LCOV - code coverage report
Current view: top level - drivers/char - mem.c (source / functions) Hit Total Coverage
Test: landlock.info Lines: 33 85 38.8 %
Date: 2021-04-22 12:43:58 Functions: 6 16 37.5 %

          Line data    Source code
       1             : // SPDX-License-Identifier: GPL-2.0
       2             : /*
       3             :  *  linux/drivers/char/mem.c
       4             :  *
       5             :  *  Copyright (C) 1991, 1992  Linus Torvalds
       6             :  *
       7             :  *  Added devfs support.
       8             :  *    Jan-11-1998, C. Scott Ananian <cananian@alumni.princeton.edu>
       9             :  *  Shared /dev/zero mmapping support, Feb 2000, Kanoj Sarcar <kanoj@sgi.com>
      10             :  */
      11             : 
      12             : #include <linux/mm.h>
      13             : #include <linux/miscdevice.h>
      14             : #include <linux/slab.h>
      15             : #include <linux/vmalloc.h>
      16             : #include <linux/mman.h>
      17             : #include <linux/random.h>
      18             : #include <linux/init.h>
      19             : #include <linux/raw.h>
      20             : #include <linux/tty.h>
      21             : #include <linux/capability.h>
      22             : #include <linux/ptrace.h>
      23             : #include <linux/device.h>
      24             : #include <linux/highmem.h>
      25             : #include <linux/backing-dev.h>
      26             : #include <linux/shmem_fs.h>
      27             : #include <linux/splice.h>
      28             : #include <linux/pfn.h>
      29             : #include <linux/export.h>
      30             : #include <linux/io.h>
      31             : #include <linux/uio.h>
      32             : #include <linux/uaccess.h>
      33             : #include <linux/security.h>
      34             : 
      35             : #ifdef CONFIG_IA64
      36             : # include <linux/efi.h>
      37             : #endif
      38             : 
      39             : #define DEVMEM_MINOR    1
      40             : #define DEVPORT_MINOR   4
      41             : 
      42             : static inline unsigned long size_inside_page(unsigned long start,
      43             :                                              unsigned long size)
      44             : {
      45             :         unsigned long sz;
      46             : 
      47             :         sz = PAGE_SIZE - (start & (PAGE_SIZE - 1));
      48             : 
      49             :         return min(sz, size);
      50             : }
      51             : 
      52             : #ifndef ARCH_HAS_VALID_PHYS_ADDR_RANGE
      53             : static inline int valid_phys_addr_range(phys_addr_t addr, size_t count)
      54             : {
      55             :         return addr + count <= __pa(high_memory);
      56             : }
      57             : 
      58             : static inline int valid_mmap_phys_addr_range(unsigned long pfn, size_t size)
      59             : {
      60             :         return 1;
      61             : }
      62             : #endif
      63             : 
      64             : #ifdef CONFIG_STRICT_DEVMEM
      65             : static inline int page_is_allowed(unsigned long pfn)
      66             : {
      67             :         return devmem_is_allowed(pfn);
      68             : }
      69             : static inline int range_is_allowed(unsigned long pfn, unsigned long size)
      70             : {
      71             :         u64 from = ((u64)pfn) << PAGE_SHIFT;
      72             :         u64 to = from + size;
      73             :         u64 cursor = from;
      74             : 
      75             :         while (cursor < to) {
      76             :                 if (!devmem_is_allowed(pfn))
      77             :                         return 0;
      78             :                 cursor += PAGE_SIZE;
      79             :                 pfn++;
      80             :         }
      81             :         return 1;
      82             : }
      83             : #else
      84             : static inline int page_is_allowed(unsigned long pfn)
      85             : {
      86             :         return 1;
      87             : }
      88             : static inline int range_is_allowed(unsigned long pfn, unsigned long size)
      89             : {
      90             :         return 1;
      91             : }
      92             : #endif
      93             : 
      94             : #ifndef unxlate_dev_mem_ptr
      95             : #define unxlate_dev_mem_ptr unxlate_dev_mem_ptr
      96             : void __weak unxlate_dev_mem_ptr(phys_addr_t phys, void *addr)
      97             : {
      98             : }
      99             : #endif
     100             : 
     101             : static inline bool should_stop_iteration(void)
     102             : {
     103             :         if (need_resched())
     104             :                 cond_resched();
     105             :         return fatal_signal_pending(current);
     106             : }
     107             : 
     108             : /*
     109             :  * This funcion reads the *physical* memory. The f_pos points directly to the
     110             :  * memory location.
