projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Input: evdev - properly access RCU-protected 'grab' data
[deliverable/linux.git] / drivers / input / evdev.c
CommitLineData
1da177e4
LT		 1/*
2 * Event char devices, giving access to raw input device events.
3 *
4 * Copyright (c) 1999-2002 Vojtech Pavlik
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License version 2 as published by
8 * the Free Software Foundation.
9 */
10
da0c4901
JP		 11#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
12
1da177e4
LT		 13#define EVDEV_MINOR_BASE 64
14#define EVDEV_MINORS 32
63a6404d
HR		 15#define EVDEV_MIN_BUFFER_SIZE 64U
16#define EVDEV_BUF_PACKETS 8
1da177e4
LT		 17
18#include <linux/poll.h>
a99bbaf5 19#include <linux/sched.h>
1da177e4
LT		 20#include <linux/slab.h>
21#include <linux/module.h>
22#include <linux/init.h>
1cf0c6e6 23#include <linux/input/mt.h>
1da177e4 24#include <linux/major.h>
1da177e4 25#include <linux/device.h>
2d56f3a3 26#include "input-compat.h"
1da177e4
LT		 27
28struct evdev {
1da177e4
LT		 29 int open;
30 int minor;
1da177e4
LT		 31 struct input_handle handle;
32 wait_queue_head_t wait;
2be85279 33 struct evdev_client __rcu *grab;
d0ffb9be 34 struct list_head client_list;
6addb1d6
DT		 35 spinlock_t client_lock; /* protects client_list */
36 struct mutex mutex;
9657d75c 37 struct device dev;
20da92de 38 bool exist;
1da177e4
LT		 39};
40
d0ffb9be 41struct evdev_client {
9fb0f14e
JB		 42 unsigned int head;
43 unsigned int tail;
cdda911c 44 unsigned int packet_head; /* [future] position of the first element of next packet */
6addb1d6 45 spinlock_t buffer_lock; /* protects access to buffer, head and tail */
1da177e4
LT		 46 struct fasync_struct *fasync;
47 struct evdev *evdev;
48 struct list_head node;
a80b83b7 49 int clkid;
9fb0f14e 50 unsigned int bufsize;
b58f7086 51 struct input_event buffer[];
1da177e4
LT		 52};
53
54static struct evdev *evdev_table[EVDEV_MINORS];
6addb1d6 55static DEFINE_MUTEX(evdev_table_mutex);
1da177e4 56
6addb1d6 57static void evdev_pass_event(struct evdev_client *client,
a80b83b7
JS		 58 struct input_event *event,
59 ktime_t mono, ktime_t real)
6addb1d6 60{
a80b83b7
JS		 61 event->time = ktime_to_timeval(client->clkid == CLOCK_MONOTONIC ?
62 mono : real);
63
9fb0f14e 64 /* Interrupts are disabled, just acquire the lock. */
6addb1d6 65 spin_lock(&client->buffer_lock);
9fb0f14e
JB		 66
67 client->buffer[client->head++] = *event;
68 client->head &= client->bufsize - 1;
69
70 if (unlikely(client->head == client->tail)) {
71 /*
72 * This effectively "drops" all unconsumed events, leaving
73 * EV_SYN/SYN_DROPPED plus the newest event in the queue.
74 */
75 client->tail = (client->head - 2) & (client->bufsize - 1);
76
77 client->buffer[client->tail].time = event->time;
78 client->buffer[client->tail].type = EV_SYN;
79 client->buffer[client->tail].code = SYN_DROPPED;
80 client->buffer[client->tail].value = 0;
9fb0f14e 81
cdda911c
JB		 82 client->packet_head = client->tail;
83 }
6addb1d6 84
cdda911c
JB		 85 if (event->type == EV_SYN && event->code == SYN_REPORT) {
86 client->packet_head = client->head;
30a589fd 87 kill_fasync(&client->fasync, SIGIO, POLL_IN);
cdda911c
JB		 88 }
89
90 spin_unlock(&client->buffer_lock);
6addb1d6
DT		 91}
92
93/*
82ba56c2 94 * Pass incoming event to all connected clients.
