1 /* 2 * User level driver support for input subsystem 3 * 4 * Heavily based on evdev.c by Vojtech Pavlik 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or 9 * (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 * 20 * Author: Aristeu Sergio Rozanski Filho <aris@cathedrallabs.org> 21 * 22 * Changes/Revisions: 23 * 0.4 01/09/2014 (Benjamin Tissoires <benjamin.tissoires@redhat.com>) 24 * - add UI_GET_SYSNAME ioctl 25 * 0.3 09/04/2006 (Anssi Hannula <anssi.hannula@gmail.com>) 26 * - updated ff support for the changes in kernel interface 27 * - added MODULE_VERSION 28 * 0.2 16/10/2004 (Micah Dowty <micah@navi.cx>) 29 * - added force feedback support 30 * - added UI_SET_PHYS 31 * 0.1 20/06/2002 32 * - first public version 33 */ 34 #include <linux/poll.h> 35 #include <linux/sched.h> 36 #include <linux/slab.h> 37 #include <linux/module.h> 38 #include <linux/init.h> 39 #include <linux/fs.h> 40 #include <linux/miscdevice.h> 41 #include <linux/uinput.h> 42 #include <linux/input/mt.h> 43 #include "../input-compat.h" 44 45 static int uinput_dev_event(struct input_dev *dev, 46 unsigned int type, unsigned int code, int value) 47 { 48 struct uinput_device *udev = input_get_drvdata(dev); 49 50 udev->buff[udev->head].type = type; 51 udev->buff[udev->head].code = code; 52 udev->buff[udev->head].value = value; 53 do_gettimeofday(&udev->buff[udev->head].time); 54 udev->head = (udev->head + 1) % UINPUT_BUFFER_SIZE; 55 56 wake_up_interruptible(&udev->waitq); 57 58 return 0; 59 } 60 61 /* Atomically allocate an ID for the given request. Returns 0 on success. */ 62 static bool uinput_request_alloc_id(struct uinput_device *udev, 63 struct uinput_request *request) 64 { 65 unsigned int id; 66 bool reserved = false; 67 68 spin_lock(&udev->requests_lock); 69 70 for (id = 0; id < UINPUT_NUM_REQUESTS; id++) { 71 if (!udev->requests[id]) { 72 request->id = id; 73 udev->requests[id] = request; 74 reserved = true; 75 break; 76 } 77 } 78 79 spin_unlock(&udev->requests_lock); 80 return reserved; 81 } 82 83 static struct uinput_request *uinput_request_find(struct uinput_device *udev, 84 unsigned int id) 85 { 86 /* Find an input request, by ID. Returns NULL if the ID isn't valid. */ 87 if (id >= UINPUT_NUM_REQUESTS) 88 return NULL; 89 90 return udev->requests[id]; 91 } 92 93 static int uinput_request_reserve_slot(struct uinput_device *udev, 94 struct uinput_request *request) 95 { 96 /* Allocate slot. If none are available right away, wait. */ 97 return wait_event_interruptible(udev->requests_waitq, 98 uinput_request_alloc_id(udev, request)); 99 } 100 101 static void uinput_request_release_slot(struct uinput_device *udev, 102 unsigned int id) 103 { 104 /* Mark slot as available */ 105 spin_lock(&udev->requests_lock); 106 udev->requests[id] = NULL; 107 spin_unlock(&udev->requests_lock); 108 109 wake_up(&udev->requests_waitq); 110 } 111 112 static int uinput_request_send(struct uinput_device *udev, 113 struct uinput_request *request) 114 { 115 int retval; 116 117 retval = mutex_lock_interruptible(&udev->mutex); 118 if (retval) 119 return retval; 120 121 if (udev->state != UIST_CREATED) { 122 retval = -ENODEV; 123 goto out; 124 } 125 126 init_completion(&request->done); 127 128 /* 129 * Tell our userspace application about this new request 130 * by queueing an input event. 