Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Copyright (c) International Business Machines Corp., 2006
4 *
5 * Author: Artem Bityutskiy (Битюцкий Артём)
6 */
7
8/*
9 * This file includes implementation of UBI character device operations.
10 *
11 * There are two kinds of character devices in UBI: UBI character devices and
12 * UBI volume character devices. UBI character devices allow users to
13 * manipulate whole volumes: create, remove, and re-size them. Volume character
14 * devices provide volume I/O capabilities.
15 *
16 * Major and minor numbers are assigned dynamically to both UBI and volume
17 * character devices.
18 *
19 * Well, there is the third kind of character devices - the UBI control
20 * character device, which allows to manipulate by UBI devices - create and
21 * delete them. In other words, it is used for attaching and detaching MTD
22 * devices.
23 */
24
25#include <linux/module.h>
26#include <linux/stat.h>
27#include <linux/slab.h>
28#include <linux/ioctl.h>
29#include <linux/capability.h>
30#include <linux/uaccess.h>
31#include <linux/compat.h>
32#include <linux/math64.h>
33#include <mtd/ubi-user.h>
34#include "ubi.h"
35
36/**
37 * get_exclusive - get exclusive access to an UBI volume.
38 * @desc: volume descriptor
39 *
40 * This function changes UBI volume open mode to "exclusive". Returns previous
41 * mode value (positive integer) in case of success and a negative error code
42 * in case of failure.
43 */
44static int get_exclusive(struct ubi_volume_desc *desc)
45{
46 int users, err;
47 struct ubi_volume *vol = desc->vol;
48
49 spin_lock(&vol->ubi->volumes_lock);
50 users = vol->readers + vol->writers + vol->exclusive + vol->metaonly;
51 ubi_assert(users > 0);
52 if (users > 1) {
53 ubi_err(vol->ubi, "%d users for volume %d", users, vol->vol_id);
54 err = -EBUSY;
55 } else {
56 vol->readers = vol->writers = vol->metaonly = 0;
57 vol->exclusive = 1;
58 err = desc->mode;
59 desc->mode = UBI_EXCLUSIVE;
60 }
61 spin_unlock(&vol->ubi->volumes_lock);
62
63 return err;
64}
65
66/**
67 * revoke_exclusive - revoke exclusive mode.
68 * @desc: volume descriptor
69 * @mode: new mode to switch to
70 */
71static void revoke_exclusive(struct ubi_volume_desc *desc, int mode)
72{
73 struct ubi_volume *vol = desc->vol;
74
75 spin_lock(&vol->ubi->volumes_lock);
76 ubi_assert(vol->readers == 0 && vol->writers == 0 && vol->metaonly == 0);
77 ubi_assert(vol->exclusive == 1 && desc->mode == UBI_EXCLUSIVE);
78 vol->exclusive = 0;
79 if (mode == UBI_READONLY)
80 vol->readers = 1;
81 else if (mode == UBI_READWRITE)
82 vol->writers = 1;
83 else if (mode == UBI_METAONLY)
84 vol->metaonly = 1;
85 else
86 vol->exclusive = 1;
87 spin_unlock(&vol->ubi->volumes_lock);
88
89 desc->mode = mode;
90}
91
92static int vol_cdev_open(struct inode *inode, struct file *file)
93{
94 struct ubi_volume_desc *desc;
95 int vol_id = iminor(inode) - 1, mode, ubi_num;
96
97 ubi_num = ubi_major2num(imajor(inode));
98 if (ubi_num < 0)
99 return ubi_num;
100
101 if (file->f_mode & FMODE_WRITE)
102 mode = UBI_READWRITE;
103 else
104 mode = UBI_READONLY;
105
106 dbg_gen("open device %d, volume %d, mode %d",
107 ubi_num, vol_id, mode);
108
109 desc = ubi_open_volume(ubi_num, vol_id, mode);
110 if (IS_ERR(desc))
111 return PTR_ERR(desc);
112
113 file->private_data = desc;
114 return 0;
115}
116
117static int vol_cdev_release(struct inode *inode, struct file *file)
118{
119 struct ubi_volume_desc *desc = file->private_data;
120 struct ubi_volume *vol = desc->vol;
121
122 dbg_gen("release device %d, volume %d, mode %d",
123 vol->ubi->ubi_num, vol->vol_id, desc->mode);
124
125 if (vol->updating) {
126 ubi_warn(vol->ubi, "update of volume %d not finished, volume is damaged",
127 vol->vol_id);
128 ubi_assert(!vol->changing_leb);
129 vol->updating = 0;
130 vfree(vol->upd_buf);
131 } else if (vol->changing_leb) {
132 dbg_gen("only %lld of %lld bytes received for atomic LEB change for volume %d:%d, cancel",
133 vol->upd_received, vol->upd_bytes, vol->ubi->ubi_num,
134 vol->vol_id);
135 vol->changing_leb = 0;
136 vfree(vol->upd_buf);
137 }
138
139 ubi_close_volume(desc);
140 return 0;
141}
142
143static loff_t vol_cdev_llseek(struct file *file, loff_t offset, int origin)
144{
145 struct ubi_volume_desc *desc = file->private_data;
146 struct ubi_volume *vol = desc->vol;
147
148 if (vol->updating) {
149 /* Update is in progress, seeking is prohibited */
150 ubi_err(vol->ubi, "updating");
151 return -EBUSY;
152 }
153
154 return fixed_size_llseek(file, offset, origin, vol->used_bytes);
155}
156
157static int vol_cdev_fsync(struct file *file, loff_t start, loff_t end,
158 int datasync)
159{
160 struct ubi_volume_desc *desc = file->private_data;
161 struct ubi_device *ubi = desc->vol->ubi;
162 struct inode *inode = file_inode(file);
163 int err;
164 inode_lock(inode);
165 err = ubi_sync(ubi->ubi_num);
166 inode_unlock(inode);
167 return err;
168}
169
170
171static ssize_t vol_cdev_read(struct file *file, __user char *buf, size_t count,
172 loff_t *offp)
173{
174 struct ubi_volume_desc *desc = file->private_data;
175 struct ubi_volume *vol = desc->vol;
176 struct ubi_device *ubi = vol->ubi;
177 int err, lnum, off, len, tbuf_size;
178 size_t count_save = count;
179 void *tbuf;
180
181 dbg_gen("read %zd bytes from offset %lld of volume %d",
182 count, *offp, vol->vol_id);
183
184 if (vol->updating) {
185 ubi_err(vol->ubi, "updating");
186 return -EBUSY;
187 }
188 if (vol->upd_marker) {
189 ubi_err(vol->ubi, "damaged volume, update marker is set");
190 return -EBADF;
191 }
192 if (*offp == vol->used_bytes || count == 0)
193 return 0;
194
195 if (vol->corrupted)
196 dbg_gen("read from corrupted volume %d", vol->vol_id);
197
198 if (*offp + count > vol->used_bytes)
199 count_save = count = vol->used_bytes - *offp;
200
201 tbuf_size = vol->usable_leb_size;
202 if (count < tbuf_size)
203 tbuf_size = ALIGN(count, ubi->min_io_size);
204 tbuf = vmalloc(tbuf_size);
205 if (!tbuf)
206 return -ENOMEM;
207
208 len = count > tbuf_size ? tbuf_size : count;
209 lnum = div_u64_rem(*offp, vol->usable_leb_size, &off);
210
211 do {
212 cond_resched();
213
214 if (off + len >= vol->usable_leb_size)
215 len = vol->usable_leb_size - off;
216
217 err = ubi_eba_read_leb(ubi, vol, lnum, tbuf, off, len, 0);
218 if (err)
219 break;
220
221 off += len;
222 if (off == vol->usable_leb_size) {
223 lnum += 1;
224 off -= vol->usable_leb_size;
225 }
226
227 count -= len;
228 *offp += len;
229
230 err = copy_to_user(buf, tbuf, len);
231 if (err) {
232 err = -EFAULT;
233 break;
234 }
235
236 buf += len;
237 len = count > tbuf_size ? tbuf_size : count;
238 } while (count);
239
240 vfree(tbuf);
241 return err ? err : count_save - count;
242}
243
244/*
245 * This function allows to directly write to dynamic UBI volumes, without
246 * issuing the volume update operation.
