1 /* 2 * Copyright © 1999-2010 David Woodhouse <dwmw2@infradead.org> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation; either version 2 of the License, or 7 * (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, write to the Free Software 16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 17 * 18 */ 19 20 #include <linux/device.h> 21 #include <linux/fs.h> 22 #include <linux/mm.h> 23 #include <linux/err.h> 24 #include <linux/init.h> 25 #include <linux/kernel.h> 26 #include <linux/module.h> 27 #include <linux/slab.h> 28 #include <linux/sched.h> 29 #include <linux/mutex.h> 30 #include <linux/backing-dev.h> 31 #include <linux/compat.h> 32 #include <linux/mount.h> 33 #include <linux/blkpg.h> 34 #include <linux/mtd/mtd.h> 35 #include <linux/mtd/partitions.h> 36 #include <linux/mtd/map.h> 37 38 #include <asm/uaccess.h> 39 40 #define MTD_INODE_FS_MAGIC 0x11307854 41 static DEFINE_MUTEX(mtd_mutex); 42 static struct vfsmount *mtd_inode_mnt __read_mostly; 43 44 /* 45 * Data structure to hold the pointer to the mtd device as well 46 * as mode information of various use cases. 47 */ 48 struct mtd_file_info { 49 struct mtd_info *mtd; 50 struct inode *ino; 51 enum mtd_file_modes mode; 52 }; 53 54 static loff_t mtdchar_lseek(struct file *file, loff_t offset, int orig) 55 { 56 struct mtd_file_info *mfi = file->private_data; 57 struct mtd_info *mtd = mfi->mtd; 58 59 switch (orig) { 60 case SEEK_SET: 61 break; 62 case SEEK_CUR: 63 offset += file->f_pos; 64 break; 65 case SEEK_END: 66 offset += mtd->size; 67 break; 68 default: 69 return -EINVAL; 70 } 71 72 if (offset >= 0 && offset <= mtd->size) 73 return file->f_pos = offset; 74 75 return -EINVAL; 76 } 77 78 79 80 static int mtdchar_open(struct inode *inode, struct file *file) 81 { 82 int minor = iminor(inode); 83 int devnum = minor >> 1; 84 int ret = 0; 85 struct mtd_info *mtd; 86 struct mtd_file_info *mfi; 87 struct inode *mtd_ino; 88 89 pr_debug("MTD_open\n"); 90 91 /* You can't open the RO devices RW */ 92 if ((file->f_mode & FMODE_WRITE) && (minor & 1)) 93 return -EACCES; 94 95 mutex_lock(&mtd_mutex); 96 mtd = get_mtd_device(NULL, devnum); 97 98 if (IS_ERR(mtd)) { 99 ret = PTR_ERR(mtd); 100 goto out; 101 } 102 103 if (mtd->type == MTD_ABSENT) { 104 put_mtd_device(mtd); 105 ret = -ENODEV; 106 goto out; 107 } 108 109 mtd_ino = iget_locked(mtd_inode_mnt->mnt_sb, devnum); 110 if (!mtd_ino) { 111 put_mtd_device(mtd); 112 ret = -ENOMEM; 113 goto out; 114 } 115 if (mtd_ino->i_state & I_NEW) { 116 mtd_ino->i_private = mtd; 117 mtd_ino->i_mode = S_IFCHR; 118 mtd_ino->i_data.backing_dev_info = mtd->backing_dev_info; 119 unlock_new_inode(mtd_ino); 120 } 121 file->f_mapping = mtd_ino->i_mapping; 122 123 /* You can't open it RW if it's not a writeable device */ 124 if ((file->f_mode & FMODE_WRITE) && !(mtd->flags & MTD_WRITEABLE)) { 125 iput(mtd_ino); 126 put_mtd_device(mtd); 127 ret = -EACCES; 128 goto out; 129 } 130 131 mfi = kzalloc(sizeof(*mfi), GFP_KERNEL); 132 if (!mfi) { 133 iput(mtd_ino); 134 put_mtd_device(mtd); 135 ret = -ENOMEM; 136 goto out; 137 } 138 mfi->ino = mtd_ino; 139 mfi->mtd = mtd; 140 file->private_data = mfi; 141 142 out: 143 mutex_unlock(&mtd_mutex); 144 return ret; 145 } /* mtdchar_open */ 146 147 /*====================================================================*/ 148 149 static int mtdchar_close(struct inode *inode, struct file *file) 150 { 151 struct mtd_file_info *mfi = file->private_data; 152 struct mtd_info *mtd = mfi->mtd; 153 154 pr_debug("MTD_close\n"); 155 156 /* Only sync if opened RW */ 157 if ((file->f_mode & FMODE_WRITE) && mtd->sync) 158 mtd->sync(mtd); 159 160 iput(mfi->ino); 161 162 put_mtd_device(mtd); 163 file->private_data = NULL; 164 kfree(mfi); 165 166 return 0; 167 } /* mtdchar_close */ 168 169 /* Back in June 2001, dwmw2 wrote: 170 * 171 * FIXME: This _really_ needs to die. In 2.5, we should lock the 172 * userspace buffer down and use it directly with readv/writev. 