1 /* 2 * Event char devices, giving access to raw input device events. 3 * 4 * Copyright (c) 1999-2002 Vojtech Pavlik 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published by 8 * the Free Software Foundation. 9 */ 10 11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 12 13 #define EVDEV_MINOR_BASE 64 14 #define EVDEV_MINORS 32 15 #define EVDEV_MIN_BUFFER_SIZE 64U 16 #define EVDEV_BUF_PACKETS 8 17 18 #include <linux/poll.h> 19 #include <linux/sched.h> 20 #include <linux/slab.h> 21 #include <linux/vmalloc.h> 22 #include <linux/mm.h> 23 #include <linux/module.h> 24 #include <linux/init.h> 25 #include <linux/input/mt.h> 26 #include <linux/major.h> 27 #include <linux/device.h> 28 #include <linux/cdev.h> 29 #include "input-compat.h" 30 31 enum evdev_clock_type { 32 EV_CLK_REAL = 0, 33 EV_CLK_MONO, 34 EV_CLK_MAX 35 }; 36 37 struct evdev { 38 int open; 39 struct input_handle handle; 40 wait_queue_head_t wait; 41 struct evdev_client __rcu *grab; 42 struct list_head client_list; 43 spinlock_t client_lock; /* protects client_list */ 44 struct mutex mutex; 45 struct device dev; 46 struct cdev cdev; 47 bool exist; 48 }; 49 50 struct evdev_client { 51 unsigned int head; 52 unsigned int tail; 53 unsigned int packet_head; /* [future] position of the first element of next packet */ 54 spinlock_t buffer_lock; /* protects access to buffer, head and tail */ 55 struct fasync_struct *fasync; 56 struct evdev *evdev; 57 struct list_head node; 58 unsigned int clk_type; 59 bool revoked; 60 unsigned long *evmasks[EV_CNT]; 61 unsigned int bufsize; 62 struct input_event buffer[]; 63 }; 64 65 static size_t evdev_get_mask_cnt(unsigned int type) 66 { 67 static const size_t counts[EV_CNT] = { 68 /* EV_SYN==0 is EV_CNT, _not_ SYN_CNT, see EVIOCGBIT */ 69 [EV_SYN] = EV_CNT, 70 [EV_KEY] = KEY_CNT, 71 [EV_REL] = REL_CNT, 72 [EV_ABS] = ABS_CNT, 73 [EV_MSC] = MSC_CNT, 74 [EV_SW] = SW_CNT, 75 [EV_LED] = LED_CNT, 76 [EV_SND] = SND_CNT, 77 [EV_FF] = FF_CNT, 78 }; 79 80 return (type < EV_CNT) ? counts[type] : 0; 81 } 82 83 /* requires the buffer lock to be held */ 84 static bool __evdev_is_filtered(struct evdev_client *client, 85 unsigned int type, 86 unsigned int code) 87 { 88 unsigned long *mask; 89 size_t cnt; 90 91 /* EV_SYN and unknown codes are never filtered */ 92 if (type == EV_SYN || type >= EV_CNT) 93 return false; 94 95 /* first test whether the type is filtered */ 96 mask = client->evmasks[0]; 97 if (mask && !test_bit(type, mask)) 98 return true; 99 100 /* unknown values are never filtered */ 101 cnt = evdev_get_mask_cnt(type); 102 if (!cnt || code >= cnt) 103 return false; 104 105 mask = client->evmasks[type]; 106 return mask && !test_bit(code, mask); 107 } 108 109 /* flush queued events of type @type, caller must hold client->buffer_lock */ 110 static void __evdev_flush_queue(struct evdev_client *client, unsigned int type) 111 { 112 unsigned int i, head, num; 113 unsigned int mask = client->bufsize - 1; 114 bool is_report; 115 struct input_event *ev; 116 117 BUG_ON(type == EV_SYN); 118 119 head = client->tail; 120 client->packet_head = client->tail; 121 122 /* init to 1 so a leading SYN_REPORT will not be dropped */ 123 num = 1; 124 125 for (i = client->tail; i != client->head; i = (i + 1) & mask) { 126 ev = &client->buffer[i]; 127 is_report = ev->type == EV_SYN && ev->code == SYN_REPORT; 128 129 if (ev->type == type) { 130 /* drop matched entry */ 131 continue; 132 } else if (is_report && !num) { 133 /* drop empty SYN_REPORT groups */ 134 continue; 135 } else if (head != i) { 136 /* move entry to fill the gap */ 137 client->buffer[head] = *ev; 138 } 139 140 num++; 141 head = (head + 1) & mask; 142 143 if (is_report) { 144 num = 0; 145 client->packet_head = head; 146 } 147 } 148 149 client->head = head; 150 } 151 152 static void __evdev_queue_syn_dropped(struct evdev_client *client) 153 { 154 struct input_event ev; 155 ktime_t time; 156 struct timespec64 ts; 157 158 time = client->clk_type == EV_CLK_REAL ? 159 ktime_get_real() : 160 client->clk_type == EV_CLK_MONO ? 161 ktime_get() : 162 ktime_get_boottime(); 163 164 ts = ktime_to_timespec64(time); 165 ev.input_event_sec = ts.tv_sec; 166 ev.input_event_usec = ts.tv_nsec / NSEC_PER_USEC; 167 ev.type = EV_SYN; 168 ev.code = SYN_DROPPED; 169 ev.value = 0; 170 171 client->buffer[client->head++] = ev; 172 client->head &= client->bufsize - 1; 173 174 if (unlikely(client->head == client->tail)) { 175 /* drop queue but keep our SYN_DROPPED event */ 176 client->tail = (client->head - 1) & (client->bufsize - 1); 177 client->packet_head = client->tail; 178 } 179 } 180 181 static void evdev_queue_syn_dropped(struct evdev_client *client) 182 { 183 unsigned long flags; 184 185 spin_lock_irqsave(&client->buffer_lock, flags); 186 __evdev_queue_syn_dropped(client); 187 spin_unlock_irqrestore(&client->buffer_lock, flags); 188 } 189 190 static int evdev_set_clk_type(struct evdev_client *client, unsigned int clkid) 191 { 192 unsigned long flags; 193 unsigned int clk_type; 194 195 switch (clkid) { 196 197 case CLOCK_REALTIME: 198 clk_type = EV_CLK_REAL; 199 break; 200 case CLOCK_BOOTTIME: 201 case CLOCK_MONOTONIC: 202 clk_type = EV_CLK_MONO; 203 break; 204 default: 205 return -EINVAL; 206 } 207 208 if (client->clk_type != clk_type) { 209 client->clk_type = clk_type; 210 211 /* 212 * Flush pending events and queue SYN_DROPPED event, 213 * but only if the queue is not empty. 