Version:  2.0.40 2.2.26 2.4.37 3.11 3.12 3.13 3.14 3.15 3.16 3.17 3.18 3.19 4.0 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8

Linux/drivers/input/evdev.c

  1 /*
  2  * Event char devices, giving access to raw input device events.
  3  *
  4  * Copyright (c) 1999-2002 Vojtech Pavlik
  5  *
  6  * This program is free software; you can redistribute it and/or modify it
  7  * under the terms of the GNU General Public License version 2 as published by
  8  * the Free Software Foundation.
  9  */
 10 
 11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 12 
 13 #define EVDEV_MINOR_BASE        64
 14 #define EVDEV_MINORS            32
 15 #define EVDEV_MIN_BUFFER_SIZE   64U
 16 #define EVDEV_BUF_PACKETS       8
 17 
 18 #include <linux/poll.h>
 19 #include <linux/sched.h>
 20 #include <linux/slab.h>
 21 #include <linux/vmalloc.h>
 22 #include <linux/mm.h>
 23 #include <linux/module.h>
 24 #include <linux/init.h>
 25 #include <linux/input/mt.h>
 26 #include <linux/major.h>
 27 #include <linux/device.h>
 28 #include <linux/cdev.h>
 29 #include "input-compat.h"
 30 
 31 enum evdev_clock_type {
 32         EV_CLK_REAL = 0,
 33         EV_CLK_MONO,
 34         EV_CLK_BOOT,
 35         EV_CLK_MAX
 36 };
 37 
 38 struct evdev {
 39         int open;
 40         struct input_handle handle;
 41         wait_queue_head_t wait;
 42         struct evdev_client __rcu *grab;
 43         struct list_head client_list;
 44         spinlock_t client_lock; /* protects client_list */
 45         struct mutex mutex;
 46         struct device dev;
 47         struct cdev cdev;
 48         bool exist;
 49 };
 50 
 51 struct evdev_client {
 52         unsigned int head;
 53         unsigned int tail;
 54         unsigned int packet_head; /* [future] position of the first element of next packet */
 55         spinlock_t buffer_lock; /* protects access to buffer, head and tail */
 56         struct fasync_struct *fasync;
 57         struct evdev *evdev;
 58         struct list_head node;
 59         unsigned int clk_type;
 60         bool revoked;
 61         unsigned long *evmasks[EV_CNT];
 62         unsigned int bufsize;
 63         struct input_event buffer[];
 64 };
 65 
 66 static size_t evdev_get_mask_cnt(unsigned int type)
 67 {
 68         static const size_t counts[EV_CNT] = {
 69                 /* EV_SYN==0 is EV_CNT, _not_ SYN_CNT, see EVIOCGBIT */
 70                 [EV_SYN]        = EV_CNT,
 71                 [EV_KEY]        = KEY_CNT,
 72                 [EV_REL]        = REL_CNT,
 73                 [EV_ABS]        = ABS_CNT,
 74                 [EV_MSC]        = MSC_CNT,
 75                 [EV_SW]         = SW_CNT,
 76                 [EV_LED]        = LED_CNT,
 77                 [EV_SND]        = SND_CNT,
 78                 [EV_FF]         = FF_CNT,
 79         };
 80 
 81         return (type < EV_CNT) ? counts[type] : 0;
 82 }
 83 
 84 /* requires the buffer lock to be held */
 85 static bool __evdev_is_filtered(struct evdev_client *client,
 86                                 unsigned int type,
 87                                 unsigned int code)
 88 {
 89         unsigned long *mask;
 90         size_t cnt;
 91 
 92         /* EV_SYN and unknown codes are never filtered */
 93         if (type == EV_SYN || type >= EV_CNT)
 94                 return false;
 95 
 96         /* first test whether the type is filtered */
 97         mask = client->evmasks[0];
 98         if (mask && !test_bit(type, mask))
 99                 return true;
100 
101         /* unknown values are never filtered */
102         cnt = evdev_get_mask_cnt(type);
103         if (!cnt || code >= cnt)
104                 return false;
105 
106         mask = client->evmasks[type];
107         return mask && !test_bit(code, mask);
108 }
109 
110 /* flush queued events of type @type, caller must hold client->buffer_lock */
111 static void __evdev_flush_queue(struct evdev_client *client, unsigned int type)
112 {
113         unsigned int i, head, num;
114         unsigned int mask = client->bufsize - 1;
115         bool is_report;
116         struct input_event *ev;
117 
118         BUG_ON(type == EV_SYN);
119 
120         head = client->tail;
121         client->packet_head = client->tail;
122 
123         /* init to 1 so a leading SYN_REPORT will not be dropped */
124         num = 1;
125 
126         for (i = client->tail; i != client->head; i = (i + 1) & mask) {
127                 ev = &client->buffer[i];
128                 is_report = ev->type == EV_SYN && ev->code == SYN_REPORT;
129 
130                 if (ev->type == type) {
131                         /* drop matched entry */
132                         continue;
133                 } else if (is_report && !num) {
134                         /* drop empty SYN_REPORT groups */
135                         continue;
136                 } else if (head != i) {
137                         /* move entry to fill the gap */
138                         client->buffer[head].time = ev->time;
139                         client->buffer[head].type = ev->type;
140                         client->buffer[head].code = ev->code;
141                         client->buffer[head].value = ev->value;
142                 }
143 
144                 num++;
145                 head = (head + 1) & mask;
146 
147                 if (is_report) {
148                         num = 0;
149                         client->packet_head = head;
150                 }
151         }
152 
153         client->head = head;
154 }
155 
156 static void __evdev_queue_syn_dropped(struct evdev_client *client)
157 {
158         struct input_event ev;
159         ktime_t time;
160 
161         time = client->clk_type == EV_CLK_REAL ?
162                         ktime_get_real() :
163                         client->clk_type == EV_CLK_MONO ?
