1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Routines for driver control interface 4 * Copyright (c) by Jaroslav Kysela <perex@perex.cz> 5 */ 6 7 #include <linux/threads.h> 8 #include <linux/interrupt.h> 9 #include <linux/module.h> 10 #include <linux/moduleparam.h> 11 #include <linux/slab.h> 12 #include <linux/vmalloc.h> 13 #include <linux/time.h> 14 #include <linux/mm.h> 15 #include <linux/math64.h> 16 #include <linux/sched/signal.h> 17 #include <sound/core.h> 18 #include <sound/minors.h> 19 #include <sound/info.h> 20 #include <sound/control.h> 21 22 // Max allocation size for user controls. 23 static int max_user_ctl_alloc_size = 8 * 1024 * 1024; 24 module_param_named(max_user_ctl_alloc_size, max_user_ctl_alloc_size, int, 0444); 25 MODULE_PARM_DESC(max_user_ctl_alloc_size, "Max allocation size for user controls"); 26 27 #define MAX_CONTROL_COUNT 1028 28 29 struct snd_kctl_ioctl { 30 struct list_head list; /* list of all ioctls */ 31 snd_kctl_ioctl_func_t fioctl; 32 }; 33 34 static DECLARE_RWSEM(snd_ioctl_rwsem); 35 static DECLARE_RWSEM(snd_ctl_layer_rwsem); 36 static LIST_HEAD(snd_control_ioctls); 37 #ifdef CONFIG_COMPAT 38 static LIST_HEAD(snd_control_compat_ioctls); 39 #endif 40 static struct snd_ctl_layer_ops *snd_ctl_layer; 41 42 static int snd_ctl_remove_locked(struct snd_card *card, 43 struct snd_kcontrol *kcontrol); 44 45 static int snd_ctl_open(struct inode *inode, struct file *file) 46 { 47 struct snd_card *card; 48 struct snd_ctl_file *ctl; 49 int i, err; 50 51 err = stream_open(inode, file); 52 if (err < 0) 53 return err; 54 55 card = snd_lookup_minor_data(iminor(inode), SNDRV_DEVICE_TYPE_CONTROL); 56 if (!card) { 57 err = -ENODEV; 58 goto __error1; 59 } 60 err = snd_card_file_add(card, file); 61 if (err < 0) { 62 err = -ENODEV; 63 goto __error1; 64 } 65 if (!try_module_get(card->module)) { 66 err = -EFAULT; 67 goto __error2; 68 } 69 ctl = kzalloc(sizeof(*ctl), GFP_KERNEL); 70 if (ctl == NULL) { 71 err = -ENOMEM; 72 goto __error; 73 } 74 INIT_LIST_HEAD(&ctl->events); 75 init_waitqueue_head(&ctl->change_sleep); 76 spin_lock_init(&ctl->read_lock); 77 ctl->card = card; 78 for (i = 0; i < SND_CTL_SUBDEV_ITEMS; i++) 79 ctl->preferred_subdevice[i] = -1; 80 ctl->pid = get_pid(task_pid(current)); 81 file->private_data = ctl; 82 scoped_guard(write_lock_irqsave, &card->ctl_files_rwlock) 83 list_add_tail(&ctl->list, &card->ctl_files); 84 snd_card_unref(card); 85 return 0; 86 87 __error: 88 module_put(card->module); 89 __error2: 90 snd_card_file_remove(card, file); 91 __error1: 92 if (card) 93 snd_card_unref(card); 94 return err; 95 } 96 97 static void snd_ctl_empty_read_queue(struct snd_ctl_file * ctl) 98 { 99 struct snd_kctl_event *cread; 100 101 guard(spinlock_irqsave)(&ctl->read_lock); 102 while (!list_empty(&ctl->events)) { 103 cread = snd_kctl_event(ctl->events.next); 104 list_del(&cread->list); 105 kfree(cread); 106 } 107 } 108 109 static int snd_ctl_release(struct inode *inode, struct file *file) 110 { 111 struct snd_card *card; 112 struct snd_ctl_file *ctl; 113 struct snd_kcontrol *control; 114 unsigned int idx; 115 116 ctl = file->private_data; 117 file->private_data = NULL; 118 card = ctl->card; 119 120 scoped_guard(write_lock_irqsave, &card->ctl_files_rwlock) 121 list_del(&ctl->list); 122 123 scoped_guard(rwsem_write, &card->controls_rwsem) { 124 list_for_each_entry(control, &card->controls, list) 125 for (idx = 0; idx < control->count; idx++) 126 if (control->vd[idx].owner == ctl) 127 control->vd[idx].owner = NULL; 128 } 129 130 snd_fasync_free(ctl->fasync); 131 snd_ctl_empty_read_queue(ctl); 132 put_pid(ctl->pid); 133 kfree(ctl); 134 module_put(card->module); 135 snd_card_file_remove(card, file); 136 return 0; 137 } 138 139 /** 140 * snd_ctl_notify - Send notification to user-space for a control change 141 * @card: the card to send notification 142 * @mask: the event mask, SNDRV_CTL_EVENT_* 143 * @id: the ctl element id to send notification 144 * 145 * This function adds an event record with the given id and mask, appends 146 * to the list and wakes up the user-space for notification. This can be 147 * called in the atomic context. 148 */ 149 void snd_ctl_notify(struct snd_card *card, unsigned int mask, 150 struct snd_ctl_elem_id *id) 151 { 152 struct snd_ctl_file *ctl; 153 struct snd_kctl_event *ev; 154 155 if (snd_BUG_ON(!card || !id)) 156 return; 157 if (card->shutdown) 158 return; 159 160 guard(read_lock_irqsave)(&card->ctl_files_rwlock); 161 #if IS_ENABLED(CONFIG_SND_MIXER_OSS) 162 card->mixer_oss_change_count++; 163 #endif 164 list_for_each_entry(ctl, &card->ctl_files, list) { 165 if (!ctl->subscribed) 166 continue; 167 scoped_guard(spinlock, &ctl->read_lock) { 168 list_for_each_entry(ev, &ctl->events, list) { 169 if (ev->id.numid == id->numid) { 170 ev->mask |= mask; 171 goto _found; 172 } 173 } 174 ev = kzalloc(sizeof(*ev), GFP_ATOMIC); 175 if (ev) { 176 ev->id = *id; 177 ev->mask = mask; 178 list_add_tail(&ev->list, &ctl->events); 179 } else { 180 dev_err(card->dev, "No memory available to allocate event\n"); 181 } 182 _found: 183 wake_up(&ctl->change_sleep); 184 } 185 snd_kill_fasync(ctl->fasync, SIGIO, POLL_IN); 186 } 187 } 188 EXPORT_SYMBOL(snd_ctl_notify); 189 190 /** 191 * snd_ctl_notify_one - Send notification to user-space for a control change 192 * @card: the card to send notification 193 * @mask: the event mask, SNDRV_CTL_EVENT_* 194 * @kctl: the pointer with the control instance 195 * @ioff: the additional offset to the control index 196 * 197 * This function calls snd_ctl_notify() and does additional jobs 198 * like LED state changes. 199 */ 200 void snd_ctl_notify_one(struct snd_card *card, unsigned int mask, 201 struct snd_kcontrol *kctl, unsigned int ioff) 202 { 203 struct snd_ctl_elem_id id = kctl->id; 204 struct snd_ctl_layer_ops *lops; 205 206 id.index += ioff; 207 id.numid += ioff; 208 snd_ctl_notify(card, mask, &id); 209 guard(rwsem_read)(&snd_ctl_layer_rwsem); 210 for (lops = snd_ctl_layer; lops; lops = lops->next) 211 lops->lnotify(card, mask, kctl, ioff); 212 } 213 EXPORT_SYMBOL(snd_ctl_notify_one); 214 215 /** 216 * snd_ctl_new - create a new control instance with some elements 217 * @kctl: the pointer to store new control instance 218 * @count: the number of elements in this control 219 * @access: the default access flags for elements in this control 220 * @file: given when locking these elements 221 * 222 * Allocates a memory object for a new control instance. The instance has 223 * elements as many as the given number (@count). Each element has given 224 * access permissions (@access). Each element is locked when @file is given. 225 * 226 * Return: 0 on success, error code on failure 227 */ 228 static int snd_ctl_new(struct snd_kcontrol **kctl, unsigned int count, 229 unsigned int access, struct snd_ctl_file *file) 230 { 231 unsigned int idx; 232 233 if (count == 0 || count > MAX_CONTROL_COUNT) 234 return -EINVAL; 235 236 *kctl = kzalloc(struct_size(*kctl, vd, count), GFP_KERNEL); 237 if (!*kctl) 238 return -ENOMEM; 239 240 (*kctl)->count = count; 241 for (idx = 0; idx < count; idx++) { 242 (*kctl)->vd[idx].access = access; 243 (*kctl)->vd[idx].owner = file; 244 } 245 246 return 0; 247 } 248 249 /** 250 * snd_ctl_new1 - create a control instance from the template 251 * @ncontrol: the initialization record 252 * @private_data: the private data to set 253 * 254 * Allocates a new struct snd_kcontrol instance and initialize from the given 255 * template. When the access field of ncontrol is 0, it's assumed as 256 * READWRITE access. When the count field is 0, it's assumes as one. 257 * 258 * Return: The pointer of the newly generated instance, or %NULL on failure. 259 */ 260 struct snd_kcontrol *snd_ctl_new1(const struct snd_kcontrol_new *ncontrol, 261 void *private_data) 262 { 263 struct snd_kcontrol *kctl; 264 unsigned int count; 265 unsigned int access; 266 int err; 267 268 if (snd_BUG_ON(!ncontrol || !ncontrol->info)) 269 return NULL; 270 271 count = ncontrol->count; 272 if (count == 0) 273 count = 1; 274 275 access = ncontrol->access; 276 if (access == 0) 277 access = SNDRV_CTL_ELEM_ACCESS_READWRITE; 278 access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE | 279 SNDRV_CTL_ELEM_ACCESS_VOLATILE | 280 SNDRV_CTL_ELEM_ACCESS_INACTIVE | 281 SNDRV_CTL_ELEM_ACCESS_TLV_READWRITE | 282 SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND | 283 SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK | 284 SNDRV_CTL_ELEM_ACCESS_LED_MASK | 285 SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK); 286 287 err = snd_ctl_new(&kctl, count, access, NULL); 288 if (err < 0) 289 return NULL; 290 291 /* The 'numid' member is decided when calling snd_ctl_add(). */ 292 kctl->id.iface = ncontrol->iface; 293 kctl->id.device = ncontrol->device; 294 kctl->id.subdevice = ncontrol->subdevice; 295 if (ncontrol->name) { 296 strscpy(kctl->id.name, ncontrol->name, sizeof(kctl->id.name)); 297 if (strcmp(ncontrol->name, kctl->id.name) != 0) 298 pr_warn("ALSA: Control name '%s' truncated to '%s'\n", 299 ncontrol->name, kctl->id.name); 300 } 301 kctl->id.index = ncontrol->index; 302 303 kctl->info = ncontrol->info; 304 kctl->get = ncontrol->get; 305 kctl->put = ncontrol->put; 306 kctl->tlv.p = ncontrol->tlv.p; 307 308 kctl->private_value = ncontrol->private_value; 309 kctl->private_data = private_data; 310 311 return kctl; 312 } 313 EXPORT_SYMBOL(snd_ctl_new1); 314 315 /** 316 * snd_ctl_free_one - release the control instance 317 * @kcontrol: the control instance 318 * 319 * Releases the control instance created via snd_ctl_new() 320 * or snd_ctl_new1(). 