• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) International Business Machines Corp., 2006
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
12  * the GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17  *
18  * Author: Artem Bityutskiy (Битюцкий Артём)
19  */
20 
21 /*
22  * This file includes implementation of UBI character device operations.
23  *
24  * There are two kinds of character devices in UBI: UBI character devices and
25  * UBI volume character devices. UBI character devices allow users to
26  * manipulate whole volumes: create, remove, and re-size them. Volume character
27  * devices provide volume I/O capabilities.
28  *
29  * Major and minor numbers are assigned dynamically to both UBI and volume
30  * character devices.
31  *
32  * Well, there is the third kind of character devices - the UBI control
33  * character device, which allows to manipulate by UBI devices - create and
34  * delete them. In other words, it is used for attaching and detaching MTD
35  * devices.
36  */
37 
38 #include <linux/module.h>
39 #include <linux/stat.h>
40 #include <linux/slab.h>
41 #include <linux/ioctl.h>
42 #include <linux/capability.h>
43 #include <linux/uaccess.h>
44 #include <linux/compat.h>
45 #include <linux/math64.h>
46 #include <mtd/ubi-user.h>
47 #include "ubi.h"
48 
49 /**
50  * get_exclusive - get exclusive access to an UBI volume.
51  * @desc: volume descriptor
52  *
53  * This function changes UBI volume open mode to "exclusive". Returns previous
54  * mode value (positive integer) in case of success and a negative error code
55  * in case of failure.
56  */
get_exclusive(struct ubi_volume_desc * desc)57 static int get_exclusive(struct ubi_volume_desc *desc)
58 {
59 	int users, err;
60 	struct ubi_volume *vol = desc->vol;
61 
62 	spin_lock(&vol->ubi->volumes_lock);
63 	users = vol->readers + vol->writers + vol->exclusive;
64 	ubi_assert(users > 0);
65 	if (users > 1) {
66 		ubi_err("%d users for volume %d", users, vol->vol_id);
67 		err = -EBUSY;
68 	} else {
69 		vol->readers = vol->writers = 0;
70 		vol->exclusive = 1;
71 		err = desc->mode;
72 		desc->mode = UBI_EXCLUSIVE;
73 	}
74 	spin_unlock(&vol->ubi->volumes_lock);
75 
76 	return err;
77 }
78 
79 /**
80  * revoke_exclusive - revoke exclusive mode.
81  * @desc: volume descriptor
82  * @mode: new mode to switch to
83  */
revoke_exclusive(struct ubi_volume_desc * desc,int mode)84 static void revoke_exclusive(struct ubi_volume_desc *desc, int mode)
85 {
86 	struct ubi_volume *vol = desc->vol;
87 
88 	spin_lock(&vol->ubi->volumes_lock);
89 	ubi_assert(vol->readers == 0 && vol->writers == 0);
90 	ubi_assert(vol->exclusive == 1 && desc->mode == UBI_EXCLUSIVE);
91 	vol->exclusive = 0;
92 	if (mode == UBI_READONLY)
93 		vol->readers = 1;
94 	else if (mode == UBI_READWRITE)
95 		vol->writers = 1;
96 	else
97 		vol->exclusive = 1;
98 	spin_unlock(&vol->ubi->volumes_lock);
99 
100 	desc->mode = mode;
101 }
102 
vol_cdev_open(struct inode * inode,struct file * file)103 static int vol_cdev_open(struct inode *inode, struct file *file)
104 {
105 	struct ubi_volume_desc *desc;
106 	int vol_id = iminor(inode) - 1, mode, ubi_num;
107 
108 	ubi_num = ubi_major2num(imajor(inode));
109 	if (ubi_num < 0)
110 		return ubi_num;
111 
112 	if (file->f_mode & FMODE_WRITE)
113 		mode = UBI_READWRITE;
114 	else
115 		mode = UBI_READONLY;
116 
117 	dbg_gen("open device %d, volume %d, mode %d",
118 		ubi_num, vol_id, mode);
119 
120 	desc = ubi_open_volume(ubi_num, vol_id, mode);
121 	if (IS_ERR(desc))
122 		return PTR_ERR(desc);
123 
124 	file->private_data = desc;
125 	return 0;
126 }
127 
vol_cdev_release(struct inode * inode,struct file * file)128 static int vol_cdev_release(struct inode *inode, struct file *file)
129 {
130 	struct ubi_volume_desc *desc = file->private_data;
131 	struct ubi_volume *vol = desc->vol;
132 
133 	dbg_gen("release device %d, volume %d, mode %d",
134 		vol->ubi->ubi_num, vol->vol_id, desc->mode);
135 
136 	if (vol->updating) {
137 		ubi_warn("update of volume %d not finished, volume is damaged",
