1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * comedi/comedi_fops.c 4 * comedi kernel module 5 * 6 * COMEDI - Linux Control and Measurement Device Interface 7 * Copyright (C) 1997-2007 David A. Schleef <ds@schleef.org> 8 * compat ioctls: 9 * Author: Ian Abbott, MEV Ltd. <abbotti@mev.co.uk> 10 * Copyright (C) 2007 MEV Ltd. <http://www.mev.co.uk/> 11 */ 12 13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 15 #include <linux/module.h> 16 #include <linux/errno.h> 17 #include <linux/kernel.h> 18 #include <linux/sched/signal.h> 19 #include <linux/fcntl.h> 20 #include <linux/delay.h> 21 #include <linux/mm.h> 22 #include <linux/slab.h> 23 #include <linux/poll.h> 24 #include <linux/device.h> 25 #include <linux/fs.h> 26 #include <linux/comedi/comedidev.h> 27 #include <linux/cdev.h> 28 29 #include <linux/io.h> 30 #include <linux/uaccess.h> 31 #include <linux/compat.h> 32 33 #include "comedi_internal.h" 34 35 /* 36 * comedi_subdevice "runflags" 37 * COMEDI_SRF_RT: DEPRECATED: command is running real-time 38 * COMEDI_SRF_ERROR: indicates an COMEDI_CB_ERROR event has occurred 39 * since the last command was started 40 * COMEDI_SRF_RUNNING: command is running 41 * COMEDI_SRF_FREE_SPRIV: free s->private on detach 42 * 43 * COMEDI_SRF_BUSY_MASK: runflags that indicate the subdevice is "busy" 44 */ 45 #define COMEDI_SRF_RT BIT(1) 46 #define COMEDI_SRF_ERROR BIT(2) 47 #define COMEDI_SRF_RUNNING BIT(27) 48 #define COMEDI_SRF_FREE_SPRIV BIT(31) 49 50 #define COMEDI_SRF_BUSY_MASK (COMEDI_SRF_ERROR | COMEDI_SRF_RUNNING) 51 52 /** 53 * struct comedi_file - Per-file private data for COMEDI device 54 * @dev: COMEDI device. 55 * @read_subdev: Current "read" subdevice. 56 * @write_subdev: Current "write" subdevice. 57 * @last_detach_count: Last known detach count. 58 * @last_attached: Last known attached/detached state. 59 */ 60 struct comedi_file { 61 struct comedi_device *dev; 62 struct comedi_subdevice *read_subdev; 63 struct comedi_subdevice *write_subdev; 64 unsigned int last_detach_count; 65 unsigned int last_attached:1; 66 }; 67 68 #define COMEDI_NUM_MINORS 0x100 69 #define COMEDI_NUM_SUBDEVICE_MINORS \ 70 (COMEDI_NUM_MINORS - COMEDI_NUM_BOARD_MINORS) 71 72 static unsigned short comedi_num_legacy_minors; 73 module_param(comedi_num_legacy_minors, ushort, 0444); 74 MODULE_PARM_DESC(comedi_num_legacy_minors, 75 "number of comedi minor devices to reserve for non-auto-configured devices (default 0)" 76 ); 77 78 unsigned int comedi_default_buf_size_kb = CONFIG_COMEDI_DEFAULT_BUF_SIZE_KB; 79 module_param(comedi_default_buf_size_kb, uint, 0644); 80 MODULE_PARM_DESC(comedi_default_buf_size_kb, 81 "default asynchronous buffer size in KiB (default " 82 __MODULE_STRING(CONFIG_COMEDI_DEFAULT_BUF_SIZE_KB) ")"); 83 84 unsigned int comedi_default_buf_maxsize_kb = 85 CONFIG_COMEDI_DEFAULT_BUF_MAXSIZE_KB; 86 module_param(comedi_default_buf_maxsize_kb, uint, 0644); 87 MODULE_PARM_DESC(comedi_default_buf_maxsize_kb, 88 "default maximum size of asynchronous buffer in KiB (default " 89 __MODULE_STRING(CONFIG_COMEDI_DEFAULT_BUF_MAXSIZE_KB) ")"); 90 91 static DEFINE_MUTEX(comedi_board_minor_table_lock); 92 static struct comedi_device 93 *comedi_board_minor_table[COMEDI_NUM_BOARD_MINORS]; 94 95 static DEFINE_MUTEX(comedi_subdevice_minor_table_lock); 96 /* Note: indexed by minor - COMEDI_NUM_BOARD_MINORS. */ 97 static struct comedi_subdevice 98 *comedi_subdevice_minor_table[COMEDI_NUM_SUBDEVICE_MINORS]; 99 100 static struct cdev comedi_cdev; 101 102 static void comedi_device_init(struct comedi_device *dev) 103 { 104 kref_init(&dev->refcount); 105 spin_lock_init(&dev->spinlock); 106 mutex_init(&dev->mutex); 107 init_rwsem(&dev->attach_lock); 108 dev->minor = -1; 109 } 110 111 static void comedi_dev_kref_release(struct kref *kref) 112 { 113 struct comedi_device *dev = 114 container_of(kref, struct comedi_device, refcount); 115 116 mutex_destroy(&dev->mutex); 117 put_device(dev->class_dev); 118 kfree(dev); 119 } 120 121 /** 122 * comedi_dev_put() - Release a use of a COMEDI device 123 * @dev: COMEDI device. 124 * 125 * Must be called when a user of a COMEDI device is finished with it. 126 * When the last user of the COMEDI device calls this function, the 127 * COMEDI device is destroyed. 128 * 129 * Return: 1 if the COMEDI device is destroyed by this call or @dev is 130 * NULL, otherwise return 0. Callers must not assume the COMEDI 131 * device is still valid if this function returns 0. 132 */ 133 int comedi_dev_put(struct comedi_device *dev) 134 { 135 if (dev) 136 return kref_put(&dev->refcount, comedi_dev_kref_release); 137 return 1; 138 } 139 EXPORT_SYMBOL_GPL(comedi_dev_put); 140 141 static struct comedi_device *comedi_dev_get(struct comedi_device *dev) 142 { 143 if (dev) 144 kref_get(&dev->refcount); 145 return dev; 146 } 147 148 static void comedi_device_cleanup(struct comedi_device *dev) 149 { 150 struct module *driver_module = NULL; 151 152 if (!dev) 153 return; 154 mutex_lock(&dev->mutex); 155 if (dev->attached) 156 driver_module = dev->driver->module; 157 comedi_device_detach(dev); 158 if (driver_module && dev->use_count) 159 module_put(driver_module); 160 mutex_unlock(&dev->mutex); 161 } 162 163 static bool comedi_clear_board_dev(struct comedi_device *dev) 164 { 165 unsigned int i = dev->minor; 166 bool cleared = false; 167 168 lockdep_assert_held(&dev->mutex); 169 mutex_lock(&comedi_board_minor_table_lock); 170 if (dev == comedi_board_minor_table[i]) { 171 comedi_board_minor_table[i] = NULL; 172 cleared = true; 173 } 174 mutex_unlock(&comedi_board_minor_table_lock); 175 return cleared; 176 } 177 178 static struct comedi_device *comedi_clear_board_minor(unsigned int minor) 179 { 180 struct comedi_device *dev; 181 182 mutex_lock(&comedi_board_minor_table_lock); 183 dev = comedi_board_minor_table[minor]; 184 comedi_board_minor_table[minor] = NULL; 185 mutex_unlock(&comedi_board_minor_table_lock); 186 return dev; 187 } 188 189 static struct comedi_subdevice * 190 comedi_subdevice_from_minor(const struct comedi_device *dev, unsigned int minor) 191 { 192 struct comedi_subdevice *s; 193 unsigned int i = minor - COMEDI_NUM_BOARD_MINORS; 194 195 mutex_lock(&comedi_subdevice_minor_table_lock); 196 s = comedi_subdevice_minor_table[i]; 197 if (s && s->device != dev) 198 s = NULL; 199 mutex_unlock(&comedi_subdevice_minor_table_lock); 200 return s; 201 } 202 203 static struct comedi_device *comedi_dev_get_from_board_minor(unsigned int minor) 204 { 205 struct comedi_device *dev; 206 207 mutex_lock(&comedi_board_minor_table_lock); 208 dev = comedi_dev_get(comedi_board_minor_table[minor]); 209 mutex_unlock(&comedi_board_minor_table_lock); 210 return dev; 211 } 212 213 static struct comedi_device * 214 comedi_dev_get_from_subdevice_minor(unsigned int minor) 215 { 216 struct comedi_device *dev; 217 struct comedi_subdevice *s; 218 unsigned int i = minor - COMEDI_NUM_BOARD_MINORS; 219 220 mutex_lock(&comedi_subdevice_minor_table_lock); 221 s = comedi_subdevice_minor_table[i]; 222 dev = comedi_dev_get(s ? s->device : NULL); 223 mutex_unlock(&comedi_subdevice_minor_table_lock); 224 return dev; 225 } 226 227 /** 228 * comedi_dev_get_from_minor() - Get COMEDI device by minor device number 229 * @minor: Minor device number. 230 * 231 * Finds the COMEDI device associated with the minor device number, if any, 232 * and increments its reference count. The COMEDI device is prevented from 233 * being freed until a matching call is made to comedi_dev_put(). 234 * 235 * Return: A pointer to the COMEDI device if it exists, with its usage 236 * reference incremented. Return NULL if no COMEDI device exists with the 237 * specified minor device number. 238 */ 239 struct comedi_device *comedi_dev_get_from_minor(unsigned int minor) 240 { 241 if (minor < COMEDI_NUM_BOARD_MINORS) 242 return comedi_dev_get_from_board_minor(minor); 243 244 return comedi_dev_get_from_subdevice_minor(minor); 245 } 246 EXPORT_SYMBOL_GPL(comedi_dev_get_from_minor); 247 248 static struct comedi_subdevice * 249 comedi_read_subdevice(const struct comedi_device *dev, unsigned int minor) 250 { 251 struct comedi_subdevice *s; 252 253 lockdep_assert_held(&dev->mutex); 254 if (minor >= COMEDI_NUM_BOARD_MINORS) { 255 s = comedi_subdevice_from_minor(dev, minor); 256 if (!s || (s->subdev_flags & SDF_CMD_READ)) 257 return s; 258 } 259 return dev->read_subdev; 260 } 261 262 static struct comedi_subdevice * 263 comedi_write_subdevice(const struct comedi_device *dev, unsigned int minor) 264 { 265 struct comedi_subdevice *s; 266 267 lockdep_assert_held(&dev->mutex); 268 if (minor >= COMEDI_NUM_BOARD_MINORS) { 269 s = comedi_subdevice_from_minor(dev, minor); 270 if (!s || (s->subdev_flags & SDF_CMD_WRITE)) 271 return s; 272 } 273 return dev->write_subdev; 274 } 275 276 static void comedi_file_reset(struct file *file) 277 { 278 struct comedi_file *cfp = file->private_data; 279 struct comedi_device *dev = cfp->dev; 280 struct comedi_subdevice *s, *read_s, *write_s; 281 unsigned int minor = iminor(file_inode(file)); 282 283 read_s = dev->read_subdev; 284 write_s = dev->write_subdev; 285 if (minor >= COMEDI_NUM_BOARD_MINORS) { 286 s = comedi_subdevice_from_minor(dev, minor); 287 if (!s || s->subdev_flags & SDF_CMD_READ) 288 read_s = s; 289 if (!s || s->subdev_flags & SDF_CMD_WRITE) 290 write_s = s; 291 } 292 cfp->last_attached = dev->attached; 293 cfp->last_detach_count = dev->detach_count; 294 WRITE_ONCE(cfp->read_subdev, read_s); 295 WRITE_ONCE(cfp->write_subdev, write_s); 296 } 297 298 static void comedi_file_check(struct file *file) 299 { 300 struct comedi_file *cfp = file->private_data; 301 struct comedi_device *dev = cfp->dev; 302 303 if (cfp->last_attached != dev->attached || 304 cfp->last_detach_count != dev->detach_count) 305 comedi_file_reset(file); 306 } 307 308 static struct comedi_subdevice *comedi_file_read_subdevice(struct file *file) 309 { 310 struct comedi_file *cfp = file->private_data; 311 312 comedi_file_check(file); 313 return READ_ONCE(cfp->read_subdev); 314 } 315 316 static struct comedi_subdevice *comedi_file_write_subdevice(struct file *file) 317 { 318 struct comedi_file *cfp = file->private_data; 319 320 comedi_file_check(file); 321 return READ_ONCE(cfp->write_subdev); 322 } 323 324 static int resize_async_buffer(struct comedi_device *dev, 325 struct comedi_subdevice *s, 326 unsigned int new_size) 327 { 328 struct comedi_async *async = s->async; 329 int retval; 330 331 lockdep_assert_held(&dev->mutex); 332 333 if (new_size > async->max_bufsize) 334 return -EPERM; 335 336 if (s->busy) { 337 dev_dbg(dev->class_dev, 338 "subdevice is busy, cannot resize buffer\n"); 339 return -EBUSY; 340 } 341 if (comedi_buf_is_mmapped(s)) { 342 dev_dbg(dev->class_dev, 343 "subdevice is mmapped, cannot resize buffer\n"); 344 return -EBUSY; 345 } 346 347 /* make sure buffer is an integral number of pages (we round up) */ 348 new_size = (new_size + PAGE_SIZE - 1) & PAGE_MASK; 349 350 retval = comedi_buf_alloc(dev, s, new_size); 351 if (retval < 0) 352 return retval; 353 354 if (s->buf_change) { 355 retval = s->buf_change(dev, s); 356 if (retval < 0) 357 return retval; 358 } 359 360 dev_dbg(dev->class_dev, "subd %d buffer resized to %i bytes\n", 361 s->index, async->prealloc_bufsz); 362 return 0; 363 } 364 365 /* sysfs attribute files */ 366 367 static ssize_t max_read_buffer_kb_show(struct device *csdev, 368 struct device_attribute *attr, char *buf) 369 { 370 unsigned int minor = MINOR(csdev->devt); 371 struct comedi_device *dev; 372 struct comedi_subdevice *s; 373 unsigned int size = 0; 374 375 dev = comedi_dev_get_from_minor(minor); 376 if (!dev) 377 return -ENODEV; 378 379 mutex_lock(&dev->mutex); 380 s = comedi_read_subdevice(dev, minor); 381 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async) 382 size = s->async->max_bufsize / 1024; 383 mutex_unlock(&dev->mutex); 384 385 comedi_dev_put(dev); 386 return sysfs_emit(buf, "%u\n", size); 387 } 388 