1// SPDX-License-Identifier: GPL-2.0+ 2/* 3 * comedi/comedi_fops.c 4 * comedi kernel module 5 * 6 * COMEDI - Linux Control and Measurement Device Interface 7 * Copyright (C) 1997-2007 David A. Schleef <ds@schleef.org> 8 * compat ioctls: 9 * Author: Ian Abbott, MEV Ltd. <abbotti@mev.co.uk> 10 * Copyright (C) 2007 MEV Ltd. <http://www.mev.co.uk/> 11 */ 12 13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 15#include <linux/module.h> 16#include <linux/errno.h> 17#include <linux/kernel.h> 18#include <linux/sched/signal.h> 19#include <linux/fcntl.h> 20#include <linux/delay.h> 21#include <linux/mm.h> 22#include <linux/slab.h> 23#include <linux/poll.h> 24#include <linux/device.h> 25#include <linux/fs.h> 26#include <linux/comedi/comedidev.h> 27#include <linux/cdev.h> 28 29#include <linux/io.h> 30#include <linux/uaccess.h> 31#include <linux/compat.h> 32 33#include "comedi_internal.h" 34 35/* 36 * comedi_subdevice "runflags" 37 * COMEDI_SRF_RT: DEPRECATED: command is running real-time 38 * COMEDI_SRF_ERROR: indicates an COMEDI_CB_ERROR event has occurred 39 * since the last command was started 40 * COMEDI_SRF_RUNNING: command is running 41 * COMEDI_SRF_FREE_SPRIV: free s->private on detach 42 * 43 * COMEDI_SRF_BUSY_MASK: runflags that indicate the subdevice is "busy" 44 */ 45#define COMEDI_SRF_RT BIT(1) 46#define COMEDI_SRF_ERROR BIT(2) 47#define COMEDI_SRF_RUNNING BIT(27) 48#define COMEDI_SRF_FREE_SPRIV BIT(31) 49 50#define COMEDI_SRF_BUSY_MASK (COMEDI_SRF_ERROR | COMEDI_SRF_RUNNING) 51 52/** 53 * struct comedi_file - Per-file private data for COMEDI device 54 * @dev: COMEDI device. 55 * @read_subdev: Current "read" subdevice. 56 * @write_subdev: Current "write" subdevice. 57 * @last_detach_count: Last known detach count. 58 * @last_attached: Last known attached/detached state. 59 */ 60struct comedi_file { 61 struct comedi_device *dev; 62 struct comedi_subdevice *read_subdev; 63 struct comedi_subdevice *write_subdev; 64 unsigned int last_detach_count; 65 unsigned int last_attached:1; 66}; 67 68#define COMEDI_NUM_MINORS 0x100 69#define COMEDI_NUM_SUBDEVICE_MINORS \ 70 (COMEDI_NUM_MINORS - COMEDI_NUM_BOARD_MINORS) 71 72static unsigned short comedi_num_legacy_minors; 73module_param(comedi_num_legacy_minors, ushort, 0444); 74MODULE_PARM_DESC(comedi_num_legacy_minors, 75 "number of comedi minor devices to reserve for non-auto-configured devices (default 0)" 76 ); 77 78unsigned int comedi_default_buf_size_kb = CONFIG_COMEDI_DEFAULT_BUF_SIZE_KB; 79module_param(comedi_default_buf_size_kb, uint, 0644); 80MODULE_PARM_DESC(comedi_default_buf_size_kb, 81 "default asynchronous buffer size in KiB (default " 82 __MODULE_STRING(CONFIG_COMEDI_DEFAULT_BUF_SIZE_KB) ")"); 83 84unsigned int comedi_default_buf_maxsize_kb = 85 CONFIG_COMEDI_DEFAULT_BUF_MAXSIZE_KB; 86module_param(comedi_default_buf_maxsize_kb, uint, 0644); 87MODULE_PARM_DESC(comedi_default_buf_maxsize_kb, 88 "default maximum size of asynchronous buffer in KiB (default " 89 __MODULE_STRING(CONFIG_COMEDI_DEFAULT_BUF_MAXSIZE_KB) ")"); 90 91static DEFINE_MUTEX(comedi_board_minor_table_lock); 92static struct comedi_device 93*comedi_board_minor_table[COMEDI_NUM_BOARD_MINORS]; 94 95static DEFINE_MUTEX(comedi_subdevice_minor_table_lock); 96/* Note: indexed by minor - COMEDI_NUM_BOARD_MINORS. */ 97static struct comedi_subdevice 98*comedi_subdevice_minor_table[COMEDI_NUM_SUBDEVICE_MINORS]; 99 100static struct cdev comedi_cdev; 101 102static void comedi_device_init(struct comedi_device *dev) 103{ 104 kref_init(&dev->refcount); 105 spin_lock_init(&dev->spinlock); 106 mutex_init(&dev->mutex); 107 init_rwsem(&dev->attach_lock); 108 dev->minor = -1; 109} 110 111static void comedi_dev_kref_release(struct kref *kref) 112{ 113 struct comedi_device *dev = 114 container_of(kref, struct comedi_device, refcount); 115 116 mutex_destroy(&dev->mutex); 117 put_device(dev->class_dev); 118 kfree(dev); 119} 120 121/** 122 * comedi_dev_put() - Release a use of a COMEDI device 123 * @dev: COMEDI device. 124 * 125 * Must be called when a user of a COMEDI device is finished with it. 126 * When the last user of the COMEDI device calls this function, the 127 * COMEDI device is destroyed. 128 * 129 * Return: 1 if the COMEDI device is destroyed by this call or @dev is 130 * NULL, otherwise return 0. Callers must not assume the COMEDI 131 * device is still valid if this function returns 0. 132 */ 133int comedi_dev_put(struct comedi_device *dev) 134{ 135 if (dev) 136 return kref_put(&dev->refcount, comedi_dev_kref_release); 137 return 1; 138} 139EXPORT_SYMBOL_GPL(comedi_dev_put); 140 141static struct comedi_device *comedi_dev_get(struct comedi_device *dev) 142{ 143 if (dev) 144 kref_get(&dev->refcount); 145 return dev; 146} 147 148static void comedi_device_cleanup(struct comedi_device *dev) 149{ 150 struct module *driver_module = NULL; 151 152 if (!dev) 153 return; 154 mutex_lock(&dev->mutex); 155 if (dev->attached) 156 driver_module = dev->driver->module; 157 comedi_device_detach(dev); 158 if (driver_module && dev->use_count) 159 module_put(driver_module); 160 mutex_unlock(&dev->mutex); 161} 162 163static bool comedi_clear_board_dev(struct comedi_device *dev) 164{ 165 unsigned int i = dev->minor; 166 bool cleared = false; 167 168 lockdep_assert_held(&dev->mutex); 169 mutex_lock(&comedi_board_minor_table_lock); 170 if (dev == comedi_board_minor_table[i]) { 171 comedi_board_minor_table[i] = NULL; 172 cleared = true; 173 } 174 mutex_unlock(&comedi_board_minor_table_lock); 175 return cleared; 176} 177 178static struct comedi_device *comedi_clear_board_minor(unsigned int minor) 179{ 180 struct comedi_device *dev; 181 182 mutex_lock(&comedi_board_minor_table_lock); 183 dev = comedi_board_minor_table[minor]; 184 comedi_board_minor_table[minor] = NULL; 185 mutex_unlock(&comedi_board_minor_table_lock); 186 return dev; 187} 188 189static struct comedi_subdevice * 190comedi_subdevice_from_minor(const struct comedi_device *dev, unsigned int minor) 191{ 192 struct comedi_subdevice *s; 193 unsigned int i = minor - COMEDI_NUM_BOARD_MINORS; 194 195 mutex_lock(&comedi_subdevice_minor_table_lock); 196 s = comedi_subdevice_minor_table[i]; 197 if (s && s->device != dev) 198 s = NULL; 199 mutex_unlock(&comedi_subdevice_minor_table_lock); 200 return s; 201} 202 203static struct comedi_device *comedi_dev_get_from_board_minor(unsigned int minor) 204{ 205 struct comedi_device *dev; 206 207 mutex_lock(&comedi_board_minor_table_lock); 208 dev = comedi_dev_get(comedi_board_minor_table[minor]); 209 mutex_unlock(&comedi_board_minor_table_lock); 210 return dev; 211} 212 213static struct comedi_device * 214comedi_dev_get_from_subdevice_minor(unsigned int minor) 215{ 216 struct comedi_device *dev; 217 struct comedi_subdevice *s; 218 unsigned int i = minor - COMEDI_NUM_BOARD_MINORS; 219 220 mutex_lock(&comedi_subdevice_minor_table_lock); 221 s = comedi_subdevice_minor_table[i]; 222 dev = comedi_dev_get(s ? s->device : NULL); 223 mutex_unlock(&comedi_subdevice_minor_table_lock); 224 return dev; 225} 226 227/** 228 * comedi_dev_get_from_minor() - Get COMEDI device by minor device number 229 * @minor: Minor device number. 230 * 231 * Finds the COMEDI device associated with the minor device number, if any, 232 * and increments its reference count. The COMEDI device is prevented from 233 * being freed until a matching call is made to comedi_dev_put(). 234 * 235 * Return: A pointer to the COMEDI device if it exists, with its usage 236 * reference incremented. Return NULL if no COMEDI device exists with the 237 * specified minor device number. 238 */ 239struct comedi_device *comedi_dev_get_from_minor(unsigned int minor) 240{ 241 if (minor < COMEDI_NUM_BOARD_MINORS) 242 return comedi_dev_get_from_board_minor(minor); 243 244 return comedi_dev_get_from_subdevice_minor(minor); 245} 246EXPORT_SYMBOL_GPL(comedi_dev_get_from_minor); 247 248static struct comedi_subdevice * 249comedi_read_subdevice(const struct comedi_device *dev, unsigned int minor) 250{ 251 struct comedi_subdevice *s; 252 253 lockdep_assert_held(&dev->mutex); 254 if (minor >= COMEDI_NUM_BOARD_MINORS) { 255 s = comedi_subdevice_from_minor(dev, minor); 256 if (!s || (s->subdev_flags & SDF_CMD_READ)) 257 return s; 258 } 259 return dev->read_subdev; 260} 261 262static struct comedi_subdevice * 263comedi_write_subdevice(const struct comedi_device *dev, unsigned int minor) 264{ 265 struct comedi_subdevice *s; 266 267 lockdep_assert_held(&dev->mutex); 268 if (minor >= COMEDI_NUM_BOARD_MINORS) { 269 s = comedi_subdevice_from_minor(dev, minor); 270 if (!s || (s->subdev_flags & SDF_CMD_WRITE)) 271 return s; 272 } 273 return dev->write_subdev; 274} 275 276static void comedi_file_reset(struct file *file) 277{ 278 struct comedi_file *cfp = file->private_data; 279 struct comedi_device *dev = cfp->dev; 280 struct comedi_subdevice *s, *read_s, *write_s; 281 unsigned int minor = iminor(file_inode(file)); 282 283 read_s = dev->read_subdev; 284 write_s = dev->write_subdev; 285 if (minor >= COMEDI_NUM_BOARD_MINORS) { 286 s = comedi_subdevice_from_minor(dev, minor); 287 if (!s || s->subdev_flags & SDF_CMD_READ) 288 read_s = s; 289 if (!s || s->subdev_flags & SDF_CMD_WRITE) 290 write_s = s; 291 } 292 cfp->last_attached = dev->attached; 293 cfp->last_detach_count = dev->detach_count; 294 WRITE_ONCE(cfp->read_subdev, read_s); 295 WRITE_ONCE(cfp->write_subdev, write_s); 296} 297 298static void comedi_file_check(struct file *file) 299{ 300 struct comedi_file *cfp = file->private_data; 301 struct comedi_device *dev = cfp->dev; 302 303 if (cfp->last_attached != dev->attached || 304 cfp->last_detach_count != dev->detach_count) 305 comedi_file_reset(file); 306} 307 308static struct comedi_subdevice *comedi_file_read_subdevice(struct file *file) 309{ 310 struct comedi_file *cfp = file->private_data; 311 312 comedi_file_check(file); 313 return READ_ONCE(cfp->read_subdev); 314} 315 316static struct comedi_subdevice *comedi_file_write_subdevice(struct file *file) 317{ 318 struct comedi_file *cfp = file->private_data; 319 320 comedi_file_check(file); 321 return READ_ONCE(cfp->write_subdev); 322} 323 324static int resize_async_buffer(struct comedi_device *dev, 325 struct comedi_subdevice *s, 326 unsigned int new_size) 327{ 328 struct comedi_async *async = s->async; 329 int retval; 330 331 lockdep_assert_held(&dev->mutex); 332 333 if (new_size > async->max_bufsize) 334 return -EPERM; 335 336 if (s->busy) { 337 dev_dbg(dev->class_dev, 338 "subdevice is busy, cannot resize buffer\n"); 339 return -EBUSY; 340 } 341 if (comedi_buf_is_mmapped(s)) { 342 dev_dbg(dev->class_dev, 343 "subdevice is mmapped, cannot resize buffer\n"); 344 return -EBUSY; 345 } 346 347 /* make sure buffer is an integral number of pages (we round up) */ 348 new_size = (new_size + PAGE_SIZE - 1) & PAGE_MASK; 349 350 retval = comedi_buf_alloc(dev, s, new_size); 351 if (retval < 0) 352 return retval; 353 354 if (s->buf_change) { 355 retval = s->buf_change(dev, s); 356 if (retval < 0) 357 return retval; 358 } 359 360 dev_dbg(dev->class_dev, "subd %d buffer resized to %i bytes\n", 361 s->index, async->prealloc_bufsz); 362 return 0; 363} 364 365/* sysfs attribute files */ 366 367static ssize_t max_read_buffer_kb_show(struct device *csdev, 368 struct device_attribute *attr, char *buf) 369{ 370 unsigned int minor = MINOR(csdev->devt); 371 struct comedi_device *dev; 372 struct comedi_subdevice *s; 373 unsigned int size = 0; 374 375 dev = comedi_dev_get_from_minor(minor); 376 if (!dev) 377 return -ENODEV; 378 379 mutex_lock(&dev->mutex); 380 s = comedi_read_subdevice(dev, minor); 381 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async) 382 size = s->async->max_bufsize / 1024; 383 mutex_unlock(&dev->mutex); 384 385 comedi_dev_put(dev); 386 return sysfs_emit(buf, "%u\n", size); 387} 388 389static ssize_t max_read_buffer_kb_store(struct device *csdev, 390 struct device_attribute *attr, 391 const char *buf, size_t count) 392{ 393 unsigned int minor = MINOR(csdev->devt); 394 struct comedi_device *dev; 395 struct comedi_subdevice *s; 396 unsigned int size; 397 int err; 398 399 err = kstrtouint(buf, 10, &size); 400 if (err) 401 return err; 402 if (size > (UINT_MAX / 1024)) 403 return -EINVAL; 404 size *= 1024; 405 406 dev = comedi_dev_get_from_minor(minor); 407 if (!dev) 408 return -ENODEV; 409 410 mutex_lock(&dev->mutex); 411 s = comedi_read_subdevice(dev, minor); 412 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async) 413 s->async->max_bufsize = size; 414 else 415 err = -EINVAL; 416 mutex_unlock(&dev->mutex); 417 418 comedi_dev_put(dev); 419 return err ? err : count; 420} 421static DEVICE_ATTR_RW(max_read_buffer_kb); 422 423static ssize_t read_buffer_kb_show(struct device *csdev, 424 struct device_attribute *attr, char *buf) 425{ 426 unsigned int minor = MINOR(csdev->devt); 427 struct comedi_device *dev; 428 struct comedi_subdevice *s; 429 unsigned int size = 0; 430 431 dev = comedi_dev_get_from_minor(minor); 432 if (!dev) 433 return -ENODEV; 434 435 mutex_lock(&dev->mutex); 436 s = comedi_read_subdevice(dev, minor); 437 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async) 438 size = s->async->prealloc_bufsz / 1024; 439 mutex_unlock(&dev->mutex); 440 441 comedi_dev_put(dev); 442 return sysfs_emit(buf, "%u\n", size); 443} 444 445static ssize_t read_buffer_kb_store(struct device *csdev, 446 struct device_attribute *attr, 447 const char *buf, size_t count) 448{ 449 unsigned int minor = MINOR(csdev->devt); 450 struct comedi_device *dev; 451 struct comedi_subdevice *s; 452 unsigned int size; 453 int err; 454 455 err = kstrtouint(buf, 10, &size); 456 if (err) 457 return err; 458 if (size > (UINT_MAX / 1024)) 459 return -EINVAL; 460 size *= 1024; 461 462 dev = comedi_dev_get_from_minor(minor); 463 if (!dev) 464 return -ENODEV; 465 466 mutex_lock(&dev->mutex); 467 s = comedi_read_subdevice(dev, minor); 468 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async) 469 err = resize_async_buffer(dev, s, size); 470 else 471 err = -EINVAL; 472 mutex_unlock(&dev->mutex); 473 474 comedi_dev_put(dev); 475 return err ? err : count; 476} 477static DEVICE_ATTR_RW(read_buffer_kb); 478 479static ssize_t max_write_buffer_kb_show(struct device *csdev, 480 struct device_attribute *attr, 481 char *buf) 482{ 483 unsigned int minor = MINOR(csdev->devt); 484 struct comedi_device *dev; 485 struct comedi_subdevice *s; 486 unsigned int size = 0; 487 488 dev = comedi_dev_get_from_minor(minor); 489 if (!dev) 490 return -ENODEV; 491 492 mutex_lock(&dev->mutex); 493 s = comedi_write_subdevice(dev, minor); 494 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async) 495 size = s->async->max_bufsize / 1024; 496 mutex_unlock(&dev->mutex); 497 498 comedi_dev_put(dev); 499 return sysfs_emit(buf, "%u\n", size); 500} 501 502static ssize_t max_write_buffer_kb_store(struct device *csdev, 503 struct device_attribute *attr, 504 const char *buf, size_t count) 505{ 506 unsigned int minor = MINOR(csdev->devt); 507 struct comedi_device *dev; 508 struct comedi_subdevice *s; 509 unsigned int size; 510 int err; 511 512 err = kstrtouint(buf, 10, &size); 513 if (err) 514 return err; 515 if (size > (UINT_MAX / 1024)) 516 return -EINVAL; 517 size *= 1024; 518 519 dev = comedi_dev_get_from_minor(minor); 520 if (!dev) 521 return -ENODEV; 522 523 mutex_lock(&dev->mutex); 524 s = comedi_write_subdevice(dev, minor); 525 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async) 526 s->async->max_bufsize = size; 527 else 528 err = -EINVAL; 529 mutex_unlock(&dev->mutex); 530 531 comedi_dev_put(dev); 532 return err ? err : count; 533} 534static DEVICE_ATTR_RW(max_write_buffer_kb); 535 536static ssize_t write_buffer_kb_show(struct device *csdev, 537 struct device_attribute *attr, char *buf) 538{ 539 unsigned int minor = MINOR(csdev->devt); 540 struct comedi_device *dev; 541 struct comedi_subdevice *s; 542 unsigned int size = 0; 543 544 dev = comedi_dev_get_from_minor(minor); 545 if (!dev) 546 return -ENODEV; 547 548 mutex_lock(&dev->mutex); 549 s = comedi_write_subdevice(dev, minor); 550 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async) 551 size = s->async->prealloc_bufsz / 1024; 552 mutex_unlock(&dev->mutex); 553 554 comedi_dev_put(dev); 555 return sysfs_emit(buf, "%u\n", size); 556} 557 558static ssize_t write_buffer_kb_store(struct device *csdev, 559 struct device_attribute *attr, 560 const char *buf, size_t count) 561{ 562 unsigned int minor = MINOR(csdev->devt); 563 struct comedi_device *dev; 564 struct comedi_subdevice *s; 565 unsigned int size; 566 int err; 567 568 err = kstrtouint(buf, 10, &size); 569 if (err) 570 return err; 571 if (size > (UINT_MAX / 1024)) 572 return -EINVAL; 573 size *= 1024; 574 575 dev = comedi_dev_get_from_minor(minor); 576 if (!dev) 577 return -ENODEV; 578 579 mutex_lock(&dev->mutex); 580 s = comedi_write_subdevice(dev, minor); 581 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async) 582 err = resize_async_buffer(dev, s, size); 583 else 584 err = -EINVAL; 585 mutex_unlock(&dev->mutex); 586 587 comedi_dev_put(dev); 588 return err ? err : count; 589} 590static DEVICE_ATTR_RW(write_buffer_kb); 591 592static struct attribute *comedi_dev_attrs[] = { 593 &dev_attr_max_read_buffer_kb.attr, 594 &dev_attr_read_buffer_kb.attr, 595 &dev_attr_max_write_buffer_kb.attr, 596 &dev_attr_write_buffer_kb.attr, 597 NULL, 598}; 599ATTRIBUTE_GROUPS(comedi_dev); 600 601static const struct class comedi_class = { 602 .name = "comedi", 603 .dev_groups = comedi_dev_groups, 604}; 605 606static void comedi_free_board_dev(struct comedi_device *dev) 607{ 608 if (dev) { 609 comedi_device_cleanup(dev); 610 if (dev->class_dev) { 611 device_destroy(&comedi_class, 612 MKDEV(COMEDI_MAJOR, dev->minor)); 613 } 614 comedi_dev_put(dev); 615 } 616} 617 618static void __comedi_clear_subdevice_runflags(struct comedi_subdevice *s, 619 unsigned int bits) 620{ 621 s->runflags &= ~bits; 622} 623 624static void __comedi_set_subdevice_runflags(struct comedi_subdevice *s, 625 unsigned int bits) 626{ 627 s->runflags |= bits; 628} 629 630static void comedi_update_subdevice_runflags(struct comedi_subdevice *s, 631 unsigned int mask, 632 unsigned int bits) 633{ 634 unsigned long flags; 635 636 spin_lock_irqsave(&s->spin_lock, flags); 637 __comedi_clear_subdevice_runflags(s, mask); 638 __comedi_set_subdevice_runflags(s, bits & mask); 639 spin_unlock_irqrestore(&s->spin_lock, flags); 640} 641 642static unsigned int __comedi_get_subdevice_runflags(struct comedi_subdevice *s) 643{ 644 return s->runflags; 645} 646 647static unsigned int comedi_get_subdevice_runflags(struct comedi_subdevice *s) 648{ 649 unsigned long flags; 650 unsigned int runflags; 651 652 spin_lock_irqsave(&s->spin_lock, flags); 653 runflags = __comedi_get_subdevice_runflags(s); 654 spin_unlock_irqrestore(&s->spin_lock, flags); 655 return runflags; 656} 657 658static bool comedi_is_runflags_running(unsigned int runflags) 659{ 660 return runflags & COMEDI_SRF_RUNNING; 661} 662 663static bool comedi_is_runflags_in_error(unsigned int runflags) 664{ 665 return runflags & COMEDI_SRF_ERROR; 666} 667 668/** 669 * comedi_is_subdevice_running() - Check if async command running on subdevice 670 * @s: COMEDI subdevice. 671 * 672 * Return: %true if an asynchronous COMEDI command is active on the 673 * subdevice, else %false. 674 */ 675bool comedi_is_subdevice_running(struct comedi_subdevice *s) 676{ 677 unsigned int runflags = comedi_get_subdevice_runflags(s); 678 679 return comedi_is_runflags_running(runflags); 680} 681EXPORT_SYMBOL_GPL(comedi_is_subdevice_running); 682 683static bool __comedi_is_subdevice_running(struct comedi_subdevice *s) 684{ 685 unsigned int runflags = __comedi_get_subdevice_runflags(s); 686 687 return comedi_is_runflags_running(runflags); 688} 689 690bool comedi_can_auto_free_spriv(struct comedi_subdevice *s) 691{ 692 unsigned int runflags = __comedi_get_subdevice_runflags(s); 693 694 return runflags & COMEDI_SRF_FREE_SPRIV; 695} 696 697/** 698 * comedi_set_spriv_auto_free() - Mark subdevice private data as freeable 699 * @s: COMEDI subdevice. 700 * 701 * Mark the subdevice as having a pointer to private data that can be 702 * automatically freed when the COMEDI device is detached from the low-level 703 * driver. 704 */ 705void comedi_set_spriv_auto_free(struct comedi_subdevice *s) 706{ 707 __comedi_set_subdevice_runflags(s, COMEDI_SRF_FREE_SPRIV); 708} 709EXPORT_SYMBOL_GPL(comedi_set_spriv_auto_free); 710 711/** 712 * comedi_alloc_spriv - Allocate memory for the subdevice private data 713 * @s: COMEDI subdevice. 714 * @size: Size of the memory to allocate. 715 * 716 * Allocate memory for the subdevice private data and point @s->private 717 * to it. The memory will be freed automatically when the COMEDI device 718 * is detached from the low-level driver. 719 * 720 * Return: A pointer to the allocated memory @s->private on success. 721 * Return NULL on failure. 722 */ 723void *comedi_alloc_spriv(struct comedi_subdevice *s, size_t size) 724{ 725 s->private = kzalloc(size, GFP_KERNEL); 726 if (s->private) 727 comedi_set_spriv_auto_free(s); 728 return s->private; 729} 730EXPORT_SYMBOL_GPL(comedi_alloc_spriv); 731 732/* 733 * This function restores a subdevice to an idle state. 734 */ 735static void do_become_nonbusy(struct comedi_device *dev, 736 struct comedi_subdevice *s) 737{ 738 struct comedi_async *async = s->async; 739 740 lockdep_assert_held(&dev->mutex); 741 comedi_update_subdevice_runflags(s, COMEDI_SRF_RUNNING, 0); 742 if (async) { 743 comedi_buf_reset(s); 744 async->inttrig = NULL; 745 kfree(async->cmd.chanlist); 746 async->cmd.chanlist = NULL; 747 s->busy = NULL; 748 wake_up_interruptible_all(&async->wait_head); 749 } else { 750 dev_err(dev->class_dev, 751 "BUG: (?) %s called with async=NULL\n", __func__); 752 s->busy = NULL; 753 } 754} 755 756static int do_cancel(struct comedi_device *dev, struct comedi_subdevice *s) 757{ 758 int ret = 0; 759 760 lockdep_assert_held(&dev->mutex); 761 if (comedi_is_subdevice_running(s) && s->cancel) 762 ret = s->cancel(dev, s); 763 764 do_become_nonbusy(dev, s); 765 766 return ret; 767} 768 769void comedi_device_cancel_all(struct comedi_device *dev) 770{ 771 struct comedi_subdevice *s; 772 int i; 773 774 lockdep_assert_held(&dev->mutex); 775 if (!dev->attached) 776 return; 777 778 for (i = 0; i < dev->n_subdevices; i++) { 779 s = &dev->subdevices[i]; 780 if (s->async) 781 do_cancel(dev, s); 782 } 783} 784 785static int is_device_busy(struct comedi_device *dev) 786{ 787 struct comedi_subdevice *s; 788 int i; 789 790 lockdep_assert_held(&dev->mutex); 791 if (!dev->attached) 792 return 0; 793 794 for (i = 0; i < dev->n_subdevices; i++) { 795 s = &dev->subdevices[i]; 796 if (s->busy) 797 return 1; 798 if (s->async && comedi_buf_is_mmapped(s)) 799 return 1; 800 } 801 802 return 0; 803} 804 805/* 806 * COMEDI_DEVCONFIG ioctl 807 * attaches (and configures) or detaches a legacy device 808 * 809 * arg: 810 * pointer to comedi_devconfig structure (NULL if detaching) 811 * 812 * reads: 813 * comedi_devconfig structure (if attaching) 814 * 815 * writes: 816 * nothing 817 */ 818static int