• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * compat ioctls for control API
4  *
5  *   Copyright (c) by Takashi Iwai <tiwai@suse.de>
6  */
7 
8 /* this file included from control.c */
9 
10 #include <linux/compat.h>
11 #include <linux/slab.h>
12 
13 struct snd_ctl_elem_list32 {
14 	u32 offset;
15 	u32 space;
16 	u32 used;
17 	u32 count;
18 	u32 pids;
19 	unsigned char reserved[50];
20 } /* don't set packed attribute here */;
21 
snd_ctl_elem_list_compat(struct snd_card * card,struct snd_ctl_elem_list32 __user * data32)22 static int snd_ctl_elem_list_compat(struct snd_card *card,
23 				    struct snd_ctl_elem_list32 __user *data32)
24 {
25 	struct snd_ctl_elem_list data = {};
26 	compat_caddr_t ptr;
27 	int err;
28 
29 	/* offset, space, used, count */
30 	if (copy_from_user(&data, data32, 4 * sizeof(u32)))
31 		return -EFAULT;
32 	/* pids */
33 	if (get_user(ptr, &data32->pids))
34 		return -EFAULT;
35 	data.pids = compat_ptr(ptr);
36 	err = snd_ctl_elem_list(card, &data);
37 	if (err < 0)
38 		return err;
39 	/* copy the result */
40 	if (copy_to_user(data32, &data, 4 * sizeof(u32)))
41 		return -EFAULT;
42 	return 0;
43 }
44 
45 /*
46  * control element info
47  * it uses union, so the things are not easy..
48  */
49 
50 struct snd_ctl_elem_info32 {
51 	struct snd_ctl_elem_id id; // the size of struct is same
52 	s32 type;
53 	u32 access;
54 	u32 count;
55 	s32 owner;
56 	union {
57 		struct {
58 			s32 min;
59 			s32 max;
60 			s32 step;
61 		} integer;
62 		struct {
63 			u64 min;
64 			u64 max;
65 			u64 step;
66 		} integer64;
67 		struct {
68 			u32 items;
69 			u32 item;
70 			char name[64];
71 			u64 names_ptr;
72 			u32 names_length;
73 		} enumerated;
74 		unsigned char reserved[128];
75 	} value;
76 	unsigned char reserved[64];
77 } __attribute__((packed));
78 
snd_ctl_elem_info_compat(struct snd_ctl_file * ctl,struct snd_ctl_elem_info32 __user * data32)79 static int snd_ctl_elem_info_compat(struct snd_ctl_file *ctl,
80 				    struct snd_ctl_elem_info32 __user *data32)
81 {
82 	struct snd_ctl_elem_info *data;
83 	int err;
84 
85 	data = kzalloc(sizeof(*data), GFP_KERNEL);
86 	if (! data)
87 		return -ENOMEM;
88 
89 	err = -EFAULT;
90 	/* copy id */
91 	if (copy_from_user(&data->id, &data32->id, sizeof(data->id)))
92 		goto error;
93 	/* we need to copy the item index.
94 	 * hope this doesn't break anything..