389 static ssize_t max_read_buffer_kb_store(struct device *csdev, 390 struct device_attribute *attr, 391 const char *buf, size_t count) 392 { 393 unsigned int minor = MINOR(csdev->devt); 394 struct comedi_device *dev; 395 struct comedi_subdevice *s; 396 unsigned int size; 397 int err; 398 399 err = kstrtouint(buf, 10, &size); 400 if (err) 401 return err; 402 if (size > (UINT_MAX / 1024)) 403 return -EINVAL; 404 size *= 1024; 405 406 dev = comedi_dev_get_from_minor(minor); 407 if (!dev) 408 return -ENODEV; 409 410 mutex_lock(&dev->mutex); 411 s = comedi_read_subdevice(dev, minor); 412 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async) 413 s->async->max_bufsize = size; 414 else 415 err = -EINVAL; 416 mutex_unlock(&dev->mutex); 417 418 comedi_dev_put(dev); 419 return err ? err : count; 420 } 421 static DEVICE_ATTR_RW(max_read_buffer_kb); 422 423 static ssize_t read_buffer_kb_show(struct device *csdev, 424 struct device_attribute *attr, char *buf) 425 { 426 unsigned int minor = MINOR(csdev->devt); 427 struct comedi_device *dev; 428 struct comedi_subdevice *s; 429 unsigned int size = 0; 430 431 dev = comedi_dev_get_from_minor(minor); 432 if (!dev) 433 return -ENODEV; 434 435 mutex_lock(&dev->mutex); 436 s = comedi_read_subdevice(dev, minor); 437 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async) 438 size = s->async->prealloc_bufsz / 1024; 439 mutex_unlock(&dev->mutex); 440 441 comedi_dev_put(dev); 442 return sysfs_emit(buf, "%u\n", size); 443 } 444 445 static ssize_t read_buffer_kb_store(struct device *csdev, 446 struct device_attribute *attr, 447 const char *buf, size_t count) 448 { 449 unsigned int minor = MINOR(csdev->devt); 450 struct comedi_device *dev; 451 struct comedi_subdevice *s; 452 unsigned int size; 453 int err; 454 455 err = kstrtouint(buf, 10, &size); 456 if (err) 457 return err; 458 if (size > (UINT_MAX / 1024)) 459 return -EINVAL; 460 size *= 1024; 461 462 dev = comedi_dev_get_from_minor(minor); 463 if (!dev) 464 return -ENODEV; 465 466 mutex_lock(&dev->mutex); 467 s = comedi_read_subdevice(dev, minor); 468 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async) 469 err = resize_async_buffer(dev, s, size); 470 else 471 err = -EINVAL; 472 mutex_unlock(&dev->mutex); 473 474 comedi_dev_put(dev); 475 return err ? err : count; 476 } 477 static DEVICE_ATTR_RW(read_buffer_kb); 478 479 static ssize_t max_write_buffer_kb_show(struct device *csdev, 480 struct device_attribute *attr, 481 char *buf) 482 { 483 unsigned int minor = MINOR(csdev->devt); 484 struct comedi_device *dev; 485 struct comedi_subdevice *s; 486 unsigned int size = 0; 487 488 dev = comedi_dev_get_from_minor(minor); 489 if (!dev) 490 return -ENODEV; 491 492 mutex_lock(&dev->mutex); 493 s = comedi_write_subdevice(dev, minor); 494 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async) 495 size = s->async->max_bufsize / 1024; 496 mutex_unlock(&dev->mutex); 497 498 comedi_dev_put(dev); 499 return sysfs_emit(buf, "%u\n", size); 500 } 501 502 static ssize_t max_write_buffer_kb_store(struct device *csdev, 503 struct device_attribute *attr, 504 const char *buf, size_t count) 505 { 506 unsigned int minor = MINOR(csdev->devt); 507 struct comedi_device *dev; 508 struct comedi_subdevice *s; 509 unsigned int size; 510 int err; 511 512 err = kstrtouint(buf, 10, &size); 513 if (err) 514 return err; 515 if (size > (UINT_MAX / 1024)) 516 return -EINVAL; 517 size *= 1024; 518 519 dev = comedi_dev_get_from_minor(minor); 520 if (!dev) 521 return -ENODEV; 522 523 mutex_lock(&dev->mutex); 524 s = comedi_write_subdevice(dev, minor); 525 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async) 526 s->async->max_bufsize = size; 527 else 528 err = -EINVAL; 529 mutex_unlock(&dev->mutex); 530 531 comedi_dev_put(dev); 532 return err ? err : count; 533 } 534 static DEVICE_ATTR_RW(max_write_buffer_kb); 535 536 static ssize_t write_buffer_kb_show(struct device *csdev, 537 struct device_attribute *attr, char *buf) 538 { 539 unsigned int minor = MINOR(csdev->devt); 540 struct comedi_device *dev; 541 struct comedi_subdevice *s; 542 unsigned int size = 0; 543 544 dev = comedi_dev_get_from_minor(minor); 545 if (!dev) 546 return -ENODEV; 547 548 mutex_lock(&dev->mutex); 549 s = comedi_write_subdevice(dev, minor); 550 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async) 551 size = s->async->prealloc_bufsz / 1024; 552 mutex_unlock(&dev->mutex); 553 554 comedi_dev_put(dev); 555 return sysfs_emit(buf, "%u\n", size); 556 } 557 558 static ssize_t write_buffer_kb_store(struct device *csdev, 559 struct device_attribute *attr, 560 const char *buf, size_t count) 561 { 562 unsigned int minor = MINOR(csdev->devt); 563 struct comedi_device *dev; 564 struct comedi_subdevice *s; 565 unsigned int size; 566 int err; 567 568 err = kstrtouint(buf, 10, &size); 569 if (err) 570 return err; 571 if (size > (UINT_MAX / 1024)) 572 return -EINVAL; 573 size *= 1024; 574 575 dev = comedi_dev_get_from_minor(minor); 576 if (!dev) 577 return -ENODEV; 578 579 mutex_lock(&dev->mutex); 580 s = comedi_write_subdevice(dev, minor); 581 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async) 582 err = resize_async_buffer(dev, s, size); 583 else 584 err = -EINVAL; 585 mutex_unlock(&dev->mutex); 586 587 comedi_dev_put(dev); 588 return err ? err : count; 589 } 590 static DEVICE_ATTR_RW(write_buffer_kb); 591 592 static struct attribute *comedi_dev_attrs[] = { 593 &dev_attr_max_read_buffer_kb.attr, 594 &dev_attr_read_buffer_kb.attr, 595 &dev_attr_max_write_buffer_kb.attr, 596 &dev_attr_write_buffer_kb.attr, 597 NULL, 598 }; 599 ATTRIBUTE_GROUPS(comedi_dev); 600 601 static const struct class comedi_class = { 602 .name = "comedi", 603 .dev_groups = comedi_dev_groups, 604 }; 605 606 static void comedi_free_board_dev(struct comedi_device *dev) 607 { 608 if (dev) { 609 comedi_device_cleanup(dev); 610 if (dev->class_dev) { 611 device_destroy(&comedi_class, 612 MKDEV(COMEDI_MAJOR, dev->minor)); 613 } 614 comedi_dev_put(dev); 615 } 616 } 617 618 static void __comedi_clear_subdevice_runflags(struct comedi_subdevice *s, 619 unsigned int bits) 620 { 621 s->runflags &= ~bits; 622 } 623 624 static void __comedi_set_subdevice_runflags(struct comedi_subdevice *s, 625 unsigned int bits) 626 { 627 s->runflags |= bits; 628 } 629 630 static void comedi_update_subdevice_runflags(struct comedi_subdevice *s, 631 unsigned int mask, 632 unsigned int bits) 633 { 634 unsigned long flags; 635 636 spin_lock_irqsave(&s->spin_lock, flags); 637 __comedi_clear_subdevice_runflags(s, mask); 638 __comedi_set_subdevice_runflags(s, bits & mask); 639 spin_unlock_irqrestore(&s->spin_lock, flags); 640 } 641 642 static unsigned int __comedi_get_subdevice_runflags(struct comedi_subdevice *s) 643 { 644 return s->runflags; 645 } 646 647 static unsigned int comedi_get_subdevice_runflags(struct comedi_subdevice *s) 648 { 649 unsigned long flags; 650 unsigned int runflags; 651 652 spin_lock_irqsave(&s->spin_lock, flags); 653 runflags = __comedi_get_subdevice_runflags(s); 654 spin_unlock_irqrestore(&s->spin_lock, flags); 655 return runflags; 656 } 657 658 static bool comedi_is_runflags_running(unsigned int runflags) 659 { 660 return runflags & COMEDI_SRF_RUNNING; 661 } 662 663 static bool comedi_is_runflags_in_error(unsigned int runflags) 664 { 665 return runflags & COMEDI_SRF_ERROR; 666 } 667 668 /** 669 * comedi_is_subdevice_running() - Check if async command running on subdevice 670 * @s: COMEDI subdevice. 671 * 672 * Return: %true if an asynchronous COMEDI command is active on the 673 * subdevice, else %false. 674 */ 675 bool comedi_is_subdevice_running(struct comedi_subdevice *s) 676 { 677 unsigned int runflags = comedi_get_subdevice_runflags(s); 678 679 return comedi_is_runflags_running(runflags); 680 } 681 EXPORT_SYMBOL_GPL(comedi_is_subdevice_running); 682 683 static bool __comedi_is_subdevice_running(struct comedi_subdevice *s) 684 { 685 unsigned int runflags = __comedi_get_subdevice_runflags(s); 686 687 return comedi_is_runflags_running(runflags); 688 } 689 690 bool comedi_can_auto_free_spriv(struct comedi_subdevice *s) 691 { 692 unsigned int runflags = __comedi_get_subdevice_runflags(s); 693 694 return runflags & COMEDI_SRF_FREE_SPRIV; 695 } 696 697 /** 698 * comedi_set_spriv_auto_free() - Mark subdevice private data as freeable 699 * @s: COMEDI subdevice. 700 * 701 * Mark the subdevice as having a pointer to private data that can be 702 * automatically freed when the COMEDI device is detached from the low-level 703 * driver. 704 */ 705 void comedi_set_spriv_auto_free(struct comedi_subdevice *s) 706 { 707 __comedi_set_subdevice_runflags(s, COMEDI_SRF_FREE_SPRIV); 708 } 709 EXPORT_SYMBOL_GPL(comedi_set_spriv_auto_free); 710 711 /** 712 * comedi_alloc_spriv - Allocate memory for the subdevice private data 713 * @s: COMEDI subdevice. 714 * @size: Size of the memory to allocate. 715 * 716 * Allocate memory for the subdevice private data and point @s->private 717 * to it. The memory will be freed automatically when the COMEDI device 718 * is detached from the low-level driver. 719 * 720 * Return: A pointer to the allocated memory @s->private on success. 721 * Return NULL on failure. 722 */ 723 void *comedi_alloc_spriv(struct comedi_subdevice *s, size_t size) 724 { 725 s->private = kzalloc(size, GFP_KERNEL); 726 if (s->private) 727 comedi_set_spriv_auto_free(s); 728 return s->private; 729 } 730 EXPORT_SYMBOL_GPL(comedi_alloc_spriv); 731 732 /* 733 * This function restores a subdevice to an idle state. 734 */ 735 static void do_become_nonbusy(struct comedi_device *dev, 736 struct comedi_subdevice *s) 737 { 738 struct comedi_async *async = s->async; 739 740 lockdep_assert_held(&dev->mutex); 741 comedi_update_subdevice_runflags(s, COMEDI_SRF_RUNNING, 0); 742 if (async) { 743 comedi_buf_reset(s); 744 async->inttrig = NULL; 745 kfree(async->cmd.chanlist); 746 async->cmd.chanlist = NULL; 747 s->busy = NULL; 748 wake_up_interruptible_all(&async->wait_head); 749 } else { 750 dev_err(dev->class_dev, 751 "BUG: (?) %s called with async=NULL\n", __func__); 752 s->busy = NULL; 753 } 754 } 755 756 static int do_cancel(struct comedi_device *dev, struct comedi_subdevice *s) 757 { 758 int ret = 0; 759 760 lockdep_assert_held(&dev->mutex); 761 if (comedi_is_subdevice_running(s) && s->cancel) 762 ret = s->cancel(dev, s); 763 764 do_become_nonbusy(dev, s); 765 766 return ret; 767 } 768 769 void comedi_device_cancel_all(struct comedi_device *dev) 770 { 771 struct comedi_subdevice *s; 772 int i; 773 774 lockdep_assert_held(&dev->mutex); 775 if (!dev->attached) 776 return; 777 778 for (i = 0; i < dev->n_subdevices; i++) { 779 s = &dev->subdevices[i]; 780 if (s->async) 781 do_cancel(dev, s); 782 } 783 } 784 785 static int is_device_busy(struct comedi_device *dev) 786 { 787 struct comedi_subdevice *s; 788 int i; 789 790 lockdep_assert_held_write(&dev->attach_lock); 791 lockdep_assert_held(&dev->mutex); 792 if (!dev->attached) 793 return 0; 794 795 for (i = 0; i < dev->n_subdevices; i++) { 796 s = &dev->subdevices[i]; 797 if (s->busy) 798 return 1; 799 if (!s->async) 800 continue; 801 if (comedi_buf_is_mmapped(s)) 802 return 1; 803 /* 804 * There may be tasks still waiting on the subdevice's wait 805 * queue, although they should already be about to be removed 806 * from it since the subdevice has no active async command. 