This source file includes following definitions.
- uinput_dev_event
- uinput_request_alloc_id
- uinput_request_find
- uinput_request_reserve_slot
- uinput_request_release_slot
- uinput_request_send
- uinput_request_submit
- uinput_flush_requests
- uinput_dev_set_gain
- uinput_dev_set_autocenter
- uinput_dev_playback
- uinput_dev_upload_effect
- uinput_dev_erase_effect
- uinput_dev_flush
- uinput_destroy_device
- uinput_create_device
- uinput_open
- uinput_validate_absinfo
- uinput_validate_absbits
- uinput_dev_setup
- uinput_abs_setup
- uinput_setup_device_legacy
- uinput_inject_events
- uinput_write
- uinput_fetch_next_event
- uinput_events_to_user
- uinput_read
- uinput_poll
- uinput_release
- uinput_ff_upload_to_user
- uinput_ff_upload_from_user
- uinput_ff_upload_to_user
- uinput_ff_upload_from_user
- uinput_str_to_user
- uinput_ioctl_handler
- uinput_ioctl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 #include <uapi/linux/uinput.h>
22 #include <linux/poll.h>
23 #include <linux/sched.h>
24 #include <linux/slab.h>
25 #include <linux/module.h>
26 #include <linux/init.h>
27 #include <linux/fs.h>
28 #include <linux/miscdevice.h>
29 #include <linux/overflow.h>
30 #include <linux/input/mt.h>
31 #include "../input-compat.h"
32
33 #define UINPUT_NAME "uinput"
34 #define UINPUT_BUFFER_SIZE 16
35 #define UINPUT_NUM_REQUESTS 16
36
37 enum uinput_state { UIST_NEW_DEVICE, UIST_SETUP_COMPLETE, UIST_CREATED };
38
39 struct uinput_request {
40 unsigned int id;
41 unsigned int code;
42
43 int retval;
44 struct completion done;
45
46 union {
47 unsigned int effect_id;
48 struct {
49 struct ff_effect *effect;
50 struct ff_effect *old;
51 } upload;
52 } u;
53 };
54
55 struct uinput_device {
56 struct input_dev *dev;
57 struct mutex mutex;
58 enum uinput_state state;
59 wait_queue_head_t waitq;
60 unsigned char ready;
61 unsigned char head;
62 unsigned char tail;
63 struct input_event buff[UINPUT_BUFFER_SIZE];
64 unsigned int ff_effects_max;
65
66 struct uinput_request *requests[UINPUT_NUM_REQUESTS];
67 wait_queue_head_t requests_waitq;
68 spinlock_t requests_lock;
69 };
70
71 static int uinput_dev_event(struct input_dev *dev,
72 unsigned int type, unsigned int code, int value)
73 {
74 struct uinput_device *udev = input_get_drvdata(dev);
75 struct timespec64 ts;
76
77 ktime_get_ts64(&ts);
78
79 udev->buff[udev->head] = (struct input_event) {
80 .input_event_sec = ts.tv_sec,
81 .input_event_usec = ts.tv_nsec / NSEC_PER_USEC,
82 .type = type,
83 .code = code,
84 .value = value,
85 };
86
87 udev->head = (udev->head + 1) % UINPUT_BUFFER_SIZE;
88
89 wake_up_interruptible(&udev->waitq);
90
91 return 0;
92 }
93
94
95 static bool uinput_request_alloc_id(struct uinput_device *udev,
96 struct uinput_request *request)
97 {
98 unsigned int id;
99 bool reserved = false;
100
101 spin_lock(&udev->requests_lock);
102
103 for (id = 0; id < UINPUT_NUM_REQUESTS; id++) {
104 if (!udev->requests[id]) {
105 request->id = id;
106 udev->requests[id] = request;
107 reserved = true;
108 break;
109 }
110 }
111
112 spin_unlock(&udev->requests_lock);
113 return reserved;
114 }
115
116 static struct uinput_request *uinput_request_find(struct uinput_device *udev,
117 unsigned int id)
118 {
119
