2 * Character-device access to raw MTD devices.
6 #include <linux/device.h>
10 #include <linux/init.h>
11 #include <linux/kernel.h>
12 #include <linux/module.h>
13 #include <linux/slab.h>
14 #include <linux/sched.h>
15 #include <linux/smp_lock.h>
16 #include <linux/backing-dev.h>
17 #include <linux/compat.h>
19 #include <linux/mtd/mtd.h>
20 #include <linux/mtd/compatmac.h>
22 #include <asm/uaccess.h>
26 * Data structure to hold the pointer to the mtd device as well
27 * as mode information ofr various use cases.
29 struct mtd_file_info
{
31 enum mtd_file_modes mode
;
34 static loff_t
mtd_lseek (struct file
*file
, loff_t offset
, int orig
)
36 struct mtd_file_info
*mfi
= file
->private_data
;
37 struct mtd_info
*mtd
= mfi
->mtd
;
43 offset
+= file
->f_pos
;
52 if (offset
>= 0 && offset
<= mtd
->size
)
53 return file
->f_pos
= offset
;
60 static int mtd_open(struct inode
*inode
, struct file
*file
)
62 int minor
= iminor(inode
);
63 int devnum
= minor
>> 1;
66 struct mtd_file_info
*mfi
;
68 DEBUG(MTD_DEBUG_LEVEL0
, "MTD_open\n");
70 if (devnum
>= MAX_MTD_DEVICES
)
73 /* You can't open the RO devices RW */
74 if ((file
->f_mode
& FMODE_WRITE
) && (minor
& 1))
78 mtd
= get_mtd_device(NULL
, devnum
);
85 if (mtd
->type
== MTD_ABSENT
) {
91 if (mtd
->backing_dev_info
)
92 file
->f_mapping
->backing_dev_info
= mtd
->backing_dev_info
;
94 /* You can't open it RW if it's not a writeable device */
95 if ((file
->f_mode
& FMODE_WRITE
) && !(mtd
->flags
& MTD_WRITEABLE
)) {
101 mfi
= kzalloc(sizeof(*mfi
), GFP_KERNEL
);
108 file
->private_data
= mfi
;
115 /*====================================================================*/
117 static int mtd_close(struct inode
*inode
, struct file
*file
)
119 struct mtd_file_info
*mfi
= file
->private_data
;
120 struct mtd_info
*mtd
= mfi
->mtd
;
122 DEBUG(MTD_DEBUG_LEVEL0
, "MTD_close\n");
124 /* Only sync if opened RW */
125 if ((file
->f_mode
& FMODE_WRITE
) && mtd
->sync
)
129 file
->private_data
= NULL
;
135 /* FIXME: This _really_ needs to die. In 2.5, we should lock the
136 userspace buffer down and use it directly with readv/writev.
138 #define MAX_KMALLOC_SIZE 0x20000
140 static ssize_t
mtd_read(struct file
*file
, char __user
*buf
, size_t count
,loff_t
*ppos
)
142 struct mtd_file_info
*mfi
= file
->private_data
;
143 struct mtd_info
*mtd
= mfi
->mtd
;
145 size_t total_retlen
=0;
150 DEBUG(MTD_DEBUG_LEVEL0
,"MTD_read\n");
152 if (*ppos
+ count
> mtd
->size
)
153 count
= mtd
->size
- *ppos
;
158 /* FIXME: Use kiovec in 2.5 to lock down the user's buffers
159 and pass them directly to the MTD functions */
161 if (count
> MAX_KMALLOC_SIZE
)
162 kbuf
=kmalloc(MAX_KMALLOC_SIZE
, GFP_KERNEL
);
164 kbuf
=kmalloc(count
, GFP_KERNEL
);
171 if (count
> MAX_KMALLOC_SIZE
)
172 len
= MAX_KMALLOC_SIZE
;
177 case MTD_MODE_OTP_FACTORY
:
178 ret
= mtd
->read_fact_prot_reg(mtd
, *ppos
, len
, &retlen
, kbuf
);
180 case MTD_MODE_OTP_USER
:
181 ret
= mtd
->read_user_prot_reg(mtd
, *ppos
, len
, &retlen
, kbuf
);
185 struct mtd_oob_ops ops
;
187 ops
.mode
= MTD_OOB_RAW
;
192 ret
= mtd
->read_oob(mtd
, *ppos
, &ops
);
197 ret
= mtd
->read(mtd
, *ppos
, len
, &retlen
, kbuf
);
199 /* Nand returns -EBADMSG on ecc errors, but it returns
200 * the data. For our userspace tools it is important
201 * to dump areas with ecc errors !
