1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * comedi/comedi_fops.c 4 * comedi kernel module 5 * 6 * COMEDI - Linux Control and Measurement Device Interface 7 * Copyright (C) 1997-2007 David A. Schleef <ds@schleef.org> 8 * compat ioctls: 9 * Author: Ian Abbott, MEV Ltd. <abbotti@mev.co.uk> 10 * Copyright (C) 2007 MEV Ltd. <http://www.mev.co.uk/> 11 */ 12 13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 15 #include <linux/module.h> 16 #include <linux/errno.h> 17 #include <linux/kernel.h> 18 #include <linux/sched/signal.h> 19 #include <linux/fcntl.h> 20 #include <linux/delay.h> 21 #include <linux/mm.h> 22 #include <linux/slab.h> 23 #include <linux/poll.h> 24 #include <linux/device.h> 25 #include <linux/fs.h> 26 #include <linux/comedi/comedidev.h> 27 #include <linux/cdev.h> 28 29 #include <linux/io.h> 30 #include <linux/uaccess.h> 31 #include <linux/compat.h> 32 33 #include "comedi_internal.h" 34 35 /* 36 * comedi_subdevice "runflags" 37 * COMEDI_SRF_RT: DEPRECATED: command is running real-time 38 * COMEDI_SRF_ERROR: indicates an COMEDI_CB_ERROR event has occurred 39 * since the last command was started 40 * COMEDI_SRF_RUNNING: command is running 41 * COMEDI_SRF_FREE_SPRIV: free s->private on detach 42 * 43 * COMEDI_SRF_BUSY_MASK: runflags that indicate the subdevice is "busy" 44 */ 45 #define COMEDI_SRF_RT BIT(1) 46 #define COMEDI_SRF_ERROR BIT(2) 47 #define COMEDI_SRF_RUNNING BIT(27) 48 #define COMEDI_SRF_FREE_SPRIV BIT(31) 49 50 #define COMEDI_SRF_BUSY_MASK (COMEDI_SRF_ERROR | COMEDI_SRF_RUNNING) 51 52 /** 53 * struct comedi_file - Per-file private data for COMEDI device 54 * @dev: COMEDI device. 55 * @read_subdev: Current "read" subdevice. 56 * @write_subdev: Current "write" subdevice. 57 * @last_detach_count: Last known detach count. 58 * @last_attached: Last known attached/detached state. 59 */ 60 struct comedi_file { 61 struct comedi_device *dev; 62 struct comedi_subdevice *read_subdev; 63 struct comedi_subdevice *write_subdev; 64 unsigned int last_detach_count; 65 unsigned int last_attached:1; 66 }; 67 68 #define COMEDI_NUM_MINORS 0x100 69 #define COMEDI_NUM_SUBDEVICE_MINORS \ 70 (COMEDI_NUM_MINORS - COMEDI_NUM_BOARD_MINORS) 71 72 static unsigned short comedi_num_legacy_minors; 73 module_param(comedi_num_legacy_minors, ushort, 0444); 74 MODULE_PARM_DESC(comedi_num_legacy_minors, 75 "number of comedi minor devices to reserve for non-auto-configured devices (default 0)" 76 ); 77 78 unsigned int comedi_default_buf_size_kb = CONFIG_COMEDI_DEFAULT_BUF_SIZE_KB; 79 module_param(comedi_default_buf_size_kb, uint, 0644); 80 MODULE_PARM_DESC(comedi_default_buf_size_kb, 81 "default asynchronous buffer size in KiB (default " 82 __MODULE_STRING(CONFIG_COMEDI_DEFAULT_BUF_SIZE_KB) ")"); 83 84 unsigned int comedi_default_buf_maxsize_kb = 85 CONFIG_COMEDI_DEFAULT_BUF_MAXSIZE_KB; 86 module_param(comedi_default_buf_maxsize_kb, uint, 0644); 87 MODULE_PARM_DESC(comedi_default_buf_maxsize_kb, 88 "default maximum size of asynchronous buffer in KiB (default " 89 __MODULE_STRING(CONFIG_COMEDI_DEFAULT_BUF_MAXSIZE_KB) ")"); 90 91 static DEFINE_MUTEX(comedi_board_minor_table_lock); 92 static struct comedi_device 93 *comedi_board_minor_table[COMEDI_NUM_BOARD_MINORS]; 94 95 static DEFINE_MUTEX(comedi_subdevice_minor_table_lock); 96 /* Note: indexed by minor - COMEDI_NUM_BOARD_MINORS. */ 97 static struct comedi_subdevice 98 *comedi_subdevice_minor_table[COMEDI_NUM_SUBDEVICE_MINORS]; 99 100 static struct cdev comedi_cdev; 101 102 static void comedi_device_init(struct comedi_device *dev) 103 { 104 kref_init(&dev->refcount); 105 spin_lock_init(&dev->spinlock); 106 mutex_init(&dev->mutex); 107 init_rwsem(&dev->attach_lock); 108 dev->minor = -1; 109 } 110 111 static void comedi_dev_kref_release(struct kref *kref) 112 { 113 struct comedi_device *dev = 114 container_of(kref, struct comedi_device, refcount); 115 116 mutex_destroy(&dev->mutex); 117 put_device(dev->class_dev); 118 kfree(dev); 119 } 120 121 /** 122 * comedi_dev_put() - Release a use of a COMEDI device 123 * @dev: COMEDI device. 124 * 125 * Must be called when a user of a COMEDI device is finished with it. 126 * When the last user of the COMEDI device calls this function, the 127 * COMEDI device is destroyed. 128 * 129 * Return: 1 if the COMEDI device is destroyed by this call or @dev is 130 * NULL, otherwise return 0. Callers must not assume the COMEDI 131 * device is still valid if this function returns 0. 132 */ 133 int comedi_dev_put(struct comedi_device *dev) 134 { 135 if (dev) 136 return kref_put(&dev->refcount, comedi_dev_kref_release); 137 return 1; 138 } 139 EXPORT_SYMBOL_GPL(comedi_dev_put); 140 141 static struct comedi_device *comedi_dev_get(struct comedi_device *dev) 142 { 143 if (dev) 144 kref_get(&dev->refcount); 145 return dev; 146 } 147 148 static void comedi_device_cleanup(struct comedi_device *dev) 149 { 150 struct module *driver_module = NULL; 151 152 if (!dev) 153 return; 154 mutex_lock(&dev->mutex); 155 if (dev->attached) 156 driver_module = dev->driver->module; 157 comedi_device_detach(dev); 158 if (driver_module && dev->use_count) 159 module_put(driver_module); 160 mutex_unlock(&dev->mutex); 161 } 162 163 static bool comedi_clear_board_dev(struct comedi_device *dev) 164 { 165 unsigned int i = dev->minor; 166 bool cleared = false; 167 168 lockdep_assert_held(&dev->mutex); 169 mutex_lock(&comedi_board_minor_table_lock); 170 if (dev == comedi_board_minor_table[i]) { 171 comedi_board_minor_table[i] = NULL; 172 cleared = true; 173 } 174 mutex_unlock(&comedi_board_minor_table_lock); 175 return cleared; 176 } 177 178 static struct comedi_device *comedi_clear_board_minor(unsigned int minor) 179 { 180 struct comedi_device *dev; 181 182 mutex_lock(&comedi_board_minor_table_lock); 183 dev = comedi_board_minor_table[minor]; 184 comedi_board_minor_table[minor] = NULL; 185 mutex_unlock(&comedi_board_minor_table_lock); 186 return dev; 187 } 188 189 static struct comedi_subdevice * 190 comedi_subdevice_from_minor(const struct comedi_device *dev, unsigned int minor) 191 { 192 struct comedi_subdevice *s; 193 unsigned int i = minor - COMEDI_NUM_BOARD_MINORS; 194 195 mutex_lock(&comedi_subdevice_minor_table_lock); 196 s = comedi_subdevice_minor_table[i]; 197 if (s && s->device != dev) 198 s = NULL; 199 mutex_unlock(&comedi_subdevice_minor_table_lock); 200 return s; 201 } 202 203 static struct comedi_device *comedi_dev_get_from_board_minor(unsigned int minor) 204 { 205 struct comedi_device *dev; 206 207 mutex_lock(&comedi_board_minor_table_lock); 208 dev = comedi_dev_get(comedi_board_minor_table[minor]); 209 mutex_unlock(&comedi_board_minor_table_lock); 210 return dev; 211 } 212 213 static struct comedi_device * 214 comedi_dev_get_from_subdevice_minor(unsigned int minor) 215 { 216 struct comedi_device *dev; 217 struct comedi_subdevice *s; 218 unsigned int i = minor - COMEDI_NUM_BOARD_MINORS; 219 220 mutex_lock(&comedi_subdevice_minor_table_lock); 221 s = comedi_subdevice_minor_table[i]; 222 dev = comedi_dev_get(s ? s->device : NULL); 223 mutex_unlock(&comedi_subdevice_minor_table_lock); 224 return dev; 225 } 226 227 /** 228 * comedi_dev_get_from_minor() - Get COMEDI device by minor device number 229 * @minor: Minor device number. 230 * 231 * Finds the COMEDI device associated with the minor device number, if any, 232 * and increments its reference count. The COMEDI device is prevented from 233 * being freed until a matching call is made to comedi_dev_put(). 234 * 235 * Return: A pointer to the COMEDI device if it exists, with its usage 236 * reference incremented. Return NULL if no COMEDI device exists with the 237 * specified minor device number. 238 */ 239 struct comedi_device *comedi_dev_get_from_minor(unsigned int minor) 240 { 241 if (minor < COMEDI_NUM_BOARD_MINORS) 242 return comedi_dev_get_from_board_minor(minor); 243 244 return comedi_dev_get_from_subdevice_minor(minor); 245 } 246 EXPORT_SYMBOL_GPL(comedi_dev_get_from_minor); 247 248 static struct comedi_subdevice * 249 comedi_read_subdevice(const struct comedi_device *dev, unsigned int minor) 250 { 251 struct comedi_subdevice *s; 252 253 lockdep_assert_held(&dev->mutex); 254 if (minor >= COMEDI_NUM_BOARD_MINORS) { 255 s = comedi_subdevice_from_minor(dev, minor); 256 if (!s || (s->subdev_flags & SDF_CMD_READ)) 257 return s; 258 } 259 return dev->read_subdev; 260 } 261 262 static struct comedi_subdevice * 263 comedi_write_subdevice(const struct comedi_device *dev, unsigned int minor) 264 { 265 struct comedi_subdevice *s; 266 267 lockdep_assert_held(&dev->mutex); 268 if (minor >= COMEDI_NUM_BOARD_MINORS) { 269 s = comedi_subdevice_from_minor(dev, minor); 270 if (!s || (s->subdev_flags & SDF_CMD_WRITE)) 271 return s; 272 } 273 return dev->write_subdev; 274 } 275 276 static void comedi_file_reset(struct file *file) 277 { 278 struct comedi_file *cfp = file->private_data; 279 struct comedi_device *dev = cfp->dev; 280 struct comedi_subdevice *s, *read_s, *write_s; 281 unsigned int minor = iminor(file_inode(file)); 282 283 read_s = dev->read_subdev; 284 write_s = dev->write_subdev; 285 if (minor >= COMEDI_NUM_BOARD_MINORS) { 286 s = comedi_subdevice_from_minor(dev, minor); 287 if (!s || s->subdev_flags & SDF_CMD_READ) 288 read_s = s; 289 if (!s || s->subdev_flags & SDF_CMD_WRITE) 290 write_s = s; 291 } 292 cfp->last_attached = dev->attached; 293 cfp->last_detach_count = dev->detach_count; 294 WRITE_ONCE(cfp->read_subdev, read_s); 295 WRITE_ONCE(cfp->write_subdev, write_s); 296 } 297 298 static void comedi_file_check(struct file *file) 299 { 300 struct comedi_file *cfp = file->private_data; 301 struct comedi_device *dev = cfp->dev; 302 303 if (cfp->last_attached != dev->attached || 304 cfp->last_detach_count != dev->detach_count) 305 comedi_file_reset(file); 306 } 307 308 static struct comedi_subdevice *comedi_file_read_subdevice(struct file *file) 309 { 310 struct comedi_file *cfp = file->private_data; 311 312 comedi_file_check(file); 313 return READ_ONCE(cfp->read_subdev); 314 } 315 316 static struct comedi_subdevice *comedi_file_write_subdevice(struct file *file) 317 { 318 struct comedi_file *cfp = file->private_data; 319 320 comedi_file_check(file); 321 return READ_ONCE(cfp->write_subdev); 322 } 323 324 static int resize_async_buffer(struct comedi_device *dev, 325 struct comedi_subdevice *s, 326 unsigned int new_size) 327 { 328 struct comedi_async *async = s->async; 329 int retval; 330 331 lockdep_assert_held(&dev->mutex); 332 333 if (new_size > async->max_bufsize) 334 return -EPERM; 335 336 if (s->busy) { 337 dev_dbg(dev->class_dev, 338 "subdevice is busy, cannot resize buffer\n"); 339 return -EBUSY; 340 } 341 if (comedi_buf_is_mmapped(s)) { 342 dev_dbg(dev->class_dev, 343 "subdevice is mmapped, cannot resize buffer\n"); 344 return -EBUSY; 345 } 346 347 /* make sure buffer is an integral number of pages (we round up) */ 348 new_size = (new_size + PAGE_SIZE - 1) & PAGE_MASK; 349 350 retval = comedi_buf_alloc(dev, s, new_size); 351 if (retval < 0) 352 return retval; 353 354 if (s->buf_change) { 355 retval = s->buf_change(dev, s); 356 if (retval < 0) 357 return retval; 358 } 359 360 dev_dbg(dev->class_dev, "subd %d buffer resized to %i bytes\n", 361 s->index, async->prealloc_bufsz); 362 return 0; 363 } 364 365 /* sysfs attribute files */ 366 367 static ssize_t max_read_buffer_kb_show(struct device *csdev, 368 struct device_attribute *attr, char *buf) 369 { 370 unsigned int minor = MINOR(csdev->devt); 371 struct comedi_device *dev; 372 struct comedi_subdevice *s; 373 unsigned int size = 0; 374 375 dev = comedi_dev_get_from_minor(minor); 376 if (!dev) 377 return -ENODEV; 378 379 mutex_lock(&dev->mutex); 380 s = comedi_read_subdevice(dev, minor); 381 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async) 382 size = s->async->max_bufsize / 1024; 383 mutex_unlock(&dev->mutex); 384 385 comedi_dev_put(dev); 386 return sysfs_emit(buf, "%u\n", size); 387 } 388 389 static ssize_t