Version:  2.6.34 2.6.35 2.6.36 2.6.37 2.6.38 2.6.39 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14

Linux/drivers/input/evdev.c

  1 /*
  2  * Event char devices, giving access to raw input device events.
  3  *
  4  * Copyright (c) 1999-2002 Vojtech Pavlik
  5  *
  6  * This program is free software; you can redistribute it and/or modify it
  7  * under the terms of the GNU General Public License version 2 as published by
  8  * the Free Software Foundation.
  9  */
 10 
 11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 12 
 13 #define EVDEV_MINOR_BASE        64
 14 #define EVDEV_MINORS            32
 15 #define EVDEV_MIN_BUFFER_SIZE   64U
 16 #define EVDEV_BUF_PACKETS       8
 17 
 18 #include <linux/poll.h>
 19 #include <linux/sched.h>
 20 #include <linux/slab.h>
 21 #include <linux/vmalloc.h>
 22 #include <linux/mm.h>
 23 #include <linux/module.h>
 24 #include <linux/init.h>
 25 #include <linux/input/mt.h>
 26 #include <linux/major.h>
 27 #include <linux/device.h>
 28 #include <linux/cdev.h>
 29 #include "input-compat.h"
 30 
 31 struct evdev {
 32         int open;
 33         struct input_handle handle;
 34         wait_queue_head_t wait;
 35         struct evdev_client __rcu *grab;
 36         struct list_head client_list;
 37         spinlock_t client_lock; /* protects client_list */
 38         struct mutex mutex;
 39         struct device dev;
 40         struct cdev cdev;
 41         bool exist;
 42 };
 43 
 44 struct evdev_client {
 45         unsigned int head;
 46         unsigned int tail;
 47         unsigned int packet_head; /* [future] position of the first element of next packet */
 48         spinlock_t buffer_lock; /* protects access to buffer, head and tail */
 49         struct fasync_struct *fasync;
 50         struct evdev *evdev;
 51         struct list_head node;
 52         int clkid;
 53         bool revoked;
 54         unsigned int bufsize;
 55         struct input_event buffer[];
 56 };
 57 
 58 /* flush queued events of type @type, caller must hold client->buffer_lock */
 59 static void __evdev_flush_queue(struct evdev_client *client, unsigned int type)
 60 {
 61         unsigned int i, head, num;
 62         unsigned int mask = client->bufsize - 1;
 63         bool is_report;
 64         struct input_event *ev;
 65 
 66         BUG_ON(type == EV_SYN);
 67 
 68         head = client->tail;
 69         client->packet_head = client->tail;
 70 
 71         /* init to 1 so a leading SYN_REPORT will not be dropped */
 72         num = 1;
 73 
 74         for (i = client->tail; i != client->head; i = (i + 1) & mask) {
 75                 ev = &client->buffer[i];
 76                 is_report = ev->type == EV_SYN && ev->code == SYN_REPORT;
 77 
 78                 if (ev->type == type) {
 79                         /* drop matched entry */
 80                         continue;
 81                 } else if (is_report && !num) {
 82                         /* drop empty SYN_REPORT groups */
 83                         continue;
 84                 } else if (head != i) {
 85                         /* move entry to fill the gap */
 86                         client->buffer[head].time = ev->time;
 87                         client->buffer[head].type = ev->type;
 88                         client->buffer[head].code = ev->code;
 89                         client->buffer[head].value = ev->value;
 90                 }
 91 
 92                 num++;
 93                 head = (head + 1) & mask;
 94 
 95                 if (is_report) {
 96                         num = 0;
 97                         client->packet_head = head;
 98                 }
 99         }
100 
101         client->head = head;
102 }
103 
104 /* queue SYN_DROPPED event */
105 static void evdev_queue_syn_dropped(struct evdev_client *client)
106 {
107         unsigned long flags;
108         struct input_event ev;
109         ktime_t time;
110 
111         time = ktime_get();
112         if (client->clkid != CLOCK_MONOTONIC)
113                 time = ktime_sub(time, ktime_get_monotonic_offset());
114 
115         ev.time = ktime_to_timeval(time);
116         ev.type = EV_SYN;
117         ev.code = SYN_DROPPED;
118         ev.value = 0;
119 
120         spin_lock_irqsave(&client->buffer_lock, flags);
121 
122         client->buffer[client->head++] = ev;
123         client->head &= client->bufsize - 1;
124 
125         if (unlikely(client->head == client->tail)) {
126                 /* drop queue but keep our SYN_DROPPED event */
127                 client->tail = (client->head - 1) & (client->bufsize - 1);
128                 client->packet_head = client->tail;
129         }
130 
131         spin_unlock_irqrestore(&client->buffer_lock, flags);
132 }
133 
134 static void __pass_event(struct evdev_client *client,
135                          const struct input_event *event)
136 {
137         client->buffer[client->head++] = *event;
138         client->head &= client->bufsize - 1;
139 
140         if (unlikely(client->head == client->tail)) {
141                 /*
142                  * This effectively "drops" all unconsumed events, leaving
143                  * EV_SYN/SYN_DROPPED plus the newest event in the queue.
