linux/drivers/mtd/mtdchar.c
<<
>>
Prefs
   1/*
   2 * Copyright © 1999-2010 David Woodhouse <dwmw2@infradead.org>
   3 *
   4 * This program is free software; you can redistribute it and/or modify
   5 * it under the terms of the GNU General Public License as published by
   6 * the Free Software Foundation; either version 2 of the License, or
   7 * (at your option) any later version.
   8 *
   9 * This program is distributed in the hope that it will be useful,
  10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 * GNU General Public License for more details.
  13 *
  14 * You should have received a copy of the GNU General Public License
  15 * along with this program; if not, write to the Free Software
  16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
  17 *
  18 */
  19
  20#include <linux/device.h>
  21#include <linux/fs.h>
  22#include <linux/mm.h>
  23#include <linux/err.h>
  24#include <linux/init.h>
  25#include <linux/kernel.h>
  26#include <linux/module.h>
  27#include <linux/slab.h>
  28#include <linux/sched.h>
  29#include <linux/mutex.h>
  30#include <linux/backing-dev.h>
  31#include <linux/compat.h>
  32#include <linux/mount.h>
  33#include <linux/blkpg.h>
  34#include <linux/magic.h>
  35#include <linux/mtd/mtd.h>
  36#include <linux/mtd/partitions.h>
  37#include <linux/mtd/map.h>
  38
  39#include <asm/uaccess.h>
  40
  41static DEFINE_MUTEX(mtd_mutex);
  42
  43/*
  44 * Data structure to hold the pointer to the mtd device as well
  45 * as mode information of various use cases.
  46 */
  47struct mtd_file_info {
  48        struct mtd_info *mtd;
  49        struct inode *ino;
  50        enum mtd_file_modes mode;
  51};
  52
  53static loff_t mtdchar_lseek(struct file *file, loff_t offset, int orig)
  54{
  55        struct mtd_file_info *mfi = file->private_data;
  56        struct mtd_info *mtd = mfi->mtd;
  57
  58        switch (orig) {
  59        case SEEK_SET:
  60                break;
  61        case SEEK_CUR:
  62                offset += file->f_pos;
  63                break;
  64        case SEEK_END:
  65                offset += mtd->size;
  66                break;
  67        default:
  68                return -EINVAL;
  69        }
  70
  71        if (offset >= 0 && offset <= mtd->size)
  72                return file->f_pos = offset;
  73
  74        return -EINVAL;
  75}
  76
  77static int count;
  78static struct vfsmount *mnt;
  79static struct file_system_type mtd_inodefs_type;
  80
  81static int mtdchar_open(struct inode *inode, struct file *file)
  82{
  83        int minor = iminor(inode);
  84        int devnum = minor >> 1;
  85        int ret = 0;
  86        struct mtd_info *mtd;
  87        struct mtd_file_info *mfi;
  88        struct inode *mtd_ino;
  89
  90        pr_debug("MTD_open\n");
  91
  92        /* You can't open the RO devices RW */
  93        if ((file->f_mode & FMODE_WRITE) && (minor & 1))
  94                return -EACCES;
  95
  96        ret = simple_pin_fs(&mtd_inodefs_type, &mnt, &count);
  97        if (ret)
  98                return ret;
  99
 100        mutex_lock(&mtd_mutex);
 101        mtd = get_mtd_device(NULL, devnum);
 102
 103        if (IS_ERR(mtd)) {
 104                ret = PTR_ERR(mtd);
 105                goto out;
 106        }
 107
 108        if (mtd->type == MTD_ABSENT) {
 109                ret = -ENODEV;
 110                goto out1;
 111        }
 112
 113        mtd_ino = iget_locked(mnt->mnt_sb, devnum);
 114        if (!mtd_ino) {
 115                ret = -ENOMEM;
 116                goto out1;
 117        }
 118        if (mtd_ino->i_state & I_NEW) {
 119                mtd_ino->i_private = mtd;
 120                mtd_ino->i_mode = S_IFCHR;
 121                mtd_ino->i_data.backing_dev_info = mtd->backing_dev_info;
 122                unlock_new_inode(mtd_ino);
 123        }
 124        file->f_mapping = mtd_ino->i_mapping;
 125
 126        /* You can't open it RW if it's not a writeable device */
 127        if ((file->f_mode & FMODE_WRITE) && !(mtd->flags & MTD_WRITEABLE)) {
 128                ret = -EACCES;
 129                goto out2;
 130        }
 131
 132        mfi = kzalloc(sizeof(*mfi), GFP_KERNEL);
 133        if (!mfi) {
 134                ret = -ENOMEM;
 135                goto out2;
 136        }
 137        mfi->ino = mtd_ino;
 138        mfi->mtd = mtd;
 139        file->private_data = mfi;
 140        mutex_unlock(&mtd_mutex);
 141        return 0;
 142
 143out2:
 144        iput(mtd_ino);
 145out1:
 146        put_mtd_device(mtd);
 147out:
 148        mutex_unlock(&mtd_mutex);
 149        simple_release_fs(&mnt, &count);
 150        return ret;
 151} /* mtdchar_open */
 152
 153/*====================================================================*/
 154
 155static int mtdchar_close(struct inode *inode, struct file *file)
 156{
 157        struct mtd_file_info *mfi = file->private_data;
 158        struct mtd_info *mtd = mfi->mtd;
 159
 160        pr_debug("MTD_close\n");
 161
 162        /* Only sync if opened RW */
 163        if ((file->f_mode & FMODE_WRITE))
 164                mtd_sync(mtd);
 165
 166        iput(mfi->ino);
 167
 168        put_mtd_device(mtd);
 169        file->private_data = NULL;
 170        kfree(mfi);
 171        simple_release_fs(&mnt, &count);
 172
 173        return 0;
 174} /* mtdchar_close */
 175
 176/* Back in June 2001, dwmw2 wrote:
 177 *
 178 *   FIXME: This _really_ needs to die. In 2.5, we should lock the
 179 *   userspace buffer down and use it directly with readv/writev.
