LXR linux/drivers/mtd/mtdchar.c

   1/*
   2 * Copyright © 1999-2010 David Woodhouse <dwmw2@infradead.org>
   3 *
   4 * This program is free software; you can redistribute it and/or modify
   5 * it under the terms of the GNU General Public License as published by
   6 * the Free Software Foundation; either version 2 of the License, or
   7 * (at your option) any later version.
   8 *
   9 * This program is distributed in the hope that it will be useful,
  10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 * GNU General Public License for more details.
  13 *
  14 * You should have received a copy of the GNU General Public License
  15 * along with this program; if not, write to the Free Software
  16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
  17 *
  18 */
  19
  20#include <linux/device.h>
  21#include <linux/fs.h>
  22#include <linux/mm.h>
  23#include <linux/err.h>
  24#include <linux/init.h>
  25#include <linux/kernel.h>
  26#include <linux/module.h>
  27#include <linux/slab.h>
  28#include <linux/sched.h>
  29#include <linux/mutex.h>
  30#include <linux/backing-dev.h>
  31#include <linux/compat.h>
  32#include <linux/mount.h>
  33#include <linux/blkpg.h>
  34#include <linux/mtd/mtd.h>
  35#include <linux/mtd/partitions.h>
  36#include <linux/mtd/map.h>
  37
  38#include <asm/uaccess.h>
  39
  40#define MTD_INODE_FS_MAGIC 0x11307854
  41static DEFINE_MUTEX(mtd_mutex);
  42static struct vfsmount *mtd_inode_mnt __read_mostly;
  43
  44/*
  45 * Data structure to hold the pointer to the mtd device as well
  46 * as mode information ofr various use cases.
  47 */
  48struct mtd_file_info {
  49        struct mtd_info *mtd;
  50        struct inode *ino;
  51        enum mtd_file_modes mode;
  52};
  53
  54static loff_t mtd_lseek (struct file *file, loff_t offset, int orig)
  55{
  56        struct mtd_file_info *mfi = file->private_data;
  57        struct mtd_info *mtd = mfi->mtd;
  58
  59        switch (orig) {
  60        case SEEK_SET:
  61                break;
  62        case SEEK_CUR:
  63                offset += file->f_pos;
  64                break;
  65        case SEEK_END:
  66                offset += mtd->size;
  67                break;
  68        default:
  69                return -EINVAL;
  70        }
  71
  72        if (offset >= 0 && offset <= mtd->size)
  73                return file->f_pos = offset;
  74
  75        return -EINVAL;
  76}
  77
  78
  79
  80static int mtd_open(struct inode *inode, struct file *file)
  81{
  82        int minor = iminor(inode);
  83        int devnum = minor >> 1;
  84        int ret = 0;
  85        struct mtd_info *mtd;
  86        struct mtd_file_info *mfi;
  87        struct inode *mtd_ino;
  88
  89        DEBUG(MTD_DEBUG_LEVEL0, "MTD_open\n");
  90
  91        /* You can't open the RO devices RW */
  92        if ((file->f_mode & FMODE_WRITE) && (minor & 1))
  93                return -EACCES;
  94
  95        mutex_lock(&mtd_mutex);
  96        mtd = get_mtd_device(NULL, devnum);
  97
  98        if (IS_ERR(mtd)) {
  99                ret = PTR_ERR(mtd);
 100                goto out;
 101        }
 102
 103        if (mtd->type == MTD_ABSENT) {
 104                put_mtd_device(mtd);
 105                ret = -ENODEV;
 106                goto out;
 107        }
 108
 109        mtd_ino = iget_locked(mtd_inode_mnt->mnt_sb, devnum);
 110        if (!mtd_ino) {
 111                put_mtd_device(mtd);
 112                ret = -ENOMEM;
 113                goto out;
 114        }
 115        if (mtd_ino->i_state & I_NEW) {
 116                mtd_ino->i_private = mtd;
 117                mtd_ino->i_mode = S_IFCHR;
 118                mtd_ino->i_data.backing_dev_info = mtd->backing_dev_info;
 119                unlock_new_inode(mtd_ino);
 120        }
 121        file->f_mapping = mtd_ino->i_mapping;
 122
 123        /* You can't open it RW if it's not a writeable device */
 124        if ((file->f_mode & FMODE_WRITE) && !(mtd->flags & MTD_WRITEABLE)) {
 125                iput(mtd_ino);
 126                put_mtd_device(mtd);
 127                ret = -EACCES;
 128                goto out;
 129        }
 130
 131        mfi = kzalloc(sizeof(*mfi), GFP_KERNEL);
 132        if (!mfi) {
 133                iput(mtd_ino);
 134                put_mtd_device(mtd);
 135                ret = -ENOMEM;
 136                goto out;
 137        }
 138        mfi->ino = mtd_ino;
 139        mfi->mtd = mtd;
 140        file->private_data = mfi;
 141
 142out:
 143        mutex_unlock(&mtd_mutex);
 144        return ret;
 145} /* mtd_open */
 146
 147/*====================================================================*/
 148
 149static int mtd_close(struct inode *inode, struct file *file)
 150{
 151        struct mtd_file_info *mfi = file->private_data;
 152        struct mtd_info *mtd = mfi->mtd;
 153
 154        DEBUG(MTD_DEBUG_LEVEL0, "MTD_close\n");
 155
 156        /* Only sync if opened RW */
 157        if ((file->f_mode & FMODE_WRITE) && mtd->sync)
 158                mtd->sync(mtd);
 159
 160        iput(mfi->ino);
 161
 162        put_mtd_device(mtd);
 163        file->private_data = NULL;
 164        kfree(mfi);
 165
 166        return 0;
 167} /* mtd_close */
 168
 169/* FIXME: This _really_ needs to die. In 2.5, we should lock the
 170   userspace buffer down and use it directly with readv/writev.
