1 /* 2 * Copyright © 1999-2010 David Woodhouse <dwmw2@infradead.org> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation; either version 2 of the License, or 7 * (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, write to the Free Software 16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 17 * 18 */ 19 20 #include <linux/device.h> 21 #include <linux/fs.h> 22 #include <linux/mm.h> 23 #include <linux/err.h> 24 #include <linux/init.h> 25 #include <linux/kernel.h> 26 #include <linux/module.h> 27 #include <linux/slab.h> 28 #include <linux/sched.h> 29 #include <linux/mutex.h> 30 #include <linux/backing-dev.h> 31 #include <linux/compat.h> 32 #include <linux/mount.h> 33 #include <linux/blkpg.h> 34 #include <linux/mtd/mtd.h> 35 #include <linux/mtd/partitions.h> 36 #include <linux/mtd/map.h> 37 38 #include <asm/uaccess.h> 39 40 #define MTD_INODE_FS_MAGIC 0x11307854 41 static DEFINE_MUTEX(mtd_mutex); 42 static struct vfsmount *mtd_inode_mnt __read_mostly; 43 44 /* 45 * Data structure to hold the pointer to the mtd device as well 46 * as mode information of various use cases. 47 */ 48 struct mtd_file_info { 49 struct mtd_info *mtd; 50 struct inode *ino; 51 enum mtd_file_modes mode; 52 }; 53 54 static loff_t mtdchar_lseek(struct file *file, loff_t offset, int orig) 55 { 56 struct mtd_file_info *mfi = file->private_data; 57 struct mtd_info *mtd = mfi->mtd; 58 59 switch (orig) { 60 case SEEK_SET: 61 break; 62 case SEEK_CUR: 63 offset += file->f_pos; 64 break; 65 case SEEK_END: 66 offset += mtd->size; 67 break; 68 default: 69 return -EINVAL; 70 } 71 72 if (offset >= 0 && offset <= mtd->size) 73 return file->f_pos = offset; 74 75 return -EINVAL; 76 } 77 78 79 80 static int mtdchar_open(struct inode *inode, struct file *file) 81 { 82 int minor = iminor(inode); 83 int devnum = minor >> 1; 84 int ret = 0; 85 struct mtd_info *mtd; 86 struct mtd_file_info *mfi; 87 struct inode *mtd_ino; 88 89 pr_debug("MTD_open\n"); 90 91 /* You can't open the RO devices RW */ 92 if ((file->f_mode & FMODE_WRITE) && (minor & 1)) 93 return -EACCES; 94 95 mutex_lock(&mtd_mutex); 96 mtd = get_mtd_device(NULL, devnum); 97 98 if (IS_ERR(mtd)) { 99 ret = PTR_ERR(mtd); 100 goto out; 101 } 102 103 if (mtd->type == MTD_ABSENT) { 104 put_mtd_device(mtd); 105 ret = -ENODEV; 106 goto out; 107 } 108 109 mtd_ino = iget_locked(mtd_inode_mnt->mnt_sb, devnum); 110 if (!mtd_ino) { 111 put_mtd_device(mtd); 112 ret = -ENOMEM; 113 goto out; 114 } 115 if (mtd_ino->i_state & I_NEW) { 116 mtd_ino->i_private = mtd; 117 mtd_ino->i_mode = S_IFCHR; 118 mtd_ino->i_data.backing_dev_info = mtd->backing_dev_info; 119 unlock_new_inode(mtd_ino); 120 } 121 file->f_mapping = mtd_ino->i_mapping; 122 123 /* You can't open it RW if it's not a writeable device */ 124 if ((file->f_mode & FMODE_WRITE) && !(mtd->flags & MTD_WRITEABLE)) { 125 iput(mtd_ino); 126 put_mtd_device(mtd); 127 ret = -EACCES; 128 goto out; 129 } 130 131 mfi = kzalloc(sizeof(*mfi), GFP_KERNEL); 132 if (!mfi) { 133 iput(mtd_ino); 134 put_mtd_device(mtd); 135 ret = -ENOMEM; 136 goto out; 137 } 138 mfi->ino = mtd_ino; 139 mfi->mtd = mtd; 140 file->private_data = mfi; 141 142 out: 143 mutex_unlock(&mtd_mutex); 144 return ret; 145 } /* mtdchar_open */ 146 147 /*====================================================================*/ 148 149 static int mtdchar_close(struct inode *inode, struct file *file) 150 { 151 struct mtd_file_info *mfi = file->private_data; 152 struct mtd_info *mtd = mfi->mtd; 153 154 pr_debug("MTD_close\n"); 155 156 /* Only sync if opened RW */ 157 if ((file->f_mode & FMODE_WRITE) && mtd->sync) 158 mtd_sync(mtd); 159 160 iput(mfi->ino); 161 162 put_mtd_device(mtd); 163 file->private_data = NULL; 164 kfree(mfi); 165 166 return 0; 167 } /* mtdchar_close */ 168 169 /* Back in June 2001, dwmw2 wrote: 170 * 171 * FIXME: This _really_ needs to die. In 2.5, we should lock the 172 * userspace buffer down and use it directly with readv/writev. 