1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * comedi/comedi_fops.c 4 * comedi kernel module 5 * 6 * COMEDI - Linux Control and Measurement Device Interface 7 * Copyright (C) 1997-2007 David A. Schleef <ds@schleef.org> 8 * compat ioctls: 9 * Author: Ian Abbott, MEV Ltd. <abbotti@mev.co.uk> 10 * Copyright (C) 2007 MEV Ltd. <http://www.mev.co.uk/> 11 */ 12 13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 15 #include <linux/module.h> 16 #include <linux/errno.h> 17 #include <linux/kernel.h> 18 #include <linux/sched/signal.h> 19 #include <linux/fcntl.h> 20 #include <linux/delay.h> 21 #include <linux/mm.h> 22 #include <linux/slab.h> 23 #include <linux/poll.h> 24 #include <linux/device.h> 25 #include <linux/fs.h> 26 #include <linux/comedi/comedidev.h> 27 #include <linux/cdev.h> 28 29 #include <linux/io.h> 30 #include <linux/uaccess.h> 31 #include <linux/compat.h> 32 33 #include "comedi_internal.h" 34 35 /* 36 * comedi_subdevice "runflags" 37 * COMEDI_SRF_RT: DEPRECATED: command is running real-time 38 * COMEDI_SRF_ERROR: indicates an COMEDI_CB_ERROR event has occurred 39 * since the last command was started 40 * COMEDI_SRF_RUNNING: command is running 41 * COMEDI_SRF_FREE_SPRIV: free s->private on detach 42 * 43 * COMEDI_SRF_BUSY_MASK: runflags that indicate the subdevice is "busy" 44 */ 45 #define COMEDI_SRF_RT BIT(1) 46 #define COMEDI_SRF_ERROR BIT(2) 47 #define COMEDI_SRF_RUNNING BIT(27) 48 #define COMEDI_SRF_FREE_SPRIV BIT(31) 49 50 #define COMEDI_SRF_BUSY_MASK (COMEDI_SRF_ERROR | COMEDI_SRF_RUNNING) 51 52 /** 53 * struct comedi_file - Per-file private data for COMEDI device 54 * @dev: COMEDI device. 55 * @read_subdev: Current "read" subdevice. 56 * @write_subdev: Current "write" subdevice. 57 * @last_detach_count: Last known detach count. 58 * @last_attached: Last known attached/detached state. 59 */ 60 struct comedi_file { 61 struct comedi_device *dev; 62 struct comedi_subdevice *read_subdev; 63 struct comedi_subdevice *write_subdev; 64 unsigned int last_detach_count; 65 unsigned int last_attached:1; 66 }; 67 68 #define COMEDI_NUM_MINORS 0x100 69 #define COMEDI_NUM_SUBDEVICE_MINORS \ 70 (COMEDI_NUM_MINORS - COMEDI_NUM_BOARD_MINORS) 71 72 static unsigned short comedi_num_legacy_minors; 73 module_param(comedi_num_legacy_minors, ushort, 0444); 74 MODULE_PARM_DESC(comedi_num_legacy_minors, 75 "number of comedi minor devices to reserve for non-auto-configured devices (default 0)" 76 ); 77 78 unsigned int comedi_default_buf_size_kb = CONFIG_COMEDI_DEFAULT_BUF_SIZE_KB; 79 module_param(comedi_default_buf_size_kb, uint, 0644); 80 MODULE_PARM_DESC(comedi_default_buf_size_kb, 81 "default asynchronous buffer size in KiB (default " 82 __MODULE_STRING(CONFIG_COMEDI_DEFAULT_BUF_SIZE_KB) ")"); 83 84 unsigned int comedi_default_buf_maxsize_kb = 85 CONFIG_COMEDI_DEFAULT_BUF_MAXSIZE_KB; 86 module_param(comedi_default_buf_maxsize_kb, uint, 0644); 87 MODULE_PARM_DESC(comedi_default_buf_maxsize_kb, 88 "default maximum size of asynchronous buffer in KiB (default " 89 __MODULE_STRING(CONFIG_COMEDI_DEFAULT_BUF_MAXSIZE_KB) ")"); 90 91 static DEFINE_MUTEX(comedi_board_minor_table_lock); 92 static struct comedi_device 93 *comedi_board_minor_table[COMEDI_NUM_BOARD_MINORS]; 94 95 static DEFINE_MUTEX(comedi_subdevice_minor_table_lock); 96 /* Note: indexed by minor - COMEDI_NUM_BOARD_MINORS. */ 97 static struct comedi_subdevice 98 *comedi_subdevice_minor_table[COMEDI_NUM_SUBDEVICE_MINORS]; 99 100 static struct class *comedi_class; 101 static struct cdev comedi_cdev; 102 103 static void comedi_device_init(struct comedi_device *dev) 104 { 105 kref_init(&dev->refcount); 106 spin_lock_init(&dev->spinlock); 107 mutex_init(&dev->mutex); 108 init_rwsem(&dev->attach_lock); 109 dev->minor = -1; 110 } 111 112 static void comedi_dev_kref_release(struct kref *kref) 113 { 114 struct comedi_device *dev = 115 container_of(kref, struct comedi_device, refcount); 116 117 mutex_destroy(&dev->mutex); 118 put_device(dev->class_dev); 119 kfree(dev); 120 } 121 122 /** 123 * comedi_dev_put() - Release a use of a COMEDI device 124 * @dev: COMEDI device. 125 * 126 * Must be called when a user of a COMEDI device is finished with it. 127 * When the last user of the COMEDI device calls this function, the 128 * COMEDI device is destroyed. 129 * 130 * Return: 1 if the COMEDI device is destroyed by this call or @dev is 131 * NULL, otherwise return 0. Callers must not assume the COMEDI 132 * device is still valid if this function returns 0. 133 */ 134 int comedi_dev_put(struct comedi_device *dev) 135 { 136 if (dev) 137 return kref_put(&dev->refcount, comedi_dev_kref_release); 138 return 1; 139 } 140 EXPORT_SYMBOL_GPL(comedi_dev_put); 141 142 static struct comedi_device *comedi_dev_get(struct comedi_device *dev) 143 { 144 if (dev) 145 kref_get(&dev->refcount); 146 return dev; 147 } 148 149 static void comedi_device_cleanup(struct comedi_device *dev) 150 { 151 struct module *driver_module = NULL; 152 153 if (!dev) 154 return; 155 mutex_lock(&dev->mutex); 156 if (dev->attached) 157 driver_module = dev->driver->module; 158 comedi_device_detach(dev); 159 if (driver_module && dev->use_count) 160 module_put(driver_module); 161 mutex_unlock(&dev->mutex); 162 } 163 164 static bool comedi_clear_board_dev(struct comedi_device *dev) 165 { 166 unsigned int i = dev->minor; 167 bool cleared = false; 168 169 lockdep_assert_held(&dev->mutex); 170 mutex_lock(&comedi_board_minor_table_lock); 171 if (dev == comedi_board_minor_table[i]) { 172 comedi_board_minor_table[i] = NULL; 173 cleared = true; 174 } 175 mutex_unlock(&comedi_board_minor_table_lock); 176 return cleared; 177 } 178 179 static struct comedi_device *comedi_clear_board_minor(unsigned int minor) 180 { 181 struct comedi_device *dev; 182 183 mutex_lock(&comedi_board_minor_table_lock); 184 dev = comedi_board_minor_table[minor]; 185 comedi_board_minor_table[minor] = NULL; 186 mutex_unlock(&comedi_board_minor_table_lock); 187 return dev; 188 } 189 190 static void comedi_free_board_dev(struct comedi_device *dev) 191 { 192 if (dev) { 193 comedi_device_cleanup(dev); 194 if (dev->class_dev) { 195 device_destroy(comedi_class, 196 MKDEV(COMEDI_MAJOR, dev->minor)); 197 } 198 comedi_dev_put(dev); 199 } 200 } 201 202 static struct comedi_subdevice * 203 comedi_subdevice_from_minor(const struct comedi_device *dev, unsigned int minor) 204 { 205 struct comedi_subdevice *s; 206 unsigned int i = minor - COMEDI_NUM_BOARD_MINORS; 207 208 mutex_lock(&comedi_subdevice_minor_table_lock); 209 s = comedi_subdevice_minor_table[i]; 210 if (s && s->device != dev) 211 s = NULL; 212 mutex_unlock(&comedi_subdevice_minor_table_lock); 213 return s; 214 } 215 216 static struct comedi_device *comedi_dev_get_from_board_minor(unsigned int minor) 217 { 218 struct comedi_device *dev; 219 220 mutex_lock(&comedi_board_minor_table_lock); 221 dev = comedi_dev_get(comedi_board_minor_table[minor]); 222 mutex_unlock(&comedi_board_minor_table_lock); 223 return dev; 224 } 225 226 static struct comedi_device * 227 comedi_dev_get_from_subdevice_minor(unsigned int minor) 228 { 229 struct comedi_device *dev; 230 struct comedi_subdevice *s; 231 unsigned int i = minor - COMEDI_NUM_BOARD_MINORS; 232 233 mutex_lock(&comedi_subdevice_minor_table_lock); 234 s = comedi_subdevice_minor_table[i]; 235 dev = comedi_dev_get(s ? s->device : NULL); 236 mutex_unlock(&comedi_subdevice_minor_table_lock); 237 return dev; 238 } 239 240 /** 241 * comedi_dev_get_from_minor() - Get COMEDI device by minor device number 242 * @minor: Minor device number. 243 * 244 * Finds the COMEDI device associated with the minor device number, if any, 245 * and increments its reference count. The COMEDI device is prevented from 246 * being freed until a matching call is made to comedi_dev_put(). 247 * 248 * Return: A pointer to the COMEDI device if it exists, with its usage 249 * reference incremented. Return NULL if no COMEDI device exists with the 250 * specified minor device number. 251 */ 252 struct comedi_device *comedi_dev_get_from_minor(unsigned int minor) 253 { 254 if (minor < COMEDI_NUM_BOARD_MINORS) 255 return comedi_dev_get_from_board_minor(minor); 256 257 return comedi_dev_get_from_subdevice_minor(minor); 258 } 259 EXPORT_SYMBOL_GPL(comedi_dev_get_from_minor); 260 261 static struct comedi_subdevice * 262 comedi_read_subdevice(const struct comedi_device *dev, unsigned int minor) 263 { 264 struct comedi_subdevice *s; 265 266 lockdep_assert_held(&dev->mutex); 267 if (minor >= COMEDI_NUM_BOARD_MINORS) { 268 s = comedi_subdevice_from_minor(dev, minor); 269 if (!s || (s->subdev_flags & SDF_CMD_READ)) 270 return s; 271 } 272 return dev->read_subdev; 273 } 274 275 static struct comedi_subdevice * 276 comedi_write_subdevice(const struct comedi_device *dev, unsigned int minor) 277 { 278 struct comedi_subdevice *s; 279 280 lockdep_assert_held(&dev->mutex); 281 if (minor >= COMEDI_NUM_BOARD_MINORS) { 282 s = comedi_subdevice_from_minor(dev, minor); 283 if (!s || (s->subdev_flags & SDF_CMD_WRITE)) 284 return s; 285 } 286 return dev->write_subdev; 287 } 288 289 static void comedi_file_reset(struct file *file) 290 { 291 struct comedi_file *cfp = file->private_data; 292 struct comedi_device *dev = cfp->dev; 293 struct comedi_subdevice *s, *read_s, *write_s; 294 unsigned int minor = iminor(file_inode(file)); 295 296 read_s = dev->read_subdev; 297 write_s = dev->write_subdev; 298 if (minor >= COMEDI_NUM_BOARD_MINORS) { 299 s = comedi_subdevice_from_minor(dev, minor); 300 if (!s || s->subdev_flags & SDF_CMD_READ) 301 read_s = s; 302 if (!s || s->subdev_flags & SDF_CMD_WRITE) 303 write_s = s; 304 } 305 cfp->last_attached = dev->attached; 306 cfp->last_detach_count = dev->detach_count; 307 WRITE_ONCE(cfp->read_subdev, read_s); 308 WRITE_ONCE(cfp->write_subdev, write_s); 309 } 310 311 static void comedi_file_check(struct file *file) 312 { 313 struct comedi_file *cfp = file->private_data; 314 struct comedi_device *dev = cfp->dev; 315 316 if (cfp->last_attached != dev->attached || 317 cfp->last_detach_count != dev->detach_count) 318 comedi_file_reset(file); 319 } 320 321 static struct comedi_subdevice *comedi_file_read_subdevice(struct file *file) 322 { 323 struct comedi_file *cfp = file->private_data; 324 325 comedi_file_check(file); 326 return READ_ONCE(cfp->read_subdev); 327 } 328 329 static struct comedi_subdevice *comedi_file_write_subdevice(struct file *file) 330 { 331 struct comedi_file *cfp = file->private_data; 332 333 comedi_file_check(file); 334 return READ_ONCE(cfp->write_subdev); 335 } 336 337 static int resize_async_buffer(struct comedi_device *dev, 338 struct comedi_subdevice *s, 339 unsigned int new_size) 340 { 341 struct comedi_async *async = s->async; 342 int retval; 343 344 lockdep_assert_held(&dev->mutex); 345 346 if (new_size > async->max_bufsize) 347 return -EPERM; 348 349 if (s->busy) { 350 dev_dbg(dev->class_dev, 351 "subdevice is busy, cannot resize buffer\n"); 352 return -EBUSY; 353 } 354 if (comedi_buf_is_mmapped(s)) { 355 dev_dbg(dev->class_dev, 356 "subdevice is mmapped, cannot resize buffer\n"); 357 return -EBUSY; 358 } 359 360 /* make sure buffer is an integral number of pages (we round up) */ 361 new_size = (new_size + PAGE_SIZE - 1) & PAGE_MASK; 362 363 retval = comedi_buf_alloc(dev, s, new_size); 364 if (retval < 0) 365 return retval; 366 367 if (s->buf_change) { 368 retval = s->buf_change(dev, s); 369 if (retval < 0) 370 return retval; 371 } 372 373 dev_dbg(dev->class_dev, "subd %d buffer resized to %i bytes\n", 374 s->index, async->prealloc_bufsz); 375 return 0; 376 } 377 378 /* sysfs attribute files */ 379 380 static ssize_t