diff options
Diffstat (limited to 'drivers/scsi/sg.c')
-rw-r--r-- | drivers/scsi/sg.c | 60 |
1 files changed, 23 insertions, 37 deletions
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 2010fa039cfe..d3b8ebb83776 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c | |||
@@ -49,6 +49,7 @@ static int sg_version_num = 30534; /* 2 digits for each component */ | |||
49 | #include <linux/delay.h> | 49 | #include <linux/delay.h> |
50 | #include <linux/scatterlist.h> | 50 | #include <linux/scatterlist.h> |
51 | #include <linux/blktrace_api.h> | 51 | #include <linux/blktrace_api.h> |
52 | #include <linux/smp_lock.h> | ||
52 | 53 | ||
53 | #include "scsi.h" | 54 | #include "scsi.h" |
54 | #include <scsi/scsi_dbg.h> | 55 | #include <scsi/scsi_dbg.h> |
@@ -182,8 +183,9 @@ static int sg_build_sgat(Sg_scatter_hold * schp, const Sg_fd * sfp, | |||
182 | int tablesize); | 183 | int tablesize); |
183 | static ssize_t sg_new_read(Sg_fd * sfp, char __user *buf, size_t count, | 184 | static ssize_t sg_new_read(Sg_fd * sfp, char __user *buf, size_t count, |
184 | Sg_request * srp); | 185 | Sg_request * srp); |
185 | static ssize_t sg_new_write(Sg_fd * sfp, const char __user *buf, size_t count, | 186 | static ssize_t sg_new_write(Sg_fd *sfp, struct file *file, |
186 | int blocking, int read_only, Sg_request ** o_srp); | 187 | const char __user *buf, size_t count, int blocking, |
188 | int read_only, Sg_request **o_srp); | ||
187 | static int sg_common_write(Sg_fd * sfp, Sg_request * srp, | 189 | static int sg_common_write(Sg_fd * sfp, Sg_request * srp, |
188 | unsigned char *cmnd, int timeout, int blocking); | 190 | unsigned char *cmnd, int timeout, int blocking); |
189 | static int sg_u_iovec(sg_io_hdr_t * hp, int sg_num, int ind, | 191 | static int sg_u_iovec(sg_io_hdr_t * hp, int sg_num, int ind, |
@@ -204,7 +206,6 @@ static Sg_request *sg_get_rq_mark(Sg_fd * sfp, int pack_id); | |||
204 | static Sg_request *sg_add_request(Sg_fd * sfp); | 206 | static Sg_request *sg_add_request(Sg_fd * sfp); |
205 | static int sg_remove_request(Sg_fd * sfp, Sg_request * srp); | 207 | static int sg_remove_request(Sg_fd * sfp, Sg_request * srp); |
206 | static int sg_res_in_use(Sg_fd * sfp); | 208 | static int sg_res_in_use(Sg_fd * sfp); |
207 | static int sg_allow_access(unsigned char opcode, char dev_type); | ||
208 | static int sg_build_direct(Sg_request * srp, Sg_fd * sfp, int dxfer_len); | 209 | static int sg_build_direct(Sg_request * srp, Sg_fd * sfp, int dxfer_len); |
209 | static Sg_device *sg_get_dev(int dev); | 210 | static Sg_device *sg_get_dev(int dev); |
210 | #ifdef CONFIG_SCSI_PROC_FS | 211 | #ifdef CONFIG_SCSI_PROC_FS |
@@ -227,19 +228,26 @@ sg_open(struct inode *inode, struct file *filp) | |||
227 | int res; | 228 | int res; |
228 | int retval; | 229 | int retval; |
229 | 230 | ||
231 | lock_kernel(); | ||
230 | nonseekable_open(inode, filp); | 232 | nonseekable_open(inode, filp); |
