xref: /linux/drivers/char/mem.c (revision 8f8d5745bb520c76b81abef4a2cb3023d0313bfd)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  *  linux/drivers/char/mem.c
4  *
5  *  Copyright (C) 1991, 1992  Linus Torvalds
6  *
7  *  Added devfs support.
8  *    Jan-11-1998, C. Scott Ananian <cananian@alumni.princeton.edu>
9  *  Shared /dev/zero mmapping support, Feb 2000, Kanoj Sarcar <kanoj@sgi.com>
10  */
11 
12 #include <linux/mm.h>
13 #include <linux/miscdevice.h>
14 #include <linux/slab.h>
15 #include <linux/vmalloc.h>
16 #include <linux/mman.h>
17 #include <linux/random.h>
18 #include <linux/init.h>
19 #include <linux/raw.h>
20 #include <linux/tty.h>
21 #include <linux/capability.h>
22 #include <linux/ptrace.h>
23 #include <linux/device.h>
24 #include <linux/highmem.h>
25 #include <linux/backing-dev.h>
26 #include <linux/shmem_fs.h>
27 #include <linux/splice.h>
28 #include <linux/pfn.h>
29 #include <linux/export.h>
30 #include <linux/io.h>
31 #include <linux/uio.h>
32 
33 #include <linux/uaccess.h>
34 
35 #ifdef CONFIG_IA64
36 # include <linux/efi.h>
37 #endif
38 
39 #define DEVPORT_MINOR	4
40 
41 static inline unsigned long size_inside_page(unsigned long start,
42 					     unsigned long size)
43 {
44 	unsigned long sz;
45 
46 	sz = PAGE_SIZE - (start & (PAGE_SIZE - 1));
47 
48 	return min(sz, size);
49 }
50 
51 #ifndef ARCH_HAS_VALID_PHYS_ADDR_RANGE
52 static inline int valid_phys_addr_range(phys_addr_t addr, size_t count)
53 {
54 	return addr + count <= __pa(high_memory);
55 }
56 
57 static inline int valid_mmap_phys_addr_range(unsigned long pfn, size_t size)
58 {
59 	return 1;
60 }
61 #endif
62 
63 #ifdef CONFIG_STRICT_DEVMEM
64 static inline int page_is_allowed(unsigned long pfn)
65 {
66 	return devmem_is_allowed(pfn);
67 }
68 static inline int range_is_allowed(unsigned long pfn, unsigned long size)
69 {
70 	u64 from = ((u64)pfn) << PAGE_SHIFT;
71 	u64 to = from + size;
72 	u64 cursor = from;
73 
74 	while (cursor < to) {
75 		if (!devmem_is_allowed(pfn))
76 			return 0;
77 		cursor += PAGE_SIZE;
78 		pfn++;
79 	}
80 	return 1;
81 }
82 #else
83 static inline int page_is_allowed(unsigned long pfn)
84 {
85 	return 1;
86 }
87 static inline int range_is_allowed(unsigned long pfn, unsigned long size)
88 {
89 	return 1;
90 }
91 #endif
92 
93 #ifndef unxlate_dev_mem_ptr
94 #define unxlate_dev_mem_ptr unxlate_dev_mem_ptr
95 void __weak unxlate_dev_mem_ptr(phys_addr_t phys, void *addr)
96 {
97 }
98 #endif
99 
100 /*
101  * This funcion reads the *physical* memory. The f_pos points directly to the
102  * memory location.
