Merge branch 'mtd/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux

	uint32_t retlen;

	int ret = 0;

	if (!(file->f_mode & FMODE_WRITE))

		return -EPERM;

	if (length > 4096)

		return -EINVAL;

	pr_debug("MTD_ioctl\n");

	/*

	 * Check the file mode to require "dangerous" commands to have write

	 * permissions.

	 */

	switch (cmd) {

	/* "safe" commands */

	case MEMGETREGIONCOUNT:

	case MEMGETREGIONINFO:

	case MEMGETINFO:

	case MEMREADOOB:

	case MEMREADOOB64:

	case MEMLOCK:

	case MEMUNLOCK:

	case MEMISLOCKED:

	case MEMGETOOBSEL:

	case MEMGETBADBLOCK:

	case MEMSETBADBLOCK:

	case OTPSELECT:

	case OTPGETREGIONCOUNT:

	case OTPGETREGIONINFO:

	case OTPLOCK:

	case ECCGETLAYOUT:

	case ECCGETSTATS:

	case MTDFILEMODE:

	case BLKPG:

	case BLKRRPART:

		break;

	/* "dangerous" commands */

	case MEMERASE:

	case MEMERASE64:

	case MEMWRITEOOB:

	case MEMWRITEOOB64:

	case MEMWRITE:

		if (!(file->f_mode & FMODE_WRITE))

			return -EPERM;

		break;

	default:

		return -ENOTTY;

	}

	switch (cmd) {

	case MEMGETREGIONCOUNT:

		if (copy_to_user(argp, &(mtd->numeraseregions), sizeof(int)))

	{

		struct erase_info *erase;

		if(!(file->f_mode & FMODE_WRITE))

			return -EPERM;

		erase=kzalloc(sizeof(struct erase_info),GFP_KERNEL);

		if (!erase)

			ret = -ENOMEM;

		ret = 0;

		break;

	}

	default:

		ret = -ENOTTY;

	}

	return ret;

		struct mtd_oob_buf32 buf;

		struct mtd_oob_buf32 __user *buf_user = argp;

		if (!(file->f_mode & FMODE_WRITE)) {

			ret = -EPERM;

			break;

		}

		if (copy_from_user(&buf, argp, sizeof(buf)))

			ret = -EFAULT;

		else