 171*/
 172#define MAX_KMALLOC_SIZE 0x20000
 173
 174static ssize_t mtd_read(struct file *file, char __user *buf, size_t count,loff_t *ppos)
 175{
 176        struct mtd_file_info *mfi = file->private_data;
 177        struct mtd_info *mtd = mfi->mtd;
 178        size_t retlen=0;
 179        size_t total_retlen=0;
 180        int ret=0;
 181        int len;
 182        char *kbuf;
 183
 184        DEBUG(MTD_DEBUG_LEVEL0,"MTD_read\n");
 185
 186        if (*ppos + count > mtd->size)
 187                count = mtd->size - *ppos;
 188
 189        if (!count)
 190                return 0;
 191
 192        /* FIXME: Use kiovec in 2.5 to lock down the user's buffers
 193           and pass them directly to the MTD functions */
 194
 195        if (count > MAX_KMALLOC_SIZE)
 196                kbuf=kmalloc(MAX_KMALLOC_SIZE, GFP_KERNEL);
 197        else
 198                kbuf=kmalloc(count, GFP_KERNEL);
 199
 200        if (!kbuf)
 201                return -ENOMEM;
 202
 203        while (count) {
 204
 205                if (count > MAX_KMALLOC_SIZE)
 206                        len = MAX_KMALLOC_SIZE;
 207                else
 208                        len = count;
 209
 210                switch (mfi->mode) {
 211                case MTD_MODE_OTP_FACTORY:
 212                        ret = mtd->read_fact_prot_reg(mtd, *ppos, len, &retlen, kbuf);
 213                        break;
 214                case MTD_MODE_OTP_USER:
 215                        ret = mtd->read_user_prot_reg(mtd, *ppos, len, &retlen, kbuf);
 216                        break;
 217                case MTD_MODE_RAW:
 218                {
 219                        struct mtd_oob_ops ops;
 220
 221                        ops.mode = MTD_OOB_RAW;
 222                        ops.datbuf = kbuf;
 223                        ops.oobbuf = NULL;
 224                        ops.len = len;
 225
 226                        ret = mtd->read_oob(mtd, *ppos, &ops);
 227                        retlen = ops.retlen;
 228                        break;
 229                }
 230                default:
 231                        ret = mtd->read(mtd, *ppos, len, &retlen, kbuf);
 232                }
 233                /* Nand returns -EBADMSG on ecc errors, but it returns
 234                 * the data. For our userspace tools it is important
 235                 * to dump areas with ecc errors !
 236                 * For kernel internal usage it also might return -EUCLEAN
 237                 * to signal the caller that a bitflip has occured and has
 238                 * been corrected by the ECC algorithm.
 239                 * Userspace software which accesses NAND this way
 240                 * must be aware of the fact that it deals with NAND
 241                 */
 242                if (!ret || (ret == -EUCLEAN) || (ret == -EBADMSG)) {
 243                        *ppos += retlen;
 244                        if (copy_to_user(buf, kbuf, retlen)) {
 245                                kfree(kbuf);
 246                                return -EFAULT;
 247                        }
 248                        else
 249                                total_retlen += retlen;
 250
 251                        count -= retlen;
 252                        buf += retlen;
 253                        if (retlen == 0)
 254                                count = 0;
 255                }
 256                else {
 257                        kfree(kbuf);
 258                        return ret;
 259                }
 260
 261        }
 262
 263        kfree(kbuf);
 264        return total_retlen;
 265} /* mtd_read */
 266
 267static ssize_t mtd_write(struct file *file, const char __user *buf, size_t count,loff_t *ppos)
 268{
 269        struct mtd_file_info *mfi = file->private_data;
 270        struct mtd_info *mtd = mfi->mtd;
 271        char *kbuf;
 272        size_t retlen;
 273        size_t total_retlen=0;
 274        int ret=0;
 275        int len;
 276
 277        DEBUG(MTD_DEBUG_LEVEL0,"MTD_write\n");
 278
 279        if (*ppos == mtd->size)
 280                return -ENOSPC;
 281
 282        if (*ppos + count > mtd->size)
 283                count = mtd->size - *ppos;
 284
 285        if (!count)
 286                return 0;
 287
 288        if (count > MAX_KMALLOC_SIZE)
 289                kbuf=kmalloc(MAX_KMALLOC_SIZE, GFP_KERNEL);
 290        else
 291                kbuf=kmalloc(count, GFP_KERNEL);
 292
 293        if (!kbuf)
 294                return -ENOMEM;
 295
 296        while (count) {
 297
 298                if (count > MAX_KMALLOC_SIZE)
 299                        len = MAX_KMALLOC_SIZE;
 300                else
 301                        len = count;
 302
 303                if (copy_from_user(kbuf, buf, len)) {
 304                        kfree(kbuf);
 305                        return -EFAULT;
 306                }
 307
 308                switch (mfi->mode) {
 309                case MTD_MODE_OTP_FACTORY:
 310                        ret = -EROFS;
 311                        break;
 312                case MTD_MODE_OTP_USER:
 313                        if (!mtd->write_user_prot_reg) {
 314                                ret = -EOPNOTSUPP;
 315                                break;
 316                        }
 317                        ret = mtd->write_user_prot_reg(mtd, *ppos, len, &retlen, kbuf);
 318                        break;
 319
 320                case MTD_MODE_RAW:
 321                {
 322                        struct mtd_oob_ops ops;
 323
 324                        ops.mode = MTD_OOB_RAW;
 325                        ops.datbuf = kbuf;
 326                        ops.oobbuf = NULL;
 327                        ops.len = len;
 328
 329                        ret = mtd->write_oob(mtd, *ppos, &ops);
 330                        retlen = ops.retlen;
 331                        break;
 332                }
 333
 334                default:
 335                        ret = (*(mtd->write))(mtd, *ppos, len, &retlen, kbuf);
 336                }
 337                if (!ret) {
 338                        *ppos += retlen;
 339                        total_retlen += retlen;
 340                        count -= retlen;
 341                        buf += retlen;
 342                }
 343                else {
 344                        kfree(kbuf);
 345                        return ret;
 346                }
 347        }
 348
 349        kfree(kbuf);
 350        return total_retlen;