103  */
104 static ssize_t read_mem(struct file *file, char __user *buf,
105 			size_t count, loff_t *ppos)
106 {
107 	phys_addr_t p = *ppos;
108 	ssize_t read, sz;
109 	void *ptr;
110 	char *bounce;
111 	int err;
112 
113 	if (p != *ppos)
114 		return 0;
115 
116 	if (!valid_phys_addr_range(p, count))
117 		return -EFAULT;
118 	read = 0;
119 #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
120 	/* we don't have page 0 mapped on sparc and m68k.. */
121 	if (p < PAGE_SIZE) {
122 		sz = size_inside_page(p, count);
123 		if (sz > 0) {
124 			if (clear_user(buf, sz))
125 				return -EFAULT;
126 			buf += sz;
127 			p += sz;
128 			count -= sz;
129 			read += sz;
130 		}
131 	}
132 #endif
133 
134 	bounce = kmalloc(PAGE_SIZE, GFP_KERNEL);
135 	if (!bounce)
136 		return -ENOMEM;
137 
138 	while (count > 0) {
139 		unsigned long remaining;
140 		int allowed, probe;
141 
142 		sz = size_inside_page(p, count);
143 
144 		err = -EPERM;
145 		allowed = page_is_allowed(p >> PAGE_SHIFT);
146 		if (!allowed)
147 			goto failed;
148 
149 		err = -EFAULT;
150 		if (allowed == 2) {
151 			/* Show zeros for restricted memory. */
152 			remaining = clear_user(buf, sz);
153 		} else {
154 			/*
155 			 * On ia64 if a page has been mapped somewhere as
156 			 * uncached, then it must also be accessed uncached
157 			 * by the kernel or data corruption may occur.
158 			 */
159 			ptr = xlate_dev_mem_ptr(p);
160 			if (!ptr)
161 				goto failed;
162 
163 			probe = probe_kernel_read(bounce, ptr, sz);
164 			unxlate_dev_mem_ptr(p, ptr);
165 			if (probe)
166 				goto failed;
167 
168 			remaining = copy_to_user(buf, bounce, sz);
169 		}
170 
171 		if (remaining)
172 			goto failed;
173 
174 		buf += sz;
175 		p += sz;
176 		count -= sz;
177 		read += sz;
178 	}
179 	kfree(bounce);
180 
181 	*ppos += read;
182 	return read;
183 
184 failed:
185 	kfree(bounce);
186 	return err;
187 }
188 
189 static ssize_t write_mem(struct file *file, const char __user *buf,
190 			 size_t count, loff_t *ppos)
191 {
192 	phys_addr_t p = *ppos;
193 	ssize_t written, sz;
194 	unsigned long copied;
195 	void *ptr;
196 
197 	if (p != *ppos)
198 		return -EFBIG;
199 
200 	if (!valid_phys_addr_range(p, count))
201 		return -EFAULT;
202 
203 	written = 0;
204 
205 #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
206 	/* we don't have page 0 mapped on sparc and m68k.. */
207 	if (p < PAGE_SIZE) {
208 		sz = size_inside_page(p, count);
209 		/* Hmm. Do something? */
210 		buf += sz;
211 		p += sz;
212 		count -= sz;
213 		written += sz;
214 	}
215 #endif
216 
217 	while (count > 0) {
218 		int allowed;
219 
220 		sz = size_inside_page(p, count);
221 
222 		allowed = page_is_allowed(p >> PAGE_SHIFT);
223 		if (!allowed)
224 			return -EPERM;
225 
226 		/* Skip actual writing when a page is marked as restricted. */
227 		if (allowed == 1) {
228 			/*
229 			 * On ia64 if a page has been mapped somewhere as
230 			 * uncached, then it must also be accessed uncached
231 			 * by the kernel or data corruption may occur.
232 			 */
233 			ptr = xlate_dev_mem_ptr(p);
234 			if (!ptr) {
235 				if (written)
236 					break;
237 				return -EFAULT;
238 			}
239 
240 			copied = copy_from_user(ptr, buf, sz);
241 			unxlate_dev_mem_ptr(p, ptr);
242 			if (copied) {
243 				written += sz - copied;
244 				if (written)
245 					break;
246 				return -EFAULT;
247 			}
248 		}
249 
250 		buf += sz;
251 		p += sz;
252 		count -= sz;
253 		written += sz;
254 	}
255 
256 	*ppos += written;
257 	return written;
258 }
259 
260 int __weak phys_mem_access_prot_allowed(struct file *file,
261 	unsigned long pfn, unsigned long size, pgprot_t *vma_prot)
262 {
263 	return 1;
264 }
265 
266 #ifndef __HAVE_PHYS_MEM_ACCESS_PROT
267 
268 /*
269  * Architectures vary in how they handle caching for addresses
270  * outside of main memory.
