic)
195	{
196	char *buf;
197	unsigned char cmd[MAX_COMMAND_SIZE];
198	unsigned char sense[SCSI_SENSE_BUFFERSIZE];
199	char __user *cmd_in;
200	unsigned char opcode;
201	unsigned int inlen, outlen, cmdlen;
202	unsigned int needed, buf_needed;
203	int timeout, retries, result;
204	int data_direction;
205	gfp_t gfp_mask = GFP_KERNEL;
206
207	if (!sic)
208	return -EINVAL;
209
210	if (sdev->host->unchecked_isa_dma)
211	gfp_mask \|= GFP_DMA;
212
213	/*
214	* Verify that we can read at least this much.
215	*/
216	if (!access_ok(VERIFY_READ, sic, sizeof(Scsi_Ioctl_Command)))
217	return -EFAULT;
218
219	if(__get_user(inlen, &sic->inlen))
220	return -EFAULT;
221
222	if(__get_user(outlen, &sic->outlen))
223	return -EFAULT;
224
225	/*
226	* We do not transfer more than MAX_BUF with this interface.
227	* If the user needs to transfer more data than this, they
228	* should use scsi_generics (sg) instead.
229	*/
230	if (inlen > MAX_BUF)
231	return -EINVAL;
232	if (outlen > MAX_BUF)
233	return -EINVAL;
234
235	cmd_in = sic->data;
236	if(get_user(opcode, cmd_in))
237	return -EFAULT;
238
239	needed = buf_needed = (inlen > outlen ? inlen : outlen);
240	if (buf_needed) {
241	buf_needed = (buf_needed + 511) & ~511;
242	if (buf_needed > MAX_BUF)
243	buf_needed = MAX_BUF;
244	buf = kzalloc(buf_needed, gfp_mask);
245	if (!buf)
246	return -ENOMEM;
247	if (inlen == 0) {
248	data_direction = DMA_FROM_DEVICE;
249	} else if (outlen == 0 ) {
250	data_direction = DMA_TO_DEVICE;
251	} else {
252	/*
253	* Can this ever happen?
254	*/
255	data_direction = DMA_BIDIRECTIONAL;
256	}
257
258	} else {
259	buf = NULL;
260	data_direction = DMA_NONE;
261	}
262
263	/*
264	* Obtain the command from the user's address space.
265	*/
266	cmdlen = COMMAND_SIZE(opcode);
267
268	result = -EFAULT;
269
270	if (!access_ok(VERIFY_READ, cmd_in, cmdlen + inlen))
271	goto error;
272
273	if(__copy_from_user(cmd, cmd_in, cmdlen))
274	goto error;
275
276	/*
277	* Obtain the data to be sent to the device (if any).
278	*/
279
280	if(inlen && copy_from_user(buf, cmd_in + cmdlen, inlen))
281	goto error;
282
283	switch (opcode) {
284	case SEND_DIAGNOSTIC:
285	case FORMAT_UNIT:
286	timeout = FORMAT_UNIT_TIMEOUT;
287	retries = 1;
288	break;
289	case START_STOP:
290	timeout = START_STOP_TIMEOUT;
291	retries = NORMAL_RETRIES;
292	break;
293	case MOVE_MEDIUM:
294	timeout = MOVE_MEDIUM_TIMEOUT;
295	retries = NORMAL_RETRIES;
296	break;
297	case READ_ELEMENT_STATUS:
298	timeout = READ_ELEMENT_STATUS_TIMEOUT;
299	retries = NORMAL_RETRIES;
300	break;
301	case READ_DEFECT_DATA:
302	timeout = READ_DEFECT_DATA_TIMEOUT;
303	retries = 1;
304	break;
305	default:
306	timeout = IOCTL_NORMAL_TIMEOUT;
307	retries = NORMAL_RETRIES;
308	break;
309	}
310
311	result = scsi_execute(sdev, cmd, data_direction, buf, needed,
312	sense, timeout, retries, 0);
313
314	/*
315	* If there was an error condition, pass the info back to the user.
316	*/
317	if (result) {
318	int sb_len = sizeof(*sense);
319
320	sb_len = (sb_len > OMAX_SB_LEN) ? OMAX_SB_LEN : sb_len;
321	if (copy_to_user(cmd_in, sense, sb_len))
322	result = -EFAULT;
323	} else {
324	if (outlen && copy_to_user(cmd_in, buf, outlen))
325	result = -EFAULT;
326	}
327
328	error:
329	kfree(buf);
330	return result;
331	}
332	EXPORT_SYMBOL(scsi_ioctl_send_command);
333
334	/*
335	* The scsi_ioctl_get_pci() function places into arg the value	161	* The scsi_ioctl_get_pci() function places into arg the value
336	* pci_dev::slot_name (8 characters) for the PCI device (if any).	162	* pci_dev::slot_name (8 characters) for the PCI device (if any).
337	* Returns: 0 on success	163	* Returns: 0 on success
@@ -409,7 +235,7 @@ int scsi_ioctl(struct scsi_device sdev, int cmd, void __user arg)
409	case SCSI_IOCTL_SEND_COMMAND:	235	case SCSI_IOCTL_SEND_COMMAND:
410	if (!capable(CAP_SYS_ADMIN) \|\| !capable(CAP_SYS_RAWIO))	236	if (!capable(CAP_SYS_ADMIN) \|\| !capable(CAP_SYS_RAWIO))
411	return -EACCES;	237	return -EACCES;
412	return scsi_ioctl_send_command(sdev, arg);	238	return sg_scsi_ioctl(NULL, sdev->request_queue, NULL, arg);
413	case SCSI_IOCTL_DOORLOCK:	239	case SCSI_IOCTL_DOORLOCK:
414	return scsi_set_medium_removal(sdev, SCSI_REMOVAL_PREVENT);	240	return scsi_set_medium_removal(sdev, SCSI_REMOVAL_PREVENT);
415	case SCSI_IOCTL_DOORUNLOCK:	241	case SCSI_IOCTL_DOORUNLOCK:


diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 7405d0df95db..fcf9243dfa7d 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c
@@ -1044,7 +1044,7 @@ sg_ioctl(struct inode inode, struct file filp,
1044	if (!sg_allow_access(opcode, sdp->device->type))	1044	if (!sg_allow_access(opcode, sdp->device->type))
1045	return -EPERM;	1045	return -EPERM;
1046	}	1046	}
1047	return scsi_ioctl_send_command(sdp->device, p);	1047	return sg_scsi_ioctl(filp, sdp->device->request_queue, NULL, p);
1048	case SG_SET_DEBUG:	1048	case SG_SET_DEBUG:
1049	result = get_user(val, ip);	1049	result = get_user(val, ip);
1050	if (result)	1050	if (result)


diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index d0cac8b58de7..59e1259b1c40 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h
@@ -17,6 +17,8 @@
17		17
18	#include <asm/scatterlist.h>	18	#include <asm/scatterlist.h>
19		19
		20	struct scsi_ioctl_command;
		21
20	struct request_queue;	22	struct request_queue;
21	typedef struct request_queue request_queue_t;	23	typedef struct request_queue request_queue_t;
22	struct elevator_queue;	24	struct elevator_queue;
@@ -611,6 +613,8 @@ extern void blk_plug_device(request_queue_t *);
611	extern int blk_remove_plug(request_queue_t *);	613	extern int blk_remove_plug(request_queue_t *);
612	extern void blk_recount_segments(request_queue_t , struct bio );	614	extern void blk_recount_segments(request_queue_t , struct bio );
613	extern int scsi_cmd_ioctl(struct file , struct gendisk , unsigned int, void __user *);	615	extern int scsi_cmd_ioctl(struct file , struct gendisk , unsigned int, void __user *);
		616	extern int sg_scsi_ioctl(struct file , struct request_queue ,
		617	struct gendisk , struct scsi_ioctl_command __user );
614	extern void blk_start_queue(request_queue_t *q);	618	extern void blk_start_queue(request_queue_t *q);
615	extern void blk_stop_queue(request_queue_t *q);	619	extern void blk_stop_queue(request_queue_t *q);
616	extern void blk_sync_queue(struct request_queue *q);	620	extern void blk_sync_queue(struct request_queue *q);


diff --git a/include/scsi/scsi_ioctl.h b/include/scsi/scsi_ioctl.h index d4be4d92d586..edb9525386da 100644 --- a/include/scsi/scsi_ioctl.h +++ b/include/scsi/scsi_ioctl.h
@@ -41,8 +41,6 @@ typedef struct scsi_fctargaddress {
41	} Scsi_FCTargAddress;	41	} Scsi_FCTargAddress;
42		42
43	extern int scsi_ioctl(struct scsi_device , int, void __user );	43	extern int scsi_ioctl(struct scsi_device , int, void __user );
44	extern int scsi_ioctl_send_command(struct scsi_device *,
45	struct scsi_ioctl_command __user *);
46	extern int scsi_nonblockable_ioctl(struct scsi_device *sdev, int cmd,	44	extern int scsi_nonblockable_ioctl(struct scsi_device *sdev, int cmd,
47	void __user arg, struct file filp);	45	void __user arg, struct file filp);
48		46