     111             :  */
     112             : static ssize_t read_mem(struct file *file, char __user *buf,
     113             :                         size_t count, loff_t *ppos)
     114             : {
     115             :         phys_addr_t p = *ppos;
     116             :         ssize_t read, sz;
     117             :         void *ptr;
     118             :         char *bounce;
     119             :         int err;
     120             : 
     121             :         if (p != *ppos)
     122             :                 return 0;
     123             : 
     124             :         if (!valid_phys_addr_range(p, count))
     125             :                 return -EFAULT;
     126             :         read = 0;
     127             : #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
     128             :         /* we don't have page 0 mapped on sparc and m68k.. */
     129             :         if (p < PAGE_SIZE) {
     130             :                 sz = size_inside_page(p, count);
     131             :                 if (sz > 0) {
     132             :                         if (clear_user(buf, sz))
     133             :                                 return -EFAULT;
     134             :                         buf += sz;
     135             :                         p += sz;
     136             :                         count -= sz;
     137             :                         read += sz;
     138             :                 }
     139             :         }
     140             : #endif
     141             : 
     142             :         bounce = kmalloc(PAGE_SIZE, GFP_KERNEL);
     143             :         if (!bounce)
     144             :                 return -ENOMEM;
     145             : 
     146             :         while (count > 0) {
     147             :                 unsigned long remaining;
     148             :                 int allowed, probe;
     149             : 
     150             :                 sz = size_inside_page(p, count);
     151             : 
     152             :                 err = -EPERM;
     153             :                 allowed = page_is_allowed(p >> PAGE_SHIFT);
     154             :                 if (!allowed)
     155             :                         goto failed;
     156             : 
     157             :                 err = -EFAULT;
     158             :                 if (allowed == 2) {
     159             :                         /* Show zeros for restricted memory. */
     160             :                         remaining = clear_user(buf, sz);
     161             :                 } else {
     162             :                         /*
     163             :                          * On ia64 if a page has been mapped somewhere as
     164             :                          * uncached, then it must also be accessed uncached
     165             :                          * by the kernel or data corruption may occur.
     166             :                          */
     167             :                         ptr = xlate_dev_mem_ptr(p);
     168             :                         if (!ptr)
     169             :                                 goto failed;
     170             : 
     171             :                         probe = copy_from_kernel_nofault(bounce, ptr, sz);
     172             :                         unxlate_dev_mem_ptr(p, ptr);
     173             :                         if (probe)
     174             :                                 goto failed;
     175             : 
     176             :                         remaining = copy_to_user(buf, bounce, sz);
     177             :                 }
     178             : 
     179             :                 if (remaining)
     180             :                         goto failed;
     181             : 
     182             :                 buf += sz;
     183             :                 p += sz;
     184             :                 count -= sz;
     185             :                 read += sz;
     186             :                 if (should_stop_iteration())
     187             :                         break;
     188             :         }
     189             :         kfree(bounce);
     190             : 
     191             :         *ppos += read;
     192             :         return read;
     193             : 
     194             : failed:
     195             :         kfree(bounce);
     196             :         return err;
     197             : }
     198             : 
     199             : static ssize_t write_mem(struct file *file, const char __user *buf,
     200             :                          size_t count, loff_t *ppos)
     201             : {
     202             :         phys_addr_t p = *ppos;
     203             :         ssize_t written, sz;
     204             :         unsigned long copied;
     205             :         void *ptr;
     206             : 
     207             :         if (p != *ppos)
     208             :                 return -EFBIG;
     209             : 
     210             :         if (!valid_phys_addr_range(p, count))
     211             :                 return -EFAULT;
     212             : 
     213             :         written = 0;
     214             : 
     215             : #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
     216             :         /* we don't have page 0 mapped on sparc and m68k.. */
     217             :         if (p < PAGE_SIZE) {
     218             :                 sz = size_inside_page(p, count);
     219             :                 /* Hmm. Do something? */
     220             :                 buf += sz;
     221             :                 p += sz;
     222             :                 count -= sz;
     223             :                 written += sz;
     224             :         }
     225             : #endif
     226             : 
     227             :         while (count > 0) {
     228             :                 int allowed;
     229             : 
     230             :                 sz = size_inside_page(p, count);
     231             : 
     232             :                 allowed = page_is_allowed(p >> PAGE_SHIFT);
     233             :                 if (!allowed)
     234             :                         return -EPERM;
     235             : 
     236             :                 /* Skip actual writing when a page is marked as restricted. */
     237             :                 if (allowed == 1) {
     238             :                         /*
     239             :                          * On ia64 if a page has been mapped somewhere as
     240             :                          * uncached, then it must also be accessed uncached
     241             :                          * by the kernel or data corruption may occur.