95 	 */
96 	if (get_user(data->value.enumerated.item, &data32->value.enumerated.item))
97 		goto error;
98 
99 	err = snd_power_wait(ctl->card, SNDRV_CTL_POWER_D0);
100 	if (err < 0)
101 		goto error;
102 	err = snd_ctl_elem_info(ctl, data);
103 	if (err < 0)
104 		goto error;
105 	/* restore info to 32bit */
106 	err = -EFAULT;
107 	/* id, type, access, count */
108 	if (copy_to_user(&data32->id, &data->id, sizeof(data->id)) ||
109 	    copy_to_user(&data32->type, &data->type, 3 * sizeof(u32)))
110 		goto error;
111 	if (put_user(data->owner, &data32->owner))
112 		goto error;
113 	switch (data->type) {
114 	case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
115 	case SNDRV_CTL_ELEM_TYPE_INTEGER:
116 		if (put_user(data->value.integer.min, &data32->value.integer.min) ||
117 		    put_user(data->value.integer.max, &data32->value.integer.max) ||
118 		    put_user(data->value.integer.step, &data32->value.integer.step))
119 			goto error;
120 		break;
121 	case SNDRV_CTL_ELEM_TYPE_INTEGER64:
122 		if (copy_to_user(&data32->value.integer64,
123 				 &data->value.integer64,
124 				 sizeof(data->value.integer64)))
125 			goto error;
126 		break;
127 	case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
128 		if (copy_to_user(&data32->value.enumerated,
129 				 &data->value.enumerated,
130 				 sizeof(data->value.enumerated)))
131 			goto error;
132 		break;
133 	default:
134 		break;
135 	}
136 	err = 0;
137  error:
138 	kfree(data);
139 	return err;
140 }
141 
142 /* read / write */
143 struct snd_ctl_elem_value32 {
144 	struct snd_ctl_elem_id id;
145 	unsigned int indirect;	/* bit-field causes misalignment */
146         union {
147 		s32 integer[128];
148 		unsigned char data[512];
149 #ifndef CONFIG_X86_64
150 		s64 integer64[64];
151 #endif
152         } value;
153         unsigned char reserved[128];
154 };
155 
156 #ifdef CONFIG_X86_X32
157 /* x32 has a different alignment for 64bit values from ia32 */
158 struct snd_ctl_elem_value_x32 {
159 	struct snd_ctl_elem_id id;
160 	unsigned int indirect;	/* bit-field causes misalignment */
161 	union {
162 		s32 integer[128];
163 		unsigned char data[512];
164 		s64 integer64[64];
165 	} value;
166 	unsigned char reserved[128];
167 };
168 #endif /* CONFIG_X86_X32 */
169 
170 /* get the value type and count of the control */
get_ctl_type(struct snd_card * card,struct snd_ctl_elem_id * id,int * countp)171 static int get_ctl_type(struct snd_card *card, struct snd_ctl_elem_id *id,
172 			int *countp)
173 {
174 	struct snd_kcontrol *kctl;
175 	struct snd_ctl_elem_info *info;
176 	int err;
177 
178 	down_read(&card->controls_rwsem);
179 	kctl = snd_ctl_find_id(card, id);
180 	if (! kctl) {
181 		up_read(&card->controls_rwsem);
182 		return -ENOENT;
183 	}
184 	info = kzalloc(sizeof(*info), GFP_KERNEL);
185 	if (info == NULL) {
186 		up_read(&card->controls_rwsem);
187 		return -ENOMEM;
188 	}
189 	info->id = *id;
190 	err = kctl->info(kctl, info);
191 	up_read(&card->controls_rwsem);
192 	if (err >= 0) {
193 		err = info->type;
194 		*countp = info->count;
195 	}
196 	kfree(info);
197 	return err;
198 }
199 
get_elem_size(int type,int count)200 static int get_elem_size(int type, int count)
201 {
202 	switch (type) {
203 	case SNDRV_CTL_ELEM_TYPE_INTEGER64:
204 		return sizeof(s64) * count;
205 	case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
