1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Joystick device driver for the input driver suite.
4 *
5 * Copyright (c) 1999-2002 Vojtech Pavlik
6 * Copyright (c) 1999 Colin Van Dyke
7 */
8
9 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10
11 #include <asm/io.h>
12 #include <linux/delay.h>
13 #include <linux/errno.h>
14 #include <linux/joystick.h>
15 #include <linux/input.h>
16 #include <linux/kernel.h>
17 #include <linux/major.h>
18 #include <linux/sched.h>
19 #include <linux/slab.h>
20 #include <linux/mm.h>
21 #include <linux/module.h>
22 #include <linux/poll.h>
23 #include <linux/init.h>
24 #include <linux/device.h>
25 #include <linux/cdev.h>
26
27 MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>");
28 MODULE_DESCRIPTION("Joystick device interfaces");
29 MODULE_SUPPORTED_DEVICE("input/js");
30 MODULE_LICENSE("GPL");
31
32 #define JOYDEV_MINOR_BASE 0
33 #define JOYDEV_MINORS 16
34 #define JOYDEV_BUFFER_SIZE 64
35
36 struct joydev {
37 int open;
38 struct input_handle handle;
39 wait_queue_head_t wait;
40 struct list_head client_list;
41 spinlock_t client_lock; /* protects client_list */
42 struct mutex mutex;
43 struct device dev;
44 struct cdev cdev;
45 bool exist;
46
47 struct js_corr corr[ABS_CNT];
48 struct JS_DATA_SAVE_TYPE glue;
49 int nabs;
50 int nkey;
51 __u16 keymap[KEY_MAX - BTN_MISC + 1];
52 __u16 keypam[KEY_MAX - BTN_MISC + 1];
53 __u8 absmap[ABS_CNT];
54 __u8 abspam[ABS_CNT];
55 __s16 abs[ABS_CNT];
56 };
57
58 struct joydev_client {
59 struct js_event buffer[JOYDEV_BUFFER_SIZE];
60 int head;
61 int tail;
62 int startup;
63 spinlock_t buffer_lock; /* protects access to buffer, head and tail */
64 struct fasync_struct *fasync;
65 struct joydev *joydev;
66 struct list_head node;
67 };
68
joydev_correct(int value,struct js_corr * corr)69 static int joydev_correct(int value, struct js_corr *corr)
70 {
71 switch (corr->type) {
72
73 case JS_CORR_NONE:
74 break;
75
76 case JS_CORR_BROKEN:
77 value = value > corr->coef[0] ? (value < corr->coef[1] ? 0 :
78 ((corr->coef[3] * (value - corr->coef[1])) >> 14)) :
79 ((corr->coef[2] * (value - corr->coef[0])) >> 14);
80 break;
81
82 default:
83 return 0;
84 }
85
86 return clamp(value, -32767, 32767);
87 }
88
joydev_pass_event(struct joydev_client * client,struct js_event * event)89 static void joydev_pass_event(struct joydev_client *client,
90 struct js_event *event)
91 {
92 struct joydev *joydev = client->joydev;
93
94 /*
95 * IRQs already disabled, just acquire the lock
96 */
97 spin_lock(&client->buffer_lock);
98
99 client->buffer[client->head] = *event;
100
101 if (client->startup == joydev->nabs + joydev->nkey) {
102 client->head++;
103 client->head &= JOYDEV_BUFFER_SIZE - 1;
104 if (client->tail == client->head)
105 client->startup = 0;
106 }
107
108 spin_unlock(&client->buffer_lock);
109
110 kill_fasync(&client->fasync, SIGIO, POLL_IN);
111 }
112
joydev_event(struct input_handle * handle,unsigned int type,unsigned int code,int value)113 static void joydev_event(struct input_handle *handle,
114 unsigned int type, unsigned int code, int value)
115 {
116 struct joydev *joydev = handle->private;
117 struct joydev_client *client;
118 struct js_event event;
119
120 switch (type) {
121
122 case EV_KEY:
123 if (code < BTN_MISC || value == 2)
124 return;
125 event.type = JS_EVENT_BUTTON;
126 event.number = joydev->keymap[code - BTN_MISC];
127 event.value = value;
128 break;
129
130 case EV_ABS:
131 event.type = JS_EVENT_AXIS;
132 event.number = joydev->absmap[code];
133 event.value = joydev_correct(value,
134 &joydev->corr[event.number]);
135 if (event.value == joydev->abs[event.number])
136 return;
137 joydev->abs[event.number] = event.value;
138 break;
139
140 default:
141 return;
142 }
143
144 event.time = jiffies_to_msecs(jiffies);
145
146 rcu_read_lock();
147 list_for_each_entry_rcu(client, &joydev->client_list, node)
148 joydev_pass_event(client, &event);
149 rcu_read_unlock();
150