164                                 ktime_get() :
165                                 ktime_get_boottime();
166 
167         ev.time = ktime_to_timeval(time);
168         ev.type = EV_SYN;
169         ev.code = SYN_DROPPED;
170         ev.value = 0;
171 
172         client->buffer[client->head++] = ev;
173         client->head &= client->bufsize - 1;
174 
175         if (unlikely(client->head == client->tail)) {
176                 /* drop queue but keep our SYN_DROPPED event */
177                 client->tail = (client->head - 1) & (client->bufsize - 1);
178                 client->packet_head = client->tail;
179         }
180 }
181 
182 static void evdev_queue_syn_dropped(struct evdev_client *client)
183 {
184         unsigned long flags;
185 
186         spin_lock_irqsave(&client->buffer_lock, flags);
187         __evdev_queue_syn_dropped(client);
188         spin_unlock_irqrestore(&client->buffer_lock, flags);
189 }
190 
191 static int evdev_set_clk_type(struct evdev_client *client, unsigned int clkid)
192 {
193         unsigned long flags;
194         unsigned int clk_type;
195 
196         switch (clkid) {
197 
198         case CLOCK_REALTIME:
199                 clk_type = EV_CLK_REAL;
200                 break;
201         case CLOCK_MONOTONIC:
202                 clk_type = EV_CLK_MONO;
203                 break;
204         case CLOCK_BOOTTIME:
205                 clk_type = EV_CLK_BOOT;
206                 break;
207         default:
208                 return -EINVAL;
209         }
210 
211         if (client->clk_type != clk_type) {
212                 client->clk_type = clk_type;
213 
214                 /*
215                  * Flush pending events and queue SYN_DROPPED event,
216                  * but only if the queue is not empty.
217                  */
218                 spin_lock_irqsave(&client->buffer_lock, flags);
219 
220                 if (client->head != client->tail) {
221                         client->packet_head = client->head = client->tail;
222                         __evdev_queue_syn_dropped(client);
223                 }
224 
225                 spin_unlock_irqrestore(&client->buffer_lock, flags);
226         }
227 
228         return 0;
229 }
230 
231 static void __pass_event(struct evdev_client *client,
232                          const struct input_event *event)
233 {
234         client->buffer[client->head++] = *event;
235         client->head &= client->bufsize - 1;
236 
237         if (unlikely(client->head == client->tail)) {
238                 /*
239                  * This effectively "drops" all unconsumed events, leaving
240                  * EV_SYN/SYN_DROPPED plus the newest event in the queue.
241                  */
242                 client->tail = (client->head - 2) & (client->bufsize - 1);
243 
244                 client->buffer[client->tail].time = event->time;
245                 client->buffer[client->tail].type = EV_SYN;
246                 client->buffer[client->tail].code = SYN_DROPPED;
247                 client->buffer[client->tail].value = 0;
248 
249                 client->packet_head = client->tail;
250         }
251 
252         if (event->type == EV_SYN && event->code == SYN_REPORT) {
253                 client->packet_head = client->head;
254                 kill_fasync(&client->fasync, SIGIO, POLL_IN);
255         }
256 }
257 
258 static void evdev_pass_values(struct evdev_client *client,
259                         const struct input_value *vals, unsigned int count,
260                         ktime_t *ev_time)
261 {
262         struct evdev *evdev = client->evdev;
263         const struct input_value *v;
264         struct input_event event;
265         bool wakeup = false;
266 
267         if (client->revoked)
268                 return;
269 
270         event.time = ktime_to_timeval(ev_time[client->clk_type]);
271 
272         /* Interrupts are disabled, just acquire the lock. */
273         spin_lock(&client->buffer_lock);
274 
275         for (v = vals; v != vals + count; v++) {
276                 if (__evdev_is_filtered(client, v->type, v->code))
277                         continue;
278 
279                 if (v->type == EV_SYN && v->code == SYN_REPORT) {
280                         /* drop empty SYN_REPORT */
281                         if (client->packet_head == client->head)
282                                 continue;
283 
284                         wakeup = true;
285                 }
286 
287                 event.type = v->type;
288                 event.code = v->code;
289                 event.value = v->value;
290                 __pass_event(client, &event);
291         }
292 
293         spin_unlock(&client->buffer_lock);
294 
295         if (wakeup)
296                 wake_up_interruptible(&evdev->wait);
297 }
298 
299 /*
300  * Pass incoming events to all connected clients.
301  */
302 static void evdev_events(struct input_handle *handle,
303                          const struct input_value *vals, unsigned int count)
304 {
305         struct evdev *evdev = handle->private;
306         struct evdev_client *client;
307         ktime_t ev_time[EV_CLK_MAX];
308 
309         ev_time[EV_CLK_MONO] = ktime_get();
310         ev_time[EV_CLK_REAL] = ktime_mono_to_real(ev_time[EV_CLK_MONO]);
311         ev_time[EV_CLK_BOOT] = ktime_mono_to_any(ev_time[EV_CLK_MONO],
312                                                  TK_OFFS_BOOT);
313 
314         rcu_read_lock();
315 
316         client = rcu_dereference(evdev->grab);
317 
318         if (client)
319                 evdev_pass_values(client, vals, count, ev_time);
320         else
321                 list_for_each_entry_rcu(client, &evdev->client_list, node)
322                         evdev_pass_values(client, vals, count, ev_time);
323 
324         rcu_read_unlock();
325 }
326 
327 /*
328  * Pass incoming event to all connected clients.
329  */
330 static void evdev_event(struct input_handle *handle,
331                         unsigned int type, unsigned int code, int value)
332 {
333         struct input_value vals[] = { { type, code, value } };
334 
335         evdev_events(handle, vals, 1);
336 }
337 
338 static int evdev_fasync(int fd, struct file *file, int on)
339 {
340         struct evdev_client *client = file->private_data;
341 
342         return fasync_helper(fd, file, on, &client->fasync);
343 }
344 
345 static int evdev_flush(struct file *file, fl_owner_t id)
346 {
347         struct evdev_client *client = file->private_data;
348         struct evdev *evdev = client->evdev;
349 
350         mutex_lock(&evdev->mutex);
351 
352         if (evdev->exist && !client->revoked)
353                 input_flush_device(&evdev->handle, file);
354 
355         mutex_unlock(&evdev->mutex);
356         return 0;
357 }
358 
359 static void evdev_free(struct device *dev)
360 {
361         struct evdev *evdev = container_of(dev, struct evdev, dev);
362 
363         input_put_device(evdev->handle.dev);
364         kfree(evdev);
365 }
366 
367 /*
368  * Grabs an event device (along with underlying input device).