138 			 vol->vol_id);
139 		ubi_assert(!vol->changing_leb);
140 		vol->updating = 0;
141 		vfree(vol->upd_buf);
142 	} else if (vol->changing_leb) {
143 		dbg_gen("only %lld of %lld bytes received for atomic LEB change for volume %d:%d, cancel",
144 			vol->upd_received, vol->upd_bytes, vol->ubi->ubi_num,
145 			vol->vol_id);
146 		vol->changing_leb = 0;
147 		vfree(vol->upd_buf);
148 	}
149 
150 	ubi_close_volume(desc);
151 	return 0;
152 }
153 
vol_cdev_llseek(struct file * file,loff_t offset,int origin)154 static loff_t vol_cdev_llseek(struct file *file, loff_t offset, int origin)
155 {
156 	struct ubi_volume_desc *desc = file->private_data;
157 	struct ubi_volume *vol = desc->vol;
158 	loff_t new_offset;
159 
160 	if (vol->updating) {
161 		/* Update is in progress, seeking is prohibited */
162 		ubi_err("updating");
163 		return -EBUSY;
164 	}
165 
166 	switch (origin) {
167 	case 0: /* SEEK_SET */
168 		new_offset = offset;
169 		break;
170 	case 1: /* SEEK_CUR */
171 		new_offset = file->f_pos + offset;
172 		break;
173 	case 2: /* SEEK_END */
174 		new_offset = vol->used_bytes + offset;
175 		break;
176 	default:
177 		return -EINVAL;
178 	}
179 
180 	if (new_offset < 0 || new_offset > vol->used_bytes) {
181 		ubi_err("bad seek %lld", new_offset);
182 		return -EINVAL;
183 	}
184 
185 	dbg_gen("seek volume %d, offset %lld, origin %d, new offset %lld",
186 		vol->vol_id, offset, origin, new_offset);
187 
188 	file->f_pos = new_offset;
189 	return new_offset;
190 }
191 
vol_cdev_fsync(struct file * file,loff_t start,loff_t end,int datasync)192 static int vol_cdev_fsync(struct file *file, loff_t start, loff_t end,
193 			  int datasync)
194 {
195 	struct ubi_volume_desc *desc = file->private_data;
196 	struct ubi_device *ubi = desc->vol->ubi;
197 	struct inode *inode = file_inode(file);
198 	int err;
199 	mutex_lock(&inode->i_mutex);
200 	err = ubi_sync(ubi->ubi_num);
201 	mutex_unlock(&inode->i_mutex);
202 	return err;
203 }
204 
205 
vol_cdev_read(struct file * file,__user char * buf,size_t count,loff_t * offp)206 static ssize_t vol_cdev_read(struct file *file, __user char *buf, size_t count,
207 			     loff_t *offp)
208 {
209 	struct ubi_volume_desc *desc = file->private_data;
210 	struct ubi_volume *vol = desc->vol;
211 	struct ubi_device *ubi = vol->ubi;
212 	int err, lnum, off, len,  tbuf_size;
213 	size_t count_save = count;
214 	void *tbuf;
215 
216 	dbg_gen("read %zd bytes from offset %lld of volume %d",
217 		count, *offp, vol->vol_id);
218 
219 	if (vol->updating) {
220 		ubi_err("updating");
221 		return -EBUSY;
222 	}
223 	if (vol->upd_marker) {
224 		ubi_err("damaged volume, update marker is set");
225 		return -EBADF;
226 	}
227 	if (*offp == vol->used_bytes || count == 0)
228 		return 0;
229 
230 	if (vol->corrupted)
231 		dbg_gen("read from corrupted volume %d", vol->vol_id);
232 
233 	if (*offp + count > vol->used_bytes)
234 		count_save = count = vol->used_bytes - *offp;
235 
236 	tbuf_size = vol->usable_leb_size;
237 	if (count < tbuf_size)
238 		tbuf_size = ALIGN(count, ubi->min_io_size);
239 	tbuf = vmalloc(tbuf_size);
240 	if (!tbuf)
241 		return -ENOMEM;
242 
243 	len = count > tbuf_size ? tbuf_size : count;
244 	lnum = div_u64_rem(*offp, vol->usable_leb_size, &off);
245 
246 	do {
247 		cond_resched();
248 
249 		if (off + len >= vol->usable_leb_size)
250 			len = vol->usable_leb_size - off;
251 
252 		err = ubi_eba_read_leb(ubi, vol, lnum, tbuf, off, len, 0);
253 		if (err)
254 			break;
255 
256 		off += len;
257 		if (off == vol->usable_leb_size) {
258 			lnum += 1;
259 			off -= vol->usable_leb_size;
260 		}
261 
262 		count -= len;
263 		*offp += len;
264 
265 		err = copy_to_user(buf, tbuf, len);
266 		if (err) {
267 			err = -EFAULT;
268 			break;
269 		}
270 
271 		buf += len;
272 		len = count > tbuf_size ? tbuf_size : count;
273 	} while (count);
274 
275 	vfree(tbuf);
276 	return err ? err : count_save - count;
277 }
278 
279 /*
280  * This function allows to directly write to dynamic UBI volumes, without
281  * issuing the volume update operation.
