1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Routines for driver control interface 4 * Copyright (c) by Jaroslav Kysela <perex@perex.cz> 5 */ 6 7 #include <linux/threads.h> 8 #include <linux/interrupt.h> 9 #include <linux/module.h> 10 #include <linux/moduleparam.h> 11 #include <linux/slab.h> 12 #include <linux/vmalloc.h> 13 #include <linux/time.h> 14 #include <linux/mm.h> 15 #include <linux/math64.h> 16 #include <linux/sched/signal.h> 17 #include <sound/core.h> 18 #include <sound/minors.h> 19 #include <sound/info.h> 20 #include <sound/control.h> 21 22 // Max allocation size for user controls. 23 static int max_user_ctl_alloc_size = 8 * 1024 * 1024; 24 module_param_named(max_user_ctl_alloc_size, max_user_ctl_alloc_size, int, 0444); 25 MODULE_PARM_DESC(max_user_ctl_alloc_size, "Max allocation size for user controls"); 26 27 #define MAX_CONTROL_COUNT 1028 28 29 struct snd_kctl_ioctl { 30 struct list_head list; /* list of all ioctls */ 31 snd_kctl_ioctl_func_t fioctl; 32 }; 33 34 static DECLARE_RWSEM(snd_ioctl_rwsem); 35 static DECLARE_RWSEM(snd_ctl_layer_rwsem); 36 static LIST_HEAD(snd_control_ioctls); 37 #ifdef CONFIG_COMPAT 38 static LIST_HEAD(snd_control_compat_ioctls); 39 #endif 40 static struct snd_ctl_layer_ops *snd_ctl_layer; 41 42 static int snd_ctl_open(struct inode *inode, struct file *file) 43 { 44 unsigned long flags; 45 struct snd_card *card; 46 struct snd_ctl_file *ctl; 47 int i, err; 48 49 err = stream_open(inode, file); 50 if (err < 0) 51 return err; 52 53 card = snd_lookup_minor_data(iminor(inode), SNDRV_DEVICE_TYPE_CONTROL); 54 if (!card) { 55 err = -ENODEV; 56 goto __error1; 57 } 58 err = snd_card_file_add(card, file); 59 if (err < 0) { 60 err = -ENODEV; 61 goto __error1; 62 } 63 if (!try_module_get(card->module)) { 64 err = -EFAULT; 65 goto __error2; 66 } 67 ctl = kzalloc(sizeof(*ctl), GFP_KERNEL); 68 if (ctl == NULL) { 69 err = -ENOMEM; 70 goto __error; 71 } 72 INIT_LIST_HEAD(&ctl->events); 73 init_waitqueue_head(&ctl->change_sleep); 74 spin_lock_init(&ctl->read_lock); 75 ctl->card = card; 76 for (i = 0; i < SND_CTL_SUBDEV_ITEMS; i++) 77 ctl->preferred_subdevice[i] = -1; 78 ctl->pid = get_pid(task_pid(current)); 79 file->private_data = ctl; 80 write_lock_irqsave(&card->ctl_files_rwlock, flags); 81 list_add_tail(&ctl->list, &card->ctl_files); 82 write_unlock_irqrestore(&card->ctl_files_rwlock, flags); 83 snd_card_unref(card); 84 return 0; 85 86 __error: 87 module_put(card->module); 88 __error2: 89 snd_card_file_remove(card, file); 90 __error1: 91 if (card) 92 snd_card_unref(card); 93 return err; 94 } 95 96 static void snd_ctl_empty_read_queue(struct snd_ctl_file * ctl) 97 { 98 unsigned long flags; 99 struct snd_kctl_event *cread; 100 101 spin_lock_irqsave(&ctl->read_lock, flags); 102 while (!list_empty(&ctl->events)) { 103 cread = snd_kctl_event(ctl->events.next); 104 list_del(&cread->list); 105 kfree(cread); 106 } 107 spin_unlock_irqrestore(&ctl->read_lock, flags); 108 } 109 110 static int snd_ctl_release(struct inode *inode, struct file *file) 111 { 112 unsigned long flags; 113 struct snd_card *card; 114 struct snd_ctl_file *ctl; 115 struct snd_kcontrol *control; 116 unsigned int idx; 117 118 ctl = file->private_data; 119 file->private_data = NULL; 120 card = ctl->card; 121 write_lock_irqsave(&card->ctl_files_rwlock, flags); 122 list_del(&ctl->list); 123 write_unlock_irqrestore(&card->ctl_files_rwlock, flags); 124 down_write(&card->controls_rwsem); 125 list_for_each_entry(control, &card->controls, list) 126 for (idx = 0; idx < control->count; idx++) 127 if (control->vd[idx].owner == ctl) 128 control->vd[idx].owner = NULL; 129 up_write(&card->controls_rwsem); 130 snd_fasync_free(ctl->fasync); 131 snd_ctl_empty_read_queue(ctl); 132 put_pid(ctl->pid); 133 kfree(ctl); 134 module_put(card->module); 135 snd_card_file_remove(card, file); 136 return 0; 137 } 138 139 /** 140 * snd_ctl_notify - Send notification to user-space for a control change 141 * @card: the card to send notification 142 * @mask: the event mask, SNDRV_CTL_EVENT_* 143 * @id: the ctl element id to send notification 144 * 145 * This function adds an event record with the given id and mask, appends 146 * to the list and wakes up the user-space for notification. This can be 147 * called in the atomic context. 148 */ 149 void snd_ctl_notify(struct snd_card *card, unsigned int mask, 150 struct snd_ctl_elem_id *id) 151 { 152 unsigned long flags; 153 struct snd_ctl_file *ctl; 154 struct snd_kctl_event *ev; 155 156 if (snd_BUG_ON(!card || !id)) 157 return; 158 if (card->shutdown) 159 return; 160 read_lock_irqsave(&card->ctl_files_rwlock, flags); 161 #if IS_ENABLED(CONFIG_SND_MIXER_OSS) 162 card->mixer_oss_change_count++; 163 #endif 164 list_for_each_entry(ctl, &card->ctl_files, list) { 165 if (!ctl->subscribed) 166 continue; 167 spin_lock(&ctl->read_lock); 168 list_for_each_entry(ev, &ctl->events, list) { 169 if (ev->id.numid == id->numid) { 170 ev->mask |= mask; 171 goto _found; 172 } 173 } 174 ev = kzalloc(sizeof(*ev), GFP_ATOMIC); 175 if (ev) { 176 ev->id = *id; 177 ev->mask = mask; 178 list_add_tail(&ev->list, &ctl->events); 179 } else { 180 dev_err(card->dev, "No memory available to allocate event\n"); 181 } 182 _found: 183 wake_up(&ctl->change_sleep); 184 spin_unlock(&ctl->read_lock); 185 snd_kill_fasync(ctl->fasync, SIGIO, POLL_IN); 186 } 187 read_unlock_irqrestore(&card->ctl_files_rwlock, flags); 188 } 189 EXPORT_SYMBOL(snd_ctl_notify); 190 191 /** 192 * snd_ctl_notify_one - Send notification to user-space for a control change 193 * @card: the card to send notification 194 * @mask: the event mask, SNDRV_CTL_EVENT_* 195 * @kctl: the pointer with the control instance 196 * @ioff: the additional offset to the control index 197 * 198 * This function calls snd_ctl_notify() and does additional jobs 199 * like LED state changes. 200 */ 201 void snd_ctl_notify_one(struct snd_card *card, unsigned int mask, 202 struct snd_kcontrol *kctl, unsigned int ioff) 203 { 204 struct snd_ctl_elem_id id = kctl->id; 205 struct snd_ctl_layer_ops *lops; 206 207 id.index += ioff; 208 id.numid += ioff; 209 snd_ctl_notify(card, mask, &id); 210 down_read(&snd_ctl_layer_rwsem); 211 for (lops = snd_ctl_layer; lops; lops = lops->next) 212 lops->lnotify(card, mask, kctl, ioff); 213 up_read(&snd_ctl_layer_rwsem); 214 } 215 EXPORT_SYMBOL(snd_ctl_notify_one); 216 217 /** 218 * snd_ctl_new - create a new control instance with some elements 219 * @kctl: the pointer to store new control instance 220 * @count: the number of elements in this control 221 * @access: the default access flags for elements in this control 222 * @file: given when locking these elements 223 * 224 * Allocates a memory object for a new control instance. The instance has 225 * elements as many as the given number (@count). Each element has given 226 * access permissions (@access). Each element is locked when @file is given. 227 * 228 * Return: 0 on success, error code on failure 229 */ 230 static int snd_ctl_new(struct snd_kcontrol **kctl, unsigned int count, 231 unsigned int access, struct snd_ctl_file *file) 232 { 233 unsigned int idx; 234 235 if (count == 0 || count > MAX_CONTROL_COUNT) 236 return -EINVAL; 237 238 *kctl = kzalloc(struct_size(*kctl, vd, count), GFP_KERNEL); 239 if (!*kctl) 240 return -ENOMEM; 241 242 for (idx = 0; idx < count; idx++) { 243 (*kctl)->vd[idx].access = access; 244 (*kctl)->vd[idx].owner = file; 245 } 246 (*kctl)->count = count; 247 248 return 0; 249 } 250 251 /** 252 * snd_ctl_new1 - create a control instance from the template 253 * @ncontrol: the initialization record 254 * @private_data: the private data to set 255 * 256 * Allocates a new struct snd_kcontrol instance and initialize from the given 257 * template. When the access field of ncontrol is 0, it's assumed as 258 * READWRITE access. When the count field is 0, it's assumes as one. 259 * 260 * Return: The pointer of the newly generated instance, or %NULL on failure. 261 */ 262 struct snd_kcontrol *snd_ctl_new1(const struct snd_kcontrol_new *ncontrol, 263 void *private_data) 264 { 265 struct snd_kcontrol *kctl; 266 unsigned int count; 267 unsigned int access; 268 int err; 269 270 if (snd_BUG_ON(!ncontrol || !ncontrol->info)) 271 return NULL; 272 273 count = ncontrol->count; 274 if (count == 0) 275 count = 1; 276 277 access = ncontrol->access; 278 if (access == 0) 279 access = SNDRV_CTL_ELEM_ACCESS_READWRITE; 280 access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE | 281 SNDRV_CTL_ELEM_ACCESS_VOLATILE | 282 SNDRV_CTL_ELEM_ACCESS_INACTIVE | 283 SNDRV_CTL_ELEM_ACCESS_TLV_READWRITE | 284 SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND | 285 SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK | 286 SNDRV_CTL_ELEM_ACCESS_LED_MASK | 287 SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK); 288 289 err = snd_ctl_new(&kctl, count, access, NULL); 290 if (err < 0) 291 return NULL; 292 293 /* The 'numid' member is decided when calling snd_ctl_add(). */ 294 kctl->id.iface = ncontrol->iface; 295 kctl->id.device = ncontrol->device; 296 kctl->id.subdevice = ncontrol->subdevice; 297 if (ncontrol->name) { 298 strscpy(kctl->id.name, ncontrol->name, sizeof(kctl->id.name)); 299 if (strcmp(ncontrol->name, kctl->id.name) != 0) 300 pr_warn("ALSA: Control name '%s' truncated to '%s'\n", 301 ncontrol->name, kctl->id.name); 302 } 303 kctl->id.index = ncontrol->index; 304 305 kctl->info = ncontrol->info; 306 kctl->get = ncontrol->get; 307 kctl->put = ncontrol->put; 308 kctl->tlv.p = ncontrol->tlv.p; 309 310 kctl->private_value = ncontrol->private_value; 311 kctl->private_data = private_data; 312 313 return kctl; 314 } 315 EXPORT_SYMBOL(snd_ctl_new1); 316 317 /** 318 * snd_ctl_free_one - release the control instance 319 * @kcontrol: the control instance 320 * 321 * Releases the control instance created via snd_ctl_new() 322 * or snd_ctl_new1(). 