 351} /* mtd_write */
 352
 353/*======================================================================
 354
 355    IOCTL calls for getting device parameters.
 356
 357======================================================================*/
 358static void mtdchar_erase_callback (struct erase_info *instr)
 359{
 360        wake_up((wait_queue_head_t *)instr->priv);
 361}
 362
 363#ifdef CONFIG_HAVE_MTD_OTP
 364static int otp_select_filemode(struct mtd_file_info *mfi, int mode)
 365{
 366        struct mtd_info *mtd = mfi->mtd;
 367        int ret = 0;
 368
 369        switch (mode) {
 370        case MTD_OTP_FACTORY:
 371                if (!mtd->read_fact_prot_reg)
 372                        ret = -EOPNOTSUPP;
 373                else
 374                        mfi->mode = MTD_MODE_OTP_FACTORY;
 375                break;
 376        case MTD_OTP_USER:
 377                if (!mtd->read_fact_prot_reg)
 378                        ret = -EOPNOTSUPP;
 379                else
 380                        mfi->mode = MTD_MODE_OTP_USER;
 381                break;
 382        default:
 383                ret = -EINVAL;
 384        case MTD_OTP_OFF:
 385                break;
 386        }
 387        return ret;
 388}
 389#else
 390# define otp_select_filemode(f,m)       -EOPNOTSUPP
 391#endif
 392
 393static int mtd_do_writeoob(struct file *file, struct mtd_info *mtd,
 394        uint64_t start, uint32_t length, void __user *ptr,
 395        uint32_t __user *retp)
 396{
 397        struct mtd_oob_ops ops;
 398        uint32_t retlen;
 399        int ret = 0;
 400
 401        if (!(file->f_mode & FMODE_WRITE))
 402                return -EPERM;
 403
 404        if (length > 4096)
 405                return -EINVAL;
 406
 407        if (!mtd->write_oob)
 408                ret = -EOPNOTSUPP;
 409        else
 410                ret = access_ok(VERIFY_READ, ptr, length) ? 0 : -EFAULT;
 411
 412        if (ret)
 413                return ret;
 414
 415        ops.ooblen = length;
 416        ops.ooboffs = start & (mtd->oobsize - 1);
 417        ops.datbuf = NULL;
 418        ops.mode = MTD_OOB_PLACE;
 419
 420        if (ops.ooboffs && ops.ooblen > (mtd->oobsize - ops.ooboffs))
 421                return -EINVAL;
 422
 423        ops.oobbuf = memdup_user(ptr, length);
 424        if (IS_ERR(ops.oobbuf))
 425                return PTR_ERR(ops.oobbuf);
 426
 427        start &= ~((uint64_t)mtd->oobsize - 1);
 428        ret = mtd->write_oob(mtd, start, &ops);
 429
 430        if (ops.oobretlen > 0xFFFFFFFFU)
 431                ret = -EOVERFLOW;
 432        retlen = ops.oobretlen;
 433        if (copy_to_user(retp, &retlen, sizeof(length)))
 434                ret = -EFAULT;
 435
 436        kfree(ops.oobbuf);
 437        return ret;
 438}
 439
 440static int mtd_do_readoob(struct mtd_info *mtd, uint64_t start,
 441        uint32_t length, void __user *ptr, uint32_t __user *retp)
 442{
 443        struct mtd_oob_ops ops;
 444        int ret = 0;
 445
 446        if (length > 4096)
 447                return -EINVAL;
 448
 449        if (!mtd->read_oob)
 450                ret = -EOPNOTSUPP;
 451        else
 452                ret = access_ok(VERIFY_WRITE, ptr,
 453                                length) ? 0 : -EFAULT;
 454        if (ret)
 455                return ret;
 456
 457        ops.ooblen = length;
 458        ops.ooboffs = start & (mtd->oobsize - 1);
 459        ops.datbuf = NULL;
 460        ops.mode = MTD_OOB_PLACE;
 461
 462        if (ops.ooboffs && ops.ooblen > (mtd->oobsize - ops.ooboffs))
 463                return -EINVAL;
 464
 465        ops.oobbuf = kmalloc(length, GFP_KERNEL);
 466        if (!ops.oobbuf)
 467                return -ENOMEM;
 468
 469        start &= ~((uint64_t)mtd->oobsize - 1);
 470        ret = mtd->read_oob(mtd, start, &ops);
 471
 472        if (put_user(ops.oobretlen, retp))
 473                ret = -EFAULT;
 474        else if (ops.oobretlen && copy_to_user(ptr, ops.oobbuf,
 475                                            ops.oobretlen))
 476                ret = -EFAULT;
 477
 478        kfree(ops.oobbuf);
 479        return ret;
 480}
 481
 482/*
 483 * Copies (and truncates, if necessary) data from the larger struct,
 484 * nand_ecclayout, to the smaller, deprecated layout struct,
 485 * nand_ecclayout_user. This is necessary only to suppport the deprecated
 486 * API ioctl ECCGETLAYOUT while allowing all new functionality to use
 487 * nand_ecclayout flexibly (i.e. the struct may change size in new
 488 * releases without requiring major rewrites).
