1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Routines for driver control interface
4 * Copyright (c) by Jaroslav Kysela <perex@perex.cz>
5 */
6
7 #include <linux/threads.h>
8 #include <linux/interrupt.h>
9 #include <linux/module.h>
10 #include <linux/moduleparam.h>
11 #include <linux/slab.h>
12 #include <linux/vmalloc.h>
13 #include <linux/time.h>
14 #include <linux/mm.h>
15 #include <linux/math64.h>
16 #include <linux/sched/signal.h>
17 #include <sound/core.h>
18 #include <sound/minors.h>
19 #include <sound/info.h>
20 #include <sound/control.h>
21
22 // Max allocation size for user controls.
23 static int max_user_ctl_alloc_size = 8 * 1024 * 1024;
24 module_param_named(max_user_ctl_alloc_size, max_user_ctl_alloc_size, int, 0444);
25 MODULE_PARM_DESC(max_user_ctl_alloc_size, "Max allocation size for user controls");
26
27 #define MAX_CONTROL_COUNT 1028
28
29 struct snd_kctl_ioctl {
30 struct list_head list; /* list of all ioctls */
31 snd_kctl_ioctl_func_t fioctl;
32 };
33
34 static DECLARE_RWSEM(snd_ioctl_rwsem);
35 static DECLARE_RWSEM(snd_ctl_layer_rwsem);
36 static LIST_HEAD(snd_control_ioctls);
37 #ifdef CONFIG_COMPAT
38 static LIST_HEAD(snd_control_compat_ioctls);
39 #endif
40 static struct snd_ctl_layer_ops *snd_ctl_layer;
41
snd_ctl_open(struct inode * inode,struct file * file)42 static int snd_ctl_open(struct inode *inode, struct file *file)
43 {
44 unsigned long flags;
45 struct snd_card *card;
46 struct snd_ctl_file *ctl;
47 int i, err;
48
49 err = stream_open(inode, file);
50 if (err < 0)
51 return err;
52
53 card = snd_lookup_minor_data(iminor(inode), SNDRV_DEVICE_TYPE_CONTROL);
54 if (!card) {
55 err = -ENODEV;
56 goto __error1;
57 }
58 err = snd_card_file_add(card, file);
59 if (err < 0) {
60 err = -ENODEV;
61 goto __error1;
62 }
63 if (!try_module_get(card->module)) {
64 err = -EFAULT;
65 goto __error2;
66 }
67 ctl = kzalloc(sizeof(*ctl), GFP_KERNEL);
68 if (ctl == NULL) {
69 err = -ENOMEM;
70 goto __error;
71 }
72 INIT_LIST_HEAD(&ctl->events);
73 init_waitqueue_head(&ctl->change_sleep);
74 spin_lock_init(&ctl->read_lock);
75 ctl->card = card;
76 for (i = 0; i < SND_CTL_SUBDEV_ITEMS; i++)
77 ctl->preferred_subdevice[i] = -1;
78 ctl->pid = get_pid(task_pid(current));
79 file->private_data = ctl;
80 write_lock_irqsave(&card->ctl_files_rwlock, flags);
81 list_add_tail(&ctl->list, &card->ctl_files);
82 write_unlock_irqrestore(&card->ctl_files_rwlock, flags);
83 snd_card_unref(card);
84 return 0;
85
86 __error:
87 module_put(card->module);
88 __error2:
89 snd_card_file_remove(card, file);
90 __error1:
91 if (card)
92 snd_card_unref(card);
93 return err;
94 }
95
snd_ctl_empty_read_queue(struct snd_ctl_file * ctl)96 static void snd_ctl_empty_read_queue(struct snd_ctl_file * ctl)
97 {
98 unsigned long flags;
99 struct snd_kctl_event *cread;
100
101 spin_lock_irqsave(&ctl->read_lock, flags);
102 while (!list_empty(&ctl->events)) {
103 cread = snd_kctl_event(ctl->events.next);
104 list_del(&cread->list);
105 kfree(cread);
106 }
107 spin_unlock_irqrestore(&ctl->read_lock, flags);
108 }
109
snd_ctl_release(struct inode * inode,struct file * file)110 static int snd_ctl_release(struct inode *inode, struct file *file)
111 {
112 unsigned long flags;
113 struct snd_card *card;
114 struct snd_ctl_file *ctl;
115 struct snd_kcontrol *control;
116 unsigned int idx;
117
118 ctl = file->private_data;
119 file->private_data = NULL;
120 card = ctl->card;
121 write_lock_irqsave(&card->ctl_files_rwlock, flags);
122 list_del(&ctl->list);
123 write_unlock_irqrestore(&card->ctl_files_rwlock, flags);
124 down_write(&card->controls_rwsem);
125 list_for_each_entry(control, &card->controls, list)
126 for (idx = 0; idx < control->count; idx++)
127 if (control->vd[idx].owner == ctl)
128 control->vd[idx].owner = NULL;
129 up_write(&card->controls_rwsem);
130 snd_fasync_free(ctl->fasync);
131 snd_ctl_empty_read_queue(ctl);
132 put_pid(ctl->pid);
133 kfree(ctl);
134 module_put(card->module);
135 snd_card_file_remove(card, file);
136 return 0;
137 }
138
139 /**
140 * snd_ctl_notify - Send notification to user-space for a control change
141 * @card: the card to send notification
142 * @mask: the event mask, SNDRV_CTL_EVENT_*
143 * @id: the ctl element id to send notification
144 *
145 * This function adds an event record with the given id and mask, appends
146 * to the list and wakes up the user-space for notification. This can be
147 * called in the atomic context.
148 */
snd_ctl_notify(struct snd_card * card,unsigned int mask,struct snd_ctl_elem_id * id)149 void snd_ctl_notify(struct snd_card *card, unsigned int mask,
150 struct snd_ctl_elem_id *id)
151 {
152 unsigned long flags;
153 struct snd_ctl_file *ctl;
154 struct snd_kctl_event *ev;
155
156 if (snd_BUG_ON(!card || !id))
157 return;
158 if (card->shutdown)
159 return;
160 read_lock_irqsave(&card->ctl_files_rwlock, flags);
161 #if IS_ENABLED(CONFIG_SND_MIXER_OSS)
162 card->mixer_oss_change_count++;
163 #endif
164 list_for_each_entry(ctl, &card->ctl_files, list) {
165 if (!ctl->subscribed)
166 continue;
167 spin_lock(&ctl->read_lock);
168 list_for_each_entry(ev, &ctl->events, list) {
169 if (ev->id.numid == id->numid) {
170 ev->mask |= mask;
171 goto _found;
172 }
173 }
174 ev = kzalloc(sizeof(*ev), GFP_ATOMIC);
175 if (ev) {
176 ev->id = *id;
177 ev->mask = mask;
178 list_add_tail(&ev->list, &ctl->events);
179 } else {
180 dev_err(card->dev, "No memory available to allocate event\n");
181 }
182 _found:
183 wake_up(&ctl->change_sleep);
184 spin_unlock(&ctl->read_lock);
185 snd_kill_fasync(ctl->fasync, SIGIO, POLL_IN);
186 }
187 read_unlock_irqrestore(&card->ctl_files_rwlock, flags);
188 }
189 EXPORT_SYMBOL(snd_ctl_notify);
190
191 /**
192 * snd_ctl_notify_one - Send notification to user-space for a control change
193 * @card: the card to send notification
194 * @mask: the event mask, SNDRV_CTL_EVENT_*
195 * @kctl: the pointer with the control instance
196 * @ioff: the additional offset to the control index
197 *
198 * This function calls snd_ctl_notify() and does additional jobs
199 * like LED state changes.
200 */
snd_ctl_notify_one(struct snd_card * card,unsigned int mask,struct snd_kcontrol * kctl,unsigned int ioff)201 void snd_ctl_notify_one(struct snd_card *card, unsigned int mask,
202 struct snd_kcontrol *kctl, unsigned int ioff)
203 {
204 struct snd_ctl_elem_id id = kctl->id;
205 struct snd_ctl_layer_ops *lops;
206
207 id.index += ioff;
208 id.numid += ioff;
209 snd_ctl_notify(card, mask, &id);
210 down_read(&snd_ctl_layer_rwsem);
211 for (lops = snd_ctl_layer; lops; lops = lops->next)
212 lops->lnotify(card, mask, kctl, ioff);
213 up_read(&snd_ctl_layer_rwsem);
214 }
215 EXPORT_SYMBOL(snd_ctl_notify_one);
216
217 /**
218 * snd_ctl_new - create a new control instance with some elements
219 * @kctl: the pointer to store new control instance
220 * @count: the number of elements in this control
221 * @access: the default access flags for elements in this control
222 * @file: given when locking these elements
223 *
224 * Allocates a memory object for a new control instance. The instance has
225 * elements as many as the given number (@count). Each element has given
226 * access permissions (@access). Each element is locked when @file is given.
227 *
228 * Return: 0 on success, error code on failure
229 */
snd_ctl_new(struct snd_kcontrol ** kctl,unsigned int count,unsigned int access,struct snd_ctl_file * file)230 static int snd_ctl_new(struct snd_kcontrol **kctl, unsigned int count,
231 unsigned int access, struct snd_ctl_file *file)
232 {
233 unsigned int idx;
234
235 if (count == 0 || count > MAX_CONTROL_COUNT)
236 return -EINVAL;
237
238 *kctl = kzalloc(struct_size(*kctl, vd, count), GFP_KERNEL);
239 if (!*kctl)
240 return -ENOMEM;
241
242 for (idx = 0; idx < count; idx++) {
243 (*kctl)->vd[idx].access = access;
244 (*kctl)->vd[idx].owner = file;
245 }
246 (*kctl)->count = count;
247
248 return 0;
249 }
250
251 /**
252 * snd_ctl_new1 - create a control instance from the template
253 * @ncontrol: the initialization record
254 * @private_data: the private data to set
255 *
256 * Allocates a new struct snd_kcontrol instance and initialize from the given
257 * template. When the access field of ncontrol is 0, it's assumed as
258 * READWRITE access. When the count field is 0, it's assumes as one.
259 *
260 * Return: The pointer of the newly generated instance, or %NULL on failure.
261 */
snd_ctl_new1(const struct snd_kcontrol_new * ncontrol,void * private_data)262 struct snd_kcontrol *snd_ctl_new1(const struct snd_kcontrol_new *ncontrol,
263 void *private_data)
264 {
265 struct snd_kcontrol *kctl;
266 unsigned int count;
267 unsigned int access;
268 int err;
269
270 if (snd_BUG_ON(!ncontrol || !ncontrol->info))
271 return NULL;
272
273 count = ncontrol->count;
274 if (count == 0)
275 count = 1;
276
277 access = ncontrol->access;
278 if (access == 0)
279 access = SNDRV_CTL_ELEM_ACCESS_READWRITE;
280 access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE |
281 SNDRV_CTL_ELEM_ACCESS_VOLATILE |
282 SNDRV_CTL_ELEM_ACCESS_INACTIVE |
283 SNDRV_CTL_ELEM_ACCESS_TLV_READWRITE |
284 SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND |
285 SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK |
286 SNDRV_CTL_ELEM_ACCESS_LED_MASK |
287 SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK);
288
289 err = snd_ctl_new(&kctl, count, access, NULL);
290 if (err < 0)
291 return NULL;
292
293 /* The 'numid' member is decided when calling snd_ctl_add(). */
294 kctl->id.iface = ncontrol->iface;
295 kctl->id.device = ncontrol->device;
296 kctl->id.subdevice = ncontrol->subdevice;
297 if (ncontrol->name) {
298 strscpy(kctl->id.name, ncontrol->name, sizeof(kctl->id.name));
299 if (strcmp(ncontrol->name, kctl->id.name) != 0)
300 pr_warn("ALSA: Control name '%s' truncated to '%s'\n",
301 ncontrol->name, kctl->id.name);
302 }
303 kctl->id.index = ncontrol->index;
304
305 kctl->info = ncontrol->info;
306 kctl->get = ncontrol->get;
307 kctl->put = ncontrol->put;
308 kctl->tlv.p = ncontrol->tlv.p;
309
310 kctl->private_value = ncontrol->private_value;
311 kctl->private_data = private_data;
312
313 return kctl;
314 }
315 EXPORT_SYMBOL(snd_ctl_new1);
316
317 /**
318 * snd_ctl_free_one - release the control instance
319 * @kcontrol: the control instance
320 *
321 * Releases the control instance created via snd_ctl_new()
322 * or snd_ctl_new1().
