1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Routines for driver control interface 4 * Copyright (c) by Jaroslav Kysela <perex@perex.cz> 5 */ 6 7 #include <linux/threads.h> 8 #include <linux/interrupt.h> 9 #include <linux/module.h> 10 #include <linux/moduleparam.h> 11 #include <linux/slab.h> 12 #include <linux/vmalloc.h> 13 #include <linux/time.h> 14 #include <linux/mm.h> 15 #include <linux/math64.h> 16 #include <linux/sched/signal.h> 17 #include <sound/core.h> 18 #include <sound/minors.h> 19 #include <sound/info.h> 20 #include <sound/control.h> 21 22 // Max allocation size for user controls. 23 static int max_user_ctl_alloc_size = 8 * 1024 * 1024; 24 module_param_named(max_user_ctl_alloc_size, max_user_ctl_alloc_size, int, 0444); 25 MODULE_PARM_DESC(max_user_ctl_alloc_size, "Max allocation size for user controls"); 26 27 #define MAX_CONTROL_COUNT 1028 28 29 struct snd_kctl_ioctl { 30 struct list_head list; /* list of all ioctls */ 31 snd_kctl_ioctl_func_t fioctl; 32 }; 33 34 static DECLARE_RWSEM(snd_ioctl_rwsem); 35 static DECLARE_RWSEM(snd_ctl_layer_rwsem); 36 static LIST_HEAD(snd_control_ioctls); 37 #ifdef CONFIG_COMPAT 38 static LIST_HEAD(snd_control_compat_ioctls); 39 #endif 40 static struct snd_ctl_layer_ops *snd_ctl_layer; 41 42 static int snd_ctl_open(struct inode *inode, struct file *file) 43 { 44 unsigned long flags; 45 struct snd_card *card; 46 struct snd_ctl_file *ctl; 47 int i, err; 48 49 err = stream_open(inode, file); 50 if (err < 0) 51 return err; 52 53 card = snd_lookup_minor_data(iminor(inode), SNDRV_DEVICE_TYPE_CONTROL); 54 if (!card) { 55 err = -ENODEV; 56 goto __error1; 57 } 58 err = snd_card_file_add(card, file); 59 if (err < 0) { 60 err = -ENODEV; 61 goto __error1; 62 } 63 if (!try_module_get(card->module)) { 64 err = -EFAULT; 65 goto __error2; 66 } 67 ctl = kzalloc(sizeof(*ctl), GFP_KERNEL); 68 if (ctl == NULL) { 69 err = -ENOMEM; 70 goto __error; 71 } 72 INIT_LIST_HEAD(&ctl->events); 73 init_waitqueue_head(&ctl->change_sleep); 74 spin_lock_init(&ctl->read_lock); 75 ctl->card = card; 76 for (i = 0; i < SND_CTL_SUBDEV_ITEMS; i++) 77 ctl->preferred_subdevice[i] = -1; 78 ctl->pid = get_pid(task_pid(current)); 79 file->private_data = ctl; 80 write_lock_irqsave(&card->ctl_files_rwlock, flags); 81 list_add_tail(&ctl->list, &card->ctl_files); 82 write_unlock_irqrestore(&card->ctl_files_rwlock, flags); 83 snd_card_unref(card); 84 return 0; 85 86 __error: 87 module_put(card->module); 88 __error2: 89 snd_card_file_remove(card, file); 90 __error1: 91 if (card) 92 snd_card_unref(card); 93 return err; 94 } 95 96 static void snd_ctl_empty_read_queue(struct snd_ctl_file * ctl) 97 { 98 unsigned long flags; 99 struct snd_kctl_event *cread; 100 101 spin_lock_irqsave(&ctl->read_lock, flags); 102 while (!list_empty(&ctl->events)) { 103 cread = snd_kctl_event(ctl->events.next); 104 list_del(&cread->list); 105 kfree(cread); 106 } 107 spin_unlock_irqrestore(&ctl->read_lock, flags); 108 } 109 110 static int snd_ctl_release(struct inode *inode, struct file *file) 111 { 112 unsigned long flags; 113 struct snd_card *card; 114 struct snd_ctl_file *ctl; 115 struct snd_kcontrol *control; 116 unsigned int idx; 117 118 ctl = file->private_data; 119 file->private_data = NULL; 120 card = ctl->card; 121 write_lock_irqsave(&card->ctl_files_rwlock, flags); 122 list_del(&ctl->list); 123 write_unlock_irqrestore(&card->ctl_files_rwlock, flags); 124 down_write(&card->controls_rwsem); 125 list_for_each_entry(control, &card->controls, list) 126 for (idx = 0; idx < control->count; idx++) 127 if (control->vd[idx].owner == ctl) 128 control->vd[idx].owner = NULL; 129 up_write(&card->controls_rwsem); 130 snd_ctl_empty_read_queue(ctl); 131 put_pid(ctl->pid); 132 kfree(ctl); 133 module_put(card->module); 134 snd_card_file_remove(card, file); 135 return 0; 136 } 137 138 /** 139 * snd_ctl_notify - Send notification to user-space for a control change 140 * @card: the card to send notification 141 * @mask: the event mask, SNDRV_CTL_EVENT_* 142 * @id: the ctl element id to send notification 143 * 144 * This function adds an event record with the given id and mask, appends 145 * to the list and wakes up the user-space for notification. This can be 146 * called in the atomic context. 147 */ 148 void snd_ctl_notify(struct snd_card *card, unsigned int mask, 149 struct snd_ctl_elem_id *id) 150 { 151 unsigned long flags; 152 struct snd_ctl_file *ctl; 153 struct snd_kctl_event *ev; 154 155 if (snd_BUG_ON(!card || !id)) 156 return; 157 if (card->shutdown) 158 return; 159 read_lock_irqsave(&card->ctl_files_rwlock, flags); 160 #if IS_ENABLED(CONFIG_SND_MIXER_OSS) 161 card->mixer_oss_change_count++; 162 #endif 163 list_for_each_entry(ctl, &card->ctl_files, list) { 164 if (!ctl->subscribed) 165 continue; 166 spin_lock(&ctl->read_lock); 167 list_for_each_entry(ev, &ctl->events, list) { 168 if (ev->id.numid == id->numid) { 169 ev->mask |= mask; 170 goto _found; 171 } 172 } 173 ev = kzalloc(sizeof(*ev), GFP_ATOMIC); 174 if (ev) { 175 ev->id = *id; 176 ev->mask = mask; 177 list_add_tail(&ev->list, &ctl->events); 178 } else { 179 dev_err(card->dev, "No memory available to allocate event\n"); 180 } 181 _found: 182 wake_up(&ctl->change_sleep); 183 spin_unlock(&ctl->read_lock); 184 kill_fasync(&ctl->fasync, SIGIO, POLL_IN); 185 } 186 read_unlock_irqrestore(&card->ctl_files_rwlock, flags); 187 } 188 EXPORT_SYMBOL(snd_ctl_notify); 189 190 /** 191 * snd_ctl_notify_one - Send notification to user-space for a control change 192 * @card: the card to send notification 193 * @mask: the event mask, SNDRV_CTL_EVENT_* 194 * @kctl: the pointer with the control instance 195 * @ioff: the additional offset to the control index 196 * 197 * This function calls snd_ctl_notify() and does additional jobs 198 * like LED state changes. 199 */ 200 void snd_ctl_notify_one(struct snd_card *card, unsigned int mask, 201 struct snd_kcontrol *kctl, unsigned int ioff) 202 { 203 struct snd_ctl_elem_id id = kctl->id; 204 struct snd_ctl_layer_ops *lops; 205 206 id.index += ioff; 207 id.numid += ioff; 208 snd_ctl_notify(card, mask, &id); 209 down_read(&snd_ctl_layer_rwsem); 210 for (lops = snd_ctl_layer; lops; lops = lops->next) 211 lops->lnotify(card, mask, kctl, ioff); 212 up_read(&snd_ctl_layer_rwsem); 213 } 214 EXPORT_SYMBOL(snd_ctl_notify_one); 215 216 /** 217 * snd_ctl_new - create a new control instance with some elements 218 * @kctl: the pointer to store new control instance 219 * @count: the number of elements in this control 220 * @access: the default access flags for elements in this control 221 * @file: given when locking these elements 222 * 223 * Allocates a memory object for a new control instance. The instance has 224 * elements as many as the given number (@count). Each element has given 225 * access permissions (@access). Each element is locked when @file is given. 226 * 227 * Return: 0 on success, error code on failure 228 */ 229 static int snd_ctl_new(struct snd_kcontrol **kctl, unsigned int count, 230 unsigned int access, struct snd_ctl_file *file) 231 { 232 unsigned int idx; 233 234 if (count == 0 || count > MAX_CONTROL_COUNT) 235 return -EINVAL; 236 237 *kctl = kzalloc(struct_size(*kctl, vd, count), GFP_KERNEL); 238 if (!*kctl) 239 return -ENOMEM; 240 241 for (idx = 0; idx < count; idx++) { 242 (*kctl)->vd[idx].access = access; 243 (*kctl)->vd[idx].owner = file; 244 } 245 (*kctl)->count = count; 246 247 return 0; 248 } 249 250 /** 251 * snd_ctl_new1 - create a control instance from the template 252 * @ncontrol: the initialization record 253 * @private_data: the private data to set 254 * 255 * Allocates a new struct snd_kcontrol instance and initialize from the given 256 * template. When the access field of ncontrol is 0, it's assumed as 257 * READWRITE access. When the count field is 0, it's assumes as one. 258 * 259 * Return: The pointer of the newly generated instance, or %NULL on failure. 260 */ 261 struct snd_kcontrol *snd_ctl_new1(const struct snd_kcontrol_new *ncontrol, 262 void *private_data) 263 { 264 struct snd_kcontrol *kctl; 265 unsigned int count; 266 unsigned int access; 267 int err; 268 269 if (snd_BUG_ON(!ncontrol || !ncontrol->info)) 270 return NULL; 271 272 count = ncontrol->count; 273 if (count == 0) 274 count = 1; 275 276 access = ncontrol->access; 277 if (access == 0) 278 access = SNDRV_CTL_ELEM_ACCESS_READWRITE; 279 access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE | 280 SNDRV_CTL_ELEM_ACCESS_VOLATILE | 281 SNDRV_CTL_ELEM_ACCESS_INACTIVE | 282 SNDRV_CTL_ELEM_ACCESS_TLV_READWRITE | 283 SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND | 284 SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK | 285 SNDRV_CTL_ELEM_ACCESS_LED_MASK | 286 SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK); 287 288 err = snd_ctl_new(&kctl, count, access, NULL); 289 if (err < 0) 290 return NULL; 291 292 /* The 'numid' member is decided when calling snd_ctl_add(). */ 293 kctl->id.iface = ncontrol->iface; 294 kctl->id.device = ncontrol->device; 295 kctl->id.subdevice = ncontrol->subdevice; 296 if (ncontrol->name) { 297 strscpy(kctl->id.name, ncontrol->name, sizeof(kctl->id.name)); 298 if (strcmp(ncontrol->name, kctl->id.name) != 0) 299 pr_warn("ALSA: Control name '%s' truncated to '%s'\n", 300 ncontrol->name, kctl->id.name); 301 } 302 kctl->id.index = ncontrol->index; 303 304 kctl->info = ncontrol->info; 305 kctl->get = ncontrol->get; 306 kctl->put = ncontrol->put; 307 kctl->tlv.p = ncontrol->tlv.p; 308 309 kctl->private_value = ncontrol->private_value; 310 kctl->private_data = private_data; 311 312 return kctl; 313 } 314 EXPORT_SYMBOL(snd_ctl_new1); 315 316 /** 317 * snd_ctl_free_one - release the control instance 318 * @kcontrol: the control instance 319 * 320 * Releases the control instance created via snd_ctl_new() 321 * or snd_ctl_new1(). 