evdev.c (33209B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Event char devices, giving access to raw input device events. 4 * 5 * Copyright (c) 1999-2002 Vojtech Pavlik 6 */ 7 8#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 9 10#define EVDEV_MINOR_BASE 64 11#define EVDEV_MINORS 32 12#define EVDEV_MIN_BUFFER_SIZE 64U 13#define EVDEV_BUF_PACKETS 8 14 15#include <linux/poll.h> 16#include <linux/sched.h> 17#include <linux/slab.h> 18#include <linux/vmalloc.h> 19#include <linux/mm.h> 20#include <linux/module.h> 21#include <linux/init.h> 22#include <linux/input/mt.h> 23#include <linux/major.h> 24#include <linux/device.h> 25#include <linux/cdev.h> 26#include "input-compat.h" 27 28struct evdev { 29 int open; 30 struct input_handle handle; 31 struct evdev_client __rcu *grab; 32 struct list_head client_list; 33 spinlock_t client_lock; /* protects client_list */ 34 struct mutex mutex; 35 struct device dev; 36 struct cdev cdev; 37 bool exist; 38}; 39 40struct evdev_client { 41 unsigned int head; 42 unsigned int tail; 43 unsigned int packet_head; /* [future] position of the first element of next packet */ 44 spinlock_t buffer_lock; /* protects access to buffer, head and tail */ 45 wait_queue_head_t wait; 46 struct fasync_struct *fasync; 47 struct evdev *evdev; 48 struct list_head node; 49 enum input_clock_type clk_type; 50 bool revoked; 51 unsigned long *evmasks[EV_CNT]; 52 unsigned int bufsize; 53 struct input_event buffer[]; 54}; 55 56static size_t evdev_get_mask_cnt(unsigned int type) 57{ 58 static const size_t counts[EV_CNT] = { 59 /* EV_SYN==0 is EV_CNT, _not_ SYN_CNT, see EVIOCGBIT */ 60 [EV_SYN] = EV_CNT, 61 [EV_KEY] = KEY_CNT, 62 [EV_REL] = REL_CNT, 63 [EV_ABS] = ABS_CNT, 64 [EV_MSC] = MSC_CNT, 65 [EV_SW] = SW_CNT, 66 [EV_LED] = LED_CNT, 67 [EV_SND] = SND_CNT, 68 [EV_FF] = FF_CNT, 69 }; 70 71 return (type < EV_CNT) ? counts[type] : 0; 72} 73 74/* requires the buffer lock to be held */ 75static bool __evdev_is_filtered(struct evdev_client *client, 76 unsigned int type, 77 unsigned int code) 78{ 79 unsigned long *mask; 80 size_t cnt; 81 82 /* EV_SYN and unknown codes are never filtered */ 83 if (type == EV_SYN || type >= EV_CNT) 84 return false; 85 86 /* first test whether the type is filtered */ 87 mask = client->evmasks[0]; 88 if (mask && !test_bit(type, mask)) 89 return true; 90 91 /* unknown values are never filtered */ 92 cnt = evdev_get_mask_cnt(type); 93 if (!cnt || code >= cnt) 94 return false; 95 96 mask = client->evmasks[type]; 97 return mask && !test_bit(code, mask); 98} 99 100/* flush queued events of type @type, caller must hold client->buffer_lock */ 101static void __evdev_flush_queue(struct evdev_client *client, unsigned int type) 102{ 103 unsigned int i, head, num; 104 unsigned int mask = client->bufsize - 1; 105 bool is_report; 106 struct input_event *ev; 107 108 BUG_ON(type == EV_SYN); 109 110 head = client->tail; 111 client->packet_head = client->tail; 112 113 /* init to 1 so a leading SYN_REPORT will not be dropped */ 114 num = 1; 115 116 for (i = client->tail; i != client->head; i = (i + 1) & mask) { 117 ev = &client->buffer[i]; 118 is_report = ev->type == EV_SYN && ev->code == SYN_REPORT; 119 120 if (ev->type == type) { 121 /* drop matched entry */ 122 continue; 123 } else if (is_report && !num) { 124 /* drop empty SYN_REPORT groups */ 125 continue; 126 } else if (head != i) { 127 /* move entry to fill the gap */ 128 client->buffer[head] = *ev; 129 } 130 131 num++; 132 head = (head + 1) & mask; 133 134 if (is_report) { 135 num = 0; 136 client->packet_head = head; 137 } 138 } 139 140 client->head = head; 141} 142 143static void __evdev_queue_syn_dropped(struct evdev_client *client) 144{ 145 ktime_t *ev_time = input_get_timestamp(client->evdev->handle.dev); 146 struct timespec64 ts = ktime_to_timespec64(ev_time[client->clk_type]); 147 struct input_event ev; 148 149 ev.input_event_sec = ts.tv_sec; 150 ev.input_event_usec = ts.tv_nsec / NSEC_PER_USEC; 151 ev.type = EV_SYN; 152 ev.code = SYN_DROPPED; 153 ev.value = 0; 154 155 client->buffer[client->head++] = ev; 156 client->head &= client->bufsize - 1; 157 158 if (unlikely(client->head == client->tail)) { 159 /* drop queue but keep our SYN_DROPPED event */ 160 client->tail = (client->head - 1) & (client->bufsize - 1); 161 client->packet_head = client->tail; 162 } 163} 164 165static void evdev_queue_syn_dropped(struct evdev_client *client) 166{ 167 unsigned long flags; 168 169 spin_lock_irqsave(&client->buffer_lock, flags); 170 __evdev_queue_syn_dropped(client); 171 spin_unlock_irqrestore(&client->buffer_lock, flags); 172} 173 174static int evdev_set_clk_type(struct evdev_client *client, unsigned int clkid) 175{ 176 unsigned long flags; 177 enum input_clock_type clk_type; 178 179 switch (clkid) { 180 181 case CLOCK_REALTIME: 182 clk_type = INPUT_CLK_REAL; 183 break; 184 case CLOCK_MONOTONIC: 185 clk_type = INPUT_CLK_MONO; 186 break; 187 case CLOCK_BOOTTIME: 188 clk_type = INPUT_CLK_BOOT; 189 break; 190 default: 191 return -EINVAL; 192 } 193 194 if (client->clk_type != clk_type) { 195 client->clk_type = clk_type; 196 197 /* 198 * Flush pending events and queue SYN_DROPPED event, 199 * but only if the queue is not empty. 