151 wake_up_interruptible(&joydev->wait);
152 }
153
joydev_fasync(int fd,struct file * file,int on)154 static int joydev_fasync(int fd, struct file *file, int on)
155 {
156 struct joydev_client *client = file->private_data;
157
158 return fasync_helper(fd, file, on, &client->fasync);
159 }
160
joydev_free(struct device * dev)161 static void joydev_free(struct device *dev)
162 {
163 struct joydev *joydev = container_of(dev, struct joydev, dev);
164
165 input_put_device(joydev->handle.dev);
166 kfree(joydev);
167 }
168
joydev_attach_client(struct joydev * joydev,struct joydev_client * client)169 static void joydev_attach_client(struct joydev *joydev,
170 struct joydev_client *client)
171 {
172 spin_lock(&joydev->client_lock);
173 list_add_tail_rcu(&client->node, &joydev->client_list);
174 spin_unlock(&joydev->client_lock);
175 }
176
joydev_detach_client(struct joydev * joydev,struct joydev_client * client)177 static void joydev_detach_client(struct joydev *joydev,
178 struct joydev_client *client)
179 {
180 spin_lock(&joydev->client_lock);
181 list_del_rcu(&client->node);
182 spin_unlock(&joydev->client_lock);
183 synchronize_rcu();
184 }
185
joydev_refresh_state(struct joydev * joydev)186 static void joydev_refresh_state(struct joydev *joydev)
187 {
188 struct input_dev *dev = joydev->handle.dev;
189 int i, val;
190
191 for (i = 0; i < joydev->nabs; i++) {
192 val = input_abs_get_val(dev, joydev->abspam[i]);
193 joydev->abs[i] = joydev_correct(val, &joydev->corr[i]);
194 }
195 }
196
joydev_open_device(struct joydev * joydev)197 static int joydev_open_device(struct joydev *joydev)
198 {
199 int retval;
200
201 retval = mutex_lock_interruptible(&joydev->mutex);
202 if (retval)
203 return retval;
204
205 if (!joydev->exist)
206 retval = -ENODEV;
207 else if (!joydev->open++) {
208 retval = input_open_device(&joydev->handle);
209 if (retval)
210 joydev->open--;
211 else
212 joydev_refresh_state(joydev);
213 }
214
215 mutex_unlock(&joydev->mutex);
216 return retval;
217 }
218
joydev_close_device(struct joydev * joydev)219 static void joydev_close_device(struct joydev *joydev)
220 {
221 mutex_lock(&joydev->mutex);
222
223 if (joydev->exist && !--joydev->open)
224 input_close_device(&joydev->handle);
225
226 mutex_unlock(&joydev->mutex);
227 }
228
229 /*
230 * Wake up users waiting for IO so they can disconnect from
231 * dead device.
232 */
joydev_hangup(struct joydev * joydev)233 static void joydev_hangup(struct joydev *joydev)
234 {
235 struct joydev_client *client;
236
237 spin_lock(&joydev->client_lock);
238 list_for_each_entry(client, &joydev->client_list, node)
239 kill_fasync(&client->fasync, SIGIO, POLL_HUP);
240 spin_unlock(&joydev->client_lock);
241
242 wake_up_interruptible(&joydev->wait);
243 }
244
joydev_release(struct inode * inode,struct file * file)245 static int joydev_release(struct inode *inode, struct file *file)
246 {
247 struct joydev_client *client = file->private_data;
248 struct joydev *joydev = client->joydev;
249
250 joydev_detach_client(joydev, client);
251 kfree(client);
252
253 joydev_close_device(joydev);
254
255 return 0;
256 }
257
joydev_open(struct inode * inode,struct file * file)258 static int joydev_open(struct inode *inode, struct file *file)
259 {
260 struct joydev *joydev =
261 container_of(inode->i_cdev, struct joydev, cdev);
262 struct joydev_client *client;
263 int error;
264
265 client = kzalloc(sizeof(struct joydev_client), GFP_KERNEL);
266 if (!client)
267 return -ENOMEM;
268
269 spin_lock_init(&client->buffer_lock);
270 client->joydev = joydev;
271 joydev_attach_client(joydev, client);
272
273 error = joydev_open_device(joydev);
274 if (error)
275 goto err_free_client;
276
277 file->private_data = client;
278 stream_open(inode, file);
279
280 return 0;
281
282 err_free_client:
283 joydev_detach_client(joydev, client);
284 kfree(client);
285 return error;
286 }
287