120 if (id >= UINPUT_NUM_REQUESTS)
121 return NULL;
122
123 return udev->requests[id];
124 }
125
126 static int uinput_request_reserve_slot(struct uinput_device *udev,
127 struct uinput_request *request)
128 {
129
130 return wait_event_interruptible(udev->requests_waitq,
131 uinput_request_alloc_id(udev, request));
132 }
133
134 static void uinput_request_release_slot(struct uinput_device *udev,
135 unsigned int id)
136 {
137
138 spin_lock(&udev->requests_lock);
139 udev->requests[id] = NULL;
140 spin_unlock(&udev->requests_lock);
141
142 wake_up(&udev->requests_waitq);
143 }
144
145 static int uinput_request_send(struct uinput_device *udev,
146 struct uinput_request *request)
147 {
148 int retval;
149
150 retval = mutex_lock_interruptible(&udev->mutex);
151 if (retval)
152 return retval;
153
154 if (udev->state != UIST_CREATED) {
155 retval = -ENODEV;
156 goto out;
157 }
158
159 init_completion(&request->done);
160
161
162
163
164
165 uinput_dev_event(udev->dev, EV_UINPUT, request->code, request->id);
166
167 out:
168 mutex_unlock(&udev->mutex);
169 return retval;
170 }
171
172 static int uinput_request_submit(struct uinput_device *udev,
173 struct uinput_request *request)
174 {
175 int retval;
176
177 retval = uinput_request_reserve_slot(udev, request);
178 if (retval)
179 return retval;
180
181 retval = uinput_request_send(udev, request);
182 if (retval)
183 goto out;
184
185 if (!wait_for_completion_timeout(&request->done, 30 * HZ)) {
186 retval = -ETIMEDOUT;
187 goto out;
188 }
189
190 retval = request->retval;
191
192 out:
193 uinput_request_release_slot(udev, request->id);
194 return retval;
195 }
196
197
198
199
200
201 static void uinput_flush_requests(struct uinput_device *udev)
202 {
203 struct uinput_request *request;
204 int i;
205
206 spin_lock(&udev->requests_lock);
207
208 for (i = 0; i < UINPUT_NUM_REQUESTS; i++) {
209 request = udev->requests[i];
210 if (request) {
211 request->retval = -ENODEV;
212 complete(&request->done);
213 }
214 }
215
216 spin_unlock(&udev->requests_lock);
217 }
218
219 static void uinput_dev_set_gain(struct input_dev *dev, u16 gain)
220 {
221 uinput_dev_event(dev, EV_FF, FF_GAIN, gain);
222 }
223
224 static void uinput_dev_set_autocenter(struct input_dev *dev, u16 magnitude)
225 {
226 uinput_dev_event(dev, EV_FF, FF_AUTOCENTER, magnitude);
227 }
228
229 static int uinput_dev_playback(struct input_dev *dev, int effect_id, int value)
230 {
231 return uinput_dev_event(dev, EV_FF, effect_id, value);
232 }
233
234 static int uinput_dev_upload_effect(struct input_dev *dev,
235 struct ff_effect *effect,
236 struct ff_effect *old)
237 {
238 struct uinput_device *udev = input_get_drvdata(dev);
239 struct uinput_request request;
240
241
242
243
244
245
246
247
248 if (effect->type == FF_PERIODIC &&
249 effect->u.periodic.waveform == FF_CUSTOM)
250 return -EINVAL;
251
252 request.code = UI_FF_UPLOAD;
253 request.u.upload.effect = effect;
254 request.u.upload.old = old;
255
256 return uinput_request_submit(udev, &request);
257 }
258
259 static int uinput_dev_erase_effect(struct input_dev *dev, int effect_id)
260 {
261 struct uinput_device *udev = input_get_drvdata(dev);
262 struct uinput_request request;
263
264 if (!test_bit(EV_FF, dev->evbit))
