1// SPDX-License-Identifier: GPL-2.0 2#include <linux/kernel.h> 3#include <linux/mm.h> 4#include <linux/fs.h> 5#include <linux/errno.h> 6#include <linux/string.h> 7#include <linux/blkdev.h> 8#include <linux/module.h> 9#include <linux/blkpg.h> 10#include <linux/cdrom.h> 11#include <linux/delay.h> 12#include <linux/slab.h> 13#include <asm/io.h> 14#include <linux/uaccess.h> 15 16#include <scsi/scsi.h> 17#include <scsi/scsi_dbg.h> 18#include <scsi/scsi_device.h> 19#include <scsi/scsi_eh.h> 20#include <scsi/scsi_host.h> 21#include <scsi/scsi_ioctl.h> 22#include <scsi/scsi_cmnd.h> 23 24#include "sr.h" 25 26#if 0 27#define DEBUG 28#endif 29 30/* The sr_is_xa() seems to trigger firmware bugs with some drives :-( 31 * It is off by default and can be turned on with this module parameter */ 32static int xa_test = 0; 33 34module_param(xa_test, int, S_IRUGO | S_IWUSR); 35 36static int sr_read_tochdr(struct cdrom_device_info *cdi, 37 struct cdrom_tochdr *tochdr) 38{ 39 struct scsi_cd *cd = cdi->handle; 40 struct packet_command cgc; 41 int result; 42 unsigned char *buffer; 43 44 buffer = kzalloc(32, GFP_KERNEL); 45 if (!buffer) 46 return -ENOMEM; 47 48 memset(&cgc, 0, sizeof(struct packet_command)); 49 cgc.timeout = IOCTL_TIMEOUT; 50 cgc.cmd[0] = GPCMD_READ_TOC_PMA_ATIP; 51 cgc.cmd[8] = 12; /* LSB of length */ 52 cgc.buffer = buffer; 53 cgc.buflen = 12; 54 cgc.quiet = 1; 55 cgc.data_direction = DMA_FROM_DEVICE; 56 57 result = sr_do_ioctl(cd, &cgc); 58 if (result) 59 goto err; 60 61 tochdr->cdth_trk0 = buffer[2]; 62 tochdr->cdth_trk1 = buffer[3]; 63 64err: 65 kfree(buffer); 66 return result; 67} 68 69static int sr_read_tocentry(struct cdrom_device_info *cdi, 70 struct cdrom_tocentry *tocentry) 71{ 72 struct scsi_cd *cd = cdi->handle; 73 struct packet_command cgc; 74 int result; 75 unsigned char *buffer; 76 77 buffer = kzalloc(32, GFP_KERNEL); 78 if (!buffer) 79 return -ENOMEM; 80 81 memset(&cgc, 0, sizeof(struct packet_command)); 82 cgc.timeout = IOCTL_TIMEOUT; 83 cgc.cmd[0] = GPCMD_READ_TOC_PMA_ATIP; 84 cgc.cmd[1] |= (tocentry->cdte_format == CDROM_MSF) ? 0x02 : 0; 85 cgc.cmd[6] = tocentry->cdte_track; 86 cgc.cmd[8] = 12; /* LSB of length */ 87 cgc.buffer = buffer; 88 cgc.buflen = 12; 89 cgc.data_direction = DMA_FROM_DEVICE; 90 91 result = sr_do_ioctl(cd, &cgc); 92 if (result) 93 goto err; 94 95 tocentry->cdte_ctrl = buffer[5] & 0xf; 96 tocentry->cdte_adr = buffer[5] >> 4; 97 tocentry->cdte_datamode = (tocentry->cdte_ctrl & 0x04) ? 