1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * comedi/comedi_fops.c
4 * comedi kernel module
5 *
6 * COMEDI - Linux Control and Measurement Device Interface
7 * Copyright (C) 1997-2007 David A. Schleef <ds@schleef.org>
8 * compat ioctls:
9 * Author: Ian Abbott, MEV Ltd. <abbotti@mev.co.uk>
10 * Copyright (C) 2007 MEV Ltd. <http://www.mev.co.uk/>
11 */
12
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
15 #include <linux/module.h>
16 #include <linux/errno.h>
17 #include <linux/kernel.h>
18 #include <linux/sched/signal.h>
19 #include <linux/fcntl.h>
20 #include <linux/delay.h>
21 #include <linux/mm.h>
22 #include <linux/slab.h>
23 #include <linux/poll.h>
24 #include <linux/device.h>
25 #include <linux/fs.h>
26 #include <linux/comedi/comedidev.h>
27 #include <linux/cdev.h>
28
29 #include <linux/io.h>
30 #include <linux/uaccess.h>
31 #include <linux/compat.h>
32
33 #include "comedi_internal.h"
34
35 /*
36 * comedi_subdevice "runflags"
37 * COMEDI_SRF_RT: DEPRECATED: command is running real-time
38 * COMEDI_SRF_ERROR: indicates an COMEDI_CB_ERROR event has occurred
39 * since the last command was started
40 * COMEDI_SRF_RUNNING: command is running
41 * COMEDI_SRF_BUSY: command was started and subdevice still busy
42 * COMEDI_SRF_FREE_SPRIV: free s->private on detach
43 *
44 * COMEDI_SRF_BUSY_MASK: runflags that indicate the subdevice is "busy"
45 */
46 #define COMEDI_SRF_RT BIT(1)
47 #define COMEDI_SRF_ERROR BIT(2)
48 #define COMEDI_SRF_RUNNING BIT(27)
49 #define COMEDI_SRF_BUSY BIT(28)
50 #define COMEDI_SRF_FREE_SPRIV BIT(31)
51
52 #define COMEDI_SRF_BUSY_MASK \
53 (COMEDI_SRF_ERROR | COMEDI_SRF_RUNNING | COMEDI_SRF_BUSY)
54
55 /**
56 * struct comedi_file - Per-file private data for COMEDI device
57 * @dev: COMEDI device.
58 * @read_subdev: Current "read" subdevice.
59 * @write_subdev: Current "write" subdevice.
60 * @last_detach_count: Last known detach count.
61 * @last_attached: Last known attached/detached state.
62 */
63 struct comedi_file {
64 struct comedi_device *dev;
65 struct comedi_subdevice *read_subdev;
66 struct comedi_subdevice *write_subdev;
67 unsigned int last_detach_count;
68 unsigned int last_attached:1;
69 };
70
71 #define COMEDI_NUM_MINORS 0x100
72 #define COMEDI_NUM_SUBDEVICE_MINORS \
73 (COMEDI_NUM_MINORS - COMEDI_NUM_BOARD_MINORS)
74
75 static unsigned short comedi_num_legacy_minors;
76 module_param(comedi_num_legacy_minors, ushort, 0444);
77 MODULE_PARM_DESC(comedi_num_legacy_minors,
78 "number of comedi minor devices to reserve for non-auto-configured devices (default 0)"
79 );
80
81 unsigned int comedi_default_buf_size_kb = CONFIG_COMEDI_DEFAULT_BUF_SIZE_KB;
82 module_param(comedi_default_buf_size_kb, uint, 0644);
83 MODULE_PARM_DESC(comedi_default_buf_size_kb,
84 "default asynchronous buffer size in KiB (default "
85 __MODULE_STRING(CONFIG_COMEDI_DEFAULT_BUF_SIZE_KB) ")");
86
87 unsigned int comedi_default_buf_maxsize_kb =
88 CONFIG_COMEDI_DEFAULT_BUF_MAXSIZE_KB;
89 module_param(comedi_default_buf_maxsize_kb, uint, 0644);
90 MODULE_PARM_DESC(comedi_default_buf_maxsize_kb,
91 "default maximum size of asynchronous buffer in KiB (default "
92 __MODULE_STRING(CONFIG_COMEDI_DEFAULT_BUF_MAXSIZE_KB) ")");
93
94 static DEFINE_MUTEX(comedi_board_minor_table_lock);
95 static struct comedi_device
96 *comedi_board_minor_table[COMEDI_NUM_BOARD_MINORS];
97
98 static DEFINE_MUTEX(comedi_subdevice_minor_table_lock);
99 /* Note: indexed by minor - COMEDI_NUM_BOARD_MINORS. */
100 static struct comedi_subdevice
101 *comedi_subdevice_minor_table[COMEDI_NUM_SUBDEVICE_MINORS];
102
103 static struct cdev comedi_cdev;
104
comedi_device_init(struct comedi_device * dev)105 static void comedi_device_init(struct comedi_device *dev)
106 {
107 kref_init(&dev->refcount);
108 spin_lock_init(&dev->spinlock);
109 mutex_init(&dev->mutex);
110 init_rwsem(&dev->attach_lock);
111 dev->minor = -1;
112 }
113
comedi_dev_kref_release(struct kref * kref)114 static void comedi_dev_kref_release(struct kref *kref)
115 {
116 struct comedi_device *dev =
117 container_of(kref, struct comedi_device, refcount);
118
119 mutex_destroy(&dev->mutex);
120 put_device(dev->class_dev);
121 kfree(dev);
122 }
123
124 /**
125 * comedi_dev_put() - Release a use of a COMEDI device
126 * @dev: COMEDI device.
127 *
128 * Must be called when a user of a COMEDI device is finished with it.
129 * When the last user of the COMEDI device calls this function, the
130 * COMEDI device is destroyed.
131 *
132 * Return: 1 if the COMEDI device is destroyed by this call or @dev is
133 * NULL, otherwise return 0. Callers must not assume the COMEDI
134 * device is still valid if this function returns 0.
135 */
comedi_dev_put(struct comedi_device * dev)136 int comedi_dev_put(struct comedi_device *dev)
137 {
138 if (dev)
139 return kref_put(&dev->refcount, comedi_dev_kref_release);
140 return 1;
141 }
142 EXPORT_SYMBOL_GPL(comedi_dev_put);
143
comedi_dev_get(struct comedi_device * dev)144 static struct comedi_device *comedi_dev_get(struct comedi_device *dev)
145 {
146 if (dev)
147 kref_get(&dev->refcount);
148 return dev;
149 }
150
comedi_device_cleanup(struct comedi_device * dev)151 static void comedi_device_cleanup(struct comedi_device *dev)
152 {
153 struct module *driver_module = NULL;
154
155 if (!dev)
156 return;
157 mutex_lock(&dev->mutex);
158 if (dev->attached)
159 driver_module = dev->driver->module;
160 comedi_device_detach(dev);
161 if (driver_module && dev->use_count)
162 module_put(driver_module);
163 mutex_unlock(&dev->mutex);
164 }
165
comedi_clear_board_dev(struct comedi_device * dev)166 static bool comedi_clear_board_dev(struct comedi_device *dev)
167 {
168 unsigned int i = dev->minor;
169 bool cleared = false;
170
171 lockdep_assert_held(&dev->mutex);
172 mutex_lock(&comedi_board_minor_table_lock);
173 if (dev == comedi_board_minor_table[i]) {
174 comedi_board_minor_table[i] = NULL;
175 cleared = true;
176 }
177 mutex_unlock(&comedi_board_minor_table_lock);
178 return cleared;
179 }
180
comedi_clear_board_minor(unsigned int minor)181 static struct comedi_device *comedi_clear_board_minor(unsigned int minor)
182 {
183 struct comedi_device *dev;
184
185 mutex_lock(&comedi_board_minor_table_lock);
186 dev = comedi_board_minor_table[minor];
187 comedi_board_minor_table[minor] = NULL;
188 mutex_unlock(&comedi_board_minor_table_lock);
189 return dev;
190 }
191
192 static struct comedi_subdevice *
comedi_subdevice_from_minor(const struct comedi_device * dev,unsigned int minor)193 comedi_subdevice_from_minor(const struct comedi_device *dev, unsigned int minor)
194 {
195 struct comedi_subdevice *s;
196 unsigned int i = minor - COMEDI_NUM_BOARD_MINORS;
197
198 mutex_lock(&comedi_subdevice_minor_table_lock);
199 s = comedi_subdevice_minor_table[i];
200 if (s && s->device != dev)
201 s = NULL;
202 mutex_unlock(&comedi_subdevice_minor_table_lock);
203 return s;
204 }
205
comedi_dev_get_from_board_minor(unsigned int minor)206 static struct comedi_device *comedi_dev_get_from_board_minor(unsigned int minor)
207 {
208 struct comedi_device *dev;
209
210 mutex_lock(&comedi_board_minor_table_lock);
211 dev = comedi_dev_get(comedi_board_minor_table[minor]);
212 mutex_unlock(&comedi_board_minor_table_lock);
213 return dev;
214 }
215
216 static struct comedi_device *
comedi_dev_get_from_subdevice_minor(unsigned int minor)217 comedi_dev_get_from_subdevice_minor(unsigned int minor)
218 {
219 struct comedi_device *dev;
220 struct comedi_subdevice *s;
221 unsigned int i = minor - COMEDI_NUM_BOARD_MINORS;
222
223 mutex_lock(&comedi_subdevice_minor_table_lock);
224 s = comedi_subdevice_minor_table[i];
225 dev = comedi_dev_get(s ? s->device : NULL);
226 mutex_unlock(&comedi_subdevice_minor_table_lock);
227 return dev;
228 }
229
230 /**
231 * comedi_dev_get_from_minor() - Get COMEDI device by minor device number
232 * @minor: Minor device number.
233 *
234 * Finds the COMEDI device associated with the minor device number, if any,
235 * and increments its reference count. The COMEDI device is prevented from
236 * being freed until a matching call is made to comedi_dev_put().
237 *
238 * Return: A pointer to the COMEDI device if it exists, with its usage
239 * reference incremented. Return NULL if no COMEDI device exists with the
240 * specified minor device number.
241 */
comedi_dev_get_from_minor(unsigned int minor)242 struct comedi_device *comedi_dev_get_from_minor(unsigned int minor)
243 {
244 if (minor < COMEDI_NUM_BOARD_MINORS)
245 return comedi_dev_get_from_board_minor(minor);
246
247 return comedi_dev_get_from_subdevice_minor(minor);
248 }
249 EXPORT_SYMBOL_GPL(comedi_dev_get_from_minor);
250
251 static struct comedi_subdevice *
comedi_read_subdevice(const struct comedi_device * dev,unsigned int minor)252 comedi_read_subdevice(const struct comedi_device *dev, unsigned int minor)
253 {
254 struct comedi_subdevice *s;
255
256 lockdep_assert_held(&dev->mutex);
257 if (minor >= COMEDI_NUM_BOARD_MINORS) {
258 s = comedi_subdevice_from_minor(dev, minor);
259 if (!s || (s->subdev_flags & SDF_CMD_READ))
260 return s;
261 }
262 return dev->read_subdev;
263 }
264
265 static struct comedi_subdevice *
comedi_write_subdevice(const struct comedi_device * dev,unsigned int minor)266 comedi_write_subdevice(const struct comedi_device *dev, unsigned int minor)
267 {
268 struct comedi_subdevice *s;
269
270 lockdep_assert_held(&dev->mutex);
271 if (minor >= COMEDI_NUM_BOARD_MINORS) {
272 s = comedi_subdevice_from_minor(dev, minor);
273 if (!s || (s->subdev_flags & SDF_CMD_WRITE))
274 return s;
275 }
276 return dev->write_subdev;
277 }
278
comedi_file_reset(struct file * file)279 static void comedi_file_reset(struct file *file)
280 {
281 struct comedi_file *cfp = file->private_data;
282 struct comedi_device *dev = cfp->dev;
283 struct comedi_subdevice *s, *read_s, *write_s;
284 unsigned int minor = iminor(file_inode(file));
285
286 read_s = dev->read_subdev;
287 write_s = dev->write_subdev;
288 if (minor >= COMEDI_NUM_BOARD_MINORS) {
289 s = comedi_subdevice_from_minor(dev, minor);
290 if (!s || s->subdev_flags & SDF_CMD_READ)
291 read_s = s;
292 if (!s || s->subdev_flags & SDF_CMD_WRITE)
293 write_s = s;
294 }
295 cfp->last_attached = dev->attached;
296 cfp->last_detach_count = dev->detach_count;
297 WRITE_ONCE(cfp->read_subdev, read_s);
298 WRITE_ONCE(cfp->write_subdev, write_s);
299 }
300
comedi_file_check(struct file * file)301 static void comedi_file_check(struct file *file)
302 {
303 struct comedi_file *cfp = file->private_data;
304 struct comedi_device *dev = cfp->dev;
305
306 if (cfp->last_attached != dev->attached ||
307 cfp->last_detach_count != dev->detach_count)
308 comedi_file_reset(file);
309 }
310
comedi_file_read_subdevice(struct file * file)311 static struct comedi_subdevice *comedi_file_read_subdevice(struct file *file)
312 {
313 struct comedi_file *cfp = file->private_data;
314
315 comedi_file_check(file);
316 return READ_ONCE(cfp->read_subdev);
317 }
318
comedi_file_write_subdevice(struct file * file)319 static struct comedi_subdevice *comedi_file_write_subdevice(struct file *file)
320 {
321 struct comedi_file *cfp = file->private_data;
322
323 comedi_file_check(file);
324 return READ_ONCE(cfp->write_subdev);
325 }
326
resize_async_buffer(struct comedi_device * dev,struct comedi_subdevice * s,unsigned int new_size)327 static int resize_async_buffer(struct comedi_device *dev,
328 struct comedi_subdevice *s,
329 unsigned int new_size)
330 {
331 struct comedi_async *async = s->async;
332 int retval;
333
334 lockdep_assert_held(&dev->mutex);
335
336 if (new_size > async->max_bufsize)
337 return -EPERM;
338
339 if (s->busy) {
340 dev_dbg(dev->class_dev,
341 "subdevice is busy, cannot resize buffer\n");
342 return -EBUSY;
343 }
344 if (comedi_buf_is_mmapped(s)) {
345 dev_dbg(dev->class_dev,
346 "subdevice is mmapped, cannot resize buffer\n");
347 return -EBUSY;
348 }
349
350 /* make sure buffer is an integral number of pages (we round up) */
351 new_size = (new_size + PAGE_SIZE - 1) & PAGE_MASK;
352
353 retval = comedi_buf_alloc(dev, s, new_size);
354 if (retval < 0)
355 return retval;
356
357 if (s->buf_change) {
358 retval = s->buf_change(dev, s);
359 if (retval < 0)
360 return retval;
361 }
362
363 dev_dbg(dev->class_dev, "subd %d buffer resized to %i bytes\n",
364 s->index, async->prealloc_bufsz);
365 return 0;
366 }
367
368 /* sysfs attribute files */
369
max_read_buffer_kb_show(struct device * csdev,struct device_attribute * attr,char * buf)370 static ssize_t max_read_buffer_kb_show(struct device *csdev,
371 struct device_attribute *attr, char *buf)
372 {
373 unsigned int minor = MINOR(csdev->devt);
374 struct comedi_device *dev;
375 struct comedi_subdevice *s;
376 unsigned int size = 0;
377
378 dev = comedi_dev_get_from_minor(minor);
379 if (!dev)
380 return -ENODEV;
381
382 mutex_lock(&dev->mutex);
383 s = comedi_read_subdevice(dev, minor);
384 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async)
385 size = s->async->max_bufsize / 1024;
386 mutex_unlock(&dev->mutex);
387
388 comedi_dev_put(dev);
389 return sysfs_emit(buf, "%u\n", size);
390 }
391
max_read_buffer_kb_store(struct device * csdev,struct device_attribute * attr,const char * buf,size_t count)392 static ssize_t max_read_buffer_kb_store(struct device *csdev,
393 struct device_attribute *attr,
394 const char *buf, size_t count)
395 {
396 unsigned int minor = MINOR(csdev->devt);
397 struct comedi_device *dev;
398 struct comedi_subdevice *s;
399 unsigned int size;
400 int err;
401
402 err = kstrtouint(buf, 10, &size);
403 if (err)
404 return err;
405 if (size > (UINT_MAX / 1024))
406 return -EINVAL;
407 size *= 1024;
408
409 dev = comedi_dev_get_from_minor(minor);
410 if (!dev)
411 return -ENODEV;
412
413 mutex_lock(&dev->mutex);
414 s = comedi_read_subdevice(dev, minor);
415 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async)
416 s->async->max_bufsize = size;
417 else
418 err = -EINVAL;
419 mutex_unlock(&dev->mutex);
420
421 comedi_dev_put(dev);
422 return err ? err : count;
423 }
424 static DEVICE_ATTR_RW(max_read_buffer_kb);
425