265 return -ENOSYS;
266
267 request.code = UI_FF_ERASE;
268 request.u.effect_id = effect_id;
269
270 return uinput_request_submit(udev, &request);
271 }
272
273 static int uinput_dev_flush(struct input_dev *dev, struct file *file)
274 {
275
276
277
278
279
280
281
282 return file ? input_ff_flush(dev, file) : 0;
283 }
284
285 static void uinput_destroy_device(struct uinput_device *udev)
286 {
287 const char *name, *phys;
288 struct input_dev *dev = udev->dev;
289 enum uinput_state old_state = udev->state;
290
291 udev->state = UIST_NEW_DEVICE;
292
293 if (dev) {
294 name = dev->name;
295 phys = dev->phys;
296 if (old_state == UIST_CREATED) {
297 uinput_flush_requests(udev);
298 input_unregister_device(dev);
299 } else {
300 input_free_device(dev);
301 }
302 kfree(name);
303 kfree(phys);
304 udev->dev = NULL;
305 }
306 }
307
308 static int uinput_create_device(struct uinput_device *udev)
309 {
310 struct input_dev *dev = udev->dev;
311 int error, nslot;
312
313 if (udev->state != UIST_SETUP_COMPLETE) {
314 printk(KERN_DEBUG "%s: write device info first\n", UINPUT_NAME);
315 return -EINVAL;
316 }
317
318 if (test_bit(EV_ABS, dev->evbit)) {
319 input_alloc_absinfo(dev);
320 if (!dev->absinfo) {
321 error = -EINVAL;
322 goto fail1;
323 }
324
325 if (test_bit(ABS_MT_SLOT, dev->absbit)) {
326 nslot = input_abs_get_max(dev, ABS_MT_SLOT) + 1;
327 error = input_mt_init_slots(dev, nslot, 0);
328 if (error)
329 goto fail1;
330 } else if (test_bit(ABS_MT_POSITION_X, dev->absbit)) {
331 input_set_events_per_packet(dev, 60);
332 }
333 }
334
335 if (test_bit(EV_FF, dev->evbit) && !udev->ff_effects_max) {
336 printk(KERN_DEBUG "%s: ff_effects_max should be non-zero when FF_BIT is set\n",
337 UINPUT_NAME);
338 error = -EINVAL;
339 goto fail1;
340 }
341
342 if (udev->ff_effects_max) {
343 error = input_ff_create(dev, udev->ff_effects_max);
344 if (error)
345 goto fail1;
346
347 dev->ff->upload = uinput_dev_upload_effect;
348 dev->ff->erase = uinput_dev_erase_effect;
349 dev->ff->playback = uinput_dev_playback;
350 dev->ff->set_gain = uinput_dev_set_gain;
351 dev->ff->set_autocenter = uinput_dev_set_autocenter;
352
353
354
355
356
357 dev->flush = uinput_dev_flush;
358 }
359
360 dev->event = uinput_dev_event;
361
362 input_set_drvdata(udev->dev, udev);
363
364 error = input_register_device(udev->dev);
365 if (error)
366 goto fail2;
367
368 udev->state = UIST_CREATED;
369
370 return 0;
371
372 fail2: input_ff_destroy(dev);
373 fail1: uinput_destroy_device(udev);
374 return error;
375 }
376
377 static int uinput_open(struct inode *inode, struct file *file)
378 {
379 struct uinput_device *newdev;
380
381 newdev = kzalloc(sizeof(struct uinput_device), GFP_KERNEL);
382 if (!newdev)
383 return -ENOMEM;
384
385 mutex_init(&newdev->mutex);
386 spin_lock_init(&newdev->requests_lock);
387 init_waitqueue_head(&newdev->requests_waitq);
388 init_waitqueue_head(&newdev->waitq);
389 newdev->state = UIST_NEW_DEVICE;
390
391 file->private_data = newdev;
392 stream_open(inode, file);
393
394 return 0;
395 }
396
397 static int uinput_validate_absinfo(struct input_dev *dev, unsigned int code,
398 const struct input_absinfo *abs)
399 {
400 int min, max, range;
401
402 min = abs->minimum;
403 max = abs->maximum;
