projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'trace-v5.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt...
[linux-2.6-block.git] / drivers / input / evdev.c
CommitLineData
d2912cb1 1// SPDX-License-Identifier: GPL-2.0-only
1da177e4
LT		 2/*
3 * Event char devices, giving access to raw input device events.
4 *
5 * Copyright (c) 1999-2002 Vojtech Pavlik
1da177e4
LT		 6 */
7
da0c4901
JP		 8#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9
1da177e4
LT		 10#define EVDEV_MINOR_BASE 64
11#define EVDEV_MINORS 32
63a6404d
HR		 12#define EVDEV_MIN_BUFFER_SIZE 64U
13#define EVDEV_BUF_PACKETS 8
1da177e4
LT		 14
15#include <linux/poll.h>
a99bbaf5 16#include <linux/sched.h>
1da177e4 17#include <linux/slab.h>
92eb77d0
DS		 18#include <linux/vmalloc.h>
19#include <linux/mm.h>
1da177e4
LT		 20#include <linux/module.h>
21#include <linux/init.h>
1cf0c6e6 22#include <linux/input/mt.h>
1da177e4 23#include <linux/major.h>
1da177e4 24#include <linux/device.h>
7f8d4cad 25#include <linux/cdev.h>
2d56f3a3 26#include "input-compat.h"
1da177e4 27
aac8bcf1
AM		 28enum evdev_clock_type {
29 EV_CLK_REAL = 0,
30 EV_CLK_MONO,
31 EV_CLK_BOOT,
32 EV_CLK_MAX
33};
34
1da177e4 35struct evdev {
1da177e4 36 int open;
1da177e4
LT		 37 struct input_handle handle;
38 wait_queue_head_t wait;
2be85279 39 struct evdev_client __rcu *grab;
d0ffb9be 40 struct list_head client_list;
6addb1d6
DT		 41 spinlock_t client_lock; /* protects client_list */
42 struct mutex mutex;
9657d75c 43 struct device dev;
7f8d4cad 44 struct cdev cdev;
20da92de 45 bool exist;
1da177e4
LT		 46};
47
d0ffb9be 48struct evdev_client {
9fb0f14e
JB		 49 unsigned int head;
50 unsigned int tail;
cdda911c 51 unsigned int packet_head; /* [future] position of the first element of next packet */
6addb1d6 52 spinlock_t buffer_lock; /* protects access to buffer, head and tail */
1da177e4
LT		 53 struct fasync_struct *fasync;
54 struct evdev *evdev;
55 struct list_head node;
bf5f18d7 56 unsigned int clk_type;
c7dc6573 57 bool revoked;
06a16293 58 unsigned long *evmasks[EV_CNT];
9fb0f14e 59 unsigned int bufsize;
b58f7086 60 struct input_event buffer[];
1da177e4
LT		 61};
62
06a16293
DH		 63static size_t evdev_get_mask_cnt(unsigned int type)
64{
65 static const size_t counts[EV_CNT] = {
66 /* EV_SYN==0 is EV_CNT, _not_ SYN_CNT, see EVIOCGBIT */
67 [EV_SYN] = EV_CNT,
68 [EV_KEY] = KEY_CNT,
69 [EV_REL] = REL_CNT,
70 [EV_ABS] = ABS_CNT,
71 [EV_MSC] = MSC_CNT,
72 [EV_SW] = SW_CNT,
73 [EV_LED] = LED_CNT,
74 [EV_SND] = SND_CNT,
75 [EV_FF] = FF_CNT,
76 };
77
78 return (type < EV_CNT) ? counts[type] : 0;
79}
80
81/* requires the buffer lock to be held */
82static bool __evdev_is_filtered(struct evdev_client *client,
83 unsigned int type,
84 unsigned int code)
85{
86 unsigned long *mask;
87 size_t cnt;
88
89 /* EV_SYN and unknown codes are never filtered */
90 if (type == EV_SYN || type >= EV_CNT)
91 return false;
92
93 /* first test whether the type is filtered */
94 mask = client->evmasks[0];
95 if (mask && !test_bit(type, mask))
96 return true;
97
98 /* unknown values are never filtered */
99 cnt = evdev_get_mask_cnt(type);
100 if (!cnt || code >= cnt)
101 return false;
102
103 mask = client->evmasks[type];
104 return mask && !test_bit(code, mask);
105}
106
48318028
DH		 107/* flush queued events of type @type, caller must hold client->buffer_lock */
108static void __evdev_flush_queue(struct evdev_client *client, unsigned int type)
109{
110 unsigned int i, head, num;
111 unsigned int mask = client->bufsize - 1;
112 bool is_report;
113 struct input_event *ev;
114
115 BUG_ON(type == EV_SYN);
116
117 head = client->tail;
118 client->packet_head = client->tail;
119
120 /* init to 1 so a leading SYN_REPORT will not be dropped */
121 num = 1;
122
123 for (i = client->tail; i != client->head; i = (i + 1) & mask) {
124 ev = &client->buffer[i];
125 is_report = ev->type == EV_SYN && ev->code == SYN_REPORT;
126
127 if (ev->type == type) {
128 /* drop matched entry */
129 continue;
130 } else if (is_report && !num) {
131 /* drop empty SYN_REPORT groups */
132 continue;
133 } else if (head != i) {
134 /* move entry to fill the gap */
152194fe 135 client->buffer[head] = *ev;
48318028
DH		 136 }
137
138 num++;
139 head = (head + 1) & mask;
140
141 if (is_report) {
142 num = 0;
143 client->packet_head = head;
144 }
145 }
146
147 client->head = head;
148}
149
b881d537 150static void __evdev_queue_syn_dropped(struct evdev_client *client)
48318028 151{
48318028
DH		 152 struct input_event ev;
153 ktime_t time;
152194fe 154 struct timespec64 ts;
48318028 155
aac8bcf1
AM		 156 time = client->clk_type == EV_CLK_REAL ?
157 ktime_get_real() :
158 client->clk_type == EV_CLK_MONO ?
159 ktime_get() :
160 ktime_get_boottime();
48318028 161
152194fe
DD		 162 ts = ktime_to_timespec64(time);
163 ev.input_event_sec = ts.tv_sec;
164 ev.input_event_usec = ts.tv_nsec / NSEC_PER_USEC;
48318028
DH		 165 ev.type = EV_SYN;
166 ev.code = SYN_DROPPED;
167 ev.value = 0;
168
48318028
DH		 169 client->buffer[client->head++] = ev;
170 client->head &= client->bufsize - 1;
171
172 if (unlikely(client->head == client->tail)) {
173 /* drop queue but keep our SYN_DROPPED event */
174 client->tail = (client->head - 1) & (client->bufsize - 1);
175 client->packet_head = client->tail;
176 }
b881d537
DT		 177}
178
179static void evdev_queue_syn_dropped(struct evdev_client *client)
180{
181 unsigned long flags;
48318028 182
b881d537
DT		 183 spin_lock_irqsave(&client->buffer_lock, flags);
184 __evdev_queue_syn_dropped(client);
48318028
DH		 185 spin_unlock_irqrestore(&client->buffer_lock, flags);
186}
187
0c3e9943
AG		 188static int evdev_set_clk_type(struct evdev_client *client, unsigned int clkid)
189{
b881d537 190 unsigned long flags;
bf5f18d7 191 unsigned int clk_type;
0c3e9943
AG		 192
193 switch (clkid) {
194
195 case CLOCK_REALTIME:
bf5f18d7 196 clk_type = EV_CLK_REAL;
0c3e9943
AG		 197 break;
198 case CLOCK_MONOTONIC:
bf5f18d7 199 clk_type = EV_CLK_MONO;
0c3e9943
AG		 200 break;
201 case CLOCK_BOOTTIME:
bf5f18d7 202 clk_type = EV_CLK_BOOT;
0c3e9943
AG		 203 break;
204 default:
205 return -EINVAL;
206 }
207
bf5f18d7
AM		 208 if (client->clk_type != clk_type) {
209 client->clk_type = clk_type;
b881d537 210
bf5f18d7
AM		 211 /*
212 * Flush pending events and queue SYN_DROPPED event,
213 * but only if the queue is not empty.
