1 /* 2 * Event char devices, giving access to raw input device events. 3 * 4 * Copyright (c) 1999-2002 Vojtech Pavlik 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published by 8 * the Free Software Foundation. 9 */ 10 11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 12 13 #define EVDEV_MINOR_BASE 64 14 #define EVDEV_MINORS 32 15 #define EVDEV_MIN_BUFFER_SIZE 64U 16 #define EVDEV_BUF_PACKETS 8 17 18 #include <linux/poll.h> 19 #include <linux/sched.h> 20 #include <linux/slab.h> 21 #include <linux/module.h> 22 #include <linux/init.h> 23 #include <linux/input/mt.h> 24 #include <linux/major.h> 25 #include <linux/device.h> 26 #include <linux/cdev.h> 27 #include "input-compat.h" 28 29 struct evdev { 30 int open; 31 struct input_handle handle; 32 wait_queue_head_t wait; 33 struct evdev_client __rcu *grab; 34 struct list_head client_list; 35 spinlock_t client_lock; /* protects client_list */ 36 struct mutex mutex; 37 struct device dev; 38 struct cdev cdev; 39 bool exist; 40 }; 41 42 struct evdev_client { 43 unsigned int head; 44 unsigned int tail; 45 unsigned int packet_head; /* [future] position of the first element of next packet */ 46 spinlock_t buffer_lock; /* protects access to buffer, head and tail */ 47 struct fasync_struct *fasync; 48 struct evdev *evdev; 49 struct list_head node; 50 int clkid; 51 bool revoked; 52 unsigned int bufsize; 53 struct input_event buffer[]; 54 }; 55 56 /* flush queued events of type @type, caller must hold client->buffer_lock */ 57 static void __evdev_flush_queue(struct evdev_client *client, unsigned int type) 58 { 59 unsigned int i, head, num; 60 unsigned int mask = client->bufsize - 1; 61 bool is_report; 62 struct input_event *ev; 63 64 BUG_ON(type == EV_SYN); 65 66 head = client->tail; 67 client->packet_head = client->tail; 68 69 /* init to 1 so a leading SYN_REPORT will not be dropped */ 70 num = 1; 71 72 for (i = client->tail; i != client->head; i = (i + 1) & mask) { 73 ev = &client->buffer[i]; 74 is_report = ev->type == EV_SYN && ev->code == SYN_REPORT; 75 76 if (ev->type == type) { 77 /* drop matched entry */ 78 continue; 79 } else if (is_report && !num) { 80 /* drop empty SYN_REPORT groups */ 81 continue; 82 } else if (head != i) { 83 /* move entry to fill the gap */ 84 client->buffer[head].time = ev->time; 85 client->buffer[head].type = ev->type; 86 client->buffer[head].code = ev->code; 87 client->buffer[head].value = ev->value; 88 } 89 90 num++; 91 head = (head + 1) & mask; 92 93 if (is_report) { 94 num = 0; 95 client->packet_head = head; 96 } 97 } 98 99 client->head = head; 100 } 101 102 /* queue SYN_DROPPED event */ 103 static void evdev_queue_syn_dropped(struct evdev_client *client) 104 { 105 unsigned long flags; 106 struct input_event ev; 107 ktime_t time; 108 109 time = ktime_get(); 110 if (client->clkid != CLOCK_MONOTONIC) 111 time = ktime_sub(time, ktime_get_monotonic_offset()); 112 113 ev.time = ktime_to_timeval(time); 114 ev.type = EV_SYN; 115 ev.code = SYN_DROPPED; 116 ev.value = 0; 117 118 spin_lock_irqsave(&client->buffer_lock, flags); 119 120 client->buffer[client->head++] = ev; 121 client->head &= client->bufsize - 1; 122 123 if (unlikely(client->head == client->tail)) { 124 /* drop queue but keep our SYN_DROPPED event */ 125 client->tail = (client->head - 1) & (client->bufsize - 1); 126 client->packet_head = client->tail; 127 } 128 129 spin_unlock_irqrestore(&client->buffer_lock, flags); 130 } 131 132 static void __pass_event(struct evdev_client *client, 133 const struct input_event *event) 134 { 135 client->buffer[client->head++] = *event; 136 client->head &= client->bufsize - 1; 137 138 if (unlikely(client->head == client->tail)) { 139 /* 140 * This effectively "drops" all unconsumed events, leaving 141 * EV_SYN/SYN_DROPPED plus the newest event in the queue. 