6addb1d6
DT		 95 */
96static void evdev_event(struct input_handle *handle,
97 unsigned int type, unsigned int code, int value)
1da177e4
LT		 98{
99 struct evdev *evdev = handle->private;
d0ffb9be 100 struct evdev_client *client;
6addb1d6 101 struct input_event event;
a80b83b7
JS		 102 ktime_t time_mono, time_real;
103
104 time_mono = ktime_get();
105 time_real = ktime_sub(time_mono, ktime_get_monotonic_offset());
1da177e4 106
6addb1d6
DT		 107 event.type = type;
108 event.code = code;
109 event.value = value;
1da177e4 110
82ba56c2
DT		 111 rcu_read_lock();
112
6addb1d6 113 client = rcu_dereference(evdev->grab);
a80b83b7 114
6addb1d6 115 if (client)
a80b83b7 116 evdev_pass_event(client, &event, time_mono, time_real);
6addb1d6
DT		 117 else
118 list_for_each_entry_rcu(client, &evdev->client_list, node)
a80b83b7 119 evdev_pass_event(client, &event, time_mono, time_real);
1da177e4 120
82ba56c2
DT		 121 rcu_read_unlock();
122
da40b0b6
DT		 123 if (type == EV_SYN && code == SYN_REPORT)
124 wake_up_interruptible(&evdev->wait);
1da177e4
LT		 125}
126
127static int evdev_fasync(int fd, struct file *file, int on)
128{
d0ffb9be 129 struct evdev_client *client = file->private_data;
1e0afb28 130
60aa4924 131 return fasync_helper(fd, file, on, &client->fasync);
1da177e4
LT		 132}
133
1e0afb28 134static int evdev_flush(struct file *file, fl_owner_t id)
1da177e4 135{
d0ffb9be
DT		 136 struct evdev_client *client = file->private_data;
137 struct evdev *evdev = client->evdev;
6addb1d6
DT		 138 int retval;
139
140 retval = mutex_lock_interruptible(&evdev->mutex);
141 if (retval)
142 return retval;
1e0afb28 143
d0ffb9be 144 if (!evdev->exist)
6addb1d6
DT		 145 retval = -ENODEV;
146 else
147 retval = input_flush_device(&evdev->handle, file);
1e0afb28 148
6addb1d6
DT		 149 mutex_unlock(&evdev->mutex);
150 return retval;
1da177e4
LT		 151}
152
9657d75c 153static void evdev_free(struct device *dev)
1da177e4 154{
9657d75c
DT		 155 struct evdev *evdev = container_of(dev, struct evdev, dev);
156
a7097ff8 157 input_put_device(evdev->handle.dev);
1da177e4
LT		 158 kfree(evdev);
159}
160
6addb1d6
DT		 161/*
162 * Grabs an event device (along with underlying input device).
163 * This function is called with evdev->mutex taken.
164 */
165static int evdev_grab(struct evdev *evdev, struct evdev_client *client)
166{
167 int error;
168
169 if (evdev->grab)
170 return -EBUSY;
171
172 error = input_grab_device(&evdev->handle);
173 if (error)
174 return error;
175
176 rcu_assign_pointer(evdev->grab, client);
6addb1d6
DT		 177
178 return 0;
179}
180
181static int evdev_ungrab(struct evdev *evdev, struct evdev_client *client)
182{
dba42580
DT		 183 struct evdev_client *grab = rcu_dereference_protected(evdev->grab,
184 lockdep_is_held(&evdev->mutex));
185
186 if (grab != client)
6addb1d6
DT		 187 return -EINVAL;
188
189 rcu_assign_pointer(evdev->grab, NULL);
82ba56c2 190 synchronize_rcu();
6addb1d6
DT		 191 input_release_device(&evdev->handle);
192
193 return 0;
194}
195
196static void evdev_attach_client(struct evdev *evdev,
197 struct evdev_client *client)
198{
199 spin_lock(&evdev->client_lock);
200 list_add_tail_rcu(&client->node, &evdev->client_list);
201 spin_unlock(&evdev->client_lock);
6addb1d6
DT		 202}
203
204static void evdev_detach_client(struct evdev *evdev,
205 struct evdev_client *client)
206{
207 spin_lock(&evdev->client_lock);
208 list_del_rcu(&client->node);
209 spin_unlock(&evdev->client_lock);
82ba56c2 210 synchronize_rcu();
6addb1d6
DT		 211}
212
213static int evdev_open_device(struct evdev *evdev)
214{
215 int retval;
216
217 retval = mutex_lock_interruptible(&evdev->mutex);
218 if (retval)
219 return retval;
220
221 if (!evdev->exist)
222 retval = -ENODEV;
06445014 223 else if (!evdev->open++) {
6addb1d6 224 retval = input_open_device(&evdev->handle);
06445014
ON		 225 if (retval)
226 evdev->open--;
227 }
6addb1d6
DT		 228
229 mutex_unlock(&evdev->mutex);
230 return retval;
231}
232
233static void evdev_close_device(struct evdev *evdev)
234{
235 mutex_lock(&evdev->mutex);
236
237 if (evdev->exist && !--evdev->open)
238 input_close_device(&evdev->handle);
239
240 mutex_unlock(&evdev->mutex);
241}
242
243/*
244 * Wake up users waiting for IO so they can disconnect from
245 * dead device.
