sg.c source code [Linux/drivers/scsi/sg.c]

1	// SPDX-License-Identifier: GPL-2.0-or-later
2	/*
3	* History:
4	* Started: Aug 9 by Lawrence Foard (entropy@world.std.com),
5	* to allow user process control of SCSI devices.
6	* Development Sponsored by Killy Corp. NY NY
7	*
8	* Original driver (sg.c):
9	* Copyright (C) 1992 Lawrence Foard
10	* Version 2 and 3 extensions to driver:
11	* Copyright (C) 1998 - 2014 Douglas Gilbert
12	*/
13
14	static int sg_version_num = `30536`; / 2 digits for each component /
15	#define SG_VERSION_STR "3.5.36"
16
17	/*
18	* D. P. Gilbert (dgilbert@interlog.com), notes:
19	* - scsi logging is available via SCSI_LOG_TIMEOUT macros. First
20	* the kernel/module needs to be built with CONFIG_SCSI_LOGGING
21	* (otherwise the macros compile to empty statements).
22	*
23	*/
24	#include <linux/module.h>
25
26	#include <linux/fs.h>
27	#include <linux/kernel.h>
28	#include <linux/sched.h>
29	#include <linux/string.h>
30	#include <linux/mm.h>
31	#include <linux/errno.h>
32	#include <linux/mtio.h>
33	#include <linux/ioctl.h>
34	#include <linux/major.h>
35	#include <linux/slab.h>
36	#include <linux/fcntl.h>
37	#include <linux/init.h>
38	#include <linux/poll.h>
39	#include <linux/moduleparam.h>
40	#include <linux/cdev.h>
41	#include <linux/idr.h>
42	#include <linux/seq_file.h>
43	#include <linux/blkdev.h>
44	#include <linux/delay.h>
45	#include <linux/blktrace_api.h>
46	#include <linux/mutex.h>
47	#include <linux/atomic.h>
48	#include <linux/ratelimit.h>
49	#include <linux/uio.h>
50	#include <linux/cred.h> /* for sg_check_file_access() */
51
52	#include <scsi/scsi.h>
53	#include <scsi/scsi_cmnd.h>
54	#include <scsi/scsi_dbg.h>
55	#include <scsi/scsi_device.h>
56	#include <scsi/scsi_driver.h>
57	#include <scsi/scsi_eh.h>
58	#include <scsi/scsi_host.h>
59	#include <scsi/scsi_ioctl.h>
60	#include <scsi/scsi_tcq.h>
61	#include <scsi/sg.h>
62
63	#include "scsi_logging.h"
64
65	#ifdef CONFIG_SCSI_PROC_FS
66	#include <linux/proc_fs.h>
67	static char *sg_version_date = "20140603";
68
69	static int sg_proc_init(void);
70	#endif
71
72	#define SG_ALLOW_DIO_DEF 0
73
74	#define SG_MAX_DEVS (1 << MINORBITS)
75
76	/ SG_MAX_CDB_SIZE should be 260 (spc4r37 section 3.1.30) however the type*
77	* of sg_io_hdr::cmd_len can only represent 255. All SCSI commands greater
78	* than 16 bytes are "variable length" whose length is a multiple of 4
79	*/
80	#define SG_MAX_CDB_SIZE 252
81
82	#define SG_DEFAULT_TIMEOUT mult_frac(SG_DEFAULT_TIMEOUT_USER, HZ, USER_HZ)
83
84	static int sg_big_buff = SG_DEF_RESERVED_SIZE;
85	/ N.B. This variable is readable and writeable via*
86	/proc/scsi/sg/def_reserved_size . Each time sg_open() is called a buffer
87	of this size (or less if there is not enough memory) will be reserved
88	for use by this file descriptor. [Deprecated usage: this variable is also
89	readable via /proc/sys/kernel/sg-big-buff if the sg driver is built into
90	the kernel (i.e. it is not a module).] /*
91	static int def_reserved_size = -`1`; / picks up init parameter /
92	static int sg_allow_dio = SG_ALLOW_DIO_DEF;
93
94	static int scatter_elem_sz = SG_SCATTER_SZ;
95	static int scatter_elem_sz_prev = SG_SCATTER_SZ;
96
97	#define SG_SECTOR_SZ 512
98
99	static int sg_add_device(struct device *);
100	static void sg_remove_device(struct device *);
101
102	static DEFINE_IDR(sg_index_idr);
103	static DEFINE_RWLOCK(sg_index_lock); / Also used to lock*
104	file descriptor list for device /*
105
106	static struct class_interface sg_interface = {
107	.add_dev = sg_add_device,
108	.remove_dev = sg_remove_device,
109	};
110
111	typedef struct sg_scatter_hold { / holding area for scsi scatter gather info /
112	unsigned short k_use_sg; / Count of kernel scatter-gather pieces /
113	unsigned sglist_len; / size of malloc'd scatter-gather list ++ /
114	unsigned bufflen; / Size of (aggregate) data buffer /
115	struct page **pages;
116	int page_order;
117	char dio_in_use; / 0->indirect IO (or mmap), 1->dio /
118	unsigned char cmd_opcode; / first byte of command /
119	} Sg_scatter_hold;
120
121	struct sg_device; / forward declarations /
122	struct sg_fd;
123
124	typedef struct sg_request { / SG_MAX_QUEUE requests outstanding per file /
125	struct list_head entry; / list entry /
126	struct sg_fd parentfp; /* NULL -> not in use /
127	Sg_scatter_hold data; / hold buffer, perhaps scatter list /
128	sg_io_hdr_t header; / scsi command+info, see <scsi/sg.h> /
129	unsigned char sense_b[SCSI_SENSE_BUFFERSIZE];
130	char res_used; / 1 -> using reserve buffer, 0 -> not ... /
131	char orphan; / 1 -> drop on sight, 0 -> normal /
132	char sg_io_owned; / 1 -> packet belongs to SG_IO /
133	/ done protected by rq_list_lock /
134	char done; / 0->before bh, 1->before read, 2->read /
135	struct request *rq;
136	struct bio *bio;
137	struct execute_work ew;
138	} Sg_request;
139
140	typedef struct sg_fd { / holds the state of a file descriptor /
141	struct list_head sfd_siblings; / protected by device's sfd_lock /
142	struct sg_device parentdp; /* owning device /
143	wait_queue_head_t read_wait; / queue read until command done /
144	rwlock_t rq_list_lock; / protect access to list in req_arr /
145	struct mutex f_mutex; / protect against changes in this fd /
146	int timeout; / defaults to SG_DEFAULT_TIMEOUT /
147	int timeout_user; / defaults to SG_DEFAULT_TIMEOUT_USER /
148	Sg_scatter_hold reserve; / buffer held for this file descriptor /
149	struct list_head rq_list; / head of request list /
150	struct fasync_struct async_qp; /* used by asynchronous notification /
151	Sg_request req_arr[SG_MAX_QUEUE]; / used as singly-linked list /
152	char force_packid; / 1 -> pack_id input to read(), 0 -> ignored /
153	char cmd_q; / 1 -> allow command queuing, 0 -> don't /
154	unsigned char next_cmd_len; / 0: automatic, >0: use on next write() /
155	char keep_orphan; / 0 -> drop orphan (def), 1 -> keep for read() /
156	char mmap_called; / 0 -> mmap() never called on this fd /
157	char res_in_use; / 1 -> 'reserve' array in use /
158	struct kref f_ref;
159	struct execute_work ew;
160	} Sg_fd;
161
162	typedef struct sg_device { / holds the state of each scsi generic device /
163	struct scsi_device *device;
164	wait_queue_head_t open_wait; / queue open() when O_EXCL present /
165	struct mutex open_rel_lock; / held when in open() or release() /
166	int sg_tablesize; / adapter's max scatter-gather table size /
167	u32 index; / device index number /
168	struct list_head sfds;
169	rwlock_t sfd_lock; / protect access to sfd list /
170	atomic_t detaching; / 0->device usable, 1->device detaching /
171	bool exclude; / 1->open(O_EXCL) succeeded and is active /
172	int open_cnt; / count of opens (perhaps < num(sfds) ) /
173	char sgdebug; / 0->off, 1->sense, 9->dump dev, 10-> all devs /
174	char name[DISK_NAME_LEN];
175	struct cdev * cdev; / char_dev [sysfs: /sys/cdev/major/sg<n>] /
176	struct kref d_ref;
177	} Sg_device;
178
179	/ tasklet or soft irq callback /
180	static enum rq_end_io_ret sg_rq_end_io(struct request *rq, blk_status_t status);
181	static int sg_start_req(Sg_request srp, unsigned* char *cmd);
182	static int sg_finish_rem_req(Sg_request * srp);
183	static int sg_build_indirect(Sg_scatter_hold * schp, Sg_fd * sfp, int buff_size);
184	static ssize_t sg_new_read(Sg_fd * sfp, char __user *buf, size_t count,
185	Sg_request * srp);
186	static ssize_t sg_new_write(Sg_fd sfp, struct* file *file,
187	const char __user buf, size_t count, int* blocking,
188	int read_only, int sg_io_owned, Sg_request **o_srp);
189	static int sg_common_write(Sg_fd * sfp, Sg_request * srp,
190	unsigned char cmnd, int* timeout, int blocking);
191	static int sg_read_oxfer(Sg_request * srp, char __user outp, int* num_read_xfer);
192	static void sg_remove_scat(Sg_fd * sfp, Sg_scatter_hold * schp);
193	static void sg_build_reserve(Sg_fd * sfp, int req_size);
194	static void sg_link_reserve(Sg_fd * sfp, Sg_request * srp, int size);
195	static void sg_unlink_reserve(Sg_fd * sfp, Sg_request * srp);
196	static Sg_fd sg_add_sfp(Sg_device sdp);
197	static void sg_remove_sfp(struct kref *);
198	static Sg_request sg_get_rq_mark(Sg_fd sfp, int pack_id, bool *busy);
199	static Sg_request sg_add_request(Sg_fd sfp);
200	static int sg_remove_request(Sg_fd * sfp, Sg_request * srp);
201	static Sg_device sg_get_dev(int* dev);
202	static void sg_device_destroy(struct kref *kref);
203
204	#define SZ_SG_HEADER sizeof(struct sg_header)
205	#define SZ_SG_IO_HDR sizeof(sg_io_hdr_t)
206	#define SZ_SG_IOVEC sizeof(sg_iovec_t)
207	#define SZ_SG_REQ_INFO sizeof(sg_req_info_t)
208
209	#define sg_printk(prefix, sdp, fmt, a...) \
210	sdev_prefix_printk(prefix, (sdp)->device, (sdp)->name, fmt, ##a)
211
212	/*
213	* The SCSI interfaces that use read() and write() as an asynchronous variant of
214	* ioctl(..., SG_IO, ...) are fundamentally unsafe, since there are lots of ways
215	* to trigger read() and write() calls from various contexts with elevated
216	* privileges. This can lead to kernel memory corruption (e.g. if these
217	* interfaces are called through splice()) and privilege escalation inside
218	* userspace (e.g. if a process with access to such a device passes a file
219	* descriptor to a SUID binary as stdin/stdout/stderr).
220	*
221	* This function provides protection for the legacy API by restricting the
222	* calling context.
