1 /* 2 * Event char devices, giving access to raw input device events. 3 * 4 * Copyright (c) 1999-2002 Vojtech Pavlik 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published by 8 * the Free Software Foundation. 9 */ 10 11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 12 13 #define EVDEV_MINOR_BASE 64 14 #define EVDEV_MINORS 32 15 #define EVDEV_MIN_BUFFER_SIZE 64U 16 #define EVDEV_BUF_PACKETS 8 17 18 #include <linux/poll.h> 19 #include <linux/sched.h> 20 #include <linux/slab.h> 21 #include <linux/module.h> 22 #include <linux/init.h> 23 #include <linux/input/mt.h> 24 #include <linux/major.h> 25 #include <linux/device.h> 26 #include "input-compat.h" 27 28 struct evdev { 29 int open; 30 int minor; 31 struct input_handle handle; 32 wait_queue_head_t wait; 33 struct evdev_client __rcu *grab; 34 struct list_head client_list; 35 spinlock_t client_lock; /* protects client_list */ 36 struct mutex mutex; 37 struct device dev; 38 bool exist; 39 }; 40 41 struct evdev_client { 42 unsigned int head; 43 unsigned int tail; 44 unsigned int packet_head; /* [future] position of the first element of next packet */ 45 spinlock_t buffer_lock; /* protects access to buffer, head and tail */ 46 struct fasync_struct *fasync; 47 struct evdev *evdev; 48 struct list_head node; 49 int clkid; 50 unsigned int bufsize; 51 struct input_event buffer[]; 52 }; 53 54 static struct evdev *evdev_table[EVDEV_MINORS]; 55 static DEFINE_MUTEX(evdev_table_mutex); 56 57 static void evdev_pass_event(struct evdev_client *client, 58 struct input_event *event, 59 ktime_t mono, ktime_t real) 60 { 61 event->time = ktime_to_timeval(client->clkid == CLOCK_MONOTONIC ? 62 mono : real); 63 64 /* Interrupts are disabled, just acquire the lock. */ 65 spin_lock(&client->buffer_lock); 66 67 client->buffer[client->head++] = *event; 68 client->head &= client->bufsize - 1; 69 70 if (unlikely(client->head == client->tail)) { 71 /* 72 * This effectively "drops" all unconsumed events, leaving 73 * EV_SYN/SYN_DROPPED plus the newest event in the queue. 74 */ 75 client->tail = (client->head - 2) & (client->bufsize - 1); 76 77 client->buffer[client->tail].time = event->time; 78 client->buffer[client->tail].type = EV_SYN; 79 client->buffer[client->tail].code = SYN_DROPPED; 80 client->buffer[client->tail].value = 0; 81 82 client->packet_head = client->tail; 83 } 84 85 if (event->type == EV_SYN && event->code == SYN_REPORT) { 86 client->packet_head = client->head; 87 kill_fasync(&client->fasync, SIGIO, POLL_IN); 88 } 89 90 spin_unlock(&client->buffer_lock); 91 } 92 93 /* 94 * Pass incoming event to all connected clients. 95 */ 96 static void evdev_event(struct input_handle *handle, 97 unsigned int type, unsigned int code, int value) 98 { 99 struct evdev *evdev = handle->private; 100 struct evdev_client *client; 101 struct input_event event; 102 ktime_t time_mono, time_real; 103 104 time_mono = ktime_get(); 105 time_real = ktime_sub(time_mono, ktime_get_monotonic_offset()); 106 107 event.type = type; 108 event.code = code; 109 event.value = value; 110 111 rcu_read_lock(); 112 113 client = rcu_dereference(evdev->grab); 114 115 if (client) 116 evdev_pass_event(client, &event, time_mono, time_real); 117 else 118 list_for_each_entry_rcu(client, &evdev->client_list, node) 119 evdev_pass_event(client, &event, time_mono, time_real); 120 121 rcu_read_unlock(); 122 123 if (type == EV_SYN && code == SYN_REPORT) 