246 */
247static void evdev_hangup(struct evdev *evdev)
248{
249 struct evdev_client *client;
250
251 spin_lock(&evdev->client_lock);
252 list_for_each_entry(client, &evdev->client_list, node)
253 kill_fasync(&client->fasync, SIGIO, POLL_HUP);
254 spin_unlock(&evdev->client_lock);
255
256 wake_up_interruptible(&evdev->wait);
257}
258
d0ffb9be 259static int evdev_release(struct inode *inode, struct file *file)
1da177e4 260{
d0ffb9be
DT		 261 struct evdev_client *client = file->private_data;
262 struct evdev *evdev = client->evdev;
1da177e4 263
6addb1d6 264 mutex_lock(&evdev->mutex);
dba42580 265 evdev_ungrab(evdev, client);
6addb1d6 266 mutex_unlock(&evdev->mutex);
1da177e4 267
6addb1d6 268 evdev_detach_client(evdev, client);
d0ffb9be 269 kfree(client);
1da177e4 270
6addb1d6 271 evdev_close_device(evdev);
9657d75c 272 put_device(&evdev->dev);
1da177e4 273
1da177e4
LT		 274 return 0;
275}
276
b58f7086
HR		 277static unsigned int evdev_compute_buffer_size(struct input_dev *dev)
278{
63a6404d
HR		 279 unsigned int n_events =
280 max(dev->hint_events_per_packet * EVDEV_BUF_PACKETS,
281 EVDEV_MIN_BUFFER_SIZE);
282
283 return roundup_pow_of_two(n_events);
b58f7086
HR		 284}
285
d0ffb9be 286static int evdev_open(struct inode *inode, struct file *file)
1da177e4 287{
d0ffb9be 288 struct evdev *evdev;
6addb1d6 289 struct evdev_client *client;
1da177e4 290 int i = iminor(inode) - EVDEV_MINOR_BASE;
b58f7086 291 unsigned int bufsize;
d542ed82 292 int error;
1da177e4 293
d0ffb9be 294 if (i >= EVDEV_MINORS)
1da177e4
LT		 295 return -ENODEV;
296
6addb1d6
DT		 297 error = mutex_lock_interruptible(&evdev_table_mutex);
298 if (error)
299 return error;
d0ffb9be 300 evdev = evdev_table[i];
6addb1d6
DT		 301 if (evdev)
302 get_device(&evdev->dev);
303 mutex_unlock(&evdev_table_mutex);
d0ffb9be 304
6addb1d6 305 if (!evdev)
1da177e4
LT		 306 return -ENODEV;
307
b58f7086
HR		 308 bufsize = evdev_compute_buffer_size(evdev->handle.dev);
309
310 client = kzalloc(sizeof(struct evdev_client) +
311 bufsize * sizeof(struct input_event),
312 GFP_KERNEL);
9657d75c
DT		 313 if (!client) {
314 error = -ENOMEM;
315 goto err_put_evdev;
316 }
1da177e4 317
b58f7086 318 client->bufsize = bufsize;
6addb1d6 319 spin_lock_init(&client->buffer_lock);
d0ffb9be 320 client->evdev = evdev;
6addb1d6 321 evdev_attach_client(evdev, client);
1da177e4 322
6addb1d6
DT		 323 error = evdev_open_device(evdev);
324 if (error)
325 goto err_free_client;
1da177e4 326
d0ffb9be 327 file->private_data = client;
3d7bbd45
DT		 328 nonseekable_open(inode, file);
329
1da177e4 330 return 0;
9657d75c
DT		 331
332 err_free_client:
6addb1d6 333 evdev_detach_client(evdev, client);
9657d75c
DT		 334 kfree(client);
335 err_put_evdev:
336 put_device(&evdev->dev);
337 return error;
1da177e4
LT		 338}
339
6addb1d6
DT		 340static ssize_t evdev_write(struct file *file, const char __user *buffer,
341 size_t count, loff_t *ppos)
3a51f7c4 342{
d0ffb9be
DT		 343 struct evdev_client *client = file->private_data;
344 struct evdev *evdev = client->evdev;
3a51f7c4 345 struct input_event event;
02dfc496 346 int retval = 0;
52658bb6 347
439581ec
PK		 348 if (count < input_event_size())
349 return -EINVAL;
350
6addb1d6
DT		 351 retval = mutex_lock_interruptible(&evdev->mutex);
352 if (retval)
353 return retval;
354
355 if (!evdev->exist) {
356 retval = -ENODEV;
357 goto out;
358 }
52658bb6 359
439581ec 360 do {
2d56f3a3 361 if (input_event_from_user(buffer + retval, &event)) {
6addb1d6
DT		 362 retval = -EFAULT;
363 goto out;
364 }
439581ec 365 retval += input_event_size();
6addb1d6
DT		 366
367 input_inject_event(&evdev->handle,
368 event.type, event.code, event.value);
439581ec 369 } while (retval + input_event_size() <= count);
52658bb6 370
6addb1d6
DT		 371 out:
372 mutex_unlock(&evdev->mutex);
52658bb6
JK		 373 return retval;
374}
52658bb6 375
6addb1d6
DT		 376static int evdev_fetch_next_event(struct evdev_client *client,
377 struct input_event *event)
378{
379 int have_event;
380
381 spin_lock_irq(&client->buffer_lock);
382
566cf5b6 383 have_event = client->packet_head != client->tail;
6addb1d6
DT		 384 if (have_event) {
385 *event = client->buffer[client->tail++];
b58f7086 386 client->tail &= client->bufsize - 1;
6addb1d6
DT		 387 }
388
389 spin_unlock_irq(&client->buffer_lock);
390
391 return have_event;
392}
393
394static ssize_t evdev_read(struct file *file, char __user *buffer,
395 size_t count, loff_t *ppos)
1da177e4 396{
d0ffb9be
DT		 397 struct evdev_client *client = file->private_data;
398 struct evdev *evdev = client->evdev;
