Commit 5def48982b778aaebe201f85af7170b7d0a6619f
Committed by
David Woodhouse
David Woodhouse
1 parent
8273a0c911
Exists in
master
and in
20 other branches
mtd: do not duplicate length and offset checks in drivers
We already verify that offset and length are within the MTD device size in the MTD API functions. Let's remove the duplicated checks in drivers. This patch only affects the following API's: 'mtd_erase()' 'mtd_point()' 'mtd_unpoint()' 'mtd_get_unmapped_area()' 'mtd_read()' 'mtd_write()' 'mtd_panic_write()' 'mtd_lock()' 'mtd_unlock()' 'mtd_is_locked()' 'mtd_block_isbad()' 'mtd_block_markbad()' This patch adds a bit of noise by removing too sparse empty lines, but this is not too bad. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Showing 23 changed files with 3 additions and 321 deletions Side-by-side Diff
- drivers/mtd/chips/cfi_cmdset_0001.c
- drivers/mtd/chips/cfi_cmdset_0020.c
- drivers/mtd/chips/cfi_util.c
- drivers/mtd/devices/block2mtd.c
- drivers/mtd/devices/doc2000.c
- drivers/mtd/devices/doc2001.c
- drivers/mtd/devices/doc2001plus.c
- drivers/mtd/devices/lart.c
- drivers/mtd/devices/m25p80.c
- drivers/mtd/devices/ms02-nv.c
- drivers/mtd/devices/mtd_dataflash.c
- drivers/mtd/devices/mtdram.c
- drivers/mtd/devices/phram.c
- drivers/mtd/devices/pmc551.c
- drivers/mtd/devices/slram.c
- drivers/mtd/devices/spear_smi.c
- drivers/mtd/devices/sst25l.c
- drivers/mtd/lpddr/lpddr_cmds.c
- drivers/mtd/mtdconcat.c
- drivers/mtd/mtdpart.c
- drivers/mtd/nand/nand_base.c
- drivers/mtd/onenand/onenand_base.c
- drivers/mtd/ubi/gluebi.c
drivers/mtd/chips/cfi_cmdset_0001.c
drivers/mtd/chips/cfi_cmdset_0020.c
| ... | ... | @@ -904,12 +904,6 @@ |
| 904 | 904 | int i, first; |
| 905 | 905 | struct mtd_erase_region_info *regions = mtd->eraseregions; |
| 906 | 906 | |
| 907 | - if (instr->addr > mtd->size) | |
| 908 | - return -EINVAL; | |
| 909 | - | |
| 910 | - if ((instr->len + instr->addr) > mtd->size) | |
| 911 | - return -EINVAL; | |
| 912 | - | |
| 913 | 907 | /* Check that both start and end of the requested erase are |
| 914 | 908 | * aligned with the erasesize at the appropriate addresses. |
| 915 | 909 | */ |
| ... | ... | @@ -1153,9 +1147,6 @@ |
| 1153 | 1147 | return -EINVAL; |
| 1154 | 1148 | |
| 1155 | 1149 | if (len & (mtd->erasesize -1)) |
| 1156 | - return -EINVAL; | |
| 1157 | - | |
| 1158 | - if ((len + ofs) > mtd->size) | |
| 1159 | 1150 | return -EINVAL; |
| 1160 | 1151 | |
| 1161 | 1152 | chipnum = ofs >> cfi->chipshift; |
drivers/mtd/chips/cfi_util.c
| ... | ... | @@ -173,12 +173,6 @@ |
| 173 | 173 | int i, first; |
| 174 | 174 | struct mtd_erase_region_info *regions = mtd->eraseregions; |
| 175 | 175 | |
| 176 | - if (ofs > mtd->size) | |
| 177 | - return -EINVAL; | |
| 178 | - | |
| 179 | - if ((len + ofs) > mtd->size) | |
| 180 | - return -EINVAL; | |
| 181 | - | |
| 182 | 176 | /* Check that both start and end of the requested erase are |
| 183 | 177 | * aligned with the erasesize at the appropriate addresses. |
| 184 | 178 | */ |
drivers/mtd/devices/block2mtd.c
| ... | ... | @@ -104,11 +104,6 @@ |
| 104 | 104 | int offset = from & (PAGE_SIZE-1); |
| 105 | 105 | int cpylen; |
| 106 | 106 | |
| 107 | - if (from > mtd->size) | |
| 108 | - return -EINVAL; | |
| 109 | - if (from + len > mtd->size) | |
| 110 | - len = mtd->size - from; | |
| 111 | - | |
| 112 | 107 | if (retlen) |
| 113 | 108 | *retlen = 0; |
| 114 | 109 | |
| ... | ... | @@ -190,10 +185,6 @@ |
| 190 | 185 | |
| 191 | 186 | if (!len) |
| 192 | 187 | return 0; |
| 193 | - if (to >= mtd->size) | |
| 194 | - return -ENOSPC; | |
| 195 | - if (to + len > mtd->size) | |
| 196 | - len = mtd->size - to; | |
| 197 | 188 | |
| 198 | 189 | mutex_lock(&dev->write_mutex); |
| 199 | 190 | err = _block2mtd_write(dev, buf, to, len, retlen); |
drivers/mtd/devices/doc2000.c
| ... | ... | @@ -602,10 +602,6 @@ |
| 602 | 602 | int i, len256 = 0, ret=0; |
| 603 | 603 | size_t left = len; |
| 604 | 604 | |
| 605 | - /* Don't allow read past end of device */ | |
| 606 | - if (from >= this->totlen) | |
| 607 | - return -EINVAL; | |
| 608 | - | |
| 609 | 605 | mutex_lock(&this->lock); |
| 610 | 606 | |
| 611 | 607 | *retlen = 0; |
| ... | ... | @@ -747,10 +743,6 @@ |
| 747 | 743 | struct Nand *mychip; |
| 748 | 744 | size_t left = len; |
| 749 | 745 | int status; |
| 750 | - | |
| 751 | - /* Don't allow write past end of device */ | |