323 * Don't call this after the control was added to the card.
324 */
snd_ctl_free_one(struct snd_kcontrol * kcontrol)325 void snd_ctl_free_one(struct snd_kcontrol *kcontrol)
326 {
327 if (kcontrol) {
328 if (kcontrol->private_free)
329 kcontrol->private_free(kcontrol);
330 kfree(kcontrol);
331 }
332 }
333 EXPORT_SYMBOL(snd_ctl_free_one);
334
snd_ctl_remove_numid_conflict(struct snd_card * card,unsigned int count)335 static bool snd_ctl_remove_numid_conflict(struct snd_card *card,
336 unsigned int count)
337 {
338 struct snd_kcontrol *kctl;
339
340 /* Make sure that the ids assigned to the control do not wrap around */
341 if (card->last_numid >= UINT_MAX - count)
342 card->last_numid = 0;
343
344 list_for_each_entry(kctl, &card->controls, list) {
345 if (kctl->id.numid < card->last_numid + 1 + count &&
346 kctl->id.numid + kctl->count > card->last_numid + 1) {
347 card->last_numid = kctl->id.numid + kctl->count - 1;
348 return true;
349 }
350 }
351 return false;
352 }
353
snd_ctl_find_hole(struct snd_card * card,unsigned int count)354 static int snd_ctl_find_hole(struct snd_card *card, unsigned int count)
355 {
356 unsigned int iter = 100000;
357
358 while (snd_ctl_remove_numid_conflict(card, count)) {
359 if (--iter == 0) {
360 /* this situation is very unlikely */
361 dev_err(card->dev, "unable to allocate new control numid\n");
362 return -ENOMEM;
363 }
364 }
365 return 0;
366 }
367
368 enum snd_ctl_add_mode {
369 CTL_ADD_EXCLUSIVE, CTL_REPLACE, CTL_ADD_ON_REPLACE,
370 };
371
372 /* add/replace a new kcontrol object; call with card->controls_rwsem locked */
__snd_ctl_add_replace(struct snd_card * card,struct snd_kcontrol * kcontrol,enum snd_ctl_add_mode mode)373 static int __snd_ctl_add_replace(struct snd_card *card,
374 struct snd_kcontrol *kcontrol,
375 enum snd_ctl_add_mode mode)
376 {
377 struct snd_ctl_elem_id id;
378 unsigned int idx;
379 struct snd_kcontrol *old;
380 int err;
381
382 id = kcontrol->id;
383 if (id.index > UINT_MAX - kcontrol->count)
384 return -EINVAL;
385
386 old = snd_ctl_find_id(card, &id);
387 if (!old) {
388 if (mode == CTL_REPLACE)
389 return -EINVAL;
390 } else {
391 if (mode == CTL_ADD_EXCLUSIVE) {
392 dev_err(card->dev,
393 "control %i:%i:%i:%s:%i is already present\n",
394 id.iface, id.device, id.subdevice, id.name,
395 id.index);
396 return -EBUSY;
397 }
398
399 err = snd_ctl_remove(card, old);
400 if (err < 0)
401 return err;
402 }
403
404 if (snd_ctl_find_hole(card, kcontrol->count) < 0)
405 return -ENOMEM;
406
407 list_add_tail(&kcontrol->list, &card->controls);
408 card->controls_count += kcontrol->count;
409 kcontrol->id.numid = card->last_numid + 1;
410 card->last_numid += kcontrol->count;
411
412 for (idx = 0; idx < kcontrol->count; idx++)
413 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_ADD, kcontrol, idx);
414
415 return 0;
416 }
417
snd_ctl_add_replace(struct snd_card * card,struct snd_kcontrol * kcontrol,enum snd_ctl_add_mode mode)418 static int snd_ctl_add_replace(struct snd_card *card,
419 struct snd_kcontrol *kcontrol,
420 enum snd_ctl_add_mode mode)
421 {
422 int err = -EINVAL;
423
424 if (! kcontrol)
425 return err;
426 if (snd_BUG_ON(!card || !kcontrol->info))
427 goto error;
428
429 down_write(&card->controls_rwsem);
430 err = __snd_ctl_add_replace(card, kcontrol, mode);
431 up_write(&card->controls_rwsem);
432 if (err < 0)
433 goto error;
434 return 0;
435
436 error:
437 snd_ctl_free_one(kcontrol);
438 return err;
439 }
440
441 /**
442 * snd_ctl_add - add the control instance to the card
443 * @card: the card instance
444 * @kcontrol: the control instance to add
445 *
446 * Adds the control instance created via snd_ctl_new() or
447 * snd_ctl_new1() to the given card. Assigns also an unique
448 * numid used for fast search.
449 *
450 * It frees automatically the control which cannot be added.
451 *
452 * Return: Zero if successful, or a negative error code on failure.
453 *
454 */
snd_ctl_add(struct snd_card * card,struct snd_kcontrol * kcontrol)455 int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
456 {
457 return snd_ctl_add_replace(card, kcontrol, CTL_ADD_EXCLUSIVE);
458 }
459 EXPORT_SYMBOL(snd_ctl_add);
460
461 /**
462 * snd_ctl_replace - replace the control instance of the card
463 * @card: the card instance
464 * @kcontrol: the control instance to replace
465 * @add_on_replace: add the control if not already added
466 *
467 * Replaces the given control. If the given control does not exist
468 * and the add_on_replace flag is set, the control is added. If the
469 * control exists, it is destroyed first.
470 *
471 * It frees automatically the control which cannot be added or replaced.
472 *
473 * Return: Zero if successful, or a negative error code on failure.
474 */
snd_ctl_replace(struct snd_card * card,struct snd_kcontrol * kcontrol,bool add_on_replace)475 int snd_ctl_replace(struct snd_card *card, struct snd_kcontrol *kcontrol,
476 bool add_on_replace)
477 {
478 return snd_ctl_add_replace(card, kcontrol,
479 add_on_replace ? CTL_ADD_ON_REPLACE : CTL_REPLACE);
480 }
481 EXPORT_SYMBOL(snd_ctl_replace);
482
483 /**
484 * snd_ctl_remove - remove the control from the card and release it
485 * @card: the card instance
486 * @kcontrol: the control instance to remove
487 *
488 * Removes the control from the card and then releases the instance.
489 * You don't need to call snd_ctl_free_one(). You must be in
490 * the write lock - down_write(&card->controls_rwsem).
491 *
492 * Return: 0 if successful, or a negative error code on failure.
493 */
snd_ctl_remove(struct snd_card * card,struct snd_kcontrol * kcontrol)494 int snd_ctl_remove(struct snd_card *card, struct snd_kcontrol *kcontrol)
495 {
496 unsigned int idx;
497
498 if (snd_BUG_ON(!card || !kcontrol))
499 return -EINVAL;
500 list_del(&kcontrol->list);
501 card->controls_count -= kcontrol->count;
502 for (idx = 0; idx < kcontrol->count; idx++)
503 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_REMOVE, kcontrol, idx);
504 snd_ctl_free_one(kcontrol);
505 return 0;
506 }
507 EXPORT_SYMBOL(snd_ctl_remove);
508
509 /**
510 * snd_ctl_remove_id - remove the control of the given id and release it
511 * @card: the card instance
512 * @id: the control id to remove
513 *
514 * Finds the control instance with the given id, removes it from the
515 * card list and releases it.
516 *
517 * Return: 0 if successful, or a negative error code on failure.
518 */
snd_ctl_remove_id(struct snd_card * card,struct snd_ctl_elem_id * id)519 int snd_ctl_remove_id(struct snd_card *card, struct snd_ctl_elem_id *id)
520 {
521 struct snd_kcontrol *kctl;
522 int ret;
523
524 down_write(&card->controls_rwsem);
525 kctl = snd_ctl_find_id(card, id);
526 if (kctl == NULL) {
527 up_write(&card->controls_rwsem);
528 return -ENOENT;
529 }
530 ret = snd_ctl_remove(card, kctl);
531 up_write(&card->controls_rwsem);
532 return ret;
533 }
534 EXPORT_SYMBOL(snd_ctl_remove_id);
535
536 /**
537 * snd_ctl_remove_user_ctl - remove and release the unlocked user control
538 * @file: active control handle
539 * @id: the control id to remove
540 *
541 * Finds the control instance with the given id, removes it from the
542 * card list and releases it.
543 *
544 * Return: 0 if successful, or a negative error code on failure.
545 */
snd_ctl_remove_user_ctl(struct snd_ctl_file * file,struct snd_ctl_elem_id * id)546 static int snd_ctl_remove_user_ctl(struct snd_ctl_file * file,
547 struct snd_ctl_elem_id *id)
548 {
549 struct snd_card *card = file->card;
550 struct snd_kcontrol *kctl;
551 int idx, ret;
552
553 down_write(&card->controls_rwsem);
554 kctl = snd_ctl_find_id(card, id);
555 if (kctl == NULL) {
556 ret = -ENOENT;
557 goto error;
558 }
559 if (!(kctl->vd[0].access & SNDRV_CTL_ELEM_ACCESS_USER)) {
560 ret = -EINVAL;
561 goto error;
562 }
563 for (idx = 0; idx < kctl->count; idx++)
564 if (kctl->vd[idx].owner != NULL && kctl->vd[idx].owner != file) {
565 ret = -EBUSY;
566 goto error;
567 }
568 ret = snd_ctl_remove(card, kctl);
569 error:
570 up_write(&card->controls_rwsem);
571 return ret;
572 }
573
574 /**
575 * snd_ctl_activate_id - activate/inactivate the control of the given id
576 * @card: the card instance
577 * @id: the control id to activate/inactivate
578 * @active: non-zero to activate
579 *
580 * Finds the control instance with the given id, and activate or
581 * inactivate the control together with notification, if changed.
582 * The given ID data is filled with full information.
583 *
584 * Return: 0 if unchanged, 1 if changed, or a negative error code on failure.
