1 /* 2 * Copyright © 1999-2010 David Woodhouse <dwmw2@infradead.org> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation; either version 2 of the License, or 7 * (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, write to the Free Software 16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 17 * 18 */ 19 20 #include <linux/device.h> 21 #include <linux/fs.h> 22 #include <linux/mm.h> 23 #include <linux/err.h> 24 #include <linux/init.h> 25 #include <linux/kernel.h> 26 #include <linux/module.h> 27 #include <linux/slab.h> 28 #include <linux/sched.h> 29 #include <linux/mutex.h> 30 #include <linux/backing-dev.h> 31 #include <linux/compat.h> 32 #include <linux/mount.h> 33 #include <linux/blkpg.h> 34 #include <linux/magic.h> 35 #include <linux/mtd/mtd.h> 36 #include <linux/mtd/partitions.h> 37 #include <linux/mtd/map.h> 38 39 #include <asm/uaccess.h> 40 41 #include "mtdcore.h" 42 43 static DEFINE_MUTEX(mtd_mutex); 44 45 /* 46 * Data structure to hold the pointer to the mtd device as well 47 * as mode information of various use cases. 48 */ 49 struct mtd_file_info { 50 struct mtd_info *mtd; 51 struct inode *ino; 52 enum mtd_file_modes mode; 53 }; 54 55 static loff_t mtdchar_lseek(struct file *file, loff_t offset, int orig) 56 { 57 struct mtd_file_info *mfi = file->private_data; 58 struct mtd_info *mtd = mfi->mtd; 59 60 switch (orig) { 61 case SEEK_SET: 62 break; 63 case SEEK_CUR: 64 offset += file->f_pos; 65 break; 66 case SEEK_END: 67 offset += mtd->size; 68 break; 69 default: 70 return -EINVAL; 71 } 72 73 if (offset >= 0 && offset <= mtd->size) 74 return file->f_pos = offset; 75 76 return -EINVAL; 77 } 78 79 static int count; 80 static struct vfsmount *mnt; 81 static struct file_system_type mtd_inodefs_type; 82 83 static int mtdchar_open(struct inode *inode, struct file *file) 84 { 85 int minor = iminor(inode); 86 int devnum = minor >> 1; 87 int ret = 0; 88 struct mtd_info *mtd; 89 struct mtd_file_info *mfi; 90 struct inode *mtd_ino; 91 92 pr_debug("MTD_open\n"); 93 94 /* You can't open the RO devices RW */ 95 if ((file->f_mode & FMODE_WRITE) && (minor & 1)) 96 return -EACCES; 97 98 ret = simple_pin_fs(&mtd_inodefs_type, &mnt, &count); 99 if (ret) 100 return ret; 101 102 mutex_lock(&mtd_mutex); 103 mtd = get_mtd_device(NULL, devnum); 104 105 if (IS_ERR(mtd)) { 106 ret = PTR_ERR(mtd); 107 goto out; 108 } 109 110 if (mtd->type == MTD_ABSENT) { 111 ret = -ENODEV; 112 goto out1; 113 } 114 115 mtd_ino = iget_locked(mnt->mnt_sb, devnum); 116 if (!mtd_ino) { 117 ret = -ENOMEM; 118 goto out1; 119 } 120 if (mtd_ino->i_state & I_NEW) { 121 mtd_ino->i_private = mtd; 122 mtd_ino->i_mode = S_IFCHR; 123 mtd_ino->i_data.backing_dev_info = mtd->backing_dev_info; 124 unlock_new_inode(mtd_ino); 125 } 126 file->f_mapping = mtd_ino->i_mapping; 127 128 /* You can't open it RW if it's not a writeable device */ 129 if ((file->f_mode & FMODE_WRITE) && !(mtd->flags & MTD_WRITEABLE)) { 130 ret = -EACCES; 131 goto out2; 132 } 133 134 mfi = kzalloc(sizeof(*mfi), GFP_KERNEL); 135 if (!mfi) { 136 ret = -ENOMEM; 137 goto out2; 138 } 139 mfi->ino = mtd_ino; 140 mfi->mtd = mtd; 141 file->private_data = mfi; 142 mutex_unlock(&mtd_mutex); 143 return 0; 144 145 out2: 146 iput(mtd_ino); 147 out1: 148 put_mtd_device(mtd); 149 out: 150 mutex_unlock(&mtd_mutex); 151 simple_release_fs(&mnt, &count); 152 return ret; 153 } /* mtdchar_open */ 154 155 /*====================================================================*/ 156 157 static int mtdchar_close(struct inode *inode, struct file *file) 158 { 159 struct mtd_file_info *mfi = file->private_data; 160 struct mtd_info *mtd = mfi->mtd; 161 162 pr_debug("MTD_close\n"); 163 164 /* Only sync if opened RW */ 165 if ((file->f_mode & FMODE_WRITE)) 166 mtd_sync(mtd); 167 168 iput(mfi->ino); 169 170 put_mtd_device(mtd); 171 file->private_data = NULL; 172 kfree(mfi); 173 simple_release_fs(&mnt, &count); 174 175 return 0; 176 } /* mtdchar_close */ 177 178 /* Back in June 2001, dwmw2 wrote: 179 * 180 * FIXME: This _really_ needs to die. In 2.5, we should lock the 181 * userspace buffer down and use it directly with readv/writev. 