do_devconfig_ioctl(struct comedi_device *dev, 819 struct comedi_devconfig __user *arg) 820{ 821 struct comedi_devconfig it; 822 823 lockdep_assert_held(&dev->mutex); 824 if (!capable(CAP_SYS_ADMIN)) 825 return -EPERM; 826 827 if (!arg) { 828 if (is_device_busy(dev)) 829 return -EBUSY; 830 if (dev->attached) { 831 struct module *driver_module = dev->driver->module; 832 833 comedi_device_detach(dev); 834 module_put(driver_module); 835 } 836 return 0; 837 } 838 839 if (copy_from_user(&it, arg, sizeof(it))) 840 return -EFAULT; 841 842 it.board_name[COMEDI_NAMELEN - 1] = 0; 843 844 if (it.options[COMEDI_DEVCONF_AUX_DATA_LENGTH]) { 845 dev_warn(dev->class_dev, 846 "comedi_config --init_data is deprecated\n"); 847 return -EINVAL; 848 } 849 850 if (dev->minor >= comedi_num_legacy_minors) 851 /* don't re-use dynamically allocated comedi devices */ 852 return -EBUSY; 853 854 /* This increments the driver module count on success. */ 855 return comedi_device_attach(dev, &it); 856} 857 858/* 859 * COMEDI_BUFCONFIG ioctl 860 * buffer configuration 861 * 862 * arg: 863 * pointer to comedi_bufconfig structure 864 * 865 * reads: 866 * comedi_bufconfig structure 867 * 868 * writes: 869 * modified comedi_bufconfig structure 870 */ 871static int do_bufconfig_ioctl(struct comedi_device *dev, 872 struct comedi_bufconfig __user *arg) 873{ 874 struct comedi_bufconfig bc; 875 struct comedi_async *async; 876 struct comedi_subdevice *s; 877 int retval = 0; 878 879 lockdep_assert_held(&dev->mutex); 880 if (copy_from_user(&bc, arg, sizeof(bc))) 881 return -EFAULT; 882 883 if (bc.subdevice >= dev->n_subdevices) 884 return -EINVAL; 885 886 s = &dev->subdevices[bc.subdevice]; 887 async = s->async; 888 889 if (!async) { 890 dev_dbg(dev->class_dev, 891 "subdevice does not have async capability\n"); 892 bc.size = 0; 893 bc.maximum_size = 0; 894 goto copyback; 895 } 896 897 if (bc.maximum_size) { 898 if (!capable(CAP_SYS_ADMIN)) 899 return -EPERM; 900 901 async->max_bufsize = bc.maximum_size; 902 } 903 904 if (bc.size) { 905 retval = resize_async_buffer(dev, s, bc.size); 906 if (retval < 0) 907 return retval; 908 } 909 910 bc.size = async->prealloc_bufsz; 911 bc.maximum_size = async->max_bufsize; 912 913copyback: 914 if (copy_to_user(arg, &bc, sizeof(bc))) 915 return -EFAULT; 916 917 return 0; 918} 919 920/* 921 * COMEDI_DEVINFO ioctl 922 * device info 923 * 924 * arg: 925 * pointer to comedi_devinfo structure 926 * 927 * reads: 928 * nothing 929 * 930 * writes: 931 * comedi_devinfo structure 932 */ 933static int do_devinfo_ioctl(struct comedi_device *dev, 934 struct comedi_devinfo __user *arg, 935 struct file *file) 936{ 937 struct comedi_subdevice *s; 938 struct comedi_devinfo devinfo; 939 940 lockdep_assert_held(&dev->mutex); 941 memset(&devinfo, 0, sizeof(devinfo)); 942 943 /* fill devinfo structure */ 944 devinfo.version_code = COMEDI_VERSION_CODE; 945 devinfo.n_subdevs = dev->n_subdevices; 946 strscpy(devinfo.driver_name, dev->driver->driver_name, COMEDI_NAMELEN); 947 strscpy(devinfo.board_name, dev->board_name, COMEDI_NAMELEN); 948 949 s = comedi_file_read_subdevice(file); 950 if (s) 951 devinfo.read_subdevice = s->index; 952 else 953 devinfo.read_subdevice = -1; 954 955 s = comedi_file_write_subdevice(file); 956 if (s) 957 devinfo.write_subdevice = s->index; 958 else 959 devinfo.write_subdevice = -1; 960 961 if (copy_to_user(arg, &devinfo, sizeof(devinfo))) 962 return -EFAULT; 963 964 return 0; 965} 966 967/* 968 * COMEDI_SUBDINFO ioctl 969 * subdevices info 970 * 971 * arg: 972 * pointer to array of comedi_subdinfo structures 973 * 974 * reads: 975 * nothing 976 * 977 * writes: 978 * array of comedi_subdinfo structures 979 */ 980static int do_subdinfo_ioctl(struct comedi_device *dev, 981 struct comedi_subdinfo __user *arg, void *file) 982{ 983 int ret, i; 984 struct comedi_subdinfo *tmp, *us; 985 struct comedi_subdevice *s; 986 987 lockdep_assert_held(&dev->mutex); 988 tmp = kcalloc(dev->n_subdevices, sizeof(*tmp), GFP_KERNEL); 989 if (!tmp) 990 return -ENOMEM; 991 992 /* fill subdinfo structs */ 993 for (i = 0; i < dev->n_subdevices; i++) { 994 s = &dev->subdevices[i]; 995 us = tmp + i; 996 997 us->type = s->type; 998 us->n_chan = s->n_chan; 999 us->subd_flags = s->subdev_flags; 1000 if (comedi_is_subdevice_running(s)) 1001 us->subd_flags |= SDF_RUNNING; 1002#define TIMER_nanosec 5 /* backwards compatibility */ 1003 us->timer_type = TIMER_nanosec; 1004 us->len_chanlist = s->len_chanlist; 1005 us->maxdata = s->maxdata; 1006 if (s->range_table) { 1007 us->range_type = 1008 (i << 24) | (0 << 16) | (s->range_table->length); 1009 } else { 1010 us->range_type = 0; /* XXX */ 1011 } 1012 1013 if (s->busy) 1014 us->subd_flags |= SDF_BUSY; 1015 if (s->busy == file) 1016 us->subd_flags |= SDF_BUSY_OWNER; 1017 if (s->lock) 1018 us->subd_flags |= SDF_LOCKED; 1019 if (s->lock == file) 1020 us->subd_flags |= SDF_LOCK_OWNER; 1021 if (!s->maxdata && s->maxdata_list) 1022 us->subd_flags |= SDF_MAXDATA; 1023 if (s->range_table_list) 1024 us->subd_flags |= SDF_RANGETYPE; 1025 if (s->do_cmd) 1026 us->subd_flags |= SDF_CMD; 1027 1028 if (s->insn_bits != &insn_inval) 1029 us->insn_bits_support = COMEDI_SUPPORTED; 1030 else 1031 us->insn_bits_support = COMEDI_UNSUPPORTED; 1032 } 1033 1034 ret = copy_to_user(arg, tmp, dev->n_subdevices * sizeof(*tmp)); 1035 1036 kfree(tmp); 1037 1038 return ret ? -EFAULT : 0; 1039} 1040 1041/* 1042 * COMEDI_CHANINFO ioctl 1043 * subdevice channel info 1044 * 1045 * arg: 1046 * pointer to comedi_chaninfo structure 1047 * 1048 * reads: 1049 * comedi_chaninfo structure 1050 * 1051 * writes: 1052 * array of maxdata values to chaninfo->maxdata_list if requested 1053 * array of range table lengths to chaninfo->range_table_list if requested 1054 */ 1055static int do_chaninfo_ioctl(struct comedi_device *dev, 1056 struct comedi_chaninfo *it) 1057{ 1058 struct comedi_subdevice *s; 1059 1060 lockdep_assert_held(&dev->mutex); 1061 1062 if (it->subdev >= dev->n_subdevices) 1063 return -EINVAL; 1064 s = &dev->subdevices[it->subdev]; 1065 1066 if (it->maxdata_list) { 1067 if (s->maxdata || !s->maxdata_list) 1068 return -EINVAL; 1069 if (copy_to_user(it->maxdata_list, s->maxdata_list, 1070 s->n_chan * sizeof(unsigned int))) 1071 return -EFAULT; 1072 } 1073 1074 if (it->flaglist) 1075 return -EINVAL; /* flaglist not supported */ 1076 1077 if (it->rangelist) { 1078 int i; 1079 1080 if (!s->range_table_list) 1081 return -EINVAL; 1082 for (i = 0; i < s->n_chan; i++) { 1083 int x; 1084 1085 x = (dev->minor << 28) | (it->subdev << 24) | (i << 16) | 1086 (s->range_table_list[i]->length); 1087 if (put_user(x, it->rangelist + i)) 1088 return -EFAULT; 1089 } 1090 } 1091 1092 return 0; 1093} 1094 1095/* 1096 * COMEDI_BUFINFO ioctl 1097 * buffer information 1098 * 1099 * arg: 1100 * pointer to comedi_bufinfo structure 1101 * 1102 * reads: 1103 * comedi_bufinfo structure 1104 * 1105 * writes: 1106 * modified comedi_bufinfo structure 1107 */ 1108static int do_bufinfo_ioctl(struct comedi_device *dev, 1109 struct comedi_bufinfo __user *arg, void *file) 1110{ 1111 struct comedi_bufinfo bi; 1112 struct comedi_subdevice *s; 1113 struct comedi_async *async; 1114 unsigned int runflags; 1115 int retval = 0; 1116 bool become_nonbusy = false; 1117 1118 lockdep_assert_held(&dev->mutex); 1119 if (copy_from_user(&bi, arg, sizeof(bi))) 1120 return -EFAULT; 1121 1122 if (bi.subdevice >= dev->n_subdevices) 1123 return -EINVAL; 1124 1125 s = &dev->subdevices[bi.subdevice]; 1126 1127 async = s->async; 1128 1129 if (!async || s->busy != file) 1130 return -EINVAL; 1131 1132 runflags = comedi_get_subdevice_runflags(s); 1133 if (!(async->cmd.flags & CMDF_WRITE)) { 1134 /* command was set up in "read" direction */ 1135 if (bi.bytes_read) { 1136 comedi_buf_read_alloc(s, bi.bytes_read); 1137 bi.bytes_read = comedi_buf_read_free(s, bi.bytes_read); 1138 } 1139 /* 1140 * If nothing left to read, and command has stopped, and 1141 * {"read" position not updated or command stopped normally}, 1142 * then become non-busy. 1143 */ 1144 if (comedi_buf_read_n_available(s) == 0 && 1145 !comedi_is_runflags_running(runflags) && 1146 (bi.bytes_read == 0 || 1147 !comedi_is_runflags_in_error(runflags))) { 1148 become_nonbusy = true; 1149 if (comedi_is_runflags_in_error(runflags)) 1150 retval = -EPIPE; 1151 } 1152 bi.bytes_written = 0; 1153 } else { 1154 /* command was set up in "write" direction */ 1155 if (!comedi_is_runflags_running(runflags)) { 1156 bi.bytes_written = 0; 1157 become_nonbusy = true; 1158 if (comedi_is_runflags_in_error(runflags)) 1159 retval = -EPIPE; 1160 } else if (bi.bytes_written) { 1161 comedi_buf_write_alloc(s, bi.bytes_written); 1162 bi.bytes_written = 1163 comedi_buf_write_free(s, bi.bytes_written); 1164 } 1165 bi.bytes_read = 0; 1166 } 1167 1168 bi.buf_write_count = async->buf_write_count; 1169 bi.buf_write_ptr = async->buf_write_ptr; 1170 bi.buf_read_count = async->buf_read_count; 1171 bi.buf_read_ptr = async->buf_read_ptr; 1172 1173 if (become_nonbusy) 1174 do_become_nonbusy(dev, s); 1175 1176 if (retval) 1177 return retval; 1178 1179 if (copy_to_user(arg, &bi, sizeof(bi))) 1180 return -EFAULT; 1181 1182 return 0; 1183} 1184 1185static int check_insn_config_length(struct comedi_insn *insn, 1186 unsigned int *data) 1187{ 1188 if (insn->n < 1) 1189 return -EINVAL; 1190 1191 switch (data[0]) { 1192 case INSN_CONFIG_DIO_OUTPUT: 1193 case INSN_CONFIG_DIO_INPUT: 1194 case INSN_CONFIG_DISARM: 1195 case INSN_CONFIG_RESET: 1196 if (insn->n == 1) 1197 return 0; 1198 break; 1199 case INSN_CONFIG_ARM: 1200 case INSN_CONFIG_DIO_QUERY: 1201 case INSN_CONFIG_BLOCK_SIZE: 1202 case INSN_CONFIG_FILTER: 1203 case INSN_CONFIG_SERIAL_CLOCK: 1204 case INSN_CONFIG_BIDIRECTIONAL_DATA: 1205 case INSN_CONFIG_ALT_SOURCE: 1206 case INSN_CONFIG_SET_COUNTER_MODE: 1207 case INSN_CONFIG_8254_READ_STATUS: 1208 case INSN_CONFIG_SET_ROUTING: 1209 case INSN_CONFIG_GET_ROUTING: 1210 case INSN_CONFIG_GET_PWM_STATUS: 1211 case INSN_CONFIG_PWM_SET_PERIOD: 1212 case INSN_CONFIG_PWM_GET_PERIOD: 1213 if (insn->n == 2) 1214 return 0; 1215 break; 1216 case INSN_CONFIG_SET_GATE_SRC: 1217 case INSN_CONFIG_GET_GATE_SRC: 1218 case INSN_CONFIG_SET_CLOCK_SRC: 1219 case INSN_CONFIG_GET_CLOCK_SRC: 1220 case INSN_CONFIG_SET_OTHER_SRC: 1221 case INSN_CONFIG_GET_COUNTER_STATUS: 1222 case INSN_CONFIG_GET_PWM_OUTPUT: 1223 case INSN_CONFIG_PWM_SET_H_BRIDGE: 1224 case INSN_CONFIG_PWM_GET_H_BRIDGE: 1225 case INSN_CONFIG_GET_HARDWARE_BUFFER_SIZE: 1226 if (insn->n == 3) 1227 return 0; 1228 break; 1229 case INSN_CONFIG_PWM_OUTPUT: 1230 case INSN_CONFIG_ANALOG_TRIG: 1231 case INSN_CONFIG_TIMER_1: 1232 if (insn->n == 5) 1233 return 0; 1234 break; 1235 case INSN_CONFIG_DIGITAL_TRIG: 1236 if (insn->n == 6) 1237 return 0; 1238 break; 1239 case INSN_CONFIG_GET_CMD_TIMING_CONSTRAINTS: 1240 if (insn->n >= 4) 1241 return 0; 1242 break; 1243 /* 1244 * by default we allow the insn since we don't have checks for 1245 * all possible cases yet 1246 */ 1247 default: 1248 pr_warn("No check for data length of config insn id %i is implemented\n", 1249 data[0]); 1250 pr_warn("Add a check to %s in %s\n", __func__, __FILE__); 1251 pr_warn("Assuming n=%i is correct\n", insn->n); 1252 return 0; 1253 } 1254 return -EINVAL; 1255} 1256 1257static int check_insn_device_config_length(struct comedi_insn *insn, 1258 unsigned int *data) 1259{ 1260 if (insn->n < 1) 1261 return -EINVAL; 1262 1263 switch (data[0]) { 1264 case INSN_DEVICE_CONFIG_TEST_ROUTE: 1265 case INSN_DEVICE_CONFIG_CONNECT_ROUTE: 1266 case INSN_DEVICE_CONFIG_DISCONNECT_ROUTE: 1267 if (insn->n == 3) 1268 return 0; 1269 break; 1270 case INSN_DEVICE_CONFIG_GET_ROUTES: 1271 /* 1272 * Big enough for config_id and the length of the userland 1273 * memory buffer. Additional length should be in factors of 2 1274 * to communicate any returned route pairs (source,destination). 