read_buffer_kb_show(struct device * csdev,struct device_attribute * attr,char * buf)426 static ssize_t read_buffer_kb_show(struct device *csdev,
427 struct device_attribute *attr, char *buf)
428 {
429 unsigned int minor = MINOR(csdev->devt);
430 struct comedi_device *dev;
431 struct comedi_subdevice *s;
432 unsigned int size = 0;
433
434 dev = comedi_dev_get_from_minor(minor);
435 if (!dev)
436 return -ENODEV;
437
438 mutex_lock(&dev->mutex);
439 s = comedi_read_subdevice(dev, minor);
440 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async)
441 size = s->async->prealloc_bufsz / 1024;
442 mutex_unlock(&dev->mutex);
443
444 comedi_dev_put(dev);
445 return sysfs_emit(buf, "%u\n", size);
446 }
447
read_buffer_kb_store(struct device * csdev,struct device_attribute * attr,const char * buf,size_t count)448 static ssize_t read_buffer_kb_store(struct device *csdev,
449 struct device_attribute *attr,
450 const char *buf, size_t count)
451 {
452 unsigned int minor = MINOR(csdev->devt);
453 struct comedi_device *dev;
454 struct comedi_subdevice *s;
455 unsigned int size;
456 int err;
457
458 err = kstrtouint(buf, 10, &size);
459 if (err)
460 return err;
461 if (size > (UINT_MAX / 1024))
462 return -EINVAL;
463 size *= 1024;
464
465 dev = comedi_dev_get_from_minor(minor);
466 if (!dev)
467 return -ENODEV;
468
469 mutex_lock(&dev->mutex);
470 s = comedi_read_subdevice(dev, minor);
471 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async)
472 err = resize_async_buffer(dev, s, size);
473 else
474 err = -EINVAL;
475 mutex_unlock(&dev->mutex);
476
477 comedi_dev_put(dev);
478 return err ? err : count;
479 }
480 static DEVICE_ATTR_RW(read_buffer_kb);
481
max_write_buffer_kb_show(struct device * csdev,struct device_attribute * attr,char * buf)482 static ssize_t max_write_buffer_kb_show(struct device *csdev,
483 struct device_attribute *attr,
484 char *buf)
485 {
486 unsigned int minor = MINOR(csdev->devt);
487 struct comedi_device *dev;
488 struct comedi_subdevice *s;
489 unsigned int size = 0;
490
491 dev = comedi_dev_get_from_minor(minor);
492 if (!dev)
493 return -ENODEV;
494
495 mutex_lock(&dev->mutex);
496 s = comedi_write_subdevice(dev, minor);
497 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async)
498 size = s->async->max_bufsize / 1024;
499 mutex_unlock(&dev->mutex);
500
501 comedi_dev_put(dev);
502 return sysfs_emit(buf, "%u\n", size);
503 }
504
max_write_buffer_kb_store(struct device * csdev,struct device_attribute * attr,const char * buf,size_t count)505 static ssize_t max_write_buffer_kb_store(struct device *csdev,
506 struct device_attribute *attr,
507 const char *buf, size_t count)
508 {
509 unsigned int minor = MINOR(csdev->devt);
510 struct comedi_device *dev;
511 struct comedi_subdevice *s;
512 unsigned int size;
513 int err;
514
515 err = kstrtouint(buf, 10, &size);
516 if (err)
517 return err;
518 if (size > (UINT_MAX / 1024))
519 return -EINVAL;
520 size *= 1024;
521
522 dev = comedi_dev_get_from_minor(minor);
523 if (!dev)
524 return -ENODEV;
525
526 mutex_lock(&dev->mutex);
527 s = comedi_write_subdevice(dev, minor);
528 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async)
529 s->async->max_bufsize = size;
530 else
531 err = -EINVAL;
532 mutex_unlock(&dev->mutex);
533
534 comedi_dev_put(dev);
535 return err ? err : count;
536 }
537 static DEVICE_ATTR_RW(max_write_buffer_kb);
538
write_buffer_kb_show(struct device * csdev,struct device_attribute * attr,char * buf)539 static ssize_t write_buffer_kb_show(struct device *csdev,
540 struct device_attribute *attr, char *buf)
541 {
542 unsigned int minor = MINOR(csdev->devt);
543 struct comedi_device *dev;
544 struct comedi_subdevice *s;
545 unsigned int size = 0;
546
547 dev = comedi_dev_get_from_minor(minor);
548 if (!dev)
549 return -ENODEV;
550
551 mutex_lock(&dev->mutex);
552 s = comedi_write_subdevice(dev, minor);
553 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async)
554 size = s->async->prealloc_bufsz / 1024;
555 mutex_unlock(&dev->mutex);
556
557 comedi_dev_put(dev);
558 return sysfs_emit(buf, "%u\n", size);
559 }
560
write_buffer_kb_store(struct device * csdev,struct device_attribute * attr,const char * buf,size_t count)561 static ssize_t write_buffer_kb_store(struct device *csdev,
562 struct device_attribute *attr,
563 const char *buf, size_t count)
564 {
565 unsigned int minor = MINOR(csdev->devt);
566 struct comedi_device *dev;
567 struct comedi_subdevice *s;
568 unsigned int size;
569 int err;
570
571 err = kstrtouint(buf, 10, &size);
572 if (err)
573 return err;
574 if (size > (UINT_MAX / 1024))
575 return -EINVAL;
576 size *= 1024;
577
578 dev = comedi_dev_get_from_minor(minor);
579 if (!dev)
580 return -ENODEV;
581
582 mutex_lock(&dev->mutex);
583 s = comedi_write_subdevice(dev, minor);
584 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async)
585 err = resize_async_buffer(dev, s, size);
586 else
587 err = -EINVAL;
588 mutex_unlock(&dev->mutex);
589
590 comedi_dev_put(dev);
591 return err ? err : count;
592 }
593 static DEVICE_ATTR_RW(write_buffer_kb);
594
595 static struct attribute *comedi_dev_attrs[] = {
596 &dev_attr_max_read_buffer_kb.attr,
597 &dev_attr_read_buffer_kb.attr,
598 &dev_attr_max_write_buffer_kb.attr,
599 &dev_attr_write_buffer_kb.attr,
600 NULL,
601 };
602 ATTRIBUTE_GROUPS(comedi_dev);
603
604 static const struct class comedi_class = {
605 .name = "comedi",
606 .dev_groups = comedi_dev_groups,
607 };
608
comedi_free_board_dev(struct comedi_device * dev)609 static void comedi_free_board_dev(struct comedi_device *dev)
610 {
611 if (dev) {
612 comedi_device_cleanup(dev);
613 if (dev->class_dev) {
614 device_destroy(&comedi_class,
615 MKDEV(COMEDI_MAJOR, dev->minor));
616 }
617 comedi_dev_put(dev);
618 }
619 }
620
__comedi_clear_subdevice_runflags(struct comedi_subdevice * s,unsigned int bits)621 static void __comedi_clear_subdevice_runflags(struct comedi_subdevice *s,
622 unsigned int bits)
623 {
624 s->runflags &= ~bits;
625 }
626
__comedi_set_subdevice_runflags(struct comedi_subdevice * s,unsigned int bits)627 static void __comedi_set_subdevice_runflags(struct comedi_subdevice *s,
628 unsigned int bits)
629 {
630 s->runflags |= bits;
631 }
632
comedi_update_subdevice_runflags(struct comedi_subdevice * s,unsigned int mask,unsigned int bits)633 static void comedi_update_subdevice_runflags(struct comedi_subdevice *s,
634 unsigned int mask,
635 unsigned int bits)
636 {
637 unsigned long flags;
638
639 spin_lock_irqsave(&s->spin_lock, flags);
640 __comedi_clear_subdevice_runflags(s, mask);
641 __comedi_set_subdevice_runflags(s, bits & mask);
642 spin_unlock_irqrestore(&s->spin_lock, flags);
643 }
644
__comedi_get_subdevice_runflags(struct comedi_subdevice * s)645 static unsigned int __comedi_get_subdevice_runflags(struct comedi_subdevice *s)
646 {
647 return s->runflags;
648 }
649
comedi_get_subdevice_runflags(struct comedi_subdevice * s)650 static unsigned int comedi_get_subdevice_runflags(struct comedi_subdevice *s)
651 {
652 unsigned long flags;
653 unsigned int runflags;
654
655 spin_lock_irqsave(&s->spin_lock, flags);
656 runflags = __comedi_get_subdevice_runflags(s);
657 spin_unlock_irqrestore(&s->spin_lock, flags);
658 return runflags;
659 }
660
comedi_is_runflags_running(unsigned int runflags)661 static bool comedi_is_runflags_running(unsigned int runflags)
662 {
663 return runflags & COMEDI_SRF_RUNNING;
664 }
665
comedi_is_runflags_in_error(unsigned int runflags)666 static bool comedi_is_runflags_in_error(unsigned int runflags)
667 {
668 return runflags & COMEDI_SRF_ERROR;
669 }
670
comedi_is_runflags_busy(unsigned int runflags)671 static bool comedi_is_runflags_busy(unsigned int runflags)
672 {
673 return runflags & COMEDI_SRF_BUSY;
674 }
675
676 /**
677 * comedi_is_subdevice_running() - Check if async command running on subdevice
678 * @s: COMEDI subdevice.
679 *
680 * Return: %true if an asynchronous COMEDI command is active on the
681 * subdevice, else %false.
682 */
comedi_is_subdevice_running(struct comedi_subdevice * s)683 bool comedi_is_subdevice_running(struct comedi_subdevice *s)
684 {
685 unsigned int runflags = comedi_get_subdevice_runflags(s);
686
687 return comedi_is_runflags_running(runflags);
688 }
689 EXPORT_SYMBOL_GPL(comedi_is_subdevice_running);
690
__comedi_is_subdevice_running(struct comedi_subdevice * s)691 static bool __comedi_is_subdevice_running(struct comedi_subdevice *s)
692 {
693 unsigned int runflags = __comedi_get_subdevice_runflags(s);
694
695 return comedi_is_runflags_running(runflags);
696 }
697
698 /**
699 * comedi_get_is_subdevice_running() - Get if async command running on subdevice
700 * @s: COMEDI subdevice.
701 *
702 * If an asynchronous COMEDI command is running on the subdevice, increment
703 * a reference counter. If the function return value indicates that a
704 * command is running, then the details of the command will not be destroyed
705 * before a matching call to comedi_put_is_subdevice_running().
706 *
707 * Return: %true if an asynchronous COMEDI command is active on the
708 * subdevice, else %false.
709 */
comedi_get_is_subdevice_running(struct comedi_subdevice * s)710 bool comedi_get_is_subdevice_running(struct comedi_subdevice *s)
711 {
712 unsigned long flags;
713 bool running;
714
715 spin_lock_irqsave(&s->spin_lock, flags);
716 running = __comedi_is_subdevice_running(s);
717 if (running)
718 refcount_inc(&s->async->run_active);
719 spin_unlock_irqrestore(&s->spin_lock, flags);
720 return running;
721 }
722 EXPORT_SYMBOL_GPL(comedi_get_is_subdevice_running);
723
724 /**
725 * comedi_put_is_subdevice_running() - Put if async command running on subdevice
726 * @s: COMEDI subdevice.
727 *
728 * Decrements the reference counter that was incremented when
729 * comedi_get_is_subdevice_running() returned %true.
730 */
comedi_put_is_subdevice_running(struct comedi_subdevice * s)731 void comedi_put_is_subdevice_running(struct comedi_subdevice *s)
732 {
733 if (refcount_dec_and_test(&s->async->run_active))
734 complete_all(&s->async->run_complete);
735 }
736 EXPORT_SYMBOL_GPL(comedi_put_is_subdevice_running);
737
comedi_can_auto_free_spriv(struct comedi_subdevice * s)738 bool comedi_can_auto_free_spriv(struct comedi_subdevice *s)
739 {
740 unsigned int runflags = __comedi_get_subdevice_runflags(s);
741
742 return runflags & COMEDI_SRF_FREE_SPRIV;
743 }
744
745 /**
746 * comedi_set_spriv_auto_free() - Mark subdevice private data as freeable
747 * @s: COMEDI subdevice.
748 *
749 * Mark the subdevice as having a pointer to private data that can be
750 * automatically freed when the COMEDI device is detached from the low-level
751 * driver.
752 */
comedi_set_spriv_auto_free(struct comedi_subdevice * s)753 void comedi_set_spriv_auto_free(struct comedi_subdevice *s)
754 {
755 __comedi_set_subdevice_runflags(s, COMEDI_SRF_FREE_SPRIV);
756 }
757 EXPORT_SYMBOL_GPL(comedi_set_spriv_auto_free);
758
759 /**
760 * comedi_alloc_spriv - Allocate memory for the subdevice private data
761 * @s: COMEDI subdevice.
762 * @size: Size of the memory to allocate.
763 *
764 * Allocate memory for the subdevice private data and point @s->private
765 * to it. The memory will be freed automatically when the COMEDI device
766 * is detached from the low-level driver.
767 *
768 * Return: A pointer to the allocated memory @s->private on success.
769 * Return NULL on failure.
770 */
comedi_alloc_spriv(struct comedi_subdevice * s,size_t size)771 void *comedi_alloc_spriv(struct comedi_subdevice *s, size_t size)
772 {
773 s->private = kzalloc(size, GFP_KERNEL);
774 if (s->private)
775 comedi_set_spriv_auto_free(s);
776 return s->private;
777 }
778 EXPORT_SYMBOL_GPL(comedi_alloc_spriv);
779
780 /*
781 * This function restores a subdevice to an idle state.
782 */
do_become_nonbusy(struct comedi_device * dev,struct comedi_subdevice * s)783 static void do_become_nonbusy(struct comedi_device *dev,
784 struct comedi_subdevice *s)
785 {
786 struct comedi_async *async = s->async;
787 unsigned int runflags;
788 unsigned long flags;
789
790 lockdep_assert_held(&dev->mutex);
791 spin_lock_irqsave(&s->spin_lock, flags);
792 runflags = __comedi_get_subdevice_runflags(s);
793 __comedi_clear_subdevice_runflags(s, COMEDI_SRF_RUNNING |
794 COMEDI_SRF_BUSY);
795 spin_unlock_irqrestore(&s->spin_lock, flags);
796 if (async) {
797 /*
798 * "Run active" counter was set to 1 when setting up the
799 * command. Decrement it and wait for it to become 0.
800 */
801 if (comedi_is_runflags_busy(runflags)) {
802 comedi_put_is_subdevice_running(s);
803 wait_for_completion(&async->run_complete);
804 }
805 comedi_buf_reset(s);
806 async->inttrig = NULL;
807 kfree(async->cmd.chanlist);
808 async->cmd.chanlist = NULL;
809 s->busy = NULL;
810 wake_up_interruptible_all(&async->wait_head);
811 }
812 }
813
do_cancel(struct comedi_device * dev,struct comedi_subdevice * s)814 static int do_cancel(struct comedi_device *dev, struct comedi_subdevice *s)
815 {
816 int ret = 0;
817
818 lockdep_assert_held(&dev->mutex);
819 if (comedi_is_subdevice_running(s) && s->cancel)
820 ret = s->cancel(dev, s);
821
822 do_become_nonbusy(dev, s);
823
824 return ret;
825 }
826
comedi_device_cancel_all(struct comedi_device * dev)827 void comedi_device_cancel_all(struct comedi_device *dev)
828 {
829 struct comedi_subdevice *s;
830 int i;
831
832 lockdep_assert_held(&dev->mutex);
833 if (!dev->attached)
834 return;
835
836 for (i = 0; i < dev->n_subdevices; i++) {
837 s = &dev->subdevices[i];
838 if (s->async)
839 do_cancel(dev, s);
840 }
841 }
842
is_device_busy(struct comedi_device * dev)843 static int is_device_busy(struct comedi_device *dev)
844 {
845 struct comedi_subdevice *s;
846 int i;
847
848 lockdep_assert_held_write(&dev->attach_lock);
849 lockdep_assert_held(&dev->mutex);
850 if (!dev->attached)
851 return 0;
852
853 for (i = 0; i < dev->n_subdevices; i++) {
854 s = &dev->subdevices[i];
855 if (s->busy)
856 return 1;
857 if (!s->async)
858 continue;
859 if (comedi_buf_is_mmapped(s))
860 return 1;
861 /*
862 * There may be tasks still waiting on the subdevice's wait
863 * queue, although they should already be about to be removed
864 * from it since the subdevice has no active async command.