6addb1d6 399 struct input_event event;
42f57874 400 int retval = 0;
1da177e4 401
2d56f3a3 402 if (count < input_event_size())
1da177e4
LT		 403 return -EINVAL;
404
509f87c5
DZ		 405 if (!(file->f_flags & O_NONBLOCK)) {
406 retval = wait_event_interruptible(evdev->wait,
407 client->packet_head != client->tail ||
408 !evdev->exist);
409 if (retval)
410 return retval;
411 }
1da177e4 412
d0ffb9be 413 if (!evdev->exist)
1da177e4
LT		 414 return -ENODEV;
415
2d56f3a3 416 while (retval + input_event_size() <= count &&
6addb1d6 417 evdev_fetch_next_event(client, &event)) {
3a51f7c4 418
2d56f3a3 419 if (input_event_to_user(buffer + retval, &event))
3a51f7c4
DT		 420 return -EFAULT;
421
2d56f3a3 422 retval += input_event_size();
1da177e4
LT		 423 }
424
e90f869c
DZ		 425 if (retval == 0 && (file->f_flags & O_NONBLOCK))
426 return -EAGAIN;
427
1da177e4
LT		 428 return retval;
429}
430
431/* No kernel lock - fine */
432static unsigned int evdev_poll(struct file *file, poll_table *wait)
433{
d0ffb9be
DT		 434 struct evdev_client *client = file->private_data;
435 struct evdev *evdev = client->evdev;
c18fb139 436 unsigned int mask;
1e0afb28 437
d0ffb9be 438 poll_wait(file, &evdev->wait, wait);
c18fb139
DT		 439
440 mask = evdev->exist ? POLLOUT | POLLWRNORM : POLLHUP | POLLERR;
cdda911c 441 if (client->packet_head != client->tail)
c18fb139
DT		 442 mask |= POLLIN | POLLRDNORM;
443
444 return mask;
1da177e4
LT		 445}
446
3a51f7c4
DT		 447#ifdef CONFIG_COMPAT
448
449#define BITS_PER_LONG_COMPAT (sizeof(compat_long_t) * 8)
7b19ada2 450#define BITS_TO_LONGS_COMPAT(x) ((((x) - 1) / BITS_PER_LONG_COMPAT) + 1)
3a51f7c4
DT		 451
452#ifdef __BIG_ENDIAN
453static int bits_to_user(unsigned long *bits, unsigned int maxbit,
454 unsigned int maxlen, void __user *p, int compat)
455{
456 int len, i;
457
458 if (compat) {
7b19ada2 459 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t);
bf61f8d3 460 if (len > maxlen)
3a51f7c4
DT		 461 len = maxlen;
462
463 for (i = 0; i < len / sizeof(compat_long_t); i++)
464 if (copy_to_user((compat_long_t __user *) p + i,
465 (compat_long_t *) bits +
466 i + 1 - ((i % 2) << 1),
467 sizeof(compat_long_t)))
468 return -EFAULT;
469 } else {
7b19ada2 470 len = BITS_TO_LONGS(maxbit) * sizeof(long);
3a51f7c4
DT		 471 if (len > maxlen)
472 len = maxlen;
473
474 if (copy_to_user(p, bits, len))
475 return -EFAULT;
476 }
477
478 return len;
479}
480#else
481static int bits_to_user(unsigned long *bits, unsigned int maxbit,
482 unsigned int maxlen, void __user *p, int compat)
483{
484 int len = compat ?
7b19ada2
JS		 485 BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t) :
486 BITS_TO_LONGS(maxbit) * sizeof(long);
3a51f7c4
DT		 487
488 if (len > maxlen)
489 len = maxlen;
490
491 return copy_to_user(p, bits, len) ? -EFAULT : len;
492}
493#endif /* __BIG_ENDIAN */
494
495#else
496
497static int bits_to_user(unsigned long *bits, unsigned int maxbit,
498 unsigned int maxlen, void __user *p, int compat)
499{
7b19ada2 500 int len = BITS_TO_LONGS(maxbit) * sizeof(long);
3a51f7c4
DT		 501
502 if (len > maxlen)
503 len = maxlen;
504
505 return copy_to_user(p, bits, len) ? -EFAULT : len;
506}
507
508#endif /* CONFIG_COMPAT */
509
510static int str_to_user(const char *str, unsigned int maxlen, void __user *p)
511{
512 int len;
513
514 if (!str)
515 return -ENOENT;
516
517 len = strlen(str) + 1;
518 if (len > maxlen)
519 len = maxlen;
520
521 return copy_to_user(p, str, len) ? -EFAULT : len;
522}
523
f2afa771 524#define OLD_KEY_MAX 0x1ff
448cd166
DT		 525static int handle_eviocgbit(struct input_dev *dev,
526 unsigned int type, unsigned int size,
527 void __user *p, int compat_mode)
5402a734 528{
f2afa771 529 static unsigned long keymax_warn_time;
5402a734
LT		 530 unsigned long *bits;
531 int len;
532
448cd166 533 switch (type) {
5402a734
LT		 534
535 case 0: bits = dev->evbit; len = EV_MAX; break;
536 case EV_KEY: bits = dev->keybit; len = KEY_MAX; break;
537 case EV_REL: bits = dev->relbit; len = REL_MAX; break;
538 case EV_ABS: bits = dev->absbit; len = ABS_MAX; break;
539 case EV_MSC: bits = dev->mscbit; len = MSC_MAX; break;
540 case EV_LED: bits = dev->ledbit; len = LED_MAX; break;
541 case EV_SND: bits = dev->sndbit; len = SND_MAX; break;
542 case EV_FF: bits = dev->ffbit; len = FF_MAX; break;
543 case EV_SW: bits = dev->swbit; len = SW_MAX; break;
544 default: return -EINVAL;
545 }
f2afa771
DT		 546
547 /*
548 * Work around bugs in userspace programs that like to do
549 * EVIOCGBIT(EV_KEY, KEY_MAX) and not realize that 'len'
550 * should be in bytes, not in bits.
