1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * Routines for driver control interface 4 * Copyright (c) by Jaroslav Kysela <perex@perex.cz> 5 */ 6 7#include <linux/threads.h> 8#include <linux/interrupt.h> 9#include <linux/module.h> 10#include <linux/moduleparam.h> 11#include <linux/slab.h> 12#include <linux/vmalloc.h> 13#include <linux/time.h> 14#include <linux/mm.h> 15#include <linux/math64.h> 16#include <linux/sched/signal.h> 17#include <sound/core.h> 18#include <sound/minors.h> 19#include <sound/info.h> 20#include <sound/control.h> 21 22// Max allocation size for user controls. 23static int max_user_ctl_alloc_size = 8 * 1024 * 1024; 24module_param_named(max_user_ctl_alloc_size, max_user_ctl_alloc_size, int, 0444); 25MODULE_PARM_DESC(max_user_ctl_alloc_size, "Max allocation size for user controls"); 26 27#define MAX_CONTROL_COUNT 1028 28 29struct snd_kctl_ioctl { 30 struct list_head list; /* list of all ioctls */ 31 snd_kctl_ioctl_func_t fioctl; 32}; 33 34static DECLARE_RWSEM(snd_ioctl_rwsem); 35static DECLARE_RWSEM(snd_ctl_layer_rwsem); 36static LIST_HEAD(snd_control_ioctls); 37#ifdef CONFIG_COMPAT 38static LIST_HEAD(snd_control_compat_ioctls); 39#endif 40static struct snd_ctl_layer_ops *snd_ctl_layer; 41 42static int snd_ctl_remove_locked(struct snd_card *card, 43 struct snd_kcontrol *kcontrol); 44 45static int snd_ctl_open(struct inode *inode, struct file *file) 46{ 47 struct snd_card *card; 48 struct snd_ctl_file *ctl; 49 int i, err; 50 51 err = stream_open(inode, file); 52 if (err < 0) 53 return err; 54 55 card = snd_lookup_minor_data(iminor(inode), SNDRV_DEVICE_TYPE_CONTROL); 56 if (!card) { 57 err = -ENODEV; 58 goto __error1; 59 } 60 err = snd_card_file_add(card, file); 61 if (err < 0) { 62 err = -ENODEV; 63 goto __error1; 64 } 65 if (!try_module_get(card->module)) { 66 err = -EFAULT; 67 goto __error2; 68 } 69 ctl = kzalloc(sizeof(*ctl), GFP_KERNEL); 70 if (ctl == NULL) { 71 err = -ENOMEM; 72 goto __error; 73 } 74 INIT_LIST_HEAD(&ctl->events); 75 init_waitqueue_head(&ctl->change_sleep); 76 spin_lock_init(&ctl->read_lock); 77 ctl->card = card; 78 for (i = 0; i < SND_CTL_SUBDEV_ITEMS; i++) 79 ctl->preferred_subdevice[i] = -1; 80 ctl->pid = get_pid(task_pid(current)); 81 file->private_data = ctl; 82 scoped_guard(write_lock_irqsave, &card->ctl_files_rwlock) 83 list_add_tail(&ctl->list, &card->ctl_files); 84 snd_card_unref(card); 85 return 0; 86 87 __error: 88 module_put(card->module); 89 __error2: 90 snd_card_file_remove(card, file); 91 __error1: 92 if (card) 93 snd_card_unref(card); 94 return err; 95} 96 97static void snd_ctl_empty_read_queue(struct snd_ctl_file * ctl) 98{ 99 struct snd_kctl_event *cread; 100 101 guard(spinlock_irqsave)(&ctl->read_lock); 102 while (!list_empty(&ctl->events)) { 103 cread = snd_kctl_event(ctl->events.next); 104 list_del(&cread->list); 105 kfree(cread); 106 } 107} 108 109static int snd_ctl_release(struct inode *inode, struct file *file) 110{ 111 struct snd_card *card; 112 struct snd_ctl_file *ctl; 113 struct snd_kcontrol *control; 114 unsigned int idx; 115 116 ctl = file->private_data; 117 file->private_data = NULL; 118 card = ctl->card; 119 120 scoped_guard(write_lock_irqsave, &card->ctl_files_rwlock) 121 list_del(&ctl->list); 122 123 scoped_guard(rwsem_write, &card->controls_rwsem) { 124 list_for_each_entry(control, &card->controls, list) 125 for (idx = 0; idx < control->count; idx++) 126 if (control->vd[idx].owner == ctl) 127 control->vd[idx].owner = NULL; 128 } 129 130 snd_fasync_free(ctl->fasync); 131 snd_ctl_empty_read_queue(ctl); 132 put_pid(ctl->pid); 133 kfree(ctl); 134 module_put(card->module); 135 snd_card_file_remove(card, file); 136 return 0; 137} 138 139/** 140 * snd_ctl_notify - Send notification to user-space for a control change 141 * @card: the card to send notification 142 * @mask: the event mask, SNDRV_CTL_EVENT_* 143 * @id: the ctl element id to send notification 144 * 145 * This function adds an event record with the given id and mask, appends 146 * to the list and wakes up the user-space for notification. This can be 147 * called in the atomic context. 148 */ 149void snd_ctl_notify(struct snd_card *card, unsigned int mask, 150 struct snd_ctl_elem_id *id) 151{ 152 struct snd_ctl_file *ctl; 153 struct snd_kctl_event *ev; 154 155 if (snd_BUG_ON(!card || !id)) 156 return; 157 if (card->shutdown) 158 return; 159 160 guard(read_lock_irqsave)(&card->ctl_files_rwlock); 161#if IS_ENABLED(CONFIG_SND_MIXER_OSS) 162 card->mixer_oss_change_count++; 163#endif 164 list_for_each_entry(ctl, &card->ctl_files, list) { 165 if (!ctl->subscribed) 166 continue; 167 scoped_guard(spinlock, &ctl->read_lock) { 168 list_for_each_entry(ev, &ctl->events, list) { 169 if (ev->id.numid == id->numid) { 170 ev->mask |= mask; 171 goto _found; 172 } 173 } 174 ev = kzalloc(sizeof(*ev), GFP_ATOMIC); 175 if (ev) { 176 ev->id = *id; 177 ev->mask = mask; 178 list_add_tail(&ev->list, &ctl->events); 179 } else { 180 dev_err(card->dev, "No memory available to allocate event\n"); 181 } 182_found: 183 wake_up(&ctl->change_sleep); 184 } 185 snd_kill_fasync(ctl->fasync, SIGIO, POLL_IN); 186 } 187} 188EXPORT_SYMBOL(snd_ctl_notify); 189 190/** 191 * snd_ctl_notify_one - Send notification to user-space for a control change 192 * @card: the card to send notification 193 * @mask: the event mask, SNDRV_CTL_EVENT_* 194 * @kctl: the pointer with the control instance 195 * @ioff: the additional offset to the control index 196 * 197 * This function calls snd_ctl_notify() and does additional jobs 198 * like LED state changes. 