865 */
866 if (wq_has_sleeper(&s->async->wait_head))
867 return 1;
868 }
869
870 return 0;
871 }
872
873 /*
874 * COMEDI_DEVCONFIG ioctl
875 * attaches (and configures) or detaches a legacy device
876 *
877 * arg:
878 * pointer to comedi_devconfig structure (NULL if detaching)
879 *
880 * reads:
881 * comedi_devconfig structure (if attaching)
882 *
883 * writes:
884 * nothing
885 */
do_devconfig_ioctl(struct comedi_device * dev,struct comedi_devconfig __user * arg)886 static int do_devconfig_ioctl(struct comedi_device *dev,
887 struct comedi_devconfig __user *arg)
888 {
889 struct comedi_devconfig it;
890
891 lockdep_assert_held(&dev->mutex);
892 if (!capable(CAP_SYS_ADMIN))
893 return -EPERM;
894
895 if (!arg) {
896 int rc = 0;
897
898 if (dev->attached) {
899 down_write(&dev->attach_lock);
900 if (is_device_busy(dev)) {
901 rc = -EBUSY;
902 } else {
903 struct module *driver_module =
904 dev->driver->module;
905
906 comedi_device_detach_locked(dev);
907 module_put(driver_module);
908 }
909 up_write(&dev->attach_lock);
910 }
911 return rc;
912 }
913
914 if (copy_from_user(&it, arg, sizeof(it)))
915 return -EFAULT;
916
917 it.board_name[COMEDI_NAMELEN - 1] = 0;
918
919 if (it.options[COMEDI_DEVCONF_AUX_DATA_LENGTH]) {
920 dev_warn(dev->class_dev,
921 "comedi_config --init_data is deprecated\n");
922 return -EINVAL;
923 }
924
925 if (dev->minor >= comedi_num_legacy_minors)
926 /* don't re-use dynamically allocated comedi devices */
927 return -EBUSY;
928
929 /* This increments the driver module count on success. */
930 return comedi_device_attach(dev, &it);
931 }
932
933 /*
934 * COMEDI_BUFCONFIG ioctl
935 * buffer configuration
936 *
937 * arg:
938 * pointer to comedi_bufconfig structure
939 *
940 * reads:
941 * comedi_bufconfig structure
942 *
943 * writes:
944 * modified comedi_bufconfig structure
945 */
do_bufconfig_ioctl(struct comedi_device * dev,struct comedi_bufconfig __user * arg)946 static int do_bufconfig_ioctl(struct comedi_device *dev,
947 struct comedi_bufconfig __user *arg)
948 {
949 struct comedi_bufconfig bc;
950 struct comedi_async *async;
951 struct comedi_subdevice *s;
952 int retval = 0;
953
954 lockdep_assert_held(&dev->mutex);
955 if (copy_from_user(&bc, arg, sizeof(bc)))
956 return -EFAULT;
957
958 if (bc.subdevice >= dev->n_subdevices)
959 return -EINVAL;
960
961 s = &dev->subdevices[bc.subdevice];
962 async = s->async;
963
964 if (!async) {
965 dev_dbg(dev->class_dev,
966 "subdevice does not have async capability\n");
967 bc.size = 0;
968 bc.maximum_size = 0;
969 goto copyback;
970 }
971
972 if (bc.maximum_size) {
973 if (!capable(CAP_SYS_ADMIN))
974 return -EPERM;
975
976 async->max_bufsize = bc.maximum_size;
977 }
978
979 if (bc.size) {
980 retval = resize_async_buffer(dev, s, bc.size);
981 if (retval < 0)
982 return retval;
983 }
984
985 bc.size = async->prealloc_bufsz;
986 bc.maximum_size = async->max_bufsize;
987
988 copyback:
989 if (copy_to_user(arg, &bc, sizeof(bc)))
990 return -EFAULT;
991
992 return 0;
993 }
994
995 /*
996 * COMEDI_DEVINFO ioctl
997 * device info
998 *
999 * arg:
1000 * pointer to comedi_devinfo structure
1001 *
1002 * reads:
1003 * nothing
1004 *
1005 * writes:
1006 * comedi_devinfo structure
1007 */
do_devinfo_ioctl(struct comedi_device * dev,struct comedi_devinfo __user * arg,struct file * file)1008 static int do_devinfo_ioctl(struct comedi_device *dev,
1009 struct comedi_devinfo __user *arg,
1010 struct file *file)
1011 {
1012 struct comedi_subdevice *s;
1013 struct comedi_devinfo devinfo;
1014
1015 lockdep_assert_held(&dev->mutex);
1016 memset(&devinfo, 0, sizeof(devinfo));
1017
1018 /* fill devinfo structure */
1019 devinfo.version_code = COMEDI_VERSION_CODE;
1020 devinfo.n_subdevs = dev->n_subdevices;
1021 strscpy(devinfo.driver_name, dev->driver->driver_name, COMEDI_NAMELEN);
1022 strscpy(devinfo.board_name, dev->board_name, COMEDI_NAMELEN);
1023
1024 s = comedi_file_read_subdevice(file);
1025 if (s)
1026 devinfo.read_subdevice = s->index;
1027 else
1028 devinfo.read_subdevice = -1;
1029
1030 s = comedi_file_write_subdevice(file);
1031 if (s)
1032 devinfo.write_subdevice = s->index;
1033 else
1034 devinfo.write_subdevice = -1;
1035
1036 if (copy_to_user(arg, &devinfo, sizeof(devinfo)))
1037 return -EFAULT;
1038
1039 return 0;
1040 }
1041
1042 /*
1043 * COMEDI_SUBDINFO ioctl
1044 * subdevices info
1045 *
1046 * arg:
1047 * pointer to array of comedi_subdinfo structures
1048 *
1049 * reads:
1050 * nothing
1051 *
1052 * writes:
1053 * array of comedi_subdinfo structures
1054 */
do_subdinfo_ioctl(struct comedi_device * dev,struct comedi_subdinfo __user * arg,void * file)1055 static int do_subdinfo_ioctl(struct comedi_device *dev,
1056 struct comedi_subdinfo __user *arg, void *file)
1057 {
1058 int ret, i;
1059 struct comedi_subdinfo *tmp, *us;
1060 struct comedi_subdevice *s;
1061
1062 lockdep_assert_held(&dev->mutex);
1063 tmp = kzalloc_objs(*tmp, dev->n_subdevices);
1064 if (!tmp)
1065 return -ENOMEM;
1066
1067 /* fill subdinfo structs */
1068 for (i = 0; i < dev->n_subdevices; i++) {
1069 s = &dev->subdevices[i];
1070 us = tmp + i;
1071
1072 us->type = s->type;
1073 us->n_chan = s->n_chan;
1074 us->subd_flags = s->subdev_flags;
1075 if (comedi_is_subdevice_running(s))
1076 us->subd_flags |= SDF_RUNNING;
1077 #define TIMER_nanosec 5 /* backwards compatibility */
1078 us->timer_type = TIMER_nanosec;
1079 us->len_chanlist = s->len_chanlist;
1080 us->maxdata = s->maxdata;
1081 if (s->range_table) {
1082 us->range_type =
1083 (i << 24) | (0 << 16) | (s->range_table->length);
1084 } else {
1085 us->range_type = 0; /* XXX */
1086 }
1087
1088 if (s->busy)
1089 us->subd_flags |= SDF_BUSY;
1090 if (s->busy == file)
1091 us->subd_flags |= SDF_BUSY_OWNER;
1092 if (s->lock)
1093 us->subd_flags |= SDF_LOCKED;
1094 if (s->lock == file)
1095 us->subd_flags |= SDF_LOCK_OWNER;
1096 if (!s->maxdata && s->maxdata_list)
1097 us->subd_flags |= SDF_MAXDATA;
1098 if (s->range_table_list)
1099 us->subd_flags |= SDF_RANGETYPE;
1100 if (s->do_cmd)
1101 us->subd_flags |= SDF_CMD;
1102
1103 if (s->insn_bits != &insn_inval)
1104 us->insn_bits_support = COMEDI_SUPPORTED;
1105 else
1106 us->insn_bits_support = COMEDI_UNSUPPORTED;
1107 }
1108
1109 ret = copy_to_user(arg, tmp, dev->n_subdevices * sizeof(*tmp));
1110
1111 kfree(tmp);
1112
1113 return ret ? -EFAULT : 0;
1114 }
1115
1116 /*
1117 * COMEDI_CHANINFO ioctl
1118 * subdevice channel info
1119 *
1120 * arg:
1121 * pointer to comedi_chaninfo structure
1122 *
1123 * reads:
1124 * comedi_chaninfo structure
1125 *
1126 * writes:
1127 * array of maxdata values to chaninfo->maxdata_list if requested
1128 * array of range table lengths to chaninfo->range_table_list if requested
1129 */
do_chaninfo_ioctl(struct comedi_device * dev,struct comedi_chaninfo * it)1130 static int do_chaninfo_ioctl(struct comedi_device *dev,
1131 struct comedi_chaninfo *it)
1132 {
1133 struct comedi_subdevice *s;
1134
1135 lockdep_assert_held(&dev->mutex);
1136
1137 if (it->subdev >= dev->n_subdevices)
1138 return -EINVAL;
1139 s = &dev->subdevices[it->subdev];
1140
1141 if (it->maxdata_list) {
1142 if (s->maxdata || !s->maxdata_list)
1143 return -EINVAL;
1144 if (copy_to_user(it->maxdata_list, s->maxdata_list,
1145 s->n_chan * sizeof(unsigned int)))
1146 return -EFAULT;
1147 }
1148
1149 if (it->flaglist)
1150 return -EINVAL; /* flaglist not supported */
1151
1152 if (it->rangelist) {
1153 int i;
1154
1155 if (!s->range_table_list)
1156 return -EINVAL;
1157 for (i = 0; i < s->n_chan; i++) {
1158 int x;
1159
1160 x = (it->subdev << 24) | (i << 16) |
1161 (s->range_table_list[i]->length);
1162 if (put_user(x, it->rangelist + i))
1163 return -EFAULT;
1164 }
1165 }
1166
1167 return 0;
1168 }
1169
1170 /*
1171 * COMEDI_BUFINFO ioctl
1172 * buffer information
1173 *
1174 * Note that the comedi device's mutex has not been locked for this ioctl.
1175 *
1176 * arg:
1177 * pointer to comedi_bufinfo structure
1178 *
1179 * reads:
1180 * comedi_bufinfo structure
1181 *
1182 * writes:
1183 * modified comedi_bufinfo structure
1184 */
do_bufinfo_ioctl(struct comedi_device * dev,struct comedi_bufinfo __user * arg,void * file)1185 static int do_bufinfo_ioctl(struct comedi_device *dev,
1186 struct comedi_bufinfo __user *arg, void *file)
1187 {
1188 struct comedi_bufinfo bi;
1189 struct comedi_subdevice *s;
1190 struct comedi_async *async;
1191 unsigned int runflags;
1192 int retval = 0;
1193 unsigned int old_detach_count;
1194 unsigned int cmd_flags;
1195 bool become_nonbusy = false;
1196 bool attach_locked;
1197
1198 if (copy_from_user(&bi, arg, sizeof(bi)))
1199 return -EFAULT;
1200
1201 /* Protect against device detachment during operation. */
1202 down_read(&dev->attach_lock);
1203 attach_locked = true;
1204 old_detach_count = dev->detach_count;
1205
1206 if (!dev->attached) {
1207 dev_dbg(dev->class_dev, "no driver attached\n");
1208 retval = -ENODEV;
1209 goto out;
1210 }
1211
1212 if (bi.subdevice >= dev->n_subdevices) {
1213 retval = -EINVAL;
1214 goto out;
1215 }
1216
1217 s = &dev->subdevices[bi.subdevice];
1218
1219 async = s->async;
1220
1221 if (!async || s->busy != file) {
1222 retval = -EINVAL;
1223 goto out;
1224 }
1225
1226 runflags = comedi_get_subdevice_runflags(s);
1227 cmd_flags = async->cmd.flags;
1228 if (!(cmd_flags & CMDF_WRITE)) {
1229 /* command was set up in "read" direction */
1230 if (bi.bytes_read) {
1231 _comedi_buf_read_alloc(s, bi.bytes_read);
1232 bi.bytes_read = _comedi_buf_read_free(s, bi.bytes_read);
1233 }
1234 /*
1235 * If nothing left to read, and command has stopped, and
1236 * {"read" position not updated or command stopped normally},
1237 * then become non-busy.
1238 */
1239 if (_comedi_buf_read_n_available(s) == 0 &&
1240 !comedi_is_runflags_running(runflags) &&
1241 (bi.bytes_read == 0 ||
1242 !comedi_is_runflags_in_error(runflags))) {
1243 become_nonbusy = true;
1244 if (comedi_is_runflags_in_error(runflags))
1245 retval = -EPIPE;
1246 }
1247 bi.bytes_written = 0;
1248 } else {
1249 /* command was set up in "write" direction */
1250 if (!comedi_is_runflags_running(runflags)) {
1251 bi.bytes_written = 0;
1252 become_nonbusy = true;
1253 if (comedi_is_runflags_in_error(runflags))
1254 retval = -EPIPE;
1255 } else if (bi.bytes_written) {
1256 _comedi_buf_write_alloc(s, bi.bytes_written);
1257 bi.bytes_written =
1258 _comedi_buf_write_free(s, bi.bytes_written);
1259 }
1260 bi.bytes_read = 0;
1261 }
1262
1263 bi.buf_write_count = async->buf_write_count;
1264 bi.buf_write_ptr = async->buf_write_ptr;
1265 bi.buf_read_count = async->buf_read_count;
1266 bi.buf_read_ptr = async->buf_read_ptr;
1267
1268 if (become_nonbusy) {
1269 struct comedi_subdevice *new_s = NULL;
1270
1271 /*
1272 * To avoid deadlock, cannot acquire dev->mutex
1273 * while dev->attach_lock is held.
1274 */
1275 up_read(&dev->attach_lock);
1276 attach_locked = false;
1277 mutex_lock(&dev->mutex);
1278 /*
1279 * Check device hasn't become detached behind our back.
1280 * Checking dev->detach_count is unchanged ought to be
1281 * sufficient, but check the subdevice pointer as well,
1282 * and check the subdevice is still in a suitable state
1283 * to become non-busy. It should still be "busy" after
1284 * running an asynchronous commands, which should now have
1285 * stopped, and for a command in the "read" direction, all
1286 * available data should have been read.
1287 */
1288 if (dev->attached && old_detach_count == dev->detach_count &&
1289 bi.subdevice < dev->n_subdevices)
1290 new_s = &dev->subdevices[bi.subdevice];
1291 if (s == new_s && new_s->async == async && s->busy == file &&
1292 async->cmd.flags == cmd_flags &&
1293 !comedi_is_subdevice_running(s) &&
1294 ((cmd_flags & CMDF_WRITE) != 0 ||
1295 _comedi_buf_read_n_available(s) == 0))
1296 do_become_nonbusy(dev, s);
1297 mutex_unlock(&dev->mutex);
1298 }
1299
1300 out:
1301 if (attach_locked)
1302 up_read(&dev->attach_lock);
1303
1304 if (retval)
1305 return retval;
1306
1307 if (copy_to_user(arg, &bi, sizeof(bi)))
1308 return -EFAULT;
1309
1310 return 0;
1311 }
1312
check_insn_config_length(struct comedi_insn * insn,unsigned int * data)1313 static int check_insn_config_length(struct comedi_insn *insn,
1314 unsigned int *data)
1315 {
1316 if (insn->n < 1)
1317 return -EINVAL;
1318
1319 switch (data[0]) {
1320 case INSN_CONFIG_DIO_OUTPUT:
1321 case INSN_CONFIG_DIO_INPUT:
1322 case INSN_CONFIG_DISARM:
1323 case INSN_CONFIG_RESET:
1324 if (insn->n == 1)
1325 return 0;
1326 break;
1327 case INSN_CONFIG_ARM:
1328 case INSN_CONFIG_DIO_QUERY:
1329 case INSN_CONFIG_BLOCK_SIZE:
1330 case INSN_CONFIG_FILTER:
1331 case INSN_CONFIG_SERIAL_CLOCK:
1332 case INSN_CONFIG_BIDIRECTIONAL_DATA:
1333 case INSN_CONFIG_ALT_SOURCE:
1334 case INSN_CONFIG_SET_COUNTER_MODE:
1335 case INSN_CONFIG_8254_READ_STATUS:
1336 case INSN_CONFIG_SET_ROUTING:
1337 case INSN_CONFIG_GET_ROUTING:
1338 case INSN_CONFIG_GET_PWM_STATUS:
1339 case INSN_CONFIG_PWM_SET_PERIOD:
1340 case INSN_CONFIG_PWM_GET_PERIOD:
1341 if (insn->n == 2)
1342 return 0;
1343 break;
1344 case INSN_CONFIG_SET_GATE_SRC:
1345 case INSN_CONFIG_GET_GATE_SRC:
1346 case INSN_CONFIG_SET_CLOCK_SRC:
1347 case INSN_CONFIG_GET_CLOCK_SRC:
1348 case INSN_CONFIG_SET_OTHER_SRC:
1349 case INSN_CONFIG_GET_COUNTER_STATUS:
1350 case INSN_CONFIG_GET_PWM_OUTPUT:
1351 case INSN_CONFIG_PWM_SET_H_BRIDGE:
1352 case INSN_CONFIG_PWM_GET_H_BRIDGE:
1353 case INSN_CONFIG_GET_HARDWARE_BUFFER_SIZE:
1354 if (insn->n == 3)
1355 return 0;
1356 break;
1357 case INSN_CONFIG_PWM_OUTPUT:
1358 case INSN_CONFIG_ANALOG_TRIG:
1359 case INSN_CONFIG_TIMER_1:
1360 if (insn->n == 5)
1361 return 0;
1362 break;
1363 case INSN_CONFIG_DIGITAL_TRIG:
1364 if (insn->n == 6)
1365 return 0;
1366 break;
1367 case INSN_CONFIG_GET_CMD_TIMING_CONSTRAINTS:
1368 if (insn->n >= 4)
1369 return 0;
1370 break;
1371 /*
1372 * by default we allow the insn since we don't have checks for
1373 * all possible cases yet
1374 */
1375 default:
1376 pr_warn("No check for data length of config insn id %i is implemented\n",
1377 data[0]);
1378 pr_warn("Add a check to %s in %s\n", __func__, __FILE__);
1379 pr_warn("Assuming n=%i is correct\n", insn->n);
1380 return 0;
1381 }
1382 return -EINVAL;
1383 }
1384
check_insn_device_config_length(struct comedi_insn * insn,unsigned int * data)1385 static int check_insn_device_config_length(struct comedi_insn *insn,
1386 unsigned int *data)
1387 {
1388 if (insn->n < 1)
1389 return -EINVAL;
1390
1391 switch (data[0]) {
1392 case INSN_DEVICE_CONFIG_TEST_ROUTE:
1393 case INSN_DEVICE_CONFIG_CONNECT_ROUTE:
1394 case INSN_DEVICE_CONFIG_DISCONNECT_ROUTE:
1395 if (insn->n == 3)
1396 return 0;
1397 break;
1398 case INSN_DEVICE_CONFIG_GET_ROUTES:
1399 /*
1400 * Big enough for config_id and the length of the userland
1401 * memory buffer. Additional length should be in factors of 2
1402 * to communicate any returned route pairs (source,destination).
