1/* 2 * Event char devices, giving access to raw input device events. 3 * 4 * Copyright (c) 1999-2002 Vojtech Pavlik 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published by 8 * the Free Software Foundation. 9 */ 10 11#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 12 13#define EVDEV_MINOR_BASE 64 14#define EVDEV_MINORS 32 15#define EVDEV_MIN_BUFFER_SIZE 64U 16#define EVDEV_BUF_PACKETS 8 17 18#include <linux/poll.h> 19#include <linux/sched.h> 20#include <linux/slab.h> 21#include <linux/vmalloc.h> 22#include <linux/mm.h> 23#include <linux/module.h> 24#include <linux/init.h> 25#include <linux/input/mt.h> 26#include <linux/major.h> 27#include <linux/device.h> 28#include <linux/cdev.h> 29#include "input-compat.h" 30 31enum evdev_clock_type { 32 EV_CLK_REAL = 0, 33 EV_CLK_MONO, 34 EV_CLK_BOOT, 35 EV_CLK_MAX 36}; 37 38struct evdev { 39 int open; 40 struct input_handle handle; 41 wait_queue_head_t wait; 42 struct evdev_client __rcu *grab; 43 struct list_head client_list; 44 spinlock_t client_lock; /* protects client_list */ 45 struct mutex mutex; 46 struct device dev; 47 struct cdev cdev; 48 bool exist; 49}; 50 51struct evdev_client { 52 unsigned int head; 53 unsigned int tail; 54 unsigned int packet_head; /* [future] position of the first element of next packet */ 55 spinlock_t buffer_lock; /* protects access to buffer, head and tail */ 56 struct fasync_struct *fasync; 57 struct evdev *evdev; 58 struct list_head node; 59 unsigned int clk_type; 60 bool revoked; 61 unsigned long *evmasks[EV_CNT]; 62 unsigned int bufsize; 63 struct input_event buffer[]; 64}; 65 66static size_t evdev_get_mask_cnt(unsigned int type) 67{ 68 static const size_t counts[EV_CNT] = { 69 /* EV_SYN==0 is EV_CNT, _not_ SYN_CNT, see EVIOCGBIT */ 70 [EV_SYN] = EV_CNT, 71 [EV_KEY] = KEY_CNT, 72 [EV_REL] = REL_CNT, 73 [EV_ABS] = ABS_CNT, 74 [EV_MSC] = MSC_CNT, 75 [EV_SW] = SW_CNT, 76 [EV_LED] = LED_CNT, 77 [EV_SND] = SND_CNT, 78 [EV_FF] = FF_CNT, 79 }; 80 81 return (type < EV_CNT) ? counts[type] : 0; 82} 83 84/* requires the buffer lock to be held */ 85static bool __evdev_is_filtered(struct evdev_client *client, 86 unsigned int type, 87 unsigned int code) 88{ 89 unsigned long *mask; 90 size_t cnt; 91 92 /* EV_SYN and unknown codes are never filtered */ 93 if (type == EV_SYN || type >= EV_CNT) 94 return false; 95 96 /* first test whether the type is filtered */ 97 mask = client->evmasks[0]; 98 if (mask && !test_bit(type, mask)) 99 return true; 100 101 /* unknown values are never filtered */ 102 cnt = evdev_get_mask_cnt(type); 103 if (!cnt || code >= cnt) 104 return false; 105 106 mask = client->evmasks[type]; 107 return mask && !test_bit(code, mask); 108} 109 110/* flush queued events of type @type, caller must hold client->buffer_lock */ 111static void __evdev_flush_queue(struct evdev_client *client, unsigned int type) 112{ 113 unsigned int i, head, num; 114 unsigned int mask = client->bufsize - 1; 115 bool is_report; 116 struct input_event *ev; 117 118 BUG_ON(type == EV_SYN); 119 120 head = client->tail; 121 client->packet_head = client->tail; 122 123 /* init to 1 so a leading SYN_REPORT will not be dropped */ 124 num = 1; 125 126 for (i = client->tail; i != client->head; i = (i + 1) & mask) { 127 ev = &client->buffer[i]; 128 is_report = ev->type == EV_SYN && ev->code == SYN_REPORT; 129 130 if (ev->type == type) { 131 /* drop matched entry */ 132 continue; 133 } else if (is_report && !num) { 134 /* drop empty SYN_REPORT groups */ 135 continue; 136 } else if (head != i) { 137 /* move entry to fill the gap */ 138 client->buffer[head].time = ev->time; 139 client->buffer[head].type = ev->type; 140 client->buffer[head].code = ev->code; 141 client->buffer[head].value = ev->value; 142 } 143 144 num++; 145 head = (head + 1) & mask; 146 147 if (is_report) { 148 num = 0; 149 client->packet_head = head; 150 } 151 } 152 153 client->head = head; 154} 155 156static void __evdev_queue_syn_dropped(struct evdev_client *client) 157{ 158 struct input_event ev; 159 ktime_t time; 160 161 time = client->clk_type == EV_CLK_REAL ? 162 ktime_get_real() : 163 client->clk_type == EV_CLK_MONO ? 