200 */ 201 spin_lock_irqsave(&client->buffer_lock, flags); 202 203 if (client->head != client->tail) { 204 client->packet_head = client->head = client->tail; 205 __evdev_queue_syn_dropped(client); 206 } 207 208 spin_unlock_irqrestore(&client->buffer_lock, flags); 209 } 210 211 return 0; 212} 213 214static void __pass_event(struct evdev_client *client, 215 const struct input_event *event) 216{ 217 client->buffer[client->head++] = *event; 218 client->head &= client->bufsize - 1; 219 220 if (unlikely(client->head == client->tail)) { 221 /* 222 * This effectively "drops" all unconsumed events, leaving 223 * EV_SYN/SYN_DROPPED plus the newest event in the queue. 224 */ 225 client->tail = (client->head - 2) & (client->bufsize - 1); 226 227 client->buffer[client->tail] = (struct input_event) { 228 .input_event_sec = event->input_event_sec, 229 .input_event_usec = event->input_event_usec, 230 .type = EV_SYN, 231 .code = SYN_DROPPED, 232 .value = 0, 233 }; 234 235 client->packet_head = client->tail; 236 } 237 238 if (event->type == EV_SYN && event->code == SYN_REPORT) { 239 client->packet_head = client->head; 240 kill_fasync(&client->fasync, SIGIO, POLL_IN); 241 } 242} 243 244static void evdev_pass_values(struct evdev_client *client, 245 const struct input_value *vals, unsigned int count, 246 ktime_t *ev_time) 247{ 248 const struct input_value *v; 249 struct input_event event; 250 struct timespec64 ts; 251 bool wakeup = false; 252 253 if (client->revoked) 254 return; 255 256 ts = ktime_to_timespec64(ev_time[client->clk_type]); 257 event.input_event_sec = ts.tv_sec; 258 event.input_event_usec = ts.tv_nsec / NSEC_PER_USEC; 259 260 /* Interrupts are disabled, just acquire the lock. */ 261 spin_lock(&client->buffer_lock); 262 263 for (v = vals; v != vals + count; v++) { 264 if (__evdev_is_filtered(client, v->type, v->code)) 265 continue; 266 267 if (v->type == EV_SYN && v->code == SYN_REPORT) { 268 /* drop empty SYN_REPORT */ 269 if (client->packet_head == client->head) 270 continue; 271 272 wakeup = true; 273 } 274 275 event.type = v->type; 276 event.code = v->code; 277 event.value = v->value; 278 __pass_event(client, &event); 279 } 280 281 spin_unlock(&client->buffer_lock); 282 283 if (wakeup) 284 wake_up_interruptible_poll(&client->wait, 285 EPOLLIN | EPOLLOUT | EPOLLRDNORM | EPOLLWRNORM); 286} 287 288/* 289 * Pass incoming events to all connected clients. 290 */ 291static void evdev_events(struct input_handle *handle, 292 const struct input_value *vals, unsigned int count) 293{ 294 struct evdev *evdev = handle->private; 295 struct evdev_client *client; 296 ktime_t *ev_time = input_get_timestamp(handle->dev); 297 298 rcu_read_lock(); 299 300 client = rcu_dereference(evdev->grab); 301 302 if (client) 303 evdev_pass_values(client, vals, count, ev_time); 304 else 305 list_for_each_entry_rcu(client, &evdev->client_list, node) 306 evdev_pass_values(client, vals, count, ev_time); 307 308 rcu_read_unlock(); 309} 310 311/* 312 * Pass incoming event to all connected clients. 313 */ 314static void evdev_event(struct input_handle *handle, 315 unsigned int type, unsigned int code, int value) 316{ 317 struct input_value vals[] = { { type, code, value } }; 318 319 evdev_events(handle, vals, 1); 320} 321 322static int evdev_fasync(int fd, struct file *file, int on) 323{ 324 struct evdev_client *client = file->private_data; 325 326 return fasync_helper(fd, file, on, &client->fasync); 327} 328 329static void evdev_free(struct device *dev) 330{ 331 struct evdev *evdev = container_of(dev, struct evdev, dev); 332 333 input_put_device(evdev->handle.dev); 334 kfree(evdev); 335} 336 337/* 338 * Grabs an event device (along with underlying input device). 339 * This function is called with evdev->mutex taken. 