1 /*        $NetBSD: scsipi_ioctl.c,v 1.73 2019/12/27 09:41:51 msaitoh Exp $      */
2 
3 /*-
4  * Copyright (c) 1998, 2004 The NetBSD Foundation, Inc.
5  * All rights reserved.
6  *
7  * This code is derived from software contributed to The NetBSD Foundation
8  * by Charles M. Hannum.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29  * POSSIBILITY OF SUCH DAMAGE.
30  */
31 
32 /*
33  * Contributed by HD Associates (hd@world.std.com).
34  * Copyright (c) 1992, 1993 HD Associates
35  *
36  * Berkeley style copyright.
37  */
38 
39 #include <sys/cdefs.h>
40 __KERNEL_RCSID(0, "$NetBSD: scsipi_ioctl.c,v 1.73 2019/12/27 09:41:51 msaitoh Exp $");
41 
42 #ifdef _KERNEL_OPT
43 #include "opt_compat_freebsd.h"
44 #include "opt_compat_netbsd.h"
45 #endif
46 
47 #include <sys/param.h>
48 #include <sys/errno.h>
49 #include <sys/systm.h>
50 #include <sys/malloc.h>
51 #include <sys/buf.h>
52 #include <sys/proc.h>
53 #include <sys/device.h>
54 #include <sys/fcntl.h>
55 
56 #include <dev/scsipi/scsipi_all.h>
57 #include <dev/scsipi/scsipiconf.h>
58 #include <dev/scsipi/scsipi_base.h>
59 #include <dev/scsipi/scsiconf.h>
60 #include <sys/scsiio.h>
61 
62 #include "scsibus.h"
63 #include "atapibus.h"
64 
65 struct scsi_ioctl {
66           LIST_ENTRY(scsi_ioctl) si_list;
67           struct buf si_bp;
68           struct uio si_uio;
69           struct iovec si_iov;
70           scsireq_t si_screq;
71           struct scsipi_periph *si_periph;
72 };
73 
74 static LIST_HEAD(, scsi_ioctl) si_head;
75 static kmutex_t si_lock;
76 
77 void
scsipi_ioctl_init(void)78 scsipi_ioctl_init(void)
79 {
80 
81           mutex_init(&si_lock, MUTEX_DEFAULT, IPL_BIO);
82 }
83 
84 static struct scsi_ioctl *
si_get(void)85 si_get(void)
86 {
87           struct scsi_ioctl *si;
88 
89           si = malloc(sizeof(struct scsi_ioctl), M_TEMP, M_WAITOK|M_ZERO);
90           buf_init(&si->si_bp);
91           mutex_enter(&si_lock);
92           LIST_INSERT_HEAD(&si_head, si, si_list);
93           mutex_exit(&si_lock);
94           return (si);
95 }
96 
97 static void
si_free(struct scsi_ioctl * si)98 si_free(struct scsi_ioctl *si)
99 {
100 
101           mutex_enter(&si_lock);
102           LIST_REMOVE(si, si_list);
103           mutex_exit(&si_lock);
104           buf_destroy(&si->si_bp);
105           free(si, M_TEMP);
106 }
107 
108 static struct scsi_ioctl *
si_find(struct buf * bp)109 si_find(struct buf *bp)
110 {
111           struct scsi_ioctl *si;
112 
113           mutex_enter(&si_lock);
114           for (si = si_head.lh_first; si != 0; si = si->si_list.le_next)
115                     if (bp == &si->si_bp)
116                               break;
117           mutex_exit(&si_lock);
118           return (si);
119 }
120 
121 /*
122  * We let the user interpret his own sense in the generic scsi world.
123  * This routine is called at interrupt time if the XS_CTL_USERCMD bit was set
124  * in the flags passed to scsi_scsipi_cmd(). No other completion processing
125  * takes place, even if we are running over another device driver.
126  * The lower level routines that call us here, will free the xs and restart
127  * the device's queue if such exists.