| 752 | - if (to >= this->totlen) | |
| 753 | - return -EINVAL; | |
| 754 | 746 | |
| 755 | 747 | mutex_lock(&this->lock); |
| 756 | 748 |
drivers/mtd/devices/doc2001.c
| ... | ... | @@ -383,10 +383,6 @@ |
| 383 | 383 | void __iomem *docptr = this->virtadr; |
| 384 | 384 | struct Nand *mychip = &this->chips[from >> (this->chipshift)]; |
| 385 | 385 | |
| 386 | - /* Don't allow read past end of device */ | |
| 387 | - if (from >= this->totlen) | |
| 388 | - return -EINVAL; | |
| 389 | - | |
| 390 | 386 | /* Don't allow a single read to cross a 512-byte block boundary */ |
| 391 | 387 | if (from + len > ((from | 0x1ff) + 1)) |
| 392 | 388 | len = ((from | 0x1ff) + 1) - from; |
| ... | ... | @@ -493,10 +489,6 @@ |
| 493 | 489 | struct DiskOnChip *this = mtd->priv; |
| 494 | 490 | void __iomem *docptr = this->virtadr; |
| 495 | 491 | struct Nand *mychip = &this->chips[to >> (this->chipshift)]; |
| 496 | - | |
| 497 | - /* Don't allow write past end of device */ | |
| 498 | - if (to >= this->totlen) | |
| 499 | - return -EINVAL; | |
| 500 | 492 | |
| 501 | 493 | #if 0 |
| 502 | 494 | /* Don't allow a single write to cross a 512-byte block boundary */ |
drivers/mtd/devices/doc2001plus.c
| ... | ... | @@ -581,10 +581,6 @@ |
| 581 | 581 | void __iomem * docptr = this->virtadr; |
| 582 | 582 | struct Nand *mychip = &this->chips[from >> (this->chipshift)]; |
| 583 | 583 | |
| 584 | - /* Don't allow read past end of device */ | |
| 585 | - if (from >= this->totlen) | |
| 586 | - return -EINVAL; | |
| 587 | - | |
| 588 | 584 | /* Don't allow a single read to cross a 512-byte block boundary */ |
| 589 | 585 | if (from + len > ((from | 0x1ff) + 1)) |
| 590 | 586 | len = ((from | 0x1ff) + 1) - from; |
| ... | ... | @@ -699,10 +695,6 @@ |
| 699 | 695 | struct DiskOnChip *this = mtd->priv; |
| 700 | 696 | void __iomem * docptr = this->virtadr; |
| 701 | 697 | struct Nand *mychip = &this->chips[to >> (this->chipshift)]; |
| 702 | - | |
| 703 | - /* Don't allow write past end of device */ | |
| 704 | - if (to >= this->totlen) | |
| 705 | - return -EINVAL; | |
| 706 | 698 | |
| 707 | 699 | /* Don't allow writes which aren't exactly one block (512 bytes) */ |
| 708 | 700 | if ((to & 0x1ff) || (len != 0x200)) |
drivers/mtd/devices/lart.c
| ... | ... | @@ -367,9 +367,6 @@ |
| 367 | 367 | printk (KERN_DEBUG "%s(addr = 0x%.8x, len = %d)\n", __func__, instr->addr, instr->len); |
| 368 | 368 | #endif |
| 369 | 369 | |
| 370 | - /* sanity checks */ | |
| 371 | - if (instr->addr + instr->len > mtd->size) return (-EINVAL); | |
| 372 | - | |
| 373 | 370 | /* |
| 374 | 371 | * check that both start and end of the requested erase are |
| 375 | 372 | * aligned with the erasesize at the appropriate addresses. |
| ... | ... | @@ -442,7 +439,6 @@ |
| 442 | 439 | |
| 443 | 440 | /* sanity checks */ |
| 444 | 441 | if (!len) return (0); |
| 445 | - if (from + len > mtd->size) return (-EINVAL); | |
| 446 | 442 | |
| 447 | 443 | /* we always read len bytes */ |
| 448 | 444 | *retlen = len; |
| ... | ... | @@ -526,7 +522,6 @@ |
| 526 | 522 | |
| 527 | 523 | /* sanity checks */ |
| 528 | 524 | if (!len) return (0); |
| 529 | - if (to + len > mtd->size) return (-EINVAL); | |
| 530 | 525 | |
| 531 | 526 | /* first, we write a 0xFF.... padded byte until we reach a dword boundary */ |
| 532 | 527 | if (to & (BUSWIDTH - 1)) |
drivers/mtd/devices/m25p80.c
| ... | ... | @@ -288,9 +288,6 @@ |
| 288 | 288 | __func__, (long long)instr->addr, |
| 289 | 289 | (long long)instr->len); |
| 290 | 290 | |
| 291 | - /* sanity checks */ | |
| 292 | - if (instr->addr + instr->len > flash->mtd.size) | |
| 293 | - return -EINVAL; | |
| 294 | 291 | div_u64_rem(instr->len, mtd->erasesize, &rem); |
| 295 | 292 | if (rem) |
| 296 | 293 | return -EINVAL; |
| ... | ... | @@ -353,9 +350,6 @@ |
| 353 | 350 | if (!len) |
| 354 | 351 | return 0; |
| 355 | 352 | |
| 356 | - if (from + len > flash->mtd.size) | |
| 357 | - return -EINVAL; | |
| 358 | - | |
| 359 | 353 | spi_message_init(&m); |
| 360 | 354 | memset(t, 0, (sizeof t)); |
| 361 | 355 | |
| ... | ... | @@ -423,9 +417,6 @@ |
| 423 | 417 | if (!len) |
| 424 | 418 | return(0); |
| 425 | 419 | |
| 426 | - if (to + len > flash->mtd.size) | |
| 427 | - return -EINVAL; | |
| 428 | - | |
| 429 | 420 | spi_message_init(&m); |
| 430 | 421 | memset(t, 0, (sizeof t)); |