202 * For kernel internal usage it also might return -EUCLEAN
203 * to signal the caller that a bitflip has occured and has
204 * been corrected by the ECC algorithm.
205 * Userspace software which accesses NAND this way
206 * must be aware of the fact that it deals with NAND
208 if (!ret
|| (ret
== -EUCLEAN
) || (ret
== -EBADMSG
)) {
210 if (copy_to_user(buf
, kbuf
, retlen
)) {
215 total_retlen
+= retlen
;
233 static ssize_t
mtd_write(struct file
*file
, const char __user
*buf
, size_t count
,loff_t
*ppos
)
235 struct mtd_file_info
*mfi
= file
->private_data
;
236 struct mtd_info
*mtd
= mfi
->mtd
;
239 size_t total_retlen
=0;
243 DEBUG(MTD_DEBUG_LEVEL0
,"MTD_write\n");
245 if (*ppos
== mtd
->size
)
248 if (*ppos
+ count
> mtd
->size
)
249 count
= mtd
->size
- *ppos
;
254 if (count
> MAX_KMALLOC_SIZE
)
255 kbuf
=kmalloc(MAX_KMALLOC_SIZE
, GFP_KERNEL
);
257 kbuf
=kmalloc(count
, GFP_KERNEL
);
264 if (count
> MAX_KMALLOC_SIZE
)
265 len
= MAX_KMALLOC_SIZE
;
269 if (copy_from_user(kbuf
, buf
, len
)) {
275 case MTD_MODE_OTP_FACTORY
:
278 case MTD_MODE_OTP_USER
:
279 if (!mtd
->write_user_prot_reg
) {
283 ret
= mtd
->write_user_prot_reg(mtd
, *ppos
, len
, &retlen
, kbuf
);
288 struct mtd_oob_ops ops
;
290 ops
.mode
= MTD_OOB_RAW
;
296 ret
= mtd
->write_oob(mtd
, *ppos
, &ops
);
302 ret
= (*(mtd
->write
))(mtd
, *ppos
, len
, &retlen
, kbuf
);
306 total_retlen
+= retlen
;
320 /*======================================================================
322 IOCTL calls for getting device parameters.
324 ======================================================================*/
325 static void mtdchar_erase_callback (struct erase_info
*instr
)
327 wake_up((wait_queue_head_t
*)instr
->priv
);
330 #ifdef CONFIG_HAVE_MTD_OTP
331 static int otp_select_filemode(struct mtd_file_info
*mfi
, int mode
)
333 struct mtd_info
*mtd
= mfi
->mtd
;
337 case MTD_OTP_FACTORY
:
338 if (!mtd
->read_fact_prot_reg
)
341 mfi
->mode
= MTD_MODE_OTP_FACTORY
;
344 if (!mtd
->read_fact_prot_reg
)
347 mfi
->mode
= MTD_MODE_OTP_USER
;
357 # define otp_select_filemode(f,m) -EOPNOTSUPP
360 static int mtd_do_writeoob(struct file
*file
, struct mtd_info
*mtd
,
361 uint64_t start
, uint32_t length
, void __user
*ptr
,
362 uint32_t __user
*retp
)
364 struct mtd_oob_ops ops
;
368 if (!(file
->f_mode
& FMODE_WRITE
))
377 ret
= access_ok(VERIFY_READ
, ptr
, length
) ? 0 : EFAULT
;
383 ops
.ooboffs
= start
& (mtd
->oobsize
- 1);
385 ops
.mode
= MTD_OOB_PLACE
;
387 if (ops
.ooboffs
&& ops
.ooblen
> (mtd
->oobsize
- ops
.ooboffs
))
390 ops
.oobbuf
= kmalloc(length
, GFP_KERNEL
);
394 if (copy_from_user(ops
.oobbuf
, ptr
, length
)) {
399 start
&= ~((uint64_t)mtd
->oobsize
- 1);
400 ret
= mtd
->write_oob(mtd
, start
, &ops
);
402 if (ops
.oobretlen
> 0xFFFFFFFFU
)
404 retlen
= ops
.oobretlen
;
405 if (copy_to_user(retp
, &retlen
, sizeof(length
)))
412 static int mtd_do_readoob(struct mtd_info
