config: tegra3: enable /dev mount with ACL
[linux-2.6.git] / block / bsg.c
index 56cb343..702f131 100644 (file)
 #include <linux/blkdev.h>
 #include <linux/poll.h>
 #include <linux/cdev.h>
+#include <linux/jiffies.h>
 #include <linux/percpu.h>
 #include <linux/uio.h>
 #include <linux/idr.h>
 #include <linux/bsg.h>
-#include <linux/smp_lock.h>
+#include <linux/slab.h>
 
 #include <scsi/scsi.h>
 #include <scsi/scsi_ioctl.h>
@@ -42,7 +43,7 @@ struct bsg_device {
        int done_cmds;
        wait_queue_head_t wq_done;
        wait_queue_head_t wq_free;
-       char name[BUS_ID_SIZE];
+       char name[20];
        int max_queue;
        unsigned long flags;
 };
@@ -173,7 +174,7 @@ unlock:
 
 static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq,
                                struct sg_io_v4 *hdr, struct bsg_device *bd,
-                               int has_write_perm)
+                               fmode_t has_write_perm)
 {
        if (hdr->request_len > BLK_MAX_CDB) {
                rq->cmd = kzalloc(hdr->request_len, GFP_KERNEL);
@@ -181,12 +182,12 @@ static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq,
                        return -ENOMEM;
        }
 
-       if (copy_from_user(rq->cmd, (void *)(unsigned long)hdr->request,
+       if (copy_from_user(rq->cmd, (void __user *)(unsigned long)hdr->request,
                           hdr->request_len))
                return -EFAULT;
 
        if (hdr->subprotocol == BSG_SUB_PROTOCOL_SCSI_CMD) {
-               if (blk_verify_command(&q->cmd_filter, rq->cmd, has_write_perm))
+               if (blk_verify_command(rq->cmd, has_write_perm))
                        return -EPERM;
        } else if (!capable(CAP_SYS_RAWIO))
                return -EPERM;
@@ -197,11 +198,13 @@ static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq,
        rq->cmd_len = hdr->request_len;
        rq->cmd_type = REQ_TYPE_BLOCK_PC;
 
-       rq->timeout = (hdr->timeout * HZ) / 1000;
+       rq->timeout = msecs_to_jiffies(hdr->timeout);
        if (!rq->timeout)
                rq->timeout = q->sg_timeout;
        if (!rq->timeout)
                rq->timeout = BLK_DEFAULT_SG_TIMEOUT;
+       if (rq->timeout < BLK_MIN_SG_TIMEOUT)
+               rq->timeout = BLK_MIN_SG_TIMEOUT;
 
        return 0;
 }
@@ -216,9 +219,6 @@ bsg_validate_sgv4_hdr(struct request_queue *q, struct sg_io_v4 *hdr, int *rw)
 
        if (hdr->guard != 'Q')
                return -EINVAL;
-       if (hdr->dout_xfer_len > (q->max_sectors << 9) ||
-           hdr->din_xfer_len > (q->max_sectors << 9))
-               return -EIO;
 
        switch (hdr->protocol) {
        case BSG_PROTOCOL_SCSI:
@@ -242,13 +242,22 @@ bsg_validate_sgv4_hdr(struct request_queue *q, struct sg_io_v4 *hdr, int *rw)
  * map sg_io_v4 to a request.
  */
 static struct request *
-bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr, int has_write_perm)
+bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr, fmode_t has_write_perm,
+           u8 *sense)
 {
        struct request_queue *q = bd->queue;
        struct request *rq, *next_rq = NULL;
        int ret, rw;
        unsigned int dxfer_len;
-       void *dxferp = NULL;
+       void __user *dxferp = NULL;
+       struct bsg_class_device *bcd = &q->bsg_dev;
+
+       /* if the LLD has been removed then the bsg_unregister_queue will
+        * eventually be called and the class_dev was freed, so we can no
+        * longer use this request_queue. Return no such address.
+        */
+       if (!bcd->class_dev)
+               return ERR_PTR(-ENXIO);
 
        dprintk("map hdr %llx/%u %llx/%u\n", (unsigned long long) hdr->dout_xferp,
                hdr->dout_xfer_len, (unsigned long long) hdr->din_xferp,
@@ -259,7 +268,7 @@ bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr, int has_write_perm)
                return ERR_PTR(ret);
 
        /*
-        * map scatter-gather elements seperately and string them to request
+        * map scatter-gather elements separately and string them to request
         */
        rq = blk_get_request(q, rw, GFP_KERNEL);
        if (!rq)
@@ -282,7 +291,7 @@ bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr, int has_write_perm)
                rq->next_rq = next_rq;
                next_rq->cmd_type = rq->cmd_type;
 