| 431 | 422 | |
| ... | ... | @@ -514,9 +505,6 @@ |
| 514 | 505 | /* sanity checks */ |
| 515 | 506 | if (!len) |
| 516 | 507 | return 0; |
| 517 | - | |
| 518 | - if (to + len > flash->mtd.size) | |
| 519 | - return -EINVAL; | |
| 520 | 508 | |
| 521 | 509 | spi_message_init(&m); |
| 522 | 510 | memset(t, 0, (sizeof t)); |
drivers/mtd/devices/ms02-nv.c
| ... | ... | @@ -59,12 +59,8 @@ |
| 59 | 59 | { |
| 60 | 60 | struct ms02nv_private *mp = mtd->priv; |
| 61 | 61 | |
| 62 | - if (from + len > mtd->size) | |
| 63 | - return -EINVAL; | |
| 64 | - | |
| 65 | 62 | memcpy(buf, mp->uaddr + from, len); |
| 66 | 63 | *retlen = len; |
| 67 | - | |
| 68 | 64 | return 0; |
| 69 | 65 | } |
| 70 | 66 | |
| 71 | 67 | |
| ... | ... | @@ -73,12 +69,8 @@ |
| 73 | 69 | { |
| 74 | 70 | struct ms02nv_private *mp = mtd->priv; |
| 75 | 71 | |
| 76 | - if (to + len > mtd->size) | |
| 77 | - return -EINVAL; | |
| 78 | - | |
| 79 | 72 | memcpy(mp->uaddr + to, buf, len); |
| 80 | 73 | *retlen = len; |
| 81 | - | |
| 82 | 74 | return 0; |
| 83 | 75 | } |
| 84 | 76 |
drivers/mtd/devices/mtd_dataflash.c
| ... | ... | @@ -164,9 +164,6 @@ |
| 164 | 164 | dev_name(&spi->dev), (long long)instr->addr, |
| 165 | 165 | (long long)instr->len); |
| 166 | 166 | |
| 167 | - /* Sanity checks */ | |
| 168 | - if (instr->addr + instr->len > mtd->size) | |
| 169 | - return -EINVAL; | |
| 170 | 167 | div_u64_rem(instr->len, priv->page_size, &rem); |
| 171 | 168 | if (rem) |
| 172 | 169 | return -EINVAL; |
| ... | ... | @@ -257,8 +254,6 @@ |
| 257 | 254 | /* Sanity checks */ |
| 258 | 255 | if (!len) |
| 259 | 256 | return 0; |
| 260 | - if (from + len > mtd->size) | |
| 261 | - return -EINVAL; | |
| 262 | 257 | |
| 263 | 258 | /* Calculate flash page/byte address */ |
| 264 | 259 | addr = (((unsigned)from / priv->page_size) << priv->page_offset) |
| ... | ... | @@ -333,8 +328,6 @@ |
| 333 | 328 | /* Sanity checks */ |
| 334 | 329 | if (!len) |
| 335 | 330 | return 0; |
| 336 | - if ((to + len) > mtd->size) | |
| 337 | - return -EINVAL; | |
| 338 | 331 | |
| 339 | 332 | spi_message_init(&msg); |
| 340 | 333 |
drivers/mtd/devices/mtdram.c
| ... | ... | @@ -34,27 +34,18 @@ |
| 34 | 34 | |
| 35 | 35 | static int ram_erase(struct mtd_info *mtd, struct erase_info *instr) |
| 36 | 36 | { |
| 37 | - if (instr->addr + instr->len > mtd->size) | |
| 38 | - return -EINVAL; | |
| 39 | - | |
| 40 | 37 | memset((char *)mtd->priv + instr->addr, 0xff, instr->len); |
| 41 | - | |
| 42 | 38 | instr->state = MTD_ERASE_DONE; |
| 43 | 39 | mtd_erase_callback(instr); |
| 44 | - | |
| 45 | 40 | return 0; |
| 46 | 41 | } |
| 47 | 42 | |
| 48 | 43 | static int ram_point(struct mtd_info *mtd, loff_t from, size_t len, |
| 49 | 44 | size_t *retlen, void **virt, resource_size_t *phys) |
| 50 | 45 | { |
| 51 | - if (from + len > mtd->size) | |
| 52 | - return -EINVAL; | |
| 53 | - | |
| 54 | 46 | /* can we return a physical address with this driver? */ |
| 55 | 47 | if (phys) |
| 56 | 48 | return -EINVAL; |
| 57 | - | |
| 58 | 49 | *virt = mtd->priv + from; |
| 59 | 50 | *retlen = len; |
| 60 | 51 | return 0; |
| 61 | 52 | |
| ... | ... | @@ -81,11 +72,7 @@ |
| 81 | 72 | static int ram_read(struct mtd_info *mtd, loff_t from, size_t len, |
| 82 | 73 | size_t *retlen, u_char *buf) |
| 83 | 74 | { |
| 84 | - if (from + len > mtd->size) | |
| 85 | - return -EINVAL; | |
| 86 | - | |
| 87 | 75 | memcpy(buf, mtd->priv + from, len); |
| 88 | - | |
| 89 | 76 | *retlen = len; |
| 90 | 77 | return 0; |
| 91 | 78 | } |
| 92 | 79 | |
| ... | ... | @@ -93,11 +80,7 @@ |
| 93 | 80 | static int ram_write(struct mtd_info *mtd, loff_t to, size_t len, |
| 94 | 81 | size_t *retlen, const u_char *buf) |
| 95 | 82 | { |
| 96 | - if (to + len > mtd->size) | |
| 97 | - return -EINVAL; | |
| 98 | - | |
| 99 | 83 | memcpy((char *)mtd->priv + to, buf, len); |
| 100 | - | |
| 101 | 84 | *retlen = len; |
| 102 | 85 | return 0; |
| 103 | 86 | } |
drivers/mtd/devices/phram.c
| ... | ... | @@ -38,29 +38,20 @@ |
| 38 | 38 | { |
| 39 | 39 | u_char *start = mtd->priv; |
| 40 | 40 | |
| 41 | - if (instr->addr + instr->len > mtd->size) | |
| 42 | - return -EINVAL; | |
| 43 | - | |
| 44 | 41 | memset(start + instr->addr, 0xff, instr->len); |
| 45 | 42 | |
| 46 | 43 | /* This'll catch a few races. Free the thing before returning :) |
| 47 | 44 | * I don't feel at all ashamed. This kind of thing is possible anyway |
