1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * compat ioctls for control API
4 *
5 * Copyright (c) by Takashi Iwai <tiwai@suse.de>
6 */
7
8 /* this file included from control.c */
9
10 #include <linux/compat.h>
11 #include <linux/slab.h>
12
13 struct snd_ctl_elem_list32 {
14 u32 offset;
15 u32 space;
16 u32 used;
17 u32 count;
18 u32 pids;
19 unsigned char reserved[50];
20 } /* don't set packed attribute here */;
21
snd_ctl_elem_list_compat(struct snd_card * card,struct snd_ctl_elem_list32 __user * data32)22 static int snd_ctl_elem_list_compat(struct snd_card *card,
23 struct snd_ctl_elem_list32 __user *data32)
24 {
25 struct snd_ctl_elem_list data = {};
26 compat_caddr_t ptr;
27 int err;
28
29 /* offset, space, used, count */
30 if (copy_from_user(&data, data32, 4 * sizeof(u32)))
31 return -EFAULT;
32 /* pids */
33 if (get_user(ptr, &data32->pids))
34 return -EFAULT;
35 data.pids = compat_ptr(ptr);
36 err = snd_ctl_elem_list(card, &data);
37 if (err < 0)
38 return err;
39 /* copy the result */
40 if (copy_to_user(data32, &data, 4 * sizeof(u32)))
41 return -EFAULT;
42 return 0;
43 }
44
45 /*
46 * control element info
47 * it uses union, so the things are not easy..
48 */
49
50 struct snd_ctl_elem_info32 {
51 struct snd_ctl_elem_id id; // the size of struct is same
52 s32 type;
53 u32 access;
54 u32 count;
55 s32 owner;
56 union {
57 struct {
58 s32 min;
59 s32 max;
60 s32 step;
61 } integer;
62 struct {
63 u64 min;
64 u64 max;
65 u64 step;
66 } integer64;
67 struct {
68 u32 items;
69 u32 item;
70 char name[64];
71 u64 names_ptr;
72 u32 names_length;
73 } enumerated;
74 unsigned char reserved[128];
75 } value;
76 unsigned char reserved[64];
77 } __packed;
78
snd_ctl_elem_info_compat(struct snd_ctl_file * ctl,struct snd_ctl_elem_info32 __user * data32)79 static int snd_ctl_elem_info_compat(struct snd_ctl_file *ctl,
80 struct snd_ctl_elem_info32 __user *data32)
81 {
82 struct snd_card *card = ctl->card;
83 struct snd_ctl_elem_info *data __free(kfree) = NULL;
84 int err;
85
86 data = kzalloc(sizeof(*data), GFP_KERNEL);
87 if (! data)
88 return -ENOMEM;
89
90 /* copy id */
91 if (copy_from_user(&data->id, &data32->id, sizeof(data->id)))
92 return -EFAULT;
93 /* we need to copy the item index.
94 * hope this doesn't break anything..
