Version:  2.0.40 2.2.26 2.4.37 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16 3.17 3.18 3.19 4.0

Linux/drivers/input/evdev.c

  1 /*
  2  * Event char devices, giving access to raw input device events.
  3  *
  4  * Copyright (c) 1999-2002 Vojtech Pavlik
  5  *
  6  * This program is free software; you can redistribute it and/or modify it
  7  * under the terms of the GNU General Public License version 2 as published by
  8  * the Free Software Foundation.
  9  */
 10 
 11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 12 
 13 #define EVDEV_MINOR_BASE        64
 14 #define EVDEV_MINORS            32
 15 #define EVDEV_MIN_BUFFER_SIZE   64U
 16 #define EVDEV_BUF_PACKETS       8
 17 
 18 #include <linux/poll.h>
 19 #include <linux/sched.h>
 20 #include <linux/slab.h>
 21 #include <linux/vmalloc.h>
 22 #include <linux/mm.h>
 23 #include <linux/module.h>
 24 #include <linux/init.h>
 25 #include <linux/input/mt.h>
 26 #include <linux/major.h>
 27 #include <linux/device.h>
 28 #include <linux/cdev.h>
 29 #include "input-compat.h"
 30 
 31 enum evdev_clock_type {
 32         EV_CLK_REAL = 0,
 33         EV_CLK_MONO,
 34         EV_CLK_BOOT,
 35         EV_CLK_MAX
 36 };
 37 
 38 struct evdev {
 39         int open;
 40         struct input_handle handle;
 41         wait_queue_head_t wait;
 42         struct evdev_client __rcu *grab;
 43         struct list_head client_list;
 44         spinlock_t client_lock; /* protects client_list */
 45         struct mutex mutex;
 46         struct device dev;
 47         struct cdev cdev;
 48         bool exist;
 49 };
 50 
 51 struct evdev_client {
 52         unsigned int head;
 53         unsigned int tail;
 54         unsigned int packet_head; /* [future] position of the first element of next packet */
 55         spinlock_t buffer_lock; /* protects access to buffer, head and tail */
 56         struct fasync_struct *fasync;
 57         struct evdev *evdev;
 58         struct list_head node;
 59         int clk_type;
 60         bool revoked;
 61         unsigned int bufsize;
 62         struct input_event buffer[];
 63 };
 64 
 65 /* flush queued events of type @type, caller must hold client->buffer_lock */
 66 static void __evdev_flush_queue(struct evdev_client *client, unsigned int type)
 67 {
 68         unsigned int i, head, num;
 69         unsigned int mask = client->bufsize - 1;
 70         bool is_report;
 71         struct input_event *ev;
 72 
 73         BUG_ON(type == EV_SYN);
 74 
 75         head = client->tail;
 76         client->packet_head = client->tail;
 77 
 78         /* init to 1 so a leading SYN_REPORT will not be dropped */
 79         num = 1;
 80 
 81         for (i = client->tail; i != client->head; i = (i + 1) & mask) {
 82                 ev = &client->buffer[i];
 83                 is_report = ev->type == EV_SYN && ev->code == SYN_REPORT;
 84 
 85                 if (ev->type == type) {
 86                         /* drop matched entry */
 87                         continue;
 88                 } else if (is_report && !num) {
 89                         /* drop empty SYN_REPORT groups */
 90                         continue;
 91                 } else if (head != i) {
 92                         /* move entry to fill the gap */
 93                         client->buffer[head].time = ev->time;
 94                         client->buffer[head].type = ev->type;
 95                         client->buffer[head].code = ev->code;
 96                         client->buffer[head].value = ev->value;
 97                 }
 98 
 99                 num++;
100                 head = (head + 1) & mask;
101 
102                 if (is_report) {
103                         num = 0;
104                         client->packet_head = head;
105                 }
106         }
107 
108         client->head = head;
109 }
110 
111 static void __evdev_queue_syn_dropped(struct evdev_client *client)
112 {
113         struct input_event ev;
114         ktime_t time;
115 
116         time = client->clk_type == EV_CLK_REAL ?
117                         ktime_get_real() :
118                         client->clk_type == EV_CLK_MONO ?
119                                 ktime_get() :
120                                 ktime_get_boottime();
121 
122         ev.time = ktime_to_timeval(time);
123         ev.type = EV_SYN;
124         ev.code = SYN_DROPPED;
125         ev.value = 0;
126 
127         client->buffer[client->head++] = ev;
128         client->head &= client->bufsize - 1;
129 
130         if (unlikely(client->head == client->tail)) {
131                 /* drop queue but keep our SYN_DROPPED event */
132                 client->tail = (client->head - 1) & (client->bufsize - 1);
133                 client->packet_head = client->tail;
134         }
135 }
136 
137 static void evdev_queue_syn_dropped(struct evdev_client *client)
138 {
139         unsigned long flags;
140 
141         spin_lock_irqsave(&client->buffer_lock, flags);
142         __evdev_queue_syn_dropped(client);
143         spin_unlock_irqrestore(&client->buffer_lock, flags);
144 }
145 
146 static int evdev_set_clk_type(struct evdev_client *client, unsigned int clkid)
147 {
148         unsigned long flags;
149 
150         if (client->clk_type == clkid)
151                 return 0;
152 
153         switch (clkid) {
154 
155         case CLOCK_REALTIME:
156                 client->clk_type = EV_CLK_REAL;
157                 break;
158         case CLOCK_MONOTONIC:
159                 client->clk_type = EV_CLK_MONO;
160                 break;
161         case CLOCK_BOOTTIME:
162                 client->clk_type = EV_CLK_BOOT;
163                 break;
164         default:
165                 return -EINVAL;
166         }
167 
168         /*
169          * Flush pending events and queue SYN_DROPPED event,
170          * but only if the queue is not empty.