585 */
snd_ctl_activate_id(struct snd_card * card,struct snd_ctl_elem_id * id,int active)586 int snd_ctl_activate_id(struct snd_card *card, struct snd_ctl_elem_id *id,
587 int active)
588 {
589 struct snd_kcontrol *kctl;
590 struct snd_kcontrol_volatile *vd;
591 unsigned int index_offset;
592 int ret;
593
594 down_write(&card->controls_rwsem);
595 kctl = snd_ctl_find_id(card, id);
596 if (kctl == NULL) {
597 ret = -ENOENT;
598 goto unlock;
599 }
600 index_offset = snd_ctl_get_ioff(kctl, id);
601 vd = &kctl->vd[index_offset];
602 ret = 0;
603 if (active) {
604 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE))
605 goto unlock;
606 vd->access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE;
607 } else {
608 if (vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE)
609 goto unlock;
610 vd->access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE;
611 }
612 snd_ctl_build_ioff(id, kctl, index_offset);
613 downgrade_write(&card->controls_rwsem);
614 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_INFO, kctl, index_offset);
615 up_read(&card->controls_rwsem);
616 return 1;
617
618 unlock:
619 up_write(&card->controls_rwsem);
620 return ret;
621 }
622 EXPORT_SYMBOL_GPL(snd_ctl_activate_id);
623
624 /**
625 * snd_ctl_rename_id - replace the id of a control on the card
626 * @card: the card instance
627 * @src_id: the old id
628 * @dst_id: the new id
629 *
630 * Finds the control with the old id from the card, and replaces the
631 * id with the new one.
632 *
633 * Return: Zero if successful, or a negative error code on failure.
634 */
snd_ctl_rename_id(struct snd_card * card,struct snd_ctl_elem_id * src_id,struct snd_ctl_elem_id * dst_id)635 int snd_ctl_rename_id(struct snd_card *card, struct snd_ctl_elem_id *src_id,
636 struct snd_ctl_elem_id *dst_id)
637 {
638 struct snd_kcontrol *kctl;
639
640 down_write(&card->controls_rwsem);
641 kctl = snd_ctl_find_id(card, src_id);
642 if (kctl == NULL) {
643 up_write(&card->controls_rwsem);
644 return -ENOENT;
645 }
646 kctl->id = *dst_id;
647 kctl->id.numid = card->last_numid + 1;
648 card->last_numid += kctl->count;
649 up_write(&card->controls_rwsem);
650 return 0;
651 }
652 EXPORT_SYMBOL(snd_ctl_rename_id);
653
654 /**
655 * snd_ctl_find_numid - find the control instance with the given number-id
656 * @card: the card instance
657 * @numid: the number-id to search
658 *
659 * Finds the control instance with the given number-id from the card.
660 *
661 * The caller must down card->controls_rwsem before calling this function
662 * (if the race condition can happen).
663 *
664 * Return: The pointer of the instance if found, or %NULL if not.
665 *
666 */
snd_ctl_find_numid(struct snd_card * card,unsigned int numid)667 struct snd_kcontrol *snd_ctl_find_numid(struct snd_card *card, unsigned int numid)
668 {
669 struct snd_kcontrol *kctl;
670
671 if (snd_BUG_ON(!card || !numid))
672 return NULL;
673 list_for_each_entry(kctl, &card->controls, list) {
674 if (kctl->id.numid <= numid && kctl->id.numid + kctl->count > numid)
675 return kctl;
676 }
677 return NULL;
678 }
679 EXPORT_SYMBOL(snd_ctl_find_numid);
680
681 /**
682 * snd_ctl_find_id - find the control instance with the given id
683 * @card: the card instance
684 * @id: the id to search
685 *
686 * Finds the control instance with the given id from the card.
687 *
688 * The caller must down card->controls_rwsem before calling this function
689 * (if the race condition can happen).
690 *
691 * Return: The pointer of the instance if found, or %NULL if not.
692 *
693 */
snd_ctl_find_id(struct snd_card * card,struct snd_ctl_elem_id * id)694 struct snd_kcontrol *snd_ctl_find_id(struct snd_card *card,
695 struct snd_ctl_elem_id *id)
696 {
697 struct snd_kcontrol *kctl;
698
699 if (snd_BUG_ON(!card || !id))
700 return NULL;
701 if (id->numid != 0)
702 return snd_ctl_find_numid(card, id->numid);
703 list_for_each_entry(kctl, &card->controls, list) {
704 if (kctl->id.iface != id->iface)
705 continue;
706 if (kctl->id.device != id->device)
707 continue;
708 if (kctl->id.subdevice != id->subdevice)
709 continue;
710 if (strncmp(kctl->id.name, id->name, sizeof(kctl->id.name)))
711 continue;
712 if (kctl->id.index > id->index)
713 continue;
714 if (kctl->id.index + kctl->count <= id->index)
715 continue;
716 return kctl;
717 }
718 return NULL;
719 }
720 EXPORT_SYMBOL(snd_ctl_find_id);
721
snd_ctl_card_info(struct snd_card * card,struct snd_ctl_file * ctl,unsigned int cmd,void __user * arg)722 static int snd_ctl_card_info(struct snd_card *card, struct snd_ctl_file * ctl,
723 unsigned int cmd, void __user *arg)
724 {
725 struct snd_ctl_card_info *info;
726
727 info = kzalloc(sizeof(*info), GFP_KERNEL);
728 if (! info)
729 return -ENOMEM;
730 down_read(&snd_ioctl_rwsem);
731 info->card = card->number;
732 strscpy(info->id, card->id, sizeof(info->id));
733 strscpy(info->driver, card->driver, sizeof(info->driver));
734 strscpy(info->name, card->shortname, sizeof(info->name));
735 strscpy(info->longname, card->longname, sizeof(info->longname));
736 strscpy(info->mixername, card->mixername, sizeof(info->mixername));
737 strscpy(info->components, card->components, sizeof(info->components));
738 up_read(&snd_ioctl_rwsem);
739 if (copy_to_user(arg, info, sizeof(struct snd_ctl_card_info))) {
740 kfree(info);
741 return -EFAULT;
742 }
743 kfree(info);
744 return 0;
745 }
746
snd_ctl_elem_list(struct snd_card * card,struct snd_ctl_elem_list * list)747 static int snd_ctl_elem_list(struct snd_card *card,
748 struct snd_ctl_elem_list *list)
749 {
750 struct snd_kcontrol *kctl;
751 struct snd_ctl_elem_id id;
752 unsigned int offset, space, jidx;
753 int err = 0;
754
755 offset = list->offset;
756 space = list->space;
757
758 down_read(&card->controls_rwsem);
759 list->count = card->controls_count;
760 list->used = 0;
761 if (space > 0) {
762 list_for_each_entry(kctl, &card->controls, list) {
763 if (offset >= kctl->count) {
764 offset -= kctl->count;
765 continue;
766 }
767 for (jidx = offset; jidx < kctl->count; jidx++) {
768 snd_ctl_build_ioff(&id, kctl, jidx);
769 if (copy_to_user(list->pids + list->used, &id,
770 sizeof(id))) {
771 err = -EFAULT;
772 goto out;
773 }
774 list->used++;
775 if (!--space)
776 goto out;
777 }
778 offset = 0;
779 }
780 }
781 out:
782 up_read(&card->controls_rwsem);
783 return err;
784 }
785
snd_ctl_elem_list_user(struct snd_card * card,struct snd_ctl_elem_list __user * _list)786 static int snd_ctl_elem_list_user(struct snd_card *card,
787 struct snd_ctl_elem_list __user *_list)
788 {
789 struct snd_ctl_elem_list list;
790 int err;
791
792 if (copy_from_user(&list, _list, sizeof(list)))
793 return -EFAULT;
794 err = snd_ctl_elem_list(card, &list);
795 if (err)
796 return err;
797 if (copy_to_user(_list, &list, sizeof(list)))
798 return -EFAULT;
799
800 return 0;
801 }
802
803 /* Check whether the given kctl info is valid */
snd_ctl_check_elem_info(struct snd_card * card,const struct snd_ctl_elem_info * info)804 static int snd_ctl_check_elem_info(struct snd_card *card,
805 const struct snd_ctl_elem_info *info)
806 {
807 static const unsigned int max_value_counts[] = {
808 [SNDRV_CTL_ELEM_TYPE_BOOLEAN] = 128,
809 [SNDRV_CTL_ELEM_TYPE_INTEGER] = 128,
810 [SNDRV_CTL_ELEM_TYPE_ENUMERATED] = 128,
811 [SNDRV_CTL_ELEM_TYPE_BYTES] = 512,
812 [SNDRV_CTL_ELEM_TYPE_IEC958] = 1,
813 [SNDRV_CTL_ELEM_TYPE_INTEGER64] = 64,
814 };
815
816 if (info->type < SNDRV_CTL_ELEM_TYPE_BOOLEAN ||
817 info->type > SNDRV_CTL_ELEM_TYPE_INTEGER64) {
818 if (card)
819 dev_err(card->dev,
820 "control %i:%i:%i:%s:%i: invalid type %d\n",
821 info->id.iface, info->id.device,
822 info->id.subdevice, info->id.name,
823 info->id.index, info->type);
824 return -EINVAL;
825 }
826 if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED &&
827 info->value.enumerated.items == 0) {
828 if (card)
829 dev_err(card->dev,
830 "control %i:%i:%i:%s:%i: zero enum items\n",
831 info->id.iface, info->id.device,
832 info->id.subdevice, info->id.name,
833 info->id.index);
834 return -EINVAL;
835 }
836 if (info->count > max_value_counts[info->type]) {
837 if (card)
838 dev_err(card->dev,
839 "control %i:%i:%i:%s:%i: invalid count %d\n",
840 info->id.iface, info->id.device,
841 info->id.subdevice, info->id.name,
842 info->id.index, info->count);
843 return -EINVAL;
844 }
845
846 return 0;
847 }
848
849 /* The capacity of struct snd_ctl_elem_value.value.*/
850 static const unsigned int value_sizes[] = {
851 [SNDRV_CTL_ELEM_TYPE_BOOLEAN] = sizeof(long),
852 [SNDRV_CTL_ELEM_TYPE_INTEGER] = sizeof(long),
853 [SNDRV_CTL_ELEM_TYPE_ENUMERATED] = sizeof(unsigned int),
854 [SNDRV_CTL_ELEM_TYPE_BYTES] = sizeof(unsigned char),
855 [SNDRV_CTL_ELEM_TYPE_IEC958] = sizeof(struct snd_aes_iec958),
856 [SNDRV_CTL_ELEM_TYPE_INTEGER64] = sizeof(long long),
857 };
858
859 #ifdef CONFIG_SND_CTL_VALIDATION
860 /* fill the remaining snd_ctl_elem_value data with the given pattern */
fill_remaining_elem_value(struct snd_ctl_elem_value * control,struct snd_ctl_elem_info * info,u32 pattern)861 static void fill_remaining_elem_value(struct snd_ctl_elem_value *control,
862 struct snd_ctl_elem_info *info,
863 u32 pattern)
864 {
865 size_t offset = value_sizes[info->type] * info->count;
866
867 offset = DIV_ROUND_UP(offset, sizeof(u32));
868 memset32((u32 *)control->value.bytes.data + offset, pattern,
869 sizeof(control->value) / sizeof(u32) - offset);
870 }
871
872 /* check whether the given integer ctl value is valid */
sanity_check_int_value(struct snd_card * card,const struct snd_ctl_elem_value * control,const struct snd_ctl_elem_info * info,int i)873 static int sanity_check_int_value(struct snd_card *card,
874 const struct snd_ctl_elem_value *control,
875 const struct snd_ctl_elem_info *info,
876 int i)
877 {
878 long long lval, lmin, lmax, lstep;
879 u64 rem;
880
881 switch (info->type) {
882 default:
883 case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
884 lval = control->value.integer.value[i];
885 lmin = 0;
886 lmax = 1;
887 lstep = 0;
888 break;
889 case SNDRV_CTL_ELEM_TYPE_INTEGER:
890 lval = control->value.integer.value[i];
891 lmin = info->value.integer.min;
892 lmax = info->value.integer.max;
893 lstep = info->value.integer.step;
894 break;
895 case SNDRV_CTL_ELEM_TYPE_INTEGER64:
896 lval = control->value.integer64.value[i];
897 lmin = info->value.integer64.min;
898 lmax = info->value.integer64.max;
899 lstep = info->value.integer64.step;
900 break;
901 case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
902 lval = control->value.enumerated.item[i];
903 lmin = 0;
904 lmax = info->value.enumerated.items - 1;
905 lstep = 0;
906 break;
907 }
908
909 if (lval < lmin || lval > lmax) {
910 dev_err(card->dev,
911 "control %i:%i:%i:%s:%i: value out of range %lld (%lld/%lld) at count %i\n",
912 control->id.iface, control->id.device,
913 control->id.subdevice, control->id.name,
914 control->id.index, lval, lmin, lmax, i);
915 return -EINVAL;
916 }
917 if (lstep) {
918 div64_u64_rem(lval, lstep, &rem);
919 if (rem) {
920 dev_err(card->dev,
921 "control %i:%i:%i:%s:%i: unaligned value %lld (step %lld) at count %i\n",
