linux/drivers/input/evdev.c
<<
>>
Prefs
   1/*
   2 * Event char devices, giving access to raw input device events.
   3 *
   4 * Copyright (c) 1999-2002 Vojtech Pavlik
   5 *
   6 * This program is free software; you can redistribute it and/or modify it
   7 * under the terms of the GNU General Public License version 2 as published by
   8 * the Free Software Foundation.
   9 */
  10
  11#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  12
  13#define EVDEV_MINOR_BASE        64
  14#define EVDEV_MINORS            32
  15#define EVDEV_MIN_BUFFER_SIZE   64U
  16#define EVDEV_BUF_PACKETS       8
  17
  18#include <linux/poll.h>
  19#include <linux/sched.h>
  20#include <linux/slab.h>
  21#include <linux/module.h>
  22#include <linux/init.h>
  23#include <linux/input/mt.h>
  24#include <linux/major.h>
  25#include <linux/device.h>
  26#include <linux/cdev.h>
  27#include "input-compat.h"
  28
  29struct evdev {
  30        int open;
  31        struct input_handle handle;
  32        wait_queue_head_t wait;
  33        struct evdev_client __rcu *grab;
  34        struct list_head client_list;
  35        spinlock_t client_lock; /* protects client_list */
  36        struct mutex mutex;
  37        struct device dev;
  38        struct cdev cdev;
  39        bool exist;
  40};
  41
  42struct evdev_client {
  43        unsigned int head;
  44        unsigned int tail;
  45        unsigned int packet_head; /* [future] position of the first element of next packet */
  46        spinlock_t buffer_lock; /* protects access to buffer, head and tail */
  47        struct fasync_struct *fasync;
  48        struct evdev *evdev;
  49        struct list_head node;
  50        int clkid;
  51        unsigned int bufsize;
  52        struct input_event buffer[];
  53};
  54
  55static void __pass_event(struct evdev_client *client,
  56                         const struct input_event *event)
  57{
  58        client->buffer[client->head++] = *event;
  59        client->head &= client->bufsize - 1;
  60
  61        if (unlikely(client->head == client->tail)) {
  62                /*
  63                 * This effectively "drops" all unconsumed events, leaving
  64                 * EV_SYN/SYN_DROPPED plus the newest event in the queue.
  65                 */
  66                client->tail = (client->head - 2) & (client->bufsize - 1);
  67
  68                client->buffer[client->tail].time = event->time;
  69                client->buffer[client->tail].type = EV_SYN;
  70                client->buffer[client->tail].code = SYN_DROPPED;
  71                client->buffer[client->tail].value = 0;
  72
  73                client->packet_head = client->tail;
  74        }
  75
  76        if (event->type == EV_SYN && event->code == SYN_REPORT) {
  77                client->packet_head = client->head;
  78                kill_fasync(&client->fasync, SIGIO, POLL_IN);
  79        }
  80}
  81
  82static void evdev_pass_values(struct evdev_client *client,
  83                        const struct input_value *vals, unsigned int count,
  84                        ktime_t mono, ktime_t real)
  85{
  86        struct evdev *evdev = client->evdev;
  87        const struct input_value *v;
  88        struct input_event event;
  89        bool wakeup = false;
  90
  91        event.time = ktime_to_timeval(client->clkid == CLOCK_MONOTONIC ?
  92                                      mono : real);
  93
  94        /* Interrupts are disabled, just acquire the lock. */
  95        spin_lock(&client->buffer_lock);
  96
  97        for (v = vals; v != vals + count; v++) {
  98                event.type = v->type;
  99                event.code = v->code;
 100                event.value = v->value;
 101                __pass_event(client, &event);
 102                if (v->type == EV_SYN && v->code == SYN_REPORT)
 103                        wakeup = true;
 104        }
 105
 106        spin_unlock(&client->buffer_lock);
 107
 108        if (wakeup)
 109                wake_up_interruptible(&evdev->wait);
 110}
 111
 112/*
 113 * Pass incoming events to all connected clients.
 114 */
 115static void evdev_events(struct input_handle *handle,
 116                         const struct input_value *vals, unsigned int count)
 117{
 118        struct evdev *evdev = handle->private;
 119        struct evdev_client *client;
 120        ktime_t time_mono, time_real;
 121
 122        time_mono = ktime_get();
 123        time_real = ktime_sub(time_mono, ktime_get_monotonic_offset());
 124
 125        rcu_read_lock();
 126
 127        client = rcu_dereference(evdev->grab);
 128
 129        if (client)
 130                evdev_pass_values(client, vals, count, time_mono, time_real);
 131        else
 132                list_for_each_entry_rcu(client, &evdev->client_list, node)
 133                        evdev_pass_values(client, vals, count,
 134                                          time_mono, time_real);
 135
 136        rcu_read_unlock();
 137}
 138
 139/*
 140 * Pass incoming event to all connected clients.
