1/* 2 * Event char devices, giving access to raw input device events. 3 * 4 * Copyright (c) 1999-2002 Vojtech Pavlik 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published by 8 * the Free Software Foundation. 9 */ 10 11#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 12 13#define EVDEV_MINOR_BASE 64 14#define EVDEV_MINORS 32 15#define EVDEV_MIN_BUFFER_SIZE 64U 16#define EVDEV_BUF_PACKETS 8 17 18#include <linux/poll.h> 19#include <linux/sched.h> 20#include <linux/slab.h> 21#include <linux/vmalloc.h> 22#include <linux/mm.h> 23#include <linux/module.h> 24#include <linux/init.h> 25#include <linux/input/mt.h> 26#include <linux/major.h> 27#include <linux/device.h> 28#include <linux/cdev.h> 29#include <linux/wakelock.h> 30#include "input-compat.h" 31 32struct evdev { 33 int open; 34 struct input_handle handle; 35 wait_queue_head_t wait; 36 struct evdev_client __rcu *grab; 37 struct list_head client_list; 38 spinlock_t client_lock; /* protects client_list */ 39 struct mutex mutex; 40 struct device dev; 41 struct cdev cdev; 42 bool exist; 43}; 44 45struct evdev_client { 46 unsigned int head; 47 unsigned int tail; 48 unsigned int packet_head; /* [future] position of the first element of next packet */ 49 spinlock_t buffer_lock; /* protects access to buffer, head and tail */ 50 struct wake_lock wake_lock; 51 bool use_wake_lock; 52 char name[28]; 53 struct fasync_struct *fasync; 54 struct evdev *evdev; 55 struct list_head node; 56 int clkid; 57 bool revoked; 58 unsigned int bufsize; 59 struct input_event buffer[]; 60}; 61 62/* flush queued events of type @type, caller must hold client->buffer_lock */ 63static void __evdev_flush_queue(struct evdev_client *client, unsigned int type) 64{ 65 unsigned int i, head, num; 66 unsigned int mask = client->bufsize - 1; 67 bool is_report; 68 struct input_event *ev; 69 70 BUG_ON(type == EV_SYN); 71 72 head = client->tail; 73 client->packet_head = client->tail; 74 75 /* init to 1 so a leading SYN_REPORT will not be dropped */ 76 num = 1; 77 78 for (i = client->tail; i != client->head; i = (i + 1) & mask) { 79 ev = &client->buffer[i]; 80 is_report = ev->type == EV_SYN && ev->code == SYN_REPORT; 81 82 if (ev->type == type) { 83 /* drop matched entry */ 84 continue; 85 } else if (is_report && !num) { 86 /* drop empty SYN_REPORT groups */ 87 continue; 88 } else if (head != i) { 89 /* move entry to fill the gap */ 90 client->buffer[head].time = ev->time; 91 client->buffer[head].type = ev->type; 92 client->buffer[head].code = ev->code; 93 client->buffer[head].value = ev->value; 94 } 95 96 num++; 97 head = (head + 1) & mask; 98 99 if (is_report) { 100 num = 0; 101 client->packet_head = head; 102 } 103 } 104 105 client->head = head; 106} 107 108/* queue SYN_DROPPED event */ 109static void evdev_queue_syn_dropped(struct evdev_client *client) 110{ 111 unsigned long flags; 112 struct input_event ev; 113 ktime_t time; 114 115 time = (client->clkid == CLOCK_MONOTONIC) ? 116 ktime_get() : ktime_get_real(); 117 118 ev.time = ktime_to_timeval(time); 119 ev.type = EV_SYN; 120 ev.code = SYN_DROPPED; 121 ev.value = 0; 122 123 spin_lock_irqsave(&client->buffer_lock, flags); 124 125 client->buffer[client->head++] = ev; 126 client->head &= client->bufsize - 1; 127 128 if (unlikely(client->head == client->tail)) { 129 /* drop queue but keep our SYN_DROPPED event */ 130 client->tail = (client->head - 1) & (client->bufsize - 1); 131 client->packet_head = client->tail; 132 } 133 134 spin_unlock_irqrestore(&client->buffer_lock, flags); 135} 136 137static void __pass_event(struct evdev_client *client, 138 const struct input_event *event) 139{ 140 client->buffer[client->head++] = *event; 141 client->head &= client->bufsize - 1; 142 143 if (unlikely(client->head == client->tail)) { 144 /* 145 * This effectively "drops" all unconsumed events, leaving 146 * EV_SYN/SYN_DROPPED plus the newest event in the queue. 