1 /* 2 * Copyright © 1999-2010 David Woodhouse <dwmw2@infradead.org> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation; either version 2 of the License, or 7 * (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, write to the Free Software 16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 17 * 18 */ 19 20 #include <linux/device.h> 21 #include <linux/fs.h> 22 #include <linux/mm.h> 23 #include <linux/err.h> 24 #include <linux/init.h> 25 #include <linux/kernel.h> 26 #include <linux/module.h> 27 #include <linux/slab.h> 28 #include <linux/sched.h> 29 #include <linux/mutex.h> 30 #include <linux/backing-dev.h> 31 #include <linux/compat.h> 32 #include <linux/mount.h> 33 #include <linux/blkpg.h> 34 #include <linux/mtd/mtd.h> 35 #include <linux/mtd/partitions.h> 36 #include <linux/mtd/map.h> 37 38 #include <asm/uaccess.h> 39 40 #define MTD_INODE_FS_MAGIC 0x11307854 41 static DEFINE_MUTEX(mtd_mutex); 42 static struct vfsmount *mtd_inode_mnt __read_mostly; 43 44 /* 45 * Data structure to hold the pointer to the mtd device as well 46 * as mode information of various use cases. 47 */ 48 struct mtd_file_info { 49 struct mtd_info *mtd; 50 struct inode *ino; 51 enum mtd_file_modes mode; 52 }; 53 54 static loff_t mtdchar_lseek(struct file *file, loff_t offset, int orig) 55 { 56 struct mtd_file_info *mfi = file->private_data; 57 struct mtd_info *mtd = mfi->mtd; 58 59 switch (orig) { 60 case SEEK_SET: 61 break; 62 case SEEK_CUR: 63 offset += file->f_pos; 64 break; 65 case SEEK_END: 66 offset += mtd->size; 67 break; 68 default: 69 return -EINVAL; 70 } 71 72 if (offset >= 0 && offset <= mtd->size) 73 return file->f_pos = offset; 74 75 return -EINVAL; 76 } 77 78 79 80 static int mtdchar_open(struct inode *inode, struct file *file) 81 { 82 int minor = iminor(inode); 83 int devnum = minor >> 1; 84 int ret = 0; 85 struct mtd_info *mtd; 86 struct mtd_file_info *mfi; 87 struct inode *mtd_ino; 88 89 pr_debug("MTD_open\n"); 90 91 /* You can't open the RO devices RW */ 92 if ((file->f_mode & FMODE_WRITE) && (minor & 1)) 93 return -EACCES; 94 95 mutex_lock(&mtd_mutex); 96 mtd = get_mtd_device(NULL, devnum); 97 98 if (IS_ERR(mtd)) { 99 ret = PTR_ERR(mtd); 100 goto out; 101 } 102 103 if (mtd->type == MTD_ABSENT) { 104 put_mtd_device(mtd); 105 ret = -ENODEV; 106 goto out; 107 } 108 109 mtd_ino = iget_locked(mtd_inode_mnt->mnt_sb, devnum); 110 if (!mtd_ino) { 111 put_mtd_device(mtd); 112 ret = -ENOMEM; 113 goto out; 114 } 115 if (mtd_ino->i_state & I_NEW) { 116 mtd_ino->i_private = mtd; 117 mtd_ino->i_mode = S_IFCHR; 118 mtd_ino->i_data.backing_dev_info = mtd->backing_dev_info; 119 unlock_new_inode(mtd_ino); 120 } 121 file->f_mapping = mtd_ino->i_mapping; 122 123 /* You can't open it RW if it's not a writeable device */ 124 if ((file->f_mode & FMODE_WRITE) && !(mtd->flags & MTD_WRITEABLE)) { 125 iput(mtd_ino); 126 put_mtd_device(mtd); 127 ret = -EACCES; 128 goto out; 129 } 130 131 mfi = kzalloc(sizeof(*mfi), GFP_KERNEL); 132 if (!mfi) { 133 iput(mtd_ino); 134 put_mtd_device(mtd); 135 ret = -ENOMEM; 136 goto out; 137 } 138 mfi->ino = mtd_ino; 139 mfi->mtd = mtd; 140 file->private_data = mfi; 141 142 out: 143 mutex_unlock(&mtd_mutex); 144 return ret; 145 } /* mtdchar_open */ 146 147 /*====================================================================*/ 148 149 static int mtdchar_close(struct inode *inode, struct file *file) 150 { 151 struct mtd_file_info *mfi = file->private_data; 152 struct mtd_info *mtd = mfi->mtd; 153 154 pr_debug("MTD_close\n"); 155 156 /* Only sync if opened RW */ 157 if ((file->f_mode & FMODE_WRITE) && mtd->sync) 158 mtd_sync(mtd); 159 160 iput(mfi->ino); 161 162 put_mtd_device(mtd); 163 file->private_data = NULL; 164 kfree(mfi); 165 166 return 0; 167 } /* mtdchar_close */ 168 169 /* Back in June 2001, dwmw2 wrote: 170 * 171 * FIXME: This _really_ needs to die. In 2.5, we should lock the 172 * userspace buffer down and use it directly with readv/writev. 