551 */
448cd166 552 if (type == EV_KEY && size == OLD_KEY_MAX) {
f2afa771
DT		 553 len = OLD_KEY_MAX;
554 if (printk_timed_ratelimit(&keymax_warn_time, 10 * 1000))
da0c4901
JP		 555 pr_warning("(EVIOCGBIT): Suspicious buffer size %u, "
556 "limiting output to %zu bytes. See "
557 "http://userweb.kernel.org/~dtor/eviocgbit-bug.html\n",
558 OLD_KEY_MAX,
559 BITS_TO_LONGS(OLD_KEY_MAX) * sizeof(long));
f2afa771
DT		 560 }
561
448cd166 562 return bits_to_user(bits, len, size, p, compat_mode);
5402a734 563}
f2afa771 564#undef OLD_KEY_MAX
5402a734 565
ab4e0192 566static int evdev_handle_get_keycode(struct input_dev *dev, void __user *p)
8613e4c2 567{
ab4e0192
DT		 568 struct input_keymap_entry ke = {
569 .len = sizeof(unsigned int),
570 .flags = 0,
571 };
572 int __user *ip = (int __user *)p;
8613e4c2
MCC		 573 int error;
574
ab4e0192
DT		 575 /* legacy case */
576 if (copy_from_user(ke.scancode, p, sizeof(unsigned int)))
577 return -EFAULT;
8613e4c2 578
ab4e0192
DT		 579 error = input_get_keycode(dev, &ke);
580 if (error)
581 return error;
8613e4c2 582
ab4e0192
DT		 583 if (put_user(ke.keycode, ip + 1))
584 return -EFAULT;
8613e4c2 585
ab4e0192
DT		 586 return 0;
587}
8613e4c2 588
ab4e0192
DT		 589static int evdev_handle_get_keycode_v2(struct input_dev *dev, void __user *p)
590{
591 struct input_keymap_entry ke;
592 int error;
8613e4c2 593
ab4e0192
DT		 594 if (copy_from_user(&ke, p, sizeof(ke)))
595 return -EFAULT;
8613e4c2 596
ab4e0192
DT		 597 error = input_get_keycode(dev, &ke);
598 if (error)
599 return error;
8613e4c2 600
ab4e0192
DT		 601 if (copy_to_user(p, &ke, sizeof(ke)))
602 return -EFAULT;
8613e4c2 603
8613e4c2
MCC		 604 return 0;
605}
606
ab4e0192 607static int evdev_handle_set_keycode(struct input_dev *dev, void __user *p)
8613e4c2 608{
ab4e0192
DT		 609 struct input_keymap_entry ke = {
610 .len = sizeof(unsigned int),
611 .flags = 0,
612 };
613 int __user *ip = (int __user *)p;
8613e4c2 614
ab4e0192
DT		 615 if (copy_from_user(ke.scancode, p, sizeof(unsigned int)))
616 return -EFAULT;
8613e4c2 617
ab4e0192
DT		 618 if (get_user(ke.keycode, ip + 1))
619 return -EFAULT;
8613e4c2 620
ab4e0192
DT		 621 return input_set_keycode(dev, &ke);
622}
8613e4c2 623
ab4e0192
DT		 624static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p)
625{
626 struct input_keymap_entry ke;
8613e4c2 627
ab4e0192
DT		 628 if (copy_from_user(&ke, p, sizeof(ke)))
629 return -EFAULT;
8613e4c2 630
ab4e0192
DT		 631 if (ke.len > sizeof(ke.scancode))
632 return -EINVAL;
8613e4c2
MCC		 633
634 return input_set_keycode(dev, &ke);
635}
636
1cf0c6e6
HR		 637static int evdev_handle_mt_request(struct input_dev *dev,
638 unsigned int size,
639 int __user *ip)
640{
641 const struct input_mt_slot *mt = dev->mt;
642 unsigned int code;
643 int max_slots;
644 int i;
645
646 if (get_user(code, &ip[0]))
647 return -EFAULT;
648 if (!input_is_mt_value(code))
649 return -EINVAL;
650
651 max_slots = (size - sizeof(__u32)) / sizeof(__s32);
652 for (i = 0; i < dev->mtsize && i < max_slots; i++)
653 if (put_user(input_mt_get_value(&mt[i], code), &ip[1 + i]))
654 return -EFAULT;
655
656 return 0;
657}
658
6addb1d6
DT		 659static long evdev_do_ioctl(struct file *file, unsigned int cmd,
660 void __user *p, int compat_mode)
1da177e4 661{
d0ffb9be
DT		 662 struct evdev_client *client = file->private_data;
663 struct evdev *evdev = client->evdev;
1da177e4
LT		 664 struct input_dev *dev = evdev->handle.dev;
665 struct input_absinfo abs;
509ca1a9 666 struct ff_effect effect;
3a51f7c4 667 int __user *ip = (int __user *)p;
58b93995 668 unsigned int i, t, u, v;
448cd166 669 unsigned int size;
509ca1a9 670 int error;
1da177e4 671
448cd166 672 /* First we check for fixed-length commands */