807 */ 808 if (wq_has_sleeper(&s->async->wait_head)) 809 return 1; 810 } 811 812 return 0; 813 } 814 815 /* 816 * COMEDI_DEVCONFIG ioctl 817 * attaches (and configures) or detaches a legacy device 818 * 819 * arg: 820 * pointer to comedi_devconfig structure (NULL if detaching) 821 * 822 * reads: 823 * comedi_devconfig structure (if attaching) 824 * 825 * writes: 826 * nothing 827 */ 828 static int do_devconfig_ioctl(struct comedi_device *dev, 829 struct comedi_devconfig __user *arg) 830 { 831 struct comedi_devconfig it; 832 833 lockdep_assert_held(&dev->mutex); 834 if (!capable(CAP_SYS_ADMIN)) 835 return -EPERM; 836 837 if (!arg) { 838 int rc = 0; 839 840 if (dev->attached) { 841 down_write(&dev->attach_lock); 842 if (is_device_busy(dev)) { 843 rc = -EBUSY; 844 } else { 845 struct module *driver_module = 846 dev->driver->module; 847 848 comedi_device_detach_locked(dev); 849 module_put(driver_module); 850 } 851 up_write(&dev->attach_lock); 852 } 853 return rc; 854 } 855 856 if (copy_from_user(&it, arg, sizeof(it))) 857 return -EFAULT; 858 859 it.board_name[COMEDI_NAMELEN - 1] = 0; 860 861 if (it.options[COMEDI_DEVCONF_AUX_DATA_LENGTH]) { 862 dev_warn(dev->class_dev, 863 "comedi_config --init_data is deprecated\n"); 864 return -EINVAL; 865 } 866 867 if (dev->minor >= comedi_num_legacy_minors) 868 /* don't re-use dynamically allocated comedi devices */ 869 return -EBUSY; 870 871 /* This increments the driver module count on success. */ 872 return comedi_device_attach(dev, &it); 873 } 874 875 /* 876 * COMEDI_BUFCONFIG ioctl 877 * buffer configuration 878 * 879 * arg: 880 * pointer to comedi_bufconfig structure 881 * 882 * reads: 883 * comedi_bufconfig structure 884 * 885 * writes: 886 * modified comedi_bufconfig structure 887 */ 888 static int do_bufconfig_ioctl(struct comedi_device *dev, 889 struct comedi_bufconfig __user *arg) 890 { 891 struct comedi_bufconfig bc; 892 struct comedi_async *async; 893 struct comedi_subdevice *s; 894 int retval = 0; 895 896 lockdep_assert_held(&dev->mutex); 897 if (copy_from_user(&bc, arg, sizeof(bc))) 898 return -EFAULT; 899 900 if (bc.subdevice >= dev->n_subdevices) 901 return -EINVAL; 902 903 s = &dev->subdevices[bc.subdevice]; 904 async = s->async; 905 906 if (!async) { 907 dev_dbg(dev->class_dev, 908 "subdevice does not have async capability\n"); 909 bc.size = 0; 910 bc.maximum_size = 0; 911 goto copyback; 912 } 913 914 if (bc.maximum_size) { 915 if (!capable(CAP_SYS_ADMIN)) 916 return -EPERM; 917 918 async->max_bufsize = bc.maximum_size; 919 } 920 921 if (bc.size) { 922 retval = resize_async_buffer(dev, s, bc.size); 923 if (retval < 0) 924 return retval; 925 } 926 927 bc.size = async->prealloc_bufsz; 928 bc.maximum_size = async->max_bufsize; 929 930 copyback: 931 if (copy_to_user(arg, &bc, sizeof(bc))) 932 return -EFAULT; 933 934 return 0; 935 } 936 937 /* 938 * COMEDI_DEVINFO ioctl 939 * device info 940 * 941 * arg: 942 * pointer to comedi_devinfo structure 943 * 944 * reads: 945 * nothing 946 * 947 * writes: 948 * comedi_devinfo structure 949 */ 950 static int do_devinfo_ioctl(struct comedi_device *dev, 951 struct comedi_devinfo __user *arg, 952 struct file *file) 953 { 954 struct comedi_subdevice *s; 955 struct comedi_devinfo devinfo; 956 957 lockdep_assert_held(&dev->mutex); 958 memset(&devinfo, 0, sizeof(devinfo)); 959 960 /* fill devinfo structure */ 961 devinfo.version_code = COMEDI_VERSION_CODE; 962 devinfo.n_subdevs = dev->n_subdevices; 963 strscpy(devinfo.driver_name, dev->driver->driver_name, COMEDI_NAMELEN); 964 strscpy(devinfo.board_name, dev->board_name, COMEDI_NAMELEN); 965 966 s = comedi_file_read_subdevice(file); 967 if (s) 968 devinfo.read_subdevice = s->index; 969 else 970 devinfo.read_subdevice = -1; 971 972 s = comedi_file_write_subdevice(file); 973 if (s) 974 devinfo.write_subdevice = s->index; 975 else 976 devinfo.write_subdevice = -1; 977 978 if (copy_to_user(arg, &devinfo, sizeof(devinfo))) 979 return -EFAULT; 980 981 return 0; 982 } 983 984 /* 985 * COMEDI_SUBDINFO ioctl 986 * subdevices info 987 * 988 * arg: 989 * pointer to array of comedi_subdinfo structures 990 * 991 * reads: 992 * nothing 993 * 994 * writes: 995 * array of comedi_subdinfo structures 996 */ 997 static int do_subdinfo_ioctl(struct comedi_device *dev, 998 struct comedi_subdinfo __user *arg, void *file) 999 { 1000 int ret, i; 1001 struct comedi_subdinfo *tmp, *us; 1002 struct comedi_subdevice *s; 1003 1004 lockdep_assert_held(&dev->mutex); 1005 tmp = kcalloc(dev->n_subdevices, sizeof(*tmp), GFP_KERNEL); 1006 if (!tmp) 1007 return -ENOMEM; 1008 1009 /* fill subdinfo structs */ 1010 for (i = 0; i < dev->n_subdevices; i++) { 1011 s = &dev->subdevices[i]; 1012 us = tmp + i; 1013 1014 us->type = s->type; 1015 us->n_chan = s->n_chan; 1016 us->subd_flags = s->subdev_flags; 1017 if (comedi_is_subdevice_running(s)) 1018 us->subd_flags |= SDF_RUNNING; 1019 #define TIMER_nanosec 5 /* backwards compatibility */ 1020 us->timer_type = TIMER_nanosec; 1021 us->len_chanlist = s->len_chanlist; 1022 us->maxdata = s->maxdata; 1023 if (s->range_table) { 1024 us->range_type = 1025 (i << 24) | (0 << 16) | (s->range_table->length); 1026 } else { 1027 us->range_type = 0; /* XXX */ 1028 } 1029 1030 if (s->busy) 1031 us->subd_flags |= SDF_BUSY; 1032 if (s->busy == file) 1033 us->subd_flags |= SDF_BUSY_OWNER; 1034 if (s->lock) 1035 us->subd_flags |= SDF_LOCKED; 1036 if (s->lock == file) 1037 us->subd_flags |= SDF_LOCK_OWNER; 1038 if (!s->maxdata && s->maxdata_list) 1039 us->subd_flags |= SDF_MAXDATA; 1040 if (s->range_table_list) 1041 us->subd_flags |= SDF_RANGETYPE; 1042 if (s->do_cmd) 1043 us->subd_flags |= SDF_CMD; 1044 1045 if (s->insn_bits != &insn_inval) 1046 us->insn_bits_support = COMEDI_SUPPORTED; 1047 else 1048 us->insn_bits_support = COMEDI_UNSUPPORTED; 1049 } 1050 1051 ret = copy_to_user(arg, tmp, dev->n_subdevices * sizeof(*tmp)); 1052 1053 kfree(tmp); 1054 1055 return ret ? -EFAULT : 0; 1056 } 1057 1058 /* 1059 * COMEDI_CHANINFO ioctl 1060 * subdevice channel info 1061 * 1062 * arg: 1063 * pointer to comedi_chaninfo structure 1064 * 1065 * reads: 1066 * comedi_chaninfo structure 1067 * 1068 * writes: 1069 * array of maxdata values to chaninfo->maxdata_list if requested 1070 * array of range table lengths to chaninfo->range_table_list if requested 1071 */ 1072 static int do_chaninfo_ioctl(struct comedi_device *dev, 1073 struct comedi_chaninfo *it) 1074 { 1075 struct comedi_subdevice *s; 1076 1077 lockdep_assert_held(&dev->mutex); 1078 1079 if (it->subdev >= dev->n_subdevices) 1080 return -EINVAL; 1081 s = &dev->subdevices[it->subdev]; 1082 1083 if (it->maxdata_list) { 1084 if (s->maxdata || !s->maxdata_list) 1085 return -EINVAL; 1086 if (copy_to_user(it->maxdata_list, s->maxdata_list, 1087 s->n_chan * sizeof(unsigned int))) 1088 return -EFAULT; 1089 } 1090 1091 if (it->flaglist) 1092 return -EINVAL; /* flaglist not supported */ 1093 1094 if (it->rangelist) { 1095 int i; 1096 1097 if (!s->range_table_list) 1098 return -EINVAL; 1099 for (i = 0; i < s->n_chan; i++) { 1100 int x; 1101 1102 x = (dev->minor << 28) | (it->subdev << 24) | (i << 16) | 1103 (s->range_table_list[i]->length); 1104 if (put_user(x, it->rangelist + i)) 1105 return -EFAULT; 1106 } 1107 } 1108 1109 return 0; 1110 } 1111 1112 /* 1113 * COMEDI_BUFINFO ioctl 1114 * buffer information 1115 * 1116 * arg: 1117 * pointer to comedi_bufinfo structure 1118 * 1119 * reads: 1120 * comedi_bufinfo structure 1121 * 1122 * writes: 1123 * modified comedi_bufinfo structure 1124 */ 1125 static int do_bufinfo_ioctl(struct comedi_device *dev, 1126 struct comedi_bufinfo __user *arg, void *file) 1127 { 1128 struct comedi_bufinfo bi; 1129 struct comedi_subdevice *s; 1130 struct comedi_async *async; 1131 unsigned int runflags; 1132 int retval = 0; 1133 bool become_nonbusy = false; 1134 1135 lockdep_assert_held(&dev->mutex); 1136 if (copy_from_user(&bi, arg, sizeof(bi))) 1137 return -EFAULT; 1138 1139 if (bi.subdevice >= dev->n_subdevices) 1140 return -EINVAL; 1141 1142 s = &dev->subdevices[bi.subdevice]; 1143 1144 async = s->async; 1145 1146 if (!async || s->busy != file) 1147 return -EINVAL; 1148 1149 runflags = comedi_get_subdevice_runflags(s); 1150 if (!(async->cmd.flags & CMDF_WRITE)) { 1151 /* command was set up in "read" direction */ 1152 if (bi.bytes_read) { 1153 comedi_buf_read_alloc(s, bi.bytes_read); 1154 bi.bytes_read = comedi_buf_read_free(s, bi.bytes_read); 1155 } 1156 /* 1157 * If nothing left to read, and command has stopped, and 1158 * {"read" position not updated or command stopped normally}, 1159 * then become non-busy. 1160 */ 1161 if (comedi_buf_read_n_available(s) == 0 && 1162 !comedi_is_runflags_running(runflags) && 1163 (bi.bytes_read == 0 || 1164 !comedi_is_runflags_in_error(runflags))) { 1165 become_nonbusy = true; 1166 if (comedi_is_runflags_in_error(runflags)) 1167 retval = -EPIPE; 1168 } 1169 bi.bytes_written = 0; 1170 } else { 1171 /* command was set up in "write" direction */ 1172 if (!comedi_is_runflags_running(runflags)) { 1173 bi.bytes_written = 0; 1174 become_nonbusy = true; 1175 if (comedi_is_runflags_in_error(runflags)) 1176 retval = -EPIPE; 1177 } else if (bi.bytes_written) { 1178 comedi_buf_write_alloc(s, bi.bytes_written); 1179 bi.bytes_written = 1180 comedi_buf_write_free(s, bi.bytes_written); 1181 } 1182 bi.bytes_read = 0; 1183 } 1184 1185 bi.buf_write_count = async->buf_write_count; 1186 bi.buf_write_ptr = async->buf_write_ptr; 1187 bi.buf_read_count = async->buf_read_count; 1188 bi.buf_read_ptr = async->buf_read_ptr; 1189 1190 if (become_nonbusy) 1191 do_become_nonbusy(dev, s); 1192 1193 if (retval) 1194 return retval; 1195 1196 if (copy_to_user(arg, &bi, sizeof(bi))) 1197 return -EFAULT; 1198 1199 return 0; 1200 } 1201 1202 static int check_insn_config_length(struct comedi_insn *insn, 1203 unsigned int *data) 1204 { 1205 if (insn->n < 1) 1206 return -EINVAL; 1207 1208 switch (data[0]) { 1209 case INSN_CONFIG_DIO_OUTPUT: 1210 case INSN_CONFIG_DIO_INPUT: 1211 case INSN_CONFIG_DISARM: 1212 case INSN_CONFIG_RESET: 1213 if (insn->n == 1) 1214 return 0; 1215 break; 1216 case INSN_CONFIG_ARM: 1217 case INSN_CONFIG_DIO_QUERY: 1218 case INSN_CONFIG_BLOCK_SIZE: 1219 case INSN_CONFIG_FILTER: 1220 case INSN_CONFIG_SERIAL_CLOCK: 1221 case INSN_CONFIG_BIDIRECTIONAL_DATA: 1222 case INSN_CONFIG_ALT_SOURCE: 1223 case INSN_CONFIG_SET_COUNTER_MODE: 1224 case INSN_CONFIG_8254_READ_STATUS: 1225 case INSN_CONFIG_SET_ROUTING: 1226 case INSN_CONFIG_GET_ROUTING: 1227 case INSN_CONFIG_GET_PWM_STATUS: 1228 case INSN_CONFIG_PWM_SET_PERIOD: 1229 case INSN_CONFIG_PWM_GET_PERIOD: 1230 if (insn->n == 2) 1231 return 0; 1232 break; 1233 case INSN_CONFIG_SET_GATE_SRC: 1234 case INSN_CONFIG_GET_GATE_SRC: 1235 case INSN_CONFIG_SET_CLOCK_SRC: 1236 case INSN_CONFIG_GET_CLOCK_SRC: 1237 case INSN_CONFIG_SET_OTHER_SRC: 1238 case INSN_CONFIG_GET_COUNTER_STATUS: 1239 case INSN_CONFIG_GET_PWM_OUTPUT: 1240 case INSN_CONFIG_PWM_SET_H_BRIDGE: 1241 case INSN_CONFIG_PWM_GET_H_BRIDGE: 1242 case INSN_CONFIG_GET_HARDWARE_BUFFER_SIZE: 1243 if (insn->n == 3) 1244 return 0; 1245 break; 1246 case INSN_CONFIG_PWM_OUTPUT: 1247 case INSN_CONFIG_ANALOG_TRIG: 1248 case INSN_CONFIG_TIMER_1: 1249 if (insn->n == 5) 1250 return 0; 1251 break; 1252 case INSN_CONFIG_DIGITAL_TRIG: 1253 if (insn->n == 6) 1254 return 0; 1255 break; 1256 case INSN_CONFIG_GET_CMD_TIMING_CONSTRAINTS: 1257 if (insn->n >= 4) 1258 return 0; 1259 break; 1260 /* 1261 * by default we allow the insn since we don't have checks for 1262 * all possible cases yet 1263 */ 1264 default: 1265 pr_warn("No check for data length of config insn id %i is implemented\n", 1266 data[0]); 1267 pr_warn("Add a check to %s in %s\n", __func__, __FILE__); 1268 pr_warn("Assuming n=%i is correct\n", insn->n); 1269 return 0; 1270 } 1271 return -EINVAL; 1272 } 1273 1274 static int check_insn_device_config_length(struct comedi_insn *insn, 1275 unsigned int *data) 1276 { 1277 if (insn->n < 1) 1278 return -EINVAL; 1279 1280 switch (data[0]) { 1281 case INSN_DEVICE_CONFIG_TEST_ROUTE: 1282 case INSN_DEVICE_CONFIG_CONNECT_ROUTE: 1283 case INSN_DEVICE_CONFIG_DISCONNECT_ROUTE: 1284 if (insn->n == 3) 1285 return 0; 1286 break; 1287 case INSN_DEVICE_CONFIG_GET_ROUTES: 1288 /* 1289 * Big enough for config_id and the length of the userland 1290 * memory buffer. Additional length should be in factors of 2 1291 * to communicate any returned route pairs (source,destination). 