247 */
248static ssize_t vol_cdev_direct_write(struct file *file, const char __user *buf,
249 size_t count, loff_t *offp)
250{
251 struct ubi_volume_desc *desc = file->private_data;
252 struct ubi_volume *vol = desc->vol;
253 struct ubi_device *ubi = vol->ubi;
254 int lnum, off, len, tbuf_size, err = 0;
255 size_t count_save = count;
256 char *tbuf;
257
258 if (!vol->direct_writes)
259 return -EPERM;
260
261 dbg_gen("requested: write %zd bytes to offset %lld of volume %u",
262 count, *offp, vol->vol_id);
263
264 if (vol->vol_type == UBI_STATIC_VOLUME)
265 return -EROFS;
266
267 lnum = div_u64_rem(*offp, vol->usable_leb_size, &off);
268 if (off & (ubi->min_io_size - 1)) {
269 ubi_err(ubi, "unaligned position");
270 return -EINVAL;
271 }
272
273 if (*offp + count > vol->used_bytes)
274 count_save = count = vol->used_bytes - *offp;
275
276 /* We can write only in fractions of the minimum I/O unit */
277 if (count & (ubi->min_io_size - 1)) {
278 ubi_err(ubi, "unaligned write length");
279 return -EINVAL;
280 }
281
282 tbuf_size = vol->usable_leb_size;
283 if (count < tbuf_size)
284 tbuf_size = ALIGN(count, ubi->min_io_size);
285 tbuf = vmalloc(tbuf_size);
286 if (!tbuf)
287 return -ENOMEM;
288
289 len = count > tbuf_size ? tbuf_size : count;
290
291 while (count) {
292 cond_resched();
293
294 if (off + len >= vol->usable_leb_size)
295 len = vol->usable_leb_size - off;
296
297 err = copy_from_user(tbuf, buf, len);
298 if (err) {
299 err = -EFAULT;
300 break;
301 }
302
303 err = ubi_eba_write_leb(ubi, vol, lnum, tbuf, off, len);
304 if (err)
305 break;
306
307 off += len;
308 if (off == vol->usable_leb_size) {
309 lnum += 1;
310 off -= vol->usable_leb_size;
311 }
312
313 count -= len;
314 *offp += len;
315 buf += len;
316 len = count > tbuf_size ? tbuf_size : count;
317 }
318
319 vfree(tbuf);
320 return err ? err : count_save - count;
321}
322
323static ssize_t vol_cdev_write(struct file *file, const char __user *buf,
324 size_t count, loff_t *offp)
325{
326 int err = 0;
327 struct ubi_volume_desc *desc = file->private_data;
328 struct ubi_volume *vol = desc->vol;
329 struct ubi_device *ubi = vol->ubi;
330
331 if (!vol->updating && !vol->changing_leb)
332 return vol_cdev_direct_write(file, buf, count, offp);
333
334 if (vol->updating)
335 err = ubi_more_update_data(ubi, vol, buf, count);
336 else
337 err = ubi_more_leb_change_data(ubi, vol, buf, count);
338
339 if (err < 0) {
340 ubi_err(ubi, "cannot accept more %zd bytes of data, error %d",
341 count, err);
342 return err;
343 }
344
345 if (err) {
346 /*
347 * The operation is finished, @err contains number of actually
348 * written bytes.
349 */
350 count = err;
351
352 if (vol->changing_leb) {
353 revoke_exclusive(desc, UBI_READWRITE);
354 return count;
355 }
356
357 /*
358 * We voluntarily do not take into account the skip_check flag
359 * as we want to make sure what we wrote was correctly written.
360 */
361 err = ubi_check_volume(ubi, vol->vol_id);
362 if (err < 0)
363 return err;
364
365 if (err) {
366 ubi_warn(ubi, "volume %d on UBI device %d is corrupted",
367 vol->vol_id, ubi->ubi_num);
368 vol->corrupted = 1;
369 }
370 vol->checked = 1;
371 ubi_volume_notify(ubi, vol, UBI_VOLUME_UPDATED);
372 revoke_exclusive(desc, UBI_READWRITE);
373 }
374
375 return count;
376}
377
378static long vol_cdev_ioctl(struct file *file, unsigned int cmd,
379 unsigned long arg)
380{
381 int err = 0;
382 struct ubi_volume_desc *desc = file->private_data;
383 struct ubi_volume *vol = desc->vol;
384 struct ubi_device *ubi = vol->ubi;
385 void __user *argp = (void __user *)arg;
386
387 switch (cmd) {
388 /* Volume update command */
389 case UBI_IOCVOLUP:
390 {
391 int64_t bytes, rsvd_bytes;
392
393 if (!capable(CAP_SYS_RESOURCE)) {
394 err = -EPERM;
395 break;
396 }
397
398 err = copy_from_user(&bytes, argp, sizeof(int64_t));
399 if (err) {
400 err = -EFAULT;
401 break;
402 }
403
404 if (desc->mode == UBI_READONLY) {
405 err = -EROFS;
406 break;
407 }
408
409 rsvd_bytes = (long long)vol->reserved_pebs *
410 vol->usable_leb_size;
411 if (bytes < 0 || bytes > rsvd_bytes) {
412 err = -EINVAL;
413 break;
414 }
415
416 err = get_exclusive(desc);
417 if (err < 0)
418 break;
419
420 err = ubi_start_update(ubi, vol, bytes);
421 if (bytes == 0) {
422 ubi_volume_notify(ubi, vol, UBI_VOLUME_UPDATED);
423 revoke_exclusive(desc, UBI_READWRITE);
424 }
425 break;
426 }
427
428 /* Atomic logical eraseblock change command */
429 case UBI_IOCEBCH:
430 {
431 struct ubi_leb_change_req req;
432
433 err = copy_from_user(&req, argp,
434 sizeof(struct ubi_leb_change_req));
435 if (err) {
436 err = -EFAULT;
437 break;
438 }
439
440 if (desc->mode == UBI_READONLY ||
441 vol->vol_type == UBI_STATIC_VOLUME) {
442 err = -EROFS;
443 break;
444 }
445
446 /* Validate the request */
447 err = -EINVAL;
448 if (!ubi_leb_valid(vol, req.lnum) ||
449 req.bytes < 0 || req.bytes > vol->usable_leb_size)
450 break;
451
452 err = get_exclusive(desc);
453 if (err < 0)
454 break;
455
456 err = ubi_start_leb_change(ubi, vol, &req);
457 if (req.bytes == 0)
458 revoke_exclusive(desc, UBI_READWRITE);
459 break;
460 }
461
462 /* Logical eraseblock erasure command */
463 case UBI_IOCEBER:
464 {
465 int32_t lnum;
466
467 err = get_user(lnum, (__user int32_t *)argp);
468 if (err) {
469 err = -EFAULT;
470 break;
471 }
472
473 if (desc->mode == UBI_READONLY ||
474 vol->vol_type == UBI_STATIC_VOLUME) {
475 err = -EROFS;
476 break;
477 }
478
479 if (!ubi_leb_valid(vol, lnum)) {
480 err = -EINVAL;
481 break;
482 }
483
484 dbg_gen("erase LEB %d:%d", vol->vol_id, lnum);
485 err = ubi_eba_unmap_leb(ubi, vol, lnum);
486 if (err)
487 break;
488
489 err = ubi_wl_flush(ubi, UBI_ALL, UBI_ALL);
490 break;
491 }
492
493 /* Logical eraseblock map command */
494 case UBI_IOCEBMAP:
495 {
496 struct ubi_map_req req;
497
498 err = copy_from_user(&req, argp, sizeof(struct ubi_map_req));
499 if (err) {
500 err = -EFAULT;
501 break;
502 }
503 err = ubi_leb_map(desc, req.lnum);
504 break;
505 }
506
507 /* Logical eraseblock un-map command */
508 case UBI_IOCEBUNMAP:
509 {
510 int32_t lnum;
511
512 err = get_user(lnum, (__user int32_t *)argp);
513 if (err) {
514 err = -EFAULT;
515 break;
516 }
517 err = ubi_leb_unmap(desc, lnum);
518 break;
519 }
520
521 /* Check if logical eraseblock is mapped command */
522 case UBI_IOCEBISMAP:
523 {
524 int32_t lnum;
525
526 err = get_user(lnum, (__user int32_t *)argp);
527 if (err) {
528 err = -EFAULT;
529 break;
530 }
531 err = ubi_is_mapped(desc, lnum);
532 break;
533 }
534
535 /* Set volume property command */
536 case UBI_IOCSETVOLPROP:
537 {
538 struct ubi_set_vol_prop_req req;
539
540 err = copy_from_user(&req, argp,
541 sizeof(struct ubi_set_vol_prop_req));
542 if (err) {
543 err = -EFAULT;
544 break;
545 }
546 switch (req.property) {
547 case UBI_VOL_PROP_DIRECT_WRITE:
548 mutex_lock(&ubi->device_mutex);
549 desc->vol->direct_writes = !!req.value;
550 mutex_unlock(&ubi->device_mutex);
551 break;
552 default:
553 err = -EINVAL;
554 break;
555 }
556 break;
557 }
558
559 /* Create a R/O block device on top of the UBI volume */
560 case UBI_IOCVOLCRBLK:
561 {
562 struct ubi_volume_info vi;
563
564 ubi_get_volume_info(desc, &vi);
565 err = ubiblock_create(&vi);
566 break;
567 }
568
569 /* Remove the R/O block device */
570 case UBI_IOCVOLRMBLK:
571 {
572 struct ubi_volume_info vi;
573
574 ubi_get_volume_info(desc, &vi);
575 err = ubiblock_remove(&vi);
576 break;
577 }
578
579 default:
580 err = -ENOTTY;
581 break;
582 }
583 return err;
584}
585
586/**
587 * verify_mkvol_req - verify volume creation request.