223	*/
224	static int sg_check_file_access(struct file filp, const* char *caller)
225	{
226	if (filp->f_cred != current_real_cred()) {
227	pr_err_once("%s: process %d (%s) changed security contexts after opening file descriptor, this is not allowed.\n",
228	caller, task_tgid_vnr(current), current->comm);
229	return -EPERM;
230	}
231	return `0`;
232	}
233
234	static int sg_allow_access(struct file filp, unsigned* char *cmd)
235	{
236	struct sg_fd *sfp = filp->private_data;
237
238	if (sfp->parentdp->device->type == TYPE_SCANNER)
239	return `0`;
240	if (!scsi_cmd_allowed(cmd, open_for_write: filp->f_mode & FMODE_WRITE))
241	return -EPERM;
242	return `0`;
243	}
244
245	static int
246	open_wait(Sg_device sdp, int* flags)
247	{
248	int retval = `0`;
249
250	if (flags & O_EXCL) {
251	while (sdp->open_cnt > `0`) {
252	mutex_unlock(lock: &sdp->open_rel_lock);
253	retval = wait_event_interruptible(sdp->open_wait,
254	(atomic_read(&sdp->detaching) \|\|
255	!sdp->open_cnt));
256	mutex_lock(lock: &sdp->open_rel_lock);
257
258	if (retval) / -ERESTARTSYS /
259	return retval;
260	if (atomic_read(v: &sdp->detaching))
261	return -ENODEV;
262	}
263	} else {
264	while (sdp->exclude) {
265	mutex_unlock(lock: &sdp->open_rel_lock);
266	retval = wait_event_interruptible(sdp->open_wait,
267	(atomic_read(&sdp->detaching) \|\|
268	!sdp->exclude));
269	mutex_lock(lock: &sdp->open_rel_lock);
270
271	if (retval) / -ERESTARTSYS /
272	return retval;
273	if (atomic_read(v: &sdp->detaching))
274	return -ENODEV;
275	}
276	}
277
278	return retval;
279	}
280
281	/ Returns 0 on success, else a negated errno value /
282	static int
283	sg_open(struct inode inode, struct* file *filp)
284	{
285	int dev = iminor(inode);
286	int flags = filp->f_flags;
287	struct request_queue *q;
288	struct scsi_device *device;
289	Sg_device *sdp;
290	Sg_fd *sfp;
291	int retval;
292
293	nonseekable_open(inode, filp);
294	if ((flags & O_EXCL) && (O_RDONLY == (flags & O_ACCMODE)))
295	return -EPERM; / Can't lock it with read only access /
296	sdp = sg_get_dev(dev);
297	if (IS_ERR(ptr: sdp))
298	return PTR_ERR(ptr: sdp);
299
300	SCSI_LOG_TIMEOUT(`3`, sg_printk(KERN_INFO, sdp,
301	"sg_open: flags=0x%x\n", flags));
302
303	/ This driver's module count bumped by fops_get in <linux/fs.h> /
304	/ Prevent the device driver from vanishing while we sleep /
305	device = sdp->device;
306	retval = scsi_device_get(device);
307	if (retval)
308	goto sg_put;
309
310	/ scsi_block_when_processing_errors() may block so bypass*
311	* check if O_NONBLOCK. Permits SCSI commands to be issued
312	* during error recovery. Tread carefully. */
313	if (!((flags & O_NONBLOCK) \|\|
314	scsi_block_when_processing_errors(device))) {
315	retval = -ENXIO;
316	/ we are in error recovery for this device /
317	goto sdp_put;
318	}
319
320	mutex_lock(lock: &sdp->open_rel_lock);
321	if (flags & O_NONBLOCK) {
322	if (flags & O_EXCL) {
323	if (sdp->open_cnt > `0`) {
324	retval = -EBUSY;
325	goto error_mutex_locked;
326	}
327	} else {
328	if (sdp->exclude) {
329	retval = -EBUSY;
330	goto error_mutex_locked;
331	}
332	}
333	} else {
334	retval = open_wait(sdp, flags);
335	if (retval) / -ERESTARTSYS or -ENODEV /
336	goto error_mutex_locked;
337	}
338
339	/ N.B. at this point we are holding the open_rel_lock /
340	if (flags & O_EXCL)
341	sdp->exclude = true;
342
343	if (sdp->open_cnt < `1`) { / no existing opens /
344	sdp->sgdebug = `0`;
345	q = device->request_queue;
346	sdp->sg_tablesize = queue_max_segments(q);
347	}
348	sfp = sg_add_sfp(sdp);
349	if (IS_ERR(ptr: sfp)) {
350	retval = PTR_ERR(ptr: sfp);
351	goto out_undo;
352	}
353
354	filp->private_data = sfp;
355	sdp->open_cnt++;
356	mutex_unlock(lock: &sdp->open_rel_lock);
357
358	retval = `0`;
359	sg_put:
360	kref_put(kref: &sdp->d_ref, release: sg_device_destroy);
361	return retval;
362
363	out_undo:
364	if (flags & O_EXCL) {
365	sdp->exclude = false; / undo if error /
366	wake_up_interruptible(&sdp->open_wait);
367	}
368	error_mutex_locked:
369	mutex_unlock(lock: &sdp->open_rel_lock);
370	sdp_put:
371	kref_put(kref: &sdp->d_ref, release: sg_device_destroy);
372	scsi_device_put(device);
373	return retval;
374	}
375
376	/ Release resources associated with a successful sg_open()*
377	* Returns 0 on success, else a negated errno value */
378	static int
379	sg_release(struct inode inode, struct* file *filp)
380	{
381	Sg_device *sdp;
382	Sg_fd *sfp;
383
384	if ((!(sfp = (Sg_fd *) filp->private_data)) \|\| (!(sdp = sfp->parentdp)))
385	return -ENXIO;
386	SCSI_LOG_TIMEOUT(`3`, sg_printk(KERN_INFO, sdp, "sg_release\n"));
387
388	mutex_lock(lock: &sdp->open_rel_lock);
389	sdp->open_cnt--;
390
391	/ possibly many open()s waiting on exlude clearing, start many;*
392	* only open(O_EXCL)s wait on 0==open_cnt so only start one */
393	if (sdp->exclude) {
394	sdp->exclude = false;
395	wake_up_interruptible_all(&sdp->open_wait);
396	} else if (`0` == sdp->open_cnt) {
397	wake_up_interruptible(&sdp->open_wait);
398	}
399	mutex_unlock(lock: &sdp->open_rel_lock);
400	kref_put(kref: &sfp->f_ref, release: sg_remove_sfp);
401	return `0`;
402	}
403
404	static int get_sg_io_pack_id(int pack_id, void* __user *buf, size_t count)
405	{
406	struct sg_header __user *old_hdr = buf;
407	int reply_len;
408
409	if (count >= SZ_SG_HEADER) {
410	/ negative reply_len means v3 format, otherwise v1/v2 /
411	if (get_user(reply_len, &old_hdr->reply_len))
412	return -EFAULT;
413
414	if (reply_len >= `0`)
415	return get_user(*pack_id, &old_hdr->pack_id);
416
417	if (in_compat_syscall() &&
418	count >= sizeof(struct compat_sg_io_hdr)) {
419	struct compat_sg_io_hdr __user *hp = buf;
420
421	return get_user(*pack_id, &hp->pack_id);
422	}
423
424	if (count >= sizeof(struct sg_io_hdr)) {
425	struct sg_io_hdr __user *hp = buf;
426
427	return get_user(*pack_id, &hp->pack_id);
428	}
429	}
430
431	/ no valid header was passed, so ignore the pack_id /
432	*pack_id = -`1`;
433	return `0`;
434	}
435
436	static ssize_t
437	sg_read(struct file filp, char* __user buf, size_t count, loff_t ppos)
438	{
439	Sg_device *sdp;
440	Sg_fd *sfp;
441	Sg_request *srp;
442	int req_pack_id = -`1`;
443	bool busy;
444	sg_io_hdr_t *hp;
445	struct sg_header *old_hdr;
446	int retval;
447
448	/*
449	* This could cause a response to be stranded. Close the associated
450	* file descriptor to free up any resources being held.
451	*/
452	retval = sg_check_file_access(filp, caller: __func__);
453	if (retval)
454	return retval;
455
456	if ((!(sfp = (Sg_fd *) filp->private_data)) \|\| (!(sdp = sfp->parentdp)))
457	return -ENXIO;
458	SCSI_LOG_TIMEOUT(`3`, sg_printk(KERN_INFO, sdp,
459	"sg_read: count=%d\n", (int) count));
460
461	if (sfp->force_packid)
462	retval = get_sg_io_pack_id(pack_id: &req_pack_id, buf, count);
463	if (retval)
464	return retval;
465
466	srp = sg_get_rq_mark(sfp, pack_id: req_pack_id, busy: &busy);
467	if (!srp) { / now wait on packet to arrive /
468	if (filp->f_flags & O_NONBLOCK)
469	return -EAGAIN;
470	retval = wait_event_interruptible(sfp->read_wait,
471	((srp = sg_get_rq_mark(sfp, req_pack_id, &busy)) \|\|
472	(!busy && atomic_read(&sdp->detaching))));
473	if (!srp)
474	/ signal or detaching /
475	return retval ? retval : -ENODEV;
476	}
477	if (srp->header.interface_id != `'\0'`)
478	return sg_new_read(sfp, buf, count, srp);
479
480	hp = &srp->header;
481	old_hdr = kzalloc(SZ_SG_HEADER, GFP_KERNEL);
482	if (!old_hdr)
483	return -ENOMEM;
484
485	old_hdr->reply_len = (int) hp->timeout;
486	old_hdr->pack_len = old_hdr->reply_len; / old, strange behaviour /
487	old_hdr->pack_id = hp->pack_id;
488	old_hdr->twelve_byte =
489	((srp->data.cmd_opcode >= `0xc0`) && (`12` == hp->cmd_len)) ? `1` : `0`;
490	old_hdr->target_status = hp->masked_status;
491	old_hdr->host_status = hp->host_status;
492	old_hdr->driver_status = hp->driver_status;
493	if ((CHECK_CONDITION & hp->masked_status) \|\|
494	(srp->sense_b[`0`] & `0x70`) == `0x70`) {
495	old_hdr->driver_status = DRIVER_SENSE;
496	memcpy(to: old_hdr->sense_buffer, from: srp->sense_b,
497	len: sizeof (old_hdr->sense_buffer));
498	}
499	switch (hp->host_status) {
500	/ This setup of 'result' is for backward compatibility and is best*
501	ignored by the user who should use target, host + driver status /*
502	case DID_OK:
503	case DID_PASSTHROUGH:
504	case DID_SOFT_ERROR:
505	old_hdr->result = `0`;
506	break;
507	case DID_NO_CONNECT:
508	case DID_BUS_BUSY:
509	case DID_TIME_OUT:
510	old_hdr->result = EBUSY;
511	break;
512	case DID_BAD_TARGET:
513	case DID_ABORT:
514	case DID_PARITY:
515	case DID_RESET:
516	case DID_BAD_INTR:
517	old_hdr->result = EIO;
518	break;
519	case DID_ERROR:
520	old_hdr->result = (srp->sense_b[`0`] == `0` &&
521	hp->masked_status == GOOD) ? `0` : EIO;
522	break;
523	default:
524	old_hdr->result = EIO;
525	break;
526	}
527
528	/ Now copy the result back to the user buffer. /
529	if (count >= SZ_SG_HEADER) {
530	if (copy_to_user(to: buf, from: old_hdr, SZ_SG_HEADER)) {
531	retval = -EFAULT;
532	goto free_old_hdr;
533	}
534	buf += SZ_SG_HEADER;
535	if (count > old_hdr->reply_len)
536	count = old_hdr->reply_len;
537	if (count > SZ_SG_HEADER) {
538	if (sg_read_oxfer(srp, outp: buf, num_read_xfer: count - SZ_SG_HEADER)) {
539	retval = -EFAULT;
540	goto free_old_hdr;
541	}
542	}
543	} else
544	count = (old_hdr->result == `0`) ? `0` : -EIO;
545	sg_finish_rem_req(srp);
546	sg_remove_request(sfp, srp);
547	retval = count;
548	free_old_hdr:
549	kfree(objp: old_hdr);
550	return retval;
551	}
552
553	static ssize_t
554	sg_new_read(Sg_fd * sfp, char __user buf, size_t count, Sg_request srp)
555	{
556	sg_io_hdr_t *hp = &srp->header;
557	int err = `0`, err2;
558	int len;
559
560	if (in_compat_syscall()) {
561	if (count < sizeof(struct compat_sg_io_hdr)) {
562	err = -EINVAL;
563	goto err_out;
564	}
565	} else if (count < SZ_SG_IO_HDR) {
566	err = -EINVAL;
567	goto err_out;
568	}
569	hp->sb_len_wr = `0`;
570	if ((hp->mx_sb_len > `0`) && hp->sbp) {
571	if ((CHECK_CONDITION & hp->masked_status) \|\|
572	(srp->sense_b[`0`] & `0x70`) == `0x70`) {
573	int sb_len = SCSI_SENSE_BUFFERSIZE;
574	sb_len = (hp->mx_sb_len > sb_len) ? sb_len : hp->mx_sb_len;
575	len = `8` + (int) srp->sense_b[`7`]; / Additional sense length field /
576	len = (len > sb_len) ? sb_len : len;
577	if (copy_to_user(to: hp->sbp, from: srp->sense_b, n: len)) {
578	err = -EFAULT;
579	goto err_out;
580	}
581	hp->driver_status = DRIVER_SENSE;
582	hp->sb_len_wr = len;
583	}
584	}
585	if (hp->masked_status \|\| hp->host_status \|\| hp->driver_status)
586	hp->info \|= SG_INFO_CHECK;
587	err = put_sg_io_hdr(hdr: hp, argp: buf);
588	err_out:
589	err2 = sg_finish_rem_req(srp);
590	sg_remove_request(sfp, srp);
591	return err ? : err2 ? : count;
592	}
593
594	static ssize_t
595	sg_write(struct file filp, const* char __user buf, size_t count, loff_t ppos)
596	{
597	int mxsize, cmd_size, k;
598	int input_size, blocking;
599	unsigned char opcode;
600	Sg_device *sdp;
601	Sg_fd *sfp;
602	Sg_request *srp;
603	struct sg_header old_hdr;
604	sg_io_hdr_t *hp;
605	unsigned char cmnd[SG_MAX_CDB_SIZE];
606	int retval;
607
608	retval = sg_check_file_access(filp, caller: __func__);
609	if (retval)
610	return retval;
611
612	if ((!(sfp = (Sg_fd *) filp->private_data)) \|\| (!(sdp = sfp->parentdp)))
613	return -ENXIO;
614	SCSI_LOG_TIMEOUT(`3`, sg_printk(KERN_INFO, sdp,
615	"sg_write: count=%d\n", (int) count));
616	if (atomic_read(v: &sdp->detaching))
617	return -ENODEV;
618	if (!((filp->f_flags & O_NONBLOCK) \|\|
619	scsi_block_when_processing_errors(sdp->device)))
620	return -ENXIO;
621
622	if (count < SZ_SG_HEADER)
623	return -EIO;
624	if (copy_from_user(to: &old_hdr, from: buf, SZ_SG_HEADER))
625	return -EFAULT;
626	blocking = !(filp->f_flags & O_NONBLOCK);
627	if (old_hdr.reply_len < `0`)
628	return sg_new_write(sfp, file: filp, buf, count,
629	blocking, read_only: `0`, sg_io_owned: `0`, NULL);
630	if (count < (SZ_SG_HEADER + `6`))
631	return -EIO; / The minimum scsi command length is 6 bytes. /
632
633	buf += SZ_SG_HEADER;
634	if (get_user(opcode, buf))
635	return -EFAULT;
636
637	if (!(srp = sg_add_request(sfp))) {
638	SCSI_LOG_TIMEOUT(`1`, sg_printk(KERN_INFO, sdp,
639	"sg_write: queue full\n"));
640	return -EDOM;
641	}
642	mutex_lock(lock: &sfp->f_mutex);
643	if (sfp->next_cmd_len > `0`) {
644	cmd_size = sfp->next_cmd_len;
645	sfp->next_cmd_len = `0`; / reset so only this write() effected /
646	} else {
647	cmd_size = COMMAND_SIZE(opcode); / based on SCSI command group /
648	if ((opcode >= `0xc0`) && old_hdr.twelve_byte)
649	cmd_size = `12`;
650	}
651	mutex_unlock(lock: &sfp->f_mutex);
652	SCSI_LOG_TIMEOUT(`4`, sg_printk(KERN_INFO, sdp,
653	"sg_write: scsi opcode=0x%02x, cmd_size=%d\n", (int) opcode, cmd_size));
654	/ Determine buffer size. /
655	input_size = count - cmd_size;
656	mxsize = (input_size > old_hdr.reply_len) ? input_size : old_hdr.reply_len;
657	mxsize -= SZ_SG_HEADER;
658	input_size -= SZ_SG_HEADER;
659	if (input_size < `0`) {
660	sg_remove_request(sfp, srp);
661	return -EIO; / User did not pass enough bytes for this command. /
662	}
663	hp = &srp->header;
664	hp->interface_id = `'\0'`; / indicator of old interface tunnelled /
665	hp->cmd_len = (unsigned char) cmd_size;
666	hp->iovec_count = `0`;
667	hp->mx_sb_len = `0`;
668	if (input_size > `0`)
669	hp->dxfer_direction = (old_hdr.reply_len > SZ_SG_HEADER) ?
