2 * User level driver support for input subsystem
4 * Heavily based on evdev.c by Vojtech Pavlik
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Author: Aristeu Sergio Rozanski Filho <aris@cathedrallabs.org>
23 * 0.4 01/09/2014 (Benjamin Tissoires <benjamin.tissoires@redhat.com>)
24 * - add UI_GET_SYSNAME ioctl
25 * 0.3 09/04/2006 (Anssi Hannula <anssi.hannula@gmail.com>)
26 * - updated ff support for the changes in kernel interface
27 * - added MODULE_VERSION
28 * 0.2 16/10/2004 (Micah Dowty <micah@navi.cx>)
29 * - added force feedback support
32 * - first public version
34 #include <linux/poll.h>
35 #include <linux/sched.h>
36 #include <linux/slab.h>
37 #include <linux/module.h>
38 #include <linux/init.h>
40 #include <linux/miscdevice.h>
41 #include <linux/uinput.h>
42 #include <linux/overflow.h>
43 #include <linux/input/mt.h>
44 #include "../input-compat.h"
46 static int uinput_dev_event(struct input_dev *dev,
47 unsigned int type, unsigned int code, int value)
49 struct uinput_device *udev = input_get_drvdata(dev);
51 udev->buff[udev->head].type = type;
52 udev->buff[udev->head].code = code;
53 udev->buff[udev->head].value = value;
54 do_gettimeofday(&udev->buff[udev->head].time);
55 udev->head = (udev->head + 1) % UINPUT_BUFFER_SIZE;
57 wake_up_interruptible(&udev->waitq);
62 /* Atomically allocate an ID for the given request. Returns 0 on success. */
63 static bool uinput_request_alloc_id(struct uinput_device *udev,
64 struct uinput_request *request)
67 bool reserved = false;
69 spin_lock(&udev->requests_lock);
71 for (id = 0; id < UINPUT_NUM_REQUESTS; id++) {
72 if (!udev->requests[id]) {
74 udev->requests[id] = request;
80 spin_unlock(&udev->requests_lock);
84 static struct uinput_request *uinput_request_find(struct uinput_device *udev,
87 /* Find an input request, by ID. Returns NULL if the ID isn't valid. */
88 if (id >= UINPUT_NUM_REQUESTS)
91 return udev->requests[id];
94 static int uinput_request_reserve_slot(struct uinput_device *udev,
95 struct uinput_request *request)
97 /* Allocate slot. If none are available right away, wait. */
98 return wait_event_interruptible(udev->requests_waitq,
99 uinput_request_alloc_id(udev, request));
102 static void uinput_request_release_slot(struct uinput_device *udev,
105 /* Mark slot as available */
106 spin_lock(&udev->requests_lock);
107 udev->requests[id] = NULL;
108 spin_unlock(&udev->requests_lock);
110 wake_up(&udev->requests_waitq);
113 static int uinput_request_send(struct uinput_device *udev,
114 struct uinput_request *request)
118 retval = mutex_lock_interruptible(&udev->mutex);
122 if (udev->state != UIST_CREATED) {
127 init_completion(&request->done);
130 * Tell our userspace application about this new request
131 * by queueing an input event.
133 uinput_dev_event(udev->dev, EV_UINPUT, request->code, request->id);
136 mutex_unlock(&udev->mutex);
140 static int uinput_request_submit(struct uinput_device *udev,
141 struct uinput_request *request)
145 retval = uinput_request_reserve_slot(udev, request);
149 retval = uinput_request_send(udev, request);
153 wait_for_completion(&request->done);
154 retval = request->retval;
157 uinput_request_release_slot(udev, request->id);
162 * Fail all outstanding requests so handlers don't wait for the userspace
163 * to finish processing them.
