1/* 2 * Event char devices, giving access to raw input device events. 3 * 4 * Copyright (c) 1999-2002 Vojtech Pavlik 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published by 8 * the Free Software Foundation. 9 */ 10 11#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 12 13#define EVDEV_MINOR_BASE 64 14#define EVDEV_MINORS 32 15#define EVDEV_MIN_BUFFER_SIZE 64U 16#define EVDEV_BUF_PACKETS 8 17 18#include <linux/poll.h> 19#include <linux/sched.h> 20#include <linux/slab.h> 21#include <linux/vmalloc.h> 22#include <linux/mm.h> 23#include <linux/module.h> 24#include <linux/init.h> 25#include <linux/input/mt.h> 26#include <linux/major.h> 27#include <linux/device.h> 28#include <linux/cdev.h> 29#include "input-compat.h" 30 31enum evdev_clock_type { 32 EV_CLK_REAL = 0, 33 EV_CLK_MONO, 34 EV_CLK_BOOT, 35 EV_CLK_MAX 36}; 37 38struct evdev { 39 int open; 40 struct input_handle handle; 41 wait_queue_head_t wait; 42 struct evdev_client __rcu *grab; 43 struct list_head client_list; 44 spinlock_t client_lock; /* protects client_list */ 45 struct mutex mutex; 46 struct device dev; 47 struct cdev cdev; 48 bool exist; 49}; 50 51struct evdev_client { 52 unsigned int head; 53 unsigned int tail; 54 unsigned int packet_head; /* [future] position of the first element of next packet */ 55 spinlock_t buffer_lock; /* protects access to buffer, head and tail */ 56 struct fasync_struct *fasync; 57 struct evdev *evdev; 58 struct list_head node; 59 int clk_type; 60 bool revoked; 61 unsigned int bufsize; 62 struct input_event buffer[]; 63}; 64 65/* flush queued events of type @type, caller must hold client->buffer_lock */ 66static void __evdev_flush_queue(struct evdev_client *client, unsigned int type) 67{ 68 unsigned int i, head, num; 69 unsigned int mask = client->bufsize - 1; 70 bool is_report; 71 struct input_event *ev; 72 73 BUG_ON(type == EV_SYN); 74 75 head = client->tail; 76 client->packet_head = client->tail; 77 78 /* init to 1 so a leading SYN_REPORT will not be dropped */ 79 num = 1; 80 81 for (i = client->tail; i != client->head; i = (i + 1) & mask) { 82 ev = &client->buffer[i]; 83 is_report = ev->type == EV_SYN && ev->code == SYN_REPORT; 84 85 if (ev->type == type) { 86 /* drop matched entry */ 87 continue; 88 } else if (is_report && !num) { 89 /* drop empty SYN_REPORT groups */ 90 continue; 91 } else if (head != i) { 92 /* move entry to fill the gap */ 93 client->buffer[head].time = ev->time; 94 client->buffer[head].type = ev->type; 95 client->buffer[head].code = ev->code; 96 client->buffer[head].value = ev->value; 97 } 98 99 num++; 100 head = (head + 1) & mask; 101 102 if (is_report) { 103 num = 0; 104 client->packet_head = head; 105 } 106 } 107 108 client->head = head; 109} 110 111static void __evdev_queue_syn_dropped(struct evdev_client *client) 112{ 113 struct input_event ev; 114 ktime_t time; 115 116 time = client->clk_type == EV_CLK_REAL ? 117 ktime_get_real() : 118 client->clk_type == EV_CLK_MONO ? 119 ktime_get() : 120 ktime_get_boottime(); 121 122 ev.time = ktime_to_timeval(time); 123 ev.type = EV_SYN; 124 ev.code = SYN_DROPPED; 125 ev.value = 0; 126 127 client->buffer[client->head++] = ev; 128 client->head &= client->bufsize - 1; 129 130 if (unlikely(client->head == client->tail)) { 131 /* drop queue but keep our SYN_DROPPED event */ 132 client->tail = (client->head - 1) & (client->bufsize - 1); 133 client->packet_head = client->tail; 134 } 135} 136 137static void evdev_queue_syn_dropped(struct evdev_client *client) 138{ 139 unsigned long flags; 140 141 spin_lock_irqsave(&client->buffer_lock, flags); 142 __evdev_queue_syn_dropped(client); 143 spin_unlock_irqrestore(&client->buffer_lock, flags); 144} 145 146static int evdev_set_clk_type(struct evdev_client *client, unsigned int clkid) 147{ 148 unsigned long flags; 149 150 if (client->clk_type == clkid) 151 return 0; 152 153 switch (clkid) { 154 155 case CLOCK_REALTIME: 156 client->clk_type = EV_CLK_REAL; 157 break; 158 case CLOCK_MONOTONIC: 159 client->clk_type = EV_CLK_MONO; 160 break; 161 case CLOCK_BOOTTIME: 162 client->clk_type = EV_CLK_BOOT; 163 break; 164 default: 165 return -EINVAL; 166 } 167 168 /* 169 * Flush pending events and queue SYN_DROPPED event, 170 * but only if the queue is not empty. 