164 ktime_get() : 165 ktime_get_boottime(); 166 167 ev.time = ktime_to_timeval(time); 168 ev.type = EV_SYN; 169 ev.code = SYN_DROPPED; 170 ev.value = 0; 171 172 client->buffer[client->head++] = ev; 173 client->head &= client->bufsize - 1; 174 175 if (unlikely(client->head == client->tail)) { 176 /* drop queue but keep our SYN_DROPPED event */ 177 client->tail = (client->head - 1) & (client->bufsize - 1); 178 client->packet_head = client->tail; 179 } 180} 181 182static void evdev_queue_syn_dropped(struct evdev_client *client) 183{ 184 unsigned long flags; 185 186 spin_lock_irqsave(&client->buffer_lock, flags); 187 __evdev_queue_syn_dropped(client); 188 spin_unlock_irqrestore(&client->buffer_lock, flags); 189} 190 191static int evdev_set_clk_type(struct evdev_client *client, unsigned int clkid) 192{ 193 unsigned long flags; 194 unsigned int clk_type; 195 196 switch (clkid) { 197 198 case CLOCK_REALTIME: 199 clk_type = EV_CLK_REAL; 200 break; 201 case CLOCK_MONOTONIC: 202 clk_type = EV_CLK_MONO; 203 break; 204 case CLOCK_BOOTTIME: 205 clk_type = EV_CLK_BOOT; 206 break; 207 default: 208 return -EINVAL; 209 } 210 211 if (client->clk_type != clk_type) { 212 client->clk_type = clk_type; 213 214 /* 215 * Flush pending events and queue SYN_DROPPED event, 216 * but only if the queue is not empty. 217 */ 218 spin_lock_irqsave(&client->buffer_lock, flags); 219 220 if (client->head != client->tail) { 221 client->packet_head = client->head = client->tail; 222 __evdev_queue_syn_dropped(client); 223 } 224 225 spin_unlock_irqrestore(&client->buffer_lock, flags); 226 } 227 228 return 0; 229} 230 231static void __pass_event(struct evdev_client *client, 232 const struct input_event *event) 233{ 234 client->buffer[client->head++] = *event; 235 client->head &= client->bufsize - 1; 236 237 if (unlikely(client->head == client->tail)) { 238 /* 239 * This effectively "drops" all unconsumed events, leaving 240 * EV_SYN/SYN_DROPPED plus the newest event in the queue. 241 */ 242 client->tail = (client->head - 2) & (client->bufsize - 1); 243 244 client->buffer[client->tail].time = event->time; 245 client->buffer[client->tail].type = EV_SYN; 246 client->buffer[client->tail].code = SYN_DROPPED; 247 client->buffer[client->tail].value = 0; 248 249 client->packet_head = client->tail; 250 } 251 252 if (event->type == EV_SYN && event->code == SYN_REPORT) { 253 client->packet_head = client->head; 254 kill_fasync(&client->fasync, SIGIO, POLL_IN); 255 } 256} 257 258static void evdev_pass_values(struct evdev_client *client, 259 const struct input_value *vals, unsigned int count, 260 ktime_t *ev_time) 261{ 262 struct evdev *evdev = client->evdev; 263 const struct input_value *v; 264 struct input_event event; 265 bool wakeup = false; 266 267 if (client->revoked) 268 return; 269 270 event.time = ktime_to_timeval(ev_time[client->clk_type]); 271 272 /* Interrupts are disabled, just acquire the lock. */ 273 spin_lock(&client->buffer_lock); 274 275 for (v = vals; v != vals + count; v++) { 276 if (__evdev_is_filtered(client, v->type, v->code)) 277 continue; 278 279 if (v->type == EV_SYN && v->code == SYN_REPORT) { 280 /* drop empty SYN_REPORT */ 281 if (client->packet_head == client->head) 282 continue; 283 284 wakeup = true; 285 } 286 287 event.type = v->type; 288 event.code = v->code; 289 event.value = v->value; 290 __pass_event(client, &event); 291 } 292 293 spin_unlock(&client->buffer_lock); 294 295 if (wakeup) 296 wake_up_interruptible(&evdev->wait); 297} 298 299/* 300 * Pass incoming events to all connected clients. 301 */ 302static void evdev_events(struct input_handle *handle, 303 const struct input_value *vals, unsigned int count) 304{ 305 struct evdev *evdev = handle->private; 306 struct evdev_client *client; 307 ktime_t ev_time[EV_CLK_MAX]; 308 309 ev_time[EV_CLK_MONO] = ktime_get(); 310 ev_time[EV_CLK_REAL] = ktime_mono_to_real(ev_time[EV_CLK_MONO]); 311 ev_time[EV_CLK_BOOT] = ktime_mono_to_any(ev_time[EV_CLK_MONO], 312 TK_OFFS_BOOT); 313 314 rcu_read_lock(); 315 316 client = rcu_dereference(evdev->grab); 317 318 if (client) 319 evdev_pass_values(client, vals, count, ev_time); 320 else 321 list_for_each_entry_rcu(client, &evdev->client_list, node) 322 evdev_pass_values(client, vals, count, ev_time); 323 324 rcu_read_unlock(); 325} 326 327/* 328 * Pass incoming event to all connected clients. 329 */ 330static void evdev_event(struct input_handle *handle, 331 unsigned int type, unsigned int code, int value) 332{ 333 struct input_value vals[] = { { type, code, value } }; 334 335 evdev_events(handle, vals, 1); 336} 337 338static int evdev_fasync(int fd, struct file *file, int on) 339{ 340 struct evdev_client *client = file->private_data; 341 342 return fasync_helper(fd, file, on, &client->fasync); 343} 344 345static int evdev_flush(struct file *file, fl_owner_t id) 346{ 347 struct evdev_client *client = file->private_data; 348 struct evdev *evdev = client->evdev; 349 350 mutex_lock(&evdev->mutex); 351 352 if (evdev->exist && !client->revoked) 353 input_flush_device(&evdev->handle, file); 354 355 mutex_unlock(&evdev->mutex); 356 return 0; 357} 358 359static void evdev_free(struct device *dev) 360{ 361 struct evdev *evdev = container_of(dev, struct evdev, dev); 362 363 input_put_device(evdev->handle.dev); 364 kfree(evdev); 365} 366 367/* 368 * Grabs an event device (along with underlying input device). 