171          */
172         spin_lock_irqsave(&client->buffer_lock, flags);
173 
174         if (client->head != client->tail) {
175                 client->packet_head = client->head = client->tail;
176                 __evdev_queue_syn_dropped(client);
177         }
178 
179         spin_unlock_irqrestore(&client->buffer_lock, flags);
180 
181         return 0;
182 }
183 
184 static void __pass_event(struct evdev_client *client,
185                          const struct input_event *event)
186 {
187         client->buffer[client->head++] = *event;
188         client->head &= client->bufsize - 1;
189 
190         if (unlikely(client->head == client->tail)) {
191                 /*
192                  * This effectively "drops" all unconsumed events, leaving
193                  * EV_SYN/SYN_DROPPED plus the newest event in the queue.
194                  */
195                 client->tail = (client->head - 2) & (client->bufsize - 1);
196 
197                 client->buffer[client->tail].time = event->time;
198                 client->buffer[client->tail].type = EV_SYN;
199                 client->buffer[client->tail].code = SYN_DROPPED;
200                 client->buffer[client->tail].value = 0;
201 
202                 client->packet_head = client->tail;
203         }
204 
205         if (event->type == EV_SYN && event->code == SYN_REPORT) {
206                 client->packet_head = client->head;
207                 kill_fasync(&client->fasync, SIGIO, POLL_IN);
208         }
209 }
210 
211 static void evdev_pass_values(struct evdev_client *client,
212                         const struct input_value *vals, unsigned int count,
213                         ktime_t *ev_time)
214 {
215         struct evdev *evdev = client->evdev;
216         const struct input_value *v;
217         struct input_event event;
218         bool wakeup = false;
219 
220         if (client->revoked)
221                 return;
222 
223         event.time = ktime_to_timeval(ev_time[client->clk_type]);
224 
225         /* Interrupts are disabled, just acquire the lock. */
226         spin_lock(&client->buffer_lock);
227 
228         for (v = vals; v != vals + count; v++) {
229                 event.type = v->type;
230                 event.code = v->code;
231                 event.value = v->value;
232                 __pass_event(client, &event);
233                 if (v->type == EV_SYN && v->code == SYN_REPORT)
234                         wakeup = true;
235         }
236 
237         spin_unlock(&client->buffer_lock);
238 
239         if (wakeup)
240                 wake_up_interruptible(&evdev->wait);
241 }
242 
243 /*
244  * Pass incoming events to all connected clients.
245  */
246 static void evdev_events(struct input_handle *handle,
247                          const struct input_value *vals, unsigned int count)
248 {
249         struct evdev *evdev = handle->private;
250         struct evdev_client *client;
251         ktime_t ev_time[EV_CLK_MAX];
252 
253         ev_time[EV_CLK_MONO] = ktime_get();
254         ev_time[EV_CLK_REAL] = ktime_mono_to_real(ev_time[EV_CLK_MONO]);
255         ev_time[EV_CLK_BOOT] = ktime_mono_to_any(ev_time[EV_CLK_MONO],
256                                                  TK_OFFS_BOOT);
257 
258         rcu_read_lock();
259 
260         client = rcu_dereference(evdev->grab);
261 
262         if (client)
263                 evdev_pass_values(client, vals, count, ev_time);
264         else
265                 list_for_each_entry_rcu(client, &evdev->client_list, node)
266                         evdev_pass_values(client, vals, count, ev_time);
267 
268         rcu_read_unlock();
269 }
270 
271 /*
272  * Pass incoming event to all connected clients.
273  */
274 static void evdev_event(struct input_handle *handle,
275                         unsigned int type, unsigned int code, int value)
276 {
277         struct input_value vals[] = { { type, code, value } };
278 
279         evdev_events(handle, vals, 1);
280 }
281 
282 static int evdev_fasync(int fd, struct file *file, int on)
283 {
284         struct evdev_client *client = file->private_data;
285 
286         return fasync_helper(fd, file, on, &client->fasync);
287 }
288 
289 static int evdev_flush(struct file *file, fl_owner_t id)
290 {
291         struct evdev_client *client = file->private_data;
292         struct evdev *evdev = client->evdev;
293         int retval;
294 
295         retval = mutex_lock_interruptible(&evdev->mutex);
296         if (retval)
297                 return retval;
298 
299         if (!evdev->exist || client->revoked)
300                 retval = -ENODEV;
301         else
302                 retval = input_flush_device(&evdev->handle, file);
303 
304         mutex_unlock(&evdev->mutex);
305         return retval;
306 }
307 
308 static void evdev_free(struct device *dev)
309 {
310         struct evdev *evdev = container_of(dev, struct evdev, dev);
311 
312         input_put_device(evdev->handle.dev);
313         kfree(evdev);
314 }
315 
316 /*
317  * Grabs an event device (along with underlying input device).