173 * 174 * The implementation below, using mtd_kmalloc_up_to, mitigates 175 * allocation failures when the system is under low-memory situations 176 * or if memory is highly fragmented at the cost of reducing the 177 * performance of the requested transfer due to a smaller buffer size. 178 * 179 * A more complex but more memory-efficient implementation based on 180 * get_user_pages and iovecs to cover extents of those pages is a 181 * longer-term goal, as intimated by dwmw2 above. However, for the 182 * write case, this requires yet more complex head and tail transfer 183 * handling when those head and tail offsets and sizes are such that 184 * alignment requirements are not met in the NAND subdriver. 185 */ 186 187 static ssize_t mtdchar_read(struct file *file, char __user *buf, size_t count, 188 loff_t *ppos) 189 { 190 struct mtd_file_info *mfi = file->private_data; 191 struct mtd_info *mtd = mfi->mtd; 192 size_t retlen; 193 size_t total_retlen=0; 194 int ret=0; 195 int len; 196 size_t size = count; 197 char *kbuf; 198 199 pr_debug("MTD_read\n"); 200 201 if (*ppos + count > mtd->size) 202 count = mtd->size - *ppos; 203 204 if (!count) 205 return 0; 206 207 kbuf = mtd_kmalloc_up_to(mtd, &size); 208 if (!kbuf) 209 return -ENOMEM; 210 211 while (count) { 212 len = min_t(size_t, count, size); 213 214 switch (mfi->mode) { 215 case MTD_FILE_MODE_OTP_FACTORY: 216 ret = mtd_read_fact_prot_reg(mtd, *ppos, len, 217 &retlen, kbuf); 218 break; 219 case MTD_FILE_MODE_OTP_USER: 220 ret = mtd_read_user_prot_reg(mtd, *ppos, len, 221 &retlen, kbuf); 222 break; 223 case MTD_FILE_MODE_RAW: 224 { 225 struct mtd_oob_ops ops; 226 227 ops.mode = MTD_OPS_RAW; 228 ops.datbuf = kbuf; 229 ops.oobbuf = NULL; 230 ops.len = len; 231 232 ret = mtd_read_oob(mtd, *ppos, &ops); 233 retlen = ops.retlen; 234 break; 235 } 236 default: 237 ret = mtd_read(mtd, *ppos, len, &retlen, kbuf); 238 } 239 /* Nand returns -EBADMSG on ECC errors, but it returns 240 * the data. For our userspace tools it is important 241 * to dump areas with ECC errors! 242 * For kernel internal usage it also might return -EUCLEAN 243 * to signal the caller that a bitflip has occurred and has 244 * been corrected by the ECC algorithm. 245 * Userspace software which accesses NAND this way 246 * must be aware of the fact that it deals with NAND 247 */ 248 if (!ret || mtd_is_bitflip_or_eccerr(ret)) { 249 *ppos += retlen; 250 if (copy_to_user(buf, kbuf, retlen)) { 251 kfree(kbuf); 252 return -EFAULT; 253 } 254 else 255 total_retlen += retlen; 256 257 count -= retlen; 258 buf += retlen; 259 if (retlen == 0) 260 count = 0; 261 } 262 else { 263 kfree(kbuf); 264 return ret; 265 } 266 267 } 268 269 kfree(kbuf); 270 return total_retlen; 271 } /* mtdchar_read */ 272 273 static ssize_t mtdchar_write(struct file *file, const char __user *buf, size_t count, 274 loff_t *ppos) 275 { 276 struct mtd_file_info *mfi = file->private_data; 277 struct mtd_info *mtd = mfi->mtd; 278 size_t size = count; 279 char *kbuf; 280 size_t retlen; 281 size_t total_retlen=0; 282 int ret=0; 283 int len; 284 285 pr_debug("MTD_write\n"); 286 287 if (*ppos == mtd->size) 288 return -ENOSPC; 289 290 if (*ppos + count > mtd->size) 291 count = mtd->size - *ppos; 292 293 if (!count) 294 return 0; 295 296 kbuf = mtd_kmalloc_up_to(mtd, &size); 297 if (!kbuf) 298 return -ENOMEM; 299 300 while (count) { 301 len = min_t(size_t, count, size); 302 303 if (copy_from_user(kbuf, buf, len)) { 304 kfree(kbuf); 305 return -EFAULT; 306 } 307 308 switch (mfi->mode) { 309 case MTD_FILE_MODE_OTP_FACTORY: 310 ret = -EROFS; 311 break; 312 case MTD_FILE_MODE_OTP_USER: 313 if (!mtd->write_user_prot_reg) { 314 ret = -EOPNOTSUPP; 315 break; 316 } 317 ret = mtd_write_user_prot_reg(mtd, *ppos, len, 318 &retlen, kbuf); 319 break; 320 321 case MTD_FILE_MODE_RAW: 322 { 323 struct mtd_oob_ops ops; 324 325 ops.mode = MTD_OPS_RAW; 326 ops.datbuf = kbuf; 327 ops.oobbuf = NULL; 328 ops.ooboffs = 0; 329 ops.len = len; 330 331 ret = mtd_write_oob(mtd, *ppos, &ops); 332 retlen = ops.retlen; 333 break; 334 } 335 336 default: 337 ret = mtd_write(mtd, *ppos, len, &retlen, kbuf); 338 } 339 if (!ret) { 340 *ppos += retlen; 341 total_retlen += retlen; 342 count -= retlen; 343 buf += retlen; 344 } 345 else { 346 kfree(kbuf); 347 return ret; 348 } 349 } 350 351 kfree(kbuf); 352 return total_retlen; 353 } /* mtdchar_write */ 354 355 /*====================================================================== 356 357 IOCTL calls for getting device parameters. 