670	SG_DXFER_TO_FROM_DEV : SG_DXFER_TO_DEV;
671	else
672	hp->dxfer_direction = (mxsize > `0`) ? SG_DXFER_FROM_DEV : SG_DXFER_NONE;
673	hp->dxfer_len = mxsize;
674	if ((hp->dxfer_direction == SG_DXFER_TO_DEV) \|\|
675	(hp->dxfer_direction == SG_DXFER_TO_FROM_DEV))
676	hp->dxferp = (char __user *)buf + cmd_size;
677	else
678	hp->dxferp = NULL;
679	hp->sbp = NULL;
680	hp->timeout = old_hdr.reply_len; / structure abuse ... /
681	hp->flags = input_size; / structure abuse ... /
682	hp->pack_id = old_hdr.pack_id;
683	hp->usr_ptr = NULL;
684	if (copy_from_user(to: cmnd, from: buf, n: cmd_size)) {
685	sg_remove_request(sfp, srp);
686	return -EFAULT;
687	}
688	/*
689	* SG_DXFER_TO_FROM_DEV is functionally equivalent to SG_DXFER_FROM_DEV,
690	* but is is possible that the app intended SG_DXFER_TO_DEV, because there
691	* is a non-zero input_size, so emit a warning.
692	*/
693	if (hp->dxfer_direction == SG_DXFER_TO_FROM_DEV) {
694	printk_ratelimited(KERN_WARNING
695	"sg_write: data in/out %d/%d bytes "
696	"for SCSI command 0x%x-- guessing "
697	"data in;\n program %s not setting "
698	"count and/or reply_len properly\n",
699	old_hdr.reply_len - (int)SZ_SG_HEADER,
700	input_size, (unsigned int) cmnd[`0`],
701	current->comm);
702	}
703	k = sg_common_write(sfp, srp, cmnd, timeout: sfp->timeout, blocking);
704	return (k < `0`) ? k : count;
705	}
706
707	static ssize_t
708	sg_new_write(Sg_fd sfp, struct* file file, const* char __user *buf,
709	size_t count, int blocking, int read_only, int sg_io_owned,
710	Sg_request **o_srp)
711	{
712	int k;
713	Sg_request *srp;
714	sg_io_hdr_t *hp;
715	unsigned char cmnd[SG_MAX_CDB_SIZE];
716	int timeout;
717	unsigned long ul_timeout;
718
719	if (count < SZ_SG_IO_HDR)
720	return -EINVAL;
721
722	sfp->cmd_q = `1`; / when sg_io_hdr seen, set command queuing on /
723	if (!(srp = sg_add_request(sfp))) {
724	SCSI_LOG_TIMEOUT(`1`, sg_printk(KERN_INFO, sfp->parentdp,
725	"sg_new_write: queue full\n"));
726	return -EDOM;
727	}
728	srp->sg_io_owned = sg_io_owned;
729	hp = &srp->header;
730	if (get_sg_io_hdr(hdr: hp, argp: buf)) {
731	sg_remove_request(sfp, srp);
732	return -EFAULT;
733	}
734	if (hp->interface_id != `'S'`) {
735	sg_remove_request(sfp, srp);
736	return -ENOSYS;
737	}
738	if (hp->flags & SG_FLAG_MMAP_IO) {
739	if (hp->dxfer_len > sfp->reserve.bufflen) {
740	sg_remove_request(sfp, srp);
741	return -ENOMEM; / MMAP_IO size must fit in reserve buffer /
742	}
743	if (hp->flags & SG_FLAG_DIRECT_IO) {
744	sg_remove_request(sfp, srp);
745	return -EINVAL; / either MMAP_IO or DIRECT_IO (not both) /
746	}
747	if (sfp->res_in_use) {
748	sg_remove_request(sfp, srp);
749	return -EBUSY; / reserve buffer already being used /
750	}
751	}
752	ul_timeout = msecs_to_jiffies(m: srp->header.timeout);
753	timeout = (ul_timeout < INT_MAX) ? ul_timeout : INT_MAX;
754	if ((!hp->cmdp) \|\| (hp->cmd_len < `6`) \|\| (hp->cmd_len > sizeof (cmnd))) {
755	sg_remove_request(sfp, srp);
756	return -EMSGSIZE;
757	}
758	if (copy_from_user(to: cmnd, from: hp->cmdp, n: hp->cmd_len)) {
759	sg_remove_request(sfp, srp);
760	return -EFAULT;
761	}
762	if (read_only && sg_allow_access(filp: file, cmd: cmnd)) {
763	sg_remove_request(sfp, srp);
764	return -EPERM;
765	}
766	k = sg_common_write(sfp, srp, cmnd, timeout, blocking);
767	if (k < `0`)
768	return k;
769	if (o_srp)
770	*o_srp = srp;
771	return count;
772	}
773
774	static int
775	sg_common_write(Sg_fd * sfp, Sg_request * srp,
776	unsigned char cmnd, int* timeout, int blocking)
777	{
778	int k, at_head;
779	Sg_device *sdp = sfp->parentdp;
780	sg_io_hdr_t *hp = &srp->header;
781
782	srp->data.cmd_opcode = cmnd[`0`]; / hold opcode of command /
783	hp->status = `0`;
784	hp->masked_status = `0`;
785	hp->msg_status = `0`;
786	hp->info = `0`;
787	hp->host_status = `0`;
788	hp->driver_status = `0`;
789	hp->resid = `0`;
790	SCSI_LOG_TIMEOUT(`4`, sg_printk(KERN_INFO, sfp->parentdp,
791	"sg_common_write: scsi opcode=0x%02x, cmd_size=%d\n",
792	(int) cmnd[`0`], (int) hp->cmd_len));
793
794	if (hp->dxfer_len >= SZ_256M) {
795	sg_remove_request(sfp, srp);
796	return -EINVAL;
797	}
798
799	k = sg_start_req(srp, cmd: cmnd);
800	if (k) {
801	SCSI_LOG_TIMEOUT(`1`, sg_printk(KERN_INFO, sfp->parentdp,
802	"sg_common_write: start_req err=%d\n", k));
803	sg_finish_rem_req(srp);
804	sg_remove_request(sfp, srp);
805	return k; / probably out of space --> ENOMEM /
806	}
807	if (atomic_read(v: &sdp->detaching)) {
808	if (srp->bio) {
809	blk_mq_free_request(rq: srp->rq);
810	srp->rq = NULL;
811	}
812
813	sg_finish_rem_req(srp);
814	sg_remove_request(sfp, srp);
815	return -ENODEV;
816	}
817
818	hp->duration = jiffies_to_msecs(j: jiffies);
819	if (hp->interface_id != `'\0'` && / v3 (or later) interface /
820	(SG_FLAG_Q_AT_TAIL & hp->flags))
821	at_head = `0`;
822	else
823	at_head = `1`;
824
825	srp->rq->timeout = timeout;
826	kref_get(kref: &sfp->f_ref); / sg_rq_end_io() does kref_put(). /
827	srp->rq->end_io = sg_rq_end_io;
828	blk_execute_rq_nowait(rq: srp->rq, at_head);
829	return `0`;
830	}
831
832	static int srp_done(Sg_fd sfp, Sg_request srp)
833	{
834	unsigned long flags;
835	int ret;
836
837	read_lock_irqsave(&sfp->rq_list_lock, flags);
838	ret = srp->done;
839	read_unlock_irqrestore(&sfp->rq_list_lock, flags);
840	return ret;
841	}
842
843	static int max_sectors_bytes(struct request_queue *q)
844	{
845	unsigned int max_sectors = queue_max_sectors(q);
846
847	max_sectors = min_t(unsigned int, max_sectors, INT_MAX >> `9`);
848
849	return max_sectors << `9`;
850	}
851
852	static void
853	sg_fill_request_table(Sg_fd sfp, sg_req_info_t rinfo)
854	{
855	Sg_request *srp;
856	int val;
857	unsigned int ms;
858
859	val = `0`;
860	list_for_each_entry(srp, &sfp->rq_list, entry) {
861	if (val >= SG_MAX_QUEUE)
862	break;
863	rinfo[val].req_state = srp->done + `1`;
864	rinfo[val].problem =
865	srp->header.masked_status &
866	srp->header.host_status &
867	srp->header.driver_status;
868	if (srp->done)
869	rinfo[val].duration =
870	srp->header.duration;
871	else {
872	ms = jiffies_to_msecs(j: jiffies);
873	rinfo[val].duration =
874	(ms > srp->header.duration) ?
875	(ms - srp->header.duration) : `0`;
876	}
877	rinfo[val].orphan = srp->orphan;
878	rinfo[val].sg_io_owned = srp->sg_io_owned;
879	rinfo[val].pack_id = srp->header.pack_id;
880	rinfo[val].usr_ptr = srp->header.usr_ptr;
881	val++;
882	}
883	}
884
885	#ifdef CONFIG_COMPAT
886	struct compat_sg_req_info { / used by SG_GET_REQUEST_TABLE ioctl() /
887	char req_state;
888	char orphan;
889	char sg_io_owned;
890	char problem;
891	int pack_id;
892	compat_uptr_t usr_ptr;
893	unsigned int duration;
894	int unused;
895	};
896
897	static int put_compat_request_table(struct compat_sg_req_info __user *o,
898	struct sg_req_info *rinfo)
899	{
900	int i;
901	for (i = `0`; i < SG_MAX_QUEUE; i++) {
902	if (copy_to_user(to: o + i, from: rinfo + i, offsetof(sg_req_info_t, usr_ptr)) \|\|
903	put_user((uintptr_t)rinfo[i].usr_ptr, &o[i].usr_ptr) \|\|
904	put_user(rinfo[i].duration, &o[i].duration) \|\|
905	put_user(rinfo[i].unused, &o[i].unused))
906	return -EFAULT;
907	}
908	return `0`;
909	}
910	#endif
911
912	static long
913	sg_ioctl_common(struct file filp, Sg_device sdp, Sg_fd *sfp,
914	unsigned int cmd_in, void __user *p)
915	{
916	int __user *ip = p;
917	int result, val, read_only;
918	Sg_request *srp;
919	unsigned long iflags;
920
921	SCSI_LOG_TIMEOUT(`3`, sg_printk(KERN_INFO, sdp,
922	"sg_ioctl: cmd=0x%x\n", (int) cmd_in));
923	read_only = (O_RDWR != (filp->f_flags & O_ACCMODE));
924
925	switch (cmd_in) {
926	case SG_IO:
927	if (atomic_read(v: &sdp->detaching))
928	return -ENODEV;
929	if (!scsi_block_when_processing_errors(sdp->device))
930	return -ENXIO;
931	result = sg_new_write(sfp, file: filp, buf: p, SZ_SG_IO_HDR,
932	blocking: `1`, read_only, sg_io_owned: `1`, o_srp: &srp);
933	if (result < `0`)
934	return result;
935	result = wait_event_interruptible(sfp->read_wait,
936	srp_done(sfp, srp));
937	write_lock_irq(&sfp->rq_list_lock);
938	if (srp->done) {
939	srp->done = `2`;
940	write_unlock_irq(&sfp->rq_list_lock);
941	result = sg_new_read(sfp, buf: p, SZ_SG_IO_HDR, srp);
942	return (result < `0`) ? result : `0`;
943	}
944	srp->orphan = `1`;
945	write_unlock_irq(&sfp->rq_list_lock);
946	return result; / -ERESTARTSYS because signal hit process /
947	case SG_SET_TIMEOUT:
948	result = get_user(val, ip);
949	if (result)
950	return result;
951	if (val < `0`)
952	return -EIO;
953	if (val >= mult_frac((s64)INT_MAX, USER_HZ, HZ))
954	val = min_t(s64, mult_frac((s64)INT_MAX, USER_HZ, HZ),
955	INT_MAX);
956	sfp->timeout_user = val;
957	sfp->timeout = mult_frac(val, HZ, USER_HZ);
958
959	return `0`;
960	case SG_GET_TIMEOUT: / N.B. User receives timeout as return value /
961	/ strange ..., for backward compatibility /
962	return sfp->timeout_user;
963	case SG_SET_FORCE_LOW_DMA:
964	/*
965	* N.B. This ioctl never worked properly, but failed to
966	* return an error value. So returning '0' to keep compability
967	* with legacy applications.
