summaryrefslogtreecommitdiffstats
path: root/drivers/mtd/mtdchar.c
Commit message (Collapse)AuthorAgeFilesLines
* mtdchar: add MEMREAD ioctlMichał Kępień2022-09-211-0/+139
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | User-space applications making use of MTD devices via /dev/mtd* character devices currently have limited capabilities for reading data: - only deprecated methods of accessing OOB layout information exist, - there is no way to explicitly specify MTD operation mode to use; it is auto-selected based on the MTD file mode (MTD_FILE_MODE_*) set for the character device; in particular, this prevents using MTD_OPS_AUTO_OOB for reads, - all existing user-space interfaces which cause mtd_read() or mtd_read_oob() to be called (via mtdchar_read() and mtdchar_read_oob(), respectively) return success even when those functions return -EUCLEAN or -EBADMSG; this renders user-space applications using these interfaces unaware of any corrected bitflips or uncorrectable ECC errors detected during reads. Note that the existing MEMWRITE ioctl allows the MTD operation mode to be explicitly set, allowing user-space applications to write page data and OOB data without requiring them to know anything about the OOB layout of the MTD device they are writing to (MTD_OPS_AUTO_OOB). Also, the MEMWRITE ioctl does not mangle the return value of mtd_write_oob(). Add a new ioctl, MEMREAD, which addresses the above issues. It is intended to be a read-side counterpart of the existing MEMWRITE ioctl. Similarly to the latter, the read operation is performed in a loop which processes at most mtd->erasesize bytes in each iteration. This is done to prevent unbounded memory allocations caused by calling kmalloc() with the 'size' argument taken directly from the struct mtd_read_req provided by user space. However, the new ioctl is implemented so that the values it returns match those that would have been returned if just a single mtd_read_oob() call was issued to handle the entire read operation in one go. Note that while just returning -EUCLEAN or -EBADMSG to user space would already be a valid and useful indication of the ECC algorithm detecting errors during a read operation, that signal would not be granular enough to cover all use cases. For example, knowing the maximum number of bitflips detected in a single ECC step during a read operation performed on a given page may be useful when dealing with an MTD partition whose ECC layout varies across pages (e.g. a partition consisting of a bootloader area using a "custom" ECC layout followed by data pages using a "standard" ECC layout). To address that, include ECC statistics in the structure returned to user space by the new MEMREAD ioctl. Link: https://www.infradead.org/pipermail/linux-mtd/2016-April/067085.html Suggested-by: Boris Brezillon <boris.brezillon@collabora.com> Signed-off-by: Michał Kępień <kernel@kempniu.pl> Acked-by: Richard Weinberger <richard@nod.at> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20220629125737.14418-5-kernel@kempniu.pl
* mtdchar: use kvmalloc() for potentially large allocationsMichał Kępień2022-06-091-5/+5
| | | | | | | | | | | | | | | mtdchar_write_ioctl() calls kmalloc() with the 'size' argument set to the smaller of two values: the write request's data/OOB length provided by user space and the erase block size of the MTD device. If the latter is large, kmalloc() may not be able to serve such allocation requests. Use kvmalloc() instead. Correspondingly, replace kfree() calls with kvfree() calls. Suggested-by: Richard Weinberger <richard@nod.at> Signed-off-by: Michał Kępień <kernel@kempniu.pl> Acked-by: Richard Weinberger <richard@nod.at> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20220516070601.11428-3-kernel@kempniu.pl
* mtdchar: prevent integer overflow in a safety checkMichał Kępień2022-06-091-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 6420ac0af95d ("mtdchar: prevent unbounded allocation in MEMWRITE ioctl") added a safety check to mtdchar_write_ioctl() which attempts to ensure that the write request sent by user space does not extend beyond the MTD device's size. However, that check contains an addition of two struct mtd_write_req fields, 'start' and 'len', both of which are u64 variables. The result of that addition can overflow, allowing the safety check to be bypassed. The arguably simplest fix - changing the data types of the relevant struct mtd_write_req fields - is not feasible as it would break user space. Fix by making mtdchar_write_ioctl() truncate the value provided by user space in the 'len' field of struct mtd_write_req, so that only the lower 32 bits of that field are used, preventing the overflow. While the 'ooblen' field of struct mtd_write_req is not currently used in any similarly flawed safety check, also truncate it to 32 bits, for consistency with the 'len' field and with other MTD routines handling OOB data. Update include/uapi/mtd/mtd-abi.h accordingly. Suggested-by: Richard Weinberger <richard@nod.at> Signed-off-by: Michał Kępień <kernel@kempniu.pl> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20220516070601.11428-2-kernel@kempniu.pl