95 */
96 if (get_user(data->value.enumerated.item, &data32->value.enumerated.item))
97 return -EFAULT;
98
99 err = snd_power_ref_and_wait(card);
100 if (err < 0)
101 return err;
102 err = snd_ctl_elem_info(ctl, data);
103 snd_power_unref(card);
104 if (err < 0)
105 return err;
106 /* restore info to 32bit */
107 /* id, type, access, count */
108 if (copy_to_user(&data32->id, &data->id, sizeof(data->id)) ||
109 copy_to_user(&data32->type, &data->type, 3 * sizeof(u32)))
110 return -EFAULT;
111 if (put_user(data->owner, &data32->owner))
112 return -EFAULT;
113 switch (data->type) {
114 case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
115 case SNDRV_CTL_ELEM_TYPE_INTEGER:
116 if (put_user(data->value.integer.min, &data32->value.integer.min) ||
117 put_user(data->value.integer.max, &data32->value.integer.max) ||
118 put_user(data->value.integer.step, &data32->value.integer.step))
119 return -EFAULT;
120 break;
121 case SNDRV_CTL_ELEM_TYPE_INTEGER64:
122 if (copy_to_user(&data32->value.integer64,
123 &data->value.integer64,
124 sizeof(data->value.integer64)))
125 return -EFAULT;
126 break;
127 case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
128 if (copy_to_user(&data32->value.enumerated,
129 &data->value.enumerated,
130 sizeof(data->value.enumerated)))
131 return -EFAULT;
132 break;
133 default:
134 break;
135 }
136 return 0;
137 }
138
139 /* read / write */
140 struct snd_ctl_elem_value32 {
141 struct snd_ctl_elem_id id;
142 unsigned int indirect; /* bit-field causes misalignment */
143 union {
144 s32 integer[128];
145 unsigned char data[512];
146 #ifndef CONFIG_X86_64
147 s64 integer64[64];
148 #endif
149 } value;
150 unsigned char reserved[128];
151 };
152
153 #ifdef CONFIG_X86_X32_ABI
154 /* x32 has a different alignment for 64bit values from ia32 */
155 struct snd_ctl_elem_value_x32 {
156 struct snd_ctl_elem_id id;
157 unsigned int indirect; /* bit-field causes misalignment */
158 union {
159 s32 integer[128];
160 unsigned char data[512];
161 s64 integer64[64];
162 } value;
163 unsigned char reserved[128];
164 };
165 #endif /* CONFIG_X86_X32_ABI */
166
167 /* get the value type and count of the control */
get_ctl_type(struct snd_card * card,struct snd_ctl_elem_id * id,int * countp)168 static int get_ctl_type(struct snd_card *card, struct snd_ctl_elem_id *id,
169 int *countp)
170 {
171 struct snd_kcontrol *kctl;
172 struct snd_ctl_elem_info *info __free(kfree) = NULL;
173 int err;
174
175 guard(rwsem_read)(&card->controls_rwsem);
176 kctl = snd_ctl_find_id(card, id);
177 if (!kctl)
178 return -ENOENT;
179 info = kzalloc(sizeof(*info), GFP_KERNEL);
180 if (info == NULL)
181 return -ENOMEM;
182 info->id = *id;
183 err = kctl->info(kctl, info);
184 if (err >= 0) {
185 err = info->type;
186 *countp = info->count;
187 }
188 return err;
189 }
190
get_elem_size(snd_ctl_elem_type_t type,int count)191 static int get_elem_size(snd_ctl_elem_type_t type, int count)
192 {
193 switch (type) {
194 case SNDRV_CTL_ELEM_TYPE_INTEGER64:
195 return sizeof(s64) * count;
196 case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
197 return sizeof(int) * count;
198 case SNDRV_CTL_ELEM_TYPE_BYTES:
199 return 512;
200 case SNDRV_CTL_ELEM_TYPE_IEC958:
201 return sizeof(struct snd_aes_iec958);
202 default:
203 return -1;
204 }
205 }
206