joydev_generate_startup_event(struct joydev_client * client,struct input_dev * input,struct js_event * event)288 static int joydev_generate_startup_event(struct joydev_client *client,
289 struct input_dev *input,
290 struct js_event *event)
291 {
292 struct joydev *joydev = client->joydev;
293 int have_event;
294
295 spin_lock_irq(&client->buffer_lock);
296
297 have_event = client->startup < joydev->nabs + joydev->nkey;
298
299 if (have_event) {
300
301 event->time = jiffies_to_msecs(jiffies);
302 if (client->startup < joydev->nkey) {
303 event->type = JS_EVENT_BUTTON | JS_EVENT_INIT;
304 event->number = client->startup;
305 event->value = !!test_bit(joydev->keypam[event->number],
306 input->key);
307 } else {
308 event->type = JS_EVENT_AXIS | JS_EVENT_INIT;
309 event->number = client->startup - joydev->nkey;
310 event->value = joydev->abs[event->number];
311 }
312 client->startup++;
313 }
314
315 spin_unlock_irq(&client->buffer_lock);
316
317 return have_event;
318 }
319
joydev_fetch_next_event(struct joydev_client * client,struct js_event * event)320 static int joydev_fetch_next_event(struct joydev_client *client,
321 struct js_event *event)
322 {
323 int have_event;
324
325 spin_lock_irq(&client->buffer_lock);
326
327 have_event = client->head != client->tail;
328 if (have_event) {
329 *event = client->buffer[client->tail++];
330 client->tail &= JOYDEV_BUFFER_SIZE - 1;
331 }
332
333 spin_unlock_irq(&client->buffer_lock);
334
335 return have_event;
336 }
337
338 /*
339 * Old joystick interface
340 */
joydev_0x_read(struct joydev_client * client,struct input_dev * input,char __user * buf)341 static ssize_t joydev_0x_read(struct joydev_client *client,
342 struct input_dev *input,
343 char __user *buf)
344 {
345 struct joydev *joydev = client->joydev;
346 struct JS_DATA_TYPE data;
347 int i;
348
349 spin_lock_irq(&input->event_lock);
350
351 /*
352 * Get device state
353 */
354 for (data.buttons = i = 0; i < 32 && i < joydev->nkey; i++)
355 data.buttons |=
356 test_bit(joydev->keypam[i], input->key) ? (1 << i) : 0;
357 data.x = (joydev->abs[0] / 256 + 128) >> joydev->glue.JS_CORR.x;
358 data.y = (joydev->abs[1] / 256 + 128) >> joydev->glue.JS_CORR.y;
359
360 /*
361 * Reset reader's event queue
362 */
363 spin_lock(&client->buffer_lock);
364 client->startup = 0;
365 client->tail = client->head;
366 spin_unlock(&client->buffer_lock);
367
368 spin_unlock_irq(&input->event_lock);
369
370 if (copy_to_user(buf, &data, sizeof(struct JS_DATA_TYPE)))
371 return -EFAULT;
372
373 return sizeof(struct JS_DATA_TYPE);
374 }
375
joydev_data_pending(struct joydev_client * client)376 static inline int joydev_data_pending(struct joydev_client *client)
377 {
378 struct joydev *joydev = client->joydev;
379
380 return client->startup < joydev->nabs + joydev->nkey ||
381 client->head != client->tail;
382 }
383
joydev_read(struct file * file,char __user * buf,size_t count,loff_t * ppos)384 static ssize_t joydev_read(struct file *file, char __user *buf,
385 size_t count, loff_t *ppos)
386 {
387 struct joydev_client *client = file->private_data;
388 struct joydev *joydev = client->joydev;
389 struct input_dev *input = joydev->handle.dev;
390 struct js_event event;
391 int retval;
392
393 if (!joydev->exist)
394 return -ENODEV;
395
396 if (count < sizeof(struct js_event))
397 return -EINVAL;
398
399 if (count == sizeof(struct JS_DATA_TYPE))
400 return joydev_0x_read(client, input, buf);
401
402 if (!joydev_data_pending(client) && (file->f_flags & O_NONBLOCK))
403 return -EAGAIN;
404
405 retval = wait_event_interruptible(joydev->wait,
406 !joydev->exist || joydev_data_pending(client));
407 if (retval)
408 return retval;
409
410 if (!joydev->exist)
411 return -ENODEV;
412
413 while (retval + sizeof(struct js_event) <= count &&
414 joydev_generate_startup_event(client, input, &event)) {
415
416 if (copy_to_user(buf + retval, &event, sizeof(struct js_event)))
417 return -EFAULT;
418
419 retval += sizeof(struct js_event);
420 }
421