214 */ 215 spin_lock_irqsave(&client->buffer_lock, flags); 216 217 if (client->head != client->tail) { 218 client->packet_head = client->head = client->tail; 219 __evdev_queue_syn_dropped(client); 220 } 221 222 spin_unlock_irqrestore(&client->buffer_lock, flags); 223 } 224 225 return 0; 226 } 227 228 static void __pass_event(struct evdev_client *client, 229 const struct input_event *event) 230 { 231 client->buffer[client->head++] = *event; 232 client->head &= client->bufsize - 1; 233 234 if (unlikely(client->head == client->tail)) { 235 /* 236 * This effectively "drops" all unconsumed events, leaving 237 * EV_SYN/SYN_DROPPED plus the newest event in the queue. 238 */ 239 client->tail = (client->head - 2) & (client->bufsize - 1); 240 241 client->buffer[client->tail].input_event_sec = 242 event->input_event_sec; 243 client->buffer[client->tail].input_event_usec = 244 event->input_event_usec; 245 client->buffer[client->tail].type = EV_SYN; 246 client->buffer[client->tail].code = SYN_DROPPED; 247 client->buffer[client->tail].value = 0; 248 249 client->packet_head = client->tail; 250 } 251 252 if (event->type == EV_SYN && event->code == SYN_REPORT) { 253 client->packet_head = client->head; 254 kill_fasync(&client->fasync, SIGIO, POLL_IN); 255 } 256 } 257 258 static void evdev_pass_values(struct evdev_client *client, 259 const struct input_value *vals, unsigned int count, 260 ktime_t *ev_time) 261 { 262 struct evdev *evdev = client->evdev; 263 const struct input_value *v; 264 struct input_event event; 265 struct timespec64 ts; 266 bool wakeup = false; 267 268 if (client->revoked) 269 return; 270 271 ts = ktime_to_timespec64(ev_time[client->clk_type]); 272 event.input_event_sec = ts.tv_sec; 273 event.input_event_usec = ts.tv_nsec / NSEC_PER_USEC; 274 275 /* Interrupts are disabled, just acquire the lock. */ 276 spin_lock(&client->buffer_lock); 277 278 for (v = vals; v != vals + count; v++) { 279 if (__evdev_is_filtered(client, v->type, v->code)) 280 continue; 281 282 if (v->type == EV_SYN && v->code == SYN_REPORT) { 283 /* drop empty SYN_REPORT */ 284 if (client->packet_head == client->head) 285 continue; 286 287 wakeup = true; 288 } 289 290 event.type = v->type; 291 event.code = v->code; 292 event.value = v->value; 293 __pass_event(client, &event); 294 } 295 296 spin_unlock(&client->buffer_lock); 297 298 if (wakeup) 299 wake_up_interruptible(&evdev->wait); 300 } 301 302 /* 303 * Pass incoming events to all connected clients. 304 */ 305 static void evdev_events(struct input_handle *handle, 306 const struct input_value *vals, unsigned int count) 307 { 308 struct evdev *evdev = handle->private; 309 struct evdev_client *client; 310 ktime_t ev_time[EV_CLK_MAX]; 311 312 ev_time[EV_CLK_MONO] = ktime_get(); 313 ev_time[EV_CLK_REAL] = ktime_mono_to_real(ev_time[EV_CLK_MONO]); 314 315 rcu_read_lock(); 316 317 client = rcu_dereference(evdev->grab); 318 319 if (client) 320 evdev_pass_values(client, vals, count, ev_time); 321 else 322 list_for_each_entry_rcu(client, &evdev->client_list, node) 323 evdev_pass_values(client, vals, count, ev_time); 324 325 rcu_read_unlock(); 326 } 327 328 /* 329 * Pass incoming event to all connected clients. 330 */ 331 static void evdev_event(struct input_handle *handle, 332 unsigned int type, unsigned int code, int value) 333 { 334 struct input_value vals[] = { { type, code, value } }; 335 336 evdev_events(handle, vals, 1); 337 } 338 339 static int evdev_fasync(int fd, struct file *file, int on) 340 { 341 struct evdev_client *client = file->private_data; 342 343 return fasync_helper(fd, file, on, &client->fasync); 344 } 345 346 static int evdev_flush(struct file *file, fl_owner_t id) 347 { 348 struct evdev_client *client = file->private_data; 349 struct evdev *evdev = client->evdev; 350 351 mutex_lock(&evdev->mutex); 352 353 if (evdev->exist && !client->revoked) 354 input_flush_device(&evdev->handle, file); 355 356 mutex_unlock(&evdev->mutex); 357 return 0; 358 } 359 360 static void evdev_free(struct device *dev) 361 { 362 struct evdev *evdev = container_of(dev, struct evdev, dev); 363 364 input_put_device(evdev->handle.dev); 365 kfree(evdev); 366 } 367 368 /* 369 * Grabs an event device (along with underlying input device). 