358 359 ======================================================================*/ 360 static void mtdchar_erase_callback (struct erase_info *instr) 361 { 362 wake_up((wait_queue_head_t *)instr->priv); 363 } 364 365 #ifdef CONFIG_HAVE_MTD_OTP 366 static int otp_select_filemode(struct mtd_file_info *mfi, int mode) 367 { 368 struct mtd_info *mtd = mfi->mtd; 369 int ret = 0; 370 371 switch (mode) { 372 case MTD_OTP_FACTORY: 373 if (!mtd->read_fact_prot_reg) 374 ret = -EOPNOTSUPP; 375 else 376 mfi->mode = MTD_FILE_MODE_OTP_FACTORY; 377 break; 378 case MTD_OTP_USER: 379 if (!mtd->read_fact_prot_reg) 380 ret = -EOPNOTSUPP; 381 else 382 mfi->mode = MTD_FILE_MODE_OTP_USER; 383 break; 384 default: 385 ret = -EINVAL; 386 case MTD_OTP_OFF: 387 break; 388 } 389 return ret; 390 } 391 #else 392 # define otp_select_filemode(f,m) -EOPNOTSUPP 393 #endif 394 395 static int mtdchar_writeoob(struct file *file, struct mtd_info *mtd, 396 uint64_t start, uint32_t length, void __user *ptr, 397 uint32_t __user *retp) 398 { 399 struct mtd_file_info *mfi = file->private_data; 400 struct mtd_oob_ops ops; 401 uint32_t retlen; 402 int ret = 0; 403 404 if (!(file->f_mode & FMODE_WRITE)) 405 return -EPERM; 406 407 if (length > 4096) 408 return -EINVAL; 409 410 if (!mtd->write_oob) 411 ret = -EOPNOTSUPP; 412 else 413 ret = access_ok(VERIFY_READ, ptr, length) ? 0 : -EFAULT; 414 415 if (ret) 416 return ret; 417 418 ops.ooblen = length; 419 ops.ooboffs = start & (mtd->writesize - 1); 420 ops.datbuf = NULL; 421 ops.mode = (mfi->mode == MTD_FILE_MODE_RAW) ? MTD_OPS_RAW : 422 MTD_OPS_PLACE_OOB; 423 424 if (ops.ooboffs && ops.ooblen > (mtd->oobsize - ops.ooboffs)) 425 return -EINVAL; 426 427 ops.oobbuf = memdup_user(ptr, length); 428 if (IS_ERR(ops.oobbuf)) 429 return PTR_ERR(ops.oobbuf); 430 431 start &= ~((uint64_t)mtd->writesize - 1); 432 ret = mtd_write_oob(mtd, start, &ops); 433 434 if (ops.oobretlen > 0xFFFFFFFFU) 435 ret = -EOVERFLOW; 436 retlen = ops.oobretlen; 437 if (copy_to_user(retp, &retlen, sizeof(length))) 438 ret = -EFAULT; 439 440 kfree(ops.oobbuf); 441 return ret; 442 } 443 444 static int mtdchar_readoob(struct file *file, struct mtd_info *mtd, 445 uint64_t start, uint32_t length, void __user *ptr, 446 uint32_t __user *retp) 447 { 448 struct mtd_file_info *mfi = file->private_data; 449 struct mtd_oob_ops ops; 450 int ret = 0; 451 452 if (length > 4096) 453 return -EINVAL; 454 455 if (!mtd->read_oob) 456 ret = -EOPNOTSUPP; 457 else 458 ret = access_ok(VERIFY_WRITE, ptr, 459 length) ? 0 : -EFAULT; 460 if (ret) 461 return ret; 462 463 ops.ooblen = length; 464 ops.ooboffs = start & (mtd->writesize - 1); 465 ops.datbuf = NULL; 466 ops.mode = (mfi->mode == MTD_FILE_MODE_RAW) ? MTD_OPS_RAW : 467 MTD_OPS_PLACE_OOB; 468 469 if (ops.ooboffs && ops.ooblen > (mtd->oobsize - ops.ooboffs)) 470 return -EINVAL; 471 472 ops.oobbuf = kmalloc(length, GFP_KERNEL); 473 if (!ops.oobbuf) 474 return -ENOMEM; 475 476 start &= ~((uint64_t)mtd->writesize - 1); 477 ret = mtd_read_oob(mtd, start, &ops); 478 479 if (put_user(ops.oobretlen, retp)) 480 ret = -EFAULT; 481 else if (ops.oobretlen && copy_to_user(ptr, ops.oobbuf, 482 ops.oobretlen)) 483 ret = -EFAULT; 484 485 kfree(ops.oobbuf); 486 487 /* 488 * NAND returns -EBADMSG on ECC errors, but it returns the OOB 489 * data. For our userspace tools it is important to dump areas 490 * with ECC errors! 