     242             :                          */
     243             :                         ptr = xlate_dev_mem_ptr(p);
     244             :                         if (!ptr) {
     245             :                                 if (written)
     246             :                                         break;
     247             :                                 return -EFAULT;
     248             :                         }
     249             : 
     250             :                         copied = copy_from_user(ptr, buf, sz);
     251             :                         unxlate_dev_mem_ptr(p, ptr);
     252             :                         if (copied) {
     253             :                                 written += sz - copied;
     254             :                                 if (written)
     255             :                                         break;
     256             :                                 return -EFAULT;
     257             :                         }
     258             :                 }
     259             : 
     260             :                 buf += sz;
     261             :                 p += sz;
     262             :                 count -= sz;
     263             :                 written += sz;
     264             :                 if (should_stop_iteration())
     265             :                         break;
     266             :         }
     267             : 
     268             :         *ppos += written;
     269             :         return written;
     270             : }
     271             : 
     272           0 : int __weak phys_mem_access_prot_allowed(struct file *file,
     273             :         unsigned long pfn, unsigned long size, pgprot_t *vma_prot)
     274             : {
     275           0 :         return 1;
     276             : }
     277             : 
     278             : #ifndef __HAVE_PHYS_MEM_ACCESS_PROT
     279             : 
     280             : /*
     281             :  * Architectures vary in how they handle caching for addresses
     282             :  * outside of main memory.
     283             :  *
     284             :  */
     285             : #ifdef pgprot_noncached
     286             : static int uncached_access(struct file *file, phys_addr_t addr)
     287             : {
     288             : #if defined(CONFIG_IA64)
     289             :         /*
     290             :          * On ia64, we ignore O_DSYNC because we cannot tolerate memory
     291             :          * attribute aliases.
     292             :          */
     293             :         return !(efi_mem_attributes(addr) & EFI_MEMORY_WB);
     294             : #else
     295             :         /*
     296             :          * Accessing memory above the top the kernel knows about or through a
     297             :          * file pointer
     298             :          * that was marked O_DSYNC will be done non-cached.
     299             :          */
     300             :         if (file->f_flags & O_DSYNC)
     301             :                 return 1;
     302             :         return addr >= __pa(high_memory);
     303             : #endif
     304             : }
     305             : #endif
     306             : 
     307             : static pgprot_t phys_mem_access_prot(struct file *file, unsigned long pfn,
     308             :                                      unsigned long size, pgprot_t vma_prot)
     309             : {
     310             : #ifdef pgprot_noncached
     311             :         phys_addr_t offset = pfn << PAGE_SHIFT;
     312             : 
     313             :         if (uncached_access(file, offset))
     314             :                 return pgprot_noncached(vma_prot);
     315             : #endif
     316             :         return vma_prot;
     317             : }
     318             : #endif
     319             : 
     320             : #ifndef CONFIG_MMU
     321             : static unsigned long get_unmapped_area_mem(struct file *file,
     322             :                                            unsigned long addr,
     323             :                                            unsigned long len,
     324             :                                            unsigned long pgoff,
     325             :                                            unsigned long flags)
     326             : {
     327             :         if (!valid_mmap_phys_addr_range(pgoff, len))
     328             :                 return (unsigned long) -EINVAL;
     329             :         return pgoff << PAGE_SHIFT;
     330             : }
     331             : 
     332             : /* permit direct mmap, for read, write or exec */
     333             : static unsigned memory_mmap_capabilities(struct file *file)
     334             : {
     335             :         return NOMMU_MAP_DIRECT |
     336             :                 NOMMU_MAP_READ | NOMMU_MAP_WRITE | NOMMU_MAP_EXEC;
     337             : }
     338             : 
     339             : static unsigned zero_mmap_capabilities(struct file *file)
     340             : {
     341             :         return NOMMU_MAP_COPY;
     342             : }
     343             : 
     344             : /* can't do an in-place private mapping if there's no MMU */
     345             : static inline int private_mapping_ok(struct vm_area_struct *vma)
     346             : {
     347             :         return vma->vm_flags & VM_MAYSHARE;
     348             : }
     349             : #else
     350             : 
     351             : static inline int private_mapping_ok(struct vm_area_struct *vma)
     352             : {
     353             :         return 1;
     354             : }
     355             : #endif
     356             : 
     357             : static const struct vm_operations_struct mmap_mem_ops = {
     358             : #ifdef CONFIG_HAVE_IOREMAP_PROT
     359             :         .access = generic_access_phys
     360             : #endif
     361             : };
     362             : 
     363             : static int mmap_mem(struct file *file, struct vm_area_struct *vma)
     364             : {
     365             :         size_t size = vma->vm_end - vma->vm_start;
     366             :         phys_addr_t offset = (phys_addr_t)vma->vm_pgoff << PAGE_SHIFT;
     367             : 
     368             :         /* Does it even fit in phys_addr_t? */
     369             :         if (offset >> PAGE_SHIFT != vma->vm_pgoff)
     370             :                 return -EINVAL;
     371             : 
     372             :         /* It's illegal to wrap around the end of the physical address space. */
     373             :         if (offset + (phys_addr_t)size - 1 < offset)
     374             :                 return -EINVAL;
     375             : 
     376             :         if (!valid_mmap_phys_addr_range(vma->vm_pgoff, size))
     377             :                 return -EINVAL;
     378             : 
     379             :         if (!private_mapping_ok(vma))
     380             :                 return -ENOSYS;
     381             : 
     382             :         if (!range_is_allowed(vma->vm_pgoff, size))
     383             :                 return -EPERM;
     384             : 
     385             :         if (!phys_mem_access_prot_allowed(file, vma->vm_pgoff, size,
     386             :                                                 &vma->vm_page_prot))
     387             :                 return -EINVAL;
     388             : 
     389             :         vma->vm_page_prot = phys_mem_access_prot(file, vma->vm_pgoff,
     390             :                                                  size,
     391             :                                                  vma->vm_page_prot);
     392             : 
     393             :         vma->vm_ops = &mmap_mem_ops;
     394             : 
     395             :         /* Remap-pfn-range will mark the range VM_IO */
     396             :         if (remap_pfn_range(vma,
     397             :                             vma->vm_start,
     398             :                             vma->vm_pgoff,
     399             :                             size,
     400             :                             vma->vm_page_prot)) {
     401             :                 return -EAGAIN;
     402             :         }
     403             :         return 0;
     404             : }
     405             : 
     406             : static int mmap_kmem(struct file *file, struct vm_area_struct *vma)
     407             : {
     408             :         unsigned long pfn;
     409             : 
     410             :         /* Turn a kernel-virtual address into a physical page frame */
     411             :         pfn = __pa((u64)vma->vm_pgoff << PAGE_SHIFT) >> PAGE_SHIFT;
     412             : 
     413             :         /*
     414             :          * RED-PEN: on some architectures there is more mapped memory than
     415             :          * available in mem_map which pfn_valid checks for. Perhaps should add a
     416             :          * new macro here.
