• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) International Business Machines Corp., 2006
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
12  * the GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17  *
18  * Author: Artem Bityutskiy (Битюцкий Артём)
19  */
20 
21 /*
22  * This file includes implementation of UBI character device operations.
23  *
24  * There are two kinds of character devices in UBI: UBI character devices and
25  * UBI volume character devices. UBI character devices allow users to
26  * manipulate whole volumes: create, remove, and re-size them. Volume character
27  * devices provide volume I/O capabilities.
28  *
29  * Major and minor numbers are assigned dynamically to both UBI and volume
30  * character devices.
31  *
32  * Well, there is the third kind of character devices - the UBI control
33  * character device, which allows to manipulate by UBI devices - create and
34  * delete them. In other words, it is used for attaching and detaching MTD
35  * devices.
36  */
37 
38 #include <linux/module.h>
39 #include <linux/stat.h>
40 #include <linux/slab.h>
41 #include <linux/ioctl.h>
42 #include <linux/capability.h>
43 #include <linux/uaccess.h>
44 #include <linux/compat.h>
45 #include <linux/math64.h>
46 #include <mtd/ubi-user.h>
47 #include "ubi.h"
48 
49 /**
50  * get_exclusive - get exclusive access to an UBI volume.
51  * @desc: volume descriptor
52  *
53  * This function changes UBI volume open mode to "exclusive". Returns previous
54  * mode value (positive integer) in case of success and a negative error code
55  * in case of failure.
56  */
get_exclusive(struct ubi_volume_desc * desc)57 static int get_exclusive(struct ubi_volume_desc *desc)
58 {
59 	int users, err;
60 	struct ubi_volume *vol = desc->vol;
61 
62 	spin_lock(&vol->ubi->volumes_lock);
63 	users = vol->readers + vol->writers + vol->exclusive;
64 	ubi_assert(users > 0);
65 	if (users > 1) {
66 		dbg_err("%d users for volume %d", users, vol->vol_id);
67 		err = -EBUSY;
68 	} else {
69 		vol->readers = vol->writers = 0;
70 		vol->exclusive = 1;
71 		err = desc->mode;
72 		desc->mode = UBI_EXCLUSIVE;
73 	}
74 	spin_unlock(&vol->ubi->volumes_lock);
75 
76 	return err;
77 }
78 
79 /**
80  * revoke_exclusive - revoke exclusive mode.
81  * @desc: volume descriptor
82  * @mode: new mode to switch to
83  */
revoke_exclusive(struct ubi_volume_desc * desc,int mode)84 static void revoke_exclusive(struct ubi_volume_desc *desc, int mode)
85 {
86 	struct ubi_volume *vol = desc->vol;
87 
88 	spin_lock(&vol->ubi->volumes_lock);
89 	ubi_assert(vol->readers == 0 && vol->writers == 0);
90 	ubi_assert(vol->exclusive == 1 && desc->mode == UBI_EXCLUSIVE);
91 	vol->exclusive = 0;
92 	if (mode == UBI_READONLY)
93 		vol->readers = 1;
94 	else if (mode == UBI_READWRITE)
95 		vol->writers = 1;
96 	else
97 		vol->exclusive = 1;
98 	spin_unlock(&vol->ubi->volumes_lock);
99 
100 	desc->mode = mode;
101 }
102 
vol_cdev_open(struct inode * inode,struct file * file)103 static int vol_cdev_open(struct inode *inode, struct file *file)
104 {
105 	struct ubi_volume_desc *desc;
106 	int vol_id = iminor(inode) - 1, mode, ubi_num;
107 
108 	ubi_num = ubi_major2num(imajor(inode));
109 	if (ubi_num < 0)
110 		return ubi_num;
111 
112 	if (file->f_mode & FMODE_WRITE)
113 		mode = UBI_READWRITE;
114 	else
115 		mode = UBI_READONLY;
116 
117 	dbg_gen("open device %d, volume %d, mode %d",
118 		ubi_num, vol_id, mode);
119 
120 	desc = ubi_open_volume(ubi_num, vol_id, mode);
121 	if (IS_ERR(desc))
122 		return PTR_ERR(desc);
123 
124 	file->private_data = desc;
125 	return 0;
126 }
127 
vol_cdev_release(struct inode * inode,struct file * file)128 static int vol_cdev_release(struct inode *inode, struct file *file)
129 {
130 	struct ubi_volume_desc *desc = file->private_data;
131 	struct ubi_volume *vol = desc->vol;
132 
133 	dbg_gen("release device %d, volume %d, mode %d",
134 		vol->ubi->ubi_num, vol->vol_id, desc->mode);
135 
136 	if (vol->updating) {
137 		ubi_warn("update of volume %d not finished, volume is damaged",