323 * Don't call this after the control was added to the card. 324 */ 325 void snd_ctl_free_one(struct snd_kcontrol *kcontrol) 326 { 327 if (kcontrol) { 328 if (kcontrol->private_free) 329 kcontrol->private_free(kcontrol); 330 kfree(kcontrol); 331 } 332 } 333 EXPORT_SYMBOL(snd_ctl_free_one); 334 335 static bool snd_ctl_remove_numid_conflict(struct snd_card *card, 336 unsigned int count) 337 { 338 struct snd_kcontrol *kctl; 339 340 /* Make sure that the ids assigned to the control do not wrap around */ 341 if (card->last_numid >= UINT_MAX - count) 342 card->last_numid = 0; 343 344 list_for_each_entry(kctl, &card->controls, list) { 345 if (kctl->id.numid < card->last_numid + 1 + count && 346 kctl->id.numid + kctl->count > card->last_numid + 1) { 347 card->last_numid = kctl->id.numid + kctl->count - 1; 348 return true; 349 } 350 } 351 return false; 352 } 353 354 static int snd_ctl_find_hole(struct snd_card *card, unsigned int count) 355 { 356 unsigned int iter = 100000; 357 358 while (snd_ctl_remove_numid_conflict(card, count)) { 359 if (--iter == 0) { 360 /* this situation is very unlikely */ 361 dev_err(card->dev, "unable to allocate new control numid\n"); 362 return -ENOMEM; 363 } 364 } 365 return 0; 366 } 367 368 /* check whether the given id is contained in the given kctl */ 369 static bool elem_id_matches(const struct snd_kcontrol *kctl, 370 const struct snd_ctl_elem_id *id) 371 { 372 return kctl->id.iface == id->iface && 373 kctl->id.device == id->device && 374 kctl->id.subdevice == id->subdevice && 375 !strncmp(kctl->id.name, id->name, sizeof(kctl->id.name)) && 376 kctl->id.index <= id->index && 377 kctl->id.index + kctl->count > id->index; 378 } 379 380 #ifdef CONFIG_SND_CTL_FAST_LOOKUP 381 /* Compute a hash key for the corresponding ctl id 382 * It's for the name lookup, hence the numid is excluded. 383 * The hash key is bound in LONG_MAX to be used for Xarray key. 384 */ 385 #define MULTIPLIER 37 386 static unsigned long get_ctl_id_hash(const struct snd_ctl_elem_id *id) 387 { 388 int i; 389 unsigned long h; 390 391 h = id->iface; 392 h = MULTIPLIER * h + id->device; 393 h = MULTIPLIER * h + id->subdevice; 394 for (i = 0; i < SNDRV_CTL_ELEM_ID_NAME_MAXLEN && id->name[i]; i++) 395 h = MULTIPLIER * h + id->name[i]; 396 h = MULTIPLIER * h + id->index; 397 h &= LONG_MAX; 398 return h; 399 } 400 401 /* add hash entries to numid and ctl xarray tables */ 402 static void add_hash_entries(struct snd_card *card, 403 struct snd_kcontrol *kcontrol) 404 { 405 struct snd_ctl_elem_id id = kcontrol->id; 406 int i; 407 408 xa_store_range(&card->ctl_numids, kcontrol->id.numid, 409 kcontrol->id.numid + kcontrol->count - 1, 410 kcontrol, GFP_KERNEL); 411 412 for (i = 0; i < kcontrol->count; i++) { 413 id.index = kcontrol->id.index + i; 414 if (xa_insert(&card->ctl_hash, get_ctl_id_hash(&id), 415 kcontrol, GFP_KERNEL)) { 416 /* skip hash for this entry, noting we had collision */ 417 card->ctl_hash_collision = true; 418 dev_dbg(card->dev, "ctl_hash collision %d:%s:%d\n", 419 id.iface, id.name, id.index); 420 } 421 } 422 } 423 424 /* remove hash entries that have been added */ 425 static void remove_hash_entries(struct snd_card *card, 426 struct snd_kcontrol *kcontrol) 427 { 428 struct snd_ctl_elem_id id = kcontrol->id; 429 struct snd_kcontrol *matched; 430 unsigned long h; 431 int i; 432 433 for (i = 0; i < kcontrol->count; i++) { 434 xa_erase(&card->ctl_numids, id.numid); 435 h = get_ctl_id_hash(&id); 436 matched = xa_load(&card->ctl_hash, h); 437 if (matched && (matched == kcontrol || 438 elem_id_matches(matched, &id))) 439 xa_erase(&card->ctl_hash, h); 440 id.index++; 441 id.numid++; 442 } 443 } 444 #else /* CONFIG_SND_CTL_FAST_LOOKUP */ 445 static inline void add_hash_entries(struct snd_card *card, 446 struct snd_kcontrol *kcontrol) 447 { 448 } 449 static inline void remove_hash_entries(struct snd_card *card, 450 struct snd_kcontrol *kcontrol) 451 { 452 } 453 #endif /* CONFIG_SND_CTL_FAST_LOOKUP */ 454 455 enum snd_ctl_add_mode { 456 CTL_ADD_EXCLUSIVE, CTL_REPLACE, CTL_ADD_ON_REPLACE, 457 }; 458 459 /* add/replace a new kcontrol object; call with card->controls_rwsem locked */ 460 static int __snd_ctl_add_replace(struct snd_card *card, 461 struct snd_kcontrol *kcontrol, 462 enum snd_ctl_add_mode mode) 463 { 464 struct snd_ctl_elem_id id; 465 unsigned int idx; 466 struct snd_kcontrol *old; 467 int err; 468 469 id = kcontrol->id; 470 if (id.index > UINT_MAX - kcontrol->count) 471 return -EINVAL; 472 473 old = snd_ctl_find_id(card, &id); 474 if (!old) { 475 if (mode == CTL_REPLACE) 476 return -EINVAL; 477 } else { 478 if (mode == CTL_ADD_EXCLUSIVE) { 479 dev_err(card->dev, 480 "control %i:%i:%i:%s:%i is already present\n", 481 id.iface, id.device, id.subdevice, id.name, 482 id.index); 483 return -EBUSY; 484 } 485 486 err = snd_ctl_remove(card, old); 487 if (err < 0) 488 return err; 489 } 490 491 if (snd_ctl_find_hole(card, kcontrol->count) < 0) 492 return -ENOMEM; 493 494 list_add_tail(&kcontrol->list, &card->controls); 495 card->controls_count += kcontrol->count; 496 kcontrol->id.numid = card->last_numid + 1; 497 card->last_numid += kcontrol->count; 498 499 add_hash_entries(card, kcontrol); 500 501 for (idx = 0; idx < kcontrol->count; idx++) 502 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_ADD, kcontrol, idx); 503 504 return 0; 505 } 506 507 static int snd_ctl_add_replace(struct snd_card *card, 508 struct snd_kcontrol *kcontrol, 509 enum snd_ctl_add_mode mode) 510 { 511 int err = -EINVAL; 512 513 if (! kcontrol) 514 return err; 515 if (snd_BUG_ON(!card || !kcontrol->info)) 516 goto error; 517 518 down_write(&card->controls_rwsem); 519 err = __snd_ctl_add_replace(card, kcontrol, mode); 520 up_write(&card->controls_rwsem); 521 if (err < 0) 522 goto error; 523 return 0; 524 525 error: 526 snd_ctl_free_one(kcontrol); 527 return err; 528 } 529 530 /** 531 * snd_ctl_add - add the control instance to the card 532 * @card: the card instance 533 * @kcontrol: the control instance to add 534 * 535 * Adds the control instance created via snd_ctl_new() or 536 * snd_ctl_new1() to the given card. Assigns also an unique 537 * numid used for fast search. 538 * 539 * It frees automatically the control which cannot be added. 540 * 541 * Return: Zero if successful, or a negative error code on failure. 542 * 543 */ 544 int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol) 545 { 546 return snd_ctl_add_replace(card, kcontrol, CTL_ADD_EXCLUSIVE); 547 } 548 EXPORT_SYMBOL(snd_ctl_add); 549 550 /** 551 * snd_ctl_replace - replace the control instance of the card 552 * @card: the card instance 553 * @kcontrol: the control instance to replace 554 * @add_on_replace: add the control if not already added 555 * 556 * Replaces the given control. If the given control does not exist 557 * and the add_on_replace flag is set, the control is added. If the 558 * control exists, it is destroyed first. 559 * 560 * It frees automatically the control which cannot be added or replaced. 561 * 562 * Return: Zero if successful, or a negative error code on failure. 563 */ 564 int snd_ctl_replace(struct snd_card *card, struct snd_kcontrol *kcontrol, 565 bool add_on_replace) 566 { 567 return snd_ctl_add_replace(card, kcontrol, 568 add_on_replace ? CTL_ADD_ON_REPLACE : CTL_REPLACE); 569 } 570 EXPORT_SYMBOL(snd_ctl_replace); 571 572 static int __snd_ctl_remove(struct snd_card *card, 573 struct snd_kcontrol *kcontrol, 574 bool remove_hash) 575 { 576 unsigned int idx; 577 578 if (snd_BUG_ON(!card || !kcontrol)) 579 return -EINVAL; 580 list_del(&kcontrol->list); 581 582 if (remove_hash) 583 remove_hash_entries(card, kcontrol); 584 585 card->controls_count -= kcontrol->count; 586 for (idx = 0; idx < kcontrol->count; idx++) 587 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_REMOVE, kcontrol, idx); 588 snd_ctl_free_one(kcontrol); 589 return 0; 590 } 591 592 /** 593 * snd_ctl_remove - remove the control from the card and release it 594 * @card: the card instance 595 * @kcontrol: the control instance to remove 596 * 597 * Removes the control from the card and then releases the instance. 598 * You don't need to call snd_ctl_free_one(). You must be in 599 * the write lock - down_write(&card->controls_rwsem). 600 * 601 * Return: 0 if successful, or a negative error code on failure. 602 */ 603 int snd_ctl_remove(struct snd_card *card, struct snd_kcontrol *kcontrol) 604 { 605 return __snd_ctl_remove(card, kcontrol, true); 606 } 607 EXPORT_SYMBOL(snd_ctl_remove); 608 609 /** 610 * snd_ctl_remove_id - remove the control of the given id and release it 611 * @card: the card instance 612 * @id: the control id to remove 613 * 614 * Finds the control instance with the given id, removes it from the 615 * card list and releases it. 616 * 617 * Return: 0 if successful, or a negative error code on failure. 