173 * 174 * The implementation below, using mtd_kmalloc_up_to, mitigates 175 * allocation failures when the system is under low-memory situations 176 * or if memory is highly fragmented at the cost of reducing the 177 * performance of the requested transfer due to a smaller buffer size. 178 * 179 * A more complex but more memory-efficient implementation based on 180 * get_user_pages and iovecs to cover extents of those pages is a 181 * longer-term goal, as intimated by dwmw2 above. However, for the 182 * write case, this requires yet more complex head and tail transfer 183 * handling when those head and tail offsets and sizes are such that 184 * alignment requirements are not met in the NAND subdriver. 185 */ 186 187 static ssize_t mtdchar_read(struct file *file, char __user *buf, size_t count, 188 loff_t *ppos) 189 { 190 struct mtd_file_info *mfi = file->private_data; 191 struct mtd_info *mtd = mfi->mtd; 192 size_t retlen=0; 193 size_t total_retlen=0; 194 int ret=0; 195 int len; 196 size_t size = count; 197 char *kbuf; 198 199 pr_debug("MTD_read\n"); 200 201 if (*ppos + count > mtd->size) 202 count = mtd->size - *ppos; 203 204 if (!count) 205 return 0; 206 207 kbuf = mtd_kmalloc_up_to(mtd, &size); 208 if (!kbuf) 209 return -ENOMEM; 210 211 while (count) { 212 len = min_t(size_t, count, size); 213 214 switch (mfi->mode) { 215 case MTD_FILE_MODE_OTP_FACTORY: 216 ret = mtd->read_fact_prot_reg(mtd, *ppos, len, &retlen, kbuf); 217 break; 218 case MTD_FILE_MODE_OTP_USER: 219 ret = mtd->read_user_prot_reg(mtd, *ppos, len, &retlen, kbuf); 220 break; 221 case MTD_FILE_MODE_RAW: 222 { 223 struct mtd_oob_ops ops; 224 225 ops.mode = MTD_OPS_RAW; 226 ops.datbuf = kbuf; 227 ops.oobbuf = NULL; 228 ops.len = len; 229 230 ret = mtd_read_oob(mtd, *ppos, &ops); 231 retlen = ops.retlen; 232 break; 233 } 234 default: 235 ret = mtd_read(mtd, *ppos, len, &retlen, kbuf); 236 } 237 /* Nand returns -EBADMSG on ECC errors, but it returns 238 * the data. For our userspace tools it is important 239 * to dump areas with ECC errors! 240 * For kernel internal usage it also might return -EUCLEAN 241 * to signal the caller that a bitflip has occurred and has 242 * been corrected by the ECC algorithm. 243 * Userspace software which accesses NAND this way 244 * must be aware of the fact that it deals with NAND 245 */ 246 if (!ret || mtd_is_bitflip_or_eccerr(ret)) { 247 *ppos += retlen; 248 if (copy_to_user(buf, kbuf, retlen)) { 249 kfree(kbuf); 250 return -EFAULT; 251 } 252 else 253 total_retlen += retlen; 254 255 count -= retlen; 256 buf += retlen; 257 if (retlen == 0) 258 count = 0; 259 } 260 else { 261 kfree(kbuf); 262 return ret; 263 } 264 265 } 266 267 kfree(kbuf); 268 return total_retlen; 269 } /* mtdchar_read */ 270 271 static ssize_t mtdchar_write(struct file *file, const char __user *buf, size_t count, 272 loff_t *ppos) 273 { 274 struct mtd_file_info *mfi = file->private_data; 275 struct mtd_info *mtd = mfi->mtd; 276 size_t size = count; 277 char *kbuf; 278 size_t retlen; 279 size_t total_retlen=0; 280 int ret=0; 281 int len; 282 283 pr_debug("MTD_write\n"); 284 285 if (*ppos == mtd->size) 286 return -ENOSPC; 287 288 if (*ppos + count > mtd->size) 289 count = mtd->size - *ppos; 290 291 if (!count) 292 return 0; 293 294 kbuf = mtd_kmalloc_up_to(mtd, &size); 295 if (!kbuf) 296 return -ENOMEM; 297 298 while (count) { 299 len = min_t(size_t, count, size); 300 301 if (copy_from_user(kbuf, buf, len)) { 302 kfree(kbuf); 303 return -EFAULT; 304 } 305 306 switch (mfi->mode) { 307 case MTD_FILE_MODE_OTP_FACTORY: 308 ret = -EROFS; 309 break; 310 case MTD_FILE_MODE_OTP_USER: 311 if (!mtd->write_user_prot_reg) { 312 ret = -EOPNOTSUPP; 313 break; 314 } 315 ret = mtd->write_user_prot_reg(mtd, *ppos, len, &retlen, kbuf); 316 break; 317 318 case MTD_FILE_MODE_RAW: 319 { 320 struct mtd_oob_ops ops; 321 322 ops.mode = MTD_OPS_RAW; 323 ops.datbuf = kbuf; 324 ops.oobbuf = NULL; 325 ops.ooboffs = 0; 326 ops.len = len; 327 328 ret = mtd_write_oob(mtd, *ppos, &ops); 329 retlen = ops.retlen; 330 break; 331 } 332 333 default: 334 ret = mtd_write(mtd, *ppos, len, &retlen, kbuf); 335 } 336 if (!ret) { 337 *ppos += retlen; 338 total_retlen += retlen; 339 count -= retlen; 340 buf += retlen; 341 } 342 else { 343 kfree(kbuf); 344 return ret; 345 } 346 } 347 348 kfree(kbuf); 349 return total_retlen; 350 } /* mtdchar_write */ 351 352 /*====================================================================== 353 354 IOCTL calls for getting device parameters. 