 141 */
 142static void evdev_event(struct input_handle *handle,
 143                        unsigned int type, unsigned int code, int value)
 144{
 145        struct input_value vals[] = { { type, code, value } };
 146
 147        evdev_events(handle, vals, 1);
 148}
 149
 150static int evdev_fasync(int fd, struct file *file, int on)
 151{
 152        struct evdev_client *client = file->private_data;
 153
 154        return fasync_helper(fd, file, on, &client->fasync);
 155}
 156
 157static int evdev_flush(struct file *file, fl_owner_t id)
 158{
 159        struct evdev_client *client = file->private_data;
 160        struct evdev *evdev = client->evdev;
 161        int retval;
 162
 163        retval = mutex_lock_interruptible(&evdev->mutex);
 164        if (retval)
 165                return retval;
 166
 167        if (!evdev->exist)
 168                retval = -ENODEV;
 169        else
 170                retval = input_flush_device(&evdev->handle, file);
 171
 172        mutex_unlock(&evdev->mutex);
 173        return retval;
 174}
 175
 176static void evdev_free(struct device *dev)
 177{
 178        struct evdev *evdev = container_of(dev, struct evdev, dev);
 179
 180        input_put_device(evdev->handle.dev);
 181        kfree(evdev);
 182}
 183
 184/*
 185 * Grabs an event device (along with underlying input device).
 186 * This function is called with evdev->mutex taken.
 187 */
 188static int evdev_grab(struct evdev *evdev, struct evdev_client *client)
 189{
 190        int error;
 191
 192        if (evdev->grab)
 193                return -EBUSY;
 194
 195        error = input_grab_device(&evdev->handle);
 196        if (error)
 197                return error;
 198
 199        rcu_assign_pointer(evdev->grab, client);
 200
 201        return 0;
 202}
 203
 204static int evdev_ungrab(struct evdev *evdev, struct evdev_client *client)
 205{
 206        struct evdev_client *grab = rcu_dereference_protected(evdev->grab,
 207                                        lockdep_is_held(&evdev->mutex));
 208
 209        if (grab != client)
 210                return  -EINVAL;
 211
 212        rcu_assign_pointer(evdev->grab, NULL);
 213        synchronize_rcu();
 214        input_release_device(&evdev->handle);
 215
 216        return 0;
 217}
 218
 219static void evdev_attach_client(struct evdev *evdev,
 220                                struct evdev_client *client)
 221{
 222        spin_lock(&evdev->client_lock);
 223        list_add_tail_rcu(&client->node, &evdev->client_list);
 224        spin_unlock(&evdev->client_lock);
 225}
 226
 227static void evdev_detach_client(struct evdev *evdev,
 228                                struct evdev_client *client)
 229{
 230        spin_lock(&evdev->client_lock);
 231        list_del_rcu(&client->node);
 232        spin_unlock(&evdev->client_lock);
 233        synchronize_rcu();
 234}
 235
 236static int evdev_open_device(struct evdev *evdev)
 237{
 238        int retval;
 239
 240        retval = mutex_lock_interruptible(&evdev->mutex);
 241        if (retval)
 242                return retval;
 243
 244        if (!evdev->exist)
 245                retval = -ENODEV;
 246        else if (!evdev->open++) {
 247                retval = input_open_device(&evdev->handle);
 248                if (retval)
 249                        evdev->open--;
 250        }
 251
 252        mutex_unlock(&evdev->mutex);
 253        return retval;
 254}
 255
 256static void evdev_close_device(struct evdev *evdev)
 257{
 258        mutex_lock(&evdev->mutex);
 259
 260        if (evdev->exist && !--evdev->open)
 261                input_close_device(&evdev->handle);
 262
 263        mutex_unlock(&evdev->mutex);
 264}
 265
 266/*
 267 * Wake up users waiting for IO so they can disconnect from
 268 * dead device.