369 * This function is called with evdev->mutex taken. 370 */ 371static int evdev_grab(struct evdev *evdev, struct evdev_client *client) 372{ 373 int error; 374 375 if (evdev->grab) 376 return -EBUSY; 377 378 error = input_grab_device(&evdev->handle); 379 if (error) 380 return error; 381 382 rcu_assign_pointer(evdev->grab, client); 383 384 return 0; 385} 386 387static int evdev_ungrab(struct evdev *evdev, struct evdev_client *client) 388{ 389 struct evdev_client *grab = rcu_dereference_protected(evdev->grab, 390 lockdep_is_held(&evdev->mutex)); 391 392 if (grab != client) 393 return -EINVAL; 394 395 rcu_assign_pointer(evdev->grab, NULL); 396 synchronize_rcu(); 397 input_release_device(&evdev->handle); 398 399 return 0; 400} 401 402static void evdev_attach_client(struct evdev *evdev, 403 struct evdev_client *client) 404{ 405 spin_lock(&evdev->client_lock); 406 list_add_tail_rcu(&client->node, &evdev->client_list); 407 spin_unlock(&evdev->client_lock); 408} 409 410static void evdev_detach_client(struct evdev *evdev, 411 struct evdev_client *client) 412{ 413 spin_lock(&evdev->client_lock); 414 list_del_rcu(&client->node); 415 spin_unlock(&evdev->client_lock); 416 synchronize_rcu(); 417} 418 419static int evdev_open_device(struct evdev *evdev) 420{ 421 int retval; 422 423 retval = mutex_lock_interruptible(&evdev->mutex); 424 if (retval) 425 return retval; 426 427 if (!evdev->exist) 428 retval = -ENODEV; 429 else if (!evdev->open++) { 430 retval = input_open_device(&evdev->handle); 431 if (retval) 432 evdev->open--; 433 } 434 435 mutex_unlock(&evdev->mutex); 436 return retval; 437} 438 439static void evdev_close_device(struct evdev *evdev) 440{ 441 mutex_lock(&evdev->mutex); 442 443 if (evdev->exist && !--evdev->open) 444 input_close_device(&evdev->handle); 445 446 mutex_unlock(&evdev->mutex); 447} 448 449/* 450 * Wake up users waiting for IO so they can disconnect from 451 * dead device. 452 */ 453static void evdev_hangup(struct evdev *evdev) 454{ 455 struct evdev_client *client; 456 457 spin_lock(&evdev->client_lock); 458 list_for_each_entry(client, &evdev->client_list, node) 459 kill_fasync(&client->fasync, SIGIO, POLL_HUP); 460 spin_unlock(&evdev->client_lock); 461 462 wake_up_interruptible(&evdev->wait); 463} 464 465static int evdev_release(struct inode *inode, struct file *file) 466{ 467 struct evdev_client *client = file->private_data; 468 struct evdev *evdev = client->evdev; 469 unsigned int i; 470 471 mutex_lock(&evdev->mutex); 472 evdev_ungrab(evdev, client); 473 mutex_unlock(&evdev->mutex); 474 475 evdev_detach_client(evdev, client); 476 477 for (i = 0; i < EV_CNT; ++i) 478 kfree(client->evmasks[i]); 479 480 kvfree(client); 481 482 evdev_close_device(evdev); 483 484 return 0; 485} 486 487static unsigned int evdev_compute_buffer_size(struct input_dev *dev) 488{ 489 unsigned int n_events = 490 max(dev->hint_events_per_packet * EVDEV_BUF_PACKETS, 491 EVDEV_MIN_BUFFER_SIZE); 492 493 return roundup_pow_of_two(n_events); 494} 495 496static int evdev_open(struct inode *inode, struct file *file) 497{ 498 struct evdev *evdev = container_of(inode->i_cdev, struct evdev, cdev); 499 unsigned int bufsize = evdev_compute_buffer_size(evdev->handle.dev); 500 unsigned int size = sizeof(struct evdev_client) + 501 bufsize * sizeof(struct input_event); 502 struct evdev_client *client; 503 int error; 504 505 client = kzalloc(size, GFP_KERNEL | __GFP_NOWARN); 506 if (!client) 507 client = vzalloc(size); 508 if (!client) 509 return -ENOMEM; 510 511 client->bufsize = bufsize; 512 spin_lock_init(&client->buffer_lock); 513 client->evdev = evdev; 514 evdev_attach_client(evdev, client); 515 516 error = evdev_open_device(evdev); 517 if (error) 518 goto err_free_client; 519 520 file->private_data = client; 521 nonseekable_open(inode, file); 522 523 return 0; 524 525 err_free_client: 526 evdev_detach_client(evdev, client); 527 kvfree(client); 528 return error; 529} 530 531static ssize_t evdev_write(struct file *file, const char __user *buffer, 532 size_t count, loff_t *ppos) 533{ 534 struct evdev_client *client = file->private_data; 535 struct evdev *evdev = client->evdev; 536 struct input_event event; 537 int retval = 0; 538 539 if (count != 0 && count < input_event_size()) 540 return -EINVAL; 541 542 retval = mutex_lock_interruptible(&evdev->mutex); 543 if (retval) 544 return retval; 545 546 if (!evdev->exist || client->revoked) { 547 retval = -ENODEV; 548 goto out; 549 } 550 551 while (retval + input_event_size() <= count) { 552 553 if (input_event_from_user(buffer + retval, &event)) { 554 retval = -EFAULT; 555 goto out; 556 } 557 retval += input_event_size(); 558 559 input_inject_event(&evdev->handle, 560 event.type, event.code, event.value); 561 } 562 563 out: 564 mutex_unlock(&evdev->mutex); 