618 */ 619 int snd_ctl_remove_id(struct snd_card *card, struct snd_ctl_elem_id *id) 620 { 621 struct snd_kcontrol *kctl; 622 int ret; 623 624 down_write(&card->controls_rwsem); 625 kctl = snd_ctl_find_id(card, id); 626 if (kctl == NULL) { 627 up_write(&card->controls_rwsem); 628 return -ENOENT; 629 } 630 ret = snd_ctl_remove(card, kctl); 631 up_write(&card->controls_rwsem); 632 return ret; 633 } 634 EXPORT_SYMBOL(snd_ctl_remove_id); 635 636 /** 637 * snd_ctl_remove_user_ctl - remove and release the unlocked user control 638 * @file: active control handle 639 * @id: the control id to remove 640 * 641 * Finds the control instance with the given id, removes it from the 642 * card list and releases it. 643 * 644 * Return: 0 if successful, or a negative error code on failure. 645 */ 646 static int snd_ctl_remove_user_ctl(struct snd_ctl_file * file, 647 struct snd_ctl_elem_id *id) 648 { 649 struct snd_card *card = file->card; 650 struct snd_kcontrol *kctl; 651 int idx, ret; 652 653 down_write(&card->controls_rwsem); 654 kctl = snd_ctl_find_id(card, id); 655 if (kctl == NULL) { 656 ret = -ENOENT; 657 goto error; 658 } 659 if (!(kctl->vd[0].access & SNDRV_CTL_ELEM_ACCESS_USER)) { 660 ret = -EINVAL; 661 goto error; 662 } 663 for (idx = 0; idx < kctl->count; idx++) 664 if (kctl->vd[idx].owner != NULL && kctl->vd[idx].owner != file) { 665 ret = -EBUSY; 666 goto error; 667 } 668 ret = snd_ctl_remove(card, kctl); 669 error: 670 up_write(&card->controls_rwsem); 671 return ret; 672 } 673 674 /** 675 * snd_ctl_activate_id - activate/inactivate the control of the given id 676 * @card: the card instance 677 * @id: the control id to activate/inactivate 678 * @active: non-zero to activate 679 * 680 * Finds the control instance with the given id, and activate or 681 * inactivate the control together with notification, if changed. 682 * The given ID data is filled with full information. 683 * 684 * Return: 0 if unchanged, 1 if changed, or a negative error code on failure. 685 */ 686 int snd_ctl_activate_id(struct snd_card *card, struct snd_ctl_elem_id *id, 687 int active) 688 { 689 struct snd_kcontrol *kctl; 690 struct snd_kcontrol_volatile *vd; 691 unsigned int index_offset; 692 int ret; 693 694 down_write(&card->controls_rwsem); 695 kctl = snd_ctl_find_id(card, id); 696 if (kctl == NULL) { 697 ret = -ENOENT; 698 goto unlock; 699 } 700 index_offset = snd_ctl_get_ioff(kctl, id); 701 vd = &kctl->vd[index_offset]; 702 ret = 0; 703 if (active) { 704 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE)) 705 goto unlock; 706 vd->access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE; 707 } else { 708 if (vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE) 709 goto unlock; 710 vd->access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE; 711 } 712 snd_ctl_build_ioff(id, kctl, index_offset); 713 downgrade_write(&card->controls_rwsem); 714 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_INFO, kctl, index_offset); 715 up_read(&card->controls_rwsem); 716 return 1; 717 718 unlock: 719 up_write(&card->controls_rwsem); 720 return ret; 721 } 722 EXPORT_SYMBOL_GPL(snd_ctl_activate_id); 723 724 /** 725 * snd_ctl_rename_id - replace the id of a control on the card 726 * @card: the card instance 727 * @src_id: the old id 728 * @dst_id: the new id 729 * 730 * Finds the control with the old id from the card, and replaces the 731 * id with the new one. 732 * 733 * The function tries to keep the already assigned numid while replacing 734 * the rest. 735 * 736 * Note that this function should be used only in the card initialization 737 * phase. Calling after the card instantiation may cause issues with 738 * user-space expecting persistent numids. 739 * 740 * Return: Zero if successful, or a negative error code on failure. 741 */ 742 int snd_ctl_rename_id(struct snd_card *card, struct snd_ctl_elem_id *src_id, 743 struct snd_ctl_elem_id *dst_id) 744 { 745 struct snd_kcontrol *kctl; 746 int saved_numid; 747 748 down_write(&card->controls_rwsem); 749 kctl = snd_ctl_find_id(card, src_id); 750 if (kctl == NULL) { 751 up_write(&card->controls_rwsem); 752 return -ENOENT; 753 } 754 saved_numid = kctl->id.numid; 755 remove_hash_entries(card, kctl); 756 kctl->id = *dst_id; 757 kctl->id.numid = saved_numid; 758 add_hash_entries(card, kctl); 759 up_write(&card->controls_rwsem); 760 return 0; 761 } 762 EXPORT_SYMBOL(snd_ctl_rename_id); 763 764 /** 765 * snd_ctl_rename - rename the control on the card 766 * @card: the card instance 767 * @kctl: the control to rename 768 * @name: the new name 769 * 770 * Renames the specified control on the card to the new name. 771 * 772 * Note that this function takes card->controls_rwsem lock internally. 773 */ 774 void snd_ctl_rename(struct snd_card *card, struct snd_kcontrol *kctl, 775 const char *name) 776 { 777 down_write(&card->controls_rwsem); 778 remove_hash_entries(card, kctl); 779 780 if (strscpy(kctl->id.name, name, sizeof(kctl->id.name)) < 0) 781 pr_warn("ALSA: Renamed control new name '%s' truncated to '%s'\n", 782 name, kctl->id.name); 783 784 add_hash_entries(card, kctl); 785 up_write(&card->controls_rwsem); 786 } 787 EXPORT_SYMBOL(snd_ctl_rename); 788 789 #ifndef CONFIG_SND_CTL_FAST_LOOKUP 790 static struct snd_kcontrol * 791 snd_ctl_find_numid_slow(struct snd_card *card, unsigned int numid) 792 { 793 struct snd_kcontrol *kctl; 794 795 list_for_each_entry(kctl, &card->controls, list) { 796 if (kctl->id.numid <= numid && kctl->id.numid + kctl->count > numid) 797 return kctl; 798 } 799 return NULL; 800 } 801 #endif /* !CONFIG_SND_CTL_FAST_LOOKUP */ 802 803 /** 804 * snd_ctl_find_numid - find the control instance with the given number-id 805 * @card: the card instance 806 * @numid: the number-id to search 807 * 808 * Finds the control instance with the given number-id from the card. 809 * 810 * The caller must down card->controls_rwsem before calling this function 811 * (if the race condition can happen). 812 * 813 * Return: The pointer of the instance if found, or %NULL if not. 814 * 815 */ 816 struct snd_kcontrol *snd_ctl_find_numid(struct snd_card *card, unsigned int numid) 817 { 818 if (snd_BUG_ON(!card || !numid)) 819 return NULL; 820 #ifdef CONFIG_SND_CTL_FAST_LOOKUP 821 return xa_load(&card->ctl_numids, numid); 822 #else 823 return snd_ctl_find_numid_slow(card, numid); 824 #endif 825 } 826 EXPORT_SYMBOL(snd_ctl_find_numid); 827 828 /** 829 * snd_ctl_find_id - find the control instance with the given id 830 * @card: the card instance 831 * @id: the id to search 832 * 833 * Finds the control instance with the given id from the card. 834 * 835 * The caller must down card->controls_rwsem before calling this function 836 * (if the race condition can happen). 837 * 838 * Return: The pointer of the instance if found, or %NULL if not. 839 * 840 */ 841 struct snd_kcontrol *snd_ctl_find_id(struct snd_card *card, 842 struct snd_ctl_elem_id *id) 843 { 844 struct snd_kcontrol *kctl; 845 846 if (snd_BUG_ON(!card || !id)) 847 return NULL; 848 if (id->numid != 0) 849 return snd_ctl_find_numid(card, id->numid); 850 #ifdef CONFIG_SND_CTL_FAST_LOOKUP 851 kctl = xa_load(&card->ctl_hash, get_ctl_id_hash(id)); 852 if (kctl && elem_id_matches(kctl, id)) 853 return kctl; 854 if (!card->ctl_hash_collision) 855 return NULL; /* we can rely on only hash table */ 856 #endif 857 /* no matching in hash table - try all as the last resort */ 858 list_for_each_entry(kctl, &card->controls, list) 859 if (elem_id_matches(kctl, id)) 860 return kctl; 861 862 return NULL; 863 } 864 EXPORT_SYMBOL(snd_ctl_find_id); 865 866 static int snd_ctl_card_info(struct snd_card *card, struct snd_ctl_file * ctl, 867 unsigned int cmd, void __user *arg) 868 { 869 struct snd_ctl_card_info *info; 870 871 info = kzalloc(sizeof(*info), GFP_KERNEL); 872 if (! info) 873 return -ENOMEM; 874 down_read(&snd_ioctl_rwsem); 875 info->card = card->number; 876 strscpy(info->id, card->id, sizeof(info->id)); 877 strscpy(info->driver, card->driver, sizeof(info->driver)); 878 strscpy(info->name, card->shortname, sizeof(info->name)); 879 strscpy(info->longname, card->longname, sizeof(info->longname)); 880 strscpy(info->mixername, card->mixername, sizeof(info->mixername)); 881 strscpy(info->components, card->components, sizeof(info->components)); 882 up_read(&snd_ioctl_rwsem); 883 if (copy_to_user(arg, info, sizeof(struct snd_ctl_card_info))) { 884 kfree(info); 885 return -EFAULT; 886 } 887 kfree(info); 888 return 0; 889 } 890 891 static int snd_ctl_elem_list(struct snd_card *card, 892 struct snd_ctl_elem_list *list) 893 { 894 struct snd_kcontrol *kctl; 895 struct snd_ctl_elem_id id; 896 unsigned int offset, space, jidx; 897 int err = 0; 898 899 offset = list->offset; 900 space = list->space; 901 902 down_read(&card->controls_rwsem); 903 list->count = card->controls_count; 904 list->used = 0; 905 if (space > 0) { 906 list_for_each_entry(kctl, &card->controls, list) { 907 if (offset >= kctl->count) { 908 offset -= kctl->count; 909 continue; 910 } 911 for (jidx = offset; jidx < kctl->count; jidx++) { 912 snd_ctl_build_ioff(&id, kctl, jidx); 913 if (copy_to_user(list->pids + list->used, &id, 914 sizeof(id))) { 915 err = -EFAULT; 916 goto out; 917 } 918 list->used++; 919 if (!