968	*/
969	return `0`;
970	case SG_GET_LOW_DMA:
971	return put_user(`0`, ip);
972	case SG_GET_SCSI_ID:
973	{
974	sg_scsi_id_t v;
975
976	if (atomic_read(v: &sdp->detaching))
977	return -ENODEV;
978	memset(s: &v, c: `0`, n: sizeof(v));
979	v.host_no = sdp->device->host->host_no;
980	v.channel = sdp->device->channel;
981	v.scsi_id = sdp->device->id;
982	v.lun = sdp->device->lun;
983	v.scsi_type = sdp->device->type;
984	v.h_cmd_per_lun = sdp->device->host->cmd_per_lun;
985	v.d_queue_depth = sdp->device->queue_depth;
986	if (copy_to_user(to: p, from: &v, n: sizeof(sg_scsi_id_t)))
987	return -EFAULT;
988	return `0`;
989	}
990	case SG_SET_FORCE_PACK_ID:
991	result = get_user(val, ip);
992	if (result)
993	return result;
994	sfp->force_packid = val ? `1` : `0`;
995	return `0`;
996	case SG_GET_PACK_ID:
997	read_lock_irqsave(&sfp->rq_list_lock, iflags);
998	list_for_each_entry(srp, &sfp->rq_list, entry) {
999	if ((`1` == srp->done) && (!srp->sg_io_owned)) {
1000	read_unlock_irqrestore(&sfp->rq_list_lock,
1001	iflags);
1002	return put_user(srp->header.pack_id, ip);
1003	}
1004	}
1005	read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
1006	return put_user(-`1`, ip);
1007	case SG_GET_NUM_WAITING:
1008	read_lock_irqsave(&sfp->rq_list_lock, iflags);
1009	val = `0`;
1010	list_for_each_entry(srp, &sfp->rq_list, entry) {
1011	if ((`1` == srp->done) && (!srp->sg_io_owned))
1012	++val;
1013	}
1014	read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
1015	return put_user(val, ip);
1016	case SG_GET_SG_TABLESIZE:
1017	return put_user(sdp->sg_tablesize, ip);
1018	case SG_SET_RESERVED_SIZE:
1019	result = get_user(val, ip);
1020	if (result)
1021	return result;
1022	if (val < `0`)
1023	return -EINVAL;
1024	val = min_t(int, val,
1025	max_sectors_bytes(sdp->device->request_queue));
1026	mutex_lock(lock: &sfp->f_mutex);
1027	if (val != sfp->reserve.bufflen) {
1028	if (sfp->mmap_called \|\|
1029	sfp->res_in_use) {
1030	mutex_unlock(lock: &sfp->f_mutex);
1031	return -EBUSY;
1032	}
1033
1034	sg_remove_scat(sfp, schp: &sfp->reserve);
1035	sg_build_reserve(sfp, req_size: val);
1036	}
1037	mutex_unlock(lock: &sfp->f_mutex);
1038	return `0`;
1039	case SG_GET_RESERVED_SIZE:
1040	val = min_t(int, sfp->reserve.bufflen,
1041	max_sectors_bytes(sdp->device->request_queue));
1042	return put_user(val, ip);
1043	case SG_SET_COMMAND_Q:
1044	result = get_user(val, ip);
1045	if (result)
1046	return result;
1047	sfp->cmd_q = val ? `1` : `0`;
1048	return `0`;
1049	case SG_GET_COMMAND_Q:
1050	return put_user((int) sfp->cmd_q, ip);
1051	case SG_SET_KEEP_ORPHAN:
1052	result = get_user(val, ip);
1053	if (result)
1054	return result;
1055	sfp->keep_orphan = val;
1056	return `0`;
1057	case SG_GET_KEEP_ORPHAN:
1058	return put_user((int) sfp->keep_orphan, ip);
1059	case SG_NEXT_CMD_LEN:
1060	result = get_user(val, ip);
1061	if (result)
1062	return result;
1063	if (val > SG_MAX_CDB_SIZE)
1064	return -ENOMEM;
1065	sfp->next_cmd_len = (val > `0`) ? val : `0`;
1066	return `0`;
1067	case SG_GET_VERSION_NUM:
1068	return put_user(sg_version_num, ip);
1069	case SG_GET_ACCESS_COUNT:
1070	/ faked - we don't have a real access count anymore /
1071	val = (sdp->device ? `1` : `0`);
1072	return put_user(val, ip);
1073	case SG_GET_REQUEST_TABLE:
1074	{
1075	sg_req_info_t *rinfo;
1076
1077	rinfo = kcalloc(SG_MAX_QUEUE, SZ_SG_REQ_INFO,
1078	GFP_KERNEL);
1079	if (!rinfo)
1080	return -ENOMEM;
1081	read_lock_irqsave(&sfp->rq_list_lock, iflags);
1082	sg_fill_request_table(sfp, rinfo);
1083	read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
1084	#ifdef CONFIG_COMPAT
1085	if (in_compat_syscall())
1086	result = put_compat_request_table(o: p, rinfo);
1087	else
1088	#endif
1089	result = copy_to_user(to: p, from: rinfo,
1090	SZ_SG_REQ_INFO * SG_MAX_QUEUE);
1091	result = result ? -EFAULT : `0`;
1092	kfree(objp: rinfo);
1093	return result;
1094	}
1095	case SG_EMULATED_HOST:
1096	if (atomic_read(v: &sdp->detaching))
1097	return -ENODEV;
1098	return put_user(sdp->device->host->hostt->emulated, ip);
1099	case SCSI_IOCTL_SEND_COMMAND:
1100	if (atomic_read(v: &sdp->detaching))
1101	return -ENODEV;
1102	return scsi_ioctl(sdev: sdp->device, open_for_write: filp->f_mode & FMODE_WRITE,
1103	cmd: cmd_in, arg: p);
1104	case SG_SET_DEBUG:
1105	result = get_user(val, ip);
1106	if (result)
1107	return result;
1108	sdp->sgdebug = (char) val;
1109	return `0`;
1110	case BLKSECTGET:
1111	return put_user(max_sectors_bytes(sdp->device->request_queue),
1112	ip);
1113	case BLKTRACESETUP:
1114	return blk_trace_setup(q: sdp->device->request_queue, name: sdp->name,
1115	MKDEV(SCSI_GENERIC_MAJOR, sdp->index),
1116	NULL, arg: p);
1117	case BLKTRACESTART:
1118	return blk_trace_startstop(q: sdp->device->request_queue, start: `1`);
1119	case BLKTRACESTOP:
1120	return blk_trace_startstop(q: sdp->device->request_queue, start: `0`);
1121	case BLKTRACETEARDOWN:
1122	return blk_trace_remove(q: sdp->device->request_queue);
1123	case SCSI_IOCTL_GET_IDLUN:
1124	case SCSI_IOCTL_GET_BUS_NUMBER:
1125	case SCSI_IOCTL_PROBE_HOST:
1126	case SG_GET_TRANSFORM:
1127	case SG_SCSI_RESET:
1128	if (atomic_read(v: &sdp->detaching))
1129	return -ENODEV;
1130	break;
1131	default:
1132	if (read_only)
1133	return -EPERM; / don't know so take safe approach /
1134	break;
1135	}
1136
1137	result = scsi_ioctl_block_when_processing_errors(sdev: sdp->device,
1138	cmd: cmd_in, ndelay: filp->f_flags & O_NDELAY);
1139	if (result)
1140	return result;
1141
1142	return -ENOIOCTLCMD;
1143	}
1144
1145	static long
1146	sg_ioctl(struct file filp, unsigned* int cmd_in, unsigned long arg)
1147	{
1148	void __user p = (void* __user *)arg;
1149	Sg_device *sdp;
1150	Sg_fd *sfp;
1151	int ret;
1152
1153	if ((!(sfp = (Sg_fd *) filp->private_data)) \|\| (!(sdp = sfp->parentdp)))
1154	return -ENXIO;
1155
1156	ret = sg_ioctl_common(filp, sdp, sfp, cmd_in, p);
1157	if (ret != -ENOIOCTLCMD)
1158	return ret;
1159	return scsi_ioctl(sdev: sdp->device, open_for_write: filp->f_mode & FMODE_WRITE, cmd: cmd_in, arg: p);
1160	}
1161
1162	static __poll_t
1163	sg_poll(struct file filp, poll_table wait)
1164	{
1165	__poll_t res = `0`;
1166	Sg_device *sdp;
1167	Sg_fd *sfp;
1168	Sg_request *srp;
1169	int count = `0`;
1170	unsigned long iflags;
1171
1172	sfp = filp->private_data;
1173	if (!sfp)
1174	return EPOLLERR;
1175	sdp = sfp->parentdp;
1176	if (!sdp)
1177	return EPOLLERR;
1178	poll_wait(filp, wait_address: &sfp->read_wait, p: wait);
1179	read_lock_irqsave(&sfp->rq_list_lock, iflags);
1180	list_for_each_entry(srp, &sfp->rq_list, entry) {
1181	/ if any read waiting, flag it /
1182	if ((`0` == res) && (`1` == srp->done) && (!srp->sg_io_owned))
1183	res = EPOLLIN \| EPOLLRDNORM;
1184	++count;
1185	}
1186	read_unlock_irqrestore(&sfp->rq_list_lock, iflags);
1187
1188	if (atomic_read(v: &sdp->detaching))
1189	res \|= EPOLLHUP;
1190	else if (!sfp->cmd_q) {
1191	if (`0` == count)
1192	res \|= EPOLLOUT \| EPOLLWRNORM;
1193	} else if (count < SG_MAX_QUEUE)
1194	res \|= EPOLLOUT \| EPOLLWRNORM;
1195	SCSI_LOG_TIMEOUT(`3`, sg_printk(KERN_INFO, sdp,
1196	"sg_poll: res=0x%x\n", (__force u32) res));
1197	return res;
1198	}
1199
1200	static int
1201	sg_fasync(int fd, struct file filp, int* mode)
1202	{
1203	Sg_device *sdp;
1204	Sg_fd *sfp;
1205
1206	if ((!(sfp = (Sg_fd *) filp->private_data)) \|\| (!(sdp = sfp->parentdp)))
1207	return -ENXIO;
1208	SCSI_LOG_TIMEOUT(`3`, sg_printk(KERN_INFO, sdp,
1209	"sg_fasync: mode=%d\n", mode));
1210
1211	return fasync_helper(fd, filp, mode, &sfp->async_qp);
1212	}
1213
1214	static vm_fault_t
1215	sg_vma_fault(struct vm_fault *vmf)
1216	{
1217	struct vm_area_struct *vma = vmf->vma;
1218	Sg_fd *sfp;
1219	unsigned long offset, len, sa;
1220	Sg_scatter_hold *rsv_schp;
1221	int k, length;
1222
1223	if ((NULL == vma) \|\| (!(sfp = (Sg_fd *) vma->vm_private_data)))
1224	return VM_FAULT_SIGBUS;
1225	rsv_schp = &sfp->reserve;
1226	offset = vmf->pgoff << PAGE_SHIFT;
1227	if (offset >= rsv_schp->bufflen)
1228	return VM_FAULT_SIGBUS;
1229	SCSI_LOG_TIMEOUT(`3`, sg_printk(KERN_INFO, sfp->parentdp,
1230	"sg_vma_fault: offset=%lu, scatg=%d\n",
1231	offset, rsv_schp->k_use_sg));
1232	sa = vma->vm_start;
1233	length = `1` << (PAGE_SHIFT + rsv_schp->page_order);
1234	for (k = `0`; k < rsv_schp->k_use_sg && sa < vma->vm_end; k++) {
1235	len = vma->vm_end - sa;
1236	len = (len < length) ? len : length;
1237	if (offset < len) {
1238	struct page *page = rsv_schp->pages[k] + (offset >> PAGE_SHIFT);
1239	get_page(page); / increment page count /
1240	vmf->page = page;
1241	return `0`; / success /
1242	}
1243	sa += len;
1244	offset -= len;
1245	}
1246
1247	return VM_FAULT_SIGBUS;
1248	}
1249
1250	static const struct vm_operations_struct sg_mmap_vm_ops = {
1251	.fault = sg_vma_fault,
1252	};
1253
1254	static int
1255	sg_mmap(struct file filp, struct* vm_area_struct *vma)
1256	{
1257	Sg_fd *sfp;
1258	unsigned long req_sz, len, sa;
1259	Sg_scatter_hold *rsv_schp;
1260	int k, length;
1261	int ret = `0`;
1262
1263	if ((!filp) \|\| (!vma) \|\| (!(sfp = (Sg_fd *) filp->private_data)))
1264	return -ENXIO;
1265	req_sz = vma->vm_end - vma->vm_start;
1266	SCSI_LOG_TIMEOUT(`3`, sg_printk(KERN_INFO, sfp->parentdp,
1267	"sg_mmap starting, vm_start=%p, len=%d\n",
1268	(void ) vma->vm_start, (int*) req_sz));
1269	if (vma->vm_pgoff)
1270	return -EINVAL; / want no offset /
1271	rsv_schp = &sfp->reserve;
1272	mutex_lock(lock: &sfp->f_mutex);
1273	if (req_sz > rsv_schp->bufflen) {
1274	ret = -ENOMEM; / cannot map more than reserved buffer /
1275	goto out;
1276	}
1277
1278	sa = vma->vm_start;
1279	length = `1` << (PAGE_SHIFT + rsv_schp->page_order);
1280	for (k = `0`; k < rsv_schp->k_use_sg && sa < vma->vm_end; k++) {
1281	len = vma->vm_end - sa;
1282	len = (len < length) ? len : length;
1283	sa += len;
1284	}
1285
1286	sfp->mmap_called = `1`;
1287	vm_flags_set(vma, VM_IO \| VM_DONTEXPAND \| VM_DONTDUMP);
1288	vma->vm_private_data = sfp;
1289	vma->vm_ops = &sg_mmap_vm_ops;
1290	out:
1291	mutex_unlock(lock: &sfp->f_mutex);
1292	return ret;
1293	}
1294
1295	static void
1296	sg_rq_end_io_usercontext(struct work_struct *work)
1297	{
1298	struct sg_request srp = container_of(work, struct* sg_request, ew.work);
1299	struct sg_fd *sfp = srp->parentfp;
1300
1301	sg_finish_rem_req(srp);
1302	sg_remove_request(sfp, srp);
1303	kref_put(kref: &sfp->f_ref, release: sg_remove_sfp);
1304	}
1305
1306	/*
1307	* This function is a "bottom half" handler that is called by the mid
1308	* level when a command is completed (or has failed).