282  */
vol_cdev_direct_write(struct file * file,const char __user * buf,size_t count,loff_t * offp)283 static ssize_t vol_cdev_direct_write(struct file *file, const char __user *buf,
284 				     size_t count, loff_t *offp)
285 {
286 	struct ubi_volume_desc *desc = file->private_data;
287 	struct ubi_volume *vol = desc->vol;
288 	struct ubi_device *ubi = vol->ubi;
289 	int lnum, off, len, tbuf_size, err = 0;
290 	size_t count_save = count;
291 	char *tbuf;
292 
293 	if (!vol->direct_writes)
294 		return -EPERM;
295 
296 	dbg_gen("requested: write %zd bytes to offset %lld of volume %u",
297 		count, *offp, vol->vol_id);
298 
299 	if (vol->vol_type == UBI_STATIC_VOLUME)
300 		return -EROFS;
301 
302 	lnum = div_u64_rem(*offp, vol->usable_leb_size, &off);
303 	if (off & (ubi->min_io_size - 1)) {
304 		ubi_err("unaligned position");
305 		return -EINVAL;
306 	}
307 
308 	if (*offp + count > vol->used_bytes)
309 		count_save = count = vol->used_bytes - *offp;
310 
311 	/* We can write only in fractions of the minimum I/O unit */
312 	if (count & (ubi->min_io_size - 1)) {
313 		ubi_err("unaligned write length");
314 		return -EINVAL;
315 	}
316 
317 	tbuf_size = vol->usable_leb_size;
318 	if (count < tbuf_size)
319 		tbuf_size = ALIGN(count, ubi->min_io_size);
320 	tbuf = vmalloc(tbuf_size);
321 	if (!tbuf)
322 		return -ENOMEM;
323 
324 	len = count > tbuf_size ? tbuf_size : count;
325 
326 	while (count) {
327 		cond_resched();
328 
329 		if (off + len >= vol->usable_leb_size)
330 			len = vol->usable_leb_size - off;
331 
332 		err = copy_from_user(tbuf, buf, len);
333 		if (err) {
334 			err = -EFAULT;
335 			break;
336 		}
337 
338 		err = ubi_eba_write_leb(ubi, vol, lnum, tbuf, off, len);
339 		if (err)
340 			break;
341 
342 		off += len;
343 		if (off == vol->usable_leb_size) {
344 			lnum += 1;
345 			off -= vol->usable_leb_size;
346 		}
347 
348 		count -= len;
349 		*offp += len;
350 		buf += len;
351 		len = count > tbuf_size ? tbuf_size : count;
352 	}
353 
354 	vfree(tbuf);
355 	return err ? err : count_save - count;
356 }
357 
vol_cdev_write(struct file * file,const char __user * buf,size_t count,loff_t * offp)358 static ssize_t vol_cdev_write(struct file *file, const char __user *buf,
359 			      size_t count, loff_t *offp)
360 {
361 	int err = 0;
362 	struct ubi_volume_desc *desc = file->private_data;
363 	struct ubi_volume *vol = desc->vol;
364 	struct ubi_device *ubi = vol->ubi;
365 
366 	if (!vol->updating && !vol->changing_leb)
367 		return vol_cdev_direct_write(file, buf, count, offp);
368 
369 	if (vol->updating)
370 		err = ubi_more_update_data(ubi, vol, buf, count);
371 	else
372 		err = ubi_more_leb_change_data(ubi, vol, buf, count);
373 
374 	if (err < 0) {
375 		ubi_err("cannot accept more %zd bytes of data, error %d",
376 			count, err);
377 		return err;
378 	}
379 
380 	if (err) {
381 		/*
382 		 * The operation is finished, @err contains number of actually
383 		 * written bytes.
