As sg_read() is getting quite long, split out the v1 and v2 processing into sg_rd_v1v2(). Rename sg_new_read() to sg_v3_receive() as the v3 interface is now older than the v4 interface which is being added in a later patch. Signed-off-by: Douglas Gilbert <dgilbert@xxxxxxxxxxxx> --- drivers/scsi/sg.c | 273 +++++++++++++++++++++++----------------------- 1 file changed, 135 insertions(+), 138 deletions(-) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 90753f7759c7..cbd75e34ca4b 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -760,17 +760,12 @@ sg_get_rq_mark(struct sg_fd *sfp, int pack_id) } static ssize_t -sg_new_read(struct sg_fd *sfp, char __user *buf, size_t count, - struct sg_request *srp) +sg_v3_receive(struct sg_fd *sfp, char __user *buf, struct sg_request *srp) { struct sg_io_hdr *hp = &srp->header; int err = 0, err2; int len; - if (count < SZ_SG_IO_HDR) { - err = -EINVAL; - goto err_out; - } hp->sb_len_wr = 0; if ((hp->mx_sb_len > 0) && hp->sbp) { if ((CHECK_CONDITION & hp->masked_status) || @@ -791,14 +786,15 @@ sg_new_read(struct sg_fd *sfp, char __user *buf, size_t count, } if (hp->masked_status || hp->host_status || hp->driver_status) hp->info |= SG_INFO_CHECK; - if (copy_to_user(buf, hp, SZ_SG_IO_HDR)) { + if (copy_to_user(buf, hp, SZ_SG_IO_HDR)) err = -EFAULT; - goto err_out; - } + err_out: err2 = sg_finish_scsi_blk_rq(srp); + if (err2) + err = err ? err : err2; sg_remove_request(sfp, srp); - return err ? : err2 ? : count; + return err ? err : 0; } static int @@ -813,164 +809,165 @@ srp_done(struct sg_fd *sfp, struct sg_request *srp) return ret; } -static ssize_t -sg_read(struct file *filp, char __user *buf, size_t count, loff_t *ppos) +static int +sg_rd_v1v2(void __user *buf, int count, struct sg_fd *sfp, + struct sg_request *srp) { - struct sg_device *sdp; - struct sg_fd *sfp; - struct sg_request *srp; - int req_pack_id = -1; - int ret = 0; - struct sg_io_hdr *hp; - struct sg_header *old_hdr = NULL; - - /* - * This could cause a response to be stranded. Close the associated - * file descriptor to free up any resources being held. - */ - ret = sg_check_file_access(filp, __func__); - if (ret) - return ret; - - sfp = filp->private_data; - sdp = sfp->parentdp; - SG_LOG(3, sfp, "%s: read() count=%d\n", __func__, (int)count); - ret = sg_allow_if_err_recovery(sdp, false); - if (ret) - return ret; - - if (sfp->force_packid && (count >= SZ_SG_HEADER)) { - old_hdr = kmalloc(SZ_SG_HEADER, GFP_KERNEL); - if (!old_hdr) - return -ENOMEM; - if (copy_from_user(old_hdr, buf, SZ_SG_HEADER)) { - ret = -EFAULT; - goto free_old_hdr; - } - if (old_hdr->reply_len < 0) { - if (count >= SZ_SG_IO_HDR) { - struct sg_io_hdr *new_hdr; - - new_hdr = kmalloc(SZ_SG_IO_HDR, GFP_KERNEL); - if (!new_hdr) { - ret = -ENOMEM; - goto free_old_hdr; - } - ret = copy_from_user(new_hdr, buf, - SZ_SG_IO_HDR); - req_pack_id = new_hdr->pack_id; - kfree(new_hdr); - if (ret) { - ret = -EFAULT; - goto free_old_hdr; - } - } - } else - req_pack_id = old_hdr->pack_id; - } - srp = sg_get_rq_mark(sfp, req_pack_id); - if (!srp) { /* now wait on packet to arrive */ - if (SG_IS_DETACHING(sdp)) { - ret = -ENODEV; - goto free_old_hdr; - } - if (filp->f_flags & O_NONBLOCK) { - ret = -EAGAIN; - goto free_old_hdr; - } - ret = wait_event_interruptible - (sfp->read_wait, - (SG_IS_DETACHING(sdp) || - (srp = sg_get_rq_mark(sfp, req_pack_id)))); - if (SG_IS_DETACHING(sdp)) { - ret = -ENODEV; - goto free_old_hdr; - } - if (ret) { - /* -ERESTARTSYS as signal hit process */ - goto free_old_hdr; - } - } - if (srp->header.interface_id != '\0') { - ret = sg_new_read(sfp, buf, count, srp); - goto free_old_hdr; - } - - hp = &srp->header; - if (old_hdr == NULL) { - old_hdr = kmalloc(SZ_SG_HEADER, GFP_KERNEL); - if (!old_hdr) { - ret = -ENOMEM; - goto free_old_hdr; - } - } - memset(old_hdr, 0, SZ_SG_HEADER); - old_hdr->reply_len = (int) hp->timeout; - old_hdr->pack_len = old_hdr->reply_len; /* old, strange behaviour */ - old_hdr->pack_id = hp->pack_id; - old_hdr->twelve_byte = - ((srp->data.cmd_opcode >= 0xc0) && (hp->cmd_len == 12)) ? 1 : 0; - old_hdr->target_status = hp->masked_status; - old_hdr->host_status = hp->host_status; - old_hdr->driver_status = hp->driver_status; - if ((hp->masked_status & CHECK_CONDITION) || - (hp->driver_status & DRIVER_SENSE)) - memcpy(old_hdr->sense_buffer, srp->sense_b, - sizeof(old_hdr->sense_buffer)); - switch (hp->host_status) { + int res = 0; + struct sg_io_hdr *sh3p = &srp->header; + struct sg_header *h2p; + struct sg_header a_v2hdr; + + h2p = &a_v2hdr; + memset(h2p, 0, SZ_SG_HEADER); + h2p->reply_len = (int)sh3p->timeout; + h2p->pack_len = h2p->reply_len; /* old, strange behaviour */ + h2p->pack_id = sh3p->pack_id; + h2p->twelve_byte = (srp->data.cmd_opcode >= 0xc0 && + sh3p->cmd_len == 12); + h2p->target_status = sh3p->masked_status; + h2p->host_status = sh3p->host_status; + h2p->driver_status = sh3p->driver_status; + if ((CHECK_CONDITION & h2p->target_status) || + (DRIVER_SENSE & sh3p->driver_status)) { + memcpy(h2p->sense_buffer, srp->sense_b, + sizeof(h2p->sense_buffer)); + } + switch (h2p->host_status) { /* - * This setup of 'result' is for backward compatibility and is best - * ignored by the user who should use target, host + driver status + * This foolowing setting of 'result' is for backward compatibility + * and is best ignored by the user who should use target, host and + * driver status. */ case DID_OK: case DID_PASSTHROUGH: case DID_SOFT_ERROR: - old_hdr->result = 0; + h2p->result = 0; break; case DID_NO_CONNECT: case DID_BUS_BUSY: case DID_TIME_OUT: - old_hdr->result = EBUSY; + h2p->result = EBUSY; break; case DID_BAD_TARGET: case DID_ABORT: case DID_PARITY: case DID_RESET: case DID_BAD_INTR: - old_hdr->result = EIO; + h2p->result = EIO; break; case DID_ERROR: - old_hdr->result = (srp->sense_b[0] == 0 && - hp->masked_status == GOOD) ? 0 : EIO; + h2p->result = (h2p->target_status == GOOD) ? 0 : EIO; break; default: - old_hdr->result = EIO; + h2p->result = EIO; break; } /* Now copy the result back to the user buffer. */ if (count >= SZ_SG_HEADER) { - if (copy_to_user(buf, old_hdr, SZ_SG_HEADER)) { - ret = -EFAULT; - goto free_old_hdr; - } + if (copy_to_user(buf, h2p, SZ_SG_HEADER)) + return -EFAULT; buf += SZ_SG_HEADER; - if (count > old_hdr->reply_len) - count = old_hdr->reply_len; + if (count > h2p->reply_len) + count = h2p->reply_len; if (count > SZ_SG_HEADER) { - if (sg_rd_append(srp, buf, count - SZ_SG_HEADER)) { - ret = -EFAULT; - goto free_old_hdr; - } + if (sg_rd_append(srp, buf, count - SZ_SG_HEADER)) + return -EFAULT; } } else - count = (old_hdr->result == 0) ? 