1// SPDX-License-Identifier: GPL-2.0-or-later
   2/*
   3 * Copyright (c) International Business Machines Corp., 2006
   4 *
   5 * Author: Artem Bityutskiy (Битюцкий Артём)
   6 */
   7
   8/*
   9 * This file includes implementation of UBI character device operations.
  10 *
  11 * There are two kinds of character devices in UBI: UBI character devices and
  12 * UBI volume character devices. UBI character devices allow users to
  13 * manipulate whole volumes: create, remove, and re-size them. Volume character
  14 * devices provide volume I/O capabilities.
  15 *
  16 * Major and minor numbers are assigned dynamically to both UBI and volume
  17 * character devices.
  18 *
  19 * Well, there is the third kind of character devices - the UBI control
  20 * character device, which allows to manipulate by UBI devices - create and
  21 * delete them. In other words, it is used for attaching and detaching MTD
  22 * devices.
  23 */
  24
  25#include <linux/module.h>
  26#include <linux/stat.h>
  27#include <linux/slab.h>
  28#include <linux/ioctl.h>
  29#include <linux/capability.h>
  30#include <linux/uaccess.h>
  31#include <linux/compat.h>
  32#include <linux/math64.h>
  33#include <mtd/ubi-user.h>
  34#include "ubi.h"
  35
  36/**
  37 * get_exclusive - get exclusive access to an UBI volume.
  38 * @desc: volume descriptor
  39 *
  40 * This function changes UBI volume open mode to "exclusive". Returns previous
  41 * mode value (positive integer) in case of success and a negative error code
  42 * in case of failure.
  43 */
  44static int get_exclusive(struct ubi_volume_desc *desc)
  45{
  46	int users, err;
  47	struct ubi_volume *vol = desc->vol;
  48
  49	spin_lock(&vol->ubi->volumes_lock);
  50	users = vol->readers + vol->writers + vol->exclusive + vol->metaonly;
  51	ubi_assert(users > 0);
  52	if (users > 1) {
  53		ubi_err(vol->ubi, "%d users for volume %d", users, vol->vol_id);
  54		err = -EBUSY;
  55	} else {
  56		vol->readers = vol->writers = vol->metaonly = 0;
  57		vol->exclusive = 1;
  58		err = desc->mode;
  59		desc->mode = UBI_EXCLUSIVE;
  60	}
  61	spin_unlock(&vol->ubi->volumes_lock);
  62
  63	return err;
  64}
  65
  66/**
  67 * revoke_exclusive - revoke exclusive mode.
  68 * @desc: volume descriptor
  69 * @mode: new mode to switch to
  70 */
  71static void revoke_exclusive(struct ubi_volume_desc *desc, int mode)
  72{
  73	struct ubi_volume *vol = desc->vol;
  74
  75	spin_lock(&vol->ubi->volumes_lock);
  76	ubi_assert(vol->readers == 0 && vol->writers == 0 && vol->metaonly == 0);
  77	ubi_assert(vol->exclusive == 1 && desc->mode == UBI_EXCLUSIVE);
  78	vol->exclusive = 0;
  79	if (mode == UBI_READONLY)
  80		vol->readers = 1;
  81	else if (mode == UBI_READWRITE)
  82		vol->writers = 1;
  83	else if (mode == UBI_METAONLY)
  84		vol->metaonly = 1;
  85	else
  86		vol->exclusive = 1;
  87	spin_unlock(&vol->ubi->volumes_lock);
  88
  89	desc->mode = mode;
  90}
  91
  92static int vol_cdev_open(struct inode *inode, struct file *file)
  93{
  94	struct ubi_volume_desc *desc;
  95	int vol_id = iminor(inode) - 1, mode, ubi_num;
  96
  97	ubi_num = ubi_major2num(imajor(inode));
  98	if (ubi_num < 0)
  99		return ubi_num;
 100
 101	if (file->f_mode & FMODE_WRITE)
 102		mode = UBI_READWRITE;
 103	else
 104		mode = UBI_READONLY;
 105
 106	dbg_gen("open device %d, volume %d, mode %d",
 107		ubi_num, vol_id, mode);
 108
 109	desc = ubi_open_volume(ubi_num, vol_id, mode);
 110	if (IS_ERR(desc))
 111		return PTR_ERR(desc);
 112
 113	file->private_data = desc;
 114	return 0;
 115}
 116
 117static int vol_cdev_release(struct inode *inode, struct file *file)