370 * This function is called with evdev->mutex taken. 371 */ 372 static int evdev_grab(struct evdev *evdev, struct evdev_client *client) 373 { 374 int error; 375 376 if (evdev->grab) 377 return -EBUSY; 378 379 error = input_grab_device(&evdev->handle); 380 if (error) 381 return error; 382 383 rcu_assign_pointer(evdev->grab, client); 384 385 return 0; 386 } 387 388 static int evdev_ungrab(struct evdev *evdev, struct evdev_client *client) 389 { 390 struct evdev_client *grab = rcu_dereference_protected(evdev->grab, 391 lockdep_is_held(&evdev->mutex)); 392 393 if (grab != client) 394 return -EINVAL; 395 396 rcu_assign_pointer(evdev->grab, NULL); 397 synchronize_rcu(); 398 input_release_device(&evdev->handle); 399 400 return 0; 401 } 402 403 static void evdev_attach_client(struct evdev *evdev, 404 struct evdev_client *client) 405 { 406 spin_lock(&evdev->client_lock); 407 list_add_tail_rcu(&client->node, &evdev->client_list); 408 spin_unlock(&evdev->client_lock); 409 } 410 411 static void evdev_detach_client(struct evdev *evdev, 412 struct evdev_client *client) 413 { 414 spin_lock(&evdev->client_lock); 415 list_del_rcu(&client->node); 416 spin_unlock(&evdev->client_lock); 417 synchronize_rcu(); 418 } 419 420 static int evdev_open_device(struct evdev *evdev) 421 { 422 int retval; 423 424 retval = mutex_lock_interruptible(&evdev->mutex); 425 if (retval) 426 return retval; 427 428 if (!evdev->exist) 429 retval = -ENODEV; 430 else if (!evdev->open++) { 431 retval = input_open_device(&evdev->handle); 432 if (retval) 433 evdev->open--; 434 } 435 436 mutex_unlock(&evdev->mutex); 437 return retval; 438 } 439 440 static void evdev_close_device(struct evdev *evdev) 441 { 442 mutex_lock(&evdev->mutex); 443 444 if (evdev->exist && !--evdev->open) 445 input_close_device(&evdev->handle); 446 447 mutex_unlock(&evdev->mutex); 448 } 449 450 /* 451 * Wake up users waiting for IO so they can disconnect from 452 * dead device. 453 */ 454 static void evdev_hangup(struct evdev *evdev) 455 { 456 struct evdev_client *client; 457 458 spin_lock(&evdev->client_lock); 459 list_for_each_entry(client, &evdev->client_list, node) 460 kill_fasync(&client->fasync, SIGIO, POLL_HUP); 461 spin_unlock(&evdev->client_lock); 462 463 wake_up_interruptible(&evdev->wait); 464 } 465 466 static int evdev_release(struct inode *inode, struct file *file) 467 { 468 struct evdev_client *client = file->private_data; 469 struct evdev *evdev = client->evdev; 470 unsigned int i; 471 472 mutex_lock(&evdev->mutex); 473 evdev_ungrab(evdev, client); 474 mutex_unlock(&evdev->mutex); 475 476 evdev_detach_client(evdev, client); 477 478 for (i = 0; i < EV_CNT; ++i) 479 kfree(client->evmasks[i]); 480 481 kvfree(client); 482 483 evdev_close_device(evdev); 484 485 return 0; 486 } 487 488 static unsigned int evdev_compute_buffer_size(struct input_dev *dev) 489 { 490 unsigned int n_events = 491 max(dev->hint_events_per_packet * EVDEV_BUF_PACKETS, 492 EVDEV_MIN_BUFFER_SIZE); 493 494 return roundup_pow_of_two(n_events); 495 } 496 497 static int evdev_open(struct inode *inode, struct file *file) 498 { 499 struct evdev *evdev = container_of(inode->i_cdev, struct evdev, cdev); 500 unsigned int bufsize = evdev_compute_buffer_size(evdev->handle.dev); 501 unsigned int size = sizeof(struct evdev_client) + 502 bufsize * sizeof(struct input_event); 503 struct evdev_client *client; 504 int error; 505 506 client = kzalloc(size, GFP_KERNEL | __GFP_NOWARN); 507 if (!client) 508 client = vzalloc(size); 509 if (!client) 510 return -ENOMEM; 511 512 client->bufsize = bufsize; 513 spin_lock_init(&client->buffer_lock); 514 client->evdev = evdev; 515 evdev_attach_client(evdev, client); 516 517 error = evdev_open_device(evdev); 518 if (error) 519 goto err_free_client; 520 521 file->private_data = client; 522 nonseekable_open(inode, file); 523 524 return 0; 525 526 err_free_client: 527 evdev_detach_client(evdev, client); 528 kvfree(client); 529 return error; 530 } 531 532 static ssize_t evdev_write(struct file *file, const char __user *buffer, 533 size_t count, loff_t *ppos) 534 { 535 struct evdev_client *client = file->private_data; 536 struct evdev *evdev = client->evdev; 537 struct input_event event; 538 int retval = 0; 539 540 if (count != 0 && count < input_event_size()) 541 return -EINVAL; 542 543 retval = mutex_lock_interruptible(&evdev->mutex); 544 if (retval) 545 return retval; 546 547 if (!evdev->exist || client->revoked) { 548 retval = -ENODEV; 549 goto out; 550 } 551 552 while (retval + input_event_size() <= count) { 553 554 if (input_event_from_user(buffer + retval, &event)) { 555 retval = -EFAULT; 556 goto out; 557 } 558 retval += input_event_size(); 559 560 