369  * This function is called with evdev->mutex taken.
370  */
371 static int evdev_grab(struct evdev *evdev, struct evdev_client *client)
372 {
373         int error;
374 
375         if (evdev->grab)
376                 return -EBUSY;
377 
378         error = input_grab_device(&evdev->handle);
379         if (error)
380                 return error;
381 
382         rcu_assign_pointer(evdev->grab, client);
383 
384         return 0;
385 }
386 
387 static int evdev_ungrab(struct evdev *evdev, struct evdev_client *client)
388 {
389         struct evdev_client *grab = rcu_dereference_protected(evdev->grab,
390                                         lockdep_is_held(&evdev->mutex));
391 
392         if (grab != client)
393                 return  -EINVAL;
394 
395         rcu_assign_pointer(evdev->grab, NULL);
396         synchronize_rcu();
397         input_release_device(&evdev->handle);
398 
399         return 0;
400 }
401 
402 static void evdev_attach_client(struct evdev *evdev,
403                                 struct evdev_client *client)
404 {
405         spin_lock(&evdev->client_lock);
406         list_add_tail_rcu(&client->node, &evdev->client_list);
407         spin_unlock(&evdev->client_lock);
408 }
409 
410 static void evdev_detach_client(struct evdev *evdev,
411                                 struct evdev_client *client)
412 {
413         spin_lock(&evdev->client_lock);
414         list_del_rcu(&client->node);
415         spin_unlock(&evdev->client_lock);
416         synchronize_rcu();
417 }
418 
419 static int evdev_open_device(struct evdev *evdev)
420 {
421         int retval;
422 
423         retval = mutex_lock_interruptible(&evdev->mutex);
424         if (retval)
425                 return retval;
426 
427         if (!evdev->exist)
428                 retval = -ENODEV;
429         else if (!evdev->open++) {
430                 retval = input_open_device(&evdev->handle);
431                 if (retval)
432                         evdev->open--;
433         }
434 
435         mutex_unlock(&evdev->mutex);
436         return retval;
437 }
438 
439 static void evdev_close_device(struct evdev *evdev)
440 {
441         mutex_lock(&evdev->mutex);
442 
443         if (evdev->exist && !--evdev->open)
444                 input_close_device(&evdev->handle);
445 
446         mutex_unlock(&evdev->mutex);
447 }
448 
449 /*
450  * Wake up users waiting for IO so they can disconnect from
451  * dead device.
452  */
453 static void evdev_hangup(struct evdev *evdev)
454 {
455         struct evdev_client *client;
456 
457         spin_lock(&evdev->client_lock);
458         list_for_each_entry(client, &evdev->client_list, node)
459                 kill_fasync(&client->fasync, SIGIO, POLL_HUP);
460         spin_unlock(&evdev->client_lock);
461 
462         wake_up_interruptible(&evdev->wait);
463 }
464 
465 static int evdev_release(struct inode *inode, struct file *file)
466 {
467         struct evdev_client *client = file->private_data;
468         struct evdev *evdev = client->evdev;
469         unsigned int i;
470 
471         mutex_lock(&evdev->mutex);
472         evdev_ungrab(evdev, client);
473         mutex_unlock(&evdev->mutex);
474 
475         evdev_detach_client(evdev, client);
476 
477         for (i = 0; i < EV_CNT; ++i)
478                 kfree(client->evmasks[i]);
479 
480         kvfree(client);
481 
482         evdev_close_device(evdev);
483 
484         return 0;
485 }
486 
487 static unsigned int evdev_compute_buffer_size(struct input_dev *dev)
488 {
489         unsigned int n_events =
490                 max(dev->hint_events_per_packet * EVDEV_BUF_PACKETS,
491                     EVDEV_MIN_BUFFER_SIZE);
492 
493         return roundup_pow_of_two(n_events);
494 }
495 
496 static int evdev_open(struct inode *inode, struct file *file)
497 {
498         struct evdev *evdev = container_of(inode->i_cdev, struct evdev, cdev);
499         unsigned int bufsize = evdev_compute_buffer_size(evdev->handle.dev);
500         unsigned int size = sizeof(struct evdev_client) +
501                                         bufsize * sizeof(struct input_event);
502         struct evdev_client *client;
503         int error;
504 
505         client = kzalloc(size, GFP_KERNEL | __GFP_NOWARN);
506         if (!client)
507                 client = vzalloc(size);
508         if (!client)
509                 return -ENOMEM;
510 
511         client->bufsize = bufsize;
512         spin_lock_init(&client->buffer_lock);
513         client->evdev = evdev;
514         evdev_attach_client(evdev, client);
515 
516         error = evdev_open_device(evdev);
517         if (error)
518                 goto err_free_client;
519 
520         file->private_data = client;
521         nonseekable_open(inode, file);
522 
523         return 0;
524 
525  err_free_client:
526         evdev_detach_client(evdev, client);
527         kvfree(client);
528         return error;
529 }
530 
531 static ssize_t evdev_write(struct file *file, const char __user *buffer,
532                            size_t count, loff_t *ppos)
533 {
534         struct evdev_client *client = file->private_data;
535         struct evdev *evdev = client->evdev;
536         struct input_event event;
537         int retval = 0;
538 
539         if (count != 0 && count < input_event_size())
540                 return -EINVAL;
541 
542         retval = mutex_lock_interruptible(&evdev->mutex);
543         if (retval)
544                 return retval;
545 
546         if (!evdev->exist || client->revoked) {
547                 retval = -ENODEV;
548                 goto out;
549         }
550 
551         while (retval + input_event_size() <= count) {
552 
553                 if (input_event_from_user(buffer + retval, &event)) {
554                         retval = -EFAULT;
555                         goto out;
556                 }
557                 retval += input_event_size();
558 
559                 input_inject_event(&evdev->handle,
560                                    event.type, event.code, event.value);
561         }
562 
563  out:
564         mutex_unlock(&evdev->mutex);
565         return retval;
566 }
567 
568 static int evdev_fetch_next_event(struct evdev_client *client,
569                                   struct input_event *event)
570 {
571         int have_event;
572 
573         spin_lock_irq(&client->buffer_lock);
574 
575         have_event = client->packet_head != client->tail;
576         if (have_event) {
577                 *event = client->buffer[client->tail++];
578                 client->tail &= client->bufsize - 1;
579         }
580 
581         spin_unlock_irq(&client->buffer_lock);
582 
583         return have_event;
584 }
585 
586 static ssize_t evdev_read(struct file *file, char __user *buffer,
587                           size_t count, loff_t *ppos)
588 {
589         struct evdev_client *client = file->private_data;
590         struct evdev *evdev = client->evdev;
591         struct input_event event;
592         size_t read = 0;
593         int error;
594 
595         if (count != 0 && count < input_event_size())
596                 return -EINVAL;
597 
598         for (;;) {
599                 if (!evdev->exist || client->revoked)
600                         return -ENODEV;
601 
602                 if (client->packet_head == client->tail &&
603                     (file->f_flags & O_NONBLOCK))
604                         return -EAGAIN;
605 
606                 /*
607                  * count == 0 is special - no IO is done but we check
608                  * for error conditions (see above).
