1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * Routines for driver control interface 4 * Copyright (c) by Jaroslav Kysela <perex@perex.cz> 5 */ 6 7#include <linux/threads.h> 8#include <linux/interrupt.h> 9#include <linux/module.h> 10#include <linux/moduleparam.h> 11#include <linux/slab.h> 12#include <linux/vmalloc.h> 13#include <linux/time.h> 14#include <linux/mm.h> 15#include <linux/math64.h> 16#include <linux/sched/signal.h> 17#include <sound/core.h> 18#include <sound/minors.h> 19#include <sound/info.h> 20#include <sound/control.h> 21 22// Max allocation size for user controls. 23static int max_user_ctl_alloc_size = 8 * 1024 * 1024; 24module_param_named(max_user_ctl_alloc_size, max_user_ctl_alloc_size, int, 0444); 25MODULE_PARM_DESC(max_user_ctl_alloc_size, "Max allocation size for user controls"); 26 27#define MAX_CONTROL_COUNT 1028 28 29struct snd_kctl_ioctl { 30 struct list_head list; /* list of all ioctls */ 31 snd_kctl_ioctl_func_t fioctl; 32}; 33 34static DECLARE_RWSEM(snd_ioctl_rwsem); 35static DECLARE_RWSEM(snd_ctl_layer_rwsem); 36static LIST_HEAD(snd_control_ioctls); 37#ifdef CONFIG_COMPAT 38static LIST_HEAD(snd_control_compat_ioctls); 39#endif 40static struct snd_ctl_layer_ops *snd_ctl_layer; 41 42static int snd_ctl_remove_locked(struct snd_card *card, 43 struct snd_kcontrol *kcontrol); 44 45static int snd_ctl_open(struct inode *inode, struct file *file) 46{ 47 unsigned long flags; 48 struct snd_card *card; 49 struct snd_ctl_file *ctl; 50 int i, err; 51 52 err = stream_open(inode, file); 53 if (err < 0) 54 return err; 55 56 card = snd_lookup_minor_data(iminor(inode), SNDRV_DEVICE_TYPE_CONTROL); 57 if (!card) { 58 err = -ENODEV; 59 goto __error1; 60 } 61 err = snd_card_file_add(card, file); 62 if (err < 0) { 63 err = -ENODEV; 64 goto __error1; 65 } 66 if (!try_module_get(card->module)) { 67 err = -EFAULT; 68 goto __error2; 69 } 70 ctl = kzalloc(sizeof(*ctl), GFP_KERNEL); 71 if (ctl == NULL) { 72 err = -ENOMEM; 73 goto __error; 74 } 75 INIT_LIST_HEAD(&ctl->events); 76 init_waitqueue_head(&ctl->change_sleep); 77 spin_lock_init(&ctl->read_lock); 78 ctl->card = card; 79 for (i = 0; i < SND_CTL_SUBDEV_ITEMS; i++) 80 ctl->preferred_subdevice[i] = -1; 81 ctl->pid = get_pid(task_pid(current)); 82 file->private_data = ctl; 83 write_lock_irqsave(&card->ctl_files_rwlock, flags); 84 list_add_tail(&ctl->list, &card->ctl_files); 85 write_unlock_irqrestore(&card->ctl_files_rwlock, flags); 86 snd_card_unref(card); 87 return 0; 88 89 __error: 90 module_put(card->module); 91 __error2: 92 snd_card_file_remove(card, file); 93 __error1: 94 if (card) 95 snd_card_unref(card); 96 return err; 97} 98 99static void snd_ctl_empty_read_queue(struct snd_ctl_file * ctl) 100{ 101 unsigned long flags; 102 struct snd_kctl_event *cread; 103 104 spin_lock_irqsave(&ctl->read_lock, flags); 105 while (!list_empty(&ctl->events)) { 106 cread = snd_kctl_event(ctl->events.next); 107 list_del(&cread->list); 108 kfree(cread); 109 } 110 spin_unlock_irqrestore(&ctl->read_lock, flags); 111} 112 113static int snd_ctl_release(struct inode *inode, struct file *file) 114{ 115 unsigned long flags; 116 struct snd_card *card; 117 struct snd_ctl_file *ctl; 118 struct snd_kcontrol *control; 119 unsigned int idx; 120 121 ctl = file->private_data; 122 file->private_data = NULL; 123 card = ctl->card; 124 write_lock_irqsave(&card->ctl_files_rwlock, flags); 125 list_del(&ctl->list); 126 write_unlock_irqrestore(&card->ctl_files_rwlock, flags); 127 down_write(&card->controls_rwsem); 128 list_for_each_entry(control, &card->controls, list) 129 for (idx = 0; idx < control->count; idx++) 130 if (control->vd[idx].owner == ctl) 131 control->vd[idx].owner = NULL; 132 up_write(&card->controls_rwsem); 133 snd_fasync_free(ctl->fasync); 134 snd_ctl_empty_read_queue(ctl); 135 put_pid(ctl->pid); 136 kfree(ctl); 137 module_put(card->module); 138 snd_card_file_remove(card, file); 139 return 0; 140} 141 142/** 143 * snd_ctl_notify - Send notification to user-space for a control change 144 * @card: the card to send notification 145 * @mask: the event mask, SNDRV_CTL_EVENT_* 146 * @id: the ctl element id to send notification 147 * 148 * This function adds an event record with the given id and mask, appends 149 * to the list and wakes up the user-space for notification. This can be 150 * called in the atomic context. 151 */ 152void snd_ctl_notify(struct snd_card *card, unsigned int mask, 153 struct snd_ctl_elem_id *id) 154{ 155 unsigned long flags; 156 struct snd_ctl_file *ctl; 157 struct snd_kctl_event *ev; 158 159 if (snd_BUG_ON(!card || !id)) 160 return; 161 if (card->shutdown) 162 return; 163 read_lock_irqsave(&card->ctl_files_rwlock, flags); 164#if IS_ENABLED(CONFIG_SND_MIXER_OSS) 165 card->mixer_oss_change_count++; 166#endif 167 list_for_each_entry(ctl, &card->ctl_files, list) { 168 if (!ctl->subscribed) 169 continue; 170 spin_lock(&ctl->read_lock); 171 list_for_each_entry(ev, &ctl->events, list) { 172 if (ev->id.numid == id->numid) { 173 ev->mask |= mask; 174 goto _found; 175 } 176 } 177 ev = kzalloc(sizeof(*ev), GFP_ATOMIC); 178 if (ev) { 179 ev->id = *id; 180 ev->mask = mask; 181 list_add_tail(&ev->list, &ctl->events); 182 } else { 183 dev_err(card->dev, "No memory available to allocate event\n"); 184 } 185 _found: 186 wake_up(&ctl->change_sleep); 187 spin_unlock(&ctl->read_lock); 188 snd_kill_fasync(ctl->fasync, SIGIO, POLL_IN); 189 } 190 read_unlock_irqrestore(&card->ctl_files_rwlock, flags); 191} 192EXPORT_SYMBOL(snd_ctl_notify); 193 194/** 195 * snd_ctl_notify_one - Send notification to user-space for a control change 196 * @card: the card to send notification 197 * @mask: the event mask, SNDRV_CTL_EVENT_* 198 * @kctl: the pointer with the control instance 199 * @ioff: the additional offset to the control index 200 * 201 * This function calls snd_ctl_notify() and does additional jobs 202 * like LED state changes. 203 */ 204void snd_ctl_notify_one(struct snd_card *card, unsigned int mask, 205 struct snd_kcontrol *kctl, unsigned int ioff) 206{ 207 struct snd_ctl_elem_id id = kctl->id; 208 struct snd_ctl_layer_ops *lops; 209 210 id.index += ioff; 211 id.numid += ioff; 212 snd_ctl_notify(card, mask, &id); 213 down_read(&snd_ctl_layer_rwsem); 214 for (lops = snd_ctl_layer; lops; lops = lops->next) 215 lops->lnotify(card, mask, kctl, ioff); 216 up_read(&snd_ctl_layer_rwsem); 217} 218EXPORT_SYMBOL(snd_ctl_notify_one); 219 220/** 221 * snd_ctl_new - create a new control instance with some elements 222 * @kctl: the pointer to store new control instance 223 * @count: the number of elements in this control 224 * @access: the default access flags for elements in this control 225 * @file: given when locking these elements 226 * 227 * Allocates a memory object for a new control instance. The instance has 228 * elements as many as the given number (@count). Each element has given 229 * access permissions (@access). Each element is locked when @file is given. 230 * 231 * Return: 0 on success, error code on failure 232 */ 233static int snd_ctl_new(struct snd_kcontrol **kctl, unsigned int count, 234 unsigned int access, struct snd_ctl_file *file) 235{ 236 unsigned int idx; 237 238 if (count == 0 || count > MAX_CONTROL_COUNT) 239 return -EINVAL; 240 241 *kctl = kzalloc(struct_size(*kctl, vd, count), GFP_KERNEL); 242 if (!*kctl) 243 return -ENOMEM; 244 245 for (idx = 0; idx < count; idx++) { 246 (*kctl)->vd[idx].access = access; 247 (*kctl)->vd[idx].owner = file; 248 } 249 (*kctl)->count = count; 250 251 return 0; 252} 253 254/** 255 * snd_ctl_new1 - create a control instance from the template 256 * @ncontrol: the initialization record 257 * @private_data: the private data to set 258 * 259 * Allocates a new struct snd_kcontrol instance and initialize from the given 260 * template. When the access field of ncontrol is 0, it's assumed as 261 * READWRITE access. When the count field is 0, it's assumes as one. 262 * 263 * Return: The pointer of the newly generated instance, or %NULL on failure. 264 */ 265struct snd_kcontrol *snd_ctl_new1(const struct snd_kcontrol_new *ncontrol, 266 void *private_data) 267{ 268 struct snd_kcontrol *kctl; 269 unsigned int count; 270 unsigned int access; 271 int err; 272 273 if (snd_BUG_ON(!ncontrol || !ncontrol->info)) 274 return NULL; 275 276 count = ncontrol->count; 277 if (count == 0) 278 count = 1; 279 280 access = ncontrol->access; 281 if (access == 0) 282 access = SNDRV_CTL_ELEM_ACCESS_READWRITE; 283 access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE | 284 SNDRV_CTL_ELEM_ACCESS_VOLATILE | 285 SNDRV_CTL_ELEM_ACCESS_INACTIVE | 286 SNDRV_CTL_ELEM_ACCESS_TLV_READWRITE | 287 SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND | 288 SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK | 289 SNDRV_CTL_ELEM_ACCESS_LED_MASK | 290 SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK); 291 292 err = snd_ctl_new(&kctl, count, access, NULL); 293 if (err < 0) 294 return NULL; 295 296 /* The 'numid' member is decided when calling snd_ctl_add(). */ 297 kctl->id.iface = ncontrol->iface; 298 kctl->id.device = ncontrol->device; 299 kctl->id.subdevice = ncontrol->subdevice; 300 if (ncontrol->name) { 301 strscpy(kctl->id.name, ncontrol->name, sizeof(kctl->id.name)); 302 if (strcmp(ncontrol->name, kctl->id.name) != 0) 303 pr_warn("ALSA: Control name '%s' truncated to '%s'\n", 304 ncontrol->name, kctl->id.name); 305 } 306 kctl->id.index = ncontrol->index; 307 308 kctl->info = ncontrol->info; 309 kctl->get = ncontrol->get; 310 kctl->put = ncontrol->put; 311 kctl->tlv.p = ncontrol->tlv.p; 312 313 kctl->private_value = ncontrol->private_value; 314 kctl->private_data = private_data; 315 316 return kctl; 317} 318EXPORT_SYMBOL(snd_ctl_new1); 319 320/** 321 * snd_ctl_free_one - release the control instance 322 * @kcontrol: the control instance 323 * 324 * Releases the control instance created via snd_ctl_new() 325 * or snd_ctl_new1(). 