ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 760

User:	Jiri Slaby
Error type:	Invalid Pointer Dereference
Error type description:	A pointer which is invalid is being dereferenced
File location:	drivers/scsi/sr.c
Line in file:	188
Project:	Linux Kernel
Project version:	2.6.28
Tools:	Stanse (1.2)
Entered:	2011-11-07 22:22:22 UTC
Source:

  1/*
  2 *  sr.c Copyright (C) 1992 David Giller
  3 *           Copyright (C) 1993, 1994, 1995, 1999 Eric Youngdale
  4 *
  5 *  adapted from:
  6 *      sd.c Copyright (C) 1992 Drew Eckhardt
  7 *      Linux scsi disk driver by
  8 *              Drew Eckhardt <drew@colorado.edu>
  9 *
 10 *        Modified by Eric Youngdale ericy@andante.org to
 11 *        add scatter-gather, multiple outstanding request, and other
 12 *        enhancements.
 13 *
 14 *      Modified by Eric Youngdale eric@andante.org to support loadable
 15 *      low-level scsi drivers.
 16 *
 17 *      Modified by Thomas Quinot thomas@melchior.cuivre.fdn.fr to
 18 *      provide auto-eject.
 19 *
 20 *      Modified by Gerd Knorr <kraxel@cs.tu-berlin.de> to support the
 21 *      generic cdrom interface
 22 *
 23 *      Modified by Jens Axboe <axboe@suse.de> - Uniform sr_packet()
 24 *      interface, capabilities probe additions, ioctl cleanups, etc.
 25 *
 26 *        Modified by Richard Gooch <rgooch@atnf.csiro.au> to support devfs
 27 *
 28 *        Modified by Jens Axboe <axboe@suse.de> - support DVD-RAM
 29 *        transparently and lose the GHOST hack
 30 *
 31 *        Modified by Arnaldo Carvalho de Melo <acme@conectiva.com.br>
 32 *        check resource allocation in sr_init and some cleanups
 33 */
 34
 35#include <linux/module.h>
 36#include <linux/fs.h>
 37#include <linux/kernel.h>
 38#include <linux/mm.h>
 39#include <linux/bio.h>
 40#include <linux/string.h>
 41#include <linux/errno.h>
 42#include <linux/cdrom.h>
 43#include <linux/interrupt.h>
 44#include <linux/init.h>
 45#include <linux/blkdev.h>
 46#include <linux/mutex.h>
 47#include <asm/uaccess.h>
 48
 49#include <scsi/scsi.h>
 50#include <scsi/scsi_dbg.h>
 51#include <scsi/scsi_device.h>
 52#include <scsi/scsi_driver.h>
 53#include <scsi/scsi_cmnd.h>
 54#include <scsi/scsi_eh.h>
 55#include <scsi/scsi_host.h>
 56#include <scsi/scsi_ioctl.h>        /* For the door lock/unlock commands */
 57
 58#include "scsi_logging.h"
 59#include "sr.h"
 60
 61
 62MODULE_DESCRIPTION("SCSI cdrom (sr) driver");
 63MODULE_LICENSE("GPL");
 64MODULE_ALIAS_BLOCKDEV_MAJOR(SCSI_CDROM_MAJOR);
 65MODULE_ALIAS_SCSI_DEVICE(TYPE_ROM);
 66MODULE_ALIAS_SCSI_DEVICE(TYPE_WORM);
 67
 68#define SR_DISKS        256
 69
 70#define SR_CAPABILITIES \
 71        (CDC_CLOSE_TRAY|CDC_OPEN_TRAY|CDC_LOCK|CDC_SELECT_SPEED| \
 72         CDC_SELECT_DISC|CDC_MULTI_SESSION|CDC_MCN|CDC_MEDIA_CHANGED| \
 73         CDC_PLAY_AUDIO|CDC_RESET|CDC_DRIVE_STATUS| \
 74         CDC_CD_R|CDC_CD_RW|CDC_DVD|CDC_DVD_R|CDC_DVD_RAM|CDC_GENERIC_PACKET| \
 75         CDC_MRW|CDC_MRW_W|CDC_RAM)
 76
 77static int sr_probe(struct device *);
 78static int sr_remove(struct device *);
 79static int sr_done(struct scsi_cmnd *);
 80
 81static struct scsi_driver sr_template = {
 82        .owner                        = THIS_MODULE,
 83        .gendrv = {
 84                .name           = "sr",
 85                .probe                = sr_probe,
 86                .remove                = sr_remove,
 87        },
 88        .done                        = sr_done,
 89};
 90
 91static unsigned long sr_index_bits[SR_DISKS / BITS_PER_LONG];
 92static DEFINE_SPINLOCK(sr_index_lock);
 93
 94/* This semaphore is used to mediate the 0->1 reference get in the
 95 * face of object destruction (i.e. we can't allow a get on an
 96 * object after last put) */
 97static DEFINE_MUTEX(sr_ref_mutex);
 98
 99static int sr_open(struct cdrom_device_info *, int);