1292 */ 1293 if (insn->n >= 2) 1294 return 0; 1295 break; 1296 } 1297 return -EINVAL; 1298 } 1299 1300 /** 1301 * get_valid_routes() - Calls low-level driver get_valid_routes function to 1302 * either return a count of valid routes to user, or copy 1303 * of list of all valid device routes to buffer in 1304 * userspace. 1305 * @dev: comedi device pointer 1306 * @data: data from user insn call. The length of the data must be >= 2. 1307 * data[0] must contain the INSN_DEVICE_CONFIG config_id. 1308 * data[1](input) contains the number of _pairs_ for which memory is 1309 * allotted from the user. If the user specifies '0', then only 1310 * the number of pairs available is returned. 1311 * data[1](output) returns either the number of pairs available (if none 1312 * where requested) or the number of _pairs_ that are copied back 1313 * to the user. 1314 * data[2::2] returns each (source, destination) pair. 1315 * 1316 * Return: -EINVAL if low-level driver does not allocate and return routes as 1317 * expected. Returns 0 otherwise. 1318 */ 1319 static int get_valid_routes(struct comedi_device *dev, unsigned int *data) 1320 { 1321 lockdep_assert_held(&dev->mutex); 1322 data[1] = dev->get_valid_routes(dev, data[1], data + 2); 1323 return 0; 1324 } 1325 1326 static int parse_insn(struct comedi_device *dev, struct comedi_insn *insn, 1327 unsigned int *data, void *file) 1328 { 1329 struct comedi_subdevice *s; 1330 int ret = 0; 1331 int i; 1332 1333 lockdep_assert_held(&dev->mutex); 1334 if (insn->insn & INSN_MASK_SPECIAL) { 1335 /* a non-subdevice instruction */ 1336 1337 switch (insn->insn) { 1338 case INSN_GTOD: 1339 { 1340 struct timespec64 tv; 1341 1342 if (insn->n != 2) { 1343 ret = -EINVAL; 1344 break; 1345 } 1346 1347 ktime_get_real_ts64(&tv); 1348 /* unsigned data safe until 2106 */ 1349 data[0] = (unsigned int)tv.tv_sec; 1350 data[1] = tv.tv_nsec / NSEC_PER_USEC; 1351 ret = 2; 1352 1353 break; 1354 } 1355 case INSN_WAIT: 1356 if (insn->n != 1 || data[0] >= 100000) { 1357 ret = -EINVAL; 1358 break; 1359 } 1360 udelay(data[0] / 1000); 1361 ret = 1; 1362 break; 1363 case INSN_INTTRIG: 1364 if (insn->n != 1) { 1365 ret = -EINVAL; 1366 break; 1367 } 1368 if (insn->subdev >= dev->n_subdevices) { 1369 dev_dbg(dev->class_dev, 1370 "%d not usable subdevice\n", 1371 insn->subdev); 1372 ret = -EINVAL; 1373 break; 1374 } 1375 s = &dev->subdevices[insn->subdev]; 1376 if (!s->async) { 1377 dev_dbg(dev->class_dev, "no async\n"); 1378 ret = -EINVAL; 1379 break; 1380 } 1381 if (!s->async->inttrig) { 1382 dev_dbg(dev->class_dev, "no inttrig\n"); 1383 ret = -EAGAIN; 1384 break; 1385 } 1386 ret = s->async->inttrig(dev, s, data[0]); 1387 if (ret >= 0) 1388 ret = 1; 1389 break; 1390 case INSN_DEVICE_CONFIG: 1391 ret = check_insn_device_config_length(insn, data); 1392 if (ret) 1393 break; 1394 1395 if (data[0] == INSN_DEVICE_CONFIG_GET_ROUTES) { 1396 /* 1397 * data[1] should be the number of _pairs_ that 1398 * the memory can hold. 1399 */ 1400 data[1] = (insn->n - 2) / 2; 1401 ret = get_valid_routes(dev, data); 1402 break; 1403 } 1404 1405 /* other global device config instructions. */ 1406 ret = dev->insn_device_config(dev, insn, data); 1407 break; 1408 default: 1409 dev_dbg(dev->class_dev, "invalid insn\n"); 1410 ret = -EINVAL; 1411 break; 1412 } 1413 } else { 1414 /* a subdevice instruction */ 1415 unsigned int maxdata; 1416 1417 if (insn->subdev >= dev->n_subdevices) { 1418 dev_dbg(dev->class_dev, "subdevice %d out of range\n", 1419 insn->subdev); 1420 ret = -EINVAL; 1421 goto out; 1422 } 1423 s = &dev->subdevices[insn->subdev]; 1424 1425 if (s->type == COMEDI_SUBD_UNUSED) { 1426 dev_dbg(dev->class_dev, "%d not usable subdevice\n", 1427 insn->subdev); 1428 ret = -EIO; 1429 goto out; 1430 } 1431 1432 /* are we locked? (ioctl lock) */ 1433 if (s->lock && s->lock != file) { 1434 dev_dbg(dev->class_dev, "device locked\n"); 1435 ret = -EACCES; 1436 goto out; 1437 } 1438 1439 ret = comedi_check_chanlist(s, 1, &insn->chanspec); 1440 if (ret < 0) { 1441 ret = -EINVAL; 1442 dev_dbg(dev->class_dev, "bad chanspec\n"); 1443 goto out; 1444 } 1445 1446 if (s->busy) { 1447 ret = -EBUSY; 1448 goto out; 1449 } 1450 /* This looks arbitrary. It is. */ 1451 s->busy = parse_insn; 1452 switch (insn->insn) { 1453 case INSN_READ: 1454 ret = s->insn_read(dev, s, insn, data); 1455 if (ret == -ETIMEDOUT) { 1456 dev_dbg(dev->class_dev, 1457 "subdevice %d read instruction timed out\n", 1458 s->index); 1459 } 1460 break; 1461 case INSN_WRITE: 1462 maxdata = s->maxdata_list 1463 ? s->maxdata_list[CR_CHAN(insn->chanspec)] 1464 : s->maxdata; 1465 for (i = 0; i < insn->n; ++i) { 1466 if (data[i] > maxdata) { 1467 ret = -EINVAL; 1468 dev_dbg(dev->class_dev, 1469 "bad data value(s)\n"); 1470 break; 1471 } 1472 } 1473 if (ret == 0) { 1474 ret = s->insn_write(dev, s, insn, data); 1475 if (ret == -ETIMEDOUT) { 1476 dev_dbg(dev->class_dev, 1477 "subdevice %d write instruction timed out\n", 1478 s->index); 1479 } 1480 } 1481 break; 1482 case INSN_BITS: 1483 if (insn->n != 2) { 1484 ret = -EINVAL; 1485 } else { 1486 /* 1487 * Most drivers ignore the base channel in 1488 * insn->chanspec. Fix this here if 1489 * the subdevice has <= 32 channels. 1490 */ 1491 unsigned int orig_mask = data[0]; 1492 unsigned int shift = 0; 1493 1494 if (s->n_chan <= 32) { 1495 shift = CR_CHAN(insn->chanspec); 1496 if (shift > 0) { 1497 insn->chanspec = 0; 1498 data[0] <<= shift; 1499 data[1] <<= shift; 1500 } 1501 } 1502 ret = s->insn_bits(dev, s, insn, data); 1503 data[0] = orig_mask; 1504 if (shift > 0) 1505 data[1] >>= shift; 1506 } 1507 break; 1508 case INSN_CONFIG: 1509 ret = check_insn_config_length(insn, data); 1510 if (ret) 1511 break; 1512 ret = s->insn_config(dev, s, insn, data); 1513 break; 1514 default: 1515 ret = -EINVAL; 1516 break; 1517 } 1518 1519 s->busy = NULL; 1520 } 1521 1522 out: 1523 return ret; 1524 } 1525 1526 /* 1527 * COMEDI_INSNLIST ioctl 1528 * synchronous instruction list 1529 * 1530 * arg: 1531 * pointer to comedi_insnlist structure 1532 * 1533 * reads: 1534 * comedi_insnlist structure 1535 * array of comedi_insn structures from insnlist->insns pointer 1536 * data (for writes) from insns[].data pointers 1537 * 1538 * writes: 1539 * data (for reads) to insns[].data pointers 1540 */ 1541 /* arbitrary limits */ 1542 #define MIN_SAMPLES 16 1543 #define MAX_SAMPLES 65536 1544 static int do_insnlist_ioctl(struct comedi_device *dev, 1545 struct comedi_insn *insns, 1546 unsigned int n_insns, 1547 void *file) 1548 { 1549 unsigned int *data = NULL; 1550 unsigned int max_n_data_required = MIN_SAMPLES; 1551 int i = 0; 1552 int ret = 0; 1553 1554 lockdep_assert_held(&dev->mutex); 1555 1556 /* Determine maximum memory needed for all instructions. */ 1557 for (i = 0; i < n_insns; ++i) { 1558 if (insns[i].n > MAX_SAMPLES) { 1559 dev_dbg(dev->class_dev, 1560 "number of samples too large\n"); 1561 ret = -EINVAL; 1562 goto error; 1563 } 1564 max_n_data_required = max(max_n_data_required, insns[i].n); 1565 } 1566 1567 /* Allocate scratch space for all instruction data. */ 1568 data = kmalloc_array(max_n_data_required, sizeof(unsigned int), 1569 GFP_KERNEL); 1570 if (!data) { 1571 ret = -ENOMEM; 1572 goto error; 1573 } 1574 1575 for (i = 0; i < n_insns; ++i) { 1576 if (insns[i].insn & INSN_MASK_WRITE) { 1577 if (copy_from_user(data, insns[i].data, 1578 insns[i].n * sizeof(unsigned int))) { 1579 dev_dbg(dev->class_dev, 1580 "copy_from_user failed\n"); 1581 ret = -EFAULT; 1582 goto error; 1583 } 1584 } 1585 ret = parse_insn(dev, insns + i, data, file); 1586 if (ret < 0) 1587 goto error; 1588 if (insns[i].insn & INSN_MASK_READ) { 1589 if (copy_to_user(insns[i].data, data, 1590 insns[i].n * sizeof(unsigned int))) { 1591 dev_dbg(dev->class_dev, 1592 "copy_to_user failed\n"); 1593 ret = -EFAULT; 1594 goto error; 1595 } 1596 } 1597 if (need_resched()) 1598 schedule(); 1599 } 1600 1601 error: 1602 kfree(data); 1603 1604 if (ret < 0) 1605 return ret; 1606 return i; 1607 } 1608 1609 /* 1610 * COMEDI_INSN ioctl 1611 * synchronous instruction 1612 * 1613 * arg: 1614 * pointer to comedi_insn structure 1615 * 1616 * reads: 1617 * comedi_insn structure 1618 * data (for writes) from insn->data pointer 1619 * 1620 * writes: 1621 * data (for reads) to insn->data pointer 1622 */ 1623 static int do_insn_ioctl(struct comedi_device *dev, 1624 struct comedi_insn *insn, void *file) 1625 { 1626 unsigned int *data = NULL; 1627 unsigned int n_data = MIN_SAMPLES; 1628 int ret = 0; 1629 1630 lockdep_assert_held(&dev->mutex); 1631 1632 n_data = max(n_data, insn->n); 1633 1634 /* This is where the behavior of insn and insnlist deviate. */ 1635 if (insn->n > MAX_SAMPLES) { 1636 insn->n = MAX_SAMPLES; 1637 n_data = MAX_SAMPLES; 1638 } 1639 1640 data = kmalloc_array(n_data, sizeof(unsigned int), GFP_KERNEL); 1641 if (!data) { 1642 ret = -ENOMEM; 1643 goto error; 1644 } 1645 1646 if (insn->insn & INSN_MASK_WRITE) { 1647 if (copy_from_user(data, 1648 insn->data, 1649 insn->n * sizeof(unsigned int))) { 1650 ret = -EFAULT; 1651 goto error; 1652 } 1653 } 1654 ret = parse_insn(dev, insn, data, file); 1655 if (ret < 0) 1656 goto error; 1657 if (insn->insn & INSN_MASK_READ) { 1658 if (copy_to_user(insn->data, 1659 data, 1660 insn->n * sizeof(unsigned int))) { 1661 ret = -EFAULT; 1662 goto error; 1663 } 1664 } 1665 ret = insn->n; 1666 1667 error: 1668 kfree(data); 1669 1670 return ret; 1671 } 1672 1673 static int __comedi_get_user_cmd(struct comedi_device *dev, 1674 struct comedi_cmd *cmd) 1675 { 1676 struct comedi_subdevice *s; 1677 1678 lockdep_assert_held(&dev->mutex); 1679 if (cmd->subdev >= dev->n_subdevices) { 1680 dev_dbg(dev->class_dev, "%d no such subdevice\n", cmd->subdev); 1681 return -ENODEV; 1682 } 1683 1684 s = &dev->subdevices[cmd->subdev]; 1685 1686 if (s->type == COMEDI_SUBD_UNUSED) { 1687 dev_dbg(dev->class_dev, "%d not valid subdevice\n", 1688 cmd->subdev); 1689 return -EIO; 1690 } 1691 1692 if (!s->do_cmd || !s->do_cmdtest || !s->async) { 1693 dev_dbg(dev->class_dev, 1694 "subdevice %d does not support commands\n", 1695 cmd->subdev); 1696 return -EIO; 1697 } 1698 1699 /* make sure channel/gain list isn't too long */ 1700 if (cmd->chanlist_len > s->len_chanlist) { 1701 dev_dbg(dev->class_dev, "channel/gain list too long %d > %d\n", 1702 cmd->chanlist_len, s->len_chanlist); 1703 return -EINVAL; 1704 } 1705 1706 /* 1707 * Set the CMDF_WRITE flag to the correct state if the subdevice 1708 * supports only "read" commands or only "write" commands. 