From abf5439370491dd6fbb4fe1a7939680d2a9bc9d4 Mon Sep 17 00:00:00 2001 From: FUJITA Tomonori Date: Sat, 16 Aug 2008 14:10:05 +0900 Subject: block: move cmdfilter from gendisk to request_queue cmd_filter works only for the block layer SG_IO with SCSI block devices. It breaks scsi/sg.c, bsg, and the block layer SG_IO with SCSI character devices (such as st). We hit a kernel crash with them. The problem is that cmd_filter code accesses to gendisk (having struct blk_scsi_cmd_filter) via inode->i_bdev->bd_disk. It works for only SCSI block device files. With character device files, inode->i_bdev leads you to struct cdev. inode->i_bdev->bd_disk->blk_scsi_cmd_filter isn't safe. SCSI ULDs don't expose gendisk; they keep it private. bsg needs to be independent on any protocols. We shouldn't change ULDs to expose their gendisk. This patch moves struct blk_scsi_cmd_filter from gendisk to request_queue, a common object, which eveyone can access to. The user interface doesn't change; users can change the filters via /sys/block/. gendisk has a pointer to request_queue so the cmd_filter code accesses to struct blk_scsi_cmd_filter. Signed-off-by: FUJITA Tomonori Signed-off-by: Jens Axboe --- block/blk-core.c | 2 + block/bsg.c | 44 +++++------------- block/cmd-filter.c | 118 +++---------------------------------------------- block/scsi_ioctl.c | 94 +++++++++++++++++++++++++++++++++++++-- drivers/scsi/sg.c | 11 ++++- include/linux/blkdev.h | 16 +++++-- include/linux/genhd.h | 10 ----- 7 files changed, 132 insertions(+), 163 deletions(-) diff --git a/block/blk-core.c b/block/blk-core.c index 4889eb86a39e..2cba5ef97b2b 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -582,6 +582,8 @@ blk_init_queue_node(request_fn_proc *rfn, spinlock_t *lock, int node_id) q->sg_reserved_size = INT_MAX; + blk_set_cmd_filter_defaults(&q->cmd_filter); + /* * all done */ diff --git a/block/bsg.c b/block/bsg.c index 5a68b09a69ba..0aae8d7ba99c 100644 --- a/block/bsg.c +++ b/block/bsg.c @@ -45,8 +45,6 @@ struct bsg_device { char name[BUS_ID_SIZE]; int max_queue; unsigned long flags; - struct blk_scsi_cmd_filter *cmd_filter; - mode_t *f_mode; }; enum { @@ -174,7 +172,8 @@ unlock: } static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq, - struct sg_io_v4 *hdr, struct bsg_device *bd) + struct sg_io_v4 *hdr, struct bsg_device *bd, + int has_write_perm) { if (hdr->request_len > BLK_MAX_CDB) { rq->cmd = kzalloc(hdr->request_len, GFP_KERNEL); @@ -187,8 +186,7 @@ static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq, return -EFAULT; if (hdr->subprotocol == BSG_SUB_PROTOCOL_SCSI_CMD) { - if (blk_cmd_filter_verify_command(bd->cmd_filter, rq->cmd, - bd->f_mode)) + if (blk_verify_command(&q->cmd_filter, rq->cmd, has_write_perm)) return -EPERM; } else if (!capable(CAP_SYS_RAWIO)) return -EPERM; @@ -244,7 +242,7 @@ bsg_validate_sgv4_hdr(struct request_queue *q, struct sg_io_v4 *hdr, int *rw) * map sg_io_v4 to a request. */ static struct request * -bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr) +bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr, int has_write_perm) { struct request_queue *q = bd->queue; struct request *rq, *next_rq = NULL; @@ -266,7 +264,7 @@ bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr) rq = blk_get_request(q, rw, GFP_KERNEL); if (!rq) return ERR_PTR(-ENOMEM); - ret = blk_fill_sgv4_hdr_rq(q, rq, hdr, bd); + ret = blk_fill_sgv4_hdr_rq(q, rq, hdr, bd, has_write_perm); if (ret) goto out; @@ -568,25 +566,6 @@ static inline void bsg_set_block(struct bsg_device *bd, struct file *file) set_bit(BSG_F_BLOCK, &bd->flags); } -static void bsg_set_cmd_filter(struct bsg_device *bd, - struct file *file) -{ - struct inode *inode; - struct gendisk *disk; - - if (!file) - return; - - inode = file->f_dentry->d_inode; - if (!inode) - return; - - disk = inode->i_bdev->bd_disk; - - bd->cmd_filter = &disk->cmd_filter; - bd->f_mode = &file->f_mode; -} - /* * Check if the error is a "real" error that we should return. */ @@ -608,7 +587,6 @@ bsg_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) dprintk("%s: read %Zd bytes\n", bd->name, count); bsg_set_block(bd, file); - bsg_set_cmd_filter(bd, file); bytes_read = 0; ret = __bsg_read(buf, count, bd, NULL, &bytes_read); @@ -621,7 +599,7 @@ bsg_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) } static int __bsg_write(struct bsg_device *bd, const char __user *buf, - size_t count, ssize_t *bytes_written) + size_t count, ssize_t *bytes_written, int has_write_perm) { struct bsg_command *bc; struct request *rq; @@ -652,7 +630,7 @@ static int __bsg_write(struct bsg_device *bd, const char __user *buf, /* * get a request, fill in the blanks, and add to request queue */ - rq = bsg_map_hdr(bd, &bc->hdr); + rq = bsg_map_hdr(bd, &bc->hdr, has_write_perm); if (IS_ERR(rq)) { ret = PTR_ERR(rq); rq = NULL; @@ -683,10 +661,11 @@ bsg_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos) dprintk("%s: write %Zd bytes\n", bd->name, count); bsg_set_block(bd, file); - bsg_set_cmd_filter(bd, file); bytes_written = 0; - ret = __bsg_write(bd, buf, count, &bytes_written); + ret = __bsg_write(bd, buf, count, &bytes_written, + file->f_mode & FMODE_WRITE); + *ppos = bytes_written; /* @@ -792,7 +771,6 @@ static struct bsg_device *bsg_add_device(struct inode *inode, bd->queue = rq; bsg_set_block(bd, file); - bsg_set_cmd_filter(bd, file); atomic_set(&bd->ref_count, 1); mutex_lock(&bsg_mutex); @@ -943,7 +921,7 @@ static long bsg_ioctl(struct file *file, unsigned int cmd, unsigned long arg) if (copy_from_user(&hdr, uarg, sizeof(hdr))) return -EFAULT; - rq = bsg_map_hdr(bd, &hdr); + rq = bsg_map_hdr(bd, &hdr, file->f_mode & FMODE_WRITE); if (IS_ERR(rq)) return PTR_ERR(rq); diff --git a/block/cmd-filter.c b/block/cmd-filter.c index eec4404fd357..c705c33361a0 100644 --- a/block/cmd-filter.c +++ b/block/cmd-filter.c @@ -27,8 +27,8 @@ #include #include -int blk_cmd_filter_verify_command(struct blk_scsi_cmd_filter *filter, - unsigned char *cmd, mode_t *f_mode) +int blk_verify_command(struct blk_scsi_cmd_filter *filter, + unsigned char *cmd, int has_write_perm) { /* root can do any command. */ if (capable(CAP_SYS_RAWIO)) @@ -43,30 +43,11 @@ int blk_cmd_filter_verify_command(struct blk_scsi_cmd_filter *filter, return 0; /* Write-safe commands require a writable open */ - if (test_bit(cmd[0], filter->write_ok) && (*f_mode & FMODE_WRITE)) + if (test_bit(cmd[0], filter->write_ok) && has_write_perm) return 0; return -EPERM; } -EXPORT_SYMBOL(blk_cmd_filter_verify_command); - -int blk_verify_command(struct file *file, unsigned char *cmd) -{ - struct gendisk *disk; - struct inode *inode; - - if (!file) - return -EINVAL; - - inode = file->f_dentry->d_inode; - if (!inode) - return -EINVAL; - - disk = inode->i_bdev->bd_disk; - - return blk_cmd_filter_verify_command(&disk->cmd_filter, - cmd, &file->f_mode); -} EXPORT_SYMBOL(blk_verify_command); /* and now, the sysfs stuff */ @@ -219,114 +200,27 @@ static struct kobj_type rcf_ktype = { .default_attrs = default_attrs, }; -#ifndef MAINTENANCE_IN_CMD -#define MAINTENANCE_IN_CMD 0xa3 -#endif - -static void rcf_set_defaults(struct blk_scsi_cmd_filter *filter) -{ - /* Basic read-only commands */ - __set_bit(TEST_UNIT_READY, filter->read_ok); - __set_bit(REQUEST_SENSE, filter->read_ok); - __set_bit(READ_6, filter->read_ok); - __set_bit(READ_10, filter->read_ok); - __set_bit(READ_12, filter->read_ok); - __set_bit(READ_16, filter->read_ok); - __set_bit(READ_BUFFER, filter->read_ok); - __set_bit(READ_DEFECT_DATA, filter->read_ok); - __set_bit(READ_CAPACITY, filter->read_ok); - __set_bit(READ_LONG, filter->read_ok); - __set_bit(INQUIRY, filter->read_ok); - __set_bit(MODE_SENSE, filter->read_ok); - __set_bit(MODE_SENSE_10, filter->read_ok); - __set_bit(LOG_SENSE, filter->read_ok); - __set_bit(START_STOP, filter->read_ok); - __set_bit(GPCMD_VERIFY_10, filter->read_ok); - __set_bit(VERIFY_16, filter->read_ok); - __set_bit(REPORT_LUNS, filter->read_ok); - __set_bit(SERVICE_ACTION_IN, filter->read_ok); - __set_bit(RECEIVE_DIAGNOSTIC, filter->read_ok); - __set_bit(MAINTENANCE_IN_CMD, filter->read_ok); - __set_bit(GPCMD_READ_BUFFER_CAPACITY, filter->read_ok); - - /* Audio CD commands */ - __set_bit(GPCMD_PLAY_CD, filter->read_ok); - __set_bit(GPCMD_PLAY_AUDIO_10, filter->read_ok); - __set_bit(GPCMD_PLAY_AUDIO_MSF, filter->read_ok); - __set_bit(GPCMD_PLAY_AUDIO_TI, filter->read_ok); - __set_bit(GPCMD_PAUSE_RESUME, filter->read_ok); - - /* CD/DVD data reading */ - __set_bit(GPCMD_READ_CD, filter->read_ok); - __set_bit(GPCMD_READ_CD_MSF, filter->read_ok); - __set_bit(GPCMD_READ_DISC_INFO, filter->read_ok); - __set_bit(GPCMD_READ_CDVD_CAPACITY, filter->read_ok); - __set_bit(GPCMD_READ_DVD_STRUCTURE, filter->read_ok); - __set_bit(GPCMD_READ_HEADER, filter->read_ok); - __set_bit(GPCMD_READ_TRACK_RZONE_INFO, filter->read_ok); - __set_bit(GPCMD_READ_SUBCHANNEL, filter->read_ok); - __set_bit(GPCMD_READ_TOC_PMA_ATIP, filter->read_ok); - __set_bit(GPCMD_REPORT_KEY, filter->read_ok); - __set_bit(GPCMD_SCAN, filter->read_ok); - __set_bit(GPCMD_GET_CONFIGURATION, filter->read_ok); - __set_bit(GPCMD_READ_FORMAT_CAPACITIES, filter->read_ok); - __set_bit(GPCMD_GET_EVENT_STATUS_NOTIFICATION, filter->read_ok); - __set_bit(GPCMD_GET_PERFORMANCE, filter->read_ok); - __set_bit(GPCMD_SEEK, filter->read_ok); - __set_bit(GPCMD_STOP_PLAY_SCAN, filter->read_ok); - - /* Basic writing commands */ - __set_bit(WRITE_6, filter->write_ok); - __set_bit(WRITE_10, filter->write_ok); - __set_bit(WRITE_VERIFY, filter->write_ok); - __set_bit(WRITE_12, filter->write_ok); - __set_bit(WRITE_VERIFY_12, filter->write_ok); - __set_bit(WRITE_16, filter->write_ok); - __set_bit(WRITE_LONG, filter->write_ok); - __set_bit(WRITE_LONG_2, filter->write_ok); - __set_bit(ERASE, filter->write_ok); - __set_bit(GPCMD_MODE_SELECT_10, filter->write_ok); - __set_bit(MODE_SELECT, filter->write_ok); - __set_bit(LOG_SELECT, filter->write_ok); - __set_bit(GPCMD_BLANK, filter->write_ok); - __set_bit(GPCMD_CLOSE_TRACK, filter->write_ok); - __set_bit(GPCMD_FLUSH_CACHE, filter->write_ok); - __set_bit(GPCMD_FORMAT_UNIT, filter->write_ok); - __set_bit(GPCMD_REPAIR_RZONE_TRACK, filter->write_ok); - __set_bit(GPCMD_RESERVE_RZONE_TRACK, filter->write_ok); - __set_bit(GPCMD_SEND_DVD_STRUCTURE, filter->write_ok); - __set_bit(GPCMD_SEND_EVENT, filter->write_ok); - __set_bit(GPCMD_SEND_KEY, filter->write_ok); - __set_bit(GPCMD_SEND_OPC, filter->write_ok); - __set_bit(GPCMD_SEND_CUE_SHEET, filter->write_ok); - __set_bit(GPCMD_SET_SPEED, filter->write_ok); - __set_bit(GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL, filter->write_ok); - __set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok); - __set_bit(GPCMD_SET_STREAMING, filter->write_ok); -} - int