100static void sr_release(struct cdrom_device_info *);
101
102static void get_sectorsize(struct scsi_cd *);
103static void get_capabilities(struct scsi_cd *);
104
105static int sr_media_change(struct cdrom_device_info *, int);
106static int sr_packet(struct cdrom_device_info *, struct packet_command *);
107
108static struct cdrom_device_ops sr_dops = {
109        .open                        = sr_open,
110        .release                 = sr_release,
111        .drive_status                 = sr_drive_status,
112        .media_changed                = sr_media_change,
113        .tray_move                = sr_tray_move,
114        .lock_door                = sr_lock_door,
115        .select_speed                = sr_select_speed,
116        .get_last_session        = sr_get_last_session,
117        .get_mcn                = sr_get_mcn,
118        .reset                        = sr_reset,
119        .audio_ioctl                = sr_audio_ioctl,
120        .capability                = SR_CAPABILITIES,
121        .generic_packet                = sr_packet,
122};
123
124static void sr_kref_release(struct kref *kref);
125
126static inline struct scsi_cd *scsi_cd(struct gendisk *disk)
127{
128        return container_of(disk->private_data, struct scsi_cd, driver);
129}
130
131/*
132 * The get and put routines for the struct scsi_cd.  Note this entity
133 * has a scsi_device pointer and owns a reference to this.
134 */
135static inline struct scsi_cd *scsi_cd_get(struct gendisk *disk)
136{
137        struct scsi_cd *cd = NULL;
138
139        mutex_lock(&sr_ref_mutex);
140        if (disk->private_data == NULL)
141                goto out;
142        cd = scsi_cd(disk);
143        kref_get(&cd->kref);
144        if (scsi_device_get(cd->device))
145                goto out_put;
146        goto out;
147
148 out_put:
149        kref_put(&cd->kref, sr_kref_release);
150        cd = NULL;
151 out:
152        mutex_unlock(&sr_ref_mutex);
153        return cd;
154}
155
156static void scsi_cd_put(struct scsi_cd *cd)
157{
158        struct scsi_device *sdev = cd->device;
159
160        mutex_lock(&sr_ref_mutex);
161        kref_put(&cd->kref, sr_kref_release);
162        scsi_device_put(sdev);
163        mutex_unlock(&sr_ref_mutex);
164}
165
166/* identical to scsi_test_unit_ready except that it doesn't
167 * eat the NOT_READY returns for removable media */
168int sr_test_unit_ready(struct scsi_device *sdev, struct scsi_sense_hdr *sshdr)
169{
170        int retries = MAX_RETRIES;
171        int the_result;
172        u8 cmd[] = {TEST_UNIT_READY, 0, 0, 0, 0, 0 };
173
174        /* issue TEST_UNIT_READY until the initial startup UNIT_ATTENTION
175         * conditions are gone, or a timeout happens
176         */
177        do {
178                the_result = scsi_execute_req(sdev, cmd, DMA_NONE, NULL,
179                                              0, sshdr, SR_TIMEOUT,
180                                              retries--);
181                if (scsi_sense_valid(sshdr) &&
182                    sshdr->sense_key == UNIT_ATTENTION)
183                        sdev->changed = 1;
184
185        } while (retries > 0 &&
186                 (!scsi_status_is_good(the_result) ||
187                  (scsi_sense_valid(sshdr) &&
188                   sshdr->sense_key == UNIT_ATTENTION)));
189        return the_result;
190}
191
192/*
193 * This function checks to see if the media has been changed in the
194 * CDROM drive.  It is possible that we have already sensed a change,
195 * or the drive may have sensed one and not yet reported it.  We must
196 * be ready for either case. This function always reports the current
197 * value of the changed bit.  If flag is 0, then the changed bit is reset.
198 * This function could be done as an ioctl, but we would need to have
199 * an inode for that to work, and we do not always have one.
