1 /* 2 * Copyright © 1999-2010 David Woodhouse <dwmw2@infradead.org> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation; either version 2 of the License, or 7 * (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, write to the Free Software 16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 17 * 18 */ 19 20 #include <linux/device.h> 21 #include <linux/fs.h> 22 #include <linux/mm.h> 23 #include <linux/err.h> 24 #include <linux/init.h> 25 #include <linux/kernel.h> 26 #include <linux/module.h> 27 #include <linux/slab.h> 28 #include <linux/sched.h> 29 #include <linux/mutex.h> 30 #include <linux/backing-dev.h> 31 #include <linux/compat.h> 32 #include <linux/mount.h> 33 #include <linux/blkpg.h> 34 #include <linux/mtd/mtd.h> 35 #include <linux/mtd/partitions.h> 36 #include <linux/mtd/map.h> 37 38 #include <asm/uaccess.h> 39 40 #define MTD_INODE_FS_MAGIC 0x11307854 41 static DEFINE_MUTEX(mtd_mutex); 42 static struct vfsmount *mtd_inode_mnt __read_mostly; 43 44 /* 45 * Data structure to hold the pointer to the mtd device as well 46 * as mode information of various use cases. 47 */ 48 struct mtd_file_info { 49 struct mtd_info *mtd; 50 struct inode *ino; 51 enum mtd_file_modes mode; 52 }; 53 54 static loff_t mtdchar_lseek(struct file *file, loff_t offset, int orig) 55 { 56 struct mtd_file_info *mfi = file->private_data; 57 struct mtd_info *mtd = mfi->mtd; 58 59 switch (orig) { 60 case SEEK_SET: 61 break; 62 case SEEK_CUR: 63 offset += file->f_pos; 64 break; 65 case SEEK_END: 66 offset += mtd->size; 67 break; 68 default: 69 return -EINVAL; 70 } 71 72 if (offset >= 0 && offset <= mtd->size) 73 return file->f_pos = offset; 74 75 return -EINVAL; 76 } 77 78 79 80 static int mtdchar_open(struct inode *inode, struct file *file) 81 { 82 int minor = iminor(inode); 83 int devnum = minor >> 1; 84 int ret = 0; 85 struct mtd_info *mtd; 86 struct mtd_file_info *mfi; 87 struct inode *mtd_ino; 88 89 pr_debug("MTD_open\n"); 90 91 /* You can't open the RO devices RW */ 92 if ((file->f_mode & FMODE_WRITE) && (minor & 1)) 93 return -EACCES; 94 95 mutex_lock(&mtd_mutex); 96 mtd = get_mtd_device(NULL, devnum); 97 98 if (IS_ERR(mtd)) { 99 ret = PTR_ERR(mtd); 100 goto out; 101 } 102 103 if (mtd->type == MTD_ABSENT) { 104 put_mtd_device(mtd); 105 ret = -ENODEV; 106 goto out; 107 } 108 109 mtd_ino = iget_locked(mtd_inode_mnt->mnt_sb, devnum); 110 if (!mtd_ino) { 111 put_mtd_device(mtd); 112 ret = -ENOMEM; 113 goto out; 114 } 115 if (mtd_ino->i_state & I_NEW) { 116 mtd_ino->i_private = mtd; 117 mtd_ino->i_mode = S_IFCHR; 118 mtd_ino->i_data.backing_dev_info = mtd->backing_dev_info; 119 unlock_new_inode(mtd_ino); 120 } 121 file->f_mapping = mtd_ino->i_mapping; 122 123 /* You can't open it RW if it's not a writeable device */ 124 if ((file->f_mode & FMODE_WRITE) && !(mtd->flags & MTD_WRITEABLE)) { 125 iput(mtd_ino); 126 put_mtd_device(mtd); 127 ret = -EACCES; 128 goto out; 129 } 130 131 mfi = kzalloc(sizeof(*mfi), GFP_KERNEL); 132 if (!mfi) { 133 iput(mtd_ino); 134 put_mtd_device(mtd); 135 ret = -ENOMEM; 136 goto out; 137 } 138 mfi->ino = mtd_ino; 139 mfi->mtd = mtd; 140 file->private_data = mfi; 141 142 out: 143 mutex_unlock(&mtd_mutex); 144 return ret; 145 } /* mtdchar_open */ 146 147 /*====================================================================*/ 148 149 static int mtdchar_close(struct inode *inode, struct file *file) 150 { 151 struct mtd_file_info *mfi = file->private_data; 152 struct mtd_info *mtd = mfi->mtd; 153 154 pr_debug("MTD_close\n"); 155 156 /* Only sync if opened RW */ 157 if ((file->f_mode & FMODE_WRITE)) 158 mtd_sync(mtd); 159 160 iput(mfi->ino); 161 162 put_mtd_device(mtd); 163 file->private_data = NULL; 164 kfree(mfi); 165 166 return 0; 167 } /* mtdchar_close */ 168 169 /* Back in June 2001, dwmw2 wrote: 170 * 171 * FIXME: This _really_ needs to die. In 2.5, we should lock the 172 * userspace buffer down and use it directly with readv/writev. 