138 			 vol->vol_id);
139 		ubi_assert(!vol->changing_leb);
140 		vol->updating = 0;
141 		vfree(vol->upd_buf);
142 	} else if (vol->changing_leb) {
143 		dbg_gen("only %lld of %lld bytes received for atomic LEB change"
144 			" for volume %d:%d, cancel", vol->upd_received,
145 			vol->upd_bytes, vol->ubi->ubi_num, vol->vol_id);
146 		vol->changing_leb = 0;
147 		vfree(vol->upd_buf);
148 	}
149 
150 	ubi_close_volume(desc);
151 	return 0;
152 }
153 
vol_cdev_llseek(struct file * file,loff_t offset,int origin)154 static loff_t vol_cdev_llseek(struct file *file, loff_t offset, int origin)
155 {
156 	struct ubi_volume_desc *desc = file->private_data;
157 	struct ubi_volume *vol = desc->vol;
158 	loff_t new_offset;
159 
160 	if (vol->updating) {
161 		/* Update is in progress, seeking is prohibited */
162 		dbg_err("updating");
163 		return -EBUSY;
164 	}
165 
166 	switch (origin) {
167 	case 0: /* SEEK_SET */
168 		new_offset = offset;
169 		break;
170 	case 1: /* SEEK_CUR */
171 		new_offset = file->f_pos + offset;
172 		break;
173 	case 2: /* SEEK_END */
174 		new_offset = vol->used_bytes + offset;
175 		break;
176 	default:
177 		return -EINVAL;
178 	}
179 
180 	if (new_offset < 0 || new_offset > vol->used_bytes) {
181 		dbg_err("bad seek %lld", new_offset);
182 		return -EINVAL;
183 	}
184 
185 	dbg_gen("seek volume %d, offset %lld, origin %d, new offset %lld",
186 		vol->vol_id, offset, origin, new_offset);
187 
188 	file->f_pos = new_offset;
189 	return new_offset;
190 }
191 
vol_cdev_fsync(struct file * file,loff_t start,loff_t end,int datasync)192 static int vol_cdev_fsync(struct file *file, loff_t start, loff_t end, int datasync)
193 {
194 	struct ubi_volume_desc *desc = file->private_data;
195 	struct ubi_device *ubi = desc->vol->ubi;
196 	struct inode *inode = file->f_path.dentry->d_inode;
197 	int err;
198 	mutex_lock(&inode->i_mutex);
199 	err = ubi_sync(ubi->ubi_num);
200 	mutex_unlock(&inode->i_mutex);
201 	return err;
202 }
203 
204 
vol_cdev_read(struct file * file,__user char * buf,size_t count,loff_t * offp)205 static ssize_t vol_cdev_read(struct file *file, __user char *buf, size_t count,
206 			     loff_t *offp)
207 {
208 	struct ubi_volume_desc *desc = file->private_data;
209 	struct ubi_volume *vol = desc->vol;
210 	struct ubi_device *ubi = vol->ubi;
211 	int err, lnum, off, len,  tbuf_size;
212 	size_t count_save = count;
213 	void *tbuf;
214 
215 	dbg_gen("read %zd bytes from offset %lld of volume %d",
216 		count, *offp, vol->vol_id);
217 
218 	if (vol->updating) {
219 		dbg_err("updating");
220 		return -EBUSY;
221 	}
222 	if (vol->upd_marker) {
223 		dbg_err("damaged volume, update marker is set");
224 		return -EBADF;
225 	}
226 	if (*offp == vol->used_bytes || count == 0)
227 		return 0;
228 
229 	if (vol->corrupted)
230 		dbg_gen("read from corrupted volume %d", vol->vol_id);
231 
232 	if (*offp + count > vol->used_bytes)
233 		count_save = count = vol->used_bytes - *offp;
234 
235 	tbuf_size = vol->usable_leb_size;
236 	if (count < tbuf_size)
237 		tbuf_size = ALIGN(count, ubi->min_io_size);
238 	tbuf = vmalloc(tbuf_size);
239 	if (!tbuf)
240 		return -ENOMEM;
241 
242 	len = count > tbuf_size ? tbuf_size : count;
243 	lnum = div_u64_rem(*offp, vol->usable_leb_size, &off);
244 
245 	do {
246 		cond_resched();
247 
248 		if (off + len >= vol->usable_leb_size)
249 			len = vol->usable_leb_size - off;
250 
251 		err = ubi_eba_read_leb(ubi, vol, lnum, tbuf, off, len, 0);
252 		if (err)
253 			break;
254 
255 		off += len;
256 		if (off == vol->usable_leb_size) {
257 			lnum += 1;
258 			off -= vol->usable_leb_size;
259 		}
260 
261 		count -= len;
262 		*offp += len;
263 
264 		err = copy_to_user(buf, tbuf, len);
265 		if (err) {
266 			err = -EFAULT;
267 			break;
268 		}
269 
270 		buf += len;
271 		len = count > tbuf_size ? tbuf_size : count;
272 	} while (count);
273 
274 	vfree(tbuf);
275 	return err ? err : count_save - count;
276 }
277 
278 /*
279  * This function allows to directly write to dynamic UBI volumes, without
280  * issuing the volume update operation.