200 */
201
202static int sr_media_change(struct cdrom_device_info *cdi, int slot)
203{
204        struct scsi_cd *cd = cdi->handle;
205        int retval;
206        struct scsi_sense_hdr *sshdr;
207
208        if (CDSL_CURRENT != slot) {
209                /* no changer support */
210                return -EINVAL;
211        }
212
213        sshdr =  kzalloc(sizeof(*sshdr), GFP_KERNEL);
214        retval = sr_test_unit_ready(cd->device, sshdr);
215        if (retval || (scsi_sense_valid(sshdr) &&
216                       /* 0x3a is medium not present */
217                       sshdr->asc == 0x3a)) {
218                /* Media not present or unable to test, unit probably not
219                 * ready. This usually means there is no disc in the drive.
220                 * Mark as changed, and we will figure it out later once
221                 * the drive is available again.
222                 */
223                cd->device->changed = 1;
224                /* This will force a flush, if called from check_disk_change */
225                retval = 1;
226                goto out;
227        };
228
229        retval = cd->device->changed;
230        cd->device->changed = 0;
231        /* If the disk changed, the capacity will now be different,
232         * so we force a re-read of this information */
233        if (retval) {
234                /* check multisession offset etc */
235                sr_cd_check(cdi);
236                get_sectorsize(cd);
237        }
238
239out:
240        /* Notify userspace, that media has changed. */
241        if (retval != cd->previous_state)
242                sdev_evt_send_simple(cd->device, SDEV_EVT_MEDIA_CHANGE,
243                                     GFP_KERNEL);
244        cd->previous_state = retval;
245        kfree(sshdr);
246
247        return retval;
248}
249 
250/*
251 * sr_done is the interrupt routine for the device driver.
252 *
253 * It will be notified on the end of a SCSI read / write, and will take one
254 * of several actions based on success or failure.
255 */
256static int sr_done(struct scsi_cmnd *SCpnt)
257{
258        int result = SCpnt->result;
259        int this_count = scsi_bufflen(SCpnt);
260        int good_bytes = (result == 0 ? this_count : 0);
261        int block_sectors = 0;
262        long error_sector;
263        struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk);
264
265#ifdef DEBUG
266        printk("sr.c done: %x\n", result);
267#endif
268
269        /*
270         * Handle MEDIUM ERRORs or VOLUME OVERFLOWs that indicate partial
271         * success.  Since this is a relatively rare error condition, no
272         * care is taken to avoid unnecessary additional work such as
273         * memcpy's that could be avoided.
274         */
275        if (driver_byte(result) != 0 &&                /* An error occurred */
276            (SCpnt->sense_buffer[0] & 0x7f) == 0x70) { /* Sense current */
277                switch (SCpnt->sense_buffer[2]) {
278                case MEDIUM_ERROR:
279                case VOLUME_OVERFLOW:
280                case ILLEGAL_REQUEST:
281                        if (!(SCpnt->sense_buffer[0] & 0x90))
282                                break;
283                        error_sector = (SCpnt->sense_buffer[3] << 24) |
284                                (SCpnt->sense_buffer[4] << 16) |
285                                (SCpnt->sense_buffer[5] << 8) |
286                                SCpnt->sense_buffer[6];
287                        if (SCpnt->request->bio != NULL)
288                                block_sectors =
289                                        bio_sectors(SCpnt->request->bio);
290                        if (block_sectors < 4)
291                                block_sectors = 4;
292                        if (cd->device->sector_size == 2048)
293                                error_sector <<= 2;
294                        error_sector &= ~(block_sectors - 1);
295                        good_bytes = (error_sector - SCpnt->request->sector) << 9;
296                        if (good_bytes < 0 || good_bytes >= this_count)
297                                good_bytes = 0;
298                        /*
299                         * The SCSI specification allows for the value
300                         * returned by READ CAPACITY to be up to 75 2K
301                         * sectors past the last readable block.
302                         * Therefore, if we hit a medium error within the
303                         * last 75 2K sectors, we decrease the saved size
304                         * value.
305                         */
306                        if (error_sector < get_capacity(cd->disk) &&
307                            cd->capacity - error_sector < 4 * 75)
308                                set_capacity(cd->disk, error_sector);
309                        break;
310
311                case RECOVERED_ERROR:
312
313                        /*
314                         * An error occured, but it recovered.  Inform the
315                         * user, but make sure that it's not treated as a
316                         * hard error.