| 48 | 45 | * with flash, but unlikely. |
| 49 | 46 | */ |
| 50 | - | |
| 51 | 47 | instr->state = MTD_ERASE_DONE; |
| 52 | - | |
| 53 | 48 | mtd_erase_callback(instr); |
| 54 | - | |
| 55 | 49 | return 0; |
| 56 | 50 | } |
| 57 | 51 | |
| 58 | 52 | static int phram_point(struct mtd_info *mtd, loff_t from, size_t len, |
| 59 | 53 | size_t *retlen, void **virt, resource_size_t *phys) |
| 60 | 54 | { |
| 61 | - if (from + len > mtd->size) | |
| 62 | - return -EINVAL; | |
| 63 | - | |
| 64 | 55 | /* can we return a physical address with this driver? */ |
| 65 | 56 | if (phys) |
| 66 | 57 | return -EINVAL; |
| 67 | 58 | |
| ... | ... | @@ -80,14 +71,7 @@ |
| 80 | 71 | { |
| 81 | 72 | u_char *start = mtd->priv; |
| 82 | 73 | |
| 83 | - if (from >= mtd->size) | |
| 84 | - return -EINVAL; | |
| 85 | - | |
| 86 | - if (len > mtd->size - from) | |
| 87 | - len = mtd->size - from; | |
| 88 | - | |
| 89 | 74 | memcpy(buf, start + from, len); |
| 90 | - | |
| 91 | 75 | *retlen = len; |
| 92 | 76 | return 0; |
| 93 | 77 | } |
| 94 | 78 | |
| ... | ... | @@ -97,14 +81,7 @@ |
| 97 | 81 | { |
| 98 | 82 | u_char *start = mtd->priv; |
| 99 | 83 | |
| 100 | - if (to >= mtd->size) | |
| 101 | - return -EINVAL; | |
| 102 | - | |
| 103 | - if (len > mtd->size - to) | |
| 104 | - len = mtd->size - to; | |
| 105 | - | |
| 106 | 84 | memcpy(start + to, buf, len); |
| 107 | - | |
| 108 | 85 | *retlen = len; |
| 109 | 86 | return 0; |
| 110 | 87 | } |
drivers/mtd/devices/pmc551.c
| ... | ... | @@ -116,16 +116,6 @@ |
| 116 | 116 | #endif |
| 117 | 117 | |
| 118 | 118 | end = instr->addr + instr->len - 1; |
| 119 | - | |
| 120 | - /* Is it past the end? */ | |
| 121 | - if (end > mtd->size) { | |
| 122 | -#ifdef CONFIG_MTD_PMC551_DEBUG | |
| 123 | - printk(KERN_DEBUG "pmc551_erase() out of bounds (%ld > %ld)\n", | |
| 124 | - (long)end, (long)mtd->size); | |
| 125 | -#endif | |
| 126 | - return -EINVAL; | |
| 127 | - } | |
| 128 | - | |
| 129 | 119 | eoff_hi = end & ~(priv->asize - 1); |
| 130 | 120 | soff_hi = instr->addr & ~(priv->asize - 1); |
| 131 | 121 | eoff_lo = end & (priv->asize - 1); |
| ... | ... | @@ -179,14 +169,6 @@ |
| 179 | 169 | printk(KERN_DEBUG "pmc551_point(%ld, %ld)\n", (long)from, (long)len); |
| 180 | 170 | #endif |
| 181 | 171 | |
| 182 | - if (from + len > mtd->size) { | |
| 183 | -#ifdef CONFIG_MTD_PMC551_DEBUG | |
| 184 | - printk(KERN_DEBUG "pmc551_point() out of bounds (%ld > %ld)\n", | |
| 185 | - (long)from + len, (long)mtd->size); | |
| 186 | -#endif | |
| 187 | - return -EINVAL; | |
| 188 | - } | |
| 189 | - | |
| 190 | 172 | /* can we return a physical address with this driver? */ |
| 191 | 173 | if (phys) |
| 192 | 174 | return -EINVAL; |
| ... | ... | @@ -230,16 +212,6 @@ |
| 230 | 212 | #endif |
| 231 | 213 | |
| 232 | 214 | end = from + len - 1; |
| 233 | - | |
| 234 | - /* Is it past the end? */ | |
| 235 | - if (end > mtd->size) { | |
| 236 | -#ifdef CONFIG_MTD_PMC551_DEBUG | |
| 237 | - printk(KERN_DEBUG "pmc551_read() out of bounds (%ld > %ld)\n", | |
| 238 | - (long)end, (long)mtd->size); | |
| 239 | -#endif | |
| 240 | - return -EINVAL; | |
| 241 | - } | |
| 242 | - | |
| 243 | 215 | soff_hi = from & ~(priv->asize - 1); |
| 244 | 216 | eoff_hi = end & ~(priv->asize - 1); |
| 245 | 217 | soff_lo = from & (priv->asize - 1); |
| ... | ... | @@ -297,16 +269,6 @@ |
| 297 | 269 | #endif |
| 298 | 270 | |
| 299 | 271 | end = to + len - 1; |
| 300 | - /* Is it past the end? or did the u32 wrap? */ | |
| 301 | - if (end > mtd->size) { | |
| 302 | -#ifdef CONFIG_MTD_PMC551_DEBUG | |
| 303 | - printk(KERN_DEBUG "pmc551_write() out of bounds (end: %ld, " | |
| 304 | - "size: %ld, to: %ld)\n", (long)end, (long)mtd->size, | |
| 305 | - (long)to); | |
| 306 | -#endif | |
| 307 | - return -EINVAL; | |
| 308 | - } | |
| 309 | - | |
| 310 | 272 | soff_hi = to & ~(priv->asize - 1); |
| 311 | 273 | eoff_hi = end & ~(priv->asize - 1); |
| 312 | 274 | soff_lo = to & (priv->asize - 1); |
drivers/mtd/devices/slram.c
| ... | ... | @@ -84,21 +84,13 @@ |
| 84 | 84 | { |
| 85 | 85 | slram_priv_t *priv = mtd->priv; |
| 86 | 86 | |
| 87 | - if (instr->addr + instr->len > mtd->size) { | |
| 88 | - return(-EINVAL); | |
| 89 | - } | |
| 90 | - | |
| 91 | 87 | memset(priv->start + instr->addr, 0xff, instr->len); |
| 92 | - | |