199 */ 200void snd_ctl_notify_one(struct snd_card *card, unsigned int mask, 201 struct snd_kcontrol *kctl, unsigned int ioff) 202{ 203 struct snd_ctl_elem_id id = kctl->id; 204 struct snd_ctl_layer_ops *lops; 205 206 id.index += ioff; 207 id.numid += ioff; 208 snd_ctl_notify(card, mask, &id); 209 guard(rwsem_read)(&snd_ctl_layer_rwsem); 210 for (lops = snd_ctl_layer; lops; lops = lops->next) 211 lops->lnotify(card, mask, kctl, ioff); 212} 213EXPORT_SYMBOL(snd_ctl_notify_one); 214 215/** 216 * snd_ctl_new - create a new control instance with some elements 217 * @kctl: the pointer to store new control instance 218 * @count: the number of elements in this control 219 * @access: the default access flags for elements in this control 220 * @file: given when locking these elements 221 * 222 * Allocates a memory object for a new control instance. The instance has 223 * elements as many as the given number (@count). Each element has given 224 * access permissions (@access). Each element is locked when @file is given. 225 * 226 * Return: 0 on success, error code on failure 227 */ 228static int snd_ctl_new(struct snd_kcontrol **kctl, unsigned int count, 229 unsigned int access, struct snd_ctl_file *file) 230{ 231 unsigned int idx; 232 233 if (count == 0 || count > MAX_CONTROL_COUNT) 234 return -EINVAL; 235 236 *kctl = kzalloc(struct_size(*kctl, vd, count), GFP_KERNEL); 237 if (!*kctl) 238 return -ENOMEM; 239 240 for (idx = 0; idx < count; idx++) { 241 (*kctl)->vd[idx].access = access; 242 (*kctl)->vd[idx].owner = file; 243 } 244 (*kctl)->count = count; 245 246 return 0; 247} 248 249/** 250 * snd_ctl_new1 - create a control instance from the template 251 * @ncontrol: the initialization record 252 * @private_data: the private data to set 253 * 254 * Allocates a new struct snd_kcontrol instance and initialize from the given 255 * template. When the access field of ncontrol is 0, it's assumed as 256 * READWRITE access. When the count field is 0, it's assumes as one. 257 * 258 * Return: The pointer of the newly generated instance, or %NULL on failure. 259 */ 260struct snd_kcontrol *snd_ctl_new1(const struct snd_kcontrol_new *ncontrol, 261 void *private_data) 262{ 263 struct snd_kcontrol *kctl; 264 unsigned int count; 265 unsigned int access; 266 int err; 267 268 if (snd_BUG_ON(!ncontrol || !ncontrol->info)) 269 return NULL; 270 271 count = ncontrol->count; 272 if (count == 0) 273 count = 1; 274 275 access = ncontrol->access; 276 if (access == 0) 277 access = SNDRV_CTL_ELEM_ACCESS_READWRITE; 278 access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE | 279 SNDRV_CTL_ELEM_ACCESS_VOLATILE | 280 SNDRV_CTL_ELEM_ACCESS_INACTIVE | 281 SNDRV_CTL_ELEM_ACCESS_TLV_READWRITE | 282 SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND | 283 SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK | 284 SNDRV_CTL_ELEM_ACCESS_LED_MASK | 285 SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK); 286 287 err = snd_ctl_new(&kctl, count, access, NULL); 288 if (err < 0) 289 return NULL; 290 291 /* The 'numid' member is decided when calling snd_ctl_add(). */ 292 kctl->id.iface = ncontrol->iface; 293 kctl->id.device = ncontrol->device; 294 kctl->id.subdevice = ncontrol->subdevice; 295 if (ncontrol->name) { 296 strscpy(kctl->id.name, ncontrol->name, sizeof(kctl->id.name)); 297 if (strcmp(ncontrol->name, kctl->id.name) != 0) 298 pr_warn("ALSA: Control name '%s' truncated to '%s'\n", 299 ncontrol->name, kctl->id.name); 300 } 301 kctl->id.index = ncontrol->index; 302 303 kctl->info = ncontrol->info; 304 kctl->get = ncontrol->get; 305 kctl->put = ncontrol->put; 306 kctl->tlv.p = ncontrol->tlv.p; 307 308 kctl->private_value = ncontrol->private_value; 309 kctl->private_data = private_data; 310 311 return kctl; 312} 313EXPORT_SYMBOL(snd_ctl_new1); 314 315/** 316 * snd_ctl_free_one - release the control instance 317 * @kcontrol: the control instance 318 * 319 * Releases the control instance created via snd_ctl_new() 320 * or snd_ctl_new1(). 321 * Don't call this after the control was added to the card. 322 */ 323void snd_ctl_free_one(struct snd_kcontrol *kcontrol) 324{ 325 if (kcontrol) { 326 if (kcontrol->private_free) 327 kcontrol->private_free(kcontrol); 328 kfree(kcontrol); 329 } 330} 331EXPORT_SYMBOL(snd_ctl_free_one); 332 333static bool snd_ctl_remove_numid_conflict(struct snd_card *card, 334 unsigned int count) 335{ 336 struct snd_kcontrol *kctl; 337 338 /* Make sure that the ids assigned to the control do not wrap around */ 339 if (card->last_numid >= UINT_MAX - count) 340 card->last_numid = 0; 341 342 list_for_each_entry(kctl, &card->controls, list) { 343 if (kctl->id.numid < card->last_numid + 1 + count && 344 kctl->id.numid + kctl->count > card->last_numid + 1) { 345 card->last_numid = kctl->id.numid + kctl->count - 1; 346 return true; 347 } 348 } 349 return false; 350} 351 352static int snd_ctl_find_hole(struct snd_card *card, unsigned int count) 353{ 354 unsigned int iter = 100000; 355 356 