565 return retval; 566} 567 568static int evdev_fetch_next_event(struct evdev_client *client, 569 struct input_event *event) 570{ 571 int have_event; 572 573 spin_lock_irq(&client->buffer_lock); 574 575 have_event = client->packet_head != client->tail; 576 if (have_event) { 577 *event = client->buffer[client->tail++]; 578 client->tail &= client->bufsize - 1; 579 } 580 581 spin_unlock_irq(&client->buffer_lock); 582 583 return have_event; 584} 585 586static ssize_t evdev_read(struct file *file, char __user *buffer, 587 size_t count, loff_t *ppos) 588{ 589 struct evdev_client *client = file->private_data; 590 struct evdev *evdev = client->evdev; 591 struct input_event event; 592 size_t read = 0; 593 int error; 594 595 if (count != 0 && count < input_event_size()) 596 return -EINVAL; 597 598 for (;;) { 599 if (!evdev->exist || client->revoked) 600 return -ENODEV; 601 602 if (client->packet_head == client->tail && 603 (file->f_flags & O_NONBLOCK)) 604 return -EAGAIN; 605 606 /* 607 * count == 0 is special - no IO is done but we check 608 * for error conditions (see above). 609 */ 610 if (count == 0) 611 break; 612 613 while (read + input_event_size() <= count && 614 evdev_fetch_next_event(client, &event)) { 615 616 if (input_event_to_user(buffer + read, &event)) 617 return -EFAULT; 618 619 read += input_event_size(); 620 } 621 622 if (read) 623 break; 624 625 if (!(file->f_flags & O_NONBLOCK)) { 626 error = wait_event_interruptible(evdev->wait, 627 client->packet_head != client->tail || 628 !evdev->exist || client->revoked); 629 if (error) 630 return error; 631 } 632 } 633 634 return read; 635} 636 637/* No kernel lock - fine */ 638static unsigned int evdev_poll(struct file *file, poll_table *wait) 639{ 640 struct evdev_client *client = file->private_data; 641 struct evdev *evdev = client->evdev; 642 unsigned int mask; 643 644 poll_wait(file, &evdev->wait, wait); 645 646 if (evdev->exist && !client->revoked) 647 mask = POLLOUT | POLLWRNORM; 648 else 649 mask = POLLHUP | POLLERR; 650 651 if (client->packet_head != client->tail) 652 mask |= POLLIN | POLLRDNORM; 653 654 return mask; 655} 656 657#ifdef CONFIG_COMPAT 658 659#define BITS_PER_LONG_COMPAT (sizeof(compat_long_t) * 8) 660#define BITS_TO_LONGS_COMPAT(x) ((((x) - 1) / BITS_PER_LONG_COMPAT) + 1) 661 662#ifdef __BIG_ENDIAN 663static int bits_to_user(unsigned long *bits, unsigned int maxbit, 664 unsigned int maxlen, void __user *p, int compat) 665{ 666 int len, i; 667 668 if (compat) { 669 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t); 670 if (len > maxlen) 671 len = maxlen; 672 673 for (i = 0; i < len / sizeof(compat_long_t); i++) 674 if (copy_to_user((compat_long_t __user *) p + i, 675 (compat_long_t *) bits + 676 i + 1 - ((i % 2) << 1), 677 sizeof(compat_long_t))) 678 return -EFAULT; 679 } else { 680 len = BITS_TO_LONGS(maxbit) * sizeof(long); 681 if (len > maxlen) 682 len = maxlen; 683 684 if (copy_to_user(p, bits, len)) 685 return -EFAULT; 686 } 687 688 return len; 689} 690 691static int bits_from_user(unsigned long *bits, unsigned int maxbit, 692 unsigned int maxlen, const void __user *p, int compat) 693{ 694 int len, i; 695 696 if (compat) { 697 if (maxlen % sizeof(compat_long_t)) 698 return -EINVAL; 699 700 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t); 701 if (len > maxlen) 702 len = maxlen; 703 704 for (i = 0; i < len / sizeof(compat_long_t); i++) 705 if (copy_from_user((compat_long_t *) bits + 706 i + 1 - ((i % 2) << 1), 707 (compat_long_t __user *) p + i, 708 sizeof(compat_long_t))) 709 return -EFAULT; 710 if (i % 2) 711 *((compat_long_t *) bits + i - 1) = 0; 712 713 } else { 714 if (maxlen % sizeof(long)) 715 return -EINVAL; 716 717 len = BITS_TO_LONGS(maxbit) * sizeof(long); 718 if (len > maxlen) 719 len = maxlen; 720 721 if (copy_from_user(bits, p, len)) 722 return -EFAULT; 723 } 724 725 return len; 726} 727 728#else 729 730static int bits_to_user(unsigned long *bits, unsigned int maxbit, 731 unsigned int maxlen, void __user *p, int compat) 732{ 733 int len = compat ? 