318  * This function is called with evdev->mutex taken.
319  */
320 static int evdev_grab(struct evdev *evdev, struct evdev_client *client)
321 {
322         int error;
323 
324         if (evdev->grab)
325                 return -EBUSY;
326 
327         error = input_grab_device(&evdev->handle);
328         if (error)
329                 return error;
330 
331         rcu_assign_pointer(evdev->grab, client);
332 
333         return 0;
334 }
335 
336 static int evdev_ungrab(struct evdev *evdev, struct evdev_client *client)
337 {
338         struct evdev_client *grab = rcu_dereference_protected(evdev->grab,
339                                         lockdep_is_held(&evdev->mutex));
340 
341         if (grab != client)
342                 return  -EINVAL;
343 
344         rcu_assign_pointer(evdev->grab, NULL);
345         synchronize_rcu();
346         input_release_device(&evdev->handle);
347 
348         return 0;
349 }
350 
351 static void evdev_attach_client(struct evdev *evdev,
352                                 struct evdev_client *client)
353 {
354         spin_lock(&evdev->client_lock);
355         list_add_tail_rcu(&client->node, &evdev->client_list);
356         spin_unlock(&evdev->client_lock);
357 }
358 
359 static void evdev_detach_client(struct evdev *evdev,
360                                 struct evdev_client *client)
361 {
362         spin_lock(&evdev->client_lock);
363         list_del_rcu(&client->node);
364         spin_unlock(&evdev->client_lock);
365         synchronize_rcu();
366 }
367 
368 static int evdev_open_device(struct evdev *evdev)
369 {
370         int retval;
371 
372         retval = mutex_lock_interruptible(&evdev->mutex);
373         if (retval)
374                 return retval;
375 
376         if (!evdev->exist)
377                 retval = -ENODEV;
378         else if (!evdev->open++) {
379                 retval = input_open_device(&evdev->handle);
380                 if (retval)
381                         evdev->open--;
382         }
383 
384         mutex_unlock(&evdev->mutex);
385         return retval;
386 }
387 
388 static void evdev_close_device(struct evdev *evdev)
389 {
390         mutex_lock(&evdev->mutex);
391 
392         if (evdev->exist && !--evdev->open)
393                 input_close_device(&evdev->handle);
394 
395         mutex_unlock(&evdev->mutex);
396 }
397 
398 /*
399  * Wake up users waiting for IO so they can disconnect from
400  * dead device.
401  */
402 static void evdev_hangup(struct evdev *evdev)
403 {
404         struct evdev_client *client;
405 
406         spin_lock(&evdev->client_lock);
407         list_for_each_entry(client, &evdev->client_list, node)
408                 kill_fasync(&client->fasync, SIGIO, POLL_HUP);
409         spin_unlock(&evdev->client_lock);
410 
411         wake_up_interruptible(&evdev->wait);
412 }
413 
414 static int evdev_release(struct inode *inode, struct file *file)
415 {
416         struct evdev_client *client = file->private_data;
417         struct evdev *evdev = client->evdev;
418 
419         mutex_lock(&evdev->mutex);
420         evdev_ungrab(evdev, client);
421         mutex_unlock(&evdev->mutex);
422 
423         evdev_detach_client(evdev, client);
424 
425         if (is_vmalloc_addr(client))
426                 vfree(client);
427         else
428                 kfree(client);
429 
430         evdev_close_device(evdev);
431 
432         return 0;
433 }
434 
435 static unsigned int evdev_compute_buffer_size(struct input_dev *dev)
436 {
437         unsigned int n_events =
438                 max(dev->hint_events_per_packet * EVDEV_BUF_PACKETS,
439                     EVDEV_MIN_BUFFER_SIZE);
440 
441         return roundup_pow_of_two(n_events);
442 }
443 
444 static int evdev_open(struct inode *inode, struct file *file)
445 {
446         struct evdev *evdev = container_of(inode->i_cdev, struct evdev, cdev);
447         unsigned int bufsize = evdev_compute_buffer_size(evdev->handle.dev);
448         unsigned int size = sizeof(struct evdev_client) +
449                                         bufsize * sizeof(struct input_event);
450         struct evdev_client *client;
451         int error;
452 
453         client = kzalloc(size, GFP_KERNEL | __GFP_NOWARN);
454         if (!client)
455                 client = vzalloc(size);
456         if (!client)
457                 return -ENOMEM;
458 
459         client->bufsize = bufsize;
460         spin_lock_init(&client->buffer_lock);
461         client->evdev = evdev;
462         evdev_attach_client(evdev, client);
463 
464         error = evdev_open_device(evdev);
465         if (error)
466                 goto err_free_client;
467 
468         file->private_data = client;
469         nonseekable_open(inode, file);
470 
471         return 0;
472 
473  err_free_client:
474         evdev_detach_client(evdev, client);
475         kvfree(client);
476         return error;
477 }
478 
479 static ssize_t evdev_write(struct file *file, const char __user *buffer,
480                            size_t count, loff_t *ppos)
481 {
482         struct evdev_client *client = file->private_data;
483         struct evdev *evdev = client->evdev;
484         struct input_event event;
485         int retval = 0;
486 
487         if (count != 0 && count < input_event_size())
488                 return -EINVAL;
