• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * compat ioctls for control API
4  *
5  *   Copyright (c) by Takashi Iwai <tiwai@suse.de>
6  */
7 
8 /* this file included from control.c */
9 
10 #include <linux/compat.h>
11 #include <linux/slab.h>
12 
13 struct snd_ctl_elem_list32 {
14 	u32 offset;
15 	u32 space;
16 	u32 used;
17 	u32 count;
18 	u32 pids;
19 	unsigned char reserved[50];
20 } /* don't set packed attribute here */;
21 
snd_ctl_elem_list_compat(struct snd_card * card,struct snd_ctl_elem_list32 __user * data32)22 static int snd_ctl_elem_list_compat(struct snd_card *card,
23 				    struct snd_ctl_elem_list32 __user *data32)
24 {
25 	struct snd_ctl_elem_list __user *data;
26 	compat_caddr_t ptr;
27 	int err;
28 
29 	data = compat_alloc_user_space(sizeof(*data));
30 
31 	/* offset, space, used, count */
32 	if (copy_in_user(data, data32, 4 * sizeof(u32)))
33 		return -EFAULT;
34 	/* pids */
35 	if (get_user(ptr, &data32->pids) ||
36 	    put_user(compat_ptr(ptr), &data->pids))
37 		return -EFAULT;
38 	err = snd_ctl_elem_list(card, data);
39 	if (err < 0)
40 		return err;
41 	/* copy the result */
42 	if (copy_in_user(data32, data, 4 * sizeof(u32)))
43 		return -EFAULT;
44 	return 0;
45 }
46 
47 /*
48  * control element info
49  * it uses union, so the things are not easy..
50  */
51 
52 struct snd_ctl_elem_info32 {
53 	struct snd_ctl_elem_id id; // the size of struct is same
54 	s32 type;
55 	u32 access;
56 	u32 count;
57 	s32 owner;
58 	union {
59 		struct {
60 			s32 min;
61 			s32 max;
62 			s32 step;
63 		} integer;
64 		struct {
65 			u64 min;
66 			u64 max;
67 			u64 step;
68 		} integer64;
69 		struct {
70 			u32 items;
71 			u32 item;
72 			char name[64];
73 			u64 names_ptr;
74 			u32 names_length;
75 		} enumerated;
76 		unsigned char reserved[128];
77 	} value;
78 	unsigned char reserved[64];
79 } __attribute__((packed));
80 
snd_ctl_elem_info_compat(struct snd_ctl_file * ctl,struct snd_ctl_elem_info32 __user * data32)81 static int snd_ctl_elem_info_compat(struct snd_ctl_file *ctl,
82 				    struct snd_ctl_elem_info32 __user *data32)
83 {
84 	struct snd_ctl_elem_info *data;
85 	int err;
86 
87 	data = kzalloc(sizeof(*data), GFP_KERNEL);
88 	if (! data)
89 		return -ENOMEM;
90 
91 	err = -EFAULT;
92 	/* copy id */
93 	if (copy_from_user(&data->id, &data32->id, sizeof(data->id)))
94 		goto error;
95 	/* we need to copy the item index.
96 	 * hope this doesn't break anything..