165 static void uinput_flush_requests(struct uinput_device *udev)
167 struct uinput_request *request;
170 spin_lock(&udev->requests_lock);
172 for (i = 0; i < UINPUT_NUM_REQUESTS; i++) {
173 request = udev->requests[i];
175 request->retval = -ENODEV;
176 complete(&request->done);
180 spin_unlock(&udev->requests_lock);
183 static void uinput_dev_set_gain(struct input_dev *dev, u16 gain)
185 uinput_dev_event(dev, EV_FF, FF_GAIN, gain);
188 static void uinput_dev_set_autocenter(struct input_dev *dev, u16 magnitude)
190 uinput_dev_event(dev, EV_FF, FF_AUTOCENTER, magnitude);
193 static int uinput_dev_playback(struct input_dev *dev, int effect_id, int value)
195 return uinput_dev_event(dev, EV_FF, effect_id, value);
198 static int uinput_dev_upload_effect(struct input_dev *dev,
199 struct ff_effect *effect,
200 struct ff_effect *old)
202 struct uinput_device *udev = input_get_drvdata(dev);
203 struct uinput_request request;
206 * uinput driver does not currently support periodic effects with
207 * custom waveform since it does not have a way to pass buffer of
208 * samples (custom_data) to userspace. If ever there is a device
209 * supporting custom waveforms we would need to define an additional
210 * ioctl (UI_UPLOAD_SAMPLES) but for now we just bail out.
212 if (effect->type == FF_PERIODIC &&
213 effect->u.periodic.waveform == FF_CUSTOM)
216 request.code = UI_FF_UPLOAD;
217 request.u.upload.effect = effect;
218 request.u.upload.old = old;
220 return uinput_request_submit(udev, &request);
223 static int uinput_dev_erase_effect(struct input_dev *dev, int effect_id)
225 struct uinput_device *udev = input_get_drvdata(dev);
226 struct uinput_request request;
228 if (!test_bit(EV_FF, dev->evbit))
231 request.code = UI_FF_ERASE;
232 request.u.effect_id = effect_id;
234 return uinput_request_submit(udev, &request);
237 static int uinput_dev_flush(struct input_dev *dev, struct file *file)
240 * If we are called with file == NULL that means we are tearing
241 * down the device, and therefore we can not handle FF erase
242 * requests: either we are handling UI_DEV_DESTROY (and holding
243 * the udev->mutex), or the file descriptor is closed and there is
244 * nobody on the other side anymore.
246 return file ? input_ff_flush(dev, file) : 0;
249 static void uinput_destroy_device(struct uinput_device *udev)
251 const char *name, *phys;
252 struct input_dev *dev = udev->dev;
253 enum uinput_state old_state = udev->state;
255 udev->state = UIST_NEW_DEVICE;
260 if (old_state == UIST_CREATED) {
261 uinput_flush_requests(udev);
262 input_unregister_device(dev);
264 input_free_device(dev);
272 static int uinput_create_device(struct uinput_device *udev)
274 struct input_dev *dev = udev->dev;
277 if (udev->state != UIST_SETUP_COMPLETE) {
278 printk(KERN_DEBUG "%s: write device info first\n", UINPUT_NAME);
282 if (test_bit(EV_ABS, dev->evbit)) {
283 input_alloc_absinfo(dev);
289 if (test_bit(ABS_MT_SLOT, dev->absbit)) {
290 nslot = input_abs_get_max(dev, ABS_MT_SLOT) + 1;
291 error = input_mt_init_slots(dev, nslot, 0);
294 } else if (test_bit(ABS_MT_POSITION_X, dev->absbit)) {
295 input_set_events_per_packet(dev, 60);
299 if (test_bit(EV_FF, dev->evbit) && !udev->ff_effects_max) {
300 printk(KERN_DEBUG "%s: ff_effects_max should be non-zero when FF_BIT is set\n",
306 if (udev->ff_effects_max) {
307 error = input_ff_create(dev, udev->ff_effects_max);
311 dev->ff->upload = uinput_dev_upload_effect;
312 dev->ff->erase = uinput_dev_erase_effect;
313 dev->ff->playback = uinput_dev_playback;
314 dev->ff->set_gain = uinput_dev_set_gain;
315 dev->ff->set_autocenter = uinput_dev_set_autocenter;
317 * The standard input_ff_flush() implementation does
318 * not quite work for uinput as we can't reasonably
319 * handle FF requests during device teardown.