1 : 0; 98 if (tocentry->cdte_format == CDROM_MSF) { 99 tocentry->cdte_addr.msf.minute = buffer[9]; 100 tocentry->cdte_addr.msf.second = buffer[10]; 101 tocentry->cdte_addr.msf.frame = buffer[11]; 102 } else 103 tocentry->cdte_addr.lba = (((((buffer[8] << 8) + buffer[9]) << 8) 104 + buffer[10]) << 8) + buffer[11]; 105 106err: 107 kfree(buffer); 108 return result; 109} 110 111#define IOCTL_RETRIES 3 112 113/* ATAPI drives don't have a SCMD_PLAYAUDIO_TI command. When these drives 114 are emulating a SCSI device via the idescsi module, they need to have 115 CDROMPLAYTRKIND commands translated into CDROMPLAYMSF commands for them */ 116 117static int sr_fake_playtrkind(struct cdrom_device_info *cdi, struct cdrom_ti *ti) 118{ 119 struct cdrom_tocentry trk0_te, trk1_te; 120 struct cdrom_tochdr tochdr; 121 struct packet_command cgc; 122 int ntracks, ret; 123 124 ret = sr_read_tochdr(cdi, &tochdr); 125 if (ret) 126 return ret; 127 128 ntracks = tochdr.cdth_trk1 - tochdr.cdth_trk0 + 1; 129 130 if (ti->cdti_trk1 == ntracks) 131 ti->cdti_trk1 = CDROM_LEADOUT; 132 else if (ti->cdti_trk1 != CDROM_LEADOUT) 133 ti->cdti_trk1 ++; 134 135 trk0_te.cdte_track = ti->cdti_trk0; 136 trk0_te.cdte_format = CDROM_MSF; 137 trk1_te.cdte_track = ti->cdti_trk1; 138 trk1_te.cdte_format = CDROM_MSF; 139 140 ret = sr_read_tocentry(cdi, &trk0_te); 141 if (ret) 142 return ret; 143 ret = sr_read_tocentry(cdi, &trk1_te); 144 if (ret) 145 return ret; 146 147 memset(&cgc, 0, sizeof(struct packet_command)); 148 cgc.cmd[0] = GPCMD_PLAY_AUDIO_MSF; 149 cgc.cmd[3] = trk0_te.cdte_addr.msf.minute; 150 cgc.cmd[4] = trk0_te.cdte_addr.msf.second; 151 cgc.cmd[5] = trk0_te.cdte_addr.msf.frame; 152 cgc.cmd[6] = trk1_te.cdte_addr.msf.minute; 153 cgc.cmd[7] = trk1_te.cdte_addr.msf.second; 154 cgc.cmd[8] = trk1_te.cdte_addr.msf.frame; 155 cgc.data_direction = DMA_NONE; 156 cgc.timeout = IOCTL_TIMEOUT; 157 return sr_do_ioctl(cdi->handle, &cgc); 158} 159 160static int sr_play_trkind(struct cdrom_device_info *cdi, 161 struct cdrom_ti *ti) 162 163{ 164 struct scsi_cd *cd = cdi->handle; 165 struct packet_command cgc; 166 int result; 167 168 memset(&cgc, 0, sizeof(struct packet_command)); 169 cgc.timeout = IOCTL_TIMEOUT; 170 cgc.cmd[0] = GPCMD_PLAYAUDIO_TI; 171 cgc.cmd[4] = ti->cdti_trk0; 172 cgc.cmd[5] = ti->cdti_ind0; 173 cgc.cmd[7] = ti->cdti_trk1; 174 cgc.cmd[8] = ti->cdti_ind1; 175 cgc.data_direction = DMA_NONE; 176 177 result = sr_do_ioctl(cd, &cgc); 178 if (result == -EDRIVE_CANT_DO_THIS) 179 result = sr_fake_playtrkind(cdi, ti); 180 181 return result; 182} 183 184/* We do our own retries because we want to know what the specific 185 error code is. Normally the UNIT_ATTENTION code will automatically 186 clear after one error */ 187 188int sr_do_ioctl(Scsi_CD *cd, struct packet_command *cgc) 189{ 190 struct scsi_device *SDev; 191 struct scsi_sense_hdr local_sshdr, *sshdr; 192 int result, err = 0, retries = 0; 193 const struct scsi_exec_args exec_args = { 194 .sshdr = cgc->sshdr ? : &local_sshdr, 195 }; 196 197 SDev = cd->device; 198 199 sshdr = exec_args.sshdr; 200 201 retry: 202 if (!scsi_block_when_processing_errors(SDev)) { 203 err = -ENODEV; 204 goto out; 205 } 206 207 result = scsi_execute_cmd(SDev, cgc->cmd, 208 cgc->data_direction == DMA_TO_DEVICE ? 