1 /* 2 * User level driver support for input subsystem 3 * 4 * Heavily based on evdev.c by Vojtech Pavlik 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or 9 * (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 * 20 * Author: Aristeu Sergio Rozanski Filho <aris@cathedrallabs.org> 21 * 22 * Changes/Revisions: 23 * 0.4 01/09/2014 (Benjamin Tissoires <benjamin.tissoires@redhat.com>) 24 * - add UI_GET_SYSNAME ioctl 25 * 0.3 09/04/2006 (Anssi Hannula <anssi.hannula@gmail.com>) 26 * - updated ff support for the changes in kernel interface 27 * - added MODULE_VERSION 28 * 0.2 16/10/2004 (Micah Dowty <micah@navi.cx>) 29 * - added force feedback support 30 * - added UI_SET_PHYS 31 * 0.1 20/06/2002 32 * - first public version 33 */ 34 #include <linux/poll.h> 35 #include <linux/sched.h> 36 #include <linux/slab.h> 37 #include <linux/module.h> 38 #include <linux/init.h> 39 #include <linux/fs.h> 40 #include <linux/miscdevice.h> 41 #include <linux/uinput.h> 42 #include <linux/input/mt.h> 43 #include "../input-compat.h" 44 45 static int uinput_dev_event(struct input_dev *dev, 46 unsigned int type, unsigned int code, int value) 47 { 48 struct uinput_device *udev = input_get_drvdata(dev); 49 50 udev->buff[udev->head].type = type; 51 udev->buff[udev->head].code = code; 52 udev->buff[udev->head].value = value; 53 do_gettimeofday(&udev->buff[udev->head].time); 54 udev->head = (udev->head + 1) % UINPUT_BUFFER_SIZE; 55 56 wake_up_interruptible(&udev->waitq); 57 58 return 0; 59 } 60 61 /* Atomically allocate an ID for the given request. Returns 0 on success. */ 62 static bool uinput_request_alloc_id(struct uinput_device *udev, 63 struct uinput_request *request) 64 { 65 unsigned int id; 66 bool reserved = false; 67 68 spin_lock(&udev->requests_lock); 69 70 for (id = 0; id < UINPUT_NUM_REQUESTS; id++) { 71 if (!udev->requests[id]) { 72 request->id = id; 73 udev->requests[id] = request; 74 reserved = true; 75 break; 76 } 77 } 78 79 spin_unlock(&udev->requests_lock); 80 return reserved; 81 } 82 83 static struct uinput_request *uinput_request_find(struct uinput_device *udev, 84 unsigned int id) 85 { 86 /* Find an input request, by ID. Returns NULL if the ID isn't valid. */ 87 if (id >= UINPUT_NUM_REQUESTS) 88 return NULL; 89 90 return udev->requests[id]; 91 } 92 93 static int uinput_request_reserve_slot(struct uinput_device *udev, 94 struct uinput_request *request) 95 { 96 /* Allocate slot. If none are available right away, wait. */ 97 return wait_event_interruptible(udev->requests_waitq, 98 uinput_request_alloc_id(udev, request)); 99 } 100 101 static void uinput_request_done(struct uinput_device *udev, 102 struct uinput_request *request) 103 { 104 /* Mark slot as available */ 105 udev->requests[request->id] = NULL; 106 wake_up(&udev->requests_waitq); 107 108 complete(&request->done); 109 } 110 111 static int uinput_request_send(struct uinput_device *udev, 112 struct uinput_request *request) 113 { 114 int retval; 115 116 retval = mutex_lock_interruptible(&udev->mutex); 117 if (retval) 118 return retval; 119 120 if (udev->state != UIST_CREATED) { 121 retval = -ENODEV; 122 goto out; 123 } 124 125 init_completion(&request->done); 126 127 /* 128 * Tell our userspace application about this new request 129 * by queueing an input event. 