422 while (retval + sizeof(struct js_event) <= count &&
423 joydev_fetch_next_event(client, &event)) {
424
425 if (copy_to_user(buf + retval, &event, sizeof(struct js_event)))
426 return -EFAULT;
427
428 retval += sizeof(struct js_event);
429 }
430
431 return retval;
432 }
433
434 /* No kernel lock - fine */
joydev_poll(struct file * file,poll_table * wait)435 static __poll_t joydev_poll(struct file *file, poll_table *wait)
436 {
437 struct joydev_client *client = file->private_data;
438 struct joydev *joydev = client->joydev;
439
440 poll_wait(file, &joydev->wait, wait);
441 return (joydev_data_pending(client) ? (EPOLLIN | EPOLLRDNORM) : 0) |
442 (joydev->exist ? 0 : (EPOLLHUP | EPOLLERR));
443 }
444
joydev_handle_JSIOCSAXMAP(struct joydev * joydev,void __user * argp,size_t len)445 static int joydev_handle_JSIOCSAXMAP(struct joydev *joydev,
446 void __user *argp, size_t len)
447 {
448 __u8 *abspam;
449 int i;
450 int retval = 0;
451
452 len = min(len, sizeof(joydev->abspam));
453
454 /* Validate the map. */
455 abspam = memdup_user(argp, len);
456 if (IS_ERR(abspam))
457 return PTR_ERR(abspam);
458
459 for (i = 0; i < len && i < joydev->nabs; i++) {
460 if (abspam[i] > ABS_MAX) {
461 retval = -EINVAL;
462 goto out;
463 }
464 }
465
466 memcpy(joydev->abspam, abspam, len);
467
468 for (i = 0; i < joydev->nabs; i++)
469 joydev->absmap[joydev->abspam[i]] = i;
470
471 out:
472 kfree(abspam);
473 return retval;
474 }
475
joydev_handle_JSIOCSBTNMAP(struct joydev * joydev,void __user * argp,size_t len)476 static int joydev_handle_JSIOCSBTNMAP(struct joydev *joydev,
477 void __user *argp, size_t len)
478 {
479 __u16 *keypam;
480 int i;
481 int retval = 0;
482
483 if (len % sizeof(*keypam))
484 return -EINVAL;
485
486 len = min(len, sizeof(joydev->keypam));
487
488 /* Validate the map. */
489 keypam = memdup_user(argp, len);
490 if (IS_ERR(keypam))
491 return PTR_ERR(keypam);
492
493 for (i = 0; i < (len / 2) && i < joydev->nkey; i++) {
494 if (keypam[i] > KEY_MAX || keypam[i] < BTN_MISC) {
495 retval = -EINVAL;
496 goto out;
497 }
498 }
499
500 memcpy(joydev->keypam, keypam, len);
501
502 for (i = 0; i < joydev->nkey; i++)
503 joydev->keymap[joydev->keypam[i] - BTN_MISC] = i;
504
505 out:
506 kfree(keypam);
507 return retval;
508 }
509
510
joydev_ioctl_common(struct joydev * joydev,unsigned int cmd,void __user * argp)511 static int joydev_ioctl_common(struct joydev *joydev,
512 unsigned int cmd, void __user *argp)
513 {
514 struct input_dev *dev = joydev->handle.dev;
515 size_t len;
516 int i;
517 const char *name;
518
519 /* Process fixed-sized commands. */
520 switch (cmd) {
521
522 case JS_SET_CAL:
523 return copy_from_user(&joydev->glue.JS_CORR, argp,
524 sizeof(joydev->glue.JS_CORR)) ? -EFAULT : 0;
525
526 case JS_GET_CAL:
527 return copy_to_user(argp, &joydev->glue.JS_CORR,
528 sizeof(joydev->glue.JS_CORR)) ? -EFAULT : 0;
529
530 case JS_SET_TIMEOUT:
531 return get_user(joydev->glue.JS_TIMEOUT, (s32 __user *) argp);
532
533 case JS_GET_TIMEOUT:
534 return put_user(joydev->glue.JS_TIMEOUT, (s32 __user *) argp);
535
536 case JSIOCGVERSION:
537 return put_user(JS_VERSION, (__u32 __user *) argp);
538
539 case JSIOCGAXES:
540 return put_user(joydev->nabs, (__u8 __user *) argp);
541
542 case JSIOCGBUTTONS:
543 return put_user(joydev->nkey, (__u8 __user *) argp);
544
545 case JSIOCSCORR:
546 if (copy_from_user(joydev->corr, argp,
547 sizeof(joydev->corr[0]) * joydev->nabs))
548 return -EFAULT;
549
550 for (i = 0; i < joydev->nabs; i++) {
551 int val = input_abs_get_val(dev, joydev->abspam[i]);
552 joydev->abs[i] = joydev_correct(val, &joydev->corr[i]);
553 }
554 return 0;
555
556 case JSIOCGCORR:
557 return copy_to_user(argp, joydev->corr,
558 sizeof(joydev->corr[0]) * joydev->nabs) ? -EFAULT : 0;
559
560 }
561
562 /*
563 * Process variable-sized commands (the axis and button map commands
564 * are considered variable-sized to decouple them from the values of
565 * ABS_MAX and KEY_MAX).