max_read_buffer_kb_show(struct device *csdev, 381 struct device_attribute *attr, char *buf) 382 { 383 unsigned int minor = MINOR(csdev->devt); 384 struct comedi_device *dev; 385 struct comedi_subdevice *s; 386 unsigned int size = 0; 387 388 dev = comedi_dev_get_from_minor(minor); 389 if (!dev) 390 return -ENODEV; 391 392 mutex_lock(&dev->mutex); 393 s = comedi_read_subdevice(dev, minor); 394 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async) 395 size = s->async->max_bufsize / 1024; 396 mutex_unlock(&dev->mutex); 397 398 comedi_dev_put(dev); 399 return sysfs_emit(buf, "%u\n", size); 400 } 401 402 static ssize_t max_read_buffer_kb_store(struct device *csdev, 403 struct device_attribute *attr, 404 const char *buf, size_t count) 405 { 406 unsigned int minor = MINOR(csdev->devt); 407 struct comedi_device *dev; 408 struct comedi_subdevice *s; 409 unsigned int size; 410 int err; 411 412 err = kstrtouint(buf, 10, &size); 413 if (err) 414 return err; 415 if (size > (UINT_MAX / 1024)) 416 return -EINVAL; 417 size *= 1024; 418 419 dev = comedi_dev_get_from_minor(minor); 420 if (!dev) 421 return -ENODEV; 422 423 mutex_lock(&dev->mutex); 424 s = comedi_read_subdevice(dev, minor); 425 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async) 426 s->async->max_bufsize = size; 427 else 428 err = -EINVAL; 429 mutex_unlock(&dev->mutex); 430 431 comedi_dev_put(dev); 432 return err ? err : count; 433 } 434 static DEVICE_ATTR_RW(max_read_buffer_kb); 435 436 static ssize_t read_buffer_kb_show(struct device *csdev, 437 struct device_attribute *attr, char *buf) 438 { 439 unsigned int minor = MINOR(csdev->devt); 440 struct comedi_device *dev; 441 struct comedi_subdevice *s; 442 unsigned int size = 0; 443 444 dev = comedi_dev_get_from_minor(minor); 445 if (!dev) 446 return -ENODEV; 447 448 mutex_lock(&dev->mutex); 449 s = comedi_read_subdevice(dev, minor); 450 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async) 451 size = s->async->prealloc_bufsz / 1024; 452 mutex_unlock(&dev->mutex); 453 454 comedi_dev_put(dev); 455 return sysfs_emit(buf, "%u\n", size); 456 } 457 458 static ssize_t read_buffer_kb_store(struct device *csdev, 459 struct device_attribute *attr, 460 const char *buf, size_t count) 461 { 462 unsigned int minor = MINOR(csdev->devt); 463 struct comedi_device *dev; 464 struct comedi_subdevice *s; 465 unsigned int size; 466 int err; 467 468 err = kstrtouint(buf, 10, &size); 469 if (err) 470 return err; 471 if (size > (UINT_MAX / 1024)) 472 return -EINVAL; 473 size *= 1024; 474 475 dev = comedi_dev_get_from_minor(minor); 476 if (!dev) 477 return -ENODEV; 478 479 mutex_lock(&dev->mutex); 480 s = comedi_read_subdevice(dev, minor); 481 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async) 482 err = resize_async_buffer(dev, s, size); 483 else 484 err = -EINVAL; 485 mutex_unlock(&dev->mutex); 486 487 comedi_dev_put(dev); 488 return err ? err : count; 489 } 490 static DEVICE_ATTR_RW(read_buffer_kb); 491 492 static ssize_t max_write_buffer_kb_show(struct device *csdev, 493 struct device_attribute *attr, 494 char *buf) 495 { 496 unsigned int minor = MINOR(csdev->devt); 497 struct comedi_device *dev; 498 struct comedi_subdevice *s; 499 unsigned int size = 0; 500 501 dev = comedi_dev_get_from_minor(minor); 502 if (!dev) 503 return -ENODEV; 504 505 mutex_lock(&dev->mutex); 506 s = comedi_write_subdevice(dev, minor); 507 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async) 508 size = s->async->max_bufsize / 1024; 509 mutex_unlock(&dev->mutex); 510 511 comedi_dev_put(dev); 512 return sysfs_emit(buf, "%u\n", size); 513 } 514 515 static ssize_t max_write_buffer_kb_store(struct device *csdev, 516 struct device_attribute *attr, 517 const char *buf, size_t count) 518 { 519 unsigned int minor = MINOR(csdev->devt); 520 struct comedi_device *dev; 521 struct comedi_subdevice *s; 522 unsigned int size; 523 int err; 524 525 err = kstrtouint(buf, 10, &size); 526 if (err) 527 return err; 528 if (size > (UINT_MAX / 1024)) 529 return -EINVAL; 530 size *= 1024; 531 532 dev = comedi_dev_get_from_minor(minor); 533 if (!dev) 534 return -ENODEV; 535 536 mutex_lock(&dev->mutex); 537 s = comedi_write_subdevice(dev, minor); 538 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async) 539 s->async->max_bufsize = size; 540 else 541 err = -EINVAL; 542 mutex_unlock(&dev->mutex); 543 544 comedi_dev_put(dev); 545 return err ? err : count; 546 } 547 static DEVICE_ATTR_RW(max_write_buffer_kb); 548 549 static ssize_t write_buffer_kb_show(struct device *csdev, 550 struct device_attribute *attr, char *buf) 551 { 552 unsigned int minor = MINOR(csdev->devt); 553 struct comedi_device *dev; 554 struct comedi_subdevice *s; 555 unsigned int size = 0; 556 557 dev = comedi_dev_get_from_minor(minor); 558 if (!dev) 559 return -ENODEV; 560 561 mutex_lock(&dev->mutex); 562 s = comedi_write_subdevice(dev, minor); 563 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async) 564 size = s->async->prealloc_bufsz / 1024; 565 mutex_unlock(&dev->mutex); 566 567 comedi_dev_put(dev); 568 return sysfs_emit(buf, "%u\n", size); 569 } 570 571 static ssize_t write_buffer_kb_store(struct device *csdev, 572 struct device_attribute *attr, 573 const char *buf, size_t count) 574 { 575 unsigned int minor = MINOR(csdev->devt); 576 struct comedi_device *dev; 577 struct comedi_subdevice *s; 578 unsigned int size; 579 int err; 580 581 err = kstrtouint(buf, 10, &size); 582 if (err) 583 return err; 584 if (size > (UINT_MAX / 1024)) 585 return -EINVAL; 586 size *= 1024; 587 588 dev = comedi_dev_get_from_minor(minor); 589 if (!dev) 590 return -ENODEV; 591 592 mutex_lock(&dev->mutex); 593 s = comedi_write_subdevice(dev, minor); 594 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async) 595 err = resize_async_buffer(dev, s, size); 596 else 597 err = -EINVAL; 598 mutex_unlock(&dev->mutex); 599 600 comedi_dev_put(dev); 601 return err ? err : count; 602 } 603 static DEVICE_ATTR_RW(write_buffer_kb); 604 605 static struct attribute *comedi_dev_attrs[] = { 606 &dev_attr_max_read_buffer_kb.attr, 607 &dev_attr_read_buffer_kb.attr, 608 &dev_attr_max_write_buffer_kb.attr, 609 &dev_attr_write_buffer_kb.attr, 610 NULL, 611 }; 612 ATTRIBUTE_GROUPS(comedi_dev); 613 614 static void __comedi_clear_subdevice_runflags(struct comedi_subdevice *s, 615 unsigned int bits) 616 { 617 s->runflags &= ~bits; 618 } 619 620 static void __comedi_set_subdevice_runflags(struct comedi_subdevice *s, 621 unsigned int bits) 622 { 623 s->runflags |= bits; 624 } 625 626 static void comedi_update_subdevice_runflags(struct comedi_subdevice *s, 627 unsigned int mask, 628 unsigned int bits) 629 { 630 unsigned long flags; 631 632 spin_lock_irqsave(&s->spin_lock, flags); 633 __comedi_clear_subdevice_runflags(s, mask); 634 __comedi_set_subdevice_runflags(s, bits & mask); 635 spin_unlock_irqrestore(&s->spin_lock, flags); 636 } 637 638 static unsigned int __comedi_get_subdevice_runflags(struct comedi_subdevice *s) 639 { 640 return s->runflags; 641 } 642 643 static unsigned int comedi_get_subdevice_runflags(struct comedi_subdevice *s) 644 { 645 unsigned long flags; 646 unsigned int runflags; 647 648 spin_lock_irqsave(&s->spin_lock, flags); 649 runflags = __comedi_get_subdevice_runflags(s); 650 spin_unlock_irqrestore(&s->spin_lock, flags); 651 return runflags; 652 } 653 654 static bool comedi_is_runflags_running(unsigned int runflags) 655 { 656 return runflags & COMEDI_SRF_RUNNING; 657 } 658 659 static bool comedi_is_runflags_in_error(unsigned int runflags) 660 { 661 return runflags & COMEDI_SRF_ERROR; 662 } 663 664 /** 665 * comedi_is_subdevice_running() - Check if async command running on subdevice 666 * @s: COMEDI subdevice. 667 * 668 * Return: %true if an asynchronous COMEDI command is active on the 669 * subdevice, else %false. 670 */ 671 bool comedi_is_subdevice_running(struct comedi_subdevice *s) 672 { 673 unsigned int runflags = comedi_get_subdevice_runflags(s); 674 675 return comedi_is_runflags_running(runflags); 676 } 677 EXPORT_SYMBOL_GPL(comedi_is_subdevice_running); 678 679 static bool __comedi_is_subdevice_running(struct comedi_subdevice *s) 680 { 681 unsigned int runflags = __comedi_get_subdevice_runflags(s); 682 683 return comedi_is_runflags_running(runflags); 684 } 685 686 bool comedi_can_auto_free_spriv(struct comedi_subdevice *s) 687 { 688 unsigned int runflags = __comedi_get_subdevice_runflags(s); 689 690 return runflags & COMEDI_SRF_FREE_SPRIV; 691 } 692 693 /** 694 * comedi_set_spriv_auto_free() - Mark subdevice private data as freeable 695 * @s: COMEDI subdevice. 696 * 697 * Mark the subdevice as having a pointer to private data that can be 698 * automatically freed when the COMEDI device is detached from the low-level 699 * driver. 700 */ 701 void comedi_set_spriv_auto_free(struct comedi_subdevice *s) 702 { 703 __comedi_set_subdevice_runflags(s, COMEDI_SRF_FREE_SPRIV); 704 } 705 EXPORT_SYMBOL_GPL(comedi_set_spriv_auto_free); 706 707 /** 708 * comedi_alloc_spriv - Allocate memory for the subdevice private data 709 * @s: COMEDI subdevice. 710 * @size: Size of the memory to allocate. 711 * 712 * Allocate memory for the subdevice private data and point @s->private 713 * to it. The memory will be freed automatically when the COMEDI device 714 * is detached from the low-level driver. 715 * 716 * Return: A pointer to the allocated memory @s->private on success. 717 * Return NULL on failure. 718 */ 719 void *comedi_alloc_spriv(struct comedi_subdevice *s, size_t size) 720 { 721 s->private = kzalloc(size, GFP_KERNEL); 722 if (s->private) 723 comedi_set_spriv_auto_free(s); 724 return s->private; 725 } 726 EXPORT_SYMBOL_GPL(comedi_alloc_spriv); 727 728 /* 729 * This function restores a subdevice to an idle state. 730 */ 731 static void do_become_nonbusy(struct comedi_device *dev, 732 struct comedi_subdevice *s) 733 { 734 struct comedi_async *async = s->async; 735 736 lockdep_assert_held(&dev->mutex); 737 comedi_update_subdevice_runflags(s, COMEDI_SRF_RUNNING, 0); 738 if (async) { 739 comedi_buf_reset(s); 740 async->inttrig = NULL; 741 kfree(async->cmd.chanlist); 742 async->cmd.chanlist = NULL; 743 s->busy = NULL; 744 wake_up_interruptible_all(&async->wait_head); 745 } else { 746 dev_err(dev->class_dev, 747 "BUG: (?) %s called with async=NULL\n", __func__); 748 s->busy = NULL; 749 } 750 } 751 752 static int do_cancel(struct comedi_device *dev, struct comedi_subdevice *s) 753 { 754 int ret = 0; 755 756 lockdep_assert_held(&dev->mutex); 757 if (comedi_is_subdevice_running(s) && s->cancel) 758 ret = s->cancel(dev, s); 759 760 do_become_nonbusy(dev, s); 761 762 return ret; 763 } 764 765 void comedi_device_cancel_all(struct comedi_device *dev) 766 { 767 struct comedi_subdevice *s; 768 int i; 769 770 lockdep_assert_held(&dev->mutex); 771 if (!dev->attached) 772 return; 773 774 for (i = 0; i < dev->n_subdevices; i++) { 775 s = &dev->subdevices[i]; 776 if (s->async) 777 do_cancel(dev, s); 778 } 779 } 780 781 static int is_device_busy(struct comedi_device *dev) 782 { 783 struct comedi_subdevice *s; 784 int i; 785 786 lockdep_assert_held(&dev->mutex); 787 if (!dev->attached) 788 return 0; 789 790 for (i = 0; i < dev->n_subdevices; i++) { 791 s = &dev->subdevices[i]; 792 if (s->busy) 793 return 1; 794 if (s->async && comedi_buf_is_mmapped(s)) 795 return 1; 796 } 797 798 return 0; 799 } 800 801 /* 802 * COMEDI_DEVCONFIG ioctl 803 * attaches (and configures) or detaches a legacy device 804 * 805 * arg: 806 * pointer to comedi_devconfig structure (NULL if detaching) 807 * 808 * reads: 809 * comedi_devconfig structure (if attaching) 810 * 811 * writes: 812 * nothing 813 */ 814 