326 * Don't call this after the control was added to the card. 327 */ 328void snd_ctl_free_one(struct snd_kcontrol *kcontrol) 329{ 330 if (kcontrol) { 331 if (kcontrol->private_free) 332 kcontrol->private_free(kcontrol); 333 kfree(kcontrol); 334 } 335} 336EXPORT_SYMBOL(snd_ctl_free_one); 337 338static bool snd_ctl_remove_numid_conflict(struct snd_card *card, 339 unsigned int count) 340{ 341 struct snd_kcontrol *kctl; 342 343 /* Make sure that the ids assigned to the control do not wrap around */ 344 if (card->last_numid >= UINT_MAX - count) 345 card->last_numid = 0; 346 347 list_for_each_entry(kctl, &card->controls, list) { 348 if (kctl->id.numid < card->last_numid + 1 + count && 349 kctl->id.numid + kctl->count > card->last_numid + 1) { 350 card->last_numid = kctl->id.numid + kctl->count - 1; 351 return true; 352 } 353 } 354 return false; 355} 356 357static int snd_ctl_find_hole(struct snd_card *card, unsigned int count) 358{ 359 unsigned int iter = 100000; 360 361 while (snd_ctl_remove_numid_conflict(card, count)) { 362 if (--iter == 0) { 363 /* this situation is very unlikely */ 364 dev_err(card->dev, "unable to allocate new control numid\n"); 365 return -ENOMEM; 366 } 367 } 368 return 0; 369} 370 371/* check whether the given id is contained in the given kctl */ 372static bool elem_id_matches(const struct snd_kcontrol *kctl, 373 const struct snd_ctl_elem_id *id) 374{ 375 return kctl->id.iface == id->iface && 376 kctl->id.device == id->device && 377 kctl->id.subdevice == id->subdevice && 378 !strncmp(kctl->id.name, id->name, sizeof(kctl->id.name)) && 379 kctl->id.index <= id->index && 380 kctl->id.index + kctl->count > id->index; 381} 382 383#ifdef CONFIG_SND_CTL_FAST_LOOKUP 384/* Compute a hash key for the corresponding ctl id 385 * It's for the name lookup, hence the numid is excluded. 386 * The hash key is bound in LONG_MAX to be used for Xarray key. 387 */ 388#define MULTIPLIER 37 389static unsigned long get_ctl_id_hash(const struct snd_ctl_elem_id *id) 390{ 391 int i; 392 unsigned long h; 393 394 h = id->iface; 395 h = MULTIPLIER * h + id->device; 396 h = MULTIPLIER * h + id->subdevice; 397 for (i = 0; i < SNDRV_CTL_ELEM_ID_NAME_MAXLEN && id->name[i]; i++) 398 h = MULTIPLIER * h + id->name[i]; 399 h = MULTIPLIER * h + id->index; 400 h &= LONG_MAX; 401 return h; 402} 403 404/* add hash entries to numid and ctl xarray tables */ 405static void add_hash_entries(struct snd_card *card, 406 struct snd_kcontrol *kcontrol) 407{ 408 struct snd_ctl_elem_id id = kcontrol->id; 409 int i; 410 411 xa_store_range(&card->ctl_numids, kcontrol->id.numid, 412 kcontrol->id.numid + kcontrol->count - 1, 413 kcontrol, GFP_KERNEL); 414 415 for (i = 0; i < kcontrol->count; i++) { 416 id.index = kcontrol->id.index + i; 417 if (xa_insert(&card->ctl_hash, get_ctl_id_hash(&id), 418 kcontrol, GFP_KERNEL)) { 419 /* skip hash for this entry, noting we had collision */ 420 card->ctl_hash_collision = true; 421 dev_dbg(card->dev, "ctl_hash collision %d:%s:%d\n", 422 id.iface, id.name, id.index); 423 } 424 } 425} 426 427/* remove hash entries that have been added */ 428static void remove_hash_entries(struct snd_card *card, 429 struct snd_kcontrol *kcontrol) 430{ 431 struct snd_ctl_elem_id id = kcontrol->id; 432 struct snd_kcontrol *matched; 433 unsigned long h; 434 int i; 435 436 for (i = 0; i < kcontrol->count; i++) { 437 xa_erase(&card->ctl_numids, id.numid); 438 h = get_ctl_id_hash(&id); 439 matched = xa_load(&card->ctl_hash, h); 440 if (matched && (matched == kcontrol || 441 elem_id_matches(matched, &id))) 442 xa_erase(&card->ctl_hash, h); 443 id.index++; 444 id.numid++; 445 } 446} 447#else /* CONFIG_SND_CTL_FAST_LOOKUP */ 448static inline void add_hash_entries(struct snd_card *card, 449 struct snd_kcontrol *kcontrol) 450{ 451} 452static inline void remove_hash_entries(struct snd_card *card, 453 struct snd_kcontrol *kcontrol) 454{ 455} 456#endif /* CONFIG_SND_CTL_FAST_LOOKUP */ 457 458enum snd_ctl_add_mode { 459 CTL_ADD_EXCLUSIVE, CTL_REPLACE, CTL_ADD_ON_REPLACE, 460}; 461 462/* add/replace a new kcontrol object; call with card->controls_rwsem locked */ 463static int __snd_ctl_add_replace(struct snd_card *card, 464 struct snd_kcontrol *kcontrol, 465 enum snd_ctl_add_mode mode) 466{ 467 struct snd_ctl_elem_id id; 468 unsigned int idx; 469 struct snd_kcontrol *old; 470 int err; 471 472 lockdep_assert_held_write(&card->controls_rwsem); 473 474 id = kcontrol->id; 475 if (id.index > UINT_MAX - kcontrol->count) 476 return -EINVAL; 477 478 old = snd_ctl_find_id_locked(card, &id); 479 if (!old) { 480 if (mode == CTL_REPLACE) 481 return -EINVAL; 482 } else { 483 if (mode == CTL_ADD_EXCLUSIVE) { 484 dev_err(card->dev, 485 "control %i:%i:%i:%s:%i is already present\n", 486 id.iface, id.device, id.subdevice, id.name, 487 id.index); 488 return -EBUSY; 489 } 490 491 err = snd_ctl_remove_locked(card, old); 492 if (err < 0) 493 return err; 494 } 495 496 if (snd_ctl_find_hole(card, kcontrol->count) < 0) 497 return -ENOMEM; 498 499 list_add_tail(&kcontrol->list, &card->controls); 500 card->controls_count += kcontrol->count; 501 kcontrol->id.numid = card->last_numid + 1; 502 card->last_numid += kcontrol->count; 503 504 add_hash_entries(card, kcontrol); 505 506 for (idx = 0; idx < kcontrol->count; idx++) 507 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_ADD, kcontrol, idx); 508 509 return 0; 510} 511 512static int snd_ctl_add_replace(struct snd_card *card, 513 struct snd_kcontrol *kcontrol, 514 enum snd_ctl_add_mode mode) 515{ 516 int err = -EINVAL; 517 518 if (! kcontrol) 519 return err; 520 if (snd_BUG_ON(!card || !kcontrol->info)) 521 goto error; 522 523 down_write(&card->controls_rwsem); 524 err = __snd_ctl_add_replace(card, kcontrol, mode); 525 up_write(&card->controls_rwsem); 526 if (err < 0) 527 goto error; 528 return 0; 529 530 error: 531 snd_ctl_free_one(kcontrol); 532 return err; 533} 534 535/** 536 * snd_ctl_add - add the control instance to the card 537 * @card: the card instance 538 * @kcontrol: the control instance to add 539 * 540 * Adds the control instance created via snd_ctl_new() or 541 * snd_ctl_new1() to the given card. Assigns also an unique 542 * numid used for fast search. 543 * 544 * It frees automatically the control which cannot be added. 545 * 546 * Return: Zero if successful, or a negative error code on failure. 547 * 548 */ 549int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol) 550{ 551 return snd_ctl_add_replace(card, kcontrol, CTL_ADD_EXCLUSIVE); 552} 553EXPORT_SYMBOL(snd_ctl_add); 554 555/** 556 * snd_ctl_replace - replace the control instance of the card 557 * @card: the card instance 558 * @kcontrol: the control instance to replace 559 * @add_on_replace: add the control if not already added 560 * 561 * Replaces the given control. If the given control does not exist 562 * and the add_on_replace flag is set, the control is added. If the 563 * control exists, it is destroyed first. 564 * 565 * It frees automatically the control which cannot be added or replaced. 566 * 567 * Return: Zero if successful, or a negative error code on failure. 568 */ 569int snd_ctl_replace(struct snd_card *card, struct snd_kcontrol *kcontrol, 570 bool add_on_replace) 571{ 572 return snd_ctl_add_replace(card, kcontrol, 573 add_on_replace ? CTL_ADD_ON_REPLACE : CTL_REPLACE); 574} 575EXPORT_SYMBOL(snd_ctl_replace); 576 577static int __snd_ctl_remove(struct snd_card *card, 578 struct snd_kcontrol *kcontrol, 579 bool remove_hash) 580{ 581 unsigned int idx; 582 583 lockdep_assert_held_write(&card->controls_rwsem); 584 585 if (snd_BUG_ON(!card || !kcontrol)) 586 return -EINVAL; 587 list_del(&kcontrol->list); 588 589 if (remove_hash) 590 remove_hash_entries(card, kcontrol); 591 592 card->controls_count -= kcontrol->count; 593 for (idx = 0; idx < kcontrol->count; idx++) 594 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_REMOVE, kcontrol, idx); 595 snd_ctl_free_one(kcontrol); 596 return 0; 597} 598 599static inline int snd_ctl_remove_locked(struct snd_card *card, 600 struct snd_kcontrol *kcontrol) 601{ 602 return __snd_ctl_remove(card, kcontrol, true); 603} 604 605/** 606 * snd_ctl_remove - remove the control from the card and release it 607 * @card: the card instance 608 * @kcontrol: the control instance to remove 609 * 610 * Removes the control from the card and then releases the instance. 611 * You don't need to call snd_ctl_free_one(). 612 * 613 * Return: 0 if successful, or a negative error code on failure. 614 * 615 * Note that this function takes card->controls_rwsem lock internally. 616 */ 617int snd_ctl_remove(struct snd_card *card, struct snd_kcontrol *kcontrol) 618{ 619 int ret; 620 621 down_write(&card->controls_rwsem); 622 ret = snd_ctl_remove_locked(card, kcontrol); 623 up_write(&card->controls_rwsem); 624 return ret; 625} 626EXPORT_SYMBOL(snd_ctl_remove); 627 628/** 629 * snd_ctl_remove_id - remove the control of the given id and release it 630 * @card: the card instance 631 * @id: the control id to remove 632 * 633 * Finds the control instance with the given id, removes it from the 634 * card list and releases it. 635 * 636 * Return: 0 if successful, or a negative error code on failure. 