blk_register_filter(struct gendisk *disk) { int ret; - struct blk_scsi_cmd_filter *filter = &disk->cmd_filter; + struct blk_scsi_cmd_filter *filter = &disk->queue->cmd_filter; struct kobject *parent = kobject_get(disk->holder_dir->parent); if (!parent) return -ENODEV; ret = kobject_init_and_add(&filter->kobj, &rcf_ktype, parent, - "%s", "cmd_filter"); + "%s", "cmd_filter"); if (ret < 0) return ret; - rcf_set_defaults(filter); return 0; } void blk_unregister_filter(struct gendisk *disk) { - struct blk_scsi_cmd_filter *filter = &disk->cmd_filter; + struct blk_scsi_cmd_filter *filter = &disk->queue->cmd_filter; kobject_put(&filter->kobj); kobject_put(disk->holder_dir->parent); diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c index 12a5182173f6..d01ef5ee427e 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c @@ -105,12 +105,96 @@ static int sg_emulated_host(struct request_queue *q, int __user *p) return put_user(1, p); } +void blk_set_cmd_filter_defaults(struct blk_scsi_cmd_filter *filter) +{ + /* Basic read-only commands */ + __set_bit(TEST_UNIT_READY, filter->read_ok); + __set_bit(REQUEST_SENSE, filter->read_ok); + __set_bit(READ_6, filter->read_ok); + __set_bit(READ_10, filter->read_ok); + __set_bit(READ_12, filter->read_ok); + __set_bit(READ_16, filter->read_ok); + __set_bit(READ_BUFFER, filter->read_ok); + __set_bit(READ_DEFECT_DATA, filter->read_ok); + __set_bit(READ_CAPACITY, filter->read_ok); + __set_bit(READ_LONG, filter->read_ok); + __set_bit(INQUIRY, filter->read_ok); + __set_bit(MODE_SENSE, filter->read_ok); + __set_bit(MODE_SENSE_10, filter->read_ok); + __set_bit(LOG_SENSE, filter->read_ok); + __set_bit(START_STOP, filter->read_ok); + __set_bit(GPCMD_VERIFY_10, filter->read_ok); + __set_bit(VERIFY_16, filter->read_ok); + __set_bit(REPORT_LUNS, filter->read_ok); + __set_bit(SERVICE_ACTION_IN, filter->read_ok); + __set_bit(RECEIVE_DIAGNOSTIC, filter->read_ok); + __set_bit(MAINTENANCE_IN, filter->read_ok); + __set_bit(GPCMD_READ_BUFFER_CAPACITY, filter->read_ok); + + /* Audio CD commands */ + __set_bit(GPCMD_PLAY_CD, filter->read_ok); + __set_bit(GPCMD_PLAY_AUDIO_10, filter->read_ok); + __set_bit(GPCMD_PLAY_AUDIO_MSF, filter->read_ok); + __set_bit(GPCMD_PLAY_AUDIO_TI, filter->read_ok); + __set_bit(GPCMD_PAUSE_RESUME, filter->read_ok); + + /* CD/DVD data reading */ + __set_bit(GPCMD_READ_CD, filter->read_ok); + __set_bit(GPCMD_READ_CD_MSF, filter->read_ok); + __set_bit(GPCMD_READ_DISC_INFO, filter->read_ok); + __set_bit(GPCMD_READ_CDVD_CAPACITY, filter->read_ok); + __set_bit(GPCMD_READ_DVD_STRUCTURE, filter->read_ok); + __set_bit(GPCMD_READ_HEADER, filter->read_ok); + __set_bit(GPCMD_READ_TRACK_RZONE_INFO, filter->read_ok); + __set_bit(GPCMD_READ_SUBCHANNEL, filter->read_ok); + __set_bit(GPCMD_READ_TOC_PMA_ATIP, filter->read_ok); + __set_bit(GPCMD_REPORT_KEY, filter->read_ok); + __set_bit(GPCMD_SCAN, filter->read_ok); + __set_bit(GPCMD_GET_CONFIGURATION, filter->read_ok); + __set_bit(GPCMD_READ_FORMAT_CAPACITIES, filter->read_ok); + __set_bit(GPCMD_GET_EVENT_STATUS_NOTIFICATION, filter->read_ok); + __set_bit(GPCMD_GET_PERFORMANCE, filter->read_ok); + __set_bit(GPCMD_SEEK, filter->read_ok); + __set_bit(GPCMD_STOP_PLAY_SCAN, filter->read_ok); + + /* Basic writing commands */ + __set_bit(WRITE_6, filter->write_ok); + __set_bit(WRITE_10, filter->write_ok); + __set_bit(WRITE_VERIFY, filter->write_ok); + __set_bit(WRITE_12, filter->write_ok); + __set_bit(WRITE_VERIFY_12, filter->write_ok); + __set_bit(WRITE_16, filter->write_ok); + __set_bit(WRITE_LONG, filter->write_ok); + __set_bit(WRITE_LONG_2, filter->write_ok); + __set_bit(ERASE, filter->write_ok); + __set_bit(GPCMD_MODE_SELECT_10, filter->write_ok); + __set_bit(MODE_SELECT, filter->write_ok); + __set_bit(LOG_SELECT, filter->write_ok); + __set_bit(GPCMD_BLANK, filter->write_ok); + __set_bit(GPCMD_CLOSE_TRACK, filter->write_ok); + __set_bit(GPCMD_FLUSH_CACHE, filter->write_ok); + __set_bit(GPCMD_FORMAT_UNIT, filter->write_ok); + __set_bit(GPCMD_REPAIR_RZONE_TRACK, filter->write_ok); + __set_bit(GPCMD_RESERVE_RZONE_TRACK, filter->write_ok); + __set_bit(GPCMD_SEND_DVD_STRUCTURE, filter->write_ok); + __set_bit(GPCMD_SEND_EVENT, filter->write_ok); + __set_bit(GPCMD_SEND_KEY, filter->write_ok); + __set_bit(GPCMD_SEND_OPC, filter->write_ok); + __set_bit(GPCMD_SEND_CUE_SHEET, filter->write_ok); + __set_bit(GPCMD_SET_SPEED, filter->write_ok); + __set_bit(GPCMD_PREVENT_ALLOW_MEDIUM_REMOVAL, filter->write_ok); + __set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok); + __set_bit(GPCMD_SET_STREAMING, filter->write_ok); +} +EXPORT_SYMBOL_GPL(blk_set_cmd_filter_defaults); + static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq, struct