Version:  2.0.40 2.2.26 2.4.37 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16 3.17 3.18

Linux/drivers/input/evdev.c

  1 /*
  2  * Event char devices, giving access to raw input device events.
  3  *
  4  * Copyright (c) 1999-2002 Vojtech Pavlik
  5  *
  6  * This program is free software; you can redistribute it and/or modify it
  7  * under the terms of the GNU General Public License version 2 as published by
  8  * the Free Software Foundation.
  9  */
 10 
 11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 12 
 13 #define EVDEV_MINOR_BASE        64
 14 #define EVDEV_MINORS            32
 15 #define EVDEV_MIN_BUFFER_SIZE   64U
 16 #define EVDEV_BUF_PACKETS       8
 17 
 18 #include <linux/poll.h>
 19 #include <linux/sched.h>
 20 #include <linux/slab.h>
 21 #include <linux/vmalloc.h>
 22 #include <linux/mm.h>
 23 #include <linux/module.h>
 24 #include <linux/init.h>
 25 #include <linux/input/mt.h>
 26 #include <linux/major.h>
 27 #include <linux/device.h>
 28 #include <linux/cdev.h>
 29 #include "input-compat.h"
 30 
 31 struct evdev {
 32         int open;
 33         struct input_handle handle;
 34         wait_queue_head_t wait;
 35         struct evdev_client __rcu *grab;
 36         struct list_head client_list;
 37         spinlock_t client_lock; /* protects client_list */
 38         struct mutex mutex;
 39         struct device dev;
 40         struct cdev cdev;
 41         bool exist;
 42 };
 43 
 44 struct evdev_client {
 45         unsigned int head;
 46         unsigned int tail;
 47         unsigned int packet_head; /* [future] position of the first element of next packet */
 48         spinlock_t buffer_lock; /* protects access to buffer, head and tail */
 49         struct fasync_struct *fasync;
 50         struct evdev *evdev;
 51         struct list_head node;
 52         int clkid;
 53         bool revoked;
 54         unsigned int bufsize;
 55         struct input_event buffer[];
 56 };
 57 
 58 /* flush queued events of type @type, caller must hold client->buffer_lock */
 59 static void __evdev_flush_queue(struct evdev_client *client, unsigned int type)
 60 {
 61         unsigned int i, head, num;
 62         unsigned int mask = client->bufsize - 1;
 63         bool is_report;
 64         struct input_event *ev;
 65 
 66         BUG_ON(type == EV_SYN);
 67 
 68         head = client->tail;
 69         client->packet_head = client->tail;
 70 
 71         /* init to 1 so a leading SYN_REPORT will not be dropped */
 72         num = 1;
 73 
 74         for (i = client->tail; i != client->head; i = (i + 1) & mask) {
 75                 ev = &client->buffer[i];
 76                 is_report = ev->type == EV_SYN && ev->code == SYN_REPORT;
 77 
 78                 if (ev->type == type) {
 79                         /* drop matched entry */
 80                         continue;
 81                 } else if (is_report && !num) {
 82                         /* drop empty SYN_REPORT groups */
 83                         continue;
 84                 } else if (head != i) {
 85                         /* move entry to fill the gap */
 86                         client->buffer[head].time = ev->time;
 87                         client->buffer[head].type = ev->type;
 88                         client->buffer[head].code = ev->code;
 89                         client->buffer[head].value = ev->value;
 90                 }
 91 
 92                 num++;
 93                 head = (head + 1) & mask;
 94 
 95                 if (is_report) {
 96                         num = 0;
 97                         client->packet_head = head;
 98                 }
 99         }
100 
101         client->head = head;
102 }
103 
104 /* queue SYN_DROPPED event */
105 static void evdev_queue_syn_dropped(struct evdev_client *client)
106 {
107         unsigned long flags;
108         struct input_event ev;
109         ktime_t time;
110 
111         time = (client->clkid == CLOCK_MONOTONIC) ?
112                 ktime_get() : ktime_get_real();
113 
114         ev.time = ktime_to_timeval(time);
115         ev.type = EV_SYN;
116         ev.code = SYN_DROPPED;
117         ev.value = 0;
118 
119         spin_lock_irqsave(&client->buffer_lock, flags);
120 
121         client->buffer[client->head++] = ev;
122         client->head &= client->bufsize - 1;
123 
124         if (unlikely(client->head == client->tail)) {
125                 /* drop queue but keep our SYN_DROPPED event */
126                 client->tail = (client->head - 1) & (client->bufsize - 1);
127                 client->packet_head = client->tail;
128         }
129 
130         spin_unlock_irqrestore(&client->buffer_lock, flags);
131 }
132 
133 static void __pass_event(struct evdev_client *client,
134                          const struct input_event *event)
135 {
136         client->buffer[client->head++] = *event;
137         client->head &= client->bufsize - 1;
138 
139         if (unlikely(client->head == client->tail)) {
140                 /*
141                  * This effectively "drops" all unconsumed events, leaving
142                  * EV_SYN/SYN_DROPPED plus the newest event in the queue.
