1 /* 2 * Copyright © 1999-2010 David Woodhouse <dwmw2@infradead.org> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation; either version 2 of the License, or 7 * (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, write to the Free Software 16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 17 * 18 */ 19 20 #include <linux/device.h> 21 #include <linux/fs.h> 22 #include <linux/mm.h> 23 #include <linux/err.h> 24 #include <linux/init.h> 25 #include <linux/kernel.h> 26 #include <linux/module.h> 27 #include <linux/slab.h> 28 #include <linux/sched.h> 29 #include <linux/mutex.h> 30 #include <linux/backing-dev.h> 31 #include <linux/compat.h> 32 #include <linux/mount.h> 33 #include <linux/blkpg.h> 34 #include <linux/magic.h> 35 #include <linux/mtd/mtd.h> 36 #include <linux/mtd/partitions.h> 37 #include <linux/mtd/map.h> 38 39 #include <asm/uaccess.h> 40 41 static DEFINE_MUTEX(mtd_mutex); 42 43 /* 44 * Data structure to hold the pointer to the mtd device as well 45 * as mode information of various use cases. 46 */ 47 struct mtd_file_info { 48 struct mtd_info *mtd; 49 struct inode *ino; 50 enum mtd_file_modes mode; 51 }; 52 53 static loff_t mtdchar_lseek(struct file *file, loff_t offset, int orig) 54 { 55 struct mtd_file_info *mfi = file->private_data; 56 struct mtd_info *mtd = mfi->mtd; 57 58 switch (orig) { 59 case SEEK_SET: 60 break; 61 case SEEK_CUR: 62 offset += file->f_pos; 63 break; 64 case SEEK_END: 65 offset += mtd->size; 66 break; 67 default: 68 return -EINVAL; 69 } 70 71 if (offset >= 0 && offset <= mtd->size) 72 return file->f_pos = offset; 73 74 return -EINVAL; 75 } 76 77 static int count; 78 static struct vfsmount *mnt; 79 static struct file_system_type mtd_inodefs_type; 80 81 static int mtdchar_open(struct inode *inode, struct file *file) 82 { 83 int minor = iminor(inode); 84 int devnum = minor >> 1; 85 int ret = 0; 86 struct mtd_info *mtd; 87 struct mtd_file_info *mfi; 88 struct inode *mtd_ino; 89 90 pr_debug("MTD_open\n"); 91 92 /* You can't open the RO devices RW */ 93 if ((file->f_mode & FMODE_WRITE) && (minor & 1)) 94 return -EACCES; 95 96 ret = simple_pin_fs(&mtd_inodefs_type, &mnt, &count); 97 if (ret) 98 return ret; 99 100 mutex_lock(&mtd_mutex); 101 mtd = get_mtd_device(NULL, devnum); 102 103 if (IS_ERR(mtd)) { 104 ret = PTR_ERR(mtd); 105 goto out; 106 } 107 108 if (mtd->type == MTD_ABSENT) { 109 ret = -ENODEV; 110 goto out1; 111 } 112 113 mtd_ino = iget_locked(mnt->mnt_sb, devnum); 114 if (!mtd_ino) { 115 ret = -ENOMEM; 116 goto out1; 117 } 118 if (mtd_ino->i_state & I_NEW) { 119 mtd_ino->i_private = mtd; 120 mtd_ino->i_mode = S_IFCHR; 121 mtd_ino->i_data.backing_dev_info = mtd->backing_dev_info; 122 unlock_new_inode(mtd_ino); 123 } 124 file->f_mapping = mtd_ino->i_mapping; 125 126 /* You can't open it RW if it's not a writeable device */ 127 if ((file->f_mode & FMODE_WRITE) && !(mtd->flags & MTD_WRITEABLE)) { 128 ret = -EACCES; 129 goto out2; 130 } 131 132 mfi = kzalloc(sizeof(*mfi), GFP_KERNEL); 133 if (!mfi) { 134 ret = -ENOMEM; 135 goto out2; 136 } 137 mfi->ino = mtd_ino; 138 mfi->mtd = mtd; 139 file->private_data = mfi; 140 mutex_unlock(&mtd_mutex); 141 return 0; 142 143 out2: 144 iput(mtd_ino); 145 out1: 146 put_mtd_device(mtd); 147 out: 148 mutex_unlock(&mtd_mutex); 149 simple_release_fs(&mnt, &count); 150 return ret; 151 } /* mtdchar_open */ 152 153 /*====================================================================*/ 154 155 static int mtdchar_close(struct inode *inode, struct file *file) 156 { 157 struct mtd_file_info *mfi = file->private_data; 158 struct mtd_info *mtd = mfi->mtd; 159 160 pr_debug("MTD_close\n"); 161 162 /* Only sync if opened RW */ 163 if ((file->f_mode & FMODE_WRITE)) 164 mtd_sync(mtd); 165 166 iput(mfi->ino); 167 168 put_mtd_device(mtd); 169 file->private_data = NULL; 170 kfree(mfi); 171 simple_release_fs(&mnt, &count); 172 173 return 0; 174 } /* mtdchar_close */ 175 176 /* Back in June 2001, dwmw2 wrote: 177 * 178 * FIXME: This _really_ needs to die. In 2.5, we should lock the 179 * userspace buffer down and use it directly with readv/writev. 