• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * compat ioctls for control API
4  *
5  *   Copyright (c) by Takashi Iwai <tiwai@suse.de>
6  */
7 
8 /* this file included from control.c */
9 
10 #include <linux/compat.h>
11 #include <linux/slab.h>
12 
13 struct snd_ctl_elem_list32 {
14 	u32 offset;
15 	u32 space;
16 	u32 used;
17 	u32 count;
18 	u32 pids;
19 	unsigned char reserved[50];
20 } /* don't set packed attribute here */;
21 
snd_ctl_elem_list_compat(struct snd_card * card,struct snd_ctl_elem_list32 __user * data32)22 static int snd_ctl_elem_list_compat(struct snd_card *card,
23 				    struct snd_ctl_elem_list32 __user *data32)
24 {
25 	struct snd_ctl_elem_list data = {};
26 	compat_caddr_t ptr;
27 	int err;
28 
29 	/* offset, space, used, count */
30 	if (copy_from_user(&data, data32, 4 * sizeof(u32)))
31 		return -EFAULT;
32 	/* pids */
33 	if (get_user(ptr, &data32->pids))
34 		return -EFAULT;
35 	data.pids = compat_ptr(ptr);
36 	err = snd_ctl_elem_list(card, &data);
37 	if (err < 0)
38 		return err;
39 	/* copy the result */
40 	if (copy_to_user(data32, &data, 4 * sizeof(u32)))
41 		return -EFAULT;
42 	return 0;
43 }
44 
45 /*
46  * control element info
47  * it uses union, so the things are not easy..
48  */
49 
50 struct snd_ctl_elem_info32 {
51 	struct snd_ctl_elem_id id; // the size of struct is same
52 	s32 type;
53 	u32 access;
54 	u32 count;
55 	s32 owner;
56 	union {
57 		struct {
58 			s32 min;
59 			s32 max;
60 			s32 step;
61 		} integer;
62 		struct {
63 			u64 min;
64 			u64 max;
65 			u64 step;
66 		} integer64;
67 		struct {
68 			u32 items;
69 			u32 item;
70 			char name[64];
71 			u64 names_ptr;
72 			u32 names_length;
73 		} enumerated;
74 		unsigned char reserved[128];
75 	} value;
76 	unsigned char reserved[64];
77 } __attribute__((packed));
78 
snd_ctl_elem_info_compat(struct snd_ctl_file * ctl,struct snd_ctl_elem_info32 __user * data32)79 static int snd_ctl_elem_info_compat(struct snd_ctl_file *ctl,
80 				    struct snd_ctl_elem_info32 __user *data32)
81 {
82 	struct snd_ctl_elem_info *data;
83 	int err;
84 
85 	data = kzalloc(sizeof(*data), GFP_KERNEL);
86 	if (! data)
87 		return -ENOMEM;
88 
89 	err = -EFAULT;
90 	/* copy id */
91 	if (copy_from_user(&data->id, &data32->id, sizeof(data->id)))
92 		goto error;
93 	/* we need to copy the item index.
94 	 * hope this doesn't break anything..