while (snd_ctl_remove_numid_conflict(card, count)) { 357 if (--iter == 0) { 358 /* this situation is very unlikely */ 359 dev_err(card->dev, "unable to allocate new control numid\n"); 360 return -ENOMEM; 361 } 362 } 363 return 0; 364} 365 366/* check whether the given id is contained in the given kctl */ 367static bool elem_id_matches(const struct snd_kcontrol *kctl, 368 const struct snd_ctl_elem_id *id) 369{ 370 return kctl->id.iface == id->iface && 371 kctl->id.device == id->device && 372 kctl->id.subdevice == id->subdevice && 373 !strncmp(kctl->id.name, id->name, sizeof(kctl->id.name)) && 374 kctl->id.index <= id->index && 375 kctl->id.index + kctl->count > id->index; 376} 377 378#ifdef CONFIG_SND_CTL_FAST_LOOKUP 379/* Compute a hash key for the corresponding ctl id 380 * It's for the name lookup, hence the numid is excluded. 381 * The hash key is bound in LONG_MAX to be used for Xarray key. 382 */ 383#define MULTIPLIER 37 384static unsigned long get_ctl_id_hash(const struct snd_ctl_elem_id *id) 385{ 386 int i; 387 unsigned long h; 388 389 h = id->iface; 390 h = MULTIPLIER * h + id->device; 391 h = MULTIPLIER * h + id->subdevice; 392 for (i = 0; i < SNDRV_CTL_ELEM_ID_NAME_MAXLEN && id->name[i]; i++) 393 h = MULTIPLIER * h + id->name[i]; 394 h = MULTIPLIER * h + id->index; 395 h &= LONG_MAX; 396 return h; 397} 398 399/* add hash entries to numid and ctl xarray tables */ 400static void add_hash_entries(struct snd_card *card, 401 struct snd_kcontrol *kcontrol) 402{ 403 struct snd_ctl_elem_id id = kcontrol->id; 404 int i; 405 406 xa_store_range(&card->ctl_numids, kcontrol->id.numid, 407 kcontrol->id.numid + kcontrol->count - 1, 408 kcontrol, GFP_KERNEL); 409 410 for (i = 0; i < kcontrol->count; i++) { 411 id.index = kcontrol->id.index + i; 412 if (xa_insert(&card->ctl_hash, get_ctl_id_hash(&id), 413 kcontrol, GFP_KERNEL)) { 414 /* skip hash for this entry, noting we had collision */ 415 card->ctl_hash_collision = true; 416 dev_dbg(card->dev, "ctl_hash collision %d:%s:%d\n", 417 id.iface, id.name, id.index); 418 } 419 } 420} 421 422/* remove hash entries that have been added */ 423static void remove_hash_entries(struct snd_card *card, 424 struct snd_kcontrol *kcontrol) 425{ 426 struct snd_ctl_elem_id id = kcontrol->id; 427 struct snd_kcontrol *matched; 428 unsigned long h; 429 int i; 430 431 for (i = 0; i < kcontrol->count; i++) { 432 xa_erase(&card->ctl_numids, id.numid); 433 h = get_ctl_id_hash(&id); 434 matched = xa_load(&card->ctl_hash, h); 435 if (matched && (matched == kcontrol || 436 elem_id_matches(matched, &id))) 437 xa_erase(&card->ctl_hash, h); 438 id.index++; 439 id.numid++; 440 } 441} 442#else /* CONFIG_SND_CTL_FAST_LOOKUP */ 443static inline void add_hash_entries(struct snd_card *card, 444 struct snd_kcontrol *kcontrol) 445{ 446} 447static inline void remove_hash_entries(struct snd_card *card, 448 struct snd_kcontrol *kcontrol) 449{ 450} 451#endif /* CONFIG_SND_CTL_FAST_LOOKUP */ 452 453enum snd_ctl_add_mode { 454 CTL_ADD_EXCLUSIVE, CTL_REPLACE, CTL_ADD_ON_REPLACE, 455}; 456 457/* add/replace a new kcontrol object; call with card->controls_rwsem locked */ 458static int __snd_ctl_add_replace(struct snd_card *card, 459 struct snd_kcontrol *kcontrol, 460 enum snd_ctl_add_mode mode) 461{ 462 struct snd_ctl_elem_id id; 463 unsigned int idx; 464 struct snd_kcontrol *old; 465 int err; 466 467 lockdep_assert_held_write(&card->controls_rwsem); 468 469 id = kcontrol->id; 470 if (id.index > UINT_MAX - kcontrol->count) 471 return -EINVAL; 472 473 old = snd_ctl_find_id_locked(card, &id); 474 if (!old) { 475 if (mode == CTL_REPLACE) 476 return -EINVAL; 477 } else { 478 if (mode == CTL_ADD_EXCLUSIVE) { 479 dev_err(card->dev, 480 "control %i:%i:%i:%s:%i is already present\n", 481 id.iface, id.device, id.subdevice, id.name, 482 id.index); 483 return -EBUSY; 484 } 485 486 err = snd_ctl_remove_locked(card, old); 487 if (err < 0) 488 return err; 489 } 490 491 if (snd_ctl_find_hole(card, kcontrol->count) < 0) 492 return -ENOMEM; 493 494 list_add_tail(&kcontrol->list, &card->controls); 495 card->controls_count += kcontrol->count; 496 kcontrol->id.numid = card->last_numid + 1; 497 card->last_numid += kcontrol->count; 498 499 add_hash_entries(card, kcontrol); 500 501 for (idx = 0; idx < kcontrol->count; idx++) 502 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_ADD, kcontrol, idx); 503 504 return 0; 505} 506 507static int snd_ctl_add_replace(struct snd_card *card, 508 struct snd_kcontrol *kcontrol, 509 enum snd_ctl_add_mode mode) 510{ 511 int err = -EINVAL; 512 513 if (! kcontrol) 514 return err; 515 if (snd_BUG_ON(!card || !kcontrol->info)) 516 goto error; 517 518 scoped_guard(rwsem_write, &card->controls_rwsem) 519 err = __snd_ctl_add_replace(card, kcontrol, mode); 520 521 if (err < 0) 522 goto error; 523 return 0; 524 525 error: 526 snd_ctl_free_one(kcontrol); 527 return err; 528} 529 530/** 531 * snd_ctl_add - add the control instance to the card 532 * @card: the card instance 533 * @kcontrol: the control instance to add 534 * 535 * Adds the control instance created via snd_ctl_new() or 536 * snd_ctl_new1() to the given card. Assigns also an unique 537 * numid used for fast search. 538 * 539 * It frees automatically the control which cannot be added. 