355 356 ======================================================================*/ 357 static void mtdchar_erase_callback (struct erase_info *instr) 358 { 359 wake_up((wait_queue_head_t *)instr->priv); 360 } 361 362 #ifdef CONFIG_HAVE_MTD_OTP 363 static int otp_select_filemode(struct mtd_file_info *mfi, int mode) 364 { 365 struct mtd_info *mtd = mfi->mtd; 366 int ret = 0; 367 368 switch (mode) { 369 case MTD_OTP_FACTORY: 370 if (!mtd->read_fact_prot_reg) 371 ret = -EOPNOTSUPP; 372 else 373 mfi->mode = MTD_FILE_MODE_OTP_FACTORY; 374 break; 375 case MTD_OTP_USER: 376 if (!mtd->read_fact_prot_reg) 377 ret = -EOPNOTSUPP; 378 else 379 mfi->mode = MTD_FILE_MODE_OTP_USER; 380 break; 381 default: 382 ret = -EINVAL; 383 case MTD_OTP_OFF: 384 break; 385 } 386 return ret; 387 } 388 #else 389 # define otp_select_filemode(f,m) -EOPNOTSUPP 390 #endif 391 392 static int mtdchar_writeoob(struct file *file, struct mtd_info *mtd, 393 uint64_t start, uint32_t length, void __user *ptr, 394 uint32_t __user *retp) 395 { 396 struct mtd_file_info *mfi = file->private_data; 397 struct mtd_oob_ops ops; 398 uint32_t retlen; 399 int ret = 0; 400 401 if (!(file->f_mode & FMODE_WRITE)) 402 return -EPERM; 403 404 if (length > 4096) 405 return -EINVAL; 406 407 if (!mtd->write_oob) 408 ret = -EOPNOTSUPP; 409 else 410 ret = access_ok(VERIFY_READ, ptr, length) ? 0 : -EFAULT; 411 412 if (ret) 413 return ret; 414 415 ops.ooblen = length; 416 ops.ooboffs = start & (mtd->writesize - 1); 417 ops.datbuf = NULL; 418 ops.mode = (mfi->mode == MTD_FILE_MODE_RAW) ? MTD_OPS_RAW : 419 MTD_OPS_PLACE_OOB; 420 421 if (ops.ooboffs && ops.ooblen > (mtd->oobsize - ops.ooboffs)) 422 return -EINVAL; 423 424 ops.oobbuf = memdup_user(ptr, length); 425 if (IS_ERR(ops.oobbuf)) 426 return PTR_ERR(ops.oobbuf); 427 428 start &= ~((uint64_t)mtd->writesize - 1); 429 ret = mtd_write_oob(mtd, start, &ops); 430 431 if (ops.oobretlen > 0xFFFFFFFFU) 432 ret = -EOVERFLOW; 433 retlen = ops.oobretlen; 434 if (copy_to_user(retp, &retlen, sizeof(length))) 435 ret = -EFAULT; 436 437 kfree(ops.oobbuf); 438 return ret; 439 } 440 441 static int mtdchar_readoob(struct file *file, struct mtd_info *mtd, 442 uint64_t start, uint32_t length, void __user *ptr, 443 uint32_t __user *retp) 444 { 445 struct mtd_file_info *mfi = file->private_data; 446 struct mtd_oob_ops ops; 447 int ret = 0; 448 449 if (length > 4096) 450 return -EINVAL; 451 452 if (!mtd->read_oob) 453 ret = -EOPNOTSUPP; 454 else 455 ret = access_ok(VERIFY_WRITE, ptr, 456 length) ? 0 : -EFAULT; 457 if (ret) 458 return ret; 459 460 ops.ooblen = length; 461 ops.ooboffs = start & (mtd->writesize - 1); 462 ops.datbuf = NULL; 463 ops.mode = (mfi->mode == MTD_FILE_MODE_RAW) ? MTD_OPS_RAW : 464 MTD_OPS_PLACE_OOB; 465 466 if (ops.ooboffs && ops.ooblen > (mtd->oobsize - ops.ooboffs)) 467 return -EINVAL; 468 469 ops.oobbuf = kmalloc(length, GFP_KERNEL); 470 if (!ops.oobbuf) 471 return -ENOMEM; 472 473 start &= ~((uint64_t)mtd->writesize - 1); 474 ret = mtd_read_oob(mtd, start, &ops); 475 476 if (put_user(ops.oobretlen, retp)) 477 ret = -EFAULT; 478 else if (ops.oobretlen && copy_to_user(ptr, ops.oobbuf, 479 ops.oobretlen)) 480 ret = -EFAULT; 481 482 kfree(ops.oobbuf); 483 484 /* 485 * NAND returns -EBADMSG on ECC errors, but it returns the OOB 486 * data. For our userspace tools it is important to dump areas 487 * with ECC errors! 488 * For kernel internal usage it also might return -EUCLEAN 489 * to signal the caller that a bitflip has occured and has 490 * been corrected by the ECC algorithm. 