 489 */
 490static int shrink_ecclayout(const struct nand_ecclayout *from,
 491                struct nand_ecclayout_user *to)
 492{
 493        int i;
 494
 495        if (!from || !to)
 496                return -EINVAL;
 497
 498        memset(to, 0, sizeof(*to));
 499
 500        to->eccbytes = min((int)from->eccbytes, MTD_MAX_ECCPOS_ENTRIES);
 501        for (i = 0; i < to->eccbytes; i++)
 502                to->eccpos[i] = from->eccpos[i];
 503
 504        for (i = 0; i < MTD_MAX_OOBFREE_ENTRIES; i++) {
 505                if (from->oobfree[i].length == 0 &&
 506                                from->oobfree[i].offset == 0)
 507                        break;
 508                to->oobavail += from->oobfree[i].length;
 509                to->oobfree[i] = from->oobfree[i];
 510        }
 511
 512        return 0;
 513}
 514
 515#ifdef CONFIG_MTD_PARTITIONS
 516static int mtd_blkpg_ioctl(struct mtd_info *mtd,
 517                           struct blkpg_ioctl_arg __user *arg)
 518{
 519        struct blkpg_ioctl_arg a;
 520        struct blkpg_partition p;
 521
 522        if (!capable(CAP_SYS_ADMIN))
 523                return -EPERM;
 524
 525        if (copy_from_user(&a, arg, sizeof(struct blkpg_ioctl_arg)))
 526                return -EFAULT;
 527
 528        if (copy_from_user(&p, a.data, sizeof(struct blkpg_partition)))
 529                return -EFAULT;
 530
 531        switch (a.op) {
 532        case BLKPG_ADD_PARTITION:
 533
 534                /* Only master mtd device must be used to add partitions */
 535                if (mtd_is_partition(mtd))
 536                        return -EINVAL;
 537
 538                return mtd_add_partition(mtd, p.devname, p.start, p.length);
 539
 540        case BLKPG_DEL_PARTITION:
 541
 542                if (p.pno < 0)
 543                        return -EINVAL;
 544
 545                return mtd_del_partition(mtd, p.pno);
 546
 547        default:
 548                return -EINVAL;
 549        }
 550}
 551#endif
 552
 553
 554static int mtd_ioctl(struct file *file, u_int cmd, u_long arg)
 555{
 556        struct mtd_file_info *mfi = file->private_data;
 557        struct mtd_info *mtd = mfi->mtd;
 558        void __user *argp = (void __user *)arg;
 559        int ret = 0;
 560        u_long size;
 561        struct mtd_info_user info;
 562
 563        DEBUG(MTD_DEBUG_LEVEL0, "MTD_ioctl\n");
 564
 565        size = (cmd & IOCSIZE_MASK) >> IOCSIZE_SHIFT;
 566        if (cmd & IOC_IN) {
 567                if (!access_ok(VERIFY_READ, argp, size))
 568                        return -EFAULT;
 569        }
 570        if (cmd & IOC_OUT) {
 571                if (!access_ok(VERIFY_WRITE, argp, size))
 572                        return -EFAULT;
 573        }
 574
 575        switch (cmd) {
 576        case MEMGETREGIONCOUNT:
 577                if (copy_to_user(argp, &(mtd->numeraseregions), sizeof(int)))
 578                        return -EFAULT;
 579                break;
 580
 581        case MEMGETREGIONINFO:
 582        {
 583                uint32_t ur_idx;
 584                struct mtd_erase_region_info *kr;
 585                struct region_info_user __user *ur = argp;
 586
 587                if (get_user(ur_idx, &(ur->regionindex)))
 588                        return -EFAULT;
 589
 590                if (ur_idx >= mtd->numeraseregions)
 591                        return -EINVAL;
 592
 593                kr = &(mtd->eraseregions[ur_idx]);
 594
 595                if (put_user(kr->offset, &(ur->offset))
 596                    || put_user(kr->erasesize, &(ur->erasesize))
 597                    || put_user(kr->numblocks, &(ur->numblocks)))
 598                        return -EFAULT;
 599
 600                break;
 601        }
 602
 603        case MEMGETINFO:
 604                memset(&info, 0, sizeof(info));
 605                info.type       = mtd->type;
 606                info.flags      = mtd->flags;
 607                info.size       = mtd->size;
 608                info.erasesize  = mtd->erasesize;
 609                info.writesize  = mtd->writesize;
 610                info.oobsize    = mtd->oobsize;
 611                /* The below fields are obsolete */
 612                info.ecctype    = -1;
 613                if (copy_to_user(argp, &info, sizeof(struct mtd_info_user)))
 614                        return -EFAULT;
 615                break;
 616
 617        case MEMERASE:
 618        case MEMERASE64:
 619        {
 620                struct erase_info *erase;
 621
 622                if(!(file->f_mode & FMODE_WRITE))
 623                        return -EPERM;
 624
 625                erase=kzalloc(sizeof(struct erase_info),GFP_KERNEL);
 626                if (!erase)
 627                        ret = -ENOMEM;
 628                else {
 629                        wait_queue_head_t waitq;
 630                        DECLARE_WAITQUEUE(wait, current);
 631
 632                        init_waitqueue_head(&waitq);
 633
 634                        if (cmd == MEMERASE64) {
 635                                struct erase_info_user64 einfo64;
 636
 637                                if (copy_from_user(&einfo64, argp,
 638                                            sizeof(struct erase_info_user64))) {