271  *
272  */
273 #ifdef pgprot_noncached
274 static int uncached_access(struct file *file, phys_addr_t addr)
275 {
276 #if defined(CONFIG_IA64)
277 	/*
278 	 * On ia64, we ignore O_DSYNC because we cannot tolerate memory
279 	 * attribute aliases.
280 	 */
281 	return !(efi_mem_attributes(addr) & EFI_MEMORY_WB);
282 #elif defined(CONFIG_MIPS)
283 	{
284 		extern int __uncached_access(struct file *file,
285 					     unsigned long addr);
286 
287 		return __uncached_access(file, addr);
288 	}
289 #else
290 	/*
291 	 * Accessing memory above the top the kernel knows about or through a
292 	 * file pointer
293 	 * that was marked O_DSYNC will be done non-cached.
294 	 */
295 	if (file->f_flags & O_DSYNC)
296 		return 1;
297 	return addr >= __pa(high_memory);
298 #endif
299 }
300 #endif
301 
302 static pgprot_t phys_mem_access_prot(struct file *file, unsigned long pfn,
303 				     unsigned long size, pgprot_t vma_prot)
304 {
305 #ifdef pgprot_noncached
306 	phys_addr_t offset = pfn << PAGE_SHIFT;
307 
308 	if (uncached_access(file, offset))
309 		return pgprot_noncached(vma_prot);
310 #endif
311 	return vma_prot;
312 }
313 #endif
314 
315 #ifndef CONFIG_MMU
316 static unsigned long get_unmapped_area_mem(struct file *file,
317 					   unsigned long addr,
318 					   unsigned long len,
319 					   unsigned long pgoff,
320 					   unsigned long flags)
321 {
322 	if (!valid_mmap_phys_addr_range(pgoff, len))
323 		return (unsigned long) -EINVAL;
324 	return pgoff << PAGE_SHIFT;
325 }
326 
327 /* permit direct mmap, for read, write or exec */
328 static unsigned memory_mmap_capabilities(struct file *file)
329 {
330 	return NOMMU_MAP_DIRECT |
331 		NOMMU_MAP_READ | NOMMU_MAP_WRITE | NOMMU_MAP_EXEC;
332 }
333 
334 static unsigned zero_mmap_capabilities(struct file *file)
335 {
336 	return NOMMU_MAP_COPY;
337 }
338 
339 /* can't do an in-place private mapping if there's no MMU */
340 static inline int private_mapping_ok(struct vm_area_struct *vma)
341 {
342 	return vma->vm_flags & VM_MAYSHARE;
343 }
344 #else
345 
346 static inline int private_mapping_ok(struct vm_area_struct *vma)
347 {
348 	return 1;
349 }
350 #endif
351 
352 static const struct vm_operations_struct mmap_mem_ops = {
353 #ifdef CONFIG_HAVE_IOREMAP_PROT
354 	.access = generic_access_phys
355 #endif
356 };
357 
358 static int mmap_mem(struct file *file, struct vm_area_struct *vma)
359 {
360 	size_t size = vma->vm_end - vma->vm_start;
361 	phys_addr_t offset = (phys_addr_t)vma->vm_pgoff << PAGE_SHIFT;
362 
363 	/* Does it even fit in phys_addr_t? */
364 	if (offset >> PAGE_SHIFT != vma->vm_pgoff)
365 		return -EINVAL;
366 
367 	/* It's illegal to wrap around the end of the physical address space. */
368 	if (offset + (phys_addr_t)size - 1 < offset)
369 		return -EINVAL;
370 
371 	if (!valid_mmap_phys_addr_range(vma->vm_pgoff, size))
372 		return -EINVAL;
373 
374 	if (!private_mapping_ok(vma))
375 		return -ENOSYS;
376 
377 	if (!range_is_allowed(vma->vm_pgoff, size))
378 		return -EPERM;