206 		return sizeof(int) * count;
207 	case SNDRV_CTL_ELEM_TYPE_BYTES:
208 		return 512;
209 	case SNDRV_CTL_ELEM_TYPE_IEC958:
210 		return sizeof(struct snd_aes_iec958);
211 	default:
212 		return -1;
213 	}
214 }
215 
copy_ctl_value_from_user(struct snd_card * card,struct snd_ctl_elem_value * data,void __user * userdata,void __user * valuep,int * typep,int * countp)216 static int copy_ctl_value_from_user(struct snd_card *card,
217 				    struct snd_ctl_elem_value *data,
218 				    void __user *userdata,
219 				    void __user *valuep,
220 				    int *typep, int *countp)
221 {
222 	struct snd_ctl_elem_value32 __user *data32 = userdata;
223 	int i, type, size;
224 	int count;
225 	unsigned int indirect;
226 
227 	if (copy_from_user(&data->id, &data32->id, sizeof(data->id)))
228 		return -EFAULT;
229 	if (get_user(indirect, &data32->indirect))
230 		return -EFAULT;
231 	if (indirect)
232 		return -EINVAL;
233 	type = get_ctl_type(card, &data->id, &count);
234 	if (type < 0)
235 		return type;
236 
237 	if (type == SNDRV_CTL_ELEM_TYPE_BOOLEAN ||
238 	    type == SNDRV_CTL_ELEM_TYPE_INTEGER) {
239 		for (i = 0; i < count; i++) {
240 			s32 __user *intp = valuep;
241 			int val;
242 			if (get_user(val, &intp[i]))
243 				return -EFAULT;
244 			data->value.integer.value[i] = val;
245 		}
246 	} else {
247 		size = get_elem_size(type, count);
248 		if (size < 0) {
249 			dev_err(card->dev, "snd_ioctl32_ctl_elem_value: unknown type %d\n", type);
250 			return -EINVAL;
251 		}
252 		if (copy_from_user(data->value.bytes.data, valuep, size))
253 			return -EFAULT;
254 	}
255 
256 	*typep = type;
257 	*countp = count;
258 	return 0;
259 }
260 
261 /* restore the value to 32bit */
copy_ctl_value_to_user(void __user * userdata,void __user * valuep,struct snd_ctl_elem_value * data,int type,int count)262 static int copy_ctl_value_to_user(void __user *userdata,
263 				  void __user *valuep,
264 				  struct snd_ctl_elem_value *data,
265 				  int type, int count)
266 {
267 	int i, size;
268 
269 	if (type == SNDRV_CTL_ELEM_TYPE_BOOLEAN ||
270 	    type == SNDRV_CTL_ELEM_TYPE_INTEGER) {
271 		for (i = 0; i < count; i++) {
272 			s32 __user *intp = valuep;
273 			int val;
274 			val = data->value.integer.value[i];
275 			if (put_user(val, &intp[i]))
276 				return -EFAULT;
277 		}
278 	} else {
279 		size = get_elem_size(type, count);
280 		if (copy_to_user(valuep, data->value.bytes.data, size))
281 			return -EFAULT;
282 	}
283 	return 0;
284 }
285 
ctl_elem_read_user(struct snd_card * card,void __user * userdata,void __user * valuep)286 static int ctl_elem_read_user(struct snd_card *card,
287 			      void __user *userdata, void __user *valuep)
288 {
289 	struct snd_ctl_elem_value *data;
290 	int err, type, count;
291 
292 	data = kzalloc(sizeof(*data), GFP_KERNEL);
293 	if (data == NULL)
294 		return -ENOMEM;
295 
296 	err = copy_ctl_value_from_user(card, data, userdata, valuep,
297 				       &type, &count);
298 	if (err < 0)
299 		goto error;
300 
301 	err = snd_power_wait(card, SNDRV_CTL_POWER_D0);
302 	if (err < 0)
303 		goto error;
304 	err = snd_ctl_elem_read(card, data);
305 	if (err < 0)
306 		goto error;
307 	err = copy_ctl_value_to_user(userdata, valuep, data, type, count);
308  error:
309 	kfree(data);
310 	return err;
311 }
312 
