1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32#include <linux/poll.h>
33#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/module.h>
36#include <linux/init.h>
37#include <linux/smp_lock.h>
38#include <linux/fs.h>
39#include <linux/miscdevice.h>
40#include <linux/uinput.h>
41#include "../input-compat.h"
42
43static int uinput_dev_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
44{
45 struct uinput_device *udev = input_get_drvdata(dev);
46
47 udev->buff[udev->head].type = type;
48 udev->buff[udev->head].code = code;
49 udev->buff[udev->head].value = value;
50 do_gettimeofday(&udev->buff[udev->head].time);
51 udev->head = (udev->head + 1) % UINPUT_BUFFER_SIZE;
52
53 wake_up_interruptible(&udev->waitq);
54
55 return 0;
56}
57
58
59static int uinput_request_alloc_id(struct uinput_device *udev, struct uinput_request *request)
60{
61 int id;
62 int err = -1;
63
64 spin_lock(&udev->requests_lock);
65
66 for (id = 0; id < UINPUT_NUM_REQUESTS; id++) {
67 if (!udev->requests[id]) {
68 request->id = id;
69 udev->requests[id] = request;
70 err = 0;
71 break;
72 }
73 }
74
75 spin_unlock(&udev->requests_lock);
76 return err;
77}
78
79static struct uinput_request *uinput_request_find(struct uinput_device *udev, int id)
80{
81
82 if (id >= UINPUT_NUM_REQUESTS || id < 0)
83 return NULL;
84
85 return udev->requests[id];
86}
87
88static inline int uinput_request_reserve_slot(struct uinput_device *udev, struct uinput_request *request)
89{
90
91 return wait_event_interruptible(udev->requests_waitq,
92 !uinput_request_alloc_id(udev, request));
93}
94
95static void uinput_request_done(struct uinput_device *udev, struct uinput_request *request)
96{
97
98 udev->requests[request->id] = NULL;
99 wake_up(&udev->requests_waitq);
100
101 complete(&request->done);
102}
103
104static int uinput_request_submit(struct uinput_device *udev, struct uinput_request *request)
105{
106 int retval;
107
108 retval = uinput_request_reserve_slot(udev, request);
109 if (retval)
110 return retval;
111
112 retval = mutex_lock_interruptible(&udev->mutex);
113 if (retval)
114 return retval;
115
116 if (udev->state != UIST_CREATED) {
117 retval = -ENODEV;
118 goto out;
119 }
120
121
122 uinput_dev_event(udev->dev, EV_UINPUT, request->code, request->id);
123
124 out:
125 mutex_unlock(&udev->mutex);
126 return retval;
127}
128
129
130
131
132
133static void uinput_flush_requests(struct uinput_device *udev)
134{
135 struct uinput_request *request;
136 int i;
137
138 spin_lock(&udev->requests_lock);
139
140 for (i = 0; i < UINPUT_NUM_REQUESTS; i++) {
141 request = udev->requests[i];
142 if (request) {
143 request->retval = -ENODEV;
144 uinput_request_done(udev, request);
145 }
146 }
147
148 spin_unlock(&udev->requests_lock);
149}
150
151static void uinput_dev_set_gain(struct input_dev *dev, u16 gain)
152{
153 uinput_dev_event(dev, EV_FF, FF_GAIN, gain);
154}
155
156static void uinput_dev_set_autocenter(struct input_dev *dev, u16 magnitude)
157{
158 uinput_dev_event(dev, EV_FF, FF_AUTOCENTER, magnitude);
159}
160
161static int uinput_dev_playback(struct input_dev *dev, int effect_id, int value)
162{
163 return uinput_dev_event(dev, EV_FF, effect_id, value);
164}
165
166static int uinput_dev_upload_effect(struct input_dev *dev, struct ff_effect *effect, struct ff_effect *old)