copy_ctl_value_from_user(struct snd_card * card,struct snd_ctl_elem_value * data,void __user * userdata,void __user * valuep,int * typep,int * countp)207 static int copy_ctl_value_from_user(struct snd_card *card,
208 struct snd_ctl_elem_value *data,
209 void __user *userdata,
210 void __user *valuep,
211 int *typep, int *countp)
212 {
213 struct snd_ctl_elem_value32 __user *data32 = userdata;
214 int i, type, size;
215 int count;
216 unsigned int indirect;
217
218 if (copy_from_user(&data->id, &data32->id, sizeof(data->id)))
219 return -EFAULT;
220 if (get_user(indirect, &data32->indirect))
221 return -EFAULT;
222 if (indirect)
223 return -EINVAL;
224 type = get_ctl_type(card, &data->id, &count);
225 if (type < 0)
226 return type;
227
228 if (type == (__force int)SNDRV_CTL_ELEM_TYPE_BOOLEAN ||
229 type == (__force int)SNDRV_CTL_ELEM_TYPE_INTEGER) {
230 for (i = 0; i < count; i++) {
231 s32 __user *intp = valuep;
232 int val;
233 if (get_user(val, &intp[i]))
234 return -EFAULT;
235 data->value.integer.value[i] = val;
236 }
237 } else {
238 size = get_elem_size((__force snd_ctl_elem_type_t)type, count);
239 if (size < 0) {
240 dev_err(card->dev, "snd_ioctl32_ctl_elem_value: unknown type %d\n", type);
241 return -EINVAL;
242 }
243 if (copy_from_user(data->value.bytes.data, valuep, size))
244 return -EFAULT;
245 }
246
247 *typep = type;
248 *countp = count;
249 return 0;
250 }
251
252 /* restore the value to 32bit */
copy_ctl_value_to_user(void __user * userdata,void __user * valuep,struct snd_ctl_elem_value * data,int type,int count)253 static int copy_ctl_value_to_user(void __user *userdata,
254 void __user *valuep,
255 struct snd_ctl_elem_value *data,
256 int type, int count)
257 {
258 struct snd_ctl_elem_value32 __user *data32 = userdata;
259 int i, size;
260
261 if (type == (__force int)SNDRV_CTL_ELEM_TYPE_BOOLEAN ||
262 type == (__force int)SNDRV_CTL_ELEM_TYPE_INTEGER) {
263 for (i = 0; i < count; i++) {
264 s32 __user *intp = valuep;
265 int val;
266 val = data->value.integer.value[i];
267 if (put_user(val, &intp[i]))
268 return -EFAULT;
269 }
270 } else {
271 size = get_elem_size((__force snd_ctl_elem_type_t)type, count);
272 if (copy_to_user(valuep, data->value.bytes.data, size))
273 return -EFAULT;
274 }
275 if (copy_to_user(&data32->id, &data->id, sizeof(data32->id)))
276 return -EFAULT;
277 return 0;
278 }
279
__ctl_elem_read_user(struct snd_card * card,void __user * userdata,void __user * valuep)280 static int __ctl_elem_read_user(struct snd_card *card,
281 void __user *userdata, void __user *valuep)
282 {
283 struct snd_ctl_elem_value *data __free(kfree) = NULL;
284 int err, type, count;
285
286 data = kzalloc(sizeof(*data), GFP_KERNEL);
287 if (data == NULL)
288 return -ENOMEM;
289
290 err = copy_ctl_value_from_user(card, data, userdata, valuep,
291 &type, &count);
292 if (err < 0)
293 return err;
294
295 err = snd_ctl_elem_read(card, data);
296 if (err < 0)
297 return err;
298 return copy_ctl_value_to_user(userdata, valuep, data, type, count);
299 }
300
ctl_elem_read_user(struct snd_card * card,void __user * userdata,void __user * valuep)301 static int ctl_elem_read_user(struct snd_card *card,
302 void __user *userdata, void __user *valuep)
303 {
304 int err;
305
306 err = snd_power_ref_and_wait(card);
307 if (err < 0)
308 return err;
309 err = __ctl_elem_read_user(card, userdata, valuep);
310 snd_power_unref(card);
311 return err;
312 }
313