340 */ 341static int evdev_grab(struct evdev *evdev, struct evdev_client *client) 342{ 343 int error; 344 345 if (evdev->grab) 346 return -EBUSY; 347 348 error = input_grab_device(&evdev->handle); 349 if (error) 350 return error; 351 352 rcu_assign_pointer(evdev->grab, client); 353 354 return 0; 355} 356 357static int evdev_ungrab(struct evdev *evdev, struct evdev_client *client) 358{ 359 struct evdev_client *grab = rcu_dereference_protected(evdev->grab, 360 lockdep_is_held(&evdev->mutex)); 361 362 if (grab != client) 363 return -EINVAL; 364 365 rcu_assign_pointer(evdev->grab, NULL); 366 synchronize_rcu(); 367 input_release_device(&evdev->handle); 368 369 return 0; 370} 371 372static void evdev_attach_client(struct evdev *evdev, 373 struct evdev_client *client) 374{ 375 spin_lock(&evdev->client_lock); 376 list_add_tail_rcu(&client->node, &evdev->client_list); 377 spin_unlock(&evdev->client_lock); 378} 379 380static void evdev_detach_client(struct evdev *evdev, 381 struct evdev_client *client) 382{ 383 spin_lock(&evdev->client_lock); 384 list_del_rcu(&client->node); 385 spin_unlock(&evdev->client_lock); 386 synchronize_rcu(); 387} 388 389static int evdev_open_device(struct evdev *evdev) 390{ 391 int retval; 392 393 retval = mutex_lock_interruptible(&evdev->mutex); 394 if (retval) 395 return retval; 396 397 if (!evdev->exist) 398 retval = -ENODEV; 399 else if (!evdev->open++) { 400 retval = input_open_device(&evdev->handle); 401 if (retval) 402 evdev->open--; 403 } 404 405 mutex_unlock(&evdev->mutex); 406 return retval; 407} 408 409static void evdev_close_device(struct evdev *evdev) 410{ 411 mutex_lock(&evdev->mutex); 412 413 if (evdev->exist && !--evdev->open) 414 input_close_device(&evdev->handle); 415 416 mutex_unlock(&evdev->mutex); 417} 418 419/* 420 * Wake up users waiting for IO so they can disconnect from 421 * dead device. 422 */ 423static void evdev_hangup(struct evdev *evdev) 424{ 425 struct evdev_client *client; 426 427 spin_lock(&evdev->client_lock); 428 list_for_each_entry(client, &evdev->client_list, node) { 429 kill_fasync(&client->fasync, SIGIO, POLL_HUP); 430 wake_up_interruptible_poll(&client->wait, EPOLLHUP | EPOLLERR); 431 } 432 spin_unlock(&evdev->client_lock); 433} 434 435static int evdev_release(struct inode *inode, struct file *file) 436{ 437 struct evdev_client *client = file->private_data; 438 struct evdev *evdev = client->evdev; 439 unsigned int i; 440 441 mutex_lock(&evdev->mutex); 442 443 if (evdev->exist && !client->revoked) 444 input_flush_device(&evdev->handle, file); 445 446 evdev_ungrab(evdev, client); 447 mutex_unlock(&evdev->mutex); 448 449 evdev_detach_client(evdev, client); 450 451 for (i = 0; i < EV_CNT; ++i) 452 bitmap_free(client->evmasks[i]); 453 454 kvfree(client); 455 456 evdev_close_device(evdev); 457 458 return 0; 459} 460 461static unsigned int evdev_compute_buffer_size(struct input_dev *dev) 462{ 463 unsigned int n_events = 464 max(dev->hint_events_per_packet * EVDEV_BUF_PACKETS, 465 EVDEV_MIN_BUFFER_SIZE); 466 467 return roundup_pow_of_two(n_events); 468} 469 470static int evdev_open(struct inode *inode, struct file *file) 471{ 472 struct evdev *evdev = container_of(inode->i_cdev, struct evdev, cdev); 473 unsigned int bufsize = evdev_compute_buffer_size(evdev->handle.dev); 474 struct evdev_client *client; 475 int error; 476 477 client = kvzalloc(struct_size(client, buffer, bufsize), GFP_KERNEL); 478 if (!client) 479 return -ENOMEM; 480 481 init_waitqueue_head(&client->wait); 482 client->bufsize = bufsize; 483 spin_lock_init(&client->buffer_lock); 484 client->evdev = evdev; 485 evdev_attach_client(evdev, client); 486 487 error = evdev_open_device(evdev); 488 if (error) 489 goto err_free_client; 490 491 file->private_data = client; 492 stream_open(inode, file); 493 494 return 0; 495 496 err_free_client: 497 evdev_detach_client(evdev, client); 498 kvfree(client); 499 return error; 500} 501 502static ssize_t evdev_write(struct file *file, const char __user *buffer, 503 size_t count, loff_t *ppos) 504{ 505 struct evdev_client *client = file->private_data; 506 struct evdev *evdev = client->evdev; 507 struct input_event event; 508 int retval = 0; 509 510 if (count != 0 && count < input_event_size()) 511 return -EINVAL; 512 513 retval = mutex_lock_interruptible(&evdev->mutex); 514 if (retval) 515 return retval; 516 517 if (!evdev->exist || client->revoked) { 518 retval = -ENODEV; 519 goto out; 520 } 521 522 while (retval + input_event_size() <= count) { 523 524 if (input_event_from_user(buffer + retval, &event)) { 525 retval = -EFAULT; 526 goto out; 527 } 528 retval += input_event_size(); 529 530 input_inject_event(&evdev->handle, 531 event.type, event.code, event.value); 532 cond_resched(); 533 } 534 535 out: 536 mutex_unlock(&evdev->mutex); 537 return retval; 538} 539 540static int evdev_fetch_next_event(struct evdev_client *client, 541 struct input_event *event) 542{ 543 int have_event; 544 545 spin_lock_irq(&client->buffer_lock); 546 547 