182 * 183 * The implementation below, using mtd_kmalloc_up_to, mitigates 184 * allocation failures when the system is under low-memory situations 185 * or if memory is highly fragmented at the cost of reducing the 186 * performance of the requested transfer due to a smaller buffer size. 187 * 188 * A more complex but more memory-efficient implementation based on 189 * get_user_pages and iovecs to cover extents of those pages is a 190 * longer-term goal, as intimated by dwmw2 above. However, for the 191 * write case, this requires yet more complex head and tail transfer 192 * handling when those head and tail offsets and sizes are such that 193 * alignment requirements are not met in the NAND subdriver. 194 */ 195 196 static ssize_t mtdchar_read(struct file *file, char __user *buf, size_t count, 197 loff_t *ppos) 198 { 199 struct mtd_file_info *mfi = file->private_data; 200 struct mtd_info *mtd = mfi->mtd; 201 size_t retlen; 202 size_t total_retlen=0; 203 int ret=0; 204 int len; 205 size_t size = count; 206 char *kbuf; 207 208 pr_debug("MTD_read\n"); 209 210 if (*ppos + count > mtd->size) 211 count = mtd->size - *ppos; 212 213 if (!count) 214 return 0; 215 216 kbuf = mtd_kmalloc_up_to(mtd, &size); 217 if (!kbuf) 218 return -ENOMEM; 219 220 while (count) { 221 len = min_t(size_t, count, size); 222 223 switch (mfi->mode) { 224 case MTD_FILE_MODE_OTP_FACTORY: 225 ret = mtd_read_fact_prot_reg(mtd, *ppos, len, 226 &retlen, kbuf); 227 break; 228 case MTD_FILE_MODE_OTP_USER: 229 ret = mtd_read_user_prot_reg(mtd, *ppos, len, 230 &retlen, kbuf); 231 break; 232 case MTD_FILE_MODE_RAW: 233 { 234 struct mtd_oob_ops ops; 235 236 ops.mode = MTD_OPS_RAW; 237 ops.datbuf = kbuf; 238 ops.oobbuf = NULL; 239 ops.len = len; 240 241 ret = mtd_read_oob(mtd, *ppos, &ops); 242 retlen = ops.retlen; 243 break; 244 } 245 default: 246 ret = mtd_read(mtd, *ppos, len, &retlen, kbuf); 247 } 248 /* Nand returns -EBADMSG on ECC errors, but it returns 249 * the data. For our userspace tools it is important 250 * to dump areas with ECC errors! 251 * For kernel internal usage it also might return -EUCLEAN 252 * to signal the caller that a bitflip has occurred and has 253 * been corrected by the ECC algorithm. 254 * Userspace software which accesses NAND this way 255 * must be aware of the fact that it deals with NAND 256 */ 257 if (!ret || mtd_is_bitflip_or_eccerr(ret)) { 258 *ppos += retlen; 259 if (copy_to_user(buf, kbuf, retlen)) { 260 kfree(kbuf); 261 return -EFAULT; 262 } 263 else 264 total_retlen += retlen; 265 266 count -= retlen; 267 buf += retlen; 268 if (retlen == 0) 269 count = 0; 270 } 271 else { 272 kfree(kbuf); 273 return ret; 274 } 275 276 } 277 278 kfree(kbuf); 279 return total_retlen; 280 } /* mtdchar_read */ 281 282 static ssize_t mtdchar_write(struct file *file, const char __user *buf, size_t count, 283 loff_t *ppos) 284 { 285 struct mtd_file_info *mfi = file->private_data; 286 struct mtd_info *mtd = mfi->mtd; 287 size_t size = count; 288 char *kbuf; 289 size_t retlen; 290 size_t total_retlen=0; 291 int ret=0; 292 int len; 293 294 pr_debug("MTD_write\n"); 295 296 if (*ppos == mtd->size) 297 return -ENOSPC; 298 299 if (*ppos + count > mtd->size) 300 count = mtd->size - *ppos; 301 302 if (!count) 303 return 0; 304 305 kbuf = mtd_kmalloc_up_to(mtd, &size); 306 if (!kbuf) 307 return -ENOMEM; 308 309 while (count) { 310 len = min_t(size_t, count, size); 311 312 if (copy_from_user(kbuf, buf, len)) { 313 kfree(kbuf); 314 return -EFAULT; 315 } 316 317 switch (mfi->mode) { 318 case MTD_FILE_MODE_OTP_FACTORY: 319 ret = -EROFS; 320 break; 321 case MTD_FILE_MODE_OTP_USER: 322 ret = mtd_write_user_prot_reg(mtd, *ppos, len, 323 &retlen, kbuf); 324 break; 325 326 case MTD_FILE_MODE_RAW: 327 { 328 struct mtd_oob_ops ops; 329 330 ops.mode = MTD_OPS_RAW; 331 ops.datbuf = kbuf; 332 ops.oobbuf = NULL; 333 ops.ooboffs = 0; 334 ops.len = len; 335 336 ret = mtd_write_oob(mtd, *ppos, &ops); 337 retlen = ops.retlen; 338 break; 339 } 340 341 default: 342 ret = mtd_write(mtd, *ppos, len, &retlen, kbuf); 343 } 344 if (!ret) { 345 *ppos += retlen; 346 total_retlen += retlen; 347 count -= retlen; 348 buf += retlen; 349 } 350 else { 351 kfree(kbuf); 352 return ret; 353 } 354 } 355 356 kfree(kbuf); 357 return total_retlen; 358 } /* mtdchar_write */ 359 360 /*====================================================================== 361 362 IOCTL calls for getting device parameters. 363 364 ======================================================================*/ 365 static void mtdchar_erase_callback (struct erase_info *instr) 366 { 367 wake_up((wait_queue_head_t *)instr->priv); 368 } 369 370 static int otp_select_filemode(struct mtd_file_info *mfi, int mode) 371 { 372 struct mtd_info *mtd = mfi->mtd; 373 size_t retlen; 374 375 switch (mode) { 376 case MTD_OTP_FACTORY: 377 if (mtd_read_fact_prot_reg(mtd, -1, 0, &retlen, NULL) == 378 -EOPNOTSUPP) 379 return -EOPNOTSUPP; 380 381 mfi->mode = MTD_FILE_MODE_OTP_FACTORY; 382 break; 383 case MTD_OTP_USER: 384 if (mtd_read_user_prot_reg(mtd, -1, 0, &retlen, NULL) == 385 -EOPNOTSUPP) 386 return -EOPNOTSUPP; 387 388 mfi->mode = MTD_FILE_MODE_OTP_USER; 389 break; 390 case MTD_OTP_OFF: 391 mfi->mode = MTD_FILE_MODE_NORMAL; 392 break; 393 default: 394 return -EINVAL; 395 } 396 397 return 0; 398 } 399 400 static int mtdchar_writeoob(struct file *file, struct mtd_info *mtd, 401 uint64_t start, uint32_t length, void __user *ptr, 402 uint32_t __user *retp) 403 { 404 struct mtd_file_info *mfi = file->private_data; 405 struct mtd_oob_ops ops; 406 uint32_t retlen; 407 int ret = 0; 408 409 if (!(file->f_mode & FMODE_WRITE)) 410 return -EPERM; 411 412 if (length > 4096) 413 return -EINVAL; 414 415 if (!mtd->_write_oob) 416 ret = -EOPNOTSUPP; 417 else 418 ret = access_ok(VERIFY_READ, ptr, length) ? 0 : -EFAULT; 419 420 if (ret) 421 return ret; 422 423 ops.ooblen = length; 424 ops.ooboffs = start & (mtd->writesize - 1); 425 ops.datbuf = NULL; 426 ops.mode = (mfi->mode == MTD_FILE_MODE_RAW) ? MTD_OPS_RAW : 427 MTD_OPS_PLACE_OOB; 428 429 if (ops.ooboffs && ops.ooblen > (mtd->oobsize - ops.ooboffs)) 430 return -EINVAL; 431 432 ops.oobbuf = memdup_user(ptr, length); 433 if (IS_ERR(ops.oobbuf)) 434 return PTR_ERR(ops.oobbuf); 435 436 start &= ~((uint64_t)mtd->writesize - 1); 437 ret = mtd_write_oob(mtd, start, &ops); 438 439 if (ops.oobretlen > 0xFFFFFFFFU) 440 ret = -EOVERFLOW; 441 retlen = ops.oobretlen; 442 if (copy_to_user(retp, &retlen, sizeof(length))) 443 ret = -EFAULT; 444 445 kfree(ops.oobbuf); 446 return ret; 447 } 448 449 static int mtdchar_readoob(struct file *file, struct mtd_info *mtd, 450 uint64_t start, uint32_t length, void __user *ptr, 451 uint32_t __user *retp) 452 { 453 struct mtd_file_info *mfi = file->private_data; 454 struct mtd_oob_ops ops; 455 int ret = 0; 456 457 if (length > 4096) 458 return -EINVAL; 459 460 if (!access_ok(VERIFY_WRITE, ptr, length)) 461 return -EFAULT; 462 463 ops.ooblen = length; 464 ops.ooboffs = start & (mtd->writesize - 1); 465 ops.datbuf = NULL; 466 ops.mode = (mfi->mode == MTD_FILE_MODE_RAW) ? MTD_OPS_RAW : 467 MTD_OPS_PLACE_OOB; 