| 93 | 88 | /* This'll catch a few races. Free the thing before returning :) |
| 94 | 89 | * I don't feel at all ashamed. This kind of thing is possible anyway |
| 95 | 90 | * with flash, but unlikely. |
| 96 | 91 | */ |
| 97 | - | |
| 98 | 92 | instr->state = MTD_ERASE_DONE; |
| 99 | - | |
| 100 | 93 | mtd_erase_callback(instr); |
| 101 | - | |
| 102 | 94 | return(0); |
| 103 | 95 | } |
| 104 | 96 | |
| ... | ... | @@ -110,10 +102,6 @@ |
| 110 | 102 | /* can we return a physical address with this driver? */ |
| 111 | 103 | if (phys) |
| 112 | 104 | return -EINVAL; |
| 113 | - | |
| 114 | - if (from + len > mtd->size) | |
| 115 | - return -EINVAL; | |
| 116 | - | |
| 117 | 105 | *virt = priv->start + from; |
| 118 | 106 | *retlen = len; |
| 119 | 107 | return(0); |
| 120 | 108 | |
| ... | ... | @@ -129,14 +117,7 @@ |
| 129 | 117 | { |
| 130 | 118 | slram_priv_t *priv = mtd->priv; |
| 131 | 119 | |
| 132 | - if (from > mtd->size) | |
| 133 | - return -EINVAL; | |
| 134 | - | |
| 135 | - if (from + len > mtd->size) | |
| 136 | - len = mtd->size - from; | |
| 137 | - | |
| 138 | 120 | memcpy(buf, priv->start + from, len); |
| 139 | - | |
| 140 | 121 | *retlen = len; |
| 141 | 122 | return(0); |
| 142 | 123 | } |
| 143 | 124 | |
| ... | ... | @@ -146,11 +127,7 @@ |
| 146 | 127 | { |
| 147 | 128 | slram_priv_t *priv = mtd->priv; |
| 148 | 129 | |
| 149 | - if (to + len > mtd->size) | |
| 150 | - return -EINVAL; | |
| 151 | - | |
| 152 | 130 | memcpy(priv->start + to, buf, len); |
| 153 | - | |
| 154 | 131 | *retlen = len; |
| 155 | 132 | return(0); |
| 156 | 133 | } |
drivers/mtd/devices/spear_smi.c
| ... | ... | @@ -510,10 +510,6 @@ |
| 510 | 510 | if (!flash || !dev) |
| 511 | 511 | return -ENODEV; |
| 512 | 512 | |
| 513 | - /* do not allow erase past end of device */ | |
| 514 | - if (e_info->addr + e_info->len > flash->mtd.size) | |
| 515 | - return -EINVAL; | |
| 516 | - | |
| 517 | 513 | bank = flash->bank; |
| 518 | 514 | if (bank > dev->num_flashes - 1) { |
| 519 | 515 | dev_err(&dev->pdev->dev, "Invalid Bank Num"); |
| ... | ... | @@ -573,10 +569,6 @@ |
| 573 | 569 | if (!flash || !dev) |
| 574 | 570 | return -ENODEV; |
| 575 | 571 | |
| 576 | - /* do not allow reads past end of device */ | |
| 577 | - if (from + len > flash->mtd.size) | |
| 578 | - return -EINVAL; | |
| 579 | - | |
| 580 | 572 | if (flash->bank > dev->num_flashes - 1) { |
| 581 | 573 | dev_err(&dev->pdev->dev, "Invalid Bank Num"); |
| 582 | 574 | return -EINVAL; |
| ... | ... | @@ -677,10 +669,6 @@ |
| 677 | 669 | |
| 678 | 670 | if (!len) |
| 679 | 671 | return 0; |
| 680 | - | |
| 681 | - /* do not allow write past end of page */ | |
| 682 | - if (to + len > flash->mtd.size) | |
| 683 | - return -EINVAL; | |
| 684 | 672 | |
| 685 | 673 | if (flash->bank > dev->num_flashes - 1) { |
| 686 | 674 | dev_err(&dev->pdev->dev, "Invalid Bank Num"); |
drivers/mtd/devices/sst25l.c
| ... | ... | @@ -175,9 +175,6 @@ |
| 175 | 175 | int err; |
| 176 | 176 | |
| 177 | 177 | /* Sanity checks */ |
| 178 | - if (instr->addr + instr->len > flash->mtd.size) | |
| 179 | - return -EINVAL; | |
| 180 | - | |
| 181 | 178 | if ((uint32_t)instr->len % mtd->erasesize) |
| 182 | 179 | return -EINVAL; |
| 183 | 180 | |
| ... | ... | @@ -227,9 +224,6 @@ |
| 227 | 224 | if (len == 0) |
| 228 | 225 | return 0; |
| 229 | 226 | |
| 230 | - if (from + len > flash->mtd.size) | |
| 231 | - return -EINVAL; | |
| 232 | - | |
| 233 | 227 | if (retlen) |
| 234 | 228 | *retlen = 0; |
| 235 | 229 | |
| ... | ... | @@ -277,9 +271,6 @@ |
| 277 | 271 | /* Sanity checks */ |
| 278 | 272 | if (!len) |
| 279 | 273 | return 0; |
| 280 | - | |
| 281 | - if (to + len > flash->mtd.size) | |
| 282 | - return -EINVAL; | |
| 283 | 274 | |
| 284 | 275 | if ((uint32_t)to % mtd->writesize) |
| 285 | 276 | return -EINVAL; |
drivers/mtd/lpddr/lpddr_cmds.c
| ... | ... | @@ -530,7 +530,7 @@ |
| 530 | 530 | struct flchip *chip = &lpddr->chips[chipnum]; |
| 531 | 531 | int ret = 0; |
| 532 | 532 | |
| 533 | - if (!map->virt || (adr + len > mtd->size)) | |
| 533 | + if (!map->virt) | |
| 534 | 534 | return -EINVAL; |
| 535 | 535 | |
| 536 | 536 | /* ofs: offset within the first chip that the first read should start */ |
| ... | ... | @@ -691,9 +691,6 @@ |
| 691 | 691 | |
| 692 | 692 | ofs = instr->addr; |
| 693 | 693 | len = instr->len; |
| 694 | - | |
| 695 | - if (ofs > mtd->size || (len + ofs) > mtd->size) | |