static int do_devconfig_ioctl(struct comedi_device *dev, 815 struct comedi_devconfig __user *arg) 816 { 817 struct comedi_devconfig it; 818 819 lockdep_assert_held(&dev->mutex); 820 if (!capable(CAP_SYS_ADMIN)) 821 return -EPERM; 822 823 if (!arg) { 824 if (is_device_busy(dev)) 825 return -EBUSY; 826 if (dev->attached) { 827 struct module *driver_module = dev->driver->module; 828 829 comedi_device_detach(dev); 830 module_put(driver_module); 831 } 832 return 0; 833 } 834 835 if (copy_from_user(&it, arg, sizeof(it))) 836 return -EFAULT; 837 838 it.board_name[COMEDI_NAMELEN - 1] = 0; 839 840 if (it.options[COMEDI_DEVCONF_AUX_DATA_LENGTH]) { 841 dev_warn(dev->class_dev, 842 "comedi_config --init_data is deprecated\n"); 843 return -EINVAL; 844 } 845 846 if (dev->minor >= comedi_num_legacy_minors) 847 /* don't re-use dynamically allocated comedi devices */ 848 return -EBUSY; 849 850 /* This increments the driver module count on success. */ 851 return comedi_device_attach(dev, &it); 852 } 853 854 /* 855 * COMEDI_BUFCONFIG ioctl 856 * buffer configuration 857 * 858 * arg: 859 * pointer to comedi_bufconfig structure 860 * 861 * reads: 862 * comedi_bufconfig structure 863 * 864 * writes: 865 * modified comedi_bufconfig structure 866 */ 867 static int do_bufconfig_ioctl(struct comedi_device *dev, 868 struct comedi_bufconfig __user *arg) 869 { 870 struct comedi_bufconfig bc; 871 struct comedi_async *async; 872 struct comedi_subdevice *s; 873 int retval = 0; 874 875 lockdep_assert_held(&dev->mutex); 876 if (copy_from_user(&bc, arg, sizeof(bc))) 877 return -EFAULT; 878 879 if (bc.subdevice >= dev->n_subdevices) 880 return -EINVAL; 881 882 s = &dev->subdevices[bc.subdevice]; 883 async = s->async; 884 885 if (!async) { 886 dev_dbg(dev->class_dev, 887 "subdevice does not have async capability\n"); 888 bc.size = 0; 889 bc.maximum_size = 0; 890 goto copyback; 891 } 892 893 if (bc.maximum_size) { 894 if (!capable(CAP_SYS_ADMIN)) 895 return -EPERM; 896 897 async->max_bufsize = bc.maximum_size; 898 } 899 900 if (bc.size) { 901 retval = resize_async_buffer(dev, s, bc.size); 902 if (retval < 0) 903 return retval; 904 } 905 906 bc.size = async->prealloc_bufsz; 907 bc.maximum_size = async->max_bufsize; 908 909 copyback: 910 if (copy_to_user(arg, &bc, sizeof(bc))) 911 return -EFAULT; 912 913 return 0; 914 } 915 916 /* 917 * COMEDI_DEVINFO ioctl 918 * device info 919 * 920 * arg: 921 * pointer to comedi_devinfo structure 922 * 923 * reads: 924 * nothing 925 * 926 * writes: 927 * comedi_devinfo structure 928 */ 929 static int do_devinfo_ioctl(struct comedi_device *dev, 930 struct comedi_devinfo __user *arg, 931 struct file *file) 932 { 933 struct comedi_subdevice *s; 934 struct comedi_devinfo devinfo; 935 936 lockdep_assert_held(&dev->mutex); 937 memset(&devinfo, 0, sizeof(devinfo)); 938 939 /* fill devinfo structure */ 940 devinfo.version_code = COMEDI_VERSION_CODE; 941 devinfo.n_subdevs = dev->n_subdevices; 942 strscpy(devinfo.driver_name, dev->driver->driver_name, COMEDI_NAMELEN); 943 strscpy(devinfo.board_name, dev->board_name, COMEDI_NAMELEN); 944 945 s = comedi_file_read_subdevice(file); 946 if (s) 947 devinfo.read_subdevice = s->index; 948 else 949 devinfo.read_subdevice = -1; 950 951 s = comedi_file_write_subdevice(file); 952 if (s) 953 devinfo.write_subdevice = s->index; 954 else 955 devinfo.write_subdevice = -1; 956 957 if (copy_to_user(arg, &devinfo, sizeof(devinfo))) 958 return -EFAULT; 959 960 return 0; 961 } 962 963 /* 964 * COMEDI_SUBDINFO ioctl 965 * subdevices info 966 * 967 * arg: 968 * pointer to array of comedi_subdinfo structures 969 * 970 * reads: 971 * nothing 972 * 973 * writes: 974 * array of comedi_subdinfo structures 975 */ 976 static int do_subdinfo_ioctl(struct comedi_device *dev, 977 struct comedi_subdinfo __user *arg, void *file) 978 { 979 int ret, i; 980 struct comedi_subdinfo *tmp, *us; 981 struct comedi_subdevice *s; 982 983 lockdep_assert_held(&dev->mutex); 984 tmp = kcalloc(dev->n_subdevices, sizeof(*tmp), GFP_KERNEL); 985 if (!tmp) 986 return -ENOMEM; 987 988 /* fill subdinfo structs */ 989 for (i = 0; i < dev->n_subdevices; i++) { 990 s = &dev->subdevices[i]; 991 us = tmp + i; 992 993 us->type = s->type; 994 us->n_chan = s->n_chan; 995 us->subd_flags = s->subdev_flags; 996 if (comedi_is_subdevice_running(s)) 997 us->subd_flags |= SDF_RUNNING; 998 #define TIMER_nanosec 5 /* backwards compatibility */ 999 us->timer_type = TIMER_nanosec; 1000 us->len_chanlist = s->len_chanlist; 1001 us->maxdata = s->maxdata; 1002 if (s->range_table) { 1003 us->range_type = 1004 (i << 24) | (0 << 16) | (s->range_table->length); 1005 } else { 1006 us->range_type = 0; /* XXX */ 1007 } 1008 1009 if (s->busy) 1010 us->subd_flags |= SDF_BUSY; 1011 if (s->busy == file) 1012 us->subd_flags |= SDF_BUSY_OWNER; 1013 if (s->lock) 1014 us->subd_flags |= SDF_LOCKED; 1015 if (s->lock == file) 1016 us->subd_flags |= SDF_LOCK_OWNER; 1017 if (!s->maxdata && s->maxdata_list) 1018 us->subd_flags |= SDF_MAXDATA; 1019 if (s->range_table_list) 1020 us->subd_flags |= SDF_RANGETYPE; 1021 if (s->do_cmd) 1022 us->subd_flags |= SDF_CMD; 1023 1024 if (s->insn_bits != &insn_inval) 1025 us->insn_bits_support = COMEDI_SUPPORTED; 1026 else 1027 us->insn_bits_support = COMEDI_UNSUPPORTED; 1028 } 1029 1030 ret = copy_to_user(arg, tmp, dev->n_subdevices * sizeof(*tmp)); 1031 1032 kfree(tmp); 1033 1034 return ret ? -EFAULT : 0; 1035 } 1036 1037 /* 1038 * COMEDI_CHANINFO ioctl 1039 * subdevice channel info 1040 * 1041 * arg: 1042 * pointer to comedi_chaninfo structure 1043 * 1044 * reads: 1045 * comedi_chaninfo structure 1046 * 1047 * writes: 1048 * array of maxdata values to chaninfo->maxdata_list if requested 1049 * array of range table lengths to chaninfo->range_table_list if requested 1050 */ 1051 static int do_chaninfo_ioctl(struct comedi_device *dev, 1052 struct comedi_chaninfo *it) 1053 { 1054 struct comedi_subdevice *s; 1055 1056 lockdep_assert_held(&dev->mutex); 1057 1058 if (it->subdev >= dev->n_subdevices) 1059 return -EINVAL; 1060 s = &dev->subdevices[it->subdev]; 1061 1062 if (it->maxdata_list) { 1063 if (s->maxdata || !s->maxdata_list) 1064 return -EINVAL; 1065 if (copy_to_user(it->maxdata_list, s->maxdata_list, 1066 s->n_chan * sizeof(unsigned int))) 1067 return -EFAULT; 1068 } 1069 1070 if (it->flaglist) 1071 return -EINVAL; /* flaglist not supported */ 1072 1073 if (it->rangelist) { 1074 int i; 1075 1076 if (!s->range_table_list) 1077 return -EINVAL; 1078 for (i = 0; i < s->n_chan; i++) { 1079 int x; 1080 1081 x = (dev->minor << 28) | (it->subdev << 24) | (i << 16) | 1082 (s->range_table_list[i]->length); 1083 if (put_user(x, it->rangelist + i)) 1084 return -EFAULT; 1085 } 1086 } 1087 1088 return 0; 1089 } 1090 1091 /* 1092 * COMEDI_BUFINFO ioctl 1093 * buffer information 1094 * 1095 * arg: 1096 * pointer to comedi_bufinfo structure 1097 * 1098 * reads: 1099 * comedi_bufinfo structure 1100 * 1101 * writes: 1102 * modified comedi_bufinfo structure 1103 */ 1104 static int do_bufinfo_ioctl(struct comedi_device *dev, 1105 struct comedi_bufinfo __user *arg, void *file) 1106 { 1107 struct comedi_bufinfo bi; 1108 struct comedi_subdevice *s; 1109 struct comedi_async *async; 1110 unsigned int runflags; 1111 int retval = 0; 1112 bool become_nonbusy = false; 1113 1114 lockdep_assert_held(&dev->mutex); 1115 if (copy_from_user(&bi, arg, sizeof(bi))) 1116 return -EFAULT; 1117 1118 if (bi.subdevice >= dev->n_subdevices) 1119 return -EINVAL; 1120 1121 s = &dev->subdevices[bi.subdevice]; 1122 1123 async = s->async; 1124 1125 if (!async || s->busy != file) 1126 return -EINVAL; 1127 1128 runflags = comedi_get_subdevice_runflags(s); 1129 if (!(async->cmd.flags & CMDF_WRITE)) { 1130 /* command was set up in "read" direction */ 1131 if (bi.bytes_read) { 1132 comedi_buf_read_alloc(s, bi.bytes_read); 1133 bi.bytes_read = comedi_buf_read_free(s, bi.bytes_read); 1134 } 1135 /* 1136 * If nothing left to read, and command has stopped, and 1137 * {"read" position not updated or command stopped normally}, 1138 * then become non-busy. 1139 */ 1140 if (comedi_buf_read_n_available(s) == 0 && 1141 !comedi_is_runflags_running(runflags) && 1142 (bi.bytes_read == 0 || 1143 !comedi_is_runflags_in_error(runflags))) { 1144 become_nonbusy = true; 1145 if (comedi_is_runflags_in_error(runflags)) 1146 retval = -EPIPE; 1147 } 1148 bi.bytes_written = 0; 1149 } else { 1150 /* command was set up in "write" direction */ 1151 if (!comedi_is_runflags_running(runflags)) { 1152 bi.bytes_written = 0; 1153 become_nonbusy = true; 1154 if (comedi_is_runflags_in_error(runflags)) 1155 retval = -EPIPE; 1156 } else if (bi.bytes_written) { 1157 comedi_buf_write_alloc(s, bi.bytes_written); 1158 bi.bytes_written = 1159 comedi_buf_write_free(s, bi.bytes_written); 1160 } 1161 bi.bytes_read = 0; 1162 } 1163 1164 bi.buf_write_count = async->buf_write_count; 1165 bi.buf_write_ptr = async->buf_write_ptr; 1166 bi.buf_read_count = async->buf_read_count; 1167 bi.buf_read_ptr = async->buf_read_ptr; 1168 1169 if (become_nonbusy) 1170 do_become_nonbusy(dev, s); 1171 1172 if (retval) 1173 return retval; 1174 1175 if (copy_to_user(arg, &bi, sizeof(bi))) 1176 return -EFAULT; 1177 1178 return 0; 1179 } 1180 1181 static int check_insn_config_length(struct comedi_insn *insn, 1182 unsigned int *data) 1183 { 1184 if (insn->n < 1) 1185 return -EINVAL; 1186 1187 switch (data[0]) { 1188 case INSN_CONFIG_DIO_OUTPUT: 1189 case INSN_CONFIG_DIO_INPUT: 1190 case INSN_CONFIG_DISARM: 1191 case INSN_CONFIG_RESET: 1192 if (insn->n == 1) 1193 return 0; 1194 break; 1195 case INSN_CONFIG_ARM: 1196 case INSN_CONFIG_DIO_QUERY: 1197 case INSN_CONFIG_BLOCK_SIZE: 1198 case INSN_CONFIG_FILTER: 1199 case INSN_CONFIG_SERIAL_CLOCK: 1200 case INSN_CONFIG_BIDIRECTIONAL_DATA: 1201 case INSN_CONFIG_ALT_SOURCE: 1202 case INSN_CONFIG_SET_COUNTER_MODE: 1203 case INSN_CONFIG_8254_READ_STATUS: 1204 case INSN_CONFIG_SET_ROUTING: 1205 case INSN_CONFIG_GET_ROUTING: 1206 case INSN_CONFIG_GET_PWM_STATUS: 1207 case INSN_CONFIG_PWM_SET_PERIOD: 1208 case INSN_CONFIG_PWM_GET_PERIOD: 1209 if (insn->n == 2) 1210 return 0; 1211 break; 1212 case INSN_CONFIG_SET_GATE_SRC: 1213 case INSN_CONFIG_GET_GATE_SRC: 1214 case INSN_CONFIG_SET_CLOCK_SRC: 1215 case INSN_CONFIG_GET_CLOCK_SRC: 1216 case INSN_CONFIG_SET_OTHER_SRC: 1217 case INSN_CONFIG_GET_COUNTER_STATUS: 1218 case INSN_CONFIG_GET_PWM_OUTPUT: 1219 case INSN_CONFIG_PWM_SET_H_BRIDGE: 1220 case INSN_CONFIG_PWM_GET_H_BRIDGE: 1221 case INSN_CONFIG_GET_HARDWARE_BUFFER_SIZE: 1222 if (insn->n == 3) 1223 return 0; 1224 break; 1225 case INSN_CONFIG_PWM_OUTPUT: 1226 case INSN_CONFIG_ANALOG_TRIG: 1227 case INSN_CONFIG_TIMER_1: 1228 if (insn->n == 5) 1229 return 0; 1230 break; 1231 case INSN_CONFIG_DIGITAL_TRIG: 1232 if (insn->n == 6) 1233 return 0; 1234 break; 1235 case INSN_CONFIG_GET_CMD_TIMING_CONSTRAINTS: 1236 if (insn->n >= 4) 1237 return 0; 1238 break; 1239 /* 1240 * by default we allow the insn since we don't have checks for 1241 * all possible cases yet 1242 */ 1243 default: 1244 pr_warn("No check for data length of config insn id %i is implemented\n", 1245 data[0]); 1246 pr_warn("Add a check to %s in %s\n", __func__, __FILE__); 1247 pr_warn("Assuming n=%i is correct\n", insn->n); 1248 return 0; 1249 } 1250 return -EINVAL; 1251 } 1252 1253 static int check_insn_device_config_length(struct comedi_insn *insn, 1254 unsigned int *data) 1255 { 1256 if (insn->n < 1) 1257 return -EINVAL; 1258 1259 switch (data[0]) { 1260 case INSN_DEVICE_CONFIG_TEST_ROUTE: 1261 case INSN_DEVICE_CONFIG_CONNECT_ROUTE: 1262 case INSN_DEVICE_CONFIG_DISCONNECT_ROUTE: 1263 if (insn->n == 3) 1264 return 0; 1265 break; 1266 case INSN_DEVICE_CONFIG_GET_ROUTES: 1267 /* 1268 * Big enough for config_id and the length of the userland 1269 * memory buffer. Additional length should be in factors of 2 1270 * to communicate any returned route pairs (source,destination). 