input_inject_event(&evdev->handle, 561 event.type, event.code, event.value); 562 } 563 564 out: 565 mutex_unlock(&evdev->mutex); 566 return retval; 567 } 568 569 static int evdev_fetch_next_event(struct evdev_client *client, 570 struct input_event *event) 571 { 572 int have_event; 573 574 spin_lock_irq(&client->buffer_lock); 575 576 have_event = client->packet_head != client->tail; 577 if (have_event) { 578 *event = client->buffer[client->tail++]; 579 client->tail &= client->bufsize - 1; 580 } 581 582 spin_unlock_irq(&client->buffer_lock); 583 584 return have_event; 585 } 586 587 static ssize_t evdev_read(struct file *file, char __user *buffer, 588 size_t count, loff_t *ppos) 589 { 590 struct evdev_client *client = file->private_data; 591 struct evdev *evdev = client->evdev; 592 struct input_event event; 593 size_t read = 0; 594 int error; 595 596 if (count != 0 && count < input_event_size()) 597 return -EINVAL; 598 599 for (;;) { 600 if (!evdev->exist || client->revoked) 601 return -ENODEV; 602 603 if (client->packet_head == client->tail && 604 (file->f_flags & O_NONBLOCK)) 605 return -EAGAIN; 606 607 /* 608 * count == 0 is special - no IO is done but we check 609 * for error conditions (see above). 610 */ 611 if (count == 0) 612 break; 613 614 while (read + input_event_size() <= count && 615 evdev_fetch_next_event(client, &event)) { 616 617 if (input_event_to_user(buffer + read, &event)) 618 return -EFAULT; 619 620 read += input_event_size(); 621 } 622 623 if (read) 624 break; 625 626 if (!(file->f_flags & O_NONBLOCK)) { 627 error = wait_event_interruptible(evdev->wait, 628 client->packet_head != client->tail || 629 !evdev->exist || client->revoked); 630 if (error) 631 return error; 632 } 633 } 634 635 return read; 636 } 637 638 /* No kernel lock - fine */ 639 static __poll_t evdev_poll(struct file *file, poll_table *wait) 640 { 641 struct evdev_client *client = file->private_data; 642 struct evdev *evdev = client->evdev; 643 __poll_t mask; 644 645 poll_wait(file, &evdev->wait, wait); 646 647 if (evdev->exist && !client->revoked) 648 mask = EPOLLOUT | EPOLLWRNORM; 649 else 650 mask = EPOLLHUP | EPOLLERR; 651 652 if (client->packet_head != client->tail) 653 mask |= EPOLLIN | EPOLLRDNORM; 654 655 return mask; 656 } 657 658 #ifdef CONFIG_COMPAT 659 660 #define BITS_PER_LONG_COMPAT (sizeof(compat_long_t) * 8) 661 #define BITS_TO_LONGS_COMPAT(x) ((((x) - 1) / BITS_PER_LONG_COMPAT) + 1) 662 663 #ifdef __BIG_ENDIAN 664 static int bits_to_user(unsigned long *bits, unsigned int maxbit, 665 unsigned int maxlen, void __user *p, int compat) 666 { 667 int len, i; 668 669 if (compat) { 670 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t); 671 if (len > maxlen) 672 len = maxlen; 673 674 for (i = 0; i < len / sizeof(compat_long_t); i++) 675 if (copy_to_user((compat_long_t __user *) p + i, 676 (compat_long_t *) bits + 677 i + 1 - ((i % 2) << 1), 678 sizeof(compat_long_t))) 679 return -EFAULT; 680 } else { 681 len = BITS_TO_LONGS(maxbit) * sizeof(long); 682 if (len > maxlen) 683 len = maxlen; 684 685 if (copy_to_user(p, bits, len)) 686 return -EFAULT; 687 } 688 689 return len; 690 } 691 692 static int bits_from_user(unsigned long *bits, unsigned int maxbit, 693 unsigned int maxlen, const void __user *p, int compat) 694 { 695 int len, i; 696 697 if (compat) { 698 if (maxlen % sizeof(compat_long_t)) 699 return -EINVAL; 700 701 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t); 702 if (len > maxlen) 703 len = maxlen; 704 705 for (i = 0; i < len / sizeof(compat_long_t); i++) 706 if (copy_from_user((compat_long_t *) bits + 707 i + 1 - ((i % 2) << 1), 708 (compat_long_t __user *) p + i, 709 sizeof(compat_long_t))) 710 return -EFAULT; 711 if (i % 2) 712 *((compat_long_t *) bits + i - 1) = 0; 713 714 } else { 715 if (maxlen % sizeof(long)) 716 return -EINVAL; 717 718 len = BITS_TO_LONGS(maxbit) * sizeof(long); 719 if (len > maxlen) 720 len = maxlen; 721 722 if (copy_from_user(bits, p, len)) 723 return -EFAULT; 724 } 725 726 return len; 727 } 728 729 #else 730 731 static int bits_to_user(unsigned long *bits, unsigned int maxbit, 732 unsigned int maxlen, void __user *p, int compat) 733 { 734 int len = compat ? 