0001
0002
0003
0004
0005
0006
0007
0008 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
0009
0010 #define EVDEV_MINOR_BASE 64
0011 #define EVDEV_MINORS 32
0012 #define EVDEV_MIN_BUFFER_SIZE 64U
0013 #define EVDEV_BUF_PACKETS 8
0014
0015 #include <linux/poll.h>
0016 #include <linux/sched.h>
0017 #include <linux/slab.h>
0018 #include <linux/vmalloc.h>
0019 #include <linux/mm.h>
0020 #include <linux/module.h>
0021 #include <linux/init.h>
0022 #include <linux/input/mt.h>
0023 #include <linux/major.h>
0024 #include <linux/device.h>
0025 #include <linux/cdev.h>
0026 #include "input-compat.h"
0027
0028 struct evdev {
0029 int open;
0030 struct input_handle handle;
0031 struct evdev_client __rcu *grab;
0032 struct list_head client_list;
0033 spinlock_t client_lock;
0034 struct mutex mutex;
0035 struct device dev;
0036 struct cdev cdev;
0037 bool exist;
0038 };
0039
0040 struct evdev_client {
0041 unsigned int head;
0042 unsigned int tail;
0043 unsigned int packet_head;
0044 spinlock_t buffer_lock;
0045 wait_queue_head_t wait;
0046 struct fasync_struct *fasync;
0047 struct evdev *evdev;
0048 struct list_head node;
0049 enum input_clock_type clk_type;
0050 bool revoked;
0051 unsigned long *evmasks[EV_CNT];
0052 unsigned int bufsize;
0053 struct input_event buffer[];
0054 };
0055
0056 static size_t evdev_get_mask_cnt(unsigned int type)
0057 {
0058 static const size_t counts[EV_CNT] = {
0059
0060 [EV_SYN] = EV_CNT,
0061 [EV_KEY] = KEY_CNT,
0062 [EV_REL] = REL_CNT,
0063 [EV_ABS] = ABS_CNT,
0064 [EV_MSC] = MSC_CNT,
0065 [EV_SW] = SW_CNT,
0066 [EV_LED] = LED_CNT,
0067 [EV_SND] = SND_CNT,
0068 [EV_FF] = FF_CNT,
0069 };
0070
0071 return (type < EV_CNT) ? counts[type] : 0;
0072 }
0073
0074
0075 static bool __evdev_is_filtered(struct evdev_client *client,
0076 unsigned int type,
0077 unsigned int code)
0078 {
0079 unsigned long *mask;
0080 size_t cnt;
0081
0082
0083 if (type == EV_SYN || type >= EV_CNT)
0084 return false;
0085
0086
0087 mask = client->evmasks[0];
0088 if (mask && !test_bit(type, mask))
0089 return true;
0090
0091
0092 cnt = evdev_get_mask_cnt(type);
0093 if (!cnt || code >= cnt)
0094 return false;
0095
0096 mask = client->evmasks[type];
0097 return mask && !test_bit(code, mask);
0098 }
0099
0100
0101 static void __evdev_flush_queue(struct evdev_client *client, unsigned int type)
0102 {
0103 unsigned int i, head, num;
0104 unsigned int mask = client->bufsize - 1;
0105 bool is_report;
0106 struct input_event *ev;
0107
0108 BUG_ON(type == EV_SYN);
0109
0110 head = client->tail;
0111 client->packet_head = client->tail;
0112
0113
0114 num = 1;
0115
0116 for (i = client->tail; i != client->head; i = (i + 1) & mask) {
0117 ev = &client->buffer[i];
0118 is_report = ev->type == EV_SYN && ev->code == SYN_REPORT;
0119
0120 if (ev->type == type) {
0121
0122 continue;
0123 } else if (is_report && !num) {
0124
0125 continue;
0126 } else if (head != i) {
0127
0128 client->buffer[head] = *ev;
0129 }
0130
0131 num++;
0132 head = (head + 1) & mask;
0133
0134 if (is_report) {
0135 num = 0;
0136 client->packet_head = head;
0137 }
0138 }
0139
0140 client->head = head;
0141 }
0142
0143 static void __evdev_queue_syn_dropped(struct evdev_client *client)
0144 {
0145 ktime_t *ev_time = input_get_timestamp(client->evdev->handle.dev);
0146 struct timespec64 ts = ktime_to_timespec64(ev_time[client->clk_type]);
0147 struct input_event ev;
0148
0149 ev.input_event_sec = ts.tv_sec;
0150 ev.input_event_usec = ts.tv_nsec / NSEC_PER_USEC;
0151 ev.type = EV_SYN;
0152 ev.code = SYN_DROPPED;
0153 ev.value = 0;
0154
0155 client->buffer[client->head++] = ev;
0156 client->head &= client->bufsize - 1;
0157
0158 if (unlikely(client->head == client->tail)) {
0159
0160 client->tail = (client->head - 1) & (client->bufsize - 1);
0161 client->packet_head = client->tail;
0162 }
0163 }
0164
0165 static void evdev_queue_syn_dropped(struct evdev_client *client)
0166 {
0167 unsigned long flags;
0168
0169 spin_lock_irqsave(&client->buffer_lock, flags);
0170 __evdev_queue_syn_dropped(client);
0171 spin_unlock_irqrestore(&client->buffer_lock, flags);
0172 }
0173
0174 static int evdev_set_clk_type(struct evdev_client *client, unsigned int clkid)
0175 {
0176 unsigned long flags;
0177 enum input_clock_type clk_type;
0178
0179 switch (clkid) {
0180
