1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34#include <linux/poll.h>
35#include <linux/sched.h>
36#include <linux/slab.h>
37#include <linux/module.h>
38#include <linux/init.h>
39#include <linux/fs.h>
40#include <linux/miscdevice.h>
41#include <linux/uinput.h>
42#include <linux/input/mt.h>
43#include "../input-compat.h"
44
45static int uinput_dev_event(struct input_dev *dev,
46 unsigned int type, unsigned int code, int value)
47{
48 struct uinput_device *udev = input_get_drvdata(dev);
49
50 udev->buff[udev->head].type = type;
51 udev->buff[udev->head].code = code;
52 udev->buff[udev->head].value = value;
53 do_gettimeofday(&udev->buff[udev->head].time);
54 udev->head = (udev->head + 1) % UINPUT_BUFFER_SIZE;
55
56 wake_up_interruptible(&udev->waitq);
57
58 return 0;
59}
60
61
62static bool uinput_request_alloc_id(struct uinput_device *udev,
63 struct uinput_request *request)
64{
65 unsigned int id;
66 bool reserved = false;
67
68 spin_lock(&udev->requests_lock);
69
70 for (id = 0; id < UINPUT_NUM_REQUESTS; id++) {
71 if (!udev->requests[id]) {
72 request->id = id;
73 udev->requests[id] = request;
74 reserved = true;
75 break;
76 }
77 }
78
79 spin_unlock(&udev->requests_lock);
80 return reserved;
81}
82
83static struct uinput_request *uinput_request_find(struct uinput_device *udev,
84 unsigned int id)
85{
86
87 if (id >= UINPUT_NUM_REQUESTS)
88 return NULL;
89
90 return udev->requests[id];
91}
92
93static int uinput_request_reserve_slot(struct uinput_device *udev,
94 struct uinput_request *request)
95{
96
97 return wait_event_interruptible(udev->requests_waitq,
98 uinput_request_alloc_id(udev, request));
99}
100
101static void uinput_request_done(struct uinput_device *udev,
102 struct uinput_request *request)
103{
104
105 udev->requests[request->id] = NULL;
106 wake_up(&udev->requests_waitq);
107
108 complete(&request->done);
109}
110
111static int uinput_request_send(struct uinput_device *udev,
112 struct uinput_request *request)
113{
114 int retval;
115
116 retval = mutex_lock_interruptible(&udev->mutex);
117 if (retval)
118 return retval;
119
120 if (udev->state != UIST_CREATED) {
121 retval = -ENODEV;
122 goto out;
123 }
124
125 init_completion(&request->done);
126
127
128
129
130
131 uinput_dev_event(udev->dev, EV_UINPUT, request->code, request->id);
132
133 out:
134 mutex_unlock(&udev->mutex);
135 return retval;
136}
137
138static int uinput_request_submit(struct uinput_device *udev,
139 struct uinput_request *request)
140{
141 int error;
142
143 error = uinput_request_reserve_slot(udev, request);
144 if (error)
145 return error;
146
147 error = uinput_request_send(udev, request);
148 if (error) {
149 uinput_request_done(udev, request);
150 return error;
151 }
152
153 wait_for_completion(&request->done);
154 return request->retval;
155}
156
157
158
159
160
161static void uinput_flush_requests(struct uinput_device *udev)
162{
163 struct uinput_request *request;
164 int i;
165
166 spin_lock(&udev->requests_lock);
167
168 for (i = 0; i < UINPUT_NUM_REQUESTS; i++) {
169 request = udev->requests[i];
170 if (request) {
171 request->retval = -ENODEV;
172 uinput_request_done(udev, request);
173 }
174 }
175
176 spin_unlock(&udev->requests_lock);
177}
178
179static void uinput_dev_set_gain(struct input_dev *dev, u16 gain)