214 */
215 spin_lock_irqsave(&client->buffer_lock, flags);
b881d537 216
bf5f18d7
AM		 217 if (client->head != client->tail) {
218 client->packet_head = client->head = client->tail;
219 __evdev_queue_syn_dropped(client);
220 }
221
222 spin_unlock_irqrestore(&client->buffer_lock, flags);
223 }
0c3e9943
AG		 224
225 return 0;
226}
227
a274ac15
HR		 228static void __pass_event(struct evdev_client *client,
229 const struct input_event *event)
6addb1d6 230{
9fb0f14e
JB		 231 client->buffer[client->head++] = *event;
232 client->head &= client->bufsize - 1;
233
234 if (unlikely(client->head == client->tail)) {
235 /*
236 * This effectively "drops" all unconsumed events, leaving
237 * EV_SYN/SYN_DROPPED plus the newest event in the queue.
238 */
239 client->tail = (client->head - 2) & (client->bufsize - 1);
240
152194fe
DD		 241 client->buffer[client->tail].input_event_sec =
242 event->input_event_sec;
243 client->buffer[client->tail].input_event_usec =
244 event->input_event_usec;
9fb0f14e
JB		 245 client->buffer[client->tail].type = EV_SYN;
246 client->buffer[client->tail].code = SYN_DROPPED;
247 client->buffer[client->tail].value = 0;
9fb0f14e 248
cdda911c
JB		 249 client->packet_head = client->tail;
250 }
6addb1d6 251
cdda911c
JB		 252 if (event->type == EV_SYN && event->code == SYN_REPORT) {
253 client->packet_head = client->head;
30a589fd 254 kill_fasync(&client->fasync, SIGIO, POLL_IN);
cdda911c 255 }
a274ac15
HR		 256}
257
258static void evdev_pass_values(struct evdev_client *client,
259 const struct input_value *vals, unsigned int count,
aac8bcf1 260 ktime_t *ev_time)
a274ac15
HR		 261{
262 struct evdev *evdev = client->evdev;
263 const struct input_value *v;
264 struct input_event event;
152194fe 265 struct timespec64 ts;
a274ac15
HR		 266 bool wakeup = false;
267
c7dc6573
DH		 268 if (client->revoked)
269 return;
270
152194fe
DD		 271 ts = ktime_to_timespec64(ev_time[client->clk_type]);
272 event.input_event_sec = ts.tv_sec;
273 event.input_event_usec = ts.tv_nsec / NSEC_PER_USEC;
a274ac15
HR		 274
275 /* Interrupts are disabled, just acquire the lock. */
276 spin_lock(&client->buffer_lock);
277
278 for (v = vals; v != vals + count; v++) {
06a16293
DH		 279 if (__evdev_is_filtered(client, v->type, v->code))
280 continue;
281
282 if (v->type == EV_SYN && v->code == SYN_REPORT) {
283 /* drop empty SYN_REPORT */
284 if (client->packet_head == client->head)
285 continue;
286
287 wakeup = true;
288 }
289
a274ac15
HR		 290 event.type = v->type;
291 event.code = v->code;
292 event.value = v->value;
293 __pass_event(client, &event);
a274ac15 294 }
cdda911c
JB		 295
296 spin_unlock(&client->buffer_lock);
a274ac15
HR		 297
298 if (wakeup)
299 wake_up_interruptible(&evdev->wait);
6addb1d6
DT		 300}
301
302/*
a274ac15 303 * Pass incoming events to all connected clients.
6addb1d6 304 */
a274ac15
HR		 305static void evdev_events(struct input_handle *handle,
306 const struct input_value *vals, unsigned int count)
1da177e4
LT		 307{
308 struct evdev *evdev = handle->private;
d0ffb9be 309 struct evdev_client *client;
aac8bcf1 310 ktime_t ev_time[EV_CLK_MAX];
a80b83b7 311
aac8bcf1
AM		 312 ev_time[EV_CLK_MONO] = ktime_get();
313 ev_time[EV_CLK_REAL] = ktime_mono_to_real(ev_time[EV_CLK_MONO]);
314 ev_time[EV_CLK_BOOT] = ktime_mono_to_any(ev_time[EV_CLK_MONO],
315 TK_OFFS_BOOT);
1da177e4 316
82ba56c2
DT		 317 rcu_read_lock();
318
6addb1d6 319 client = rcu_dereference(evdev->grab);
a80b83b7 320
6addb1d6 321 if (client)
aac8bcf1 322 evdev_pass_values(client, vals, count, ev_time);
6addb1d6
DT		 323 else
324 list_for_each_entry_rcu(client, &evdev->client_list, node)
aac8bcf1 325 evdev_pass_values(client, vals, count, ev_time);
1da177e4 326
82ba56c2 327 rcu_read_unlock();
a274ac15 328}
82ba56c2 329
a274ac15
HR		 330/*
331 * Pass incoming event to all connected clients.
332 */
333static void evdev_event(struct input_handle *handle,
334 unsigned int type, unsigned int code, int value)
335{
336 struct input_value vals[] = { { type, code, value } };
337
338 evdev_events(handle, vals, 1);
1da177e4
LT		 339}
340
341static int evdev_fasync(int fd, struct file *file, int on)
342{
d0ffb9be 343 struct evdev_client *client = file->private_data;
1e0afb28 344
60aa4924 345 return fasync_helper(fd, file, on, &client->fasync);
1da177e4
LT		 346}
347
1e0afb28 348static int evdev_flush(struct file *file, fl_owner_t id)
1da177e4 349{
d0ffb9be
DT		 350 struct evdev_client *client = file->private_data;
351 struct evdev *evdev = client->evdev;
6addb1d6 352
eb38f3a4 353 mutex_lock(&evdev->mutex);
1e0afb28 354
eb38f3a4
TI		 355 if (evdev->exist && !client->revoked)
356 input_flush_device(&evdev->handle, file);
1e0afb28 357
6addb1d6 358 mutex_unlock(&evdev->mutex);
eb38f3a4 359 return 0;
1da177e4
LT		 360}
361
9657d75c 362static void evdev_free(struct device *dev)
1da177e4 363{
9657d75c
DT		 364 struct evdev *evdev = container_of(dev, struct evdev, dev);
365
a7097ff8 366 input_put_device(evdev->handle.dev);
1da177e4
LT		 367 kfree(evdev);
368}
369
6addb1d6
DT		 370/*
371 * Grabs an event device (along with underlying input device).