1da177e4
LT		 673 switch (cmd) {
674
6addb1d6
DT		 675 case EVIOCGVERSION:
676 return put_user(EV_VERSION, ip);
1da177e4 677
6addb1d6
DT		 678 case EVIOCGID:
679 if (copy_to_user(p, &dev->id, sizeof(struct input_id)))
680 return -EFAULT;
681 return 0;
08791e5c 682
6addb1d6
DT		 683 case EVIOCGREP:
684 if (!test_bit(EV_REP, dev->evbit))
685 return -ENOSYS;
686 if (put_user(dev->rep[REP_DELAY], ip))
687 return -EFAULT;
688 if (put_user(dev->rep[REP_PERIOD], ip + 1))
689 return -EFAULT;
690 return 0;
08791e5c 691
6addb1d6
DT		 692 case EVIOCSREP:
693 if (!test_bit(EV_REP, dev->evbit))
694 return -ENOSYS;
695 if (get_user(u, ip))
696 return -EFAULT;
697 if (get_user(v, ip + 1))
698 return -EFAULT;
08791e5c 699
6addb1d6
DT		 700 input_inject_event(&evdev->handle, EV_REP, REP_DELAY, u);
701 input_inject_event(&evdev->handle, EV_REP, REP_PERIOD, v);
3a51f7c4 702
6addb1d6 703 return 0;
1da177e4 704
6addb1d6
DT		 705 case EVIOCRMFF:
706 return input_ff_erase(dev, (int)(unsigned long) p, file);
1da177e4 707
6addb1d6
DT		 708 case EVIOCGEFFECTS:
709 i = test_bit(EV_FF, dev->evbit) ?
710 dev->ff->max_effects : 0;
711 if (put_user(i, ip))
712 return -EFAULT;
713 return 0;
714
715 case EVIOCGRAB:
716 if (p)
717 return evdev_grab(evdev, client);
718 else
719 return evdev_ungrab(evdev, client);
ab4e0192 720
a80b83b7
JS		 721 case EVIOCSCLOCKID:
722 if (copy_from_user(&i, p, sizeof(unsigned int)))
723 return -EFAULT;
724 if (i != CLOCK_MONOTONIC && i != CLOCK_REALTIME)
725 return -EINVAL;
726 client->clkid = i;
727 return 0;
728
ab4e0192
DT		 729 case EVIOCGKEYCODE:
730 return evdev_handle_get_keycode(dev, p);
731
732 case EVIOCSKEYCODE:
733 return evdev_handle_set_keycode(dev, p);
734
735 case EVIOCGKEYCODE_V2:
736 return evdev_handle_get_keycode_v2(dev, p);
737
738 case EVIOCSKEYCODE_V2:
739 return evdev_handle_set_keycode_v2(dev, p);
448cd166 740 }
1da177e4 741
448cd166 742 size = _IOC_SIZE(cmd);
1da177e4 743
448cd166
DT		 744 /* Now check variable-length commands */
745#define EVIOC_MASK_SIZE(nr) ((nr) & ~(_IOC_SIZEMASK << _IOC_SIZESHIFT))
448cd166 746 switch (EVIOC_MASK_SIZE(cmd)) {
41e979f8 747
85b77200
HR		 748 case EVIOCGPROP(0):
749 return bits_to_user(dev->propbit, INPUT_PROP_MAX,
750 size, p, compat_mode);
751
1cf0c6e6
HR		 752 case EVIOCGMTSLOTS(0):
753 return evdev_handle_mt_request(dev, size, ip);
754
448cd166
DT		 755 case EVIOCGKEY(0):
756 return bits_to_user(dev->key, KEY_MAX, size, p, compat_mode);
1da177e4 757
448cd166
DT		 758 case EVIOCGLED(0):
759 return bits_to_user(dev->led, LED_MAX, size, p, compat_mode);
1da177e4 760
448cd166
DT		 761 case EVIOCGSND(0):
762 return bits_to_user(dev->snd, SND_MAX, size, p, compat_mode);
1da177e4 763
448cd166
DT		 764 case EVIOCGSW(0):
765 return bits_to_user(dev->sw, SW_MAX, size, p, compat_mode);
31581066 766
448cd166
DT		 767 case EVIOCGNAME(0):
768 return str_to_user(dev->name, size, p);
1da177e4 769
448cd166
DT		 770 case EVIOCGPHYS(0):
771 return str_to_user(dev->phys, size, p);
1da177e4 772
448cd166
DT		 773 case EVIOCGUNIQ(0):
774 return str_to_user(dev->uniq, size, p);
1da177e4 775
448cd166
DT		 776 case EVIOC_MASK_SIZE(EVIOCSFF):
777 if (input_ff_effect_from_user(p, size, &effect))
778 return -EFAULT;
1da177e4 779
448cd166 780 error = input_ff_upload(dev, &effect, file);
1da177e4 781
448cd166
DT		 782 if (put_user(effect.id, &(((struct ff_effect __user *)p)->id)))
783 return -EFAULT;
41e979f8 784
448cd166
DT		 785 return error;
786 }
1da177e4 787
448cd166
DT		 788 /* Multi-number variable-length handlers */
789 if (_IOC_TYPE(cmd) != 'E')
790 return -EINVAL;
1da177e4 791
448cd166 792 if (_IOC_DIR(cmd) == _IOC_READ) {
6addb1d6 793
448cd166
DT		 794 if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0, 0)))