| 696 | - return -EINVAL; | |
| 697 | 694 | |
| 698 | 695 | while (len > 0) { |
| 699 | 696 | ret = do_erase_oneblock(mtd, ofs); |
drivers/mtd/mtdconcat.c
| ... | ... | @@ -185,10 +185,6 @@ |
| 185 | 185 | for (i = 0; i < count; i++) |
| 186 | 186 | total_len += vecs[i].iov_len; |
| 187 | 187 | |
| 188 | - /* Do not allow write past end of device */ | |
| 189 | - if ((to + total_len) > mtd->size) | |
| 190 | - return -EINVAL; | |
| 191 | - | |
| 192 | 188 | /* Check alignment */ |
| 193 | 189 | if (mtd->writesize > 1) { |
| 194 | 190 | uint64_t __to = to; |
| ... | ... | @@ -406,12 +402,6 @@ |
| 406 | 402 | if (!(mtd->flags & MTD_WRITEABLE)) |
| 407 | 403 | return -EROFS; |
| 408 | 404 | |
| 409 | - if (instr->addr > concat->mtd.size) | |
| 410 | - return -EINVAL; | |
| 411 | - | |
| 412 | - if (instr->len + instr->addr > concat->mtd.size) | |
| 413 | - return -EINVAL; | |
| 414 | - | |
| 415 | 405 | /* |
| 416 | 406 | * Check for proper erase block alignment of the to-be-erased area. |
| 417 | 407 | * It is easier to do this based on the super device's erase |
| ... | ... | @@ -538,9 +528,6 @@ |
| 538 | 528 | struct mtd_concat *concat = CONCAT(mtd); |
| 539 | 529 | int i, err = -EINVAL; |
| 540 | 530 | |
| 541 | - if ((len + ofs) > mtd->size) | |
| 542 | - return -EINVAL; | |
| 543 | - | |
| 544 | 531 | for (i = 0; i < concat->num_subdev; i++) { |
| 545 | 532 | struct mtd_info *subdev = concat->subdev[i]; |
| 546 | 533 | uint64_t size; |
| ... | ... | @@ -575,9 +562,6 @@ |
| 575 | 562 | struct mtd_concat *concat = CONCAT(mtd); |
| 576 | 563 | int i, err = 0; |
| 577 | 564 | |
| 578 | - if ((len + ofs) > mtd->size) | |
| 579 | - return -EINVAL; | |
| 580 | - | |
| 581 | 565 | for (i = 0; i < concat->num_subdev; i++) { |
| 582 | 566 | struct mtd_info *subdev = concat->subdev[i]; |
| 583 | 567 | uint64_t size; |
| ... | ... | @@ -650,9 +634,6 @@ |
| 650 | 634 | if (!mtd_can_have_bb(concat->subdev[0])) |
| 651 | 635 | return res; |
| 652 | 636 | |
| 653 | - if (ofs > mtd->size) | |
| 654 | - return -EINVAL; | |
| 655 | - | |
| 656 | 637 | for (i = 0; i < concat->num_subdev; i++) { |
| 657 | 638 | struct mtd_info *subdev = concat->subdev[i]; |
| 658 | 639 | |
| ... | ... | @@ -673,9 +654,6 @@ |
| 673 | 654 | struct mtd_concat *concat = CONCAT(mtd); |
| 674 | 655 | int i, err = -EINVAL; |
| 675 | 656 | |
| 676 | - if (ofs > mtd->size) | |
| 677 | - return -EINVAL; | |
| 678 | - | |
| 679 | 657 | for (i = 0; i < concat->num_subdev; i++) { |
| 680 | 658 | struct mtd_info *subdev = concat->subdev[i]; |
| 681 | 659 | |
| ... | ... | @@ -712,10 +690,6 @@ |
| 712 | 690 | offset -= subdev->size; |
| 713 | 691 | continue; |
| 714 | 692 | } |
| 715 | - | |
| 716 | - /* we've found the subdev over which the mapping will reside */ | |
| 717 | - if (offset + len > subdev->size) | |
| 718 | - return (unsigned long) -EINVAL; | |
| 719 | 693 | |
| 720 | 694 | return mtd_get_unmapped_area(subdev, len, offset, flags); |
| 721 | 695 | } |
drivers/mtd/mtdpart.c
| ... | ... | @@ -65,11 +65,6 @@ |
| 65 | 65 | int res; |
| 66 | 66 | |
| 67 | 67 | stats = part->master->ecc_stats; |
| 68 | - | |
| 69 | - if (from >= mtd->size) | |
| 70 | - len = 0; | |
| 71 | - else if (from + len > mtd->size) | |
| 72 | - len = mtd->size - from; | |
| 73 | 68 | res = mtd_read(part->master, from + part->offset, len, retlen, buf); |
| 74 | 69 | if (unlikely(res)) { |
| 75 | 70 | if (mtd_is_bitflip(res)) |
| ... | ... | @@ -84,10 +79,7 @@ |
| 84 | 79 | size_t *retlen, void **virt, resource_size_t *phys) |
| 85 | 80 | { |
| 86 | 81 | struct mtd_part *part = PART(mtd); |
| 87 | - if (from >= mtd->size) | |
| 88 | - len = 0; | |
| 89 | - else if (from + len > mtd->size) | |
| 90 | - len = mtd->size - from; | |
| 82 | + | |
| 91 | 83 | return mtd_point(part->master, from + part->offset, len, retlen, |
| 92 | 84 | virt, phys); |
| 93 | 85 | } |
| ... | ... | @@ -182,10 +174,6 @@ |
| 182 | 174 | struct mtd_part *part = PART(mtd); |
| 183 | 175 | if (!(mtd->flags & MTD_WRITEABLE)) |
| 184 | 176 | return -EROFS; |
| 185 | - if (to >= mtd->size) | |
| 186 | - len = 0; | |
| 187 | - else if (to + len > mtd->size) | |
| 188 | - len = mtd->size - to; | |
| 189 | 177 | return mtd_write(part->master, to + part->offset, len, retlen, buf); |
| 190 | 178 | } |
| 191 | 179 | |
| ... | ... | @@ -195,10 +183,6 @@ |