*mtd
, uint64_t start
,
413 uint32_t length
, void __user
*ptr
, uint32_t __user
*retp
)
415 struct mtd_oob_ops ops
;
424 ret
= access_ok(VERIFY_WRITE
, ptr
,
425 length
) ? 0 : -EFAULT
;
430 ops
.ooboffs
= start
& (mtd
->oobsize
- 1);
432 ops
.mode
= MTD_OOB_PLACE
;
434 if (ops
.ooboffs
&& ops
.ooblen
> (mtd
->oobsize
- ops
.ooboffs
))
437 ops
.oobbuf
= kmalloc(length
, GFP_KERNEL
);
441 start
&= ~((uint64_t)mtd
->oobsize
- 1);
442 ret
= mtd
->read_oob(mtd
, start
, &ops
);
444 if (put_user(ops
.oobretlen
, retp
))
446 else if (ops
.oobretlen
&& copy_to_user(ptr
, ops
.oobbuf
,
454 static int mtd_ioctl(struct inode
*inode
, struct file
*file
,
455 u_int cmd
, u_long arg
)
457 struct mtd_file_info
*mfi
= file
->private_data
;
458 struct mtd_info
*mtd
= mfi
->mtd
;
459 void __user
*argp
= (void __user
*)arg
;
462 struct mtd_info_user info
;
464 DEBUG(MTD_DEBUG_LEVEL0
, "MTD_ioctl\n");
466 size
= (cmd
& IOCSIZE_MASK
) >> IOCSIZE_SHIFT
;
468 if (!access_ok(VERIFY_READ
, argp
, size
))
472 if (!access_ok(VERIFY_WRITE
, argp
, size
))
477 case MEMGETREGIONCOUNT
:
478 if (copy_to_user(argp
, &(mtd
->numeraseregions
), sizeof(int)))
482 case MEMGETREGIONINFO
:
485 struct mtd_erase_region_info
*kr
;
486 struct region_info_user
*ur
= (struct region_info_user
*) argp
;
488 if (get_user(ur_idx
, &(ur
->regionindex
)))
491 kr
= &(mtd
->eraseregions
[ur_idx
]);
493 if (put_user(kr
->offset
, &(ur
->offset
))
494 || put_user(kr
->erasesize
, &(ur
->erasesize
))
495 || put_user(kr
->numblocks
, &(ur
->numblocks
)))
502 info
.type
= mtd
->type
;
503 info
.flags
= mtd
->flags
;
504 info
.size
= mtd
->size
;
505 info
.erasesize
= mtd
->erasesize
;
506 info
.writesize
= mtd
->writesize
;
507 info
.oobsize
= mtd
->oobsize
;
508 /* The below fields are obsolete */
511 if (copy_to_user(argp
, &info
, sizeof(struct mtd_info_user
)))
518 struct erase_info
*erase
;
520 if(!(file
->f_mode
& FMODE_WRITE
))
523 erase
=kzalloc(sizeof(struct erase_info
),GFP_KERNEL
);
527 wait_queue_head_t waitq
;
528 DECLARE_WAITQUEUE(wait
, current
);
530 init_waitqueue_head(&waitq
);
532 if (cmd
== MEMERASE64
) {
533 struct erase_info_user64 einfo64
;
535 if (copy_from_user(&einfo64
, argp
,
536 sizeof(struct erase_info_user64
))) {
540 erase
->addr
= einfo64
.start
;
541 erase
->len
= einfo64
.length
;
543 struct erase_info_user einfo32
;
545 if (copy_from_user(&einfo32
, argp
,
546 sizeof(struct erase_info_user
))) {
550 erase
->addr
= einfo32
.start
;
551 erase
->len
= einfo32
.length
;
554 erase
->callback
= mtdchar_erase_callback
;
555 erase
->priv
= (unsigned long)&waitq
;
558 FIXME: Allow INTERRUPTIBLE. Which means
559 not having the wait_queue head on the stack.
561 If the wq_head is on the stack, and we
562 leave because we got interrupted, then the
563 wq_head is no longer there when the
564 callback routine tries to wake us up.