404
405 if ((min != 0 || max != 0) && max < min) {
406 printk(KERN_DEBUG
407 "%s: invalid abs[%02x] min:%d max:%d\n",
408 UINPUT_NAME, code, min, max);
409 return -EINVAL;
410 }
411
412 if (!check_sub_overflow(max, min, &range) && abs->flat > range) {
413 printk(KERN_DEBUG
414 "%s: abs_flat #%02x out of range: %d (min:%d/max:%d)\n",
415 UINPUT_NAME, code, abs->flat, min, max);
416 return -EINVAL;
417 }
418
419 return 0;
420 }
421
422 static int uinput_validate_absbits(struct input_dev *dev)
423 {
424 unsigned int cnt;
425 int error;
426
427 if (!test_bit(EV_ABS, dev->evbit))
428 return 0;
429
430
431
432
433
434 for_each_set_bit(cnt, dev->absbit, ABS_CNT) {
435 if (!dev->absinfo)
436 return -EINVAL;
437
438 error = uinput_validate_absinfo(dev, cnt, &dev->absinfo[cnt]);
439 if (error)
440 return error;
441 }
442
443 return 0;
444 }
445
446 static int uinput_dev_setup(struct uinput_device *udev,
447 struct uinput_setup __user *arg)
448 {
449 struct uinput_setup setup;
450 struct input_dev *dev;
451
452 if (udev->state == UIST_CREATED)
453 return -EINVAL;
454
455 if (copy_from_user(&setup, arg, sizeof(setup)))
456 return -EFAULT;
457
458 if (!setup.name[0])
459 return -EINVAL;
460
461 dev = udev->dev;
462 dev->id = setup.id;
463 udev->ff_effects_max = setup.ff_effects_max;
464
465 kfree(dev->name);
466 dev->name = kstrndup(setup.name, UINPUT_MAX_NAME_SIZE, GFP_KERNEL);
467 if (!dev->name)
468 return -ENOMEM;
469
470 udev->state = UIST_SETUP_COMPLETE;
471 return 0;
472 }
473
474 static int uinput_abs_setup(struct uinput_device *udev,
475 struct uinput_setup __user *arg, size_t size)
476 {
477 struct uinput_abs_setup setup = {};
478 struct input_dev *dev;
479 int error;
480
481 if (size > sizeof(setup))
482 return -E2BIG;
483
484 if (udev->state == UIST_CREATED)
485 return -EINVAL;
486
487 if (copy_from_user(&setup, arg, size))
488 return -EFAULT;
489
490 if (setup.code > ABS_MAX)
491 return -ERANGE;
492
493 dev = udev->dev;
494
495 error = uinput_validate_absinfo(dev, setup.code, &setup.absinfo);
496 if (error)
497 return error;
498
499 input_alloc_absinfo(dev);
500 if (!dev->absinfo)
501 return -ENOMEM;
502
503 set_bit(setup.code, dev->absbit);
504 dev->absinfo[setup.code] = setup.absinfo;
505 return 0;
506 }
507
508
509 static int uinput_setup_device_legacy(struct uinput_device *udev,
510 const char __user *buffer, size_t count)
511 {
512 struct uinput_user_dev *user_dev;
513 struct input_dev *dev;
514 int i;
515 int retval;
516
517 if (count != sizeof(struct uinput_user_dev))
518 return -EINVAL;
519
520 if (!udev->dev) {
521 udev->dev = input_allocate_device();
522 if (!udev->dev)
523 return -ENOMEM;
524 }
525
526 dev = udev->dev;
527
528 user_dev = memdup_user(buffer, sizeof(struct uinput_user_dev));
529 if (IS_ERR(user_dev))
530 return PTR_ERR(user_dev);
531
532 udev->ff_effects_max = user_dev->ff_effects_max;
533
534
535 if (!user_dev->name[0]) {
536 retval = -EINVAL;
537 goto exit;
538 }
539
540 kfree(dev->name);
541 dev->name = kstrndup(user_dev->name, UINPUT_MAX_NAME_SIZE,
542 GFP_KERNEL);
543 if (!dev->name) {
544 retval = -ENOMEM;
545 goto exit;
546 }
547
548 dev->id.bustype = user_dev->id.bustype;
549 dev->id.vendor = user_dev->id.vendor;