167{
168 struct uinput_device *udev = input_get_drvdata(dev);
169 struct uinput_request request;
170 int retval;
171
172
173
174
175
176
177
178
179 if (effect->type == FF_PERIODIC &&
180 effect->u.periodic.waveform == FF_CUSTOM)
181 return -EINVAL;
182
183 request.id = -1;
184 init_completion(&request.done);
185 request.code = UI_FF_UPLOAD;
186 request.u.upload.effect = effect;
187 request.u.upload.old = old;
188
189 retval = uinput_request_submit(udev, &request);
190 if (!retval) {
191 wait_for_completion(&request.done);
192 retval = request.retval;
193 }
194
195 return retval;
196}
197
198static int uinput_dev_erase_effect(struct input_dev *dev, int effect_id)
199{
200 struct uinput_device *udev = input_get_drvdata(dev);
201 struct uinput_request request;
202 int retval;
203
204 if (!test_bit(EV_FF, dev->evbit))
205 return -ENOSYS;
206
207 request.id = -1;
208 init_completion(&request.done);
209 request.code = UI_FF_ERASE;
210 request.u.effect_id = effect_id;
211
212 retval = uinput_request_submit(udev, &request);
213 if (!retval) {
214 wait_for_completion(&request.done);
215 retval = request.retval;
216 }
217
218 return retval;
219}
220
221static void uinput_destroy_device(struct uinput_device *udev)
222{
223 const char *name, *phys;
224 struct input_dev *dev = udev->dev;
225 enum uinput_state old_state = udev->state;
226
227 udev->state = UIST_NEW_DEVICE;
228
229 if (dev) {
230 name = dev->name;
231 phys = dev->phys;
232 if (old_state == UIST_CREATED) {
233 uinput_flush_requests(udev);
234 input_unregister_device(dev);
235 } else {
236 input_free_device(dev);
237 }
238 kfree(name);
239 kfree(phys);
240 udev->dev = NULL;
241 }
242}
243
244static int uinput_create_device(struct uinput_device *udev)
245{
246 struct input_dev *dev = udev->dev;
247 int error;
248
249 if (udev->state != UIST_SETUP_COMPLETE) {
250 printk(KERN_DEBUG "%s: write device info first\n", UINPUT_NAME);
251 return -EINVAL;
252 }
253
254 if (udev->ff_effects_max) {
255 error = input_ff_create(dev, udev->ff_effects_max);
256 if (error)
257 goto fail1;
258
259 dev->ff->upload = uinput_dev_upload_effect;
260 dev->ff->erase = uinput_dev_erase_effect;
261 dev->ff->playback = uinput_dev_playback;
262 dev->ff->set_gain = uinput_dev_set_gain;
263 dev->ff->set_autocenter = uinput_dev_set_autocenter;
264 }
265
266 error = input_register_device(udev->dev);
267 if (error)
268 goto fail2;
269
270 udev->state = UIST_CREATED;
271
272 return 0;
273
274 fail2: input_ff_destroy(dev);
275 fail1: uinput_destroy_device(udev);
276 return error;
277}
278
279static int uinput_open(struct inode *inode, struct file *file)
280{
281 struct uinput_device *newdev;
282
283 newdev = kzalloc(sizeof(struct uinput_device), GFP_KERNEL);
284 if (!newdev)
285 return -ENOMEM;
286
287 lock_kernel();
288 mutex_init(&newdev->mutex);
289 spin_lock_init(&newdev->requests_lock);
290 init_waitqueue_head(&newdev->requests_waitq);
291 init_waitqueue_head(&newdev->waitq);
292 newdev->state = UIST_NEW_DEVICE;
293
294 file->private_data = newdev;
295 unlock_kernel();
296
297 return 0;
298}
299
300static int uinput_validate_absbits(struct input_dev *dev)
301{
302 unsigned int cnt;
303 int retval = 0;
304
305 for (cnt = 0; cnt < ABS_MAX + 1; cnt++) {