144                  */
145                 client->tail = (client->head - 2) & (client->bufsize - 1);
146 
147                 client->buffer[client->tail].time = event->time;
148                 client->buffer[client->tail].type = EV_SYN;
149                 client->buffer[client->tail].code = SYN_DROPPED;
150                 client->buffer[client->tail].value = 0;
151 
152                 client->packet_head = client->tail;
153         }
154 
155         if (event->type == EV_SYN && event->code == SYN_REPORT) {
156                 client->packet_head = client->head;
157                 kill_fasync(&client->fasync, SIGIO, POLL_IN);
158         }
159 }
160 
161 static void evdev_pass_values(struct evdev_client *client,
162                         const struct input_value *vals, unsigned int count,
163                         ktime_t mono, ktime_t real)
164 {
165         struct evdev *evdev = client->evdev;
166         const struct input_value *v;
167         struct input_event event;
168         bool wakeup = false;
169 
170         if (client->revoked)
171                 return;
172 
173         event.time = ktime_to_timeval(client->clkid == CLOCK_MONOTONIC ?
174                                       mono : real);
175 
176         /* Interrupts are disabled, just acquire the lock. */
177         spin_lock(&client->buffer_lock);
178 
179         for (v = vals; v != vals + count; v++) {
180                 event.type = v->type;
181                 event.code = v->code;
182                 event.value = v->value;
183                 __pass_event(client, &event);
184                 if (v->type == EV_SYN && v->code == SYN_REPORT)
185                         wakeup = true;
186         }
187 
188         spin_unlock(&client->buffer_lock);
189 
190         if (wakeup)
191                 wake_up_interruptible(&evdev->wait);
192 }
193 
194 /*
195  * Pass incoming events to all connected clients.
196  */
197 static void evdev_events(struct input_handle *handle,
198                          const struct input_value *vals, unsigned int count)
199 {
200         struct evdev *evdev = handle->private;
201         struct evdev_client *client;
202         ktime_t time_mono, time_real;
203 
204         time_mono = ktime_get();
205         time_real = ktime_sub(time_mono, ktime_get_monotonic_offset());
206 
207         rcu_read_lock();
208 
209         client = rcu_dereference(evdev->grab);
210 
211         if (client)
212                 evdev_pass_values(client, vals, count, time_mono, time_real);
213         else
214                 list_for_each_entry_rcu(client, &evdev->client_list, node)
215                         evdev_pass_values(client, vals, count,
216                                           time_mono, time_real);
217 
218         rcu_read_unlock();
219 }
220 
221 /*
222  * Pass incoming event to all connected clients.
223  */
224 static void evdev_event(struct input_handle *handle,
225                         unsigned int type, unsigned int code, int value)
226 {
227         struct input_value vals[] = { { type, code, value } };
228 
229         evdev_events(handle, vals, 1);
230 }
231 
232 static int evdev_fasync(int fd, struct file *file, int on)
233 {
234         struct evdev_client *client = file->private_data;
235 
236         return fasync_helper(fd, file, on, &client->fasync);
237 }
238 
239 static int evdev_flush(struct file *file, fl_owner_t id)
240 {
241         struct evdev_client *client = file->private_data;
242         struct evdev *evdev = client->evdev;
243         int retval;
244 
245         retval = mutex_lock_interruptible(&evdev->mutex);
246         if (retval)
247                 return retval;
248 
249         if (!evdev->exist || client->revoked)
250                 retval = -ENODEV;
251         else
252                 retval = input_flush_device(&evdev->handle, file);
253 
254         mutex_unlock(&evdev->mutex);
255         return retval;
256 }
257 
258 static void evdev_free(struct device *dev)
259 {
260         struct evdev *evdev = container_of(dev, struct evdev, dev);
261 
262         input_put_device(evdev->handle.dev);
263         kfree(evdev);
264 }
265 
266 /*
267  * Grabs an event device (along with underlying input device).
268  * This function is called with evdev->mutex taken.
269  */
270 static int evdev_grab(struct evdev *evdev, struct evdev_client *client)
271 {
272         int error;
273 
274         if (evdev->grab)
275                 return -EBUSY;
276 
277         error = input_grab_device(&evdev->handle);
278         if (error)
279                 return error;
280 
281         rcu_assign_pointer(evdev->grab, client);
282 
283         return 0;
284 }
285 
286 static int evdev_ungrab(struct evdev *evdev, struct evdev_client *client)
287 {
288         struct evdev_client *grab = rcu_dereference_protected(evdev->grab,
289                                         lockdep_is_held(&evdev->mutex));
290 
291         if (grab != client)
292                 return  -EINVAL;
293 
294         rcu_assign_pointer(evdev->grab, NULL);
295         synchronize_rcu();
296         input_release_device(&evdev->handle);
297 
298         return 0;
299 }
300 
301 static void evdev_attach_client(struct evdev *evdev,
302                                 struct evdev_client *client)
303 {
304         spin_lock(&evdev->client_lock);
305         list_add_tail_rcu(&client->node, &evdev->client_list);
306         spin_unlock(&evdev->client_lock);
307 }
308 
309 static void evdev_detach_client(struct evdev *evdev,
310                                 struct evdev_client *client)
311 {
312         spin_lock(&evdev->client_lock);
313         list_del_rcu(&client->node);
314         spin_unlock(&evdev->client_lock);
315         synchronize_rcu();
316 }
317 
318 static int evdev_open_device(struct evdev *evdev)
319 {
320         int retval;
321 
322         retval = mutex_lock_interruptible(&evdev->mutex);
323         if (retval)
324                 return retval;
325 
326         if (!evdev->exist)
327                 retval = -ENODEV;
328         else if (!evdev->open++) {
329                 retval = input_open_device(&evdev->handle);
330                 if (retval)
331                         evdev->open--;
332         }
333 
334         mutex_unlock(&evdev->mutex);
335         return retval;
336 }
337 
338 static void evdev_close_device(struct evdev *evdev)
339 {
340         mutex_lock(&evdev->mutex);
341 
342         if (evdev->exist && !--evdev->open)
343                 input_close_device(&evdev->handle);
344 
345         mutex_unlock(&evdev->mutex);
346 }
347 
348 /*
349  * Wake up users waiting for IO so they can disconnect from
350  * dead device.