max_read_buffer_kb_store(struct device *csdev, 390 struct device_attribute *attr, 391 const char *buf, size_t count) 392 { 393 unsigned int minor = MINOR(csdev->devt); 394 struct comedi_device *dev; 395 struct comedi_subdevice *s; 396 unsigned int size; 397 int err; 398 399 err = kstrtouint(buf, 10, &size); 400 if (err) 401 return err; 402 if (size > (UINT_MAX / 1024)) 403 return -EINVAL; 404 size *= 1024; 405 406 dev = comedi_dev_get_from_minor(minor); 407 if (!dev) 408 return -ENODEV; 409 410 mutex_lock(&dev->mutex); 411 s = comedi_read_subdevice(dev, minor); 412 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async) 413 s->async->max_bufsize = size; 414 else 415 err = -EINVAL; 416 mutex_unlock(&dev->mutex); 417 418 comedi_dev_put(dev); 419 return err ? err : count; 420 } 421 static DEVICE_ATTR_RW(max_read_buffer_kb); 422 423 static ssize_t read_buffer_kb_show(struct device *csdev, 424 struct device_attribute *attr, char *buf) 425 { 426 unsigned int minor = MINOR(csdev->devt); 427 struct comedi_device *dev; 428 struct comedi_subdevice *s; 429 unsigned int size = 0; 430 431 dev = comedi_dev_get_from_minor(minor); 432 if (!dev) 433 return -ENODEV; 434 435 mutex_lock(&dev->mutex); 436 s = comedi_read_subdevice(dev, minor); 437 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async) 438 size = s->async->prealloc_bufsz / 1024; 439 mutex_unlock(&dev->mutex); 440 441 comedi_dev_put(dev); 442 return sysfs_emit(buf, "%u\n", size); 443 } 444 445 static ssize_t read_buffer_kb_store(struct device *csdev, 446 struct device_attribute *attr, 447 const char *buf, size_t count) 448 { 449 unsigned int minor = MINOR(csdev->devt); 450 struct comedi_device *dev; 451 struct comedi_subdevice *s; 452 unsigned int size; 453 int err; 454 455 err = kstrtouint(buf, 10, &size); 456 if (err) 457 return err; 458 if (size > (UINT_MAX / 1024)) 459 return -EINVAL; 460 size *= 1024; 461 462 dev = comedi_dev_get_from_minor(minor); 463 if (!dev) 464 return -ENODEV; 465 466 mutex_lock(&dev->mutex); 467 s = comedi_read_subdevice(dev, minor); 468 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async) 469 err = resize_async_buffer(dev, s, size); 470 else 471 err = -EINVAL; 472 mutex_unlock(&dev->mutex); 473 474 comedi_dev_put(dev); 475 return err ? err : count; 476 } 477 static DEVICE_ATTR_RW(read_buffer_kb); 478 479 static ssize_t max_write_buffer_kb_show(struct device *csdev, 480 struct device_attribute *attr, 481 char *buf) 482 { 483 unsigned int minor = MINOR(csdev->devt); 484 struct comedi_device *dev; 485 struct comedi_subdevice *s; 486 unsigned int size = 0; 487 488 dev = comedi_dev_get_from_minor(minor); 489 if (!dev) 490 return -ENODEV; 491 492 mutex_lock(&dev->mutex); 493 s = comedi_write_subdevice(dev, minor); 494 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async) 495 size = s->async->max_bufsize / 1024; 496 mutex_unlock(&dev->mutex); 497 498 comedi_dev_put(dev); 499 return sysfs_emit(buf, "%u\n", size); 500 } 501 502 static ssize_t max_write_buffer_kb_store(struct device *csdev, 503 struct device_attribute *attr, 504 const char *buf, size_t count) 505 { 506 unsigned int minor = MINOR(csdev->devt); 507 struct comedi_device *dev; 508 struct comedi_subdevice *s; 509 unsigned int size; 510 int err; 511 512 err = kstrtouint(buf, 10, &size); 513 if (err) 514 return err; 515 if (size > (UINT_MAX / 1024)) 516 return -EINVAL; 517 size *= 1024; 518 519 dev = comedi_dev_get_from_minor(minor); 520 if (!dev) 521 return -ENODEV; 522 523 mutex_lock(&dev->mutex); 524 s = comedi_write_subdevice(dev, minor); 525 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async) 526 s->async->max_bufsize = size; 527 else 528 err = -EINVAL; 529 mutex_unlock(&dev->mutex); 530 531 comedi_dev_put(dev); 532 return err ? err : count; 533 } 534 static DEVICE_ATTR_RW(max_write_buffer_kb); 535 536 static ssize_t write_buffer_kb_show(struct device *csdev, 537 struct device_attribute *attr, char *buf) 538 { 539 unsigned int minor = MINOR(csdev->devt); 540 struct comedi_device *dev; 541 struct comedi_subdevice *s; 542 unsigned int size = 0; 543 544 dev = comedi_dev_get_from_minor(minor); 545 if (!dev) 546 return -ENODEV; 547 548 mutex_lock(&dev->mutex); 549 s = comedi_write_subdevice(dev, minor); 550 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async) 551 size = s->async->prealloc_bufsz / 1024; 552 mutex_unlock(&dev->mutex); 553 554 comedi_dev_put(dev); 555 return sysfs_emit(buf, "%u\n", size); 556 } 557 558 static ssize_t write_buffer_kb_store(struct device *csdev, 559 struct device_attribute *attr, 560 const char *buf, size_t count) 561 { 562 unsigned int minor = MINOR(csdev->devt); 563 struct comedi_device *dev; 564 struct comedi_subdevice *s; 565 unsigned int size; 566 int err; 567 568 err = kstrtouint(buf, 10, &size); 569 if (err) 570 return err; 571 if (size > (UINT_MAX / 1024)) 572 return -EINVAL; 573 size *= 1024; 574 575 dev = comedi_dev_get_from_minor(minor); 576 if (!dev) 577 return -ENODEV; 578 579 mutex_lock(&dev->mutex); 580 s = comedi_write_subdevice(dev, minor); 581 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async) 582 err = resize_async_buffer(dev, s, size); 583 else 584 err = -EINVAL; 585 mutex_unlock(&dev->mutex); 586 587 comedi_dev_put(dev); 588 return err ? err : count; 589 } 590 static DEVICE_ATTR_RW(write_buffer_kb); 591 592 static struct attribute *comedi_dev_attrs[] = { 593 &dev_attr_max_read_buffer_kb.attr, 594 &dev_attr_read_buffer_kb.attr, 595 &dev_attr_max_write_buffer_kb.attr, 596 &dev_attr_write_buffer_kb.attr, 597 NULL, 598 }; 599 ATTRIBUTE_GROUPS(comedi_dev); 600 601 static const struct class comedi_class = { 602 .name = "comedi", 603 .dev_groups = comedi_dev_groups, 604 }; 605 606 static void comedi_free_board_dev(struct comedi_device *dev) 607 { 608 if (dev) { 609 comedi_device_cleanup(dev); 610 if (dev->class_dev) { 611 device_destroy(&comedi_class, 612 MKDEV(COMEDI_MAJOR, dev->minor)); 613 } 614 comedi_dev_put(dev); 615 } 616 } 617 618 static void __comedi_clear_subdevice_runflags(struct comedi_subdevice *s, 619 unsigned int bits) 620 { 621 s->runflags &= ~bits; 622 } 623 624 static void __comedi_set_subdevice_runflags(struct comedi_subdevice *s, 625 unsigned int bits) 626 { 627 s->runflags |= bits; 628 } 629 630 static void comedi_update_subdevice_runflags(struct comedi_subdevice *s, 631 unsigned int mask, 632 unsigned int bits) 633 { 634 unsigned long flags; 635 636 spin_lock_irqsave(&s->spin_lock, flags); 637 __comedi_clear_subdevice_runflags(s, mask); 638 __comedi_set_subdevice_runflags(s, bits & mask); 639 spin_unlock_irqrestore(&s->spin_lock, flags); 640 } 641 642 static unsigned int __comedi_get_subdevice_runflags(struct comedi_subdevice *s) 643 { 644 return s->runflags; 645 } 646 647 static unsigned int comedi_get_subdevice_runflags(struct comedi_subdevice *s) 648 { 649 unsigned long flags; 650 unsigned int runflags; 651 652 spin_lock_irqsave(&s->spin_lock, flags); 653 runflags = __comedi_get_subdevice_runflags(s); 654 spin_unlock_irqrestore(&s->spin_lock, flags); 655 return runflags; 656 } 657 658 static bool comedi_is_runflags_running(unsigned int runflags) 659 { 660 return runflags & COMEDI_SRF_RUNNING; 661 } 662 663 static bool comedi_is_runflags_in_error(unsigned int runflags) 664 { 665 return runflags & COMEDI_SRF_ERROR; 666 } 667 668 /** 669 * comedi_is_subdevice_running() - Check if async command running on subdevice 670 * @s: COMEDI subdevice. 671 * 672 * Return: %true if an asynchronous COMEDI command is active on the 673 * subdevice, else %false. 674 */ 675 bool comedi_is_subdevice_running(struct comedi_subdevice *s) 676 { 677 unsigned int runflags = comedi_get_subdevice_runflags(s); 678 679 return comedi_is_runflags_running(runflags); 680 } 681 EXPORT_SYMBOL_GPL(comedi_is_subdevice_running); 682 683 static bool __comedi_is_subdevice_running(struct comedi_subdevice *s) 684 { 685 unsigned int runflags = __comedi_get_subdevice_runflags(s); 686 687 return comedi_is_runflags_running(runflags); 688 } 689 690 bool comedi_can_auto_free_spriv(struct comedi_subdevice *s) 691 { 692 unsigned int runflags = __comedi_get_subdevice_runflags(s); 693 694 return runflags & COMEDI_SRF_FREE_SPRIV; 695 } 696 697 /** 698 * comedi_set_spriv_auto_free() - Mark subdevice private data as freeable 699 * @s: COMEDI subdevice. 700 * 701 * Mark the subdevice as having a pointer to private data that can be 702 * automatically freed when the COMEDI device is detached from the low-level 703 * driver. 704 */ 705 void comedi_set_spriv_auto_free(struct comedi_subdevice *s) 706 { 707 __comedi_set_subdevice_runflags(s, COMEDI_SRF_FREE_SPRIV); 708 } 709 EXPORT_SYMBOL_GPL(comedi_set_spriv_auto_free); 710 711 /** 712 * comedi_alloc_spriv - Allocate memory for the subdevice private data 713 * @s: COMEDI subdevice. 714 * @size: Size of the memory to allocate. 715 * 716 * Allocate memory for the subdevice private data and point @s->private 717 * to it. The memory will be freed automatically when the COMEDI device 718 * is detached from the low-level driver. 719 * 720 * Return: A pointer to the allocated memory @s->private on success. 721 * Return NULL on failure. 722 */ 723 void *comedi_alloc_spriv(struct comedi_subdevice *s, size_t size) 724 { 725 s->private = kzalloc(size, GFP_KERNEL); 726 if (s->private) 727 comedi_set_spriv_auto_free(s); 728 return s->private; 729 } 730 EXPORT_SYMBOL_GPL(comedi_alloc_spriv); 731 732 /* 733 * This function restores a subdevice to an idle state. 734 */ 735 static void do_become_nonbusy(struct comedi_device *dev, 736 struct comedi_subdevice *s) 737 { 738 struct comedi_async *async = s->async; 739 740 lockdep_assert_held(&dev->mutex); 741 comedi_update_subdevice_runflags(s, COMEDI_SRF_RUNNING, 0); 742 if (async) { 743 comedi_buf_reset(s); 744 async->inttrig = NULL; 745 kfree(async->cmd.chanlist); 746 async->cmd.chanlist = NULL; 747 s->busy = NULL; 748 wake_up_interruptible_all(&async->wait_head); 749 } else { 750 dev_err(dev->class_dev, 751 "BUG: (?) %s called with async=NULL\n", __func__); 752 s->busy = NULL; 753 } 754 } 755 756 static int do_cancel(struct comedi_device *dev, struct comedi_subdevice *s) 757 { 758 int ret = 0; 759 760 lockdep_assert_held(&dev->mutex); 761 if (comedi_is_subdevice_running(s) && s->cancel) 762 ret = s->cancel(dev, s); 763 764 do_become_nonbusy(dev, s); 765 766 return ret; 767 } 768 769 void comedi_device_cancel_all(struct comedi_device *dev) 770 { 771 struct comedi_subdevice *s; 772 int i; 773 774 lockdep_assert_held(&dev->mutex); 775 if (!dev->attached) 776 return; 777 778 for (i = 0; i < dev->n_subdevices; i++) { 779 s = &dev->subdevices[i]; 780 if (s->async) 781 do_cancel(dev, s); 782 } 783 } 784 785 static int is_device_busy(struct comedi_device *dev) 786 { 787 struct comedi_subdevice *s; 788 int i; 789 790 lockdep_assert_held(&dev->mutex); 791 if (!dev->attached) 792 return 0; 793 794 for (i = 0; i < dev->n_subdevices; i++) { 795 s = &dev->subdevices[i]; 796 if (s->busy) 797 return 1; 798 if (s->async && comedi_buf_is_mmapped(s)) 799 return 1; 800 } 801 802 return 0; 803 } 804 805 /* 806 * COMEDI_DEVCONFIG ioctl 807 * attaches (and configures) or detaches a legacy device 808 * 809 * arg: 810 * pointer to comedi_devconfig structure (NULL if detaching) 811 * 812 * reads: 813 * comedi_devconfig structure (if attaching) 814 * 815 * writes: 816 * nothing 817 */ 818 static int do_devconfig_ioctl(struct comedi_device *dev, 819 struct comedi_devconfig __user *arg) 820 { 821 struct comedi_devconfig it; 822 823 lockdep_assert_held(&dev->mutex); 824 if (!capable(CAP_SYS_ADMIN)) 825 return -EPERM; 826 827 if (!arg) { 828 if (is_device_busy(dev)) 829 return -EBUSY; 830 if (dev->attached) { 831 struct module *driver_module = dev->driver->module; 832 833 comedi_device_detach(dev); 834 module_put(driver_module); 835 } 836 return 0; 837 } 838 839 if (copy_from_user(&it, arg, sizeof(it))) 840 return -EFAULT; 841 842 it.board_name[COMEDI_NAMELEN - 