 118{
 119	struct ubi_volume_desc *desc = file->private_data;
 120	struct ubi_volume *vol = desc->vol;
 121
 122	dbg_gen("release device %d, volume %d, mode %d",
 123		vol->ubi->ubi_num, vol->vol_id, desc->mode);
 124
 125	if (vol->updating) {
 126		ubi_warn(vol->ubi, "update of volume %d not finished, volume is damaged",
 127			 vol->vol_id);
 128		ubi_assert(!vol->changing_leb);
 129		vol->updating = 0;
 130		vfree(vol->upd_buf);
 131	} else if (vol->changing_leb) {
 132		dbg_gen("only %lld of %lld bytes received for atomic LEB change for volume %d:%d, cancel",
 133			vol->upd_received, vol->upd_bytes, vol->ubi->ubi_num,
 134			vol->vol_id);
 135		vol->changing_leb = 0;
 136		vfree(vol->upd_buf);
 137	}
 138
 139	ubi_close_volume(desc);
 140	return 0;
 141}
 142
 143static loff_t vol_cdev_llseek(struct file *file, loff_t offset, int origin)
 144{
 145	struct ubi_volume_desc *desc = file->private_data;
 146	struct ubi_volume *vol = desc->vol;
 147
 148	if (vol->updating) {
 149		/* Update is in progress, seeking is prohibited */
 150		ubi_err(vol->ubi, "updating");
 151		return -EBUSY;
 152	}
 153
 154	return fixed_size_llseek(file, offset, origin, vol->used_bytes);
 155}
 156
 157static int vol_cdev_fsync(struct file *file, loff_t start, loff_t end,
 158			  int datasync)
 159{
 160	struct ubi_volume_desc *desc = file->private_data;
 161	struct ubi_device *ubi = desc->vol->ubi;
 162	struct inode *inode = file_inode(file);
 163	int err;
 164	inode_lock(inode);
 165	err = ubi_sync(ubi->ubi_num);
 166	inode_unlock(inode);
 167	return err;
 168}
 169
 170
 171static ssize_t vol_cdev_read(struct file *file, __user char *buf, size_t count,
 172			     loff_t *offp)
 173{
 174	struct ubi_volume_desc *desc = file->private_data;
 175	struct ubi_volume *vol = desc->vol;
 176	struct ubi_device *ubi = vol->ubi;
 177	int err, lnum, off, len,  tbuf_size;
 178	size_t count_save = count;
 179	void *tbuf;
 180
 181	dbg_gen("read %zd bytes from offset %lld of volume %d",
 182		count, *offp, vol->vol_id);
 183
 184	if (vol->updating) {
 185		ubi_err(vol->ubi, "updating");
 186		return -EBUSY;
 187	}
 188	if (vol->upd_marker) {
 189		ubi_err(vol->ubi, "damaged volume, update marker is set");
 190		return -EBADF;
 191	}
 192	if (*offp == vol->used_bytes || count == 0)
 193		return 0;
 194
 195	if (vol->corrupted)
 196		dbg_gen("read from corrupted volume %d", vol->vol_id);
 197
 198	if (*offp + count > vol->used_bytes)
 199		count_save = count = vol->used_bytes - *offp;
 200
 201	tbuf_size = vol->usable_leb_size;
 202	if (count < tbuf_size)
 203		tbuf_size = ALIGN(count, ubi->min_io_size);
 204	tbuf = vmalloc(tbuf_size);
 205	if (!tbuf)
 206		return -ENOMEM;
 207
 208	len = count > tbuf_size ? tbuf_size : count;
 209	lnum = div_u64_rem(*offp, vol->usable_leb_size, &off);
 210
 211	do {
 212		cond_resched();
 213
 214		if (off + len >= vol->usable_leb_size)
 215			len = vol->usable_leb_size - off;
 216
 217		err = ubi_eba_read_leb(ubi, vol, lnum, tbuf, off, len, 0);
 218		if (err)
 219			break;
 220
 221		off += len;
 222		if (off == vol->usable_leb_size) {
 223			lnum += 1;
 224			off -= vol->usable_leb_size;
 225		}
 226
 227		count -= len;
 228		*offp += len;
 229
 230		err = copy_to_user(buf, tbuf, len);
 231		if (err) {
 232			err = -EFAULT;
 233			break;
 234		}
 235
 236		buf += len;
 237		len = count > tbuf_size ? tbuf_size : count;
 238	} while (count);
 239
 240	vfree(tbuf);
 241	return err ? err : count_save - count;
 242}
 243
 244/*
 245 * This function allows to directly write to dynamic UBI volumes, without
 246 * issuing the volume update operation.