147 */ 148 client->tail = (client->head - 2) & (client->bufsize - 1); 149 150 client->buffer[client->tail].time = event->time; 151 client->buffer[client->tail].type = EV_SYN; 152 client->buffer[client->tail].code = SYN_DROPPED; 153 client->buffer[client->tail].value = 0; 154 155 client->packet_head = client->tail; 156 if (client->use_wake_lock) 157 wake_unlock(&client->wake_lock); 158 } 159 160 if (event->type == EV_SYN && event->code == SYN_REPORT) { 161 client->packet_head = client->head; 162 if (client->use_wake_lock) 163 wake_lock(&client->wake_lock); 164 kill_fasync(&client->fasync, SIGIO, POLL_IN); 165 } 166} 167 168static void evdev_pass_values(struct evdev_client *client, 169 const struct input_value *vals, unsigned int count, 170 ktime_t mono, ktime_t real) 171{ 172 struct evdev *evdev = client->evdev; 173 const struct input_value *v; 174 struct input_event event; 175 bool wakeup = false; 176 177 if (client->revoked) 178 return; 179 180 event.time = ktime_to_timeval(client->clkid == CLOCK_MONOTONIC ? 181 mono : real); 182 183 /* Interrupts are disabled, just acquire the lock. */ 184 spin_lock(&client->buffer_lock); 185 186 for (v = vals; v != vals + count; v++) { 187 event.type = v->type; 188 event.code = v->code; 189 event.value = v->value; 190 __pass_event(client, &event); 191 if (v->type == EV_SYN && v->code == SYN_REPORT) 192 wakeup = true; 193 } 194 195 spin_unlock(&client->buffer_lock); 196 197 if (wakeup) 198 wake_up_interruptible(&evdev->wait); 199} 200 201/* 202 * Pass incoming events to all connected clients. 203 */ 204static void evdev_events(struct input_handle *handle, 205 const struct input_value *vals, unsigned int count) 206{ 207 struct evdev *evdev = handle->private; 208 struct evdev_client *client; 209 ktime_t time_mono, time_real; 210 211 time_mono = ktime_get(); 212 time_real = ktime_mono_to_real(time_mono); 213 214 rcu_read_lock(); 215 216 client = rcu_dereference(evdev->grab); 217 218 if (client) 219 evdev_pass_values(client, vals, count, time_mono, time_real); 220 else 221 list_for_each_entry_rcu(client, &evdev->client_list, node) 222 evdev_pass_values(client, vals, count, 223 time_mono, time_real); 224 225 rcu_read_unlock(); 226} 227 228/* 229 * Pass incoming event to all connected clients. 230 */ 231static void evdev_event(struct input_handle *handle, 232 unsigned int type, unsigned int code, int value) 233{ 234 struct input_value vals[] = { { type, code, value } }; 235 236 evdev_events(handle, vals, 1); 237} 238 239static int evdev_fasync(int fd, struct file *file, int on) 240{ 241 struct evdev_client *client = file->private_data; 242 243 return fasync_helper(fd, file, on, &client->fasync); 244} 245 246static int evdev_flush(struct file *file, fl_owner_t id) 247{ 248 struct evdev_client *client = file->private_data; 249 struct evdev *evdev = client->evdev; 250 int retval; 251 252 retval = mutex_lock_interruptible(&evdev->mutex); 253 if (retval) 254 return retval; 255 256 if (!evdev->exist || client->revoked) 257 retval = -ENODEV; 258 else 259 retval = input_flush_device(&evdev->handle, file); 260 261 mutex_unlock(&evdev->mutex); 262 return retval; 263} 264 265static void evdev_free(struct device *dev) 266{ 267 struct evdev *evdev = container_of(dev, struct evdev, dev); 268 269 input_put_device(evdev->handle.dev); 270 kfree(evdev); 271} 272 273/* 274 * Grabs an event device (along with underlying input device). 275 * This function is called with evdev->mutex taken. 276 */ 277static int evdev_grab(struct evdev *evdev, struct evdev_client *client) 278{ 279 int error; 280 281 if (evdev->grab) 282 return -EBUSY; 283 284 error = input_grab_device(&evdev->handle); 285 if (error) 286 return error; 287 288 rcu_assign_pointer(evdev->grab, client); 289 290 return 0; 291} 292 293static int evdev_ungrab(struct evdev *evdev, struct evdev_client *client) 294{ 295 struct evdev_client *grab = rcu_dereference_protected(evdev->grab, 296 lockdep_is_held(&evdev->mutex)); 297 298 if (grab != client) 299 return -EINVAL; 300 301 rcu_assign_pointer(evdev->grab, NULL); 302 synchronize_rcu(); 303 input_release_device(&evdev->handle); 304 305 return 0; 306} 307 308static void evdev_attach_client(struct evdev *evdev, 309 struct evdev_client *client) 310{ 311 spin_lock(&evdev->client_lock); 312 list_add_tail_rcu(&client->node, &evdev->client_list); 313 