142 */ 143 client->tail = (client->head - 2) & (client->bufsize - 1); 144 145 client->buffer[client->tail].time = event->time; 146 client->buffer[client->tail].type = EV_SYN; 147 client->buffer[client->tail].code = SYN_DROPPED; 148 client->buffer[client->tail].value = 0; 149 150 client->packet_head = client->tail; 151 } 152 153 if (event->type == EV_SYN && event->code == SYN_REPORT) { 154 client->packet_head = client->head; 155 kill_fasync(&client->fasync, SIGIO, POLL_IN); 156 } 157 } 158 159 static void evdev_pass_values(struct evdev_client *client, 160 const struct input_value *vals, unsigned int count, 161 ktime_t mono, ktime_t real) 162 { 163 struct evdev *evdev = client->evdev; 164 const struct input_value *v; 165 struct input_event event; 166 bool wakeup = false; 167 168 if (client->revoked) 169 return; 170 171 event.time = ktime_to_timeval(client->clkid == CLOCK_MONOTONIC ? 172 mono : real); 173 174 /* Interrupts are disabled, just acquire the lock. */ 175 spin_lock(&client->buffer_lock); 176 177 for (v = vals; v != vals + count; v++) { 178 event.type = v->type; 179 event.code = v->code; 180 event.value = v->value; 181 __pass_event(client, &event); 182 if (v->type == EV_SYN && v->code == SYN_REPORT) 183 wakeup = true; 184 } 185 186 spin_unlock(&client->buffer_lock); 187 188 if (wakeup) 189 wake_up_interruptible(&evdev->wait); 190 } 191 192 /* 193 * Pass incoming events to all connected clients. 194 */ 195 static void evdev_events(struct input_handle *handle, 196 const struct input_value *vals, unsigned int count) 197 { 198 struct evdev *evdev = handle->private; 199 struct evdev_client *client; 200 ktime_t time_mono, time_real; 201 202 time_mono = ktime_get(); 203 time_real = ktime_sub(time_mono, ktime_get_monotonic_offset()); 204 205 rcu_read_lock(); 206 207 client = rcu_dereference(evdev->grab); 208 209 if (client) 210 evdev_pass_values(client, vals, count, time_mono, time_real); 211 else 212 list_for_each_entry_rcu(client, &evdev->client_list, node) 213 evdev_pass_values(client, vals, count, 214 time_mono, time_real); 215 216 rcu_read_unlock(); 217 } 218 219 /* 220 * Pass incoming event to all connected clients. 221 */ 222 static void evdev_event(struct input_handle *handle, 223 unsigned int type, unsigned int code, int value) 224 { 225 struct input_value vals[] = { { type, code, value } }; 226 227 evdev_events(handle, vals, 1); 228 } 229 230 static int evdev_fasync(int fd, struct file *file, int on) 231 { 232 struct evdev_client *client = file->private_data; 233 234 return fasync_helper(fd, file, on, &client->fasync); 235 } 236 237 static int evdev_flush(struct file *file, fl_owner_t id) 238 { 239 struct evdev_client *client = file->private_data; 240 struct evdev *evdev = client->evdev; 241 int retval; 242 243 retval = mutex_lock_interruptible(&evdev->mutex); 244 if (retval) 245 return retval; 246 247 if (!evdev->exist || client->revoked) 248 retval = -ENODEV; 249 else 250 retval = input_flush_device(&evdev->handle, file); 251 252 mutex_unlock(&evdev->mutex); 253 return retval; 254 } 255 256 static void evdev_free(struct device *dev) 257 { 258 struct evdev *evdev = container_of(dev, struct evdev, dev); 259 260 input_put_device(evdev->handle.dev); 261 kfree(evdev); 262 } 263 264 /* 265 * Grabs an event device (along with underlying input device). 266 * This function is called with evdev->mutex taken. 267 */ 268 static int evdev_grab(struct evdev *evdev, struct evdev_client *client) 269 { 270 int error; 271 272 if (evdev->grab) 273 return -EBUSY; 274 275 error = input_grab_device(&evdev->handle); 276 if (error) 277 return error; 278 279 rcu_assign_pointer(evdev->grab, client); 280 281 return 0; 282 } 283 284 static int evdev_ungrab(struct evdev *evdev, struct evdev_client *client) 285 { 286 struct evdev_client *grab = rcu_dereference_protected(evdev->grab, 287 lockdep_is_held(&evdev->mutex)); 288 289 if (grab != client) 290 return -EINVAL; 291 292 rcu_assign_pointer(evdev->grab, NULL); 293 synchronize_rcu(); 294 input_release_device(&evdev->handle); 295 296 return 0; 297 } 298 299 static void evdev_attach_client(struct evdev *evdev, 