124 wake_up_interruptible(&evdev->wait); 125 } 126 127 static int evdev_fasync(int fd, struct file *file, int on) 128 { 129 struct evdev_client *client = file->private_data; 130 131 return fasync_helper(fd, file, on, &client->fasync); 132 } 133 134 static int evdev_flush(struct file *file, fl_owner_t id) 135 { 136 struct evdev_client *client = file->private_data; 137 struct evdev *evdev = client->evdev; 138 int retval; 139 140 retval = mutex_lock_interruptible(&evdev->mutex); 141 if (retval) 142 return retval; 143 144 if (!evdev->exist) 145 retval = -ENODEV; 146 else 147 retval = input_flush_device(&evdev->handle, file); 148 149 mutex_unlock(&evdev->mutex); 150 return retval; 151 } 152 153 static void evdev_free(struct device *dev) 154 { 155 struct evdev *evdev = container_of(dev, struct evdev, dev); 156 157 input_put_device(evdev->handle.dev); 158 kfree(evdev); 159 } 160 161 /* 162 * Grabs an event device (along with underlying input device). 163 * This function is called with evdev->mutex taken. 164 */ 165 static int evdev_grab(struct evdev *evdev, struct evdev_client *client) 166 { 167 int error; 168 169 if (evdev->grab) 170 return -EBUSY; 171 172 error = input_grab_device(&evdev->handle); 173 if (error) 174 return error; 175 176 rcu_assign_pointer(evdev->grab, client); 177 178 return 0; 179 } 180 181 static int evdev_ungrab(struct evdev *evdev, struct evdev_client *client) 182 { 183 struct evdev_client *grab = rcu_dereference_protected(evdev->grab, 184 lockdep_is_held(&evdev->mutex)); 185 186 if (grab != client) 187 return -EINVAL; 188 189 rcu_assign_pointer(evdev->grab, NULL); 190 synchronize_rcu(); 191 input_release_device(&evdev->handle); 192 193 return 0; 194 } 195 196 static void evdev_attach_client(struct evdev *evdev, 197 struct evdev_client *client) 198 { 199 spin_lock(&evdev->client_lock); 200 list_add_tail_rcu(&client->node, &evdev->client_list); 201 spin_unlock(&evdev->client_lock); 202 } 203 204 static void evdev_detach_client(struct evdev *evdev, 205 struct evdev_client *client) 206 { 207 spin_lock(&evdev->client_lock); 208 list_del_rcu(&client->node); 209 spin_unlock(&evdev->client_lock); 210 synchronize_rcu(); 211 } 212 213 static int evdev_open_device(struct evdev *evdev) 214 { 215 int retval; 216 217 retval = mutex_lock_interruptible(&evdev->mutex); 218 if (retval) 219 return retval; 220 221 if (!evdev->exist) 222 retval = -ENODEV; 223 else if (!evdev->open++) { 224 retval = input_open_device(&evdev->handle); 225 if (retval) 226 evdev->open--; 227 } 228 229 mutex_unlock(&evdev->mutex); 230 return retval; 231 } 232 233 static void evdev_close_device(struct evdev *evdev) 234 { 235 mutex_lock(&evdev->mutex); 236 237 if (evdev->exist && !--evdev->open) 238 input_close_device(&evdev->handle); 239 240 mutex_unlock(&evdev->mutex); 241 } 242 243 /* 244 * Wake up users waiting for IO so they can disconnect from 245 * dead device. 