609                  */
610                 if (count == 0)
611                         break;
612 
613                 while (read + input_event_size() <= count &&
614                        evdev_fetch_next_event(client, &event)) {
615 
616                         if (input_event_to_user(buffer + read, &event))
617                                 return -EFAULT;
618 
619                         read += input_event_size();
620                 }
621 
622                 if (read)
623                         break;
624 
625                 if (!(file->f_flags & O_NONBLOCK)) {
626                         error = wait_event_interruptible(evdev->wait,
627                                         client->packet_head != client->tail ||
628                                         !evdev->exist || client->revoked);
629                         if (error)
630                                 return error;
631                 }
632         }
633 
634         return read;
635 }
636 
637 /* No kernel lock - fine */
638 static unsigned int evdev_poll(struct file *file, poll_table *wait)
639 {
640         struct evdev_client *client = file->private_data;
641         struct evdev *evdev = client->evdev;
642         unsigned int mask;
643 
644         poll_wait(file, &evdev->wait, wait);
645 
646         if (evdev->exist && !client->revoked)
647                 mask = POLLOUT | POLLWRNORM;
648         else
649                 mask = POLLHUP | POLLERR;
650 
651         if (client->packet_head != client->tail)
652                 mask |= POLLIN | POLLRDNORM;
653 
654         return mask;
655 }
656 
657 #ifdef CONFIG_COMPAT
658 
659 #define BITS_PER_LONG_COMPAT (sizeof(compat_long_t) * 8)
660 #define BITS_TO_LONGS_COMPAT(x) ((((x) - 1) / BITS_PER_LONG_COMPAT) + 1)
661 
662 #ifdef __BIG_ENDIAN
663 static int bits_to_user(unsigned long *bits, unsigned int maxbit,
664                         unsigned int maxlen, void __user *p, int compat)
665 {
666         int len, i;
667 
668         if (compat) {
669                 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t);
670                 if (len > maxlen)
671                         len = maxlen;
672 
673                 for (i = 0; i < len / sizeof(compat_long_t); i++)
674                         if (copy_to_user((compat_long_t __user *) p + i,
675                                          (compat_long_t *) bits +
676                                                 i + 1 - ((i % 2) << 1),
677                                          sizeof(compat_long_t)))
678                                 return -EFAULT;
679         } else {
680                 len = BITS_TO_LONGS(maxbit) * sizeof(long);
681                 if (len > maxlen)
682                         len = maxlen;
683 
684                 if (copy_to_user(p, bits, len))
685                         return -EFAULT;
686         }
687 
688         return len;
689 }
690 
691 static int bits_from_user(unsigned long *bits, unsigned int maxbit,
692                           unsigned int maxlen, const void __user *p, int compat)
693 {
694         int len, i;
695 
696         if (compat) {
697                 if (maxlen % sizeof(compat_long_t))
698                         return -EINVAL;
699 
700                 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t);
701                 if (len > maxlen)
702                         len = maxlen;
703 
704                 for (i = 0; i < len / sizeof(compat_long_t); i++)
705                         if (copy_from_user((compat_long_t *) bits +
706                                                 i + 1 - ((i % 2) << 1),
707                                            (compat_long_t __user *) p + i,
708                                            sizeof(compat_long_t)))
709                                 return -EFAULT;
710                 if (i % 2)
711                         *((compat_long_t *) bits + i - 1) = 0;
712 
713         } else {
714                 if (maxlen % sizeof(long))
715                         return -EINVAL;
716 
717                 len = BITS_TO_LONGS(maxbit) * sizeof(long);
718                 if (len > maxlen)
719                         len = maxlen;
720 
721                 if (copy_from_user(bits, p, len))
722                         return -EFAULT;
723         }
724 
725         return len;
726 }
727 
728 #else
729 
730 static int bits_to_user(unsigned long *bits, unsigned int maxbit,
731                         unsigned int maxlen, void __user *p, int compat)
732 {
733         int len = compat ?