130 */ 131 uinput_dev_event(udev->dev, EV_UINPUT, request->code, request->id); 132 133 out: 134 mutex_unlock(&udev->mutex); 135 return retval; 136 } 137 138 static int uinput_request_submit(struct uinput_device *udev, 139 struct uinput_request *request) 140 { 141 int error; 142 143 error = uinput_request_reserve_slot(udev, request); 144 if (error) 145 return error; 146 147 error = uinput_request_send(udev, request); 148 if (error) { 149 uinput_request_done(udev, request); 150 return error; 151 } 152 153 wait_for_completion(&request->done); 154 return request->retval; 155 } 156 157 /* 158 * Fail all outstanding requests so handlers don't wait for the userspace 159 * to finish processing them. 160 */ 161 static void uinput_flush_requests(struct uinput_device *udev) 162 { 163 struct uinput_request *request; 164 int i; 165 166 spin_lock(&udev->requests_lock); 167 168 for (i = 0; i < UINPUT_NUM_REQUESTS; i++) { 169 request = udev->requests[i]; 170 if (request) { 171 request->retval = -ENODEV; 172 uinput_request_done(udev, request); 173 } 174 } 175 176 spin_unlock(&udev->requests_lock); 177 } 178 179 static void uinput_dev_set_gain(struct input_dev *dev, u16 gain) 180 { 181 uinput_dev_event(dev, EV_FF, FF_GAIN, gain); 182 } 183 184 static void uinput_dev_set_autocenter(struct input_dev *dev, u16 magnitude) 185 { 186 uinput_dev_event(dev, EV_FF, FF_AUTOCENTER, magnitude); 187 } 188 189 static int uinput_dev_playback(struct input_dev *dev, int effect_id, int value) 190 { 191 return uinput_dev_event(dev, EV_FF, effect_id, value); 192 } 193 194 static int uinput_dev_upload_effect(struct input_dev *dev, 195 struct ff_effect *effect, 196 struct ff_effect *old) 197 { 198 struct uinput_device *udev = input_get_drvdata(dev); 199 struct uinput_request request; 200 201 /* 202 * uinput driver does not currently support periodic effects with 203 * custom waveform since it does not have a way to pass buffer of 204 * samples (custom_data) to userspace. If ever there is a device 205 * supporting custom waveforms we would need to define an additional 206 * ioctl (UI_UPLOAD_SAMPLES) but for now we just bail out. 207 */ 208 if (effect->type == FF_PERIODIC && 209 effect->u.periodic.waveform == FF_CUSTOM) 210 return -EINVAL; 211 212 request.code = UI_FF_UPLOAD; 213 request.u.upload.effect = effect; 214 request.u.upload.old = old; 215 216 return uinput_request_submit(udev, &request); 217 } 218 219 static int uinput_dev_erase_effect(struct input_dev *dev, int effect_id) 220 { 221 struct uinput_device *udev = input_get_drvdata(dev); 222 struct uinput_request request; 223 224 if (!test_bit(EV_FF, dev->evbit)) 225 return -ENOSYS; 226 227 request.code = UI_FF_ERASE; 228 request.u.effect_id = effect_id; 229 230 return uinput_request_submit(udev, &request); 231 } 232 233 static void uinput_destroy_device(struct uinput_device *udev) 234 { 235 const char *name, *phys; 236 struct input_dev *dev = udev->dev; 237 enum uinput_state old_state = udev->state; 238 239 udev->state = UIST_NEW_DEVICE; 240 241 if (dev) { 242 name = dev->name; 243 phys = dev->phys; 244 if (old_state == UIST_CREATED) { 245 uinput_flush_requests(udev); 246 input_unregister_device(dev); 247 } else { 248 input_free_device(dev); 249 } 250 kfree(name); 251 kfree(phys); 252 udev->dev = NULL; 253 } 254 } 255 256 static int uinput_create_device(struct uinput_device *udev) 257 { 258 struct input_dev *dev = udev->dev; 259 int error, nslot; 260 261 if (udev->state != UIST_SETUP_COMPLETE) { 262 printk(KERN_DEBUG "%s: write device info first\n", UINPUT_NAME); 263 return -EINVAL; 264 } 265 266 if (test_bit(ABS_MT_SLOT, dev->absbit)) { 267 nslot = input_abs_get_max(dev, ABS_MT_SLOT) + 1; 268 error = input_mt_init_slots(dev, nslot, 0); 269 if (error) 270 goto fail1; 271 } else if (test_bit(ABS_MT_POSITION_X, dev->absbit)) { 272 input_set_events_per_packet(dev, 60); 273 } 274 275 if (test_bit(EV_FF, dev->evbit) && !udev->ff_effects_max) { 276 printk(KERN_DEBUG "%s: ff_effects_max should be non-zero when FF_BIT is set\n", 277 UINPUT_NAME); 278 error = -EINVAL; 279 goto fail1; 280 } 281 282 if (udev->ff_effects_max) { 283 error = input_ff_create(dev, udev->ff_effects_max); 284 if (error) 285 goto fail1; 286 287 dev->ff->upload = uinput_dev_upload_effect; 288 dev->ff->erase = uinput_dev_erase_effect; 289 dev->ff->playback = uinput_dev_playback; 290 dev->ff->set_gain = uinput_dev_set_gain; 291 dev->ff->set_autocenter = uinput_dev_set_autocenter; 292 } 293 294 error = input_register_device(udev->dev); 295 if (error) 296 goto fail2; 297 298 udev->state = UIST_CREATED; 299 300 return 0; 301 302 fail2: input_ff_destroy(dev); 303 fail1: uinput_destroy_device(udev); 304 return error; 305 } 306 307 static int uinput_open(struct inode *inode, struct file *file) 308 { 309 struct uinput_device *newdev; 310 311 newdev = kzalloc(sizeof(struct uinput_device), GFP_KERNEL); 312 if (!newdev) 313 return -ENOMEM; 314 315 mutex_init(&newdev->mutex); 316 spin_lock_init(&newdev->requests_lock); 317 init_waitqueue_head(&newdev->requests_waitq); 318 init_waitqueue_head(&newdev->waitq); 319 newdev->state = UIST_NEW_DEVICE; 320 321 file->private_data = newdev; 322 nonseekable_open(inode, file); 323 324 return 0; 325 } 326 327 static int uinput_validate_absinfo(struct input_dev *dev, unsigned int code, 328 const struct input_absinfo *abs) 329 { 330 int min, max; 331 332 min = abs->minimum; 333 max = abs->maximum; 334 335 if ((min != 0 || max != 0) && max <= min) { 336 printk(KERN_DEBUG 337 "%s: invalid abs[%02x] min:%d max:%d\n", 338 UINPUT_NAME, code, min, max); 339 return -EINVAL; 340 } 341 342 if (abs->flat > max - min) { 343 printk(KERN_DEBUG 344 "%s: abs_flat #%02x out of range: %d (min:%d/max:%d)\n", 345 UINPUT_NAME, code, abs->flat, min, max); 346 return -EINVAL; 347 } 348 349 return 0; 350 } 351 352 static int uinput_validate_absbits(struct input_dev *dev) 353 { 354 unsigned int cnt; 355 int error; 356 357 if (!test_bit(EV_ABS, dev->evbit)) 358 return 0; 359 360 /* 361 * Check if absmin/absmax/absfuzz/absflat are sane. 362 */ 363 364 for_each_set_bit(cnt, dev->absbit, ABS_CNT) { 365 if (!dev->absinfo) 366 return -EINVAL; 367 368 error = uinput_validate_absinfo(dev, cnt, &dev->absinfo[cnt]); 369 if (error) 370 return error; 371 } 372 373 return 0; 374 } 375 