1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34#include <uapi/linux/uinput.h>
35#include <linux/poll.h>
36#include <linux/sched.h>
37#include <linux/slab.h>
38#include <linux/module.h>
39#include <linux/init.h>
40#include <linux/fs.h>
41#include <linux/miscdevice.h>
42#include <linux/input/mt.h>
43#include "../input-compat.h"
44
45#define UINPUT_NAME "uinput"
46#define UINPUT_BUFFER_SIZE 16
47#define UINPUT_NUM_REQUESTS 16
48
49enum uinput_state { UIST_NEW_DEVICE, UIST_SETUP_COMPLETE, UIST_CREATED };
50
51struct uinput_request {
52 unsigned int id;
53 unsigned int code;
54
55 int retval;
56 struct completion done;
57
58 union {
59 unsigned int effect_id;
60 struct {
61 struct ff_effect *effect;
62 struct ff_effect *old;
63 } upload;
64 } u;
65};
66
67struct uinput_device {
68 struct input_dev *dev;
69 struct mutex mutex;
70 enum uinput_state state;
71 wait_queue_head_t waitq;
72 unsigned char ready;
73 unsigned char head;
74 unsigned char tail;
75 struct input_event buff[UINPUT_BUFFER_SIZE];
76 unsigned int ff_effects_max;
77
78 struct uinput_request *requests[UINPUT_NUM_REQUESTS];
79 wait_queue_head_t requests_waitq;
80 spinlock_t requests_lock;
81};
82
83static int uinput_dev_event(struct input_dev *dev,
84 unsigned int type, unsigned int code, int value)
85{
86 struct uinput_device *udev = input_get_drvdata(dev);
87 struct timespec64 ts;
88
89 udev->buff[udev->head].type = type;
90 udev->buff[udev->head].code = code;
91 udev->buff[udev->head].value = value;
92 ktime_get_ts64(&ts);
93 udev->buff[udev->head].input_event_sec = ts.tv_sec;
94 udev->buff[udev->head].input_event_usec = ts.tv_nsec / NSEC_PER_USEC;
95 udev->head = (udev->head + 1) % UINPUT_BUFFER_SIZE;
96
97 wake_up_interruptible(&udev->waitq);
98
99 return 0;
100}
101
102
103static bool uinput_request_alloc_id(struct uinput_device *udev,
104 struct uinput_request *request)
105{
106 unsigned int id;
107 bool reserved = false;
108
109 spin_lock(&udev->requests_lock);
110
111 for (id = 0; id < UINPUT_NUM_REQUESTS; id++) {
112 if (!udev->requests[id]) {
113 request->id = id;
114 udev->requests[id] = request;
115 reserved = true;
116 break;
117 }
118 }
119
120 spin_unlock(&udev->requests_lock);
121 return reserved;
122}
123
124static struct uinput_request *uinput_request_find(struct uinput_device *udev,
125 unsigned int id)
126{
127
128 if (id >= UINPUT_NUM_REQUESTS)
129 return NULL;
130
131 return udev->requests[id];
132}
133
134static int uinput_request_reserve_slot(struct uinput_device *udev,
135 struct uinput_request *request)
136{
137
138 return wait_event_interruptible(udev->requests_waitq,
139 uinput_request_alloc_id(udev, request));
140}
141
142static void uinput_request_release_slot(struct uinput_device *udev,
143 unsigned int id)
144{
145
146 spin_lock(&udev->requests_lock);
147 udev->requests[id] = NULL;
148 spin_unlock(&udev->requests_lock);
149
150 wake_up(&udev->requests_waitq);
151}
152
153static int uinput_request_send(struct uinput_device *udev,
154 struct uinput_request *request)
155{
156 int retval;
157