     417             :          *
     418             :          * RED-PEN: vmalloc is not supported right now.
     419             :          */
     420             :         if (!pfn_valid(pfn))
     421             :                 return -EIO;
     422             : 
     423             :         vma->vm_pgoff = pfn;
     424             :         return mmap_mem(file, vma);
     425             : }
     426             : 
     427             : /*
     428             :  * This function reads the *virtual* memory as seen by the kernel.
     429             :  */
     430             : static ssize_t read_kmem(struct file *file, char __user *buf,
     431             :                          size_t count, loff_t *ppos)
     432             : {
     433             :         unsigned long p = *ppos;
     434             :         ssize_t low_count, read, sz;
     435             :         char *kbuf; /* k-addr because vread() takes vmlist_lock rwlock */
     436             :         int err = 0;
     437             : 
     438             :         read = 0;
     439             :         if (p < (unsigned long) high_memory) {
     440             :                 low_count = count;
     441             :                 if (count > (unsigned long)high_memory - p)
     442             :                         low_count = (unsigned long)high_memory - p;
     443             : 
     444             : #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
     445             :                 /* we don't have page 0 mapped on sparc and m68k.. */
     446             :                 if (p < PAGE_SIZE && low_count > 0) {
     447             :                         sz = size_inside_page(p, low_count);
     448             :                         if (clear_user(buf, sz))
     449             :                                 return -EFAULT;
     450             :                         buf += sz;
     451             :                         p += sz;
     452             :                         read += sz;
     453             :                         low_count -= sz;
     454             :                         count -= sz;
     455             :                 }
     456             : #endif
     457             :                 while (low_count > 0) {
     458             :                         sz = size_inside_page(p, low_count);
     459             : 
     460             :                         /*
     461             :                          * On ia64 if a page has been mapped somewhere as
     462             :                          * uncached, then it must also be accessed uncached
     463             :                          * by the kernel or data corruption may occur
     464             :                          */
     465             :                         kbuf = xlate_dev_kmem_ptr((void *)p);
     466             :                         if (!virt_addr_valid(kbuf))
     467             :                                 return -ENXIO;
     468             : 
     469             :                         if (copy_to_user(buf, kbuf, sz))
     470             :                                 return -EFAULT;
     471             :                         buf += sz;
     472             :                         p += sz;
     473             :                         read += sz;
     474             :                         low_count -= sz;
     475             :                         count -= sz;
     476             :                         if (should_stop_iteration()) {
     477             :                                 count = 0;
     478             :                                 break;
     479             :                         }
     480             :                 }
     481             :         }
     482             : 
     483             :         if (count > 0) {
     484             :                 kbuf = (char *)__get_free_page(GFP_KERNEL);
     485             :                 if (!kbuf)
     486             :                         return -ENOMEM;
     487             :                 while (count > 0) {
     488             :                         sz = size_inside_page(p, count);
     489             :                         if (!is_vmalloc_or_module_addr((void *)p)) {
     490             :                                 err = -ENXIO;
     491             :                                 break;
     492             :                         }
     493             :                         sz = vread(kbuf, (char *)p, sz);
     494             :                         if (!sz)
     495             :                                 break;
     496             :                         if (copy_to_user(buf, kbuf, sz)) {
     497             :                                 err = -EFAULT;
     498             :                                 break;
     499             :                         }
     500             :                         count -= sz;
     501             :                         buf += sz;
     502             :                         read += sz;
     503             :                         p += sz;
     504             :                         if (should_stop_iteration())
     505             :                                 break;
     506             :                 }
     507             :                 free_page((unsigned long)kbuf);
     508             :         }
     509             :         *ppos = p;
     510             :         return read ? read : err;
     511             : }
     512             : 
     513             : 
     514             : static ssize_t do_write_kmem(unsigned long p, const char __user *buf,
     515             :                                 size_t count, loff_t *ppos)
     516             : {
     517             :         ssize_t written, sz;
     518             :         unsigned long copied;
     519             : 
     520             :         written = 0;
     521             : #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
     522             :         /* we don't have page 0 mapped on sparc and m68k.. */
     523             :         if (p < PAGE_SIZE) {
     524             :                 sz = size_inside_page(p, count);
     525             :                 /* Hmm. Do something? */
     526             :                 buf += sz;
     527             :                 p += sz;
     528             :                 count -= sz;
     529             :                 written += sz;
     530             :         }
     531             : #endif
     532             : 
     533             :         while (count > 0) {
     534             :                 void *ptr;
     535             : 
     536             :                 sz = size_inside_page(p, count);
     537             : 
     538             :                 /*
     539             :                  * On ia64 if a page has been mapped somewhere as uncached, then
     540             :                  * it must also be accessed uncached by the kernel or data
     541             :                  * corruption may occur.