173 * 174 * The implementation below, using mtd_kmalloc_up_to, mitigates 175 * allocation failures when the system is under low-memory situations 176 * or if memory is highly fragmented at the cost of reducing the 177 * performance of the requested transfer due to a smaller buffer size. 178 * 179 * A more complex but more memory-efficient implementation based on 180 * get_user_pages and iovecs to cover extents of those pages is a 181 * longer-term goal, as intimated by dwmw2 above. However, for the 182 * write case, this requires yet more complex head and tail transfer 183 * handling when those head and tail offsets and sizes are such that 184 * alignment requirements are not met in the NAND subdriver. 185 */ 186 187 static ssize_t mtdchar_read(struct file *file, char __user *buf, size_t count, 188 loff_t *ppos) 189 { 190 struct mtd_file_info *mfi = file->private_data; 191 struct mtd_info *mtd = mfi->mtd; 192 size_t retlen; 193 size_t total_retlen=0; 194 int ret=0; 195 int len; 196 size_t size = count; 197 char *kbuf; 198 199 pr_debug("MTD_read\n"); 200 201 if (*ppos + count > mtd->size) 202 count = mtd->size - *ppos; 203 204 if (!count) 205 return 0; 206 207 kbuf = mtd_kmalloc_up_to(mtd, &size); 208 if (!kbuf) 209 return -ENOMEM; 210 211 while (count) { 212 len = min_t(size_t, count, size); 213 214 switch (mfi->mode) { 215 case MTD_FILE_MODE_OTP_FACTORY: 216 ret = mtd_read_fact_prot_reg(mtd, *ppos, len, 217 &retlen, kbuf); 218 break; 219 case MTD_FILE_MODE_OTP_USER: 220 ret = mtd_read_user_prot_reg(mtd, *ppos, len, 221 &retlen, kbuf); 222 break; 223 case MTD_FILE_MODE_RAW: 224 { 225 struct mtd_oob_ops ops; 226 227 ops.mode = MTD_OPS_RAW; 228 ops.datbuf = kbuf; 229 ops.oobbuf = NULL; 230 ops.len = len; 231 232 ret = mtd_read_oob(mtd, *ppos, &ops); 233 retlen = ops.retlen; 234 break; 235 } 236 default: 237 ret = mtd_read(mtd, *ppos, len, &retlen, kbuf); 238 } 239 /* Nand returns -EBADMSG on ECC errors, but it returns 240 * the data. For our userspace tools it is important 241 * to dump areas with ECC errors! 242 * For kernel internal usage it also might return -EUCLEAN 243 * to signal the caller that a bitflip has occurred and has 244 * been corrected by the ECC algorithm. 245 * Userspace software which accesses NAND this way 246 * must be aware of the fact that it deals with NAND 247 */ 248 if (!ret || mtd_is_bitflip_or_eccerr(ret)) { 249 *ppos += retlen; 250 if (copy_to_user(buf, kbuf, retlen)) { 251 kfree(kbuf); 252 return -EFAULT; 253 } 254 else 255 total_retlen += retlen; 256 257 count -= retlen; 258 buf += retlen; 259 if (retlen == 0) 260 count = 0; 261 } 262 else { 263 kfree(kbuf); 264 return ret; 265 } 266 267 } 268 269 kfree(kbuf); 270 return total_retlen; 271 } /* mtdchar_read */ 272 273 static ssize_t mtdchar_write(struct file *file, const char __user *buf, size_t count, 274 loff_t *ppos) 275 { 276 struct mtd_file_info *mfi = file->private_data; 277 struct mtd_info *mtd = mfi->mtd; 278 size_t size = count; 279 char *kbuf; 280 size_t retlen; 281 size_t total_retlen=0; 282 int ret=0; 283 int len; 284 285 pr_debug("MTD_write\n"); 286 287 if (*ppos == mtd->size) 288 return -ENOSPC; 289 290 if (*ppos + count > mtd->size) 291 count = mtd->size - *ppos; 292 293 if (!count) 294 return 0; 295 296 kbuf = mtd_kmalloc_up_to(mtd, &size); 297 if (!kbuf) 298 return -ENOMEM; 299 300 while (count) { 301 len = min_t(size_t, count, size); 302 303 if (copy_from_user(kbuf, buf, len)) { 304 kfree(kbuf); 305 return -EFAULT; 306 } 307 308 switch (mfi->mode) { 309 case MTD_FILE_MODE_OTP_FACTORY: 310 ret = -EROFS; 311 break; 312 case MTD_FILE_MODE_OTP_USER: 313 ret = mtd_write_user_prot_reg(mtd, *ppos, len, 314 &retlen, kbuf); 315 break; 316 317 case MTD_FILE_MODE_RAW: 318 { 319 struct mtd_oob_ops ops; 320 321 ops.mode = MTD_OPS_RAW; 322 ops.datbuf = kbuf; 323 ops.oobbuf = NULL; 324 ops.ooboffs = 0; 325 ops.len = len; 326 327 ret = mtd_write_oob(mtd, *ppos, &ops); 328 retlen = ops.retlen; 329 break; 330 } 331 332 default: 333 ret = mtd_write(mtd, *ppos, len, &retlen, kbuf); 334 } 335 if (!ret) { 336 *ppos += retlen; 337 total_retlen += retlen; 338 count -= retlen; 339 buf += retlen; 340 } 341 else { 342 kfree(kbuf); 343 return ret; 344 } 345 } 346 347 kfree(kbuf); 348 return total_retlen; 349 } /* mtdchar_write */ 350 351 /*====================================================================== 352 353 IOCTL calls for getting device parameters. 