131 */ 132 uinput_dev_event(udev->dev, EV_UINPUT, request->code, request->id); 133 134 out: 135 mutex_unlock(&udev->mutex); 136 return retval; 137 } 138 139 static int uinput_request_submit(struct uinput_device *udev, 140 struct uinput_request *request) 141 { 142 int retval; 143 144 retval = uinput_request_reserve_slot(udev, request); 145 if (retval) 146 return retval; 147 148 retval = uinput_request_send(udev, request); 149 if (retval) 150 goto out; 151 152 wait_for_completion(&request->done); 153 retval = request->retval; 154 155 out: 156 uinput_request_release_slot(udev, request->id); 157 return retval; 158 } 159 160 /* 161 * Fail all outstanding requests so handlers don't wait for the userspace 162 * to finish processing them. 163 */ 164 static void uinput_flush_requests(struct uinput_device *udev) 165 { 166 struct uinput_request *request; 167 int i; 168 169 spin_lock(&udev->requests_lock); 170 171 for (i = 0; i < UINPUT_NUM_REQUESTS; i++) { 172 request = udev->requests[i]; 173 if (request) { 174 request->retval = -ENODEV; 175 complete(&request->done); 176 } 177 } 178 179 spin_unlock(&udev->requests_lock); 180 } 181 182 static void uinput_dev_set_gain(struct input_dev *dev, u16 gain) 183 { 184 uinput_dev_event(dev, EV_FF, FF_GAIN, gain); 185 } 186 187 static void uinput_dev_set_autocenter(struct input_dev *dev, u16 magnitude) 188 { 189 uinput_dev_event(dev, EV_FF, FF_AUTOCENTER, magnitude); 190 } 191 192 static int uinput_dev_playback(struct input_dev *dev, int effect_id, int value) 193 { 194 return uinput_dev_event(dev, EV_FF, effect_id, value); 195 } 196 197 static int uinput_dev_upload_effect(struct input_dev *dev, 198 struct ff_effect *effect, 199 struct ff_effect *old) 200 { 201 struct uinput_device *udev = input_get_drvdata(dev); 202 struct uinput_request request; 203 204 /* 205 * uinput driver does not currently support periodic effects with 206 * custom waveform since it does not have a way to pass buffer of 207 * samples (custom_data) to userspace. If ever there is a device 208 * supporting custom waveforms we would need to define an additional 209 * ioctl (UI_UPLOAD_SAMPLES) but for now we just bail out. 210 */ 211 if (effect->type == FF_PERIODIC && 212 effect->u.periodic.waveform == FF_CUSTOM) 213 return -EINVAL; 214 215 request.code = UI_FF_UPLOAD; 216 request.u.upload.effect = effect; 217 request.u.upload.old = old; 218 219 return uinput_request_submit(udev, &request); 220 } 221 222 static int uinput_dev_erase_effect(struct input_dev *dev, int effect_id) 223 { 224 struct uinput_device *udev = input_get_drvdata(dev); 225 struct uinput_request request; 226 227 if (!test_bit(EV_FF, dev->evbit)) 228 return -ENOSYS; 229 230 request.code = UI_FF_ERASE; 231 request.u.effect_id = effect_id; 232 233 return uinput_request_submit(udev, &request); 234 } 235 236 static int uinput_dev_flush(struct input_dev *dev, struct file *file) 237 { 238 /* 239 * If we are called with file == NULL that means we are tearing 240 * down the device, and therefore we can not handle FF erase 241 * requests: either we are handling UI_DEV_DESTROY (and holding 242 * the udev->mutex), or the file descriptor is closed and there is 243 * nobody on the other side anymore. 