143                  */
144                 client->tail = (client->head - 2) & (client->bufsize - 1);
145 
146                 client->buffer[client->tail].time = event->time;
147                 client->buffer[client->tail].type = EV_SYN;
148                 client->buffer[client->tail].code = SYN_DROPPED;
149                 client->buffer[client->tail].value = 0;
150 
151                 client->packet_head = client->tail;
152         }
153 
154         if (event->type == EV_SYN && event->code == SYN_REPORT) {
155                 client->packet_head = client->head;
156                 kill_fasync(&client->fasync, SIGIO, POLL_IN);
157         }
158 }
159 
160 static void evdev_pass_values(struct evdev_client *client,
161                         const struct input_value *vals, unsigned int count,
162                         ktime_t mono, ktime_t real)
163 {
164         struct evdev *evdev = client->evdev;
165         const struct input_value *v;
166         struct input_event event;
167         bool wakeup = false;
168 
169         if (client->revoked)
170                 return;
171 
172         event.time = ktime_to_timeval(client->clkid == CLOCK_MONOTONIC ?
173                                       mono : real);
174 
175         /* Interrupts are disabled, just acquire the lock. */
176         spin_lock(&client->buffer_lock);
177 
178         for (v = vals; v != vals + count; v++) {
179                 event.type = v->type;
180                 event.code = v->code;
181                 event.value = v->value;
182                 __pass_event(client, &event);
183                 if (v->type == EV_SYN && v->code == SYN_REPORT)
184                         wakeup = true;
185         }
186 
187         spin_unlock(&client->buffer_lock);
188 
189         if (wakeup)
190                 wake_up_interruptible(&evdev->wait);
191 }
192 
193 /*
194  * Pass incoming events to all connected clients.
195  */
196 static void evdev_events(struct input_handle *handle,
197                          const struct input_value *vals, unsigned int count)
198 {
199         struct evdev *evdev = handle->private;
200         struct evdev_client *client;
201         ktime_t time_mono, time_real;
202 
203         time_mono = ktime_get();
204         time_real = ktime_mono_to_real(time_mono);
205 
206         rcu_read_lock();
207 
208         client = rcu_dereference(evdev->grab);
209 
210         if (client)
211                 evdev_pass_values(client, vals, count, time_mono, time_real);
212         else
213                 list_for_each_entry_rcu(client, &evdev->client_list, node)
214                         evdev_pass_values(client, vals, count,
215                                           time_mono, time_real);
216 
217         rcu_read_unlock();
218 }
219 
220 /*
221  * Pass incoming event to all connected clients.
222  */
223 static void evdev_event(struct input_handle *handle,
224                         unsigned int type, unsigned int code, int value)
225 {
226         struct input_value vals[] = { { type, code, value } };
227 
228         evdev_events(handle, vals, 1);
229 }
230 
231 static int evdev_fasync(int fd, struct file *file, int on)
232 {
233         struct evdev_client *client = file->private_data;
234 
235         return fasync_helper(fd, file, on, &client->fasync);
236 }
237 
238 static int evdev_flush(struct file *file, fl_owner_t id)
239 {
240         struct evdev_client *client = file->private_data;
241         struct evdev *evdev = client->evdev;
242         int retval;
243 
244         retval = mutex_lock_interruptible(&evdev->mutex);
245         if (retval)
246                 return retval;
247 
248         if (!evdev->exist || client->revoked)
249                 retval = -ENODEV;
250         else
251                 retval = input_flush_device(&evdev->handle, file);
252 
253         mutex_unlock(&evdev->mutex);
254         return retval;
255 }
256 
257 static void evdev_free(struct device *dev)
258 {
259         struct evdev *evdev = container_of(dev, struct evdev, dev);
260 
261         input_put_device(evdev->handle.dev);
262         kfree(evdev);
263 }
264 
265 /*
266  * Grabs an event device (along with underlying input device).
267  * This function is called with evdev->mutex taken.