491 * 492 * Note: currently the standard NAND function, nand_read_oob_std, 493 * does not calculate ECC for the OOB area, so do not rely on 494 * this behavior unless you have replaced it with your own. 495 */ 496 if (mtd_is_bitflip_or_eccerr(ret)) 497 return 0; 498 499 return ret; 500 } 501 502 /* 503 * Copies (and truncates, if necessary) data from the larger struct, 504 * nand_ecclayout, to the smaller, deprecated layout struct, 505 * nand_ecclayout_user. This is necessary only to support the deprecated 506 * API ioctl ECCGETLAYOUT while allowing all new functionality to use 507 * nand_ecclayout flexibly (i.e. the struct may change size in new 508 * releases without requiring major rewrites). 509 */ 510 static int shrink_ecclayout(const struct nand_ecclayout *from, 511 struct nand_ecclayout_user *to) 512 { 513 int i; 514 515 if (!from || !to) 516 return -EINVAL; 517 518 memset(to, 0, sizeof(*to)); 519 520 to->eccbytes = min((int)from->eccbytes, MTD_MAX_ECCPOS_ENTRIES); 521 for (i = 0; i < to->eccbytes; i++) 522 to->eccpos[i] = from->eccpos[i]; 523 524 for (i = 0; i < MTD_MAX_OOBFREE_ENTRIES; i++) { 525 if (from->oobfree[i].length == 0 && 526 from->oobfree[i].offset == 0) 527 break; 528 to->oobavail += from->oobfree[i].length; 529 to->oobfree[i] = from->oobfree[i]; 530 } 531 532 return 0; 533 } 534 535 static int mtdchar_blkpg_ioctl(struct mtd_info *mtd, 536 struct blkpg_ioctl_arg __user *arg) 537 { 538 struct blkpg_ioctl_arg a; 539 struct blkpg_partition p; 540 541 if (!capable(CAP_SYS_ADMIN)) 542 return -EPERM; 543 544 if (copy_from_user(&a, arg, sizeof(struct blkpg_ioctl_arg))) 545 return -EFAULT; 546 547 if (copy_from_user(&p, a.data, sizeof(struct blkpg_partition))) 548 return -EFAULT; 549 550 switch (a.op) { 551 case BLKPG_ADD_PARTITION: 552 553 /* Only master mtd device must be used to add partitions */ 554 if (mtd_is_partition(mtd)) 555 return -EINVAL; 556 557 return mtd_add_partition(mtd, p.devname, p.start, p.length); 558 559 case BLKPG_DEL_PARTITION: 560 561 if (p.pno < 0) 562 return -EINVAL; 563 564 return mtd_del_partition(mtd, p.pno); 565 566 default: 567 return -EINVAL; 568 } 569 } 570 571 static int mtdchar_write_ioctl(struct mtd_info *mtd, 572 struct mtd_write_req __user *argp) 573 { 574 struct mtd_write_req req; 575 struct mtd_oob_ops ops; 576 void __user *usr_data, *usr_oob; 577 int ret; 578 579 if (copy_from_user(&req, argp, sizeof(req)) || 580 !access_ok(VERIFY_READ, req.usr_data, req.len) || 581 !access_ok(VERIFY_READ, req.usr_oob, req.ooblen)) 582 return -EFAULT; 583 if (!mtd->write_oob) 584 return -EOPNOTSUPP; 585 586 ops.mode = req.mode; 587 ops.len = (size_t)req.len; 588 ops.ooblen = (size_t)req.ooblen; 589 ops.ooboffs = 0; 590 591 usr_data = (void __user *)(uintptr_t)req.usr_data; 592 usr_oob = (void __user *)(uintptr_t)req.usr_oob; 593 594 if (req.usr_data) { 595 ops.datbuf = memdup_user(usr_data, ops.len); 596 if (IS_ERR(ops.datbuf)) 597 return PTR_ERR(ops.datbuf); 598 } else { 599 ops.datbuf = NULL; 600 } 601 602 if (req.usr_oob) { 603 ops.oobbuf = memdup_user(usr_oob, ops.ooblen); 604 if (IS_ERR(ops.oobbuf)) { 605 kfree(ops.datbuf); 606 return PTR_ERR(ops.oobbuf); 607 } 608 } else { 609 ops.oobbuf = NULL; 610 } 611 612 ret = mtd_write_oob(mtd, (loff_t)req.start, &ops); 613 614 kfree(ops.datbuf); 615 kfree(ops.oobbuf); 616 617 return ret; 618 } 619 620 static int mtdchar_ioctl(struct file *file, u_int cmd, u_long arg) 621 { 622 struct mtd_file_info *mfi = file->private_data; 623 struct mtd_info *mtd = mfi->mtd; 624 void __user *argp = (void __user *)arg; 625 int ret = 0; 626 u_long size; 627 struct mtd_info_user info; 628 629 pr_debug("MTD_ioctl\n"); 630 631 size = (cmd & IOCSIZE_MASK) >> IOCSIZE_SHIFT; 632 if (cmd & IOC_IN) { 633 if (!access_ok(VERIFY_READ, argp, size)) 634 return -EFAULT; 635 } 636 if (cmd & IOC_OUT) { 637 if (!access_ok(VERIFY_WRITE, argp, size)) 638 return -EFAULT; 