     542             :                  */
     543             :                 ptr = xlate_dev_kmem_ptr((void *)p);
     544             :                 if (!virt_addr_valid(ptr))
     545             :                         return -ENXIO;
     546             : 
     547             :                 copied = copy_from_user(ptr, buf, sz);
     548             :                 if (copied) {
     549             :                         written += sz - copied;
     550             :                         if (written)
     551             :                                 break;
     552             :                         return -EFAULT;
     553             :                 }
     554             :                 buf += sz;
     555             :                 p += sz;
     556             :                 count -= sz;
     557             :                 written += sz;
     558             :                 if (should_stop_iteration())
     559             :                         break;
     560             :         }
     561             : 
     562             :         *ppos += written;
     563             :         return written;
     564             : }
     565             : 
     566             : /*
     567             :  * This function writes to the *virtual* memory as seen by the kernel.
     568             :  */
     569             : static ssize_t write_kmem(struct file *file, const char __user *buf,
     570             :                           size_t count, loff_t *ppos)
     571             : {
     572             :         unsigned long p = *ppos;
     573             :         ssize_t wrote = 0;
     574             :         ssize_t virtr = 0;
     575             :         char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
     576             :         int err = 0;
     577             : 
     578             :         if (p < (unsigned long) high_memory) {
     579             :                 unsigned long to_write = min_t(unsigned long, count,
     580             :                                                (unsigned long)high_memory - p);
     581             :                 wrote = do_write_kmem(p, buf, to_write, ppos);
     582             :                 if (wrote != to_write)
     583             :                         return wrote;
     584             :                 p += wrote;
     585             :                 buf += wrote;
     586             :                 count -= wrote;
     587             :         }
     588             : 
     589             :         if (count > 0) {
     590             :                 kbuf = (char *)__get_free_page(GFP_KERNEL);
     591             :                 if (!kbuf)
     592             :                         return wrote ? wrote : -ENOMEM;
     593             :                 while (count > 0) {
     594             :                         unsigned long sz = size_inside_page(p, count);
     595             :                         unsigned long n;
     596             : 
     597             :                         if (!is_vmalloc_or_module_addr((void *)p)) {
     598             :                                 err = -ENXIO;
     599             :                                 break;
     600             :                         }
     601             :                         n = copy_from_user(kbuf, buf, sz);
     602             :                         if (n) {
     603             :                                 err = -EFAULT;
     604             :                                 break;
     605             :                         }
     606             :                         vwrite(kbuf, (char *)p, sz);
     607             :                         count -= sz;
     608             :                         buf += sz;
     609             :                         virtr += sz;
     610             :                         p += sz;
     611             :                         if (should_stop_iteration())
     612             :                                 break;
     613             :                 }
     614             :                 free_page((unsigned long)kbuf);
     615             :         }
     616             : 
     617             :         *ppos = p;
     618             :         return virtr + wrote ? : err;
     619             : }
     620             : 
     621             : static ssize_t read_port(struct file *file, char __user *buf,
     622             :                          size_t count, loff_t *ppos)
     623             : {
     624             :         unsigned long i = *ppos;
     625             :         char __user *tmp = buf;
     626             : 
     627             :         if (!access_ok(buf, count))
     628             :                 return -EFAULT;
     629             :         while (count-- > 0 && i < 65536) {
     630             :                 if (__put_user(inb(i), tmp) < 0)
     631             :                         return -EFAULT;
     632             :                 i++;
     633             :                 tmp++;
     634             :         }
     635             :         *ppos = i;
     636             :         return tmp-buf;
     637             : }
     638             : 
     639             : static ssize_t write_port(struct file *file, const char __user *buf,
     640             :                           size_t count, loff_t *ppos)
     641             : {
     642             :         unsigned long i = *ppos;
     643             :         const char __user *tmp = buf;
     644             : 
     645             :         if (!access_ok(buf, count))
     646             :                 return -EFAULT;
     647             :         while (count-- > 0 && i < 65536) {
     648             :                 char c;
     649             : 
     650             :                 if (__get_user(c, tmp)) {
     651             :                         if (tmp > buf)
     652             :                                 break;