1] = 0; 843 844 if (it.options[COMEDI_DEVCONF_AUX_DATA_LENGTH]) { 845 dev_warn(dev->class_dev, 846 "comedi_config --init_data is deprecated\n"); 847 return -EINVAL; 848 } 849 850 if (dev->minor >= comedi_num_legacy_minors) 851 /* don't re-use dynamically allocated comedi devices */ 852 return -EBUSY; 853 854 /* This increments the driver module count on success. */ 855 return comedi_device_attach(dev, &it); 856 } 857 858 /* 859 * COMEDI_BUFCONFIG ioctl 860 * buffer configuration 861 * 862 * arg: 863 * pointer to comedi_bufconfig structure 864 * 865 * reads: 866 * comedi_bufconfig structure 867 * 868 * writes: 869 * modified comedi_bufconfig structure 870 */ 871 static int do_bufconfig_ioctl(struct comedi_device *dev, 872 struct comedi_bufconfig __user *arg) 873 { 874 struct comedi_bufconfig bc; 875 struct comedi_async *async; 876 struct comedi_subdevice *s; 877 int retval = 0; 878 879 lockdep_assert_held(&dev->mutex); 880 if (copy_from_user(&bc, arg, sizeof(bc))) 881 return -EFAULT; 882 883 if (bc.subdevice >= dev->n_subdevices) 884 return -EINVAL; 885 886 s = &dev->subdevices[bc.subdevice]; 887 async = s->async; 888 889 if (!async) { 890 dev_dbg(dev->class_dev, 891 "subdevice does not have async capability\n"); 892 bc.size = 0; 893 bc.maximum_size = 0; 894 goto copyback; 895 } 896 897 if (bc.maximum_size) { 898 if (!capable(CAP_SYS_ADMIN)) 899 return -EPERM; 900 901 async->max_bufsize = bc.maximum_size; 902 } 903 904 if (bc.size) { 905 retval = resize_async_buffer(dev, s, bc.size); 906 if (retval < 0) 907 return retval; 908 } 909 910 bc.size = async->prealloc_bufsz; 911 bc.maximum_size = async->max_bufsize; 912 913 copyback: 914 if (copy_to_user(arg, &bc, sizeof(bc))) 915 return -EFAULT; 916 917 return 0; 918 } 919 920 /* 921 * COMEDI_DEVINFO ioctl 922 * device info 923 * 924 * arg: 925 * pointer to comedi_devinfo structure 926 * 927 * reads: 928 * nothing 929 * 930 * writes: 931 * comedi_devinfo structure 932 */ 933 static int do_devinfo_ioctl(struct comedi_device *dev, 934 struct comedi_devinfo __user *arg, 935 struct file *file) 936 { 937 struct comedi_subdevice *s; 938 struct comedi_devinfo devinfo; 939 940 lockdep_assert_held(&dev->mutex); 941 memset(&devinfo, 0, sizeof(devinfo)); 942 943 /* fill devinfo structure */ 944 devinfo.version_code = COMEDI_VERSION_CODE; 945 devinfo.n_subdevs = dev->n_subdevices; 946 strscpy(devinfo.driver_name, dev->driver->driver_name, COMEDI_NAMELEN); 947 strscpy(devinfo.board_name, dev->board_name, COMEDI_NAMELEN); 948 949 s = comedi_file_read_subdevice(file); 950 if (s) 951 devinfo.read_subdevice = s->index; 952 else 953 devinfo.read_subdevice = -1; 954 955 s = comedi_file_write_subdevice(file); 956 if (s) 957 devinfo.write_subdevice = s->index; 958 else 959 devinfo.write_subdevice = -1; 960 961 if (copy_to_user(arg, &devinfo, sizeof(devinfo))) 962 return -EFAULT; 963 964 return 0; 965 } 966 967 /* 968 * COMEDI_SUBDINFO ioctl 969 * subdevices info 970 * 971 * arg: 972 * pointer to array of comedi_subdinfo structures 973 * 974 * reads: 975 * nothing 976 * 977 * writes: 978 * array of comedi_subdinfo structures 979 */ 980 static int do_subdinfo_ioctl(struct comedi_device *dev, 981 struct comedi_subdinfo __user *arg, void *file) 982 { 983 int ret, i; 984 struct comedi_subdinfo *tmp, *us; 985 struct comedi_subdevice *s; 986 987 lockdep_assert_held(&dev->mutex); 988 tmp = kcalloc(dev->n_subdevices, sizeof(*tmp), GFP_KERNEL); 989 if (!tmp) 990 return -ENOMEM; 991 992 /* fill subdinfo structs */ 993 for (i = 0; i < dev->n_subdevices; i++) { 994 s = &dev->subdevices[i]; 995 us = tmp + i; 996 997 us->type = s->type; 998 us->n_chan = s->n_chan; 999 us->subd_flags = s->subdev_flags; 1000 if (comedi_is_subdevice_running(s)) 1001 us->subd_flags |= SDF_RUNNING; 1002 #define TIMER_nanosec 5 /* backwards compatibility */ 1003 us->timer_type = TIMER_nanosec; 1004 us->len_chanlist = s->len_chanlist; 1005 us->maxdata = s->maxdata; 1006 if (s->range_table) { 1007 us->range_type = 1008 (i << 24) | (0 << 16) | (s->range_table->length); 1009 } else { 1010 us->range_type = 0; /* XXX */ 1011 } 1012 1013 if (s->busy) 1014 us->subd_flags |= SDF_BUSY; 1015 if (s->busy == file) 1016 us->subd_flags |= SDF_BUSY_OWNER; 1017 if (s->lock) 1018 us->subd_flags |= SDF_LOCKED; 1019 if (s->lock == file) 1020 us->subd_flags |= SDF_LOCK_OWNER; 1021 if (!s->maxdata && s->maxdata_list) 1022 us->subd_flags |= SDF_MAXDATA; 1023 if (s->range_table_list) 1024 us->subd_flags |= SDF_RANGETYPE; 1025 if (s->do_cmd) 1026 us->subd_flags |= SDF_CMD; 1027 1028 if (s->insn_bits != &insn_inval) 1029 us->insn_bits_support = COMEDI_SUPPORTED; 1030 else 1031 us->insn_bits_support = COMEDI_UNSUPPORTED; 1032 } 1033 1034 ret = copy_to_user(arg, tmp, dev->n_subdevices * sizeof(*tmp)); 1035 1036 kfree(tmp); 1037 1038 return ret ? -EFAULT : 0; 1039 } 1040 1041 /* 1042 * COMEDI_CHANINFO ioctl 1043 * subdevice channel info 1044 * 1045 * arg: 1046 * pointer to comedi_chaninfo structure 1047 * 1048 * reads: 1049 * comedi_chaninfo structure 1050 * 1051 * writes: 1052 * array of maxdata values to chaninfo->maxdata_list if requested 1053 * array of range table lengths to chaninfo->range_table_list if requested 1054 */ 1055 static int do_chaninfo_ioctl(struct comedi_device *dev, 1056 struct comedi_chaninfo *it) 1057 { 1058 struct comedi_subdevice *s; 1059 1060 lockdep_assert_held(&dev->mutex); 1061 1062 if (it->subdev >= dev->n_subdevices) 1063 return -EINVAL; 1064 s = &dev->subdevices[it->subdev]; 1065 1066 if (it->maxdata_list) { 1067 if (s->maxdata || !s->maxdata_list) 1068 return -EINVAL; 1069 if (copy_to_user(it->maxdata_list, s->maxdata_list, 1070 s->n_chan * sizeof(unsigned int))) 1071 return -EFAULT; 1072 } 1073 1074 if (it->flaglist) 1075 return -EINVAL; /* flaglist not supported */ 1076 1077 if (it->rangelist) { 1078 int i; 1079 1080 if (!s->range_table_list) 1081 return -EINVAL; 1082 for (i = 0; i < s->n_chan; i++) { 1083 int x; 1084 1085 x = (dev->minor << 28) | (it->subdev << 24) | (i << 16) | 1086 (s->range_table_list[i]->length); 1087 if (put_user(x, it->rangelist + i)) 1088 return -EFAULT; 1089 } 1090 } 1091 1092 return 0; 1093 } 1094 1095 /* 1096 * COMEDI_BUFINFO ioctl 1097 * buffer information 1098 * 1099 * arg: 1100 * pointer to comedi_bufinfo structure 1101 * 1102 * reads: 1103 * comedi_bufinfo structure 1104 * 1105 * writes: 1106 * modified comedi_bufinfo structure 1107 */ 1108 static int do_bufinfo_ioctl(struct comedi_device *dev, 1109 struct comedi_bufinfo __user *arg, void *file) 1110 { 1111 struct comedi_bufinfo bi; 1112 struct comedi_subdevice *s; 1113 struct comedi_async *async; 1114 unsigned int runflags; 1115 int retval = 0; 1116 bool become_nonbusy = false; 1117 1118 lockdep_assert_held(&dev->mutex); 1119 if (copy_from_user(&bi, arg, sizeof(bi))) 1120 return -EFAULT; 1121 1122 if (bi.subdevice >= dev->n_subdevices) 1123 return -EINVAL; 1124 1125 s = &dev->subdevices[bi.subdevice]; 1126 1127 async = s->async; 1128 1129 if (!async || s->busy != file) 1130 return -EINVAL; 1131 1132 runflags = comedi_get_subdevice_runflags(s); 1133 if (!(async->cmd.flags & CMDF_WRITE)) { 1134 /* command was set up in "read" direction */ 1135 if (bi.bytes_read) { 1136 comedi_buf_read_alloc(s, bi.bytes_read); 1137 bi.bytes_read = comedi_buf_read_free(s, bi.bytes_read); 1138 } 1139 /* 1140 * If nothing left to read, and command has stopped, and 1141 * {"read" position not updated or command stopped normally}, 1142 * then become non-busy. 1143 */ 1144 if (comedi_buf_read_n_available(s) == 0 && 1145 !comedi_is_runflags_running(runflags) && 1146 (bi.bytes_read == 0 || 1147 !comedi_is_runflags_in_error(runflags))) { 1148 become_nonbusy = true; 1149 if (comedi_is_runflags_in_error(runflags)) 1150 retval = -EPIPE; 1151 } 1152 bi.bytes_written = 0; 1153 } else { 1154 /* command was set up in "write" direction */ 1155 if (!comedi_is_runflags_running(runflags)) { 1156 bi.bytes_written = 0; 1157 become_nonbusy = true; 1158 if (comedi_is_runflags_in_error(runflags)) 1159 retval = -EPIPE; 1160 } else if (bi.bytes_written) { 1161 comedi_buf_write_alloc(s, bi.bytes_written); 1162 bi.bytes_written = 1163 comedi_buf_write_free(s, bi.bytes_written); 1164 } 1165 bi.bytes_read = 0; 1166 } 1167 1168 bi.buf_write_count = async->buf_write_count; 1169 bi.buf_write_ptr = async->buf_write_ptr; 1170 bi.buf_read_count = async->buf_read_count; 1171 bi.buf_read_ptr = async->buf_read_ptr; 1172 1173 if (become_nonbusy) 1174 do_become_nonbusy(dev, s); 1175 1176 if (retval) 1177 return retval; 1178 1179 if (copy_to_user(arg, &bi, sizeof(bi))) 1180 return -EFAULT; 1181 1182 return 0; 1183 } 1184 1185 static int check_insn_config_length(struct comedi_insn *insn, 1186 unsigned int *data) 1187 { 1188 if (insn->n < 1) 1189 return -EINVAL; 1190 1191 switch (data[0]) { 1192 case INSN_CONFIG_DIO_OUTPUT: 1193 case INSN_CONFIG_DIO_INPUT: 1194 case INSN_CONFIG_DISARM: 1195 case INSN_CONFIG_RESET: 1196 if (insn->n == 1) 1197 return 0; 1198 break; 1199 case INSN_CONFIG_ARM: 1200 case INSN_CONFIG_DIO_QUERY: 1201 case INSN_CONFIG_BLOCK_SIZE: 1202 case INSN_CONFIG_FILTER: 1203 case INSN_CONFIG_SERIAL_CLOCK: 1204 case INSN_CONFIG_BIDIRECTIONAL_DATA: 1205 case INSN_CONFIG_ALT_SOURCE: 1206 case INSN_CONFIG_SET_COUNTER_MODE: 1207 case INSN_CONFIG_8254_READ_STATUS: 1208 case INSN_CONFIG_SET_ROUTING: 1209 case INSN_CONFIG_GET_ROUTING: 1210 case INSN_CONFIG_GET_PWM_STATUS: 1211 case INSN_CONFIG_PWM_SET_PERIOD: 1212 case INSN_CONFIG_PWM_GET_PERIOD: 1213 if (insn->n == 2) 1214 return 0; 1215 break; 1216 case INSN_CONFIG_SET_GATE_SRC: 1217 case INSN_CONFIG_GET_GATE_SRC: 1218 case INSN_CONFIG_SET_CLOCK_SRC: 1219 case INSN_CONFIG_GET_CLOCK_SRC: 1220 case INSN_CONFIG_SET_OTHER_SRC: 1221 case INSN_CONFIG_GET_COUNTER_STATUS: 1222 case INSN_CONFIG_GET_PWM_OUTPUT: 1223 case INSN_CONFIG_PWM_SET_H_BRIDGE: 1224 case INSN_CONFIG_PWM_GET_H_BRIDGE: 1225 case INSN_CONFIG_GET_HARDWARE_BUFFER_SIZE: 1226 if (insn->n == 3) 1227 return 0; 1228 break; 1229 case INSN_CONFIG_PWM_OUTPUT: 1230 case INSN_CONFIG_ANALOG_TRIG: 1231 case INSN_CONFIG_TIMER_1: 1232 if (insn->n == 5) 1233 return 0; 1234 break; 1235 case INSN_CONFIG_DIGITAL_TRIG: 1236 if (insn->n == 6) 1237 return 0; 1238 break; 1239 case INSN_CONFIG_GET_CMD_TIMING_CONSTRAINTS: 1240 if (insn->n >= 4) 1241 return 0; 1242 break; 1243 /* 1244 * by default we allow the insn since we don't have checks for 1245 * all possible cases yet 1246 */ 1247 default: 1248 pr_warn("No check for data length of config insn id %i is implemented\n", 1249 data[0]); 1250 pr_warn("Add a check to %s in %s\n", __func__, __FILE__); 1251 pr_warn("Assuming n=%i is correct\n", insn->n); 1252 return 0; 1253 } 1254 return -EINVAL; 1255 } 1256 1257 static int check_insn_device_config_length(struct comedi_insn *insn, 1258 unsigned int *data) 1259 { 1260 if (insn->n < 1) 1261 return -EINVAL; 1262 1263 switch (data[0]) { 1264 case INSN_DEVICE_CONFIG_TEST_ROUTE: 1265 case INSN_DEVICE_CONFIG_CONNECT_ROUTE: 1266 case INSN_DEVICE_CONFIG_DISCONNECT_ROUTE: 1267 if (insn->n == 3) 1268 return 0; 1269 break; 1270 case INSN_DEVICE_CONFIG_GET_ROUTES: 1271 /* 1272 * Big enough for config_id and the length of the userland 1273 * memory buffer. Additional length should be in factors of 2 1274 * to communicate any returned route pairs (source,destination). 1275 */ 1276 if (insn->n >= 2) 1277 return 0; 1278 break; 1279 } 1280 return -EINVAL; 1281 } 1282 1283 /** 1284 * get_valid_routes() - Calls low-level driver get_valid_routes function to 1285 * either return a count of valid routes to user, or copy 1286 * of list of all valid device routes to buffer in 1287 * userspace. 1288 * @dev: comedi device pointer 1289 * @data: data from user insn call. The length of the data must be >= 2. 1290 * data[0] must contain the INSN_DEVICE_CONFIG config_id. 1291 * data[1](input) contains the number of _pairs_ for which memory is 1292 * allotted from the user. If the user specifies '0', then only 1293 * the number of pairs available is returned. 