300 struct evdev_client *client) 301 { 302 spin_lock(&evdev->client_lock); 303 list_add_tail_rcu(&client->node, &evdev->client_list); 304 spin_unlock(&evdev->client_lock); 305 } 306 307 static void evdev_detach_client(struct evdev *evdev, 308 struct evdev_client *client) 309 { 310 spin_lock(&evdev->client_lock); 311 list_del_rcu(&client->node); 312 spin_unlock(&evdev->client_lock); 313 synchronize_rcu(); 314 } 315 316 static int evdev_open_device(struct evdev *evdev) 317 { 318 int retval; 319 320 retval = mutex_lock_interruptible(&evdev->mutex); 321 if (retval) 322 return retval; 323 324 if (!evdev->exist) 325 retval = -ENODEV; 326 else if (!evdev->open++) { 327 retval = input_open_device(&evdev->handle); 328 if (retval) 329 evdev->open--; 330 } 331 332 mutex_unlock(&evdev->mutex); 333 return retval; 334 } 335 336 static void evdev_close_device(struct evdev *evdev) 337 { 338 mutex_lock(&evdev->mutex); 339 340 if (evdev->exist && !--evdev->open) 341 input_close_device(&evdev->handle); 342 343 mutex_unlock(&evdev->mutex); 344 } 345 346 /* 347 * Wake up users waiting for IO so they can disconnect from 348 * dead device. 349 */ 350 static void evdev_hangup(struct evdev *evdev) 351 { 352 struct evdev_client *client; 353 354 spin_lock(&evdev->client_lock); 355 list_for_each_entry(client, &evdev->client_list, node) 356 kill_fasync(&client->fasync, SIGIO, POLL_HUP); 357 spin_unlock(&evdev->client_lock); 358 359 wake_up_interruptible(&evdev->wait); 360 } 361 362 static int evdev_release(struct inode *inode, struct file *file) 363 { 364 struct evdev_client *client = file->private_data; 365 struct evdev *evdev = client->evdev; 366 367 mutex_lock(&evdev->mutex); 368 evdev_ungrab(evdev, client); 369 mutex_unlock(&evdev->mutex); 370 371 evdev_detach_client(evdev, client); 372 kfree(client); 373 374 evdev_close_device(evdev); 375 376 return 0; 377 } 378 379 static unsigned int evdev_compute_buffer_size(struct input_dev *dev) 380 { 381 unsigned int n_events = 382 max(dev->hint_events_per_packet * EVDEV_BUF_PACKETS, 383 EVDEV_MIN_BUFFER_SIZE); 384 385 return roundup_pow_of_two(n_events); 386 } 387 388 static int evdev_open(struct inode *inode, struct file *file) 389 { 390 struct evdev *evdev = container_of(inode->i_cdev, struct evdev, cdev); 391 unsigned int bufsize = evdev_compute_buffer_size(evdev->handle.dev); 392 struct evdev_client *client; 393 int error; 394 395 client = kzalloc(sizeof(struct evdev_client) + 396 bufsize * sizeof(struct input_event), 397 GFP_KERNEL); 398 if (!client) 399 return -ENOMEM; 400 401 client->bufsize = bufsize; 402 spin_lock_init(&client->buffer_lock); 403 client->evdev = evdev; 404 evdev_attach_client(evdev, client); 405 406 error = evdev_open_device(evdev); 407 if (error) 408 goto err_free_client; 409 410 file->private_data = client; 411 nonseekable_open(inode, file); 412 413 return 0; 414 415 err_free_client: 416 evdev_detach_client(evdev, client); 417 kfree(client); 418 return error; 419 } 420 421 static ssize_t evdev_write(struct file *file, const char __user *buffer, 422 size_t count, loff_t *ppos) 423 { 424 struct evdev_client *client = file->private_data; 425 struct evdev *evdev = client->evdev; 426 struct input_event event; 427 int retval = 0; 428 429 if (count != 0 && count < input_event_size()) 430 return -EINVAL; 431 432 retval = mutex_lock_interruptible(&evdev->mutex); 433 if (retval) 434 return retval; 435 436 if (!evdev->exist || client->revoked) { 437 retval = -ENODEV; 438 goto out; 439 } 440 441 while (retval + input_event_size() <= count) { 442 443 if (input_event_from_user(buffer + retval, &event)) { 444 retval = -EFAULT; 445 goto out; 446 } 447 retval += input_event_size(); 448 449 input_inject_event(&evdev->handle, 450 event.type, event.code, event.value); 451 } 452 453 out: 454 mutex_unlock(&evdev->mutex); 455 return retval; 456 } 457 458 static int evdev_fetch_next_event(struct evdev_client *client, 459 struct input_event *event) 460 { 461 int