0181 case CLOCK_REALTIME:
0182 clk_type = INPUT_CLK_REAL;
0183 break;
0184 case CLOCK_MONOTONIC:
0185 clk_type = INPUT_CLK_MONO;
0186 break;
0187 case CLOCK_BOOTTIME:
0188 clk_type = INPUT_CLK_BOOT;
0189 break;
0190 default:
0191 return -EINVAL;
0192 }
0193
0194 if (client->clk_type != clk_type) {
0195 client->clk_type = clk_type;
0196
0197
0198
0199
0200
0201 spin_lock_irqsave(&client->buffer_lock, flags);
0202
0203 if (client->head != client->tail) {
0204 client->packet_head = client->head = client->tail;
0205 __evdev_queue_syn_dropped(client);
0206 }
0207
0208 spin_unlock_irqrestore(&client->buffer_lock, flags);
0209 }
0210
0211 return 0;
0212 }
0213
0214 static void __pass_event(struct evdev_client *client,
0215 const struct input_event *event)
0216 {
0217 client->buffer[client->head++] = *event;
0218 client->head &= client->bufsize - 1;
0219
0220 if (unlikely(client->head == client->tail)) {
0221
0222
0223
0224
0225 client->tail = (client->head - 2) & (client->bufsize - 1);
0226
0227 client->buffer[client->tail] = (struct input_event) {
0228 .input_event_sec = event->input_event_sec,
0229 .input_event_usec = event->input_event_usec,
0230 .type = EV_SYN,
0231 .code = SYN_DROPPED,
0232 .value = 0,
0233 };
0234
0235 client->packet_head = client->tail;
0236 }
0237
0238 if (event->type == EV_SYN && event->code == SYN_REPORT) {
0239 client->packet_head = client->head;
0240 kill_fasync(&client->fasync, SIGIO, POLL_IN);
0241 }
0242 }
0243
0244 static void evdev_pass_values(struct evdev_client *client,
0245 const struct input_value *vals, unsigned int count,
0246 ktime_t *ev_time)
0247 {
0248 const struct input_value *v;
0249 struct input_event event;
0250 struct timespec64 ts;
0251 bool wakeup = false;
0252
0253 if (client->revoked)
0254 return;
0255
0256 ts = ktime_to_timespec64(ev_time[client->clk_type]);
0257 event.input_event_sec = ts.tv_sec;
0258 event.input_event_usec = ts.tv_nsec / NSEC_PER_USEC;
0259
0260
0261 spin_lock(&client->buffer_lock);
0262
0263 for (v = vals; v != vals + count; v++) {
0264 if (__evdev_is_filtered(client, v->type, v->code))
0265 continue;
0266
0267 if (v->type == EV_SYN && v->code == SYN_REPORT) {
0268
0269 if (client->packet_head == client->head)
0270 continue;
0271
0272 wakeup = true;
0273 }
0274
0275 event.type = v->type;
0276 event.code = v->code;
0277 event.value = v->value;
0278 __pass_event(client, &event);
0279 }
0280
0281 spin_unlock(&client->buffer_lock);
0282
0283 if (wakeup)
0284 wake_up_interruptible_poll(&client->wait,
0285 EPOLLIN | EPOLLOUT | EPOLLRDNORM | EPOLLWRNORM);
0286 }
0287
0288
0289
0290
0291 static void evdev_events(struct input_handle *handle,
0292 const struct input_value *vals, unsigned int count)
0293 {
0294 struct evdev *evdev = handle->private;
0295 struct evdev_client *client;
0296 ktime_t *ev_time = input_get_timestamp(handle->dev);
0297
0298 rcu_read_lock();
0299
0300 client = rcu_dereference(evdev->grab);
0301
0302 if (client)
0303 evdev_pass_values(client, vals, count, ev_time);
0304 else
0305 list_for_each_entry_rcu(client, &evdev->client_list, node)
0306 evdev_pass_values(client, vals, count, ev_time);
0307
0308 rcu_read_unlock();
0309 }
0310
0311
0312
0313
0314 static void evdev_event(struct input_handle *handle,
0315 unsigned int type, unsigned int code, int value)
0316 {
0317 struct input_value vals[] = { { type, code, value } };
0318
0319 evdev_events(handle, vals, 1);
0320 }
0321
0322 static int evdev_fasync(int fd, struct file *file, int on)
0323 {
0324 struct evdev_client *client = file->private_data;
0325
0326 return fasync_helper(fd, file, on, &client->fasync);
0327 }
0328
0329 static void evdev_free(struct device *dev)
0330 {
0331 struct evdev *evdev = container_of(dev, struct evdev, dev);
0332
0333 input_put_device(evdev->handle.dev);
0334 kfree(evdev);
0335 }
0336
0337
0338
0339
0340
0341 static int evdev_grab(struct evdev *evdev, struct evdev_client *client)
0342 {
0343 int error;
0344
0345 if (evdev->grab)
0346 return -EBUSY;
0347
0348 error = input_grab_device(&evdev->handle);
0349 if (error)
0350 return error;
0351
0352 rcu_assign_pointer(evdev->grab, client);
0353
0354 return 0;
0355 }
0356
0357 static int evdev_ungrab(struct evdev *evdev, struct evdev_client *client)
0358 {
0359 struct evdev_client *grab = rcu_dereference_protected(evdev->grab,