566 */
567 switch (cmd & ~IOCSIZE_MASK) {
568
569 case (JSIOCSAXMAP & ~IOCSIZE_MASK):
570 return joydev_handle_JSIOCSAXMAP(joydev, argp, _IOC_SIZE(cmd));
571
572 case (JSIOCGAXMAP & ~IOCSIZE_MASK):
573 len = min_t(size_t, _IOC_SIZE(cmd), sizeof(joydev->abspam));
574 return copy_to_user(argp, joydev->abspam, len) ? -EFAULT : len;
575
576 case (JSIOCSBTNMAP & ~IOCSIZE_MASK):
577 return joydev_handle_JSIOCSBTNMAP(joydev, argp, _IOC_SIZE(cmd));
578
579 case (JSIOCGBTNMAP & ~IOCSIZE_MASK):
580 len = min_t(size_t, _IOC_SIZE(cmd), sizeof(joydev->keypam));
581 return copy_to_user(argp, joydev->keypam, len) ? -EFAULT : len;
582
583 case JSIOCGNAME(0):
584 name = dev->name;
585 if (!name)
586 return 0;
587
588 len = min_t(size_t, _IOC_SIZE(cmd), strlen(name) + 1);
589 return copy_to_user(argp, name, len) ? -EFAULT : len;
590 }
591
592 return -EINVAL;
593 }
594
595 #ifdef CONFIG_COMPAT
joydev_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)596 static long joydev_compat_ioctl(struct file *file,
597 unsigned int cmd, unsigned long arg)
598 {
599 struct joydev_client *client = file->private_data;
600 struct joydev *joydev = client->joydev;
601 void __user *argp = (void __user *)arg;
602 s32 tmp32;
603 struct JS_DATA_SAVE_TYPE_32 ds32;
604 int retval;
605
606 retval = mutex_lock_interruptible(&joydev->mutex);
607 if (retval)
608 return retval;
609
610 if (!joydev->exist) {
611 retval = -ENODEV;
612 goto out;
613 }
614
615 switch (cmd) {
616
617 case JS_SET_TIMELIMIT:
618 retval = get_user(tmp32, (s32 __user *) arg);
619 if (retval == 0)
620 joydev->glue.JS_TIMELIMIT = tmp32;
621 break;
622
623 case JS_GET_TIMELIMIT:
624 tmp32 = joydev->glue.JS_TIMELIMIT;
625 retval = put_user(tmp32, (s32 __user *) arg);
626 break;
627
628 case JS_SET_ALL:
629 retval = copy_from_user(&ds32, argp,
630 sizeof(ds32)) ? -EFAULT : 0;
631 if (retval == 0) {
632 joydev->glue.JS_TIMEOUT = ds32.JS_TIMEOUT;
633 joydev->glue.BUSY = ds32.BUSY;
634 joydev->glue.JS_EXPIRETIME = ds32.JS_EXPIRETIME;
635 joydev->glue.JS_TIMELIMIT = ds32.JS_TIMELIMIT;
636 joydev->glue.JS_SAVE = ds32.JS_SAVE;
637 joydev->glue.JS_CORR = ds32.JS_CORR;
638 }
639 break;
640
641 case JS_GET_ALL:
642 ds32.JS_TIMEOUT = joydev->glue.JS_TIMEOUT;
643 ds32.BUSY = joydev->glue.BUSY;
644 ds32.JS_EXPIRETIME = joydev->glue.JS_EXPIRETIME;
645 ds32.JS_TIMELIMIT = joydev->glue.JS_TIMELIMIT;
646 ds32.JS_SAVE = joydev->glue.JS_SAVE;
647 ds32.JS_CORR = joydev->glue.JS_CORR;
648
649 retval = copy_to_user(argp, &ds32, sizeof(ds32)) ? -EFAULT : 0;
650 break;
651
652 default:
653 retval = joydev_ioctl_common(joydev, cmd, argp);
654 break;
655 }
656
657 out:
658 mutex_unlock(&joydev->mutex);
659 return retval;
660 }
661 #endif /* CONFIG_COMPAT */
662
joydev_ioctl(struct file * file,unsigned int cmd,unsigned long arg)663 static long joydev_ioctl(struct file *file,
664 unsigned int cmd, unsigned long arg)
665 {
666 struct joydev_client *client = file->private_data;
667 struct joydev *joydev = client->joydev;
668 void __user *argp = (void __user *)arg;
669 int retval;
670
671 retval = mutex_lock_interruptible(&joydev->mutex);
672 if (retval)
673 return retval;
674
675 if (!joydev->exist) {
676 retval = -ENODEV;
677 goto out;
678 }
679
680 switch (cmd) {
681
682 case JS_SET_TIMELIMIT:
683 retval = get_user(joydev->glue.JS_TIMELIMIT,
684 (long __user *) arg);
685 break;
686
687 case JS_GET_TIMELIMIT:
688 retval = put_user(joydev->glue.JS_TIMELIMIT,
689 (long __user *) arg);
690 break;
691
692 case JS_SET_ALL:
693 retval = copy_from_user(&joydev->glue, argp,
694 sizeof(joydev->glue)) ? -EFAULT : 0;
695 break;
696
697 case JS_GET_ALL:
698 retval = copy_to_user(argp, &joydev->glue,
699 sizeof(joydev->glue)) ? -EFAULT : 0;
700 break;
701
702 default:
703 retval = joydev_ioctl_common(joydev, cmd, argp);
704 break;
705 }
706 out:
707 mutex_unlock(&joydev->mutex);
708 return retval;
709 }
710
711 static const struct file_operations joydev_fops = {
712 .owner = THIS_MODULE,
713 .read = joydev_read,
714 .poll = joydev_poll,
715 .open = joydev_open,
716 .release = joydev_release,
717 .unlocked_ioctl = joydev_ioctl,
718 #ifdef CONFIG_COMPAT
719 .compat_ioctl = joydev_compat_ioctl,
720 #endif
721 .fasync = joydev_fasync,
722 .llseek = no_llseek,
723 };
724
725 /*
726 * Mark device non-existent. This disables writes, ioctls and
727 * prevents new users from opening the device. Already posted
728 * blocking reads will stay, however new ones will fail.