354 355 ======================================================================*/ 356 static void mtdchar_erase_callback (struct erase_info *instr) 357 { 358 wake_up((wait_queue_head_t *)instr->priv); 359 } 360 361 #ifdef CONFIG_HAVE_MTD_OTP 362 static int otp_select_filemode(struct mtd_file_info *mfi, int mode) 363 { 364 struct mtd_info *mtd = mfi->mtd; 365 size_t retlen; 366 int ret = 0; 367 368 /* 369 * Make a fake call to mtd_read_fact_prot_reg() to check if OTP 370 * operations are supported. 371 */ 372 if (mtd_read_fact_prot_reg(mtd, -1, -1, &retlen, NULL) == -EOPNOTSUPP) 373 return -EOPNOTSUPP; 374 375 switch (mode) { 376 case MTD_OTP_FACTORY: 377 mfi->mode = MTD_FILE_MODE_OTP_FACTORY; 378 break; 379 case MTD_OTP_USER: 380 mfi->mode = MTD_FILE_MODE_OTP_USER; 381 break; 382 default: 383 ret = -EINVAL; 384 case MTD_OTP_OFF: 385 break; 386 } 387 return ret; 388 } 389 #else 390 # define otp_select_filemode(f,m) -EOPNOTSUPP 391 #endif 392 393 static int mtdchar_writeoob(struct file *file, struct mtd_info *mtd, 394 uint64_t start, uint32_t length, void __user *ptr, 395 uint32_t __user *retp) 396 { 397 struct mtd_file_info *mfi = file->private_data; 398 struct mtd_oob_ops ops; 399 uint32_t retlen; 400 int ret = 0; 401 402 if (!(file->f_mode & FMODE_WRITE)) 403 return -EPERM; 404 405 if (length > 4096) 406 return -EINVAL; 407 408 if (!mtd->write_oob) 409 ret = -EOPNOTSUPP; 410 else 411 ret = access_ok(VERIFY_READ, ptr, length) ? 0 : -EFAULT; 412 413 if (ret) 414 return ret; 415 416 ops.ooblen = length; 417 ops.ooboffs = start & (mtd->writesize - 1); 418 ops.datbuf = NULL; 419 ops.mode = (mfi->mode == MTD_FILE_MODE_RAW) ? MTD_OPS_RAW : 420 MTD_OPS_PLACE_OOB; 421 422 if (ops.ooboffs && ops.ooblen > (mtd->oobsize - ops.ooboffs)) 423 return -EINVAL; 424 425 ops.oobbuf = memdup_user(ptr, length); 426 if (IS_ERR(ops.oobbuf)) 427 return PTR_ERR(ops.oobbuf); 428 429 start &= ~((uint64_t)mtd->writesize - 1); 430 ret = mtd_write_oob(mtd, start, &ops); 431 432 if (ops.oobretlen > 0xFFFFFFFFU) 433 ret = -EOVERFLOW; 434 retlen = ops.oobretlen; 435 if (copy_to_user(retp, &retlen, sizeof(length))) 436 ret = -EFAULT; 437 438 kfree(ops.oobbuf); 439 return ret; 440 } 441 442 static int mtdchar_readoob(struct file *file, struct mtd_info *mtd, 443 uint64_t start, uint32_t length, void __user *ptr, 444 uint32_t __user *retp) 445 { 446 struct mtd_file_info *mfi = file->private_data; 447 struct mtd_oob_ops ops; 448 int ret = 0; 449 450 if (length > 4096) 451 return -EINVAL; 452 453 if (!access_ok(VERIFY_WRITE, ptr, length)) 454 return -EFAULT; 455 456 ops.ooblen = length; 457 ops.ooboffs = start & (mtd->writesize - 1); 458 ops.datbuf = NULL; 459 ops.mode = (mfi->mode == MTD_FILE_MODE_RAW) ? MTD_OPS_RAW : 460 MTD_OPS_PLACE_OOB; 461 462 if (ops.ooboffs && ops.ooblen > (mtd->oobsize - ops.ooboffs)) 463 return -EINVAL; 464 465 ops.oobbuf = kmalloc(length, GFP_KERNEL); 466 if (!ops.oobbuf) 467 return -ENOMEM; 468 469 start &= ~((uint64_t)mtd->writesize - 1); 470 ret = mtd_read_oob(mtd, start, &ops); 471 472 if (put_user(ops.oobretlen, retp)) 473 ret = -EFAULT; 474 else if (ops.oobretlen && copy_to_user(ptr, ops.oobbuf, 475 ops.oobretlen)) 476 ret = -EFAULT; 477 478 kfree(ops.oobbuf); 479 480 /* 481 * NAND returns -EBADMSG on ECC errors, but it returns the OOB 482 * data. For our userspace tools it is important to dump areas 483 * with ECC errors! 