1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (c) 2011-2014, Intel Corporation.
4 * Copyright (c) 2017-2021 Christoph Hellwig.
5 */
6#include <linux/blk-integrity.h>
7#include <linux/ptrace.h> /* for force_successful_syscall_return */
8#include <linux/nvme_ioctl.h>
9#include <linux/io_uring/cmd.h>
10#include "nvme.h"
11
12enum {
13 NVME_IOCTL_VEC = (1 << 0),
14 NVME_IOCTL_PARTITION = (1 << 1),
15};
16
17static bool nvme_cmd_allowed(struct nvme_ns *ns, struct nvme_command *c,
18 unsigned int flags, bool open_for_write)
19{
20 u32 effects;
21
22 /*
23 * Do not allow unprivileged passthrough on partitions, as that allows an
24 * escape from the containment of the partition.
25 */
26 if (flags & NVME_IOCTL_PARTITION)
27 goto admin;
28
29 /*
30 * Do not allow unprivileged processes to send vendor specific or fabrics
31 * commands as we can't be sure about their effects.
32 */
33 if (c->common.opcode >= nvme_cmd_vendor_start ||
34 c->common.opcode == nvme_fabrics_command)
35 goto admin;
36
37 /*
38 * Do not allow unprivileged passthrough of admin commands except
39 * for a subset of identify commands that contain information required
40 * to form proper I/O commands in userspace and do not expose any
41 * potentially sensitive information.
42 */
43 if (!ns) {
44 if (c->common.opcode == nvme_admin_identify) {
45 switch (c->identify.cns) {
46 case NVME_ID_CNS_NS:
47 case NVME_ID_CNS_CS_NS:
48 case NVME_ID_CNS_NS_CS_INDEP:
49 case NVME_ID_CNS_CS_CTRL:
50 case NVME_ID_CNS_CTRL:
51 return true;
52 }
53 }
54 goto admin;
55 }
56
57 /*
58 * Check if the controller provides a Commands Supported and Effects log
59 * and marks this command as supported. If not reject unprivileged
60 * passthrough.
61 */
62 effects = nvme_command_effects(ctrl: ns->ctrl, ns, opcode: c->common.opcode);
63 if (!(effects & NVME_CMD_EFFECTS_CSUPP))
64 goto admin;
65
66 /*
67 * Don't allow passthrough for command that have intrusive (or unknown)
68 * effects.
69 */
70 if (effects & ~(NVME_CMD_EFFECTS_CSUPP | NVME_CMD_EFFECTS_LBCC |
71 NVME_CMD_EFFECTS_UUID_SEL |
72 NVME_CMD_EFFECTS_SCOPE_MASK))
73 goto admin;
74
75 /*
76 * Only allow I/O commands that transfer data to the controller or that
77 * change the logical block contents if the file descriptor is open for
78 * writing.
79 */
80 if ((nvme_is_write(cmd: c) || (effects & NVME_CMD_EFFECTS_LBCC)) &&
81 !open_for_write)
82 goto admin;
83
84 return true;
85admin:
86 return capable(CAP_SYS_ADMIN);
87}
88
89/*
90 * Convert integer values from ioctl structures to user pointers, silently
91 * ignoring the upper bits in the compat case to match behaviour of 32-bit
92 * kernels.