379 
380 	if (!phys_mem_access_prot_allowed(file, vma->vm_pgoff, size,
381 						&vma->vm_page_prot))
382 		return -EINVAL;
383 
384 	vma->vm_page_prot = phys_mem_access_prot(file, vma->vm_pgoff,
385 						 size,
386 						 vma->vm_page_prot);
387 
388 	vma->vm_ops = &mmap_mem_ops;
389 
390 	/* Remap-pfn-range will mark the range VM_IO */
391 	if (remap_pfn_range(vma,
392 			    vma->vm_start,
393 			    vma->vm_pgoff,
394 			    size,
395 			    vma->vm_page_prot)) {
396 		return -EAGAIN;
397 	}
398 	return 0;
399 }
400 
401 static int mmap_kmem(struct file *file, struct vm_area_struct *vma)
402 {
403 	unsigned long pfn;
404 
405 	/* Turn a kernel-virtual address into a physical page frame */
406 	pfn = __pa((u64)vma->vm_pgoff << PAGE_SHIFT) >> PAGE_SHIFT;
407 
408 	/*
409 	 * RED-PEN: on some architectures there is more mapped memory than
410 	 * available in mem_map which pfn_valid checks for. Perhaps should add a
411 	 * new macro here.
412 	 *
413 	 * RED-PEN: vmalloc is not supported right now.
414 	 */
415 	if (!pfn_valid(pfn))
416 		return -EIO;
417 
418 	vma->vm_pgoff = pfn;
419 	return mmap_mem(file, vma);
420 }
421 
422 /*
423  * This function reads the *virtual* memory as seen by the kernel.
424  */
425 static ssize_t read_kmem(struct file *file, char __user *buf,
426 			 size_t count, loff_t *ppos)
427 {
428 	unsigned long p = *ppos;
429 	ssize_t low_count, read, sz;
430 	char *kbuf; /* k-addr because vread() takes vmlist_lock rwlock */
431 	int err = 0;
432 
433 	read = 0;
434 	if (p < (unsigned long) high_memory) {
435 		low_count = count;
436 		if (count > (unsigned long)high_memory - p)
437 			low_count = (unsigned long)high_memory - p;
438 
439 #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
440 		/* we don't have page 0 mapped on sparc and m68k.. */
441 		if (p < PAGE_SIZE && low_count > 0) {
442 			sz = size_inside_page(p, low_count);
443 			if (clear_user(buf, sz))
444 				return -EFAULT;
445 			buf += sz;
446 			p += sz;
447 			read += sz;
448 			low_count -= sz;
449 			count -= sz;
450 		}
451 #endif
452 		while (low_count > 0) {
453 			sz = size_inside_page(p, low_count);
454 
455 			/*
456 			 * On ia64 if a page has been mapped somewhere as
457 			 * uncached, then it must also be accessed uncached
458 			 * by the kernel or data corruption may occur
459 			 */
460 			kbuf = xlate_dev_kmem_ptr((void *)p);
461 			if (!virt_addr_valid(kbuf))
462 				return -ENXIO;
463 
464 			if (copy_to_user(buf, kbuf, sz))
465 				return -EFAULT;
466 			buf += sz;
467 			p += sz;
468 			read += sz;
469 			low_count -= sz;
470 			count -= sz;
471 		}
472 	}
473 
474 	if (count > 0) {
475 		kbuf = (char *)__get_free_page(GFP_KERNEL);
476 		if (!kbuf)
477 			return -ENOMEM;
478 		while (count > 0) {
479 			sz = size_inside_page(p, count);
480 			if (!is_vmalloc_or_module_addr((void *)p)) {
481 				err = -ENXIO;
482 				break;
483 			}
484 			sz = vread(kbuf, (char *)p, sz);
485 			if (!sz)
486 				break;
487 			if (copy_to_user(buf, kbuf, sz)) {