550 dev->id.product = user_dev->id.product;
551 dev->id.version = user_dev->id.version;
552
553 for (i = 0; i < ABS_CNT; i++) {
554 input_abs_set_max(dev, i, user_dev->absmax[i]);
555 input_abs_set_min(dev, i, user_dev->absmin[i]);
556 input_abs_set_fuzz(dev, i, user_dev->absfuzz[i]);
557 input_abs_set_flat(dev, i, user_dev->absflat[i]);
558 }
559
560 retval = uinput_validate_absbits(dev);
561 if (retval < 0)
562 goto exit;
563
564 udev->state = UIST_SETUP_COMPLETE;
565 retval = count;
566
567 exit:
568 kfree(user_dev);
569 return retval;
570 }
571
572 static ssize_t uinput_inject_events(struct uinput_device *udev,
573 const char __user *buffer, size_t count)
574 {
575 struct input_event ev;
576 size_t bytes = 0;
577
578 if (count != 0 && count < input_event_size())
579 return -EINVAL;
580
581 while (bytes + input_event_size() <= count) {
582
583
584
585
586
587
588 if (input_event_from_user(buffer + bytes, &ev))
589 return -EFAULT;
590
591 input_event(udev->dev, ev.type, ev.code, ev.value);
592 bytes += input_event_size();
593 cond_resched();
594 }
595
596 return bytes;
597 }
598
599 static ssize_t uinput_write(struct file *file, const char __user *buffer,
600 size_t count, loff_t *ppos)
601 {
602 struct uinput_device *udev = file->private_data;
603 int retval;
604
605 if (count == 0)
606 return 0;
607
608 retval = mutex_lock_interruptible(&udev->mutex);
609 if (retval)
610 return retval;
611
612 retval = udev->state == UIST_CREATED ?
613 uinput_inject_events(udev, buffer, count) :
614 uinput_setup_device_legacy(udev, buffer, count);
615
616 mutex_unlock(&udev->mutex);
617
618 return retval;
619 }
620
621 static bool uinput_fetch_next_event(struct uinput_device *udev,
622 struct input_event *event)
623 {
624 bool have_event;
625
626 spin_lock_irq(&udev->dev->event_lock);
627
628 have_event = udev->head != udev->tail;
629 if (have_event) {
630 *event = udev->buff[udev->tail];
631 udev->tail = (udev->tail + 1) % UINPUT_BUFFER_SIZE;
632 }
633
634 spin_unlock_irq(&udev->dev->event_lock);
635
636 return have_event;
637 }
638
639 static ssize_t uinput_events_to_user(struct uinput_device *udev,
640 char __user *buffer, size_t count)
641 {
642 struct input_event event;
643 size_t read = 0;
644
645 while (read + input_event_size() <= count &&
646 uinput_fetch_next_event(udev, &event)) {
647
648 if (input_event_to_user(buffer + read, &event))
649 return -EFAULT;
650
651 read += input_event_size();
652 }
653
654 return read;
655 }
656
657 static ssize_t uinput_read(struct file *file, char __user *buffer,
658 size_t count, loff_t *ppos)
659 {
660 struct uinput_device *udev = file->private_data;
661 ssize_t retval;
662
663 if (count != 0 && count < input_event_size())
664 return -EINVAL;
665
666 do {
667 retval = mutex_lock_interruptible(&udev->mutex);
668 if (retval)
669 return retval;
670
671 if (udev->state != UIST_CREATED)
672 retval = -ENODEV;
673 else if (udev->head == udev->tail &&
674 (file->f_flags & O_NONBLOCK))
675 retval = -EAGAIN;
676 else
677 retval = uinput_events_to_user(udev, buffer, count);
678
679 mutex_unlock(&udev->mutex);
680
681 if (retval || count == 0)
682 break;
683
684 if (!(file->f_flags & O_NONBLOCK))
685 retval = wait_event_interruptible(udev->waitq,