244 */ 245 return file ? input_ff_flush(dev, file) : 0; 246 } 247 248 static void uinput_destroy_device(struct uinput_device *udev) 249 { 250 const char *name, *phys; 251 struct input_dev *dev = udev->dev; 252 enum uinput_state old_state = udev->state; 253 254 udev->state = UIST_NEW_DEVICE; 255 256 if (dev) { 257 name = dev->name; 258 phys = dev->phys; 259 if (old_state == UIST_CREATED) { 260 uinput_flush_requests(udev); 261 input_unregister_device(dev); 262 } else { 263 input_free_device(dev); 264 } 265 kfree(name); 266 kfree(phys); 267 udev->dev = NULL; 268 } 269 } 270 271 static int uinput_create_device(struct uinput_device *udev) 272 { 273 struct input_dev *dev = udev->dev; 274 int error, nslot; 275 276 if (udev->state != UIST_SETUP_COMPLETE) { 277 printk(KERN_DEBUG "%s: write device info first\n", UINPUT_NAME); 278 return -EINVAL; 279 } 280 281 if (test_bit(EV_ABS, dev->evbit)) { 282 input_alloc_absinfo(dev); 283 if (!dev->absinfo) { 284 error = -EINVAL; 285 goto fail1; 286 } 287 288 if (test_bit(ABS_MT_SLOT, dev->absbit)) { 289 nslot = input_abs_get_max(dev, ABS_MT_SLOT) + 1; 290 error = input_mt_init_slots(dev, nslot, 0); 291 if (error) 292 goto fail1; 293 } else if (test_bit(ABS_MT_POSITION_X, dev->absbit)) { 294 input_set_events_per_packet(dev, 60); 295 } 296 } 297 298 if (test_bit(EV_FF, dev->evbit) && !udev->ff_effects_max) { 299 printk(KERN_DEBUG "%s: ff_effects_max should be non-zero when FF_BIT is set\n", 300 UINPUT_NAME); 301 error = -EINVAL; 302 goto fail1; 303 } 304 305 if (udev->ff_effects_max) { 306 error = input_ff_create(dev, udev->ff_effects_max); 307 if (error) 308 goto fail1; 309 310 dev->ff->upload = uinput_dev_upload_effect; 311 dev->ff->erase = uinput_dev_erase_effect; 312 dev->ff->playback = uinput_dev_playback; 313 dev->ff->set_gain = uinput_dev_set_gain; 314 dev->ff->set_autocenter = uinput_dev_set_autocenter; 315 /* 316 * The standard input_ff_flush() implementation does 317 * not quite work for uinput as we can't reasonably 318 * handle FF requests during device teardown. 319 */ 320 dev->flush = uinput_dev_flush; 321 } 322 323 error = input_register_device(udev->dev); 324 if (error) 325 goto fail2; 326 327 udev->state = UIST_CREATED; 328 329 return 0; 330 331 fail2: input_ff_destroy(dev); 332 fail1: uinput_destroy_device(udev); 333 return error; 334 } 335 336 static int uinput_open(struct inode *inode, struct file *file) 337 { 338 struct uinput_device *newdev; 339 340 newdev = kzalloc(sizeof(struct uinput_device), GFP_KERNEL); 341 if (!newdev) 342 return -ENOMEM; 343 344 mutex_init(&newdev->mutex); 345 spin_lock_init(&newdev->requests_lock); 346 init_waitqueue_head(&newdev->requests_waitq); 347 init_waitqueue_head(&newdev->waitq); 348 newdev->state = UIST_NEW_DEVICE; 349 350 file->private_data = newdev; 351 nonseekable_open(inode, file); 352 353 return 0; 354 } 355 356 static int uinput_validate_absinfo(struct input_dev *dev, unsigned int code, 357 const struct input_absinfo *abs) 358 { 359 int min, max; 360 361 min = abs->minimum; 362 max = abs->maximum; 363 364 if ((min != 0 || max != 0) && max <= min) { 365 printk(KERN_DEBUG 366 "%s: invalid abs[%02x] min:%d max:%d\n", 367 UINPUT_NAME, code, min, max); 368 return -EINVAL; 369 } 370 371 if (abs->flat > max - min) { 372 printk(KERN_DEBUG 