173 * 174 * The implementation below, using mtd_kmalloc_up_to, mitigates 175 * allocation failures when the system is under low-memory situations 176 * or if memory is highly fragmented at the cost of reducing the 177 * performance of the requested transfer due to a smaller buffer size. 178 * 179 * A more complex but more memory-efficient implementation based on 180 * get_user_pages and iovecs to cover extents of those pages is a 181 * longer-term goal, as intimated by dwmw2 above. However, for the 182 * write case, this requires yet more complex head and tail transfer 183 * handling when those head and tail offsets and sizes are such that 184 * alignment requirements are not met in the NAND subdriver. 185 */ 186 187 static ssize_t mtdchar_read(struct file *file, char __user *buf, size_t count, 188 loff_t *ppos) 189 { 190 struct mtd_file_info *mfi = file->private_data; 191 struct mtd_info *mtd = mfi->mtd; 192 size_t retlen; 193 size_t total_retlen=0; 194 int ret=0; 195 int len; 196 size_t size = count; 197 char *kbuf; 198 199 pr_debug("MTD_read\n"); 200 201 if (*ppos + count > mtd->size) 202 count = mtd->size - *ppos; 203 204 if (!count) 205 return 0; 206 207 kbuf = mtd_kmalloc_up_to(mtd, &size); 208 if (!kbuf) 209 return -ENOMEM; 210 211 while (count) { 212 len = min_t(size_t, count, size); 213 214 switch (mfi->mode) { 215 case MTD_FILE_MODE_OTP_FACTORY: 216 ret = mtd_read_fact_prot_reg(mtd, *ppos, len, 217 &retlen, kbuf); 218 break; 219 case MTD_FILE_MODE_OTP_USER: 220 ret = mtd_read_user_prot_reg(mtd, *ppos, len, 221 &retlen, kbuf); 222 break; 223 case MTD_FILE_MODE_RAW: 224 { 225 struct mtd_oob_ops ops; 226 227 ops.mode = MTD_OPS_RAW; 228 ops.datbuf = kbuf; 229 ops.oobbuf = NULL; 230 ops.len = len; 231 232 ret = mtd_read_oob(mtd, *ppos, &ops); 233 retlen = ops.retlen; 234 break; 235 } 236 default: 237 ret = mtd_read(mtd, *ppos, len, &retlen, kbuf); 238 } 239 /* Nand returns -EBADMSG on ECC errors, but it returns 240 * the data. For our userspace tools it is important 241 * to dump areas with ECC errors! 242 * For kernel internal usage it also might return -EUCLEAN 243 * to signal the caller that a bitflip has occurred and has 244 * been corrected by the ECC algorithm. 245 * Userspace software which accesses NAND this way 246 * must be aware of the fact that it deals with NAND 247 */ 248 if (!ret || mtd_is_bitflip_or_eccerr(ret)) { 249 *ppos += retlen; 250 if (copy_to_user(buf, kbuf, retlen)) { 251 kfree(kbuf); 252 return -EFAULT; 253 } 254 else 255 total_retlen += retlen; 256 257 count -= retlen; 258 buf += retlen; 259 if (retlen == 0) 260 count = 0; 261 } 262 else { 263 kfree(kbuf); 264 return ret; 265 } 266 267 } 268 269 kfree(kbuf); 270 return total_retlen; 271 } /* mtdchar_read */ 272 273 static ssize_t mtdchar_write(struct file *file, const char __user *buf, size_t count, 274 loff_t *ppos) 275 { 276 struct mtd_file_info *mfi = file->private_data; 277 struct mtd_info *mtd = mfi->mtd; 278 size_t size = count; 279 char *kbuf; 280 size_t retlen; 281 size_t total_retlen=0; 282 int ret=0; 283 int len; 284 285 pr_debug("MTD_write\n"); 286 287 if (*ppos == mtd->size) 288 return -ENOSPC; 289 290 if (*ppos + count > mtd->size) 291 count = mtd->size - *ppos; 292 293 if (!count) 294 return 0; 295 296 kbuf = mtd_kmalloc_up_to(mtd, &size); 297 if (!kbuf) 298 return -ENOMEM; 299 300 while (count) { 301 len = min_t(size_t, count, size); 302 303 if (copy_from_user(kbuf, buf, len)) { 304 kfree(kbuf); 305 return -EFAULT; 306 } 307 308 switch (mfi->mode) { 309 case MTD_FILE_MODE_OTP_FACTORY: 310 ret = -EROFS; 311 break; 312 case MTD_FILE_MODE_OTP_USER: 313 if (!mtd->write_user_prot_reg) { 314 ret = -EOPNOTSUPP; 315 break; 316 } 317 ret = mtd_write_user_prot_reg(mtd, *ppos, len, 318 &retlen, kbuf); 319 break; 320 321 case MTD_FILE_MODE_RAW: 322 { 323 struct mtd_oob_ops ops; 324 325 ops.mode = MTD_OPS_RAW; 326 ops.datbuf = kbuf; 327 ops.oobbuf = NULL; 328 ops.ooboffs = 0; 329 ops.len = len; 330 331 ret = mtd_write_oob(mtd, *ppos, &ops); 332 retlen = ops.retlen; 333 break; 334 } 335 336 default: 337 ret = mtd_write(mtd, *ppos, len, &retlen, kbuf); 338 } 339 if (!ret) { 340 *ppos += retlen; 341 total_retlen += retlen; 342 count -= retlen; 343 buf += retlen; 344 } 345 else { 346 kfree(kbuf); 347 return ret; 348 } 349 } 350 351 kfree(kbuf); 352 return total_retlen; 353 } /* mtdchar_write */ 354 355 /*====================================================================== 356 357 IOCTL calls for getting device parameters. 