95 	 */
96 	if (get_user(data->value.enumerated.item, &data32->value.enumerated.item))
97 		goto error;
98 
99 	err = snd_ctl_elem_info(ctl, data);
100 	if (err < 0)
101 		goto error;
102 	/* restore info to 32bit */
103 	err = -EFAULT;
104 	/* id, type, access, count */
105 	if (copy_to_user(&data32->id, &data->id, sizeof(data->id)) ||
106 	    copy_to_user(&data32->type, &data->type, 3 * sizeof(u32)))
107 		goto error;
108 	if (put_user(data->owner, &data32->owner))
109 		goto error;
110 	switch (data->type) {
111 	case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
112 	case SNDRV_CTL_ELEM_TYPE_INTEGER:
113 		if (put_user(data->value.integer.min, &data32->value.integer.min) ||
114 		    put_user(data->value.integer.max, &data32->value.integer.max) ||
115 		    put_user(data->value.integer.step, &data32->value.integer.step))
116 			goto error;
117 		break;
118 	case SNDRV_CTL_ELEM_TYPE_INTEGER64:
119 		if (copy_to_user(&data32->value.integer64,
120 				 &data->value.integer64,
121 				 sizeof(data->value.integer64)))
122 			goto error;
123 		break;
124 	case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
125 		if (copy_to_user(&data32->value.enumerated,
126 				 &data->value.enumerated,
127 				 sizeof(data->value.enumerated)))
128 			goto error;
129 		break;
130 	default:
131 		break;
132 	}
133 	err = 0;
134  error:
135 	kfree(data);
136 	return err;
137 }
138 
139 /* read / write */
140 struct snd_ctl_elem_value32 {
141 	struct snd_ctl_elem_id id;
142 	unsigned int indirect;	/* bit-field causes misalignment */
143         union {
144 		s32 integer[128];
145 		unsigned char data[512];
146 #ifndef CONFIG_X86_64
147 		s64 integer64[64];
148 #endif
149         } value;
150         unsigned char reserved[128];
151 };
152 
153 #ifdef CONFIG_X86_X32
154 /* x32 has a different alignment for 64bit values from ia32 */
155 struct snd_ctl_elem_value_x32 {
156 	struct snd_ctl_elem_id id;
157 	unsigned int indirect;	/* bit-field causes misalignment */
158 	union {
159 		s32 integer[128];
160 		unsigned char data[512];
161 		s64 integer64[64];
162 	} value;
163 	unsigned char reserved[128];
164 };
165 #endif /* CONFIG_X86_X32 */
166 
167 /* get the value type and count of the control */
get_ctl_type(struct snd_card * card,struct snd_ctl_elem_id * id,int * countp)168 static int get_ctl_type(struct snd_card *card, struct snd_ctl_elem_id *id,
169 			int *countp)
170 {
171 	struct snd_kcontrol *kctl;
172 	struct snd_ctl_elem_info *info;
173 	int err;
174 
175 	down_read(&card->controls_rwsem);
176 	kctl = snd_ctl_find_id(card, id);
177 	if (! kctl) {
178 		up_read(&card->controls_rwsem);
179 		return -ENOENT;
180 	}
181 	info = kzalloc(sizeof(*info), GFP_KERNEL);
182 	if (info == NULL) {
183 		up_read(&card->controls_rwsem);
184 		return -ENOMEM;
185 	}
186 	info->id = *id;
187 	err = snd_power_ref_and_wait(card);
188 	if (!err)
189 		err = kctl->info(kctl, info);
190 	snd_power_unref(card);
191 	up_read(&card->controls_rwsem);
192 	if (err >= 0) {
193 		err = info->type;
194 		*countp = info->count;
195 	}
196 	kfree(info);
197 	return err;
198 }
199 
get_elem_size(int type,int count)200 static int get_elem_size(int type, int count)
201 {
202 	switch (type) {
203 	case SNDRV_CTL_ELEM_TYPE_INTEGER64:
204 		return sizeof(s64) * count;
205 	case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
