[PATCH] drivers/isdn/sc/ioctl.c: copy_from_user() size fix
[linux-2.6] / drivers / mtd / redboot.c
1 /*
2  * $Id: redboot.c,v 1.18 2005/11/07 11:14:21 gleixner Exp $
3  *
4  * Parse RedBoot-style Flash Image System (FIS) tables and
5  * produce a Linux partition array to match.
6  */
7
8 #include <linux/kernel.h>
9 #include <linux/slab.h>
10 #include <linux/init.h>
11 #include <linux/vmalloc.h>
12
13 #include <linux/mtd/mtd.h>
14 #include <linux/mtd/partitions.h>
15
16 struct fis_image_desc {
17     unsigned char name[16];      // Null terminated name
18     unsigned long flash_base;    // Address within FLASH of image
19     unsigned long mem_base;      // Address in memory where it executes
20     unsigned long size;          // Length of image
21     unsigned long entry_point;   // Execution entry point
22     unsigned long data_length;   // Length of actual data
23     unsigned char _pad[256-(16+7*sizeof(unsigned long))];
24     unsigned long desc_cksum;    // Checksum over image descriptor
25     unsigned long file_cksum;    // Checksum over image data
26 };
27
28 struct fis_list {
29         struct fis_image_desc *img;
30         struct fis_list *next;
31 };
32
33 static int directory = CONFIG_MTD_REDBOOT_DIRECTORY_BLOCK;
34 module_param(directory, int, 0);
35
36 static inline int redboot_checksum(struct fis_image_desc *img)
37 {
38         /* RedBoot doesn't actually write the desc_cksum field yet AFAICT */
39         return 1;
40 }
41
42 static int parse_redboot_partitions(struct mtd_info *master,
43                              struct mtd_partition **pparts,
44                              unsigned long fis_origin)
45 {
46         int nrparts = 0;
47         struct fis_image_desc *buf;
48         struct mtd_partition *parts;
49         struct fis_list *fl = NULL, *tmp_fl;
50         int ret, i;
51         size_t retlen;
52         char *names;
53         char *nullname;
54         int namelen = 0;
55         int nulllen = 0;
56         int numslots;
57         unsigned long offset;
58 #ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED
59         static char nullstring[] = "unallocated";
60 #endif
61
62         buf = vmalloc(master->erasesize);
63
64         if (!buf)
65                 return -ENOMEM;
66
67         if ( directory < 0 )
68                 offset = master->size + directory*master->erasesize;
69         else
70                 offset = directory*master->erasesize;
71
72         printk(KERN_NOTICE "Searching for RedBoot partition table in %s at offset 0x%lx\n",
73                master->name, offset);
74
75         ret = master->read(master, offset,
76                            master->erasesize, &retlen, (void *)buf);
77
78         if (ret)
79                 goto out;
80
81         if (retlen != master->erasesize) {
82                 ret = -EIO;
83                 goto out;
84         }
85
86         numslots = (master->erasesize / sizeof(struct fis_image_desc));
87         for (i = 0; i < numslots; i++) {
88                 if (buf[i].name[0] == 0xff) {
89                         i = numslots;
90                         break;
91                 }
92                 if (!memcmp(buf[i].name, "FIS directory", 14))
93                         break;
94         }
95         if (i == numslots) {
96                 /* Didn't find it */
97                 printk(KERN_NOTICE "No RedBoot partition table detected in %s\n",
98                        master->name);
99                 ret = 0;
100                 goto out;
101         }
102
103         for (i = 0; i < numslots; i++) {
104                 struct fis_list *new_fl, **prev;
105
106                 if (buf[i].name[0] == 0xff)
107                         break;
108                 if (!redboot_checksum(&buf[i]))
109                         break;
110
111                 new_fl = kmalloc(sizeof(struct fis_list), GFP_KERNEL);
112                 namelen += strlen(buf[i].name)+1;
113                 if (!new_fl) {
114                         ret = -ENOMEM;
115                         goto out;
116                 }
117                 new_fl->img = &buf[i];
118                 if (fis_origin) {
119                         buf[i].flash_base -= fis_origin;
120                 } else {
121                         buf[i].flash_base &= master->size-1;
122                 }
123
124                 /* I'm sure the JFFS2 code has done me permanent damage.