734 BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t) : 735 BITS_TO_LONGS(maxbit) * sizeof(long); 736 737 if (len > maxlen) 738 len = maxlen; 739 740 return copy_to_user(p, bits, len) ? -EFAULT : len; 741} 742 743static int bits_from_user(unsigned long *bits, unsigned int maxbit, 744 unsigned int maxlen, const void __user *p, int compat) 745{ 746 size_t chunk_size = compat ? sizeof(compat_long_t) : sizeof(long); 747 int len; 748 749 if (maxlen % chunk_size) 750 return -EINVAL; 751 752 len = compat ? BITS_TO_LONGS_COMPAT(maxbit) : BITS_TO_LONGS(maxbit); 753 len *= chunk_size; 754 if (len > maxlen) 755 len = maxlen; 756 757 return copy_from_user(bits, p, len) ? -EFAULT : len; 758} 759 760#endif /* __BIG_ENDIAN */ 761 762#else 763 764static int bits_to_user(unsigned long *bits, unsigned int maxbit, 765 unsigned int maxlen, void __user *p, int compat) 766{ 767 int len = BITS_TO_LONGS(maxbit) * sizeof(long); 768 769 if (len > maxlen) 770 len = maxlen; 771 772 return copy_to_user(p, bits, len) ? -EFAULT : len; 773} 774 775static int bits_from_user(unsigned long *bits, unsigned int maxbit, 776 unsigned int maxlen, const void __user *p, int compat) 777{ 778 int len; 779 780 if (maxlen % sizeof(long)) 781 return -EINVAL; 782 783 len = BITS_TO_LONGS(maxbit) * sizeof(long); 784 if (len > maxlen) 785 len = maxlen; 786 787 return copy_from_user(bits, p, len) ? -EFAULT : len; 788} 789 790#endif /* CONFIG_COMPAT */ 791 792static int str_to_user(const char *str, unsigned int maxlen, void __user *p) 793{ 794 int len; 795 796 if (!str) 797 return -ENOENT; 798 799 len = strlen(str) + 1; 800 if (len > maxlen) 801 len = maxlen; 802 803 return copy_to_user(p, str, len) ? -EFAULT : len; 804} 805 806static int handle_eviocgbit(struct input_dev *dev, 807 unsigned int type, unsigned int size, 808 void __user *p, int compat_mode) 809{ 810 unsigned long *bits; 811 int len; 812 813 switch (type) { 814 815 case 0: bits = dev->evbit; len = EV_MAX; break; 816 case EV_KEY: bits = dev->keybit; len = KEY_MAX; break; 817 case EV_REL: bits = dev->relbit; len = REL_MAX; break; 818 case EV_ABS: bits = dev->absbit; len = ABS_MAX; break; 819 case EV_MSC: bits = dev->mscbit; len = MSC_MAX; break; 820 case EV_LED: bits = dev->ledbit; len = LED_MAX; break; 821 case EV_SND: bits = dev->sndbit; len = SND_MAX; break; 822 case EV_FF: bits = dev->ffbit; len = FF_MAX; break; 823 case EV_SW: bits = dev->swbit; len = SW_MAX; break; 824 default: return -EINVAL; 825 } 826 827 return bits_to_user(bits, len, size, p, compat_mode); 828} 829 830static int evdev_handle_get_keycode(struct input_dev *dev, void __user *p) 831{ 832 struct input_keymap_entry ke = { 833 .len = sizeof(unsigned int), 834 .flags = 0, 835 }; 836 int __user *ip = (int __user *)p; 837 int error; 838 839 /* legacy case */ 840 if (copy_from_user(ke.scancode, p, sizeof(unsigned int))) 841 return -EFAULT; 842 843 error = input_get_keycode(dev, &ke); 844 if (error) 845 return error; 846 847 if (put_user(ke.keycode, ip + 1)) 848 return -EFAULT; 849 850 return 0; 851} 852 853static int evdev_handle_get_keycode_v2(struct input_dev *dev, void __user *p) 854{ 855 struct input_keymap_entry ke; 856 int error; 857 858 if (copy_from_user(&ke, p, sizeof(ke))) 859 return -EFAULT; 860 861 error = input_get_keycode(dev, &ke); 862 if (error) 863 return error; 864 865 if (copy_to_user(p, &ke, sizeof(ke))) 866 return -EFAULT; 867 868 return 0; 869} 870 871static int evdev_handle_set_keycode(struct input_dev *dev, void __user *p) 872{ 873 struct input_keymap_entry ke = { 874 .len = sizeof(unsigned int), 875 .flags = 0, 876 }; 877 int __user *ip = (int __user *)p; 878 879 if (copy_from_user(ke.scancode, p, sizeof(unsigned int))) 880 return -EFAULT; 881 882 if (get_user(ke.keycode, ip + 1)) 883 return -EFAULT; 884 885 return input_set_keycode(dev, &ke); 886} 887 888static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p) 889{ 890 struct input_keymap_entry ke; 891 892 if (copy_from_user(&ke, p, sizeof(ke))) 893 return -EFAULT; 894 895 if (ke.len > sizeof(ke.scancode)) 896 return -EINVAL; 897 898 return input_set_keycode(dev, &ke); 899} 900 901/* 902 * If we transfer state to the user, we should flush all pending events 903 * of the same type from the client's queue. Otherwise, they might end up 904 * with duplicate events, which can screw up client's state tracking. 905 * If bits_to_user fails after flushing the queue, we queue a SYN_DROPPED 906 * event so user-space will notice missing events. 907 * 908 * LOCKING: 909 * We need to take event_lock before buffer_lock to avoid dead-locks. But we 910 * need the even_lock only to guarantee consistent state. We can safely release 911 * it while flushing the queue. This allows input-core to handle filters while 912 * we flush the queue. 