376 static int uinput_allocate_device(struct uinput_device *udev) 377 { 378 udev->dev = input_allocate_device(); 379 if (!udev->dev) 380 return -ENOMEM; 381 382 udev->dev->event = uinput_dev_event; 383 input_set_drvdata(udev->dev, udev); 384 385 return 0; 386 } 387 388 static int uinput_dev_setup(struct uinput_device *udev, 389 struct uinput_setup __user *arg) 390 { 391 struct uinput_setup setup; 392 struct input_dev *dev; 393 394 if (udev->state == UIST_CREATED) 395 return -EINVAL; 396 397 if (copy_from_user(&setup, arg, sizeof(setup))) 398 return -EFAULT; 399 400 if (!setup.name[0]) 401 return -EINVAL; 402 403 dev = udev->dev; 404 dev->id = setup.id; 405 udev->ff_effects_max = setup.ff_effects_max; 406 407 kfree(dev->name); 408 dev->name = kstrndup(setup.name, UINPUT_MAX_NAME_SIZE, GFP_KERNEL); 409 if (!dev->name) 410 return -ENOMEM; 411 412 udev->state = UIST_SETUP_COMPLETE; 413 return 0; 414 } 415 416 static int uinput_abs_setup(struct uinput_device *udev, 417 struct uinput_setup __user *arg, size_t size) 418 { 419 struct uinput_abs_setup setup = {}; 420 struct input_dev *dev; 421 int error; 422 423 if (size > sizeof(setup)) 424 return -E2BIG; 425 426 if (udev->state == UIST_CREATED) 427 return -EINVAL; 428 429 if (copy_from_user(&setup, arg, size)) 430 return -EFAULT; 431 432 if (setup.code > ABS_MAX) 433 return -ERANGE; 434 435 dev = udev->dev; 436 437 error = uinput_validate_absinfo(dev, setup.code, &setup.absinfo); 438 if (error) 439 return error; 440 441 input_alloc_absinfo(dev); 442 if (!dev->absinfo) 443 return -ENOMEM; 444 445 set_bit(setup.code, dev->absbit); 446 dev->absinfo[setup.code] = setup.absinfo; 447 return 0; 448 } 449 450 /* legacy setup via write() */ 451 static int uinput_setup_device_legacy(struct uinput_device *udev, 452 const char __user *buffer, size_t count) 453 { 454 struct uinput_user_dev *user_dev; 455 struct input_dev *dev; 456 int i; 457 int retval; 458 459 if (count != sizeof(struct uinput_user_dev)) 460 return -EINVAL; 461 462 if (!udev->dev) { 463 retval = uinput_allocate_device(udev); 464 if (retval) 465 return retval; 466 } 467 468 dev = udev->dev; 469 470 user_dev = memdup_user(buffer, sizeof(struct uinput_user_dev)); 471 if (IS_ERR(user_dev)) 472 return PTR_ERR(user_dev); 473 474 udev->ff_effects_max = user_dev->ff_effects_max; 475 476 /* Ensure name is filled in */ 477 if (!user_dev->name[0]) { 478 retval = -EINVAL; 479 goto exit; 480 } 481 482 kfree(dev->name); 483 dev->name = kstrndup(user_dev->name, UINPUT_MAX_NAME_SIZE, 484 GFP_KERNEL); 485 if (!dev->name) { 486 retval = -ENOMEM; 487 goto exit; 488 } 489 490 dev->id.bustype = user_dev->id.bustype; 491 dev->id.vendor = user_dev->id.vendor; 492 dev->id.product = user_dev->id.product; 493 dev->id.version = user_dev->id.version; 494 495 for (i = 0; i < ABS_CNT; i++) { 496 input_abs_set_max(dev, i, user_dev->absmax[i]); 497 input_abs_set_min(dev, i, user_dev->absmin[i]); 498 input_abs_set_fuzz(dev, i, user_dev->absfuzz[i]); 499 input_abs_set_flat(dev, i, user_dev->absflat[i]); 500 } 501 502 retval = uinput_validate_absbits(dev); 503 if (retval < 0) 504 goto exit; 505 506 udev->state = UIST_SETUP_COMPLETE; 507 retval = count; 508 