317                         */
318                        scsi_print_sense("sr", SCpnt);
319                        SCpnt->result = 0;
320                        SCpnt->sense_buffer[0] = 0x0;
321                        good_bytes = this_count;
322                        break;
323
324                default:
325                        break;
326                }
327        }
328
329        return good_bytes;
330}
331
332static int sr_prep_fn(struct request_queue *q, struct request *rq)
333{
334        int block = 0, this_count, s_size;
335        struct scsi_cd *cd;
336        struct scsi_cmnd *SCpnt;
337        struct scsi_device *sdp = q->queuedata;
338        int ret;
339
340        if (rq->cmd_type == REQ_TYPE_BLOCK_PC) {
341                ret = scsi_setup_blk_pc_cmnd(sdp, rq);
342                goto out;
343        } else if (rq->cmd_type != REQ_TYPE_FS) {
344                ret = BLKPREP_KILL;
345                goto out;
346        }
347        ret = scsi_setup_fs_cmnd(sdp, rq);
348        if (ret != BLKPREP_OK)
349                goto out;
350        SCpnt = rq->special;
351        cd = scsi_cd(rq->rq_disk);
352
353        /* from here on until we're complete, any goto out
354         * is used for a killable error condition */
355        ret = BLKPREP_KILL;
356
357        SCSI_LOG_HLQUEUE(1, printk("Doing sr request, dev = %s, block = %d\n",
358                                cd->disk->disk_name, block));
359
360        if (!cd->device || !scsi_device_online(cd->device)) {
361                SCSI_LOG_HLQUEUE(2, printk("Finishing %ld sectors\n",
362                                        rq->nr_sectors));
363                SCSI_LOG_HLQUEUE(2, printk("Retry with 0x%p\n", SCpnt));
364                goto out;
365        }
366
367        if (cd->device->changed) {
368                /*
369                 * quietly refuse to do anything to a changed disc until the
370                 * changed bit has been reset
371                 */
372                goto out;
373        }
374
375        /*
376         * we do lazy blocksize switching (when reading XA sectors,
377         * see CDROMREADMODE2 ioctl) 
378         */
379        s_size = cd->device->sector_size;
380        if (s_size > 2048) {
381                if (!in_interrupt())
382                        sr_set_blocklength(cd, 2048);
383                else
384                        printk("sr: can't switch blocksize: in interrupt\n");
385        }
386
387        if (s_size != 512 && s_size != 1024 && s_size != 2048) {
388                scmd_printk(KERN_ERR, SCpnt, "bad sector size %d\n", s_size);
389                goto out;
390        }
391
392        if (rq_data_dir(rq) == WRITE) {
393                if (!cd->device->writeable)
394                        goto out;
395                SCpnt->cmnd[0] = WRITE_10;
396                SCpnt->sc_data_direction = DMA_TO_DEVICE;
397                  cd->cdi.media_written = 1;
398        } else if (rq_data_dir(rq) == READ) {
399                SCpnt->cmnd[0] = READ_10;
400                SCpnt->sc_data_direction = DMA_FROM_DEVICE;
401        } else {
402                blk_dump_rq_flags(rq, "Unknown sr command");
403                goto out;
404        }
405
406        {
407                struct scatterlist *sg;
408                int i, size = 0, sg_count = scsi_sg_count(SCpnt);
409
410                scsi_for_each_sg(SCpnt, sg, sg_count, i)
411                        size += sg->length;
412
413                if (size != scsi_bufflen(SCpnt)) {
414                        scmd_printk(KERN_ERR, SCpnt,
415                                "mismatch count %d, bytes %d\n",
416                                size, scsi_bufflen(SCpnt));
417                        if (scsi_bufflen(SCpnt) > size)
418                                SCpnt->sdb.length = size;
419                }
420        }
421
422        /*
423         * request doesn't start on hw block boundary, add scatter pads
424         */
425        if (((unsigned int)rq->sector % (s_size >> 9)) ||
426            (scsi_bufflen(SCpnt) % s_size)) {
427                scmd_printk(KERN_NOTICE, SCpnt, "unaligned transfer\n");
428                goto out;
429        }
430
431        this_count = (scsi_bufflen(SCpnt) >> 9) / (s_size >> 9);
432
433
434        SCSI_LOG_HLQUEUE(2, printk("%s : %s %d/%ld 512 byte blocks.\n",
435                                cd->cdi.name,
436                                (rq_data_dir(rq) == WRITE) ?