489 
490         retval = mutex_lock_interruptible(&evdev->mutex);
491         if (retval)
492                 return retval;
493 
494         if (!evdev->exist || client->revoked) {
495                 retval = -ENODEV;
496                 goto out;
497         }
498 
499         while (retval + input_event_size() <= count) {
500 
501                 if (input_event_from_user(buffer + retval, &event)) {
502                         retval = -EFAULT;
503                         goto out;
504                 }
505                 retval += input_event_size();
506 
507                 input_inject_event(&evdev->handle,
508                                    event.type, event.code, event.value);
509         }
510 
511  out:
512         mutex_unlock(&evdev->mutex);
513         return retval;
514 }
515 
516 static int evdev_fetch_next_event(struct evdev_client *client,
517                                   struct input_event *event)
518 {
519         int have_event;
520 
521         spin_lock_irq(&client->buffer_lock);
522 
523         have_event = client->packet_head != client->tail;
524         if (have_event) {
525                 *event = client->buffer[client->tail++];
526                 client->tail &= client->bufsize - 1;
527         }
528 
529         spin_unlock_irq(&client->buffer_lock);
530 
531         return have_event;
532 }
533 
534 static ssize_t evdev_read(struct file *file, char __user *buffer,
535                           size_t count, loff_t *ppos)
536 {
537         struct evdev_client *client = file->private_data;
538         struct evdev *evdev = client->evdev;
539         struct input_event event;
540         size_t read = 0;
541         int error;
542 
543         if (count != 0 && count < input_event_size())
544                 return -EINVAL;
545 
546         for (;;) {
547                 if (!evdev->exist || client->revoked)
548                         return -ENODEV;
549 
550                 if (client->packet_head == client->tail &&
551                     (file->f_flags & O_NONBLOCK))
552                         return -EAGAIN;
553 
554                 /*
555                  * count == 0 is special - no IO is done but we check
556                  * for error conditions (see above).
557                  */
558                 if (count == 0)
559                         break;
560 
561                 while (read + input_event_size() <= count &&
562                        evdev_fetch_next_event(client, &event)) {
563 
564                         if (input_event_to_user(buffer + read, &event))
565                                 return -EFAULT;
566 
567                         read += input_event_size();
568                 }
569 
570                 if (read)
571                         break;
572 
573                 if (!(file->f_flags & O_NONBLOCK)) {
574                         error = wait_event_interruptible(evdev->wait,
575                                         client->packet_head != client->tail ||
576                                         !evdev->exist || client->revoked);
577                         if (error)
578                                 return error;
579                 }
580         }
581 
582         return read;
583 }
584 
585 /* No kernel lock - fine */
586 static unsigned int evdev_poll(struct file *file, poll_table *wait)
587 {
588         struct evdev_client *client = file->private_data;
589         struct evdev *evdev = client->evdev;
590         unsigned int mask;
591 
592         poll_wait(file, &evdev->wait, wait);
593 
594         if (evdev->exist && !client->revoked)
595                 mask = POLLOUT | POLLWRNORM;
596         else
597                 mask = POLLHUP | POLLERR;
598 
599         if (client->packet_head != client->tail)
600                 mask |= POLLIN | POLLRDNORM;
601 
602         return mask;
603 }
604 
605 #ifdef CONFIG_COMPAT
606 
607 #define BITS_PER_LONG_COMPAT (sizeof(compat_long_t) * 8)
608 #define BITS_TO_LONGS_COMPAT(x) ((((x) - 1) / BITS_PER_LONG_COMPAT) + 1)
609 
610 #ifdef __BIG_ENDIAN
611 static int bits_to_user(unsigned long *bits, unsigned int maxbit,
612                         unsigned int maxlen, void __user *p, int compat)
613 {
614         int len, i;
615 
616         if (compat) {
617                 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t);
618                 if (len > maxlen)
619                         len = maxlen;
620 
621                 for (i = 0; i < len / sizeof(compat_long_t); i++)
622                         if (copy_to_user((compat_long_t __user *) p + i,
623                                          (compat_long_t *) bits +
624                                                 i + 1 - ((i % 2) << 1),
625                                          sizeof(compat_long_t)))
626                                 return -EFAULT;
627         } else {
628                 len = BITS_TO_LONGS(maxbit) * sizeof(long);
629                 if (len > maxlen)
630                         len = maxlen;
631 
632                 if (copy_to_user(p, bits, len))
633                         return -EFAULT;
634         }
635 
636         return len;
637 }
638 #else
639 static int bits_to_user(unsigned long *bits, unsigned int maxbit,
640                         unsigned int maxlen, void __user *p, int compat)
641 {
642         int len = compat ?