1403 */
1404 if (insn->n >= 2)
1405 return 0;
1406 break;
1407 }
1408 return -EINVAL;
1409 }
1410
1411 /**
1412 * get_valid_routes() - Calls low-level driver get_valid_routes function to
1413 * either return a count of valid routes to user, or copy
1414 * of list of all valid device routes to buffer in
1415 * userspace.
1416 * @dev: comedi device pointer
1417 * @data: data from user insn call. The length of the data must be >= 2.
1418 * data[0] must contain the INSN_DEVICE_CONFIG config_id.
1419 * data[1](input) contains the number of _pairs_ for which memory is
1420 * allotted from the user. If the user specifies '0', then only
1421 * the number of pairs available is returned.
1422 * data[1](output) returns either the number of pairs available (if none
1423 * where requested) or the number of _pairs_ that are copied back
1424 * to the user.
1425 * data[2::2] returns each (source, destination) pair.
1426 *
1427 * Return: -EINVAL if low-level driver does not allocate and return routes as
1428 * expected. Returns 0 otherwise.
1429 */
get_valid_routes(struct comedi_device * dev,unsigned int * data)1430 static int get_valid_routes(struct comedi_device *dev, unsigned int *data)
1431 {
1432 lockdep_assert_held(&dev->mutex);
1433 data[1] = dev->get_valid_routes(dev, data[1], data + 2);
1434 return 0;
1435 }
1436
parse_insn(struct comedi_device * dev,struct comedi_insn * insn,unsigned int * data,void * file)1437 static int parse_insn(struct comedi_device *dev, struct comedi_insn *insn,
1438 unsigned int *data, void *file)
1439 {
1440 struct comedi_subdevice *s;
1441 int ret = 0;
1442 int i;
1443
1444 lockdep_assert_held(&dev->mutex);
1445 if (insn->insn & INSN_MASK_SPECIAL) {
1446 /* a non-subdevice instruction */
1447
1448 switch (insn->insn) {
1449 case INSN_GTOD:
1450 {
1451 struct timespec64 tv;
1452
1453 if (insn->n != 2) {
1454 ret = -EINVAL;
1455 break;
1456 }
1457
1458 ktime_get_real_ts64(&tv);
1459 /* unsigned data safe until 2106 */
1460 data[0] = (unsigned int)tv.tv_sec;
1461 data[1] = tv.tv_nsec / NSEC_PER_USEC;
1462 ret = 2;
1463
1464 break;
1465 }
1466 case INSN_WAIT:
1467 if (insn->n != 1 || data[0] >= 100000) {
1468 ret = -EINVAL;
1469 break;
1470 }
1471 udelay(data[0] / 1000);
1472 ret = 1;
1473 break;
1474 case INSN_INTTRIG:
1475 if (insn->n != 1) {
1476 ret = -EINVAL;
1477 break;
1478 }
1479 if (insn->subdev >= dev->n_subdevices) {
1480 dev_dbg(dev->class_dev,
1481 "%d not usable subdevice\n",
1482 insn->subdev);
1483 ret = -EINVAL;
1484 break;
1485 }
1486 s = &dev->subdevices[insn->subdev];
1487 if (!s->async) {
1488 dev_dbg(dev->class_dev, "no async\n");
1489 ret = -EINVAL;
1490 break;
1491 }
1492 if (!s->async->inttrig) {
1493 dev_dbg(dev->class_dev, "no inttrig\n");
1494 ret = -EAGAIN;
1495 break;
1496 }
1497 ret = s->async->inttrig(dev, s, data[0]);
1498 if (ret >= 0)
1499 ret = 1;
1500 break;
1501 case INSN_DEVICE_CONFIG:
1502 ret = check_insn_device_config_length(insn, data);
1503 if (ret)
1504 break;
1505
1506 if (data[0] == INSN_DEVICE_CONFIG_GET_ROUTES) {
1507 /*
1508 * data[1] should be the number of _pairs_ that
1509 * the memory can hold.
1510 */
1511 data[1] = (insn->n - 2) / 2;
1512 ret = get_valid_routes(dev, data);
1513 break;
1514 }
1515
1516 /* other global device config instructions. */
1517 ret = dev->insn_device_config(dev, insn, data);
1518 break;
1519 default:
1520 dev_dbg(dev->class_dev, "invalid insn\n");
1521 ret = -EINVAL;
1522 break;
1523 }
1524 } else {
1525 /* a subdevice instruction */
1526 unsigned int maxdata;
1527
1528 if (insn->subdev >= dev->n_subdevices) {
1529 dev_dbg(dev->class_dev, "subdevice %d out of range\n",
1530 insn->subdev);
1531 ret = -EINVAL;
1532 goto out;
1533 }
1534 s = &dev->subdevices[insn->subdev];
1535
1536 if (s->type == COMEDI_SUBD_UNUSED) {
1537 dev_dbg(dev->class_dev, "%d not usable subdevice\n",
1538 insn->subdev);
1539 ret = -EIO;
1540 goto out;
1541 }
1542
1543 /* are we locked? (ioctl lock) */
1544 if (s->lock && s->lock != file) {
1545 dev_dbg(dev->class_dev, "device locked\n");
1546 ret = -EACCES;
1547 goto out;
1548 }
1549
1550 ret = comedi_check_chanlist(s, 1, &insn->chanspec);
1551 if (ret < 0) {
1552 ret = -EINVAL;
1553 dev_dbg(dev->class_dev, "bad chanspec\n");
1554 goto out;
1555 }
1556
1557 if (s->busy) {
1558 ret = -EBUSY;
1559 goto out;
1560 }
1561 /* This looks arbitrary. It is. */
1562 s->busy = parse_insn;
1563 switch (insn->insn) {
1564 case INSN_READ:
1565 ret = s->insn_read(dev, s, insn, data);
1566 if (ret == -ETIMEDOUT) {
1567 dev_dbg(dev->class_dev,
1568 "subdevice %d read instruction timed out\n",
1569 s->index);
1570 }
1571 break;
1572 case INSN_WRITE:
1573 maxdata = s->maxdata_list
1574 ? s->maxdata_list[CR_CHAN(insn->chanspec)]
1575 : s->maxdata;
1576 for (i = 0; i < insn->n; ++i) {
1577 if (data[i] > maxdata) {
1578 ret = -EINVAL;
1579 dev_dbg(dev->class_dev,
1580 "bad data value(s)\n");
1581 break;
1582 }
1583 }
1584 if (ret == 0) {
1585 ret = s->insn_write(dev, s, insn, data);
1586 if (ret == -ETIMEDOUT) {
1587 dev_dbg(dev->class_dev,
1588 "subdevice %d write instruction timed out\n",
1589 s->index);
1590 }
1591 }
1592 break;
1593 case INSN_BITS:
1594 if (insn->n != 2) {
1595 ret = -EINVAL;
1596 } else {
1597 /*
1598 * Most drivers ignore the base channel in
1599 * insn->chanspec. Fix this here if
1600 * the subdevice has <= 32 channels.
1601 */
1602 unsigned int orig_mask = data[0];
1603 unsigned int shift = 0;
1604
1605 if (s->n_chan <= 32) {
1606 shift = CR_CHAN(insn->chanspec);
1607 if (shift > 0) {
1608 insn->chanspec = 0;
1609 data[0] <<= shift;
1610 data[1] <<= shift;
1611 }
1612 }
1613 ret = s->insn_bits(dev, s, insn, data);
1614 data[0] = orig_mask;
1615 if (shift > 0)
1616 data[1] >>= shift;
1617 }
1618 break;
1619 case INSN_CONFIG:
1620 ret = check_insn_config_length(insn, data);
1621 if (ret)
1622 break;
1623 ret = s->insn_config(dev, s, insn, data);
1624 break;
1625 default:
1626 ret = -EINVAL;
1627 break;
1628 }
1629
1630 s->busy = NULL;
1631 }
1632
1633 out:
1634 return ret;
1635 }
1636
1637 /*
1638 * COMEDI_INSNLIST ioctl
1639 * synchronous instruction list
1640 *
1641 * arg:
1642 * pointer to comedi_insnlist structure
1643 *
1644 * reads:
1645 * comedi_insnlist structure
1646 * array of comedi_insn structures from insnlist->insns pointer
1647 * data (for writes) from insns[].data pointers
1648 *
1649 * writes:
1650 * data (for reads) to insns[].data pointers
1651 */
1652 /* arbitrary limits */
1653 #define MIN_SAMPLES 16
1654 #define MAX_SAMPLES 65536
do_insnlist_ioctl(struct comedi_device * dev,struct comedi_insn * insns,unsigned int n_insns,void * file)1655 static int do_insnlist_ioctl(struct comedi_device *dev,
1656 struct comedi_insn *insns,
1657 unsigned int n_insns,
1658 void *file)
1659 {
1660 unsigned int *data = NULL;
1661 unsigned int max_n_data_required = MIN_SAMPLES;
1662 int i = 0;
1663 int ret = 0;
1664
1665 lockdep_assert_held(&dev->mutex);
1666
1667 /* Determine maximum memory needed for all instructions. */
1668 for (i = 0; i < n_insns; ++i) {
1669 if (insns[i].n > MAX_SAMPLES) {
1670 dev_dbg(dev->class_dev,
1671 "number of samples too large\n");
1672 ret = -EINVAL;
1673 goto error;
1674 }
1675 max_n_data_required = max(max_n_data_required, insns[i].n);
1676 }
1677
1678 /* Allocate scratch space for all instruction data. */
1679 data = kmalloc_array(max_n_data_required, sizeof(unsigned int),
1680 GFP_KERNEL);
1681 if (!data) {
1682 ret = -ENOMEM;
1683 goto error;
1684 }
1685
1686 for (i = 0; i < n_insns; ++i) {
1687 unsigned int n = insns[i].n;
1688
1689 if (insns[i].insn & INSN_MASK_WRITE) {
1690 if (copy_from_user(data, insns[i].data,
1691 n * sizeof(unsigned int))) {
1692 dev_dbg(dev->class_dev,
1693 "copy_from_user failed\n");
1694 ret = -EFAULT;
1695 goto error;
1696 }
1697 if (n < MIN_SAMPLES) {
1698 memset(&data[n], 0, (MIN_SAMPLES - n) *
1699 sizeof(unsigned int));
1700 }
1701 } else {
1702 memset(data, 0, max_t(unsigned int, n, MIN_SAMPLES) *
1703 sizeof(unsigned int));
1704 }
1705 ret = parse_insn(dev, insns + i, data, file);
1706 if (ret < 0)
1707 goto error;
1708 if (insns[i].insn & INSN_MASK_READ) {
1709 if (copy_to_user(insns[i].data, data,
1710 n * sizeof(unsigned int))) {
1711 dev_dbg(dev->class_dev,
1712 "copy_to_user failed\n");
1713 ret = -EFAULT;
1714 goto error;
1715 }
1716 }
1717 if (need_resched())
1718 schedule();
1719 }
1720
1721 error:
1722 kfree(data);
1723
1724 if (ret < 0)
1725 return ret;
1726 return i;
1727 }
1728
1729 #define MAX_INSNS MAX_SAMPLES
check_insnlist_len(struct comedi_device * dev,unsigned int n_insns)1730 static int check_insnlist_len(struct comedi_device *dev, unsigned int n_insns)
1731 {
1732 if (n_insns > MAX_INSNS) {
1733 dev_dbg(dev->class_dev, "insnlist length too large\n");
1734 return -EINVAL;
1735 }
1736 return 0;
1737 }
1738
1739 /*
1740 * COMEDI_INSN ioctl
1741 * synchronous instruction
1742 *
1743 * arg:
1744 * pointer to comedi_insn structure
1745 *
1746 * reads:
1747 * comedi_insn structure
1748 * data (for writes) from insn->data pointer
1749 *
1750 * writes:
1751 * data (for reads) to insn->data pointer
1752 */
do_insn_ioctl(struct comedi_device * dev,struct comedi_insn * insn,void * file)1753 static int do_insn_ioctl(struct comedi_device *dev,
1754 struct comedi_insn *insn, void *file)
1755 {
1756 unsigned int *data = NULL;
1757 unsigned int n_data = MIN_SAMPLES;
1758 int ret = 0;
1759
1760 lockdep_assert_held(&dev->mutex);
1761
1762 n_data = max(n_data, insn->n);
1763
1764 /* This is where the behavior of insn and insnlist deviate. */
1765 if (insn->n > MAX_SAMPLES) {
1766 insn->n = MAX_SAMPLES;
1767 n_data = MAX_SAMPLES;
1768 }
1769
1770 data = kmalloc_array(n_data, sizeof(unsigned int), GFP_KERNEL);
1771 if (!data) {
1772 ret = -ENOMEM;
1773 goto error;
1774 }
1775
1776 if (insn->insn & INSN_MASK_WRITE) {
1777 if (copy_from_user(data,
1778 insn->data,
1779 insn->n * sizeof(unsigned int))) {
1780 ret = -EFAULT;
1781 goto error;
1782 }
1783 if (insn->n < MIN_SAMPLES) {
1784 memset(&data[insn->n], 0,
1785 (MIN_SAMPLES - insn->n) * sizeof(unsigned int));
1786 }
1787 } else {
1788 memset(data, 0, n_data * sizeof(unsigned int));
1789 }
1790 ret = parse_insn(dev, insn, data, file);
1791 if (ret < 0)
1792 goto error;
1793 if (insn->insn & INSN_MASK_READ) {
1794 if (copy_to_user(insn->data,
1795 data,
1796 insn->n * sizeof(unsigned int))) {
1797 ret = -EFAULT;
1798 goto error;
1799 }
1800 }
1801 ret = insn->n;
1802
1803 error:
1804 kfree(data);
1805
1806 return ret;
1807 }
1808
__comedi_get_user_cmd(struct comedi_device * dev,struct comedi_cmd * cmd)1809 static int __comedi_get_user_cmd(struct comedi_device *dev,
1810 struct comedi_cmd *cmd)
1811 {
1812 struct comedi_subdevice *s;
1813
1814 lockdep_assert_held(&dev->mutex);
1815 if (cmd->subdev >= dev->n_subdevices) {
1816 dev_dbg(dev->class_dev, "%d no such subdevice\n", cmd->subdev);
1817 return -ENODEV;
1818 }
1819
1820 s = &dev->subdevices[cmd->subdev];
1821
1822 if (s->type == COMEDI_SUBD_UNUSED) {
1823 dev_dbg(dev->class_dev, "%d not valid subdevice\n",
1824 cmd->subdev);
1825 return -EIO;
1826 }
1827
1828 if (!s->do_cmd || !s->do_cmdtest || !s->async) {
1829 dev_dbg(dev->class_dev,
1830 "subdevice %d does not support commands\n",
1831 cmd->subdev);
1832 return -EIO;
1833 }
1834
1835 /* make sure channel/gain list isn't too long */
1836 if (cmd->chanlist_len > s->len_chanlist) {
1837 dev_dbg(dev->class_dev, "channel/gain list too long %d > %d\n",
1838 cmd->chanlist_len, s->len_chanlist);
1839 return -EINVAL;
1840 }
1841
1842 /*
1843 * Set the CMDF_WRITE flag to the correct state if the subdevice
1844 * supports only "read" commands or only "write" commands.