637 */ 638int snd_ctl_remove_id(struct snd_card *card, struct snd_ctl_elem_id *id) 639{ 640 struct snd_kcontrol *kctl; 641 int ret; 642 643 down_write(&card->controls_rwsem); 644 kctl = snd_ctl_find_id_locked(card, id); 645 if (kctl == NULL) { 646 up_write(&card->controls_rwsem); 647 return -ENOENT; 648 } 649 ret = snd_ctl_remove_locked(card, kctl); 650 up_write(&card->controls_rwsem); 651 return ret; 652} 653EXPORT_SYMBOL(snd_ctl_remove_id); 654 655/** 656 * snd_ctl_remove_user_ctl - remove and release the unlocked user control 657 * @file: active control handle 658 * @id: the control id to remove 659 * 660 * Finds the control instance with the given id, removes it from the 661 * card list and releases it. 662 * 663 * Return: 0 if successful, or a negative error code on failure. 664 */ 665static int snd_ctl_remove_user_ctl(struct snd_ctl_file * file, 666 struct snd_ctl_elem_id *id) 667{ 668 struct snd_card *card = file->card; 669 struct snd_kcontrol *kctl; 670 int idx, ret; 671 672 down_write(&card->controls_rwsem); 673 kctl = snd_ctl_find_id_locked(card, id); 674 if (kctl == NULL) { 675 ret = -ENOENT; 676 goto error; 677 } 678 if (!(kctl->vd[0].access & SNDRV_CTL_ELEM_ACCESS_USER)) { 679 ret = -EINVAL; 680 goto error; 681 } 682 for (idx = 0; idx < kctl->count; idx++) 683 if (kctl->vd[idx].owner != NULL && kctl->vd[idx].owner != file) { 684 ret = -EBUSY; 685 goto error; 686 } 687 ret = snd_ctl_remove_locked(card, kctl); 688error: 689 up_write(&card->controls_rwsem); 690 return ret; 691} 692 693/** 694 * snd_ctl_activate_id - activate/inactivate the control of the given id 695 * @card: the card instance 696 * @id: the control id to activate/inactivate 697 * @active: non-zero to activate 698 * 699 * Finds the control instance with the given id, and activate or 700 * inactivate the control together with notification, if changed. 701 * The given ID data is filled with full information. 702 * 703 * Return: 0 if unchanged, 1 if changed, or a negative error code on failure. 704 */ 705int snd_ctl_activate_id(struct snd_card *card, struct snd_ctl_elem_id *id, 706 int active) 707{ 708 struct snd_kcontrol *kctl; 709 struct snd_kcontrol_volatile *vd; 710 unsigned int index_offset; 711 int ret; 712 713 down_write(&card->controls_rwsem); 714 kctl = snd_ctl_find_id_locked(card, id); 715 if (kctl == NULL) { 716 ret = -ENOENT; 717 goto unlock; 718 } 719 index_offset = snd_ctl_get_ioff(kctl, id); 720 vd = &kctl->vd[index_offset]; 721 ret = 0; 722 if (active) { 723 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE)) 724 goto unlock; 725 vd->access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE; 726 } else { 727 if (vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE) 728 goto unlock; 729 vd->access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE; 730 } 731 snd_ctl_build_ioff(id, kctl, index_offset); 732 downgrade_write(&card->controls_rwsem); 733 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_INFO, kctl, index_offset); 734 up_read(&card->controls_rwsem); 735 return 1; 736 737 unlock: 738 up_write(&card->controls_rwsem); 739 return ret; 740} 741EXPORT_SYMBOL_GPL(snd_ctl_activate_id); 742 743/** 744 * snd_ctl_rename_id - replace the id of a control on the card 745 * @card: the card instance 746 * @src_id: the old id 747 * @dst_id: the new id 748 * 749 * Finds the control with the old id from the card, and replaces the 750 * id with the new one. 751 * 752 * The function tries to keep the already assigned numid while replacing 753 * the rest. 754 * 755 * Note that this function should be used only in the card initialization 756 * phase. Calling after the card instantiation may cause issues with 757 * user-space expecting persistent numids. 758 * 759 * Return: Zero if successful, or a negative error code on failure. 760 */ 761int snd_ctl_rename_id(struct snd_card *card, struct snd_ctl_elem_id *src_id, 762 struct snd_ctl_elem_id *dst_id) 763{ 764 struct snd_kcontrol *kctl; 765 int saved_numid; 766 767 down_write(&card->controls_rwsem); 768 kctl = snd_ctl_find_id_locked(card, src_id); 769 if (kctl == NULL) { 770 up_write(&card->controls_rwsem); 771 return -ENOENT; 772 } 773 saved_numid = kctl->id.numid; 774 remove_hash_entries(card, kctl); 775 kctl->id = *dst_id; 776 kctl->id.numid = saved_numid; 777 add_hash_entries(card, kctl); 778 up_write(&card->controls_rwsem); 779 return 0; 780} 781EXPORT_SYMBOL(snd_ctl_rename_id); 782 783/** 784 * snd_ctl_rename - rename the control on the card 785 * @card: the card instance 786 * @kctl: the control to rename 787 * @name: the new name 788 * 789 * Renames the specified control on the card to the new name. 790 * 791 * Note that this function takes card->controls_rwsem lock internally. 792 */ 793void snd_ctl_rename(struct snd_card *card, struct snd_kcontrol *kctl, 794 const char *name) 795{ 796 down_write(&card->controls_rwsem); 797 remove_hash_entries(card, kctl); 798 799 if (strscpy(kctl->id.name, name, sizeof(kctl->id.name)) < 0) 800 pr_warn("ALSA: Renamed control new name '%s' truncated to '%s'\n", 801 name, kctl->id.name); 802 803 add_hash_entries(card, kctl); 804 up_write(&card->controls_rwsem); 805} 806EXPORT_SYMBOL(snd_ctl_rename); 807 808#ifndef CONFIG_SND_CTL_FAST_LOOKUP 809static struct snd_kcontrol * 810snd_ctl_find_numid_slow(struct snd_card *card, unsigned int numid) 811{ 812 struct snd_kcontrol *kctl; 813 814 list_for_each_entry(kctl, &card->controls, list) { 815 if (kctl->id.numid <= numid && kctl->id.numid + kctl->count > numid) 816 return kctl; 817 } 818 return NULL; 819} 820#endif /* !CONFIG_SND_CTL_FAST_LOOKUP */ 821 822/** 823 * snd_ctl_find_numid_locked - find the control instance with the given number-id 824 * @card: the card instance 825 * @numid: the number-id to search 826 * 827 * Finds the control instance with the given number-id from the card. 828 * 829 * The caller must down card->controls_rwsem before calling this function 830 * (if the race condition can happen). 831 * 832 * Return: The pointer of the instance if found, or %NULL if not. 833 */ 834struct snd_kcontrol * 835snd_ctl_find_numid_locked(struct snd_card *card, unsigned int numid) 836{ 837 if (snd_BUG_ON(!card || !numid)) 838 return NULL; 839 lockdep_assert_held(&card->controls_rwsem); 840#ifdef CONFIG_SND_CTL_FAST_LOOKUP 841 return xa_load(&card->ctl_numids, numid); 842#else 843 return snd_ctl_find_numid_slow(card, numid); 844#endif 845} 846EXPORT_SYMBOL(snd_ctl_find_numid_locked); 847 848/** 849 * snd_ctl_find_numid - find the control instance with the given number-id 850 * @card: the card instance 851 * @numid: the number-id to search 852 * 853 * Finds the control instance with the given number-id from the card. 854 * 855 * Return: The pointer of the instance if found, or %NULL if not. 856 * 857 * Note that this function takes card->controls_rwsem lock internally. 858 */ 859struct snd_kcontrol *snd_ctl_find_numid(struct snd_card *card, 860 unsigned int numid) 861{ 862 struct snd_kcontrol *kctl; 863 864 down_read(&card->controls_rwsem); 865 kctl = snd_ctl_find_numid_locked(card, numid); 866 up_read(&card->controls_rwsem); 867 return kctl; 868} 869EXPORT_SYMBOL(snd_ctl_find_numid); 870 871/** 872 * snd_ctl_find_id_locked - find the control instance with the given id 873 * @card: the card instance 874 * @id: the id to search 875 * 876 * Finds the control instance with the given id from the card. 877 * 878 * The caller must down card->controls_rwsem before calling this function 879 * (if the race condition can happen). 880 * 881 * Return: The pointer of the instance if found, or %NULL if not. 882 */ 883struct snd_kcontrol *snd_ctl_find_id_locked(struct snd_card *card, 884 const struct snd_ctl_elem_id *id) 885{ 886 struct snd_kcontrol *kctl; 887 888 if (snd_BUG_ON(!card || !id)) 889 return NULL; 890 lockdep_assert_held(&card->controls_rwsem); 891 if (id->numid != 0) 892 return snd_ctl_find_numid_locked(card, id->numid); 893#ifdef CONFIG_SND_CTL_FAST_LOOKUP 894 kctl = xa_load(&card->ctl_hash, get_ctl_id_hash(id)); 895 if (kctl && elem_id_matches(kctl, id)) 896 return kctl; 897 if (!card->ctl_hash_collision) 898 return NULL; /* we can rely on only hash table */ 899#endif 900 /* no matching in hash table - try all as the last resort */ 901 list_for_each_entry(kctl, &card->controls, list) 902 if (elem_id_matches(kctl, id)) 903 return kctl; 904 905 return NULL; 906} 907EXPORT_SYMBOL(snd_ctl_find_id_locked); 908 909/** 910 * snd_ctl_find_id - find the control instance with the given id 911 * @card: the card instance 912 * @id: the id to search 913 * 914 * Finds the control instance with the given id from the card. 915 * 916 * Return: The pointer of the instance if found, or %NULL if not. 917 * 918 * Note that this function takes card->controls_rwsem lock internally. 919 */ 920struct snd_kcontrol *snd_ctl_find_id(struct snd_card *card, 921 const struct snd_ctl_elem_id *id) 922{ 923 struct snd_kcontrol *kctl; 924 925 down_read(&card->controls_rwsem); 926 kctl = snd_ctl_find_id_locked(card, id); 927 up_read(&card->controls_rwsem); 928 return kctl; 929} 930EXPORT_SYMBOL(snd_ctl_find_id); 931 932static int snd_ctl_card_info(struct snd_card *card, struct snd_ctl_file * ctl, 933 unsigned int cmd, void __user *arg) 934{ 935 struct snd_ctl_card_info *info; 936 937 info = kzalloc(sizeof(*info), GFP_KERNEL); 938 if (! info) 939 return -ENOMEM; 940 down_read(&snd_ioctl_rwsem); 941 info->card = card->number; 942 strscpy(info->id, card->id, sizeof(info->id)); 943 strscpy(info->driver, card->driver, sizeof(info->driver)); 944 strscpy(info->name, card->shortname, sizeof(info->name)); 945 strscpy(info->longname, card->longname, sizeof(info->longname)); 946 strscpy(info->mixername, card->mixername, sizeof(info->mixername)); 947 strscpy(info->components, card->components, sizeof(info->components)); 948 up_read(&snd_ioctl_rwsem); 949 if (copy_to_user(arg, info, sizeof(struct snd_ctl_card_info))) { 950 kfree(info); 951 return -EFAULT; 952 } 953 kfree(info); 954 return 0; 955} 956 957static int snd_ctl_elem_list(struct snd_card *card, 958 struct snd_ctl_elem_list *list) 959{ 960 struct snd_kcontrol *kctl; 961 struct snd_ctl_elem_id id; 962 unsigned int offset, space, jidx; 963 int err = 0; 964 965 offset = list->offset; 966 space = list->space; 967 968 down_read(&card->controls_rwsem); 969 list->count = card->controls_count; 970 list->used = 0; 971 if (space > 0) { 972 list_for_each_entry(kctl, &card->controls, list) { 973 if (offset >= kctl->count) { 974 offset -= kctl->count; 975 continue; 976 } 977 for (jidx = offset; jidx < kctl->count; jidx++) { 978 snd_ctl_build_ioff(&id, kctl, jidx); 979 if (copy_to_user(list->pids + list->used, &id, 980 sizeof(id))) { 981 err = -EFAULT; 982 goto out; 983 } 984 list->used++; 985 if (!