373 "%s: abs_flat #%02x out of range: %d (min:%d/max:%d)\n", 374 UINPUT_NAME, code, abs->flat, min, max); 375 return -EINVAL; 376 } 377 378 return 0; 379 } 380 381 static int uinput_validate_absbits(struct input_dev *dev) 382 { 383 unsigned int cnt; 384 int error; 385 386 if (!test_bit(EV_ABS, dev->evbit)) 387 return 0; 388 389 /* 390 * Check if absmin/absmax/absfuzz/absflat are sane. 391 */ 392 393 for_each_set_bit(cnt, dev->absbit, ABS_CNT) { 394 if (!dev->absinfo) 395 return -EINVAL; 396 397 error = uinput_validate_absinfo(dev, cnt, &dev->absinfo[cnt]); 398 if (error) 399 return error; 400 } 401 402 return 0; 403 } 404 405 static int uinput_allocate_device(struct uinput_device *udev) 406 { 407 udev->dev = input_allocate_device(); 408 if (!udev->dev) 409 return -ENOMEM; 410 411 udev->dev->event = uinput_dev_event; 412 input_set_drvdata(udev->dev, udev); 413 414 return 0; 415 } 416 417 static int uinput_dev_setup(struct uinput_device *udev, 418 struct uinput_setup __user *arg) 419 { 420 struct uinput_setup setup; 421 struct input_dev *dev; 422 423 if (udev->state == UIST_CREATED) 424 return -EINVAL; 425 426 if (copy_from_user(&setup, arg, sizeof(setup))) 427 return -EFAULT; 428 429 if (!setup.name[0]) 430 return -EINVAL; 431 432 dev = udev->dev; 433 dev->id = setup.id; 434 udev->ff_effects_max = setup.ff_effects_max; 435 436 kfree(dev->name); 437 dev->name = kstrndup(setup.name, UINPUT_MAX_NAME_SIZE, GFP_KERNEL); 438 if (!dev->name) 439 return -ENOMEM; 440 441 udev->state = UIST_SETUP_COMPLETE; 442 return 0; 443 } 444 445 static int uinput_abs_setup(struct uinput_device *udev, 446 struct uinput_setup __user *arg, size_t size) 447 { 448 struct uinput_abs_setup setup = {}; 449 struct input_dev *dev; 450 int error; 451 452 if (size > sizeof(setup)) 453 return -E2BIG; 454 455 if (udev->state == UIST_CREATED) 456 return -EINVAL; 457 458 if (copy_from_user(&setup, arg, size)) 459 return -EFAULT; 460 461 if (setup.code > ABS_MAX) 462 return -ERANGE; 463 464 dev = udev->dev; 465 466 error = uinput_validate_absinfo(dev, setup.code, &setup.absinfo); 467 if (error) 468 return error; 469 470 input_alloc_absinfo(dev); 471 if (!dev->absinfo) 472 return -ENOMEM; 473 474 set_bit(setup.code, dev->absbit); 475 dev->absinfo[setup.code] = setup.absinfo; 476 return 0; 477 } 478 479 /* legacy setup via write() */ 480 static int uinput_setup_device_legacy(struct uinput_device *udev, 481 const char __user *buffer, size_t count) 482 { 483 struct uinput_user_dev *user_dev; 484 struct input_dev *dev; 485 int i; 486 int retval; 487 488 if (count != sizeof(struct uinput_user_dev)) 489 return -EINVAL; 490 491 if (!udev->dev) { 492 retval = uinput_allocate_device(udev); 493 if (retval) 494 return retval; 495 } 496 497 dev = udev->dev; 498 499 user_dev = memdup_user(buffer, sizeof(struct uinput_user_dev)); 500 if (IS_ERR(user_dev)) 501 return PTR_ERR(user_dev); 502 503 udev->ff_effects_max = user_dev->ff_effects_max; 504 505 /* Ensure name is filled in */ 506 if (!user_dev->name[0]) { 507 retval = -EINVAL; 508 goto exit; 509 } 510 511 kfree(dev->name); 512 dev->name = kstrndup(user_dev->name, UINPUT_MAX_NAME_SIZE, 513 GFP_KERNEL); 514 if (!dev->name) { 515 retval = -ENOMEM; 516 goto exit; 517 } 518 519 dev->id.bustype = user_dev->id.bustype; 