spin_unlock(&evdev->client_lock); 314} 315 316static void evdev_detach_client(struct evdev *evdev, 317 struct evdev_client *client) 318{ 319 spin_lock(&evdev->client_lock); 320 list_del_rcu(&client->node); 321 spin_unlock(&evdev->client_lock); 322 synchronize_rcu(); 323} 324 325static int evdev_open_device(struct evdev *evdev) 326{ 327 int retval; 328 329 retval = mutex_lock_interruptible(&evdev->mutex); 330 if (retval) 331 return retval; 332 333 if (!evdev->exist) 334 retval = -ENODEV; 335 else if (!evdev->open++) { 336 retval = input_open_device(&evdev->handle); 337 if (retval) 338 evdev->open--; 339 } 340 341 mutex_unlock(&evdev->mutex); 342 return retval; 343} 344 345static void evdev_close_device(struct evdev *evdev) 346{ 347 mutex_lock(&evdev->mutex); 348 349 if (evdev->exist && !--evdev->open) 350 input_close_device(&evdev->handle); 351 352 mutex_unlock(&evdev->mutex); 353} 354 355/* 356 * Wake up users waiting for IO so they can disconnect from 357 * dead device. 358 */ 359static void evdev_hangup(struct evdev *evdev) 360{ 361 struct evdev_client *client; 362 363 spin_lock(&evdev->client_lock); 364 list_for_each_entry(client, &evdev->client_list, node) 365 kill_fasync(&client->fasync, SIGIO, POLL_HUP); 366 spin_unlock(&evdev->client_lock); 367 368 wake_up_interruptible(&evdev->wait); 369} 370 371static int evdev_release(struct inode *inode, struct file *file) 372{ 373 struct evdev_client *client = file->private_data; 374 struct evdev *evdev = client->evdev; 375 376 mutex_lock(&evdev->mutex); 377 evdev_ungrab(evdev, client); 378 mutex_unlock(&evdev->mutex); 379 380 evdev_detach_client(evdev, client); 381 382 if (client->use_wake_lock) 383 wake_lock_destroy(&client->wake_lock); 384 385 if (is_vmalloc_addr(client)) 386 vfree(client); 387 else 388 kfree(client); 389 390 evdev_close_device(evdev); 391 392 return 0; 393} 394 395static unsigned int evdev_compute_buffer_size(struct input_dev *dev) 396{ 397 unsigned int n_events = 398 max(dev->hint_events_per_packet * EVDEV_BUF_PACKETS, 399 EVDEV_MIN_BUFFER_SIZE); 400 401 return roundup_pow_of_two(n_events); 402} 403 404static int evdev_open(struct inode *inode, struct file *file) 405{ 406 struct evdev *evdev = container_of(inode->i_cdev, struct evdev, cdev); 407 unsigned int bufsize = evdev_compute_buffer_size(evdev->handle.dev); 408 unsigned int size = sizeof(struct evdev_client) + 409 bufsize * sizeof(struct input_event); 410 struct evdev_client *client; 411 int error; 412 413 client = kzalloc(size, GFP_KERNEL | __GFP_NOWARN); 414 if (!client) 415 client = vzalloc(size); 416 if (!client) 417 return -ENOMEM; 418 419 client->bufsize = bufsize; 420 spin_lock_init(&client->buffer_lock); 421 snprintf(client->name, sizeof(client->name), "%s-%d", 422 dev_name(&evdev->dev), task_tgid_vnr(current)); 423 client->evdev = evdev; 424 evdev_attach_client(evdev, client); 425 426 error = evdev_open_device(evdev); 427 if (error) 428 goto err_free_client; 429 430 file->private_data = client; 431 nonseekable_open(inode, file); 432 433 return 0; 434 435 err_free_client: 436 evdev_detach_client(evdev, client); 437 kvfree(client); 438 return error; 439} 440 441static ssize_t evdev_write(struct file *file, const char __user *buffer, 442 size_t count, loff_t *ppos) 443{ 444 struct evdev_client *client = file->private_data; 445 struct evdev *evdev = client->evdev; 446 struct input_event event; 447 int retval = 0; 448 449 if (count != 0 && count < input_event_size()) 450 return -EINVAL; 451 452 retval = mutex_lock_interruptible(&evdev->mutex); 453 if (retval) 454 return retval; 455 456 if (!evdev->exist || client->revoked) { 457 retval = -ENODEV; 458 goto out; 459 } 460 461 while (retval + input_event_size() <= count) { 462 463 if (input_event_from_user(buffer + retval, &event)) { 464 retval = -EFAULT; 465 goto out; 466 } 467 retval += input_event_size(); 468 469 input_inject_event(&evdev->handle, 470 event.type, event.code, event.value); 471 } 472 473 out: 474 mutex_unlock(&evdev->mutex); 475 return retval; 476} 477 478static int evdev_fetch_next_event(struct evdev_client *client, 479 struct input_event *event) 480{ 