913 */ 914static int evdev_handle_get_val(struct evdev_client *client, 915 struct input_dev *dev, unsigned int type, 916 unsigned long *bits, unsigned int maxbit, 917 unsigned int maxlen, void __user *p, 918 int compat) 919{ 920 int ret; 921 unsigned long *mem; 922 size_t len; 923 924 len = BITS_TO_LONGS(maxbit) * sizeof(unsigned long); 925 mem = kmalloc(len, GFP_KERNEL); 926 if (!mem) 927 return -ENOMEM; 928 929 spin_lock_irq(&dev->event_lock); 930 spin_lock(&client->buffer_lock); 931 932 memcpy(mem, bits, len); 933 934 spin_unlock(&dev->event_lock); 935 936 __evdev_flush_queue(client, type); 937 938 spin_unlock_irq(&client->buffer_lock); 939 940 ret = bits_to_user(mem, maxbit, maxlen, p, compat); 941 if (ret < 0) 942 evdev_queue_syn_dropped(client); 943 944 kfree(mem); 945 946 return ret; 947} 948 949static int evdev_handle_mt_request(struct input_dev *dev, 950 unsigned int size, 951 int __user *ip) 952{ 953 const struct input_mt *mt = dev->mt; 954 unsigned int code; 955 int max_slots; 956 int i; 957 958 if (get_user(code, &ip[0])) 959 return -EFAULT; 960 if (!mt || !input_is_mt_value(code)) 961 return -EINVAL; 962 963 max_slots = (size - sizeof(__u32)) / sizeof(__s32); 964 for (i = 0; i < mt->num_slots && i < max_slots; i++) { 965 int value = input_mt_get_value(&mt->slots[i], code); 966 if (put_user(value, &ip[1 + i])) 967 return -EFAULT; 968 } 969 970 return 0; 971} 972 973static int evdev_revoke(struct evdev *evdev, struct evdev_client *client, 974 struct file *file) 975{ 976 client->revoked = true; 977 evdev_ungrab(evdev, client); 978 input_flush_device(&evdev->handle, file); 979 wake_up_interruptible(&evdev->wait); 980 981 return 0; 982} 983 984/* must be called with evdev-mutex held */ 985static int evdev_set_mask(struct evdev_client *client, 986 unsigned int type, 987 const void __user *codes, 988 u32 codes_size, 989 int compat) 990{ 991 unsigned long flags, *mask, *oldmask; 992 size_t cnt; 993 int error; 994 995 /* we allow unknown types and 'codes_size > size' for forward-compat */ 996 cnt = evdev_get_mask_cnt(type); 997 if (!cnt) 998 return 0; 999 1000 mask = kcalloc(sizeof(unsigned long), BITS_TO_LONGS(cnt), GFP_KERNEL); 1001 if (!mask) 1002 return -ENOMEM; 1003 1004 error = bits_from_user(mask, cnt - 1, codes_size, codes, compat); 1005 if (error < 0) { 1006 kfree(mask); 1007 return error; 1008 } 1009 1010 spin_lock_irqsave(&client->buffer_lock, flags); 1011 oldmask = client->evmasks[type]; 1012 client->evmasks[type] = mask; 1013 spin_unlock_irqrestore(&client->buffer_lock, flags); 1014 1015 kfree(oldmask); 1016 1017 return 0; 1018} 1019 1020/* must be called with evdev-mutex held */ 1021static int evdev_get_mask(struct evdev_client *client, 1022 unsigned int type, 1023 void __user *codes, 1024 u32 codes_size, 1025 int compat) 1026{ 1027 unsigned long *mask; 1028 size_t cnt, size, xfer_size; 1029 int i; 1030 int error; 1031 1032 /* we allow unknown types and 'codes_size > size' for forward-compat */ 1033 cnt = evdev_get_mask_cnt(type); 1034 size = sizeof(unsigned long) * BITS_TO_LONGS(cnt); 1035 xfer_size = min_t(size_t, codes_size, size); 1036 1037 if (cnt > 0) { 1038 mask = client->evmasks[type]; 1039 if (mask) { 1040 error = bits_to_user(mask, cnt - 1, 1041 xfer_size, codes, compat); 1042 if (error < 0) 1043 return error; 1044 } else { 1045 /* fake mask with all bits set */ 1046 for (i = 0; i < xfer_size; i++) 1047 if (put_user(0xffU, (u8 __user *)codes + i)) 1048 return -EFAULT; 1049 } 1050 } 1051 1052 if (xfer_size < codes_size) 1053 if (clear_user(codes + xfer_size, codes_size - xfer_size)) 1054 return -EFAULT; 1055 1056 return 0; 1057} 1058 1059static long evdev_do_ioctl(struct file *file, unsigned int cmd, 1060 void __user *p, int compat_mode) 1061{ 1062 struct evdev_client *client = file->private_data; 1063 struct evdev *evdev = client->evdev; 1064 struct input_dev *dev = evdev->handle.dev; 1065 struct input_absinfo abs; 1066 struct input_mask mask; 1067 struct ff_effect effect; 1068 int __user *ip = (int __user *)p; 1069 unsigned int i, t, u, v; 1070 unsigned int size; 1071 int error; 1072 1073 /* First we check for fixed-length commands */ 1074 switch (cmd) { 1075 1076 case EVIOCGVERSION: 1077 return put_user(EV_VERSION, ip); 1078 1079 case EVIOCGID: 1080 if (copy_to_user(p, &dev->id, sizeof(struct input_id))) 1081 return -EFAULT; 1082 return 0; 1083 1084 case EVIOCGREP: 1085 if (!test_bit(EV_REP, dev->evbit)) 1086 return -ENOSYS; 1087 if (put_user(dev->rep[REP_DELAY], ip)) 1088 return -EFAULT; 1089 if (put_user(dev->rep[REP_PERIOD], ip + 1)) 1090 return -EFAULT; 1091 return 0; 1092 1093 case EVIOCSREP: 1094 if (!test_bit(EV_REP, dev->evbit)) 1095 return -ENOSYS; 1096 if (get_user(u, ip)) 1097 return -EFAULT; 1098 if (get_user(v, ip + 1)) 1099 return -EFAULT; 1100 1101 input_inject_event(&evdev->handle, EV_REP, REP_DELAY, u); 1102 input_inject_event(&evdev->handle, EV_REP, REP_PERIOD, v); 1103 1104 return 0; 1105 1106 case EVIOCRMFF: 1107 return input_ff_erase(dev, (int)(unsigned long) p, file); 1108 1109 case EVIOCGEFFECTS: 1110 i = test_bit(EV_FF, dev->evbit) ? 