468 469 if (ops.ooboffs && ops.ooblen > (mtd->oobsize - ops.ooboffs)) 470 return -EINVAL; 471 472 ops.oobbuf = kmalloc(length, GFP_KERNEL); 473 if (!ops.oobbuf) 474 return -ENOMEM; 475 476 start &= ~((uint64_t)mtd->writesize - 1); 477 ret = mtd_read_oob(mtd, start, &ops); 478 479 if (put_user(ops.oobretlen, retp)) 480 ret = -EFAULT; 481 else if (ops.oobretlen && copy_to_user(ptr, ops.oobbuf, 482 ops.oobretlen)) 483 ret = -EFAULT; 484 485 kfree(ops.oobbuf); 486 487 /* 488 * NAND returns -EBADMSG on ECC errors, but it returns the OOB 489 * data. For our userspace tools it is important to dump areas 490 * with ECC errors! 491 * For kernel internal usage it also might return -EUCLEAN 492 * to signal the caller that a bitflip has occured and has 493 * been corrected by the ECC algorithm. 494 * 495 * Note: currently the standard NAND function, nand_read_oob_std, 496 * does not calculate ECC for the OOB area, so do not rely on 497 * this behavior unless you have replaced it with your own. 498 */ 499 if (mtd_is_bitflip_or_eccerr(ret)) 500 return 0; 501 502 return ret; 503 } 504 505 /* 506 * Copies (and truncates, if necessary) data from the larger struct, 507 * nand_ecclayout, to the smaller, deprecated layout struct, 508 * nand_ecclayout_user. This is necessary only to support the deprecated 509 * API ioctl ECCGETLAYOUT while allowing all new functionality to use 510 * nand_ecclayout flexibly (i.e. the struct may change size in new 511 * releases without requiring major rewrites). 512 */ 513 static int shrink_ecclayout(const struct nand_ecclayout *from, 514 struct nand_ecclayout_user *to) 515 { 516 int i; 517 518 if (!from || !to) 519 return -EINVAL; 520 521 memset(to, 0, sizeof(*to)); 522 523 to->eccbytes = min((int)from->eccbytes, MTD_MAX_ECCPOS_ENTRIES); 524 for (i = 0; i < to->eccbytes; i++) 525 to->eccpos[i] = from->eccpos[i]; 526 527 for (i = 0; i < MTD_MAX_OOBFREE_ENTRIES; i++) { 528 if (from->oobfree[i].length == 0 && 529 from->oobfree[i].offset == 0) 530 break; 531 to->oobavail += from->oobfree[i].length; 532 to->oobfree[i] = from->oobfree[i]; 533 } 534 535 return 0; 536 } 537 538 static int mtdchar_blkpg_ioctl(struct mtd_info *mtd, 539 struct blkpg_ioctl_arg __user *arg) 540 { 541 struct blkpg_ioctl_arg a; 542 struct blkpg_partition p; 543 544 if (!capable(CAP_SYS_ADMIN)) 545 return -EPERM; 546 547 if (copy_from_user(&a, arg, sizeof(struct blkpg_ioctl_arg))) 548 return -EFAULT; 549 550 if (copy_from_user(&p, a.data, sizeof(struct blkpg_partition))) 551 return -EFAULT; 552 553 switch (a.op) { 554 case BLKPG_ADD_PARTITION: 555 556 /* Only master mtd device must be used to add partitions */ 557 if (mtd_is_partition(mtd)) 558 return -EINVAL; 559 560 return mtd_add_partition(mtd, p.devname, p.start, p.length); 561 562 case BLKPG_DEL_PARTITION: 563 564 if (p.pno < 0) 565 return -EINVAL; 566 567 return mtd_del_partition(mtd, p.pno); 568 569 default: 570 return -EINVAL; 571 } 572 } 573 574 static int mtdchar_write_ioctl(struct mtd_info *mtd, 575 struct mtd_write_req __user *argp) 576 { 577 struct mtd_write_req req; 578 struct mtd_oob_ops ops; 579 void __user *usr_data, *usr_oob; 580 int ret; 581 582 if (copy_from_user(&req, argp, sizeof(req)) || 583 !access_ok(VERIFY_READ, req.usr_data, req.len) || 584 !access_ok(VERIFY_READ, req.usr_oob, req.ooblen)) 585 return -EFAULT; 586 if (!mtd->_write_oob) 587 return -EOPNOTSUPP; 588 589 ops.mode = req.mode; 590 ops.len = (size_t)req.len; 591 ops.ooblen = (size_t)req.ooblen; 592 ops.ooboffs = 0; 593 594 usr_data = (void __user *)(uintptr_t)req.usr_data; 595 usr_oob = (void __user *)(uintptr_t)req.usr_oob; 596 597 if (req.usr_data) { 598 ops.datbuf = memdup_user(usr_data, ops.len); 599 if (IS_ERR(ops.datbuf)) 600 