351  */
352 static void evdev_hangup(struct evdev *evdev)
353 {
354         struct evdev_client *client;
355 
356         spin_lock(&evdev->client_lock);
357         list_for_each_entry(client, &evdev->client_list, node)
358                 kill_fasync(&client->fasync, SIGIO, POLL_HUP);
359         spin_unlock(&evdev->client_lock);
360 
361         wake_up_interruptible(&evdev->wait);
362 }
363 
364 static int evdev_release(struct inode *inode, struct file *file)
365 {
366         struct evdev_client *client = file->private_data;
367         struct evdev *evdev = client->evdev;
368 
369         mutex_lock(&evdev->mutex);
370         evdev_ungrab(evdev, client);
371         mutex_unlock(&evdev->mutex);
372 
373         evdev_detach_client(evdev, client);
374 
375         if (is_vmalloc_addr(client))
376                 vfree(client);
377         else
378                 kfree(client);
379 
380         evdev_close_device(evdev);
381 
382         return 0;
383 }
384 
385 static unsigned int evdev_compute_buffer_size(struct input_dev *dev)
386 {
387         unsigned int n_events =
388                 max(dev->hint_events_per_packet * EVDEV_BUF_PACKETS,
389                     EVDEV_MIN_BUFFER_SIZE);
390 
391         return roundup_pow_of_two(n_events);
392 }
393 
394 static int evdev_open(struct inode *inode, struct file *file)
395 {
396         struct evdev *evdev = container_of(inode->i_cdev, struct evdev, cdev);
397         unsigned int bufsize = evdev_compute_buffer_size(evdev->handle.dev);
398         unsigned int size = sizeof(struct evdev_client) +
399                                         bufsize * sizeof(struct input_event);
400         struct evdev_client *client;
401         int error;
402 
403         client = kzalloc(size, GFP_KERNEL | __GFP_NOWARN);
404         if (!client)
405                 client = vzalloc(size);
406         if (!client)
407                 return -ENOMEM;
408 
409         client->bufsize = bufsize;
410         spin_lock_init(&client->buffer_lock);
411         client->evdev = evdev;
412         evdev_attach_client(evdev, client);
413 
414         error = evdev_open_device(evdev);
415         if (error)
416                 goto err_free_client;
417 
418         file->private_data = client;
419         nonseekable_open(inode, file);
420 
421         return 0;
422 
423  err_free_client:
424         evdev_detach_client(evdev, client);
425         kfree(client);
426         return error;
427 }
428 
429 static ssize_t evdev_write(struct file *file, const char __user *buffer,
430                            size_t count, loff_t *ppos)
431 {
432         struct evdev_client *client = file->private_data;
433         struct evdev *evdev = client->evdev;
434         struct input_event event;
435         int retval = 0;
436 
437         if (count != 0 && count < input_event_size())
438                 return -EINVAL;
439 
440         retval = mutex_lock_interruptible(&evdev->mutex);
441         if (retval)
442                 return retval;
443 
444         if (!evdev->exist || client->revoked) {
445                 retval = -ENODEV;
446                 goto out;
447         }
448 
449         while (retval + input_event_size() <= count) {
450 
451                 if (input_event_from_user(buffer + retval, &event)) {
452                         retval = -EFAULT;
453                         goto out;
454                 }
455                 retval += input_event_size();
456 
457                 input_inject_event(&evdev->handle,
458                                    event.type, event.code, event.value);
459         }
460 
461  out:
462         mutex_unlock(&evdev->mutex);
463         return retval;
464 }
465 
466 static int evdev_fetch_next_event(struct evdev_client *client,
467                                   struct input_event *event)
468 {
469         int have_event;
470 
471         spin_lock_irq(&client->buffer_lock);
472 
473         have_event = client->packet_head != client->tail;
474         if (have_event) {
475                 *event = client->buffer[client->tail++];
476                 client->tail &= client->bufsize - 1;
477         }
478 
479         spin_unlock_irq(&client->buffer_lock);
480 
481         return have_event;
482 }
483 
484 static ssize_t evdev_read(struct file *file, char __user *buffer,
485                           size_t count, loff_t *ppos)
486 {
487         struct evdev_client *client = file->private_data;
488         struct evdev *evdev = client->evdev;
489         struct input_event event;
490         size_t read = 0;
491         int error;
492 
493         if (count != 0 && count < input_event_size())
494                 return -EINVAL;
495 
496         for (;;) {
497                 if (!evdev->exist || client->revoked)
498                         return -ENODEV;
499 
500                 if (client->packet_head == client->tail &&
501                     (file->f_flags & O_NONBLOCK))
502                         return -EAGAIN;
503 
504                 /*
505                  * count == 0 is special - no IO is done but we check
506                  * for error conditions (see above).