735 BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t) : 736 BITS_TO_LONGS(maxbit) * sizeof(long); 737 738 if (len > maxlen) 739 len = maxlen; 740 741 return copy_to_user(p, bits, len) ? -EFAULT : len; 742 } 743 744 static int bits_from_user(unsigned long *bits, unsigned int maxbit, 745 unsigned int maxlen, const void __user *p, int compat) 746 { 747 size_t chunk_size = compat ? sizeof(compat_long_t) : sizeof(long); 748 int len; 749 750 if (maxlen % chunk_size) 751 return -EINVAL; 752 753 len = compat ? BITS_TO_LONGS_COMPAT(maxbit) : BITS_TO_LONGS(maxbit); 754 len *= chunk_size; 755 if (len > maxlen) 756 len = maxlen; 757 758 return copy_from_user(bits, p, len) ? -EFAULT : len; 759 } 760 761 #endif /* __BIG_ENDIAN */ 762 763 #else 764 765 static int bits_to_user(unsigned long *bits, unsigned int maxbit, 766 unsigned int maxlen, void __user *p, int compat) 767 { 768 int len = BITS_TO_LONGS(maxbit) * sizeof(long); 769 770 if (len > maxlen) 771 len = maxlen; 772 773 return copy_to_user(p, bits, len) ? -EFAULT : len; 774 } 775 776 static int bits_from_user(unsigned long *bits, unsigned int maxbit, 777 unsigned int maxlen, const void __user *p, int compat) 778 { 779 int len; 780 781 if (maxlen % sizeof(long)) 782 return -EINVAL; 783 784 len = BITS_TO_LONGS(maxbit) * sizeof(long); 785 if (len > maxlen) 786 len = maxlen; 787 788 return copy_from_user(bits, p, len) ? -EFAULT : len; 789 } 790 791 #endif /* CONFIG_COMPAT */ 792 793 static int str_to_user(const char *str, unsigned int maxlen, void __user *p) 794 { 795 int len; 796 797 if (!str) 798 return -ENOENT; 799 800 len = strlen(str) + 1; 801 if (len > maxlen) 802 len = maxlen; 803 804 return copy_to_user(p, str, len) ? -EFAULT : len; 805 } 806 807 static int handle_eviocgbit(struct input_dev *dev, 808 unsigned int type, unsigned int size, 809 void __user *p, int compat_mode) 810 { 811 unsigned long *bits; 812 int len; 813 814 switch (type) { 815 816 case 0: bits = dev->evbit; len = EV_MAX; break; 817 case EV_KEY: bits = dev->keybit; len = KEY_MAX; break; 818 case EV_REL: bits = dev->relbit; len = REL_MAX; break; 819 case EV_ABS: bits = dev->absbit; len = ABS_MAX; break; 820 case EV_MSC: bits = dev->mscbit; len = MSC_MAX; break; 821 case EV_LED: bits = dev->ledbit; len = LED_MAX; break; 822 case EV_SND: bits = dev->sndbit; len = SND_MAX; break; 823 case EV_FF: bits = dev->ffbit; len = FF_MAX; break; 824 case EV_SW: bits = dev->swbit; len = SW_MAX; break; 825 default: return -EINVAL; 826 } 827 828 return bits_to_user(bits, len, size, p, compat_mode); 829 } 830 831 static int evdev_handle_get_keycode(struct input_dev *dev, void __user *p) 832 { 833 struct input_keymap_entry ke = { 834 .len = sizeof(unsigned int), 835 .flags = 0, 836 }; 837 int __user *ip = (int __user *)p; 838 int error; 839 840 /* legacy case */ 841 if (copy_from_user(ke.scancode, p, sizeof(unsigned int))) 842 return -EFAULT; 843 844 error = input_get_keycode(dev, &ke); 845 if (error) 846 return error; 847 848 if (put_user(ke.keycode, ip + 1)) 849 return -EFAULT; 850 851 return 0; 852 } 853 854 static int evdev_handle_get_keycode_v2(struct input_dev *dev, void __user *p) 855 { 856 struct input_keymap_entry ke; 857 int error; 858 859 if (copy_from_user(&ke, p, sizeof(ke))) 860 return -EFAULT; 861 862 error = input_get_keycode(dev, &ke); 863 if (error) 864 return error; 865 866 if (copy_to_user(p, &ke, sizeof(ke))) 867 return -EFAULT; 868 869 return 0; 870 } 871 872 static int evdev_handle_set_keycode(struct input_dev *dev, void __user *p) 873 { 874 struct input_keymap_entry ke = { 875 .len = sizeof(unsigned int), 876 .flags = 0, 877 }; 878 int __user *ip = (int __user *)p; 879 880 if (copy_from_user(ke.scancode, p, sizeof(unsigned int))) 881 return -EFAULT; 882 883 if (get_user(ke.keycode, ip + 1)) 884 return -EFAULT; 885 886 return input_set_keycode(dev, &ke); 887 } 888 889 static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p) 890 { 891 struct input_keymap_entry ke; 892 893 if (copy_from_user(&ke, p, sizeof(ke))) 894 return -EFAULT; 895 896 if (ke.len > sizeof(ke.scancode)) 897 return -EINVAL; 898 899 return input_set_keycode(dev, &ke); 900 } 901 902 /* 903 * If we transfer state to the user, we should flush all pending events 904 * of the same type from the client's queue. Otherwise, they might end up 905 * with duplicate events, which can screw up client's state tracking. 906 * If bits_to_user fails after flushing the queue, we queue a SYN_DROPPED 907 * event so user-space will notice missing events. 908 * 909 * LOCKING: 910 * We need to take event_lock before buffer_lock to avoid dead-locks. But we 911 * need the even_lock only to guarantee consistent state. We can safely release 912 * it while flushing the queue. This allows input-core to handle filters while 913 * we flush the queue. 