20 Aug, 2014
1 commit
-
Noticed by Coverity as a potential security issue.
Signed-off-by: Brian Norris
21 May, 2014
1 commit
-
On m68k, where access_ok() doesn't cast the address parameter:
drivers/mtd/mtdchar.c: In function 'mtdchar_write_ioctl':
drivers/mtd/mtdchar.c:575:4: warning: passing argument 2 of 'access_ok' makes pointer from integer without a cast [enabled by default]
arch/m68k/include/asm/uaccess_mm.h:17:90: note: expected 'const void *' but argument is of type '__u64'
drivers/mtd/mtdchar.c:576:4: warning: passing argument 2 of 'access_ok' makes pointer from integer without a cast [enabled by default]
arch/m68k/include/asm/uaccess_mm.h:17:90: note: expected 'const void *' but argument is of type '__u64'The address parameter of access_ok() is really a userspace pointer.
On most architectures, access_ok() is a macro that casts the address
parameter, hiding issues in its users.Move around and use the existing usr_data and usr_oob temporary variables
to kill the warnings. Add a few "consts", and make more use of the
temporaries while we're at it.Signed-off-by: Geert Uytterhoeven
Signed-off-by: Brian Norris
11 Mar, 2014
2 commits
-
If a write to one time programmable memory (OTP) hits the end of this
memory area, no more data can be written. The count variable in
mtdchar_write() in drivers/mtd/mtdchar.c is not decreased anymore.
We are trapped in the loop forever, mtdchar_write() will never return
in this case.The desired behavior of a write in such a case is described in [1]:
- Try to write as much data as possible, truncate the write to fit into
the available memory and return the number of bytes that actually
have been written.
- If no data could be written at all, return -ENOSPC.This patch fixes the behavior of OTP write if there is not enough space
for all data:1) mtd_write_user_prot_reg() in drivers/mtd/mtdcore.c is modified to
return -ENOSPC if no data could be written at all.
2) mtdchar_write() is modified to handle -ENOSPC correctly. Exit if a
write returned -ENOSPC and yield the correct return value, either
then number of bytes that could be written, or -ENOSPC, if no data
could be written at all.Furthermore the patch harmonizes the behavior of the OTP memory write
in drivers/mtd/devices/mtd_dataflash.c with the other implementations
and the requirements from [1]. Instead of returning -EINVAL if the data
does not fit into the OTP memory, we try to write as much data as
possible/truncate the write.[1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/write.html
Signed-off-by: Christian Riesch
Signed-off-by: Brian Norris -
Signed-off-by: Christian Riesch
Cc: Artem Bityutskiy
Signed-off-by: Brian Norris
12 Nov, 2013
1 commit
-
According both to POSIX.1-2008 and Linux Programmer's Manual mmap()
syscall shouldn't return undocumented ENOSYS, this change replaces
the errno with more appropriate ENODEV and EACCESS.Signed-off-by: Vladimir Zapolskiy
Cc: David Woodhouse
Signed-off-by: Brian Norris
07 Nov, 2013
1 commit
-
This patch moves the char and block major number definitions
to major.h to be with the rest of the major numbers.
While doing this, include major.h in the files that need it.Signed-off-by: Ezequiel Garcia
Signed-off-by: Brian Norris
29 Jun, 2013
1 commit
-
Signed-off-by: Al Viro
10 May, 2013
1 commit
-
Pull MTD update from David Woodhouse:
- Lots of cleanups from Artem, including deletion of some obsolete
drivers- Support partitions larger than 4GiB in device tree
- Support for new SPI chips
* tag 'for-linus-20130509' of git://git.infradead.org/linux-mtd: (83 commits)
mtd: omap2: Use module_platform_driver()
mtd: bf5xx_nand: Use module_platform_driver()
mtd: denali_dt: Remove redundant use of of_match_ptr
mtd: denali_dt: Change return value to fix smatch warning
mtd: denali_dt: Use module_platform_driver()
mtd: denali_dt: Fix incorrect error check
mtd: nand: subpage write support for hardware based ECC schemes
mtd: omap2: use msecs_to_jiffies()
mtd: nand_ids: use size macros
mtd: nand_ids: improve LEGACY_ID_NAND macro a bit
mtd: add 4 Toshiba nand chips for the full-id case
mtd: add the support to parse out the full-id nand type
mtd: add new fields to nand_flash_dev{}
mtd: sh_flctl: Use of_match_ptr() macro
mtd: gpio: Use of_match_ptr() macro
mtd: gpio: Use devm_kzalloc()
mtd: davinci_nand: Use of_match_ptr()
mtd: dataflash: Use of_match_ptr() macro
mtd: remove h720x flash support
mtd: onenand: remove OneNAND simulator
...