 639                                        kfree(erase);
 640                                        return -EFAULT;
 641                                }
 642                                erase->addr = einfo64.start;
 643                                erase->len = einfo64.length;
 644                        } else {
 645                                struct erase_info_user einfo32;
 646
 647                                if (copy_from_user(&einfo32, argp,
 648                                            sizeof(struct erase_info_user))) {
 649                                        kfree(erase);
 650                                        return -EFAULT;
 651                                }
 652                                erase->addr = einfo32.start;
 653                                erase->len = einfo32.length;
 654                        }
 655                        erase->mtd = mtd;
 656                        erase->callback = mtdchar_erase_callback;
 657                        erase->priv = (unsigned long)&waitq;
 658
 659                        /*
 660                          FIXME: Allow INTERRUPTIBLE. Which means
 661                          not having the wait_queue head on the stack.
 662
 663                          If the wq_head is on the stack, and we
 664                          leave because we got interrupted, then the
 665                          wq_head is no longer there when the
 666                          callback routine tries to wake us up.
 667                        */
 668                        ret = mtd->erase(mtd, erase);
 669                        if (!ret) {
 670                                set_current_state(TASK_UNINTERRUPTIBLE);
 671                                add_wait_queue(&waitq, &wait);
 672                                if (erase->state != MTD_ERASE_DONE &&
 673                                    erase->state != MTD_ERASE_FAILED)
 674                                        schedule();
 675                                remove_wait_queue(&waitq, &wait);
 676                                set_current_state(TASK_RUNNING);
 677
 678                                ret = (erase->state == MTD_ERASE_FAILED)?-EIO:0;
 679                        }
 680                        kfree(erase);
 681                }
 682                break;
 683        }
 684
 685        case MEMWRITEOOB:
 686        {
 687                struct mtd_oob_buf buf;
 688                struct mtd_oob_buf __user *buf_user = argp;
 689
 690                /* NOTE: writes return length to buf_user->length */
 691                if (copy_from_user(&buf, argp, sizeof(buf)))
 692                        ret = -EFAULT;
 693                else
 694                        ret = mtd_do_writeoob(file, mtd, buf.start, buf.length,
 695                                buf.ptr, &buf_user->length);
 696                break;
 697        }
 698
 699        case MEMREADOOB:
 700        {
 701                struct mtd_oob_buf buf;
 702                struct mtd_oob_buf __user *buf_user = argp;
 703
 704                /* NOTE: writes return length to buf_user->start */
 705                if (copy_from_user(&buf, argp, sizeof(buf)))
 706                        ret = -EFAULT;
 707                else
 708                        ret = mtd_do_readoob(mtd, buf.start, buf.length,
 709                                buf.ptr, &buf_user->start);
 710                break;
 711        }
 712
 713        case MEMWRITEOOB64:
 714        {
 715                struct mtd_oob_buf64 buf;
 716                struct mtd_oob_buf64 __user *buf_user = argp;
 717
 718                if (copy_from_user(&buf, argp, sizeof(buf)))
 719                        ret = -EFAULT;
 720                else
 721                        ret = mtd_do_writeoob(file, mtd, buf.start, buf.length,
 722                                (void __user *)(uintptr_t)buf.usr_ptr,
 723                                &buf_user->length);
 724                break;
 725        }
 726
 727        case MEMREADOOB64:
 728        {
 729                struct mtd_oob_buf64 buf;
 730                struct mtd_oob_buf64 __user *buf_user = argp;
 731
 732                if (copy_from_user(&buf, argp, sizeof(buf)))
 733                        ret = -EFAULT;
 734                else
 735                        ret = mtd_do_readoob(mtd, buf.start, buf.length,
 736                                (void __user *)(uintptr_t)buf.usr_ptr,
 737                                &buf_user->length);
 738                break;
 739        }
 740
 741        case MEMLOCK:
 742        {
 743                struct erase_info_user einfo;
 744
 745                if (copy_from_user(&einfo, argp, sizeof(einfo)))
 746                        return -EFAULT;
 747
 748                if (!mtd->lock)
 749                        ret = -EOPNOTSUPP;
 750                else
 751                        ret = mtd->lock(mtd, einfo.start, einfo.length);
 752                break;
 753        }
 754
 755        case MEMUNLOCK:
 756        {
 757                struct erase_info_user einfo;
 758
 759                if (copy_from_user(&einfo, argp, sizeof(einfo)))
 760                        return -EFAULT;