return PTR_ERR(ops.datbuf); 601 } else { 602 ops.datbuf = NULL; 603 } 604 605 if (req.usr_oob) { 606 ops.oobbuf = memdup_user(usr_oob, ops.ooblen); 607 if (IS_ERR(ops.oobbuf)) { 608 kfree(ops.datbuf); 609 return PTR_ERR(ops.oobbuf); 610 } 611 } else { 612 ops.oobbuf = NULL; 613 } 614 615 ret = mtd_write_oob(mtd, (loff_t)req.start, &ops); 616 617 kfree(ops.datbuf); 618 kfree(ops.oobbuf); 619 620 return ret; 621 } 622 623 static int mtdchar_ioctl(struct file *file, u_int cmd, u_long arg) 624 { 625 struct mtd_file_info *mfi = file->private_data; 626 struct mtd_info *mtd = mfi->mtd; 627 void __user *argp = (void __user *)arg; 628 int ret = 0; 629 u_long size; 630 struct mtd_info_user info; 631 632 pr_debug("MTD_ioctl\n"); 633 634 size = (cmd & IOCSIZE_MASK) >> IOCSIZE_SHIFT; 635 if (cmd & IOC_IN) { 636 if (!access_ok(VERIFY_READ, argp, size)) 637 return -EFAULT; 638 } 639 if (cmd & IOC_OUT) { 640 if (!access_ok(VERIFY_WRITE, argp, size)) 641 return -EFAULT; 642 } 643 644 switch (cmd) { 645 case MEMGETREGIONCOUNT: 646 if (copy_to_user(argp, &(mtd->numeraseregions), sizeof(int))) 647 return -EFAULT; 648 break; 649 650 case MEMGETREGIONINFO: 651 { 652 uint32_t ur_idx; 653 struct mtd_erase_region_info *kr; 654 struct region_info_user __user *ur = argp; 655 656 if (get_user(ur_idx, &(ur->regionindex))) 657 return -EFAULT; 658 659 if (ur_idx >= mtd->numeraseregions) 660 return -EINVAL; 661 662 kr = &(mtd->eraseregions[ur_idx]); 663 664 if (put_user(kr->offset, &(ur->offset)) 665 || put_user(kr->erasesize, &(ur->erasesize)) 666 || put_user(kr->numblocks, &(ur->numblocks))) 667 return -EFAULT; 668 669 break; 670 } 671 672 case MEMGETINFO: 673 memset(&info, 0, sizeof(info)); 674 info.type = mtd->type; 675 info.flags = mtd->flags; 676 info.size = mtd->size; 677 info.erasesize = mtd->erasesize; 678 info.writesize = mtd->writesize; 679 info.oobsize = mtd->oobsize; 680 /* The below field is obsolete */ 681 info.padding = 0; 682 if (copy_to_user(argp, &info, sizeof(struct mtd_info_user))) 683 return -EFAULT; 684 break; 685 686 case MEMERASE: 687 case MEMERASE64: 688 { 689 struct erase_info *erase; 690 691 if(!(file->f_mode & FMODE_WRITE)) 692 return -EPERM; 693 694 erase=kzalloc(sizeof(struct erase_info),GFP_KERNEL); 695 if (!erase) 696 ret = -ENOMEM; 697 else { 698 wait_queue_head_t waitq; 699 DECLARE_WAITQUEUE(wait, current); 700 701 init_waitqueue_head(&waitq); 702 703 if (cmd == MEMERASE64) { 704 struct erase_info_user64 einfo64; 705 706 if (copy_from_user(&einfo64, argp, 707 sizeof(struct erase_info_user64))) { 708 kfree(erase); 709 return -EFAULT; 710 } 711 erase->addr = einfo64.start; 712 erase->len = einfo64.length; 713 } else { 714 struct erase_info_user einfo32; 715 716 if (copy_from_user(&einfo32, argp, 717 sizeof(struct erase_info_user))) { 718 kfree(erase); 719 return -EFAULT; 720 } 721 erase->addr = einfo32.start; 722 erase->len = einfo32.length; 723 } 724 erase->mtd = mtd; 725 erase->callback = mtdchar_erase_callback; 726 erase->priv = (unsigned long)&waitq; 727 728 /* 729 FIXME: Allow INTERRUPTIBLE. Which means 730 not having the wait_queue head on the stack. 731 732 If the wq_head is on the stack, and we 733 leave because we got interrupted, then the 734 wq_head is no longer there when the 735 callback routine tries to wake us up. 736 */ 737 ret = mtd_erase(mtd, erase); 738 if (!ret) { 739 set_current_state(TASK_UNINTERRUPTIBLE); 740 add_wait_queue(&waitq, &wait); 741 if (erase->state != MTD_ERASE_DONE && 742 erase->state != MTD_ERASE_FAILED) 743 schedule(); 744 remove_wait_queue(&waitq, &wait); 745 set_current_state(TASK_RUNNING); 746 747 ret = (erase->state == MTD_ERASE_FAILED)?