306 if (!test_bit(cnt, dev->absbit))
307 continue;
308
309 if ((dev->absmax[cnt] <= dev->absmin[cnt])) {
310 printk(KERN_DEBUG
311 "%s: invalid abs[%02x] min:%d max:%d\n",
312 UINPUT_NAME, cnt,
313 dev->absmin[cnt], dev->absmax[cnt]);
314 retval = -EINVAL;
315 break;
316 }
317
318 if (dev->absflat[cnt] > (dev->absmax[cnt] - dev->absmin[cnt])) {
319 printk(KERN_DEBUG
320 "%s: absflat[%02x] out of range: %d "
321 "(min:%d/max:%d)\n",
322 UINPUT_NAME, cnt, dev->absflat[cnt],
323 dev->absmin[cnt], dev->absmax[cnt]);
324 retval = -EINVAL;
325 break;
326 }
327 }
328 return retval;
329}
330
331static int uinput_allocate_device(struct uinput_device *udev)
332{
333 udev->dev = input_allocate_device();
334 if (!udev->dev)
335 return -ENOMEM;
336
337 udev->dev->event = uinput_dev_event;
338 input_set_drvdata(udev->dev, udev);
339
340 return 0;
341}
342
343static int uinput_setup_device(struct uinput_device *udev, const char __user *buffer, size_t count)
344{
345 struct uinput_user_dev *user_dev;
346 struct input_dev *dev;
347 char *name;
348 int size;
349 int retval;
350
351 if (count != sizeof(struct uinput_user_dev))
352 return -EINVAL;
353
354 if (!udev->dev) {
355 retval = uinput_allocate_device(udev);
356 if (retval)
357 return retval;
358 }
359
360 dev = udev->dev;
361
362 user_dev = kmalloc(sizeof(struct uinput_user_dev), GFP_KERNEL);
363 if (!user_dev)
364 return -ENOMEM;
365
366 if (copy_from_user(user_dev, buffer, sizeof(struct uinput_user_dev))) {
367 retval = -EFAULT;
368 goto exit;
369 }
370
371 udev->ff_effects_max = user_dev->ff_effects_max;
372
373 size = strnlen(user_dev->name, UINPUT_MAX_NAME_SIZE) + 1;
374 if (!size) {
375 retval = -EINVAL;
376 goto exit;
377 }
378
379 kfree(dev->name);
380 dev->name = name = kmalloc(size, GFP_KERNEL);
381 if (!name) {
382 retval = -ENOMEM;
383 goto exit;
384 }
385 strlcpy(name, user_dev->name, size);
386
387 dev->id.bustype = user_dev->id.bustype;
388 dev->id.vendor = user_dev->id.vendor;
389 dev->id.product = user_dev->id.product;
390 dev->id.version = user_dev->id.version;
391
392 size = sizeof(int) * (ABS_MAX + 1);
393 memcpy(dev->absmax, user_dev->absmax, size);
394 memcpy(dev->absmin, user_dev->absmin, size);
395 memcpy(dev->absfuzz, user_dev->absfuzz, size);
396 memcpy(dev->absflat, user_dev->absflat, size);
397
398
399
400 if (test_bit(EV_ABS, dev->evbit)) {
401 retval = uinput_validate_absbits(dev);
402 if (retval < 0)
403 goto exit;
404 }
405
406 udev->state = UIST_SETUP_COMPLETE;
407 retval = count;
408
409 exit:
410 kfree(user_dev);
411 return retval;
412}
413
414static inline ssize_t uinput_inject_event(struct uinput_device *udev, const char __user *buffer, size_t count)
415{
416 struct input_event ev;
417
418 if (count < input_event_size())
419 return -EINVAL;
420
421 if (input_event_from_user(buffer, &ev))
422 return -EFAULT;
423
424 input_event(udev->dev, ev.type, ev.code, ev.value);
425
426 return input_event_size();
427}
428
429static ssize_t uinput_write(struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
430{
431 struct uinput_device *udev = file->private_data;
432 int retval;
433
434 retval = mutex_lock_interruptible(&udev->mutex);
435 if (retval)
436 return retval;
437
438 retval = udev->state == UIST_CREATED ?