93 */
94static void __user *nvme_to_user_ptr(uintptr_t ptrval)
95{
96 if (in_compat_syscall())
97 ptrval = (compat_uptr_t)ptrval;
98 return (void __user *)ptrval;
99}
100
101static struct request *nvme_alloc_user_request(struct request_queue *q,
102 struct nvme_command *cmd, blk_opf_t rq_flags,
103 blk_mq_req_flags_t blk_flags)
104{
105 struct request *req;
106
107 req = blk_mq_alloc_request(q, opf: nvme_req_op(cmd) | rq_flags, flags: blk_flags);
108 if (IS_ERR(ptr: req))
109 return req;
110 nvme_init_request(req, cmd);
111 nvme_req(req)->flags |= NVME_REQ_USERCMD;
112 return req;
113}
114
115static int nvme_map_user_request(struct request *req, u64 ubuffer,
116 unsigned bufflen, void __user *meta_buffer, unsigned meta_len,
117 struct iov_iter *iter, unsigned int flags)
118{
119 struct request_queue *q = req->q;
120 struct nvme_ns *ns = q->queuedata;
121 struct block_device *bdev = ns ? ns->disk->part0 : NULL;
122 bool supports_metadata = bdev && blk_get_integrity(disk: bdev->bd_disk);
123 struct nvme_ctrl *ctrl = nvme_req(req)->ctrl;
124 bool has_metadata = meta_buffer && meta_len;
125 struct bio *bio = NULL;
126 int ret;
127
128 if (!nvme_ctrl_sgl_supported(ctrl))
129 dev_warn_once(ctrl->device, "using unchecked data buffer\n");
130 if (has_metadata) {
131 if (!supports_metadata)
132 return -EINVAL;
133
134 if (!nvme_ctrl_meta_sgl_supported(ctrl))
135 dev_warn_once(ctrl->device,
136 "using unchecked metadata buffer\n");
137 }
138
139 if (iter)
140 ret = blk_rq_map_user_iov(q, req, NULL, iter, GFP_KERNEL);
141 else
142 ret = blk_rq_map_user_io(req, NULL, nvme_to_user_ptr(ptrval: ubuffer),
143 bufflen, GFP_KERNEL, flags & NVME_IOCTL_VEC, 0,
144 0, rq_data_dir(req));
145
146 if (ret)
147 return ret;
148
149 bio = req->bio;
150 if (bdev)
151 bio_set_dev(bio, bdev);
152
153 if (has_metadata) {
154 ret = blk_rq_integrity_map_user(rq: req, ubuf: meta_buffer, bytes: meta_len);
155 if (ret)
156 goto out_unmap;
157 }
158
159 return ret;
160
161out_unmap:
162 if (bio)
163 blk_rq_unmap_user(bio);
164 return ret;
165}
166
167static int nvme_submit_user_cmd(struct request_queue *q,
168 struct nvme_command *cmd, u64 ubuffer, unsigned bufflen,
169 void __user *meta_buffer, unsigned meta_len,
170 u64 *result, unsigned timeout, unsigned int flags)
171{
172 struct nvme_ns *ns = q->queuedata;
173 struct nvme_ctrl *ctrl;
174 struct request *req;
175 struct bio *bio;
176 u32 effects;
177 int ret;
178
179 req = nvme_alloc_user_request(q, cmd, rq_flags: 0, blk_flags: 0);
180 if (IS_ERR(ptr: req))
181 return PTR_ERR(ptr: req);
182
183 req->timeout = timeout;
184 if (ubuffer && bufflen) {
185 ret = nvme_map_user_request(req, ubuffer, bufflen, meta_buffer,
186 meta_len, NULL, flags);
187 if (ret)
188 goto out_free_req;
189 }
190
191 bio = req->bio;
192 ctrl = nvme_req(req)->ctrl;
193
194 effects = nvme_passthru_start(ctrl, ns, opcode: cmd->common.opcode);
195 ret = nvme_execute_rq(rq: req, at_head: false);
196 if (result)
197 *result = le64_to_cpu(nvme_req(req)->result.u64);
198 if (bio)
199 blk_rq_unmap_user(bio);
200 blk_mq_free_request(rq: req);
201
202 if (effects)
203 nvme_passthru_end(ctrl, ns, effects, cmd, status: ret);
204 return ret;
205
206out_free_req:
207 blk_mq_free_request(rq: req);
208 return ret;
209}
210
211static int nvme_submit_io(struct nvme_ns *ns, struct nvme_user_io __user *uio)
212{
213 struct nvme_user_io io;
214 struct nvme_command c;
215 unsigned length, meta_len;
216 void __user *metadata;
217
218 if (copy_from_user(to: &io, from: uio, n: sizeof(io)))
219 return -EFAULT;
220 if (io.flags)
221 return -EINVAL;
222
223 switch (io.opcode) {
224 case nvme_cmd_write:
225 case nvme_cmd_read:
226 case nvme_cmd_compare:
227 break;
228 default:
229 return -EINVAL;
230 }
231
232 length = (io.nblocks + 1) << ns->head->lba_shift;
233
234 if ((io.control & NVME_RW_PRINFO_PRACT) &&
235 (ns->head->ms == ns->head->pi_size)) {
236 /*
237 * Protection information is stripped/inserted by the
238 * controller.