0360 lockdep_is_held(&evdev->mutex));
0361
0362 if (grab != client)
0363 return -EINVAL;
0364
0365 rcu_assign_pointer(evdev->grab, NULL);
0366 synchronize_rcu();
0367 input_release_device(&evdev->handle);
0368
0369 return 0;
0370 }
0371
0372 static void evdev_attach_client(struct evdev *evdev,
0373 struct evdev_client *client)
0374 {
0375 spin_lock(&evdev->client_lock);
0376 list_add_tail_rcu(&client->node, &evdev->client_list);
0377 spin_unlock(&evdev->client_lock);
0378 }
0379
0380 static void evdev_detach_client(struct evdev *evdev,
0381 struct evdev_client *client)
0382 {
0383 spin_lock(&evdev->client_lock);
0384 list_del_rcu(&client->node);
0385 spin_unlock(&evdev->client_lock);
0386 synchronize_rcu();
0387 }
0388
0389 static int evdev_open_device(struct evdev *evdev)
0390 {
0391 int retval;
0392
0393 retval = mutex_lock_interruptible(&evdev->mutex);
0394 if (retval)
0395 return retval;
0396
0397 if (!evdev->exist)
0398 retval = -ENODEV;
0399 else if (!evdev->open++) {
0400 retval = input_open_device(&evdev->handle);
0401 if (retval)
0402 evdev->open--;
0403 }
0404
0405 mutex_unlock(&evdev->mutex);
0406 return retval;
0407 }
0408
0409 static void evdev_close_device(struct evdev *evdev)
0410 {
0411 mutex_lock(&evdev->mutex);
0412
0413 if (evdev->exist && !--evdev->open)
0414 input_close_device(&evdev->handle);
0415
0416 mutex_unlock(&evdev->mutex);
0417 }
0418
0419
0420
0421
0422
0423 static void evdev_hangup(struct evdev *evdev)
0424 {
0425 struct evdev_client *client;
0426
0427 spin_lock(&evdev->client_lock);
0428 list_for_each_entry(client, &evdev->client_list, node) {
0429 kill_fasync(&client->fasync, SIGIO, POLL_HUP);
0430 wake_up_interruptible_poll(&client->wait, EPOLLHUP | EPOLLERR);
0431 }
0432 spin_unlock(&evdev->client_lock);
0433 }
0434
0435 static int evdev_release(struct inode *inode, struct file *file)
0436 {
0437 struct evdev_client *client = file->private_data;
0438 struct evdev *evdev = client->evdev;
0439 unsigned int i;
0440
0441 mutex_lock(&evdev->mutex);
0442
0443 if (evdev->exist && !client->revoked)
0444 input_flush_device(&evdev->handle, file);
0445
0446 evdev_ungrab(evdev, client);
0447 mutex_unlock(&evdev->mutex);
0448
0449 evdev_detach_client(evdev, client);
0450
0451 for (i = 0; i < EV_CNT; ++i)
0452 bitmap_free(client->evmasks[i]);
0453
0454 kvfree(client);
0455
0456 evdev_close_device(evdev);
0457
0458 return 0;
0459 }
0460
0461 static unsigned int evdev_compute_buffer_size(struct input_dev *dev)
0462 {
0463 unsigned int n_events =
0464 max(dev->hint_events_per_packet * EVDEV_BUF_PACKETS,
0465 EVDEV_MIN_BUFFER_SIZE);
0466
0467 return roundup_pow_of_two(n_events);
0468 }
0469
0470 static int evdev_open(struct inode *inode, struct file *file)
0471 {
0472 struct evdev *evdev = container_of(inode->i_cdev, struct evdev, cdev);
0473 unsigned int bufsize = evdev_compute_buffer_size(evdev->handle.dev);
0474 struct evdev_client *client;
0475 int error;
0476
0477 client = kvzalloc(struct_size(client, buffer, bufsize), GFP_KERNEL);
0478 if (!client)
0479 return -ENOMEM;
0480
0481 init_waitqueue_head(&client->wait);
0482 client->bufsize = bufsize;
0483 spin_lock_init(&client->buffer_lock);
0484 client->evdev = evdev;
0485 evdev_attach_client(evdev, client);
0486
0487 error = evdev_open_device(evdev);
0488 if (error)
0489 goto err_free_client;
0490
0491 file->private_data = client;
0492 stream_open(inode, file);
0493
0494 return 0;
0495
0496 err_free_client:
0497 evdev_detach_client(evdev, client);
0498 kvfree(client);
0499 return error;
0500 }
0501
0502 static ssize_t evdev_write(struct file *file, const char __user *buffer,
0503 size_t count, loff_t *ppos)
0504 {
0505 struct evdev_client *client = file->private_data;
0506 struct evdev *evdev = client->evdev;
0507 struct input_event event;
0508 int retval = 0;
0509
0510 if (count != 0 && count < input_event_size())
0511 return -EINVAL;
0512
0513 retval = mutex_lock_interruptible(&evdev->mutex);
0514 if (retval)
0515 return retval;
0516
0517 if (!evdev->exist || client->revoked) {
0518 retval = -ENODEV;
0519 goto out;
0520 }
0521
0522 while (retval + input_event_size() <= count) {
0523
0524 if (input_event_from_user(buffer + retval, &event)) {
0525 retval = -EFAULT;
0526 goto out;
0527 }