540 * 541 * Return: Zero if successful, or a negative error code on failure. 542 * 543 */ 544int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol) 545{ 546 return snd_ctl_add_replace(card, kcontrol, CTL_ADD_EXCLUSIVE); 547} 548EXPORT_SYMBOL(snd_ctl_add); 549 550/** 551 * snd_ctl_replace - replace the control instance of the card 552 * @card: the card instance 553 * @kcontrol: the control instance to replace 554 * @add_on_replace: add the control if not already added 555 * 556 * Replaces the given control. If the given control does not exist 557 * and the add_on_replace flag is set, the control is added. If the 558 * control exists, it is destroyed first. 559 * 560 * It frees automatically the control which cannot be added or replaced. 561 * 562 * Return: Zero if successful, or a negative error code on failure. 563 */ 564int snd_ctl_replace(struct snd_card *card, struct snd_kcontrol *kcontrol, 565 bool add_on_replace) 566{ 567 return snd_ctl_add_replace(card, kcontrol, 568 add_on_replace ? CTL_ADD_ON_REPLACE : CTL_REPLACE); 569} 570EXPORT_SYMBOL(snd_ctl_replace); 571 572static int __snd_ctl_remove(struct snd_card *card, 573 struct snd_kcontrol *kcontrol, 574 bool remove_hash) 575{ 576 unsigned int idx; 577 578 lockdep_assert_held_write(&card->controls_rwsem); 579 580 if (snd_BUG_ON(!card || !kcontrol)) 581 return -EINVAL; 582 list_del(&kcontrol->list); 583 584 if (remove_hash) 585 remove_hash_entries(card, kcontrol); 586 587 card->controls_count -= kcontrol->count; 588 for (idx = 0; idx < kcontrol->count; idx++) 589 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_REMOVE, kcontrol, idx); 590 snd_ctl_free_one(kcontrol); 591 return 0; 592} 593 594static inline int snd_ctl_remove_locked(struct snd_card *card, 595 struct snd_kcontrol *kcontrol) 596{ 597 return __snd_ctl_remove(card, kcontrol, true); 598} 599 600/** 601 * snd_ctl_remove - remove the control from the card and release it 602 * @card: the card instance 603 * @kcontrol: the control instance to remove 604 * 605 * Removes the control from the card and then releases the instance. 606 * You don't need to call snd_ctl_free_one(). 607 * 608 * Return: 0 if successful, or a negative error code on failure. 609 * 610 * Note that this function takes card->controls_rwsem lock internally. 611 */ 612int snd_ctl_remove(struct snd_card *card, struct snd_kcontrol *kcontrol) 613{ 614 guard(rwsem_write)(&card->controls_rwsem); 615 return snd_ctl_remove_locked(card, kcontrol); 616} 617EXPORT_SYMBOL(snd_ctl_remove); 618 619/** 620 * snd_ctl_remove_id - remove the control of the given id and release it 621 * @card: the card instance 622 * @id: the control id to remove 623 * 624 * Finds the control instance with the given id, removes it from the 625 * card list and releases it. 626 * 627 * Return: 0 if successful, or a negative error code on failure. 628 */ 629int snd_ctl_remove_id(struct snd_card *card, struct snd_ctl_elem_id *id) 630{ 631 struct snd_kcontrol *kctl; 632 633 guard(rwsem_write)(&card->controls_rwsem); 634 kctl = snd_ctl_find_id_locked(card, id); 635 if (kctl == NULL) 636 return -ENOENT; 637 return snd_ctl_remove_locked(card, kctl); 638} 639EXPORT_SYMBOL(snd_ctl_remove_id); 640 641/** 642 * snd_ctl_remove_user_ctl - remove and release the unlocked user control 643 * @file: active control handle 644 * @id: the control id to remove 645 * 646 * Finds the control instance with the given id, removes it from the 647 * card list and releases it. 648 * 649 * Return: 0 if successful, or a negative error code on failure. 650 */ 651static int snd_ctl_remove_user_ctl(struct snd_ctl_file * file, 652 struct snd_ctl_elem_id *id) 653{ 654 struct snd_card *card = file->card; 655 struct snd_kcontrol *kctl; 656 int idx; 657 658 guard(rwsem_write)(&card->controls_rwsem); 659 kctl = snd_ctl_find_id_locked(card, id); 660 if (kctl == NULL) 661 return -ENOENT; 662 if (!(kctl->vd[0].access & SNDRV_CTL_ELEM_ACCESS_USER)) 663 return -EINVAL; 664 for (idx = 0; idx < kctl->count; idx++) 665 if (kctl->vd[idx].owner != NULL && kctl->vd[idx].owner != file) 666 return -EBUSY; 667 return snd_ctl_remove_locked(card, kctl); 668} 669 670/** 671 * snd_ctl_activate_id - activate/inactivate the control of the given id 672 * @card: the card instance 673 * @id: the control id to activate/inactivate 674 * @active: non-zero to activate 675 * 676 * Finds the control instance with the given id, and activate or 677 * inactivate the control together with notification, if changed. 678 * The given ID data is filled with full information. 679 * 680 * Return: 0 if unchanged, 1 if changed, or a negative error code on failure. 