 269 */
 270static void evdev_hangup(struct evdev *evdev)
 271{
 272        struct evdev_client *client;
 273
 274        spin_lock(&evdev->client_lock);
 275        list_for_each_entry(client, &evdev->client_list, node)
 276                kill_fasync(&client->fasync, SIGIO, POLL_HUP);
 277        spin_unlock(&evdev->client_lock);
 278
 279        wake_up_interruptible(&evdev->wait);
 280}
 281
 282static int evdev_release(struct inode *inode, struct file *file)
 283{
 284        struct evdev_client *client = file->private_data;
 285        struct evdev *evdev = client->evdev;
 286
 287        mutex_lock(&evdev->mutex);
 288        evdev_ungrab(evdev, client);
 289        mutex_unlock(&evdev->mutex);
 290
 291        evdev_detach_client(evdev, client);
 292        kfree(client);
 293
 294        evdev_close_device(evdev);
 295
 296        return 0;
 297}
 298
 299static unsigned int evdev_compute_buffer_size(struct input_dev *dev)
 300{
 301        unsigned int n_events =
 302                max(dev->hint_events_per_packet * EVDEV_BUF_PACKETS,
 303                    EVDEV_MIN_BUFFER_SIZE);
 304
 305        return roundup_pow_of_two(n_events);
 306}
 307
 308static int evdev_open(struct inode *inode, struct file *file)
 309{
 310        struct evdev *evdev = container_of(inode->i_cdev, struct evdev, cdev);
 311        unsigned int bufsize = evdev_compute_buffer_size(evdev->handle.dev);
 312        struct evdev_client *client;
 313        int error;
 314
 315        client = kzalloc(sizeof(struct evdev_client) +
 316                                bufsize * sizeof(struct input_event),
 317                         GFP_KERNEL);
 318        if (!client)
 319                return -ENOMEM;
 320
 321        client->bufsize = bufsize;
 322        spin_lock_init(&client->buffer_lock);
 323        client->evdev = evdev;
 324        evdev_attach_client(evdev, client);
 325
 326        error = evdev_open_device(evdev);
 327        if (error)
 328                goto err_free_client;
 329
 330        file->private_data = client;
 331        nonseekable_open(inode, file);
 332
 333        return 0;
 334
 335 err_free_client:
 336        evdev_detach_client(evdev, client);
 337        kfree(client);
 338        return error;
 339}
 340
 341static ssize_t evdev_write(struct file *file, const char __user *buffer,
 342                           size_t count, loff_t *ppos)
 343{
 344        struct evdev_client *client = file->private_data;
 345        struct evdev *evdev = client->evdev;
 346        struct input_event event;
 347        int retval = 0;
 348
 349        if (count != 0 && count < input_event_size())
 350                return -EINVAL;
 351
 352        retval = mutex_lock_interruptible(&evdev->mutex);
 353        if (retval)
 354                return retval;
 355
 356        if (!evdev->exist) {
 357                retval = -ENODEV;
 358                goto out;
 359        }
 360
 361        while (retval + input_event_size() <= count) {
 362
 363                if (input_event_from_user(buffer + retval, &event)) {
 364                        retval = -EFAULT;
 365                        goto out;
 366                }
 367                retval += input_event_size();
 368
 369                input_inject_event(&evdev->handle,
 370                                   event.type, event.code, event.value);
 371        }
 372
 373 out:
 374        mutex_unlock(&evdev->mutex);
 375        return retval;
 376}
 377
 378static int evdev_fetch_next_event(struct evdev_client *client,
 379                                  struct input_event *event)
 380{
 381        int have_event;
 382
 383        spin_lock_irq(&client->buffer_lock);
 384
 385        have_event = client->packet_head != client->tail;
 386        if (have_event) {
 387                *event = client->buffer[client->tail++];
 388                client->tail &= client->bufsize - 1;
 389        }
 390
 391        spin_unlock_irq(&client->buffer_lock);
 392
 393        return have_event;
 394}
 395
 396static ssize_t evdev_read(struct file *file, char __user *buffer,
 397                          size_t count, loff_t *ppos)
 398{
 399        struct evdev_client *client = file->private_data;
 400        struct evdev *evdev = client->evdev;
 401        struct input_event event;
 402        size_t read = 0;
 403        int error;
 404
 405        if (count != 0 && count < input_event_size())
 406                return -EINVAL;
 407
 408        for (;;) {
 409                if (!evdev->exist)
 410                        return -ENODEV;
 411
 412                if (client->packet_head == client->tail &&
 413                    (file->f_flags & O_NONBLOCK))
 414                        return -EAGAIN;
 415
 416                /*
 417                 * count == 0 is special - no IO is done but we check
 418                 * for error conditions (see above).