sg_io_hdr *hdr, struct file *file) { if (copy_from_user(rq->cmd, hdr->cmdp, hdr->cmd_len)) return -EFAULT; - if (blk_verify_command(file, rq->cmd)) + if (blk_verify_command(&q->cmd_filter, rq->cmd, + file->f_mode & FMODE_WRITE)) return -EPERM; /* @@ -298,7 +382,7 @@ int sg_scsi_ioctl(struct file *file, struct request_queue *q, struct gendisk *disk, struct scsi_ioctl_command __user *sic) { struct request *rq; - int err; + int err, write_perm = 0; unsigned int in_len, out_len, bytes, opcode, cmdlen; char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE]; @@ -340,7 +424,11 @@ int sg_scsi_ioctl(struct file *file, struct request_queue *q, if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; - err = blk_verify_command(file, rq->cmd); + /* scsi_ioctl passes NULL */ + if (file && (file->f_mode & FMODE_WRITE)) + write_perm = 1; + + err = blk_verify_command(&q->cmd_filter, rq->cmd, write_perm); if (err) goto error; diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 3d36270a8b4d..9d28b9f74d90 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -641,6 +641,7 @@ sg_new_write(Sg_fd *sfp, struct file *file, const char __user *buf, unsigned char cmnd[MAX_COMMAND_SIZE]; int timeout; unsigned long ul_timeout; + struct request_queue *q; if (count < SZ_SG_IO_HDR) return -EINVAL; @@ -689,7 +690,9 @@ sg_new_write(Sg_fd *sfp, struct file *file, const char __user *buf, sg_remove_request(sfp, srp); return -EFAULT; } - if (read_only && !blk_verify_command(file, cmnd)) { + q = sfp->parentdp->device->request_queue; + if (read_only && blk_verify_command(&q->cmd_filter, cmnd, + file->f_mode & FMODE_WRITE)) { sg_remove_request(sfp, srp); return -EPERM; } @@ -793,6 +796,7 @@ sg_ioctl(struct inode *inode, struct file *filp, if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp))) return -ENXIO; + SCSI_LOG_TIMEOUT(3, printk("sg_ioctl: %s, cmd=0x%x\n", sdp->disk->disk_name, (int) cmd_in)); read_only = (O_RDWR != (filp->f_flags & O_ACCMODE)); @@ -1057,11 +1061,14 @@ sg_ioctl(struct inode *inode, struct file *filp, return -ENODEV; if (read_only) { unsigned char opcode = WRITE_6; + struct request_queue *q = sdp->device->request_queue; Scsi_Ioctl_Command __user *siocp = p; if (copy_from_user(&opcode, siocp->data, 1)) return -EFAULT; - if (!blk_verify_command(filp, &opcode)) + if (blk_verify_command(&q->cmd_filter, + &opcode, + filp->f_mode & FMODE_WRITE)) return -EPERM; } return sg_scsi_ioctl(filp, sdp->device->request_queue, NULL, p); diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index e61f22be4d0e..d2d34e2774b2 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h @@ -280,6 +280,15 @@ struct blk_queue_tag { atomic_t refcnt; /* map can be shared */ }; +#define BLK_SCSI_MAX_CMDS (256) +#define BLK_SCSI_CMD_PER_LONG (BLK_SCSI_MAX_CMDS / (sizeof(long) * 8)) + +struct blk_scsi_cmd_filter { + unsigned long read_ok[BLK_SCSI_CMD_PER_LONG]; + unsigned long write_ok[BLK_SCSI_CMD_PER_LONG]; + struct kobject kobj; +}; + struct request_queue { /* @@ -398,6 +407,7 @@ struct request_queue #if defined(CONFIG_BLK_DEV_BSG) struct bsg_class_device bsg_dev; #endif + struct blk_scsi_cmd_filter cmd_filter; }; #define QUEUE_FLAG_CLUSTER 0 /* cluster several segments into 1 */ @@ -833,11 +843,11 @@ extern int blkdev_issue_flush(struct block_device *, sector_t *); /* * command filter functions */ -extern int blk_verify_command(struct file *file, unsigned char *cmd); -extern int blk_cmd_filter_verify_command(struct blk_scsi_cmd_filter *filter, - unsigned char *cmd, mode_t *f_mode); +extern int blk_verify_command(struct blk_scsi_cmd_filter *filter, + unsigned char *cmd, int has_write_perm); extern int blk_register_filter(struct gendisk *disk); extern void blk_unregister_filter(struct gendisk *disk); +extern void blk_set_cmd_filter_defaults(struct blk_scsi_cmd_filter *filter); #define MAX_PHYS_SEGMENTS 128 #define MAX_HW_SEGMENTS 128 diff --git a/include/linux/genhd.h b/include/linux/genhd.h index 118216f1bd3c..be4f5e5bfe06 100644 --- a/include/linux/genhd.h +++ b/include/linux/genhd.h @@ -110,15 +110,6 @@ struct hd_struct { #define GENHD_FL_SUPPRESS_PARTITION_INFO 32 #define GENHD_FL_FAIL 64 -#define BLK_SCSI_MAX_CMDS (256) -#define BLK_SCSI_CMD_PER_LONG (BLK_SCSI_MAX_CMDS / (sizeof(long) * 8)) - -struct blk_scsi_cmd_filter { - unsigned long read_ok[BLK_SCSI_CMD_PER_LONG]; - unsigned long write_ok[BLK_SCSI_CMD_PER_LONG]; - struct kobject kobj; -}; - struct gendisk { int major; /* major number of driver */ int first_minor; @@ -128,7 +119,6 @@ struct gendisk { struct hd_struct **part; /* [indexed by minor] */ struct block_device_operations *fops; struct request_queue *queue; - struct blk_scsi_cmd_filter cmd_filter; void *private_data; sector_t capacity; -- cgit v1.2.3 From 14e507b852e7dcea142b98757181bfa785cb4c05 Mon Sep 17 00:00:00 2001 From: FUJITA Tomonori Date: Sat, 26 Jul 2008 18:03:24 +0900 Subject: sg: restore command permission for TYPE_SCANNER sg allowed any command for TYPE_SCANNER. The cmd_filter patchset doesn't. We can't change sg's permission since it might break the existing software. Signed-off-by: FUJITA Tomonori Signed-off-by: Jens Axboe --- drivers/scsi/sg.