 180 *
 181 * The implementation below, using mtd_kmalloc_up_to, mitigates
 182 * allocation failures when the system is under low-memory situations
 183 * or if memory is highly fragmented at the cost of reducing the
 184 * performance of the requested transfer due to a smaller buffer size.
 185 *
 186 * A more complex but more memory-efficient implementation based on
 187 * get_user_pages and iovecs to cover extents of those pages is a
 188 * longer-term goal, as intimated by dwmw2 above. However, for the
 189 * write case, this requires yet more complex head and tail transfer
 190 * handling when those head and tail offsets and sizes are such that
 191 * alignment requirements are not met in the NAND subdriver.
 192 */
 193
 194static ssize_t mtdchar_read(struct file *file, char __user *buf, size_t count,
 195                        loff_t *ppos)
 196{
 197        struct mtd_file_info *mfi = file->private_data;
 198        struct mtd_info *mtd = mfi->mtd;
 199        size_t retlen;
 200        size_t total_retlen=0;
 201        int ret=0;
 202        int len;
 203        size_t size = count;
 204        char *kbuf;
 205
 206        pr_debug("MTD_read\n");
 207
 208        if (*ppos + count > mtd->size)
 209                count = mtd->size - *ppos;
 210
 211        if (!count)
 212                return 0;
 213
 214        kbuf = mtd_kmalloc_up_to(mtd, &size);
 215        if (!kbuf)
 216                return -ENOMEM;
 217
 218        while (count) {
 219                len = min_t(size_t, count, size);
 220
 221                switch (mfi->mode) {
 222                case MTD_FILE_MODE_OTP_FACTORY:
 223                        ret = mtd_read_fact_prot_reg(mtd, *ppos, len,
 224                                                     &retlen, kbuf);
 225                        break;
 226                case MTD_FILE_MODE_OTP_USER:
 227                        ret = mtd_read_user_prot_reg(mtd, *ppos, len,
 228                                                     &retlen, kbuf);
 229                        break;
 230                case MTD_FILE_MODE_RAW:
 231                {
 232                        struct mtd_oob_ops ops;
 233
 234                        ops.mode = MTD_OPS_RAW;
 235                        ops.datbuf = kbuf;
 236                        ops.oobbuf = NULL;
 237                        ops.len = len;
 238
 239                        ret = mtd_read_oob(mtd, *ppos, &ops);
 240                        retlen = ops.retlen;
 241                        break;
 242                }
 243                default:
 244                        ret = mtd_read(mtd, *ppos, len, &retlen, kbuf);
 245                }
 246                /* Nand returns -EBADMSG on ECC errors, but it returns
 247                 * the data. For our userspace tools it is important
 248                 * to dump areas with ECC errors!
 249                 * For kernel internal usage it also might return -EUCLEAN
 250                 * to signal the caller that a bitflip has occurred and has
 251                 * been corrected by the ECC algorithm.
 252                 * Userspace software which accesses NAND this way
 253                 * must be aware of the fact that it deals with NAND
 254                 */
 255                if (!ret || mtd_is_bitflip_or_eccerr(ret)) {
 256                        *ppos += retlen;
 257                        if (copy_to_user(buf, kbuf, retlen)) {
 258                                kfree(kbuf);
 259                                return -EFAULT;
 260                        }
 261                        else
 262                                total_retlen += retlen;
 263
 264                        count -= retlen;
 265                        buf += retlen;
 266                        if (retlen == 0)
 267                                count = 0;
 268                }
 269                else {
 270                        kfree(kbuf);
 271                        return ret;
 272                }
 273
 274        }
 275
 276        kfree(kbuf);
 277        return total_retlen;
 278} /* mtdchar_read */
 279
 280static ssize_t mtdchar_write(struct file *file, const char __user *buf, size_t count,
 281                        loff_t *ppos)
 282{
 283        struct mtd_file_info *mfi = file->private_data;
 284        struct mtd_info *mtd = mfi->mtd;
 285        size_t size = count;
 286        char *kbuf;
 287        size_t retlen;
 288        size_t total_retlen=0;
 289        int ret=0;
 290        int len;
 291
 292        pr_debug("MTD_write\n");
 293
 294        if (*ppos == mtd->size)
 295                return -ENOSPC;
 296
 297        if (*ppos + count > mtd->size)
 298                count = mtd->size - *ppos;
 299
 300        if (!count)
 301                return 0;
 302
 303        kbuf = mtd_kmalloc_up_to(mtd, &size);
 304        if (!kbuf)
 305                return -ENOMEM;
 306
 307        while (count) {
 308                len = min_t(size_t, count, size);
 309
 310                if (copy_from_user(kbuf, buf, len)) {
 311                        kfree(kbuf);
 312                        return -EFAULT;
 313                }
 314
 315                switch (mfi->mode) {
 316                case MTD_FILE_MODE_OTP_FACTORY:
 317                        ret = -EROFS;
 318                        break;
 319                case MTD_FILE_MODE_OTP_USER:
 320                        ret = mtd_write_user_prot_reg(mtd, *ppos, len,
 321                                                      &retlen, kbuf);
 322                        break;
 323
 324                case MTD_FILE_MODE_RAW:
 325                {
 326                        struct mtd_oob_ops ops;
 327
 328                        ops.mode = MTD_OPS_RAW;
 329                        ops.datbuf = kbuf;
 330                        ops.oobbuf = NULL;
 331                        ops.ooboffs = 0;
 332                        ops.len = len;
 333
 334                        ret = mtd_write_oob(mtd, *ppos, &ops);
 335                        retlen = ops.retlen;
 336                        break;
 337                }
 338
 339                default:
 340                        ret = mtd_write(mtd, *ppos, len, &retlen, kbuf);
 341                }
 342                if (!ret) {
 343                        *ppos += retlen;
 344                        total_retlen += retlen;
 345                        count -= retlen;
 346                        buf += retlen;
 347                }
 348                else {
 349                        kfree(kbuf);
 350                        return ret;
 351                }
 352        }
 353
 354        kfree(kbuf);
 355        return total_retlen;