491 * For kernel internal usage it also might return -EUCLEAN 492 * to signal the caller that a bitflip has occured and has 493 * been corrected by the ECC algorithm. 494 * 495 * Note: currently the standard NAND function, nand_read_oob_std, 496 * does not calculate ECC for the OOB area, so do not rely on 497 * this behavior unless you have replaced it with your own. 498 */ 499 if (mtd_is_bitflip_or_eccerr(ret)) 500 return 0; 501 502 return ret; 503 } 504 505 /* 506 * Copies (and truncates, if necessary) data from the larger struct, 507 * nand_ecclayout, to the smaller, deprecated layout struct, 508 * nand_ecclayout_user. This is necessary only to support the deprecated 509 * API ioctl ECCGETLAYOUT while allowing all new functionality to use 510 * nand_ecclayout flexibly (i.e. the struct may change size in new 511 * releases without requiring major rewrites). 512 */ 513 static int shrink_ecclayout(const struct nand_ecclayout *from, 514 struct nand_ecclayout_user *to) 515 { 516 int i; 517 518 if (!from || !to) 519 return -EINVAL; 520 521 memset(to, 0, sizeof(*to)); 522 523 to->eccbytes = min((int)from->eccbytes, MTD_MAX_ECCPOS_ENTRIES); 524 for (i = 0; i < to->eccbytes; i++) 525 to->eccpos[i] = from->eccpos[i]; 526 527 for (i = 0; i < MTD_MAX_OOBFREE_ENTRIES; i++) { 528 if (from->oobfree[i].length == 0 && 529 from->oobfree[i].offset == 0) 530 break; 531 to->oobavail += from->oobfree[i].length; 532 to->oobfree[i] = from->oobfree[i]; 533 } 534 535 return 0; 536 } 537 538 static int mtdchar_blkpg_ioctl(struct mtd_info *mtd, 539 struct blkpg_ioctl_arg __user *arg) 540 { 541 struct blkpg_ioctl_arg a; 542 struct blkpg_partition p; 543 544 if (!capable(CAP_SYS_ADMIN)) 545 return -EPERM; 546 547 if (copy_from_user(&a, arg, sizeof(struct blkpg_ioctl_arg))) 548 return -EFAULT; 549 550 if (copy_from_user(&p, a.data, sizeof(struct blkpg_partition))) 551 return -EFAULT; 552 553 switch (a.op) { 554 case BLKPG_ADD_PARTITION: 555 556 /* Only master mtd device must be used to add partitions */ 557 if (mtd_is_partition(mtd)) 558 return -EINVAL; 559 560 return mtd_add_partition(mtd, p.devname, p.start, p.length); 561 562 case BLKPG_DEL_PARTITION: 563 564 if (p.pno < 0) 565 return -EINVAL; 566 567 return mtd_del_partition(mtd, p.pno); 568 569 default: 570 return -EINVAL; 571 } 572 } 573 574 static int mtdchar_write_ioctl(struct mtd_info *mtd, 575 struct mtd_write_req __user *argp) 576 { 577 struct mtd_write_req req; 578 struct mtd_oob_ops ops; 579 void __user *usr_data, *usr_oob; 580 int ret; 581 582 if (copy_from_user(&req, argp, sizeof(req)) || 583 !access_ok(VERIFY_READ, req.usr_data, req.len) || 584 !access_ok(VERIFY_READ, req.usr_oob, req.ooblen)) 585 return -EFAULT; 586 if (!mtd->write_oob) 587 return -EOPNOTSUPP; 588 589 ops.mode = req.mode; 590 ops.len = (size_t)req.len; 591 ops.ooblen = (size_t)req.ooblen; 592 ops.ooboffs = 0; 593 594 usr_data = (void __user *)(uintptr_t)req.usr_data; 595 usr_oob = (void __user *)(uintptr_t)req.usr_oob; 596 597 if (req.usr_data) { 598 ops.datbuf = memdup_user(usr_data, ops.len); 599 if (IS_ERR(ops.datbuf)) 600 return PTR_ERR(ops.datbuf); 601 } else { 602 ops.datbuf = NULL; 603 } 604 605 if (req.usr_oob) { 606 ops.oobbuf = memdup_user(usr_oob, ops.ooblen); 607 if (IS_ERR(ops.oobbuf)) { 608 kfree(ops.datbuf); 609 return PTR_ERR(ops.oobbuf); 610 } 611 } else { 612 ops.oobbuf = NULL; 613 } 614 615 ret = mtd_write_oob(mtd, (loff_t)req.start, &ops); 616 617 kfree(ops.datbuf); 618 kfree(ops.oobbuf); 619 620 return ret; 621 } 622 623 static int mtdchar_ioctl(struct file *file, u_int cmd, u_long arg) 624 { 625 struct mtd_file_info *mfi = file->private_data; 626 struct mtd_info *mtd = mfi->mtd; 627 void __user *argp = (void __user *)arg; 628 int ret = 0; 629 u_long size; 630 struct mtd_info_user info; 631 632 pr_debug("MTD_ioctl\n"); 633 634 size = (cmd & IOCSIZE_MASK) >> IOCSIZE_SHIFT; 635 if (cmd & IOC_IN) { 636 if (!access_ok(VERIFY_READ, argp, size)) 637 return -EFAULT; 638 } 639 if (cmd & IOC_OUT) { 640 if (!access_ok(VERIFY_WRITE, argp, size)) 641 return -EFAULT; 642 } 643 644 switch (cmd) { 645 case MEMGETREGIONCOUNT: 646 if (copy_to_user(argp, &(mtd->numeraseregions), sizeof(int))) 647 return -EFAULT; 648 break; 649 650 case MEMGETREGIONINFO: 651 { 652 uint32_t ur_idx; 653 struct mtd_erase_region_info *kr; 654 struct region_info_user __user *ur = argp; 655 656 if (get_user(ur_idx, &(ur->regionindex))) 657 return -EFAULT; 658 659 if (ur_idx >= mtd->numeraseregions) 660 return -EINVAL; 661 662 kr = &(mtd->eraseregions[ur_idx]); 663 664 if (put_user(kr->offset, &(ur->offset)) 665 || put_user(kr->erasesize, &(ur->erasesize)) 666 || put_user(kr->numblocks, &(ur->numblocks))) 667 return -EFAULT; 668 669 break; 670 } 671 672 case MEMGETINFO: 673 memset(&info, 0, sizeof(info)); 674 info.type = mtd->type; 675 info.flags = mtd->flags; 676 info.size = mtd->size; 677 info.erasesize = mtd->erasesize; 678 info.writesize = mtd->writesize; 679 info.oobsize = mtd->oobsize; 680 /* The below field is obsolete */ 681 info.padding = 0; 682 if (copy_to_user(argp, &info, sizeof(struct mtd_info_user))) 683 return -EFAULT; 684 break; 685 686 case MEMERASE: 687 case MEMERASE64: 688 { 689 struct erase_info *erase; 690 691 if(!(file->f_mode & FMODE_WRITE)) 692 return -EPERM; 693 694 erase=kzalloc(sizeof(struct erase_info),GFP_KERNEL); 695 if (!erase) 696 ret = -ENOMEM; 697 else { 698 wait_queue_head_t waitq; 699 DECLARE_WAITQUEUE(wait, current); 700 701 init_waitqueue_head(&waitq); 702 703 if (cmd == MEMERASE64) { 704 struct erase_info_user64 einfo64; 705 706 if (copy_from_user(&einfo64, argp, 707 sizeof(struct erase_info_user64))) { 708 kfree(erase); 709 return -EFAULT; 710 } 711 erase->addr = einfo64.start; 712 erase->len = einfo64.length; 713 } else { 714 struct erase_info_user einfo32; 715 716 if (copy_from_user(&einfo32, argp, 717 sizeof(struct erase_info_user))) { 718 kfree(erase); 719 return -EFAULT; 720 } 721 erase->addr = einfo32.start; 722 erase->len = einfo32.length; 723 } 724 erase->mtd = mtd; 725 erase->callback = mtdchar_erase_callback; 726 erase->priv = (unsigned long)&waitq; 727 728 /* 729 FIXME: Allow INTERRUPTIBLE. Which means 730 not having the wait_queue head on the stack. 731 732 If the wq_head is on the stack, and we 733 leave because we got interrupted, then the 734 wq_head is no longer there when the 735 callback routine tries to wake us up. 736 */ 737 ret = mtd_erase(mtd, erase); 738 if (!ret) { 739 set_current_state(TASK_UNINTERRUPTIBLE); 740 add_wait_queue(&waitq, &wait); 741 if (erase->state != MTD_ERASE_DONE && 742 erase->state != MTD_ERASE_FAILED) 743 schedule(); 744 remove_wait_queue(&waitq, &wait); 745 set_current_state(TASK_RUNNING); 746 747 ret = (erase->state == MTD_ERASE_FAILED)?-EIO:0; 748 } 749 kfree(erase); 750 } 751 break; 752 } 753 754 case MEMWRITEOOB: 755 { 756 struct mtd_oob_buf buf; 757 struct mtd_oob_buf __user *buf_user = argp; 758 759 /* NOTE: writes return length to buf_user->length */ 760 if (copy_from_user(&buf, argp, sizeof(buf))) 761 ret = -EFAULT; 762 else 763 ret = mtdchar_writeoob(file, mtd, buf.start, buf.length, 764 buf.ptr, &buf_user->length); 765 break; 766 } 767 768 case MEMREADOOB: 769 { 770 struct mtd_oob_buf buf; 771 struct mtd_oob_buf __user *buf_user = argp; 772 773 /* NOTE: writes return length to buf_user->start */ 774 if (copy_from_user(&buf, argp, sizeof(buf))) 775 ret = -EFAULT; 776 else 777 ret = mtdchar_readoob(file, mtd, buf.start, buf.length, 778 buf.ptr, &buf_user->start); 779 break; 780 } 781 782 case MEMWRITEOOB64: 783 { 784 struct mtd_oob_buf64 buf; 785 struct mtd_oob_buf64 __user *buf_user = argp; 786 787 if (copy_from_user(&buf, argp, sizeof(buf))) 788 ret = -EFAULT; 789 else 790 ret = mtdchar_writeoob(file, mtd, buf.start, buf.length, 791 (void __user *)(uintptr_t)buf.usr_ptr, 792 &buf_user->length); 793 break; 794 } 795 796 case MEMREADOOB64: 797 { 798 struct mtd_oob_buf64 buf; 799 struct mtd_oob_buf64 __user *buf_user = argp; 800 801 