439 uinput_inject_event(udev, buffer, count) :
440 uinput_setup_device(udev, buffer, count);
441
442 mutex_unlock(&udev->mutex);
443
444 return retval;
445}
446
447static ssize_t uinput_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos)
448{
449 struct uinput_device *udev = file->private_data;
450 int retval = 0;
451
452 if (udev->state != UIST_CREATED)
453 return -ENODEV;
454
455 if (udev->head == udev->tail && (file->f_flags & O_NONBLOCK))
456 return -EAGAIN;
457
458 retval = wait_event_interruptible(udev->waitq,
459 udev->head != udev->tail || udev->state != UIST_CREATED);
460 if (retval)
461 return retval;
462
463 retval = mutex_lock_interruptible(&udev->mutex);
464 if (retval)
465 return retval;
466
467 if (udev->state != UIST_CREATED) {
468 retval = -ENODEV;
469 goto out;
470 }
471
472 while (udev->head != udev->tail && retval + input_event_size() <= count) {
473 if (input_event_to_user(buffer + retval, &udev->buff[udev->tail])) {
474 retval = -EFAULT;
475 goto out;
476 }
477 udev->tail = (udev->tail + 1) % UINPUT_BUFFER_SIZE;
478 retval += input_event_size();
479 }
480
481 out:
482 mutex_unlock(&udev->mutex);
483
484 return retval;
485}
486
487static unsigned int uinput_poll(struct file *file, poll_table *wait)
488{
489 struct uinput_device *udev = file->private_data;
490
491 poll_wait(file, &udev->waitq, wait);
492
493 if (udev->head != udev->tail)
494 return POLLIN | POLLRDNORM;
495
496 return 0;
497}
498
499static int uinput_release(struct inode *inode, struct file *file)
500{
501 struct uinput_device *udev = file->private_data;
502
503 uinput_destroy_device(udev);
504 kfree(udev);
505
506 return 0;
507}
508
509#ifdef CONFIG_COMPAT
510struct uinput_ff_upload_compat {
511 int request_id;
512 int retval;
513 struct ff_effect_compat effect;
514 struct ff_effect_compat old;
515};
516
517static int uinput_ff_upload_to_user(char __user *buffer,
518 const struct uinput_ff_upload *ff_up)
519{
520 if (INPUT_COMPAT_TEST) {
521 struct uinput_ff_upload_compat ff_up_compat;
522
523 ff_up_compat.request_id = ff_up->request_id;
524 ff_up_compat.retval = ff_up->retval;
525
526
527
528
529
530
531 memcpy(&ff_up_compat.effect, &ff_up->effect,
532 sizeof(struct ff_effect_compat));
533 memcpy(&ff_up_compat.old, &ff_up->old,
534 sizeof(struct ff_effect_compat));
535
536 if (copy_to_user(buffer, &ff_up_compat,
537 sizeof(struct uinput_ff_upload_compat)))
538 return -EFAULT;
539 } else {
540 if (copy_to_user(buffer, ff_up,
541 sizeof(struct uinput_ff_upload)))
542 return -EFAULT;
543 }
544
545 return 0;
546}
547
548static int uinput_ff_upload_from_user(const char __user *buffer,
549 struct uinput_ff_upload *ff_up)
550{
551 if (INPUT_COMPAT_TEST) {
552 struct uinput_ff_upload_compat ff_up_compat;
553
554 if (copy_from_user(&ff_up_compat, buffer,
555 sizeof(struct uinput_ff_upload_compat)))
556 return -EFAULT;
557
558 ff_up->request_id = ff_up_compat.request_id;
559 ff_up->retval = ff_up_compat.retval;
560 memcpy(&ff_up->effect, &ff_up_compat.effect,
561 sizeof(struct ff_effect_compat));