     653             :                         return -EFAULT;
     654             :                 }
     655             :                 outb(c, i);
     656             :                 i++;
     657             :                 tmp++;
     658             :         }
     659             :         *ppos = i;
     660             :         return tmp-buf;
     661             : }
     662             : 
     663           1 : static ssize_t read_null(struct file *file, char __user *buf,
     664             :                          size_t count, loff_t *ppos)
     665             : {
     666           1 :         return 0;
     667             : }
     668             : 
     669          17 : static ssize_t write_null(struct file *file, const char __user *buf,
     670             :                           size_t count, loff_t *ppos)
     671             : {
     672          17 :         return count;
     673             : }
     674             : 
     675           0 : static ssize_t read_iter_null(struct kiocb *iocb, struct iov_iter *to)
     676             : {
     677           0 :         return 0;
     678             : }
     679             : 
     680           0 : static ssize_t write_iter_null(struct kiocb *iocb, struct iov_iter *from)
     681             : {
     682           0 :         size_t count = iov_iter_count(from);
     683           0 :         iov_iter_advance(from, count);
     684           0 :         return count;
     685             : }
     686             : 
     687           0 : static int pipe_to_null(struct pipe_inode_info *info, struct pipe_buffer *buf,
     688             :                         struct splice_desc *sd)
     689             : {
     690           0 :         return sd->len;
     691             : }
     692             : 
     693           0 : static ssize_t splice_write_null(struct pipe_inode_info *pipe, struct file *out,
     694             :                                  loff_t *ppos, size_t len, unsigned int flags)
     695             : {
     696           0 :         return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_null);
     697             : }
     698             : 
     699           0 : static ssize_t read_iter_zero(struct kiocb *iocb, struct iov_iter *iter)
     700             : {
     701           0 :         size_t written = 0;
     702             : 
     703           0 :         while (iov_iter_count(iter)) {
     704           0 :                 size_t chunk = iov_iter_count(iter), n;
     705             : 
     706           0 :                 if (chunk > PAGE_SIZE)
     707             :                         chunk = PAGE_SIZE;      /* Just for latency reasons */
     708           0 :                 n = iov_iter_zero(chunk, iter);
     709           0 :                 if (!n && iov_iter_count(iter))
     710           0 :                         return written ? written : -EFAULT;
     711           0 :                 written += n;
     712           0 :                 if (signal_pending(current))
     713           0 :                         return written ? written : -ERESTARTSYS;
     714           0 :                 cond_resched();
     715             :         }
     716           0 :         return written;
     717             : }
     718             : 
     719           0 : static ssize_t read_zero(struct file *file, char __user *buf,
     720             :                          size_t count, loff_t *ppos)
     721             : {
     722           0 :         size_t cleared = 0;
     723             : 
     724           0 :         while (count) {
     725           0 :                 size_t chunk = min_t(size_t, count, PAGE_SIZE);
     726           0 :                 size_t left;
     727             : 
     728           0 :                 left = clear_user(buf + cleared, chunk);
     729           0 :                 if (unlikely(left)) {
     730           0 :                         cleared += (chunk - left);
     731           0 :                         if (!cleared)
     732             :                                 return -EFAULT;
     733             :                         break;
     734             :                 }
     735           0 :                 cleared += chunk;
     736           0 :                 count -= chunk;
     737             : 
     738           0 :                 if (signal_pending(current))
     739             :                         break;
     740           0 :                 cond_resched();
     741             :         }
     742             : 
     743           0 :         return cleared;
     744             : }
     745             : 
     746           0 : static int mmap_zero(struct file *file, struct vm_area_struct *vma)
     747             : {
     748             : #ifndef CONFIG_MMU
     749             :         return -ENOSYS;
     750             : #endif
     751           0 :         if (vma->vm_flags & VM_SHARED)
     752           0 :                 return shmem_zero_setup(vma);
     753           0 :         vma_set_anonymous(vma);
     754           0 :         return 0;
     755             : }
     756             : 
     757           0 : static unsigned long get_unmapped_area_zero(struct file *file,
     758             :                                 unsigned long addr, unsigned long len,
     759             :                                 unsigned long pgoff, unsigned long flags)
     760             : {
     761             : #ifdef CONFIG_MMU
     762           0 :         if (flags & MAP_SHARED) {
     763             :                 /*
     764             :                  * mmap_zero() will call shmem_zero_setup() to create a file,
     765             :                  * so use shmem's get_unmapped_area in case it can be huge;
     766             :                  * and pass NULL for file as in mmap.c's get_unmapped_area(),
     767             :                  * so as not to confuse shmem with our handle on "/dev/zero".