481 int have_event; 482 483 spin_lock_irq(&client->buffer_lock); 484 485 have_event = client->packet_head != client->tail; 486 if (have_event) { 487 *event = client->buffer[client->tail++]; 488 client->tail &= client->bufsize - 1; 489 if (client->use_wake_lock && 490 client->packet_head == client->tail) 491 wake_unlock(&client->wake_lock); 492 } 493 494 spin_unlock_irq(&client->buffer_lock); 495 496 return have_event; 497} 498 499static ssize_t evdev_read(struct file *file, char __user *buffer, 500 size_t count, loff_t *ppos) 501{ 502 struct evdev_client *client = file->private_data; 503 struct evdev *evdev = client->evdev; 504 struct input_event event; 505 size_t read = 0; 506 int error; 507 508 if (count != 0 && count < input_event_size()) 509 return -EINVAL; 510 511 for (;;) { 512 if (!evdev->exist || client->revoked) 513 return -ENODEV; 514 515 if (client->packet_head == client->tail && 516 (file->f_flags & O_NONBLOCK)) 517 return -EAGAIN; 518 519 /* 520 * count == 0 is special - no IO is done but we check 521 * for error conditions (see above). 522 */ 523 if (count == 0) 524 break; 525 526 while (read + input_event_size() <= count && 527 evdev_fetch_next_event(client, &event)) { 528 529 if (input_event_to_user(buffer + read, &event)) 530 return -EFAULT; 531 532 read += input_event_size(); 533 } 534 535 if (read) 536 break; 537 538 if (!(file->f_flags & O_NONBLOCK)) { 539 error = wait_event_interruptible(evdev->wait, 540 client->packet_head != client->tail || 541 !evdev->exist || client->revoked); 542 if (error) 543 return error; 544 } 545 } 546 547 return read; 548} 549 550/* No kernel lock - fine */ 551static unsigned int evdev_poll(struct file *file, poll_table *wait) 552{ 553 struct evdev_client *client = file->private_data; 554 struct evdev *evdev = client->evdev; 555 unsigned int mask; 556 557 poll_wait(file, &evdev->wait, wait); 558 559 if (evdev->exist && !client->revoked) 560 mask = POLLOUT | POLLWRNORM; 561 else 562 mask = POLLHUP | POLLERR; 563 564 if (client->packet_head != client->tail) 565 mask |= POLLIN | POLLRDNORM; 566 567 return mask; 568} 569 570#ifdef CONFIG_COMPAT 571 572#define BITS_PER_LONG_COMPAT (sizeof(compat_long_t) * 8) 573#define BITS_TO_LONGS_COMPAT(x) ((((x) - 1) / BITS_PER_LONG_COMPAT) + 1) 574 575#ifdef __BIG_ENDIAN 576static int bits_to_user(unsigned long *bits, unsigned int maxbit, 577 unsigned int maxlen, void __user *p, int compat) 578{ 579 int len, i; 580 581 if (compat) { 582 len = BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t); 583 if (len > maxlen) 584 len = maxlen; 585 586 for (i = 0; i < len / sizeof(compat_long_t); i++) 587 if (copy_to_user((compat_long_t __user *) p + i, 588 (compat_long_t *) bits + 589 i + 1 - ((i % 2) << 1), 590 sizeof(compat_long_t))) 591 return -EFAULT; 592 } else { 593 len = BITS_TO_LONGS(maxbit) * sizeof(long); 594 if (len > maxlen) 595 len = maxlen; 596 597 if (copy_to_user(p, bits, len)) 598 return -EFAULT; 599 } 600 601 return len; 602} 603#else 604static int bits_to_user(unsigned long *bits, unsigned int maxbit, 605 unsigned int maxlen, void __user *p, int compat) 606{ 607 int len = compat ? 608 BITS_TO_LONGS_COMPAT(maxbit) * sizeof(compat_long_t) : 609 BITS_TO_LONGS(maxbit) * sizeof(long); 610 611 if (len > maxlen) 612 len = maxlen; 613 614 return copy_to_user(p, bits, len) ? -EFAULT : len; 615} 616#endif /* __BIG_ENDIAN */ 617 618#else 619 620static int bits_to_user(unsigned long *bits, unsigned int maxbit, 621 unsigned int maxlen, void __user *p, int compat) 622{ 623 int len = BITS_TO_LONGS(maxbit) * sizeof(long); 624 625 if (len > maxlen) 626 len = maxlen; 627 628 return copy_to_user(p, bits, len) ? -EFAULT : len; 629} 630 631#endif /* CONFIG_COMPAT */ 632 633static int str_to_user(const char *str, unsigned int maxlen, void __user *p) 634{ 635 int len; 636 637 if (!str) 638 return -ENOENT; 639 640 len = strlen(str) + 1; 641 if (len > maxlen) 642 len = maxlen; 643 644 return copy_to_user(p, str, len) ? -EFAULT : len; 645} 646 647static int handle_eviocgbit(struct input_dev *dev, 648 unsigned int type, unsigned int size, 649 void __user *p, int compat_mode) 