180{
181 uinput_dev_event(dev, EV_FF, FF_GAIN, gain);
182}
183
184static void uinput_dev_set_autocenter(struct input_dev *dev, u16 magnitude)
185{
186 uinput_dev_event(dev, EV_FF, FF_AUTOCENTER, magnitude);
187}
188
189static int uinput_dev_playback(struct input_dev *dev, int effect_id, int value)
190{
191 return uinput_dev_event(dev, EV_FF, effect_id, value);
192}
193
194static int uinput_dev_upload_effect(struct input_dev *dev,
195 struct ff_effect *effect,
196 struct ff_effect *old)
197{
198 struct uinput_device *udev = input_get_drvdata(dev);
199 struct uinput_request request;
200
201
202
203
204
205
206
207
208 if (effect->type == FF_PERIODIC &&
209 effect->u.periodic.waveform == FF_CUSTOM)
210 return -EINVAL;
211
212 request.code = UI_FF_UPLOAD;
213 request.u.upload.effect = effect;
214 request.u.upload.old = old;
215
216 return uinput_request_submit(udev, &request);
217}
218
219static int uinput_dev_erase_effect(struct input_dev *dev, int effect_id)
220{
221 struct uinput_device *udev = input_get_drvdata(dev);
222 struct uinput_request request;
223
224 if (!test_bit(EV_FF, dev->evbit))
225 return -ENOSYS;
226
227 request.code = UI_FF_ERASE;
228 request.u.effect_id = effect_id;
229
230 return uinput_request_submit(udev, &request);
231}
232
233static void uinput_destroy_device(struct uinput_device *udev)
234{
235 const char *name, *phys;
236 struct input_dev *dev = udev->dev;
237 enum uinput_state old_state = udev->state;
238
239 udev->state = UIST_NEW_DEVICE;
240
241 if (dev) {
242 name = dev->name;
243 phys = dev->phys;
244 if (old_state == UIST_CREATED) {
245 uinput_flush_requests(udev);
246 input_unregister_device(dev);
247 } else {
248 input_free_device(dev);
249 }
250 kfree(name);
251 kfree(phys);
252 udev->dev = NULL;
253 }
254}
255
256static int uinput_create_device(struct uinput_device *udev)
257{
258 struct input_dev *dev = udev->dev;
259 int error, nslot;
260
261 if (udev->state != UIST_SETUP_COMPLETE) {
262 printk(KERN_DEBUG "%s: write device info first\n", UINPUT_NAME);
263 return -EINVAL;
264 }
265
266 if (test_bit(ABS_MT_SLOT, dev->absbit)) {
267 nslot = input_abs_get_max(dev, ABS_MT_SLOT) + 1;
268 error = input_mt_init_slots(dev, nslot, 0);
269 if (error)
270 goto fail1;
271 } else if (test_bit(ABS_MT_POSITION_X, dev->absbit)) {
272 input_set_events_per_packet(dev, 60);
273 }
274
275 if (test_bit(EV_FF, dev->evbit) && !udev->ff_effects_max) {
276 printk(KERN_DEBUG "%s: ff_effects_max should be non-zero when FF_BIT is set\n",
277 UINPUT_NAME);
278 error = -EINVAL;
279 goto fail1;
280 }
281
282 if (udev->ff_effects_max) {
283 error = input_ff_create(dev, udev->ff_effects_max);
284 if (error)
285 goto fail1;
286
287 dev->ff->upload = uinput_dev_upload_effect;
288 dev->ff->erase = uinput_dev_erase_effect;
289 dev->ff->playback = uinput_dev_playback;
290 dev->ff->set_gain = uinput_dev_set_gain;
291 dev->ff->set_autocenter = uinput_dev_set_autocenter;
292 }
293
294 error = input_register_device(udev->dev);
295 if (error)
296 goto fail2;
297
298 udev->state = UIST_CREATED;
299
300 return 0;
301
302 fail2: input_ff_destroy(dev);
303 fail1: uinput_destroy_device(udev);
304 return error;
305}
306
307static int uinput_open(struct inode *inode, struct file *file)
308{
309 struct uinput_device *newdev;