--space) 986 goto out; 987 } 988 offset = 0; 989 } 990 } 991 out: 992 up_read(&card->controls_rwsem); 993 return err; 994} 995 996static int snd_ctl_elem_list_user(struct snd_card *card, 997 struct snd_ctl_elem_list __user *_list) 998{ 999 struct snd_ctl_elem_list list; 1000 int err; 1001 1002 if (copy_from_user(&list, _list, sizeof(list))) 1003 return -EFAULT; 1004 err = snd_ctl_elem_list(card, &list); 1005 if (err) 1006 return err; 1007 if (copy_to_user(_list, &list, sizeof(list))) 1008 return -EFAULT; 1009 1010 return 0; 1011} 1012 1013/* Check whether the given kctl info is valid */ 1014static int snd_ctl_check_elem_info(struct snd_card *card, 1015 const struct snd_ctl_elem_info *info) 1016{ 1017 static const unsigned int max_value_counts[] = { 1018 [SNDRV_CTL_ELEM_TYPE_BOOLEAN] = 128, 1019 [SNDRV_CTL_ELEM_TYPE_INTEGER] = 128, 1020 [SNDRV_CTL_ELEM_TYPE_ENUMERATED] = 128, 1021 [SNDRV_CTL_ELEM_TYPE_BYTES] = 512, 1022 [SNDRV_CTL_ELEM_TYPE_IEC958] = 1, 1023 [SNDRV_CTL_ELEM_TYPE_INTEGER64] = 64, 1024 }; 1025 1026 if (info->type < SNDRV_CTL_ELEM_TYPE_BOOLEAN || 1027 info->type > SNDRV_CTL_ELEM_TYPE_INTEGER64) { 1028 if (card) 1029 dev_err(card->dev, 1030 "control %i:%i:%i:%s:%i: invalid type %d\n", 1031 info->id.iface, info->id.device, 1032 info->id.subdevice, info->id.name, 1033 info->id.index, info->type); 1034 return -EINVAL; 1035 } 1036 if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED && 1037 info->value.enumerated.items == 0) { 1038 if (card) 1039 dev_err(card->dev, 1040 "control %i:%i:%i:%s:%i: zero enum items\n", 1041 info->id.iface, info->id.device, 1042 info->id.subdevice, info->id.name, 1043 info->id.index); 1044 return -EINVAL; 1045 } 1046 if (info->count > max_value_counts[info->type]) { 1047 if (card) 1048 dev_err(card->dev, 1049 "control %i:%i:%i:%s:%i: invalid count %d\n", 1050 info->id.iface, info->id.device, 1051 info->id.subdevice, info->id.name, 1052 info->id.index, info->count); 1053 return -EINVAL; 1054 } 1055 1056 return 0; 1057} 1058 1059/* The capacity of struct snd_ctl_elem_value.value.*/ 1060static const unsigned int value_sizes[] = { 1061 [SNDRV_CTL_ELEM_TYPE_BOOLEAN] = sizeof(long), 1062 [SNDRV_CTL_ELEM_TYPE_INTEGER] = sizeof(long), 1063 [SNDRV_CTL_ELEM_TYPE_ENUMERATED] = sizeof(unsigned int), 1064 [SNDRV_CTL_ELEM_TYPE_BYTES] = sizeof(unsigned char), 1065 [SNDRV_CTL_ELEM_TYPE_IEC958] = sizeof(struct snd_aes_iec958), 1066 [SNDRV_CTL_ELEM_TYPE_INTEGER64] = sizeof(long long), 1067}; 1068 1069/* fill the remaining snd_ctl_elem_value data with the given pattern */ 1070static void fill_remaining_elem_value(struct snd_ctl_elem_value *control, 1071 struct snd_ctl_elem_info *info, 1072 u32 pattern) 1073{ 1074 size_t offset = value_sizes[info->type] * info->count; 1075 1076 offset = DIV_ROUND_UP(offset, sizeof(u32)); 1077 memset32((u32 *)control->value.bytes.data + offset, pattern, 1078 sizeof(control->value) / sizeof(u32) - offset); 1079} 1080 1081/* check whether the given integer ctl value is valid */ 1082static int sanity_check_int_value(struct snd_card *card, 1083 const struct snd_ctl_elem_value *control, 1084 const struct snd_ctl_elem_info *info, 1085 int i, bool print_error) 1086{ 1087 long long lval, lmin, lmax, lstep; 1088 u64 rem; 1089 1090 switch (info->type) { 1091 default: 1092 case SNDRV_CTL_ELEM_TYPE_BOOLEAN: 1093 lval = control->value.integer.value[i]; 1094 lmin = 0; 1095 lmax = 1; 1096 lstep = 0; 1097 break; 1098 case SNDRV_CTL_ELEM_TYPE_INTEGER: 1099 lval = control->value.integer.value[i]; 1100 lmin = info->value.integer.min; 1101 lmax = info->value.integer.max; 1102 lstep = info->value.integer.step; 1103 break; 1104 case SNDRV_CTL_ELEM_TYPE_INTEGER64: 1105 lval = control->value.integer64.value[i]; 1106 lmin = info->value.integer64.min; 1107 lmax = info->value.integer64.max; 1108 lstep = info->value.integer64.step; 1109 break; 1110 case SNDRV_CTL_ELEM_TYPE_ENUMERATED: 1111 lval = control->value.enumerated.item[i]; 1112 lmin = 0; 1113 lmax = info->value.enumerated.items - 1; 1114 lstep = 0; 1115 break; 1116 } 1117 1118 if (lval < lmin || lval > lmax) { 1119 if (print_error) 1120 dev_err(card->dev, 1121 "control %i:%i:%i:%s:%i: value out of range %lld (%lld/%lld) at count %i\n", 1122 control->id.iface, control->id.device, 1123 control->id.subdevice, control->id.name, 1124 control->id.index, lval, lmin, lmax, i); 1125 return -EINVAL; 1126 } 1127 if (lstep) { 1128 div64_u64_rem(lval, lstep, &rem); 1129 if (rem) { 1130 if (print_error) 1131 dev_err(card->dev, 1132 "control %i:%i:%i:%s:%i: unaligned value %lld (step %lld) at count %i\n", 1133 control->id.iface, control->id.device, 1134 control->id.subdevice, control->id.name, 1135 control->id.index, lval, lstep, i); 1136 return -EINVAL; 1137 } 1138 } 1139 1140 return 0; 1141} 1142 1143/* check whether the all input values are valid for the given elem value */ 1144static int sanity_check_input_values(struct snd_card *card, 1145 const struct snd_ctl_elem_value *control, 1146 const struct snd_ctl_elem_info *info, 1147 bool print_error) 1148{ 1149 int i, ret; 1150 1151 switch (info->type) { 1152 case SNDRV_CTL_ELEM_TYPE_BOOLEAN: 1153 case SNDRV_CTL_ELEM_TYPE_INTEGER: 1154 case SNDRV_CTL_ELEM_TYPE_INTEGER64: 1155 case SNDRV_CTL_ELEM_TYPE_ENUMERATED: 1156 for (i = 0; i < info->count; i++) { 1157 ret = sanity_check_int_value(card, control, info, i, 1158 print_error); 1159 if (ret < 0) 1160 return ret; 1161 } 1162 break; 1163 default: 1164 break; 1165 } 1166 1167 return 0; 1168} 1169 1170/* perform sanity checks to the given snd_ctl_elem_value object */ 1171static int sanity_check_elem_value(struct snd_card *card, 1172 const struct snd_ctl_elem_value *control, 1173 const struct snd_ctl_elem_info *info, 1174 u32 pattern) 1175{ 1176 size_t offset; 1177 int ret; 1178 u32 *p; 1179 1180 ret = sanity_check_input_values(card, control, info, true); 1181 if (ret < 0) 1182 return ret; 1183 1184 /* check whether the remaining area kept untouched */ 1185 offset = value_sizes[info->type] * info->count; 1186 offset = DIV_ROUND_UP(offset, sizeof(u32)); 1187 p = (u32 *)control->value.bytes.data + offset; 1188 for (; offset < sizeof(control->value) / sizeof(u32); offset++, p++) { 1189 if (*p != pattern) { 1190 ret = -EINVAL; 1191 break; 1192 } 1193 *p = 0; /* clear the checked area */ 1194 } 1195 1196 return ret; 1197} 1198 1199static int __snd_ctl_elem_info(struct snd_card *card, 1200 struct snd_kcontrol *kctl, 1201 struct snd_ctl_elem_info *info, 1202 struct snd_ctl_file *ctl) 1203{ 1204 struct snd_kcontrol_volatile *vd; 1205 unsigned int index_offset; 1206 int result; 1207 1208#ifdef CONFIG_SND_DEBUG 1209 info->access = 0; 1210#endif 1211 result = snd_power_ref_and_wait(card); 1212 if (!result) 1213 result = kctl->info(kctl, info); 1214 snd_power_unref(card); 1215 if (result >= 0) { 1216 snd_BUG_ON(info->access); 1217 index_offset = snd_ctl_get_ioff(kctl, &info->id); 1218 vd = &kctl->vd[index_offset]; 1219 snd_ctl_build_ioff(&info->id, kctl, index_offset); 1220 info->access = vd->access; 1221 if (vd->owner) { 1222 info->access |= SNDRV_CTL_ELEM_ACCESS_LOCK; 1223 if (vd->owner == ctl) 1224 info->access |= SNDRV_CTL_ELEM_ACCESS_OWNER; 1225 info->owner = pid_vnr(vd->owner->pid); 1226 } else { 1227 info->owner = -1; 1228 } 1229 if (!snd_ctl_skip_validation(info) && 1230 snd_ctl_check_elem_info(card, info) < 0) 1231 result = -EINVAL; 1232 } 1233 return result; 1234} 1235 1236static int snd_ctl_elem_info(struct snd_ctl_file *ctl, 1237 struct snd_ctl_elem_info *info) 1238{ 1239 struct snd_card *card = ctl->card; 1240 struct snd_kcontrol *kctl; 1241 int result; 1242 1243 down_read(&card->controls_rwsem); 1244 kctl = snd_ctl_find_id_locked(card, &info->id); 1245 if (kctl == NULL) 1246 result = -ENOENT; 1247 else 1248 result = __snd_ctl_elem_info(card, kctl, info, ctl); 1249 up_read(&card->controls_rwsem); 1250 return result; 1251} 1252 1253static int snd_ctl_elem_info_user(struct snd_ctl_file *ctl, 1254 struct snd_ctl_elem_info __user *_info) 1255{ 1256 struct snd_ctl_elem_info info; 1257 int result; 1258 1259 if (copy_from_user(&info, _info, sizeof(info))) 1260 return -EFAULT; 1261 result = snd_ctl_elem_info(ctl, &info); 1262 if (result < 0) 1263 return result; 1264 /* drop internal access flags */ 1265 info.access &= ~(SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK| 1266 SNDRV_CTL_ELEM_ACCESS_LED_MASK); 1267 if (copy_to_user(_info, &info, sizeof(info))) 1268 return -EFAULT; 1269 return result; 1270} 1271 1272static int snd_ctl_elem_read(struct snd_card *card, 1273 struct snd_ctl_elem_value *control) 1274{ 1275 struct snd_kcontrol *kctl; 1276 struct snd_kcontrol_volatile *vd; 1277 unsigned int index_offset; 1278 struct snd_ctl_elem_info info; 1279 const u32 pattern = 0xdeadbeef; 1280 int ret; 1281 1282 down_read(&card->controls_rwsem); 1283 kctl = snd_ctl_find_id_locked(card, &control->id); 1284 if (kctl == NULL) { 1285 ret = -ENOENT; 1286 goto unlock; 1287 } 1288 1289 index_offset = snd_ctl_get_ioff(kctl, &control->id); 1290 vd = &kctl->vd[index_offset]; 1291 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_READ) || kctl->get == NULL) { 1292 ret = -EPERM; 1293 goto unlock; 1294 } 1295 1296 snd_ctl_build_ioff(&control->id, kctl, index_offset); 1297 1298#ifdef CONFIG_SND_CTL_DEBUG 1299 /* info is needed only for validation */ 1300 memset(&info, 0, sizeof(info)); 1301 info.id = control->id; 1302 ret = __snd_ctl_elem_info(card, kctl, &info, NULL); 1303 if (ret < 0) 1304 goto unlock; 1305#endif 1306 1307 if (!snd_ctl_skip_validation(&info)) 1308 fill_remaining_elem_value(control, &info, pattern); 1309 ret = snd_power_ref_and_wait(card); 1310 if (!ret) 1311 ret = kctl->get(kctl, control); 1312 snd_power_unref(card); 1313 if (ret < 0) 1314 goto unlock; 1315 if (!snd_ctl_skip_validation(&info) && 1316 sanity_check_elem_value(card, control, &info, pattern) < 0) { 1317 dev_err(card->dev, 1318 "control %i:%i:%i:%s:%i: access overflow\n", 1319 control->id.iface, control->id.device, 1320 control->id.subdevice, control->id.name, 1321 control->id.index); 1322 ret = -EINVAL; 1323 goto unlock; 1324 } 1325unlock: 1326 up_read(&card->controls_rwsem); 1327 return ret; 1328} 1329 1330static int snd_ctl_elem_read_user(struct snd_card *card, 1331 struct snd_ctl_elem_value __user *_control) 1332{ 1333 struct snd_ctl_elem_value *control; 1334 int result; 1335 1336 control = memdup_user(_control, sizeof(*control)); 1337 if (IS_ERR(control)) 1338 return PTR_ERR(control); 1339 1340 result = snd_ctl_elem_read(card, control); 1341 if (result < 0) 1342 goto error; 1343 1344 if (copy_to_user(_control, control, sizeof(*control))) 1345 result = -EFAULT; 1346 error: 1347 kfree(control); 1348 return result; 1349} 1350 1351static int snd_ctl_elem_write(struct snd_card *card, struct snd_ctl_file *file, 1352 struct snd_ctl_elem_value *control) 1353{ 1354 struct snd_kcontrol *kctl; 1355 struct snd_kcontrol_volatile *vd; 1356 unsigned int index_offset; 1357 int result; 1358 1359 down_write(&card->controls_rwsem); 1360 kctl = snd_ctl_find_id_locked(card, &control->id); 1361 if (kctl == NULL) { 1362 up_write(&card->controls_rwsem); 1363 return -ENOENT; 1364 } 1365 1366 index_offset = snd_ctl_get_ioff(kctl, &control->id); 1367 vd = &kctl->vd[index_offset]; 1368 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_WRITE) || kctl->put == NULL || 1369 (file && vd->owner && vd->owner != file)) { 1370 up_write(&card->controls_rwsem); 1371 return -EPERM; 1372 } 1373 1374 snd_ctl_build_ioff(&control->id, kctl, index_offset); 1375 result = snd_power_ref_and_wait(card); 1376 /* validate input values */ 1377 if (IS_ENABLED(CONFIG_SND_CTL_INPUT_VALIDATION) && !result) { 1378 struct snd_ctl_elem_info info; 1379 1380 memset(&info, 0, sizeof(info)); 1381 info.id = control->id; 1382 result = __snd_ctl_elem_info(card, kctl, &info, NULL); 1383 if (!result) 1384 result = sanity_check_input_values(card, control, &info, 1385 false); 1386 } 1387 if (!result) 1388 result = kctl->put(kctl, control); 1389 snd_power_unref(card); 1390 if (result < 0) { 1391 up_write(&card->controls_rwsem); 1392 return result; 1393 } 1394 1395 if (result > 0) { 1396 downgrade_write(&card->controls_rwsem); 1397 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_VALUE, kctl, index_offset); 1398 up_read(&card->controls_rwsem); 1399 } else { 1400 up_write(&card->controls_rwsem); 1401 } 1402 1403 return 0; 1404} 1405 1406static int snd_ctl_elem_write_user(struct snd_ctl_file *file, 1407 struct snd_ctl_elem_value __user *_control) 1408{ 1409 struct snd_ctl_elem_value *control; 1410 struct snd_card *card; 1411 int result; 1412 1413 control = memdup_user(_control, sizeof(*control)); 1414 if (IS_ERR(control)) 1415 return PTR_ERR(control); 1416 1417 card = file->card; 1418 result = snd_ctl_elem_write(card, file, control); 1419 if (result < 0) 1420 goto error; 1421 1422 if (copy_to_user(_control, control, sizeof(*control))) 1423 result = -EFAULT; 1424 error: 1425 kfree(control); 1426 return result; 1427} 1428 1429static int snd_ctl_elem_lock(struct snd_ctl_file *file, 1430 struct snd_ctl_elem_id __user *_id) 1431{ 1432 struct snd_card *card = file->card; 1433 struct snd_ctl_elem_id id; 1434 struct snd_kcontrol *kctl; 1435 struct snd_kcontrol_volatile *vd; 1436 int result; 1437 1438 if (copy_from_user(&id, _id, sizeof(id))) 1439 return -EFAULT; 1440 down_write(&card->controls_rwsem); 1441 kctl = snd_ctl_find_id_locked(card, &id); 1442 if (kctl == NULL) { 1443 result = -ENOENT; 1444 } else { 1445 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)]; 1446 if (vd->owner != NULL) 1447 result = -EBUSY; 1448 else { 1449 vd->owner = file; 1450 result = 0; 1451 } 1452 } 1453 up_write(&card->controls_rwsem); 1454 return result; 1455} 1456 1457static int snd_ctl_elem_unlock(struct snd_ctl_file *file, 1458 struct snd_ctl_elem_id __user *_id) 1459{ 1460 struct snd_card *card = file->card; 1461 struct snd_ctl_elem_id id; 1462 struct snd_kcontrol *kctl; 1463 struct snd_kcontrol_volatile *vd; 1464 int result; 1465 1466 if (copy_from_user(&id, _id, sizeof(id))) 1467 return -EFAULT; 1468 down_write(&card->controls_rwsem); 1469 kctl = snd_ctl_find_id_locked(card, &id); 1470 if (kctl == NULL) { 1471 result = -ENOENT; 1472 } else { 1473 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)]; 1474 if (vd->owner == NULL) 1475 result = -EINVAL; 1476 else if (vd->owner != file) 1477 result = -EPERM; 1478 else { 1479 vd->owner = NULL; 1480 result = 0; 1481 } 1482 } 1483 up_write(&card->controls_rwsem); 1484 return result; 1485} 1486 1487struct user_element { 1488 struct snd_ctl_elem_info info; 1489 struct snd_card *card; 1490 char *elem_data; /* element data */ 1491 unsigned long elem_data_size; /* size of element data in bytes */ 1492 void *tlv_data; /* TLV data */ 1493 unsigned long tlv_data_size; /* TLV data size */ 1494 void *priv_data; /* private data (like strings for enumerated type) */ 1495}; 1496 1497// check whether the addition (in bytes) of user ctl element may overflow the limit. 1498static bool check_user_elem_overflow(struct snd_card *card, ssize_t add) 1499{ 1500 return (ssize_t)card->user_ctl_alloc_size + add > max_user_ctl_alloc_size; 1501} 1502 1503static int snd_ctl_elem_user_info(struct snd_kcontrol *kcontrol, 1504 struct snd_ctl_elem_info *uinfo) 1505{ 1506 struct user_element *ue = kcontrol->private_data; 1507 unsigned int offset; 1508 1509 offset = snd_ctl_get_ioff(kcontrol, &uinfo->id); 1510 *uinfo = ue->info; 1511 snd_ctl_build_ioff(&uinfo->id, kcontrol, offset); 1512 1513 return 0; 1514} 1515 1516static int snd_ctl_elem_user_enum_info(struct snd_kcontrol *kcontrol, 1517 struct snd_ctl_elem_info *uinfo) 1518{ 1519 struct user_element *ue = kcontrol->private_data; 1520 const char *names; 1521 unsigned int item; 1522 unsigned int offset; 1523 1524 item = uinfo->value.enumerated.item; 1525 1526 offset = snd_ctl_get_ioff(kcontrol, &uinfo->id); 1527 *uinfo = ue->info; 1528 snd_ctl_build_ioff(&uinfo->id, kcontrol, offset); 1529 1530 item = min(item, uinfo->value.enumerated.items - 1); 1531 uinfo->value.enumerated.item = item; 1532 1533 names = ue->priv_data; 1534 for (; item > 0; --item) 1535 names += strlen(names) + 1; 1536 strcpy(uinfo->value.enumerated.name, names); 1537 1538 return 0; 1539} 1540 1541static int snd_ctl_elem_user_get(struct snd_kcontrol *kcontrol, 1542 struct snd_ctl_elem_value *ucontrol) 1543{ 1544 struct user_element *ue = kcontrol->private_data; 1545 unsigned int size = ue->elem_data_size; 1546 char *src = ue->elem_data + 1547 snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size; 1548 1549 memcpy(&ucontrol->value, src, size); 1550 return 0; 1551} 1552 1553static int snd_ctl_elem_user_put(struct snd_kcontrol *kcontrol, 1554 struct snd_ctl_elem_value *ucontrol) 1555{ 1556 int change; 1557 struct user_element *ue = kcontrol->private_data; 1558 unsigned int size = ue->elem_data_size; 1559 char *dst = ue->elem_data + 1560 snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size; 1561 1562 change = memcmp(&ucontrol->value, dst, size) != 0; 1563 if (change) 1564 memcpy(dst, &ucontrol->value, size); 1565 return change; 1566} 1567 1568/* called in controls_rwsem write lock */ 1569static int replace_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf, 1570 unsigned int size) 1571{ 1572 struct user_element *ue = kctl->private_data; 1573 unsigned int *container; 1574 unsigned int mask = 0; 1575 int i; 1576 int change; 1577 1578 lockdep_assert_held_write(&ue->card->controls_rwsem); 1579 1580 if (size > 1024 * 128) /* sane value */ 1581 return -EINVAL; 1582 1583 // does the TLV size change cause overflow? 