1294 * data[1](output) returns either the number of pairs available (if none 1295 * where requested) or the number of _pairs_ that are copied back 1296 * to the user. 1297 * data[2::2] returns each (source, destination) pair. 1298 * 1299 * Return: -EINVAL if low-level driver does not allocate and return routes as 1300 * expected. Returns 0 otherwise. 1301 */ 1302 static int get_valid_routes(struct comedi_device *dev, unsigned int *data) 1303 { 1304 lockdep_assert_held(&dev->mutex); 1305 data[1] = dev->get_valid_routes(dev, data[1], data + 2); 1306 return 0; 1307 } 1308 1309 static int parse_insn(struct comedi_device *dev, struct comedi_insn *insn, 1310 unsigned int *data, void *file) 1311 { 1312 struct comedi_subdevice *s; 1313 int ret = 0; 1314 int i; 1315 1316 lockdep_assert_held(&dev->mutex); 1317 if (insn->insn & INSN_MASK_SPECIAL) { 1318 /* a non-subdevice instruction */ 1319 1320 switch (insn->insn) { 1321 case INSN_GTOD: 1322 { 1323 struct timespec64 tv; 1324 1325 if (insn->n != 2) { 1326 ret = -EINVAL; 1327 break; 1328 } 1329 1330 ktime_get_real_ts64(&tv); 1331 /* unsigned data safe until 2106 */ 1332 data[0] = (unsigned int)tv.tv_sec; 1333 data[1] = tv.tv_nsec / NSEC_PER_USEC; 1334 ret = 2; 1335 1336 break; 1337 } 1338 case INSN_WAIT: 1339 if (insn->n != 1 || data[0] >= 100000) { 1340 ret = -EINVAL; 1341 break; 1342 } 1343 udelay(data[0] / 1000); 1344 ret = 1; 1345 break; 1346 case INSN_INTTRIG: 1347 if (insn->n != 1) { 1348 ret = -EINVAL; 1349 break; 1350 } 1351 if (insn->subdev >= dev->n_subdevices) { 1352 dev_dbg(dev->class_dev, 1353 "%d not usable subdevice\n", 1354 insn->subdev); 1355 ret = -EINVAL; 1356 break; 1357 } 1358 s = &dev->subdevices[insn->subdev]; 1359 if (!s->async) { 1360 dev_dbg(dev->class_dev, "no async\n"); 1361 ret = -EINVAL; 1362 break; 1363 } 1364 if (!s->async->inttrig) { 1365 dev_dbg(dev->class_dev, "no inttrig\n"); 1366 ret = -EAGAIN; 1367 break; 1368 } 1369 ret = s->async->inttrig(dev, s, data[0]); 1370 if (ret >= 0) 1371 ret = 1; 1372 break; 1373 case INSN_DEVICE_CONFIG: 1374 ret = check_insn_device_config_length(insn, data); 1375 if (ret) 1376 break; 1377 1378 if (data[0] == INSN_DEVICE_CONFIG_GET_ROUTES) { 1379 /* 1380 * data[1] should be the number of _pairs_ that 1381 * the memory can hold. 1382 */ 1383 data[1] = (insn->n - 2) / 2; 1384 ret = get_valid_routes(dev, data); 1385 break; 1386 } 1387 1388 /* other global device config instructions. */ 1389 ret = dev->insn_device_config(dev, insn, data); 1390 break; 1391 default: 1392 dev_dbg(dev->class_dev, "invalid insn\n"); 1393 ret = -EINVAL; 1394 break; 1395 } 1396 } else { 1397 /* a subdevice instruction */ 1398 unsigned int maxdata; 1399 1400 if (insn->subdev >= dev->n_subdevices) { 1401 dev_dbg(dev->class_dev, "subdevice %d out of range\n", 1402 insn->subdev); 1403 ret = -EINVAL; 1404 goto out; 1405 } 1406 s = &dev->subdevices[insn->subdev]; 1407 1408 if (s->type == COMEDI_SUBD_UNUSED) { 1409 dev_dbg(dev->class_dev, "%d not usable subdevice\n", 1410 insn->subdev); 1411 ret = -EIO; 1412 goto out; 1413 } 1414 1415 /* are we locked? (ioctl lock) */ 1416 if (s->lock && s->lock != file) { 1417 dev_dbg(dev->class_dev, "device locked\n"); 1418 ret = -EACCES; 1419 goto out; 1420 } 1421 1422 ret = comedi_check_chanlist(s, 1, &insn->chanspec); 1423 if (ret < 0) { 1424 ret = -EINVAL; 1425 dev_dbg(dev->class_dev, "bad chanspec\n"); 1426 goto out; 1427 } 1428 1429 if (s->busy) { 1430 ret = -EBUSY; 1431 goto out; 1432 } 1433 /* This looks arbitrary. It is. */ 1434 s->busy = parse_insn; 1435 switch (insn->insn) { 1436 case INSN_READ: 1437 ret = s->insn_read(dev, s, insn, data); 1438 if (ret == -ETIMEDOUT) { 1439 dev_dbg(dev->class_dev, 1440 "subdevice %d read instruction timed out\n", 1441 s->index); 1442 } 1443 break; 1444 case INSN_WRITE: 1445 maxdata = s->maxdata_list 1446 ? s->maxdata_list[CR_CHAN(insn->chanspec)] 1447 : s->maxdata; 1448 for (i = 0; i < insn->n; ++i) { 1449 if (data[i] > maxdata) { 1450 ret = -EINVAL; 1451 dev_dbg(dev->class_dev, 1452 "bad data value(s)\n"); 1453 break; 1454 } 1455 } 1456 if (ret == 0) { 1457 ret = s->insn_write(dev, s, insn, data); 1458 if (ret == -ETIMEDOUT) { 1459 dev_dbg(dev->class_dev, 1460 "subdevice %d write instruction timed out\n", 1461 s->index); 1462 } 1463 } 1464 break; 1465 case INSN_BITS: 1466 if (insn->n != 2) { 1467 ret = -EINVAL; 1468 } else { 1469 /* 1470 * Most drivers ignore the base channel in 1471 * insn->chanspec. Fix this here if 1472 * the subdevice has <= 32 channels. 1473 */ 1474 unsigned int orig_mask = data[0]; 1475 unsigned int shift = 0; 1476 1477 if (s->n_chan <= 32) { 1478 shift = CR_CHAN(insn->chanspec); 1479 if (shift > 0) { 1480 insn->chanspec = 0; 1481 data[0] <<= shift; 1482 data[1] <<= shift; 1483 } 1484 } 1485 ret = s->insn_bits(dev, s, insn, data); 1486 data[0] = orig_mask; 1487 if (shift > 0) 1488 data[1] >>= shift; 1489 } 1490 break; 1491 case INSN_CONFIG: 1492 ret = check_insn_config_length(insn, data); 1493 if (ret) 1494 break; 1495 ret = s->insn_config(dev, s, insn, data); 1496 break; 1497 default: 1498 ret = -EINVAL; 1499 break; 1500 } 1501 1502 s->busy = NULL; 1503 } 1504 1505 out: 1506 return ret; 1507 } 1508 1509 /* 1510 * COMEDI_INSNLIST ioctl 1511 * synchronous instruction list 1512 * 1513 * arg: 1514 * pointer to comedi_insnlist structure 1515 * 1516 * reads: 1517 * comedi_insnlist structure 1518 * array of comedi_insn structures from insnlist->insns pointer 1519 * data (for writes) from insns[].data pointers 1520 * 1521 * writes: 1522 * data (for reads) to insns[].data pointers 1523 */ 1524 /* arbitrary limits */ 1525 #define MIN_SAMPLES 16 1526 #define MAX_SAMPLES 65536 1527 static int do_insnlist_ioctl(struct comedi_device *dev, 1528 struct comedi_insn *insns, 1529 unsigned int n_insns, 1530 void *file) 1531 { 1532 unsigned int *data = NULL; 1533 unsigned int max_n_data_required = MIN_SAMPLES; 1534 int i = 0; 1535 int ret = 0; 1536 1537 lockdep_assert_held(&dev->mutex); 1538 1539 /* Determine maximum memory needed for all instructions. */ 1540 for (i = 0; i < n_insns; ++i) { 1541 if (insns[i].n > MAX_SAMPLES) { 1542 dev_dbg(dev->class_dev, 1543 "number of samples too large\n"); 1544 ret = -EINVAL; 1545 goto error; 1546 } 1547 max_n_data_required = max(max_n_data_required, insns[i].n); 1548 } 1549 1550 /* Allocate scratch space for all instruction data. */ 1551 data = kmalloc_array(max_n_data_required, sizeof(unsigned int), 1552 GFP_KERNEL); 1553 if (!data) { 1554 ret = -ENOMEM; 1555 goto error; 1556 } 1557 1558 for (i = 0; i < n_insns; ++i) { 1559 unsigned int n = insns[i].n; 1560 1561 if (insns[i].insn & INSN_MASK_WRITE) { 1562 if (copy_from_user(data, insns[i].data, 1563 n * sizeof(unsigned int))) { 1564 dev_dbg(dev->class_dev, 1565 "copy_from_user failed\n"); 1566 ret = -EFAULT; 1567 goto error; 1568 } 1569 if (n < MIN_SAMPLES) { 1570 memset(&data[n], 0, (MIN_SAMPLES - n) * 1571 sizeof(unsigned int)); 1572 } 1573 } 1574 ret = parse_insn(dev, insns + i, data, file); 1575 if (ret < 0) 1576 goto error; 1577 if (insns[i].insn & INSN_MASK_READ) { 1578 if (copy_to_user(insns[i].data, data, 1579 n * sizeof(unsigned int))) { 1580 dev_dbg(dev->class_dev, 1581 "copy_to_user failed\n"); 1582 ret = -EFAULT; 1583 goto error; 1584 } 1585 } 1586 if (need_resched()) 1587 schedule(); 1588 } 1589 1590 error: 1591 kfree(data); 1592 1593 if (ret < 0) 1594 return ret; 1595 return i; 1596 } 1597 1598 #define MAX_INSNS MAX_SAMPLES 1599 static int check_insnlist_len(struct comedi_device *dev, unsigned int n_insns) 1600 { 1601 if (n_insns > MAX_INSNS) { 1602 dev_dbg(dev->class_dev, "insnlist length too large\n"); 1603 return -EINVAL; 1604 } 1605 return 0; 1606 } 1607 1608 /* 1609 * COMEDI_INSN ioctl 1610 * synchronous instruction 1611 * 1612 * arg: 1613 * pointer to comedi_insn structure 1614 * 1615 * reads: 1616 * comedi_insn structure 1617 * data (for writes) from insn->data pointer 1618 * 1619 * writes: 1620 * data (for reads) to insn->data pointer 1621 */ 1622 static int do_insn_ioctl(struct comedi_device *dev, 1623 struct comedi_insn *insn, void *file) 1624 { 1625 unsigned int *data = NULL; 1626 unsigned int n_data = MIN_SAMPLES; 1627 int ret = 0; 1628 1629 lockdep_assert_held(&dev->mutex); 1630 1631 n_data = max(n_data, insn->n); 1632 1633 /* This is where the behavior of insn and insnlist deviate. */ 1634 if (insn->n > MAX_SAMPLES) { 1635 insn->n = MAX_SAMPLES; 1636 n_data = MAX_SAMPLES; 1637 } 1638 1639 data = kmalloc_array(n_data, sizeof(unsigned int), GFP_KERNEL); 1640 if (!data) { 1641 ret = -ENOMEM; 1642 goto error; 1643 } 1644 1645 if (insn->insn & INSN_MASK_WRITE) { 1646 if (copy_from_user(data, 1647 insn->data, 1648 insn->n * sizeof(unsigned int))) { 1649 ret = -EFAULT; 1650 goto error; 1651 } 1652 if (insn->n < MIN_SAMPLES) { 1653 memset(&data[insn->n], 0, 1654 (MIN_SAMPLES - insn->n) * sizeof(unsigned int)); 1655 } 1656 } 1657 ret = parse_insn(dev, insn, data, file); 1658 if (ret < 0) 1659 goto error; 1660 if (insn->insn & INSN_MASK_READ) { 1661 if (copy_to_user(insn->data, 1662 data, 1663 insn->n * sizeof(unsigned int))) { 1664 ret = -EFAULT; 1665 goto error; 1666 } 1667 } 1668 ret = insn->n; 1669 1670 error: 1671 kfree(data); 1672 1673 return ret; 1674 } 1675 1676 static int __comedi_get_user_cmd(struct comedi_device *dev, 1677 struct comedi_cmd *cmd) 1678 { 1679 struct comedi_subdevice *s; 1680 1681 lockdep_assert_held(&dev->mutex); 1682 if (cmd->subdev >= dev->n_subdevices) { 1683 dev_dbg(dev->class_dev, "%d no such subdevice\n", cmd->subdev); 1684 return -ENODEV; 1685 } 1686 1687 s = &dev->subdevices[cmd->subdev]; 1688 1689 if (s->type == COMEDI_SUBD_UNUSED) { 1690 dev_dbg(dev->class_dev, "%d not valid subdevice\n", 1691 cmd->subdev); 1692 return -EIO; 1693 } 1694 1695 if (!s->do_cmd || !s->do_cmdtest || !s->async) { 1696 dev_dbg(dev->class_dev, 1697 "subdevice %d does not support commands\n", 1698 cmd->subdev); 1699 return -EIO; 1700 } 1701 1702 /* make sure channel/gain list isn't too long */ 1703 if (cmd->chanlist_len > s->len_chanlist) { 1704 dev_dbg(dev->class_dev, "channel/gain list too long %d > %d\n", 1705 cmd->chanlist_len, s->len_chanlist); 1706 return -EINVAL; 1707 } 1708 1709 /* 1710 * Set the CMDF_WRITE flag to the correct state if the subdevice 1711 * supports only "read" commands or only "write" commands. 1712 */ 1713 switch (s->subdev_flags & (SDF_CMD_READ | SDF_CMD_WRITE)) { 1714 case SDF_CMD_READ: 1715 cmd->flags &= ~CMDF_WRITE; 1716 break; 1717 case SDF_CMD_WRITE: 1718 cmd->flags |= CMDF_WRITE; 1719 break; 1720 default: 1721 break; 1722 } 1723 1724 return 0; 1725 } 1726 1727 static int __comedi_get_user_chanlist(struct comedi_device *dev, 1728 struct comedi_subdevice *s, 1729 unsigned int __user *user_chanlist, 1730 struct comedi_cmd *cmd) 1731 { 1732 unsigned int *chanlist; 1733 int ret; 1734 1735 lockdep_assert_held(&dev->mutex); 1736 cmd->chanlist = NULL; 1737 chanlist = memdup_array_user(user_chanlist, 1738 cmd->chanlist_len, sizeof(unsigned int)); 1739 if (IS_ERR(chanlist)) 1740 return PTR_ERR(chanlist); 1741 1742 /* make sure each element in channel/gain list is valid */ 1743 ret = comedi_check_chanlist(s, cmd->chanlist_len, chanlist); 1744 if (ret < 0) { 1745 kfree(chanlist); 1746 return ret; 1747 } 1748 1749 cmd->chanlist = chanlist; 1750 1751 return 0; 1752 } 1753 1754 /* 1755 * COMEDI_CMD ioctl 1756 * asynchronous acquisition command set-up 1757 * 1758 * arg: 1759 * pointer to comedi_cmd structure 1760 * 1761 * reads: 1762 * comedi_cmd structure 1763 * channel/range list from cmd->chanlist pointer 1764 * 1765 * writes: 1766 * possibly modified comedi_cmd structure (when -EAGAIN returned) 1767 */ 1768 static int do_cmd_ioctl(struct comedi_device *dev, 1769 struct comedi_cmd *cmd, bool *copy, void *file) 1770 { 1771 struct comedi_subdevice *s; 1772 struct comedi_async *async; 1773 unsigned int __user *user_chanlist; 1774 int ret; 1775 1776 lockdep_assert_held(&dev->mutex); 1777 1778 /* do some simple cmd validation */ 1779 ret = __comedi_get_user_cmd(dev, cmd); 1780 if (ret) 1781 return ret; 1782 1783 /* save user's chanlist pointer so it can be restored later */ 1784 user_chanlist = (unsigned int __user *)cmd->chanlist; 1785 1786 s = &dev->subdevices[cmd->subdev]; 1787 async = s->async; 1788 1789 /* are we locked? (ioctl lock) */ 1790 if (s->lock && s->lock != file) { 1791 dev_dbg(dev->class_dev, "subdevice locked\n"); 1792 return -EACCES; 1793 } 1794 1795 /* are we busy? */ 1796 if (s->busy) { 1797 dev_dbg(dev->class_dev, "subdevice busy\n"); 1798 return -EBUSY; 1799 } 1800 1801 /* make sure channel/gain list isn't too short */ 1802 if (cmd->chanlist_len < 1) { 1803 dev_dbg(dev->class_dev, "channel/gain list too short %u < 1\n", 1804 cmd->chanlist_len); 1805 return -EINVAL; 1806 } 1807 1808 async->cmd = *cmd; 1809 async->cmd.data = NULL; 1810 1811 /* load channel/gain list */ 1812 ret = __comedi_get_user_chanlist(dev, s, user_chanlist, &async->cmd); 1813 if (ret) 1814 goto cleanup; 1815 1816 ret = s->do_cmdtest(dev, s, &async->cmd); 1817 1818 if (async->cmd.flags & CMDF_BOGUS || ret) { 1819 dev_dbg(dev->class_dev, "test returned %d\n", ret); 1820 *cmd = async->cmd; 1821 /* restore chanlist pointer before copying back */ 1822 cmd->chanlist = (unsigned int __force *)user_chanlist; 1823 cmd->data = NULL; 1824 *copy = true; 1825 ret = -EAGAIN; 1826 goto cleanup; 1827 } 1828 1829 if (!async->prealloc_bufsz) { 1830 ret = -ENOMEM; 1831 dev_dbg(dev->class_dev, "no buffer (?)