310
311 newdev = kzalloc(sizeof(struct uinput_device), GFP_KERNEL);
312 if (!newdev)
313 return -ENOMEM;
314
315 mutex_init(&newdev->mutex);
316 spin_lock_init(&newdev->requests_lock);
317 init_waitqueue_head(&newdev->requests_waitq);
318 init_waitqueue_head(&newdev->waitq);
319 newdev->state = UIST_NEW_DEVICE;
320
321 file->private_data = newdev;
322 nonseekable_open(inode, file);
323
324 return 0;
325}
326
327static int uinput_validate_absinfo(struct input_dev *dev, unsigned int code,
328 const struct input_absinfo *abs)
329{
330 int min, max;
331
332 min = abs->minimum;
333 max = abs->maximum;
334
335 if ((min != 0 || max != 0) && max <= min) {
336 printk(KERN_DEBUG
337 "%s: invalid abs[%02x] min:%d max:%d\n",
338 UINPUT_NAME, code, min, max);
339 return -EINVAL;
340 }
341
342 if (abs->flat > max - min) {
343 printk(KERN_DEBUG
344 "%s: abs_flat #%02x out of range: %d (min:%d/max:%d)\n",
345 UINPUT_NAME, code, abs->flat, min, max);
346 return -EINVAL;
347 }
348
349 return 0;
350}
351
352static int uinput_validate_absbits(struct input_dev *dev)
353{
354 unsigned int cnt;
355 int error;
356
357 if (!test_bit(EV_ABS, dev->evbit))
358 return 0;
359
360
361
362
363
364 for_each_set_bit(cnt, dev->absbit, ABS_CNT) {
365 if (!dev->absinfo)
366 return -EINVAL;
367
368 error = uinput_validate_absinfo(dev, cnt, &dev->absinfo[cnt]);
369 if (error)
370 return error;
371 }
372
373 return 0;
374}
375
376static int uinput_allocate_device(struct uinput_device *udev)
377{
378 udev->dev = input_allocate_device();
379 if (!udev->dev)
380 return -ENOMEM;
381
382 udev->dev->event = uinput_dev_event;
383 input_set_drvdata(udev->dev, udev);
384
385 return 0;
386}
387
388static int uinput_dev_setup(struct uinput_device *udev,
389 struct uinput_setup __user *arg)
390{
391 struct uinput_setup setup;
392 struct input_dev *dev;
393
394 if (udev->state == UIST_CREATED)
395 return -EINVAL;
396
397 if (copy_from_user(&setup, arg, sizeof(setup)))
398 return -EFAULT;
399
400 if (!setup.name[0])
401 return -EINVAL;
402
403 dev = udev->dev;
404 dev->id = setup.id;
405 udev->ff_effects_max = setup.ff_effects_max;
406
407 kfree(dev->name);
408 dev->name = kstrndup(setup.name, UINPUT_MAX_NAME_SIZE, GFP_KERNEL);
409 if (!dev->name)
410 return -ENOMEM;
411
412 udev->state = UIST_SETUP_COMPLETE;
413 return 0;
414}
415
416static int uinput_abs_setup(struct uinput_device *udev,
417 struct uinput_setup __user *arg, size_t size)
418{
419 struct uinput_abs_setup setup = {};
420 struct input_dev *dev;
421 int error;
422
423 if (size > sizeof(setup))
424 return -E2BIG;
425
426 if (udev->state == UIST_CREATED)
427 return -EINVAL;
428
429 if (copy_from_user(&setup, arg, size))
430 return -EFAULT;
431
432 if (setup.code > ABS_MAX)
433 return -ERANGE;
434
435 dev = udev->dev;
436
437 error = uinput_validate_absinfo(dev, setup.code, &setup.absinfo);
438 if (error)
439 return error;
440
441 input_alloc_absinfo(dev);
442 if (!dev->absinfo)
443 return -ENOMEM;
444
445 set_bit(setup.code, dev->absbit);
446 dev->absinfo[setup.code] = setup.absinfo;
447 return 0;
448}
449
450
451static int uinput_setup_device_legacy(struct uinput_device *udev,
452 const char __user *buffer, size_t count)
453{
454 struct uinput_user_dev *user_dev;
455 struct input_dev *dev;
456 int i;