180 * 181 * The implementation below, using mtd_kmalloc_up_to, mitigates 182 * allocation failures when the system is under low-memory situations 183 * or if memory is highly fragmented at the cost of reducing the 184 * performance of the requested transfer due to a smaller buffer size. 185 * 186 * A more complex but more memory-efficient implementation based on 187 * get_user_pages and iovecs to cover extents of those pages is a 188 * longer-term goal, as intimated by dwmw2 above. However, for the 189 * write case, this requires yet more complex head and tail transfer 190 * handling when those head and tail offsets and sizes are such that 191 * alignment requirements are not met in the NAND subdriver. 192 */ 193 194 static ssize_t mtdchar_read(struct file *file, char __user *buf, size_t count, 195 loff_t *ppos) 196 { 197 struct mtd_file_info *mfi = file->private_data; 198 struct mtd_info *mtd = mfi->mtd; 199 size_t retlen; 200 size_t total_retlen=0; 201 int ret=0; 202 int len; 203 size_t size = count; 204 char *kbuf; 205 206 pr_debug("MTD_read\n"); 207 208 if (*ppos + count > mtd->size) 209 count = mtd->size - *ppos; 210 211 if (!count) 212 return 0; 213 214 kbuf = mtd_kmalloc_up_to(mtd, &size); 215 if (!kbuf) 216 return -ENOMEM; 217 218 while (count) { 219 len = min_t(size_t, count, size); 220 221 switch (mfi->mode) { 222 case MTD_FILE_MODE_OTP_FACTORY: 223 ret = mtd_read_fact_prot_reg(mtd, *ppos, len, 224 &retlen, kbuf); 225 break; 226 case MTD_FILE_MODE_OTP_USER: 227 ret = mtd_read_user_prot_reg(mtd, *ppos, len, 228 &retlen, kbuf); 229 break; 230 case MTD_FILE_MODE_RAW: 231 { 232 struct mtd_oob_ops ops; 233 234 ops.mode = MTD_OPS_RAW; 235 ops.datbuf = kbuf; 236 ops.oobbuf = NULL; 237 ops.len = len; 238 239 ret = mtd_read_oob(mtd, *ppos, &ops); 240 retlen = ops.retlen; 241 break; 242 } 243 default: 244 ret = mtd_read(mtd, *ppos, len, &retlen, kbuf); 245 } 246 /* Nand returns -EBADMSG on ECC errors, but it returns 247 * the data. For our userspace tools it is important 248 * to dump areas with ECC errors! 249 * For kernel internal usage it also might return -EUCLEAN 250 * to signal the caller that a bitflip has occurred and has 251 * been corrected by the ECC algorithm. 252 * Userspace software which accesses NAND this way 253 * must be aware of the fact that it deals with NAND 254 */ 255 if (!ret || mtd_is_bitflip_or_eccerr(ret)) { 256 *ppos += retlen; 257 if (copy_to_user(buf, kbuf, retlen)) { 258 kfree(kbuf); 259 return -EFAULT; 260 } 261 else 262 total_retlen += retlen; 263 264 count -= retlen; 265 buf += retlen; 266 if (retlen == 0) 267 count = 0; 268 } 269 else { 270 kfree(kbuf); 271 return ret; 272 } 273 274 } 275 276 kfree(kbuf); 277 return total_retlen; 278 } /* mtdchar_read */ 279 280 static ssize_t mtdchar_write(struct file *file, const char __user *buf, size_t count, 281 loff_t *ppos) 282 { 283 struct mtd_file_info *mfi = file->private_data; 284 struct mtd_info *mtd = mfi->mtd; 285 size_t size = count; 286 char *kbuf; 287 size_t retlen; 288 size_t total_retlen=0; 289 int ret=0; 290 int len; 291 292 pr_debug("MTD_write\n"); 293 294 if (*ppos == mtd->size) 295 return -ENOSPC; 296 297 if (*ppos + count > mtd->size) 298 count = mtd->size - *ppos; 299 300 if (!count) 301 return 0; 302 303 kbuf = mtd_kmalloc_up_to(mtd, &size); 304 if (!kbuf) 305 return -ENOMEM; 306 307 while (count) { 308 len = min_t(size_t, count, size); 309 310 if (copy_from_user(kbuf, buf, len)) { 311 kfree(kbuf); 312 return -EFAULT; 313 } 314 315 switch (mfi->mode) { 316 case MTD_FILE_MODE_OTP_FACTORY: 317 ret = -EROFS; 318 break; 319 case MTD_FILE_MODE_OTP_USER: 320 ret = mtd_write_user_prot_reg(mtd, *ppos, len, 321 &retlen, kbuf); 322 break; 323 324 case MTD_FILE_MODE_RAW: 325 { 326 struct mtd_oob_ops ops; 327 328 ops.mode = MTD_OPS_RAW; 329 ops.datbuf = kbuf; 330 ops.oobbuf = NULL; 331 ops.ooboffs = 0; 332 ops.len = len; 333 334 ret = mtd_write_oob(mtd, *ppos, &ops); 335 retlen = ops.retlen; 336 break; 337 } 338 339 default: 340 ret = mtd_write(mtd, *ppos, len, &retlen, kbuf); 341 } 342 if (!ret) { 343 *ppos += retlen; 344 total_retlen += retlen; 345 count -= retlen; 346 buf += retlen; 347 } 348 else { 349 kfree(kbuf); 350 return ret; 351 } 352 } 353 354 kfree(kbuf); 355 return total_retlen; 356 } /* mtdchar_write */ 357 358 /*====================================================================== 359 360 IOCTL calls for getting device parameters. 