| 195 | 183 | struct mtd_part *part = PART(mtd); |
| 196 | 184 | if (!(mtd->flags & MTD_WRITEABLE)) |
| 197 | 185 | return -EROFS; |
| 198 | - if (to >= mtd->size) | |
| 199 | - len = 0; | |
| 200 | - else if (to + len > mtd->size) | |
| 201 | - len = mtd->size - to; | |
| 202 | 186 | return mtd_panic_write(part->master, to + part->offset, len, retlen, |
| 203 | 187 | buf); |
| 204 | 188 | } |
| ... | ... | @@ -248,8 +232,6 @@ |
| 248 | 232 | int ret; |
| 249 | 233 | if (!(mtd->flags & MTD_WRITEABLE)) |
| 250 | 234 | return -EROFS; |
| 251 | - if (instr->addr >= mtd->size) | |
| 252 | - return -EINVAL; | |
| 253 | 235 | instr->addr += part->offset; |
| 254 | 236 | ret = mtd_erase(part->master, instr); |
| 255 | 237 | if (ret) { |
| 256 | 238 | |
| 257 | 239 | |
| ... | ... | @@ -277,24 +259,18 @@ |
| 277 | 259 | static int part_lock(struct mtd_info *mtd, loff_t ofs, uint64_t len) |
| 278 | 260 | { |
| 279 | 261 | struct mtd_part *part = PART(mtd); |
| 280 | - if ((len + ofs) > mtd->size) | |
| 281 | - return -EINVAL; | |
| 282 | 262 | return mtd_lock(part->master, ofs + part->offset, len); |
| 283 | 263 | } |
| 284 | 264 | |
| 285 | 265 | static int part_unlock(struct mtd_info *mtd, loff_t ofs, uint64_t len) |
| 286 | 266 | { |
| 287 | 267 | struct mtd_part *part = PART(mtd); |
| 288 | - if ((len + ofs) > mtd->size) | |
| 289 | - return -EINVAL; | |
| 290 | 268 | return mtd_unlock(part->master, ofs + part->offset, len); |
| 291 | 269 | } |
| 292 | 270 | |
| 293 | 271 | static int part_is_locked(struct mtd_info *mtd, loff_t ofs, uint64_t len) |
| 294 | 272 | { |
| 295 | 273 | struct mtd_part *part = PART(mtd); |
| 296 | - if ((len + ofs) > mtd->size) | |
| 297 | - return -EINVAL; | |
| 298 | 274 | return mtd_is_locked(part->master, ofs + part->offset, len); |
| 299 | 275 | } |
| 300 | 276 | |
| ... | ... | @@ -319,8 +295,6 @@ |
| 319 | 295 | static int part_block_isbad(struct mtd_info *mtd, loff_t ofs) |
| 320 | 296 | { |
| 321 | 297 | struct mtd_part *part = PART(mtd); |
| 322 | - if (ofs >= mtd->size) | |
| 323 | - return -EINVAL; | |
| 324 | 298 | ofs += part->offset; |
| 325 | 299 | return mtd_block_isbad(part->master, ofs); |
| 326 | 300 | } |
| ... | ... | @@ -332,8 +306,6 @@ |
| 332 | 306 | |
| 333 | 307 | if (!(mtd->flags & MTD_WRITEABLE)) |
| 334 | 308 | return -EROFS; |
| 335 | - if (ofs >= mtd->size) | |
| 336 | - return -EINVAL; | |
| 337 | 309 | ofs += part->offset; |
| 338 | 310 | res = mtd_block_markbad(part->master, ofs); |
| 339 | 311 | if (!res) |
drivers/mtd/nand/nand_base.c
| ... | ... | @@ -123,12 +123,6 @@ |
| 123 | 123 | ret = -EINVAL; |
| 124 | 124 | } |
| 125 | 125 | |
| 126 | - /* Do not allow past end of device */ | |
| 127 | - if (ofs + len > mtd->size) { | |
| 128 | - pr_debug("%s: past end of device\n", __func__); | |
| 129 | - ret = -EINVAL; | |
| 130 | - } | |
| 131 | - | |
| 132 | 126 | return ret; |
| 133 | 127 | } |
| 134 | 128 | |
| 135 | 129 | |
| 136 | 130 | |
| 137 | 131 | |
| 138 | 132 | |
| 139 | 133 | |
| ... | ... | @@ -1620,25 +1614,17 @@ |
| 1620 | 1614 | struct mtd_oob_ops ops; |
| 1621 | 1615 | int ret; |
| 1622 | 1616 | |
| 1623 | - /* Do not allow reads past end of device */ | |
| 1624 | - if ((from + len) > mtd->size) | |
| 1625 | - return -EINVAL; | |
| 1626 | 1617 | if (!len) |
| 1627 | 1618 | return 0; |
| 1628 | 1619 | |
| 1629 | 1620 | nand_get_device(chip, mtd, FL_READING); |
| 1630 | - | |
| 1631 | 1621 | ops.len = len; |
| 1632 | 1622 | ops.datbuf = buf; |
| 1633 | 1623 | ops.oobbuf = NULL; |
| 1634 | 1624 | ops.mode = 0; |
| 1635 | - | |
| 1636 | 1625 | ret = nand_do_read_ops(mtd, from, &ops); |
| 1637 | - | |
| 1638 | 1626 | *retlen = ops.retlen; |
| 1639 | - | |
| 1640 | 1627 | nand_release_device(mtd); |
| 1641 | - | |
| 1642 | 1628 | return ret; |
| 1643 | 1629 | } |
| 1644 | 1630 | |
| ... | ... | @@ -2328,8 +2314,6 @@ |
| 2328 | 2314 | int ret; |
| 2329 | 2315 | |
| 2330 | 2316 | /* Do not allow reads past end of device */ |
| 2331 | - if ((to + len) > mtd->size) | |
| 2332 | - return -EINVAL; | |
| 2333 | 2317 | if (!len) |
| 2334 | 2318 | return 0; |
| 2335 | 2319 | |
| 2336 | 2320 | |
| 2337 | 2321 | |
| 2338 | 2322 | |
| 2339 | 2323 | |
| 2340 | 2324 | |
| ... | ... | @@ -2367,25 +2351,17 @@ |
| 2367 | 2351 | struct mtd_oob_ops ops; |
| 2368 | 2352 | int ret; |
| 2369 | 2353 | |
