fix a >2 year old stack overflow in the mtd rootfs split patch which only caused...
[openwrt/svn-archive/archive.git] / target / linux / generic-2.6 / patches-2.6.30 / 065-rootfs_split.patch
1 --- a/drivers/mtd/Kconfig
2 +++ b/drivers/mtd/Kconfig
3 @@ -53,6 +53,16 @@ config MTD_TESTS
4 should normally be compiled as kernel modules. The modules perform
5 various checks and verifications when loaded.
6
7 +config MTD_ROOTFS_ROOT_DEV
8 + bool "Automatically set 'rootfs' partition to be root filesystem"
9 + depends on MTD_PARTITIONS
10 + default y
11 +
12 +config MTD_ROOTFS_SPLIT
13 + bool "Automatically split 'rootfs' partition for squashfs"
14 + depends on MTD_PARTITIONS
15 + default y
16 +
17 config MTD_REDBOOT_PARTS
18 tristate "RedBoot partition table parsing"
19 depends on MTD_PARTITIONS
20 --- a/drivers/mtd/mtdpart.c
21 +++ b/drivers/mtd/mtdpart.c
22 @@ -18,6 +18,8 @@
23 #include <linux/mtd/mtd.h>
24 #include <linux/mtd/partitions.h>
25 #include <linux/mtd/compatmac.h>
26 +#include <linux/root_dev.h>
27 +#include <linux/magic.h>
28
29 /* Our partition linked list */
30 static LIST_HEAD(mtd_partitions);
31 @@ -37,7 +39,7 @@ struct mtd_part {
32 * the pointer to that structure with this macro.
33 */
34 #define PART(x) ((struct mtd_part *)(x))
35 -
36 +#define IS_PART(mtd) (mtd->read == part_read)
37
38 /*
39 * MTD methods which simply translate the effective address and pass through
40 @@ -512,6 +514,155 @@ out_register:
41 return slave;
42 }
43
44 +#ifdef CONFIG_MTD_ROOTFS_SPLIT
45 +#define ROOTFS_SPLIT_NAME "rootfs_data"
46 +#define ROOTFS_REMOVED_NAME "<removed>"
47 +
48 +struct squashfs_super_block {
49 + __le32 s_magic;
50 + __le32 pad0[9];
51 + __le64 bytes_used;
52 +};
53 +
54 +
55 +static int split_squashfs(struct mtd_info *master, int offset, int *split_offset)
56 +{
57 + struct squashfs_super_block sb;
58 + int len, ret;
59 +
60 + ret = master->read(master, offset, sizeof(sb), &len, (void *) &sb);
61 + if (ret || (len != sizeof(sb))) {
62 + printk(KERN_ALERT "split_squashfs: error occured while reading "
63 + "from \"%s\"\n", master->name);
64 + return -EINVAL;
65 + }
66 +
67 + if (SQUASHFS_MAGIC != le32_to_cpu(sb.s_magic) ) {
68 + printk(KERN_ALERT "split_squashfs: no squashfs found in \"%s\"\n",
69 + master->name);
70 + *split_offset = 0;
71 + return 0;
72 + }
73 +
74 + if (le64_to_cpu((sb.bytes_used)) <= 0) {
75 + printk(KERN_ALERT "split_squashfs: squashfs is empty in \"%s\"\n",
76 + master->name);
77 + *split_offset = 0;
78 + return 0;
79 + }
80 +
81 + len = (u32) le64_to_cpu(sb.bytes_used);
82 + len += (offset & 0x000fffff);
83 + len += (master->erasesize - 1);
84 + len &= ~(master->erasesize - 1);
85 + len -= (offset & 0x000fffff);
86 + *split_offset = offset + len;
87 +
88 + return 0;
89 +}
90 +
91 +static int split_rootfs_data(struct mtd_info *master, struct mtd_info *rpart, const struct mtd_partition *part,
92 + int index)
93 +{
94 + struct mtd_partition *dpart;
95 + struct mtd_part *slave = NULL;
96 + int split_offset = 0;
97 + int ret;
98 +