 247 */
 248static ssize_t vol_cdev_direct_write(struct file *file, const char __user *buf,
 249				     size_t count, loff_t *offp)
 250{
 251	struct ubi_volume_desc *desc = file->private_data;
 252	struct ubi_volume *vol = desc->vol;
 253	struct ubi_device *ubi = vol->ubi;
 254	int lnum, off, len, tbuf_size, err = 0;
 255	size_t count_save = count;
 256	char *tbuf;
 257
 258	if (!vol->direct_writes)
 259		return -EPERM;
 260
 261	dbg_gen("requested: write %zd bytes to offset %lld of volume %u",
 262		count, *offp, vol->vol_id);
 263
 264	if (vol->vol_type == UBI_STATIC_VOLUME)
 265		return -EROFS;
 266
 267	lnum = div_u64_rem(*offp, vol->usable_leb_size, &off);
 268	if (off & (ubi->min_io_size - 1)) {
 269		ubi_err(ubi, "unaligned position");
 270		return -EINVAL;
 271	}
 272
 273	if (*offp + count > vol->used_bytes)
 274		count_save = count = vol->used_bytes - *offp;
 275
 276	/* We can write only in fractions of the minimum I/O unit */
 277	if (count & (ubi->min_io_size - 1)) {
 278		ubi_err(ubi, "unaligned write length");
 279		return -EINVAL;
 280	}
 281
 282	tbuf_size = vol->usable_leb_size;
 283	if (count < tbuf_size)
 284		tbuf_size = ALIGN(count, ubi->min_io_size);
 285	tbuf = vmalloc(tbuf_size);
 286	if (!tbuf)
 287		return -ENOMEM;
 288
 289	len = count > tbuf_size ? tbuf_size : count;
 290
 291	while (count) {
 292		cond_resched();
 293
 294		if (off + len >= vol->usable_leb_size)
 295			len = vol->usable_leb_size - off;
 296
 297		err = copy_from_user(tbuf, buf, len);
 298		if (err) {
 299			err = -EFAULT;
 300			break;
 301		}
 302
 303		err = ubi_eba_write_leb(ubi, vol, lnum, tbuf, off, len);
 304		if (err)
 305			break;
 306
 307		off += len;
 308		if (off == vol->usable_leb_size) {
 309			lnum += 1;
 310			off -= vol->usable_leb_size;
 311		}
 312
 313		count -= len;
 314		*offp += len;
 315		buf += len;
 316		len = count > tbuf_size ? tbuf_size : count;
 317	}
 318
 319	vfree(tbuf);
 320	return err ? err : count_save - count;
 321}
 322
 323static ssize_t vol_cdev_write(struct file *file, const char __user *buf,
 324			      size_t count, loff_t *offp)
 325{
 326	int err = 0;
 327	struct ubi_volume_desc *desc = file->private_data;
 328	struct ubi_volume *vol = desc->vol;
 329	struct ubi_device *ubi = vol->ubi;
 330
 331	if (!vol->updating && !vol->changing_leb)
 332		return vol_cdev_direct_write(file, buf, count, offp);
 333
 334	if (vol->updating)
 335		err = ubi_more_update_data(ubi, vol, buf, count);
 336	else
 337		err = ubi_more_leb_change_data(ubi, vol, buf, count);
 338
 339	if (err < 0) {
 340		ubi_err(ubi, "cannot accept more %zd bytes of data, error %d",
 341			count, err);
 342		return err;
 343	}
 344
 345	if (err) {
 346		/*
 347		 * The operation is finished, @err contains number of actually
 348		 * written bytes.
 349		 */
 350		count = err;
 351
 352		if (vol->changing_leb) {
 353			revoke_exclusive(desc, UBI_READWRITE);
 354			return count;
 355		}
 356
 357		/*
 358		 * We voluntarily do not take into account the skip_check flag
 359		 * as we want to make sure what we wrote was correctly written.