* mtdchar: prevent unbounded allocation in MEMWRITE ioctlMichał Kępień2021-12-091-23/+87
| | | | | | | | | | | | | | | | | | In the mtdchar_write_ioctl() function, memdup_user() is called with its 'len' parameter set to verbatim values provided by user space via a struct mtd_write_req. Both the 'len' and 'ooblen' fields of that structure are 64-bit unsigned integers, which means the MEMWRITE ioctl can trigger unbounded kernel memory allocation requests. Fix by iterating over the buffers provided by user space in a loop, processing at most mtd->erasesize bytes in each iteration. Adopt some checks from mtd_check_oob_ops() to retain backward user space compatibility. Suggested-by: Boris Brezillon <boris.brezillon@collabora.com> Signed-off-by: Michał Kępień <kernel@kempniu.pl> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20211130113149.21848-1-kernel@kempniu.pl
* mtd: add OTP (one-time-programmable) erase ioctlMichael Walle2021-03-281-1/+6
| | | | | | | | | | | | | | This may sound like a contradiction but some SPI-NOR flashes really support erasing their OTP region until it is finally locked. Having the possibility to erase an OTP region might come in handy during development. The ioctl argument follows the OTPLOCK style. Signed-off-by: Michael Walle <michael@walle.cc> Acked-by: Vignesh Raghavendra <vigneshr@ti.com> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20210303201819.2752-1-michael@walle.cc
* mtd: require write permissions for locking and badblock ioctlsMichael Walle2021-03-281-4/+4
| | | | | | | | | | | | | | | | | MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require write permission. Depending on the hardware MEMLOCK might even be write-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK is always write-once. MEMSETBADBLOCK modifies the bad block table. Fixes: f7e6b19bc764 ("mtd: properly check all write ioctls for permissions") Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Rafał Miłecki <rafal@milecki.pl> Acked-by: Richard Weinberger <richard@nod.at> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20210303155735.25887-1-michael@walle.cc
* mtd: mtdchar: Fix fall-through warnings for ClangGustavo A. R. Silva2021-03-111-0/+1
| | | | | | | | | | | In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning by explicitly adding a break statement instead of letting the code fall through to the next case. Link: https://github.com/KSPP/linux/issues/115 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20210305082224.GA137360@embeddedor
* mtd: char: Get rid of Big MTD LockAlexander Sverdlin2021-03-111-6/+8
| | | | | | | | | | Get rid of central chrdev MTD lock, which prevents simultaneous operations on completely independent physical MTD chips. Replace it with newly introduced per-master mutex. Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20210217211845.43364-2-alexander.sverdlin@nokia.com
* mtd: char: Drop mtd_mutex usage from mtdchar_open()Alexander Sverdlin2021-03-111-8/+2
| | | | | | | | | It looks unnecessary in the function, remove it from the function having in mind to remove it completely. Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20210217211845.43364-1-alexander.sverdlin@nokia.com
* mtd: remove unneeded breakTom Rix2020-10-281-2/+0
| | | | | | | | | A break is not needed if it is preceded by a return Signed-off-by: Tom Rix <trix@redhat.com> Acked-by: Richard Weinberger <richard@nod.at> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20201019191631.9604-1-trix@redhat.com
* mtd: properly check all write ioctls for permissionsGreg Kroah-Hartman2020-07-241-9/+47
| | | | | | | | | | | | | | | When doing a "write" ioctl call, properly check that we have permissions to do so before copying anything from userspace or anything else so we can "fail fast". This includes also covering the MEMWRITE ioctl which previously missed checking for this. Cc: Miquel Raynal <miquel.raynal@bootlin.com> Cc: Richard Weinberger <richard@nod.at> Cc: Vignesh Raghavendra <vigneshr@ti.com> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> [rw: Fixed locking issue] Signed-off-by: Richard Weinberger <richard@nod.at>
* mtd: implement proper partition handlingMiquel Raynal2020-03-111-5/+7
| | | | | | | | | | | | | | | | | | | | Instead of collecting partitions in a flat list, create a hierarchy within the mtd_info structure: use a partitions list to keep track of the partitions of an MTD device (which might be itself a partition of another MTD device), a pointer to the parent device (NULL when the MTD device is the root one, not a partition). By also saving directly in mtd_info the offset of the partition, we can get rid of the mtd_part structure. While at it, be consistent in the naming of the mtd_info structures to ease the understanding of the new hierarchy: these structures are usually called 'mtd', unless there are multiple instances of the same structure. In this case, there is usually a parent/child bound so we will call them 'parent' and 'child'. Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20200114090952.11232-1-miquel.raynal@bootlin.com