99 + ret = split_squashfs(master, part->offset, &split_offset);
100 + if (ret)
101 + return ret;
102 +
103 + if (split_offset <= 0)
104 + return 0;
105 +
106 + dpart = kmalloc(sizeof(*part)+sizeof(ROOTFS_SPLIT_NAME)+1, GFP_KERNEL);
107 + if (dpart == NULL) {
108 + printk(KERN_INFO "split_squashfs: no memory for partition \"%s\"\n",
109 + ROOTFS_SPLIT_NAME);
110 + return -ENOMEM;
111 + }
112 +
113 + memcpy(dpart, part, sizeof(*part));
114 + dpart->name = (unsigned char *)&dpart[1];
115 + strcpy(dpart->name, ROOTFS_SPLIT_NAME);
116 +
117 + dpart->size -= split_offset - dpart->offset;
118 + dpart->offset = split_offset;
119 +
120 + if (dpart == NULL)
121 + return 1;
122 +
123 + printk(KERN_INFO "mtd: partition \"%s\" created automatically, ofs=%llX, len=%llX \n",
124 + ROOTFS_SPLIT_NAME, dpart->offset, dpart->size);
125 +
126 + slave = add_one_partition(master, dpart, index, split_offset);
127 + if (!slave) {
128 + kfree(dpart);
129 + return -ENOMEM;
130 + }
131 + rpart->split = &slave->mtd;
132 +
133 + return 0;
134 +}
135 +
136 +static int refresh_rootfs_split(struct mtd_info *mtd)
137 +{
138 + struct mtd_partition tpart;
139 + struct mtd_part *part;
140 + char *name;
141 + int index = 0;
142 + int offset, size;
143 + int ret;
144 +
145 + part = PART(mtd);
146 +
147 + /* check for the new squashfs offset first */
148 + ret = split_squashfs(part->master, part->offset, &offset);
149 + if (ret)
150 + return ret;
151 +
152 + if ((offset > 0) && !mtd->split) {
153 + printk(KERN_INFO "%s: creating new split partition for \"%s\"\n", __func__, mtd->name);
154 + /* if we don't have a rootfs split partition, create a new one */
155 + tpart.name = (char *) mtd->name;
156 + tpart.size = mtd->size;
157 + tpart.offset = part->offset;
158 +
159 + /* find the index of the last partition */
160 + if (!list_empty(&mtd_partitions))
161 + index = list_first_entry(&mtd_partitions, struct mtd_part, list)->index + 1;
162 +
163 + return split_rootfs_data(part->master, &part->mtd, &tpart, index);
164 + } else if ((offset > 0) && mtd->split) {
165 + /* update the offsets of the existing partition */
166 + size = mtd->size + part->offset - offset;
167 +
168 + part = PART(mtd->split);
169 + part->offset = offset;
170 + part->mtd.size = size;
171 + printk(KERN_INFO "%s: %s partition \"" ROOTFS_SPLIT_NAME "\", offset: 0x%06x (0x%06x)\n",
172 + __func__, (!strcmp(part->mtd.name, ROOTFS_SPLIT_NAME) ? "updating" : "creating"),
173 + (u32) part->offset, (u32) part->mtd.size);
174 + name = kmalloc(sizeof(ROOTFS_SPLIT_NAME) + 1, GFP_KERNEL);
175 + strcpy(name, ROOTFS_SPLIT_NAME);
176 + part->mtd.name = name;
177 + } else if ((offset <= 0) && mtd->split) {
178 + printk(KERN_INFO "%s: removing partition \"%s\"\n", __func__, mtd->split->name);
179 +
180 + /* mark existing partition as removed */
181 + part = PART(mtd->split);
182 + name = kmalloc(sizeof(ROOTFS_SPLIT_NAME) + 1, GFP_KERNEL);
183 + strcpy(name, ROOTFS_REMOVED_NAME);
184 + part->mtd.name = name;
185 + part->offset = 0;
186 + part->mtd.size = 0;