1584 if (check_user_elem_overflow(ue->card, (ssize_t)(size - ue->tlv_data_size))) 1585 return -ENOMEM; 1586 1587 container = vmemdup_user(buf, size); 1588 if (IS_ERR(container)) 1589 return PTR_ERR(container); 1590 1591 change = ue->tlv_data_size != size; 1592 if (!change) 1593 change = memcmp(ue->tlv_data, container, size) != 0; 1594 if (!change) { 1595 kvfree(container); 1596 return 0; 1597 } 1598 1599 if (ue->tlv_data == NULL) { 1600 /* Now TLV data is available. */ 1601 for (i = 0; i < kctl->count; ++i) 1602 kctl->vd[i].access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ; 1603 mask = SNDRV_CTL_EVENT_MASK_INFO; 1604 } else { 1605 ue->card->user_ctl_alloc_size -= ue->tlv_data_size; 1606 ue->tlv_data_size = 0; 1607 kvfree(ue->tlv_data); 1608 } 1609 1610 ue->tlv_data = container; 1611 ue->tlv_data_size = size; 1612 // decremented at private_free. 1613 ue->card->user_ctl_alloc_size += size; 1614 1615 mask |= SNDRV_CTL_EVENT_MASK_TLV; 1616 for (i = 0; i < kctl->count; ++i) 1617 snd_ctl_notify_one(ue->card, mask, kctl, i); 1618 1619 return change; 1620} 1621 1622static int read_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf, 1623 unsigned int size) 1624{ 1625 struct user_element *ue = kctl->private_data; 1626 1627 if (ue->tlv_data_size == 0 || ue->tlv_data == NULL) 1628 return -ENXIO; 1629 1630 if (size < ue->tlv_data_size) 1631 return -ENOSPC; 1632 1633 if (copy_to_user(buf, ue->tlv_data, ue->tlv_data_size)) 1634 return -EFAULT; 1635 1636 return 0; 1637} 1638 1639static int snd_ctl_elem_user_tlv(struct snd_kcontrol *kctl, int op_flag, 1640 unsigned int size, unsigned int __user *buf) 1641{ 1642 if (op_flag == SNDRV_CTL_TLV_OP_WRITE) 1643 return replace_user_tlv(kctl, buf, size); 1644 else 1645 return read_user_tlv(kctl, buf, size); 1646} 1647 1648/* called in controls_rwsem write lock */ 1649static int snd_ctl_elem_init_enum_names(struct user_element *ue) 1650{ 1651 char *names, *p; 1652 size_t buf_len, name_len; 1653 unsigned int i; 1654 const uintptr_t user_ptrval = ue->info.value.enumerated.names_ptr; 1655 1656 lockdep_assert_held_write(&ue->card->controls_rwsem); 1657 1658 buf_len = ue->info.value.enumerated.names_length; 1659 if (buf_len > 64 * 1024) 1660 return -EINVAL; 1661 1662 if (check_user_elem_overflow(ue->card, buf_len)) 1663 return -ENOMEM; 1664 names = vmemdup_user((const void __user *)user_ptrval, buf_len); 1665 if (IS_ERR(names)) 1666 return PTR_ERR(names); 1667 1668 /* check that there are enough valid names */ 1669 p = names; 1670 for (i = 0; i < ue->info.value.enumerated.items; ++i) { 1671 name_len = strnlen(p, buf_len); 1672 if (name_len == 0 || name_len >= 64 || name_len == buf_len) { 1673 kvfree(names); 1674 return -EINVAL; 1675 } 1676 p += name_len + 1; 1677 buf_len -= name_len + 1; 1678 } 1679 1680 ue->priv_data = names; 1681 ue->info.value.enumerated.names_ptr = 0; 1682 // increment the allocation size; decremented again at private_free. 1683 ue->card->user_ctl_alloc_size += ue->info.value.enumerated.names_length; 1684 1685 return 0; 1686} 1687 1688static size_t compute_user_elem_size(size_t size, unsigned int count) 1689{ 1690 return sizeof(struct user_element) + size * count; 1691} 1692 1693static void snd_ctl_elem_user_free(struct snd_kcontrol *kcontrol) 1694{ 1695 struct user_element *ue = kcontrol->private_data; 1696 1697 // decrement the allocation size. 1698 ue->card->user_ctl_alloc_size -= compute_user_elem_size(ue->elem_data_size, kcontrol->count); 1699 ue->card->user_ctl_alloc_size -= ue->tlv_data_size; 1700 if (ue->priv_data) 1701 ue->card->user_ctl_alloc_size -= ue->info.value.enumerated.names_length; 1702 1703 kvfree(ue->tlv_data); 1704 kvfree(ue->priv_data); 1705 kfree(ue); 1706} 1707 1708static int snd_ctl_elem_add(struct snd_ctl_file *file, 1709 struct snd_ctl_elem_info *info, int replace) 1710{ 1711 struct snd_card *card = file->card; 1712 struct snd_kcontrol *kctl; 1713 unsigned int count; 1714 unsigned int access; 1715 long private_size; 1716 size_t alloc_size; 1717 struct user_element *ue; 1718 unsigned int offset; 1719 int err; 1720 1721 if (!*info->id.name) 1722 return -EINVAL; 1723 if (strnlen(info->id.name, sizeof(info->id.name)) >= sizeof(info->id.name)) 1724 return -EINVAL; 1725 1726 /* Delete a control to replace them if needed. */ 1727 if (replace) { 1728 info->id.numid = 0; 1729 err = snd_ctl_remove_user_ctl(file, &info->id); 1730 if (err) 1731 return err; 1732 } 1733 1734 /* Check the number of elements for this userspace control. */ 1735 count = info->owner; 1736 if (count == 0) 1737 count = 1; 1738 1739 /* Arrange access permissions if needed. */ 1740 access = info->access; 1741 if (access == 0) 1742 access = SNDRV_CTL_ELEM_ACCESS_READWRITE; 1743 access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE | 1744 SNDRV_CTL_ELEM_ACCESS_INACTIVE | 1745 SNDRV_CTL_ELEM_ACCESS_TLV_WRITE); 1746 1747 /* In initial state, nothing is available as TLV container. */ 1748 if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE) 1749 access |= SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK; 1750 access |= SNDRV_CTL_ELEM_ACCESS_USER; 1751 1752 /* 1753 * Check information and calculate the size of data specific to 1754 * this userspace control. 1755 */ 1756 /* pass NULL to card for suppressing error messages */ 1757 err = snd_ctl_check_elem_info(NULL, info); 1758 if (err < 0) 1759 return err; 1760 /* user-space control doesn't allow zero-size data */ 1761 if (info->count < 1) 1762 return -EINVAL; 1763 private_size = value_sizes[info->type] * info->count; 1764 alloc_size = compute_user_elem_size(private_size, count); 1765 1766 down_write(&card->controls_rwsem); 1767 if (check_user_elem_overflow(card, alloc_size)) { 1768 err = -ENOMEM; 1769 goto unlock; 1770 } 1771 1772 /* 1773 * Keep memory object for this userspace control. After passing this 1774 * code block, the instance should be freed by snd_ctl_free_one(). 1775 * 1776 * Note that these elements in this control are locked. 1777 */ 1778 err = snd_ctl_new(&kctl, count, access, file); 1779 if (err < 0) 1780 goto unlock; 1781 memcpy(&kctl->id, &info->id, sizeof(kctl->id)); 1782 ue = kzalloc(alloc_size, GFP_KERNEL); 1783 if (!ue) { 1784 kfree(kctl); 1785 err = -ENOMEM; 1786 goto unlock; 1787 } 1788 kctl->private_data = ue; 1789 kctl->private_free = snd_ctl_elem_user_free; 1790 1791 // increment the allocated size; decremented again at private_free. 1792 card->user_ctl_alloc_size += alloc_size; 1793 1794 /* Set private data for this userspace control. */ 1795 ue->card = card; 1796 ue->info = *info; 1797 ue->info.access = 0; 1798 ue->elem_data = (char *)ue + sizeof(*ue); 1799 ue->elem_data_size = private_size; 1800 if (ue->info.type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) { 1801 err = snd_ctl_elem_init_enum_names(ue); 1802 if (err < 0) { 1803 snd_ctl_free_one(kctl); 1804 goto unlock; 1805 } 1806 } 1807 1808 /* Set callback functions. */ 1809 if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) 1810 kctl->info = snd_ctl_elem_user_enum_info; 1811 else 1812 kctl->info = snd_ctl_elem_user_info; 1813 if (access & SNDRV_CTL_ELEM_ACCESS_READ) 1814 kctl->get = snd_ctl_elem_user_get; 1815 if (access & SNDRV_CTL_ELEM_ACCESS_WRITE) 1816 kctl->put = snd_ctl_elem_user_put; 1817 if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE) 1818 kctl->tlv.c = snd_ctl_elem_user_tlv; 1819 1820 /* This function manage to free the instance on failure. */ 1821 err = __snd_ctl_add_replace(card, kctl, CTL_ADD_EXCLUSIVE); 1822 if (err < 0) { 1823 snd_ctl_free_one(kctl); 1824 goto unlock; 1825 } 1826 offset = snd_ctl_get_ioff(kctl, &info->id); 1827 snd_ctl_build_ioff(&info->id, kctl, offset); 1828 /* 1829 * Here we cannot fill any field for the number of elements added by 1830 * this operation because there're no specific fields. The usage of 1831 * 'owner' field for this purpose may cause any bugs to userspace 1832 * applications because the field originally means PID of a process 1833 * which locks the element. 1834 */ 1835 unlock: 1836 up_write(&card->controls_rwsem); 1837 return err; 1838} 1839 1840static int snd_ctl_elem_add_user(struct snd_ctl_file *file, 1841 struct snd_ctl_elem_info __user *_info, int replace) 1842{ 1843 struct snd_ctl_elem_info info; 1844 int err; 1845 1846 if (copy_from_user(&info, _info, sizeof(info))) 1847 return -EFAULT; 1848 err = snd_ctl_elem_add(file, &info, replace); 1849 if (err < 0) 1850 return err; 1851 if (copy_to_user(_info, &info, sizeof(info))) { 1852 snd_ctl_remove_user_ctl(file, &info.id); 1853 return -EFAULT; 1854 } 1855 1856 return 0; 1857} 1858 1859static int snd_ctl_elem_remove(struct snd_ctl_file *file, 1860 struct snd_ctl_elem_id __user *_id) 1861{ 1862 struct snd_ctl_elem_id id; 1863 1864 if (copy_from_user(&id, _id, sizeof(id))) 1865 return -EFAULT; 1866 return snd_ctl_remove_user_ctl(file, &id); 1867} 1868 1869static int snd_ctl_subscribe_events(struct snd_ctl_file *file, int __user *ptr) 1870{ 1871 int subscribe; 1872 if (get_user(subscribe, ptr)) 1873 return -EFAULT; 1874 if (subscribe < 0) { 1875 subscribe = file->subscribed; 1876 if (put_user(subscribe, ptr)) 1877 return -EFAULT; 1878 return 0; 1879 } 1880 if (subscribe) { 1881 file->subscribed = 1; 1882 return 0; 1883 } else if (file->subscribed) { 1884 snd_ctl_empty_read_queue(file); 1885 file->subscribed = 0; 1886 } 1887 return 0; 1888} 1889 1890static int call_tlv_handler(struct snd_ctl_file *file, int op_flag, 1891 struct snd_kcontrol *kctl, 1892 struct snd_ctl_elem_id *id, 1893 unsigned int __user *buf, unsigned int size) 1894{ 1895 static const struct { 1896 int op; 1897 int perm; 1898 } pairs[] = { 1899 {SNDRV_CTL_TLV_OP_READ, SNDRV_CTL_ELEM_ACCESS_TLV_READ}, 1900 {SNDRV_CTL_TLV_OP_WRITE, SNDRV_CTL_ELEM_ACCESS_TLV_WRITE}, 1901 {SNDRV_CTL_TLV_OP_CMD, SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND}, 1902 }; 1903 struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)]; 1904 int i, ret; 1905 1906 /* Check support of the request for this element. */ 1907 for (i = 0; i < ARRAY_SIZE(pairs); ++i) { 1908 if (op_flag == pairs[i].op && (vd->access & pairs[i].perm)) 1909 break; 1910 } 1911 if (i == ARRAY_SIZE(pairs)) 1912 return -ENXIO; 1913 1914 if (kctl->tlv.c == NULL) 1915 return -ENXIO; 1916 1917 /* Write and command operations are not allowed for locked element. */ 1918 if (op_flag != SNDRV_CTL_TLV_OP_READ && 1919 vd->owner != NULL && vd->owner != file) 1920 return -EPERM; 1921 1922 ret = snd_power_ref_and_wait(file->card); 1923 if (!ret) 1924 ret = kctl->tlv.c(kctl, op_flag, size, buf); 