268  */
269 static int evdev_grab(struct evdev *evdev, struct evdev_client *client)
270 {
271         int error;
272 
273         if (evdev->grab)
274                 return -EBUSY;
275 
276         error = input_grab_device(&evdev->handle);
277         if (error)
278                 return error;
279 
280         rcu_assign_pointer(evdev->grab, client);
281 
282         return 0;
283 }
284 
285 static int evdev_ungrab(struct evdev *evdev, struct evdev_client *client)
286 {
287         struct evdev_client *grab = rcu_dereference_protected(evdev->grab,
288                                         lockdep_is_held(&evdev->mutex));
289 
290         if (grab != client)
291                 return  -EINVAL;
292 
293         rcu_assign_pointer(evdev->grab, NULL);
294         synchronize_rcu();
295         input_release_device(&evdev->handle);
296 
297         return 0;
298 }
299 
300 static void evdev_attach_client(struct evdev *evdev,
301                                 struct evdev_client *client)
302 {
303         spin_lock(&evdev->client_lock);
304         list_add_tail_rcu(&client->node, &evdev->client_list);
305         spin_unlock(&evdev->client_lock);
306 }
307 
308 static void evdev_detach_client(struct evdev *evdev,
309                                 struct evdev_client *client)
310 {
311         spin_lock(&evdev->client_lock);
312         list_del_rcu(&client->node);
313         spin_unlock(&evdev->client_lock);
314         synchronize_rcu();
315 }
316 
317 static int evdev_open_device(struct evdev *evdev)
318 {
319         int retval;
320 
321         retval = mutex_lock_interruptible(&evdev->mutex);
322         if (retval)
323                 return retval;
324 
325         if (!evdev->exist)
326                 retval = -ENODEV;
327         else if (!evdev->open++) {
328                 retval = input_open_device(&evdev->handle);
329                 if (retval)
330                         evdev->open--;
331         }
332 
333         mutex_unlock(&evdev->mutex);
334         return retval;
335 }
336 
337 static void evdev_close_device(struct evdev *evdev)
338 {
339         mutex_lock(&evdev->mutex);
340 
341         if (evdev->exist && !--evdev->open)
342                 input_close_device(&evdev->handle);
343 
344         mutex_unlock(&evdev->mutex);
345 }
346 
347 /*
348  * Wake up users waiting for IO so they can disconnect from
349  * dead device.
350  */
351 static void evdev_hangup(struct evdev *evdev)
352 {
353         struct evdev_client *client;
354 
355         spin_lock(&evdev->client_lock);
356         list_for_each_entry(client, &evdev->client_list, node)
357                 kill_fasync(&client->fasync, SIGIO, POLL_HUP);
358         spin_unlock(&evdev->client_lock);
359 
360         wake_up_interruptible(&evdev->wait);
361 }
362 
363 static int evdev_release(struct inode *inode, struct file *file)
364 {
365         struct evdev_client *client = file->private_data;
366         struct evdev *evdev = client->evdev;
367 
368         mutex_lock(&evdev->mutex);
369         evdev_ungrab(evdev, client);
370         mutex_unlock(&evdev->mutex);
371 
372         evdev_detach_client(evdev, client);
373 
374         if (is_vmalloc_addr(client))
375                 vfree(client);
376         else
377                 kfree(client);
378 
379         evdev_close_device(evdev);
380 
381         return 0;
382 }
383 
384 static unsigned int evdev_compute_buffer_size(struct input_dev *dev)
385 {
386         unsigned int n_events =
387                 max(dev->hint_events_per_packet * EVDEV_BUF_PACKETS,
388                     EVDEV_MIN_BUFFER_SIZE);
389 
390         return roundup_pow_of_two(n_events);
391 }
392 
393 static int evdev_open(struct inode *inode, struct file *file)
394 {
395         struct evdev *evdev = container_of(inode->i_cdev, struct evdev, cdev);
396         unsigned int bufsize = evdev_compute_buffer_size(evdev->handle.dev);
397         unsigned int size = sizeof(struct evdev_client) +
398                                         bufsize * sizeof(struct input_event);
399         struct evdev_client *client;
400         int error;
401 
402         client = kzalloc(size, GFP_KERNEL | __GFP_NOWARN);
403         if (!client)
404                 client = vzalloc(size);
405         if (!client)
406                 return -ENOMEM;
407 
408         client->bufsize = bufsize;
409         spin_lock_init(&client->buffer_lock);
410         client->evdev = evdev;
411         evdev_attach_client(evdev, client);
412 
413         error = evdev_open_device(evdev);
414         if (error)
415                 goto err_free_client;
416 
417         file->private_data = client;
418         nonseekable_open(inode, file);
419 
420         return 0;
421 
422  err_free_client:
423         evdev_detach_client(evdev, client);
424         kvfree(client);
425         return error;
426 }
427 
428 static ssize_t evdev_write(struct file *file, const char __user *buffer,
429                            size_t count, loff_t *ppos)
430 {
431         struct evdev_client *client = file->private_data;
432         struct evdev *evdev = client->evdev;
433         struct input_event event;
434         int retval = 0;
435 
436         if (count != 0 && count < input_event_size())
437                 return -EINVAL;
438 
439         retval = mutex_lock_interruptible(&evdev->mutex);
440         if (retval)
441                 return retval;
442 
443         if (!evdev->exist || client->revoked) {
444                 retval = -ENODEV;
445                 goto out;
446         }
447 
448         while (retval + input_event_size() <= count) {
449 
450                 if (input_event_from_user(buffer + retval, &event)) {
451                         retval = -EFAULT;
452                         goto out;
453                 }
454                 retval += input_event_size();
455 
456                 input_inject_event(&evdev->handle,
457                                    event.type, event.code, event.value);
458         }
459 
460  out:
461         mutex_unlock(&evdev->mutex);
462         return retval;
463 }
464 
465 static int evdev_fetch_next_event(struct evdev_client *client,
466                                   struct input_event *event)
467 {
468         int have_event;
469 
470         spin_lock_irq(&client->buffer_lock);
471 
472         have_event = client->packet_head != client->tail;
473         if (have_event) {
474                 *event = client->buffer[client->tail++];
475                 client->tail &= client->bufsize - 1;
476         }
477 
478         spin_unlock_irq(&client->buffer_lock);
479 
480         return have_event;
481 }
482 
483 static ssize_t evdev_read(struct file *file, char __user *buffer,
484                           size_t count, loff_t *ppos)
485 {
486         struct evdev_client *client = file->private_data;
487         struct evdev *evdev = client->evdev;
488         struct input_event event;
489         size_t read = 0;
490         int error;
491 
492         if (count != 0 && count < input_event_size())
493                 return -EINVAL;
494 
495         for (;;) {
496                 if (!evdev->exist || client->revoked)
497                         return -ENODEV;
498 
499                 if (client->packet_head == client->tail &&
500                     (file->f_flags & O_NONBLOCK))
501                         return -EAGAIN;
502 
503                 /*
504                  * count == 0 is special - no IO is done but we check
505                  * for error conditions (see above).