922 control->id.iface, control->id.device,
923 control->id.subdevice, control->id.name,
924 control->id.index, lval, lstep, i);
925 return -EINVAL;
926 }
927 }
928
929 return 0;
930 }
931
932 /* perform sanity checks to the given snd_ctl_elem_value object */
sanity_check_elem_value(struct snd_card * card,const struct snd_ctl_elem_value * control,const struct snd_ctl_elem_info * info,u32 pattern)933 static int sanity_check_elem_value(struct snd_card *card,
934 const struct snd_ctl_elem_value *control,
935 const struct snd_ctl_elem_info *info,
936 u32 pattern)
937 {
938 size_t offset;
939 int i, ret = 0;
940 u32 *p;
941
942 switch (info->type) {
943 case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
944 case SNDRV_CTL_ELEM_TYPE_INTEGER:
945 case SNDRV_CTL_ELEM_TYPE_INTEGER64:
946 case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
947 for (i = 0; i < info->count; i++) {
948 ret = sanity_check_int_value(card, control, info, i);
949 if (ret < 0)
950 return ret;
951 }
952 break;
953 default:
954 break;
955 }
956
957 /* check whether the remaining area kept untouched */
958 offset = value_sizes[info->type] * info->count;
959 offset = DIV_ROUND_UP(offset, sizeof(u32));
960 p = (u32 *)control->value.bytes.data + offset;
961 for (; offset < sizeof(control->value) / sizeof(u32); offset++, p++) {
962 if (*p != pattern) {
963 ret = -EINVAL;
964 break;
965 }
966 *p = 0; /* clear the checked area */
967 }
968
969 return ret;
970 }
971 #else
fill_remaining_elem_value(struct snd_ctl_elem_value * control,struct snd_ctl_elem_info * info,u32 pattern)972 static inline void fill_remaining_elem_value(struct snd_ctl_elem_value *control,
973 struct snd_ctl_elem_info *info,
974 u32 pattern)
975 {
976 }
977
sanity_check_elem_value(struct snd_card * card,struct snd_ctl_elem_value * control,struct snd_ctl_elem_info * info,u32 pattern)978 static inline int sanity_check_elem_value(struct snd_card *card,
979 struct snd_ctl_elem_value *control,
980 struct snd_ctl_elem_info *info,
981 u32 pattern)
982 {
983 return 0;
984 }
985 #endif
986
__snd_ctl_elem_info(struct snd_card * card,struct snd_kcontrol * kctl,struct snd_ctl_elem_info * info,struct snd_ctl_file * ctl)987 static int __snd_ctl_elem_info(struct snd_card *card,
988 struct snd_kcontrol *kctl,
989 struct snd_ctl_elem_info *info,
990 struct snd_ctl_file *ctl)
991 {
992 struct snd_kcontrol_volatile *vd;
993 unsigned int index_offset;
994 int result;
995
996 #ifdef CONFIG_SND_DEBUG
997 info->access = 0;
998 #endif
999 result = snd_power_ref_and_wait(card);
1000 if (!result)
1001 result = kctl->info(kctl, info);
1002 snd_power_unref(card);
1003 if (result >= 0) {
1004 snd_BUG_ON(info->access);
1005 index_offset = snd_ctl_get_ioff(kctl, &info->id);
1006 vd = &kctl->vd[index_offset];
1007 snd_ctl_build_ioff(&info->id, kctl, index_offset);
1008 info->access = vd->access;
1009 if (vd->owner) {
1010 info->access |= SNDRV_CTL_ELEM_ACCESS_LOCK;
1011 if (vd->owner == ctl)
1012 info->access |= SNDRV_CTL_ELEM_ACCESS_OWNER;
1013 info->owner = pid_vnr(vd->owner->pid);
1014 } else {
1015 info->owner = -1;
1016 }
1017 if (!snd_ctl_skip_validation(info) &&
1018 snd_ctl_check_elem_info(card, info) < 0)
1019 result = -EINVAL;
1020 }
1021 return result;
1022 }
1023
snd_ctl_elem_info(struct snd_ctl_file * ctl,struct snd_ctl_elem_info * info)1024 static int snd_ctl_elem_info(struct snd_ctl_file *ctl,
1025 struct snd_ctl_elem_info *info)
1026 {
1027 struct snd_card *card = ctl->card;
1028 struct snd_kcontrol *kctl;
1029 int result;
1030
1031 down_read(&card->controls_rwsem);
1032 kctl = snd_ctl_find_id(card, &info->id);
1033 if (kctl == NULL)
1034 result = -ENOENT;
1035 else
1036 result = __snd_ctl_elem_info(card, kctl, info, ctl);
1037 up_read(&card->controls_rwsem);
1038 return result;
1039 }
1040
snd_ctl_elem_info_user(struct snd_ctl_file * ctl,struct snd_ctl_elem_info __user * _info)1041 static int snd_ctl_elem_info_user(struct snd_ctl_file *ctl,
1042 struct snd_ctl_elem_info __user *_info)
1043 {
1044 struct snd_ctl_elem_info info;
1045 int result;
1046
1047 if (copy_from_user(&info, _info, sizeof(info)))
1048 return -EFAULT;
1049 result = snd_ctl_elem_info(ctl, &info);
1050 if (result < 0)
1051 return result;
1052 /* drop internal access flags */
1053 info.access &= ~(SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK|
1054 SNDRV_CTL_ELEM_ACCESS_LED_MASK);
1055 if (copy_to_user(_info, &info, sizeof(info)))
1056 return -EFAULT;
1057 return result;
1058 }
1059
snd_ctl_elem_read(struct snd_card * card,struct snd_ctl_elem_value * control)1060 static int snd_ctl_elem_read(struct snd_card *card,
1061 struct snd_ctl_elem_value *control)
1062 {
1063 struct snd_kcontrol *kctl;
1064 struct snd_kcontrol_volatile *vd;
1065 unsigned int index_offset;
1066 struct snd_ctl_elem_info info;
1067 const u32 pattern = 0xdeadbeef;
1068 int ret;
1069
1070 kctl = snd_ctl_find_id(card, &control->id);
1071 if (kctl == NULL)
1072 return -ENOENT;
1073
1074 index_offset = snd_ctl_get_ioff(kctl, &control->id);
1075 vd = &kctl->vd[index_offset];
1076 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_READ) || kctl->get == NULL)
1077 return -EPERM;
1078
1079 snd_ctl_build_ioff(&control->id, kctl, index_offset);
1080
1081 #ifdef CONFIG_SND_CTL_VALIDATION
1082 /* info is needed only for validation */
1083 memset(&info, 0, sizeof(info));
1084 info.id = control->id;
1085 ret = __snd_ctl_elem_info(card, kctl, &info, NULL);
1086 if (ret < 0)
1087 return ret;
1088 #endif
1089
1090 if (!snd_ctl_skip_validation(&info))
1091 fill_remaining_elem_value(control, &info, pattern);
1092 ret = snd_power_ref_and_wait(card);
1093 if (!ret)
1094 ret = kctl->get(kctl, control);
1095 snd_power_unref(card);
1096 if (ret < 0)
1097 return ret;
1098 if (!snd_ctl_skip_validation(&info) &&
1099 sanity_check_elem_value(card, control, &info, pattern) < 0) {
1100 dev_err(card->dev,
1101 "control %i:%i:%i:%s:%i: access overflow\n",
1102 control->id.iface, control->id.device,
1103 control->id.subdevice, control->id.name,
1104 control->id.index);
1105 return -EINVAL;
1106 }
1107 return ret;
1108 }
1109
snd_ctl_elem_read_user(struct snd_card * card,struct snd_ctl_elem_value __user * _control)1110 static int snd_ctl_elem_read_user(struct snd_card *card,
1111 struct snd_ctl_elem_value __user *_control)
1112 {
1113 struct snd_ctl_elem_value *control;
1114 int result;
1115
1116 control = memdup_user(_control, sizeof(*control));
1117 if (IS_ERR(control))
1118 return PTR_ERR(control);
1119
1120 down_read(&card->controls_rwsem);
1121 result = snd_ctl_elem_read(card, control);
1122 up_read(&card->controls_rwsem);
1123 if (result < 0)
1124 goto error;
1125
1126 if (copy_to_user(_control, control, sizeof(*control)))
1127 result = -EFAULT;
1128 error:
1129 kfree(control);
1130 return result;
1131 }
1132
snd_ctl_elem_write(struct snd_card * card,struct snd_ctl_file * file,struct snd_ctl_elem_value * control)1133 static int snd_ctl_elem_write(struct snd_card *card, struct snd_ctl_file *file,
1134 struct snd_ctl_elem_value *control)
1135 {
1136 struct snd_kcontrol *kctl;
1137 struct snd_kcontrol_volatile *vd;
1138 unsigned int index_offset;
1139 int result;
1140
1141 down_write(&card->controls_rwsem);
1142 kctl = snd_ctl_find_id(card, &control->id);
1143 if (kctl == NULL) {
1144 up_write(&card->controls_rwsem);
1145 return -ENOENT;
1146 }
1147
1148 index_offset = snd_ctl_get_ioff(kctl, &control->id);
1149 vd = &kctl->vd[index_offset];
1150 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_WRITE) || kctl->put == NULL ||
1151 (file && vd->owner && vd->owner != file)) {
1152 up_write(&card->controls_rwsem);
1153 return -EPERM;
1154 }
1155
1156 snd_ctl_build_ioff(&control->id, kctl, index_offset);
1157 result = snd_power_ref_and_wait(card);
1158 if (!result)
1159 result = kctl->put(kctl, control);
1160 snd_power_unref(card);
1161 if (result < 0) {
1162 up_write(&card->controls_rwsem);
1163 return result;
1164 }
1165
1166 if (result > 0) {
1167 downgrade_write(&card->controls_rwsem);
1168 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_VALUE, kctl, index_offset);
1169 up_read(&card->controls_rwsem);
1170 } else {
1171 up_write(&card->controls_rwsem);
1172 }
1173
1174 return 0;
1175 }
1176
snd_ctl_elem_write_user(struct snd_ctl_file * file,struct snd_ctl_elem_value __user * _control)1177 static int snd_ctl_elem_write_user(struct snd_ctl_file *file,
1178 struct snd_ctl_elem_value __user *_control)
1179 {
1180 struct snd_ctl_elem_value *control;
1181 struct snd_card *card;
1182 int result;
1183
1184 control = memdup_user(_control, sizeof(*control));
1185 if (IS_ERR(control))
1186 return PTR_ERR(control);
1187
1188 card = file->card;
1189 result = snd_ctl_elem_write(card, file, control);
1190 if (result < 0)
1191 goto error;
1192
1193 if (copy_to_user(_control, control, sizeof(*control)))
1194 result = -EFAULT;
1195 error:
1196 kfree(control);
1197 return result;
1198 }
1199
snd_ctl_elem_lock(struct snd_ctl_file * file,struct snd_ctl_elem_id __user * _id)1200 static int snd_ctl_elem_lock(struct snd_ctl_file *file,
1201 struct snd_ctl_elem_id __user *_id)
1202 {
1203 struct snd_card *card = file->card;
1204 struct snd_ctl_elem_id id;
1205 struct snd_kcontrol *kctl;
1206 struct snd_kcontrol_volatile *vd;
1207 int result;
1208
1209 if (copy_from_user(&id, _id, sizeof(id)))
1210 return -EFAULT;
1211 down_write(&card->controls_rwsem);
1212 kctl = snd_ctl_find_id(card, &id);
1213 if (kctl == NULL) {
1214 result = -ENOENT;
1215 } else {
1216 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)];
1217 if (vd->owner != NULL)
1218 result = -EBUSY;
1219 else {
1220 vd->owner = file;
1221 result = 0;
1222 }
1223 }
1224 up_write(&card->controls_rwsem);
1225 return result;
1226 }
1227
snd_ctl_elem_unlock(struct snd_ctl_file * file,struct snd_ctl_elem_id __user * _id)1228 static int snd_ctl_elem_unlock(struct snd_ctl_file *file,
1229 struct snd_ctl_elem_id __user *_id)
1230 {
1231 struct snd_card *card = file->card;
1232 struct snd_ctl_elem_id id;
1233 struct snd_kcontrol *kctl;
1234 struct snd_kcontrol_volatile *vd;
1235 int result;
1236
1237 if (copy_from_user(&id, _id, sizeof(id)))
1238 return -EFAULT;
1239 down_write(&card->controls_rwsem);
1240 kctl = snd_ctl_find_id(card, &id);
1241 if (kctl == NULL) {
1242 result = -ENOENT;
1243 } else {
1244 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)];
1245 if (vd->owner == NULL)
1246 result = -EINVAL;
1247 else if (vd->owner != file)
1248 result = -EPERM;
1249 else {
1250 vd->owner = NULL;
1251 result = 0;
1252 }
1253 }
1254 up_write(&card->controls_rwsem);
1255 return result;
1256 }
1257
1258 struct user_element {
1259 struct snd_ctl_elem_info info;
1260 struct snd_card *card;
1261 char *elem_data; /* element data */
1262 unsigned long elem_data_size; /* size of element data in bytes */
1263 void *tlv_data; /* TLV data */
1264 unsigned long tlv_data_size; /* TLV data size */
1265 void *priv_data; /* private data (like strings for enumerated type) */
1266 };
1267
1268 // check whether the addition (in bytes) of user ctl element may overflow the limit.