358 359 ======================================================================*/ 360 static void mtdchar_erase_callback (struct erase_info *instr) 361 { 362 wake_up((wait_queue_head_t *)instr->priv); 363 } 364 365 #ifdef CONFIG_HAVE_MTD_OTP 366 static int otp_select_filemode(struct mtd_file_info *mfi, int mode) 367 { 368 struct mtd_info *mtd = mfi->mtd; 369 int ret = 0; 370 371 switch (mode) { 372 case MTD_OTP_FACTORY: 373 if (!mtd->read_fact_prot_reg) 374 ret = -EOPNOTSUPP; 375 else 376 mfi->mode = MTD_FILE_MODE_OTP_FACTORY; 377 break; 378 case MTD_OTP_USER: 379 if (!mtd->read_fact_prot_reg) 380 ret = -EOPNOTSUPP; 381 else 382 mfi->mode = MTD_FILE_MODE_OTP_USER; 383 break; 384 default: 385 ret = -EINVAL; 386 case MTD_OTP_OFF: 387 break; 388 } 389 return ret; 390 } 391 #else 392 # define otp_select_filemode(f,m) -EOPNOTSUPP 393 #endif 394 395 static int mtdchar_writeoob(struct file *file, struct mtd_info *mtd, 396 uint64_t start, uint32_t length, void __user *ptr, 397 uint32_t __user *retp) 398 { 399 struct mtd_file_info *mfi = file->private_data; 400 struct mtd_oob_ops ops; 401 uint32_t retlen; 402 int ret = 0; 403 404 if (!(file->f_mode & FMODE_WRITE)) 405 return -EPERM; 406 407 if (length > 4096) 408 return -EINVAL; 409 410 if (!mtd->write_oob) 411 ret = -EOPNOTSUPP; 412 else 413 ret = access_ok(VERIFY_READ, ptr, length) ? 0 : -EFAULT; 414 415 if (ret) 416 return ret; 417 418 ops.ooblen = length; 419 ops.ooboffs = start & (mtd->writesize - 1); 420 ops.datbuf = NULL; 421 ops.mode = (mfi->mode == MTD_FILE_MODE_RAW) ? MTD_OPS_RAW : 422 MTD_OPS_PLACE_OOB; 423 424 if (ops.ooboffs && ops.ooblen > (mtd->oobsize - ops.ooboffs)) 425 return -EINVAL; 426 427 ops.oobbuf = memdup_user(ptr, length); 428 if (IS_ERR(ops.oobbuf)) 429 return PTR_ERR(ops.oobbuf); 430 431 start &= ~((uint64_t)mtd->writesize - 1); 432 ret = mtd_write_oob(mtd, start, &ops); 433 434 if (ops.oobretlen > 0xFFFFFFFFU) 435 ret = -EOVERFLOW; 436 retlen = ops.oobretlen; 437 if (copy_to_user(retp, &retlen, sizeof(length))) 438 ret = -EFAULT; 439 440 kfree(ops.oobbuf); 441 return ret; 442 } 443 444 static int mtdchar_readoob(struct file *file, struct mtd_info *mtd, 445 uint64_t start, uint32_t length, void __user *ptr, 446 uint32_t __user *retp) 447 { 448 struct mtd_file_info *mfi = file->private_data; 449 struct mtd_oob_ops ops; 450 int ret = 0; 451 452 if (length > 4096) 453 return -EINVAL; 454 455 if (!access_ok(VERIFY_WRITE, ptr, length)) 456 return -EFAULT; 457 458 ops.ooblen = length; 459 ops.ooboffs = start & (mtd->writesize - 1); 460 ops.datbuf = NULL; 461 ops.mode = (mfi->mode == MTD_FILE_MODE_RAW) ? MTD_OPS_RAW : 462 MTD_OPS_PLACE_OOB; 463 464 if (ops.ooboffs && ops.ooblen > (mtd->oobsize - ops.ooboffs)) 465 return -EINVAL; 466 467 ops.oobbuf = kmalloc(length, GFP_KERNEL); 468 if (!ops.oobbuf) 469 return -ENOMEM; 470 471 start &= ~((uint64_t)mtd->writesize - 1); 472 ret = mtd_read_oob(mtd, start, &ops); 473 474 if (put_user(ops.oobretlen, retp)) 475 ret = -EFAULT; 476 else if (ops.oobretlen && copy_to_user(ptr, ops.oobbuf, 477 ops.oobretlen)) 478 ret = -EFAULT; 479 480 kfree(ops.oobbuf); 481 482 /* 483 * NAND returns -EBADMSG on ECC errors, but it returns the OOB 484 * data. For our userspace tools it is important to dump areas 485 * with ECC errors! 486 * For kernel internal usage it also might return -EUCLEAN 487 * to signal the caller that a bitflip has occured and has 488 * been corrected by the ECC algorithm. 