506                  */
507                 if (count == 0)
508                         break;
509 
510                 while (read + input_event_size() <= count &&
511                        evdev_fetch_next_event(client, &event)) {
512 
513                         if (input_event_to_user(buffer + read, &event))
514                                 return -EFAULT;
515 
516                         read += input_event_size();
517                 }
518 
519                 if (read)
520                         break;
521 
522                 if (!(file->f_flags & O_NONBLOCK)) {
523                         error = wait_event_interruptible(evdev->wait,
524                                         client->packet_head != client->tail ||
525                                         !evdev->exist || client->revoked);
526                         if (error)
527                                 return error;
528                 }
529         }
530 
531         return read;
532 }
533 
534 /* No kernel lock - fine */
535 static unsigned int evdev_poll(struct file *file, poll_table *wait)
536 {
537         struct evdev_client *client = file->private_data;
538         struct evdev *evdev = client->evdev;
539         unsigned int mask;
540 
541         poll_wait(file, &evdev->wait, wait);
542 
543         if (evdev->exist && !client->revoked)
544                 mask = POLLOUT | POLLWRNORM;
545         else
546                 mask = POLLHUP | POLLERR;
547 
548         if (client->packet_head != client->tail)
549                 mask |= POLLIN | POLLRDNORM;
550 
551         return mask;
552 }
553 
554 #ifdef CONFIG_COMPAT
555 
556 #define BITS_PER_LONG_COMPAT (sizeof(compat_long_t) * 8)
557 #define BITS_TO_LONGS_COMPAT(x) ((((x) - 1) / BITS_PER_LONG_COMPAT) + 1)
558 
559 #ifdef __BIG_ENDIAN
560 static int bits_to_user(unsigned long *bits, unsigned int maxbit,
561                         unsigned int maxlen, void __user *p, int compat)
562 {
563         int len, i;
564 
565         if (compat) {
566                 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t);
567                 if (len > maxlen)
568                         len = maxlen;
569 
570                 for (i = 0; i < len / sizeof(compat_long_t); i++)
571                         if (copy_to_user((compat_long_t __user *) p + i,
572                                          (compat_long_t *) bits +
573                                                 i + 1 - ((i % 2) << 1),
574                                          sizeof(compat_long_t)))
575                                 return -EFAULT;
576         } else {
577                 len = BITS_TO_LONGS(maxbit) * sizeof(long);
578                 if (len > maxlen)
579                         len = maxlen;
580 
581                 if (copy_to_user(p, bits, len))
582                         return -EFAULT;
583         }
584 
585         return len;
586 }
587 #else
588 static int bits_to_user(unsigned long *bits, unsigned int maxbit,
589                         unsigned int maxlen, void __user *p, int compat)
590 {
591         int len = compat ?