check_user_elem_overflow(struct snd_card * card,ssize_t add)1269 static bool check_user_elem_overflow(struct snd_card *card, ssize_t add)
1270 {
1271 return (ssize_t)card->user_ctl_alloc_size + add > max_user_ctl_alloc_size;
1272 }
1273
snd_ctl_elem_user_info(struct snd_kcontrol * kcontrol,struct snd_ctl_elem_info * uinfo)1274 static int snd_ctl_elem_user_info(struct snd_kcontrol *kcontrol,
1275 struct snd_ctl_elem_info *uinfo)
1276 {
1277 struct user_element *ue = kcontrol->private_data;
1278 unsigned int offset;
1279
1280 offset = snd_ctl_get_ioff(kcontrol, &uinfo->id);
1281 *uinfo = ue->info;
1282 snd_ctl_build_ioff(&uinfo->id, kcontrol, offset);
1283
1284 return 0;
1285 }
1286
snd_ctl_elem_user_enum_info(struct snd_kcontrol * kcontrol,struct snd_ctl_elem_info * uinfo)1287 static int snd_ctl_elem_user_enum_info(struct snd_kcontrol *kcontrol,
1288 struct snd_ctl_elem_info *uinfo)
1289 {
1290 struct user_element *ue = kcontrol->private_data;
1291 const char *names;
1292 unsigned int item;
1293 unsigned int offset;
1294
1295 item = uinfo->value.enumerated.item;
1296
1297 offset = snd_ctl_get_ioff(kcontrol, &uinfo->id);
1298 *uinfo = ue->info;
1299 snd_ctl_build_ioff(&uinfo->id, kcontrol, offset);
1300
1301 item = min(item, uinfo->value.enumerated.items - 1);
1302 uinfo->value.enumerated.item = item;
1303
1304 names = ue->priv_data;
1305 for (; item > 0; --item)
1306 names += strlen(names) + 1;
1307 strcpy(uinfo->value.enumerated.name, names);
1308
1309 return 0;
1310 }
1311
snd_ctl_elem_user_get(struct snd_kcontrol * kcontrol,struct snd_ctl_elem_value * ucontrol)1312 static int snd_ctl_elem_user_get(struct snd_kcontrol *kcontrol,
1313 struct snd_ctl_elem_value *ucontrol)
1314 {
1315 struct user_element *ue = kcontrol->private_data;
1316 unsigned int size = ue->elem_data_size;
1317 char *src = ue->elem_data +
1318 snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size;
1319
1320 memcpy(&ucontrol->value, src, size);
1321 return 0;
1322 }
1323
snd_ctl_elem_user_put(struct snd_kcontrol * kcontrol,struct snd_ctl_elem_value * ucontrol)1324 static int snd_ctl_elem_user_put(struct snd_kcontrol *kcontrol,
1325 struct snd_ctl_elem_value *ucontrol)
1326 {
1327 int change;
1328 struct user_element *ue = kcontrol->private_data;
1329 unsigned int size = ue->elem_data_size;
1330 char *dst = ue->elem_data +
1331 snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size;
1332
1333 change = memcmp(&ucontrol->value, dst, size) != 0;
1334 if (change)
1335 memcpy(dst, &ucontrol->value, size);
1336 return change;
1337 }
1338
1339 /* called in controls_rwsem write lock */
replace_user_tlv(struct snd_kcontrol * kctl,unsigned int __user * buf,unsigned int size)1340 static int replace_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf,
1341 unsigned int size)
1342 {
1343 struct user_element *ue = kctl->private_data;
1344 unsigned int *container;
1345 unsigned int mask = 0;
1346 int i;
1347 int change;
1348
1349 if (size > 1024 * 128) /* sane value */
1350 return -EINVAL;
1351
1352 // does the TLV size change cause overflow?
1353 if (check_user_elem_overflow(ue->card, (ssize_t)(size - ue->tlv_data_size)))
1354 return -ENOMEM;
1355
1356 container = vmemdup_user(buf, size);
1357 if (IS_ERR(container))
1358 return PTR_ERR(container);
1359
1360 change = ue->tlv_data_size != size;
1361 if (!change)
1362 change = memcmp(ue->tlv_data, container, size) != 0;
1363 if (!change) {
1364 kvfree(container);
1365 return 0;
1366 }
1367
1368 if (ue->tlv_data == NULL) {
1369 /* Now TLV data is available. */
1370 for (i = 0; i < kctl->count; ++i)
1371 kctl->vd[i].access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ;
1372 mask = SNDRV_CTL_EVENT_MASK_INFO;
1373 } else {
1374 ue->card->user_ctl_alloc_size -= ue->tlv_data_size;
1375 ue->tlv_data_size = 0;
1376 kvfree(ue->tlv_data);
1377 }
1378
1379 ue->tlv_data = container;
1380 ue->tlv_data_size = size;
1381 // decremented at private_free.
1382 ue->card->user_ctl_alloc_size += size;
1383
1384 mask |= SNDRV_CTL_EVENT_MASK_TLV;
1385 for (i = 0; i < kctl->count; ++i)
1386 snd_ctl_notify_one(ue->card, mask, kctl, i);
1387
1388 return change;
1389 }
1390
read_user_tlv(struct snd_kcontrol * kctl,unsigned int __user * buf,unsigned int size)1391 static int read_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf,
1392 unsigned int size)
1393 {
1394 struct user_element *ue = kctl->private_data;
1395
1396 if (ue->tlv_data_size == 0 || ue->tlv_data == NULL)
1397 return -ENXIO;
1398
1399 if (size < ue->tlv_data_size)
1400 return -ENOSPC;
1401
1402 if (copy_to_user(buf, ue->tlv_data, ue->tlv_data_size))
1403 return -EFAULT;
1404
1405 return 0;
1406 }
1407
snd_ctl_elem_user_tlv(struct snd_kcontrol * kctl,int op_flag,unsigned int size,unsigned int __user * buf)1408 static int snd_ctl_elem_user_tlv(struct snd_kcontrol *kctl, int op_flag,
1409 unsigned int size, unsigned int __user *buf)
1410 {
1411 if (op_flag == SNDRV_CTL_TLV_OP_WRITE)
1412 return replace_user_tlv(kctl, buf, size);
1413 else
1414 return read_user_tlv(kctl, buf, size);
1415 }
1416
1417 /* called in controls_rwsem write lock */
snd_ctl_elem_init_enum_names(struct user_element * ue)1418 static int snd_ctl_elem_init_enum_names(struct user_element *ue)
1419 {
1420 char *names, *p;
1421 size_t buf_len, name_len;
1422 unsigned int i;
1423 const uintptr_t user_ptrval = ue->info.value.enumerated.names_ptr;
1424
1425 buf_len = ue->info.value.enumerated.names_length;
1426 if (buf_len > 64 * 1024)
1427 return -EINVAL;
1428
1429 if (check_user_elem_overflow(ue->card, buf_len))
1430 return -ENOMEM;
1431 names = vmemdup_user((const void __user *)user_ptrval, buf_len);
1432 if (IS_ERR(names))
1433 return PTR_ERR(names);
1434
1435 /* check that there are enough valid names */
1436 p = names;
1437 for (i = 0; i < ue->info.value.enumerated.items; ++i) {
1438 name_len = strnlen(p, buf_len);
1439 if (name_len == 0 || name_len >= 64 || name_len == buf_len) {
1440 kvfree(names);
1441 return -EINVAL;
1442 }
1443 p += name_len + 1;
1444 buf_len -= name_len + 1;
1445 }
1446
1447 ue->priv_data = names;
1448 ue->info.value.enumerated.names_ptr = 0;
1449 // increment the allocation size; decremented again at private_free.
1450 ue->card->user_ctl_alloc_size += ue->info.value.enumerated.names_length;
1451
1452 return 0;
1453 }
1454
compute_user_elem_size(size_t size,unsigned int count)1455 static size_t compute_user_elem_size(size_t size, unsigned int count)
1456 {
1457 return sizeof(struct user_element) + size * count;
1458 }
1459
snd_ctl_elem_user_free(struct snd_kcontrol * kcontrol)1460 static void snd_ctl_elem_user_free(struct snd_kcontrol *kcontrol)
1461 {
1462 struct user_element *ue = kcontrol->private_data;
1463
1464 // decrement the allocation size.