588 * @ubi: UBI device description object
589 * @req: the request to check
590 *
591 * This function zero if the request is correct, and %-EINVAL if not.
592 */
593static int verify_mkvol_req(const struct ubi_device *ubi,
594 const struct ubi_mkvol_req *req)
595{
596 int n, err = -EINVAL;
597
598 if (req->bytes < 0 || req->alignment < 0 || req->vol_type < 0 ||
599 req->name_len < 0)
600 goto bad;
601
602 if ((req->vol_id < 0 || req->vol_id >= ubi->vtbl_slots) &&
603 req->vol_id != UBI_VOL_NUM_AUTO)
604 goto bad;
605
606 if (req->alignment == 0)
607 goto bad;
608
609 if (req->bytes == 0)
610 goto bad;
611
612 if (req->vol_type != UBI_DYNAMIC_VOLUME &&
613 req->vol_type != UBI_STATIC_VOLUME)
614 goto bad;
615
616 if (req->flags & ~UBI_VOL_VALID_FLGS)
617 goto bad;
618
619 if (req->flags & UBI_VOL_SKIP_CRC_CHECK_FLG &&
620 req->vol_type != UBI_STATIC_VOLUME)
621 goto bad;
622
623 if (req->alignment > ubi->leb_size)
624 goto bad;
625
626 n = req->alignment & (ubi->min_io_size - 1);
627 if (req->alignment != 1 && n)
628 goto bad;
629
630 if (!req->name[0] || !req->name_len)
631 goto bad;
632
633 if (req->name_len > UBI_VOL_NAME_MAX) {
634 err = -ENAMETOOLONG;
635 goto bad;
636 }
637
638 n = strnlen(req->name, req->name_len + 1);
639 if (n != req->name_len)
640 goto bad;
641
642 return 0;
643
644bad:
645 ubi_err(ubi, "bad volume creation request");
646 ubi_dump_mkvol_req(req);
647 return err;
648}
649
650/**
651 * verify_rsvol_req - verify volume re-size request.
652 * @ubi: UBI device description object
653 * @req: the request to check
654 *
655 * This function returns zero if the request is correct, and %-EINVAL if not.
656 */
657static int verify_rsvol_req(const struct ubi_device *ubi,
658 const struct ubi_rsvol_req *req)
659{
660 if (req->bytes <= 0)
661 return -EINVAL;
662
663 if (req->vol_id < 0 || req->vol_id >= ubi->vtbl_slots)
664 return -EINVAL;
665
666 return 0;
667}
668
669/**
670 * rename_volumes - rename UBI volumes.
671 * @ubi: UBI device description object
672 * @req: volumes re-name request
673 *
674 * This is a helper function for the volume re-name IOCTL which validates the
675 * request, opens the volume and calls corresponding volumes management
676 * function. Returns zero in case of success and a negative error code in case
677 * of failure.
678 */
679static int rename_volumes(struct ubi_device *ubi,
680 struct ubi_rnvol_req *req)
681{
682 int i, n, err;
683 struct list_head rename_list;
684 struct ubi_rename_entry *re, *re1;
685
686 if (req->count < 0 || req->count > UBI_MAX_RNVOL)
687 return -EINVAL;
688
689 if (req->count == 0)
690 return 0;
691
692 /* Validate volume IDs and names in the request */
693 for (i = 0; i < req->count; i++) {
694 if (req->ents[i].vol_id < 0 ||
695 req->ents[i].vol_id >= ubi->vtbl_slots)
696 return -EINVAL;
697 if (req->ents[i].name_len < 0)
698 return -EINVAL;
699 if (req->ents[i].name_len > UBI_VOL_NAME_MAX)
700 return -ENAMETOOLONG;
701 req->ents[i].name[req->ents[i].name_len] = '\0';
702 n = strlen(req->ents[i].name);
703 if (n != req->ents[i].name_len)
704 return -EINVAL;
705 }
706
707 /* Make sure volume IDs and names are unique */
708 for (i = 0; i < req->count - 1; i++) {
709 for (n = i + 1; n < req->count; n++) {
710 if (req->ents[i].vol_id == req->ents[n].vol_id) {
711 ubi_err(ubi, "duplicated volume id %d",
712 req->ents[i].vol_id);
713 return -EINVAL;
714 }
715 if (!strcmp(req->ents[i].name, req->ents[n].name)) {
716 ubi_err(ubi, "duplicated volume name \"%s\"",
717 req->ents[i].name);
718 return -EINVAL;
719 }
720 }
721 }
722
723 /* Create the re-name list */
724 INIT_LIST_HEAD(&rename_list);
725 for (i = 0; i < req->count; i++) {
726 int vol_id = req->ents[i].vol_id;
727 int name_len = req->ents[i].name_len;
728 const char *name = req->ents[i].name;
729
730 re = kzalloc(sizeof(struct ubi_rename_entry), GFP_KERNEL);
731 if (!re) {
732 err = -ENOMEM;
733 goto out_free;
734 }
735
736 re->desc = ubi_open_volume(ubi->ubi_num, vol_id, UBI_METAONLY);
737 if (IS_ERR(re->desc)) {
738 err = PTR_ERR(re->desc);
739 ubi_err(ubi, "cannot open volume %d, error %d",
740 vol_id, err);
741 kfree(re);
742 goto out_free;
743 }
744
745 /* Skip this re-naming if the name does not really change */
746 if (re->desc->vol->name_len == name_len &&
747 !memcmp(re->desc->vol->name, name, name_len)) {
748 ubi_close_volume(re->desc);
749 kfree(re);
750 continue;
751 }
752
753 re->new_name_len = name_len;
754 memcpy(re->new_name, name, name_len);
755 list_add_tail(&re->list, &rename_list);
756 dbg_gen("will rename volume %d from \"%s\" to \"%s\"",
757 vol_id, re->desc->vol->name, name);
758 }
759
760 if (list_empty(&rename_list))
761 return 0;
762
763 /* Find out the volumes which have to be removed */
764 list_for_each_entry(re, &rename_list, list) {
765 struct ubi_volume_desc *desc;
766 int no_remove_needed = 0;
767
768 /*
769 * Volume @re->vol_id is going to be re-named to
770 * @re->new_name, while its current name is @name. If a volume
771 * with name @re->new_name currently exists, it has to be
772 * removed, unless it is also re-named in the request (@req).
773 */
774 list_for_each_entry(re1, &rename_list, list) {
775 if (re->new_name_len == re1->desc->vol->name_len &&
776 !memcmp(re->new_name, re1->desc->vol->name,
777 re1->desc->vol->name_len)) {
778 no_remove_needed = 1;
779 break;
780 }
781 }
782
783 if (no_remove_needed)
784 continue;
785
786 /*
787 * It seems we need to remove volume with name @re->new_name,
788 * if it exists.