457 int retval;
458
459 if (count != sizeof(struct uinput_user_dev))
460 return -EINVAL;
461
462 if (!udev->dev) {
463 retval = uinput_allocate_device(udev);
464 if (retval)
465 return retval;
466 }
467
468 dev = udev->dev;
469
470 user_dev = memdup_user(buffer, sizeof(struct uinput_user_dev));
471 if (IS_ERR(user_dev))
472 return PTR_ERR(user_dev);
473
474 udev->ff_effects_max = user_dev->ff_effects_max;
475
476
477 if (!user_dev->name[0]) {
478 retval = -EINVAL;
479 goto exit;
480 }
481
482 kfree(dev->name);
483 dev->name = kstrndup(user_dev->name, UINPUT_MAX_NAME_SIZE,
484 GFP_KERNEL);
485 if (!dev->name) {
486 retval = -ENOMEM;
487 goto exit;
488 }
489
490 dev->id.bustype = user_dev->id.bustype;
491 dev->id.vendor = user_dev->id.vendor;
492 dev->id.product = user_dev->id.product;
493 dev->id.version = user_dev->id.version;
494
495 for (i = 0; i < ABS_CNT; i++) {
496 input_abs_set_max(dev, i, user_dev->absmax[i]);
497 input_abs_set_min(dev, i, user_dev->absmin[i]);
498 input_abs_set_fuzz(dev, i, user_dev->absfuzz[i]);
499 input_abs_set_flat(dev, i, user_dev->absflat[i]);
500 }
501
502 retval = uinput_validate_absbits(dev);
503 if (retval < 0)
504 goto exit;
505
506 udev->state = UIST_SETUP_COMPLETE;
507 retval = count;
508
509 exit:
510 kfree(user_dev);
511 return retval;
512}
513
514static ssize_t uinput_inject_events(struct uinput_device *udev,
515 const char __user *buffer, size_t count)
516{
517 struct input_event ev;
518 size_t bytes = 0;
519
520 if (count != 0 && count < input_event_size())
521 return -EINVAL;
522
523 while (bytes + input_event_size() <= count) {
524
525
526
527
528
529
530 if (input_event_from_user(buffer + bytes, &ev))
531 return -EFAULT;
532
533 input_event(udev->dev, ev.type, ev.code, ev.value);
534 bytes += input_event_size();
535 }
536
537 return bytes;
538}
539
540static ssize_t uinput_write(struct file *file, const char __user *buffer,
541 size_t count, loff_t *ppos)
542{
543 struct uinput_device *udev = file->private_data;
544 int retval;
545
546 if (count == 0)
547 return 0;
548
549 retval = mutex_lock_interruptible(&udev->mutex);
550 if (retval)
551 return retval;
552
553 retval = udev->state == UIST_CREATED ?
554 uinput_inject_events(udev, buffer, count) :
555 uinput_setup_device_legacy(udev, buffer, count);
556
557 mutex_unlock(&udev->mutex);
558
559 return retval;
560}
561
562static bool uinput_fetch_next_event(struct uinput_device *udev,
563 struct input_event *event)
564{
565 bool have_event;
566
567 spin_lock_irq(&udev->dev->event_lock);
568
569 have_event = udev->head != udev->tail;
570 if (have_event) {
571 *event = udev->buff[udev->tail];
572 udev->tail = (udev->tail + 1) % UINPUT_BUFFER_SIZE;
573 }
574
575 spin_unlock_irq(&udev->dev->event_lock);
576
577 return have_event;
578}
579
580static ssize_t uinput_events_to_user(struct uinput_device *udev,
581 char __user *buffer, size_t count)
582{
583 struct input_event event;
584 size_t read = 0;
585
586 while (read + input_event_size() <= count &&
587 uinput_fetch_next_event(udev, &event)) {
588
589 if (input_event_to_user(buffer + read, &event))
590 return -EFAULT;
591
592 read += input_event_size();
593 }
594
595 return read;
596}
597
598static ssize_t uinput_read(struct file *file, char __user *buffer,
599 size_t count, loff_t *ppos)