1465 ue->card->user_ctl_alloc_size -= compute_user_elem_size(ue->elem_data_size, kcontrol->count);
1466 ue->card->user_ctl_alloc_size -= ue->tlv_data_size;
1467 if (ue->priv_data)
1468 ue->card->user_ctl_alloc_size -= ue->info.value.enumerated.names_length;
1469
1470 kvfree(ue->tlv_data);
1471 kvfree(ue->priv_data);
1472 kfree(ue);
1473 }
1474
snd_ctl_elem_add(struct snd_ctl_file * file,struct snd_ctl_elem_info * info,int replace)1475 static int snd_ctl_elem_add(struct snd_ctl_file *file,
1476 struct snd_ctl_elem_info *info, int replace)
1477 {
1478 struct snd_card *card = file->card;
1479 struct snd_kcontrol *kctl;
1480 unsigned int count;
1481 unsigned int access;
1482 long private_size;
1483 size_t alloc_size;
1484 struct user_element *ue;
1485 unsigned int offset;
1486 int err;
1487
1488 if (!*info->id.name)
1489 return -EINVAL;
1490 if (strnlen(info->id.name, sizeof(info->id.name)) >= sizeof(info->id.name))
1491 return -EINVAL;
1492
1493 /* Delete a control to replace them if needed. */
1494 if (replace) {
1495 info->id.numid = 0;
1496 err = snd_ctl_remove_user_ctl(file, &info->id);
1497 if (err)
1498 return err;
1499 }
1500
1501 /* Check the number of elements for this userspace control. */
1502 count = info->owner;
1503 if (count == 0)
1504 count = 1;
1505
1506 /* Arrange access permissions if needed. */
1507 access = info->access;
1508 if (access == 0)
1509 access = SNDRV_CTL_ELEM_ACCESS_READWRITE;
1510 access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE |
1511 SNDRV_CTL_ELEM_ACCESS_INACTIVE |
1512 SNDRV_CTL_ELEM_ACCESS_TLV_WRITE);
1513
1514 /* In initial state, nothing is available as TLV container. */
1515 if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE)
1516 access |= SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK;
1517 access |= SNDRV_CTL_ELEM_ACCESS_USER;
1518
1519 /*
1520 * Check information and calculate the size of data specific to
1521 * this userspace control.
1522 */
1523 /* pass NULL to card for suppressing error messages */
1524 err = snd_ctl_check_elem_info(NULL, info);
1525 if (err < 0)
1526 return err;
1527 /* user-space control doesn't allow zero-size data */
1528 if (info->count < 1)
1529 return -EINVAL;
1530 private_size = value_sizes[info->type] * info->count;
1531 alloc_size = compute_user_elem_size(private_size, count);
1532
1533 down_write(&card->controls_rwsem);
1534 if (check_user_elem_overflow(card, alloc_size)) {
1535 err = -ENOMEM;
1536 goto unlock;
1537 }
1538
1539 /*
1540 * Keep memory object for this userspace control. After passing this
1541 * code block, the instance should be freed by snd_ctl_free_one().
1542 *
1543 * Note that these elements in this control are locked.
1544 */
1545 err = snd_ctl_new(&kctl, count, access, file);
1546 if (err < 0)
1547 goto unlock;
1548 memcpy(&kctl->id, &info->id, sizeof(kctl->id));
1549 ue = kzalloc(alloc_size, GFP_KERNEL);
1550 if (!ue) {
1551 kfree(kctl);
1552 err = -ENOMEM;
1553 goto unlock;
1554 }
1555 kctl->private_data = ue;
1556 kctl->private_free = snd_ctl_elem_user_free;
1557
1558 // increment the allocated size; decremented again at private_free.
1559 card->user_ctl_alloc_size += alloc_size;
1560
1561 /* Set private data for this userspace control. */
1562 ue->card = card;
1563 ue->info = *info;
1564 ue->info.access = 0;
1565 ue->elem_data = (char *)ue + sizeof(*ue);
1566 ue->elem_data_size = private_size;
1567 if (ue->info.type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) {
1568 err = snd_ctl_elem_init_enum_names(ue);
1569 if (err < 0) {
1570 snd_ctl_free_one(kctl);
1571 goto unlock;
1572 }
1573 }
1574
1575 /* Set callback functions. */
1576 if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED)
1577 kctl->info = snd_ctl_elem_user_enum_info;
1578 else
1579 kctl->info = snd_ctl_elem_user_info;
1580 if (access & SNDRV_CTL_ELEM_ACCESS_READ)
1581 kctl->get = snd_ctl_elem_user_get;
1582 if (access & SNDRV_CTL_ELEM_ACCESS_WRITE)
1583 kctl->put = snd_ctl_elem_user_put;
1584 if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE)
1585 kctl->tlv.c = snd_ctl_elem_user_tlv;
1586
1587 /* This function manage to free the instance on failure. */
1588 err = __snd_ctl_add_replace(card, kctl, CTL_ADD_EXCLUSIVE);
1589 if (err < 0) {
1590 snd_ctl_free_one(kctl);
1591 goto unlock;
1592 }
1593 offset = snd_ctl_get_ioff(kctl, &info->id);
1594 snd_ctl_build_ioff(&info->id, kctl, offset);
1595 /*
1596 * Here we cannot fill any field for the number of elements added by
1597 * this operation because there're no specific fields. The usage of
1598 * 'owner' field for this purpose may cause any bugs to userspace
1599 * applications because the field originally means PID of a process
1600 * which locks the element.
1601 */
1602 unlock:
1603 up_write(&card->controls_rwsem);
1604 return err;
1605 }
1606
snd_ctl_elem_add_user(struct snd_ctl_file * file,struct snd_ctl_elem_info __user * _info,int replace)1607 static int snd_ctl_elem_add_user(struct snd_ctl_file *file,
1608 struct snd_ctl_elem_info __user *_info, int replace)
1609 {
1610 struct snd_ctl_elem_info info;
1611 int err;
1612
1613 if (copy_from_user(&info, _info, sizeof(info)))
1614 return -EFAULT;
1615 err = snd_ctl_elem_add(file, &info, replace);
1616 if (err < 0)
1617 return err;
1618 if (copy_to_user(_info, &info, sizeof(info))) {
1619 snd_ctl_remove_user_ctl(file, &info.id);
1620 return -EFAULT;
1621 }
1622
1623 return 0;
1624 }
1625
snd_ctl_elem_remove(struct snd_ctl_file * file,struct snd_ctl_elem_id __user * _id)1626 static int snd_ctl_elem_remove(struct snd_ctl_file *file,
1627 struct snd_ctl_elem_id __user *_id)
1628 {
1629 struct snd_ctl_elem_id id;
1630
1631 if (copy_from_user(&id, _id, sizeof(id)))
1632 return -EFAULT;
1633 return snd_ctl_remove_user_ctl(file, &id);
1634 }
1635
snd_ctl_subscribe_events(struct snd_ctl_file * file,int __user * ptr)1636 static int snd_ctl_subscribe_events(struct snd_ctl_file *file, int __user *ptr)
1637 {
1638 int subscribe;
1639 if (get_user(subscribe, ptr))
1640 return -EFAULT;
1641 if (subscribe < 0) {
1642 subscribe = file->subscribed;
1643 if (put_user(subscribe, ptr))
1644 return -EFAULT;
1645 return 0;
1646 }
1647 if (subscribe) {
1648 file->subscribed = 1;
1649 return 0;
1650 } else if (file->subscribed) {
1651 snd_ctl_empty_read_queue(file);
1652 file->subscribed = 0;
1653 }
1654 return 0;
1655 }
1656
call_tlv_handler(struct snd_ctl_file * file,int op_flag,struct snd_kcontrol * kctl,struct snd_ctl_elem_id * id,unsigned int __user * buf,unsigned int size)1657 static int call_tlv_handler(struct snd_ctl_file *file, int op_flag,
1658 struct snd_kcontrol *kctl,
1659 struct snd_ctl_elem_id *id,
1660 unsigned int __user *buf, unsigned int size)
1661 {
1662 static const struct {
1663 int op;
1664 int perm;
1665 } pairs[] = {
1666 {SNDRV_CTL_TLV_OP_READ, SNDRV_CTL_ELEM_ACCESS_TLV_READ},
1667 {SNDRV_CTL_TLV_OP_WRITE, SNDRV_CTL_ELEM_ACCESS_TLV_WRITE},
1668 {SNDRV_CTL_TLV_OP_CMD, SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND},
1669 };
1670 struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)];
1671 int i, ret;
1672
1673 /* Check support of the request for this element. */
1674 for (i = 0; i < ARRAY_SIZE(pairs); ++i) {
1675 if (op_flag == pairs[i].op && (vd->access & pairs[i].perm))
1676 break;
1677 }
1678 if (i == ARRAY_SIZE(pairs))
1679 return -ENXIO;
1680
1681 if (kctl->tlv.c == NULL)
1682 return -ENXIO;
1683
1684 /* Write and command operations are not allowed for locked element. */
1685 if (op_flag != SNDRV_CTL_TLV_OP_READ &&
1686 vd->owner != NULL && vd->owner != file)
1687 return -EPERM;
1688
1689 ret = snd_power_ref_and_wait(file->card);
1690 if (!ret)
1691 ret = kctl->tlv.c(kctl, op_flag, size, buf);
1692 snd_power_unref(file->card);
1693 return ret;
1694 }
1695
read_tlv_buf(struct snd_kcontrol * kctl,struct snd_ctl_elem_id * id,unsigned int __user * buf,unsigned int size)1696 static int read_tlv_buf(struct snd_kcontrol *kctl, struct snd_ctl_elem_id *id,
1697 unsigned int __user *buf, unsigned int size)
1698 {
1699 struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)];
1700 unsigned int len;
1701
1702 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_READ))
1703 return -ENXIO;
1704
1705 if (kctl->tlv.p == NULL)
1706 return -ENXIO;
1707
1708 len = sizeof(unsigned int) * 2 + kctl->tlv.p[1];
1709 if (size < len)
1710 return -ENOMEM;
1711
1712 if (copy_to_user(buf, kctl->tlv.p, len))
1713 return -EFAULT;
1714
1715 return 0;
1716 }
1717
snd_ctl_tlv_ioctl(struct snd_ctl_file * file,struct snd_ctl_tlv __user * buf,int op_flag)1718 static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file,
1719 struct snd_ctl_tlv __user *buf,
1720 int op_flag)
1721 {
1722 struct snd_ctl_tlv header;
1723 unsigned int __user *container;
1724 unsigned int container_size;
1725 struct snd_kcontrol *kctl;
1726 struct snd_ctl_elem_id id;
1727 struct snd_kcontrol_volatile *vd;
1728
1729 if (copy_from_user(&header, buf, sizeof(header)))
1730 return -EFAULT;
1731
1732 /* In design of control core, numerical ID starts at 1. */
1733 if (header.numid == 0)
1734 return -EINVAL;
1735
1736 /* At least, container should include type and length fields. */
1737 if (header.length < sizeof(unsigned int) * 2)
1738 return -EINVAL;
1739 container_size = header.length;
1740 container = buf->tlv;
1741
1742 kctl = snd_ctl_find_numid(file->card, header.numid);
1743 if (kctl == NULL)
1744 return -ENOENT;
1745
1746 /* Calculate index of the element in this set. */
1747 id = kctl->id;
1748 snd_ctl_build_ioff(&id, kctl, header.numid - id.numid);
1749 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)];
