1 /*
2 * User level driver support for input subsystem
3 *
4 * Heavily based on evdev.c by Vojtech Pavlik
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 * Author: Aristeu Sergio Rozanski Filho <aris@cathedrallabs.org>
21 *
22 * Changes/Revisions:
23 * 0.4 01/09/2014 (Benjamin Tissoires <benjamin.tissoires@redhat.com>)
24 * - add UI_GET_SYSNAME ioctl
25 * 0.3 09/04/2006 (Anssi Hannula <anssi.hannula@gmail.com>)
26 * - updated ff support for the changes in kernel interface
27 * - added MODULE_VERSION
28 * 0.2 16/10/2004 (Micah Dowty <micah@navi.cx>)
29 * - added force feedback support
30 * - added UI_SET_PHYS
31 * 0.1 20/06/2002
32 * - first public version
33 */
34 #include <linux/poll.h>
35 #include <linux/sched.h>
36 #include <linux/slab.h>
37 #include <linux/module.h>
38 #include <linux/init.h>
39 #include <linux/fs.h>
40 #include <linux/miscdevice.h>
41 #include <linux/uinput.h>
42 #include <linux/input/mt.h>
43 #include "../input-compat.h"
44
uinput_dev_event(struct input_dev * dev,unsigned int type,unsigned int code,int value)45 static int uinput_dev_event(struct input_dev *dev,
46 unsigned int type, unsigned int code, int value)
47 {
48 struct uinput_device *udev = input_get_drvdata(dev);
49
50 udev->buff[udev->head].type = type;
51 udev->buff[udev->head].code = code;
52 udev->buff[udev->head].value = value;
53 do_gettimeofday(&udev->buff[udev->head].time);
54 udev->head = (udev->head + 1) % UINPUT_BUFFER_SIZE;
55
56 wake_up_interruptible(&udev->waitq);
57
58 return 0;
59 }
60
61 /* Atomically allocate an ID for the given request. Returns 0 on success. */
uinput_request_alloc_id(struct uinput_device * udev,struct uinput_request * request)62 static bool uinput_request_alloc_id(struct uinput_device *udev,
63 struct uinput_request *request)
64 {
65 unsigned int id;
66 bool reserved = false;
67
68 spin_lock(&udev->requests_lock);
69
70 for (id = 0; id < UINPUT_NUM_REQUESTS; id++) {
71 if (!udev->requests[id]) {
72 request->id = id;
73 udev->requests[id] = request;
74 reserved = true;
75 break;
76 }
77 }
78
79 spin_unlock(&udev->requests_lock);
80 return reserved;
81 }
82
uinput_request_find(struct uinput_device * udev,unsigned int id)83 static struct uinput_request *uinput_request_find(struct uinput_device *udev,
84 unsigned int id)
85 {
86 /* Find an input request, by ID. Returns NULL if the ID isn't valid. */
87 if (id >= UINPUT_NUM_REQUESTS)
88 return NULL;
89
90 return udev->requests[id];
91 }
92
uinput_request_reserve_slot(struct uinput_device * udev,struct uinput_request * request)93 static int uinput_request_reserve_slot(struct uinput_device *udev,
94 struct uinput_request *request)
95 {
96 /* Allocate slot. If none are available right away, wait. */
97 return wait_event_interruptible(udev->requests_waitq,
98 uinput_request_alloc_id(udev, request));
99 }
100
uinput_request_done(struct uinput_device * udev,struct uinput_request * request)101 static void uinput_request_done(struct uinput_device *udev,
102 struct uinput_request *request)
103 {
104 /* Mark slot as available */
105 udev->requests[request->id] = NULL;
106 wake_up(&udev->requests_waitq);
107
108 complete(&request->done);
109 }
110
uinput_request_send(struct uinput_device * udev,struct uinput_request * request)111 static int uinput_request_send(struct uinput_device *udev,
112 struct uinput_request *request)
113 {
114 int retval;
115
116 retval = mutex_lock_interruptible(&udev->mutex);
117 if (retval)
118 return retval;
119
120 if (udev->state != UIST_CREATED) {
121 retval = -ENODEV;
122 goto out;
123 }
124
125 init_completion(&request->done);
126
127 /*
128 * Tell our userspace application about this new request
129 * by queueing an input event.
130 */
131 uinput_dev_event(udev->dev, EV_UINPUT, request->code, request->id);
132
133 out:
134 mutex_unlock(&udev->mutex);
135 return retval;
136 }
137
uinput_request_submit(struct uinput_device * udev,struct uinput_request * request)138 static int uinput_request_submit(struct uinput_device *udev,
139 struct uinput_request *request)
140 {
141 int error;
142
143 error = uinput_request_reserve_slot(udev, request);
144 if (error)
145 return error;
146
147 error = uinput_request_send(udev, request);
148 if (error) {
149 uinput_request_done(udev, request);
150 return error;
151 }
152
153 wait_for_completion(&request->done);
154 return request->retval;
155 }
156
157 /*
158 * Fail all outstanding requests so handlers don't wait for the userspace
159 * to finish processing them.
160 */
uinput_flush_requests(struct uinput_device * udev)161 static void uinput_flush_requests(struct uinput_device *udev)
162 {
163 struct uinput_request *request;
164 int i;
165
166 spin_lock(&udev->requests_lock);
167
168 for (i = 0; i < UINPUT_NUM_REQUESTS; i++) {
169 request = udev->requests[i];
170 if (request) {
171 request->retval = -ENODEV;
172 uinput_request_done(udev, request);
173 }
174 }
175
176 spin_unlock(&udev->requests_lock);
177 }
178
uinput_dev_set_gain(struct input_dev * dev,u16 gain)179 static void uinput_dev_set_gain(struct input_dev *dev, u16 gain)
180 {
181 uinput_dev_event(dev, EV_FF, FF_GAIN, gain);
182 }
183
uinput_dev_set_autocenter(struct input_dev * dev,u16 magnitude)184 static void uinput_dev_set_autocenter(struct input_dev *dev, u16 magnitude)
185 {
186 uinput_dev_event(dev, EV_FF, FF_AUTOCENTER, magnitude);
187 }
188
uinput_dev_playback(struct input_dev * dev,int effect_id,int value)189 static int uinput_dev_playback(struct input_dev *dev, int effect_id, int value)
190 {
191 return uinput_dev_event(dev, EV_FF, effect_id, value);
192 }
193
uinput_dev_upload_effect(struct input_dev * dev,struct ff_effect * effect,struct ff_effect * old)194 static int uinput_dev_upload_effect(struct input_dev *dev,
195 struct ff_effect *effect,
196 struct ff_effect *old)
197 {
198 struct uinput_device *udev = input_get_drvdata(dev);
199 struct uinput_request request;
200
201 /*
202 * uinput driver does not currently support periodic effects with
203 * custom waveform since it does not have a way to pass buffer of
204 * samples (custom_data) to userspace. If ever there is a device
205 * supporting custom waveforms we would need to define an additional
206 * ioctl (UI_UPLOAD_SAMPLES) but for now we just bail out.
207 */
208 if (effect->type == FF_PERIODIC &&
209 effect->u.periodic.waveform == FF_CUSTOM)
210 return -EINVAL;
211
212 request.code = UI_FF_UPLOAD;
213 request.u.upload.effect = effect;
214 request.u.upload.old = old;
215
216 return uinput_request_submit(udev, &request);
217 }
218
uinput_dev_erase_effect(struct input_dev * dev,int effect_id)219 static int uinput_dev_erase_effect(struct input_dev *dev, int effect_id)
220 {
221 struct uinput_device *udev = input_get_drvdata(dev);
222 struct uinput_request request;
223
224 if (!test_bit(EV_FF, dev->evbit))
225 return -ENOSYS;
226
227 request.code = UI_FF_ERASE;
228 request.u.effect_id = effect_id;
229
230 return uinput_request_submit(udev, &request);
231 }
232
uinput_destroy_device(struct uinput_device * udev)233 static void uinput_destroy_device(struct uinput_device *udev)
234 {
235 const char *name, *phys;
236 struct input_dev *dev = udev->dev;
237 enum uinput_state old_state = udev->state;
238
239 udev->state = UIST_NEW_DEVICE;
240
241 if (dev) {
242 name = dev->name;
243 phys = dev->phys;
244 if (old_state == UIST_CREATED) {
245 uinput_flush_requests(udev);
246 input_unregister_device(dev);
247 } else {
248 input_free_device(dev);
249 }
250 kfree(name);
251 kfree(phys);
252 udev->dev = NULL;
253 }
254 }
255
uinput_create_device(struct uinput_device * udev)256 static int uinput_create_device(struct uinput_device *udev)
257 {
258 struct input_dev *dev = udev->dev;
259 int error, nslot;
260
261 if (udev->state != UIST_SETUP_COMPLETE) {
262 printk(KERN_DEBUG "%s: write device info first\n", UINPUT_NAME);
263 return -EINVAL;
264 }
265
266 if (test_bit(EV_ABS, dev->evbit)) {
267 input_alloc_absinfo(dev);
268 if (!dev->absinfo) {
269 error = -EINVAL;
270 goto fail1;
271 }
272
273 if (test_bit(ABS_MT_SLOT, dev->absbit)) {
274 nslot = input_abs_get_max(dev, ABS_MT_SLOT) + 1;
275 error = input_mt_init_slots(dev, nslot, 0);
276 if (error)
277 goto fail1;
278 } else if (test_bit(ABS_MT_POSITION_X, dev->absbit)) {
279 input_set_events_per_packet(dev, 60);
280 }
281 }
282
283 if (test_bit(EV_FF, dev->evbit) && !udev->ff_effects_max) {
284 printk(KERN_DEBUG "%s: ff_effects_max should be non-zero when FF_BIT is set\n",
285 UINPUT_NAME);
286 error = -EINVAL;
287 goto fail1;
288 }
289
290 if (udev->ff_effects_max) {
291 error = input_ff_create(dev, udev->ff_effects_max);
292 if (error)
293 goto fail1;
294
295 dev->ff->upload = uinput_dev_upload_effect;
296 dev->ff->erase = uinput_dev_erase_effect;
297 dev->ff->playback = uinput_dev_playback;
298 dev->ff->set_gain = uinput_dev_set_gain;
299 dev->ff->set_autocenter = uinput_dev_set_autocenter;
300 }
301
302 error = input_register_device(udev->dev);
303 if (error)
304 goto fail2;
305
306 udev->state = UIST_CREATED;
307
308 return 0;
309
310 fail2: input_ff_destroy(dev);
311 fail1: uinput_destroy_device(udev);
312 return error;
313 }
314
uinput_open(struct inode * inode,struct file * file)315 static int uinput_open(struct inode *inode, struct file *file)
316 {
317 struct uinput_device *newdev;
318
319 newdev = kzalloc(sizeof(struct uinput_device), GFP_KERNEL);
320 if (!newdev)
321 return -ENOMEM;
322
323 mutex_init(&newdev->mutex);
324 spin_lock_init(&newdev->requests_lock);
325 init_waitqueue_head(&newdev->requests_waitq);
326 init_waitqueue_head(&newdev->waitq);
327 newdev->state = UIST_NEW_DEVICE;
328
329 file->private_data = newdev;
330 nonseekable_open(inode, file);
331
332 return 0;
333 }
334
uinput_validate_absinfo(struct input_dev * dev,unsigned int code,const struct input_absinfo * abs)335 static int uinput_validate_absinfo(struct input_dev *dev, unsigned int code,
336 const struct input_absinfo *abs)
337 {
338 int min, max;
339
340 min = abs->minimum;
341 max = abs->maximum;
342
343 if ((min != 0 || max != 0) && max <= min) {
344 printk(KERN_DEBUG
345 "%s: invalid abs[%02x] min:%d max:%d\n",
346 UINPUT_NAME, code, min, max);
347 return -EINVAL;
348 }
349
350 if (abs->flat > max - min) {
351 printk(KERN_DEBUG
352 "%s: abs_flat #%02x out of range: %d (min:%d/max:%d)\n",
353 UINPUT_NAME, code, abs->flat, min, max);
354 return -EINVAL;
355 }
356
357 return 0;
358 }
359
uinput_validate_absbits(struct input_dev * dev)360 static int uinput_validate_absbits(struct input_dev *dev)
361 {
362 unsigned int cnt;
363 int error;
364
365 if (!test_bit(EV_ABS, dev->evbit))
366 return 0;
367
368 /*
369 * Check if absmin/absmax/absfuzz/absflat are sane.
370 */
371
372 for_each_set_bit(cnt, dev->absbit, ABS_CNT) {
373 if (!dev->absinfo)
374 return -EINVAL;
375
376 error = uinput_validate_absinfo(dev, cnt, &dev->absinfo[cnt]);
377 if (error)
378 return error;
379 }
380
381 return 0;
382 }
383
uinput_allocate_device(struct uinput_device * udev)384 static int uinput_allocate_device(struct uinput_device *udev)
385 {
386 udev->dev = input_allocate_device();
387 if (!udev->dev)
388 return -ENOMEM;
389
390 udev->dev->event = uinput_dev_event;
391 input_set_drvdata(udev->dev, udev);
392
393 return 0;
394 }
395
uinput_dev_setup(struct uinput_device * udev,struct uinput_setup __user * arg)396 static int uinput_dev_setup(struct uinput_device *udev,
397 struct uinput_setup __user *arg)
398 {
399 struct uinput_setup setup;
400 struct input_dev *dev;
401
402 if (udev->state == UIST_CREATED)
403 return -EINVAL;
404
405 if (copy_from_user(&setup, arg, sizeof(setup)))
406 return -EFAULT;
407
408 if (!setup.name[0])
409 return -EINVAL;
410
411 dev = udev->dev;
412 dev->id = setup.id;
413 udev->ff_effects_max = setup.ff_effects_max;
414
415 kfree(dev->name);
416 dev->name = kstrndup(setup.name, UINPUT_MAX_NAME_SIZE, GFP_KERNEL);
417 if (!dev->name)
418 return -ENOMEM;
419
420 udev->state = UIST_SETUP_COMPLETE;
421 return 0;
422 }
423
uinput_abs_setup(struct uinput_device * udev,struct uinput_setup __user * arg,size_t size)424 static int uinput_abs_setup(struct uinput_device *udev,
425 struct uinput_setup __user *arg, size_t size)
426 {
427 struct uinput_abs_setup setup = {};
428 struct input_dev *dev;
429 int error;
430
431 if (size > sizeof(setup))
432 return -E2BIG;
433
434 if (udev->state == UIST_CREATED)
435 return -EINVAL;
436
437 if (copy_from_user(&setup, arg, size))
438 return -EFAULT;
439
440 if (setup.code > ABS_MAX)
441 return -ERANGE;
442
443 dev = udev->dev;
444
445 error = uinput_validate_absinfo(dev, setup.code, &setup.absinfo);
446 if (error)
447 return error;
448
449 input_alloc_absinfo(dev);
450 if (!dev->absinfo)
451 return -ENOMEM;
452
453 set_bit(setup.code, dev->absbit);
454 dev->absinfo[setup.code] = setup.absinfo;
455 return 0;
456 }
457
458 /* legacy setup via write() */
uinput_setup_device_legacy(struct uinput_device * udev,const char __user * buffer,size_t count)459 static int uinput_setup_device_legacy(struct uinput_device *udev,
460 const char __user *buffer, size_t count)
461 {
462 struct uinput_user_dev *user_dev;
463 struct input_dev *dev;
464 int i;
465 int retval;
466
467 if (count != sizeof(struct uinput_user_dev))
468 return -EINVAL;
469
470 if (!udev->dev) {
471 retval = uinput_allocate_device(udev);
472 if (retval)
473 return retval;
474 }
475
476 dev = udev->dev;
477
478 user_dev = memdup_user(buffer, sizeof(struct uinput_user_dev));
479 if (IS_ERR(user_dev))
480 return PTR_ERR(user_dev);
481
482 udev->ff_effects_max = user_dev->ff_effects_max;
483
484 /* Ensure name is filled in */
485 if (!user_dev->name[0]) {
486 retval = -EINVAL;
487 goto exit;
488 }
489
490 kfree(dev->name);
491 dev->name = kstrndup(user_dev->name, UINPUT_MAX_NAME_SIZE,
492 GFP_KERNEL);
493 if (!dev->name) {
494 retval = -ENOMEM;
495 goto exit;
496 }
497
498 dev->id.bustype = user_dev->id.bustype;
499 dev->id.vendor = user_dev->id.vendor;
500 dev->id.product = user_dev->id.product;
501 dev->id.version = user_dev->id.version;
502
503 for (i = 0; i < ABS_CNT; i++) {
504 input_abs_set_max(dev, i, user_dev->absmax[i]);
505 input_abs_set_min(dev, i, user_dev->absmin[i]);
506 input_abs_set_fuzz(dev, i, user_dev->absfuzz[i]);
507 input_abs_set_flat(dev, i, user_dev->absflat[i]);
508 }
509
510 retval = uinput_validate_absbits(dev);
511 if (retval < 0)
512 goto exit;
513
514 udev->state = UIST_SETUP_COMPLETE;
515 retval = count;
516
517 exit:
518 kfree(user_dev);
519 return retval;
520 }
521
uinput_inject_events(struct uinput_device * udev,const char __user * buffer,size_t count)522 static ssize_t uinput_inject_events(struct uinput_device *udev,
523 const char __user *buffer, size_t count)
524 {
525 struct input_event ev;
526 size_t bytes = 0;
527
528 if (count != 0 && count < input_event_size())
529 return -EINVAL;
530
531 while (bytes + input_event_size() <= count) {
532 /*
533 * Note that even if some events were fetched successfully
534 * we are still going to return EFAULT instead of partial
535 * count to let userspace know that it got it's buffers
536 * all wrong.
537 */
538 if (input_event_from_user(buffer + bytes, &ev))
539 return -EFAULT;
540
541 input_event(udev->dev, ev.type, ev.code, ev.value);
542 bytes += input_event_size();
543 }
544
545 return bytes;
546 }
547
uinput_write(struct file * file,const char __user * buffer,size_t count,loff_t * ppos)548 static ssize_t uinput_write(struct file *file, const char __user *buffer,
549 size_t count, loff_t *ppos)
550 {
551 struct uinput_device *udev = file->private_data;
552 int retval;
553
554 if (count == 0)
555 return 0;
556
557 retval = mutex_lock_interruptible(&udev->mutex);
558 if (retval)
559 return retval;
560
561 retval = udev->state == UIST_CREATED ?
562 uinput_inject_events(udev, buffer, count) :
563 uinput_setup_device_legacy(udev, buffer, count);
564
565 mutex_unlock(&udev->mutex);
566
567 return retval;
568 }
569
uinput_fetch_next_event(struct uinput_device * udev,struct input_event * event)570 static bool uinput_fetch_next_event(struct uinput_device *udev,
571 struct input_event *event)
572 {
573 bool have_event;
574
575 spin_lock_irq(&udev->dev->event_lock);
576
577 have_event = udev->head != udev->tail;
578 if (have_event) {
579 *event = udev->buff[udev->tail];
580 udev->tail = (udev->tail + 1) % UINPUT_BUFFER_SIZE;
581 }
582
583 spin_unlock_irq(&udev->dev->event_lock);
584
585 return have_event;
586 }
587
uinput_events_to_user(struct uinput_device * udev,char __user * buffer,size_t count)588 static ssize_t uinput_events_to_user(struct uinput_device *udev,
589 char __user *buffer, size_t count)
590 {
591 struct input_event event;
592 size_t read = 0;
593
594 while (read + input_event_size() <= count &&
595 uinput_fetch_next_event(udev, &event)) {
596
597 if (input_event_to_user(buffer + read, &event))
598 return -EFAULT;
599
600 read += input_event_size();
601 }
602
603 return read;
604 }
605
uinput_read(struct file * file,char __user * buffer,size_t count,loff_t * ppos)606 static ssize_t uinput_read(struct file *file, char __user *buffer,
607 size_t count, loff_t *ppos)
608 {
609 struct uinput_device *udev = file->private_data;
610 ssize_t retval;
611
612 if (count != 0 && count < input_event_size())
613 return -EINVAL;
614
615 do {
616 retval = mutex_lock_interruptible(&udev->mutex);
617 if (retval)
618 return retval;
619
620 if (udev->state != UIST_CREATED)
621 retval = -ENODEV;
622 else if (udev->head == udev->tail &&
623 (file->f_flags & O_NONBLOCK))
624 retval = -EAGAIN;
625 else
626 retval = uinput_events_to_user(udev, buffer, count);
627
628 mutex_unlock(&udev->mutex);
629
630 if (retval || count == 0)
631 break;
632
633 if (!(file->f_flags & O_NONBLOCK))
634 retval = wait_event_interruptible(udev->waitq,
635 udev->head != udev->tail ||
636 udev->state != UIST_CREATED);
637 } while (retval == 0);
638
639 return retval;
640 }
641
uinput_poll(struct file * file,poll_table * wait)642 static unsigned int uinput_poll(struct file *file, poll_table *wait)
643 {
644 struct uinput_device *udev = file->private_data;
645
646 poll_wait(file, &udev->waitq, wait);
647
648 if (udev->head != udev->tail)
649 return POLLIN | POLLRDNORM;
650
651 return 0;
652 }
653
uinput_release(struct inode * inode,struct file * file)654 static int uinput_release(struct inode *inode, struct file *file)
655 {
656 struct uinput_device *udev = file->private_data;
657
658 uinput_destroy_device(udev);
659 kfree(udev);
660
661 return 0;
662 }
663
664 #ifdef CONFIG_COMPAT
665 struct uinput_ff_upload_compat {
666 __u32 request_id;
667 __s32 retval;
668 struct ff_effect_compat effect;
669 struct ff_effect_compat old;
670 };
671
uinput_ff_upload_to_user(char __user * buffer,const struct uinput_ff_upload * ff_up)672 static int uinput_ff_upload_to_user(char __user *buffer,
673 const struct uinput_ff_upload *ff_up)
674 {
675 if (in_compat_syscall()) {
676 struct uinput_ff_upload_compat ff_up_compat;
677
678 ff_up_compat.request_id = ff_up->request_id;
679 ff_up_compat.retval = ff_up->retval;
680 /*
681 * It so happens that the pointer that gives us the trouble
682 * is the last field in the structure. Since we don't support
683 * custom waveforms in uinput anyway we can just copy the whole
684 * thing (to the compat size) and ignore the pointer.
685 */
686 memcpy(&ff_up_compat.effect, &ff_up->effect,
687 sizeof(struct ff_effect_compat));
688 memcpy(&ff_up_compat.old, &ff_up->old,
689 sizeof(struct ff_effect_compat));
690
691 if (copy_to_user(buffer, &ff_up_compat,
692 sizeof(struct uinput_ff_upload_compat)))
693 return -EFAULT;
694 } else {
695 if (copy_to_user(buffer, ff_up,
696 sizeof(struct uinput_ff_upload)))
697 return -EFAULT;
698 }
699
700 return 0;
701 }
702
uinput_ff_upload_from_user(const char __user * buffer,struct uinput_ff_upload * ff_up)703 static int uinput_ff_upload_from_user(const char __user *buffer,
704 struct uinput_ff_upload *ff_up)
705 {
706 if (in_compat_syscall()) {
707 struct uinput_ff_upload_compat ff_up_compat;
708
709 if (copy_from_user(&ff_up_compat, buffer,
710 sizeof(struct uinput_ff_upload_compat)))
711 return -EFAULT;
712
713 ff_up->request_id = ff_up_compat.request_id;
714 ff_up->retval = ff_up_compat.retval;
715 memcpy(&ff_up->effect, &ff_up_compat.effect,
716 sizeof(struct ff_effect_compat));
717 memcpy(&ff_up->old, &ff_up_compat.old,
718 sizeof(struct ff_effect_compat));
719
720 } else {
721 if (copy_from_user(ff_up, buffer,
722 sizeof(struct uinput_ff_upload)))
723 return -EFAULT;
724 }
725
726 return 0;
727 }
728
729 #else
730
uinput_ff_upload_to_user(char __user * buffer,const struct uinput_ff_upload * ff_up)731 static int uinput_ff_upload_to_user(char __user *buffer,
732 const struct uinput_ff_upload *ff_up)
733 {
734 if (copy_to_user(buffer, ff_up, sizeof(struct uinput_ff_upload)))
735 return -EFAULT;
736
737 return 0;
738 }
739
uinput_ff_upload_from_user(const char __user * buffer,struct uinput_ff_upload * ff_up)740 static int uinput_ff_upload_from_user(const char __user *buffer,
741 struct uinput_ff_upload *ff_up)
742 {
743 if (copy_from_user(ff_up, buffer, sizeof(struct uinput_ff_upload)))
744 return -EFAULT;
745
746 return 0;
747 }
748
749 #endif
750
751 #define uinput_set_bit(_arg, _bit, _max) \
752 ({ \
753 int __ret = 0; \
754 if (udev->state == UIST_CREATED) \
755 __ret = -EINVAL; \
756 else if ((_arg) > (_max)) \
757 __ret = -EINVAL; \
758 else set_bit((_arg), udev->dev->_bit); \
759 __ret; \
760 })
761
uinput_str_to_user(void __user * dest,const char * str,unsigned int maxlen)762 static int uinput_str_to_user(void __user *dest, const char *str,
763 unsigned int maxlen)
764 {
765 char __user *p = dest;
766 int len, ret;
767
768 if (!str)
769 return -ENOENT;
770
771 if (maxlen == 0)
772 return -EINVAL;
773
774 len = strlen(str) + 1;
775 if (len > maxlen)
776 len = maxlen;
777
778 ret = copy_to_user(p, str, len);
779 if (ret)
780 return -EFAULT;
781
782 /* force terminating '\0' */
783 ret = put_user(0, p + len - 1);
784 return ret ? -EFAULT : len;
785 }
786
uinput_ioctl_handler(struct file * file,unsigned int cmd,unsigned long arg,void __user * p)787 static long uinput_ioctl_handler(struct file *file, unsigned int cmd,
788 unsigned long arg, void __user *p)
789 {
790 int retval;
791 struct uinput_device *udev = file->private_data;
792 struct uinput_ff_upload ff_up;
793 struct uinput_ff_erase ff_erase;
794 struct uinput_request *req;
795 char *phys;
796 const char *name;
797 unsigned int size;
798
799 retval = mutex_lock_interruptible(&udev->mutex);
800 if (retval)
801 return retval;
802
803 if (!udev->dev) {
804 retval = uinput_allocate_device(udev);
805 if (retval)
806 goto out;
807 }
808
809 switch (cmd) {
810 case UI_GET_VERSION:
811 if (put_user(UINPUT_VERSION,
812 (unsigned int __user *)p))
813 retval = -EFAULT;
814 goto out;
815
816 case UI_DEV_CREATE:
817 retval = uinput_create_device(udev);
818 goto out;
819
820 case UI_DEV_DESTROY:
821 uinput_destroy_device(udev);
822 goto out;
823
824 case UI_DEV_SETUP:
825 retval = uinput_dev_setup(udev, p);
826 goto out;
827
828 /* UI_ABS_SETUP is handled in the variable size ioctls */
829
830 case UI_SET_EVBIT:
831 retval = uinput_set_bit(arg, evbit, EV_MAX);
832 goto out;
833
834 case UI_SET_KEYBIT:
835 retval = uinput_set_bit(arg, keybit, KEY_MAX);
836 goto out;
837
838 case UI_SET_RELBIT:
839 retval = uinput_set_bit(arg, relbit, REL_MAX);
840 goto out;
841
842 case UI_SET_ABSBIT:
843 retval = uinput_set_bit(arg, absbit, ABS_MAX);
844 goto out;
845
846 case UI_SET_MSCBIT:
847 retval = uinput_set_bit(arg, mscbit, MSC_MAX);
848 goto out;
849
850 case UI_SET_LEDBIT:
851 retval = uinput_set_bit(arg, ledbit, LED_MAX);
852 goto out;
853
854 case UI_SET_SNDBIT:
855 retval = uinput_set_bit(arg, sndbit, SND_MAX);
856 goto out;
857
858 case UI_SET_FFBIT:
859 retval = uinput_set_bit(arg, ffbit, FF_MAX);
860 goto out;
861
862 case UI_SET_SWBIT:
863 retval = uinput_set_bit(arg, swbit, SW_MAX);
864 goto out;
865
866 case UI_SET_PROPBIT:
867 retval = uinput_set_bit(arg, propbit, INPUT_PROP_MAX);
868 goto out;
869
870 case UI_SET_PHYS:
871 if (udev->state == UIST_CREATED) {
872 retval = -EINVAL;
873 goto out;
874 }
875
876 phys = strndup_user(p, 1024);
877 if (IS_ERR(phys)) {
878 retval = PTR_ERR(phys);
879 goto out;
880 }
881
882 kfree(udev->dev->phys);
883 udev->dev->phys = phys;
884 goto out;
885
886 case UI_BEGIN_FF_UPLOAD:
887 retval = uinput_ff_upload_from_user(p, &ff_up);
888 if (retval)
889 goto out;
890
891 req = uinput_request_find(udev, ff_up.request_id);
892 if (!req || req->code != UI_FF_UPLOAD ||
893 !req->u.upload.effect) {
894 retval = -EINVAL;
895 goto out;
896 }
897
898 ff_up.retval = 0;
899 ff_up.effect = *req->u.upload.effect;
900 if (req->u.upload.old)
901 ff_up.old = *req->u.upload.old;
902 else
903 memset(&ff_up.old, 0, sizeof(struct ff_effect));
904
905 retval = uinput_ff_upload_to_user(p, &ff_up);