488 				err = -EFAULT;
489 				break;
490 			}
491 			count -= sz;
492 			buf += sz;
493 			read += sz;
494 			p += sz;
495 		}
496 		free_page((unsigned long)kbuf);
497 	}
498 	*ppos = p;
499 	return read ? read : err;
500 }
501 
502 
503 static ssize_t do_write_kmem(unsigned long p, const char __user *buf,
504 				size_t count, loff_t *ppos)
505 {
506 	ssize_t written, sz;
507 	unsigned long copied;
508 
509 	written = 0;
510 #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
511 	/* we don't have page 0 mapped on sparc and m68k.. */
512 	if (p < PAGE_SIZE) {
513 		sz = size_inside_page(p, count);
514 		/* Hmm. Do something? */
515 		buf += sz;
516 		p += sz;
517 		count -= sz;
518 		written += sz;
519 	}
520 #endif
521 
522 	while (count > 0) {
523 		void *ptr;
524 
525 		sz = size_inside_page(p, count);
526 
527 		/*
528 		 * On ia64 if a page has been mapped somewhere as uncached, then
529 		 * it must also be accessed uncached by the kernel or data
530 		 * corruption may occur.
531 		 */
532 		ptr = xlate_dev_kmem_ptr((void *)p);
533 		if (!virt_addr_valid(ptr))
534 			return -ENXIO;
535 
536 		copied = copy_from_user(ptr, buf, sz);
537 		if (copied) {
538 			written += sz - copied;
539 			if (written)
540 				break;
541 			return -EFAULT;
542 		}
543 		buf += sz;
544 		p += sz;
545 		count -= sz;
546 		written += sz;
547 	}
548 
549 	*ppos += written;
550 	return written;
551 }
552 
553 /*
554  * This function writes to the *virtual* memory as seen by the kernel.
555  */
556 static ssize_t write_kmem(struct file *file, const char __user *buf,
557 			  size_t count, loff_t *ppos)
558 {
559 	unsigned long p = *ppos;
560 	ssize_t wrote = 0;
561 	ssize_t virtr = 0;
562 	char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
563 	int err = 0;
564 
565 	if (p < (unsigned long) high_memory) {
566 		unsigned long to_write = min_t(unsigned long, count,
567 					       (unsigned long)high_memory - p);
568 		wrote = do_write_kmem(p, buf, to_write, ppos);
569 		if (wrote != to_write)
570 			return wrote;
571 		p += wrote;
572 		buf += wrote;
573 		count -= wrote;
574 	}
575 
576 	if (count > 0) {
577 		kbuf = (char *)__get_free_page(GFP_KERNEL);
578 		if (!kbuf)
579 			return wrote ? wrote : -ENOMEM;
580 		while (count > 0) {
581 			unsigned long sz = size_inside_page(p, count);
582 			unsigned long n;
583 
584 			if (!is_vmalloc_or_module_addr((void *)p)) {
585 				err = -ENXIO;
586 				break;
587 			}
588 			n = copy_from_user(kbuf, buf, sz);
589 			if (n) {
590 				err = -EFAULT;
591 				break;
592 			}
593 			vwrite(kbuf, (char *)p, sz);
594 			count -= sz;
595 			buf += sz;
596 			virtr += sz;
597 			p += sz;
598 		}
599 		free_page((unsigned long)kbuf);
600 	}
601 
602 	*ppos = p;
603 	return virtr + wrote ? : err;
604 }
605 
606 static ssize_t read_port(struct file *file, char __user *buf,
607 			 size_t count, loff_t *ppos)
608 {
609 	unsigned long i = *ppos;
610 	char __user *tmp = buf;
611 
612 	if (!access_ok(buf, count))