789 */
790 desc = ubi_open_volume_nm(ubi->ubi_num, re->new_name,
791 UBI_EXCLUSIVE);
792 if (IS_ERR(desc)) {
793 err = PTR_ERR(desc);
794 if (err == -ENODEV)
795 /* Re-naming into a non-existing volume name */
796 continue;
797
798 /* The volume exists but busy, or an error occurred */
799 ubi_err(ubi, "cannot open volume \"%s\", error %d",
800 re->new_name, err);
801 goto out_free;
802 }
803
804 re1 = kzalloc(sizeof(struct ubi_rename_entry), GFP_KERNEL);
805 if (!re1) {
806 err = -ENOMEM;
807 ubi_close_volume(desc);
808 goto out_free;
809 }
810
811 re1->remove = 1;
812 re1->desc = desc;
813 list_add(&re1->list, &rename_list);
814 dbg_gen("will remove volume %d, name \"%s\"",
815 re1->desc->vol->vol_id, re1->desc->vol->name);
816 }
817
818 mutex_lock(&ubi->device_mutex);
819 err = ubi_rename_volumes(ubi, &rename_list);
820 mutex_unlock(&ubi->device_mutex);
821
822out_free:
823 list_for_each_entry_safe(re, re1, &rename_list, list) {
824 ubi_close_volume(re->desc);
825 list_del(&re->list);
826 kfree(re);
827 }
828 return err;
829}
830
831static long ubi_cdev_ioctl(struct file *file, unsigned int cmd,
832 unsigned long arg)
833{
834 int err = 0;
835 struct ubi_device *ubi;
836 struct ubi_volume_desc *desc;
837 void __user *argp = (void __user *)arg;
838
839 if (!capable(CAP_SYS_RESOURCE))
840 return -EPERM;
841
842 ubi = ubi_get_by_major(imajor(file->f_mapping->host));
843 if (!ubi)
844 return -ENODEV;
845
846 switch (cmd) {
847 /* Create volume command */
848 case UBI_IOCMKVOL:
849 {
850 struct ubi_mkvol_req req;
851
852 dbg_gen("create volume");
853 err = copy_from_user(&req, argp, sizeof(struct ubi_mkvol_req));
854 if (err) {
855 err = -EFAULT;
856 break;
857 }
858
859 err = verify_mkvol_req(ubi, &req);
860 if (err)
861 break;
862
863 mutex_lock(&ubi->device_mutex);
864 err = ubi_create_volume(ubi, &req);
865 mutex_unlock(&ubi->device_mutex);
866 if (err)
867 break;
868
869 err = put_user(req.vol_id, (__user int32_t *)argp);
870 if (err)
871 err = -EFAULT;
872
873 break;
874 }
875
876 /* Remove volume command */
877 case UBI_IOCRMVOL:
878 {
879 int vol_id;
880
881 dbg_gen("remove volume");
882 err = get_user(vol_id, (__user int32_t *)argp);
883 if (err) {
884 err = -EFAULT;
885 break;
886 }
887
888 desc = ubi_open_volume(ubi->ubi_num, vol_id, UBI_EXCLUSIVE);
889 if (IS_ERR(desc)) {
890 err = PTR_ERR(desc);
891 break;
892 }
893
894 mutex_lock(&ubi->device_mutex);
895 err = ubi_remove_volume(desc, 0);
896 mutex_unlock(&ubi->device_mutex);
897
898 /*
899 * The volume is deleted (unless an error occurred), and the
900 * 'struct ubi_volume' object will be freed when
901 * 'ubi_close_volume()' will call 'put_device()'.
902 */
903 ubi_close_volume(desc);
904 break;
905 }
906
907 /* Re-size volume command */
908 case UBI_IOCRSVOL:
909 {
910 int pebs;
911 struct ubi_rsvol_req req;
912
913 dbg_gen("re-size volume");
914 err = copy_from_user(&req, argp, sizeof(struct ubi_rsvol_req));
915 if (err) {
916 err = -EFAULT;
917 break;
918 }
919
920 err = verify_rsvol_req(ubi, &req);
921 if (err)
922 break;
923
924 desc = ubi_open_volume(ubi->ubi_num, req.vol_id, UBI_EXCLUSIVE);
925 if (IS_ERR(desc)) {
926 err = PTR_ERR(desc);
927 break;
928 }
929
930 pebs = div_u64(req.bytes + desc->vol->usable_leb_size - 1,
931 desc->vol->usable_leb_size);
932
933 mutex_lock(&ubi->device_mutex);
934 err = ubi_resize_volume(desc, pebs);
935 mutex_unlock(&ubi->device_mutex);
936 ubi_close_volume(desc);
937 break;
938 }
939
940 /* Re-name volumes command */
941 case UBI_IOCRNVOL:
942 {
943 struct ubi_rnvol_req *req;
944
945 dbg_gen("re-name volumes");
946 req = kmalloc(sizeof(struct ubi_rnvol_req), GFP_KERNEL);
947 if (!req) {
948 err = -ENOMEM;
949 break;
950 }
951
952 err = copy_from_user(req, argp, sizeof(struct ubi_rnvol_req));
953 if (err) {
954 err = -EFAULT;
955 kfree(req);
956 break;
957 }
958
959 err = rename_volumes(ubi, req);
960 kfree(req);
961 break;
962 }
963
964 /* Check a specific PEB for bitflips and scrub it if needed */
965 case UBI_IOCRPEB:
966 {
967 int pnum;
968
969 err = get_user(pnum, (__user int32_t *)argp);
970 if (err) {
971 err = -EFAULT;
972 break;
973 }
974
975 err = ubi_bitflip_check(ubi, pnum, 0);
976 break;
977 }
978
979 /* Force scrubbing for a specific PEB */
980 case UBI_IOCSPEB:
981 {
982 int pnum;
983
984 err = get_user(pnum, (__user int32_t *)argp);
985 if (err) {
986 err = -EFAULT;
987 break;
988 }
989
990 err = ubi_bitflip_check(ubi, pnum, 1);
991 break;
992 }
993
994 default:
995 err = -ENOTTY;
996 break;
997 }
998
999 ubi_put_device(ubi);
1000 return err;
1001}
1002
1003static long ctrl_cdev_ioctl(struct file *file, unsigned int cmd,
1004 unsigned long arg)
1005{
1006 int err = 0;
1007 void __user *argp = (void __user *)arg;
1008
1009 if (!capable(CAP_SYS_RESOURCE))
1010 return -EPERM;
1011
1012 switch (cmd) {
1013 /* Attach an MTD device command */
1014 case UBI_IOCATT:
1015 {
1016 struct ubi_attach_req req;
1017 struct mtd_info *mtd;
1018
1019 dbg_gen("attach MTD device");
1020 err = copy_from_user(&req, argp, sizeof(struct ubi_attach_req));
1021 if (err) {
1022 err = -EFAULT;
1023 break;
1024 }
1025
1026 if (req.mtd_num < 0 ||
1027 (req.ubi_num < 0 && req.ubi_num != UBI_DEV_NUM_AUTO)) {
1028 err = -EINVAL;
1029 break;
1030 }
1031
1032 mtd = get_mtd_device(NULL, req.mtd_num);
1033 if (IS_ERR(mtd)) {
1034 err = PTR_ERR(mtd);
1035 break;
1036 }
1037
1038 /*
1039 * Note, further request verification is done by
1040 * 'ubi_attach_mtd_dev()'.
1041 */
1042 mutex_lock(&ubi_devices_mutex);
1043 err = ubi_attach_mtd_dev(mtd, req.ubi_num, req.vid_hdr_offset,
1044 req.max_beb_per1024, !!req.disable_fm,
1045 !!req.need_resv_pool);
1046 mutex_unlock(&ubi_devices_mutex);
1047 if (err < 0)
1048 put_mtd_device(mtd);
1049 else
1050 /* @err contains UBI device number */
1051 err = put_user(err, (__user int32_t *)argp);
1052
1053 break;
1054 }
1055
1056 /* Detach an MTD device command */
1057 case UBI_IOCDET:
1058 {
1059 int ubi_num;
1060
1061 dbg_gen("detach MTD device");
1062 err = get_user(ubi_num, (__user int32_t *)argp);
1063 if (err) {
1064 err = -EFAULT;
1065 break;
1066 }
1067
1068 mutex_lock(&ubi_devices_mutex);
1069 err = ubi_detach_mtd_dev(ubi_num, 0);
1070 mutex_unlock(&ubi_devices_mutex);
1071 break;
1072 }
1073
1074 default:
1075 err = -ENOTTY;
1076 break;
1077 }
1078
1079 return err;
1080}
1081
1082/* UBI volume character device operations */
1083const struct file_operations ubi_vol_cdev_operations = {
1084 .owner = THIS_MODULE,
1085 .open = vol_cdev_open,
1086 .release = vol_cdev_release,
1087 .llseek = vol_cdev_llseek,
1088 .read = vol_cdev_read,
1089 .write = vol_cdev_write,
1090 .fsync = vol_cdev_fsync,
1091 .unlocked_ioctl = vol_cdev_ioctl,
1092 .compat_ioctl = compat_ptr_ioctl,
1093};
1094
1095/* UBI character device operations */
1096const struct file_operations ubi_cdev_operations = {
1097 .owner = THIS_MODULE,
1098 .llseek = no_llseek,
1099 .unlocked_ioctl = ubi_cdev_ioctl,
1100 .compat_ioctl = compat_ptr_ioctl,
1101};
1102
1103/* UBI control character device operations */
1104const struct file_operations ubi_ctrl_cdev_operations = {
1105 .owner = THIS_MODULE,
1106 .unlocked_ioctl = ctrl_cdev_ioctl,
1107 .compat_ioctl = compat_ptr_ioctl,
1108 .llseek = no_llseek,
1109};
1/*
2 * Copyright (c) International Business Machines Corp., 2006
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
12 * the GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 *
18 * Author: Artem Bityutskiy (Битюцкий Артём)
19 */
20
21/*
22 * This file includes implementation of UBI character device operations.