 360		 */
 361		err = ubi_check_volume(ubi, vol->vol_id);
 362		if (err < 0)
 363			return err;
 364
 365		if (err) {
 366			ubi_warn(ubi, "volume %d on UBI device %d is corrupted",
 367				 vol->vol_id, ubi->ubi_num);
 368			vol->corrupted = 1;
 369		}
 370		vol->checked = 1;
 371		ubi_volume_notify(ubi, vol, UBI_VOLUME_UPDATED);
 372		revoke_exclusive(desc, UBI_READWRITE);
 373	}
 374
 375	return count;
 376}
 377
 378static long vol_cdev_ioctl(struct file *file, unsigned int cmd,
 379			   unsigned long arg)
 380{
 381	int err = 0;
 382	struct ubi_volume_desc *desc = file->private_data;
 383	struct ubi_volume *vol = desc->vol;
 384	struct ubi_device *ubi = vol->ubi;
 385	void __user *argp = (void __user *)arg;
 386
 387	switch (cmd) {
 388	/* Volume update command */
 389	case UBI_IOCVOLUP:
 390	{
 391		int64_t bytes, rsvd_bytes;
 392
 393		if (!capable(CAP_SYS_RESOURCE)) {
 394			err = -EPERM;
 395			break;
 396		}
 397
 398		err = copy_from_user(&bytes, argp, sizeof(int64_t));
 399		if (err) {
 400			err = -EFAULT;
 401			break;
 402		}
 403
 404		if (desc->mode == UBI_READONLY) {
 405			err = -EROFS;
 406			break;
 407		}
 408
 409		rsvd_bytes = (long long)vol->reserved_pebs *
 410					vol->usable_leb_size;
 411		if (bytes < 0 || bytes > rsvd_bytes) {
 412			err = -EINVAL;
 413			break;
 414		}
 415
 416		err = get_exclusive(desc);
 417		if (err < 0)
 418			break;
 419
 420		err = ubi_start_update(ubi, vol, bytes);
 421		if (bytes == 0) {
 422			ubi_volume_notify(ubi, vol, UBI_VOLUME_UPDATED);
 423			revoke_exclusive(desc, UBI_READWRITE);
 424		}
 425		break;
 426	}
 427
 428	/* Atomic logical eraseblock change command */
 429	case UBI_IOCEBCH:
 430	{
 431		struct ubi_leb_change_req req;
 432
 433		err = copy_from_user(&req, argp,
 434				     sizeof(struct ubi_leb_change_req));
 435		if (err) {
 436			err = -EFAULT;
 437			break;
 438		}
 439
 440		if (desc->mode == UBI_READONLY ||
 441		    vol->vol_type == UBI_STATIC_VOLUME) {
 442			err = -EROFS;
 443			break;
 444		}
 445
 446		/* Validate the request */
 447		err = -EINVAL;
 448		if (!ubi_leb_valid(vol, req.lnum) ||
 449		    req.bytes < 0 || req.bytes > vol->usable_leb_size)
 450			break;
 451
 452		err = get_exclusive(desc);
 453		if (err < 0)
 454			break;
 455
 456		err = ubi_start_leb_change(ubi, vol, &req);
 457		if (req.bytes == 0)
 458			revoke_exclusive(desc, UBI_READWRITE);
 459		break;
 460	}
 461
 462	/* Logical eraseblock erasure command */
 463	case UBI_IOCEBER:
 464	{
 465		int32_t lnum;
 466
 467		err = get_user(lnum, (__user int32_t *)argp);
 468		if (err) {
 469			err = -EFAULT;
 470			break;
 471		}
 472
 473		if (desc->mode == UBI_READONLY ||
 474		    vol->vol_type == UBI_STATIC_VOLUME) {
 475			err = -EROFS;
 476			break;
 477		}
 478
 479		if (!ubi_leb_valid(vol, lnum)) {
 480			err = -EINVAL;
 481			break;
 482		}
 483
 484		dbg_gen("erase LEB %d:%d", vol->vol_id, lnum);
 485		err = ubi_eba_unmap_leb(ubi, vol, lnum);
 486		if (err)
 487			break;
 488
 489		err = ubi_wl_flush(ubi, UBI_ALL, UBI_ALL);
 490		break;
 491	}
 492
 493	/* Logical eraseblock map command */
 494	case UBI_IOCEBMAP:
 495	{
 496		struct ubi_map_req req;
 497
 498		err = copy_from_user(&req, argp, sizeof(struct ubi_map_req));
 499		if (err) {
 500			err = -EFAULT;
 501			break;
 502		}
 503		err = ubi_leb_map(desc, req.lnum);
 504		break;
 505	}
 506
 507	/* Logical eraseblock un-map command */
 508	case UBI_IOCEBUNMAP:
 509	{
 510		int32_t lnum;
 511
 512		err = get_user(lnum, (__user int32_t *)argp);
 513		if (err) {
 514			err = -EFAULT;
 515			break;
 516		}
 517		err = ubi_leb_unmap(desc, lnum);
 518		break;
 519	}
 520
 521	/* Check if logical eraseblock is mapped command */
 522	case UBI_IOCEBISMAP:
 523	{
 524		int32_t lnum;
 525
 526		err = get_user(lnum, (__user int32_t *)argp);
 527		if (err) {
 528			err = -EFAULT;
 529			break;
 530		}
 531		err = ubi_is_mapped(desc, lnum);
 532		break;
 533	}
 534
 535	/* Set volume property command */
 536	case UBI_IOCSETVOLPROP:
 537	{
 538		struct ubi_set_vol_prop_req req;
 539
 540		err = copy_from_user(&req, argp,
 541				     sizeof(struct ubi_set_vol_prop_req));
 542		if (err) {
 543			err = -EFAULT;
 544			break;
 545		}
 546		switch (req.property) {
 547		case UBI_VOL_PROP_DIRECT_WRITE:
 548			mutex_lock(&ubi->device_mutex);
 549			desc->vol->direct_writes = !!req.value;
 550			mutex_unlock(&ubi->device_mutex);
 551			break;
 552		default:
 553			err = -EINVAL;
 554			break;
 555		}
 556		break;
 557	}
 558
 559	/* Create a R/O block device on top of the UBI volume */
 560	case UBI_IOCVOLCRBLK:
 561	{
 562		struct ubi_volume_info vi;
 563
 564		ubi_get_volume_info(desc, &vi);
 565		err = ubiblock_create(&vi);
 566		break;
 567	}
 568
 569	/* Remove the R/O block device */
 570	case UBI_IOCVOLRMBLK:
 571	{
 572		struct ubi_volume_info vi;
 573
 574		ubi_get_volume_info(desc, &vi);
 575		err = ubiblock_remove(&vi);
 576		break;
 577	}
 578
 579	default:
 580		err = -ENOTTY;
 581		break;
 582	}
 583	return err;
 584}
 585
 586/**
 587 * verify_mkvol_req - verify volume creation request.