507                  */
508                 if (count == 0)
509                         break;
510 
511                 while (read + input_event_size() <= count &&
512                        evdev_fetch_next_event(client, &event)) {
513 
514                         if (input_event_to_user(buffer + read, &event))
515                                 return -EFAULT;
516 
517                         read += input_event_size();
518                 }
519 
520                 if (read)
521                         break;
522 
523                 if (!(file->f_flags & O_NONBLOCK)) {
524                         error = wait_event_interruptible(evdev->wait,
525                                         client->packet_head != client->tail ||
526                                         !evdev->exist || client->revoked);
527                         if (error)
528                                 return error;
529                 }
530         }
531 
532         return read;
533 }
534 
535 /* No kernel lock - fine */
536 static unsigned int evdev_poll(struct file *file, poll_table *wait)
537 {
538         struct evdev_client *client = file->private_data;
539         struct evdev *evdev = client->evdev;
540         unsigned int mask;
541 
542         poll_wait(file, &evdev->wait, wait);
543 
544         if (evdev->exist && !client->revoked)
545                 mask = POLLOUT | POLLWRNORM;
546         else
547                 mask = POLLHUP | POLLERR;
548 
549         if (client->packet_head != client->tail)
550                 mask |= POLLIN | POLLRDNORM;
551 
552         return mask;
553 }
554 
555 #ifdef CONFIG_COMPAT
556 
557 #define BITS_PER_LONG_COMPAT (sizeof(compat_long_t) * 8)
558 #define BITS_TO_LONGS_COMPAT(x) ((((x) - 1) / BITS_PER_LONG_COMPAT) + 1)
559 
560 #ifdef __BIG_ENDIAN
561 static int bits_to_user(unsigned long *bits, unsigned int maxbit,
562                         unsigned int maxlen, void __user *p, int compat)
563 {
564         int len, i;
565 
566         if (compat) {
567                 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t);
568                 if (len > maxlen)
569                         len = maxlen;
570 
571                 for (i = 0; i < len / sizeof(compat_long_t); i++)
572                         if (copy_to_user((compat_long_t __user *) p + i,
573                                          (compat_long_t *) bits +
574                                                 i + 1 - ((i % 2) << 1),
575                                          sizeof(compat_long_t)))
576                                 return -EFAULT;
577         } else {
578                 len = BITS_TO_LONGS(maxbit) * sizeof(long);
579                 if (len > maxlen)
580                         len = maxlen;
581 
582                 if (copy_to_user(p, bits, len))
583                         return -EFAULT;
584         }
585 
586         return len;
587 }
588 #else
589 static int bits_to_user(unsigned long *bits, unsigned int maxbit,
590                         unsigned int maxlen, void __user *p, int compat)
591 {
592         int len = compat ?
593                         BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t) :
594                         BITS_TO_LONGS(maxbit) * sizeof(long);
595 
596         if (len > maxlen)
597                 len = maxlen;
598 
599         return copy_to_user(p, bits, len) ? -EFAULT : len;
600 }
601 #endif /* __BIG_ENDIAN */
602 
603 #else
604 
605 static int bits_to_user(unsigned long *bits, unsigned int maxbit,
606                         unsigned int maxlen, void __user *p, int compat)
607 {
608         int len = BITS_TO_LONGS(maxbit) * sizeof(long);
609 
610         if (len > maxlen)
611                 len = maxlen;
612 
613         return copy_to_user(p, bits, len) ? -EFAULT : len;
614 }
615 
616 #endif /* CONFIG_COMPAT */
617 
618 static int str_to_user(const char *str, unsigned int maxlen, void __user *p)
619 {
620         int len;
621 
622         if (!str)
623                 return -ENOENT;
624 
625         len = strlen(str) + 1;
626         if (len > maxlen)
627                 len = maxlen;
628 
629         return copy_to_user(p, str, len) ? -EFAULT : len;
630 }
631 
632 #define OLD_KEY_MAX     0x1ff
633 static int handle_eviocgbit(struct input_dev *dev,
634                             unsigned int type, unsigned int size,
635                             void __user *p, int compat_mode)
636 {
637         static unsigned long keymax_warn_time;
638         unsigned long *bits;
639         int len;
640 
641         switch (type) {
642 
643         case      0: bits = dev->evbit;  len = EV_MAX;  break;
644         case EV_KEY: bits = dev->keybit; len = KEY_MAX; break;
645         case EV_REL: bits = dev->relbit; len = REL_MAX; break;
646         case EV_ABS: bits = dev->absbit; len = ABS_MAX; break;
647         case EV_MSC: bits = dev->mscbit; len = MSC_MAX; break;
648         case EV_LED: bits = dev->ledbit; len = LED_MAX; break;
649         case EV_SND: bits = dev->sndbit; len = SND_MAX; break;
650         case EV_FF:  bits = dev->ffbit;  len = FF_MAX;  break;
651         case EV_SW:  bits = dev->swbit;  len = SW_MAX;  break;
652         default: return -EINVAL;
653         }
654 
655         /*
656          * Work around bugs in userspace programs that like to do
657          * EVIOCGBIT(EV_KEY, KEY_MAX) and not realize that 'len'
658          * should be in bytes, not in bits.