23 *
24 * There are two kinds of character devices in UBI: UBI character devices and
25 * UBI volume character devices. UBI character devices allow users to
26 * manipulate whole volumes: create, remove, and re-size them. Volume character
27 * devices provide volume I/O capabilities.
28 *
29 * Major and minor numbers are assigned dynamically to both UBI and volume
30 * character devices.
31 *
32 * Well, there is the third kind of character devices - the UBI control
33 * character device, which allows to manipulate by UBI devices - create and
34 * delete them. In other words, it is used for attaching and detaching MTD
35 * devices.
36 */
37
38#include <linux/module.h>
39#include <linux/stat.h>
40#include <linux/slab.h>
41#include <linux/ioctl.h>
42#include <linux/capability.h>
43#include <linux/uaccess.h>
44#include <linux/compat.h>
45#include <linux/math64.h>
46#include <mtd/ubi-user.h>
47#include "ubi.h"
48
49/**
50 * get_exclusive - get exclusive access to an UBI volume.
51 * @desc: volume descriptor
52 *
53 * This function changes UBI volume open mode to "exclusive". Returns previous
54 * mode value (positive integer) in case of success and a negative error code
55 * in case of failure.
56 */
57static int get_exclusive(struct ubi_volume_desc *desc)
58{
59 int users, err;
60 struct ubi_volume *vol = desc->vol;
61
62 spin_lock(&vol->ubi->volumes_lock);
63 users = vol->readers + vol->writers + vol->exclusive;
64 ubi_assert(users > 0);
65 if (users > 1) {
66 dbg_err("%d users for volume %d", users, vol->vol_id);
67 err = -EBUSY;
68 } else {
69 vol->readers = vol->writers = 0;
70 vol->exclusive = 1;
71 err = desc->mode;
72 desc->mode = UBI_EXCLUSIVE;
73 }
74 spin_unlock(&vol->ubi->volumes_lock);
75
76 return err;
77}
78
79/**
80 * revoke_exclusive - revoke exclusive mode.
81 * @desc: volume descriptor
82 * @mode: new mode to switch to
83 */
84static void revoke_exclusive(struct ubi_volume_desc *desc, int mode)
85{
86 struct ubi_volume *vol = desc->vol;
87
88 spin_lock(&vol->ubi->volumes_lock);
89 ubi_assert(vol->readers == 0 && vol->writers == 0);
90 ubi_assert(vol->exclusive == 1 && desc->mode == UBI_EXCLUSIVE);
91 vol->exclusive = 0;
92 if (mode == UBI_READONLY)
93 vol->readers = 1;
94 else if (mode == UBI_READWRITE)
95 vol->writers = 1;
96 else
97 vol->exclusive = 1;
98 spin_unlock(&vol->ubi->volumes_lock);
99
100 desc->mode = mode;
101}
102
103static int vol_cdev_open(struct inode *inode, struct file *file)
104{
105 struct ubi_volume_desc *desc;
106 int vol_id = iminor(inode) - 1, mode, ubi_num;
107
108 ubi_num = ubi_major2num(imajor(inode));
109 if (ubi_num < 0)
110 return ubi_num;
111
112 if (file->f_mode & FMODE_WRITE)
113 mode = UBI_READWRITE;
114 else
115 mode = UBI_READONLY;
116
117 dbg_gen("open device %d, volume %d, mode %d",
118 ubi_num, vol_id, mode);
119
120 desc = ubi_open_volume(ubi_num, vol_id, mode);
121 if (IS_ERR(desc))
122 return PTR_ERR(desc);
123
124 file->private_data = desc;
125 return 0;
126}
127
128static int vol_cdev_release(struct inode *inode, struct file *file)
129{
130 struct ubi_volume_desc *desc = file->private_data;
131 struct ubi_volume *vol = desc->vol;
132
133 dbg_gen("release device %d, volume %d, mode %d",
134 vol->ubi->ubi_num, vol->vol_id, desc->mode);
135
136 if (vol->updating) {
137 ubi_warn("update of volume %d not finished, volume is damaged",
138 vol->vol_id);
139 ubi_assert(!vol->changing_leb);
140 vol->updating = 0;
141 vfree(vol->upd_buf);
142 } else if (vol->changing_leb) {
143 dbg_gen("only %lld of %lld bytes received for atomic LEB change"
144 " for volume %d:%d, cancel", vol->upd_received,
145 vol->upd_bytes, vol->ubi->ubi_num, vol->vol_id);
146 vol->changing_leb = 0;
147 vfree(vol->upd_buf);
148 }
149
150 ubi_close_volume(desc);
151 return 0;
152}
153
154static loff_t vol_cdev_llseek(struct file *file, loff_t offset, int origin)
155{
156 struct ubi_volume_desc *desc = file->private_data;
157 struct ubi_volume *vol = desc->vol;
158 loff_t new_offset;
159
160 if (vol->updating) {
161 /* Update is in progress, seeking is prohibited */
162 dbg_err("updating");
163 return -EBUSY;
164 }
165
166 switch (origin) {
167 case 0: /* SEEK_SET */
168 new_offset = offset;
169 break;
170 case 1: /* SEEK_CUR */
171 new_offset = file->f_pos + offset;
172 break;
173 case 2: /* SEEK_END */
174 new_offset = vol->used_bytes + offset;
175 break;
176 default:
177 return -EINVAL;
178 }
179
180 if (new_offset < 0 || new_offset > vol->used_bytes) {
181 dbg_err("bad seek %lld", new_offset);
182 return -EINVAL;
183 }
184
185 dbg_gen("seek volume %d, offset %lld, origin %d, new offset %lld",
186 vol->vol_id, offset, origin, new_offset);
187
188 file->f_pos = new_offset;
189 return new_offset;
190}
191
192static int vol_cdev_fsync(struct file *file, loff_t start, loff_t end, int datasync)
193{
194 struct ubi_volume_desc *desc = file->private_data;
195 struct ubi_device *ubi = desc->vol->ubi;
196 struct inode *inode = file->f_path.dentry->d_inode;
197 int err;
198 mutex_lock(&inode->i_mutex);
199 err = ubi_sync(ubi->ubi_num);
200 mutex_unlock(&inode->i_mutex);
201 return err;
202}
203
204
205static ssize_t vol_cdev_read(struct file *file, __user char *buf, size_t count,
206 loff_t *offp)
207{
208 struct ubi_volume_desc *desc = file->private_data;
209 struct ubi_volume *vol = desc->vol;
210 struct ubi_device *ubi = vol->ubi;
211 int err, lnum, off, len, tbuf_size;
212 size_t count_save = count;
213 void *tbuf;
214
215 dbg_gen("read %zd bytes from offset %lld of volume %d",
216 count, *offp, vol->vol_id);
217
218 if (vol->updating) {
219 dbg_err("updating");
220 return -EBUSY;
221 }
222 if (vol->upd_marker) {
223 dbg_err("damaged volume, update marker is set");
224 return -EBADF;
225 }
226 if (*offp == vol->used_bytes || count == 0)
227 return 0;
228
229 if (vol->corrupted)
230 dbg_gen("read from corrupted volume %d", vol->vol_id);
231
232 if (*offp + count > vol->used_bytes)
233 count_save = count = vol->used_bytes - *offp;
234
235 tbuf_size = vol->usable_leb_size;
236 if (count < tbuf_size)
237 tbuf_size = ALIGN(count, ubi->min_io_size);
238 tbuf = vmalloc(tbuf_size);
239 if (!tbuf)
240 return -ENOMEM;
241
242 len = count > tbuf_size ? tbuf_size : count;
243 lnum = div_u64_rem(*offp, vol->usable_leb_size, &off);
244
245 do {
246 cond_resched();
247
248 if (off + len >= vol->usable_leb_size)
249 len = vol->usable_leb_size - off;
250
251 err = ubi_eba_read_leb(ubi, vol, lnum, tbuf, off, len, 0);
252 if (err)
253 break;
254
255 off += len;
256 if (off == vol->usable_leb_size) {
257 lnum += 1;
258 off -= vol->usable_leb_size;
259 }
260
261 count -= len;
262 *offp += len;
263
264 err = copy_to_user(buf, tbuf, len);
265 if (err) {
266 err = -EFAULT;
267 break;
268 }
269
270 buf += len;
271 len = count > tbuf_size ? tbuf_size : count;
272 } while (count);
273
274 vfree(tbuf);
275 return err ? err : count_save - count;
276}
277
278/*
279 * This function allows to directly write to dynamic UBI volumes, without
280 * issuing the volume update operation.