20 Apr, 2013
2 commits
-
With the conversion to vm_iomap_memory(), these vma helpers are no
longer used.Signed-off-by: Linus Torvalds
-
This is my example conversion of a few existing mmap users. The mtdchar
case is actually disabled right now (and stays disabled), but I did it
because it showed up on my "git grep", and I was familiar with the code
due to fixing an overflow problem in the code in commit 9c603e53d380
("mtdchar: fix offset overflow detection").Signed-off-by: Linus Torvalds
05 Apr, 2013
3 commits
-
The MTD subsystem has historically tried to be as configurable as possible. The
side-effect of this is that its configuration menu is rather large, and we are
gradually shrinking it. For example, we recently merged partitions support with
the mtdcore.This patch does the next step - it merges the mtdchar module to mtdcore. And in
this case this is not only about eliminating too fine-grained separation and
simplifying the configuration menu. This is also about eliminating seemingly
useless kernel module.Indeed, mtdchar is a module that allows user-space making use of MTD devices
via /dev/mtd* character devices. If users do not enable it, they simply cannot
use MTD devices at all. They cannot read or write the flash contents. Is it a
sane and useful setup? I believe not. And everyone just enables mtdchar.Having mtdchar separate is also a little bit harmful. People sometimes miss the
fact that they need to enable an additional configuration option to have
user-space MTD interfaces, and then they wonder why on earth the kernel does
not allow using the flash? They spend time asking around.Thus, let's just get rid of this module and make it part of mtd core.
Note, mtdchar had additional configuration option to enable OTP interfaces,
which are present on some flashes. I removed that option as well - it saves a
really tiny amount space.[dwmw2: Strictly speaking, you can mount file systems on MTD devices just
fine without the mtdchar (or mtdblock) devices; you just can't do
other manipulations directly on the underlying device. But still I
agree that it makes sense to make this unconditional. And Yay! we
get to kill off an instance of checking CONFIG_foo_MODULE, which is
an abomination that should never happen.]Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
We normally use 'pr_err()' for error messages, not 'pr_notice()'.
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
Before this patch mtd_read_fact_prot_reg was used to check availability
for both MTD_OTP_FACTORY and MTD_OTP_USER access. This made accessing
user otp for chips that don't have a factory otp area impossible. So use
the right wrapper depending on the intended area to be accessed.Signed-off-by: Uwe Kleine-König
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse
04 Mar, 2013
1 commit
-
Modify the request_module to prefix the file system type with "fs-"
and add aliases to all of the filesystems that can be built as modules
to match.A common practice is to build all of the kernel code and leave code
that is not commonly needed as modules, with the result that many
users are exposed to any bug anywhere in the kernel.Looking for filesystems with a fs- prefix limits the pool of possible
modules that can be loaded by mount to just filesystems trivially
making things safer with no real cost.Using aliases means user space can control the policy of which
filesystem modules are auto-loaded by editing /etc/modprobe.d/*.conf
with blacklist and alias directives. Allowing simple, safe,
well understood work-arounds to known problematic software.This also addresses a rare but unfortunate problem where the filesystem
name is not the same as it's module name and module auto-loading
would not work. While writing this patch I saw a handful of such
cases. The most significant being autofs that lives in the module
autofs4.This is relevant to user namespaces because we can reach the request
module in get_fs_type() without having any special permissions, and
people get uncomfortable when a user specified string (in this case
the filesystem type) goes all of the way to request_module.After having looked at this issue I don't think there is any
particular reason to perform any filtering or permission checks beyond
making it clear in the module request that we want a filesystem
module. The common pattern in the kernel is to call request_module()
without regards to the users permissions. In general all a filesystem
module does once loaded is call register_filesystem() and go to sleep.