\n"); 1832 goto cleanup; 1833 } 1834 1835 comedi_buf_reset(s); 1836 1837 async->cb_mask = COMEDI_CB_BLOCK | COMEDI_CB_CANCEL_MASK; 1838 if (async->cmd.flags & CMDF_WAKE_EOS) 1839 async->cb_mask |= COMEDI_CB_EOS; 1840 1841 comedi_update_subdevice_runflags(s, COMEDI_SRF_BUSY_MASK, 1842 COMEDI_SRF_RUNNING); 1843 1844 /* 1845 * Set s->busy _after_ setting COMEDI_SRF_RUNNING flag to avoid 1846 * race with comedi_read() or comedi_write(). 1847 */ 1848 s->busy = file; 1849 ret = s->do_cmd(dev, s); 1850 if (ret == 0) 1851 return 0; 1852 1853 cleanup: 1854 do_become_nonbusy(dev, s); 1855 1856 return ret; 1857 } 1858 1859 /* 1860 * COMEDI_CMDTEST ioctl 1861 * asynchronous acquisition command testing 1862 * 1863 * arg: 1864 * pointer to comedi_cmd structure 1865 * 1866 * reads: 1867 * comedi_cmd structure 1868 * channel/range list from cmd->chanlist pointer 1869 * 1870 * writes: 1871 * possibly modified comedi_cmd structure 1872 */ 1873 static int do_cmdtest_ioctl(struct comedi_device *dev, 1874 struct comedi_cmd *cmd, bool *copy, void *file) 1875 { 1876 struct comedi_subdevice *s; 1877 unsigned int __user *user_chanlist; 1878 int ret; 1879 1880 lockdep_assert_held(&dev->mutex); 1881 1882 /* do some simple cmd validation */ 1883 ret = __comedi_get_user_cmd(dev, cmd); 1884 if (ret) 1885 return ret; 1886 1887 /* save user's chanlist pointer so it can be restored later */ 1888 user_chanlist = (unsigned int __user *)cmd->chanlist; 1889 1890 s = &dev->subdevices[cmd->subdev]; 1891 1892 /* user_chanlist can be NULL for COMEDI_CMDTEST ioctl */ 1893 if (user_chanlist) { 1894 /* load channel/gain list */ 1895 ret = __comedi_get_user_chanlist(dev, s, user_chanlist, cmd); 1896 if (ret) 1897 return ret; 1898 } 1899 1900 ret = s->do_cmdtest(dev, s, cmd); 1901 1902 kfree(cmd->chanlist); /* free kernel copy of user chanlist */ 1903 1904 /* restore chanlist pointer before copying back */ 1905 cmd->chanlist = (unsigned int __force *)user_chanlist; 1906 *copy = true; 1907 1908 return ret; 1909 } 1910 1911 /* 1912 * COMEDI_LOCK ioctl 1913 * lock subdevice 1914 * 1915 * arg: 1916 * subdevice number 1917 * 1918 * reads: 1919 * nothing 1920 * 1921 * writes: 1922 * nothing 1923 */ 1924 static int do_lock_ioctl(struct comedi_device *dev, unsigned long arg, 1925 void *file) 1926 { 1927 int ret = 0; 1928 unsigned long flags; 1929 struct comedi_subdevice *s; 1930 1931 lockdep_assert_held(&dev->mutex); 1932 if (arg >= dev->n_subdevices) 1933 return -EINVAL; 1934 s = &dev->subdevices[arg]; 1935 1936 spin_lock_irqsave(&s->spin_lock, flags); 1937 if (s->busy || s->lock) 1938 ret = -EBUSY; 1939 else 1940 s->lock = file; 1941 spin_unlock_irqrestore(&s->spin_lock, flags); 1942 1943 return ret; 1944 } 1945 1946 /* 1947 * COMEDI_UNLOCK ioctl 1948 * unlock subdevice 1949 * 1950 * arg: 1951 * subdevice number 1952 * 1953 * reads: 1954 * nothing 1955 * 1956 * writes: 1957 * nothing 1958 */ 1959 static int do_unlock_ioctl(struct comedi_device *dev, unsigned long arg, 1960 void *file) 1961 { 1962 struct comedi_subdevice *s; 1963 1964 lockdep_assert_held(&dev->mutex); 1965 if (arg >= dev->n_subdevices) 1966 return -EINVAL; 1967 s = &dev->subdevices[arg]; 1968 1969 if (s->busy) 1970 return -EBUSY; 1971 1972 if (s->lock && s->lock != file) 1973 return -EACCES; 1974 1975 if (s->lock == file) 1976 s->lock = NULL; 1977 1978 return 0; 1979 } 1980 1981 /* 1982 * COMEDI_CANCEL ioctl 1983 * cancel asynchronous acquisition 1984 * 1985 * arg: 1986 * subdevice number 1987 * 1988 * reads: 1989 * nothing 1990 * 1991 * writes: 1992 * nothing 1993 */ 1994 static int do_cancel_ioctl(struct comedi_device *dev, unsigned long arg, 1995 void *file) 1996 { 1997 struct comedi_subdevice *s; 1998 1999 lockdep_assert_held(&dev->mutex); 2000 if (arg >= dev->n_subdevices) 2001 return -EINVAL; 2002 s = &dev->subdevices[arg]; 2003 if (!s->async) 2004 return -EINVAL; 2005 2006 if (!s->busy) 2007 return 0; 2008 2009 if (s->busy != file) 2010 return -EBUSY; 2011 2012 return do_cancel(dev, s); 2013 } 2014 2015 /* 2016 * COMEDI_POLL ioctl 2017 * instructs driver to synchronize buffers 2018 * 2019 * arg: 2020 * subdevice number 2021 * 2022 * reads: 2023 * nothing 2024 * 2025 * writes: 2026 * nothing 2027 */ 2028 static int do_poll_ioctl(struct comedi_device *dev, unsigned long arg, 2029 void *file) 2030 { 2031 struct comedi_subdevice *s; 2032 2033 lockdep_assert_held(&dev->mutex); 2034 if (arg >= dev->n_subdevices) 2035 return -EINVAL; 2036 s = &dev->subdevices[arg]; 2037 2038 if (!s->busy) 2039 return 0; 2040 2041 if (s->busy != file) 2042 return -EBUSY; 2043 2044 if (s->poll) 2045 return s->poll(dev, s); 2046 2047 return -EINVAL; 2048 } 2049 2050 /* 2051 * COMEDI_SETRSUBD ioctl 2052 * sets the current "read" subdevice on a per-file basis 2053 * 2054 * arg: 2055 * subdevice number 2056 * 2057 * reads: 2058 * nothing 2059 * 2060 * writes: 2061 * nothing 2062 */ 2063 static int do_setrsubd_ioctl(struct comedi_device *dev, unsigned long arg, 2064 struct file *file) 2065 { 2066 struct comedi_file *cfp = file->private_data; 2067 struct comedi_subdevice *s_old, *s_new; 2068 2069 lockdep_assert_held(&dev->mutex); 2070 if (arg >= dev->n_subdevices) 2071 return -EINVAL; 2072 2073 s_new = &dev->subdevices[arg]; 2074 s_old = comedi_file_read_subdevice(file); 2075 if (s_old == s_new) 2076 return 0; /* no change */ 2077 2078 if (!(s_new->subdev_flags & SDF_CMD_READ)) 2079 return -EINVAL; 2080 2081 /* 2082 * Check the file isn't still busy handling a "read" command on the 2083 * old subdevice (if any). 2084 */ 2085 if (s_old && s_old->busy == file && s_old->async && 2086 !(s_old->async->cmd.flags & CMDF_WRITE)) 2087 return -EBUSY; 2088 2089 WRITE_ONCE(cfp->read_subdev, s_new); 2090 return 0; 2091 } 2092 2093 /* 2094 * COMEDI_SETWSUBD ioctl 2095 * sets the current "write" subdevice on a per-file basis 2096 * 2097 * arg: 2098 * subdevice number 2099 * 2100 * reads: 2101 * nothing 2102 * 2103 * writes: 2104 * nothing 2105 */ 2106 static int do_setwsubd_ioctl(struct comedi_device *dev, unsigned long arg, 2107 struct file *file) 2108 { 2109 struct comedi_file *cfp = file->private_data; 2110 struct comedi_subdevice *s_old, *s_new; 2111 2112 lockdep_assert_held(&dev->mutex); 2113 if (arg >= dev->n_subdevices) 2114 return -EINVAL; 2115 2116 s_new = &dev->subdevices[arg]; 2117 s_old = comedi_file_write_subdevice(file); 2118 if (s_old == s_new) 2119 return 0; /* no change */ 2120 2121 if (!(s_new->subdev_flags & SDF_CMD_WRITE)) 2122 return -EINVAL; 2123 2124 /* 2125 * Check the file isn't still busy handling a "write" command on the 2126 * old subdevice (if any). 2127 */ 2128 if (s_old && s_old->busy == file && s_old->async && 2129 (s_old->async->cmd.flags & CMDF_WRITE)) 2130 return -EBUSY; 2131 2132 WRITE_ONCE(cfp->write_subdev, s_new); 2133 return 0; 2134 } 2135 2136 static long comedi_unlocked_ioctl(struct file *file, unsigned int cmd, 2137 unsigned long arg) 2138 { 2139 unsigned int minor = iminor(file_inode(file)); 2140 struct comedi_file *cfp = file->private_data; 2141 struct comedi_device *dev = cfp->dev; 2142 int rc; 2143 2144 mutex_lock(&dev->mutex); 2145 2146 /* 2147 * Device config is special, because it must work on 2148 * an unconfigured device. 2149 */ 2150 if (cmd == COMEDI_DEVCONFIG) { 2151 if (minor >= COMEDI_NUM_BOARD_MINORS) { 2152 /* Device config not appropriate on non-board minors. */ 2153 rc = -ENOTTY; 2154 goto done; 2155 } 2156 rc = do_devconfig_ioctl(dev, 2157 (struct comedi_devconfig __user *)arg); 2158 if (rc == 0) { 2159 if (arg == 0 && 2160 dev->minor >= comedi_num_legacy_minors) { 2161 /* 2162 * Successfully unconfigured a dynamically 2163 * allocated device. Try and remove it. 2164 */ 2165 if (comedi_clear_board_dev(dev)) { 2166 mutex_unlock(&dev->mutex); 2167 comedi_free_board_dev(dev); 2168 return rc; 2169 } 2170 } 2171 } 2172 goto done; 2173 } 2174 2175 if (!dev->attached) { 2176 dev_dbg(dev->class_dev, "no driver attached\n"); 2177 rc = -ENODEV; 2178 goto done; 2179 } 2180 2181 switch (cmd) { 2182 case COMEDI_BUFCONFIG: 2183 rc = do_bufconfig_ioctl(dev, 2184 (struct comedi_bufconfig __user *)arg); 2185 break; 2186 case COMEDI_DEVINFO: 2187 rc = do_devinfo_ioctl(dev, (struct comedi_devinfo __user *)arg, 2188 file); 2189 break; 2190 case COMEDI_SUBDINFO: 2191 rc = do_subdinfo_ioctl(dev, 2192 (struct comedi_subdinfo __user *)arg, 2193 file); 2194 break; 2195 case COMEDI_CHANINFO: { 2196 struct comedi_chaninfo it; 2197 2198 if (copy_from_user(&it, (void __user *)arg, sizeof(it))) 2199 rc = -EFAULT; 2200 else 2201 rc = do_chaninfo_ioctl(dev, &it); 2202 break; 2203 } 2204 case COMEDI_RANGEINFO: { 2205 struct comedi_rangeinfo it; 2206 2207 if (copy_from_user(&it, (void __user *)arg, sizeof(it))) 2208 rc = -EFAULT; 2209 else 2210 rc = do_rangeinfo_ioctl(dev, &it); 2211 break; 2212 } 2213 case COMEDI_BUFINFO: 2214 rc = do_bufinfo_ioctl(dev, 2215 (struct comedi_bufinfo __user *)arg, 2216 file); 2217 break; 2218 case COMEDI_LOCK: 2219 rc = do_lock_ioctl(dev, arg, file); 2220 break; 2221 case COMEDI_UNLOCK: 2222 rc = do_unlock_ioctl(dev, arg, file); 2223 break; 2224 case COMEDI_CANCEL: 2225 rc = do_cancel_ioctl(dev, arg, file); 2226 break; 2227 case COMEDI_CMD: { 2228 struct comedi_cmd cmd; 2229 bool copy = false; 2230 2231 if (copy_from_user(&cmd, (void __user *)arg, sizeof(cmd))) { 2232 rc = -EFAULT; 2233 break; 2234 } 2235 rc = do_cmd_ioctl(dev, &cmd, ©, file); 2236 if (copy && copy_to_user((void __user *)arg, &cmd, sizeof(cmd))) 2237 rc = -EFAULT; 2238 break; 2239 } 2240 case COMEDI_CMDTEST: { 2241 struct comedi_cmd cmd; 2242 bool copy = false; 2243 2244 if (copy_from_user(&cmd, (void __user *)arg, sizeof(cmd))) { 2245 rc = -EFAULT; 2246 break; 2247 } 2248 rc = do_cmdtest_ioctl(dev, &cmd, ©, file); 2249 if (copy && copy_to_user((void __user *)arg, &cmd, sizeof(cmd))) 2250 rc = -EFAULT; 2251 break; 2252 } 2253 case COMEDI_INSNLIST: { 2254 struct comedi_insnlist insnlist; 2255 struct comedi_insn *insns = NULL; 2256 2257 if (copy_from_user(&insnlist, (void __user *)arg, 2258 sizeof(insnlist))) { 2259 rc = -EFAULT; 2260 break; 2261 } 2262 rc = check_insnlist_len(dev, insnlist.n_insns); 2263 if (rc) 2264 break; 2265 insns = kcalloc(insnlist.n_insns, sizeof(*insns), GFP_KERNEL); 2266 if (!insns) { 2267 rc = -ENOMEM; 2268 break; 2269 } 2270 if (copy_from_user(insns, insnlist.insns, 2271 sizeof(*insns) * insnlist.n_insns)) { 2272 rc = -EFAULT; 2273 kfree(insns); 2274 break; 2275 } 2276 rc = do_insnlist_ioctl(dev, insns, insnlist.n_insns, file); 2277 kfree(insns); 2278 break; 2279 } 2280 case COMEDI_INSN: { 2281 struct comedi_insn insn; 2282 2283 if (copy_from_user(&insn, (void __user *)arg, sizeof(insn))) 2284 rc = -EFAULT; 2285 else 2286 rc = do_insn_ioctl(dev, &insn, file); 2287 break; 2288 } 2289 case COMEDI_POLL: 2290 rc = do_poll_ioctl(dev, arg, file); 2291 break; 2292 case COMEDI_SETRSUBD: 2293 rc = do_setrsubd_ioctl(dev, arg, file); 2294 break; 2295 case COMEDI_SETWSUBD: 2296 rc = do_setwsubd_ioctl(dev, arg, file); 2297 break; 2298 default: 2299 rc = -ENOTTY; 2300 break; 2301 } 2302 2303 done: 2304 mutex_unlock(&dev->mutex); 2305 return rc; 2306 } 2307 2308 static void comedi_vm_open(struct vm_area_struct *area) 2309 { 2310 struct comedi_buf_map *bm; 2311 2312 bm = area->vm_private_data; 2313 comedi_buf_map_get(bm); 2314 } 2315 2316 static void comedi_vm_close(struct vm_area_struct *area) 2317 { 2318 struct comedi_buf_map *bm; 2319 2320 bm = area->vm_private_data; 2321 comedi_buf_map_put(bm); 2322 } 2323 2324 static int comedi_vm_access(struct vm_area_struct *vma, unsigned long addr, 2325 void *buf, int len, int write) 2326 { 2327 struct comedi_buf_map *bm = vma->vm_private_data; 2328 unsigned long offset = 2329 addr - vma->vm_start + (vma->vm_pgoff << PAGE_SHIFT); 2330 2331 if (len < 0) 2332 return -EINVAL; 2333 if (len > vma->vm_end - addr) 2334 len = vma->vm_end - addr; 2335 return comedi_buf_map_access(bm, offset, buf, len, write); 2336 } 2337 2338 static const struct vm_operations_struct comedi_vm_ops = { 2339 .open = comedi_vm_open, 2340 .close = comedi_vm_close, 2341 .access = comedi_vm_access, 2342 }; 2343 2344 static int comedi_mmap(struct file *file, struct vm_area_struct *vma) 2345 { 2346 struct comedi_file *cfp = file->private_data; 2347 struct comedi_device *dev = cfp->dev; 2348 struct comedi_subdevice *s; 2349 struct comedi_async *async; 2350 struct comedi_buf_map *bm = NULL; 2351 struct comedi_buf_page *buf; 2352 unsigned long start = vma->vm_start; 2353 unsigned long size; 2354 int n_pages; 2355 int i; 2356 int retval = 0; 2357 2358 /* 2359 * 'trylock' avoids circular dependency with current->mm->mmap_lock 2360 * and down-reading &dev->attach_lock should normally succeed without 2361 * contention unless the device is in the process of being attached 2362 * or detached. 2363 */ 2364 if (!down_read_trylock(&dev->attach_lock)) 2365 return -EAGAIN; 2366 2367 if (!dev->attached) { 2368 dev_dbg(dev->class_dev, "no driver attached\n"); 2369 retval = -ENODEV; 2370 goto done; 2371 } 2372 2373 if (vma->vm_flags & VM_WRITE) 2374 s = comedi_file_write_subdevice(file); 2375 else 2376 s = comedi_file_read_subdevice(file); 2377 if (!s) { 2378 retval = -EINVAL; 2379 goto done; 2380 } 2381 2382 async = s->async; 2383 if (!async) { 2384 retval = -EINVAL; 2385 goto done; 2386 } 2387 2388 if (vma->vm_pgoff != 0) { 2389 dev_dbg(dev->class_dev, "mmap() offset must be 0.\n"); 2390 retval = -EINVAL; 2391 goto done; 2392 } 2393 2394 size = vma->vm_end - vma->vm_start; 2395 if (size > async->prealloc_bufsz) { 2396 retval = -EFAULT; 2397 goto done; 2398 } 2399 if (offset_in_page(size)) { 2400 retval = -EFAULT; 2401 goto done; 2402 } 2403 2404 n_pages = vma_pages(vma); 2405 2406 /* get reference to current buf map (if any) */ 2407 bm = comedi_buf_map_from_subdev_get(s); 2408 if (!bm || n_pages > bm->n_pages) { 2409 retval = -EINVAL; 2410 goto done; 2411 } 2412 if (bm->dma_dir != DMA_NONE) { 2413 unsigned long vm_start = vma->vm_start; 2414 unsigned long vm_end = vma->vm_end; 2415 2416 /* 2417 * Buffer pages are not contiguous, so temporarily modify VMA 2418 * start and end addresses for each buffer page. 2419 */ 2420 for (i = 0; i < n_pages; ++i) { 2421 buf = &bm->page_list[i]; 2422 vma->vm_start = start; 2423 vma->vm_end = start + PAGE_SIZE; 2424 retval = dma_mmap_coherent(bm->dma_hw_dev, vma, 2425 buf->virt_addr, 2426 buf->dma_addr, PAGE_SIZE); 2427 if (retval) 2428 break; 2429 2430 start += PAGE_SIZE; 2431 } 2432 vma->vm_start = vm_start; 2433 vma->vm_end = vm_end; 2434 } else { 2435 for (i = 0; i < n_pages; ++i) { 2436 unsigned long pfn; 2437 2438 buf = &bm->page_list[i]; 2439 pfn = page_to_pfn(virt_to_page(buf->virt_addr)); 2440 retval = remap_pfn_range(vma, start, pfn, PAGE_SIZE, 2441 PAGE_SHARED); 2442 if (retval) 2443 break; 2444 2445 start += PAGE_SIZE; 2446 } 2447 } 2448 2449 #ifdef CONFIG_MMU 2450 /* 2451 * Leaving behind a partial mapping of a buffer we're about to drop is 2452 * unsafe, see remap_pfn_range_notrack(). We need to zap the range 2453 * here ourselves instead of relying on the automatic zapping in 2454 * remap_pfn_range() because we call remap_pfn_range() in a loop. 2455 */ 2456 if (retval) 2457 zap_vma_ptes(vma, vma->vm_start, size); 2458 #endif 2459 2460 if (retval == 0) { 2461 vma->vm_ops = &comedi_vm_ops; 2462 vma->vm_private_data = bm; 2463 2464 vma->vm_ops->open(vma); 2465 } 2466 2467 done: 2468 up_read(&dev->attach_lock); 2469 comedi_buf_map_put(bm); /* put reference to buf map - okay if NULL */ 2470 return retval; 2471 } 2472 2473 static __poll_t comedi_poll(struct file *file, poll_table *wait) 2474 { 2475 __poll_t mask = 0; 2476 struct comedi_file *cfp = file->private_data; 2477 struct comedi_device *dev = cfp->dev; 2478 struct comedi_subdevice *s, *s_read; 2479 2480 down_read(&dev->attach_lock); 2481 2482 if (!dev->attached) { 2483 dev_dbg(dev->class_dev, "no driver attached\n"); 2484 goto done; 2485 } 2486 2487 s = comedi_file_read_subdevice(file); 2488 s_read = s; 2489 if (s && s->async) { 2490 poll_wait(file, &s->async->wait_head, wait); 2491 if (s->busy != file || !comedi_is_subdevice_running(s) || 2492 (s->async->cmd.flags & CMDF_WRITE) || 2493 comedi_buf_read_n_available(s) > 0) 2494 mask |= EPOLLIN | EPOLLRDNORM; 2495 } 2496 2497 s = comedi_file_write_subdevice(file); 2498 if (s && s->async) { 2499 unsigned int bps = comedi_bytes_per_sample(s); 2500 2501 if (s != s_read) 2502 poll_wait(file, &s->async->wait_head, wait); 2503 if (s->busy != file || !comedi_is_subdevice_running(s) || 2504 !(s->async->cmd.flags & CMDF_WRITE) || 2505 comedi_buf_write_n_available(s) >= bps) 2506 mask |= EPOLLOUT | EPOLLWRNORM; 2507 } 2508 2509 done: 2510 up_read(&dev->attach_lock); 2511 return mask; 2512 } 2513 2514 static unsigned int comedi_buf_copy_to_user(struct comedi_subdevice *s, 2515 void __user *dest, unsigned int src_offset, unsigned int n) 2516 { 2517 struct comedi_buf_map *bm = s->async->buf_map; 2518 struct comedi_buf_page *buf_page_list = bm->page_list; 2519 unsigned int page = src_offset >> PAGE_SHIFT; 2520 unsigned int offset = offset_in_page(src_offset); 2521 2522 while (n) { 2523 unsigned int copy_amount = min(n, PAGE_SIZE - offset); 2524 unsigned int uncopied; 2525 2526 uncopied = copy_to_user(dest, buf_page_list[page].virt_addr + 2527 offset, copy_amount); 2528 copy_amount -= uncopied; 2529 n -= copy_amount; 2530 if (uncopied) 2531 break; 2532 2533 dest += copy_amount; 2534 page++; 2535 if (page == bm->n_pages) 2536 page = 0; /* buffer wraparound */ 2537 offset = 0; 2538 } 2539 return n; 2540 } 2541 2542 static unsigned int comedi_buf_copy_from_user(struct comedi_subdevice *s, 2543 unsigned int dst_offset, const void __user *src, unsigned int n) 2544 { 2545 struct comedi_buf_map *bm = s->async->buf_map; 2546 struct comedi_buf_page *buf_page_list = bm->page_list; 2547 unsigned int page = dst_offset >> PAGE_SHIFT; 2548 unsigned int offset = offset_in_page(dst_offset); 2549 2550 while (n) { 2551 unsigned int copy_amount = min(n, PAGE_SIZE - offset); 2552 unsigned int uncopied; 2553 2554 uncopied = copy_from_user(buf_page_list[page].virt_addr + 2555 offset, src, copy_amount); 2556 copy_amount -= uncopied; 2557 n -= copy_amount; 2558 if (uncopied) 2559 break; 2560 2561 src += copy_amount; 2562 page++; 2563 if (page == bm->n_pages) 2564 page = 0; /* buffer wraparound */ 2565 offset = 0; 2566 } 2567 return n; 2568 } 2569 2570 static ssize_t comedi_write(struct file *file, const char __user *buf, 2571 size_t nbytes, loff_t *offset) 2572 { 2573 struct comedi_subdevice *s; 2574 struct comedi_async *async; 2575 unsigned int n, m; 2576 ssize_t count = 0; 2577 int retval = 0; 2578 DECLARE_WAITQUEUE(wait, current); 2579 struct comedi_file *cfp = file->private_data; 2580 struct comedi_device *dev = cfp->dev; 2581 bool become_nonbusy = false; 2582 bool attach_locked; 2583 unsigned int old_detach_count; 2584 2585 /* Protect against device detachment during operation. */ 2586 down_read(&dev->attach_lock); 2587 attach_locked = true; 2588 old_detach_count = dev->detach_count; 2589 2590 if (!dev->attached) { 2591 dev_dbg(dev->class_dev, "no driver attached\n"); 2592 retval = -ENODEV; 2593 goto out; 2594 } 2595 2596 s = comedi_file_write_subdevice(file); 2597 if (!s || !s->async) { 2598 retval = -EIO; 2599 goto out; 2600 } 2601 2602 async = s->async; 2603 if (s->busy != file || !(async->cmd.flags & CMDF_WRITE)) { 2604 retval = -EINVAL; 2605 goto out; 2606 } 2607 2608 add_wait_queue(&async->wait_head, &wait); 2609 while (count == 0 && !retval) { 2610 unsigned int runflags; 2611 2612 set_current_state(TASK_INTERRUPTIBLE); 2613 2614 runflags = comedi_get_subdevice_runflags(s); 2615 if (!comedi_is_runflags_running(runflags)) { 2616 if (comedi_is_runflags_in_error(runflags)) 2617 retval = -EPIPE; 2618 if (retval || nbytes) 2619 become_nonbusy = true; 2620 break; 2621 } 2622 if (nbytes == 0) 2623 break; 2624 2625 /* Allocate all free buffer space. */ 2626 comedi_buf_write_alloc(s, async->prealloc_bufsz); 2627 m = comedi_buf_write_n_allocated(s); 2628 n = min_t(size_t, m, nbytes); 2629 2630 if (n == 0) { 2631 if (file->f_flags & O_NONBLOCK) { 2632 retval = -EAGAIN; 2633 break; 2634 } 2635 schedule(); 2636 if (signal_pending(current)) { 2637 retval = -ERESTARTSYS; 2638 break; 2639 } 2640 if (s->busy != file || 2641 !(async->cmd.flags & CMDF_WRITE)) { 2642 retval = -EINVAL; 2643 break; 2644 } 2645 continue; 2646 } 2647 2648 set_current_state(TASK_RUNNING); 2649 m = comedi_buf_copy_from_user(s, async->buf_write_ptr, buf, n); 2650 if (m) { 2651 n -= m; 2652 retval = -EFAULT; 2653 } 2654 comedi_buf_write_free(s, n); 2655 2656 count += n; 2657 nbytes -= n; 2658 2659 buf += n; 2660 } 2661 remove_wait_queue(&async->wait_head, &wait); 2662 set_current_state(TASK_RUNNING); 2663 if (become_nonbusy && count == 0) { 2664 struct comedi_subdevice *new_s; 2665 2666 /* 2667 * To avoid deadlock, cannot acquire dev->mutex 2668 * while dev->attach_lock is held. 2669 */ 2670 up_read(&dev->attach_lock); 2671 attach_locked = false; 2672 mutex_lock(&dev->mutex); 2673 /* 2674 * Check device hasn't become detached behind our back. 2675 * Checking dev->detach_count is unchanged ought to be 2676 * sufficient (unless there have been 2**32 detaches in the 2677 * meantime!), but check the subdevice pointer as well just in 2678 * case. 2679 * 2680 * Also check the subdevice is still in a suitable state to 2681 * become non-busy in case it changed behind our back. 2682 */ 2683 new_s = comedi_file_write_subdevice(file); 2684 if (dev->attached && old_detach_count == dev->detach_count && 2685 s == new_s && new_s->async == async && s->busy == file && 2686 (async->cmd.flags & CMDF_WRITE) && 2687 !comedi_is_subdevice_running(s)) 2688 do_become_nonbusy(dev, s); 2689 mutex_unlock(&dev->mutex); 2690 } 2691 out: 2692 if (attach_locked) 2693 up_read(&dev->attach_lock); 2694 2695 return count ? count : retval; 2696 } 2697 2698 static ssize_t comedi_read(struct file *file, char __user *buf, size_t nbytes, 2699 loff_t *offset) 2700 { 2701 struct comedi_subdevice *s; 2702 struct comedi_async *async; 2703 unsigned int n, m; 2704 ssize_t count = 0; 2705 int retval = 0; 2706 DECLARE_WAITQUEUE(wait, current); 2707 struct comedi_file *cfp = file->private_data; 2708 struct comedi_device *dev = cfp->dev; 2709 unsigned int old_detach_count; 2710 bool become_nonbusy = false; 2711 bool attach_locked; 2712 2713 /* Protect against device detachment during operation. */ 2714 down_read(&dev->attach_lock); 2715 attach_locked = true; 2716 old_detach_count = dev->detach_count; 2717 2718 if (!dev->attached) { 2719 dev_dbg(dev->class_dev, "no driver attached\n"); 2720 retval = -ENODEV; 2721 goto out; 2722 } 2723 2724 s = comedi_file_read_subdevice(file); 2725 if (!s || !s->async) { 2726 retval = -EIO; 2727 goto out; 2728 } 2729 2730 async = s->async; 2731 if (s->busy != file || (async->cmd.flags & CMDF_WRITE)) { 2732 retval = -EINVAL; 2733 goto out; 2734 } 2735 2736 add_wait_queue(&async->wait_head, &wait); 2737 while (count == 0 && !retval) { 2738 set_current_state(TASK_INTERRUPTIBLE); 2739 2740 m = comedi_buf_read_n_available(s); 2741 n = min_t(size_t, m, nbytes); 2742 2743 if (n == 0) { 2744 unsigned int runflags = 2745 comedi_get_subdevice_runflags(s); 2746 2747 if (!comedi_is_runflags_running(runflags)) { 2748 if (comedi_is_runflags_in_error(runflags)) 2749 retval = -EPIPE; 2750 if (retval || nbytes) 2751 become_nonbusy = true; 2752 break; 2753 } 2754 if (nbytes == 0) 2755 break; 2756 if (file->f_flags & O_NONBLOCK) { 2757 retval = -EAGAIN; 2758 break; 2759 } 2760 schedule(); 2761 if (signal_pending(current)) { 2762 retval = -ERESTARTSYS; 2763 break; 2764 } 2765 if (s->busy != file || 2766 (async->cmd.flags & CMDF_WRITE)) { 2767 retval = -EINVAL; 2768 break; 2769 } 2770 continue; 2771 } 2772 2773 set_current_state(TASK_RUNNING); 2774 m = comedi_buf_copy_to_user(s, buf, async->buf_read_ptr, n); 2775 if (m) { 2776 n -= m; 2777 retval = -EFAULT; 2778 } 2779 2780 comedi_buf_read_alloc(s, n); 2781 comedi_buf_read_free(s, n); 2782 2783 count += n; 2784 nbytes -= n; 2785 2786 buf += n; 2787 } 2788 remove_wait_queue(&async->wait_head, &wait); 2789 set_current_state(TASK_RUNNING); 2790 if (become_nonbusy && count == 0) { 2791 struct comedi_subdevice *new_s; 2792 2793 /* 2794 * To avoid deadlock, cannot acquire dev->mutex 2795 * while dev->attach_lock is held. 2796 */ 2797 up_read(&dev->attach_lock); 2798 attach_locked = false; 2799 mutex_lock(&dev->mutex); 2800 /* 2801 * Check device hasn't become detached behind our back. 2802 * Checking dev->detach_count is unchanged ought to be 2803 * sufficient (unless there have been 2**32 detaches in the 2804 * meantime!), but check the subdevice pointer as well just in 2805 * case. 2806 * 2807 * Also check the subdevice is still in a suitable state to 2808 * become non-busy in case it changed behind our back. 2809 */ 2810 new_s = comedi_file_read_subdevice(file); 2811 if (dev->attached && old_detach_count == dev->detach_count && 2812 s == new_s && new_s->async == async && s->busy == file && 2813 !(async->cmd.flags & CMDF_WRITE) && 2814 !comedi_is_subdevice_running(s) && 2815 comedi_buf_read_n_available(s) == 0) 2816 do_become_nonbusy(dev, s); 2817 mutex_unlock(&dev->mutex); 2818 } 2819 out: 2820 if (attach_locked) 2821 up_read(&dev->attach_lock); 2822 2823 return count ? count : retval; 2824 } 2825 2826 static int comedi_open(struct inode *inode, struct file *file) 2827 { 2828 const unsigned int minor = iminor(inode); 2829 struct comedi_file *cfp; 2830 struct comedi_device *dev = comedi_dev_get_from_minor(minor); 2831 int rc; 2832 2833 if (!dev) { 2834 pr_debug("invalid minor number\n"); 2835 return -ENODEV; 2836 } 2837 2838 cfp = kzalloc(sizeof(*cfp), GFP_KERNEL); 2839 if (!cfp) { 2840 comedi_dev_put(dev); 2841 return -ENOMEM; 2842 } 2843 2844 cfp->dev = dev; 2845 2846 mutex_lock(&dev->mutex); 2847 if (!dev->attached && !capable(CAP_SYS_ADMIN)) { 2848 dev_dbg(dev->class_dev, "not attached and not CAP_SYS_ADMIN\n"); 2849 rc = -ENODEV; 2850 goto out; 2851 } 2852 if (dev->attached && dev->use_count == 0) { 2853 if (!try_module_get(dev->driver->module)) { 2854 rc = -ENXIO; 2855 goto out; 2856 } 2857 if (dev->open) { 2858 rc = dev->open(dev); 2859 if (rc < 0) { 2860 module_put(dev->driver->module); 2861 goto out; 2862 } 2863 } 2864 } 2865 2866 dev->use_count++; 2867 file->private_data = cfp; 2868 comedi_file_reset(file); 2869 rc = 0; 2870 2871 out: 2872 mutex_unlock(&dev->mutex); 2873 if (rc) { 2874 comedi_dev_put(dev); 2875 kfree(cfp); 2876 } 2877 return rc; 2878 } 2879 2880 static int comedi_fasync(int fd, struct file *file, int on) 2881 { 2882 struct comedi_file *cfp = file->private_data; 2883 struct comedi_device *dev = cfp->dev; 2884 2885 return fasync_helper(fd, file, on, &dev->async_queue); 2886 } 2887 2888 static int comedi_close(struct inode *inode, struct file *file) 2889 { 2890 struct comedi_file *cfp = file->private_data; 2891 struct comedi_device *dev = cfp->dev; 2892 struct comedi_subdevice *s = NULL; 2893 int i; 2894 2895 mutex_lock(&dev->mutex); 2896 2897 if (dev->subdevices) { 2898 for (i = 0; i < dev->n_subdevices; i++) { 2899 s = &dev->subdevices[i]; 2900 2901 if (s->busy == file) 2902 do_cancel(dev, s); 2903 if (s->lock == file) 2904 s->lock = NULL; 2905 } 2906 } 2907 if (dev->attached && dev->use_count == 1) { 2908 if (dev->close) 2909 dev->close(dev); 2910 module_put(dev->driver->module); 2911 } 2912 2913 dev->use_count--; 2914 2915 mutex_unlock(&dev->mutex); 2916 comedi_dev_put(dev); 2917 kfree(cfp); 2918 2919 return 0; 2920 } 2921 2922 #ifdef CONFIG_COMPAT 2923 2924 #define COMEDI32_CHANINFO _IOR(CIO, 3, struct comedi32_chaninfo_struct) 2925 #define COMEDI32_RANGEINFO _IOR(CIO, 8, struct comedi32_rangeinfo_struct) 2926 /* 2927 * N.B. COMEDI32_CMD and COMEDI_CMD ought to use _IOWR, not _IOR. 2928 * It's too late to change it now, but it only affects the command number. 2929 */ 2930 #define COMEDI32_CMD _IOR(CIO, 9, struct comedi32_cmd_struct) 2931 /* 2932 * N.B. COMEDI32_CMDTEST and COMEDI_CMDTEST ought to use _IOWR, not _IOR. 2933 * It's too late to change it now, but it only affects the command number. 2934 */ 2935 #define COMEDI32_CMDTEST _IOR(CIO, 10, struct comedi32_cmd_struct) 2936 #define COMEDI32_INSNLIST _IOR(CIO, 11, struct comedi32_insnlist_struct) 2937 #define COMEDI32_INSN _IOR(CIO, 12, struct comedi32_insn_struct) 2938 2939 struct comedi32_chaninfo_struct { 2940 unsigned int subdev; 2941 compat_uptr_t maxdata_list; /* 32-bit 'unsigned int *' */ 2942 compat_uptr_t flaglist; /* 32-bit 'unsigned int *' */ 2943 compat_uptr_t rangelist; /* 32-bit 'unsigned int *' */ 2944 unsigned int unused[4]; 2945 }; 2946 2947 struct comedi32_rangeinfo_struct { 2948 unsigned int range_type; 2949 compat_uptr_t range_ptr; /* 32-bit 'void *' */ 2950 }; 2951 2952 struct comedi32_cmd_struct { 2953 unsigned int subdev; 2954 unsigned int flags; 2955 unsigned int start_src; 2956 unsigned int start_arg; 2957 unsigned int scan_begin_src; 2958 unsigned int scan_begin_arg; 2959 unsigned int convert_src; 2960 unsigned int convert_arg; 2961 unsigned int scan_end_src; 2962 unsigned int scan_end_arg; 2963 unsigned int stop_src; 2964 unsigned int stop_arg; 2965 compat_uptr_t chanlist; /* 32-bit 'unsigned int *' */ 2966 unsigned int chanlist_len; 2967 compat_uptr_t data; /* 32-bit 'short *' */ 2968 unsigned int data_len; 2969 }; 2970 2971 struct comedi32_insn_struct { 2972 unsigned int insn; 2973 unsigned int n; 2974 compat_uptr_t data; /* 32-bit 'unsigned int *' */ 2975 unsigned int subdev; 2976 unsigned int chanspec; 2977 unsigned int unused[3]; 2978 }; 2979 2980 struct comedi32_insnlist_struct { 2981 unsigned int n_insns; 2982 compat_uptr_t insns; /* 32-bit 'struct comedi_insn *' */ 2983 }; 2984 2985 /* Handle 32-bit COMEDI_CHANINFO ioctl. */ 2986 static int compat_chaninfo(struct file *file, unsigned long arg) 2987 { 2988 struct comedi_file *cfp = file->private_data; 2989 struct comedi_device *dev = cfp->dev; 2990 struct comedi32_chaninfo_struct chaninfo32; 2991 struct comedi_chaninfo chaninfo; 2992 int err; 2993 2994 if (copy_from_user(&chaninfo32, compat_ptr(arg), sizeof(chaninfo32))) 2995 return -EFAULT; 2996 2997 memset(&chaninfo, 0, sizeof(chaninfo)); 2998 chaninfo.subdev = chaninfo32.subdev; 2999 chaninfo.maxdata_list = compat_ptr(chaninfo32.maxdata_list); 3000 chaninfo.flaglist = compat_ptr(chaninfo32.flaglist); 3001 chaninfo.rangelist = compat_ptr(chaninfo32.rangelist); 3002 3003 mutex_lock(&dev->mutex); 3004 err = do_chaninfo_ioctl(dev, &chaninfo); 3005 mutex_unlock(&dev->mutex); 3006 return err; 3007 } 3008 3009 /* Handle 32-bit COMEDI_RANGEINFO ioctl. */ 3010 static int compat_rangeinfo(struct file *file, unsigned long arg) 3011 { 3012 struct comedi_file *cfp = file->private_data; 3013 struct comedi_device *dev = cfp->dev; 3014 struct comedi32_rangeinfo_struct rangeinfo32; 3015 struct comedi_rangeinfo rangeinfo; 3016 int err; 3017 3018 if (copy_from_user(&rangeinfo32, compat_ptr(arg), sizeof(rangeinfo32))) 3019 return -EFAULT; 3020 memset(&rangeinfo, 0, sizeof(rangeinfo)); 3021 rangeinfo.range_type = rangeinfo32.range_type; 3022 rangeinfo.range_ptr = compat_ptr(rangeinfo32.range_ptr); 3023 3024 mutex_lock(&dev->mutex); 3025 err = do_rangeinfo_ioctl(dev, &rangeinfo); 3026 mutex_unlock(&dev->mutex); 3027 return err; 3028 } 3029 3030 /* Copy 32-bit cmd structure to native cmd structure. */ 3031 static int get_compat_cmd(struct comedi_cmd *cmd, 3032 struct comedi32_cmd_struct __user *cmd32) 3033 { 3034 struct comedi32_cmd_struct v32; 3035 3036 if (copy_from_user(&v32, cmd32, sizeof(v32))) 3037 return -EFAULT; 3038 3039 cmd->subdev = v32.subdev; 3040 cmd->flags = v32.flags; 3041 cmd->start_src = v32.start_src; 3042 cmd->start_arg = v32.start_arg; 3043 cmd->scan_begin_src = v32.scan_begin_src; 3044 cmd->scan_begin_arg = v32.scan_begin_arg; 3045 cmd->convert_src = v32.convert_src; 3046 cmd->convert_arg = v32.convert_arg; 3047 cmd->scan_end_src = v32.scan_end_src; 3048 cmd->scan_end_arg = v32.scan_end_arg; 3049 cmd->stop_src = v32.stop_src; 3050 cmd->stop_arg = v32.stop_arg; 3051 cmd->chanlist = (unsigned int __force *)compat_ptr(v32.chanlist); 3052 cmd->chanlist_len = v32.chanlist_len; 3053 cmd->data = compat_ptr(v32.data); 3054 cmd->data_len = v32.data_len; 3055 return 0; 3056 } 3057 3058 /* Copy native cmd structure to 32-bit cmd structure. */ 3059 static int put_compat_cmd(struct comedi32_cmd_struct __user *cmd32, 3060 struct comedi_cmd *cmd) 3061 { 3062 struct comedi32_cmd_struct v32; 3063 3064 memset(&v32, 0, sizeof(v32)); 3065 v32.subdev = cmd->subdev; 3066 v32.flags = cmd->flags; 3067 v32.start_src = cmd->start_src; 3068 v32.start_arg = cmd->start_arg; 3069 v32.scan_begin_src = cmd->scan_begin_src; 3070 v32.scan_begin_arg = cmd->scan_begin_arg; 3071 v32.convert_src = cmd->convert_src; 3072 v32.convert_arg = cmd->convert_arg; 3073 v32.scan_end_src = cmd->scan_end_src; 3074 v32.scan_end_arg = cmd->scan_end_arg; 3075 v32.stop_src = cmd->stop_src; 3076 v32.stop_arg = cmd->stop_arg; 3077 /* Assume chanlist pointer is unchanged. */ 3078 v32.chanlist = ptr_to_compat((unsigned int __user *)cmd->chanlist); 3079 v32.chanlist_len = cmd->chanlist_len; 3080 v32.data = ptr_to_compat(cmd->data); 3081 v32.data_len = cmd->data_len; 3082 if (copy_to_user(cmd32, &v32, sizeof(v32))) 3083 return -EFAULT; 3084 return 0; 3085 } 3086 3087 /* Handle 32-bit COMEDI_CMD ioctl. */ 3088 static int compat_cmd(struct file *file, unsigned long arg) 3089 { 3090 struct comedi_file *cfp = file->private_data; 3091 struct comedi_device *dev = cfp->dev; 3092 struct comedi_cmd cmd; 3093 bool copy = false; 3094 int rc, err; 3095 3096 rc = get_compat_cmd(&cmd, compat_ptr(arg)); 3097 if (rc) 3098 return rc; 3099 3100 mutex_lock(&dev->mutex); 3101 rc = do_cmd_ioctl(dev, &cmd, ©, file); 3102 mutex_unlock(&dev->mutex); 3103 if (copy) { 3104 /* Special case: copy cmd back to user. */ 3105 err = put_compat_cmd(compat_ptr(arg), &cmd); 3106 if (err) 3107 rc = err; 3108 } 3109 return rc; 3110 } 3111 3112 /* Handle 32-bit COMEDI_CMDTEST ioctl. */ 3113 static int compat_cmdtest(struct file *file, unsigned long arg) 3114 { 3115 struct comedi_file *cfp = file->private_data; 3116 struct comedi_device *dev = cfp->dev; 3117 struct comedi_cmd cmd; 3118 bool