281 */
282static ssize_t vol_cdev_direct_write(struct file *file, const char __user *buf,
283 size_t count, loff_t *offp)
284{
285 struct ubi_volume_desc *desc = file->private_data;
286 struct ubi_volume *vol = desc->vol;
287 struct ubi_device *ubi = vol->ubi;
288 int lnum, off, len, tbuf_size, err = 0;
289 size_t count_save = count;
290 char *tbuf;
291
292 if (!vol->direct_writes)
293 return -EPERM;
294
295 dbg_gen("requested: write %zd bytes to offset %lld of volume %u",
296 count, *offp, vol->vol_id);
297
298 if (vol->vol_type == UBI_STATIC_VOLUME)
299 return -EROFS;
300
301 lnum = div_u64_rem(*offp, vol->usable_leb_size, &off);
302 if (off & (ubi->min_io_size - 1)) {
303 dbg_err("unaligned position");
304 return -EINVAL;
305 }
306
307 if (*offp + count > vol->used_bytes)
308 count_save = count = vol->used_bytes - *offp;
309
310 /* We can write only in fractions of the minimum I/O unit */
311 if (count & (ubi->min_io_size - 1)) {
312 dbg_err("unaligned write length");
313 return -EINVAL;
314 }
315
316 tbuf_size = vol->usable_leb_size;
317 if (count < tbuf_size)
318 tbuf_size = ALIGN(count, ubi->min_io_size);
319 tbuf = vmalloc(tbuf_size);
320 if (!tbuf)
321 return -ENOMEM;
322
323 len = count > tbuf_size ? tbuf_size : count;
324
325 while (count) {
326 cond_resched();
327
328 if (off + len >= vol->usable_leb_size)
329 len = vol->usable_leb_size - off;
330
331 err = copy_from_user(tbuf, buf, len);
332 if (err) {
333 err = -EFAULT;
334 break;
335 }
336
337 err = ubi_eba_write_leb(ubi, vol, lnum, tbuf, off, len,
338 UBI_UNKNOWN);
339 if (err)
340 break;
341
342 off += len;
343 if (off == vol->usable_leb_size) {
344 lnum += 1;
345 off -= vol->usable_leb_size;
346 }
347
348 count -= len;
349 *offp += len;
350 buf += len;
351 len = count > tbuf_size ? tbuf_size : count;
352 }
353
354 vfree(tbuf);
355 return err ? err : count_save - count;
356}
357
358static ssize_t vol_cdev_write(struct file *file, const char __user *buf,
359 size_t count, loff_t *offp)
360{
361 int err = 0;
362 struct ubi_volume_desc *desc = file->private_data;
363 struct ubi_volume *vol = desc->vol;
364 struct ubi_device *ubi = vol->ubi;
365
366 if (!vol->updating && !vol->changing_leb)
367 return vol_cdev_direct_write(file, buf, count, offp);
368
369 if (vol->updating)
370 err = ubi_more_update_data(ubi, vol, buf, count);
371 else
372 err = ubi_more_leb_change_data(ubi, vol, buf, count);
373
374 if (err < 0) {
375 ubi_err("cannot accept more %zd bytes of data, error %d",
376 count, err);
377 return err;
378 }
379
380 if (err) {
381 /*
382 * The operation is finished, @err contains number of actually
383 * written bytes.
384 */
385 count = err;
386
387 if (vol->changing_leb) {
388 revoke_exclusive(desc, UBI_READWRITE);
389 return count;
390 }
391
392 err = ubi_check_volume(ubi, vol->vol_id);
393 if (err < 0)
394 return err;
395
396 if (err) {
397 ubi_warn("volume %d on UBI device %d is corrupted",
398 vol->vol_id, ubi->ubi_num);
399 vol->corrupted = 1;
400 }
401 vol->checked = 1;
402 ubi_volume_notify(ubi, vol, UBI_VOLUME_UPDATED);
403 revoke_exclusive(desc, UBI_READWRITE);
404 }
405
406 return count;
407}
408
409static long vol_cdev_ioctl(struct file *file, unsigned int cmd,
410 unsigned long arg)
411{
412 int err = 0;
413 struct ubi_volume_desc *desc = file->private_data;
414 struct ubi_volume *vol = desc->vol;
415 struct ubi_device *ubi = vol->ubi;
416 void __user *argp = (void __user *)arg;
417
418 switch (cmd) {
419 /* Volume update command */
420 case UBI_IOCVOLUP:
421 {
422 int64_t bytes, rsvd_bytes;
423
424 if (!capable(CAP_SYS_RESOURCE)) {
425 err = -EPERM;
426 break;
427 }
428
429 err = copy_from_user(&bytes, argp, sizeof(int64_t));
430 if (err) {
431 err = -EFAULT;
432 break;
433 }
434
435 if (desc->mode == UBI_READONLY) {
436 err = -EROFS;
437 break;
438 }
439
440 rsvd_bytes = (long long)vol->reserved_pebs *
441 ubi->leb_size-vol->data_pad;
442 if (bytes < 0 || bytes > rsvd_bytes) {
443 err = -EINVAL;
444 break;
445 }
446
447 err = get_exclusive(desc);
448 if (err < 0)
449 break;
450
451 err = ubi_start_update(ubi, vol, bytes);
452 if (bytes == 0)
453 revoke_exclusive(desc, UBI_READWRITE);
454 break;
455 }
456
457 /* Atomic logical eraseblock change command */
458 case UBI_IOCEBCH:
459 {
460 struct ubi_leb_change_req req;
461
462 err = copy_from_user(&req, argp,
463 sizeof(struct ubi_leb_change_req));
464 if (err) {
465 err = -EFAULT;
466 break;
467 }
468
469 if (desc->mode == UBI_READONLY ||
470 vol->vol_type == UBI_STATIC_VOLUME) {
471 err = -EROFS;
472 break;
473 }
474
475 /* Validate the request */
476 err = -EINVAL;
477 if (req.lnum < 0 || req.lnum >= vol->reserved_pebs ||
478 req.bytes < 0 || req.lnum >= vol->usable_leb_size)
479 break;
480 if (req.dtype != UBI_LONGTERM && req.dtype != UBI_SHORTTERM &&
481 req.dtype != UBI_UNKNOWN)
482 break;
483
484 err = get_exclusive(desc);
485 if (err < 0)
486 break;
487
488 err = ubi_start_leb_change(ubi, vol, &req);
489 if (req.bytes == 0)
490 revoke_exclusive(desc, UBI_READWRITE);
491 break;
492 }
493
494 /* Logical eraseblock erasure command */
495 case UBI_IOCEBER:
496 {
497 int32_t lnum;
498
499 err = get_user(lnum, (__user int32_t *)argp);
500 if (err) {
501 err = -EFAULT;
502 break;
503 }
504
505 if (desc->mode == UBI_READONLY ||
506 vol->vol_type == UBI_STATIC_VOLUME) {
507 err = -EROFS;
508 break;
509 }
510
511 if (lnum < 0 || lnum >= vol->reserved_pebs) {
512 err = -EINVAL;
513 break;
514 }
515
516 dbg_gen("erase LEB %d:%d", vol->vol_id, lnum);
517 err = ubi_eba_unmap_leb(ubi, vol, lnum);
518 if (err)
519 break;
520
521 err = ubi_wl_flush(ubi);
522 break;
523 }
524
525 /* Logical eraseblock map command */
526 case UBI_IOCEBMAP:
527 {
528 struct ubi_map_req req;
529
530 err = copy_from_user(&req, argp, sizeof(struct ubi_map_req));
531 if (err) {
532 err = -EFAULT;
533 break;
534 }
535 err = ubi_leb_map(desc, req.lnum, req.dtype);
536 break;
537 }
538
539 /* Logical eraseblock un-map command */
540 case UBI_IOCEBUNMAP:
541 {
542 int32_t lnum;
543
544 err = get_user(lnum, (__user int32_t *)argp);
545 if (err) {
546 err = -EFAULT;
547 break;
548 }
549 err = ubi_leb_unmap(desc, lnum);
550 break;
551 }
552
553 /* Check if logical eraseblock is mapped command */
554 case UBI_IOCEBISMAP:
555 {
556 int32_t lnum;
557
558 err = get_user(lnum, (__user int32_t *)argp);
559 if (err) {
560 err = -EFAULT;
561 break;
562 }
563 err = ubi_is_mapped(desc, lnum);
564 break;
565 }
566
567 /* Set volume property command */
568 case UBI_IOCSETVOLPROP:
569 {
570 struct ubi_set_vol_prop_req req;
571
572 err = copy_from_user(&req, argp,
573 sizeof(struct ubi_set_vol_prop_req));
574 if (err) {
575 err = -EFAULT;
576 break;
577 }
578 switch (req.property) {
579 case UBI_VOL_PROP_DIRECT_WRITE:
580 mutex_lock(&ubi->device_mutex);
581 desc->vol->direct_writes = !!req.value;
582 mutex_unlock(&ubi->device_mutex);
583 break;
584 default:
585 err = -EINVAL;
586 break;
587 }
588 break;
589 }
590
591 default:
592 err = -ENOTTY;
593 break;
594 }
595 return err;
596}
597
598/**
599 * verify_mkvol_req - verify volume creation request.
