aboutsummaryrefslogtreecommitdiffstats
path: root/block/bsg.c
diff options
context:
space:
mode:
authorFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>2008-08-16 01:10:05 -0400
committerJens Axboe <jens.axboe@oracle.com>2008-08-27 03:50:19 -0400
commitabf5439370491dd6fbb4fe1a7939680d2a9bc9d4 (patch)
treeaa3630557fe4a4bc6313617f5770af30eec68515 /block/bsg.c
parent1941246dd98089dd637f44d3bd4f6cc1c61aa9e4 (diff)
block: move cmdfilter from gendisk to request_queue
cmd_filter works only for the block layer SG_IO with SCSI block devices. It breaks scsi/sg.c, bsg, and the block layer SG_IO with SCSI character devices (such as st). We hit a kernel crash with them. The problem is that cmd_filter code accesses to gendisk (having struct blk_scsi_cmd_filter) via inode->i_bdev->bd_disk. It works for only SCSI block device files. With character device files, inode->i_bdev leads you to struct cdev. inode->i_bdev->bd_disk->blk_scsi_cmd_filter isn't safe. SCSI ULDs don't expose gendisk; they keep it private. bsg needs to be independent on any protocols. We shouldn't change ULDs to expose their gendisk. This patch moves struct blk_scsi_cmd_filter from gendisk to request_queue, a common object, which eveyone can access to. The user interface doesn't change; users can change the filters via /sys/block/. gendisk has a pointer to request_queue so the cmd_filter code accesses to struct blk_scsi_cmd_filter. Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Diffstat (limited to 'block/bsg.c')
-rw-r--r--block/bsg.c44
1 files changed, 11 insertions, 33 deletions
diff --git a/block/bsg.c b/block/bsg.c
index 5a68b09a69ba..0aae8d7ba99c 100644
--- a/block/bsg.c
+++ b/block/bsg.c
@@ -45,8 +45,6 @@ struct bsg_device {
45 char name[BUS_ID_SIZE]; 45 char name[BUS_ID_SIZE];
46 int max_queue; 46 int max_queue;
47 unsigned long flags; 47 unsigned long flags;
48 struct blk_scsi_cmd_filter *cmd_filter;
49 mode_t *f_mode;
50}; 48};
51 49
52enum { 50enum {
@@ -174,7 +172,8 @@ unlock:
174} 172}
175 173
176static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq, 174static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq,
177 struct sg_io_v4 *hdr, struct bsg_device *bd) 175 struct sg_io_v4 *hdr, struct bsg_device *bd,
176 int has_write_perm)
178{ 177{
179 if (hdr->request_len > BLK_MAX_CDB) { 178 if (hdr->request_len > BLK_MAX_CDB) {
180 rq->cmd = kzalloc(hdr->request_len, GFP_KERNEL); 179 rq->cmd = kzalloc(hdr->request_len, GFP_KERNEL);
@@ -187,8 +186,7 @@ static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq,
187 return -EFAULT; 186 return -EFAULT;
188 187
189 if (hdr->subprotocol == BSG_SUB_PROTOCOL_SCSI_CMD) { 188 if (hdr->subprotocol == BSG_SUB_PROTOCOL_SCSI_CMD) {
190 if (blk_cmd_filter_verify_command(bd->cmd_filter, rq->cmd, 189 if (blk_verify_command(&q->cmd_filter, rq->cmd, has_write_perm))
191 bd->f_mode))
192 return -EPERM; 190 return -EPERM;
193 } else if (!capable(CAP_SYS_RAWIO)) 191 } else if (!capable(CAP_SYS_RAWIO))
194 return -EPERM; 192 return -EPERM;
@@ -244,7 +242,7 @@ bsg_validate_sgv4_hdr(struct request_queue *q, struct sg_io_v4 *hdr, int *rw)
244 * map sg_io_v4 to a request. 242 * map sg_io_v4 to a request.