1845 */
1846 switch (s->subdev_flags & (SDF_CMD_READ | SDF_CMD_WRITE)) {
1847 case SDF_CMD_READ:
1848 cmd->flags &= ~CMDF_WRITE;
1849 break;
1850 case SDF_CMD_WRITE:
1851 cmd->flags |= CMDF_WRITE;
1852 break;
1853 default:
1854 break;
1855 }
1856
1857 return 0;
1858 }
1859
__comedi_get_user_chanlist(struct comedi_device * dev,struct comedi_subdevice * s,unsigned int __user * user_chanlist,struct comedi_cmd * cmd)1860 static int __comedi_get_user_chanlist(struct comedi_device *dev,
1861 struct comedi_subdevice *s,
1862 unsigned int __user *user_chanlist,
1863 struct comedi_cmd *cmd)
1864 {
1865 unsigned int *chanlist;
1866 int ret;
1867
1868 lockdep_assert_held(&dev->mutex);
1869 cmd->chanlist = NULL;
1870 chanlist = memdup_array_user(user_chanlist,
1871 cmd->chanlist_len, sizeof(unsigned int));
1872 if (IS_ERR(chanlist))
1873 return PTR_ERR(chanlist);
1874
1875 /* make sure each element in channel/gain list is valid */
1876 ret = comedi_check_chanlist(s, cmd->chanlist_len, chanlist);
1877 if (ret < 0) {
1878 kfree(chanlist);
1879 return ret;
1880 }
1881
1882 cmd->chanlist = chanlist;
1883
1884 return 0;
1885 }
1886
1887 /*
1888 * COMEDI_CMD ioctl
1889 * asynchronous acquisition command set-up
1890 *
1891 * arg:
1892 * pointer to comedi_cmd structure
1893 *
1894 * reads:
1895 * comedi_cmd structure
1896 * channel/range list from cmd->chanlist pointer
1897 *
1898 * writes:
1899 * possibly modified comedi_cmd structure (when -EAGAIN returned)
1900 */
do_cmd_ioctl(struct comedi_device * dev,struct comedi_cmd * cmd,bool * copy,void * file)1901 static int do_cmd_ioctl(struct comedi_device *dev,
1902 struct comedi_cmd *cmd, bool *copy, void *file)
1903 {
1904 struct comedi_subdevice *s;
1905 struct comedi_async *async;
1906 unsigned int __user *user_chanlist;
1907 int ret;
1908
1909 lockdep_assert_held(&dev->mutex);
1910
1911 /* do some simple cmd validation */
1912 ret = __comedi_get_user_cmd(dev, cmd);
1913 if (ret)
1914 return ret;
1915
1916 /* save user's chanlist pointer so it can be restored later */
1917 user_chanlist = (unsigned int __user *)cmd->chanlist;
1918
1919 s = &dev->subdevices[cmd->subdev];
1920 async = s->async;
1921
1922 /* are we locked? (ioctl lock) */
1923 if (s->lock && s->lock != file) {
1924 dev_dbg(dev->class_dev, "subdevice locked\n");
1925 return -EACCES;
1926 }
1927
1928 /* are we busy? */
1929 if (s->busy) {
1930 dev_dbg(dev->class_dev, "subdevice busy\n");
1931 return -EBUSY;
1932 }
1933
1934 /* make sure channel/gain list isn't too short */
1935 if (cmd->chanlist_len < 1) {
1936 dev_dbg(dev->class_dev, "channel/gain list too short %u < 1\n",
1937 cmd->chanlist_len);
1938 return -EINVAL;
1939 }
1940
1941 async->cmd = *cmd;
1942 async->cmd.data = NULL;
1943
1944 /* load channel/gain list */
1945 ret = __comedi_get_user_chanlist(dev, s, user_chanlist, &async->cmd);
1946 if (ret)
1947 goto cleanup;
1948
1949 ret = s->do_cmdtest(dev, s, &async->cmd);
1950
1951 if (async->cmd.flags & CMDF_BOGUS || ret) {
1952 dev_dbg(dev->class_dev, "test returned %d\n", ret);
1953 *cmd = async->cmd;
1954 /* restore chanlist pointer before copying back */
1955 cmd->chanlist = (unsigned int __force *)user_chanlist;
1956 cmd->data = NULL;
1957 *copy = true;
1958 ret = -EAGAIN;
1959 goto cleanup;
1960 }
1961
1962 if (!async->prealloc_bufsz) {
1963 ret = -ENOMEM;
1964 dev_dbg(dev->class_dev, "no buffer (?)\n");
1965 goto cleanup;
1966 }
1967
1968 comedi_buf_reset(s);
1969
1970 async->cb_mask = COMEDI_CB_BLOCK | COMEDI_CB_CANCEL_MASK;
1971 if (async->cmd.flags & CMDF_WAKE_EOS)
1972 async->cb_mask |= COMEDI_CB_EOS;
1973
1974 /*
1975 * Set the "run active" counter with an initial count of 1 that will
1976 * complete the "safe to reset" event when it is decremented to 0.
1977 */
1978 refcount_set(&s->async->run_active, 1);
1979 reinit_completion(&s->async->run_complete);
1980 comedi_update_subdevice_runflags(s, COMEDI_SRF_BUSY_MASK,
1981 COMEDI_SRF_RUNNING | COMEDI_SRF_BUSY);
1982
1983 /*
1984 * Set s->busy _after_ setting COMEDI_SRF_RUNNING flag to avoid
1985 * race with comedi_read() or comedi_write().
1986 */
1987 s->busy = file;
1988 ret = s->do_cmd(dev, s);
1989 if (ret == 0)
1990 return 0;
1991
1992 cleanup:
1993 do_become_nonbusy(dev, s);
1994
1995 return ret;
1996 }
1997
1998 /*
1999 * COMEDI_CMDTEST ioctl
2000 * asynchronous acquisition command testing
2001 *
2002 * arg:
2003 * pointer to comedi_cmd structure
2004 *
2005 * reads:
2006 * comedi_cmd structure
2007 * channel/range list from cmd->chanlist pointer
2008 *
2009 * writes:
2010 * possibly modified comedi_cmd structure
2011 */
do_cmdtest_ioctl(struct comedi_device * dev,struct comedi_cmd * cmd,bool * copy,void * file)2012 static int do_cmdtest_ioctl(struct comedi_device *dev,
2013 struct comedi_cmd *cmd, bool *copy, void *file)
2014 {
2015 struct comedi_subdevice *s;
2016 unsigned int __user *user_chanlist;
2017 int ret;
2018
2019 lockdep_assert_held(&dev->mutex);
2020
2021 /* do some simple cmd validation */
2022 ret = __comedi_get_user_cmd(dev, cmd);
2023 if (ret)
2024 return ret;
2025
2026 /* save user's chanlist pointer so it can be restored later */
2027 user_chanlist = (unsigned int __user *)cmd->chanlist;
2028
2029 s = &dev->subdevices[cmd->subdev];
2030
2031 /* user_chanlist can be NULL for COMEDI_CMDTEST ioctl */
2032 if (user_chanlist) {
2033 /* load channel/gain list */
2034 ret = __comedi_get_user_chanlist(dev, s, user_chanlist, cmd);
2035 if (ret)
2036 return ret;
2037 }
2038
2039 ret = s->do_cmdtest(dev, s, cmd);
2040
2041 kfree(cmd->chanlist); /* free kernel copy of user chanlist */
2042
2043 /* restore chanlist pointer before copying back */
2044 cmd->chanlist = (unsigned int __force *)user_chanlist;
2045 *copy = true;
2046
2047 return ret;
2048 }
2049
2050 /*
2051 * COMEDI_LOCK ioctl
2052 * lock subdevice
2053 *
2054 * arg:
2055 * subdevice number
2056 *
2057 * reads:
2058 * nothing
2059 *
2060 * writes:
2061 * nothing
2062 */
do_lock_ioctl(struct comedi_device * dev,unsigned long arg,void * file)2063 static int do_lock_ioctl(struct comedi_device *dev, unsigned long arg,
2064 void *file)
2065 {
2066 int ret = 0;
2067 unsigned long flags;
2068 struct comedi_subdevice *s;
2069
2070 lockdep_assert_held(&dev->mutex);
2071 if (arg >= dev->n_subdevices)
2072 return -EINVAL;
2073 s = &dev->subdevices[arg];
2074
2075 spin_lock_irqsave(&s->spin_lock, flags);
2076 if (s->busy || s->lock)
2077 ret = -EBUSY;
2078 else
2079 s->lock = file;
2080 spin_unlock_irqrestore(&s->spin_lock, flags);
2081
2082 return ret;
2083 }
2084
2085 /*
2086 * COMEDI_UNLOCK ioctl
2087 * unlock subdevice
2088 *
2089 * arg:
2090 * subdevice number
2091 *
2092 * reads:
2093 * nothing
2094 *
2095 * writes:
2096 * nothing
2097 */
do_unlock_ioctl(struct comedi_device * dev,unsigned long arg,void * file)2098 static int do_unlock_ioctl(struct comedi_device *dev, unsigned long arg,
2099 void *file)
2100 {
2101 struct comedi_subdevice *s;
2102
2103 lockdep_assert_held(&dev->mutex);
2104 if (arg >= dev->n_subdevices)
2105 return -EINVAL;
2106 s = &dev->subdevices[arg];
2107
2108 if (s->busy)
2109 return -EBUSY;
2110
2111 if (s->lock && s->lock != file)
2112 return -EACCES;
2113
2114 if (s->lock == file)
2115 s->lock = NULL;
2116
2117 return 0;
2118 }
2119
2120 /*
2121 * COMEDI_CANCEL ioctl
2122 * cancel asynchronous acquisition
2123 *
2124 * arg:
2125 * subdevice number
2126 *
2127 * reads:
2128 * nothing
2129 *
2130 * writes:
2131 * nothing
2132 */
do_cancel_ioctl(struct comedi_device * dev,unsigned long arg,void * file)2133 static int do_cancel_ioctl(struct comedi_device *dev, unsigned long arg,
2134 void *file)
2135 {
2136 struct comedi_subdevice *s;
2137
2138 lockdep_assert_held(&dev->mutex);
2139 if (arg >= dev->n_subdevices)
2140 return -EINVAL;
2141 s = &dev->subdevices[arg];
2142 if (!s->async)
2143 return -EINVAL;
2144
2145 if (!s->busy)
2146 return 0;
2147
2148 if (s->busy != file)
2149 return -EBUSY;
2150
2151 return do_cancel(dev, s);
2152 }
2153
2154 /*
2155 * COMEDI_POLL ioctl
2156 * instructs driver to synchronize buffers
2157 *
2158 * arg:
2159 * subdevice number
2160 *
2161 * reads:
2162 * nothing
2163 *
2164 * writes:
2165 * nothing
2166 */
do_poll_ioctl(struct comedi_device * dev,unsigned long arg,void * file)2167 static int do_poll_ioctl(struct comedi_device *dev, unsigned long arg,
2168 void *file)
2169 {
2170 struct comedi_subdevice *s;
2171
2172 lockdep_assert_held(&dev->mutex);
2173 if (arg >= dev->n_subdevices)
2174 return -EINVAL;
2175 s = &dev->subdevices[arg];
2176
2177 if (!s->busy)
2178 return 0;
2179
2180 if (s->busy != file)
2181 return -EBUSY;
2182
2183 if (s->poll)
2184 return s->poll(dev, s);
2185
2186 return -EINVAL;
2187 }
2188
2189 /*
2190 * COMEDI_SETRSUBD ioctl
2191 * sets the current "read" subdevice on a per-file basis
2192 *
2193 * arg:
2194 * subdevice number
2195 *
2196 * reads:
2197 * nothing
2198 *
2199 * writes:
2200 * nothing
2201 */
do_setrsubd_ioctl(struct comedi_device * dev,unsigned long arg,struct file * file)2202 static int do_setrsubd_ioctl(struct comedi_device *dev, unsigned long arg,
2203 struct file *file)
2204 {
2205 struct comedi_file *cfp = file->private_data;
2206 struct comedi_subdevice *s_old, *s_new;
2207
2208 lockdep_assert_held(&dev->mutex);
2209 if (arg >= dev->n_subdevices)
2210 return -EINVAL;
2211
2212 s_new = &dev->subdevices[arg];
2213 s_old = comedi_file_read_subdevice(file);
2214 if (s_old == s_new)
2215 return 0; /* no change */
2216
2217 if (!(s_new->subdev_flags & SDF_CMD_READ))
2218 return -EINVAL;
2219
2220 /*
2221 * Check the file isn't still busy handling a "read" command on the
2222 * old subdevice (if any).
2223 */
2224 if (s_old && s_old->busy == file && s_old->async &&
2225 !(s_old->async->cmd.flags & CMDF_WRITE))
2226 return -EBUSY;
2227
2228 WRITE_ONCE(cfp->read_subdev, s_new);
2229 return 0;
2230 }
2231
2232 /*
2233 * COMEDI_SETWSUBD ioctl
2234 * sets the current "write" subdevice on a per-file basis
2235 *
2236 * arg:
2237 * subdevice number
2238 *
2239 * reads:
2240 * nothing
2241 *
2242 * writes:
2243 * nothing
2244 */
do_setwsubd_ioctl(struct comedi_device * dev,unsigned long arg,struct file * file)2245 static int do_setwsubd_ioctl(struct comedi_device *dev, unsigned long arg,
2246 struct file *file)
2247 {
2248 struct comedi_file *cfp = file->private_data;
2249 struct comedi_subdevice *s_old, *s_new;
2250
2251 lockdep_assert_held(&dev->mutex);
2252 if (arg >= dev->n_subdevices)
2253 return -EINVAL;
2254
2255 s_new = &dev->subdevices[arg];
2256 s_old = comedi_file_write_subdevice(file);
2257 if (s_old == s_new)
2258 return 0; /* no change */
2259
2260 if (!(s_new->subdev_flags & SDF_CMD_WRITE))
2261 return -EINVAL;
2262
2263 /*
2264 * Check the file isn't still busy handling a "write" command on the
2265 * old subdevice (if any).
2266 */
2267 if (s_old && s_old->busy == file && s_old->async &&
2268 (s_old->async->cmd.flags & CMDF_WRITE))
2269 return -EBUSY;
2270
2271 WRITE_ONCE(cfp->write_subdev, s_new);
2272 return 0;
2273 }
2274
comedi_unlocked_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2275 static long comedi_unlocked_ioctl(struct file *file, unsigned int cmd,
2276 unsigned long arg)
2277 {
2278 unsigned int minor = iminor(file_inode(file));
2279 struct comedi_file *cfp = file->private_data;
2280 struct comedi_device *dev = cfp->dev;
2281 int rc;
2282
2283 /* Handle COMEDI_BUFINFO without locking the mutex first. */
2284 if (cmd == COMEDI_BUFINFO) {
2285 return do_bufinfo_ioctl(dev,
2286 (struct comedi_bufinfo __user *)arg,
2287 file);
2288 }
2289
2290 mutex_lock(&dev->mutex);
2291
2292 /*
2293 * Device config is special, because it must work on
2294 * an unconfigured device.
2295 */
2296 if (cmd == COMEDI_DEVCONFIG) {
2297 if (minor >= COMEDI_NUM_BOARD_MINORS) {
2298 /* Device config not appropriate on non-board minors. */
2299 rc = -ENOTTY;
2300 goto done;
2301 }
2302 rc = do_devconfig_ioctl(dev,
2303 (struct comedi_devconfig __user *)arg);
2304 if (rc == 0) {
2305 if (arg == 0 &&
2306 dev->minor >= comedi_num_legacy_minors) {
2307 /*
2308 * Successfully unconfigured a dynamically
2309 * allocated device. Try and remove it.