158 retval = mutex_lock_interruptible(&udev->mutex);
159 if (retval)
160 return retval;
161
162 if (udev->state != UIST_CREATED) {
163 retval = -ENODEV;
164 goto out;
165 }
166
167 init_completion(&request->done);
168
169
170
171
172
173 uinput_dev_event(udev->dev, EV_UINPUT, request->code, request->id);
174
175 out:
176 mutex_unlock(&udev->mutex);
177 return retval;
178}
179
180static int uinput_request_submit(struct uinput_device *udev,
181 struct uinput_request *request)
182{
183 int retval;
184
185 retval = uinput_request_reserve_slot(udev, request);
186 if (retval)
187 return retval;
188
189 retval = uinput_request_send(udev, request);
190 if (retval)
191 goto out;
192
193 if (!wait_for_completion_timeout(&request->done, 30 * HZ)) {
194 retval = -ETIMEDOUT;
195 goto out;
196 }
197
198 retval = request->retval;
199
200 out:
201 uinput_request_release_slot(udev, request->id);
202 return retval;
203}
204
205
206
207
208
209static void uinput_flush_requests(struct uinput_device *udev)
210{
211 struct uinput_request *request;
212 int i;
213
214 spin_lock(&udev->requests_lock);
215
216 for (i = 0; i < UINPUT_NUM_REQUESTS; i++) {
217 request = udev->requests[i];
218 if (request) {
219 request->retval = -ENODEV;
220 complete(&request->done);
221 }
222 }
223
224 spin_unlock(&udev->requests_lock);
225}
226
227static void uinput_dev_set_gain(struct input_dev *dev, u16 gain)
228{
229 uinput_dev_event(dev, EV_FF, FF_GAIN, gain);
230}
231
232static void uinput_dev_set_autocenter(struct input_dev *dev, u16 magnitude)
233{
234 uinput_dev_event(dev, EV_FF, FF_AUTOCENTER, magnitude);
235}
236
237static int uinput_dev_playback(struct input_dev *dev, int effect_id, int value)
238{
239 return uinput_dev_event(dev, EV_FF, effect_id, value);
240}
241
242static int uinput_dev_upload_effect(struct input_dev *dev,
243 struct ff_effect *effect,
244 struct ff_effect *old)
245{
246 struct uinput_device *udev = input_get_drvdata(dev);
247 struct uinput_request request;
248
249
250
251
252
253
254
255
256 if (effect->type == FF_PERIODIC &&
257 effect->u.periodic.waveform == FF_CUSTOM)
258 return -EINVAL;
259
260 request.code = UI_FF_UPLOAD;
261 request.u.upload.effect = effect;
262 request.u.upload.old = old;
263
264 return uinput_request_submit(udev, &request);
265}
266
267static int uinput_dev_erase_effect(struct input_dev *dev, int effect_id)
268{
269 struct uinput_device *udev = input_get_drvdata(dev);
270 struct uinput_request request;
271
272 if (!test_bit(EV_FF, dev->evbit))
273 return -ENOSYS;
274
275 request.code = UI_FF_ERASE;
276 request.u.effect_id = effect_id;
277
278 return uinput_request_submit(udev, &request);
279}
280
281static int uinput_dev_flush(struct input_dev *dev, struct file *file)
282{
283
284
285
286
287
288
289
290 return file ? input_ff_flush(dev, file) : 0;
291}
292
293static void uinput_destroy_device(struct uinput_device *udev)
294{
295 const char *name, *phys;
296 struct input_dev *dev = udev->dev;
297 enum uinput_state old_state = udev->state;
298
299 udev->state = UIST_NEW_DEVICE;