372 * This function is called with evdev->mutex taken.
373 */
374static int evdev_grab(struct evdev *evdev, struct evdev_client *client)
375{
376 int error;
377
378 if (evdev->grab)
379 return -EBUSY;
380
381 error = input_grab_device(&evdev->handle);
382 if (error)
383 return error;
384
385 rcu_assign_pointer(evdev->grab, client);
6addb1d6
DT		 386
387 return 0;
388}
389
390static int evdev_ungrab(struct evdev *evdev, struct evdev_client *client)
391{
dba42580
DT		 392 struct evdev_client *grab = rcu_dereference_protected(evdev->grab,
393 lockdep_is_held(&evdev->mutex));
394
395 if (grab != client)
6addb1d6
DT		 396 return -EINVAL;
397
398 rcu_assign_pointer(evdev->grab, NULL);
82ba56c2 399 synchronize_rcu();
6addb1d6
DT		 400 input_release_device(&evdev->handle);
401
402 return 0;
403}
404
405static void evdev_attach_client(struct evdev *evdev,
406 struct evdev_client *client)
407{
408 spin_lock(&evdev->client_lock);
409 list_add_tail_rcu(&client->node, &evdev->client_list);
410 spin_unlock(&evdev->client_lock);
6addb1d6
DT		 411}
412
413static void evdev_detach_client(struct evdev *evdev,
414 struct evdev_client *client)
415{
416 spin_lock(&evdev->client_lock);
417 list_del_rcu(&client->node);
418 spin_unlock(&evdev->client_lock);
82ba56c2 419 synchronize_rcu();
6addb1d6
DT		 420}
421
422static int evdev_open_device(struct evdev *evdev)
423{
424 int retval;
425
426 retval = mutex_lock_interruptible(&evdev->mutex);
427 if (retval)
428 return retval;
429
430 if (!evdev->exist)
431 retval = -ENODEV;
06445014 432 else if (!evdev->open++) {
6addb1d6 433 retval = input_open_device(&evdev->handle);
06445014
ON		 434 if (retval)
435 evdev->open--;
436 }
6addb1d6
DT		 437
438 mutex_unlock(&evdev->mutex);
439 return retval;
440}
441
442static void evdev_close_device(struct evdev *evdev)
443{
444 mutex_lock(&evdev->mutex);
445
446 if (evdev->exist && !--evdev->open)
447 input_close_device(&evdev->handle);
448
449 mutex_unlock(&evdev->mutex);
450}
451
452/*
453 * Wake up users waiting for IO so they can disconnect from
454 * dead device.
455 */
456static void evdev_hangup(struct evdev *evdev)
457{
458 struct evdev_client *client;
459
460 spin_lock(&evdev->client_lock);
461 list_for_each_entry(client, &evdev->client_list, node)
462 kill_fasync(&client->fasync, SIGIO, POLL_HUP);
463 spin_unlock(&evdev->client_lock);
464
465 wake_up_interruptible(&evdev->wait);
466}
467
d0ffb9be 468static int evdev_release(struct inode *inode, struct file *file)
1da177e4 469{
d0ffb9be
DT		 470 struct evdev_client *client = file->private_data;
471 struct evdev *evdev = client->evdev;
06a16293 472 unsigned int i;
1da177e4 473
6addb1d6 474 mutex_lock(&evdev->mutex);
dba42580 475 evdev_ungrab(evdev, client);
6addb1d6 476 mutex_unlock(&evdev->mutex);
1da177e4 477
6addb1d6 478 evdev_detach_client(evdev, client);
92eb77d0 479
06a16293 480 for (i = 0; i < EV_CNT; ++i)
6078091c 481 bitmap_free(client->evmasks[i]);
06a16293 482
67367fd2 483 kvfree(client);
1da177e4 484
6addb1d6 485 evdev_close_device(evdev);
1da177e4 486
1da177e4
LT		 487 return 0;
488}
489
b58f7086
HR		 490static unsigned int evdev_compute_buffer_size(struct input_dev *dev)
491{
63a6404d
HR		 492 unsigned int n_events =
493 max(dev->hint_events_per_packet * EVDEV_BUF_PACKETS,
494 EVDEV_MIN_BUFFER_SIZE);
495
496 return roundup_pow_of_two(n_events);
b58f7086
HR		 497}
498
d0ffb9be 499static int evdev_open(struct inode *inode, struct file *file)
1da177e4 500{
7f8d4cad
DT		 501 struct evdev *evdev = container_of(inode->i_cdev, struct evdev, cdev);
502 unsigned int bufsize = evdev_compute_buffer_size(evdev->handle.dev);
6addb1d6 503 struct evdev_client *client;
d542ed82 504 int error;
1da177e4 505
ecdf3a96
GS		 506 client = kzalloc(struct_size(client, buffer, bufsize),
507 GFP_KERNEL | __GFP_NOWARN);
92eb77d0 508 if (!client)
ecdf3a96 509 client = vzalloc(struct_size(client, buffer, bufsize));
7f8d4cad
DT		 510 if (!client)
511 return -ENOMEM;
1da177e4 512
b58f7086 513 client->bufsize = bufsize;
6addb1d6 514 spin_lock_init(&client->buffer_lock);
d0ffb9be 515 client->evdev = evdev;
6addb1d6 516 evdev_attach_client(evdev, client);
1da177e4 517
6addb1d6
DT		 518 error = evdev_open_device(evdev);
519 if (error)
520 goto err_free_client;
1da177e4 521
d0ffb9be 522 file->private_data = client;
c5bf68fe 523 stream_open(inode, file);
3d7bbd45 524
1da177e4 525 return 0;
9657d75c
DT		 526
527 err_free_client:
6addb1d6 528 evdev_detach_client(evdev, client);
92788ac1 529 kvfree(client);
9657d75c 530 return error;
1da177e4
LT		 531}
532
6addb1d6
DT		 533static ssize_t evdev_write(struct file *file, const char __user *buffer,
534 size_t count, loff_t *ppos)
3a51f7c4 535{
d0ffb9be
DT		 536 struct evdev_client *client = file->private_data;
537 struct evdev *evdev = client->evdev;
3a51f7c4 538 struct input_event event;
02dfc496 539 int retval = 0;
52658bb6 540
2872a9b5 541 if (count != 0 && count < input_event_size())
439581ec
PK		 542 return -EINVAL;
543
6addb1d6
DT		 544 retval = mutex_lock_interruptible(&evdev->mutex);
545 if (retval)
546 return retval;
547
c7dc6573 548 if (!evdev->exist || client->revoked) {
6addb1d6
DT		 549 retval = -ENODEV;
550 goto out;
551 }
52658bb6 552
2872a9b5
DT		 553 while (retval + input_event_size() <= count) {
554
2d56f3a3 555 if (input_event_from_user(buffer + retval, &event)) {
6addb1d6
DT		 556 retval = -EFAULT;
557 goto out;
558 }
439581ec 559 retval += input_event_size();
6addb1d6
DT		 560
561 input_inject_event(&evdev->handle,
562 event.type, event.code, event.value);
36d2582f 563 cond_resched();
2872a9b5 564 }
52658bb6 565
6addb1d6
DT		 566 out:
567 mutex_unlock(&evdev->mutex);
52658bb6
JK		 568 return retval;
569}
52658bb6 570
6addb1d6
DT		 571static int evdev_fetch_next_event(struct evdev_client *client,
572 struct input_event *event)
573{
574 int have_event;
575
576 spin_lock_irq(&client->buffer_lock);
577
566cf5b6 578 have_event = client->packet_head != client->tail;
6addb1d6
DT		 579 if (have_event) {
580 *event = client->buffer[client->tail++];
b58f7086 581 client->tail &= client->bufsize - 1;
6addb1d6
DT		 582 }
583
584 spin_unlock_irq(&client->buffer_lock);
585
586 return have_event;
587}
588
589static ssize_t evdev_read(struct file *file, char __user *buffer,
590 size_t count, loff_t *ppos)
1da177e4 591{
d0ffb9be
DT		 592 struct evdev_client *client = file->private_data;
593 struct evdev *evdev = client->evdev;
6addb1d6 594 struct input_event event;
2872a9b5
DT		 595 size_t read = 0;
596 int error;
1da177e4 597
2872a9b5 598 if (count != 0 && count < input_event_size())
1da177e4
LT		 599 return -EINVAL;
600
2872a9b5 601 for (;;) {
c7dc6573 602 if (!evdev->exist || client->revoked)
2872a9b5 603 return -ENODEV;
1da177e4 604
2872a9b5
DT		 605 if (client->packet_head == client->tail &&
606 (file->f_flags & O_NONBLOCK))
607 return -EAGAIN;
608
609 /*
610 * count == 0 is special - no IO is done but we check
611 * for error conditions (see above).