686 udev->head != udev->tail ||
687 udev->state != UIST_CREATED);
688 } while (retval == 0);
689
690 return retval;
691 }
692
693 static __poll_t uinput_poll(struct file *file, poll_table *wait)
694 {
695 struct uinput_device *udev = file->private_data;
696
697 poll_wait(file, &udev->waitq, wait);
698
699 if (udev->head != udev->tail)
700 return EPOLLIN | EPOLLRDNORM;
701
702 return 0;
703 }
704
705 static int uinput_release(struct inode *inode, struct file *file)
706 {
707 struct uinput_device *udev = file->private_data;
708
709 uinput_destroy_device(udev);
710 kfree(udev);
711
712 return 0;
713 }
714
715 #ifdef CONFIG_COMPAT
716 struct uinput_ff_upload_compat {
717 __u32 request_id;
718 __s32 retval;
719 struct ff_effect_compat effect;
720 struct ff_effect_compat old;
721 };
722
723 static int uinput_ff_upload_to_user(char __user *buffer,
724 const struct uinput_ff_upload *ff_up)
725 {
726 if (in_compat_syscall()) {
727 struct uinput_ff_upload_compat ff_up_compat;
728
729 ff_up_compat.request_id = ff_up->request_id;
730 ff_up_compat.retval = ff_up->retval;
731
732
733
734
735
736
737 memcpy(&ff_up_compat.effect, &ff_up->effect,
738 sizeof(struct ff_effect_compat));
739 memcpy(&ff_up_compat.old, &ff_up->old,
740 sizeof(struct ff_effect_compat));
741
742 if (copy_to_user(buffer, &ff_up_compat,
743 sizeof(struct uinput_ff_upload_compat)))
744 return -EFAULT;
745 } else {
746 if (copy_to_user(buffer, ff_up,
747 sizeof(struct uinput_ff_upload)))
748 return -EFAULT;
749 }
750
751 return 0;
752 }
753
754 static int uinput_ff_upload_from_user(const char __user *buffer,
755 struct uinput_ff_upload *ff_up)
756 {
757 if (in_compat_syscall()) {
758 struct uinput_ff_upload_compat ff_up_compat;
759
760 if (copy_from_user(&ff_up_compat, buffer,
761 sizeof(struct uinput_ff_upload_compat)))
762 return -EFAULT;
763
764 ff_up->request_id = ff_up_compat.request_id;
765 ff_up->retval = ff_up_compat.retval;
766 memcpy(&ff_up->effect, &ff_up_compat.effect,
767 sizeof(struct ff_effect_compat));
768 memcpy(&ff_up->old, &ff_up_compat.old,
769 sizeof(struct ff_effect_compat));
770
771 } else {
772 if (copy_from_user(ff_up, buffer,
773 sizeof(struct uinput_ff_upload)))
774 return -EFAULT;
775 }
776
777 return 0;
778 }
779
780 #else
781
782 static int uinput_ff_upload_to_user(char __user *buffer,
783 const struct uinput_ff_upload *ff_up)
784 {
785 if (copy_to_user(buffer, ff_up, sizeof(struct uinput_ff_upload)))
786 return -EFAULT;
787
788 return 0;
789 }
790
791 static int uinput_ff_upload_from_user(const char __user *buffer,
792 struct uinput_ff_upload *ff_up)
793 {
794 if (copy_from_user(ff_up, buffer, sizeof(struct uinput_ff_upload)))
795 return -EFAULT;
796
797 return 0;
798 }
799
800 #endif
801
802 #define uinput_set_bit(_arg, _bit, _max) \
803 ({ \
804 int __ret = 0; \
805 if (udev->state == UIST_CREATED) \
806 __ret = -EINVAL; \
807 else if ((_arg) > (_max)) \
808 __ret = -EINVAL; \
809 else set_bit((_arg), udev->dev->_bit); \
810 __ret; \
811 })
812
813 static int uinput_str_to_user(void __user *dest, const char *str,
814 unsigned int maxlen)
815 {
816 char __user *p = dest;
817 int len, ret;
818
819 if (!str)
820 return -ENOENT;
821
822 if (maxlen == 0)
823 return -EINVAL;
824
825 len = strlen(str) + 1;