729 */
joydev_mark_dead(struct joydev * joydev)730 static void joydev_mark_dead(struct joydev *joydev)
731 {
732 mutex_lock(&joydev->mutex);
733 joydev->exist = false;
734 mutex_unlock(&joydev->mutex);
735 }
736
joydev_cleanup(struct joydev * joydev)737 static void joydev_cleanup(struct joydev *joydev)
738 {
739 struct input_handle *handle = &joydev->handle;
740
741 joydev_mark_dead(joydev);
742 joydev_hangup(joydev);
743
744 /* joydev is marked dead so no one else accesses joydev->open */
745 if (joydev->open)
746 input_close_device(handle);
747 }
748
749 /*
750 * These codes are copied from from hid-ids.h, unfortunately there is no common
751 * usb_ids/bt_ids.h header.
752 */
753 #define USB_VENDOR_ID_SONY 0x054c
754 #define USB_DEVICE_ID_SONY_PS3_CONTROLLER 0x0268
755 #define USB_DEVICE_ID_SONY_PS4_CONTROLLER 0x05c4
756 #define USB_DEVICE_ID_SONY_PS4_CONTROLLER_2 0x09cc
757 #define USB_DEVICE_ID_SONY_PS4_CONTROLLER_DONGLE 0x0ba0
758
759 #define USB_VENDOR_ID_THQ 0x20d6
760 #define USB_DEVICE_ID_THQ_PS3_UDRAW 0xcb17
761
762 #define ACCEL_DEV(vnd, prd) \
763 { \
764 .flags = INPUT_DEVICE_ID_MATCH_VENDOR | \
765 INPUT_DEVICE_ID_MATCH_PRODUCT | \
766 INPUT_DEVICE_ID_MATCH_PROPBIT, \
767 .vendor = (vnd), \
768 .product = (prd), \
769 .propbit = { BIT_MASK(INPUT_PROP_ACCELEROMETER) }, \
770 }
771
772 static const struct input_device_id joydev_blacklist[] = {
773 /* Avoid touchpads and touchscreens */
774 {
775 .flags = INPUT_DEVICE_ID_MATCH_EVBIT |
776 INPUT_DEVICE_ID_MATCH_KEYBIT,
777 .evbit = { BIT_MASK(EV_KEY) },
778 .keybit = { [BIT_WORD(BTN_TOUCH)] = BIT_MASK(BTN_TOUCH) },
779 },
780 /* Avoid tablets, digitisers and similar devices */
781 {
782 .flags = INPUT_DEVICE_ID_MATCH_EVBIT |
783 INPUT_DEVICE_ID_MATCH_KEYBIT,
784 .evbit = { BIT_MASK(EV_KEY) },
785 .keybit = { [BIT_WORD(BTN_DIGI)] = BIT_MASK(BTN_DIGI) },
786 },
787 /* Disable accelerometers on composite devices */
788 ACCEL_DEV(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS3_CONTROLLER),
789 ACCEL_DEV(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER),
790 ACCEL_DEV(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_2),
791 ACCEL_DEV(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_DONGLE),
792 ACCEL_DEV(USB_VENDOR_ID_THQ, USB_DEVICE_ID_THQ_PS3_UDRAW),
793 { /* sentinel */ }
794 };
795
joydev_dev_is_blacklisted(struct input_dev * dev)796 static bool joydev_dev_is_blacklisted(struct input_dev *dev)
797 {
798 const struct input_device_id *id;
799
800 for (id = joydev_blacklist; id->flags; id++) {
801 if (input_match_device_id(dev, id)) {
802 dev_dbg(&dev->dev,
803 "joydev: blacklisting '%s'\n", dev->name);
804 return true;
805 }
806 }
807
808 return false;
809 }
810
joydev_dev_is_absolute_mouse(struct input_dev * dev)811 static bool joydev_dev_is_absolute_mouse(struct input_dev *dev)
812 {
813 DECLARE_BITMAP(jd_scratch, KEY_CNT);
814 bool ev_match = false;
815
816 BUILD_BUG_ON(ABS_CNT > KEY_CNT || EV_CNT > KEY_CNT);
817
818 /*
819 * Virtualization (VMware, etc) and remote management (HP
820 * ILO2) solutions use absolute coordinates for their virtual
821 * pointing devices so that there is one-to-one relationship
822 * between pointer position on the host screen and virtual
823 * guest screen, and so their mice use ABS_X, ABS_Y and 3
824 * primary button events. This clashes with what joydev
825 * considers to be joysticks (a device with at minimum ABS_X
826 * axis).
827 *
828 * Here we are trying to separate absolute mice from
829 * joysticks. A device is, for joystick detection purposes,
830 * considered to be an absolute mouse if the following is
831 * true:
832 *
833 * 1) Event types are exactly
834 * EV_ABS, EV_KEY and EV_SYN
835 * or
836 * EV_ABS, EV_KEY, EV_SYN and EV_MSC
837 * or
838 * EV_ABS, EV_KEY, EV_SYN, EV_MSC and EV_REL.
839 * 2) Absolute events are exactly ABS_X and ABS_Y.
840 * 3) Keys are exactly BTN_LEFT, BTN_RIGHT and BTN_MIDDLE.
841 * 4) Device is not on "Amiga" bus.