1309	*/
1310	static enum rq_end_io_ret
1311	sg_rq_end_io(struct request *rq, blk_status_t status)
1312	{
1313	struct scsi_cmnd *scmd = blk_mq_rq_to_pdu(rq);
1314	struct sg_request *srp = rq->end_io_data;
1315	Sg_device *sdp;
1316	Sg_fd *sfp;
1317	unsigned long iflags;
1318	unsigned int ms;
1319	char *sense;
1320	int result, resid, done = `1`;
1321
1322	if (WARN_ON(srp->done != `0`))
1323	return RQ_END_IO_NONE;
1324
1325	sfp = srp->parentfp;
1326	if (WARN_ON(sfp == NULL))
1327	return RQ_END_IO_NONE;
1328
1329	sdp = sfp->parentdp;
1330	if (unlikely(atomic_read(&sdp->detaching)))
1331	pr_info("%s: device detaching\n", __func__);
1332
1333	sense = scmd->sense_buffer;
1334	result = scmd->result;
1335	resid = scmd->resid_len;
1336
1337	SCSI_LOG_TIMEOUT(`4`, sg_printk(KERN_INFO, sdp,
1338	"sg_cmd_done: pack_id=%d, res=0x%x\n",
1339	srp->header.pack_id, result));
1340	srp->header.resid = resid;
1341	ms = jiffies_to_msecs(j: jiffies);
1342	srp->header.duration = (ms > srp->header.duration) ?
1343	(ms - srp->header.duration) : `0`;
1344	if (`0` != result) {
1345	struct scsi_sense_hdr sshdr;
1346
1347	srp->header.status = `0xff` & result;
1348	srp->header.masked_status = sg_status_byte(result);
1349	srp->header.msg_status = COMMAND_COMPLETE;
1350	srp->header.host_status = host_byte(result);
1351	srp->header.driver_status = driver_byte(result);
1352	if ((sdp->sgdebug > `0`) &&
1353	((CHECK_CONDITION == srp->header.masked_status) \|\|
1354	(COMMAND_TERMINATED == srp->header.masked_status)))
1355	__scsi_print_sense(sdp->device, name: __func__, sense_buffer: sense,
1356	SCSI_SENSE_BUFFERSIZE);
1357
1358	/ Following if statement is a patch supplied by Eric Youngdale /
1359	if (driver_byte(result) != `0`
1360	&& scsi_normalize_sense(sense_buffer: sense, SCSI_SENSE_BUFFERSIZE, sshdr: &sshdr)
1361	&& !scsi_sense_is_deferred(sshdr: &sshdr)
1362	&& sshdr.sense_key == UNIT_ATTENTION
1363	&& sdp->device->removable) {
1364	/ Detected possible disc change. Set the bit - this /
1365	/ may be used if there are filesystems using this device /
1366	sdp->device->changed = `1`;
1367	}
1368	}
1369
1370	if (scmd->sense_len)
1371	memcpy(to: srp->sense_b, from: scmd->sense_buffer, SCSI_SENSE_BUFFERSIZE);
1372
1373	/ Rely on write phase to clean out srp status values, so no "else" /
1374
1375	/*
1376	* Free the request as soon as it is complete so that its resources
1377	* can be reused without waiting for userspace to read() the
1378	* result. But keep the associated bio (if any) around until
1379	* blk_rq_unmap_user() can be called from user context.
1380	*/
1381	srp->rq = NULL;
1382	blk_mq_free_request(rq);
1383
1384	write_lock_irqsave(&sfp->rq_list_lock, iflags);
1385	if (unlikely(srp->orphan)) {
1386	if (sfp->keep_orphan)
1387	srp->sg_io_owned = `0`;
1388	else
1389	done = `0`;
1390	}
1391	srp->done = done;
1392	write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
1393
1394	if (likely(done)) {
1395	/ Now wake up any sg_read() that is waiting for this*
1396	* packet.
1397	*/
1398	wake_up_interruptible(&sfp->read_wait);
1399	kill_fasync(&sfp->async_qp, SIGPOLL, POLL_IN);
1400	kref_put(kref: &sfp->f_ref, release: sg_remove_sfp);
1401	} else {
1402	INIT_WORK(&srp->ew.work, sg_rq_end_io_usercontext);
1403	schedule_work(work: &srp->ew.work);
1404	}
1405	return RQ_END_IO_NONE;
1406	}
1407
1408	static const struct file_operations sg_fops = {
1409	.owner = THIS_MODULE,
1410	.read = sg_read,
1411	.write = sg_write,
1412	.poll = sg_poll,
1413	.unlocked_ioctl = sg_ioctl,
1414	.compat_ioctl = compat_ptr_ioctl,
1415	.open = sg_open,
1416	.mmap = sg_mmap,
1417	.release = sg_release,
1418	.fasync = sg_fasync,
1419	};
1420
1421	static const struct class sg_sysfs_class = {
1422	.name = "scsi_generic"
1423	};
1424
1425	static int sg_sysfs_valid = `0`;
1426
1427	static Sg_device *
1428	sg_alloc(struct scsi_device *scsidp)
1429	{
1430	struct request_queue *q = scsidp->request_queue;
1431	Sg_device *sdp;
1432	unsigned long iflags;
1433	int error;
1434	u32 k;
1435
1436	sdp = kzalloc(sizeof(Sg_device), GFP_KERNEL);
1437	if (!sdp) {
1438	sdev_printk(KERN_WARNING, scsidp, "%s: kmalloc Sg_device "
1439	"failure\n", __func__);
1440	return ERR_PTR(error: -ENOMEM);
1441	}
1442
1443	idr_preload(GFP_KERNEL);
1444	write_lock_irqsave(&sg_index_lock, iflags);
1445
1446	error = idr_alloc(&sg_index_idr, ptr: sdp, start: `0`, SG_MAX_DEVS, GFP_NOWAIT);
1447	if (error < `0`) {
1448	if (error == -ENOSPC) {
1449	sdev_printk(KERN_WARNING, scsidp,
1450	"Unable to attach sg device type=%d, minor number exceeds %d\n",
1451	scsidp->type, SG_MAX_DEVS - `1`);
1452	error = -ENODEV;
1453	} else {
1454	sdev_printk(KERN_WARNING, scsidp, "%s: idr "
1455	"allocation Sg_device failure: %d\n",
1456	__func__, error);
1457	}
1458	goto out_unlock;
1459	}
1460	k = error;
1461
1462	SCSI_LOG_TIMEOUT(`3`, sdev_printk(KERN_INFO, scsidp,
1463	"sg_alloc: dev=%d \n", k));
1464	sprintf(buf: sdp->name, fmt: "sg%d", k);
1465	sdp->device = scsidp;
1466	mutex_init(&sdp->open_rel_lock);
1467	INIT_LIST_HEAD(list: &sdp->sfds);
1468	init_waitqueue_head(&sdp->open_wait);
1469	atomic_set(v: &sdp->detaching, i: `0`);
1470	rwlock_init(&sdp->sfd_lock);
1471	sdp->sg_tablesize = queue_max_segments(q);
1472	sdp->index = k;
1473	kref_init(kref: &sdp->d_ref);
1474	error = `0`;
1475
1476	out_unlock:
1477	write_unlock_irqrestore(&sg_index_lock, iflags);
1478	idr_preload_end();
1479
1480	if (error) {
1481	kfree(objp: sdp);
1482	return ERR_PTR(error);
1483	}
1484	return sdp;
1485	}
1486
1487	static int
1488	sg_add_device(struct device *cl_dev)
1489	{
1490	struct scsi_device *scsidp = to_scsi_device(cl_dev->parent);
1491	Sg_device *sdp = NULL;
1492	struct cdev * cdev = NULL;
1493	int error;
1494	unsigned long iflags;
1495
1496	if (!blk_get_queue(scsidp->request_queue)) {
1497	pr_warn("%s: get scsi_device queue failed\n", __func__);
1498	return -ENODEV;
1499	}
1500
1501	error = -ENOMEM;
1502	cdev = cdev_alloc();
1503	if (!cdev) {
1504	pr_warn("%s: cdev_alloc failed\n", __func__);
1505	goto out;
1506	}
1507	cdev->owner = THIS_MODULE;
1508	cdev->ops = &sg_fops;
1509
1510	sdp = sg_alloc(scsidp);
1511	if (IS_ERR(ptr: sdp)) {
1512	pr_warn("%s: sg_alloc failed\n", __func__);
1513	error = PTR_ERR(ptr: sdp);
1514	goto out;
1515	}
1516
1517	error = cdev_add(cdev, MKDEV(SCSI_GENERIC_MAJOR, sdp->index), `1`);
1518	if (error)
1519	goto cdev_add_err;
1520
1521	sdp->cdev = cdev;
1522	if (sg_sysfs_valid) {
1523	struct device *sg_class_member;
1524
1525	sg_class_member = device_create(cls: &sg_sysfs_class, parent: cl_dev->parent,
1526	MKDEV(SCSI_GENERIC_MAJOR,
1527	sdp->index),
1528	drvdata: sdp, fmt: "%s", sdp->name);
1529	if (IS_ERR(ptr: sg_class_member)) {
1530	pr_err("%s: device_create failed\n", __func__);
1531	error = PTR_ERR(ptr: sg_class_member);
1532	goto cdev_add_err;
1533	}
1534	error = sysfs_create_link(kobj: &scsidp->sdev_gendev.kobj,
1535	target: &sg_class_member->kobj, name: "generic");
1536	if (error)
1537	pr_err("%s: unable to make symlink 'generic' back "
1538	"to sg%d\n", __func__, sdp->index);
1539	} else
1540	pr_warn("%s: sg_sys Invalid\n", __func__);
1541
1542	sdev_printk(KERN_NOTICE, scsidp, "Attached scsi generic sg%d "
1543	"type %d\n", sdp->index, scsidp->type);
1544
1545	dev_set_drvdata(dev: cl_dev, data: sdp);
1546
1547	return `0`;
1548
1549	cdev_add_err:
1550	write_lock_irqsave(&sg_index_lock, iflags);
1551	idr_remove(&sg_index_idr, id: sdp->index);
1552	write_unlock_irqrestore(&sg_index_lock, iflags);
1553	kfree(objp: sdp);
1554
1555	out:
1556	if (cdev)
1557	cdev_del(cdev);
1558	blk_put_queue(scsidp->request_queue);
1559	return error;
1560	}
1561
1562	static void
1563	sg_device_destroy(struct kref *kref)
1564	{
1565	struct sg_device sdp = container_of(kref, struct* sg_device, d_ref);
1566	struct request_queue *q = sdp->device->request_queue;
1567	unsigned long flags;
1568
1569	/ CAUTION! Note that the device can still be found via idr_find()*
1570	* even though the refcount is 0. Therefore, do idr_remove() BEFORE
1571	* any other cleanup.