* mtd: Initialize all parameters of mtd_oob_opsMiquel Raynal2019-10-081-5/+5
| | | | | | | | | | | | | Most of the time the ooboffs parameter of the mtd_oob_ops structure was initialized only when needed. Since the introduction of the SPI-NAND subsystem, this parameter is transferred into nand_page_io_req structure automatically and may be used by any SPI-NAND user. Before this happens, initialize all the structure parameters when they are created in mtdchar.c. Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
* treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 102Thomas Gleixner2019-05-241-15/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details you should have received a copy of the gnu general public license along with this program if not write to the free software foundation inc 51 franklin st fifth floor boston ma 02110 1301 usa extracted by the scancode license scanner the SPDX license identifier GPL-2.0-or-later has been chosen to replace the boilerplate/reference in 50 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Richard Fontana <rfontana@redhat.com> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190523091649.499889647@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* mtdchar: fix overflows in adjustment of `count`Jann Horn2018-07-181-3/+7
| | | | | | | | | | | | | | | The first checks in mtdchar_read() and mtdchar_write() attempt to limit `count` such that `*ppos + count <= mtd->size`. However, they ignore the possibility of `*ppos > mtd->size`, allowing the calculation of `count` to wrap around. `mtdchar_lseek()` prevents seeking beyond mtd->size, but the pread/pwrite syscalls bypass this. I haven't found any codepath on which this actually causes dangerous behavior, but it seems like a sensible change anyway. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
* Merge tag 'mtd/for-4.17' of git://git.infradead.org/linux-mtdLinus Torvalds2018-04-061-33/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull MTD updates from Boris Brezillon: "MTD Core: - Remove support for asynchronous erase (not implemented by any of the existing drivers anyway) - Remove Cyrille from the list of SPI NOR and MTD maintainers - Fix kernel doc headers - Allow users to define the partitions parsers they want to test through a DT property (compatible of the partitions subnode) - Remove the bfin-async-flash driver (the only architecture using it has been removed) - Fix pagetest test - Add extra checks in mtd_erase() - Simplify the MTD partition creation logic and get rid of mtd_add_device_partitions() MTD Drivers: - Add endianness information to the physmap DT binding - Add Eon EN29LV400A IDs to JEDEC probe logic - Use %*ph where appropriate SPI NOR Drivers: - Make fsl-quaspi assign different names to MTD devices connected to the same QSPI controller - Remove an unneeded driver.bus assigned in the fsl-qspi driver NAND Core: - Prepare arrival of the SPI NAND subsystem by implementing a generic (interface-agnostic) layer to ease manipulation of NAND devices - Move onenand code base to the drivers/mtd/nand/ dir - Rework timing mode selection - Provide a generic way for NAND chip drivers to flag a specific GET/SET FEATURE operation as supported/unsupported - Stop embedding ONFI/JEDEC param page in nand_chip NAND Drivers: - Rework/cleanup of the mxc driver - Various cleanups in the vf610 driver - Migrate the fsmc and vf610 to ->exec_op() - Get rid of the pxa driver (replaced by marvell_nand) - Support ->setup_data_interface() in the GPMI driver - Fix probe error path in several drivers - Remove support for unused hw_syndrome mode in sunxi_nand - Various minor improvements" * tag 'mtd/for-4.17' of git://git.infradead.org/linux-mtd: (89 commits) dt-bindings: fsl-quadspi: Add the example of two SPI NOR mtd: fsl-quadspi: Distinguish the mtd device names mtd: nand: Fix some function description mismatches in core.c mtd: fsl-quadspi: Remove unneeded driver.bus assignment mtd: rawnand: marvell: Rename ->ecc_clk into ->core_clk mtd: rawnand: s3c2410: enhance the probe function error path mtd: rawnand: tango: fix probe function error path mtd: rawnand: sh_flctl: fix the probe function error path mtd: rawnand: omap2: fix the probe function error path mtd: rawnand: mxc: fix probe function error path mtd: rawnand: denali: fix probe function error path mtd: rawnand: davinci: fix probe function error path mtd: rawnand: cafe: fix probe function error path mtd: rawnand: brcmnand: fix probe function error path mtd: rawnand: sunxi: Stop supporting ECC_HW_SYNDROME mode mtd: rawnand: marvell: Fix clock resource by adding a register clock mtd: ftl: Use DIV_ROUND_UP() mtd: Fix some function description mismatches in mtdcore.c mtd: physmap_of: update struct map_info's swap as per map requirement dt-bindings: mtd-physmap: Add endianness supports ...