322 * Don't call this after the control was added to the card. 323 */ 324 void snd_ctl_free_one(struct snd_kcontrol *kcontrol) 325 { 326 if (kcontrol) { 327 if (kcontrol->private_free) 328 kcontrol->private_free(kcontrol); 329 kfree(kcontrol); 330 } 331 } 332 EXPORT_SYMBOL(snd_ctl_free_one); 333 334 static bool snd_ctl_remove_numid_conflict(struct snd_card *card, 335 unsigned int count) 336 { 337 struct snd_kcontrol *kctl; 338 339 /* Make sure that the ids assigned to the control do not wrap around */ 340 if (card->last_numid >= UINT_MAX - count) 341 card->last_numid = 0; 342 343 list_for_each_entry(kctl, &card->controls, list) { 344 if (kctl->id.numid < card->last_numid + 1 + count && 345 kctl->id.numid + kctl->count > card->last_numid + 1) { 346 card->last_numid = kctl->id.numid + kctl->count - 1; 347 return true; 348 } 349 } 350 return false; 351 } 352 353 static int snd_ctl_find_hole(struct snd_card *card, unsigned int count) 354 { 355 unsigned int iter = 100000; 356 357 while (snd_ctl_remove_numid_conflict(card, count)) { 358 if (--iter == 0) { 359 /* this situation is very unlikely */ 360 dev_err(card->dev, "unable to allocate new control numid\n"); 361 return -ENOMEM; 362 } 363 } 364 return 0; 365 } 366 367 /* check whether the given id is contained in the given kctl */ 368 static bool elem_id_matches(const struct snd_kcontrol *kctl, 369 const struct snd_ctl_elem_id *id) 370 { 371 return kctl->id.iface == id->iface && 372 kctl->id.device == id->device && 373 kctl->id.subdevice == id->subdevice && 374 !strncmp(kctl->id.name, id->name, sizeof(kctl->id.name)) && 375 kctl->id.index <= id->index && 376 kctl->id.index + kctl->count > id->index; 377 } 378 379 #ifdef CONFIG_SND_CTL_FAST_LOOKUP 380 /* Compute a hash key for the corresponding ctl id 381 * It's for the name lookup, hence the numid is excluded. 382 * The hash key is bound in LONG_MAX to be used for Xarray key. 383 */ 384 #define MULTIPLIER 37 385 static unsigned long get_ctl_id_hash(const struct snd_ctl_elem_id *id) 386 { 387 unsigned long h; 388 const unsigned char *p; 389 390 h = id->iface; 391 h = MULTIPLIER * h + id->device; 392 h = MULTIPLIER * h + id->subdevice; 393 for (p = id->name; *p; p++) 394 h = MULTIPLIER * h + *p; 395 h = MULTIPLIER * h + id->index; 396 h &= LONG_MAX; 397 return h; 398 } 399 400 /* add hash entries to numid and ctl xarray tables */ 401 static void add_hash_entries(struct snd_card *card, 402 struct snd_kcontrol *kcontrol) 403 { 404 struct snd_ctl_elem_id id = kcontrol->id; 405 int i; 406 407 xa_store_range(&card->ctl_numids, kcontrol->id.numid, 408 kcontrol->id.numid + kcontrol->count - 1, 409 kcontrol, GFP_KERNEL); 410 411 for (i = 0; i < kcontrol->count; i++) { 412 id.index = kcontrol->id.index + i; 413 if (xa_insert(&card->ctl_hash, get_ctl_id_hash(&id), 414 kcontrol, GFP_KERNEL)) { 415 /* skip hash for this entry, noting we had collision */ 416 card->ctl_hash_collision = true; 417 dev_dbg(card->dev, "ctl_hash collision %d:%s:%d\n", 418 id.iface, id.name, id.index); 419 } 420 } 421 } 422 423 /* remove hash entries that have been added */ 424 static void remove_hash_entries(struct snd_card *card, 425 struct snd_kcontrol *kcontrol) 426 { 427 struct snd_ctl_elem_id id = kcontrol->id; 428 struct snd_kcontrol *matched; 429 unsigned long h; 430 int i; 431 432 for (i = 0; i < kcontrol->count; i++) { 433 xa_erase(&card->ctl_numids, id.numid); 434 h = get_ctl_id_hash(&id); 435 matched = xa_load(&card->ctl_hash, h); 436 if (matched && (matched == kcontrol || 437 elem_id_matches(matched, &id))) 438 xa_erase(&card->ctl_hash, h); 439 id.index++; 440 id.numid++; 441 } 442 } 443 #else /* CONFIG_SND_CTL_FAST_LOOKUP */ 444 static inline void add_hash_entries(struct snd_card *card, 445 struct snd_kcontrol *kcontrol) 446 { 447 } 448 static inline void remove_hash_entries(struct snd_card *card, 449 struct snd_kcontrol *kcontrol) 450 { 451 } 452 #endif /* CONFIG_SND_CTL_FAST_LOOKUP */ 453 454 enum snd_ctl_add_mode { 455 CTL_ADD_EXCLUSIVE, CTL_REPLACE, CTL_ADD_ON_REPLACE, 456 }; 457 458 /* add/replace a new kcontrol object; call with card->controls_rwsem locked */ 459 static int __snd_ctl_add_replace(struct snd_card *card, 460 struct snd_kcontrol *kcontrol, 461 enum snd_ctl_add_mode mode) 462 { 463 struct snd_ctl_elem_id id; 464 unsigned int idx; 465 struct snd_kcontrol *old; 466 int err; 467 468 id = kcontrol->id; 469 if (id.index > UINT_MAX - kcontrol->count) 470 return -EINVAL; 471 472 old = snd_ctl_find_id(card, &id); 473 if (!old) { 474 if (mode == CTL_REPLACE) 475 return -EINVAL; 476 } else { 477 if (mode == CTL_ADD_EXCLUSIVE) { 478 dev_err(card->dev, 479 "control %i:%i:%i:%s:%i is already present\n", 480 id.iface, id.device, id.subdevice, id.name, 481 id.index); 482 return -EBUSY; 483 } 484 485 err = snd_ctl_remove(card, old); 486 if (err < 0) 487 return err; 488 } 489 490 if (snd_ctl_find_hole(card, kcontrol->count) < 0) 491 return -ENOMEM; 492 493 list_add_tail(&kcontrol->list, &card->controls); 494 card->controls_count += kcontrol->count; 495 kcontrol->id.numid = card->last_numid + 1; 496 card->last_numid += kcontrol->count; 497 498 add_hash_entries(card, kcontrol); 499 500 for (idx = 0; idx < kcontrol->count; idx++) 501 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_ADD, kcontrol, idx); 502 503 return 0; 504 } 505 506 static int snd_ctl_add_replace(struct snd_card *card, 507 struct snd_kcontrol *kcontrol, 508 enum snd_ctl_add_mode mode) 509 { 510 int err = -EINVAL; 511 512 if (! kcontrol) 513 return err; 514 if (snd_BUG_ON(!card || !kcontrol->info)) 515 goto error; 516 517 down_write(&card->controls_rwsem); 518 err = __snd_ctl_add_replace(card, kcontrol, mode); 519 up_write(&card->controls_rwsem); 520 if (err < 0) 521 goto error; 522 return 0; 523 524 error: 525 snd_ctl_free_one(kcontrol); 526 return err; 527 } 528 529 /** 530 * snd_ctl_add - add the control instance to the card 531 * @card: the card instance 532 * @kcontrol: the control instance to add 533 * 534 * Adds the control instance created via snd_ctl_new() or 535 * snd_ctl_new1() to the given card. Assigns also an unique 536 * numid used for fast search. 537 * 538 * It frees automatically the control which cannot be added. 539 * 540 * Return: Zero if successful, or a negative error code on failure. 541 * 542 */ 543 int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol) 544 { 545 return snd_ctl_add_replace(card, kcontrol, CTL_ADD_EXCLUSIVE); 546 } 547 EXPORT_SYMBOL(snd_ctl_add); 548 549 /** 550 * snd_ctl_replace - replace the control instance of the card 551 * @card: the card instance 552 * @kcontrol: the control instance to replace 553 * @add_on_replace: add the control if not already added 554 * 555 * Replaces the given control. If the given control does not exist 556 * and the add_on_replace flag is set, the control is added. If the 557 * control exists, it is destroyed first. 558 * 559 * It frees automatically the control which cannot be added or replaced. 560 * 561 * Return: Zero if successful, or a negative error code on failure. 562 */ 563 int snd_ctl_replace(struct snd_card *card, struct snd_kcontrol *kcontrol, 564 bool add_on_replace) 565 { 566 return snd_ctl_add_replace(card, kcontrol, 567 add_on_replace ? CTL_ADD_ON_REPLACE : CTL_REPLACE); 568 } 569 EXPORT_SYMBOL(snd_ctl_replace); 570 571 static int __snd_ctl_remove(struct snd_card *card, 572 struct snd_kcontrol *kcontrol, 573 bool remove_hash) 574 { 575 unsigned int idx; 576 577 if (snd_BUG_ON(!card || !kcontrol)) 578 return -EINVAL; 579 list_del(&kcontrol->list); 580 581 if (remove_hash) 582 remove_hash_entries(card, kcontrol); 583 584 card->controls_count -= kcontrol->count; 585 for (idx = 0; idx < kcontrol->count; idx++) 586 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_REMOVE, kcontrol, idx); 587 snd_ctl_free_one(kcontrol); 588 return 0; 589 } 590 591 /** 592 * snd_ctl_remove - remove the control from the card and release it 593 * @card: the card instance 594 * @kcontrol: the control instance to remove 595 * 596 * Removes the control from the card and then releases the instance. 597 * You don't need to call snd_ctl_free_one(). You must be in 598 * the write lock - down_write(&card->controls_rwsem). 599 * 600 * Return: 0 if successful, or a negative error code on failure. 601 */ 602 int snd_ctl_remove(struct snd_card *card, struct snd_kcontrol *kcontrol) 603 { 604 return __snd_ctl_remove(card, kcontrol, true); 605 } 606 EXPORT_SYMBOL(snd_ctl_remove); 607 608 /** 609 * snd_ctl_remove_id - remove the control of the given id and release it 610 * @card: the card instance 611 * @id: the control id to remove 612 * 613 * Finds the control instance with the given id, removes it from the 614 * card list and releases it. 615 * 616 * Return: 0 if successful, or a negative error code on failure. 