437                                        "writing" : "reading",
438                                this_count, rq->nr_sectors));
439
440        SCpnt->cmnd[1] = 0;
441        block = (unsigned int)rq->sector / (s_size >> 9);
442
443        if (this_count > 0xffff) {
444                this_count = 0xffff;
445                SCpnt->sdb.length = this_count * s_size;
446        }
447
448        SCpnt->cmnd[2] = (unsigned char) (block >> 24) & 0xff;
449        SCpnt->cmnd[3] = (unsigned char) (block >> 16) & 0xff;
450        SCpnt->cmnd[4] = (unsigned char) (block >> 8) & 0xff;
451        SCpnt->cmnd[5] = (unsigned char) block & 0xff;
452        SCpnt->cmnd[6] = SCpnt->cmnd[9] = 0;
453        SCpnt->cmnd[7] = (unsigned char) (this_count >> 8) & 0xff;
454        SCpnt->cmnd[8] = (unsigned char) this_count & 0xff;
455
456        /*
457         * We shouldn't disconnect in the middle of a sector, so with a dumb
458         * host adapter, it's safe to assume that we can at least transfer
459         * this many bytes between each connect / disconnect.
460         */
461        SCpnt->transfersize = cd->device->sector_size;
462        SCpnt->underflow = this_count << 9;
463        SCpnt->allowed = MAX_RETRIES;
464
465        /*
466         * This indicates that the command is ready from our end to be
467         * queued.
468         */
469        ret = BLKPREP_OK;
470 out:
471        return scsi_prep_return(q, rq, ret);
472}
473
474static int sr_block_open(struct block_device *bdev, fmode_t mode)
475{
476        struct scsi_cd *cd = scsi_cd_get(bdev->bd_disk);
477        int ret = -ENXIO;
478
479        if (cd) {
480                ret = cdrom_open(&cd->cdi, bdev, mode);
481                if (ret)
482                        scsi_cd_put(cd);
483        }
484        return ret;
485}
486
487static int sr_block_release(struct gendisk *disk, fmode_t mode)
488{
489        struct scsi_cd *cd = scsi_cd(disk);
490        cdrom_release(&cd->cdi, mode);
491        scsi_cd_put(cd);
492        return 0;
493}
494
495static int sr_block_ioctl(struct block_device *bdev, fmode_t mode, unsigned cmd,
496                          unsigned long arg)
497{
498        struct scsi_cd *cd = scsi_cd(bdev->bd_disk);
499        struct scsi_device *sdev = cd->device;
500        void __user *argp = (void __user *)arg;
501        int ret;
502
503        /*
504         * Send SCSI addressing ioctls directly to mid level, send other
505         * ioctls to cdrom/block level.
506         */
507        switch (cmd) {
508        case SCSI_IOCTL_GET_IDLUN:
509        case SCSI_IOCTL_GET_BUS_NUMBER:
510                return scsi_ioctl(sdev, cmd, argp);
511        }
512
513        ret = cdrom_ioctl(&cd->cdi, bdev, mode, cmd, arg);
514        if (ret != -ENOSYS)
515                return ret;
516
517        /*
518         * ENODEV means that we didn't recognise the ioctl, or that we
519         * cannot execute it in the current device state.  In either
520         * case fall through to scsi_ioctl, which will return ENDOEV again
521         * if it doesn't recognise the ioctl
522         */
523        ret = scsi_nonblockable_ioctl(sdev, cmd, argp,
524                                        (mode & FMODE_NDELAY) != 0);
525        if (ret != -ENODEV)
526                return ret;
527        return scsi_ioctl(sdev, cmd, argp);
528}
529
530static int sr_block_media_changed(struct gendisk *disk)
531{
532        struct scsi_cd *cd = scsi_cd(disk);
533        return cdrom_media_changed(&cd->cdi);
534}
535
536static struct block_device_operations sr_bdops =
537{
538        .owner                = THIS_MODULE,
539        .open                = sr_block_open,
540        .release        = sr_block_release,
541        .locked_ioctl        = sr_block_ioctl,
542        .media_changed        = sr_block_media_changed,
543        /* 
544         * No compat_ioctl for now because sr_block_ioctl never
545         * seems to pass arbitary ioctls down to host drivers.
546         */
547};
548
549static int sr_open(struct cdrom_device_info *cdi, int purpose)
550{
551        struct scsi_cd *cd = cdi->handle;
552        struct scsi_device *sdev = cd->device;
553        int retval;
554
555        /*
556         * If the device is in error recovery, wait until it is done.