612 */
613 if (count == 0)
614 break;
1da177e4 615
2872a9b5
DT		 616 while (read + input_event_size() <= count &&
617 evdev_fetch_next_event(client, &event)) {
3a51f7c4 618
2872a9b5
DT		 619 if (input_event_to_user(buffer + read, &event))
620 return -EFAULT;
3a51f7c4 621
2872a9b5
DT		 622 read += input_event_size();
623 }
1da177e4 624
2872a9b5
DT		 625 if (read)
626 break;
e90f869c 627
2872a9b5
DT		 628 if (!(file->f_flags & O_NONBLOCK)) {
629 error = wait_event_interruptible(evdev->wait,
630 client->packet_head != client->tail ||
c7dc6573 631 !evdev->exist || client->revoked);
2872a9b5
DT		 632 if (error)
633 return error;
634 }
635 }
636
637 return read;
1da177e4
LT		 638}
639
640/* No kernel lock - fine */
afc9a42b 641static __poll_t evdev_poll(struct file *file, poll_table *wait)
1da177e4 642{
d0ffb9be
DT		 643 struct evdev_client *client = file->private_data;
644 struct evdev *evdev = client->evdev;
afc9a42b 645 __poll_t mask;
1e0afb28 646
d0ffb9be 647 poll_wait(file, &evdev->wait, wait);
c18fb139 648
c7dc6573 649 if (evdev->exist && !client->revoked)
a9a08845 650 mask = EPOLLOUT | EPOLLWRNORM;
c7dc6573 651 else
a9a08845 652 mask = EPOLLHUP | EPOLLERR;
c7dc6573 653
cdda911c 654 if (client->packet_head != client->tail)
a9a08845 655 mask |= EPOLLIN | EPOLLRDNORM;
c18fb139
DT		 656
657 return mask;
1da177e4
LT		 658}
659
3a51f7c4
DT		 660#ifdef CONFIG_COMPAT
661
662#define BITS_PER_LONG_COMPAT (sizeof(compat_long_t) * 8)
7b19ada2 663#define BITS_TO_LONGS_COMPAT(x) ((((x) - 1) / BITS_PER_LONG_COMPAT) + 1)
3a51f7c4
DT		 664
665#ifdef __BIG_ENDIAN
666static int bits_to_user(unsigned long *bits, unsigned int maxbit,
667 unsigned int maxlen, void __user *p, int compat)
668{
669 int len, i;
670
671 if (compat) {
7b19ada2 672 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t);
bf61f8d3 673 if (len > maxlen)
3a51f7c4
DT		 674 len = maxlen;
675
676 for (i = 0; i < len / sizeof(compat_long_t); i++)
677 if (copy_to_user((compat_long_t __user *) p + i,
678 (compat_long_t *) bits +
679 i + 1 - ((i % 2) << 1),
680 sizeof(compat_long_t)))
681 return -EFAULT;
682 } else {
7b19ada2 683 len = BITS_TO_LONGS(maxbit) * sizeof(long);
3a51f7c4
DT		 684 if (len > maxlen)
685 len = maxlen;
686
687 if (copy_to_user(p, bits, len))
688 return -EFAULT;
689 }
690
691 return len;
692}
06a16293
DH		 693
694static int bits_from_user(unsigned long *bits, unsigned int maxbit,
695 unsigned int maxlen, const void __user *p, int compat)
696{
697 int len, i;
698
699 if (compat) {
700 if (maxlen % sizeof(compat_long_t))
701 return -EINVAL;
702
703 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t);
704 if (len > maxlen)
705 len = maxlen;
706
707 for (i = 0; i < len / sizeof(compat_long_t); i++)
708 if (copy_from_user((compat_long_t *) bits +
709 i + 1 - ((i % 2) << 1),
710 (compat_long_t __user *) p + i,
711 sizeof(compat_long_t)))
712 return -EFAULT;
713 if (i % 2)
714 *((compat_long_t *) bits + i - 1) = 0;
715
716 } else {
717 if (maxlen % sizeof(long))
718 return -EINVAL;
719
720 len = BITS_TO_LONGS(maxbit) * sizeof(long);
721 if (len > maxlen)
722 len = maxlen;
723
724 if (copy_from_user(bits, p, len))
725 return -EFAULT;
726 }
727
728 return len;
729}
730
3a51f7c4 731#else
06a16293 732
3a51f7c4
DT		 733static int bits_to_user(unsigned long *bits, unsigned int maxbit,
734 unsigned int maxlen, void __user *p, int compat)
735{
736 int len = compat ?