484 * For kernel internal usage it also might return -EUCLEAN 485 * to signal the caller that a bitflip has occured and has 486 * been corrected by the ECC algorithm. 487 * 488 * Note: currently the standard NAND function, nand_read_oob_std, 489 * does not calculate ECC for the OOB area, so do not rely on 490 * this behavior unless you have replaced it with your own. 491 */ 492 if (mtd_is_bitflip_or_eccerr(ret)) 493 return 0; 494 495 return ret; 496 } 497 498 /* 499 * Copies (and truncates, if necessary) data from the larger struct, 500 * nand_ecclayout, to the smaller, deprecated layout struct, 501 * nand_ecclayout_user. This is necessary only to support the deprecated 502 * API ioctl ECCGETLAYOUT while allowing all new functionality to use 503 * nand_ecclayout flexibly (i.e. the struct may change size in new 504 * releases without requiring major rewrites). 505 */ 506 static int shrink_ecclayout(const struct nand_ecclayout *from, 507 struct nand_ecclayout_user *to) 508 { 509 int i; 510 511 if (!from || !to) 512 return -EINVAL; 513 514 memset(to, 0, sizeof(*to)); 515 516 to->eccbytes = min((int)from->eccbytes, MTD_MAX_ECCPOS_ENTRIES); 517 for (i = 0; i < to->eccbytes; i++) 518 to->eccpos[i] = from->eccpos[i]; 519 520 for (i = 0; i < MTD_MAX_OOBFREE_ENTRIES; i++) { 521 if (from->oobfree[i].length == 0 && 522 from->oobfree[i].offset == 0) 523 break; 524 to->oobavail += from->oobfree[i].length; 525 to->oobfree[i] = from->oobfree[i]; 526 } 527 528 return 0; 529 } 530 531 static int mtdchar_blkpg_ioctl(struct mtd_info *mtd, 532 struct blkpg_ioctl_arg __user *arg) 533 { 534 struct blkpg_ioctl_arg a; 535 struct blkpg_partition p; 536 537 if (!capable(CAP_SYS_ADMIN)) 538 return -EPERM; 539 540 if (copy_from_user(&a, arg, sizeof(struct blkpg_ioctl_arg))) 541 return -EFAULT; 542 543 if (copy_from_user(&p, a.data, sizeof(struct blkpg_partition))) 544 return -EFAULT; 545 546 switch (a.op) { 547 case BLKPG_ADD_PARTITION: 548 549 /* Only master mtd device must be used to add partitions */ 550 if (mtd_is_partition(mtd)) 551 return -EINVAL; 552 553 return mtd_add_partition(mtd, p.devname, p.start, p.length); 554 555 case BLKPG_DEL_PARTITION: 556 557 if (p.pno < 0) 558 return -EINVAL; 559 560 return mtd_del_partition(mtd, p.pno); 561 562 default: 563 return -EINVAL; 564 } 565 } 566 567 static int mtdchar_write_ioctl(struct mtd_info *mtd, 568 struct mtd_write_req __user *argp) 569 { 570 struct mtd_write_req req; 571 struct mtd_oob_ops ops; 572 void __user *usr_data, *usr_oob; 573 int ret; 574 575 if (copy_from_user(&req, argp, sizeof(req)) || 576 !access_ok(VERIFY_READ, req.usr_data, req.len) || 577 !access_ok(VERIFY_READ, req.usr_oob, req.ooblen)) 578 return -EFAULT; 579 if (!mtd->write_oob) 580 return -EOPNOTSUPP; 581 582 ops.mode = req.mode; 583 ops.len = (size_t)req.len; 584 ops.ooblen = (size_t)req.ooblen; 585 ops.ooboffs = 0; 586 587 usr_data = (void __user *)(uintptr_t)req.usr_data; 588 usr_oob = (void __user *)(uintptr_t)req.usr_oob; 589 590 if (req.usr_data) { 591 ops.datbuf = memdup_user(usr_data, ops.len); 592 if (IS_ERR(ops.datbuf)) 593 return PTR_ERR(ops.datbuf); 594 } else { 595 ops.datbuf = NULL; 596 } 597 598 if (req.usr_oob) { 599 ops.oobbuf = memdup_user(usr_oob, ops.ooblen); 600 if (IS_ERR(ops.oobbuf)) { 601 kfree(ops.datbuf); 602 return PTR_ERR(ops.oobbuf); 603 } 604 } else { 605 ops.oobbuf = NULL; 606 } 607 608 ret = mtd_write_oob(mtd, (loff_t)req.start, &ops); 609 610 kfree(ops.datbuf); 611 kfree(ops.oobbuf); 612 613 return ret; 614 } 615 616 static int mtdchar_ioctl(struct file *file, u_int cmd, u_long arg) 617 { 618 struct mtd_file_info *mfi = file->private_data; 619 struct mtd_info *mtd = mfi->mtd; 620 void __user *argp = (void __user *)arg; 621 int ret = 0; 622 u_long size; 623 struct mtd_info_user info; 624 625 pr_debug("MTD_ioctl\n"); 626 627 size = (cmd & IOCSIZE_MASK) >> IOCSIZE_SHIFT; 628 if (cmd & IOC_IN) { 629 if (!access_ok(VERIFY_READ, argp, size)) 630 return -EFAULT; 631 } 632 if (cmd & IOC_OUT) { 633 if (!access_ok(VERIFY_WRITE, argp, size)) 634 return -EFAULT; 635 } 636 637 switch (cmd) { 638 case MEMGETREGIONCOUNT: 639 if (copy_to_user(argp, &(mtd->numeraseregions), sizeof(int))) 640 return -EFAULT; 641 break; 642 643 case MEMGETREGIONINFO: 644 { 645 uint32_t ur_idx; 646 struct mtd_erase_region_info *kr; 647 struct region_info_user __user *ur = argp; 648 649 if (get_user(ur_idx, &(ur->regionindex))) 650 return -EFAULT; 651 652 if (ur_idx >= mtd->numeraseregions) 653 return -EINVAL; 654 655 kr = &(mtd->eraseregions[ur_idx]); 656 657 if (put_user(kr->offset, &(ur->offset)) 658 || put_user(kr->erasesize, &(ur->erasesize)) 659 || put_user(kr->numblocks, &(ur->numblocks))) 660 return -EFAULT; 661 662 break; 663 } 664 665 case MEMGETINFO: 666 memset(&info, 0, sizeof(info)); 667 info.type = mtd->type; 668 info.flags = mtd->flags; 669 info.size = mtd->size; 670 info.erasesize = mtd->erasesize; 671 info.writesize = mtd->writesize; 672 info.oobsize = mtd->oobsize; 673 /* The below field is obsolete */ 674 info.padding = 0; 675 if (copy_to_user(argp, &info, sizeof(struct mtd_info_user))) 676 return -EFAULT; 677 break; 678 679 case MEMERASE: 680 case MEMERASE64: 681 { 682 struct erase_info *erase; 683 684 if(!(file->f_mode & FMODE_WRITE)) 685 return -EPERM; 686 687 erase=kzalloc(sizeof(struct erase_info),GFP_KERNEL); 688 if (!erase) 689 ret = -ENOMEM; 690 else { 691 wait_queue_head_t waitq; 692 DECLARE_WAITQUEUE(wait, current); 693 694 init_waitqueue_head(&waitq); 695 696 if (cmd == MEMERASE64) { 697 struct erase_info_user64 einfo64; 698 699 if (copy_from_user(&einfo64, argp, 700 sizeof(struct erase_info_user64))) { 701 kfree(erase); 702 return -EFAULT; 703 } 704 erase->addr = einfo64.start; 705 erase->len = einfo64.length; 706 } else { 707 struct erase_info_user einfo32; 708 709 if (copy_from_user(&einfo32, argp, 710 sizeof(struct erase_info_user))) { 711 kfree(erase); 712 return -EFAULT; 713 } 714 erase->addr = einfo32.start; 715 erase->len = einfo32.length; 716 } 717 erase->mtd = mtd; 718 erase->callback = mtdchar_erase_callback; 719 erase->priv = (unsigned long)&waitq; 720 721 /* 722 FIXME: Allow INTERRUPTIBLE. Which means 723 not having the wait_queue head on the stack. 724 725 If the wq_head is on the stack, and we 726 leave because we got interrupted, then the 727 wq_head is no longer there when the 728 callback routine tries to wake us up. 729 */ 730 ret = mtd_erase(mtd, erase); 731 if (!ret) { 732 set_current_state(TASK_UNINTERRUPTIBLE); 733 add_wait_queue(&waitq, &wait); 734 if (erase->state != MTD_ERASE_DONE && 735 erase->state != MTD_ERASE_FAILED) 736 schedule(); 737 remove_wait_queue(&waitq, &wait); 738 set_current_state(TASK_RUNNING); 739 740 ret = (erase->state == MTD_ERASE_FAILED)?-EIO:0; 741 } 742 kfree(erase); 743 } 744 break; 745 } 746 747 case MEMWRITEOOB: 748 { 749 struct mtd_oob_buf buf; 750 struct mtd_oob_buf __user *buf_user = argp; 751 752 /* NOTE: writes return length to buf_user->length */ 753 if (copy_from_user(&buf, argp, sizeof(buf))) 754 ret = -EFAULT; 755 else 756 ret = mtdchar_writeoob(file, mtd, buf.start, buf.length, 757 buf.ptr, &buf_user->length); 758 break; 759 } 760 761 case MEMREADOOB: 762 { 763 struct mtd_oob_buf buf; 764 struct mtd_oob_buf __user *buf_user = argp; 765 766 /* NOTE: writes return length to buf_user->start */ 767 if (copy_from_user(&buf, argp, sizeof(buf))) 768 ret = -EFAULT; 769 else 770 ret = mtdchar_readoob(file, mtd, buf.start, buf.length, 771 buf.ptr, &buf_user->start); 772 break; 773 } 774 775 case MEMWRITEOOB64: 776 { 777 struct mtd_oob_buf64 buf; 778 struct mtd_oob_buf64 __user *buf_user = argp; 779 780 if (copy_from_user(&buf, argp, sizeof(buf))) 781 ret = -EFAULT; 782 else 783 ret = mtdchar_writeoob(file, mtd, buf.start, buf.length, 784 (void __user *)(uintptr_t)buf.usr_ptr, 785 &buf_user->length); 786 break; 787 } 788 789 case MEMREADOOB64: 790 { 791 struct mtd_oob_buf64 buf; 792 struct mtd_oob_buf64 __user *buf_user = argp; 793 794 if (copy_from_user(&buf, argp, sizeof(buf))) 795 ret = -EFAULT; 796 else 797 ret = mtdchar_readoob(file, mtd, buf.start, buf.length, 798 (void __user *)(uintptr_t)buf.usr_ptr, 799 &buf_user->length); 800 break; 801 } 802 803 case MEMWRITE: 804 { 805 ret = mtdchar_write_ioctl(mtd, 806 (struct mtd_write_req __user *)arg); 807 break; 808 } 809 810 case MEMLOCK: 811 { 812 struct erase_info_user einfo; 813 814 if (copy_from_user(&einfo, argp, sizeof(einfo))) 815 return -EFAULT; 816 817 ret = mtd_lock(mtd, einfo.start, einfo.length); 818 break; 819 } 820 821 case MEMUNLOCK: 822 { 823 struct erase_info_user einfo; 824 825 if (copy_from_user(&einfo, argp, sizeof(einfo))) 826 return -EFAULT; 827 828 ret = mtd_unlock(mtd, einfo.start, einfo.length); 829 break; 830 } 831 832 case MEMISLOCKED: 833 { 834 struct erase_info_user einfo; 835 836 if (copy_from_user(&einfo, argp, sizeof(einfo))) 837 return -EFAULT; 838 839 ret = mtd_is_locked(mtd, einfo.start, einfo.length); 840 break; 841 } 842 843 /* Legacy interface */ 844 case MEMGETOOBSEL: 845 { 846 struct nand_oobinfo oi; 847 848 if (!mtd->ecclayout) 849 return -EOPNOTSUPP; 850 if (mtd->ecclayout->eccbytes > ARRAY_SIZE(oi.eccpos)) 851 return -EINVAL; 852 853 oi.useecc = MTD_NANDECC_AUTOPLACE; 854 memcpy(&oi.eccpos, mtd->ecclayout->eccpos, sizeof(oi.eccpos)); 855 memcpy(&oi.oobfree, mtd->ecclayout->oobfree, 856 sizeof(oi.oobfree)); 857 oi.eccbytes = mtd->ecclayout->eccbytes; 858 859 if (copy_to_user(argp, &oi, sizeof(struct nand_oobinfo))) 860 return -EFAULT; 861 break; 862 } 863 864 case MEMGETBADBLOCK: 865 { 866 loff_t offs; 867 868 if (copy_from_user(&offs, argp, sizeof(loff_t))) 869 return -EFAULT; 870 return mtd_block_isbad(mtd, offs); 871 break; 872 } 873 874 case MEMSETBADBLOCK: 875 { 876 loff_t offs; 877 878 if (copy_from_user(&offs, argp, sizeof(loff_t))) 879 return -EFAULT; 880 return mtd_block_markbad(mtd, offs); 881 break; 882 } 883 884 #ifdef CONFIG_HAVE_MTD_OTP 885 case OTPSELECT: 886 { 887 int mode; 888 if (copy_from_user(&mode, argp, sizeof(int))) 889 return -EFAULT; 890 891 mfi->mode = MTD_FILE_MODE_NORMAL; 892 893 ret = otp_select_filemode(mfi, mode); 894 895 file->f_pos = 0; 896 break; 897 } 898 899 case OTPGETREGIONCOUNT: 900 case OTPGETREGIONINFO: 901 { 902 struct otp_info *buf = kmalloc(4096, GFP_KERNEL); 903 if (!buf) 904 return -ENOMEM; 905 switch (mfi->mode) { 906 case MTD_FILE_MODE_OTP_FACTORY: 907 ret = mtd_get_fact_prot_info(mtd, buf, 4096); 908 break; 909 case MTD_FILE_MODE_OTP_USER: 910 ret = mtd_get_user_prot_info(mtd, buf, 4096); 911 break; 912 default: 913 ret = -EINVAL; 914 break; 915 } 916 if (ret >= 0) { 917 if (cmd == OTPGETREGIONCOUNT) { 918 int nbr = ret / sizeof(struct otp_info); 919 ret = copy_to_user(argp, &nbr, sizeof(int)); 920 } else 921 ret = copy_to_user(argp, buf, ret); 922 if (ret) 923 ret = -EFAULT; 924 } 925 kfree(buf); 926 break; 927 } 928 929 case OTPLOCK: 930 { 931 struct otp_info oinfo; 932 933 if (mfi->mode != MTD_FILE_MODE_OTP_USER) 934 return -EINVAL; 935 if (copy_from_user(&oinfo, argp, sizeof(oinfo))) 936 return -EFAULT; 937 ret = mtd_lock_user_prot_reg(mtd, oinfo.start, oinfo.length); 938 break; 939 } 940 #endif 941 942 /* This ioctl is being deprecated - it truncates the ECC layout */ 943 case ECCGETLAYOUT: 944 { 945 struct nand_ecclayout_user *usrlay; 946 947 if (!mtd->ecclayout) 948 return -EOPNOTSUPP; 949 950 usrlay = kmalloc(sizeof(*usrlay), GFP_KERNEL); 951 if (!usrlay) 952 return -ENOMEM; 953 954 shrink_ecclayout(mtd->ecclayout, usrlay); 955 956 if (copy_to_user(argp, usrlay, sizeof(*usrlay))) 957 ret = -EFAULT; 958 kfree(usrlay); 959 break; 960 } 961 962 case ECCGETSTATS: 