171 */ 172 spin_lock_irqsave(&client->buffer_lock, flags); 173 174 if (client->head != client->tail) { 175 client->packet_head = client->head = client->tail; 176 __evdev_queue_syn_dropped(client); 177 } 178 179 spin_unlock_irqrestore(&client->buffer_lock, flags); 180 181 return 0; 182} 183 184static void __pass_event(struct evdev_client *client, 185 const struct input_event *event) 186{ 187 client->buffer[client->head++] = *event; 188 client->head &= client->bufsize - 1; 189 190 if (unlikely(client->head == client->tail)) { 191 /* 192 * This effectively "drops" all unconsumed events, leaving 193 * EV_SYN/SYN_DROPPED plus the newest event in the queue. 194 */ 195 client->tail = (client->head - 2) & (client->bufsize - 1); 196 197 client->buffer[client->tail].time = event->time; 198 client->buffer[client->tail].type = EV_SYN; 199 client->buffer[client->tail].code = SYN_DROPPED; 200 client->buffer[client->tail].value = 0; 201 202 client->packet_head = client->tail; 203 } 204 205 if (event->type == EV_SYN && event->code == SYN_REPORT) { 206 client->packet_head = client->head; 207 kill_fasync(&client->fasync, SIGIO, POLL_IN); 208 } 209} 210 211static void evdev_pass_values(struct evdev_client *client, 212 const struct input_value *vals, unsigned int count, 213 ktime_t *ev_time) 214{ 215 struct evdev *evdev = client->evdev; 216 const struct input_value *v; 217 struct input_event event; 218 bool wakeup = false; 219 220 if (client->revoked) 221 return; 222 223 event.time = ktime_to_timeval(ev_time[client->clk_type]); 224 225 /* Interrupts are disabled, just acquire the lock. */ 226 spin_lock(&client->buffer_lock); 227 228 for (v = vals; v != vals + count; v++) { 229 event.type = v->type; 230 event.code = v->code; 231 event.value = v->value; 232 __pass_event(client, &event); 233 if (v->type == EV_SYN && v->code == SYN_REPORT) 234 wakeup = true; 235 } 236 237 spin_unlock(&client->buffer_lock); 238 239 if (wakeup) 240 wake_up_interruptible(&evdev->wait); 241} 242 243/* 244 * Pass incoming events to all connected clients. 245 */ 246static void evdev_events(struct input_handle *handle, 247 const struct input_value *vals, unsigned int count) 248{ 249 struct evdev *evdev = handle->private; 250 struct evdev_client *client; 251 ktime_t ev_time[EV_CLK_MAX]; 252 253 ev_time[EV_CLK_MONO] = ktime_get(); 254 ev_time[EV_CLK_REAL] = ktime_mono_to_real(ev_time[EV_CLK_MONO]); 255 ev_time[EV_CLK_BOOT] = ktime_mono_to_any(ev_time[EV_CLK_MONO], 256 TK_OFFS_BOOT); 257 258 rcu_read_lock(); 259 260 client = rcu_dereference(evdev->grab); 261 262 if (client) 263 evdev_pass_values(client, vals, count, ev_time); 264 else 265 list_for_each_entry_rcu(client, &evdev->client_list, node) 266 evdev_pass_values(client, vals, count, ev_time); 267 268 rcu_read_unlock(); 269} 270 271/* 272 * Pass incoming event to all connected clients. 273 */ 274static void evdev_event(struct input_handle *handle, 275 unsigned int type, unsigned int code, int value) 276{ 277 struct input_value vals[] = { { type, code, value } }; 278 279 evdev_events(handle, vals, 1); 280} 281 282static int evdev_fasync(int fd, struct file *file, int on) 283{ 284 struct evdev_client *client = file->private_data; 285 286 return fasync_helper(fd, file, on, &client->fasync); 287} 288 289static int evdev_flush(struct file *file, fl_owner_t id) 290{ 291 struct evdev_client *client = file->private_data; 292 struct evdev *evdev = client->evdev; 293 294 mutex_lock(&evdev->mutex); 295 296 if (evdev->exist && !client->revoked) 297 input_flush_device(&evdev->handle, file); 298 299 mutex_unlock(&evdev->mutex); 300 return 0; 301} 302 303static void evdev_free(struct device *dev) 304{ 305 struct evdev *evdev = container_of(dev, struct evdev, dev); 306 307 input_put_device(evdev->handle.dev); 308 kfree(evdev); 309} 310 311/* 312 * Grabs an event device (along with underlying input device). 