 588 * @ubi: UBI device description object
 589 * @req: the request to check
 590 *
 591 * This function zero if the request is correct, and %-EINVAL if not.
 592 */
 593static int verify_mkvol_req(const struct ubi_device *ubi,
 594			    const struct ubi_mkvol_req *req)
 595{
 596	int n, err = -EINVAL;
 597
 598	if (req->bytes < 0 || req->alignment < 0 || req->vol_type < 0 ||
 599	    req->name_len < 0)
 600		goto bad;
 601
 602	if ((req->vol_id < 0 || req->vol_id >= ubi->vtbl_slots) &&
 603	    req->vol_id != UBI_VOL_NUM_AUTO)
 604		goto bad;
 605
 606	if (req->alignment == 0)
 607		goto bad;
 608
 609	if (req->bytes == 0)
 610		goto bad;
 611
 612	if (req->vol_type != UBI_DYNAMIC_VOLUME &&
 613	    req->vol_type != UBI_STATIC_VOLUME)
 614		goto bad;
 615
 616	if (req->flags & ~UBI_VOL_VALID_FLGS)
 617		goto bad;
 618
 619	if (req->flags & UBI_VOL_SKIP_CRC_CHECK_FLG &&
 620	    req->vol_type != UBI_STATIC_VOLUME)
 621		goto bad;
 622
 623	if (req->alignment > ubi->leb_size)
 624		goto bad;
 625
 626	n = req->alignment & (ubi->min_io_size - 1);
 627	if (req->alignment != 1 && n)
 628		goto bad;
 629
 630	if (!req->name[0] || !req->name_len)
 631		goto bad;
 632
 633	if (req->name_len > UBI_VOL_NAME_MAX) {
 634		err = -ENAMETOOLONG;
 635		goto bad;
 636	}
 637
 638	n = strnlen(req->name, req->name_len + 1);
 639	if (n != req->name_len)
 640		goto bad;
 641
 642	return 0;
 643
 644bad:
 645	ubi_err(ubi, "bad volume creation request");
 646	ubi_dump_mkvol_req(req);
 647	return err;
 648}
 649
 650/**
 651 * verify_rsvol_req - verify volume re-size request.
 652 * @ubi: UBI device description object
 653 * @req: the request to check
 654 *
 655 * This function returns zero if the request is correct, and %-EINVAL if not.
 656 */
 657static int verify_rsvol_req(const struct ubi_device *ubi,
 658			    const struct ubi_rsvol_req *req)
 659{
 660	if (req->bytes <= 0)
 661		return -EINVAL;
 662
 663	if (req->vol_id < 0 || req->vol_id >= ubi->vtbl_slots)
 664		return -EINVAL;
 665
 666	return 0;
 667}
 668
 669/**
 670 * rename_volumes - rename UBI volumes.
 671 * @ubi: UBI device description object
 672 * @req: volumes re-name request
 673 *
 674 * This is a helper function for the volume re-name IOCTL which validates the
 675 * request, opens the volume and calls corresponding volumes management
 676 * function. Returns zero in case of success and a negative error code in case
 677 * of failure.