321 * Don't call this after the control was added to the card. 322 */ 323 void snd_ctl_free_one(struct snd_kcontrol *kcontrol) 324 { 325 if (kcontrol) { 326 if (kcontrol->private_free) 327 kcontrol->private_free(kcontrol); 328 kfree(kcontrol); 329 } 330 } 331 EXPORT_SYMBOL(snd_ctl_free_one); 332 333 static bool snd_ctl_remove_numid_conflict(struct snd_card *card, 334 unsigned int count) 335 { 336 struct snd_kcontrol *kctl; 337 338 /* Make sure that the ids assigned to the control do not wrap around */ 339 if (card->last_numid >= UINT_MAX - count) 340 card->last_numid = 0; 341 342 list_for_each_entry(kctl, &card->controls, list) { 343 if (kctl->id.numid < card->last_numid + 1 + count && 344 kctl->id.numid + kctl->count > card->last_numid + 1) { 345 card->last_numid = kctl->id.numid + kctl->count - 1; 346 return true; 347 } 348 } 349 return false; 350 } 351 352 static int snd_ctl_find_hole(struct snd_card *card, unsigned int count) 353 { 354 unsigned int iter = 100000; 355 356 while (snd_ctl_remove_numid_conflict(card, count)) { 357 if (--iter == 0) { 358 /* this situation is very unlikely */ 359 dev_err(card->dev, "unable to allocate new control numid\n"); 360 return -ENOMEM; 361 } 362 } 363 return 0; 364 } 365 366 /* check whether the given id is contained in the given kctl */ 367 static bool elem_id_matches(const struct snd_kcontrol *kctl, 368 const struct snd_ctl_elem_id *id) 369 { 370 return kctl->id.iface == id->iface && 371 kctl->id.device == id->device && 372 kctl->id.subdevice == id->subdevice && 373 !strncmp(kctl->id.name, id->name, sizeof(kctl->id.name)) && 374 kctl->id.index <= id->index && 375 kctl->id.index + kctl->count > id->index; 376 } 377 378 #ifdef CONFIG_SND_CTL_FAST_LOOKUP 379 /* Compute a hash key for the corresponding ctl id 380 * It's for the name lookup, hence the numid is excluded. 381 * The hash key is bound in LONG_MAX to be used for Xarray key. 382 */ 383 #define MULTIPLIER 37 384 static unsigned long get_ctl_id_hash(const struct snd_ctl_elem_id *id) 385 { 386 int i; 387 unsigned long h; 388 389 h = id->iface; 390 h = MULTIPLIER * h + id->device; 391 h = MULTIPLIER * h + id->subdevice; 392 for (i = 0; i < SNDRV_CTL_ELEM_ID_NAME_MAXLEN && id->name[i]; i++) 393 h = MULTIPLIER * h + id->name[i]; 394 h = MULTIPLIER * h + id->index; 395 h &= LONG_MAX; 396 return h; 397 } 398 399 /* add hash entries to numid and ctl xarray tables */ 400 static void add_hash_entries(struct snd_card *card, 401 struct snd_kcontrol *kcontrol) 402 { 403 struct snd_ctl_elem_id id = kcontrol->id; 404 int i; 405 406 xa_store_range(&card->ctl_numids, kcontrol->id.numid, 407 kcontrol->id.numid + kcontrol->count - 1, 408 kcontrol, GFP_KERNEL); 409 410 for (i = 0; i < kcontrol->count; i++) { 411 id.index = kcontrol->id.index + i; 412 if (xa_insert(&card->ctl_hash, get_ctl_id_hash(&id), 413 kcontrol, GFP_KERNEL)) { 414 /* skip hash for this entry, noting we had collision */ 415 card->ctl_hash_collision = true; 416 dev_dbg(card->dev, "ctl_hash collision %d:%s:%d\n", 417 id.iface, id.name, id.index); 418 } 419 } 420 } 421 422 /* remove hash entries that have been added */ 423 static void remove_hash_entries(struct snd_card *card, 424 struct snd_kcontrol *kcontrol) 425 { 426 struct snd_ctl_elem_id id = kcontrol->id; 427 struct snd_kcontrol *matched; 428 unsigned long h; 429 int i; 430 431 for (i = 0; i < kcontrol->count; i++) { 432 xa_erase(&card->ctl_numids, id.numid); 433 h = get_ctl_id_hash(&id); 434 matched = xa_load(&card->ctl_hash, h); 435 if (matched && (matched == kcontrol || 436 elem_id_matches(matched, &id))) 437 xa_erase(&card->ctl_hash, h); 438 id.index++; 439 id.numid++; 440 } 441 } 442 #else /* CONFIG_SND_CTL_FAST_LOOKUP */ 443 static inline void add_hash_entries(struct snd_card *card, 444 struct snd_kcontrol *kcontrol) 445 { 446 } 447 static inline void remove_hash_entries(struct snd_card *card, 448 struct snd_kcontrol *kcontrol) 449 { 450 } 451 #endif /* CONFIG_SND_CTL_FAST_LOOKUP */ 452 453 enum snd_ctl_add_mode { 454 CTL_ADD_EXCLUSIVE, CTL_REPLACE, CTL_ADD_ON_REPLACE, 455 }; 456 457 /* add/replace a new kcontrol object; call with card->controls_rwsem locked */ 458 static int __snd_ctl_add_replace(struct snd_card *card, 459 struct snd_kcontrol *kcontrol, 460 enum snd_ctl_add_mode mode) 461 { 462 struct snd_ctl_elem_id id; 463 unsigned int idx; 464 struct snd_kcontrol *old; 465 int err; 466 467 lockdep_assert_held_write(&card->controls_rwsem); 468 469 id = kcontrol->id; 470 if (id.index > UINT_MAX - kcontrol->count) 471 return -EINVAL; 472 473 old = snd_ctl_find_id_locked(card, &id); 474 if (!old) { 475 if (mode == CTL_REPLACE) 476 return -EINVAL; 477 } else { 478 if (mode == CTL_ADD_EXCLUSIVE) { 479 dev_err(card->dev, 480 "control %i:%i:%i:%s:%i is already present\n", 481 id.iface, id.device, id.subdevice, id.name, 482 id.index); 483 return -EBUSY; 484 } 485 486 err = snd_ctl_remove_locked(card, old); 487 if (err < 0) 488 return err; 489 } 490 491 if (snd_ctl_find_hole(card, kcontrol->count) < 0) 492 return -ENOMEM; 493 494 list_add_tail(&kcontrol->list, &card->controls); 495 card->controls_count += kcontrol->count; 496 kcontrol->id.numid = card->last_numid + 1; 497 card->last_numid += kcontrol->count; 498 499 add_hash_entries(card, kcontrol); 500 501 for (idx = 0; idx < kcontrol->count; idx++) 502 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_ADD, kcontrol, idx); 503 504 return 0; 505 } 506 507 static int snd_ctl_add_replace(struct snd_card *card, 508 struct snd_kcontrol *kcontrol, 509 enum snd_ctl_add_mode mode) 510 { 511 int err = -EINVAL; 512 513 if (! kcontrol) 514 return err; 515 if (snd_BUG_ON(!card || !kcontrol->info)) 516 goto error; 517 518 scoped_guard(rwsem_write, &card->controls_rwsem) 519 err = __snd_ctl_add_replace(card, kcontrol, mode); 520 521 if (err < 0) 522 goto error; 523 return 0; 524 525 error: 526 snd_ctl_free_one(kcontrol); 527 return err; 528 } 529 530 /** 531 * snd_ctl_add - add the control instance to the card 532 * @card: the card instance 533 * @kcontrol: the control instance to add 534 * 535 * Adds the control instance created via snd_ctl_new() or 536 * snd_ctl_new1() to the given card. Assigns also an unique 537 * numid used for fast search. 538 * 539 * It frees automatically the control which cannot be added. 540 * 541 * Return: Zero if successful, or a negative error code on failure. 542 * 543 */ 544 int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol) 545 { 546 return snd_ctl_add_replace(card, kcontrol, CTL_ADD_EXCLUSIVE); 547 } 548 EXPORT_SYMBOL(snd_ctl_add); 549 550 /** 551 * snd_ctl_replace - replace the control instance of the card 552 * @card: the card instance 553 * @kcontrol: the control instance to replace 554 * @add_on_replace: add the control if not already added 555 * 556 * Replaces the given control. If the given control does not exist 557 * and the add_on_replace flag is set, the control is added. If the 558 * control exists, it is destroyed first. 559 * 560 * It frees automatically the control which cannot be added or replaced. 561 * 562 * Return: Zero if successful, or a negative error code on failure. 563 */ 564 int snd_ctl_replace(struct snd_card *card, struct snd_kcontrol *kcontrol, 565 bool add_on_replace) 566 { 567 return snd_ctl_add_replace(card, kcontrol, 568 add_on_replace ? CTL_ADD_ON_REPLACE : CTL_REPLACE); 569 } 570 EXPORT_SYMBOL(snd_ctl_replace); 571 572 static int __snd_ctl_remove(struct snd_card *card, 573 struct snd_kcontrol *kcontrol, 574 bool remove_hash) 575 { 576 unsigned int idx; 577 578 lockdep_assert_held_write(&card->controls_rwsem); 579 580 if (snd_BUG_ON(!card || !kcontrol)) 581 return -EINVAL; 582 list_del(&kcontrol->list); 583 584 if (remove_hash) 585 remove_hash_entries(card, kcontrol); 586 587 card->controls_count -= kcontrol->count; 588 for (idx = 0; idx < kcontrol->count; idx++) 589 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_REMOVE, kcontrol, idx); 590 snd_ctl_free_one(kcontrol); 591 return 0; 592 } 593 594 static inline int snd_ctl_remove_locked(struct snd_card *card, 595 struct snd_kcontrol *kcontrol) 596 { 597 return __snd_ctl_remove(card, kcontrol, true); 598 } 599 600 /** 601 * snd_ctl_remove - remove the control from the card and release it 602 * @card: the card instance 603 * @kcontrol: the control instance to remove 604 * 605 * Removes the control from the card and then releases the instance. 606 * You don't need to call snd_ctl_free_one(). 607 * Passing NULL to @kcontrol argument is allowed as noop. 608 * 609 * Return: 0 if successful, or a negative error code on failure. 610 * 611 * Note that this function takes card->controls_rwsem lock internally. 612 */ 613 int snd_ctl_remove(struct snd_card *card, struct snd_kcontrol *kcontrol) 614 { 615 if (!kcontrol) 616 return 0; 617 guard(rwsem_write)(&card->controls_rwsem); 618 return snd_ctl_remove_locked(card, kcontrol); 619 } 620 EXPORT_SYMBOL(snd_ctl_remove); 621 622 /** 623 * snd_ctl_remove_id - remove the control of the given id and release it 624 * @card: the card instance 625 * @id: the control id to remove 626 * 627 * Finds the control instance with the given id, removes it from the 628 * card list and releases it. 629 * 630 * Return: 0 if successful, or a negative error code on failure. 