1750
1751 if (vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK) {
1752 return call_tlv_handler(file, op_flag, kctl, &id, container,
1753 container_size);
1754 } else {
1755 if (op_flag == SNDRV_CTL_TLV_OP_READ) {
1756 return read_tlv_buf(kctl, &id, container,
1757 container_size);
1758 }
1759 }
1760
1761 /* Not supported. */
1762 return -ENXIO;
1763 }
1764
snd_ctl_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1765 static long snd_ctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1766 {
1767 struct snd_ctl_file *ctl;
1768 struct snd_card *card;
1769 struct snd_kctl_ioctl *p;
1770 void __user *argp = (void __user *)arg;
1771 int __user *ip = argp;
1772 int err;
1773
1774 ctl = file->private_data;
1775 card = ctl->card;
1776 if (snd_BUG_ON(!card))
1777 return -ENXIO;
1778 switch (cmd) {
1779 case SNDRV_CTL_IOCTL_PVERSION:
1780 return put_user(SNDRV_CTL_VERSION, ip) ? -EFAULT : 0;
1781 case SNDRV_CTL_IOCTL_CARD_INFO:
1782 return snd_ctl_card_info(card, ctl, cmd, argp);
1783 case SNDRV_CTL_IOCTL_ELEM_LIST:
1784 return snd_ctl_elem_list_user(card, argp);
1785 case SNDRV_CTL_IOCTL_ELEM_INFO:
1786 return snd_ctl_elem_info_user(ctl, argp);
1787 case SNDRV_CTL_IOCTL_ELEM_READ:
1788 return snd_ctl_elem_read_user(card, argp);
1789 case SNDRV_CTL_IOCTL_ELEM_WRITE:
1790 return snd_ctl_elem_write_user(ctl, argp);
1791 case SNDRV_CTL_IOCTL_ELEM_LOCK:
1792 return snd_ctl_elem_lock(ctl, argp);
1793 case SNDRV_CTL_IOCTL_ELEM_UNLOCK:
1794 return snd_ctl_elem_unlock(ctl, argp);
1795 case SNDRV_CTL_IOCTL_ELEM_ADD:
1796 return snd_ctl_elem_add_user(ctl, argp, 0);
1797 case SNDRV_CTL_IOCTL_ELEM_REPLACE:
1798 return snd_ctl_elem_add_user(ctl, argp, 1);
1799 case SNDRV_CTL_IOCTL_ELEM_REMOVE:
1800 return snd_ctl_elem_remove(ctl, argp);
1801 case SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS:
1802 return snd_ctl_subscribe_events(ctl, ip);
1803 case SNDRV_CTL_IOCTL_TLV_READ:
1804 down_read(&ctl->card->controls_rwsem);
1805 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_READ);
1806 up_read(&ctl->card->controls_rwsem);
1807 return err;
1808 case SNDRV_CTL_IOCTL_TLV_WRITE:
1809 down_write(&ctl->card->controls_rwsem);
1810 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_WRITE);
1811 up_write(&ctl->card->controls_rwsem);
1812 return err;
1813 case SNDRV_CTL_IOCTL_TLV_COMMAND:
1814 down_write(&ctl->card->controls_rwsem);
1815 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_CMD);
1816 up_write(&ctl->card->controls_rwsem);
1817 return err;
1818 case SNDRV_CTL_IOCTL_POWER:
1819 return -ENOPROTOOPT;
1820 case SNDRV_CTL_IOCTL_POWER_STATE:
1821 return put_user(SNDRV_CTL_POWER_D0, ip) ? -EFAULT : 0;
1822 }
1823 down_read(&snd_ioctl_rwsem);
1824 list_for_each_entry(p, &snd_control_ioctls, list) {
1825 err = p->fioctl(card, ctl, cmd, arg);
1826 if (err != -ENOIOCTLCMD) {
1827 up_read(&snd_ioctl_rwsem);
1828 return err;
1829 }
1830 }
1831 up_read(&snd_ioctl_rwsem);
1832 dev_dbg(card->dev, "unknown ioctl = 0x%x\n", cmd);
1833 return -ENOTTY;
1834 }
1835
snd_ctl_read(struct file * file,char __user * buffer,size_t count,loff_t * offset)1836 static ssize_t snd_ctl_read(struct file *file, char __user *buffer,
1837 size_t count, loff_t * offset)
1838 {
1839 struct snd_ctl_file *ctl;
1840 int err = 0;
1841 ssize_t result = 0;
1842
1843 ctl = file->private_data;
1844 if (snd_BUG_ON(!ctl || !ctl->card))
1845 return -ENXIO;
1846 if (!ctl->subscribed)
1847 return -EBADFD;
1848 if (count < sizeof(struct snd_ctl_event))
1849 return -EINVAL;
1850 spin_lock_irq(&ctl->read_lock);
1851 while (count >= sizeof(struct snd_ctl_event)) {
1852 struct snd_ctl_event ev;
1853 struct snd_kctl_event *kev;
1854 while (list_empty(&ctl->events)) {
1855 wait_queue_entry_t wait;
1856 if ((file->f_flags & O_NONBLOCK) != 0 || result > 0) {
1857 err = -EAGAIN;
1858 goto __end_lock;
1859 }
1860 init_waitqueue_entry(&wait, current);
1861 add_wait_queue(&ctl->change_sleep, &wait);
1862 set_current_state(TASK_INTERRUPTIBLE);
1863 spin_unlock_irq(&ctl->read_lock);
1864 schedule();
1865 remove_wait_queue(&ctl->change_sleep, &wait);
1866 if (ctl->card->shutdown)
1867 return -ENODEV;
1868 if (signal_pending(current))
1869 return -ERESTARTSYS;
1870 spin_lock_irq(&ctl->read_lock);
1871 }
1872 kev = snd_kctl_event(ctl->events.next);
1873 ev.type = SNDRV_CTL_EVENT_ELEM;
1874 ev.data.elem.mask = kev->mask;
1875 ev.data.elem.id = kev->id;
1876 list_del(&kev->list);
1877 spin_unlock_irq(&ctl->read_lock);
1878 kfree(kev);
1879 if (copy_to_user(buffer, &ev, sizeof(struct snd_ctl_event))) {
1880 err = -EFAULT;
1881 goto __end;
1882 }
1883 spin_lock_irq(&ctl->read_lock);
1884 buffer += sizeof(struct snd_ctl_event);
1885 count -= sizeof(struct snd_ctl_event);
1886 result += sizeof(struct snd_ctl_event);
1887 }
1888 __end_lock:
1889 spin_unlock_irq(&ctl->read_lock);
1890 __end:
1891 return result > 0 ? result : err;
1892 }
1893
snd_ctl_poll(struct file * file,poll_table * wait)1894 static __poll_t snd_ctl_poll(struct file *file, poll_table * wait)
1895 {
1896 __poll_t mask;
1897 struct snd_ctl_file *ctl;
1898
1899 ctl = file->private_data;
1900 if (!ctl->subscribed)
1901 return 0;
1902 poll_wait(file, &ctl->change_sleep, wait);
1903
1904 mask = 0;
1905 if (!list_empty(&ctl->events))
1906 mask |= EPOLLIN | EPOLLRDNORM;
1907
1908 return mask;
1909 }
1910
1911 /*
1912 * register the device-specific control-ioctls.
1913 * called from each device manager like pcm.c, hwdep.c, etc.
1914 */
_snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn,struct list_head * lists)1915 static int _snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn, struct list_head *lists)
1916 {
1917 struct snd_kctl_ioctl *pn;
1918
1919 pn = kzalloc(sizeof(struct snd_kctl_ioctl), GFP_KERNEL);
1920 if (pn == NULL)
1921 return -ENOMEM;
1922 pn->fioctl = fcn;
1923 down_write(&snd_ioctl_rwsem);
1924 list_add_tail(&pn->list, lists);
1925 up_write(&snd_ioctl_rwsem);
1926 return 0;
1927 }
1928
1929 /**
1930 * snd_ctl_register_ioctl - register the device-specific control-ioctls
1931 * @fcn: ioctl callback function
1932 *
1933 * called from each device manager like pcm.c, hwdep.c, etc.
1934 */
snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn)1935 int snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn)
1936 {
1937 return _snd_ctl_register_ioctl(fcn, &snd_control_ioctls);
1938 }
1939 EXPORT_SYMBOL(snd_ctl_register_ioctl);
1940
1941 #ifdef CONFIG_COMPAT
1942 /**
1943 * snd_ctl_register_ioctl_compat - register the device-specific 32bit compat
1944 * control-ioctls
1945 * @fcn: ioctl callback function
1946 */
snd_ctl_register_ioctl_compat(snd_kctl_ioctl_func_t fcn)1947 int snd_ctl_register_ioctl_compat(snd_kctl_ioctl_func_t fcn)
1948 {
1949 return _snd_ctl_register_ioctl(fcn, &snd_control_compat_ioctls);
1950 }
1951 EXPORT_SYMBOL(snd_ctl_register_ioctl_compat);
1952 #endif
1953
1954 /*
1955 * de-register the device-specific control-ioctls.
1956 */
_snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn,struct list_head * lists)1957 static int _snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn,
1958 struct list_head *lists)
1959 {
1960 struct snd_kctl_ioctl *p;
1961
1962 if (snd_BUG_ON(!fcn))
1963 return -EINVAL;
1964 down_write(&snd_ioctl_rwsem);
1965 list_for_each_entry(p, lists, list) {
1966 if (p->fioctl == fcn) {
1967 list_del(&p->list);
1968 up_write(&snd_ioctl_rwsem);
1969 kfree(p);
1970 return 0;
1971 }
1972 }
1973 up_write(&snd_ioctl_rwsem);
1974 snd_BUG();
1975 return -EINVAL;
1976 }
1977
1978 /**
1979 * snd_ctl_unregister_ioctl - de-register the device-specific control-ioctls
1980 * @fcn: ioctl callback function to unregister
1981 */
snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn)1982 int snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn)
1983 {
1984 return _snd_ctl_unregister_ioctl(fcn, &snd_control_ioctls);
1985 }
1986 EXPORT_SYMBOL(snd_ctl_unregister_ioctl);
1987
1988 #ifdef CONFIG_COMPAT
1989 /**
1990 * snd_ctl_unregister_ioctl_compat - de-register the device-specific compat
1991 * 32bit control-ioctls
1992 * @fcn: ioctl callback function to unregister
1993 */
snd_ctl_unregister_ioctl_compat(snd_kctl_ioctl_func_t fcn)1994 int snd_ctl_unregister_ioctl_compat(snd_kctl_ioctl_func_t fcn)
1995 {
1996 return _snd_ctl_unregister_ioctl(fcn, &snd_control_compat_ioctls);
1997 }
1998 EXPORT_SYMBOL(snd_ctl_unregister_ioctl_compat);
1999 #endif
2000
snd_ctl_fasync(int fd,struct file * file,int on)2001 static int snd_ctl_fasync(int fd, struct file * file, int on)
2002 {
2003 struct snd_ctl_file *ctl;
2004
2005 ctl = file->private_data;
2006 return snd_fasync_helper(fd, file, on, &ctl->fasync);
2007 }
2008
2009 /* return the preferred subdevice number if already assigned;
2010 * otherwise return -1
2011 */
snd_ctl_get_preferred_subdevice(struct snd_card * card,int type)2012 int snd_ctl_get_preferred_subdevice(struct snd_card *card, int type)
2013 {
2014 struct snd_ctl_file *kctl;
2015 int subdevice = -1;
2016 unsigned long flags;
2017
2018 read_lock_irqsave(&card->ctl_files_rwlock, flags);
2019 list_for_each_entry(kctl, &card->ctl_files, list) {
2020 if (kctl->pid == task_pid(current)) {
2021 subdevice = kctl->preferred_subdevice[type];
2022 if (subdevice != -1)
2023 break;
2024 }
2025 }
2026 read_unlock_irqrestore(&card->ctl_files_rwlock, flags);
2027 return subdevice;
2028 }
2029 EXPORT_SYMBOL_GPL(snd_ctl_get_preferred_subdevice);
2030
2031 /*
2032 * ioctl32 compat
2033 */
2034 #ifdef CONFIG_COMPAT
2035 #include "control_compat.c"
2036 #else
2037 #define snd_ctl_ioctl_compat NULL
2038 #endif
2039
2040 /*
2041 * control layers (audio LED etc.)