 419                 */
 420                if (count == 0)
 421                        break;
 422
 423                while (read + input_event_size() <= count &&
 424                       evdev_fetch_next_event(client, &event)) {
 425
 426                        if (input_event_to_user(buffer + read, &event))
 427                                return -EFAULT;
 428
 429                        read += input_event_size();
 430                }
 431
 432                if (read)
 433                        break;
 434
 435                if (!(file->f_flags & O_NONBLOCK)) {
 436                        error = wait_event_interruptible(evdev->wait,
 437                                        client->packet_head != client->tail ||
 438                                        !evdev->exist);
 439                        if (error)
 440                                return error;
 441                }
 442        }
 443
 444        return read;
 445}
 446
 447/* No kernel lock - fine */
 448static unsigned int evdev_poll(struct file *file, poll_table *wait)
 449{
 450        struct evdev_client *client = file->private_data;
 451        struct evdev *evdev = client->evdev;
 452        unsigned int mask;
 453
 454        poll_wait(file, &evdev->wait, wait);
 455
 456        mask = evdev->exist ? POLLOUT | POLLWRNORM : POLLHUP | POLLERR;
 457        if (client->packet_head != client->tail)
 458                mask |= POLLIN | POLLRDNORM;
 459
 460        return mask;
 461}
 462
 463#ifdef CONFIG_COMPAT
 464
 465#define BITS_PER_LONG_COMPAT (sizeof(compat_long_t) * 8)
 466#define BITS_TO_LONGS_COMPAT(x) ((((x) - 1) / BITS_PER_LONG_COMPAT) + 1)
 467
 468#ifdef __BIG_ENDIAN
 469static int bits_to_user(unsigned long *bits, unsigned int maxbit,
 470                        unsigned int maxlen, void __user *p, int compat)
 471{
 472        int len, i;
 473
 474        if (compat) {
 475                len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t);
 476                if (len > maxlen)
 477                        len = maxlen;
 478
 479                for (i = 0; i < len / sizeof(compat_long_t); i++)
 480                        if (copy_to_user((compat_long_t __user *) p + i,
 481                                         (compat_long_t *) bits +
 482                                                i + 1 - ((i % 2) << 1),
 483                                         sizeof(compat_long_t)))
 484                                return -EFAULT;
 485        } else {
 486                len = BITS_TO_LONGS(maxbit) * sizeof(long);
 487                if (len > maxlen)
 488                        len = maxlen;
 489
 490                if (copy_to_user(p, bits, len))
 491                        return -EFAULT;
 492        }
 493
 494        return len;
 495}
 496#else
 497static int bits_to_user(unsigned long *bits, unsigned int maxbit,
 498                        unsigned int maxlen, void __user *p, int compat)
 499{
 500        int len = compat ?
 501                        BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t) :
 502                        BITS_TO_LONGS(maxbit) * sizeof(long);
 503
 504        if (len > maxlen)
 505                len = maxlen;
 506
 507        return copy_to_user(p, bits, len) ? -EFAULT : len;
 508}
 509#endif /* __BIG_ENDIAN */
 510
 511#else
 512
 513static int bits_to_user(unsigned long *bits, unsigned int maxbit,
 514                        unsigned int maxlen, void __user *p, int compat)
 515{
 516        int len = BITS_TO_LONGS(maxbit) * sizeof(long);
 517
 518        if (len > maxlen)
 519                len = maxlen;
 520
 521        return copy_to_user(p, bits, len) ? -EFAULT : len;
 522}
 523
 524#endif /* CONFIG_COMPAT */
 525
 526static int str_to_user(const char *str, unsigned int maxlen, void __user *p)
 527{
 528        int len;
 529
 530        if (!str)
 531                return -ENOENT;
 532
 533        len = strlen(str) + 1;
 534        if (len > maxlen)
 535                len = maxlen;
 536
 537        return copy_to_user(p, str, len) ? -EFAULT : len;
 538}
 539
 540#define OLD_KEY_MAX     0x1ff
 541static int handle_eviocgbit(struct input_dev *dev,
 542                            unsigned int type, unsigned int size,
 543                            void __user *p, int compat_mode)
 544{
 545        static unsigned long keymax_warn_time;
 546        unsigned long *bits;
 547        int len;
 548
 549        switch (type) {
 550
 551        case      0: bits = dev->evbit;  len = EV_MAX;  break;
 552        case EV_KEY: bits = dev->keybit; len = KEY_MAX; break;
 553        case EV_REL: bits = dev->relbit; len = REL_MAX; break;
 554        case EV_ABS: bits = dev->absbit; len = ABS_MAX; break;
 555        case EV_MSC: bits = dev->mscbit; len = MSC_MAX; break;
 556        case EV_LED: bits = dev->ledbit; len = LED_MAX; break;
 557        case EV_SND: bits = dev->sndbit; len = SND_MAX; break;
 558        case EV_FF:  bits = dev->ffbit;  len = FF_MAX;  break;
 559        case EV_SW:  bits = dev->swbit;  len = SW_MAX;  break;
 560        default: return -EINVAL;
 561        }
 562
 563        /*
 564         * Work around bugs in userspace programs that like to do
 565         * EVIOCGBIT(EV_KEY, KEY_MAX) and not realize that 'len'
 566         * should be in bytes, not in bits.