631 */ 632 int snd_ctl_remove_id(struct snd_card *card, struct snd_ctl_elem_id *id) 633 { 634 struct snd_kcontrol *kctl; 635 636 guard(rwsem_write)(&card->controls_rwsem); 637 kctl = snd_ctl_find_id_locked(card, id); 638 if (kctl == NULL) 639 return -ENOENT; 640 return snd_ctl_remove_locked(card, kctl); 641 } 642 EXPORT_SYMBOL(snd_ctl_remove_id); 643 644 /** 645 * snd_ctl_remove_user_ctl - remove and release the unlocked user control 646 * @file: active control handle 647 * @id: the control id to remove 648 * 649 * Finds the control instance with the given id, removes it from the 650 * card list and releases it. 651 * 652 * Return: 0 if successful, or a negative error code on failure. 653 */ 654 static int snd_ctl_remove_user_ctl(struct snd_ctl_file * file, 655 struct snd_ctl_elem_id *id) 656 { 657 struct snd_card *card = file->card; 658 struct snd_kcontrol *kctl; 659 int idx; 660 661 guard(rwsem_write)(&card->controls_rwsem); 662 kctl = snd_ctl_find_id_locked(card, id); 663 if (kctl == NULL) 664 return -ENOENT; 665 if (!(kctl->vd[0].access & SNDRV_CTL_ELEM_ACCESS_USER)) 666 return -EINVAL; 667 for (idx = 0; idx < kctl->count; idx++) 668 if (kctl->vd[idx].owner != NULL && kctl->vd[idx].owner != file) 669 return -EBUSY; 670 return snd_ctl_remove_locked(card, kctl); 671 } 672 673 /** 674 * snd_ctl_activate_id - activate/inactivate the control of the given id 675 * @card: the card instance 676 * @id: the control id to activate/inactivate 677 * @active: non-zero to activate 678 * 679 * Finds the control instance with the given id, and activate or 680 * inactivate the control together with notification, if changed. 681 * The given ID data is filled with full information. 682 * 683 * Return: 0 if unchanged, 1 if changed, or a negative error code on failure. 684 */ 685 int snd_ctl_activate_id(struct snd_card *card, struct snd_ctl_elem_id *id, 686 int active) 687 { 688 struct snd_kcontrol *kctl; 689 struct snd_kcontrol_volatile *vd; 690 unsigned int index_offset; 691 int ret; 692 693 down_write(&card->controls_rwsem); 694 kctl = snd_ctl_find_id_locked(card, id); 695 if (kctl == NULL) { 696 ret = -ENOENT; 697 goto unlock; 698 } 699 index_offset = snd_ctl_get_ioff(kctl, id); 700 vd = &kctl->vd[index_offset]; 701 ret = 0; 702 if (active) { 703 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE)) 704 goto unlock; 705 vd->access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE; 706 } else { 707 if (vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE) 708 goto unlock; 709 vd->access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE; 710 } 711 snd_ctl_build_ioff(id, kctl, index_offset); 712 downgrade_write(&card->controls_rwsem); 713 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_INFO, kctl, index_offset); 714 up_read(&card->controls_rwsem); 715 return 1; 716 717 unlock: 718 up_write(&card->controls_rwsem); 719 return ret; 720 } 721 EXPORT_SYMBOL_GPL(snd_ctl_activate_id); 722 723 /** 724 * snd_ctl_rename_id - replace the id of a control on the card 725 * @card: the card instance 726 * @src_id: the old id 727 * @dst_id: the new id 728 * 729 * Finds the control with the old id from the card, and replaces the 730 * id with the new one. 731 * 732 * The function tries to keep the already assigned numid while replacing 733 * the rest. 734 * 735 * Note that this function should be used only in the card initialization 736 * phase. Calling after the card instantiation may cause issues with 737 * user-space expecting persistent numids. 738 * 739 * Return: Zero if successful, or a negative error code on failure. 740 */ 741 int snd_ctl_rename_id(struct snd_card *card, struct snd_ctl_elem_id *src_id, 742 struct snd_ctl_elem_id *dst_id) 743 { 744 struct snd_kcontrol *kctl; 745 int saved_numid; 746 747 guard(rwsem_write)(&card->controls_rwsem); 748 kctl = snd_ctl_find_id_locked(card, src_id); 749 if (kctl == NULL) 750 return -ENOENT; 751 saved_numid = kctl->id.numid; 752 remove_hash_entries(card, kctl); 753 kctl->id = *dst_id; 754 kctl->id.numid = saved_numid; 755 add_hash_entries(card, kctl); 756 return 0; 757 } 758 EXPORT_SYMBOL(snd_ctl_rename_id); 759 760 /** 761 * snd_ctl_rename - rename the control on the card 762 * @card: the card instance 763 * @kctl: the control to rename 764 * @name: the new name 765 * 766 * Renames the specified control on the card to the new name. 767 * 768 * Note that this function takes card->controls_rwsem lock internally. 769 */ 770 void snd_ctl_rename(struct snd_card *card, struct snd_kcontrol *kctl, 771 const char *name) 772 { 773 guard(rwsem_write)(&card->controls_rwsem); 774 remove_hash_entries(card, kctl); 775 776 if (strscpy(kctl->id.name, name, sizeof(kctl->id.name)) < 0) 777 pr_warn("ALSA: Renamed control new name '%s' truncated to '%s'\n", 778 name, kctl->id.name); 779 780 add_hash_entries(card, kctl); 781 } 782 EXPORT_SYMBOL(snd_ctl_rename); 783 784 #ifndef CONFIG_SND_CTL_FAST_LOOKUP 785 static struct snd_kcontrol * 786 snd_ctl_find_numid_slow(struct snd_card *card, unsigned int numid) 787 { 788 struct snd_kcontrol *kctl; 789 790 list_for_each_entry(kctl, &card->controls, list) { 791 if (kctl->id.numid <= numid && kctl->id.numid + kctl->count > numid) 792 return kctl; 793 } 794 return NULL; 795 } 796 #endif /* !CONFIG_SND_CTL_FAST_LOOKUP */ 797 798 /** 799 * snd_ctl_find_numid_locked - find the control instance with the given number-id 800 * @card: the card instance 801 * @numid: the number-id to search 802 * 803 * Finds the control instance with the given number-id from the card. 804 * 805 * The caller must down card->controls_rwsem before calling this function 806 * (if the race condition can happen). 807 * 808 * Return: The pointer of the instance if found, or %NULL if not. 809 */ 810 struct snd_kcontrol * 811 snd_ctl_find_numid_locked(struct snd_card *card, unsigned int numid) 812 { 813 if (snd_BUG_ON(!card || !numid)) 814 return NULL; 815 lockdep_assert_held(&card->controls_rwsem); 816 #ifdef CONFIG_SND_CTL_FAST_LOOKUP 817 return xa_load(&card->ctl_numids, numid); 818 #else 819 return snd_ctl_find_numid_slow(card, numid); 820 #endif 821 } 822 EXPORT_SYMBOL(snd_ctl_find_numid_locked); 823 824 /** 825 * snd_ctl_find_numid - find the control instance with the given number-id 826 * @card: the card instance 827 * @numid: the number-id to search 828 * 829 * Finds the control instance with the given number-id from the card. 830 * 831 * Return: The pointer of the instance if found, or %NULL if not. 832 * 833 * Note that this function takes card->controls_rwsem lock internally. 834 */ 835 struct snd_kcontrol *snd_ctl_find_numid(struct snd_card *card, 836 unsigned int numid) 837 { 838 guard(rwsem_read)(&card->controls_rwsem); 839 return snd_ctl_find_numid_locked(card, numid); 840 } 841 EXPORT_SYMBOL(snd_ctl_find_numid); 842 843 /** 844 * snd_ctl_find_id_locked - find the control instance with the given id 845 * @card: the card instance 846 * @id: the id to search 847 * 848 * Finds the control instance with the given id from the card. 849 * 850 * The caller must down card->controls_rwsem before calling this function 851 * (if the race condition can happen). 852 * 853 * Return: The pointer of the instance if found, or %NULL if not. 854 */ 855 struct snd_kcontrol *snd_ctl_find_id_locked(struct snd_card *card, 856 const struct snd_ctl_elem_id *id) 857 { 858 struct snd_kcontrol *kctl; 859 860 if (snd_BUG_ON(!card || !id)) 861 return NULL; 862 lockdep_assert_held(&card->controls_rwsem); 863 if (id->numid != 0) 864 return snd_ctl_find_numid_locked(card, id->numid); 865 #ifdef CONFIG_SND_CTL_FAST_LOOKUP 866 kctl = xa_load(&card->ctl_hash, get_ctl_id_hash(id)); 867 if (kctl && elem_id_matches(kctl, id)) 868 return kctl; 869 if (!card->ctl_hash_collision) 870 return NULL; /* we can rely on only hash table */ 871 #endif 872 /* no matching in hash table - try all as the last resort */ 873 list_for_each_entry(kctl, &card->controls, list) 874 if (elem_id_matches(kctl, id)) 875 return kctl; 876 877 return NULL; 878 } 879 EXPORT_SYMBOL(snd_ctl_find_id_locked); 880 881 /** 882 * snd_ctl_find_id - find the control instance with the given id 883 * @card: the card instance 884 * @id: the id to search 885 * 886 * Finds the control instance with the given id from the card. 887 * 888 * Return: The pointer of the instance if found, or %NULL if not. 889 * 890 * Note that this function takes card->controls_rwsem lock internally. 891 */ 892 struct snd_kcontrol *snd_ctl_find_id(struct snd_card *card, 893 const struct snd_ctl_elem_id *id) 894 { 895 guard(rwsem_read)(&card->controls_rwsem); 896 return snd_ctl_find_id_locked(card, id); 897 } 898 EXPORT_SYMBOL(snd_ctl_find_id); 899 900 static int snd_ctl_card_info(struct snd_card *card, struct snd_ctl_file * ctl, 901 unsigned int cmd, void __user *arg) 902 { 903 struct snd_ctl_card_info *info __free(kfree) = NULL; 904 905 info = kzalloc(sizeof(*info), GFP_KERNEL); 906 if (! info) 907 return -ENOMEM; 908 scoped_guard(rwsem_read, &snd_ioctl_rwsem) { 909 info->card = card->number; 910 strscpy(info->id, card->id, sizeof(info->id)); 911 strscpy(info->driver, card->driver, sizeof(info->driver)); 912 strscpy(info->name, card->shortname, sizeof(info->name)); 913 strscpy(info->longname, card->longname, sizeof(info->longname)); 914 strscpy(info->mixername, card->mixername, sizeof(info->mixername)); 915 strscpy(info->components, card->components, sizeof(info->components)); 916 } 917 if (copy_to_user(arg, info, sizeof(struct snd_ctl_card_info))) 918 return -EFAULT; 919 return 0; 920 } 921 922 static int snd_ctl_elem_list(struct snd_card *card, 923 struct snd_ctl_elem_list *list) 924 { 925 struct snd_kcontrol *kctl; 926 struct snd_ctl_elem_id id; 927 unsigned int offset, space, jidx; 928 929 offset = list->offset; 930 space = list->space; 931 932 guard(rwsem_read)(&card->controls_rwsem); 933 list->count = card->controls_count; 934 list->used = 0; 935 if (!space) 936 return 0; 937 list_for_each_entry(kctl, &card->controls, list) { 938 if (offset >= kctl->count) { 939 offset -= kctl->count; 940 continue; 941 } 942 for (jidx = offset; jidx < kctl->count; jidx++) { 943 snd_ctl_build_ioff(&id, kctl, jidx); 944 if (copy_to_user(list->pids + list->used, &id, sizeof(id))) 945 return -EFAULT; 946 list->used++; 947 if (!