 356} /* mtdchar_write */
 357
 358/*======================================================================
 359
 360    IOCTL calls for getting device parameters.
 361
 362======================================================================*/
 363static void mtdchar_erase_callback (struct erase_info *instr)
 364{
 365        wake_up((wait_queue_head_t *)instr->priv);
 366}
 367
 368#ifdef CONFIG_HAVE_MTD_OTP
 369static int otp_select_filemode(struct mtd_file_info *mfi, int mode)
 370{
 371        struct mtd_info *mtd = mfi->mtd;
 372        size_t retlen;
 373        int ret = 0;
 374
 375        /*
 376         * Make a fake call to mtd_read_fact_prot_reg() to check if OTP
 377         * operations are supported.
 378         */
 379        if (mtd_read_fact_prot_reg(mtd, -1, 0, &retlen, NULL) == -EOPNOTSUPP)
 380                return -EOPNOTSUPP;
 381
 382        switch (mode) {
 383        case MTD_OTP_FACTORY:
 384                mfi->mode = MTD_FILE_MODE_OTP_FACTORY;
 385                break;
 386        case MTD_OTP_USER:
 387                mfi->mode = MTD_FILE_MODE_OTP_USER;
 388                break;
 389        default:
 390                ret = -EINVAL;
 391        case MTD_OTP_OFF:
 392                break;
 393        }
 394        return ret;
 395}
 396#else
 397# define otp_select_filemode(f,m)       -EOPNOTSUPP
 398#endif
 399
 400static int mtdchar_writeoob(struct file *file, struct mtd_info *mtd,
 401        uint64_t start, uint32_t length, void __user *ptr,
 402        uint32_t __user *retp)
 403{
 404        struct mtd_file_info *mfi = file->private_data;
 405        struct mtd_oob_ops ops;
 406        uint32_t retlen;
 407        int ret = 0;
 408
 409        if (!(file->f_mode & FMODE_WRITE))
 410                return -EPERM;
 411
 412        if (length > 4096)
 413                return -EINVAL;
 414
 415        if (!mtd->_write_oob)
 416                ret = -EOPNOTSUPP;
 417        else
 418                ret = access_ok(VERIFY_READ, ptr, length) ? 0 : -EFAULT;
 419
 420        if (ret)
 421                return ret;
 422
 423        ops.ooblen = length;
 424        ops.ooboffs = start & (mtd->writesize - 1);
 425        ops.datbuf = NULL;
 426        ops.mode = (mfi->mode == MTD_FILE_MODE_RAW) ? MTD_OPS_RAW :
 427                MTD_OPS_PLACE_OOB;
 428
 429        if (ops.ooboffs && ops.ooblen > (mtd->oobsize - ops.ooboffs))
 430                return -EINVAL;
 431
 432        ops.oobbuf = memdup_user(ptr, length);
 433        if (IS_ERR(ops.oobbuf))
 434                return PTR_ERR(ops.oobbuf);
 435
 436        start &= ~((uint64_t)mtd->writesize - 1);
 437        ret = mtd_write_oob(mtd, start, &ops);
 438
 439        if (ops.oobretlen > 0xFFFFFFFFU)
 440                ret = -EOVERFLOW;
 441        retlen = ops.oobretlen;
 442        if (copy_to_user(retp, &retlen, sizeof(length)))
 443                ret = -EFAULT;
 444
 445        kfree(ops.oobbuf);
 446        return ret;
 447}
 448
 449static int mtdchar_readoob(struct file *file, struct mtd_info *mtd,
 450        uint64_t start, uint32_t length, void __user *ptr,
 451        uint32_t __user *retp)
 452{
 453        struct mtd_file_info *mfi = file->private_data;
 454        struct mtd_oob_ops ops;
 455        int ret = 0;
 456
 457        if (length > 4096)
 458                return -EINVAL;
 459
 460        if (!access_ok(VERIFY_WRITE, ptr, length))
 461                return -EFAULT;
 462
 463        ops.ooblen = length;
 464        ops.ooboffs = start & (mtd->writesize - 1);
 465        ops.datbuf = NULL;
 466        ops.mode = (mfi->mode == MTD_FILE_MODE_RAW) ? MTD_OPS_RAW :
 467                MTD_OPS_PLACE_OOB;
 468
 469        if (ops.ooboffs && ops.ooblen > (mtd->oobsize - ops.ooboffs))
 470                return -EINVAL;
 471
 472        ops.oobbuf = kmalloc(length, GFP_KERNEL);
 473        if (!ops.oobbuf)
 474                return -ENOMEM;
 475
 476        start &= ~((uint64_t)mtd->writesize - 1);
 477        ret = mtd_read_oob(mtd, start, &ops);
 478
 479        if (put_user(ops.oobretlen, retp))
 480                ret = -EFAULT;
 481        else if (ops.oobretlen && copy_to_user(ptr, ops.oobbuf,
 482                                            ops.oobretlen))
 483                ret = -EFAULT;
 484
 485        kfree(ops.oobbuf);
 486
 487        /*
 488         * NAND returns -EBADMSG on ECC errors, but it returns the OOB
 489         * data. For our userspace tools it is important to dump areas
 490         * with ECC errors!