 567         */
 568        if (type == EV_KEY && size == OLD_KEY_MAX) {
 569                len = OLD_KEY_MAX;
 570                if (printk_timed_ratelimit(&keymax_warn_time, 10 * 1000))
 571                        pr_warning("(EVIOCGBIT): Suspicious buffer size %u, "
 572                                   "limiting output to %zu bytes. See "
 573                                   "http://userweb.kernel.org/~dtor/eviocgbit-bug.html\n",
 574                                   OLD_KEY_MAX,
 575                                   BITS_TO_LONGS(OLD_KEY_MAX) * sizeof(long));
 576        }
 577
 578        return bits_to_user(bits, len, size, p, compat_mode);
 579}
 580#undef OLD_KEY_MAX
 581
 582static int evdev_handle_get_keycode(struct input_dev *dev, void __user *p)
 583{
 584        struct input_keymap_entry ke = {
 585                .len    = sizeof(unsigned int),
 586                .flags  = 0,
 587        };
 588        int __user *ip = (int __user *)p;
 589        int error;
 590
 591        /* legacy case */
 592        if (copy_from_user(ke.scancode, p, sizeof(unsigned int)))
 593                return -EFAULT;
 594
 595        error = input_get_keycode(dev, &ke);
 596        if (error)
 597                return error;
 598
 599        if (put_user(ke.keycode, ip + 1))
 600                return -EFAULT;
 601
 602        return 0;
 603}
 604
 605static int evdev_handle_get_keycode_v2(struct input_dev *dev, void __user *p)
 606{
 607        struct input_keymap_entry ke;
 608        int error;
 609
 610        if (copy_from_user(&ke, p, sizeof(ke)))
 611                return -EFAULT;
 612
 613        error = input_get_keycode(dev, &ke);
 614        if (error)
 615                return error;
 616
 617        if (copy_to_user(p, &ke, sizeof(ke)))
 618                return -EFAULT;
 619
 620        return 0;
 621}
 622
 623static int evdev_handle_set_keycode(struct input_dev *dev, void __user *p)
 624{
 625        struct input_keymap_entry ke = {
 626                .len    = sizeof(unsigned int),
 627                .flags  = 0,
 628        };
 629        int __user *ip = (int __user *)p;
 630
 631        if (copy_from_user(ke.scancode, p, sizeof(unsigned int)))
 632                return -EFAULT;
 633
 634        if (get_user(ke.keycode, ip + 1))
 635                return -EFAULT;
 636
 637        return input_set_keycode(dev, &ke);
 638}
 639
 640static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p)
 641{
 642        struct input_keymap_entry ke;
 643
 644        if (copy_from_user(&ke, p, sizeof(ke)))
 645                return -EFAULT;
 646
 647        if (ke.len > sizeof(ke.scancode))
 648                return -EINVAL;
 649
 650        return input_set_keycode(dev, &ke);
 651}
 652
 653static int evdev_handle_mt_request(struct input_dev *dev,
 654                                   unsigned int size,
 655                                   int __user *ip)
 656{
 657        const struct input_mt *mt = dev->mt;
 658        unsigned int code;
 659        int max_slots;
 660        int i;
 661
 662        if (get_user(code, &ip[0]))
 663                return -EFAULT;
 664        if (!mt || !input_is_mt_value(code))
 665                return -EINVAL;
 666
 667        max_slots = (size - sizeof(__u32)) / sizeof(__s32);
 668        for (i = 0; i < mt->num_slots && i < max_slots; i++) {
 669                int value = input_mt_get_value(&mt->slots[i], code);
 670                if (put_user(value, &ip[1 + i]))
 671                        return -EFAULT;
 672        }
 673
 674        return 0;
 675}
 676
 677static long evdev_do_ioctl(struct file *file, unsigned int cmd,
 678                           void __user *p, int compat_mode)
 679{
 680        struct evdev_client *client = file->private_data;
 681        struct evdev *evdev = client->evdev;
 682        struct input_dev *dev = evdev->handle.dev;
 683        struct input_absinfo abs;
 684        struct ff_effect effect;
 685        int __user *ip = (int __user *)p;
 686        unsigned int i, t, u, v;
 687        unsigned int size;
 688        int error;
 689
 690        /* First we check for fixed-length commands */
 691        switch (cmd) {
 692
 693        case EVIOCGVERSION:
 694                return put_user(EV_VERSION, ip);
 695
 696        case EVIOCGID:
 697                if (copy_to_user(p, &dev->id, sizeof(struct input_id)))
 698                        return -EFAULT;
 699                return 0;
 700
 701        case EVIOCGREP:
 702                if (!test_bit(EV_REP, dev->evbit))
 703                        return -ENOSYS;
 704                if (put_user(dev->rep[REP_DELAY], ip))
 705                        return -EFAULT;
 706                if (put_user(dev->rep[REP_PERIOD], ip + 1))
 707                        return -EFAULT;
 708                return 0;
 709
 710        case EVIOCSREP:
 711                if (!test_bit(EV_REP, dev->evbit))
 712                        return -ENOSYS;
 713                if (get_user(u, ip))
 714                        return -EFAULT;
 715                if (get_user(v, ip + 1))
 716                        return -EFAULT;
 717
 718                input_inject_event(&evdev->handle, EV_REP, REP_DELAY, u);
 719                input_inject_event(&evdev->handle, EV_REP, REP_PERIOD, v);
 720
 721                return 0;
 722
 723        case EVIOCRMFF:
 724                return input_ff_erase(dev, (int)(unsigned long) p, file);
 725
 726        case EVIOCGEFFECTS:
 727                i = test_bit(EV_FF, dev->evbit) ?
 728                                dev->ff->max_effects : 0;
 729                if (put_user(i, ip))
 730                        return -EFAULT;
 731                return 0;
 732
 733        case EVIOCGRAB:
 734                if (p)
 735                        return evdev_grab(evdev, client);
 736                else
 737                        return evdev_ungrab(evdev, client);
 738
 739        case EVIOCSCLOCKID:
 740                if (copy_from_user(&i, p, sizeof(unsigned int)))
 741                        return -EFAULT;
 742                if (i != CLOCK_MONOTONIC && i != CLOCK_REALTIME)
 743                        return -EINVAL;
 744                client->clkid = i;
 745                return 0;
 746
 747        case EVIOCGKEYCODE:
 748                return evdev_handle_get_keycode(dev, p);
 749
 750        case EVIOCSKEYCODE:
 751                return evdev_handle_set_keycode(dev, p);
 752
 753        case EVIOCGKEYCODE_V2:
 754                return evdev_handle_get_keycode_v2(dev, p);
 755
 756        case EVIOCSKEYCODE_V2:
 757                return evdev_handle_set_keycode_v2(dev, p);
 758        }
 759
 760        size = _IOC_SIZE(cmd);
 761
 762        /* Now check variable-length commands */
 763#define EVIOC_MASK_SIZE(nr)     ((nr) & ~(_IOC_SIZEMASK << _IOC_SIZESHIFT))
 764        switch (EVIOC_MASK_SIZE(cmd)) {
 765
 766        case EVIOCGPROP(0):
 767                return bits_to_user(dev->propbit, INPUT_PROP_MAX,
 768                                    size, p, compat_mode);
 769
 770        case EVIOCGMTSLOTS(0):
 771                return evdev_handle_mt_request(dev, size, ip);
 772
 773        case EVIOCGKEY(0):
 774                return bits_to_user(dev->key, KEY_MAX, size, p, compat_mode);
 775
 776        case EVIOCGLED(0):
 777                return bits_to_user(dev->led, LED_MAX, size, p, compat_mode);
 778
 779        case EVIOCGSND(0):
 780                return bits_to_user(dev->snd, SND_MAX, size, p, compat_mode);
 781
 782        case EVIOCGSW(0):
 783                return bits_to_user(dev->sw, SW_MAX, size, p, compat_mode);
 784
 785        case EVIOCGNAME(0):
 786                return str_to_user(dev->name, size, p);
 787
 788        case EVIOCGPHYS(0):
 789                return str_to_user(dev->phys, size, p);
 790
 791        case EVIOCGUNIQ(0):
 792                return str_to_user(dev->uniq, size, p);
 793
 794        case EVIOC_MASK_SIZE(EVIOCSFF):
 795                if (input_ff_effect_from_user(p, size, &effect))
 796                        return -EFAULT;
 797
 798                error = input_ff_upload(dev, &effect, file);
 799
 800                if (put_user(effect.id, &(((struct ff_effect __user *)p)->id)))
 801                        return -EFAULT;
 802
 803                return error;
 804        }
 805
 806        /* Multi-number variable-length handlers */
 807        if (_IOC_TYPE(cmd) != 'E')
 808                return -EINVAL;
 809
 810        if (_IOC_DIR(cmd) == _IOC_READ) {
 811
 812                if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0, 0)))
 813                        return handle_eviocgbit(dev,
 814                                                _IOC_NR(cmd) & EV_MAX, size,
 815                                                p, compat_mode);
 816
 817                if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) {
 818
 819                        if (!dev->absinfo)