1271 */ 1272 if (insn->n >= 2) 1273 return 0; 1274 break; 1275 } 1276 return -EINVAL; 1277 } 1278 1279 /** 1280 * get_valid_routes() - Calls low-level driver get_valid_routes function to 1281 * either return a count of valid routes to user, or copy 1282 * of list of all valid device routes to buffer in 1283 * userspace. 1284 * @dev: comedi device pointer 1285 * @data: data from user insn call. The length of the data must be >= 2. 1286 * data[0] must contain the INSN_DEVICE_CONFIG config_id. 1287 * data[1](input) contains the number of _pairs_ for which memory is 1288 * allotted from the user. If the user specifies '0', then only 1289 * the number of pairs available is returned. 1290 * data[1](output) returns either the number of pairs available (if none 1291 * where requested) or the number of _pairs_ that are copied back 1292 * to the user. 1293 * data[2::2] returns each (source, destination) pair. 1294 * 1295 * Return: -EINVAL if low-level driver does not allocate and return routes as 1296 * expected. Returns 0 otherwise. 1297 */ 1298 static int get_valid_routes(struct comedi_device *dev, unsigned int *data) 1299 { 1300 lockdep_assert_held(&dev->mutex); 1301 data[1] = dev->get_valid_routes(dev, data[1], data + 2); 1302 return 0; 1303 } 1304 1305 static int parse_insn(struct comedi_device *dev, struct comedi_insn *insn, 1306 unsigned int *data, void *file) 1307 { 1308 struct comedi_subdevice *s; 1309 int ret = 0; 1310 int i; 1311 1312 lockdep_assert_held(&dev->mutex); 1313 if (insn->insn & INSN_MASK_SPECIAL) { 1314 /* a non-subdevice instruction */ 1315 1316 switch (insn->insn) { 1317 case INSN_GTOD: 1318 { 1319 struct timespec64 tv; 1320 1321 if (insn->n != 2) { 1322 ret = -EINVAL; 1323 break; 1324 } 1325 1326 ktime_get_real_ts64(&tv); 1327 /* unsigned data safe until 2106 */ 1328 data[0] = (unsigned int)tv.tv_sec; 1329 data[1] = tv.tv_nsec / NSEC_PER_USEC; 1330 ret = 2; 1331 1332 break; 1333 } 1334 case INSN_WAIT: 1335 if (insn->n != 1 || data[0] >= 100000) { 1336 ret = -EINVAL; 1337 break; 1338 } 1339 udelay(data[0] / 1000); 1340 ret = 1; 1341 break; 1342 case INSN_INTTRIG: 1343 if (insn->n != 1) { 1344 ret = -EINVAL; 1345 break; 1346 } 1347 if (insn->subdev >= dev->n_subdevices) { 1348 dev_dbg(dev->class_dev, 1349 "%d not usable subdevice\n", 1350 insn->subdev); 1351 ret = -EINVAL; 1352 break; 1353 } 1354 s = &dev->subdevices[insn->subdev]; 1355 if (!s->async) { 1356 dev_dbg(dev->class_dev, "no async\n"); 1357 ret = -EINVAL; 1358 break; 1359 } 1360 if (!s->async->inttrig) { 1361 dev_dbg(dev->class_dev, "no inttrig\n"); 1362 ret = -EAGAIN; 1363 break; 1364 } 1365 ret = s->async->inttrig(dev, s, data[0]); 1366 if (ret >= 0) 1367 ret = 1; 1368 break; 1369 case INSN_DEVICE_CONFIG: 1370 ret = check_insn_device_config_length(insn, data); 1371 if (ret) 1372 break; 1373 1374 if (data[0] == INSN_DEVICE_CONFIG_GET_ROUTES) { 1375 /* 1376 * data[1] should be the number of _pairs_ that 1377 * the memory can hold. 1378 */ 1379 data[1] = (insn->n - 2) / 2; 1380 ret = get_valid_routes(dev, data); 1381 break; 1382 } 1383 1384 /* other global device config instructions. */ 1385 ret = dev->insn_device_config(dev, insn, data); 1386 break; 1387 default: 1388 dev_dbg(dev->class_dev, "invalid insn\n"); 1389 ret = -EINVAL; 1390 break; 1391 } 1392 } else { 1393 /* a subdevice instruction */ 1394 unsigned int maxdata; 1395 1396 if (insn->subdev >= dev->n_subdevices) { 1397 dev_dbg(dev->class_dev, "subdevice %d out of range\n", 1398 insn->subdev); 1399 ret = -EINVAL; 1400 goto out; 1401 } 1402 s = &dev->subdevices[insn->subdev]; 1403 1404 if (s->type == COMEDI_SUBD_UNUSED) { 1405 dev_dbg(dev->class_dev, "%d not usable subdevice\n", 1406 insn->subdev); 1407 ret = -EIO; 1408 goto out; 1409 } 1410 1411 /* are we locked? (ioctl lock) */ 1412 if (s->lock && s->lock != file) { 1413 dev_dbg(dev->class_dev, "device locked\n"); 1414 ret = -EACCES; 1415 goto out; 1416 } 1417 1418 ret = comedi_check_chanlist(s, 1, &insn->chanspec); 1419 if (ret < 0) { 1420 ret = -EINVAL; 1421 dev_dbg(dev->class_dev, "bad chanspec\n"); 1422 goto out; 1423 } 1424 1425 if (s->busy) { 1426 ret = -EBUSY; 1427 goto out; 1428 } 1429 /* This looks arbitrary. It is. */ 1430 s->busy = parse_insn; 1431 switch (insn->insn) { 1432 case INSN_READ: 1433 ret = s->insn_read(dev, s, insn, data); 1434 if (ret == -ETIMEDOUT) { 1435 dev_dbg(dev->class_dev, 1436 "subdevice %d read instruction timed out\n", 1437 s->index); 1438 } 1439 break; 1440 case INSN_WRITE: 1441 maxdata = s->maxdata_list 1442 ? s->maxdata_list[CR_CHAN(insn->chanspec)] 1443 : s->maxdata; 1444 for (i = 0; i < insn->n; ++i) { 1445 if (data[i] > maxdata) { 1446 ret = -EINVAL; 1447 dev_dbg(dev->class_dev, 1448 "bad data value(s)\n"); 1449 break; 1450 } 1451 } 1452 if (ret == 0) { 1453 ret = s->insn_write(dev, s, insn, data); 1454 if (ret == -ETIMEDOUT) { 1455 dev_dbg(dev->class_dev, 1456 "subdevice %d write instruction timed out\n", 1457 s->index); 1458 } 1459 } 1460 break; 1461 case INSN_BITS: 1462 if (insn->n != 2) { 1463 ret = -EINVAL; 1464 } else { 1465 /* 1466 * Most drivers ignore the base channel in 1467 * insn->chanspec. Fix this here if 1468 * the subdevice has <= 32 channels. 1469 */ 1470 unsigned int orig_mask = data[0]; 1471 unsigned int shift = 0; 1472 1473 if (s->n_chan <= 32) { 1474 shift = CR_CHAN(insn->chanspec); 1475 if (shift > 0) { 1476 insn->chanspec = 0; 1477 data[0] <<= shift; 1478 data[1] <<= shift; 1479 } 1480 } 1481 ret = s->insn_bits(dev, s, insn, data); 1482 data[0] = orig_mask; 1483 if (shift > 0) 1484 data[1] >>= shift; 1485 } 1486 break; 1487 case INSN_CONFIG: 1488 ret = check_insn_config_length(insn, data); 1489 if (ret) 1490 break; 1491 ret = s->insn_config(dev, s, insn, data); 1492 break; 1493 default: 1494 ret = -EINVAL; 1495 break; 1496 } 1497 1498 s->busy = NULL; 1499 } 1500 1501 out: 1502 return ret; 1503 } 1504 1505 /* 1506 * COMEDI_INSNLIST ioctl 1507 * synchronous instruction list 1508 * 1509 * arg: 1510 * pointer to comedi_insnlist structure 1511 * 1512 * reads: 1513 * comedi_insnlist structure 1514 * array of comedi_insn structures from insnlist->insns pointer 1515 * data (for writes) from insns[].data pointers 1516 * 1517 * writes: 1518 * data (for reads) to insns[].data pointers 1519 */ 1520 /* arbitrary limits */ 1521 #define MIN_SAMPLES 16 1522 #define MAX_SAMPLES 65536 1523 static int do_insnlist_ioctl(struct comedi_device *dev, 1524 struct comedi_insn *insns, 1525 unsigned int n_insns, 1526 void *file) 1527 { 1528 unsigned int *data = NULL; 1529 unsigned int max_n_data_required = MIN_SAMPLES; 1530 int i = 0; 1531 int ret = 0; 1532 1533 lockdep_assert_held(&dev->mutex); 1534 1535 /* Determine maximum memory needed for all instructions. */ 1536 for (i = 0; i < n_insns; ++i) { 1537 if (insns[i].n > MAX_SAMPLES) { 1538 dev_dbg(dev->class_dev, 1539 "number of samples too large\n"); 1540 ret = -EINVAL; 1541 goto error; 1542 } 1543 max_n_data_required = max(max_n_data_required, insns[i].n); 1544 } 1545 1546 /* Allocate scratch space for all instruction data. */ 1547 data = kmalloc_array(max_n_data_required, sizeof(unsigned int), 1548 GFP_KERNEL); 1549 if (!data) { 1550 ret = -ENOMEM; 1551 goto error; 1552 } 1553 1554 for (i = 0; i < n_insns; ++i) { 1555 if (insns[i].insn & INSN_MASK_WRITE) { 1556 if (copy_from_user(data, insns[i].data, 1557 insns[i].n * sizeof(unsigned int))) { 1558 dev_dbg(dev->class_dev, 1559 "copy_from_user failed\n"); 1560 ret = -EFAULT; 1561 goto error; 1562 } 1563 } 1564 ret = parse_insn(dev, insns + i, data, file); 1565 if (ret < 0) 1566 goto error; 1567 if (insns[i].insn & INSN_MASK_READ) { 1568 if (copy_to_user(insns[i].data, data, 1569 insns[i].n * sizeof(unsigned int))) { 1570 dev_dbg(dev->class_dev, 1571 "copy_to_user failed\n"); 1572 ret = -EFAULT; 1573 goto error; 1574 } 1575 } 1576 if (need_resched()) 1577 schedule(); 1578 } 1579 1580 error: 1581 kfree(data); 1582 1583 if (ret < 0) 1584 return ret; 1585 return i; 1586 } 1587 1588 /* 1589 * COMEDI_INSN ioctl 1590 * synchronous instruction 1591 * 1592 * arg: 1593 * pointer to comedi_insn structure 1594 * 1595 * reads: 1596 * comedi_insn structure 1597 * data (for writes) from insn->data pointer 1598 * 1599 * writes: 1600 * data (for reads) to insn->data pointer 1601 */ 1602 static int do_insn_ioctl(struct comedi_device *dev, 1603 struct comedi_insn *insn, void *file) 1604 { 1605 unsigned int *data = NULL; 1606 unsigned int n_data = MIN_SAMPLES; 1607 int ret = 0; 1608 1609 lockdep_assert_held(&dev->mutex); 1610 1611 n_data = max(n_data, insn->n); 1612 1613 /* This is where the behavior of insn and insnlist deviate. */ 1614 if (insn->n > MAX_SAMPLES) { 1615 insn->n = MAX_SAMPLES; 1616 n_data = MAX_SAMPLES; 1617 } 1618 1619 data = kmalloc_array(n_data, sizeof(unsigned int), GFP_KERNEL); 1620 if (!data) { 1621 ret = -ENOMEM; 1622 goto error; 1623 } 1624 1625 if (insn->insn & INSN_MASK_WRITE) { 1626 if (copy_from_user(data, 1627 insn->data, 1628 insn->n * sizeof(unsigned int))) { 1629 ret = -EFAULT; 1630 goto error; 1631 } 1632 } 1633 ret = parse_insn(dev, insn, data, file); 1634 if (ret < 0) 1635 goto error; 1636 if (insn->insn & INSN_MASK_READ) { 1637 if (copy_to_user(insn->data, 1638 data, 1639 insn->n * sizeof(unsigned int))) { 1640 ret = -EFAULT; 1641 goto error; 1642 } 1643 } 1644 ret = insn->n; 1645 1646 error: 1647 kfree(data); 1648 1649 return ret; 1650 } 1651 1652 static int __comedi_get_user_cmd(struct comedi_device *dev, 1653 struct comedi_cmd *cmd) 1654 { 1655 struct comedi_subdevice *s; 1656 1657 lockdep_assert_held(&dev->mutex); 1658 if (cmd->subdev >= dev->n_subdevices) { 1659 dev_dbg(dev->class_dev, "%d no such subdevice\n", cmd->subdev); 1660 return -ENODEV; 1661 } 1662 1663 s = &dev->subdevices[cmd->subdev]; 1664 1665 if (s->type == COMEDI_SUBD_UNUSED) { 1666 dev_dbg(dev->class_dev, "%d not valid subdevice\n", 1667 cmd->subdev); 1668 return -EIO; 1669 } 1670 1671 if (!s->do_cmd || !s->do_cmdtest || !s->async) { 1672 dev_dbg(dev->class_dev, 1673 "subdevice %d does not support commands\n", 1674 cmd->subdev); 1675 return -EIO; 1676 } 1677 1678 /* make sure channel/gain list isn't too long */ 1679 if (cmd->chanlist_len > s->len_chanlist) { 1680 dev_dbg(dev->class_dev, "channel/gain list too long %d > %d\n", 1681 cmd->chanlist_len, s->len_chanlist); 1682 return -EINVAL; 1683 } 1684 1685 /* 1686 * Set the CMDF_WRITE flag to the correct state if the subdevice 1687 * supports only "read" commands or only "write" commands. 