613 		return -EFAULT;
614 	while (count-- > 0 && i < 65536) {
615 		if (__put_user(inb(i), tmp) < 0)
616 			return -EFAULT;
617 		i++;
618 		tmp++;
619 	}
620 	*ppos = i;
621 	return tmp-buf;
622 }
623 
624 static ssize_t write_port(struct file *file, const char __user *buf,
625 			  size_t count, loff_t *ppos)
626 {
627 	unsigned long i = *ppos;
628 	const char __user *tmp = buf;
629 
630 	if (!access_ok(buf, count))
631 		return -EFAULT;
632 	while (count-- > 0 && i < 65536) {
633 		char c;
634 
635 		if (__get_user(c, tmp)) {
636 			if (tmp > buf)
637 				break;
638 			return -EFAULT;
639 		}
640 		outb(c, i);
641 		i++;
642 		tmp++;
643 	}
644 	*ppos = i;
645 	return tmp-buf;
646 }
647 
648 static ssize_t read_null(struct file *file, char __user *buf,
649 			 size_t count, loff_t *ppos)
650 {
651 	return 0;
652 }
653 
654 static ssize_t write_null(struct file *file, const char __user *buf,
655 			  size_t count, loff_t *ppos)
656 {
657 	return count;
658 }
659 
660 static ssize_t read_iter_null(struct kiocb *iocb, struct iov_iter *to)
661 {
662 	return 0;
663 }
664 
665 static ssize_t write_iter_null(struct kiocb *iocb, struct iov_iter *from)
666 {
667 	size_t count = iov_iter_count(from);
668 	iov_iter_advance(from, count);
669 	return count;
670 }
671 
672 static int pipe_to_null(struct pipe_inode_info *info, struct pipe_buffer *buf,
673 			struct splice_desc *sd)
674 {
675 	return sd->len;
676 }
677 
678 static ssize_t splice_write_null(struct pipe_inode_info *pipe, struct file *out,
679 				 loff_t *ppos, size_t len, unsigned int flags)
680 {
681 	return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_null);
682 }
683 
684 static ssize_t read_iter_zero(struct kiocb *iocb, struct iov_iter *iter)
685 {
686 	size_t written = 0;
687 
688 	while (iov_iter_count(iter)) {
689 		size_t chunk = iov_iter_count(iter), n;
690 
691 		if (chunk > PAGE_SIZE)
692 			chunk = PAGE_SIZE;	/* Just for latency reasons */
693 		n = iov_iter_zero(chunk, iter);
694 		if (!n && iov_iter_count(iter))
695 			return written ? written : -EFAULT;
696 		written += n;
697 		if (signal_pending(current))
698 			return written ? written : -ERESTARTSYS;
699 		cond_resched();
700 	}
701 	return written;
702 }
703 
704 static int mmap_zero(struct file *file, struct vm_area_struct *vma)
705 {
706 #ifndef CONFIG_MMU
707 	return -ENOSYS;
708 #endif
709 	if (vma->vm_flags & VM_SHARED)
710 		return shmem_zero_setup(vma);
711 	vma_set_anonymous(vma);
712 	return 0;
713 }
714 
715 static unsigned long get_unmapped_area_zero(struct file *file,
716 				unsigned long addr, unsigned long len,
717 				unsigned long pgoff, unsigned long flags)
718 {
719 #ifdef CONFIG_MMU
720 	if (flags & MAP_SHARED) {
721 		/*
722 		 * mmap_zero() will call shmem_zero_setup() to create a file,
723 		 * so use shmem's get_unmapped_area in case it can be huge;
724 		 * and pass NULL for file as in mmap.c's get_unmapped_area(),
725 		 * so as not to confuse shmem with our handle on "/dev/zero".