600 * @ubi: UBI device description object
601 * @req: the request to check
602 *
603 * This function zero if the request is correct, and %-EINVAL if not.
604 */
605static int verify_mkvol_req(const struct ubi_device *ubi,
606 const struct ubi_mkvol_req *req)
607{
608 int n, err = -EINVAL;
609
610 if (req->bytes < 0 || req->alignment < 0 || req->vol_type < 0 ||
611 req->name_len < 0)
612 goto bad;
613
614 if ((req->vol_id < 0 || req->vol_id >= ubi->vtbl_slots) &&
615 req->vol_id != UBI_VOL_NUM_AUTO)
616 goto bad;
617
618 if (req->alignment == 0)
619 goto bad;
620
621 if (req->bytes == 0)
622 goto bad;
623
624 if (req->vol_type != UBI_DYNAMIC_VOLUME &&
625 req->vol_type != UBI_STATIC_VOLUME)
626 goto bad;
627
628 if (req->alignment > ubi->leb_size)
629 goto bad;
630
631 n = req->alignment & (ubi->min_io_size - 1);
632 if (req->alignment != 1 && n)
633 goto bad;
634
635 if (req->name_len > UBI_VOL_NAME_MAX) {
636 err = -ENAMETOOLONG;
637 goto bad;
638 }
639
640 n = strnlen(req->name, req->name_len + 1);
641 if (n != req->name_len)
642 goto bad;
643
644 return 0;
645
646bad:
647 dbg_err("bad volume creation request");
648 ubi_dbg_dump_mkvol_req(req);
649 return err;
650}
651
652/**
653 * verify_rsvol_req - verify volume re-size request.
654 * @ubi: UBI device description object
655 * @req: the request to check
656 *
657 * This function returns zero if the request is correct, and %-EINVAL if not.
658 */
659static int verify_rsvol_req(const struct ubi_device *ubi,
660 const struct ubi_rsvol_req *req)
661{
662 if (req->bytes <= 0)
663 return -EINVAL;
664
665 if (req->vol_id < 0 || req->vol_id >= ubi->vtbl_slots)
666 return -EINVAL;
667
668 return 0;
669}
670
671/**
672 * rename_volumes - rename UBI volumes.
673 * @ubi: UBI device description object
674 * @req: volumes re-name request
675 *
676 * This is a helper function for the volume re-name IOCTL which validates the
677 * the request, opens the volume and calls corresponding volumes management
678 * function. Returns zero in case of success and a negative error code in case
679 * of failure.
680 */
681static int rename_volumes(struct ubi_device *ubi,
682 struct ubi_rnvol_req *req)
683{
684 int i, n, err;
685 struct list_head rename_list;
686 struct ubi_rename_entry *re, *re1;
687
688 if (req->count < 0 || req->count > UBI_MAX_RNVOL)
689 return -EINVAL;
690
691 if (req->count == 0)
692 return 0;
693
694 /* Validate volume IDs and names in the request */
695 for (i = 0; i < req->count; i++) {
696 if (req->ents[i].vol_id < 0 ||
697 req->ents[i].vol_id >= ubi->vtbl_slots)
698 return -EINVAL;
699 if (req->ents[i].name_len < 0)
700 return -EINVAL;
701 if (req->ents[i].name_len > UBI_VOL_NAME_MAX)
702 return -ENAMETOOLONG;
703 req->ents[i].name[req->ents[i].name_len] = '\0';
704 n = strlen(req->ents[i].name);
705 if (n != req->ents[i].name_len)
706 err = -EINVAL;
707 }
708
709 /* Make sure volume IDs and names are unique */
710 for (i = 0; i < req->count - 1; i++) {
711 for (n = i + 1; n < req->count; n++) {
712 if (req->ents[i].vol_id == req->ents[n].vol_id) {
713 dbg_err("duplicated volume id %d",
714 req->ents[i].vol_id);
715 return -EINVAL;
716 }
717 if (!strcmp(req->ents[i].name, req->ents[n].name)) {
718 dbg_err("duplicated volume name \"%s\"",
719 req->ents[i].name);
720 return -EINVAL;
721 }
722 }
723 }
724
725 /* Create the re-name list */
726 INIT_LIST_HEAD(&rename_list);
727 for (i = 0; i < req->count; i++) {
728 int vol_id = req->ents[i].vol_id;
729 int name_len = req->ents[i].name_len;
730 const char *name = req->ents[i].name;
731
732 re = kzalloc(sizeof(struct ubi_rename_entry), GFP_KERNEL);
733 if (!re) {
734 err = -ENOMEM;
735 goto out_free;
736 }
737
738 re->desc = ubi_open_volume(ubi->ubi_num, vol_id, UBI_EXCLUSIVE);
739 if (IS_ERR(re->desc)) {
740 err = PTR_ERR(re->desc);
741 dbg_err("cannot open volume %d, error %d", vol_id, err);
742 kfree(re);
743 goto out_free;
744 }
745
746 /* Skip this re-naming if the name does not really change */
747 if (re->desc->vol->name_len == name_len &&
748 !memcmp(re->desc->vol->name, name, name_len)) {
749 ubi_close_volume(re->desc);
750 kfree(re);
751 continue;
752 }
753
754 re->new_name_len = name_len;
755 memcpy(re->new_name, name, name_len);
756 list_add_tail(&re->list, &rename_list);
757 dbg_msg("will rename volume %d from \"%s\" to \"%s\"",
758 vol_id, re->desc->vol->name, name);
759 }
760
761 if (list_empty(&rename_list))
762 return 0;
763
764 /* Find out the volumes which have to be removed */
765 list_for_each_entry(re, &rename_list, list) {
766 struct ubi_volume_desc *desc;
767 int no_remove_needed = 0;
768
769 /*
770 * Volume @re->vol_id is going to be re-named to
771 * @re->new_name, while its current name is @name. If a volume
772 * with name @re->new_name currently exists, it has to be
773 * removed, unless it is also re-named in the request (@req).
774 */
775 list_for_each_entry(re1, &rename_list, list) {
776 if (re->new_name_len == re1->desc->vol->name_len &&
777 !memcmp(re->new_name, re1->desc->vol->name,
778 re1->desc->vol->name_len)) {
779 no_remove_needed = 1;
780 break;
781 }
782 }
783
784 if (no_remove_needed)
785 continue;
786
787 /*
788 * It seems we need to remove volume with name @re->new_name,
789 * if it exists.