313 * This function is called with evdev->mutex taken. 314 */ 315static int evdev_grab(struct evdev *evdev, struct evdev_client *client) 316{ 317 int error; 318 319 if (evdev->grab) 320 return -EBUSY; 321 322 error = input_grab_device(&evdev->handle); 323 if (error) 324 return error; 325 326 rcu_assign_pointer(evdev->grab, client); 327 328 return 0; 329} 330 331static int evdev_ungrab(struct evdev *evdev, struct evdev_client *client) 332{ 333 struct evdev_client *grab = rcu_dereference_protected(evdev->grab, 334 lockdep_is_held(&evdev->mutex)); 335 336 if (grab != client) 337 return -EINVAL; 338 339 rcu_assign_pointer(evdev->grab, NULL); 340 synchronize_rcu(); 341 input_release_device(&evdev->handle); 342 343 return 0; 344} 345 346static void evdev_attach_client(struct evdev *evdev, 347 struct evdev_client *client) 348{ 349 spin_lock(&evdev->client_lock); 350 list_add_tail_rcu(&client->node, &evdev->client_list); 351 spin_unlock(&evdev->client_lock); 352} 353 354static void evdev_detach_client(struct evdev *evdev, 355 struct evdev_client *client) 356{ 357 spin_lock(&evdev->client_lock); 358 list_del_rcu(&client->node); 359 spin_unlock(&evdev->client_lock); 360 synchronize_rcu(); 361} 362 363static int evdev_open_device(struct evdev *evdev) 364{ 365 int retval; 366 367 retval = mutex_lock_interruptible(&evdev->mutex); 368 if (retval) 369 return retval; 370 371 if (!evdev->exist) 372 retval = -ENODEV; 373 else if (!evdev->open++) { 374 retval = input_open_device(&evdev->handle); 375 if (retval) 376 evdev->open--; 377 } 378 379 mutex_unlock(&evdev->mutex); 380 return retval; 381} 382 383static void evdev_close_device(struct evdev *evdev) 384{ 385 mutex_lock(&evdev->mutex); 386 387 if (evdev->exist && !--evdev->open) 388 input_close_device(&evdev->handle); 389 390 mutex_unlock(&evdev->mutex); 391} 392 393/* 394 * Wake up users waiting for IO so they can disconnect from 395 * dead device. 396 */ 397static void evdev_hangup(struct evdev *evdev) 398{ 399 struct evdev_client *client; 400 401 spin_lock(&evdev->client_lock); 402 list_for_each_entry(client, &evdev->client_list, node) 403 kill_fasync(&client->fasync, SIGIO, POLL_HUP); 404 spin_unlock(&evdev->client_lock); 405 406 wake_up_interruptible(&evdev->wait); 407} 408 409static int evdev_release(struct inode *inode, struct file *file) 410{ 411 struct evdev_client *client = file->private_data; 412 struct evdev *evdev = client->evdev; 413 414 mutex_lock(&evdev->mutex); 415 evdev_ungrab(evdev, client); 416 mutex_unlock(&evdev->mutex); 417 418 evdev_detach_client(evdev, client); 419 420 if (is_vmalloc_addr(client)) 421 vfree(client); 422 else 423 kfree(client); 424 425 evdev_close_device(evdev); 426 427 return 0; 428} 429 430static unsigned int evdev_compute_buffer_size(struct input_dev *dev) 431{ 432 unsigned int n_events = 433 max(dev->hint_events_per_packet * EVDEV_BUF_PACKETS, 434 EVDEV_MIN_BUFFER_SIZE); 435 436 return roundup_pow_of_two(n_events); 437} 438 439static int evdev_open(struct inode *inode, struct file *file) 440{ 441 struct evdev *evdev = container_of(inode->i_cdev, struct evdev, cdev); 442 unsigned int bufsize = evdev_compute_buffer_size(evdev->handle.dev); 443 unsigned int size = sizeof(struct evdev_client) + 444 bufsize * sizeof(struct input_event); 445 struct evdev_client *client; 446 int error; 447 448 client = kzalloc(size, GFP_KERNEL | __GFP_NOWARN); 449 if (!client) 450 client = vzalloc(size); 451 if (!client) 452 return -ENOMEM; 453 454 client->bufsize = bufsize; 455 spin_lock_init(&client->buffer_lock); 456 client->evdev = evdev; 457 evdev_attach_client(evdev, client); 458 459 error = evdev_open_device(evdev); 460 if (error) 461 goto err_free_client; 462 463 file->private_data = client; 464 nonseekable_open(inode, file); 465 466 return 0; 467 468 err_free_client: 469 evdev_detach_client(evdev, client); 470 kvfree(client); 471 return error; 472} 473 474static ssize_t evdev_write(struct