726 		 */
727 		return shmem_get_unmapped_area(NULL, addr, len, pgoff, flags);
728 	}
729 
730 	/* Otherwise flags & MAP_PRIVATE: with no shmem object beneath it */
731 	return current->mm->get_unmapped_area(file, addr, len, pgoff, flags);
732 #else
733 	return -ENOSYS;
734 #endif
735 }
736 
737 static ssize_t write_full(struct file *file, const char __user *buf,
738 			  size_t count, loff_t *ppos)
739 {
740 	return -ENOSPC;
741 }
742 
743 /*
744  * Special lseek() function for /dev/null and /dev/zero.  Most notably, you
745  * can fopen() both devices with "a" now.  This was previously impossible.
746  * -- SRB.
747  */
748 static loff_t null_lseek(struct file *file, loff_t offset, int orig)
749 {
750 	return file->f_pos = 0;
751 }
752 
753 /*
754  * The memory devices use the full 32/64 bits of the offset, and so we cannot
755  * check against negative addresses: they are ok. The return value is weird,
756  * though, in that case (0).
757  *
758  * also note that seeking relative to the "end of file" isn't supported:
759  * it has no meaning, so it returns -EINVAL.
760  */
761 static loff_t memory_lseek(struct file *file, loff_t offset, int orig)
762 {
763 	loff_t ret;
764 
765 	inode_lock(file_inode(file));
766 	switch (orig) {
767 	case SEEK_CUR:
768 		offset += file->f_pos;
769 		/* fall through */
770 	case SEEK_SET:
771 		/* to avoid userland mistaking f_pos=-9 as -EBADF=-9 */
772 		if ((unsigned long long)offset >= -MAX_ERRNO) {
773 			ret = -EOVERFLOW;
774 			break;
775 		}
776 		file->f_pos = offset;
777 		ret = file->f_pos;
778 		force_successful_syscall_return();
779 		break;
780 	default:
781 		ret = -EINVAL;
782 	}
783 	inode_unlock(file_inode(file));
784 	return ret;
785 }
786 
787 static int open_port(struct inode *inode, struct file *filp)
788 {
789 	return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
790 }
791 
792 #define zero_lseek	null_lseek
793 #define full_lseek      null_lseek
794 #define write_zero	write_null
795 #define write_iter_zero	write_iter_null
796 #define open_mem	open_port
797 #define open_kmem	open_mem
798 
799 static const struct file_operations __maybe_unused mem_fops = {
800 	.llseek		= memory_lseek,
801 	.read		= read_mem,
802 	.write		= write_mem,
803 	.mmap		= mmap_mem,
804 	.open		= open_mem,
805 #ifndef CONFIG_MMU
806 	.get_unmapped_area = get_unmapped_area_mem,
807 	.mmap_capabilities = memory_mmap_capabilities,
808 #endif
809 };
810 
811 static const struct file_operations __maybe_unused kmem_fops = {
812 	.llseek		= memory_lseek,
813 	.read		= read_kmem,
814 	.write		= write_kmem,
815 	.mmap		= mmap_kmem,
816 	.open		= open_kmem,
817 #ifndef CONFIG_MMU
818 	.get_unmapped_area = get_unmapped_area_mem,
819 	.mmap_capabilities = memory_mmap_capabilities,
820 #endif
821 };
822 
823 static const struct file_operations null_fops = {
824 	.llseek		= null_lseek,
825 	.read		= read_null,
826 	.write		= write_null,
827 	.read_iter	= read_iter_null,
828 	.write_iter	= write_iter_null,
829 	.splice_write	= splice_write_null,
830 };
831 