7b19ada2
JS		 737 BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t) :
738 BITS_TO_LONGS(maxbit) * sizeof(long);
3a51f7c4
DT		 739
740 if (len > maxlen)
741 len = maxlen;
742
743 return copy_to_user(p, bits, len) ? -EFAULT : len;
744}
06a16293
DH		 745
746static int bits_from_user(unsigned long *bits, unsigned int maxbit,
747 unsigned int maxlen, const void __user *p, int compat)
748{
749 size_t chunk_size = compat ? sizeof(compat_long_t) : sizeof(long);
750 int len;
751
752 if (maxlen % chunk_size)
753 return -EINVAL;
754
755 len = compat ? BITS_TO_LONGS_COMPAT(maxbit) : BITS_TO_LONGS(maxbit);
756 len *= chunk_size;
757 if (len > maxlen)
758 len = maxlen;
759
760 return copy_from_user(bits, p, len) ? -EFAULT : len;
761}
762
3a51f7c4
DT		 763#endif /* __BIG_ENDIAN */
764
765#else
766
767static int bits_to_user(unsigned long *bits, unsigned int maxbit,
768 unsigned int maxlen, void __user *p, int compat)
769{
7b19ada2 770 int len = BITS_TO_LONGS(maxbit) * sizeof(long);
3a51f7c4
DT		 771
772 if (len > maxlen)
773 len = maxlen;
774
775 return copy_to_user(p, bits, len) ? -EFAULT : len;
776}
777
06a16293
DH		 778static int bits_from_user(unsigned long *bits, unsigned int maxbit,
779 unsigned int maxlen, const void __user *p, int compat)
780{
781 int len;
782
783 if (maxlen % sizeof(long))
784 return -EINVAL;
785
786 len = BITS_TO_LONGS(maxbit) * sizeof(long);
787 if (len > maxlen)
788 len = maxlen;
789
790 return copy_from_user(bits, p, len) ? -EFAULT : len;
791}
792
3a51f7c4
DT		 793#endif /* CONFIG_COMPAT */
794
795static int str_to_user(const char *str, unsigned int maxlen, void __user *p)
796{
797 int len;
798
799 if (!str)
800 return -ENOENT;
801
802 len = strlen(str) + 1;
803 if (len > maxlen)
804 len = maxlen;
805
806 return copy_to_user(p, str, len) ? -EFAULT : len;
807}
808
448cd166
DT		 809static int handle_eviocgbit(struct input_dev *dev,
810 unsigned int type, unsigned int size,
811 void __user *p, int compat_mode)
5402a734
LT		 812{
813 unsigned long *bits;
814 int len;
815
448cd166 816 switch (type) {
5402a734
LT		 817
818 case 0: bits = dev->evbit; len = EV_MAX; break;
819 case EV_KEY: bits = dev->keybit; len = KEY_MAX; break;
820 case EV_REL: bits = dev->relbit; len = REL_MAX; break;
821 case EV_ABS: bits = dev->absbit; len = ABS_MAX; break;
822 case EV_MSC: bits = dev->mscbit; len = MSC_MAX; break;
823 case EV_LED: bits = dev->ledbit; len = LED_MAX; break;
824 case EV_SND: bits = dev->sndbit; len = SND_MAX; break;
825 case EV_FF: bits = dev->ffbit; len = FF_MAX; break;
826 case EV_SW: bits = dev->swbit; len = SW_MAX; break;
827 default: return -EINVAL;
828 }
f2afa771 829
448cd166 830 return bits_to_user(bits, len, size, p, compat_mode);
5402a734 831}
5402a734 832
ab4e0192 833static int evdev_handle_get_keycode(struct input_dev *dev, void __user *p)
8613e4c2 834{
ab4e0192
DT		 835 struct input_keymap_entry ke = {
836 .len = sizeof(unsigned int),
837 .flags = 0,
838 };
839 int __user *ip = (int __user *)p;
8613e4c2
MCC		 840 int error;
841
ab4e0192
DT		 842 /* legacy case */
843 if (copy_from_user(ke.scancode, p, sizeof(unsigned int)))
844 return -EFAULT;
8613e4c2 845
ab4e0192
DT		 846 error = input_get_keycode(dev, &ke);
847 if (error)
848 return error;
8613e4c2 849
ab4e0192
DT		 850 if (put_user(ke.keycode, ip + 1))
851 return -EFAULT;
8613e4c2 852
ab4e0192
DT		 853 return 0;
854}
8613e4c2 855
ab4e0192
DT		 856static int evdev_handle_get_keycode_v2(struct input_dev *dev, void __user *p)
857{
858 struct input_keymap_entry ke;
859 int error;
8613e4c2 860
ab4e0192
DT		 861 if (copy_from_user(&ke, p, sizeof(ke)))
862 return -EFAULT;
8613e4c2 863
ab4e0192
DT		 864 error = input_get_keycode(dev, &ke);
865 if (error)
866 return error;
8613e4c2 867
ab4e0192
DT		 868 if (copy_to_user(p, &ke, sizeof(ke)))
869 return -EFAULT;
8613e4c2 870
8613e4c2
MCC		 871 return 0;
872}
873
ab4e0192 874static int evdev_handle_set_keycode(struct input_dev *dev, void __user *p)
8613e4c2 875{
ab4e0192
DT		 876 struct input_keymap_entry ke = {
877 .len = sizeof(unsigned int),
878 .flags = 0,
879 };
880 int __user *ip = (int __user *)p;
8613e4c2 881
ab4e0192
DT		 882 if (copy_from_user(ke.scancode, p, sizeof(unsigned int)))
883 return -EFAULT;
8613e4c2 884
ab4e0192
DT		 885 if (get_user(ke.keycode, ip + 1))
886 return -EFAULT;
8613e4c2 887
ab4e0192
DT		 888 return input_set_keycode(dev, &ke);
889}
8613e4c2 890
ab4e0192
DT		 891static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p)
892{
893 struct input_keymap_entry ke;
8613e4c2 894
ab4e0192
DT		 895 if (copy_from_user(&ke, p, sizeof(ke)))
896 return -EFAULT;
8613e4c2 897
ab4e0192
DT		 898 if (ke.len > sizeof(ke.scancode))
899 return -EINVAL;
8613e4c2
MCC		 900
901 return input_set_keycode(dev, &ke);
902}
903
48318028
DH		 904/*
905 * If we transfer state to the user, we should flush all pending events
906 * of the same type from the client's queue. Otherwise, they might end up
907 * with duplicate events, which can screw up client's state tracking.
908 * If bits_to_user fails after flushing the queue, we queue a SYN_DROPPED
909 * event so user-space will notice missing events.
910 *
911 * LOCKING:
912 * We need to take event_lock before buffer_lock to avoid dead-locks. But we
913 * need the even_lock only to guarantee consistent state. We can safely release
914 * it while flushing the queue. This allows input-core to handle filters while
915 * we flush the queue.