1111 dev->ff->max_effects : 0; 1112 if (put_user(i, ip)) 1113 return -EFAULT; 1114 return 0; 1115 1116 case EVIOCGRAB: 1117 if (p) 1118 return evdev_grab(evdev, client); 1119 else 1120 return evdev_ungrab(evdev, client); 1121 1122 case EVIOCREVOKE: 1123 if (p) 1124 return -EINVAL; 1125 else 1126 return evdev_revoke(evdev, client, file); 1127 1128 case EVIOCGMASK: { 1129 void __user *codes_ptr; 1130 1131 if (copy_from_user(&mask, p, sizeof(mask))) 1132 return -EFAULT; 1133 1134 codes_ptr = (void __user *)(unsigned long)mask.codes_ptr; 1135 return evdev_get_mask(client, 1136 mask.type, codes_ptr, mask.codes_size, 1137 compat_mode); 1138 } 1139 1140 case EVIOCSMASK: { 1141 const void __user *codes_ptr; 1142 1143 if (copy_from_user(&mask, p, sizeof(mask))) 1144 return -EFAULT; 1145 1146 codes_ptr = (const void __user *)(unsigned long)mask.codes_ptr; 1147 return evdev_set_mask(client, 1148 mask.type, codes_ptr, mask.codes_size, 1149 compat_mode); 1150 } 1151 1152 case EVIOCSCLOCKID: 1153 if (copy_from_user(&i, p, sizeof(unsigned int))) 1154 return -EFAULT; 1155 1156 return evdev_set_clk_type(client, i); 1157 1158 case EVIOCGKEYCODE: 1159 return evdev_handle_get_keycode(dev, p); 1160 1161 case EVIOCSKEYCODE: 1162 return evdev_handle_set_keycode(dev, p); 1163 1164 case EVIOCGKEYCODE_V2: 1165 return evdev_handle_get_keycode_v2(dev, p); 1166 1167 case EVIOCSKEYCODE_V2: 1168 return evdev_handle_set_keycode_v2(dev, p); 1169 } 1170 1171 size = _IOC_SIZE(cmd); 1172 1173 /* Now check variable-length commands */ 1174#define EVIOC_MASK_SIZE(nr) ((nr) & ~(_IOC_SIZEMASK << _IOC_SIZESHIFT)) 1175 switch (EVIOC_MASK_SIZE(cmd)) { 1176 1177 case EVIOCGPROP(0): 1178 return bits_to_user(dev->propbit, INPUT_PROP_MAX, 1179 size, p, compat_mode); 1180 1181 case EVIOCGMTSLOTS(0): 1182 return evdev_handle_mt_request(dev, size, ip); 1183 1184 case EVIOCGKEY(0): 1185 return evdev_handle_get_val(client, dev, EV_KEY, dev->key, 1186 KEY_MAX, size, p, compat_mode); 1187 1188 case EVIOCGLED(0): 1189 return evdev_handle_get_val(client, dev, EV_LED, dev->led, 1190 LED_MAX, size, p, compat_mode); 1191 1192 case EVIOCGSND(0): 1193 return evdev_handle_get_val(client, dev, EV_SND, dev->snd, 1194 SND_MAX, size, p, compat_mode); 1195 1196 case EVIOCGSW(0): 1197 return evdev_handle_get_val(client, dev, EV_SW, dev->sw, 1198 SW_MAX, size, p, compat_mode); 1199 1200 case EVIOCGNAME(0): 1201 return str_to_user(dev->name, size, p); 1202 1203 case EVIOCGPHYS(0): 1204 return str_to_user(dev->phys, size, p); 1205 1206 case EVIOCGUNIQ(0): 1207 return str_to_user(dev->uniq, size, p); 1208 1209 case EVIOC_MASK_SIZE(EVIOCSFF): 1210 if (input_ff_effect_from_user(p, size, &effect)) 1211 return -EFAULT; 1212 1213 error = input_ff_upload(dev, &effect, file); 1214 if (error) 1215 return error; 1216 1217 if (put_user(effect.id, &(((struct ff_effect __user *)p)->id))) 1218 return -EFAULT; 1219 1220 return 0; 1221 } 1222 1223 /* Multi-number variable-length handlers */ 1224 if (_IOC_TYPE(cmd) != 'E') 1225 return -EINVAL; 1226 1227 if (_IOC_DIR(cmd) == _IOC_READ) { 1228 1229 if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0, 0))) 1230 return handle_eviocgbit(dev, 1231 _IOC_NR(cmd) & EV_MAX, size, 1232 p, compat_mode); 1233 1234 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) { 1235 1236 if (!dev->absinfo) 1237 return -EINVAL; 1238 1239 t = _IOC_NR(cmd) & ABS_MAX; 1240 abs = dev->absinfo[t]; 1241 1242 if (copy_to_user(p, &abs, min_t(size_t, 1243 size, sizeof(struct input_absinfo)))) 1244 return -EFAULT; 1245 1246 return 0; 1247 } 1248 } 1249 1250 if (_IOC_DIR(cmd) == _IOC_WRITE) { 1251 1252 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) { 1253 1254 if (!dev->absinfo) 1255 return -EINVAL; 1256 1257 t = _IOC_NR(cmd) & ABS_MAX; 1258 1259 if (copy_from_user(&abs, p, min_t(size_t, 1260 size, sizeof(struct input_absinfo)))) 1261 return -EFAULT; 1262 1263 if (size < sizeof(struct input_absinfo)) 1264 abs.resolution = 0; 1265 1266 /* We can't change number of reserved MT slots */ 1267 if (t == ABS_MT_SLOT) 1268 return -EINVAL; 1269 1270 /* 1271 * Take event lock to ensure that we are not 1272 * changing device parameters in the middle 1273 * of event. 1274 */ 1275 spin_lock_irq(&dev->event_lock); 1276 dev->absinfo[t] = abs; 1277 spin_unlock_irq(&dev->event_lock); 1278 1279 return 0; 1280 } 1281 } 1282 1283 return -EINVAL; 1284} 1285 1286static long evdev_ioctl_handler(struct file *file, unsigned int cmd, 1287 void __user *p, int compat_mode) 1288{ 1289 struct evdev_client *client = file->private_data; 1290 struct evdev *evdev = client->evdev; 1291 int retval; 1292 1293 retval = mutex_lock_interruptible(&evdev->mutex); 1294 if (retval) 1295 return retval; 1296 1297 if (!evdev->exist || client->revoked) { 1298 retval = -ENODEV; 1299 goto out; 1300 } 1301 1302 retval = evdev_do_ioctl(file, cmd, p, compat_mode); 1303 1304 out: 1305 mutex_unlock(&evdev->mutex); 1306 return retval; 1307} 1308 1309static long evdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1310{ 1311 return evdev_ioctl_handler(file, cmd, (void __user *)arg, 0); 1312} 1313 1314#ifdef