600{
601 struct uinput_device *udev = file->private_data;
602 ssize_t retval;
603
604 if (count != 0 && count < input_event_size())
605 return -EINVAL;
606
607 do {
608 retval = mutex_lock_interruptible(&udev->mutex);
609 if (retval)
610 return retval;
611
612 if (udev->state != UIST_CREATED)
613 retval = -ENODEV;
614 else if (udev->head == udev->tail &&
615 (file->f_flags & O_NONBLOCK))
616 retval = -EAGAIN;
617 else
618 retval = uinput_events_to_user(udev, buffer, count);
619
620 mutex_unlock(&udev->mutex);
621
622 if (retval || count == 0)
623 break;
624
625 if (!(file->f_flags & O_NONBLOCK))
626 retval = wait_event_interruptible(udev->waitq,
627 udev->head != udev->tail ||
628 udev->state != UIST_CREATED);
629 } while (retval == 0);
630
631 return retval;
632}
633
634static unsigned int uinput_poll(struct file *file, poll_table *wait)
635{
636 struct uinput_device *udev = file->private_data;
637
638 poll_wait(file, &udev->waitq, wait);
639
640 if (udev->head != udev->tail)
641 return POLLIN | POLLRDNORM;
642
643 return 0;
644}
645
646static int uinput_release(struct inode *inode, struct file *file)
647{
648 struct uinput_device *udev = file->private_data;
649
650 uinput_destroy_device(udev);
651 kfree(udev);
652
653 return 0;
654}
655
656#ifdef CONFIG_COMPAT
657struct uinput_ff_upload_compat {
658 __u32 request_id;
659 __s32 retval;
660 struct ff_effect_compat effect;
661 struct ff_effect_compat old;
662};
663
664static int uinput_ff_upload_to_user(char __user *buffer,
665 const struct uinput_ff_upload *ff_up)
666{
667 if (in_compat_syscall()) {
668 struct uinput_ff_upload_compat ff_up_compat;
669
670 ff_up_compat.request_id = ff_up->request_id;
671 ff_up_compat.retval = ff_up->retval;
672
673
674
675
676
677
678 memcpy(&ff_up_compat.effect, &ff_up->effect,
679 sizeof(struct ff_effect_compat));
680 memcpy(&ff_up_compat.old, &ff_up->old,
681 sizeof(struct ff_effect_compat));
682
683 if (copy_to_user(buffer, &ff_up_compat,
684 sizeof(struct uinput_ff_upload_compat)))
685 return -EFAULT;
686 } else {
687 if (copy_to_user(buffer, ff_up,
688 sizeof(struct uinput_ff_upload)))
689 return -EFAULT;
690 }
691
692 return 0;
693}
694
695static int uinput_ff_upload_from_user(const char __user *buffer,
696 struct uinput_ff_upload *ff_up)
697{
698 if (in_compat_syscall()) {
699 struct uinput_ff_upload_compat ff_up_compat;
700
701 if (copy_from_user(&ff_up_compat, buffer,
702 sizeof(struct uinput_ff_upload_compat)))
703 return -EFAULT;
704
705 ff_up->request_id = ff_up_compat.request_id;
706 ff_up->retval = ff_up_compat.retval;
707 memcpy(&ff_up->effect, &ff_up_compat.effect,
708 sizeof(struct ff_effect_compat));
709 memcpy(&ff_up->old, &ff_up_compat.old,
710 sizeof(struct ff_effect_compat));
711
712 } else {
713 if (copy_from_user(ff_up, buffer,
714 sizeof(struct uinput_ff_upload)))
715 return -EFAULT;
716 }
717
718 return 0;
719}
720
721#else
722
723static int uinput_ff_upload_to_user(char __user *buffer,
724 const struct uinput_ff_upload *ff_up)
725{
726 if (copy_to_user(buffer, ff_up, sizeof(struct uinput_ff_upload)))
727 return -EFAULT;
728
729 return 0;
730}
731
732static int uinput_ff_upload_from_user(const char __user *buffer,
733 struct uinput_ff_upload *ff_up)
734{
735 if (copy_from_user(ff_up, buffer, sizeof(struct uinput_ff_upload)))