file *file, const char __user *buffer, 475 size_t count, loff_t *ppos) 476{ 477 struct evdev_client *client = file->private_data; 478 struct evdev *evdev = client->evdev; 479 struct input_event event; 480 int retval = 0; 481 482 if (count != 0 && count < input_event_size()) 483 return -EINVAL; 484 485 retval = mutex_lock_interruptible(&evdev->mutex); 486 if (retval) 487 return retval; 488 489 if (!evdev->exist || client->revoked) { 490 retval = -ENODEV; 491 goto out; 492 } 493 494 while (retval + input_event_size() <= count) { 495 496 if (input_event_from_user(buffer + retval, &event)) { 497 retval = -EFAULT; 498 goto out; 499 } 500 retval += input_event_size(); 501 502 input_inject_event(&evdev->handle, 503 event.type, event.code, event.value); 504 } 505 506 out: 507 mutex_unlock(&evdev->mutex); 508 return retval; 509} 510 511static int evdev_fetch_next_event(struct evdev_client *client, 512 struct input_event *event) 513{ 514 int have_event; 515 516 spin_lock_irq(&client->buffer_lock); 517 518 have_event = client->packet_head != client->tail; 519 if (have_event) { 520 *event = client->buffer[client->tail++]; 521 client->tail &= client->bufsize - 1; 522 } 523 524 spin_unlock_irq(&client->buffer_lock); 525 526 return have_event; 527} 528 529static ssize_t evdev_read(struct file *file, char __user *buffer, 530 size_t count, loff_t *ppos) 531{ 532 struct evdev_client *client = file->private_data; 533 struct evdev *evdev = client->evdev; 534 struct input_event event; 535 size_t read = 0; 536 int error; 537 538 if (count != 0 && count < input_event_size()) 539 return -EINVAL; 540 541 for (;;) { 542 if (!evdev->exist || client->revoked) 543 return -ENODEV; 544 545 if (client->packet_head == client->tail && 546 (file->f_flags & O_NONBLOCK)) 547 return -EAGAIN; 548 549 /* 550 * count == 0 is special - no IO is done but we check 551 * for error conditions (see above). 552 */ 553 if (count == 0) 554 break; 555 556 while (read + input_event_size() <= count && 557 evdev_fetch_next_event(client, &event)) { 558 559 if (input_event_to_user(buffer + read, &event)) 560 return -EFAULT; 561 562 read += input_event_size(); 563 } 564 565 if (read) 566 break; 567 568 if (!(file->f_flags & O_NONBLOCK)) { 569 error = wait_event_interruptible(evdev->wait, 570 client->packet_head != client->tail || 571 !evdev->exist || client->revoked); 572 if (error) 573 return error; 574 } 575 } 576 577 return read; 578} 579 580/* No kernel lock - fine */ 581static unsigned int evdev_poll(struct file *file, poll_table *wait) 582{ 583 struct evdev_client *client = file->private_data; 584 struct evdev *evdev = client->evdev; 585 unsigned int mask; 586 587 poll_wait(file, &evdev->wait, wait); 588 589 if (evdev->exist && !client->revoked) 590 mask = POLLOUT | POLLWRNORM; 591 else 592 mask = POLLHUP | POLLERR; 593 594 if (client->packet_head != client->tail) 595 mask |= POLLIN | POLLRDNORM; 596 597 return mask; 598} 599 600#ifdef CONFIG_COMPAT 601 602#define BITS_PER_LONG_COMPAT (sizeof(compat_long_t) * 8) 603#define BITS_TO_LONGS_COMPAT(x) ((((x) - 1) / BITS_PER_LONG_COMPAT) + 1) 604 605#ifdef __BIG_ENDIAN 606static int bits_to_user(unsigned long *bits, unsigned int maxbit, 607 unsigned int maxlen, void __user *p, int compat) 608{ 609 int len, i; 610 611 if (compat) { 612 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t); 613 if (len > maxlen) 614 len = maxlen; 615 616 for (i = 0; i < len / sizeof(compat_long_t); i++) 617 if (copy_to_user((compat_long_t __user *) p + i, 618 (compat_long_t *) bits + 619 i + 1 - ((i % 2) << 1), 620 sizeof(compat_long_t))) 621 return -EFAULT; 622 } else { 623 len = BITS_TO_LONGS(maxbit) * sizeof(long); 624 if (len > maxlen) 625 len = maxlen; 626 627 if (copy_to_user(p, bits, len)) 628 return -EFAULT; 629 } 630 631 return len; 632} 633#else 634static int bits_to_user(unsigned long *bits, unsigned int maxbit, 635 unsigned int maxlen, void __user *p, int compat) 636{ 637 int len = compat ? 