384 		 */
385 		count = err;
386 
387 		if (vol->changing_leb) {
388 			revoke_exclusive(desc, UBI_READWRITE);
389 			return count;
390 		}
391 
392 		err = ubi_check_volume(ubi, vol->vol_id);
393 		if (err < 0)
394 			return err;
395 
396 		if (err) {
397 			ubi_warn("volume %d on UBI device %d is corrupted",
398 				 vol->vol_id, ubi->ubi_num);
399 			vol->corrupted = 1;
400 		}
401 		vol->checked = 1;
402 		ubi_volume_notify(ubi, vol, UBI_VOLUME_UPDATED);
403 		revoke_exclusive(desc, UBI_READWRITE);
404 	}
405 
406 	return count;
407 }
408 
vol_cdev_ioctl(struct file * file,unsigned int cmd,unsigned long arg)409 static long vol_cdev_ioctl(struct file *file, unsigned int cmd,
410 			   unsigned long arg)
411 {
412 	int err = 0;
413 	struct ubi_volume_desc *desc = file->private_data;
414 	struct ubi_volume *vol = desc->vol;
415 	struct ubi_device *ubi = vol->ubi;
416 	void __user *argp = (void __user *)arg;
417 
418 	switch (cmd) {
419 	/* Volume update command */
420 	case UBI_IOCVOLUP:
421 	{
422 		int64_t bytes, rsvd_bytes;
423 
424 		if (!capable(CAP_SYS_RESOURCE)) {
425 			err = -EPERM;
426 			break;
427 		}
428 
429 		err = copy_from_user(&bytes, argp, sizeof(int64_t));
430 		if (err) {
431 			err = -EFAULT;
432 			break;
433 		}
434 
435 		if (desc->mode == UBI_READONLY) {
436 			err = -EROFS;
437 			break;
438 		}
439 
440 		rsvd_bytes = (long long)vol->reserved_pebs *
441 					ubi->leb_size-vol->data_pad;
442 		if (bytes < 0 || bytes > rsvd_bytes) {
443 			err = -EINVAL;
444 			break;
445 		}
446 
447 		err = get_exclusive(desc);
448 		if (err < 0)
449 			break;
450 
451 		err = ubi_start_update(ubi, vol, bytes);
452 		if (bytes == 0)
453 			revoke_exclusive(desc, UBI_READWRITE);
454 		break;
455 	}
456 
457 	/* Atomic logical eraseblock change command */
458 	case UBI_IOCEBCH:
459 	{
460 		struct ubi_leb_change_req req;
461 
462 		err = copy_from_user(&req, argp,
463 				     sizeof(struct ubi_leb_change_req));
464 		if (err) {
465 			err = -EFAULT;
466 			break;
467 		}
468 
469 		if (desc->mode == UBI_READONLY ||
470 		    vol->vol_type == UBI_STATIC_VOLUME) {
471 			err = -EROFS;
472 			break;
473 		}
474 
475 		/* Validate the request */
476 		err = -EINVAL;
477 		if (req.lnum < 0 || req.lnum >= vol->reserved_pebs ||
478 		    req.bytes < 0 || req.lnum >= vol->usable_leb_size)
479 			break;
480 
481 		err = get_exclusive(desc);
482 		if (err < 0)
483 			break;
484 
485 		err = ubi_start_leb_change(ubi, vol, &req);
486 		if (req.bytes == 0)
487 			revoke_exclusive(desc, UBI_READWRITE);
488 		break;
489 	}
490 
491 	/* Logical eraseblock erasure command */
492 	case UBI_IOCEBER:
493 	{
494 		int32_t lnum;
495 
496 		err = get_user(lnum, (__user int32_t *)argp);
497 		if (err) {
498 			err = -EFAULT;
499 			break;
500 		}
501 
502 		if (desc->mode == UBI_READONLY ||
503 		    vol->vol_type == UBI_STATIC_VOLUME) {
504 			err = -EROFS;
505 			break;
506 		}
507 
508 		if (lnum < 0 || lnum >= vol->reserved_pebs) {
509 			err = -EINVAL;
510 			break;
511 		}
512 
513 		dbg_gen("erase LEB %d:%d", vol->vol_id, lnum);
514 		err = ubi_eba_unmap_leb(ubi, vol, lnum);
515 		if (err)
516 			break;
517 
518 		err = ubi_wl_flush(ubi, UBI_ALL, UBI_ALL);
519 		break;
520 	}
521 
522 	/* Logical eraseblock map command */
523 	case UBI_IOCEBMAP:
524 	{
525 		struct ubi_map_req req;
526 
527 		err = copy_from_user(&req, argp, sizeof(struct ubi_map_req));
528 		if (err) {
529 			err = -EFAULT;
530 			break;
531 		}
532 		err = ubi_leb_map(desc, req.lnum);
533 		break;
534 	}
535 
536 	/* Logical eraseblock un-map command */
537 	case UBI_IOCEBUNMAP:
538 	{
539 		int32_t lnum;
540 
541 		err = get_user(lnum, (__user int32_t *)argp);
542 		if (err) {
543 			err = -EFAULT;
544 			break;
545 		}
546 		err = ubi_leb_unmap(desc, lnum);
547 		break;
548 	}
549 
550 	/* Check if logical eraseblock is mapped command */
551 	case UBI_IOCEBISMAP:
552 	{
553 		int32_t lnum;
554 
555 		err = get_user(lnum, (__user int32_t *)argp);
556 		if (err) {
557 			err = -EFAULT;
558 			break;
559 		}
560 		err = ubi_is_mapped(desc, lnum);
561 		break;
562 	}
563 
564 	/* Set volume property command */
565 	case UBI_IOCSETVOLPROP:
566 	{
567 		struct ubi_set_vol_prop_req req;
568 
569 		err = copy_from_user(&req, argp,
570 				     sizeof(struct ubi_set_vol_prop_req));
571 		if (err) {
572 			err = -EFAULT;
573 			break;
574 		}
575 		switch (req.property) {
576 		case UBI_VOL_PROP_DIRECT_WRITE:
577 			mutex_lock(&ubi->device_mutex);
578 			desc->vol->direct_writes = !!req.value;
579 			mutex_unlock(&ubi->device_mutex);
580 			break;
581 		default:
582 			err = -EINVAL;
583 			break;
584 		}
585 		break;
586 	}
587 
588 	default:
589 		err = -ENOTTY;
590 		break;
591 	}
592 	return err;
593 }
594 
595 /**
596  * verify_mkvol_req - verify volume creation request.