-               dxferp = (void*)(unsigned long)hdr->din_xferp;
+               dxferp = (void __user *)(unsigned long)hdr->din_xferp;
                ret =  blk_rq_map_user(q, next_rq, NULL, dxferp,
                                       hdr->din_xfer_len, GFP_KERNEL);
                if (ret)
@@ -291,10 +300,10 @@ bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr, int has_write_perm)
 
        if (hdr->dout_xfer_len) {
                dxfer_len = hdr->dout_xfer_len;
-               dxferp = (void*)(unsigned long)hdr->dout_xferp;
+               dxferp = (void __user *)(unsigned long)hdr->dout_xferp;
        } else if (hdr->din_xfer_len) {
                dxfer_len = hdr->din_xfer_len;
-               dxferp = (void*)(unsigned long)hdr->din_xferp;
+               dxferp = (void __user *)(unsigned long)hdr->din_xferp;
        } else
                dxfer_len = 0;
 
@@ -304,6 +313,10 @@ bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr, int has_write_perm)
                if (ret)
                        goto out;
        }
+
+       rq->sense = sense;
+       rq->sense_len = 0;
+
        return rq;
 out:
        if (rq->cmd != rq->__cmd)
@@ -346,8 +359,7 @@ static void bsg_rq_end_io(struct request *rq, int uptodate)
 static void bsg_add_command(struct bsg_device *bd, struct request_queue *q,
                            struct bsg_command *bc, struct request *rq)
 {
-       rq->sense = bc->sense;
-       rq->sense_len = 0;
+       int at_head = (0 == (bc->hdr.flags & BSG_FLAG_Q_AT_TAIL));
 
        /*
         * add bc command to busy queue and submit rq for io
@@ -364,7 +376,7 @@ static void bsg_add_command(struct bsg_device *bd, struct request_queue *q,
        dprintk("%s: queueing rq %p, bc %p\n", bd->name, rq, bc);
 
        rq->end_io_data = bc;
-       blk_execute_rq_nowait(q, NULL, rq, 1, bsg_rq_end_io);
+       blk_execute_rq_nowait(q, NULL, rq, at_head, bsg_rq_end_io);
 }
 
 static struct bsg_command *bsg_next_done_cmd(struct bsg_device *bd)
@@ -417,11 +429,11 @@ static int blk_complete_sgv4_hdr_rq(struct request *rq, struct sg_io_v4 *hdr,
 {
        int ret = 0;
 
-       dprintk("rq %p bio %p %u\n", rq, bio, rq->errors);
+       dprintk("rq %p bio %p 0x%x\n", rq, bio, rq->errors);
        /*
         * fill in all the output members
         */
-       hdr->device_status = status_byte(rq->errors);
+       hdr->device_status = rq->errors & 0xff;
        hdr->transport_status = host_byte(rq->errors);
        hdr->driver_status = driver_byte(rq->errors);
        hdr->info = 0;
@@ -433,7 +445,7 @@ static int blk_complete_sgv4_hdr_rq(struct request *rq, struct sg_io_v4 *hdr,
                int len = min_t(unsigned int, hdr->max_response_len,
                                        rq->sense_len);
 
-               ret = copy_to_user((void*)(unsigned long)hdr->response,
+               ret = copy_to_user((void __user *)(unsigned long)hdr->response,
                                   rq->sense, len);
                if (!ret)
                        hdr->response_len = len;
@@ -442,14 +454,14 @@ static int blk_complete_sgv4_hdr_rq(struct request *rq, struct sg_io_v4 *hdr,
        }
 
        if (rq->next_rq) {
-               hdr->dout_resid = rq->data_len;
-               hdr->din_resid = rq->next_rq->data_len;
+               hdr->dout_resid = rq->resid_len;
+               hdr->din_resid = rq->next_rq->resid_len;
                blk_rq_unmap_user(bidi_bio);
                blk_put_request(rq->next_rq);
        } else if (rq_data_dir(rq) == READ)
-               hdr->din_resid = rq->data_len;
+               hdr->din_resid = rq->resid_len;
        else
-               hdr->dout_resid = rq->data_len;
+               hdr->dout_resid = rq->resid_len;
 
        /*
         * If the request generated a negative error number, return it
@@ -594,14 +606,15 @@ bsg_read(struct file *file, char __user *buf, size_t count, loff_t *ppos)
        ret = __bsg_read(buf, count, bd, NULL, &bytes_read);
        *ppos = bytes_read;
 
-       if (!bytes_read || (bytes_read && err_block_err(ret)))
+       if (!bytes_read || err_block_err(ret))
                bytes_read = ret;
 
        return bytes_read;
 }
 
 static int __bsg_write(struct bsg_device *bd, const char __user *buf,
-                      size_t count, ssize_t *bytes_written, int has_write_perm)
+                      size_t count, ssize_t *bytes_written,
+                      fmode_t has_write_perm)
 {
        struct bsg_command *bc;
        struct request *rq;
@@ -632,7 +645,7 @@ static int __bsg_write(struct bsg_device *bd, const char __user *buf,
                /*
                 * get a request, fill in the blanks, and add to request queue
                 */
-               rq = bsg_map_hdr(bd, &bc->hdr, has_write_perm);
+               rq = bsg_map_hdr(bd, &bc->hdr, has_write_perm, bc->sense);
                if (IS_ERR(rq)) {
                        ret = PTR_ERR(rq);
                        rq = NULL;
@@ -673,7 +686,7 @@ bsg_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos)
        /*
         * return bytes written on non-fatal errors
         */
-       if (!bytes_written || (bytes_written && err_block_err(ret)))
+       if (!bytes_written || err_block_err(ret))
                bytes_written = ret;
 
        dprintk("%s: returning %Zd\n", bd->name, bytes_written);
@@ -778,7 +791,7 @@ static struct bsg_device *bsg_add_device(struct inode *inode,
        mutex_lock(&bsg_mutex);
        hlist_add_head(&bd->dev_list, bsg_dev_idx_hash(iminor(inode)));
 