Which means there is not much attack surface exposed by loading a
filesytem module unless the filesystem is mounted. In a user
namespace filesystems are not mounted unless .fs_flags = FS_USERNS_MOUNT,
which most filesystems do not set today.Acked-by: Serge Hallyn
Acked-by: Kees Cook
Reported-by: Kees Cook
Signed-off-by: "Eric W. Biederman"
09 Oct, 2012
2 commits
-
This code was broken because it assumed that all MTD devices were map-based.
Disable it for now, until it can be fixed properly for the next merge window.Signed-off-by: David Woodhouse
-
A long time ago, in v2.4, VM_RESERVED kept swapout process off VMA,
currently it lost original meaning but still has some effects:| effect | alternative flags
-+------------------------+---------------------------------------------
1| account as reserved_vm | VM_IO
2| skip in core dump | VM_IO, VM_DONTDUMP
3| do not merge or expand | VM_IO, VM_DONTEXPAND, VM_HUGETLB, VM_PFNMAP
4| do not mlock | VM_IO, VM_DONTEXPAND, VM_HUGETLB, VM_PFNMAPThis patch removes reserved_vm counter from mm_struct. Seems like nobody
cares about it, it does not exported into userspace directly, it only
reduces total_vm showed in proc.Thus VM_RESERVED can be replaced with VM_IO or pair VM_DONTEXPAND | VM_DONTDUMP.
remap_pfn_range() and io_remap_pfn_range() set VM_IO|VM_DONTEXPAND|VM_DONTDUMP.
remap_vmalloc_range() set VM_DONTEXPAND | VM_DONTDUMP.[akpm@linux-foundation.org: drivers/vfio/pci/vfio_pci.c fixup]
Signed-off-by: Konstantin Khlebnikov
Cc: Alexander Viro
Cc: Carsten Otte
Cc: Chris Metcalf
Cc: Cyrill Gorcunov
Cc: Eric Paris
Cc: H. Peter Anvin
Cc: Hugh Dickins
Cc: Ingo Molnar
Cc: James Morris
Cc: Jason Baron
Cc: Kentaro Takeda
Cc: Matt Helsley
Cc: Nick Piggin
Cc: Oleg Nesterov
Cc: Peter Zijlstra
Cc: Robert Richter
Cc: Suresh Siddha
Cc: Tetsuo Handa
Cc: Venkatesh Pallipadi
Acked-by: Linus Torvalds
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
29 Sep, 2012
1 commit
-
Sasha Levin has been running trinity in a KVM tools guest, and was able
to trigger the BUG_ON() at arch/x86/mm/pat.c:279 (verifying the range of
the memory type). The call trace showed that it was mtdchar_mmap() that
created an invalid remap_pfn_range().The problem is that mtdchar_mmap() does various really odd and subtle
things with the vma page offset etc, and uses the wrong types (and the
wrong overflow) detection for it.For example, the page offset may well be 32-bit on a 32-bit
architecture, but after shifting it up by PAGE_SHIFT, we need to use a
potentially 64-bit resource_size_t to correctly hold the full value.Also, we need to check that the vma length plus offset doesn't overflow
before we check that it is smaller than the length of the mtdmap region.This fixes things up and tries to make the code a bit easier to read.
Reported-and-tested-by: Sasha Levin
Acked-by: Suresh Siddha
Acked-by: Artem Bityutskiy
Cc: David Woodhouse
Cc: linux-mtd@lists.infradead.org
Signed-off-by: Linus Torvalds
08 May, 2012
1 commit
-
I'm seeing an oops in mtd_dataflash.c with Linux 3.3. What appears to
be happening is that otp_select_filemode calls mtd_read_fact_prot_reg
with -1 for offset and length and a NULL buffer to test if OTP
operations are supported. This finds its way down to otp_read in
mtd_dataflash.c and causes an oops when memcpying the returned data
into the NULL buf.None of the checks in otp_read catches the negative length and offset.