 491         * For kernel internal usage it also might return -EUCLEAN
 492         * to signal the caller that a bitflip has occured and has
 493         * been corrected by the ECC algorithm.
 494         *
 495         * Note: currently the standard NAND function, nand_read_oob_std,
 496         * does not calculate ECC for the OOB area, so do not rely on
 497         * this behavior unless you have replaced it with your own.
 498         */
 499        if (mtd_is_bitflip_or_eccerr(ret))
 500                return 0;
 501
 502        return ret;
 503}
 504
 505/*
 506 * Copies (and truncates, if necessary) data from the larger struct,
 507 * nand_ecclayout, to the smaller, deprecated layout struct,
 508 * nand_ecclayout_user. This is necessary only to support the deprecated
 509 * API ioctl ECCGETLAYOUT while allowing all new functionality to use
 510 * nand_ecclayout flexibly (i.e. the struct may change size in new
 511 * releases without requiring major rewrites).
 512 */
 513static int shrink_ecclayout(const struct nand_ecclayout *from,
 514                struct nand_ecclayout_user *to)
 515{
 516        int i;
 517
 518        if (!from || !to)
 519                return -EINVAL;
 520
 521        memset(to, 0, sizeof(*to));
 522
 523        to->eccbytes = min((int)from->eccbytes, MTD_MAX_ECCPOS_ENTRIES);
 524        for (i = 0; i < to->eccbytes; i++)
 525                to->eccpos[i] = from->eccpos[i];
 526
 527        for (i = 0; i < MTD_MAX_OOBFREE_ENTRIES; i++) {
 528                if (from->oobfree[i].length == 0 &&
 529                                from->oobfree[i].offset == 0)
 530                        break;
 531                to->oobavail += from->oobfree[i].length;
 532                to->oobfree[i] = from->oobfree[i];
 533        }
 534
 535        return 0;
 536}
 537
 538static int mtdchar_blkpg_ioctl(struct mtd_info *mtd,
 539                           struct blkpg_ioctl_arg __user *arg)
 540{
 541        struct blkpg_ioctl_arg a;
 542        struct blkpg_partition p;
 543
 544        if (!capable(CAP_SYS_ADMIN))
 545                return -EPERM;
 546
 547        if (copy_from_user(&a, arg, sizeof(struct blkpg_ioctl_arg)))
 548                return -EFAULT;
 549
 550        if (copy_from_user(&p, a.data, sizeof(struct blkpg_partition)))
 551                return -EFAULT;
 552
 553        switch (a.op) {
 554        case BLKPG_ADD_PARTITION:
 555
 556                /* Only master mtd device must be used to add partitions */
 557                if (mtd_is_partition(mtd))
 558                        return -EINVAL;
 559
 560                return mtd_add_partition(mtd, p.devname, p.start, p.length);
 561
 562        case BLKPG_DEL_PARTITION:
 563
 564                if (p.pno < 0)
 565                        return -EINVAL;
 566
 567                return mtd_del_partition(mtd, p.pno);
 568
 569        default:
 570                return -EINVAL;
 571        }
 572}
 573
 574static int mtdchar_write_ioctl(struct mtd_info *mtd,
 575                struct mtd_write_req __user *argp)
 576{
 577        struct mtd_write_req req;
 578        struct mtd_oob_ops ops;
 579        void __user *usr_data, *usr_oob;
 580        int ret;
 581
 582        if (copy_from_user(&req, argp, sizeof(req)) ||
 583                        !access_ok(VERIFY_READ, req.usr_data, req.len) ||
 584                        !access_ok(VERIFY_READ, req.usr_oob, req.ooblen))
 585                return -EFAULT;
 586        if (!mtd->_write_oob)
 587                return -EOPNOTSUPP;
 588
 589        ops.mode = req.mode;
 590        ops.len = (size_t)req.len;
 591        ops.ooblen = (size_t)req.ooblen;
 592        ops.ooboffs = 0;
 593
 594        usr_data = (void __user *)(uintptr_t)req.usr_data;
 595        usr_oob = (void __user *)(uintptr_t)req.usr_oob;
 596
 597        if (req.usr_data) {
 598                ops.datbuf = memdup_user(usr_data, ops.len);
 599                if (IS_ERR(ops.datbuf))
 600                        return PTR_ERR(ops.datbuf);
 601        } else {
 602                ops.datbuf = NULL;
 603        }
 604
 605        if (req.usr_oob) {
 606                ops.oobbuf = memdup_user(usr_oob, ops.ooblen);
 607                if (IS_ERR(ops.oobbuf)) {
 608                        kfree(ops.datbuf);
 609                        return PTR_ERR(ops.oobbuf);
 610                }
 611        } else {
 612                ops.oobbuf = NULL;
 613        }
 614
 615        ret = mtd_write_oob(mtd, (loff_t)req.start, &ops);
 616
 617        kfree(ops.datbuf);
 618        kfree(ops.oobbuf);
 619
 620        return ret;
 621}
 622
 623static int mtdchar_ioctl(struct file *file, u_int cmd, u_long arg)
 624{
 625        struct mtd_file_info *mfi = file->private_data;
 626        struct mtd_info *mtd = mfi->mtd;
 627        void __user *argp = (void __user *)arg;
 628        int ret = 0;
 629        u_long size;
 630        struct mtd_info_user info;
 631
 632        pr_debug("MTD_ioctl\n");
 633
 634        size = (cmd & IOCSIZE_MASK) >> IOCSIZE_SHIFT;
 635        if (cmd & IOC_IN) {
 636                if (!access_ok(VERIFY_READ, argp, size))
 637                        return -EFAULT;
 638        }
 639        if (cmd & IOC_OUT) {
 640                if (!access_ok(VERIFY_WRITE, argp, size))
 641                        return -EFAULT;
 642        }
 643
 644        switch (cmd) {
 645        case MEMGETREGIONCOUNT:
 646                if (copy_to_user(argp, &(mtd->numeraseregions), sizeof(int)))
 647                        return -EFAULT;
 648                break;
 649
 650        case MEMGETREGIONINFO:
 651        {
 652                uint32_t ur_idx;
 653                struct mtd_erase_region_info *kr;
 654                struct region_info_user __user *ur = argp;
 655
 656                if (get_user(ur_idx, &(ur->regionindex)))