597  * @ubi: UBI device description object
598  * @req: the request to check
599  *
600  * This function zero if the request is correct, and %-EINVAL if not.
601  */
verify_mkvol_req(const struct ubi_device * ubi,const struct ubi_mkvol_req * req)602 static int verify_mkvol_req(const struct ubi_device *ubi,
603 			    const struct ubi_mkvol_req *req)
604 {
605 	int n, err = -EINVAL;
606 
607 	if (req->bytes < 0 || req->alignment < 0 || req->vol_type < 0 ||
608 	    req->name_len < 0)
609 		goto bad;
610 
611 	if ((req->vol_id < 0 || req->vol_id >= ubi->vtbl_slots) &&
612 	    req->vol_id != UBI_VOL_NUM_AUTO)
613 		goto bad;
614 
615 	if (req->alignment == 0)
616 		goto bad;
617 
618 	if (req->bytes == 0)
619 		goto bad;
620 
621 	if (req->vol_type != UBI_DYNAMIC_VOLUME &&
622 	    req->vol_type != UBI_STATIC_VOLUME)
623 		goto bad;
624 
625 	if (req->alignment > ubi->leb_size)
626 		goto bad;
627 
628 	n = req->alignment & (ubi->min_io_size - 1);
629 	if (req->alignment != 1 && n)
630 		goto bad;
631 
632 	if (!req->name[0] || !req->name_len)
633 		goto bad;
634 
635 	if (req->name_len > UBI_VOL_NAME_MAX) {
636 		err = -ENAMETOOLONG;
637 		goto bad;
638 	}
639 
640 	n = strnlen(req->name, req->name_len + 1);
641 	if (n != req->name_len)
642 		goto bad;
643 
644 	return 0;
645 
646 bad:
647 	ubi_err("bad volume creation request");
648 	ubi_dump_mkvol_req(req);
649 	return err;
650 }
651 
652 /**
653  * verify_rsvol_req - verify volume re-size request.
654  * @ubi: UBI device description object
655  * @req: the request to check
656  *
657  * This function returns zero if the request is correct, and %-EINVAL if not.
658  */
verify_rsvol_req(const struct ubi_device * ubi,const struct ubi_rsvol_req * req)659 static int verify_rsvol_req(const struct ubi_device *ubi,
660 			    const struct ubi_rsvol_req *req)
661 {
662 	if (req->bytes <= 0)
663 		return -EINVAL;
664 
665 	if (req->vol_id < 0 || req->vol_id >= ubi->vtbl_slots)
666 		return -EINVAL;
667 
668 	return 0;
669 }
670 
671 /**
672  * rename_volumes - rename UBI volumes.
673  * @ubi: UBI device description object
674  * @req: volumes re-name request
675  *
676  * This is a helper function for the volume re-name IOCTL which validates the
677  * the request, opens the volume and calls corresponding volumes management
678  * function. Returns zero in case of success and a negative error code in case
679  * of failure.