650{ 651 unsigned long *bits; 652 int len; 653 654 switch (type) { 655 656 case 0: bits = dev->evbit; len = EV_MAX; break; 657 case EV_KEY: bits = dev->keybit; len = KEY_MAX; break; 658 case EV_REL: bits = dev->relbit; len = REL_MAX; break; 659 case EV_ABS: bits = dev->absbit; len = ABS_MAX; break; 660 case EV_MSC: bits = dev->mscbit; len = MSC_MAX; break; 661 case EV_LED: bits = dev->ledbit; len = LED_MAX; break; 662 case EV_SND: bits = dev->sndbit; len = SND_MAX; break; 663 case EV_FF: bits = dev->ffbit; len = FF_MAX; break; 664 case EV_SW: bits = dev->swbit; len = SW_MAX; break; 665 default: return -EINVAL; 666 } 667 668 return bits_to_user(bits, len, size, p, compat_mode); 669} 670 671static int evdev_handle_get_keycode(struct input_dev *dev, void __user *p) 672{ 673 struct input_keymap_entry ke = { 674 .len = sizeof(unsigned int), 675 .flags = 0, 676 }; 677 int __user *ip = (int __user *)p; 678 int error; 679 680 /* legacy case */ 681 if (copy_from_user(ke.scancode, p, sizeof(unsigned int))) 682 return -EFAULT; 683 684 error = input_get_keycode(dev, &ke); 685 if (error) 686 return error; 687 688 if (put_user(ke.keycode, ip + 1)) 689 return -EFAULT; 690 691 return 0; 692} 693 694static int evdev_handle_get_keycode_v2(struct input_dev *dev, void __user *p) 695{ 696 struct input_keymap_entry ke; 697 int error; 698 699 if (copy_from_user(&ke, p, sizeof(ke))) 700 return -EFAULT; 701 702 error = input_get_keycode(dev, &ke); 703 if (error) 704 return error; 705 706 if (copy_to_user(p, &ke, sizeof(ke))) 707 return -EFAULT; 708 709 return 0; 710} 711 712static int evdev_handle_set_keycode(struct input_dev *dev, void __user *p) 713{ 714 struct input_keymap_entry ke = { 715 .len = sizeof(unsigned int), 716 .flags = 0, 717 }; 718 int __user *ip = (int __user *)p; 719 720 if (copy_from_user(ke.scancode, p, sizeof(unsigned int))) 721 return -EFAULT; 722 723 if (get_user(ke.keycode, ip + 1)) 724 return -EFAULT; 725 726 return input_set_keycode(dev, &ke); 727} 728 729static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p) 730{ 731 struct input_keymap_entry ke; 732 733 if (copy_from_user(&ke, p, sizeof(ke))) 734 return -EFAULT; 735 736 if (ke.len > sizeof(ke.scancode)) 737 return -EINVAL; 738 739 return input_set_keycode(dev, &ke); 740} 741 742/* 743 * If we transfer state to the user, we should flush all pending events 744 * of the same type from the client's queue. Otherwise, they might end up 745 * with duplicate events, which can screw up client's state tracking. 746 * If bits_to_user fails after flushing the queue, we queue a SYN_DROPPED 747 * event so user-space will notice missing events. 748 * 749 * LOCKING: 750 * We need to take event_lock before buffer_lock to avoid dead-locks. But we 751 * need the even_lock only to guarantee consistent state. We can safely release 752 * it while flushing the queue. This allows input-core to handle filters while 753 * we flush the queue. 754 */ 755static int evdev_handle_get_val(struct evdev_client *client, 756 struct input_dev *dev, unsigned int type, 757 unsigned long *bits, unsigned int maxbit, 758 unsigned int maxlen, void __user *p, 759 int compat) 760{ 761 int ret; 762 unsigned long *mem; 763 size_t len; 764 765 len = BITS_TO_LONGS(maxbit) * sizeof(unsigned long); 766 mem = kmalloc(len, GFP_KERNEL); 767 if (!mem) 768 return -ENOMEM; 769 770 spin_lock_irq(&dev->event_lock); 771 spin_lock(&client->buffer_lock); 772 773 memcpy(mem, bits, len); 774 775 spin_unlock(&dev->event_lock); 776 777 __evdev_flush_queue(client, type); 778 779 spin_unlock_irq(&client->buffer_lock); 780 781 ret = bits_to_user(mem, maxbit, maxlen, p, compat); 782 if (ret < 0) 783 evdev_queue_syn_dropped(client); 784 785 kfree(mem); 786 787 return ret; 788} 789 790static int evdev_handle_mt_request(struct input_dev *dev, 791 unsigned int size, 792 int __user *ip) 793{ 794 const struct input_mt *mt = dev->mt; 795 unsigned int code; 796 int max_slots; 797 int i; 798 799 if (get_user(code, &ip[0])) 800 return -EFAULT; 801 if (!mt || !input_is_mt_value(code)) 802 return -EINVAL; 803 804 max_slots = (size - sizeof(__u32)) / sizeof(__s32); 