842 */
843
844 bitmap_zero(jd_scratch, EV_CNT);
845 /* VMware VMMouse, HP ILO2 */
846 __set_bit(EV_ABS, jd_scratch);
847 __set_bit(EV_KEY, jd_scratch);
848 __set_bit(EV_SYN, jd_scratch);
849 if (bitmap_equal(jd_scratch, dev->evbit, EV_CNT))
850 ev_match = true;
851
852 /* HP ILO2, AMI BMC firmware */
853 __set_bit(EV_MSC, jd_scratch);
854 if (bitmap_equal(jd_scratch, dev->evbit, EV_CNT))
855 ev_match = true;
856
857 /* VMware Virtual USB Mouse, QEMU USB Tablet, ATEN BMC firmware */
858 __set_bit(EV_REL, jd_scratch);
859 if (bitmap_equal(jd_scratch, dev->evbit, EV_CNT))
860 ev_match = true;
861
862 if (!ev_match)
863 return false;
864
865 bitmap_zero(jd_scratch, ABS_CNT);
866 __set_bit(ABS_X, jd_scratch);
867 __set_bit(ABS_Y, jd_scratch);
868 if (!bitmap_equal(dev->absbit, jd_scratch, ABS_CNT))
869 return false;
870
871 bitmap_zero(jd_scratch, KEY_CNT);
872 __set_bit(BTN_LEFT, jd_scratch);
873 __set_bit(BTN_RIGHT, jd_scratch);
874 __set_bit(BTN_MIDDLE, jd_scratch);
875
876 if (!bitmap_equal(dev->keybit, jd_scratch, KEY_CNT))
877 return false;
878
879 /*
880 * Amiga joystick (amijoy) historically uses left/middle/right
881 * button events.
882 */
883 if (dev->id.bustype == BUS_AMIGA)
884 return false;
885
886 return true;
887 }
888
joydev_match(struct input_handler * handler,struct input_dev * dev)889 static bool joydev_match(struct input_handler *handler, struct input_dev *dev)
890 {
891 /* Disable blacklisted devices */
892 if (joydev_dev_is_blacklisted(dev))
893 return false;
894
895 /* Avoid absolute mice */
896 if (joydev_dev_is_absolute_mouse(dev))
897 return false;
898
899 return true;
900 }
901
joydev_connect(struct input_handler * handler,struct input_dev * dev,const struct input_device_id * id)902 static int joydev_connect(struct input_handler *handler, struct input_dev *dev,
903 const struct input_device_id *id)
904 {
905 struct joydev *joydev;
906 int i, j, t, minor, dev_no;
907 int error;
908
909 minor = input_get_new_minor(JOYDEV_MINOR_BASE, JOYDEV_MINORS, true);
910 if (minor < 0) {
911 error = minor;
912 pr_err("failed to reserve new minor: %d\n", error);
913 return error;
914 }
915
916 joydev = kzalloc(sizeof(struct joydev), GFP_KERNEL);
917 if (!joydev) {
918 error = -ENOMEM;
919 goto err_free_minor;
920 }
921
922 INIT_LIST_HEAD(&joydev->client_list);
923 spin_lock_init(&joydev->client_lock);
924 mutex_init(&joydev->mutex);
925 init_waitqueue_head(&joydev->wait);
926 joydev->exist = true;
927
928 dev_no = minor;
929 /* Normalize device number if it falls into legacy range */
930 if (dev_no < JOYDEV_MINOR_BASE + JOYDEV_MINORS)
931 dev_no -= JOYDEV_MINOR_BASE;
932 dev_set_name(&joydev->dev, "js%d", dev_no);
933
934 joydev->handle.dev = input_get_device(dev);
935 joydev->handle.name = dev_name(&joydev->dev);
936 joydev->handle.handler = handler;
937 joydev->handle.private = joydev;
938
939 for_each_set_bit(i, dev->absbit, ABS_CNT) {
940 joydev->absmap[i] = joydev->nabs;
941 joydev->abspam[joydev->nabs] = i;
942 joydev->nabs++;
943 }
944
945 for (i = BTN_JOYSTICK - BTN_MISC; i < KEY_MAX - BTN_MISC + 1; i++)
946 if (test_bit(i + BTN_MISC, dev->keybit)) {
947 joydev->keymap[i] = joydev->nkey;
948 joydev->keypam[joydev->nkey] = i + BTN_MISC;
949 joydev->nkey++;
950 }
951
952 for (i = 0; i < BTN_JOYSTICK - BTN_MISC; i++)
953 if (test_bit(i + BTN_MISC, dev->keybit)) {
954 joydev->keymap[i] = joydev->nkey;
955 joydev->keypam[joydev->nkey] = i + BTN_MISC;
956 joydev->nkey++;
957 }
958
959 for (i = 0; i < joydev->nabs; i++) {
960 j = joydev->abspam[i];
961 if (input_abs_get_max(dev, j) == input_abs_get_min(dev, j)) {
962 joydev->corr[i].type = JS_CORR_NONE;
963 continue;
964 }