638 BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t) : 639 BITS_TO_LONGS(maxbit) * sizeof(long); 640 641 if (len > maxlen) 642 len = maxlen; 643 644 return copy_to_user(p, bits, len) ? -EFAULT : len; 645} 646#endif /* __BIG_ENDIAN */ 647 648#else 649 650static int bits_to_user(unsigned long *bits, unsigned int maxbit, 651 unsigned int maxlen, void __user *p, int compat) 652{ 653 int len = BITS_TO_LONGS(maxbit) * sizeof(long); 654 655 if (len > maxlen) 656 len = maxlen; 657 658 return copy_to_user(p, bits, len) ? -EFAULT : len; 659} 660 661#endif /* CONFIG_COMPAT */ 662 663static int str_to_user(const char *str, unsigned int maxlen, void __user *p) 664{ 665 int len; 666 667 if (!str) 668 return -ENOENT; 669 670 len = strlen(str) + 1; 671 if (len > maxlen) 672 len = maxlen; 673 674 return copy_to_user(p, str, len) ? -EFAULT : len; 675} 676 677static int handle_eviocgbit(struct input_dev *dev, 678 unsigned int type, unsigned int size, 679 void __user *p, int compat_mode) 680{ 681 unsigned long *bits; 682 int len; 683 684 switch (type) { 685 686 case 0: bits = dev->evbit; len = EV_MAX; break; 687 case EV_KEY: bits = dev->keybit; len = KEY_MAX; break; 688 case EV_REL: bits = dev->relbit; len = REL_MAX; break; 689 case EV_ABS: bits = dev->absbit; len = ABS_MAX; break; 690 case EV_MSC: bits = dev->mscbit; len = MSC_MAX; break; 691 case EV_LED: bits = dev->ledbit; len = LED_MAX; break; 692 case EV_SND: bits = dev->sndbit; len = SND_MAX; break; 693 case EV_FF: bits = dev->ffbit; len = FF_MAX; break; 694 case EV_SW: bits = dev->swbit; len = SW_MAX; break; 695 default: return -EINVAL; 696 } 697 698 return bits_to_user(bits, len, size, p, compat_mode); 699} 700 701static int evdev_handle_get_keycode(struct input_dev *dev, void __user *p) 702{ 703 struct input_keymap_entry ke = { 704 .len = sizeof(unsigned int), 705 .flags = 0, 706 }; 707 int __user *ip = (int __user *)p; 708 int error; 709 710 /* legacy case */ 711 if (copy_from_user(ke.scancode, p, sizeof(unsigned int))) 712 return -EFAULT; 713 714 error = input_get_keycode(dev, &ke); 715 if (error) 716 return error; 717 718 if (put_user(ke.keycode, ip + 1)) 719 return -EFAULT; 720 721 return 0; 722} 723 724static int evdev_handle_get_keycode_v2(struct input_dev *dev, void __user *p) 725{ 726 struct input_keymap_entry ke; 727 int error; 728 729 if (copy_from_user(&ke, p, sizeof(ke))) 730 return -EFAULT; 731 732 error = input_get_keycode(dev, &ke); 733 if (error) 734 return error; 735 736 if (copy_to_user(p, &ke, sizeof(ke))) 737 return -EFAULT; 738 739 return 0; 740} 741 742static int evdev_handle_set_keycode(struct input_dev *dev, void __user *p) 743{ 744 struct input_keymap_entry ke = { 745 .len = sizeof(unsigned int), 746 .flags = 0, 747 }; 748 int __user *ip = (int __user *)p; 749 750 if (copy_from_user(ke.scancode, p, sizeof(unsigned int))) 751 return -EFAULT; 752 753 if (get_user(ke.keycode, ip + 1)) 754 return -EFAULT; 755 756 return input_set_keycode(dev, &ke); 757} 758 759static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p) 760{ 761 struct input_keymap_entry ke; 762 763 if (copy_from_user(&ke, p, sizeof(ke))) 764 return -EFAULT; 765 766 if (ke.len > sizeof(ke.scancode)) 767 return -EINVAL; 768 769 return input_set_keycode(dev, &ke); 770} 771 772/* 773 * If we transfer state to the user, we should flush all pending events 774 * of the same type from the client's queue. Otherwise, they might end up 775 * with duplicate events, which can screw up client's state tracking. 776 * If bits_to_user fails after flushing the queue, we queue a SYN_DROPPED 777 * event so user-space will notice missing events. 778 * 779 * LOCKING: 780 * We need to take event_lock before buffer_lock to avoid dead-locks. But we 781 * need the even_lock only to guarantee consistent state. We can safely release 782 * it while flushing the queue. This allows input-core to handle filters while 783 * we flush the queue. 