681 */ 682int snd_ctl_activate_id(struct snd_card *card, struct snd_ctl_elem_id *id, 683 int active) 684{ 685 struct snd_kcontrol *kctl; 686 struct snd_kcontrol_volatile *vd; 687 unsigned int index_offset; 688 int ret; 689 690 down_write(&card->controls_rwsem); 691 kctl = snd_ctl_find_id_locked(card, id); 692 if (kctl == NULL) { 693 ret = -ENOENT; 694 goto unlock; 695 } 696 index_offset = snd_ctl_get_ioff(kctl, id); 697 vd = &kctl->vd[index_offset]; 698 ret = 0; 699 if (active) { 700 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE)) 701 goto unlock; 702 vd->access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE; 703 } else { 704 if (vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE) 705 goto unlock; 706 vd->access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE; 707 } 708 snd_ctl_build_ioff(id, kctl, index_offset); 709 downgrade_write(&card->controls_rwsem); 710 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_INFO, kctl, index_offset); 711 up_read(&card->controls_rwsem); 712 return 1; 713 714 unlock: 715 up_write(&card->controls_rwsem); 716 return ret; 717} 718EXPORT_SYMBOL_GPL(snd_ctl_activate_id); 719 720/** 721 * snd_ctl_rename_id - replace the id of a control on the card 722 * @card: the card instance 723 * @src_id: the old id 724 * @dst_id: the new id 725 * 726 * Finds the control with the old id from the card, and replaces the 727 * id with the new one. 728 * 729 * The function tries to keep the already assigned numid while replacing 730 * the rest. 731 * 732 * Note that this function should be used only in the card initialization 733 * phase. Calling after the card instantiation may cause issues with 734 * user-space expecting persistent numids. 735 * 736 * Return: Zero if successful, or a negative error code on failure. 737 */ 738int snd_ctl_rename_id(struct snd_card *card, struct snd_ctl_elem_id *src_id, 739 struct snd_ctl_elem_id *dst_id) 740{ 741 struct snd_kcontrol *kctl; 742 int saved_numid; 743 744 guard(rwsem_write)(&card->controls_rwsem); 745 kctl = snd_ctl_find_id_locked(card, src_id); 746 if (kctl == NULL) 747 return -ENOENT; 748 saved_numid = kctl->id.numid; 749 remove_hash_entries(card, kctl); 750 kctl->id = *dst_id; 751 kctl->id.numid = saved_numid; 752 add_hash_entries(card, kctl); 753 return 0; 754} 755EXPORT_SYMBOL(snd_ctl_rename_id); 756 757/** 758 * snd_ctl_rename - rename the control on the card 759 * @card: the card instance 760 * @kctl: the control to rename 761 * @name: the new name 762 * 763 * Renames the specified control on the card to the new name. 764 * 765 * Note that this function takes card->controls_rwsem lock internally. 766 */ 767void snd_ctl_rename(struct snd_card *card, struct snd_kcontrol *kctl, 768 const char *name) 769{ 770 guard(rwsem_write)(&card->controls_rwsem); 771 remove_hash_entries(card, kctl); 772 773 if (strscpy(kctl->id.name, name, sizeof(kctl->id.name)) < 0) 774 pr_warn("ALSA: Renamed control new name '%s' truncated to '%s'\n", 775 name, kctl->id.name); 776 777 add_hash_entries(card, kctl); 778} 779EXPORT_SYMBOL(snd_ctl_rename); 780 781#ifndef CONFIG_SND_CTL_FAST_LOOKUP 782static struct snd_kcontrol * 783snd_ctl_find_numid_slow(struct snd_card *card, unsigned int numid) 784{ 785 struct snd_kcontrol *kctl; 786 787 list_for_each_entry(kctl, &card->controls, list) { 788 if (kctl->id.numid <= numid && kctl->id.numid + kctl->count > numid) 789 return kctl; 790 } 791 return NULL; 792} 793#endif /* !CONFIG_SND_CTL_FAST_LOOKUP */ 794 795/** 796 * snd_ctl_find_numid_locked - find the control instance with the given number-id 797 * @card: the card instance 798 * @numid: the number-id to search 799 * 800 * Finds the control instance with the given number-id from the card. 801 * 802 * The caller must down card->controls_rwsem before calling this function 803 * (if the race condition can happen). 804 * 805 * Return: The pointer of the instance if found, or %NULL if not. 806 */ 807struct snd_kcontrol * 808snd_ctl_find_numid_locked(struct snd_card *card, unsigned int numid) 809{ 810 if (snd_BUG_ON(!card || !numid)) 811 return NULL; 812 lockdep_assert_held(&card->controls_rwsem); 813#ifdef CONFIG_SND_CTL_FAST_LOOKUP 814 return xa_load(&card->ctl_numids, numid); 815#else 816 return snd_ctl_find_numid_slow(card, numid); 817#endif 818} 819EXPORT_SYMBOL(snd_ctl_find_numid_locked); 820 821/** 822 * snd_ctl_find_numid - find the control instance with the given number-id 823 * @card: the card instance 824 * @numid: the number-id to search 825 * 826 * Finds the control instance with the given number-id from the card. 827 * 828 * Return: The pointer of the instance if found, or %NULL if not. 829 * 830 * Note that this function takes card->controls_rwsem lock internally. 831 */ 832struct snd_kcontrol *snd_ctl_find_numid(struct snd_card *card, 833 unsigned int numid) 834{ 835 guard(rwsem_read)(&card->controls_rwsem); 836 return snd_ctl_find_numid_locked(card, numid); 837} 838EXPORT_SYMBOL(snd_ctl_find_numid); 839 840/** 841 * snd_ctl_find_id_locked - find the control instance with the given id 842 * @card: the card instance 843 * @id: the id to search 844 * 845 * Finds the control instance with the given id from the card. 846 * 847 * The caller must down card->controls_rwsem before calling this function 848 * (if the race condition can happen). 