 678 */
 679static int rename_volumes(struct ubi_device *ubi,
 680			  struct ubi_rnvol_req *req)
 681{
 682	int i, n, err;
 683	struct list_head rename_list;
 684	struct ubi_rename_entry *re, *re1;
 685
 686	if (req->count < 0 || req->count > UBI_MAX_RNVOL)
 687		return -EINVAL;
 688
 689	if (req->count == 0)
 690		return 0;
 691
 692	/* Validate volume IDs and names in the request */
 693	for (i = 0; i < req->count; i++) {
 694		if (req->ents[i].vol_id < 0 ||
 695		    req->ents[i].vol_id >= ubi->vtbl_slots)
 696			return -EINVAL;
 697		if (req->ents[i].name_len < 0)
 698			return -EINVAL;
 699		if (req->ents[i].name_len > UBI_VOL_NAME_MAX)
 700			return -ENAMETOOLONG;
 701		req->ents[i].name[req->ents[i].name_len] = '\0';
 702		n = strlen(req->ents[i].name);
 703		if (n != req->ents[i].name_len)
 704			return -EINVAL;
 705	}
 706
 707	/* Make sure volume IDs and names are unique */
 708	for (i = 0; i < req->count - 1; i++) {
 709		for (n = i + 1; n < req->count; n++) {
 710			if (req->ents[i].vol_id == req->ents[n].vol_id) {
 711				ubi_err(ubi, "duplicated volume id %d",
 712					req->ents[i].vol_id);
 713				return -EINVAL;
 714			}
 715			if (!strcmp(req->ents[i].name, req->ents[n].name)) {
 716				ubi_err(ubi, "duplicated volume name \"%s\"",
 717					req->ents[i].name);
 718				return -EINVAL;
 719			}
 720		}
 721	}
 722
 723	/* Create the re-name list */
 724	INIT_LIST_HEAD(&rename_list);
 725	for (i = 0; i < req->count; i++) {
 726		int vol_id = req->ents[i].vol_id;
 727		int name_len = req->ents[i].name_len;
 728		const char *name = req->ents[i].name;
 729
 730		re = kzalloc(sizeof(struct ubi_rename_entry), GFP_KERNEL);
 731		if (!re) {
 732			err = -ENOMEM;
 733			goto out_free;
 734		}
 735
 736		re->desc = ubi_open_volume(ubi->ubi_num, vol_id, UBI_METAONLY);
 737		if (IS_ERR(re->desc)) {
 738			err = PTR_ERR(re->desc);
 739			ubi_err(ubi, "cannot open volume %d, error %d",
 740				vol_id, err);
 741			kfree(re);
 742			goto out_free;
 743		}
 744
 745		/* Skip this re-naming if the name does not really change */
 746		if (re->desc->vol->name_len == name_len &&
 747		    !memcmp(re->desc->vol->name, name, name_len)) {
 748			ubi_close_volume(re->desc);
 749			kfree(re);
 750			continue;
 751		}
 752
 753		re->new_name_len = name_len;
 754		memcpy(re->new_name, name, name_len);
 755		list_add_tail(&re->list, &rename_list);
 756		dbg_gen("will rename volume %d from \"%s\" to \"%s\"",
 757			vol_id, re->desc->vol->name, name);
 758	}
 759
 760	if (list_empty(&rename_list))
 761		return 0;
 762
 763	/* Find out the volumes which have to be removed */
 764	list_for_each_entry(re, &rename_list, list) {
 765		struct ubi_volume_desc *desc;
 766		int no_remove_needed = 0;
 767
 768		/*
 769		 * Volume @re->vol_id is going to be re-named to
 770		 * @re->new_name, while its current name is @name. If a volume
 771		 * with name @re->new_name currently exists, it has to be
 772		 * removed, unless it is also re-named in the request (@req).
 773		 */
 774		list_for_each_entry(re1, &rename_list, list) {
 775			if (re->new_name_len == re1->desc->vol->name_len &&
 776			    !memcmp(re->new_name, re1->desc->vol->name,
 777				    re1->desc->vol->name_len)) {
 778				no_remove_needed = 1;
 779				break;
 780			}
 781		}
 782
 783		if (no_remove_needed)
 784			continue;
 785
 786		/*
 787		 * It seems we need to remove volume with name @re->new_name,
 788		 * if it exists.