300
301 if (dev) {
302 name = dev->name;
303 phys = dev->phys;
304 if (old_state == UIST_CREATED) {
305 uinput_flush_requests(udev);
306 input_unregister_device(dev);
307 } else {
308 input_free_device(dev);
309 }
310 kfree(name);
311 kfree(phys);
312 udev->dev = NULL;
313 }
314}
315
316static int uinput_create_device(struct uinput_device *udev)
317{
318 struct input_dev *dev = udev->dev;
319 int error, nslot;
320
321 if (udev->state != UIST_SETUP_COMPLETE) {
322 printk(KERN_DEBUG "%s: write device info first\n", UINPUT_NAME);
323 return -EINVAL;
324 }
325
326 if (test_bit(EV_ABS, dev->evbit)) {
327 input_alloc_absinfo(dev);
328 if (!dev->absinfo) {
329 error = -EINVAL;
330 goto fail1;
331 }
332
333 if (test_bit(ABS_MT_SLOT, dev->absbit)) {
334 nslot = input_abs_get_max(dev, ABS_MT_SLOT) + 1;
335 error = input_mt_init_slots(dev, nslot, 0);
336 if (error)
337 goto fail1;
338 } else if (test_bit(ABS_MT_POSITION_X, dev->absbit)) {
339 input_set_events_per_packet(dev, 60);
340 }
341 }
342
343 if (test_bit(EV_FF, dev->evbit) && !udev->ff_effects_max) {
344 printk(KERN_DEBUG "%s: ff_effects_max should be non-zero when FF_BIT is set\n",
345 UINPUT_NAME);
346 error = -EINVAL;
347 goto fail1;
348 }
349
350 if (udev->ff_effects_max) {
351 error = input_ff_create(dev, udev->ff_effects_max);
352 if (error)
353 goto fail1;
354
355 dev->ff->upload = uinput_dev_upload_effect;
356 dev->ff->erase = uinput_dev_erase_effect;
357 dev->ff->playback = uinput_dev_playback;
358 dev->ff->set_gain = uinput_dev_set_gain;
359 dev->ff->set_autocenter = uinput_dev_set_autocenter;
360
361
362
363
364
365 dev->flush = uinput_dev_flush;
366 }
367
368 dev->event = uinput_dev_event;
369
370 input_set_drvdata(udev->dev, udev);
371
372 error = input_register_device(udev->dev);
373 if (error)
374 goto fail2;
375
376 udev->state = UIST_CREATED;
377
378 return 0;
379
380 fail2: input_ff_destroy(dev);
381 fail1: uinput_destroy_device(udev);
382 return error;
383}
384
385static int uinput_open(struct inode *inode, struct file *file)
386{
387 struct uinput_device *newdev;
388
389 newdev = kzalloc(sizeof(struct uinput_device), GFP_KERNEL);
390 if (!newdev)
391 return -ENOMEM;
392
393 mutex_init(&newdev->mutex);
394 spin_lock_init(&newdev->requests_lock);
395 init_waitqueue_head(&newdev->requests_waitq);
396 init_waitqueue_head(&newdev->waitq);
397 newdev->state = UIST_NEW_DEVICE;
398
399 file->private_data = newdev;
400 nonseekable_open(inode, file);
401
402 return 0;
403}
404
405static int uinput_validate_absinfo(struct input_dev *dev, unsigned int code,
406 const struct input_absinfo *abs)
407{
408 int min, max;
409
410 min = abs->minimum;
411 max = abs->maximum;
412
413 if ((min != 0 || max != 0) && max < min) {
414 printk(KERN_DEBUG
415 "%s: invalid abs[%02x] min:%d max:%d\n",
416 UINPUT_NAME, code, min, max);
417 return -EINVAL;
418 }
419
420 if (abs->flat > max - min) {
421 printk(KERN_DEBUG
422 "%s: abs_flat #%02x out of range: %d (min:%d/max:%d)\n",
423 UINPUT_NAME, code, abs->flat, min, max);
424 return -EINVAL;
425 }
426