--space) 948 return 0; 949 } 950 offset = 0; 951 } 952 return 0; 953 } 954 955 static int snd_ctl_elem_list_user(struct snd_card *card, 956 struct snd_ctl_elem_list __user *_list) 957 { 958 struct snd_ctl_elem_list list; 959 int err; 960 961 if (copy_from_user(&list, _list, sizeof(list))) 962 return -EFAULT; 963 err = snd_ctl_elem_list(card, &list); 964 if (err) 965 return err; 966 if (copy_to_user(_list, &list, sizeof(list))) 967 return -EFAULT; 968 969 return 0; 970 } 971 972 /* Check whether the given kctl info is valid */ 973 static int snd_ctl_check_elem_info(struct snd_card *card, 974 const struct snd_ctl_elem_info *info) 975 { 976 static const unsigned int max_value_counts[] = { 977 [SNDRV_CTL_ELEM_TYPE_BOOLEAN] = 128, 978 [SNDRV_CTL_ELEM_TYPE_INTEGER] = 128, 979 [SNDRV_CTL_ELEM_TYPE_ENUMERATED] = 128, 980 [SNDRV_CTL_ELEM_TYPE_BYTES] = 512, 981 [SNDRV_CTL_ELEM_TYPE_IEC958] = 1, 982 [SNDRV_CTL_ELEM_TYPE_INTEGER64] = 64, 983 }; 984 985 if (info->type < SNDRV_CTL_ELEM_TYPE_BOOLEAN || 986 info->type > SNDRV_CTL_ELEM_TYPE_INTEGER64) { 987 if (card) 988 dev_err(card->dev, 989 "control %i:%i:%i:%s:%i: invalid type %d\n", 990 info->id.iface, info->id.device, 991 info->id.subdevice, info->id.name, 992 info->id.index, info->type); 993 return -EINVAL; 994 } 995 if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED && 996 info->value.enumerated.items == 0) { 997 if (card) 998 dev_err(card->dev, 999 "control %i:%i:%i:%s:%i: zero enum items\n", 1000 info->id.iface, info->id.device, 1001 info->id.subdevice, info->id.name, 1002 info->id.index); 1003 return -EINVAL; 1004 } 1005 if (info->count > max_value_counts[info->type]) { 1006 if (card) 1007 dev_err(card->dev, 1008 "control %i:%i:%i:%s:%i: invalid count %d\n", 1009 info->id.iface, info->id.device, 1010 info->id.subdevice, info->id.name, 1011 info->id.index, info->count); 1012 return -EINVAL; 1013 } 1014 1015 return 0; 1016 } 1017 1018 /* The capacity of struct snd_ctl_elem_value.value.*/ 1019 static const unsigned int value_sizes[] = { 1020 [SNDRV_CTL_ELEM_TYPE_BOOLEAN] = sizeof(long), 1021 [SNDRV_CTL_ELEM_TYPE_INTEGER] = sizeof(long), 1022 [SNDRV_CTL_ELEM_TYPE_ENUMERATED] = sizeof(unsigned int), 1023 [SNDRV_CTL_ELEM_TYPE_BYTES] = sizeof(unsigned char), 1024 [SNDRV_CTL_ELEM_TYPE_IEC958] = sizeof(struct snd_aes_iec958), 1025 [SNDRV_CTL_ELEM_TYPE_INTEGER64] = sizeof(long long), 1026 }; 1027 1028 /* fill the remaining snd_ctl_elem_value data with the given pattern */ 1029 static void fill_remaining_elem_value(struct snd_ctl_elem_value *control, 1030 struct snd_ctl_elem_info *info, 1031 u32 pattern) 1032 { 1033 size_t offset = value_sizes[info->type] * info->count; 1034 1035 offset = DIV_ROUND_UP(offset, sizeof(u32)); 1036 memset32((u32 *)control->value.bytes.data + offset, pattern, 1037 sizeof(control->value) / sizeof(u32) - offset); 1038 } 1039 1040 /* check whether the given integer ctl value is valid */ 1041 static int sanity_check_int_value(struct snd_card *card, 1042 const struct snd_ctl_elem_value *control, 1043 const struct snd_ctl_elem_info *info, 1044 int i, bool print_error) 1045 { 1046 long long lval, lmin, lmax, lstep; 1047 u64 rem; 1048 1049 switch (info->type) { 1050 default: 1051 case SNDRV_CTL_ELEM_TYPE_BOOLEAN: 1052 lval = control->value.integer.value[i]; 1053 lmin = 0; 1054 lmax = 1; 1055 lstep = 0; 1056 break; 1057 case SNDRV_CTL_ELEM_TYPE_INTEGER: 1058 lval = control->value.integer.value[i]; 1059 lmin = info->value.integer.min; 1060 lmax = info->value.integer.max; 1061 lstep = info->value.integer.step; 1062 break; 1063 case SNDRV_CTL_ELEM_TYPE_INTEGER64: 1064 lval = control->value.integer64.value[i]; 1065 lmin = info->value.integer64.min; 1066 lmax = info->value.integer64.max; 1067 lstep = info->value.integer64.step; 1068 break; 1069 case SNDRV_CTL_ELEM_TYPE_ENUMERATED: 1070 lval = control->value.enumerated.item[i]; 1071 lmin = 0; 1072 lmax = info->value.enumerated.items - 1; 1073 lstep = 0; 1074 break; 1075 } 1076 1077 if (lval < lmin || lval > lmax) { 1078 if (print_error) 1079 dev_err(card->dev, 1080 "control %i:%i:%i:%s:%i: value out of range %lld (%lld/%lld) at count %i\n", 1081 control->id.iface, control->id.device, 1082 control->id.subdevice, control->id.name, 1083 control->id.index, lval, lmin, lmax, i); 1084 return -EINVAL; 1085 } 1086 if (lstep) { 1087 div64_u64_rem(lval, lstep, &rem); 1088 if (rem) { 1089 if (print_error) 1090 dev_err(card->dev, 1091 "control %i:%i:%i:%s:%i: unaligned value %lld (step %lld) at count %i\n", 1092 control->id.iface, control->id.device, 1093 control->id.subdevice, control->id.name, 1094 control->id.index, lval, lstep, i); 1095 return -EINVAL; 1096 } 1097 } 1098 1099 return 0; 1100 } 1101 1102 /* check whether the all input values are valid for the given elem value */ 1103 static int sanity_check_input_values(struct snd_card *card, 1104 const struct snd_ctl_elem_value *control, 1105 const struct snd_ctl_elem_info *info, 1106 bool print_error) 1107 { 1108 int i, ret; 1109 1110 switch (info->type) { 1111 case SNDRV_CTL_ELEM_TYPE_BOOLEAN: 1112 case SNDRV_CTL_ELEM_TYPE_INTEGER: 1113 case SNDRV_CTL_ELEM_TYPE_INTEGER64: 1114 case SNDRV_CTL_ELEM_TYPE_ENUMERATED: 1115 for (i = 0; i < info->count; i++) { 1116 ret = sanity_check_int_value(card, control, info, i, 1117 print_error); 1118 if (ret < 0) 1119 return ret; 1120 } 1121 break; 1122 default: 1123 break; 1124 } 1125 1126 return 0; 1127 } 1128 1129 /* perform sanity checks to the given snd_ctl_elem_value object */ 1130 static int sanity_check_elem_value(struct snd_card *card, 1131 const struct snd_ctl_elem_value *control, 1132 const struct snd_ctl_elem_info *info, 1133 u32 pattern) 1134 { 1135 size_t offset; 1136 int ret; 1137 u32 *p; 1138 1139 ret = sanity_check_input_values(card, control, info, true); 1140 if (ret < 0) 1141 return ret; 1142 1143 /* check whether the remaining area kept untouched */ 1144 offset = value_sizes[info->type] * info->count; 1145 offset = DIV_ROUND_UP(offset, sizeof(u32)); 1146 p = (u32 *)control->value.bytes.data + offset; 1147 for (; offset < sizeof(control->value) / sizeof(u32); offset++, p++) { 1148 if (*p != pattern) { 1149 ret = -EINVAL; 1150 break; 1151 } 1152 *p = 0; /* clear the checked area */ 1153 } 1154 1155 return ret; 1156 } 1157 1158 static int __snd_ctl_elem_info(struct snd_card *card, 1159 struct snd_kcontrol *kctl, 1160 struct snd_ctl_elem_info *info, 1161 struct snd_ctl_file *ctl) 1162 { 1163 struct snd_kcontrol_volatile *vd; 1164 unsigned int index_offset; 1165 int result; 1166 1167 #ifdef CONFIG_SND_DEBUG 1168 info->access = 0; 1169 #endif 1170 result = kctl->info(kctl, info); 1171 if (result >= 0) { 1172 snd_BUG_ON(info->access); 1173 index_offset = snd_ctl_get_ioff(kctl, &info->id); 1174 vd = &kctl->vd[index_offset]; 1175 snd_ctl_build_ioff(&info->id, kctl, index_offset); 1176 info->access = vd->access; 1177 if (vd->owner) { 1178 info->access |= SNDRV_CTL_ELEM_ACCESS_LOCK; 1179 if (vd->owner == ctl) 1180 info->access |= SNDRV_CTL_ELEM_ACCESS_OWNER; 1181 info->owner = pid_vnr(vd->owner->pid); 1182 } else { 1183 info->owner = -1; 1184 } 1185 if (!snd_ctl_skip_validation(info) && 1186 snd_ctl_check_elem_info(card, info) < 0) 1187 result = -EINVAL; 1188 } 1189 return result; 1190 } 1191 1192 static int snd_ctl_elem_info(struct snd_ctl_file *ctl, 1193 struct snd_ctl_elem_info *info) 1194 { 1195 struct snd_card *card = ctl->card; 1196 struct snd_kcontrol *kctl; 1197 1198 guard(rwsem_read)(&card->controls_rwsem); 1199 kctl = snd_ctl_find_id_locked(card, &info->id); 1200 if (!kctl) 1201 return -ENOENT; 1202 return __snd_ctl_elem_info(card, kctl, info, ctl); 1203 } 1204 1205 static int snd_ctl_elem_info_user(struct snd_ctl_file *ctl, 1206 struct snd_ctl_elem_info __user *_info) 1207 { 1208 struct snd_card *card = ctl->card; 1209 struct snd_ctl_elem_info info; 1210 int result; 1211 1212 if (copy_from_user(&info, _info, sizeof(info))) 1213 return -EFAULT; 1214 result = snd_power_ref_and_wait(card); 1215 if (result) 1216 return result; 1217 result = snd_ctl_elem_info(ctl, &info); 1218 snd_power_unref(card); 1219 if (result < 0) 1220 return result; 1221 /* drop internal access flags */ 1222 info.access &= ~(SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK| 1223 SNDRV_CTL_ELEM_ACCESS_LED_MASK); 1224 if (copy_to_user(_info, &info, sizeof(info))) 1225 return -EFAULT; 1226 return result; 1227 } 1228 1229 static int snd_ctl_elem_read(struct snd_card *card, 1230 struct snd_ctl_elem_value *control) 1231 { 1232 struct snd_kcontrol *kctl; 1233 struct snd_kcontrol_volatile *vd; 1234 unsigned int index_offset; 1235 struct snd_ctl_elem_info info; 1236 const u32 pattern = 0xdeadbeef; 1237 int ret; 1238 1239 guard(rwsem_read)(&card->controls_rwsem); 1240 kctl = snd_ctl_find_id_locked(card, &control->id); 1241 if (!kctl) 1242 return -ENOENT; 1243 1244 index_offset = snd_ctl_get_ioff(kctl, &control->id); 1245 vd = &kctl->vd[index_offset]; 1246 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_READ) || !kctl->get) 1247 return -EPERM; 1248 1249 snd_ctl_build_ioff(&control->id, kctl, index_offset); 1250 1251 #ifdef CONFIG_SND_CTL_DEBUG 1252 /* info is needed only for validation */ 1253 memset(&info, 0, sizeof(info)); 1254 info.id = control->id; 1255 ret = __snd_ctl_elem_info(card, kctl, &info, NULL); 1256 if (ret < 0) 1257 return ret; 1258 #endif 1259 1260 if (!snd_ctl_skip_validation(&info)) 1261 fill_remaining_elem_value(control, &info, pattern); 1262 ret = kctl->get(kctl, control); 1263 if (ret < 0) 1264 return ret; 1265 if (!snd_ctl_skip_validation(&info) && 1266 sanity_check_elem_value(card, control, &info, pattern) < 0) { 1267 dev_err(card->dev, 1268 "control %i:%i:%i:%s:%i: access overflow\n", 1269 control->id.iface, control->id.device, 1270 control->id.subdevice, control->id.name, 1271 control->id.index); 1272 return -EINVAL; 1273 } 1274 return 0; 1275 } 1276 1277 static int snd_ctl_elem_read_user(struct snd_card *card, 1278 struct snd_ctl_elem_value __user *_control) 1279 { 1280 struct snd_ctl_elem_value *control __free(kfree) = NULL; 1281 int result; 1282 1283 control = memdup_user(_control, sizeof(*control)); 1284 if (IS_ERR(control)) 1285 return PTR_ERR(no_free_ptr(control)); 1286 1287 result = snd_power_ref_and_wait(card); 1288 if (result) 1289 return result; 1290 result = snd_ctl_elem_read(card, control); 1291 snd_power_unref(card); 1292 if (result < 0) 1293 return result; 1294 1295 if (copy_to_user(_control, control, sizeof(*control))) 1296 return -EFAULT; 1297 return result; 1298 } 1299 1300 static int snd_ctl_elem_write(struct snd_card *card, struct snd_ctl_file *file, 1301 struct snd_ctl_elem_value *control) 1302 { 1303 struct snd_kcontrol *kctl; 1304 struct snd_kcontrol_volatile *vd; 1305 unsigned int index_offset; 1306 int result = 0; 1307 1308 down_write(&card->controls_rwsem); 1309 kctl = snd_ctl_find_id_locked(card, &control->id); 1310 if (kctl == NULL) { 1311 up_write(&card->controls_rwsem); 1312 return -ENOENT; 1313 } 1314 1315 index_offset = snd_ctl_get_ioff(kctl, &control->id); 1316 vd = &kctl->vd[index_offset]; 1317 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_WRITE) || kctl->put == NULL || 1318 (file && vd->owner && vd->owner != file)) { 1319 up_write(&card->controls_rwsem); 1320 return -EPERM; 1321 } 1322 1323 snd_ctl_build_ioff(&control->id, kctl, index_offset); 1324 /* validate input values */ 1325 if (IS_ENABLED(CONFIG_SND_CTL_INPUT_VALIDATION)) { 1326 struct snd_ctl_elem_info info; 1327 1328 memset(&info, 0, sizeof(info)); 1329 info.id = control->id; 1330 result = __snd_ctl_elem_info(card, kctl, &info, NULL); 1331 if (!result) 1332 result = sanity_check_input_values(card, control, &info, 1333 false); 1334 } 1335 if (!result) 1336 result = kctl->put(kctl, control); 1337 if (result < 0) { 1338 up_write(&card->controls_rwsem); 1339 return result; 1340 } 1341 1342 if (result > 0) { 1343 downgrade_write(&card->controls_rwsem); 1344 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_VALUE, kctl, index_offset); 1345 up_read(&card->controls_rwsem); 1346 } else { 1347 up_write(&card->controls_rwsem); 1348 } 1349 1350 return 0; 1351 } 1352 1353 static int snd_ctl_elem_write_user(struct snd_ctl_file *file, 1354 struct snd_ctl_elem_value __user *_control) 1355 { 1356 struct snd_ctl_elem_value *control __free(kfree) = NULL; 1357 struct snd_card *card; 1358 int result; 1359 1360 control = memdup_user(_control, sizeof(*control)); 1361 if (IS_ERR(control)) 1362 return PTR_ERR(no_free_ptr(control)); 1363 1364 card = file->card; 1365 result = snd_power_ref_and_wait(card); 1366 if (result < 0) 1367 return result; 1368 result = snd_ctl_elem_write(card, file, control); 1369 snd_power_unref(card); 1370 if (result < 0) 1371 return result; 1372 1373 if (copy_to_user(_control, control, sizeof(*control))) 1374 return -EFAULT; 1375 return result; 1376 } 1377 1378 static int snd_ctl_elem_lock(struct snd_ctl_file *file, 1379 struct snd_ctl_elem_id __user *_id) 1380 { 1381 struct snd_card *card = file->card; 1382 struct snd_ctl_elem_id id; 1383 struct snd_kcontrol *kctl; 1384 struct snd_kcontrol_volatile *vd; 1385 1386 if (copy_from_user(&id, _id, sizeof(id))) 1387 return -EFAULT; 1388 guard(rwsem_write)(&card->controls_rwsem); 1389 kctl = snd_ctl_find_id_locked(card, &id); 1390 if (!kctl) 1391 return -ENOENT; 1392 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)]; 1393 if (vd->owner) 1394 return -EBUSY; 1395 vd->owner = file; 1396 return 0; 1397 } 1398 1399 static int snd_ctl_elem_unlock(struct snd_ctl_file *file, 1400 struct snd_ctl_elem_id __user *_id) 1401 { 1402 struct snd_card *card = file->card; 1403 struct snd_ctl_elem_id id; 1404 struct snd_kcontrol *kctl; 1405 struct snd_kcontrol_volatile *vd; 1406 1407 if (copy_from_user(&id, _id, sizeof(id))) 1408 return -EFAULT; 1409 guard(rwsem_write)(&card->controls_rwsem); 1410 kctl = snd_ctl_find_id_locked(card, &id); 1411 if (!kctl) 1412 return -ENOENT; 1413 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)]; 1414 if (!vd->owner) 1415 return -EINVAL; 1416 if (vd->owner != file) 1417 return -EPERM; 1418 vd->owner = NULL; 1419 return 0; 1420 } 1421 1422 struct user_element { 1423 struct snd_ctl_elem_info info; 1424 struct snd_card *card; 1425 char *elem_data; /* element data */ 1426 unsigned long elem_data_size; /* size of element data in bytes */ 1427 void *tlv_data; /* TLV data */ 1428 unsigned long tlv_data_size; /* TLV data size */ 1429 void *priv_data; /* private data (like strings for enumerated type) */ 1430 }; 1431 1432 // check whether the addition (in bytes) of user ctl element may overflow the limit. 1433 static bool check_user_elem_overflow(struct snd_card *card, ssize_t add) 1434 { 1435 return (ssize_t)card->user_ctl_alloc_size + add > max_user_ctl_alloc_size; 1436 } 1437 1438 static int snd_ctl_elem_user_info(struct snd_kcontrol *kcontrol, 1439 struct snd_ctl_elem_info *uinfo) 1440 { 1441 struct user_element *ue = kcontrol->private_data; 1442 unsigned int offset; 1443 1444 offset = snd_ctl_get_ioff(kcontrol, &uinfo->id); 1445 *uinfo = ue->info; 1446 snd_ctl_build_ioff(&uinfo->id, kcontrol, offset); 1447 1448 return 0; 1449 } 1450 1451 static int snd_ctl_elem_user_enum_info(struct snd_kcontrol *kcontrol, 1452 struct snd_ctl_elem_info *uinfo) 1453 { 1454 struct user_element *ue = kcontrol->private_data; 1455 const char *names; 1456 unsigned int item; 1457 unsigned int offset; 1458 1459 item = uinfo->value.enumerated.item; 1460 1461 offset = snd_ctl_get_ioff(kcontrol, &uinfo->id); 1462 *uinfo = ue->info; 1463 snd_ctl_build_ioff(&uinfo->id, kcontrol, offset); 1464 1465 item = min(item, uinfo->value.enumerated.items - 1); 1466 uinfo->value.enumerated.item = item; 1467 1468 names = ue->priv_data; 1469 for (; item > 0; --item) 1470 names += strlen(names) + 1; 1471 strcpy(uinfo->value.enumerated.name, names); 1472 1473 return 0; 1474 } 1475 1476 static int snd_ctl_elem_user_get(struct snd_kcontrol *kcontrol, 1477 struct snd_ctl_elem_value *ucontrol) 1478 { 1479 struct user_element *ue = kcontrol->private_data; 1480 unsigned int size = ue->elem_data_size; 1481 char *src = ue->elem_data + 1482 snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size; 1483 1484 memcpy(&ucontrol->value, src, size); 1485 return 0; 1486 } 1487 1488 static int snd_ctl_elem_user_put(struct snd_kcontrol *kcontrol, 1489 struct snd_ctl_elem_value *ucontrol) 1490 { 1491 int err, change; 1492 struct user_element *ue = kcontrol->private_data; 1493 unsigned int size = ue->elem_data_size; 1494 char *dst = ue->elem_data + 1495 snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size; 1496 1497 err = sanity_check_input_values(ue->card, ucontrol, &ue->info, false); 1498 if (err < 0) 1499 return err; 1500 1501 change = memcmp(&ucontrol->value, dst, size) != 0; 1502 if (change) 1503 memcpy(dst, &ucontrol->value, size); 1504 return change; 1505 } 1506 1507 /* called in controls_rwsem write lock */ 1508 static int replace_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf, 1509 unsigned int size) 1510 { 1511 struct user_element *ue = kctl->private_data; 1512 unsigned int *container; 1513 unsigned int mask = 0; 1514 int i; 1515 int change; 1516 1517 lockdep_assert_held_write(&ue->card->controls_rwsem); 1518 1519 if (size > 1024 * 128) /* sane value */ 1520 return -EINVAL; 1521 1522 // does the TLV size change cause overflow? 