489 * 490 * Note: currently the standard NAND function, nand_read_oob_std, 491 * does not calculate ECC for the OOB area, so do not rely on 492 * this behavior unless you have replaced it with your own. 493 */ 494 if (mtd_is_bitflip_or_eccerr(ret)) 495 return 0; 496 497 return ret; 498 } 499 500 /* 501 * Copies (and truncates, if necessary) data from the larger struct, 502 * nand_ecclayout, to the smaller, deprecated layout struct, 503 * nand_ecclayout_user. This is necessary only to support the deprecated 504 * API ioctl ECCGETLAYOUT while allowing all new functionality to use 505 * nand_ecclayout flexibly (i.e. the struct may change size in new 506 * releases without requiring major rewrites). 507 */ 508 static int shrink_ecclayout(const struct nand_ecclayout *from, 509 struct nand_ecclayout_user *to) 510 { 511 int i; 512 513 if (!from || !to) 514 return -EINVAL; 515 516 memset(to, 0, sizeof(*to)); 517 518 to->eccbytes = min((int)from->eccbytes, MTD_MAX_ECCPOS_ENTRIES); 519 for (i = 0; i < to->eccbytes; i++) 520 to->eccpos[i] = from->eccpos[i]; 521 522 for (i = 0; i < MTD_MAX_OOBFREE_ENTRIES; i++) { 523 if (from->oobfree[i].length == 0 && 524 from->oobfree[i].offset == 0) 525 break; 526 to->oobavail += from->oobfree[i].length; 527 to->oobfree[i] = from->oobfree[i]; 528 } 529 530 return 0; 531 } 532 533 static int mtdchar_blkpg_ioctl(struct mtd_info *mtd, 534 struct blkpg_ioctl_arg __user *arg) 535 { 536 struct blkpg_ioctl_arg a; 537 struct blkpg_partition p; 538 539 if (!capable(CAP_SYS_ADMIN)) 540 return -EPERM; 541 542 if (copy_from_user(&a, arg, sizeof(struct blkpg_ioctl_arg))) 543 return -EFAULT; 544 545 if (copy_from_user(&p, a.data, sizeof(struct blkpg_partition))) 546 return -EFAULT; 547 548 switch (a.op) { 549 case BLKPG_ADD_PARTITION: 550 551 /* Only master mtd device must be used to add partitions */ 552 if (mtd_is_partition(mtd)) 553 return -EINVAL; 554 555 return mtd_add_partition(mtd, p.devname, p.start, p.length); 556 557 case BLKPG_DEL_PARTITION: 558 559 if (p.pno < 0) 560 return -EINVAL; 561 562 return mtd_del_partition(mtd, p.pno); 563 564 default: 565 return -EINVAL; 566 } 567 } 568 569 static int mtdchar_write_ioctl(struct mtd_info *mtd, 570 struct mtd_write_req __user *argp) 571 { 572 struct mtd_write_req req; 573 struct mtd_oob_ops ops; 574 void __user *usr_data, *usr_oob; 575 int ret; 576 577 if (copy_from_user(&req, argp, sizeof(req)) || 578 !access_ok(VERIFY_READ, req.usr_data, req.len) || 579 !access_ok(VERIFY_READ, req.usr_oob, req.ooblen)) 580 return -EFAULT; 581 if (!mtd->write_oob) 582 return -EOPNOTSUPP; 583 584 ops.mode = req.mode; 585 ops.len = (size_t)req.len; 586 ops.ooblen = (size_t)req.ooblen; 587 ops.ooboffs = 0; 588 589 usr_data = (void __user *)(uintptr_t)req.usr_data; 590 usr_oob = (void __user *)(uintptr_t)req.usr_oob; 591 592 if (req.usr_data) { 593 ops.datbuf = memdup_user(usr_data, ops.len); 594 if (IS_ERR(ops.datbuf)) 595 return PTR_ERR(ops.datbuf); 596 } else { 597 ops.datbuf = NULL; 598 } 599 600 if (req.usr_oob) { 601 ops.oobbuf = memdup_user(usr_oob, ops.ooblen); 602 if (IS_ERR(ops.oobbuf)) { 603 kfree(ops.datbuf); 604 return PTR_ERR(ops.oobbuf); 605 } 606 } else { 607 ops.oobbuf = NULL; 608 } 609 610 ret = mtd_write_oob(mtd, (loff_t)req.start, &ops); 611 612 kfree(ops.datbuf); 613 kfree(ops.oobbuf); 614 615 return ret; 616 } 617 618 static int mtdchar_ioctl(struct file *file, u_int cmd, u_long arg) 619 { 620 struct mtd_file_info *mfi = file->private_data; 621 struct mtd_info *mtd = mfi->mtd; 622 void __user *argp = (void __user *)arg; 623 int ret = 0; 624 u_long size; 625 struct mtd_info_user info; 626 627 pr_debug("MTD_ioctl\n"); 628 629 size = (cmd & IOCSIZE_MASK) >> IOCSIZE_SHIFT; 630 if (cmd & IOC_IN) { 631 if (!access_ok(VERIFY_READ, argp, size)) 632 return -EFAULT; 633 } 634 if (cmd & IOC_OUT) { 635 if (!access_ok(VERIFY_WRITE, argp, size)) 636 return -EFAULT; 