557         * If the device is offline, then disallow any access to it.
558         */
559        retval = -ENXIO;
560        if (!scsi_block_when_processing_errors(sdev))
561                goto error_out;
562
563        return 0;
564
565error_out:
566        return retval;        
567}
568
569static void sr_release(struct cdrom_device_info *cdi)
570{
571        struct scsi_cd *cd = cdi->handle;
572
573        if (cd->device->sector_size > 2048)
574                sr_set_blocklength(cd, 2048);
575
576}
577
578static int sr_probe(struct device *dev)
579{
580        struct scsi_device *sdev = to_scsi_device(dev);
581        struct gendisk *disk;
582        struct scsi_cd *cd;
583        int minor, error;
584
585        error = -ENODEV;
586        if (sdev->type != TYPE_ROM && sdev->type != TYPE_WORM)
587                goto fail;
588
589        error = -ENOMEM;
590        cd = kzalloc(sizeof(*cd), GFP_KERNEL);
591        if (!cd)
592                goto fail;
593
594        kref_init(&cd->kref);
595
596        disk = alloc_disk(1);
597        if (!disk)
598                goto fail_free;
599
600        spin_lock(&sr_index_lock);
601        minor = find_first_zero_bit(sr_index_bits, SR_DISKS);
602        if (minor == SR_DISKS) {
603                spin_unlock(&sr_index_lock);
604                error = -EBUSY;
605                goto fail_put;
606        }
607        __set_bit(minor, sr_index_bits);
608        spin_unlock(&sr_index_lock);
609
610        disk->major = SCSI_CDROM_MAJOR;
611        disk->first_minor = minor;
612        sprintf(disk->disk_name, "sr%d", minor);
613        disk->fops = &sr_bdops;
614        disk->flags = GENHD_FL_CD;
615
616        blk_queue_rq_timeout(sdev->request_queue, SR_TIMEOUT);
617
618        cd->device = sdev;
619        cd->disk = disk;
620        cd->driver = &sr_template;
621        cd->disk = disk;
622        cd->capacity = 0x1fffff;
623        cd->device->changed = 1;        /* force recheck CD type */
624        cd->previous_state = 1;
625        cd->use = 1;
626        cd->readcd_known = 0;
627        cd->readcd_cdda = 0;
628
629        cd->cdi.ops = &sr_dops;
630        cd->cdi.handle = cd;
631        cd->cdi.mask = 0;
632        cd->cdi.capacity = 1;
633        sprintf(cd->cdi.name, "sr%d", minor);
634
635        sdev->sector_size = 2048;        /* A guess, just in case */
636
637        /* FIXME: need to handle a get_capabilities failure properly ?? */
638        get_capabilities(cd);
639        blk_queue_prep_rq(sdev->request_queue, sr_prep_fn);
640        sr_vendor_init(cd);
641
642        disk->driverfs_dev = &sdev->sdev_gendev;
643        set_capacity(disk, cd->capacity);
644        disk->private_data = &cd->driver;
645        disk->queue = sdev->request_queue;
646        cd->cdi.disk = disk;
647
648        if (register_cdrom(&cd->cdi))
649                goto fail_put;
650
651        dev_set_drvdata(dev, cd);
652        disk->flags |= GENHD_FL_REMOVABLE;
653        add_disk(disk);
654
655        sdev_printk(KERN_DEBUG, sdev,
656                    "Attached scsi CD-ROM %s\n", cd->cdi.name);
657        return 0;
658
659fail_put:
660        put_disk(disk);
661fail_free:
662        kfree(cd);
663fail:
664        return error;
665}
666
667
668static void get_sectorsize(struct scsi_cd *cd)
669{
670        unsigned char cmd[10];
671        unsigned char buffer[8];
672        int the_result, retries = 3;
673        int sector_size;
674        struct request_queue *queue;
675
676        do {
677                cmd[0] = READ_CAPACITY;
678                memset((void *) &cmd[1], 0, 9);
679                memset(buffer, 0, sizeof(buffer));
680
681                /* Do the command and wait.. */
682                the_result = scsi_execute_req(cd->device, cmd, DMA_FROM_DEVICE,
683                                              buffer, sizeof(buffer), NULL,
684                                              SR_TIMEOUT, MAX_RETRIES);
685
686                retries--;
687
688        } while (the_result && retries);
689
690
691        if (the_result) {
692                cd->capacity = 0x1fffff;
693                sector_size = 2048;        /* A guess, just in case */
694        } else {
695#if 0
696                if (cdrom_get_last_written(&cd->cdi,
697                                           &cd->capacity))
698#endif
699                        cd->capacity = 1 + ((buffer[0] << 24) |
700                                                    (buffer[1] << 16) |
701                                                    (buffer[2] << 8) |
702                                                    buffer[3]);
703                sector_size = (buffer[4] << 24) |
704                    (buffer[5] << 16) | (buffer[6] << 8) | buffer[7];
705                switch (sector_size) {
706                        /*
707                         * HP 4020i CD-Recorder reports 2340 byte sectors
708                         * Philips CD-Writers report 2352 byte sectors
709                         *
710                         * Use 2k sectors for them..