617 */ 618 int snd_ctl_remove_id(struct snd_card *card, struct snd_ctl_elem_id *id) 619 { 620 struct snd_kcontrol *kctl; 621 int ret; 622 623 down_write(&card->controls_rwsem); 624 kctl = snd_ctl_find_id(card, id); 625 if (kctl == NULL) { 626 up_write(&card->controls_rwsem); 627 return -ENOENT; 628 } 629 ret = snd_ctl_remove(card, kctl); 630 up_write(&card->controls_rwsem); 631 return ret; 632 } 633 EXPORT_SYMBOL(snd_ctl_remove_id); 634 635 /** 636 * snd_ctl_remove_user_ctl - remove and release the unlocked user control 637 * @file: active control handle 638 * @id: the control id to remove 639 * 640 * Finds the control instance with the given id, removes it from the 641 * card list and releases it. 642 * 643 * Return: 0 if successful, or a negative error code on failure. 644 */ 645 static int snd_ctl_remove_user_ctl(struct snd_ctl_file * file, 646 struct snd_ctl_elem_id *id) 647 { 648 struct snd_card *card = file->card; 649 struct snd_kcontrol *kctl; 650 int idx, ret; 651 652 down_write(&card->controls_rwsem); 653 kctl = snd_ctl_find_id(card, id); 654 if (kctl == NULL) { 655 ret = -ENOENT; 656 goto error; 657 } 658 if (!(kctl->vd[0].access & SNDRV_CTL_ELEM_ACCESS_USER)) { 659 ret = -EINVAL; 660 goto error; 661 } 662 for (idx = 0; idx < kctl->count; idx++) 663 if (kctl->vd[idx].owner != NULL && kctl->vd[idx].owner != file) { 664 ret = -EBUSY; 665 goto error; 666 } 667 ret = snd_ctl_remove(card, kctl); 668 error: 669 up_write(&card->controls_rwsem); 670 return ret; 671 } 672 673 /** 674 * snd_ctl_activate_id - activate/inactivate the control of the given id 675 * @card: the card instance 676 * @id: the control id to activate/inactivate 677 * @active: non-zero to activate 678 * 679 * Finds the control instance with the given id, and activate or 680 * inactivate the control together with notification, if changed. 681 * The given ID data is filled with full information. 682 * 683 * Return: 0 if unchanged, 1 if changed, or a negative error code on failure. 684 */ 685 int snd_ctl_activate_id(struct snd_card *card, struct snd_ctl_elem_id *id, 686 int active) 687 { 688 struct snd_kcontrol *kctl; 689 struct snd_kcontrol_volatile *vd; 690 unsigned int index_offset; 691 int ret; 692 693 down_write(&card->controls_rwsem); 694 kctl = snd_ctl_find_id(card, id); 695 if (kctl == NULL) { 696 ret = -ENOENT; 697 goto unlock; 698 } 699 index_offset = snd_ctl_get_ioff(kctl, id); 700 vd = &kctl->vd[index_offset]; 701 ret = 0; 702 if (active) { 703 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE)) 704 goto unlock; 705 vd->access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE; 706 } else { 707 if (vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE) 708 goto unlock; 709 vd->access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE; 710 } 711 snd_ctl_build_ioff(id, kctl, index_offset); 712 downgrade_write(&card->controls_rwsem); 713 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_INFO, kctl, index_offset); 714 up_read(&card->controls_rwsem); 715 return 1; 716 717 unlock: 718 up_write(&card->controls_rwsem); 719 return ret; 720 } 721 EXPORT_SYMBOL_GPL(snd_ctl_activate_id); 722 723 /** 724 * snd_ctl_rename_id - replace the id of a control on the card 725 * @card: the card instance 726 * @src_id: the old id 727 * @dst_id: the new id 728 * 729 * Finds the control with the old id from the card, and replaces the 730 * id with the new one. 731 * 732 * Return: Zero if successful, or a negative error code on failure. 733 */ 734 int snd_ctl_rename_id(struct snd_card *card, struct snd_ctl_elem_id *src_id, 735 struct snd_ctl_elem_id *dst_id) 736 { 737 struct snd_kcontrol *kctl; 738 739 down_write(&card->controls_rwsem); 740 kctl = snd_ctl_find_id(card, src_id); 741 if (kctl == NULL) { 742 up_write(&card->controls_rwsem); 743 return -ENOENT; 744 } 745 remove_hash_entries(card, kctl); 746 kctl->id = *dst_id; 747 kctl->id.numid = card->last_numid + 1; 748 card->last_numid += kctl->count; 749 add_hash_entries(card, kctl); 750 up_write(&card->controls_rwsem); 751 return 0; 752 } 753 EXPORT_SYMBOL(snd_ctl_rename_id); 754 755 #ifndef CONFIG_SND_CTL_FAST_LOOKUP 756 static struct snd_kcontrol * 757 snd_ctl_find_numid_slow(struct snd_card *card, unsigned int numid) 758 { 759 struct snd_kcontrol *kctl; 760 761 list_for_each_entry(kctl, &card->controls, list) { 762 if (kctl->id.numid <= numid && kctl->id.numid + kctl->count > numid) 763 return kctl; 764 } 765 return NULL; 766 } 767 #endif /* !CONFIG_SND_CTL_FAST_LOOKUP */ 768 769 /** 770 * snd_ctl_find_numid - find the control instance with the given number-id 771 * @card: the card instance 772 * @numid: the number-id to search 773 * 774 * Finds the control instance with the given number-id from the card. 775 * 776 * The caller must down card->controls_rwsem before calling this function 777 * (if the race condition can happen). 778 * 779 * Return: The pointer of the instance if found, or %NULL if not. 780 * 781 */ 782 struct snd_kcontrol *snd_ctl_find_numid(struct snd_card *card, unsigned int numid) 783 { 784 if (snd_BUG_ON(!card || !numid)) 785 return NULL; 786 #ifdef CONFIG_SND_CTL_FAST_LOOKUP 787 return xa_load(&card->ctl_numids, numid); 788 #else 789 return snd_ctl_find_numid_slow(card, numid); 790 #endif 791 } 792 EXPORT_SYMBOL(snd_ctl_find_numid); 793 794 /** 795 * snd_ctl_find_id - find the control instance with the given id 796 * @card: the card instance 797 * @id: the id to search 798 * 799 * Finds the control instance with the given id from the card. 800 * 801 * The caller must down card->controls_rwsem before calling this function 802 * (if the race condition can happen). 803 * 804 * Return: The pointer of the instance if found, or %NULL if not. 805 * 806 */ 807 struct snd_kcontrol *snd_ctl_find_id(struct snd_card *card, 808 struct snd_ctl_elem_id *id) 809 { 810 struct snd_kcontrol *kctl; 811 812 if (snd_BUG_ON(!card || !id)) 813 return NULL; 814 if (id->numid != 0) 815 return snd_ctl_find_numid(card, id->numid); 816 #ifdef CONFIG_SND_CTL_FAST_LOOKUP 817 kctl = xa_load(&card->ctl_hash, get_ctl_id_hash(id)); 818 if (kctl && elem_id_matches(kctl, id)) 819 return kctl; 820 if (!card->ctl_hash_collision) 821 return NULL; /* we can rely on only hash table */ 822 #endif 823 /* no matching in hash table - try all as the last resort */ 824 list_for_each_entry(kctl, &card->controls, list) 825 if (elem_id_matches(kctl, id)) 826 return kctl; 827 828 return NULL; 829 } 830 EXPORT_SYMBOL(snd_ctl_find_id); 831 832 static int snd_ctl_card_info(struct snd_card *card, struct snd_ctl_file * ctl, 833 unsigned int cmd, void __user *arg) 834 { 835 struct snd_ctl_card_info *info; 836 837 info = kzalloc(sizeof(*info), GFP_KERNEL); 838 if (! info) 839 return -ENOMEM; 840 down_read(&snd_ioctl_rwsem); 841 info->card = card->number; 842 strscpy(info->id, card->id, sizeof(info->id)); 843 strscpy(info->driver, card->driver, sizeof(info->driver)); 844 strscpy(info->name, card->shortname, sizeof(info->name)); 845 strscpy(info->longname, card->longname, sizeof(info->longname)); 846 strscpy(info->mixername, card->mixername, sizeof(info->mixername)); 847 strscpy(info->components, card->components, sizeof(info->components)); 848 up_read(&snd_ioctl_rwsem); 849 if (copy_to_user(arg, info, sizeof(struct snd_ctl_card_info))) { 850 kfree(info); 851 return -EFAULT; 852 } 853 kfree(info); 854 return 0; 855 } 856 857 static int snd_ctl_elem_list(struct snd_card *card, 858 struct snd_ctl_elem_list *list) 859 { 860 struct snd_kcontrol *kctl; 861 struct snd_ctl_elem_id id; 862 unsigned int offset, space, jidx; 863 int err = 0; 864 865 offset = list->offset; 866 space = list->space; 867 868 down_read(&card->controls_rwsem); 869 list->count = card->controls_count; 870 list->used = 0; 871 if (space > 0) { 872 list_for_each_entry(kctl, &card->controls, list) { 873 if (offset >= kctl->count) { 874 offset -= kctl->count; 875 continue; 876 } 877 for (jidx = offset; jidx < kctl->count; jidx++) { 878 snd_ctl_build_ioff(&id, kctl, jidx); 879 if (copy_to_user(list->pids + list->used, &id, 880 sizeof(id))) { 881 err = -EFAULT; 882 goto out; 883 } 884 list->used++; 885 if (!