914 */ 915 static int evdev_handle_get_val(struct evdev_client *client, 916 struct input_dev *dev, unsigned int type, 917 unsigned long *bits, unsigned int maxbit, 918 unsigned int maxlen, void __user *p, 919 int compat) 920 { 921 int ret; 922 unsigned long *mem; 923 size_t len; 924 925 len = BITS_TO_LONGS(maxbit) * sizeof(unsigned long); 926 mem = kmalloc(len, GFP_KERNEL); 927 if (!mem) 928 return -ENOMEM; 929 930 spin_lock_irq(&dev->event_lock); 931 spin_lock(&client->buffer_lock); 932 933 memcpy(mem, bits, len); 934 935 spin_unlock(&dev->event_lock); 936 937 __evdev_flush_queue(client, type); 938 939 spin_unlock_irq(&client->buffer_lock); 940 941 ret = bits_to_user(mem, maxbit, maxlen, p, compat); 942 if (ret < 0) 943 evdev_queue_syn_dropped(client); 944 945 kfree(mem); 946 947 return ret; 948 } 949 950 static int evdev_handle_mt_request(struct input_dev *dev, 951 unsigned int size, 952 int __user *ip) 953 { 954 const struct input_mt *mt = dev->mt; 955 unsigned int code; 956 int max_slots; 957 int i; 958 959 if (get_user(code, &ip[0])) 960 return -EFAULT; 961 if (!mt || !input_is_mt_value(code)) 962 return -EINVAL; 963 964 max_slots = (size - sizeof(__u32)) / sizeof(__s32); 965 for (i = 0; i < mt->num_slots && i < max_slots; i++) { 966 int value = input_mt_get_value(&mt->slots[i], code); 967 if (put_user(value, &ip[1 + i])) 968 return -EFAULT; 969 } 970 971 return 0; 972 } 973 974 static int evdev_revoke(struct evdev *evdev, struct evdev_client *client, 975 struct file *file) 976 { 977 client->revoked = true; 978 evdev_ungrab(evdev, client); 979 input_flush_device(&evdev->handle, file); 980 wake_up_interruptible(&evdev->wait); 981 982 return 0; 983 } 984 985 /* must be called with evdev-mutex held */ 986 static int evdev_set_mask(struct evdev_client *client, 987 unsigned int type, 988 const void __user *codes, 989 u32 codes_size, 990 int compat) 991 { 992 unsigned long flags, *mask, *oldmask; 993 size_t cnt; 994 int error; 995 996 /* we allow unknown types and 'codes_size > size' for forward-compat */ 997 cnt = evdev_get_mask_cnt(type); 998 if (!cnt) 999 return 0; 1000 1001 mask = kcalloc(sizeof(unsigned long), BITS_TO_LONGS(cnt), GFP_KERNEL); 1002 if (!mask) 1003 return -ENOMEM; 1004 1005 error = bits_from_user(mask, cnt - 1, codes_size, codes, compat); 1006 if (error < 0) { 1007 kfree(mask); 1008 return error; 1009 } 1010 1011 spin_lock_irqsave(&client->buffer_lock, flags); 1012 oldmask = client->evmasks[type]; 1013 client->evmasks[type] = mask; 1014 spin_unlock_irqrestore(&client->buffer_lock, flags); 1015 1016 kfree(oldmask); 1017 1018 return 0; 1019 } 1020 1021 /* must be called with evdev-mutex held */ 1022 static int evdev_get_mask(struct evdev_client *client, 1023 unsigned int type, 1024 void __user *codes, 1025 u32 codes_size, 1026 int compat) 1027 { 1028 unsigned long *mask; 1029 size_t cnt, size, xfer_size; 1030 int i; 1031 int error; 1032 1033 /* we allow unknown types and 'codes_size > size' for forward-compat */ 1034 cnt = evdev_get_mask_cnt(type); 1035 size = sizeof(unsigned long) * BITS_TO_LONGS(cnt); 1036 xfer_size = min_t(size_t, codes_size, size); 1037 1038 if (cnt > 0) { 1039 mask = client->evmasks[type]; 1040 if (mask) { 1041 error = bits_to_user(mask, cnt - 1, 1042 xfer_size, codes, compat); 1043 if (error < 0) 1044 return error; 1045 } else { 1046 /* fake mask with all bits set */ 1047 for (i = 0; i < xfer_size; i++) 1048 if (put_user(0xffU, (u8 __user *)codes + i)) 1049 return -EFAULT; 1050 } 1051 } 1052 1053 if (xfer_size < codes_size) 1054 if (clear_user(codes + xfer_size, codes_size - xfer_size)) 1055 return -EFAULT; 1056 1057 return 0; 1058 } 1059 1060 static long evdev_do_ioctl(struct file *file, unsigned int cmd, 1061 void __user *p, int compat_mode) 1062 { 1063 struct evdev_client *client = file->private_data; 1064 struct evdev *evdev = client->evdev; 1065 struct input_dev *dev = evdev->handle.dev; 1066 struct input_absinfo abs; 1067 struct input_mask mask; 1068 struct ff_effect effect; 1069 int __user *ip = (int __user *)p; 1070 unsigned int i, t, u, v; 1071 unsigned int size; 1072 int error; 1073 1074 /* First we check for fixed-length commands */ 1075 switch (cmd) { 1076 1077 case EVIOCGVERSION: 1078 return put_user(EV_VERSION, ip); 1079 1080 case EVIOCGID: 1081 if (copy_to_user(p, &dev->id, sizeof(struct input_id))) 1082 return -EFAULT; 1083 return 0; 1084 1085 case EVIOCGREP: 1086 if (!test_bit(EV_REP, dev->evbit)) 1087 return -ENOSYS; 1088 if (put_user(dev->rep[REP_DELAY], ip)) 1089 return -EFAULT; 1090 if (put_user(dev->rep[REP_PERIOD], ip + 1)) 1091 return -EFAULT; 1092 return 0; 1093 1094 case EVIOCSREP: 1095 if (!test_bit(EV_REP, dev->evbit)) 1096 return -ENOSYS; 1097 if (get_user(u, ip)) 1098 return -EFAULT; 1099 if (get_user(v, ip + 1)) 1100 return -EFAULT; 1101 1102 input_inject_event(&evdev->handle, EV_REP, REP_DELAY, u); 1103 input_inject_event(&evdev->handle, EV_REP, REP_PERIOD, v); 1104 1105 return 0; 1106 1107 case EVIOCRMFF: 1108 return input_ff_erase(dev, (int)(unsigned long) p, file); 1109 1110 case EVIOCGEFFECTS: 1111 i = test_bit(EV_FF, dev->evbit) ? 