1275 */ 1276 if (insn->n >= 2) 1277 return 0; 1278 break; 1279 } 1280 return -EINVAL; 1281} 1282 1283/** 1284 * get_valid_routes() - Calls low-level driver get_valid_routes function to 1285 * either return a count of valid routes to user, or copy 1286 * of list of all valid device routes to buffer in 1287 * userspace. 1288 * @dev: comedi device pointer 1289 * @data: data from user insn call. The length of the data must be >= 2. 1290 * data[0] must contain the INSN_DEVICE_CONFIG config_id. 1291 * data[1](input) contains the number of _pairs_ for which memory is 1292 * allotted from the user. If the user specifies '0', then only 1293 * the number of pairs available is returned. 1294 * data[1](output) returns either the number of pairs available (if none 1295 * where requested) or the number of _pairs_ that are copied back 1296 * to the user. 1297 * data[2::2] returns each (source, destination) pair. 1298 * 1299 * Return: -EINVAL if low-level driver does not allocate and return routes as 1300 * expected. Returns 0 otherwise. 1301 */ 1302static int get_valid_routes(struct comedi_device *dev, unsigned int *data) 1303{ 1304 lockdep_assert_held(&dev->mutex); 1305 data[1] = dev->get_valid_routes(dev, data[1], data + 2); 1306 return 0; 1307} 1308 1309static int parse_insn(struct comedi_device *dev, struct comedi_insn *insn, 1310 unsigned int *data, void *file) 1311{ 1312 struct comedi_subdevice *s; 1313 int ret = 0; 1314 int i; 1315 1316 lockdep_assert_held(&dev->mutex); 1317 if (insn->insn & INSN_MASK_SPECIAL) { 1318 /* a non-subdevice instruction */ 1319 1320 switch (insn->insn) { 1321 case INSN_GTOD: 1322 { 1323 struct timespec64 tv; 1324 1325 if (insn->n != 2) { 1326 ret = -EINVAL; 1327 break; 1328 } 1329 1330 ktime_get_real_ts64(&tv); 1331 /* unsigned data safe until 2106 */ 1332 data[0] = (unsigned int)tv.tv_sec; 1333 data[1] = tv.tv_nsec / NSEC_PER_USEC; 1334 ret = 2; 1335 1336 break; 1337 } 1338 case INSN_WAIT: 1339 if (insn->n != 1 || data[0] >= 100000) { 1340 ret = -EINVAL; 1341 break; 1342 } 1343 udelay(data[0] / 1000); 1344 ret = 1; 1345 break; 1346 case INSN_INTTRIG: 1347 if (insn->n != 1) { 1348 ret = -EINVAL; 1349 break; 1350 } 1351 if (insn->subdev >= dev->n_subdevices) { 1352 dev_dbg(dev->class_dev, 1353 "%d not usable subdevice\n", 1354 insn->subdev); 1355 ret = -EINVAL; 1356 break; 1357 } 1358 s = &dev->subdevices[insn->subdev]; 1359 if (!s->async) { 1360 dev_dbg(dev->class_dev, "no async\n"); 1361 ret = -EINVAL; 1362 break; 1363 } 1364 if (!s->async->inttrig) { 1365 dev_dbg(dev->class_dev, "no inttrig\n"); 1366 ret = -EAGAIN; 1367 break; 1368 } 1369 ret = s->async->inttrig(dev, s, data[0]); 1370 if (ret >= 0) 1371 ret = 1; 1372 break; 1373 case INSN_DEVICE_CONFIG: 1374 ret = check_insn_device_config_length(insn, data); 1375 if (ret) 1376 break; 1377 1378 if (data[0] == INSN_DEVICE_CONFIG_GET_ROUTES) { 1379 /* 1380 * data[1] should be the number of _pairs_ that 1381 * the memory can hold. 1382 */ 1383 data[1] = (insn->n - 2) / 2; 1384 ret = get_valid_routes(dev, data); 1385 break; 1386 } 1387 1388 /* other global device config instructions. */ 1389 ret = dev->insn_device_config(dev, insn, data); 1390 break; 1391 default: 1392 dev_dbg(dev->class_dev, "invalid insn\n"); 1393 ret = -EINVAL; 1394 break; 1395 } 1396 } else { 1397 /* a subdevice instruction */ 1398 unsigned int maxdata; 1399 1400 if (insn->subdev >= dev->n_subdevices) { 1401 dev_dbg(dev->class_dev, "subdevice %d out of range\n", 1402 insn->subdev); 1403 ret = -EINVAL; 1404 goto out; 1405 } 1406 s = &dev->subdevices[insn->subdev]; 1407 1408 if (s->type == COMEDI_SUBD_UNUSED) { 1409 dev_dbg(dev->class_dev, "%d not usable subdevice\n", 1410 insn->subdev); 1411 ret = -EIO; 1412 goto out; 1413 } 1414 1415 /* are we locked? (ioctl lock) */ 1416 if (s->lock && s->lock != file) { 1417 dev_dbg(dev->class_dev, "device locked\n"); 1418 ret = -EACCES; 1419 goto out; 1420 } 1421 1422 ret = comedi_check_chanlist(s, 1, &insn->chanspec); 1423 if (ret < 0) { 1424 ret = -EINVAL; 1425 dev_dbg(dev->class_dev, "bad chanspec\n"); 1426 goto out; 1427 } 1428 1429 if (s->busy) { 1430 ret = -EBUSY; 1431 goto out; 1432 } 1433 /* This looks arbitrary. It is. */ 1434 s->busy = parse_insn; 1435 switch (insn->insn) { 1436 case INSN_READ: 1437 ret = s->insn_read(dev, s, insn, data); 1438 if (ret == -ETIMEDOUT) { 1439 dev_dbg(dev->class_dev, 1440 "subdevice %d read instruction timed out\n", 1441 s->index); 1442 } 1443 break; 1444 case INSN_WRITE: 1445 maxdata = s->maxdata_list 1446 ? s->maxdata_list[CR_CHAN(insn->chanspec)] 1447 : s->maxdata; 1448 for (i = 0; i < insn->n; ++i) { 1449 if (data[i] > maxdata) { 1450 ret = -EINVAL; 1451 dev_dbg(dev->class_dev, 1452 "bad data value(s)\n"); 1453 break; 1454 } 1455 } 1456 if (ret == 0) { 1457 ret = s->insn_write(dev, s, insn, data); 1458 if (ret == -ETIMEDOUT) { 1459 dev_dbg(dev->class_dev, 1460 "subdevice %d write instruction timed out\n", 1461 s->index); 1462 } 1463 } 1464 break; 1465 case INSN_BITS: 1466 if (insn->n != 2) { 1467 ret = -EINVAL; 1468 } else { 1469 /* 1470 * Most drivers ignore the base channel in 1471 * insn->chanspec. Fix this here if 1472 * the subdevice has <= 32 channels. 1473 */ 1474 unsigned int orig_mask = data[0]; 1475 unsigned int shift = 0; 1476 1477 if (s->n_chan <= 32) { 1478 shift = CR_CHAN(insn->chanspec); 1479 if (shift > 0) { 1480 insn->chanspec = 0; 1481 data[0] <<= shift; 1482 data[1] <<= shift; 1483 } 1484 } 1485 ret = s->insn_bits(dev, s, insn, data); 1486 data[0] = orig_mask; 1487 if (shift > 0) 1488 data[1] >>= shift; 1489 } 1490 break; 1491 case INSN_CONFIG: 1492 ret = check_insn_config_length(insn, data); 1493 if (ret) 1494 break; 1495 ret = s->insn_config(dev, s, insn, data); 1496 break; 1497 default: 1498 ret = -EINVAL; 1499 break; 1500 } 1501 1502 s->busy = NULL; 1503 } 1504 1505out: 1506 return ret; 1507} 1508 1509/* 1510 * COMEDI_INSNLIST ioctl 1511 * synchronous instruction list 1512 * 1513 * arg: 1514 * pointer to comedi_insnlist structure 1515 * 1516 * reads: 1517 * comedi_insnlist structure 1518 * array of comedi_insn structures from insnlist->insns pointer 1519 * data (for writes) from insns[].data pointers 1520 * 1521 * writes: 1522 * data (for reads) to insns[].data pointers 1523 */ 1524/* arbitrary limits */ 1525#define MIN_SAMPLES 16 1526#define MAX_SAMPLES 65536 1527static int do_insnlist_ioctl(struct comedi_device *dev, 1528 struct comedi_insn *insns, 1529 unsigned int n_insns, 1530 void *file) 1531{ 1532 unsigned int *data = NULL; 1533 unsigned int max_n_data_required = MIN_SAMPLES; 1534 int i = 0; 1535 int ret = 0; 1536 1537 lockdep_assert_held(&dev->mutex); 1538 1539 /* Determine maximum memory needed for all instructions. */ 1540 for (i = 0; i < n_insns; ++i) { 1541 if (insns[i].n > MAX_SAMPLES) { 1542 dev_dbg(dev->class_dev, 1543 "number of samples too large\n"); 1544 ret = -EINVAL; 1545 goto error; 1546 } 1547 max_n_data_required = max(max_n_data_required, insns[i].n); 1548 } 1549 1550 /* Allocate scratch space for all instruction data. */ 1551 data = kmalloc_array(max_n_data_required, sizeof(unsigned int), 1552 GFP_KERNEL); 1553 if (!data) { 1554 ret = -ENOMEM; 1555 goto error; 1556 } 1557 1558 for (i = 0; i < n_insns; ++i) { 1559 if (insns[i].insn & INSN_MASK_WRITE) { 1560 if (copy_from_user(data, insns[i].data, 1561 insns[i].n * sizeof(unsigned int))) { 1562 dev_dbg(dev->class_dev, 1563 "copy_from_user failed\n"); 1564 ret = -EFAULT; 1565 goto error; 1566 } 1567 } 1568 ret = parse_insn(dev, insns + i, data, file); 1569 if (ret < 0) 1570 goto error; 1571 if (insns[i].insn & INSN_MASK_READ) { 1572 if (copy_to_user(insns[i].data, data, 1573 insns[i].n * sizeof(unsigned int))) { 1574 dev_dbg(dev->class_dev, 1575 "copy_to_user failed\n"); 1576 ret = -EFAULT; 1577 goto error; 1578 } 1579 } 1580 if (need_resched()) 1581 schedule(); 1582 } 1583 1584error: 1585 kfree(data); 1586 1587 if (ret < 0) 1588 return ret; 1589 return i; 1590} 1591 1592/* 1593 * COMEDI_INSN ioctl 1594 * synchronous instruction 1595 * 1596 * arg: 1597 * pointer to comedi_insn structure 1598 * 1599 * reads: 1600 * comedi_insn structure 1601 * data (for writes) from insn->data pointer 1602 * 1603 * writes: 1604 * data (for reads) to insn->data pointer 1605 */ 1606static int do_insn_ioctl(struct comedi_device *dev, 1607 struct comedi_insn *insn, void *file) 1608{ 1609 unsigned int *data = NULL; 1610 unsigned int n_data = MIN_SAMPLES; 1611 int ret = 0; 1612 1613 lockdep_assert_held(&dev->mutex); 1614 1615 n_data = max(n_data, insn->n); 1616 1617 /* This is where the behavior of insn and insnlist deviate. */ 1618 if (insn->n > MAX_SAMPLES) { 1619 insn->n = MAX_SAMPLES; 1620 n_data = MAX_SAMPLES; 1621 } 1622 1623 data = kmalloc_array(n_data, sizeof(unsigned int), GFP_KERNEL); 1624 if (!data) { 1625 ret = -ENOMEM; 1626 goto error; 1627 } 1628 1629 if (insn->insn & INSN_MASK_WRITE) { 1630 if (copy_from_user(data, 1631 insn->data, 1632 insn->n * sizeof(unsigned int))) { 1633 ret = -EFAULT; 1634 goto error; 1635 } 1636 } 1637 ret = parse_insn(dev, insn, data, file); 1638 if (ret < 0) 1639 goto error; 1640 if (insn->insn & INSN_MASK_READ) { 1641 if (copy_to_user(insn->data, 1642 data, 1643 insn->n * sizeof(unsigned int))) { 1644 ret = -EFAULT; 1645 goto error; 1646 } 1647 } 1648 ret = insn->n; 1649 1650error: 1651 kfree(data); 1652 1653 return ret; 1654} 1655 1656static int __comedi_get_user_cmd(struct comedi_device *dev, 1657 struct comedi_cmd *cmd) 1658{ 1659 struct comedi_subdevice *s; 1660 1661 lockdep_assert_held(&dev->mutex); 1662 if (cmd->subdev >= dev->n_subdevices) { 1663 dev_dbg(dev->class_dev, "%d no such subdevice\n", cmd->subdev); 1664 return -ENODEV; 1665 } 1666 1667 s = &dev->subdevices[cmd->subdev]; 1668 1669 if (s->type == COMEDI_SUBD_UNUSED) { 1670 dev_dbg(dev->class_dev, "%d not valid subdevice\n", 1671 cmd->subdev); 1672 return -EIO; 1673 } 1674 1675 if (!s->do_cmd || !s->do_cmdtest || !s->async) { 1676 dev_dbg(dev->class_dev, 1677 "subdevice %d does not support commands\n", 1678 cmd->subdev); 1679 return -EIO; 1680 } 1681 1682 /* make sure channel/gain list isn't too long */ 1683 if (cmd->chanlist_len > s->len_chanlist) { 1684 dev_dbg(dev->class_dev, "channel/gain list too long %d > %d\n", 1685 cmd->chanlist_len, s->len_chanlist); 1686 return -EINVAL; 1687 } 1688 1689 /* 1690 * Set the CMDF_WRITE flag to the correct state if the subdevice 1691 * supports only "read" commands or only "write" commands. 