--space) 886 goto out; 887 } 888 offset = 0; 889 } 890 } 891 out: 892 up_read(&card->controls_rwsem); 893 return err; 894 } 895 896 static int snd_ctl_elem_list_user(struct snd_card *card, 897 struct snd_ctl_elem_list __user *_list) 898 { 899 struct snd_ctl_elem_list list; 900 int err; 901 902 if (copy_from_user(&list, _list, sizeof(list))) 903 return -EFAULT; 904 err = snd_ctl_elem_list(card, &list); 905 if (err) 906 return err; 907 if (copy_to_user(_list, &list, sizeof(list))) 908 return -EFAULT; 909 910 return 0; 911 } 912 913 /* Check whether the given kctl info is valid */ 914 static int snd_ctl_check_elem_info(struct snd_card *card, 915 const struct snd_ctl_elem_info *info) 916 { 917 static const unsigned int max_value_counts[] = { 918 [SNDRV_CTL_ELEM_TYPE_BOOLEAN] = 128, 919 [SNDRV_CTL_ELEM_TYPE_INTEGER] = 128, 920 [SNDRV_CTL_ELEM_TYPE_ENUMERATED] = 128, 921 [SNDRV_CTL_ELEM_TYPE_BYTES] = 512, 922 [SNDRV_CTL_ELEM_TYPE_IEC958] = 1, 923 [SNDRV_CTL_ELEM_TYPE_INTEGER64] = 64, 924 }; 925 926 if (info->type < SNDRV_CTL_ELEM_TYPE_BOOLEAN || 927 info->type > SNDRV_CTL_ELEM_TYPE_INTEGER64) { 928 if (card) 929 dev_err(card->dev, 930 "control %i:%i:%i:%s:%i: invalid type %d\n", 931 info->id.iface, info->id.device, 932 info->id.subdevice, info->id.name, 933 info->id.index, info->type); 934 return -EINVAL; 935 } 936 if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED && 937 info->value.enumerated.items == 0) { 938 if (card) 939 dev_err(card->dev, 940 "control %i:%i:%i:%s:%i: zero enum items\n", 941 info->id.iface, info->id.device, 942 info->id.subdevice, info->id.name, 943 info->id.index); 944 return -EINVAL; 945 } 946 if (info->count > max_value_counts[info->type]) { 947 if (card) 948 dev_err(card->dev, 949 "control %i:%i:%i:%s:%i: invalid count %d\n", 950 info->id.iface, info->id.device, 951 info->id.subdevice, info->id.name, 952 info->id.index, info->count); 953 return -EINVAL; 954 } 955 956 return 0; 957 } 958 959 /* The capacity of struct snd_ctl_elem_value.value.*/ 960 static const unsigned int value_sizes[] = { 961 [SNDRV_CTL_ELEM_TYPE_BOOLEAN] = sizeof(long), 962 [SNDRV_CTL_ELEM_TYPE_INTEGER] = sizeof(long), 963 [SNDRV_CTL_ELEM_TYPE_ENUMERATED] = sizeof(unsigned int), 964 [SNDRV_CTL_ELEM_TYPE_BYTES] = sizeof(unsigned char), 965 [SNDRV_CTL_ELEM_TYPE_IEC958] = sizeof(struct snd_aes_iec958), 966 [SNDRV_CTL_ELEM_TYPE_INTEGER64] = sizeof(long long), 967 }; 968 969 /* fill the remaining snd_ctl_elem_value data with the given pattern */ 970 static void fill_remaining_elem_value(struct snd_ctl_elem_value *control, 971 struct snd_ctl_elem_info *info, 972 u32 pattern) 973 { 974 size_t offset = value_sizes[info->type] * info->count; 975 976 offset = DIV_ROUND_UP(offset, sizeof(u32)); 977 memset32((u32 *)control->value.bytes.data + offset, pattern, 978 sizeof(control->value) / sizeof(u32) - offset); 979 } 980 981 /* check whether the given integer ctl value is valid */ 982 static int sanity_check_int_value(struct snd_card *card, 983 const struct snd_ctl_elem_value *control, 984 const struct snd_ctl_elem_info *info, 985 int i, bool print_error) 986 { 987 long long lval, lmin, lmax, lstep; 988 u64 rem; 989 990 switch (info->type) { 991 default: 992 case SNDRV_CTL_ELEM_TYPE_BOOLEAN: 993 lval = control->value.integer.value[i]; 994 lmin = 0; 995 lmax = 1; 996 lstep = 0; 997 break; 998 case SNDRV_CTL_ELEM_TYPE_INTEGER: 999 lval = control->value.integer.value[i]; 1000 lmin = info->value.integer.min; 1001 lmax = info->value.integer.max; 1002 lstep = info->value.integer.step; 1003 break; 1004 case SNDRV_CTL_ELEM_TYPE_INTEGER64: 1005 lval = control->value.integer64.value[i]; 1006 lmin = info->value.integer64.min; 1007 lmax = info->value.integer64.max; 1008 lstep = info->value.integer64.step; 1009 break; 1010 case SNDRV_CTL_ELEM_TYPE_ENUMERATED: 1011 lval = control->value.enumerated.item[i]; 1012 lmin = 0; 1013 lmax = info->value.enumerated.items - 1; 1014 lstep = 0; 1015 break; 1016 } 1017 1018 if (lval < lmin || lval > lmax) { 1019 if (print_error) 1020 dev_err(card->dev, 1021 "control %i:%i:%i:%s:%i: value out of range %lld (%lld/%lld) at count %i\n", 1022 control->id.iface, control->id.device, 1023 control->id.subdevice, control->id.name, 1024 control->id.index, lval, lmin, lmax, i); 1025 return -EINVAL; 1026 } 1027 if (lstep) { 1028 div64_u64_rem(lval, lstep, &rem); 1029 if (rem) { 1030 if (print_error) 1031 dev_err(card->dev, 1032 "control %i:%i:%i:%s:%i: unaligned value %lld (step %lld) at count %i\n", 1033 control->id.iface, control->id.device, 1034 control->id.subdevice, control->id.name, 1035 control->id.index, lval, lstep, i); 1036 return -EINVAL; 1037 } 1038 } 1039 1040 return 0; 1041 } 1042 1043 /* check whether the all input values are valid for the given elem value */ 1044 static int sanity_check_input_values(struct snd_card *card, 1045 const struct snd_ctl_elem_value *control, 1046 const struct snd_ctl_elem_info *info, 1047 bool print_error) 1048 { 1049 int i, ret; 1050 1051 switch (info->type) { 1052 case SNDRV_CTL_ELEM_TYPE_BOOLEAN: 1053 case SNDRV_CTL_ELEM_TYPE_INTEGER: 1054 case SNDRV_CTL_ELEM_TYPE_INTEGER64: 1055 case SNDRV_CTL_ELEM_TYPE_ENUMERATED: 1056 for (i = 0; i < info->count; i++) { 1057 ret = sanity_check_int_value(card, control, info, i, 1058 print_error); 1059 if (ret < 0) 1060 return ret; 1061 } 1062 break; 1063 default: 1064 break; 1065 } 1066 1067 return 0; 1068 } 1069 1070 /* perform sanity checks to the given snd_ctl_elem_value object */ 1071 static int sanity_check_elem_value(struct snd_card *card, 1072 const struct snd_ctl_elem_value *control, 1073 const struct snd_ctl_elem_info *info, 1074 u32 pattern) 1075 { 1076 size_t offset; 1077 int ret; 1078 u32 *p; 1079 1080 ret = sanity_check_input_values(card, control, info, true); 1081 if (ret < 0) 1082 return ret; 1083 1084 /* check whether the remaining area kept untouched */ 1085 offset = value_sizes[info->type] * info->count; 1086 offset = DIV_ROUND_UP(offset, sizeof(u32)); 1087 p = (u32 *)control->value.bytes.data + offset; 1088 for (; offset < sizeof(control->value) / sizeof(u32); offset++, p++) { 1089 if (*p != pattern) { 1090 ret = -EINVAL; 1091 break; 1092 } 1093 *p = 0; /* clear the checked area */ 1094 } 1095 1096 return ret; 1097 } 1098 1099 static int __snd_ctl_elem_info(struct snd_card *card, 1100 struct snd_kcontrol *kctl, 1101 struct snd_ctl_elem_info *info, 1102 struct snd_ctl_file *ctl) 1103 { 1104 struct snd_kcontrol_volatile *vd; 1105 unsigned int index_offset; 1106 int result; 1107 1108 #ifdef CONFIG_SND_DEBUG 1109 info->access = 0; 1110 #endif 1111 result = snd_power_ref_and_wait(card); 1112 if (!result) 1113 result = kctl->info(kctl, info); 1114 snd_power_unref(card); 1115 if (result >= 0) { 1116 snd_BUG_ON(info->access); 1117 index_offset = snd_ctl_get_ioff(kctl, &info->id); 1118 vd = &kctl->vd[index_offset]; 1119 snd_ctl_build_ioff(&info->id, kctl, index_offset); 1120 info->access = vd->access; 1121 if (vd->owner) { 1122 info->access |= SNDRV_CTL_ELEM_ACCESS_LOCK; 1123 if (vd->owner == ctl) 1124 info->access |= SNDRV_CTL_ELEM_ACCESS_OWNER; 1125 info->owner = pid_vnr(vd->owner->pid); 1126 } else { 1127 info->owner = -1; 1128 } 1129 if (!snd_ctl_skip_validation(info) && 1130 snd_ctl_check_elem_info(card, info) < 0) 1131 result = -EINVAL; 1132 } 1133 return result; 1134 } 1135 1136 static int snd_ctl_elem_info(struct snd_ctl_file *ctl, 1137 struct snd_ctl_elem_info *info) 1138 { 1139 struct snd_card *card = ctl->card; 1140 struct snd_kcontrol *kctl; 1141 int result; 1142 1143 down_read(&card->controls_rwsem); 1144 kctl = snd_ctl_find_id(card, &info->id); 1145 if (kctl == NULL) 1146 result = -ENOENT; 1147 else 1148 result = __snd_ctl_elem_info(card, kctl, info, ctl); 1149 up_read(&card->controls_rwsem); 1150 return result; 1151 } 1152 1153 static int snd_ctl_elem_info_user(struct snd_ctl_file *ctl, 1154 struct snd_ctl_elem_info __user *_info) 1155 { 1156 struct snd_ctl_elem_info info; 1157 int result; 1158 1159 if (copy_from_user(&info, _info, sizeof(info))) 1160 return -EFAULT; 1161 result = snd_ctl_elem_info(ctl, &info); 1162 if (result < 0) 1163 return result; 1164 /* drop internal access flags */ 1165 info.access &= ~(SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK| 1166 SNDRV_CTL_ELEM_ACCESS_LED_MASK); 1167 if (copy_to_user(_info, &info, sizeof(info))) 1168 return -EFAULT; 1169 return result; 1170 } 1171 1172 static int snd_ctl_elem_read(struct snd_card *card, 1173 struct snd_ctl_elem_value *control) 1174 { 1175 struct snd_kcontrol *kctl; 1176 struct snd_kcontrol_volatile *vd; 1177 unsigned int index_offset; 1178 struct snd_ctl_elem_info info; 1179 const u32 pattern = 0xdeadbeef; 1180 int ret; 1181 1182 kctl = snd_ctl_find_id(card, &control->id); 1183 if (kctl == NULL) 1184 return -ENOENT; 1185 1186 index_offset = snd_ctl_get_ioff(kctl, &control->id); 1187 vd = &kctl->vd[index_offset]; 1188 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_READ) || kctl->get == NULL) 1189 return -EPERM; 1190 1191 snd_ctl_build_ioff(&control->id, kctl, index_offset); 1192 1193 #ifdef CONFIG_SND_CTL_DEBUG 1194 /* info is needed only for validation */ 1195 memset(&info, 0, sizeof(info)); 1196 info.id = control->id; 1197 ret = __snd_ctl_elem_info(card, kctl, &info, NULL); 1198 if (ret < 0) 1199 return ret; 1200 #endif 1201 1202 if (!snd_ctl_skip_validation(&info)) 1203 fill_remaining_elem_value(control, &info, pattern); 1204 ret = snd_power_ref_and_wait(card); 1205 if (!ret) 1206 ret = kctl->get(kctl, control); 1207 snd_power_unref(card); 1208 if (ret < 0) 1209 return ret; 1210 if (!snd_ctl_skip_validation(&info) && 1211 sanity_check_elem_value(card, control, &info, pattern) < 0) { 1212 dev_err(card->dev, 1213 "control %i:%i:%i:%s:%i: access overflow\n", 1214 control->id.iface, control->id.device, 1215 control->id.subdevice, control->id.name, 1216 control->id.index); 1217 return -EINVAL; 1218 } 1219 return ret; 1220 } 1221 1222 static int snd_ctl_elem_read_user(struct snd_card *card, 1223 struct snd_ctl_elem_value __user *_control) 