125                  * I now think the following is _normal_
126                  */
127                 prev = &fl;
128                 while(*prev && (*prev)->img->flash_base < new_fl->img->flash_base)
129                         prev = &(*prev)->next;
130                 new_fl->next = *prev;
131                 *prev = new_fl;
132
133                 nrparts++;
134         }
135 #ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED
136         if (fl->img->flash_base) {
137                 nrparts++;
138                 nulllen = sizeof(nullstring);
139         }
140
141         for (tmp_fl = fl; tmp_fl->next; tmp_fl = tmp_fl->next) {
142                 if (tmp_fl->img->flash_base + tmp_fl->img->size + master->erasesize <= tmp_fl->next->img->flash_base) {
143                         nrparts++;
144                         nulllen = sizeof(nullstring);
145                 }
146         }
147 #endif
148         parts = kmalloc(sizeof(*parts)*nrparts + nulllen + namelen, GFP_KERNEL);
149
150         if (!parts) {
151                 ret = -ENOMEM;
152                 goto out;
153         }
154
155         memset(parts, 0, sizeof(*parts)*nrparts + nulllen + namelen);
156
157         nullname = (char *)&parts[nrparts];
158 #ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED
159         if (nulllen > 0) {
160                 strcpy(nullname, nullstring);
161         }
162 #endif
163         names = nullname + nulllen;
164
165         i=0;
166
167 #ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED
168         if (fl->img->flash_base) {
169                parts[0].name = nullname;
170                parts[0].size = fl->img->flash_base;
171                parts[0].offset = 0;
172                 i++;
173         }
174 #endif
175         for ( ; i<nrparts; i++) {
176                 parts[i].size = fl->img->size;
177                 parts[i].offset = fl->img->flash_base;
178                 parts[i].name = names;
179
180                 strcpy(names, fl->img->name);
181 #ifdef CONFIG_MTD_REDBOOT_PARTS_READONLY
182                 if (!memcmp(names, "RedBoot", 8) ||
183                                 !memcmp(names, "RedBoot config", 15) ||
184                                 !memcmp(names, "FIS directory", 14)) {
185                         parts[i].mask_flags = MTD_WRITEABLE;
186                 }
187 #endif
188                 names += strlen(names)+1;
189
190 #ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED
191                 if(fl->next && fl->img->flash_base + fl->img->size + master->erasesize <= fl->next->img->flash_base) {
192                         i++;
193                         parts[i].offset = parts[i-1].size + parts[i-1].offset;
194                         parts[i].size = fl->next->img->flash_base - parts[i].offset;
195                         parts[i].name = nullname;
196                 }
197 #endif
198                 tmp_fl = fl;
199                 fl = fl->next;
200                 kfree(tmp_fl);
201         }
202         ret = nrparts;
203         *pparts = parts;
204  out:
205         while (fl) {
206                 struct fis_list *old = fl;
207                 fl = fl->next;
208                 kfree(old);
209         }
210         vfree(buf);
211         return ret;
212 }
213
214 static struct mtd_part_parser redboot_parser = {
215         .owner = THIS_MODULE,
216         .parse_fn = parse_redboot_partitions,
217         .name = "RedBoot",
218 };
219
220 static int __init redboot_parser_init(void)
221 {
222         return register_mtd_parser(&redboot_parser);
223 }
224
225 static void __exit redboot_parser_exit(void)
226 {
227         deregister_mtd_parser(&redboot_parser);
228 }
229
230 module_init(redboot_parser_init);
231 module_exit(redboot_parser_exit);
232
233 MODULE_LICENSE("GPL");
234 MODULE_AUTHOR("Red Hat, Inc. - David Woodhouse <dwmw2@cambridge.redhat.com>");
235 MODULE_DESCRIPTION("Parsing code for RedBoot Flash Image System (FIS) tables");