736 return -EFAULT;
737
738 return 0;
739}
740
741#endif
742
743#define uinput_set_bit(_arg, _bit, _max) \
744({ \
745 int __ret = 0; \
746 if (udev->state == UIST_CREATED) \
747 __ret = -EINVAL; \
748 else if ((_arg) > (_max)) \
749 __ret = -EINVAL; \
750 else set_bit((_arg), udev->dev->_bit); \
751 __ret; \
752})
753
754static int uinput_str_to_user(void __user *dest, const char *str,
755 unsigned int maxlen)
756{
757 char __user *p = dest;
758 int len, ret;
759
760 if (!str)
761 return -ENOENT;
762
763 if (maxlen == 0)
764 return -EINVAL;
765
766 len = strlen(str) + 1;
767 if (len > maxlen)
768 len = maxlen;
769
770 ret = copy_to_user(p, str, len);
771 if (ret)
772 return -EFAULT;
773
774
775 ret = put_user(0, p + len - 1);
776 return ret ? -EFAULT : len;
777}
778
779static long uinput_ioctl_handler(struct file *file, unsigned int cmd,
780 unsigned long arg, void __user *p)
781{
782 int retval;
783 struct uinput_device *udev = file->private_data;
784 struct uinput_ff_upload ff_up;
785 struct uinput_ff_erase ff_erase;
786 struct uinput_request *req;
787 char *phys;
788 const char *name;
789 unsigned int size;
790
791 retval = mutex_lock_interruptible(&udev->mutex);
792 if (retval)
793 return retval;
794
795 if (!udev->dev) {
796 retval = uinput_allocate_device(udev);
797 if (retval)
798 goto out;
799 }
800
801 switch (cmd) {
802 case UI_GET_VERSION:
803 if (put_user(UINPUT_VERSION,
804 (unsigned int __user *)p))
805 retval = -EFAULT;
806 goto out;
807
808 case UI_DEV_CREATE:
809 retval = uinput_create_device(udev);
810 goto out;
811
812 case UI_DEV_DESTROY:
813 uinput_destroy_device(udev);
814 goto out;
815
816 case UI_DEV_SETUP:
817 retval = uinput_dev_setup(udev, p);
818 goto out;
819
820
821
822 case UI_SET_EVBIT:
823 retval = uinput_set_bit(arg, evbit, EV_MAX);
824 goto out;
825
826 case UI_SET_KEYBIT:
827 retval = uinput_set_bit(arg, keybit, KEY_MAX);
828 goto out;
829
830 case UI_SET_RELBIT:
831 retval = uinput_set_bit(arg, relbit, REL_MAX);
832 goto out;
833
834 case UI_SET_ABSBIT:
835 retval = uinput_set_bit(arg, absbit, ABS_MAX);
836 goto out;
837
838 case UI_SET_MSCBIT:
839 retval = uinput_set_bit(arg, mscbit, MSC_MAX);
840 goto out;
841
842 case UI_SET_LEDBIT:
843 retval = uinput_set_bit(arg, ledbit, LED_MAX);
844 goto out;
845
846 case UI_SET_SNDBIT:
847 retval = uinput_set_bit(arg, sndbit, SND_MAX);
848 goto out;
849
850 case UI_SET_FFBIT:
851 retval = uinput_set_bit(arg, ffbit, FF_MAX);
852 goto out;
853
854 case UI_SET_SWBIT:
855 retval = uinput_set_bit(arg, swbit, SW_MAX);
856 goto out;
857
858 case UI_SET_PROPBIT:
859 retval = uinput_set_bit(arg, propbit, INPUT_PROP_MAX);
860 goto out;
861
862 case UI_SET_PHYS:
863 if (udev->state == UIST_CREATED) {
864 retval = -EINVAL;
865 goto out;
866 }
867
868 phys = strndup_user(p, 1024);
869 if (IS_ERR(phys)) {
870 retval = PTR_ERR(phys);
871 goto out;
872 }
873
874 kfree(udev->dev->phys);
875 udev->dev->phys = phys;
876 goto out;
877
878 case UI_BEGIN_FF_UPLOAD:
879 retval = uinput_ff_upload_from_user(p, &ff_up);
880 if (retval)
881 goto out;
882
883 req = uinput_request_find(udev, ff_up.request_id);
884 if (!req || req->code != UI_FF_UPLOAD ||
885 !req->u.upload.effect) {
886 retval = -EINVAL;
887 goto out;
888 }
889
890 ff_up.retval = 0;