     768             :                  */
     769           0 :                 return shmem_get_unmapped_area(NULL, addr, len, pgoff, flags);
     770             :         }
     771             : 
     772             :         /* Otherwise flags & MAP_PRIVATE: with no shmem object beneath it */
     773           0 :         return current->mm->get_unmapped_area(file, addr, len, pgoff, flags);
     774             : #else
     775             :         return -ENOSYS;
     776             : #endif
     777             : }
     778             : 
     779           0 : static ssize_t write_full(struct file *file, const char __user *buf,
     780             :                           size_t count, loff_t *ppos)
     781             : {
     782           0 :         return -ENOSPC;
     783             : }
     784             : 
     785             : /*
     786             :  * Special lseek() function for /dev/null and /dev/zero.  Most notably, you
     787             :  * can fopen() both devices with "a" now.  This was previously impossible.
     788             :  * -- SRB.
     789             :  */
     790          15 : static loff_t null_lseek(struct file *file, loff_t offset, int orig)
     791             : {
     792          15 :         return file->f_pos = 0;
     793             : }
     794             : 
     795             : /*
     796             :  * The memory devices use the full 32/64 bits of the offset, and so we cannot
     797             :  * check against negative addresses: they are ok. The return value is weird,
     798             :  * though, in that case (0).
     799             :  *
     800             :  * also note that seeking relative to the "end of file" isn't supported:
     801             :  * it has no meaning, so it returns -EINVAL.
     802             :  */
     803             : static loff_t memory_lseek(struct file *file, loff_t offset, int orig)
     804             : {
     805             :         loff_t ret;
     806             : 
     807             :         inode_lock(file_inode(file));
     808             :         switch (orig) {
     809             :         case SEEK_CUR:
     810             :                 offset += file->f_pos;
     811             :                 fallthrough;
     812             :         case SEEK_SET:
     813             :                 /* to avoid userland mistaking f_pos=-9 as -EBADF=-9 */
     814             :                 if ((unsigned long long)offset >= -MAX_ERRNO) {
     815             :                         ret = -EOVERFLOW;
     816             :                         break;
     817             :                 }
     818             :                 file->f_pos = offset;
     819             :                 ret = file->f_pos;
     820             :                 force_successful_syscall_return();
     821             :                 break;
     822             :         default:
     823             :                 ret = -EINVAL;
     824             :         }
     825             :         inode_unlock(file_inode(file));
     826             :         return ret;
     827             : }
     828             : 
     829             : static int open_port(struct inode *inode, struct file *filp)
     830             : {
     831             :         int rc;
     832             : 
     833             :         if (!capable(CAP_SYS_RAWIO))
     834             :                 return -EPERM;
     835             : 
     836             :         rc = security_locked_down(LOCKDOWN_DEV_MEM);
     837             :         if (rc)
     838             :                 return rc;
     839             : 
     840             :         if (iminor(inode) != DEVMEM_MINOR)
     841             :                 return 0;
     842             : 
     843             :         /*
     844             :          * Use a unified address space to have a single point to manage
     845             :          * revocations when drivers want to take over a /dev/mem mapped
     846             :          * range.
     847             :          */
     848             :         filp->f_mapping = iomem_get_mapping();
     849             : 
     850             :         return 0;
     851             : }
     852             : 
     853             : #define zero_lseek      null_lseek
     854             : #define full_lseek      null_lseek
     855             : #define write_zero      write_null
     856             : #define write_iter_zero write_iter_null
     857             : #define open_mem        open_port
     858             : #define open_kmem       open_mem
     859             : 
     860             : static const struct file_operations __maybe_unused mem_fops = {
     861             :         .llseek         = memory_lseek,
     862             :         .read           = read_mem,
     863             :         .write          = write_mem,
     864             :         .mmap           = mmap_mem,
     865             :         .open           = open_mem,
     866             : #ifndef CONFIG_MMU
     867             :         .get_unmapped_area = get_unmapped_area_mem,
     868             :         .mmap_capabilities = memory_mmap_capabilities,
     869             : #endif
     870             : };
     871             : 
     872             : static const struct file_operations __maybe_unused kmem_fops = {
     873             :         .llseek         = memory_lseek,
     874             :         .read           = read_kmem,
     875             :         .write          = write_kmem,
     876             :         .mmap           = mmap_kmem,
     877             :         .open           = open_kmem,
     878             : #ifndef CONFIG_MMU
     879             :         .get_unmapped_area = get_unmapped_area_mem,
     880             :         .mmap_capabilities = memory_mmap_capabilities,
     881             : #endif
     882             : };
     883             : 
     884             : static const struct file_operations null_fops = {
     885             :         .llseek         = null_lseek,
     886             :         .read           = read_null,
     887             :         .write          = write_null,