680  */
rename_volumes(struct ubi_device * ubi,struct ubi_rnvol_req * req)681 static int rename_volumes(struct ubi_device *ubi,
682 			  struct ubi_rnvol_req *req)
683 {
684 	int i, n, err;
685 	struct list_head rename_list;
686 	struct ubi_rename_entry *re, *re1;
687 
688 	if (req->count < 0 || req->count > UBI_MAX_RNVOL)
689 		return -EINVAL;
690 
691 	if (req->count == 0)
692 		return 0;
693 
694 	/* Validate volume IDs and names in the request */
695 	for (i = 0; i < req->count; i++) {
696 		if (req->ents[i].vol_id < 0 ||
697 		    req->ents[i].vol_id >= ubi->vtbl_slots)
698 			return -EINVAL;
699 		if (req->ents[i].name_len < 0)
700 			return -EINVAL;
701 		if (req->ents[i].name_len > UBI_VOL_NAME_MAX)
702 			return -ENAMETOOLONG;
703 		req->ents[i].name[req->ents[i].name_len] = '\0';
704 		n = strlen(req->ents[i].name);
705 		if (n != req->ents[i].name_len)
706 			err = -EINVAL;
707 	}
708 
709 	/* Make sure volume IDs and names are unique */
710 	for (i = 0; i < req->count - 1; i++) {
711 		for (n = i + 1; n < req->count; n++) {
712 			if (req->ents[i].vol_id == req->ents[n].vol_id) {
713 				ubi_err("duplicated volume id %d",
714 					req->ents[i].vol_id);
715 				return -EINVAL;
716 			}
717 			if (!strcmp(req->ents[i].name, req->ents[n].name)) {
718 				ubi_err("duplicated volume name \"%s\"",
719 					req->ents[i].name);
720 				return -EINVAL;
721 			}
722 		}
723 	}
724 
725 	/* Create the re-name list */
726 	INIT_LIST_HEAD(&rename_list);
727 	for (i = 0; i < req->count; i++) {
728 		int vol_id = req->ents[i].vol_id;
729 		int name_len = req->ents[i].name_len;
730 		const char *name = req->ents[i].name;
731 
732 		re = kzalloc(sizeof(struct ubi_rename_entry), GFP_KERNEL);
733 		if (!re) {
734 			err = -ENOMEM;
735 			goto out_free;
736 		}
737 
738 		re->desc = ubi_open_volume(ubi->ubi_num, vol_id, UBI_EXCLUSIVE);
739 		if (IS_ERR(re->desc)) {
740 			err = PTR_ERR(re->desc);
741 			ubi_err("cannot open volume %d, error %d", vol_id, err);
742 			kfree(re);
743 			goto out_free;
744 		}
745 
746 		/* Skip this re-naming if the name does not really change */
747 		if (re->desc->vol->name_len == name_len &&
748 		    !memcmp(re->desc->vol->name, name, name_len)) {
749 			ubi_close_volume(re->desc);
750 			kfree(re);
751 			continue;
752 		}
753 
754 		re->new_name_len = name_len;
755 		memcpy(re->new_name, name, name_len);
756 		list_add_tail(&re->list, &rename_list);
757 		dbg_gen("will rename volume %d from \"%s\" to \"%s\"",
758 			vol_id, re->desc->vol->name, name);
759 	}
760 
761 	if (list_empty(&rename_list))
762 		return 0;
763 
764 	/* Find out the volumes which have to be removed */
765 	list_for_each_entry(re, &rename_list, list) {
766 		struct ubi_volume_desc *desc;
767 		int no_remove_needed = 0;
768 
769 		/*
770 		 * Volume @re->vol_id is going to be re-named to
771 		 * @re->new_name, while its current name is @name. If a volume
772 		 * with name @re->new_name currently exists, it has to be
773 		 * removed, unless it is also re-named in the request (@req).
774 		 */
775 		list_for_each_entry(re1, &rename_list, list) {
776 			if (re->new_name_len == re1->desc->vol->name_len &&
777 			    !memcmp(re->new_name, re1->desc->vol->name,
778 				    re1->desc->vol->name_len)) {
779 				no_remove_needed = 1;
780 				break;
781 			}
782 		}
783 
784 		if (no_remove_needed)
785 			continue;
786 
787 		/*
788 		 * It seems we need to remove volume with name @re->new_name,
789 		 * if it exists.
790 		 */
791 		desc = ubi_open_volume_nm(ubi->ubi_num, re->new_name,
792 					  UBI_EXCLUSIVE);
793 		if (IS_ERR(desc)) {
794 			err = PTR_ERR(desc);
795 			if (err == -ENODEV)
796 				/* Re-naming into a non-existing volume name */
797 				continue;
798 
799 			/* The volume exists but busy, or an error occurred */
800 			ubi_err("cannot open volume \"%s\", error %d",
801 				re->new_name, err);
802 			goto out_free;
803 		}
804 
805 		re1 = kzalloc(sizeof(struct ubi_rename_entry), GFP_KERNEL);
806 		if (!re1) {
807 			err = -ENOMEM;
808 			ubi_close_volume(desc);
809 			goto out_free;
810 		}
811 
812 		re1->remove = 1;
813 		re1->desc = desc;
814 		list_add(&re1->list, &rename_list);
815 		dbg_gen("will remove volume %d, name \"%s\"",
816 			re1->desc->vol->vol_id, re1->desc->vol->name);
817 	}
818 
819 	mutex_lock(&ubi->device_mutex);
820 	err = ubi_rename_volumes(ubi, &rename_list);
821 	mutex_unlock(&ubi->device_mutex);
822 
823 out_free:
824 	list_for_each_entry_safe(re, re1, &rename_list, list) {
825 		ubi_close_volume(re->desc);
826 		list_del(&re->list);
827 		kfree(re);
828 	}
829 	return err;
830 }
831 
ubi_cdev_ioctl(struct file * file,unsigned int cmd,unsigned long arg)832 static long ubi_cdev_ioctl(struct file *file, unsigned int cmd,
833 			   unsigned long arg)
834 {
835 	int err = 0;
836 	struct ubi_device *ubi;
837 	struct ubi_volume_desc *desc;
838 	void __user *argp = (void __user *)arg;
839 
840 	if (!capable(CAP_SYS_RESOURCE))
841 		return -EPERM;
842 
843 	ubi = ubi_get_by_major(imajor(file->f_mapping->host));
844 	if (!ubi)
845 		return -ENODEV;
846 
847 	switch (cmd) {
848 	/* Create volume command */
849 	case UBI_IOCMKVOL:
850 	{
851 		struct ubi_mkvol_req req;
852 
853 		dbg_gen("create volume");
854 		err = copy_from_user(&req, argp, sizeof(struct ubi_mkvol_req));
855 		if (err) {
856 			err = -EFAULT;
857 			break;
858 		}
859 
860 		err = verify_mkvol_req(ubi, &req);
861 		if (err)
862 			break;
863 
864 		mutex_lock(&ubi->device_mutex);
865 		err = ubi_create_volume(ubi, &req);
866 		mutex_unlock(&ubi->device_mutex);
867 		if (err)
868 			break;
869 
870 		err = put_user(req.vol_id, (__user int32_t *)argp);
871 		if (err)
872 			err = -EFAULT;
873 
874 		break;
875 	}
876 
877 	/* Remove volume command */
878 	case UBI_IOCRMVOL:
879 	{
880 		int vol_id;
881 
882 		dbg_gen("remove volume");
883 		err = get_user(vol_id, (__user int32_t *)argp);
884 		if (err) {
885 			err = -EFAULT;
886 			break;
887 		}
888 
889 		desc = ubi_open_volume(ubi->ubi_num, vol_id, UBI_EXCLUSIVE);
890 		if (IS_ERR(desc)) {
891 			err = PTR_ERR(desc);
892 			break;
893 		}
894 
895 		mutex_lock(&ubi->device_mutex);
896 		err = ubi_remove_volume(desc, 0);
897 		mutex_unlock(&ubi->device_mutex);
898 
899 		/*
900 		 * The volume is deleted (unless an error occurred), and the
901 		 * 'struct ubi_volume' object will be freed when
902 		 * 'ubi_close_volume()' will call 'put_device()'.
903 		 */
904 		ubi_close_volume(desc);
905 		break;
906 	}
907 
908 	/* Re-size volume command */
909 	case UBI_IOCRSVOL:
910 	{
911 		int pebs;
912 		struct ubi_rsvol_req req;
913 
914 		dbg_gen("re-size volume");
915 		err = copy_from_user(&req, argp, sizeof(struct ubi_rsvol_req));
916 		if (err) {
917 			err = -EFAULT;
918 			break;
919 		}
920 
921 		err = verify_rsvol_req(ubi, &req);
922 		if (err)
923 			break;
924 
925 		desc = ubi_open_volume(ubi->ubi_num, req.vol_id, UBI_EXCLUSIVE);
926 		if (IS_ERR(desc)) {
927 			err = PTR_ERR(desc);
928 			break;
929 		}
930 
931 		pebs = div_u64(req.bytes + desc->vol->usable_leb_size - 1,
932 			       desc->vol->usable_leb_size);
933 
934 		mutex_lock(&ubi->device_mutex);
935 		err = ubi_resize_volume(desc, pebs);
936 		mutex_unlock(&ubi->device_mutex);
937 		ubi_close_volume(desc);
938 		break;
939 	}
940 
941 	/* Re-name volumes command */
942 	case UBI_IOCRNVOL:
943 	{
944 		struct ubi_rnvol_req *req;
945 
946 		dbg_gen("re-name volumes");
947 		req = kmalloc(sizeof(struct ubi_rnvol_req), GFP_KERNEL);
948 		if (!req) {
949 			err = -ENOMEM;
950 			break;
951 		};
952 
953 		err = copy_from_user(req, argp, sizeof(struct ubi_rnvol_req));
954 		if (err) {
955 			err = -EFAULT;
956 			kfree(req);
957 			break;
958 		}
959 
960 		err = rename_volumes(ubi, req);
961 		kfree(req);
962 		break;
963 	}
964 
965 	default:
966 		err = -ENOTTY;
967 		break;
968 	}
969 
970 	ubi_put_device(ubi);
971 	return err;
972 }
973 
ctrl_cdev_ioctl(struct file * file,unsigned int cmd,unsigned long arg)974 static long ctrl_cdev_ioctl(struct file *file, unsigned int cmd,
975 			    unsigned long arg)
976 {
977 	int err = 0;
978 	void __user *argp = (void __user *)arg;
979 
980 	if (!capable(CAP_SYS_RESOURCE))
981 		return -EPERM;
982 
983 	switch (cmd) {
984 	/* Attach an MTD device command */
985 	case UBI_IOCATT:
986 	{
987 		struct ubi_attach_req req;
988 		struct mtd_info *mtd;
989 
990 		dbg_gen("attach MTD device");
991 		err = copy_from_user(&req, argp, sizeof(struct ubi_attach_req));
992 		if (err) {
993 			err = -EFAULT;
994 			break;
995 		}
996 
997 		if (req.mtd_num < 0 ||
998 		    (req.ubi_num < 0 && req.ubi_num != UBI_DEV_NUM_AUTO)) {
999 			err = -EINVAL;
1000 			break;
1001 		}
1002 
1003 		mtd = get_mtd_device(NULL, req.mtd_num);
1004 		if (IS_ERR(mtd)) {
1005 			err = PTR_ERR(mtd);
1006 			break;
1007 		}
1008 
1009 		/*
1010 		 * Note, further request verification is done by
1011 		 * 'ubi_attach_mtd_dev()'.