have_event; 462 463 spin_lock_irq(&client->buffer_lock); 464 465 have_event = client->packet_head != client->tail; 466 if (have_event) { 467 *event = client->buffer[client->tail++]; 468 client->tail &= client->bufsize - 1; 469 } 470 471 spin_unlock_irq(&client->buffer_lock); 472 473 return have_event; 474 } 475 476 static ssize_t evdev_read(struct file *file, char __user *buffer, 477 size_t count, loff_t *ppos) 478 { 479 struct evdev_client *client = file->private_data; 480 struct evdev *evdev = client->evdev; 481 struct input_event event; 482 size_t read = 0; 483 int error; 484 485 if (count != 0 && count < input_event_size()) 486 return -EINVAL; 487 488 for (;;) { 489 if (!evdev->exist || client->revoked) 490 return -ENODEV; 491 492 if (client->packet_head == client->tail && 493 (file->f_flags & O_NONBLOCK)) 494 return -EAGAIN; 495 496 /* 497 * count == 0 is special - no IO is done but we check 498 * for error conditions (see above). 499 */ 500 if (count == 0) 501 break; 502 503 while (read + input_event_size() <= count && 504 evdev_fetch_next_event(client, &event)) { 505 506 if (input_event_to_user(buffer + read, &event)) 507 return -EFAULT; 508 509 read += input_event_size(); 510 } 511 512 if (read) 513 break; 514 515 if (!(file->f_flags & O_NONBLOCK)) { 516 error = wait_event_interruptible(evdev->wait, 517 client->packet_head != client->tail || 518 !evdev->exist || client->revoked); 519 if (error) 520 return error; 521 } 522 } 523 524 return read; 525 } 526 527 /* No kernel lock - fine */ 528 static unsigned int evdev_poll(struct file *file, poll_table *wait) 529 { 530 struct evdev_client *client = file->private_data; 531 struct evdev *evdev = client->evdev; 532 unsigned int mask; 533 534 poll_wait(file, &evdev->wait, wait); 535 536 if (evdev->exist && !client->revoked) 537 mask = POLLOUT | POLLWRNORM; 538 else 539 mask = POLLHUP | POLLERR; 540 541 if (client->packet_head != client->tail) 542 mask |= POLLIN | POLLRDNORM; 543 544 return mask; 545 } 546 547 #ifdef CONFIG_COMPAT 548 549 #define BITS_PER_LONG_COMPAT (sizeof(compat_long_t) * 8) 550 #define BITS_TO_LONGS_COMPAT(x) ((((x) - 1) / BITS_PER_LONG_COMPAT) + 1) 551 552 #ifdef __BIG_ENDIAN 553 static int bits_to_user(unsigned long *bits, unsigned int maxbit, 554 unsigned int maxlen, void __user *p, int compat) 555 { 556 int len, i; 557 558 if (compat) { 559 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t); 560 if (len > maxlen) 561 len = maxlen; 562 563 for (i = 0; i < len / sizeof(compat_long_t); i++) 564 if (copy_to_user((compat_long_t __user *) p + i, 565 (compat_long_t *) bits + 566 i + 1 - ((i % 2) << 1), 567 sizeof(compat_long_t))) 568 return -EFAULT; 569 } else { 570 len = BITS_TO_LONGS(maxbit) * sizeof(long); 571 if (len > maxlen) 572 len = maxlen; 573 574 if (copy_to_user(p, bits, len)) 575 return -EFAULT; 576 } 577 578 return len; 579 } 580 #else 581 static int bits_to_user(unsigned long *bits, unsigned int maxbit, 582 unsigned int maxlen, void __user *p, int compat) 583 { 584 int len = compat ? 585 BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t) : 586 BITS_TO_LONGS(maxbit) * sizeof(long); 587 588 if (len > maxlen) 589 len = maxlen; 590 591 return copy_to_user(p, bits, len) ? -EFAULT : len; 592 } 593 #endif /* __BIG_ENDIAN */ 594 595 #else 596 597 static int bits_to_user(unsigned long *bits, unsigned int maxbit, 598 unsigned int maxlen, void __user *p, int compat) 599 { 600 int len = BITS_TO_LONGS(maxbit) * sizeof(long); 601 602 if (len > maxlen) 603 len = maxlen; 604 605 return copy_to_user(p, bits, len) ? -EFAULT : len; 606 } 607 608 #endif /* CONFIG_COMPAT */ 609 610 static int str_to_user(const char *str, unsigned int maxlen, void __user *p) 611 { 612 int len; 613 614 if (!str) 615 return -ENOENT; 616 617 len = strlen(str) + 1; 618 if (len > maxlen) 619 len = maxlen; 620 621 return copy_to_user(p, str, len) ? -EFAULT : len; 622 } 623 624 #define OLD_KEY_MAX 0x1ff 625 static int handle_eviocgbit(struct