509 exit: 510 kfree(user_dev); 511 return retval; 512 } 513 514 static ssize_t uinput_inject_events(struct uinput_device *udev, 515 const char __user *buffer, size_t count) 516 { 517 struct input_event ev; 518 size_t bytes = 0; 519 520 if (count != 0 && count < input_event_size()) 521 return -EINVAL; 522 523 while (bytes + input_event_size() <= count) { 524 /* 525 * Note that even if some events were fetched successfully 526 * we are still going to return EFAULT instead of partial 527 * count to let userspace know that it got it's buffers 528 * all wrong. 529 */ 530 if (input_event_from_user(buffer + bytes, &ev)) 531 return -EFAULT; 532 533 input_event(udev->dev, ev.type, ev.code, ev.value); 534 bytes += input_event_size(); 535 } 536 537 return bytes; 538 } 539 540 static ssize_t uinput_write(struct file *file, const char __user *buffer, 541 size_t count, loff_t *ppos) 542 { 543 struct uinput_device *udev = file->private_data; 544 int retval; 545 546 if (count == 0) 547 return 0; 548 549 retval = mutex_lock_interruptible(&udev->mutex); 550 if (retval) 551 return retval; 552 553 retval = udev->state == UIST_CREATED ? 554 uinput_inject_events(udev, buffer, count) : 555 uinput_setup_device_legacy(udev, buffer, count); 556 557 mutex_unlock(&udev->mutex); 558 559 return retval; 560 } 561 562 static bool uinput_fetch_next_event(struct uinput_device *udev, 563 struct input_event *event) 564 { 565 bool have_event; 566 567 spin_lock_irq(&udev->dev->event_lock); 568 569 have_event = udev->head != udev->tail; 570 if (have_event) { 571 *event = udev->buff[udev->tail]; 572 udev->tail = (udev->tail + 1) % UINPUT_BUFFER_SIZE; 573 } 574 575 spin_unlock_irq(&udev->dev->event_lock); 576 577 return have_event; 578 } 579 580 static ssize_t uinput_events_to_user(struct uinput_device *udev, 581 char __user *buffer, size_t count) 582 { 583 struct input_event event; 584 size_t read = 0; 585 586 while (read + input_event_size() <= count && 587 uinput_fetch_next_event(udev, &event)) { 588 589 if (input_event_to_user(buffer + read, &event)) 590 return -EFAULT; 591 592 read += input_event_size(); 593 } 594 595 return read; 596 } 597 598 static ssize_t uinput_read(struct file *file, char __user *buffer, 599 size_t count, loff_t *ppos) 600 { 601 struct uinput_device *udev = file->private_data; 602 ssize_t retval; 603 604 if (count != 0 && count < input_event_size()) 605 return -EINVAL; 606 607 do { 608 retval = mutex_lock_interruptible(&udev->mutex); 609 if (retval) 610 return retval; 611 612 if (udev->state != UIST_CREATED) 613 retval = -ENODEV; 614 else if (udev->head == udev->tail && 615 (file->f_flags & O_NONBLOCK)) 616 retval = -EAGAIN; 617 else 618 retval = uinput_events_to_user(udev, buffer, count); 619 620 mutex_unlock(&udev->mutex); 621 622 if (retval || count == 0) 623 break; 624 625 if (!