361 362 ======================================================================*/ 363 static void mtdchar_erase_callback (struct erase_info *instr) 364 { 365 wake_up((wait_queue_head_t *)instr->priv); 366 } 367 368 #ifdef CONFIG_HAVE_MTD_OTP 369 static int otp_select_filemode(struct mtd_file_info *mfi, int mode) 370 { 371 struct mtd_info *mtd = mfi->mtd; 372 size_t retlen; 373 int ret = 0; 374 375 /* 376 * Make a fake call to mtd_read_fact_prot_reg() to check if OTP 377 * operations are supported. 378 */ 379 if (mtd_read_fact_prot_reg(mtd, -1, 0, &retlen, NULL) == -EOPNOTSUPP) 380 return -EOPNOTSUPP; 381 382 switch (mode) { 383 case MTD_OTP_FACTORY: 384 mfi->mode = MTD_FILE_MODE_OTP_FACTORY; 385 break; 386 case MTD_OTP_USER: 387 mfi->mode = MTD_FILE_MODE_OTP_USER; 388 break; 389 default: 390 ret = -EINVAL; 391 case MTD_OTP_OFF: 392 break; 393 } 394 return ret; 395 } 396 #else 397 # define otp_select_filemode(f,m) -EOPNOTSUPP 398 #endif 399 400 static int mtdchar_writeoob(struct file *file, struct mtd_info *mtd, 401 uint64_t start, uint32_t length, void __user *ptr, 402 uint32_t __user *retp) 403 { 404 struct mtd_file_info *mfi = file->private_data; 405 struct mtd_oob_ops ops; 406 uint32_t retlen; 407 int ret = 0; 408 409 if (!(file->f_mode & FMODE_WRITE)) 410 return -EPERM; 411 412 if (length > 4096) 413 return -EINVAL; 414 415 if (!mtd->_write_oob) 416 ret = -EOPNOTSUPP; 417 else 418 ret = access_ok(VERIFY_READ, ptr, length) ? 0 : -EFAULT; 419 420 if (ret) 421 return ret; 422 423 ops.ooblen = length; 424 ops.ooboffs = start & (mtd->writesize - 1); 425 ops.datbuf = NULL; 426 ops.mode = (mfi->mode == MTD_FILE_MODE_RAW) ? MTD_OPS_RAW : 427 MTD_OPS_PLACE_OOB; 428 429 if (ops.ooboffs && ops.ooblen > (mtd->oobsize - ops.ooboffs)) 430 return -EINVAL; 431 432 ops.oobbuf = memdup_user(ptr, length); 433 if (IS_ERR(ops.oobbuf)) 434 return PTR_ERR(ops.oobbuf); 435 436 start &= ~((uint64_t)mtd->writesize - 1); 437 ret = mtd_write_oob(mtd, start, &ops); 438 439 if (ops.oobretlen > 0xFFFFFFFFU) 440 ret = -EOVERFLOW; 441 retlen = ops.oobretlen; 442 if (copy_to_user(retp, &retlen, sizeof(length))) 443 ret = -EFAULT; 444 445 kfree(ops.oobbuf); 446 return ret; 447 } 448 449 static int mtdchar_readoob(struct file *file, struct mtd_info *mtd, 450 uint64_t start, uint32_t length, void __user *ptr, 451 uint32_t __user *retp) 452 { 453 struct mtd_file_info *mfi = file->private_data; 454 struct mtd_oob_ops ops; 455 int ret = 0; 456 457 if (length > 4096) 458 return -EINVAL; 459 460 if (!access_ok(VERIFY_WRITE, ptr, length)) 461 return -EFAULT; 462 463 ops.ooblen = length; 464 ops.ooboffs = start & (mtd->writesize - 1); 465 ops.datbuf = NULL; 466 ops.mode = (mfi->mode == MTD_FILE_MODE_RAW) ? MTD_OPS_RAW : 467 MTD_OPS_PLACE_OOB; 468 469 if (ops.ooboffs && ops.ooblen > (mtd->oobsize - ops.ooboffs)) 470 return -EINVAL; 471 472 ops.oobbuf = kmalloc(length, GFP_KERNEL); 473 if (!ops.oobbuf) 474 return -ENOMEM; 475 476 start &= ~((uint64_t)mtd->writesize - 1); 477 ret = mtd_read_oob(mtd, start, &ops); 478 479 if (put_user(ops.oobretlen, retp)) 480 ret = -EFAULT; 481 else if (ops.oobretlen && copy_to_user(ptr, ops.oobbuf, 482 ops.oobretlen)) 483 ret = -EFAULT; 484 485 kfree(ops.oobbuf); 486 487 /* 488 * NAND returns -EBADMSG on ECC errors, but it returns the OOB 489 * data. For our userspace tools it is important to dump areas 490 * with ECC errors! 