CONFIG_COMPAT 1315static long evdev_ioctl_compat(struct file *file, 1316 unsigned int cmd, unsigned long arg) 1317{ 1318 return evdev_ioctl_handler(file, cmd, compat_ptr(arg), 1); 1319} 1320#endif 1321 1322static const struct file_operations evdev_fops = { 1323 .owner = THIS_MODULE, 1324 .read = evdev_read, 1325 .write = evdev_write, 1326 .poll = evdev_poll, 1327 .open = evdev_open, 1328 .release = evdev_release, 1329 .unlocked_ioctl = evdev_ioctl, 1330#ifdef CONFIG_COMPAT 1331 .compat_ioctl = evdev_ioctl_compat, 1332#endif 1333 .fasync = evdev_fasync, 1334 .flush = evdev_flush, 1335 .llseek = no_llseek, 1336}; 1337 1338/* 1339 * Mark device non-existent. This disables writes, ioctls and 1340 * prevents new users from opening the device. Already posted 1341 * blocking reads will stay, however new ones will fail. 1342 */ 1343static void evdev_mark_dead(struct evdev *evdev) 1344{ 1345 mutex_lock(&evdev->mutex); 1346 evdev->exist = false; 1347 mutex_unlock(&evdev->mutex); 1348} 1349 1350static void evdev_cleanup(struct evdev *evdev) 1351{ 1352 struct input_handle *handle = &evdev->handle; 1353 1354 evdev_mark_dead(evdev); 1355 evdev_hangup(evdev); 1356 1357 cdev_del(&evdev->cdev); 1358 1359 /* evdev is marked dead so no one else accesses evdev->open */ 1360 if (evdev->open) { 1361 input_flush_device(handle, NULL); 1362 input_close_device(handle); 1363 } 1364} 1365 1366/* 1367 * Create new evdev device. Note that input core serializes calls 1368 * to connect and disconnect. 1369 */ 1370static int evdev_connect(struct input_handler *handler, struct input_dev *dev, 1371 const struct input_device_id *id) 1372{ 1373 struct evdev *evdev; 1374 int minor; 1375 int dev_no; 1376 int error; 1377 1378 minor = input_get_new_minor(EVDEV_MINOR_BASE, EVDEV_MINORS, true); 1379 if (minor < 0) { 1380 error = minor; 1381 pr_err("failed to reserve new minor: %d\n", error); 1382 return error; 1383 } 1384 1385 evdev = kzalloc(sizeof(struct evdev), GFP_KERNEL); 1386 if (!evdev) { 1387 error = -ENOMEM; 1388 goto err_free_minor; 1389 } 1390 1391 INIT_LIST_HEAD(&evdev->client_list); 1392 spin_lock_init(&evdev->client_lock); 1393 mutex_init(&evdev->mutex); 1394 init_waitqueue_head(&evdev->wait); 1395 evdev->exist = true; 1396 1397 dev_no = minor; 1398 /* Normalize device number if it falls into legacy range */ 1399 if (dev_no < EVDEV_MINOR_BASE + EVDEV_MINORS) 1400 dev_no -= EVDEV_MINOR_BASE; 1401 dev_set_name(&evdev->dev, "event%d", dev_no); 1402 1403 evdev->handle.dev = input_get_device(dev); 1404 evdev->handle.name = dev_name(&evdev->dev); 1405 evdev->handle.handler = handler; 1406 evdev->handle.private = evdev; 1407 1408 evdev->dev.devt = MKDEV(INPUT_MAJOR, minor); 1409 evdev->dev.class = &input_class; 1410 evdev->dev.parent = &dev->dev; 1411 evdev->dev.release = evdev_free; 1412 device_initialize(&evdev->dev); 1413 1414 error = input_register_handle(&evdev->handle); 1415 if (error) 1416 goto err_free_evdev; 1417 1418 cdev_init(&evdev->cdev, &evdev_fops); 1419 evdev->cdev.kobj.parent = &evdev->dev.kobj; 1420 error = cdev_add(&evdev->cdev, evdev->dev.devt, 1); 1421 if (error) 1422 goto err_unregister_handle; 1423 1424 error = device_add(&evdev->dev); 1425 if (error) 1426 goto err_cleanup_evdev; 1427 1428 return 0; 1429 1430 err_cleanup_evdev: 1431 evdev_cleanup(evdev); 1432 err_unregister_handle: 1433 input_unregister_handle(&evdev->handle); 1434 err_free_evdev: 1435 put_device(&evdev->dev); 1436 err_free_minor: 1437 input_free_minor(minor); 1438 return error; 1439} 1440 1441static void evdev_disconnect(struct input_handle *handle) 1442{ 1443 struct evdev *evdev = handle->private; 1444 1445 device_del(&evdev->dev); 1446 evdev_cleanup(evdev); 1447 input_free_minor(MINOR(evdev->dev.devt)); 1448 input_unregister_handle(handle); 1449 put_device(&evdev->dev); 1450} 1451 1452static const struct input_device_id evdev_ids[] = { 1453 { .driver_info = 1 }, /* Matches all devices */ 1454 { }, /* Terminating zero entry */ 1455}; 1456 1457MODULE_DEVICE_TABLE(input, evdev_ids); 1458 1459static struct input_handler evdev_handler = { 1460 .event = evdev_event, 1461 .events = evdev_events, 1462 .connect = evdev_connect, 1463 .disconnect = evdev_disconnect, 1464 .legacy_minors = true, 1465 .minor = EVDEV_MINOR_BASE, 1466 .name = "evdev", 1467 .id_table = evdev_ids, 1468}; 1469 1470static int __init evdev_init(void) 1471{ 1472 return input_register_handler(&evdev_handler); 1473} 1474 1475static void __exit evdev_exit(void) 1476{ 1477 input_unregister_handler(&evdev_handler); 1478} 1479 1480module_init(evdev_init); 1481module_exit(evdev_exit); 1482 1483MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>"); 1484MODULE_DESCRIPTION("Input driver event char devices"); 1485MODULE_LICENSE("GPL"); 1486