scsi: bsg: Move the whole request execution into the SCSI/transport handlers

	bsg_timeout_fn		*timeout_fn;

};

static int bsg_transport_check_proto(struct sg_io_v4 *hdr)

static int bsg_transport_sg_io_fn(struct request_queue *q, struct sg_io_v4 *hdr,

		fmode_t mode, unsigned int timeout)

{

	struct bsg_job *job;

	struct request *rq;

	struct bio *bio;

	int ret;

	if (hdr->protocol != BSG_PROTOCOL_SCSI  ||

	    hdr->subprotocol != BSG_SUB_PROTOCOL_SCSI_TRANSPORT)

		return -EINVAL;

	if (!capable(CAP_SYS_RAWIO))

		return -EPERM;

	return 0;

}

static int bsg_transport_fill_hdr(struct request *rq, struct sg_io_v4 *hdr,

		fmode_t mode)

{

	struct bsg_job *job = blk_mq_rq_to_pdu(rq);

	int ret;

	rq = blk_get_request(q, hdr->dout_xfer_len ?

			     REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);

	if (IS_ERR(rq))

		return PTR_ERR(rq);

	rq->timeout = timeout;

	job = blk_mq_rq_to_pdu(rq);

	job->request_len = hdr->request_len;

	job->request = memdup_user(uptr64(hdr->request), hdr->request_len);

	if (IS_ERR(job->request))

		return PTR_ERR(job->request);

	if (IS_ERR(job->request)) {

		ret = PTR_ERR(job->request);

		goto out_put_request;

	}

	if (hdr->dout_xfer_len && hdr->din_xfer_len) {

		job->bidi_rq = blk_get_request(rq->q, REQ_OP_DRV_IN, 0);

		if (IS_ERR(job->bidi_rq)) {

			ret = PTR_ERR(job->bidi_rq);

			goto out;

			goto out_free_job_request;

		}

		ret = blk_rq_map_user(rq->q, job->bidi_rq, NULL,

		job->bidi_bio = NULL;

	}

	return 0;

out_free_bidi_rq:

	if (job->bidi_rq)

		blk_put_request(job->bidi_rq);

out:

	kfree(job->request);

	return ret;

	if (hdr->dout_xfer_len) {

		ret = blk_rq_map_user(rq->q, rq, NULL, uptr64(hdr->dout_xferp),

				hdr->dout_xfer_len, GFP_KERNEL);

	} else if (hdr->din_xfer_len) {

		ret = blk_rq_map_user(rq->q, rq, NULL, uptr64(hdr->din_xferp),

				hdr->din_xfer_len, GFP_KERNEL);

	}

static int bsg_transport_complete_rq(struct request *rq, struct sg_io_v4 *hdr)

{

	struct bsg_job *job = blk_mq_rq_to_pdu(rq);

	int ret = 0;

	if (ret)

		goto out_unmap_bidi_rq;

	bio = rq->bio;

	blk_execute_rq(NULL, rq, !(hdr->flags & BSG_FLAG_Q_AT_TAIL));

	/*

	 * The assignments below don't make much sense, but are kept for

		hdr->din_resid = 0;

	}

	return ret;

}

static void bsg_transport_free_rq(struct request *rq)

{

	struct bsg_job *job = blk_mq_rq_to_pdu(rq);

	if (job->bidi_rq) {

	blk_rq_unmap_user(bio);

out_unmap_bidi_rq:

	if (job->bidi_rq)

		blk_rq_unmap_user(job->bidi_bio);

out_free_bidi_rq:

	if (job->bidi_rq)

		blk_put_request(job->bidi_rq);

	}

out_free_job_request:

	kfree(job->request);

out_put_request:

	blk_put_request(rq);

	return ret;

}

static const struct bsg_ops bsg_transport_ops = {

	.check_proto		= bsg_transport_check_proto,

	.fill_hdr		= bsg_transport_fill_hdr,

	.complete_rq		= bsg_transport_complete_rq,

	.free_rq		= bsg_transport_free_rq,

};