1224 { 1225 struct snd_ctl_elem_value *control; 1226 int result; 1227 1228 control = memdup_user(_control, sizeof(*control)); 1229 if (IS_ERR(control)) 1230 return PTR_ERR(control); 1231 1232 down_read(&card->controls_rwsem); 1233 result = snd_ctl_elem_read(card, control); 1234 up_read(&card->controls_rwsem); 1235 if (result < 0) 1236 goto error; 1237 1238 if (copy_to_user(_control, control, sizeof(*control))) 1239 result = -EFAULT; 1240 error: 1241 kfree(control); 1242 return result; 1243 } 1244 1245 static int snd_ctl_elem_write(struct snd_card *card, struct snd_ctl_file *file, 1246 struct snd_ctl_elem_value *control) 1247 { 1248 struct snd_kcontrol *kctl; 1249 struct snd_kcontrol_volatile *vd; 1250 unsigned int index_offset; 1251 int result; 1252 1253 down_write(&card->controls_rwsem); 1254 kctl = snd_ctl_find_id(card, &control->id); 1255 if (kctl == NULL) { 1256 up_write(&card->controls_rwsem); 1257 return -ENOENT; 1258 } 1259 1260 index_offset = snd_ctl_get_ioff(kctl, &control->id); 1261 vd = &kctl->vd[index_offset]; 1262 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_WRITE) || kctl->put == NULL || 1263 (file && vd->owner && vd->owner != file)) { 1264 up_write(&card->controls_rwsem); 1265 return -EPERM; 1266 } 1267 1268 snd_ctl_build_ioff(&control->id, kctl, index_offset); 1269 result = snd_power_ref_and_wait(card); 1270 /* validate input values */ 1271 if (IS_ENABLED(CONFIG_SND_CTL_INPUT_VALIDATION) && !result) { 1272 struct snd_ctl_elem_info info; 1273 1274 memset(&info, 0, sizeof(info)); 1275 info.id = control->id; 1276 result = __snd_ctl_elem_info(card, kctl, &info, NULL); 1277 if (!result) 1278 result = sanity_check_input_values(card, control, &info, 1279 false); 1280 } 1281 if (!result) 1282 result = kctl->put(kctl, control); 1283 snd_power_unref(card); 1284 if (result < 0) { 1285 up_write(&card->controls_rwsem); 1286 return result; 1287 } 1288 1289 if (result > 0) { 1290 downgrade_write(&card->controls_rwsem); 1291 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_VALUE, kctl, index_offset); 1292 up_read(&card->controls_rwsem); 1293 } else { 1294 up_write(&card->controls_rwsem); 1295 } 1296 1297 return 0; 1298 } 1299 1300 static int snd_ctl_elem_write_user(struct snd_ctl_file *file, 1301 struct snd_ctl_elem_value __user *_control) 1302 { 1303 struct snd_ctl_elem_value *control; 1304 struct snd_card *card; 1305 int result; 1306 1307 control = memdup_user(_control, sizeof(*control)); 1308 if (IS_ERR(control)) 1309 return PTR_ERR(control); 1310 1311 card = file->card; 1312 result = snd_ctl_elem_write(card, file, control); 1313 if (result < 0) 1314 goto error; 1315 1316 if (copy_to_user(_control, control, sizeof(*control))) 1317 result = -EFAULT; 1318 error: 1319 kfree(control); 1320 return result; 1321 } 1322 1323 static int snd_ctl_elem_lock(struct snd_ctl_file *file, 1324 struct snd_ctl_elem_id __user *_id) 1325 { 1326 struct snd_card *card = file->card; 1327 struct snd_ctl_elem_id id; 1328 struct snd_kcontrol *kctl; 1329 struct snd_kcontrol_volatile *vd; 1330 int result; 1331 1332 if (copy_from_user(&id, _id, sizeof(id))) 1333 return -EFAULT; 1334 down_write(&card->controls_rwsem); 1335 kctl = snd_ctl_find_id(card, &id); 1336 if (kctl == NULL) { 1337 result = -ENOENT; 1338 } else { 1339 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)]; 1340 if (vd->owner != NULL) 1341 result = -EBUSY; 1342 else { 1343 vd->owner = file; 1344 result = 0; 1345 } 1346 } 1347 up_write(&card->controls_rwsem); 1348 return result; 1349 } 1350 1351 static int snd_ctl_elem_unlock(struct snd_ctl_file *file, 1352 struct snd_ctl_elem_id __user *_id) 1353 { 1354 struct snd_card *card = file->card; 1355 struct snd_ctl_elem_id id; 1356 struct snd_kcontrol *kctl; 1357 struct snd_kcontrol_volatile *vd; 1358 int result; 1359 1360 if (copy_from_user(&id, _id, sizeof(id))) 1361 return -EFAULT; 1362 down_write(&card->controls_rwsem); 1363 kctl = snd_ctl_find_id(card, &id); 1364 if (kctl == NULL) { 1365 result = -ENOENT; 1366 } else { 1367 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)]; 1368 if (vd->owner == NULL) 1369 result = -EINVAL; 1370 else if (vd->owner != file) 1371 result = -EPERM; 1372 else { 1373 vd->owner = NULL; 1374 result = 0; 1375 } 1376 } 1377 up_write(&card->controls_rwsem); 1378 return result; 1379 } 1380 1381 struct user_element { 1382 struct snd_ctl_elem_info info; 1383 struct snd_card *card; 1384 char *elem_data; /* element data */ 1385 unsigned long elem_data_size; /* size of element data in bytes */ 1386 void *tlv_data; /* TLV data */ 1387 unsigned long tlv_data_size; /* TLV data size */ 1388 void *priv_data; /* private data (like strings for enumerated type) */ 1389 }; 1390 1391 // check whether the addition (in bytes) of user ctl element may overflow the limit. 1392 static bool check_user_elem_overflow(struct snd_card *card, ssize_t add) 1393 { 1394 return (ssize_t)card->user_ctl_alloc_size + add > max_user_ctl_alloc_size; 1395 } 1396 1397 static int snd_ctl_elem_user_info(struct snd_kcontrol *kcontrol, 1398 struct snd_ctl_elem_info *uinfo) 1399 { 1400 struct user_element *ue = kcontrol->private_data; 1401 unsigned int offset; 1402 1403 offset = snd_ctl_get_ioff(kcontrol, &uinfo->id); 1404 *uinfo = ue->info; 1405 snd_ctl_build_ioff(&uinfo->id, kcontrol, offset); 1406 1407 return 0; 1408 } 1409 1410 static int snd_ctl_elem_user_enum_info(struct snd_kcontrol *kcontrol, 1411 struct snd_ctl_elem_info *uinfo) 1412 { 1413 struct user_element *ue = kcontrol->private_data; 1414 const char *names; 1415 unsigned int item; 1416 unsigned int offset; 1417 1418 item = uinfo->value.enumerated.item; 1419 1420 offset = snd_ctl_get_ioff(kcontrol, &uinfo->id); 1421 *uinfo = ue->info; 1422 snd_ctl_build_ioff(&uinfo->id, kcontrol, offset); 1423 1424 item = min(item, uinfo->value.enumerated.items - 1); 1425 uinfo->value.enumerated.item = item; 1426 1427 names = ue->priv_data; 1428 for (; item > 0; --item) 1429 names += strlen(names) + 1; 1430 strcpy(uinfo->value.enumerated.name, names); 1431 1432 return 0; 1433 } 1434 1435 static int snd_ctl_elem_user_get(struct snd_kcontrol *kcontrol, 1436 struct snd_ctl_elem_value *ucontrol) 1437 { 1438 struct user_element *ue = kcontrol->private_data; 1439 unsigned int size = ue->elem_data_size; 1440 char *src = ue->elem_data + 1441 snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size; 1442 1443 memcpy(&ucontrol->value, src, size); 1444 return 0; 1445 } 1446 1447 static int snd_ctl_elem_user_put(struct snd_kcontrol *kcontrol, 1448 struct snd_ctl_elem_value *ucontrol) 1449 { 1450 int change; 1451 struct user_element *ue = kcontrol->private_data; 1452 unsigned int size = ue->elem_data_size; 1453 char *dst = ue->elem_data + 1454 snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size; 1455 1456 change = memcmp(&ucontrol->value, dst, size) != 0; 1457 if (change) 1458 memcpy(dst, &ucontrol->value, size); 1459 return change; 1460 } 1461 1462 /* called in controls_rwsem write lock */ 1463 static int replace_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf, 1464 unsigned int size) 1465 { 1466 struct user_element *ue = kctl->private_data; 1467 unsigned int *container; 1468 unsigned int mask = 0; 1469 int i; 1470 int change; 1471 1472 if (size > 1024 * 128) /* sane value */ 1473 return -EINVAL; 1474 1475 // does the TLV size change cause overflow? 1476 if (check_user_elem_overflow(ue->card, (ssize_t)(size - ue->tlv_data_size))) 1477 return -ENOMEM; 1478 1479 container = vmemdup_user(buf, size); 1480 if (IS_ERR(container)) 1481 return PTR_ERR(container); 1482 1483 change = ue->tlv_data_size != size; 1484 if (!change) 1485 change = memcmp(ue->tlv_data, container, size) != 0; 1486 if (!change) { 1487 kvfree(container); 1488 return 0; 1489 } 1490 1491 if (ue->tlv_data == NULL) { 1492 /* Now TLV data is available. */ 1493 for (i = 0; i < kctl->count; ++i) 1494 kctl->vd[i].access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ; 1495 mask = SNDRV_CTL_EVENT_MASK_INFO; 1496 } else { 1497 ue->card->user_ctl_alloc_size -= ue->tlv_data_size; 1498 ue->tlv_data_size = 0; 1499 kvfree(ue->tlv_data); 1500 } 1501 1502 ue->tlv_data = container; 1503 ue->tlv_data_size = size; 1504 // decremented at private_free. 1505 ue->card->user_ctl_alloc_size += size; 1506 1507 mask |= SNDRV_CTL_EVENT_MASK_TLV; 1508 for (i = 0; i < kctl->count; ++i) 1509 snd_ctl_notify_one(ue->card, mask, kctl, i); 1510 1511 return change; 1512 } 1513 1514 static int read_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf, 1515 unsigned int size) 1516 { 1517 struct user_element *ue = kctl->private_data; 1518 1519 if (ue->tlv_data_size == 0 || ue->tlv_data == NULL) 1520 return -ENXIO; 1521 1522 if (size < ue->tlv_data_size) 1523 return -ENOSPC; 1524 1525 if (copy_to_user(buf, ue->tlv_data, ue->tlv_data_size)) 1526 return -EFAULT; 1527 1528 return 0; 1529 } 1530 1531 static int snd_ctl_elem_user_tlv(struct snd_kcontrol *kctl, int op_flag, 1532 unsigned int size, unsigned int __user *buf) 1533 { 1534 if (op_flag == SNDRV_CTL_TLV_OP_WRITE) 1535 return replace_user_tlv(kctl, buf, size); 1536 else 1537 return read_user_tlv(kctl, buf, size); 1538 } 1539 1540 /* called in controls_rwsem write lock */ 1541 static int snd_ctl_elem_init_enum_names(struct user_element *ue) 1542 { 1543 char *names, *p; 1544 size_t buf_len, name_len; 1545 unsigned int i; 1546 const uintptr_t user_ptrval = ue->info.value.enumerated.names_ptr; 1547 1548 buf_len = ue->info.value.enumerated.names_length; 1549 if (buf_len > 64 * 1024) 1550 return -EINVAL; 1551 1552 if (check_user_elem_overflow(ue->card, buf_len)) 1553 return -ENOMEM; 1554 names = vmemdup_user((const void __user *)user_ptrval, buf_len); 1555 if (IS_ERR(names)) 1556 return PTR_ERR(names); 1557 1558 /* check that there are enough valid names */ 1559 p = names; 1560 for (i = 0; i < ue->info.value.enumerated.items; ++i) { 1561 name_len = strnlen(p, buf_len); 1562 if (name_len == 0 || name_len >= 64 || name_len == buf_len) { 1563 kvfree(names); 1564 return -EINVAL; 1565 } 1566 p += name_len + 1; 1567 buf_len -= name_len + 1; 1568 } 1569 1570 ue->priv_data = names; 1571 ue->info.value.enumerated.names_ptr = 0; 1572 // increment the allocation size; decremented again at private_free. 1573 ue->card->user_ctl_alloc_size += ue->info.value.enumerated.names_length; 1574 1575 return 0; 1576 } 1577 1578 static size_t compute_user_elem_size(size_t size, unsigned int count) 1579 { 1580 return sizeof(struct user_element) + size * count; 1581 } 1582 1583 static void snd_ctl_elem_user_free(struct snd_kcontrol *kcontrol) 1584 { 1585 struct user_element *ue = kcontrol->private_data; 1586 1587 // decrement the allocation size. 1588 ue->card->user_ctl_alloc_size -= compute_user_elem_size(ue->elem_data_size, kcontrol->count); 1589 ue->card->user_ctl_alloc_size -= ue->tlv_data_size; 1590 if (ue->priv_data) 1591 ue->card->user_ctl_alloc_size -= ue->info.value.enumerated.names_length; 1592 1593 kvfree(ue->tlv_data); 1594 kvfree(ue->priv_data); 1595 kfree(ue); 1596 } 1597 1598 static int snd_ctl_elem_add(struct snd_ctl_file *file, 1599 struct snd_ctl_elem_info *info, int replace) 1600 { 1601 struct snd_card *card = file->card; 1602 struct snd_kcontrol *kctl; 1603 unsigned int count; 1604 unsigned int access; 1605 long private_size; 1606 size_t alloc_size; 1607 struct user_element *ue; 1608 unsigned int offset; 1609 int err; 1610 1611 if (!*info->id.name) 1612 return -EINVAL; 1613 if (strnlen(info->id.name, sizeof(info->id.name)) >= sizeof(info->id.name)) 1614 return -EINVAL; 1615 1616 /* Delete a control to replace them if needed. */ 1617 if (replace) { 1618 info->id.numid = 0; 1619 err = snd_ctl_remove_user_ctl(file, &info->id); 1620 if (err) 1621 return err; 1622 } 1623 1624 /* Check the number of elements for this userspace control. */ 1625 count = info->owner; 1626 if (count == 0) 1627 count = 1; 1628 1629 /* Arrange access permissions if needed. */ 1630 access = info->access; 1631 if (access == 0) 1632 access = SNDRV_CTL_ELEM_ACCESS_READWRITE; 1633 access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE | 1634 SNDRV_CTL_ELEM_ACCESS_INACTIVE | 1635 SNDRV_CTL_ELEM_ACCESS_TLV_WRITE); 1636 1637 /* In initial state, nothing is available as TLV container. */ 1638 if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE) 1639 access |= SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK; 1640 access |= SNDRV_CTL_ELEM_ACCESS_USER; 1641 1642 /* 1643 * Check information and calculate the size of data specific to 1644 * this userspace control. 1645 */ 1646 /* pass NULL to card for suppressing error messages */ 1647 err = snd_ctl_check_elem_info(NULL, info); 1648 if (err < 0) 1649 return err; 1650 /* user-space control doesn't allow zero-size data */ 1651 if (info->count < 1) 1652 return -EINVAL; 1653 private_size = value_sizes[info->type] * info->count; 1654 alloc_size = compute_user_elem_size(private_size, count); 1655 1656 down_write(&card->controls_rwsem); 1657 if (check_user_elem_overflow(card, alloc_size)) { 1658 err = -ENOMEM; 1659 goto unlock; 1660 } 1661 1662 /* 1663 * Keep memory object for this userspace control. After passing this 1664 * code block, the instance should be freed by snd_ctl_free_one(). 1665 * 1666 * Note that these elements in this control are locked. 1667 */ 1668 err = snd_ctl_new(&kctl, count, access, file); 1669 if (err < 0) 1670 goto unlock; 1671 memcpy(&kctl->id, &info->id, sizeof(kctl->id)); 1672 ue = kzalloc(alloc_size, GFP_KERNEL); 1673 if (!ue) { 1674 kfree(kctl); 1675 err = -ENOMEM; 1676 goto unlock; 1677 } 1678 kctl->private_data = ue; 1679 kctl->private_free = snd_ctl_elem_user_free; 1680 1681 // increment the allocated size; decremented again at private_free. 1682 card->user_ctl_alloc_size += alloc_size; 1683 1684 /* Set private data for this userspace control. */ 1685 ue->card = card; 1686 ue->info = *info; 1687 ue->info.access = 0; 1688 ue->elem_data = (char *)ue + sizeof(*ue); 1689 ue->elem_data_size = private_size; 1690 if (ue->info.type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) { 1691 err = snd_ctl_elem_init_enum_names(ue); 1692 if (err < 0) { 1693 snd_ctl_free_one(kctl); 1694 goto unlock; 1695 } 1696 } 1697 1698 /* Set callback functions. */ 1699 if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) 1700 kctl->info = snd_ctl_elem_user_enum_info; 1701 else 1702 kctl->info = snd_ctl_elem_user_info; 1703 if (access & SNDRV_CTL_ELEM_ACCESS_READ) 1704 kctl->get = snd_ctl_elem_user_get; 1705 if (access & SNDRV_CTL_ELEM_ACCESS_WRITE) 1706 kctl->put = snd_ctl_elem_user_put; 1707 if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE) 1708 kctl->tlv.c = snd_ctl_elem_user_tlv; 1709 1710 /* This function manage to free the instance on failure. */ 1711 err = __snd_ctl_add_replace(card, kctl, CTL_ADD_EXCLUSIVE); 1712 if (err < 0) { 1713 snd_ctl_free_one(kctl); 1714 goto unlock; 1715 } 1716 offset = snd_ctl_get_ioff(kctl, &info->id); 1717 snd_ctl_build_ioff(&info->id, kctl, offset); 1718 /* 1719 * Here we cannot fill any field for the number of elements added by 1720 * this operation because there're no specific fields. The usage of 1721 * 'owner' field for this purpose may cause any bugs to userspace 1722 * applications because the field originally means PID of a process 1723 * which locks the element. 1724 */ 1725 unlock: 1726 up_write(&card->controls_rwsem); 1727 return err; 1728 } 1729 1730 static int snd_ctl_elem_add_user(struct snd_ctl_file *file, 1731 struct snd_ctl_elem_info __user *_info, int replace) 1732 { 1733 struct snd_ctl_elem_info info; 1734 int err; 1735 1736 if (copy_from_user(&info, _info, sizeof(info))) 1737 return -EFAULT; 1738 err = snd_ctl_elem_add(file, &info, replace); 1739 if (err < 0) 1740 return err; 1741 if (copy_to_user(_info, &info, sizeof(info))) { 1742 snd_ctl_remove_user_ctl(file, &info.id); 1743 return -EFAULT; 1744 } 1745 1746 return 0; 1747 } 1748 1749 static int snd_ctl_elem_remove(struct snd_ctl_file *file, 1750 struct snd_ctl_elem_id __user *_id) 1751 { 1752 struct snd_ctl_elem_id id; 1753 1754 if (copy_from_user(&id, _id, sizeof(id))) 1755 return -EFAULT; 1756 return snd_ctl_remove_user_ctl(file, &id); 1757 } 1758 1759 static int snd_ctl_subscribe_events(struct snd_ctl_file *file, int __user *ptr) 1760 { 1761 int subscribe; 1762 if (get_user(subscribe, ptr)) 1763 return -EFAULT; 1764 if (subscribe < 0) { 1765 subscribe = file->subscribed; 1766 if (put_user(subscribe, ptr)) 1767 return -EFAULT; 1768 return 0; 1769 } 1770 if (subscribe) { 1771 file->subscribed = 1; 1772 return 0; 1773 } else if (file->subscribed) { 1774 snd_ctl_empty_read_queue(file); 1775 file->subscribed = 0; 1776 } 1777 return 0; 1778 } 1779 1780 static int call_tlv_handler(struct snd_ctl_file *file, int op_flag, 1781 struct snd_kcontrol *kctl, 1782 struct snd_ctl_elem_id *id, 1783 unsigned int __user *buf, unsigned int size) 1784 { 1785 static const struct { 1786 int op; 1787 int perm; 1788 } pairs[] = { 1789 {SNDRV_CTL_TLV_OP_READ, SNDRV_CTL_ELEM_ACCESS_TLV_READ}, 1790 {SNDRV_CTL_TLV_OP_WRITE, SNDRV_CTL_ELEM_ACCESS_TLV_WRITE}, 1791 {SNDRV_CTL_TLV_OP_CMD, SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND}, 1792 }; 1793 struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)]; 1794 int i, ret; 1795 1796 /* Check support of the request for this element. */ 1797 for (i = 0; i < ARRAY_SIZE(pairs); ++i) { 1798 if (op_flag == pairs[i].op && (vd->access & pairs[i].perm)) 1799 break; 1800 } 1801 if (i == ARRAY_SIZE(pairs)) 1802 return -ENXIO; 1803 1804 if (kctl->tlv.c == NULL) 1805 return -ENXIO; 1806 1807 /* Write and command operations are not allowed for locked element. */ 1808 if (op_flag != SNDRV_CTL_TLV_OP_READ && 1809 vd->owner != NULL && vd->owner != file) 1810 return -EPERM; 1811 1812 ret = snd_power_ref_and_wait(file->card); 1813 if (!ret) 1814 ret = kctl->tlv.c(kctl, op_flag, size, buf); 1815 snd_power_unref(file->card); 1816 return ret; 1817 } 1818 1819 static int read_tlv_buf(struct snd_kcontrol *kctl, struct snd_ctl_elem_id *id, 1820 unsigned int __user *buf, unsigned int size) 1821 { 1822 struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)]; 1823 unsigned int len; 1824 1825 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_READ)) 1826 return -ENXIO; 1827 1828 if (kctl->tlv.p == NULL) 1829 return -ENXIO; 1830 1831 len = sizeof(unsigned int) * 2 + kctl->tlv.p[1]; 1832 if (size < len) 1833 return -ENOMEM; 1834 1835 if (copy_to_user(buf, kctl->tlv.p, len)) 1836 return -EFAULT; 1837 1838 return 0; 1839 } 1840 1841 static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file, 1842 struct snd_ctl_tlv __user *buf, 1843 int op_flag) 1844 { 1845 struct snd_ctl_tlv header; 1846 unsigned int __user *container; 1847 unsigned int container_size; 1848 struct snd_kcontrol *kctl; 1849 struct snd_ctl_elem_id id; 1850 struct snd_kcontrol_volatile *vd; 1851 1852 if (copy_from_user(&header, buf, sizeof(header))) 1853 return -EFAULT; 1854 1855 /* In design of control core, numerical ID starts at 1. */ 1856 if (header.numid == 0) 1857 return -EINVAL; 1858 1859 /* At least, container should include type and length fields. */ 1860 if (header.length < sizeof(unsigned int) * 2) 1861 return -EINVAL; 1862 container_size = header.length; 1863 container = buf->tlv; 1864 1865 kctl = snd_ctl_find_numid(file->card, header.numid); 1866 if (kctl == NULL) 1867 return -ENOENT; 1868 1869 /* Calculate index of the element in this set. */ 1870 id = kctl->id; 1871 snd_ctl_build_ioff(&id, kctl, header.numid - id.numid); 1872 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)]; 1873 1874 if (vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK) { 1875 return call_tlv_handler(file, op_flag, kctl, &id, container, 1876 container_size); 1877 } else { 1878 if (op_flag == SNDRV_CTL_TLV_OP_READ) { 1879 return read_tlv_buf(kctl, &id, container, 1880 container_size); 1881 } 1882 } 1883 1884 /* Not supported. */ 1885 return -ENXIO; 1886 } 1887 1888 static long snd_ctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1889 { 1890 struct snd_ctl_file *ctl; 1891 struct snd_card *card; 1892 struct snd_kctl_ioctl *p; 1893 void __user *argp = (void __user *)arg; 1894 int __user *ip = argp; 1895 int err; 1896 1897 ctl = file->private_data; 1898 card = ctl->card; 1899 if (snd_BUG_ON(!card)) 1900 return -ENXIO; 1901 switch (cmd) { 1902 case SNDRV_CTL_IOCTL_PVERSION: 1903 return put_user(SNDRV_CTL_VERSION, ip) ? -EFAULT : 0; 1904 case SNDRV_CTL_IOCTL_CARD_INFO: 1905 return snd_ctl_card_info(card, ctl, cmd, argp); 1906 case SNDRV_CTL_IOCTL_ELEM_LIST: 1907 return snd_ctl_elem_list_user(card, argp); 1908 case SNDRV_CTL_IOCTL_ELEM_INFO: 1909 return snd_ctl_elem_info_user(ctl, argp); 1910 case SNDRV_CTL_IOCTL_ELEM_READ: 1911 return snd_ctl_elem_read_user(card, argp); 1912 case SNDRV_CTL_IOCTL_ELEM_WRITE: 1913 return snd_ctl_elem_write_user(ctl, argp); 1914 case SNDRV_CTL_IOCTL_ELEM_LOCK: 1915 return snd_ctl_elem_lock(ctl, argp); 1916 case SNDRV_CTL_IOCTL_ELEM_UNLOCK: 1917 return snd_ctl_elem_unlock(ctl, argp); 1918 case SNDRV_CTL_IOCTL_ELEM_ADD: 1919 return snd_ctl_elem_add_user(ctl, argp, 0); 1920 case SNDRV_CTL_IOCTL_ELEM_REPLACE: 1921 return snd_ctl_elem_add_user(ctl, argp, 1); 1922 case SNDRV_CTL_IOCTL_ELEM_REMOVE: 1923 return snd_ctl_elem_remove(ctl, argp); 1924 case SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS: 1925 return snd_ctl_subscribe_events(ctl, ip); 1926 case SNDRV_CTL_IOCTL_TLV_READ: 1927 down_read(&ctl->card->controls_rwsem); 1928 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_READ); 1929 up_read(&ctl->card->controls_rwsem); 1930 return err; 1931 case SNDRV_CTL_IOCTL_TLV_WRITE: 1932 down_write(&ctl->card->controls_rwsem); 1933 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_WRITE); 1934 up_write(&ctl->card->controls_rwsem); 1935 return err; 1936 case SNDRV_CTL_IOCTL_TLV_COMMAND: 1937 down_write(&ctl->card->controls_rwsem); 1938 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_CMD); 1939 up_write(&ctl->card->controls_rwsem); 1940 return err; 1941 case SNDRV_CTL_IOCTL_POWER: 1942 return -ENOPROTOOPT; 1943 case SNDRV_CTL_IOCTL_POWER_STATE: 1944 return put_user(SNDRV_CTL_POWER_D0, ip) ? -EFAULT : 0; 1945 } 1946 down_read(&snd_ioctl_rwsem); 1947 list_for_each_entry(p, &snd_control_ioctls, list) { 1948 err = p->fioctl(card, ctl, cmd, arg); 1949 if (err != -ENOIOCTLCMD) { 1950 up_read(&snd_ioctl_rwsem); 1951 return err; 1952 } 1953 } 1954 up_read(&snd_ioctl_rwsem); 1955 dev_dbg(card->dev, "unknown ioctl = 0x%x\n", cmd); 1956 return -ENOTTY; 1957 } 1958 1959 static ssize_t snd_ctl_read(struct file *file, char __user *buffer, 1960 size_t count, loff_t * offset) 1961 { 1962 struct snd_ctl_file *ctl; 1963 int err = 0; 1964 ssize_t result = 0; 1965 1966 ctl = file->private_data; 1967 if (snd_BUG_ON(!ctl || !ctl->card)) 1968 return -ENXIO; 1969 if (!ctl->subscribed) 1970 return -EBADFD; 1971 if (count < sizeof(struct snd_ctl_event)) 1972 return -EINVAL; 1973 spin_lock_irq(&ctl->read_lock); 1974 while (count >= sizeof(struct snd_ctl_event)) { 1975 struct snd_ctl_event ev; 1976 struct snd_kctl_event *kev; 1977 while (list_empty(&ctl->events)) { 1978 wait_queue_entry_t wait; 1979 if ((file->f_flags & O_NONBLOCK) != 0 || result > 0) { 1980 err = -EAGAIN; 1981 goto __end_lock; 1982 } 1983 init_waitqueue_entry(&wait, current); 1984 add_wait_queue(&ctl->change_sleep, &wait); 1985 set_current_state(TASK_INTERRUPTIBLE); 1986 spin_unlock_irq(&ctl->read_lock); 1987 schedule(); 1988 remove_wait_queue(&ctl->change_sleep, &wait); 1989 if (ctl->card->shutdown) 1990 return -ENODEV; 1991 if (signal_pending(current)) 1992 return -ERESTARTSYS; 1993 spin_lock_irq(&ctl->read_lock); 1994 } 1995 kev = snd_kctl_event(ctl->events.next); 1996 ev.type = SNDRV_CTL_EVENT_ELEM; 1997 ev.data.elem.mask = kev->mask; 1998 ev.data.elem.id = kev->id; 1999 list_del(&kev->list); 2000 spin_unlock_irq(&ctl->read_lock); 2001 kfree(kev); 2002 if (copy_to_user(buffer, &ev, sizeof(struct snd_ctl_event))) { 2003 err = -EFAULT; 2004 goto __end; 2005 } 2006 spin_lock_irq(&ctl->read_lock); 2007 buffer += sizeof(struct snd_ctl_event); 2008 count -= sizeof(struct snd_ctl_event); 2009 result += sizeof(struct snd_ctl_event); 2010 } 2011 __end_lock: 2012 spin_unlock_irq(&ctl->read_lock); 2013 __end: 2014 return result > 0 ? result : err; 2015 } 2016 2017 static __poll_t snd_ctl_poll(struct file *file, poll_table * wait) 2018 { 2019 __poll_t mask; 2020 struct snd_ctl_file *ctl; 2021 2022 ctl = file->private_data; 2023 if (!ctl->subscribed) 2024 return 0; 2025 poll_wait(file, &ctl->change_sleep, wait); 2026 2027 mask = 0; 2028 if (!list_empty(&ctl->events)) 2029 mask |= EPOLLIN | EPOLLRDNORM; 2030 2031 return mask; 2032 } 2033 2034 /* 2035 * register the device-specific control-ioctls. 2036 * called from each device manager like pcm.c, hwdep.c, etc. 2037 */ 2038 static int _snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn, struct list_head *lists) 2039 { 2040 struct snd_kctl_ioctl *pn; 2041 2042 pn = kzalloc(sizeof(struct snd_kctl_ioctl), GFP_KERNEL); 2043 if (pn == NULL) 2044 return -ENOMEM; 2045 pn->fioctl = fcn; 2046 down_write(&snd_ioctl_rwsem); 2047 list_add_tail(&pn->list, lists); 2048 up_write(&snd_ioctl_rwsem); 2049 return 0; 2050 } 2051 2052 /** 2053 * snd_ctl_register_ioctl - register the device-specific control-ioctls 2054 * @fcn: ioctl callback function 2055 * 2056 * called from each device manager like pcm.c, hwdep.c, etc. 2057 */ 2058 int snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn) 2059 { 2060 return _snd_ctl_register_ioctl(fcn, &snd_control_ioctls); 2061 } 2062 EXPORT_SYMBOL(snd_ctl_register_ioctl); 2063 2064 #ifdef CONFIG_COMPAT 2065 /** 2066 * snd_ctl_register_ioctl_compat - register the device-specific 32bit compat 2067 * control-ioctls 2068 * @fcn: ioctl callback function 2069 */ 2070 int snd_ctl_register_ioctl_compat(snd_kctl_ioctl_func_t fcn) 2071 { 2072 return _snd_ctl_register_ioctl(fcn, &snd_control_compat_ioctls); 2073 } 2074 EXPORT_SYMBOL(snd_ctl_register_ioctl_compat); 2075 #endif 2076 2077 /* 2078 * de-register the device-specific control-ioctls. 2079 */ 2080 static int _snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn, 2081 struct list_head *lists) 2082 { 2083 struct snd_kctl_ioctl *p; 2084 2085 if (snd_BUG_ON(!fcn)) 2086 return -EINVAL; 2087 down_write(&snd_ioctl_rwsem); 2088 list_for_each_entry(p, lists, list) { 2089 if (p->fioctl == fcn) { 2090 list_del(&p->list); 2091 up_write(&snd_ioctl_rwsem); 2092 kfree(p); 2093 return 0; 2094 } 2095 } 2096 up_write(&snd_ioctl_rwsem); 2097 snd_BUG(); 2098 return -EINVAL; 2099 } 2100 2101 /** 2102 * snd_ctl_unregister_ioctl - de-register the device-specific control-ioctls 2103 * @fcn: ioctl callback function to unregister 2104 */ 2105 int snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn) 2106 { 2107 return _snd_ctl_unregister_ioctl(fcn, &snd_control_ioctls); 2108 } 2109 EXPORT_SYMBOL(snd_ctl_unregister_ioctl); 2110 2111 #ifdef CONFIG_COMPAT 2112 /** 2113 * snd_ctl_unregister_ioctl_compat - de-register the device-specific compat 2114 * 32bit control-ioctls 2115 * @fcn: ioctl callback function to unregister 2116 */ 2117 int snd_ctl_unregister_ioctl_compat(snd_kctl_ioctl_func_t fcn) 2118 { 2119 return _snd_ctl_unregister_ioctl(fcn, &snd_control_compat_ioctls); 2120 } 2121 EXPORT_SYMBOL(snd_ctl_unregister_ioctl_compat); 2122 #endif 2123 2124 static int snd_ctl_fasync(int fd, struct file * file, int on) 2125 { 2126 struct snd_ctl_file *ctl; 2127 2128 ctl = file->private_data; 2129 return fasync_helper(fd, file, on, &ctl->fasync); 2130 } 2131 2132 /* return the preferred subdevice number if already assigned; 2133 * otherwise return -1 2134 */ 2135 int snd_ctl_get_preferred_subdevice(struct snd_card *card, int type) 2136 { 2137 struct snd_ctl_file *kctl; 2138 int subdevice = -1; 2139 unsigned long flags; 2140 2141 read_lock_irqsave(&card->ctl_files_rwlock, flags); 2142 list_for_each_entry(kctl, &card->ctl_files, list) { 2143 if (kctl->pid == task_pid(current)) { 2144 subdevice = kctl->preferred_subdevice[type]; 2145 if (subdevice != -1) 2146 break; 2147 } 2148 } 2149 read_unlock_irqrestore(&card->ctl_files_rwlock, flags); 2150 return subdevice; 2151 } 2152 EXPORT_SYMBOL_GPL(snd_ctl_get_preferred_subdevice); 2153 2154 /* 2155 * ioctl32 compat 2156 */ 2157 #ifdef CONFIG_COMPAT 2158 #include "control_compat.c" 2159 #else 2160 #define snd_ctl_ioctl_compat NULL 2161 #endif 2162 2163 /* 2164 * control layers (audio LED etc.) 2165 */ 2166 2167 /** 2168 * snd_ctl_request_layer - request to use the layer 2169 * @module_name: Name of the kernel module (NULL == build-in) 2170 * 2171 * Return an error code when the module cannot be loaded. 