input_dev *dev, 626 unsigned int type, unsigned int size, 627 void __user *p, int compat_mode) 628 { 629 static unsigned long keymax_warn_time; 630 unsigned long *bits; 631 int len; 632 633 switch (type) { 634 635 case 0: bits = dev->evbit; len = EV_MAX; break; 636 case EV_KEY: bits = dev->keybit; len = KEY_MAX; break; 637 case EV_REL: bits = dev->relbit; len = REL_MAX; break; 638 case EV_ABS: bits = dev->absbit; len = ABS_MAX; break; 639 case EV_MSC: bits = dev->mscbit; len = MSC_MAX; break; 640 case EV_LED: bits = dev->ledbit; len = LED_MAX; break; 641 case EV_SND: bits = dev->sndbit; len = SND_MAX; break; 642 case EV_FF: bits = dev->ffbit; len = FF_MAX; break; 643 case EV_SW: bits = dev->swbit; len = SW_MAX; break; 644 default: return -EINVAL; 645 } 646 647 /* 648 * Work around bugs in userspace programs that like to do 649 * EVIOCGBIT(EV_KEY, KEY_MAX) and not realize that 'len' 650 * should be in bytes, not in bits. 651 */ 652 if (type == EV_KEY && size == OLD_KEY_MAX) { 653 len = OLD_KEY_MAX; 654 if (printk_timed_ratelimit(&keymax_warn_time, 10 * 1000)) 655 pr_warning("(EVIOCGBIT): Suspicious buffer size %u, " 656 "limiting output to %zu bytes. See " 657 "http://userweb.kernel.org/~dtor/eviocgbit-bug.html\n", 658 OLD_KEY_MAX, 659 BITS_TO_LONGS(OLD_KEY_MAX) * sizeof(long)); 660 } 661 662 return bits_to_user(bits, len, size, p, compat_mode); 663 } 664 #undef OLD_KEY_MAX 665 666 static int evdev_handle_get_keycode(struct input_dev *dev, void __user *p) 667 { 668 struct input_keymap_entry ke = { 669 .len = sizeof(unsigned int), 670 .flags = 0, 671 }; 672 int __user *ip = (int __user *)p; 673 int error; 674 675 /* legacy case */ 676 if (copy_from_user(ke.scancode, p, sizeof(unsigned int))) 677 return -EFAULT; 678 679 error = input_get_keycode(dev, &ke); 680 if (error) 681 return error; 682 683 if (put_user(ke.keycode, ip + 1)) 684 return -EFAULT; 685 686 return 0; 687 } 688 689 static int evdev_handle_get_keycode_v2(struct input_dev *dev, void __user *p) 690 { 691 struct input_keymap_entry ke; 692 int error; 693 694 if (copy_from_user(&ke, p, sizeof(ke))) 695 return -EFAULT; 696 697 error = input_get_keycode(dev, &ke); 698 if (error) 699 return error; 700 701 if (copy_to_user(p, &ke, sizeof(ke))) 702 return -EFAULT; 703 704 return 0; 705 } 706 707 static int evdev_handle_set_keycode(struct input_dev *dev, void __user *p) 708 { 709 struct input_keymap_entry ke = { 710 .len = sizeof(unsigned int), 711 .flags = 0, 712 }; 713 int __user *ip = (int __user *)p; 714 715 if (copy_from_user(ke.scancode, p, sizeof(unsigned int))) 716 return -EFAULT; 717 718 if (get_user(ke.keycode, ip + 1)) 719 return -EFAULT; 720 721 return input_set_keycode(dev, &ke); 722 } 723 724 static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p) 725 { 726 struct input_keymap_entry ke; 727 728 if (copy_from_user(&ke, p, sizeof(ke))) 729 return -EFAULT; 730 731 if (ke.len > sizeof(ke.scancode)) 732 return -EINVAL; 733 734 return input_set_keycode(dev, &ke); 735 } 736 737 /* 738 * If we transfer state to the user, we should flush all pending events 739 * of the same type from the client's queue. Otherwise, they might end up 740 * with duplicate events, which can screw up client's state tracking. 741 * If bits_to_user fails after flushing the queue, we queue a SYN_DROPPED 742 * event so user-space will notice missing events. 743 * 744 * LOCKING: 745 * We need to take event_lock before buffer_lock to avoid dead-locks. But we 746 * need the even_lock only to guarantee consistent state. We can safely release 747 * it while flushing the queue. This allows input-core to handle filters while 748 * we flush the queue. 