491 * For kernel internal usage it also might return -EUCLEAN 492 * to signal the caller that a bitflip has occured and has 493 * been corrected by the ECC algorithm. 494 * 495 * Note: currently the standard NAND function, nand_read_oob_std, 496 * does not calculate ECC for the OOB area, so do not rely on 497 * this behavior unless you have replaced it with your own. 498 */ 499 if (mtd_is_bitflip_or_eccerr(ret)) 500 return 0; 501 502 return ret; 503 } 504 505 /* 506 * Copies (and truncates, if necessary) data from the larger struct, 507 * nand_ecclayout, to the smaller, deprecated layout struct, 508 * nand_ecclayout_user. This is necessary only to support the deprecated 509 * API ioctl ECCGETLAYOUT while allowing all new functionality to use 510 * nand_ecclayout flexibly (i.e. the struct may change size in new 511 * releases without requiring major rewrites). 512 */ 513 static int shrink_ecclayout(const struct nand_ecclayout *from, 514 struct nand_ecclayout_user *to) 515 { 516 int i; 517 518 if (!from || !to) 519 return -EINVAL; 520 521 memset(to, 0, sizeof(*to)); 522 523 to->eccbytes = min((int)from->eccbytes, MTD_MAX_ECCPOS_ENTRIES); 524 for (i = 0; i < to->eccbytes; i++) 525 to->eccpos[i] = from->eccpos[i]; 526 527 for (i = 0; i < MTD_MAX_OOBFREE_ENTRIES; i++) { 528 if (from->oobfree[i].length == 0 && 529 from->oobfree[i].offset == 0) 530 break; 531 to->oobavail += from->oobfree[i].length; 532 to->oobfree[i] = from->oobfree[i]; 533 } 534 535 return 0; 536 } 537 538 static int mtdchar_blkpg_ioctl(struct mtd_info *mtd, 539 struct blkpg_ioctl_arg __user *arg) 540 { 541 struct blkpg_ioctl_arg a; 542 struct blkpg_partition p; 543 544 if (!capable(CAP_SYS_ADMIN)) 545 return -EPERM; 546 547 if (copy_from_user(&a, arg, sizeof(struct blkpg_ioctl_arg))) 548 return -EFAULT; 549 550 if (copy_from_user(&p, a.data, sizeof(struct blkpg_partition))) 551 return -EFAULT; 552 553 switch (a.op) { 554 case BLKPG_ADD_PARTITION: 555 556 /* Only master mtd device must be used to add partitions */ 557 if (mtd_is_partition(mtd)) 558 return -EINVAL; 559 560 return mtd_add_partition(mtd, p.devname, p.start, p.length); 561 562 case BLKPG_DEL_PARTITION: 563 564 if (p.pno < 0) 565 return -EINVAL; 566 567 return mtd_del_partition(mtd, p.pno); 568 569 default: 570 return -EINVAL; 571 } 572 } 573 574 static int mtdchar_write_ioctl(struct mtd_info *mtd, 575 struct mtd_write_req __user *argp) 576 { 577 struct mtd_write_req req; 578 struct mtd_oob_ops ops; 579 void __user *usr_data, *usr_oob; 580 int ret; 581 582 if (copy_from_user(&req, argp, sizeof(req)) || 583 !access_ok(VERIFY_READ, req.usr_data, req.len) || 584 !access_ok(VERIFY_READ, req.usr_oob, req.ooblen)) 585 return -EFAULT; 586 if (!mtd->_write_oob) 587 return -EOPNOTSUPP; 588 589 ops.mode = req.mode; 590 ops.len = (size_t)req.len; 591 ops.ooblen = (size_t)req.ooblen; 592 ops.ooboffs = 0; 593 594 usr_data = (void __user *)(uintptr_t)req.usr_data; 595 usr_oob = (void __user *)(uintptr_t)req.usr_oob; 596 597 if (req.usr_data) { 598 ops.datbuf = memdup_user(usr_data, ops.len); 599 if (IS_ERR(ops.datbuf)) 600 return PTR_ERR(ops.datbuf); 601 } else { 602 ops.datbuf = NULL; 603 } 604 605 if (req.usr_oob) { 606 ops.oobbuf = memdup_user(usr_oob, ops.ooblen); 607 if (IS_ERR(ops.oobbuf)) { 608 kfree(ops.datbuf); 609 return PTR_ERR(ops.oobbuf); 610 } 611 } else { 612 ops.oobbuf = NULL; 613 } 614 615 ret = mtd_write_oob(mtd, (loff_t)req.start, &ops); 616 617 kfree(ops.datbuf); 618 kfree(ops.oobbuf); 619 620 return ret; 621 } 622 623 static int mtdchar_ioctl(struct file *file, u_int cmd, u_long arg) 624 { 625 struct mtd_file_info *mfi = file->private_data; 626 struct mtd_info *mtd = mfi->mtd; 627 void __user *argp = (void __user *)arg; 628 int ret = 0; 629 u_long size; 630 struct mtd_info_user info; 631 632 pr_debug("MTD_ioctl\n"); 633 634 size = (cmd & IOCSIZE_MASK) >> IOCSIZE_SHIFT; 635 if (cmd & IOC_IN) { 636 if (!access_ok(VERIFY_READ, argp, size)) 637 return -EFAULT; 638 } 639 if (cmd & IOC_OUT) { 640 