281  */
vol_cdev_direct_write(struct file * file,const char __user * buf,size_t count,loff_t * offp)282 static ssize_t vol_cdev_direct_write(struct file *file, const char __user *buf,
283 				     size_t count, loff_t *offp)
284 {
285 	struct ubi_volume_desc *desc = file->private_data;
286 	struct ubi_volume *vol = desc->vol;
287 	struct ubi_device *ubi = vol->ubi;
288 	int lnum, off, len, tbuf_size, err = 0;
289 	size_t count_save = count;
290 	char *tbuf;
291 
292 	if (!vol->direct_writes)
293 		return -EPERM;
294 
295 	dbg_gen("requested: write %zd bytes to offset %lld of volume %u",
296 		count, *offp, vol->vol_id);
297 
298 	if (vol->vol_type == UBI_STATIC_VOLUME)
299 		return -EROFS;
300 
301 	lnum = div_u64_rem(*offp, vol->usable_leb_size, &off);
302 	if (off & (ubi->min_io_size - 1)) {
303 		dbg_err("unaligned position");
304 		return -EINVAL;
305 	}
306 
307 	if (*offp + count > vol->used_bytes)
308 		count_save = count = vol->used_bytes - *offp;
309 
310 	/* We can write only in fractions of the minimum I/O unit */
311 	if (count & (ubi->min_io_size - 1)) {
312 		dbg_err("unaligned write length");
313 		return -EINVAL;
314 	}
315 
316 	tbuf_size = vol->usable_leb_size;
317 	if (count < tbuf_size)
318 		tbuf_size = ALIGN(count, ubi->min_io_size);
319 	tbuf = vmalloc(tbuf_size);
320 	if (!tbuf)
321 		return -ENOMEM;
322 
323 	len = count > tbuf_size ? tbuf_size : count;
324 
325 	while (count) {
326 		cond_resched();
327 
328 		if (off + len >= vol->usable_leb_size)
329 			len = vol->usable_leb_size - off;
330 
331 		err = copy_from_user(tbuf, buf, len);
332 		if (err) {
333 			err = -EFAULT;
334 			break;
335 		}
336 
337 		err = ubi_eba_write_leb(ubi, vol, lnum, tbuf, off, len,
338 					UBI_UNKNOWN);
339 		if (err)
340 			break;
341 
342 		off += len;
343 		if (off == vol->usable_leb_size) {
344 			lnum += 1;
345 			off -= vol->usable_leb_size;
346 		}
347 
348 		count -= len;
349 		*offp += len;
350 		buf += len;
351 		len = count > tbuf_size ? tbuf_size : count;
352 	}
353 
354 	vfree(tbuf);
355 	return err ? err : count_save - count;
356 }
357 
vol_cdev_write(struct file * file,const char __user * buf,size_t count,loff_t * offp)358 static ssize_t vol_cdev_write(struct file *file, const char __user *buf,
359 			      size_t count, loff_t *offp)
360 {
361 	int err = 0;
362 	struct ubi_volume_desc *desc = file->private_data;
363 	struct ubi_volume *vol = desc->vol;
364 	struct ubi_device *ubi = vol->ubi;
365 
366 	if (!vol->updating && !vol->changing_leb)
367 		return vol_cdev_direct_write(file, buf, count, offp);
368 
369 	if (vol->updating)
370 		err = ubi_more_update_data(ubi, vol, buf, count);
371 	else
372 		err = ubi_more_leb_change_data(ubi, vol, buf, count);
373 
374 	if (err < 0) {
375 		ubi_err("cannot accept more %zd bytes of data, error %d",
376 			count, err);
377 		return err;
378 	}
379 
380 	if (err) {
381 		/*
382 		 * The operation is finished, @err contains number of actually
383 		 * written bytes.