427 return 0;
428}
429
430static int uinput_validate_absbits(struct input_dev *dev)
431{
432 unsigned int cnt;
433 int error;
434
435 if (!test_bit(EV_ABS, dev->evbit))
436 return 0;
437
438
439
440
441
442 for_each_set_bit(cnt, dev->absbit, ABS_CNT) {
443 if (!dev->absinfo)
444 return -EINVAL;
445
446 error = uinput_validate_absinfo(dev, cnt, &dev->absinfo[cnt]);
447 if (error)
448 return error;
449 }
450
451 return 0;
452}
453
454static int uinput_dev_setup(struct uinput_device *udev,
455 struct uinput_setup __user *arg)
456{
457 struct uinput_setup setup;
458 struct input_dev *dev;
459
460 if (udev->state == UIST_CREATED)
461 return -EINVAL;
462
463 if (copy_from_user(&setup, arg, sizeof(setup)))
464 return -EFAULT;
465
466 if (!setup.name[0])
467 return -EINVAL;
468
469 dev = udev->dev;
470 dev->id = setup.id;
471 udev->ff_effects_max = setup.ff_effects_max;
472
473 kfree(dev->name);
474 dev->name = kstrndup(setup.name, UINPUT_MAX_NAME_SIZE, GFP_KERNEL);
475 if (!dev->name)
476 return -ENOMEM;
477
478 udev->state = UIST_SETUP_COMPLETE;
479 return 0;
480}
481
482static int uinput_abs_setup(struct uinput_device *udev,
483 struct uinput_setup __user *arg, size_t size)
484{
485 struct uinput_abs_setup setup = {};
486 struct input_dev *dev;
487 int error;
488
489 if (size > sizeof(setup))
490 return -E2BIG;
491
492 if (udev->state == UIST_CREATED)
493 return -EINVAL;
494
495 if (copy_from_user(&setup, arg, size))
496 return -EFAULT;
497
498 if (setup.code > ABS_MAX)
499 return -ERANGE;
500
501 dev = udev->dev;
502
503 error = uinput_validate_absinfo(dev, setup.code, &setup.absinfo);
504 if (error)
505 return error;
506
507 input_alloc_absinfo(dev);
508 if (!dev->absinfo)
509 return -ENOMEM;
510
511 set_bit(setup.code, dev->absbit);
512 dev->absinfo[setup.code] = setup.absinfo;
513 return 0;
514}
515
516
517static int uinput_setup_device_legacy(struct uinput_device *udev,
518 const char __user *buffer, size_t count)
519{
520 struct uinput_user_dev *user_dev;
521 struct input_dev *dev;
522 int i;
523 int retval;
524
525 if (count != sizeof(struct uinput_user_dev))
526 return -EINVAL;
527
528 if (!udev->dev) {
529 udev->dev = input_allocate_device();
530 if (!udev->dev)
531 return -ENOMEM;
532 }
533
534 dev = udev->dev;
535
536 user_dev = memdup_user(buffer, sizeof(struct uinput_user_dev));
537 if (IS_ERR(user_dev))
538 return PTR_ERR(user_dev);
539
540 udev->ff_effects_max = user_dev->ff_effects_max;
541
542
543 if (!user_dev->name[0]) {
544 retval = -EINVAL;
545 goto exit;
546 }
547
548 kfree(dev->name);
549 dev->name = kstrndup(user_dev->name, UINPUT_MAX_NAME_SIZE,
550 GFP_KERNEL);
551 if (!dev->name) {
552 retval = -ENOMEM;
553 goto exit;
554 }
555
556 dev->id.bustype = user_dev->id.bustype;
557 dev->id.vendor = user_dev->id.vendor;
558 dev->id.product = user_dev->id.product;
559 dev->id.version = user_dev->id.version;
560
561 for (i = 0; i < ABS_CNT; i++) {
562 input_abs_set_max(dev, i, user_dev->absmax[i]);
563 input_abs_set_min(dev, i, user_dev->absmin[i]);
564 input_abs_set_fuzz(dev, i, user_dev->absfuzz[i]);
