/*
- * $Id: mtdchar.c,v 1.76 2005/11/07 11:14:20 gleixner Exp $
- *
* Character-device access to raw MTD devices.
*
*/
{
struct mtd_oob_buf buf;
struct mtd_oob_ops ops;
+ struct mtd_oob_buf __user *user_buf = argp;
+ uint32_t retlen;
if(!(file->f_mode & 2))
return -EPERM;
buf.start &= ~(mtd->oobsize - 1);
ret = mtd->write_oob(mtd, buf.start, &ops);
- if (copy_to_user(argp + sizeof(uint32_t), &ops.oobretlen,
- sizeof(uint32_t)))
+ if (ops.oobretlen > 0xFFFFFFFFU)
+ ret = -EOVERFLOW;
+ retlen = ops.oobretlen;
+ if (copy_to_user(&user_buf->length, &retlen, sizeof(buf.length)))
ret = -EFAULT;
kfree(ops.oobbuf);
case MEMLOCK:
{
- struct erase_info_user info;
+ struct erase_info_user einfo;
- if (copy_from_user(&info, argp, sizeof(info)))
+ if (copy_from_user(&einfo, argp, sizeof(einfo)))
return -EFAULT;
if (!mtd->lock)
ret = -EOPNOTSUPP;
else
- ret = mtd->lock(mtd, info.start, info.length);
+ ret = mtd->lock(mtd, einfo.start, einfo.length);
break;
}
case MEMUNLOCK:
{
- struct erase_info_user info;
+ struct erase_info_user einfo;
- if (copy_from_user(&info, argp, sizeof(info)))
+ if (copy_from_user(&einfo, argp, sizeof(einfo)))
return -EFAULT;
if (!mtd->unlock)
ret = -EOPNOTSUPP;
else
- ret = mtd->unlock(mtd, info.start, info.length);
+ ret = mtd->unlock(mtd, einfo.start, einfo.length);
break;
}
case OTPLOCK:
{
- struct otp_info info;
+ struct otp_info oinfo;
if (mfi->mode != MTD_MODE_OTP_USER)
return -EINVAL;
- if (copy_from_user(&info, argp, sizeof(info)))
+ if (copy_from_user(&oinfo, argp, sizeof(oinfo)))
return -EFAULT;
if (!mtd->lock_user_prot_reg)
return -EOPNOTSUPP;
- ret = mtd->lock_user_prot_reg(mtd, info.start, info.length);
+ ret = mtd->lock_user_prot_reg(mtd, oinfo.start, oinfo.length);
break;
}
#endif