246 */ 247 static void evdev_hangup(struct evdev *evdev) 248 { 249 struct evdev_client *client; 250 251 spin_lock(&evdev->client_lock); 252 list_for_each_entry(client, &evdev->client_list, node) 253 kill_fasync(&client->fasync, SIGIO, POLL_HUP); 254 spin_unlock(&evdev->client_lock); 255 256 wake_up_interruptible(&evdev->wait); 257 } 258 259 static int evdev_release(struct inode *inode, struct file *file) 260 { 261 struct evdev_client *client = file->private_data; 262 struct evdev *evdev = client->evdev; 263 264 mutex_lock(&evdev->mutex); 265 evdev_ungrab(evdev, client); 266 mutex_unlock(&evdev->mutex); 267 268 evdev_detach_client(evdev, client); 269 kfree(client); 270 271 evdev_close_device(evdev); 272 put_device(&evdev->dev); 273 274 return 0; 275 } 276 277 static unsigned int evdev_compute_buffer_size(struct input_dev *dev) 278 { 279 unsigned int n_events = 280 max(dev->hint_events_per_packet * EVDEV_BUF_PACKETS, 281 EVDEV_MIN_BUFFER_SIZE); 282 283 return roundup_pow_of_two(n_events); 284 } 285 286 static int evdev_open(struct inode *inode, struct file *file) 287 { 288 struct evdev *evdev; 289 struct evdev_client *client; 290 int i = iminor(inode) - EVDEV_MINOR_BASE; 291 unsigned int bufsize; 292 int error; 293 294 if (i >= EVDEV_MINORS) 295 return -ENODEV; 296 297 error = mutex_lock_interruptible(&evdev_table_mutex); 298 if (error) 299 return error; 300 evdev = evdev_table[i]; 301 if (evdev) 302 get_device(&evdev->dev); 303 mutex_unlock(&evdev_table_mutex); 304 305 if (!evdev) 306 return -ENODEV; 307 308 bufsize = evdev_compute_buffer_size(evdev->handle.dev); 309 310 client = kzalloc(sizeof(struct evdev_client) + 311 bufsize * sizeof(struct input_event), 312 GFP_KERNEL); 313 if (!client) { 314 error = -ENOMEM; 315 goto err_put_evdev; 316 } 317 318 client->bufsize = bufsize; 319 spin_lock_init(&client->buffer_lock); 320 client->evdev = evdev; 321 evdev_attach_client(evdev, client); 322 323 error = evdev_open_device(evdev); 324 if (error) 325 goto err_free_client; 326 327 file->private_data = client; 328 nonseekable_open(inode, file); 329 330 return 0; 331 332 err_free_client: 333 evdev_detach_client(evdev, client); 334 kfree(client); 335 err_put_evdev: 336 put_device(&evdev->dev); 337 return error; 338 } 339 340 static ssize_t evdev_write(struct file *file, const char __user *buffer, 341 size_t count, loff_t *ppos) 342 { 343 struct evdev_client *client = file->private_data; 344 struct evdev *evdev = client->evdev; 345 struct input_event event; 346 int retval = 0; 347 348 if (count != 0 && count < input_event_size()) 349 return -EINVAL; 350 351 retval = mutex_lock_interruptible(&evdev->mutex); 352 if (retval) 353 return retval; 354 355 if (!evdev->exist) { 356 retval = -ENODEV; 357 goto out; 358 } 359 360 while (retval + input_event_size() <= count) { 361 362 if (input_event_from_user(buffer + retval, &event)) { 363 retval = -EFAULT; 364 goto out; 365 } 366 retval += input_event_size(); 367 368 input_inject_event(&evdev->handle, 369 event.type, event.code, event.value); 370 } 371 372 out: 373 mutex_unlock(&evdev->mutex); 374 return retval; 375 } 376 377 static int evdev_fetch_next_event(struct evdev_client *client, 378 struct input_event *event) 379 { 380 int have_event; 381 382 spin_lock_irq(&client->buffer_lock); 383 384 have_event = client->packet_head != client->tail; 385 if (have_event) { 386 *event = client->buffer[client->tail++]; 387 client->tail &= client->bufsize - 1; 388 } 389 390 spin_unlock_irq(&client->buffer_lock); 391 392 return have_event; 393 } 394 395 static ssize_t evdev_read(struct file *file, char __user *buffer, 396 size_t count, loff_t *ppos) 397 { 398 struct evdev_client *client = file->private_data; 399 struct evdev *evdev = client->evdev; 400 struct input_event event; 401 size_t read = 0; 402 int error; 403 404 if (count != 0 && count < input_event_size()) 405 return -EINVAL; 406 407 for (;;) { 408 if (!evdev->exist) 409 return -ENODEV; 410 411 if (client->packet_head == client->tail && 412 (file->f_flags & O_NONBLOCK)) 413 return -EAGAIN; 414 415 /* 416 * count == 0 is special - no IO is done but we check 417 * for error conditions (see above). 