565 input_abs_set_flat(dev, i, user_dev->absflat[i]);
566 }
567
568 retval = uinput_validate_absbits(dev);
569 if (retval < 0)
570 goto exit;
571
572 udev->state = UIST_SETUP_COMPLETE;
573 retval = count;
574
575 exit:
576 kfree(user_dev);
577 return retval;
578}
579
580static ssize_t uinput_inject_events(struct uinput_device *udev,
581 const char __user *buffer, size_t count)
582{
583 struct input_event ev;
584 size_t bytes = 0;
585
586 if (count != 0 && count < input_event_size())
587 return -EINVAL;
588
589 while (bytes + input_event_size() <= count) {
590
591
592
593
594
595
596 if (input_event_from_user(buffer + bytes, &ev))
597 return -EFAULT;
598
599 input_event(udev->dev, ev.type, ev.code, ev.value);
600 bytes += input_event_size();
601 cond_resched();
602 }
603
604 return bytes;
605}
606
607static ssize_t uinput_write(struct file *file, const char __user *buffer,
608 size_t count, loff_t *ppos)
609{
610 struct uinput_device *udev = file->private_data;
611 int retval;
612
613 if (count == 0)
614 return 0;
615
616 retval = mutex_lock_interruptible(&udev->mutex);
617 if (retval)
618 return retval;
619
620 retval = udev->state == UIST_CREATED ?
621 uinput_inject_events(udev, buffer, count) :
622 uinput_setup_device_legacy(udev, buffer, count);
623
624 mutex_unlock(&udev->mutex);
625
626 return retval;
627}
628
629static bool uinput_fetch_next_event(struct uinput_device *udev,
630 struct input_event *event)
631{
632 bool have_event;
633
634 spin_lock_irq(&udev->dev->event_lock);
635
636 have_event = udev->head != udev->tail;
637 if (have_event) {
638 *event = udev->buff[udev->tail];
639 udev->tail = (udev->tail + 1) % UINPUT_BUFFER_SIZE;
640 }
641
642 spin_unlock_irq(&udev->dev->event_lock);
643
644 return have_event;
645}
646
647static ssize_t uinput_events_to_user(struct uinput_device *udev,
648 char __user *buffer, size_t count)
649{
650 struct input_event event;
651 size_t read = 0;
652
653 while (read + input_event_size() <= count &&
654 uinput_fetch_next_event(udev, &event)) {
655
656 if (input_event_to_user(buffer + read, &event))
657 return -EFAULT;
658
659 read += input_event_size();
660 }
661
662 return read;
663}
664
665static ssize_t uinput_read(struct file *file, char __user *buffer,
666 size_t count, loff_t *ppos)
667{
668 struct uinput_device *udev = file->private_data;
669 ssize_t retval;
670
671 if (count != 0 && count < input_event_size())
672 return -EINVAL;
673
674 do {
675 retval = mutex_lock_interruptible(&udev->mutex);
676 if (retval)
677 return retval;
678
679 if (udev->state != UIST_CREATED)
680 retval = -ENODEV;
681 else if (udev->head == udev->tail &&
682 (file->f_flags & O_NONBLOCK))
683 retval = -EAGAIN;
684 else
685 retval = uinput_events_to_user(udev, buffer, count);
686
687 mutex_unlock(&udev->mutex);
688
689 if (retval || count == 0)
690 break;
691
692 if (!(file->f_flags & O_NONBLOCK))
693 retval = wait_event_interruptible(udev->waitq,
694 udev->head != udev->tail ||
695 udev->state != UIST_CREATED);
696 } while (retval == 0);