734                         BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t) :
735                         BITS_TO_LONGS(maxbit) * sizeof(long);
736 
737         if (len > maxlen)
738                 len = maxlen;
739 
740         return copy_to_user(p, bits, len) ? -EFAULT : len;
741 }
742 
743 static int bits_from_user(unsigned long *bits, unsigned int maxbit,
744                           unsigned int maxlen, const void __user *p, int compat)
745 {
746         size_t chunk_size = compat ? sizeof(compat_long_t) : sizeof(long);
747         int len;
748 
749         if (maxlen % chunk_size)
750                 return -EINVAL;
751 
752         len = compat ? BITS_TO_LONGS_COMPAT(maxbit) : BITS_TO_LONGS(maxbit);
753         len *= chunk_size;
754         if (len > maxlen)
755                 len = maxlen;
756 
757         return copy_from_user(bits, p, len) ? -EFAULT : len;
758 }
759 
760 #endif /* __BIG_ENDIAN */
761 
762 #else
763 
764 static int bits_to_user(unsigned long *bits, unsigned int maxbit,
765                         unsigned int maxlen, void __user *p, int compat)
766 {
767         int len = BITS_TO_LONGS(maxbit) * sizeof(long);
768 
769         if (len > maxlen)
770                 len = maxlen;
771 
772         return copy_to_user(p, bits, len) ? -EFAULT : len;
773 }
774 
775 static int bits_from_user(unsigned long *bits, unsigned int maxbit,
776                           unsigned int maxlen, const void __user *p, int compat)
777 {
778         int len;
779 
780         if (maxlen % sizeof(long))
781                 return -EINVAL;
782 
783         len = BITS_TO_LONGS(maxbit) * sizeof(long);
784         if (len > maxlen)
785                 len = maxlen;
786 
787         return copy_from_user(bits, p, len) ? -EFAULT : len;
788 }
789 
790 #endif /* CONFIG_COMPAT */
791 
792 static int str_to_user(const char *str, unsigned int maxlen, void __user *p)
793 {
794         int len;
795 
796         if (!str)
797                 return -ENOENT;
798 
799         len = strlen(str) + 1;
800         if (len > maxlen)
801                 len = maxlen;
802 
803         return copy_to_user(p, str, len) ? -EFAULT : len;
804 }
805 
806 static int handle_eviocgbit(struct input_dev *dev,
807                             unsigned int type, unsigned int size,
808                             void __user *p, int compat_mode)
809 {
810         unsigned long *bits;
811         int len;
812 
813         switch (type) {
814 
815         case      0: bits = dev->evbit;  len = EV_MAX;  break;
816         case EV_KEY: bits = dev->keybit; len = KEY_MAX; break;
817         case EV_REL: bits = dev->relbit; len = REL_MAX; break;
818         case EV_ABS: bits = dev->absbit; len = ABS_MAX; break;
819         case EV_MSC: bits = dev->mscbit; len = MSC_MAX; break;
820         case EV_LED: bits = dev->ledbit; len = LED_MAX; break;
821         case EV_SND: bits = dev->sndbit; len = SND_MAX; break;
822         case EV_FF:  bits = dev->ffbit;  len = FF_MAX;  break;
823         case EV_SW:  bits = dev->swbit;  len = SW_MAX;  break;
824         default: return -EINVAL;
825         }
826 
827         return bits_to_user(bits, len, size, p, compat_mode);
828 }
829 
830 static int evdev_handle_get_keycode(struct input_dev *dev, void __user *p)
831 {
832         struct input_keymap_entry ke = {
833                 .len    = sizeof(unsigned int),
834                 .flags  = 0,
835         };
836         int __user *ip = (int __user *)p;
837         int error;
838 
839         /* legacy case */
840         if (copy_from_user(ke.scancode, p, sizeof(unsigned int)))
841                 return -EFAULT;
842 
843         error = input_get_keycode(dev, &ke);
844         if (error)
845                 return error;
846 
847         if (put_user(ke.keycode, ip + 1))
848                 return -EFAULT;
849 
850         return 0;
851 }
852 
853 static int evdev_handle_get_keycode_v2(struct input_dev *dev, void __user *p)
854 {
855         struct input_keymap_entry ke;
856         int error;
857 
858         if (copy_from_user(&ke, p, sizeof(ke)))
859                 return -EFAULT;
860 
861         error = input_get_keycode(dev, &ke);
862         if (error)
863                 return error;
864 
865         if (copy_to_user(p, &ke, sizeof(ke)))
866                 return -EFAULT;
867 
868         return 0;
869 }
870 
871 static int evdev_handle_set_keycode(struct input_dev *dev, void __user *p)
872 {
873         struct input_keymap_entry ke = {
874                 .len    = sizeof(unsigned int),
875                 .flags  = 0,
876         };
877         int __user *ip = (int __user *)p;
878 
879         if (copy_from_user(ke.scancode, p, sizeof(unsigned int)))
880                 return -EFAULT;
881 
882         if (get_user(ke.keycode, ip + 1))
883                 return -EFAULT;
884 
885         return input_set_keycode(dev, &ke);
886 }
887 
888 static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p)
889 {
890         struct input_keymap_entry ke;
891 
892         if (copy_from_user(&ke, p, sizeof(ke)))
893                 return -EFAULT;
894 
895         if (ke.len > sizeof(ke.scancode))
896                 return -EINVAL;
897 
898         return input_set_keycode(dev, &ke);
899 }
900 
901 /*
902  * If we transfer state to the user, we should flush all pending events
903  * of the same type from the client's queue. Otherwise, they might end up
904  * with duplicate events, which can screw up client's state tracking.
905  * If bits_to_user fails after flushing the queue, we queue a SYN_DROPPED
906  * event so user-space will notice missing events.
907  *
908  * LOCKING:
909  * We need to take event_lock before buffer_lock to avoid dead-locks. But we
910  * need the even_lock only to guarantee consistent state. We can safely release
911  * it while flushing the queue. This allows input-core to handle filters while
912  * we flush the queue.