566 ret
= mtd
->erase(mtd
, erase
);
568 set_current_state(TASK_UNINTERRUPTIBLE
);
569 add_wait_queue(&waitq
, &wait
);
570 if (erase
->state
!= MTD_ERASE_DONE
&&
571 erase
->state
!= MTD_ERASE_FAILED
)
573 remove_wait_queue(&waitq
, &wait
);
574 set_current_state(TASK_RUNNING
);
576 ret
= (erase
->state
== MTD_ERASE_FAILED
)?-EIO
:0;
585 struct mtd_oob_buf buf
;
586 struct mtd_oob_buf __user
*buf_user
= argp
;
588 /* NOTE: writes return length to buf_user->length */
589 if (copy_from_user(&buf
, argp
, sizeof(buf
)))
592 ret
= mtd_do_writeoob(file
, mtd
, buf
.start
, buf
.length
,
593 buf
.ptr
, &buf_user
->length
);
599 struct mtd_oob_buf buf
;
600 struct mtd_oob_buf __user
*buf_user
= argp
;
602 /* NOTE: writes return length to buf_user->start */
603 if (copy_from_user(&buf
, argp
, sizeof(buf
)))
606 ret
= mtd_do_readoob(mtd
, buf
.start
, buf
.length
,
607 buf
.ptr
, &buf_user
->start
);
613 struct mtd_oob_buf64 buf
;
614 struct mtd_oob_buf64 __user
*buf_user
= argp
;
616 if (copy_from_user(&buf
, argp
, sizeof(buf
)))
619 ret
= mtd_do_writeoob(file
, mtd
, buf
.start
, buf
.length
,
620 (void __user
*)(uintptr_t)buf
.usr_ptr
,
627 struct mtd_oob_buf64 buf
;
628 struct mtd_oob_buf64 __user
*buf_user
= argp
;
630 if (copy_from_user(&buf
, argp
, sizeof(buf
)))
633 ret
= mtd_do_readoob(mtd
, buf
.start
, buf
.length
,
634 (void __user
*)(uintptr_t)buf
.usr_ptr
,
641 struct erase_info_user einfo
;
643 if (copy_from_user(&einfo
, argp
, sizeof(einfo
)))
649 ret
= mtd
->lock(mtd
, einfo
.start
, einfo
.length
);
655 struct erase_info_user einfo
;
657 if (copy_from_user(&einfo
, argp
, sizeof(einfo
)))
663 ret
= mtd
->unlock(mtd
, einfo
.start
, einfo
.length
);
667 /* Legacy interface */
670 struct nand_oobinfo oi
;
674 if (mtd
->ecclayout
->eccbytes
> ARRAY_SIZE(oi
.eccpos
))
677 oi
.useecc
= MTD_NANDECC_AUTOPLACE
;
678 memcpy(&oi
.eccpos
, mtd
->ecclayout
->eccpos
, sizeof(oi
.eccpos
));
679 memcpy(&oi
.oobfree
, mtd
->ecclayout
->oobfree
,
681 oi
.eccbytes
= mtd
->ecclayout
->eccbytes
;
683 if (copy_to_user(argp
, &oi
, sizeof(struct nand_oobinfo
)))
692 if (copy_from_user(&offs
, argp
, sizeof(loff_t
)))
694 if (!mtd
->block_isbad
)
697 return mtd
->block_isbad(mtd
, offs
);
705 if (copy_from_user(&offs
, argp
, sizeof(loff_t
)))
707 if (!mtd
->block_markbad
)
710 return mtd
->block_markbad(mtd
, offs
);
714 #ifdef CONFIG_HAVE_MTD_OTP
718 if (copy_from_user(&mode
, argp
, sizeof(int)))
721 mfi
->mode
= MTD_MODE_NORMAL
;
723 ret
= otp_select_filemode(mfi
, mode
);
729 case OTPGETREGIONCOUNT
:
730 case OTPGETREGIONINFO
:
732 struct otp_info
*buf
= kmalloc(4096, GFP_KERNEL
);
737 case MTD_MODE_OTP_FACTORY
:
738 if (mtd
->get_fact_prot_info
)
739 ret
= mtd
->get_fact_prot_info(mtd
, buf
, 4096);
741 case MTD_MODE_OTP_USER
:
742 if (mtd
->get_user_prot_info
)
743 ret
= mtd
->get_user_prot_info(mtd
, buf
, 4096);
749 if (cmd
== OTPGETREGIONCOUNT
) {
750 int nbr
= ret
/ sizeof(struct otp_info
);
751 ret
= copy_to_user(argp
, &nbr
, sizeof(int));
753 ret
= copy_to_user(argp
, buf
, ret
);
763 struct otp_info oinfo
;
765 if (mfi
->mode
!= MTD_MODE_OTP_USER
)
767 if (copy_from_user(&oinfo
, argp
, sizeof(oinfo
)))
769 if (!mtd
->lock_user_prot_reg
)
771 ret
= mtd
->lock_user_prot_reg(mtd
, oinfo
.start
, oinfo
.length