697
698 return retval;
699}
700
701static __poll_t uinput_poll(struct file *file, poll_table *wait)
702{
703 struct uinput_device *udev = file->private_data;
704
705 poll_wait(file, &udev->waitq, wait);
706
707 if (udev->head != udev->tail)
708 return EPOLLIN | EPOLLRDNORM;
709
710 return 0;
711}
712
713static int uinput_release(struct inode *inode, struct file *file)
714{
715 struct uinput_device *udev = file->private_data;
716
717 uinput_destroy_device(udev);
718 kfree(udev);
719
720 return 0;
721}
722
723#ifdef CONFIG_COMPAT
724struct uinput_ff_upload_compat {
725 __u32 request_id;
726 __s32 retval;
727 struct ff_effect_compat effect;
728 struct ff_effect_compat old;
729};
730
731static int uinput_ff_upload_to_user(char __user *buffer,
732 const struct uinput_ff_upload *ff_up)
733{
734 if (in_compat_syscall()) {
735 struct uinput_ff_upload_compat ff_up_compat;
736
737 ff_up_compat.request_id = ff_up->request_id;
738 ff_up_compat.retval = ff_up->retval;
739
740
741
742
743
744
745 memcpy(&ff_up_compat.effect, &ff_up->effect,
746 sizeof(struct ff_effect_compat));
747 memcpy(&ff_up_compat.old, &ff_up->old,
748 sizeof(struct ff_effect_compat));
749
750 if (copy_to_user(buffer, &ff_up_compat,
751 sizeof(struct uinput_ff_upload_compat)))
752 return -EFAULT;
753 } else {
754 if (copy_to_user(buffer, ff_up,
755 sizeof(struct uinput_ff_upload)))
756 return -EFAULT;
757 }
758
759 return 0;
760}
761
762static int uinput_ff_upload_from_user(const char __user *buffer,
763 struct uinput_ff_upload *ff_up)
764{
765 if (in_compat_syscall()) {
766 struct uinput_ff_upload_compat ff_up_compat;
767
768 if (copy_from_user(&ff_up_compat, buffer,
769 sizeof(struct uinput_ff_upload_compat)))
770 return -EFAULT;
771
772 ff_up->request_id = ff_up_compat.request_id;
773 ff_up->retval = ff_up_compat.retval;
774 memcpy(&ff_up->effect, &ff_up_compat.effect,
775 sizeof(struct ff_effect_compat));
776 memcpy(&ff_up->old, &ff_up_compat.old,
777 sizeof(struct ff_effect_compat));
778
779 } else {
780 if (copy_from_user(ff_up, buffer,
781 sizeof(struct uinput_ff_upload)))
782 return -EFAULT;
783 }
784
785 return 0;
786}
787
788#else
789
790static int uinput_ff_upload_to_user(char __user *buffer,
791 const struct uinput_ff_upload *ff_up)
792{
793 if (copy_to_user(buffer, ff_up, sizeof(struct uinput_ff_upload)))
794 return -EFAULT;
795
796 return 0;
797}
798
799static int uinput_ff_upload_from_user(const char __user *buffer,
800 struct uinput_ff_upload *ff_up)
801{
802 if (copy_from_user(ff_up, buffer, sizeof(struct uinput_ff_upload)))
803 return -EFAULT;
804
805 return 0;
806}
807
808#endif
809
810#define uinput_set_bit(_arg, _bit, _max) \
811({ \
812 int __ret = 0; \
813 if (udev->state == UIST_CREATED) \
814 __ret = -EINVAL; \
815 else if ((_arg) > (_max)) \
816 __ret = -EINVAL; \
817 else set_bit((_arg), udev->dev->_bit); \
818 __ret; \
819})
820
821static int uinput_str_to_user(void __user *dest, const char *str,
822 unsigned int maxlen)
823{
824 char __user *p = dest;
825 int len, ret;
826
827 if (!str)
828 return -ENOENT;