0 : -EIO; + res = (h2p->result == 0) ? 0 : -EIO; sg_finish_scsi_blk_rq(srp); sg_remove_request(sfp, srp); - ret = count; -free_old_hdr: - kfree(old_hdr); - return ret; + return res; +} + +static ssize_t +sg_read(struct file *filp, char __user *p, size_t count, loff_t *ppos) +{ + bool could_be_v3; + bool non_block = !!(filp->f_flags & O_NONBLOCK); + int want_id = -1; + int hlen, ret; + struct sg_device *sdp; + struct sg_fd *sfp; + struct sg_request *srp; + struct sg_header *h2p = NULL; + struct sg_io_hdr a_sg_io_hdr; + + /* + * This could cause a response to be stranded. Close the associated + * file descriptor to free up any resources being held. + */ + ret = sg_check_file_access(filp, __func__); + if (ret) + return ret; + + sfp = filp->private_data; + sdp = sfp->parentdp; + SG_LOG(3, sfp, "%s: read() count=%d\n", __func__, (int)count); + ret = sg_allow_if_err_recovery(sdp, false); + if (ret) + return ret; + + could_be_v3 = (count >= SZ_SG_IO_HDR); + hlen = could_be_v3 ? SZ_SG_IO_HDR : SZ_SG_HEADER; + h2p = (struct sg_header *)&a_sg_io_hdr; + + if (sfp->force_packid && count >= hlen) { + /* + * Even though this is a user space read() system call, this + * code is cheating to fetch the pack_id. + * Only need first three 32 bit ints to determine interface. + */ + if (unlikely(copy_from_user(h2p, p, 3 * sizeof(int)))) + return -EFAULT; + if (h2p->reply_len < 0 && could_be_v3) { + struct sg_io_hdr *v3_hdr = (struct sg_io_hdr *)h2p; + + if (likely(v3_hdr->interface_id == 'S')) { + struct sg_io_hdr __user *h3_up; + + h3_up = (struct sg_io_hdr __user *)p; + ret = get_user(want_id, &h3_up->pack_id); + if (unlikely(ret)) + return ret; + } else if (v3_hdr->interface_id == 'Q') { + pr_info_once("sg: %s: v4 interface%s here\n", + __func__, " disallowed"); + return -EPERM; + } else { + return -EPERM; + } + } else { /* for v1+v2 interfaces, this is the 3rd integer */ + want_id = h2p->pack_id; + } + } + srp = sg_get_rq_mark(sfp, want_id); + if (!srp) { /* now wait on packet to arrive */ + if (SG_IS_DETACHING(sdp)) + return -ENODEV; + if (non_block) /* O_NONBLOCK or v3::flags & SGV4_FLAG_IMMED */ + return -EAGAIN; + ret = wait_event_interruptible + (sfp->read_wait, + (SG_IS_DETACHING(sdp) || + (srp = sg_get_rq_mark(sfp, want_id)))); + if (SG_IS_DETACHING(sdp)) + return -ENODEV; + if (ret) /* -ERESTARTSYS as signal hit process */ + return ret; + } + if (srp->header.interface_id == '\0') { + ret = sg_rd_v1v2(p, (int)count, sfp, srp); + } else { + if ((int)count < SZ_SG_IO_HDR) + return -EINVAL; + ret = sg_v3_receive(sfp, p, srp); + } + if (ret < 0) + SG_LOG(1, sfp, "%s: negated errno: %d\n", __func__, ret); + return ret < 0 ? ret : (int)count; } static int @@ -1043,7 +1040,7 @@ sg_ctl_sg_io(struct file *filp, struct sg_device *sdp, struct sg_fd *sfp, if (srp->done) { srp->done = 2; spin_unlock_irq(&sfp->rq_list_lock); - res = sg_new_read(sfp, p, SZ_SG_IO_HDR, srp); + res = sg_v3_receive(sfp, p, srp); return (res < 0) ? res : 0; } srp->orphan = 1; -- 2.23.0