1688 */ 1689 switch (s->subdev_flags & (SDF_CMD_READ | SDF_CMD_WRITE)) { 1690 case SDF_CMD_READ: 1691 cmd->flags &= ~CMDF_WRITE; 1692 break; 1693 case SDF_CMD_WRITE: 1694 cmd->flags |= CMDF_WRITE; 1695 break; 1696 default: 1697 break; 1698 } 1699 1700 return 0; 1701 } 1702 1703 static int __comedi_get_user_chanlist(struct comedi_device *dev, 1704 struct comedi_subdevice *s, 1705 unsigned int __user *user_chanlist, 1706 struct comedi_cmd *cmd) 1707 { 1708 unsigned int *chanlist; 1709 int ret; 1710 1711 lockdep_assert_held(&dev->mutex); 1712 cmd->chanlist = NULL; 1713 chanlist = memdup_user(user_chanlist, 1714 cmd->chanlist_len * sizeof(unsigned int)); 1715 if (IS_ERR(chanlist)) 1716 return PTR_ERR(chanlist); 1717 1718 /* make sure each element in channel/gain list is valid */ 1719 ret = comedi_check_chanlist(s, cmd->chanlist_len, chanlist); 1720 if (ret < 0) { 1721 kfree(chanlist); 1722 return ret; 1723 } 1724 1725 cmd->chanlist = chanlist; 1726 1727 return 0; 1728 } 1729 1730 /* 1731 * COMEDI_CMD ioctl 1732 * asynchronous acquisition command set-up 1733 * 1734 * arg: 1735 * pointer to comedi_cmd structure 1736 * 1737 * reads: 1738 * comedi_cmd structure 1739 * channel/range list from cmd->chanlist pointer 1740 * 1741 * writes: 1742 * possibly modified comedi_cmd structure (when -EAGAIN returned) 1743 */ 1744 static int do_cmd_ioctl(struct comedi_device *dev, 1745 struct comedi_cmd *cmd, bool *copy, void *file) 1746 { 1747 struct comedi_subdevice *s; 1748 struct comedi_async *async; 1749 unsigned int __user *user_chanlist; 1750 int ret; 1751 1752 lockdep_assert_held(&dev->mutex); 1753 1754 /* do some simple cmd validation */ 1755 ret = __comedi_get_user_cmd(dev, cmd); 1756 if (ret) 1757 return ret; 1758 1759 /* save user's chanlist pointer so it can be restored later */ 1760 user_chanlist = (unsigned int __user *)cmd->chanlist; 1761 1762 s = &dev->subdevices[cmd->subdev]; 1763 async = s->async; 1764 1765 /* are we locked? (ioctl lock) */ 1766 if (s->lock && s->lock != file) { 1767 dev_dbg(dev->class_dev, "subdevice locked\n"); 1768 return -EACCES; 1769 } 1770 1771 /* are we busy? */ 1772 if (s->busy) { 1773 dev_dbg(dev->class_dev, "subdevice busy\n"); 1774 return -EBUSY; 1775 } 1776 1777 /* make sure channel/gain list isn't too short */ 1778 if (cmd->chanlist_len < 1) { 1779 dev_dbg(dev->class_dev, "channel/gain list too short %u < 1\n", 1780 cmd->chanlist_len); 1781 return -EINVAL; 1782 } 1783 1784 async->cmd = *cmd; 1785 async->cmd.data = NULL; 1786 1787 /* load channel/gain list */ 1788 ret = __comedi_get_user_chanlist(dev, s, user_chanlist, &async->cmd); 1789 if (ret) 1790 goto cleanup; 1791 1792 ret = s->do_cmdtest(dev, s, &async->cmd); 1793 1794 if (async->cmd.flags & CMDF_BOGUS || ret) { 1795 dev_dbg(dev->class_dev, "test returned %d\n", ret); 1796 *cmd = async->cmd; 1797 /* restore chanlist pointer before copying back */ 1798 cmd->chanlist = (unsigned int __force *)user_chanlist; 1799 cmd->data = NULL; 1800 *copy = true; 1801 ret = -EAGAIN; 1802 goto cleanup; 1803 } 1804 1805 if (!async->prealloc_bufsz) { 1806 ret = -ENOMEM; 1807 dev_dbg(dev->class_dev, "no buffer (?)\n"); 1808 goto cleanup; 1809 } 1810 1811 comedi_buf_reset(s); 1812 1813 async->cb_mask = COMEDI_CB_BLOCK | COMEDI_CB_CANCEL_MASK; 1814 if (async->cmd.flags & CMDF_WAKE_EOS) 1815 async->cb_mask |= COMEDI_CB_EOS; 1816 1817 comedi_update_subdevice_runflags(s, COMEDI_SRF_BUSY_MASK, 1818 COMEDI_SRF_RUNNING); 1819 1820 /* 1821 * Set s->busy _after_ setting COMEDI_SRF_RUNNING flag to avoid 1822 * race with comedi_read() or comedi_write(). 1823 */ 1824 s->busy = file; 1825 ret = s->do_cmd(dev, s); 1826 if (ret == 0) 1827 return 0; 1828 1829 cleanup: 1830 do_become_nonbusy(dev, s); 1831 1832 return ret; 1833 } 1834 1835 /* 1836 * COMEDI_CMDTEST ioctl 1837 * asynchronous acquisition command testing 1838 * 1839 * arg: 1840 * pointer to comedi_cmd structure 1841 * 1842 * reads: 1843 * comedi_cmd structure 1844 * channel/range list from cmd->chanlist pointer 1845 * 1846 * writes: 1847 * possibly modified comedi_cmd structure 1848 */ 1849 static int do_cmdtest_ioctl(struct comedi_device *dev, 1850 struct comedi_cmd *cmd, bool *copy, void *file) 1851 { 1852 struct comedi_subdevice *s; 1853 unsigned int __user *user_chanlist; 1854 int ret; 1855 1856 lockdep_assert_held(&dev->mutex); 1857 1858 /* do some simple cmd validation */ 1859 ret = __comedi_get_user_cmd(dev, cmd); 1860 if (ret) 1861 return ret; 1862 1863 /* save user's chanlist pointer so it can be restored later */ 1864 user_chanlist = (unsigned int __user *)cmd->chanlist; 1865 1866 s = &dev->subdevices[cmd->subdev]; 1867 1868 /* user_chanlist can be NULL for COMEDI_CMDTEST ioctl */ 1869 if (user_chanlist) { 1870 /* load channel/gain list */ 1871 ret = __comedi_get_user_chanlist(dev, s, user_chanlist, cmd); 1872 if (ret) 1873 return ret; 1874 } 1875 1876 ret = s->do_cmdtest(dev, s, cmd); 1877 1878 kfree(cmd->chanlist); /* free kernel copy of user chanlist */ 1879 1880 /* restore chanlist pointer before copying back */ 1881 cmd->chanlist = (unsigned int __force *)user_chanlist; 1882 *copy = true; 1883 1884 return ret; 1885 } 1886 1887 /* 1888 * COMEDI_LOCK ioctl 1889 * lock subdevice 1890 * 1891 * arg: 1892 * subdevice number 1893 * 1894 * reads: 1895 * nothing 1896 * 1897 * writes: 1898 * nothing 1899 */ 1900 static int do_lock_ioctl(struct comedi_device *dev, unsigned long arg, 1901 void *file) 1902 { 1903 int ret = 0; 1904 unsigned long flags; 1905 struct comedi_subdevice *s; 1906 1907 lockdep_assert_held(&dev->mutex); 1908 if (arg >= dev->n_subdevices) 1909 return -EINVAL; 1910 s = &dev->subdevices[arg]; 1911 1912 spin_lock_irqsave(&s->spin_lock, flags); 1913 if (s->busy || s->lock) 1914 ret = -EBUSY; 1915 else 1916 s->lock = file; 1917 spin_unlock_irqrestore(&s->spin_lock, flags); 1918 1919 return ret; 1920 } 1921 1922 /* 1923 * COMEDI_UNLOCK ioctl 1924 * unlock subdevice 1925 * 1926 * arg: 1927 * subdevice number 1928 * 1929 * reads: 1930 * nothing 1931 * 1932 * writes: 1933 * nothing 1934 */ 1935 static int do_unlock_ioctl(struct comedi_device *dev, unsigned long arg, 1936 void *file) 1937 { 1938 struct comedi_subdevice *s; 1939 1940 lockdep_assert_held(&dev->mutex); 1941 if (arg >= dev->n_subdevices) 1942 return -EINVAL; 1943 s = &dev->subdevices[arg]; 1944 1945 if (s->busy) 1946 return -EBUSY; 1947 1948 if (s->lock && s->lock != file) 1949 return -EACCES; 1950 1951 if (s->lock == file) 1952 s->lock = NULL; 1953 1954 return 0; 1955 } 1956 1957 /* 1958 * COMEDI_CANCEL ioctl 1959 * cancel asynchronous acquisition 1960 * 1961 * arg: 1962 * subdevice number 1963 * 1964 * reads: 1965 * nothing 1966 * 1967 * writes: 1968 * nothing 1969 */ 1970 static int do_cancel_ioctl(struct comedi_device *dev, unsigned long arg, 1971 void *file) 1972 { 1973 struct comedi_subdevice *s; 1974 1975 lockdep_assert_held(&dev->mutex); 1976 if (arg >= dev->n_subdevices) 1977 return -EINVAL; 1978 s = &dev->subdevices[arg]; 1979 if (!s->async) 1980 return -EINVAL; 1981 1982 if (!s->busy) 1983 return 0; 1984 1985 if (s->busy != file) 1986 return -EBUSY; 1987 1988 return do_cancel(dev, s); 1989 } 1990 1991 /* 1992 * COMEDI_POLL ioctl 1993 * instructs driver to synchronize buffers 1994 * 1995 * arg: 1996 * subdevice number 1997 * 1998 * reads: 1999 * nothing 2000 * 2001 * writes: 2002 * nothing 2003 */ 2004 static int do_poll_ioctl(struct comedi_device *dev, unsigned long arg, 2005 void *file) 2006 { 2007 struct comedi_subdevice *s; 2008 2009 lockdep_assert_held(&dev->mutex); 2010 if (arg >= dev->n_subdevices) 2011 return -EINVAL; 2012 s = &dev->subdevices[arg]; 2013 2014 if (!s->busy) 2015 return 0; 2016 2017 if (s->busy != file) 2018 return -EBUSY; 2019 2020 if (s->poll) 2021 return s->poll(dev, s); 2022 2023 return -EINVAL; 2024 } 2025 2026 /* 2027 * COMEDI_SETRSUBD ioctl 2028 * sets the current "read" subdevice on a per-file basis 2029 * 2030 * arg: 2031 * subdevice number 2032 * 2033 * reads: 2034 * nothing 2035 * 2036 * writes: 2037 * nothing 2038 */ 2039 static int do_setrsubd_ioctl(struct comedi_device *dev, unsigned long arg, 2040 struct file *file) 2041 { 2042 struct comedi_file *cfp = file->private_data; 2043 struct comedi_subdevice *s_old, *s_new; 2044 2045 lockdep_assert_held(&dev->mutex); 2046 if (arg >= dev->n_subdevices) 2047 return -EINVAL; 2048 2049 s_new = &dev->subdevices[arg]; 2050 s_old = comedi_file_read_subdevice(file); 2051 if (s_old == s_new) 2052 return 0; /* no change */ 2053 2054 if (!(s_new->subdev_flags & SDF_CMD_READ)) 2055 return -EINVAL; 2056 2057 /* 2058 * Check the file isn't still busy handling a "read" command on the 2059 * old subdevice (if any). 2060 */ 2061 if (s_old && s_old->busy == file && s_old->async && 2062 !(s_old->async->cmd.flags & CMDF_WRITE)) 2063 return -EBUSY; 2064 2065 WRITE_ONCE(cfp->read_subdev, s_new); 2066 return 0; 2067 } 2068 2069 /* 2070 * COMEDI_SETWSUBD ioctl 2071 * sets the current "write" subdevice on a per-file basis 2072 * 2073 * arg: 2074 * subdevice number 2075 * 2076 * reads: 2077 * nothing 2078 * 2079 * writes: 2080 * nothing 2081 */ 2082 static int do_setwsubd_ioctl(struct comedi_device *dev, unsigned long arg, 2083 struct file *file) 2084 { 2085 struct comedi_file *cfp = file->private_data; 2086 struct comedi_subdevice *s_old, *s_new; 2087 2088 lockdep_assert_held(&dev->mutex); 2089 if (arg >= dev->n_subdevices) 2090 return -EINVAL; 2091 2092 s_new = &dev->subdevices[arg]; 2093 s_old = comedi_file_write_subdevice(file); 2094 if (s_old == s_new) 2095 return 0; /* no change */ 2096 2097 if (!(s_new->subdev_flags & SDF_CMD_WRITE)) 2098 return -EINVAL; 2099 2100 /* 2101 * Check the file isn't still busy handling a "write" command on the 2102 * old subdevice (if any). 2103 */ 2104 if (s_old && s_old->busy == file && s_old->async && 2105 (s_old->async->cmd.flags & CMDF_WRITE)) 2106 return -EBUSY; 2107 2108 WRITE_ONCE(cfp->write_subdev, s_new); 2109 return 0; 2110 } 2111 2112 static long comedi_unlocked_ioctl(struct file *file, unsigned int cmd, 2113 unsigned long arg) 2114 { 2115 unsigned int minor = iminor(file_inode(file)); 2116 struct comedi_file *cfp = file->private_data; 2117 struct comedi_device *dev = cfp->dev; 2118 int rc; 2119 2120 mutex_lock(&dev->mutex); 2121 2122 /* 2123 * Device config is special, because it must work on 2124 * an unconfigured device. 2125 */ 2126 if (cmd == COMEDI_DEVCONFIG) { 2127 if (minor >= COMEDI_NUM_BOARD_MINORS) { 2128 /* Device config not appropriate on non-board minors. */ 2129 rc = -ENOTTY; 2130 goto done; 2131 } 2132 rc = do_devconfig_ioctl(dev, 2133 (struct comedi_devconfig __user *)arg); 2134 if (rc == 0) { 2135 if (arg == 0 && 2136 dev->minor >= comedi_num_legacy_minors) { 2137 /* 2138 * Successfully unconfigured a dynamically 2139 * allocated device. Try and remove it. 2140 */ 2141 if (comedi_clear_board_dev(dev)) { 2142 mutex_unlock(&dev->mutex); 2143 comedi_free_board_dev(dev); 2144 return rc; 2145 } 2146 } 2147 } 2148 goto done; 2149 } 2150 2151 if (!dev->attached) { 2152 dev_dbg(dev->class_dev, "no driver attached\n"); 2153 rc = -ENODEV; 2154 goto done; 2155 } 2156 2157 switch (cmd) { 2158 case COMEDI_BUFCONFIG: 2159 rc = do_bufconfig_ioctl(dev, 2160 (struct comedi_bufconfig __user *)arg); 2161 break; 2162 case COMEDI_DEVINFO: 2163 rc = do_devinfo_ioctl(dev, (struct comedi_devinfo __user *)arg, 2164 file); 2165 break; 2166 case COMEDI_SUBDINFO: 2167 rc = do_subdinfo_ioctl(dev, 2168 (struct comedi_subdinfo __user *)arg, 2169 file); 2170 break; 2171 case COMEDI_CHANINFO: { 2172 struct comedi_chaninfo it; 2173 2174 if (copy_from_user(&it, (void __user *)arg, sizeof(it))) 2175 rc = -EFAULT; 2176 else 2177 rc = do_chaninfo_ioctl(dev, &it); 2178 break; 2179 } 2180 case COMEDI_RANGEINFO: { 2181 struct comedi_rangeinfo it; 2182 2183 if (copy_from_user(&it, (void __user *)arg, sizeof(it))) 2184 rc = -EFAULT; 2185 else 2186 rc = do_rangeinfo_ioctl(dev, &it); 2187 break; 2188 } 2189 case COMEDI_BUFINFO: 2190 rc = do_bufinfo_ioctl(dev, 2191 (struct comedi_bufinfo __user *)arg, 2192 file); 2193 break; 2194 case COMEDI_LOCK: 2195 rc = do_lock_ioctl(dev, arg, file); 2196 break; 2197 case COMEDI_UNLOCK: 2198 rc = do_unlock_ioctl(dev, arg, file); 2199 break; 2200 case COMEDI_CANCEL: 2201 rc = do_cancel_ioctl(dev, arg, file); 2202 break; 2203 case COMEDI_CMD: { 2204 struct comedi_cmd cmd; 2205 bool copy = false; 2206 2207 if (copy_from_user(&cmd, (void __user *)arg, sizeof(cmd))) { 2208 rc = -EFAULT; 2209 break; 2210 } 2211 