if (!access_ok(VERIFY_WRITE, argp, size)) 641 return -EFAULT; 642 } 643 644 switch (cmd) { 645 case MEMGETREGIONCOUNT: 646 if (copy_to_user(argp, &(mtd->numeraseregions), sizeof(int))) 647 return -EFAULT; 648 break; 649 650 case MEMGETREGIONINFO: 651 { 652 uint32_t ur_idx; 653 struct mtd_erase_region_info *kr; 654 struct region_info_user __user *ur = argp; 655 656 if (get_user(ur_idx, &(ur->regionindex))) 657 return -EFAULT; 658 659 if (ur_idx >= mtd->numeraseregions) 660 return -EINVAL; 661 662 kr = &(mtd->eraseregions[ur_idx]); 663 664 if (put_user(kr->offset, &(ur->offset)) 665 || put_user(kr->erasesize, &(ur->erasesize)) 666 || put_user(kr->numblocks, &(ur->numblocks))) 667 return -EFAULT; 668 669 break; 670 } 671 672 case MEMGETINFO: 673 memset(&info, 0, sizeof(info)); 674 info.type = mtd->type; 675 info.flags = mtd->flags; 676 info.size = mtd->size; 677 info.erasesize = mtd->erasesize; 678 info.writesize = mtd->writesize; 679 info.oobsize = mtd->oobsize; 680 /* The below field is obsolete */ 681 info.padding = 0; 682 if (copy_to_user(argp, &info, sizeof(struct mtd_info_user))) 683 return -EFAULT; 684 break; 685 686 case MEMERASE: 687 case MEMERASE64: 688 { 689 struct erase_info *erase; 690 691 if(!(file->f_mode & FMODE_WRITE)) 692 return -EPERM; 693 694 erase=kzalloc(sizeof(struct erase_info),GFP_KERNEL); 695 if (!erase) 696 ret = -ENOMEM; 697 else { 698 wait_queue_head_t waitq; 699 DECLARE_WAITQUEUE(wait, current); 700 701 init_waitqueue_head(&waitq); 702 703 if (cmd == MEMERASE64) { 704 struct erase_info_user64 einfo64; 705 706 if (copy_from_user(&einfo64, argp, 707 sizeof(struct erase_info_user64))) { 708 kfree(erase); 709 return -EFAULT; 710 } 711 erase->addr = einfo64.start; 712 erase->len = einfo64.length; 713 } else { 714 struct erase_info_user einfo32; 715 716 if (copy_from_user(&einfo32, argp, 717 sizeof(struct erase_info_user))) { 718 kfree(erase); 719 return -EFAULT; 720 } 721 erase->addr = einfo32.start; 722 erase->len = einfo32.length; 723 } 724 erase->mtd = mtd; 725 erase->callback = mtdchar_erase_callback; 726 erase->priv = (unsigned long)&waitq; 727 728 /* 729 FIXME: Allow INTERRUPTIBLE. Which means 730 not having the wait_queue head on the stack. 731 732 If the wq_head is on the stack, and we 733 leave because we got interrupted, then the 734 wq_head is no longer there when the 735 callback routine tries to wake us up. 736 */ 737 ret = mtd_erase(mtd, erase); 738 if (!ret) { 739 set_current_state(TASK_UNINTERRUPTIBLE); 740 add_wait_queue(&waitq, &wait); 741 if (erase->state != MTD_ERASE_DONE && 742 erase->state != MTD_ERASE_FAILED) 743 schedule(); 744 remove_wait_queue(&waitq, &wait); 745 set_current_state(TASK_RUNNING); 746 747 ret = (erase->state == MTD_ERASE_FAILED)?-EIO:0; 748 } 749 kfree(erase); 750 } 751 break; 752 } 753 754 case MEMWRITEOOB: 755 { 756 struct mtd_oob_buf buf; 757 struct mtd_oob_buf __user *buf_user = argp; 758 759 /* NOTE: writes return length to buf_user->length */ 760 if (copy_from_user(&buf, argp, sizeof(buf))) 761 ret = -EFAULT; 762 else 763 ret = mtdchar_writeoob(file, mtd, buf.start, buf.length, 764 buf.ptr, &buf_user->length); 765 break; 766 } 767 768 case MEMREADOOB: 769 { 770 struct mtd_oob_buf buf; 771 struct mtd_oob_buf __user *buf_user = argp; 772 773 /* NOTE: writes return length to buf_user->start */ 774 if (copy_from_user(&buf, argp, sizeof(buf))) 775 ret = -EFAULT; 776 else 777 ret = mtdchar_readoob(file, mtd, buf.start, buf.length, 778 buf.ptr, &buf_user->start); 779 break; 780 } 781 782 case MEMWRITEOOB64: 783 { 784 struct mtd_oob_buf64 buf; 785 struct mtd_oob_buf64 __user *buf_user = argp; 786 787 if (copy_from_user(&buf, argp, sizeof(buf))) 788 ret = -EFAULT; 789 else 790 ret = mtdchar_writeoob(file, mtd, buf.start, buf.length, 791 (void __user *)(uintptr_t)buf.usr_ptr, 792 &buf_user->length); 793 break; 794 } 795 796 case MEMREADOOB64: 797 { 798 struct mtd_oob_buf64 buf; 799 struct mtd_oob_buf64 __user *buf_user = argp; 800 801 