V4L/DVB (5548): Fix v4l2 buffer to the length
[linux-2.6] / drivers / input / misc / uinput.c
1 /*
2  *  User level driver support for input subsystem
3  *
4  * Heavily based on evdev.c by Vojtech Pavlik
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19  *
20  * Author: Aristeu Sergio Rozanski Filho <aris@cathedrallabs.org>
21  *
22  * Changes/Revisions:
23  *      0.3     09/04/2006 (Anssi Hannula <anssi.hannula@gmail.com>)
24  *              - updated ff support for the changes in kernel interface
25  *              - added MODULE_VERSION
26  *      0.2     16/10/2004 (Micah Dowty <micah@navi.cx>)
27  *              - added force feedback support
28  *              - added UI_SET_PHYS
29  *      0.1     20/06/2002
30  *              - first public version
31  */
32 #include <linux/poll.h>
33 #include <linux/slab.h>
34 #include <linux/module.h>
35 #include <linux/init.h>
36 #include <linux/input.h>
37 #include <linux/smp_lock.h>
38 #include <linux/fs.h>
39 #include <linux/miscdevice.h>
40 #include <linux/uinput.h>
41
42 static int uinput_dev_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
43 {
44         struct uinput_device    *udev;
45
46         udev = dev->private;
47
48         udev->buff[udev->head].type = type;
49         udev->buff[udev->head].code = code;
50         udev->buff[udev->head].value = value;
51         do_gettimeofday(&udev->buff[udev->head].time);
52         udev->head = (udev->head + 1) % UINPUT_BUFFER_SIZE;
53
54         wake_up_interruptible(&udev->waitq);
55
56         return 0;
57 }
58
59 static int uinput_request_alloc_id(struct uinput_device *udev, struct uinput_request *request)
60 {
61         /* Atomically allocate an ID for the given request. Returns 0 on success. */
62         int id;
63         int err = -1;
64
65         spin_lock(&udev->requests_lock);
66
67         for (id = 0; id < UINPUT_NUM_REQUESTS; id++)
68                 if (!udev->requests[id]) {
69                         request->id = id;
70                         udev->requests[id] = request;
71                         err = 0;
72                         break;
73                 }
74
75         spin_unlock(&udev->requests_lock);
76         return err;
77 }
78
79 static struct uinput_request* uinput_request_find(struct uinput_device *udev, int id)
80 {
81         /* Find an input request, by ID. Returns NULL if the ID isn't valid. */
82         if (id >= UINPUT_NUM_REQUESTS || id < 0)
83                 return NULL;
84         return udev->requests[id];
85 }
86
87 static inline int uinput_request_reserve_slot(struct uinput_device *udev, struct uinput_request *request)
88 {
89         /* Allocate slot. If none are available right away, wait. */
90         return wait_event_interruptible(udev->requests_waitq,
91                                         !uinput_request_alloc_id(udev, request));
92 }
93
94 static void uinput_request_done(struct uinput_device *udev, struct uinput_request *request)
95 {
96         /* Mark slot as available */
97         udev->requests[request->id] = NULL;
98         wake_up(&udev->requests_waitq);
99
100         complete(&request->done);
101 }
102
103 static int uinput_request_submit(struct input_dev *dev, struct uinput_request *request)
104 {
105         /* Tell our userspace app about this new request by queueing an input event */
106         uinput_dev_event(dev, EV_UINPUT, request->code, request->id);
107
108         /* Wait for the request to complete */
109         wait_for_completion(&request->done);
110         return request->retval;
111 }
112
113 static void uinput_dev_set_gain(struct input_dev *dev, u16 gain)
114 {
115         uinput_dev_event(dev, EV_FF, FF_GAIN, gain);
116 }
117
118 static void uinput_dev_set_autocenter(struct input_dev *dev, u16 magnitude)
119 {
120         uinput_dev_event(dev, EV_FF, FF_AUTOCENTER, magnitude);
121 }
122
123 static int uinput_dev_playback(struct input_dev *dev, int effect_id, int value)
124 {
125         return uinput_dev_event(dev, EV_FF, effect_id, value);
126 }
127
128 static int uinput_dev_upload_effect(struct input_dev *dev, struct ff_effect *effect, struct ff_effect *old)
129 {