321 dev->flush = uinput_dev_flush;
324 error = input_register_device(udev->dev);
328 udev->state = UIST_CREATED;
332 fail2: input_ff_destroy(dev);
333 fail1: uinput_destroy_device(udev);
337 static int uinput_open(struct inode *inode, struct file *file)
339 struct uinput_device *newdev;
341 newdev = kzalloc(sizeof(struct uinput_device), GFP_KERNEL);
345 mutex_init(&newdev->mutex);
346 spin_lock_init(&newdev->requests_lock);
347 init_waitqueue_head(&newdev->requests_waitq);
348 init_waitqueue_head(&newdev->waitq);
349 newdev->state = UIST_NEW_DEVICE;
351 file->private_data = newdev;
352 nonseekable_open(inode, file);
357 static int uinput_validate_absinfo(struct input_dev *dev, unsigned int code,
358 const struct input_absinfo *abs)
365 if ((min != 0 || max != 0) && max <= min) {
367 "%s: invalid abs[%02x] min:%d max:%d\n",
368 UINPUT_NAME, code, min, max);
372 if (!check_sub_overflow(max, min, &range) && abs->flat > range) {
374 "%s: abs_flat #%02x out of range: %d (min:%d/max:%d)\n",
375 UINPUT_NAME, code, abs->flat, min, max);
382 static int uinput_validate_absbits(struct input_dev *dev)
387 if (!test_bit(EV_ABS, dev->evbit))
391 * Check if absmin/absmax/absfuzz/absflat are sane.
394 for_each_set_bit(cnt, dev->absbit, ABS_CNT) {
398 error = uinput_validate_absinfo(dev, cnt, &dev->absinfo[cnt]);
406 static int uinput_allocate_device(struct uinput_device *udev)
408 udev->dev = input_allocate_device();
412 udev->dev->event = uinput_dev_event;
413 input_set_drvdata(udev->dev, udev);
418 static int uinput_dev_setup(struct uinput_device *udev,
419 struct uinput_setup __user *arg)
421 struct uinput_setup setup;
422 struct input_dev *dev;
424 if (udev->state == UIST_CREATED)
427 if (copy_from_user(&setup, arg, sizeof(setup)))
435 udev->ff_effects_max = setup.ff_effects_max;
438 dev->name = kstrndup(setup.name, UINPUT_MAX_NAME_SIZE, GFP_KERNEL);
442 udev->state = UIST_SETUP_COMPLETE;
446 static int uinput_abs_setup(struct uinput_device *udev,
447 struct uinput_setup __user *arg, size_t size)
449 struct uinput_abs_setup setup = {};
450 struct input_dev *dev;
453 if (size > sizeof(setup))
456 if (udev->state == UIST_CREATED)
459 if (copy_from_user(&setup, arg, size))
462 if (setup.code > ABS_MAX)
467 error = uinput_validate_absinfo(dev, setup.code, &setup.absinfo);
471 input_alloc_absinfo(dev);
475 set_bit(setup.code, dev->absbit);
476 dev->absinfo[setup.code] = setup.absinfo;
480 /* legacy setup via write() */
481 static int uinput_setup_device_legacy(struct uinput_device *udev,
482 const char __user *buffer, size_t count)
484 struct uinput_user_dev *user_dev;
485 struct input_dev *dev;
489 if (count != sizeof(struct uinput_user_dev))
493 retval = uinput_allocate_device(udev);
500 user_dev = memdup_user(buffer, sizeof(struct uinput_user_dev));
501 if (IS_ERR(user_dev))
502 return PTR_ERR(user_dev);
504 udev->ff_effects_max = user_dev->ff_effects_max;
506 /* Ensure name is filled in */
507 if (!user_dev->name[0]) {
513 dev->name = kstrndup(user_dev->name, UINPUT_MAX_NAME_SIZE,
520 dev->id.bustype = user_dev->id.bustype;
521 dev->id.vendor = user_dev->id.vendor;
522 dev->id.product = user_dev->id.product;
523 dev->id.version = user_dev->id.version;
525 for (i = 0; i < ABS_CNT; i++) {
526 input_abs_set_max(dev, i, user_dev->absmax[i]);
527 input_abs_set_min(dev, i, user_dev->absmin[i]);
528 input_abs_set_fuzz(dev, i, user_dev->absfuzz[i]);
529 input_abs_set_flat(dev, i, user_dev->absflat[i]);
532 retval = uinput_validate_absbits(dev);
536 udev->state = UIST_SETUP_COMPLETE;
544 static ssize_t uinput_inject_events(struct uinput_device *udev,
545 const char __user *buffer, size_t count)
547 struct input_event ev;
550 if (count != 0 && count < input_event_size())
553 while (bytes + input_event_size() <= count) {
555 * Note that even if some events were fetched successfully
556 * we are still going to return EFAULT instead of partial
557 * count to let userspace know that it got it's buffers
560 if (input_event_from_user(buffer + bytes, &ev))
563 input_event(udev->dev, ev.type, ev.code, ev.value);
564 bytes += input_event_size();
570 static ssize_t uinput_write(struct file *file, const char __user *buffer,
571 size_t count, loff_t *ppos)
573 struct uinput_device *udev = file->private_data;
579 retval = mutex_lock_interruptible(&udev->mutex);
583 retval = udev->state == UIST_CREATED ?