849 * 850 * Return: The pointer of the instance if found, or %NULL if not. 851 */ 852struct snd_kcontrol *snd_ctl_find_id_locked(struct snd_card *card, 853 const struct snd_ctl_elem_id *id) 854{ 855 struct snd_kcontrol *kctl; 856 857 if (snd_BUG_ON(!card || !id)) 858 return NULL; 859 lockdep_assert_held(&card->controls_rwsem); 860 if (id->numid != 0) 861 return snd_ctl_find_numid_locked(card, id->numid); 862#ifdef CONFIG_SND_CTL_FAST_LOOKUP 863 kctl = xa_load(&card->ctl_hash, get_ctl_id_hash(id)); 864 if (kctl && elem_id_matches(kctl, id)) 865 return kctl; 866 if (!card->ctl_hash_collision) 867 return NULL; /* we can rely on only hash table */ 868#endif 869 /* no matching in hash table - try all as the last resort */ 870 list_for_each_entry(kctl, &card->controls, list) 871 if (elem_id_matches(kctl, id)) 872 return kctl; 873 874 return NULL; 875} 876EXPORT_SYMBOL(snd_ctl_find_id_locked); 877 878/** 879 * snd_ctl_find_id - find the control instance with the given id 880 * @card: the card instance 881 * @id: the id to search 882 * 883 * Finds the control instance with the given id from the card. 884 * 885 * Return: The pointer of the instance if found, or %NULL if not. 886 * 887 * Note that this function takes card->controls_rwsem lock internally. 888 */ 889struct snd_kcontrol *snd_ctl_find_id(struct snd_card *card, 890 const struct snd_ctl_elem_id *id) 891{ 892 guard(rwsem_read)(&card->controls_rwsem); 893 return snd_ctl_find_id_locked(card, id); 894} 895EXPORT_SYMBOL(snd_ctl_find_id); 896 897static int snd_ctl_card_info(struct snd_card *card, struct snd_ctl_file * ctl, 898 unsigned int cmd, void __user *arg) 899{ 900 struct snd_ctl_card_info *info __free(kfree) = NULL; 901 902 info = kzalloc(sizeof(*info), GFP_KERNEL); 903 if (! info) 904 return -ENOMEM; 905 scoped_guard(rwsem_read, &snd_ioctl_rwsem) { 906 info->card = card->number; 907 strscpy(info->id, card->id, sizeof(info->id)); 908 strscpy(info->driver, card->driver, sizeof(info->driver)); 909 strscpy(info->name, card->shortname, sizeof(info->name)); 910 strscpy(info->longname, card->longname, sizeof(info->longname)); 911 strscpy(info->mixername, card->mixername, sizeof(info->mixername)); 912 strscpy(info->components, card->components, sizeof(info->components)); 913 } 914 if (copy_to_user(arg, info, sizeof(struct snd_ctl_card_info))) 915 return -EFAULT; 916 return 0; 917} 918 919static int snd_ctl_elem_list(struct snd_card *card, 920 struct snd_ctl_elem_list *list) 921{ 922 struct snd_kcontrol *kctl; 923 struct snd_ctl_elem_id id; 924 unsigned int offset, space, jidx; 925 926 offset = list->offset; 927 space = list->space; 928 929 guard(rwsem_read)(&card->controls_rwsem); 930 list->count = card->controls_count; 931 list->used = 0; 932 if (!space) 933 return 0; 934 list_for_each_entry(kctl, &card->controls, list) { 935 if (offset >= kctl->count) { 936 offset -= kctl->count; 937 continue; 938 } 939 for (jidx = offset; jidx < kctl->count; jidx++) { 940 snd_ctl_build_ioff(&id, kctl, jidx); 941 if (copy_to_user(list->pids + list->used, &id, sizeof(id))) 942 return -EFAULT; 943 list->used++; 944 if (!--space) 945 return 0; 946 } 947 offset = 0; 948 } 949 return 0; 950} 951 952static int snd_ctl_elem_list_user(struct snd_card *card, 953 struct snd_ctl_elem_list __user *_list) 954{ 955 struct snd_ctl_elem_list list; 956 int err; 957 958 if (copy_from_user(&list, _list, sizeof(list))) 959 return -EFAULT; 960 err = snd_ctl_elem_list(card, &list); 961 if (err) 962 return err; 963 if (copy_to_user(_list, &list, sizeof(list))) 964 return -EFAULT; 965 966 return 0; 967} 968 969/* Check whether the given kctl info is valid */ 970static int snd_ctl_check_elem_info(struct snd_card *card, 971 const struct snd_ctl_elem_info *info) 972{ 973 static const unsigned int max_value_counts[] = { 974 [SNDRV_CTL_ELEM_TYPE_BOOLEAN] = 128, 975 [SNDRV_CTL_ELEM_TYPE_INTEGER] = 128, 976 [SNDRV_CTL_ELEM_TYPE_ENUMERATED] = 128, 977 [SNDRV_CTL_ELEM_TYPE_BYTES] = 512, 978 [SNDRV_CTL_ELEM_TYPE_IEC958] = 1, 979 [SNDRV_CTL_ELEM_TYPE_INTEGER64] = 64, 980 }; 981 982 if (info->type < SNDRV_CTL_ELEM_TYPE_BOOLEAN || 983 info->type > SNDRV_CTL_ELEM_TYPE_INTEGER64) { 984 if (card) 985 dev_err(card->dev, 986 "control %i:%i:%i:%s:%i: invalid type %d\n", 987 info->id.iface, info->id.device, 988 info->id.subdevice, info->id.name, 989 info->id.index, info->type); 990 return -EINVAL; 991 } 992 if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED && 993 info->value.enumerated.items == 0) { 994 if (card) 995 dev_err(card->dev, 996 "control %i:%i:%i:%s:%i: zero enum items\n", 997 info->id.iface, info->id.device, 998 info->id.subdevice, info->id.name, 999 info->id.index); 1000 return -EINVAL; 1001 } 1002 if (info->count > max_value_counts[info->type]) { 1003 if (card) 1004 dev_err(card->dev, 1005 "control %i:%i:%i:%s:%i: invalid count %d\n", 1006 info->id.iface, info->id.device, 1007 info->id.subdevice, info->id.name, 1008 info->id.index, info->count); 1009 return -EINVAL; 1010 } 1011 1012 return 0; 1013} 1014 1015/* The capacity of struct snd_ctl_elem_value.value.