209 REQ_OP_DRV_OUT : REQ_OP_DRV_IN, cgc->buffer, 210 cgc->buflen, cgc->timeout, IOCTL_RETRIES, 211 &exec_args); 212 /* Minimal error checking. Ignore cases we know about, and report the rest. */ 213 if (result < 0) { 214 err = result; 215 goto out; 216 } 217 if (scsi_status_is_check_condition(result)) { 218 switch (sshdr->sense_key) { 219 case UNIT_ATTENTION: 220 SDev->changed = 1; 221 if (!cgc->quiet) 222 sr_printk(KERN_INFO, cd, 223 "disc change detected.\n"); 224 if (retries++ < 10) 225 goto retry; 226 err = -ENOMEDIUM; 227 break; 228 case NOT_READY: /* This happens if there is no disc in drive */ 229 if (sshdr->asc == 0x04 && 230 sshdr->ascq == 0x01) { 231 /* sense: Logical unit is in process of becoming ready */ 232 if (!cgc->quiet) 233 sr_printk(KERN_INFO, cd, 234 "CDROM not ready yet.\n"); 235 if (retries++ < 10) { 236 /* sleep 2 sec and try again */ 237 ssleep(2); 238 goto retry; 239 } else { 240 /* 20 secs are enough? */ 241 err = -ENOMEDIUM; 242 break; 243 } 244 } 245 if (!cgc->quiet) 246 sr_printk(KERN_INFO, cd, 247 "CDROM not ready. Make sure there " 248 "is a disc in the drive.\n"); 249 err = -ENOMEDIUM; 250 break; 251 case ILLEGAL_REQUEST: 252 err = -EIO; 253 if (sshdr->asc == 0x20 && 254 sshdr->ascq == 0x00) 255 /* sense: Invalid command operation code */ 256 err = -EDRIVE_CANT_DO_THIS; 257 break; 258 default: 259 err = -EIO; 260 } 261 } 262 263 /* Wake up a process waiting for device */ 264 out: 265 cgc->stat = err; 266 return err; 267} 268 269/* ---------------------------------------------------------------------- */ 270/* interface to cdrom.c */ 271 272int sr_tray_move(struct cdrom_device_info *cdi, int pos) 273{ 274 Scsi_CD *cd = cdi->handle; 275 struct packet_command cgc; 276 277 memset(&cgc, 0, sizeof(struct packet_command)); 278 cgc.cmd[0] = GPCMD_START_STOP_UNIT; 279 cgc.cmd[4] = (pos == 0) ? 0x03 /* close */ : 0x02 /* eject */ ; 280 cgc.data_direction = DMA_NONE; 281 cgc.timeout = IOCTL_TIMEOUT; 282 return sr_do_ioctl(cd, &cgc); 283} 284 285int sr_lock_door(struct cdrom_device_info *cdi, int lock) 286{ 287 Scsi_CD *cd = cdi->handle; 288 289 return scsi_set_medium_removal(cd->device, lock ? 