1709 */ 1710 switch (s->subdev_flags & (SDF_CMD_READ | SDF_CMD_WRITE)) { 1711 case SDF_CMD_READ: 1712 cmd->flags &= ~CMDF_WRITE; 1713 break; 1714 case SDF_CMD_WRITE: 1715 cmd->flags |= CMDF_WRITE; 1716 break; 1717 default: 1718 break; 1719 } 1720 1721 return 0; 1722 } 1723 1724 static int __comedi_get_user_chanlist(struct comedi_device *dev, 1725 struct comedi_subdevice *s, 1726 unsigned int __user *user_chanlist, 1727 struct comedi_cmd *cmd) 1728 { 1729 unsigned int *chanlist; 1730 int ret; 1731 1732 lockdep_assert_held(&dev->mutex); 1733 cmd->chanlist = NULL; 1734 chanlist = memdup_array_user(user_chanlist, 1735 cmd->chanlist_len, sizeof(unsigned int)); 1736 if (IS_ERR(chanlist)) 1737 return PTR_ERR(chanlist); 1738 1739 /* make sure each element in channel/gain list is valid */ 1740 ret = comedi_check_chanlist(s, cmd->chanlist_len, chanlist); 1741 if (ret < 0) { 1742 kfree(chanlist); 1743 return ret; 1744 } 1745 1746 cmd->chanlist = chanlist; 1747 1748 return 0; 1749 } 1750 1751 /* 1752 * COMEDI_CMD ioctl 1753 * asynchronous acquisition command set-up 1754 * 1755 * arg: 1756 * pointer to comedi_cmd structure 1757 * 1758 * reads: 1759 * comedi_cmd structure 1760 * channel/range list from cmd->chanlist pointer 1761 * 1762 * writes: 1763 * possibly modified comedi_cmd structure (when -EAGAIN returned) 1764 */ 1765 static int do_cmd_ioctl(struct comedi_device *dev, 1766 struct comedi_cmd *cmd, bool *copy, void *file) 1767 { 1768 struct comedi_subdevice *s; 1769 struct comedi_async *async; 1770 unsigned int __user *user_chanlist; 1771 int ret; 1772 1773 lockdep_assert_held(&dev->mutex); 1774 1775 /* do some simple cmd validation */ 1776 ret = __comedi_get_user_cmd(dev, cmd); 1777 if (ret) 1778 return ret; 1779 1780 /* save user's chanlist pointer so it can be restored later */ 1781 user_chanlist = (unsigned int __user *)cmd->chanlist; 1782 1783 s = &dev->subdevices[cmd->subdev]; 1784 async = s->async; 1785 1786 /* are we locked? (ioctl lock) */ 1787 if (s->lock && s->lock != file) { 1788 dev_dbg(dev->class_dev, "subdevice locked\n"); 1789 return -EACCES; 1790 } 1791 1792 /* are we busy? */ 1793 if (s->busy) { 1794 dev_dbg(dev->class_dev, "subdevice busy\n"); 1795 return -EBUSY; 1796 } 1797 1798 /* make sure channel/gain list isn't too short */ 1799 if (cmd->chanlist_len < 1) { 1800 dev_dbg(dev->class_dev, "channel/gain list too short %u < 1\n", 1801 cmd->chanlist_len); 1802 return -EINVAL; 1803 } 1804 1805 async->cmd = *cmd; 1806 async->cmd.data = NULL; 1807 1808 /* load channel/gain list */ 1809 ret = __comedi_get_user_chanlist(dev, s, user_chanlist, &async->cmd); 1810 if (ret) 1811 goto cleanup; 1812 1813 ret = s->do_cmdtest(dev, s, &async->cmd); 1814 1815 if (async->cmd.flags & CMDF_BOGUS || ret) { 1816 dev_dbg(dev->class_dev, "test returned %d\n", ret); 1817 *cmd = async->cmd; 1818 /* restore chanlist pointer before copying back */ 1819 cmd->chanlist = (unsigned int __force *)user_chanlist; 1820 cmd->data = NULL; 1821 *copy = true; 1822 ret = -EAGAIN; 1823 goto cleanup; 1824 } 1825 1826 if (!async->prealloc_bufsz) { 1827 ret = -ENOMEM; 1828 dev_dbg(dev->class_dev, "no buffer (?)\n"); 1829 goto cleanup; 1830 } 1831 1832 comedi_buf_reset(s); 1833 1834 async->cb_mask = COMEDI_CB_BLOCK | COMEDI_CB_CANCEL_MASK; 1835 if (async->cmd.flags & CMDF_WAKE_EOS) 1836 async->cb_mask |= COMEDI_CB_EOS; 1837 1838 comedi_update_subdevice_runflags(s, COMEDI_SRF_BUSY_MASK, 1839 COMEDI_SRF_RUNNING); 1840 1841 /* 1842 * Set s->busy _after_ setting COMEDI_SRF_RUNNING flag to avoid 1843 * race with comedi_read() or comedi_write(). 1844 */ 1845 s->busy = file; 1846 ret = s->do_cmd(dev, s); 1847 if (ret == 0) 1848 return 0; 1849 1850 cleanup: 1851 do_become_nonbusy(dev, s); 1852 1853 return ret; 1854 } 1855 1856 /* 1857 * COMEDI_CMDTEST ioctl 1858 * asynchronous acquisition command testing 1859 * 1860 * arg: 1861 * pointer to comedi_cmd structure 1862 * 1863 * reads: 1864 * comedi_cmd structure 1865 * channel/range list from cmd->chanlist pointer 1866 * 1867 * writes: 1868 * possibly modified comedi_cmd structure 1869 */ 1870 static int do_cmdtest_ioctl(struct comedi_device *dev, 1871 struct comedi_cmd *cmd, bool *copy, void *file) 1872 { 1873 struct comedi_subdevice *s; 1874 unsigned int __user *user_chanlist; 1875 int ret; 1876 1877 lockdep_assert_held(&dev->mutex); 1878 1879 /* do some simple cmd validation */ 1880 ret = __comedi_get_user_cmd(dev, cmd); 1881 if (ret) 1882 return ret; 1883 1884 /* save user's chanlist pointer so it can be restored later */ 1885 user_chanlist = (unsigned int __user *)cmd->chanlist; 1886 1887 s = &dev->subdevices[cmd->subdev]; 1888 1889 /* user_chanlist can be NULL for COMEDI_CMDTEST ioctl */ 1890 if (user_chanlist) { 1891 /* load channel/gain list */ 1892 ret = __comedi_get_user_chanlist(dev, s, user_chanlist, cmd); 1893 if (ret) 1894 return ret; 1895 } 1896 1897 ret = s->do_cmdtest(dev, s, cmd); 1898 1899 kfree(cmd->chanlist); /* free kernel copy of user chanlist */ 1900 1901 /* restore chanlist pointer before copying back */ 1902 cmd->chanlist = (unsigned int __force *)user_chanlist; 1903 *copy = true; 1904 1905 return ret; 1906 } 1907 1908 /* 1909 * COMEDI_LOCK ioctl 1910 * lock subdevice 1911 * 1912 * arg: 1913 * subdevice number 1914 * 1915 * reads: 1916 * nothing 1917 * 1918 * writes: 1919 * nothing 1920 */ 1921 static int do_lock_ioctl(struct comedi_device *dev, unsigned long arg, 1922 void *file) 1923 { 1924 int ret = 0; 1925 unsigned long flags; 1926 struct comedi_subdevice *s; 1927 1928 lockdep_assert_held(&dev->mutex); 1929 if (arg >= dev->n_subdevices) 1930 return -EINVAL; 1931 s = &dev->subdevices[arg]; 1932 1933 spin_lock_irqsave(&s->spin_lock, flags); 1934 if (s->busy || s->lock) 1935 ret = -EBUSY; 1936 else 1937 s->lock = file; 1938 spin_unlock_irqrestore(&s->spin_lock, flags); 1939 1940 return ret; 1941 } 1942 1943 /* 1944 * COMEDI_UNLOCK ioctl 1945 * unlock subdevice 1946 * 1947 * arg: 1948 * subdevice number 1949 * 1950 * reads: 1951 * nothing 1952 * 1953 * writes: 1954 * nothing 1955 */ 1956 static int do_unlock_ioctl(struct comedi_device *dev, unsigned long arg, 1957 void *file) 1958 { 1959 struct comedi_subdevice *s; 1960 1961 lockdep_assert_held(&dev->mutex); 1962 if (arg >= dev->n_subdevices) 1963 return -EINVAL; 1964 s = &dev->subdevices[arg]; 1965 1966 if (s->busy) 1967 return -EBUSY; 1968 1969 if (s->lock && s->lock != file) 1970 return -EACCES; 1971 1972 if (s->lock == file) 1973 s->lock = NULL; 1974 1975 return 0; 1976 } 1977 1978 /* 1979 * COMEDI_CANCEL ioctl 1980 * cancel asynchronous acquisition 1981 * 1982 * arg: 1983 * subdevice number 1984 * 1985 * reads: 1986 * nothing 1987 * 1988 * writes: 1989 * nothing 1990 */ 1991 static int do_cancel_ioctl(struct comedi_device *dev, unsigned long arg, 1992 void *file) 1993 { 1994 struct comedi_subdevice *s; 1995 1996 lockdep_assert_held(&dev->mutex); 1997 if (arg >= dev->n_subdevices) 1998 return -EINVAL; 1999 s = &dev->subdevices[arg]; 2000 if (!s->async) 2001 return -EINVAL; 2002 2003 if (!s->busy) 2004 return 0; 2005 2006 if (s->busy != file) 2007 return -EBUSY; 2008 2009 return do_cancel(dev, s); 2010 } 2011 2012 /* 2013 * COMEDI_POLL ioctl 2014 * instructs driver to synchronize buffers 2015 * 2016 * arg: 2017 * subdevice number 2018 * 2019 * reads: 2020 * nothing 2021 * 2022 * writes: 2023 * nothing 2024 */ 2025 static int do_poll_ioctl(struct comedi_device *dev, unsigned long arg, 2026 void *file) 2027 { 2028 struct comedi_subdevice *s; 2029 2030 lockdep_assert_held(&dev->mutex); 2031 if (arg >= dev->n_subdevices) 2032 return -EINVAL; 2033 s = &dev->subdevices[arg]; 2034 2035 if (!s->busy) 2036 return 0; 2037 2038 if (s->busy != file) 2039 return -EBUSY; 2040 2041 if (s->poll) 2042 return s->poll(dev, s); 2043 2044 return -EINVAL; 2045 } 2046 2047 /* 2048 * COMEDI_SETRSUBD ioctl 2049 * sets the current "read" subdevice on a per-file basis 2050 * 2051 * arg: 2052 * subdevice number 2053 * 2054 * reads: 2055 * nothing 2056 * 2057 * writes: 2058 * nothing 2059 */ 2060 static int do_setrsubd_ioctl(struct comedi_device *dev, unsigned long arg, 2061 struct file *file) 2062 { 2063 struct comedi_file *cfp = file->private_data; 2064 struct comedi_subdevice *s_old, *s_new; 2065 2066 lockdep_assert_held(&dev->mutex); 2067 if (arg >= dev->n_subdevices) 2068 return -EINVAL; 2069 2070 s_new = &dev->subdevices[arg]; 2071 s_old = comedi_file_read_subdevice(file); 2072 if (s_old == s_new) 2073 return 0; /* no change */ 2074 2075 if (!(s_new->subdev_flags & SDF_CMD_READ)) 2076 return -EINVAL; 2077 2078 /* 2079 * Check the file isn't still busy handling a "read" command on the 2080 * old subdevice (if any). 2081 */ 2082 if (s_old && s_old->busy == file && s_old->async && 2083 !(s_old->async->cmd.flags & CMDF_WRITE)) 2084 return -EBUSY; 2085 2086 WRITE_ONCE(cfp->read_subdev, s_new); 2087 return 0; 2088 } 2089 2090 /* 2091 * COMEDI_SETWSUBD ioctl 2092 * sets the current "write" subdevice on a per-file basis 2093 * 2094 * arg: 2095 * subdevice number 2096 * 2097 * reads: 2098 * nothing 2099 * 2100 * writes: 2101 * nothing 2102 */ 2103 static int do_setwsubd_ioctl(struct comedi_device *dev, unsigned long arg, 2104 struct file *file) 2105 { 2106 struct comedi_file *cfp = file->private_data; 2107 struct comedi_subdevice *s_old, *s_new; 2108 2109 lockdep_assert_held(&dev->mutex); 2110 if (arg >= dev->n_subdevices) 2111 return -EINVAL; 2112 2113 s_new = &dev->subdevices[arg]; 2114 s_old = comedi_file_write_subdevice(file); 2115 if (s_old == s_new) 2116 return 0; /* no change */ 2117 2118 if (!(s_new->subdev_flags & SDF_CMD_WRITE)) 2119 return -EINVAL; 2120 2121 /* 2122 * Check the file isn't still busy handling a "write" command on the 2123 * old subdevice (if any). 2124 */ 2125 if (s_old && s_old->busy == file && s_old->async && 2126 (s_old->async->cmd.flags & CMDF_WRITE)) 2127 return -EBUSY; 2128 2129 WRITE_ONCE(cfp->write_subdev, s_new); 2130 return 0; 2131 } 2132 2133 static long comedi_unlocked_ioctl(struct file *file, unsigned int cmd, 2134 unsigned long arg) 2135 { 2136 unsigned int minor = iminor(file_inode(file)); 2137 struct comedi_file *cfp = file->private_data; 2138 struct comedi_device *dev = cfp->dev; 2139 int rc; 2140 2141 mutex_lock(&dev->mutex); 2142 2143 /* 2144 * Device config is special, because it must work on 2145 * an unconfigured device. 2146 */ 2147 if (cmd == COMEDI_DEVCONFIG) { 2148 if (minor >= COMEDI_NUM_BOARD_MINORS) { 2149 /* Device config not appropriate on non-board minors. */ 2150 rc = -ENOTTY; 2151 goto done; 2152 } 2153 rc = do_devconfig_ioctl(dev, 2154 (struct comedi_devconfig __user *)arg); 2155 if (rc == 0) { 2156 if (arg == 0 && 2157 dev->minor >= comedi_num_legacy_minors) { 2158 /* 2159 * Successfully unconfigured a dynamically 2160 * allocated device. Try and remove it. 2161 */ 2162 if (comedi_clear_board_dev(dev)) { 2163 mutex_unlock(&dev->mutex); 2164 comedi_free_board_dev(dev); 2165 return rc; 2166 } 2167 } 2168 } 2169 goto done; 2170 } 2171 2172 if (!dev->attached) { 2173 dev_dbg(dev->class_dev, "no driver attached\n"); 2174 rc = -ENODEV; 2175 goto done; 2176 } 2177 2178 switch (cmd) { 2179 case COMEDI_BUFCONFIG: 2180 rc = do_bufconfig_ioctl(dev, 2181 (struct comedi_bufconfig __user *)arg); 2182 break; 2183 case COMEDI_DEVINFO: 2184 rc = do_devinfo_ioctl(dev, (struct comedi_devinfo __user *)arg, 2185 file); 2186 break; 2187 case COMEDI_SUBDINFO: 2188 rc = do_subdinfo_ioctl(dev, 2189 (struct comedi_subdinfo __user *)arg, 2190 file); 2191 break; 2192 case COMEDI_CHANINFO: { 2193 struct comedi_chaninfo it; 2194 2195 if (copy_from_user(&it, (void __user *)arg, sizeof(it))) 2196 rc = -EFAULT; 2197 else 2198 rc = do_chaninfo_ioctl(dev, &it); 2199 break; 2200 } 2201 case COMEDI_RANGEINFO: { 2202 struct comedi_rangeinfo it; 2203 2204 if (copy_from_user(&it, (void __user *)arg, sizeof(it))) 2205 rc = -EFAULT; 2206 else 2207 rc = do_rangeinfo_ioctl(dev, &it); 2208 break; 2209 } 2210 case COMEDI_BUFINFO: 2211 rc = do_bufinfo_ioctl(dev, 2212 (struct comedi_bufinfo __user *)arg, 2213 file); 2214 break; 2215 case COMEDI_LOCK: 2216 rc = do_lock_ioctl(dev, arg, file); 2217 break; 2218 case COMEDI_UNLOCK: 2219 rc = do_unlock_ioctl(dev, arg, file); 2220 break; 2221 case COMEDI_CANCEL: 2222 rc = do_cancel_ioctl(dev, arg, file); 2223 break; 2224 case COMEDI_CMD: { 2225 struct comedi_cmd cmd; 2226 bool copy = false; 2227 2228 if (copy_from_user(&cmd, (void __user *)arg, sizeof(cmd))) { 2229 rc = -EFAULT; 2230 break; 2231 } 2232 rc = do_cmd_ioctl(dev, &cmd, ©, file); 2233 if (copy && copy_to_user((void __user *)arg, &cmd, sizeof(cmd))) 2234 rc = -EFAULT; 2235 break; 2236 } 2237 case COMEDI_CMDTEST: { 2238 struct comedi_cmd cmd; 2239 bool copy = false; 2240 2241 if (copy_from_user(&cmd, (void __user *)arg, sizeof(cmd))) { 2242 rc = -EFAULT; 2243 break; 2244 } 2245 rc = do_cmdtest_ioctl(dev, &cmd, ©, file); 2246 if (copy && copy_to_user((void __user *)arg, &cmd, sizeof(cmd))) 2247 rc = -EFAULT; 2248 break; 2249 } 2250 case COMEDI_INSNLIST: { 2251 struct comedi_insnlist insnlist; 2252 struct comedi_insn *insns = NULL; 2253 2254 if (copy_from_user(&insnlist, (void __user *)arg, 2255 sizeof(insnlist))) { 2256 rc = -EFAULT; 2257 break; 2258 } 2259 insns = kcalloc(insnlist.n_insns, sizeof(*insns), GFP_KERNEL); 2260 if (!insns) { 2261 rc = -ENOMEM; 2262 break; 2263 } 2264 if (copy_from_user(insns, insnlist.insns, 2265 sizeof(*insns) * insnlist.n_insns)) { 2266 rc = -EFAULT; 2267 kfree(insns); 2268 break; 2269 } 2270 rc = do_insnlist_ioctl(dev, insns, insnlist.n_insns, file); 2271 kfree(insns); 2272 break; 2273 } 2274 case COMEDI_INSN: { 2275 struct comedi_insn insn; 2276 2277 if (copy_from_user(&insn, (void __user *)arg, sizeof(insn))) 2278 rc = -EFAULT; 2279 else 2280 rc = do_insn_ioctl(dev, &insn, file); 2281 break; 2282 } 2283 case COMEDI_POLL: 2284 rc = do_poll_ioctl(dev, arg, file); 2285 break; 2286 case COMEDI_SETRSUBD: 2287 rc = do_setrsubd_ioctl(dev, arg, file); 2288 break; 2289 case COMEDI_SETWSUBD: 2290 rc = do_setwsubd_ioctl(dev, arg, file); 2291 break; 2292 default: 2293 rc = -ENOTTY; 2294 break; 2295 } 2296 2297 done: 2298 mutex_unlock(&dev->mutex); 2299 return rc; 2300 } 2301 2302 static void comedi_vm_open(struct vm_area_struct *area) 2303 { 2304 struct comedi_buf_map *bm; 2305 2306 bm = area->vm_private_data; 2307 comedi_buf_map_get(bm); 2308 } 2309 2310 static void comedi_vm_close(struct vm_area_struct *area) 2311 { 2312 struct comedi_buf_map *bm; 2313 2314 bm = area->vm_private_data; 2315 comedi_buf_map_put(bm); 2316 } 2317 2318 static int comedi_vm_access(struct vm_area_struct *vma, unsigned long addr, 2319 void *buf, int len, int write) 2320 { 2321 struct comedi_buf_map *bm = vma->vm_private_data; 2322 unsigned long offset = 2323 addr - vma->vm_start + (vma->vm_pgoff << PAGE_SHIFT); 2324 2325 if (len < 0) 2326 return -EINVAL; 2327 if (len > vma->vm_end - addr) 2328 len = vma->vm_end - addr; 2329 return comedi_buf_map_access(bm, offset, buf, len, write); 2330 } 2331 2332 static const struct vm_operations_struct comedi_vm_ops = { 2333 .open = comedi_vm_open, 2334 .close = comedi_vm_close, 2335 .access = comedi_vm_access, 2336 }; 2337 2338 static int comedi_mmap(struct file *file, struct vm_area_struct *vma) 2339 { 2340 struct comedi_file *cfp = file->private_data; 2341 struct comedi_device *dev = cfp->dev; 2342 struct comedi_subdevice *s; 2343 struct comedi_async *async; 2344 struct comedi_buf_map *bm = NULL; 2345 struct comedi_buf_page *buf; 2346 unsigned long start = vma->vm_start; 2347 unsigned long size; 2348 int n_pages; 2349 int i; 2350 int retval = 0; 2351 2352 /* 2353 * 'trylock' avoids circular dependency with current->mm->mmap_lock 2354 * and down-reading &dev->attach_lock should normally succeed without 2355 * contention unless the device is in the process of being attached 2356 * or detached. 2357 */ 2358 if (!down_read_trylock(&dev->attach_lock)) 2359 return -EAGAIN; 2360 2361 if (!dev->attached) { 2362 dev_dbg(dev->class_dev, "no driver attached\n"); 2363 retval = -ENODEV; 2364 goto done; 2365 } 2366 2367 if (vma->vm_flags & VM_WRITE) 2368 s = comedi_file_write_subdevice(file); 2369 else 2370 s = comedi_file_read_subdevice(file); 2371 if (!s) { 2372 retval = -EINVAL; 2373 goto done; 2374 } 2375 2376 async = s->async; 2377 if (!async) { 2378 retval = -EINVAL; 2379 goto done; 2380 } 2381 2382 if (vma->vm_pgoff != 0) { 2383 dev_dbg(dev->class_dev, "mmap() offset must be 0.\n"); 2384 retval = -EINVAL; 2385 goto done; 2386 } 2387 2388 size = vma->vm_end - vma->vm_start; 2389 if (size > async->prealloc_bufsz) { 2390 retval = -EFAULT; 2391 goto done; 2392 } 2393 if (offset_in_page(size)) { 2394 retval = -EFAULT; 2395 goto done; 2396 } 2397 2398 n_pages = vma_pages(vma); 2399 2400 /* get reference to current buf map (if any) */ 2401 bm = comedi_buf_map_from_subdev_get(s); 2402 if (!bm || n_pages > bm->n_pages) { 2403 retval = -EINVAL; 2404 goto done; 2405 } 2406 if (bm->dma_dir != DMA_NONE) { 2407 unsigned long vm_start = vma->vm_start; 2408 unsigned long vm_end = vma->vm_end; 2409 2410 /* 2411 * Buffer pages are not contiguous, so temporarily modify VMA 2412 * start and end addresses for each buffer page. 2413 */ 2414 for (i = 0; i < n_pages; ++i) { 2415 buf = &bm->page_list[i]; 2416 vma->vm_start = start; 2417 vma->vm_end = start + PAGE_SIZE; 2418 retval = dma_mmap_coherent(bm->dma_hw_dev, vma, 2419 buf->virt_addr, 2420 buf->dma_addr, PAGE_SIZE); 2421 if (retval) 2422 break; 2423 2424 start += PAGE_SIZE; 2425 } 2426 vma->vm_start = vm_start; 2427 vma->vm_end = vm_end; 2428 } else { 2429 for (i = 0; i < n_pages; ++i) { 2430 unsigned long pfn; 2431 2432 buf = &bm->page_list[i]; 2433 pfn = page_to_pfn(virt_to_page(buf->virt_addr)); 2434 retval = remap_pfn_range(vma, start, pfn, PAGE_SIZE, 2435 PAGE_SHARED); 2436 if (retval) 2437 break; 2438 2439 start += PAGE_SIZE; 2440 } 2441 } 2442 2443 #ifdef CONFIG_MMU 2444 /* 2445 * Leaving behind a partial mapping of a buffer we're about to drop is 2446 * unsafe, see remap_pfn_range_notrack(). We need to zap the range 2447 * here ourselves instead of relying on the automatic zapping in 2448 * remap_pfn_range() because we call remap_pfn_range() in a loop. 2449 */ 2450 if (retval) 2451 zap_vma_ptes(vma, vma->vm_start, size); 2452 #endif 2453 2454 if (retval == 0) { 2455 vma->vm_ops = &comedi_vm_ops; 2456 vma->vm_private_data = bm; 2457 2458 vma->vm_ops->open(vma); 2459 } 2460 2461 done: 2462 up_read(&dev->attach_lock); 2463 comedi_buf_map_put(bm); /* put reference to buf map - okay if NULL */ 2464 return retval; 2465 } 2466 2467 static __poll_t comedi_poll(struct file *file, poll_table *wait) 2468 { 2469 __poll_t mask = 0; 2470 struct comedi_file *cfp = file->private_data; 2471 struct comedi_device *dev = cfp->dev; 2472 struct comedi_subdevice *s, *s_read; 2473 2474 down_read(&dev->attach_lock); 2475 2476 if (!dev->attached) { 2477 dev_dbg(dev->class_dev, "no driver attached\n"); 2478 goto done; 2479 } 2480 2481 s = comedi_file_read_subdevice(file); 2482 s_read = s; 2483 if (s && s->async) { 2484 poll_wait(file, &s->async->wait_head, wait); 2485 if (s->busy != file || !comedi_is_subdevice_running(s) || 2486 (s->async->cmd.flags & CMDF_WRITE) || 2487 comedi_buf_read_n_available(s) > 0) 2488 mask |= EPOLLIN | EPOLLRDNORM; 2489 } 2490 2491 s = comedi_file_write_subdevice(file); 2492 if (s && s->async) { 2493 unsigned int bps = comedi_bytes_per_sample(s); 2494 2495 if (s != s_read) 2496 poll_wait(file, &s->async->wait_head, wait); 2497 if (s->busy != file || !comedi_is_subdevice_running(s) || 2498 !(s->async->cmd.flags & CMDF_WRITE) || 2499 comedi_buf_write_n_available(s) >= bps) 2500 mask |= EPOLLOUT | EPOLLWRNORM; 2501 } 2502 2503 done: 2504 up_read(&dev->attach_lock); 2505 return mask; 2506 } 2507 2508 static unsigned int comedi_buf_copy_to_user(struct comedi_subdevice *s, 2509 void __user *dest, unsigned int src_offset, unsigned int n) 2510 { 2511 struct comedi_buf_map *bm = s->async->buf_map; 2512 struct comedi_buf_page *buf_page_list = bm->page_list; 2513 unsigned int page = src_offset >> PAGE_SHIFT; 2514 unsigned int offset = offset_in_page(src_offset); 2515 2516 while (n) { 2517 unsigned int copy_amount = min(n, PAGE_SIZE - offset); 2518 unsigned int uncopied; 2519 2520 uncopied = copy_to_user(dest, buf_page_list[page].virt_addr + 2521 offset, copy_amount); 2522 copy_amount -= uncopied; 2523 n -= copy_amount; 2524 if (uncopied) 2525 break; 2526 2527 dest += copy_amount; 2528 page++; 2529 if (page == bm->n_pages) 2530 page = 0; /* buffer wraparound */ 2531 offset = 0; 2532 } 2533 return n; 2534 } 2535 2536 static unsigned int comedi_buf_copy_from_user(struct comedi_subdevice *s, 2537 unsigned int dst_offset, const void __user *src, unsigned int n) 2538 { 2539 struct comedi_buf_map *bm = s->async->buf_map; 2540 struct comedi_buf_page *buf_page_list = bm->page_list; 2541 unsigned int page = dst_offset >> PAGE_SHIFT; 2542 unsigned int offset = offset_in_page(dst_offset); 2543 2544 while (n) { 2545 unsigned int copy_amount = min(n, PAGE_SIZE - offset); 2546 unsigned int uncopied; 2547 2548 uncopied = copy_from_user(buf_page_list[page].virt_addr + 2549 offset, src, copy_amount); 2550 copy_amount -= uncopied; 2551 n -= copy_amount; 2552 if (uncopied) 2553 break; 2554 2555 src += copy_amount; 2556 page++; 2557 if (page == bm->n_pages) 2558 page = 0; /* buffer wraparound */ 2559 offset = 0; 2560 } 2561 return n; 2562 } 2563 2564 static ssize_t comedi_write(struct file *file, const char __user *buf, 2565 size_t nbytes, loff_t *offset) 2566 { 2567 struct comedi_subdevice *s; 2568 struct comedi_async *async; 2569 unsigned int n, m; 2570 ssize_t count = 0; 2571 int retval = 0; 2572 DECLARE_WAITQUEUE(wait, current); 2573 struct comedi_file *cfp = file->private_data; 2574 struct comedi_device *dev = cfp->dev; 2575 bool become_nonbusy = false; 2576 bool attach_locked; 2577 unsigned int old_detach_count; 2578 2579 /* Protect against device detachment during operation. */ 2580 down_read(&dev->attach_lock); 2581 attach_locked = true; 2582 old_detach_count = dev->detach_count; 2583 2584 if (!dev->attached) { 2585 dev_dbg(dev->class_dev, "no driver attached\n"); 2586 retval = -ENODEV; 2587 goto out; 2588 } 2589 2590 s = comedi_file_write_subdevice(file); 2591 if (!s || !s->async) { 2592 retval = -EIO; 2593 goto out; 2594 } 2595 2596 async = s->async; 2597 if (s->busy != file || !(async->cmd.flags & CMDF_WRITE)) { 2598 retval = -EINVAL; 2599 goto out; 2600 } 2601 2602 add_wait_queue(&async->wait_head, &wait); 2603 while (count == 0 && !retval) { 2604 unsigned int runflags; 2605 2606 set_current_state(TASK_INTERRUPTIBLE); 2607 2608 runflags = comedi_get_subdevice_runflags(s); 2609 if (!comedi_is_runflags_running(runflags)) { 2610 if (comedi_is_runflags_in_error(runflags)) 2611 retval = -EPIPE; 2612 if (retval || nbytes) 2613 become_nonbusy = true; 2614 break; 2615 } 2616 if (nbytes == 0) 2617 break; 2618 2619 /* Allocate all free buffer space. */ 2620 comedi_buf_write_alloc(s, async->prealloc_bufsz); 2621 m = comedi_buf_write_n_allocated(s); 2622 n = min_t(size_t, m, nbytes); 2623 2624 if (n == 0) { 2625 if (file->f_flags & O_NONBLOCK) { 2626 retval = -EAGAIN; 2627 break; 2628 } 2629 schedule(); 2630 if (signal_pending(current)) { 2631 retval = -ERESTARTSYS; 2632 break; 2633 } 2634 if (s->busy != file || 2635 !(async->cmd.flags & CMDF_WRITE)) { 2636 retval = -EINVAL; 2637 break; 2638 } 2639 continue; 2640 } 2641 2642 set_current_state(TASK_RUNNING); 2643 m = comedi_buf_copy_from_user(s, async->buf_write_ptr, buf, n); 2644 if (m) { 2645 n -= m; 2646 retval = -EFAULT; 2647 } 2648 comedi_buf_write_free(s, n); 2649 2650 count += n; 2651 nbytes -= n; 2652 2653 buf += n; 2654 } 2655 remove_wait_queue(&async->wait_head, &wait); 2656 set_current_state(TASK_RUNNING); 2657 if (become_nonbusy && count == 0) { 2658 struct comedi_subdevice *new_s; 2659 2660 /* 2661 * To avoid deadlock, cannot acquire dev->mutex 2662 * while dev->attach_lock is held. 2663 */ 2664 up_read(&dev->attach_lock); 2665 attach_locked = false; 2666 mutex_lock(&dev->mutex); 2667 /* 2668 * Check device hasn't become detached behind our back. 2669 * Checking dev->detach_count is unchanged ought to be 2670 * sufficient (unless there have been 2**32 detaches in the 2671 * meantime!), but check the subdevice pointer as well just in 2672 * case. 2673 * 2674 * Also check the subdevice is still in a suitable state to 2675 * become non-busy in case it changed behind our back. 2676 */ 2677 new_s = comedi_file_write_subdevice(file); 2678 if (dev->attached && old_detach_count == dev->detach_count && 2679 s == new_s && new_s->async == async && s->busy == file && 2680 (async->cmd.flags & CMDF_WRITE) && 2681 !comedi_is_subdevice_running(s)) 2682 do_become_nonbusy(dev, s); 2683 mutex_unlock(&dev->mutex); 2684 } 2685 out: 2686 if (attach_locked) 2687 up_read(&dev->attach_lock); 2688 2689 return count ? count : retval; 2690 } 2691 2692 static ssize_t comedi_read(struct file *file, char __user *buf, size_t nbytes, 2693 loff_t *offset) 2694 { 2695 struct comedi_subdevice *s; 2696 struct comedi_async *async; 2697 unsigned int n, m; 2698 ssize_t count = 0; 2699 int retval = 0; 2700 DECLARE_WAITQUEUE(wait, current); 2701 struct comedi_file *cfp = file->private_data; 2702 struct comedi_device *dev = cfp->dev; 2703 unsigned int