0528 retval += input_event_size();
0529
0530 input_inject_event(&evdev->handle,
0531 event.type, event.code, event.value);
0532 cond_resched();
0533 }
0534
0535 out:
0536 mutex_unlock(&evdev->mutex);
0537 return retval;
0538 }
0539
0540 static int evdev_fetch_next_event(struct evdev_client *client,
0541 struct input_event *event)
0542 {
0543 int have_event;
0544
0545 spin_lock_irq(&client->buffer_lock);
0546
0547 have_event = client->packet_head != client->tail;
0548 if (have_event) {
0549 *event = client->buffer[client->tail++];
0550 client->tail &= client->bufsize - 1;
0551 }
0552
0553 spin_unlock_irq(&client->buffer_lock);
0554
0555 return have_event;
0556 }
0557
0558 static ssize_t evdev_read(struct file *file, char __user *buffer,
0559 size_t count, loff_t *ppos)
0560 {
0561 struct evdev_client *client = file->private_data;
0562 struct evdev *evdev = client->evdev;
0563 struct input_event event;
0564 size_t read = 0;
0565 int error;
0566
0567 if (count != 0 && count < input_event_size())
0568 return -EINVAL;
0569
0570 for (;;) {
0571 if (!evdev->exist || client->revoked)
0572 return -ENODEV;
0573
0574 if (client->packet_head == client->tail &&
0575 (file->f_flags & O_NONBLOCK))
0576 return -EAGAIN;
0577
0578
0579
0580
0581
0582 if (count == 0)
0583 break;
0584
0585 while (read + input_event_size() <= count &&
0586 evdev_fetch_next_event(client, &event)) {
0587
0588 if (input_event_to_user(buffer + read, &event))
0589 return -EFAULT;
0590
0591 read += input_event_size();
0592 }
0593
0594 if (read)
0595 break;
0596
0597 if (!(file->f_flags & O_NONBLOCK)) {
0598 error = wait_event_interruptible(client->wait,
0599 client->packet_head != client->tail ||
0600 !evdev->exist || client->revoked);
0601 if (error)
0602 return error;
0603 }
0604 }
0605
0606 return read;
0607 }
0608
0609
0610 static __poll_t evdev_poll(struct file *file, poll_table *wait)
0611 {
0612 struct evdev_client *client = file->private_data;
0613 struct evdev *evdev = client->evdev;
0614 __poll_t mask;
0615
0616 poll_wait(file, &client->wait, wait);
0617
0618 if (evdev->exist && !client->revoked)
0619 mask = EPOLLOUT | EPOLLWRNORM;
0620 else
0621 mask = EPOLLHUP | EPOLLERR;
0622
0623 if (client->packet_head != client->tail)
0624 mask |= EPOLLIN | EPOLLRDNORM;
0625
0626 return mask;
0627 }
0628
0629 #ifdef CONFIG_COMPAT
0630
0631 #define BITS_PER_LONG_COMPAT (sizeof(compat_long_t) * 8)
0632 #define BITS_TO_LONGS_COMPAT(x) ((((x) - 1) / BITS_PER_LONG_COMPAT) + 1)
0633
0634 #ifdef __BIG_ENDIAN
0635 static int bits_to_user(unsigned long *bits, unsigned int maxbit,
0636 unsigned int maxlen, void __user *p, int compat)
0637 {
0638 int len, i;
0639
0640 if (compat) {
0641 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t);
0642 if (len > maxlen)
0643 len = maxlen;
0644
0645 for (i = 0; i < len / sizeof(compat_long_t); i++)
0646 if (copy_to_user((compat_long_t __user *) p + i,
0647 (compat_long_t *) bits +
0648 i + 1 - ((i % 2) << 1),
0649 sizeof(compat_long_t)))
0650 return -EFAULT;
0651 } else {
0652 len = BITS_TO_LONGS(maxbit) * sizeof(long);
0653 if (len > maxlen)
0654 len = maxlen;
0655
0656 if (copy_to_user(p, bits, len))
0657 return -EFAULT;
0658 }
0659
0660 return len;
0661 }
0662
0663 static int bits_from_user(unsigned long *bits, unsigned int maxbit,
0664 unsigned int maxlen, const void __user *p, int compat)
0665 {
0666 int len, i;
0667
0668 if (compat) {
0669 if (maxlen % sizeof(compat_long_t))
0670 return -EINVAL;
0671
0672 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t);
0673 if (len > maxlen)
0674 len = maxlen;
0675
0676 for (i = 0; i < len / sizeof(compat_long_t); i++)
0677 if (copy_from_user((compat_long_t *) bits +
0678 i + 1 - ((i % 2) << 1),
0679 (compat_long_t __user *) p + i,
0680 sizeof(compat_long_t)))
0681 return -EFAULT;
0682 if (i % 2)
0683 *((compat_long_t *) bits + i - 1) = 0;
0684
0685 } else {
0686 if (maxlen % sizeof(long))
0687 return -EINVAL;
0688
0689 len = BITS_TO_LONGS(maxbit) * sizeof(long);
0690 if (len > maxlen)
0691 len = maxlen;
0692
0693 if (copy_from_user(bits, p, len))
0694 return -EFAULT;
0695 }
0696
0697 return len;
0698 }
0699
0700 #else
0701
0702 static int bits_to_user(unsigned long *bits, unsigned int maxbit,
0703 unsigned int maxlen, void __user *p, int compat)
0704 {
0705 int len = compat ?