637 } 638 639 switch (cmd) { 640 case MEMGETREGIONCOUNT: 641 if (copy_to_user(argp, &(mtd->numeraseregions), sizeof(int))) 642 return -EFAULT; 643 break; 644 645 case MEMGETREGIONINFO: 646 { 647 uint32_t ur_idx; 648 struct mtd_erase_region_info *kr; 649 struct region_info_user __user *ur = argp; 650 651 if (get_user(ur_idx, &(ur->regionindex))) 652 return -EFAULT; 653 654 if (ur_idx >= mtd->numeraseregions) 655 return -EINVAL; 656 657 kr = &(mtd->eraseregions[ur_idx]); 658 659 if (put_user(kr->offset, &(ur->offset)) 660 || put_user(kr->erasesize, &(ur->erasesize)) 661 || put_user(kr->numblocks, &(ur->numblocks))) 662 return -EFAULT; 663 664 break; 665 } 666 667 case MEMGETINFO: 668 memset(&info, 0, sizeof(info)); 669 info.type = mtd->type; 670 info.flags = mtd->flags; 671 info.size = mtd->size; 672 info.erasesize = mtd->erasesize; 673 info.writesize = mtd->writesize; 674 info.oobsize = mtd->oobsize; 675 /* The below field is obsolete */ 676 info.padding = 0; 677 if (copy_to_user(argp, &info, sizeof(struct mtd_info_user))) 678 return -EFAULT; 679 break; 680 681 case MEMERASE: 682 case MEMERASE64: 683 { 684 struct erase_info *erase; 685 686 if(!(file->f_mode & FMODE_WRITE)) 687 return -EPERM; 688 689 erase=kzalloc(sizeof(struct erase_info),GFP_KERNEL); 690 if (!erase) 691 ret = -ENOMEM; 692 else { 693 wait_queue_head_t waitq; 694 DECLARE_WAITQUEUE(wait, current); 695 696 init_waitqueue_head(&waitq); 697 698 if (cmd == MEMERASE64) { 699 struct erase_info_user64 einfo64; 700 701 if (copy_from_user(&einfo64, argp, 702 sizeof(struct erase_info_user64))) { 703 kfree(erase); 704 return -EFAULT; 705 } 706 erase->addr = einfo64.start; 707 erase->len = einfo64.length; 708 } else { 709 struct erase_info_user einfo32; 710 711 if (copy_from_user(&einfo32, argp, 712 sizeof(struct erase_info_user))) { 713 kfree(erase); 714 return -EFAULT; 715 } 716 erase->addr = einfo32.start; 717 erase->len = einfo32.length; 718 } 719 erase->mtd = mtd; 720 erase->callback = mtdchar_erase_callback; 721 erase->priv = (unsigned long)&waitq; 722 723 /* 724 FIXME: Allow INTERRUPTIBLE. Which means 725 not having the wait_queue head on the stack. 726 727 If the wq_head is on the stack, and we 728 leave because we got interrupted, then the 729 wq_head is no longer there when the 730 callback routine tries to wake us up. 731 */ 732 ret = mtd_erase(mtd, erase); 733 if (!ret) { 734 set_current_state(TASK_UNINTERRUPTIBLE); 735 add_wait_queue(&waitq, &wait); 736 if (erase->state != MTD_ERASE_DONE && 737 erase->state != MTD_ERASE_FAILED) 738 schedule(); 739 remove_wait_queue(&waitq, &wait); 740 set_current_state(TASK_RUNNING); 741 742 ret = (erase->state == MTD_ERASE_FAILED)?-EIO:0; 743 } 744 kfree(erase); 745 } 746 break; 747 } 748 749 case MEMWRITEOOB: 750 { 751 struct mtd_oob_buf buf; 752 struct mtd_oob_buf __user *buf_user = argp; 753 754 /* NOTE: writes return length to buf_user->length */ 755 if (copy_from_user(&buf, argp, sizeof(buf))) 756 ret = -EFAULT; 757 else 758 ret = mtdchar_writeoob(file, mtd, buf.start, buf.length, 759 buf.ptr, &buf_user->length); 760 break; 761 } 762 763 case MEMREADOOB: 764 { 765 struct mtd_oob_buf buf; 766 struct mtd_oob_buf __user *buf_user = argp; 767 768 /* NOTE: writes return length to buf_user->start */ 769 if (copy_from_user(&buf, argp, sizeof(buf))) 770 ret = -EFAULT; 771 else 772 ret = mtdchar_readoob(file, mtd, buf.start, buf.length, 773 buf.ptr, &buf_user->start); 774 break; 775 } 776 777 case MEMWRITEOOB64: 778 { 779 struct mtd_oob_buf64 buf; 780 struct mtd_oob_buf64 __user *buf_user = argp; 781 782 if (copy_from_user(&buf, argp, sizeof(buf))) 783 ret = -EFAULT; 784 else 785 ret = mtdchar_writeoob(file, mtd, buf.start, buf.length, 786 (void __user *)(uintptr_t)buf.usr_ptr, 787 &buf_user->length); 788 break; 789 } 790 791 case MEMREADOOB64: 792 { 793 struct mtd_oob_buf64 buf; 794 struct mtd_oob_buf64 __user *buf_user = argp; 795 796 if (copy_from_user(&buf, argp, sizeof(buf))) 