239 */
240 if (nvme_to_user_ptr(ptrval: io.metadata))
241 return -EINVAL;
242 meta_len = 0;
243 metadata = NULL;
244 } else {
245 meta_len = (io.nblocks + 1) * ns->head->ms;
246 metadata = nvme_to_user_ptr(ptrval: io.metadata);
247 }
248
249 if (ns->head->features & NVME_NS_EXT_LBAS) {
250 length += meta_len;
251 meta_len = 0;
252 } else if (meta_len) {
253 if ((io.metadata & 3) || !io.metadata)
254 return -EINVAL;
255 }
256
257 memset(&c, 0, sizeof(c));
258 c.rw.opcode = io.opcode;
259 c.rw.flags = io.flags;
260 c.rw.nsid = cpu_to_le32(ns->head->ns_id);
261 c.rw.slba = cpu_to_le64(io.slba);
262 c.rw.length = cpu_to_le16(io.nblocks);
263 c.rw.control = cpu_to_le16(io.control);
264 c.rw.dsmgmt = cpu_to_le32(io.dsmgmt);
265 c.rw.reftag = cpu_to_le32(io.reftag);
266 c.rw.lbat = cpu_to_le16(io.apptag);
267 c.rw.lbatm = cpu_to_le16(io.appmask);
268
269 return nvme_submit_user_cmd(q: ns->queue, cmd: &c, ubuffer: io.addr, bufflen: length, meta_buffer: metadata,
270 meta_len, NULL, timeout: 0, flags: 0);
271}
272
273static bool nvme_validate_passthru_nsid(struct nvme_ctrl *ctrl,
274 struct nvme_ns *ns, __u32 nsid)
275{
276 if (ns && nsid != ns->head->ns_id) {
277 dev_err(ctrl->device,
278 "%s: nsid (%u) in cmd does not match nsid (%u) of namespace\n",
279 current->comm, nsid, ns->head->ns_id);
280 return false;
281 }
282
283 return true;
284}
285
286static int nvme_user_cmd(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
287 struct nvme_passthru_cmd __user *ucmd, unsigned int flags,
288 bool open_for_write)
289{
290 struct nvme_passthru_cmd cmd;
291 struct nvme_command c;
292 unsigned timeout = 0;
293 u64 result;
294 int status;
295
296 if (copy_from_user(to: &cmd, from: ucmd, n: sizeof(cmd)))
297 return -EFAULT;
298 if (cmd.flags)
299 return -EINVAL;
300 if (!nvme_validate_passthru_nsid(ctrl, ns, nsid: cmd.nsid))
301 return -EINVAL;
302
303 memset(&c, 0, sizeof(c));
304 c.common.opcode = cmd.opcode;
305 c.common.flags = cmd.flags;
306 c.common.nsid = cpu_to_le32(cmd.nsid);
307 c.common.cdw2[0] = cpu_to_le32(cmd.cdw2);
308 c.common.cdw2[1] = cpu_to_le32(cmd.cdw3);
309 c.common.cdw10 = cpu_to_le32(cmd.cdw10);
310 c.common.cdw11 = cpu_to_le32(cmd.cdw11);
311 c.common.cdw12 = cpu_to_le32(cmd.cdw12);
312 c.common.cdw13 = cpu_to_le32(cmd.cdw13);
313 c.common.cdw14 = cpu_to_le32(cmd.cdw14);
314 c.common.cdw15 = cpu_to_le32(cmd.cdw15);
315
316 if (!nvme_cmd_allowed(ns, c: &c, flags: 0, open_for_write))
317 return -EACCES;
318
319 if (cmd.timeout_ms)
320 timeout = msecs_to_jiffies(m: cmd.timeout_ms);
321
322 status = nvme_submit_user_cmd(q: ns ? ns->queue : ctrl->admin_q, cmd: &c,
323 ubuffer: cmd.addr, bufflen: cmd.data_len, meta_buffer: nvme_to_user_ptr(ptrval: cmd.metadata),
324 meta_len: cmd.metadata_len, result: &result, timeout, flags: 0);
325
326 if (status >= 0) {
327 if (put_user(result, &ucmd->result))
328 return -EFAULT;
329 }
330
331 return status;
332}
333
334static int nvme_user_cmd64(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
335 struct nvme_passthru_cmd64 __user *ucmd, unsigned int flags,
336 bool open_for_write)
337{
338 struct nvme_passthru_cmd64 cmd;
339 struct nvme_command c;
340 unsigned timeout = 0;
341 int status;
342
343 if (copy_from_user(to: &cmd, from: ucmd, n: sizeof(cmd)))
344 return -EFAULT;
345 if (cmd.flags)
346 return -EINVAL;
347 if (!nvme_validate_passthru_nsid(ctrl, ns, nsid: cmd.nsid))
348 return -EINVAL;
349
350 memset(&c, 0, sizeof(c));
351 c.common.opcode = cmd.opcode;
352 c.common.flags = cmd.flags;
353 c.common.nsid = cpu_to_le32(cmd.nsid);
354 c.common.cdw2[0] = cpu_to_le32(cmd.cdw2);
355 c.common.cdw2[1] = cpu_to_le32(cmd.cdw3);
356 c.common.cdw10 = cpu_to_le32(cmd.cdw10);
357 c.common.cdw11 = cpu_to_le32(cmd.cdw11);
358 c.common.cdw12 = cpu_to_le32(cmd.cdw12);
359 c.common.cdw13 = cpu_to_le32(cmd.cdw13);
360 c.common.cdw14 = cpu_to_le32(cmd.cdw14);
361 c.common.cdw15 = cpu_to_le32(cmd.cdw15);
362
363 if (!nvme_cmd_allowed(ns, c: &c, flags, open_for_write))
364 return -EACCES;
365
366 if (cmd.timeout_ms)
367 timeout = msecs_to_jiffies(m: cmd.timeout_ms);
368
369 status = nvme_submit_user_cmd(q: ns ? ns->queue : ctrl->admin_q, cmd: &c,
370 ubuffer: cmd.addr, bufflen: cmd.data_len, meta_buffer: nvme_to_user_ptr(ptrval: cmd.metadata),
371 meta_len: cmd.metadata_len, result: &cmd.result, timeout, flags);
372
373 if (status >= 0) {
374 if (put_user(cmd.result, &ucmd->result))
375 return -EFAULT;
376 }
377
378 return status;
379}
380
381struct nvme_uring_data {
382 __u64 metadata;
383 __u64 addr;
384 __u32 data_len;
385 __u32 metadata_len;
386 __u32 timeout_ms;
387};
388
389/*
390 * This overlays struct io_uring_cmd pdu.