643                         BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t) :
644                         BITS_TO_LONGS(maxbit) * sizeof(long);
645 
646         if (len > maxlen)
647                 len = maxlen;
648 
649         return copy_to_user(p, bits, len) ? -EFAULT : len;
650 }
651 #endif /* __BIG_ENDIAN */
652 
653 #else
654 
655 static int bits_to_user(unsigned long *bits, unsigned int maxbit,
656                         unsigned int maxlen, void __user *p, int compat)
657 {
658         int len = BITS_TO_LONGS(maxbit) * sizeof(long);
659 
660         if (len > maxlen)
661                 len = maxlen;
662 
663         return copy_to_user(p, bits, len) ? -EFAULT : len;
664 }
665 
666 #endif /* CONFIG_COMPAT */
667 
668 static int str_to_user(const char *str, unsigned int maxlen, void __user *p)
669 {
670         int len;
671 
672         if (!str)
673                 return -ENOENT;
674 
675         len = strlen(str) + 1;
676         if (len > maxlen)
677                 len = maxlen;
678 
679         return copy_to_user(p, str, len) ? -EFAULT : len;
680 }
681 
682 static int handle_eviocgbit(struct input_dev *dev,
683                             unsigned int type, unsigned int size,
684                             void __user *p, int compat_mode)
685 {
686         unsigned long *bits;
687         int len;
688 
689         switch (type) {
690 
691         case      0: bits = dev->evbit;  len = EV_MAX;  break;
692         case EV_KEY: bits = dev->keybit; len = KEY_MAX; break;
693         case EV_REL: bits = dev->relbit; len = REL_MAX; break;
694         case EV_ABS: bits = dev->absbit; len = ABS_MAX; break;
695         case EV_MSC: bits = dev->mscbit; len = MSC_MAX; break;
696         case EV_LED: bits = dev->ledbit; len = LED_MAX; break;
697         case EV_SND: bits = dev->sndbit; len = SND_MAX; break;
698         case EV_FF:  bits = dev->ffbit;  len = FF_MAX;  break;
699         case EV_SW:  bits = dev->swbit;  len = SW_MAX;  break;
700         default: return -EINVAL;
701         }
702 
703         return bits_to_user(bits, len, size, p, compat_mode);
704 }
705 
706 static int evdev_handle_get_keycode(struct input_dev *dev, void __user *p)
707 {
708         struct input_keymap_entry ke = {
709                 .len    = sizeof(unsigned int),
710                 .flags  = 0,
711         };
712         int __user *ip = (int __user *)p;
713         int error;
714 
715         /* legacy case */
716         if (copy_from_user(ke.scancode, p, sizeof(unsigned int)))
717                 return -EFAULT;
718 
719         error = input_get_keycode(dev, &ke);
720         if (error)
721                 return error;
722 
723         if (put_user(ke.keycode, ip + 1))
724                 return -EFAULT;
725 
726         return 0;
727 }
728 
729 static int evdev_handle_get_keycode_v2(struct input_dev *dev, void __user *p)
730 {
731         struct input_keymap_entry ke;
732         int error;
733 
734         if (copy_from_user(&ke, p, sizeof(ke)))
735                 return -EFAULT;
736 
737         error = input_get_keycode(dev, &ke);
738         if (error)
739                 return error;
740 
741         if (copy_to_user(p, &ke, sizeof(ke)))
742                 return -EFAULT;
743 
744         return 0;
745 }
746 
747 static int evdev_handle_set_keycode(struct input_dev *dev, void __user *p)
748 {
749         struct input_keymap_entry ke = {
750                 .len    = sizeof(unsigned int),
751                 .flags  = 0,
752         };
753         int __user *ip = (int __user *)p;
754 
755         if (copy_from_user(ke.scancode, p, sizeof(unsigned int)))
756                 return -EFAULT;
757 
758         if (get_user(ke.keycode, ip + 1))
759                 return -EFAULT;
760 
761         return input_set_keycode(dev, &ke);
762 }
763 
764 static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p)
765 {
766         struct input_keymap_entry ke;
767 
768         if (copy_from_user(&ke, p, sizeof(ke)))
769                 return -EFAULT;
770 
771         if (ke.len > sizeof(ke.scancode))
772                 return -EINVAL;
773 
774         return input_set_keycode(dev, &ke);
775 }
776 
777 /*
778  * If we transfer state to the user, we should flush all pending events
779  * of the same type from the client's queue. Otherwise, they might end up
780  * with duplicate events, which can screw up client's state tracking.
781  * If bits_to_user fails after flushing the queue, we queue a SYN_DROPPED
782  * event so user-space will notice missing events.
783  *
784  * LOCKING:
785  * We need to take event_lock before buffer_lock to avoid dead-locks. But we
786  * need the even_lock only to guarantee consistent state. We can safely release
787  * it while flushing the queue. This allows input-core to handle filters while
788  * we flush the queue.