906 goto out;
907
908 case UI_BEGIN_FF_ERASE:
909 if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) {
910 retval = -EFAULT;
911 goto out;
912 }
913
914 req = uinput_request_find(udev, ff_erase.request_id);
915 if (!req || req->code != UI_FF_ERASE) {
916 retval = -EINVAL;
917 goto out;
918 }
919
920 ff_erase.retval = 0;
921 ff_erase.effect_id = req->u.effect_id;
922 if (copy_to_user(p, &ff_erase, sizeof(ff_erase))) {
923 retval = -EFAULT;
924 goto out;
925 }
926
927 goto out;
928
929 case UI_END_FF_UPLOAD:
930 retval = uinput_ff_upload_from_user(p, &ff_up);
931 if (retval)
932 goto out;
933
934 req = uinput_request_find(udev, ff_up.request_id);
935 if (!req || req->code != UI_FF_UPLOAD ||
936 !req->u.upload.effect) {
937 retval = -EINVAL;
938 goto out;
939 }
940
941 req->retval = ff_up.retval;
942 uinput_request_done(udev, req);
943 goto out;
944
945 case UI_END_FF_ERASE:
946 if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) {
947 retval = -EFAULT;
948 goto out;
949 }
950
951 req = uinput_request_find(udev, ff_erase.request_id);
952 if (!req || req->code != UI_FF_ERASE) {
953 retval = -EINVAL;
954 goto out;
955 }
956
957 req->retval = ff_erase.retval;
958 uinput_request_done(udev, req);
959 goto out;
960 }
961
962 size = _IOC_SIZE(cmd);
963
964 /* Now check variable-length commands */
965 switch (cmd & ~IOCSIZE_MASK) {
966 case UI_GET_SYSNAME(0):
967 if (udev->state != UIST_CREATED) {
968 retval = -ENOENT;
969 goto out;
970 }
971 name = dev_name(&udev->dev->dev);
972 retval = uinput_str_to_user(p, name, size);
973 goto out;
974
975 case UI_ABS_SETUP & ~IOCSIZE_MASK:
976 retval = uinput_abs_setup(udev, p, size);
977 goto out;
978 }
979
980 retval = -EINVAL;
981 out:
982 mutex_unlock(&udev->mutex);
983 return retval;
984 }
985
uinput_ioctl(struct file * file,unsigned int cmd,unsigned long arg)986 static long uinput_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
987 {
988 return uinput_ioctl_handler(file, cmd, arg, (void __user *)arg);
989 }
990
991 #ifdef CONFIG_COMPAT
992
993 #define UI_SET_PHYS_COMPAT _IOW(UINPUT_IOCTL_BASE, 108, compat_uptr_t)
994
uinput_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)995 static long uinput_compat_ioctl(struct file *file,
996 unsigned int cmd, unsigned long arg)
997 {
998 if (cmd == UI_SET_PHYS_COMPAT)
999 cmd = UI_SET_PHYS;
1000
1001 return uinput_ioctl_handler(file, cmd, arg, compat_ptr(arg));
1002 }
1003 #endif
1004
1005 static const struct file_operations uinput_fops = {
1006 .owner = THIS_MODULE,
1007 .open = uinput_open,
1008 .release = uinput_release,
1009 .read = uinput_read,
1010 .write = uinput_write,
1011 .poll = uinput_poll,
1012 .unlocked_ioctl = uinput_ioctl,
1013 #ifdef CONFIG_COMPAT
1014 .compat_ioctl = uinput_compat_ioctl,
1015 #endif
1016 .llseek = no_llseek,
1017 };
1018
1019 static struct miscdevice uinput_misc = {
1020 .fops = &uinput_fops,
1021 .minor = UINPUT_MINOR,
1022 .name = UINPUT_NAME,
1023 };
1024 module_misc_device(uinput_misc);
1025
1026 MODULE_ALIAS_MISCDEV(UINPUT_MINOR);
1027 MODULE_ALIAS("devname:" UINPUT_NAME);
1028
1029 MODULE_AUTHOR("Aristeu Sergio Rozanski Filho");
1030 MODULE_DESCRIPTION("User level driver support for input subsystem");
1031 MODULE_LICENSE("GPL");
1032 MODULE_VERSION("0.3");
1033