1523 if (check_user_elem_overflow(ue->card, (ssize_t)(size - ue->tlv_data_size))) 1524 return -ENOMEM; 1525 1526 container = vmemdup_user(buf, size); 1527 if (IS_ERR(container)) 1528 return PTR_ERR(container); 1529 1530 change = ue->tlv_data_size != size; 1531 if (!change) 1532 change = memcmp(ue->tlv_data, container, size) != 0; 1533 if (!change) { 1534 kvfree(container); 1535 return 0; 1536 } 1537 1538 if (ue->tlv_data == NULL) { 1539 /* Now TLV data is available. */ 1540 for (i = 0; i < kctl->count; ++i) 1541 kctl->vd[i].access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ; 1542 mask = SNDRV_CTL_EVENT_MASK_INFO; 1543 } else { 1544 ue->card->user_ctl_alloc_size -= ue->tlv_data_size; 1545 ue->tlv_data_size = 0; 1546 kvfree(ue->tlv_data); 1547 } 1548 1549 ue->tlv_data = container; 1550 ue->tlv_data_size = size; 1551 // decremented at private_free. 1552 ue->card->user_ctl_alloc_size += size; 1553 1554 mask |= SNDRV_CTL_EVENT_MASK_TLV; 1555 for (i = 0; i < kctl->count; ++i) 1556 snd_ctl_notify_one(ue->card, mask, kctl, i); 1557 1558 return change; 1559 } 1560 1561 static int read_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf, 1562 unsigned int size) 1563 { 1564 struct user_element *ue = kctl->private_data; 1565 1566 if (ue->tlv_data_size == 0 || ue->tlv_data == NULL) 1567 return -ENXIO; 1568 1569 if (size < ue->tlv_data_size) 1570 return -ENOSPC; 1571 1572 if (copy_to_user(buf, ue->tlv_data, ue->tlv_data_size)) 1573 return -EFAULT; 1574 1575 return 0; 1576 } 1577 1578 static int snd_ctl_elem_user_tlv(struct snd_kcontrol *kctl, int op_flag, 1579 unsigned int size, unsigned int __user *buf) 1580 { 1581 if (op_flag == SNDRV_CTL_TLV_OP_WRITE) 1582 return replace_user_tlv(kctl, buf, size); 1583 else 1584 return read_user_tlv(kctl, buf, size); 1585 } 1586 1587 /* called in controls_rwsem write lock */ 1588 static int snd_ctl_elem_init_enum_names(struct user_element *ue) 1589 { 1590 char *names, *p; 1591 size_t buf_len, name_len; 1592 unsigned int i; 1593 const uintptr_t user_ptrval = ue->info.value.enumerated.names_ptr; 1594 1595 lockdep_assert_held_write(&ue->card->controls_rwsem); 1596 1597 buf_len = ue->info.value.enumerated.names_length; 1598 if (buf_len > 64 * 1024) 1599 return -EINVAL; 1600 1601 if (check_user_elem_overflow(ue->card, buf_len)) 1602 return -ENOMEM; 1603 names = vmemdup_user((const void __user *)user_ptrval, buf_len); 1604 if (IS_ERR(names)) 1605 return PTR_ERR(names); 1606 1607 /* check that there are enough valid names */ 1608 p = names; 1609 for (i = 0; i < ue->info.value.enumerated.items; ++i) { 1610 name_len = strnlen(p, buf_len); 1611 if (name_len == 0 || name_len >= 64 || name_len == buf_len) { 1612 kvfree(names); 1613 return -EINVAL; 1614 } 1615 p += name_len + 1; 1616 buf_len -= name_len + 1; 1617 } 1618 1619 ue->priv_data = names; 1620 ue->info.value.enumerated.names_ptr = 0; 1621 // increment the allocation size; decremented again at private_free. 1622 ue->card->user_ctl_alloc_size += ue->info.value.enumerated.names_length; 1623 1624 return 0; 1625 } 1626 1627 static size_t compute_user_elem_size(size_t size, unsigned int count) 1628 { 1629 return sizeof(struct user_element) + size * count; 1630 } 1631 1632 static void snd_ctl_elem_user_free(struct snd_kcontrol *kcontrol) 1633 { 1634 struct user_element *ue = kcontrol->private_data; 1635 1636 // decrement the allocation size. 1637 ue->card->user_ctl_alloc_size -= compute_user_elem_size(ue->elem_data_size, kcontrol->count); 1638 ue->card->user_ctl_alloc_size -= ue->tlv_data_size; 1639 if (ue->priv_data) 1640 ue->card->user_ctl_alloc_size -= ue->info.value.enumerated.names_length; 1641 1642 kvfree(ue->tlv_data); 1643 kvfree(ue->priv_data); 1644 kfree(ue); 1645 } 1646 1647 static int snd_ctl_elem_add(struct snd_ctl_file *file, 1648 struct snd_ctl_elem_info *info, int replace) 1649 { 1650 struct snd_card *card = file->card; 1651 struct snd_kcontrol *kctl; 1652 unsigned int count; 1653 unsigned int access; 1654 long private_size; 1655 size_t alloc_size; 1656 struct user_element *ue; 1657 unsigned int offset; 1658 int err; 1659 1660 if (!*info->id.name) 1661 return -EINVAL; 1662 if (strnlen(info->id.name, sizeof(info->id.name)) >= sizeof(info->id.name)) 1663 return -EINVAL; 1664 1665 /* Delete a control to replace them if needed. */ 1666 if (replace) { 1667 info->id.numid = 0; 1668 err = snd_ctl_remove_user_ctl(file, &info->id); 1669 if (err) 1670 return err; 1671 } 1672 1673 /* Check the number of elements for this userspace control. */ 1674 count = info->owner; 1675 if (count == 0) 1676 count = 1; 1677 1678 /* Arrange access permissions if needed. */ 1679 access = info->access; 1680 if (access == 0) 1681 access = SNDRV_CTL_ELEM_ACCESS_READWRITE; 1682 access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE | 1683 SNDRV_CTL_ELEM_ACCESS_INACTIVE | 1684 SNDRV_CTL_ELEM_ACCESS_TLV_WRITE); 1685 1686 /* In initial state, nothing is available as TLV container. */ 1687 if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE) 1688 access |= SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK; 1689 access |= SNDRV_CTL_ELEM_ACCESS_USER; 1690 1691 /* 1692 * Check information and calculate the size of data specific to 1693 * this userspace control. 1694 */ 1695 /* pass NULL to card for suppressing error messages */ 1696 err = snd_ctl_check_elem_info(NULL, info); 1697 if (err < 0) 1698 return err; 1699 /* user-space control doesn't allow zero-size data */ 1700 if (info->count < 1) 1701 return -EINVAL; 1702 private_size = value_sizes[info->type] * info->count; 1703 alloc_size = compute_user_elem_size(private_size, count); 1704 1705 guard(rwsem_write)(&card->controls_rwsem); 1706 if (check_user_elem_overflow(card, alloc_size)) 1707 return -ENOMEM; 1708 1709 /* 1710 * Keep memory object for this userspace control. After passing this 1711 * code block, the instance should be freed by snd_ctl_free_one(). 1712 * 1713 * Note that these elements in this control are locked. 1714 */ 1715 err = snd_ctl_new(&kctl, count, access, file); 1716 if (err < 0) 1717 return err; 1718 memcpy(&kctl->id, &info->id, sizeof(kctl->id)); 1719 ue = kzalloc(alloc_size, GFP_KERNEL); 1720 if (!ue) { 1721 kfree(kctl); 1722 return -ENOMEM; 1723 } 1724 kctl->private_data = ue; 1725 kctl->private_free = snd_ctl_elem_user_free; 1726 1727 // increment the allocated size; decremented again at private_free. 1728 card->user_ctl_alloc_size += alloc_size; 1729 1730 /* Set private data for this userspace control. */ 1731 ue->card = card; 1732 ue->info = *info; 1733 ue->info.access = 0; 1734 ue->elem_data = (char *)ue + sizeof(*ue); 1735 ue->elem_data_size = private_size; 1736 if (ue->info.type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) { 1737 err = snd_ctl_elem_init_enum_names(ue); 1738 if (err < 0) { 1739 snd_ctl_free_one(kctl); 1740 return err; 1741 } 1742 } 1743 1744 /* Set callback functions. */ 1745 if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) 1746 kctl->info = snd_ctl_elem_user_enum_info; 1747 else 1748 kctl->info = snd_ctl_elem_user_info; 1749 if (access & SNDRV_CTL_ELEM_ACCESS_READ) 1750 kctl->get = snd_ctl_elem_user_get; 1751 if (access & SNDRV_CTL_ELEM_ACCESS_WRITE) 1752 kctl->put = snd_ctl_elem_user_put; 1753 if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE) 1754 kctl->tlv.c = snd_ctl_elem_user_tlv; 1755 1756 /* This function manage to free the instance on failure. */ 1757 err = __snd_ctl_add_replace(card, kctl, CTL_ADD_EXCLUSIVE); 1758 if (err < 0) { 1759 snd_ctl_free_one(kctl); 1760 return err; 1761 } 1762 offset = snd_ctl_get_ioff(kctl, &info->id); 1763 snd_ctl_build_ioff(&info->id, kctl, offset); 1764 /* 1765 * Here we cannot fill any field for the number of elements added by 1766 * this operation because there're no specific fields. The usage of 1767 * 'owner' field for this purpose may cause any bugs to userspace 1768 * applications because the field originally means PID of a process 1769 * which locks the element. 1770 */ 1771 return 0; 1772 } 1773 1774 static int snd_ctl_elem_add_user(struct snd_ctl_file *file, 1775 struct snd_ctl_elem_info __user *_info, int replace) 1776 { 1777 struct snd_ctl_elem_info info; 1778 int err; 1779 1780 if (copy_from_user(&info, _info, sizeof(info))) 1781 return -EFAULT; 1782 err = snd_ctl_elem_add(file, &info, replace); 1783 if (err < 0) 1784 return err; 1785 if (copy_to_user(_info, &info, sizeof(info))) { 1786 snd_ctl_remove_user_ctl(file, &info.id); 1787 return -EFAULT; 1788 } 1789 1790 return 0; 1791 } 1792 1793 static int snd_ctl_elem_remove(struct snd_ctl_file *file, 1794 struct snd_ctl_elem_id __user *_id) 1795 { 1796 struct snd_ctl_elem_id id; 1797 1798 if (copy_from_user(&id, _id, sizeof(id))) 1799 return -EFAULT; 1800 return snd_ctl_remove_user_ctl(file, &id); 1801 } 1802 1803 static int snd_ctl_subscribe_events(struct snd_ctl_file *file, int __user *ptr) 1804 { 1805 int subscribe; 1806 if (get_user(subscribe, ptr)) 1807 return -EFAULT; 1808 if (subscribe < 0) { 1809 subscribe = file->subscribed; 1810 if (put_user(subscribe, ptr)) 1811 return -EFAULT; 1812 return 0; 1813 } 1814 if (subscribe) { 1815 file->subscribed = 1; 1816 return 0; 1817 } else if (file->subscribed) { 1818 snd_ctl_empty_read_queue(file); 1819 file->subscribed = 0; 1820 } 1821 return 0; 1822 } 1823 1824 static int call_tlv_handler(struct snd_ctl_file *file, int op_flag, 1825 struct snd_kcontrol *kctl, 1826 struct snd_ctl_elem_id *id, 1827 unsigned int __user *buf, unsigned int size) 1828 { 1829 static const struct { 1830 int op; 1831 int perm; 1832 } pairs[] = { 1833 {SNDRV_CTL_TLV_OP_READ, SNDRV_CTL_ELEM_ACCESS_TLV_READ}, 1834 {SNDRV_CTL_TLV_OP_WRITE, SNDRV_CTL_ELEM_ACCESS_TLV_WRITE}, 1835 {SNDRV_CTL_TLV_OP_CMD, SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND}, 1836 }; 1837 struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)]; 1838 int i; 1839 1840 /* Check support of the request for this element. */ 1841 for (i = 0; i < ARRAY_SIZE(pairs); ++i) { 1842 if (op_flag == pairs[i].op && (vd->access & pairs[i].perm)) 1843 break; 1844 } 1845 if (i == ARRAY_SIZE(pairs)) 1846 return -ENXIO; 1847 1848 if (kctl->tlv.c == NULL) 1849 return -ENXIO; 1850 1851 /* Write and command operations are not allowed for locked element. */ 1852 if (op_flag != SNDRV_CTL_TLV_OP_READ && 1853 vd->owner != NULL && vd->owner != file) 1854 return -EPERM; 1855 1856 return kctl->tlv.c(kctl, op_flag, size, buf); 1857 } 1858 1859 static int read_tlv_buf(struct snd_kcontrol *kctl, struct snd_ctl_elem_id *id, 1860 unsigned int __user *buf, unsigned int size) 1861 { 1862 struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)]; 1863 unsigned int len; 1864 1865 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_READ)) 1866 return -ENXIO; 1867 1868 if (kctl->tlv.p == NULL) 1869 return -ENXIO; 1870 1871 len = sizeof(unsigned int) * 2 + kctl->tlv.p[1]; 1872 if (size < len) 1873 return -ENOMEM; 1874 1875 if (copy_to_user(buf, kctl->tlv.p, len)) 1876 return -EFAULT; 1877 1878 return 0; 1879 } 1880 1881 static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file, 1882 struct snd_ctl_tlv __user *buf, 1883 int op_flag) 1884 { 1885 struct snd_ctl_tlv header; 1886 unsigned int __user *container; 1887 unsigned int container_size; 1888 struct snd_kcontrol *kctl; 1889 struct snd_ctl_elem_id id; 1890 struct snd_kcontrol_volatile *vd; 1891 1892 lockdep_assert_held(&file->card->controls_rwsem); 1893 1894 if (copy_from_user(&header, buf, sizeof(header))) 1895 return -EFAULT; 1896 1897 /* In design of control core, numerical ID starts at 1. */ 1898 if (header.numid == 0) 1899 return -EINVAL; 1900 1901 /* At least, container should include type and length fields. */ 1902 if (header.length < sizeof(unsigned int) * 2) 1903 return -EINVAL; 1904 container_size = header.length; 1905 container = buf->tlv; 1906 1907 kctl = snd_ctl_find_numid_locked(file->card, header.numid); 1908 if (kctl == NULL) 1909 return -ENOENT; 1910 1911 /* Calculate index of the element in this set. */ 1912 id = kctl->id; 1913 snd_ctl_build_ioff(&id, kctl, header.numid - id.numid); 1914 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)]; 1915 1916 if (vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK) { 1917 return call_tlv_handler(file, op_flag, kctl, &id, container, 1918 container_size); 1919 } else { 1920 if (op_flag == SNDRV_CTL_TLV_OP_READ) { 1921 return read_tlv_buf(kctl, &id, container, 1922 container_size); 1923 } 1924 } 1925 1926 /* Not supported. */ 1927 return -ENXIO; 1928 } 1929 1930 static long snd_ctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1931 { 1932 struct snd_ctl_file *ctl; 1933 struct snd_card *card; 1934 struct snd_kctl_ioctl *p; 1935 void __user *argp = (void __user *)arg; 1936 int __user *ip = argp; 1937 int err; 1938 1939 ctl = file->private_data; 1940 card = ctl->card; 1941 if (snd_BUG_ON(!card)) 1942 return -ENXIO; 1943 switch (cmd) { 1944 case SNDRV_CTL_IOCTL_PVERSION: 1945 return put_user(SNDRV_CTL_VERSION, ip) ? -EFAULT : 0; 1946 case SNDRV_CTL_IOCTL_CARD_INFO: 1947 return snd_ctl_card_info(card, ctl, cmd, argp); 1948 case SNDRV_CTL_IOCTL_ELEM_LIST: 1949 return snd_ctl_elem_list_user(card, argp); 1950 case SNDRV_CTL_IOCTL_ELEM_INFO: 1951 return snd_ctl_elem_info_user(ctl, argp); 1952 case SNDRV_CTL_IOCTL_ELEM_READ: 1953 return snd_ctl_elem_read_user(card, argp); 1954 case SNDRV_CTL_IOCTL_ELEM_WRITE: 1955 return snd_ctl_elem_write_user(ctl, argp); 1956 case SNDRV_CTL_IOCTL_ELEM_LOCK: 1957 return snd_ctl_elem_lock(ctl, argp); 1958 case SNDRV_CTL_IOCTL_ELEM_UNLOCK: 1959 return snd_ctl_elem_unlock(ctl, argp); 1960 case SNDRV_CTL_IOCTL_ELEM_ADD: 1961 return snd_ctl_elem_add_user(ctl, argp, 0); 1962 case SNDRV_CTL_IOCTL_ELEM_REPLACE: 1963 return snd_ctl_elem_add_user(ctl, argp, 1); 1964 case SNDRV_CTL_IOCTL_ELEM_REMOVE: 1965 return snd_ctl_elem_remove(ctl, argp); 1966 case SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS: 1967 return snd_ctl_subscribe_events(ctl, ip); 1968 case SNDRV_CTL_IOCTL_TLV_READ: 1969 err = snd_power_ref_and_wait(card); 1970 if (err < 0) 1971 return err; 1972 scoped_guard(rwsem_read, &card->controls_rwsem) 1973 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_READ); 1974 snd_power_unref(card); 1975 return err; 1976 case SNDRV_CTL_IOCTL_TLV_WRITE: 1977 err = snd_power_ref_and_wait(card); 1978 if (err < 0) 1979 return err; 1980 scoped_guard(rwsem_write, &card->controls_rwsem) 1981 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_WRITE); 1982 snd_power_unref(card); 1983 return err; 1984 case SNDRV_CTL_IOCTL_TLV_COMMAND: 1985 err = snd_power_ref_and_wait(card); 1986 if (err < 0) 1987 return err; 1988 scoped_guard(rwsem_write, &card->controls_rwsem) 1989 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_CMD); 1990 snd_power_unref(card); 1991 return err; 1992 case SNDRV_CTL_IOCTL_POWER: 1993 return -ENOPROTOOPT; 1994 case SNDRV_CTL_IOCTL_POWER_STATE: 1995 return put_user(SNDRV_CTL_POWER_D0, ip) ? -EFAULT : 0; 1996 } 1997 1998 guard(rwsem_read)(&snd_ioctl_rwsem); 1999 list_for_each_entry(p, &snd_control_ioctls, list) { 2000 err = p->fioctl(card, ctl, cmd, arg); 2001 if (err != -ENOIOCTLCMD) 2002 return err; 2003 } 2004 dev_dbg(card->dev, "unknown ioctl = 0x%x\n", cmd); 2005 return -ENOTTY; 2006 } 2007 2008 static ssize_t snd_ctl_read(struct file *file, char __user *buffer, 2009 size_t count, loff_t * offset) 2010 { 2011 struct snd_ctl_file *ctl; 2012 int err = 0; 2013 ssize_t result = 0; 2014 2015 ctl = file->private_data; 2016 if (snd_BUG_ON(!ctl || !ctl->card)) 2017 return -ENXIO; 2018 if (!ctl->subscribed) 2019 return -EBADFD; 2020 if (count < sizeof(struct snd_ctl_event)) 2021 return -EINVAL; 2022 spin_lock_irq(&ctl->read_lock); 2023 while (count >= sizeof(struct snd_ctl_event)) { 2024 struct snd_ctl_event ev; 2025 struct snd_kctl_event *kev; 2026 while (list_empty(&ctl->events)) { 2027 wait_queue_entry_t wait; 2028 if ((file->f_flags & O_NONBLOCK) != 0 || result > 0) { 2029 err = -EAGAIN; 2030 goto __end_lock; 2031 } 2032 init_waitqueue_entry(&wait, current); 2033 add_wait_queue(&ctl->change_sleep, &wait); 2034 set_current_state(TASK_INTERRUPTIBLE); 2035 spin_unlock_irq(&ctl->read_lock); 2036 schedule(); 2037 remove_wait_queue(&ctl->change_sleep, &wait); 2038 if (ctl->card->shutdown) 2039 return -ENODEV; 2040 if (signal_pending(current)) 2041 return -ERESTARTSYS; 2042 spin_lock_irq(&ctl->read_lock); 2043 } 2044 kev = snd_kctl_event(ctl->events.next); 2045 ev.type = SNDRV_CTL_EVENT_ELEM; 2046 ev.data.elem.mask = kev->mask; 2047 ev.data.elem.id = kev->id; 2048 list_del(&kev->list); 2049 spin_unlock_irq(&ctl->read_lock); 2050 kfree(kev); 2051 if (copy_to_user(buffer, &ev, sizeof(struct snd_ctl_event))) { 2052 err = -EFAULT; 2053 goto __end; 2054 } 2055 spin_lock_irq(&ctl->read_lock); 2056 buffer += sizeof(struct snd_ctl_event); 2057 count -= sizeof(struct snd_ctl_event); 2058 result += sizeof(struct snd_ctl_event); 2059 } 2060 __end_lock: 2061 spin_unlock_irq(&ctl->read_lock); 2062 __end: 2063 return result > 0 ? result : err; 2064 } 2065 2066 static __poll_t snd_ctl_poll(struct file *file, poll_table * wait) 2067 { 2068 __poll_t mask; 2069 struct snd_ctl_file *ctl; 2070 2071 ctl = file->private_data; 2072 if (!ctl->subscribed) 2073 return 0; 2074 poll_wait(file, &ctl->change_sleep, wait); 2075 2076 mask = 0; 2077 if (!list_empty(&ctl->events)) 2078 mask |= EPOLLIN | EPOLLRDNORM; 2079 2080 return mask; 2081 } 2082 2083 /* 2084 * register the device-specific control-ioctls. 2085 * called from each device manager like pcm.c, hwdep.c, etc. 2086 */ 2087 static int _snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn, struct list_head *lists) 2088 { 2089 struct snd_kctl_ioctl *pn; 2090 2091 pn = kzalloc(sizeof(struct snd_kctl_ioctl), GFP_KERNEL); 2092 if (pn == NULL) 2093 return -ENOMEM; 2094 pn->fioctl = fcn; 2095 guard(rwsem_write)(&snd_ioctl_rwsem); 2096 list_add_tail(&pn->list, lists); 2097 return 0; 2098 } 2099 2100 /** 2101 * snd_ctl_register_ioctl - register the device-specific control-ioctls 2102 * @fcn: ioctl callback function 2103 * 2104 * called from each device manager like pcm.c, hwdep.c, etc. 2105 * 2106 * Return: zero if successful, or a negative error code 2107 */ 2108 int snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn) 2109 { 2110 return _snd_ctl_register_ioctl(fcn, &snd_control_ioctls); 2111 } 2112 EXPORT_SYMBOL(snd_ctl_register_ioctl); 2113 2114 #ifdef CONFIG_COMPAT 2115 /** 2116 * snd_ctl_register_ioctl_compat - register the device-specific 32bit compat 2117 * control-ioctls 2118 * @fcn: ioctl callback function 2119 * 2120 * Return: zero if successful, or a negative error code 2121 */ 2122 int snd_ctl_register_ioctl_compat(snd_kctl_ioctl_func_t fcn) 2123 { 2124 return _snd_ctl_register_ioctl(fcn, &snd_control_compat_ioctls); 2125 } 2126 EXPORT_SYMBOL(snd_ctl_register_ioctl_compat); 2127 #endif 2128 2129 /* 2130 * de-register the device-specific control-ioctls. 