have_event = client->packet_head != client->tail; 548 if (have_event) { 549 *event = client->buffer[client->tail++]; 550 client->tail &= client->bufsize - 1; 551 } 552 553 spin_unlock_irq(&client->buffer_lock); 554 555 return have_event; 556} 557 558static ssize_t evdev_read(struct file *file, char __user *buffer, 559 size_t count, loff_t *ppos) 560{ 561 struct evdev_client *client = file->private_data; 562 struct evdev *evdev = client->evdev; 563 struct input_event event; 564 size_t read = 0; 565 int error; 566 567 if (count != 0 && count < input_event_size()) 568 return -EINVAL; 569 570 for (;;) { 571 if (!evdev->exist || client->revoked) 572 return -ENODEV; 573 574 if (client->packet_head == client->tail && 575 (file->f_flags & O_NONBLOCK)) 576 return -EAGAIN; 577 578 /* 579 * count == 0 is special - no IO is done but we check 580 * for error conditions (see above). 581 */ 582 if (count == 0) 583 break; 584 585 while (read + input_event_size() <= count && 586 evdev_fetch_next_event(client, &event)) { 587 588 if (input_event_to_user(buffer + read, &event)) 589 return -EFAULT; 590 591 read += input_event_size(); 592 } 593 594 if (read) 595 break; 596 597 if (!(file->f_flags & O_NONBLOCK)) { 598 error = wait_event_interruptible(client->wait, 599 client->packet_head != client->tail || 600 !evdev->exist || client->revoked); 601 if (error) 602 return error; 603 } 604 } 605 606 return read; 607} 608 609/* No kernel lock - fine */ 610static __poll_t evdev_poll(struct file *file, poll_table *wait) 611{ 612 struct evdev_client *client = file->private_data; 613 struct evdev *evdev = client->evdev; 614 __poll_t mask; 615 616 poll_wait(file, &client->wait, wait); 617 618 if (evdev->exist && !client->revoked) 619 mask = EPOLLOUT | EPOLLWRNORM; 620 else 621 mask = EPOLLHUP | EPOLLERR; 622 623 if (client->packet_head != client->tail) 624 mask |= EPOLLIN | EPOLLRDNORM; 625 626 return mask; 627} 628 629#ifdef CONFIG_COMPAT 630 631#define BITS_PER_LONG_COMPAT (sizeof(compat_long_t) * 8) 632#define BITS_TO_LONGS_COMPAT(x) ((((x) - 1) / BITS_PER_LONG_COMPAT) + 1) 633 634#ifdef __BIG_ENDIAN 635static int bits_to_user(unsigned long *bits, unsigned int maxbit, 636 unsigned int maxlen, void __user *p, int compat) 637{ 638 int len, i; 639 640 if (compat) { 641 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t); 642 if (len > maxlen) 643 len = maxlen; 644 645 for (i = 0; i < len / sizeof(compat_long_t); i++) 646 if (copy_to_user((compat_long_t __user *) p + i, 647 (compat_long_t *) bits + 648 i + 1 - ((i % 2) << 1), 649 sizeof(compat_long_t))) 650 return -EFAULT; 651 } else { 652 len = BITS_TO_LONGS(maxbit) * sizeof(long); 653 if (len > maxlen) 654 len = maxlen; 655 656 if (copy_to_user(p, bits, len)) 657 return -EFAULT; 658 } 659 660 return len; 661} 662 663static int bits_from_user(unsigned long *bits, unsigned int maxbit, 664 unsigned int maxlen, const void __user *p, int compat) 665{ 666 int len, i; 667 668 if (compat) { 669 if (maxlen % sizeof(compat_long_t)) 670 return -EINVAL; 671 672 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t); 673 if (len > maxlen) 674 len = maxlen; 675 676 for (i = 0; i < len / sizeof(compat_long_t); i++) 677 if (copy_from_user((compat_long_t *) bits + 678 i + 1 - ((i % 2) << 1), 679 (compat_long_t __user *) p + i, 680 sizeof(compat_long_t))) 681 return -EFAULT; 682 if (i % 2) 683 *((compat_long_t *) bits + i - 1) = 0; 684 685 } else { 686 if (maxlen % sizeof(long)) 687 return -EINVAL; 688 689 len = BITS_TO_LONGS(maxbit) * sizeof(long); 690 if (len > maxlen) 691 len = maxlen; 692 693 if (copy_from_user(bits, p, len)) 694 return -EFAULT; 695 } 696 697 return len; 698} 699 700#else 701 702static int bits_to_user(unsigned long *bits, unsigned int maxbit, 703 unsigned int maxlen, void __user *p, int compat) 704{ 705 int len = compat ? 706 BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t) : 707 BITS_TO_LONGS(maxbit) * sizeof(long); 708 709 if (len > maxlen) 710 len = maxlen; 711 712 return copy_to_user(p, bits, len) ? -EFAULT : len; 713} 714 715static int bits_from_user(unsigned long *bits, unsigned int maxbit, 716 unsigned int maxlen, const void __user *p, int compat) 717{ 718 size_t chunk_size = compat ? sizeof(compat_long_t) : sizeof(long); 719 int len; 720 721 if (maxlen % chunk_size) 722 return -EINVAL; 723 724 len = compat ? BITS_TO_LONGS_COMPAT(maxbit) : BITS_TO_LONGS(maxbit); 725 len *= chunk_size; 726 if (len > maxlen) 727 len = maxlen; 728 729 return copy_from_user(bits, p, len) ? -EFAULT : len; 730} 731 732#endif /* __BIG_ENDIAN */ 733 734#else 735 736static int bits_to_user(unsigned long *bits, unsigned int maxbit, 