-EIO:0; 748 } 749 kfree(erase); 750 } 751 break; 752 } 753 754 case MEMWRITEOOB: 755 { 756 struct mtd_oob_buf buf; 757 struct mtd_oob_buf __user *buf_user = argp; 758 759 /* NOTE: writes return length to buf_user->length */ 760 if (copy_from_user(&buf, argp, sizeof(buf))) 761 ret = -EFAULT; 762 else 763 ret = mtdchar_writeoob(file, mtd, buf.start, buf.length, 764 buf.ptr, &buf_user->length); 765 break; 766 } 767 768 case MEMREADOOB: 769 { 770 struct mtd_oob_buf buf; 771 struct mtd_oob_buf __user *buf_user = argp; 772 773 /* NOTE: writes return length to buf_user->start */ 774 if (copy_from_user(&buf, argp, sizeof(buf))) 775 ret = -EFAULT; 776 else 777 ret = mtdchar_readoob(file, mtd, buf.start, buf.length, 778 buf.ptr, &buf_user->start); 779 break; 780 } 781 782 case MEMWRITEOOB64: 783 { 784 struct mtd_oob_buf64 buf; 785 struct mtd_oob_buf64 __user *buf_user = argp; 786 787 if (copy_from_user(&buf, argp, sizeof(buf))) 788 ret = -EFAULT; 789 else 790 ret = mtdchar_writeoob(file, mtd, buf.start, buf.length, 791 (void __user *)(uintptr_t)buf.usr_ptr, 792 &buf_user->length); 793 break; 794 } 795 796 case MEMREADOOB64: 797 { 798 struct mtd_oob_buf64 buf; 799 struct mtd_oob_buf64 __user *buf_user = argp; 800 801 if (copy_from_user(&buf, argp, sizeof(buf))) 802 ret = -EFAULT; 803 else 804 ret = mtdchar_readoob(file, mtd, buf.start, buf.length, 805 (void __user *)(uintptr_t)buf.usr_ptr, 806 &buf_user->length); 807 break; 808 } 809 810 case MEMWRITE: 811 { 812 ret = mtdchar_write_ioctl(mtd, 813 (struct mtd_write_req __user *)arg); 814 break; 815 } 816 817 case MEMLOCK: 818 { 819 struct erase_info_user einfo; 820 821 if (copy_from_user(&einfo, argp, sizeof(einfo))) 822 return -EFAULT; 823 824 ret = mtd_lock(mtd, einfo.start, einfo.length); 825 break; 826 } 827 828 case MEMUNLOCK: 829 { 830 struct erase_info_user einfo; 831 832 if (copy_from_user(&einfo, argp, sizeof(einfo))) 833 return -EFAULT; 834 835 ret = mtd_unlock(mtd, einfo.start, einfo.length); 836 break; 837 } 838 839 case MEMISLOCKED: 840 { 841 struct erase_info_user einfo; 842 843 if (copy_from_user(&einfo, argp, sizeof(einfo))) 844 return -EFAULT; 845 846 ret = mtd_is_locked(mtd, einfo.start, einfo.length); 847 break; 848 } 849 850 /* Legacy interface */ 851 case MEMGETOOBSEL: 852 { 853 struct nand_oobinfo oi; 854 855 if (!mtd->ecclayout) 856 return -EOPNOTSUPP; 857 if (mtd->ecclayout->eccbytes > ARRAY_SIZE(oi.eccpos)) 858 return -EINVAL; 859 860 oi.useecc = MTD_NANDECC_AUTOPLACE; 861 memcpy(&oi.eccpos, mtd->ecclayout->eccpos, sizeof(oi.eccpos)); 862 memcpy(&oi.oobfree, mtd->ecclayout->oobfree, 863 sizeof(oi.oobfree)); 864 oi.eccbytes = mtd->ecclayout->eccbytes; 865 866 if (copy_to_user(argp, &oi, sizeof(struct nand_oobinfo))) 867 return -EFAULT; 868 break; 869 } 870 871 case MEMGETBADBLOCK: 872 { 873 loff_t offs; 874 875 if (copy_from_user(&offs, argp, sizeof(loff_t))) 876 return -EFAULT; 877 return mtd_block_isbad(mtd, offs); 878 break; 879 } 880 881 case MEMSETBADBLOCK: 882 { 883 loff_t offs; 884 885 if (copy_from_user(&offs, argp, sizeof(loff_t))) 886 return -EFAULT; 887 return mtd_block_markbad(mtd, offs); 888 break; 889 } 890 891 case OTPSELECT: 892 { 893 int mode; 894 if (copy_from_user(&mode, argp, sizeof(int))) 895 return -EFAULT; 896 897 mfi->mode = MTD_FILE_MODE_NORMAL; 898 899 ret = otp_select_filemode(mfi, mode); 900 901 file->f_pos = 0; 902 break; 903 } 904 905 case OTPGETREGIONCOUNT: 906 case OTPGETREGIONINFO: 907 { 908 struct otp_info *buf = kmalloc(4096, GFP_KERNEL); 909 if (!buf) 910 return -ENOMEM; 911 switch (mfi->mode) { 912 case MTD_FILE_MODE_OTP_FACTORY: 913 ret = mtd_get_fact_prot_info(mtd, buf, 4096); 914 break; 915 case MTD_FILE_MODE_OTP_USER: 916 ret = mtd_get_user_prot_info(mtd, buf, 4096); 917 break; 918 default: 919 ret = -EINVAL; 920 break; 921 } 922 if (ret >= 0) { 923 if (cmd == OTPGETREGIONCOUNT) { 924 int nbr = ret / sizeof(struct otp_info); 925 ret = copy_to_user(argp, &nbr, sizeof(int)); 926 } else 927 ret = copy_to_user(argp, buf, ret); 928 if (ret) 929 ret = -EFAULT; 930 } 931 kfree(buf); 932 break; 933 } 934 935 case OTPLOCK: 936 { 937 struct otp_info oinfo; 938 939 if (mfi->mode != MTD_FILE_MODE_OTP_USER) 940 return -EINVAL; 941 if (copy_from_user(&oinfo, argp, sizeof(oinfo))) 942 return -EFAULT; 943 ret = mtd_lock_user_prot_reg(mtd, oinfo.start, oinfo.length); 944 break; 945 } 946 947 /* This ioctl is being deprecated - it truncates the ECC layout */ 948 case ECCGETLAYOUT: 949 { 950 struct nand_ecclayout_user *usrlay; 951 952 if (!mtd->ecclayout) 953 return -EOPNOTSUPP; 954 955 usrlay = kmalloc(sizeof(*usrlay), GFP_KERNEL); 956 if (!usrlay) 957 return -ENOMEM; 958 959 shrink_ecclayout(mtd->ecclayout, usrlay); 960 961 if (copy_to_user(argp, usrlay, sizeof(*usrlay))) 962 ret = -EFAULT; 963 kfree(usrlay); 964 break; 965 } 966 967 case ECCGETSTATS: 968 { 969 if (copy_to_user(argp, &mtd->ecc_stats, 970 sizeof(struct mtd_ecc_stats))) 971 return -EFAULT; 972 break; 973 } 974 975 case MTDFILEMODE: 976 { 977 mfi->mode = 0; 978 979 switch(arg) { 980 case MTD_FILE_MODE_OTP_FACTORY: 981 case MTD_FILE_MODE_OTP_USER: 982 ret = otp_select_filemode(mfi, arg); 983 break; 984 985 case MTD_FILE_MODE_RAW: 986 if (!mtd_has_oob(mtd)) 987 return -EOPNOTSUPP; 988 mfi->mode = arg; 989 990 case MTD_FILE_MODE_NORMAL: 991 break; 992 default: 993 ret = -EINVAL; 994 } 995 file->f_pos = 0; 996 break; 997 } 998 999 case BLKPG: 1000 { 1001 ret = mtdchar_blkpg_ioctl(mtd, 1002 (struct blkpg_ioctl_arg __user *)arg); 1003 break; 1004 } 1005 1006 case BLKRRPART: 1007 { 1008 /* No reread partition feature. Just return ok */ 1009 ret = 0; 1010 break; 1011 } 1012 1013 default: 1014 ret = -ENOTTY; 1015 } 1016 1017 return ret; 1018 } /* memory_ioctl */ 1019 1020 static long mtdchar_unlocked_ioctl(struct file *file, u_int cmd, u_long arg) 1021 { 1022 int ret; 1023 1024 mutex_lock(&mtd_mutex); 1025 ret = mtdchar_ioctl(file, cmd, arg); 1026 mutex_unlock(&mtd_mutex); 1027 1028 return ret; 1029 } 1030 1031 #ifdef CONFIG_COMPAT 1032 1033 struct mtd_oob_buf32 { 1034 u_int32_t start; 1035 u_int32_t length; 1036 compat_caddr_t ptr; /* unsigned char* */ 1037 }; 1038 1039 #define MEMWRITEOOB32 _IOWR('M', 3, struct mtd_oob_buf32) 1040 #define MEMREADOOB32 _IOWR('M', 4, struct mtd_oob_buf32) 1041 1042 static long mtdchar_compat_ioctl(struct file *file, unsigned int cmd, 1043 unsigned long arg) 1044 { 1045 struct mtd_file_info *mfi = file->private_data; 1046 struct mtd_info *mtd = mfi->mtd; 1047 void __user *argp = compat_ptr(arg); 1048 int ret = 0; 1049 1050 mutex_lock(&mtd_mutex); 1051 1052 switch (cmd) { 1053 case MEMWRITEOOB32: 1054 { 1055 struct mtd_oob_buf32 buf; 1056 struct mtd_oob_buf32 __user *buf_user = argp; 1057 1058 if (copy_from_user(&buf, argp, sizeof(buf))) 1059 ret = -EFAULT; 1060 else 1061 ret = mtdchar_writeoob(file, mtd, buf.start, 1062 buf.length, compat_ptr(buf.ptr), 1063 &buf_user->length); 1064 break; 1065 } 1066 1067 case MEMREADOOB32: 1068 { 1069 struct mtd_oob_buf32 buf; 1070 struct mtd_oob_buf32 __user *buf_user = argp; 1071 1072 /* NOTE: writes return length to buf->start */ 1073 if (copy_from_user(&buf, argp, sizeof(buf))) 1074 ret = -EFAULT; 1075 else 1076 ret = mtdchar_readoob(file, mtd, buf.start, 1077 buf.length, compat_ptr(buf.ptr), 1078 &buf_user->start); 1079 break; 1080 } 1081 default: 1082 ret = mtdchar_ioctl(file, cmd, (unsigned long)argp); 1083 } 1084 1085 mutex_unlock(&mtd_mutex); 1086 1087 return ret; 1088 } 1089 1090 #endif /* CONFIG_COMPAT */ 1091 1092 /* 1093 * try to determine where a shared mapping can be made 