711                         */
712                case 0:
713                case 2340:
714                case 2352:
715                        sector_size = 2048;
716                        /* fall through */
717                case 2048:
718                        cd->capacity *= 4;
719                        /* fall through */
720                case 512:
721                        break;
722                default:
723                        printk("%s: unsupported sector size %d.\n",
724                               cd->cdi.name, sector_size);
725                        cd->capacity = 0;
726                }
727
728                cd->device->sector_size = sector_size;
729
730                /*
731                 * Add this so that we have the ability to correctly gauge
732                 * what the device is capable of.
733                 */
734                set_capacity(cd->disk, cd->capacity);
735        }
736
737        queue = cd->device->request_queue;
738        blk_queue_hardsect_size(queue, sector_size);
739
740        return;
741}
742
743static void get_capabilities(struct scsi_cd *cd)
744{
745        unsigned char *buffer;
746        struct scsi_mode_data data;
747        struct scsi_sense_hdr sshdr;
748        int rc, n;
749
750        static const char *loadmech[] =
751        {
752                "caddy",
753                "tray",
754                "pop-up",
755                "",
756                "changer",
757                "cartridge changer",
758                "",
759                ""
760        };
761
762
763        /* allocate transfer buffer */
764        buffer = kmalloc(512, GFP_KERNEL | GFP_DMA);
765        if (!buffer) {
766                printk(KERN_ERR "sr: out of memory.\n");
767                return;
768        }
769
770        /* eat unit attentions */
771        sr_test_unit_ready(cd->device, &sshdr);
772
773        /* ask for mode page 0x2a */
774        rc = scsi_mode_sense(cd->device, 0, 0x2a, buffer, 128,
775                             SR_TIMEOUT, 3, &data, NULL);
776
777        if (!scsi_status_is_good(rc)) {
778                /* failed, drive doesn't have capabilities mode page */
779                cd->cdi.speed = 1;
780                cd->cdi.mask |= (CDC_CD_R | CDC_CD_RW | CDC_DVD_R |
781                                 CDC_DVD | CDC_DVD_RAM |
782                                 CDC_SELECT_DISC | CDC_SELECT_SPEED |
783                                 CDC_MRW | CDC_MRW_W | CDC_RAM);
784                kfree(buffer);
785                printk("%s: scsi-1 drive\n", cd->cdi.name);
786                return;
787        }
788
789        n = data.header_length + data.block_descriptor_length;
790        cd->cdi.speed = ((buffer[n + 8] << 8) + buffer[n + 9]) / 176;
791        cd->readcd_known = 1;
792        cd->readcd_cdda = buffer[n + 5] & 0x01;
793        /* print some capability bits */
794        printk("%s: scsi3-mmc drive: %dx/%dx %s%s%s%s%s%s\n", cd->cdi.name,
795               ((buffer[n + 14] << 8) + buffer[n + 15]) / 176,
796               cd->cdi.speed,
797               buffer[n + 3] & 0x01 ? "writer " : "", /* CD Writer */
798               buffer[n + 3] & 0x20 ? "dvd-ram " : "",
799               buffer[n + 2] & 0x02 ? "cd/rw " : "", /* can read rewriteable */
800               buffer[n + 4] & 0x20 ? "xa/form2 " : "",        /* can read xa/from2 */
801               buffer[n + 5] & 0x01 ? "cdda " : "", /* can read audio data */
802               loadmech[buffer[n + 6] >> 5]);
803        if ((buffer[n + 6] >> 5) == 0)
804                /* caddy drives can't close tray... */
805                cd->cdi.mask |= CDC_CLOSE_TRAY;
806        if ((buffer[n + 2] & 0x8) == 0)
807                /* not a DVD drive */