584 uinput_inject_events(udev, buffer, count) :
585 uinput_setup_device_legacy(udev, buffer, count);
587 mutex_unlock(&udev->mutex);
592 static bool uinput_fetch_next_event(struct uinput_device *udev,
593 struct input_event *event)
597 spin_lock_irq(&udev->dev->event_lock);
599 have_event = udev->head != udev->tail;
601 *event = udev->buff[udev->tail];
602 udev->tail = (udev->tail + 1) % UINPUT_BUFFER_SIZE;
605 spin_unlock_irq(&udev->dev->event_lock);
610 static ssize_t uinput_events_to_user(struct uinput_device *udev,
611 char __user *buffer, size_t count)
613 struct input_event event;
616 while (read + input_event_size() <= count &&
617 uinput_fetch_next_event(udev, &event)) {
619 if (input_event_to_user(buffer + read, &event))
622 read += input_event_size();
628 static ssize_t uinput_read(struct file *file, char __user *buffer,
629 size_t count, loff_t *ppos)
631 struct uinput_device *udev = file->private_data;
634 if (count != 0 && count < input_event_size())
638 retval = mutex_lock_interruptible(&udev->mutex);
642 if (udev->state != UIST_CREATED)
644 else if (udev->head == udev->tail &&
645 (file->f_flags & O_NONBLOCK))
648 retval = uinput_events_to_user(udev, buffer, count);
650 mutex_unlock(&udev->mutex);
652 if (retval || count == 0)
655 if (!(file->f_flags & O_NONBLOCK))
656 retval = wait_event_interruptible(udev->waitq,
657 udev->head != udev->tail ||
658 udev->state != UIST_CREATED);
659 } while (retval == 0);
664 static unsigned int uinput_poll(struct file *file, poll_table *wait)
666 struct uinput_device *udev = file->private_data;
668 poll_wait(file, &udev->waitq, wait);
670 if (udev->head != udev->tail)
671 return POLLIN | POLLRDNORM;
676 static int uinput_release(struct inode *inode, struct file *file)
678 struct uinput_device *udev = file->private_data;
680 uinput_destroy_device(udev);
687 struct uinput_ff_upload_compat {
690 struct ff_effect_compat effect;
691 struct ff_effect_compat old;
694 static int uinput_ff_upload_to_user(char __user *buffer,
695 const struct uinput_ff_upload *ff_up)
697 if (in_compat_syscall()) {
698 struct uinput_ff_upload_compat ff_up_compat;
700 ff_up_compat.request_id = ff_up->request_id;
701 ff_up_compat.retval = ff_up->retval;
703 * It so happens that the pointer that gives us the trouble
704 * is the last field in the structure. Since we don't support
705 * custom waveforms in uinput anyway we can just copy the whole
706 * thing (to the compat size) and ignore the pointer.