187 + }
188 +
189 + return 0;
190 +}
191 +#endif /* CONFIG_MTD_ROOTFS_SPLIT */
192 +
193 /*
194 * This function, given a master MTD object and a partition table, creates
195 * and registers slave MTD objects which are bound to the master according to
196 @@ -527,14 +678,29 @@ int add_mtd_partitions(struct mtd_info *
197 {
198 struct mtd_part *slave;
199 uint64_t cur_offset = 0;
200 - int i;
201 + int i, j, ret;
202
203 printk(KERN_NOTICE "Creating %d MTD partitions on \"%s\":\n", nbparts, master->name);
204
205 - for (i = 0; i < nbparts; i++) {
206 - slave = add_one_partition(master, parts + i, i, cur_offset);
207 + for (i = 0, j = 0; i < nbparts; i++) {
208 + slave = add_one_partition(master, parts + i, j++, cur_offset);
209 if (!slave)
210 return -ENOMEM;
211 +
212 + if (!strcmp(parts[i].name, "rootfs") && slave->registered) {
213 +#ifdef CONFIG_MTD_ROOTFS_ROOT_DEV
214 + if (ROOT_DEV == 0) {
215 + printk(KERN_NOTICE "mtd: partition \"rootfs\" "
216 + "set to be root filesystem\n");
217 + ROOT_DEV = MKDEV(MTD_BLOCK_MAJOR, slave->mtd.index);
218 + }
219 +#endif
220 +#ifdef CONFIG_MTD_ROOTFS_SPLIT
221 + ret = split_rootfs_data(master, &slave->mtd, &parts[i], j);
222 + if (ret == 0)
223 + j++;
224 +#endif
225 + }
226 cur_offset = slave->offset + slave->mtd.size;
227 }
228
229 @@ -542,6 +708,32 @@ int add_mtd_partitions(struct mtd_info *
230 }
231 EXPORT_SYMBOL(add_mtd_partitions);
232
233 +int refresh_mtd_partitions(struct mtd_info *mtd)
234 +{
235 + int ret = 0;
236 +
237 + if (IS_PART(mtd)) {
238 + struct mtd_part *part;
239 + struct mtd_info *master;
240 +
241 + part = PART(mtd);
242 + master = part->master;
243 + if (master->refresh_device)
244 + ret = master->refresh_device(master);
245 + }
246 +
247 + if (!ret && mtd->refresh_device)
248 + ret = mtd->refresh_device(mtd);
249 +
250 +#ifdef CONFIG_MTD_ROOTFS_SPLIT
251 + if (!ret && IS_PART(mtd) && !strcmp(mtd->name, "rootfs"))
252 + refresh_rootfs_split(mtd);
253 +#endif
254 +
255 + return 0;
256 +}
257 +EXPORT_SYMBOL_GPL(refresh_mtd_partitions);
258 +
259 static DEFINE_SPINLOCK(part_parser_lock);
260 static LIST_HEAD(part_parsers);
261
262 --- a/drivers/mtd/devices/block2mtd.c
263 +++ b/drivers/mtd/devices/block2mtd.c
264 @@ -29,6 +29,8 @@ struct block2mtd_dev {
265 struct block_device *blkdev;
266 struct mtd_info mtd;
267 struct mutex write_mutex;
268 + rwlock_t bdev_mutex;
269 + char devname[0];
270 };
271
272
273 @@ -81,6 +83,12 @@ static int block2mtd_erase(struct mtd_in
274 size_t len = instr->len;
275 int err;
276
277 + read_lock(&dev->bdev_mutex);
278 + if (!dev->blkdev) {
279 + err = -EINVAL;
280 + goto done;
281 + }
282 +
283 instr->state = MTD_ERASING;
284 mutex_lock(&dev->write_mutex);
285 err = _block2mtd_erase(dev, from, len);
286 @@ -93,6 +101,10 @@ static int block2mtd_erase(struct mtd_in
287
288 instr->state = MTD_ERASE_DONE;
289 mtd_erase_callback(instr);
290 +
291 +done:
292 + read_unlock(&dev->bdev_mutex);
293 +
294 return err;
295 }
296
297 @@ -104,10 +116,14 @@ static int block2mtd_read(struct mtd_inf