391 * Expect build errors if this grows larger than that.
392 */
393struct nvme_uring_cmd_pdu {
394 struct request *req;
395 struct bio *bio;
396 u64 result;
397 int status;
398};
399
400static inline struct nvme_uring_cmd_pdu *nvme_uring_cmd_pdu(
401 struct io_uring_cmd *ioucmd)
402{
403 return io_uring_cmd_to_pdu(ioucmd, struct nvme_uring_cmd_pdu);
404}
405
406static void nvme_uring_task_cb(struct io_uring_cmd *ioucmd,
407 unsigned issue_flags)
408{
409 struct nvme_uring_cmd_pdu *pdu = nvme_uring_cmd_pdu(ioucmd);
410
411 if (pdu->bio)
412 blk_rq_unmap_user(pdu->bio);
413 io_uring_cmd_done(cmd: ioucmd, ret: pdu->status, res2: pdu->result, issue_flags);
414}
415
416static enum rq_end_io_ret nvme_uring_cmd_end_io(struct request *req,
417 blk_status_t err)
418{
419 struct io_uring_cmd *ioucmd = req->end_io_data;
420 struct nvme_uring_cmd_pdu *pdu = nvme_uring_cmd_pdu(ioucmd);
421
422 if (nvme_req(req)->flags & NVME_REQ_CANCELLED) {
423 pdu->status = -EINTR;
424 } else {
425 pdu->status = nvme_req(req)->status;
426 if (!pdu->status)
427 pdu->status = blk_status_to_errno(status: err);
428 }
429 pdu->result = le64_to_cpu(nvme_req(req)->result.u64);
430
431 /*
432 * For iopoll, complete it directly. Note that using the uring_cmd
433 * helper for this is safe only because we check blk_rq_is_poll().
434 * As that returns false if we're NOT on a polled queue, then it's
435 * safe to use the polled completion helper.
436 *
437 * Otherwise, move the completion to task work.