789  */
790 static int evdev_handle_get_val(struct evdev_client *client,
791                                 struct input_dev *dev, unsigned int type,
792                                 unsigned long *bits, unsigned int maxbit,
793                                 unsigned int maxlen, void __user *p,
794                                 int compat)
795 {
796         int ret;
797         unsigned long *mem;
798         size_t len;
799 
800         len = BITS_TO_LONGS(maxbit) * sizeof(unsigned long);
801         mem = kmalloc(len, GFP_KERNEL);
802         if (!mem)
803                 return -ENOMEM;
804 
805         spin_lock_irq(&dev->event_lock);
806         spin_lock(&client->buffer_lock);
807 
808         memcpy(mem, bits, len);
809 
810         spin_unlock(&dev->event_lock);
811 
812         __evdev_flush_queue(client, type);
813 
814         spin_unlock_irq(&client->buffer_lock);
815 
816         ret = bits_to_user(mem, maxbit, maxlen, p, compat);
817         if (ret < 0)
818                 evdev_queue_syn_dropped(client);
819 
820         kfree(mem);
821 
822         return ret;
823 }
824 
825 static int evdev_handle_mt_request(struct input_dev *dev,
826                                    unsigned int size,
827                                    int __user *ip)
828 {
829         const struct input_mt *mt = dev->mt;
830         unsigned int code;
831         int max_slots;
832         int i;
833 
834         if (get_user(code, &ip[0]))
835                 return -EFAULT;
836         if (!mt || !input_is_mt_value(code))
837                 return -EINVAL;
838 
839         max_slots = (size - sizeof(__u32)) / sizeof(__s32);
840         for (i = 0; i < mt->num_slots && i < max_slots; i++) {
841                 int value = input_mt_get_value(&mt->slots[i], code);
842                 if (put_user(value, &ip[1 + i]))
843                         return -EFAULT;
844         }
845 
846         return 0;
847 }
848 
849 static int evdev_revoke(struct evdev *evdev, struct evdev_client *client,
850                         struct file *file)
851 {
852         client->revoked = true;
853         evdev_ungrab(evdev, client);
854         input_flush_device(&evdev->handle, file);
855         wake_up_interruptible(&evdev->wait);
856 
857         return 0;
858 }
859 
860 static long evdev_do_ioctl(struct file *file, unsigned int cmd,
861                            void __user *p, int compat_mode)
862 {
863         struct evdev_client *client = file->private_data;
864         struct evdev *evdev = client->evdev;
865         struct input_dev *dev = evdev->handle.dev;
866         struct input_absinfo abs;
867         struct ff_effect effect;
868         int __user *ip = (int __user *)p;
869         unsigned int i, t, u, v;
870         unsigned int size;
871         int error;
872 
873         /* First we check for fixed-length commands */
874         switch (cmd) {
875 
876         case EVIOCGVERSION:
877                 return put_user(EV_VERSION, ip);
878 
879         case EVIOCGID:
880                 if (copy_to_user(p, &dev->id, sizeof(struct input_id)))
881                         return -EFAULT;
882                 return 0;
883 
884         case EVIOCGREP:
885                 if (!test_bit(EV_REP, dev->evbit))
886                         return -ENOSYS;
887                 if (put_user(dev->rep[REP_DELAY], ip))
888                         return -EFAULT;
889                 if (put_user(dev->rep[REP_PERIOD], ip + 1))
890                         return -EFAULT;
891                 return 0;
892 
893         case EVIOCSREP:
894                 if (!test_bit(EV_REP, dev->evbit))
895                         return -ENOSYS;
896                 if (get_user(u, ip))
897                         return -EFAULT;
898                 if (get_user(v, ip + 1))
899                         return -EFAULT;
900 
901                 input_inject_event(&evdev->handle, EV_REP, REP_DELAY, u);
902                 input_inject_event(&evdev->handle, EV_REP, REP_PERIOD, v);
903 
904                 return 0;
905 
906         case EVIOCRMFF:
907                 return input_ff_erase(dev, (int)(unsigned long) p, file);
908 
909         case EVIOCGEFFECTS:
910                 i = test_bit(EV_FF, dev->evbit) ?
911                                 dev->ff->max_effects : 0;
912                 if (put_user(i, ip))
913                         return -EFAULT;
914                 return 0;
915 
916         case EVIOCGRAB:
917                 if (p)
918                         return evdev_grab(evdev, client);
919                 else
920                         return evdev_ungrab(evdev, client);
921 
922         case EVIOCREVOKE:
923                 if (p)
924                         return -EINVAL;
925                 else
926                         return evdev_revoke(evdev, client, file);
927 
928         case EVIOCSCLOCKID:
929                 if (copy_from_user(&i, p, sizeof(unsigned int)))
930                         return -EFAULT;
931 
932                 return evdev_set_clk_type(client, i);
933 
934         case EVIOCGKEYCODE:
935                 return evdev_handle_get_keycode(dev, p);
936 
937         case EVIOCSKEYCODE:
938                 return evdev_handle_set_keycode(dev, p);
939 
940         case EVIOCGKEYCODE_V2:
941                 return evdev_handle_get_keycode_v2(dev, p);
942 
943         case EVIOCSKEYCODE_V2:
944                 return evdev_handle_set_keycode_v2(dev, p);
945         }
946 
947         size = _IOC_SIZE(cmd);
948 
949         /* Now check variable-length commands */
950 #define EVIOC_MASK_SIZE(nr)     ((nr) & ~(_IOC_SIZEMASK << _IOC_SIZESHIFT))
951         switch (EVIOC_MASK_SIZE(cmd)) {
952 
953         case EVIOCGPROP(0):
954                 return bits_to_user(dev->propbit, INPUT_PROP_MAX,
955                                     size, p, compat_mode);
956 
957         case EVIOCGMTSLOTS(0):
958                 return evdev_handle_mt_request(dev, size, ip);
959 
960         case EVIOCGKEY(0):