797 ret = -EFAULT; 798 else 799 ret = mtdchar_readoob(file, mtd, buf.start, buf.length, 800 (void __user *)(uintptr_t)buf.usr_ptr, 801 &buf_user->length); 802 break; 803 } 804 805 case MEMWRITE: 806 { 807 ret = mtdchar_write_ioctl(mtd, 808 (struct mtd_write_req __user *)arg); 809 break; 810 } 811 812 case MEMLOCK: 813 { 814 struct erase_info_user einfo; 815 816 if (copy_from_user(&einfo, argp, sizeof(einfo))) 817 return -EFAULT; 818 819 if (!mtd->lock) 820 ret = -EOPNOTSUPP; 821 else 822 ret = mtd_lock(mtd, einfo.start, einfo.length); 823 break; 824 } 825 826 case MEMUNLOCK: 827 { 828 struct erase_info_user einfo; 829 830 if (copy_from_user(&einfo, argp, sizeof(einfo))) 831 return -EFAULT; 832 833 if (!mtd->unlock) 834 ret = -EOPNOTSUPP; 835 else 836 ret = mtd_unlock(mtd, einfo.start, einfo.length); 837 break; 838 } 839 840 case MEMISLOCKED: 841 { 842 struct erase_info_user einfo; 843 844 if (copy_from_user(&einfo, argp, sizeof(einfo))) 845 return -EFAULT; 846 847 if (!mtd->is_locked) 848 ret = -EOPNOTSUPP; 849 else 850 ret = mtd_is_locked(mtd, einfo.start, einfo.length); 851 break; 852 } 853 854 /* Legacy interface */ 855 case MEMGETOOBSEL: 856 { 857 struct nand_oobinfo oi; 858 859 if (!mtd->ecclayout) 860 return -EOPNOTSUPP; 861 if (mtd->ecclayout->eccbytes > ARRAY_SIZE(oi.eccpos)) 862 return -EINVAL; 863 864 oi.useecc = MTD_NANDECC_AUTOPLACE; 865 memcpy(&oi.eccpos, mtd->ecclayout->eccpos, sizeof(oi.eccpos)); 866 memcpy(&oi.oobfree, mtd->ecclayout->oobfree, 867 sizeof(oi.oobfree)); 868 oi.eccbytes = mtd->ecclayout->eccbytes; 869 870 if (copy_to_user(argp, &oi, sizeof(struct nand_oobinfo))) 871 return -EFAULT; 872 break; 873 } 874 875 case MEMGETBADBLOCK: 876 { 877 loff_t offs; 878 879 if (copy_from_user(&offs, argp, sizeof(loff_t))) 880 return -EFAULT; 881 if (!mtd->block_isbad) 882 ret = -EOPNOTSUPP; 883 else 884 return mtd_block_isbad(mtd, offs); 885 break; 886 } 887 888 case MEMSETBADBLOCK: 889 { 890 loff_t offs; 891 892 if (copy_from_user(&offs, argp, sizeof(loff_t))) 893 return -EFAULT; 894 if (!mtd->block_markbad) 895 ret = -EOPNOTSUPP; 896 else 897 return mtd_block_markbad(mtd, offs); 898 break; 899 } 900 901 #ifdef CONFIG_HAVE_MTD_OTP 902 case OTPSELECT: 903 { 904 int mode; 905 if (copy_from_user(&mode, argp, sizeof(int))) 906 return -EFAULT; 907 908 mfi->mode = MTD_FILE_MODE_NORMAL; 909 910 ret = otp_select_filemode(mfi, mode); 911 912 file->f_pos = 0; 913 break; 914 } 915 916 case OTPGETREGIONCOUNT: 917 case OTPGETREGIONINFO: 918 { 919 struct otp_info *buf = kmalloc(4096, GFP_KERNEL); 920 if (!buf) 921 return -ENOMEM; 922 ret = -EOPNOTSUPP; 923 switch (mfi->mode) { 924 case MTD_FILE_MODE_OTP_FACTORY: 925 if (mtd->get_fact_prot_info) 926 ret = mtd_get_fact_prot_info(mtd, buf, 4096); 927 break; 928 case MTD_FILE_MODE_OTP_USER: 929 if (mtd->get_user_prot_info) 930 ret = mtd_get_user_prot_info(mtd, buf, 4096); 931 break; 932 default: 933 break; 934 } 935 if (ret >= 0) { 936 if (cmd == OTPGETREGIONCOUNT) { 937 int nbr = ret / sizeof(struct otp_info); 938 ret = copy_to_user(argp, &nbr, sizeof(int)); 939 } else 940 ret = copy_to_user(argp, buf, ret); 941 if (ret) 942 ret = -EFAULT; 943 } 944 kfree(buf); 945 break; 946 } 947 948 case OTPLOCK: 949 { 950 struct otp_info oinfo; 951 952 if (mfi->mode != MTD_FILE_MODE_OTP_USER) 953 return -EINVAL; 954 if (copy_from_user(&oinfo, argp, sizeof(oinfo))) 955 return -EFAULT; 956 if (!mtd->lock_user_prot_reg) 957 return -EOPNOTSUPP; 958 ret = mtd_lock_user_prot_reg(mtd, oinfo.start, oinfo.length); 959 break; 960 } 961 #endif 962 963 /* This ioctl is being deprecated - it truncates the ECC layout */ 964 case ECCGETLAYOUT: 965 { 966 struct nand_ecclayout_user *usrlay; 967 968 if (!mtd->ecclayout) 969 return -EOPNOTSUPP; 970 971 usrlay = kmalloc(sizeof(*usrlay), GFP_KERNEL); 972 if (!usrlay) 973 return -ENOMEM; 974 975 shrink_ecclayout(mtd->ecclayout, usrlay); 976 977 if (copy_to_user(argp, usrlay, sizeof(*usrlay))) 