 789		 */
 790		desc = ubi_open_volume_nm(ubi->ubi_num, re->new_name,
 791					  UBI_EXCLUSIVE);
 792		if (IS_ERR(desc)) {
 793			err = PTR_ERR(desc);
 794			if (err == -ENODEV)
 795				/* Re-naming into a non-existing volume name */
 796				continue;
 797
 798			/* The volume exists but busy, or an error occurred */
 799			ubi_err(ubi, "cannot open volume \"%s\", error %d",
 800				re->new_name, err);
 801			goto out_free;
 802		}
 803
 804		re1 = kzalloc(sizeof(struct ubi_rename_entry), GFP_KERNEL);
 805		if (!re1) {
 806			err = -ENOMEM;
 807			ubi_close_volume(desc);
 808			goto out_free;
 809		}
 810
 811		re1->remove = 1;
 812		re1->desc = desc;
 813		list_add(&re1->list, &rename_list);
 814		dbg_gen("will remove volume %d, name \"%s\"",
 815			re1->desc->vol->vol_id, re1->desc->vol->name);
 816	}
 817
 818	mutex_lock(&ubi->device_mutex);
 819	err = ubi_rename_volumes(ubi, &rename_list);
 820	mutex_unlock(&ubi->device_mutex);
 821
 822out_free:
 823	list_for_each_entry_safe(re, re1, &rename_list, list) {
 824		ubi_close_volume(re->desc);
 825		list_del(&re->list);
 826		kfree(re);
 827	}
 828	return err;
 829}
 830
 831static long ubi_cdev_ioctl(struct file *file, unsigned int cmd,
 832			   unsigned long arg)
 833{
 834	int err = 0;
 835	struct ubi_device *ubi;
 836	struct ubi_volume_desc *desc;
 837	void __user *argp = (void __user *)arg;
 838
 839	if (!capable(CAP_SYS_RESOURCE))
 840		return -EPERM;
 841
 842	ubi = ubi_get_by_major(imajor(file->f_mapping->host));
 843	if (!ubi)
 844		return -ENODEV;
 845
 846	switch (cmd) {
 847	/* Create volume command */
 848	case UBI_IOCMKVOL:
 849	{
 850		struct ubi_mkvol_req req;
 851
 852		dbg_gen("create volume");
 853		err = copy_from_user(&req, argp, sizeof(struct ubi_mkvol_req));
 854		if (err) {
 855			err = -EFAULT;
 856			break;
 857		}
 858
 859		err = verify_mkvol_req(ubi, &req);
 860		if (err)
 861			break;
 862
 863		mutex_lock(&ubi->device_mutex);
 864		err = ubi_create_volume(ubi, &req);
 865		mutex_unlock(&ubi->device_mutex);
 866		if (err)
 867			break;
 868
 869		err = put_user(req.vol_id, (__user int32_t *)argp);
 870		if (err)
 871			err = -EFAULT;
 872
 873		break;
 874	}
 875
 876	/* Remove volume command */
 877	case UBI_IOCRMVOL:
 878	{
 879		int vol_id;
 880
 881		dbg_gen("remove volume");
 882		err = get_user(vol_id, (__user int32_t *)argp);
 883		if (err) {
 884			err = -EFAULT;
 885			break;
 886		}
 887
 888		desc = ubi_open_volume(ubi->ubi_num, vol_id, UBI_EXCLUSIVE);
 889		if (IS_ERR(desc)) {
 890			err = PTR_ERR(desc);
 891			break;
 892		}
 893
 894		mutex_lock(&ubi->device_mutex);
 895		err = ubi_remove_volume(desc, 0);
 896		mutex_unlock(&ubi->device_mutex);
 897
 898		/*
 899		 * The volume is deleted (unless an error occurred), and the
 900		 * 'struct ubi_volume' object will be freed when
 901		 * 'ubi_close_volume()' will call 'put_device()'.
 902		 */
 903		ubi_close_volume(desc);
 904		break;
 905	}
 906
 907	/* Re-size volume command */
 908	case UBI_IOCRSVOL:
 909	{
 910		int pebs;
 911		struct ubi_rsvol_req req;
 912
 913		dbg_gen("re-size volume");
 914		err = copy_from_user(&req, argp, sizeof(struct ubi_rsvol_req));
 915		if (err) {
 916			err = -EFAULT;
 917			break;
 918		}
 919
 920		err = verify_rsvol_req(ubi, &req);
 921		if (err)
 922			break;
 923
 924		desc = ubi_open_volume(ubi->ubi_num, req.vol_id, UBI_EXCLUSIVE);
 925		if (IS_ERR(desc)) {
 926			err = PTR_ERR(desc);
 927			break;
 928		}
 929
 930		pebs = div_u64(req.bytes + desc->vol->usable_leb_size - 1,
 931			       desc->vol->usable_leb_size);
 932
 933		mutex_lock(&ubi->device_mutex);
 934		err = ubi_resize_volume(desc, pebs);
 935		mutex_unlock(&ubi->device_mutex);
 936		ubi_close_volume(desc);
 937		break;
 938	}
 939
 940	/* Re-name volumes command */
 941	case UBI_IOCRNVOL:
 942	{
 943		struct ubi_rnvol_req *req;
 944
 945		dbg_gen("re-name volumes");