| * mtd: Unconditionally update ->fail_addr and ->addr in part_erase()Boris Brezillon2018-03-151-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ->fail_addr and ->addr can be updated no matter the result of parent->_erase(), we just need to remove the code doing the same thing in mtd_erase_callback() to avoid adjusting those fields twice. Note that this can be done because all MTD users have been converted to not pass an erase_info->callback() and are thus only taking the ->addr_fail and ->addr fields into account after part_erase() has returned. While we're at it, get rid of the erase_info->mtd field which was only needed to let mtd_erase_callback() get the partition device back. Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com> Reviewed-by: Richard Weinberger <richard@nod.at>
| * mtd: Stop assuming mtd_erase() is asynchronousBoris Brezillon2018-03-151-32/+1
| | | | | | | | | | | | | | | | | | | | None of the mtd->_erase() implementations work in an asynchronous manner, so let's simplify MTD users that call mtd_erase(). All they need to do is check the value returned by mtd_erase() and assume that != 0 means failure. Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com> Reviewed-by: Richard Weinberger <richard@nod.at>
* | mtdchar: fix usage of mtd_ooblayout_ecc()OuYang ZhiZhong2018-03-191-2/+2
|/ | | | | | | | | | | | Section was not properly computed. The value of OOB region definition is always ECC section 0 information in the OOB area, but we want to get all the ECC bytes information, so we should call mtd_ooblayout_ecc(mtd, section++, &oobregion) until it returns -ERANGE. Fixes: c2b78452a9db ("mtd: use mtd_ooblayout_xxx() helpers where appropriate") Cc: <stable@vger.kernel.org> Signed-off-by: OuYang ZhiZhong <ouyzz@yealink.com> Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
* mtdchar: get rid of pointless access_ok()Al Viro2017-10-171-23/+1
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* mtd: Fix typo: "occured" -> "occurred"Nobuhiro Iwamatsu2017-02-081-1/+1
| | | | | | | Trivial typo fix in comment. Signed-off-by: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.kw@hitachi.com> Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* Replace <asm/uaccess.h> with <linux/uaccess.h> globallyLinus Torvalds2016-12-241-1/+1
| | | | | | | | | | | | | This was entirely automated, using the script by Al: PATT='^[[:blank:]]*#[[:blank:]]*include[[:blank:]]*<asm/uaccess.h>' sed -i -e "s!$PATT!#include <linux/uaccess.h>!" \ $(git grep -l "$PATT"|grep -v ^include/linux/uaccess.h) to do the replacement at the end of the merge window. Requested-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* mtd: kill the nand_ecclayout structBoris Brezillon2016-05-051-6/+6
| | | | | | | | Now that all MTD drivers have moved to the mtd_ooblayout_ops model we can safely remove the struct nand_ecclayout definition, and all the remaining places where it was still used. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
* mtd: create an mtd_ooblayout_ops struct to ease ECC layout definitionBoris Brezillon2016-04-191-2/+2
| | | | | | | | | | | | | | | | | | | ECC layout definitions are currently exposed using the nand_ecclayout struct which embeds oobfree and eccpos arrays with predefined size. This approach was acceptable when NAND chips were providing relatively small OOB regions, but MLC and TLC now provide OOB regions of several hundreds of bytes, which implies a non negligible overhead for everybody even those who only need to support legacy NANDs. Create an mtd_ooblayout_ops interface providing the same functionality (expose the ECC and oobfree layout) without the need for this huge structure. The mtd->ecclayout is now deprecated and should be replaced by the equivalent mtd_ooblayout_ops. In the meantime we provide a wrapper around the ->ecclayout field to ease migration to this new model. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
* mtd: use mtd_ooblayout_xxx() helpers where appropriateBoris Brezillon2016-04-191-19/+88
| | | | | | | | | The mtd_ooblayout_xxx() helper functions have been added to avoid direct accesses to the ecclayout field, and thus ease for future reworks. Use these helpers in all places where the oobfree[] and eccpos[] arrays where directly accessed. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
* mtd: provide proper 32/64-bit compat_ioctl() support for BLKPGBrian Norris2015-09-291-9/+33
| | | | | | | | | | | | | | | | | | | | | After a bit of poking around wondering why my 32-bit user-space can't seem to send a proper ioctl(BLKPG) to an MTD on my 64-bit kernel (ARM64), I noticed that struct blkpg_ioctl_arg is actually pretty unsuitable for use in the ioctl() ABI, due to its use of raw pointers, and its lack of alignment/packing restrictions (32-bit arch'es tend to pack the 4 fields into 4 32-bit words, whereas 64-bit arch'es would add padding after the third int, and make this 6 32-bit words). Anyway, this means BLKPG deserves some special compat_ioctl handling. Do the conversion in a small shim for MTD. block/compat_ioctl.c already has compat support for the block subsystem, but it does so by a re-marshalling data to/from user-space (see compat_blkpg_ioctl()). Personally, I think this approach is cleaner. Tested only on MTD, with an ARM32 user space on an ARM64 kernel. Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* fs: introduce f_op->mmap_capabilities for nommu mmap supportChristoph Hellwig2015-01-201-62/+10