805 for (i = 0; i < mt->num_slots && i < max_slots; i++) { 806 int value = input_mt_get_value(&mt->slots[i], code); 807 if (put_user(value, &ip[1 + i])) 808 return -EFAULT; 809 } 810 811 return 0; 812} 813 814/* 815 * HACK: disable conflicting EVIOCREVOKE until Android userspace stops using 816 * EVIOCSSUSPENDBLOCK 817 */ 818/* 819static int evdev_revoke(struct evdev *evdev, struct evdev_client *client, 820 struct file *file) 821{ 822 client->revoked = true; 823 evdev_ungrab(evdev, client); 824 input_flush_device(&evdev->handle, file); 825 wake_up_interruptible(&evdev->wait); 826 827 return 0; 828} 829*/ 830 831static int evdev_enable_suspend_block(struct evdev *evdev, 832 struct evdev_client *client) 833{ 834 if (client->use_wake_lock) 835 return 0; 836 837 spin_lock_irq(&client->buffer_lock); 838 wake_lock_init(&client->wake_lock, WAKE_LOCK_SUSPEND, client->name); 839 client->use_wake_lock = true; 840 if (client->packet_head != client->tail) 841 wake_lock(&client->wake_lock); 842 spin_unlock_irq(&client->buffer_lock); 843 return 0; 844} 845 846static int evdev_disable_suspend_block(struct evdev *evdev, 847 struct evdev_client *client) 848{ 849 if (!client->use_wake_lock) 850 return 0; 851 852 spin_lock_irq(&client->buffer_lock); 853 client->use_wake_lock = false; 854 wake_lock_destroy(&client->wake_lock); 855 spin_unlock_irq(&client->buffer_lock); 856 857 return 0; 858} 859 860static long evdev_do_ioctl(struct file *file, unsigned int cmd, 861 void __user *p, int compat_mode) 862{ 863 struct evdev_client *client = file->private_data; 864 struct evdev *evdev = client->evdev; 865 struct input_dev *dev = evdev->handle.dev; 866 struct input_absinfo abs; 867 struct ff_effect effect; 868 int __user *ip = (int __user *)p; 869 unsigned int i, t, u, v; 870 unsigned int size; 871 int error; 872 873 /* First we check for fixed-length commands */ 874 switch (cmd) { 875 876 case EVIOCGVERSION: 877 return put_user(EV_VERSION, ip); 878 879 case EVIOCGID: 880 if (copy_to_user(p, &dev->id, sizeof(struct input_id))) 881 return -EFAULT; 882 return 0; 883 884 case EVIOCGREP: 885 if (!test_bit(EV_REP, dev->evbit)) 886 return -ENOSYS; 887 if (put_user(dev->rep[REP_DELAY], ip)) 888 return -EFAULT; 889 if (put_user(dev->rep[REP_PERIOD], ip + 1)) 890 return -EFAULT; 891 return 0; 892 893 case EVIOCSREP: 894 if (!test_bit(EV_REP, dev->evbit)) 895 return -ENOSYS; 896 if (get_user(u, ip)) 897 return -EFAULT; 898 if (get_user(v, ip + 1)) 899 return -EFAULT; 900 901 input_inject_event(&evdev->handle, EV_REP, REP_DELAY, u); 902 input_inject_event(&evdev->handle, EV_REP, REP_PERIOD, v); 903 904 return 0; 905 906 case EVIOCRMFF: 907 return input_ff_erase(dev, (int)(unsigned long) p, file); 908 909 case EVIOCGEFFECTS: 910 i = test_bit(EV_FF, dev->evbit) ? 911 dev->ff->max_effects : 0; 912 if (put_user(i, ip)) 913 return -EFAULT; 914 return 0; 915 916 case EVIOCGRAB: 917 if (p) 918 return evdev_grab(evdev, client); 919 else 920 return evdev_ungrab(evdev, client); 921 922 /* 923 * HACK: disable conflicting EVIOCREVOKE until Android userspace stops 924 * using EVIOCSSUSPENDBLOCK 925 */ 926 /* 927 case EVIOCREVOKE: 928 if (p) 929 return -EINVAL; 930 else 931 return evdev_revoke(evdev, client, file); 932 */ 933 case EVIOCSCLOCKID: 934 if (copy_from_user(&i, p, sizeof(unsigned int))) 935 return -EFAULT; 936 if (i != CLOCK_MONOTONIC && i != CLOCK_REALTIME) 937 return -EINVAL; 938 client->clkid = i; 939 return 0; 940 941 case EVIOCGKEYCODE: 942 return evdev_handle_get_keycode(dev, p); 943 944 case EVIOCSKEYCODE: 945 return evdev_handle_set_keycode(dev, p); 946 947 case EVIOCGKEYCODE_V2: 948 return evdev_handle_get_keycode_v2(dev, p); 949 950 case EVIOCSKEYCODE_V2: 951 return evdev_handle_set_keycode_v2(dev, p); 952 953 case EVIOCGSUSPENDBLOCK: 954 return put_user(client->use_wake_lock, ip); 955 956 case EVIOCSSUSPENDBLOCK: 957 if (p) 958 return evdev_enable_suspend_block(evdev, client); 959 else 960 return evdev_disable_suspend_block(evdev, client); 961 } 962 963 size = _IOC_SIZE(cmd); 964 965 /* Now check variable-length commands */ 966#define EVIOC_MASK_SIZE(nr) ((nr) & ~(_IOC_SIZEMASK << _IOC_SIZESHIFT)) 967 switch (EVIOC_MASK_SIZE(cmd)) { 968 969 case EVIOCGPROP(0): 970 return bits_to_user(dev->propbit, INPUT_PROP_MAX, 971 size, p, compat_mode); 972 973 case EVIOCGMTSLOTS(0): 974 return evdev_handle_mt_request(dev, size, ip); 975 976 case EVIOCGKEY(0): 977 return evdev_handle_get_val(client, dev, EV_KEY, dev->key, 978 KEY_MAX, size, p, compat_mode); 979 980 case EVIOCGLED(0): 981 return evdev_handle_get_val(client, dev, EV_LED, dev->led, 982 LED_MAX, size, p, compat_mode); 983 984 case EVIOCGSND(0): 985 return evdev_handle_get_val(client, dev, EV_SND, dev->snd, 986 SND_MAX, size, p, compat_mode); 987 988 case EVIOCGSW(0): 989 return evdev_handle_get_val(client, dev, EV_SW, dev->sw, 990 SW_MAX, size, p, compat_mode); 991 992 case EVIOCGNAME(0): 993 return str_to_user(dev->name, size, p); 994 995 case EVIOCGPHYS(0): 996 return str_to_user(dev->phys, size, p); 997 998 case EVIOCGUNIQ(0): 999 return str_to_user(dev->uniq, size, p); 1000 1001 case EVIOC_MASK_SIZE(EVIOCSFF): 1002 if (input_ff_effect_from_user(p, size, &effect)) 1003 return -EFAULT; 1004 1005 error = input_ff_upload(dev, &effect, file); 1006 if (error) 1007 return error; 1008 1009 if (put_user(effect.id, &(((struct ff_effect __user *)p)->id))) 1010 return -EFAULT; 1011 1012 return 0; 1013 } 1014 1015 /* Multi-number variable-length handlers */ 1016 if (_IOC_TYPE(cmd) != 'E') 1017 return -EINVAL; 1018 1019 if (_IOC_DIR(cmd) == _IOC_READ) { 1020 1021 if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0, 0))) 1022 return handle_eviocgbit(dev, 1023 _IOC_NR(cmd) & EV_MAX, size, 1024 p, compat_mode); 1025 1026 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) { 1027 1028 if (!dev->absinfo) 1029 return -EINVAL; 1030 1031 t = _IOC_NR(cmd) & ABS_MAX; 1032 abs = dev->absinfo[t]; 1033 1034 if (copy_to_user(p, &abs, min_t(size_t, 1035 size, sizeof(struct input_absinfo)))) 1036 return -EFAULT; 1037 1038 return 0; 1039 } 1040 } 1041 1042 if (_IOC_DIR(cmd) == _IOC_WRITE) { 1043 1044 if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) { 1045 1046 if (!dev->absinfo) 1047 return -EINVAL; 1048 1049 t = _IOC_NR(cmd) & ABS_MAX; 1050 1051 if (copy_from_user(&abs, p, min_t(size_t, 1052 size, sizeof(struct input_absinfo)))) 1053 return -EFAULT; 1054 1055 if (size < sizeof(struct input_absinfo)) 1056 abs.resolution = 0; 1057 1058 /* We can't change number of reserved MT slots */ 1059 if (t == ABS_MT_SLOT) 1060 return -EINVAL; 1061 1062 /* 1063 * Take event lock to ensure that we are not 1064 * changing device parameters in the middle 1065 * of event. 1066 */ 1067 spin_lock_irq(&dev->event_lock); 1068 dev->absinfo[t] = abs; 1069 spin_unlock_irq(&dev->event_lock); 1070 1071 return 0; 1072 } 1073 } 1074 1075 return -EINVAL; 1076} 1077 1078static long evdev_ioctl_handler(struct file *file, unsigned int cmd, 1079 void __user *p, int compat_mode) 1080{ 1081 struct evdev_client *client = file->private_data; 1082 struct evdev *evdev = client->evdev; 1083 int retval; 1084 1085 retval = mutex_lock_interruptible(&evdev->mutex); 1086 if (retval) 1087 return retval; 1088 1089 if (!evdev->exist || client->revoked) { 1090 retval = -ENODEV; 1091 goto out; 1092 } 1093 1094 retval = evdev_do_ioctl(file, cmd, p, compat_mode); 1095 1096 out: 1097 mutex_unlock(&evdev->mutex); 1098 return retval; 1099} 1100 1101static long evdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1102{ 1103 return evdev_ioctl_handler(file, cmd, (void __user *)arg, 0); 1104} 1105 1106#ifdef CONFIG_COMPAT 1107static long evdev_ioctl_compat(struct file *file, 1108 unsigned int cmd, unsigned long arg) 1109{ 1110 return evdev_ioctl_handler(file, cmd, compat_ptr(arg), 1); 1111} 1112#endif 1113 1114static const struct file_operations evdev_fops = { 1115 .owner = THIS_MODULE, 1116 .read = evdev_read, 1117 .write = evdev_write, 1118 .poll = evdev_poll, 1119 .open = evdev_open, 1120 .release = evdev_release, 1121 .unlocked_ioctl = evdev_ioctl, 1122#ifdef CONFIG_COMPAT 1123 .compat_ioctl = evdev_ioctl_compat, 1124#endif 1125 .fasync = evdev_fasync, 1126 .flush = evdev_flush, 1127 .llseek = no_llseek, 