128  */
129 void
scsipi_user_done(struct scsipi_xfer * xs)130 scsipi_user_done(struct scsipi_xfer *xs)
131 {
132           struct buf *bp;
133           struct scsi_ioctl *si;
134           scsireq_t *screq;
135           struct scsipi_periph *periph = xs->xs_periph;
136 
137           bp = xs->bp;
138 #ifdef DIAGNOSTIC
139           if (bp == NULL) {
140                     scsipi_printaddr(periph);
141                     printf("user command with no buf\n");
142                     panic("scsipi_user_done");
143           }
144 #endif
145           si = si_find(bp);
146 #ifdef DIAGNOSTIC
147           if (si == NULL) {
148                     scsipi_printaddr(periph);
149                     printf("user command with no ioctl\n");
150                     panic("scsipi_user_done");
151           }
152 #endif
153 
154           screq = &si->si_screq;
155 
156           SC_DEBUG(xs->xs_periph, SCSIPI_DB2, ("user-done\n"));
157 
158           screq->retsts = 0;
159           screq->status = xs->status;
160           switch (xs->error) {
161           case XS_NOERROR:
162                     SC_DEBUG(periph, SCSIPI_DB3, ("no error\n"));
163                     screq->datalen_used =
164                         xs->datalen - xs->resid;  /* probably rubbish */
165                     screq->retsts = SCCMD_OK;
166                     break;
167           case XS_SENSE:
168                     SC_DEBUG(periph, SCSIPI_DB3, ("have sense\n"));
169                     screq->senselen_used = uimin(sizeof(xs->sense.scsi_sense),
170                         SENSEBUFLEN);
171                     memcpy(screq->sense, &xs->sense.scsi_sense,
172                         screq->senselen_used);
173                     screq->retsts = SCCMD_SENSE;
174                     break;
175           case XS_SHORTSENSE:
176                     SC_DEBUG(periph, SCSIPI_DB3, ("have short sense\n"));
177                     screq->senselen_used = uimin(sizeof(xs->sense.atapi_sense),
178                         SENSEBUFLEN);
179                     memcpy(screq->sense, &xs->sense.atapi_sense,
180                         screq->senselen_used);
181                     screq->retsts = SCCMD_UNKNOWN; /* XXX need a shortsense here */
182                     break;
183           case XS_DRIVER_STUFFUP:
184                     scsipi_printaddr(periph);
185                     printf("passthrough: adapter inconsistency\n");
186                     screq->retsts = SCCMD_UNKNOWN;
187                     break;
188           case XS_SELTIMEOUT:
189                     SC_DEBUG(periph, SCSIPI_DB3, ("seltimeout\n"));
190                     screq->retsts = SCCMD_TIMEOUT;
191                     break;
192           case XS_TIMEOUT:
193                     SC_DEBUG(periph, SCSIPI_DB3, ("timeout\n"));
194                     screq->retsts = SCCMD_TIMEOUT;
195                     break;
196           case XS_BUSY:
197                     SC_DEBUG(periph, SCSIPI_DB3, ("busy\n"));
198                     screq->retsts = SCCMD_BUSY;
199                     break;
200           default:
201                     scsipi_printaddr(periph);
202                     printf("unknown error category %d from adapter\n",
203                         xs->error);
204                     screq->retsts = SCCMD_UNKNOWN;
205                     break;
206           }
207 
208           if (xs->xs_control & XS_CTL_ASYNC) {
209                     mutex_enter(chan_mtx(periph->periph_channel));
210                     scsipi_put_xs(xs);
211                     mutex_exit(chan_mtx(periph->periph_channel));
212           }
213 }
214 
215 
216 /* Pseudo strategy function
217  * Called by scsipi_do_ioctl() via physio/physstrat if there is to
218  * be data transferred, and directly if there is no data transfer.