 657                        return -EFAULT;
 658
 659                if (ur_idx >= mtd->numeraseregions)
 660                        return -EINVAL;
 661
 662                kr = &(mtd->eraseregions[ur_idx]);
 663
 664                if (put_user(kr->offset, &(ur->offset))
 665                    || put_user(kr->erasesize, &(ur->erasesize))
 666                    || put_user(kr->numblocks, &(ur->numblocks)))
 667                        return -EFAULT;
 668
 669                break;
 670        }
 671
 672        case MEMGETINFO:
 673                memset(&info, 0, sizeof(info));
 674                info.type       = mtd->type;
 675                info.flags      = mtd->flags;
 676                info.size       = mtd->size;
 677                info.erasesize  = mtd->erasesize;
 678                info.writesize  = mtd->writesize;
 679                info.oobsize    = mtd->oobsize;
 680                /* The below field is obsolete */
 681                info.padding    = 0;
 682                if (copy_to_user(argp, &info, sizeof(struct mtd_info_user)))
 683                        return -EFAULT;
 684                break;
 685
 686        case MEMERASE:
 687        case MEMERASE64:
 688        {
 689                struct erase_info *erase;
 690
 691                if(!(file->f_mode & FMODE_WRITE))
 692                        return -EPERM;
 693
 694                erase=kzalloc(sizeof(struct erase_info),GFP_KERNEL);
 695                if (!erase)
 696                        ret = -ENOMEM;
 697                else {
 698                        wait_queue_head_t waitq;
 699                        DECLARE_WAITQUEUE(wait, current);
 700
 701                        init_waitqueue_head(&waitq);
 702
 703                        if (cmd == MEMERASE64) {
 704                                struct erase_info_user64 einfo64;
 705
 706                                if (copy_from_user(&einfo64, argp,
 707                                            sizeof(struct erase_info_user64))) {
 708                                        kfree(erase);
 709                                        return -EFAULT;
 710                                }
 711                                erase->addr = einfo64.start;
 712                                erase->len = einfo64.length;
 713                        } else {
 714                                struct erase_info_user einfo32;
 715
 716                                if (copy_from_user(&einfo32, argp,
 717                                            sizeof(struct erase_info_user))) {
 718                                        kfree(erase);
 719                                        return -EFAULT;
 720                                }
 721                                erase->addr = einfo32.start;
 722                                erase->len = einfo32.length;
 723                        }
 724                        erase->mtd = mtd;
 725                        erase->callback = mtdchar_erase_callback;
 726                        erase->priv = (unsigned long)&waitq;
 727
 728                        /*
 729                          FIXME: Allow INTERRUPTIBLE. Which means
 730                          not having the wait_queue head on the stack.
 731
 732                          If the wq_head is on the stack, and we
 733                          leave because we got interrupted, then the
 734                          wq_head is no longer there when the
 735                          callback routine tries to wake us up.
 736                        */
 737                        ret = mtd_erase(mtd, erase);
 738                        if (!ret) {
 739                                set_current_state(TASK_UNINTERRUPTIBLE);
 740                                add_wait_queue(&waitq, &wait);
 741                                if (erase->state != MTD_ERASE_DONE &&
 742                                    erase->state != MTD_ERASE_FAILED)
 743                                        schedule();
 744                                remove_wait_queue(&waitq, &wait);
 745                                set_current_state(TASK_RUNNING);
 746
 747                                ret = (erase->state == MTD_ERASE_FAILED)?-EIO:0;
 748                        }
 749                        kfree(erase);
 750                }
 751                break;
 752        }
 753
 754        case MEMWRITEOOB:
 755        {
 756                struct mtd_oob_buf buf;
 757                struct mtd_oob_buf __user *buf_user = argp;
 758
 759                /* NOTE: writes return length to buf_user->length */
 760                if (copy_from_user(&buf, argp, sizeof(buf)))
 761                        ret = -EFAULT;
 762                else
 763                        ret = mtdchar_writeoob(file, mtd, buf.start, buf.length,
 764                                buf.ptr, &buf_user->length);
 765                break;
 766        }
 767
 768        case MEMREADOOB:
 769        {
 770                struct mtd_oob_buf buf;
 771                struct mtd_oob_buf __user *buf_user = argp;
 772
 773                /* NOTE: writes return length to buf_user->start */
 774                if (copy_from_user(&buf, argp, sizeof(buf)))
 775                        ret = -EFAULT;
 776                else
 777                        ret = mtdchar_readoob(file, mtd, buf.start, buf.length,
 778                                buf.ptr, &buf_user->start);
 779                break;
 780        }
 781
 782        case MEMWRITEOOB64:
 783        {
 784                struct mtd_oob_buf64 buf;
 785                struct mtd_oob_buf64 __user *buf_user = argp;
 786
 787                if (copy_from_user(&buf, argp, sizeof(buf)))
 788                        ret = -EFAULT;
 789                else