 946		req = kmalloc(sizeof(struct ubi_rnvol_req), GFP_KERNEL);
 947		if (!req) {
 948			err = -ENOMEM;
 949			break;
 950		}
 951
 952		err = copy_from_user(req, argp, sizeof(struct ubi_rnvol_req));
 953		if (err) {
 954			err = -EFAULT;
 955			kfree(req);
 956			break;
 957		}
 958
 959		err = rename_volumes(ubi, req);
 960		kfree(req);
 961		break;
 962	}
 963
 964	/* Check a specific PEB for bitflips and scrub it if needed */
 965	case UBI_IOCRPEB:
 966	{
 967		int pnum;
 968
 969		err = get_user(pnum, (__user int32_t *)argp);
 970		if (err) {
 971			err = -EFAULT;
 972			break;
 973		}
 974
 975		err = ubi_bitflip_check(ubi, pnum, 0);
 976		break;
 977	}
 978
 979	/* Force scrubbing for a specific PEB */
 980	case UBI_IOCSPEB:
 981	{
 982		int pnum;
 983
 984		err = get_user(pnum, (__user int32_t *)argp);
 985		if (err) {
 986			err = -EFAULT;
 987			break;
 988		}
 989
 990		err = ubi_bitflip_check(ubi, pnum, 1);
 991		break;
 992	}
 993
 994	default:
 995		err = -ENOTTY;
 996		break;
 997	}
 998
 999	ubi_put_device(ubi);
1000	return err;
1001}
1002
1003static long ctrl_cdev_ioctl(struct file *file, unsigned int cmd,
1004			    unsigned long arg)
1005{
1006	int err = 0;
1007	void __user *argp = (void __user *)arg;
1008
1009	if (!capable(CAP_SYS_RESOURCE))
1010		return -EPERM;
1011
1012	switch (cmd) {
1013	/* Attach an MTD device command */
1014	case UBI_IOCATT:
1015	{
1016		struct ubi_attach_req req;
1017		struct mtd_info *mtd;
1018
1019		dbg_gen("attach MTD device");
1020		err = copy_from_user(&req, argp, sizeof(struct ubi_attach_req));
1021		if (err) {
1022			err = -EFAULT;
1023			break;
1024		}
1025
1026		if (req.mtd_num < 0 ||
1027		    (req.ubi_num < 0 && req.ubi_num != UBI_DEV_NUM_AUTO)) {
1028			err = -EINVAL;
1029			break;
1030		}
1031
1032		mtd = get_mtd_device(NULL, req.mtd_num);
1033		if (IS_ERR(mtd)) {
1034			err = PTR_ERR(mtd);
1035			break;
1036		}
1037
1038		/*
1039		 * Note, further request verification is done by
1040		 * 'ubi_attach_mtd_dev()'.
1041		 */
1042		mutex_lock(&ubi_devices_mutex);
1043		err = ubi_attach_mtd_dev(mtd, req.ubi_num, req.vid_hdr_offset,
1044					 req.max_beb_per1024, !!req.disable_fm,
1045					 !!req.need_resv_pool);
1046		mutex_unlock(&ubi_devices_mutex);
1047		if (err < 0)
1048			put_mtd_device(mtd);
1049		else
1050			/* @err contains UBI device number */
1051			err = put_user(err, (__user int32_t *)argp);
1052
1053		break;
1054	}
1055
1056	/* Detach an MTD device command */
1057	case UBI_IOCDET:
1058	{
1059		int ubi_num;
1060
1061		dbg_gen("detach MTD device");
1062		err = get_user(ubi_num, (__user int32_t *)argp);
1063		if (err) {
1064			err = -EFAULT;
1065			break;
1066		}
1067
1068		mutex_lock(&ubi_devices_mutex);
1069		err = ubi_detach_mtd_dev(ubi_num, 0);
1070		mutex_unlock(&ubi_devices_mutex);
1071		break;
1072	}
1073
1074	default:
1075		err = -ENOTTY;
1076		break;
1077	}
1078
1079	return err;
1080}
1081
1082/* UBI volume character device operations */
1083const struct file_operations ubi_vol_cdev_operations = {
1084	.owner          = THIS_MODULE,
1085	.open           = vol_cdev_open,
1086	.release        = vol_cdev_release,
1087	.llseek         = vol_cdev_llseek,
1088	.read           = vol_cdev_read,
1089	.write          = vol_cdev_write,
1090	.fsync		= vol_cdev_fsync,
1091	.unlocked_ioctl = vol_cdev_ioctl,
1092	.compat_ioctl   = compat_ptr_ioctl,
1093};
1094
1095/* UBI character device operations */
1096const struct file_operations ubi_cdev_operations = {
1097	.owner          = THIS_MODULE,
1098	.llseek         = no_llseek,
1099	.unlocked_ioctl = ubi_cdev_ioctl,
1100	.compat_ioctl   = compat_ptr_ioctl,
1101};
1102
1103/* UBI control character device operations */
1104const struct file_operations ubi_ctrl_cdev_operations = {
1105	.owner          = THIS_MODULE,
1106	.unlocked_ioctl = ctrl_cdev_ioctl,
1107	.compat_ioctl   = compat_ptr_ioctl,
1108	.llseek		= no_llseek,
1109};