__ctl_elem_write_user(struct snd_ctl_file * file,void __user * userdata,void __user * valuep)314 static int __ctl_elem_write_user(struct snd_ctl_file *file,
315 void __user *userdata, void __user *valuep)
316 {
317 struct snd_ctl_elem_value *data __free(kfree) = NULL;
318 struct snd_card *card = file->card;
319 int err, type, count;
320
321 data = kzalloc(sizeof(*data), GFP_KERNEL);
322 if (data == NULL)
323 return -ENOMEM;
324
325 err = copy_ctl_value_from_user(card, data, userdata, valuep,
326 &type, &count);
327 if (err < 0)
328 return err;
329
330 err = snd_ctl_elem_write(card, file, data);
331 if (err < 0)
332 return err;
333 return copy_ctl_value_to_user(userdata, valuep, data, type, count);
334 }
335
ctl_elem_write_user(struct snd_ctl_file * file,void __user * userdata,void __user * valuep)336 static int ctl_elem_write_user(struct snd_ctl_file *file,
337 void __user *userdata, void __user *valuep)
338 {
339 struct snd_card *card = file->card;
340 int err;
341
342 err = snd_power_ref_and_wait(card);
343 if (err < 0)
344 return err;
345 err = __ctl_elem_write_user(file, userdata, valuep);
346 snd_power_unref(card);
347 return err;
348 }
349
snd_ctl_elem_read_user_compat(struct snd_card * card,struct snd_ctl_elem_value32 __user * data32)350 static int snd_ctl_elem_read_user_compat(struct snd_card *card,
351 struct snd_ctl_elem_value32 __user *data32)
352 {
353 return ctl_elem_read_user(card, data32, &data32->value);
354 }
355
snd_ctl_elem_write_user_compat(struct snd_ctl_file * file,struct snd_ctl_elem_value32 __user * data32)356 static int snd_ctl_elem_write_user_compat(struct snd_ctl_file *file,
357 struct snd_ctl_elem_value32 __user *data32)
358 {
359 return ctl_elem_write_user(file, data32, &data32->value);
360 }
361
362 #ifdef CONFIG_X86_X32_ABI
snd_ctl_elem_read_user_x32(struct snd_card * card,struct snd_ctl_elem_value_x32 __user * data32)363 static int snd_ctl_elem_read_user_x32(struct snd_card *card,
364 struct snd_ctl_elem_value_x32 __user *data32)
365 {
366 return ctl_elem_read_user(card, data32, &data32->value);
367 }
368
snd_ctl_elem_write_user_x32(struct snd_ctl_file * file,struct snd_ctl_elem_value_x32 __user * data32)369 static int snd_ctl_elem_write_user_x32(struct snd_ctl_file *file,
370 struct snd_ctl_elem_value_x32 __user *data32)
371 {
372 return ctl_elem_write_user(file, data32, &data32->value);
373 }
374 #endif /* CONFIG_X86_X32_ABI */
375
376 /* add or replace a user control */
snd_ctl_elem_add_compat(struct snd_ctl_file * file,struct snd_ctl_elem_info32 __user * data32,int replace)377 static int snd_ctl_elem_add_compat(struct snd_ctl_file *file,
378 struct snd_ctl_elem_info32 __user *data32,
379 int replace)
380 {
381 struct snd_ctl_elem_info *data __free(kfree) = NULL;
382
383 data = kzalloc(sizeof(*data), GFP_KERNEL);
384 if (! data)
385 return -ENOMEM;
386
387 /* id, type, access, count */ \
388 if (copy_from_user(&data->id, &data32->id, sizeof(data->id)) ||
389 copy_from_user(&data->type, &data32->type, 3 * sizeof(u32)))
390 return -EFAULT;
391 if (get_user(data->owner, &data32->owner))
392 return -EFAULT;
393 switch (data->type) {
394 case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
395 case SNDRV_CTL_ELEM_TYPE_INTEGER:
396 if (get_user(data->value.integer.min, &data32->value.integer.min) ||
397 get_user(data->value.integer.max, &data32->value.integer.max) ||