| 2370 | - /* Do not allow reads past end of device */ | |
| 2371 | - if ((to + len) > mtd->size) | |
| 2372 | - return -EINVAL; | |
| 2373 | 2354 | if (!len) |
| 2374 | 2355 | return 0; |
| 2375 | 2356 | |
| 2376 | 2357 | nand_get_device(chip, mtd, FL_WRITING); |
| 2377 | - | |
| 2378 | 2358 | ops.len = len; |
| 2379 | 2359 | ops.datbuf = (uint8_t *)buf; |
| 2380 | 2360 | ops.oobbuf = NULL; |
| 2381 | 2361 | ops.mode = 0; |
| 2382 | - | |
| 2383 | 2362 | ret = nand_do_write_ops(mtd, to, &ops); |
| 2384 | - | |
| 2385 | 2363 | *retlen = ops.retlen; |
| 2386 | - | |
| 2387 | 2364 | nand_release_device(mtd); |
| 2388 | - | |
| 2389 | 2365 | return ret; |
| 2390 | 2366 | } |
| 2391 | 2367 | |
| ... | ... | @@ -2749,10 +2725,6 @@ |
| 2749 | 2725 | */ |
| 2750 | 2726 | static int nand_block_isbad(struct mtd_info *mtd, loff_t offs) |
| 2751 | 2727 | { |
| 2752 | - /* Check for invalid offset */ | |
| 2753 | - if (offs > mtd->size) | |
| 2754 | - return -EINVAL; | |
| 2755 | - | |
| 2756 | 2728 | return nand_block_checkbad(mtd, offs, 1, 0); |
| 2757 | 2729 | } |
| 2758 | 2730 |
drivers/mtd/onenand/onenand_base.c
| ... | ... | @@ -1756,13 +1756,6 @@ |
| 1756 | 1756 | /* Initialize retlen, in case of early exit */ |
| 1757 | 1757 | *retlen = 0; |
| 1758 | 1758 | |
| 1759 | - /* Do not allow writes past end of device */ | |
| 1760 | - if (unlikely((to + len) > mtd->size)) { | |
| 1761 | - printk(KERN_ERR "%s: Attempt write to past end of device\n", | |
| 1762 | - __func__); | |
| 1763 | - return -EINVAL; | |
| 1764 | - } | |
| 1765 | - | |
| 1766 | 1759 | /* Reject writes, which are not page aligned */ |
| 1767 | 1760 | if (unlikely(NOTALIGNED(to) || NOTALIGNED(len))) { |
| 1768 | 1761 | printk(KERN_ERR "%s: Attempt to write not page aligned data\n", |
| ... | ... | @@ -1890,13 +1883,6 @@ |
| 1890 | 1883 | ops->retlen = 0; |
| 1891 | 1884 | ops->oobretlen = 0; |
| 1892 | 1885 | |
| 1893 | - /* Do not allow writes past end of device */ | |
| 1894 | - if (unlikely((to + len) > mtd->size)) { | |
| 1895 | - printk(KERN_ERR "%s: Attempt write to past end of device\n", | |
| 1896 | - __func__); | |
| 1897 | - return -EINVAL; | |
| 1898 | - } | |
| 1899 | - | |
| 1900 | 1886 | /* Reject writes, which are not page aligned */ |
| 1901 | 1887 | if (unlikely(NOTALIGNED(to) || NOTALIGNED(len))) { |
| 1902 | 1888 | printk(KERN_ERR "%s: Attempt to write not page aligned data\n", |
| ... | ... | @@ -2492,12 +2478,6 @@ |
| 2492 | 2478 | pr_debug("%s: start=0x%012llx, len=%llu\n", __func__, |
| 2493 | 2479 | (unsigned long long)instr->addr, |
| 2494 | 2480 | (unsigned long long)instr->len); |
| 2495 | - | |
| 2496 | - /* Do not allow erase past end of device */ | |
| 2497 | - if (unlikely((len + addr) > mtd->size)) { | |
| 2498 | - printk(KERN_ERR "%s: Erase past end of device\n", __func__); | |
| 2499 | - return -EINVAL; | |
| 2500 | - } | |
| 2501 | 2481 | |
| 2502 | 2482 | if (FLEXONENAND(this)) { |
| 2503 | 2483 | /* Find the eraseregion of this address */ |
drivers/mtd/ubi/gluebi.c
| ... | ... | @@ -174,11 +174,7 @@ |
| 174 | 174 | int err = 0, lnum, offs, total_read; |
| 175 | 175 | struct gluebi_device *gluebi; |
| 176 | 176 | |
| 177 | - if (len < 0 || from < 0 || from + len > mtd->size) | |
| 178 | - return -EINVAL; | |
| 179 | - | |
| 180 | 177 | gluebi = container_of(mtd, struct gluebi_device, mtd); |
| 181 | - | |
| 182 | 178 | lnum = div_u64_rem(from, mtd->erasesize, &offs); |
| 183 | 179 | total_read = len; |
| 184 | 180 | while (total_read) { |
| ... | ... | @@ -218,9 +214,6 @@ |
| 218 | 214 | int err = 0, lnum, offs, total_written; |
| 219 | 215 | struct gluebi_device *gluebi; |
| 220 | 216 | |
| 221 | - if (len < 0 || to < 0 || len + to > mtd->size) | |
| 222 | - return -EINVAL; | |
| 223 | - | |
| 224 | 217 | gluebi = container_of(mtd, struct gluebi_device, mtd); |
| 225 | 218 | |
| 226 | 219 | if (!(mtd->flags & MTD_WRITEABLE)) |
| ... | ... | @@ -265,10 +258,6 @@ |
| 265 | 258 | int err, i, lnum, count; |
| 266 | 259 | struct gluebi_device *gluebi; |
| 267 | 260 | |
| 268 | - if (instr->addr < 0 || instr->addr > mtd->size - mtd->erasesize) | |
| 269 | - return -EINVAL; | |
| 270 | - if (instr->len < 0 || instr->addr + instr->len > mtd->size) | |
| 271 | - return -EINVAL; | |
| 272 | 261 | if (mtd_mod_by_ws(instr->addr, mtd) || mtd_mod_by_ws(instr->len, mtd)) |
| 273 | 262 | return -EINVAL; |
| 274 | 263 |