784 */ 785static int evdev_handle_get_val(struct evdev_client *client, 786 struct input_dev *dev, unsigned int type, 787 unsigned long *bits, unsigned int maxbit, 788 unsigned int maxlen, void __user *p, 789 int compat) 790{ 791 int ret; 792 unsigned long *mem; 793 size_t len; 794 795 len = BITS_TO_LONGS(maxbit) * sizeof(unsigned long); 796 mem = kmalloc(len, GFP_KERNEL); 797 if (!mem) 798 return -ENOMEM; 799 800 spin_lock_irq(&dev->event_lock); 801 spin_lock(&client->buffer_lock); 802 803 memcpy(mem, bits, len); 804 805 spin_unlock(&dev->event_lock); 806 807 __evdev_flush_queue(client, type); 808 809 spin_unlock_irq(&client->buffer_lock); 810 811 ret = bits_to_user(mem, maxbit, maxlen, p, compat); 812 if (ret < 0) 813 evdev_queue_syn_dropped(client); 814 815 kfree(mem); 816 817 return ret; 818} 819 820static int evdev_handle_mt_request(struct input_dev *dev, 821 unsigned int size, 822 int __user *ip) 823{ 824 const struct input_mt *mt = dev->mt; 825 unsigned int code; 826 int max_slots; 827 int i; 828 829 if (get_user(code, &ip[0])) 830 return -EFAULT; 831 if (!mt || !input_is_mt_value(code)) 832 return -EINVAL; 833 834 max_slots = (size - sizeof(__u32)) / sizeof(__s32); 835 for (i = 0; i < mt->num_slots && i < max_slots; i++) { 836 int value = input_mt_get_value(&mt->slots[i], code); 837 if (put_user(value, &ip[1 + i])) 838 return -EFAULT; 839 } 840 841 return 0; 842} 843 844static int evdev_revoke(struct evdev *evdev, struct evdev_client *client, 845 struct file *file) 846{ 847 client->revoked = true; 848 evdev_ungrab(evdev, client); 849 input_flush_device(&evdev->handle, file); 850 wake_up_interruptible(&evdev->wait); 851 852 return 0; 853} 854 855static long evdev_do_ioctl(struct file *file, unsigned int cmd, 856 void __user *p, int compat_mode) 857{ 858 struct evdev_client *client = file->private_data; 859 struct evdev *evdev = client->evdev; 860 struct input_dev *dev = evdev->handle.dev; 861 struct input_absinfo abs; 862 struct ff_effect effect; 863 int __user *ip = (int __user *)p; 864 unsigned int i, t, u, v; 865 unsigned int size; 866 int error; 867 868 /* First we check for fixed-length commands */ 869 switch (cmd) { 870 871 case EVIOCGVERSION: 872 return put_user(EV_VERSION, ip); 873 874 case EVIOCGID: 875 if (copy_to_user(p, &dev->id, sizeof(struct input_id))) 876 return -EFAULT; 877 return 0; 878 879 case EVIOCGREP: 880 if (!test_bit(EV_REP, dev->evbit)) 881 return -ENOSYS; 882 if (put_user(dev->rep[REP_DELAY], ip)) 883 return -EFAULT; 884 if (put_user(dev->rep[REP_PERIOD], ip + 1)) 885 return -EFAULT; 886 return 0; 887 888 case EVIOCSREP: 889 if (!test_bit(EV_REP, dev->evbit)) 890 return -ENOSYS; 891 if (get_user(u, ip)) 892 return -EFAULT; 893 if (get_user(v, ip + 1)) 894 return -EFAULT; 895 896 input_inject_event(&evdev->handle, EV_REP, REP_DELAY, u); 897 input_inject_event(&evdev->handle, EV_REP, REP_PERIOD, v); 898 899 return 0; 900 901 case EVIOCRMFF: 902 return input_ff_erase(dev, (int)(unsigned long) p, file); 903 904 case EVIOCGEFFECTS: 905 i = test_bit(EV_FF, dev->evbit) ? 906 dev->ff->max_effects : 0; 907 if (put_user(i, ip)) 908 return -EFAULT; 909 return 0; 910 911 case EVIOCGRAB: 912 if (p) 913 return evdev_grab(evdev, client); 914 else 915 return evdev_ungrab(evdev, client); 916 917 case EVIOCREVOKE: 918 if (p) 919 return -EINVAL; 920 else 921 return evdev_revoke(evdev, client, file); 922 923 case EVIOCSCLOCKID: 924 if (copy_from_user(&i, p, sizeof(unsigned int))) 925 return -EFAULT; 926 927 return evdev_set_clk_type(client, i); 928 929 case EVIOCGKEYCODE: 930 return evdev_handle_get_keycode(dev, p); 931 932 case EVIOCSKEYCODE: 933 return evdev_handle_set_keycode(dev, p); 934 935 case EVIOCGKEYCODE_V2: 936 return evdev_handle_get_keycode_v2(dev, p); 937 938 case EVIOCSKEYCODE_V2: 939 return evdev_handle_set_keycode_v2(dev, p); 940 } 941 942 size = _IOC_SIZE(cmd); 943 944 /* Now check variable-length commands */ 945#define EVIOC_MASK_SIZE(nr) ((nr) & ~(_IOC_SIZEMASK << _IOC_SIZESHIFT)) 946 switch (EVIOC_MASK_SIZE(cmd)) { 947 948 case EVIOCGPROP(0): 949 return bits_to_user(dev->propbit, INPUT_PROP_MAX, 950 size, p, compat_mode); 951 952 case