438 */
439 if (blk_rq_is_poll(rq: req)) {
440 if (pdu->bio)
441 blk_rq_unmap_user(pdu->bio);
442 io_uring_cmd_iopoll_done(ioucmd, ret: pdu->result, res2: pdu->status);
443 } else {
444 io_uring_cmd_do_in_task_lazy(ioucmd, task_work_cb: nvme_uring_task_cb);
445 }
446
447 return RQ_END_IO_FREE;
448}
449
450static int nvme_uring_cmd_io(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
451 struct io_uring_cmd *ioucmd, unsigned int issue_flags, bool vec)
452{
453 struct nvme_uring_cmd_pdu *pdu = nvme_uring_cmd_pdu(ioucmd);
454 const struct nvme_uring_cmd *cmd = io_uring_sqe_cmd(sqe: ioucmd->sqe);
455 struct request_queue *q = ns ? ns->queue : ctrl->admin_q;
456 struct nvme_uring_data d;
457 struct nvme_command c;
458 struct iov_iter iter;
459 struct iov_iter *map_iter = NULL;
460 struct request *req;
461 blk_opf_t rq_flags = REQ_ALLOC_CACHE;
462 blk_mq_req_flags_t blk_flags = 0;
463 int ret;
464
465 c.common.opcode = READ_ONCE(cmd->opcode);
466 c.common.flags = READ_ONCE(cmd->flags);
467 if (c.common.flags)
468 return -EINVAL;
469
470 c.common.command_id = 0;
471 c.common.nsid = cpu_to_le32(cmd->nsid);
472 if (!nvme_validate_passthru_nsid(ctrl, ns, le32_to_cpu(c.common.nsid)))
473 return -EINVAL;
474
475 c.common.cdw2[0] = cpu_to_le32(READ_ONCE(cmd->cdw2));
476 c.common.cdw2[1] = cpu_to_le32(READ_ONCE(cmd->cdw3));
477 c.common.metadata = 0;
478 c.common.dptr.prp1 = c.common.dptr.prp2 = 0;
479 c.common.cdw10 = cpu_to_le32(READ_ONCE(cmd->cdw10));
480 c.common.cdw11 = cpu_to_le32(READ_ONCE(cmd->cdw11));
481 c.common.cdw12 = cpu_to_le32(READ_ONCE(cmd->cdw12));
482 c.common.cdw13 = cpu_to_le32(READ_ONCE(cmd->cdw13));
483 c.common.cdw14 = cpu_to_le32(READ_ONCE(cmd->cdw14));
484 c.common.cdw15 = cpu_to_le32(READ_ONCE(cmd->cdw15));
485
486 if (!nvme_cmd_allowed(ns, c: &c, flags: 0, open_for_write: ioucmd->file->f_mode & FMODE_WRITE))
487 return -EACCES;
488
489 d.metadata = READ_ONCE(cmd->metadata);
490 d.addr = READ_ONCE(cmd->addr);
491 d.data_len = READ_ONCE(cmd->data_len);
492 d.metadata_len = READ_ONCE(cmd->metadata_len);
493 d.timeout_ms = READ_ONCE(cmd->timeout_ms);
494
495 if (d.data_len && (ioucmd->flags & IORING_URING_CMD_FIXED)) {
496 int ddir = nvme_is_write(cmd: &c) ? WRITE : READ;
497
498 if (vec)
499 ret = io_uring_cmd_import_fixed_vec(ioucmd,
500 u64_to_user_ptr(d.addr), uvec_segs: d.data_len,
501 ddir, iter: &iter, issue_flags);
502 else
503 ret = io_uring_cmd_import_fixed(ubuf: d.addr, len: d.data_len,
504 rw: ddir, iter: &iter, ioucmd, issue_flags);
505 if (ret < 0)
506 return ret;
507
508 map_iter = &iter;
509 }
510
511 if (issue_flags & IO_URING_F_NONBLOCK) {
512 rq_flags |= REQ_NOWAIT;
513 blk_flags = BLK_MQ_REQ_NOWAIT;
514 }
515 if (issue_flags & IO_URING_F_IOPOLL)
516 rq_flags |= REQ_POLLED;
517
518 req = nvme_alloc_user_request(q, cmd: &c, rq_flags, blk_flags);
519 if (IS_ERR(ptr: req))
520 return PTR_ERR(ptr: req);
521 req->timeout = d.timeout_ms ? msecs_to_jiffies(m: d.timeout_ms) : 0;
522
523 if (d.data_len) {
524 ret = nvme_map_user_request(req, ubuffer: d.addr, bufflen: d.data_len,
525 meta_buffer: nvme_to_user_ptr(ptrval: d.metadata), meta_len: d.metadata_len,
526 iter: map_iter, flags: vec ? NVME_IOCTL_VEC : 0);
527 if (ret)
528 goto out_free_req;
529 }
530
531 /* to free bio on completion, as req->bio will be null at that time */
532 pdu->bio = req->bio;
533 pdu->req = req;
534 req->end_io_data = ioucmd;
535 req->end_io = nvme_uring_cmd_end_io;
536 blk_execute_rq_nowait(rq: req, at_head: false);