     888             :         .read_iter      = read_iter_null,
     889             :         .write_iter     = write_iter_null,
     890             :         .splice_write   = splice_write_null,
     891             : };
     892             : 
     893             : static const struct file_operations __maybe_unused port_fops = {
     894             :         .llseek         = memory_lseek,
     895             :         .read           = read_port,
     896             :         .write          = write_port,
     897             :         .open           = open_port,
     898             : };
     899             : 
     900             : static const struct file_operations zero_fops = {
     901             :         .llseek         = zero_lseek,
     902             :         .write          = write_zero,
     903             :         .read_iter      = read_iter_zero,
     904             :         .read           = read_zero,
     905             :         .write_iter     = write_iter_zero,
     906             :         .mmap           = mmap_zero,
     907             :         .get_unmapped_area = get_unmapped_area_zero,
     908             : #ifndef CONFIG_MMU
     909             :         .mmap_capabilities = zero_mmap_capabilities,
     910             : #endif
     911             : };
     912             : 
     913             : static const struct file_operations full_fops = {
     914             :         .llseek         = full_lseek,
     915             :         .read_iter      = read_iter_zero,
     916             :         .write          = write_full,
     917             : };
     918             : 
     919             : static const struct memdev {
     920             :         const char *name;
     921             :         umode_t mode;
     922             :         const struct file_operations *fops;
     923             :         fmode_t fmode;
     924             : } devlist[] = {
     925             : #ifdef CONFIG_DEVMEM
     926             :          [DEVMEM_MINOR] = { "mem", 0, &mem_fops, FMODE_UNSIGNED_OFFSET },
     927             : #endif
     928             : #ifdef CONFIG_DEVKMEM
     929             :          [2] = { "kmem", 0, &kmem_fops, FMODE_UNSIGNED_OFFSET },
     930             : #endif
     931             :          [3] = { "null", 0666, &null_fops, 0 },
     932             : #ifdef CONFIG_DEVPORT
     933             :          [4] = { "port", 0, &port_fops, 0 },
     934             : #endif
     935             :          [5] = { "zero", 0666, &zero_fops, 0 },
     936             :          [7] = { "full", 0666, &full_fops, 0 },
     937             :          [8] = { "random", 0666, &random_fops, 0 },
     938             :          [9] = { "urandom", 0666, &urandom_fops, 0 },
     939             : #ifdef CONFIG_PRINTK
     940             :         [11] = { "kmsg", 0644, &kmsg_fops, 0 },
     941             : #endif
     942             : };
     943             : 
     944         216 : static int memory_open(struct inode *inode, struct file *filp)
     945             : {
     946         216 :         int minor;
     947         216 :         const struct memdev *dev;
     948             : 
     949         216 :         minor = iminor(inode);
     950         216 :         if (minor >= ARRAY_SIZE(devlist))
     951             :                 return -ENXIO;
     952             : 
     953         216 :         dev = &devlist[minor];
     954         216 :         if (!dev->fops)
     955             :                 return -ENXIO;
     956             : 
     957         216 :         filp->f_op = dev->fops;
     958         216 :         filp->f_mode |= dev->fmode;
     959             : 
     960         216 :         if (dev->fops->open)
     961          18 :                 return dev->fops->open(inode, filp);
     962             : 
     963             :         return 0;
     964             : }
     965             : 
     966             : static const struct file_operations memory_fops = {
     967             :         .open = memory_open,
     968             :         .llseek = noop_llseek,
     969             : };
     970             : 
     971          30 : static char *mem_devnode(struct device *dev, umode_t *mode)
     972             : {
     973          30 :         if (mode && devlist[MINOR(dev->devt)].mode)
     974          30 :                 *mode = devlist[MINOR(dev->devt)].mode;
     975          30 :         return NULL;
     976             : }
     977             : 
     978             : static struct class *mem_class;
     979             : 
     980           1 : static int __init chr_dev_init(void)
     981             : {
     982           1 :         int minor;
     983             : 
     984           1 :         if (register_chrdev(MEM_MAJOR, "mem", &memory_fops))
     985           0 :                 printk("unable to get major %d for memory devs\n", MEM_MAJOR);
     986             : 
     987           1 :         mem_class = class_create(THIS_MODULE, "mem");
     988           1 :         if (IS_ERR(mem_class))
     989           0 :                 return PTR_ERR(mem_class);
     990             : 
     991           1 :         mem_class->devnode = mem_devnode;
     992          12 :         for (minor = 1; minor < ARRAY_SIZE(devlist); minor++) {
     993          11 :                 if (!devlist[minor].name)
     994           5 :                         continue;
     995             : 
     996             :                 /*
     997             :                  * Create /dev/port?
     998             :                  */
     999           6 :                 if ((minor == DEVPORT_MINOR) && !arch_has_dev_port())
    1000             :                         continue;
    1001             : 
    1002           6 :                 device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor),
    1003             :                               NULL, devlist[minor].name);
    1004             :         }
    1005             : 
    1006           1 :         return tty_init();
    1007             : }
    1008             : 
    1009             : fs_initcall(chr_dev_init);

Generated by: LCOV version 1.14