749 */ 750 static int evdev_handle_get_val(struct evdev_client *client, 751 struct input_dev *dev, unsigned int type, 752 unsigned long *bits, unsigned int max, 753 unsigned int size, void __user *p, int compat) 754 { 755 int ret; 756 unsigned long *mem; 757 758 mem = kmalloc(sizeof(unsigned long) * max, GFP_KERNEL); 759 if (!mem) 760 return -ENOMEM; 761 762 spin_lock_irq(&dev->event_lock); 763 spin_lock(&client->buffer_lock); 764 765 memcpy(mem, bits, sizeof(unsigned long) * max); 766 767 spin_unlock(&dev->event_lock); 768 769 __evdev_flush_queue(client, type); 770 771 spin_unlock_irq(&client->buffer_lock); 772 773 ret = bits_to_user(mem, max, size, p, compat); 774 if (ret < 0) 775 evdev_queue_syn_dropped(client); 776 777 kfree(mem); 778 779 return ret; 780 } 781 782 static int evdev_handle_mt_request(struct input_dev *dev, 783 unsigned int size, 784 int __user *ip) 785 { 786 const struct input_mt *mt = dev->mt; 787 unsigned int code; 788 int max_slots; 789 int i; 790 791 if (get_user(code, &ip[0])) 792 return -EFAULT; 793 if (!mt || !input_is_mt_value(code)) 794 return -EINVAL; 795 796 max_slots = (size - sizeof(__u32)) / sizeof(__s32); 797 for (i = 0; i < mt->num_slots && i < max_slots; i++) { 798 int value = input_mt_get_value(&mt->slots[i], code); 799 if (put_user(value, &ip[1 + i])) 800 return -EFAULT; 801 } 802 803 return 0; 804 } 805 806 static int evdev_revoke(struct evdev *evdev, struct evdev_client *client, 807 struct file *file) 808 { 809 client->revoked = true; 810 evdev_ungrab(evdev, client); 811 input_flush_device(&evdev->handle, file); 812 wake_up_interruptible(&evdev->wait); 813 814 return 0; 815 } 816 817 static long evdev_do_ioctl(struct file *file, unsigned int cmd, 818 void __user *p, int compat_mode) 819 { 820 struct evdev_client *client = file->private_data; 821 struct evdev *evdev = client->evdev; 822 struct input_dev *dev = evdev->handle.dev; 823 struct input_absinfo abs; 824 struct ff_effect effect; 825 int __user *ip = (int __user *)p; 826 unsigned int i, t, u, v; 827 unsigned int size; 828 int error; 829 830 /* First we check for fixed-length commands */ 831 switch (cmd) { 832 833 case EVIOCGVERSION: 834 return put_user(EV_VERSION, ip); 835 836 case EVIOCGID: 837 if (copy_to_user(p, &dev->id, sizeof(struct input_id))) 838 return -EFAULT; 839 return 0; 840 841 case EVIOCGREP: 842 if (!test_bit(EV_REP, dev->evbit)) 843 return -ENOSYS; 844 if (put_user(dev->rep[REP_DELAY], ip)) 845 return -EFAULT; 846 if (put_user(dev->rep[REP_PERIOD], ip + 1)) 847 return -EFAULT; 848 return 0; 849 850 case EVIOCSREP: 851 if (!test_bit(EV_REP, dev->evbit)) 852 return -ENOSYS; 853 if (get_user(u, ip)) 854 return -EFAULT; 855 if (get_user(v, ip + 1)) 856 return -EFAULT; 857 858 input_inject_event(&evdev->handle, EV_REP, REP_DELAY, u); 859 input_inject_event(&evdev->handle, EV_REP, REP_PERIOD, v); 860 861 return 0; 862 863 case EVIOCRMFF: 864 return input_ff_erase(dev, (int)(unsigned long) p, file); 865 866 case EVIOCGEFFECTS: 867 i = test_bit(EV_FF, dev->evbit) ? 868 dev->ff->max_effects : 0; 869 if (put_user(i, ip)) 870 return -EFAULT; 871 return 0; 872 873 case EVIOCGRAB: 874 if (p) 875 return evdev_grab(evdev, client); 876 else 877 return evdev_ungrab(evdev, client); 878 879 case EVIOCREVOKE: 880 if (p) 881 return -EINVAL; 882 else 883 return evdev_revoke(evdev, client, file); 884 885 case EVIOCSCLOCKID: 886 if (copy_from_user(&i, p, sizeof(unsigned int))) 887 return -EFAULT; 888 if (i != CLOCK_MONOTONIC && i != CLOCK_REALTIME) 889 return -EINVAL; 890 client->clkid = i; 891 return 0; 892 893 case EVIOCGKEYCODE: 894 return evdev_handle_get_keycode(dev, p); 895 896 case EVIOCSKEYCODE: 897 return evdev_handle_set_keycode(dev, p); 898 899 case EVIOCGKEYCODE_V2: 900 return evdev_handle_get_keycode_v2(dev, p); 901 902 case EVIOCSKEYCODE_V2: 903 return evdev_handle_set_keycode_v2(dev, p); 904 } 905 906 size = _IOC_SIZE(cmd); 907 908 /* Now check variable-length commands */ 909 #define EVIOC_MASK_SIZE(nr) ((nr) & ~(_IOC_SIZEMASK << _IOC_SIZESHIFT)) 910 switch (EVIOC_MASK_SIZE(cmd)) { 911 912 case EVIOCGPROP(0): 913 return bits_to_user(dev->propbit, INPUT_PROP_MAX, 914 size, p, compat_mode); 915 916 case EVIOCGMTSLOTS(0): 917 return evdev_handle_mt_request(dev, size, ip); 918 919 case