 820                                return -EINVAL;
 821
 822                        t = _IOC_NR(cmd) & ABS_MAX;
 823                        abs = dev->absinfo[t];
 824
 825                        if (copy_to_user(p, &abs, min_t(size_t,
 826                                        size, sizeof(struct input_absinfo))))
 827                                return -EFAULT;
 828
 829                        return 0;
 830                }
 831        }
 832
 833        if (_IOC_DIR(cmd) == _IOC_WRITE) {
 834
 835                if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) {
 836
 837                        if (!dev->absinfo)
 838                                return -EINVAL;
 839
 840                        t = _IOC_NR(cmd) & ABS_MAX;
 841
 842                        if (copy_from_user(&abs, p, min_t(size_t,
 843                                        size, sizeof(struct input_absinfo))))
 844                                return -EFAULT;
 845
 846                        if (size < sizeof(struct input_absinfo))
 847                                abs.resolution = 0;
 848
 849                        /* We can't change number of reserved MT slots */
 850                        if (t == ABS_MT_SLOT)
 851                                return -EINVAL;
 852
 853                        /*
 854                         * Take event lock to ensure that we are not
 855                         * changing device parameters in the middle
 856                         * of event.
 857                         */
 858                        spin_lock_irq(&dev->event_lock);
 859                        dev->absinfo[t] = abs;
 860                        spin_unlock_irq(&dev->event_lock);
 861
 862                        return 0;
 863                }
 864        }
 865
 866        return -EINVAL;
 867}
 868
 869static long evdev_ioctl_handler(struct file *file, unsigned int cmd,
 870                                void __user *p, int compat_mode)
 871{
 872        struct evdev_client *client = file->private_data;
 873        struct evdev *evdev = client->evdev;
 874        int retval;
 875
 876        retval = mutex_lock_interruptible(&evdev->mutex);
 877        if (retval)
 878                return retval;
 879
 880        if (!evdev->exist) {
 881                retval = -ENODEV;
 882                goto out;
 883        }
 884
 885        retval = evdev_do_ioctl(file, cmd, p, compat_mode);
 886
 887 out:
 888        mutex_unlock(&evdev->mutex);
 889        return retval;
 890}
 891
 892static long evdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 893{
 894        return evdev_ioctl_handler(file, cmd, (void __user *)arg, 0);
 895}
 896
 897#ifdef CONFIG_COMPAT
 898static long evdev_ioctl_compat(struct file *file,
 899                                unsigned int cmd, unsigned long arg)
 900{
 901        return evdev_ioctl_handler(file, cmd, compat_ptr(arg), 1);
 902}
 903#endif
 904
 905static const struct file_operations evdev_fops = {
 906        .owner          = THIS_MODULE,
 907        .read           = evdev_read,
 908        .write          = evdev_write,
 909        .poll           = evdev_poll,
 910        .open           = evdev_open,
 911        .release        = evdev_release,
 912        .unlocked_ioctl = evdev_ioctl,
 913#ifdef CONFIG_COMPAT
 914        .compat_ioctl   = evdev_ioctl_compat,
 915#endif
 916        .fasync         = evdev_fasync,
 917        .flush          = evdev_flush,
 918        .llseek         = no_llseek,
 919};
 920
 921/*
 922 * Mark device non-existent. This disables writes, ioctls and
 923 * prevents new users from opening the device. Already posted
 924 * blocking reads will stay, however new ones will fail.
 925 */
 926static void evdev_mark_dead(struct evdev *evdev)
 927{
 928        mutex_lock(&evdev->mutex);
 929        evdev->exist = false;
 930        mutex_unlock(&evdev->mutex);
 931}
 932
 933static void evdev_cleanup(struct evdev *evdev)
 934{
 935        struct input_handle *handle = &evdev->handle;
 936
 937        evdev_mark_dead(evdev);
 938        evdev_hangup(evdev);
 939
 940        cdev_del(&evdev->cdev);
 941
 942        /* evdev is marked dead so no one else accesses evdev->open */
 943        if (evdev->open) {
 944                input_flush_device(handle, NULL);
 945                input_close_device(handle);
 946        }
 947}
 948
 949/*
 950 * Create new evdev device. Note that input core serializes calls
 951 * to connect and disconnect.