520 dev->id.vendor = user_dev->id.vendor; 521 dev->id.product = user_dev->id.product; 522 dev->id.version = user_dev->id.version; 523 524 for (i = 0; i < ABS_CNT; i++) { 525 input_abs_set_max(dev, i, user_dev->absmax[i]); 526 input_abs_set_min(dev, i, user_dev->absmin[i]); 527 input_abs_set_fuzz(dev, i, user_dev->absfuzz[i]); 528 input_abs_set_flat(dev, i, user_dev->absflat[i]); 529 } 530 531 retval = uinput_validate_absbits(dev); 532 if (retval < 0) 533 goto exit; 534 535 udev->state = UIST_SETUP_COMPLETE; 536 retval = count; 537 538 exit: 539 kfree(user_dev); 540 return retval; 541 } 542 543 static ssize_t uinput_inject_events(struct uinput_device *udev, 544 const char __user *buffer, size_t count) 545 { 546 struct input_event ev; 547 size_t bytes = 0; 548 549 if (count != 0 && count < input_event_size()) 550 return -EINVAL; 551 552 while (bytes + input_event_size() <= count) { 553 /* 554 * Note that even if some events were fetched successfully 555 * we are still going to return EFAULT instead of partial 556 * count to let userspace know that it got it's buffers 557 * all wrong. 558 */ 559 if (input_event_from_user(buffer + bytes, &ev)) 560 return -EFAULT; 561 562 input_event(udev->dev, ev.type, ev.code, ev.value); 563 bytes += input_event_size(); 564 } 565 566 return bytes; 567 } 568 569 static ssize_t uinput_write(struct file *file, const char __user *buffer, 570 size_t count, loff_t *ppos) 571 { 572 struct uinput_device *udev = file->private_data; 573 int retval; 574 575 if (count == 0) 576 return 0; 577 578 retval = mutex_lock_interruptible(&udev->mutex); 579 if (retval) 580 return retval; 581 582 retval = udev->state == UIST_CREATED ? 583 uinput_inject_events(udev, buffer, count) : 584 uinput_setup_device_legacy(udev, buffer, count); 585 586 mutex_unlock(&udev->mutex); 587 588 return retval; 589 } 590 591 static bool uinput_fetch_next_event(struct uinput_device *udev, 592 struct input_event *event) 593 { 594 bool have_event; 595 596 spin_lock_irq(&udev->dev->event_lock); 597 598 have_event = udev->head != udev->tail; 599 if (have_event) { 600 *event = udev->buff[udev->tail]; 601 udev->tail = (udev->tail + 1) % UINPUT_BUFFER_SIZE; 602 } 603 604 spin_unlock_irq(&udev->dev->event_lock); 605 606 return have_event; 607 } 608 609 static ssize_t uinput_events_to_user(struct uinput_device *udev, 610 char __user *buffer, size_t count) 611 { 612 struct input_event event; 613 size_t read = 0; 614 615 while (read + input_event_size() <= count && 616 uinput_fetch_next_event(udev, &event)) { 617 618 if (input_event_to_user(buffer + read, &event)) 619 return -EFAULT; 620 621 read += input_event_size(); 622 } 623 624 return read; 625 } 626 627 static ssize_t uinput_read(struct file *file, char __user *buffer, 628 size_t count, loff_t *ppos) 629 { 630 struct uinput_device *udev = file->private_data; 631 ssize_t retval; 632 633 if (count != 0 && count < input_event_size()) 634 return -EINVAL; 635 636 do { 637 retval = mutex_lock_interruptible(&udev->mutex); 638 if (retval) 639 return retval; 640 641 if (udev->state != UIST_CREATED) 642 retval = -ENODEV; 643 else if (udev->head == udev->tail && 644 (file->f_flags & O_NONBLOCK)) 645 retval = -EAGAIN; 646 else 647 retval = uinput_events_to_user(udev, buffer, count); 648 649 mutex_unlock(&udev->mutex); 650 651 if (retval || count == 0) 652 break; 653 654 if (!