old_detach_count; 2704 bool become_nonbusy = false; 2705 bool attach_locked; 2706 2707 /* Protect against device detachment during operation. */ 2708 down_read(&dev->attach_lock); 2709 attach_locked = true; 2710 old_detach_count = dev->detach_count; 2711 2712 if (!dev->attached) { 2713 dev_dbg(dev->class_dev, "no driver attached\n"); 2714 retval = -ENODEV; 2715 goto out; 2716 } 2717 2718 s = comedi_file_read_subdevice(file); 2719 if (!s || !s->async) { 2720 retval = -EIO; 2721 goto out; 2722 } 2723 2724 async = s->async; 2725 if (s->busy != file || (async->cmd.flags & CMDF_WRITE)) { 2726 retval = -EINVAL; 2727 goto out; 2728 } 2729 2730 add_wait_queue(&async->wait_head, &wait); 2731 while (count == 0 && !retval) { 2732 set_current_state(TASK_INTERRUPTIBLE); 2733 2734 m = comedi_buf_read_n_available(s); 2735 n = min_t(size_t, m, nbytes); 2736 2737 if (n == 0) { 2738 unsigned int runflags = 2739 comedi_get_subdevice_runflags(s); 2740 2741 if (!comedi_is_runflags_running(runflags)) { 2742 if (comedi_is_runflags_in_error(runflags)) 2743 retval = -EPIPE; 2744 if (retval || nbytes) 2745 become_nonbusy = true; 2746 break; 2747 } 2748 if (nbytes == 0) 2749 break; 2750 if (file->f_flags & O_NONBLOCK) { 2751 retval = -EAGAIN; 2752 break; 2753 } 2754 schedule(); 2755 if (signal_pending(current)) { 2756 retval = -ERESTARTSYS; 2757 break; 2758 } 2759 if (s->busy != file || 2760 (async->cmd.flags & CMDF_WRITE)) { 2761 retval = -EINVAL; 2762 break; 2763 } 2764 continue; 2765 } 2766 2767 set_current_state(TASK_RUNNING); 2768 m = comedi_buf_copy_to_user(s, buf, async->buf_read_ptr, n); 2769 if (m) { 2770 n -= m; 2771 retval = -EFAULT; 2772 } 2773 2774 comedi_buf_read_alloc(s, n); 2775 comedi_buf_read_free(s, n); 2776 2777 count += n; 2778 nbytes -= n; 2779 2780 buf += n; 2781 } 2782 remove_wait_queue(&async->wait_head, &wait); 2783 set_current_state(TASK_RUNNING); 2784 if (become_nonbusy && count == 0) { 2785 struct comedi_subdevice *new_s; 2786 2787 /* 2788 * To avoid deadlock, cannot acquire dev->mutex 2789 * while dev->attach_lock is held. 2790 */ 2791 up_read(&dev->attach_lock); 2792 attach_locked = false; 2793 mutex_lock(&dev->mutex); 2794 /* 2795 * Check device hasn't become detached behind our back. 2796 * Checking dev->detach_count is unchanged ought to be 2797 * sufficient (unless there have been 2**32 detaches in the 2798 * meantime!), but check the subdevice pointer as well just in 2799 * case. 2800 * 2801 * Also check the subdevice is still in a suitable state to 2802 * become non-busy in case it changed behind our back. 2803 */ 2804 new_s = comedi_file_read_subdevice(file); 2805 if (dev->attached && old_detach_count == dev->detach_count && 2806 s == new_s && new_s->async == async && s->busy == file && 2807 !(async->cmd.flags & CMDF_WRITE) && 2808 !comedi_is_subdevice_running(s) && 2809 comedi_buf_read_n_available(s) == 0) 2810 do_become_nonbusy(dev, s); 2811 mutex_unlock(&dev->mutex); 2812 } 2813 out: 2814 if (attach_locked) 2815 up_read(&dev->attach_lock); 2816 2817 return count ? count : retval; 2818 } 2819 2820 static int comedi_open(struct inode *inode, struct file *file) 2821 { 2822 const unsigned int minor = iminor(inode); 2823 struct comedi_file *cfp; 2824 struct comedi_device *dev = comedi_dev_get_from_minor(minor); 2825 int rc; 2826 2827 if (!dev) { 2828 pr_debug("invalid minor number\n"); 2829 return -ENODEV; 2830 } 2831 2832 cfp = kzalloc(sizeof(*cfp), GFP_KERNEL); 2833 if (!cfp) { 2834 comedi_dev_put(dev); 2835 return -ENOMEM; 2836 } 2837 2838 cfp->dev = dev; 2839 2840 mutex_lock(&dev->mutex); 2841 if (!dev->attached && !capable(CAP_SYS_ADMIN)) { 2842 dev_dbg(dev->class_dev, "not attached and not CAP_SYS_ADMIN\n"); 2843 rc = -ENODEV; 2844 goto out; 2845 } 2846 if (dev->attached && dev->use_count == 0) { 2847 if (!try_module_get(dev->driver->module)) { 2848 rc = -ENXIO; 2849 goto out; 2850 } 2851 if (dev->open) { 2852 rc = dev->open(dev); 2853 if (rc < 0) { 2854 module_put(dev->driver->module); 2855 goto out; 2856 } 2857 } 2858 } 2859 2860 dev->use_count++; 2861 file->private_data = cfp; 2862 comedi_file_reset(file); 2863 rc = 0; 2864 2865 out: 2866 mutex_unlock(&dev->mutex); 2867 if (rc) { 2868 comedi_dev_put(dev); 2869 kfree(cfp); 2870 } 2871 return rc; 2872 } 2873 2874 static int comedi_fasync(int fd, struct file *file, int on) 2875 { 2876 struct comedi_file *cfp = file->private_data; 2877 struct comedi_device *dev = cfp->dev; 2878 2879 return fasync_helper(fd, file, on, &dev->async_queue); 2880 } 2881 2882 static int comedi_close(struct inode *inode, struct file *file) 2883 { 2884 struct comedi_file *cfp = file->private_data; 2885 struct comedi_device *dev = cfp->dev; 2886 struct comedi_subdevice *s = NULL; 2887 int i; 2888 2889 mutex_lock(&dev->mutex); 2890 2891 if (dev->subdevices) { 2892 for (i = 0; i < dev->n_subdevices; i++) { 2893 s = &dev->subdevices[i]; 2894 2895 if (s->busy == file) 2896 do_cancel(dev, s); 2897 if (s->lock == file) 2898 s->lock = NULL; 2899 } 2900 } 2901 if (dev->attached && dev->use_count == 1) { 2902 if (dev->close) 2903 dev->close(dev); 2904 module_put(dev->driver->module); 2905 } 2906 2907 dev->use_count--; 2908 2909 mutex_unlock(&dev->mutex); 2910 comedi_dev_put(dev); 2911 kfree(cfp); 2912 2913 return 0; 2914 } 2915 2916 #ifdef CONFIG_COMPAT 2917 2918 #define COMEDI32_CHANINFO _IOR(CIO, 3, struct comedi32_chaninfo_struct) 2919 #define COMEDI32_RANGEINFO _IOR(CIO, 8, struct comedi32_rangeinfo_struct) 2920 /* 2921 * N.B. COMEDI32_CMD and COMEDI_CMD ought to use _IOWR, not _IOR. 2922 * It's too late to change it now, but it only affects the command number. 2923 */ 2924 #define COMEDI32_CMD _IOR(CIO, 9, struct comedi32_cmd_struct) 2925 /* 2926 * N.B. COMEDI32_CMDTEST and COMEDI_CMDTEST ought to use _IOWR, not _IOR. 2927 * It's too late to change it now, but it only affects the command number. 2928 */ 2929 #define COMEDI32_CMDTEST _IOR(CIO, 10, struct comedi32_cmd_struct) 2930 #define COMEDI32_INSNLIST _IOR(CIO, 11, struct comedi32_insnlist_struct) 2931 #define COMEDI32_INSN _IOR(CIO, 12, struct comedi32_insn_struct) 2932 2933 struct comedi32_chaninfo_struct { 2934 unsigned int subdev; 2935 compat_uptr_t maxdata_list; /* 32-bit 'unsigned int *' */ 2936 compat_uptr_t flaglist; /* 32-bit 'unsigned int *' */ 2937 compat_uptr_t rangelist; /* 32-bit 'unsigned int *' */ 2938 unsigned int unused[4]; 2939 }; 2940 2941 struct comedi32_rangeinfo_struct { 2942 unsigned int range_type; 2943 compat_uptr_t range_ptr; /* 32-bit 'void *' */ 2944 }; 2945 2946 struct comedi32_cmd_struct { 2947 unsigned int subdev; 2948 unsigned int flags; 2949 unsigned int start_src; 2950 unsigned int start_arg; 2951 unsigned int scan_begin_src; 2952 unsigned int scan_begin_arg; 2953 unsigned int convert_src; 2954 unsigned int convert_arg; 2955 unsigned int scan_end_src; 2956 unsigned int scan_end_arg; 2957 unsigned int stop_src; 2958 unsigned int stop_arg; 2959 compat_uptr_t chanlist; /* 32-bit 'unsigned int *' */ 2960 unsigned int chanlist_len; 2961 compat_uptr_t data; /* 32-bit 'short *' */ 2962 unsigned int data_len; 2963 }; 2964 2965 struct comedi32_insn_struct { 2966 unsigned int insn; 2967 unsigned int n; 2968 compat_uptr_t data; /* 32-bit 'unsigned int *' */ 2969 unsigned int subdev; 2970 unsigned int chanspec; 2971 unsigned int unused[3]; 2972 }; 2973 2974 struct comedi32_insnlist_struct { 2975 unsigned int n_insns; 2976 compat_uptr_t insns; /* 32-bit 'struct comedi_insn *' */ 2977 }; 2978 2979 /* Handle 32-bit COMEDI_CHANINFO ioctl. */ 2980 static int compat_chaninfo(struct file *file, unsigned long arg) 2981 { 2982 struct comedi_file *cfp = file->private_data; 2983 struct comedi_device *dev = cfp->dev; 2984 struct comedi32_chaninfo_struct chaninfo32; 2985 struct comedi_chaninfo chaninfo; 2986 int err; 2987 2988 if (copy_from_user(&chaninfo32, compat_ptr(arg), sizeof(chaninfo32))) 2989 return -EFAULT; 2990 2991 memset(&chaninfo, 0, sizeof(chaninfo)); 2992 chaninfo.subdev = chaninfo32.subdev; 2993 chaninfo.maxdata_list = compat_ptr(chaninfo32.maxdata_list); 2994 chaninfo.flaglist = compat_ptr(chaninfo32.flaglist); 2995 chaninfo.rangelist = compat_ptr(chaninfo32.rangelist); 2996 2997 mutex_lock(&dev->mutex); 2998 err = do_chaninfo_ioctl(dev, &chaninfo); 2999 mutex_unlock(&dev->mutex); 3000 return err; 3001 } 3002 3003 /* Handle 32-bit COMEDI_RANGEINFO ioctl. */ 3004 static int compat_rangeinfo(struct file *file, unsigned long arg) 3005 { 3006 struct comedi_file *cfp = file->private_data; 3007 struct comedi_device *dev = cfp->dev; 3008 struct comedi32_rangeinfo_struct rangeinfo32; 3009 struct comedi_rangeinfo rangeinfo; 3010 int err; 3011 3012 if (copy_from_user(&rangeinfo32, compat_ptr(arg), sizeof(rangeinfo32))) 3013 return -EFAULT; 3014 memset(&rangeinfo, 0, sizeof(rangeinfo)); 3015 rangeinfo.range_type = rangeinfo32.range_type; 3016 rangeinfo.range_ptr = compat_ptr(rangeinfo32.range_ptr); 3017 3018 mutex_lock(&dev->mutex); 3019 err = do_rangeinfo_ioctl(dev, &rangeinfo); 3020 mutex_unlock(&dev->mutex); 3021 return err; 3022 } 3023 3024 /* Copy 32-bit cmd structure to native cmd structure. */ 3025 static int get_compat_cmd(struct comedi_cmd *cmd, 3026 struct comedi32_cmd_struct __user *cmd32) 3027 { 3028 struct comedi32_cmd_struct v32; 3029 3030 if (copy_from_user(&v32, cmd32, sizeof(v32))) 3031 return -EFAULT; 3032 3033 cmd->subdev = v32.subdev; 3034 cmd->flags = v32.flags; 3035 cmd->start_src = v32.start_src; 3036 cmd->start_arg = v32.start_arg; 3037 cmd->scan_begin_src = v32.scan_begin_src; 3038 cmd->scan_begin_arg = v32.scan_begin_arg; 3039 cmd->convert_src = v32.convert_src; 3040 cmd->convert_arg = v32.convert_arg; 3041 cmd->scan_end_src = v32.scan_end_src; 3042 cmd->scan_end_arg = v32.scan_end_arg; 3043 cmd->stop_src = v32.stop_src; 3044 cmd->stop_arg = v32.stop_arg; 3045 cmd->chanlist = (unsigned int __force *)compat_ptr(v32.chanlist); 3046 cmd->chanlist_len = v32.chanlist_len; 3047 cmd->data = compat_ptr(v32.data); 3048 cmd->data_len = v32.data_len; 3049 return 0; 3050 } 3051 3052 /* Copy native cmd structure to 32-bit cmd structure. */ 3053 static int put_compat_cmd(struct comedi32_cmd_struct __user *cmd32, 3054 struct comedi_cmd *cmd) 3055 { 3056 struct comedi32_cmd_struct v32; 3057 3058 memset(&v32, 0, sizeof(v32)); 3059 v32.subdev = cmd->subdev; 3060 v32.flags = cmd->flags; 3061 v32.start_src = cmd->start_src; 3062 v32.start_arg = cmd->start_arg; 3063 v32.scan_begin_src = cmd->scan_begin_src; 3064 v32.scan_begin_arg = cmd->scan_begin_arg; 3065 v32.convert_src = cmd->convert_src; 3066 v32.convert_arg = cmd->convert_arg; 3067 v32.scan_end_src = cmd->scan_end_src; 3068 v32.scan_end_arg = cmd->scan_end_arg; 3069 v32.stop_src = cmd->stop_src; 3070 v32.stop_arg = cmd->stop_arg; 3071 /* Assume chanlist pointer is unchanged. */ 3072 v32.chanlist = ptr_to_compat((unsigned int __user *)cmd->chanlist); 3073 v32.chanlist_len = cmd->chanlist_len; 3074 v32.data = ptr_to_compat(cmd->data); 3075 v32.data_len = cmd->data_len; 3076 if (copy_to_user(cmd32, &v32, sizeof(v32))) 3077 return -EFAULT; 3078 return 0; 3079 } 3080 3081 /* Handle 32-bit COMEDI_CMD ioctl. */ 3082 static int compat_cmd(struct file *file, unsigned long arg) 3083 { 3084 struct comedi_file *cfp = file->private_data; 3085 struct comedi_device *dev = cfp->dev; 3086 struct comedi_cmd cmd; 3087 bool copy = false; 3088 int rc, err; 3089 3090 rc = get_compat_cmd(&cmd, compat_ptr(arg)); 3091 if (rc) 3092 return rc; 3093 3094 mutex_lock(&dev->mutex); 3095 rc = do_cmd_ioctl(dev, &cmd, ©, file); 3096 mutex_unlock(&dev->mutex); 3097 if (copy) { 3098 /* Special case: copy cmd back to user. */ 3099 err = put_compat_cmd(compat_ptr(arg), &cmd); 3100 if (err) 3101 rc = err; 3102 } 3103 return rc; 3104 } 3105 3106 /* Handle 32-bit COMEDI_CMDTEST ioctl. */ 3107 static int compat_cmdtest(struct file *file, unsigned long arg) 3108 { 3109 struct comedi_file *cfp = file->private_data; 3110 struct comedi_device *dev = cfp->dev; 3111 struct comedi_cmd cmd; 3112 bool copy = false; 3113 int rc, err; 3114 3115 rc = get_compat_cmd(&cmd, compat_ptr(arg)); 3116 if (rc) 3117 return rc; 3118 3119 mutex_lock(&dev->mutex); 3120 rc = do_cmdtest_ioctl(dev, &cmd, ©, file); 3121 mutex_unlock(&dev->mutex); 3122 if (copy) { 3123 err = put_compat_cmd(compat_ptr(arg), &cmd); 3124 if (err) 3125 rc = err; 3126 } 3127 return rc; 3128 } 3129 3130 /* Copy 32-bit insn structure to native insn structure. */ 3131 static int get_compat_insn(struct comedi_insn *insn, 3132 struct comedi32_insn_struct __user *insn32) 3133 { 3134 struct comedi32_insn_struct v32; 3135 3136 /* Copy insn structure. Ignore the unused members. */ 3137 if (copy_from_user(&v32, insn32, sizeof(v32))) 3138 return -EFAULT; 3139 memset(insn, 0, sizeof(*insn)); 3140 insn->insn = v32.insn; 3141 insn->n = v32.n; 3142 insn->data = compat_ptr(v32.data); 3143 insn->subdev = v32.subdev; 3144 insn->chanspec = v32.chanspec; 3145 return 0; 3146 } 3147 3148 /* Handle 32-bit COMEDI_INSNLIST ioctl. */ 3149 static int compat_insnlist(struct file *file, unsigned long arg) 3150 { 3151 struct comedi_file *cfp = file->private_data; 3152 struct comedi_device *dev = cfp->dev; 3153 struct comedi32_insnlist_struct insnlist32; 3154 struct comedi32_insn_struct __user *insn32; 3155 struct comedi_insn *insns; 3156 unsigned int n; 3157 int rc; 3158 3159 if (copy_from_user(&insnlist32, compat_ptr(arg), sizeof(insnlist32))) 3160 return -EFAULT; 3161 3162 insns = kcalloc(insnlist32.n_insns, sizeof(*insns), GFP_KERNEL); 3163 if (!insns) 3164 return -ENOMEM; 3165 3166 /* Copy insn structures. */ 3167 insn32 = compat_ptr(insnlist32.insns); 3168 for (n = 0; n < insnlist32.n_insns; n++) { 3169 rc = get_compat_insn(insns + n, insn32 + n); 3170 if (rc) { 3171 kfree(insns); 3172 return rc; 3173 } 3174 } 3175 3176 mutex_lock(&dev->mutex); 3177 rc = do_insnlist_ioctl(dev, insns, insnlist32.n_insns, file); 3178 mutex_unlock(&dev->mutex); 3179 kfree(insns); 3180 return rc; 3181 } 3182 3183 /* Handle 32-bit COMEDI_INSN ioctl. */ 3184 static int compat_insn(struct file *file, unsigned long arg) 3185 { 3186 struct comedi_file *cfp = file->private_data; 3187 struct comedi_device *dev = cfp->dev; 3188 struct comedi_insn insn; 3189 int rc; 3190 3191 rc = get_compat_insn(&insn, (void __user *)arg); 3192 if (rc) 3193 return rc; 3194 3195 mutex_lock(&dev->mutex); 3196 rc = do_insn_ioctl(dev, &insn, file); 3197 mutex_unlock(&dev->mutex); 3198 return rc; 3199 } 3200 3201 /* 3202 * compat_ioctl file operation. 3203 * 3204 * Returns -ENOIOCTLCMD for unrecognised ioctl codes. 3205 */ 3206 static long comedi_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 3207 { 3208 int rc; 3209 3210 switch (cmd) { 3211 case COMEDI_DEVCONFIG: 3212 case COMEDI_DEVINFO: 3213 case COMEDI_SUBDINFO: 3214 case COMEDI_BUFCONFIG: 3215 case COMEDI_BUFINFO: 3216 /* Just need to translate the pointer argument. */ 3217 arg = (unsigned long)compat_ptr(arg); 3218 rc = comedi_unlocked_ioctl(file, cmd, arg); 3219 break; 3220 case COMEDI_LOCK: 3221 case COMEDI_UNLOCK: 3222 case COMEDI_CANCEL: 3223 case COMEDI_POLL: 3224 case COMEDI_SETRSUBD: 3225 case COMEDI_SETWSUBD: 3226 /* No translation needed. */ 3227 rc = comedi_unlocked_ioctl(file, cmd, arg); 3228 break; 3229 case COMEDI32_CHANINFO: 3230 rc = compat_chaninfo(file, arg); 3231 break; 3232 case COMEDI32_RANGEINFO: 3233 rc = compat_rangeinfo(file, arg); 3234 break; 3235 case COMEDI32_CMD: 3236 rc = compat_cmd(file, arg); 3237 break; 3238 case COMEDI32_CMDTEST: 3239 rc = compat_cmdtest(file, arg); 3240 break; 3241 case COMEDI32_INSNLIST: 3242 rc = compat_insnlist(file, arg); 3243 break; 3244 case COMEDI32_INSN: 3245 rc = compat_insn(file, arg); 3246 break; 3247 default: 3248 rc = -ENOIOCTLCMD; 3249 break; 3250 } 3251 return rc; 3252 } 3253 #else 3254 #define comedi_compat_ioctl NULL 3255 #endif 3256 3257 static const struct file_operations comedi_fops = { 3258 .owner = THIS_MODULE, 3259 .unlocked_ioctl = comedi_unlocked_ioctl, 3260 .compat_ioctl = comedi_compat_ioctl, 3261 .open = comedi_open, 3262 .release = comedi_close, 3263 .read = comedi_read, 3264 .write = comedi_write, 3265 .mmap = comedi_mmap, 3266 .poll = comedi_poll, 3267 .fasync = comedi_fasync, 3268 .llseek = noop_llseek, 3269 }; 3270 3271 /** 3272 * comedi_event() - Handle events for asynchronous COMEDI command 3273 * @dev: COMEDI device. 3274 * @s: COMEDI subdevice. 3275 * Context: in_interrupt() (usually), @s->spin_lock spin-lock not held. 3276 * 3277 * If an asynchronous COMEDI command is active on the subdevice, process 3278 * any %COMEDI_CB_... event flags that have been set, usually by an 3279 * interrupt handler. These may change the run state of the asynchronous 3280 * command, wake a task, and/or send a %SIGIO signal. 3281 */ 3282 void comedi_event(struct comedi_device *dev, struct comedi_subdevice *s) 3283 { 3284 struct comedi_async *async = s->async; 3285 unsigned int events; 3286 int si_code = 0; 3287 unsigned long flags; 3288 3289 spin_lock_irqsave(&s->spin_lock, flags); 3290 3291 events = async->events; 3292 async->events = 0; 3293 if (!__comedi_is_subdevice_running(s)) { 3294 spin_unlock_irqrestore(&s->spin_lock, flags); 3295 return; 3296 } 3297 3298 if (events & COMEDI_CB_CANCEL_MASK) 3299 __comedi_clear_subdevice_runflags(s, COMEDI_SRF_RUNNING); 3300 3301 /* 3302 * Remember if an error event has occurred, so an error can be 3303 * returned the next time the user does a read() or write(). 3304 */ 3305 if (events & COMEDI_CB_ERROR_MASK) 3306 __comedi_set_subdevice_runflags(s, COMEDI_SRF_ERROR); 3307 3308 if (async->cb_mask & events) { 3309 wake_up_interruptible(&async->wait_head); 3310 si_code = async->cmd.flags & CMDF_WRITE ? POLL_OUT : POLL_IN; 3311 } 3312 3313 spin_unlock_irqrestore(&s->spin_lock, flags); 3314 3315 if (si_code) 3316 kill_fasync(&dev->async_queue, SIGIO, si_code); 3317 } 3318 EXPORT_SYMBOL_GPL(comedi_event); 3319 3320 /* Note: the ->mutex is pre-locked on successful return */ 3321 struct comedi_device *comedi_alloc_board_minor(struct device *hardware_device) 3322 { 3323 struct comedi_device *dev; 3324 struct device *csdev; 3325 unsigned int i; 3326 3327 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3328 if (!dev) 3329 return ERR_PTR(-ENOMEM); 3330 comedi_device_init(dev); 3331 comedi_set_hw_dev(dev, hardware_device); 3332 mutex_lock(&dev->mutex); 3333 mutex_lock(&comedi_board_minor_table_lock); 3334 for (i = hardware_device ? comedi_num_legacy_minors : 0; 3335 i < COMEDI_NUM_BOARD_MINORS; ++i) { 3336 if (!comedi_board_minor_table[i]) { 3337 comedi_board_minor_table[i] = dev; 3338 break; 3339 } 3340 } 3341 mutex_unlock(&comedi_board_minor_table_lock); 3342 if (i == COMEDI_NUM_BOARD_MINORS) { 3343 mutex_unlock(&dev->mutex); 3344 comedi_device_cleanup(dev); 3345 comedi_dev_put(dev); 3346 dev_err(hardware_device, 3347 "ran out of minor numbers for board device files\n"); 3348 return ERR_PTR(-EBUSY); 3349 } 3350 dev->minor = i; 3351 csdev = device_create(&comedi_class, hardware_device, 3352 MKDEV(COMEDI_MAJOR, i), NULL, "comedi%i", i); 3353 if (!IS_ERR(csdev)) 3354 dev->class_dev = get_device(csdev); 3355 3356 /* Note: dev->mutex needs to be unlocked by the caller. */ 3357 return dev; 3358 } 3359 3360 void comedi_release_hardware_device(struct device *hardware_device) 3361 { 3362 int minor; 3363 struct comedi_device *dev; 3364 3365 for (minor = comedi_num_legacy_minors; minor < COMEDI_NUM_BOARD_MINORS; 3366 minor++) { 3367 mutex_lock(&comedi_board_minor_table_lock); 3368 dev = comedi_board_minor_table[minor]; 3369 if (dev && dev->hw_dev == hardware_device) { 3370 comedi_board_minor_table[minor] = NULL; 3371 mutex_unlock(&comedi_board_minor_table_lock); 3372 comedi_free_board_dev(dev); 3373 break; 3374 } 3375 mutex_unlock(&comedi_board_minor_table_lock); 3376 } 3377 } 3378 3379 int comedi_alloc_subdevice_minor(struct comedi_subdevice *s) 3380 { 3381 struct comedi_device *dev = s->device; 3382 struct device *csdev; 3383 unsigned int i; 3384 3385 mutex_lock(&comedi_subdevice_minor_table_lock); 3386 for (i = 0; i < COMEDI_NUM_SUBDEVICE_MINORS; ++i) { 3387 if (!comedi_subdevice_minor_table[i]) { 3388 comedi_subdevice_minor_table[i] = s; 3389 break; 3390 } 3391 } 3392 mutex_unlock(&comedi_subdevice_minor_table_lock); 3393 if (i == COMEDI_NUM_SUBDEVICE_MINORS) { 3394 dev_err(dev->class_dev, 3395 "ran out of minor numbers for subdevice files\n"); 3396 return -EBUSY; 3397 } 3398 i += COMEDI_NUM_BOARD_MINORS; 3399 s->minor = i; 3400 csdev = device_create(&comedi_class, dev->class_dev, 3401 MKDEV(COMEDI_MAJOR, i), NULL, "comedi%i_subd%i", 3402 dev->minor, s->index); 3403 if (!IS_ERR(csdev)) 3404 s->class_dev = csdev; 3405 3406 return 0; 3407 } 3408 3409 void comedi_free_subdevice_minor(struct comedi_subdevice *s) 3410 { 3411 unsigned int i; 3412 3413 if (!s) 3414 return; 3415 if (s->minor < COMEDI_NUM_BOARD_MINORS || 3416 s->minor >= COMEDI_NUM_MINORS) 3417 return; 3418 3419 i = s->minor - COMEDI_NUM_BOARD_MINORS; 3420 mutex_lock(&comedi_subdevice_minor_table_lock); 3421 if (s == comedi_subdevice_minor_table[i]) 3422 comedi_subdevice_minor_table[i] = NULL; 3423 mutex_unlock(&comedi_subdevice_minor_table_lock); 3424 if (s->class_dev) { 3425 device_destroy(&comedi_class, MKDEV(COMEDI_MAJOR, s->minor)); 3426 s->class_dev = NULL; 3427 } 3428 } 3429 3430 static void comedi_cleanup_board_minors(void) 3431 { 3432 struct comedi_device *dev; 3433 unsigned int i; 3434 3435 for (i = 0; i < COMEDI_NUM_BOARD_MINORS; i++) { 3436 dev = comedi_clear_board_minor(i); 3437 comedi_free_board_dev(dev); 3438 } 3439 } 3440 3441 static int __init comedi_init(void) 3442 { 3443 int i; 3444 int retval; 3445 3446 pr_info("version " COMEDI_RELEASE " - http://www.comedi.org\n"); 3447 3448 if (comedi_num_legacy_minors > COMEDI_NUM_BOARD_MINORS) { 3449 pr_err("invalid value for module parameter \"comedi_num_legacy_minors\". Valid values are 0 through %i.\n", 3450 COMEDI_NUM_BOARD_MINORS); 3451 return -EINVAL; 3452 } 3453 3454 retval = register_chrdev_region(MKDEV(COMEDI_MAJOR, 0), 3455 COMEDI_NUM_MINORS, "comedi"); 3456 if (retval) 3457 return retval; 3458 3459 cdev_init(&comedi_cdev, &comedi_fops); 3460 comedi_cdev.owner = THIS_MODULE; 3461 3462 retval = kobject_set_name(&comedi_cdev.kobj, "comedi"); 3463 if (retval) 3464 goto out_unregister_chrdev_region; 3465 3466 retval = cdev_add(&comedi_cdev, MKDEV(COMEDI_MAJOR, 0), 3467 COMEDI_NUM_MINORS); 3468 if (retval) 3469 goto out_unregister_chrdev_region; 3470 3471 retval = class_register(&comedi_class); 3472 if (retval) { 3473 pr_err("failed to create class\n"); 3474 goto out_cdev_del; 3475 } 3476 3477 /* create devices files for legacy/manual use */ 3478 for (i = 0; i < comedi_num_legacy_minors; i++) { 3479 struct comedi_device *dev; 3480 3481 dev = comedi_alloc_board_minor(NULL); 3482 if (IS_ERR(dev)) { 3483 retval = PTR_ERR(dev); 3484 goto out_cleanup_board_minors; 3485 } 3486 /* comedi_alloc_board_minor() locked the mutex */ 3487 lockdep_assert_held(&dev->mutex); 3488 mutex_unlock(&dev->mutex); 3489 } 3490 3491 /* XXX requires /proc interface */ 3492 comedi_proc_init(); 3493 3494 return 0; 3495 3496 out_cleanup_board_minors: 3497 comedi_cleanup_board_minors(); 3498 class_unregister(&comedi_class); 3499 out_cdev_del: 3500 cdev_del(&comedi_cdev); 3501 out_unregister_chrdev_region: 3502 unregister_chrdev_region(MKDEV(COMEDI_MAJOR, 0), COMEDI_NUM_MINORS); 3503 return retval; 3504 } 3505 module_init(comedi_init); 3506 3507 static void __exit comedi_cleanup(void) 3508 { 3509 comedi_cleanup_board_minors(); 3510 class_unregister(&comedi_class); 3511 cdev_del(&comedi_cdev); 3512 unregister_chrdev_region(MKDEV(COMEDI_MAJOR, 0), COMEDI_NUM_MINORS); 3513 3514 comedi_proc_cleanup(); 3515 } 3516 module_exit(comedi_cleanup); 3517 3518 MODULE_AUTHOR("https://www.comedi.org"); 3519 MODULE_DESCRIPTION("Comedi core module"); 3520 MODULE_LICENSE("GPL"); 3521