808                cd->cdi.mask |= CDC_DVD;
809        if ((buffer[n + 3] & 0x20) == 0) 
810                /* can't write DVD-RAM media */
811                cd->cdi.mask |= CDC_DVD_RAM;
812        if ((buffer[n + 3] & 0x10) == 0)
813                /* can't write DVD-R media */
814                cd->cdi.mask |= CDC_DVD_R;
815        if ((buffer[n + 3] & 0x2) == 0)
816                /* can't write CD-RW media */
817                cd->cdi.mask |= CDC_CD_RW;
818        if ((buffer[n + 3] & 0x1) == 0)
819                /* can't write CD-R media */
820                cd->cdi.mask |= CDC_CD_R;
821        if ((buffer[n + 6] & 0x8) == 0)
822                /* can't eject */
823                cd->cdi.mask |= CDC_OPEN_TRAY;
824
825        if ((buffer[n + 6] >> 5) == mechtype_individual_changer ||
826            (buffer[n + 6] >> 5) == mechtype_cartridge_changer)
827                cd->cdi.capacity =
828                    cdrom_number_of_slots(&cd->cdi);
829        if (cd->cdi.capacity <= 1)
830                /* not a changer */
831                cd->cdi.mask |= CDC_SELECT_DISC;
832        /*else    I don't think it can close its tray
833                cd->cdi.mask |= CDC_CLOSE_TRAY; */
834
835        /*
836         * if DVD-RAM, MRW-W or CD-RW, we are randomly writable
837         */
838        if ((cd->cdi.mask & (CDC_DVD_RAM | CDC_MRW_W | CDC_RAM | CDC_CD_RW)) !=
839                        (CDC_DVD_RAM | CDC_MRW_W | CDC_RAM | CDC_CD_RW)) {
840                cd->device->writeable = 1;
841        }
842
843        kfree(buffer);
844}
845
846/*
847 * sr_packet() is the entry point for the generic commands generated
848 * by the Uniform CD-ROM layer. 
849 */
850static int sr_packet(struct cdrom_device_info *cdi,
851                struct packet_command *cgc)
852{
853        if (cgc->timeout <= 0)
854                cgc->timeout = IOCTL_TIMEOUT;
855
856        sr_do_ioctl(cdi->handle, cgc);
857
858        return cgc->stat;
859}
860
861/**
862 *        sr_kref_release - Called to free the scsi_cd structure
863 *        @kref: pointer to embedded kref
864 *
865 *        sr_ref_mutex must be held entering this routine.  Because it is
866 *        called on last put, you should always use the scsi_cd_get()
867 *        scsi_cd_put() helpers which manipulate the semaphore directly
868 *        and never do a direct kref_put().
869 **/
870static void sr_kref_release(struct kref *kref)
871{
872        struct scsi_cd *cd = container_of(kref, struct scsi_cd, kref);
873        struct gendisk *disk = cd->disk;
874
875        spin_lock(&sr_index_lock);
876        clear_bit(MINOR(disk_devt(disk)), sr_index_bits);
877        spin_unlock(&sr_index_lock);
878
879        unregister_cdrom(&cd->cdi);
880
881        disk->private_data = NULL;
882
883        put_disk(disk);
884
885        kfree(cd);
886}
887
888static int sr_remove(struct device *dev)
889{
890        struct scsi_cd *cd = dev_get_drvdata(dev);
891
892        del_gendisk(cd->disk);
893
894        mutex_lock(&sr_ref_mutex);
895        kref_put(&cd->kref, sr_kref_release);
896        mutex_unlock(&sr_ref_mutex);
897
898        return 0;
899}
900
901static int __init init_sr(void)
902{
903        int rc;
904
905        rc = register_blkdev(SCSI_CDROM_MAJOR, "sr");
906        if (rc)
907                return rc;
908        rc = scsi_register_driver(&sr_template.gendrv);
909        if (rc)
910                unregister_blkdev(SCSI_CDROM_MAJOR, "sr");
911
912        return rc;
913}
914
915static void __exit exit_sr(void)
916{
917        scsi_unregister_driver(&sr_template.gendrv);
918        unregister_blkdev(SCSI_CDROM_MAJOR, "sr");
919}
920
921module_init(init_sr);
922module_exit(exit_sr);
923MODULE_LICENSE("GPL");