if (copy_from_user(&buf, argp, sizeof(buf))) 802 ret = -EFAULT; 803 else 804 ret = mtdchar_readoob(file, mtd, buf.start, buf.length, 805 (void __user *)(uintptr_t)buf.usr_ptr, 806 &buf_user->length); 807 break; 808 } 809 810 case MEMWRITE: 811 { 812 ret = mtdchar_write_ioctl(mtd, 813 (struct mtd_write_req __user *)arg); 814 break; 815 } 816 817 case MEMLOCK: 818 { 819 struct erase_info_user einfo; 820 821 if (copy_from_user(&einfo, argp, sizeof(einfo))) 822 return -EFAULT; 823 824 ret = mtd_lock(mtd, einfo.start, einfo.length); 825 break; 826 } 827 828 case MEMUNLOCK: 829 { 830 struct erase_info_user einfo; 831 832 if (copy_from_user(&einfo, argp, sizeof(einfo))) 833 return -EFAULT; 834 835 ret = mtd_unlock(mtd, einfo.start, einfo.length); 836 break; 837 } 838 839 case MEMISLOCKED: 840 { 841 struct erase_info_user einfo; 842 843 if (copy_from_user(&einfo, argp, sizeof(einfo))) 844 return -EFAULT; 845 846 ret = mtd_is_locked(mtd, einfo.start, einfo.length); 847 break; 848 } 849 850 /* Legacy interface */ 851 case MEMGETOOBSEL: 852 { 853 struct nand_oobinfo oi; 854 855 if (!mtd->ecclayout) 856 return -EOPNOTSUPP; 857 if (mtd->ecclayout->eccbytes > ARRAY_SIZE(oi.eccpos)) 858 return -EINVAL; 859 860 oi.useecc = MTD_NANDECC_AUTOPLACE; 861 memcpy(&oi.eccpos, mtd->ecclayout->eccpos, sizeof(oi.eccpos)); 862 memcpy(&oi.oobfree, mtd->ecclayout->oobfree, 863 sizeof(oi.oobfree)); 864 oi.eccbytes = mtd->ecclayout->eccbytes; 865 866 if (copy_to_user(argp, &oi, sizeof(struct nand_oobinfo))) 867 return -EFAULT; 868 break; 869 } 870 871 case MEMGETBADBLOCK: 872 { 873 loff_t offs; 874 875 if (copy_from_user(&offs, argp, sizeof(loff_t))) 876 return -EFAULT; 877 return mtd_block_isbad(mtd, offs); 878 break; 879 } 880 881 case MEMSETBADBLOCK: 882 { 883 loff_t offs; 884 885 if (copy_from_user(&offs, argp, sizeof(loff_t))) 886 return -EFAULT; 887 return mtd_block_markbad(mtd, offs); 888 break; 889 } 890 891 #ifdef CONFIG_HAVE_MTD_OTP 892 case OTPSELECT: 893 { 894 int mode; 895 if (copy_from_user(&mode, argp, sizeof(int))) 896 return -EFAULT; 897 898 mfi->mode = MTD_FILE_MODE_NORMAL; 899 900 ret = otp_select_filemode(mfi, mode); 901 902 file->f_pos = 0; 903 break; 904 } 905 906 case OTPGETREGIONCOUNT: 907 case OTPGETREGIONINFO: 908 { 909 struct otp_info *buf = kmalloc(4096, GFP_KERNEL); 910 if (!buf) 911 return -ENOMEM; 912 switch (mfi->mode) { 913 case MTD_FILE_MODE_OTP_FACTORY: 914 ret = mtd_get_fact_prot_info(mtd, buf, 4096); 915 break; 916 case MTD_FILE_MODE_OTP_USER: 917 ret = mtd_get_user_prot_info(mtd, buf, 4096); 918 break; 919 default: 920 ret = -EINVAL; 921 break; 922 } 923 if (ret >= 0) { 924 if (cmd == OTPGETREGIONCOUNT) { 925 int nbr = ret / sizeof(struct otp_info); 926 ret = copy_to_user(argp, &nbr, sizeof(int)); 927 } else 928 ret = copy_to_user(argp, buf, ret); 929 if (ret) 930 ret = -EFAULT; 931 } 932 kfree(buf); 933 break; 934 } 935 936 case OTPLOCK: 937 { 938 struct otp_info oinfo; 939 940 if (mfi->mode != MTD_FILE_MODE_OTP_USER) 941 return -EINVAL; 942 if (copy_from_user(&oinfo, argp, sizeof(oinfo))) 943 return -EFAULT; 944 ret = mtd_lock_user_prot_reg(mtd, oinfo.start, oinfo.length); 945 break; 946 } 947 #endif 948 949 /* This ioctl is being deprecated - it truncates the ECC layout */ 950 case ECCGETLAYOUT: 951 { 952 struct nand_ecclayout_user *usrlay; 953 954 if (!mtd->ecclayout) 955 return -EOPNOTSUPP; 956 957 usrlay = kmalloc(sizeof(*usrlay), GFP_KERNEL); 958 if (!usrlay) 959 return -ENOMEM; 960 961 shrink_ecclayout(mtd->ecclayout, usrlay); 962 963 if (copy_to_user(argp, usrlay, sizeof(*usrlay))) 964 ret = -EFAULT; 965 kfree(usrlay); 966 break; 967 } 968 969 case ECCGETSTATS: 970 { 971 if (copy_to_user(argp, &mtd->ecc_stats, 972 sizeof(struct mtd_ecc_stats))) 973 return -EFAULT; 974 break; 975 } 976 977 case MTDFILEMODE: 978 { 979 mfi->mode = 0; 980 981 switch(arg) { 982 case MTD_FILE_MODE_OTP_FACTORY: 983 case MTD_FILE_MODE_OTP_USER: 984 ret = otp_select_filemode(mfi, arg); 985 break; 986 987 