961                 return evdev_handle_get_val(client, dev, EV_KEY, dev->key,
962                                             KEY_MAX, size, p, compat_mode);
963 
964         case EVIOCGLED(0):
965                 return evdev_handle_get_val(client, dev, EV_LED, dev->led,
966                                             LED_MAX, size, p, compat_mode);
967 
968         case EVIOCGSND(0):
969                 return evdev_handle_get_val(client, dev, EV_SND, dev->snd,
970                                             SND_MAX, size, p, compat_mode);
971 
972         case EVIOCGSW(0):
973                 return evdev_handle_get_val(client, dev, EV_SW, dev->sw,
974                                             SW_MAX, size, p, compat_mode);
975 
976         case EVIOCGNAME(0):
977                 return str_to_user(dev->name, size, p);
978 
979         case EVIOCGPHYS(0):
980                 return str_to_user(dev->phys, size, p);
981 
982         case EVIOCGUNIQ(0):
983                 return str_to_user(dev->uniq, size, p);
984 
985         case EVIOC_MASK_SIZE(EVIOCSFF):
986                 if (input_ff_effect_from_user(p, size, &effect))
987                         return -EFAULT;
988 
989                 error = input_ff_upload(dev, &effect, file);
990                 if (error)
991                         return error;
992 
993                 if (put_user(effect.id, &(((struct ff_effect __user *)p)->id)))
994                         return -EFAULT;
995 
996                 return 0;
997         }
998 
999         /* Multi-number variable-length handlers */
1000         if (_IOC_TYPE(cmd) != 'E')
1001                 return -EINVAL;
1002 
1003         if (_IOC_DIR(cmd) == _IOC_READ) {
1004 
1005                 if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0, 0)))
1006                         return handle_eviocgbit(dev,
1007                                                 _IOC_NR(cmd) & EV_MAX, size,
1008                                                 p, compat_mode);
1009 
1010                 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) {
1011 
1012                         if (!dev->absinfo)
1013                                 return -EINVAL;
1014 
1015                         t = _IOC_NR(cmd) & ABS_MAX;
1016                         abs = dev->absinfo[t];
1017 
1018                         if (copy_to_user(p, &abs, min_t(size_t,
1019                                         size, sizeof(struct input_absinfo))))
1020                                 return -EFAULT;
1021 
1022                         return 0;
1023                 }
1024         }
1025 
1026         if (_IOC_DIR(cmd) == _IOC_WRITE) {
1027 
1028                 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) {
1029 
1030                         if (!dev->absinfo)
1031                                 return -EINVAL;
1032 
1033                         t = _IOC_NR(cmd) & ABS_MAX;
1034 
1035                         if (copy_from_user(&abs, p, min_t(size_t,
1036                                         size, sizeof(struct input_absinfo))))
1037                                 return -EFAULT;
1038 
1039                         if (size < sizeof(struct input_absinfo))
1040                                 abs.resolution = 0;
1041 
1042                         /* We can't change number of reserved MT slots */
1043                         if (t == ABS_MT_SLOT)
1044                                 return -EINVAL;
1045 
1046                         /*
1047                          * Take event lock to ensure that we are not
1048                          * changing device parameters in the middle
1049                          * of event.
1050                          */
1051                         spin_lock_irq(&dev->event_lock);
1052                         dev->absinfo[t] = abs;
1053                         spin_unlock_irq(&dev->event_lock);
1054 
1055                         return 0;
1056                 }
1057         }
1058 
1059         return -EINVAL;
1060 }
1061 
1062 static long evdev_ioctl_handler(struct file *file, unsigned int cmd,
1063                                 void __user *p, int compat_mode)
1064 {
1065         struct evdev_client *client = file->private_data;
1066         struct evdev *evdev = client->evdev;
1067         int retval;
1068 
1069         retval = mutex_lock_interruptible(&evdev->mutex);
1070         if (retval)
1071                 return retval;
1072 
1073         if (!evdev->exist || client->revoked) {
1074                 retval = -ENODEV;
1075                 goto out;
1076         }
1077 
1078         retval = evdev_do_ioctl(file, cmd, p, compat_mode);
1079 
1080  out:
1081         mutex_unlock(&evdev->mutex);
1082         return retval;
1083 }
1084 
1085 static long evdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1086 {
1087         return evdev_ioctl_handler(file, cmd, (void __user *)arg, 0);
1088 }
1089 
1090 #ifdef CONFIG_COMPAT
1091 static long evdev_ioctl_compat(struct file *file,
1092                                 unsigned int cmd, unsigned long arg)
1093 {
1094         return evdev_ioctl_handler(file, cmd, compat_ptr(arg), 1);
1095 }
1096 #endif
1097 
1098 static const struct file_operations evdev_fops = {
1099         .owner          = THIS_MODULE,
1100         .read           = evdev_read,
1101         .write          = evdev_write,
1102         .poll           = evdev_poll,
1103         .open           = evdev_open,
1104         .release        = evdev_release,
1105         .unlocked_ioctl = evdev_ioctl,
1106 #ifdef CONFIG_COMPAT
1107         .compat_ioctl   = evdev_ioctl_compat,
1108 #endif
1109         .fasync         = evdev_fasync,
1110         .flush          = evdev_flush,
1111         .llseek         = no_llseek,
1112 };
1113 
1114 /*
1115  * Mark device non-existent. This disables writes, ioctls and
1116  * prevents new users from opening the device. Already posted
1117  * blocking reads will stay, however new ones will fail.