--space) 920 goto out; 921 } 922 offset = 0; 923 } 924 } 925 out: 926 up_read(&card->controls_rwsem); 927 return err; 928 } 929 930 static int snd_ctl_elem_list_user(struct snd_card *card, 931 struct snd_ctl_elem_list __user *_list) 932 { 933 struct snd_ctl_elem_list list; 934 int err; 935 936 if (copy_from_user(&list, _list, sizeof(list))) 937 return -EFAULT; 938 err = snd_ctl_elem_list(card, &list); 939 if (err) 940 return err; 941 if (copy_to_user(_list, &list, sizeof(list))) 942 return -EFAULT; 943 944 return 0; 945 } 946 947 /* Check whether the given kctl info is valid */ 948 static int snd_ctl_check_elem_info(struct snd_card *card, 949 const struct snd_ctl_elem_info *info) 950 { 951 static const unsigned int max_value_counts[] = { 952 [SNDRV_CTL_ELEM_TYPE_BOOLEAN] = 128, 953 [SNDRV_CTL_ELEM_TYPE_INTEGER] = 128, 954 [SNDRV_CTL_ELEM_TYPE_ENUMERATED] = 128, 955 [SNDRV_CTL_ELEM_TYPE_BYTES] = 512, 956 [SNDRV_CTL_ELEM_TYPE_IEC958] = 1, 957 [SNDRV_CTL_ELEM_TYPE_INTEGER64] = 64, 958 }; 959 960 if (info->type < SNDRV_CTL_ELEM_TYPE_BOOLEAN || 961 info->type > SNDRV_CTL_ELEM_TYPE_INTEGER64) { 962 if (card) 963 dev_err(card->dev, 964 "control %i:%i:%i:%s:%i: invalid type %d\n", 965 info->id.iface, info->id.device, 966 info->id.subdevice, info->id.name, 967 info->id.index, info->type); 968 return -EINVAL; 969 } 970 if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED && 971 info->value.enumerated.items == 0) { 972 if (card) 973 dev_err(card->dev, 974 "control %i:%i:%i:%s:%i: zero enum items\n", 975 info->id.iface, info->id.device, 976 info->id.subdevice, info->id.name, 977 info->id.index); 978 return -EINVAL; 979 } 980 if (info->count > max_value_counts[info->type]) { 981 if (card) 982 dev_err(card->dev, 983 "control %i:%i:%i:%s:%i: invalid count %d\n", 984 info->id.iface, info->id.device, 985 info->id.subdevice, info->id.name, 986 info->id.index, info->count); 987 return -EINVAL; 988 } 989 990 return 0; 991 } 992 993 /* The capacity of struct snd_ctl_elem_value.value.*/ 994 static const unsigned int value_sizes[] = { 995 [SNDRV_CTL_ELEM_TYPE_BOOLEAN] = sizeof(long), 996 [SNDRV_CTL_ELEM_TYPE_INTEGER] = sizeof(long), 997 [SNDRV_CTL_ELEM_TYPE_ENUMERATED] = sizeof(unsigned int), 998 [SNDRV_CTL_ELEM_TYPE_BYTES] = sizeof(unsigned char), 999 [SNDRV_CTL_ELEM_TYPE_IEC958] = sizeof(struct snd_aes_iec958), 1000 [SNDRV_CTL_ELEM_TYPE_INTEGER64] = sizeof(long long), 1001 }; 1002 1003 /* fill the remaining snd_ctl_elem_value data with the given pattern */ 1004 static void fill_remaining_elem_value(struct snd_ctl_elem_value *control, 1005 struct snd_ctl_elem_info *info, 1006 u32 pattern) 1007 { 1008 size_t offset = value_sizes[info->type] * info->count; 1009 1010 offset = DIV_ROUND_UP(offset, sizeof(u32)); 1011 memset32((u32 *)control->value.bytes.data + offset, pattern, 1012 sizeof(control->value) / sizeof(u32) - offset); 1013 } 1014 1015 /* check whether the given integer ctl value is valid */ 1016 static int sanity_check_int_value(struct snd_card *card, 1017 const struct snd_ctl_elem_value *control, 1018 const struct snd_ctl_elem_info *info, 1019 int i, bool print_error) 1020 { 1021 long long lval, lmin, lmax, lstep; 1022 u64 rem; 1023 1024 switch (info->type) { 1025 default: 1026 case SNDRV_CTL_ELEM_TYPE_BOOLEAN: 1027 lval = control->value.integer.value[i]; 1028 lmin = 0; 1029 lmax = 1; 1030 lstep = 0; 1031 break; 1032 case SNDRV_CTL_ELEM_TYPE_INTEGER: 1033 lval = control->value.integer.value[i]; 1034 lmin = info->value.integer.min; 1035 lmax = info->value.integer.max; 1036 lstep = info->value.integer.step; 1037 break; 1038 case SNDRV_CTL_ELEM_TYPE_INTEGER64: 1039 lval = control->value.integer64.value[i]; 1040 lmin = info->value.integer64.min; 1041 lmax = info->value.integer64.max; 1042 lstep = info->value.integer64.step; 1043 break; 1044 case SNDRV_CTL_ELEM_TYPE_ENUMERATED: 1045 lval = control->value.enumerated.item[i]; 1046 lmin = 0; 1047 lmax = info->value.enumerated.items - 1; 1048 lstep = 0; 1049 break; 1050 } 1051 1052 if (lval < lmin || lval > lmax) { 1053 if (print_error) 1054 dev_err(card->dev, 1055 "control %i:%i:%i:%s:%i: value out of range %lld (%lld/%lld) at count %i\n", 1056 control->id.iface, control->id.device, 1057 control->id.subdevice, control->id.name, 1058 control->id.index, lval, lmin, lmax, i); 1059 return -EINVAL; 1060 } 1061 if (lstep) { 1062 div64_u64_rem(lval, lstep, &rem); 1063 if (rem) { 1064 if (print_error) 1065 dev_err(card->dev, 1066 "control %i:%i:%i:%s:%i: unaligned value %lld (step %lld) at count %i\n", 1067 control->id.iface, control->id.device, 1068 control->id.subdevice, control->id.name, 1069 control->id.index, lval, lstep, i); 1070 return -EINVAL; 1071 } 1072 } 1073 1074 return 0; 1075 } 1076 1077 /* check whether the all input values are valid for the given elem value */ 1078 static int sanity_check_input_values(struct snd_card *card, 1079 const struct snd_ctl_elem_value *control, 1080 const struct snd_ctl_elem_info *info, 1081 bool print_error) 1082 { 1083 int i, ret; 1084 1085 switch (info->type) { 1086 case SNDRV_CTL_ELEM_TYPE_BOOLEAN: 1087 case SNDRV_CTL_ELEM_TYPE_INTEGER: 1088 case SNDRV_CTL_ELEM_TYPE_INTEGER64: 1089 case SNDRV_CTL_ELEM_TYPE_ENUMERATED: 1090 for (i = 0; i < info->count; i++) { 1091 ret = sanity_check_int_value(card, control, info, i, 1092 print_error); 1093 if (ret < 0) 1094 return ret; 1095 } 1096 break; 1097 default: 1098 break; 1099 } 1100 1101 return 0; 1102 } 1103 1104 /* perform sanity checks to the given snd_ctl_elem_value object */ 1105 static int sanity_check_elem_value(struct snd_card *card, 1106 const struct snd_ctl_elem_value *control, 1107 const struct snd_ctl_elem_info *info, 1108 u32 pattern) 1109 { 1110 size_t offset; 1111 int ret; 1112 u32 *p; 1113 1114 ret = sanity_check_input_values(card, control, info, true); 1115 if (ret < 0) 1116 return ret; 1117 1118 /* check whether the remaining area kept untouched */ 1119 offset = value_sizes[info->type] * info->count; 1120 offset = DIV_ROUND_UP(offset, sizeof(u32)); 1121 p = (u32 *)control->value.bytes.data + offset; 1122 for (; offset < sizeof(control->value) / sizeof(u32); offset++, p++) { 1123 if (*p != pattern) { 1124 ret = -EINVAL; 1125 break; 1126 } 1127 *p = 0; /* clear the checked area */ 1128 } 1129 1130 return ret; 1131 } 1132 1133 static int __snd_ctl_elem_info(struct snd_card *card, 1134 struct snd_kcontrol *kctl, 1135 struct snd_ctl_elem_info *info, 1136 struct snd_ctl_file *ctl) 1137 { 1138 struct snd_kcontrol_volatile *vd; 1139 unsigned int index_offset; 1140 int result; 1141 1142 #ifdef CONFIG_SND_DEBUG 1143 info->access = 0; 1144 #endif 1145 result = snd_power_ref_and_wait(card); 1146 if (!result) 1147 result = kctl->info(kctl, info); 1148 snd_power_unref(card); 1149 if (result >= 0) { 1150 snd_BUG_ON(info->access); 1151 index_offset = snd_ctl_get_ioff(kctl, &info->id); 1152 vd = &kctl->vd[index_offset]; 1153 snd_ctl_build_ioff(&info->id, kctl, index_offset); 1154 info->access = vd->access; 1155 if (vd->owner) { 1156 info->access |= SNDRV_CTL_ELEM_ACCESS_LOCK; 1157 if (vd->owner == ctl) 1158 info->access |= SNDRV_CTL_ELEM_ACCESS_OWNER; 1159 info->owner = pid_vnr(vd->owner->pid); 1160 } else { 1161 info->owner = -1; 1162 } 1163 if (!snd_ctl_skip_validation(info) && 1164 snd_ctl_check_elem_info(card, info) < 0) 1165 result = -EINVAL; 1166 } 1167 return result; 1168 } 1169 1170 static int snd_ctl_elem_info(struct snd_ctl_file *ctl, 1171 struct snd_ctl_elem_info *info) 1172 { 1173 struct snd_card *card = ctl->card; 1174 struct snd_kcontrol *kctl; 1175 int result; 1176 1177 down_read(&card->controls_rwsem); 1178 kctl = snd_ctl_find_id(card, &info->id); 1179 if (kctl == NULL) 1180 result = -ENOENT; 1181 else 1182 result = __snd_ctl_elem_info(card, kctl, info, ctl); 1183 up_read(&card->controls_rwsem); 1184 return result; 1185 } 1186 1187 static int snd_ctl_elem_info_user(struct snd_ctl_file *ctl, 1188 struct snd_ctl_elem_info __user *_info) 1189 { 1190 struct snd_ctl_elem_info info; 1191 int result; 1192 1193 if (copy_from_user(&info, _info, sizeof(info))) 1194 return -EFAULT; 1195 result = snd_ctl_elem_info(ctl, &info); 1196 if (result < 0) 1197 return result; 1198 /* drop internal access flags */ 1199 info.access &= ~(SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK| 1200 SNDRV_CTL_ELEM_ACCESS_LED_MASK); 1201 if (copy_to_user(_info, &info, sizeof(info))) 1202 return -EFAULT; 1203 return result; 1204 } 1205 1206 static int snd_ctl_elem_read(struct snd_card *card, 1207 struct snd_ctl_elem_value *control) 1208 { 1209 struct snd_kcontrol *kctl; 1210 struct snd_kcontrol_volatile *vd; 1211 unsigned int index_offset; 1212 struct snd_ctl_elem_info info; 1213 const u32 pattern = 0xdeadbeef; 1214 int ret; 1215 1216 down_read(&card->controls_rwsem); 1217 kctl = snd_ctl_find_id(card, &control->id); 1218 if (kctl == NULL) { 1219 ret = -ENOENT; 1220 goto unlock; 1221 } 1222 1223 index_offset = snd_ctl_get_ioff(kctl, &control->id); 1224 vd = &kctl->vd[index_offset]; 1225 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_READ) || kctl->get == NULL) { 1226 ret = -EPERM; 1227 goto unlock; 1228 } 1229 1230 snd_ctl_build_ioff(&control->id, kctl, index_offset); 1231 1232 #ifdef CONFIG_SND_CTL_DEBUG 1233 /* info is needed only for validation */ 1234 memset(&info, 0, sizeof(info)); 1235 info.id = control->id; 1236 ret = __snd_ctl_elem_info(card, kctl, &info, NULL); 1237 if (ret < 0) 1238 goto unlock; 1239 #endif 1240 1241 if (!snd_ctl_skip_validation(&info)) 1242 fill_remaining_elem_value(control, &info, pattern); 1243 ret = snd_power_ref_and_wait(card); 1244 if (!ret) 1245 ret = kctl->get(kctl, control); 1246 snd_power_unref(card); 1247 if (ret < 0) 1248 goto unlock; 1249 if (!snd_ctl_skip_validation(&info) && 