1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
From f9760b158f610b1792a222cc924073724c061bfb Mon Sep 17 00:00:00 2001
From: Daniel Golle <daniel@makrotopia.org>
Date: Wed, 7 Apr 2021 22:37:57 +0100
Subject: [PATCH 1/2] mtd: super: don't reply on mtdblock device minor
To: linux-mtd@lists.infradead.org
Cc: Vignesh Raghavendra <vigneshr@ti.com>,
Richard Weinberger <richard@nod.at>,
Miquel Raynal <miquel.raynal@bootlin.com>,
David Woodhouse <dwmw2@infradead.org>
For blktrans devices with partitions (ie. part_bits != 0) the
assumption that the minor number of the mtdblock device matches
the mtdnum doesn't hold true.
Properly resolve mtd device from blktrans layer instead.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---
drivers/mtd/mtdsuper.c | 33 ++++++++++++++++++++++++++-------
1 file changed, 26 insertions(+), 7 deletions(-)
--- a/drivers/mtd/mtdsuper.c
+++ b/drivers/mtd/mtdsuper.c
@@ -9,6 +9,7 @@
*/
#include <linux/mtd/super.h>
+#include <linux/mtd/blktrans.h>
#include <linux/namei.h>
#include <linux/export.h>
#include <linux/ctype.h>
@@ -120,8 +121,9 @@ int get_tree_mtd(struct fs_context *fc,
struct fs_context *fc))
{
#ifdef CONFIG_BLOCK
- dev_t dev;
- int ret;
+ struct mtd_blktrans_dev *blktrans_dev;
+ struct block_device *bdev;
+ int ret, part_bits;
#endif
int mtdnr;
@@ -169,16 +171,36 @@ int get_tree_mtd(struct fs_context *fc,
/* try the old way - the hack where we allowed users to mount
* /dev/mtdblock$(n) but didn't actually _use_ the blockdev
*/
- ret = lookup_bdev(fc->source, &dev);
- if (ret) {
+ bdev = blkdev_get_by_path(fc->source, FMODE_READ, NULL);
+ if (IS_ERR(bdev)) {
+ ret = PTR_ERR(bdev);
errorf(fc, "MTD: Couldn't look up '%s': %d", fc->source, ret);
return ret;
}
- pr_debug("MTDSB: lookup_bdev() returned 0\n");
+ pr_debug("MTDSB: blkdev_get_by_path() returned 0\n");
- if (MAJOR(dev) == MTD_BLOCK_MAJOR)
- return mtd_get_sb_by_nr(fc, MINOR(dev), fill_super);
+ if (MAJOR(bdev->bd_dev) == MTD_BLOCK_MAJOR) {
+ if (!bdev->bd_disk) {
+ blkdev_put(bdev, FMODE_READ);
+ BUG();
+ return -EINVAL;
+ }
+ blktrans_dev = (struct mtd_blktrans_dev *)(bdev->bd_disk->private_data);
+ if (!blktrans_dev || !blktrans_dev->tr) {
+ blkdev_put(bdev, FMODE_READ);
+ BUG();
+ return -EINVAL;
+ }
+ mtdnr = blktrans_dev->devnum;
+ part_bits = blktrans_dev->tr->part_bits;
+ blkdev_put(bdev, FMODE_READ);
+ if (MINOR(bdev->bd_dev) != (mtdnr << part_bits))
+ return -EINVAL;
+
+ return mtd_get_sb_by_nr(fc, mtdnr, fill_super);
+ }
+ blkdev_put(bdev, FMODE_READ);
#endif /* CONFIG_BLOCK */
if (!(fc->sb_flags & SB_SILENT))
|