537 return -EIOCBQUEUED;
538
539out_free_req:
540 blk_mq_free_request(rq: req);
541 return ret;
542}
543
544static bool is_ctrl_ioctl(unsigned int cmd)
545{
546 if (cmd == NVME_IOCTL_ADMIN_CMD || cmd == NVME_IOCTL_ADMIN64_CMD)
547 return true;
548 if (is_sed_ioctl(cmd))
549 return true;
550 return false;
551}
552
553static int nvme_ctrl_ioctl(struct nvme_ctrl *ctrl, unsigned int cmd,
554 void __user *argp, bool open_for_write)
555{
556 switch (cmd) {
557 case NVME_IOCTL_ADMIN_CMD:
558 return nvme_user_cmd(ctrl, NULL, ucmd: argp, flags: 0, open_for_write);
559 case NVME_IOCTL_ADMIN64_CMD:
560 return nvme_user_cmd64(ctrl, NULL, ucmd: argp, flags: 0, open_for_write);
561 default:
562 return sed_ioctl(dev: ctrl->opal_dev, cmd, ioctl_ptr: argp);
563 }
564}
565
566#ifdef COMPAT_FOR_U64_ALIGNMENT
567struct nvme_user_io32 {
568 __u8 opcode;
569 __u8 flags;
570 __u16 control;
571 __u16 nblocks;
572 __u16 rsvd;
573 __u64 metadata;
574 __u64 addr;
575 __u64 slba;
576 __u32 dsmgmt;
577 __u32 reftag;
578 __u16 apptag;
579 __u16 appmask;
580} __attribute__((__packed__));
581#define NVME_IOCTL_SUBMIT_IO32 _IOW('N', 0x42, struct nvme_user_io32)
582#endif /* COMPAT_FOR_U64_ALIGNMENT */
583
584static int nvme_ns_ioctl(struct nvme_ns *ns, unsigned int cmd,
585 void __user *argp, unsigned int flags, bool open_for_write)
586{
587 switch (cmd) {
588 case NVME_IOCTL_ID:
589 force_successful_syscall_return();
590 return ns->head->ns_id;
591 case NVME_IOCTL_IO_CMD:
592 return nvme_user_cmd(ctrl: ns->ctrl, ns, ucmd: argp, flags, open_for_write);
593 /*
594 * struct nvme_user_io can have different padding on some 32-bit ABIs.
595 * Just accept the compat version as all fields that are used are the
596 * same size and at the same offset.
597 */
598#ifdef COMPAT_FOR_U64_ALIGNMENT
599 case NVME_IOCTL_SUBMIT_IO32:
600#endif
601 case NVME_IOCTL_SUBMIT_IO:
602 return nvme_submit_io(ns, uio: argp);
603 case NVME_IOCTL_IO64_CMD_VEC:
604 flags |= NVME_IOCTL_VEC;
605 fallthrough;
606 case NVME_IOCTL_IO64_CMD:
607 return nvme_user_cmd64(ctrl: ns->ctrl, ns, ucmd: argp, flags,
608 open_for_write);
609 default:
610 return -ENOTTY;
611 }
612}
613
614int nvme_ioctl(struct block_device *bdev, blk_mode_t mode,
615 unsigned int cmd, unsigned long arg)
616{
617 struct nvme_ns *ns = bdev->bd_disk->private_data;
618 bool open_for_write = mode & BLK_OPEN_WRITE;
619 void __user *argp = (void __user *)arg;
620 unsigned int flags = 0;
621
622 if (bdev_is_partition(bdev))
623 flags |= NVME_IOCTL_PARTITION;
624
625 if (is_ctrl_ioctl(cmd))
626 return nvme_ctrl_ioctl(ctrl: ns->ctrl, cmd, argp, open_for_write);
627 return nvme_ns_ioctl(ns, cmd, argp, flags, open_for_write);
628}
629
630long nvme_ns_chr_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
631{
632 struct nvme_ns *ns =
633 container_of(file_inode(file)->i_cdev, struct nvme_ns, cdev);
634 bool open_for_write = file->f_mode & FMODE_WRITE;
635 void __user *argp = (void __user *)arg;
636
637 if (is_ctrl_ioctl(cmd))
638 return nvme_ctrl_ioctl(ctrl: ns->ctrl, cmd, argp, open_for_write);
639 return nvme_ns_ioctl(ns, cmd, argp, flags: 0, open_for_write);
640}
641
642static int nvme_uring_cmd_checks(unsigned int issue_flags)
643{
644
645 /* NVMe passthrough requires big SQE/CQE support */
646 if ((issue_flags & (IO_URING_F_SQE128|IO_URING_F_CQE32)) !=
647 (IO_URING_F_SQE128|IO_URING_F_CQE32))
648 return -EOPNOTSUPP;
649 return 0;
650}
651