659          */
660         if (type == EV_KEY && size == OLD_KEY_MAX) {
661                 len = OLD_KEY_MAX;
662                 if (printk_timed_ratelimit(&keymax_warn_time, 10 * 1000))
663                         pr_warning("(EVIOCGBIT): Suspicious buffer size %u, "
664                                    "limiting output to %zu bytes. See "
665                                    "http://userweb.kernel.org/~dtor/eviocgbit-bug.html\n",
666                                    OLD_KEY_MAX,
667                                    BITS_TO_LONGS(OLD_KEY_MAX) * sizeof(long));
668         }
669 
670         return bits_to_user(bits, len, size, p, compat_mode);
671 }
672 #undef OLD_KEY_MAX
673 
674 static int evdev_handle_get_keycode(struct input_dev *dev, void __user *p)
675 {
676         struct input_keymap_entry ke = {
677                 .len    = sizeof(unsigned int),
678                 .flags  = 0,
679         };
680         int __user *ip = (int __user *)p;
681         int error;
682 
683         /* legacy case */
684         if (copy_from_user(ke.scancode, p, sizeof(unsigned int)))
685                 return -EFAULT;
686 
687         error = input_get_keycode(dev, &ke);
688         if (error)
689                 return error;
690 
691         if (put_user(ke.keycode, ip + 1))
692                 return -EFAULT;
693 
694         return 0;
695 }
696 
697 static int evdev_handle_get_keycode_v2(struct input_dev *dev, void __user *p)
698 {
699         struct input_keymap_entry ke;
700         int error;
701 
702         if (copy_from_user(&ke, p, sizeof(ke)))
703                 return -EFAULT;
704 
705         error = input_get_keycode(dev, &ke);
706         if (error)
707                 return error;
708 
709         if (copy_to_user(p, &ke, sizeof(ke)))
710                 return -EFAULT;
711 
712         return 0;
713 }
714 
715 static int evdev_handle_set_keycode(struct input_dev *dev, void __user *p)
716 {
717         struct input_keymap_entry ke = {
718                 .len    = sizeof(unsigned int),
719                 .flags  = 0,
720         };
721         int __user *ip = (int __user *)p;
722 
723         if (copy_from_user(ke.scancode, p, sizeof(unsigned int)))
724                 return -EFAULT;
725 
726         if (get_user(ke.keycode, ip + 1))
727                 return -EFAULT;
728 
729         return input_set_keycode(dev, &ke);
730 }
731 
732 static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p)
733 {
734         struct input_keymap_entry ke;
735 
736         if (copy_from_user(&ke, p, sizeof(ke)))
737                 return -EFAULT;
738 
739         if (ke.len > sizeof(ke.scancode))
740                 return -EINVAL;
741 
742         return input_set_keycode(dev, &ke);
743 }
744 
745 /*
746  * If we transfer state to the user, we should flush all pending events
747  * of the same type from the client's queue. Otherwise, they might end up
748  * with duplicate events, which can screw up client's state tracking.
749  * If bits_to_user fails after flushing the queue, we queue a SYN_DROPPED
750  * event so user-space will notice missing events.
751  *
752  * LOCKING:
753  * We need to take event_lock before buffer_lock to avoid dead-locks. But we
754  * need the even_lock only to guarantee consistent state. We can safely release
755  * it while flushing the queue. This allows input-core to handle filters while
756  * we flush the queue.