913  */
914 static int evdev_handle_get_val(struct evdev_client *client,
915                                 struct input_dev *dev, unsigned int type,
916                                 unsigned long *bits, unsigned int maxbit,
917                                 unsigned int maxlen, void __user *p,
918                                 int compat)
919 {
920         int ret;
921         unsigned long *mem;
922         size_t len;
923 
924         len = BITS_TO_LONGS(maxbit) * sizeof(unsigned long);
925         mem = kmalloc(len, GFP_KERNEL);
926         if (!mem)
927                 return -ENOMEM;
928 
929         spin_lock_irq(&dev->event_lock);
930         spin_lock(&client->buffer_lock);
931 
932         memcpy(mem, bits, len);
933 
934         spin_unlock(&dev->event_lock);
935 
936         __evdev_flush_queue(client, type);
937 
938         spin_unlock_irq(&client->buffer_lock);
939 
940         ret = bits_to_user(mem, maxbit, maxlen, p, compat);
941         if (ret < 0)
942                 evdev_queue_syn_dropped(client);
943 
944         kfree(mem);
945 
946         return ret;
947 }
948 
949 static int evdev_handle_mt_request(struct input_dev *dev,
950                                    unsigned int size,
951                                    int __user *ip)
952 {
953         const struct input_mt *mt = dev->mt;
954         unsigned int code;
955         int max_slots;
956         int i;
957 
958         if (get_user(code, &ip[0]))
959                 return -EFAULT;
960         if (!mt || !input_is_mt_value(code))
961                 return -EINVAL;
962 
963         max_slots = (size - sizeof(__u32)) / sizeof(__s32);
964         for (i = 0; i < mt->num_slots && i < max_slots; i++) {
965                 int value = input_mt_get_value(&mt->slots[i], code);
966                 if (put_user(value, &ip[1 + i]))
967                         return -EFAULT;
968         }
969 
970         return 0;
971 }
972 
973 static int evdev_revoke(struct evdev *evdev, struct evdev_client *client,
974                         struct file *file)
975 {
976         client->revoked = true;
977         evdev_ungrab(evdev, client);
978         input_flush_device(&evdev->handle, file);
979         wake_up_interruptible(&evdev->wait);
980 
981         return 0;
982 }
983 
984 /* must be called with evdev-mutex held */
985 static int evdev_set_mask(struct evdev_client *client,
986                           unsigned int type,
987                           const void __user *codes,
988                           u32 codes_size,
989                           int compat)
990 {
991         unsigned long flags, *mask, *oldmask;
992         size_t cnt;
993         int error;
994 
995         /* we allow unknown types and 'codes_size > size' for forward-compat */
996         cnt = evdev_get_mask_cnt(type);
997         if (!cnt)
998                 return 0;
999 
1000         mask = kcalloc(sizeof(unsigned long), BITS_TO_LONGS(cnt), GFP_KERNEL);
1001         if (!mask)
1002                 return -ENOMEM;
1003 
1004         error = bits_from_user(mask, cnt - 1, codes_size, codes, compat);
1005         if (error < 0) {
1006                 kfree(mask);
1007                 return error;
1008         }
1009 
1010         spin_lock_irqsave(&client->buffer_lock, flags);
1011         oldmask = client->evmasks[type];
1012         client->evmasks[type] = mask;
1013         spin_unlock_irqrestore(&client->buffer_lock, flags);
1014 
1015         kfree(oldmask);
1016 
1017         return 0;
1018 }
1019 
1020 /* must be called with evdev-mutex held */
1021 static int evdev_get_mask(struct evdev_client *client,
1022                           unsigned int type,
1023                           void __user *codes,
1024                           u32 codes_size,
1025                           int compat)
1026 {
1027         unsigned long *mask;
1028         size_t cnt, size, xfer_size;
1029         int i;
1030         int error;
1031 
1032         /* we allow unknown types and 'codes_size > size' for forward-compat */
1033         cnt = evdev_get_mask_cnt(type);
1034         size = sizeof(unsigned long) * BITS_TO_LONGS(cnt);
1035         xfer_size = min_t(size_t, codes_size, size);
1036 
1037         if (cnt > 0) {
1038                 mask = client->evmasks[type];
1039                 if (mask) {
1040                         error = bits_to_user(mask, cnt - 1,
1041                                              xfer_size, codes, compat);
1042                         if (error < 0)
1043                                 return error;
1044                 } else {
1045                         /* fake mask with all bits set */
1046                         for (i = 0; i < xfer_size; i++)
1047                                 if (put_user(0xffU, (u8 __user *)codes + i))
1048                                         return -EFAULT;
1049                 }
1050         }
1051 
1052         if (xfer_size < codes_size)
1053                 if (clear_user(codes + xfer_size, codes_size - xfer_size))
1054                         return -EFAULT;
1055 
1056         return 0;
1057 }
1058 
1059 static long evdev_do_ioctl(struct file *file, unsigned int cmd,
1060                            void __user *p, int compat_mode)
1061 {
1062         struct evdev_client *client = file->private_data;
1063         struct evdev *evdev = client->evdev;
1064         struct input_dev *dev = evdev->handle.dev;
1065         struct input_absinfo abs;
1066         struct input_mask mask;
1067         struct ff_effect effect;
1068         int __user *ip = (int __user *)p;
1069         unsigned int i, t, u, v;
1070         unsigned int size;
1071         int error;
1072 
1073         /* First we check for fixed-length commands */
1074         switch (cmd) {
1075 
1076         case EVIOCGVERSION:
1077                 return put_user(EV_VERSION, ip);
1078 
1079         case EVIOCGID:
1080                 if (copy_to_user(p, &dev->id, sizeof(struct input_id)))
1081                         return -EFAULT;
1082                 return 0;
1083 
1084         case EVIOCGREP:
1085                 if (!test_bit(EV_REP, dev->evbit))
1086                         return -ENOSYS;
1087                 if (put_user(dev->rep[REP_DELAY], ip))
1088                         return -EFAULT;
1089                 if (put_user(dev->rep[REP_PERIOD], ip + 1))
1090                         return -EFAULT;
1091                 return 0;
1092 
1093         case EVIOCSREP:
1094                 if (!test_bit(EV_REP, dev->evbit))
1095                         return -ENOSYS;
1096                 if (get_user(u, ip))
1097                         return -EFAULT;
1098                 if (get_user(v, ip + 1))
1099                         return -EFAULT;
1100 
1101                 input_inject_event(&evdev->handle, EV_REP, REP_DELAY, u);
1102                 input_inject_event(&evdev->handle, EV_REP, REP_PERIOD, v);
1103 
1104                 return 0;
1105 
1106         case EVIOCRMFF:
1107                 return input_ff_erase(dev, (int)(unsigned long) p, file);
1108 
1109         case EVIOCGEFFECTS:
1110                 i = test_bit(EV_FF, dev->evbit) ?