652static int nvme_ns_uring_cmd(struct nvme_ns *ns, struct io_uring_cmd *ioucmd,
653 unsigned int issue_flags)
654{
655 struct nvme_ctrl *ctrl = ns->ctrl;
656 int ret;
657
658 ret = nvme_uring_cmd_checks(issue_flags);
659 if (ret)
660 return ret;
661
662 switch (ioucmd->cmd_op) {
663 case NVME_URING_CMD_IO:
664 ret = nvme_uring_cmd_io(ctrl, ns, ioucmd, issue_flags, vec: false);
665 break;
666 case NVME_URING_CMD_IO_VEC:
667 ret = nvme_uring_cmd_io(ctrl, ns, ioucmd, issue_flags, vec: true);
668 break;
669 default:
670 ret = -ENOTTY;
671 }
672
673 return ret;
674}
675
676int nvme_ns_chr_uring_cmd(struct io_uring_cmd *ioucmd, unsigned int issue_flags)
677{
678 struct nvme_ns *ns = container_of(file_inode(ioucmd->file)->i_cdev,
679 struct nvme_ns, cdev);
680
681 return nvme_ns_uring_cmd(ns, ioucmd, issue_flags);
682}
683
684int nvme_ns_chr_uring_cmd_iopoll(struct io_uring_cmd *ioucmd,
685 struct io_comp_batch *iob,
686 unsigned int poll_flags)
687{
688 struct nvme_uring_cmd_pdu *pdu = nvme_uring_cmd_pdu(ioucmd);
689 struct request *req = pdu->req;
690
691 if (req && blk_rq_is_poll(rq: req))
692 return blk_rq_poll(rq: req, iob, poll_flags);
693 return 0;
694}
695#ifdef CONFIG_NVME_MULTIPATH
696static int nvme_ns_head_ctrl_ioctl(struct nvme_ns *ns, unsigned int cmd,
697 void __user *argp, struct nvme_ns_head *head, int srcu_idx,
698 bool open_for_write)
699 __releases(&head->srcu)
700{
701 struct nvme_ctrl *ctrl = ns->ctrl;
702 int ret;
703
704 nvme_get_ctrl(ctrl: ns->ctrl);
705 srcu_read_unlock(ssp: &head->srcu, idx: srcu_idx);
706 ret = nvme_ctrl_ioctl(ctrl: ns->ctrl, cmd, argp, open_for_write);
707
708 nvme_put_ctrl(ctrl);
709 return ret;
710}
711
712int nvme_ns_head_ioctl(struct block_device *bdev, blk_mode_t mode,
713 unsigned int cmd, unsigned long arg)
714{
715 struct nvme_ns_head *head = bdev->bd_disk->private_data;
716 bool open_for_write = mode & BLK_OPEN_WRITE;
717 void __user *argp = (void __user *)arg;
718 struct nvme_ns *ns;
719 int srcu_idx, ret = -EWOULDBLOCK;
720 unsigned int flags = 0;
721
722 if (bdev_is_partition(bdev))
723 flags |= NVME_IOCTL_PARTITION;
724
725 srcu_idx = srcu_read_lock(ssp: &head->srcu);
726 ns = nvme_find_path(head);
727 if (!ns)
728 goto out_unlock;
729
730 /*
731 * Handle ioctls that apply to the controller instead of the namespace
732 * separately and drop the ns SRCU reference early. This avoids a
733 * deadlock when deleting namespaces using the passthrough interface.
734 */
735 if (is_ctrl_ioctl(cmd))
736 return nvme_ns_head_ctrl_ioctl(ns, cmd, argp, head, srcu_idx,
737 open_for_write);
738
739 ret = nvme_ns_ioctl(ns, cmd, argp, flags, open_for_write);
740out_unlock:
741 srcu_read_unlock(ssp: &head->srcu, idx: srcu_idx);
742 return ret;
743}
744
745long nvme_ns_head_chr_ioctl(struct file *file, unsigned int cmd,
746 unsigned long arg)
747{
748 bool open_for_write = file->f_mode & FMODE_WRITE;
749 struct cdev *cdev = file_inode(f: file)->i_cdev;
750 struct nvme_ns_head *head =
751 container_of(cdev, struct nvme_ns_head, cdev);
752 void __user *argp = (void __user *)arg;
753 struct nvme_ns *ns;
754 int srcu_idx, ret = -EWOULDBLOCK;
755
756 srcu_idx = srcu_read_lock(ssp: &head->srcu);
757 ns = nvme_find_path(head);
758 if (!ns)
759 goto out_unlock;
760
761 if (is_ctrl_ioctl(cmd))
762 return nvme_ns_head_ctrl_ioctl(ns, cmd, argp, head, srcu_idx,
763 open_for_write);
764
765 ret = nvme_ns_ioctl(ns, cmd, argp, flags: 0, open_for_write);
766out_unlock:
767 srcu_read_unlock(ssp: &head->srcu, idx: srcu_idx);