206 		return sizeof(int) * count;
207 	case SNDRV_CTL_ELEM_TYPE_BYTES:
208 		return 512;
209 	case SNDRV_CTL_ELEM_TYPE_IEC958:
210 		return sizeof(struct snd_aes_iec958);
211 	default:
212 		return -1;
213 	}
214 }
215 
copy_ctl_value_from_user(struct snd_card * card,struct snd_ctl_elem_value * data,void __user * userdata,void __user * valuep,int * typep,int * countp)216 static int copy_ctl_value_from_user(struct snd_card *card,
217 				    struct snd_ctl_elem_value *data,
218 				    void __user *userdata,
219 				    void __user *valuep,
220 				    int *typep, int *countp)
221 {
222 	struct snd_ctl_elem_value32 __user *data32 = userdata;
223 	int i, type, size;
224 	int count;
225 	unsigned int indirect;
226 
227 	if (copy_from_user(&data->id, &data32->id, sizeof(data->id)))
228 		return -EFAULT;
229 	if (get_user(indirect, &data32->indirect))
230 		return -EFAULT;
231 	if (indirect)
232 		return -EINVAL;
233 	type = get_ctl_type(card, &data->id, &count);
234 	if (type < 0)
235 		return type;
236 
237 	if (type == SNDRV_CTL_ELEM_TYPE_BOOLEAN ||
238 	    type == SNDRV_CTL_ELEM_TYPE_INTEGER) {
239 		for (i = 0; i < count; i++) {
240 			s32 __user *intp = valuep;
241 			int val;
242 			if (get_user(val, &intp[i]))
243 				return -EFAULT;
244 			data->value.integer.value[i] = val;
245 		}
246 	} else {
247 		size = get_elem_size(type, count);
248 		if (size < 0) {
249 			dev_err(card->dev, "snd_ioctl32_ctl_elem_value: unknown type %d\n", type);
250 			return -EINVAL;
251 		}
252 		if (copy_from_user(data->value.bytes.data, valuep, size))
253 			return -EFAULT;
254 	}
255 
256 	*typep = type;
257 	*countp = count;
258 	return 0;
259 }
260 
261 /* restore the value to 32bit */
copy_ctl_value_to_user(void __user * userdata,void __user * valuep,struct snd_ctl_elem_value * data,int type,int count)262 static int copy_ctl_value_to_user(void __user *userdata,
263 				  void __user *valuep,
264 				  struct snd_ctl_elem_value *data,
265 				  int type, int count)
266 {
267 	struct snd_ctl_elem_value32 __user *data32 = userdata;
268 	int i, size;
269 
270 	if (type == SNDRV_CTL_ELEM_TYPE_BOOLEAN ||
271 	    type == SNDRV_CTL_ELEM_TYPE_INTEGER) {
272 		for (i = 0; i < count; i++) {
273 			s32 __user *intp = valuep;
274 			int val;
275 			val = data->value.integer.value[i];
276 			if (put_user(val, &intp[i]))
277 				return -EFAULT;
278 		}
279 	} else {
280 		size = get_elem_size(type, count);
281 		if (copy_to_user(valuep, data->value.bytes.data, size))
282 			return -EFAULT;
283 	}
284 	if (copy_to_user(&data32->id, &data->id, sizeof(data32->id)))
285 		return -EFAULT;
286 	return 0;
287 }
288 
ctl_elem_read_user(struct snd_card * card,void __user * userdata,void __user * valuep)289 static int ctl_elem_read_user(struct snd_card *card,
290 			      void __user *userdata, void __user *valuep)
291 {
292 	struct snd_ctl_elem_value *data;
293 	int err, type, count;
294 
295 	data = kzalloc(sizeof(*data), GFP_KERNEL);
296 	if (data == NULL)
297 		return -ENOMEM;
298 
299 	err = copy_ctl_value_from_user(card, data, userdata, valuep,
300 				       &type, &count);
301 	if (err < 0)
302 		goto error;
303 
304 	err = snd_ctl_elem_read(card, data);
305 	if (err < 0)
306 		goto error;
307 	err = copy_ctl_value_to_user(userdata, valuep, data, type, count);
308  error:
309 	kfree(data);
310 	return err;
