Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / mtd / afs.c
blob5a3942bf109cd9ccded20d42fc4ee62b36a3ad8e
1 /*======================================================================
3 drivers/mtd/afs.c: ARM Flash Layout/Partitioning
5 Copyright © 2000 ARM Limited
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 This is access code for flashes using ARM's flash partitioning
22 standards.
24 ======================================================================*/
26 #include <linux/module.h>
27 #include <linux/types.h>
28 #include <linux/kernel.h>
29 #include <linux/slab.h>
30 #include <linux/string.h>
31 #include <linux/init.h>
33 #include <linux/mtd/mtd.h>
34 #include <linux/mtd/map.h>
35 #include <linux/mtd/partitions.h>
37 struct footer_struct {
38 u32 image_info_base; /* Address of first word of ImageFooter */
39 u32 image_start; /* Start of area reserved by this footer */
40 u32 signature; /* 'Magic' number proves it's a footer */
41 u32 type; /* Area type: ARM Image, SIB, customer */
42 u32 checksum; /* Just this structure */
45 struct image_info_struct {
46 u32 bootFlags; /* Boot flags, compression etc. */
47 u32 imageNumber; /* Unique number, selects for boot etc. */
48 u32 loadAddress; /* Address program should be loaded to */
49 u32 length; /* Actual size of image */
50 u32 address; /* Image is executed from here */
51 char name[16]; /* Null terminated */
52 u32 headerBase; /* Flash Address of any stripped header */
53 u32 header_length; /* Length of header in memory */
54 u32 headerType; /* AIF, RLF, s-record etc. */
55 u32 checksum; /* Image checksum (inc. this struct) */
58 static u32 word_sum(void *words, int num)
60 u32 *p = words;
61 u32 sum = 0;
63 while (num--)
64 sum += *p++;
66 return sum;
69 static int
70 afs_read_footer(struct mtd_info *mtd, u_int *img_start, u_int *iis_start,
71 u_int off, u_int mask)
73 struct footer_struct fs;
74 u_int ptr = off + mtd->erasesize - sizeof(fs);
75 size_t sz;
76 int ret;
78 ret = mtd_read(mtd, ptr, sizeof(fs), &sz, (u_char *)&fs);
79 if (ret >= 0 && sz != sizeof(fs))
80 ret = -EINVAL;
82 if (ret < 0) {
83 printk(KERN_ERR "AFS: mtd read failed at 0x%x: %d\n",
84 ptr, ret);
85 return ret;
88 ret = 1;
91 * Does it contain the magic number?
93 if (fs.signature != 0xa0ffff9f)
94 ret = 0;
97 * Check the checksum.
99 if (word_sum(&fs, sizeof(fs) / sizeof(u32)) != 0xffffffff)
100 ret = 0;
103 * Don't touch the SIB.
105 if (fs.type == 2)
106 ret = 0;
108 *iis_start = fs.image_info_base & mask;
109 *img_start = fs.image_start & mask;
112 * Check the image info base. This can not
113 * be located after the footer structure.
115 if (*iis_start >= ptr)
116 ret = 0;
119 * Check the start of this image. The image
120 * data can not be located after this block.
122 if (*img_start > off)
123 ret = 0;
125 return ret;
128 static int
129 afs_read_iis(struct mtd_info *mtd, struct image_info_struct *iis, u_int ptr)
131 size_t sz;
132 int ret, i;
134 memset(iis, 0, sizeof(*iis));
135 ret = mtd_read(mtd, ptr, sizeof(*iis), &sz, (u_char *)iis);
136 if (ret < 0)
137 goto failed;
139 if (sz != sizeof(*iis)) {
140 ret = -EINVAL;
141 goto failed;
144 ret = 0;
147 * Validate the name - it must be NUL terminated.
149 for (i = 0; i < sizeof(iis->name); i++)
150 if (iis->name[i] == '\0')
151 break;
153 if (i < sizeof(iis->name))
154 ret = 1;
156 return ret;
158 failed:
159 printk(KERN_ERR "AFS: mtd read failed at 0x%x: %d\n",
160 ptr, ret);
161 return ret;
164 static int parse_afs_partitions(struct mtd_info *mtd,
165 struct mtd_partition **pparts,
166 struct mtd_part_parser_data *data)
168 struct mtd_partition *parts;
169 u_int mask, off, idx, sz;
170 int ret = 0;
171 char *str;
174 * This is the address mask; we use this to mask off out of
175 * range address bits.
177 mask = mtd->size - 1;
180 * First, calculate the size of the array we need for the
181 * partition information. We include in this the size of
182 * the strings.
184 for (idx = off = sz = 0; off < mtd->size; off += mtd->erasesize) {
185 struct image_info_struct iis;
186 u_int iis_ptr, img_ptr;
188 ret = afs_read_footer(mtd, &img_ptr, &iis_ptr, off, mask);
189 if (ret < 0)
190 break;
191 if (ret == 0)
192 continue;
194 ret = afs_read_iis(mtd, &iis, iis_ptr);
195 if (ret < 0)
196 break;
197 if (ret == 0)
198 continue;
200 sz += sizeof(struct mtd_partition);
201 sz += strlen(iis.name) + 1;
202 idx += 1;
205 if (!sz)
206 return ret;
208 parts = kzalloc(sz, GFP_KERNEL);
209 if (!parts)
210 return -ENOMEM;
212 str = (char *)(parts + idx);
215 * Identify the partitions
217 for (idx = off = 0; off < mtd->size; off += mtd->erasesize) {
218 struct image_info_struct iis;
219 u_int iis_ptr, img_ptr;
221 /* Read the footer. */
222 ret = afs_read_footer(mtd, &img_ptr, &iis_ptr, off, mask);
223 if (ret < 0)
224 break;
225 if (ret == 0)
226 continue;
228 /* Read the image info block */
229 ret = afs_read_iis(mtd, &iis, iis_ptr);
230 if (ret < 0)
231 break;
232 if (ret == 0)
233 continue;
235 strcpy(str, iis.name);
237 parts[idx].name = str;
238 parts[idx].size = (iis.length + mtd->erasesize - 1) & ~(mtd->erasesize - 1);
239 parts[idx].offset = img_ptr;
240 parts[idx].mask_flags = 0;
242 printk(" mtd%d: at 0x%08x, %5lluKiB, %8u, %s\n",
243 idx, img_ptr, parts[idx].size / 1024,
244 iis.imageNumber, str);
246 idx += 1;
247 str = str + strlen(iis.name) + 1;
250 if (!idx) {
251 kfree(parts);
252 parts = NULL;
255 *pparts = parts;
256 return idx ? idx : ret;
259 static struct mtd_part_parser afs_parser = {
260 .owner = THIS_MODULE,
261 .parse_fn = parse_afs_partitions,
262 .name = "afs",
265 static int __init afs_parser_init(void)
267 return register_mtd_parser(&afs_parser);
270 static void __exit afs_parser_exit(void)
272 deregister_mtd_parser(&afs_parser);
275 module_init(afs_parser_init);
276 module_exit(afs_parser_exit);
279 MODULE_AUTHOR("ARM Ltd");
280 MODULE_DESCRIPTION("ARM Firmware Suite partition parser");
281 MODULE_LICENSE("GPL");