1572	*/
1573
1574	blk_trace_remove(q);
1575	blk_put_queue(q);
1576
1577	write_lock_irqsave(&sg_index_lock, flags);
1578	idr_remove(&sg_index_idr, id: sdp->index);
1579	write_unlock_irqrestore(&sg_index_lock, flags);
1580
1581	SCSI_LOG_TIMEOUT(`3`,
1582	sg_printk(KERN_INFO, sdp, "sg_device_destroy\n"));
1583
1584	kfree(objp: sdp);
1585	}
1586
1587	static void
1588	sg_remove_device(struct device *cl_dev)
1589	{
1590	struct scsi_device *scsidp = to_scsi_device(cl_dev->parent);
1591	Sg_device *sdp = dev_get_drvdata(dev: cl_dev);
1592	unsigned long iflags;
1593	Sg_fd *sfp;
1594	int val;
1595
1596	if (!sdp)
1597	return;
1598	/ want sdp->detaching non-zero as soon as possible /
1599	val = atomic_inc_return(v: &sdp->detaching);
1600	if (val > `1`)
1601	return; / only want to do following once per device /
1602
1603	SCSI_LOG_TIMEOUT(`3`, sg_printk(KERN_INFO, sdp,
1604	"%s\n", __func__));
1605
1606	read_lock_irqsave(&sdp->sfd_lock, iflags);
1607	list_for_each_entry(sfp, &sdp->sfds, sfd_siblings) {
1608	wake_up_interruptible_all(&sfp->read_wait);
1609	kill_fasync(&sfp->async_qp, SIGPOLL, POLL_HUP);
1610	}
1611	wake_up_interruptible_all(&sdp->open_wait);
1612	read_unlock_irqrestore(&sdp->sfd_lock, iflags);
1613
1614	sysfs_remove_link(kobj: &scsidp->sdev_gendev.kobj, name: "generic");
1615	device_destroy(cls: &sg_sysfs_class, MKDEV(SCSI_GENERIC_MAJOR, sdp->index));
1616	cdev_del(sdp->cdev);
1617	sdp->cdev = NULL;
1618
1619	kref_put(kref: &sdp->d_ref, release: sg_device_destroy);
1620	}
1621
1622	module_param_named(scatter_elem_sz, scatter_elem_sz, int, S_IRUGO \| S_IWUSR);
1623	module_param_named(def_reserved_size, def_reserved_size, int,
1624	S_IRUGO \| S_IWUSR);
1625	module_param_named(allow_dio, sg_allow_dio, int, S_IRUGO \| S_IWUSR);
1626
1627	MODULE_AUTHOR("Douglas Gilbert");
1628	MODULE_DESCRIPTION("SCSI generic (sg) driver");
1629	MODULE_LICENSE("GPL");
1630	MODULE_VERSION(SG_VERSION_STR);
1631	MODULE_ALIAS_CHARDEV_MAJOR(SCSI_GENERIC_MAJOR);
1632
1633	MODULE_PARM_DESC(scatter_elem_sz, "scatter gather element "
1634	"size (default: max(SG_SCATTER_SZ, PAGE_SIZE))");
1635	MODULE_PARM_DESC(def_reserved_size, "size of buffer reserved for each fd");
1636	MODULE_PARM_DESC(allow_dio, "allow direct I/O (default: 0 (disallow))");
1637
1638	#ifdef CONFIG_SYSCTL
1639	#include <linux/sysctl.h>
1640
1641	static const struct ctl_table sg_sysctls[] = {
1642	{
1643	.procname = "sg-big-buff",
1644	.data = &sg_big_buff,
1645	.maxlen = sizeof(int),
1646	.mode = `0444`,
1647	.proc_handler = proc_dointvec,
1648	},
1649	};
1650
1651	static struct ctl_table_header *hdr;
1652	static void register_sg_sysctls(void)
1653	{
1654	if (!hdr)
1655	hdr = register_sysctl("kernel", sg_sysctls);
1656	}
1657
1658	static void unregister_sg_sysctls(void)
1659	{
1660	unregister_sysctl_table(table: hdr);
1661	}
1662	#else
1663	#define register_sg_sysctls() do { } while (0)
1664	#define unregister_sg_sysctls() do { } while (0)
1665	#endif /* CONFIG_SYSCTL */
1666
1667	static int __init
1668	init_sg(void)
1669	{
1670	int rc;
1671
1672	if (scatter_elem_sz < PAGE_SIZE) {
1673	scatter_elem_sz = PAGE_SIZE;
1674	scatter_elem_sz_prev = scatter_elem_sz;
1675	}
1676	if (def_reserved_size >= `0`)
1677	sg_big_buff = def_reserved_size;
1678	else
1679	def_reserved_size = sg_big_buff;
1680
1681	rc = register_chrdev_region(MKDEV(SCSI_GENERIC_MAJOR, `0`),
1682	SG_MAX_DEVS, "sg");
1683	if (rc)
1684	return rc;
1685	rc = class_register(class: &sg_sysfs_class);
1686	if (rc)
1687	goto err_out;
1688	sg_sysfs_valid = `1`;
1689	rc = scsi_register_interface(&sg_interface);
1690	if (`0` == rc) {
1691	#ifdef CONFIG_SCSI_PROC_FS
1692	sg_proc_init();
1693	#endif /* CONFIG_SCSI_PROC_FS */
1694	return `0`;
1695	}
1696	class_unregister(class: &sg_sysfs_class);
1697	register_sg_sysctls();
1698	err_out:
1699	unregister_chrdev_region(MKDEV(SCSI_GENERIC_MAJOR, `0`), SG_MAX_DEVS);
1700	return rc;
1701	}
1702
1703	static void __exit
1704	exit_sg(void)
1705	{
1706	unregister_sg_sysctls();
1707	#ifdef CONFIG_SCSI_PROC_FS
1708	remove_proc_subtree("scsi/sg", NULL);
1709	#endif /* CONFIG_SCSI_PROC_FS */
1710	scsi_unregister_interface(&sg_interface);
1711	class_unregister(class: &sg_sysfs_class);
1712	sg_sysfs_valid = `0`;
1713	unregister_chrdev_region(MKDEV(SCSI_GENERIC_MAJOR, `0`),
1714	SG_MAX_DEVS);
1715	idr_destroy(&sg_index_idr);
1716	}
1717
1718	static int
1719	sg_start_req(Sg_request srp, unsigned* char *cmd)
1720	{
1721	int res;
1722	struct request *rq;
1723	Sg_fd *sfp = srp->parentfp;
1724	sg_io_hdr_t *hp = &srp->header;
1725	int dxfer_len = (int) hp->dxfer_len;
1726	int dxfer_dir = hp->dxfer_direction;
1727	unsigned int iov_count = hp->iovec_count;
1728	Sg_scatter_hold *req_schp = &srp->data;
1729	Sg_scatter_hold *rsv_schp = &sfp->reserve;
1730	struct request_queue *q = sfp->parentdp->device->request_queue;
1731	struct rq_map_data *md, map_data;
1732	int rw = hp->dxfer_direction == SG_DXFER_TO_DEV ? ITER_SOURCE : ITER_DEST;
1733	struct scsi_cmnd *scmd;
1734
1735	SCSI_LOG_TIMEOUT(`4`, sg_printk(KERN_INFO, sfp->parentdp,
1736	"sg_start_req: dxfer_len=%d\n",
1737	dxfer_len));
1738
1739	/*
1740	* NOTE
1741	*
1742	* With scsi-mq enabled, there are a fixed number of preallocated
1743	* requests equal in number to shost->can_queue. If all of the
1744	* preallocated requests are already in use, then scsi_alloc_request()
1745	* will sleep until an active command completes, freeing up a request.
1746	* Although waiting in an asynchronous interface is less than ideal, we
1747	* do not want to use BLK_MQ_REQ_NOWAIT here because userspace might
1748	* not expect an EWOULDBLOCK from this condition.
1749	*/
1750	rq = scsi_alloc_request(q, opf: hp->dxfer_direction == SG_DXFER_TO_DEV ?
1751	REQ_OP_DRV_OUT : REQ_OP_DRV_IN, flags: `0`);
1752	if (IS_ERR(ptr: rq))
1753	return PTR_ERR(ptr: rq);
1754	scmd = blk_mq_rq_to_pdu(rq);
1755
1756	if (hp->cmd_len > sizeof(scmd->cmnd)) {
1757	blk_mq_free_request(rq);
1758	return -EINVAL;
1759	}
1760
1761	memcpy(to: scmd->cmnd, from: cmd, len: hp->cmd_len);
1762	scmd->cmd_len = hp->cmd_len;
1763
1764	srp->rq = rq;
1765	rq->end_io_data = srp;
1766	scmd->allowed = SG_DEFAULT_RETRIES;
1767
1768	if ((dxfer_len <= `0`) \|\| (dxfer_dir == SG_DXFER_NONE))
1769	return `0`;
1770
1771	if (sg_allow_dio && hp->flags & SG_FLAG_DIRECT_IO &&
1772	dxfer_dir != SG_DXFER_UNKNOWN && !iov_count &&
1773	blk_rq_aligned(q, addr: (unsigned long)hp->dxferp, len: dxfer_len))
1774	md = NULL;
1775	else
1776	md = &map_data;
1777
1778	if (md) {
1779	mutex_lock(lock: &sfp->f_mutex);
1780	if (dxfer_len <= rsv_schp->bufflen &&
1781	!sfp->res_in_use) {
1782	sfp->res_in_use = `1`;
1783	sg_link_reserve(sfp, srp, size: dxfer_len);
1784	} else if (hp->flags & SG_FLAG_MMAP_IO) {
1785	res = -EBUSY; / sfp->res_in_use == 1 /
1786	if (dxfer_len > rsv_schp->bufflen)
1787	res = -ENOMEM;
1788	mutex_unlock(lock: &sfp->f_mutex);
1789	return res;
1790	} else {
1791	res = sg_build_indirect(schp: req_schp, sfp, buff_size: dxfer_len);
1792	if (res) {
1793	mutex_unlock(lock: &sfp->f_mutex);
1794	return res;
1795	}
1796	}
1797	mutex_unlock(lock: &sfp->f_mutex);
1798
1799	md->pages = req_schp->pages;
1800	md->page_order = req_schp->page_order;
1801	md->nr_entries = req_schp->k_use_sg;
1802	md->offset = `0`;
1803	md->null_mapped = hp->dxferp ? `0` : `1`;
1804	if (dxfer_dir == SG_DXFER_TO_FROM_DEV)
1805	md->from_user = `1`;
1806	else
1807	md->from_user = `0`;
1808	}
1809
1810	res = blk_rq_map_user_io(rq, md, hp->dxferp, hp->dxfer_len,
1811	GFP_ATOMIC, iov_count, iov_count, `1`, rw);
1812	if (!res) {
1813	srp->bio = rq->bio;
1814
1815	if (!md) {
1816	req_schp->dio_in_use = `1`;
1817	hp->info \|= SG_INFO_DIRECT_IO;
1818	}
1819	}
1820	return res;
1821	}
1822
1823	static int
1824	sg_finish_rem_req(Sg_request *srp)
1825	{
1826	int ret = `0`;
1827
1828	Sg_fd *sfp = srp->parentfp;
1829	Sg_scatter_hold *req_schp = &srp->data;
1830
1831	SCSI_LOG_TIMEOUT(`4`, sg_printk(KERN_INFO, sfp->parentdp,
1832	"sg_finish_rem_req: res_used=%d\n",
1833	(int) srp->res_used));
1834	if (srp->bio)
1835	ret = blk_rq_unmap_user(srp->bio);
1836
1837	if (srp->rq)
1838	blk_mq_free_request(rq: srp->rq);
1839
1840	if (srp->res_used)
1841	sg_unlink_reserve(sfp, srp);
1842	else
1843	sg_remove_scat(sfp, schp: req_schp);
1844
1845	return ret;
1846	}
1847
1848	static int
1849	sg_build_sgat(Sg_scatter_hold * schp, const Sg_fd * sfp, int tablesize)
1850	{
1851	int sg_bufflen = tablesize * sizeof(struct page *);
1852	gfp_t gfp_flags = GFP_ATOMIC \| __GFP_NOWARN;
1853
1854	schp->pages = kzalloc(sg_bufflen, gfp_flags);
1855	if (!schp->pages)
1856	return -ENOMEM;
1857	schp->sglist_len = sg_bufflen;
1858	return tablesize; / number of scat_gath elements allocated /
1859	}
1860
1861	static int
1862	sg_build_indirect(Sg_scatter_hold * schp, Sg_fd * sfp, int buff_size)
1863	{
1864	int ret_sz = `0`, i, k, rem_sz, num, mx_sc_elems;
1865	int sg_tablesize = sfp->parentdp->sg_tablesize;
1866	int blk_size = buff_size, order;
1867	gfp_t gfp_mask = GFP_ATOMIC \| __GFP_COMP \| __GFP_NOWARN \| __GFP_ZERO;
1868
1869	if (blk_size < `0`)
1870	return -EFAULT;
1871	if (`0` == blk_size)
1872	++blk_size; / don't know why /
1873	/ round request up to next highest SG_SECTOR_SZ byte boundary /
1874	blk_size = ALIGN(blk_size, SG_SECTOR_SZ);
1875	SCSI_LOG_TIMEOUT(`4`, sg_printk(KERN_INFO, sfp->parentdp,
1876	"sg_build_indirect: buff_size=%d, blk_size=%d\n",
1877	buff_size, blk_size));
1878
1879	/ N.B. ret_sz carried into this block ... /
1880	mx_sc_elems = sg_build_sgat(schp, sfp, tablesize: sg_tablesize);
1881	if (mx_sc_elems < `0`)
1882	return mx_sc_elems; / most likely -ENOMEM /
1883
1884	num = scatter_elem_sz;
1885	if (unlikely(num != scatter_elem_sz_prev)) {
1886	if (num < PAGE_SIZE) {
1887	scatter_elem_sz = PAGE_SIZE;
1888	scatter_elem_sz_prev = PAGE_SIZE;
1889	} else
1890	scatter_elem_sz_prev = num;
1891	}
1892
1893	order = get_order(size: num);
1894	retry:
1895	ret_sz = `1` << (PAGE_SHIFT + order);
1896
1897	for (k = `0`, rem_sz = blk_size; rem_sz > `0` && k < mx_sc_elems;
1898	k++, rem_sz -= ret_sz) {
1899
1900	num = (rem_sz > scatter_elem_sz_prev) ?