829
830 if (maxlen == 0)
831 return -EINVAL;
832
833 len = strlen(str) + 1;
834 if (len > maxlen)
835 len = maxlen;
836
837 ret = copy_to_user(p, str, len);
838 if (ret)
839 return -EFAULT;
840
841
842 ret = put_user(0, p + len - 1);
843 return ret ? -EFAULT : len;
844}
845
846static long uinput_ioctl_handler(struct file *file, unsigned int cmd,
847 unsigned long arg, void __user *p)
848{
849 int retval;
850 struct uinput_device *udev = file->private_data;
851 struct uinput_ff_upload ff_up;
852 struct uinput_ff_erase ff_erase;
853 struct uinput_request *req;
854 char *phys;
855 const char *name;
856 unsigned int size;
857
858 retval = mutex_lock_interruptible(&udev->mutex);
859 if (retval)
860 return retval;
861
862 if (!udev->dev) {
863 udev->dev = input_allocate_device();
864 if (!udev->dev) {
865 retval = -ENOMEM;
866 goto out;
867 }
868 }
869
870 switch (cmd) {
871 case UI_GET_VERSION:
872 if (put_user(UINPUT_VERSION, (unsigned int __user *)p))
873 retval = -EFAULT;
874 goto out;
875
876 case UI_DEV_CREATE:
877 retval = uinput_create_device(udev);
878 goto out;
879
880 case UI_DEV_DESTROY:
881 uinput_destroy_device(udev);
882 goto out;
883
884 case UI_DEV_SETUP:
885 retval = uinput_dev_setup(udev, p);
886 goto out;
887
888
889
890 case UI_SET_EVBIT:
891 retval = uinput_set_bit(arg, evbit, EV_MAX);
892 goto out;
893
894 case UI_SET_KEYBIT:
895 retval = uinput_set_bit(arg, keybit, KEY_MAX);
896 goto out;
897
898 case UI_SET_RELBIT:
899 retval = uinput_set_bit(arg, relbit, REL_MAX);
900 goto out;
901
902 case UI_SET_ABSBIT:
903 retval = uinput_set_bit(arg, absbit, ABS_MAX);
904 goto out;
905
906 case UI_SET_MSCBIT:
907 retval = uinput_set_bit(arg, mscbit, MSC_MAX);
908 goto out;
909
910 case UI_SET_LEDBIT:
911 retval = uinput_set_bit(arg, ledbit, LED_MAX);
912 goto out;
913
914 case UI_SET_SNDBIT:
915 retval = uinput_set_bit(arg, sndbit, SND_MAX);
916 goto out;
917
918 case UI_SET_FFBIT:
919 retval = uinput_set_bit(arg, ffbit, FF_MAX);
920 goto out;
921
922 case UI_SET_SWBIT:
923 retval = uinput_set_bit(arg, swbit, SW_MAX);
924 goto out;
925
926 case UI_SET_PROPBIT:
927 retval = uinput_set_bit(arg, propbit, INPUT_PROP_MAX);
928 goto out;
929
930 case UI_SET_PHYS:
931 if (udev->state == UIST_CREATED) {
932 retval = -EINVAL;
933 goto out;
934 }
935
936 phys = strndup_user(p, 1024);
937 if (IS_ERR(phys)) {
938 retval = PTR_ERR(phys);
939 goto out;
940 }
941
942 kfree(udev->dev->phys);
943 udev->dev->phys = phys;
944 goto out;
945
946 case UI_BEGIN_FF_UPLOAD:
947 retval = uinput_ff_upload_from_user(p, &ff_up);
948 if (retval)
949 goto out;
950
951 req = uinput_request_find(udev, ff_up.request_id);
952 if (!req || req->code != UI_FF_UPLOAD ||
953 !req->u.upload.effect) {
954 retval = -EINVAL;
955 goto out;
956 }
957
958 ff_up.retval = 0;
959 ff_up.effect = *req->u.upload.effect;
960 if (req->u.upload.old)
961 ff_up.old = *req->u.upload.old;
962 else
963 memset(&ff_up.old, 0, sizeof(struct ff_effect));
964
965 retval = uinput_ff_upload_to_user(p, &ff_up);
966 goto out;
967