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 9d28b9f74d90..661f9f21650a 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -217,6 +217,18 @@ static int sg_last_dev(void); #define SZ_SG_IOVEC sizeof(sg_iovec_t) #define SZ_SG_REQ_INFO sizeof(sg_req_info_t) +static int sg_allow_access(struct file *filp, unsigned char *cmd) +{ + struct sg_fd *sfp = (struct sg_fd *)filp->private_data; + struct request_queue *q = sfp->parentdp->device->request_queue; + + if (sfp->parentdp->device->type == TYPE_SCANNER) + return 0; + + return blk_verify_command(&q->cmd_filter, + cmd, filp->f_mode & FMODE_WRITE); +} + static int sg_open(struct inode *inode, struct file *filp) { @@ -641,7 +653,6 @@ sg_new_write(Sg_fd *sfp, struct file *file, const char __user *buf, unsigned char cmnd[MAX_COMMAND_SIZE]; int timeout; unsigned long ul_timeout; - struct request_queue *q; if (count < SZ_SG_IO_HDR) return -EINVAL; @@ -690,9 +701,7 @@ sg_new_write(Sg_fd *sfp, struct file *file, const char __user *buf, sg_remove_request(sfp, srp); return -EFAULT; } - q = sfp->parentdp->device->request_queue; - if (read_only && blk_verify_command(&q->cmd_filter, cmnd, - file->f_mode & FMODE_WRITE)) { + if (read_only && sg_allow_access(file, cmnd)) { sg_remove_request(sfp, srp); return -EPERM; } @@ -1061,14 +1070,11 @@ sg_ioctl(struct inode *inode, struct file *filp, return -ENODEV; if (read_only) { unsigned char opcode = WRITE_6; - struct request_queue *q = sdp->device->request_queue; Scsi_Ioctl_Command __user *siocp = p; if (copy_from_user(&opcode, siocp->data, 1)) return -EFAULT; - if (blk_verify_command(&q->cmd_filter, - &opcode, - filp->f_mode & FMODE_WRITE)) + if (sg_allow_access(filp, &opcode)) return -EPERM; } return sg_scsi_ioctl(filp, sdp->device->request_queue, NULL, p); -- cgit v1.2.3 From 4beab5c623fef4622f9a8593f85760ff10b5a3f7 Mon Sep 17 00:00:00 2001 From: FUJITA Tomonori Date: Sat, 26 Jul 2008 18:03:25 +0900 Subject: block: rename blk_scsi_cmd_filter to blk_cmd_filter Technically, the cmd_filter would be applied to other protocols though it's unlikely to happen. Putting SCSI stuff to request_queue is kinda layer violation. So let's rename it. Signed-off-by: FUJITA Tomonori Signed-off-by: Jens Axboe --- block/cmd-filter.c | 30 +++++++++++++++--------------- block/scsi_ioctl.c | 2 +- include/linux/blkdev.h | 8 ++++---- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/block/cmd-filter.c b/block/cmd-filter.c index c705c33361a0..0e3a123944a8 100644 --- a/block/cmd-filter.c +++ b/block/cmd-filter.c @@ -27,7 +27,7 @@ #include #include -int blk_verify_command(struct blk_scsi_cmd_filter *filter, +int blk_verify_command(struct blk_cmd_filter *filter, unsigned char *cmd, int has_write_perm) { /* root can do any command. */ @@ -51,7 +51,7 @@ int blk_verify_command(struct blk_scsi_cmd_filter *filter, EXPORT_SYMBOL(blk_verify_command); /* and now, the sysfs stuff */ -static ssize_t rcf_cmds_show(struct blk_scsi_cmd_filter *filter, char *page, +static ssize_t rcf_cmds_show(struct blk_cmd_filter *filter, char *page, int rw) { char *npage = page; @@ -78,18 +78,18 @@ static ssize_t rcf_cmds_show(struct blk_scsi_cmd_filter *filter, char *page, return npage - page; } -static ssize_t rcf_readcmds_show(struct blk_scsi_cmd_filter *filter, char *page) +static ssize_t rcf_readcmds_show(struct blk_cmd_filter *filter, char *page) { return rcf_cmds_show(filter, page, READ); } -static ssize_t rcf_writecmds_show(struct blk_scsi_cmd_filter *filter, +static ssize_t rcf_writecmds_show(struct blk_cmd_filter *filter, char *page) { return rcf_cmds_show(filter, page, WRITE); } -static ssize_t rcf_cmds_store(struct blk_scsi_cmd_filter *filter, +static ssize_t rcf_cmds_store(struct blk_cmd_filter *filter, const char *page, size_t count, int rw) { ssize_t ret = 0; @@ -122,13 +122,13 @@ static ssize_t rcf_cmds_store(struct blk_scsi_cmd_filter *filter, return count; } -static ssize_t rcf_readcmds_store(struct blk_scsi_cmd_filter *filter, +static ssize_t rcf_readcmds_store(struct blk_cmd_filter *filter, const char *page, size_t count) { return rcf_cmds_store(filter, page, count, READ); } -static ssize_t rcf_writecmds_store(struct blk_scsi_cmd_filter *filter, +static ssize_t rcf_writecmds_store(struct blk_cmd_filter *filter, const char *page, size_t count) { return rcf_cmds_store(filter, page, count, WRITE); @@ -136,8 +136,8 @@ static ssize_t rcf_writecmds_store(struct blk_scsi_cmd_filter *filter, struct rcf_sysfs_entry { struct attribute attr; - ssize_t (*show)(struct blk_scsi_cmd_filter *, char *); - ssize_t (*store)(struct blk_scsi_cmd_filter *, const char *, size_t); + ssize_t (*show)(struct blk_cmd_filter *, char *); + ssize_t (*store)(struct blk_cmd_filter *, const char *, size_t); }; static struct rcf_sysfs_entry rcf_readcmds_entry = { @@ -164,9 +164,9 @@ static ssize_t rcf_attr_show(struct kobject *kobj, struct attribute *attr, char *page) { struct