*/ 1016static const unsigned int value_sizes[] = { 1017 [SNDRV_CTL_ELEM_TYPE_BOOLEAN] = sizeof(long), 1018 [SNDRV_CTL_ELEM_TYPE_INTEGER] = sizeof(long), 1019 [SNDRV_CTL_ELEM_TYPE_ENUMERATED] = sizeof(unsigned int), 1020 [SNDRV_CTL_ELEM_TYPE_BYTES] = sizeof(unsigned char), 1021 [SNDRV_CTL_ELEM_TYPE_IEC958] = sizeof(struct snd_aes_iec958), 1022 [SNDRV_CTL_ELEM_TYPE_INTEGER64] = sizeof(long long), 1023}; 1024 1025/* fill the remaining snd_ctl_elem_value data with the given pattern */ 1026static void fill_remaining_elem_value(struct snd_ctl_elem_value *control, 1027 struct snd_ctl_elem_info *info, 1028 u32 pattern) 1029{ 1030 size_t offset = value_sizes[info->type] * info->count; 1031 1032 offset = DIV_ROUND_UP(offset, sizeof(u32)); 1033 memset32((u32 *)control->value.bytes.data + offset, pattern, 1034 sizeof(control->value) / sizeof(u32) - offset); 1035} 1036 1037/* check whether the given integer ctl value is valid */ 1038static int sanity_check_int_value(struct snd_card *card, 1039 const struct snd_ctl_elem_value *control, 1040 const struct snd_ctl_elem_info *info, 1041 int i, bool print_error) 1042{ 1043 long long lval, lmin, lmax, lstep; 1044 u64 rem; 1045 1046 switch (info->type) { 1047 default: 1048 case SNDRV_CTL_ELEM_TYPE_BOOLEAN: 1049 lval = control->value.integer.value[i]; 1050 lmin = 0; 1051 lmax = 1; 1052 lstep = 0; 1053 break; 1054 case SNDRV_CTL_ELEM_TYPE_INTEGER: 1055 lval = control->value.integer.value[i]; 1056 lmin = info->value.integer.min; 1057 lmax = info->value.integer.max; 1058 lstep = info->value.integer.step; 1059 break; 1060 case SNDRV_CTL_ELEM_TYPE_INTEGER64: 1061 lval = control->value.integer64.value[i]; 1062 lmin = info->value.integer64.min; 1063 lmax = info->value.integer64.max; 1064 lstep = info->value.integer64.step; 1065 break; 1066 case SNDRV_CTL_ELEM_TYPE_ENUMERATED: 1067 lval = control->value.enumerated.item[i]; 1068 lmin = 0; 1069 lmax = info->value.enumerated.items - 1; 1070 lstep = 0; 1071 break; 1072 } 1073 1074 if (lval < lmin || lval > lmax) { 1075 if (print_error) 1076 dev_err(card->dev, 1077 "control %i:%i:%i:%s:%i: value out of range %lld (%lld/%lld) at count %i\n", 1078 control->id.iface, control->id.device, 1079 control->id.subdevice, control->id.name, 1080 control->id.index, lval, lmin, lmax, i); 1081 return -EINVAL; 1082 } 1083 if (lstep) { 1084 div64_u64_rem(lval, lstep, &rem); 1085 if (rem) { 1086 if (print_error) 1087 dev_err(card->dev, 1088 "control %i:%i:%i:%s:%i: unaligned value %lld (step %lld) at count %i\n", 1089 control->id.iface, control->id.device, 1090 control->id.subdevice, control->id.name, 1091 control->id.index, lval, lstep, i); 1092 return -EINVAL; 1093 } 1094 } 1095 1096 return 0; 1097} 1098 1099/* check whether the all input values are valid for the given elem value */ 1100static int sanity_check_input_values(struct snd_card *card, 1101 const struct snd_ctl_elem_value *control, 1102 const struct snd_ctl_elem_info *info, 1103 bool print_error) 1104{ 1105 int i, ret; 1106 1107 switch (info->type) { 1108 case SNDRV_CTL_ELEM_TYPE_BOOLEAN: 1109 case SNDRV_CTL_ELEM_TYPE_INTEGER: 1110 case SNDRV_CTL_ELEM_TYPE_INTEGER64: 1111 case SNDRV_CTL_ELEM_TYPE_ENUMERATED: 1112 for (i = 0; i < info->count; i++) { 1113 ret = sanity_check_int_value(card, control, info, i, 1114 print_error); 1115 if (ret < 0) 1116 return ret; 1117 } 1118 break; 1119 default: 1120 break; 1121 } 1122 1123 return 0; 1124} 1125 1126/* perform sanity checks to the given snd_ctl_elem_value object */ 1127static int sanity_check_elem_value(struct snd_card *card, 1128 const struct snd_ctl_elem_value *control, 1129 const struct snd_ctl_elem_info *info, 1130 u32 pattern) 1131{ 1132 size_t offset; 1133 int ret; 1134 u32 *p; 1135 1136 ret = sanity_check_input_values(card, control, info, true); 1137 if (ret < 0) 1138 return ret; 1139 1140 /* check whether the remaining area kept untouched */ 1141 offset = value_sizes[info->type] * info->count; 1142 offset = DIV_ROUND_UP(offset, sizeof(u32)); 1143 p = (u32 *)control->value.bytes.data + offset; 1144 for (; offset < sizeof(control->value) / sizeof(u32); offset++, p++) { 1145 if (*p != pattern) { 1146 ret = -EINVAL; 1147 break; 1148 } 1149 *p = 0; /* clear the checked area */ 1150 } 1151 1152 return ret; 1153} 1154 1155static int __snd_ctl_elem_info(struct snd_card *card, 1156 struct snd_kcontrol *kctl, 1157 struct snd_ctl_elem_info *info, 1158 struct snd_ctl_file *ctl) 1159{ 1160 struct snd_kcontrol_volatile *vd; 1161 unsigned int index_offset; 1162 int result; 1163 1164#ifdef CONFIG_SND_DEBUG 1165 info->access = 0; 1166#endif 1167 result = snd_power_ref_and_wait(card); 1168 if (!result) 1169 result = kctl->info(kctl, info); 1170 snd_power_unref(card); 1171 if (result >= 0) { 1172 snd_BUG_ON(info->access); 1173 index_offset = snd_ctl_get_ioff(kctl, &info->id); 1174 vd = &kctl->vd[index_offset]; 1175 snd_ctl_build_ioff(&info->id, kctl, index_offset); 1176 info->access = vd->access; 1177 if (vd->owner) { 1178 info->access |= SNDRV_CTL_ELEM_ACCESS_LOCK; 1179 if (vd->owner == ctl) 1180 info->access |= SNDRV_CTL_ELEM_ACCESS_OWNER; 1181 info->owner = pid_vnr(vd->owner->pid); 1182 } else { 1183 info->owner = -1; 1184 } 1185 if (!snd_ctl_skip_validation(info) && 1186 snd_ctl_check_elem_info(card, info) < 0) 1187 result = -EINVAL; 1188 } 1189 return result; 1190} 1191 1192static int snd_ctl_elem_info(struct snd_ctl_file *ctl, 1193 struct snd_ctl_elem_info *info) 1194{ 1195 struct snd_card *card = ctl->card; 1196 struct snd_kcontrol *kctl; 1197 1198 guard(rwsem_read)(&card->controls_rwsem); 1199 kctl = snd_ctl_find_id_locked(card, &info->id); 1200 if (!kctl) 1201 return -ENOENT; 1202 return __snd_ctl_elem_info(card, kctl, info, ctl); 1203} 1204 1205static int snd_ctl_elem_info_user(struct snd_ctl_file *ctl, 1206 struct snd_ctl_elem_info __user *_info) 1207{ 1208 struct snd_ctl_elem_info info; 1209 int result; 1210 1211 if (copy_from_user(&info, _info, sizeof(info))) 1212 return -EFAULT; 1213 result = snd_ctl_elem_info(ctl, &info); 1214 if (result < 0) 1215 