384 		 */
385 		count = err;
386 
387 		if (vol->changing_leb) {
388 			revoke_exclusive(desc, UBI_READWRITE);
389 			return count;
390 		}
391 
392 		err = ubi_check_volume(ubi, vol->vol_id);
393 		if (err < 0)
394 			return err;
395 
396 		if (err) {
397 			ubi_warn("volume %d on UBI device %d is corrupted",
398 				 vol->vol_id, ubi->ubi_num);
399 			vol->corrupted = 1;
400 		}
401 		vol->checked = 1;
402 		ubi_volume_notify(ubi, vol, UBI_VOLUME_UPDATED);
403 		revoke_exclusive(desc, UBI_READWRITE);
404 	}
405 
406 	return count;
407 }
408 
vol_cdev_ioctl(struct file * file,unsigned int cmd,unsigned long arg)409 static long vol_cdev_ioctl(struct file *file, unsigned int cmd,
410 			   unsigned long arg)
411 {
412 	int err = 0;
413 	struct ubi_volume_desc *desc = file->private_data;
414 	struct ubi_volume *vol = desc->vol;
415 	struct ubi_device *ubi = vol->ubi;
416 	void __user *argp = (void __user *)arg;
417 
418 	switch (cmd) {
419 	/* Volume update command */
420 	case UBI_IOCVOLUP:
421 	{
422 		int64_t bytes, rsvd_bytes;
423 
424 		if (!capable(CAP_SYS_RESOURCE)) {
425 			err = -EPERM;
426 			break;
427 		}
428 
429 		err = copy_from_user(&bytes, argp, sizeof(int64_t));
430 		if (err) {
431 			err = -EFAULT;
432 			break;
433 		}
434 
435 		if (desc->mode == UBI_READONLY) {
436 			err = -EROFS;
437 			break;
438 		}
439 
440 		rsvd_bytes = (long long)vol->reserved_pebs *
441 					ubi->leb_size-vol->data_pad;
442 		if (bytes < 0 || bytes > rsvd_bytes) {
443 			err = -EINVAL;
444 			break;
445 		}
446 
447 		err = get_exclusive(desc);
448 		if (err < 0)
449 			break;
450 
451 		err = ubi_start_update(ubi, vol, bytes);
452 		if (bytes == 0)
453 			revoke_exclusive(desc, UBI_READWRITE);
454 		break;
455 	}
456 
457 	/* Atomic logical eraseblock change command */
458 	case UBI_IOCEBCH:
459 	{
460 		struct ubi_leb_change_req req;
461 
462 		err = copy_from_user(&req, argp,
463 				     sizeof(struct ubi_leb_change_req));
464 		if (err) {
465 			err = -EFAULT;
466 			break;
467 		}
468 
469 		if (desc->mode == UBI_READONLY ||
470 		    vol->vol_type == UBI_STATIC_VOLUME) {
471 			err = -EROFS;
472 			break;
473 		}
474 
475 		/* Validate the request */
476 		err = -EINVAL;
477 		if (req.lnum < 0 || req.lnum >= vol->reserved_pebs ||
478 		    req.bytes < 0 || req.lnum >= vol->usable_leb_size)
479 			break;
480 		if (req.dtype != UBI_LONGTERM && req.dtype != UBI_SHORTTERM &&
481 		    req.dtype != UBI_UNKNOWN)
482 			break;
483 
484 		err = get_exclusive(desc);
485 		if (err < 0)
486 			break;
487 
488 		err = ubi_start_leb_change(ubi, vol, &req);
489 		if (req.bytes == 0)
490 			revoke_exclusive(desc, UBI_READWRITE);
491 		break;
492 	}
493 
494 	/* Logical eraseblock erasure command */
495 	case UBI_IOCEBER:
496 	{
497 		int32_t lnum;
498 
499 		err = get_user(lnum, (__user int32_t *)argp);
500 		if (err) {
501 			err = -EFAULT;
502 			break;
503 		}
504 
505 		if (desc->mode == UBI_READONLY ||
506 		    vol->vol_type == UBI_STATIC_VOLUME) {
507 			err = -EROFS;
508 			break;
509 		}
510 
511 		if (lnum < 0 || lnum >= vol->reserved_pebs) {
512 			err = -EINVAL;
513 			break;
514 		}
515 
516 		dbg_gen("erase LEB %d:%d", vol->vol_id, lnum);
517 		err = ubi_eba_unmap_leb(ubi, vol, lnum);
518 		if (err)
519 			break;
520 
521 		err = ubi_wl_flush(ubi);
522 		break;
523 	}
524 
525 	/* Logical eraseblock map command */
526 	case UBI_IOCEBMAP:
527 	{
528 		struct ubi_map_req req;
529 
530 		err = copy_from_user(&req, argp, sizeof(struct ubi_map_req));
531 		if (err) {
532 			err = -EFAULT;
533 			break;
534 		}
535 		err = ubi_leb_map(desc, req.lnum, req.dtype);
536 		break;
537 	}
538 
539 	/* Logical eraseblock un-map command */
540 	case UBI_IOCEBUNMAP:
541 	{
542 		int32_t lnum;
543 
544 		err = get_user(lnum, (__user int32_t *)argp);
545 		if (err) {
546 			err = -EFAULT;
547 			break;
548 		}
549 		err = ubi_leb_unmap(desc, lnum);
550 		break;
551 	}
552 
553 	/* Check if logical eraseblock is mapped command */
554 	case UBI_IOCEBISMAP:
555 	{
556 		int32_t lnum;
557 
558 		err = get_user(lnum, (__user int32_t *)argp);
559 		if (err) {
560 			err = -EFAULT;
561 			break;
562 		}
563 		err = ubi_is_mapped(desc, lnum);
564 		break;
565 	}
566 
567 	/* Set volume property command */
568 	case UBI_IOCSETVOLPROP:
569 	{
570 		struct ubi_set_vol_prop_req req;
571 
572 		err = copy_from_user(&req, argp,
573 				     sizeof(struct ubi_set_vol_prop_req));
574 		if (err) {
575 			err = -EFAULT;
576 			break;
577 		}
578 		switch (req.property) {
579 		case UBI_VOL_PROP_DIRECT_WRITE:
580 			mutex_lock(&ubi->device_mutex);
581 			desc->vol->direct_writes = !!req.value;
582 			mutex_unlock(&ubi->device_mutex);
583 			break;
584 		default:
585 			err = -EINVAL;
586 			break;
587 		}
588 		break;
589 	}
590 
591 	default:
592 		err = -ENOTTY;
593 		break;
594 	}
595 	return err;
596 }
597 
598 /**
599  * verify_mkvol_req - verify volume creation request.