1692 */ 1693 switch (s->subdev_flags & (SDF_CMD_READ | SDF_CMD_WRITE)) { 1694 case SDF_CMD_READ: 1695 cmd->flags &= ~CMDF_WRITE; 1696 break; 1697 case SDF_CMD_WRITE: 1698 cmd->flags |= CMDF_WRITE; 1699 break; 1700 default: 1701 break; 1702 } 1703 1704 return 0; 1705} 1706 1707static int __comedi_get_user_chanlist(struct comedi_device *dev, 1708 struct comedi_subdevice *s, 1709 unsigned int __user *user_chanlist, 1710 struct comedi_cmd *cmd) 1711{ 1712 unsigned int *chanlist; 1713 int ret; 1714 1715 lockdep_assert_held(&dev->mutex); 1716 cmd->chanlist = NULL; 1717 chanlist = memdup_array_user(user_chanlist, 1718 cmd->chanlist_len, sizeof(unsigned int)); 1719 if (IS_ERR(chanlist)) 1720 return PTR_ERR(chanlist); 1721 1722 /* make sure each element in channel/gain list is valid */ 1723 ret = comedi_check_chanlist(s, cmd->chanlist_len, chanlist); 1724 if (ret < 0) { 1725 kfree(chanlist); 1726 return ret; 1727 } 1728 1729 cmd->chanlist = chanlist; 1730 1731 return 0; 1732} 1733 1734/* 1735 * COMEDI_CMD ioctl 1736 * asynchronous acquisition command set-up 1737 * 1738 * arg: 1739 * pointer to comedi_cmd structure 1740 * 1741 * reads: 1742 * comedi_cmd structure 1743 * channel/range list from cmd->chanlist pointer 1744 * 1745 * writes: 1746 * possibly modified comedi_cmd structure (when -EAGAIN returned) 1747 */ 1748static int do_cmd_ioctl(struct comedi_device *dev, 1749 struct comedi_cmd *cmd, bool *copy, void *file) 1750{ 1751 struct comedi_subdevice *s; 1752 struct comedi_async *async; 1753 unsigned int __user *user_chanlist; 1754 int ret; 1755 1756 lockdep_assert_held(&dev->mutex); 1757 1758 /* do some simple cmd validation */ 1759 ret = __comedi_get_user_cmd(dev, cmd); 1760 if (ret) 1761 return ret; 1762 1763 /* save user's chanlist pointer so it can be restored later */ 1764 user_chanlist = (unsigned int __user *)cmd->chanlist; 1765 1766 s = &dev->subdevices[cmd->subdev]; 1767 async = s->async; 1768 1769 /* are we locked? (ioctl lock) */ 1770 if (s->lock && s->lock != file) { 1771 dev_dbg(dev->class_dev, "subdevice locked\n"); 1772 return -EACCES; 1773 } 1774 1775 /* are we busy? */ 1776 if (s->busy) { 1777 dev_dbg(dev->class_dev, "subdevice busy\n"); 1778 return -EBUSY; 1779 } 1780 1781 /* make sure channel/gain list isn't too short */ 1782 if (cmd->chanlist_len < 1) { 1783 dev_dbg(dev->class_dev, "channel/gain list too short %u < 1\n", 1784 cmd->chanlist_len); 1785 return -EINVAL; 1786 } 1787 1788 async->cmd = *cmd; 1789 async->cmd.data = NULL; 1790 1791 /* load channel/gain list */ 1792 ret = __comedi_get_user_chanlist(dev, s, user_chanlist, &async->cmd); 1793 if (ret) 1794 goto cleanup; 1795 1796 ret = s->do_cmdtest(dev, s, &async->cmd); 1797 1798 if (async->cmd.flags & CMDF_BOGUS || ret) { 1799 dev_dbg(dev->class_dev, "test returned %d\n", ret); 1800 *cmd = async->cmd; 1801 /* restore chanlist pointer before copying back */ 1802 cmd->chanlist = (unsigned int __force *)user_chanlist; 1803 cmd->data = NULL; 1804 *copy = true; 1805 ret = -EAGAIN; 1806 goto cleanup; 1807 } 1808 1809 if (!async->prealloc_bufsz) { 1810 ret = -ENOMEM; 1811 dev_dbg(dev->class_dev, "no buffer (?)\n"); 1812 goto cleanup; 1813 } 1814 1815 comedi_buf_reset(s); 1816 1817 async->cb_mask = COMEDI_CB_BLOCK | COMEDI_CB_CANCEL_MASK; 1818 if (async->cmd.flags & CMDF_WAKE_EOS) 1819 async->cb_mask |= COMEDI_CB_EOS; 1820 1821 comedi_update_subdevice_runflags(s, COMEDI_SRF_BUSY_MASK, 1822 COMEDI_SRF_RUNNING); 1823 1824 /* 1825 * Set s->busy _after_ setting COMEDI_SRF_RUNNING flag to avoid 1826 * race with comedi_read() or comedi_write(). 1827 */ 1828 s->busy = file; 1829 ret = s->do_cmd(dev, s); 1830 if (ret == 0) 1831 return 0; 1832 1833cleanup: 1834 do_become_nonbusy(dev, s); 1835 1836 return ret; 1837} 1838 1839/* 1840 * COMEDI_CMDTEST ioctl 1841 * asynchronous acquisition command testing 1842 * 1843 * arg: 1844 * pointer to comedi_cmd structure 1845 * 1846 * reads: 1847 * comedi_cmd structure 1848 * channel/range list from cmd->chanlist pointer 1849 * 1850 * writes: 1851 * possibly modified comedi_cmd structure 1852 */ 1853static int do_cmdtest_ioctl(struct comedi_device *dev, 1854 struct comedi_cmd *cmd, bool *copy, void *file) 1855{ 1856 struct comedi_subdevice *s; 1857 unsigned int __user *user_chanlist; 1858 int ret; 1859 1860 lockdep_assert_held(&dev->mutex); 1861 1862 /* do some simple cmd validation */ 1863 ret = __comedi_get_user_cmd(dev, cmd); 1864 if (ret) 1865 return ret; 1866 1867 /* save user's chanlist pointer so it can be restored later */ 1868 user_chanlist = (unsigned int __user *)cmd->chanlist; 1869 1870 s = &dev->subdevices[cmd->subdev]; 1871 1872 /* user_chanlist can be NULL for COMEDI_CMDTEST ioctl */ 1873 if (user_chanlist) { 1874 /* load channel/gain list */ 1875 ret = __comedi_get_user_chanlist(dev, s, user_chanlist, cmd); 1876 if (ret) 1877 return ret; 1878 } 1879 1880 ret = s->do_cmdtest(dev, s, cmd); 1881 1882 kfree(cmd->chanlist); /* free kernel copy of user chanlist */ 1883 1884 /* restore chanlist pointer before copying back */ 1885 cmd->chanlist = (unsigned int __force *)user_chanlist; 1886 *copy = true; 1887 1888 return ret; 1889} 1890 1891/* 1892 * COMEDI_LOCK ioctl 1893 * lock subdevice 1894 * 1895 * arg: 1896 * subdevice number 1897 * 1898 * reads: 1899 * nothing 1900 * 1901 * writes: 1902 * nothing 1903 */ 1904static int do_lock_ioctl(struct comedi_device *dev, unsigned long arg, 1905 void *file) 1906{ 1907 int ret = 0; 1908 unsigned long flags; 1909 struct comedi_subdevice *s; 1910 1911 lockdep_assert_held(&dev->mutex); 1912 if (arg >= dev->n_subdevices) 1913 return -EINVAL; 1914 s = &dev->subdevices[arg]; 1915 1916 spin_lock_irqsave(&s->spin_lock, flags); 1917 if (s->busy || s->lock) 1918 ret = -EBUSY; 1919 else 1920 s->lock = file; 1921 spin_unlock_irqrestore(&s->spin_lock, flags); 1922 1923 return ret; 1924} 1925 1926/* 1927 * COMEDI_UNLOCK ioctl 1928 * unlock subdevice 1929 * 1930 * arg: 1931 * subdevice number 1932 * 1933 * reads: 1934 * nothing 1935 * 1936 * writes: 1937 * nothing 1938 */ 1939static int do_unlock_ioctl(struct comedi_device *dev, unsigned long arg, 1940 void *file) 1941{ 1942 struct comedi_subdevice *s; 1943 1944 lockdep_assert_held(&dev->mutex); 1945 if (arg >= dev->n_subdevices) 1946 return -EINVAL; 1947 s = &dev->subdevices[arg]; 1948 1949 if (s->busy) 1950 return -EBUSY; 1951 1952 if (s->lock && s->lock != file) 1953 return -EACCES; 1954 1955 if (s->lock == file) 1956 s->lock = NULL; 1957 1958 return 0; 1959} 1960 1961/* 1962 * COMEDI_CANCEL ioctl 1963 * cancel asynchronous acquisition 1964 * 1965 * arg: 1966 * subdevice number 1967 * 1968 * reads: 1969 * nothing 1970 * 1971 * writes: 1972 * nothing 1973 */ 1974static int do_cancel_ioctl(struct comedi_device *dev, unsigned long arg, 1975 void *file) 1976{ 1977 struct comedi_subdevice *s; 1978 1979 lockdep_assert_held(&dev->mutex); 1980 if (arg >= dev->n_subdevices) 1981 return -EINVAL; 1982 s = &dev->subdevices[arg]; 1983 if (!s->async) 1984 return -EINVAL; 1985 1986 if (!s->busy) 1987 return 0; 1988 1989 if (s->busy != file) 1990 return -EBUSY; 1991 1992 return do_cancel(dev, s); 1993} 1994 1995/* 1996 * COMEDI_POLL ioctl 1997 * instructs driver to synchronize buffers 1998 * 1999 * arg: 2000 * subdevice number 2001 * 2002 * reads: 2003 * nothing 2004 * 2005 * writes: 2006 * nothing 2007 */ 2008static int do_poll_ioctl(struct comedi_device *dev, unsigned long arg, 2009 void *file) 2010{ 2011 struct comedi_subdevice *s; 2012 2013 lockdep_assert_held(&dev->mutex); 2014 if (arg >= dev->n_subdevices) 2015 return -EINVAL; 2016 s = &dev->subdevices[arg]; 2017 2018 if (!s->busy) 2019 return 0; 2020 2021 if (s->busy != file) 2022 return -EBUSY; 2023 2024 if (s->poll) 2025 return s->poll(dev, s); 2026 2027 return -EINVAL; 2028} 2029 2030/* 2031 * COMEDI_SETRSUBD ioctl 2032 * sets the current "read" subdevice on a per-file basis 2033 * 2034 * arg: 2035 * subdevice number 2036 * 2037 * reads: 2038 * nothing 2039 * 2040 * writes: 2041 * nothing 2042 */ 2043static int do_setrsubd_ioctl(struct comedi_device *dev, unsigned long arg, 2044 struct file *file) 2045{ 2046 struct comedi_file *cfp = file->private_data; 2047 struct comedi_subdevice *s_old, *s_new; 2048 2049 lockdep_assert_held(&dev->mutex); 2050 if (arg >= dev->n_subdevices) 2051 return -EINVAL; 2052 2053 s_new = &dev->subdevices[arg]; 2054 s_old = comedi_file_read_subdevice(file); 2055 if (s_old == s_new) 2056 return 0; /* no change */ 2057 2058 if (!(s_new->subdev_flags & SDF_CMD_READ)) 2059 return -EINVAL; 2060 2061 /* 2062 * Check the file isn't still busy handling a "read" command on the 2063 * old subdevice (if any). 2064 */ 2065 if (s_old && s_old->busy == file && s_old->async && 2066 !(s_old->async->cmd.flags & CMDF_WRITE)) 2067 return -EBUSY; 2068 2069 WRITE_ONCE(cfp->read_subdev, s_new); 2070 return 0; 2071} 2072 2073/* 2074 * COMEDI_SETWSUBD ioctl 2075 * sets the current "write" subdevice on a per-file basis 2076 * 2077 * arg: 2078 * subdevice number 2079 * 2080 * reads: 2081 * nothing 2082 * 2083 * writes: 2084 * nothing 2085 */ 2086static int do_setwsubd_ioctl(struct comedi_device *dev, unsigned long arg, 2087 struct file *file) 2088{ 2089 struct comedi_file *cfp = file->private_data; 2090 struct comedi_subdevice *s_old, *s_new; 2091 2092 lockdep_assert_held(&dev->mutex); 2093 if (arg >= dev->n_subdevices) 2094 return -EINVAL; 2095 2096 s_new = &dev->subdevices[arg]; 2097 s_old = comedi_file_write_subdevice(file); 2098 if (s_old == s_new) 2099 return 0; /* no change */ 2100 2101 if (!(s_new->subdev_flags & SDF_CMD_WRITE)) 2102 return -EINVAL; 2103 2104 /* 2105 * Check the file isn't still busy handling a "write" command on the 2106 * old subdevice (if any). 2107 */ 2108 if (s_old && s_old->busy == file && s_old->async && 2109 (s_old->async->cmd.flags & CMDF_WRITE)) 2110 return -EBUSY; 2111 2112 WRITE_ONCE(cfp->write_subdev, s_new); 2113 return 0; 2114} 2115 2116static long comedi_unlocked_ioctl(struct file *file, unsigned int cmd, 2117 unsigned long arg) 2118{ 2119 unsigned int minor = iminor(file_inode(file)); 2120 struct comedi_file *cfp = file->private_data; 2121 struct comedi_device *dev = cfp->dev; 2122 int rc; 2123 2124 mutex_lock(&dev->mutex); 2125 2126 /* 2127 * Device config is special, because it must work on 2128 * an unconfigured device. 2129 */ 2130 if (cmd == COMEDI_DEVCONFIG) { 2131 if (minor >= COMEDI_NUM_BOARD_MINORS) { 2132 /* Device config not appropriate on non-board minors. */ 2133 rc = -ENOTTY; 2134 goto done; 2135 } 2136 rc = do_devconfig_ioctl(dev, 2137 (struct comedi_devconfig __user *)arg); 2138 if (rc == 0) { 2139 if (arg == 0 && 2140 dev->minor >= comedi_num_legacy_minors) { 2141 /* 2142 * Successfully unconfigured a dynamically 2143 * allocated device. Try and remove it. 2144 */ 2145 if (comedi_clear_board_dev(dev)) { 2146 mutex_unlock(&dev->mutex); 2147 comedi_free_board_dev(dev); 2148 return rc; 2149 } 2150 } 2151 } 2152 goto done; 2153 } 2154 2155 if (!dev->attached) { 2156 dev_dbg(dev->class_dev, "no driver attached\n"); 2157 rc = -ENODEV; 2158 goto done; 2159 } 2160 2161 switch (cmd) { 2162 case COMEDI_BUFCONFIG: 2163 rc = do_bufconfig_ioctl(dev, 2164 (struct comedi_bufconfig __user *)arg); 2165 break; 2166 case COMEDI_DEVINFO: 2167 rc = do_devinfo_ioctl(dev, (struct comedi_devinfo __user *)arg, 2168 file); 2169 break; 2170 case COMEDI_SUBDINFO: 2171 rc = do_subdinfo_ioctl(dev, 2172 (struct comedi_subdinfo __user *)arg, 2173 file); 2174 break; 2175 case COMEDI_CHANINFO: { 2176 struct comedi_chaninfo it; 2177 2178 if (copy_from_user(&it, (void __user *)arg, sizeof(it))) 2179 rc = -EFAULT; 2180 else 2181 rc = do_chaninfo_ioctl(dev, &it); 2182 break; 2183 } 2184 case COMEDI_RANGEINFO: { 2185 struct comedi_rangeinfo it; 2186 2187 if (copy_from_user(&it, (void __user *)arg, sizeof(it))) 2188 rc = -EFAULT; 2189 else 2190 rc = do_rangeinfo_ioctl(dev, &it); 2191 break; 2192 } 2193 case COMEDI_BUFINFO: 2194 rc = do_bufinfo_ioctl(dev, 2195 (struct comedi_bufinfo __user *)arg, 2196 file); 2197 break; 2198 case COMEDI_LOCK: 2199 rc = do_lock_ioctl(dev, arg, file); 2200 break; 2201 case COMEDI_UNLOCK: 2202 rc = do_unlock_ioctl(dev, arg, file); 2203 break; 2204 case COMEDI_CANCEL: 2205 rc = do_cancel_ioctl(dev, arg, file); 2206 break; 2207 case COMEDI_CMD: { 2208 struct comedi_cmd cmd; 2209 bool copy = false; 2210 2211 if (copy_from_user(&cmd, (void __user *)arg, sizeof(cmd))) { 2212 rc = -EFAULT; 2213 break; 2214 } 2215 rc = do_cmd_ioctl(dev, &cmd, ©, file); 2216 if (copy && copy_to_user((void __user *)arg, &cmd, sizeof(cmd))) 2217 rc = -EFAULT; 2218 break; 2219 } 2220 case COMEDI_CMDTEST: { 2221 struct comedi_cmd cmd; 2222 bool copy = false; 2223 2224 if (copy_from_user(&cmd, (void __user *)arg, sizeof(cmd))) { 2225 rc = -EFAULT; 2226 break; 2227 } 2228 rc = do_cmdtest_ioctl(dev, &cmd, ©, file); 2229 if (copy && copy_to_user((void __user *)arg, &cmd, sizeof(cmd))) 2230 rc = -EFAULT; 2231 break; 2232 } 2233 case COMEDI_INSNLIST: { 2234 struct comedi_insnlist insnlist; 2235 struct comedi_insn *insns = NULL; 2236 2237 if (copy_from_user(&insnlist, (void __user *)arg, 2238 sizeof(insnlist))) { 2239 rc = -EFAULT; 2240 break; 2241 } 2242 insns = kcalloc(insnlist.n_insns, sizeof(*insns), GFP_KERNEL); 2243 if (!insns) { 2244 rc = -ENOMEM; 2245 break; 2246 } 2247 if (copy_from_user(insns, insnlist.insns, 2248 sizeof(*insns) * insnlist.n_insns)) { 2249 rc = -EFAULT; 2250 kfree(insns); 2251 break; 2252 } 2253 rc = do_insnlist_ioctl(dev, insns, insnlist.n_insns, file); 2254 kfree(insns); 2255 break; 2256 } 2257 case COMEDI_INSN: { 2258 struct comedi_insn insn; 2259 2260 if (copy_from_user(&insn, (void __user *)arg, sizeof(insn))) 2261 rc = -EFAULT; 2262 else 2263 rc = do_insn_ioctl(dev, &insn, file); 2264 break; 2265 } 2266 case COMEDI_POLL: 2267 rc = do_poll_ioctl(dev, arg, file); 2268 break; 2269 case COMEDI_SETRSUBD: 2270 rc = do_setrsubd_ioctl(dev, arg, file); 2271 break; 2272 case COMEDI_SETWSUBD: 2273 rc = do_setwsubd_ioctl(dev, arg, file); 2274 break; 2275 default: 2276 rc = -ENOTTY; 2277 break; 2278 } 2279 2280done: 2281 mutex_unlock(&dev->mutex); 2282 return rc; 2283} 2284 2285static void comedi_vm_open(struct vm_area_struct *area) 2286{ 2287 struct comedi_buf_map *bm; 2288 2289 bm = area->vm_private_data; 2290 comedi_buf_map_get(bm); 2291} 2292 2293static void comedi_vm_close(struct vm_area_struct *area) 2294{ 2295 struct comedi_buf_map *bm; 2296 2297 bm = area->vm_private_data; 2298 comedi_buf_map_put(bm); 2299} 2300 2301static int comedi_vm_access(struct vm_area_struct *vma, unsigned long addr, 2302 void *buf, int len, int write) 2303{ 2304 struct comedi_buf_map *bm = vma->vm_private_data; 2305 unsigned long offset = 2306 addr - vma->vm_start + (vma->vm_pgoff << PAGE_SHIFT); 2307 2308 if (len < 0) 2309 return -EINVAL; 2310 if (len > vma->vm_end - addr) 2311 len = vma->vm_end - addr; 2312 return comedi_buf_map_access(bm, offset, buf, len, write); 2313} 2314 2315static const struct vm_operations_struct comedi_vm_ops = { 2316 .open = comedi_vm_open, 2317 .close = comedi_vm_close, 2318 .access = comedi_vm_access, 2319}; 2320 2321static int comedi_mmap(struct file *file, struct vm_area_struct *vma) 2322{ 2323 struct comedi_file *cfp = file->private_data; 2324 struct comedi_device *dev = cfp->dev; 2325 struct comedi_subdevice *s; 2326 struct comedi_async *async; 2327 struct comedi_buf_map *bm = NULL; 2328 struct comedi_buf_page *buf; 2329 unsigned long start = vma->vm_start; 2330 unsigned long size; 2331 int n_pages; 2332 int i; 2333 int retval = 0; 2334 2335 /* 2336 * 'trylock' avoids circular dependency with current->mm->mmap_lock 2337 * and down-reading &dev->attach_lock should normally succeed without 2338 * contention unless the device is in the process of being attached 2339 * or detached. 2340 */ 2341 if (!down_read_trylock(&dev->attach_lock)) 2342 return -EAGAIN; 2343 2344 if (!dev->attached) { 2345 dev_dbg(dev->class_dev, "no driver attached\n"); 2346 retval = -ENODEV; 2347 goto done; 2348 } 2349 2350 if (vma->vm_flags & VM_WRITE) 2351 s = comedi_file_write_subdevice(file); 2352 else 2353 s = comedi_file_read_subdevice(file); 2354 if (!s) { 2355 retval = -EINVAL; 2356 goto done; 2357 } 2358 2359 async = s->async; 2360 if (!async) { 2361 retval = -EINVAL; 2362 goto done; 2363 } 2364 2365 if (vma->vm_pgoff != 0) { 2366 dev_dbg(dev->class_dev, "mmap() offset must be 0.\n"); 2367 retval = -EINVAL; 2368 goto done; 2369 } 2370 2371 size = vma->vm_end - vma->vm_start; 2372 if (size > async->prealloc_bufsz) { 2373 retval = -EFAULT; 2374 goto done; 2375 } 2376 if (offset_in_page(size)) { 2377 retval = -EFAULT; 2378 goto done; 2379 } 2380 2381 n_pages = vma_pages(vma); 2382 2383 /* get reference to current buf map (if any) */ 2384 bm = comedi_buf_map_from_subdev_get(s); 2385 if (!bm || n_pages > bm->n_pages) { 2386 retval = -EINVAL; 2387 goto done; 2388 } 2389 if (bm->dma_dir != DMA_NONE) { 2390 /* 2391 * DMA buffer was allocated as a single block. 2392 * Address is in page_list[0]. 2393 */ 2394 buf = &bm->page_list[0]; 2395 retval = dma_mmap_coherent(bm->dma_hw_dev, vma, buf->virt_addr, 2396 buf->dma_addr, n_pages * PAGE_SIZE); 2397 } else { 2398 for (i = 0; i < n_pages; ++i) { 2399 unsigned long pfn; 2400 2401 buf = &bm->page_list[i]; 2402 pfn = page_to_pfn(virt_to_page(buf->virt_addr)); 2403 retval = remap_pfn_range(vma, start, pfn, PAGE_SIZE, 2404 PAGE_SHARED); 2405 if (retval) 2406 break; 2407 2408 start += PAGE_SIZE; 2409 } 2410 } 2411 2412 if (retval == 0) { 2413 vma->vm_ops = &comedi_vm_ops; 2414 vma->vm_private_data = bm; 2415 2416 vma->vm_ops->open(vma); 2417 } 2418 2419done: 2420 up_read(&dev->attach_lock); 2421 comedi_buf_map_put(bm); /* put reference to buf map - okay if NULL */ 2422 return retval; 2423} 2424 2425static __poll_t comedi_poll(struct file *file, poll_table *wait) 2426{ 2427 __poll_t mask = 0; 2428 struct comedi_file *cfp = file->private_data; 2429 struct comedi_device *dev = cfp->dev; 2430 struct comedi_subdevice *s, *s_read; 2431 2432 down_read(&dev->attach_lock); 2433 2434 if (!dev->attached) { 2435 dev_dbg(dev->class_dev, "no driver attached\n"); 2436 goto done; 2437 } 2438 2439 s = comedi_file_read_subdevice(file); 2440 s_read = s; 2441 if (s && s->async) { 2442 poll_wait(file, &s->async->wait_head, wait); 2443 if (s->busy != file || !comedi_is_subdevice_running(s) || 2444 (s->async->cmd.flags & CMDF_WRITE) || 2445 comedi_buf_read_n_available(s) > 0) 2446 mask |= EPOLLIN | EPOLLRDNORM; 2447 } 2448 2449 s = comedi_file_write_subdevice(file); 2450 if (s && s->async) { 2451 unsigned int bps = comedi_bytes_per_sample(s); 2452 2453 if (s != s_read) 2454 poll_wait(file, &s->async->wait_head, wait); 2455 if (s->busy != file || !comedi_is_subdevice_running(s) || 2456 !(s->async->cmd.flags & CMDF_WRITE) || 2457 comedi_buf_write_n_available(s) >= bps) 2458 mask |= EPOLLOUT | EPOLLWRNORM; 2459 } 2460 2461done: 2462 up_read(&dev->attach_lock); 2463 return mask; 2464} 2465 2466static ssize_t comedi_write(struct file *file, const char __user *buf, 2467 size_t nbytes, loff_t *offset) 2468{ 2469 struct comedi_subdevice *s; 2470 struct comedi_async *async; 2471 unsigned int n, m; 2472 ssize_t count = 0; 2473 int retval = 0; 2474 DECLARE_WAITQUEUE(wait, current); 2475 struct comedi_file *cfp = file->private_data; 2476 struct comedi_device *dev = cfp->dev; 2477 bool become_nonbusy = false; 2478 bool attach_locked; 2479 unsigned int old_detach_count; 2480 2481 /* Protect against device detachment during operation. */ 2482 down_read(&dev->attach_lock); 2483 attach_locked = true; 2484 old_detach_count = dev->detach_count; 2485 2486 if (!dev->attached) { 2487 dev_dbg(dev->class_dev, "no driver attached\n"); 2488 retval = -ENODEV; 2489 goto out; 2490 } 2491 2492 s = comedi_file_write_subdevice(file); 2493 if (!s || !s->async) { 2494 retval = -EIO; 2495 goto out; 2496 } 2497 2498 async = s->async; 2499 if (s->busy != file || !(async->cmd.flags & CMDF_WRITE)) { 2500 retval = -EINVAL; 2501 goto out; 2502 } 2503 2504 add_wait_queue(&async->wait_head, &wait); 2505 while (count == 0 && !retval) { 2506 unsigned int runflags; 2507 unsigned int wp, n1, n2; 2508 2509 set_current_state(TASK_INTERRUPTIBLE); 2510 2511 runflags = comedi_get_subdevice_runflags(s); 2512 if (!comedi_is_runflags_running(runflags)) { 2513 if (comedi_is_runflags_in_error(runflags)) 2514 retval = -EPIPE; 2515 if (retval || nbytes) 2516 become_nonbusy = true; 2517 break; 2518 } 2519 if (nbytes == 0) 2520 break; 2521 2522 /* Allocate all free buffer space. */ 2523 comedi_buf_write_alloc(s, async->prealloc_bufsz); 2524 m = comedi_buf_write_n_allocated(s); 2525 n = min_t(size_t, m, nbytes); 2526 2527 if (n == 0) { 2528 if (file->f_flags & O_NONBLOCK) { 2529 retval = -EAGAIN; 2530 break; 2531 } 2532 schedule(); 2533 if (signal_pending(current)) { 2534 retval = -ERESTARTSYS; 2535 break; 2536 } 2537 if (s->busy != file || 2538 !(async->cmd.flags & CMDF_WRITE)) { 2539 retval = -EINVAL; 2540 break; 2541 } 2542 continue; 2543 } 2544 2545 set_current_state(TASK_RUNNING); 2546 wp = async->buf_write_ptr; 2547 n1 = min(n, async->prealloc_bufsz - wp); 2548 n2 = n - n1; 2549 m = copy_from_user(async->prealloc_buf + wp, buf, n1); 2550 if (m) 2551 m += n2; 2552 else if (n2) 2553 m = copy_from_user(async->prealloc_buf, buf + n1, n2); 2554 if (m) { 2555 n -= m; 2556 retval = -EFAULT; 2557 } 2558 comedi_buf_write_free(s, n); 2559 2560 count += n; 2561 nbytes -= n; 2562 2563 buf += n; 2564 } 2565 remove_wait_queue(&async->wait_head, &wait); 2566 set_current_state(TASK_RUNNING); 2567 if (become_nonbusy && count == 0) { 2568 struct comedi_subdevice *new_s; 2569 2570 /* 2571 * To avoid deadlock, cannot acquire dev->mutex 2572 * while dev->attach_lock is held. 2573 */ 2574 up_read(&dev->attach_lock); 2575 attach_locked = false; 2576 mutex_lock(&dev->mutex); 2577 /* 2578 * Check device hasn't become detached behind our back. 2579 * Checking dev->detach_count is unchanged ought to be 2580 * sufficient (unless there have been 2**32 detaches in the 2581 * meantime!), but check the subdevice pointer as well just in 2582 * case. 2583 * 2584 * Also check the subdevice is still in a suitable state to 2585 * become non-busy in case it changed behind our back. 2586 */ 2587 new_s = comedi_file_write_subdevice(file); 2588 if (dev->attached && old_detach_count == dev->detach_count && 2589 s == new_s && new_s->async == async && s->busy == file && 2590 (async->cmd.flags & CMDF_WRITE) && 2591 !comedi_is_subdevice_running(s)) 2592 do_become_nonbusy(dev, s); 2593 mutex_unlock(&dev->mutex); 2594 } 2595out: 2596 if (attach_locked) 2597 up_read(&dev->attach_lock); 2598 2599 return count ? count : retval; 2600} 2601 2602static ssize_t comedi_read(struct file *file, char __user *buf, size_t nbytes, 2603 loff_t *offset) 2604{ 2605 struct comedi_subdevice *s; 2606 struct comedi_async *async; 2607 unsigned int n, m; 2608 ssize_t count = 0; 2609 int retval = 0; 2610 DECLARE_WAITQUEUE(wait, current); 2611 struct comedi_file *cfp = file->private_data; 2612 struct comedi_device *dev = cfp->dev; 2613 unsigned int old_detach_count; 2614 bool become_nonbusy = false; 2615 bool attach_locked; 2616 2617 /* Protect against device detachment during operation. */ 2618 down_read(&dev->attach_lock); 2619 attach_locked = true; 2620 old_detach_count = dev->detach_count; 2621 2622 if (!dev->attached) { 2623 dev_dbg(dev->class_dev, "no driver attached\n"); 2624 retval = -ENODEV; 2625 goto out; 2626 } 2627 2628 s = comedi_file_read_subdevice(file); 2629 if (!s || !s->async) { 2630 retval = -EIO; 2631 goto out; 2632 } 2633 2634 async = s->async; 2635 if (s->busy != file || (async->cmd.flags & CMDF_WRITE)) { 2636 retval = -EINVAL; 2637 goto out; 2638 } 2639 2640 add_wait_queue(&async->wait_head, &wait); 2641 while (count == 0 && !retval) { 2642 unsigned int rp, n1, n2; 2643 2644 set_current_state(TASK_INTERRUPTIBLE); 2645 2646 m = comedi_buf_read_n_available(s); 