2131 */ 2132 static int _snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn, 2133 struct list_head *lists) 2134 { 2135 struct snd_kctl_ioctl *p; 2136 2137 if (snd_BUG_ON(!fcn)) 2138 return -EINVAL; 2139 guard(rwsem_write)(&snd_ioctl_rwsem); 2140 list_for_each_entry(p, lists, list) { 2141 if (p->fioctl == fcn) { 2142 list_del(&p->list); 2143 kfree(p); 2144 return 0; 2145 } 2146 } 2147 snd_BUG(); 2148 return -EINVAL; 2149 } 2150 2151 /** 2152 * snd_ctl_unregister_ioctl - de-register the device-specific control-ioctls 2153 * @fcn: ioctl callback function to unregister 2154 * 2155 * Return: zero if successful, or a negative error code 2156 */ 2157 int snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn) 2158 { 2159 return _snd_ctl_unregister_ioctl(fcn, &snd_control_ioctls); 2160 } 2161 EXPORT_SYMBOL(snd_ctl_unregister_ioctl); 2162 2163 #ifdef CONFIG_COMPAT 2164 /** 2165 * snd_ctl_unregister_ioctl_compat - de-register the device-specific compat 2166 * 32bit control-ioctls 2167 * @fcn: ioctl callback function to unregister 2168 * 2169 * Return: zero if successful, or a negative error code 2170 */ 2171 int snd_ctl_unregister_ioctl_compat(snd_kctl_ioctl_func_t fcn) 2172 { 2173 return _snd_ctl_unregister_ioctl(fcn, &snd_control_compat_ioctls); 2174 } 2175 EXPORT_SYMBOL(snd_ctl_unregister_ioctl_compat); 2176 #endif 2177 2178 static int snd_ctl_fasync(int fd, struct file * file, int on) 2179 { 2180 struct snd_ctl_file *ctl; 2181 2182 ctl = file->private_data; 2183 return snd_fasync_helper(fd, file, on, &ctl->fasync); 2184 } 2185 2186 /* return the preferred subdevice number if already assigned; 2187 * otherwise return -1 2188 */ 2189 int snd_ctl_get_preferred_subdevice(struct snd_card *card, int type) 2190 { 2191 struct snd_ctl_file *kctl; 2192 int subdevice = -1; 2193 2194 guard(read_lock_irqsave)(&card->ctl_files_rwlock); 2195 list_for_each_entry(kctl, &card->ctl_files, list) { 2196 if (kctl->pid == task_pid(current)) { 2197 subdevice = kctl->preferred_subdevice[type]; 2198 if (subdevice != -1) 2199 break; 2200 } 2201 } 2202 return subdevice; 2203 } 2204 EXPORT_SYMBOL_GPL(snd_ctl_get_preferred_subdevice); 2205 2206 /* 2207 * ioctl32 compat 2208 */ 2209 #ifdef CONFIG_COMPAT 2210 #include "control_compat.c" 2211 #else 2212 #define snd_ctl_ioctl_compat NULL 2213 #endif 2214 2215 /* 2216 * control layers (audio LED etc.) 2217 */ 2218 2219 /** 2220 * snd_ctl_request_layer - request to use the layer 2221 * @module_name: Name of the kernel module (NULL == build-in) 2222 * 2223 * Return: zero if successful, or an error code when the module cannot be loaded 2224 */ 2225 int snd_ctl_request_layer(const char *module_name) 2226 { 2227 struct snd_ctl_layer_ops *lops; 2228 2229 if (module_name == NULL) 2230 return 0; 2231 scoped_guard(rwsem_read, &snd_ctl_layer_rwsem) { 2232 for (lops = snd_ctl_layer; lops; lops = lops->next) 2233 if (strcmp(lops->module_name, module_name) == 0) 2234 return 0; 2235 } 2236 return request_module(module_name); 2237 } 2238 EXPORT_SYMBOL_GPL(snd_ctl_request_layer); 2239 2240 /** 2241 * snd_ctl_register_layer - register new control layer 2242 * @lops: operation structure 2243 * 2244 * The new layer can track all control elements and do additional 2245 * operations on top (like audio LED handling). 2246 */ 2247 void snd_ctl_register_layer(struct snd_ctl_layer_ops *lops) 2248 { 2249 struct snd_card *card; 2250 int card_number; 2251 2252 scoped_guard(rwsem_write, &snd_ctl_layer_rwsem) { 2253 lops->next = snd_ctl_layer; 2254 snd_ctl_layer = lops; 2255 } 2256 for (card_number = 0; card_number < SNDRV_CARDS; card_number++) { 2257 card = snd_card_ref(card_number); 2258 if (card) { 2259 scoped_guard(rwsem_read, &card->controls_rwsem) 2260 lops->lregister(card); 2261 snd_card_unref(card); 2262 } 2263 } 2264 } 2265 EXPORT_SYMBOL_GPL(snd_ctl_register_layer); 2266 2267 /** 2268 * snd_ctl_disconnect_layer - disconnect control layer 2269 * @lops: operation structure 2270 * 2271 * It is expected that the information about tracked cards 2272 * is freed before this call (the disconnect callback is 2273 * not called here). 2274 */ 2275 void snd_ctl_disconnect_layer(struct snd_ctl_layer_ops *lops) 2276 { 2277 struct snd_ctl_layer_ops *lops2, *prev_lops2; 2278 2279 guard(rwsem_write)(&snd_ctl_layer_rwsem); 2280 for (lops2 = snd_ctl_layer, prev_lops2 = NULL; lops2; lops2 = lops2->next) { 2281 if (lops2 == lops) { 2282 if (!prev_lops2) 2283 snd_ctl_layer = lops->next; 2284 else 2285 prev_lops2->next = lops->next; 2286 break; 2287 } 2288 prev_lops2 = lops2; 2289 } 2290 } 2291 EXPORT_SYMBOL_GPL(snd_ctl_disconnect_layer); 2292 2293 /* 2294 * INIT PART 2295 */ 2296 2297 static const struct file_operations snd_ctl_f_ops = 2298 { 2299 .owner = THIS_MODULE, 2300 .read = snd_ctl_read, 2301 .open = snd_ctl_open, 2302 .release = snd_ctl_release, 2303 .llseek = no_llseek, 2304 .poll = snd_ctl_poll, 2305 .unlocked_ioctl = snd_ctl_ioctl, 2306 .compat_ioctl = snd_ctl_ioctl_compat, 2307 .fasync = snd_ctl_fasync, 2308 }; 2309 2310 /* call lops under rwsems; called from snd_ctl_dev_*() below() */ 2311 #define call_snd_ctl_lops(_card, _op) \ 2312 do { \ 2313 struct snd_ctl_layer_ops *lops; \ 2314 guard(rwsem_read)(&(_card)->controls_rwsem); \ 2315 guard(rwsem_read)(&snd_ctl_layer_rwsem); \ 2316 for (lops = snd_ctl_layer; lops; lops = lops->next) \ 2317 lops->_op(_card); \ 2318 } while (0) 2319 2320 /* 2321 * registration of the control device 2322 */ 2323 static int snd_ctl_dev_register(struct snd_device *device) 2324 { 2325 struct snd_card *card = device->device_data; 2326 int err; 2327 2328 err = snd_register_device(SNDRV_DEVICE_TYPE_CONTROL, card, -1, 2329 &snd_ctl_f_ops, card, card->ctl_dev); 2330 if (err < 0) 2331 return err; 2332 call_snd_ctl_lops(card, lregister); 2333 return 0; 2334 } 2335 2336 /* 2337 * disconnection of the control device 2338 */ 2339 static int snd_ctl_dev_disconnect(struct snd_device *device) 2340 { 2341 struct snd_card *card = device->device_data; 2342 struct snd_ctl_file *ctl; 2343 2344 scoped_guard(read_lock_irqsave, &card->ctl_files_rwlock) { 2345 list_for_each_entry(ctl, &card->ctl_files, list) { 2346 wake_up(&ctl->change_sleep); 2347 snd_kill_fasync(ctl->fasync, SIGIO, POLL_ERR); 2348 } 2349 } 2350 2351 call_snd_ctl_lops(card, ldisconnect); 2352 return snd_unregister_device(card->ctl_dev); 2353 } 2354 2355 /* 2356 * free all controls 2357 */ 2358 static int snd_ctl_dev_free(struct snd_device *device) 2359 { 2360 struct snd_card *card = device->device_data; 2361 struct snd_kcontrol *control; 2362 2363 scoped_guard(rwsem_write, &card->controls_rwsem) { 2364 while (!list_empty(&card->controls)) { 2365 control = snd_kcontrol(card->controls.next); 2366 __snd_ctl_remove(card, control, false); 2367 } 2368 2369 #ifdef CONFIG_SND_CTL_FAST_LOOKUP 2370 xa_destroy(&card->ctl_numids); 2371 xa_destroy(&card->ctl_hash); 2372 #endif 2373 } 2374 put_device(card->ctl_dev); 2375 return 0; 2376 } 2377 2378 /* 2379 * create control core: 2380 * called from init.c 2381 */ 2382 int snd_ctl_create(struct snd_card *card) 2383 { 2384 static const struct snd_device_ops ops = { 2385 .dev_free = snd_ctl_dev_free, 2386 .dev_register = snd_ctl_dev_register, 2387 .dev_disconnect = snd_ctl_dev_disconnect, 2388 }; 2389 int err; 2390 2391 if (snd_BUG_ON(!card)) 2392 return -ENXIO; 2393 if (snd_BUG_ON(card->number < 0 || card->number >= SNDRV_CARDS)) 2394 return -ENXIO; 2395 2396 err = snd_device_alloc(&card->ctl_dev, card); 2397 if (err < 0) 2398 return err; 2399 dev_set_name(card->ctl_dev, "controlC%d", card->number); 2400 2401 err = snd_device_new(card, SNDRV_DEV_CONTROL, card, &ops); 2402 if (err < 0) 2403 put_device(card->ctl_dev); 2404 return err; 2405 } 2406 2407 /* 2408 * Frequently used control callbacks/helpers 2409 */ 2410 2411 /** 2412 * snd_ctl_boolean_mono_info - Helper function for a standard boolean info 2413 * callback with a mono channel 2414 * @kcontrol: the kcontrol instance 2415 * @uinfo: info to store 2416 * 2417 * This is a function that can be used as info callback for a standard 2418 * boolean control with a single mono channel. 2419 * 2420 * Return: Zero (always successful) 2421 */ 2422 int snd_ctl_boolean_mono_info(struct snd_kcontrol *kcontrol, 2423 struct snd_ctl_elem_info *uinfo) 2424 { 2425 uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN; 2426 uinfo->count = 1; 2427 uinfo->value.integer.min = 0; 2428 uinfo->value.integer.max = 1; 2429 return 0; 2430 } 2431 EXPORT_SYMBOL(snd_ctl_boolean_mono_info); 2432 2433 /** 2434 * snd_ctl_boolean_stereo_info - Helper function for a standard boolean info 2435 * callback with stereo two channels 2436 * @kcontrol: the kcontrol instance 2437 * @uinfo: info to store 2438 * 2439 * This is a function that can be used as info callback for a standard 2440 * boolean control with stereo two channels. 2441 * 2442 * Return: Zero (always successful) 2443 */ 2444 int snd_ctl_boolean_stereo_info(struct snd_kcontrol *kcontrol, 2445 struct snd_ctl_elem_info *uinfo) 2446 { 2447 uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN; 2448 uinfo->count = 2; 2449 uinfo->value.integer.min = 0; 2450 uinfo->value.integer.max = 1; 2451 return 0; 2452 } 2453 EXPORT_SYMBOL(snd_ctl_boolean_stereo_info); 2454 2455 /** 2456 * snd_ctl_enum_info - fills the info structure for an enumerated control 2457 * @info: the structure to be filled 2458 * @channels: the number of the control's channels; often one 2459 * @items: the number of control values; also the size of @names 2460 * @names: an array containing the names of all control values 2461 * 2462 * Sets all required fields in @info to their appropriate values. 2463 * If the control's accessibility is not the default (readable and writable), 2464 * the caller has to fill @info->access. 2465 * 2466 * Return: Zero (always successful) 2467 */ 2468 int snd_ctl_enum_info(struct snd_ctl_elem_info *info, unsigned int channels, 2469 unsigned int items, const char *const names[]) 2470 { 2471 info->type = SNDRV_CTL_ELEM_TYPE_ENUMERATED; 2472 info->count = channels; 2473 info->value.enumerated.items = items; 2474 if (!items) 2475 return 0; 2476 if (info->value.enumerated.item >= items) 2477 info->value.enumerated.item = items - 1; 2478 WARN(strlen(names[info->value.enumerated.item]) >= sizeof(info->value.enumerated.name), 2479 "ALSA: too long item name '%s'\n", 2480 names[info->value.enumerated.item]); 2481 strscpy(info->value.enumerated.name, 2482 names[info->value.enumerated.item], 2483 sizeof(info->value.enumerated.name)); 2484 return 0; 2485 } 2486 EXPORT_SYMBOL(snd_ctl_enum_info); 2487