600  * @ubi: UBI device description object
601  * @req: the request to check
602  *
603  * This function zero if the request is correct, and %-EINVAL if not.
604  */
verify_mkvol_req(const struct ubi_device * ubi,const struct ubi_mkvol_req * req)605 static int verify_mkvol_req(const struct ubi_device *ubi,
606 			    const struct ubi_mkvol_req *req)
607 {
608 	int n, err = -EINVAL;
609 
610 	if (req->bytes < 0 || req->alignment < 0 || req->vol_type < 0 ||
611 	    req->name_len < 0)
612 		goto bad;
613 
614 	if ((req->vol_id < 0 || req->vol_id >= ubi->vtbl_slots) &&
615 	    req->vol_id != UBI_VOL_NUM_AUTO)
616 		goto bad;
617 
618 	if (req->alignment == 0)
619 		goto bad;
620 
621 	if (req->bytes == 0)
622 		goto bad;
623 
624 	if (req->vol_type != UBI_DYNAMIC_VOLUME &&
625 	    req->vol_type != UBI_STATIC_VOLUME)
626 		goto bad;
627 
628 	if (req->alignment > ubi->leb_size)
629 		goto bad;
630 
631 	n = req->alignment & (ubi->min_io_size - 1);
632 	if (req->alignment != 1 && n)
633 		goto bad;
634 
635 	if (!req->name[0] || !req->name_len)
636 		goto bad;
637 
638 	if (req->name_len > UBI_VOL_NAME_MAX) {
639 		err = -ENAMETOOLONG;
640 		goto bad;
641 	}
642 
643 	n = strnlen(req->name, req->name_len + 1);
644 	if (n != req->name_len)
645 		goto bad;
646 
647 	return 0;
648 
649 bad:
650 	dbg_err("bad volume creation request");
651 	ubi_dbg_dump_mkvol_req(req);
652 	return err;
653 }
654 
655 /**
656  * verify_rsvol_req - verify volume re-size request.
657  * @ubi: UBI device description object
658  * @req: the request to check
659  *
660  * This function returns zero if the request is correct, and %-EINVAL if not.
661  */
verify_rsvol_req(const struct ubi_device * ubi,const struct ubi_rsvol_req * req)662 static int verify_rsvol_req(const struct ubi_device *ubi,
663 			    const struct ubi_rsvol_req *req)
664 {
665 	if (req->bytes <= 0)
666 		return -EINVAL;
667 
668 	if (req->vol_id < 0 || req->vol_id >= ubi->vtbl_slots)
669 		return -EINVAL;
670 
671 	return 0;
672 }
673 
674 /**
675  * rename_volumes - rename UBI volumes.
676  * @ubi: UBI device description object
677  * @req: volumes re-name request
678  *
679  * This is a helper function for the volume re-name IOCTL which validates the
680  * the request, opens the volume and calls corresponding volumes management
681  * function. Returns zero in case of success and a negative error code in case
682  * of failure.