130         struct uinput_request request;
131         int retval;
132
133         request.id = -1;
134         init_completion(&request.done);
135         request.code = UI_FF_UPLOAD;
136         request.u.upload.effect = effect;
137         request.u.upload.old = old;
138
139         retval = uinput_request_reserve_slot(dev->private, &request);
140         if (!retval)
141                 retval = uinput_request_submit(dev, &request);
142
143         return retval;
144 }
145
146 static int uinput_dev_erase_effect(struct input_dev *dev, int effect_id)
147 {
148         struct uinput_request request;
149         int retval;
150
151         if (!test_bit(EV_FF, dev->evbit))
152                 return -ENOSYS;
153
154         request.id = -1;
155         init_completion(&request.done);
156         request.code = UI_FF_ERASE;
157         request.u.effect_id = effect_id;
158
159         retval = uinput_request_reserve_slot(dev->private, &request);
160         if (!retval)
161                 retval = uinput_request_submit(dev, &request);
162
163         return retval;
164 }
165
166 static void uinput_destroy_device(struct uinput_device *udev)
167 {
168         const char *name, *phys;
169
170         if (udev->dev) {
171                 name = udev->dev->name;
172                 phys = udev->dev->phys;
173                 if (udev->state == UIST_CREATED)
174                         input_unregister_device(udev->dev);
175                 else
176                         input_free_device(udev->dev);
177                 kfree(name);
178                 kfree(phys);
179                 udev->dev = NULL;
180         }
181
182         udev->state = UIST_NEW_DEVICE;
183 }
184
185 static int uinput_create_device(struct uinput_device *udev)
186 {
187         struct input_dev *dev = udev->dev;
188         int error;
189
190         if (udev->state != UIST_SETUP_COMPLETE) {
191                 printk(KERN_DEBUG "%s: write device info first\n", UINPUT_NAME);
192                 return -EINVAL;
193         }
194
195         if (udev->ff_effects_max) {
196                 error = input_ff_create(dev, udev->ff_effects_max);
197                 if (error)
198                         goto fail1;
199
200                 dev->ff->upload = uinput_dev_upload_effect;
201                 dev->ff->erase = uinput_dev_erase_effect;
202                 dev->ff->playback = uinput_dev_playback;
203                 dev->ff->set_gain = uinput_dev_set_gain;
204                 dev->ff->set_autocenter = uinput_dev_set_autocenter;
205         }
206
207         error = input_register_device(udev->dev);
208         if (error)
209                 goto fail2;
210
211         udev->state = UIST_CREATED;
212
213         return 0;
214
215  fail2: input_ff_destroy(dev);
216  fail1: uinput_destroy_device(udev);
217         return error;
218 }
219
220 static int uinput_open(struct inode *inode, struct file *file)
221 {
222         struct uinput_device *newdev;
223
224         newdev = kzalloc(sizeof(struct uinput_device), GFP_KERNEL);
225         if (!newdev)
226                 return -ENOMEM;
227
228         mutex_init(&newdev->mutex);
229         spin_lock_init(&newdev->requests_lock);
230         init_waitqueue_head(&newdev->requests_waitq);
231         init_waitqueue_head(&newdev->waitq);
232         newdev->state = UIST_NEW_DEVICE;
233
234         file->private_data = newdev;
235
236         return 0;
237 }
238
239 static int uinput_validate_absbits(struct input_dev *dev)
240 {
241         unsigned int cnt;
242         int retval = 0;
243
244         for (cnt = 0; cnt < ABS_MAX + 1; cnt++) {
245                 if (!test_bit(cnt, dev->absbit))
246                         continue;
247
248                 if ((dev->absmax[cnt] <= dev->absmin[cnt])) {
249                         printk(KERN_DEBUG
250                                 "%s: invalid abs[%02x] min:%d max:%d\n",
251                                 UINPUT_NAME, cnt,
252                                 dev->absmin[cnt], dev->absmax[cnt]);
253                         retval = -EINVAL;
254                         break;
255                 }
256