 790                        ret = mtdchar_writeoob(file, mtd, buf.start, buf.length,
 791                                (void __user *)(uintptr_t)buf.usr_ptr,
 792                                &buf_user->length);
 793                break;
 794        }
 795
 796        case MEMREADOOB64:
 797        {
 798                struct mtd_oob_buf64 buf;
 799                struct mtd_oob_buf64 __user *buf_user = argp;
 800
 801                if (copy_from_user(&buf, argp, sizeof(buf)))
 802                        ret = -EFAULT;
 803                else
 804                        ret = mtdchar_readoob(file, mtd, buf.start, buf.length,
 805                                (void __user *)(uintptr_t)buf.usr_ptr,
 806                                &buf_user->length);
 807                break;
 808        }
 809
 810        case MEMWRITE:
 811        {
 812                ret = mtdchar_write_ioctl(mtd,
 813                      (struct mtd_write_req __user *)arg);
 814                break;
 815        }
 816
 817        case MEMLOCK:
 818        {
 819                struct erase_info_user einfo;
 820
 821                if (copy_from_user(&einfo, argp, sizeof(einfo)))
 822                        return -EFAULT;
 823
 824                ret = mtd_lock(mtd, einfo.start, einfo.length);
 825                break;
 826        }
 827
 828        case MEMUNLOCK:
 829        {
 830                struct erase_info_user einfo;
 831
 832                if (copy_from_user(&einfo, argp, sizeof(einfo)))
 833                        return -EFAULT;
 834
 835                ret = mtd_unlock(mtd, einfo.start, einfo.length);
 836                break;
 837        }
 838
 839        case MEMISLOCKED:
 840        {
 841                struct erase_info_user einfo;
 842
 843                if (copy_from_user(&einfo, argp, sizeof(einfo)))
 844                        return -EFAULT;
 845
 846                ret = mtd_is_locked(mtd, einfo.start, einfo.length);
 847                break;
 848        }
 849
 850        /* Legacy interface */
 851        case MEMGETOOBSEL:
 852        {
 853                struct nand_oobinfo oi;
 854
 855                if (!mtd->ecclayout)
 856                        return -EOPNOTSUPP;
 857                if (mtd->ecclayout->eccbytes > ARRAY_SIZE(oi.eccpos))
 858                        return -EINVAL;
 859
 860                oi.useecc = MTD_NANDECC_AUTOPLACE;
 861                memcpy(&oi.eccpos, mtd->ecclayout->eccpos, sizeof(oi.eccpos));
 862                memcpy(&oi.oobfree, mtd->ecclayout->oobfree,
 863                       sizeof(oi.oobfree));
 864                oi.eccbytes = mtd->ecclayout->eccbytes;
 865
 866                if (copy_to_user(argp, &oi, sizeof(struct nand_oobinfo)))
 867                        return -EFAULT;
 868                break;
 869        }
 870
 871        case MEMGETBADBLOCK:
 872        {
 873                loff_t offs;
 874
 875                if (copy_from_user(&offs, argp, sizeof(loff_t)))
 876                        return -EFAULT;
 877                return mtd_block_isbad(mtd, offs);
 878                break;
 879        }
 880
 881        case MEMSETBADBLOCK:
 882        {
 883                loff_t offs;
 884
 885                if (copy_from_user(&offs, argp, sizeof(loff_t)))
 886                        return -EFAULT;
 887                return mtd_block_markbad(mtd, offs);
 888                break;
 889        }
 890
 891#ifdef CONFIG_HAVE_MTD_OTP
 892        case OTPSELECT:
 893        {
 894                int mode;
 895                if (copy_from_user(&mode, argp, sizeof(int)))
 896                        return -EFAULT;
 897
 898                mfi->mode = MTD_FILE_MODE_NORMAL;
 899
 900                ret = otp_select_filemode(mfi, mode);
 901
 902                file->f_pos = 0;
 903                break;
 904        }
 905
 906        case OTPGETREGIONCOUNT:
 907        case OTPGETREGIONINFO:
 908        {
 909                struct otp_info *buf = kmalloc(4096, GFP_KERNEL);
 910                if (!buf)
 911                        return -ENOMEM;
 912                switch (mfi->mode) {
 913                case MTD_FILE_MODE_OTP_FACTORY:
 914                        ret = mtd_get_fact_prot_info(mtd, buf, 4096);
 915                        break;
 916                case MTD_FILE_MODE_OTP_USER:
 917                        ret = mtd_get_user_prot_info(mtd, buf, 4096);
 918                        break;
 919                default:
 920                        ret = -EINVAL;
 921                        break;
 922                }
 923                if (ret >= 0) {
 924                        if (cmd == OTPGETREGIONCOUNT) {
 925                                int nbr = ret / sizeof(struct otp_info);
 926                                ret = copy_to_user(argp, &nbr, sizeof(int));
 927                        } else
 928                                ret = copy_to_user(argp, buf, ret);
 929                        if (ret)
 930                                ret = -EFAULT;
 931                }
 932                kfree(buf);
 933                break;
 934        }
 935
 936        case OTPLOCK:
 937        {
 938                struct otp_info oinfo;
 939
 940                if (mfi->mode != MTD_FILE_MODE_OTP_USER)
 941                        return -EINVAL;
 942                if (copy_from_user(&oinfo, argp, sizeof(oinfo)))
 943                        return -EFAULT;
 944                ret = mtd_lock_user_prot_reg(mtd, oinfo.start, oinfo.length);
 945                break;
 946        }
 947#endif
 948
 949        /* This ioctl is being deprecated - it truncates the ECC layout */
 950        case ECCGETLAYOUT:
 951        {
 952                struct nand_ecclayout_user *usrlay;
 953
 954                if (!mtd->ecclayout)
 955                        return -EOPNOTSUPP;
 956