-       strncpy(bd->name, rq->bsg_dev.class_dev->bus_id, sizeof(bd->name) - 1);
+       strncpy(bd->name, dev_name(rq->bsg_dev.class_dev), sizeof(bd->name) - 1);
        dprintk("bound to <%s>, max queue %d\n",
                format_dev_t(buf, inode->i_rdev), bd->max_queue);
 
@@ -837,9 +850,7 @@ static int bsg_open(struct inode *inode, struct file *file)
 {
        struct bsg_device *bd;
 
-       lock_kernel();
        bd = bsg_get_device(inode, file);
-       unlock_kernel();
 
        if (IS_ERR(bd))
                return PTR_ERR(bd);
@@ -867,7 +878,7 @@ static unsigned int bsg_poll(struct file *file, poll_table *wait)
        spin_lock_irq(&bd->lock);
        if (!list_empty(&bd->done_list))
                mask |= POLLIN | POLLRDNORM;
-       if (bd->queued_cmds >= bd->max_queue)
+       if (bd->queued_cmds < bd->max_queue)
                mask |= POLLOUT;
        spin_unlock_irq(&bd->lock);
 
@@ -913,24 +924,28 @@ static long bsg_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
        case SG_EMULATED_HOST:
        case SCSI_IOCTL_SEND_COMMAND: {
                void __user *uarg = (void __user *) arg;
-               return scsi_cmd_ioctl(file, bd->queue, NULL, cmd, uarg);
+               return scsi_cmd_ioctl(bd->queue, NULL, file->f_mode, cmd, uarg);
        }
        case SG_IO: {
                struct request *rq;
                struct bio *bio, *bidi_bio = NULL;
                struct sg_io_v4 hdr;
+               int at_head;
+               u8 sense[SCSI_SENSE_BUFFERSIZE];
 
                if (copy_from_user(&hdr, uarg, sizeof(hdr)))
                        return -EFAULT;
 
-               rq = bsg_map_hdr(bd, &hdr, file->f_mode & FMODE_WRITE);
+               rq = bsg_map_hdr(bd, &hdr, file->f_mode & FMODE_WRITE, sense);
                if (IS_ERR(rq))
                        return PTR_ERR(rq);
 
                bio = rq->bio;
                if (rq->next_rq)
                        bidi_bio = rq->next_rq->bio;
-               blk_execute_rq(bd->queue, NULL, rq, 0);
+
+               at_head = (0 == (hdr.flags & BSG_FLAG_Q_AT_TAIL));
+               blk_execute_rq(bd->queue, NULL, rq, at_head);
                ret = blk_complete_sgv4_hdr_rq(rq, &hdr, bio, bidi_bio);
 
                if (copy_to_user(uarg, &hdr, sizeof(hdr)))
@@ -958,6 +973,7 @@ static const struct file_operations bsg_fops = {
        .release        =       bsg_release,
        .unlocked_ioctl =       bsg_ioctl,
        .owner          =       THIS_MODULE,
+       .llseek         =       default_llseek,
 };
 
 void bsg_unregister_queue(struct request_queue *q)
@@ -989,7 +1005,7 @@ int bsg_register_queue(struct request_queue *q, struct device *parent,
        if (name)
                devname = name;
        else
-               devname = parent->bus_id;
+               devname = dev_name(parent);
 
        /*
         * we need a proper transport to send commands, not a stacked device
@@ -1024,8 +1040,7 @@ int bsg_register_queue(struct request_queue *q, struct device *parent,
        bcd->release = release;
        kref_init(&bcd->ref);
        dev = MKDEV(bsg_major, bcd->minor);
-       class_dev = device_create_drvdata(bsg_class, parent, dev, NULL,
-                                         "%s", devname);
+       class_dev = device_create(bsg_class, parent, dev, NULL, "%s", devname);
        if (IS_ERR(class_dev)) {
                ret = PTR_ERR(class_dev);
                goto put_dev;
@@ -1055,6 +1070,11 @@ EXPORT_SYMBOL_GPL(bsg_register_queue);
 
 static struct cdev bsg_cdev;
 
+static char *bsg_devnode(struct device *dev, mode_t *mode)
+{
+       return kasprintf(GFP_KERNEL, "bsg/%s", dev_name(dev));
+}
+
 static int __init bsg_init(void)
 {
        int ret, i;
@@ -1075,6 +1095,7 @@ static int __init bsg_init(void)
                ret = PTR_ERR(bsg_class);
                goto destroy_kmemcache;
        }
+       bsg_class->devnode = bsg_devnode;
 
        ret = alloc_chrdev_region(&devid, 0, BSG_MAX_DEVS, "bsg");
        if (ret)