257                 if (dev->absflat[cnt] > (dev->absmax[cnt] - dev->absmin[cnt])) {
258                         printk(KERN_DEBUG
259                                 "%s: absflat[%02x] out of range: %d "
260                                 "(min:%d/max:%d)\n",
261                                 UINPUT_NAME, cnt, dev->absflat[cnt],
262                                 dev->absmin[cnt], dev->absmax[cnt]);
263                         retval = -EINVAL;
264                         break;
265                 }
266         }
267         return retval;
268 }
269
270 static int uinput_allocate_device(struct uinput_device *udev)
271 {
272         udev->dev = input_allocate_device();
273         if (!udev->dev)
274                 return -ENOMEM;
275
276         udev->dev->event = uinput_dev_event;
277         udev->dev->private = udev;
278
279         return 0;
280 }
281
282 static int uinput_setup_device(struct uinput_device *udev, const char __user *buffer, size_t count)
283 {
284         struct uinput_user_dev  *user_dev;
285         struct input_dev        *dev;
286         char                    *name;
287         int                     size;
288         int                     retval;
289
290         if (count != sizeof(struct uinput_user_dev))
291                 return -EINVAL;
292
293         if (!udev->dev) {
294                 retval = uinput_allocate_device(udev);
295                 if (retval)
296                         return retval;
297         }
298
299         dev = udev->dev;
300
301         user_dev = kmalloc(sizeof(struct uinput_user_dev), GFP_KERNEL);
302         if (!user_dev)
303                 return -ENOMEM;
304
305         if (copy_from_user(user_dev, buffer, sizeof(struct uinput_user_dev))) {
306                 retval = -EFAULT;
307                 goto exit;
308         }
309
310         udev->ff_effects_max = user_dev->ff_effects_max;
311
312         size = strnlen(user_dev->name, UINPUT_MAX_NAME_SIZE) + 1;
313         if (!size) {
314                 retval = -EINVAL;
315                 goto exit;
316         }
317
318         kfree(dev->name);
319         dev->name = name = kmalloc(size, GFP_KERNEL);
320         if (!name) {
321                 retval = -ENOMEM;
322                 goto exit;
323         }
324         strlcpy(name, user_dev->name, size);
325
326         dev->id.bustype = user_dev->id.bustype;
327         dev->id.vendor  = user_dev->id.vendor;
328         dev->id.product = user_dev->id.product;
329         dev->id.version = user_dev->id.version;
330
331         size = sizeof(int) * (ABS_MAX + 1);
332         memcpy(dev->absmax, user_dev->absmax, size);
333         memcpy(dev->absmin, user_dev->absmin, size);
334         memcpy(dev->absfuzz, user_dev->absfuzz, size);
335         memcpy(dev->absflat, user_dev->absflat, size);
336
337         /* check if absmin/absmax/absfuzz/absflat are filled as
338          * told in Documentation/input/input-programming.txt */
339         if (test_bit(EV_ABS, dev->evbit)) {
340                 retval = uinput_validate_absbits(dev);
341                 if (retval < 0)
342                         goto exit;
343         }
344
345         udev->state = UIST_SETUP_COMPLETE;
346         retval = count;
347
348  exit:
349         kfree(user_dev);
350         return retval;
351 }
352
353 static inline ssize_t uinput_inject_event(struct uinput_device *udev, const char __user *buffer, size_t count)
354 {
355         struct input_event ev;
356
357         if (count != sizeof(struct input_event))
358                 return -EINVAL;
359
360         if (copy_from_user(&ev, buffer, sizeof(struct input_event)))
361                 return -EFAULT;
362
363         input_event(udev->dev, ev.type, ev.code, ev.value);
364
365         return sizeof(struct input_event);
366 }
367
368 static ssize_t uinput_write(struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
369 {
370         struct uinput_device *udev = file->private_data;
371         int retval;
372
373         retval = mutex_lock_interruptible(&udev->mutex);
374         if (retval)
375                 return retval;
376
377         retval = udev->state == UIST_CREATED ?