1118  */
1119 static void evdev_mark_dead(struct evdev *evdev)
1120 {
1121         mutex_lock(&evdev->mutex);
1122         evdev->exist = false;
1123         mutex_unlock(&evdev->mutex);
1124 }
1125 
1126 static void evdev_cleanup(struct evdev *evdev)
1127 {
1128         struct input_handle *handle = &evdev->handle;
1129 
1130         evdev_mark_dead(evdev);
1131         evdev_hangup(evdev);
1132 
1133         cdev_del(&evdev->cdev);
1134 
1135         /* evdev is marked dead so no one else accesses evdev->open */
1136         if (evdev->open) {
1137                 input_flush_device(handle, NULL);
1138                 input_close_device(handle);
1139         }
1140 }
1141 
1142 /*
1143  * Create new evdev device. Note that input core serializes calls
1144  * to connect and disconnect.
1145  */
1146 static int evdev_connect(struct input_handler *handler, struct input_dev *dev,
1147                          const struct input_device_id *id)
1148 {
1149         struct evdev *evdev;
1150         int minor;
1151         int dev_no;
1152         int error;
1153 
1154         minor = input_get_new_minor(EVDEV_MINOR_BASE, EVDEV_MINORS, true);
1155         if (minor < 0) {
1156                 error = minor;
1157                 pr_err("failed to reserve new minor: %d\n", error);
1158                 return error;
1159         }
1160 
1161         evdev = kzalloc(sizeof(struct evdev), GFP_KERNEL);
1162         if (!evdev) {
1163                 error = -ENOMEM;
1164                 goto err_free_minor;
1165         }
1166 
1167         INIT_LIST_HEAD(&evdev->client_list);
1168         spin_lock_init(&evdev->client_lock);
1169         mutex_init(&evdev->mutex);
1170         init_waitqueue_head(&evdev->wait);
1171         evdev->exist = true;
1172 
1173         dev_no = minor;
1174         /* Normalize device number if it falls into legacy range */
1175         if (dev_no < EVDEV_MINOR_BASE + EVDEV_MINORS)
1176                 dev_no -= EVDEV_MINOR_BASE;
1177         dev_set_name(&evdev->dev, "event%d", dev_no);
1178 
1179         evdev->handle.dev = input_get_device(dev);
1180         evdev->handle.name = dev_name(&evdev->dev);
1181         evdev->handle.handler = handler;
1182         evdev->handle.private = evdev;
1183 
1184         evdev->dev.devt = MKDEV(INPUT_MAJOR, minor);
1185         evdev->dev.class = &input_class;
1186         evdev->dev.parent = &dev->dev;
1187         evdev->dev.release = evdev_free;
1188         device_initialize(&evdev->dev);
1189 
1190         error = input_register_handle(&evdev->handle);
1191         if (error)
1192                 goto err_free_evdev;
1193 
1194         cdev_init(&evdev->cdev, &evdev_fops);
1195         evdev->cdev.kobj.parent = &evdev->dev.kobj;
1196         error = cdev_add(&evdev->cdev, evdev->dev.devt, 1);
1197         if (error)
1198                 goto err_unregister_handle;
1199 
1200         error = device_add(&evdev->dev);
1201         if (error)
1202                 goto err_cleanup_evdev;
1203 
1204         return 0;
1205 
1206  err_cleanup_evdev:
1207         evdev_cleanup(evdev);
1208  err_unregister_handle:
1209         input_unregister_handle(&evdev->handle);
1210  err_free_evdev:
1211         put_device(&evdev->dev);
1212  err_free_minor:
1213         input_free_minor(minor);
1214         return error;
1215 }
1216 
1217 static void evdev_disconnect(struct input_handle *handle)
1218 {
1219         struct evdev *evdev = handle->private;
1220 
1221         device_del(&evdev->dev);
1222         evdev_cleanup(evdev);
1223         input_free_minor(MINOR(evdev->dev.devt));
1224         input_unregister_handle(handle);
1225         put_device(&evdev->dev);
1226 }
1227 
1228 static const struct input_device_id evdev_ids[] = {
1229         { .driver_info = 1 },   /* Matches all devices */
1230         { },                    /* Terminating zero entry */
1231 };
1232 
1233 MODULE_DEVICE_TABLE(input, evdev_ids);
1234 
1235 static struct input_handler evdev_handler = {
1236         .event          = evdev_event,
1237         .events         = evdev_events,
1238         .connect        = evdev_connect,
1239         .disconnect     = evdev_disconnect,
1240         .legacy_minors  = true,
1241         .minor          = EVDEV_MINOR_BASE,
1242         .name           = "evdev",
1243         .id_table       = evdev_ids,
1244 };
1245 
1246 static int __init evdev_init(void)
1247 {
1248         return input_register_handler(&evdev_handler);
1249 }
1250 
1251 static void __exit evdev_exit(void)
1252 {
1253         input_unregister_handler(&evdev_handler);
1254 }
1255 
1256 module_init(evdev_init);
1257 module_exit(evdev_exit);
1258 
1259 MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>");
1260 MODULE_DESCRIPTION("Input driver event char devices");
1261 MODULE_LICENSE("GPL");
1262 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us