832 static const struct file_operations __maybe_unused port_fops = {
833 	.llseek		= memory_lseek,
834 	.read		= read_port,
835 	.write		= write_port,
836 	.open		= open_port,
837 };
838 
839 static const struct file_operations zero_fops = {
840 	.llseek		= zero_lseek,
841 	.write		= write_zero,
842 	.read_iter	= read_iter_zero,
843 	.write_iter	= write_iter_zero,
844 	.mmap		= mmap_zero,
845 	.get_unmapped_area = get_unmapped_area_zero,
846 #ifndef CONFIG_MMU
847 	.mmap_capabilities = zero_mmap_capabilities,
848 #endif
849 };
850 
851 static const struct file_operations full_fops = {
852 	.llseek		= full_lseek,
853 	.read_iter	= read_iter_zero,
854 	.write		= write_full,
855 };
856 
857 static const struct memdev {
858 	const char *name;
859 	umode_t mode;
860 	const struct file_operations *fops;
861 	fmode_t fmode;
862 } devlist[] = {
863 #ifdef CONFIG_DEVMEM
864 	 [1] = { "mem", 0, &mem_fops, FMODE_UNSIGNED_OFFSET },
865 #endif
866 #ifdef CONFIG_DEVKMEM
867 	 [2] = { "kmem", 0, &kmem_fops, FMODE_UNSIGNED_OFFSET },
868 #endif
869 	 [3] = { "null", 0666, &null_fops, 0 },
870 #ifdef CONFIG_DEVPORT
871 	 [4] = { "port", 0, &port_fops, 0 },
872 #endif
873 	 [5] = { "zero", 0666, &zero_fops, 0 },
874 	 [7] = { "full", 0666, &full_fops, 0 },
875 	 [8] = { "random", 0666, &random_fops, 0 },
876 	 [9] = { "urandom", 0666, &urandom_fops, 0 },
877 #ifdef CONFIG_PRINTK
878 	[11] = { "kmsg", 0644, &kmsg_fops, 0 },
879 #endif
880 };
881 
882 static int memory_open(struct inode *inode, struct file *filp)
883 {
884 	int minor;
885 	const struct memdev *dev;
886 
887 	minor = iminor(inode);
888 	if (minor >= ARRAY_SIZE(devlist))
889 		return -ENXIO;
890 
891 	dev = &devlist[minor];
892 	if (!dev->fops)
893 		return -ENXIO;
894 
895 	filp->f_op = dev->fops;
896 	filp->f_mode |= dev->fmode;
897 
898 	if (dev->fops->open)
899 		return dev->fops->open(inode, filp);
900 
901 	return 0;
902 }
903 
904 static const struct file_operations memory_fops = {
905 	.open = memory_open,
906 	.llseek = noop_llseek,
907 };
908 
909 static char *mem_devnode(struct device *dev, umode_t *mode)
910 {
911 	if (mode && devlist[MINOR(dev->devt)].mode)
912 		*mode = devlist[MINOR(dev->devt)].mode;
913 	return NULL;
914 }
915 
916 static struct class *mem_class;
917 
918 static int __init chr_dev_init(void)
919 {
920 	int minor;
921 
922 	if (register_chrdev(MEM_MAJOR, "mem", &memory_fops))
923 		printk("unable to get major %d for memory devs\n", MEM_MAJOR);
924 
925 	mem_class = class_create(THIS_MODULE, "mem");
926 	if (IS_ERR(mem_class))
927 		return PTR_ERR(mem_class);
928 
929 	mem_class->devnode = mem_devnode;
930 	for (minor = 1; minor < ARRAY_SIZE(devlist); minor++) {
931 		if (!devlist[minor].name)
932 			continue;
933 
934 		/*
935 		 * Create /dev/port?
936 		 */
937 		if ((minor == DEVPORT_MINOR) && !arch_has_dev_port())
938 			continue;
939 
940 		device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor),
941 			      NULL, devlist[minor].name);
942 	}
943 
944 	return tty_init();
945 }
946 
947 fs_initcall(chr_dev_init);
948