963 { 964 if (copy_to_user(argp, &mtd->ecc_stats, 965 sizeof(struct mtd_ecc_stats))) 966 return -EFAULT; 967 break; 968 } 969 970 case MTDFILEMODE: 971 { 972 mfi->mode = 0; 973 974 switch(arg) { 975 case MTD_FILE_MODE_OTP_FACTORY: 976 case MTD_FILE_MODE_OTP_USER: 977 ret = otp_select_filemode(mfi, arg); 978 break; 979 980 case MTD_FILE_MODE_RAW: 981 if (!mtd_has_oob(mtd)) 982 return -EOPNOTSUPP; 983 mfi->mode = arg; 984 985 case MTD_FILE_MODE_NORMAL: 986 break; 987 default: 988 ret = -EINVAL; 989 } 990 file->f_pos = 0; 991 break; 992 } 993 994 case BLKPG: 995 { 996 ret = mtdchar_blkpg_ioctl(mtd, 997 (struct blkpg_ioctl_arg __user *)arg); 998 break; 999 } 1000 1001 case BLKRRPART: 1002 { 1003 /* No reread partition feature. Just return ok */ 1004 ret = 0; 1005 break; 1006 } 1007 1008 default: 1009 ret = -ENOTTY; 1010 } 1011 1012 return ret; 1013 } /* memory_ioctl */ 1014 1015 static long mtdchar_unlocked_ioctl(struct file *file, u_int cmd, u_long arg) 1016 { 1017 int ret; 1018 1019 mutex_lock(&mtd_mutex); 1020 ret = mtdchar_ioctl(file, cmd, arg); 1021 mutex_unlock(&mtd_mutex); 1022 1023 return ret; 1024 } 1025 1026 #ifdef CONFIG_COMPAT 1027 1028 struct mtd_oob_buf32 { 1029 u_int32_t start; 1030 u_int32_t length; 1031 compat_caddr_t ptr; /* unsigned char* */ 1032 }; 1033 1034 #define MEMWRITEOOB32 _IOWR('M', 3, struct mtd_oob_buf32) 1035 #define MEMREADOOB32 _IOWR('M', 4, struct mtd_oob_buf32) 1036 1037 static long mtdchar_compat_ioctl(struct file *file, unsigned int cmd, 1038 unsigned long arg) 1039 { 1040 struct mtd_file_info *mfi = file->private_data; 1041 struct mtd_info *mtd = mfi->mtd; 1042 void __user *argp = compat_ptr(arg); 1043 int ret = 0; 1044 1045 mutex_lock(&mtd_mutex); 1046 1047 switch (cmd) { 1048 case MEMWRITEOOB32: 1049 { 1050 struct mtd_oob_buf32 buf; 1051 struct mtd_oob_buf32 __user *buf_user = argp; 1052 1053 if (copy_from_user(&buf, argp, sizeof(buf))) 1054 ret = -EFAULT; 1055 else 1056 ret = mtdchar_writeoob(file, mtd, buf.start, 1057 buf.length, compat_ptr(buf.ptr), 1058 &buf_user->length); 1059 break; 1060 } 1061 1062 case MEMREADOOB32: 1063 { 1064 struct mtd_oob_buf32 buf; 1065 struct mtd_oob_buf32 __user *buf_user = argp; 1066 1067 /* NOTE: writes return length to buf->start */ 1068 if (copy_from_user(&buf, argp, sizeof(buf))) 1069 ret = -EFAULT; 1070 else 1071 ret = mtdchar_readoob(file, mtd, buf.start, 1072 buf.length, compat_ptr(buf.ptr), 1073 &buf_user->start); 1074 break; 1075 } 1076 default: 1077 ret = mtdchar_ioctl(file, cmd, (unsigned long)argp); 1078 } 1079 1080 mutex_unlock(&mtd_mutex); 1081 1082 return ret; 1083 } 1084 1085 #endif /* CONFIG_COMPAT */ 1086 1087 /* 1088 * try to determine where a shared mapping can be made 1089 * - only supported for NOMMU at the moment (MMU can't doesn't copy private 1090 * mappings) 1091 */ 1092 #ifndef CONFIG_MMU 1093 static unsigned long mtdchar_get_unmapped_area(struct file *file, 1094 unsigned long addr, 1095 unsigned long len, 1096 unsigned long pgoff, 1097 unsigned long flags) 1098 { 1099 struct mtd_file_info *mfi = file->private_data; 1100 struct mtd_info *mtd = mfi->mtd; 1101 unsigned long offset; 1102 int ret; 1103 1104 if (addr != 0) 1105 return (unsigned long) -EINVAL; 1106 1107 if (len > mtd->size || pgoff >= (mtd->size >> PAGE_SHIFT)) 1108 return (unsigned long) -EINVAL; 1109 1110 offset = pgoff << PAGE_SHIFT; 1111 if (offset > mtd->size - len) 1112 return (unsigned long) -EINVAL; 1113 1114 ret = mtd_get_unmapped_area(mtd, len, offset, flags); 1115 return ret == -EOPNOTSUPP ? -ENOSYS : ret; 1116 } 1117 #endif 1118 1119 /* 1120 * set up a mapping for shared memory segments 1121 */ 1122 static int mtdchar_mmap(struct file *file, struct vm_area_struct *vma) 1123 { 1124 #ifdef CONFIG_MMU 1125 struct mtd_file_info *mfi = file->private_data; 1126 struct mtd_info *mtd = mfi->mtd; 1127 struct map_info *map = mtd->priv; 1128 unsigned