311 }
312 
ctl_elem_write_user(struct snd_ctl_file * file,void __user * userdata,void __user * valuep)313 static int ctl_elem_write_user(struct snd_ctl_file *file,
314 			       void __user *userdata, void __user *valuep)
315 {
316 	struct snd_ctl_elem_value *data;
317 	struct snd_card *card = file->card;
318 	int err, type, count;
319 
320 	data = kzalloc(sizeof(*data), GFP_KERNEL);
321 	if (data == NULL)
322 		return -ENOMEM;
323 
324 	err = copy_ctl_value_from_user(card, data, userdata, valuep,
325 				       &type, &count);
326 	if (err < 0)
327 		goto error;
328 
329 	err = snd_ctl_elem_write(card, file, data);
330 	if (err < 0)
331 		goto error;
332 	err = copy_ctl_value_to_user(userdata, valuep, data, type, count);
333  error:
334 	kfree(data);
335 	return err;
336 }
337 
snd_ctl_elem_read_user_compat(struct snd_card * card,struct snd_ctl_elem_value32 __user * data32)338 static int snd_ctl_elem_read_user_compat(struct snd_card *card,
339 					 struct snd_ctl_elem_value32 __user *data32)
340 {
341 	return ctl_elem_read_user(card, data32, &data32->value);
342 }
343 
snd_ctl_elem_write_user_compat(struct snd_ctl_file * file,struct snd_ctl_elem_value32 __user * data32)344 static int snd_ctl_elem_write_user_compat(struct snd_ctl_file *file,
345 					  struct snd_ctl_elem_value32 __user *data32)
346 {
347 	return ctl_elem_write_user(file, data32, &data32->value);
348 }
349 
350 #ifdef CONFIG_X86_X32
snd_ctl_elem_read_user_x32(struct snd_card * card,struct snd_ctl_elem_value_x32 __user * data32)351 static int snd_ctl_elem_read_user_x32(struct snd_card *card,
352 				      struct snd_ctl_elem_value_x32 __user *data32)
353 {
354 	return ctl_elem_read_user(card, data32, &data32->value);
355 }
356 
snd_ctl_elem_write_user_x32(struct snd_ctl_file * file,struct snd_ctl_elem_value_x32 __user * data32)357 static int snd_ctl_elem_write_user_x32(struct snd_ctl_file *file,
358 				       struct snd_ctl_elem_value_x32 __user *data32)
359 {
360 	return ctl_elem_write_user(file, data32, &data32->value);
361 }
362 #endif /* CONFIG_X86_X32 */
363 
364 /* add or replace a user control */
snd_ctl_elem_add_compat(struct snd_ctl_file * file,struct snd_ctl_elem_info32 __user * data32,int replace)365 static int snd_ctl_elem_add_compat(struct snd_ctl_file *file,
366 				   struct snd_ctl_elem_info32 __user *data32,
367 				   int replace)
368 {
369 	struct snd_ctl_elem_info *data;
370 	int err;
371 
372 	data = kzalloc(sizeof(*data), GFP_KERNEL);
373 	if (! data)
374 		return -ENOMEM;
375 
376 	err = -EFAULT;
377 	/* id, type, access, count */ \
378 	if (copy_from_user(&data->id, &data32->id, sizeof(data->id)) ||
379 	    copy_from_user(&data->type, &data32->type, 3 * sizeof(u32)))
380 		goto error;
381 	if (get_user(data->owner, &data32->owner))
382 		goto error;
383 	switch (data->type) {
384 	case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
385 	case SNDRV_CTL_ELEM_TYPE_INTEGER:
386 		if (get_user(data->value.integer.min, &data32->value.integer.min) ||
387 		    get_user(data->value.integer.max, &data32->value.integer.max) ||
388 		    get_user(data->value.integer.step, &data32->value.integer.step))
389 			goto error;
390 		break;
391 	case SNDRV_CTL_ELEM_TYPE_INTEGER64:
392 		if (copy_from_user(&data->value.integer64,
393 				   &data32->value.integer64,
394 				   sizeof(data->value.integer64)))