(file->f_flags & O_NONBLOCK)) 626 retval = wait_event_interruptible(udev->waitq, 627 udev->head != udev->tail || 628 udev->state != UIST_CREATED); 629 } while (retval == 0); 630 631 return retval; 632 } 633 634 static unsigned int uinput_poll(struct file *file, poll_table *wait) 635 { 636 struct uinput_device *udev = file->private_data; 637 638 poll_wait(file, &udev->waitq, wait); 639 640 if (udev->head != udev->tail) 641 return POLLIN | POLLRDNORM; 642 643 return 0; 644 } 645 646 static int uinput_release(struct inode *inode, struct file *file) 647 { 648 struct uinput_device *udev = file->private_data; 649 650 uinput_destroy_device(udev); 651 kfree(udev); 652 653 return 0; 654 } 655 656 #ifdef CONFIG_COMPAT 657 struct uinput_ff_upload_compat { 658 __u32 request_id; 659 __s32 retval; 660 struct ff_effect_compat effect; 661 struct ff_effect_compat old; 662 }; 663 664 static int uinput_ff_upload_to_user(char __user *buffer, 665 const struct uinput_ff_upload *ff_up) 666 { 667 if (in_compat_syscall()) { 668 struct uinput_ff_upload_compat ff_up_compat; 669 670 ff_up_compat.request_id = ff_up->request_id; 671 ff_up_compat.retval = ff_up->retval; 672 /* 673 * It so happens that the pointer that gives us the trouble 674 * is the last field in the structure. Since we don't support 675 * custom waveforms in uinput anyway we can just copy the whole 676 * thing (to the compat size) and ignore the pointer. 677 */ 678 memcpy(&ff_up_compat.effect, &ff_up->effect, 679 sizeof(struct ff_effect_compat)); 680 memcpy(&ff_up_compat.old, &ff_up->old, 681 sizeof(struct ff_effect_compat)); 682 683 if (copy_to_user(buffer, &ff_up_compat, 684 sizeof(struct uinput_ff_upload_compat))) 685 return -EFAULT; 686 } else { 687 if (copy_to_user(buffer, ff_up, 688 sizeof(struct uinput_ff_upload))) 689 return -EFAULT; 690 } 691 692 return 0; 693 } 694 695 static int uinput_ff_upload_from_user(const char __user *buffer, 696 struct uinput_ff_upload *ff_up) 697 { 698 if (in_compat_syscall()) { 699 struct uinput_ff_upload_compat ff_up_compat; 700 701 if (copy_from_user(&ff_up_compat, buffer, 702 sizeof(struct uinput_ff_upload_compat))) 703 return -EFAULT; 704 705 ff_up->request_id = ff_up_compat.request_id; 706 ff_up->retval = ff_up_compat.retval; 707 memcpy(&ff_up->effect, &ff_up_compat.effect, 708 sizeof(struct ff_effect_compat)); 709 memcpy(&ff_up->old, &ff_up_compat.old, 710 sizeof(struct ff_effect_compat)); 711 712 } else { 713 if (copy_from_user(ff_up, buffer, 714 sizeof(struct uinput_ff_upload))) 715 return -EFAULT; 716 } 717 718 return 0; 719 } 720 721 #else 722 723 static int uinput_ff_upload_to_user(char __user *buffer, 724 const struct uinput_ff_upload *ff_up) 725 { 726 if (copy_to_user(buffer, ff_up, sizeof(struct uinput_ff_upload))) 727 return -EFAULT; 728 729 return 0; 730 } 731 732 static int uinput_ff_upload_from_user(const char __user *buffer, 733 struct uinput_ff_upload *ff_up) 734 { 735 if (copy_from_user(ff_up, buffer, sizeof(struct uinput_ff_upload))) 736 return -EFAULT; 737 738 return 0; 739 } 740 741 #endif 742 743 #define uinput_set_bit(_arg, _bit, _max) \ 744 ({ \ 745 int __ret = 0; \ 746 if (udev->state == UIST_CREATED) \ 747 __ret = -EINVAL; \ 748 else if ((_arg) > (_max)) \ 749 __ret = -EINVAL; \ 750 else set_bit((_arg), udev->dev->_bit); \ 751 __ret; \ 752 }) 753 754 static int uinput_str_to_user(void __user *dest, const char *str, 755 unsigned int maxlen) 756 { 757 char __user *p = dest; 758 int len, ret; 759 760 if (!str) 761 return -ENOENT; 762 763 if (maxlen == 0) 764 return -EINVAL; 