916 */
917static int evdev_handle_get_val(struct evdev_client *client,
918 struct input_dev *dev, unsigned int type,
7c4f5607
DT		 919 unsigned long *bits, unsigned int maxbit,
920 unsigned int maxlen, void __user *p,
921 int compat)
48318028
DH		 922{
923 int ret;
924 unsigned long *mem;
925
6078091c 926 mem = bitmap_alloc(maxbit, GFP_KERNEL);
48318028
DH		 927 if (!mem)
928 return -ENOMEM;
929
930 spin_lock_irq(&dev->event_lock);
931 spin_lock(&client->buffer_lock);
932
6078091c 933 bitmap_copy(mem, bits, maxbit);
48318028
DH		 934
935 spin_unlock(&dev->event_lock);
936
937 __evdev_flush_queue(client, type);
938
939 spin_unlock_irq(&client->buffer_lock);
940
7c4f5607 941 ret = bits_to_user(mem, maxbit, maxlen, p, compat);
48318028 942 if (ret < 0)
b881d537 943 evdev_queue_syn_dropped(client);
48318028 944
6078091c 945 bitmap_free(mem);
48318028
DH		 946
947 return ret;
948}
949
1cf0c6e6
HR		 950static int evdev_handle_mt_request(struct input_dev *dev,
951 unsigned int size,
952 int __user *ip)
953{
8d18fba2 954 const struct input_mt *mt = dev->mt;
1cf0c6e6
HR		 955 unsigned int code;
956 int max_slots;
957 int i;
958
959 if (get_user(code, &ip[0]))
960 return -EFAULT;
8d18fba2 961 if (!mt || !input_is_mt_value(code))
1cf0c6e6
HR		 962 return -EINVAL;
963
964 max_slots = (size - sizeof(__u32)) / sizeof(__s32);
8d18fba2
HR		 965 for (i = 0; i < mt->num_slots && i < max_slots; i++) {
966 int value = input_mt_get_value(&mt->slots[i], code);
967 if (put_user(value, &ip[1 + i]))
1cf0c6e6 968 return -EFAULT;
8d18fba2 969 }
1cf0c6e6
HR		 970
971 return 0;
972}
973
c7dc6573
DH		 974static int evdev_revoke(struct evdev *evdev, struct evdev_client *client,
975 struct file *file)
976{
977 client->revoked = true;
978 evdev_ungrab(evdev, client);
979 input_flush_device(&evdev->handle, file);
980 wake_up_interruptible(&evdev->wait);
981
982 return 0;
983}
984
06a16293
DH		 985/* must be called with evdev-mutex held */
986static int evdev_set_mask(struct evdev_client *client,
987 unsigned int type,
988 const void __user *codes,
989 u32 codes_size,
990 int compat)
991{
992 unsigned long flags, *mask, *oldmask;
993 size_t cnt;
994 int error;
995
996 /* we allow unknown types and 'codes_size > size' for forward-compat */
997 cnt = evdev_get_mask_cnt(type);
998 if (!cnt)
999 return 0;
1000
6078091c 1001 mask = bitmap_zalloc(cnt, GFP_KERNEL);
06a16293
DH		 1002 if (!mask)
1003 return -ENOMEM;
1004
1005 error = bits_from_user(mask, cnt - 1, codes_size, codes, compat);
1006 if (error < 0) {
6078091c 1007 bitmap_free(mask);
06a16293
DH		 1008 return error;
1009 }
1010
1011 spin_lock_irqsave(&client->buffer_lock, flags);
1012 oldmask = client->evmasks[type];
1013 client->evmasks[type] = mask;
1014 spin_unlock_irqrestore(&client->buffer_lock, flags);
1015
6078091c 1016 bitmap_free(oldmask);
06a16293
DH		 1017
1018 return 0;
1019}
1020
1021/* must be called with evdev-mutex held */
1022static int evdev_get_mask(struct evdev_client *client,
1023 unsigned int type,
1024 void __user *codes,
1025 u32 codes_size,
1026 int compat)
1027{
1028 unsigned long *mask;
1029 size_t cnt, size, xfer_size;
1030 int i;
1031 int error;
1032
1033 /* we allow unknown types and 'codes_size > size' for forward-compat */
1034 cnt = evdev_get_mask_cnt(type);
1035 size = sizeof(unsigned long) * BITS_TO_LONGS(cnt);
1036 xfer_size = min_t(size_t, codes_size, size);
1037
1038 if (cnt > 0) {
1039 mask = client->evmasks[type];
1040 if (mask) {
1041 error = bits_to_user(mask, cnt - 1,
1042 xfer_size, codes, compat);
1043 if (error < 0)
1044 return error;
1045 } else {
1046 /* fake mask with all bits set */
1047 for (i = 0; i < xfer_size; i++)
1048 if (put_user(0xffU, (u8 __user *)codes + i))
1049 return -EFAULT;
1050 }
1051 }
1052
1053 if (xfer_size < codes_size)
1054 if (clear_user(codes + xfer_size, codes_size - xfer_size))
1055 return -EFAULT;
1056
1057 return 0;
1058}
1059
6addb1d6
DT		 1060static long evdev_do_ioctl(struct file *file, unsigned int cmd,
1061 void __user *p, int compat_mode)
1da177e4 1062{
d0ffb9be
DT		 1063 struct evdev_client *client = file->private_data;
1064 struct evdev *evdev = client->evdev;
1da177e4
LT		 1065 struct input_dev *dev = evdev->handle.dev;
1066 struct input_absinfo abs;
06a16293 1067 struct input_mask mask;
509ca1a9 1068 struct ff_effect effect;
3a51f7c4 1069 int __user *ip = (int __user *)p;
58b93995 1070 unsigned int i, t, u, v;
448cd166 1071 unsigned int size;
509ca1a9 1072 int error;
1da177e4 1073
448cd166 1074 /* First we check for fixed-length commands */
1da177e4
LT		 1075 switch (cmd) {
1076
6addb1d6
DT		 1077 case EVIOCGVERSION:
1078 return put_user(EV_VERSION, ip);
1da177e4 1079
6addb1d6
DT		 1080 case EVIOCGID:
1081 if (copy_to_user(p, &dev->id, sizeof(struct input_id)))
1082 return -EFAULT;
1083 return 0;
08791e5c 1084
6addb1d6
DT		 1085 case EVIOCGREP:
1086 if (!test_bit(EV_REP, dev->evbit))
1087 return -ENOSYS;
1088 if (put_user(dev->rep[REP_DELAY], ip))
1089 return -EFAULT;
1090 if (put_user(dev->rep[REP_PERIOD], ip + 1))
1091 return -EFAULT;
1092 return 0;
08791e5c 1093
6addb1d6
DT		 1094 case EVIOCSREP:
1095 if (!test_bit(EV_REP, dev->evbit))
1096 return -ENOSYS;
1097 if (get_user(u, ip))
1098 return -EFAULT;
1099 if (get_user(v, ip + 1))
1100 return -EFAULT;
08791e5c 1101
6addb1d6
DT		 1102 input_inject_event(&evdev->handle, EV_REP, REP_DELAY, u);
1103 input_inject_event(&evdev->handle, EV_REP, REP_PERIOD, v);
3a51f7c4 1104
6addb1d6 1105 return 0;
1da177e4 1106
6addb1d6
DT		 1107 case EVIOCRMFF:
1108 return input_ff_erase(dev, (int)(unsigned long) p, file);
1da177e4 1109
6addb1d6
DT		 1110 case EVIOCGEFFECTS:
1111 i = test_bit(EV_FF, dev->evbit) ?