/**

 * bsg_teardown_job - routine to teardown a bsg job

 * @kref: kref inside bsg_job that is to be torn down

	q->queuedata = dev;

	blk_queue_rq_timeout(q, BLK_DEFAULT_SG_TIMEOUT);

	bset->bd = bsg_register_queue(q, dev, name, &bsg_transport_ops);

	bset->bd = bsg_register_queue(q, dev, name, bsg_transport_sg_io_fn);

	if (IS_ERR(bset->bd)) {

		ret = PTR_ERR(bset->bd);

		goto out_cleanup_queue;

struct bsg_device {

	struct request_queue *queue;

	const struct bsg_ops *ops;

	struct device device;

	struct cdev cdev;

	int max_queue;

	unsigned int timeout;

	unsigned int reserved_size;

	bsg_sg_io_fn *sg_io_fn;

};

static inline struct bsg_device *to_bsg_device(struct inode *inode)

static struct class *bsg_class;

static int bsg_major;

#define uptr64(val) ((void __user *)(uintptr_t)(val))

static unsigned int bsg_timeout(struct bsg_device *bd, struct sg_io_v4 *hdr)

{

	unsigned int timeout = BLK_DEFAULT_SG_TIMEOUT;

	if (hdr->timeout)

		timeout = msecs_to_jiffies(hdr->timeout);

	else if (bd->timeout)

		timeout = bd->timeout;

	return max_t(unsigned int, timeout, BLK_MIN_SG_TIMEOUT);

}

static int bsg_sg_io(struct bsg_device *bd, fmode_t mode, void __user *uarg)

{

	struct request *rq;

	struct bio *bio;

	struct sg_io_v4 hdr;

	int ret;

	if (copy_from_user(&hdr, uarg, sizeof(hdr)))

		return -EFAULT;

	if (hdr.guard != 'Q')

		return -EINVAL;

	ret = bd->ops->check_proto(&hdr);

	if (ret)

		return ret;

	rq = blk_get_request(bd->queue, hdr.dout_xfer_len ?

			REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);

	if (IS_ERR(rq))

		return PTR_ERR(rq);

	ret = bd->ops->fill_hdr(rq, &hdr, mode);

	if (ret) {

		blk_put_request(rq);

		return ret;

	}

	rq->timeout = msecs_to_jiffies(hdr.timeout);

	if (!rq->timeout)

		rq->timeout = bd->timeout;

	if (!rq->timeout)

		rq->timeout = BLK_DEFAULT_SG_TIMEOUT;

	if (rq->timeout < BLK_MIN_SG_TIMEOUT)

		rq->timeout = BLK_MIN_SG_TIMEOUT;

	if (hdr.dout_xfer_len) {

		ret = blk_rq_map_user(rq->q, rq, NULL, uptr64(hdr.dout_xferp),

				hdr.dout_xfer_len, GFP_KERNEL);

	} else if (hdr.din_xfer_len) {

		ret = blk_rq_map_user(rq->q, rq, NULL, uptr64(hdr.din_xferp),

				hdr.din_xfer_len, GFP_KERNEL);

	}

	if (ret)

		goto out_free_rq;

	bio = rq->bio;

	blk_execute_rq(NULL, rq, !(hdr.flags & BSG_FLAG_Q_AT_TAIL));

	ret = bd->ops->complete_rq(rq, &hdr);

	blk_rq_unmap_user(bio);

out_free_rq:

	bd->ops->free_rq(rq);

	blk_put_request(rq);

	ret = bd->sg_io_fn(bd->queue, &hdr, mode, bsg_timeout(bd, &hdr));

	if (!ret && copy_to_user(uarg, &hdr, sizeof(hdr)))

		return -EFAULT;

	return ret;

EXPORT_SYMBOL_GPL(bsg_unregister_queue);

struct bsg_device *bsg_register_queue(struct request_queue *q,

		struct device *parent, const char *name,

		const struct bsg_ops *ops)

		struct device *parent, const char *name, bsg_sg_io_fn *sg_io_fn)

{

	struct bsg_device *bd;

	int ret;

	bd->max_queue = BSG_DEFAULT_CMDS;

	bd->reserved_size = INT_MAX;

	bd->queue = q;

	bd->ops = ops;

	bd->sg_io_fn = sg_io_fn;

	ret = ida_simple_get(&bsg_minor_ida, 0, BSG_MAX_DEVS, GFP_KERNEL);

	if (ret < 0) {

#define uptr64(val) ((void __user *)(uintptr_t)(val))

static int scsi_bsg_check_proto(struct sg_io_v4 *hdr)

static int scsi_bsg_sg_io_fn(struct request_queue *q, struct sg_io_v4 *hdr,

		fmode_t mode, unsigned int timeout)