298 struct page *page;
299 int index = from >> PAGE_SHIFT;
300 int offset = from & (PAGE_SIZE-1);
301 - int cpylen;
302 + int cpylen, err = 0;
303 +
304 + read_lock(&dev->bdev_mutex);
305 + if (!dev->blkdev || (from > mtd->size)) {
306 + err = -EINVAL;
307 + goto done;
308 + }
309
310 - if (from > mtd->size)
311 - return -EINVAL;
312 if (from + len > mtd->size)
313 len = mtd->size - from;
314
315 @@ -122,10 +138,14 @@ static int block2mtd_read(struct mtd_inf
316 len = len - cpylen;
317
318 page = page_read(dev->blkdev->bd_inode->i_mapping, index);
319 - if (!page)
320 - return -ENOMEM;
321 - if (IS_ERR(page))
322 - return PTR_ERR(page);
323 + if (!page) {
324 + err = -ENOMEM;
325 + goto done;
326 + }
327 + if (IS_ERR(page)) {
328 + err = PTR_ERR(page);
329 + goto done;
330 + }
331
332 memcpy(buf, page_address(page) + offset, cpylen);
333 page_cache_release(page);
334 @@ -136,7 +156,10 @@ static int block2mtd_read(struct mtd_inf
335 offset = 0;
336 index++;
337 }
338 - return 0;
339 +
340 +done:
341 + read_unlock(&dev->bdev_mutex);
342 + return err;
343 }
344
345
346 @@ -188,12 +211,22 @@ static int block2mtd_write(struct mtd_in
347 size_t *retlen, const u_char *buf)
348 {
349 struct block2mtd_dev *dev = mtd->priv;
350 - int err;
351 + int err = 0;
352 +
353 + read_lock(&dev->bdev_mutex);
354 + if (!dev->blkdev) {
355 + err = -EINVAL;
356 + goto done;
357 + }
358
359 if (!len)
360 - return 0;
361 - if (to >= mtd->size)
362 - return -ENOSPC;
363 + goto done;
364 +
365 + if (to >= mtd->size) {
366 + err = -ENOSPC;
367 + goto done;
368 + }
369 +
370 if (to + len > mtd->size)
371 len = mtd->size - to;
372
373 @@ -202,6 +235,9 @@ static int block2mtd_write(struct mtd_in
374 mutex_unlock(&dev->write_mutex);
375 if (err > 0)
376 err = 0;
377 +
378 +done:
379 + read_unlock(&dev->bdev_mutex);
380 return err;
381 }
382
383 @@ -210,52 +246,29 @@ static int block2mtd_write(struct mtd_in
384 static void block2mtd_sync(struct mtd_info *mtd)
385 {
386 struct block2mtd_dev *dev = mtd->priv;
387 - sync_blockdev(dev->blkdev);
388 - return;
389 -}
390 -
391 -
392 -static void block2mtd_free_device(struct block2mtd_dev *dev)
393 -{
394 - if (!dev)
395 - return;
396 -
397 - kfree(dev->mtd.name);
398
399 - if (dev->blkdev) {
400 - invalidate_mapping_pages(dev->blkdev->bd_inode->i_mapping,
401 - 0, -1);
402 - close_bdev_exclusive(dev->blkdev, FMODE_READ|FMODE_WRITE);
403 - }
404 + read_lock(&dev->bdev_mutex);
405 + if (dev->blkdev)
406 + sync_blockdev(dev->blkdev);
407 + read_unlock(&dev->bdev_mutex);
408
409 - kfree(dev);
410 + return;
411 }
412
413
414 -/* FIXME: ensure that mtd->size % erase_size == 0 */
415 -static struct block2mtd_dev *add_device(char *devname, int erase_size, const char *mtdname)
416 +static int _open_bdev(struct block2mtd_dev *dev)
417 {
418 struct block_device *bdev;
419 - struct block2mtd_dev *dev;
420 - struct mtd_partition *part;
421 - char *name;
422 -
423 - if (!devname)
424 - return NULL;
425 -
426 - dev = kzalloc(sizeof(struct block2mtd_dev), GFP_KERNEL);