0706 BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t) :
0707 BITS_TO_LONGS(maxbit) * sizeof(long);
0708
0709 if (len > maxlen)
0710 len = maxlen;
0711
0712 return copy_to_user(p, bits, len) ? -EFAULT : len;
0713 }
0714
0715 static int bits_from_user(unsigned long *bits, unsigned int maxbit,
0716 unsigned int maxlen, const void __user *p, int compat)
0717 {
0718 size_t chunk_size = compat ? sizeof(compat_long_t) : sizeof(long);
0719 int len;
0720
0721 if (maxlen % chunk_size)
0722 return -EINVAL;
0723
0724 len = compat ? BITS_TO_LONGS_COMPAT(maxbit) : BITS_TO_LONGS(maxbit);
0725 len *= chunk_size;
0726 if (len > maxlen)
0727 len = maxlen;
0728
0729 return copy_from_user(bits, p, len) ? -EFAULT : len;
0730 }
0731
0732 #endif
0733
0734 #else
0735
0736 static int bits_to_user(unsigned long *bits, unsigned int maxbit,
0737 unsigned int maxlen, void __user *p, int compat)
0738 {
0739 int len = BITS_TO_LONGS(maxbit) * sizeof(long);
0740
0741 if (len > maxlen)
0742 len = maxlen;
0743
0744 return copy_to_user(p, bits, len) ? -EFAULT : len;
0745 }
0746
0747 static int bits_from_user(unsigned long *bits, unsigned int maxbit,
0748 unsigned int maxlen, const void __user *p, int compat)
0749 {
0750 int len;
0751
0752 if (maxlen % sizeof(long))
0753 return -EINVAL;
0754
0755 len = BITS_TO_LONGS(maxbit) * sizeof(long);
0756 if (len > maxlen)
0757 len = maxlen;
0758
0759 return copy_from_user(bits, p, len) ? -EFAULT : len;
0760 }
0761
0762 #endif
0763
0764 static int str_to_user(const char *str, unsigned int maxlen, void __user *p)
0765 {
0766 int len;
0767
0768 if (!str)
0769 return -ENOENT;
0770
0771 len = strlen(str) + 1;
0772 if (len > maxlen)
0773 len = maxlen;
0774
0775 return copy_to_user(p, str, len) ? -EFAULT : len;
0776 }
0777
0778 static int handle_eviocgbit(struct input_dev *dev,
0779 unsigned int type, unsigned int size,
0780 void __user *p, int compat_mode)
0781 {
0782 unsigned long *bits;
0783 int len;
0784
0785 switch (type) {
0786
0787 case 0: bits = dev->evbit; len = EV_MAX; break;
0788 case EV_KEY: bits = dev->keybit; len = KEY_MAX; break;
0789 case EV_REL: bits = dev->relbit; len = REL_MAX; break;
0790 case EV_ABS: bits = dev->absbit; len = ABS_MAX; break;
0791 case EV_MSC: bits = dev->mscbit; len = MSC_MAX; break;
0792 case EV_LED: bits = dev->ledbit; len = LED_MAX; break;
0793 case EV_SND: bits = dev->sndbit; len = SND_MAX; break;
0794 case EV_FF: bits = dev->ffbit; len = FF_MAX; break;
0795 case EV_SW: bits = dev->swbit; len = SW_MAX; break;
0796 default: return -EINVAL;
0797 }
0798
0799 return bits_to_user(bits, len, size, p, compat_mode);
0800 }
0801
0802 static int evdev_handle_get_keycode(struct input_dev *dev, void __user *p)
0803 {
0804 struct input_keymap_entry ke = {
0805 .len = sizeof(unsigned int),
0806 .flags = 0,
0807 };
0808 int __user *ip = (int __user *)p;
0809 int error;
0810
0811
0812 if (copy_from_user(ke.scancode, p, sizeof(unsigned int)))
0813 return -EFAULT;
0814
0815 error = input_get_keycode(dev, &ke);
0816 if (error)
0817 return error;
0818
0819 if (put_user(ke.keycode, ip + 1))
0820 return -EFAULT;
0821
0822 return 0;
0823 }
0824
0825 static int evdev_handle_get_keycode_v2(struct input_dev *dev, void __user *p)
0826 {
0827 struct input_keymap_entry ke;
0828 int error;
0829
0830 if (copy_from_user(&ke, p, sizeof(ke)))
0831 return -EFAULT;
0832
0833 error = input_get_keycode(dev, &ke);
0834 if (error)
0835 return error;
0836
0837 if (copy_to_user(p, &ke, sizeof(ke)))
0838 return -EFAULT;
0839
0840 return 0;
0841 }
0842
0843 static int evdev_handle_set_keycode(struct input_dev *dev, void __user *p)
0844 {
0845 struct input_keymap_entry ke = {
0846 .len = sizeof(unsigned int),
0847 .flags = 0,
0848 };
0849 int __user *ip = (int __user *)p;
0850
0851 if (copy_from_user(ke.scancode, p, sizeof(unsigned int)))
0852 return -EFAULT;
0853
0854 if (get_user(ke.keycode, ip + 1))
0855 return -EFAULT;
0856
0857 return input_set_keycode(dev, &ke);
0858 }
0859
0860 static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p)
0861 {
0862 struct input_keymap_entry ke;
0863
0864 if (copy_from_user(&ke, p, sizeof(ke)))
0865 return -EFAULT;
0866
0867 if (ke.len > sizeof(ke.scancode))
0868 return -EINVAL;
0869
0870 return input_set_keycode(dev, &ke);
0871 }
0872
0873
0874
0875
0876
0877
0878
0879
0880
0881
0882
0883
0884
0885
0886 static int evdev_handle_get_val(struct evdev_client *client,
0887 struct input_dev *dev, unsigned int type,
0888 unsigned long *bits, unsigned int maxbit,
0889 unsigned int maxlen, void __user *p,
0890 int compat)
0891 {
0892 int ret;