(file->f_flags & O_NONBLOCK)) 655 retval = wait_event_interruptible(udev->waitq, 656 udev->head != udev->tail || 657 udev->state != UIST_CREATED); 658 } while (retval == 0); 659 660 return retval; 661 } 662 663 static unsigned int uinput_poll(struct file *file, poll_table *wait) 664 { 665 struct uinput_device *udev = file->private_data; 666 667 poll_wait(file, &udev->waitq, wait); 668 669 if (udev->head != udev->tail) 670 return POLLIN | POLLRDNORM; 671 672 return 0; 673 } 674 675 static int uinput_release(struct inode *inode, struct file *file) 676 { 677 struct uinput_device *udev = file->private_data; 678 679 uinput_destroy_device(udev); 680 kfree(udev); 681 682 return 0; 683 } 684 685 #ifdef CONFIG_COMPAT 686 struct uinput_ff_upload_compat { 687 __u32 request_id; 688 __s32 retval; 689 struct ff_effect_compat effect; 690 struct ff_effect_compat old; 691 }; 692 693 static int uinput_ff_upload_to_user(char __user *buffer, 694 const struct uinput_ff_upload *ff_up) 695 { 696 if (in_compat_syscall()) { 697 struct uinput_ff_upload_compat ff_up_compat; 698 699 ff_up_compat.request_id = ff_up->request_id; 700 ff_up_compat.retval = ff_up->retval; 701 /* 702 * It so happens that the pointer that gives us the trouble 703 * is the last field in the structure. Since we don't support 704 * custom waveforms in uinput anyway we can just copy the whole 705 * thing (to the compat size) and ignore the pointer. 706 */ 707 memcpy(&ff_up_compat.effect, &ff_up->effect, 708 sizeof(struct ff_effect_compat)); 709 memcpy(&ff_up_compat.old, &ff_up->old, 710 sizeof(struct ff_effect_compat)); 711 712 if (copy_to_user(buffer, &ff_up_compat, 713 sizeof(struct uinput_ff_upload_compat))) 714 return -EFAULT; 715 } else { 716 if (copy_to_user(buffer, ff_up, 717 sizeof(struct uinput_ff_upload))) 718 return -EFAULT; 719 } 720 721 return 0; 722 } 723 724 static int uinput_ff_upload_from_user(const char __user *buffer, 725 struct uinput_ff_upload *ff_up) 726 { 727 if (in_compat_syscall()) { 728 struct uinput_ff_upload_compat ff_up_compat; 729 730 if (copy_from_user(&ff_up_compat, buffer, 731 sizeof(struct uinput_ff_upload_compat))) 732 return -EFAULT; 733 734 ff_up->request_id = ff_up_compat.request_id; 735 ff_up->retval = ff_up_compat.retval; 736 memcpy(&ff_up->effect, &ff_up_compat.effect, 737 sizeof(struct ff_effect_compat)); 738 memcpy(&ff_up->old, &ff_up_compat.old, 739 sizeof(struct ff_effect_compat)); 740 741 } else { 742 if (copy_from_user(ff_up, buffer, 743 sizeof(struct uinput_ff_upload))) 744 return -EFAULT; 745 } 746 747 return 0; 748 } 749 750 #else 751 752 static int uinput_ff_upload_to_user(char __user *buffer, 753 const struct uinput_ff_upload *ff_up) 754 { 755 if (copy_to_user(buffer, ff_up, sizeof(struct uinput_ff_upload))) 756 return -EFAULT; 757 758 return 0; 759 } 760 761 static int uinput_ff_upload_from_user(const char __user *buffer, 762 struct uinput_ff_upload *ff_up) 763 { 764 if (copy_from_user(ff_up, buffer, sizeof(struct uinput_ff_upload))) 765 return -EFAULT; 766 767 return 0; 768 } 769 770 #endif 771 772 #define uinput_set_bit(_arg, _bit, _max) \ 773 ({ \ 774 int __ret = 0; \ 775 if (udev->state == UIST_CREATED) \ 