EVIOCGKEY(0): 920 return evdev_handle_get_val(client, dev, EV_KEY, dev->key, 921 KEY_MAX, size, p, compat_mode); 922 923 case EVIOCGLED(0): 924 return evdev_handle_get_val(client, dev, EV_LED, dev->led, 925 LED_MAX, size, p, compat_mode); 926 927 case EVIOCGSND(0): 928 return evdev_handle_get_val(client, dev, EV_SND, dev->snd, 929 SND_MAX, size, p, compat_mode); 930 931 case EVIOCGSW(0): 932 return evdev_handle_get_val(client, dev, EV_SW, dev->sw, 933 SW_MAX, size, p, compat_mode); 934 935 case EVIOCGNAME(0): 936 return str_to_user(dev->name, size, p); 937 938 case EVIOCGPHYS(0): 939 return str_to_user(dev->phys, size, p); 940 941 case EVIOCGUNIQ(0): 942 return str_to_user(dev->uniq, size, p); 943 944 case EVIOC_MASK_SIZE(EVIOCSFF): 945 if (input_ff_effect_from_user(p, size, &effect)) 946 return -EFAULT; 947 948 error = input_ff_upload(dev, &effect, file); 949 950 if (put_user(effect.id, &(((struct ff_effect __user *)p)->id))) 951 return -EFAULT; 952 953 return error; 954 } 955 956 /* Multi-number variable-length handlers */ 957 if (_IOC_TYPE(cmd) != 'E') 958 return -EINVAL; 959 960 if (_IOC_DIR(cmd) == _IOC_READ) { 961 962 if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0, 0))) 963 return handle_eviocgbit(dev, 964 _IOC_NR(cmd) & EV_MAX, size, 965 p, compat_mode); 966 967 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) { 968 969 if (!dev->absinfo) 970 return -EINVAL; 971 972 t = _IOC_NR(cmd) & ABS_MAX; 973 abs = dev->absinfo[t]; 974 975 if (copy_to_user(p, &abs, min_t(size_t, 976 size, sizeof(struct input_absinfo)))) 977 return -EFAULT; 978 979 return 0; 980 } 981 } 982 983 if (_IOC_DIR(cmd) == _IOC_WRITE) { 984 985 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) { 986 987 if (!dev->absinfo) 988 return -EINVAL; 989 990 t = _IOC_NR(cmd) & ABS_MAX; 991 992 if (copy_from_user(&abs, p, min_t(size_t, 993 size, sizeof(struct input_absinfo)))) 994 return -EFAULT; 995 996 if (size < sizeof(struct input_absinfo)) 997 abs.resolution = 0; 998 999 /* We can't change number of reserved MT slots */ 1000 if (t == ABS_MT_SLOT) 1001 return -EINVAL; 1002 1003 /* 1004 * Take event lock to ensure that we are not 1005 * changing device parameters in the middle 1006 * of event. 1007 */ 1008 spin_lock_irq(&dev->event_lock); 1009 dev->absinfo[t] = abs; 1010 spin_unlock_irq(&dev->event_lock); 1011 1012 return 0; 1013 } 1014 } 1015 1016 return -EINVAL; 1017 } 1018 1019 static long evdev_ioctl_handler(struct file *file, unsigned int cmd, 1020 void __user *p, int compat_mode) 1021 { 1022 struct evdev_client *client = file->private_data; 1023 struct evdev *evdev = client->evdev; 1024 int retval; 1025 1026 retval = mutex_lock_interruptible(&evdev->mutex); 1027 if (retval) 1028 return retval; 1029 1030 if (!evdev->exist || client->revoked) { 1031 retval = -ENODEV; 1032 goto out; 1033 } 1034 1035 retval = evdev_do_ioctl(file, cmd, p, compat_mode); 1036 1037 out: 1038 mutex_unlock(&evdev->mutex); 1039 return retval; 1040 } 1041 1042 static long evdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1043 { 1044 return evdev_ioctl_handler(file, cmd, (void __user *)arg, 0); 1045 } 1046 1047 #ifdef CONFIG_COMPAT 1048 static long evdev_ioctl_compat(struct file *file, 1049 unsigned int cmd, unsigned long arg) 1050 { 1051 return evdev_ioctl_handler(file, cmd, compat_ptr(arg), 1); 1052 } 1053 #endif 1054 1055 static const struct file_operations evdev_fops = { 1056 .owner = THIS_MODULE, 1057 .read = evdev_read, 1058 .write = evdev_write, 1059 .poll = evdev_poll, 1060 .open = evdev_open, 1061 .release = evdev_release, 1062 .unlocked_ioctl = evdev_ioctl, 1063 #ifdef CONFIG_COMPAT 1064 .compat_ioctl = evdev_ioctl_compat, 1065 #endif 1066 .fasync = evdev_fasync, 1067 .flush = evdev_flush, 1068 .llseek = no_llseek, 1069 }; 1070 1071 /* 1072 * Mark device non-existent. This disables writes, ioctls and 1073 * prevents new users from opening the device. Already posted 1074 * blocking reads will stay, however new ones