737 unsigned int maxlen, void __user *p, int compat) 738{ 739 int len = BITS_TO_LONGS(maxbit) * sizeof(long); 740 741 if (len > maxlen) 742 len = maxlen; 743 744 return copy_to_user(p, bits, len) ? -EFAULT : len; 745} 746 747static int bits_from_user(unsigned long *bits, unsigned int maxbit, 748 unsigned int maxlen, const void __user *p, int compat) 749{ 750 int len; 751 752 if (maxlen % sizeof(long)) 753 return -EINVAL; 754 755 len = BITS_TO_LONGS(maxbit) * sizeof(long); 756 if (len > maxlen) 757 len = maxlen; 758 759 return copy_from_user(bits, p, len) ? -EFAULT : len; 760} 761 762#endif /* CONFIG_COMPAT */ 763 764static int str_to_user(const char *str, unsigned int maxlen, void __user *p) 765{ 766 int len; 767 768 if (!str) 769 return -ENOENT; 770 771 len = strlen(str) + 1; 772 if (len > maxlen) 773 len = maxlen; 774 775 return copy_to_user(p, str, len) ? -EFAULT : len; 776} 777 778static int handle_eviocgbit(struct input_dev *dev, 779 unsigned int type, unsigned int size, 780 void __user *p, int compat_mode) 781{ 782 unsigned long *bits; 783 int len; 784 785 switch (type) { 786 787 case 0: bits = dev->evbit; len = EV_MAX; break; 788 case EV_KEY: bits = dev->keybit; len = KEY_MAX; break; 789 case EV_REL: bits = dev->relbit; len = REL_MAX; break; 790 case EV_ABS: bits = dev->absbit; len = ABS_MAX; break; 791 case EV_MSC: bits = dev->mscbit; len = MSC_MAX; break; 792 case EV_LED: bits = dev->ledbit; len = LED_MAX; break; 793 case EV_SND: bits = dev->sndbit; len = SND_MAX; break; 794 case EV_FF: bits = dev->ffbit; len = FF_MAX; break; 795 case EV_SW: bits = dev->swbit; len = SW_MAX; break; 796 default: return -EINVAL; 797 } 798 799 return bits_to_user(bits, len, size, p, compat_mode); 800} 801 802static int evdev_handle_get_keycode(struct input_dev *dev, void __user *p) 803{ 804 struct input_keymap_entry ke = { 805 .len = sizeof(unsigned int), 806 .flags = 0, 807 }; 808 int __user *ip = (int __user *)p; 809 int error; 810 811 /* legacy case */ 812 if (copy_from_user(ke.scancode, p, sizeof(unsigned int))) 813 return -EFAULT; 814 815 error = input_get_keycode(dev, &ke); 816 if (error) 817 return error; 818 819 if (put_user(ke.keycode, ip + 1)) 820 return -EFAULT; 821 822 return 0; 823} 824 825static int evdev_handle_get_keycode_v2(struct input_dev *dev, void __user *p) 826{ 827 struct input_keymap_entry ke; 828 int error; 829 830 if (copy_from_user(&ke, p, sizeof(ke))) 831 return -EFAULT; 832 833 error = input_get_keycode(dev, &ke); 834 if (error) 835 return error; 836 837 if (copy_to_user(p, &ke, sizeof(ke))) 838 return -EFAULT; 839 840 return 0; 841} 842 843static int evdev_handle_set_keycode(struct input_dev *dev, void __user *p) 844{ 845 struct input_keymap_entry ke = { 846 .len = sizeof(unsigned int), 847 .flags = 0, 848 }; 849 int __user *ip = (int __user *)p; 850 851 if (copy_from_user(ke.scancode, p, sizeof(unsigned int))) 852 return -EFAULT; 853 854 if (get_user(ke.keycode, ip + 1)) 855 return -EFAULT; 856 857 return input_set_keycode(dev, &ke); 858} 859 860static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p) 861{ 862 struct input_keymap_entry ke; 863 864 if (copy_from_user(&ke, p, sizeof(ke))) 865 return -EFAULT; 866 867 if (ke.len > sizeof(ke.scancode)) 868 return -EINVAL; 869 870 return input_set_keycode(dev, &ke); 871} 872 873/* 874 * If we transfer state to the user, we should flush all pending events 875 * of the same type from the client's queue. Otherwise, they might end up 876 * with duplicate events, which can screw up client's state tracking. 877 * If bits_to_user fails after flushing the queue, we queue a SYN_DROPPED 878 * event so user-space will notice missing events. 879 * 880 * LOCKING: 881 * We need to take event_lock before buffer_lock to avoid dead-locks. But we 882 * need the even_lock only to guarantee consistent state. We can safely release 883 * it while flushing the queue. This allows input-core to handle filters while 884 * we flush the queue. 