EVIOCGMTSLOTS(0): 953 return evdev_handle_mt_request(dev, size, ip); 954 955 case EVIOCGKEY(0): 956 return evdev_handle_get_val(client, dev, EV_KEY, dev->key, 957 KEY_MAX, size, p, compat_mode); 958 959 case EVIOCGLED(0): 960 return evdev_handle_get_val(client, dev, EV_LED, dev->led, 961 LED_MAX, size, p, compat_mode); 962 963 case EVIOCGSND(0): 964 return evdev_handle_get_val(client, dev, EV_SND, dev->snd, 965 SND_MAX, size, p, compat_mode); 966 967 case EVIOCGSW(0): 968 return evdev_handle_get_val(client, dev, EV_SW, dev->sw, 969 SW_MAX, size, p, compat_mode); 970 971 case EVIOCGNAME(0): 972 return str_to_user(dev->name, size, p); 973 974 case EVIOCGPHYS(0): 975 return str_to_user(dev->phys, size, p); 976 977 case EVIOCGUNIQ(0): 978 return str_to_user(dev->uniq, size, p); 979 980 case EVIOC_MASK_SIZE(EVIOCSFF): 981 if (input_ff_effect_from_user(p, size, &effect)) 982 return -EFAULT; 983 984 error = input_ff_upload(dev, &effect, file); 985 if (error) 986 return error; 987 988 if (put_user(effect.id, &(((struct ff_effect __user *)p)->id))) 989 return -EFAULT; 990 991 return 0; 992 } 993 994 /* Multi-number variable-length handlers */ 995 if (_IOC_TYPE(cmd) != 'E') 996 return -EINVAL; 997 998 if (_IOC_DIR(cmd) == _IOC_READ) { 999 1000 if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0, 0))) 1001 return handle_eviocgbit(dev, 1002 _IOC_NR(cmd) & EV_MAX, size, 1003 p, compat_mode); 1004 1005 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) { 1006 1007 if (!dev->absinfo) 1008 return -EINVAL; 1009 1010 t = _IOC_NR(cmd) & ABS_MAX; 1011 abs = dev->absinfo[t]; 1012 1013 if (copy_to_user(p, &abs, min_t(size_t, 1014 size, sizeof(struct input_absinfo)))) 1015 return -EFAULT; 1016 1017 return 0; 1018 } 1019 } 1020 1021 if (_IOC_DIR(cmd) == _IOC_WRITE) { 1022 1023 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) { 1024 1025 if (!dev->absinfo) 1026 return -EINVAL; 1027 1028 t = _IOC_NR(cmd) & ABS_MAX; 1029 1030 if (copy_from_user(&abs, p, min_t(size_t, 1031 size, sizeof(struct input_absinfo)))) 1032 return -EFAULT; 1033 1034 if (size < sizeof(struct input_absinfo)) 1035 abs.resolution = 0; 1036 1037 /* We can't change number of reserved MT slots */ 1038 if (t == ABS_MT_SLOT) 1039 return -EINVAL; 1040 1041 /* 1042 * Take event lock to ensure that we are not 1043 * changing device parameters in the middle 1044 * of event. 1045 */ 1046 spin_lock_irq(&dev->event_lock); 1047 dev->absinfo[t] = abs; 1048 spin_unlock_irq(&dev->event_lock); 1049 1050 return 0; 1051 } 1052 } 1053 1054 return -EINVAL; 1055} 1056 1057static long evdev_ioctl_handler(struct file *file, unsigned int cmd, 1058 void __user *p, int compat_mode) 1059{ 1060 struct evdev_client *client = file->private_data; 1061 struct evdev *evdev = client->evdev; 1062 int retval; 1063 1064 retval = mutex_lock_interruptible(&evdev->mutex); 1065 if (retval) 1066 return retval; 1067 1068 if (!evdev->exist || client->revoked) { 1069 retval = -ENODEV; 1070 goto out; 1071 } 1072 1073 retval = evdev_do_ioctl(file, cmd, p, compat_mode); 1074 1075 out: 1076 mutex_unlock(&evdev->mutex); 1077 return retval; 1078} 1079 1080static long evdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1081{ 1082 return evdev_ioctl_handler(file, cmd, (void __user *)arg, 0); 1083} 1084 1085#ifdef CONFIG_COMPAT 1086static long evdev_ioctl_compat(struct file *file, 1087 unsigned int cmd, unsigned long arg) 1088{ 1089 return evdev_ioctl_handler(file, cmd, compat_ptr(arg), 1); 1090} 1091#endif 1092 1093static const struct file_operations evdev_fops = { 1094 .owner = THIS_MODULE, 1095 .read = evdev_read, 1096 .write = evdev_write, 1097 .poll = evdev_poll, 1098 .open = evdev_open, 1099 .release = evdev_release, 1100 .unlocked_ioctl = evdev_ioctl, 1101#ifdef CONFIG_COMPAT 1102 .compat_ioctl = evdev_ioctl_compat, 1103#endif 1104 .fasync = evdev_fasync, 1105 .flush = evdev_flush, 1106 .llseek = no_llseek, 1107}; 1108 1109/* 1110 * Mark device non-existent. This disables writes, ioctls and 1111 * prevents new users from