290 SCSI_REMOVAL_PREVENT : SCSI_REMOVAL_ALLOW); 291} 292 293int sr_drive_status(struct cdrom_device_info *cdi, int slot) 294{ 295 struct scsi_cd *cd = cdi->handle; 296 struct scsi_sense_hdr sshdr; 297 struct media_event_desc med; 298 299 if (CDSL_CURRENT != slot) { 300 /* we have no changer support */ 301 return -EINVAL; 302 } 303 if (!scsi_test_unit_ready(cd->device, SR_TIMEOUT, MAX_RETRIES, &sshdr)) 304 return CDS_DISC_OK; 305 306 /* SK/ASC/ASCQ of 2/4/1 means "unit is becoming ready" */ 307 if (scsi_sense_valid(&sshdr) && sshdr.sense_key == NOT_READY 308 && sshdr.asc == 0x04 && sshdr.ascq == 0x01) 309 return CDS_DRIVE_NOT_READY; 310 311 if (!cdrom_get_media_event(cdi, &med)) { 312 if (med.media_present) 313 return CDS_DISC_OK; 314 else if (med.door_open) 315 return CDS_TRAY_OPEN; 316 else 317 return CDS_NO_DISC; 318 } 319 320 /* 321 * SK/ASC/ASCQ of 2/4/2 means "initialization required" 322 * Using CD_TRAY_OPEN results in an START_STOP_UNIT to close 323 * the tray, which resolves the initialization requirement. 324 */ 325 if (scsi_sense_valid(&sshdr) && sshdr.sense_key == NOT_READY 326 && sshdr.asc == 0x04 && sshdr.ascq == 0x02) 327 return CDS_TRAY_OPEN; 328 329 /* 330 * 0x04 is format in progress .. but there must be a disc present! 331 */ 332 if (sshdr.sense_key == NOT_READY && sshdr.asc == 0x04) 333 return CDS_DISC_OK; 334 335 /* 336 * If not using Mt Fuji extended media tray reports, 337 * just return TRAY_OPEN since ATAPI doesn't provide 338 * any other way to detect this... 339 */ 340 if (scsi_sense_valid(&sshdr) && 341 /* 0x3a is medium not present */ 342 sshdr.asc == 0x3a) 343 return CDS_NO_DISC; 344 else 345 return CDS_TRAY_OPEN; 346 347 return CDS_DRIVE_NOT_READY; 348} 349 350int sr_disk_status(struct cdrom_device_info *cdi) 351{ 352 Scsi_CD *cd = cdi->handle; 353 struct cdrom_tochdr toc_h; 354 struct cdrom_tocentry toc_e; 355 int i, rc, have_datatracks = 0; 356 357 /* look for data tracks */ 358 rc = sr_read_tochdr(cdi, &toc_h); 359 if (rc) 360 return (rc == -ENOMEDIUM) ? CDS_NO_DISC : CDS_NO_INFO; 361 362 for (i = toc_h.cdth_trk0; i <= toc_h.cdth_trk1; i++) { 363 toc_e.cdte_track = i; 364 toc_e.cdte_format = CDROM_LBA; 365 if (sr_read_tocentry(cdi, &toc_e)) 366 return CDS_NO_INFO; 367 if (toc_e.cdte_ctrl & CDROM_DATA_TRACK) { 368 have_datatracks = 1; 369 break; 370 } 371 } 372 if (!have_datatracks) 373 return CDS_AUDIO; 374 375 if (cd->xa_flag) 376 return CDS_XA_2_1; 377 else 378 return CDS_DATA_1; 379} 380 381int sr_get_last_session(struct cdrom_device_info *cdi, 382 struct cdrom_multisession *ms_info) 383{ 384 Scsi_CD *cd = cdi->handle; 385 386 ms_info->addr.lba = cd->ms_offset; 387 ms_info->xa_flag = cd->xa_flag || cd->ms_offset > 0; 388 389 return 0; 390} 391 392int sr_get_mcn(struct cdrom_device_info *cdi, struct cdrom_mcn *mcn) 393{ 394 Scsi_CD *cd = cdi->handle; 395 struct packet_command cgc; 396 char *buffer = kzalloc(32, GFP_KERNEL); 397 int result; 398 399 if (!buffer) 400 return -ENOMEM; 401 402 memset(&cgc, 0, sizeof(struct packet_command)); 403 