968 case UI_BEGIN_FF_ERASE:
969 if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) {
970 retval = -EFAULT;
971 goto out;
972 }
973
974 req = uinput_request_find(udev, ff_erase.request_id);
975 if (!req || req->code != UI_FF_ERASE) {
976 retval = -EINVAL;
977 goto out;
978 }
979
980 ff_erase.retval = 0;
981 ff_erase.effect_id = req->u.effect_id;
982 if (copy_to_user(p, &ff_erase, sizeof(ff_erase))) {
983 retval = -EFAULT;
984 goto out;
985 }
986
987 goto out;
988
989 case UI_END_FF_UPLOAD:
990 retval = uinput_ff_upload_from_user(p, &ff_up);
991 if (retval)
992 goto out;
993
994 req = uinput_request_find(udev, ff_up.request_id);
995 if (!req || req->code != UI_FF_UPLOAD ||
996 !req->u.upload.effect) {
997 retval = -EINVAL;
998 goto out;
999 }
1000
1001 req->retval = ff_up.retval;
1002 complete(&req->done);
1003 goto out;
1004
1005 case UI_END_FF_ERASE:
1006 if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) {
1007 retval = -EFAULT;
1008 goto out;
1009 }
1010
1011 req = uinput_request_find(udev, ff_erase.request_id);
1012 if (!req || req->code != UI_FF_ERASE) {
1013 retval = -EINVAL;
1014 goto out;
1015 }
1016
1017 req->retval = ff_erase.retval;
1018 complete(&req->done);
1019 goto out;
1020 }
1021
1022 size = _IOC_SIZE(cmd);
1023
1024
1025 switch (cmd & ~IOCSIZE_MASK) {
1026 case UI_GET_SYSNAME(0):
1027 if (udev->state != UIST_CREATED) {
1028 retval = -ENOENT;
1029 goto out;
1030 }
1031 name = dev_name(&udev->dev->dev);
1032 retval = uinput_str_to_user(p, name, size);
1033 goto out;
1034
1035 case UI_ABS_SETUP & ~IOCSIZE_MASK:
1036 retval = uinput_abs_setup(udev, p, size);
1037 goto out;
1038 }
1039
1040 retval = -EINVAL;
1041 out:
1042 mutex_unlock(&udev->mutex);
1043 return retval;
1044}
1045
1046static long uinput_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1047{
1048 return uinput_ioctl_handler(file, cmd, arg, (void __user *)arg);
1049}
1050
1051#ifdef CONFIG_COMPAT
1052
1053#define UI_SET_PHYS_COMPAT _IOW(UINPUT_IOCTL_BASE, 108, compat_uptr_t)
1054
1055static long uinput_compat_ioctl(struct file *file,
1056 unsigned int cmd, unsigned long arg)
1057{
1058 if (cmd == UI_SET_PHYS_COMPAT)
1059 cmd = UI_SET_PHYS;
1060
1061 return uinput_ioctl_handler(file, cmd, arg, compat_ptr(arg));
1062}
1063#endif
1064
1065static const struct file_operations uinput_fops = {
1066 .owner = THIS_MODULE,
1067 .open = uinput_open,
1068 .release = uinput_release,
1069 .read = uinput_read,
1070 .write = uinput_write,
1071 .poll = uinput_poll,
1072 .unlocked_ioctl = uinput_ioctl,
1073#ifdef CONFIG_COMPAT
1074 .compat_ioctl = uinput_compat_ioctl,
1075#endif
1076 .llseek = no_llseek,
1077};
1078
1079static struct miscdevice uinput_misc = {
1080 .fops = &uinput_fops,
1081 .minor = UINPUT_MINOR,
1082 .name = UINPUT_NAME,
1083};
1084module_misc_device(uinput_misc);
1085
1086MODULE_ALIAS_MISCDEV(UINPUT_MINOR);
1087MODULE_ALIAS("devname:" UINPUT_NAME);
1088
1089MODULE_AUTHOR("Aristeu Sergio Rozanski Filho");
1090MODULE_DESCRIPTION("User level driver support for input subsystem");
1091MODULE_LICENSE("GPL");
1092