592                         BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t) :
593                         BITS_TO_LONGS(maxbit) * sizeof(long);
594 
595         if (len > maxlen)
596                 len = maxlen;
597 
598         return copy_to_user(p, bits, len) ? -EFAULT : len;
599 }
600 #endif /* __BIG_ENDIAN */
601 
602 #else
603 
604 static int bits_to_user(unsigned long *bits, unsigned int maxbit,
605                         unsigned int maxlen, void __user *p, int compat)
606 {
607         int len = BITS_TO_LONGS(maxbit) * sizeof(long);
608 
609         if (len > maxlen)
610                 len = maxlen;
611 
612         return copy_to_user(p, bits, len) ? -EFAULT : len;
613 }
614 
615 #endif /* CONFIG_COMPAT */
616 
617 static int str_to_user(const char *str, unsigned int maxlen, void __user *p)
618 {
619         int len;
620 
621         if (!str)
622                 return -ENOENT;
623 
624         len = strlen(str) + 1;
625         if (len > maxlen)
626                 len = maxlen;
627 
628         return copy_to_user(p, str, len) ? -EFAULT : len;
629 }
630 
631 static int handle_eviocgbit(struct input_dev *dev,
632                             unsigned int type, unsigned int size,
633                             void __user *p, int compat_mode)
634 {
635         unsigned long *bits;
636         int len;
637 
638         switch (type) {
639 
640         case      0: bits = dev->evbit;  len = EV_MAX;  break;
641         case EV_KEY: bits = dev->keybit; len = KEY_MAX; break;
642         case EV_REL: bits = dev->relbit; len = REL_MAX; break;
643         case EV_ABS: bits = dev->absbit; len = ABS_MAX; break;
644         case EV_MSC: bits = dev->mscbit; len = MSC_MAX; break;
645         case EV_LED: bits = dev->ledbit; len = LED_MAX; break;
646         case EV_SND: bits = dev->sndbit; len = SND_MAX; break;
647         case EV_FF:  bits = dev->ffbit;  len = FF_MAX;  break;
648         case EV_SW:  bits = dev->swbit;  len = SW_MAX;  break;
649         default: return -EINVAL;
650         }
651 
652         return bits_to_user(bits, len, size, p, compat_mode);
653 }
654 
655 static int evdev_handle_get_keycode(struct input_dev *dev, void __user *p)
656 {
657         struct input_keymap_entry ke = {
658                 .len    = sizeof(unsigned int),
659                 .flags  = 0,
660         };
661         int __user *ip = (int __user *)p;
662         int error;
663 
664         /* legacy case */
665         if (copy_from_user(ke.scancode, p, sizeof(unsigned int)))
666                 return -EFAULT;
667 
668         error = input_get_keycode(dev, &ke);
669         if (error)
670                 return error;
671 
672         if (put_user(ke.keycode, ip + 1))
673                 return -EFAULT;
674 
675         return 0;
676 }
677 
678 static int evdev_handle_get_keycode_v2(struct input_dev *dev, void __user *p)
679 {
680         struct input_keymap_entry ke;
681         int error;
682 
683         if (copy_from_user(&ke, p, sizeof(ke)))
684                 return -EFAULT;
685 
686         error = input_get_keycode(dev, &ke);
687         if (error)
688                 return error;
689 
690         if (copy_to_user(p, &ke, sizeof(ke)))
691                 return -EFAULT;
692 
693         return 0;
694 }
695 
696 static int evdev_handle_set_keycode(struct input_dev *dev, void __user *p)
697 {
698         struct input_keymap_entry ke = {
699                 .len    = sizeof(unsigned int),
700                 .flags  = 0,
701         };
702         int __user *ip = (int __user *)p;
703 
704         if (copy_from_user(ke.scancode, p, sizeof(unsigned int)))
705                 return -EFAULT;
706 
707         if (get_user(ke.keycode, ip + 1))
708                 return -EFAULT;
709 
710         return input_set_keycode(dev, &ke);
711 }
712 
713 static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p)
714 {
715         struct input_keymap_entry ke;
716 
717         if (copy_from_user(&ke, p, sizeof(ke)))
718                 return -EFAULT;
719 
720         if (ke.len > sizeof(ke.scancode))
721                 return -EINVAL;
722 
723         return input_set_keycode(dev, &ke);
724 }
725 
726 /*
727  * If we transfer state to the user, we should flush all pending events
728  * of the same type from the client's queue. Otherwise, they might end up
729  * with duplicate events, which can screw up client's state tracking.
730  * If bits_to_user fails after flushing the queue, we queue a SYN_DROPPED
731  * event so user-space will notice missing events.
732  *
733  * LOCKING:
734  * We need to take event_lock before buffer_lock to avoid dead-locks. But we
735  * need the even_lock only to guarantee consistent state. We can safely release
736  * it while flushing the queue. This allows input-core to handle filters while
737  * we flush the queue.