);
781 if (copy_to_user(argp
, mtd
->ecclayout
,
782 sizeof(struct nand_ecclayout
)))
789 if (copy_to_user(argp
, &mtd
->ecc_stats
,
790 sizeof(struct mtd_ecc_stats
)))
800 case MTD_MODE_OTP_FACTORY
:
801 case MTD_MODE_OTP_USER
:
802 ret
= otp_select_filemode(mfi
, arg
);
806 if (!mtd
->read_oob
|| !mtd
->write_oob
)
810 case MTD_MODE_NORMAL
:
828 struct mtd_oob_buf32
{
831 compat_caddr_t ptr
; /* unsigned char* */
834 #define MEMWRITEOOB32 _IOWR('M', 3, struct mtd_oob_buf32)
835 #define MEMREADOOB32 _IOWR('M', 4, struct mtd_oob_buf32)
837 static long mtd_compat_ioctl(struct file
*file
, unsigned int cmd
,
840 struct inode
*inode
= file
->f_path
.dentry
->d_inode
;
841 struct mtd_file_info
*mfi
= file
->private_data
;
842 struct mtd_info
*mtd
= mfi
->mtd
;
843 void __user
*argp
= compat_ptr(arg
);
851 struct mtd_oob_buf32 buf
;
852 struct mtd_oob_buf32 __user
*buf_user
= argp
;
854 if (copy_from_user(&buf
, argp
, sizeof(buf
)))
857 ret
= mtd_do_writeoob(file
, mtd
, buf
.start
,
858 buf
.length
, compat_ptr(buf
.ptr
),
865 struct mtd_oob_buf32 buf
;
866 struct mtd_oob_buf32 __user
*buf_user
= argp
;
868 /* NOTE: writes return length to buf->start */
869 if (copy_from_user(&buf
, argp
, sizeof(buf
)))
872 ret
= mtd_do_readoob(mtd
, buf
.start
,
873 buf
.length
, compat_ptr(buf
.ptr
),
878 ret
= mtd_ioctl(inode
, file
, cmd
, (unsigned long)argp
);
886 #endif /* CONFIG_COMPAT */
889 * try to determine where a shared mapping can be made
890 * - only supported for NOMMU at the moment (MMU can't doesn't copy private
894 static unsigned long mtd_get_unmapped_area(struct file
*file
,
900 struct mtd_file_info
*mfi
= file
->private_data
;
901 struct mtd_info
*mtd
= mfi
->mtd
;
903 if (mtd
->get_unmapped_area
) {
904 unsigned long offset
;
907 return (unsigned long) -EINVAL
;
909 if (len
> mtd
->size
|| pgoff
>= (mtd
->size
>> PAGE_SHIFT
))
910 return (unsigned long) -EINVAL
;
912 offset
= pgoff
<< PAGE_SHIFT
;
913 if (offset
> mtd
->size
- len
)
914 return (unsigned long) -EINVAL
;
916 return mtd
->get_unmapped_area(mtd
, len
, offset
, flags
);
919 /* can't map directly */
920 return (unsigned long) -ENOSYS
;
925 * set up a mapping for shared memory segments
927 static int mtd_mmap(struct file
*file
, struct vm_area_struct
*vma
)
930 struct mtd_file_info
*mfi
= file
->private_data
;
931 struct mtd_info
*mtd
= mfi
->mtd
;
933 if (mtd
->type
== MTD_RAM
|| mtd
->type
== MTD_ROM
)
937 return vma
->vm_flags
& VM_SHARED
? 0 : -ENOSYS
;
941 static const struct file_operations mtd_fops
= {
942 .owner
= THIS_MODULE
,
948 .compat_ioctl
= mtd_compat_ioctl
,
951 .release
= mtd_close
,
954 .get_unmapped_area
= mtd_get_unmapped_area
,
958 static int __init
init_mtdchar(void)
962 status
= register_chrdev(MTD_CHAR_MAJOR
, "mtd", &mtd_fops
);
964 printk(KERN_NOTICE
"Can't allocate major number %d for Memory Technology Devices.\n",
971 static void __exit
cleanup_mtdchar(void)
973 unregister_chrdev(MTD_CHAR_MAJOR
, "mtd");
976 module_init(init_mtdchar
);
977 module_exit(cleanup_mtdchar
);
979 MODULE_ALIAS_CHARDEV_MAJOR(MTD_CHAR_MAJOR
);
981 MODULE_LICENSE("GPL");
982 MODULE_AUTHOR("David Woodhouse <dwmw2@infradead.org>");
983 MODULE_DESCRIPTION("Direct character-device access to MTD devices");
984 MODULE_ALIAS_CHARDEV_MAJOR(MTD_CHAR_MAJOR
);