765 766 len = strlen(str) + 1; 767 if (len > maxlen) 768 len = maxlen; 769 770 ret = copy_to_user(p, str, len); 771 if (ret) 772 return -EFAULT; 773 774 /* force terminating '\0' */ 775 ret = put_user(0, p + len - 1); 776 return ret ? -EFAULT : len; 777 } 778 779 static long uinput_ioctl_handler(struct file *file, unsigned int cmd, 780 unsigned long arg, void __user *p) 781 { 782 int retval; 783 struct uinput_device *udev = file->private_data; 784 struct uinput_ff_upload ff_up; 785 struct uinput_ff_erase ff_erase; 786 struct uinput_request *req; 787 char *phys; 788 const char *name; 789 unsigned int size; 790 791 retval = mutex_lock_interruptible(&udev->mutex); 792 if (retval) 793 return retval; 794 795 if (!udev->dev) { 796 retval = uinput_allocate_device(udev); 797 if (retval) 798 goto out; 799 } 800 801 switch (cmd) { 802 case UI_GET_VERSION: 803 if (put_user(UINPUT_VERSION, 804 (unsigned int __user *)p)) 805 retval = -EFAULT; 806 goto out; 807 808 case UI_DEV_CREATE: 809 retval = uinput_create_device(udev); 810 goto out; 811 812 case UI_DEV_DESTROY: 813 uinput_destroy_device(udev); 814 goto out; 815 816 case UI_DEV_SETUP: 817 retval = uinput_dev_setup(udev, p); 818 goto out; 819 820 /* UI_ABS_SETUP is handled in the variable size ioctls */ 821 822 case UI_SET_EVBIT: 823 retval = uinput_set_bit(arg, evbit, EV_MAX); 824 goto out; 825 826 case UI_SET_KEYBIT: 827 retval = uinput_set_bit(arg, keybit, KEY_MAX); 828 goto out; 829 830 case UI_SET_RELBIT: 831 retval = uinput_set_bit(arg, relbit, REL_MAX); 832 goto out; 833 834 case UI_SET_ABSBIT: 835 retval = uinput_set_bit(arg, absbit, ABS_MAX); 836 goto out; 837 838 case UI_SET_MSCBIT: 839 retval = uinput_set_bit(arg, mscbit, MSC_MAX); 840 goto out; 841 842 case UI_SET_LEDBIT: 843 retval = uinput_set_bit(arg, ledbit, LED_MAX); 844 goto out; 845 846 case UI_SET_SNDBIT: 847 retval = uinput_set_bit(arg, sndbit, SND_MAX); 848 goto out; 849 850 case UI_SET_FFBIT: 851 retval = uinput_set_bit(arg, ffbit, FF_MAX); 852 goto out; 853 854 case UI_SET_SWBIT: 855 retval = uinput_set_bit(arg, swbit, SW_MAX); 856 goto out; 857 858 case UI_SET_PROPBIT: 859 retval = uinput_set_bit(arg, propbit, INPUT_PROP_MAX); 860 goto out; 861 862 case UI_SET_PHYS: 863 if (udev->state == UIST_CREATED) { 864 retval = -EINVAL; 865 goto out; 866 } 867 868 phys = strndup_user(p, 1024); 869 if (IS_ERR(phys)) { 870 retval = PTR_ERR(phys); 871 goto out; 872 } 873 874 kfree(udev->dev->phys); 875 udev->dev->phys = phys; 876 goto out; 877 878 case UI_BEGIN_FF_UPLOAD: 879 retval = uinput_ff_upload_from_user(p, &ff_up); 880 if (retval) 881 goto out; 882 883 req = uinput_request_find(udev, ff_up.request_id); 884 if (!req || req->code != UI_FF_UPLOAD || 885 !req->u.upload.effect) { 886 retval = -EINVAL; 887 goto out; 888 } 889 890 ff_up.retval = 0; 891 ff_up.effect = *req->u.upload.effect; 892 if (req->u.upload.old) 893 ff_up.old = *req->u.upload.old; 894 else 895 memset(&ff_up.old, 0, sizeof(struct ff_effect)); 896 897 retval = uinput_ff_upload_to_user(p, &ff_up); 898 goto out; 899 900 case UI_BEGIN_FF_ERASE: 901 if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) { 902 retval = -EFAULT; 903 goto out; 904 } 905 906 