1012 		 */
1013 		mutex_lock(&ubi_devices_mutex);
1014 		err = ubi_attach_mtd_dev(mtd, req.ubi_num, req.vid_hdr_offset,
1015 					 req.max_beb_per1024);
1016 		mutex_unlock(&ubi_devices_mutex);
1017 		if (err < 0)
1018 			put_mtd_device(mtd);
1019 		else
1020 			/* @err contains UBI device number */
1021 			err = put_user(err, (__user int32_t *)argp);
1022 
1023 		break;
1024 	}
1025 
1026 	/* Detach an MTD device command */
1027 	case UBI_IOCDET:
1028 	{
1029 		int ubi_num;
1030 
1031 		dbg_gen("detach MTD device");
1032 		err = get_user(ubi_num, (__user int32_t *)argp);
1033 		if (err) {
1034 			err = -EFAULT;
1035 			break;
1036 		}
1037 
1038 		mutex_lock(&ubi_devices_mutex);
1039 		err = ubi_detach_mtd_dev(ubi_num, 0);
1040 		mutex_unlock(&ubi_devices_mutex);
1041 		break;
1042 	}
1043 
1044 	default:
1045 		err = -ENOTTY;
1046 		break;
1047 	}
1048 
1049 	return err;
1050 }
1051 
1052 #ifdef CONFIG_COMPAT
vol_cdev_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1053 static long vol_cdev_compat_ioctl(struct file *file, unsigned int cmd,
1054 				  unsigned long arg)
1055 {
1056 	unsigned long translated_arg = (unsigned long)compat_ptr(arg);
1057 
1058 	return vol_cdev_ioctl(file, cmd, translated_arg);
1059 }
1060 
ubi_cdev_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1061 static long ubi_cdev_compat_ioctl(struct file *file, unsigned int cmd,
1062 				  unsigned long arg)
1063 {
1064 	unsigned long translated_arg = (unsigned long)compat_ptr(arg);
1065 
1066 	return ubi_cdev_ioctl(file, cmd, translated_arg);
1067 }
1068 
ctrl_cdev_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1069 static long ctrl_cdev_compat_ioctl(struct file *file, unsigned int cmd,
1070 				   unsigned long arg)
1071 {
1072 	unsigned long translated_arg = (unsigned long)compat_ptr(arg);
1073 
1074 	return ctrl_cdev_ioctl(file, cmd, translated_arg);
1075 }
1076 #else
1077 #define vol_cdev_compat_ioctl  NULL
1078 #define ubi_cdev_compat_ioctl  NULL
1079 #define ctrl_cdev_compat_ioctl NULL
1080 #endif
1081 
1082 /* UBI volume character device operations */
1083 const struct file_operations ubi_vol_cdev_operations = {
1084 	.owner          = THIS_MODULE,
1085 	.open           = vol_cdev_open,
1086 	.release        = vol_cdev_release,
1087 	.llseek         = vol_cdev_llseek,
1088 	.read           = vol_cdev_read,
1089 	.write          = vol_cdev_write,
1090 	.fsync		= vol_cdev_fsync,
1091 	.unlocked_ioctl = vol_cdev_ioctl,
1092 	.compat_ioctl   = vol_cdev_compat_ioctl,
1093 };
1094 
1095 /* UBI character device operations */
1096 const struct file_operations ubi_cdev_operations = {
1097 	.owner          = THIS_MODULE,
1098 	.llseek         = no_llseek,
1099 	.unlocked_ioctl = ubi_cdev_ioctl,
1100 	.compat_ioctl   = ubi_cdev_compat_ioctl,
1101 };
1102 
1103 /* UBI control character device operations */
1104 const struct file_operations ubi_ctrl_cdev_operations = {
1105 	.owner          = THIS_MODULE,
1106 	.unlocked_ioctl = ctrl_cdev_ioctl,
1107 	.compat_ioctl   = ctrl_cdev_compat_ioctl,
1108 	.llseek		= no_llseek,
1109 };
1110