97 	 */
98 	if (get_user(data->value.enumerated.item, &data32->value.enumerated.item))
99 		goto error;
100 
101 	err = snd_power_wait(ctl->card, SNDRV_CTL_POWER_D0);
102 	if (err < 0)
103 		goto error;
104 	err = snd_ctl_elem_info(ctl, data);
105 	if (err < 0)
106 		goto error;
107 	/* restore info to 32bit */
108 	err = -EFAULT;
109 	/* id, type, access, count */
110 	if (copy_to_user(&data32->id, &data->id, sizeof(data->id)) ||
111 	    copy_to_user(&data32->type, &data->type, 3 * sizeof(u32)))
112 		goto error;
113 	if (put_user(data->owner, &data32->owner))
114 		goto error;
115 	switch (data->type) {
116 	case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
117 	case SNDRV_CTL_ELEM_TYPE_INTEGER:
118 		if (put_user(data->value.integer.min, &data32->value.integer.min) ||
119 		    put_user(data->value.integer.max, &data32->value.integer.max) ||
120 		    put_user(data->value.integer.step, &data32->value.integer.step))
121 			goto error;
122 		break;
123 	case SNDRV_CTL_ELEM_TYPE_INTEGER64:
124 		if (copy_to_user(&data32->value.integer64,
125 				 &data->value.integer64,
126 				 sizeof(data->value.integer64)))
127 			goto error;
128 		break;
129 	case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
130 		if (copy_to_user(&data32->value.enumerated,
131 				 &data->value.enumerated,
132 				 sizeof(data->value.enumerated)))
133 			goto error;
134 		break;
135 	default:
136 		break;
137 	}
138 	err = 0;
139  error:
140 	kfree(data);
141 	return err;
142 }
143 
144 /* read / write */
145 struct snd_ctl_elem_value32 {
146 	struct snd_ctl_elem_id id;
147 	unsigned int indirect;	/* bit-field causes misalignment */
148         union {
149 		s32 integer[128];
150 		unsigned char data[512];
151 #ifndef CONFIG_X86_64
152 		s64 integer64[64];
153 #endif
154         } value;
155         unsigned char reserved[128];
156 };
157 
158 #ifdef CONFIG_X86_X32
159 /* x32 has a different alignment for 64bit values from ia32 */
160 struct snd_ctl_elem_value_x32 {
161 	struct snd_ctl_elem_id id;
162 	unsigned int indirect;	/* bit-field causes misalignment */
163 	union {
164 		s32 integer[128];
165 		unsigned char data[512];
166 		s64 integer64[64];
167 	} value;
168 	unsigned char reserved[128];
169 };
170 #endif /* CONFIG_X86_X32 */
171 
172 /* get the value type and count of the control */
get_ctl_type(struct snd_card * card,struct snd_ctl_elem_id * id,int * countp)173 static int get_ctl_type(struct snd_card *card, struct snd_ctl_elem_id *id,
174 			int *countp)
175 {
176 	struct snd_kcontrol *kctl;
177 	struct snd_ctl_elem_info *info;
178 	int err;
179 
180 	down_read(&card->controls_rwsem);
181 	kctl = snd_ctl_find_id(card, id);
182 	if (! kctl) {
183 		up_read(&card->controls_rwsem);
184 		return -ENOENT;
185 	}
186 	info = kzalloc(sizeof(*info), GFP_KERNEL);
187 	if (info == NULL) {
188 		up_read(&card->controls_rwsem);
189 		return -ENOMEM;
190 	}
191 	info->id = *id;
192 	err = kctl->info(kctl, info);
193 	up_read(&card->controls_rwsem);
194 	if (err >= 0) {
195 		err = info->type;
196 		*countp = info->count;
197 	}
198 	kfree(info);
199 	return err;
200 }
201 
get_elem_size(int type,int count)202 static int get_elem_size(int type, int count)
203 {
204 	switch (type) {
205 	case SNDRV_CTL_ELEM_TYPE_INTEGER64:
206 		return sizeof(s64) * count;
207 	case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
208 		return sizeof(int) * count;
209 	case SNDRV_CTL_ELEM_TYPE_BYTES:
210 		return 512;
211 	case SNDRV_CTL_ELEM_TYPE_IEC958:
212 		return sizeof(struct snd_aes_iec958);
213 	default:
214 		return -1;
215 	}
216 }
217 
copy_ctl_value_from_user(struct snd_card * card,struct snd_ctl_elem_value * data,void __user * userdata,void __user * valuep,int * typep,int * countp)218 static int copy_ctl_value_from_user(struct snd_card *card,
219 				    struct snd_ctl_elem_value *data,
220 				    void __user *userdata,
221 				    void __user *valuep,
222 				    int *typep, int *countp)
223 {
224 	struct snd_ctl_elem_value32 __user *data32 = userdata;
225 	int i, type, size;
226 	int count;
227 	unsigned int indirect;
228 
229 	if (copy_from_user(&data->id, &data32->id, sizeof(data->id)))
230 		return -EFAULT;
231 	if (get_user(indirect, &data32->indirect))
232 		return -EFAULT;
233 	if (indirect)
234 		return -EINVAL;
235 	type = get_ctl_type(card, &data->id, &count);
236 	if (type < 0)
237 		return type;
238 
239 	if (type == SNDRV_CTL_ELEM_TYPE_BOOLEAN ||
240 	    type == SNDRV_CTL_ELEM_TYPE_INTEGER) {
241 		for (i = 0; i < count; i++) {
242 			s32 __user *intp = valuep;
243 			int val;
244 			if (get_user(val, &intp[i]))
245 				return -EFAULT;
246 			data->value.integer.value[i] = val;
247 		}
248 	} else {
249 		size = get_elem_size(type, count);
250 		if (size < 0) {
251 			dev_err(card->dev, "snd_ioctl32_ctl_elem_value: unknown type %d\n", type);
252 			return -EINVAL;
253 		}
254 		if (copy_from_user(data->value.bytes.data, valuep, size))
255 			return -EFAULT;
256 	}
257 
258 	*typep = type;
259 	*countp = count;
260 	return 0;
261 }
262 
263 /* restore the value to 32bit */
copy_ctl_value_to_user(void __user * userdata,void __user * valuep,struct snd_ctl_elem_value * data,int type,int count)264 static int copy_ctl_value_to_user(void __user *userdata,
265 				  void __user *valuep,
266 				  struct snd_ctl_elem_value *data,
267 				  int type, int count)
268 {
269 	struct snd_ctl_elem_value32 __user *data32 = userdata;
270 	int i, size;
271 
272 	if (type == SNDRV_CTL_ELEM_TYPE_BOOLEAN ||
273 	    type == SNDRV_CTL_ELEM_TYPE_INTEGER) {
274 		for (i = 0; i < count; i++) {
275 			s32 __user *intp = valuep;
276 			int val;
277 			val = data->value.integer.value[i];
278 			if (put_user(val, &intp[i]))
279 				return -EFAULT;
280 		}
281 	} else {
282 		size = get_elem_size(type, count);
283 		if (copy_to_user(valuep, data->value.bytes.data, size))
284 			return -EFAULT;
285 	}
286 	if (copy_to_user(&data32->id, &data->id, sizeof(data32->id)))
287 		return -EFAULT;
288 	return 0;
289 }
290 
ctl_elem_read_user(struct snd_card * card,void __user * userdata,void __user * valuep)291 static int ctl_elem_read_user(struct snd_card *card,
292 			      void __user *userdata, void __user *valuep)
293 {
294 	struct snd_ctl_elem_value *data;
295 	int err, type, count;
296 
297 	data = kzalloc(sizeof(*data), GFP_KERNEL);
298 	if (data == NULL)
299 		return -ENOMEM;
300 
301 	err = copy_ctl_value_from_user(card, data, userdata, valuep,
302 				       &type, &count);
303 	if (err < 0)
304 		goto error;
305 
306 	err = snd_power_wait(card, SNDRV_CTL_POWER_D0);
307 	if (err < 0)
308 		goto error;
309 	down_read(&card->controls_rwsem);
310 	err = snd_ctl_elem_read(card, data);
311 	up_read(&card->controls_rwsem);
312 	if (err < 0)
313 		goto error;
314 	err = copy_ctl_value_to_user(userdata, valuep, data, type, count);
315  error:
316 	kfree(data);
317 	return err;
318 }
319 
ctl_elem_write_user(struct snd_ctl_file * file,void __user * userdata,void __user * valuep)320 static int ctl_elem_write_user(struct snd_ctl_file *file,
321 			       void __user *userdata, void __user *valuep)
322 {
323 	struct snd_ctl_elem_value *data;
324 	struct snd_card *card = file->card;
325 	int err, type, count;
326 
327 	data = kzalloc(sizeof(*data), GFP_KERNEL);
328 	if (data == NULL)
329 		return -ENOMEM;
330 
331 	err = copy_ctl_value_from_user(card, data, userdata, valuep,
332 				       &type, &count);
333 	if (err < 0)
334 		goto error;
335 
336 	err = snd_power_wait(card, SNDRV_CTL_POWER_D0);
337 	if (err < 0)
338 		goto error;
339 	down_write(&card->controls_rwsem);
340 	err = snd_ctl_elem_write(card, file, data);
341 	up_write(&card->controls_rwsem);
342 	if (err < 0)
343 		goto error;
344 	err = copy_ctl_value_to_user(userdata, valuep, data, type, count);
345  error:
346 	kfree(data);
347 	return err;
348 }
349 
snd_ctl_elem_read_user_compat(struct snd_card * card,struct snd_ctl_elem_value32 __user * data32)350 static int snd_ctl_elem_read_user_compat(struct snd_card *card,
351 					 struct snd_ctl_elem_value32 __user *data32)
352 {
353 	return ctl_elem_read_user(card, data32, &data32->value);
354 }
355 
snd_ctl_elem_write_user_compat(struct snd_ctl_file * file,struct snd_ctl_elem_value32 __user * data32)356 static int snd_ctl_elem_write_user_compat(struct snd_ctl_file *file,
357 					  struct snd_ctl_elem_value32 __user *data32)
358 {
359 	return ctl_elem_write_user(file, data32, &data32->value);
360 }
361 
362 #ifdef CONFIG_X86_X32
snd_ctl_elem_read_user_x32(struct snd_card * card,struct snd_ctl_elem_value_x32 __user * data32)363 static int snd_ctl_elem_read_user_x32(struct snd_card *card,
364 				      struct snd_ctl_elem_value_x32 __user *data32)
365 {
366 	return ctl_elem_read_user(card, data32, &data32->value);
367 }
368 
snd_ctl_elem_write_user_x32(struct snd_ctl_file * file,struct snd_ctl_elem_value_x32 __user * data32)369 static int snd_ctl_elem_write_user_x32(struct snd_ctl_file *file,
370 				       struct snd_ctl_elem_value_x32 __user *data32)
371 {
372 	return ctl_elem_write_user(file, data32, &data32->value);
373 }
374 #endif /* CONFIG_X86_X32 */
375 
376 /* add or replace a user control */
snd_ctl_elem_add_compat(struct snd_ctl_file * file,struct snd_ctl_elem_info32 __user * data32,int replace)377 static int snd_ctl_elem_add_compat(struct snd_ctl_file *file,
378 				   struct snd_ctl_elem_info32 __user *data32,
379 				   int replace)
380 {
381 	struct snd_ctl_elem_info *data;
382 	int err;
383 
384 	data = kzalloc(sizeof(*data), GFP_KERNEL);
385 	if (! data)
386 		return -ENOMEM;
387 
388 	err = -EFAULT;
389 	/* id, type, access, count */ \
390 	if (copy_from_user(&data->id, &data32->id, sizeof(data->id)) ||
391 	    copy_from_user(&data->type, &data32->type, 3 * sizeof(u32)))
392 		goto error;
393 	if (get_user(data->owner, &data32->owner))
394 		goto error;
395 	switch (data->type) {
396 	case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
397 	case SNDRV_CTL_ELEM_TYPE_INTEGER:
398 		if (get_user(data->value.integer.min, &data32->value.integer.min) ||
399 		    get_user(data->value.integer.max, &data32->value.integer.max) ||
400 		    get_user(data->value.integer.step, &data32->value.integer.step))
401 			goto error;
402 		break;
403 	case SNDRV_CTL_ELEM_TYPE_INTEGER64:
404 		if (copy_from_user(&data->value.integer64,
405 				   &data32->value.integer64,
406 				   sizeof(data->value.integer64)))
407 			goto error;
408 		break;
409 	case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
410 		if (copy_from_user(&data->value.enumerated,
411 				   &data32->value.enumerated,
412 				   sizeof(data->value.enumerated)))
413 			goto error;
414 		data->value.enumerated.names_ptr =
415 			(uintptr_t)compat_ptr(data->value.enumerated.names_ptr);
416 		break;
417 	default:
418 		break;
419 	}
420 	err = snd_ctl_elem_add(file, data, replace);
421  error:
422 	kfree(data);
423 	return err;
424 }
425 
426 enum {
427 	SNDRV_CTL_IOCTL_ELEM_LIST32 = _IOWR('U', 0x10, struct snd_ctl_elem_list32),
428 	SNDRV_CTL_IOCTL_ELEM_INFO32 = _IOWR('U', 0x11, struct snd_ctl_elem_info32),
429 	SNDRV_CTL_IOCTL_ELEM_READ32 = _IOWR('U', 0x12, struct snd_ctl_elem_value32),
430 	SNDRV_CTL_IOCTL_ELEM_WRITE32 = _IOWR('U', 0x13, struct snd_ctl_elem_value32),
431 	SNDRV_CTL_IOCTL_ELEM_ADD32 = _IOWR('U', 0x17, struct snd_ctl_elem_info32),
432 	SNDRV_CTL_IOCTL_ELEM_REPLACE32 = _IOWR('U', 0x18, struct snd_ctl_elem_info32),
433 #ifdef CONFIG_X86_X32
434 	SNDRV_CTL_IOCTL_ELEM_READ_X32 = _IOWR('U', 0x12, struct snd_ctl_elem_value_x32),
435 	SNDRV_CTL_IOCTL_ELEM_WRITE_X32 = _IOWR('U', 0x13, struct snd_ctl_elem_value_x32),
436 #endif /* CONFIG_X86_X32 */
437 };
438 
snd_ctl_ioctl_compat(struct file * file,unsigned int cmd,unsigned long arg)439 static inline long snd_ctl_ioctl_compat(struct file *file, unsigned int cmd, unsigned long arg)
440 {
441 	struct snd_ctl_file *ctl;
442 	struct snd_kctl_ioctl *p;
443 	void __user *argp = compat_ptr(arg);
444 	int err;
445 
446 	ctl = file->private_data;
447 	if (snd_BUG_ON(!ctl || !ctl->card))
448 		return -ENXIO;
449 
450 	switch (cmd) {
451 	case SNDRV_CTL_IOCTL_PVERSION:
452 	case SNDRV_CTL_IOCTL_CARD_INFO:
453 	case SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS:
454 	case SNDRV_CTL_IOCTL_POWER:
455 	case SNDRV_CTL_IOCTL_POWER_STATE:
456 	case SNDRV_CTL_IOCTL_ELEM_LOCK:
457 	case SNDRV_CTL_IOCTL_ELEM_UNLOCK:
458 	case SNDRV_CTL_IOCTL_ELEM_REMOVE:
459 	case SNDRV_CTL_IOCTL_TLV_READ:
460 	case SNDRV_CTL_IOCTL_TLV_WRITE:
461 	case SNDRV_CTL_IOCTL_TLV_COMMAND:
462 		return snd_ctl_ioctl(file, cmd, (unsigned long)argp);
463 	case SNDRV_CTL_IOCTL_ELEM_LIST32:
464 		return snd_ctl_elem_list_compat(ctl->card, argp);
465 	case SNDRV_CTL_IOCTL_ELEM_INFO32:
466 		return snd_ctl_elem_info_compat(ctl, argp);
467 	case SNDRV_CTL_IOCTL_ELEM_READ32:
468 		return snd_ctl_elem_read_user_compat(ctl->card, argp);
469 	case SNDRV_CTL_IOCTL_ELEM_WRITE32:
470 		return snd_ctl_elem_write_user_compat(ctl, argp);
471 	case SNDRV_CTL_IOCTL_ELEM_ADD32:
472 		return snd_ctl_elem_add_compat(ctl, argp, 0);
473 	case SNDRV_CTL_IOCTL_ELEM_REPLACE32:
474 		return snd_ctl_elem_add_compat(ctl, argp, 1);
475 #ifdef CONFIG_X86_X32
476 	case SNDRV_CTL_IOCTL_ELEM_READ_X32:
477 		return snd_ctl_elem_read_user_x32(ctl->card, argp);
478 	case SNDRV_CTL_IOCTL_ELEM_WRITE_X32:
479 		return snd_ctl_elem_write_user_x32(ctl, argp);
480 #endif /* CONFIG_X86_X32 */
481 	}
482 
483 	down_read(&snd_ioctl_rwsem);
484 	list_for_each_entry(p, &snd_control_compat_ioctls, list) {
485 		if (p->fioctl) {
486 			err = p->fioctl(ctl->card, ctl, cmd, arg);
487 			if (err != -ENOIOCTLCMD) {
488 				up_read(&snd_ioctl_rwsem);
489 				return err;
490 			}
491 		}
492 	}
493 	up_read(&snd_ioctl_rwsem);
494 	return -ENOIOCTLCMD;
495 }
496