2042 */
2043
2044 /**
2045 * snd_ctl_request_layer - request to use the layer
2046 * @module_name: Name of the kernel module (NULL == build-in)
2047 *
2048 * Return an error code when the module cannot be loaded.
2049 */
snd_ctl_request_layer(const char * module_name)2050 int snd_ctl_request_layer(const char *module_name)
2051 {
2052 struct snd_ctl_layer_ops *lops;
2053
2054 if (module_name == NULL)
2055 return 0;
2056 down_read(&snd_ctl_layer_rwsem);
2057 for (lops = snd_ctl_layer; lops; lops = lops->next)
2058 if (strcmp(lops->module_name, module_name) == 0)
2059 break;
2060 up_read(&snd_ctl_layer_rwsem);
2061 if (lops)
2062 return 0;
2063 return request_module(module_name);
2064 }
2065 EXPORT_SYMBOL_GPL(snd_ctl_request_layer);
2066
2067 /**
2068 * snd_ctl_register_layer - register new control layer
2069 * @lops: operation structure
2070 *
2071 * The new layer can track all control elements and do additional
2072 * operations on top (like audio LED handling).
2073 */
snd_ctl_register_layer(struct snd_ctl_layer_ops * lops)2074 void snd_ctl_register_layer(struct snd_ctl_layer_ops *lops)
2075 {
2076 struct snd_card *card;
2077 int card_number;
2078
2079 down_write(&snd_ctl_layer_rwsem);
2080 lops->next = snd_ctl_layer;
2081 snd_ctl_layer = lops;
2082 up_write(&snd_ctl_layer_rwsem);
2083 for (card_number = 0; card_number < SNDRV_CARDS; card_number++) {
2084 card = snd_card_ref(card_number);
2085 if (card) {
2086 down_read(&card->controls_rwsem);
2087 lops->lregister(card);
2088 up_read(&card->controls_rwsem);
2089 snd_card_unref(card);
2090 }
2091 }
2092 }
2093 EXPORT_SYMBOL_GPL(snd_ctl_register_layer);
2094
2095 /**
2096 * snd_ctl_disconnect_layer - disconnect control layer
2097 * @lops: operation structure
2098 *
2099 * It is expected that the information about tracked cards
2100 * is freed before this call (the disconnect callback is
2101 * not called here).
2102 */
snd_ctl_disconnect_layer(struct snd_ctl_layer_ops * lops)2103 void snd_ctl_disconnect_layer(struct snd_ctl_layer_ops *lops)
2104 {
2105 struct snd_ctl_layer_ops *lops2, *prev_lops2;
2106
2107 down_write(&snd_ctl_layer_rwsem);
2108 for (lops2 = snd_ctl_layer, prev_lops2 = NULL; lops2; lops2 = lops2->next) {
2109 if (lops2 == lops) {
2110 if (!prev_lops2)
2111 snd_ctl_layer = lops->next;
2112 else
2113 prev_lops2->next = lops->next;
2114 break;
2115 }
2116 prev_lops2 = lops2;
2117 }
2118 up_write(&snd_ctl_layer_rwsem);
2119 }
2120 EXPORT_SYMBOL_GPL(snd_ctl_disconnect_layer);
2121
2122 /*
2123 * INIT PART
2124 */
2125
2126 static const struct file_operations snd_ctl_f_ops =
2127 {
2128 .owner = THIS_MODULE,
2129 .read = snd_ctl_read,
2130 .open = snd_ctl_open,
2131 .release = snd_ctl_release,
2132 .llseek = no_llseek,
2133 .poll = snd_ctl_poll,
2134 .unlocked_ioctl = snd_ctl_ioctl,
2135 .compat_ioctl = snd_ctl_ioctl_compat,
2136 .fasync = snd_ctl_fasync,
2137 };
2138
2139 /*
2140 * registration of the control device
2141 */
snd_ctl_dev_register(struct snd_device * device)2142 static int snd_ctl_dev_register(struct snd_device *device)
2143 {
2144 struct snd_card *card = device->device_data;
2145 struct snd_ctl_layer_ops *lops;
2146 int err;
2147
2148 err = snd_register_device(SNDRV_DEVICE_TYPE_CONTROL, card, -1,
2149 &snd_ctl_f_ops, card, &card->ctl_dev);
2150 if (err < 0)
2151 return err;
2152 down_read(&card->controls_rwsem);
2153 down_read(&snd_ctl_layer_rwsem);
2154 for (lops = snd_ctl_layer; lops; lops = lops->next)
2155 lops->lregister(card);
2156 up_read(&snd_ctl_layer_rwsem);
2157 up_read(&card->controls_rwsem);
2158 return 0;
2159 }
2160
2161 /*
2162 * disconnection of the control device
2163 */
snd_ctl_dev_disconnect(struct snd_device * device)2164 static int snd_ctl_dev_disconnect(struct snd_device *device)
2165 {
2166 struct snd_card *card = device->device_data;
2167 struct snd_ctl_file *ctl;
2168 struct snd_ctl_layer_ops *lops;
2169 unsigned long flags;
2170
2171 read_lock_irqsave(&card->ctl_files_rwlock, flags);
2172 list_for_each_entry(ctl, &card->ctl_files, list) {
2173 wake_up(&ctl->change_sleep);
2174 snd_kill_fasync(ctl->fasync, SIGIO, POLL_ERR);
2175 }
2176 read_unlock_irqrestore(&card->ctl_files_rwlock, flags);
2177
2178 down_read(&card->controls_rwsem);
2179 down_read(&snd_ctl_layer_rwsem);
2180 for (lops = snd_ctl_layer; lops; lops = lops->next)
2181 lops->ldisconnect(card);
2182 up_read(&snd_ctl_layer_rwsem);
2183 up_read(&card->controls_rwsem);
2184
2185 return snd_unregister_device(&card->ctl_dev);
2186 }
2187
2188 /*
2189 * free all controls
2190 */
snd_ctl_dev_free(struct snd_device * device)2191 static int snd_ctl_dev_free(struct snd_device *device)
2192 {
2193 struct snd_card *card = device->device_data;
2194 struct snd_kcontrol *control;
2195
2196 down_write(&card->controls_rwsem);
2197 while (!list_empty(&card->controls)) {
2198 control = snd_kcontrol(card->controls.next);
2199 snd_ctl_remove(card, control);
2200 }
2201 up_write(&card->controls_rwsem);
2202 put_device(&card->ctl_dev);
2203 return 0;
2204 }
2205
2206 /*
2207 * create control core:
2208 * called from init.c
2209 */
snd_ctl_create(struct snd_card * card)2210 int snd_ctl_create(struct snd_card *card)
2211 {
2212 static const struct snd_device_ops ops = {
2213 .dev_free = snd_ctl_dev_free,
2214 .dev_register = snd_ctl_dev_register,
2215 .dev_disconnect = snd_ctl_dev_disconnect,
2216 };
2217 int err;
2218
2219 if (snd_BUG_ON(!card))
2220 return -ENXIO;
2221 if (snd_BUG_ON(card->number < 0 || card->number >= SNDRV_CARDS))
2222 return -ENXIO;
2223
2224 snd_device_initialize(&card->ctl_dev, card);
2225 dev_set_name(&card->ctl_dev, "controlC%d", card->number);
2226
2227 err = snd_device_new(card, SNDRV_DEV_CONTROL, card, &ops);
2228 if (err < 0)
2229 put_device(&card->ctl_dev);
2230 return err;
2231 }
2232
2233 /*
2234 * Frequently used control callbacks/helpers
2235 */
2236
2237 /**
2238 * snd_ctl_boolean_mono_info - Helper function for a standard boolean info
2239 * callback with a mono channel
2240 * @kcontrol: the kcontrol instance
2241 * @uinfo: info to store
2242 *
2243 * This is a function that can be used as info callback for a standard
2244 * boolean control with a single mono channel.
2245 */
snd_ctl_boolean_mono_info(struct snd_kcontrol * kcontrol,struct snd_ctl_elem_info * uinfo)2246 int snd_ctl_boolean_mono_info(struct snd_kcontrol *kcontrol,
2247 struct snd_ctl_elem_info *uinfo)
2248 {
2249 uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN;
2250 uinfo->count = 1;
2251 uinfo->value.integer.min = 0;
2252 uinfo->value.integer.max = 1;
2253 return 0;
2254 }
2255 EXPORT_SYMBOL(snd_ctl_boolean_mono_info);
2256
2257 /**
2258 * snd_ctl_boolean_stereo_info - Helper function for a standard boolean info
2259 * callback with stereo two channels
2260 * @kcontrol: the kcontrol instance
2261 * @uinfo: info to store
2262 *
2263 * This is a function that can be used as info callback for a standard
2264 * boolean control with stereo two channels.
2265 */
snd_ctl_boolean_stereo_info(struct snd_kcontrol * kcontrol,struct snd_ctl_elem_info * uinfo)2266 int snd_ctl_boolean_stereo_info(struct snd_kcontrol *kcontrol,
2267 struct snd_ctl_elem_info *uinfo)
2268 {
2269 uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN;
2270 uinfo->count = 2;
2271 uinfo->value.integer.min = 0;
2272 uinfo->value.integer.max = 1;
2273 return 0;
2274 }
2275 EXPORT_SYMBOL(snd_ctl_boolean_stereo_info);
2276
2277 /**
2278 * snd_ctl_enum_info - fills the info structure for an enumerated control
2279 * @info: the structure to be filled
2280 * @channels: the number of the control's channels; often one
2281 * @items: the number of control values; also the size of @names
2282 * @names: an array containing the names of all control values
2283 *
2284 * Sets all required fields in @info to their appropriate values.
2285 * If the control's accessibility is not the default (readable and writable),
2286 * the caller has to fill @info->access.
2287 *
2288 * Return: Zero.
2289 */
snd_ctl_enum_info(struct snd_ctl_elem_info * info,unsigned int channels,unsigned int items,const char * const names[])2290 int snd_ctl_enum_info(struct snd_ctl_elem_info *info, unsigned int channels,
2291 unsigned int items, const char *const names[])
2292 {
2293 info->type = SNDRV_CTL_ELEM_TYPE_ENUMERATED;
2294 info->count = channels;
2295 info->value.enumerated.items = items;
2296 if (!items)
2297 return 0;
2298 if (info->value.enumerated.item >= items)
2299 info->value.enumerated.item = items - 1;
2300 WARN(strlen(names[info->value.enumerated.item]) >= sizeof(info->value.enumerated.name),
2301 "ALSA: too long item name '%s'\n",
2302 names[info->value.enumerated.item]);
2303 strscpy(info->value.enumerated.name,
2304 names[info->value.enumerated.item],
2305 sizeof(info->value.enumerated.name));
2306 return 0;
2307 }
2308 EXPORT_SYMBOL(snd_ctl_enum_info);
2309