1112 dev->ff->max_effects : 0;
1113 if (put_user(i, ip))
1114 return -EFAULT;
1115 return 0;
1116
1117 case EVIOCGRAB:
1118 if (p)
1119 return evdev_grab(evdev, client);
1120 else
1121 return evdev_ungrab(evdev, client);
ab4e0192 1122
c7dc6573
DH		 1123 case EVIOCREVOKE:
1124 if (p)
1125 return -EINVAL;
1126 else
1127 return evdev_revoke(evdev, client, file);
1128
06a16293
DH		 1129 case EVIOCGMASK: {
1130 void __user *codes_ptr;
1131
1132 if (copy_from_user(&mask, p, sizeof(mask)))
1133 return -EFAULT;
1134
1135 codes_ptr = (void __user *)(unsigned long)mask.codes_ptr;
1136 return evdev_get_mask(client,
1137 mask.type, codes_ptr, mask.codes_size,
1138 compat_mode);
1139 }
1140
1141 case EVIOCSMASK: {
1142 const void __user *codes_ptr;
1143
1144 if (copy_from_user(&mask, p, sizeof(mask)))
1145 return -EFAULT;
1146
1147 codes_ptr = (const void __user *)(unsigned long)mask.codes_ptr;
1148 return evdev_set_mask(client,
1149 mask.type, codes_ptr, mask.codes_size,
1150 compat_mode);
1151 }
1152
a80b83b7
JS		 1153 case EVIOCSCLOCKID:
1154 if (copy_from_user(&i, p, sizeof(unsigned int)))
1155 return -EFAULT;
aac8bcf1
AM		 1156
1157 return evdev_set_clk_type(client, i);
a80b83b7 1158
ab4e0192
DT		 1159 case EVIOCGKEYCODE:
1160 return evdev_handle_get_keycode(dev, p);
1161
1162 case EVIOCSKEYCODE:
1163 return evdev_handle_set_keycode(dev, p);
1164
1165 case EVIOCGKEYCODE_V2:
1166 return evdev_handle_get_keycode_v2(dev, p);
1167
1168 case EVIOCSKEYCODE_V2:
1169 return evdev_handle_set_keycode_v2(dev, p);
448cd166 1170 }
1da177e4 1171
448cd166 1172 size = _IOC_SIZE(cmd);
1da177e4 1173
448cd166
DT		 1174 /* Now check variable-length commands */
1175#define EVIOC_MASK_SIZE(nr) ((nr) & ~(_IOC_SIZEMASK << _IOC_SIZESHIFT))
448cd166 1176 switch (EVIOC_MASK_SIZE(cmd)) {
41e979f8 1177
85b77200
HR		 1178 case EVIOCGPROP(0):
1179 return bits_to_user(dev->propbit, INPUT_PROP_MAX,
1180 size, p, compat_mode);
1181
1cf0c6e6
HR		 1182 case EVIOCGMTSLOTS(0):
1183 return evdev_handle_mt_request(dev, size, ip);
1184
448cd166 1185 case EVIOCGKEY(0):
48318028
DH		 1186 return evdev_handle_get_val(client, dev, EV_KEY, dev->key,
1187 KEY_MAX, size, p, compat_mode);
1da177e4 1188
448cd166 1189 case EVIOCGLED(0):
48318028
DH		 1190 return evdev_handle_get_val(client, dev, EV_LED, dev->led,
1191 LED_MAX, size, p, compat_mode);
1da177e4 1192
448cd166 1193 case EVIOCGSND(0):
48318028
DH		 1194 return evdev_handle_get_val(client, dev, EV_SND, dev->snd,
1195 SND_MAX, size, p, compat_mode);
1da177e4 1196
448cd166 1197 case EVIOCGSW(0):
48318028
DH		 1198 return evdev_handle_get_val(client, dev, EV_SW, dev->sw,
1199 SW_MAX, size, p, compat_mode);
31581066 1200
448cd166
DT		 1201 case EVIOCGNAME(0):
1202 return str_to_user(dev->name, size, p);
1da177e4 1203
448cd166
DT		 1204 case EVIOCGPHYS(0):
1205 return str_to_user(dev->phys, size, p);
1da177e4 1206
448cd166
DT		 1207 case EVIOCGUNIQ(0):
1208 return str_to_user(dev->uniq, size, p);
1da177e4 1209
448cd166
DT		 1210 case EVIOC_MASK_SIZE(EVIOCSFF):
1211 if (input_ff_effect_from_user(p, size, &effect))
1212 return -EFAULT;
1da177e4 1213
448cd166 1214 error = input_ff_upload(dev, &effect, file);
fc7392aa
EV		 1215 if (error)
1216 return error;
1da177e4 1217
448cd166
DT		 1218 if (put_user(effect.id, &(((struct ff_effect __user *)p)->id)))
1219 return -EFAULT;
41e979f8 1220
fc7392aa 1221 return 0;
448cd166 1222 }
1da177e4 1223
448cd166
DT		 1224 /* Multi-number variable-length handlers */
1225 if (_IOC_TYPE(cmd) != 'E')
1226 return -EINVAL;
1da177e4 1227
448cd166 1228 if (_IOC_DIR(cmd) == _IOC_READ) {
6addb1d6 1229
448cd166
DT		 1230 if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0, 0)))
1231 return handle_eviocgbit(dev,
1232 _IOC_NR(cmd) & EV_MAX, size,
1233 p, compat_mode);
1da177e4 1234
448cd166 1235 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) {
f2278f31 1236
0a74a1df
DM		 1237 if (!dev->absinfo)
1238 return -EINVAL;
1239
448cd166
DT		 1240 t = _IOC_NR(cmd) & ABS_MAX;
1241 abs = dev->absinfo[t];
f2278f31 1242
448cd166
DT		 1243 if (copy_to_user(p, &abs, min_t(size_t,
1244 size, sizeof(struct input_absinfo))))
1245 return -EFAULT;
f2278f31 1246
448cd166
DT		 1247 return 0;
1248 }
1249 }
f2278f31 1250
f9ce6eb5 1251 if (_IOC_DIR(cmd) == _IOC_WRITE) {
f2278f31 1252
448cd166 1253 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) {
1da177e4 1254
0a74a1df
DM		 1255 if (!dev->absinfo)
1256 return -EINVAL;
1257
448cd166 1258 t = _IOC_NR(cmd) & ABS_MAX;
41e979f8 1259
448cd166
DT		 1260 if (copy_from_user(&abs, p, min_t(size_t,
1261 size, sizeof(struct input_absinfo))))
1262 return -EFAULT;
1da177e4 1263
448cd166
DT		 1264 if (size < sizeof(struct input_absinfo))
1265 abs.resolution = 0;
d31b2865 1266
448cd166
DT		 1267 /* We can't change number of reserved MT slots */
1268 if (t == ABS_MT_SLOT)
1269 return -EINVAL;
40d007e7 1270
448cd166
DT		 1271 /*
1272 * Take event lock to ensure that we are not
1273 * changing device parameters in the middle
1274 * of event.
1275 */
1276 spin_lock_irq(&dev->event_lock);
1277 dev->absinfo[t] = abs;
1278 spin_unlock_irq(&dev->event_lock);
6addb1d6 1279
448cd166 1280 return 0;
6addb1d6 1281 }
1da177e4 1282 }
448cd166 1283
1da177e4
LT		 1284 return -EINVAL;
1285}
1da177e4 1286
6addb1d6
DT		 1287static long evdev_ioctl_handler(struct file *file, unsigned int cmd,
1288 void __user *p, int compat_mode)
1289{
1290 struct evdev_client *client = file->private_data;
1291 struct evdev *evdev = client->evdev;
1292 int retval;
1293
1294 retval = mutex_lock_interruptible(&evdev->mutex);
1295 if (retval)
1296 return retval;
1297
c7dc6573 1298 if (!evdev->exist || client->revoked) {
6addb1d6
DT		 1299 retval = -ENODEV;
1300 goto out;
1301 }
1302
1303 retval = evdev_do_ioctl(file, cmd, p, compat_mode);
1304
1305 out:
1306 mutex_unlock(&evdev->mutex);
1307 return retval;
1308}
1309
3a51f7c4
DT		 1310static long evdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1311{
1312 return evdev_ioctl_handler(file, cmd, (void __user *)arg, 0);
1313}
41e979f8 1314
3a51f7c4 1315#ifdef CONFIG_COMPAT
6addb1d6
DT		 1316static long evdev_ioctl_compat(struct file *file,
1317 unsigned int cmd, unsigned long arg)
52658bb6 1318{
3a51f7c4 1319 return evdev_ioctl_handler(file, cmd, compat_ptr(arg), 1);
1da177e4 1320}
52658bb6 1321#endif
1da177e4 1322
66e66118 1323static const struct file_operations evdev_fops = {
6addb1d6
DT		 1324 .owner = THIS_MODULE,
1325 .read = evdev_read,
1326 .write = evdev_write,
1327 .poll = evdev_poll,
1328 .open = evdev_open,
1329 .release = evdev_release,
1330 .unlocked_ioctl = evdev_ioctl,
52658bb6 1331#ifdef CONFIG_COMPAT
6addb1d6 1332 .compat_ioctl = evdev_ioctl_compat,
52658bb6 1333#endif
6addb1d6 1334 .fasync = evdev_fasync,
6038f373
AB		 1335 .flush = evdev_flush,
1336 .llseek = no_llseek,
1da177e4
LT		 1337};
1338
6addb1d6
DT		 1339/*
1340 * Mark device non-existent. This disables writes, ioctls and
1341 * prevents new users from opening the device. Already posted
1342 * blocking reads will stay, however new ones will fail.