1112 dev->ff->max_effects : 0; 1113 if (put_user(i, ip)) 1114 return -EFAULT; 1115 return 0; 1116 1117 case EVIOCGRAB: 1118 if (p) 1119 return evdev_grab(evdev, client); 1120 else 1121 return evdev_ungrab(evdev, client); 1122 1123 case EVIOCREVOKE: 1124 if (p) 1125 return -EINVAL; 1126 else 1127 return evdev_revoke(evdev, client, file); 1128 1129 case EVIOCGMASK: { 1130 void __user *codes_ptr; 1131 1132 if (copy_from_user(&mask, p, sizeof(mask))) 1133 return -EFAULT; 1134 1135 codes_ptr = (void __user *)(unsigned long)mask.codes_ptr; 1136 return evdev_get_mask(client, 1137 mask.type, codes_ptr, mask.codes_size, 1138 compat_mode); 1139 } 1140 1141 case EVIOCSMASK: { 1142 const void __user *codes_ptr; 1143 1144 if (copy_from_user(&mask, p, sizeof(mask))) 1145 return -EFAULT; 1146 1147 codes_ptr = (const void __user *)(unsigned long)mask.codes_ptr; 1148 return evdev_set_mask(client, 1149 mask.type, codes_ptr, mask.codes_size, 1150 compat_mode); 1151 } 1152 1153 case EVIOCSCLOCKID: 1154 if (copy_from_user(&i, p, sizeof(unsigned int))) 1155 return -EFAULT; 1156 1157 return evdev_set_clk_type(client, i); 1158 1159 case EVIOCGKEYCODE: 1160 return evdev_handle_get_keycode(dev, p); 1161 1162 case EVIOCSKEYCODE: 1163 return evdev_handle_set_keycode(dev, p); 1164 1165 case EVIOCGKEYCODE_V2: 1166 return evdev_handle_get_keycode_v2(dev, p); 1167 1168 case EVIOCSKEYCODE_V2: 1169 return evdev_handle_set_keycode_v2(dev, p); 1170 } 1171 1172 size = _IOC_SIZE(cmd); 1173 1174 /* Now check variable-length commands */ 1175 #define EVIOC_MASK_SIZE(nr) ((nr) & ~(_IOC_SIZEMASK << _IOC_SIZESHIFT)) 1176 switch (EVIOC_MASK_SIZE(cmd)) { 1177 1178 case EVIOCGPROP(0): 1179 return bits_to_user(dev->propbit, INPUT_PROP_MAX, 1180 size, p, compat_mode); 1181 1182 case EVIOCGMTSLOTS(0): 1183 return evdev_handle_mt_request(dev, size, ip); 1184 1185 case EVIOCGKEY(0): 1186 return evdev_handle_get_val(client, dev, EV_KEY, dev->key, 1187 KEY_MAX, size, p, compat_mode); 1188 1189 case EVIOCGLED(0): 1190 return evdev_handle_get_val(client, dev, EV_LED, dev->led, 1191 LED_MAX, size, p, compat_mode); 1192 1193 case EVIOCGSND(0): 1194 return evdev_handle_get_val(client, dev, EV_SND, dev->snd, 1195 SND_MAX, size, p, compat_mode); 1196 1197 case EVIOCGSW(0): 1198 return evdev_handle_get_val(client, dev, EV_SW, dev->sw, 1199 SW_MAX, size, p, compat_mode); 1200 1201 case EVIOCGNAME(0): 1202 return str_to_user(dev->name, size, p); 1203 1204 case EVIOCGPHYS(0): 1205 return str_to_user(dev->phys, size, p); 1206 1207 case EVIOCGUNIQ(0): 1208 return str_to_user(dev->uniq, size, p); 1209 1210 case EVIOC_MASK_SIZE(EVIOCSFF): 1211 if (input_ff_effect_from_user(p, size, &effect)) 1212 return -EFAULT; 1213 1214 error = input_ff_upload(dev, &effect, file); 1215 if (error) 1216 return error; 1217 1218 if (put_user(effect.id, &(((struct ff_effect __user *)p)->id))) 1219 return -EFAULT; 1220 1221 return 0; 1222 } 1223 1224 /* Multi-number variable-length handlers */ 1225 if (_IOC_TYPE(cmd) != 'E') 1226 return -EINVAL; 1227 1228 if (_IOC_DIR(cmd) == _IOC_READ) { 1229 1230 if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0, 0))) 1231 return handle_eviocgbit(dev, 1232 _IOC_NR(cmd) & EV_MAX, size, 1233 p, compat_mode); 1234 1235 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) { 1236 1237 if (!dev->absinfo) 1238 return -EINVAL; 1239 1240 t = _IOC_NR(cmd) & ABS_MAX; 1241 abs = dev->absinfo[t]; 1242 1243 if (copy_to_user(p, &abs, min_t(size_t, 1244 size, sizeof(struct input_absinfo)))) 1245 return -EFAULT; 1246 1247 return 0; 1248 } 1249 } 1250 1251 if (_IOC_DIR(cmd) == _IOC_WRITE) { 1252 1253 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) { 1254 1255 if (!dev->absinfo) 1256 return -EINVAL; 1257 1258 t = _IOC_NR(cmd) & ABS_MAX; 1259 1260 if (copy_from_user(&abs, p, min_t(size_t, 1261 size, sizeof(struct input_absinfo)))) 1262 return -EFAULT; 1263 1264 if (size < sizeof(struct input_absinfo)) 1265 abs.resolution = 0; 1266 1267 /* We can't change number of reserved MT slots */ 1268 if (t == ABS_MT_SLOT) 1269 return -EINVAL; 1270 1271 /* 1272 * Take event lock to ensure that we are not 1273 * changing device parameters in the middle 1274 * of event. 1275 */ 1276 spin_lock_irq(&dev->event_lock); 1277 dev->absinfo[t] = abs; 1278 spin_unlock_irq(&dev->event_lock); 1279 1280 return 0; 1281 } 1282 } 1283 1284 return -EINVAL; 1285 } 1286 1287 static long evdev_ioctl_handler(struct file *file, unsigned int cmd, 1288 void __user *p, int compat_mode) 1289 { 1290 struct evdev_client *client = file->private_data; 1291 struct evdev *evdev = client->evdev; 1292 int retval; 1293 1294 retval = mutex_lock_interruptible(&evdev->mutex); 1295 if (retval) 1296 return retval; 1297 1298 if (!evdev->exist || client->revoked) { 1299 retval = -ENODEV; 1300 goto out; 1301 } 1302 1303 retval = evdev_do_ioctl(file, cmd, p, compat_mode); 1304 1305 out: 1306 mutex_unlock(&evdev->mutex); 1307 return retval; 1308 } 1309 1310 static long evdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1311 { 1312 return evdev_ioctl_handler(file, cmd, (void __user *)arg, 0); 1313 } 1314 1315 #ifdef CONFIG_COMPAT 1316 static long evdev_ioctl_compat(struct file *file, 1317 unsigned int cmd, unsigned long arg) 1318 { 1319 return evdev_ioctl_handler(file, cmd, compat_ptr(arg), 1); 1320 } 1321 #endif 1322 1323 static const struct file_operations evdev_fops = { 1324 .owner = THIS_MODULE, 1325 .read = evdev_read, 1326 .write = evdev_write, 1327 .poll = evdev_poll, 1328 .open = evdev_open, 1329 .release = evdev_release, 1330 .unlocked_ioctl = evdev_ioctl, 1331 #ifdef CONFIG_COMPAT 1332 .compat_ioctl = evdev_ioctl_compat, 1333 #endif 1334 .fasync = evdev_fasync, 1335 .flush = evdev_flush, 1336 .llseek = no_llseek, 1337 }; 1338 1339 /* 1340 * Mark device non-existent. This disables writes, ioctls and 1341 * prevents new users from opening the device. Already posted 1342 * blocking reads will stay, however new ones will fail. 1343 */ 1344 static void evdev_mark_dead(struct evdev *evdev) 1345 { 1346 mutex_lock(&evdev->mutex); 1347 evdev->exist = false; 1348 mutex_unlock(&evdev->mutex); 1349 } 1350 1351 static void evdev_cleanup(struct evdev *evdev) 1352 { 1353 struct input_handle *handle = &evdev->handle; 1354 1355 evdev_mark_dead(evdev); 1356 evdev_hangup(evdev); 1357 1358 /* evdev is marked dead so no one else accesses evdev->open */ 1359 if (evdev->open) { 1360 input_flush_device(handle, NULL); 1361 input_close_device(handle); 1362 } 1363 } 1364 1365 /* 1366 * Create new evdev device. Note that input core serializes calls 1367 * to connect and disconnect. 1368 */ 1369 static int evdev_connect(struct input_handler *handler, struct input_dev *dev, 1370 const struct input_device_id *id) 1371 { 1372 struct evdev *evdev; 1373 int minor; 1374 int dev_no; 1375 int error; 1376 1377 minor = input_get_new_minor(EVDEV_MINOR_BASE, EVDEV_MINORS, true); 1378 if (minor < 0) { 1379 error = minor; 1380 pr_err("failed to reserve new minor: %d\n", error); 1381 return error; 1382 } 1383 1384 evdev = kzalloc(sizeof(struct evdev), GFP_KERNEL); 1385 if (!evdev) { 1386 error = -ENOMEM; 1387 goto err_free_minor; 1388 } 1389 1390 INIT_LIST_HEAD(&evdev->client_list); 1391 spin_lock_init(&evdev->client_lock); 1392 mutex_init(&evdev->mutex); 1393 init_waitqueue_head(&evdev->wait); 1394 evdev->exist = true; 1395 1396 dev_no = minor; 1397 /* Normalize device number if it falls into legacy range */ 1398 if (dev_no < EVDEV_MINOR_BASE + EVDEV_MINORS) 1399 dev_no -= EVDEV_MINOR_BASE; 1400 dev_set_name(&evdev->dev, "event%d", dev_no); 1401 1402 evdev->handle.dev = input_get_device(dev); 1403 evdev->handle.name = dev_name(&evdev->dev); 1404 evdev->handle.handler = handler; 1405 evdev->handle.private = evdev; 1406 1407 evdev->dev.devt = MKDEV(INPUT_MAJOR, minor); 1408 evdev->dev.class = &input_class; 1409 evdev->dev.parent = &dev->dev; 1410 evdev->dev.release = evdev_free; 1411 device_initialize(&evdev->dev); 1412 1413 error = input_register_handle(&evdev->handle); 1414 if (error) 1415 goto err_free_evdev; 1416 1417 cdev_init(&evdev->cdev, &evdev_fops); 1418 1419 error = cdev_device_add(&evdev->cdev, &evdev->dev); 1420 if (error) 1421 goto err_cleanup_evdev; 1422 1423 return 0; 1424 1425 err_cleanup_evdev: 1426 evdev_cleanup(evdev); 1427 input_unregister_handle(&evdev->handle); 1428 err_free_evdev: 1429 put_device(&evdev->dev); 1430 err_free_minor: 1431 input_free_minor(minor); 1432 return error; 1433 } 1434 1435 static void evdev_disconnect(struct input_handle *handle) 1436 { 1437 struct evdev *evdev = handle->private; 1438 1439 cdev_device_del(&evdev->cdev, &evdev->dev); 1440 evdev_cleanup(evdev); 1441 input_free_minor(MINOR(evdev->dev.devt)); 1442 input_unregister_handle(handle); 1443 put_device(&evdev->dev); 1444 } 1445 1446 static const struct input_device_id evdev_ids[] = { 1447 { .driver_info = 1 }, /* Matches all devices */ 1448 { }, /* Terminating zero entry */ 1449 }; 1450 1451 MODULE_DEVICE_TABLE(input, evdev_ids); 1452 1453 static struct input_handler evdev_handler = { 1454 .event = evdev_event, 1455 .events = evdev_events, 1456 .connect = evdev_connect, 1457 .disconnect = evdev_disconnect, 1458 .legacy_minors = true, 1459 .minor = EVDEV_MINOR_BASE, 1460 .name = "evdev", 1461 .id_table = evdev_ids, 1462 }; 1463 1464 static int __init evdev_init(void) 1465 { 1466 return input_register_handler(&evdev_handler); 1467 } 1468 1469 static void __exit evdev_exit(void) 1470 { 1471 input_unregister_handler(&evdev_handler); 1472 } 1473 1474 module_init(evdev_init); 1475 module_exit(evdev_exit); 1476 1477 MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>"); 1478 MODULE_DESCRIPTION("Input driver event char devices"); 1479 MODULE_LICENSE("GPL"); 1480