245 */ 243 */
246static struct request * 244static struct request *
247bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr) 245bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr, int has_write_perm)
248{ 246{
249 struct request_queue *q = bd->queue; 247 struct request_queue *q = bd->queue;
250 struct request *rq, *next_rq = NULL; 248 struct request *rq, *next_rq = NULL;
@@ -266,7 +264,7 @@ bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr)
266 rq = blk_get_request(q, rw, GFP_KERNEL); 264 rq = blk_get_request(q, rw, GFP_KERNEL);
267 if (!rq) 265 if (!rq)
268 return ERR_PTR(-ENOMEM); 266 return ERR_PTR(-ENOMEM);
269 ret = blk_fill_sgv4_hdr_rq(q, rq, hdr, bd); 267 ret = blk_fill_sgv4_hdr_rq(q, rq, hdr, bd, has_write_perm);
270 if (ret) 268 if (ret)
271 goto out; 269 goto out;
272 270
@@ -568,25 +566,6 @@ static inline void bsg_set_block(struct bsg_device *bd, struct file *file)
568 set_bit(BSG_F_BLOCK, &bd->flags); 566 set_bit(BSG_F_BLOCK, &bd->flags);
569} 567}
570 568
571static void bsg_set_cmd_filter(struct bsg_device *bd,
572 struct file *file)
573{
574 struct inode *inode;
575 struct gendisk *disk;
576
577 if (!file)
578 return;
579
580 inode = file->f_dentry->d_inode;
581 if (!inode)
582 return;
583
584 disk = inode->i_bdev->bd_disk;
585
586 bd->cmd_filter = &disk->cmd_filter;
587 bd->f_mode = &file->f_mode;
588}
589
590/* 569/*
591 * Check if the error is a "real" error that we should return. 570 * Check if the error is a "real" error that we should return.
592 */ 571 */
@@ -608,7 +587,6 @@ bsg_read(struct file *file, char __user *buf, size_t count, loff_t *ppos)
608 dprintk("%s: read %Zd bytes\n", bd->name, count); 587 dprintk("%s: read %Zd bytes\n", bd->name, count);
609 588
610 bsg_set_block(bd, file); 589 bsg_set_block(bd, file);
611 bsg_set_cmd_filter(bd, file);
612 590
613 bytes_read = 0; 591 bytes_read = 0;
614 ret = __bsg_read(buf, count, bd, NULL, &bytes_read); 592 ret = __bsg_read(buf, count, bd, NULL, &bytes_read);
@@ -621,7 +599,7 @@ bsg_read(struct file *file, char __user *buf, size_t count, loff_t *ppos)
621} 599}
622 600
623static int __bsg_write(struct bsg_device *bd, const char __user *buf, 601static int __bsg_write(struct bsg_device *bd, const char __user *buf,
624 size_t count, ssize_t *bytes_written) 602 size_t count, ssize_t *bytes_written, int has_write_perm)
625{ 603{
626 struct bsg_command *bc; 604 struct bsg_command *bc;
627 struct request *rq; 605 struct request *rq;
@@ -652,7 +630,7 @@ static int __bsg_write(struct bsg_device *bd, const char __user *buf,
652 /* 630 /*
653 * get a request, fill in the blanks, and add to request queue 631 * get a request, fill in the blanks, and add to request queue
654 */ 632 */
655 rq = bsg_map_hdr(bd, &bc->hdr); 633 rq = bsg_map_hdr(bd, &bc->hdr, has_write_perm);
656 if (IS_ERR(rq)) { 634 if (IS_ERR(rq)) {
657 ret = PTR_ERR(rq); 635 ret = PTR_ERR(rq);
658 rq = NULL; 636 rq = NULL;
@@ -683,10 +661,11 @@ bsg_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos)
683 dprintk("%s: write %Zd bytes\n", bd->name, count); 661 dprintk("%s: write %Zd bytes\n", bd->name, count);
684 662
685 bsg_set_block(bd, file); 663 bsg_set_block(bd, file);
686 bsg_set_cmd_filter(bd, file);
687 664
688 bytes_written = 0; 665 bytes_written = 0;
689 ret = __bsg_write(bd, buf, count, &bytes_written); 666 ret = __bsg_write(bd, buf, count, &bytes_written,
667 file->f_mode & FMODE_WRITE);
668
690 *ppos = bytes_written; 669 *ppos = bytes_written;
691 670
692 /* 671 /*
@@ -792,7 +771,6 @@ static struct bsg_device *bsg_add_device(struct inode *inode,
792 bd->queue = rq; 771 bd->queue = rq;
793 772
794 bsg_set_block(bd, file); 773 bsg_set_block(bd, file);
795 bsg_set_cmd_filter(bd, file);
796 774
797 atomic_set(&bd->ref_count, 1); 775 atomic_set(&bd->ref_count, 1);
798 mutex_lock(&bsg_mutex); 776 mutex_lock(&bsg_mutex);
@@ -943,7 +921,7 @@ static long bsg_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
943 if (copy_from_user(&hdr, uarg, sizeof(hdr))) 921 if (copy_from_user(&hdr, uarg, sizeof(hdr)))
944 return -EFAULT; 922 return -EFAULT;
945 923
946 rq = bsg_map_hdr(bd, &hdr); 924 rq = bsg_map_hdr(bd, &hdr, file->f_mode & FMODE_WRITE);
947 if (IS_ERR(rq)) 925 if (IS_ERR(rq))
948 return PTR_ERR(rq); 926 return PTR_ERR(rq);
949 927
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-21 00:31:42 -0400