418 */ 419 if (count == 0) 420 break; 421 422 while (read + input_event_size() <= count && 423 evdev_fetch_next_event(client, &event)) { 424 425 if (input_event_to_user(buffer + read, &event)) 426 return -EFAULT; 427 428 read += input_event_size(); 429 } 430 431 if (read) 432 break; 433 434 if (!(file->f_flags & O_NONBLOCK)) { 435 error = wait_event_interruptible(evdev->wait, 436 client->packet_head != client->tail || 437 !evdev->exist); 438 if (error) 439 return error; 440 } 441 } 442 443 return read; 444 } 445 446 /* No kernel lock - fine */ 447 static unsigned int evdev_poll(struct file *file, poll_table *wait) 448 { 449 struct evdev_client *client = file->private_data; 450 struct evdev *evdev = client->evdev; 451 unsigned int mask; 452 453 poll_wait(file, &evdev->wait, wait); 454 455 mask = evdev->exist ? POLLOUT | POLLWRNORM : POLLHUP | POLLERR; 456 if (client->packet_head != client->tail) 457 mask |= POLLIN | POLLRDNORM; 458 459 return mask; 460 } 461 462 #ifdef CONFIG_COMPAT 463 464 #define BITS_PER_LONG_COMPAT (sizeof(compat_long_t) * 8) 465 #define BITS_TO_LONGS_COMPAT(x) ((((x) - 1) / BITS_PER_LONG_COMPAT) + 1) 466 467 #ifdef __BIG_ENDIAN 468 static int bits_to_user(unsigned long *bits, unsigned int maxbit, 469 unsigned int maxlen, void __user *p, int compat) 470 { 471 int len, i; 472 473 if (compat) { 474 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t); 475 if (len > maxlen) 476 len = maxlen; 477 478 for (i = 0; i < len / sizeof(compat_long_t); i++) 479 if (copy_to_user((compat_long_t __user *) p + i, 480 (compat_long_t *) bits + 481 i + 1 - ((i % 2) << 1), 482 sizeof(compat_long_t))) 483 return -EFAULT; 484 } else { 485 len = BITS_TO_LONGS(maxbit) * sizeof(long); 486 if (len > maxlen) 487 len = maxlen; 488 489 if (copy_to_user(p, bits, len)) 490 return -EFAULT; 491 } 492 493 return len; 494 } 495 #else 496 static int bits_to_user(unsigned long *bits, unsigned int maxbit, 497 unsigned int maxlen, void __user *p, int compat) 498 { 499 int len = compat ? 500 BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t) : 501 BITS_TO_LONGS(maxbit) * sizeof(long); 502 503 if (len > maxlen) 504 len = maxlen; 505 506 return copy_to_user(p, bits, len) ? -EFAULT : len; 507 } 508 #endif /* __BIG_ENDIAN */ 509 510 #else 511 512 static int bits_to_user(unsigned long *bits, unsigned int maxbit, 513 unsigned int maxlen, void __user *p, int compat) 514 { 515 int len = BITS_TO_LONGS(maxbit) * sizeof(long); 516 517 if (len > maxlen) 518 len = maxlen; 519 520 return copy_to_user(p, bits, len) ? -EFAULT : len; 521 } 522 523 #endif /* CONFIG_COMPAT */ 524 525 static int str_to_user(const char *str, unsigned int maxlen, void __user *p) 526 { 527 int len; 528 529 if (!str) 530 return -ENOENT; 531 532 len = strlen(str) + 1; 533 if (len > maxlen) 534 len = maxlen; 535 536 return copy_to_user(p, str, len) ? -EFAULT : len; 537 } 538 539 #define OLD_KEY_MAX 0x1ff 540 static int handle_eviocgbit(struct input_dev *dev, 541 unsigned int type, unsigned int size, 542 void __user *p, int compat_mode) 543 { 544 static unsigned long keymax_warn_time; 545 unsigned long *bits; 546 int len; 547 548 switch (type) { 549 550 