378                         uinput_inject_event(udev, buffer, count) :
379                         uinput_setup_device(udev, buffer, count);
380
381         mutex_unlock(&udev->mutex);
382
383         return retval;
384 }
385
386 static ssize_t uinput_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos)
387 {
388         struct uinput_device *udev = file->private_data;
389         int retval = 0;
390
391         if (udev->state != UIST_CREATED)
392                 return -ENODEV;
393
394         if (udev->head == udev->tail && (file->f_flags & O_NONBLOCK))
395                 return -EAGAIN;
396
397         retval = wait_event_interruptible(udev->waitq,
398                         udev->head != udev->tail || udev->state != UIST_CREATED);
399         if (retval)
400                 return retval;
401
402         retval = mutex_lock_interruptible(&udev->mutex);
403         if (retval)
404                 return retval;
405
406         if (udev->state != UIST_CREATED) {
407                 retval = -ENODEV;
408                 goto out;
409         }
410
411         while (udev->head != udev->tail && retval + sizeof(struct input_event) <= count) {
412                 if (copy_to_user(buffer + retval, &udev->buff[udev->tail], sizeof(struct input_event))) {
413                         retval = -EFAULT;
414                         goto out;
415                 }
416                 udev->tail = (udev->tail + 1) % UINPUT_BUFFER_SIZE;
417                 retval += sizeof(struct input_event);
418         }
419
420  out:
421         mutex_unlock(&udev->mutex);
422
423         return retval;
424 }
425
426 static unsigned int uinput_poll(struct file *file, poll_table *wait)
427 {
428         struct uinput_device *udev = file->private_data;
429
430         poll_wait(file, &udev->waitq, wait);
431
432         if (udev->head != udev->tail)
433                 return POLLIN | POLLRDNORM;
434
435         return 0;
436 }
437
438 static int uinput_release(struct inode *inode, struct file *file)
439 {
440         struct uinput_device *udev = file->private_data;
441
442         uinput_destroy_device(udev);
443         kfree(udev);
444
445         return 0;
446 }
447
448 #define uinput_set_bit(_arg, _bit, _max)                \
449 ({                                                      \
450         int __ret = 0;                                  \
451         if (udev->state == UIST_CREATED)                \
452                 __ret =  -EINVAL;                       \
453         else if ((_arg) > (_max))                       \
454                 __ret = -EINVAL;                        \
455         else set_bit((_arg), udev->dev->_bit);          \
456         __ret;                                          \
457 })
458
459 static long uinput_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
460 {
461         int                     retval;
462         struct uinput_device    *udev;
463         void __user             *p = (void __user *)arg;
464         struct uinput_ff_upload ff_up;
465         struct uinput_ff_erase  ff_erase;
466         struct uinput_request   *req;
467         int                     length;
468         char                    *phys;
469
470         udev = file->private_data;
471
472         retval = mutex_lock_interruptible(&udev->mutex);
473         if (retval)
474                 return retval;
475
476         if (!udev->dev) {
477                 retval = uinput_allocate_device(udev);
478                 if (retval)
479                         goto out;
480         }
481
482         switch (cmd) {
483                 case UI_DEV_CREATE:
484                         retval = uinput_create_device(udev);
485                         break;
486
487                 case UI_DEV_DESTROY:
488                         uinput_destroy_device(udev);
489                         break;
490
491                 case UI_SET_EVBIT:
492                         retval = uinput_set_bit(arg, evbit, EV_MAX);
493                         break;
494
495                 case UI_SET_KEYBIT:
496                         retval = uinput_set_bit(arg, keybit, KEY_MAX);
497                         break;
498
499                 case UI_SET_RELBIT:
500                         retval = uinput_set_bit(arg, relbit, REL_MAX);
501                         break;
502
503                 case UI_SET_ABSBIT:
504                         retval = uinput_set_bit(arg, absbit, ABS_MAX);
505                         break;
506
507                 case UI_SET_MSCBIT:
508                         retval = uinput_set_bit(arg, mscbit, MSC_MAX);
509                         break;
510
511                 case UI_SET_LEDBIT:
512                         retval = uinput_set_bit(arg, ledbit, LED_MAX);
513                         break;
514
515                 case UI_SET_SNDBIT:
516                         retval = uinput_set_bit(arg, sndbit, SND_MAX);
517                         break;
518
519                 case UI_SET_FFBIT:
520                         retval = uinput_set_bit(arg, ffbit, FF_MAX);
521                         break;
522
523                 case UI_SET_SWBIT:
524                         retval = uinput_set_bit(arg, swbit, SW_MAX);
525                         break;
526
527                 case UI_SET_PHYS:
528                         if (udev->state == UIST_CREATED) {
529                                 retval = -EINVAL;
530                                 goto out;
531                         }
532                         length = strnlen_user(p, 1024);