 761
 762                if (!mtd->unlock)
 763                        ret = -EOPNOTSUPP;
 764                else
 765                        ret = mtd->unlock(mtd, einfo.start, einfo.length);
 766                break;
 767        }
 768
 769        case MEMISLOCKED:
 770        {
 771                struct erase_info_user einfo;
 772
 773                if (copy_from_user(&einfo, argp, sizeof(einfo)))
 774                        return -EFAULT;
 775
 776                if (!mtd->is_locked)
 777                        ret = -EOPNOTSUPP;
 778                else
 779                        ret = mtd->is_locked(mtd, einfo.start, einfo.length);
 780                break;
 781        }
 782
 783        /* Legacy interface */
 784        case MEMGETOOBSEL:
 785        {
 786                struct nand_oobinfo oi;
 787
 788                if (!mtd->ecclayout)
 789                        return -EOPNOTSUPP;
 790                if (mtd->ecclayout->eccbytes > ARRAY_SIZE(oi.eccpos))
 791                        return -EINVAL;
 792
 793                oi.useecc = MTD_NANDECC_AUTOPLACE;
 794                memcpy(&oi.eccpos, mtd->ecclayout->eccpos, sizeof(oi.eccpos));
 795                memcpy(&oi.oobfree, mtd->ecclayout->oobfree,
 796                       sizeof(oi.oobfree));
 797                oi.eccbytes = mtd->ecclayout->eccbytes;
 798
 799                if (copy_to_user(argp, &oi, sizeof(struct nand_oobinfo)))
 800                        return -EFAULT;
 801                break;
 802        }
 803
 804        case MEMGETBADBLOCK:
 805        {
 806                loff_t offs;
 807
 808                if (copy_from_user(&offs, argp, sizeof(loff_t)))
 809                        return -EFAULT;
 810                if (!mtd->block_isbad)
 811                        ret = -EOPNOTSUPP;
 812                else
 813                        return mtd->block_isbad(mtd, offs);
 814                break;
 815        }
 816
 817        case MEMSETBADBLOCK:
 818        {
 819                loff_t offs;
 820
 821                if (copy_from_user(&offs, argp, sizeof(loff_t)))
 822                        return -EFAULT;
 823                if (!mtd->block_markbad)
 824                        ret = -EOPNOTSUPP;
 825                else
 826                        return mtd->block_markbad(mtd, offs);
 827                break;
 828        }
 829
 830#ifdef CONFIG_HAVE_MTD_OTP
 831        case OTPSELECT:
 832        {
 833                int mode;
 834                if (copy_from_user(&mode, argp, sizeof(int)))
 835                        return -EFAULT;
 836
 837                mfi->mode = MTD_MODE_NORMAL;
 838
 839                ret = otp_select_filemode(mfi, mode);
 840
 841                file->f_pos = 0;
 842                break;
 843        }
 844
 845        case OTPGETREGIONCOUNT:
 846        case OTPGETREGIONINFO:
 847        {
 848                struct otp_info *buf = kmalloc(4096, GFP_KERNEL);
 849                if (!buf)
 850                        return -ENOMEM;
 851                ret = -EOPNOTSUPP;
 852                switch (mfi->mode) {
 853                case MTD_MODE_OTP_FACTORY:
 854                        if (mtd->get_fact_prot_info)
 855                                ret = mtd->get_fact_prot_info(mtd, buf, 4096);
 856                        break;
 857                case MTD_MODE_OTP_USER:
 858                        if (mtd->get_user_prot_info)
 859                                ret = mtd->get_user_prot_info(mtd, buf, 4096);
 860                        break;
 861                default:
 862                        break;
 863                }
 864                if (ret >= 0) {
 865                        if (cmd == OTPGETREGIONCOUNT) {
 866                                int nbr = ret / sizeof(struct otp_info);
 867                                ret = copy_to_user(argp, &nbr, sizeof(int));
 868                        } else
 869                                ret = copy_to_user(argp, buf, ret);
 870                        if (ret)
 871                                ret = -EFAULT;
 872                }
 873                kfree(buf);
 874                break;
 875        }
 876
 877        case OTPLOCK:
 878        {
 879                struct otp_info oinfo;
 880
 881                if (mfi->mode != MTD_MODE_OTP_USER)
 882                        return -EINVAL;
 883                if (copy_from_user(&oinfo, argp, sizeof(oinfo)))
 884                        return -EFAULT;
 885                if (!mtd->lock_user_prot_reg)
 886                        return -EOPNOTSUPP;
 887                ret = mtd->lock_user_prot_reg(mtd, oinfo.start, oinfo.length);
 888                break;
 889        }
 890#endif
 891
 892        /* This ioctl is being deprecated - it truncates the ecc layout */
 893        case ECCGETLAYOUT:
 894        {
 895                struct nand_ecclayout_user *usrlay;
 896
 897                if (!mtd->ecclayout)
 898                        return -EOPNOTSUPP;
 899
 900                usrlay = kmalloc(sizeof(*usrlay), GFP_KERNEL);
 901                if (!usrlay)
 902                        return -ENOMEM;
 903
 904                shrink_ecclayout(mtd->ecclayout, usrlay);
 905