1128}; 1129 1130/* 1131 * Mark device non-existent. This disables writes, ioctls and 1132 * prevents new users from opening the device. Already posted 1133 * blocking reads will stay, however new ones will fail. 1134 */ 1135static void evdev_mark_dead(struct evdev *evdev) 1136{ 1137 mutex_lock(&evdev->mutex); 1138 evdev->exist = false; 1139 mutex_unlock(&evdev->mutex); 1140} 1141 1142static void evdev_cleanup(struct evdev *evdev) 1143{ 1144 struct input_handle *handle = &evdev->handle; 1145 1146 evdev_mark_dead(evdev); 1147 evdev_hangup(evdev); 1148 1149 cdev_del(&evdev->cdev); 1150 1151 /* evdev is marked dead so no one else accesses evdev->open */ 1152 if (evdev->open) { 1153 input_flush_device(handle, NULL); 1154 input_close_device(handle); 1155 } 1156} 1157 1158/* 1159 * Create new evdev device. Note that input core serializes calls 1160 * to connect and disconnect. 1161 */ 1162static int evdev_connect(struct input_handler *handler, struct input_dev *dev, 1163 const struct input_device_id *id) 1164{ 1165 struct evdev *evdev; 1166 int minor; 1167 int dev_no; 1168 int error; 1169 1170 minor = input_get_new_minor(EVDEV_MINOR_BASE, EVDEV_MINORS, true); 1171 if (minor < 0) { 1172 error = minor; 1173 pr_err("failed to reserve new minor: %d\n", error); 1174 return error; 1175 } 1176 1177 evdev = kzalloc(sizeof(struct evdev), GFP_KERNEL); 1178 if (!evdev) { 1179 error = -ENOMEM; 1180 goto err_free_minor; 1181 } 1182 1183 INIT_LIST_HEAD(&evdev->client_list); 1184 spin_lock_init(&evdev->client_lock); 1185 mutex_init(&evdev->mutex); 1186 init_waitqueue_head(&evdev->wait); 1187 evdev->exist = true; 1188 1189 dev_no = minor; 1190 /* Normalize device number if it falls into legacy range */ 1191 if (dev_no < EVDEV_MINOR_BASE + EVDEV_MINORS) 1192 dev_no -= EVDEV_MINOR_BASE; 1193 dev_set_name(&evdev->dev, "event%d", dev_no); 1194 1195 evdev->handle.dev = input_get_device(dev); 1196 evdev->handle.name = dev_name(&evdev->dev); 1197 evdev->handle.handler = handler; 1198 evdev->handle.private = evdev; 1199 1200 evdev->dev.devt = MKDEV(INPUT_MAJOR, minor); 1201 evdev->dev.class = &input_class; 1202 evdev->dev.parent = &dev->dev; 1203 evdev->dev.release = evdev_free; 1204 device_initialize(&evdev->dev); 1205 1206 error = input_register_handle(&evdev->handle); 1207 if (error) 1208 goto err_free_evdev; 1209 1210 cdev_init(&evdev->cdev, &evdev_fops); 1211 evdev->cdev.kobj.parent = &evdev->dev.kobj; 1212 error = cdev_add(&evdev->cdev, evdev->dev.devt, 1); 1213 if (error) 1214 goto err_unregister_handle; 1215 1216 error = device_add(&evdev->dev); 1217 if (error) 1218 goto err_cleanup_evdev; 1219 1220 return 0; 1221 1222 err_cleanup_evdev: 1223 evdev_cleanup(evdev); 1224 err_unregister_handle: 1225 input_unregister_handle(&evdev->handle); 1226 err_free_evdev: 1227 put_device(&evdev->dev); 1228 err_free_minor: 1229 input_free_minor(minor); 1230 return error; 1231} 1232 1233static void evdev_disconnect(struct input_handle *handle) 1234{ 1235 struct evdev *evdev = handle->private; 1236 1237 device_del(&evdev->dev); 1238 evdev_cleanup(evdev); 1239 input_free_minor(MINOR(evdev->dev.devt)); 1240 input_unregister_handle(handle); 1241 put_device(&evdev->dev); 1242} 1243 1244static const struct input_device_id evdev_ids[] = { 1245 { .driver_info = 1 }, /* Matches all devices */ 1246 { }, /* Terminating zero entry */ 1247}; 1248 1249MODULE_DEVICE_TABLE(input, evdev_ids); 1250 1251static struct input_handler evdev_handler = { 1252 .event = evdev_event, 1253 .events = evdev_events, 1254 .connect = evdev_connect, 1255 .disconnect = evdev_disconnect, 1256 .legacy_minors = true, 1257 .minor = EVDEV_MINOR_BASE, 1258 .name = "evdev", 1259 .id_table = evdev_ids, 1260}; 1261 1262static int __init evdev_init(void) 1263{ 1264 return input_register_handler(&evdev_handler); 1265} 1266 1267static void __exit evdev_exit(void) 1268{ 1269 input_unregister_handler(&evdev_handler); 1270} 1271 1272module_init(evdev_init); 1273module_exit(evdev_exit); 1274 1275MODULE_AUTHOR("Vojtech Pavlik <vojtech@ucw.cz>"); 1276MODULE_DESCRIPTION("Input driver event char devices"); 1277MODULE_LICENSE("GPL"); 1278