2310 */
2311 if (comedi_clear_board_dev(dev)) {
2312 mutex_unlock(&dev->mutex);
2313 comedi_free_board_dev(dev);
2314 return rc;
2315 }
2316 }
2317 }
2318 goto done;
2319 }
2320
2321 if (!dev->attached) {
2322 dev_dbg(dev->class_dev, "no driver attached\n");
2323 rc = -ENODEV;
2324 goto done;
2325 }
2326
2327 switch (cmd) {
2328 case COMEDI_BUFCONFIG:
2329 rc = do_bufconfig_ioctl(dev,
2330 (struct comedi_bufconfig __user *)arg);
2331 break;
2332 case COMEDI_DEVINFO:
2333 rc = do_devinfo_ioctl(dev, (struct comedi_devinfo __user *)arg,
2334 file);
2335 break;
2336 case COMEDI_SUBDINFO:
2337 rc = do_subdinfo_ioctl(dev,
2338 (struct comedi_subdinfo __user *)arg,
2339 file);
2340 break;
2341 case COMEDI_CHANINFO: {
2342 struct comedi_chaninfo it;
2343
2344 if (copy_from_user(&it, (void __user *)arg, sizeof(it)))
2345 rc = -EFAULT;
2346 else
2347 rc = do_chaninfo_ioctl(dev, &it);
2348 break;
2349 }
2350 case COMEDI_RANGEINFO: {
2351 struct comedi_rangeinfo it;
2352
2353 if (copy_from_user(&it, (void __user *)arg, sizeof(it)))
2354 rc = -EFAULT;
2355 else
2356 rc = do_rangeinfo_ioctl(dev, &it);
2357 break;
2358 }
2359 case COMEDI_LOCK:
2360 rc = do_lock_ioctl(dev, arg, file);
2361 break;
2362 case COMEDI_UNLOCK:
2363 rc = do_unlock_ioctl(dev, arg, file);
2364 break;
2365 case COMEDI_CANCEL:
2366 rc = do_cancel_ioctl(dev, arg, file);
2367 break;
2368 case COMEDI_CMD: {
2369 struct comedi_cmd cmd;
2370 bool copy = false;
2371
2372 if (copy_from_user(&cmd, (void __user *)arg, sizeof(cmd))) {
2373 rc = -EFAULT;
2374 break;
2375 }
2376 rc = do_cmd_ioctl(dev, &cmd, ©, file);
2377 if (copy && copy_to_user((void __user *)arg, &cmd, sizeof(cmd)))
2378 rc = -EFAULT;
2379 break;
2380 }
2381 case COMEDI_CMDTEST: {
2382 struct comedi_cmd cmd;
2383 bool copy = false;
2384
2385 if (copy_from_user(&cmd, (void __user *)arg, sizeof(cmd))) {
2386 rc = -EFAULT;
2387 break;
2388 }
2389 rc = do_cmdtest_ioctl(dev, &cmd, ©, file);
2390 if (copy && copy_to_user((void __user *)arg, &cmd, sizeof(cmd)))
2391 rc = -EFAULT;
2392 break;
2393 }
2394 case COMEDI_INSNLIST: {
2395 struct comedi_insnlist insnlist;
2396 struct comedi_insn *insns = NULL;
2397
2398 if (copy_from_user(&insnlist, (void __user *)arg,
2399 sizeof(insnlist))) {
2400 rc = -EFAULT;
2401 break;
2402 }
2403 rc = check_insnlist_len(dev, insnlist.n_insns);
2404 if (rc)
2405 break;
2406 insns = memdup_array_user(insnlist.insns, insnlist.n_insns,
2407 sizeof(*insns));
2408 if (IS_ERR(insns)) {
2409 rc = PTR_ERR(insns);
2410 break;
2411 }
2412 rc = do_insnlist_ioctl(dev, insns, insnlist.n_insns, file);
2413 kfree(insns);
2414 break;
2415 }
2416 case COMEDI_INSN: {
2417 struct comedi_insn insn;
2418
2419 if (copy_from_user(&insn, (void __user *)arg, sizeof(insn)))
2420 rc = -EFAULT;
2421 else
2422 rc = do_insn_ioctl(dev, &insn, file);
2423 break;
2424 }
2425 case COMEDI_POLL:
2426 rc = do_poll_ioctl(dev, arg, file);
2427 break;
2428 case COMEDI_SETRSUBD:
2429 rc = do_setrsubd_ioctl(dev, arg, file);
2430 break;
2431 case COMEDI_SETWSUBD:
2432 rc = do_setwsubd_ioctl(dev, arg, file);
2433 break;
2434 default:
2435 rc = -ENOTTY;
2436 break;
2437 }
2438
2439 done:
2440 mutex_unlock(&dev->mutex);
2441 return rc;
2442 }
2443
comedi_vm_open(struct vm_area_struct * area)2444 static void comedi_vm_open(struct vm_area_struct *area)
2445 {
2446 struct comedi_buf_map *bm;
2447
2448 bm = area->vm_private_data;
2449 comedi_buf_map_get(bm);
2450 }
2451
comedi_vm_close(struct vm_area_struct * area)2452 static void comedi_vm_close(struct vm_area_struct *area)
2453 {
2454 struct comedi_buf_map *bm;
2455
2456 bm = area->vm_private_data;
2457 comedi_buf_map_put(bm);
2458 }
2459
comedi_vm_access(struct vm_area_struct * vma,unsigned long addr,void * buf,int len,int write)2460 static int comedi_vm_access(struct vm_area_struct *vma, unsigned long addr,
2461 void *buf, int len, int write)
2462 {
2463 struct comedi_buf_map *bm = vma->vm_private_data;
2464 unsigned long offset =
2465 addr - vma->vm_start + (vma->vm_pgoff << PAGE_SHIFT);
2466
2467 if (len < 0)
2468 return -EINVAL;
2469 if (len > vma->vm_end - addr)
2470 len = vma->vm_end - addr;
2471 return comedi_buf_map_access(bm, offset, buf, len, write);
2472 }
2473
2474 static const struct vm_operations_struct comedi_vm_ops = {
2475 .open = comedi_vm_open,
2476 .close = comedi_vm_close,
2477 .access = comedi_vm_access,
2478 };
2479
comedi_mmap(struct file * file,struct vm_area_struct * vma)2480 static int comedi_mmap(struct file *file, struct vm_area_struct *vma)
2481 {
2482 struct comedi_file *cfp = file->private_data;
2483 struct comedi_device *dev = cfp->dev;
2484 struct comedi_subdevice *s;
2485 struct comedi_async *async;
2486 struct comedi_buf_map *bm = NULL;
2487 struct comedi_buf_page *buf;
2488 unsigned long start = vma->vm_start;
2489 unsigned long size;
2490 int n_pages;
2491 int i;
2492 int retval = 0;
2493
2494 /*
2495 * 'trylock' avoids circular dependency with current->mm->mmap_lock
2496 * and down-reading &dev->attach_lock should normally succeed without
2497 * contention unless the device is in the process of being attached
2498 * or detached.
2499 */
2500 if (!down_read_trylock(&dev->attach_lock))
2501 return -EAGAIN;
2502
2503 if (!dev->attached) {
2504 dev_dbg(dev->class_dev, "no driver attached\n");
2505 retval = -ENODEV;
2506 goto done;
2507 }
2508
2509 if (vma->vm_flags & VM_WRITE)
2510 s = comedi_file_write_subdevice(file);
2511 else
2512 s = comedi_file_read_subdevice(file);
2513 if (!s) {
2514 retval = -EINVAL;
2515 goto done;
2516 }
2517
2518 async = s->async;
2519 if (!async) {
2520 retval = -EINVAL;
2521 goto done;
2522 }
2523
2524 if (vma->vm_pgoff != 0) {
2525 dev_dbg(dev->class_dev, "mmap() offset must be 0.\n");
2526 retval = -EINVAL;
2527 goto done;
2528 }
2529
2530 size = vma->vm_end - vma->vm_start;
2531 if (size > async->prealloc_bufsz) {
2532 retval = -EFAULT;
2533 goto done;
2534 }
2535 if (offset_in_page(size)) {
2536 retval = -EFAULT;
2537 goto done;
2538 }
2539
2540 n_pages = vma_pages(vma);
2541
2542 /* get reference to current buf map (if any) */
2543 bm = comedi_buf_map_from_subdev_get(s);
2544 if (!bm || n_pages > bm->n_pages) {
2545 retval = -EINVAL;
2546 goto done;
2547 }
2548 if (bm->dma_dir != DMA_NONE) {
2549 unsigned long vm_start = vma->vm_start;
2550 unsigned long vm_end = vma->vm_end;
2551
2552 /*
2553 * Buffer pages are not contiguous, so temporarily modify VMA
2554 * start and end addresses for each buffer page.
2555 */
2556 for (i = 0; i < n_pages; ++i) {
2557 buf = &bm->page_list[i];
2558 vma->vm_start = start;
2559 vma->vm_end = start + PAGE_SIZE;
2560 retval = dma_mmap_coherent(bm->dma_hw_dev, vma,
2561 buf->virt_addr,
2562 buf->dma_addr, PAGE_SIZE);
2563 if (retval)
2564 break;
2565
2566 start += PAGE_SIZE;
2567 }
2568 vma->vm_start = vm_start;
2569 vma->vm_end = vm_end;
2570 } else {
2571 for (i = 0; i < n_pages; ++i) {
2572 unsigned long pfn;
2573
2574 buf = &bm->page_list[i];
2575 pfn = page_to_pfn(virt_to_page(buf->virt_addr));
2576 retval = remap_pfn_range(vma, start, pfn, PAGE_SIZE,
2577 PAGE_SHARED);
2578 if (retval)
2579 break;
2580
2581 start += PAGE_SIZE;
2582 }
2583 }
2584
2585 #ifdef CONFIG_MMU
2586 /*
2587 * Leaving behind a partial mapping of a buffer we're about to drop is
2588 * unsafe, see remap_pfn_range_notrack(). We need to zap the range
2589 * here ourselves instead of relying on the automatic zapping in
2590 * remap_pfn_range() because we call remap_pfn_range() in a loop.
2591 */
2592 if (retval)
2593 zap_vma_ptes(vma, vma->vm_start, size);
2594 #endif
2595
2596 if (retval == 0) {
2597 vma->vm_ops = &comedi_vm_ops;
2598 vma->vm_private_data = bm;
2599
2600 vma->vm_ops->open(vma);
2601 }
2602
2603 done:
2604 up_read(&dev->attach_lock);
2605 comedi_buf_map_put(bm); /* put reference to buf map - okay if NULL */
2606 return retval;
2607 }
2608
comedi_poll(struct file * file,poll_table * wait)2609 static __poll_t comedi_poll(struct file *file, poll_table *wait)
2610 {
2611 __poll_t mask = 0;
2612 struct comedi_file *cfp = file->private_data;
2613 struct comedi_device *dev = cfp->dev;
2614 struct comedi_subdevice *s, *s_read;
2615
2616 down_read(&dev->attach_lock);
2617
2618 if (!dev->attached) {
2619 dev_dbg(dev->class_dev, "no driver attached\n");
2620 goto done;
2621 }
2622
2623 s = comedi_file_read_subdevice(file);
2624 s_read = s;
2625 if (s && s->async) {
2626 poll_wait(file, &s->async->wait_head, wait);
2627 if (s->busy != file || !comedi_is_subdevice_running(s) ||
2628 (s->async->cmd.flags & CMDF_WRITE) ||
2629 _comedi_buf_read_n_available(s) > 0)
2630 mask |= EPOLLIN | EPOLLRDNORM;
2631 }
2632
2633 s = comedi_file_write_subdevice(file);
2634 if (s && s->async) {
2635 unsigned int bps = comedi_bytes_per_sample(s);
2636
2637 if (s != s_read)
2638 poll_wait(file, &s->async->wait_head, wait);
2639 if (s->busy != file || !comedi_is_subdevice_running(s) ||
2640 !(s->async->cmd.flags & CMDF_WRITE) ||
2641 comedi_buf_write_n_available(s) >= bps)
2642 mask |= EPOLLOUT | EPOLLWRNORM;
2643 }
2644
2645 done:
2646 up_read(&dev->attach_lock);
2647 return mask;
2648 }
2649
comedi_buf_copy_to_user(struct comedi_subdevice * s,void __user * dest,unsigned int src_offset,unsigned int n)2650 static unsigned int comedi_buf_copy_to_user(struct comedi_subdevice *s,
2651 void __user *dest, unsigned int src_offset, unsigned int n)
2652 {
2653 struct comedi_buf_map *bm = s->async->buf_map;
2654 struct comedi_buf_page *buf_page_list = bm->page_list;
2655 unsigned int page = src_offset >> PAGE_SHIFT;
2656 unsigned int offset = offset_in_page(src_offset);
2657
2658 while (n) {
2659 unsigned int copy_amount = min(n, PAGE_SIZE - offset);
2660 unsigned int uncopied;
2661
2662 uncopied = copy_to_user(dest, buf_page_list[page].virt_addr +
2663 offset, copy_amount);
2664 copy_amount -= uncopied;
2665 n -= copy_amount;
2666 if (uncopied)
2667 break;
2668
2669 dest += copy_amount;
2670 page++;
2671 if (page == bm->n_pages)
2672 page = 0; /* buffer wraparound */
2673 offset = 0;
2674 }
2675 return n;
2676 }
2677
comedi_buf_copy_from_user(struct comedi_subdevice * s,unsigned int dst_offset,const void __user * src,unsigned int n)2678 static unsigned int comedi_buf_copy_from_user(struct comedi_subdevice *s,
2679 unsigned int dst_offset, const void __user *src, unsigned int n)
2680 {
2681 struct comedi_buf_map *bm = s->async->buf_map;
2682 struct comedi_buf_page *buf_page_list = bm->page_list;
2683 unsigned int page = dst_offset >> PAGE_SHIFT;
2684 unsigned int offset = offset_in_page(dst_offset);
2685
2686 while (n) {
2687 unsigned int copy_amount = min(n, PAGE_SIZE - offset);
2688 unsigned int uncopied;
2689
2690 uncopied = copy_from_user(buf_page_list[page].virt_addr +
2691 offset, src, copy_amount);
2692 copy_amount -= uncopied;
2693 n -= copy_amount;
2694 if (uncopied)
2695 break;
2696
2697 src += copy_amount;
2698 page++;
2699 if (page == bm->n_pages)
2700 page = 0; /* buffer wraparound */
2701 offset = 0;
2702 }
2703 return n;
2704 }
2705
comedi_write(struct file * file,const char __user * buf,size_t nbytes,loff_t * offset)2706 static ssize_t comedi_write(struct file *file, const char __user *buf,
2707 size_t nbytes, loff_t *offset)
2708 {
2709 struct comedi_subdevice *s;
2710 struct comedi_async *async;
2711 unsigned int n, m;
2712 ssize_t count = 0;
2713 int retval = 0;
2714 DECLARE_WAITQUEUE(wait, current);
2715 struct comedi_file *cfp = file->private_data;
2716 struct comedi_device *dev = cfp->dev;
2717 bool become_nonbusy = false;
2718 bool attach_locked;
2719 unsigned int old_detach_count;
2720
2721 /* Protect against device detachment during operation. */
2722 down_read(&dev->attach_lock);
2723 attach_locked = true;
2724 old_detach_count = dev->detach_count;
2725
2726 if (!dev->attached) {
2727 dev_dbg(dev->class_dev, "no driver attached\n");
2728 retval = -ENODEV;
2729 goto out;
2730 }
2731
2732 s = comedi_file_write_subdevice(file);
2733 if (!s || !s->async) {
2734 retval = -EIO;
2735 goto out;
2736 }
2737
2738 async = s->async;
2739 if (s->busy != file || !(async->cmd.flags & CMDF_WRITE)) {
2740 retval = -EINVAL;
2741 goto out;
2742 }
2743
2744 add_wait_queue(&async->wait_head, &wait);
2745 while (count == 0 && !retval) {
2746 unsigned int runflags;
2747
2748 set_current_state(TASK_INTERRUPTIBLE);
2749
2750 runflags = comedi_get_subdevice_runflags(s);
2751 if (!comedi_is_runflags_running(runflags)) {
2752 if (comedi_is_runflags_in_error(runflags))
2753 retval = -EPIPE;
2754 if (retval || nbytes)
2755 become_nonbusy = true;
2756 break;
2757 }
2758 if (nbytes == 0)
2759 break;
2760
2761 /* Allocate all free buffer space. */
2762 _comedi_buf_write_alloc(s, async->prealloc_bufsz);
2763 m = comedi_buf_write_n_allocated(s);
2764 n = min_t(size_t, m, nbytes);
2765
2766 if (n == 0) {
2767 if (file->f_flags & O_NONBLOCK) {
2768 retval = -EAGAIN;
2769 break;
2770 }
2771 schedule();
2772 if (signal_pending(current)) {
2773 retval = -ERESTARTSYS;
2774 break;
2775 }
2776 if (s->busy != file ||
2777 !(async->cmd.flags & CMDF_WRITE)) {
2778 retval = -EINVAL;
2779 break;
2780 }
2781 continue;
2782 }
2783
2784 set_current_state(TASK_RUNNING);
2785 m = comedi_buf_copy_from_user(s, async->buf_write_ptr, buf, n);
2786 if (m) {
2787 n -= m;
2788 retval = -EFAULT;
2789 }
2790 _comedi_buf_write_free(s, n);
2791
2792 count += n;
2793 nbytes -= n;
2794
2795 buf += n;
2796 }
2797 remove_wait_queue(&async->wait_head, &wait);
2798 set_current_state(TASK_RUNNING);
2799 if (become_nonbusy && count == 0) {
2800 struct comedi_subdevice *new_s;
2801
2802 /*
2803 * To avoid deadlock, cannot acquire dev->mutex
2804 * while dev->attach_lock is held.
2805 */
2806 up_read(&dev->attach_lock);
2807 attach_locked = false;
2808 mutex_lock(&dev->mutex);
2809 /*
2810 * Check device hasn't become detached behind our back.
2811 * Checking dev->detach_count is unchanged ought to be
2812 * sufficient (unless there have been 2**32 detaches in the
2813 * meantime!), but check the subdevice pointer as well just in
2814 * case.
2815 *
2816 * Also check the subdevice is still in a suitable state to
2817 * become non-busy in case it changed behind our back.