{

	struct scsi_request *sreq;

	struct request *rq;

	struct bio *bio;

	int ret;

	if (hdr->protocol != BSG_PROTOCOL_SCSI  ||

	    hdr->subprotocol != BSG_SUB_PROTOCOL_SCSI_CMD)

		return -EINVAL;

	return 0;

}

static int scsi_bsg_fill_hdr(struct request *rq, struct sg_io_v4 *hdr,

		fmode_t mode)

{

	struct scsi_request *sreq = scsi_req(rq);

	if (hdr->dout_xfer_len && hdr->din_xfer_len) {

		pr_warn_once("BIDI support in bsg has been removed.\n");

		return -EOPNOTSUPP;

	}

	rq = blk_get_request(q, hdr->dout_xfer_len ?

			     REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);

	if (IS_ERR(rq))

		return PTR_ERR(rq);

	rq->timeout = timeout;

	ret = -ENOMEM;

	sreq = scsi_req(rq);

	sreq->cmd_len = hdr->request_len;

	if (sreq->cmd_len > BLK_MAX_CDB) {

		sreq->cmd = kzalloc(sreq->cmd_len, GFP_KERNEL);

		if (!sreq->cmd)

			return -ENOMEM;

			goto out_put_request;

	}

	ret = -EFAULT;

	if (copy_from_user(sreq->cmd, uptr64(hdr->request), sreq->cmd_len))

		return -EFAULT;

		goto out_free_cmd;

	ret = -EPERM;

	if (!scsi_cmd_allowed(sreq->cmd, mode))

		return -EPERM;

	return 0;

		goto out_free_cmd;

	if (hdr->dout_xfer_len) {

		ret = blk_rq_map_user(rq->q, rq, NULL, uptr64(hdr->dout_xferp),

				hdr->dout_xfer_len, GFP_KERNEL);

	} else if (hdr->din_xfer_len) {

		ret = blk_rq_map_user(rq->q, rq, NULL, uptr64(hdr->din_xferp),

				hdr->din_xfer_len, GFP_KERNEL);

	}

static int scsi_bsg_complete_rq(struct request *rq, struct sg_io_v4 *hdr)

{

	struct scsi_request *sreq = scsi_req(rq);

	int ret = 0;

	if (ret)

		goto out_free_cmd;

	bio = rq->bio;

	blk_execute_rq(NULL, rq, !(hdr->flags & BSG_FLAG_Q_AT_TAIL));

	/*

	 * fill in all the output members

	else

		hdr->dout_resid = sreq->resid_len;

	return ret;

}

	blk_rq_unmap_user(bio);

static void scsi_bsg_free_rq(struct request *rq)

{

out_free_cmd:

	scsi_req_free_cmd(scsi_req(rq));

out_put_request:

	blk_put_request(rq);

	return ret;

}

static const struct bsg_ops scsi_bsg_ops = {

	.check_proto		= scsi_bsg_check_proto,

	.fill_hdr		= scsi_bsg_fill_hdr,

	.complete_rq		= scsi_bsg_complete_rq,

	.free_rq		= scsi_bsg_free_rq,

};

struct bsg_device *scsi_bsg_register_queue(struct scsi_device *sdev)

{

	return bsg_register_queue(sdev->request_queue, &sdev->sdev_gendev,

				  dev_name(&sdev->sdev_gendev), &scsi_bsg_ops);

			dev_name(&sdev->sdev_gendev), scsi_bsg_sg_io_fn);

}

struct bsg_device;

struct device;

struct request;

struct request_queue;

struct bsg_ops {

	int	(*check_proto)(struct sg_io_v4 *hdr);

	int	(*fill_hdr)(struct request *rq, struct sg_io_v4 *hdr,

				fmode_t mode);

	int	(*complete_rq)(struct request *rq, struct sg_io_v4 *hdr);

	void	(*free_rq)(struct request *rq);

};

typedef int (bsg_sg_io_fn)(struct request_queue *, struct sg_io_v4 *hdr,

		fmode_t mode, unsigned int timeout);

struct bsg_device *bsg_register_queue(struct request_queue *q,

		struct device *parent, const char *name,

		const struct bsg_ops *ops);

		bsg_sg_io_fn *sg_io_fn);

void bsg_unregister_queue(struct bsg_device *bcd);

#endif /* _LINUX_BSG_H */