768 return ret;
769}
770
771int nvme_ns_head_chr_uring_cmd(struct io_uring_cmd *ioucmd,
772 unsigned int issue_flags)
773{
774 struct cdev *cdev = file_inode(f: ioucmd->file)->i_cdev;
775 struct nvme_ns_head *head = container_of(cdev, struct nvme_ns_head, cdev);
776 int srcu_idx = srcu_read_lock(ssp: &head->srcu);
777 struct nvme_ns *ns = nvme_find_path(head);
778 int ret = -EINVAL;
779
780 if (ns)
781 ret = nvme_ns_uring_cmd(ns, ioucmd, issue_flags);
782 srcu_read_unlock(ssp: &head->srcu, idx: srcu_idx);
783 return ret;
784}
785#endif /* CONFIG_NVME_MULTIPATH */
786
787int nvme_dev_uring_cmd(struct io_uring_cmd *ioucmd, unsigned int issue_flags)
788{
789 struct nvme_ctrl *ctrl = ioucmd->file->private_data;
790 int ret;
791
792 /* IOPOLL not supported yet */
793 if (issue_flags & IO_URING_F_IOPOLL)
794 return -EOPNOTSUPP;
795
796 ret = nvme_uring_cmd_checks(issue_flags);
797 if (ret)
798 return ret;
799
800 switch (ioucmd->cmd_op) {
801 case NVME_URING_CMD_ADMIN:
802 ret = nvme_uring_cmd_io(ctrl, NULL, ioucmd, issue_flags, vec: false);
803 break;
804 case NVME_URING_CMD_ADMIN_VEC:
805 ret = nvme_uring_cmd_io(ctrl, NULL, ioucmd, issue_flags, vec: true);
806 break;
807 default:
808 ret = -ENOTTY;
809 }
810
811 return ret;
812}
813
814static int nvme_dev_user_cmd(struct nvme_ctrl *ctrl, void __user *argp,
815 bool open_for_write)
816{
817 struct nvme_ns *ns;
818 int ret, srcu_idx;
819
820 srcu_idx = srcu_read_lock(ssp: &ctrl->srcu);
821 if (list_empty(head: &ctrl->namespaces)) {
822 ret = -ENOTTY;
823 goto out_unlock;
824 }
825
826 ns = list_first_or_null_rcu(&ctrl->namespaces, struct nvme_ns, list);
827 if (ns != list_last_entry(&ctrl->namespaces, struct nvme_ns, list)) {
828 dev_warn(ctrl->device,
829 "NVME_IOCTL_IO_CMD not supported when multiple namespaces present!\n");
830 ret = -EINVAL;
831 goto out_unlock;
832 }
833
834 dev_warn(ctrl->device,
835 "using deprecated NVME_IOCTL_IO_CMD ioctl on the char device!\n");
836 if (!nvme_get_ns(ns)) {
837 ret = -ENXIO;
838 goto out_unlock;
839 }
840 srcu_read_unlock(ssp: &ctrl->srcu, idx: srcu_idx);
841
842 ret = nvme_user_cmd(ctrl, ns, ucmd: argp, flags: 0, open_for_write);
843 nvme_put_ns(ns);
844 return ret;
845
846out_unlock:
847 srcu_read_unlock(ssp: &ctrl->srcu, idx: srcu_idx);
848 return ret;
849}
850
851long nvme_dev_ioctl(struct file *file, unsigned int cmd,
852 unsigned long arg)
853{
854 bool open_for_write = file->f_mode & FMODE_WRITE;
855 struct nvme_ctrl *ctrl = file->private_data;
856 void __user *argp = (void __user *)arg;
857
858 switch (cmd) {
859 case NVME_IOCTL_ADMIN_CMD:
860 return nvme_user_cmd(ctrl, NULL, ucmd: argp, flags: 0, open_for_write);
861 case NVME_IOCTL_ADMIN64_CMD:
862 return nvme_user_cmd64(ctrl, NULL, ucmd: argp, flags: 0, open_for_write);
863 case NVME_IOCTL_IO_CMD:
864 return nvme_dev_user_cmd(ctrl, argp, open_for_write);
865 case NVME_IOCTL_RESET:
866 if (!capable(CAP_SYS_ADMIN))
867 return -EACCES;
868 dev_warn(ctrl->device, "resetting controller\n");
869 return nvme_reset_ctrl_sync(ctrl);
870 case NVME_IOCTL_SUBSYS_RESET:
871 if (!capable(CAP_SYS_ADMIN))
872 return -EACCES;
873 return nvme_reset_subsystem(ctrl);
874 case NVME_IOCTL_RESCAN:
875 if (!capable(CAP_SYS_ADMIN))
876 return -EACCES;
877 nvme_queue_scan(ctrl);
878 return 0;
879 default:
880 return -ENOTTY;
881 }
882}
883

Provided by KDAB

Privacy Policy
Improve your Profiling and Debugging skills
Find out more

source code of linux/drivers/nvme/host/ioctl.c