427 - if (!dev)
428 - return NULL;
429
430 /* Get a handle on the device */
431 - bdev = open_bdev_exclusive(devname, FMODE_READ|FMODE_WRITE, NULL);
432 + bdev = open_bdev_exclusive(dev->devname, FMODE_READ|FMODE_WRITE, NULL);
433 #ifndef MODULE
434 if (IS_ERR(bdev)) {
435
436 /* We might not have rootfs mounted at this point. Try
437 to resolve the device name by other means. */
438
439 - dev_t devt = name_to_dev_t(devname);
440 + dev_t devt = name_to_dev_t(dev->devname);
441 if (devt) {
442 bdev = open_by_devnum(devt, FMODE_WRITE | FMODE_READ);
443 }
444 @@ -263,17 +276,97 @@ static struct block2mtd_dev *add_device(
445 #endif
446
447 if (IS_ERR(bdev)) {
448 - ERROR("error: cannot open device %s", devname);
449 - goto devinit_err;
450 + ERROR("error: cannot open device %s", dev->devname);
451 + return 1;
452 }
453 dev->blkdev = bdev;
454
455 if (MAJOR(bdev->bd_dev) == MTD_BLOCK_MAJOR) {
456 ERROR("attempting to use an MTD device as a block device");
457 - goto devinit_err;
458 + return 1;
459 }
460
461 + return 0;
462 +}
463 +
464 +static void _close_bdev(struct block2mtd_dev *dev)
465 +{
466 + struct block_device *bdev;
467 +
468 + if (!dev->blkdev)
469 + return;
470 +
471 + bdev = dev->blkdev;
472 + invalidate_mapping_pages(dev->blkdev->bd_inode->i_mapping, 0, -1);
473 + close_bdev_exclusive(dev->blkdev, FMODE_READ|FMODE_WRITE);
474 + dev->blkdev = NULL;
475 +}
476 +
477 +static void block2mtd_free_device(struct block2mtd_dev *dev)
478 +{
479 + if (!dev)
480 + return;
481 +
482 + kfree(dev->mtd.name);
483 + _close_bdev(dev);
484 + kfree(dev);
485 +}
486 +
487 +
488 +static int block2mtd_refresh(struct mtd_info *mtd)
489 +{
490 + struct block2mtd_dev *dev = mtd->priv;
491 + struct block_device *bdev;
492 + dev_t devt;
493 + int err = 0;
494 +
495 + /* no other mtd function can run at this point */
496 + write_lock(&dev->bdev_mutex);
497 +
498 + /* get the device number for the whole disk */
499 + devt = MKDEV(MAJOR(dev->blkdev->bd_dev), 0);
500 +
501 + /* close the old block device */
502 + _close_bdev(dev);
503 +
504 + /* open the whole disk, issue a partition rescan, then */
505 + bdev = open_by_devnum(devt, FMODE_WRITE | FMODE_READ);
506 + if (!bdev || !bdev->bd_disk)
507 + err = -EINVAL;
508 + else {
509 + err = rescan_partitions(bdev->bd_disk, bdev);
510 + }
511 + if (bdev)
512 + close_bdev_exclusive(bdev, FMODE_READ|FMODE_WRITE);
513 +
514 + /* try to open the partition block device again */
515 + _open_bdev(dev);
516 + write_unlock(&dev->bdev_mutex);
517 +
518 + return err;
519 +}
520 +
521 +/* FIXME: ensure that mtd->size % erase_size == 0 */
522 +static struct block2mtd_dev *add_device(char *devname, int erase_size, char *mtdname)
523 +{
524 + struct block2mtd_dev *dev;
525 + struct mtd_partition *part;
526 + char *name;
527 +
528 + if (!devname)
529 + return NULL;
530 +
531 + dev = kzalloc(sizeof(struct block2mtd_dev) + strlen(devname) + 1, GFP_KERNEL);
532 + if (!dev)
533 + return NULL;
534 +
535 + strcpy(dev->devname, devname);