rcf_sysfs_entry *entry = to_rcf(attr); - struct blk_scsi_cmd_filter *filter; + struct blk_cmd_filter *filter; - filter = container_of(kobj, struct blk_scsi_cmd_filter, kobj); + filter = container_of(kobj, struct blk_cmd_filter, kobj); if (entry->show) return entry->show(filter, page); @@ -178,7 +178,7 @@ rcf_attr_store(struct kobject *kobj, struct attribute *attr, const char *page, size_t length) { struct rcf_sysfs_entry *entry = to_rcf(attr); - struct blk_scsi_cmd_filter *filter; + struct blk_cmd_filter *filter; if (!capable(CAP_SYS_RAWIO)) return -EPERM; @@ -186,7 +186,7 @@ rcf_attr_store(struct kobject *kobj, struct attribute *attr, if (!entry->store) return -EINVAL; - filter = container_of(kobj, struct blk_scsi_cmd_filter, kobj); + filter = container_of(kobj, struct blk_cmd_filter, kobj); return entry->store(filter, page, length); } @@ -203,7 +203,7 @@ static struct kobj_type rcf_ktype = { int blk_register_filter(struct gendisk *disk) { int ret; - struct blk_scsi_cmd_filter *filter = &disk->queue->cmd_filter; + struct blk_cmd_filter *filter = &disk->queue->cmd_filter; struct kobject *parent = kobject_get(disk->holder_dir->parent); if (!parent) @@ -220,7 +220,7 @@ int blk_register_filter(struct gendisk *disk) void blk_unregister_filter(struct gendisk *disk) { - struct blk_scsi_cmd_filter *filter = &disk->queue->cmd_filter; + struct blk_cmd_filter *filter = &disk->queue->cmd_filter; kobject_put(&filter->kobj); kobject_put(disk->holder_dir->parent); diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c index d01ef5ee427e..ec4b7f234626 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c @@ -105,7 +105,7 @@ static int sg_emulated_host(struct request_queue *q, int __user *p) return put_user(1, p); } -void blk_set_cmd_filter_defaults(struct blk_scsi_cmd_filter *filter) +void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter) { /* Basic read-only commands */ __set_bit(TEST_UNIT_READY, filter->read_ok); diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index d2d34e2774b2..ab247d589ad6 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h @@ -283,7 +283,7 @@ struct blk_queue_tag { #define BLK_SCSI_MAX_CMDS (256) #define BLK_SCSI_CMD_PER_LONG (BLK_SCSI_MAX_CMDS / (sizeof(long) * 8)) -struct blk_scsi_cmd_filter { +struct blk_cmd_filter { unsigned long read_ok[BLK_SCSI_CMD_PER_LONG]; unsigned long write_ok[BLK_SCSI_CMD_PER_LONG]; struct kobject kobj; @@ -407,7 +407,7 @@ struct request_queue #if defined(CONFIG_BLK_DEV_BSG) struct bsg_class_device bsg_dev; #endif - struct blk_scsi_cmd_filter cmd_filter; + struct blk_cmd_filter cmd_filter; }; #define QUEUE_FLAG_CLUSTER 0 /* cluster several segments into 1 */ @@ -843,11 +843,11 @@ extern int blkdev_issue_flush(struct block_device *, sector_t *); /* * command filter functions */ -extern int blk_verify_command(struct blk_scsi_cmd_filter *filter, +extern int blk_verify_command(struct blk_cmd_filter *filter, unsigned char *cmd, int has_write_perm); extern int blk_register_filter(struct gendisk *disk); extern void blk_unregister_filter(struct gendisk *disk); -extern void blk_set_cmd_filter_defaults(struct blk_scsi_cmd_filter *filter); +extern void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter); #define MAX_PHYS_SEGMENTS 128 #define MAX_HW_SEGMENTS 128 -- cgit v1.2.3 From a4a778971b9cfcbedb8648ba502d801f7db04c47 Mon Sep 17 00:00:00 2001 From: Adel Gadllah Date: Sat, 16 Aug 2008 14:21:06 +0900 Subject: block: clean up cmdfilter sysfs interface This patch changes the interface of the cmd filter to use a +/- notation like: echo -- +0x02 +0x03 -0x08 If neither + or - is given it defaults to + (allow command). Note: The interface was added in 2.6.17-rc1 and is unused and undocumented so far so it's safe to change it. Reviewed-by: Matthew Wilcox Reviewed-by: FUJITA Tomonori Cc: jens.axboe@oracle.com Cc: James.Bottomley@hansenpartnership.com Cc: dan.j.williams@intel.com Cc: pjones@redhat.com Cc: viro@zeniv.linux.org.uk Cc: dougg@torque.net Signed-off-by: Adel Gadllah Signed-off-by: Jens Axboe --- block/cmd-filter.c | 54 ++++++++++++++++++++++++++++++------------------------ 1 file changed, 30 insertions(+), 24 deletions(-) diff --git a/block/cmd-filter.c b/block/cmd-filter.c index 0e3a123944a8..1d4026206ac2 100644 --- a/block/cmd-filter.c +++ b/block/cmd-filter.c @@ -20,7 +20,6 @@ #include #include #include -#include #include #include @@ -65,8 +64,7 @@ static ssize_t rcf_cmds_show(struct blk_cmd_filter *filter, char *page, for (i = 0; i < BLK_SCSI_MAX_CMDS; i++) { if (test_bit(i, okbits)) { - sprintf(npage, "%02x", i); - npage += 2; + npage += sprintf(npage, "0x%02x", i); if (i < BLK_SCSI_MAX_CMDS - 1) sprintf(npage++, " "); } @@ -92,33 +90,41 @@ static ssize_t rcf_writecmds_show(struct blk_cmd_filter *filter, static ssize_t rcf_cmds_store(struct blk_cmd_filter *filter, const char *page, size_t count, int rw) { - ssize_t ret = 0; unsigned long okbits[BLK_SCSI_CMD_PER_LONG], *target_okbits; - int cmd, status, len; - substring_t ss; - - memset(&okbits, 0, sizeof(okbits)); - - for (len = strlen(page); len > 0; len -= 3) { - if (len < 