757  */
758 static int evdev_handle_get_val(struct evdev_client *client,
759                                 struct input_dev *dev, unsigned int type,
760                                 unsigned long *bits, unsigned int max,
761                                 unsigned int size, void __user *p, int compat)
762 {
763         int ret;
764         unsigned long *mem;
765 
766         mem = kmalloc(sizeof(unsigned long) * max, GFP_KERNEL);
767         if (!mem)
768                 return -ENOMEM;
769 
770         spin_lock_irq(&dev->event_lock);
771         spin_lock(&client->buffer_lock);
772 
773         memcpy(mem, bits, sizeof(unsigned long) * max);
774 
775         spin_unlock(&dev->event_lock);
776 
777         __evdev_flush_queue(client, type);
778 
779         spin_unlock_irq(&client->buffer_lock);
780 
781         ret = bits_to_user(mem, max, size, p, compat);
782         if (ret < 0)
783                 evdev_queue_syn_dropped(client);
784 
785         kfree(mem);
786 
787         return ret;
788 }
789 
790 static int evdev_handle_mt_request(struct input_dev *dev,
791                                    unsigned int size,
792                                    int __user *ip)
793 {
794         const struct input_mt *mt = dev->mt;
795         unsigned int code;
796         int max_slots;
797         int i;
798 
799         if (get_user(code, &ip[0]))
800                 return -EFAULT;
801         if (!mt || !input_is_mt_value(code))
802                 return -EINVAL;
803 
804         max_slots = (size - sizeof(__u32)) / sizeof(__s32);
805         for (i = 0; i < mt->num_slots && i < max_slots; i++) {
806                 int value = input_mt_get_value(&mt->slots[i], code);
807                 if (put_user(value, &ip[1 + i]))
808                         return -EFAULT;
809         }
810 
811         return 0;
812 }
813 
814 static int evdev_revoke(struct evdev *evdev, struct evdev_client *client,
815                         struct file *file)
816 {
817         client->revoked = true;
818         evdev_ungrab(evdev, client);
819         input_flush_device(&evdev->handle, file);
820         wake_up_interruptible(&evdev->wait);
821 
822         return 0;
823 }
824 
825 static long evdev_do_ioctl(struct file *file, unsigned int cmd,
826                            void __user *p, int compat_mode)
827 {
828         struct evdev_client *client = file->private_data;
829         struct evdev *evdev = client->evdev;
830         struct input_dev *dev = evdev->handle.dev;
831         struct input_absinfo abs;
832         struct ff_effect effect;
833         int __user *ip = (int __user *)p;
834         unsigned int i, t, u, v;
835         unsigned int size;
836         int error;
837 
838         /* First we check for fixed-length commands */
839         switch (cmd) {
840 
841         case EVIOCGVERSION:
842                 return put_user(EV_VERSION, ip);
843 
844         case EVIOCGID:
845                 if (copy_to_user(p, &dev->id, sizeof(struct input_id)))
846                         return -EFAULT;
847                 return 0;
848 
849         case EVIOCGREP:
850                 if (!test_bit(EV_REP, dev->evbit))
851                         return -ENOSYS;
852                 if (put_user(dev->rep[REP_DELAY], ip))
853                         return -EFAULT;
854                 if (put_user(dev->rep[REP_PERIOD], ip + 1))
855                         return -EFAULT;
856                 return 0;
857 
858         case EVIOCSREP:
859                 if (!test_bit(EV_REP, dev->evbit))
860                         return -ENOSYS;
861                 if (get_user(u, ip))
862                         return -EFAULT;
863                 if (get_user(v, ip + 1))
864                         return -EFAULT;
865 
866                 input_inject_event(&evdev->handle, EV_REP, REP_DELAY, u);
867                 input_inject_event(&evdev->handle, EV_REP, REP_PERIOD, v);
868 
869                 return 0;
870 
871         case EVIOCRMFF:
872                 return input_ff_erase(dev, (int)(unsigned long) p, file);
873 
874         case EVIOCGEFFECTS:
875                 i = test_bit(EV_FF, dev->evbit) ?
876                                 dev->ff->max_effects : 0;
877                 if (put_user(i, ip))
878                         return -EFAULT;
879                 return 0;
880 
881         case EVIOCGRAB:
882                 if (p)
883                         return evdev_grab(evdev, client);
884                 else
885                         return evdev_ungrab(evdev, client);
886 
887         case EVIOCREVOKE:
888                 if (p)
889                         return -EINVAL;
890                 else
891                         return evdev_revoke(evdev, client, file);
892 
893         case EVIOCSCLOCKID:
894                 if (copy_from_user(&i, p, sizeof(unsigned int)))
895                         return -EFAULT;
896                 if (i != CLOCK_MONOTONIC && i != CLOCK_REALTIME)
897                         return -EINVAL;
898                 client->clkid = i;
899                 return 0;
900 
901         case EVIOCGKEYCODE:
902                 return evdev_handle_get_keycode(dev, p);
903 
904         case EVIOCSKEYCODE:
905                 return evdev_handle_set_keycode(dev, p);
906 
907         case EVIOCGKEYCODE_V2:
908                 return evdev_handle_get_keycode_v2(dev, p);
909 
910         case EVIOCSKEYCODE_V2:
911                 return evdev_handle_set_keycode_v2(dev, p);
912         }
913 
914         size = _IOC_SIZE(cmd);
915 
916         /* Now check variable-length commands */
917 #define EVIOC_MASK_SIZE(nr)     ((nr) & ~(_IOC_SIZEMASK << _IOC_SIZESHIFT))
918         switch (EVIOC_MASK_SIZE(cmd)) {
919 
920         case EVIOCGPROP(0):
921                 return bits_to_user(dev->propbit, INPUT_PROP_MAX,
922                                     size, p, compat_mode);
923 
924         case EVIOCGMTSLOTS(0):
925                 return evdev_handle_mt_request(dev, size, ip);