231 | SCSI_LOG_TIMEOUT(3, printk("sg_open: dev=%d, flags=0x%x\n", dev, flags)); | 233 | SCSI_LOG_TIMEOUT(3, printk("sg_open: dev=%d, flags=0x%x\n", dev, flags)); |
232 | sdp = sg_get_dev(dev); | 234 | sdp = sg_get_dev(dev); |
233 | if ((!sdp) || (!sdp->device)) | 235 | if ((!sdp) || (!sdp->device)) { |
236 | unlock_kernel(); | ||
234 | return -ENXIO; | 237 | return -ENXIO; |
235 | if (sdp->detached) | 238 | } |
239 | if (sdp->detached) { | ||
240 | unlock_kernel(); | ||
236 | return -ENODEV; | 241 | return -ENODEV; |
242 | } | ||
237 | 243 | ||
238 | /* This driver's module count bumped by fops_get in <linux/fs.h> */ | 244 | /* This driver's module count bumped by fops_get in <linux/fs.h> */ |
239 | /* Prevent the device driver from vanishing while we sleep */ | 245 | /* Prevent the device driver from vanishing while we sleep */ |
240 | retval = scsi_device_get(sdp->device); | 246 | retval = scsi_device_get(sdp->device); |
241 | if (retval) | 247 | if (retval) { |
248 | unlock_kernel(); | ||
242 | return retval; | 249 | return retval; |
250 | } | ||
243 | 251 | ||
244 | if (!((flags & O_NONBLOCK) || | 252 | if (!((flags & O_NONBLOCK) || |
245 | scsi_block_when_processing_errors(sdp->device))) { | 253 | scsi_block_when_processing_errors(sdp->device))) { |
@@ -295,10 +303,12 @@ sg_open(struct inode *inode, struct file *filp) | |||
295 | retval = -ENOMEM; | 303 | retval = -ENOMEM; |
296 | goto error_out; | 304 | goto error_out; |
297 | } | 305 | } |
306 | unlock_kernel(); | ||
298 | return 0; | 307 | return 0; |
299 | 308 | ||
300 | error_out: | 309 | error_out: |
301 | scsi_device_put(sdp->device); | 310 | scsi_device_put(sdp->device); |
311 | unlock_kernel(); | ||
302 | return retval; | 312 | return retval; |
303 | } | 313 | } |
304 | 314 | ||
@@ -544,7 +554,7 @@ sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos) | |||
544 | return -EFAULT; | 554 | return -EFAULT; |
545 | blocking = !(filp->f_flags & O_NONBLOCK); | 555 | blocking = !(filp->f_flags & O_NONBLOCK); |
546 | if (old_hdr.reply_len < 0) | 556 | if (old_hdr.reply_len < 0) |
547 | return sg_new_write(sfp, buf, count, blocking, 0, NULL); | 557 | return sg_new_write(sfp, filp, buf, count, blocking, 0, NULL); |
548 | if (count < (SZ_SG_HEADER + 6)) | 558 | if (count < (SZ_SG_HEADER + 6)) |
549 | return -EIO; /* The minimum scsi command length is 6 bytes. */ | 559 | return -EIO; /* The minimum scsi command length is 6 bytes. */ |
550 | 560 | ||
@@ -621,8 +631,9 @@ sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos) | |||
621 | } | 631 | } |
622 | 632 | ||
623 | static ssize_t | 633 | static ssize_t |
624 | sg_new_write(Sg_fd * sfp, const char __user *buf, size_t count, | 634 | sg_new_write(Sg_fd *sfp, struct file *file, const char __user *buf, |
625 | int blocking, int read_only, Sg_request ** o_srp) | 635 | size_t count, int blocking, int read_only, |
636 | Sg_request **o_srp) | ||
626 | { | 637 | { |
627 | int k; | 638 | int k; |