219  *
220  * Should I reorganize this so it returns to physio instead
221  * of sleeping in scsiio_scsipi_cmd?  Is there any advantage, other
222  * than avoiding the probable duplicate wakeup in iodone? [PD]
223  *
224  * No, seems ok to me... [JRE]
225  * (I don't see any duplicate wakeups)
226  *
227  * Can't be used with block devices or raw_read/raw_write directly
228  * from the cdevsw/bdevsw tables because they couldn't have added
229  * the screq structure. [JRE]
230  */
231 static void
scsistrategy(struct buf * bp)232 scsistrategy(struct buf *bp)
233 {
234           struct scsi_ioctl *si;
235           scsireq_t *screq;
236           struct scsipi_periph *periph;
237           int error;
238           int flags = 0;
239 
240           si = si_find(bp);
241           if (si == NULL) {
242                     printf("scsistrategy: "
243                         "No matching ioctl request found in queue\n");
244                     error = EINVAL;
245                     goto done;
246           }
247           screq = &si->si_screq;
248           periph = si->si_periph;
249           SC_DEBUG(periph, SCSIPI_DB2, ("user_strategy\n"));
250 
251           /*
252            * We're in trouble if physio tried to break up the transfer.
253            */
254           if (bp->b_bcount != screq->datalen) {
255                     scsipi_printaddr(periph);
256                     printf("physio split the request.. cannot proceed\n");
257                     error = EIO;
258                     goto done;
259           }
260 
261           if (screq->timeout == 0) {
262                     error = EINVAL;
263                     goto done;
264           }
265 
266           if (screq->cmdlen > sizeof(struct scsipi_generic)) {
267                     scsipi_printaddr(periph);
268                     printf("cmdlen too big\n");
269                     error = EFAULT;
270                     goto done;
271           }
272 
273           if ((screq->flags & SCCMD_READ) && screq->datalen > 0)
274                     flags |= XS_CTL_DATA_IN;
275           if ((screq->flags & SCCMD_WRITE) && screq->datalen > 0)
276                     flags |= XS_CTL_DATA_OUT;
277           if (screq->flags & SCCMD_TARGET)
278                     flags |= XS_CTL_TARGET;
279           if (screq->flags & SCCMD_ESCAPE)
280                     flags |= XS_CTL_ESCAPE;
281 
282           error = scsipi_command(periph, (void *)screq->cmd, screq->cmdlen,
283               (void *)bp->b_data, screq->datalen,
284               0, /* user must do the retries *//* ignored */
285               screq->timeout, bp, flags | XS_CTL_USERCMD);
286 
287 done:
288           if (error)
289                     bp->b_resid = bp->b_bcount;
290           bp->b_error = error;
291           biodone(bp);
292           return;
293 }
294 
295 /*
296  * Something (e.g. another driver) has called us
297  * with a periph and a scsi-specific ioctl to perform,
298  * better try.  If user-level type command, we must
299  * still be running in the context of the calling process
300  */
301 int
scsipi_do_ioctl(struct scsipi_periph * periph,dev_t dev,u_long cmd,void * addr,int flag,struct lwp * l)302 scsipi_do_ioctl(struct scsipi_periph *periph, dev_t dev, u_long cmd,
303     void *addr, int flag, struct lwp *l)
304 {
305           int error;
306 
307           SC_DEBUG(periph, SCSIPI_DB2, ("scsipi_do_ioctl(0x%lx)\n", cmd));
308 
309           if (addr == NULL)
310                     return EINVAL;
311 
312           /* Check for the safe-ness of this request. */
313           switch (cmd) {
314           case OSCIOCIDENTIFY:
315           case SCIOCIDENTIFY:
316                     break;
317           case SCIOCCOMMAND:
318                     if ((((scsireq_t *)addr)->flags & SCCMD_READ) == 0 &&
319                         (flag & FWRITE) == 0)
320                               return (EBADF);
321                     break;
322           default:
323                     if ((flag & FWRITE) == 0)
324                               return (EBADF);
325           }
326 
327           switch (cmd) {
328           case SCIOCCOMMAND: {
329                     scsireq_t *screq = (scsireq_t *)addr;
330                     struct scsi_ioctl *si;
331                     int len;
332 
333                     len = screq->datalen;
334 
335                     /*
336                      * If there is data, there must be a data buffer and a direction specified
337                      */
338                     if (len > 0 && (screq->databuf == NULL ||
339                         (screq->flags & (SCCMD_READ|SCCMD_WRITE)) == 0))
340                               return (EINVAL);
341 
342                     si = si_get();
343                     si->si_screq = *screq;