926 
927         case EVIOCGKEY(0):
928                 return evdev_handle_get_val(client, dev, EV_KEY, dev->key,
929                                             KEY_MAX, size, p, compat_mode);
930 
931         case EVIOCGLED(0):
932                 return evdev_handle_get_val(client, dev, EV_LED, dev->led,
933                                             LED_MAX, size, p, compat_mode);
934 
935         case EVIOCGSND(0):
936                 return evdev_handle_get_val(client, dev, EV_SND, dev->snd,
937                                             SND_MAX, size, p, compat_mode);
938 
939         case EVIOCGSW(0):
940                 return evdev_handle_get_val(client, dev, EV_SW, dev->sw,
941                                             SW_MAX, size, p, compat_mode);
942 
943         case EVIOCGNAME(0):
944                 return str_to_user(dev->name, size, p);
945 
946         case EVIOCGPHYS(0):
947                 return str_to_user(dev->phys, size, p);
948 
949         case EVIOCGUNIQ(0):
950                 return str_to_user(dev->uniq, size, p);
951 
952         case EVIOC_MASK_SIZE(EVIOCSFF):
953                 if (input_ff_effect_from_user(p, size, &effect))
954                         return -EFAULT;
955 
956                 error = input_ff_upload(dev, &effect, file);
957                 if (error)
958                         return error;
959 
960                 if (put_user(effect.id, &(((struct ff_effect __user *)p)->id)))
961                         return -EFAULT;
962 
963                 return 0;
964         }
965 
966         /* Multi-number variable-length handlers */
967         if (_IOC_TYPE(cmd) != 'E')
968                 return -EINVAL;
969 
970         if (_IOC_DIR(cmd) == _IOC_READ) {
971 
972                 if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0, 0)))
973                         return handle_eviocgbit(dev,
974                                                 _IOC_NR(cmd) & EV_MAX, size,
975                                                 p, compat_mode);
976 
977                 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) {
978 
979                         if (!dev->absinfo)
980                                 return -EINVAL;
981 
982                         t = _IOC_NR(cmd) & ABS_MAX;
983                         abs = dev->absinfo[t];
984 
985                         if (copy_to_user(p, &abs, min_t(size_t,
986                                         size, sizeof(struct input_absinfo))))
987                                 return -EFAULT;
988 
989                         return 0;
990                 }
991         }
992 
993         if (_IOC_DIR(cmd) == _IOC_WRITE) {
994 
995                 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) {
996 
997                         if (!dev->absinfo)
998                                 return -EINVAL;
999 
1000                         t = _IOC_NR(cmd) & ABS_MAX;
1001 
1002                         if (copy_from_user(&abs, p, min_t(size_t,
1003                                         size, sizeof(struct input_absinfo))))
1004                                 return -EFAULT;
1005 
1006                         if (size < sizeof(struct input_absinfo))
1007                                 abs.resolution = 0;
1008 
1009                         /* We can't change number of reserved MT slots */
1010                         if (t == ABS_MT_SLOT)
1011                                 return -EINVAL;
1012 
1013                         /*
1014                          * Take event lock to ensure that we are not
1015                          * changing device parameters in the middle
1016                          * of event.
1017                          */
1018                         spin_lock_irq(&dev->event_lock);
1019                         dev->absinfo[t] = abs;
1020                         spin_unlock_irq(&dev->event_lock);
1021 
1022                         return 0;
1023                 }
1024         }
1025 
1026         return -EINVAL;
1027 }
1028 
1029 static long evdev_ioctl_handler(struct file *file, unsigned int cmd,
1030                                 void __user *p, int compat_mode)
1031 {
1032         struct evdev_client *client = file->private_data;
1033         struct evdev *evdev = client->evdev;
1034         int retval;
1035 
1036         retval = mutex_lock_interruptible(&evdev->mutex);
1037         if (retval)
1038                 return retval;
1039 
1040         if (!evdev->exist || client->revoked) {
1041                 retval = -ENODEV;
1042                 goto out;
1043         }
1044 
1045         retval = evdev_do_ioctl(file, cmd, p, compat_mode);
1046 
1047  out:
1048         mutex_unlock(&evdev->mutex);
1049         return retval;
1050 }
1051 
1052 static long evdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1053 {
1054         return evdev_ioctl_handler(file, cmd, (void __user *)arg, 0);
1055 }
1056 
1057 #ifdef CONFIG_COMPAT
1058 static long evdev_ioctl_compat(struct file *file,
1059                                 unsigned int cmd, unsigned long arg)
1060 {
1061         return evdev_ioctl_handler(file, cmd, compat_ptr(arg), 1);
1062 }
1063 #endif
1064 
1065 static const struct file_operations evdev_fops = {
1066         .owner          = THIS_MODULE,
1067         .read           = evdev_read,
1068         .write          = evdev_write,
1069         .poll           = evdev_poll,
1070         .open           = evdev_open,
1071         .release        = evdev_release,
1072         .unlocked_ioctl = evdev_ioctl,
1073 #ifdef CONFIG_COMPAT
1074         .compat_ioctl   = evdev_ioctl_compat,
1075 #endif
1076         .fasync         = evdev_fasync,
1077         .flush          = evdev_flush,
1078         .llseek         = no_llseek,
1079 };
1080 
1081 /*
1082  * Mark device non-existent. This disables writes, ioctls and
1083  * prevents new users from opening the device. Already posted
1084  * blocking reads will stay, however new ones will fail.