Changing the length of the dummy read to 0 prevents the oops.Cc: stable@kernel.org [3.3+]
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse
09 Apr, 2012
1 commit
-
simple_release_fs() should be only done on failure there.
Signed-off-by: Al Viro
01 Apr, 2012
2 commits
-
Pull second try at vfs part d#2 from Al Viro:
"Miklos' first series (with do_lookup() rewrite split into edible
chunks) + assorted bits and pieces.The 'untangling of do_lookup()' series is is a splitup of what used to
be a monolithic patch from Miklos, so this series is basically "how do
I convince myself that his patch is correct (or find a hole in it)".
No holes found and I like the resulting cleanup, so in it went..."Changes from try 1: Fix a boot problem with selinux, and commit messages
prettied up a bit.* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (24 commits)
vfs: fix out-of-date dentry_unhash() comment
vfs: split __lookup_hash
untangling do_lookup() - take __lookup_hash()-calling case out of line.
untangling do_lookup() - switch to calling __lookup_hash()
untangling do_lookup() - merge d_alloc_and_lookup() callers
untangling do_lookup() - merge failure exits in !dentry case
untangling do_lookup() - massage !dentry case towards __lookup_hash()
untangling do_lookup() - get rid of need_reval in !dentry case
untangling do_lookup() - eliminate a loop.
untangling do_lookup() - expand the area under ->i_mutex
untangling do_lookup() - isolate !dentry stuff from the rest of it.
vfs: move MAY_EXEC check from __lookup_hash()
vfs: don't revalidate just looked up dentry
vfs: fix d_need_lookup/d_revalidate order in do_lookup
ext3: move headers to fs/ext3/
migrate ext2_fs.h guts to fs/ext2/ext2.h
new helper: ext2_image_size()
get rid of pointless includes of ext2_fs.h
ext2: No longer export ext2_fs.h to user space
mtdchar: kill persistently held vfsmount
... -
... and mtdchar_notifier along with it; just have ->drop_inode() that
will unconditionally get evict them instead of dances on mtd device
removal and use simple_pin_fs() instead of kern_mount()Signed-off-by: Al Viro
31 Mar, 2012
1 commit
-
Pull MTD changes from David Woodhouse:
- Artem's cleanup of the MTD API continues apace.
- Fixes and improvements for ST FSMC and SuperH FLCTL NAND, amongst
others.
- More work on DiskOnChip G3, new driver for DiskOnChip G4.
- Clean up debug/warning printks in JFFS2 to use pr_.Fix up various trivial conflicts, largely due to changes in calling
conventions for things like dmaengine_prep_slave_sg() (new inline
wrapper to hide new parameter, clashing with rewrite of previously last
parameter that used to be an 'append' flag, and is now a bitmap of
'unsigned long flags').(Also some header file fallout - like so many merges this merge window -
and silly conflicts with sparse fixes)* tag 'for-linus-3.4' of git://git.infradead.org/mtd-2.6: (120 commits)
mtd: docg3 add protection against concurrency
mtd: docg3 refactor cascade floors structure
mtd: docg3 increase write/erase timeout
mtd: docg3 fix inbound calculations
mtd: nand: gpmi: fix function annotations
mtd: phram: fix section mismatch for phram_setup
mtd: unify initialization of erase_info->fail_addr
mtd: support ONFI multi lun NAND
mtd: sm_ftl: fix typo in major number.
mtd: add device-tree support to spear_smi
mtd: spear_smi: Remove default partition information from driver
mtd: Add device-tree support to fsmc_nand
mtd: fix section mismatch for doc_probe_device
mtd: nand/fsmc: Remove sparse warnings and errors
mtd: nand/fsmc: Add DMA support
mtd: nand/fsmc: Access the NAND device word by word whenever possible
mtd: nand/fsmc: Use dev_err to report error scenario
mtd: nand/fsmc: Use devm routines
mtd: nand/fsmc: Modify fsmc driver to accept nand timing parameters via platform
mtd: fsmc_nand: add pm callbacks to support hibernation
...