will fail. 1075 */ 1076 static void evdev_mark_dead(struct evdev *evdev) 1077 { 1078 mutex_lock(&evdev->mutex); 1079 evdev->exist = false; 1080 mutex_unlock(&evdev->mutex); 1081 } 1082 1083 static void evdev_cleanup(struct evdev *evdev) 1084 { 1085 struct input_handle *handle = &evdev->handle; 1086 1087 evdev_mark_dead(evdev); 1088 evdev_hangup(evdev); 1089 1090 cdev_del(&evdev->cdev); 1091 1092 /* evdev is marked dead so no one else accesses evdev->open */ 1093 if (evdev->open) { 1094 input_flush_device(handle, NULL); 1095 input_close_device(handle); 1096 } 1097 } 1098 1099 /* 1100 * Create new evdev device. Note that input core serializes calls 1101 * to connect and disconnect. 1102 */ 1103 static int evdev_connect(struct input_handler *handler, struct input_dev *dev, 1104 const struct input_device_id *id) 1105 { 1106 struct evdev *evdev; 1107 int minor; 1108 int dev_no; 1109 int error; 1110 1111 minor = input_get_new_minor(EVDEV_MINOR_BASE, EVDEV_MINORS, true); 1112 if (minor < 0) { 1113 error = minor; 1114 pr_err("failed to reserve new minor: %d\n", error); 1115 return error; 1116 } 1117 1118 evdev = kzalloc(sizeof(struct evdev), GFP_KERNEL); 1119 if (!evdev) { 1120 error = -ENOMEM; 1121 goto err_free_minor; 1122 } 1123 1124 INIT_LIST_HEAD(&evdev->client_list); 1125 spin_lock_init(&evdev->client_lock); 1126 mutex_init(&evdev->mutex); 1127 init_waitqueue_head(&evdev->wait); 1128 evdev->exist = true; 1129 1130 dev_no = minor; 1131 /* Normalize device number if it falls into legacy range */ 1132 if (dev_no < EVDEV_MINOR_BASE + EVDEV_MINORS) 1133 dev_no -= EVDEV_MINOR_BASE; 1134 dev_set_name(&evdev->dev, "event%d", dev_no); 1135 1136 evdev->handle.dev = input_get_device(dev); 1137 evdev->handle.name = dev_name(&evdev->dev); 1138 evdev->handle.handler = handler; 1139 evdev->handle.private = evdev; 1140 1141 evdev->dev.devt = MKDEV(INPUT_MAJOR, minor); 1142 evdev->dev.class = &input_class; 1143 evdev->dev.parent = &dev->dev; 1144 evdev->dev.release = evdev_free; 1145 device_initialize(&evdev->dev); 1146 1147 error = input_register_handle(&evdev->handle); 1148 if (error) 1149 goto err_free_evdev; 1150 1151 cdev_init(&evdev->cdev, &evdev_fops); 1152 evdev->cdev.kobj.parent = &evdev->dev.kobj; 1153 error = cdev_add(&evdev->cdev, evdev->dev.devt, 1); 1154 if (error) 1155 goto err_unregister_handle; 1156 1157 error = device_add(&evdev->dev); 1158 if (error) 1159 goto err_cleanup_evdev; 1160 1161 return 0; 1162 1163 err_cleanup_evdev: 1164 evdev_cleanup(evdev); 1165 err_unregister_handle: 1166 input_unregister_handle(&evdev->handle); 1167 err_free_evdev: 1168 put_device(&evdev->dev); 1169 err_free_minor: 1170 input_free_minor(minor); 1171 return error; 1172 } 1173 1174 static void evdev_disconnect(struct input_handle *handle) 1175 { 1176 struct evdev *evdev = handle->private; 1177 1178 device_del(&evdev->dev); 1179 evdev_cleanup(evdev); 1180 input_free_minor(MINOR(evdev->dev.devt)); 1181 input_unregister_handle(handle); 1182 put_device(&evdev->dev); 1183 } 1184 1185 static const struct input_device_id evdev_ids[] = { 1186 { .driver_info = 1 }, /* Matches all devices */ 1187 { }, /* Terminating zero entry */ 1188 }; 1189 1190 MODULE_DEVICE_TABLE(input, evdev_ids); 1191 1192 static struct input_handler evdev_handler = { 1193 .event = evdev_event, 1194 .events = evdev_events, 1195 .connect = evdev_connect, 1196 .disconnect = evdev_disconnect, 1197 .legacy_minors = true, 1198 .minor = EVDEV_MINOR_BASE, 1199 .name = "evdev", 1200 .id_table = evdev_ids, 1201 }; 1202 1203 static int __init evdev_init(void) 1204 { 1205 return input_register_handler(&evdev_handler); 1206 } 1207 1208 static void __exit evdev_exit(void) 1209 { 1210 input_unregister_handler(&evdev_handler); 1211 } 1212 1213 module_init(evdev_init); 1214 module_exit(evdev_exit); 1215 1216 MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>"); 1217 MODULE_DESCRIPTION("Input driver event char devices"); 1218 MODULE_LICENSE("GPL"); 1219