1111                                 dev->ff->max_effects : 0;
1112                 if (put_user(i, ip))
1113                         return -EFAULT;
1114                 return 0;
1115 
1116         case EVIOCGRAB:
1117                 if (p)
1118                         return evdev_grab(evdev, client);
1119                 else
1120                         return evdev_ungrab(evdev, client);
1121 
1122         case EVIOCREVOKE:
1123                 if (p)
1124                         return -EINVAL;
1125                 else
1126                         return evdev_revoke(evdev, client, file);
1127 
1128         case EVIOCGMASK: {
1129                 void __user *codes_ptr;
1130 
1131                 if (copy_from_user(&mask, p, sizeof(mask)))
1132                         return -EFAULT;
1133 
1134                 codes_ptr = (void __user *)(unsigned long)mask.codes_ptr;
1135                 return evdev_get_mask(client,
1136                                       mask.type, codes_ptr, mask.codes_size,
1137                                       compat_mode);
1138         }
1139 
1140         case EVIOCSMASK: {
1141                 const void __user *codes_ptr;
1142 
1143                 if (copy_from_user(&mask, p, sizeof(mask)))
1144                         return -EFAULT;
1145 
1146                 codes_ptr = (const void __user *)(unsigned long)mask.codes_ptr;
1147                 return evdev_set_mask(client,
1148                                       mask.type, codes_ptr, mask.codes_size,
1149                                       compat_mode);
1150         }
1151 
1152         case EVIOCSCLOCKID:
1153                 if (copy_from_user(&i, p, sizeof(unsigned int)))
1154                         return -EFAULT;
1155 
1156                 return evdev_set_clk_type(client, i);
1157 
1158         case EVIOCGKEYCODE:
1159                 return evdev_handle_get_keycode(dev, p);
1160 
1161         case EVIOCSKEYCODE:
1162                 return evdev_handle_set_keycode(dev, p);
1163 
1164         case EVIOCGKEYCODE_V2:
1165                 return evdev_handle_get_keycode_v2(dev, p);
1166 
1167         case EVIOCSKEYCODE_V2:
1168                 return evdev_handle_set_keycode_v2(dev, p);
1169         }
1170 
1171         size = _IOC_SIZE(cmd);
1172 
1173         /* Now check variable-length commands */
1174 #define EVIOC_MASK_SIZE(nr)     ((nr) & ~(_IOC_SIZEMASK << _IOC_SIZESHIFT))
1175         switch (EVIOC_MASK_SIZE(cmd)) {
1176 
1177         case EVIOCGPROP(0):
1178                 return bits_to_user(dev->propbit, INPUT_PROP_MAX,
1179                                     size, p, compat_mode);
1180 
1181         case EVIOCGMTSLOTS(0):
1182                 return evdev_handle_mt_request(dev, size, ip);
1183 
1184         case EVIOCGKEY(0):
1185                 return evdev_handle_get_val(client, dev, EV_KEY, dev->key,
1186                                             KEY_MAX, size, p, compat_mode);
1187 
1188         case EVIOCGLED(0):
1189                 return evdev_handle_get_val(client, dev, EV_LED, dev->led,
1190                                             LED_MAX, size, p, compat_mode);
1191 
1192         case EVIOCGSND(0):
1193                 return evdev_handle_get_val(client, dev, EV_SND, dev->snd,
1194                                             SND_MAX, size, p, compat_mode);
1195 
1196         case EVIOCGSW(0):
1197                 return evdev_handle_get_val(client, dev, EV_SW, dev->sw,
1198                                             SW_MAX, size, p, compat_mode);
1199 
1200         case EVIOCGNAME(0):
1201                 return str_to_user(dev->name, size, p);
1202 
1203         case EVIOCGPHYS(0):
1204                 return str_to_user(dev->phys, size, p);
1205 
1206         case EVIOCGUNIQ(0):
1207                 return str_to_user(dev->uniq, size, p);
1208 
1209         case EVIOC_MASK_SIZE(EVIOCSFF):
1210                 if (input_ff_effect_from_user(p, size, &effect))
1211                         return -EFAULT;
1212 
1213                 error = input_ff_upload(dev, &effect, file);
1214                 if (error)
1215                         return error;
1216 
1217                 if (put_user(effect.id, &(((struct ff_effect __user *)p)->id)))
1218                         return -EFAULT;
1219 
1220                 return 0;
1221         }
1222 
1223         /* Multi-number variable-length handlers */
1224         if (_IOC_TYPE(cmd) != 'E')
1225                 return -EINVAL;
1226 
1227         if (_IOC_DIR(cmd) == _IOC_READ) {
1228 
1229                 if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0, 0)))
1230                         return handle_eviocgbit(dev,
1231                                                 _IOC_NR(cmd) & EV_MAX, size,
1232                                                 p, compat_mode);
1233 
1234                 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) {
1235 
1236                         if (!dev->absinfo)
1237                                 return -EINVAL;
1238 
1239                         t = _IOC_NR(cmd) & ABS_MAX;
1240                         abs = dev->absinfo[t];
1241 
1242                         if (copy_to_user(p, &abs, min_t(size_t,
1243                                         size, sizeof(struct input_absinfo))))
1244                                 return -EFAULT;
1245 
1246                         return 0;
1247                 }
1248         }
1249 
1250         if (_IOC_DIR(cmd) == _IOC_WRITE) {
1251 
1252                 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) {
1253 
1254                         if (!dev->absinfo)
1255                                 return -EINVAL;
1256 
1257                         t = _IOC_NR(cmd) & ABS_MAX;
1258 
1259                         if (copy_from_user(&abs, p, min_t(size_t,
1260                                         size, sizeof(struct input_absinfo))))
1261                                 return -EFAULT;
1262 
1263                         if (size < sizeof(struct input_absinfo))
1264                                 abs.resolution = 0;
1265 
1266                         /* We can't change number of reserved MT slots */
1267                         if (t == ABS_MT_SLOT)
1268                                 return -EINVAL;
1269 
1270                         /*
1271                          * Take event lock to ensure that we are not
1272                          * changing device parameters in the middle
1273                          * of event.
1274                          */
1275                         spin_lock_irq(&dev->event_lock);
1276                         dev->absinfo[t] = abs;
1277                         spin_unlock_irq(&dev->event_lock);
1278 
1279                         return 0;
1280                 }
1281         }
1282 
1283         return -EINVAL;
1284 }
1285 
1286 static long evdev_ioctl_handler(struct file *file, unsigned int cmd,
1287                                 void __user *p, int compat_mode)
1288 {
1289         struct evdev_client *client = file->private_data;
1290         struct evdev *evdev = client->evdev;
1291         int retval;
1292 
1293         retval = mutex_lock_interruptible(&evdev->mutex);
1294         if (retval)
1295                 return retval;
1296 
1297         if (!evdev->exist || client->revoked) {
1298                 retval = -ENODEV;
1299                 goto out;
1300         }
1301 
1302         retval = evdev_do_ioctl(file, cmd, p, compat_mode);
1303 
1304  out:
1305         mutex_unlock(&evdev->mutex);
1306         return retval;
1307 }
1308 
1309 static long evdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1310 {
1311         return evdev_ioctl_handler(file, cmd, (void __user *)arg, 0);
1312 }
1313 
1314 #ifdef CONFIG_COMPAT
1315 static long evdev_ioctl_compat(struct file *file,
1316                                 unsigned int cmd, unsigned long arg)
1317 {
1318         return evdev_ioctl_handler(file, cmd, compat_ptr(arg), 1);
1319 }
1320 #endif
1321 
1322 static const struct file_operations evdev_fops = {
1323         .owner          = THIS_MODULE,
1324         .read           = evdev_read,
1325         .write          = evdev_write,
1326         .poll           = evdev_poll,
1327         .open           = evdev_open,
1328         .release        = evdev_release,
1329         .unlocked_ioctl = evdev_ioctl,
1330 #ifdef CONFIG_COMPAT
1331         .compat_ioctl   = evdev_ioctl_compat,
1332 #endif
1333         .fasync         = evdev_fasync,
1334         .flush          = evdev_flush,
1335         .llseek         = no_llseek,
1336 };
1337 
1338 /*
1339  * Mark device non-existent. This disables writes, ioctls and
1340  * prevents new users from opening the device. Already posted
1341  * blocking reads will stay, however new ones will fail.