639 } 640 641 switch (cmd) { 642 case MEMGETREGIONCOUNT: 643 if (copy_to_user(argp, &(mtd->numeraseregions), sizeof(int))) 644 return -EFAULT; 645 break; 646 647 case MEMGETREGIONINFO: 648 { 649 uint32_t ur_idx; 650 struct mtd_erase_region_info *kr; 651 struct region_info_user __user *ur = argp; 652 653 if (get_user(ur_idx, &(ur->regionindex))) 654 return -EFAULT; 655 656 if (ur_idx >= mtd->numeraseregions) 657 return -EINVAL; 658 659 kr = &(mtd->eraseregions[ur_idx]); 660 661 if (put_user(kr->offset, &(ur->offset)) 662 || put_user(kr->erasesize, &(ur->erasesize)) 663 || put_user(kr->numblocks, &(ur->numblocks))) 664 return -EFAULT; 665 666 break; 667 } 668 669 case MEMGETINFO: 670 memset(&info, 0, sizeof(info)); 671 info.type = mtd->type; 672 info.flags = mtd->flags; 673 info.size = mtd->size; 674 info.erasesize = mtd->erasesize; 675 info.writesize = mtd->writesize; 676 info.oobsize = mtd->oobsize; 677 /* The below field is obsolete */ 678 info.padding = 0; 679 if (copy_to_user(argp, &info, sizeof(struct mtd_info_user))) 680 return -EFAULT; 681 break; 682 683 case MEMERASE: 684 case MEMERASE64: 685 { 686 struct erase_info *erase; 687 688 if(!(file->f_mode & FMODE_WRITE)) 689 return -EPERM; 690 691 erase=kzalloc(sizeof(struct erase_info),GFP_KERNEL); 692 if (!erase) 693 ret = -ENOMEM; 694 else { 695 wait_queue_head_t waitq; 696 DECLARE_WAITQUEUE(wait, current); 697 698 init_waitqueue_head(&waitq); 699 700 if (cmd == MEMERASE64) { 701 struct erase_info_user64 einfo64; 702 703 if (copy_from_user(&einfo64, argp, 704 sizeof(struct erase_info_user64))) { 705 kfree(erase); 706 return -EFAULT; 707 } 708 erase->addr = einfo64.start; 709 erase->len = einfo64.length; 710 } else { 711 struct erase_info_user einfo32; 712 713 if (copy_from_user(&einfo32, argp, 714 sizeof(struct erase_info_user))) { 715 kfree(erase); 716 return -EFAULT; 717 } 718 erase->addr = einfo32.start; 719 erase->len = einfo32.length; 720 } 721 erase->mtd = mtd; 722 erase->callback = mtdchar_erase_callback; 723 erase->priv = (unsigned long)&waitq; 724 725 /* 726 FIXME: Allow INTERRUPTIBLE. Which means 727 not having the wait_queue head on the stack. 728 729 If the wq_head is on the stack, and we 730 leave because we got interrupted, then the 731 wq_head is no longer there when the 732 callback routine tries to wake us up. 733 */ 734 ret = mtd_erase(mtd, erase); 735 if (!ret) { 736 set_current_state(TASK_UNINTERRUPTIBLE); 737 add_wait_queue(&waitq, &wait); 738 if (erase->state != MTD_ERASE_DONE && 739 erase->state != MTD_ERASE_FAILED) 740 schedule(); 741 remove_wait_queue(&waitq, &wait); 742 set_current_state(TASK_RUNNING); 743 744 ret = (erase->state == MTD_ERASE_FAILED)?-EIO:0; 745 } 746 kfree(erase); 747 } 748 break; 749 } 750 751 case MEMWRITEOOB: 752 { 753 struct mtd_oob_buf buf; 754 struct mtd_oob_buf __user *buf_user = argp; 755 756 /* NOTE: writes return length to buf_user->length */ 757 if (copy_from_user(&buf, argp, sizeof(buf))) 758 ret = -EFAULT; 759 else 760 ret = mtdchar_writeoob(file, mtd, buf.start, buf.length, 761 buf.ptr, &buf_user->length); 762 break; 763 } 764 765 case MEMREADOOB: 766 { 767 struct mtd_oob_buf buf; 768 struct mtd_oob_buf __user *buf_user = argp; 769 770 /* NOTE: writes return length to buf_user->start */ 771 if (copy_from_user(&buf, argp, sizeof(buf))) 772 ret = -EFAULT; 773 else 774 ret = mtdchar_readoob(file, mtd, buf.start, buf.length, 775 buf.ptr, &buf_user->start); 776 break; 777 } 778 779 case MEMWRITEOOB64: 780 { 781 struct mtd_oob_buf64 buf; 782 struct mtd_oob_buf64 __user *buf_user = argp; 783 784 if (copy_from_user(&buf, argp, sizeof(buf))) 785 ret = -EFAULT; 786 else 787 ret = mtdchar_writeoob(file, mtd, buf.start, buf.length, 788 (void __user *)(uintptr_t)buf.usr_ptr, 789 &buf_user->length); 790 break; 791 } 792 793 case MEMREADOOB64: 794 { 795 struct mtd_oob_buf64 buf; 796 struct mtd_oob_buf64 __user *buf_user = argp; 797 798 if (copy_from_user(&buf, argp, sizeof(buf))) 799 ret = -EFAULT; 800 else 801 ret = mtdchar_readoob(file, mtd, buf.start, buf.length, 802 (void __user *)(uintptr_t)buf.usr_ptr, 803 &buf_user->length); 804 break; 805 } 806 807 case MEMWRITE: 808 { 809 ret = mtdchar_write_ioctl(mtd, 810 (struct mtd_write_req __user *)arg); 811 break; 812 } 813 814 case MEMLOCK: 815 { 816 struct erase_info_user einfo; 817 818 if (copy_from_user(&einfo, argp, sizeof(einfo))) 819 return -EFAULT; 820 821 if (!mtd->lock) 822 ret = -EOPNOTSUPP; 823 else 824 ret = mtd->lock(mtd, einfo.start, einfo.length); 825 break; 826 } 827 828 case MEMUNLOCK: 829 { 830 struct erase_info_user einfo; 831 832 if (copy_from_user(&einfo, argp, sizeof(einfo))) 833 return -EFAULT; 834 835 if (!mtd->unlock) 836 ret = -EOPNOTSUPP; 837 else 838 ret = mtd->unlock(mtd, einfo.start, einfo.length); 839 break; 840 } 841 842 case MEMISLOCKED: 843 { 844 struct erase_info_user einfo; 845 846 if (copy_from_user(&einfo, argp, sizeof(einfo))) 847 return -EFAULT; 848 849 if (!mtd->is_locked) 850 ret = -EOPNOTSUPP; 851 else 852 ret = mtd->is_locked(mtd, einfo.start, einfo.length); 853 break; 854 } 855 856 /* Legacy interface */ 857 case MEMGETOOBSEL: 858 { 859 struct nand_oobinfo oi; 860 861 if (!mtd->ecclayout) 862 return -EOPNOTSUPP; 863 if (mtd->ecclayout->eccbytes > ARRAY_SIZE(oi.eccpos)) 864 return -EINVAL; 865 866 oi.useecc = MTD_NANDECC_AUTOPLACE; 867 memcpy(&oi.eccpos, mtd->ecclayout->eccpos, sizeof(oi.eccpos)); 868 memcpy(&oi.oobfree, mtd->ecclayout->oobfree, 869 sizeof(oi.oobfree)); 870 oi.eccbytes = mtd->ecclayout->eccbytes; 871 872 if (copy_to_user(argp, &oi, sizeof(struct nand_oobinfo))) 873 return -EFAULT; 874 break; 875 } 876 877 case MEMGETBADBLOCK: 878 { 879 loff_t offs; 880 881 if (copy_from_user(&offs, argp, sizeof(loff_t))) 882 return -EFAULT; 883 if (!mtd->block_isbad) 884 ret = -EOPNOTSUPP; 885 else 886 return mtd->block_isbad(mtd, offs); 887 break; 888 } 889 890 case MEMSETBADBLOCK: 891 { 892 loff_t offs; 893 894 if (copy_from_user(&offs, argp, sizeof(loff_t))) 895 return -EFAULT; 896 if (!mtd->block_markbad) 897 ret = -EOPNOTSUPP; 898 else 899 return mtd->block_markbad(mtd, offs); 900 break; 901 } 902 903 #ifdef CONFIG_HAVE_MTD_OTP 904 case OTPSELECT: 905 { 906 int mode; 907 if (copy_from_user(&mode, argp, sizeof(int))) 908 return -EFAULT; 909 910 mfi->mode = MTD_FILE_MODE_NORMAL; 911 912 ret = otp_select_filemode(mfi, mode); 913 914 file->f_pos = 0; 915 break; 916 } 917 918 case OTPGETREGIONCOUNT: 919 case OTPGETREGIONINFO: 920 { 921 struct otp_info *buf = kmalloc(4096, GFP_KERNEL); 922 if (!buf) 923 return -ENOMEM; 924 ret = -EOPNOTSUPP; 925 switch (mfi->mode) { 926 case MTD_FILE_MODE_OTP_FACTORY: 927 if (mtd->get_fact_prot_info) 928 ret = mtd_get_fact_prot_info(mtd, buf, 4096); 929 break; 930 case MTD_FILE_MODE_OTP_USER: 931 if (mtd->get_user_prot_info) 932 ret = mtd->get_user_prot_info(mtd, buf, 4096); 933 break; 934 default: 935 break; 936 } 937 if (ret >= 0) { 938 if (cmd == OTPGETREGIONCOUNT) { 939 int nbr = ret / sizeof(struct otp_info); 940 ret = copy_to_user(argp, &nbr, sizeof(int)); 941 } else 942 ret = copy_to_user(argp, buf, ret); 943 if (ret) 944 ret = -EFAULT; 945 } 946 kfree(buf); 947 break; 948 } 949 950 case OTPLOCK: 951 { 952 struct otp_info oinfo; 953 954 if (mfi->mode != MTD_FILE_MODE_OTP_USER) 955 return -EINVAL; 956 if (copy_from_user(&oinfo, argp, sizeof(oinfo))) 957 return -EFAULT; 958 if (!mtd->lock_user_prot_reg) 959 return -EOPNOTSUPP; 960 ret = mtd->lock_user_prot_reg(mtd, oinfo.start, oinfo.length); 961 break; 962 } 963 #endif 964 965 /* This ioctl is being deprecated - it truncates the ECC layout */ 966 case ECCGETLAYOUT: 967 { 968 struct nand_ecclayout_user *usrlay; 969 970 if (!mtd->ecclayout) 971 return -EOPNOTSUPP; 972 973 usrlay = kmalloc(sizeof(*usrlay), GFP_KERNEL); 974 if (!usrlay) 975 return -ENOMEM; 976 977 shrink_ecclayout(mtd->ecclayout, usrlay); 978 979 if (copy_to_user(argp, usrlay, sizeof(*usrlay))) 980 ret = -EFAULT; 981 