885 */ 886static int evdev_handle_get_val(struct evdev_client *client, 887 struct input_dev *dev, unsigned int type, 888 unsigned long *bits, unsigned int maxbit, 889 unsigned int maxlen, void __user *p, 890 int compat) 891{ 892 int ret; 893 unsigned long *mem; 894 895 mem = bitmap_alloc(maxbit, GFP_KERNEL); 896 if (!mem) 897 return -ENOMEM; 898 899 spin_lock_irq(&dev->event_lock); 900 spin_lock(&client->buffer_lock); 901 902 bitmap_copy(mem, bits, maxbit); 903 904 spin_unlock(&dev->event_lock); 905 906 __evdev_flush_queue(client, type); 907 908 spin_unlock_irq(&client->buffer_lock); 909 910 ret = bits_to_user(mem, maxbit, maxlen, p, compat); 911 if (ret < 0) 912 evdev_queue_syn_dropped(client); 913 914 bitmap_free(mem); 915 916 return ret; 917} 918 919static int evdev_handle_mt_request(struct input_dev *dev, 920 unsigned int size, 921 int __user *ip) 922{ 923 const struct input_mt *mt = dev->mt; 924 unsigned int code; 925 int max_slots; 926 int i; 927 928 if (get_user(code, &ip[0])) 929 return -EFAULT; 930 if (!mt || !input_is_mt_value(code)) 931 return -EINVAL; 932 933 max_slots = (size - sizeof(__u32)) / sizeof(__s32); 934 for (i = 0; i < mt->num_slots && i < max_slots; i++) { 935 int value = input_mt_get_value(&mt->slots[i], code); 936 if (put_user(value, &ip[1 + i])) 937 return -EFAULT; 938 } 939 940 return 0; 941} 942 943static int evdev_revoke(struct evdev *evdev, struct evdev_client *client, 944 struct file *file) 945{ 946 client->revoked = true; 947 evdev_ungrab(evdev, client); 948 input_flush_device(&evdev->handle, file); 949 wake_up_interruptible_poll(&client->wait, EPOLLHUP | EPOLLERR); 950 951 return 0; 952} 953 954/* must be called with evdev-mutex held */ 955static int evdev_set_mask(struct evdev_client *client, 956 unsigned int type, 957 const void __user *codes, 958 u32 codes_size, 959 int compat) 960{ 961 unsigned long flags, *mask, *oldmask; 962 size_t cnt; 963 int error; 964 965 /* we allow unknown types and 'codes_size > size' for forward-compat */ 966 cnt = evdev_get_mask_cnt(type); 967 if (!cnt) 968 return 0; 969 970 mask = bitmap_zalloc(cnt, GFP_KERNEL); 971 if (!mask) 972 return -ENOMEM; 973 974 error = bits_from_user(mask, cnt - 1, codes_size, codes, compat); 975 if (error < 0) { 976 bitmap_free(mask); 977 return error; 978 } 979 980 spin_lock_irqsave(&client->buffer_lock, flags); 981 oldmask = client->evmasks[type]; 982 client->evmasks[type] = mask; 983 spin_unlock_irqrestore(&client->buffer_lock, flags); 984 985 bitmap_free(oldmask); 986 987 return 0; 988} 989 990/* must be called with evdev-mutex held */ 991static int evdev_get_mask(struct evdev_client *client, 992 unsigned int type, 993 void __user *codes, 994 u32 codes_size, 995 int compat) 996{ 997 unsigned long *mask; 998 size_t cnt, size, xfer_size; 999 int i; 1000 int error; 1001 1002 /* we allow unknown types and 'codes_size > size' for forward-compat */ 1003 cnt = evdev_get_mask_cnt(type); 1004 size = sizeof(unsigned long) * BITS_TO_LONGS(cnt); 1005 xfer_size = min_t(size_t, codes_size, size); 1006 1007 if (cnt > 0) { 1008 mask = client->evmasks[type]; 1009 if (mask) { 1010 error = bits_to_user(mask, cnt - 1, 1011 xfer_size, codes, compat); 1012 if (error < 0) 1013 return error; 1014 } else { 1015 /* fake mask with all bits set */ 1016 for (i = 0; i < xfer_size; i++) 1017 if (put_user(0xffU, (u8 __user *)codes + i)) 1018 return -EFAULT; 1019 } 1020 } 1021 1022 if (xfer_size < codes_size) 1023 if (clear_user(codes + xfer_size, codes_size - xfer_size)) 1024 return -EFAULT; 1025 1026 return 0; 1027} 1028 1029static long evdev_do_ioctl(struct file *file, unsigned int cmd, 1030 void __user *p, int compat_mode) 1031{ 1032 struct evdev_client *client = file->private_data; 1033 struct evdev *evdev = client->evdev; 1034 struct input_dev *dev = evdev->handle.dev; 1035 struct input_absinfo abs; 1036 struct input_mask mask; 1037 struct ff_effect effect; 1038 int __user *ip = (int __user *)p; 1039 unsigned int i, t, u, v; 1040 unsigned int size; 1041 int error; 1042 1043 /* First we check for fixed-length commands */ 1044 switch (cmd) { 1045 1046 case EVIOCGVERSION: 1047 return put_user(EV_VERSION, ip); 1048 1049 case EVIOCGID: 1050 if (copy_to_user(p, &dev->id, sizeof(struct input_id))) 1051 return -EFAULT; 1052 return 0; 1053 1054 case EVIOCGREP: 1055 if (!test_bit(EV_REP, dev->evbit)) 1056 return -ENOSYS; 1057 if (put_user(dev->rep[REP_DELAY], ip)) 1058 return -EFAULT; 1059 if (put_user(dev->rep[REP_PERIOD], ip + 1)) 1060 return -EFAULT; 1061 return 0; 1062 1063 case EVIOCSREP: 1064 if (!test_bit(EV_REP, dev->evbit)) 1065 return -ENOSYS; 1066 if (get_user(u, ip)) 1067 return -EFAULT; 1068 if (get_user(v, ip + 1)) 1069 return -EFAULT; 1070 1071 input_inject_event(&evdev->handle, EV_REP, REP_DELAY, u); 1072 input_inject_event(&evdev->handle, EV_REP, REP_PERIOD, v); 1073 1074 return 0; 1075 1076 case EVIOCRMFF: 1077 return input_ff_erase(dev, (int)(unsigned long) p, file); 1078 1079 case EVIOCGEFFECTS: 1080 i = test_bit(EV_FF, dev->evbit) ? 