738  */
739 static int evdev_handle_get_val(struct evdev_client *client,
740                                 struct input_dev *dev, unsigned int type,
741                                 unsigned long *bits, unsigned int maxbit,
742                                 unsigned int maxlen, void __user *p,
743                                 int compat)
744 {
745         int ret;
746         unsigned long *mem;
747         size_t len;
748 
749         len = BITS_TO_LONGS(maxbit) * sizeof(unsigned long);
750         mem = kmalloc(len, GFP_KERNEL);
751         if (!mem)
752                 return -ENOMEM;
753 
754         spin_lock_irq(&dev->event_lock);
755         spin_lock(&client->buffer_lock);
756 
757         memcpy(mem, bits, len);
758 
759         spin_unlock(&dev->event_lock);
760 
761         __evdev_flush_queue(client, type);
762 
763         spin_unlock_irq(&client->buffer_lock);
764 
765         ret = bits_to_user(mem, maxbit, maxlen, p, compat);
766         if (ret < 0)
767                 evdev_queue_syn_dropped(client);
768 
769         kfree(mem);
770 
771         return ret;
772 }
773 
774 static int evdev_handle_mt_request(struct input_dev *dev,
775                                    unsigned int size,
776                                    int __user *ip)
777 {
778         const struct input_mt *mt = dev->mt;
779         unsigned int code;
780         int max_slots;
781         int i;
782 
783         if (get_user(code, &ip[0]))
784                 return -EFAULT;
785         if (!mt || !input_is_mt_value(code))
786                 return -EINVAL;
787 
788         max_slots = (size - sizeof(__u32)) / sizeof(__s32);
789         for (i = 0; i < mt->num_slots && i < max_slots; i++) {
790                 int value = input_mt_get_value(&mt->slots[i], code);
791                 if (put_user(value, &ip[1 + i]))
792                         return -EFAULT;
793         }
794 
795         return 0;
796 }
797 
798 static int evdev_revoke(struct evdev *evdev, struct evdev_client *client,
799                         struct file *file)
800 {
801         client->revoked = true;
802         evdev_ungrab(evdev, client);
803         input_flush_device(&evdev->handle, file);
804         wake_up_interruptible(&evdev->wait);
805 
806         return 0;
807 }
808 
809 static long evdev_do_ioctl(struct file *file, unsigned int cmd,
810                            void __user *p, int compat_mode)
811 {
812         struct evdev_client *client = file->private_data;
813         struct evdev *evdev = client->evdev;
814         struct input_dev *dev = evdev->handle.dev;
815         struct input_absinfo abs;
816         struct ff_effect effect;
817         int __user *ip = (int __user *)p;
818         unsigned int i, t, u, v;
819         unsigned int size;
820         int error;
821 
822         /* First we check for fixed-length commands */
823         switch (cmd) {
824 
825         case EVIOCGVERSION:
826                 return put_user(EV_VERSION, ip);
827 
828         case EVIOCGID:
829                 if (copy_to_user(p, &dev->id, sizeof(struct input_id)))
830                         return -EFAULT;
831                 return 0;
832 
833         case EVIOCGREP:
834                 if (!test_bit(EV_REP, dev->evbit))
835                         return -ENOSYS;
836                 if (put_user(dev->rep[REP_DELAY], ip))
837                         return -EFAULT;
838                 if (put_user(dev->rep[REP_PERIOD], ip + 1))
839                         return -EFAULT;
840                 return 0;
841 
842         case EVIOCSREP:
843                 if (!test_bit(EV_REP, dev->evbit))
844                         return -ENOSYS;
845                 if (get_user(u, ip))
846                         return -EFAULT;
847                 if (get_user(v, ip + 1))
848                         return -EFAULT;
849 
850                 input_inject_event(&evdev->handle, EV_REP, REP_DELAY, u);
851                 input_inject_event(&evdev->handle, EV_REP, REP_PERIOD, v);
852 
853                 return 0;
854 
855         case EVIOCRMFF:
856                 return input_ff_erase(dev, (int)(unsigned long) p, file);
857 
858         case EVIOCGEFFECTS:
859                 i = test_bit(EV_FF, dev->evbit) ?
860                                 dev->ff->max_effects : 0;
861                 if (put_user(i, ip))
862                         return -EFAULT;
863                 return 0;
864 
865         case EVIOCGRAB:
866                 if (p)
867                         return evdev_grab(evdev, client);
868                 else
869                         return evdev_ungrab(evdev, client);
870 
871         case EVIOCREVOKE:
872                 if (p)
873                         return -EINVAL;
874                 else
875                         return evdev_revoke(evdev, client, file);
876 
877         case EVIOCSCLOCKID:
878                 if (copy_from_user(&i, p, sizeof(unsigned int)))
879                         return -EFAULT;
880                 if (i != CLOCK_MONOTONIC && i != CLOCK_REALTIME)
881                         return -EINVAL;
882                 client->clkid = i;
883                 return 0;
884 
885         case EVIOCGKEYCODE:
886                 return evdev_handle_get_keycode(dev, p);
887 
888         case EVIOCSKEYCODE:
889                 return evdev_handle_set_keycode(dev, p);
890 
891         case EVIOCGKEYCODE_V2:
892                 return evdev_handle_get_keycode_v2(dev, p);
893 
894         case EVIOCSKEYCODE_V2:
895                 return evdev_handle_set_keycode_v2(dev, p);
896         }
897 
898         size = _IOC_SIZE(cmd);
899 
900         /* Now check variable-length commands */
901 #define EVIOC_MASK_SIZE(nr)     ((nr) & ~(_IOC_SIZEMASK << _IOC_SIZESHIFT))
902         switch (EVIOC_MASK_SIZE(cmd)) {
903 
904         case EVIOCGPROP(0):
905                 return bits_to_user(dev->propbit, INPUT_PROP_MAX,
906                                     size, p, compat_mode);
907 
908         case EVIOCGMTSLOTS(0):