978 ret = -EFAULT; 979 kfree(usrlay); 980 break; 981 } 982 983 case ECCGETSTATS: 984 { 985 if (copy_to_user(argp, &mtd->ecc_stats, 986 sizeof(struct mtd_ecc_stats))) 987 return -EFAULT; 988 break; 989 } 990 991 case MTDFILEMODE: 992 { 993 mfi->mode = 0; 994 995 switch(arg) { 996 case MTD_FILE_MODE_OTP_FACTORY: 997 case MTD_FILE_MODE_OTP_USER: 998 ret = otp_select_filemode(mfi, arg); 999 break; 1000 1001 case MTD_FILE_MODE_RAW: 1002 if (!mtd_has_oob(mtd)) 1003 return -EOPNOTSUPP; 1004 mfi->mode = arg; 1005 1006 case MTD_FILE_MODE_NORMAL: 1007 break; 1008 default: 1009 ret = -EINVAL; 1010 } 1011 file->f_pos = 0; 1012 break; 1013 } 1014 1015 case BLKPG: 1016 { 1017 ret = mtdchar_blkpg_ioctl(mtd, 1018 (struct blkpg_ioctl_arg __user *)arg); 1019 break; 1020 } 1021 1022 case BLKRRPART: 1023 { 1024 /* No reread partition feature. Just return ok */ 1025 ret = 0; 1026 break; 1027 } 1028 1029 default: 1030 ret = -ENOTTY; 1031 } 1032 1033 return ret; 1034 } /* memory_ioctl */ 1035 1036 static long mtdchar_unlocked_ioctl(struct file *file, u_int cmd, u_long arg) 1037 { 1038 int ret; 1039 1040 mutex_lock(&mtd_mutex); 1041 ret = mtdchar_ioctl(file, cmd, arg); 1042 mutex_unlock(&mtd_mutex); 1043 1044 return ret; 1045 } 1046 1047 #ifdef CONFIG_COMPAT 1048 1049 struct mtd_oob_buf32 { 1050 u_int32_t start; 1051 u_int32_t length; 1052 compat_caddr_t ptr; /* unsigned char* */ 1053 }; 1054 1055 #define MEMWRITEOOB32 _IOWR('M', 3, struct mtd_oob_buf32) 1056 #define MEMREADOOB32 _IOWR('M', 4, struct mtd_oob_buf32) 1057 1058 static long mtdchar_compat_ioctl(struct file *file, unsigned int cmd, 1059 unsigned long arg) 1060 { 1061 struct mtd_file_info *mfi = file->private_data; 1062 struct mtd_info *mtd = mfi->mtd; 1063 void __user *argp = compat_ptr(arg); 1064 int ret = 0; 1065 1066 mutex_lock(&mtd_mutex); 1067 1068 switch (cmd) { 1069 case MEMWRITEOOB32: 1070 { 1071 struct mtd_oob_buf32 buf; 1072 struct mtd_oob_buf32 __user *buf_user = argp; 1073 1074 if (copy_from_user(&buf, argp, sizeof(buf))) 1075 ret = -EFAULT; 1076 else 1077 ret = mtdchar_writeoob(file, mtd, buf.start, 1078 buf.length, compat_ptr(buf.ptr), 1079 &buf_user->length); 1080 break; 1081 } 1082 1083 case MEMREADOOB32: 1084 { 1085 struct mtd_oob_buf32 buf; 1086 struct mtd_oob_buf32 __user *buf_user = argp; 1087 1088 /* NOTE: writes return length to buf->start */ 1089 if (copy_from_user(&buf, argp, sizeof(buf))) 1090 ret = -EFAULT; 1091 else 1092 ret = mtdchar_readoob(file, mtd, buf.start, 1093 buf.length, compat_ptr(buf.ptr), 1094 &buf_user->start); 1095 break; 1096 } 1097 default: 1098 ret = mtdchar_ioctl(file, cmd, (unsigned long)argp); 1099 } 1100 1101 mutex_unlock(&mtd_mutex); 1102 1103 return ret; 1104 } 1105 1106 #endif /* CONFIG_COMPAT */ 1107 1108 /* 1109 * try to determine where a shared mapping can be made 1110 * - only supported for NOMMU at the moment (MMU can't doesn't copy private 1111 * mappings) 1112 */ 1113 #ifndef CONFIG_MMU 1114 static unsigned long mtdchar_get_unmapped_area(struct file *file, 1115 unsigned long addr, 1116 unsigned long len, 1117 unsigned long pgoff, 1118 unsigned long flags) 1119 { 1120 struct mtd_file_info *mfi = file->private_data; 1121 struct mtd_info *mtd = mfi->mtd; 1122 unsigned long offset; 1123 int ret; 1124 1125 if (addr != 0) 1126 return (unsigned long) -EINVAL; 1127 1128 if (len > mtd->size || pgoff >= (mtd->size >> PAGE_SHIFT)) 1129 return (unsigned long) -EINVAL; 1130 1131 offset = pgoff << PAGE_SHIFT; 1132 if (offset > mtd->size - len) 1133 return (unsigned long) -EINVAL; 1134 1135 ret = mtd_get_unmapped_area(mtd, len, offset, flags); 1136 return ret == -EOPNOTSUPP ? -ENOSYS : ret; 1137 } 1138 #endif 1139 1140 /* 1141 * set up a mapping for shared memory segments 1142 */ 1143 static int mtdchar_mmap(struct file *file, struct vm_area_struct *vma) 1144 { 1145 #ifdef CONFIG_MMU 1146 struct mtd_file_info *mfi = file->private_data; 1147 struct mtd_info *mtd = mfi->mtd; 