2) - break; - ss.from = (char *) page + ret; - ss.to = (char *) page + ret + 2; - ret += 3; - status = match_hex(&ss, &cmd); + int cmd, set; + char *p, *status; + + if (rw == READ) { + memcpy(&okbits, filter->read_ok, sizeof(okbits)); + target_okbits = filter->read_ok; + } else { + memcpy(&okbits, filter->write_ok, sizeof(okbits)); + target_okbits = filter->write_ok; + } + + while ((p = strsep((char **)&page, " ")) != NULL) { + set = 1; + + if (p[0] == '+') { + p++; + } else if (p[0] == '-') { + set = 0; + p++; + } + + cmd = simple_strtol(p, &status, 16); + /* either of these cases means invalid input, so do nothing. */ - if (status || cmd >= BLK_SCSI_MAX_CMDS) + if ((status == p) || cmd >= BLK_SCSI_MAX_CMDS) return -EINVAL; - __set_bit(cmd, okbits); + if (set) + __set_bit(cmd, okbits); + else + __clear_bit(cmd, okbits); } - if (rw == READ) - target_okbits = filter->read_ok; - else - target_okbits = filter->write_ok; - - memmove(target_okbits, okbits, sizeof(okbits)); + memcpy(target_okbits, okbits, sizeof(okbits)); return count; } -- cgit v1.2.3 From 48fd4f93a00eac844678629f2f00518e146ed30d Mon Sep 17 00:00:00 2001 From: Jens Axboe Date: Fri, 22 Aug 2008 10:00:36 +0200 Subject: block: submit_bh() inadvertently discards barrier flag on a sync write Reported by Milan Broz , commit 18ce3751 inadvertently made submit_bh() discard the barrier bit for a WRITE_SYNC request. Fix that up. Signed-off-by: Jens Axboe --- fs/buffer.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/fs/buffer.c b/fs/buffer.c index 38653e36e225..ac78d4c19b3b 100644 --- a/fs/buffer.c +++ b/fs/buffer.c @@ -2926,14 +2926,17 @@ int submit_bh(int rw, struct buffer_head * bh) BUG_ON(!buffer_mapped(bh)); BUG_ON(!bh->b_end_io); - if (buffer_ordered(bh) && (rw == WRITE)) - rw = WRITE_BARRIER; + /* + * Mask in barrier bit for a write (could be either a WRITE or a + * WRITE_SYNC + */ + if (buffer_ordered(bh) && (rw & WRITE)) + rw |= WRITE_BARRIER; /* - * Only clear out a write error when rewriting, should this - * include WRITE_SYNC as well? + * Only clear out a write error when rewriting */ - if (test_set_buffer_req(bh) && (rw == WRITE || rw == WRITE_BARRIER)) + if (test_set_buffer_req(bh) && (rw & WRITE)) clear_buffer_write_io_error(bh); /* -- cgit v1.2.3 From 76029ff37f31dad64641489c610d98955217bb68 Mon Sep 17 00:00:00 2001 From: FUJITA Tomonori Date: Mon, 25 Aug 2008 20:36:08 +0200 Subject: bio: fix bio_copy_kern() handling of bio->bv_len The commit 68154e90c9d1492d570671ae181d9a8f8530da55 introduced bio_copy_kern() to add bounce support to blk_rq_map_kern. bio_copy_kern() uses bio->bv_len to copy data for READ commands after the completion but it doesn't work with a request that partially completed. SCSI always completes a PC request as a whole but seems some don't. This patch fixes bio_copy_kern to handle the above case. As bio_copy_user does, bio_copy_kern uses struct bio_map_data to store struct bio_vec. Signed-off-by: FUJITA Tomonori Reported-by: Nix Tested-by: Nix Cc: stable@kernel.org Signed-off-by: Jens Axboe --- fs/bio.c | 38 ++++++++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 10 deletions(-) diff --git a/fs/bio.c b/fs/bio.c index 8000e2fa16cb..8b1f5ee6f83c 100644 --- a/fs/bio.c +++ b/fs/bio.c @@ -469,20 +469,21 @@ static void bio_free_map_data(struct bio_map_data *bmd) kfree(bmd); } -static struct bio_map_data *bio_alloc_map_data(int nr_segs, int iov_count) +static struct bio_map_data *bio_alloc_map_data(int nr_segs, int iov_count, + gfp_t gfp_mask) { - struct bio_map_data *bmd = kmalloc(sizeof(*bmd), GFP_KERNEL); + struct bio_map_data *bmd = kmalloc(sizeof(*bmd), gfp_mask); if (!bmd) return NULL; - bmd->iovecs = kmalloc(sizeof(struct bio_vec) * nr_segs, GFP_KERNEL); + bmd->iovecs = kmalloc(sizeof(struct bio_vec) * nr_segs, gfp_mask); if (!bmd->iovecs) { kfree(bmd); return NULL; } - bmd->sgvecs = kmalloc(sizeof(struct sg_iovec) * iov_count, GFP_KERNEL); + bmd->sgvecs = kmalloc(sizeof(struct sg_iovec) * iov_count, gfp_mask); if (bmd->sgvecs) return bmd; @@ -596,7 +597,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, struct sg_iovec *iov, len += iov[i].iov_len; } - bmd = bio_alloc_map_data(nr_pages, iov_count); + bmd = bio_alloc_map_data(nr_pages, iov_count, GFP_KERNEL); if (!bmd) return ERR_PTR(-ENOMEM); @@ -942,19 +943,22 @@ static void bio_copy_kern_endio(struct bio *bio, int err) { struct bio_vec *bvec; const int read = bio_data_dir(bio) == READ; - char *p = bio->bi_private; + struct bio_map_data *bmd = bio->bi_private; int i; + char *p = bmd->sgvecs[0].iov_base; __bio_for_each_segment(bvec, bio, i, 0) { char *addr = page_address(bvec->bv_page); + int len = bmd->iovecs[i].bv_len; if (read && !err) - memcpy(p, addr, bvec->bv_len); + memcpy(p, addr, len); __free_page(bvec->bv_page); - p += bvec->bv_len; + p += len; } + bio_free_map_data(bmd); bio_put(bio); } @@ -978,11 +982,21 @@ struct bio *bio_copy_kern(struct request_queue *q, void *data, unsigned int len, const int nr_pages = end - start; struct bio *bio; struct bio_vec *bvec; + struct bio_map_data *bmd; int i, ret; + struct sg_iovec iov; + + iov.iov_base = data; + iov.iov_len = len; + + bmd = bio_alloc_map_data(nr_pages, 1, gfp_mask); + if (!bmd) + return ERR_PTR(-ENOMEM); + ret = -ENOMEM; bio = bio_alloc(gfp_mask, nr_pages); if (!bio) - return ERR_PTR(-ENOMEM); + goto out_bmd; while (len) { struct page *page; @@ -1016,14 +1030,18 @@ struct bio *bio_copy_kern(struct request_queue *q, void *data, unsigned int len, } } - bio->bi_private = data; + bio->bi_private = bmd; bio->bi_end_io = bio_copy_kern_endio; + + bio_set_map_data(bmd, bio, &iov, 1); return bio; cleanup: bio_for_each_segment(bvec, bio, i) __free_page(bvec->bv_page); bio_put(bio); +out_bmd: + bio_free_map_data(bmd); return ERR_PTR(ret); } -- cgit v1.2.3 From aefcc28a3a63ac33a298777aa50ba43641c75241 Mon Sep 17 00:00:00 2001 From: FUJITA Tomonori Date: Mon, 25 Aug 2008 20:36:08 +0200 Subject: bio: fix __bio_copy_iov() handling of bio->bv_len The commit c5dec1c3034f1ae3503efbf641ff3b0273b64797 introduced __bio_copy_iov() to add bounce support to blk_rq_map_user_iov. __bio_copy_iov() uses bio->bv_len to copy data for READ commands after the completion but it doesn't work with a request that partially completed. SCSI always completes a PC request as a whole but seems some don't. Signed-off-by: FUJITA Tomonori Cc: stable@kernel.org Signed-off-by: Jens Axboe --- fs/bio.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/fs/bio.c b/fs/bio.c index 8b1f5ee6f83c..3cba7ae34d75 100644 --- a/fs/bio.c +++ b/fs/bio.c @@ -492,8 +492,8 @@ static struct bio_map_data *bio_alloc_map_data(int nr_segs, int iov_count, return NULL; } -static int __bio_copy_iov(struct bio *bio, struct sg_iovec *iov, int iov_count, - int uncopy) +static int __bio_copy_iov(struct bio *bio, struct bio_vec *iovecs, + struct sg_iovec *iov, int iov_count, int uncopy) { int ret = 0, i; struct bio_vec *bvec; @@ -503,7 +503,7 @@ static int __bio_copy_iov(struct bio *bio, struct sg_iovec *iov, int iov_count, __bio_for_each_segment(bvec, bio, i, 0) { char *bv_addr = page_address(bvec->bv_page); - unsigned int bv_len = bvec->bv_len; + unsigned int bv_len = iovecs[i].bv_len; while (bv_len && iov_idx < iov_count) { unsigned int bytes; @@ -555,7 +555,7 @@ int bio_uncopy_user(struct bio *bio) struct bio_map_data *bmd = bio->bi_private; int ret; - ret = __bio_copy_iov(bio, bmd->sgvecs, bmd->nr_sgvecs, 1); + ret = __bio_copy_iov(bio, bmd->iovecs, bmd->sgvecs, bmd->nr_sgvecs, 1); bio_free_map_data(bmd); bio_put(bio); @@ -634,7 +634,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, struct sg_iovec *iov, * success */ if (!write_to_vm) { - ret = __bio_copy_iov(bio, iov, iov_count, 0); + ret = __bio_copy_iov(bio, bio->bi_io_vec, iov, iov_count, 0); if (ret) goto cleanup; } -- cgit v1.2.3 From 0e3eb45e4fe901d92bf9eae103155a57517af32e Mon Sep 17 00:00:00 2001 From: Matthew Wilcox Date: Tue, 26 Aug 2008 09:02:28 +0200 Subject: block: remove unused ->busy part of the block queue tag map It's not used for anything. On top of that, it's racy and can thus trigger a faulty BUG_ON() in __blk_free_tags() on queue exit. Signed-off-by: Jens Axboe --- block/blk-tag.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/block/blk-tag.c b/block/blk-tag.c index 32667beb03ee..ed5166fbc599 100644 --- a/block/blk-tag.c +++ b/block/blk-tag.c @@ -38,7 +38,8 @@ static int __blk_free_tags(struct blk_queue_tag *bqt) retval = atomic_dec_and_test(&bqt->refcnt); if (retval) { - BUG_ON(bqt->busy); + BUG_ON(find_first_bit(bqt->tag_map, bqt->max_depth) < + bqt->max_depth); kfree(bqt->tag_index); bqt->tag_index = NULL; @@ -147,7 +148,6 @@ static struct blk_queue_tag *__blk_queue_init_tags(struct request_queue *q, if (init_tag_map(q, tags, depth)) goto fail; - tags->busy = 0; atomic_set(&tags->refcnt, 1); return tags; fail: @@ -313,7 +313,6 @@ void blk_queue_end_tag(struct request_queue *q, struct request *rq) * unlock memory barrier semantics. */ clear_bit_unlock(tag, bqt->tag_map); - bqt->busy--; } EXPORT_SYMBOL(blk_queue_end_tag); @@ -368,7 +367,6 @@ int blk_queue_start_tag(struct request_queue *q, struct request *rq) bqt->tag_index[tag] = rq; blkdev_dequeue_request(rq); list_add(&rq->queuelist, &q->tag_busy_list); - bqt->busy++; return 0; } EXPORT_SYMBOL(blk_queue_start_tag); -- cgit v1.2.3 From 5168c47b4c294412f079dd3cc891e0276bb0479e Mon Sep 17 00:00:00 2001 From: Jens Axboe Date: Tue, 26 Aug 2008 09:03:17 +0200 Subject: block: remove blk_queue_tag_depth() and blk_queue_tag_queue() They are unused and ->busy doesn't exist anymore. Signed-off-by: Jens Axboe --- include/linux/blkdev.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index ab247d589ad6..44710d7e7bff 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h @@ -817,8 +817,6 @@ extern void blk_put_queue(struct request_queue *); /* * tag stuff */ -#define blk_queue_tag_depth(q) ((q)->queue_tags->busy) -#define blk_queue_tag_queue(q) ((q)->queue_tags->busy < (q)->queue_tags->max_depth) #define blk_rq_tagged(rq) ((rq)->cmd_flags & REQ_QUEUED) extern int blk_queue_start_tag(struct request_queue *, struct request *); extern struct request *blk_queue_find_tag(struct request_queue *, int); -- cgit v1.2.3