1085  */
1086 static void evdev_mark_dead(struct evdev *evdev)
1087 {
1088         mutex_lock(&evdev->mutex);
1089         evdev->exist = false;
1090         mutex_unlock(&evdev->mutex);
1091 }
1092 
1093 static void evdev_cleanup(struct evdev *evdev)
1094 {
1095         struct input_handle *handle = &evdev->handle;
1096 
1097         evdev_mark_dead(evdev);
1098         evdev_hangup(evdev);
1099 
1100         cdev_del(&evdev->cdev);
1101 
1102         /* evdev is marked dead so no one else accesses evdev->open */
1103         if (evdev->open) {
1104                 input_flush_device(handle, NULL);
1105                 input_close_device(handle);
1106         }
1107 }
1108 
1109 /*
1110  * Create new evdev device. Note that input core serializes calls
1111  * to connect and disconnect.
1112  */
1113 static int evdev_connect(struct input_handler *handler, struct input_dev *dev,
1114                          const struct input_device_id *id)
1115 {
1116         struct evdev *evdev;
1117         int minor;
1118         int dev_no;
1119         int error;
1120 
1121         minor = input_get_new_minor(EVDEV_MINOR_BASE, EVDEV_MINORS, true);
1122         if (minor < 0) {
1123                 error = minor;
1124                 pr_err("failed to reserve new minor: %d\n", error);
1125                 return error;
1126         }
1127 
1128         evdev = kzalloc(sizeof(struct evdev), GFP_KERNEL);
1129         if (!evdev) {
1130                 error = -ENOMEM;
1131                 goto err_free_minor;
1132         }
1133 
1134         INIT_LIST_HEAD(&evdev->client_list);
1135         spin_lock_init(&evdev->client_lock);
1136         mutex_init(&evdev->mutex);
1137         init_waitqueue_head(&evdev->wait);
1138         evdev->exist = true;
1139 
1140         dev_no = minor;
1141         /* Normalize device number if it falls into legacy range */
1142         if (dev_no < EVDEV_MINOR_BASE + EVDEV_MINORS)
1143                 dev_no -= EVDEV_MINOR_BASE;
1144         dev_set_name(&evdev->dev, "event%d", dev_no);
1145 
1146         evdev->handle.dev = input_get_device(dev);
1147         evdev->handle.name = dev_name(&evdev->dev);
1148         evdev->handle.handler = handler;
1149         evdev->handle.private = evdev;
1150 
1151         evdev->dev.devt = MKDEV(INPUT_MAJOR, minor);
1152         evdev->dev.class = &input_class;
1153         evdev->dev.parent = &dev->dev;
1154         evdev->dev.release = evdev_free;
1155         device_initialize(&evdev->dev);
1156 
1157         error = input_register_handle(&evdev->handle);
1158         if (error)
1159                 goto err_free_evdev;
1160 
1161         cdev_init(&evdev->cdev, &evdev_fops);
1162         evdev->cdev.kobj.parent = &evdev->dev.kobj;
1163         error = cdev_add(&evdev->cdev, evdev->dev.devt, 1);
1164         if (error)
1165                 goto err_unregister_handle;
1166 
1167         error = device_add(&evdev->dev);
1168         if (error)
1169                 goto err_cleanup_evdev;
1170 
1171         return 0;
1172 
1173  err_cleanup_evdev:
1174         evdev_cleanup(evdev);
1175  err_unregister_handle:
1176         input_unregister_handle(&evdev->handle);
1177  err_free_evdev:
1178         put_device(&evdev->dev);
1179  err_free_minor:
1180         input_free_minor(minor);
1181         return error;
1182 }
1183 
1184 static void evdev_disconnect(struct input_handle *handle)
1185 {
1186         struct evdev *evdev = handle->private;
1187 
1188         device_del(&evdev->dev);
1189         evdev_cleanup(evdev);
1190         input_free_minor(MINOR(evdev->dev.devt));
1191         input_unregister_handle(handle);
1192         put_device(&evdev->dev);
1193 }
1194 
1195 static const struct input_device_id evdev_ids[] = {
1196         { .driver_info = 1 },   /* Matches all devices */
1197         { },                    /* Terminating zero entry */
1198 };
1199 
1200 MODULE_DEVICE_TABLE(input, evdev_ids);
1201 
1202 static struct input_handler evdev_handler = {
1203         .event          = evdev_event,
1204         .events         = evdev_events,
1205         .connect        = evdev_connect,
1206         .disconnect     = evdev_disconnect,
1207         .legacy_minors  = true,
1208         .minor          = EVDEV_MINOR_BASE,
1209         .name           = "evdev",
1210         .id_table       = evdev_ids,
1211 };
1212 
1213 static int __init evdev_init(void)
1214 {
1215         return input_register_handler(&evdev_handler);
1216 }
1217 
1218 static void __exit evdev_exit(void)
1219 {
1220         input_unregister_handler(&evdev_handler);
1221 }
1222 
1223 module_init(evdev_init);
1224 module_exit(evdev_exit);
1225 
1226 MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>");
1227 MODULE_DESCRIPTION("Input driver event char devices");
1228 MODULE_LICENSE("GPL");
1229 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us