1148 struct map_info *map = mtd->priv; 1149 unsigned long start; 1150 unsigned long off; 1151 u32 len; 1152 1153 if (mtd->type == MTD_RAM || mtd->type == MTD_ROM) { 1154 off = vma->vm_pgoff << PAGE_SHIFT; 1155 start = map->phys; 1156 len = PAGE_ALIGN((start & ~PAGE_MASK) + map->size); 1157 start &= PAGE_MASK; 1158 if ((vma->vm_end - vma->vm_start + off) > len) 1159 return -EINVAL; 1160 1161 off += start; 1162 vma->vm_pgoff = off >> PAGE_SHIFT; 1163 vma->vm_flags |= VM_IO | VM_RESERVED; 1164 1165 #ifdef pgprot_noncached 1166 if (file->f_flags & O_DSYNC || off >= __pa(high_memory)) 1167 vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); 1168 #endif 1169 if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT, 1170 vma->vm_end - vma->vm_start, 1171 vma->vm_page_prot)) 1172 return -EAGAIN; 1173 1174 return 0; 1175 } 1176 return -ENOSYS; 1177 #else 1178 return vma->vm_flags & VM_SHARED ? 0 : -ENOSYS; 1179 #endif 1180 } 1181 1182 static const struct file_operations mtd_fops = { 1183 .owner = THIS_MODULE, 1184 .llseek = mtdchar_lseek, 1185 .read = mtdchar_read, 1186 .write = mtdchar_write, 1187 .unlocked_ioctl = mtdchar_unlocked_ioctl, 1188 #ifdef CONFIG_COMPAT 1189 .compat_ioctl = mtdchar_compat_ioctl, 1190 #endif 1191 .open = mtdchar_open, 1192 .release = mtdchar_close, 1193 .mmap = mtdchar_mmap, 1194 #ifndef CONFIG_MMU 1195 .get_unmapped_area = mtdchar_get_unmapped_area, 1196 #endif 1197 }; 1198 1199 static struct dentry *mtd_inodefs_mount(struct file_system_type *fs_type, 1200 int flags, const char *dev_name, void *data) 1201 { 1202 return mount_pseudo(fs_type, "mtd_inode:", NULL, NULL, MTD_INODE_FS_MAGIC); 1203 } 1204 1205 static struct file_system_type mtd_inodefs_type = { 1206 .name = "mtd_inodefs", 1207 .mount = mtd_inodefs_mount, 1208 .kill_sb = kill_anon_super, 1209 }; 1210 1211 static void mtdchar_notify_add(struct mtd_info *mtd) 1212 { 1213 } 1214 1215 static void mtdchar_notify_remove(struct mtd_info *mtd) 1216 { 1217 struct inode *mtd_ino = ilookup(mtd_inode_mnt->mnt_sb, mtd->index); 1218 1219 if (mtd_ino) { 1220 /* Destroy the inode if it exists */ 1221 clear_nlink(mtd_ino); 1222 iput(mtd_ino); 1223 } 1224 } 1225 1226 static struct mtd_notifier mtdchar_notifier = { 1227 .add = mtdchar_notify_add, 1228 .remove = mtdchar_notify_remove, 1229 }; 1230 1231 static int __init init_mtdchar(void) 1232 { 1233 int ret; 1234 1235 ret = __register_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, 1236 "mtd", &mtd_fops); 1237 if (ret < 0) { 1238 pr_notice("Can't allocate major number %d for " 1239 "Memory Technology Devices.\n", MTD_CHAR_MAJOR); 1240 return ret; 1241 } 1242 1243 ret = register_filesystem(&mtd_inodefs_type); 1244 if (ret) { 1245 pr_notice("Can't register mtd_inodefs filesystem: %d\n", ret); 1246 goto err_unregister_chdev; 1247 } 1248 1249 mtd_inode_mnt = kern_mount(&mtd_inodefs_type); 1250 if (IS_ERR(mtd_inode_mnt)) { 1251 ret = PTR_ERR(mtd_inode_mnt); 1252 pr_notice("Error mounting mtd_inodefs filesystem: %d\n", ret); 1253 goto err_unregister_filesystem; 1254 } 1255 register_mtd_user(&mtdchar_notifier); 1256 1257 return ret; 1258 1259 err_unregister_filesystem: 1260 unregister_filesystem(&mtd_inodefs_type); 1261 err_unregister_chdev: 1262 __unregister_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, "mtd"); 1263 return ret; 1264 } 1265 1266 static void __exit cleanup_mtdchar(void) 1267 { 1268 unregister_mtd_user(&mtdchar_notifier); 1269 kern_unmount(mtd_inode_mnt); 1270 unregister_filesystem(&mtd_inodefs_type); 1271 __unregister_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, "mtd"); 1272 } 1273 1274 module_init(init_mtdchar); 1275 module_exit(cleanup_mtdchar); 1276 1277 MODULE_ALIAS_CHARDEV_MAJOR(MTD_CHAR_MAJOR); 1278 1279 MODULE_LICENSE("GPL"); 1280 MODULE_AUTHOR("David Woodhouse <dwmw2@infradead.org>"); 1281 MODULE_DESCRIPTION("Direct character-device access to MTD devices"); 1282 MODULE_ALIAS_CHARDEV_MAJOR(MTD_CHAR_MAJOR); 1283