copy = false; 3119 int rc, err; 3120 3121 rc = get_compat_cmd(&cmd, compat_ptr(arg)); 3122 if (rc) 3123 return rc; 3124 3125 mutex_lock(&dev->mutex); 3126 rc = do_cmdtest_ioctl(dev, &cmd, ©, file); 3127 mutex_unlock(&dev->mutex); 3128 if (copy) { 3129 err = put_compat_cmd(compat_ptr(arg), &cmd); 3130 if (err) 3131 rc = err; 3132 } 3133 return rc; 3134 } 3135 3136 /* Copy 32-bit insn structure to native insn structure. */ 3137 static int get_compat_insn(struct comedi_insn *insn, 3138 struct comedi32_insn_struct __user *insn32) 3139 { 3140 struct comedi32_insn_struct v32; 3141 3142 /* Copy insn structure. Ignore the unused members. */ 3143 if (copy_from_user(&v32, insn32, sizeof(v32))) 3144 return -EFAULT; 3145 memset(insn, 0, sizeof(*insn)); 3146 insn->insn = v32.insn; 3147 insn->n = v32.n; 3148 insn->data = compat_ptr(v32.data); 3149 insn->subdev = v32.subdev; 3150 insn->chanspec = v32.chanspec; 3151 return 0; 3152 } 3153 3154 /* Handle 32-bit COMEDI_INSNLIST ioctl. */ 3155 static int compat_insnlist(struct file *file, unsigned long arg) 3156 { 3157 struct comedi_file *cfp = file->private_data; 3158 struct comedi_device *dev = cfp->dev; 3159 struct comedi32_insnlist_struct insnlist32; 3160 struct comedi32_insn_struct __user *insn32; 3161 struct comedi_insn *insns; 3162 unsigned int n; 3163 int rc; 3164 3165 if (copy_from_user(&insnlist32, compat_ptr(arg), sizeof(insnlist32))) 3166 return -EFAULT; 3167 3168 rc = check_insnlist_len(dev, insnlist32.n_insns); 3169 if (rc) 3170 return rc; 3171 insns = kcalloc(insnlist32.n_insns, sizeof(*insns), GFP_KERNEL); 3172 if (!insns) 3173 return -ENOMEM; 3174 3175 /* Copy insn structures. */ 3176 insn32 = compat_ptr(insnlist32.insns); 3177 for (n = 0; n < insnlist32.n_insns; n++) { 3178 rc = get_compat_insn(insns + n, insn32 + n); 3179 if (rc) { 3180 kfree(insns); 3181 return rc; 3182 } 3183 } 3184 3185 mutex_lock(&dev->mutex); 3186 rc = do_insnlist_ioctl(dev, insns, insnlist32.n_insns, file); 3187 mutex_unlock(&dev->mutex); 3188 kfree(insns); 3189 return rc; 3190 } 3191 3192 /* Handle 32-bit COMEDI_INSN ioctl. */ 3193 static int compat_insn(struct file *file, unsigned long arg) 3194 { 3195 struct comedi_file *cfp = file->private_data; 3196 struct comedi_device *dev = cfp->dev; 3197 struct comedi_insn insn; 3198 int rc; 3199 3200 rc = get_compat_insn(&insn, (void __user *)arg); 3201 if (rc) 3202 return rc; 3203 3204 mutex_lock(&dev->mutex); 3205 rc = do_insn_ioctl(dev, &insn, file); 3206 mutex_unlock(&dev->mutex); 3207 return rc; 3208 } 3209 3210 /* 3211 * compat_ioctl file operation. 3212 * 3213 * Returns -ENOIOCTLCMD for unrecognised ioctl codes. 3214 */ 3215 static long comedi_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 3216 { 3217 int rc; 3218 3219 switch (cmd) { 3220 case COMEDI_DEVCONFIG: 3221 case COMEDI_DEVINFO: 3222 case COMEDI_SUBDINFO: 3223 case COMEDI_BUFCONFIG: 3224 case COMEDI_BUFINFO: 3225 /* Just need to translate the pointer argument. */ 3226 arg = (unsigned long)compat_ptr(arg); 3227 rc = comedi_unlocked_ioctl(file, cmd, arg); 3228 break; 3229 case COMEDI_LOCK: 3230 case COMEDI_UNLOCK: 3231 case COMEDI_CANCEL: 3232 case COMEDI_POLL: 3233 case COMEDI_SETRSUBD: 3234 case COMEDI_SETWSUBD: 3235 /* No translation needed. */ 3236 rc = comedi_unlocked_ioctl(file, cmd, arg); 3237 break; 3238 case COMEDI32_CHANINFO: 3239 rc = compat_chaninfo(file, arg); 3240 break; 3241 case COMEDI32_RANGEINFO: 3242 rc = compat_rangeinfo(file, arg); 3243 break; 3244 case COMEDI32_CMD: 3245 rc = compat_cmd(file, arg); 3246 break; 3247 case COMEDI32_CMDTEST: 3248 rc = compat_cmdtest(file, arg); 3249 break; 3250 case COMEDI32_INSNLIST: 3251 rc = compat_insnlist(file, arg); 3252 break; 3253 case COMEDI32_INSN: 3254 rc = compat_insn(file, arg); 3255 break; 3256 default: 3257 rc = -ENOIOCTLCMD; 3258 break; 3259 } 3260 return rc; 3261 } 3262 #else 3263 #define comedi_compat_ioctl NULL 3264 #endif 3265 3266 static const struct file_operations comedi_fops = { 3267 .owner = THIS_MODULE, 3268 .unlocked_ioctl = comedi_unlocked_ioctl, 3269 .compat_ioctl = comedi_compat_ioctl, 3270 .open = comedi_open, 3271 .release = comedi_close, 3272 .read = comedi_read, 3273 .write = comedi_write, 3274 .mmap = comedi_mmap, 3275 .poll = comedi_poll, 3276 .fasync = comedi_fasync, 3277 .llseek = noop_llseek, 3278 }; 3279 3280 /** 3281 * comedi_event() - Handle events for asynchronous COMEDI command 3282 * @dev: COMEDI device. 3283 * @s: COMEDI subdevice. 3284 * Context: in_interrupt() (usually), @s->spin_lock spin-lock not held. 3285 * 3286 * If an asynchronous COMEDI command is active on the subdevice, process 3287 * any %COMEDI_CB_... event flags that have been set, usually by an 3288 * interrupt handler. These may change the run state of the asynchronous 3289 * command, wake a task, and/or send a %SIGIO signal. 3290 */ 3291 void comedi_event(struct comedi_device *dev, struct comedi_subdevice *s) 3292 { 3293 struct comedi_async *async = s->async; 3294 unsigned int events; 3295 int si_code = 0; 3296 unsigned long flags; 3297 3298 spin_lock_irqsave(&s->spin_lock, flags); 3299 3300 events = async->events; 3301 async->events = 0; 3302 if (!__comedi_is_subdevice_running(s)) { 3303 spin_unlock_irqrestore(&s->spin_lock, flags); 3304 return; 3305 } 3306 3307 if (events & COMEDI_CB_CANCEL_MASK) 3308 __comedi_clear_subdevice_runflags(s, COMEDI_SRF_RUNNING); 3309 3310 /* 3311 * Remember if an error event has occurred, so an error can be 3312 * returned the next time the user does a read() or write(). 3313 */ 3314 if (events & COMEDI_CB_ERROR_MASK) 3315 __comedi_set_subdevice_runflags(s, COMEDI_SRF_ERROR); 3316 3317 if (async->cb_mask & events) { 3318 wake_up_interruptible(&async->wait_head); 3319 si_code = async->cmd.flags & CMDF_WRITE ? POLL_OUT : POLL_IN; 3320 } 3321 3322 spin_unlock_irqrestore(&s->spin_lock, flags); 3323 3324 if (si_code) 3325 kill_fasync(&dev->async_queue, SIGIO, si_code); 3326 } 3327 EXPORT_SYMBOL_GPL(comedi_event); 3328 3329 /* Note: the ->mutex is pre-locked on successful return */ 3330 struct comedi_device *comedi_alloc_board_minor(struct device *hardware_device) 3331 { 3332 struct comedi_device *dev; 3333 struct device *csdev; 3334 unsigned int i; 3335 3336 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3337 if (!dev) 3338 return ERR_PTR(-ENOMEM); 3339 comedi_device_init(dev); 3340 comedi_set_hw_dev(dev, hardware_device); 3341 mutex_lock(&dev->mutex); 3342 mutex_lock(&comedi_board_minor_table_lock); 3343 for (i = hardware_device ? comedi_num_legacy_minors : 0; 3344 i < COMEDI_NUM_BOARD_MINORS; ++i) { 3345 if (!comedi_board_minor_table[i]) { 3346 comedi_board_minor_table[i] = dev; 3347 break; 3348 } 3349 } 3350 mutex_unlock(&comedi_board_minor_table_lock); 3351 if (i == COMEDI_NUM_BOARD_MINORS) { 3352 mutex_unlock(&dev->mutex); 3353 comedi_device_cleanup(dev); 3354 comedi_dev_put(dev); 3355 dev_err(hardware_device, 3356 "ran out of minor numbers for board device files\n"); 3357 return ERR_PTR(-EBUSY); 3358 } 3359 dev->minor = i; 3360 csdev = device_create(&comedi_class, hardware_device, 3361 MKDEV(COMEDI_MAJOR, i), NULL, "comedi%i", i); 3362 if (!IS_ERR(csdev)) 3363 dev->class_dev = get_device(csdev); 3364 3365 /* Note: dev->mutex needs to be unlocked by the caller. */ 3366 return dev; 3367 } 3368 3369 void comedi_release_hardware_device(struct device *hardware_device) 3370 { 3371 int minor; 3372 struct comedi_device *dev; 3373 3374 for (minor = comedi_num_legacy_minors; minor < COMEDI_NUM_BOARD_MINORS; 3375 minor++) { 3376 mutex_lock(&comedi_board_minor_table_lock); 3377 dev = comedi_board_minor_table[minor]; 3378 if (dev && dev->hw_dev == hardware_device) { 3379 comedi_board_minor_table[minor] = NULL; 3380 mutex_unlock(&comedi_board_minor_table_lock); 3381 comedi_free_board_dev(dev); 3382 break; 3383 } 3384 mutex_unlock(&comedi_board_minor_table_lock); 3385 } 3386 } 3387 3388 int comedi_alloc_subdevice_minor(struct comedi_subdevice *s) 3389 { 3390 struct comedi_device *dev = s->device; 3391 struct device *csdev; 3392 unsigned int i; 3393 3394 mutex_lock(&comedi_subdevice_minor_table_lock); 3395 for (i = 0; i < COMEDI_NUM_SUBDEVICE_MINORS; ++i) { 3396 if (!comedi_subdevice_minor_table[i]) { 3397 comedi_subdevice_minor_table[i] = s; 3398 break; 3399 } 3400 } 3401 mutex_unlock(&comedi_subdevice_minor_table_lock); 3402 if (i == COMEDI_NUM_SUBDEVICE_MINORS) { 3403 dev_err(dev->class_dev, 3404 "ran out of minor numbers for subdevice files\n"); 3405 return -EBUSY; 3406 } 3407 i += COMEDI_NUM_BOARD_MINORS; 3408 s->minor = i; 3409 csdev = device_create(&comedi_class, dev->class_dev, 3410 MKDEV(COMEDI_MAJOR, i), NULL, "comedi%i_subd%i", 3411 dev->minor, s->index); 3412 if (!IS_ERR(csdev)) 3413 s->class_dev = csdev; 3414 3415 return 0; 3416 } 3417 3418 void comedi_free_subdevice_minor(struct comedi_subdevice *s) 3419 { 3420 unsigned int i; 3421 3422 if (!s) 3423 return; 3424 if (s->minor < COMEDI_NUM_BOARD_MINORS || 3425 s->minor >= COMEDI_NUM_MINORS) 3426 return; 3427 3428 i = s->minor - COMEDI_NUM_BOARD_MINORS; 3429 mutex_lock(&comedi_subdevice_minor_table_lock); 3430 if (s == comedi_subdevice_minor_table[i]) 3431 comedi_subdevice_minor_table[i] = NULL; 3432 mutex_unlock(&comedi_subdevice_minor_table_lock); 3433 if (s->class_dev) { 3434 device_destroy(&comedi_class, MKDEV(COMEDI_MAJOR, s->minor)); 3435 s->class_dev = NULL; 3436 } 3437 } 3438 3439 static void comedi_cleanup_board_minors(void) 3440 { 3441 struct comedi_device *dev; 3442 unsigned int i; 3443 3444 for (i = 0; i < COMEDI_NUM_BOARD_MINORS; i++) { 3445 dev = comedi_clear_board_minor(i); 3446 comedi_free_board_dev(dev); 3447 } 3448 } 3449 3450 static int __init comedi_init(void) 3451 { 3452 int i; 3453 int retval; 3454 3455 pr_info("version " COMEDI_RELEASE " - http://www.comedi.org\n"); 3456 3457 if (comedi_num_legacy_minors > COMEDI_NUM_BOARD_MINORS) { 3458 pr_err("invalid value for module parameter \"comedi_num_legacy_minors\". Valid values are 0 through %i.\n", 3459 COMEDI_NUM_BOARD_MINORS); 3460 return -EINVAL; 3461 } 3462 3463 retval = register_chrdev_region(MKDEV(COMEDI_MAJOR, 0), 3464 COMEDI_NUM_MINORS, "comedi"); 3465 if (retval) 3466 return retval; 3467 3468 cdev_init(&comedi_cdev, &comedi_fops); 3469 comedi_cdev.owner = THIS_MODULE; 3470 3471 retval = kobject_set_name(&comedi_cdev.kobj, "comedi"); 3472 if (retval) 3473 goto out_unregister_chrdev_region; 3474 3475 retval = cdev_add(&comedi_cdev, MKDEV(COMEDI_MAJOR, 0), 3476 COMEDI_NUM_MINORS); 3477 if (retval) 3478 goto out_unregister_chrdev_region; 3479 3480 retval = class_register(&comedi_class); 3481 if (retval) { 3482 pr_err("failed to create class\n"); 3483 goto out_cdev_del; 3484 } 3485 3486 /* create devices files for legacy/manual use */ 3487 for (i = 0; i < comedi_num_legacy_minors; i++) { 3488 struct comedi_device *dev; 3489 3490 dev = comedi_alloc_board_minor(NULL); 3491 if (IS_ERR(dev)) { 3492 retval = PTR_ERR(dev); 3493 goto out_cleanup_board_minors; 3494 } 3495 /* comedi_alloc_board_minor() locked the mutex */ 3496 lockdep_assert_held(&dev->mutex); 3497 mutex_unlock(&dev->mutex); 3498 } 3499 3500 /* XXX requires /proc interface */ 3501 comedi_proc_init(); 3502 3503 return 0; 3504 3505 out_cleanup_board_minors: 3506 comedi_cleanup_board_minors(); 3507 class_unregister(&comedi_class); 3508 out_cdev_del: 3509 cdev_del(&comedi_cdev); 3510 out_unregister_chrdev_region: 3511 unregister_chrdev_region(MKDEV(COMEDI_MAJOR, 0), COMEDI_NUM_MINORS); 3512 return retval; 3513 } 3514 module_init(comedi_init); 3515 3516 static void __exit comedi_cleanup(void) 3517 { 3518 comedi_cleanup_board_minors(); 3519 class_unregister(&comedi_class); 3520 cdev_del(&comedi_cdev); 3521 unregister_chrdev_region(MKDEV(COMEDI_MAJOR, 0), COMEDI_NUM_MINORS); 3522 3523 comedi_proc_cleanup(); 3524 } 3525 module_exit(comedi_cleanup); 3526 3527 MODULE_AUTHOR("https://www.comedi.org"); 3528 MODULE_DESCRIPTION("Comedi core module"); 3529 MODULE_LICENSE("GPL"); 3530