708 memcpy(&ff_up_compat.effect, &ff_up->effect,
709 sizeof(struct ff_effect_compat));
710 memcpy(&ff_up_compat.old, &ff_up->old,
711 sizeof(struct ff_effect_compat));
713 if (copy_to_user(buffer, &ff_up_compat,
714 sizeof(struct uinput_ff_upload_compat)))
717 if (copy_to_user(buffer, ff_up,
718 sizeof(struct uinput_ff_upload)))
725 static int uinput_ff_upload_from_user(const char __user *buffer,
726 struct uinput_ff_upload *ff_up)
728 if (in_compat_syscall()) {
729 struct uinput_ff_upload_compat ff_up_compat;
731 if (copy_from_user(&ff_up_compat, buffer,
732 sizeof(struct uinput_ff_upload_compat)))
735 ff_up->request_id = ff_up_compat.request_id;
736 ff_up->retval = ff_up_compat.retval;
737 memcpy(&ff_up->effect, &ff_up_compat.effect,
738 sizeof(struct ff_effect_compat));
739 memcpy(&ff_up->old, &ff_up_compat.old,
740 sizeof(struct ff_effect_compat));
743 if (copy_from_user(ff_up, buffer,
744 sizeof(struct uinput_ff_upload)))
753 static int uinput_ff_upload_to_user(char __user *buffer,
754 const struct uinput_ff_upload *ff_up)
756 if (copy_to_user(buffer, ff_up, sizeof(struct uinput_ff_upload)))
762 static int uinput_ff_upload_from_user(const char __user *buffer,
763 struct uinput_ff_upload *ff_up)
765 if (copy_from_user(ff_up, buffer, sizeof(struct uinput_ff_upload)))
773 #define uinput_set_bit(_arg, _bit, _max) \
776 if (udev->state == UIST_CREATED) \
778 else if ((_arg) > (_max)) \
780 else set_bit((_arg), udev->dev->_bit); \
784 static int uinput_str_to_user(void __user *dest, const char *str,
787 char __user *p = dest;
796 len = strlen(str) + 1;
800 ret = copy_to_user(p, str, len);
804 /* force terminating '\0' */
805 ret = put_user(0, p + len - 1);
806 return ret ? -EFAULT : len;
809 static long uinput_ioctl_handler(struct file *file, unsigned int cmd,
810 unsigned long arg, void __user *p)
813 struct uinput_device *udev = file->private_data;
814 struct uinput_ff_upload ff_up;
815 struct uinput_ff_erase ff_erase;
816 struct uinput_request *req;
821 retval = mutex_lock_interruptible(&udev->mutex);
826 retval = uinput_allocate_device(udev);
833 if (put_user(UINPUT_VERSION,
834 (unsigned int __user *)p))
839 retval = uinput_create_device(udev);
843 uinput_destroy_device(udev);
847 retval = uinput_dev_setup(udev, p);
850 /* UI_ABS_SETUP is handled in the variable size ioctls */
853 retval = uinput_set_bit(arg, evbit, EV_MAX);
857 retval = uinput_set_bit(arg, keybit, KEY_MAX);
861 retval = uinput_set_bit(arg, relbit, REL_MAX);
865 retval = uinput_set_bit(arg, absbit, ABS_MAX);
869 retval = uinput_set_bit(arg, mscbit, MSC_MAX);
873 retval = uinput_set_bit(arg, ledbit, LED_MAX);
877 retval = uinput_set_bit(arg, sndbit, SND_MAX);
881 retval = uinput_set_bit(arg, ffbit, FF_MAX);
885 retval = uinput_set_bit(arg, swbit, SW_MAX);
889 retval = uinput_set_bit(arg, propbit, INPUT_PROP_MAX);
893 if (udev->state == UIST_CREATED) {
898 phys = strndup_user(p, 1024);
900 retval = PTR_ERR(phys);
904 kfree(udev->dev->phys);
905 udev->dev->phys = phys;
908 case UI_BEGIN_FF_UPLOAD:
909 retval = uinput_ff_upload_from_user(p, &ff_up);
913 req = uinput_request_find(udev, ff_up.request_id);