cgc.cmd[0] = GPCMD_READ_SUBCHANNEL; 404 cgc.cmd[2] = 0x40; /* I do want the subchannel info */ 405 cgc.cmd[3] = 0x02; /* Give me medium catalog number info */ 406 cgc.cmd[8] = 24; 407 cgc.buffer = buffer; 408 cgc.buflen = 24; 409 cgc.data_direction = DMA_FROM_DEVICE; 410 cgc.timeout = IOCTL_TIMEOUT; 411 result = sr_do_ioctl(cd, &cgc); 412 if (result) 413 goto err; 414 415 memcpy(mcn->medium_catalog_number, buffer + 9, 13); 416 mcn->medium_catalog_number[13] = 0; 417 418err: 419 kfree(buffer); 420 return result; 421} 422 423int sr_reset(struct cdrom_device_info *cdi) 424{ 425 return 0; 426} 427 428int sr_select_speed(struct cdrom_device_info *cdi, int speed) 429{ 430 Scsi_CD *cd = cdi->handle; 431 struct packet_command cgc; 432 433 if (speed == 0) 434 speed = 0xffff; /* set to max */ 435 else 436 speed *= 177; /* Nx to kbyte/s */ 437 438 memset(&cgc, 0, sizeof(struct packet_command)); 439 cgc.cmd[0] = GPCMD_SET_SPEED; /* SET CD SPEED */ 440 cgc.cmd[2] = (speed >> 8) & 0xff; /* MSB for speed (in kbytes/sec) */ 441 cgc.cmd[3] = speed & 0xff; /* LSB */ 442 cgc.data_direction = DMA_NONE; 443 cgc.timeout = IOCTL_TIMEOUT; 444 445 if (sr_do_ioctl(cd, &cgc)) 446 return -EIO; 447 return 0; 448} 449 450/* ----------------------------------------------------------------------- */ 451/* this is called by the generic cdrom driver. arg is a _kernel_ pointer, */ 452/* because the generic cdrom driver does the user access stuff for us. */ 453/* only cdromreadtochdr and cdromreadtocentry are left - for use with the */ 454/* sr_disk_status interface for the generic cdrom driver. */ 455 456int sr_audio_ioctl(struct cdrom_device_info *cdi, unsigned int cmd, void *arg) 457{ 458 switch (cmd) { 459 case CDROMREADTOCHDR: 460 return sr_read_tochdr(cdi, arg); 461 case CDROMREADTOCENTRY: 462 return sr_read_tocentry(cdi, arg); 463 case CDROMPLAYTRKIND: 464 return sr_play_trkind(cdi, arg); 465 default: 466 return -EINVAL; 467 } 468} 469 470/* ----------------------------------------------------------------------- 471 * a function to read all sorts of funny cdrom sectors using the READ_CD 472 * scsi-3 mmc command 473 * 474 * lba: linear block address 475 * format: 0 = data (anything) 476 * 1 = audio 477 * 2 = data (mode 1) 478 * 3 = data (mode 2) 479 * 4 = data (mode 2 form1) 480 * 5 = data (mode 2 form2) 481 * blksize: 2048 | 2336 | 2340 | 2352 482 */ 483 484static int sr_read_cd(Scsi_CD *cd, unsigned char *dest, int lba, int format, int blksize) 485{ 486 struct packet_command cgc; 487 488#ifdef DEBUG 489 sr_printk(KERN_INFO, cd, "sr_read_cd lba=%d format=%d blksize=%d\n", 490 lba, format, blksize); 491#endif 492 493 memset(&cgc, 0, sizeof(struct packet_command)); 494 cgc.cmd[0] = GPCMD_READ_CD; /* READ_CD */ 495 cgc.cmd[1] = ((format & 7) << 2); 496 cgc.cmd[2] = (unsigned char) (lba >> 24) & 0xff; 497 cgc.cmd[3] = (unsigned char) (lba >> 16) & 0xff; 498 cgc.cmd[4] = (unsigned char) (lba >> 8) & 0xff; 499 cgc.cmd[5] = (unsigned char) lba & 0xff; 500 cgc.cmd[8] = 1; 501 switch (blksize) { 502 case 2336: 503 cgc.cmd[9] = 0x58; 504 break; 505 case 2340: 506 cgc.cmd[9] = 0x78; 507 break; 508 case 2352: 509 cgc.cmd[9] = 0xf8; 510 break; 511 default: 512 cgc.cmd[9] = 0x10; 513 break; 514 } 515 cgc.buffer = dest; 516 cgc.buflen = blksize; 517 cgc.data_direction = DMA_FROM_DEVICE; 518 cgc.timeout = IOCTL_TIMEOUT; 519 return sr_do_ioctl(cd, &cgc); 520} 521 522/* 523 * read sectors with blocksizes other than 2048 524 */ 525 526static int sr_read_sector(Scsi_CD *cd, int lba, int blksize, unsigned char *dest) 527{ 528 struct packet_command cgc; 529 int rc; 530 531 /* we try the READ CD command first... */ 532 if (cd->readcd_known) { 533 rc = sr_read_cd(cd, dest, lba, 0, blksize); 534 if (-EDRIVE_CANT_DO_THIS != rc) 535 return rc; 536 cd->readcd_known = 0; 537 sr_printk(KERN_INFO, cd, 538 "CDROM doesn't support READ CD (0xbe) command\n"); 539 /* fall & retry the other way */ 540 } 541 /* ... if this fails, we switch the blocksize using MODE SELECT */ 542 if (blksize != cd->device->sector_size) { 543 if (0 != (rc = sr_set_blocklength(cd, blksize))) 544 return rc; 545 } 546#ifdef DEBUG 547 sr_printk(KERN_INFO, cd, "sr_read_sector lba=%d blksize=%d\n", 548 lba, blksize); 549#endif 550 551 memset(&cgc, 0, sizeof(struct packet_command)); 552 cgc.cmd[0] = GPCMD_READ_10; 553 cgc.cmd[2] = (unsigned char) (lba >> 24) & 0xff; 554 cgc.cmd[3] = (unsigned char) (lba >> 16) & 0xff; 555 cgc.cmd[4] = (unsigned char) (lba >> 8) & 0xff; 556 cgc.cmd[5] = (unsigned char) lba & 0xff; 557 cgc.cmd[8] = 1; 558 cgc.buffer = dest; 559 cgc.buflen = blksize; 560 cgc.data_direction = DMA_FROM_DEVICE; 561 cgc.timeout = IOCTL_TIMEOUT; 562 rc = sr_do_ioctl(cd, &cgc); 563 564 if (blksize != CD_FRAMESIZE) 565 rc |= sr_set_blocklength(cd, CD_FRAMESIZE); 566 return rc; 567} 568 569/* 570 * read a sector in raw mode to check the sector format 571 * ret: 1 == mode2 (XA), 0 == mode1, <0 == error 572 */ 573 574int sr_is_xa(Scsi_CD *cd) 575{ 576 unsigned char *raw_sector; 577 int is_xa; 578 579 if (!xa_test) 580 return 0; 581 582 raw_sector = kmalloc(2048, GFP_KERNEL); 583 if (!raw_sector) 584 return -ENOMEM; 585 if (0 == sr_read_sector(cd, cd->ms_offset + 16, 586 CD_FRAMESIZE_RAW1, raw_sector)) { 587 is_xa = (raw_sector[3] == 0x02) ? 1 : 0; 588 } else { 589 /* read a raw sector failed for some reason. */ 590 is_xa = -1; 591 } 592 kfree(raw_sector); 593#ifdef DEBUG 594 sr_printk(KERN_INFO, cd, "sr_is_xa: %d\n", is_xa); 595#endif 596 return is_xa; 597} 598