rc = do_cmd_ioctl(dev, &cmd, ©, file); 2212 if (copy && copy_to_user((void __user *)arg, &cmd, sizeof(cmd))) 2213 rc = -EFAULT; 2214 break; 2215 } 2216 case COMEDI_CMDTEST: { 2217 struct comedi_cmd cmd; 2218 bool copy = false; 2219 2220 if (copy_from_user(&cmd, (void __user *)arg, sizeof(cmd))) { 2221 rc = -EFAULT; 2222 break; 2223 } 2224 rc = do_cmdtest_ioctl(dev, &cmd, ©, file); 2225 if (copy && copy_to_user((void __user *)arg, &cmd, sizeof(cmd))) 2226 rc = -EFAULT; 2227 break; 2228 } 2229 case COMEDI_INSNLIST: { 2230 struct comedi_insnlist insnlist; 2231 struct comedi_insn *insns = NULL; 2232 2233 if (copy_from_user(&insnlist, (void __user *)arg, 2234 sizeof(insnlist))) { 2235 rc = -EFAULT; 2236 break; 2237 } 2238 insns = kcalloc(insnlist.n_insns, sizeof(*insns), GFP_KERNEL); 2239 if (!insns) { 2240 rc = -ENOMEM; 2241 break; 2242 } 2243 if (copy_from_user(insns, insnlist.insns, 2244 sizeof(*insns) * insnlist.n_insns)) { 2245 rc = -EFAULT; 2246 kfree(insns); 2247 break; 2248 } 2249 rc = do_insnlist_ioctl(dev, insns, insnlist.n_insns, file); 2250 kfree(insns); 2251 break; 2252 } 2253 case COMEDI_INSN: { 2254 struct comedi_insn insn; 2255 2256 if (copy_from_user(&insn, (void __user *)arg, sizeof(insn))) 2257 rc = -EFAULT; 2258 else 2259 rc = do_insn_ioctl(dev, &insn, file); 2260 break; 2261 } 2262 case COMEDI_POLL: 2263 rc = do_poll_ioctl(dev, arg, file); 2264 break; 2265 case COMEDI_SETRSUBD: 2266 rc = do_setrsubd_ioctl(dev, arg, file); 2267 break; 2268 case COMEDI_SETWSUBD: 2269 rc = do_setwsubd_ioctl(dev, arg, file); 2270 break; 2271 default: 2272 rc = -ENOTTY; 2273 break; 2274 } 2275 2276 done: 2277 mutex_unlock(&dev->mutex); 2278 return rc; 2279 } 2280 2281 static void comedi_vm_open(struct vm_area_struct *area) 2282 { 2283 struct comedi_buf_map *bm; 2284 2285 bm = area->vm_private_data; 2286 comedi_buf_map_get(bm); 2287 } 2288 2289 static void comedi_vm_close(struct vm_area_struct *area) 2290 { 2291 struct comedi_buf_map *bm; 2292 2293 bm = area->vm_private_data; 2294 comedi_buf_map_put(bm); 2295 } 2296 2297 static int comedi_vm_access(struct vm_area_struct *vma, unsigned long addr, 2298 void *buf, int len, int write) 2299 { 2300 struct comedi_buf_map *bm = vma->vm_private_data; 2301 unsigned long offset = 2302 addr - vma->vm_start + (vma->vm_pgoff << PAGE_SHIFT); 2303 2304 if (len < 0) 2305 return -EINVAL; 2306 if (len > vma->vm_end - addr) 2307 len = vma->vm_end - addr; 2308 return comedi_buf_map_access(bm, offset, buf, len, write); 2309 } 2310 2311 static const struct vm_operations_struct comedi_vm_ops = { 2312 .open = comedi_vm_open, 2313 .close = comedi_vm_close, 2314 .access = comedi_vm_access, 2315 }; 2316 2317 static int comedi_mmap(struct file *file, struct vm_area_struct *vma) 2318 { 2319 struct comedi_file *cfp = file->private_data; 2320 struct comedi_device *dev = cfp->dev; 2321 struct comedi_subdevice *s; 2322 struct comedi_async *async; 2323 struct comedi_buf_map *bm = NULL; 2324 struct comedi_buf_page *buf; 2325 unsigned long start = vma->vm_start; 2326 unsigned long size; 2327 int n_pages; 2328 int i; 2329 int retval = 0; 2330 2331 /* 2332 * 'trylock' avoids circular dependency with current->mm->mmap_lock 2333 * and down-reading &dev->attach_lock should normally succeed without 2334 * contention unless the device is in the process of being attached 2335 * or detached. 2336 */ 2337 if (!down_read_trylock(&dev->attach_lock)) 2338 return -EAGAIN; 2339 2340 if (!dev->attached) { 2341 dev_dbg(dev->class_dev, "no driver attached\n"); 2342 retval = -ENODEV; 2343 goto done; 2344 } 2345 2346 if (vma->vm_flags & VM_WRITE) 2347 s = comedi_file_write_subdevice(file); 2348 else 2349 s = comedi_file_read_subdevice(file); 2350 if (!s) { 2351 retval = -EINVAL; 2352 goto done; 2353 } 2354 2355 async = s->async; 2356 if (!async) { 2357 retval = -EINVAL; 2358 goto done; 2359 } 2360 2361 if (vma->vm_pgoff != 0) { 2362 dev_dbg(dev->class_dev, "mmap() offset must be 0.\n"); 2363 retval = -EINVAL; 2364 goto done; 2365 } 2366 2367 size = vma->vm_end - vma->vm_start; 2368 if (size > async->prealloc_bufsz) { 2369 retval = -EFAULT; 2370 goto done; 2371 } 2372 if (offset_in_page(size)) { 2373 retval = -EFAULT; 2374 goto done; 2375 } 2376 2377 n_pages = vma_pages(vma); 2378 2379 /* get reference to current buf map (if any) */ 2380 bm = comedi_buf_map_from_subdev_get(s); 2381 if (!bm || n_pages > bm->n_pages) { 2382 retval = -EINVAL; 2383 goto done; 2384 } 2385 if (bm->dma_dir != DMA_NONE) { 2386 /* 2387 * DMA buffer was allocated as a single block. 2388 * Address is in page_list[0]. 2389 */ 2390 buf = &bm->page_list[0]; 2391 retval = dma_mmap_coherent(bm->dma_hw_dev, vma, buf->virt_addr, 2392 buf->dma_addr, n_pages * PAGE_SIZE); 2393 } else { 2394 for (i = 0; i < n_pages; ++i) { 2395 unsigned long pfn; 2396 2397 buf = &bm->page_list[i]; 2398 pfn = page_to_pfn(virt_to_page(buf->virt_addr)); 2399 retval = remap_pfn_range(vma, start, pfn, PAGE_SIZE, 2400 PAGE_SHARED); 2401 if (retval) 2402 break; 2403 2404 start += PAGE_SIZE; 2405 } 2406 } 2407 2408 if (retval == 0) { 2409 vma->vm_ops = &comedi_vm_ops; 2410 vma->vm_private_data = bm; 2411 2412 vma->vm_ops->open(vma); 2413 } 2414 2415 done: 2416 up_read(&dev->attach_lock); 2417 comedi_buf_map_put(bm); /* put reference to buf map - okay if NULL */ 2418 return retval; 2419 } 2420 2421 static __poll_t comedi_poll(struct file *file, poll_table *wait) 2422 { 2423 __poll_t mask = 0; 2424 struct comedi_file *cfp = file->private_data; 2425 struct comedi_device *dev = cfp->dev; 2426 struct comedi_subdevice *s, *s_read; 2427 2428 down_read(&dev->attach_lock); 2429 2430 if (!dev->attached) { 2431 dev_dbg(dev->class_dev, "no driver attached\n"); 2432 goto done; 2433 } 2434 2435 s = comedi_file_read_subdevice(file); 2436 s_read = s; 2437 if (s && s->async) { 2438 poll_wait(file, &s->async->wait_head, wait); 2439 if (s->busy != file || !comedi_is_subdevice_running(s) || 2440 (s->async->cmd.flags & CMDF_WRITE) || 2441 comedi_buf_read_n_available(s) > 0) 2442 mask |= EPOLLIN | EPOLLRDNORM; 2443 } 2444 2445 s = comedi_file_write_subdevice(file); 2446 if (s && s->async) { 2447 unsigned int bps = comedi_bytes_per_sample(s); 2448 2449 if (s != s_read) 2450 poll_wait(file, &s->async->wait_head, wait); 2451 if (s->busy != file || !comedi_is_subdevice_running(s) || 2452 !(s->async->cmd.flags & CMDF_WRITE) || 2453 comedi_buf_write_n_available(s) >= bps) 2454 mask |= EPOLLOUT | EPOLLWRNORM; 2455 } 2456 2457 done: 2458 up_read(&dev->attach_lock); 2459 return mask; 2460 } 2461 2462 static ssize_t comedi_write(struct file *file, const char __user *buf, 2463 size_t nbytes, loff_t *offset) 2464 { 2465 struct comedi_subdevice *s; 2466 struct comedi_async *async; 2467 unsigned int n, m; 2468 ssize_t count = 0; 2469 int retval = 0; 2470 DECLARE_WAITQUEUE(wait, current); 2471 struct comedi_file *cfp = file->private_data; 2472 struct comedi_device *dev = cfp->dev; 2473 bool become_nonbusy = false; 2474 bool attach_locked; 2475 unsigned int old_detach_count; 2476 2477 /* Protect against device detachment during operation. */ 2478 down_read(&dev->attach_lock); 2479 attach_locked = true; 2480 old_detach_count = dev->detach_count; 2481 2482 if (!dev->attached) { 2483 dev_dbg(dev->class_dev, "no driver attached\n"); 2484 retval = -ENODEV; 2485 goto out; 2486 } 2487 2488 s = comedi_file_write_subdevice(file); 2489 if (!s || !s->async) { 2490 retval = -EIO; 2491 goto out; 2492 } 2493 2494 async = s->async; 2495 if (s->busy != file || !(async->cmd.flags & CMDF_WRITE)) { 2496 retval = -EINVAL; 2497 goto out; 2498 } 2499 2500 add_wait_queue(&async->wait_head, &wait); 2501 while (count == 0 && !retval) { 2502 unsigned int runflags; 2503 unsigned int wp, n1, n2; 2504 2505 set_current_state(TASK_INTERRUPTIBLE); 2506 2507 runflags = comedi_get_subdevice_runflags(s); 2508 if (!comedi_is_runflags_running(runflags)) { 2509 if (comedi_is_runflags_in_error(runflags)) 2510 retval = -EPIPE; 2511 if (retval || nbytes) 2512 become_nonbusy = true; 2513 break; 2514 } 2515 if (nbytes == 0) 2516 break; 2517 2518 /* Allocate all free buffer space. */ 2519 comedi_buf_write_alloc(s, async->prealloc_bufsz); 2520 m = comedi_buf_write_n_allocated(s); 2521 n = min_t(size_t, m, nbytes); 2522 2523 if (n == 0) { 2524 if (file->f_flags & O_NONBLOCK) { 2525 retval = -EAGAIN; 2526 break; 2527 } 2528 schedule(); 2529 if (signal_pending(current)) { 2530 retval = -ERESTARTSYS; 2531 break; 2532 } 2533 if (s->busy != file || 2534 !(async->cmd.flags & CMDF_WRITE)) { 2535 retval = -EINVAL; 2536 break; 2537 } 2538 continue; 2539 } 2540 2541 set_current_state(TASK_RUNNING); 2542 wp = async->buf_write_ptr; 2543 n1 = min(n, async->prealloc_bufsz - wp); 2544 n2 = n - n1; 2545 m = copy_from_user(async->prealloc_buf + wp, buf, n1); 2546 if (m) 2547 m += n2; 2548 else if (n2) 2549 m = copy_from_user(async->prealloc_buf, buf + n1, n2); 2550 if (m) { 2551 n -= m; 2552 retval = -EFAULT; 2553 } 2554 comedi_buf_write_free(s, n); 2555 2556 count += n; 2557 nbytes -= n; 2558 2559 buf += n; 2560 } 2561 remove_wait_queue(&async->wait_head, &wait); 2562 set_current_state(TASK_RUNNING); 2563 if (become_nonbusy && count == 0) { 2564 struct comedi_subdevice *new_s; 2565 2566 /* 2567 * To avoid deadlock, cannot acquire dev->mutex 2568 * while dev->attach_lock is held. 2569 */ 2570 up_read(&dev->attach_lock); 2571 attach_locked = false; 2572 mutex_lock(&dev->mutex); 2573 /* 2574 * Check device hasn't become detached behind our back. 2575 * Checking dev->detach_count is unchanged ought to be 2576 * sufficient (unless there have been 2**32 detaches in the 2577 * meantime!), but check the subdevice pointer as well just in 2578 * case. 2579 * 2580 * Also check the subdevice is still in a suitable state to 2581 * become non-busy in case it changed behind our back. 2582 */ 2583 new_s = comedi_file_write_subdevice(file); 2584 if (dev->attached && old_detach_count == dev->detach_count && 2585 s == new_s && new_s->async == async && s->busy == file && 2586 (async->cmd.flags & CMDF_WRITE) && 2587 !comedi_is_subdevice_running(s)) 2588 do_become_nonbusy(dev, s); 2589 mutex_unlock(&dev->mutex); 2590 } 2591 out: 2592 if (attach_locked) 2593 up_read(&dev->attach_lock); 2594 2595 return count ? count : retval; 2596 } 2597 2598 static ssize_t comedi_read(struct file *file, char __user *buf, size_t nbytes, 2599 loff_t *offset) 2600 { 2601 struct comedi_subdevice *s; 2602 struct comedi_async *async; 2603 unsigned int n, m; 2604 ssize_t count = 0; 2605 int retval = 0; 2606 DECLARE_WAITQUEUE(wait, current); 2607 struct comedi_file *cfp = file->private_data; 2608 struct comedi_device *dev = cfp->dev; 2609 unsigned int old_detach_count; 2610 bool become_nonbusy = false; 2611 bool attach_locked; 2612 2613 /* Protect against device detachment during operation. */ 2614 down_read(&dev->attach_lock); 2615 attach_locked = true; 2616 old_detach_count = dev->detach_count; 2617 2618 if (!dev->attached) { 2619 dev_dbg(dev->class_dev, "no driver attached\n"); 2620 retval = -ENODEV; 2621 goto out; 2622 } 2623 2624 s = comedi_file_read_subdevice(file); 2625 if (!s || !s->async) { 2626 retval = -EIO; 2627 goto out; 2628 } 2629 2630 async = s->async; 2631 if (s->busy != file || (async->cmd.flags & CMDF_WRITE)) { 2632 retval = -EINVAL; 2633 goto out; 2634 } 2635 2636 add_wait_queue(&async->wait_head, &wait); 2637 while (count == 0 && !retval) { 2638 unsigned int rp, n1, n2; 2639 2640 set_current_state(TASK_INTERRUPTIBLE); 2641 2642 m = comedi_buf_read_n_available(s); 2643 n = min_t(size_t, m, nbytes); 2644 2645 if (n == 0) { 2646 unsigned int runflags = 2647 