opening the device. Already posted 1112 * blocking reads will stay, however new ones will fail. 1113 */ 1114static void evdev_mark_dead(struct evdev *evdev) 1115{ 1116 mutex_lock(&evdev->mutex); 1117 evdev->exist = false; 1118 mutex_unlock(&evdev->mutex); 1119} 1120 1121static void evdev_cleanup(struct evdev *evdev) 1122{ 1123 struct input_handle *handle = &evdev->handle; 1124 1125 evdev_mark_dead(evdev); 1126 evdev_hangup(evdev); 1127 1128 cdev_del(&evdev->cdev); 1129 1130 /* evdev is marked dead so no one else accesses evdev->open */ 1131 if (evdev->open) { 1132 input_flush_device(handle, NULL); 1133 input_close_device(handle); 1134 } 1135} 1136 1137/* 1138 * Create new evdev device. Note that input core serializes calls 1139 * to connect and disconnect. 1140 */ 1141static int evdev_connect(struct input_handler *handler, struct input_dev *dev, 1142 const struct input_device_id *id) 1143{ 1144 struct evdev *evdev; 1145 int minor; 1146 int dev_no; 1147 int error; 1148 1149 minor = input_get_new_minor(EVDEV_MINOR_BASE, EVDEV_MINORS, true); 1150 if (minor < 0) { 1151 error = minor; 1152 pr_err("failed to reserve new minor: %d\n", error); 1153 return error; 1154 } 1155 1156 evdev = kzalloc(sizeof(struct evdev), GFP_KERNEL); 1157 if (!evdev) { 1158 error = -ENOMEM; 1159 goto err_free_minor; 1160 } 1161 1162 INIT_LIST_HEAD(&evdev->client_list); 1163 spin_lock_init(&evdev->client_lock); 1164 mutex_init(&evdev->mutex); 1165 init_waitqueue_head(&evdev->wait); 1166 evdev->exist = true; 1167 1168 dev_no = minor; 1169 /* Normalize device number if it falls into legacy range */ 1170 if (dev_no < EVDEV_MINOR_BASE + EVDEV_MINORS) 1171 dev_no -= EVDEV_MINOR_BASE; 1172 dev_set_name(&evdev->dev, "event%d", dev_no); 1173 1174 evdev->handle.dev = input_get_device(dev); 1175 evdev->handle.name = dev_name(&evdev->dev); 1176 evdev->handle.handler = handler; 1177 evdev->handle.private = evdev; 1178 1179 evdev->dev.devt = MKDEV(INPUT_MAJOR, minor); 1180 evdev->dev.class = &input_class; 1181 evdev->dev.parent = &dev->dev; 1182 evdev->dev.release = evdev_free; 1183 device_initialize(&evdev->dev); 1184 1185 error = input_register_handle(&evdev->handle); 1186 if (error) 1187 goto err_free_evdev; 1188 1189 cdev_init(&evdev->cdev, &evdev_fops); 1190 evdev->cdev.kobj.parent = &evdev->dev.kobj; 1191 error = cdev_add(&evdev->cdev, evdev->dev.devt, 1); 1192 if (error) 1193 goto err_unregister_handle; 1194 1195 error = device_add(&evdev->dev); 1196 if (error) 1197 goto err_cleanup_evdev; 1198 1199 return 0; 1200 1201 err_cleanup_evdev: 1202 evdev_cleanup(evdev); 1203 err_unregister_handle: 1204 input_unregister_handle(&evdev->handle); 1205 err_free_evdev: 1206 put_device(&evdev->dev); 1207 err_free_minor: 1208 input_free_minor(minor); 1209 return error; 1210} 1211 1212static void evdev_disconnect(struct input_handle *handle) 1213{ 1214 struct evdev *evdev = handle->private; 1215 1216 device_del(&evdev->dev); 1217 evdev_cleanup(evdev); 1218 input_free_minor(MINOR(evdev->dev.devt)); 1219 input_unregister_handle(handle); 1220 put_device(&evdev->dev); 1221} 1222 1223static const struct input_device_id evdev_ids[] = { 1224 { .driver_info = 1 }, /* Matches all devices */ 1225 { }, /* Terminating zero entry */ 1226}; 1227 1228MODULE_DEVICE_TABLE(input, evdev_ids); 1229 1230static struct input_handler evdev_handler = { 1231 .event = evdev_event, 1232 .events = evdev_events, 1233 .connect = evdev_connect, 1234 .disconnect = evdev_disconnect, 1235 .legacy_minors = true, 1236 .minor = EVDEV_MINOR_BASE, 1237 .name = "evdev", 1238 .id_table = evdev_ids, 1239}; 1240 1241static int __init evdev_init(void) 1242{ 1243 return input_register_handler(&evdev_handler); 1244} 1245 1246static void __exit evdev_exit(void) 1247{ 1248 input_unregister_handler(&evdev_handler); 1249} 1250 1251module_init(evdev_init); 1252module_exit(evdev_exit); 1253 1254MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>"); 1255MODULE_DESCRIPTION("Input driver event char devices"); 1256MODULE_LICENSE("GPL"); 1257