27 Mar, 2012
1 commit
-
This patch renames all MTD functions by adding a "_" prefix:
mtd->erase -> mtd->_erase
mtd->read_oob -> mtd->_read_oob
...The reason is that we are re-working the MTD API and from now on it is
an error to use MTD function pointers directly - we have a corresponding
API call for every pointer. By adding a leading "_" we achieve the following:1. Make sure we convert every direct pointer users
2. A leading "_" suggests that this interface is internal and it becomes
less likely that people will use them directly
3. Make sure all the out-of-tree modules stop compiling and the owners
spot the big API change and amend them.Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse
24 Mar, 2012
1 commit
-
- Move open-coded filesystem magic numbers into magic.h
- Rearrange magic.h so that the filesystem-related constants are grouped
together.Signed-off-by: Muthukumar R
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
10 Jan, 2012
16 commits
-
Instead, use the new 'mtd_can_have_bb()', or just rely on 'mtd_block_markbad()'
return code, which will be -EOPNOTSUPP if bad blocks are not supported.Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
This patch introduces new 'mtd_can_have_bb()' helper function which checks
whether the flash can have bad eraseblocks. Then it changes all the
direct 'mtd->block_isbad' use cases with 'mtd_can_have_bb()'.Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
Instead, call the corresponding MTD API function which will return
'-EOPNOTSUPP' if the operation is not supported.Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
This patch teaches 'mtd_sync()' to do nothing when the MTD driver does
not have the '->sync()' method, which allows us to remove all direct
'mtd->sync' accesses.Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
Instead, check the -EOPNOTSUPP return code of 'mtd_lock_user_prot_reg()'.
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
Instead, just call 'mtd_write_user_prot_reg()' and check the '-EOPNOTSUPP' return
code.Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
Instead, call 'mtd_read_*_prot_info()' and check for -EOPNOTSUPP.
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
Instead, call 'mtd_get_*_prot_info()' and check for '-EOPNOTSUPP'. While
on it, fix the return code from '-EOPNOTSUPP' to '-EINVAL' for the case
when the mode parameter is invalid.Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
Instead of checking whether 'mtd->read_oob' is defined, just call
'mtd_read_oob()' and handle the '-EOPNOTSUPP' error which will be returned
if the function is undefined.Additionally, make 'mtd_write_oob()' return '-EOPNOTSUPP' if the function
is undefined.Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
Remove direct usage of mtd->get_unmapped_area. Instead, just call
'mtd_get_unmapped_area()' which will return -EOPNOTSUPP if the function
is not implemented and test for this error code.Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
We are working in the direction of making sure that MTD clients to not
use 'mtd->func' pointers directly. In some places we want to know if
OOB operations are supported by an MTD device. Introduce 'mtd_has_oob()'
helper for these purposes.Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
MTD functions always assign the 'retlen' argument to 0 at the very
beginning - the callers do not have to do this.I used the following semantic patch to find these places:
@@
identifier retlen;
expression a, b, c, d, e;
constant C;
type T;
@@
(
- retlen = C;
|
T
-retlen = C
+ retlen
;
)... when != retlen
when exists(
mtd_read(a, b, c, &retlen, d)
|
mtd_write(a, b, c, &retlen, d)
|
mtd_panic_write(a, b, c, &retlen, d)
|
mtd_point(a, b, c, &retlen, d, e)
|
mtd_read_fact_prot_reg(a, b, c, &retlen, d)
|
mtd_write_user_prot_reg(a, b, c, &retlen, d)
|
mtd_read_user_prot_reg(a, b, c, &retlen, d)
|
mtd_writev(a, b, c, d, &retlen)
)I ran it twice, because there were cases of double zero assigments
in mtd tests. Then I went through the patch to verify that spatch
did not find any false positives.Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse