1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * compat ioctls for control API
4 *
5 * Copyright (c) by Takashi Iwai <tiwai@suse.de>
6 */
7
8 /* this file included from control.c */
9
10 #include <linux/compat.h>
11 #include <linux/slab.h>
12
13 struct snd_ctl_elem_list32 {
14 u32 offset;
15 u32 space;
16 u32 used;
17 u32 count;
18 u32 pids;
19 unsigned char reserved[50];
20 } /* don't set packed attribute here */;
21
snd_ctl_elem_list_compat(struct snd_card * card,struct snd_ctl_elem_list32 __user * data32)22 static int snd_ctl_elem_list_compat(struct snd_card *card,
23 struct snd_ctl_elem_list32 __user *data32)
24 {
25 struct snd_ctl_elem_list data = {};
26 compat_caddr_t ptr;
27 int err;
28
29 /* offset, space, used, count */
30 if (copy_from_user(&data, data32, 4 * sizeof(u32)))
31 return -EFAULT;
32 /* pids */
33 if (get_user(ptr, &data32->pids))
34 return -EFAULT;
35 data.pids = compat_ptr(ptr);
36 err = snd_ctl_elem_list(card, &data);
37 if (err < 0)
38 return err;
39 /* copy the result */
40 if (copy_to_user(data32, &data, 4 * sizeof(u32)))
41 return -EFAULT;
42 return 0;
43 }
44
45 /*
46 * control element info
47 * it uses union, so the things are not easy..
48 */
49
50 struct snd_ctl_elem_info32 {
51 struct snd_ctl_elem_id id; // the size of struct is same
52 s32 type;
53 u32 access;
54 u32 count;
55 s32 owner;
56 union {
57 struct {
58 s32 min;
59 s32 max;
60 s32 step;
61 } integer;
62 struct {
63 u64 min;
64 u64 max;
65 u64 step;
66 } integer64;
67 struct {
68 u32 items;
69 u32 item;
70 char name[64];
71 u64 names_ptr;
72 u32 names_length;
73 } enumerated;
74 unsigned char reserved[128];
75 } value;
76 unsigned char reserved[64];
77 } __attribute__((packed));
78
snd_ctl_elem_info_compat(struct snd_ctl_file * ctl,struct snd_ctl_elem_info32 __user * data32)79 static int snd_ctl_elem_info_compat(struct snd_ctl_file *ctl,
80 struct snd_ctl_elem_info32 __user *data32)
81 {
82 struct snd_ctl_elem_info *data;
83 int err;
84
85 data = kzalloc(sizeof(*data), GFP_KERNEL);
86 if (! data)
87 return -ENOMEM;
88
89 err = -EFAULT;
90 /* copy id */
91 if (copy_from_user(&data->id, &data32->id, sizeof(data->id)))
92 goto error;
93 /* we need to copy the item index.
94 * hope this doesn't break anything..
95 */
96 if (get_user(data->value.enumerated.item, &data32->value.enumerated.item))
97 goto error;
98
99 err = snd_ctl_elem_info(ctl, data);
100 if (err < 0)
101 goto error;
102 /* restore info to 32bit */
103 err = -EFAULT;
104 /* id, type, access, count */
105 if (copy_to_user(&data32->id, &data->id, sizeof(data->id)) ||
106 copy_to_user(&data32->type, &data->type, 3 * sizeof(u32)))
107 goto error;
108 if (put_user(data->owner, &data32->owner))
109 goto error;
110 switch (data->type) {
111 case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
112 case SNDRV_CTL_ELEM_TYPE_INTEGER:
113 if (put_user(data->value.integer.min, &data32->value.integer.min) ||
114 put_user(data->value.integer.max, &data32->value.integer.max) ||
115 put_user(data->value.integer.step, &data32->value.integer.step))
116 goto error;
117 break;
118 case SNDRV_CTL_ELEM_TYPE_INTEGER64:
119 if (copy_to_user(&data32->value.integer64,
120 &data->value.integer64,
121 sizeof(data->value.integer64)))
122 goto error;
123 break;
124 case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
125 if (copy_to_user(&data32->value.enumerated,
126 &data->value.enumerated,
127 sizeof(data->value.enumerated)))
128 goto error;
129 break;
130 default:
131 break;
132 }
133 err = 0;
134 error:
135 kfree(data);
136 return err;
137 }
138
139 /* read / write */
140 struct snd_ctl_elem_value32 {
141 struct snd_ctl_elem_id id;
142 unsigned int indirect; /* bit-field causes misalignment */
143 union {
144 s32 integer[128];
145 unsigned char data[512];
146 #ifndef CONFIG_X86_64
147 s64 integer64[64];
148 #endif
149 } value;
150 unsigned char reserved[128];
151 };
152
153 #ifdef CONFIG_X86_X32
154 /* x32 has a different alignment for 64bit values from ia32 */
155 struct snd_ctl_elem_value_x32 {
156 struct snd_ctl_elem_id id;
157 unsigned int indirect; /* bit-field causes misalignment */
158 union {
159 s32 integer[128];
160 unsigned char data[512];
161 s64 integer64[64];
162 } value;
163 unsigned char reserved[128];
164 };
165 #endif /* CONFIG_X86_X32 */
166
167 /* get the value type and count of the control */
get_ctl_type(struct snd_card * card,struct snd_ctl_elem_id * id,int * countp)168 static int get_ctl_type(struct snd_card *card, struct snd_ctl_elem_id *id,
169 int *countp)
170 {
171 struct snd_kcontrol *kctl;
172 struct snd_ctl_elem_info *info;
173 int err;
174
175 down_read(&card->controls_rwsem);
176 kctl = snd_ctl_find_id(card, id);
177 if (! kctl) {
178 up_read(&card->controls_rwsem);
179 return -ENOENT;
180 }
181 info = kzalloc(sizeof(*info), GFP_KERNEL);
182 if (info == NULL) {
183 up_read(&card->controls_rwsem);
184 return -ENOMEM;
185 }
186 info->id = *id;
187 err = snd_power_ref_and_wait(card);
188 if (!err)
189 err = kctl->info(kctl, info);
190 snd_power_unref(card);
191 up_read(&card->controls_rwsem);
192 if (err >= 0) {
193 err = info->type;
194 *countp = info->count;
195 }
196 kfree(info);
197 return err;
198 }
199
get_elem_size(int type,int count)200 static int get_elem_size(int type, int count)
201 {
202 switch (type) {
203 case SNDRV_CTL_ELEM_TYPE_INTEGER64:
204 return sizeof(s64) * count;
205 case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
206 return sizeof(int) * count;
207 case SNDRV_CTL_ELEM_TYPE_BYTES:
208 return 512;
209 case SNDRV_CTL_ELEM_TYPE_IEC958:
210 return sizeof(struct snd_aes_iec958);
211 default:
212 return -1;
213 }
214 }
215
copy_ctl_value_from_user(struct snd_card * card,struct snd_ctl_elem_value * data,void __user * userdata,void __user * valuep,int * typep,int * countp)216 static int copy_ctl_value_from_user(struct snd_card *card,
217 struct snd_ctl_elem_value *data,
218 void __user *userdata,
219 void __user *valuep,
220 int *typep, int *countp)
221 {
222 struct snd_ctl_elem_value32 __user *data32 = userdata;
223 int i, type, size;
224 int count;
225 unsigned int indirect;
226
227 if (copy_from_user(&data->id, &data32->id, sizeof(data->id)))
228 return -EFAULT;
229 if (get_user(indirect, &data32->indirect))
230 return -EFAULT;
231 if (indirect)
232 return -EINVAL;
233 type = get_ctl_type(card, &data->id, &count);
234 if (type < 0)
235 return type;
236
237 if (type == SNDRV_CTL_ELEM_TYPE_BOOLEAN ||
238 type == SNDRV_CTL_ELEM_TYPE_INTEGER) {
239 for (i = 0; i < count; i++) {
240 s32 __user *intp = valuep;
241 int val;
242 if (get_user(val, &intp[i]))
243 return -EFAULT;
244 data->value.integer.value[i] = val;
245 }
246 } else {
247 size = get_elem_size(type, count);
248 if (size < 0) {
249 dev_err(card->dev, "snd_ioctl32_ctl_elem_value: unknown type %d\n", type);
250 return -EINVAL;
251 }
252 if (copy_from_user(data->value.bytes.data, valuep, size))
253 return -EFAULT;
254 }
255
256 *typep = type;
257 *countp = count;
258 return 0;
259 }
260
261 /* restore the value to 32bit */
copy_ctl_value_to_user(void __user * userdata,void __user * valuep,struct snd_ctl_elem_value * data,int type,int count)262 static int copy_ctl_value_to_user(void __user *userdata,
263 void __user *valuep,
264 struct snd_ctl_elem_value *data,
265 int type, int count)
266 {
267 struct snd_ctl_elem_value32 __user *data32 = userdata;
268 int i, size;
269
270 if (type == SNDRV_CTL_ELEM_TYPE_BOOLEAN ||
271 type == SNDRV_CTL_ELEM_TYPE_INTEGER) {
272 for (i = 0; i < count; i++) {
273 s32 __user *intp = valuep;
274 int val;
275 val = data->value.integer.value[i];
276 if (put_user(val, &intp[i]))
277 return -EFAULT;
278 }
279 } else {
280 size = get_elem_size(type, count);
281 if (copy_to_user(valuep, data->value.bytes.data, size))
282 return -EFAULT;
283 }
284 if (copy_to_user(&data32->id, &data->id, sizeof(data32->id)))
285 return -EFAULT;
286 return 0;
287 }
288
ctl_elem_read_user(struct snd_card * card,void __user * userdata,void __user * valuep)289 static int ctl_elem_read_user(struct snd_card *card,
290 void __user *userdata, void __user *valuep)
291 {
292 struct snd_ctl_elem_value *data;
293 int err, type, count;
294
295 data = kzalloc(sizeof(*data), GFP_KERNEL);
296 if (data == NULL)
297 return -ENOMEM;
298
299 err = copy_ctl_value_from_user(card, data, userdata, valuep,
300 &type, &count);
301 if (err < 0)
302 goto error;
303
304 err = snd_ctl_elem_read(card, data);
305 if (err < 0)
306 goto error;
307 err = copy_ctl_value_to_user(userdata, valuep, data, type, count);
308 error:
309 kfree(data);
310 return err;
311 }
312
ctl_elem_write_user(struct snd_ctl_file * file,void __user * userdata,void __user * valuep)313 static int ctl_elem_write_user(struct snd_ctl_file *file,
314 void __user *userdata, void __user *valuep)
315 {
316 struct snd_ctl_elem_value *data;
317 struct snd_card *card = file->card;
318 int err, type, count;
319
320 data = kzalloc(sizeof(*data), GFP_KERNEL);
321 if (data == NULL)
322 return -ENOMEM;
323
324 err = copy_ctl_value_from_user(card, data, userdata, valuep,
325 &type, &count);
326 if (err < 0)
327 goto error;
328
329 err = snd_ctl_elem_write(card, file, data);
330 if (err < 0)
331 goto error;
332 err = copy_ctl_value_to_user(userdata, valuep, data, type, count);
333 error:
334 kfree(data);
335 return err;
336 }
337
snd_ctl_elem_read_user_compat(struct snd_card * card,struct snd_ctl_elem_value32 __user * data32)338 static int snd_ctl_elem_read_user_compat(struct snd_card *card,
339 struct snd_ctl_elem_value32 __user *data32)
340 {
341 return ctl_elem_read_user(card, data32, &data32->value);
342 }
343
snd_ctl_elem_write_user_compat(struct snd_ctl_file * file,struct snd_ctl_elem_value32 __user * data32)344 static int snd_ctl_elem_write_user_compat(struct snd_ctl_file *file,
345 struct snd_ctl_elem_value32 __user *data32)
346 {
347 return ctl_elem_write_user(file, data32, &data32->value);
348 }
349
350 #ifdef CONFIG_X86_X32
snd_ctl_elem_read_user_x32(struct snd_card * card,struct snd_ctl_elem_value_x32 __user * data32)351 static int snd_ctl_elem_read_user_x32(struct snd_card *card,
352 struct snd_ctl_elem_value_x32 __user *data32)
353 {
354 return ctl_elem_read_user(card, data32, &data32->value);
355 }
356
snd_ctl_elem_write_user_x32(struct snd_ctl_file * file,struct snd_ctl_elem_value_x32 __user * data32)357 static int snd_ctl_elem_write_user_x32(struct snd_ctl_file *file,
358 struct snd_ctl_elem_value_x32 __user *data32)
359 {
360 return ctl_elem_write_user(file, data32, &data32->value);
361 }
362 #endif /* CONFIG_X86_X32 */
363
364 /* add or replace a user control */
snd_ctl_elem_add_compat(struct snd_ctl_file * file,struct snd_ctl_elem_info32 __user * data32,int replace)365 static int snd_ctl_elem_add_compat(struct snd_ctl_file *file,
366 struct snd_ctl_elem_info32 __user *data32,
367 int replace)
368 {
369 struct snd_ctl_elem_info *data;
370 int err;
371
372 data = kzalloc(sizeof(*data), GFP_KERNEL);
373 if (! data)
374 return -ENOMEM;
375
376 err = -EFAULT;
377 /* id, type, access, count */ \
378 if (copy_from_user(&data->id, &data32->id, sizeof(data->id)) ||
379 copy_from_user(&data->type, &data32->type, 3 * sizeof(u32)))
380 goto error;
381 if (get_user(data->owner, &data32->owner))
382 goto error;
383 switch (data->type) {
384 case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
385 case SNDRV_CTL_ELEM_TYPE_INTEGER:
386 if (get_user(data->value.integer.min, &data32->value.integer.min) ||
387 get_user(data->value.integer.max, &data32->value.integer.max) ||
388 get_user(data->value.integer.step, &data32->value.integer.step))
389 goto error;
390 break;
391 case SNDRV_CTL_ELEM_TYPE_INTEGER64:
392 if (copy_from_user(&data->value.integer64,
393 &data32->value.integer64,
394 sizeof(data->value.integer64)))
395 goto error;
396 break;