826 if (len > maxlen)
827 len = maxlen;
828
829 ret = copy_to_user(p, str, len);
830 if (ret)
831 return -EFAULT;
832
833
834 ret = put_user(0, p + len - 1);
835 return ret ? -EFAULT : len;
836 }
837
838 static long uinput_ioctl_handler(struct file *file, unsigned int cmd,
839 unsigned long arg, void __user *p)
840 {
841 int retval;
842 struct uinput_device *udev = file->private_data;
843 struct uinput_ff_upload ff_up;
844 struct uinput_ff_erase ff_erase;
845 struct uinput_request *req;
846 char *phys;
847 const char *name;
848 unsigned int size;
849
850 retval = mutex_lock_interruptible(&udev->mutex);
851 if (retval)
852 return retval;
853
854 if (!udev->dev) {
855 udev->dev = input_allocate_device();
856 if (!udev->dev) {
857 retval = -ENOMEM;
858 goto out;
859 }
860 }
861
862 switch (cmd) {
863 case UI_GET_VERSION:
864 if (put_user(UINPUT_VERSION, (unsigned int __user *)p))
865 retval = -EFAULT;
866 goto out;
867
868 case UI_DEV_CREATE:
869 retval = uinput_create_device(udev);
870 goto out;
871
872 case UI_DEV_DESTROY:
873 uinput_destroy_device(udev);
874 goto out;
875
876 case UI_DEV_SETUP:
877 retval = uinput_dev_setup(udev, p);
878 goto out;
879
880
881
882 case UI_SET_EVBIT:
883 retval = uinput_set_bit(arg, evbit, EV_MAX);
884 goto out;
885
886 case UI_SET_KEYBIT:
887 retval = uinput_set_bit(arg, keybit, KEY_MAX);
888 goto out;
889
890 case UI_SET_RELBIT:
891 retval = uinput_set_bit(arg, relbit, REL_MAX);
892 goto out;
893
894 case UI_SET_ABSBIT:
895 retval = uinput_set_bit(arg, absbit, ABS_MAX);
896 goto out;
897
898 case UI_SET_MSCBIT:
899 retval = uinput_set_bit(arg, mscbit, MSC_MAX);
900 goto out;
901
902 case UI_SET_LEDBIT:
903 retval = uinput_set_bit(arg, ledbit, LED_MAX);
904 goto out;
905
906 case UI_SET_SNDBIT:
907 retval = uinput_set_bit(arg, sndbit, SND_MAX);
908 goto out;
909
910 case UI_SET_FFBIT:
911 retval = uinput_set_bit(arg, ffbit, FF_MAX);
912 goto out;
913
914 case UI_SET_SWBIT:
915 retval = uinput_set_bit(arg, swbit, SW_MAX);
916 goto out;
917
918 case UI_SET_PROPBIT:
919 retval = uinput_set_bit(arg, propbit, INPUT_PROP_MAX);
920 goto out;
921
922 case UI_SET_PHYS:
923 if (udev->state == UIST_CREATED) {
924 retval = -EINVAL;
925 goto out;
926 }
927
928 phys = strndup_user(p, 1024);
929 if (IS_ERR(phys)) {
930 retval = PTR_ERR(phys);
931 goto out;
932 }
933
934 kfree(udev->dev->phys);
935 udev->dev->phys = phys;
936 goto out;
937
938 case UI_BEGIN_FF_UPLOAD:
939 retval = uinput_ff_upload_from_user(p, &ff_up);
940 if (retval)
941 goto out;
942
943 req = uinput_request_find(udev, ff_up.request_id);
944 if (!req || req->code != UI_FF_UPLOAD ||
945 !req->u.upload.effect) {
946 retval = -EINVAL;
947 goto out;
948 }
949
950 ff_up.retval = 0;
951 ff_up.effect = *req->u.upload.effect;
952 if (req->u.upload.old)
953 ff_up.old = *req->u.upload.old;
954 else
955 memset(&ff_up.old, 0, sizeof(struct ff_effect));
956
957 retval = uinput_ff_upload_to_user(p, &ff_up);
958 goto out;
959
960 case UI_BEGIN_FF_ERASE:
961 if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) {
962 retval = -EFAULT;
963 goto out;
964 }
965
966 req = uinput_request_find(udev, ff_erase.request_id);
967 if (!req || req->code != UI_FF_ERASE) {
968 retval = -EINVAL;
969 goto out;