| | | | | | | | | | | | | | | | | | | Since "BDI: Provide backing device capability information [try #3]" the backing_dev_info structure also provides flags for the kind of mmap operation available in a nommu environment, which is entirely unrelated to it's original purpose. Introduce a new nommu-only file operation to provide this information to the nommu mmap code instead. Splitting this from the backing_dev_info structure allows to remove lots of backing_dev_info instance that aren't otherwise needed, and entirely gets rid of the concept of providing a backing_dev_info for a character device. It also removes the need for the mtd_inodefs filesystem. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Tejun Heo <tj@kernel.org> Acked-by: Brian Norris <computersforpeace@gmail.com> Signed-off-by: Jens Axboe <axboe@fb.com>
* mtd: terminate user-provided stringBrian Norris2014-08-191-0/+3
| | | | | | Noticed by Coverity as a potential security issue. Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* mtd: Fix warning in access_ok() parameter passingGeert Uytterhoeven2014-05-201-9/+11
| | | | | | | | | | | | | | | | | | | | | On m68k, where access_ok() doesn't cast the address parameter: drivers/mtd/mtdchar.c: In function 'mtdchar_write_ioctl': drivers/mtd/mtdchar.c:575:4: warning: passing argument 2 of 'access_ok' makes pointer from integer without a cast [enabled by default] arch/m68k/include/asm/uaccess_mm.h:17:90: note: expected 'const void *' but argument is of type '__u64' drivers/mtd/mtdchar.c:576:4: warning: passing argument 2 of 'access_ok' makes pointer from integer without a cast [enabled by default] arch/m68k/include/asm/uaccess_mm.h:17:90: note: expected 'const void *' but argument is of type '__u64' The address parameter of access_ok() is really a userspace pointer. On most architectures, access_ok() is a macro that casts the address parameter, hiding issues in its users. Move around and use the existing usr_data and usr_oob temporary variables to kill the warnings. Add a few "consts", and make more use of the temporaries while we're at it. Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* mtd: Fix the behavior of OTP write if there is not enough room for dataChristian Riesch2014-03-101-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a write to one time programmable memory (OTP) hits the end of this memory area, no more data can be written. The count variable in mtdchar_write() in drivers/mtd/mtdchar.c is not decreased anymore. We are trapped in the loop forever, mtdchar_write() will never return in this case. The desired behavior of a write in such a case is described in [1]: - Try to write as much data as possible, truncate the write to fit into the available memory and return the number of bytes that actually have been written. - If no data could be written at all, return -ENOSPC. This patch fixes the behavior of OTP write if there is not enough space for all data: 1) mtd_write_user_prot_reg() in drivers/mtd/mtdcore.c is modified to return -ENOSPC if no data could be written at all. 2) mtdchar_write() is modified to handle -ENOSPC correctly. Exit if a write returned -ENOSPC and yield the correct return value, either then number of bytes that could be written, or -ENOSPC, if no data could be written at all. Furthermore the patch harmonizes the behavior of the OTP memory write in drivers/mtd/devices/mtd_dataflash.c with the other implementations and the requirements from [1]. Instead of returning -EINVAL if the data does not fit into the OTP memory, we try to write as much data as possible/truncate the write. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/write.html Signed-off-by: Christian Riesch <christian.riesch@omicron.at> Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* mtd: Add a retlen parameter to _get_{fact,user}_prot_infoChristian Riesch2014-03-101-5/+6
| | | | | | Signed-off-by: Christian Riesch <christian.riesch@omicron.at> Cc: Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com> Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* mtd: mtdchar: return expected errors on mmap() callVladimir Zapolskiy2013-11-111-3/+3
| | | | | | | | | | According both to POSIX.1-2008 and Linux Programmer's Manual mmap() syscall shouldn't return undocumented ENOSYS, this change replaces the errno with more appropriate ENODEV and EACCESS. Signed-off-by: Vladimir Zapolskiy <vladimir_zapolskiy@mentor.com> Cc: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* mtd: Move major number definitions to major.hEzequiel Garcia2013-11-061-0/+1
| | | | | | | | | This patch moves the char and block major number definitions to major.h to be with the rest of the major numbers. While doing this, include major.h in the files that need it. Signed-off-by: Ezequiel Garcia <ezequiel.garcia@free-electrons.com> Signed-off-by: Brian Norris <computersforpeace@gmail.com>
* mtdchar: switch to fixed_size_llseek()Al Viro2013-06-291-19/+1
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* Merge tag 'for-linus-20130509' of git://git.infradead.org/linux-mtdLinus Torvalds2013-05-091-30/+22
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull MTD update from David Woodhouse: - Lots of cleanups from Artem, including deletion of some obsolete drivers - Support partitions larger than 4GiB in device tree - Support for new SPI chips * tag 'for-linus-20130509' of git://git.infradead.org/linux-mtd: (83 commits) mtd: omap2: Use module_platform_driver() mtd: bf5xx_nand: Use module_platform_driver() mtd: denali_dt: Remove redundant use of of_match_ptr mtd: denali_dt: Change return value to fix smatch warning mtd: denali_dt: Use module_platform_driver() mtd: denali_dt: Fix incorrect error check mtd: nand: subpage write support for hardware based ECC schemes mtd: omap2: use msecs_to_jiffies() mtd: nand_ids: use size macros mtd: nand_ids: improve LEGACY_ID_NAND macro a bit mtd: add 4 Toshiba nand chips for the full-id case mtd: add the support to parse out the full-id nand type mtd: add new fields to nand_flash_dev{} mtd: sh_flctl: Use of_match_ptr() macro mtd: gpio: Use of_match_ptr() macro mtd: gpio: Use devm_kzalloc() mtd: davinci_nand: Use of_match_ptr() mtd: dataflash: Use of_match_ptr() macro mtd: remove h720x flash support mtd: onenand: remove OneNAND simulator ...