1081 dev->ff->max_effects : 0; 1082 if (put_user(i, ip)) 1083 return -EFAULT; 1084 return 0; 1085 1086 case EVIOCGRAB: 1087 if (p) 1088 return evdev_grab(evdev, client); 1089 else 1090 return evdev_ungrab(evdev, client); 1091 1092 case EVIOCREVOKE: 1093 if (p) 1094 return -EINVAL; 1095 else 1096 return evdev_revoke(evdev, client, file); 1097 1098 case EVIOCGMASK: { 1099 void __user *codes_ptr; 1100 1101 if (copy_from_user(&mask, p, sizeof(mask))) 1102 return -EFAULT; 1103 1104 codes_ptr = (void __user *)(unsigned long)mask.codes_ptr; 1105 return evdev_get_mask(client, 1106 mask.type, codes_ptr, mask.codes_size, 1107 compat_mode); 1108 } 1109 1110 case EVIOCSMASK: { 1111 const void __user *codes_ptr; 1112 1113 if (copy_from_user(&mask, p, sizeof(mask))) 1114 return -EFAULT; 1115 1116 codes_ptr = (const void __user *)(unsigned long)mask.codes_ptr; 1117 return evdev_set_mask(client, 1118 mask.type, codes_ptr, mask.codes_size, 1119 compat_mode); 1120 } 1121 1122 case EVIOCSCLOCKID: 1123 if (copy_from_user(&i, p, sizeof(unsigned int))) 1124 return -EFAULT; 1125 1126 return evdev_set_clk_type(client, i); 1127 1128 case EVIOCGKEYCODE: 1129 return evdev_handle_get_keycode(dev, p); 1130 1131 case EVIOCSKEYCODE: 1132 return evdev_handle_set_keycode(dev, p); 1133 1134 case EVIOCGKEYCODE_V2: 1135 return evdev_handle_get_keycode_v2(dev, p); 1136 1137 case EVIOCSKEYCODE_V2: 1138 return evdev_handle_set_keycode_v2(dev, p); 1139 } 1140 1141 size = _IOC_SIZE(cmd); 1142 1143 /* Now check variable-length commands */ 1144#define EVIOC_MASK_SIZE(nr) ((nr) & ~(_IOC_SIZEMASK << _IOC_SIZESHIFT)) 1145 switch (EVIOC_MASK_SIZE(cmd)) { 1146 1147 case EVIOCGPROP(0): 1148 return bits_to_user(dev->propbit, INPUT_PROP_MAX, 1149 size, p, compat_mode); 1150 1151 case EVIOCGMTSLOTS(0): 1152 return evdev_handle_mt_request(dev, size, ip); 1153 1154 case EVIOCGKEY(0): 1155 return evdev_handle_get_val(client, dev, EV_KEY, dev->key, 1156 KEY_MAX, size, p, compat_mode); 1157 1158 case EVIOCGLED(0): 1159 return evdev_handle_get_val(client, dev, EV_LED, dev->led, 1160 LED_MAX, size, p, compat_mode); 1161 1162 case EVIOCGSND(0): 1163 return evdev_handle_get_val(client, dev, EV_SND, dev->snd, 1164 SND_MAX, size, p, compat_mode); 1165 1166 case EVIOCGSW(0): 1167 return evdev_handle_get_val(client, dev, EV_SW, dev->sw, 1168 SW_MAX, size, p, compat_mode); 1169 1170 case EVIOCGNAME(0): 1171 return str_to_user(dev->name, size, p); 1172 1173 case EVIOCGPHYS(0): 1174 return str_to_user(dev->phys, size, p); 1175 1176 case EVIOCGUNIQ(0): 1177 return str_to_user(dev->uniq, size, p); 1178 1179 case EVIOC_MASK_SIZE(EVIOCSFF): 1180 if (input_ff_effect_from_user(p, size, &effect)) 1181 return -EFAULT; 1182 1183 error = input_ff_upload(dev, &effect, file); 1184 if (error) 1185 return error; 1186 1187 if (put_user(effect.id, &(((struct ff_effect __user *)p)->id))) 1188 return -EFAULT; 1189 1190 return 0; 1191 } 1192 1193 /* Multi-number variable-length handlers */ 1194 if (_IOC_TYPE(cmd) != 'E') 1195 return -EINVAL; 1196 1197 if (_IOC_DIR(cmd) == _IOC_READ) { 1198 1199 if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0, 0))) 1200 return handle_eviocgbit(dev, 1201 _IOC_NR(cmd) & EV_MAX, size, 1202 p, compat_mode); 1203 1204 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) { 1205 1206 if (!dev->absinfo) 1207 return -EINVAL; 1208 1209 t = _IOC_NR(cmd) & ABS_MAX; 1210 abs = dev->absinfo[t]; 1211 1212 if (copy_to_user(p, &abs, min_t(size_t, 1213 size, sizeof(struct input_absinfo)))) 1214 return -EFAULT; 1215 1216 return 0; 1217 } 1218 } 1219 1220 if (_IOC_DIR(cmd) == _IOC_WRITE) { 1221 1222 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) { 1223 1224 if (!dev->absinfo) 1225 return -EINVAL; 1226 1227 t = _IOC_NR(cmd) & ABS_MAX; 1228 1229 if (copy_from_user(&abs, p, min_t(size_t, 1230 size, sizeof(struct input_absinfo)))) 1231 return -EFAULT; 1232 1233 if (size < sizeof(struct input_absinfo)) 1234 abs.resolution = 0; 1235 1236 /* We can't change number of reserved MT slots */ 1237 if (t == ABS_MT_SLOT) 1238 return -EINVAL; 1239 1240 /* 1241 * Take event lock to ensure that we are not 1242 * changing device parameters in the middle 1243 * of event. 1244 */ 1245 spin_lock_irq(&dev->event_lock); 1246 dev->absinfo[t] = abs; 1247 spin_unlock_irq(&dev->event_lock); 1248 1249 return 0; 1250 } 1251 } 1252 1253 return -EINVAL; 1254} 1255 1256static long evdev_ioctl_handler(struct file *file, unsigned int cmd, 1257 void __user *p, int compat_mode) 1258{ 1259 struct evdev_client *client = file->private_data; 1260 struct evdev *evdev = client->evdev; 1261 int retval; 1262 1263 retval = mutex_lock_interruptible(&evdev->mutex); 1264 if (retval) 1265 return retval; 1266 1267 if (!evdev->exist || client->revoked) { 1268 retval = -ENODEV; 1269 goto out; 1270 } 1271 1272 retval = evdev_do_ioctl(file, cmd, p, compat_mode); 1273 1274 out: 1275 mutex_unlock(&evdev->mutex); 1276 return retval; 1277} 1278 1279static long evdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1280{ 1281 return evdev_ioctl_handler(file, cmd, (void __user *)arg, 0); 1282} 1283 1284#ifdef CONFIG_COMPAT 1285static long evdev_ioctl_compat(struct file *file, 1286 unsigned int cmd, unsigned long arg) 1287{ 1288 return evdev_ioctl_handler(file, cmd, compat_ptr(arg), 1); 1289} 1290#endif 1291 1292static const struct file_operations evdev_fops = { 1293 .owner = THIS_MODULE, 1294 .read = evdev_read, 1295 .write = evdev_write, 1296 .poll = evdev_poll, 1297 .open = evdev_open, 1298 .release = evdev_release, 1299 .unlocked_ioctl = evdev_ioctl, 1300#ifdef CONFIG_COMPAT 1301 .compat_ioctl = evdev_ioctl_compat, 1302#endif 1303 .fasync = evdev_fasync, 1304 .llseek = no_llseek, 1305}; 1306 1307/* 1308 * Mark device non-existent. This disables writes, ioctls and 1309 * prevents new users from opening the device. Already posted 1310 * blocking reads will stay, however new ones will fail. 1311 */ 1312static void evdev_mark_dead(struct evdev *evdev) 1313{ 1314 mutex_lock(&evdev->mutex); 1315 evdev->exist = false; 1316 mutex_unlock(&evdev->mutex); 1317} 1318 1319static void evdev_cleanup(struct evdev *evdev) 1320{ 1321 struct input_handle *handle = &evdev->handle; 1322 1323 evdev_mark_dead(evdev); 1324 evdev_hangup(evdev); 1325 1326 /* evdev is marked dead so no one else accesses evdev->open */ 1327 if (evdev->open) { 1328 input_flush_device(handle, NULL); 1329 input_close_device(handle); 1330 } 1331} 1332 1333/* 1334 * Create new evdev device. Note that input core serializes calls 1335 * to connect and disconnect. 1336 */ 1337static int evdev_connect(struct input_handler *handler, struct input_dev *dev, 1338 const struct input_device_id *id) 1339{ 1340 struct evdev *evdev; 1341 int minor; 1342 int dev_no; 1343 int error; 1344 1345 minor = input_get_new_minor(EVDEV_MINOR_BASE, EVDEV_MINORS, true); 1346 if (minor < 0) { 1347 error = minor; 1348 pr_err("failed to reserve new minor: %d\n", error); 1349 return error; 1350 } 1351 1352 evdev = kzalloc(sizeof(struct evdev), GFP_KERNEL); 1353 if (!evdev) { 1354 error = -ENOMEM; 1355 goto err_free_minor; 1356 } 1357 1358 INIT_LIST_HEAD(&evdev->client_list); 1359 spin_lock_init(&evdev->client_lock); 1360 mutex_init(&evdev->mutex); 1361 evdev->exist = true; 1362 1363 dev_no = minor; 1364 /* Normalize device number if it falls into legacy range */ 1365 if (dev_no < EVDEV_MINOR_BASE + EVDEV_MINORS) 1366 dev_no -= EVDEV_MINOR_BASE; 1367 dev_set_name(&evdev->dev, "event%d", dev_no); 1368 1369 evdev->handle.dev = input_get_device(dev); 1370 evdev->handle.name = dev_name(&evdev->dev); 1371 evdev->handle.handler = handler; 1372 evdev->handle.private = evdev; 1373 1374 evdev->dev.devt = MKDEV(INPUT_MAJOR, minor); 1375 evdev->dev.class = &input_class; 1376 evdev->dev.parent = &dev->dev; 1377 evdev->dev.release = evdev_free; 1378 device_initialize(&evdev->dev); 1379 1380 error = input_register_handle(&evdev->handle); 1381 if (error) 1382 goto err_free_evdev; 1383 1384 cdev_init(&evdev->cdev, &evdev_fops); 1385 1386 error = cdev_device_add(&evdev->cdev, &evdev->dev); 1387 if (error) 1388 goto err_cleanup_evdev; 1389 1390 return 0; 1391 1392 err_cleanup_evdev: 1393 evdev_cleanup(evdev); 1394 input_unregister_handle(&evdev->handle); 1395 err_free_evdev: 1396 put_device(&evdev->dev); 1397 err_free_minor: 1398 input_free_minor(minor); 1399 return error; 1400} 1401 1402static void evdev_disconnect(struct input_handle *handle) 1403{ 1404 struct evdev *evdev = handle->private; 1405 1406 cdev_device_del(&evdev->cdev, &evdev->dev); 1407 evdev_cleanup(evdev); 1408 input_free_minor(MINOR(evdev->dev.devt)); 1409 input_unregister_handle(handle); 1410 put_device(&evdev->dev); 1411} 1412 1413static const struct input_device_id evdev_ids[] = { 1414 { .driver_info = 1 }, /* Matches all devices */ 1415 { }, /* Terminating zero entry */ 1416}; 1417 1418MODULE_DEVICE_TABLE(input, evdev_ids); 1419 1420static struct input_handler evdev_handler = { 1421 .event = evdev_event, 1422 .events = evdev_events, 1423 .connect = evdev_connect, 1424 .disconnect = evdev_disconnect, 1425 .legacy_minors = true, 1426 .minor = EVDEV_MINOR_BASE, 1427 .name = "evdev", 1428 .id_table = evdev_ids, 1429}; 1430 1431static int __init evdev_init(void) 1432{ 1433 return input_register_handler(&evdev_handler); 1434} 1435 1436static void __exit evdev_exit(void) 1437{ 1438 input_unregister_handler(&evdev_handler); 1439} 1440 1441module_init(evdev_init); 1442module_exit(evdev_exit); 1443 1444MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>"); 1445MODULE_DESCRIPTION("Input driver event char devices"); 1446MODULE_LICENSE("GPL");