909                 return evdev_handle_mt_request(dev, size, ip);
910 
911         case EVIOCGKEY(0):
912                 return evdev_handle_get_val(client, dev, EV_KEY, dev->key,
913                                             KEY_MAX, size, p, compat_mode);
914 
915         case EVIOCGLED(0):
916                 return evdev_handle_get_val(client, dev, EV_LED, dev->led,
917                                             LED_MAX, size, p, compat_mode);
918 
919         case EVIOCGSND(0):
920                 return evdev_handle_get_val(client, dev, EV_SND, dev->snd,
921                                             SND_MAX, size, p, compat_mode);
922 
923         case EVIOCGSW(0):
924                 return evdev_handle_get_val(client, dev, EV_SW, dev->sw,
925                                             SW_MAX, size, p, compat_mode);
926 
927         case EVIOCGNAME(0):
928                 return str_to_user(dev->name, size, p);
929 
930         case EVIOCGPHYS(0):
931                 return str_to_user(dev->phys, size, p);
932 
933         case EVIOCGUNIQ(0):
934                 return str_to_user(dev->uniq, size, p);
935 
936         case EVIOC_MASK_SIZE(EVIOCSFF):
937                 if (input_ff_effect_from_user(p, size, &effect))
938                         return -EFAULT;
939 
940                 error = input_ff_upload(dev, &effect, file);
941                 if (error)
942                         return error;
943 
944                 if (put_user(effect.id, &(((struct ff_effect __user *)p)->id)))
945                         return -EFAULT;
946 
947                 return 0;
948         }
949 
950         /* Multi-number variable-length handlers */
951         if (_IOC_TYPE(cmd) != 'E')
952                 return -EINVAL;
953 
954         if (_IOC_DIR(cmd) == _IOC_READ) {
955 
956                 if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0, 0)))
957                         return handle_eviocgbit(dev,
958                                                 _IOC_NR(cmd) & EV_MAX, size,
959                                                 p, compat_mode);
960 
961                 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) {
962 
963                         if (!dev->absinfo)
964                                 return -EINVAL;
965 
966                         t = _IOC_NR(cmd) & ABS_MAX;
967                         abs = dev->absinfo[t];
968 
969                         if (copy_to_user(p, &abs, min_t(size_t,
970                                         size, sizeof(struct input_absinfo))))
971                                 return -EFAULT;
972 
973                         return 0;
974                 }
975         }
976 
977         if (_IOC_DIR(cmd) == _IOC_WRITE) {
978 
979                 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) {
980 
981                         if (!dev->absinfo)
982                                 return -EINVAL;
983 
984                         t = _IOC_NR(cmd) & ABS_MAX;
985 
986                         if (copy_from_user(&abs, p, min_t(size_t,
987                                         size, sizeof(struct input_absinfo))))
988                                 return -EFAULT;
989 
990                         if (size < sizeof(struct input_absinfo))
991                                 abs.resolution = 0;
992 
993                         /* We can't change number of reserved MT slots */
994                         if (t == ABS_MT_SLOT)
995                                 return -EINVAL;
996 
997                         /*
998                          * Take event lock to ensure that we are not
999                          * changing device parameters in the middle
1000                          * of event.
1001                          */
1002                         spin_lock_irq(&dev->event_lock);
1003                         dev->absinfo[t] = abs;
1004                         spin_unlock_irq(&dev->event_lock);
1005 
1006                         return 0;
1007                 }
1008         }
1009 
1010         return -EINVAL;
1011 }
1012 
1013 static long evdev_ioctl_handler(struct file *file, unsigned int cmd,
1014                                 void __user *p, int compat_mode)
1015 {
1016         struct evdev_client *client = file->private_data;
1017         struct evdev *evdev = client->evdev;
1018         int retval;
1019 
1020         retval = mutex_lock_interruptible(&evdev->mutex);
1021         if (retval)
1022                 return retval;
1023 
1024         if (!evdev->exist || client->revoked) {
1025                 retval = -ENODEV;
1026                 goto out;
1027         }
1028 
1029         retval = evdev_do_ioctl(file, cmd, p, compat_mode);
1030 
1031  out:
1032         mutex_unlock(&evdev->mutex);
1033         return retval;
1034 }
1035 
1036 static long evdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1037 {
1038         return evdev_ioctl_handler(file, cmd, (void __user *)arg, 0);
1039 }
1040 
1041 #ifdef CONFIG_COMPAT
1042 static long evdev_ioctl_compat(struct file *file,
1043                                 unsigned int cmd, unsigned long arg)
1044 {
1045         return evdev_ioctl_handler(file, cmd, compat_ptr(arg), 1);
1046 }
1047 #endif
1048 
1049 static const struct file_operations evdev_fops = {
1050         .owner          = THIS_MODULE,
1051         .read           = evdev_read,
1052         .write          = evdev_write,
1053         .poll           = evdev_poll,
1054         .open           = evdev_open,
1055         .release        = evdev_release,
1056         .unlocked_ioctl = evdev_ioctl,
1057 #ifdef CONFIG_COMPAT
1058         .compat_ioctl   = evdev_ioctl_compat,
1059 #endif
1060         .fasync         = evdev_fasync,
1061         .flush          = evdev_flush,
1062         .llseek         = no_llseek,
1063 };
1064 
1065 /*
1066  * Mark device non-existent. This disables writes, ioctls and
1067  * prevents new users from opening the device. Already posted
1068  * blocking reads will stay, however new ones will fail.