if (copy_from_user(&buf, argp, sizeof(buf))) 802 ret = -EFAULT; 803 else 804 ret = mtdchar_readoob(file, mtd, buf.start, buf.length, 805 (void __user *)(uintptr_t)buf.usr_ptr, 806 &buf_user->length); 807 break; 808 } 809 810 case MEMWRITE: 811 { 812 ret = mtdchar_write_ioctl(mtd, 813 (struct mtd_write_req __user *)arg); 814 break; 815 } 816 817 case MEMLOCK: 818 { 819 struct erase_info_user einfo; 820 821 if (copy_from_user(&einfo, argp, sizeof(einfo))) 822 return -EFAULT; 823 824 if (!mtd->lock) 825 ret = -EOPNOTSUPP; 826 else 827 ret = mtd_lock(mtd, einfo.start, einfo.length); 828 break; 829 } 830 831 case MEMUNLOCK: 832 { 833 struct erase_info_user einfo; 834 835 if (copy_from_user(&einfo, argp, sizeof(einfo))) 836 return -EFAULT; 837 838 if (!mtd->unlock) 839 ret = -EOPNOTSUPP; 840 else 841 ret = mtd_unlock(mtd, einfo.start, einfo.length); 842 break; 843 } 844 845 case MEMISLOCKED: 846 { 847 struct erase_info_user einfo; 848 849 if (copy_from_user(&einfo, argp, sizeof(einfo))) 850 return -EFAULT; 851 852 if (!mtd->is_locked) 853 ret = -EOPNOTSUPP; 854 else 855 ret = mtd_is_locked(mtd, einfo.start, einfo.length); 856 break; 857 } 858 859 /* Legacy interface */ 860 case MEMGETOOBSEL: 861 { 862 struct nand_oobinfo oi; 863 864 if (!mtd->ecclayout) 865 return -EOPNOTSUPP; 866 if (mtd->ecclayout->eccbytes > ARRAY_SIZE(oi.eccpos)) 867 return -EINVAL; 868 869 oi.useecc = MTD_NANDECC_AUTOPLACE; 870 memcpy(&oi.eccpos, mtd->ecclayout->eccpos, sizeof(oi.eccpos)); 871 memcpy(&oi.oobfree, mtd->ecclayout->oobfree, 872 sizeof(oi.oobfree)); 873 oi.eccbytes = mtd->ecclayout->eccbytes; 874 875 if (copy_to_user(argp, &oi, sizeof(struct nand_oobinfo))) 876 return -EFAULT; 877 break; 878 } 879 880 case MEMGETBADBLOCK: 881 { 882 loff_t offs; 883 884 if (copy_from_user(&offs, argp, sizeof(loff_t))) 885 return -EFAULT; 886 if (!mtd->block_isbad) 887 ret = -EOPNOTSUPP; 888 else 889 return mtd_block_isbad(mtd, offs); 890 break; 891 } 892 893 case MEMSETBADBLOCK: 894 { 895 loff_t offs; 896 897 if (copy_from_user(&offs, argp, sizeof(loff_t))) 898 return -EFAULT; 899 if (!mtd->block_markbad) 900 ret = -EOPNOTSUPP; 901 else 902 return mtd_block_markbad(mtd, offs); 903 break; 904 } 905 906 #ifdef CONFIG_HAVE_MTD_OTP 907 case OTPSELECT: 908 { 909 int mode; 910 if (copy_from_user(&mode, argp, sizeof(int))) 911 return -EFAULT; 912 913 mfi->mode = MTD_FILE_MODE_NORMAL; 914 915 ret = otp_select_filemode(mfi, mode); 916 917 file->f_pos = 0; 918 break; 919 } 920 921 case OTPGETREGIONCOUNT: 922 case OTPGETREGIONINFO: 923 { 924 struct otp_info *buf = kmalloc(4096, GFP_KERNEL); 925 if (!buf) 926 return -ENOMEM; 927 ret = -EOPNOTSUPP; 928 switch (mfi->mode) { 929 case MTD_FILE_MODE_OTP_FACTORY: 930 if (mtd->get_fact_prot_info) 931 ret = mtd_get_fact_prot_info(mtd, buf, 4096); 932 break; 933 case MTD_FILE_MODE_OTP_USER: 934 if (mtd->get_user_prot_info) 935 ret = mtd_get_user_prot_info(mtd, buf, 4096); 936 break; 937 default: 938 break; 939 } 940 if (ret >= 0) { 941 if (cmd == OTPGETREGIONCOUNT) { 942 int nbr = ret / sizeof(struct otp_info); 943 ret = copy_to_user(argp, &nbr, sizeof(int)); 944 } else 945 ret = copy_to_user(argp, buf, ret); 946 if (ret) 947 ret = -EFAULT; 948 } 949 kfree(buf); 950 break; 951 } 952 953 case OTPLOCK: 954 { 955 struct otp_info oinfo; 956 957 if (mfi->mode != MTD_FILE_MODE_OTP_USER) 958 return -EINVAL; 959 if (copy_from_user(&oinfo, argp, sizeof(oinfo))) 960 return -EFAULT; 961 if (!mtd->lock_user_prot_reg) 962 return -EOPNOTSUPP; 963 ret = mtd_lock_user_prot_reg(mtd, oinfo.start, oinfo.length); 964 break; 965 } 966 #endif 967 968 /* This ioctl is being deprecated - it truncates the ECC layout */ 969 case ECCGETLAYOUT: 970 { 971 struct nand_ecclayout_user *usrlay; 972 973 if (!mtd->ecclayout) 974 return -EOPNOTSUPP; 975 976 usrlay = kmalloc(sizeof(*usrlay), GFP_KERNEL); 977 if (!usrlay) 978 return -ENOMEM; 979 980 shrink_ecclayout(mtd->ecclayout, usrlay); 981 982 if (copy_to_user(argp, usrlay, sizeof(*usrlay))) 983 ret = -EFAULT; 984 kfree(usrlay); 985 break; 986 } 987 988 case ECCGETSTATS: 989 { 990 if (copy_to_user(argp, &mtd->ecc_stats, 991 sizeof(struct mtd_ecc_stats))) 992 return -EFAULT; 993 break; 994 } 995 996 case MTDFILEMODE: 997 { 998 mfi->mode = 0; 999 1000 switch(arg) { 1001 case MTD_FILE_MODE_OTP_FACTORY: 1002 case MTD_FILE_MODE_OTP_USER: 1003 ret = otp_select_filemode(mfi, arg); 1004 break; 1005 1006 case MTD_FILE_MODE_RAW: 1007 if (!mtd_has_oob(mtd)) 1008 return -EOPNOTSUPP; 1009 mfi->mode = arg; 1010 1011 case MTD_FILE_MODE_NORMAL: 1012 break; 1013 default: 1014 ret = -EINVAL; 1015 } 1016 file->f_pos = 0; 1017 break; 1018 } 1019 1020 case BLKPG: 1021 { 1022 ret = mtdchar_blkpg_ioctl(mtd, 1023 (struct blkpg_ioctl_arg __user *)arg); 1024 break; 1025 } 1026 1027 case BLKRRPART: 1028 { 1029 /* No reread partition feature. Just return ok */ 1030 ret = 0; 1031 break; 1032 } 1033 1034 default: 1035 ret = -ENOTTY; 1036 } 1037 1038 return ret; 1039 } /* memory_ioctl */ 1040 1041 static long mtdchar_unlocked_ioctl(struct file *file, u_int cmd, u_long arg) 1042 { 1043 int ret; 1044 1045 mutex_lock(&mtd_mutex); 1046 ret = mtdchar_ioctl(file, cmd, arg); 1047 mutex_unlock(&mtd_mutex); 1048 1049 return ret; 1050 } 1051 1052 #ifdef CONFIG_COMPAT 1053 1054 struct mtd_oob_buf32 { 1055 u_int32_t start; 1056 u_int32_t length; 1057 compat_caddr_t ptr; /* unsigned char* */ 1058 }; 1059 1060 #define MEMWRITEOOB32 _IOWR('M', 3, struct mtd_oob_buf32) 1061 #define MEMREADOOB32 _IOWR('M', 4, struct mtd_oob_buf32) 1062 1063 static long mtdchar_compat_ioctl(struct file *file, unsigned int cmd, 1064 unsigned long arg) 1065 { 1066 struct mtd_file_info *mfi = file->private_data; 1067 struct mtd_info *mtd = mfi->mtd; 1068 void __user *argp = compat_ptr(arg); 1069 int ret = 0; 1070 1071 mutex_lock(&mtd_mutex); 1072 1073 switch (cmd) { 1074 case MEMWRITEOOB32: 1075 { 1076 struct mtd_oob_buf32 buf; 1077 struct mtd_oob_buf32 __user *buf_user = argp; 1078 1079 if (copy_from_user(&buf, argp, sizeof(buf))) 1080 ret = -EFAULT; 1081 else 1082 ret = mtdchar_writeoob(file, mtd, buf.start, 1083 buf.length, compat_ptr(buf.ptr), 1084 &buf_user->length); 1085 break; 1086 } 1087 1088 case MEMREADOOB32: 1089 { 1090 struct mtd_oob_buf32 buf; 1091 struct mtd_oob_buf32 __user *buf_user = argp; 1092 1093 /* NOTE: writes return length to buf->start */ 1094 if (copy_from_user(&buf, argp, sizeof(buf))) 1095 ret = -EFAULT; 1096 else 1097 ret = mtdchar_readoob(file, mtd, buf.start, 1098 buf.length, compat_ptr(buf.ptr), 1099 &buf_user->start); 1100 break; 1101 } 1102 default: 1103 ret = mtdchar_ioctl(file, cmd, (unsigned long)argp); 1104 } 1105 1106 mutex_unlock(&mtd_mutex); 1107 1108 return ret; 1109 } 1110 1111 #endif /* CONFIG_COMPAT */ 1112 1113 /* 1114 * try to determine where a shared mapping can be made 1115 * - only supported for NOMMU at the moment (MMU can't doesn't copy private 1116 * mappings) 1117 */ 1118 #ifndef CONFIG_MMU 1119 static unsigned long mtdchar_get_unmapped_area(struct file *file, 1120 unsigned long addr, 1121 unsigned long len, 1122 unsigned long pgoff, 1123 unsigned long flags) 1124 { 1125 struct mtd_file_info *mfi = file->private_data; 1126 struct mtd_info *mtd = mfi->mtd; 1127 unsigned long offset; 1128 int ret; 1129 1130 if (addr != 0) 1131 return (unsigned long) -EINVAL; 1132 1133 if (len > mtd->size || pgoff >= (mtd->size >> PAGE_SHIFT)) 1134 return (unsigned long) -EINVAL; 1135 1136 offset = pgoff << PAGE_SHIFT; 1137 if (offset > mtd->size - len) 1138 return (unsigned long) -EINVAL; 1139 1140 ret = mtd_get_unmapped_area(mtd, len, offset, flags); 1141 return ret == -EOPNOTSUPP ? -ENOSYS : ret; 1142 } 1143 #endif 1144 1145 /* 1146 * set up a mapping for shared memory segments 1147 */ 1148 static int mtdchar_mmap(struct file *file, struct vm_area_struct *vma) 1149 { 1150 #ifdef CONFIG_MMU 1151 struct mtd_file_info *mfi = file->private_data; 1152 struct mtd_info *mtd = mfi->mtd; 1153 struct map_info *map = mtd->priv; 1154 unsigned long start; 1155 unsigned long off; 1156 u32 len; 1157 1158 if (mtd->type == MTD_RAM || mtd->type == MTD_ROM) { 1159 off = vma->vm_pgoff << PAGE_SHIFT; 1160 start = map->phys; 1161 len = PAGE_ALIGN((start & ~PAGE_MASK) + map->size); 1162 start &= PAGE_MASK; 1163 if ((vma->vm_end - vma->vm_start + off) > len) 1164 return -EINVAL; 1165 1166 off += start; 1167 vma->vm_pgoff = off >> PAGE_SHIFT; 1168 vma->vm_flags |= VM_IO | VM_RESERVED; 1169 1170 #ifdef pgprot_noncached 1171 if (file->f_flags & O_DSYNC || off >= __pa(high_memory)) 1172 vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); 1173 #endif 1174 if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT, 1175 vma->vm_end - vma->vm_start, 1176 vma->vm_page_prot)) 1177 return -EAGAIN; 1178 1179 return 0; 1180 } 1181 return -ENOSYS; 1182 #else 1183 return vma->vm_flags & VM_SHARED ? 0 : -ENOSYS; 1184 #endif 1185 } 1186 1187 static const struct file_operations mtd_fops = { 1188 .owner = THIS_MODULE, 1189 .llseek = mtdchar_lseek, 1190 .read = mtdchar_read, 1191 .write = mtdchar_write, 1192 .unlocked_ioctl = mtdchar_unlocked_ioctl, 1193 #ifdef CONFIG_COMPAT 1194 .compat_ioctl = mtdchar_compat_ioctl, 1195 #endif 1196 .open = mtdchar_open, 1197 .release = mtdchar_close, 1198 .mmap = mtdchar_mmap, 1199 #ifndef CONFIG_MMU 1200 .get_unmapped_area = mtdchar_get_unmapped_area, 1201 #endif 1202 }; 1203 1204 static struct dentry *mtd_inodefs_mount(struct file_system_type *fs_type, 1205 int flags, const char *dev_name, void *data) 1206 { 1207 return mount_pseudo(fs_type, "mtd_inode:", NULL, NULL, MTD_INODE_FS_MAGIC); 1208 } 1209 1210 static struct file_system_type mtd_inodefs_type = { 1211 .name = "mtd_inodefs", 1212 .mount = mtd_inodefs_mount, 1213 .kill_sb = kill_anon_super, 1214 }; 1215 1216 static void mtdchar_notify_add(struct mtd_info *mtd) 1217 { 1218 } 1219 1220 static void mtdchar_notify_remove(struct mtd_info *mtd) 1221 { 1222 struct inode *mtd_ino = ilookup(mtd_inode_mnt->mnt_sb, mtd->index); 1223 1224 if (mtd_ino) { 1225 /* Destroy the inode if it exists */ 1226 clear_nlink(mtd_ino); 1227 iput(mtd_ino); 1228 } 1229 } 1230 1231 static struct mtd_notifier mtdchar_notifier = { 1232 .add = mtdchar_notify_add, 1233 .remove = mtdchar_notify_remove, 1234 }; 1235 1236 static int __init init_mtdchar(void) 1237 { 1238 int ret; 1239 1240 ret = __register_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, 1241 "mtd", &mtd_fops); 1242 if (ret < 0) { 1243 pr_notice("Can't allocate major number %d for " 1244 "Memory Technology Devices.\n", MTD_CHAR_MAJOR); 1245 return ret; 1246 } 1247 1248 ret = register_filesystem(&mtd_inodefs_type); 1249 if (ret) { 1250 pr_notice("Can't register mtd_inodefs filesystem: %d\n", ret); 1251 goto err_unregister_chdev; 1252 } 1253 1254 mtd_inode_mnt = kern_mount(&mtd_inodefs_type); 1255 if (IS_ERR(mtd_inode_mnt)) { 1256 ret = PTR_ERR(mtd_inode_mnt); 1257 pr_notice("Error mounting mtd_inodefs filesystem: %d\n", ret); 1258 goto err_unregister_filesystem; 1259 } 1260 register_mtd_user(&mtdchar_notifier); 1261 1262 return ret; 1263 1264 err_unregister_filesystem: 1265 unregister_filesystem(&mtd_inodefs_type); 1266 err_unregister_chdev: 1267 __unregister_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, "mtd"); 1268 return ret; 1269 } 1270 1271 static void __exit cleanup_mtdchar(void) 1272 { 1273 unregister_mtd_user(&mtdchar_notifier); 1274 kern_unmount(mtd_inode_mnt); 1275 unregister_filesystem(&mtd_inodefs_type); 1276 __unregister_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, "mtd"); 1277 } 1278 1279 module_init(init_mtdchar); 1280 module_exit(cleanup_mtdchar); 1281 1282 MODULE_ALIAS_CHARDEV_MAJOR(MTD_CHAR_MAJOR); 1283 1284 MODULE_LICENSE("GPL"); 1285 MODULE_AUTHOR("David Woodhouse <dwmw2@infradead.org>"); 1286 MODULE_DESCRIPTION("Direct character-device access to MTD devices"); 1287 MODULE_ALIAS_CHARDEV_MAJOR(MTD_CHAR_MAJOR); 1288