562 memcpy(&ff_up->old, &ff_up_compat.old,
563 sizeof(struct ff_effect_compat));
564
565 } else {
566 if (copy_from_user(ff_up, buffer,
567 sizeof(struct uinput_ff_upload)))
568 return -EFAULT;
569 }
570
571 return 0;
572}
573
574#else
575
576static int uinput_ff_upload_to_user(char __user *buffer,
577 const struct uinput_ff_upload *ff_up)
578{
579 if (copy_to_user(buffer, ff_up, sizeof(struct uinput_ff_upload)))
580 return -EFAULT;
581
582 return 0;
583}
584
585static int uinput_ff_upload_from_user(const char __user *buffer,
586 struct uinput_ff_upload *ff_up)
587{
588 if (copy_from_user(ff_up, buffer, sizeof(struct uinput_ff_upload)))
589 return -EFAULT;
590
591 return 0;
592}
593
594#endif
595
596#define uinput_set_bit(_arg, _bit, _max) \
597({ \
598 int __ret = 0; \
599 if (udev->state == UIST_CREATED) \
600 __ret = -EINVAL; \
601 else if ((_arg) > (_max)) \
602 __ret = -EINVAL; \
603 else set_bit((_arg), udev->dev->_bit); \
604 __ret; \
605})
606
607static long uinput_ioctl_handler(struct file *file, unsigned int cmd,
608 unsigned long arg, void __user *p)
609{
610 int retval;
611 struct uinput_device *udev = file->private_data;
612 struct uinput_ff_upload ff_up;
613 struct uinput_ff_erase ff_erase;
614 struct uinput_request *req;
615 int length;
616 char *phys;
617
618 retval = mutex_lock_interruptible(&udev->mutex);
619 if (retval)
620 return retval;
621
622 if (!udev->dev) {
623 retval = uinput_allocate_device(udev);
624 if (retval)
625 goto out;
626 }
627
628 switch (cmd) {
629 case UI_DEV_CREATE:
630 retval = uinput_create_device(udev);
631 break;
632
633 case UI_DEV_DESTROY:
634 uinput_destroy_device(udev);
635 break;
636
637 case UI_SET_EVBIT:
638 retval = uinput_set_bit(arg, evbit, EV_MAX);
639 break;
640
641 case UI_SET_KEYBIT:
642 retval = uinput_set_bit(arg, keybit, KEY_MAX);
643 break;
644
645 case UI_SET_RELBIT:
646 retval = uinput_set_bit(arg, relbit, REL_MAX);
647 break;
648
649 case UI_SET_ABSBIT:
650 retval = uinput_set_bit(arg, absbit, ABS_MAX);
651 break;
652
653 case UI_SET_MSCBIT:
654 retval = uinput_set_bit(arg, mscbit, MSC_MAX);
655 break;
656
657 case UI_SET_LEDBIT:
658 retval = uinput_set_bit(arg, ledbit, LED_MAX);
659 break;
660
661 case UI_SET_SNDBIT:
662 retval = uinput_set_bit(arg, sndbit, SND_MAX);
663 break;
664
665 case UI_SET_FFBIT:
666 retval = uinput_set_bit(arg, ffbit, FF_MAX);
667 break;
668
669 case UI_SET_SWBIT:
670 retval = uinput_set_bit(arg, swbit, SW_MAX);
671 break;
672
673 case UI_SET_PHYS:
674 if (udev->state == UIST_CREATED) {
675 retval = -EINVAL;
676 goto out;
677 }
678 length = strnlen_user(p, 1024);
679 if (length <= 0) {
680 retval = -EFAULT;
681 break;
682 }
683 kfree(udev->dev->phys);
684 udev->dev->phys = phys = kmalloc(length, GFP_KERNEL);
685 if (!phys) {
686 retval = -ENOMEM;
687 break;
688 }
689 if (copy_from_user(phys, p, length)) {
690 udev->dev->phys = NULL;
691 kfree(phys);
692 retval = -EFAULT;
693 break;
694 }
695 phys[length - 1] = '\0';
696 break;
697
698 case UI_BEGIN_FF_UPLOAD:
699 retval = uinput_ff_upload_from_user(p, &ff_up);
700 if (retval)
701 break;
702
703 req = uinput_request_find(udev, ff_up.request_id);
704 if (!req || req->code != UI_FF_UPLOAD || !req->u.upload.effect) {
705 retval = -EINVAL;
706 break;
707 }
708
709 ff_up.retval = 0;
710 ff_up.effect = *req->u.upload.effect;
711 if (req->u.upload.old)
712 ff_up.old = *req->u.upload.old;
713 else
714 memset(&ff_up.old, 0, sizeof(struct ff_effect));
715
716 retval = uinput_ff_upload_to_user(p, &ff_up);
717 break;
718
719 case UI_BEGIN_FF_ERASE:
720 if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) {
721 retval = -EFAULT;
722 break;
723 }
724
725 req = uinput_request_find(udev, ff_erase.request_id);
726 if (!req || req->code != UI_FF_ERASE) {
727 retval = -EINVAL;
728 break;
729 }
730
731 ff_erase.retval = 0;
732 ff_erase.effect_id = req->u.effect_id;
733 if (copy_to_user(p, &ff_erase, sizeof(ff_erase))) {
734 retval = -EFAULT;
735 break;
736 }
737
738 break;
739
740 case UI_END_FF_UPLOAD:
741 retval = uinput_ff_upload_from_user(p, &ff_up);
742 if (retval)
743 break;
744
745 req = uinput_request_find(udev, ff_up.request_id);
746 if (!req || req->code != UI_FF_UPLOAD ||
747 !req->u.upload.effect) {
748 retval = -EINVAL;
749 break;
750 }
751
752 req->retval = ff_up.retval;
753 uinput_request_done(udev, req);
754 break;
755
756 case UI_END_FF_ERASE:
757 if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) {
758 retval = -EFAULT;
759 break;
760 }
761
762 req = uinput_request_find(udev, ff_erase.request_id);
763 if (!req || req->code != UI_FF_ERASE) {
764 retval = -EINVAL;
765 break;
766 }
767
768 req->retval = ff_erase.retval;
769 uinput_request_done(udev, req);
770 break;
771
772 default:
773 retval = -EINVAL;
774 }
775
776 out:
777 mutex_unlock(&udev->mutex);
778 return retval;
779}
780
781static long uinput_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
782{
783 return uinput_ioctl_handler(file, cmd, arg, (void __user *)arg);
784}
785
786#ifdef CONFIG_COMPAT
787static long uinput_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
788{
789 return uinput_ioctl_handler(file, cmd, arg, compat_ptr(arg));
790}
791#endif
792
793static const struct file_operations uinput_fops = {
794 .owner = THIS_MODULE,
795 .open = uinput_open,
796 .release = uinput_release,
797 .read = uinput_read,
798 .write = uinput_write,
799 .poll = uinput_poll,
800 .unlocked_ioctl = uinput_ioctl,
801#ifdef CONFIG_COMPAT
802 .compat_ioctl = uinput_compat_ioctl,
803#endif
804};
805
806static struct miscdevice uinput_misc = {
807 .fops = &uinput_fops,
808 .minor = UINPUT_MINOR,
809 .name = UINPUT_NAME,
810};
811
812static int __init uinput_init(void)
813{
814 return misc_register(&uinput_misc);
815}
816
817static void __exit uinput_exit(void)
818{
819 misc_deregister(&uinput_misc);
820}
821
822MODULE_AUTHOR("Aristeu Sergio Rozanski Filho");
823MODULE_DESCRIPTION("User level driver support for input subsystem");
824MODULE_LICENSE("GPL");
825MODULE_VERSION("0.3");
826
827module_init(uinput_init);
828module_exit(uinput_exit);
829
830