 957                usrlay = kmalloc(sizeof(*usrlay), GFP_KERNEL);
 958                if (!usrlay)
 959                        return -ENOMEM;
 960
 961                shrink_ecclayout(mtd->ecclayout, usrlay);
 962
 963                if (copy_to_user(argp, usrlay, sizeof(*usrlay)))
 964                        ret = -EFAULT;
 965                kfree(usrlay);
 966                break;
 967        }
 968
 969        case ECCGETSTATS:
 970        {
 971                if (copy_to_user(argp, &mtd->ecc_stats,
 972                                 sizeof(struct mtd_ecc_stats)))
 973                        return -EFAULT;
 974                break;
 975        }
 976
 977        case MTDFILEMODE:
 978        {
 979                mfi->mode = 0;
 980
 981                switch(arg) {
 982                case MTD_FILE_MODE_OTP_FACTORY:
 983                case MTD_FILE_MODE_OTP_USER:
 984                        ret = otp_select_filemode(mfi, arg);
 985                        break;
 986
 987                case MTD_FILE_MODE_RAW:
 988                        if (!mtd_has_oob(mtd))
 989                                return -EOPNOTSUPP;
 990                        mfi->mode = arg;
 991
 992                case MTD_FILE_MODE_NORMAL:
 993                        break;
 994                default:
 995                        ret = -EINVAL;
 996                }
 997                file->f_pos = 0;
 998                break;
 999        }
1000
1001        case BLKPG:
1002        {
1003                ret = mtdchar_blkpg_ioctl(mtd,
1004                      (struct blkpg_ioctl_arg __user *)arg);
1005                break;
1006        }
1007
1008        case BLKRRPART:
1009        {
1010                /* No reread partition feature. Just return ok */
1011                ret = 0;
1012                break;
1013        }
1014
1015        default:
1016                ret = -ENOTTY;
1017        }
1018
1019        return ret;
1020} /* memory_ioctl */
1021
1022static long mtdchar_unlocked_ioctl(struct file *file, u_int cmd, u_long arg)
1023{
1024        int ret;
1025
1026        mutex_lock(&mtd_mutex);
1027        ret = mtdchar_ioctl(file, cmd, arg);
1028        mutex_unlock(&mtd_mutex);
1029
1030        return ret;
1031}
1032
1033#ifdef CONFIG_COMPAT
1034
1035struct mtd_oob_buf32 {
1036        u_int32_t start;
1037        u_int32_t length;
1038        compat_caddr_t ptr;     /* unsigned char* */
1039};
1040
1041#define MEMWRITEOOB32           _IOWR('M', 3, struct mtd_oob_buf32)
1042#define MEMREADOOB32            _IOWR('M', 4, struct mtd_oob_buf32)
1043
1044static long mtdchar_compat_ioctl(struct file *file, unsigned int cmd,
1045        unsigned long arg)
1046{
1047        struct mtd_file_info *mfi = file->private_data;
1048        struct mtd_info *mtd = mfi->mtd;
1049        void __user *argp = compat_ptr(arg);
1050        int ret = 0;
1051
1052        mutex_lock(&mtd_mutex);
1053
1054        switch (cmd) {
1055        case MEMWRITEOOB32:
1056        {
1057                struct mtd_oob_buf32 buf;
1058                struct mtd_oob_buf32 __user *buf_user = argp;
1059
1060                if (copy_from_user(&buf, argp, sizeof(buf)))
1061                        ret = -EFAULT;
1062                else
1063                        ret = mtdchar_writeoob(file, mtd, buf.start,
1064                                buf.length, compat_ptr(buf.ptr),
1065                                &buf_user->length);
1066                break;
1067        }
1068
1069        case MEMREADOOB32:
1070        {
1071                struct mtd_oob_buf32 buf;
1072                struct mtd_oob_buf32 __user *buf_user = argp;
1073
1074                /* NOTE: writes return length to buf->start */
1075                if (copy_from_user(&buf, argp, sizeof(buf)))
1076                        ret = -EFAULT;
1077                else
1078                        ret = mtdchar_readoob(file, mtd, buf.start,
1079                                buf.length, compat_ptr(buf.ptr),
1080                                &buf_user->start);
1081                break;
1082        }
1083        default:
1084                ret = mtdchar_ioctl(file, cmd, (unsigned long)argp);
1085        }
1086
1087        mutex_unlock(&mtd_mutex);
1088
1089        return ret;
1090}
1091
1092#endif /* CONFIG_COMPAT */
1093
1094/*
1095 * try to determine where a shared mapping can be made
1096 * - only supported for NOMMU at the moment (MMU can't doesn't copy private
1097 *   mappings)
1098 */
1099#ifndef CONFIG_MMU
1100static unsigned long mtdchar_get_unmapped_area(struct file *file,
1101                                           unsigned long addr,
1102                                           unsigned long len,
1103                                           unsigned long pgoff,
1104                                           unsigned long flags)
1105{
1106        struct mtd_file_info *mfi = file->private_data;
1107        struct mtd_info *mtd = mfi->mtd;
1108        unsigned long offset;
1109        int ret;
1110
1111        if (addr != 0)
1112                return (unsigned long) -EINVAL;
1113
1114        if (len > mtd->size || pgoff >= (mtd->size >> PAGE_SHIFT))
1115                return (unsigned long) -EINVAL;
1116
1117        offset = pgoff << PAGE_SHIFT;
1118        if (offset > mtd->size - len)
1119                return (unsigned long) -EINVAL;
1120
1121        ret = mtd_get_unmapped_area(mtd, len, offset, flags);
1122        return ret == -EOPNOTSUPP ? -ENOSYS : ret;
1123}
1124#endif
1125
1126static inline unsigned long get_vm_size(struct vm_area_struct *vma)
1127{
1128        return vma->vm_end - vma->vm_start;
1129}
1130
1131static inline resource_size_t get_vm_offset(struct vm_area_struct *vma)
1132{
1133        return (resource_size_t) vma->vm_pgoff << PAGE_SHIFT;
1134}
1135
1136/*
1137 * Set a new vm offset.