2647 n = min_t(size_t, m, nbytes); 2648 2649 if (n == 0) { 2650 unsigned int runflags = 2651 comedi_get_subdevice_runflags(s); 2652 2653 if (!comedi_is_runflags_running(runflags)) { 2654 if (comedi_is_runflags_in_error(runflags)) 2655 retval = -EPIPE; 2656 if (retval || nbytes) 2657 become_nonbusy = true; 2658 break; 2659 } 2660 if (nbytes == 0) 2661 break; 2662 if (file->f_flags & O_NONBLOCK) { 2663 retval = -EAGAIN; 2664 break; 2665 } 2666 schedule(); 2667 if (signal_pending(current)) { 2668 retval = -ERESTARTSYS; 2669 break; 2670 } 2671 if (s->busy != file || 2672 (async->cmd.flags & CMDF_WRITE)) { 2673 retval = -EINVAL; 2674 break; 2675 } 2676 continue; 2677 } 2678 2679 set_current_state(TASK_RUNNING); 2680 rp = async->buf_read_ptr; 2681 n1 = min(n, async->prealloc_bufsz - rp); 2682 n2 = n - n1; 2683 m = copy_to_user(buf, async->prealloc_buf + rp, n1); 2684 if (m) 2685 m += n2; 2686 else if (n2) 2687 m = copy_to_user(buf + n1, async->prealloc_buf, n2); 2688 if (m) { 2689 n -= m; 2690 retval = -EFAULT; 2691 } 2692 2693 comedi_buf_read_alloc(s, n); 2694 comedi_buf_read_free(s, n); 2695 2696 count += n; 2697 nbytes -= n; 2698 2699 buf += n; 2700 } 2701 remove_wait_queue(&async->wait_head, &wait); 2702 set_current_state(TASK_RUNNING); 2703 if (become_nonbusy && count == 0) { 2704 struct comedi_subdevice *new_s; 2705 2706 /* 2707 * To avoid deadlock, cannot acquire dev->mutex 2708 * while dev->attach_lock is held. 2709 */ 2710 up_read(&dev->attach_lock); 2711 attach_locked = false; 2712 mutex_lock(&dev->mutex); 2713 /* 2714 * Check device hasn't become detached behind our back. 2715 * Checking dev->detach_count is unchanged ought to be 2716 * sufficient (unless there have been 2**32 detaches in the 2717 * meantime!), but check the subdevice pointer as well just in 2718 * case. 2719 * 2720 * Also check the subdevice is still in a suitable state to 2721 * become non-busy in case it changed behind our back. 2722 */ 2723 new_s = comedi_file_read_subdevice(file); 2724 if (dev->attached && old_detach_count == dev->detach_count && 2725 s == new_s && new_s->async == async && s->busy == file && 2726 !(async->cmd.flags & CMDF_WRITE) && 2727 !comedi_is_subdevice_running(s) && 2728 comedi_buf_read_n_available(s) == 0) 2729 do_become_nonbusy(dev, s); 2730 mutex_unlock(&dev->mutex); 2731 } 2732out: 2733 if (attach_locked) 2734 up_read(&dev->attach_lock); 2735 2736 return count ? count : retval; 2737} 2738 2739static int comedi_open(struct inode *inode, struct file *file) 2740{ 2741 const unsigned int minor = iminor(inode); 2742 struct comedi_file *cfp; 2743 struct comedi_device *dev = comedi_dev_get_from_minor(minor); 2744 int rc; 2745 2746 if (!dev) { 2747 pr_debug("invalid minor number\n"); 2748 return -ENODEV; 2749 } 2750 2751 cfp = kzalloc(sizeof(*cfp), GFP_KERNEL); 2752 if (!cfp) { 2753 comedi_dev_put(dev); 2754 return -ENOMEM; 2755 } 2756 2757 cfp->dev = dev; 2758 2759 mutex_lock(&dev->mutex); 2760 if (!dev->attached && !capable(CAP_SYS_ADMIN)) { 2761 dev_dbg(dev->class_dev, "not attached and not CAP_SYS_ADMIN\n"); 2762 rc = -ENODEV; 2763 goto out; 2764 } 2765 if (dev->attached && dev->use_count == 0) { 2766 if (!try_module_get(dev->driver->module)) { 2767 rc = -ENXIO; 2768 goto out; 2769 } 2770 if (dev->open) { 2771 rc = dev->open(dev); 2772 if (rc < 0) { 2773 module_put(dev->driver->module); 2774 goto out; 2775 } 2776 } 2777 } 2778 2779 dev->use_count++; 2780 file->private_data = cfp; 2781 comedi_file_reset(file); 2782 rc = 0; 2783 2784out: 2785 mutex_unlock(&dev->mutex); 2786 if (rc) { 2787 comedi_dev_put(dev); 2788 kfree(cfp); 2789 } 2790 return rc; 2791} 2792 2793static int comedi_fasync(int fd, struct file *file, int on) 2794{ 2795 struct comedi_file *cfp = file->private_data; 2796 struct comedi_device *dev = cfp->dev; 2797 2798 return fasync_helper(fd, file, on, &dev->async_queue); 2799} 2800 2801static int comedi_close(struct inode *inode, struct file *file) 2802{ 2803 struct comedi_file *cfp = file->private_data; 2804 struct comedi_device *dev = cfp->dev; 2805 struct comedi_subdevice *s = NULL; 2806 int i; 2807 2808 mutex_lock(&dev->mutex); 2809 2810 if (dev->subdevices) { 2811 for (i = 0; i < dev->n_subdevices; i++) { 2812 s = &dev->subdevices[i]; 2813 2814 if (s->busy == file) 2815 do_cancel(dev, s); 2816 if (s->lock == file) 2817 s->lock = NULL; 2818 } 2819 } 2820 if (dev->attached && dev->use_count == 1) { 2821 if (dev->close) 2822 dev->close(dev); 2823 module_put(dev->driver->module); 2824 } 2825 2826 dev->use_count--; 2827 2828 mutex_unlock(&dev->mutex); 2829 comedi_dev_put(dev); 2830 kfree(cfp); 2831 2832 return 0; 2833} 2834 2835#ifdef CONFIG_COMPAT 2836 2837#define COMEDI32_CHANINFO _IOR(CIO, 3, struct comedi32_chaninfo_struct) 2838#define COMEDI32_RANGEINFO _IOR(CIO, 8, struct comedi32_rangeinfo_struct) 2839/* 2840 * N.B. COMEDI32_CMD and COMEDI_CMD ought to use _IOWR, not _IOR. 2841 * It's too late to change it now, but it only affects the command number. 2842 */ 2843#define COMEDI32_CMD _IOR(CIO, 9, struct comedi32_cmd_struct) 2844/* 2845 * N.B. COMEDI32_CMDTEST and COMEDI_CMDTEST ought to use _IOWR, not _IOR. 2846 * It's too late to change it now, but it only affects the command number. 2847 */ 2848#define COMEDI32_CMDTEST _IOR(CIO, 10, struct comedi32_cmd_struct) 2849#define COMEDI32_INSNLIST _IOR(CIO, 11, struct comedi32_insnlist_struct) 2850#define COMEDI32_INSN _IOR(CIO, 12, struct comedi32_insn_struct) 2851 2852struct comedi32_chaninfo_struct { 2853 unsigned int subdev; 2854 compat_uptr_t maxdata_list; /* 32-bit 'unsigned int *' */ 2855 compat_uptr_t flaglist; /* 32-bit 'unsigned int *' */ 2856 compat_uptr_t rangelist; /* 32-bit 'unsigned int *' */ 2857 unsigned int unused[4]; 2858}; 2859 2860struct comedi32_rangeinfo_struct { 2861 unsigned int range_type; 2862 compat_uptr_t range_ptr; /* 32-bit 'void *' */ 2863}; 2864 2865struct comedi32_cmd_struct { 2866 unsigned int subdev; 2867 unsigned int flags; 2868 unsigned int start_src; 2869 unsigned int start_arg; 2870 unsigned int scan_begin_src; 2871 unsigned int scan_begin_arg; 2872 unsigned int convert_src; 2873 unsigned int convert_arg; 2874 unsigned int scan_end_src; 2875 unsigned int scan_end_arg; 2876 unsigned int stop_src; 2877 unsigned int stop_arg; 2878 compat_uptr_t chanlist; /* 32-bit 'unsigned int *' */ 2879 unsigned int chanlist_len; 2880 compat_uptr_t data; /* 32-bit 'short *' */ 2881 unsigned int data_len; 2882}; 2883 2884struct comedi32_insn_struct { 2885 unsigned int insn; 2886 unsigned int n; 2887 compat_uptr_t data; /* 32-bit 'unsigned int *' */ 2888 unsigned int subdev; 2889 unsigned int chanspec; 2890 unsigned int unused[3]; 2891}; 2892 2893struct comedi32_insnlist_struct { 2894 unsigned int n_insns; 2895 compat_uptr_t insns; /* 32-bit 'struct comedi_insn *' */ 2896}; 2897 2898/* Handle 32-bit COMEDI_CHANINFO ioctl. */ 2899static int compat_chaninfo(struct file *file, unsigned long arg) 2900{ 2901 struct comedi_file *cfp = file->private_data; 2902 struct comedi_device *dev = cfp->dev; 2903 struct comedi32_chaninfo_struct chaninfo32; 2904 struct comedi_chaninfo chaninfo; 2905 int err; 2906 2907 if (copy_from_user(&chaninfo32, compat_ptr(arg), sizeof(chaninfo32))) 2908 return -EFAULT; 2909 2910 memset(&chaninfo, 0, sizeof(chaninfo)); 2911 chaninfo.subdev = chaninfo32.subdev; 2912 chaninfo.maxdata_list = compat_ptr(chaninfo32.maxdata_list); 2913 chaninfo.flaglist = compat_ptr(chaninfo32.flaglist); 2914 chaninfo.rangelist = compat_ptr(chaninfo32.rangelist); 2915 2916 mutex_lock(&dev->mutex); 2917 err = do_chaninfo_ioctl(dev, &chaninfo); 2918 mutex_unlock(&dev->mutex); 2919 return err; 2920} 2921 2922/* Handle 32-bit COMEDI_RANGEINFO ioctl. */ 2923static int compat_rangeinfo(struct file *file, unsigned long arg) 2924{ 2925 struct comedi_file *cfp = file->private_data; 2926 struct comedi_device *dev = cfp->dev; 2927 struct comedi32_rangeinfo_struct rangeinfo32; 2928 struct comedi_rangeinfo rangeinfo; 2929 int err; 2930 2931 if (copy_from_user(&rangeinfo32, compat_ptr(arg), sizeof(rangeinfo32))) 2932 return -EFAULT; 2933 memset(&rangeinfo, 0, sizeof(rangeinfo)); 2934 rangeinfo.range_type = rangeinfo32.range_type; 2935 rangeinfo.range_ptr = compat_ptr(rangeinfo32.range_ptr); 2936 2937 mutex_lock(&dev->mutex); 2938 err = do_rangeinfo_ioctl(dev, &rangeinfo); 2939 mutex_unlock(&dev->mutex); 2940 return err; 2941} 2942 2943/* Copy 32-bit cmd structure to native cmd structure. */ 2944static int get_compat_cmd(struct comedi_cmd *cmd, 2945 struct comedi32_cmd_struct __user *cmd32) 2946{ 2947 struct comedi32_cmd_struct v32; 2948 2949 if (copy_from_user(&v32, cmd32, sizeof(v32))) 2950 return -EFAULT; 2951 2952 cmd->subdev = v32.subdev; 2953 cmd->flags = v32.flags; 2954 cmd->start_src = v32.start_src; 2955 cmd->start_arg = v32.start_arg; 2956 cmd->scan_begin_src = v32.scan_begin_src; 2957 cmd->scan_begin_arg = v32.scan_begin_arg; 2958 cmd->convert_src = v32.convert_src; 2959 cmd->convert_arg = v32.convert_arg; 2960 cmd->scan_end_src = v32.scan_end_src; 2961 cmd->scan_end_arg = v32.scan_end_arg; 2962 cmd->stop_src = v32.stop_src; 2963 cmd->stop_arg = v32.stop_arg; 2964 cmd->chanlist = (unsigned int __force *)compat_ptr(v32.chanlist); 2965 cmd->chanlist_len = v32.chanlist_len; 2966 cmd->data = compat_ptr(v32.data); 2967 cmd->data_len = v32.data_len; 2968 return 0; 2969} 2970 2971/* Copy native cmd structure to 32-bit cmd structure. */ 2972static int put_compat_cmd(struct comedi32_cmd_struct __user *cmd32, 2973 struct comedi_cmd *cmd) 2974{ 2975 struct comedi32_cmd_struct v32; 2976 2977 memset(&v32, 0, sizeof(v32)); 2978 v32.subdev = cmd->subdev; 2979 v32.flags = cmd->flags; 2980 v32.start_src = cmd->start_src; 2981 v32.start_arg = cmd->start_arg; 2982 v32.scan_begin_src = cmd->scan_begin_src; 2983 v32.scan_begin_arg = cmd->scan_begin_arg; 2984 v32.convert_src = cmd->convert_src; 2985 v32.convert_arg = cmd->convert_arg; 2986 v32.scan_end_src = cmd->scan_end_src; 2987 v32.scan_end_arg = cmd->scan_end_arg; 2988 v32.stop_src = cmd->stop_src; 2989 v32.stop_arg = cmd->stop_arg; 2990 /* Assume chanlist pointer is unchanged. */ 2991 v32.chanlist = ptr_to_compat((unsigned int __user *)cmd->chanlist); 2992 v32.chanlist_len = cmd->chanlist_len; 2993 v32.data = ptr_to_compat(cmd->data); 2994 v32.data_len = cmd->data_len; 2995 if (copy_to_user(cmd32, &v32, sizeof(v32))) 2996 return -EFAULT; 2997 return 0; 2998} 2999 3000/* Handle 32-bit COMEDI_CMD ioctl. */ 3001static int compat_cmd(struct file *file, unsigned long arg) 3002{ 3003 struct comedi_file *cfp = file->private_data; 3004 struct comedi_device *dev = cfp->dev; 3005 struct comedi_cmd cmd; 3006 bool copy = false; 3007 int rc, err; 3008 3009 rc = get_compat_cmd(&cmd, compat_ptr(arg)); 3010 if (rc) 3011 return rc; 3012 3013 mutex_lock(&dev->mutex); 3014 rc = do_cmd_ioctl(dev, &cmd, ©, file); 3015 mutex_unlock(&dev->mutex); 3016 if (copy) { 3017 /* Special case: copy cmd back to user. */ 3018 err = put_compat_cmd(compat_ptr(arg), &cmd); 3019 if (err) 3020 rc = err; 3021 } 3022 return rc; 3023} 3024 3025/* Handle 32-bit COMEDI_CMDTEST ioctl. */ 3026static int compat_cmdtest(struct file *file, unsigned long arg) 3027{ 3028 struct comedi_file *cfp = file->private_data; 3029 struct comedi_device *dev = cfp->dev; 3030 struct comedi_cmd cmd; 3031 bool copy = false; 3032 int rc, err; 3033 3034 rc = get_compat_cmd(&cmd, compat_ptr(arg)); 3035 if (rc) 3036 return rc; 3037 3038 mutex_lock(&dev->mutex); 3039 rc = do_cmdtest_ioctl(dev, &cmd, ©, file); 3040 mutex_unlock(&dev->mutex); 3041 if (copy) { 