2818 */
2819 new_s = comedi_file_write_subdevice(file);
2820 if (dev->attached && old_detach_count == dev->detach_count &&
2821 s == new_s && new_s->async == async && s->busy == file &&
2822 (async->cmd.flags & CMDF_WRITE) &&
2823 !comedi_is_subdevice_running(s))
2824 do_become_nonbusy(dev, s);
2825 mutex_unlock(&dev->mutex);
2826 }
2827 out:
2828 if (attach_locked)
2829 up_read(&dev->attach_lock);
2830
2831 return count ? count : retval;
2832 }
2833
comedi_read(struct file * file,char __user * buf,size_t nbytes,loff_t * offset)2834 static ssize_t comedi_read(struct file *file, char __user *buf, size_t nbytes,
2835 loff_t *offset)
2836 {
2837 struct comedi_subdevice *s;
2838 struct comedi_async *async;
2839 unsigned int n, m;
2840 ssize_t count = 0;
2841 int retval = 0;
2842 DECLARE_WAITQUEUE(wait, current);
2843 struct comedi_file *cfp = file->private_data;
2844 struct comedi_device *dev = cfp->dev;
2845 unsigned int old_detach_count;
2846 bool become_nonbusy = false;
2847 bool attach_locked;
2848
2849 /* Protect against device detachment during operation. */
2850 down_read(&dev->attach_lock);
2851 attach_locked = true;
2852 old_detach_count = dev->detach_count;
2853
2854 if (!dev->attached) {
2855 dev_dbg(dev->class_dev, "no driver attached\n");
2856 retval = -ENODEV;
2857 goto out;
2858 }
2859
2860 s = comedi_file_read_subdevice(file);
2861 if (!s || !s->async) {
2862 retval = -EIO;
2863 goto out;
2864 }
2865
2866 async = s->async;
2867 if (s->busy != file || (async->cmd.flags & CMDF_WRITE)) {
2868 retval = -EINVAL;
2869 goto out;
2870 }
2871
2872 add_wait_queue(&async->wait_head, &wait);
2873 while (count == 0 && !retval) {
2874 set_current_state(TASK_INTERRUPTIBLE);
2875
2876 m = _comedi_buf_read_n_available(s);
2877 n = min_t(size_t, m, nbytes);
2878
2879 if (n == 0) {
2880 unsigned int runflags =
2881 comedi_get_subdevice_runflags(s);
2882
2883 if (!comedi_is_runflags_running(runflags)) {
2884 if (comedi_is_runflags_in_error(runflags))
2885 retval = -EPIPE;
2886 if (retval || nbytes)
2887 become_nonbusy = true;
2888 break;
2889 }
2890 if (nbytes == 0)
2891 break;
2892 if (file->f_flags & O_NONBLOCK) {
2893 retval = -EAGAIN;
2894 break;
2895 }
2896 schedule();
2897 if (signal_pending(current)) {
2898 retval = -ERESTARTSYS;
2899 break;
2900 }
2901 if (s->busy != file ||
2902 (async->cmd.flags & CMDF_WRITE)) {
2903 retval = -EINVAL;
2904 break;
2905 }
2906 continue;
2907 }
2908
2909 set_current_state(TASK_RUNNING);
2910 m = comedi_buf_copy_to_user(s, buf, async->buf_read_ptr, n);
2911 if (m) {
2912 n -= m;
2913 retval = -EFAULT;
2914 }
2915
2916 _comedi_buf_read_alloc(s, n);
2917 _comedi_buf_read_free(s, n);
2918
2919 count += n;
2920 nbytes -= n;
2921
2922 buf += n;
2923 }
2924 remove_wait_queue(&async->wait_head, &wait);
2925 set_current_state(TASK_RUNNING);
2926 if (become_nonbusy && count == 0) {
2927 struct comedi_subdevice *new_s;
2928
2929 /*
2930 * To avoid deadlock, cannot acquire dev->mutex
2931 * while dev->attach_lock is held.
2932 */
2933 up_read(&dev->attach_lock);
2934 attach_locked = false;
2935 mutex_lock(&dev->mutex);
2936 /*
2937 * Check device hasn't become detached behind our back.
2938 * Checking dev->detach_count is unchanged ought to be
2939 * sufficient (unless there have been 2**32 detaches in the
2940 * meantime!), but check the subdevice pointer as well just in
2941 * case.
2942 *
2943 * Also check the subdevice is still in a suitable state to
2944 * become non-busy in case it changed behind our back.
2945 */
2946 new_s = comedi_file_read_subdevice(file);
2947 if (dev->attached && old_detach_count == dev->detach_count &&
2948 s == new_s && new_s->async == async && s->busy == file &&
2949 !(async->cmd.flags & CMDF_WRITE) &&
2950 !comedi_is_subdevice_running(s) &&
2951 _comedi_buf_read_n_available(s) == 0)
2952 do_become_nonbusy(dev, s);
2953 mutex_unlock(&dev->mutex);
2954 }
2955 out:
2956 if (attach_locked)
2957 up_read(&dev->attach_lock);
2958
2959 return count ? count : retval;
2960 }
2961
comedi_open(struct inode * inode,struct file * file)2962 static int comedi_open(struct inode *inode, struct file *file)
2963 {
2964 const unsigned int minor = iminor(inode);
2965 struct comedi_file *cfp;
2966 struct comedi_device *dev = comedi_dev_get_from_minor(minor);
2967 int rc;
2968
2969 if (!dev) {
2970 pr_debug("invalid minor number\n");
2971 return -ENODEV;
2972 }
2973
2974 cfp = kzalloc_obj(*cfp);
2975 if (!cfp) {
2976 comedi_dev_put(dev);
2977 return -ENOMEM;
2978 }
2979
2980 cfp->dev = dev;
2981
2982 mutex_lock(&dev->mutex);
2983 if (!dev->attached && !capable(CAP_SYS_ADMIN)) {
2984 dev_dbg(dev->class_dev, "not attached and not CAP_SYS_ADMIN\n");
2985 rc = -ENODEV;
2986 goto out;
2987 }
2988 if (dev->attached && dev->use_count == 0) {
2989 if (!try_module_get(dev->driver->module)) {
2990 rc = -ENXIO;
2991 goto out;
2992 }
2993 if (dev->open) {
2994 rc = dev->open(dev);
2995 if (rc < 0) {
2996 module_put(dev->driver->module);
2997 goto out;
2998 }
2999 }
3000 }
3001
3002 dev->use_count++;
3003 file->private_data = cfp;
3004 comedi_file_reset(file);
3005 rc = 0;
3006
3007 out:
3008 mutex_unlock(&dev->mutex);
3009 if (rc) {
3010 comedi_dev_put(dev);
3011 kfree(cfp);
3012 }
3013 return rc;
3014 }
3015
comedi_fasync(int fd,struct file * file,int on)3016 static int comedi_fasync(int fd, struct file *file, int on)
3017 {
3018 struct comedi_file *cfp = file->private_data;
3019 struct comedi_device *dev = cfp->dev;
3020
3021 return fasync_helper(fd, file, on, &dev->async_queue);
3022 }
3023
comedi_close(struct inode * inode,struct file * file)3024 static int comedi_close(struct inode *inode, struct file *file)
3025 {
3026 struct comedi_file *cfp = file->private_data;
3027 struct comedi_device *dev = cfp->dev;
3028 struct comedi_subdevice *s = NULL;
3029 int i;
3030
3031 mutex_lock(&dev->mutex);
3032
3033 if (dev->subdevices) {
3034 for (i = 0; i < dev->n_subdevices; i++) {
3035 s = &dev->subdevices[i];
3036
3037 if (s->busy == file)
3038 do_cancel(dev, s);
3039 if (s->lock == file)
3040 s->lock = NULL;
3041 }
3042 }
3043 if (dev->attached && dev->use_count == 1) {
3044 if (dev->close)
3045 dev->close(dev);
3046 module_put(dev->driver->module);
3047 }
3048
3049 dev->use_count--;
3050
3051 mutex_unlock(&dev->mutex);
3052 comedi_dev_put(dev);
3053 kfree(cfp);
3054
3055 return 0;
3056 }
3057
3058 #ifdef CONFIG_COMPAT
3059
3060 #define COMEDI32_CHANINFO _IOR(CIO, 3, struct comedi32_chaninfo_struct)
3061 #define COMEDI32_RANGEINFO _IOR(CIO, 8, struct comedi32_rangeinfo_struct)
3062 /*
3063 * N.B. COMEDI32_CMD and COMEDI_CMD ought to use _IOWR, not _IOR.
3064 * It's too late to change it now, but it only affects the command number.
3065 */
3066 #define COMEDI32_CMD _IOR(CIO, 9, struct comedi32_cmd_struct)
3067 /*
3068 * N.B. COMEDI32_CMDTEST and COMEDI_CMDTEST ought to use _IOWR, not _IOR.
3069 * It's too late to change it now, but it only affects the command number.
3070 */
3071 #define COMEDI32_CMDTEST _IOR(CIO, 10, struct comedi32_cmd_struct)
3072 #define COMEDI32_INSNLIST _IOR(CIO, 11, struct comedi32_insnlist_struct)
3073 #define COMEDI32_INSN _IOR(CIO, 12, struct comedi32_insn_struct)
3074
3075 struct comedi32_chaninfo_struct {
3076 unsigned int subdev;
3077 compat_uptr_t maxdata_list; /* 32-bit 'unsigned int *' */
3078 compat_uptr_t flaglist; /* 32-bit 'unsigned int *' */
3079 compat_uptr_t rangelist; /* 32-bit 'unsigned int *' */
3080 unsigned int unused[4];
3081 };
3082
3083 struct comedi32_rangeinfo_struct {
3084 unsigned int range_type;
3085 compat_uptr_t range_ptr; /* 32-bit 'void *' */
3086 };
3087
3088 struct comedi32_cmd_struct {
3089 unsigned int subdev;
3090 unsigned int flags;
3091 unsigned int start_src;
3092 unsigned int start_arg;
3093 unsigned int scan_begin_src;
3094 unsigned int scan_begin_arg;
3095 unsigned int convert_src;
3096 unsigned int convert_arg;
3097 unsigned int scan_end_src;
3098 unsigned int scan_end_arg;
3099 unsigned int stop_src;
3100 unsigned int stop_arg;
3101 compat_uptr_t chanlist; /* 32-bit 'unsigned int *' */
3102 unsigned int chanlist_len;
3103 compat_uptr_t data; /* 32-bit 'short *' */
3104 unsigned int data_len;
3105 };
3106
3107 struct comedi32_insn_struct {
3108 unsigned int insn;
3109 unsigned int n;
3110 compat_uptr_t data; /* 32-bit 'unsigned int *' */
3111 unsigned int subdev;
3112 unsigned int chanspec;
3113 unsigned int unused[3];
3114 };
3115
3116 struct comedi32_insnlist_struct {
3117 unsigned int n_insns;
3118 compat_uptr_t insns; /* 32-bit 'struct comedi_insn *' */
3119 };
3120
3121 /* Handle 32-bit COMEDI_CHANINFO ioctl. */
compat_chaninfo(struct file * file,unsigned long arg)3122 static int compat_chaninfo(struct file *file, unsigned long arg)
3123 {
3124 struct comedi_file *cfp = file->private_data;
3125 struct comedi_device *dev = cfp->dev;
3126 struct comedi32_chaninfo_struct chaninfo32;
3127 struct comedi_chaninfo chaninfo;
3128 int err;
3129
3130 if (copy_from_user(&chaninfo32, compat_ptr(arg), sizeof(chaninfo32)))
3131 return -EFAULT;
3132
3133 memset(&chaninfo, 0, sizeof(chaninfo));
3134 chaninfo.subdev = chaninfo32.subdev;
3135 chaninfo.maxdata_list = compat_ptr(chaninfo32.maxdata_list);
3136 chaninfo.flaglist = compat_ptr(chaninfo32.flaglist);
3137 chaninfo.rangelist = compat_ptr(chaninfo32.rangelist);
3138
3139 mutex_lock(&dev->mutex);
3140 if (!dev->attached) {
3141 dev_dbg(dev->class_dev, "no driver attached\n");
3142 err = -ENODEV;
3143 } else {
3144 err = do_chaninfo_ioctl(dev, &chaninfo);
3145 }
3146 mutex_unlock(&dev->mutex);
3147 return err;
3148 }
3149
3150 /* Handle 32-bit COMEDI_RANGEINFO ioctl. */
compat_rangeinfo(struct file * file,unsigned long arg)3151 static int compat_rangeinfo(struct file *file, unsigned long arg)
3152 {
3153 struct comedi_file *cfp = file->private_data;
3154 struct comedi_device *dev = cfp->dev;
3155 struct comedi32_rangeinfo_struct rangeinfo32;
3156 struct comedi_rangeinfo rangeinfo;
3157 int err;
3158
3159 if (copy_from_user(&rangeinfo32, compat_ptr(arg), sizeof(rangeinfo32)))
3160 return -EFAULT;
3161 memset(&rangeinfo, 0, sizeof(rangeinfo));
3162 rangeinfo.range_type = rangeinfo32.range_type;
3163 rangeinfo.range_ptr = compat_ptr(rangeinfo32.range_ptr);
3164
3165 mutex_lock(&dev->mutex);
3166 if (!dev->attached) {
3167 dev_dbg(dev->class_dev, "no driver attached\n");
3168 err = -ENODEV;
3169 } else {
3170 err = do_rangeinfo_ioctl(dev, &rangeinfo);
3171 }
3172 mutex_unlock(&dev->mutex);
3173 return err;
3174 }
3175
3176 /* Copy 32-bit cmd structure to native cmd structure. */
get_compat_cmd(struct comedi_cmd * cmd,struct comedi32_cmd_struct __user * cmd32)3177 static int get_compat_cmd(struct comedi_cmd *cmd,
3178 struct comedi32_cmd_struct __user *cmd32)
3179 {
3180 struct comedi32_cmd_struct v32;
3181
3182 if (copy_from_user(&v32, cmd32, sizeof(v32)))
3183 return -EFAULT;
3184
3185 cmd->subdev = v32.subdev;
3186 cmd->flags = v32.flags;
3187 cmd->start_src = v32.start_src;
3188 cmd->start_arg = v32.start_arg;
3189 cmd->scan_begin_src = v32.scan_begin_src;
3190 cmd->scan_begin_arg = v32.scan_begin_arg;
3191 cmd->convert_src = v32.convert_src;
3192 cmd->convert_arg = v32.convert_arg;
3193 cmd->scan_end_src = v32.scan_end_src;
3194 cmd->scan_end_arg = v32.scan_end_arg;
3195 cmd->stop_src = v32.stop_src;
3196 cmd->stop_arg = v32.stop_arg;
3197 cmd->chanlist = (unsigned int __force *)compat_ptr(v32.chanlist);
3198 cmd->chanlist_len = v32.chanlist_len;
3199 cmd->data = compat_ptr(v32.data);
3200 cmd->data_len = v32.data_len;
3201 return 0;
3202 }
3203
3204 /* Copy native cmd structure to 32-bit cmd structure. */
put_compat_cmd(struct comedi32_cmd_struct __user * cmd32,struct comedi_cmd * cmd)3205 static int put_compat_cmd(struct comedi32_cmd_struct __user *cmd32,
3206 struct comedi_cmd *cmd)
3207 {
3208 struct comedi32_cmd_struct v32;
3209
3210 memset(&v32, 0, sizeof(v32));
3211 v32.subdev = cmd->subdev;
3212 v32.flags = cmd->flags;
3213 v32.start_src = cmd->start_src;
3214 v32.start_arg = cmd->start_arg;
3215 v32.scan_begin_src = cmd->scan_begin_src;
3216 v32.scan_begin_arg = cmd->scan_begin_arg;
3217 v32.convert_src = cmd->convert_src;
3218 v32.convert_arg = cmd->convert_arg;
3219 v32.scan_end_src = cmd->scan_end_src;
3220 v32.scan_end_arg = cmd->scan_end_arg;
3221 v32.stop_src = cmd->stop_src;
3222 v32.stop_arg = cmd->stop_arg;
3223 /* Assume chanlist pointer is unchanged. */
3224 v32.chanlist = ptr_to_compat((unsigned int __user *)cmd->chanlist);
3225 v32.chanlist_len = cmd->chanlist_len;
3226 v32.data = ptr_to_compat(cmd->data);
3227 v32.data_len = cmd->data_len;
3228 if (copy_to_user(cmd32, &v32, sizeof(v32)))
3229 return -EFAULT;
3230 return 0;
3231 }
3232
3233 /* Handle 32-bit COMEDI_CMD ioctl. */
compat_cmd(struct file * file,unsigned long arg)3234 static int compat_cmd(struct file *file, unsigned long arg)
3235 {
3236 struct comedi_file *cfp = file->private_data;
3237 struct comedi_device *dev = cfp->dev;
3238 struct comedi_cmd cmd;
3239 bool copy = false;
3240 int rc, err;
3241
3242 rc = get_compat_cmd(&cmd, compat_ptr(arg));
3243 if (rc)
3244 return rc;
3245
3246 mutex_lock(&dev->mutex);
3247 if (!dev->attached) {
3248 dev_dbg(dev->class_dev, "no driver attached\n");
3249 rc = -ENODEV;
3250 } else {
3251 rc = do_cmd_ioctl(dev, &cmd, ©, file);
3252 }
3253 mutex_unlock(&dev->mutex);
3254 if (copy) {
3255 /* Special case: copy cmd back to user. */
3256 err = put_compat_cmd(compat_ptr(arg), &cmd);
3257 if (err)
3258 rc = err;
3259 }
3260 return rc;
3261 }
3262
3263 /* Handle 32-bit COMEDI_CMDTEST ioctl. */
compat_cmdtest(struct file * file,unsigned long arg)3264 static int compat_cmdtest(struct file *file, unsigned long arg)
3265 {
3266 struct comedi_file *cfp = file->private_data;
3267 struct comedi_device *dev = cfp->dev;
3268 struct comedi_cmd cmd;
3269 bool copy = false;
3270 int rc, err;
3271
3272 rc = get_compat_cmd(&cmd, compat_ptr(arg));
3273 if (rc)
3274 return rc;
3275
3276 mutex_lock(&dev->mutex);
3277 if (!dev->attached) {
3278 dev_dbg(dev->class_dev, "no driver attached\n");
3279 rc = -ENODEV;
3280 } else {
3281 rc = do_cmdtest_ioctl(dev, &cmd, ©, file);
3282 }
3283 mutex_unlock(&dev->mutex);
3284 if (copy) {
3285 err = put_compat_cmd(compat_ptr(arg), &cmd);
3286 if (err)
3287 rc = err;
3288 }
3289 return rc;
3290 }
3291
3292 /* Copy 32-bit insn structure to native insn structure. */
get_compat_insn(struct comedi_insn * insn,struct comedi32_insn_struct __user * insn32)3293 static int get_compat_insn(struct comedi_insn *insn,
3294 struct comedi32_insn_struct __user *insn32)
3295 {
3296 struct comedi32_insn_struct v32;
3297
3298 /* Copy insn structure. Ignore the unused members. */
3299 if (copy_from_user(&v32, insn32, sizeof(v32)))
3300 return -EFAULT;
3301 memset(insn, 0, sizeof(*insn));
3302 insn->insn = v32.insn;
3303 insn->n = v32.n;
3304 insn->data = compat_ptr(v32.data);
3305 insn->subdev = v32.subdev;
3306 insn->chanspec = v32.chanspec;
3307 return 0;
3308 }
3309
3310 /* Handle 32-bit COMEDI_INSNLIST ioctl. */
compat_insnlist(struct file * file,unsigned long arg)3311 static int compat_insnlist(struct file *file, unsigned long arg)
3312 {
3313 struct comedi_file *cfp = file->private_data;
3314 struct comedi_device *dev = cfp->dev;
3315 struct comedi32_insnlist_struct insnlist32;
3316 struct comedi32_insn_struct __user *insn32;
3317 struct comedi_insn *insns;
3318 unsigned int n;
3319 int rc;
3320
3321 if (copy_from_user(&insnlist32, compat_ptr(arg), sizeof(insnlist32)))
3322 return -EFAULT;
3323
3324 rc = check_insnlist_len(dev, insnlist32.n_insns);
3325 if (rc)
3326 return rc;
3327 insns = kzalloc_objs(*insns, insnlist32.n_insns);
3328 if (!insns)
3329 return -ENOMEM;
3330
3331 /* Copy insn structures. */
3332 insn32 = compat_ptr(insnlist32.insns);
3333 for (n = 0; n < insnlist32.n_insns; n++) {
3334 rc = get_compat_insn(insns + n, insn32 + n);
3335 if (rc) {
3336 kfree(insns);
3337 return rc;
3338 }
3339 }
3340
3341 mutex_lock(&dev->mutex);
3342 if (!dev->attached) {
3343 dev_dbg(dev->class_dev, "no driver attached\n");
3344 rc = -ENODEV;
3345 } else {
3346 rc = do_insnlist_ioctl(dev, insns, insnlist32.n_insns, file);
3347 }
3348 mutex_unlock(&dev->mutex);
3349 kfree(insns);
3350 return rc;
3351 }
3352
3353 /* Handle 32-bit COMEDI_INSN ioctl. */
compat_insn(struct file * file,unsigned long arg)3354 static int compat_insn(struct file *file, unsigned long arg)
3355 {
3356 struct comedi_file *cfp = file->private_data;
3357 struct comedi_device *dev = cfp->dev;
3358 struct comedi_insn insn;
3359 int rc;
3360
3361 rc = get_compat_insn(&insn, (void __user *)arg);
3362 if (rc)
3363 return rc;
3364
3365 mutex_lock(&dev->mutex);
3366 if (!dev->attached) {
3367 dev_dbg(dev->class_dev, "no driver attached\n");
3368 rc = -ENODEV;
3369 } else {
3370 rc = do_insn_ioctl(dev, &insn, file);
3371 }
3372 mutex_unlock(&dev->mutex);
3373 return rc;
3374 }
3375
3376 /*
3377 * compat_ioctl file operation.