2172 */ 2173 int snd_ctl_request_layer(const char *module_name) 2174 { 2175 struct snd_ctl_layer_ops *lops; 2176 2177 if (module_name == NULL) 2178 return 0; 2179 down_read(&snd_ctl_layer_rwsem); 2180 for (lops = snd_ctl_layer; lops; lops = lops->next) 2181 if (strcmp(lops->module_name, module_name) == 0) 2182 break; 2183 up_read(&snd_ctl_layer_rwsem); 2184 if (lops) 2185 return 0; 2186 return request_module(module_name); 2187 } 2188 EXPORT_SYMBOL_GPL(snd_ctl_request_layer); 2189 2190 /** 2191 * snd_ctl_register_layer - register new control layer 2192 * @lops: operation structure 2193 * 2194 * The new layer can track all control elements and do additional 2195 * operations on top (like audio LED handling). 2196 */ 2197 void snd_ctl_register_layer(struct snd_ctl_layer_ops *lops) 2198 { 2199 struct snd_card *card; 2200 int card_number; 2201 2202 down_write(&snd_ctl_layer_rwsem); 2203 lops->next = snd_ctl_layer; 2204 snd_ctl_layer = lops; 2205 up_write(&snd_ctl_layer_rwsem); 2206 for (card_number = 0; card_number < SNDRV_CARDS; card_number++) { 2207 card = snd_card_ref(card_number); 2208 if (card) { 2209 down_read(&card->controls_rwsem); 2210 lops->lregister(card); 2211 up_read(&card->controls_rwsem); 2212 snd_card_unref(card); 2213 } 2214 } 2215 } 2216 EXPORT_SYMBOL_GPL(snd_ctl_register_layer); 2217 2218 /** 2219 * snd_ctl_disconnect_layer - disconnect control layer 2220 * @lops: operation structure 2221 * 2222 * It is expected that the information about tracked cards 2223 * is freed before this call (the disconnect callback is 2224 * not called here). 2225 */ 2226 void snd_ctl_disconnect_layer(struct snd_ctl_layer_ops *lops) 2227 { 2228 struct snd_ctl_layer_ops *lops2, *prev_lops2; 2229 2230 down_write(&snd_ctl_layer_rwsem); 2231 for (lops2 = snd_ctl_layer, prev_lops2 = NULL; lops2; lops2 = lops2->next) { 2232 if (lops2 == lops) { 2233 if (!prev_lops2) 2234 snd_ctl_layer = lops->next; 2235 else 2236 prev_lops2->next = lops->next; 2237 break; 2238 } 2239 prev_lops2 = lops2; 2240 } 2241 up_write(&snd_ctl_layer_rwsem); 2242 } 2243 EXPORT_SYMBOL_GPL(snd_ctl_disconnect_layer); 2244 2245 /* 2246 * INIT PART 2247 */ 2248 2249 static const struct file_operations snd_ctl_f_ops = 2250 { 2251 .owner = THIS_MODULE, 2252 .read = snd_ctl_read, 2253 .open = snd_ctl_open, 2254 .release = snd_ctl_release, 2255 .llseek = no_llseek, 2256 .poll = snd_ctl_poll, 2257 .unlocked_ioctl = snd_ctl_ioctl, 2258 .compat_ioctl = snd_ctl_ioctl_compat, 2259 .fasync = snd_ctl_fasync, 2260 }; 2261 2262 /* 2263 * registration of the control device 2264 */ 2265 static int snd_ctl_dev_register(struct snd_device *device) 2266 { 2267 struct snd_card *card = device->device_data; 2268 struct snd_ctl_layer_ops *lops; 2269 int err; 2270 2271 err = snd_register_device(SNDRV_DEVICE_TYPE_CONTROL, card, -1, 2272 &snd_ctl_f_ops, card, &card->ctl_dev); 2273 if (err < 0) 2274 return err; 2275 down_read(&card->controls_rwsem); 2276 down_read(&snd_ctl_layer_rwsem); 2277 for (lops = snd_ctl_layer; lops; lops = lops->next) 2278 lops->lregister(card); 2279 up_read(&snd_ctl_layer_rwsem); 2280 up_read(&card->controls_rwsem); 2281 return 0; 2282 } 2283 2284 /* 2285 * disconnection of the control device 2286 */ 2287 static int snd_ctl_dev_disconnect(struct snd_device *device) 2288 { 2289 struct snd_card *card = device->device_data; 2290 struct snd_ctl_file *ctl; 2291 struct snd_ctl_layer_ops *lops; 2292 unsigned long flags; 2293 2294 read_lock_irqsave(&card->ctl_files_rwlock, flags); 2295 list_for_each_entry(ctl, &card->ctl_files, list) { 2296 wake_up(&ctl->change_sleep); 2297 kill_fasync(&ctl->fasync, SIGIO, POLL_ERR); 2298 } 2299 read_unlock_irqrestore(&card->ctl_files_rwlock, flags); 2300 2301 down_read(&card->controls_rwsem); 2302 down_read(&snd_ctl_layer_rwsem); 2303 for (lops = snd_ctl_layer; lops; lops = lops->next) 2304 lops->ldisconnect(card); 2305 up_read(&snd_ctl_layer_rwsem); 2306 up_read(&card->controls_rwsem); 2307 2308 return snd_unregister_device(&card->ctl_dev); 2309 } 2310 2311 /* 2312 * free all controls 2313 */ 2314 static int snd_ctl_dev_free(struct snd_device *device) 2315 { 2316 struct snd_card *card = device->device_data; 2317 struct snd_kcontrol *control; 2318 2319 down_write(&card->controls_rwsem); 2320 while (!list_empty(&card->controls)) { 2321 control = snd_kcontrol(card->controls.next); 2322 __snd_ctl_remove(card, control, false); 2323 } 2324 2325 #ifdef CONFIG_SND_CTL_FAST_LOOKUP 2326 xa_destroy(&card->ctl_numids); 2327 xa_destroy(&card->ctl_hash); 2328 #endif 2329 up_write(&card->controls_rwsem); 2330 put_device(&card->ctl_dev); 2331 return 0; 2332 } 2333 2334 /* 2335 * create control core: 2336 * called from init.c 2337 */ 2338 int snd_ctl_create(struct snd_card *card) 2339 { 2340 static const struct snd_device_ops ops = { 2341 .dev_free = snd_ctl_dev_free, 2342 .dev_register = snd_ctl_dev_register, 2343 .dev_disconnect = snd_ctl_dev_disconnect, 2344 }; 2345 int err; 2346 2347 if (snd_BUG_ON(!card)) 2348 return -ENXIO; 2349 if (snd_BUG_ON(card->number < 0 || card->number >= SNDRV_CARDS)) 2350 return -ENXIO; 2351 2352 snd_device_initialize(&card->ctl_dev, card); 2353 dev_set_name(&card->ctl_dev, "controlC%d", card->number); 2354 2355 err = snd_device_new(card, SNDRV_DEV_CONTROL, card, &ops); 2356 if (err < 0) 2357 put_device(&card->ctl_dev); 2358 return err; 2359 } 2360 2361 /* 2362 * Frequently used control callbacks/helpers 2363 */ 2364 2365 /** 2366 * snd_ctl_boolean_mono_info - Helper function for a standard boolean info 2367 * callback with a mono channel 2368 * @kcontrol: the kcontrol instance 2369 * @uinfo: info to store 2370 * 2371 * This is a function that can be used as info callback for a standard 2372 * boolean control with a single mono channel. 2373 */ 2374 int snd_ctl_boolean_mono_info(struct snd_kcontrol *kcontrol, 2375 struct snd_ctl_elem_info *uinfo) 2376 { 2377 uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN; 2378 uinfo->count = 1; 2379 uinfo->value.integer.min = 0; 2380 uinfo->value.integer.max = 1; 2381 return 0; 2382 } 2383 EXPORT_SYMBOL(snd_ctl_boolean_mono_info); 2384 2385 /** 2386 * snd_ctl_boolean_stereo_info - Helper function for a standard boolean info 2387 * callback with stereo two channels 2388 * @kcontrol: the kcontrol instance 2389 * @uinfo: info to store 2390 * 2391 * This is a function that can be used as info callback for a standard 2392 * boolean control with stereo two channels. 2393 */ 2394 int snd_ctl_boolean_stereo_info(struct snd_kcontrol *kcontrol, 2395 struct snd_ctl_elem_info *uinfo) 2396 { 2397 uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN; 2398 uinfo->count = 2; 2399 uinfo->value.integer.min = 0; 2400 uinfo->value.integer.max = 1; 2401 return 0; 2402 } 2403 EXPORT_SYMBOL(snd_ctl_boolean_stereo_info); 2404 2405 /** 2406 * snd_ctl_enum_info - fills the info structure for an enumerated control 2407 * @info: the structure to be filled 2408 * @channels: the number of the control's channels; often one 2409 * @items: the number of control values; also the size of @names 2410 * @names: an array containing the names of all control values 2411 * 2412 * Sets all required fields in @info to their appropriate values. 2413 * If the control's accessibility is not the default (readable and writable), 2414 * the caller has to fill @info->access. 2415 * 2416 * Return: Zero. 2417 */ 2418 int snd_ctl_enum_info(struct snd_ctl_elem_info *info, unsigned int channels, 2419 unsigned int items, const char *const names[]) 2420 { 2421 info->type = SNDRV_CTL_ELEM_TYPE_ENUMERATED; 2422 info->count = channels; 2423 info->value.enumerated.items = items; 2424 if (!items) 2425 return 0; 2426 if (info->value.enumerated.item >= items) 2427 info->value.enumerated.item = items - 1; 2428 WARN(strlen(names[info->value.enumerated.item]) >= sizeof(info->value.enumerated.name), 2429 "ALSA: too long item name '%s'\n", 2430 names[info->value.enumerated.item]); 2431 strscpy(info->value.enumerated.name, 2432 names[info->value.enumerated.item], 2433 sizeof(info->value.enumerated.name)); 2434 return 0; 2435 } 2436 EXPORT_SYMBOL(snd_ctl_enum_info); 2437