398 get_user(data->value.integer.step, &data32->value.integer.step))
399 return -EFAULT;
400 break;
401 case SNDRV_CTL_ELEM_TYPE_INTEGER64:
402 if (copy_from_user(&data->value.integer64,
403 &data32->value.integer64,
404 sizeof(data->value.integer64)))
405 return -EFAULT;
406 break;
407 case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
408 if (copy_from_user(&data->value.enumerated,
409 &data32->value.enumerated,
410 sizeof(data->value.enumerated)))
411 return -EFAULT;
412 data->value.enumerated.names_ptr =
413 (uintptr_t)compat_ptr(data->value.enumerated.names_ptr);
414 break;
415 default:
416 break;
417 }
418 return snd_ctl_elem_add(file, data, replace);
419 }
420
421 enum {
422 SNDRV_CTL_IOCTL_ELEM_LIST32 = _IOWR('U', 0x10, struct snd_ctl_elem_list32),
423 SNDRV_CTL_IOCTL_ELEM_INFO32 = _IOWR('U', 0x11, struct snd_ctl_elem_info32),
424 SNDRV_CTL_IOCTL_ELEM_READ32 = _IOWR('U', 0x12, struct snd_ctl_elem_value32),
425 SNDRV_CTL_IOCTL_ELEM_WRITE32 = _IOWR('U', 0x13, struct snd_ctl_elem_value32),
426 SNDRV_CTL_IOCTL_ELEM_ADD32 = _IOWR('U', 0x17, struct snd_ctl_elem_info32),
427 SNDRV_CTL_IOCTL_ELEM_REPLACE32 = _IOWR('U', 0x18, struct snd_ctl_elem_info32),
428 #ifdef CONFIG_X86_X32_ABI
429 SNDRV_CTL_IOCTL_ELEM_READ_X32 = _IOWR('U', 0x12, struct snd_ctl_elem_value_x32),
430 SNDRV_CTL_IOCTL_ELEM_WRITE_X32 = _IOWR('U', 0x13, struct snd_ctl_elem_value_x32),
431 #endif /* CONFIG_X86_X32_ABI */
432 };
433
snd_ctl_ioctl_compat(struct file * file,unsigned int cmd,unsigned long arg)434 static inline long snd_ctl_ioctl_compat(struct file *file, unsigned int cmd, unsigned long arg)
435 {
436 struct snd_ctl_file *ctl;
437 struct snd_kctl_ioctl *p;
438 void __user *argp = compat_ptr(arg);
439 int err;
440
441 ctl = file->private_data;
442 if (snd_BUG_ON(!ctl || !ctl->card))
443 return -ENXIO;
444
445 switch (cmd) {
446 case SNDRV_CTL_IOCTL_PVERSION:
447 case SNDRV_CTL_IOCTL_CARD_INFO:
448 case SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS:
449 case SNDRV_CTL_IOCTL_POWER:
450 case SNDRV_CTL_IOCTL_POWER_STATE:
451 case SNDRV_CTL_IOCTL_ELEM_LOCK:
452 case SNDRV_CTL_IOCTL_ELEM_UNLOCK:
453 case SNDRV_CTL_IOCTL_ELEM_REMOVE:
454 case SNDRV_CTL_IOCTL_TLV_READ:
455 case SNDRV_CTL_IOCTL_TLV_WRITE:
456 case SNDRV_CTL_IOCTL_TLV_COMMAND:
457 return snd_ctl_ioctl(file, cmd, (unsigned long)argp);
458 case SNDRV_CTL_IOCTL_ELEM_LIST32:
459 return snd_ctl_elem_list_compat(ctl->card, argp);
460 case SNDRV_CTL_IOCTL_ELEM_INFO32:
461 return snd_ctl_elem_info_compat(ctl, argp);
462 case SNDRV_CTL_IOCTL_ELEM_READ32:
463 return snd_ctl_elem_read_user_compat(ctl->card, argp);
464 case SNDRV_CTL_IOCTL_ELEM_WRITE32:
465 return snd_ctl_elem_write_user_compat(ctl, argp);
466 case SNDRV_CTL_IOCTL_ELEM_ADD32:
467 return snd_ctl_elem_add_compat(ctl, argp, 0);
468 case SNDRV_CTL_IOCTL_ELEM_REPLACE32:
469 return snd_ctl_elem_add_compat(ctl, argp, 1);
470 #ifdef CONFIG_X86_X32_ABI
471 case SNDRV_CTL_IOCTL_ELEM_READ_X32:
472 return snd_ctl_elem_read_user_x32(ctl->card, argp);
473 case SNDRV_CTL_IOCTL_ELEM_WRITE_X32:
474 return snd_ctl_elem_write_user_x32(ctl, argp);
475 #endif /* CONFIG_X86_X32_ABI */
476 }
477
478 guard(rwsem_read)(&snd_ioctl_rwsem);
479 list_for_each_entry(p, &snd_control_compat_ioctls, list) {
480 if (p->fioctl) {
481 err = p->fioctl(ctl->card, ctl, cmd, arg);
482 if (err != -ENOIOCTLCMD)
483 return err;
484 }
485 }
486 return -ENOIOCTLCMD;
487 }
488