795 return handle_eviocgbit(dev,
796 _IOC_NR(cmd) & EV_MAX, size,
797 p, compat_mode);
1da177e4 798
448cd166 799 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) {
f2278f31 800
0a74a1df
DM		 801 if (!dev->absinfo)
802 return -EINVAL;
803
448cd166
DT		 804 t = _IOC_NR(cmd) & ABS_MAX;
805 abs = dev->absinfo[t];
f2278f31 806
448cd166
DT		 807 if (copy_to_user(p, &abs, min_t(size_t,
808 size, sizeof(struct input_absinfo))))
809 return -EFAULT;
f2278f31 810
448cd166
DT		 811 return 0;
812 }
813 }
f2278f31 814
f9ce6eb5 815 if (_IOC_DIR(cmd) == _IOC_WRITE) {
f2278f31 816
448cd166 817 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) {
1da177e4 818
0a74a1df
DM		 819 if (!dev->absinfo)
820 return -EINVAL;
821
448cd166 822 t = _IOC_NR(cmd) & ABS_MAX;
41e979f8 823
448cd166
DT		 824 if (copy_from_user(&abs, p, min_t(size_t,
825 size, sizeof(struct input_absinfo))))
826 return -EFAULT;
1da177e4 827
448cd166
DT		 828 if (size < sizeof(struct input_absinfo))
829 abs.resolution = 0;
d31b2865 830
448cd166
DT		 831 /* We can't change number of reserved MT slots */
832 if (t == ABS_MT_SLOT)
833 return -EINVAL;
40d007e7 834
448cd166
DT		 835 /*
836 * Take event lock to ensure that we are not
837 * changing device parameters in the middle
838 * of event.
839 */
840 spin_lock_irq(&dev->event_lock);
841 dev->absinfo[t] = abs;
842 spin_unlock_irq(&dev->event_lock);
6addb1d6 843
448cd166 844 return 0;
6addb1d6 845 }
1da177e4 846 }
448cd166 847
1da177e4
LT		 848 return -EINVAL;
849}
1da177e4 850
6addb1d6
DT		 851static long evdev_ioctl_handler(struct file *file, unsigned int cmd,
852 void __user *p, int compat_mode)
853{
854 struct evdev_client *client = file->private_data;
855 struct evdev *evdev = client->evdev;
856 int retval;
857
858 retval = mutex_lock_interruptible(&evdev->mutex);
859 if (retval)
860 return retval;
861
862 if (!evdev->exist) {
863 retval = -ENODEV;
864 goto out;
865 }
866
867 retval = evdev_do_ioctl(file, cmd, p, compat_mode);
868
869 out:
870 mutex_unlock(&evdev->mutex);
871 return retval;
872}
873
3a51f7c4
DT		 874static long evdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
875{
876 return evdev_ioctl_handler(file, cmd, (void __user *)arg, 0);
877}
41e979f8 878
3a51f7c4 879#ifdef CONFIG_COMPAT
6addb1d6
DT		 880static long evdev_ioctl_compat(struct file *file,
881 unsigned int cmd, unsigned long arg)
52658bb6 882{
3a51f7c4 883 return evdev_ioctl_handler(file, cmd, compat_ptr(arg), 1);
1da177e4 884}
52658bb6 885#endif
1da177e4 886
66e66118 887static const struct file_operations evdev_fops = {
6addb1d6
DT		 888 .owner = THIS_MODULE,
889 .read = evdev_read,
890 .write = evdev_write,
891 .poll = evdev_poll,
892 .open = evdev_open,
893 .release = evdev_release,
894 .unlocked_ioctl = evdev_ioctl,
52658bb6 895#ifdef CONFIG_COMPAT
6addb1d6 896 .compat_ioctl = evdev_ioctl_compat,
52658bb6 897#endif
6addb1d6 898 .fasync = evdev_fasync,
6038f373
AB		 899 .flush = evdev_flush,
900 .llseek = no_llseek,
1da177e4
LT		 901};
902
6addb1d6
DT		 903static int evdev_install_chrdev(struct evdev *evdev)
904{
905 /*
906 * No need to do any locking here as calls to connect and
907 * disconnect are serialized by the input core
908 */
909 evdev_table[evdev->minor] = evdev;
910 return 0;
911}
912
913static void evdev_remove_chrdev(struct evdev *evdev)
914{
915 /*
916 * Lock evdev table to prevent race with evdev_open()
917 */
918 mutex_lock(&evdev_table_mutex);
919 evdev_table[evdev->minor] = NULL;
920 mutex_unlock(&evdev_table_mutex);
921}
922
923/*
924 * Mark device non-existent. This disables writes, ioctls and
925 * prevents new users from opening the device. Already posted
926 * blocking reads will stay, however new ones will fail.