970 }
971
972 ff_erase.retval = 0;
973 ff_erase.effect_id = req->u.effect_id;
974 if (copy_to_user(p, &ff_erase, sizeof(ff_erase))) {
975 retval = -EFAULT;
976 goto out;
977 }
978
979 goto out;
980
981 case UI_END_FF_UPLOAD:
982 retval = uinput_ff_upload_from_user(p, &ff_up);
983 if (retval)
984 goto out;
985
986 req = uinput_request_find(udev, ff_up.request_id);
987 if (!req || req->code != UI_FF_UPLOAD ||
988 !req->u.upload.effect) {
989 retval = -EINVAL;
990 goto out;
991 }
992
993 req->retval = ff_up.retval;
994 complete(&req->done);
995 goto out;
996
997 case UI_END_FF_ERASE:
998 if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) {
999 retval = -EFAULT;
1000 goto out;
1001 }
1002
1003 req = uinput_request_find(udev, ff_erase.request_id);
1004 if (!req || req->code != UI_FF_ERASE) {
1005 retval = -EINVAL;
1006 goto out;
1007 }
1008
1009 req->retval = ff_erase.retval;
1010 complete(&req->done);
1011 goto out;
1012 }
1013
1014 size = _IOC_SIZE(cmd);
1015
1016
1017 switch (cmd & ~IOCSIZE_MASK) {
1018 case UI_GET_SYSNAME(0):
1019 if (udev->state != UIST_CREATED) {
1020 retval = -ENOENT;
1021 goto out;
1022 }
1023 name = dev_name(&udev->dev->dev);
1024 retval = uinput_str_to_user(p, name, size);
1025 goto out;
1026
1027 case UI_ABS_SETUP & ~IOCSIZE_MASK:
1028 retval = uinput_abs_setup(udev, p, size);
1029 goto out;
1030 }
1031
1032 retval = -EINVAL;
1033 out:
1034 mutex_unlock(&udev->mutex);
1035 return retval;
1036 }
1037
1038 static long uinput_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1039 {
1040 return uinput_ioctl_handler(file, cmd, arg, (void __user *)arg);
1041 }
1042
1043 #ifdef CONFIG_COMPAT
1044
1045
1046
1047
1048
1049 #define UI_SET_PHYS_COMPAT \
1050 _IOW(UINPUT_IOCTL_BASE, 108, compat_uptr_t)
1051 #define UI_BEGIN_FF_UPLOAD_COMPAT \
1052 _IOWR(UINPUT_IOCTL_BASE, 200, struct uinput_ff_upload_compat)
1053 #define UI_END_FF_UPLOAD_COMPAT \
1054 _IOW(UINPUT_IOCTL_BASE, 201, struct uinput_ff_upload_compat)
1055
1056 static long uinput_compat_ioctl(struct file *file,
1057 unsigned int cmd, unsigned long arg)
1058 {
1059 switch (cmd) {
1060 case UI_SET_PHYS_COMPAT:
1061 cmd = UI_SET_PHYS;
1062 break;
1063 case UI_BEGIN_FF_UPLOAD_COMPAT:
1064 cmd = UI_BEGIN_FF_UPLOAD;
1065 break;
1066 case UI_END_FF_UPLOAD_COMPAT:
1067 cmd = UI_END_FF_UPLOAD;
1068 break;
1069 }
1070
1071 return uinput_ioctl_handler(file, cmd, arg, compat_ptr(arg));
1072 }
1073 #endif
1074
1075 static const struct file_operations uinput_fops = {
1076 .owner = THIS_MODULE,
1077 .open = uinput_open,
1078 .release = uinput_release,
1079 .read = uinput_read,
1080 .write = uinput_write,
1081 .poll = uinput_poll,
1082 .unlocked_ioctl = uinput_ioctl,
1083 #ifdef CONFIG_COMPAT
1084 .compat_ioctl = uinput_compat_ioctl,
1085 #endif
1086 .llseek = no_llseek,
1087 };
1088
1089 static struct miscdevice uinput_misc = {
1090 .fops = &uinput_fops,
1091 .minor = UINPUT_MINOR,
1092 .name = UINPUT_NAME,
1093 };
1094 module_misc_device(uinput_misc);
1095
1096 MODULE_ALIAS_MISCDEV(UINPUT_MINOR);
1097 MODULE_ALIAS("devname:" UINPUT_NAME);
1098
1099 MODULE_AUTHOR("Aristeu Sergio Rozanski Filho");
1100 MODULE_DESCRIPTION("User level driver support for input subsystem");
1101 MODULE_LICENSE("GPL");