891 ff_up.effect = *req->u.upload.effect;
892 if (req->u.upload.old)
893 ff_up.old = *req->u.upload.old;
894 else
895 memset(&ff_up.old, 0, sizeof(struct ff_effect));
896
897 retval = uinput_ff_upload_to_user(p, &ff_up);
898 goto out;
899
900 case UI_BEGIN_FF_ERASE:
901 if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) {
902 retval = -EFAULT;
903 goto out;
904 }
905
906 req = uinput_request_find(udev, ff_erase.request_id);
907 if (!req || req->code != UI_FF_ERASE) {
908 retval = -EINVAL;
909 goto out;
910 }
911
912 ff_erase.retval = 0;
913 ff_erase.effect_id = req->u.effect_id;
914 if (copy_to_user(p, &ff_erase, sizeof(ff_erase))) {
915 retval = -EFAULT;
916 goto out;
917 }
918
919 goto out;
920
921 case UI_END_FF_UPLOAD:
922 retval = uinput_ff_upload_from_user(p, &ff_up);
923 if (retval)
924 goto out;
925
926 req = uinput_request_find(udev, ff_up.request_id);
927 if (!req || req->code != UI_FF_UPLOAD ||
928 !req->u.upload.effect) {
929 retval = -EINVAL;
930 goto out;
931 }
932
933 req->retval = ff_up.retval;
934 uinput_request_done(udev, req);
935 goto out;
936
937 case UI_END_FF_ERASE:
938 if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) {
939 retval = -EFAULT;
940 goto out;
941 }
942
943 req = uinput_request_find(udev, ff_erase.request_id);
944 if (!req || req->code != UI_FF_ERASE) {
945 retval = -EINVAL;
946 goto out;
947 }
948
949 req->retval = ff_erase.retval;
950 uinput_request_done(udev, req);
951 goto out;
952 }
953
954 size = _IOC_SIZE(cmd);
955
956
957 switch (cmd & ~IOCSIZE_MASK) {
958 case UI_GET_SYSNAME(0):
959 if (udev->state != UIST_CREATED) {
960 retval = -ENOENT;
961 goto out;
962 }
963 name = dev_name(&udev->dev->dev);
964 retval = uinput_str_to_user(p, name, size);
965 goto out;
966
967 case UI_ABS_SETUP & ~IOCSIZE_MASK:
968 retval = uinput_abs_setup(udev, p, size);
969 goto out;
970 }
971
972 retval = -EINVAL;
973 out:
974 mutex_unlock(&udev->mutex);
975 return retval;
976}
977
978static long uinput_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
979{
980 return uinput_ioctl_handler(file, cmd, arg, (void __user *)arg);
981}
982
983#ifdef CONFIG_COMPAT
984
985#define UI_SET_PHYS_COMPAT _IOW(UINPUT_IOCTL_BASE, 108, compat_uptr_t)
986
987static long uinput_compat_ioctl(struct file *file,
988 unsigned int cmd, unsigned long arg)
989{
990 if (cmd == UI_SET_PHYS_COMPAT)
991 cmd = UI_SET_PHYS;
992
993 return uinput_ioctl_handler(file, cmd, arg, compat_ptr(arg));
994}
995#endif
996
997static const struct file_operations uinput_fops = {
998 .owner = THIS_MODULE,
999 .open = uinput_open,
1000 .release = uinput_release,
1001 .read = uinput_read,
1002 .write = uinput_write,
1003 .poll = uinput_poll,
1004 .unlocked_ioctl = uinput_ioctl,
1005#ifdef CONFIG_COMPAT
1006 .compat_ioctl = uinput_compat_ioctl,
1007#endif
1008 .llseek = no_llseek,
1009};
1010
1011static struct miscdevice uinput_misc = {
1012 .fops = &uinput_fops,
1013 .minor = UINPUT_MINOR,
1014 .name = UINPUT_NAME,
1015};
1016module_misc_device(uinput_misc);
1017
1018MODULE_ALIAS_MISCDEV(UINPUT_MINOR);
1019MODULE_ALIAS("devname:" UINPUT_NAME);
1020
1021MODULE_AUTHOR("Aristeu Sergio Rozanski Filho");
1022MODULE_DESCRIPTION("User level driver support for input subsystem");
1023MODULE_LICENSE("GPL");
1024MODULE_VERSION("0.3");
1025