1250 sanity_check_elem_value(card, control, &info, pattern) < 0) { 1251 dev_err(card->dev, 1252 "control %i:%i:%i:%s:%i: access overflow\n", 1253 control->id.iface, control->id.device, 1254 control->id.subdevice, control->id.name, 1255 control->id.index); 1256 ret = -EINVAL; 1257 goto unlock; 1258 } 1259 unlock: 1260 up_read(&card->controls_rwsem); 1261 return ret; 1262 } 1263 1264 static int snd_ctl_elem_read_user(struct snd_card *card, 1265 struct snd_ctl_elem_value __user *_control) 1266 { 1267 struct snd_ctl_elem_value *control; 1268 int result; 1269 1270 control = memdup_user(_control, sizeof(*control)); 1271 if (IS_ERR(control)) 1272 return PTR_ERR(control); 1273 1274 result = snd_ctl_elem_read(card, control); 1275 if (result < 0) 1276 goto error; 1277 1278 if (copy_to_user(_control, control, sizeof(*control))) 1279 result = -EFAULT; 1280 error: 1281 kfree(control); 1282 return result; 1283 } 1284 1285 static int snd_ctl_elem_write(struct snd_card *card, struct snd_ctl_file *file, 1286 struct snd_ctl_elem_value *control) 1287 { 1288 struct snd_kcontrol *kctl; 1289 struct snd_kcontrol_volatile *vd; 1290 unsigned int index_offset; 1291 int result; 1292 1293 down_write(&card->controls_rwsem); 1294 kctl = snd_ctl_find_id(card, &control->id); 1295 if (kctl == NULL) { 1296 up_write(&card->controls_rwsem); 1297 return -ENOENT; 1298 } 1299 1300 index_offset = snd_ctl_get_ioff(kctl, &control->id); 1301 vd = &kctl->vd[index_offset]; 1302 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_WRITE) || kctl->put == NULL || 1303 (file && vd->owner && vd->owner != file)) { 1304 up_write(&card->controls_rwsem); 1305 return -EPERM; 1306 } 1307 1308 snd_ctl_build_ioff(&control->id, kctl, index_offset); 1309 result = snd_power_ref_and_wait(card); 1310 /* validate input values */ 1311 if (IS_ENABLED(CONFIG_SND_CTL_INPUT_VALIDATION) && !result) { 1312 struct snd_ctl_elem_info info; 1313 1314 memset(&info, 0, sizeof(info)); 1315 info.id = control->id; 1316 result = __snd_ctl_elem_info(card, kctl, &info, NULL); 1317 if (!result) 1318 result = sanity_check_input_values(card, control, &info, 1319 false); 1320 } 1321 if (!result) 1322 result = kctl->put(kctl, control); 1323 snd_power_unref(card); 1324 if (result < 0) { 1325 up_write(&card->controls_rwsem); 1326 return result; 1327 } 1328 1329 if (result > 0) { 1330 downgrade_write(&card->controls_rwsem); 1331 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_VALUE, kctl, index_offset); 1332 up_read(&card->controls_rwsem); 1333 } else { 1334 up_write(&card->controls_rwsem); 1335 } 1336 1337 return 0; 1338 } 1339 1340 static int snd_ctl_elem_write_user(struct snd_ctl_file *file, 1341 struct snd_ctl_elem_value __user *_control) 1342 { 1343 struct snd_ctl_elem_value *control; 1344 struct snd_card *card; 1345 int result; 1346 1347 control = memdup_user(_control, sizeof(*control)); 1348 if (IS_ERR(control)) 1349 return PTR_ERR(control); 1350 1351 card = file->card; 1352 result = snd_ctl_elem_write(card, file, control); 1353 if (result < 0) 1354 goto error; 1355 1356 if (copy_to_user(_control, control, sizeof(*control))) 1357 result = -EFAULT; 1358 error: 1359 kfree(control); 1360 return result; 1361 } 1362 1363 static int snd_ctl_elem_lock(struct snd_ctl_file *file, 1364 struct snd_ctl_elem_id __user *_id) 1365 { 1366 struct snd_card *card = file->card; 1367 struct snd_ctl_elem_id id; 1368 struct snd_kcontrol *kctl; 1369 struct snd_kcontrol_volatile *vd; 1370 int result; 1371 1372 if (copy_from_user(&id, _id, sizeof(id))) 1373 return -EFAULT; 1374 down_write(&card->controls_rwsem); 1375 kctl = snd_ctl_find_id(card, &id); 1376 if (kctl == NULL) { 1377 result = -ENOENT; 1378 } else { 1379 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)]; 1380 if (vd->owner != NULL) 1381 result = -EBUSY; 1382 else { 1383 vd->owner = file; 1384 result = 0; 1385 } 1386 } 1387 up_write(&card->controls_rwsem); 1388 return result; 1389 } 1390 1391 static int snd_ctl_elem_unlock(struct snd_ctl_file *file, 1392 struct snd_ctl_elem_id __user *_id) 1393 { 1394 struct snd_card *card = file->card; 1395 struct snd_ctl_elem_id id; 1396 struct snd_kcontrol *kctl; 1397 struct snd_kcontrol_volatile *vd; 1398 int result; 1399 1400 if (copy_from_user(&id, _id, sizeof(id))) 1401 return -EFAULT; 1402 down_write(&card->controls_rwsem); 1403 kctl = snd_ctl_find_id(card, &id); 1404 if (kctl == NULL) { 1405 result = -ENOENT; 1406 } else { 1407 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)]; 1408 if (vd->owner == NULL) 1409 result = -EINVAL; 1410 else if (vd->owner != file) 1411 result = -EPERM; 1412 else { 1413 vd->owner = NULL; 1414 result = 0; 1415 } 1416 } 1417 up_write(&card->controls_rwsem); 1418 return result; 1419 } 1420 1421 struct user_element { 1422 struct snd_ctl_elem_info info; 1423 struct snd_card *card; 1424 char *elem_data; /* element data */ 1425 unsigned long elem_data_size; /* size of element data in bytes */ 1426 void *tlv_data; /* TLV data */ 1427 unsigned long tlv_data_size; /* TLV data size */ 1428 void *priv_data; /* private data (like strings for enumerated type) */ 1429 }; 1430 1431 // check whether the addition (in bytes) of user ctl element may overflow the limit. 1432 static bool check_user_elem_overflow(struct snd_card *card, ssize_t add) 1433 { 1434 return (ssize_t)card->user_ctl_alloc_size + add > max_user_ctl_alloc_size; 1435 } 1436 1437 static int snd_ctl_elem_user_info(struct snd_kcontrol *kcontrol, 1438 struct snd_ctl_elem_info *uinfo) 1439 { 1440 struct user_element *ue = kcontrol->private_data; 1441 unsigned int offset; 1442 1443 offset = snd_ctl_get_ioff(kcontrol, &uinfo->id); 1444 *uinfo = ue->info; 1445 snd_ctl_build_ioff(&uinfo->id, kcontrol, offset); 1446 1447 return 0; 1448 } 1449 1450 static int snd_ctl_elem_user_enum_info(struct snd_kcontrol *kcontrol, 1451 struct snd_ctl_elem_info *uinfo) 1452 { 1453 struct user_element *ue = kcontrol->private_data; 1454 const char *names; 1455 unsigned int item; 1456 unsigned int offset; 1457 1458 item = uinfo->value.enumerated.item; 1459 1460 offset = snd_ctl_get_ioff(kcontrol, &uinfo->id); 1461 *uinfo = ue->info; 1462 snd_ctl_build_ioff(&uinfo->id, kcontrol, offset); 1463 1464 item = min(item, uinfo->value.enumerated.items - 1); 1465 uinfo->value.enumerated.item = item; 1466 1467 names = ue->priv_data; 1468 for (; item > 0; --item) 1469 names += strlen(names) + 1; 1470 strcpy(uinfo->value.enumerated.name, names); 1471 1472 return 0; 1473 } 1474 1475 static int snd_ctl_elem_user_get(struct snd_kcontrol *kcontrol, 1476 struct snd_ctl_elem_value *ucontrol) 1477 { 1478 struct user_element *ue = kcontrol->private_data; 1479 unsigned int size = ue->elem_data_size; 1480 char *src = ue->elem_data + 1481 snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size; 1482 1483 memcpy(&ucontrol->value, src, size); 1484 return 0; 1485 } 1486 1487 static int snd_ctl_elem_user_put(struct snd_kcontrol *kcontrol, 1488 struct snd_ctl_elem_value *ucontrol) 1489 { 1490 int change; 1491 struct user_element *ue = kcontrol->private_data; 1492 unsigned int size = ue->elem_data_size; 1493 char *dst = ue->elem_data + 1494 snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size; 1495 1496 change = memcmp(&ucontrol->value, dst, size) != 0; 1497 if (change) 1498 memcpy(dst, &ucontrol->value, size); 1499 return change; 1500 } 1501 1502 /* called in controls_rwsem write lock */ 1503 static int replace_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf, 1504 unsigned int size) 1505 { 1506 struct user_element *ue = kctl->private_data; 1507 unsigned int *container; 1508 unsigned int mask = 0; 1509 int i; 1510 int change; 1511 1512 if (size > 1024 * 128) /* sane value */ 1513 return -EINVAL; 1514 1515 // does the TLV size change cause overflow? 1516 if (check_user_elem_overflow(ue->card, (ssize_t)(size - ue->tlv_data_size))) 1517 return -ENOMEM; 1518 1519 container = vmemdup_user(buf, size); 1520 if (IS_ERR(container)) 1521 return PTR_ERR(container); 1522 1523 change = ue->tlv_data_size != size; 1524 if (!change) 1525 change = memcmp(ue->tlv_data, container, size) != 0; 1526 if (!change) { 1527 kvfree(container); 1528 return 0; 1529 } 1530 1531 if (ue->tlv_data == NULL) { 1532 /* Now TLV data is available. */ 1533 for (i = 0; i < kctl->count; ++i) 1534 kctl->vd[i].access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ; 1535 mask = SNDRV_CTL_EVENT_MASK_INFO; 1536 } else { 1537 ue->card->user_ctl_alloc_size -= ue->tlv_data_size; 1538 ue->tlv_data_size = 0; 1539 kvfree(ue->tlv_data); 1540 } 1541 1542 ue->tlv_data = container; 1543 ue->tlv_data_size = size; 1544 // decremented at private_free. 1545 ue->card->user_ctl_alloc_size += size; 1546 1547 mask |= SNDRV_CTL_EVENT_MASK_TLV; 1548 for (i = 0; i < kctl->count; ++i) 1549 snd_ctl_notify_one(ue->card, mask, kctl, i); 1550 1551 return change; 1552 } 1553 1554 static int read_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf, 1555 unsigned int size) 1556 { 1557 struct user_element *ue = kctl->private_data; 1558 1559 if (ue->tlv_data_size == 0 || ue->tlv_data == NULL) 1560 return -ENXIO; 1561 1562 if (size < ue->tlv_data_size) 1563 return -ENOSPC; 1564 1565 if (copy_to_user(buf, ue->tlv_data, ue->tlv_data_size)) 1566 return -EFAULT; 1567 1568 return 0; 1569 } 1570 1571 static int snd_ctl_elem_user_tlv(struct snd_kcontrol *kctl, int op_flag, 1572 unsigned int size, unsigned int __user *buf) 1573 { 1574 if (op_flag == SNDRV_CTL_TLV_OP_WRITE) 1575 return replace_user_tlv(kctl, buf, size); 1576 else 1577 return read_user_tlv(kctl, buf, size); 1578 } 1579 1580 /* called in controls_rwsem write lock */ 1581 static int snd_ctl_elem_init_enum_names(struct user_element *ue) 1582 { 1583 char *names, *p; 1584 size_t buf_len, name_len; 1585 unsigned int i; 1586 const uintptr_t user_ptrval = ue->info.value.enumerated.names_ptr; 1587 1588 buf_len = ue->info.value.enumerated.names_length; 1589 if (buf_len > 64 * 1024) 1590 return -EINVAL; 1591 1592 if (check_user_elem_overflow(ue->card, buf_len)) 1593 return -ENOMEM; 1594 names = vmemdup_user((const void __user *)user_ptrval, buf_len); 1595 if (IS_ERR(names)) 1596 return PTR_ERR(names); 1597 1598 /* check that there are enough valid names */ 1599 p = names; 1600 for (i = 0; i < ue->info.value.enumerated.items; ++i) { 1601 name_len = strnlen(p, buf_len); 1602 if (name_len == 0 || name_len >= 64 || name_len == buf_len) { 1603 kvfree(names); 1604 return -EINVAL; 1605 } 1606 p += name_len + 1; 1607 buf_len -= name_len + 1; 1608 } 1609 1610 ue->priv_data = names; 1611 ue->info.value.enumerated.names_ptr = 0; 1612 // increment the allocation size; decremented again at private_free. 1613 ue->card->user_ctl_alloc_size += ue->info.value.enumerated.names_length; 1614 1615 return 0; 1616 } 1617 1618 static size_t compute_user_elem_size(size_t size, unsigned int count) 1619 { 1620 return sizeof(struct user_element) + size * count; 1621 } 1622 1623 static void snd_ctl_elem_user_free(struct snd_kcontrol *kcontrol) 1624 { 1625 struct user_element *ue = kcontrol->private_data; 1626 1627 // decrement the allocation size. 1628 ue->card->user_ctl_alloc_size -= compute_user_elem_size(ue->elem_data_size, kcontrol->count); 1629 ue->card->user_ctl_alloc_size -= ue->tlv_data_size; 1630 if (ue->priv_data) 1631 ue->card->user_ctl_alloc_size -= ue->info.value.enumerated.names_length; 1632 1633 kvfree(ue->tlv_data); 1634 kvfree(ue->priv_data); 1635 kfree(ue); 1636 } 1637 1638 static int snd_ctl_elem_add(struct snd_ctl_file *file, 1639 struct snd_ctl_elem_info *info, int replace) 1640 { 1641 struct snd_card *card = file->card; 1642 struct snd_kcontrol *kctl; 1643 unsigned int count; 1644 unsigned int access; 1645 long private_size; 1646 size_t alloc_size; 1647 struct user_element *ue; 1648 unsigned int offset; 1649 int err; 1650 1651 if (!*info->id.name) 1652 return -EINVAL; 1653 if (strnlen(info->id.name, sizeof(info->id.name)) >= sizeof(info->id.name)) 1654 return -EINVAL; 1655 1656 /* Delete a control to replace them if needed. */ 1657 if (replace) { 1658 info->id.numid = 0; 1659 err = snd_ctl_remove_user_ctl(file, &info->id); 1660 if (err) 1661 return err; 1662 } 1663 1664 /* Check the number of elements for this userspace control. */ 1665 count = info->owner; 1666 if (count == 0) 1667 count = 1; 1668 1669 /* Arrange access permissions if needed. */ 1670 access = info->access; 1671 if (access == 0) 1672 access = SNDRV_CTL_ELEM_ACCESS_READWRITE; 1673 access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE | 1674 SNDRV_CTL_ELEM_ACCESS_INACTIVE | 1675 SNDRV_CTL_ELEM_ACCESS_TLV_WRITE); 1676 1677 /* In initial state, nothing is available as TLV container. */ 1678 if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE) 1679 access |= SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK; 1680 access |= SNDRV_CTL_ELEM_ACCESS_USER; 1681 1682 /* 1683 * Check information and calculate the size of data specific to 1684 * this userspace control. 1685 */ 1686 /* pass NULL to card for suppressing error messages */ 1687 err = snd_ctl_check_elem_info(NULL, info); 1688 if (err < 0) 1689 return err; 1690 /* user-space control doesn't allow zero-size data */ 1691 if (info->count < 1) 1692 return -EINVAL; 1693 private_size = value_sizes[info->type] * info->count; 1694 alloc_size = compute_user_elem_size(private_size, count); 1695 1696 down_write(&card->controls_rwsem); 1697 if (check_user_elem_overflow(card, alloc_size)) { 1698 err = -ENOMEM; 1699 goto unlock; 1700 } 1701 1702 /* 1703 * Keep memory object for this userspace control. After passing this 1704 * code block, the instance should be freed by snd_ctl_free_one(). 1705 * 1706 * Note that these elements in this control are locked. 1707 */ 1708 err = snd_ctl_new(&kctl, count, access, file); 1709 if (err < 0) 1710 goto unlock; 1711 memcpy(&kctl->id, &info->id, sizeof(kctl->id)); 1712 ue = kzalloc(alloc_size, GFP_KERNEL); 1713 if (!ue) { 1714 kfree(kctl); 1715 err = -ENOMEM; 1716 goto unlock; 1717 } 1718 kctl->private_data = ue; 1719 kctl->private_free = snd_ctl_elem_user_free; 1720 1721 // increment the allocated size; decremented again at private_free. 1722 card->user_ctl_alloc_size += alloc_size; 1723 1724 /* Set private data for this userspace control. */ 1725 ue->card = card; 1726 ue->info = *info; 1727 ue->info.access = 0; 1728 ue->elem_data = (char *)ue + sizeof(*ue); 1729 ue->elem_data_size = private_size; 1730 if (ue->info.type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) { 1731 err = snd_ctl_elem_init_enum_names(ue); 1732 if (err < 0) { 1733 snd_ctl_free_one(kctl); 1734 goto unlock; 1735 } 1736 } 1737 1738 /* Set callback functions. */ 1739 if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) 1740 kctl->info = snd_ctl_elem_user_enum_info; 1741 else 1742 kctl->info = snd_ctl_elem_user_info; 1743 if (access & SNDRV_CTL_ELEM_ACCESS_READ) 1744 kctl->get = snd_ctl_elem_user_get; 1745 if (access & SNDRV_CTL_ELEM_ACCESS_WRITE) 1746 kctl->put = snd_ctl_elem_user_put; 1747 if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE) 1748 kctl->tlv.c = snd_ctl_elem_user_tlv; 1749 1750 /* This function manage to free the instance on failure. */ 1751 err = __snd_ctl_add_replace(card, kctl, CTL_ADD_EXCLUSIVE); 1752 if (err < 0) { 1753 snd_ctl_free_one(kctl); 1754 goto unlock; 1755 } 1756 offset = snd_ctl_get_ioff(kctl, &info->id); 1757 snd_ctl_build_ioff(&info->id, kctl, offset); 1758 /* 1759 * Here we cannot fill any field for the number of elements added by 1760 * this operation because there're no specific fields. The usage of 1761 * 'owner' field for this purpose may cause any bugs to userspace 1762 * applications because the field originally means PID of a process 1763 * which locks the element. 1764 */ 1765 unlock: 1766 up_write(&card->controls_rwsem); 1767 return err; 1768 } 1769 1770 static int snd_ctl_elem_add_user(struct snd_ctl_file *file, 1771 struct snd_ctl_elem_info __user *_info, int replace) 1772 { 1773 struct snd_ctl_elem_info info; 1774 int err; 1775 1776 if (copy_from_user(&info, _info, sizeof(info))) 1777 return -EFAULT; 1778 err = snd_ctl_elem_add(file, &info, replace); 1779 if (err < 0) 1780 return err; 1781 if (copy_to_user(_info, &info, sizeof(info))) { 1782 snd_ctl_remove_user_ctl(file, &info.id); 1783 return -EFAULT; 1784 } 1785 1786 return 0; 1787 } 1788 1789 static int snd_ctl_elem_remove(struct snd_ctl_file *file, 1790 struct snd_ctl_elem_id __user *_id) 1791 { 1792 struct snd_ctl_elem_id id; 1793 1794 if (copy_from_user(&id, _id, sizeof(id))) 1795 return -EFAULT; 1796 return snd_ctl_remove_user_ctl(file, &id); 1797 } 1798 1799 static int snd_ctl_subscribe_events(struct snd_ctl_file *file, int __user *ptr) 1800 { 1801 int subscribe; 1802 if (get_user(subscribe, ptr)) 1803 return -EFAULT; 1804 if (subscribe < 0) { 1805 subscribe = file->subscribed; 1806 if (put_user(subscribe, ptr)) 1807 return -EFAULT; 1808 return 0; 1809 } 1810 if (subscribe) { 1811 file->subscribed = 1; 1812 return 0; 1813 } else if (file->subscribed) { 1814 snd_ctl_empty_read_queue(file); 1815 file->subscribed = 0; 1816 } 1817 return 0; 1818 } 1819 1820 static int call_tlv_handler(struct snd_ctl_file *file, int op_flag, 1821 struct snd_kcontrol *kctl, 1822 struct snd_ctl_elem_id *id, 1823 unsigned int __user *buf, unsigned int size) 1824 { 1825 static const struct { 1826 int op; 1827 int perm; 1828 } pairs[] = { 1829 {SNDRV_CTL_TLV_OP_READ, SNDRV_CTL_ELEM_ACCESS_TLV_READ}, 1830 {SNDRV_CTL_TLV_OP_WRITE, SNDRV_CTL_ELEM_ACCESS_TLV_WRITE}, 1831 {SNDRV_CTL_TLV_OP_CMD, SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND}, 1832 }; 1833 struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)]; 1834 int i, ret; 1835 1836 /* Check support of the request for this element. */ 1837 for (i = 0; i < ARRAY_SIZE(pairs); ++i) { 1838 if (op_flag == pairs[i].op && (vd->access & pairs[i].perm)) 1839 break; 1840 } 1841 if (i == ARRAY_SIZE(pairs)) 1842 return -ENXIO; 1843 1844 if (kctl->tlv.c == NULL) 1845 return -ENXIO; 1846 1847 /* Write and command operations are not allowed for locked element. */ 1848 if (op_flag != SNDRV_CTL_TLV_OP_READ && 1849 vd->owner != NULL && vd->owner != file) 1850 return -EPERM; 1851 1852 ret = snd_power_ref_and_wait(file->card); 1853 if (!ret) 1854 ret = kctl->tlv.c(kctl, op_flag, size, buf); 1855 snd_power_unref(file->card); 1856 return ret; 1857 } 1858 1859 static int read_tlv_buf(struct snd_kcontrol *kctl, struct snd_ctl_elem_id *id, 1860 unsigned int __user *buf, unsigned int size) 1861 { 1862 struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)]; 1863 unsigned int len; 1864 1865 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_READ)) 1866 return -ENXIO; 1867 1868 if (kctl->tlv.p == NULL) 1869 return -ENXIO; 1870 1871 len = sizeof(unsigned int) * 2 + kctl->tlv.p[1]; 1872 if (size < len) 1873 return -ENOMEM; 1874 1875 if (copy_to_user(buf, kctl->tlv.p, len)) 1876 return -EFAULT; 1877 1878 return 0; 1879 } 1880 1881 static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file, 1882 struct snd_ctl_tlv __user *buf, 1883 int op_flag) 1884 { 1885 struct snd_ctl_tlv header; 1886 unsigned int __user *container; 1887 unsigned int container_size; 1888 struct snd_kcontrol *kctl; 1889 struct snd_ctl_elem_id id; 1890 struct snd_kcontrol_volatile *vd; 1891 1892 if (copy_from_user(&header, buf, sizeof(header))) 1893 return -EFAULT; 1894 1895 /* In design of control core, numerical ID starts at 1. */ 1896 if (header.numid == 0) 1897 return -EINVAL; 1898 1899 /* At least, container should include type and length fields. */ 1900 if (header.length < sizeof(unsigned int) * 2) 1901 return -EINVAL; 1902 container_size = header.length; 1903 container = buf->tlv; 1904 1905 kctl = snd_ctl_find_numid(file->card, header.numid); 1906 if (kctl == NULL) 1907 return -ENOENT; 1908 1909 /* Calculate index of the element in this set. */ 1910 id = kctl->id; 1911 snd_ctl_build_ioff(&id, kctl, header.numid - id.numid); 1912 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)]; 1913 1914 if (vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK) { 1915 return call_tlv_handler(file, op_flag, kctl, &id, container, 1916 container_size); 1917 } else { 1918 if (op_flag == SNDRV_CTL_TLV_OP_READ) { 1919 return read_tlv_buf(kctl, &id, container, 1920 container_size); 1921 } 1922 } 1923 1924 /* Not supported. */ 1925 return -ENXIO; 1926 } 1927 1928 static long snd_ctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1929 { 1930 struct snd_ctl_file *ctl; 1931 struct snd_card *card; 1932 struct snd_kctl_ioctl *p; 1933 void __user *argp = (void __user *)arg; 1934 int __user *ip = argp; 1935 int err; 1936 1937 ctl = file->private_data; 1938 card = ctl->card; 1939 if (snd_BUG_ON(!card)) 1940 return -ENXIO; 1941 switch (cmd) { 1942 case SNDRV_CTL_IOCTL_PVERSION: 1943 return put_user(SNDRV_CTL_VERSION, ip) ? -EFAULT : 0; 1944 case SNDRV_CTL_IOCTL_CARD_INFO: 1945 return snd_ctl_card_info(card, ctl, cmd, argp); 1946 case SNDRV_CTL_IOCTL_ELEM_LIST: 1947 return snd_ctl_elem_list_user(card, argp); 1948 case SNDRV_CTL_IOCTL_ELEM_INFO: 1949 return snd_ctl_elem_info_user(ctl, argp); 1950 case SNDRV_CTL_IOCTL_ELEM_READ: 1951 return snd_ctl_elem_read_user(card, argp); 1952 case SNDRV_CTL_IOCTL_ELEM_WRITE: 1953 return snd_ctl_elem_write_user(ctl, argp); 1954 case SNDRV_CTL_IOCTL_ELEM_LOCK: 1955 return snd_ctl_elem_lock(ctl, argp); 1956 case SNDRV_CTL_IOCTL_ELEM_UNLOCK: 1957 return snd_ctl_elem_unlock(ctl, argp); 1958 case SNDRV_CTL_IOCTL_ELEM_ADD: 1959 return snd_ctl_elem_add_user(ctl, argp, 0); 1960 case SNDRV_CTL_IOCTL_ELEM_REPLACE: 1961 return snd_ctl_elem_add_user(ctl, argp, 1); 1962 case SNDRV_CTL_IOCTL_ELEM_REMOVE: 1963 return snd_ctl_elem_remove(ctl, argp); 1964 case SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS: 1965 return snd_ctl_subscribe_events(ctl, ip); 1966 case SNDRV_CTL_IOCTL_TLV_READ: 1967 down_read(&ctl->card->controls_rwsem); 1968 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_READ); 1969 up_read(&ctl->card->controls_rwsem); 1970 return err; 1971 case SNDRV_CTL_IOCTL_TLV_WRITE: 1972 down_write(&ctl->card->controls_rwsem); 1973 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_WRITE); 1974 up_write(&ctl->card->controls_rwsem); 1975 return err; 1976 case SNDRV_CTL_IOCTL_TLV_COMMAND: 1977 down_write(&ctl->card->controls_rwsem); 1978 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_CMD); 1979 up_write(&ctl->card->controls_rwsem); 1980 return err; 1981 case SNDRV_CTL_IOCTL_POWER: 1982 return -ENOPROTOOPT; 1983 case SNDRV_CTL_IOCTL_POWER_STATE: 1984 return put_user(SNDRV_CTL_POWER_D0, ip) ? -EFAULT : 0; 1985 } 1986 down_read(&snd_ioctl_rwsem); 1987 list_for_each_entry(p, &snd_control_ioctls, list) { 1988 err = p->fioctl(card, ctl, cmd, arg); 1989 if (err != -ENOIOCTLCMD) { 1990 up_read(&snd_ioctl_rwsem); 1991 return err; 1992 } 1993 } 1994 up_read(&snd_ioctl_rwsem); 1995 dev_dbg(card->dev, "unknown ioctl = 0x%x\n", cmd); 1996 return -ENOTTY; 1997 } 1998 1999 static ssize_t snd_ctl_read(struct file *file, char __user *buffer, 2000 size_t count, loff_t * offset) 2001 { 2002 struct snd_ctl_file *ctl; 2003 int err = 0; 2004 ssize_t result = 0; 2005 2006 ctl = file->private_data; 2007 if (snd_BUG_ON(!ctl || !ctl->card)) 2008 return -ENXIO; 2009 if (!ctl->subscribed) 2010 return -EBADFD; 2011 if (count < sizeof(struct snd_ctl_event)) 2012 return -EINVAL; 2013 spin_lock_irq(&ctl->read_lock); 2014 while (count >= sizeof(struct snd_ctl_event)) { 2015 struct snd_ctl_event ev; 2016 struct snd_kctl_event *kev; 2017 while (list_empty(&ctl->events)) { 2018 wait_queue_entry_t wait; 2019 if ((file->f_flags & O_NONBLOCK) != 0 || result > 0) { 2020 err = -EAGAIN; 2021 goto __end_lock; 2022 } 2023 init_waitqueue_entry(&wait, current); 2024 add_wait_queue(&ctl->change_sleep, &wait); 2025 set_current_state(TASK_INTERRUPTIBLE); 2026 spin_unlock_irq(&ctl->read_lock); 2027 schedule(); 2028 remove_wait_queue(&ctl->change_sleep, &wait); 2029 if (ctl->card->shutdown) 2030 return -ENODEV; 2031 if (signal_pending(current)) 2032 return -ERESTARTSYS; 2033 spin_lock_irq(&ctl->read_lock); 2034 } 2035 kev = snd_kctl_event(ctl->events.next); 2036 ev.type = SNDRV_CTL_EVENT_ELEM; 2037 ev.data.elem.mask = kev->mask; 2038 ev.data.elem.id = kev->id; 2039 list_del(&kev->list); 2040 spin_unlock_irq(&ctl->read_lock); 2041 kfree(kev); 2042 if (copy_to_user(buffer, &ev, sizeof(struct snd_ctl_event))) { 2043 err = -EFAULT; 2044 goto __end; 2045 } 2046 spin_lock_irq(&ctl->read_lock); 2047 buffer += sizeof(struct snd_ctl_event); 2048 count -= sizeof(struct snd_ctl_event); 2049 result += sizeof(struct snd_ctl_event); 2050 } 2051 __end_lock: 2052 spin_unlock_irq(&ctl->read_lock); 2053 __end: 2054 return result > 0 ? result : err; 2055 } 2056 2057 static __poll_t snd_ctl_poll(struct file *file, poll_table * wait) 2058 { 2059 __poll_t mask; 2060 struct snd_ctl_file *ctl; 2061 2062 ctl = file->private_data; 2063 if (!ctl->subscribed) 2064 return 0; 2065 poll_wait(file, &ctl->change_sleep, wait); 2066 2067 mask = 0; 2068 if (!list_empty(&ctl->events)) 2069 mask |= EPOLLIN | EPOLLRDNORM; 2070 2071 return mask; 2072 } 2073 2074 /* 2075 * register the device-specific control-ioctls. 2076 * called from each device manager like pcm.c, hwdep.c, etc. 2077 */ 2078 static int _snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn, struct list_head *lists) 2079 { 2080 struct snd_kctl_ioctl *pn; 2081 2082 pn = kzalloc(sizeof(struct snd_kctl_ioctl), GFP_KERNEL); 2083 if (pn == NULL) 2084 return -ENOMEM; 2085 pn->fioctl = fcn; 2086 down_write(&snd_ioctl_rwsem); 2087 list_add_tail(&pn->list, lists); 2088 up_write(&snd_ioctl_rwsem); 2089 return 0; 2090 } 2091 2092 /** 2093 * snd_ctl_register_ioctl - register the device-specific control-ioctls 2094 * @fcn: ioctl callback function 2095 * 2096 * called from each device manager like pcm.c, hwdep.c, etc. 2097 * 2098 * Return: zero if successful, or a negative error code 2099 */ 2100 int snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn) 2101 { 2102 return _snd_ctl_register_ioctl(fcn, &snd_control_ioctls); 2103 } 2104 EXPORT_SYMBOL(snd_ctl_register_ioctl); 2105 2106 #ifdef CONFIG_COMPAT 2107 /** 2108 * snd_ctl_register_ioctl_compat - register the device-specific 32bit compat 2109 * control-ioctls 2110 * @fcn: ioctl callback function 2111 * 2112 * Return: zero if successful, or a negative error code 2113 */ 2114 int snd_ctl_register_ioctl_compat(snd_kctl_ioctl_func_t fcn) 2115 { 2116 return _snd_ctl_register_ioctl(fcn, &snd_control_compat_ioctls); 2117 } 2118 EXPORT_SYMBOL(snd_ctl_register_ioctl_compat); 2119 #endif 2120 2121 /* 2122 * de-register the device-specific control-ioctls. 2123 */ 2124 static int _snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn, 2125 struct list_head *lists) 2126 { 2127 struct snd_kctl_ioctl *p; 2128 2129 if (snd_BUG_ON(!fcn)) 2130 return -EINVAL; 2131 down_write(&snd_ioctl_rwsem); 2132 list_for_each_entry(p, lists, list) { 2133 if (p->fioctl == fcn) { 2134 list_del(&p->list); 2135 up_write(&snd_ioctl_rwsem); 2136 kfree(p); 2137 return 0; 2138 } 2139 } 2140 up_write(&snd_ioctl_rwsem); 2141 snd_BUG(); 2142 return -EINVAL; 2143 } 2144 2145 /** 2146 * snd_ctl_unregister_ioctl - de-register the device-specific control-ioctls 2147 * @fcn: ioctl callback function to unregister 2148 * 2149 * Return: zero if successful, or a negative error code 2150 */ 2151 int snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn) 2152 { 2153 return _snd_ctl_unregister_ioctl(fcn, &snd_control_ioctls); 2154 } 2155 EXPORT_SYMBOL(snd_ctl_unregister_ioctl); 2156 2157 #ifdef CONFIG_COMPAT 2158 /** 2159 * snd_ctl_unregister_ioctl_compat - de-register the device-specific compat 2160 * 32bit control-ioctls 2161 * @fcn: ioctl callback function to unregister 2162 * 2163 * Return: zero if successful, or a negative error code 2164 */ 2165 int snd_ctl_unregister_ioctl_compat(snd_kctl_ioctl_func_t fcn) 2166 { 2167 return _snd_ctl_unregister_ioctl(fcn, &snd_control_compat_ioctls); 2168 } 2169 EXPORT_SYMBOL(snd_ctl_unregister_ioctl_compat); 2170 #endif 2171 2172 static int snd_ctl_fasync(int fd, struct file * file, int on) 2173 { 2174 struct snd_ctl_file *ctl; 2175 2176 ctl = file->private_data; 2177 return