628 | Sg_request *srp; | 639 | Sg_request *srp; |
@@ -678,8 +689,7 @@ sg_new_write(Sg_fd * sfp, const char __user *buf, size_t count, | |||
678 | sg_remove_request(sfp, srp); | 689 | sg_remove_request(sfp, srp); |
679 | return -EFAULT; | 690 | return -EFAULT; |
680 | } | 691 | } |
681 | if (read_only && | 692 | if (read_only && !blk_verify_command(file, cmnd)) { |
682 | (!sg_allow_access(cmnd[0], sfp->parentdp->device->type))) { | ||
683 | sg_remove_request(sfp, srp); | 693 | sg_remove_request(sfp, srp); |
684 | return -EPERM; | 694 | return -EPERM; |
685 | } | 695 | } |
@@ -799,7 +809,7 @@ sg_ioctl(struct inode *inode, struct file *filp, | |||
799 | if (!access_ok(VERIFY_WRITE, p, SZ_SG_IO_HDR)) | 809 | if (!access_ok(VERIFY_WRITE, p, SZ_SG_IO_HDR)) |
800 | return -EFAULT; | 810 | return -EFAULT; |
801 | result = | 811 | result = |
802 | sg_new_write(sfp, p, SZ_SG_IO_HDR, | 812 | sg_new_write(sfp, filp, p, SZ_SG_IO_HDR, |
803 | blocking, read_only, &srp); | 813 | blocking, read_only, &srp); |
804 | if (result < 0) | 814 | if (result < 0) |
805 | return result; | 815 | return result; |
@@ -1051,7 +1061,7 @@ sg_ioctl(struct inode *inode, struct file *filp, | |||
1051 | 1061 | ||
1052 | if (copy_from_user(&opcode, siocp->data, 1)) | 1062 | if (copy_from_user(&opcode, siocp->data, 1)) |
1053 | return -EFAULT; | 1063 | return -EFAULT; |
1054 | if (!sg_allow_access(opcode, sdp->device->type)) | 1064 | if (!blk_verify_command(filp, &opcode)) |
1055 | return -EPERM; | 1065 | return -EPERM; |
1056 | } | 1066 | } |
1057 | return sg_scsi_ioctl(filp, sdp->device->request_queue, NULL, p); | 1067 | return sg_scsi_ioctl(filp, sdp->device->request_queue, NULL, p); |
@@ -2505,30 +2515,6 @@ sg_page_free(struct page *page, int size) | |||
2505 | __free_pages(page, order); | 2515 | __free_pages(page, order); |
2506 | } | 2516 | } |
2507 | 2517 | ||
2508 | #ifndef MAINTENANCE_IN_CMD | ||
2509 | #define MAINTENANCE_IN_CMD 0xa3 | ||
2510 | #endif | ||
2511 | |||
2512 | static unsigned char allow_ops[] = { TEST_UNIT_READY, REQUEST_SENSE, | ||
2513 | INQUIRY, READ_CAPACITY, READ_BUFFER, READ_6, READ_10, READ_12, | ||
2514 | READ_16, MODE_SENSE, MODE_SENSE_10, LOG_SENSE, REPORT_LUNS, | ||
2515 | SERVICE_ACTION_IN, RECEIVE_DIAGNOSTIC, READ_LONG, MAINTENANCE_IN_CMD | ||
2516 | }; | ||
2517 | |||
2518 | static int | ||
2519 | sg_allow_access(unsigned char opcode, char dev_type) | ||
2520 | { | ||
2521 | int k; | ||
2522 | |||
2523 | if (TYPE_SCANNER == dev_type) /* TYPE_ROM maybe burner */ | ||
2524 | return 1; | ||
2525 | for (k = 0; k < sizeof (allow_ops); ++k) { | ||
2526 | if (opcode == allow_ops[k]) | ||
2527 | return 1; | ||
2528 | } | ||
2529 | return 0; | ||
2530 | } | ||
2531 | |||
2532 | #ifdef CONFIG_SCSI_PROC_FS | 2518 | #ifdef CONFIG_SCSI_PROC_FS |
2533 | static int | 2519 | static int |
2534 | sg_idr_max_id(int id, void *p, void *data) | 2520 | sg_idr_max_id(int id, void *p, void *data) |