1094 * - only supported for NOMMU at the moment (MMU can't doesn't copy private 1095 * mappings) 1096 */ 1097 #ifndef CONFIG_MMU 1098 static unsigned long mtdchar_get_unmapped_area(struct file *file, 1099 unsigned long addr, 1100 unsigned long len, 1101 unsigned long pgoff, 1102 unsigned long flags) 1103 { 1104 struct mtd_file_info *mfi = file->private_data; 1105 struct mtd_info *mtd = mfi->mtd; 1106 unsigned long offset; 1107 int ret; 1108 1109 if (addr != 0) 1110 return (unsigned long) -EINVAL; 1111 1112 if (len > mtd->size || pgoff >= (mtd->size >> PAGE_SHIFT)) 1113 return (unsigned long) -EINVAL; 1114 1115 offset = pgoff << PAGE_SHIFT; 1116 if (offset > mtd->size - len) 1117 return (unsigned long) -EINVAL; 1118 1119 ret = mtd_get_unmapped_area(mtd, len, offset, flags); 1120 return ret == -EOPNOTSUPP ? -ENOSYS : ret; 1121 } 1122 #endif 1123 1124 /* 1125 * set up a mapping for shared memory segments 1126 */ 1127 static int mtdchar_mmap(struct file *file, struct vm_area_struct *vma) 1128 { 1129 #ifdef CONFIG_MMU 1130 struct mtd_file_info *mfi = file->private_data; 1131 struct mtd_info *mtd = mfi->mtd; 1132 struct map_info *map = mtd->priv; 1133 1134 /* This is broken because it assumes the MTD device is map-based 1135 and that mtd->priv is a valid struct map_info. It should be 1136 replaced with something that uses the mtd_get_unmapped_area() 1137 operation properly. */ 1138 if (0 /*mtd->type == MTD_RAM || mtd->type == MTD_ROM*/) { 1139 #ifdef pgprot_noncached 1140 if (file->f_flags & O_DSYNC || map->phys >= __pa(high_memory)) 1141 vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); 1142 #endif 1143 return vm_iomap_memory(vma, map->phys, map->size); 1144 } 1145 return -ENOSYS; 1146 #else 1147 return vma->vm_flags & VM_SHARED ? 0 : -ENOSYS; 1148 #endif 1149 } 1150 1151 static const struct file_operations mtd_fops = { 1152 .owner = THIS_MODULE, 1153 .llseek = mtdchar_lseek, 1154 .read = mtdchar_read, 1155 .write = mtdchar_write, 1156 .unlocked_ioctl = mtdchar_unlocked_ioctl, 1157 #ifdef CONFIG_COMPAT 1158 .compat_ioctl = mtdchar_compat_ioctl, 1159 #endif 1160 .open = mtdchar_open, 1161 .release = mtdchar_close, 1162 .mmap = mtdchar_mmap, 1163 #ifndef CONFIG_MMU 1164 .get_unmapped_area = mtdchar_get_unmapped_area, 1165 #endif 1166 }; 1167 1168 static const struct super_operations mtd_ops = { 1169 .drop_inode = generic_delete_inode, 1170 .statfs = simple_statfs, 1171 }; 1172 1173 static struct dentry *mtd_inodefs_mount(struct file_system_type *fs_type, 1174 int flags, const char *dev_name, void *data) 1175 { 1176 return mount_pseudo(fs_type, "mtd_inode:", &mtd_ops, NULL, MTD_INODE_FS_MAGIC); 1177 } 1178 1179 static struct file_system_type mtd_inodefs_type = { 1180 .name = "mtd_inodefs", 1181 .mount = mtd_inodefs_mount, 1182 .kill_sb = kill_anon_super, 1183 }; 1184 MODULE_ALIAS_FS("mtd_inodefs"); 1185 1186 int __init init_mtdchar(void) 1187 { 1188 int ret; 1189 1190 ret = __register_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, 1191 "mtd", &mtd_fops); 1192 if (ret < 0) { 1193 pr_err("Can't allocate major number %d for MTD\n", 1194 MTD_CHAR_MAJOR); 1195 return ret; 1196 } 1197 1198 ret = register_filesystem(&mtd_inodefs_type); 1199 if (ret) { 1200 pr_err("Can't register mtd_inodefs filesystem, error %d\n", 1201 ret); 1202 goto err_unregister_chdev; 1203 } 1204 1205 return ret; 1206 1207 err_unregister_chdev: 1208 __unregister_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, "mtd"); 1209 return ret; 1210 } 1211 1212 void __exit cleanup_mtdchar(void) 1213 { 1214 unregister_filesystem(&mtd_inodefs_type); 1215 __unregister_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, "mtd"); 1216 } 1217 1218 MODULE_ALIAS_CHARDEV_MAJOR(MTD_CHAR_MAJOR); 1219