536 +
537 + if (_open_bdev(dev))
538 + goto devinit_err;
539 +
540 mutex_init(&dev->write_mutex);
541 + rwlock_init(&dev->bdev_mutex);
542
543 if (!mtdname)
544 mtdname = devname;
545 @@ -297,6 +390,7 @@ static struct block2mtd_dev *add_device(
546 dev->mtd.read = block2mtd_read;
547 dev->mtd.priv = dev;
548 dev->mtd.owner = THIS_MODULE;
549 + dev->mtd.refresh_device = block2mtd_refresh;
550
551 part = kzalloc(sizeof(struct mtd_partition), GFP_KERNEL);
552 part->name = dev->mtd.name;
553 --- a/drivers/mtd/mtdchar.c
554 +++ b/drivers/mtd/mtdchar.c
555 @@ -17,6 +17,7 @@
556
557 #include <linux/mtd/mtd.h>
558 #include <linux/mtd/compatmac.h>
559 +#include <linux/mtd/partitions.h>
560
561 #include <asm/uaccess.h>
562
563 @@ -750,6 +751,13 @@ static int mtd_ioctl(struct inode *inode
564 file->f_pos = 0;
565 break;
566 }
567 +#ifdef CONFIG_MTD_PARTITIONS
568 + case MTDREFRESH:
569 + {
570 + ret = refresh_mtd_partitions(mtd);
571 + break;
572 + }
573 +#endif
574
575 default:
576 ret = -ENOTTY;
577 --- a/include/linux/mtd/mtd.h
578 +++ b/include/linux/mtd/mtd.h
579 @@ -101,6 +101,7 @@ struct mtd_oob_ops {
580 uint8_t *oobbuf;
581 };
582
583 +struct mtd_info;
584 struct mtd_info {
585 u_char type;
586 uint32_t flags;
587 @@ -241,6 +242,9 @@ struct mtd_info {
588 struct device dev;
589 int usecount;
590
591 + int (*refresh_device)(struct mtd_info *mtd);
592 + struct mtd_info *split;
593 +
594 /* If the driver is something smart, like UBI, it may need to maintain
595 * its own reference counting. The below functions are only for driver.
596 * The driver may register its callbacks. These callbacks are not
597 --- a/include/linux/mtd/partitions.h
598 +++ b/include/linux/mtd/partitions.h
599 @@ -34,6 +34,7 @@
600 * erasesize aligned (e.g. use MTDPART_OFS_NEXTBLK).
601 */
602
603 +struct mtd_partition;
604 struct mtd_partition {
605 char *name; /* identifier string */
606 uint64_t size; /* partition size */
607 @@ -41,6 +42,7 @@ struct mtd_partition {
608 uint32_t mask_flags; /* master MTD flags to mask out for this partition */
609 struct nand_ecclayout *ecclayout; /* out of band layout for this partition (NAND only)*/
610 struct mtd_info **mtdp; /* pointer to store the MTD object */
611 + int (*refresh_partition)(struct mtd_info *);
612 };
613
614 #define MTDPART_OFS_NXTBLK (-2)
615 @@ -50,6 +52,7 @@ struct mtd_partition {
616
617 int add_mtd_partitions(struct mtd_info *, const struct mtd_partition *, int);
618 int del_mtd_partitions(struct mtd_info *);
619 +int refresh_mtd_partitions(struct mtd_info *);
620
621 /*
622 * Functions dealing with the various ways of partitioning the space
623 --- a/include/mtd/mtd-abi.h
624 +++ b/include/mtd/mtd-abi.h
625 @@ -95,6 +95,7 @@ struct otp_info {
626 #define ECCGETLAYOUT _IOR('M', 17, struct nand_ecclayout)
627 #define ECCGETSTATS _IOR('M', 18, struct mtd_ecc_stats)
628 #define MTDFILEMODE _IO('M', 19)
629 +#define MTDREFRESH _IO('M', 23)
630
631 /*
632 * Obsolete legacy interface. Keep it in order not to break userspace