683  */
rename_volumes(struct ubi_device * ubi,struct ubi_rnvol_req * req)684 static int rename_volumes(struct ubi_device *ubi,
685 			  struct ubi_rnvol_req *req)
686 {
687 	int i, n, err;
688 	struct list_head rename_list;
689 	struct ubi_rename_entry *re, *re1;
690 
691 	if (req->count < 0 || req->count > UBI_MAX_RNVOL)
692 		return -EINVAL;
693 
694 	if (req->count == 0)
695 		return 0;
696 
697 	/* Validate volume IDs and names in the request */
698 	for (i = 0; i < req->count; i++) {
699 		if (req->ents[i].vol_id < 0 ||
700 		    req->ents[i].vol_id >= ubi->vtbl_slots)
701 			return -EINVAL;
702 		if (req->ents[i].name_len < 0)
703 			return -EINVAL;
704 		if (req->ents[i].name_len > UBI_VOL_NAME_MAX)
705 			return -ENAMETOOLONG;
706 		req->ents[i].name[req->ents[i].name_len] = '\0';
707 		n = strlen(req->ents[i].name);
708 		if (n != req->ents[i].name_len)
709 			err = -EINVAL;
710 	}
711 
712 	/* Make sure volume IDs and names are unique */
713 	for (i = 0; i < req->count - 1; i++) {
714 		for (n = i + 1; n < req->count; n++) {
715 			if (req->ents[i].vol_id == req->ents[n].vol_id) {
716 				dbg_err("duplicated volume id %d",
717 					req->ents[i].vol_id);
718 				return -EINVAL;
719 			}
720 			if (!strcmp(req->ents[i].name, req->ents[n].name)) {
721 				dbg_err("duplicated volume name \"%s\"",
722 					req->ents[i].name);
723 				return -EINVAL;
724 			}
725 		}
726 	}
727 
728 	/* Create the re-name list */
729 	INIT_LIST_HEAD(&rename_list);
730 	for (i = 0; i < req->count; i++) {
731 		int vol_id = req->ents[i].vol_id;
732 		int name_len = req->ents[i].name_len;
733 		const char *name = req->ents[i].name;
734 
735 		re = kzalloc(sizeof(struct ubi_rename_entry), GFP_KERNEL);
736 		if (!re) {
737 			err = -ENOMEM;
738 			goto out_free;
739 		}
740 
741 		re->desc = ubi_open_volume(ubi->ubi_num, vol_id, UBI_EXCLUSIVE);
742 		if (IS_ERR(re->desc)) {
743 			err = PTR_ERR(re->desc);
744 			dbg_err("cannot open volume %d, error %d", vol_id, err);
745 			kfree(re);
746 			goto out_free;
747 		}
748 
749 		/* Skip this re-naming if the name does not really change */
750 		if (re->desc->vol->name_len == name_len &&
751 		    !memcmp(re->desc->vol->name, name, name_len)) {
752 			ubi_close_volume(re->desc);
753 			kfree(re);
754 			continue;
755 		}
756 
757 		re->new_name_len = name_len;
758 		memcpy(re->new_name, name, name_len);
759 		list_add_tail(&re->list, &rename_list);
760 		dbg_msg("will rename volume %d from \"%s\" to \"%s\"",
761 			vol_id, re->desc->vol->name, name);
762 	}
763 
764 	if (list_empty(&rename_list))
765 		return 0;
766 
767 	/* Find out the volumes which have to be removed */
768 	list_for_each_entry(re, &rename_list, list) {
769 		struct ubi_volume_desc *desc;
770 		int no_remove_needed = 0;
771 
772 		/*
773 		 * Volume @re->vol_id is going to be re-named to
774 		 * @re->new_name, while its current name is @name. If a volume
775 		 * with name @re->new_name currently exists, it has to be
776 		 * removed, unless it is also re-named in the request (@req).
777 		 */
778 		list_for_each_entry(re1, &rename_list, list) {
779 			if (re->new_name_len == re1->desc->vol->name_len &&
780 			    !memcmp(re->new_name, re1->desc->vol->name,
781 				    re1->desc->vol->name_len)) {
782 				no_remove_needed = 1;
783 				break;
784 			}
785 		}
786 
787 		if (no_remove_needed)
788 			continue;
789 
790 		/*
791 		 * It seems we need to remove volume with name @re->new_name,
792 		 * if it exists.
793 		 */
794 		desc = ubi_open_volume_nm(ubi->ubi_num, re->new_name,
795 					  UBI_EXCLUSIVE);
796 		if (IS_ERR(desc)) {
797 			err = PTR_ERR(desc);
798 			if (err == -ENODEV)
799 				/* Re-naming into a non-existing volume name */
800 				continue;
801 
802 			/* The volume exists but busy, or an error occurred */
803 			dbg_err("cannot open volume \"%s\", error %d",
804 				re->new_name, err);
805 			goto out_free;
806 		}
807 
808 		re1 = kzalloc(sizeof(struct ubi_rename_entry), GFP_KERNEL);
809 		if (!re1) {
810 			err = -ENOMEM;
811 			ubi_close_volume(desc);
812 			goto out_free;
813 		}
814 
815 		re1->remove = 1;
816 		re1->desc = desc;
817 		list_add(&re1->list, &rename_list);
818 		dbg_msg("will remove volume %d, name \"%s\"",
819 			re1->desc->vol->vol_id, re1->desc->vol->name);
820 	}
821 
822 	mutex_lock(&ubi->device_mutex);
823 	err = ubi_rename_volumes(ubi, &rename_list);
824 	mutex_unlock(&ubi->device_mutex);
825 
826 out_free:
827 	list_for_each_entry_safe(re, re1, &rename_list, list) {
828 		ubi_close_volume(re->desc);
829 		list_del(&re->list);
830 		kfree(re);
831 	}
832 	return err;
833 }
834 
ubi_cdev_ioctl(struct file * file,unsigned int cmd,unsigned long arg)835 static long ubi_cdev_ioctl(struct file *file, unsigned int cmd,
836 			   unsigned long arg)
837 {
838 	int err = 0;
839 	struct ubi_device *ubi;
840 	struct ubi_volume_desc *desc;
841 	void __user *argp = (void __user *)arg;
842 
843 	if (!capable(CAP_SYS_RESOURCE))
844 		return -EPERM;
845 
846 	ubi = ubi_get_by_major(imajor(file->f_mapping->host));
847 	if (!ubi)
848 		return -ENODEV;
849 
850 	switch (cmd) {
851 	/* Create volume command */
852 	case UBI_IOCMKVOL:
853 	{
854 		struct ubi_mkvol_req req;
855 
856 		dbg_gen("create volume");
857 		err = copy_from_user(&req, argp, sizeof(struct ubi_mkvol_req));
858 		if (err) {
859 			err = -EFAULT;
860 			break;
861 		}
862 
863 		err = verify_mkvol_req(ubi, &req);
864 		if (err)
865 			break;
866 
867 		mutex_lock(&ubi->device_mutex);
868 		err = ubi_create_volume(ubi, &req);
869 		mutex_unlock(&ubi->device_mutex);
870 		if (err)
871 			break;
872 
873 		err = put_user(req.vol_id, (__user int32_t *)argp);
874 		if (err)
875 			err = -EFAULT;
876 
877 		break;
878 	}
879 
880 	/* Remove volume command */
881 	case UBI_IOCRMVOL:
882 	{
883 		int vol_id;
884 
885 		dbg_gen("remove volume");
886 		err = get_user(vol_id, (__user int32_t *)argp);
887 		if (err) {
888 			err = -EFAULT;
889 			break;
890 		}
891 
892 		desc = ubi_open_volume(ubi->ubi_num, vol_id, UBI_EXCLUSIVE);
893 		if (IS_ERR(desc)) {
894 			err = PTR_ERR(desc);
895 			break;
896 		}
897 
898 		mutex_lock(&ubi->device_mutex);
899 		err = ubi_remove_volume(desc, 0);
900 		mutex_unlock(&ubi->device_mutex);
901 
902 		/*
903 		 * The volume is deleted (unless an error occurred), and the
904 		 * 'struct ubi_volume' object will be freed when
905 		 * 'ubi_close_volume()' will call 'put_device()'.
906 		 */
907 		ubi_close_volume(desc);
908 		break;
909 	}
910 
911 	/* Re-size volume command */
912 	case UBI_IOCRSVOL:
913 	{
914 		int pebs;
915 		struct ubi_rsvol_req req;
916 
917 		dbg_gen("re-size volume");
918 		err = copy_from_user(&req, argp, sizeof(struct ubi_rsvol_req));
919 		if (err) {
920 			err = -EFAULT;
921 			break;
922 		}
923 
924 		err = verify_rsvol_req(ubi, &req);
925 		if (err)
926 			break;
927 
928 		desc = ubi_open_volume(ubi->ubi_num, req.vol_id, UBI_EXCLUSIVE);
929 		if (IS_ERR(desc)) {
930 			err = PTR_ERR(desc);
931 			break;
932 		}
933 
934 		pebs = div_u64(req.bytes + desc->vol->usable_leb_size - 1,
935 			       desc->vol->usable_leb_size);
936 
937 		mutex_lock(&ubi->device_mutex);
938 		err = ubi_resize_volume(desc, pebs);
939 		mutex_unlock(&ubi->device_mutex);
940 		ubi_close_volume(desc);
941 		break;
942 	}
943 
944 	/* Re-name volumes command */
945 	case UBI_IOCRNVOL:
946 	{
947 		struct ubi_rnvol_req *req;
948 
949 		dbg_msg("re-name volumes");
950 		req = kmalloc(sizeof(struct ubi_rnvol_req), GFP_KERNEL);
951 		if (!req) {
952 			err = -ENOMEM;
953 			break;
954 		};
955 
956 		err = copy_from_user(req, argp, sizeof(struct ubi_rnvol_req));
957 		if (err) {
958 			err = -EFAULT;
959 			kfree(req);
960 			break;
961 		}
962 
963 		err = rename_volumes(ubi, req);
964 		kfree(req);
965 		break;
966 	}
967 
968 	default:
969 		err = -ENOTTY;
970 		break;
971 	}
972 
973 	ubi_put_device(ubi);
974 	return err;
975 }
976 
ctrl_cdev_ioctl(struct file * file,unsigned int cmd,unsigned long arg)977 static long ctrl_cdev_ioctl(struct file *file, unsigned int cmd,
978 			    unsigned long arg)
979 {
980 	int err = 0;
981 	void __user *argp = (void __user *)arg;
982 
983 	if (!capable(CAP_SYS_RESOURCE))
984 		return -EPERM;
985 
986 	switch (cmd) {
987 	/* Attach an MTD device command */
988 	case UBI_IOCATT:
989 	{
990 		struct ubi_attach_req req;
991 		struct mtd_info *mtd;
992 
993 		dbg_gen("attach MTD device");
994 		err = copy_from_user(&req, argp, sizeof(struct ubi_attach_req));
995 		if (err) {
996 			err = -EFAULT;
997 			break;
998 		}
999 
1000 		if (req.mtd_num < 0 ||
1001 		    (req.ubi_num < 0 && req.ubi_num != UBI_DEV_NUM_AUTO)) {
1002 			err = -EINVAL;
1003 			break;
1004 		}
1005 
1006 		mtd = get_mtd_device(NULL, req.mtd_num);
1007 		if (IS_ERR(mtd)) {
1008 			err = PTR_ERR(mtd);
1009 			break;
1010 		}
1011 
1012 		/*
1013 		 * Note, further request verification is done by
1014 		 * 'ubi_attach_mtd_dev()'.