 906                if (copy_to_user(argp, usrlay, sizeof(*usrlay)))
 907                        ret = -EFAULT;
 908                kfree(usrlay);
 909                break;
 910        }
 911
 912        case ECCGETSTATS:
 913        {
 914                if (copy_to_user(argp, &mtd->ecc_stats,
 915                                 sizeof(struct mtd_ecc_stats)))
 916                        return -EFAULT;
 917                break;
 918        }
 919
 920        case MTDFILEMODE:
 921        {
 922                mfi->mode = 0;
 923
 924                switch(arg) {
 925                case MTD_MODE_OTP_FACTORY:
 926                case MTD_MODE_OTP_USER:
 927                        ret = otp_select_filemode(mfi, arg);
 928                        break;
 929
 930                case MTD_MODE_RAW:
 931                        if (!mtd->read_oob || !mtd->write_oob)
 932                                return -EOPNOTSUPP;
 933                        mfi->mode = arg;
 934
 935                case MTD_MODE_NORMAL:
 936                        break;
 937                default:
 938                        ret = -EINVAL;
 939                }
 940                file->f_pos = 0;
 941                break;
 942        }
 943
 944#ifdef CONFIG_MTD_PARTITIONS
 945        case BLKPG:
 946        {
 947                ret = mtd_blkpg_ioctl(mtd,
 948                      (struct blkpg_ioctl_arg __user *)arg);
 949                break;
 950        }
 951
 952        case BLKRRPART:
 953        {
 954                /* No reread partition feature. Just return ok */
 955                ret = 0;
 956                break;
 957        }
 958#endif
 959
 960        default:
 961                ret = -ENOTTY;
 962        }
 963
 964        return ret;
 965} /* memory_ioctl */
 966
 967static long mtd_unlocked_ioctl(struct file *file, u_int cmd, u_long arg)
 968{
 969        int ret;
 970
 971        mutex_lock(&mtd_mutex);
 972        ret = mtd_ioctl(file, cmd, arg);
 973        mutex_unlock(&mtd_mutex);
 974
 975        return ret;
 976}
 977
 978#ifdef CONFIG_COMPAT
 979
 980struct mtd_oob_buf32 {
 981        u_int32_t start;
 982        u_int32_t length;
 983        compat_caddr_t ptr;     /* unsigned char* */
 984};
 985
 986#define MEMWRITEOOB32           _IOWR('M', 3, struct mtd_oob_buf32)
 987#define MEMREADOOB32            _IOWR('M', 4, struct mtd_oob_buf32)
 988
 989static long mtd_compat_ioctl(struct file *file, unsigned int cmd,
 990        unsigned long arg)
 991{
 992        struct mtd_file_info *mfi = file->private_data;
 993        struct mtd_info *mtd = mfi->mtd;
 994        void __user *argp = compat_ptr(arg);
 995        int ret = 0;
 996
 997        mutex_lock(&mtd_mutex);
 998
 999        switch (cmd) {
1000        case MEMWRITEOOB32:

1001        {
1002                struct mtd_oob_buf32 buf;
1003                struct mtd_oob_buf32 __user *buf_user = argp;
1004
1005                if (copy_from_user(&buf, argp, sizeof(buf)))
1006                        ret = -EFAULT;
1007                else
1008                        ret = mtd_do_writeoob(file, mtd, buf.start,
1009                                buf.length, compat_ptr(buf.ptr),
1010                                &buf_user->length);
1011                break;
1012        }
1013
1014        case MEMREADOOB32:
1015        {
1016                struct mtd_oob_buf32 buf;
1017                struct mtd_oob_buf32 __user *buf_user = argp;
1018
1019                /* NOTE: writes return length to buf->start */
1020                if (copy_from_user(&buf, argp, sizeof(buf)))
1021                        ret = -EFAULT;
1022                else
1023                        ret = mtd_do_readoob(mtd, buf.start,
1024                                buf.length, compat_ptr(buf.ptr),
1025                                &buf_user->start);
1026                break;
1027        }
1028        default:
1029                ret = mtd_ioctl(file, cmd, (unsigned long)argp);
1030        }
1031
1032        mutex_unlock(&mtd_mutex);
1033
1034        return ret;
1035}
1036
1037#endif /* CONFIG_COMPAT */
1038
1039/*
1040 * try to determine where a shared mapping can be made
1041 * - only supported for NOMMU at the moment (MMU can't doesn't copy private
1042 *   mappings)
1043 */
1044#ifndef CONFIG_MMU
1045static unsigned long mtd_get_unmapped_area(struct file *file,
1046                                           unsigned long addr,
1047                                           unsigned long len,
1048                                           unsigned long pgoff,
1049                                           unsigned long flags)
1050{
1051        struct mtd_file_info *mfi = file->private_data;
1052        struct mtd_info *mtd = mfi->mtd;
1053
1054        if (mtd->get_unmapped_area) {
1055                unsigned long offset;
1056
1057                if (addr != 0)
1058                        return (unsigned long) -EINVAL;
1059
1060                if (len > mtd->size || pgoff >= (mtd->size >> PAGE_SHIFT))
1061                        return (unsigned long) -EINVAL;
1062
1063                offset = pgoff << PAGE_SHIFT;
1064                if (offset > mtd->size - len)
1065                        return (unsigned long) -EINVAL;
1066