0893 unsigned long *mem;
0894
0895 mem = bitmap_alloc(maxbit, GFP_KERNEL);
0896 if (!mem)
0897 return -ENOMEM;
0898
0899 spin_lock_irq(&dev->event_lock);
0900 spin_lock(&client->buffer_lock);
0901
0902 bitmap_copy(mem, bits, maxbit);
0903
0904 spin_unlock(&dev->event_lock);
0905
0906 __evdev_flush_queue(client, type);
0907
0908 spin_unlock_irq(&client->buffer_lock);
0909
0910 ret = bits_to_user(mem, maxbit, maxlen, p, compat);
0911 if (ret < 0)
0912 evdev_queue_syn_dropped(client);
0913
0914 bitmap_free(mem);
0915
0916 return ret;
0917 }
0918
0919 static int evdev_handle_mt_request(struct input_dev *dev,
0920 unsigned int size,
0921 int __user *ip)
0922 {
0923 const struct input_mt *mt = dev->mt;
0924 unsigned int code;
0925 int max_slots;
0926 int i;
0927
0928 if (get_user(code, &ip[0]))
0929 return -EFAULT;
0930 if (!mt || !input_is_mt_value(code))
0931 return -EINVAL;
0932
0933 max_slots = (size - sizeof(__u32)) / sizeof(__s32);
0934 for (i = 0; i < mt->num_slots && i < max_slots; i++) {
0935 int value = input_mt_get_value(&mt->slots[i], code);
0936 if (put_user(value, &ip[1 + i]))
0937 return -EFAULT;
0938 }
0939
0940 return 0;
0941 }
0942
0943 static int evdev_revoke(struct evdev *evdev, struct evdev_client *client,
0944 struct file *file)
0945 {
0946 client->revoked = true;
0947 evdev_ungrab(evdev, client);
0948 input_flush_device(&evdev->handle, file);
0949 wake_up_interruptible_poll(&client->wait, EPOLLHUP | EPOLLERR);
0950
0951 return 0;
0952 }
0953
0954
0955 static int evdev_set_mask(struct evdev_client *client,
0956 unsigned int type,
0957 const void __user *codes,
0958 u32 codes_size,
0959 int compat)
0960 {
0961 unsigned long flags, *mask, *oldmask;
0962 size_t cnt;
0963 int error;
0964
0965
0966 cnt = evdev_get_mask_cnt(type);
0967 if (!cnt)
0968 return 0;
0969
0970 mask = bitmap_zalloc(cnt, GFP_KERNEL);
0971 if (!mask)
0972 return -ENOMEM;
0973
0974 error = bits_from_user(mask, cnt - 1, codes_size, codes, compat);
0975 if (error < 0) {
0976 bitmap_free(mask);
0977 return error;
0978 }
0979
0980 spin_lock_irqsave(&client->buffer_lock, flags);
0981 oldmask = client->evmasks[type];
0982 client->evmasks[type] = mask;
0983 spin_unlock_irqrestore(&client->buffer_lock, flags);
0984
0985 bitmap_free(oldmask);
0986
0987 return 0;
0988 }
0989
0990
0991 static int evdev_get_mask(struct evdev_client *client,
0992 unsigned int type,
0993 void __user *codes,
0994 u32 codes_size,
0995 int compat)
0996 {
0997 unsigned long *mask;
0998 size_t cnt, size, xfer_size;
0999 int i;
1000 int error;
1001
1002
1003 cnt = evdev_get_mask_cnt(type);
1004 size = sizeof(unsigned long) * BITS_TO_LONGS(cnt);
1005 xfer_size = min_t(size_t, codes_size, size);
1006
1007 if (cnt > 0) {
1008 mask = client->evmasks[type];
1009 if (mask) {
1010 error = bits_to_user(mask, cnt - 1,
1011 xfer_size, codes, compat);
1012 if (error < 0)
1013 return error;
1014 } else {
1015
1016 for (i = 0; i < xfer_size; i++)
1017 if (put_user(0xffU, (u8 __user *)codes + i))
1018 return -EFAULT;
1019 }
1020 }
1021
1022 if (xfer_size < codes_size)
1023 if (clear_user(codes + xfer_size, codes_size - xfer_size))
1024 return -EFAULT;
1025
1026 return 0;
1027 }
1028
1029 static long evdev_do_ioctl(struct file *file, unsigned int cmd,
1030 void __user *p, int compat_mode)
1031 {
1032 struct evdev_client *client = file->private_data;
1033 struct evdev *evdev = client->evdev;
1034 struct input_dev *dev = evdev->handle.dev;
1035 struct input_absinfo abs;
1036 struct input_mask mask;
1037 struct ff_effect effect;
1038 int __user *ip = (int __user *)p;
1039 unsigned int i, t, u, v;
1040 unsigned int size;
1041 int error;
1042
1043
1044 switch (cmd) {
1045
1046 case EVIOCGVERSION:
1047 return put_user(EV_VERSION, ip);
1048
1049 case EVIOCGID:
1050 if (copy_to_user(p, &dev->id, sizeof(struct input_id)))
1051 return -EFAULT;
1052 return 0;
1053
1054 case EVIOCGREP:
1055 if (!test_bit(EV_REP, dev->evbit))
1056 return -ENOSYS;
1057 if (put_user(dev->rep[REP_DELAY], ip))
1058 return -EFAULT;
1059 if (put_user(dev->rep[REP_PERIOD], ip + 1))
1060 return -EFAULT;
1061 return 0;
1062
1063 case EVIOCSREP:
1064 if (!test_bit(EV_REP, dev->evbit))
1065 return -ENOSYS;
1066 if (get_user(u, ip))
1067 return -EFAULT;
1068 if (get_user(v, ip + 1))
1069 return -EFAULT;
1070
1071 input_inject_event(&evdev->handle, EV_REP, REP_DELAY, u);
1072 input_inject_event(&evdev->handle, EV_REP, REP_PERIOD, v);
1073
1074 return 0;
1075
1076 case EVIOCRMFF:
1077 return input_ff_erase(dev, (int)(unsigned long) p, file);
1078
1079 case EVIOCGEFFECTS:
1080 i = test_bit(EV_FF, dev->evbit) ?