ctl_elem_write_user(struct snd_ctl_file * file,void __user * userdata,void __user * valuep)313 static int ctl_elem_write_user(struct snd_ctl_file *file,
314 			       void __user *userdata, void __user *valuep)
315 {
316 	struct snd_ctl_elem_value *data;
317 	struct snd_card *card = file->card;
318 	int err, type, count;
319 
320 	data = kzalloc(sizeof(*data), GFP_KERNEL);
321 	if (data == NULL)
322 		return -ENOMEM;
323 
324 	err = copy_ctl_value_from_user(card, data, userdata, valuep,
325 				       &type, &count);
326 	if (err < 0)
327 		goto error;
328 
329 	err = snd_power_wait(card, SNDRV_CTL_POWER_D0);
330 	if (err < 0)
331 		goto error;
332 	err = snd_ctl_elem_write(card, file, data);
333 	if (err < 0)
334 		goto error;
335 	err = copy_ctl_value_to_user(userdata, valuep, data, type, count);
336  error:
337 	kfree(data);
338 	return err;
339 }
340 
snd_ctl_elem_read_user_compat(struct snd_card * card,struct snd_ctl_elem_value32 __user * data32)341 static int snd_ctl_elem_read_user_compat(struct snd_card *card,
342 					 struct snd_ctl_elem_value32 __user *data32)
343 {
344 	return ctl_elem_read_user(card, data32, &data32->value);
345 }
346 
snd_ctl_elem_write_user_compat(struct snd_ctl_file * file,struct snd_ctl_elem_value32 __user * data32)347 static int snd_ctl_elem_write_user_compat(struct snd_ctl_file *file,
348 					  struct snd_ctl_elem_value32 __user *data32)
349 {
350 	return ctl_elem_write_user(file, data32, &data32->value);
351 }
352 
353 #ifdef CONFIG_X86_X32
snd_ctl_elem_read_user_x32(struct snd_card * card,struct snd_ctl_elem_value_x32 __user * data32)354 static int snd_ctl_elem_read_user_x32(struct snd_card *card,
355 				      struct snd_ctl_elem_value_x32 __user *data32)
356 {
357 	return ctl_elem_read_user(card, data32, &data32->value);
358 }
359 
snd_ctl_elem_write_user_x32(struct snd_ctl_file * file,struct snd_ctl_elem_value_x32 __user * data32)360 static int snd_ctl_elem_write_user_x32(struct snd_ctl_file *file,
361 				       struct snd_ctl_elem_value_x32 __user *data32)
362 {
363 	return ctl_elem_write_user(file, data32, &data32->value);
364 }
365 #endif /* CONFIG_X86_X32 */
366 
367 /* add or replace a user control */
snd_ctl_elem_add_compat(struct snd_ctl_file * file,struct snd_ctl_elem_info32 __user * data32,int replace)368 static int snd_ctl_elem_add_compat(struct snd_ctl_file *file,
369 				   struct snd_ctl_elem_info32 __user *data32,
370 				   int replace)
371 {
372 	struct snd_ctl_elem_info *data;
373 	int err;
374 
375 	data = kzalloc(sizeof(*data), GFP_KERNEL);
376 	if (! data)
377 		return -ENOMEM;
378 
379 	err = -EFAULT;
380 	/* id, type, access, count */ \
381 	if (copy_from_user(&data->id, &data32->id, sizeof(data->id)) ||
382 	    copy_from_user(&data->type, &data32->type, 3 * sizeof(u32)))
383 		goto error;
384 	if (get_user(data->owner, &data32->owner))
385 		goto error;
386 	switch (data->type) {
387 	case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
388 	case SNDRV_CTL_ELEM_TYPE_INTEGER:
389 		if (get_user(data->value.integer.min, &data32->value.integer.min) ||
390 		    get_user(data->value.integer.max, &data32->value.integer.max) ||
391 		    get_user(data->value.integer.step, &data32->value.integer.step))
392 			goto error;
393 		break;
394 	case SNDRV_CTL_ELEM_TYPE_INTEGER64:
395 		if (copy_from_user(&data->value.integer64,
396 				   &data32->value.integer64,
397 				   sizeof(data->value.integer64)))