776 __ret = -EINVAL; \ 777 else if ((_arg) > (_max)) \ 778 __ret = -EINVAL; \ 779 else set_bit((_arg), udev->dev->_bit); \ 780 __ret; \ 781 }) 782 783 static int uinput_str_to_user(void __user *dest, const char *str, 784 unsigned int maxlen) 785 { 786 char __user *p = dest; 787 int len, ret; 788 789 if (!str) 790 return -ENOENT; 791 792 if (maxlen == 0) 793 return -EINVAL; 794 795 len = strlen(str) + 1; 796 if (len > maxlen) 797 len = maxlen; 798 799 ret = copy_to_user(p, str, len); 800 if (ret) 801 return -EFAULT; 802 803 /* force terminating '\0' */ 804 ret = put_user(0, p + len - 1); 805 return ret ? -EFAULT : len; 806 } 807 808 static long uinput_ioctl_handler(struct file *file, unsigned int cmd, 809 unsigned long arg, void __user *p) 810 { 811 int retval; 812 struct uinput_device *udev = file->private_data; 813 struct uinput_ff_upload ff_up; 814 struct uinput_ff_erase ff_erase; 815 struct uinput_request *req; 816 char *phys; 817 const char *name; 818 unsigned int size; 819 820 retval = mutex_lock_interruptible(&udev->mutex); 821 if (retval) 822 return retval; 823 824 if (!udev->dev) { 825 retval = uinput_allocate_device(udev); 826 if (retval) 827 goto out; 828 } 829 830 switch (cmd) { 831 case UI_GET_VERSION: 832 if (put_user(UINPUT_VERSION, 833 (unsigned int __user *)p)) 834 retval = -EFAULT; 835 goto out; 836 837 case UI_DEV_CREATE: 838 retval = uinput_create_device(udev); 839 goto out; 840 841 case UI_DEV_DESTROY: 842 uinput_destroy_device(udev); 843 goto out; 844 845 case UI_DEV_SETUP: 846 retval = uinput_dev_setup(udev, p); 847 goto out; 848 849 /* UI_ABS_SETUP is handled in the variable size ioctls */ 850 851 case UI_SET_EVBIT: 852 retval = uinput_set_bit(arg, evbit, EV_MAX); 853 goto out; 854 855 case UI_SET_KEYBIT: 856 retval = uinput_set_bit(arg, keybit, KEY_MAX); 857 goto out; 858 859 case UI_SET_RELBIT: 860 retval = uinput_set_bit(arg, relbit, REL_MAX); 861 goto out; 862 863 case UI_SET_ABSBIT: 864 retval = uinput_set_bit(arg, absbit, ABS_MAX); 865 goto out; 866 867 case UI_SET_MSCBIT: 868 retval = uinput_set_bit(arg, mscbit, MSC_MAX); 869 goto out; 870 871 case UI_SET_LEDBIT: 872 retval = uinput_set_bit(arg, ledbit, LED_MAX); 873 goto out; 874 875 case UI_SET_SNDBIT: 876 retval = uinput_set_bit(arg, sndbit, SND_MAX); 877 goto out; 878 879 case UI_SET_FFBIT: 880 retval = uinput_set_bit(arg, ffbit, FF_MAX); 881 goto out; 882 883 case UI_SET_SWBIT: 884 retval = uinput_set_bit(arg, swbit, SW_MAX); 885 goto out; 886 887 case UI_SET_PROPBIT: 888 retval = uinput_set_bit(arg, propbit, INPUT_PROP_MAX); 889 goto out; 890 891 case UI_SET_PHYS: 892 if (udev->state == UIST_CREATED) { 893 retval = -EINVAL; 894 goto out; 895 } 896 897 phys = strndup_user(p, 1024); 898 if (IS_ERR(phys)) { 899 retval = PTR_ERR(phys); 900 goto out; 901 } 902 903 kfree(udev->dev->phys); 904 udev->dev->phys = phys; 905 goto out; 906 907 case UI_BEGIN_FF_UPLOAD: 908 retval = uinput_ff_upload_from_user(p, &ff_up); 909 if (retval) 910 goto out; 911 912 req = uinput_request_find(udev, ff_up.request_id); 913 if (!req || req->code != UI_FF_UPLOAD || 914 !req->u.upload.effect) { 915 retval = -EINVAL; 916 goto out; 917 } 918 919 ff_up.retval = 0; 920 ff_up.effect = *req->u.upload.effect; 921 if (req->u.upload.old) 922 ff_up.old = *req->u.upload.old; 923 else 924 memset(&ff_up.old, 0, sizeof(struct ff_effect)); 925 926 retval = uinput_ff_upload_to_user(p, &ff_up); 927 goto out; 928 929 case UI_BEGIN_FF_ERASE: 930 if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) { 931 retval = -EFAULT; 932 goto out; 933 } 934 935 req = uinput_request_find(udev, ff_erase.request_id); 936 if (!req || req->code != UI_FF_ERASE) { 937 retval = -EINVAL; 938 goto out; 939 } 940 941 ff_erase.retval = 0; 942 ff_erase.effect_id = req->u.effect_id; 943 if (copy_to_user(p, &ff_erase, sizeof(ff_erase))) { 944 retval = -EFAULT; 945 goto out; 946 } 947 948 goto out; 949 950 case UI_END_FF_UPLOAD: 951 retval = uinput_ff_upload_from_user(p, &ff_up); 952 if (retval) 953 goto out; 954 955 req = uinput_request_find(udev, ff_up.request_id); 956 if (!req || req->code != UI_FF_UPLOAD || 957 !req->u.upload.effect) { 958 retval = -EINVAL; 959 goto out; 960 } 961 962 req->retval = ff_up.retval; 963 complete(&req->done); 964 goto out; 965 966 case UI_END_FF_ERASE: 967 if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) { 968 retval = -EFAULT; 969 goto out; 970 } 971 972 req = uinput_request_find(udev, ff_erase.request_id); 973 if (!req || req->code != UI_FF_ERASE) { 974 retval = -EINVAL; 975 goto out; 976 } 977 978 req->retval = ff_erase.retval; 979 complete(&req->done); 980 goto out; 981 } 982 983 size = _IOC_SIZE(cmd); 984 985 /* Now check variable-length commands */ 986 switch (cmd & ~IOCSIZE_MASK) { 987 case UI_GET_SYSNAME(0): 988 if (udev->state != UIST_CREATED) { 989 retval = -ENOENT; 990 goto out; 991 } 992 name = dev_name(&udev->dev->dev); 993 retval = uinput_str_to_user(p, name, size); 994 goto out; 995 996 case UI_ABS_SETUP & ~IOCSIZE_MASK: 997 retval = uinput_abs_setup(udev, p, size); 998 goto out; 999 } 1000 1001 retval = -EINVAL; 1002 out: 1003 mutex_unlock(&udev->mutex); 1004 return retval; 1005 } 1006 1007 static long uinput_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1008 { 1009 return uinput_ioctl_handler(file, cmd, arg, (void __user *)arg); 1010 } 1011 1012 #ifdef CONFIG_COMPAT 1013 1014 #define UI_SET_PHYS_COMPAT _IOW(UINPUT_IOCTL_BASE, 108, compat_uptr_t) 1015 1016 static long uinput_compat_ioctl(struct file *file, 1017 unsigned int cmd, unsigned long arg) 1018 { 1019 if (cmd == UI_SET_PHYS_COMPAT) 1020 cmd = UI_SET_PHYS; 1021 1022 return uinput_ioctl_handler(file, cmd, arg, compat_ptr(arg)); 1023 } 1024 #endif 1025 1026 static const struct file_operations uinput_fops = { 1027 .owner = THIS_MODULE, 1028 .open = uinput_open, 1029 .release = uinput_release, 1030 .read = uinput_read, 1031 .write = uinput_write, 1032 .poll = uinput_poll, 1033 .unlocked_ioctl = uinput_ioctl, 1034 #ifdef CONFIG_COMPAT 1035 .compat_ioctl = uinput_compat_ioctl, 1036 #endif 1037 .llseek = no_llseek, 1038 }; 1039 1040 static struct miscdevice uinput_misc = { 1041 .fops = &uinput_fops, 1042 .minor = UINPUT_MINOR, 1043 .name = UINPUT_NAME, 1044 }; 1045 module_misc_device(uinput_misc); 1046 1047 MODULE_ALIAS_MISCDEV(UINPUT_MINOR); 1048 MODULE_ALIAS("devname:" UINPUT_NAME); 1049 1050 MODULE_AUTHOR("Aristeu Sergio Rozanski Filho"); 1051 MODULE_DESCRIPTION("User level driver support for input subsystem"); 1052 MODULE_LICENSE("GPL"); 1053 MODULE_VERSION("0.3"); 1054