3378 *
3379 * Returns -ENOIOCTLCMD for unrecognised ioctl codes.
3380 */
comedi_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)3381 static long comedi_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
3382 {
3383 int rc;
3384
3385 switch (cmd) {
3386 case COMEDI_DEVCONFIG:
3387 case COMEDI_DEVINFO:
3388 case COMEDI_SUBDINFO:
3389 case COMEDI_BUFCONFIG:
3390 case COMEDI_BUFINFO:
3391 /* Just need to translate the pointer argument. */
3392 arg = (unsigned long)compat_ptr(arg);
3393 rc = comedi_unlocked_ioctl(file, cmd, arg);
3394 break;
3395 case COMEDI_LOCK:
3396 case COMEDI_UNLOCK:
3397 case COMEDI_CANCEL:
3398 case COMEDI_POLL:
3399 case COMEDI_SETRSUBD:
3400 case COMEDI_SETWSUBD:
3401 /* No translation needed. */
3402 rc = comedi_unlocked_ioctl(file, cmd, arg);
3403 break;
3404 case COMEDI32_CHANINFO:
3405 rc = compat_chaninfo(file, arg);
3406 break;
3407 case COMEDI32_RANGEINFO:
3408 rc = compat_rangeinfo(file, arg);
3409 break;
3410 case COMEDI32_CMD:
3411 rc = compat_cmd(file, arg);
3412 break;
3413 case COMEDI32_CMDTEST:
3414 rc = compat_cmdtest(file, arg);
3415 break;
3416 case COMEDI32_INSNLIST:
3417 rc = compat_insnlist(file, arg);
3418 break;
3419 case COMEDI32_INSN:
3420 rc = compat_insn(file, arg);
3421 break;
3422 default:
3423 rc = -ENOIOCTLCMD;
3424 break;
3425 }
3426 return rc;
3427 }
3428 #else
3429 #define comedi_compat_ioctl NULL
3430 #endif
3431
3432 static const struct file_operations comedi_fops = {
3433 .owner = THIS_MODULE,
3434 .unlocked_ioctl = comedi_unlocked_ioctl,
3435 .compat_ioctl = comedi_compat_ioctl,
3436 .open = comedi_open,
3437 .release = comedi_close,
3438 .read = comedi_read,
3439 .write = comedi_write,
3440 .mmap = comedi_mmap,
3441 .poll = comedi_poll,
3442 .fasync = comedi_fasync,
3443 .llseek = noop_llseek,
3444 };
3445
_comedi_event(struct comedi_device * dev,struct comedi_subdevice * s)3446 void _comedi_event(struct comedi_device *dev, struct comedi_subdevice *s)
3447 {
3448 struct comedi_async *async = s->async;
3449 unsigned int events;
3450 int si_code = 0;
3451 unsigned long flags;
3452
3453 spin_lock_irqsave(&s->spin_lock, flags);
3454
3455 events = async->events;
3456 async->events = 0;
3457 if (!__comedi_is_subdevice_running(s)) {
3458 spin_unlock_irqrestore(&s->spin_lock, flags);
3459 return;
3460 }
3461
3462 if (events & COMEDI_CB_CANCEL_MASK)
3463 __comedi_clear_subdevice_runflags(s, COMEDI_SRF_RUNNING);
3464
3465 /*
3466 * Remember if an error event has occurred, so an error can be
3467 * returned the next time the user does a read() or write().
3468 */
3469 if (events & COMEDI_CB_ERROR_MASK)
3470 __comedi_set_subdevice_runflags(s, COMEDI_SRF_ERROR);
3471
3472 if (async->cb_mask & events) {
3473 wake_up_interruptible(&async->wait_head);
3474 si_code = async->cmd.flags & CMDF_WRITE ? POLL_OUT : POLL_IN;
3475 }
3476
3477 spin_unlock_irqrestore(&s->spin_lock, flags);
3478
3479 if (si_code)
3480 kill_fasync(&dev->async_queue, SIGIO, si_code);
3481 }
3482
3483 /**
3484 * comedi_event() - Handle events for asynchronous COMEDI command
3485 * @dev: COMEDI device.
3486 * @s: COMEDI subdevice.
3487 * Context: in_interrupt() (usually), @s->spin_lock spin-lock not held.
3488 *
3489 * If an asynchronous COMEDI command is active on the subdevice, process
3490 * any %COMEDI_CB_... event flags that have been set, usually by an
3491 * interrupt handler. These may change the run state of the asynchronous
3492 * command, wake a task, and/or send a %SIGIO signal.
3493 */
comedi_event(struct comedi_device * dev,struct comedi_subdevice * s)3494 void comedi_event(struct comedi_device *dev, struct comedi_subdevice *s)
3495 {
3496 if (comedi_get_is_subdevice_running(s)) {
3497 comedi_event(dev, s);
3498 comedi_put_is_subdevice_running(s);
3499 }
3500 }
3501 EXPORT_SYMBOL_GPL(comedi_event);
3502
3503 /* Note: the ->mutex is pre-locked on successful return */
comedi_alloc_board_minor(struct device * hardware_device)3504 struct comedi_device *comedi_alloc_board_minor(struct device *hardware_device)
3505 {
3506 struct comedi_device *dev;
3507 struct device *csdev;
3508 unsigned int i;
3509
3510 dev = kzalloc_obj(*dev);
3511 if (!dev)
3512 return ERR_PTR(-ENOMEM);
3513 comedi_device_init(dev);
3514 comedi_set_hw_dev(dev, hardware_device);
3515 mutex_lock(&dev->mutex);
3516 mutex_lock(&comedi_board_minor_table_lock);
3517 for (i = hardware_device ? comedi_num_legacy_minors : 0;
3518 i < COMEDI_NUM_BOARD_MINORS; ++i) {
3519 if (!comedi_board_minor_table[i]) {
3520 comedi_board_minor_table[i] = dev;
3521 break;
3522 }
3523 }
3524 mutex_unlock(&comedi_board_minor_table_lock);
3525 if (i == COMEDI_NUM_BOARD_MINORS) {
3526 mutex_unlock(&dev->mutex);
3527 comedi_device_cleanup(dev);
3528 comedi_dev_put(dev);
3529 dev_err(hardware_device,
3530 "ran out of minor numbers for board device files\n");
3531 return ERR_PTR(-EBUSY);
3532 }
3533 dev->minor = i;
3534 csdev = device_create(&comedi_class, hardware_device,
3535 MKDEV(COMEDI_MAJOR, i), NULL, "comedi%i", i);
3536 if (!IS_ERR(csdev))
3537 dev->class_dev = get_device(csdev);
3538
3539 /* Note: dev->mutex needs to be unlocked by the caller. */
3540 return dev;
3541 }
3542
comedi_release_hardware_device(struct device * hardware_device)3543 void comedi_release_hardware_device(struct device *hardware_device)
3544 {
3545 int minor;
3546 struct comedi_device *dev;
3547
3548 for (minor = comedi_num_legacy_minors; minor < COMEDI_NUM_BOARD_MINORS;
3549 minor++) {
3550 mutex_lock(&comedi_board_minor_table_lock);
3551 dev = comedi_board_minor_table[minor];
3552 if (dev && dev->hw_dev == hardware_device) {
3553 comedi_board_minor_table[minor] = NULL;
3554 mutex_unlock(&comedi_board_minor_table_lock);
3555 comedi_free_board_dev(dev);
3556 break;
3557 }
3558 mutex_unlock(&comedi_board_minor_table_lock);
3559 }
3560 }
3561
comedi_alloc_subdevice_minor(struct comedi_subdevice * s)3562 int comedi_alloc_subdevice_minor(struct comedi_subdevice *s)
3563 {
3564 struct comedi_device *dev = s->device;
3565 struct device *csdev;
3566 unsigned int i;
3567
3568 mutex_lock(&comedi_subdevice_minor_table_lock);
3569 for (i = 0; i < COMEDI_NUM_SUBDEVICE_MINORS; ++i) {
3570 if (!comedi_subdevice_minor_table[i]) {
3571 comedi_subdevice_minor_table[i] = s;
3572 break;
3573 }
3574 }
3575 mutex_unlock(&comedi_subdevice_minor_table_lock);
3576 if (i == COMEDI_NUM_SUBDEVICE_MINORS) {
3577 dev_err(dev->class_dev,
3578 "ran out of minor numbers for subdevice files\n");
3579 return -EBUSY;
3580 }
3581 i += COMEDI_NUM_BOARD_MINORS;
3582 s->minor = i;
3583 csdev = device_create(&comedi_class, dev->class_dev,
3584 MKDEV(COMEDI_MAJOR, i), NULL, "comedi%i_subd%i",
3585 dev->minor, s->index);
3586 if (!IS_ERR(csdev))
3587 s->class_dev = csdev;
3588
3589 return 0;
3590 }
3591
comedi_free_subdevice_minor(struct comedi_subdevice * s)3592 void comedi_free_subdevice_minor(struct comedi_subdevice *s)
3593 {
3594 unsigned int i;
3595
3596 if (!s)
3597 return;
3598 if (s->minor < COMEDI_NUM_BOARD_MINORS ||
3599 s->minor >= COMEDI_NUM_MINORS)
3600 return;
3601
3602 i = s->minor - COMEDI_NUM_BOARD_MINORS;
3603 mutex_lock(&comedi_subdevice_minor_table_lock);
3604 if (s == comedi_subdevice_minor_table[i])
3605 comedi_subdevice_minor_table[i] = NULL;
3606 mutex_unlock(&comedi_subdevice_minor_table_lock);
3607 if (s->class_dev) {
3608 device_destroy(&comedi_class, MKDEV(COMEDI_MAJOR, s->minor));
3609 s->class_dev = NULL;
3610 }
3611 }
3612
comedi_cleanup_board_minors(void)3613 static void comedi_cleanup_board_minors(void)
3614 {
3615 struct comedi_device *dev;
3616 unsigned int i;
3617
3618 for (i = 0; i < COMEDI_NUM_BOARD_MINORS; i++) {
3619 dev = comedi_clear_board_minor(i);
3620 comedi_free_board_dev(dev);
3621 }
3622 }
3623
comedi_init(void)3624 static int __init comedi_init(void)
3625 {
3626 int i;
3627 int retval;
3628
3629 pr_info("version " COMEDI_RELEASE " - http://www.comedi.org\n");
3630
3631 if (comedi_num_legacy_minors > COMEDI_NUM_BOARD_MINORS) {
3632 pr_err("invalid value for module parameter \"comedi_num_legacy_minors\". Valid values are 0 through %i.\n",
3633 COMEDI_NUM_BOARD_MINORS);
3634 return -EINVAL;
3635 }
3636
3637 retval = register_chrdev_region(MKDEV(COMEDI_MAJOR, 0),
3638 COMEDI_NUM_MINORS, "comedi");
3639 if (retval)
3640 return retval;
3641
3642 cdev_init(&comedi_cdev, &comedi_fops);
3643 comedi_cdev.owner = THIS_MODULE;
3644
3645 retval = kobject_set_name(&comedi_cdev.kobj, "comedi");
3646 if (retval)
3647 goto out_unregister_chrdev_region;
3648
3649 retval = cdev_add(&comedi_cdev, MKDEV(COMEDI_MAJOR, 0),
3650 COMEDI_NUM_MINORS);
3651 if (retval)
3652 goto out_unregister_chrdev_region;
3653
3654 retval = class_register(&comedi_class);
3655 if (retval) {
3656 pr_err("failed to create class\n");
3657 goto out_cdev_del;
3658 }
3659
3660 /* create devices files for legacy/manual use */
3661 for (i = 0; i < comedi_num_legacy_minors; i++) {
3662 struct comedi_device *dev;
3663
3664 dev = comedi_alloc_board_minor(NULL);
3665 if (IS_ERR(dev)) {
3666 retval = PTR_ERR(dev);
3667 goto out_cleanup_board_minors;
3668 }
3669 /* comedi_alloc_board_minor() locked the mutex */
3670 lockdep_assert_held(&dev->mutex);
3671 mutex_unlock(&dev->mutex);
3672 }
3673
3674 /* XXX requires /proc interface */
3675 comedi_proc_init();
3676
3677 return 0;
3678
3679 out_cleanup_board_minors:
3680 comedi_cleanup_board_minors();
3681 class_unregister(&comedi_class);
3682 out_cdev_del:
3683 cdev_del(&comedi_cdev);
3684 out_unregister_chrdev_region:
3685 unregister_chrdev_region(MKDEV(COMEDI_MAJOR, 0), COMEDI_NUM_MINORS);
3686 return retval;
3687 }
3688 module_init(comedi_init);
3689
comedi_cleanup(void)3690 static void __exit comedi_cleanup(void)
3691 {
3692 comedi_cleanup_board_minors();
3693 class_unregister(&comedi_class);
3694 cdev_del(&comedi_cdev);
3695 unregister_chrdev_region(MKDEV(COMEDI_MAJOR, 0), COMEDI_NUM_MINORS);
3696
3697 comedi_proc_cleanup();
3698 }
3699 module_exit(comedi_cleanup);
3700
3701 MODULE_AUTHOR("https://www.comedi.org");
3702 MODULE_DESCRIPTION("Comedi core module");
3703 MODULE_LICENSE("GPL");
3704