1342  */
1343 static void evdev_mark_dead(struct evdev *evdev)
1344 {
1345         mutex_lock(&evdev->mutex);
1346         evdev->exist = false;
1347         mutex_unlock(&evdev->mutex);
1348 }
1349 
1350 static void evdev_cleanup(struct evdev *evdev)
1351 {
1352         struct input_handle *handle = &evdev->handle;
1353 
1354         evdev_mark_dead(evdev);
1355         evdev_hangup(evdev);
1356 
1357         cdev_del(&evdev->cdev);
1358 
1359         /* evdev is marked dead so no one else accesses evdev->open */
1360         if (evdev->open) {
1361                 input_flush_device(handle, NULL);
1362                 input_close_device(handle);
1363         }
1364 }
1365 
1366 /*
1367  * Create new evdev device. Note that input core serializes calls
1368  * to connect and disconnect.
1369  */
1370 static int evdev_connect(struct input_handler *handler, struct input_dev *dev,
1371                          const struct input_device_id *id)
1372 {
1373         struct evdev *evdev;
1374         int minor;
1375         int dev_no;
1376         int error;
1377 
1378         minor = input_get_new_minor(EVDEV_MINOR_BASE, EVDEV_MINORS, true);
1379         if (minor < 0) {
1380                 error = minor;
1381                 pr_err("failed to reserve new minor: %d\n", error);
1382                 return error;
1383         }
1384 
1385         evdev = kzalloc(sizeof(struct evdev), GFP_KERNEL);
1386         if (!evdev) {
1387                 error = -ENOMEM;
1388                 goto err_free_minor;
1389         }
1390 
1391         INIT_LIST_HEAD(&evdev->client_list);
1392         spin_lock_init(&evdev->client_lock);
1393         mutex_init(&evdev->mutex);
1394         init_waitqueue_head(&evdev->wait);
1395         evdev->exist = true;
1396 
1397         dev_no = minor;
1398         /* Normalize device number if it falls into legacy range */
1399         if (dev_no < EVDEV_MINOR_BASE + EVDEV_MINORS)
1400                 dev_no -= EVDEV_MINOR_BASE;
1401         dev_set_name(&evdev->dev, "event%d", dev_no);
1402 
1403         evdev->handle.dev = input_get_device(dev);
1404         evdev->handle.name = dev_name(&evdev->dev);
1405         evdev->handle.handler = handler;
1406         evdev->handle.private = evdev;
1407 
1408         evdev->dev.devt = MKDEV(INPUT_MAJOR, minor);
1409         evdev->dev.class = &input_class;
1410         evdev->dev.parent = &dev->dev;
1411         evdev->dev.release = evdev_free;
1412         device_initialize(&evdev->dev);
1413 
1414         error = input_register_handle(&evdev->handle);
1415         if (error)
1416                 goto err_free_evdev;
1417 
1418         cdev_init(&evdev->cdev, &evdev_fops);
1419         evdev->cdev.kobj.parent = &evdev->dev.kobj;
1420         error = cdev_add(&evdev->cdev, evdev->dev.devt, 1);
1421         if (error)
1422                 goto err_unregister_handle;
1423 
1424         error = device_add(&evdev->dev);
1425         if (error)
1426                 goto err_cleanup_evdev;
1427 
1428         return 0;
1429 
1430  err_cleanup_evdev:
1431         evdev_cleanup(evdev);
1432  err_unregister_handle:
1433         input_unregister_handle(&evdev->handle);
1434  err_free_evdev:
1435         put_device(&evdev->dev);
1436  err_free_minor:
1437         input_free_minor(minor);
1438         return error;
1439 }
1440 
1441 static void evdev_disconnect(struct input_handle *handle)
1442 {
1443         struct evdev *evdev = handle->private;
1444 
1445         device_del(&evdev->dev);
1446         evdev_cleanup(evdev);
1447         input_free_minor(MINOR(evdev->dev.devt));
1448         input_unregister_handle(handle);
1449         put_device(&evdev->dev);
1450 }
1451 
1452 static const struct input_device_id evdev_ids[] = {
1453         { .driver_info = 1 },   /* Matches all devices */
1454         { },                    /* Terminating zero entry */
1455 };
1456 
1457 MODULE_DEVICE_TABLE(input, evdev_ids);
1458 
1459 static struct input_handler evdev_handler = {
1460         .event          = evdev_event,
1461         .events         = evdev_events,
1462         .connect        = evdev_connect,
1463         .disconnect     = evdev_disconnect,
1464         .legacy_minors  = true,
1465         .minor          = EVDEV_MINOR_BASE,
1466         .name           = "evdev",
1467         .id_table       = evdev_ids,
1468 };
1469 
1470 static int __init evdev_init(void)
1471 {
1472         return input_register_handler(&evdev_handler);
1473 }
1474 
1475 static void __exit evdev_exit(void)
1476 {
1477         input_unregister_handler(&evdev_handler);
1478 }
1479 
1480 module_init(evdev_init);
1481 module_exit(evdev_exit);
1482 
1483 MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>");
1484 MODULE_DESCRIPTION("Input driver event char devices");
1485 MODULE_LICENSE("GPL");
1486 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us