req = uinput_request_find(udev, ff_erase.request_id); 907 if (!req || req->code != UI_FF_ERASE) { 908 retval = -EINVAL; 909 goto out; 910 } 911 912 ff_erase.retval = 0; 913 ff_erase.effect_id = req->u.effect_id; 914 if (copy_to_user(p, &ff_erase, sizeof(ff_erase))) { 915 retval = -EFAULT; 916 goto out; 917 } 918 919 goto out; 920 921 case UI_END_FF_UPLOAD: 922 retval = uinput_ff_upload_from_user(p, &ff_up); 923 if (retval) 924 goto out; 925 926 req = uinput_request_find(udev, ff_up.request_id); 927 if (!req || req->code != UI_FF_UPLOAD || 928 !req->u.upload.effect) { 929 retval = -EINVAL; 930 goto out; 931 } 932 933 req->retval = ff_up.retval; 934 uinput_request_done(udev, req); 935 goto out; 936 937 case UI_END_FF_ERASE: 938 if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) { 939 retval = -EFAULT; 940 goto out; 941 } 942 943 req = uinput_request_find(udev, ff_erase.request_id); 944 if (!req || req->code != UI_FF_ERASE) { 945 retval = -EINVAL; 946 goto out; 947 } 948 949 req->retval = ff_erase.retval; 950 uinput_request_done(udev, req); 951 goto out; 952 } 953 954 size = _IOC_SIZE(cmd); 955 956 /* Now check variable-length commands */ 957 switch (cmd & ~IOCSIZE_MASK) { 958 case UI_GET_SYSNAME(0): 959 if (udev->state != UIST_CREATED) { 960 retval = -ENOENT; 961 goto out; 962 } 963 name = dev_name(&udev->dev->dev); 964 retval = uinput_str_to_user(p, name, size); 965 goto out; 966 967 case UI_ABS_SETUP & ~IOCSIZE_MASK: 968 retval = uinput_abs_setup(udev, p, size); 969 goto out; 970 } 971 972 retval = -EINVAL; 973 out: 974 mutex_unlock(&udev->mutex); 975 return retval; 976 } 977 978 static long uinput_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 979 { 980 return uinput_ioctl_handler(file, cmd, arg, (void __user *)arg); 981 } 982 983 #ifdef CONFIG_COMPAT 984 985 #define UI_SET_PHYS_COMPAT _IOW(UINPUT_IOCTL_BASE, 108, compat_uptr_t) 986 987 static long uinput_compat_ioctl(struct file *file, 988 unsigned int cmd, unsigned long arg) 989 { 990 if (cmd == UI_SET_PHYS_COMPAT) 991 cmd = UI_SET_PHYS; 992 993 return uinput_ioctl_handler(file, cmd, arg, compat_ptr(arg)); 994 } 995 #endif 996 997 static const struct file_operations uinput_fops = { 998 .owner = THIS_MODULE, 999 .open = uinput_open, 1000 .release = uinput_release, 1001 .read = uinput_read, 1002 .write = uinput_write, 1003 .poll = uinput_poll, 1004 .unlocked_ioctl = uinput_ioctl, 1005 #ifdef CONFIG_COMPAT 1006 .compat_ioctl = uinput_compat_ioctl, 1007 #endif 1008 .llseek = no_llseek, 1009 }; 1010 1011 static struct miscdevice uinput_misc = { 1012 .fops = &uinput_fops, 1013 .minor = UINPUT_MINOR, 1014 .name = UINPUT_NAME, 1015 }; 1016 MODULE_ALIAS_MISCDEV(UINPUT_MINOR); 1017 MODULE_ALIAS("devname:" UINPUT_NAME); 1018 1019 static int __init uinput_init(void) 1020 { 1021 return misc_register(&uinput_misc); 1022 } 1023 1024 static void __exit uinput_exit(void) 1025 { 1026 misc_deregister(&uinput_misc); 1027 } 1028 1029 MODULE_AUTHOR("Aristeu Sergio Rozanski Filho"); 1030 MODULE_DESCRIPTION("User level driver support for input subsystem"); 1031 MODULE_LICENSE("GPL"); 1032 MODULE_VERSION("0.3"); 1033 1034 module_init(uinput_init); 1035 module_exit(uinput_exit); 1036