790 */
791 desc = ubi_open_volume_nm(ubi->ubi_num, re->new_name,
792 UBI_EXCLUSIVE);
793 if (IS_ERR(desc)) {
794 err = PTR_ERR(desc);
795 if (err == -ENODEV)
796 /* Re-naming into a non-existing volume name */
797 continue;
798
799 /* The volume exists but busy, or an error occurred */
800 dbg_err("cannot open volume \"%s\", error %d",
801 re->new_name, err);
802 goto out_free;
803 }
804
805 re1 = kzalloc(sizeof(struct ubi_rename_entry), GFP_KERNEL);
806 if (!re1) {
807 err = -ENOMEM;
808 ubi_close_volume(desc);
809 goto out_free;
810 }
811
812 re1->remove = 1;
813 re1->desc = desc;
814 list_add(&re1->list, &rename_list);
815 dbg_msg("will remove volume %d, name \"%s\"",
816 re1->desc->vol->vol_id, re1->desc->vol->name);
817 }
818
819 mutex_lock(&ubi->device_mutex);
820 err = ubi_rename_volumes(ubi, &rename_list);
821 mutex_unlock(&ubi->device_mutex);
822
823out_free:
824 list_for_each_entry_safe(re, re1, &rename_list, list) {
825 ubi_close_volume(re->desc);
826 list_del(&re->list);
827 kfree(re);
828 }
829 return err;
830}
831
832static long ubi_cdev_ioctl(struct file *file, unsigned int cmd,
833 unsigned long arg)
834{
835 int err = 0;
836 struct ubi_device *ubi;
837 struct ubi_volume_desc *desc;
838 void __user *argp = (void __user *)arg;
839
840 if (!capable(CAP_SYS_RESOURCE))
841 return -EPERM;
842
843 ubi = ubi_get_by_major(imajor(file->f_mapping->host));
844 if (!ubi)
845 return -ENODEV;
846
847 switch (cmd) {
848 /* Create volume command */
849 case UBI_IOCMKVOL:
850 {
851 struct ubi_mkvol_req req;
852
853 dbg_gen("create volume");
854 err = copy_from_user(&req, argp, sizeof(struct ubi_mkvol_req));
855 if (err) {
856 err = -EFAULT;
857 break;
858 }
859
860 err = verify_mkvol_req(ubi, &req);
861 if (err)
862 break;
863
864 mutex_lock(&ubi->device_mutex);
865 err = ubi_create_volume(ubi, &req);
866 mutex_unlock(&ubi->device_mutex);
867 if (err)
868 break;
869
870 err = put_user(req.vol_id, (__user int32_t *)argp);
871 if (err)
872 err = -EFAULT;
873
874 break;
875 }
876
877 /* Remove volume command */
878 case UBI_IOCRMVOL:
879 {
880 int vol_id;
881
882 dbg_gen("remove volume");
883 err = get_user(vol_id, (__user int32_t *)argp);
884 if (err) {
885 err = -EFAULT;
886 break;
887 }
888
889 desc = ubi_open_volume(ubi->ubi_num, vol_id, UBI_EXCLUSIVE);
890 if (IS_ERR(desc)) {
891 err = PTR_ERR(desc);
892 break;
893 }
894
895 mutex_lock(&ubi->device_mutex);
896 err = ubi_remove_volume(desc, 0);
897 mutex_unlock(&ubi->device_mutex);
898
899 /*
900 * The volume is deleted (unless an error occurred), and the
901 * 'struct ubi_volume' object will be freed when
902 * 'ubi_close_volume()' will call 'put_device()'.
903 */
904 ubi_close_volume(desc);
905 break;
906 }
907
908 /* Re-size volume command */
909 case UBI_IOCRSVOL:
910 {
911 int pebs;
912 struct ubi_rsvol_req req;
913
914 dbg_gen("re-size volume");
915 err = copy_from_user(&req, argp, sizeof(struct ubi_rsvol_req));
916 if (err) {
917 err = -EFAULT;
918 break;
919 }
920
921 err = verify_rsvol_req(ubi, &req);
922 if (err)
923 break;
924
925 desc = ubi_open_volume(ubi->ubi_num, req.vol_id, UBI_EXCLUSIVE);
926 if (IS_ERR(desc)) {
927 err = PTR_ERR(desc);
928 break;
929 }
930
931 pebs = div_u64(req.bytes + desc->vol->usable_leb_size - 1,
932 desc->vol->usable_leb_size);
933
934 mutex_lock(&ubi->device_mutex);
935 err = ubi_resize_volume(desc, pebs);
936 mutex_unlock(&ubi->device_mutex);
937 ubi_close_volume(desc);
938 break;
939 }
940
941 /* Re-name volumes command */
942 case UBI_IOCRNVOL:
943 {
944 struct ubi_rnvol_req *req;
945
946 dbg_msg("re-name volumes");
947 req = kmalloc(sizeof(struct ubi_rnvol_req), GFP_KERNEL);
948 if (!req) {
949 err = -ENOMEM;
950 break;
951 };
952
953 err = copy_from_user(req, argp, sizeof(struct ubi_rnvol_req));
954 if (err) {
955 err = -EFAULT;
956 kfree(req);
957 break;
958 }
959
960 err = rename_volumes(ubi, req);
961 kfree(req);
962 break;
963 }
964
965 default:
966 err = -ENOTTY;
967 break;
968 }
969
970 ubi_put_device(ubi);
971 return err;
972}
973
974static long ctrl_cdev_ioctl(struct file *file, unsigned int cmd,
975 unsigned long arg)
976{
977 int err = 0;
978 void __user *argp = (void __user *)arg;
979
980 if (!capable(CAP_SYS_RESOURCE))
981 return -EPERM;
982
983 switch (cmd) {
984 /* Attach an MTD device command */
985 case UBI_IOCATT:
986 {
987 struct ubi_attach_req req;
988 struct mtd_info *mtd;
989
990 dbg_gen("attach MTD device");
991 err = copy_from_user(&req, argp, sizeof(struct ubi_attach_req));
992 if (err) {
993 err = -EFAULT;
994 break;
995 }
996
997 if (req.mtd_num < 0 ||
998 (req.ubi_num < 0 && req.ubi_num != UBI_DEV_NUM_AUTO)) {
999 err = -EINVAL;
1000 break;
1001 }
1002
1003 mtd = get_mtd_device(NULL, req.mtd_num);
1004 if (IS_ERR(mtd)) {
1005 err = PTR_ERR(mtd);
1006 break;
1007 }
1008
1009 /*
1010 * Note, further request verification is done by
1011 * 'ubi_attach_mtd_dev()'.
1012 */
1013 mutex_lock(&ubi_devices_mutex);
1014 err = ubi_attach_mtd_dev(mtd, req.ubi_num, req.vid_hdr_offset);
1015 mutex_unlock(&ubi_devices_mutex);
1016 if (err < 0)
1017 put_mtd_device(mtd);
1018 else
1019 /* @err contains UBI device number */
1020 err = put_user(err, (__user int32_t *)argp);
1021
1022 break;
1023 }
1024
1025 /* Detach an MTD device command */
1026 case UBI_IOCDET:
1027 {
1028 int ubi_num;
1029
1030 dbg_gen("dettach MTD device");
1031 err = get_user(ubi_num, (__user int32_t *)argp);
1032 if (err) {
1033 err = -EFAULT;
1034 break;
1035 }
1036
1037 mutex_lock(&ubi_devices_mutex);
1038 err = ubi_detach_mtd_dev(ubi_num, 0);
1039 mutex_unlock(&ubi_devices_mutex);
1040 break;
1041 }
1042
1043 default:
1044 err = -ENOTTY;
1045 break;
1046 }
1047
1048 return err;
1049}
1050
1051#ifdef CONFIG_COMPAT
1052static long vol_cdev_compat_ioctl(struct file *file, unsigned int cmd,
1053 unsigned long arg)
1054{
1055 unsigned long translated_arg = (unsigned long)compat_ptr(arg);
1056
1057 return vol_cdev_ioctl(file, cmd, translated_arg);
1058}
1059
1060static long ubi_cdev_compat_ioctl(struct file *file, unsigned int cmd,
1061 unsigned long arg)
1062{
1063 unsigned long translated_arg = (unsigned long)compat_ptr(arg);
1064
1065 return ubi_cdev_ioctl(file, cmd, translated_arg);
1066}
1067
1068static long ctrl_cdev_compat_ioctl(struct file *file, unsigned int cmd,
1069 unsigned long arg)
1070{
1071 unsigned long translated_arg = (unsigned long)compat_ptr(arg);
1072
1073 return ctrl_cdev_ioctl(file, cmd, translated_arg);
1074}
1075#else
1076#define vol_cdev_compat_ioctl NULL
1077#define ubi_cdev_compat_ioctl NULL
1078#define ctrl_cdev_compat_ioctl NULL
1079#endif
1080
1081/* UBI volume character device operations */
1082const struct file_operations ubi_vol_cdev_operations = {
1083 .owner = THIS_MODULE,
1084 .open = vol_cdev_open,
1085 .release = vol_cdev_release,
1086 .llseek = vol_cdev_llseek,
1087 .read = vol_cdev_read,
1088 .write = vol_cdev_write,
1089 .fsync = vol_cdev_fsync,
1090 .unlocked_ioctl = vol_cdev_ioctl,
1091 .compat_ioctl = vol_cdev_compat_ioctl,
1092};
1093
1094/* UBI character device operations */
1095const struct file_operations ubi_cdev_operations = {
1096 .owner = THIS_MODULE,
1097 .llseek = no_llseek,
1098 .unlocked_ioctl = ubi_cdev_ioctl,
1099 .compat_ioctl = ubi_cdev_compat_ioctl,
1100};
1101
1102/* UBI control character device operations */
1103const struct file_operations ubi_ctrl_cdev_operations = {
1104 .owner = THIS_MODULE,
1105 .unlocked_ioctl = ctrl_cdev_ioctl,
1106 .compat_ioctl = ctrl_cdev_compat_ioctl,
1107 .llseek = no_llseek,
1108};