1901	scatter_elem_sz_prev : rem_sz;
1902
1903	schp->pages[k] = alloc_pages(gfp_mask, order);
1904	if (!schp->pages[k])
1905	goto out;
1906
1907	if (num == scatter_elem_sz_prev) {
1908	if (unlikely(ret_sz > scatter_elem_sz_prev)) {
1909	scatter_elem_sz = ret_sz;
1910	scatter_elem_sz_prev = ret_sz;
1911	}
1912	}
1913
1914	SCSI_LOG_TIMEOUT(`5`, sg_printk(KERN_INFO, sfp->parentdp,
1915	"sg_build_indirect: k=%d, num=%d, ret_sz=%d\n",
1916	k, num, ret_sz));
1917	} / end of for loop /
1918
1919	schp->page_order = order;
1920	schp->k_use_sg = k;
1921	SCSI_LOG_TIMEOUT(`5`, sg_printk(KERN_INFO, sfp->parentdp,
1922	"sg_build_indirect: k_use_sg=%d, rem_sz=%d\n",
1923	k, rem_sz));
1924
1925	schp->bufflen = blk_size;
1926	if (rem_sz > `0`) / must have failed /
1927	return -ENOMEM;
1928	return `0`;
1929	out:
1930	for (i = `0`; i < k; i++)
1931	__free_pages(page: schp->pages[i], order);
1932
1933	if (--order >= `0`)
1934	goto retry;
1935
1936	return -ENOMEM;
1937	}
1938
1939	static void
1940	sg_remove_scat(Sg_fd * sfp, Sg_scatter_hold * schp)
1941	{
1942	SCSI_LOG_TIMEOUT(`4`, sg_printk(KERN_INFO, sfp->parentdp,
1943	"sg_remove_scat: k_use_sg=%d\n", schp->k_use_sg));
1944	if (schp->pages && schp->sglist_len > `0`) {
1945	if (!schp->dio_in_use) {
1946	int k;
1947
1948	for (k = `0`; k < schp->k_use_sg && schp->pages[k]; k++) {
1949	SCSI_LOG_TIMEOUT(`5`,
1950	sg_printk(KERN_INFO, sfp->parentdp,
1951	"sg_remove_scat: k=%d, pg=0x%p\n",
1952	k, schp->pages[k]));
1953	__free_pages(page: schp->pages[k], order: schp->page_order);
1954	}
1955
1956	kfree(objp: schp->pages);
1957	}
1958	}
1959	memset(s: schp, c: `0`, n: sizeof (*schp));
1960	}
1961
1962	static int
1963	sg_read_oxfer(Sg_request * srp, char __user outp, int* num_read_xfer)
1964	{
1965	Sg_scatter_hold *schp = &srp->data;
1966	int k, num;
1967
1968	SCSI_LOG_TIMEOUT(`4`, sg_printk(KERN_INFO, srp->parentfp->parentdp,
1969	"sg_read_oxfer: num_read_xfer=%d\n",
1970	num_read_xfer));
1971	if ((!outp) \|\| (num_read_xfer <= `0`))
1972	return `0`;
1973
1974	num = `1` << (PAGE_SHIFT + schp->page_order);
1975	for (k = `0`; k < schp->k_use_sg && schp->pages[k]; k++) {
1976	if (num > num_read_xfer) {
1977	if (copy_to_user(to: outp, page_address(schp->pages[k]),
1978	n: num_read_xfer))
1979	return -EFAULT;
1980	break;
1981	} else {
1982	if (copy_to_user(to: outp, page_address(schp->pages[k]),
1983	n: num))
1984	return -EFAULT;
1985	num_read_xfer -= num;
1986	if (num_read_xfer <= `0`)
1987	break;
1988	outp += num;
1989	}
1990	}
1991
1992	return `0`;
1993	}
1994
1995	static void
1996	sg_build_reserve(Sg_fd * sfp, int req_size)
1997	{
1998	Sg_scatter_hold *schp = &sfp->reserve;
1999
2000	SCSI_LOG_TIMEOUT(`4`, sg_printk(KERN_INFO, sfp->parentdp,
2001	"sg_build_reserve: req_size=%d\n", req_size));
2002	do {
2003	if (req_size < PAGE_SIZE)
2004	req_size = PAGE_SIZE;
2005	if (`0` == sg_build_indirect(schp, sfp, buff_size: req_size))
2006	return;
2007	else
2008	sg_remove_scat(sfp, schp);
2009	req_size >>= `1`; / divide by 2 /
2010	} while (req_size > (PAGE_SIZE / `2`));
2011	}
2012
2013	static void
2014	sg_link_reserve(Sg_fd * sfp, Sg_request * srp, int size)
2015	{
2016	Sg_scatter_hold *req_schp = &srp->data;
2017	Sg_scatter_hold *rsv_schp = &sfp->reserve;
2018	int k, num, rem;
2019
2020	srp->res_used = `1`;
2021	SCSI_LOG_TIMEOUT(`4`, sg_printk(KERN_INFO, sfp->parentdp,
2022	"sg_link_reserve: size=%d\n", size));
2023	rem = size;
2024
2025	num = `1` << (PAGE_SHIFT + rsv_schp->page_order);
2026	for (k = `0`; k < rsv_schp->k_use_sg; k++) {
2027	if (rem <= num) {
2028	req_schp->k_use_sg = k + `1`;
2029	req_schp->sglist_len = rsv_schp->sglist_len;
2030	req_schp->pages = rsv_schp->pages;
2031
2032	req_schp->bufflen = size;
2033	req_schp->page_order = rsv_schp->page_order;
2034	break;
2035	} else
2036	rem -= num;
2037	}
2038
2039	if (k >= rsv_schp->k_use_sg)
2040	SCSI_LOG_TIMEOUT(`1`, sg_printk(KERN_INFO, sfp->parentdp,
2041	"sg_link_reserve: BAD size\n"));
2042	}
2043
2044	static void
2045	sg_unlink_reserve(Sg_fd * sfp, Sg_request * srp)
2046	{
2047	Sg_scatter_hold *req_schp = &srp->data;
2048
2049	SCSI_LOG_TIMEOUT(`4`, sg_printk(KERN_INFO, srp->parentfp->parentdp,
2050	"sg_unlink_reserve: req->k_use_sg=%d\n",
2051	(int) req_schp->k_use_sg));
2052	req_schp->k_use_sg = `0`;
2053	req_schp->bufflen = `0`;
2054	req_schp->pages = NULL;
2055	req_schp->page_order = `0`;
2056	req_schp->sglist_len = `0`;
2057	srp->res_used = `0`;
2058	/ Called without mutex lock to avoid deadlock /
2059	sfp->res_in_use = `0`;
2060	}
2061
2062	static Sg_request *
2063	sg_get_rq_mark(Sg_fd * sfp, int pack_id, bool *busy)
2064	{
2065	Sg_request *resp;
2066	unsigned long iflags;
2067
2068	*busy = false;
2069	write_lock_irqsave(&sfp->rq_list_lock, iflags);
2070	list_for_each_entry(resp, &sfp->rq_list, entry) {
2071	/ look for requests that are not SG_IO owned /
2072	if ((!resp->sg_io_owned) &&
2073	((-`1` == pack_id) \|\| (resp->header.pack_id == pack_id))) {
2074	switch (resp->done) {
2075	case `0`: / request active /
2076	*busy = true;
2077	break;
2078	case `1`: / request done; response ready to return /
2079	resp->done = `2`; / guard against other readers /
2080	write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2081	return resp;
2082	case `2`: / response already being returned /
2083	break;
2084	}
2085	}
2086	}
2087	write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2088	return NULL;
2089	}
2090
2091	/ always adds to end of list /
2092	static Sg_request *
2093	sg_add_request(Sg_fd * sfp)
2094	{
2095	int k;
2096	unsigned long iflags;
2097	Sg_request *rp = sfp->req_arr;
2098
2099	write_lock_irqsave(&sfp->rq_list_lock, iflags);
2100	if (!list_empty(head: &sfp->rq_list)) {
2101	if (!sfp->cmd_q)
2102	goto out_unlock;
2103
2104	for (k = `0`; k < SG_MAX_QUEUE; ++k, ++rp) {
2105	if (!rp->parentfp)
2106	break;
2107	}
2108	if (k >= SG_MAX_QUEUE)
2109	goto out_unlock;
2110	}
2111	memset(s: rp, c: `0`, n: sizeof (Sg_request));
2112	rp->parentfp = sfp;
2113	rp->header.duration = jiffies_to_msecs(j: jiffies);
2114	list_add_tail(new: &rp->entry, head: &sfp->rq_list);
2115	write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2116	return rp;
2117	out_unlock:
2118	write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2119	return NULL;
2120	}
2121
2122	/ Return of 1 for found; 0 for not found /
2123	static int
2124	sg_remove_request(Sg_fd * sfp, Sg_request * srp)
2125	{
2126	unsigned long iflags;
2127	int res = `0`;
2128
2129	if (!sfp \|\| !srp \|\| list_empty(head: &sfp->rq_list))
2130	return res;
2131	write_lock_irqsave(&sfp->rq_list_lock, iflags);
2132	if (!list_empty(head: &srp->entry)) {
2133	list_del(entry: &srp->entry);
2134	srp->parentfp = NULL;
2135	res = `1`;
2136	}
2137	write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2138
2139	/*
2140	* If the device is detaching, wakeup any readers in case we just
2141	* removed the last response, which would leave nothing for them to
2142	* return other than -ENODEV.
2143	*/
2144	if (unlikely(atomic_read(&sfp->parentdp->detaching)))
2145	wake_up_interruptible_all(&sfp->read_wait);
2146
2147	return res;
2148	}
2149
2150	static Sg_fd *
2151	sg_add_sfp(Sg_device * sdp)
2152	{
2153	Sg_fd *sfp;
2154	unsigned long iflags;
2155	int bufflen;
2156
2157	sfp = kzalloc(sizeof(*sfp), GFP_ATOMIC \| __GFP_NOWARN);
2158	if (!sfp)
2159	return ERR_PTR(error: -ENOMEM);
2160
2161	init_waitqueue_head(&sfp->read_wait);
2162	rwlock_init(&sfp->rq_list_lock);
2163	INIT_LIST_HEAD(list: &sfp->rq_list);
2164	kref_init(kref: &sfp->f_ref);
2165	mutex_init(&sfp->f_mutex);
2166	sfp->timeout = SG_DEFAULT_TIMEOUT;
2167	sfp->timeout_user = SG_DEFAULT_TIMEOUT_USER;
2168	sfp->force_packid = SG_DEF_FORCE_PACK_ID;
2169	sfp->cmd_q = SG_DEF_COMMAND_Q;
2170	sfp->keep_orphan = SG_DEF_KEEP_ORPHAN;
2171	sfp->parentdp = sdp;
2172	write_lock_irqsave(&sdp->sfd_lock, iflags);
2173	if (atomic_read(v: &sdp->detaching)) {
2174	write_unlock_irqrestore(&sdp->sfd_lock, iflags);
2175	kfree(objp: sfp);
2176	return ERR_PTR(error: -ENODEV);
2177	}
2178	list_add_tail(new: &sfp->sfd_siblings, head: &sdp->sfds);
2179	write_unlock_irqrestore(&sdp->sfd_lock, iflags);
2180	SCSI_LOG_TIMEOUT(`3`, sg_printk(KERN_INFO, sdp,
2181	"sg_add_sfp: sfp=0x%p\n", sfp));
2182	if (unlikely(sg_big_buff != def_reserved_size))
2183	sg_big_buff = def_reserved_size;
2184
2185	bufflen = min_t(int, sg_big_buff,
2186	max_sectors_bytes(sdp->device->request_queue));
2187	sg_build_reserve(sfp, req_size: bufflen);
2188	SCSI_LOG_TIMEOUT(`3`, sg_printk(KERN_INFO, sdp,
2189	"sg_add_sfp: bufflen=%d, k_use_sg=%d\n",
2190	sfp->reserve.bufflen,
2191	sfp->reserve.k_use_sg));
2192
2193	kref_get(kref: &sdp->d_ref);
2194	__module_get(THIS_MODULE);
2195	return sfp;
2196	}
2197
2198	static void
2199	sg_remove_sfp_usercontext(struct work_struct *work)
2200	{
2201	struct sg_fd sfp = container_of(work, struct* sg_fd, ew.work);
2202	struct sg_device *sdp = sfp->parentdp;
2203	struct scsi_device *device = sdp->device;
2204	Sg_request *srp;
2205	unsigned long iflags;
2206
2207	/ Cleanup any responses which were never read(). /
2208	write_lock_irqsave(&sfp->rq_list_lock, iflags);
2209	while (!list_empty(head: &sfp->rq_list)) {
2210	srp = list_first_entry(&sfp->rq_list, Sg_request, entry);
2211	sg_finish_rem_req(srp);
2212	list_del(entry: &srp->entry);
2213	srp->parentfp = NULL;
2214	}
2215	write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
2216
2217	if (sfp->reserve.bufflen > `0`) {
2218	SCSI_LOG_TIMEOUT(`6`, sg_printk(KERN_INFO, sdp,
2219	"sg_remove_sfp: bufflen=%d, k_use_sg=%d\n",
2220	(int) sfp->reserve.bufflen,
2221	(int) sfp->reserve.k_use_sg));
2222	sg_remove_scat(sfp, schp: &sfp->reserve);
2223	}
2224
2225	SCSI_LOG_TIMEOUT(`6`, sg_printk(KERN_INFO, sdp,
2226	"sg_remove_sfp: sfp=0x%p\n", sfp));
2227	kfree(objp: sfp);
2228
2229	kref_put(kref: &sdp->d_ref, release: sg_device_destroy);
2230	scsi_device_put(device);
2231	module_put(THIS_MODULE);
2232	}
2233
2234	static void
2235	sg_remove_sfp(struct kref *kref)
2236	{
2237	struct sg_fd sfp = container_of(kref, struct* sg_fd, f_ref);
2238	struct sg_device *sdp = sfp->parentdp;
2239	unsigned long iflags;
2240
2241	write_lock_irqsave(&sdp->sfd_lock, iflags);
2242	list_del(entry: &sfp->sfd_siblings);
2243	write_unlock_irqrestore(&sdp->sfd_lock, iflags);
2244
2245	INIT_WORK(&sfp->ew.work, sg_remove_sfp_usercontext);
2246	schedule_work(work: &sfp->ew.work);
2247	}
2248
2249	#ifdef CONFIG_SCSI_PROC_FS
2250	static int
2251	sg_idr_max_id(int id, void p, void* *data)
2252	{
2253	int *k = data;
2254
2255	if (*k < id)
2256	*k = id;
2257
2258	return `0`;
2259	}
2260
2261	static int
2262	sg_last_dev(void)
2263	{
2264	int k = -`1`;
2265	unsigned long iflags;
2266
2267	read_lock_irqsave(&sg_index_lock, iflags);
2268	idr_for_each(&sg_index_idr, fn: sg_idr_max_id, data: &k);
2269	read_unlock_irqrestore(&sg_index_lock, iflags);
2270	return k + `1`; / origin 1 /
2271	}
2272	#endif
2273
2274	/ must be called with sg_index_lock held /
2275	static Sg_device sg_lookup_dev(int* dev)
2276	{
2277	return idr_find(&sg_index_idr, id: dev);
2278	}
2279
2280	static Sg_device *
2281	sg_get_dev(int dev)
2282	{
2283	struct sg_device *sdp;
2284	unsigned long flags;
2285
2286	read_lock_irqsave(&sg_index_lock, flags);
2287	sdp = sg_lookup_dev(dev);
2288	if (!sdp)
2289	sdp = ERR_PTR(error: -ENXIO);
2290	else if (atomic_read(v: &sdp->detaching)) {
2291	/ If sdp->detaching, then the refcount may already be 0, in*
2292	* which case it would be a bug to do kref_get().