case MTD_FILE_MODE_RAW: 988 if (!mtd_has_oob(mtd)) 989 return -EOPNOTSUPP; 990 mfi->mode = arg; 991 992 case MTD_FILE_MODE_NORMAL: 993 break; 994 default: 995 ret = -EINVAL; 996 } 997 file->f_pos = 0; 998 break; 999 } 1000 1001 case BLKPG: 1002 { 1003 ret = mtdchar_blkpg_ioctl(mtd, 1004 (struct blkpg_ioctl_arg __user *)arg); 1005 break; 1006 } 1007 1008 case BLKRRPART: 1009 { 1010 /* No reread partition feature. Just return ok */ 1011 ret = 0; 1012 break; 1013 } 1014 1015 default: 1016 ret = -ENOTTY; 1017 } 1018 1019 return ret; 1020 } /* memory_ioctl */ 1021 1022 static long mtdchar_unlocked_ioctl(struct file *file, u_int cmd, u_long arg) 1023 { 1024 int ret; 1025 1026 mutex_lock(&mtd_mutex); 1027 ret = mtdchar_ioctl(file, cmd, arg); 1028 mutex_unlock(&mtd_mutex); 1029 1030 return ret; 1031 } 1032 1033 #ifdef CONFIG_COMPAT 1034 1035 struct mtd_oob_buf32 { 1036 u_int32_t start; 1037 u_int32_t length; 1038 compat_caddr_t ptr; /* unsigned char* */ 1039 }; 1040 1041 #define MEMWRITEOOB32 _IOWR('M', 3, struct mtd_oob_buf32) 1042 #define MEMREADOOB32 _IOWR('M', 4, struct mtd_oob_buf32) 1043 1044 static long mtdchar_compat_ioctl(struct file *file, unsigned int cmd, 1045 unsigned long arg) 1046 { 1047 struct mtd_file_info *mfi = file->private_data; 1048 struct mtd_info *mtd = mfi->mtd; 1049 void __user *argp = compat_ptr(arg); 1050 int ret = 0; 1051 1052 mutex_lock(&mtd_mutex); 1053 1054 switch (cmd) { 1055 case MEMWRITEOOB32: 1056 { 1057 struct mtd_oob_buf32 buf; 1058 struct mtd_oob_buf32 __user *buf_user = argp; 1059 1060 if (copy_from_user(&buf, argp, sizeof(buf))) 1061 ret = -EFAULT; 1062 else 1063 ret = mtdchar_writeoob(file, mtd, buf.start, 1064 buf.length, compat_ptr(buf.ptr), 1065 &buf_user->length); 1066 break; 1067 } 1068 1069 case MEMREADOOB32: 1070 { 1071 struct mtd_oob_buf32 buf; 1072 struct mtd_oob_buf32 __user *buf_user = argp; 1073 1074 /* NOTE: writes return length to buf->start */ 1075 if (copy_from_user(&buf, argp, sizeof(buf))) 1076 ret = -EFAULT; 1077 else 1078 ret = mtdchar_readoob(file, mtd, buf.start, 1079 buf.length, compat_ptr(buf.ptr), 1080 &buf_user->start); 1081 break; 1082 } 1083 default: 1084 ret = mtdchar_ioctl(file, cmd, (unsigned long)argp); 1085 } 1086 1087 mutex_unlock(&mtd_mutex); 1088 1089 return ret; 1090 } 1091 1092 #endif /* CONFIG_COMPAT */ 1093 1094 /* 1095 * try to determine where a shared mapping can be made 1096 * - only supported for NOMMU at the moment (MMU can't doesn't copy private 1097 * mappings) 1098 */ 1099 #ifndef CONFIG_MMU 1100 static unsigned long mtdchar_get_unmapped_area(struct file *file, 1101 unsigned long addr, 1102 unsigned long len, 1103 unsigned long pgoff, 1104 unsigned long flags) 1105 { 1106 struct mtd_file_info *mfi = file->private_data; 1107 struct mtd_info *mtd = mfi->mtd; 1108 unsigned long offset; 1109 int ret; 1110 1111 if (addr != 0) 1112 return (unsigned long) -EINVAL; 1113 1114 if (len > mtd->size || pgoff >= (mtd->size >> PAGE_SHIFT)) 1115 return (unsigned long) -EINVAL; 1116 1117 offset = pgoff << PAGE_SHIFT; 1118 if (offset > mtd->size - len) 1119 return (unsigned long) -EINVAL; 1120 1121 ret = mtd_get_unmapped_area(mtd, len, offset, flags); 1122 return ret == -EOPNOTSUPP ? -ENOSYS : ret; 1123 } 1124 #endif 1125 1126 static inline unsigned long get_vm_size(struct vm_area_struct *vma) 1127 { 1128 return vma->vm_end - vma->vm_start; 1129 } 1130 1131 static inline resource_size_t get_vm_offset(struct vm_area_struct *vma) 1132 { 1133 return (resource_size_t) vma->vm_pgoff << PAGE_SHIFT; 1134 } 1135 1136 /* 1137 * Set a new vm offset. 