1343 */
1344static void evdev_mark_dead(struct evdev *evdev)
1345{
1346 mutex_lock(&evdev->mutex);
20da92de 1347 evdev->exist = false;
6addb1d6
DT		 1348 mutex_unlock(&evdev->mutex);
1349}
1350
1351static void evdev_cleanup(struct evdev *evdev)
1352{
1353 struct input_handle *handle = &evdev->handle;
1354
1355 evdev_mark_dead(evdev);
1356 evdev_hangup(evdev);
7f8d4cad 1357
6addb1d6
DT		 1358 /* evdev is marked dead so no one else accesses evdev->open */
1359 if (evdev->open) {
1360 input_flush_device(handle, NULL);
1361 input_close_device(handle);
1362 }
1363}
1364
1365/*
1366 * Create new evdev device. Note that input core serializes calls
7f8d4cad 1367 * to connect and disconnect.
6addb1d6 1368 */
5b2a0826
DT		 1369static int evdev_connect(struct input_handler *handler, struct input_dev *dev,
1370 const struct input_device_id *id)
1da177e4
LT		 1371{
1372 struct evdev *evdev;
1373 int minor;
7f8d4cad 1374 int dev_no;
5b2a0826 1375 int error;
1da177e4 1376
7f8d4cad
DT		 1377 minor = input_get_new_minor(EVDEV_MINOR_BASE, EVDEV_MINORS, true);
1378 if (minor < 0) {
1379 error = minor;
1380 pr_err("failed to reserve new minor: %d\n", error);
1381 return error;
1da177e4
LT		 1382 }
1383
5b2a0826 1384 evdev = kzalloc(sizeof(struct evdev), GFP_KERNEL);
7f8d4cad
DT		 1385 if (!evdev) {
1386 error = -ENOMEM;
1387 goto err_free_minor;
1388 }
1da177e4 1389
d0ffb9be 1390 INIT_LIST_HEAD(&evdev->client_list);
6addb1d6
DT		 1391 spin_lock_init(&evdev->client_lock);
1392 mutex_init(&evdev->mutex);
1da177e4 1393 init_waitqueue_head(&evdev->wait);
20da92de 1394 evdev->exist = true;
7f8d4cad
DT		 1395
1396 dev_no = minor;
1397 /* Normalize device number if it falls into legacy range */
1398 if (dev_no < EVDEV_MINOR_BASE + EVDEV_MINORS)
1399 dev_no -= EVDEV_MINOR_BASE;
1400 dev_set_name(&evdev->dev, "event%d", dev_no);
6addb1d6 1401
a7097ff8 1402 evdev->handle.dev = input_get_device(dev);
3d5cb60e 1403 evdev->handle.name = dev_name(&evdev->dev);
1da177e4
LT		 1404 evdev->handle.handler = handler;
1405 evdev->handle.private = evdev;
1da177e4 1406
7f8d4cad 1407 evdev->dev.devt = MKDEV(INPUT_MAJOR, minor);
9657d75c
DT		 1408 evdev->dev.class = &input_class;
1409 evdev->dev.parent = &dev->dev;
9657d75c
DT		 1410 evdev->dev.release = evdev_free;
1411 device_initialize(&evdev->dev);
5b2a0826 1412
6addb1d6 1413 error = input_register_handle(&evdev->handle);
5b2a0826 1414 if (error)
9657d75c 1415 goto err_free_evdev;
5b2a0826 1416
7f8d4cad 1417 cdev_init(&evdev->cdev, &evdev_fops);
6addb1d6 1418
358a89ca 1419 error = cdev_device_add(&evdev->cdev, &evdev->dev);
5b2a0826 1420 if (error)
6addb1d6 1421 goto err_cleanup_evdev;
1da177e4 1422
5b2a0826 1423 return 0;
1da177e4 1424
6addb1d6
DT		 1425 err_cleanup_evdev:
1426 evdev_cleanup(evdev);
6addb1d6 1427 input_unregister_handle(&evdev->handle);
5b2a0826 1428 err_free_evdev:
9657d75c 1429 put_device(&evdev->dev);
7f8d4cad
DT		 1430 err_free_minor:
1431 input_free_minor(minor);
5b2a0826 1432 return error;
1da177e4
LT		 1433}
1434
1435static void evdev_disconnect(struct input_handle *handle)
1436{
1437 struct evdev *evdev = handle->private;
1da177e4 1438
358a89ca 1439 cdev_device_del(&evdev->cdev, &evdev->dev);
6addb1d6 1440 evdev_cleanup(evdev);
7f8d4cad 1441 input_free_minor(MINOR(evdev->dev.devt));
6addb1d6 1442 input_unregister_handle(handle);
9657d75c 1443 put_device(&evdev->dev);
1da177e4
LT		 1444}
1445
66e66118 1446static const struct input_device_id evdev_ids[] = {
1da177e4
LT		 1447 { .driver_info = 1 }, /* Matches all devices */
1448 { }, /* Terminating zero entry */
1449};
1450
1451MODULE_DEVICE_TABLE(input, evdev_ids);
1452
1453static struct input_handler evdev_handler = {
6addb1d6 1454 .event = evdev_event,
a274ac15 1455 .events = evdev_events,
6addb1d6
DT		 1456 .connect = evdev_connect,
1457 .disconnect = evdev_disconnect,
7f8d4cad 1458 .legacy_minors = true,
6addb1d6
DT		 1459 .minor = EVDEV_MINOR_BASE,
1460 .name = "evdev",
1461 .id_table = evdev_ids,
1da177e4
LT		 1462};
1463
1464static int __init evdev_init(void)
1465{
4263cf0f 1466 return input_register_handler(&evdev_handler);
1da177e4
LT		 1467}
1468
1469static void __exit evdev_exit(void)
1470{
1471 input_unregister_handler(&evdev_handler);
1472}
1473
1474module_init(evdev_init);
1475module_exit(evdev_exit);
1476
1477MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>");
1478MODULE_DESCRIPTION("Input driver event char devices");
1479MODULE_LICENSE("GPL");
Linux 6.x block layer and io_uring tree(s)