2293	*/
2294	sdp = ERR_PTR(error: -ENODEV);
2295	} else
2296	kref_get(kref: &sdp->d_ref);
2297	read_unlock_irqrestore(&sg_index_lock, flags);
2298
2299	return sdp;
2300	}
2301
2302	#ifdef CONFIG_SCSI_PROC_FS
2303	static int sg_proc_seq_show_int(struct seq_file s, void* *v);
2304
2305	static int sg_proc_single_open_adio(struct inode inode, struct* file *file);
2306	static ssize_t sg_proc_write_adio(struct file filp, const* char __user *buffer,
2307	size_t count, loff_t *off);
2308	static const struct proc_ops adio_proc_ops = {
2309	.proc_open = sg_proc_single_open_adio,
2310	.proc_read = seq_read,
2311	.proc_lseek = seq_lseek,
2312	.proc_write = sg_proc_write_adio,
2313	.proc_release = single_release,
2314	};
2315
2316	static int sg_proc_single_open_dressz(struct inode inode, struct* file *file);
2317	static ssize_t sg_proc_write_dressz(struct file *filp,
2318	const char __user buffer, size_t count, loff_t off);
2319	static const struct proc_ops dressz_proc_ops = {
2320	.proc_open = sg_proc_single_open_dressz,
2321	.proc_read = seq_read,
2322	.proc_lseek = seq_lseek,
2323	.proc_write = sg_proc_write_dressz,
2324	.proc_release = single_release,
2325	};
2326
2327	static int sg_proc_seq_show_version(struct seq_file s, void* *v);
2328	static int sg_proc_seq_show_devhdr(struct seq_file s, void* *v);
2329	static int sg_proc_seq_show_dev(struct seq_file s, void* *v);
2330	static void * dev_seq_start(struct seq_file s, loff_t pos);
2331	static void * dev_seq_next(struct seq_file s, void* v, loff_t pos);
2332	static void dev_seq_stop(struct seq_file s, void* *v);
2333	static const struct seq_operations dev_seq_ops = {
2334	.start = dev_seq_start,
2335	.next = dev_seq_next,
2336	.stop = dev_seq_stop,
2337	.show = sg_proc_seq_show_dev,
2338	};
2339
2340	static int sg_proc_seq_show_devstrs(struct seq_file s, void* *v);
2341	static const struct seq_operations devstrs_seq_ops = {
2342	.start = dev_seq_start,
2343	.next = dev_seq_next,
2344	.stop = dev_seq_stop,
2345	.show = sg_proc_seq_show_devstrs,
2346	};
2347
2348	static int sg_proc_seq_show_debug(struct seq_file s, void* *v);
2349	static const struct seq_operations debug_seq_ops = {
2350	.start = dev_seq_start,
2351	.next = dev_seq_next,
2352	.stop = dev_seq_stop,
2353	.show = sg_proc_seq_show_debug,
2354	};
2355
2356	static int
2357	sg_proc_init(void)
2358	{
2359	struct proc_dir_entry *p;
2360
2361	p = proc_mkdir("scsi/sg", NULL);
2362	if (!p)
2363	return `1`;
2364
2365	proc_create(name: "allow_dio", S_IRUGO \| S_IWUSR, parent: p, proc_ops: &adio_proc_ops);
2366	proc_create_seq("debug", S_IRUGO, p, &debug_seq_ops);
2367	proc_create(name: "def_reserved_size", S_IRUGO \| S_IWUSR, parent: p, proc_ops: &dressz_proc_ops);
2368	proc_create_single("device_hdr", S_IRUGO, p, sg_proc_seq_show_devhdr);
2369	proc_create_seq("devices", S_IRUGO, p, &dev_seq_ops);
2370	proc_create_seq("device_strs", S_IRUGO, p, &devstrs_seq_ops);
2371	proc_create_single("version", S_IRUGO, p, sg_proc_seq_show_version);
2372	return `0`;
2373	}
2374
2375
2376	static int sg_proc_seq_show_int(struct seq_file s, void* *v)
2377	{
2378	seq_printf(m: s, fmt: "%d\n", ((int* *)s->private));
2379	return `0`;
2380	}
2381
2382	static int sg_proc_single_open_adio(struct inode inode, struct* file *file)
2383	{
2384	return single_open(file, sg_proc_seq_show_int, &sg_allow_dio);
2385	}
2386
2387	static ssize_t
2388	sg_proc_write_adio(struct file filp, const* char __user *buffer,
2389	size_t count, loff_t *off)
2390	{
2391	int err;
2392	unsigned long num;
2393
2394	if (!capable(CAP_SYS_ADMIN) \|\| !capable(CAP_SYS_RAWIO))
2395	return -EACCES;
2396	err = kstrtoul_from_user(s: buffer, count, base: `0`, res: &num);
2397	if (err)
2398	return err;
2399	sg_allow_dio = num ? `1` : `0`;
2400	return count;
2401	}
2402
2403	static int sg_proc_single_open_dressz(struct inode inode, struct* file *file)
2404	{
2405	return single_open(file, sg_proc_seq_show_int, &sg_big_buff);
2406	}
2407
2408	static ssize_t
2409	sg_proc_write_dressz(struct file filp, const* char __user *buffer,
2410	size_t count, loff_t *off)
2411	{
2412	int err;
2413	unsigned long k = ULONG_MAX;
2414
2415	if (!capable(CAP_SYS_ADMIN) \|\| !capable(CAP_SYS_RAWIO))
2416	return -EACCES;
2417
2418	err = kstrtoul_from_user(s: buffer, count, base: `0`, res: &k);
2419	if (err)
2420	return err;
2421	if (k <= `1048576`) { / limit "big buff" to 1 MB /
2422	sg_big_buff = k;
2423	return count;
2424	}
2425	return -ERANGE;
2426	}
2427
2428	static int sg_proc_seq_show_version(struct seq_file s, void* *v)
2429	{
2430	seq_printf(m: s, fmt: "%d\t%s [%s]\n", sg_version_num, SG_VERSION_STR,
2431	sg_version_date);
2432	return `0`;
2433	}
2434
2435	static int sg_proc_seq_show_devhdr(struct seq_file s, void* *v)
2436	{
2437	seq_puts(m: s, s: "host\tchan\tid\tlun\ttype\topens\tqdepth\tbusy\tonline\n");
2438	return `0`;
2439	}
2440
2441	struct sg_proc_deviter {
2442	loff_t index;
2443	size_t max;
2444	};
2445
2446	static void * dev_seq_start(struct seq_file s, loff_t pos)
2447	{
2448	struct sg_proc_deviter * it = kmalloc(sizeof(*it), GFP_KERNEL);
2449
2450	s->private = it;
2451	if (! it)
2452	return NULL;
2453
2454	it->index = *pos;
2455	it->max = sg_last_dev();
2456	if (it->index >= it->max)
2457	return NULL;
2458	return it;
2459	}
2460
2461	static void * dev_seq_next(struct seq_file s, void* v, loff_t pos)
2462	{
2463	struct sg_proc_deviter * it = s->private;
2464
2465	*pos = ++it->index;
2466	return (it->index < it->max) ? it : NULL;
2467	}
2468
2469	static void dev_seq_stop(struct seq_file s, void* *v)
2470	{
2471	kfree(objp: s->private);
2472	}
2473
2474	static int sg_proc_seq_show_dev(struct seq_file s, void* *v)
2475	{
2476	struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
2477	Sg_device *sdp;
2478	struct scsi_device *scsidp;
2479	unsigned long iflags;
2480
2481	read_lock_irqsave(&sg_index_lock, iflags);
2482	sdp = it ? sg_lookup_dev(dev: it->index) : NULL;
2483	if ((NULL == sdp) \|\| (NULL == sdp->device) \|\|
2484	(atomic_read(v: &sdp->detaching)))
2485	seq_puts(m: s, s: "-1\t-1\t-1\t-1\t-1\t-1\t-1\t-1\t-1\n");
2486	else {
2487	scsidp = sdp->device;
2488	seq_printf(m: s, fmt: "%d\t%d\t%d\t%llu\t%d\t%d\t%d\t%d\t%d\n",
2489	scsidp->host->host_no, scsidp->channel,
2490	scsidp->id, scsidp->lun, (int) scsidp->type,
2491	`1`,
2492	(int) scsidp->queue_depth,
2493	(int) scsi_device_busy(sdev: scsidp),
2494	(int) scsi_device_online(sdev: scsidp));
2495	}
2496	read_unlock_irqrestore(&sg_index_lock, iflags);
2497	return `0`;
2498	}
2499
2500	static int sg_proc_seq_show_devstrs(struct seq_file s, void* *v)
2501	{
2502	struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
2503	Sg_device *sdp;
2504	struct scsi_device *scsidp;
2505	unsigned long iflags;
2506
2507	read_lock_irqsave(&sg_index_lock, iflags);
2508	sdp = it ? sg_lookup_dev(dev: it->index) : NULL;
2509	scsidp = sdp ? sdp->device : NULL;
2510	if (sdp && scsidp && (!atomic_read(v: &sdp->detaching)))
2511	seq_printf(m: s, fmt: "%8.8s\t%16.16s\t%4.4s\n",
2512	scsidp->vendor, scsidp->model, scsidp->rev);
2513	else
2514	seq_puts(m: s, s: "<no active device>\n");
2515	read_unlock_irqrestore(&sg_index_lock, iflags);
2516	return `0`;
2517	}
2518
2519	/ must be called while holding sg_index_lock /
2520	static void sg_proc_debug_helper(struct seq_file s, Sg_device sdp)
2521	{
2522	int k, new_interface, blen, usg;
2523	Sg_request *srp;
2524	Sg_fd *fp;
2525	const sg_io_hdr_t *hp;
2526	const char * cp;
2527	unsigned int ms;
2528
2529	k = `0`;
2530	list_for_each_entry(fp, &sdp->sfds, sfd_siblings) {
2531	k++;
2532	read_lock(&fp->rq_list_lock); / irqs already disabled /
2533	seq_printf(m: s, fmt: " FD(%d): timeout=%dms bufflen=%d "
2534	"(res)sgat=%d low_dma=%d\n", k,
2535	jiffies_to_msecs(j: fp->timeout),
2536	fp->reserve.bufflen,
2537	(int) fp->reserve.k_use_sg, `0`);
2538	seq_printf(m: s, fmt: " cmd_q=%d f_packid=%d k_orphan=%d closed=0\n",
2539	(int) fp->cmd_q, (int) fp->force_packid,
2540	(int) fp->keep_orphan);
2541	list_for_each_entry(srp, &fp->rq_list, entry) {
2542	hp = &srp->header;
2543	new_interface = (hp->interface_id == `'\0'`) ? `0` : `1`;
2544	if (srp->res_used) {
2545	if (new_interface &&
2546	(SG_FLAG_MMAP_IO & hp->flags))
2547	cp = " mmap>> ";
2548	else
2549	cp = " rb>> ";
2550	} else {
2551	if (SG_INFO_DIRECT_IO_MASK & hp->info)
2552	cp = " dio>> ";
2553	else
2554	cp = " ";
2555	}
2556	seq_puts(m: s, s: cp);
2557	blen = srp->data.bufflen;
2558	usg = srp->data.k_use_sg;
2559	seq_puts(m: s, s: srp->done ?
2560	((`1` == srp->done) ? "rcv:" : "fin:")
2561	: "act:");
2562	seq_printf(m: s, fmt: " id=%d blen=%d",
2563	srp->header.pack_id, blen);
2564	if (srp->done)
2565	seq_printf(m: s, fmt: " dur=%d", hp->duration);
2566	else {
2567	ms = jiffies_to_msecs(j: jiffies);
2568	seq_printf(m: s, fmt: " t_o/elap=%d/%d",
2569	(new_interface ? hp->timeout :
2570	jiffies_to_msecs(j: fp->timeout)),
2571	(ms > hp->duration ? ms - hp->duration : `0`));
2572	}
2573	seq_printf(m: s, fmt: "ms sgat=%d op=0x%02x\n", usg,
2574	(int) srp->data.cmd_opcode);
2575	}
2576	if (list_empty(head: &fp->rq_list))
2577	seq_puts(m: s, s: " No requests active\n");
2578	read_unlock(&fp->rq_list_lock);
2579	}
2580	}
2581
2582	static int sg_proc_seq_show_debug(struct seq_file s, void* *v)
2583	{
2584	struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
2585	Sg_device *sdp;
2586	unsigned long iflags;
2587
2588	if (it && (`0` == it->index))
2589	seq_printf(m: s, fmt: "max_active_device=%d def_reserved_size=%d\n",
2590	(int)it->max, sg_big_buff);
2591
2592	read_lock_irqsave(&sg_index_lock, iflags);
2593	sdp = it ? sg_lookup_dev(dev: it->index) : NULL;
2594	if (NULL == sdp)
2595	goto skip;
2596	read_lock(&sdp->sfd_lock);
2597	if (!list_empty(head: &sdp->sfds)) {
2598	seq_printf(m: s, fmt: " >>> device=%s ", sdp->name);
2599	if (atomic_read(v: &sdp->detaching))
2600	seq_puts(m: s, s: "detaching pending close ");
2601	else if (sdp->device) {
2602	struct scsi_device *scsidp = sdp->device;
2603
2604	seq_printf(m: s, fmt: "%d:%d:%d:%llu em=%d",
2605	scsidp->host->host_no,
2606	scsidp->channel, scsidp->id,
2607	scsidp->lun,
2608	scsidp->host->hostt->emulated);
2609	}
2610	seq_printf(m: s, fmt: " sg_tablesize=%d excl=%d open_cnt=%d\n",
2611	sdp->sg_tablesize, sdp->exclude, sdp->open_cnt);
2612	sg_proc_debug_helper(s, sdp);
2613	}
2614	read_unlock(&sdp->sfd_lock);
2615	skip:
2616	read_unlock_irqrestore(&sg_index_lock, iflags);
2617	return `0`;
2618	}
2619
2620	#endif /* CONFIG_SCSI_PROC_FS */
2621
2622	module_init(init_sg);
2623	module_exit(exit_sg);
2624

Browse the source code of Linux/drivers/scsi/sg.c