long start; 1129 unsigned long off; 1130 u32 len; 1131 1132 if (mtd->type == MTD_RAM || mtd->type == MTD_ROM) { 1133 off = vma->vm_pgoff << PAGE_SHIFT; 1134 start = map->phys; 1135 len = PAGE_ALIGN((start & ~PAGE_MASK) + map->size); 1136 start &= PAGE_MASK; 1137 if ((vma->vm_end - vma->vm_start + off) > len) 1138 return -EINVAL; 1139 1140 off += start; 1141 vma->vm_pgoff = off >> PAGE_SHIFT; 1142 vma->vm_flags |= VM_IO | VM_RESERVED; 1143 1144 #ifdef pgprot_noncached 1145 if (file->f_flags & O_DSYNC || off >= __pa(high_memory)) 1146 vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); 1147 #endif 1148 if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT, 1149 vma->vm_end - vma->vm_start, 1150 vma->vm_page_prot)) 1151 return -EAGAIN; 1152 1153 return 0; 1154 } 1155 return -ENOSYS; 1156 #else 1157 return vma->vm_flags & VM_SHARED ? 0 : -ENOSYS; 1158 #endif 1159 } 1160 1161 static const struct file_operations mtd_fops = { 1162 .owner = THIS_MODULE, 1163 .llseek = mtdchar_lseek, 1164 .read = mtdchar_read, 1165 .write = mtdchar_write, 1166 .unlocked_ioctl = mtdchar_unlocked_ioctl, 1167 #ifdef CONFIG_COMPAT 1168 .compat_ioctl = mtdchar_compat_ioctl, 1169 #endif 1170 .open = mtdchar_open, 1171 .release = mtdchar_close, 1172 .mmap = mtdchar_mmap, 1173 #ifndef CONFIG_MMU 1174 .get_unmapped_area = mtdchar_get_unmapped_area, 1175 #endif 1176 }; 1177 1178 static struct dentry *mtd_inodefs_mount(struct file_system_type *fs_type, 1179 int flags, const char *dev_name, void *data) 1180 { 1181 return mount_pseudo(fs_type, "mtd_inode:", NULL, NULL, MTD_INODE_FS_MAGIC); 1182 } 1183 1184 static struct file_system_type mtd_inodefs_type = { 1185 .name = "mtd_inodefs", 1186 .mount = mtd_inodefs_mount, 1187 .kill_sb = kill_anon_super, 1188 }; 1189 1190 static void mtdchar_notify_add(struct mtd_info *mtd) 1191 { 1192 } 1193 1194 static void mtdchar_notify_remove(struct mtd_info *mtd) 1195 { 1196 struct inode *mtd_ino = ilookup(mtd_inode_mnt->mnt_sb, mtd->index); 1197 1198 if (mtd_ino) { 1199 /* Destroy the inode if it exists */ 1200 clear_nlink(mtd_ino); 1201 iput(mtd_ino); 1202 } 1203 } 1204 1205 static struct mtd_notifier mtdchar_notifier = { 1206 .add = mtdchar_notify_add, 1207 .remove = mtdchar_notify_remove, 1208 }; 1209 1210 static int __init init_mtdchar(void) 1211 { 1212 int ret; 1213 1214 ret = __register_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, 1215 "mtd", &mtd_fops); 1216 if (ret < 0) { 1217 pr_notice("Can't allocate major number %d for " 1218 "Memory Technology Devices.\n", MTD_CHAR_MAJOR); 1219 return ret; 1220 } 1221 1222 ret = register_filesystem(&mtd_inodefs_type); 1223 if (ret) { 1224 pr_notice("Can't register mtd_inodefs filesystem: %d\n", ret); 1225 goto err_unregister_chdev; 1226 } 1227 1228 mtd_inode_mnt = kern_mount(&mtd_inodefs_type); 1229 if (IS_ERR(mtd_inode_mnt)) { 1230 ret = PTR_ERR(mtd_inode_mnt); 1231 pr_notice("Error mounting mtd_inodefs filesystem: %d\n", ret); 1232 goto err_unregister_filesystem; 1233 } 1234 register_mtd_user(&mtdchar_notifier); 1235 1236 return ret; 1237 1238 err_unregister_filesystem: 1239 unregister_filesystem(&mtd_inodefs_type); 1240 err_unregister_chdev: 1241 __unregister_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, "mtd"); 1242 return ret; 1243 } 1244 1245 static void __exit cleanup_mtdchar(void) 1246 { 1247 unregister_mtd_user(&mtdchar_notifier); 1248 kern_unmount(mtd_inode_mnt); 1249 unregister_filesystem(&mtd_inodefs_type); 1250 __unregister_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, "mtd"); 1251 } 1252 1253 module_init(init_mtdchar); 1254 module_exit(cleanup_mtdchar); 1255 1256 MODULE_ALIAS_CHARDEV_MAJOR(MTD_CHAR_MAJOR); 1257 1258 MODULE_LICENSE("GPL"); 1259 MODULE_AUTHOR("David Woodhouse <dwmw2@infradead.org>"); 1260 MODULE_DESCRIPTION("Direct character-device access to MTD devices"); 1261 MODULE_ALIAS_CHARDEV_MAJOR(MTD_CHAR_MAJOR); 1262