1925 snd_power_unref(file->card); 1926 return ret; 1927} 1928 1929static int read_tlv_buf(struct snd_kcontrol *kctl, struct snd_ctl_elem_id *id, 1930 unsigned int __user *buf, unsigned int size) 1931{ 1932 struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)]; 1933 unsigned int len; 1934 1935 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_READ)) 1936 return -ENXIO; 1937 1938 if (kctl->tlv.p == NULL) 1939 return -ENXIO; 1940 1941 len = sizeof(unsigned int) * 2 + kctl->tlv.p[1]; 1942 if (size < len) 1943 return -ENOMEM; 1944 1945 if (copy_to_user(buf, kctl->tlv.p, len)) 1946 return -EFAULT; 1947 1948 return 0; 1949} 1950 1951static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file, 1952 struct snd_ctl_tlv __user *buf, 1953 int op_flag) 1954{ 1955 struct snd_ctl_tlv header; 1956 unsigned int __user *container; 1957 unsigned int container_size; 1958 struct snd_kcontrol *kctl; 1959 struct snd_ctl_elem_id id; 1960 struct snd_kcontrol_volatile *vd; 1961 1962 lockdep_assert_held(&file->card->controls_rwsem); 1963 1964 if (copy_from_user(&header, buf, sizeof(header))) 1965 return -EFAULT; 1966 1967 /* In design of control core, numerical ID starts at 1. */ 1968 if (header.numid == 0) 1969 return -EINVAL; 1970 1971 /* At least, container should include type and length fields. */ 1972 if (header.length < sizeof(unsigned int) * 2) 1973 return -EINVAL; 1974 container_size = header.length; 1975 container = buf->tlv; 1976 1977 kctl = snd_ctl_find_numid_locked(file->card, header.numid); 1978 if (kctl == NULL) 1979 return -ENOENT; 1980 1981 /* Calculate index of the element in this set. */ 1982 id = kctl->id; 1983 snd_ctl_build_ioff(&id, kctl, header.numid - id.numid); 1984 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)]; 1985 1986 if (vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK) { 1987 return call_tlv_handler(file, op_flag, kctl, &id, container, 1988 container_size); 1989 } else { 1990 if (op_flag == SNDRV_CTL_TLV_OP_READ) { 1991 return read_tlv_buf(kctl, &id, container, 1992 container_size); 1993 } 1994 } 1995 1996 /* Not supported. */ 1997 return -ENXIO; 1998} 1999 2000static long snd_ctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2001{ 2002 struct snd_ctl_file *ctl; 2003 struct snd_card *card; 2004 struct snd_kctl_ioctl *p; 2005 void __user *argp = (void __user *)arg; 2006 int __user *ip = argp; 2007 int err; 2008 2009 ctl = file->private_data; 2010 card = ctl->card; 2011 if (snd_BUG_ON(!card)) 2012 return -ENXIO; 2013 switch (cmd) { 2014 case SNDRV_CTL_IOCTL_PVERSION: 2015 return put_user(SNDRV_CTL_VERSION, ip) ? -EFAULT : 0; 2016 case SNDRV_CTL_IOCTL_CARD_INFO: 2017 return snd_ctl_card_info(card, ctl, cmd, argp); 2018 case SNDRV_CTL_IOCTL_ELEM_LIST: 2019 return snd_ctl_elem_list_user(card, argp); 2020 case SNDRV_CTL_IOCTL_ELEM_INFO: 2021 return snd_ctl_elem_info_user(ctl, argp); 2022 case SNDRV_CTL_IOCTL_ELEM_READ: 2023 return snd_ctl_elem_read_user(card, argp); 2024 case SNDRV_CTL_IOCTL_ELEM_WRITE: 2025 return snd_ctl_elem_write_user(ctl, argp); 2026 case SNDRV_CTL_IOCTL_ELEM_LOCK: 2027 return snd_ctl_elem_lock(ctl, argp); 2028 case SNDRV_CTL_IOCTL_ELEM_UNLOCK: 2029 return snd_ctl_elem_unlock(ctl, argp); 2030 case SNDRV_CTL_IOCTL_ELEM_ADD: 2031 return snd_ctl_elem_add_user(ctl, argp, 0); 2032 case SNDRV_CTL_IOCTL_ELEM_REPLACE: 2033 return snd_ctl_elem_add_user(ctl, argp, 1); 2034 case SNDRV_CTL_IOCTL_ELEM_REMOVE: 2035 return snd_ctl_elem_remove(ctl, argp); 2036 case SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS: 2037 return snd_ctl_subscribe_events(ctl, ip); 2038 case SNDRV_CTL_IOCTL_TLV_READ: 2039 down_read(&ctl->card->controls_rwsem); 2040 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_READ); 2041 up_read(&ctl->card->controls_rwsem); 2042 return err; 2043 case SNDRV_CTL_IOCTL_TLV_WRITE: 2044 down_write(&ctl->card->controls_rwsem); 2045 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_WRITE); 2046 up_write(&ctl->card->controls_rwsem); 2047 return err; 2048 case SNDRV_CTL_IOCTL_TLV_COMMAND: 2049 down_write(&ctl->card->controls_rwsem); 2050 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_CMD); 2051 up_write(&ctl->card->controls_rwsem); 2052 return err; 2053 case SNDRV_CTL_IOCTL_POWER: 2054 return -ENOPROTOOPT; 2055 case SNDRV_CTL_IOCTL_POWER_STATE: 2056 return put_user(SNDRV_CTL_POWER_D0, ip) ? -EFAULT : 0; 2057 } 2058 down_read(&snd_ioctl_rwsem); 2059 list_for_each_entry(p, &snd_control_ioctls, list) { 2060 err = p->fioctl(card, ctl, cmd, arg); 2061 if (err != -ENOIOCTLCMD) { 2062 up_read(&snd_ioctl_rwsem); 2063 return err; 2064 } 2065 } 2066 up_read(&snd_ioctl_rwsem); 2067 dev_dbg(card->dev, "unknown ioctl = 0x%x\n", cmd); 2068 return -ENOTTY; 2069} 2070 2071static ssize_t snd_ctl_read(struct file *file, char __user *buffer, 2072 size_t count, loff_t * offset) 2073{ 2074 struct snd_ctl_file *ctl; 2075 int err = 0; 2076 ssize_t result = 0; 2077 2078 ctl = file->private_data; 2079 if (snd_BUG_ON(!ctl || !ctl->card)) 2080 return -ENXIO; 2081 if (!ctl->subscribed) 2082 return -EBADFD; 2083 if (count < sizeof(struct snd_ctl_event)) 2084 return -EINVAL; 2085 spin_lock_irq(&ctl->read_lock); 2086 while (count >= sizeof(struct snd_ctl_event)) { 2087 struct snd_ctl_event ev; 2088 struct snd_kctl_event *kev; 2089 while (list_empty(&ctl->events)) { 2090 wait_queue_entry_t wait; 2091 if ((file->f_flags & O_NONBLOCK) != 0 || result > 0) { 2092 err = -EAGAIN; 2093 goto __end_lock; 2094 } 2095 init_waitqueue_entry(&wait, current); 2096 add_wait_queue(&ctl->change_sleep, &wait); 2097 set_current_state(TASK_INTERRUPTIBLE); 2098 spin_unlock_irq(&ctl->read_lock); 2099 schedule(); 2100 remove_wait_queue(&ctl->change_sleep, &wait); 2101 if (ctl->card->shutdown) 2102 return -ENODEV; 2103 if (signal_pending(current)) 2104 return -ERESTARTSYS; 2105 spin_lock_irq(&ctl->read_lock); 2106 } 2107 kev = snd_kctl_event(ctl->events.next); 2108 ev.type = SNDRV_CTL_EVENT_ELEM; 2109 ev.data.elem.mask = kev->mask; 2110 ev.data.elem.id = kev->id; 2111 list_del(&kev->list); 2112 spin_unlock_irq(&ctl->read_lock); 2113 kfree(kev); 2114 if (copy_to_user(buffer, &ev, sizeof(struct snd_ctl_event))) { 2115 err = -EFAULT; 2116 goto __end; 2117 } 2118 spin_lock_irq(&ctl->read_lock); 2119 buffer += sizeof(struct snd_ctl_event); 2120 count -= sizeof(struct snd_ctl_event); 2121 result += sizeof(struct snd_ctl_event); 2122 } 2123 __end_lock: 2124 spin_unlock_irq(&ctl->read_lock); 2125 __end: 2126 return result > 0 ? result : err; 2127} 2128 2129static __poll_t snd_ctl_poll(struct file *file, poll_table * wait) 2130{ 2131 __poll_t mask; 2132 struct snd_ctl_file *ctl; 2133 2134 ctl = file->private_data; 2135 if (!ctl->subscribed) 2136 return 0; 2137 poll_wait(file, &ctl->change_sleep, wait); 2138 2139 mask = 0; 2140 if (!list_empty(&ctl->events)) 2141 mask |= EPOLLIN | EPOLLRDNORM; 2142 2143 return mask; 2144} 2145 2146/* 2147 * register the device-specific control-ioctls. 2148 * called from each device manager like pcm.c, hwdep.c, etc. 2149 */ 2150static int _snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn, struct list_head *lists) 2151{ 2152 struct snd_kctl_ioctl *pn; 2153 2154 pn = kzalloc(sizeof(struct snd_kctl_ioctl), GFP_KERNEL); 2155 if (pn == NULL) 2156 return -ENOMEM; 2157 pn->fioctl = fcn; 2158 down_write(&snd_ioctl_rwsem); 2159 list_add_tail(&pn->list, lists); 2160 up_write(&snd_ioctl_rwsem); 2161 return 0; 2162} 2163 2164/** 2165 * snd_ctl_register_ioctl - register the device-specific control-ioctls 2166 * @fcn: ioctl callback function 2167 * 2168 * called from each device manager like pcm.c, hwdep.c, etc. 2169 * 2170 * Return: zero if successful, or a negative error code 2171 */ 2172int snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn) 2173{ 2174 return _snd_ctl_register_ioctl(fcn, &snd_control_ioctls); 2175} 2176EXPORT_SYMBOL(snd_ctl_register_ioctl); 2177 2178#ifdef CONFIG_COMPAT 2179/** 2180 * snd_ctl_register_ioctl_compat - register the device-specific 32bit compat 2181 * control-ioctls 2182 * @fcn: ioctl callback function 2183 * 2184 * Return: zero if successful, or a negative error code 2185 */ 2186int snd_ctl_register_ioctl_compat(snd_kctl_ioctl_func_t fcn) 2187{ 2188 return _snd_ctl_register_ioctl(fcn, &snd_control_compat_ioctls); 2189} 2190EXPORT_SYMBOL(snd_ctl_register_ioctl_compat); 2191#endif 2192 2193/* 2194 * de-register the device-specific control-ioctls. 