1081 dev->ff->max_effects : 0;
1082 if (put_user(i, ip))
1083 return -EFAULT;
1084 return 0;
1085
1086 case EVIOCGRAB:
1087 if (p)
1088 return evdev_grab(evdev, client);
1089 else
1090 return evdev_ungrab(evdev, client);
1091
1092 case EVIOCREVOKE:
1093 if (p)
1094 return -EINVAL;
1095 else
1096 return evdev_revoke(evdev, client, file);
1097
1098 case EVIOCGMASK: {
1099 void __user *codes_ptr;
1100
1101 if (copy_from_user(&mask, p, sizeof(mask)))
1102 return -EFAULT;
1103
1104 codes_ptr = (void __user *)(unsigned long)mask.codes_ptr;
1105 return evdev_get_mask(client,
1106 mask.type, codes_ptr, mask.codes_size,
1107 compat_mode);
1108 }
1109
1110 case EVIOCSMASK: {
1111 const void __user *codes_ptr;
1112
1113 if (copy_from_user(&mask, p, sizeof(mask)))
1114 return -EFAULT;
1115
1116 codes_ptr = (const void __user *)(unsigned long)mask.codes_ptr;
1117 return evdev_set_mask(client,
1118 mask.type, codes_ptr, mask.codes_size,
1119 compat_mode);
1120 }
1121
1122 case EVIOCSCLOCKID:
1123 if (copy_from_user(&i, p, sizeof(unsigned int)))
1124 return -EFAULT;
1125
1126 return evdev_set_clk_type(client, i);
1127
1128 case EVIOCGKEYCODE:
1129 return evdev_handle_get_keycode(dev, p);
1130
1131 case EVIOCSKEYCODE:
1132 return evdev_handle_set_keycode(dev, p);
1133
1134 case EVIOCGKEYCODE_V2:
1135 return evdev_handle_get_keycode_v2(dev, p);
1136
1137 case EVIOCSKEYCODE_V2:
1138 return evdev_handle_set_keycode_v2(dev, p);
1139 }
1140
1141 size = _IOC_SIZE(cmd);
1142
1143
1144 #define EVIOC_MASK_SIZE(nr) ((nr) & ~(_IOC_SIZEMASK << _IOC_SIZESHIFT))
1145 switch (EVIOC_MASK_SIZE(cmd)) {
1146
1147 case EVIOCGPROP(0):
1148 return bits_to_user(dev->propbit, INPUT_PROP_MAX,
1149 size, p, compat_mode);
1150
1151 case EVIOCGMTSLOTS(0):
1152 return evdev_handle_mt_request(dev, size, ip);
1153
1154 case EVIOCGKEY(0):
1155 return evdev_handle_get_val(client, dev, EV_KEY, dev->key,
1156 KEY_MAX, size, p, compat_mode);
1157
1158 case EVIOCGLED(0):
1159 return evdev_handle_get_val(client, dev, EV_LED, dev->led,
1160 LED_MAX, size, p, compat_mode);
1161
1162 case EVIOCGSND(0):
1163 return evdev_handle_get_val(client, dev, EV_SND, dev->snd,
1164 SND_MAX, size, p, compat_mode);
1165
1166 case EVIOCGSW(0):
1167 return evdev_handle_get_val(client, dev, EV_SW, dev->sw,
1168 SW_MAX, size, p, compat_mode);
1169
1170 case EVIOCGNAME(0):
1171 return str_to_user(dev->name, size, p);
1172
1173 case EVIOCGPHYS(0):
1174 return str_to_user(dev->phys, size, p);
1175
1176 case EVIOCGUNIQ(0):
1177 return str_to_user(dev->uniq, size, p);
1178
1179 case EVIOC_MASK_SIZE(EVIOCSFF):
1180 if (input_ff_effect_from_user(p, size, &effect))
1181 return -EFAULT;
1182
1183 error = input_ff_upload(dev, &effect, file);
1184 if (error)
1185 return error;
1186
1187 if (put_user(effect.id, &(((struct ff_effect __user *)p)->id)))
1188 return -EFAULT;
1189
1190 return 0;
1191 }
1192
1193
1194 if (_IOC_TYPE(cmd) != 'E')
1195 return -EINVAL;
1196
1197 if (_IOC_DIR(cmd) == _IOC_READ) {
1198
1199 if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0, 0)))
1200 return handle_eviocgbit(dev,
1201 _IOC_NR(cmd) & EV_MAX, size,
1202 p, compat_mode);
1203
1204 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) {
1205
1206 if (!dev->absinfo)
1207 return -EINVAL;
1208
1209 t = _IOC_NR(cmd) & ABS_MAX;
1210 abs = dev->absinfo[t];
1211
1212 if (copy_to_user(p, &abs, min_t(size_t,
1213 size, sizeof(struct input_absinfo))))
1214 return -EFAULT;
1215
1216 return 0;
1217 }
1218 }
1219
1220 if (_IOC_DIR(cmd) == _IOC_WRITE) {
1221
1222 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) {
1223
1224 if (!dev->absinfo)
1225 return -EINVAL;
1226
1227 t = _IOC_NR(cmd) & ABS_MAX;
1228
1229 if (copy_from_user(&abs, p, min_t(size_t,
1230 size, sizeof(struct input_absinfo))))
1231 return -EFAULT;
1232
1233 if (size < sizeof(struct input_absinfo))
1234 abs.resolution = 0;
1235
1236
1237 if (t == ABS_MT_SLOT)
1238 return -EINVAL;
1239
1240
1241
1242
1243
1244
1245 spin_lock_irq(&dev->event_lock);
1246 dev->absinfo[t] = abs;
1247 spin_unlock_irq(&dev->event_lock);
1248
1249 return 0;
1250 }
1251 }
1252
1253 return -EINVAL;
1254 }
1255
1256 static long evdev_ioctl_handler(struct file *file, unsigned int cmd,
1257 void __user *p, int compat_mode)
1258 {
1259 struct evdev_client *client = file->private_data;
1260 struct evdev *evdev = client->evdev;
1261 int retval;
1262
1263 retval = mutex_lock_interruptible(&evdev->mutex);
1264 if (retval)
1265 return retval;
1266