398 			goto error;
399 		break;
400 	case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
401 		if (copy_from_user(&data->value.enumerated,
402 				   &data32->value.enumerated,
403 				   sizeof(data->value.enumerated)))
404 			goto error;
405 		data->value.enumerated.names_ptr =
406 			(uintptr_t)compat_ptr(data->value.enumerated.names_ptr);
407 		break;
408 	default:
409 		break;
410 	}
411 	err = snd_ctl_elem_add(file, data, replace);
412  error:
413 	kfree(data);
414 	return err;
415 }
416 
417 enum {
418 	SNDRV_CTL_IOCTL_ELEM_LIST32 = _IOWR('U', 0x10, struct snd_ctl_elem_list32),
419 	SNDRV_CTL_IOCTL_ELEM_INFO32 = _IOWR('U', 0x11, struct snd_ctl_elem_info32),
420 	SNDRV_CTL_IOCTL_ELEM_READ32 = _IOWR('U', 0x12, struct snd_ctl_elem_value32),
421 	SNDRV_CTL_IOCTL_ELEM_WRITE32 = _IOWR('U', 0x13, struct snd_ctl_elem_value32),
422 	SNDRV_CTL_IOCTL_ELEM_ADD32 = _IOWR('U', 0x17, struct snd_ctl_elem_info32),
423 	SNDRV_CTL_IOCTL_ELEM_REPLACE32 = _IOWR('U', 0x18, struct snd_ctl_elem_info32),
424 #ifdef CONFIG_X86_X32
425 	SNDRV_CTL_IOCTL_ELEM_READ_X32 = _IOWR('U', 0x12, struct snd_ctl_elem_value_x32),
426 	SNDRV_CTL_IOCTL_ELEM_WRITE_X32 = _IOWR('U', 0x13, struct snd_ctl_elem_value_x32),
427 #endif /* CONFIG_X86_X32 */
428 };
429 
snd_ctl_ioctl_compat(struct file * file,unsigned int cmd,unsigned long arg)430 static inline long snd_ctl_ioctl_compat(struct file *file, unsigned int cmd, unsigned long arg)
431 {
432 	struct snd_ctl_file *ctl;
433 	struct snd_kctl_ioctl *p;
434 	void __user *argp = compat_ptr(arg);
435 	int err;
436 
437 	ctl = file->private_data;
438 	if (snd_BUG_ON(!ctl || !ctl->card))
439 		return -ENXIO;
440 
441 	switch (cmd) {
442 	case SNDRV_CTL_IOCTL_PVERSION:
443 	case SNDRV_CTL_IOCTL_CARD_INFO:
444 	case SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS:
445 	case SNDRV_CTL_IOCTL_POWER:
446 	case SNDRV_CTL_IOCTL_POWER_STATE:
447 	case SNDRV_CTL_IOCTL_ELEM_LOCK:
448 	case SNDRV_CTL_IOCTL_ELEM_UNLOCK:
449 	case SNDRV_CTL_IOCTL_ELEM_REMOVE:
450 	case SNDRV_CTL_IOCTL_TLV_READ:
451 	case SNDRV_CTL_IOCTL_TLV_WRITE:
452 	case SNDRV_CTL_IOCTL_TLV_COMMAND:
453 		return snd_ctl_ioctl(file, cmd, (unsigned long)argp);
454 	case SNDRV_CTL_IOCTL_ELEM_LIST32:
455 		return snd_ctl_elem_list_compat(ctl->card, argp);
456 	case SNDRV_CTL_IOCTL_ELEM_INFO32:
457 		return snd_ctl_elem_info_compat(ctl, argp);
458 	case SNDRV_CTL_IOCTL_ELEM_READ32:
459 		return snd_ctl_elem_read_user_compat(ctl->card, argp);
460 	case SNDRV_CTL_IOCTL_ELEM_WRITE32:
461 		return snd_ctl_elem_write_user_compat(ctl, argp);
462 	case SNDRV_CTL_IOCTL_ELEM_ADD32:
463 		return snd_ctl_elem_add_compat(ctl, argp, 0);
464 	case SNDRV_CTL_IOCTL_ELEM_REPLACE32:
465 		return snd_ctl_elem_add_compat(ctl, argp, 1);
466 #ifdef CONFIG_X86_X32
467 	case SNDRV_CTL_IOCTL_ELEM_READ_X32:
468 		return snd_ctl_elem_read_user_x32(ctl->card, argp);
469 	case SNDRV_CTL_IOCTL_ELEM_WRITE_X32:
470 		return snd_ctl_elem_write_user_x32(ctl, argp);
471 #endif /* CONFIG_X86_X32 */
472 	}
473 
474 	down_read(&snd_ioctl_rwsem);
475 	list_for_each_entry(p, &snd_control_compat_ioctls, list) {
476 		if (p->fioctl) {
477 			err = p->fioctl(ctl->card, ctl, cmd, arg);
478 			if (err != -ENOIOCTLCMD) {
479 				up_read(&snd_ioctl_rwsem);
480 				return err;
481 			}
482 		}
483 	}
484 	up_read(&snd_ioctl_rwsem);
485 	return -ENOIOCTLCMD;
486 }
487