965 joydev->corr[i].type = JS_CORR_BROKEN;
966 joydev->corr[i].prec = input_abs_get_fuzz(dev, j);
967
968 t = (input_abs_get_max(dev, j) + input_abs_get_min(dev, j)) / 2;
969 joydev->corr[i].coef[0] = t - input_abs_get_flat(dev, j);
970 joydev->corr[i].coef[1] = t + input_abs_get_flat(dev, j);
971
972 t = (input_abs_get_max(dev, j) - input_abs_get_min(dev, j)) / 2
973 - 2 * input_abs_get_flat(dev, j);
974 if (t) {
975 joydev->corr[i].coef[2] = (1 << 29) / t;
976 joydev->corr[i].coef[3] = (1 << 29) / t;
977 }
978 }
979
980 joydev->dev.devt = MKDEV(INPUT_MAJOR, minor);
981 joydev->dev.class = &input_class;
982 joydev->dev.parent = &dev->dev;
983 joydev->dev.release = joydev_free;
984 device_initialize(&joydev->dev);
985
986 error = input_register_handle(&joydev->handle);
987 if (error)
988 goto err_free_joydev;
989
990 cdev_init(&joydev->cdev, &joydev_fops);
991
992 error = cdev_device_add(&joydev->cdev, &joydev->dev);
993 if (error)
994 goto err_cleanup_joydev;
995
996 return 0;
997
998 err_cleanup_joydev:
999 joydev_cleanup(joydev);
1000 input_unregister_handle(&joydev->handle);
1001 err_free_joydev:
1002 put_device(&joydev->dev);
1003 err_free_minor:
1004 input_free_minor(minor);
1005 return error;
1006 }
1007
joydev_disconnect(struct input_handle * handle)1008 static void joydev_disconnect(struct input_handle *handle)
1009 {
1010 struct joydev *joydev = handle->private;
1011
1012 cdev_device_del(&joydev->cdev, &joydev->dev);
1013 joydev_cleanup(joydev);
1014 input_free_minor(MINOR(joydev->dev.devt));
1015 input_unregister_handle(handle);
1016 put_device(&joydev->dev);
1017 }
1018
1019 static const struct input_device_id joydev_ids[] = {
1020 {
1021 .flags = INPUT_DEVICE_ID_MATCH_EVBIT |
1022 INPUT_DEVICE_ID_MATCH_ABSBIT,
1023 .evbit = { BIT_MASK(EV_ABS) },
1024 .absbit = { BIT_MASK(ABS_X) },
1025 },
1026 {
1027 .flags = INPUT_DEVICE_ID_MATCH_EVBIT |
1028 INPUT_DEVICE_ID_MATCH_ABSBIT,
1029 .evbit = { BIT_MASK(EV_ABS) },
1030 .absbit = { BIT_MASK(ABS_Z) },
1031 },
1032 {
1033 .flags = INPUT_DEVICE_ID_MATCH_EVBIT |
1034 INPUT_DEVICE_ID_MATCH_ABSBIT,
1035 .evbit = { BIT_MASK(EV_ABS) },
1036 .absbit = { BIT_MASK(ABS_WHEEL) },
1037 },
1038 {
1039 .flags = INPUT_DEVICE_ID_MATCH_EVBIT |
1040 INPUT_DEVICE_ID_MATCH_ABSBIT,
1041 .evbit = { BIT_MASK(EV_ABS) },
1042 .absbit = { BIT_MASK(ABS_THROTTLE) },
1043 },
1044 {
1045 .flags = INPUT_DEVICE_ID_MATCH_EVBIT |
1046 INPUT_DEVICE_ID_MATCH_KEYBIT,
1047 .evbit = { BIT_MASK(EV_KEY) },
1048 .keybit = {[BIT_WORD(BTN_JOYSTICK)] = BIT_MASK(BTN_JOYSTICK) },
1049 },
1050 {
1051 .flags = INPUT_DEVICE_ID_MATCH_EVBIT |
1052 INPUT_DEVICE_ID_MATCH_KEYBIT,
1053 .evbit = { BIT_MASK(EV_KEY) },
1054 .keybit = { [BIT_WORD(BTN_GAMEPAD)] = BIT_MASK(BTN_GAMEPAD) },
1055 },
1056 {
1057 .flags = INPUT_DEVICE_ID_MATCH_EVBIT |
1058 INPUT_DEVICE_ID_MATCH_KEYBIT,
1059 .evbit = { BIT_MASK(EV_KEY) },
1060 .keybit = { [BIT_WORD(BTN_TRIGGER_HAPPY)] = BIT_MASK(BTN_TRIGGER_HAPPY) },
1061 },
1062 { } /* Terminating entry */
1063 };
1064
1065 MODULE_DEVICE_TABLE(input, joydev_ids);
1066
1067 static struct input_handler joydev_handler = {
1068 .event = joydev_event,
1069 .match = joydev_match,
1070 .connect = joydev_connect,
1071 .disconnect = joydev_disconnect,
1072 .legacy_minors = true,
1073 .minor = JOYDEV_MINOR_BASE,
1074 .name = "joydev",
1075 .id_table = joydev_ids,
1076 };
1077
joydev_init(void)1078 static int __init joydev_init(void)
1079 {
1080 return input_register_handler(&joydev_handler);
1081 }
1082
joydev_exit(void)1083 static void __exit joydev_exit(void)
1084 {
1085 input_unregister_handler(&joydev_handler);
1086 }
1087
1088 module_init(joydev_init);
1089 module_exit(joydev_exit);
1090