1015 		 */
1016 		mutex_lock(&ubi_devices_mutex);
1017 		err = ubi_attach_mtd_dev(mtd, req.ubi_num, req.vid_hdr_offset);
1018 		mutex_unlock(&ubi_devices_mutex);
1019 		if (err < 0)
1020 			put_mtd_device(mtd);
1021 		else
1022 			/* @err contains UBI device number */
1023 			err = put_user(err, (__user int32_t *)argp);
1024 
1025 		break;
1026 	}
1027 
1028 	/* Detach an MTD device command */
1029 	case UBI_IOCDET:
1030 	{
1031 		int ubi_num;
1032 
1033 		dbg_gen("dettach MTD device");
1034 		err = get_user(ubi_num, (__user int32_t *)argp);
1035 		if (err) {
1036 			err = -EFAULT;
1037 			break;
1038 		}
1039 
1040 		mutex_lock(&ubi_devices_mutex);
1041 		err = ubi_detach_mtd_dev(ubi_num, 0);
1042 		mutex_unlock(&ubi_devices_mutex);
1043 		break;
1044 	}
1045 
1046 	default:
1047 		err = -ENOTTY;
1048 		break;
1049 	}
1050 
1051 	return err;
1052 }
1053 
1054 #ifdef CONFIG_COMPAT
vol_cdev_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1055 static long vol_cdev_compat_ioctl(struct file *file, unsigned int cmd,
1056 				  unsigned long arg)
1057 {
1058 	unsigned long translated_arg = (unsigned long)compat_ptr(arg);
1059 
1060 	return vol_cdev_ioctl(file, cmd, translated_arg);
1061 }
1062 
ubi_cdev_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1063 static long ubi_cdev_compat_ioctl(struct file *file, unsigned int cmd,
1064 				  unsigned long arg)
1065 {
1066 	unsigned long translated_arg = (unsigned long)compat_ptr(arg);
1067 
1068 	return ubi_cdev_ioctl(file, cmd, translated_arg);
1069 }
1070 
ctrl_cdev_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1071 static long ctrl_cdev_compat_ioctl(struct file *file, unsigned int cmd,
1072 				   unsigned long arg)
1073 {
1074 	unsigned long translated_arg = (unsigned long)compat_ptr(arg);
1075 
1076 	return ctrl_cdev_ioctl(file, cmd, translated_arg);
1077 }
1078 #else
1079 #define vol_cdev_compat_ioctl  NULL
1080 #define ubi_cdev_compat_ioctl  NULL
1081 #define ctrl_cdev_compat_ioctl NULL
1082 #endif
1083 
1084 /* UBI volume character device operations */
1085 const struct file_operations ubi_vol_cdev_operations = {
1086 	.owner          = THIS_MODULE,
1087 	.open           = vol_cdev_open,
1088 	.release        = vol_cdev_release,
1089 	.llseek         = vol_cdev_llseek,
1090 	.read           = vol_cdev_read,
1091 	.write          = vol_cdev_write,
1092 	.fsync		= vol_cdev_fsync,
1093 	.unlocked_ioctl = vol_cdev_ioctl,
1094 	.compat_ioctl   = vol_cdev_compat_ioctl,
1095 };
1096 
1097 /* UBI character device operations */
1098 const struct file_operations ubi_cdev_operations = {
1099 	.owner          = THIS_MODULE,
1100 	.llseek         = no_llseek,
1101 	.unlocked_ioctl = ubi_cdev_ioctl,
1102 	.compat_ioctl   = ubi_cdev_compat_ioctl,
1103 };
1104 
1105 /* UBI control character device operations */
1106 const struct file_operations ubi_ctrl_cdev_operations = {
1107 	.owner          = THIS_MODULE,
1108 	.unlocked_ioctl = ctrl_cdev_ioctl,
1109 	.compat_ioctl   = ctrl_cdev_compat_ioctl,
1110 	.llseek		= no_llseek,
1111 };
1112