snd_fasync_helper(fd, file, on, &ctl->fasync); 2178 } 2179 2180 /* return the preferred subdevice number if already assigned; 2181 * otherwise return -1 2182 */ 2183 int snd_ctl_get_preferred_subdevice(struct snd_card *card, int type) 2184 { 2185 struct snd_ctl_file *kctl; 2186 int subdevice = -1; 2187 unsigned long flags; 2188 2189 read_lock_irqsave(&card->ctl_files_rwlock, flags); 2190 list_for_each_entry(kctl, &card->ctl_files, list) { 2191 if (kctl->pid == task_pid(current)) { 2192 subdevice = kctl->preferred_subdevice[type]; 2193 if (subdevice != -1) 2194 break; 2195 } 2196 } 2197 read_unlock_irqrestore(&card->ctl_files_rwlock, flags); 2198 return subdevice; 2199 } 2200 EXPORT_SYMBOL_GPL(snd_ctl_get_preferred_subdevice); 2201 2202 /* 2203 * ioctl32 compat 2204 */ 2205 #ifdef CONFIG_COMPAT 2206 #include "control_compat.c" 2207 #else 2208 #define snd_ctl_ioctl_compat NULL 2209 #endif 2210 2211 /* 2212 * control layers (audio LED etc.) 2213 */ 2214 2215 /** 2216 * snd_ctl_request_layer - request to use the layer 2217 * @module_name: Name of the kernel module (NULL == build-in) 2218 * 2219 * Return: zero if successful, or an error code when the module cannot be loaded 2220 */ 2221 int snd_ctl_request_layer(const char *module_name) 2222 { 2223 struct snd_ctl_layer_ops *lops; 2224 2225 if (module_name == NULL) 2226 return 0; 2227 down_read(&snd_ctl_layer_rwsem); 2228 for (lops = snd_ctl_layer; lops; lops = lops->next) 2229 if (strcmp(lops->module_name, module_name) == 0) 2230 break; 2231 up_read(&snd_ctl_layer_rwsem); 2232 if (lops) 2233 return 0; 2234 return request_module(module_name); 2235 } 2236 EXPORT_SYMBOL_GPL(snd_ctl_request_layer); 2237 2238 /** 2239 * snd_ctl_register_layer - register new control layer 2240 * @lops: operation structure 2241 * 2242 * The new layer can track all control elements and do additional 2243 * operations on top (like audio LED handling). 2244 */ 2245 void snd_ctl_register_layer(struct snd_ctl_layer_ops *lops) 2246 { 2247 struct snd_card *card; 2248 int card_number; 2249 2250 down_write(&snd_ctl_layer_rwsem); 2251 lops->next = snd_ctl_layer; 2252 snd_ctl_layer = lops; 2253 up_write(&snd_ctl_layer_rwsem); 2254 for (card_number = 0; card_number < SNDRV_CARDS; card_number++) { 2255 card = snd_card_ref(card_number); 2256 if (card) { 2257 down_read(&card->controls_rwsem); 2258 lops->lregister(card); 2259 up_read(&card->controls_rwsem); 2260 snd_card_unref(card); 2261 } 2262 } 2263 } 2264 EXPORT_SYMBOL_GPL(snd_ctl_register_layer); 2265 2266 /** 2267 * snd_ctl_disconnect_layer - disconnect control layer 2268 * @lops: operation structure 2269 * 2270 * It is expected that the information about tracked cards 2271 * is freed before this call (the disconnect callback is 2272 * not called here). 2273 */ 2274 void snd_ctl_disconnect_layer(struct snd_ctl_layer_ops *lops) 2275 { 2276 struct snd_ctl_layer_ops *lops2, *prev_lops2; 2277 2278 down_write(&snd_ctl_layer_rwsem); 2279 for (lops2 = snd_ctl_layer, prev_lops2 = NULL; lops2; lops2 = lops2->next) { 2280 if (lops2 == lops) { 2281 if (!prev_lops2) 2282 snd_ctl_layer = lops->next; 2283 else 2284 prev_lops2->next = lops->next; 2285 break; 2286 } 2287 prev_lops2 = lops2; 2288 } 2289 up_write(&snd_ctl_layer_rwsem); 2290 } 2291 EXPORT_SYMBOL_GPL(snd_ctl_disconnect_layer); 2292 2293 /* 2294 * INIT PART 2295 */ 2296 2297 static const struct file_operations snd_ctl_f_ops = 2298 { 2299 .owner = THIS_MODULE, 2300 .read = snd_ctl_read, 2301 .open = snd_ctl_open, 2302 .release = snd_ctl_release, 2303 .llseek = no_llseek, 2304 .poll = snd_ctl_poll, 2305 .unlocked_ioctl = snd_ctl_ioctl, 2306 .compat_ioctl = snd_ctl_ioctl_compat, 2307 .fasync = snd_ctl_fasync, 2308 }; 2309 2310 /* 2311 * registration of the control device 2312 */ 2313 static int snd_ctl_dev_register(struct snd_device *device) 2314 { 2315 struct snd_card *card = device->device_data; 2316 struct snd_ctl_layer_ops *lops; 2317 int err; 2318 2319 err = snd_register_device(SNDRV_DEVICE_TYPE_CONTROL, card, -1, 2320 &snd_ctl_f_ops, card, &card->ctl_dev); 2321 if (err < 0) 2322 return err; 2323 down_read(&card->controls_rwsem); 2324 down_read(&snd_ctl_layer_rwsem); 2325 for (lops = snd_ctl_layer; lops; lops = lops->next) 2326 lops->lregister(card); 2327 up_read(&snd_ctl_layer_rwsem); 2328 up_read(&card->controls_rwsem); 2329 return 0; 2330 } 2331 2332 /* 2333 * disconnection of the control device 2334 */ 2335 static int snd_ctl_dev_disconnect(struct snd_device *device) 2336 { 2337 struct snd_card *card = device->device_data; 2338 struct snd_ctl_file *ctl; 2339 struct snd_ctl_layer_ops *lops; 2340 unsigned long flags; 2341 2342 read_lock_irqsave(&card->ctl_files_rwlock, flags); 2343 list_for_each_entry(ctl, &card->ctl_files, list) { 2344 wake_up(&ctl->change_sleep); 2345 snd_kill_fasync(ctl->fasync, SIGIO, POLL_ERR); 2346 } 2347 read_unlock_irqrestore(&card->ctl_files_rwlock, flags); 2348 2349 down_read(&card->controls_rwsem); 2350 down_read(&snd_ctl_layer_rwsem); 2351 for (lops = snd_ctl_layer; lops; lops = lops->next) 2352 lops->ldisconnect(card); 2353 up_read(&snd_ctl_layer_rwsem); 2354 up_read(&card->controls_rwsem); 2355 2356 return snd_unregister_device(&card->ctl_dev); 2357 } 2358 2359 /* 2360 * free all controls 2361 */ 2362 static int snd_ctl_dev_free(struct snd_device *device) 2363 { 2364 struct snd_card *card = device->device_data; 2365 struct snd_kcontrol *control; 2366 2367 down_write(&card->controls_rwsem); 2368 while (!list_empty(&card->controls)) { 2369 control = snd_kcontrol(card->controls.next); 2370 __snd_ctl_remove(card, control, false); 2371 } 2372 2373 #ifdef CONFIG_SND_CTL_FAST_LOOKUP 2374 xa_destroy(&card->ctl_numids); 2375 xa_destroy(&card->ctl_hash); 2376 #endif 2377 up_write(&card->controls_rwsem); 2378 put_device(&card->ctl_dev); 2379 return 0; 2380 } 2381 2382 /* 2383 * create control core: 2384 * called from init.c 2385 */ 2386 int snd_ctl_create(struct snd_card *card) 2387 { 2388 static const struct snd_device_ops ops = { 2389 .dev_free = snd_ctl_dev_free, 2390 .dev_register = snd_ctl_dev_register, 2391 .dev_disconnect = snd_ctl_dev_disconnect, 2392 }; 2393 int err; 2394 2395 if (snd_BUG_ON(!card)) 2396 return -ENXIO; 2397 if (snd_BUG_ON(card->number < 0 || card->number >= SNDRV_CARDS)) 2398 return -ENXIO; 2399 2400 snd_device_initialize(&card->ctl_dev, card); 2401 dev_set_name(&card->ctl_dev, "controlC%d", card->number); 2402 2403 err = snd_device_new(card, SNDRV_DEV_CONTROL, card, &ops); 2404 if (err < 0) 2405 put_device(&card->ctl_dev); 2406 return err; 2407 } 2408 2409 /* 2410 * Frequently used control callbacks/helpers 2411 */ 2412 2413 /** 2414 * snd_ctl_boolean_mono_info - Helper function for a standard boolean info 2415 * callback with a mono channel 2416 * @kcontrol: the kcontrol instance 2417 * @uinfo: info to store 2418 * 2419 * This is a function that can be used as info callback for a standard 2420 * boolean control with a single mono channel. 2421 * 2422 * Return: Zero (always successful) 2423 */ 2424 int snd_ctl_boolean_mono_info(struct snd_kcontrol *kcontrol, 2425 struct snd_ctl_elem_info *uinfo) 2426 { 2427 uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN; 2428 uinfo->count = 1; 2429 uinfo->value.integer.min = 0; 2430 uinfo->value.integer.max = 1; 2431 return 0; 2432 } 2433 EXPORT_SYMBOL(snd_ctl_boolean_mono_info); 2434 2435 /** 2436 * snd_ctl_boolean_stereo_info - Helper function for a standard boolean info 2437 * callback with stereo two channels 2438 * @kcontrol: the kcontrol instance 2439 * @uinfo: info to store 2440 * 2441 * This is a function that can be used as info callback for a standard 2442 * boolean control with stereo two channels. 2443 * 2444 * Return: Zero (always successful) 2445 */ 2446 int snd_ctl_boolean_stereo_info(struct snd_kcontrol *kcontrol, 2447 struct snd_ctl_elem_info *uinfo) 2448 { 2449 uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN; 2450 uinfo->count = 2; 2451 uinfo->value.integer.min = 0; 2452 uinfo->value.integer.max = 1; 2453 return 0; 2454 } 2455 EXPORT_SYMBOL(snd_ctl_boolean_stereo_info); 2456 2457 /** 2458 * snd_ctl_enum_info - fills the info structure for an enumerated control 2459 * @info: the structure to be filled 2460 * @channels: the number of the control's channels; often one 2461 * @items: the number of control values; also the size of @names 2462 * @names: an array containing the names of all control values 2463 * 2464 * Sets all required fields in @info to their appropriate values. 2465 * If the control's accessibility is not the default (readable and writable), 2466 * the caller has to fill @info->access. 2467 * 2468 * Return: Zero (always successful) 2469 */ 2470 int snd_ctl_enum_info(struct snd_ctl_elem_info *info, unsigned int channels, 2471 unsigned int items, const char *const names[]) 2472 { 2473 info->type = SNDRV_CTL_ELEM_TYPE_ENUMERATED; 2474 info->count = channels; 2475 info->value.enumerated.items = items; 2476 if (!items) 2477 return 0; 2478 if (info->value.enumerated.item >= items) 2479 info->value.enumerated.item = items - 1; 2480 WARN(strlen(names[info->value.enumerated.item]) >= sizeof(info->value.enumerated.name), 2481 "ALSA: too long item name '%s'\n", 2482 names[info->value.enumerated.item]); 2483 strscpy(info->value.enumerated.name, 2484 names[info->value.enumerated.item], 2485 sizeof(info->value.enumerated.name)); 2486 return 0; 2487 } 2488 EXPORT_SYMBOL(snd_ctl_enum_info); 2489