comedi_get_subdevice_runflags(s); 2648 2649 if (!comedi_is_runflags_running(runflags)) { 2650 if (comedi_is_runflags_in_error(runflags)) 2651 retval = -EPIPE; 2652 if (retval || nbytes) 2653 become_nonbusy = true; 2654 break; 2655 } 2656 if (nbytes == 0) 2657 break; 2658 if (file->f_flags & O_NONBLOCK) { 2659 retval = -EAGAIN; 2660 break; 2661 } 2662 schedule(); 2663 if (signal_pending(current)) { 2664 retval = -ERESTARTSYS; 2665 break; 2666 } 2667 if (s->busy != file || 2668 (async->cmd.flags & CMDF_WRITE)) { 2669 retval = -EINVAL; 2670 break; 2671 } 2672 continue; 2673 } 2674 2675 set_current_state(TASK_RUNNING); 2676 rp = async->buf_read_ptr; 2677 n1 = min(n, async->prealloc_bufsz - rp); 2678 n2 = n - n1; 2679 m = copy_to_user(buf, async->prealloc_buf + rp, n1); 2680 if (m) 2681 m += n2; 2682 else if (n2) 2683 m = copy_to_user(buf + n1, async->prealloc_buf, n2); 2684 if (m) { 2685 n -= m; 2686 retval = -EFAULT; 2687 } 2688 2689 comedi_buf_read_alloc(s, n); 2690 comedi_buf_read_free(s, n); 2691 2692 count += n; 2693 nbytes -= n; 2694 2695 buf += n; 2696 } 2697 remove_wait_queue(&async->wait_head, &wait); 2698 set_current_state(TASK_RUNNING); 2699 if (become_nonbusy && count == 0) { 2700 struct comedi_subdevice *new_s; 2701 2702 /* 2703 * To avoid deadlock, cannot acquire dev->mutex 2704 * while dev->attach_lock is held. 2705 */ 2706 up_read(&dev->attach_lock); 2707 attach_locked = false; 2708 mutex_lock(&dev->mutex); 2709 /* 2710 * Check device hasn't become detached behind our back. 2711 * Checking dev->detach_count is unchanged ought to be 2712 * sufficient (unless there have been 2**32 detaches in the 2713 * meantime!), but check the subdevice pointer as well just in 2714 * case. 2715 * 2716 * Also check the subdevice is still in a suitable state to 2717 * become non-busy in case it changed behind our back. 2718 */ 2719 new_s = comedi_file_read_subdevice(file); 2720 if (dev->attached && old_detach_count == dev->detach_count && 2721 s == new_s && new_s->async == async && s->busy == file && 2722 !(async->cmd.flags & CMDF_WRITE) && 2723 !comedi_is_subdevice_running(s) && 2724 comedi_buf_read_n_available(s) == 0) 2725 do_become_nonbusy(dev, s); 2726 mutex_unlock(&dev->mutex); 2727 } 2728 out: 2729 if (attach_locked) 2730 up_read(&dev->attach_lock); 2731 2732 return count ? count : retval; 2733 } 2734 2735 static int comedi_open(struct inode *inode, struct file *file) 2736 { 2737 const unsigned int minor = iminor(inode); 2738 struct comedi_file *cfp; 2739 struct comedi_device *dev = comedi_dev_get_from_minor(minor); 2740 int rc; 2741 2742 if (!dev) { 2743 pr_debug("invalid minor number\n"); 2744 return -ENODEV; 2745 } 2746 2747 cfp = kzalloc(sizeof(*cfp), GFP_KERNEL); 2748 if (!cfp) { 2749 comedi_dev_put(dev); 2750 return -ENOMEM; 2751 } 2752 2753 cfp->dev = dev; 2754 2755 mutex_lock(&dev->mutex); 2756 if (!dev->attached && !capable(CAP_SYS_ADMIN)) { 2757 dev_dbg(dev->class_dev, "not attached and not CAP_SYS_ADMIN\n"); 2758 rc = -ENODEV; 2759 goto out; 2760 } 2761 if (dev->attached && dev->use_count == 0) { 2762 if (!try_module_get(dev->driver->module)) { 2763 rc = -ENXIO; 2764 goto out; 2765 } 2766 if (dev->open) { 2767 rc = dev->open(dev); 2768 if (rc < 0) { 2769 module_put(dev->driver->module); 2770 goto out; 2771 } 2772 } 2773 } 2774 2775 dev->use_count++; 2776 file->private_data = cfp; 2777 comedi_file_reset(file); 2778 rc = 0; 2779 2780 out: 2781 mutex_unlock(&dev->mutex); 2782 if (rc) { 2783 comedi_dev_put(dev); 2784 kfree(cfp); 2785 } 2786 return rc; 2787 } 2788 2789 static int comedi_fasync(int fd, struct file *file, int on) 2790 { 2791 struct comedi_file *cfp = file->private_data; 2792 struct comedi_device *dev = cfp->dev; 2793 2794 return fasync_helper(fd, file, on, &dev->async_queue); 2795 } 2796 2797 static int comedi_close(struct inode *inode, struct file *file) 2798 { 2799 struct comedi_file *cfp = file->private_data; 2800 struct comedi_device *dev = cfp->dev; 2801 struct comedi_subdevice *s = NULL; 2802 int i; 2803 2804 mutex_lock(&dev->mutex); 2805 2806 if (dev->subdevices) { 2807 for (i = 0; i < dev->n_subdevices; i++) { 2808 s = &dev->subdevices[i]; 2809 2810 if (s->busy == file) 2811 do_cancel(dev, s); 2812 if (s->lock == file) 2813 s->lock = NULL; 2814 } 2815 } 2816 if (dev->attached && dev->use_count == 1) { 2817 if (dev->close) 2818 dev->close(dev); 2819 module_put(dev->driver->module); 2820 } 2821 2822 dev->use_count--; 2823 2824 mutex_unlock(&dev->mutex); 2825 comedi_dev_put(dev); 2826 kfree(cfp); 2827 2828 return 0; 2829 } 2830 2831 #ifdef CONFIG_COMPAT 2832 2833 #define COMEDI32_CHANINFO _IOR(CIO, 3, struct comedi32_chaninfo_struct) 2834 #define COMEDI32_RANGEINFO _IOR(CIO, 8, struct comedi32_rangeinfo_struct) 2835 /* 2836 * N.B. COMEDI32_CMD and COMEDI_CMD ought to use _IOWR, not _IOR. 2837 * It's too late to change it now, but it only affects the command number. 2838 */ 2839 #define COMEDI32_CMD _IOR(CIO, 9, struct comedi32_cmd_struct) 2840 /* 2841 * N.B. COMEDI32_CMDTEST and COMEDI_CMDTEST ought to use _IOWR, not _IOR. 2842 * It's too late to change it now, but it only affects the command number. 2843 */ 2844 #define COMEDI32_CMDTEST _IOR(CIO, 10, struct comedi32_cmd_struct) 2845 #define COMEDI32_INSNLIST _IOR(CIO, 11, struct comedi32_insnlist_struct) 2846 #define COMEDI32_INSN _IOR(CIO, 12, struct comedi32_insn_struct) 2847 2848 struct comedi32_chaninfo_struct { 2849 unsigned int subdev; 2850 compat_uptr_t maxdata_list; /* 32-bit 'unsigned int *' */ 2851 compat_uptr_t flaglist; /* 32-bit 'unsigned int *' */ 2852 compat_uptr_t rangelist; /* 32-bit 'unsigned int *' */ 2853 unsigned int unused[4]; 2854 }; 2855 2856 struct comedi32_rangeinfo_struct { 2857 unsigned int range_type; 2858 compat_uptr_t range_ptr; /* 32-bit 'void *' */ 2859 }; 2860 2861 struct comedi32_cmd_struct { 2862 unsigned int subdev; 2863 unsigned int flags; 2864 unsigned int start_src; 2865 unsigned int start_arg; 2866 unsigned int scan_begin_src; 2867 unsigned int scan_begin_arg; 2868 unsigned int convert_src; 2869 unsigned int convert_arg; 2870 unsigned int scan_end_src; 2871 unsigned int scan_end_arg; 2872 unsigned int stop_src; 2873 unsigned int stop_arg; 2874 compat_uptr_t chanlist; /* 32-bit 'unsigned int *' */ 2875 unsigned int chanlist_len; 2876 compat_uptr_t data; /* 32-bit 'short *' */ 2877 unsigned int data_len; 2878 }; 2879 2880 struct comedi32_insn_struct { 2881 unsigned int insn; 2882 unsigned int n; 2883 compat_uptr_t data; /* 32-bit 'unsigned int *' */ 2884 unsigned int subdev; 2885 unsigned int chanspec; 2886 unsigned int unused[3]; 2887 }; 2888 2889 struct comedi32_insnlist_struct { 2890 unsigned int n_insns; 2891 compat_uptr_t insns; /* 32-bit 'struct comedi_insn *' */ 2892 }; 2893 2894 /* Handle 32-bit COMEDI_CHANINFO ioctl. */ 2895 static int compat_chaninfo(struct file *file, unsigned long arg) 2896 { 2897 struct comedi_file *cfp = file->private_data; 2898 struct comedi_device *dev = cfp->dev; 2899 struct comedi32_chaninfo_struct chaninfo32; 2900 struct comedi_chaninfo chaninfo; 2901 int err; 2902 2903 if (copy_from_user(&chaninfo32, compat_ptr(arg), sizeof(chaninfo32))) 2904 return -EFAULT; 2905 2906 memset(&chaninfo, 0, sizeof(chaninfo)); 2907 chaninfo.subdev = chaninfo32.subdev; 2908 chaninfo.maxdata_list = compat_ptr(chaninfo32.maxdata_list); 2909 chaninfo.flaglist = compat_ptr(chaninfo32.flaglist); 2910 chaninfo.rangelist = compat_ptr(chaninfo32.rangelist); 2911 2912 mutex_lock(&dev->mutex); 2913 err = do_chaninfo_ioctl(dev, &chaninfo); 2914 mutex_unlock(&dev->mutex); 2915 return err; 2916 } 2917 2918 /* Handle 32-bit COMEDI_RANGEINFO ioctl. */ 2919 static int compat_rangeinfo(struct file *file, unsigned long arg) 2920 { 2921 struct comedi_file *cfp = file->private_data; 2922 struct comedi_device *dev = cfp->dev; 2923 struct comedi32_rangeinfo_struct rangeinfo32; 2924 struct comedi_rangeinfo rangeinfo; 2925 int err; 2926 2927 if (copy_from_user(&rangeinfo32, compat_ptr(arg), sizeof(rangeinfo32))) 2928 return -EFAULT; 2929 memset(&rangeinfo, 0, sizeof(rangeinfo)); 2930 rangeinfo.range_type = rangeinfo32.range_type; 2931 rangeinfo.range_ptr = compat_ptr(rangeinfo32.range_ptr); 2932 2933 mutex_lock(&dev->mutex); 2934 err = do_rangeinfo_ioctl(dev, &rangeinfo); 2935 mutex_unlock(&dev->mutex); 2936 return err; 2937 } 2938 2939 /* Copy 32-bit cmd structure to native cmd structure. */ 2940 static int get_compat_cmd(struct comedi_cmd *cmd, 2941 struct comedi32_cmd_struct __user *cmd32) 2942 { 2943 struct comedi32_cmd_struct v32; 2944 2945 if (copy_from_user(&v32, cmd32, sizeof(v32))) 2946 return -EFAULT; 2947 2948 cmd->subdev = v32.subdev; 2949 cmd->flags = v32.flags; 2950 cmd->start_src = v32.start_src; 2951 cmd->start_arg = v32.start_arg; 2952 cmd->scan_begin_src = v32.scan_begin_src; 2953 cmd->scan_begin_arg = v32.scan_begin_arg; 2954 cmd->convert_src = v32.convert_src; 2955 cmd->convert_arg = v32.convert_arg; 2956 cmd->scan_end_src = v32.scan_end_src; 2957 cmd->scan_end_arg = v32.scan_end_arg; 2958 cmd->stop_src = v32.stop_src; 2959 cmd->stop_arg = v32.stop_arg; 2960 cmd->chanlist = (unsigned int __force *)compat_ptr(v32.chanlist); 2961 cmd->chanlist_len = v32.chanlist_len; 2962 cmd->data = compat_ptr(v32.data); 2963 cmd->data_len = v32.data_len; 2964 return 0; 2965 } 2966 2967 /* Copy native cmd structure to 32-bit cmd structure. */ 2968 static int put_compat_cmd(struct comedi32_cmd_struct __user *cmd32, 2969 struct comedi_cmd *cmd) 2970 { 2971 struct comedi32_cmd_struct v32; 2972 2973 memset(&v32, 0, sizeof(v32)); 2974 v32.subdev = cmd->subdev; 2975 v32.flags = cmd->flags; 2976 v32.start_src = cmd->start_src; 2977 v32.start_arg = cmd->start_arg; 2978 v32.scan_begin_src = cmd->scan_begin_src; 2979 v32.scan_begin_arg = cmd->scan_begin_arg; 2980 v32.convert_src = cmd->convert_src; 2981 v32.convert_arg = cmd->convert_arg; 2982 v32.scan_end_src = cmd->scan_end_src; 2983 v32.scan_end_arg = cmd->scan_end_arg; 2984 v32.stop_src = cmd->stop_src; 2985 v32.stop_arg = cmd->stop_arg; 2986 /* Assume chanlist pointer is unchanged. */ 2987 v32.chanlist = ptr_to_compat((unsigned int __user *)cmd->chanlist); 2988 v32.chanlist_len = cmd->chanlist_len; 2989 v32.data = ptr_to_compat(cmd->data); 2990 v32.data_len = cmd->data_len; 2991 if (copy_to_user(cmd32, &v32, sizeof(v32))) 2992 return -EFAULT; 2993 return 0; 2994 } 2995 2996 /* Handle 32-bit COMEDI_CMD ioctl. */ 2997 static int compat_cmd(struct file *file, unsigned long arg) 2998 { 2999 struct comedi_file *cfp = file->private_data; 3000 struct comedi_device *dev = cfp->dev; 3001 struct comedi_cmd cmd; 3002 bool copy = false; 3003 int rc, err; 3004 3005 rc = get_compat_cmd(&cmd, compat_ptr(arg)); 3006 if (rc) 3007 return rc; 3008 3009 mutex_lock(&dev->mutex); 3010 rc = do_cmd_ioctl(dev, &cmd, ©, file); 3011 mutex_unlock(&dev->mutex); 3012 if (copy) { 3013 /* Special case: copy cmd back to user. */ 3014 err = put_compat_cmd(compat_ptr(arg), &cmd); 3015 if (err) 3016 rc = err; 3017 } 3018 return rc; 3019 } 3020 3021 /* Handle 32-bit COMEDI_CMDTEST ioctl. */ 3022 static int compat_cmdtest(struct file *file, unsigned long arg) 3023 { 3024 struct comedi_file *cfp = file->private_data; 3025 struct comedi_device *dev = cfp->dev; 3026 struct comedi_cmd cmd; 3027 bool copy = false; 3028 int rc, err; 3029 3030 rc = get_compat_cmd(&cmd, compat_ptr(arg)); 3031 if (rc) 3032 return rc; 3033 3034 mutex_lock(&dev->mutex); 3035 rc = do_cmdtest_ioctl(dev, &cmd, ©, file); 3036 mutex_unlock(&dev->mutex); 3037 if (copy) { 3038 err = put_compat_cmd(compat_ptr(arg), &cmd); 3039 if (err) 3040 rc = err; 3041 } 3042 return rc; 3043 } 3044 3045 /* Copy 32-bit insn structure to native insn structure. */ 3046 static int get_compat_insn(struct comedi_insn *insn, 3047 struct comedi32_insn_struct __user *insn32) 3048 { 3049 struct comedi32_insn_struct v32; 3050 3051 /* Copy insn structure. Ignore the unused members. */ 3052 if (copy_from_user(&v32, insn32, sizeof(v32))) 3053 return -EFAULT; 3054 memset(insn, 0, sizeof(*insn)); 3055 insn->insn = v32.insn; 3056 insn->n = v32.n; 3057 insn->data = compat_ptr(v32.data); 3058 insn->subdev = v32.subdev; 3059 insn->chanspec = v32.chanspec; 3060 return 0; 3061 } 3062 3063 /* Handle 32-bit COMEDI_INSNLIST ioctl. */ 3064 static int compat_insnlist(struct file *file, unsigned long arg) 3065 { 3066 struct comedi_file *cfp = file->private_data; 3067 struct comedi_device *dev = cfp->dev; 3068 struct comedi32_insnlist_struct insnlist32; 3069 struct comedi32_insn_struct __user *insn32; 3070 struct comedi_insn *insns; 3071 unsigned int n; 3072 int rc; 3073 3074 if (copy_from_user(&insnlist32, compat_ptr(arg), sizeof(insnlist32))) 3075 return -EFAULT; 3076 3077 insns = kcalloc(insnlist32.n_insns, sizeof(*insns), GFP_KERNEL); 3078 if (!insns) 3079 return -ENOMEM; 3080 3081 /* Copy insn structures. */ 3082 insn32 = compat_ptr(insnlist32.insns); 3083 for (n = 0; n < insnlist32.n_insns; n++) { 3084 rc = get_compat_insn(insns + n, insn32 + n); 3085 if (rc) { 3086 kfree(insns); 3087 return rc; 3088 } 3089 } 3090 3091 mutex_lock(&dev->mutex); 3092 rc = do_insnlist_ioctl(dev, insns, insnlist32.n_insns, file); 3093 mutex_unlock(&dev->mutex); 3094 kfree(insns); 3095 return rc; 3096 } 3097 3098 /* Handle 32-bit COMEDI_INSN ioctl. */ 3099 static int compat_insn(struct file *file, unsigned long arg) 3100 { 3101 struct comedi_file *cfp = file->private_data; 3102 struct comedi_device *dev = cfp->dev; 3103 struct comedi_insn insn; 3104 int rc; 3105 3106 rc = get_compat_insn(&insn, (void __user *)arg); 3107 if (rc) 3108 return rc; 3109 3110 mutex_lock(&dev->mutex); 3111 rc = do_insn_ioctl(dev, &insn, file); 3112 mutex_unlock(&dev->mutex); 3113 return rc; 3114 } 3115 3116 /* 3117 * compat_ioctl file operation. 3118 * 3119 * Returns -ENOIOCTLCMD for unrecognised ioctl codes. 3120 */ 3121 static long comedi_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 3122 { 3123 int rc; 3124 3125 switch (cmd) { 3126 case COMEDI_DEVCONFIG: 3127 case COMEDI_DEVINFO: 3128 case COMEDI_SUBDINFO: 3129 case COMEDI_BUFCONFIG: 3130 case COMEDI_BUFINFO: 3131 /* Just need to translate the pointer argument. */ 3132 arg = (unsigned long)compat_ptr(arg); 3133 rc = comedi_unlocked_ioctl(file, cmd, arg); 3134 break; 3135 case COMEDI_LOCK: 3136 case COMEDI_UNLOCK: 3137 case COMEDI_CANCEL: 3138 case COMEDI_POLL: 3139 case COMEDI_SETRSUBD: 3140 case COMEDI_SETWSUBD: 3141 /* No translation needed. */ 3142 rc = comedi_unlocked_ioctl(file, cmd, arg); 3143 break; 3144 case COMEDI32_CHANINFO: 3145 rc = compat_chaninfo(file, arg); 3146 break; 3147 case COMEDI32_RANGEINFO: 3148 rc = compat_rangeinfo(file, arg); 3149 break; 3150 case COMEDI32_CMD: 3151 rc = compat_cmd(file, arg); 3152 break; 3153 case COMEDI32_CMDTEST: 3154 rc = compat_cmdtest(file, arg); 3155 break; 3156 case COMEDI32_INSNLIST: 3157 rc = compat_insnlist(file, arg); 3158 break; 3159 case COMEDI32_INSN: 3160 rc = compat_insn(file, arg); 3161 break; 3162 default: 3163 rc = -ENOIOCTLCMD; 3164 break; 3165 } 3166 return rc; 3167 } 3168 #else 3169 #define comedi_compat_ioctl NULL 3170 #endif 3171 3172 static const struct file_operations comedi_fops = { 3173 .owner = THIS_MODULE, 3174 .unlocked_ioctl = comedi_unlocked_ioctl, 3175 .compat_ioctl = comedi_compat_ioctl, 3176 .open = comedi_open, 3177 .release = comedi_close, 3178 .read = comedi_read, 3179 .write = comedi_write, 3180 .mmap = comedi_mmap, 3181 .poll = comedi_poll, 3182 .fasync = comedi_fasync, 3183 .llseek = noop_llseek, 3184 }; 3185 3186 /** 3187 * comedi_event() - Handle events for asynchronous COMEDI command 3188 * @dev: COMEDI device. 3189 * @s: COMEDI subdevice. 3190 * Context: in_interrupt() (usually), @s->spin_lock spin-lock not held. 3191 * 3192 * If an asynchronous COMEDI command is active on the subdevice, process 3193 * any %COMEDI_CB_... event flags that have been set, usually by an 3194 * interrupt handler. These may change the run state of the asynchronous 3195 * command, wake a task, and/or send a %SIGIO signal. 3196 */ 3197 void comedi_event(struct comedi_device *dev, struct comedi_subdevice *s) 3198 { 3199 struct comedi_async *async = s->async; 3200 unsigned int events; 3201 int si_code = 0; 3202 unsigned long flags; 3203 3204 spin_lock_irqsave(&s->spin_lock, flags); 3205 3206 events = async->events; 3207 async->events = 0; 3208 if (!__comedi_is_subdevice_running(s)) { 3209 spin_unlock_irqrestore(&s->spin_lock, flags); 3210 return; 3211 } 3212 3213 if (events & COMEDI_CB_CANCEL_MASK) 3214 __comedi_clear_subdevice_runflags(s, COMEDI_SRF_RUNNING); 3215 3216 /* 3217 * Remember if an error event has occurred, so an error can be 3218 * returned the next time the user does a read() or write(). 3219 */ 3220 if (events & COMEDI_CB_ERROR_MASK) 3221 __comedi_set_subdevice_runflags(s, COMEDI_SRF_ERROR); 3222 3223 if (async->cb_mask & events) { 3224 wake_up_interruptible(&async->wait_head); 3225 si_code = async->cmd.flags & CMDF_WRITE ? POLL_OUT : POLL_IN; 3226 } 3227 3228 spin_unlock_irqrestore(&s->spin_lock, flags); 3229 3230 if (si_code) 3231 kill_fasync(&dev->async_queue, SIGIO, si_code); 3232 } 3233 EXPORT_SYMBOL_GPL(comedi_event); 3234 3235 /* Note: the ->mutex is pre-locked on successful return */ 3236 struct comedi_device *comedi_alloc_board_minor(struct device *hardware_device) 3237 { 3238 struct comedi_device *dev; 3239 struct device *csdev; 3240 unsigned int i; 3241 3242 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3243 if (!dev) 3244 return ERR_PTR(-ENOMEM); 3245 comedi_device_init(dev); 3246 comedi_set_hw_dev(dev, hardware_device); 3247 mutex_lock(&dev->mutex); 3248 mutex_lock(&comedi_board_minor_table_lock); 3249 for (i = hardware_device ? comedi_num_legacy_minors : 0; 3250 i < COMEDI_NUM_BOARD_MINORS; ++i) { 3251 if (!comedi_board_minor_table[i]) { 3252 comedi_board_minor_table[i] = dev; 3253 break; 3254 } 3255 } 3256 mutex_unlock(&comedi_board_minor_table_lock); 3257 if (i == COMEDI_NUM_BOARD_MINORS) { 3258 mutex_unlock(&dev->mutex); 3259 comedi_device_cleanup(dev); 3260 comedi_dev_put(dev); 3261 dev_err(hardware_device, 3262 "ran out of minor numbers for board device files\n"); 3263 return ERR_PTR(-EBUSY); 3264 } 3265 dev->minor = i; 3266 csdev = device_create(comedi_class, hardware_device, 3267 MKDEV(COMEDI_MAJOR, i), NULL, "comedi%i", i); 3268 if (!IS_ERR(csdev)) 3269 dev->class_dev = get_device(csdev); 3270 3271 /* Note: dev->mutex needs to be unlocked by the caller. */ 3272 return dev; 3273 } 3274 3275 void comedi_release_hardware_device(struct device *hardware_device) 3276 { 3277 int minor; 3278 struct comedi_device *dev; 3279 3280 for (minor = comedi_num_legacy_minors; minor < COMEDI_NUM_BOARD_MINORS; 3281 minor++) { 3282 mutex_lock(&comedi_board_minor_table_lock); 3283 dev = comedi_board_minor_table[minor]; 3284 if (dev && dev->hw_dev == hardware_device) { 3285 comedi_board_minor_table[minor] = NULL; 3286 mutex_unlock(&comedi_board_minor_table_lock); 3287 comedi_free_board_dev(dev); 3288 break; 3289 } 3290 mutex_unlock(&comedi_board_minor_table_lock); 3291 } 3292 } 3293 3294 int comedi_alloc_subdevice_minor(struct comedi_subdevice *s) 3295 { 3296 struct comedi_device *dev = s->device; 3297 struct device *csdev; 3298 unsigned int i; 3299 3300 mutex_lock(&comedi_subdevice_minor_table_lock); 3301 for (i = 0; i < COMEDI_NUM_SUBDEVICE_MINORS; ++i) { 3302 if (!comedi_subdevice_minor_table[i]) { 3303 comedi_subdevice_minor_table[i] = s; 3304 break; 3305 } 3306 } 3307 mutex_unlock(&comedi_subdevice_minor_table_lock); 3308 if (i == COMEDI_NUM_SUBDEVICE_MINORS) { 3309 dev_err(dev->class_dev, 3310 "ran out of minor numbers for subdevice files\n"); 3311 return -EBUSY; 3312 } 3313 i += COMEDI_NUM_BOARD_MINORS; 3314 s->minor = i; 3315 csdev = device_create(comedi_class, dev->class_dev, 3316 MKDEV(COMEDI_MAJOR, i), NULL, "comedi%i_subd%i", 3317 dev->minor, s->index); 3318 if (!IS_ERR(csdev)) 3319 s->class_dev = csdev; 3320 3321 return 0; 3322 } 3323 3324 void comedi_free_subdevice_minor(struct comedi_subdevice *s) 3325 { 3326 unsigned int i; 3327 3328 if (!s) 3329 return; 3330 if (s->minor < COMEDI_NUM_BOARD_MINORS || 3331 s->minor >= COMEDI_NUM_MINORS) 3332 return; 3333 3334 i = s->minor - COMEDI_NUM_BOARD_MINORS; 3335 mutex_lock(&comedi_subdevice_minor_table_lock); 3336 if (s == comedi_subdevice_minor_table[i]) 3337 comedi_subdevice_minor_table[i] = NULL; 3338 mutex_unlock(&comedi_subdevice_minor_table_lock); 3339 if (s->class_dev) { 3340 device_destroy(comedi_class, MKDEV(COMEDI_MAJOR, s->minor)); 3341 s->class_dev = NULL; 3342 } 3343 } 3344 3345 static void comedi_cleanup_board_minors(void) 3346 { 3347 struct comedi_device *dev; 3348 unsigned int i; 3349 3350 for (i = 0; i < COMEDI_NUM_BOARD_MINORS; i++) { 3351 dev = comedi_clear_board_minor(i); 3352 comedi_free_board_dev(dev); 3353 } 3354 } 3355 3356 static int __init comedi_init(void) 3357 { 3358 int i; 3359 int retval; 3360 3361 pr_info("version " COMEDI_RELEASE " - http://www.comedi.org\n"); 3362 3363 if (comedi_num_legacy_minors > COMEDI_NUM_BOARD_MINORS) { 3364 pr_err("invalid value for module parameter \"comedi_num_legacy_minors\". Valid values are 0 through %i.\n", 3365 COMEDI_NUM_BOARD_MINORS); 3366 return -EINVAL; 3367 } 3368 3369 retval = register_chrdev_region(MKDEV(COMEDI_MAJOR, 0), 3370 COMEDI_NUM_MINORS, "comedi"); 3371 if (retval) 3372 return retval; 3373 3374 cdev_init(&comedi_cdev, &comedi_fops); 3375 comedi_cdev.owner = THIS_MODULE; 3376 3377 retval = kobject_set_name(&comedi_cdev.kobj, "comedi"); 3378 if (retval) 3379 goto out_unregister_chrdev_region; 3380 3381 retval = cdev_add(&comedi_cdev, MKDEV(COMEDI_MAJOR, 0), 3382 COMEDI_NUM_MINORS); 3383 if (retval) 3384 goto out_unregister_chrdev_region; 3385 3386 comedi_class = class_create(THIS_MODULE, "comedi"); 3387 if (IS_ERR(comedi_class)) { 3388 retval = PTR_ERR(comedi_class); 3389 pr_err("failed to create class\n"); 3390 goto out_cdev_del; 3391 } 3392 3393 comedi_class->dev_groups = comedi_dev_groups; 3394 3395 /* create devices files for legacy/manual use */ 3396 for (i = 0; i < comedi_num_legacy_minors; i++) { 3397 struct comedi_device *dev; 3398 3399 dev = comedi_alloc_board_minor(NULL); 3400 if (IS_ERR(dev)) { 3401 retval = PTR_ERR(dev); 3402 goto out_cleanup_board_minors; 3403 } 3404 /* comedi_alloc_board_minor() locked the mutex */ 3405 lockdep_assert_held(&dev->mutex); 3406 mutex_unlock(&dev->mutex); 3407 } 3408 3409 /* XXX requires /proc interface */ 3410 comedi_proc_init(); 3411 3412 return 0; 3413 3414 out_cleanup_board_minors: 3415 comedi_cleanup_board_minors(); 3416 class_destroy(comedi_class); 3417 out_cdev_del: 3418 cdev_del(&comedi_cdev); 3419 out_unregister_chrdev_region: 3420 unregister_chrdev_region(MKDEV(COMEDI_MAJOR, 0), COMEDI_NUM_MINORS); 3421 return retval; 3422 } 3423 module_init(comedi_init); 3424 3425 static void __exit comedi_cleanup(void) 3426 { 3427 comedi_cleanup_board_minors(); 3428 class_destroy(comedi_class); 3429 cdev_del(&comedi_cdev); 3430 unregister_chrdev_region(MKDEV(COMEDI_MAJOR, 0), COMEDI_NUM_MINORS); 3431 3432 comedi_proc_cleanup(); 3433 } 3434 module_exit(comedi_cleanup); 3435 3436 MODULE_AUTHOR("https://www.comedi.org"); 3437 MODULE_DESCRIPTION("Comedi core module"); 3438 MODULE_LICENSE("GPL"); 3439