533                         if (length <= 0) {
534                                 retval = -EFAULT;
535                                 break;
536                         }
537                         kfree(udev->dev->phys);
538                         udev->dev->phys = phys = kmalloc(length, GFP_KERNEL);
539                         if (!phys) {
540                                 retval = -ENOMEM;
541                                 break;
542                         }
543                         if (copy_from_user(phys, p, length)) {
544                                 udev->dev->phys = NULL;
545                                 kfree(phys);
546                                 retval = -EFAULT;
547                                 break;
548                         }
549                         phys[length - 1] = '\0';
550                         break;
551
552                 case UI_BEGIN_FF_UPLOAD:
553                         if (copy_from_user(&ff_up, p, sizeof(ff_up))) {
554                                 retval = -EFAULT;
555                                 break;
556                         }
557                         req = uinput_request_find(udev, ff_up.request_id);
558                         if (!(req && req->code == UI_FF_UPLOAD && req->u.upload.effect)) {
559                                 retval = -EINVAL;
560                                 break;
561                         }
562                         ff_up.retval = 0;
563                         memcpy(&ff_up.effect, req->u.upload.effect, sizeof(struct ff_effect));
564                         if (req->u.upload.old)
565                                 memcpy(&ff_up.old, req->u.upload.old, sizeof(struct ff_effect));
566                         else
567                                 memset(&ff_up.old, 0, sizeof(struct ff_effect));
568
569                         if (copy_to_user(p, &ff_up, sizeof(ff_up))) {
570                                 retval = -EFAULT;
571                                 break;
572                         }
573                         break;
574
575                 case UI_BEGIN_FF_ERASE:
576                         if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) {
577                                 retval = -EFAULT;
578                                 break;
579                         }
580                         req = uinput_request_find(udev, ff_erase.request_id);
581                         if (!(req && req->code == UI_FF_ERASE)) {
582                                 retval = -EINVAL;
583                                 break;
584                         }
585                         ff_erase.retval = 0;
586                         ff_erase.effect_id = req->u.effect_id;
587                         if (copy_to_user(p, &ff_erase, sizeof(ff_erase))) {
588                                 retval = -EFAULT;
589                                 break;
590                         }
591                         break;
592
593                 case UI_END_FF_UPLOAD:
594                         if (copy_from_user(&ff_up, p, sizeof(ff_up))) {
595                                 retval = -EFAULT;
596                                 break;
597                         }
598                         req = uinput_request_find(udev, ff_up.request_id);
599                         if (!(req && req->code == UI_FF_UPLOAD && req->u.upload.effect)) {
600                                 retval = -EINVAL;
601                                 break;
602                         }
603                         req->retval = ff_up.retval;
604                         uinput_request_done(udev, req);
605                         break;
606
607                 case UI_END_FF_ERASE:
608                         if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) {
609                                 retval = -EFAULT;
610                                 break;
611                         }
612                         req = uinput_request_find(udev, ff_erase.request_id);
613                         if (!(req && req->code == UI_FF_ERASE)) {
614                                 retval = -EINVAL;
615                                 break;
616                         }
617                         req->retval = ff_erase.retval;
618                         uinput_request_done(udev, req);
619                         break;
620
621                 default:
622                         retval = -EINVAL;
623         }
624
625  out:
626         mutex_unlock(&udev->mutex);
627         return retval;
628 }
629
630 static const struct file_operations uinput_fops = {
631         .owner          = THIS_MODULE,
632         .open           = uinput_open,
633         .release        = uinput_release,
634         .read           = uinput_read,
635         .write          = uinput_write,
636         .poll           = uinput_poll,
637         .unlocked_ioctl = uinput_ioctl,
638 };
639
640 static struct miscdevice uinput_misc = {
641         .fops           = &uinput_fops,
642         .minor          = UINPUT_MINOR,
643         .name           = UINPUT_NAME,
644 };
645
646 static int __init uinput_init(void)
647 {
648         return misc_register(&uinput_misc);
649 }
650
651 static void __exit uinput_exit(void)
652 {
653         misc_deregister(&uinput_misc);
654 }
655
656 MODULE_AUTHOR("Aristeu Sergio Rozanski Filho");
657 MODULE_DESCRIPTION("User level driver support for input subsystem");
658 MODULE_LICENSE("GPL");
659 MODULE_VERSION("0.3");
660
661 module_init(uinput_init);
662 module_exit(uinput_exit);
663