1138 * 1139 * Verify that the incoming offset really works as a page offset, 1140 * and that the offset and size fit in a resource_size_t. 1141 */ 1142 static inline int set_vm_offset(struct vm_area_struct *vma, resource_size_t off) 1143 { 1144 pgoff_t pgoff = off >> PAGE_SHIFT; 1145 if (off != (resource_size_t) pgoff << PAGE_SHIFT) 1146 return -EINVAL; 1147 if (off + get_vm_size(vma) - 1 < off) 1148 return -EINVAL; 1149 vma->vm_pgoff = pgoff; 1150 return 0; 1151 } 1152 1153 /* 1154 * set up a mapping for shared memory segments 1155 */ 1156 static int mtdchar_mmap(struct file *file, struct vm_area_struct *vma) 1157 { 1158 #ifdef CONFIG_MMU 1159 struct mtd_file_info *mfi = file->private_data; 1160 struct mtd_info *mtd = mfi->mtd; 1161 struct map_info *map = mtd->priv; 1162 resource_size_t start, off; 1163 unsigned long len, vma_len; 1164 1165 /* This is broken because it assumes the MTD device is map-based 1166 and that mtd->priv is a valid struct map_info. It should be 1167 replaced with something that uses the mtd_get_unmapped_area() 1168 operation properly. */ 1169 if (0 /*mtd->type == MTD_RAM || mtd->type == MTD_ROM*/) { 1170 off = get_vm_offset(vma); 1171 start = map->phys; 1172 len = PAGE_ALIGN((start & ~PAGE_MASK) + map->size); 1173 start &= PAGE_MASK; 1174 vma_len = get_vm_size(vma); 1175 1176 /* Overflow in off+len? */ 1177 if (vma_len + off < off) 1178 return -EINVAL; 1179 /* Does it fit in the mapping? */ 1180 if (vma_len + off > len) 1181 return -EINVAL; 1182 1183 off += start; 1184 /* Did that overflow? */ 1185 if (off < start) 1186 return -EINVAL; 1187 if (set_vm_offset(vma, off) < 0) 1188 return -EINVAL; 1189 vma->vm_flags |= VM_IO | VM_DONTEXPAND | VM_DONTDUMP; 1190 1191 #ifdef pgprot_noncached 1192 if (file->f_flags & O_DSYNC || off >= __pa(high_memory)) 1193 vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); 1194 #endif 1195 if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT, 1196 vma->vm_end - vma->vm_start, 1197 vma->vm_page_prot)) 1198 return -EAGAIN; 1199 1200 return 0; 1201 } 1202 return -ENOSYS; 1203 #else 1204 return vma->vm_flags & VM_SHARED ? 0 : -ENOSYS; 1205 #endif 1206 } 1207 1208 static const struct file_operations mtd_fops = { 1209 .owner = THIS_MODULE, 1210 .llseek = mtdchar_lseek, 1211 .read = mtdchar_read, 1212 .write = mtdchar_write, 1213 .unlocked_ioctl = mtdchar_unlocked_ioctl, 1214 #ifdef CONFIG_COMPAT 1215 .compat_ioctl = mtdchar_compat_ioctl, 1216 #endif 1217 .open = mtdchar_open, 1218 .release = mtdchar_close, 1219 .mmap = mtdchar_mmap, 1220 #ifndef CONFIG_MMU 1221 .get_unmapped_area = mtdchar_get_unmapped_area, 1222 #endif 1223 }; 1224 1225 static const struct super_operations mtd_ops = { 1226 .drop_inode = generic_delete_inode, 1227 .statfs = simple_statfs, 1228 }; 1229 1230 static struct dentry *mtd_inodefs_mount(struct file_system_type *fs_type, 1231 int flags, const char *dev_name, void *data) 1232 { 1233 return mount_pseudo(fs_type, "mtd_inode:", &mtd_ops, NULL, MTD_INODE_FS_MAGIC); 1234 } 1235 1236 static struct file_system_type mtd_inodefs_type = { 1237 .name = "mtd_inodefs", 1238 .mount = mtd_inodefs_mount, 1239 .kill_sb = kill_anon_super, 1240 }; 1241 1242 static int __init init_mtdchar(void) 1243 { 1244 int ret; 1245 1246 ret = __register_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, 1247 "mtd", &mtd_fops); 1248 if (ret < 0) { 1249 pr_notice("Can't allocate major number %d for " 1250 "Memory Technology Devices.\n", MTD_CHAR_MAJOR); 1251 return ret; 1252 } 1253 1254 ret = register_filesystem(&mtd_inodefs_type); 1255 if (ret) { 1256 pr_notice("Can't register mtd_inodefs filesystem: %d\n", ret); 1257 goto err_unregister_chdev; 1258 } 1259 return ret; 1260 1261 err_unregister_chdev: 1262 __unregister_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, "mtd"); 1263 return ret; 1264 } 1265 1266 static void __exit cleanup_mtdchar(void) 1267 { 1268 unregister_filesystem(&mtd_inodefs_type); 1269 __unregister_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, "mtd"); 1270 } 1271 1272 module_init(init_mtdchar); 1273 module_exit(cleanup_mtdchar); 1274 1275 MODULE_ALIAS_CHARDEV_MAJOR(MTD_CHAR_MAJOR); 1276 1277 MODULE_LICENSE("GPL"); 1278 MODULE_AUTHOR("David Woodhouse <dwmw2@infradead.org>"); 1279 MODULE_DESCRIPTION("Direct character-device access to MTD devices"); 1280 MODULE_ALIAS_CHARDEV_MAJOR(MTD_CHAR_MAJOR); 1281