| * mtd: merge mtdchar module with mtdcoreArtem Bityutskiy2013-04-051-16/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The MTD subsystem has historically tried to be as configurable as possible. The side-effect of this is that its configuration menu is rather large, and we are gradually shrinking it. For example, we recently merged partitions support with the mtdcore. This patch does the next step - it merges the mtdchar module to mtdcore. And in this case this is not only about eliminating too fine-grained separation and simplifying the configuration menu. This is also about eliminating seemingly useless kernel module. Indeed, mtdchar is a module that allows user-space making use of MTD devices via /dev/mtd* character devices. If users do not enable it, they simply cannot use MTD devices at all. They cannot read or write the flash contents. Is it a sane and useful setup? I believe not. And everyone just enables mtdchar. Having mtdchar separate is also a little bit harmful. People sometimes miss the fact that they need to enable an additional configuration option to have user-space MTD interfaces, and then they wonder why on earth the kernel does not allow using the flash? They spend time asking around. Thus, let's just get rid of this module and make it part of mtd core. Note, mtdchar had additional configuration option to enable OTP interfaces, which are present on some flashes. I removed that option as well - it saves a really tiny amount space. [dwmw2: Strictly speaking, you can mount file systems on MTD devices just fine without the mtdchar (or mtdblock) devices; you just can't do other manipulations directly on the underlying device. But still I agree that it makes sense to make this unconditional. And Yay! we get to kill off an instance of checking CONFIG_foo_MODULE, which is an abomination that should never happen.] Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
| * mtd: mtdchar: use proper kernel print levelArtem Bityutskiy2013-04-051-3/+5
| | | | | | | | | | | | | | We normally use 'pr_err()' for error messages, not 'pr_notice()'. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
| * mtd: mtdchar: handle chips that have user otp but no factory otpUwe Kleine-König2013-04-051-11/+13
| | | | | | | | | | | | | | | | | | | | | | Before this patch mtd_read_fact_prot_reg was used to check availability for both MTD_OTP_FACTORY and MTD_OTP_USER access. This made accessing user otp for chips that don't have a factory otp area impossible. So use the right wrapper depending on the intended area to be accessed. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
* | mtdchar: remove no-longer-used vma helpersLinus Torvalds2013-04-191-27/+0
| | | | | | | | | | | | | | With the conversion to vm_iomap_memory(), these vma helpers are no longer used. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | vm: convert mtdchar mmap to vm_iomap_memory() helperLinus Torvalds2013-04-191-30/+2
|/ | | | | | | | | | This is my example conversion of a few existing mmap users. The mtdchar case is actually disabled right now (and stays disabled), but I did it because it showed up on my "git grep", and I was familiar with the code due to fixing an overflow problem in the code in commit 9c603e53d380 ("mtdchar: fix offset overflow detection"). Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* fs: Limit sys_mount to only request filesystem modules.Eric W. Biederman2013-03-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Modify the request_module to prefix the file system type with "fs-" and add aliases to all of the filesystems that can be built as modules to match. A common practice is to build all of the kernel code and leave code that is not commonly needed as modules, with the result that many users are exposed to any bug anywhere in the kernel. Looking for filesystems with a fs- prefix limits the pool of possible modules that can be loaded by mount to just filesystems trivially making things safer with no real cost. Using aliases means user space can control the policy of which filesystem modules are auto-loaded by editing /etc/modprobe.d/*.conf with blacklist and alias directives. Allowing simple, safe, well understood work-arounds to known problematic software. This also addresses a rare but unfortunate problem where the filesystem name is not the same as it's module name and module auto-loading would not work. While writing this patch I saw a handful of such cases. The most significant being autofs that lives in the module autofs4. This is relevant to user namespaces because we can reach the request module in get_fs_type() without having any special permissions, and people get uncomfortable when a user specified string (in this case the filesystem type) goes all of the way to request_module. After having looked at this issue I don't think there is any particular reason to perform any filtering or permission checks beyond making it clear in the module request that we want a filesystem module. The common pattern in the kernel is to call request_module() without regards to the users permissions. In general all a filesystem module does once loaded is call register_filesystem() and go to sleep. Which means there is not much attack surface exposed by loading a filesytem module unless the filesystem is mounted. In a user namespace filesystems are not mounted unless .fs_flags = FS_USERNS_MOUNT, which most filesystems do not set today. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Acked-by: Kees Cook <keescook@chromium.org> Reported-by: Kees Cook <keescook@google.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
* mtd: Disable mtdchar mmap on MMU systemsDavid Woodhouse2012-10-091-1/+5
| | | | | | | This code was broken because it assumed that all MTD devices were map-based. Disable it for now, until it can be fixed properly for the next merge window. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
* mm: kill vma flag VM_RESERVED and mm->reserved_vm counterKonstantin Khlebnikov2012-10-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A long time ago, in v2.4, VM_RESERVED kept swapout process off VMA, currently it lost original meaning but still has some effects: | effect | alternative flags -+------------------------+--------------------------------------------- 1| account as reserved_vm | VM_IO 2| skip in core dump | VM_IO, VM_DONTDUMP 3| do not merge or expand | VM_IO, VM_DONTEXPAND, VM_HUGETLB, VM_PFNMAP 4| do not mlock | VM_IO, VM_DONTEXPAND, VM_HUGETLB, VM_PFNMAP This patch removes reserved_vm counter from mm_struct. Seems like nobody cares about it, it does not exported into userspace directly, it only reduces total_vm showed in proc. Thus VM_RESERVED can be replaced with VM_IO or pair VM_DONTEXPAND | VM_DONTDUMP. remap_pfn_range() and io_remap_pfn_range() set VM_IO|VM_DONTEXPAND|VM_DONTDUMP. remap_vmalloc_range() set VM_DONTEXPAND | VM_DONTDUMP. [akpm@linux-foundation.org: drivers/vfio/pci/vfio_pci.c fixup] Signed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Carsten Otte <cotte@de.ibm.com> Cc: Chris Metcalf <cmetcalf@tilera.com> Cc: Cyrill Gorcunov <gorcunov@openvz.org> Cc: Eric Paris <eparis@redhat.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Hugh Dickins <hughd@google.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: James Morris <james.l.morris@oracle.com> Cc: Jason Baron <jbaron@redhat.com> Cc: Kentaro Takeda <takedakn@nttdata.co.jp> Cc: Matt Helsley <matthltc@us.ibm.com> Cc: Nick Piggin <npiggin@kernel.dk> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Robert Richter <robert.richter@amd.com> Cc: Suresh Siddha <suresh.b.siddha@intel.com> Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Cc: Venkatesh Pallipadi <venki@google.com> Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* mtdchar: fix offset overflow detectionLinus Torvalds2012-09-281-6/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | Sasha Levin has been running trinity in a KVM tools guest, and was able to trigger the BUG_ON() at arch/x86/mm/pat.c:279 (verifying the range of the memory type). The call trace showed that it was mtdchar_mmap() that created an invalid remap_pfn_range(). The problem is that mtdchar_mmap() does various really odd and subtle things with the vma page offset etc, and uses the wrong types (and the wrong overflow) detection for it. For example, the page offset may well be 32-bit on a 32-bit architecture, but after shifting it up by PAGE_SHIFT, we need to use a potentially 64-bit resource_size_t to correctly hold the full value. Also, we need to check that the vma length plus offset doesn't overflow before we check that it is smaller than the length of the mtdmap region. This fixes things up and tries to make the code a bit easier to read. Reported-and-tested-by: Sasha Levin <levinsasha928@gmail.com> Acked-by: Suresh Siddha <suresh.b.siddha@intel.com> Acked-by: Artem Bityutskiy <dedekind1@gmail.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: linux-mtd@lists.infradead.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* mtd: fix oops in dataflash driverWill Newton2012-05-071-1/+1
| | | | | | | | | | | | | | | | I'm seeing an oops in mtd_dataflash.c with Linux 3.3. What appears to be happening is that otp_select_filemode calls mtd_read_fact_prot_reg with -1 for offset and length and a NULL buffer to test if OTP operations are supported. This finds its way down to otp_read in mtd_dataflash.c and causes an oops when memcpying the returned data into the NULL buf. None of the checks in otp_read catches the negative length and offset. Changing the length of the dummy read to 0 prevents the oops. Cc: stable@kernel.org [3.3+] Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
* fix breakage in mtdchar_open(), sanitize failure exitsAl Viro2012-04-091-10/+10