397 case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
398 if (copy_from_user(&data->value.enumerated,
399 &data32->value.enumerated,
400 sizeof(data->value.enumerated)))
401 goto error;
402 data->value.enumerated.names_ptr =
403 (uintptr_t)compat_ptr(data->value.enumerated.names_ptr);
404 break;
405 default:
406 break;
407 }
408 err = snd_ctl_elem_add(file, data, replace);
409 error:
410 kfree(data);
411 return err;
412 }
413
414 enum {
415 SNDRV_CTL_IOCTL_ELEM_LIST32 = _IOWR('U', 0x10, struct snd_ctl_elem_list32),
416 SNDRV_CTL_IOCTL_ELEM_INFO32 = _IOWR('U', 0x11, struct snd_ctl_elem_info32),
417 SNDRV_CTL_IOCTL_ELEM_READ32 = _IOWR('U', 0x12, struct snd_ctl_elem_value32),
418 SNDRV_CTL_IOCTL_ELEM_WRITE32 = _IOWR('U', 0x13, struct snd_ctl_elem_value32),
419 SNDRV_CTL_IOCTL_ELEM_ADD32 = _IOWR('U', 0x17, struct snd_ctl_elem_info32),
420 SNDRV_CTL_IOCTL_ELEM_REPLACE32 = _IOWR('U', 0x18, struct snd_ctl_elem_info32),
421 #ifdef CONFIG_X86_X32
422 SNDRV_CTL_IOCTL_ELEM_READ_X32 = _IOWR('U', 0x12, struct snd_ctl_elem_value_x32),
423 SNDRV_CTL_IOCTL_ELEM_WRITE_X32 = _IOWR('U', 0x13, struct snd_ctl_elem_value_x32),
424 #endif /* CONFIG_X86_X32 */
425 };
426
snd_ctl_ioctl_compat(struct file * file,unsigned int cmd,unsigned long arg)427 static inline long snd_ctl_ioctl_compat(struct file *file, unsigned int cmd, unsigned long arg)
428 {
429 struct snd_ctl_file *ctl;
430 struct snd_kctl_ioctl *p;
431 void __user *argp = compat_ptr(arg);
432 int err;
433
434 ctl = file->private_data;
435 if (snd_BUG_ON(!ctl || !ctl->card))
436 return -ENXIO;
437
438 switch (cmd) {
439 case SNDRV_CTL_IOCTL_PVERSION:
440 case SNDRV_CTL_IOCTL_CARD_INFO:
441 case SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS:
442 case SNDRV_CTL_IOCTL_POWER:
443 case SNDRV_CTL_IOCTL_POWER_STATE:
444 case SNDRV_CTL_IOCTL_ELEM_LOCK:
445 case SNDRV_CTL_IOCTL_ELEM_UNLOCK:
446 case SNDRV_CTL_IOCTL_ELEM_REMOVE:
447 case SNDRV_CTL_IOCTL_TLV_READ:
448 case SNDRV_CTL_IOCTL_TLV_WRITE:
449 case SNDRV_CTL_IOCTL_TLV_COMMAND:
450 return snd_ctl_ioctl(file, cmd, (unsigned long)argp);
451 case SNDRV_CTL_IOCTL_ELEM_LIST32:
452 return snd_ctl_elem_list_compat(ctl->card, argp);
453 case SNDRV_CTL_IOCTL_ELEM_INFO32:
454 return snd_ctl_elem_info_compat(ctl, argp);
455 case SNDRV_CTL_IOCTL_ELEM_READ32:
456 return snd_ctl_elem_read_user_compat(ctl->card, argp);
457 case SNDRV_CTL_IOCTL_ELEM_WRITE32:
458 return snd_ctl_elem_write_user_compat(ctl, argp);
459 case SNDRV_CTL_IOCTL_ELEM_ADD32:
460 return snd_ctl_elem_add_compat(ctl, argp, 0);
461 case SNDRV_CTL_IOCTL_ELEM_REPLACE32:
462 return snd_ctl_elem_add_compat(ctl, argp, 1);
463 #ifdef CONFIG_X86_X32
464 case SNDRV_CTL_IOCTL_ELEM_READ_X32:
465 return snd_ctl_elem_read_user_x32(ctl->card, argp);
466 case SNDRV_CTL_IOCTL_ELEM_WRITE_X32:
467 return snd_ctl_elem_write_user_x32(ctl, argp);
468 #endif /* CONFIG_X86_X32 */
469 }
470
471 down_read(&snd_ioctl_rwsem);
472 list_for_each_entry(p, &snd_control_compat_ioctls, list) {
473 if (p->fioctl) {
474 err = p->fioctl(ctl->card, ctl, cmd, arg);
475 if (err != -ENOIOCTLCMD) {
476 up_read(&snd_ioctl_rwsem);
477 return err;
478 }
479 }
480 }
481 up_read(&snd_ioctl_rwsem);
482 return -ENOIOCTLCMD;
483 }
484