kfree(usrlay); 982 break; 983 } 984 985 case ECCGETSTATS: 986 { 987 if (copy_to_user(argp, &mtd->ecc_stats, 988 sizeof(struct mtd_ecc_stats))) 989 return -EFAULT; 990 break; 991 } 992 993 case MTDFILEMODE: 994 { 995 mfi->mode = 0; 996 997 switch(arg) { 998 case MTD_FILE_MODE_OTP_FACTORY: 999 case MTD_FILE_MODE_OTP_USER: 1000 ret = otp_select_filemode(mfi, arg); 1001 break; 1002 1003 case MTD_FILE_MODE_RAW: 1004 if (!mtd->read_oob || !mtd->write_oob) 1005 return -EOPNOTSUPP; 1006 mfi->mode = arg; 1007 1008 case MTD_FILE_MODE_NORMAL: 1009 break; 1010 default: 1011 ret = -EINVAL; 1012 } 1013 file->f_pos = 0; 1014 break; 1015 } 1016 1017 case BLKPG: 1018 { 1019 ret = mtdchar_blkpg_ioctl(mtd, 1020 (struct blkpg_ioctl_arg __user *)arg); 1021 break; 1022 } 1023 1024 case BLKRRPART: 1025 { 1026 /* No reread partition feature. Just return ok */ 1027 ret = 0; 1028 break; 1029 } 1030 1031 default: 1032 ret = -ENOTTY; 1033 } 1034 1035 return ret; 1036 } /* memory_ioctl */ 1037 1038 static long mtdchar_unlocked_ioctl(struct file *file, u_int cmd, u_long arg) 1039 { 1040 int ret; 1041 1042 mutex_lock(&mtd_mutex); 1043 ret = mtdchar_ioctl(file, cmd, arg); 1044 mutex_unlock(&mtd_mutex); 1045 1046 return ret; 1047 } 1048 1049 #ifdef CONFIG_COMPAT 1050 1051 struct mtd_oob_buf32 { 1052 u_int32_t start; 1053 u_int32_t length; 1054 compat_caddr_t ptr; /* unsigned char* */ 1055 }; 1056 1057 #define MEMWRITEOOB32 _IOWR('M', 3, struct mtd_oob_buf32) 1058 #define MEMREADOOB32 _IOWR('M', 4, struct mtd_oob_buf32) 1059 1060 static long mtdchar_compat_ioctl(struct file *file, unsigned int cmd, 1061 unsigned long arg) 1062 { 1063 struct mtd_file_info *mfi = file->private_data; 1064 struct mtd_info *mtd = mfi->mtd; 1065 void __user *argp = compat_ptr(arg); 1066 int ret = 0; 1067 1068 mutex_lock(&mtd_mutex); 1069 1070 switch (cmd) { 1071 case MEMWRITEOOB32: 1072 { 1073 struct mtd_oob_buf32 buf; 1074 struct mtd_oob_buf32 __user *buf_user = argp; 1075 1076 if (copy_from_user(&buf, argp, sizeof(buf))) 1077 ret = -EFAULT; 1078 else 1079 ret = mtdchar_writeoob(file, mtd, buf.start, 1080 buf.length, compat_ptr(buf.ptr), 1081 &buf_user->length); 1082 break; 1083 } 1084 1085 case MEMREADOOB32: 1086 { 1087 struct mtd_oob_buf32 buf; 1088 struct mtd_oob_buf32 __user *buf_user = argp; 1089 1090 /* NOTE: writes return length to buf->start */ 1091 if (copy_from_user(&buf, argp, sizeof(buf))) 1092 ret = -EFAULT; 1093 else 1094 ret = mtdchar_readoob(file, mtd, buf.start, 1095 buf.length, compat_ptr(buf.ptr), 1096 &buf_user->start); 1097 break; 1098 } 1099 default: 1100 ret = mtdchar_ioctl(file, cmd, (unsigned long)argp); 1101 } 1102 1103 mutex_unlock(&mtd_mutex); 1104 1105 return ret; 1106 } 1107 1108 #endif /* CONFIG_COMPAT */ 1109 1110 /* 1111 * try to determine where a shared mapping can be made 1112 * - only supported for NOMMU at the moment (MMU can't doesn't copy private 1113 * mappings) 1114 */ 1115 #ifndef CONFIG_MMU 1116 static unsigned long mtdchar_get_unmapped_area(struct file *file, 1117 unsigned long addr, 1118 unsigned long len, 1119 unsigned long pgoff, 1120 unsigned long flags) 1121 { 1122 struct mtd_file_info *mfi = file->private_data; 1123 struct mtd_info *mtd = mfi->mtd; 1124 1125 if (mtd->get_unmapped_area) { 1126 unsigned long offset; 1127 1128 if (addr != 0) 1129 return (unsigned long) -EINVAL; 1130 1131 if (len > mtd->size || pgoff >= (mtd->size >> PAGE_SHIFT)) 1132 return (unsigned long) -EINVAL; 1133 1134 offset = pgoff << PAGE_SHIFT; 1135 if (offset > mtd->size - len) 1136 return (unsigned long) -EINVAL; 1137 1138 return mtd_get_unmapped_area(mtd, len, offset, flags); 1139 } 1140 1141 /* can't map directly */ 1142 return (unsigned long) -ENOSYS; 1143 } 1144 #endif 1145 1146 /* 1147 * set up a mapping for shared memory segments 1148 */ 1149 static int mtdchar_mmap(struct file *file, struct vm_area_struct *vma) 1150 { 1151 #ifdef CONFIG_MMU 1152 struct mtd_file_info *mfi = file->private_data; 1153 struct mtd_info *mtd = mfi->mtd; 1154 struct map_info *map = mtd->priv; 1155 unsigned long start; 1156 unsigned long off; 1157 u32 len; 1158 1159 if (mtd->type == MTD_RAM || mtd->type == MTD_ROM) { 1160 off = vma->vm_pgoff << PAGE_SHIFT; 1161 start = map->phys; 1162 len = PAGE_ALIGN((start & ~PAGE_MASK) + map->size); 1163 start &= PAGE_MASK; 1164 if ((vma->vm_end - vma->vm_start + off) > len) 1165 return -EINVAL; 1166 1167 off += start; 1168 vma->vm_pgoff = off >> PAGE_SHIFT; 1169 vma->vm_flags |= VM_IO | VM_RESERVED; 1170 1171 #ifdef pgprot_noncached 1172 if (file->f_flags & O_DSYNC || off >= __pa(high_memory)) 1173 vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); 1174 #endif 1175 if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT, 1176 vma->vm_end - vma->vm_start, 1177 vma->vm_page_prot)) 1178 return -EAGAIN; 1179 1180 return 0; 1181 } 1182 return -ENOSYS; 1183 #else 1184 return vma->vm_flags & VM_SHARED ? 0 : -ENOSYS; 1185 #endif 1186 } 1187 1188 static const struct file_operations mtd_fops = { 1189 .owner = THIS_MODULE, 1190 .llseek = mtdchar_lseek, 1191 .read = mtdchar_read, 1192 .write = mtdchar_write, 1193 .unlocked_ioctl = mtdchar_unlocked_ioctl, 1194 #ifdef CONFIG_COMPAT 1195 .compat_ioctl = mtdchar_compat_ioctl, 1196 #endif 1197 .open = mtdchar_open, 1198 .release = mtdchar_close, 1199 .mmap = mtdchar_mmap, 1200 #ifndef CONFIG_MMU 1201 .get_unmapped_area = mtdchar_get_unmapped_area, 1202 #endif 1203 }; 1204 1205 static struct dentry *mtd_inodefs_mount(struct file_system_type *fs_type, 1206 int flags, const char *dev_name, void *data) 1207 { 1208 return mount_pseudo(fs_type, "mtd_inode:", NULL, NULL, MTD_INODE_FS_MAGIC); 1209 } 1210 1211 static struct file_system_type mtd_inodefs_type = { 1212 .name = "mtd_inodefs", 1213 .mount = mtd_inodefs_mount, 1214 .kill_sb = kill_anon_super, 1215 }; 1216 1217 static void mtdchar_notify_add(struct mtd_info *mtd) 1218 { 1219 } 1220 1221 static void mtdchar_notify_remove(struct mtd_info *mtd) 1222 { 1223 struct inode *mtd_ino = ilookup(mtd_inode_mnt->mnt_sb, mtd->index); 1224 1225 if (mtd_ino) { 1226 /* Destroy the inode if it exists */ 1227 clear_nlink(mtd_ino); 1228 iput(mtd_ino); 1229 } 1230 } 1231 1232 static struct mtd_notifier mtdchar_notifier = { 1233 .add = mtdchar_notify_add, 1234 .remove = mtdchar_notify_remove, 1235 }; 1236 1237 static int __init init_mtdchar(void) 1238 { 1239 int ret; 1240 1241 ret = __register_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, 1242 "mtd", &mtd_fops); 1243 if (ret < 0) { 1244 pr_notice("Can't allocate major number %d for " 1245 "Memory Technology Devices.\n", MTD_CHAR_MAJOR); 1246 return ret; 1247 } 1248 1249 ret = register_filesystem(&mtd_inodefs_type); 1250 if (ret) { 1251 pr_notice("Can't register mtd_inodefs filesystem: %d\n", ret); 1252 goto err_unregister_chdev; 1253 } 1254 1255 mtd_inode_mnt = kern_mount(&mtd_inodefs_type); 1256 if (IS_ERR(mtd_inode_mnt)) { 1257 ret = PTR_ERR(mtd_inode_mnt); 1258 pr_notice("Error mounting mtd_inodefs filesystem: %d\n", ret); 1259 goto err_unregister_filesystem; 1260 } 1261 register_mtd_user(&mtdchar_notifier); 1262 1263 return ret; 1264 1265 err_unregister_filesystem: 1266 unregister_filesystem(&mtd_inodefs_type); 1267 err_unregister_chdev: 1268 __unregister_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, "mtd"); 1269 return ret; 1270 } 1271 1272 static void __exit cleanup_mtdchar(void) 1273 { 1274 unregister_mtd_user(&mtdchar_notifier); 1275 kern_unmount(mtd_inode_mnt); 1276 unregister_filesystem(&mtd_inodefs_type); 1277 __unregister_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, "mtd"); 1278 } 1279 1280 module_init(init_mtdchar); 1281 module_exit(cleanup_mtdchar); 1282 1283 MODULE_ALIAS_CHARDEV_MAJOR(MTD_CHAR_MAJOR); 1284 1285 MODULE_LICENSE("GPL"); 1286 MODULE_AUTHOR("David Woodhouse <dwmw2@infradead.org>"); 1287 MODULE_DESCRIPTION("Direct character-device access to MTD devices"); 1288 MODULE_ALIAS_CHARDEV_MAJOR(MTD_CHAR_MAJOR); 1289