395 			goto error;
396 		break;
397 	case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
398 		if (copy_from_user(&data->value.enumerated,
399 				   &data32->value.enumerated,
400 				   sizeof(data->value.enumerated)))
401 			goto error;
402 		data->value.enumerated.names_ptr =
403 			(uintptr_t)compat_ptr(data->value.enumerated.names_ptr);
404 		break;
405 	default:
406 		break;
407 	}
408 	err = snd_ctl_elem_add(file, data, replace);
409  error:
410 	kfree(data);
411 	return err;
412 }
413 
414 enum {
415 	SNDRV_CTL_IOCTL_ELEM_LIST32 = _IOWR('U', 0x10, struct snd_ctl_elem_list32),
416 	SNDRV_CTL_IOCTL_ELEM_INFO32 = _IOWR('U', 0x11, struct snd_ctl_elem_info32),
417 	SNDRV_CTL_IOCTL_ELEM_READ32 = _IOWR('U', 0x12, struct snd_ctl_elem_value32),
418 	SNDRV_CTL_IOCTL_ELEM_WRITE32 = _IOWR('U', 0x13, struct snd_ctl_elem_value32),
419 	SNDRV_CTL_IOCTL_ELEM_ADD32 = _IOWR('U', 0x17, struct snd_ctl_elem_info32),
420 	SNDRV_CTL_IOCTL_ELEM_REPLACE32 = _IOWR('U', 0x18, struct snd_ctl_elem_info32),
421 #ifdef CONFIG_X86_X32
422 	SNDRV_CTL_IOCTL_ELEM_READ_X32 = _IOWR('U', 0x12, struct snd_ctl_elem_value_x32),
423 	SNDRV_CTL_IOCTL_ELEM_WRITE_X32 = _IOWR('U', 0x13, struct snd_ctl_elem_value_x32),
424 #endif /* CONFIG_X86_X32 */
425 };
426 
snd_ctl_ioctl_compat(struct file * file,unsigned int cmd,unsigned long arg)427 static inline long snd_ctl_ioctl_compat(struct file *file, unsigned int cmd, unsigned long arg)
428 {
429 	struct snd_ctl_file *ctl;
430 	struct snd_kctl_ioctl *p;
431 	void __user *argp = compat_ptr(arg);
432 	int err;
433 
434 	ctl = file->private_data;
435 	if (snd_BUG_ON(!ctl || !ctl->card))
436 		return -ENXIO;
437 
438 	switch (cmd) {
439 	case SNDRV_CTL_IOCTL_PVERSION:
440 	case SNDRV_CTL_IOCTL_CARD_INFO:
441 	case SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS:
442 	case SNDRV_CTL_IOCTL_POWER:
443 	case SNDRV_CTL_IOCTL_POWER_STATE:
444 	case SNDRV_CTL_IOCTL_ELEM_LOCK:
445 	case SNDRV_CTL_IOCTL_ELEM_UNLOCK:
446 	case SNDRV_CTL_IOCTL_ELEM_REMOVE:
447 	case SNDRV_CTL_IOCTL_TLV_READ:
448 	case SNDRV_CTL_IOCTL_TLV_WRITE:
449 	case SNDRV_CTL_IOCTL_TLV_COMMAND:
450 		return snd_ctl_ioctl(file, cmd, (unsigned long)argp);
451 	case SNDRV_CTL_IOCTL_ELEM_LIST32:
452 		return snd_ctl_elem_list_compat(ctl->card, argp);
453 	case SNDRV_CTL_IOCTL_ELEM_INFO32:
454 		return snd_ctl_elem_info_compat(ctl, argp);
455 	case SNDRV_CTL_IOCTL_ELEM_READ32:
456 		return snd_ctl_elem_read_user_compat(ctl->card, argp);
457 	case SNDRV_CTL_IOCTL_ELEM_WRITE32:
458 		return snd_ctl_elem_write_user_compat(ctl, argp);
459 	case SNDRV_CTL_IOCTL_ELEM_ADD32:
460 		return snd_ctl_elem_add_compat(ctl, argp, 0);
461 	case SNDRV_CTL_IOCTL_ELEM_REPLACE32:
462 		return snd_ctl_elem_add_compat(ctl, argp, 1);
463 #ifdef CONFIG_X86_X32
464 	case SNDRV_CTL_IOCTL_ELEM_READ_X32:
465 		return snd_ctl_elem_read_user_x32(ctl->card, argp);
466 	case SNDRV_CTL_IOCTL_ELEM_WRITE_X32:
467 		return snd_ctl_elem_write_user_x32(ctl, argp);
468 #endif /* CONFIG_X86_X32 */
469 	}
470 
471 	down_read(&snd_ioctl_rwsem);
472 	list_for_each_entry(p, &snd_control_compat_ioctls, list) {
473 		if (p->fioctl) {
474 			err = p->fioctl(ctl->card, ctl, cmd, arg);
475 			if (err != -ENOIOCTLCMD) {
476 				up_read(&snd_ioctl_rwsem);
477 				return err;
478 			}
479 		}
480 	}
481 	up_read(&snd_ioctl_rwsem);
482 	return -ENOIOCTLCMD;
483 }
484