case 0: bits = dev->evbit; len = EV_MAX; break; 551 case EV_KEY: bits = dev->keybit; len = KEY_MAX; break; 552 case EV_REL: bits = dev->relbit; len = REL_MAX; break; 553 case EV_ABS: bits = dev->absbit; len = ABS_MAX; break; 554 case EV_MSC: bits = dev->mscbit; len = MSC_MAX; break; 555 case EV_LED: bits = dev->ledbit; len = LED_MAX; break; 556 case EV_SND: bits = dev->sndbit; len = SND_MAX; break; 557 case EV_FF: bits = dev->ffbit; len = FF_MAX; break; 558 case EV_SW: bits = dev->swbit; len = SW_MAX; break; 559 default: return -EINVAL; 560 } 561 562 /* 563 * Work around bugs in userspace programs that like to do 564 * EVIOCGBIT(EV_KEY, KEY_MAX) and not realize that 'len' 565 * should be in bytes, not in bits. 566 */ 567 if (type == EV_KEY && size == OLD_KEY_MAX) { 568 len = OLD_KEY_MAX; 569 if (printk_timed_ratelimit(&keymax_warn_time, 10 * 1000)) 570 pr_warning("(EVIOCGBIT): Suspicious buffer size %u, " 571 "limiting output to %zu bytes. See " 572 "http://userweb.kernel.org/~dtor/eviocgbit-bug.html\n", 573 OLD_KEY_MAX, 574 BITS_TO_LONGS(OLD_KEY_MAX) * sizeof(long)); 575 } 576 577 return bits_to_user(bits, len, size, p, compat_mode); 578 } 579 #undef OLD_KEY_MAX 580 581 static int evdev_handle_get_keycode(struct input_dev *dev, void __user *p) 582 { 583 struct input_keymap_entry ke = { 584 .len = sizeof(unsigned int), 585 .flags = 0, 586 }; 587 int __user *ip = (int __user *)p; 588 int error; 589 590 /* legacy case */ 591 if (copy_from_user(ke.scancode, p, sizeof(unsigned int))) 592 return -EFAULT; 593 594 error = input_get_keycode(dev, &ke); 595 if (error) 596 return error; 597 598 if (put_user(ke.keycode, ip + 1)) 599 return -EFAULT; 600 601 return 0; 602 } 603 604 static int evdev_handle_get_keycode_v2(struct input_dev *dev, void __user *p) 605 { 606 struct input_keymap_entry ke; 607 int error; 608 609 if (copy_from_user(&ke, p, sizeof(ke))) 610 return -EFAULT; 611 612 error = input_get_keycode(dev, &ke); 613 if (error) 614 return error; 615 616 if (copy_to_user(p, &ke, sizeof(ke))) 617 return -EFAULT; 618 619 return 0; 620 } 621 622 static int evdev_handle_set_keycode(struct input_dev *dev, void __user *p) 623 { 624 struct input_keymap_entry ke = { 625 .len = sizeof(unsigned int), 626 .flags = 0, 627 }; 628 int __user *ip = (int __user *)p; 629 630 if (copy_from_user(ke.scancode, p, sizeof(unsigned int))) 631 return -EFAULT; 632 633 if (get_user(ke.keycode, ip + 1)) 634 return -EFAULT; 635 636 return input_set_keycode(dev, &ke); 637 } 638 639 static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p) 640 { 641 struct input_keymap_entry ke; 642 643 if (copy_from_user(&ke, p, sizeof(ke))) 644 return -EFAULT; 645 646 if (ke.len > sizeof(ke.scancode)) 647 return -EINVAL; 648 649 return input_set_keycode(dev, &ke); 650 } 651 652 static int evdev_handle_mt_request(struct input_dev *dev, 653 unsigned int size, 654 int __user *ip) 655 { 656 const struct input_mt_slot *mt = dev->mt; 657 unsigned int code; 658 int max_slots; 659 int i; 660 661 if (get_user(code, &ip[0])) 662 return -EFAULT; 663 if (!input_is_mt_value(code)) 664 return -EINVAL; 665 666 max_slots = (size - sizeof(__u32)) / sizeof(__s32); 667 for (i = 0; i < dev->mtsize && i < max_slots; i++) 668 if (put_user(input_mt_get_value(&mt[i], code), &ip[1 + i])) 669 return -EFAULT; 670 671 return 0; 672 } 673 674 static long evdev_do_ioctl(struct file *file, unsigned int cmd, 675 void __user *p, int compat_mode) 676 { 677 struct evdev_client *client = file->private_data; 678 struct evdev *evdev = client->evdev; 679 struct input_dev *dev = evdev->handle.dev; 680 struct input_absinfo abs; 681 struct ff_effect effect; 682 int __user *ip = (int __user *)p; 683 unsigned int i, t, u, v; 684 unsigned int size; 685 int error; 686 687 /* First we check for fixed-length commands */ 688 switch (cmd) { 689 690 case EVIOCGVERSION: 691 return put_user(EV_VERSION, ip); 692 693 case EVIOCGID: 694 if (copy_to_user(p, &dev->id, sizeof(struct input_id))) 695 return -EFAULT; 696 return 0; 697 698 case EVIOCGREP: 699 if (!test_bit(EV_REP, dev->evbit)) 700 return -ENOSYS; 701 if (put_user(dev->rep[REP_DELAY], ip)) 702 return -EFAULT; 703 if (put_user(dev->rep[REP_PERIOD], ip + 1)) 704 return -EFAULT; 705 return 0; 706 707 case EVIOCSREP: 708 if (!test_bit(EV_REP, dev->evbit)) 709 return -ENOSYS; 710 if (get_user(u, ip)) 711 return -EFAULT; 712 if (get_user(v, ip + 1)) 713 return -EFAULT; 714 715 input_inject_event(&evdev->handle, EV_REP, REP_DELAY, u); 716 input_inject_event(&evdev->handle, EV_REP, REP_PERIOD, v); 717 718 return 0; 719 720 case EVIOCRMFF: 721 return input_ff_erase(dev, (int)(unsigned long) p, file); 722 723 case EVIOCGEFFECTS: 724 i = test_bit(EV_FF, dev->evbit) ? 725 dev->ff->max_effects : 0; 726 if (put_user(i, ip)) 727 return -EFAULT; 728 return 0; 729 730 case EVIOCGRAB: 731 if (p) 732 return evdev_grab(evdev, client); 733 else 734 return evdev_ungrab(evdev, client); 735 736 case EVIOCSCLOCKID: 737 if (copy_from_user(&i, p, sizeof(unsigned int))) 738 return -EFAULT; 739 if (i != CLOCK_MONOTONIC && i != CLOCK_REALTIME) 740 return -EINVAL; 741 client->clkid = i; 742 return 0; 743 744 case EVIOCGKEYCODE: 745 return evdev_handle_get_keycode(dev, p); 746 747 case EVIOCSKEYCODE: 748 return evdev_handle_set_keycode(dev, p); 749 750 case EVIOCGKEYCODE_V2: 751 return evdev_handle_get_keycode_v2(dev, p); 752 753 case EVIOCSKEYCODE_V2: 754 return evdev_handle_set_keycode_v2(dev, p); 755 } 756 757 size = _IOC_SIZE(cmd); 758 759 /* Now check variable-length commands */ 760 #define EVIOC_MASK_SIZE(nr) ((nr) & ~(_IOC_SIZEMASK << _IOC_SIZESHIFT)) 761 switch (EVIOC_MASK_SIZE(cmd)) { 762 763 case EVIOCGPROP(0): 764 return bits_to_user(dev->propbit, INPUT_PROP_MAX, 765 size, p, compat_mode); 766 767 case EVIOCGMTSLOTS(0): 768 return evdev_handle_mt_request(dev, size, ip); 769 770 case EVIOCGKEY(0): 771 return bits_to_user(dev->key, KEY_MAX, size, p, compat_mode); 772 773 case EVIOCGLED(0): 774 return bits_to_user(dev->led, LED_MAX, size, p, compat_mode); 775 776 case EVIOCGSND(0): 777 return bits_to_user(dev->snd, SND_MAX, size, p, compat_mode); 778 779 case EVIOCGSW(0): 780 return bits_to_user(dev->sw, SW_MAX, size, p, compat_mode); 781 782 case EVIOCGNAME(0): 783 return str_to_user(dev->name, size, p); 784 785 case EVIOCGPHYS(0): 786 return str_to_user(dev->phys, size, p); 787 788 case EVIOCGUNIQ(0): 789 return str_to_user(dev->uniq, size, p); 790 791 case EVIOC_MASK_SIZE(EVIOCSFF): 792 if (input_ff_effect_from_user(p, size, &effect)) 793 return -EFAULT; 794 795 error = input_ff_upload(dev, &effect, file); 796 797 if (put_user(effect.id, &(((struct ff_effect __user *)p)->id))) 798 return -EFAULT; 799 800 return error; 801 } 802 803 /* Multi-number variable-length handlers */ 804 if (_IOC_TYPE(cmd) != 'E') 805 return -EINVAL; 806 807 if (_IOC_DIR(cmd) == _IOC_READ) { 808 809 if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0, 0))) 810 return handle_eviocgbit(dev, 811 _IOC_NR(cmd) & EV_MAX, size, 812 p, compat_mode); 813 814 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) { 815 816 if (!dev->absinfo) 817 return -EINVAL; 818 819 t = _IOC_NR(cmd) & ABS_MAX; 820 abs = dev->absinfo[t]; 821 822 if (copy_to_user(p, &abs, min_t(size_t, 823 size, sizeof(struct input_absinfo)))) 824 return -EFAULT; 825 826 return 0; 827 } 828 } 829 830 if (_IOC_DIR(cmd) == _IOC_WRITE) { 831 832 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) { 833 834 if (!dev->absinfo) 835 return -EINVAL; 836 837 t = _IOC_NR(cmd) & ABS_MAX; 838 839 if (copy_from_user(&abs, p, min_t(size_t, 840 size, sizeof(struct input_absinfo)))) 841 return -EFAULT; 842 843 if (size < sizeof(struct input_absinfo)) 844 abs.resolution = 0; 845 846 /* We can't change number of reserved MT slots */ 847 if (t == ABS_MT_SLOT) 848 return -EINVAL; 849 850 /* 851 * Take event lock to ensure that we are not 852 * changing device parameters in the middle 853 * of event. 854 */ 855 spin_lock_irq(&dev->event_lock); 856 dev->absinfo[t] = abs; 857 spin_unlock_irq(&dev->event_lock); 858 859 return 0; 860 } 861 } 862 863 return -EINVAL; 864 } 865 866 static long evdev_ioctl_handler(struct file *file, unsigned int cmd, 867 void __user *p, int compat_mode) 868 { 869 struct evdev_client *client = file->private_data; 870 struct evdev *evdev = client->evdev; 871 int retval; 872 873 retval = mutex_lock_interruptible(&evdev->mutex); 874 if (retval) 875 return retval; 876 877 if (!evdev->exist) { 878 retval = -ENODEV; 879 goto out; 880 } 881 882 retval = evdev_do_ioctl(file, cmd, p, compat_mode); 883 884 out: 885 mutex_unlock(&evdev->mutex); 886 return retval; 887 } 888 889 static long evdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 890 { 891 return evdev_ioctl_handler(file, cmd, (void __user *)arg, 0); 892 } 893 894 #ifdef CONFIG_COMPAT 895 static long evdev_ioctl_compat(struct file *file, 896 unsigned int cmd, unsigned long arg) 897 { 898 return evdev_ioctl_handler(file, cmd, compat_ptr(arg), 1); 899 } 900 #endif 901 902 static const struct file_operations evdev_fops = { 903 .owner = THIS_MODULE, 904 .read = evdev_read, 905 .write = evdev_write, 906 .poll = evdev_poll, 907 .open = evdev_open, 908 .release = evdev_release, 909 .unlocked_ioctl = evdev_ioctl, 910 #ifdef CONFIG_COMPAT 911 .compat_ioctl = evdev_ioctl_compat, 912 #endif 913 .fasync = evdev_fasync, 914 .flush = evdev_flush, 915 .llseek = no_llseek, 916 }; 917 918 static int evdev_install_chrdev(struct evdev *evdev) 919 { 920 /* 921 * No need to do any locking here as calls to connect and 922 * disconnect are serialized by the input core 923 */ 924 evdev_table[evdev->minor] = evdev; 925 return 0; 926 } 927 928 static void evdev_remove_chrdev(struct evdev *evdev) 929 { 930 /* 931 * Lock evdev table to prevent race with evdev_open() 932 */ 933 mutex_lock(&evdev_table_mutex); 934 evdev_table[evdev->minor] = NULL; 935 mutex_unlock(&evdev_table_mutex); 936 } 937 938 /* 939 * Mark device non-existent. This disables writes, ioctls and 940 * prevents new users from opening the device. Already posted 941 * blocking reads will stay, however new ones will fail. 942 */ 943 static void evdev_mark_dead(struct evdev *evdev) 944 { 945 mutex_lock(&evdev->mutex); 946 evdev->exist = false; 