1067                return mtd->get_unmapped_area(mtd, len, offset, flags);
1068        }
1069
1070        /* can't map directly */
1071        return (unsigned long) -ENOSYS;
1072}
1073#endif
1074
1075/*
1076 * set up a mapping for shared memory segments
1077 */
1078static int mtd_mmap(struct file *file, struct vm_area_struct *vma)
1079{
1080#ifdef CONFIG_MMU
1081        struct mtd_file_info *mfi = file->private_data;
1082        struct mtd_info *mtd = mfi->mtd;
1083        struct map_info *map = mtd->priv;
1084        unsigned long start;
1085        unsigned long off;
1086        u32 len;
1087
1088        if (mtd->type == MTD_RAM || mtd->type == MTD_ROM) {
1089                off = vma->vm_pgoff << PAGE_SHIFT;
1090                start = map->phys;
1091                len = PAGE_ALIGN((start & ~PAGE_MASK) + map->size);
1092                start &= PAGE_MASK;
1093                if ((vma->vm_end - vma->vm_start + off) > len)
1094                        return -EINVAL;
1095
1096                off += start;
1097                vma->vm_pgoff = off >> PAGE_SHIFT;
1098                vma->vm_flags |= VM_IO | VM_RESERVED;
1099
1100#ifdef pgprot_noncached
1101                if (file->f_flags & O_DSYNC || off >= __pa(high_memory))
1102                        vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
1103#endif
1104                if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
1105                                       vma->vm_end - vma->vm_start,
1106                                       vma->vm_page_prot))
1107                        return -EAGAIN;
1108
1109                return 0;
1110        }
1111        return -ENOSYS;
1112#else
1113        return vma->vm_flags & VM_SHARED ? 0 : -ENOSYS;
1114#endif
1115}
1116
1117static const struct file_operations mtd_fops = {
1118        .owner          = THIS_MODULE,
1119        .llseek         = mtd_lseek,
1120        .read           = mtd_read,
1121        .write          = mtd_write,
1122        .unlocked_ioctl = mtd_unlocked_ioctl,
1123#ifdef CONFIG_COMPAT
1124        .compat_ioctl   = mtd_compat_ioctl,
1125#endif
1126        .open           = mtd_open,
1127        .release        = mtd_close,
1128        .mmap           = mtd_mmap,
1129#ifndef CONFIG_MMU
1130        .get_unmapped_area = mtd_get_unmapped_area,
1131#endif
1132};
1133
1134static struct dentry *mtd_inodefs_mount(struct file_system_type *fs_type,
1135                                int flags, const char *dev_name, void *data)
1136{
1137        return mount_pseudo(fs_type, "mtd_inode:", NULL, NULL, MTD_INODE_FS_MAGIC);
1138}
1139
1140static struct file_system_type mtd_inodefs_type = {
1141       .name = "mtd_inodefs",
1142       .mount = mtd_inodefs_mount,
1143       .kill_sb = kill_anon_super,
1144};
1145
1146static void mtdchar_notify_add(struct mtd_info *mtd)
1147{
1148}
1149
1150static void mtdchar_notify_remove(struct mtd_info *mtd)
1151{
1152        struct inode *mtd_ino = ilookup(mtd_inode_mnt->mnt_sb, mtd->index);
1153
1154        if (mtd_ino) {
1155                /* Destroy the inode if it exists */
1156                mtd_ino->i_nlink = 0;
1157                iput(mtd_ino);
1158        }
1159}
1160
1161static struct mtd_notifier mtdchar_notifier = {
1162        .add = mtdchar_notify_add,
1163        .remove = mtdchar_notify_remove,
1164};
1165
1166static int __init init_mtdchar(void)
1167{
1168        int ret;
1169
1170        ret = __register_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS,
1171                                   "mtd", &mtd_fops);
1172        if (ret < 0) {
1173                pr_notice("Can't allocate major number %d for "
1174                                "Memory Technology Devices.\n", MTD_CHAR_MAJOR);
1175                return ret;
1176        }
1177
1178        ret = register_filesystem(&mtd_inodefs_type);
1179        if (ret) {
1180                pr_notice("Can't register mtd_inodefs filesystem: %d\n", ret);
1181                goto err_unregister_chdev;
1182        }
1183
1184        mtd_inode_mnt = kern_mount(&mtd_inodefs_type);
1185        if (IS_ERR(mtd_inode_mnt)) {
1186                ret = PTR_ERR(mtd_inode_mnt);
1187                pr_notice("Error mounting mtd_inodefs filesystem: %d\n", ret);
1188                goto err_unregister_filesystem;
1189        }
1190        register_mtd_user(&mtdchar_notifier);
1191
1192        return ret;
1193
1194err_unregister_filesystem:
1195        unregister_filesystem(&mtd_inodefs_type);
1196err_unregister_chdev:
1197        __unregister_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, "mtd");
1198        return ret;
1199}
1200
1201static void __exit cleanup_mtdchar(void)
1202{
1203        unregister_mtd_user(&mtdchar_notifier);
1204        mntput(mtd_inode_mnt);
1205        unregister_filesystem(&mtd_inodefs_type);
1206        __unregister_chrdev(MTD_CHAR_MAJOR, 0, 1 << MINORBITS, "mtd");
1207}
1208
1209module_init(init_mtdchar);
1210module_exit(cleanup_mtdchar);
1211
1212MODULE_ALIAS_CHARDEV_MAJOR(MTD_CHAR_MAJOR);
1213
1214MODULE_LICENSE("GPL");
1215MODULE_AUTHOR("David Woodhouse <dwmw2@infradead.org>");
1216MODULE_DESCRIPTION("Direct character-device access to MTD devices");
1217MODULE_ALIAS_CHARDEV_MAJOR(MTD_CHAR_MAJOR);
1218