344                     si->si_periph = periph;
345                     if (len) {
346                               si->si_iov.iov_base = screq->databuf;
347                               si->si_iov.iov_len = len;
348                               si->si_uio.uio_iov = &si->si_iov;
349                               si->si_uio.uio_iovcnt = 1;
350                               si->si_uio.uio_resid = len;
351                               si->si_uio.uio_offset = 0;
352                               si->si_uio.uio_rw =
353                                   (screq->flags & SCCMD_READ) ? UIO_READ : UIO_WRITE;
354                               if ((flag & FKIOCTL) == 0) {
355                                         si->si_uio.uio_vmspace = l->l_proc->p_vmspace;
356                               } else {
357                                         UIO_SETUP_SYSSPACE(&si->si_uio);
358                               }
359                               error = physio(scsistrategy, &si->si_bp, dev,
360                                   (screq->flags & SCCMD_READ) ? B_READ : B_WRITE,
361                                   periph->periph_channel->chan_adapter->adapt_minphys,
362                                   &si->si_uio);
363                     } else {
364                               /* if no data, no need to translate it.. */
365                               si->si_bp.b_flags = 0;
366                               si->si_bp.b_data = 0;
367                               si->si_bp.b_bcount = 0;
368                               si->si_bp.b_dev = dev;
369                               si->si_bp.b_proc = l->l_proc;
370                               scsistrategy(&si->si_bp);
371                               error = si->si_bp.b_error;
372                     }
373                     *screq = si->si_screq;
374                     si_free(si);
375                     return (error);
376           }
377           case SCIOCDEBUG: {
378                     int level = *((int *)addr);
379 
380                     SC_DEBUG(periph, SCSIPI_DB3, ("debug set to %d\n", level));
381                     periph->periph_dbflags = 0;
382                     if (level & 1)
383                               periph->periph_dbflags |= SCSIPI_DB1;
384                     if (level & 2)
385                               periph->periph_dbflags |= SCSIPI_DB2;
386                     if (level & 4)
387                               periph->periph_dbflags |= SCSIPI_DB3;
388                     if (level & 8)
389                               periph->periph_dbflags |= SCSIPI_DB4;
390                     return (0);
391           }
392           case SCIOCRECONFIG:
393           case SCIOCDECONFIG:
394                     return (EINVAL);
395           case SCIOCIDENTIFY: {
396                     struct scsi_addr *sca = (struct scsi_addr *)addr;
397 
398                     switch (SCSIPI_BUSTYPE_TYPE(scsipi_periph_bustype(periph))) {
399                     case SCSIPI_BUSTYPE_SCSI:
400                               sca->type = TYPE_SCSI;
401                               sca->addr.scsi.scbus =
402                                   device_unit(device_parent(periph->periph_dev));
403                               sca->addr.scsi.target = periph->periph_target;
404                               sca->addr.scsi.lun = periph->periph_lun;
405                               return (0);
406                     case SCSIPI_BUSTYPE_ATAPI:
407                               sca->type = TYPE_ATAPI;
408                               sca->addr.atapi.atbus =
409                                   device_unit(device_parent(periph->periph_dev));
410                               sca->addr.atapi.drive = periph->periph_target;
411                               return (0);
412                     }
413                     return (ENXIO);
414           }
415 #if defined(COMPAT_12) || defined(COMPAT_FREEBSD)
416           /* SCIOCIDENTIFY before ATAPI staff merge */
417           case OSCIOCIDENTIFY: {
418                     struct oscsi_addr *sca = (struct oscsi_addr *)addr;
419 
420                     switch (SCSIPI_BUSTYPE_TYPE(scsipi_periph_bustype(periph))) {
421                     case SCSIPI_BUSTYPE_SCSI:
422                               sca->scbus =
423                                   device_unit(device_parent(periph->periph_dev));
424                               sca->target = periph->periph_target;
425                               sca->lun = periph->periph_lun;
426                               return (0);
427                     }
428                     return (ENODEV);
429           }
430 #endif
431           default:
432                     return (ENOTTY);
433           }
434 
435 #ifdef DIAGNOSTIC
436           panic("scsipi_do_ioctl: impossible");
437 #endif
438 }
439