1138 *
1139 * Verify that the incoming offset really works as a page offset,
1140 * and that the offset and size fit in a resource_size_t.
1141 */
1142static inline int set_vm_offset(struct vm_area_struct *vma, resource_size_t off)
1143{
1144        pgoff_t pgoff = off >> PAGE_SHIFT;
1145        if (off != (resource_size_t) pgoff << PAGE_SHIFT)
1146                return -EINVAL;
1147        if (off + get_vm_size(vma) - 1 < off)
1148                return -EINVAL;
1149        vma->vm_pgoff = pgoff;
1150        return 0;
1151}
1152
1153/*
1154 * set up a mapping for shared memory segments
1155 */
1156static int mtdchar_mmap(struct file *file, struct vm_area_struct *vma)
1157{
1158#ifdef CONFIG_MMU
1159        struct mtd_file_info *mfi = file->private_data;
1160        struct mtd_info *mtd = mfi->mtd;
1161        struct map_info *map = mtd->priv;
1162        resource_size_t start, off;
1163        unsigned long len, vma_len;
1164
1165        /* This is broken because it assumes the MTD device is map-based
1166           and that mtd->priv is a valid struct map_info.  It should be
1167           replaced with something that uses the mtd_get_unmapped_area()
1168           operation properly. */
1169        if (0 /*mtd->type == MTD_RAM || mtd->type == MTD_ROM*/) {
1170                off = get_vm_offset(vma);
1171                start = map->phys;
1172                len = PAGE_ALIGN((start & ~PAGE_MASK) + map->size);
1173                start &= PAGE_MASK;
1174                vma_len = get_vm_size(vma);
1175
1176                /* Overflow in off+len? */
1177                if (vma_len + off < off)
1178                        return -EINVAL;
1179                /* Does it fit in the mapping? */
1180                if (vma_len + off > len)
1181                        return -EINVAL;
1182
1183                off += start;
1184                /* Did that overflow? */
1185                if (off < start)
1186                        return -EINVAL;
1187                if (set_vm_offset(vma, off) < 0)
1188                        return -EINVAL;
1189                vma->vm_flags |= VM_IO | VM_DONTEXPAND | VM_DONTDUMP;
1190
1191#ifdef pgprot_noncached
1192                if (file->f_flags & O_DSYNC || off >= __pa(high_memory))
1193                        vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
1194#endif
1195                if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
1196                                       vma->vm_end - vma->vm_start,
1197                                       vma->vm_page_prot))
1198                        return -EAGAIN;
1199
1200                return 0;
1201        }
1202        return -ENOSYS;
1203#else
1204        return vma->vm_flags & VM_SHARED ? 0 : -ENOSYS;
1205#endif
1206}
1207
1208static const struct file_operations mtd_fops = {
1209        .owner          = THIS_MODULE,
1210        .llseek         = mtdchar_lseek,
1211        .read           = mtdchar_read,
1212        .write          = mtdchar_write,
1213        .unlocked_ioctl = mtdchar_unlocked_ioctl,
1214#ifdef CONFIG_COMPAT
1215        .compat_ioctl   = mtdchar_compat_ioctl,
1216#endif
1217        .open           = mtdchar_open,
1218        .release        = mtdchar_close,
1219        .mmap           = mtdchar_mmap,
1220#ifndef CONFIG_MMU
1221        .get_unmapped_area = mtdchar_get_unmapped_area,
1222#endif
1223};
1224
1225static const struct super_operations mtd_ops = {
1226        .drop_inode = generic_delete_inode,
1227        .statfs = simple_statfs,
1228};
1229
1230static struct dentry *mtd_inodefs_mount(struct file_system_type *fs_type,
1231                                int flags, const char *dev_name, void *data)
1232{
1233        return mount_pseudo(fs_type, "mtd_inode:", &mtd_ops, NULL, MTD_INODE_FS_MAGIC);
1234}
1235
1236static struct file_system_type mtd_inodefs_type = {
1237       .name = "mtd_inodefs",
1238       .mount = mtd_inodefs_mount,
1239       .kill_sb = kill_anon_super,
1240};
1241
1242static int __init init_mtdchar(void)
1243{
1244        int ret;
1245
1246        ret = __register_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS,
1247                                   "mtd", &mtd_fops);
1248        if (ret < 0) {
1249                pr_notice("Can't allocate major number %d for "
1250                                "Memory Technology Devices.\n", MTD_CHAR_MAJOR);
1251                return ret;
1252        }
1253
1254        ret = register_filesystem(&mtd_inodefs_type);
1255        if (ret) {
1256                pr_notice("Can't register mtd_inodefs filesystem: %d\n", ret);
1257                goto err_unregister_chdev;
1258        }
1259        return ret;
1260
1261err_unregister_chdev:
1262        __unregister_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, "mtd");
1263        return ret;
1264}
1265
1266static void __exit cleanup_mtdchar(void)
1267{
1268        unregister_filesystem(&mtd_inodefs_type);
1269        __unregister_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, "mtd");
1270}
1271
1272module_init(init_mtdchar);
1273module_exit(cleanup_mtdchar);
1274
1275MODULE_ALIAS_CHARDEV_MAJOR(MTD_CHAR_MAJOR);
1276
1277MODULE_LICENSE("GPL");
1278MODULE_AUTHOR("David Woodhouse <dwmw2@infradead.org>");
1279MODULE_DESCRIPTION("Direct character-device access to MTD devices");
1280MODULE_ALIAS_CHARDEV_MAJOR(MTD_CHAR_MAJOR);
1281
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.