947 mutex_unlock(&evdev->mutex); 948 } 949 950 static void evdev_cleanup(struct evdev *evdev) 951 { 952 struct input_handle *handle = &evdev->handle; 953 954 evdev_mark_dead(evdev); 955 evdev_hangup(evdev); 956 evdev_remove_chrdev(evdev); 957 958 /* evdev is marked dead so no one else accesses evdev->open */ 959 if (evdev->open) { 960 input_flush_device(handle, NULL); 961 input_close_device(handle); 962 } 963 } 964 965 /* 966 * Create new evdev device. Note that input core serializes calls 967 * to connect and disconnect so we don't need to lock evdev_table here. 968 */ 969 static int evdev_connect(struct input_handler *handler, struct input_dev *dev, 970 const struct input_device_id *id) 971 { 972 struct evdev *evdev; 973 int minor; 974 int error; 975 976 for (minor = 0; minor < EVDEV_MINORS; minor++) 977 if (!evdev_table[minor]) 978 break; 979 980 if (minor == EVDEV_MINORS) { 981 pr_err("no more free evdev devices\n"); 982 return -ENFILE; 983 } 984 985 evdev = kzalloc(sizeof(struct evdev), GFP_KERNEL); 986 if (!evdev) 987 return -ENOMEM; 988 989 INIT_LIST_HEAD(&evdev->client_list); 990 spin_lock_init(&evdev->client_lock); 991 mutex_init(&evdev->mutex); 992 init_waitqueue_head(&evdev->wait); 993 994 dev_set_name(&evdev->dev, "event%d", minor); 995 evdev->exist = true; 996 evdev->minor = minor; 997 998 evdev->handle.dev = input_get_device(dev); 999 evdev->handle.name = dev_name(&evdev->dev); 1000 evdev->handle.handler = handler; 1001 evdev->handle.private = evdev; 1002 1003 evdev->dev.devt = MKDEV(INPUT_MAJOR, EVDEV_MINOR_BASE + minor); 1004 evdev->dev.class = &input_class; 1005 evdev->dev.parent = &dev->dev; 1006 evdev->dev.release = evdev_free; 1007 device_initialize(&evdev->dev); 1008 1009 error = input_register_handle(&evdev->handle); 1010 if (error) 1011 goto err_free_evdev; 1012 1013 error = evdev_install_chrdev(evdev); 1014 if (error) 1015 goto err_unregister_handle; 1016 1017 error = device_add(&evdev->dev); 1018 if (error) 1019 goto err_cleanup_evdev; 1020 1021 return 0; 1022 1023 err_cleanup_evdev: 1024 evdev_cleanup(evdev); 1025 err_unregister_handle: 1026 input_unregister_handle(&evdev->handle); 1027 err_free_evdev: 1028 put_device(&evdev->dev); 1029 return error; 1030 } 1031 1032 static void evdev_disconnect(struct input_handle *handle) 1033 { 1034 struct evdev *evdev = handle->private; 1035 1036 device_del(&evdev->dev); 1037 evdev_cleanup(evdev); 1038 input_unregister_handle(handle); 1039 put_device(&evdev->dev); 1040 } 1041 1042 static const struct input_device_id evdev_ids[] = { 1043 { .driver_info = 1 }, /* Matches all devices */ 1044 { }, /* Terminating zero entry */ 1045 }; 1046 1047 MODULE_DEVICE_TABLE(input, evdev_ids); 1048 1049 static struct input_handler evdev_handler = { 1050 .event = evdev_event, 1051 .connect = evdev_connect, 1052 .disconnect = evdev_disconnect, 1053 .fops = &evdev_fops, 1054 .minor = EVDEV_MINOR_BASE, 1055 .name = "evdev", 1056 .id_table = evdev_ids, 1057 }; 1058 1059 static int __init evdev_init(void) 1060 { 1061 return input_register_handler(&evdev_handler); 1062 } 1063 1064 static void __exit evdev_exit(void) 1065 { 1066 input_unregister_handler(&evdev_handler); 1067 } 1068 1069 module_init(evdev_init); 1070 module_exit(evdev_exit); 1071 1072 MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>"); 1073 MODULE_DESCRIPTION("Input driver event char devices"); 1074 MODULE_LICENSE("GPL"); 1075