914 if (!req || req->code != UI_FF_UPLOAD ||
915 !req->u.upload.effect) {
921 ff_up.effect = *req->u.upload.effect;
922 if (req->u.upload.old)
923 ff_up.old = *req->u.upload.old;
925 memset(&ff_up.old, 0, sizeof(struct ff_effect));
927 retval = uinput_ff_upload_to_user(p, &ff_up);
930 case UI_BEGIN_FF_ERASE:
931 if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) {
936 req = uinput_request_find(udev, ff_erase.request_id);
937 if (!req || req->code != UI_FF_ERASE) {
943 ff_erase.effect_id = req->u.effect_id;
944 if (copy_to_user(p, &ff_erase, sizeof(ff_erase))) {
951 case UI_END_FF_UPLOAD:
952 retval = uinput_ff_upload_from_user(p, &ff_up);
956 req = uinput_request_find(udev, ff_up.request_id);
957 if (!req || req->code != UI_FF_UPLOAD ||
958 !req->u.upload.effect) {
963 req->retval = ff_up.retval;
964 complete(&req->done);
967 case UI_END_FF_ERASE:
968 if (copy_from_user(&ff_erase, p, sizeof(ff_erase))) {
973 req = uinput_request_find(udev, ff_erase.request_id);
974 if (!req || req->code != UI_FF_ERASE) {
979 req->retval = ff_erase.retval;
980 complete(&req->done);
984 size = _IOC_SIZE(cmd);
986 /* Now check variable-length commands */
987 switch (cmd & ~IOCSIZE_MASK) {
988 case UI_GET_SYSNAME(0):
989 if (udev->state != UIST_CREATED) {
993 name = dev_name(&udev->dev->dev);
994 retval = uinput_str_to_user(p, name, size);
997 case UI_ABS_SETUP & ~IOCSIZE_MASK:
998 retval = uinput_abs_setup(udev, p, size);
1004 mutex_unlock(&udev->mutex);
1008 static long uinput_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1010 return uinput_ioctl_handler(file, cmd, arg, (void __user *)arg);
1013 #ifdef CONFIG_COMPAT
1016 * These IOCTLs change their size and thus their numbers between
1019 #define UI_SET_PHYS_COMPAT \
1020 _IOW(UINPUT_IOCTL_BASE, 108, compat_uptr_t)
1021 #define UI_BEGIN_FF_UPLOAD_COMPAT \
1022 _IOWR(UINPUT_IOCTL_BASE, 200, struct uinput_ff_upload_compat)
1023 #define UI_END_FF_UPLOAD_COMPAT \
1024 _IOW(UINPUT_IOCTL_BASE, 201, struct uinput_ff_upload_compat)
1026 static long uinput_compat_ioctl(struct file *file,
1027 unsigned int cmd, unsigned long arg)
1030 case UI_SET_PHYS_COMPAT:
1033 case UI_BEGIN_FF_UPLOAD_COMPAT:
1034 cmd = UI_BEGIN_FF_UPLOAD;
1036 case UI_END_FF_UPLOAD_COMPAT:
1037 cmd = UI_END_FF_UPLOAD;
1041 return uinput_ioctl_handler(file, cmd, arg, compat_ptr(arg));
1045 static const struct file_operations uinput_fops = {
1046 .owner = THIS_MODULE,
1047 .open = uinput_open,
1048 .release = uinput_release,
1049 .read = uinput_read,
1050 .write = uinput_write,
1051 .poll = uinput_poll,
1052 .unlocked_ioctl = uinput_ioctl,
1053 #ifdef CONFIG_COMPAT
1054 .compat_ioctl = uinput_compat_ioctl,
1056 .llseek = no_llseek,
1059 static struct miscdevice uinput_misc = {
1060 .fops = &uinput_fops,
1061 .minor = UINPUT_MINOR,
1062 .name = UINPUT_NAME,
1064 module_misc_device(uinput_misc);
1066 MODULE_ALIAS_MISCDEV(UINPUT_MINOR);
1067 MODULE_ALIAS("devname:" UINPUT_NAME);
1069 MODULE_AUTHOR("Aristeu Sergio Rozanski Filho");
1070 MODULE_DESCRIPTION("User level driver support for input subsystem");
1071 MODULE_LICENSE("GPL");
1072 MODULE_VERSION("0.3");
projects / releases.git / blob