1267 if (!evdev->exist || client->revoked) {
1268 retval = -ENODEV;
1269 goto out;
1270 }
1271
1272 retval = evdev_do_ioctl(file, cmd, p, compat_mode);
1273
1274 out:
1275 mutex_unlock(&evdev->mutex);
1276 return retval;
1277 }
1278
1279 static long evdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1280 {
1281 return evdev_ioctl_handler(file, cmd, (void __user *)arg, 0);
1282 }
1283
1284 #ifdef CONFIG_COMPAT
1285 static long evdev_ioctl_compat(struct file *file,
1286 unsigned int cmd, unsigned long arg)
1287 {
1288 return evdev_ioctl_handler(file, cmd, compat_ptr(arg), 1);
1289 }
1290 #endif
1291
1292 static const struct file_operations evdev_fops = {
1293 .owner = THIS_MODULE,
1294 .read = evdev_read,
1295 .write = evdev_write,
1296 .poll = evdev_poll,
1297 .open = evdev_open,
1298 .release = evdev_release,
1299 .unlocked_ioctl = evdev_ioctl,
1300 #ifdef CONFIG_COMPAT
1301 .compat_ioctl = evdev_ioctl_compat,
1302 #endif
1303 .fasync = evdev_fasync,
1304 .llseek = no_llseek,
1305 };
1306
1307
1308
1309
1310
1311
1312 static void evdev_mark_dead(struct evdev *evdev)
1313 {
1314 mutex_lock(&evdev->mutex);
1315 evdev->exist = false;
1316 mutex_unlock(&evdev->mutex);
1317 }
1318
1319 static void evdev_cleanup(struct evdev *evdev)
1320 {
1321 struct input_handle *handle = &evdev->handle;
1322
1323 evdev_mark_dead(evdev);
1324 evdev_hangup(evdev);
1325
1326
1327 if (evdev->open) {
1328 input_flush_device(handle, NULL);
1329 input_close_device(handle);
1330 }
1331 }
1332
1333
1334
1335
1336
1337 static int evdev_connect(struct input_handler *handler, struct input_dev *dev,
1338 const struct input_device_id *id)
1339 {
1340 struct evdev *evdev;
1341 int minor;
1342 int dev_no;
1343 int error;
1344
1345 minor = input_get_new_minor(EVDEV_MINOR_BASE, EVDEV_MINORS, true);
1346 if (minor < 0) {
1347 error = minor;
1348 pr_err("failed to reserve new minor: %d\n", error);
1349 return error;
1350 }
1351
1352 evdev = kzalloc(sizeof(struct evdev), GFP_KERNEL);
1353 if (!evdev) {
1354 error = -ENOMEM;
1355 goto err_free_minor;
1356 }
1357
1358 INIT_LIST_HEAD(&evdev->client_list);
1359 spin_lock_init(&evdev->client_lock);
1360 mutex_init(&evdev->mutex);
1361 evdev->exist = true;
1362
1363 dev_no = minor;
1364
1365 if (dev_no < EVDEV_MINOR_BASE + EVDEV_MINORS)
1366 dev_no -= EVDEV_MINOR_BASE;
1367 dev_set_name(&evdev->dev, "event%d", dev_no);
1368
1369 evdev->handle.dev = input_get_device(dev);
1370 evdev->handle.name = dev_name(&evdev->dev);
1371 evdev->handle.handler = handler;
1372 evdev->handle.private = evdev;
1373
1374 evdev->dev.devt = MKDEV(INPUT_MAJOR, minor);
1375 evdev->dev.class = &input_class;
1376 evdev->dev.parent = &dev->dev;
1377 evdev->dev.release = evdev_free;
1378 device_initialize(&evdev->dev);
1379
1380 error = input_register_handle(&evdev->handle);
1381 if (error)
1382 goto err_free_evdev;
1383
1384 cdev_init(&evdev->cdev, &evdev_fops);
1385
1386 error = cdev_device_add(&evdev->cdev, &evdev->dev);
1387 if (error)
1388 goto err_cleanup_evdev;
1389
1390 return 0;
1391
1392 err_cleanup_evdev:
1393 evdev_cleanup(evdev);
1394 input_unregister_handle(&evdev->handle);
1395 err_free_evdev:
1396 put_device(&evdev->dev);
1397 err_free_minor:
1398 input_free_minor(minor);
1399 return error;
1400 }
1401
1402 static void evdev_disconnect(struct input_handle *handle)
1403 {
1404 struct evdev *evdev = handle->private;
1405
1406 cdev_device_del(&evdev->cdev, &evdev->dev);
1407 evdev_cleanup(evdev);
1408 input_free_minor(MINOR(evdev->dev.devt));
1409 input_unregister_handle(handle);
1410 put_device(&evdev->dev);
1411 }
1412
1413 static const struct input_device_id evdev_ids[] = {
1414 { .driver_info = 1 },
1415 { },
1416 };
1417
1418 MODULE_DEVICE_TABLE(input, evdev_ids);
1419
1420 static struct input_handler evdev_handler = {
1421 .event = evdev_event,
1422 .events = evdev_events,
1423 .connect = evdev_connect,
1424 .disconnect = evdev_disconnect,
1425 .legacy_minors = true,
1426 .minor = EVDEV_MINOR_BASE,
1427 .name = "evdev",
1428 .id_table = evdev_ids,
1429 };
1430
1431 static int __init evdev_init(void)
1432 {
1433 return input_register_handler(&evdev_handler);
1434 }
1435
1436 static void __exit evdev_exit(void)
1437 {
1438 input_unregister_handler(&evdev_handler);
1439 }
1440
1441 module_init(evdev_init);
1442 module_exit(evdev_exit);
1443
1444 MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>");
1445 MODULE_DESCRIPTION("Input driver event char devices");
1446 MODULE_LICENSE("GPL");