927 */
928static void evdev_mark_dead(struct evdev *evdev)
929{
930 mutex_lock(&evdev->mutex);
20da92de 931 evdev->exist = false;
6addb1d6
DT		 932 mutex_unlock(&evdev->mutex);
933}
934
935static void evdev_cleanup(struct evdev *evdev)
936{
937 struct input_handle *handle = &evdev->handle;
938
939 evdev_mark_dead(evdev);
940 evdev_hangup(evdev);
941 evdev_remove_chrdev(evdev);
942
943 /* evdev is marked dead so no one else accesses evdev->open */
944 if (evdev->open) {
945 input_flush_device(handle, NULL);
946 input_close_device(handle);
947 }
948}
949
950/*
951 * Create new evdev device. Note that input core serializes calls
952 * to connect and disconnect so we don't need to lock evdev_table here.
953 */
5b2a0826
DT		 954static int evdev_connect(struct input_handler *handler, struct input_dev *dev,
955 const struct input_device_id *id)
1da177e4
LT		 956{
957 struct evdev *evdev;
958 int minor;
5b2a0826 959 int error;
1da177e4 960
6addb1d6
DT		 961 for (minor = 0; minor < EVDEV_MINORS; minor++)
962 if (!evdev_table[minor])
963 break;
964
1da177e4 965 if (minor == EVDEV_MINORS) {
da0c4901 966 pr_err("no more free evdev devices\n");
5b2a0826 967 return -ENFILE;
1da177e4
LT		 968 }
969
5b2a0826
DT		 970 evdev = kzalloc(sizeof(struct evdev), GFP_KERNEL);
971 if (!evdev)
972 return -ENOMEM;
1da177e4 973
d0ffb9be 974 INIT_LIST_HEAD(&evdev->client_list);
6addb1d6
DT		 975 spin_lock_init(&evdev->client_lock);
976 mutex_init(&evdev->mutex);
1da177e4
LT		 977 init_waitqueue_head(&evdev->wait);
978
3d5cb60e 979 dev_set_name(&evdev->dev, "event%d", minor);
20da92de 980 evdev->exist = true;
1da177e4 981 evdev->minor = minor;
6addb1d6 982
a7097ff8 983 evdev->handle.dev = input_get_device(dev);
3d5cb60e 984 evdev->handle.name = dev_name(&evdev->dev);
1da177e4
LT		 985 evdev->handle.handler = handler;
986 evdev->handle.private = evdev;
1da177e4 987
6addb1d6 988 evdev->dev.devt = MKDEV(INPUT_MAJOR, EVDEV_MINOR_BASE + minor);
9657d75c
DT		 989 evdev->dev.class = &input_class;
990 evdev->dev.parent = &dev->dev;
9657d75c
DT		 991 evdev->dev.release = evdev_free;
992 device_initialize(&evdev->dev);
5b2a0826 993
6addb1d6 994 error = input_register_handle(&evdev->handle);
5b2a0826 995 if (error)
9657d75c 996 goto err_free_evdev;
5b2a0826 997
6addb1d6
DT		 998 error = evdev_install_chrdev(evdev);
999 if (error)
1000 goto err_unregister_handle;
1001
1002 error = device_add(&evdev->dev);
5b2a0826 1003 if (error)
6addb1d6 1004 goto err_cleanup_evdev;
1da177e4 1005
5b2a0826 1006 return 0;
1da177e4 1007
6addb1d6
DT		 1008 err_cleanup_evdev:
1009 evdev_cleanup(evdev);
1010 err_unregister_handle:
1011 input_unregister_handle(&evdev->handle);
5b2a0826 1012 err_free_evdev:
9657d75c 1013 put_device(&evdev->dev);
5b2a0826 1014 return error;
1da177e4
LT		 1015}
1016
1017static void evdev_disconnect(struct input_handle *handle)
1018{
1019 struct evdev *evdev = handle->private;
1da177e4 1020
9657d75c 1021 device_del(&evdev->dev);
6addb1d6
DT		 1022 evdev_cleanup(evdev);
1023 input_unregister_handle(handle);
9657d75c 1024 put_device(&evdev->dev);
1da177e4
LT		 1025}
1026
66e66118 1027static const struct input_device_id evdev_ids[] = {
1da177e4
LT		 1028 { .driver_info = 1 }, /* Matches all devices */
1029 { }, /* Terminating zero entry */
1030};
1031
1032MODULE_DEVICE_TABLE(input, evdev_ids);
1033
1034static struct input_handler evdev_handler = {
6addb1d6
DT		 1035 .event = evdev_event,
1036 .connect = evdev_connect,
1037 .disconnect = evdev_disconnect,
1038 .fops = &evdev_fops,
1039 .minor = EVDEV_MINOR_BASE,
1040 .name = "evdev",
1041 .id_table = evdev_ids,
1da177e4
LT		 1042};
1043
1044static int __init evdev_init(void)
1045{
4263cf0f 1046 return input_register_handler(&evdev_handler);
1da177e4
LT		 1047}
1048
1049static void __exit evdev_exit(void)
1050{
1051 input_unregister_handler(&evdev_handler);
1052}
1053
1054module_init(evdev_init);
1055module_exit(evdev_exit);
1056
1057MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>");
1058MODULE_DESCRIPTION("Input driver event char devices");
1059MODULE_LICENSE("GPL");
Linux kernel - Deliverables
This page took 0.611012 seconds and 5 git commands to generate.