2195 */ 2196static int _snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn, 2197 struct list_head *lists) 2198{ 2199 struct snd_kctl_ioctl *p; 2200 2201 if (snd_BUG_ON(!fcn)) 2202 return -EINVAL; 2203 down_write(&snd_ioctl_rwsem); 2204 list_for_each_entry(p, lists, list) { 2205 if (p->fioctl == fcn) { 2206 list_del(&p->list); 2207 up_write(&snd_ioctl_rwsem); 2208 kfree(p); 2209 return 0; 2210 } 2211 } 2212 up_write(&snd_ioctl_rwsem); 2213 snd_BUG(); 2214 return -EINVAL; 2215} 2216 2217/** 2218 * snd_ctl_unregister_ioctl - de-register the device-specific control-ioctls 2219 * @fcn: ioctl callback function to unregister 2220 * 2221 * Return: zero if successful, or a negative error code 2222 */ 2223int snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn) 2224{ 2225 return _snd_ctl_unregister_ioctl(fcn, &snd_control_ioctls); 2226} 2227EXPORT_SYMBOL(snd_ctl_unregister_ioctl); 2228 2229#ifdef CONFIG_COMPAT 2230/** 2231 * snd_ctl_unregister_ioctl_compat - de-register the device-specific compat 2232 * 32bit control-ioctls 2233 * @fcn: ioctl callback function to unregister 2234 * 2235 * Return: zero if successful, or a negative error code 2236 */ 2237int snd_ctl_unregister_ioctl_compat(snd_kctl_ioctl_func_t fcn) 2238{ 2239 return _snd_ctl_unregister_ioctl(fcn, &snd_control_compat_ioctls); 2240} 2241EXPORT_SYMBOL(snd_ctl_unregister_ioctl_compat); 2242#endif 2243 2244static int snd_ctl_fasync(int fd, struct file * file, int on) 2245{ 2246 struct snd_ctl_file *ctl; 2247 2248 ctl = file->private_data; 2249 return snd_fasync_helper(fd, file, on, &ctl->fasync); 2250} 2251 2252/* return the preferred subdevice number if already assigned; 2253 * otherwise return -1 2254 */ 2255int snd_ctl_get_preferred_subdevice(struct snd_card *card, int type) 2256{ 2257 struct snd_ctl_file *kctl; 2258 int subdevice = -1; 2259 unsigned long flags; 2260 2261 read_lock_irqsave(&card->ctl_files_rwlock, flags); 2262 list_for_each_entry(kctl, &card->ctl_files, list) { 2263 if (kctl->pid == task_pid(current)) { 2264 subdevice = kctl->preferred_subdevice[type]; 2265 if (subdevice != -1) 2266 break; 2267 } 2268 } 2269 read_unlock_irqrestore(&card->ctl_files_rwlock, flags); 2270 return subdevice; 2271} 2272EXPORT_SYMBOL_GPL(snd_ctl_get_preferred_subdevice); 2273 2274/* 2275 * ioctl32 compat 2276 */ 2277#ifdef CONFIG_COMPAT 2278#include "control_compat.c" 2279#else 2280#define snd_ctl_ioctl_compat NULL 2281#endif 2282 2283/* 2284 * control layers (audio LED etc.) 2285 */ 2286 2287/** 2288 * snd_ctl_request_layer - request to use the layer 2289 * @module_name: Name of the kernel module (NULL == build-in) 2290 * 2291 * Return: zero if successful, or an error code when the module cannot be loaded 2292 */ 2293int snd_ctl_request_layer(const char *module_name) 2294{ 2295 struct snd_ctl_layer_ops *lops; 2296 2297 if (module_name == NULL) 2298 return 0; 2299 down_read(&snd_ctl_layer_rwsem); 2300 for (lops = snd_ctl_layer; lops; lops = lops->next) 2301 if (strcmp(lops->module_name, module_name) == 0) 2302 break; 2303 up_read(&snd_ctl_layer_rwsem); 2304 if (lops) 2305 return 0; 2306 return request_module(module_name); 2307} 2308EXPORT_SYMBOL_GPL(snd_ctl_request_layer); 2309 2310/** 2311 * snd_ctl_register_layer - register new control layer 2312 * @lops: operation structure 2313 * 2314 * The new layer can track all control elements and do additional 2315 * operations on top (like audio LED handling). 2316 */ 2317void snd_ctl_register_layer(struct snd_ctl_layer_ops *lops) 2318{ 2319 struct snd_card *card; 2320 int card_number; 2321 2322 down_write(&snd_ctl_layer_rwsem); 2323 lops->next = snd_ctl_layer; 2324 snd_ctl_layer = lops; 2325 up_write(&snd_ctl_layer_rwsem); 2326 for (card_number = 0; card_number < SNDRV_CARDS; card_number++) { 2327 card = snd_card_ref(card_number); 2328 if (card) { 2329 down_read(&card->controls_rwsem); 2330 lops->lregister(card); 2331 up_read(&card->controls_rwsem); 2332 snd_card_unref(card); 2333 } 2334 } 2335} 2336EXPORT_SYMBOL_GPL(snd_ctl_register_layer); 2337 2338/** 2339 * snd_ctl_disconnect_layer - disconnect control layer 2340 * @lops: operation structure 2341 * 2342 * It is expected that the information about tracked cards 2343 * is freed before this call (the disconnect callback is 2344 * not called here). 2345 */ 2346void snd_ctl_disconnect_layer(struct snd_ctl_layer_ops *lops) 2347{ 2348 struct snd_ctl_layer_ops *lops2, *prev_lops2; 2349 2350 down_write(&snd_ctl_layer_rwsem); 2351 for (lops2 = snd_ctl_layer, prev_lops2 = NULL; lops2; lops2 = lops2->next) { 2352 if (lops2 == lops) { 2353 if (!prev_lops2) 2354 snd_ctl_layer = lops->next; 2355 else 2356 prev_lops2->next = lops->next; 2357 break; 2358 } 2359 prev_lops2 = lops2; 2360 } 2361 up_write(&snd_ctl_layer_rwsem); 2362} 2363EXPORT_SYMBOL_GPL(snd_ctl_disconnect_layer); 2364 2365/* 2366 * INIT PART 2367 */ 2368 2369static const struct file_operations snd_ctl_f_ops = 2370{ 2371 .owner = THIS_MODULE, 2372 .read = snd_ctl_read, 2373 .open = snd_ctl_open, 2374 .release = snd_ctl_release, 2375 .llseek = no_llseek, 2376 .poll = snd_ctl_poll, 2377 .unlocked_ioctl = snd_ctl_ioctl, 2378 .compat_ioctl = snd_ctl_ioctl_compat, 2379 .fasync = snd_ctl_fasync, 2380}; 2381 2382/* 2383 * registration of the control device 2384 */ 2385static int snd_ctl_dev_register(struct snd_device *device) 2386{ 2387 struct snd_card *card = device->device_data; 2388 struct snd_ctl_layer_ops *lops; 2389 int err; 2390 2391 err = snd_register_device(SNDRV_DEVICE_TYPE_CONTROL, card, -1, 2392 &snd_ctl_f_ops, card, card->ctl_dev); 2393 if (err < 0) 2394 return err; 2395 down_read(&card->controls_rwsem); 2396 down_read(&snd_ctl_layer_rwsem); 2397 for (lops = snd_ctl_layer; lops; lops = lops->next) 2398 lops->lregister(card); 2399 up_read(&snd_ctl_layer_rwsem); 2400 up_read(&card->controls_rwsem); 2401 return 0; 2402} 2403 2404/* 2405 * disconnection of the control device 2406 */ 2407static int snd_ctl_dev_disconnect(struct snd_device *device) 2408{ 2409 struct snd_card *card = device->device_data; 2410 struct snd_ctl_file *ctl; 2411 struct snd_ctl_layer_ops *lops; 2412 unsigned long flags; 2413 2414 read_lock_irqsave(&card->ctl_files_rwlock, flags); 2415 list_for_each_entry(ctl, &card->ctl_files, list) { 2416 wake_up(&ctl->change_sleep); 2417 snd_kill_fasync(ctl->fasync, SIGIO, POLL_ERR); 2418 } 2419 read_unlock_irqrestore(&card->ctl_files_rwlock, flags); 2420 2421 down_read(&card->controls_rwsem); 2422 down_read(&snd_ctl_layer_rwsem); 2423 for (lops = snd_ctl_layer; lops; lops = lops->next) 2424 lops->ldisconnect(card); 2425 up_read(&snd_ctl_layer_rwsem); 2426 up_read(&card->controls_rwsem); 2427 2428 return snd_unregister_device(card->ctl_dev); 2429} 2430 2431/* 2432 * free all controls 2433 */ 2434static int snd_ctl_dev_free(struct snd_device *device) 2435{ 2436 struct snd_card *card = device->device_data; 2437 struct snd_kcontrol *control; 2438 2439 down_write(&card->controls_rwsem); 2440 while (!list_empty(&card->controls)) { 2441 control = snd_kcontrol(card->controls.next); 2442 __snd_ctl_remove(card, control, false); 2443 } 2444 2445#ifdef CONFIG_SND_CTL_FAST_LOOKUP 2446 xa_destroy(&card->ctl_numids); 2447 xa_destroy(&card->ctl_hash); 2448#endif 2449 up_write(&card->controls_rwsem); 2450 put_device(card->ctl_dev); 2451 return 0; 2452} 2453 2454/* 2455 * create control core: 2456 * called from init.c 2457 */ 2458int snd_ctl_create(struct snd_card *card) 2459{ 2460 static const struct snd_device_ops ops = { 2461 .dev_free = snd_ctl_dev_free, 2462 .dev_register = snd_ctl_dev_register, 2463 .dev_disconnect = snd_ctl_dev_disconnect, 2464 }; 2465 int err; 2466 2467 if (snd_BUG_ON(!card)) 2468 return -ENXIO; 2469 if (snd_BUG_ON(card->number < 0 || card->number >= SNDRV_CARDS)) 2470 return -ENXIO; 2471 2472 err = snd_device_alloc(&card->ctl_dev, card); 2473 if (err < 0) 2474 return err; 2475 dev_set_name(card->ctl_dev, "controlC%d", card->number); 2476 2477 err = snd_device_new(card, SNDRV_DEV_CONTROL, card, &ops); 2478 if (err < 0) 2479 put_device(card->ctl_dev); 2480 return err; 2481} 2482 2483/* 2484 * Frequently used control callbacks/helpers 2485 */ 2486 2487/** 2488 * snd_ctl_boolean_mono_info - Helper function for a standard boolean info 2489 * callback with a mono channel 2490 * @kcontrol: the kcontrol instance 2491 * @uinfo: info to store 2492 * 2493 * This is a function that can be used as info callback for a standard 2494 * boolean control with a single mono channel. 2495 * 2496 * Return: Zero (always successful) 2497 */ 2498int snd_ctl_boolean_mono_info(struct snd_kcontrol *kcontrol, 2499 struct snd_ctl_elem_info *uinfo) 2500{ 2501 uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN; 2502 uinfo->count = 1; 2503 uinfo->value.integer.min = 0; 2504 uinfo->value.integer.max = 1; 2505 return 0; 2506} 2507EXPORT_SYMBOL(snd_ctl_boolean_mono_info); 2508 2509/** 2510 * snd_ctl_boolean_stereo_info - Helper function for a standard boolean info 2511 * callback with stereo two channels 2512 * @kcontrol: the kcontrol instance 2513 * @uinfo: info to store 2514 * 2515 * This is a function that can be used as info callback for a standard 2516 * boolean control with stereo two channels. 2517 * 2518 * Return: Zero (always successful) 2519 */ 2520int snd_ctl_boolean_stereo_info(struct snd_kcontrol *kcontrol, 2521 struct snd_ctl_elem_info *uinfo) 2522{ 2523 uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN; 2524 uinfo->count = 2; 2525 uinfo->value.integer.min = 0; 2526 uinfo->value.integer.max = 1; 2527 return 0; 2528} 2529EXPORT_SYMBOL(snd_ctl_boolean_stereo_info); 2530 2531/** 2532 * snd_ctl_enum_info - fills the info structure for an enumerated control 2533 * @info: the structure to be filled 2534 * @channels: the number of the control's channels; often one 2535 * @items: the number of control values; also the size of @names 2536 * @names: an array containing the names of all control values 2537 * 2538 * Sets all required fields in @info to their appropriate values. 2539 * If the control's accessibility is not the default (readable and writable), 2540 * the caller has to fill @info->access. 2541 * 2542 * Return: Zero (always successful) 2543 */ 2544int snd_ctl_enum_info(struct snd_ctl_elem_info *info, unsigned int channels, 2545 unsigned int items, const char *const names[]) 2546{ 2547 info->type = SNDRV_CTL_ELEM_TYPE_ENUMERATED; 2548 info->count = channels; 2549 info->value.enumerated.items = items; 2550 if (!items) 2551 return 0; 2552 if (info->value.enumerated.item >= items) 2553 info->value.enumerated.item = items - 1; 2554 WARN(strlen(names[info->value.enumerated.item]) >= sizeof(info->value.enumerated.name), 2555 "ALSA: too long item name '%s'\n", 2556 names[info->value.enumerated.item]); 2557 strscpy(info->value.enumerated.name, 2558 names[info->value.enumerated.item], 2559 sizeof(info->value.enumerated.name)); 2560 return 0; 2561} 2562EXPORT_SYMBOL(snd_ctl_enum_info); 2563