3042 err = put_compat_cmd(compat_ptr(arg), &cmd); 3043 if (err) 3044 rc = err; 3045 } 3046 return rc; 3047} 3048 3049/* Copy 32-bit insn structure to native insn structure. */ 3050static int get_compat_insn(struct comedi_insn *insn, 3051 struct comedi32_insn_struct __user *insn32) 3052{ 3053 struct comedi32_insn_struct v32; 3054 3055 /* Copy insn structure. Ignore the unused members. */ 3056 if (copy_from_user(&v32, insn32, sizeof(v32))) 3057 return -EFAULT; 3058 memset(insn, 0, sizeof(*insn)); 3059 insn->insn = v32.insn; 3060 insn->n = v32.n; 3061 insn->data = compat_ptr(v32.data); 3062 insn->subdev = v32.subdev; 3063 insn->chanspec = v32.chanspec; 3064 return 0; 3065} 3066 3067/* Handle 32-bit COMEDI_INSNLIST ioctl. */ 3068static int compat_insnlist(struct file *file, unsigned long arg) 3069{ 3070 struct comedi_file *cfp = file->private_data; 3071 struct comedi_device *dev = cfp->dev; 3072 struct comedi32_insnlist_struct insnlist32; 3073 struct comedi32_insn_struct __user *insn32; 3074 struct comedi_insn *insns; 3075 unsigned int n; 3076 int rc; 3077 3078 if (copy_from_user(&insnlist32, compat_ptr(arg), sizeof(insnlist32))) 3079 return -EFAULT; 3080 3081 insns = kcalloc(insnlist32.n_insns, sizeof(*insns), GFP_KERNEL); 3082 if (!insns) 3083 return -ENOMEM; 3084 3085 /* Copy insn structures. */ 3086 insn32 = compat_ptr(insnlist32.insns); 3087 for (n = 0; n < insnlist32.n_insns; n++) { 3088 rc = get_compat_insn(insns + n, insn32 + n); 3089 if (rc) { 3090 kfree(insns); 3091 return rc; 3092 } 3093 } 3094 3095 mutex_lock(&dev->mutex); 3096 rc = do_insnlist_ioctl(dev, insns, insnlist32.n_insns, file); 3097 mutex_unlock(&dev->mutex); 3098 kfree(insns); 3099 return rc; 3100} 3101 3102/* Handle 32-bit COMEDI_INSN ioctl. */ 3103static int compat_insn(struct file *file, unsigned long arg) 3104{ 3105 struct comedi_file *cfp = file->private_data; 3106 struct comedi_device *dev = cfp->dev; 3107 struct comedi_insn insn; 3108 int rc; 3109 3110 rc = get_compat_insn(&insn, (void __user *)arg); 3111 if (rc) 3112 return rc; 3113 3114 mutex_lock(&dev->mutex); 3115 rc = do_insn_ioctl(dev, &insn, file); 3116 mutex_unlock(&dev->mutex); 3117 return rc; 3118} 3119 3120/* 3121 * compat_ioctl file operation. 3122 * 3123 * Returns -ENOIOCTLCMD for unrecognised ioctl codes. 3124 */ 3125static long comedi_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 3126{ 3127 int rc; 3128 3129 switch (cmd) { 3130 case COMEDI_DEVCONFIG: 3131 case COMEDI_DEVINFO: 3132 case COMEDI_SUBDINFO: 3133 case COMEDI_BUFCONFIG: 3134 case COMEDI_BUFINFO: 3135 /* Just need to translate the pointer argument. */ 3136 arg = (unsigned long)compat_ptr(arg); 3137 rc = comedi_unlocked_ioctl(file, cmd, arg); 3138 break; 3139 case COMEDI_LOCK: 3140 case COMEDI_UNLOCK: 3141 case COMEDI_CANCEL: 3142 case COMEDI_POLL: 3143 case COMEDI_SETRSUBD: 3144 case COMEDI_SETWSUBD: 3145 /* No translation needed. */ 3146 rc = comedi_unlocked_ioctl(file, cmd, arg); 3147 break; 3148 case COMEDI32_CHANINFO: 3149 rc = compat_chaninfo(file, arg); 3150 break; 3151 case COMEDI32_RANGEINFO: 3152 rc = compat_rangeinfo(file, arg); 3153 break; 3154 case COMEDI32_CMD: 3155 rc = compat_cmd(file, arg); 3156 break; 3157 case COMEDI32_CMDTEST: 3158 rc = compat_cmdtest(file, arg); 3159 break; 3160 case COMEDI32_INSNLIST: 3161 rc = compat_insnlist(file, arg); 3162 break; 3163 case COMEDI32_INSN: 3164 rc = compat_insn(file, arg); 3165 break; 3166 default: 3167 rc = -ENOIOCTLCMD; 3168 break; 3169 } 3170 return rc; 3171} 3172#else 3173#define comedi_compat_ioctl NULL 3174#endif 3175 3176static const struct file_operations comedi_fops = { 3177 .owner = THIS_MODULE, 3178 .unlocked_ioctl = comedi_unlocked_ioctl, 3179 .compat_ioctl = comedi_compat_ioctl, 3180 .open = comedi_open, 3181 .release = comedi_close, 3182 .read = comedi_read, 3183 .write = comedi_write, 3184 .mmap = comedi_mmap, 3185 .poll = comedi_poll, 3186 .fasync = comedi_fasync, 3187 .llseek = noop_llseek, 3188}; 3189 3190/** 3191 * comedi_event() - Handle events for asynchronous COMEDI command 3192 * @dev: COMEDI device. 3193 * @s: COMEDI subdevice. 3194 * Context: in_interrupt() (usually), @s->spin_lock spin-lock not held. 3195 * 3196 * If an asynchronous COMEDI command is active on the subdevice, process 3197 * any %COMEDI_CB_... event flags that have been set, usually by an 3198 * interrupt handler. These may change the run state of the asynchronous 3199 * command, wake a task, and/or send a %SIGIO signal. 3200 */ 3201void comedi_event(struct comedi_device *dev, struct comedi_subdevice *s) 3202{ 3203 struct comedi_async *async = s->async; 3204 unsigned int events; 3205 int si_code = 0; 3206 unsigned long flags; 3207 3208 spin_lock_irqsave(&s->spin_lock, flags); 3209 3210 events = async->events; 3211 async->events = 0; 3212 if (!__comedi_is_subdevice_running(s)) { 3213 spin_unlock_irqrestore(&s->spin_lock, flags); 3214 return; 3215 } 3216 3217 if (events & COMEDI_CB_CANCEL_MASK) 3218 __comedi_clear_subdevice_runflags(s, COMEDI_SRF_RUNNING); 3219 3220 /* 3221 * Remember if an error event has occurred, so an error can be 3222 * returned the next time the user does a read() or write(). 3223 */ 3224 if (events & COMEDI_CB_ERROR_MASK) 3225 __comedi_set_subdevice_runflags(s, COMEDI_SRF_ERROR); 3226 3227 if (async->cb_mask & events) { 3228 wake_up_interruptible(&async->wait_head); 3229 si_code = async->cmd.flags & CMDF_WRITE ? POLL_OUT : POLL_IN; 3230 } 3231 3232 spin_unlock_irqrestore(&s->spin_lock, flags); 3233 3234 if (si_code) 3235 kill_fasync(&dev->async_queue, SIGIO, si_code); 3236} 3237EXPORT_SYMBOL_GPL(comedi_event); 3238 3239/* Note: the ->mutex is pre-locked on successful return */ 3240struct comedi_device *comedi_alloc_board_minor(struct device *hardware_device) 3241{ 3242 struct comedi_device *dev; 3243 struct device *csdev; 3244 unsigned int i; 3245 3246 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3247 if (!dev) 3248 return ERR_PTR(-ENOMEM); 3249 comedi_device_init(dev); 3250 comedi_set_hw_dev(dev, hardware_device); 3251 mutex_lock(&dev->mutex); 3252 mutex_lock(&comedi_board_minor_table_lock); 3253 for (i = hardware_device ? comedi_num_legacy_minors : 0; 3254 i < COMEDI_NUM_BOARD_MINORS; ++i) { 3255 if (!comedi_board_minor_table[i]) { 3256 comedi_board_minor_table[i] = dev; 3257 break; 3258 } 3259 } 3260 mutex_unlock(&comedi_board_minor_table_lock); 3261 if (i == COMEDI_NUM_BOARD_MINORS) { 3262 mutex_unlock(&dev->mutex); 3263 comedi_device_cleanup(dev); 3264 comedi_dev_put(dev); 3265 dev_err(hardware_device, 3266 "ran out of minor numbers for board device files\n"); 3267 return ERR_PTR(-EBUSY); 3268 } 3269 dev->minor = i; 3270 csdev = device_create(&comedi_class, hardware_device, 3271 MKDEV(COMEDI_MAJOR, i), NULL, "comedi%i", i); 3272 if (!IS_ERR(csdev)) 3273 dev->class_dev = get_device(csdev); 3274 3275 /* Note: dev->mutex needs to be unlocked by the caller. */ 3276 return dev; 3277} 3278 3279void comedi_release_hardware_device(struct device *hardware_device) 3280{ 3281 int minor; 3282 struct comedi_device *dev; 3283 3284 for (minor = comedi_num_legacy_minors; minor < COMEDI_NUM_BOARD_MINORS; 3285 minor++) { 3286 mutex_lock(&comedi_board_minor_table_lock); 3287 dev = comedi_board_minor_table[minor]; 3288 if (dev && dev->hw_dev == hardware_device) { 3289 comedi_board_minor_table[minor] = NULL; 3290 mutex_unlock(&comedi_board_minor_table_lock); 3291 comedi_free_board_dev(dev); 3292 break; 3293 } 3294 mutex_unlock(&comedi_board_minor_table_lock); 3295 } 3296} 3297 3298int comedi_alloc_subdevice_minor(struct comedi_subdevice *s) 3299{ 3300 struct comedi_device *dev = s->device; 3301 struct device *csdev; 3302 unsigned int i; 3303 3304 mutex_lock(&comedi_subdevice_minor_table_lock); 3305 for (i = 0; i < COMEDI_NUM_SUBDEVICE_MINORS; ++i) { 3306 if (!comedi_subdevice_minor_table[i]) { 3307 comedi_subdevice_minor_table[i] = s; 3308 break; 3309 } 3310 } 3311 mutex_unlock(&comedi_subdevice_minor_table_lock); 3312 if (i == COMEDI_NUM_SUBDEVICE_MINORS) { 3313 dev_err(dev->class_dev, 3314 "ran out of minor numbers for subdevice files\n"); 3315 return -EBUSY; 3316 } 3317 i += COMEDI_NUM_BOARD_MINORS; 3318 s->minor = i; 3319 csdev = device_create(&comedi_class, dev->class_dev, 3320 MKDEV(COMEDI_MAJOR, i), NULL, "comedi%i_subd%i", 3321 dev->minor, s->index); 3322 if (!IS_ERR(csdev)) 3323 s->class_dev = csdev; 3324 3325 return 0; 3326} 3327 3328void comedi_free_subdevice_minor(struct comedi_subdevice *s) 3329{ 3330 unsigned int i; 3331 3332 if (!s) 3333 return; 3334 if (s->minor < COMEDI_NUM_BOARD_MINORS || 3335 s->minor >= COMEDI_NUM_MINORS) 3336 return; 3337 3338 i = s->minor - COMEDI_NUM_BOARD_MINORS; 3339 mutex_lock(&comedi_subdevice_minor_table_lock); 3340 if (s == comedi_subdevice_minor_table[i]) 3341 comedi_subdevice_minor_table[i] = NULL; 3342 mutex_unlock(&comedi_subdevice_minor_table_lock); 3343 if (s->class_dev) { 3344 device_destroy(&comedi_class, MKDEV(COMEDI_MAJOR, s->minor)); 3345 s->class_dev = NULL; 3346 } 3347} 3348 3349static void comedi_cleanup_board_minors(void) 3350{ 3351 struct comedi_device *dev; 3352 unsigned int i; 3353 3354 for (i = 0; i < COMEDI_NUM_BOARD_MINORS; i++) { 3355 dev = comedi_clear_board_minor(i); 3356 comedi_free_board_dev(dev); 3357 } 3358} 3359 3360static int __init comedi_init(void) 3361{ 3362 int i; 3363 int retval; 3364 3365 pr_info("version " COMEDI_RELEASE " - http://www.comedi.org\n"); 3366 3367 if (comedi_num_legacy_minors > COMEDI_NUM_BOARD_MINORS) { 3368 pr_err("invalid value for module parameter \"comedi_num_legacy_minors\". Valid values are 0 through %i.\n", 3369 COMEDI_NUM_BOARD_MINORS); 3370 return -EINVAL; 3371 } 3372 3373 retval = register_chrdev_region(MKDEV(COMEDI_MAJOR, 0), 3374 COMEDI_NUM_MINORS, "comedi"); 3375 if (retval) 3376 return retval; 3377 3378 cdev_init(&comedi_cdev, &comedi_fops); 3379 comedi_cdev.owner = THIS_MODULE; 3380 3381 retval = kobject_set_name(&comedi_cdev.kobj, "comedi"); 3382 if (retval) 3383 goto out_unregister_chrdev_region; 3384 3385 retval = cdev_add(&comedi_cdev, MKDEV(COMEDI_MAJOR, 0), 3386 COMEDI_NUM_MINORS); 3387 if (retval) 3388 goto out_unregister_chrdev_region; 3389 3390 retval = class_register(&comedi_class); 3391 if (retval) { 3392 pr_err("failed to create class\n"); 3393 goto out_cdev_del; 3394 } 3395 3396 /* create devices files for legacy/manual use */ 3397 for (i = 0; i < comedi_num_legacy_minors; i++) { 3398 struct comedi_device *dev; 3399 3400 dev = comedi_alloc_board_minor(NULL); 3401 if (IS_ERR(dev)) { 3402 retval = PTR_ERR(dev); 3403 goto out_cleanup_board_minors; 3404 } 3405 /* comedi_alloc_board_minor() locked the mutex */ 3406 lockdep_assert_held(&dev->mutex); 3407 mutex_unlock(&dev->mutex); 3408 } 3409 3410 /* XXX requires /proc interface */ 3411 comedi_proc_init(); 3412 3413 return 0; 3414 3415out_cleanup_board_minors: 3416 comedi_cleanup_board_minors(); 3417 class_unregister(&comedi_class); 3418out_cdev_del: 3419 cdev_del(&comedi_cdev); 3420out_unregister_chrdev_region: 3421 unregister_chrdev_region(MKDEV(COMEDI_MAJOR, 0), COMEDI_NUM_MINORS); 3422 return retval; 3423} 3424module_init(comedi_init); 3425 3426static void __exit comedi_cleanup(void) 3427{ 3428 comedi_cleanup_board_minors(); 3429 class_unregister(&comedi_class); 3430 cdev_del(&comedi_cdev); 3431 unregister_chrdev_region(MKDEV(COMEDI_MAJOR, 0), COMEDI_NUM_MINORS); 3432 3433 comedi_proc_cleanup(); 3434} 3435module_exit(comedi_cleanup); 3436 3437MODULE_AUTHOR("https://www.comedi.org"); 3438MODULE_DESCRIPTION("Comedi core module"); 3439MODULE_LICENSE("GPL"); 3440