 952 */
 953static int evdev_connect(struct input_handler *handler, struct input_dev *dev,
 954                         const struct input_device_id *id)
 955{
 956        struct evdev *evdev;
 957        int minor;
 958        int dev_no;
 959        int error;
 960
 961        minor = input_get_new_minor(EVDEV_MINOR_BASE, EVDEV_MINORS, true);
 962        if (minor < 0) {
 963                error = minor;
 964                pr_err("failed to reserve new minor: %d\n", error);
 965                return error;
 966        }
 967
 968        evdev = kzalloc(sizeof(struct evdev), GFP_KERNEL);
 969        if (!evdev) {
 970                error = -ENOMEM;
 971                goto err_free_minor;
 972        }
 973
 974        INIT_LIST_HEAD(&evdev->client_list);
 975        spin_lock_init(&evdev->client_lock);
 976        mutex_init(&evdev->mutex);
 977        init_waitqueue_head(&evdev->wait);
 978        evdev->exist = true;
 979
 980        dev_no = minor;
 981        /* Normalize device number if it falls into legacy range */
 982        if (dev_no < EVDEV_MINOR_BASE + EVDEV_MINORS)
 983                dev_no -= EVDEV_MINOR_BASE;
 984        dev_set_name(&evdev->dev, "event%d", dev_no);
 985
 986        evdev->handle.dev = input_get_device(dev);
 987        evdev->handle.name = dev_name(&evdev->dev);
 988        evdev->handle.handler = handler;
 989        evdev->handle.private = evdev;
 990
 991        evdev->dev.devt = MKDEV(INPUT_MAJOR, minor);
 992        evdev->dev.class = &input_class;
 993        evdev->dev.parent = &dev->dev;
 994        evdev->dev.release = evdev_free;
 995        device_initialize(&evdev->dev);
 996
 997        error = input_register_handle(&evdev->handle);
 998        if (error)
 999                goto err_free_evdev;
1000
1001        cdev_init(&evdev->cdev, &evdev_fops);
1002        evdev->cdev.kobj.parent = &evdev->dev.kobj;
1003        error = cdev_add(&evdev->cdev, evdev->dev.devt, 1);
1004        if (error)
1005                goto err_unregister_handle;
1006
1007        error = device_add(&evdev->dev);
1008        if (error)
1009                goto err_cleanup_evdev;
1010
1011        return 0;
1012
1013 err_cleanup_evdev:
1014        evdev_cleanup(evdev);
1015 err_unregister_handle:
1016        input_unregister_handle(&evdev->handle);
1017 err_free_evdev:
1018        put_device(&evdev->dev);
1019 err_free_minor:
1020        input_free_minor(minor);
1021        return error;
1022}
1023
1024static void evdev_disconnect(struct input_handle *handle)
1025{
1026        struct evdev *evdev = handle->private;
1027
1028        device_del(&evdev->dev);
1029        evdev_cleanup(evdev);
1030        input_free_minor(MINOR(evdev->dev.devt));
1031        input_unregister_handle(handle);
1032        put_device(&evdev->dev);
1033}
1034
1035static const struct input_device_id evdev_ids[] = {
1036        { .driver_info = 1 },   /* Matches all devices */
1037        { },                    /* Terminating zero entry */
1038};
1039
1040MODULE_DEVICE_TABLE(input, evdev_ids);
1041
1042static struct input_handler evdev_handler = {
1043        .event          = evdev_event,
1044        .events         = evdev_events,
1045        .connect        = evdev_connect,
1046        .disconnect     = evdev_disconnect,
1047        .legacy_minors  = true,
1048        .minor          = EVDEV_MINOR_BASE,
1049        .name           = "evdev",
1050        .id_table       = evdev_ids,
1051};
1052
1053static int __init evdev_init(void)
1054{
1055        return input_register_handler(&evdev_handler);
1056}
1057
1058static void __exit evdev_exit(void)
1059{
1060        input_unregister_handler(&evdev_handler);
1061}
1062
1063module_init(evdev_init);
1064module_exit(evdev_exit);
1065
1066MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>");
1067MODULE_DESCRIPTION("Input driver event char devices");
1068MODULE_LICENSE("GPL");
1069