| | | | | | simple_release_fs() should be only done on failure there. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* Merge branch 'for-linus' of ↵Linus Torvalds2012-03-311-37/+16
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull second try at vfs part d#2 from Al Viro: "Miklos' first series (with do_lookup() rewrite split into edible chunks) + assorted bits and pieces. The 'untangling of do_lookup()' series is is a splitup of what used to be a monolithic patch from Miklos, so this series is basically "how do I convince myself that his patch is correct (or find a hole in it)". No holes found and I like the resulting cleanup, so in it went..." Changes from try 1: Fix a boot problem with selinux, and commit messages prettied up a bit. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (24 commits) vfs: fix out-of-date dentry_unhash() comment vfs: split __lookup_hash untangling do_lookup() - take __lookup_hash()-calling case out of line. untangling do_lookup() - switch to calling __lookup_hash() untangling do_lookup() - merge d_alloc_and_lookup() callers untangling do_lookup() - merge failure exits in !dentry case untangling do_lookup() - massage !dentry case towards __lookup_hash() untangling do_lookup() - get rid of need_reval in !dentry case untangling do_lookup() - eliminate a loop. untangling do_lookup() - expand the area under ->i_mutex untangling do_lookup() - isolate !dentry stuff from the rest of it. vfs: move MAY_EXEC check from __lookup_hash() vfs: don't revalidate just looked up dentry vfs: fix d_need_lookup/d_revalidate order in do_lookup ext3: move headers to fs/ext3/ migrate ext2_fs.h guts to fs/ext2/ext2.h new helper: ext2_image_size() get rid of pointless includes of ext2_fs.h ext2: No longer export ext2_fs.h to user space mtdchar: kill persistently held vfsmount ...
| * mtdchar: kill persistently held vfsmountAl Viro2012-03-311-37/+16
| | | | | | | | | | | | | | | | ... and mtdchar_notifier along with it; just have ->drop_inode() that will unconditionally get evict them instead of dances on mtd device removal and use simple_pin_fs() instead of kern_mount() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | Merge tag 'for-linus-3.4' of git://git.infradead.org/mtd-2.6Linus Torvalds2012-03-301-2/+2
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull MTD changes from David Woodhouse: - Artem's cleanup of the MTD API continues apace. - Fixes and improvements for ST FSMC and SuperH FLCTL NAND, amongst others. - More work on DiskOnChip G3, new driver for DiskOnChip G4. - Clean up debug/warning printks in JFFS2 to use pr_<level>. Fix up various trivial conflicts, largely due to changes in calling conventions for things like dmaengine_prep_slave_sg() (new inline wrapper to hide new parameter, clashing with rewrite of previously last parameter that used to be an 'append' flag, and is now a bitmap of 'unsigned long flags'). (Also some header file fallout - like so many merges this merge window - and silly conflicts with sparse fixes) * tag 'for-linus-3.4' of git://git.infradead.org/mtd-2.6: (120 commits) mtd: docg3 add protection against concurrency mtd: docg3 refactor cascade floors structure mtd: docg3 increase write/erase timeout mtd: docg3 fix inbound calculations mtd: nand: gpmi: fix function annotations mtd: phram: fix section mismatch for phram_setup mtd: unify initialization of erase_info->fail_addr mtd: support ONFI multi lun NAND mtd: sm_ftl: fix typo in major number. mtd: add device-tree support to spear_smi mtd: spear_smi: Remove default partition information from driver mtd: Add device-tree support to fsmc_nand mtd: fix section mismatch for doc_probe_device mtd: nand/fsmc: Remove sparse warnings and errors mtd: nand/fsmc: Add DMA support mtd: nand/fsmc: Access the NAND device word by word whenever possible mtd: nand/fsmc: Use dev_err to report error scenario mtd: nand/fsmc: Use devm routines mtd: nand/fsmc: Modify fsmc driver to accept nand timing parameters via platform mtd: fsmc_nand: add pm callbacks to support hibernation ...
| * mtd: add leading underscore to all mtd functionsArtem Bityutskiy2012-03-271-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch renames all MTD functions by adding a "_" prefix: mtd->erase -> mtd->_erase mtd->read_oob -> mtd->_read_oob ... The reason is that we are re-working the MTD API and from now on it is an error to use MTD function pointers directly - we have a corresponding API call for every pointer. By adding a leading "_" we achieve the following: 1. Make sure we convert every direct pointer users 2. A leading "_" suggests that this interface is internal and it becomes less likely that people will use them directly 3. Make sure all the out-of-tree modules stop compiling and the owners spot the big API change and amend them. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>