1069  */
1070 static void evdev_mark_dead(struct evdev *evdev)
1071 {
1072         mutex_lock(&evdev->mutex);
1073         evdev->exist = false;
1074         mutex_unlock(&evdev->mutex);
1075 }
1076 
1077 static void evdev_cleanup(struct evdev *evdev)
1078 {
1079         struct input_handle *handle = &evdev->handle;
1080 
1081         evdev_mark_dead(evdev);
1082         evdev_hangup(evdev);
1083 
1084         cdev_del(&evdev->cdev);
1085 
1086         /* evdev is marked dead so no one else accesses evdev->open */
1087         if (evdev->open) {
1088                 input_flush_device(handle, NULL);
1089                 input_close_device(handle);
1090         }
1091 }
1092 
1093 /*
1094  * Create new evdev device. Note that input core serializes calls
1095  * to connect and disconnect.
1096  */
1097 static int evdev_connect(struct input_handler *handler, struct input_dev *dev,
1098                          const struct input_device_id *id)
1099 {
1100         struct evdev *evdev;
1101         int minor;
1102         int dev_no;
1103         int error;
1104 
1105         minor = input_get_new_minor(EVDEV_MINOR_BASE, EVDEV_MINORS, true);
1106         if (minor < 0) {
1107                 error = minor;
1108                 pr_err("failed to reserve new minor: %d\n", error);
1109                 return error;
1110         }
1111 
1112         evdev = kzalloc(sizeof(struct evdev), GFP_KERNEL);
1113         if (!evdev) {
1114                 error = -ENOMEM;
1115                 goto err_free_minor;
1116         }
1117 
1118         INIT_LIST_HEAD(&evdev->client_list);
1119         spin_lock_init(&evdev->client_lock);
1120         mutex_init(&evdev->mutex);
1121         init_waitqueue_head(&evdev->wait);
1122         evdev->exist = true;
1123 
1124         dev_no = minor;
1125         /* Normalize device number if it falls into legacy range */
1126         if (dev_no < EVDEV_MINOR_BASE + EVDEV_MINORS)
1127                 dev_no -= EVDEV_MINOR_BASE;
1128         dev_set_name(&evdev->dev, "event%d", dev_no);
1129 
1130         evdev->handle.dev = input_get_device(dev);
1131         evdev->handle.name = dev_name(&evdev->dev);
1132         evdev->handle.handler = handler;
1133         evdev->handle.private = evdev;
1134 
1135         evdev->dev.devt = MKDEV(INPUT_MAJOR, minor);
1136         evdev->dev.class = &input_class;
1137         evdev->dev.parent = &dev->dev;
1138         evdev->dev.release = evdev_free;
1139         device_initialize(&evdev->dev);
1140 
1141         error = input_register_handle(&evdev->handle);
1142         if (error)
1143                 goto err_free_evdev;
1144 
1145         cdev_init(&evdev->cdev, &evdev_fops);
1146         evdev->cdev.kobj.parent = &evdev->dev.kobj;
1147         error = cdev_add(&evdev->cdev, evdev->dev.devt, 1);
1148         if (error)
1149                 goto err_unregister_handle;
1150 
1151         error = device_add(&evdev->dev);
1152         if (error)
1153                 goto err_cleanup_evdev;
1154 
1155         return 0;
1156 
1157  err_cleanup_evdev:
1158         evdev_cleanup(evdev);
1159  err_unregister_handle:
1160         input_unregister_handle(&evdev->handle);
1161  err_free_evdev:
1162         put_device(&evdev->dev);
1163  err_free_minor:
1164         input_free_minor(minor);
1165         return error;
1166 }
1167 
1168 static void evdev_disconnect(struct input_handle *handle)
1169 {
1170         struct evdev *evdev = handle->private;
1171 
1172         device_del(&evdev->dev);
1173         evdev_cleanup(evdev);
1174         input_free_minor(MINOR(evdev->dev.devt));
1175         input_unregister_handle(handle);
1176         put_device(&evdev->dev);
1177 }
1178 
1179 static const struct input_device_id evdev_ids[] = {
1180         { .driver_info = 1 },   /* Matches all devices */
1181         { },                    /* Terminating zero entry */
1182 };
1183 
1184 MODULE_DEVICE_TABLE(input, evdev_ids);
1185 
1186 static struct input_handler evdev_handler = {
1187         .event          = evdev_event,
1188         .events         = evdev_events,
1189         .connect        = evdev_connect,
1190         .disconnect     = evdev_disconnect,
1191         .legacy_minors  = true,
1192         .minor          = EVDEV_MINOR_BASE,
1193         .name           = "evdev",
1194         .id_table       = evdev_ids,
1195 };
1196 
1197 static int __init evdev_init(void)
1198 {
1199         return input_register_handler(&evdev_handler);
1200 }
1201 
1202 static void __exit evdev_exit(void)
1203 {
1204         input_unregister_handler(&evdev_handler);
1205 }
1206 
1207 module_init(evdev_init);
1208 module_exit(evdev_exit);
1209 
1210 MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>");
1211 MODULE_DESCRIPTION("Input driver event char devices");
1212 MODULE_LICENSE("GPL");
1213 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us