return result; 1216 /* drop internal access flags */ 1217 info.access &= ~(SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK| 1218 SNDRV_CTL_ELEM_ACCESS_LED_MASK); 1219 if (copy_to_user(_info, &info, sizeof(info))) 1220 return -EFAULT; 1221 return result; 1222} 1223 1224static int snd_ctl_elem_read(struct snd_card *card, 1225 struct snd_ctl_elem_value *control) 1226{ 1227 struct snd_kcontrol *kctl; 1228 struct snd_kcontrol_volatile *vd; 1229 unsigned int index_offset; 1230 struct snd_ctl_elem_info info; 1231 const u32 pattern = 0xdeadbeef; 1232 int ret; 1233 1234 guard(rwsem_read)(&card->controls_rwsem); 1235 kctl = snd_ctl_find_id_locked(card, &control->id); 1236 if (!kctl) 1237 return -ENOENT; 1238 1239 index_offset = snd_ctl_get_ioff(kctl, &control->id); 1240 vd = &kctl->vd[index_offset]; 1241 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_READ) || !kctl->get) 1242 return -EPERM; 1243 1244 snd_ctl_build_ioff(&control->id, kctl, index_offset); 1245 1246#ifdef CONFIG_SND_CTL_DEBUG 1247 /* info is needed only for validation */ 1248 memset(&info, 0, sizeof(info)); 1249 info.id = control->id; 1250 ret = __snd_ctl_elem_info(card, kctl, &info, NULL); 1251 if (ret < 0) 1252 return ret; 1253#endif 1254 1255 if (!snd_ctl_skip_validation(&info)) 1256 fill_remaining_elem_value(control, &info, pattern); 1257 ret = snd_power_ref_and_wait(card); 1258 if (!ret) 1259 ret = kctl->get(kctl, control); 1260 snd_power_unref(card); 1261 if (ret < 0) 1262 return ret; 1263 if (!snd_ctl_skip_validation(&info) && 1264 sanity_check_elem_value(card, control, &info, pattern) < 0) { 1265 dev_err(card->dev, 1266 "control %i:%i:%i:%s:%i: access overflow\n", 1267 control->id.iface, control->id.device, 1268 control->id.subdevice, control->id.name, 1269 control->id.index); 1270 return -EINVAL; 1271 } 1272 return 0; 1273} 1274 1275static int snd_ctl_elem_read_user(struct snd_card *card, 1276 struct snd_ctl_elem_value __user *_control) 1277{ 1278 struct snd_ctl_elem_value *control __free(kfree) = NULL; 1279 int result; 1280 1281 control = memdup_user(_control, sizeof(*control)); 1282 if (IS_ERR(control)) 1283 return PTR_ERR(no_free_ptr(control)); 1284 1285 result = snd_ctl_elem_read(card, control); 1286 if (result < 0) 1287 return result; 1288 1289 if (copy_to_user(_control, control, sizeof(*control))) 1290 return -EFAULT; 1291 return result; 1292} 1293 1294static int snd_ctl_elem_write(struct snd_card *card, struct snd_ctl_file *file, 1295 struct snd_ctl_elem_value *control) 1296{ 1297 struct snd_kcontrol *kctl; 1298 struct snd_kcontrol_volatile *vd; 1299 unsigned int index_offset; 1300 int result; 1301 1302 down_write(&card->controls_rwsem); 1303 kctl = snd_ctl_find_id_locked(card, &control->id); 1304 if (kctl == NULL) { 1305 up_write(&card->controls_rwsem); 1306 return -ENOENT; 1307 } 1308 1309 index_offset = snd_ctl_get_ioff(kctl, &control->id); 1310 vd = &kctl->vd[index_offset]; 1311 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_WRITE) || kctl->put == NULL || 1312 (file && vd->owner && vd->owner != file)) { 1313 up_write(&card->controls_rwsem); 1314 return -EPERM; 1315 } 1316 1317 snd_ctl_build_ioff(&control->id, kctl, index_offset); 1318 result = snd_power_ref_and_wait(card); 1319 /* validate input values */ 1320 if (IS_ENABLED(CONFIG_SND_CTL_INPUT_VALIDATION) && !result) { 1321 struct snd_ctl_elem_info info; 1322 1323 memset(&info, 0, sizeof(info)); 1324 info.id = control->id; 1325 result = __snd_ctl_elem_info(card, kctl, &info, NULL); 1326 if (!result) 1327 result = sanity_check_input_values(card, control, &info, 1328 false); 1329 } 1330 if (!result) 1331 result = kctl->put(kctl, control); 1332 snd_power_unref(card); 1333 if (result < 0) { 1334 up_write(&card->controls_rwsem); 1335 return result; 1336 } 1337 1338 if (result > 0) { 1339 downgrade_write(&card->controls_rwsem); 1340 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_VALUE, kctl, index_offset); 1341 up_read(&card->controls_rwsem); 1342 } else { 1343 up_write(&card->controls_rwsem); 1344 } 1345 1346 return 0; 1347} 1348 1349static int snd_ctl_elem_write_user(struct snd_ctl_file *file, 1350 struct snd_ctl_elem_value __user *_control) 1351{ 1352 struct snd_ctl_elem_value *control __free(kfree) = NULL; 1353 struct snd_card *card; 1354 int result; 1355 1356 control = memdup_user(_control, sizeof(*control)); 1357 if (IS_ERR(control)) 1358 return PTR_ERR(no_free_ptr(control)); 1359 1360 card = file->card; 1361 result = snd_ctl_elem_write(card, file, control); 1362 if (result < 0) 1363 return result; 1364 1365 if (copy_to_user(_control, control, sizeof(*control))) 1366 return -EFAULT; 1367 return result; 1368} 1369 1370static int snd_ctl_elem_lock(struct snd_ctl_file *file, 1371 struct snd_ctl_elem_id __user *_id) 1372{ 1373 struct snd_card *card = file->card; 1374 struct snd_ctl_elem_id id; 1375 struct snd_kcontrol *kctl; 1376 struct snd_kcontrol_volatile *vd; 1377 1378 if (copy_from_user(&id, _id, sizeof(id))) 1379 return -EFAULT; 1380 guard(rwsem_write)(&card->controls_rwsem); 1381 kctl = snd_ctl_find_id_locked(card, &id); 1382 if (!kctl) 1383 return -ENOENT; 1384 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)]; 1385 if (vd->owner) 1386 return -EBUSY; 1387 vd->owner = file; 1388 return 0; 1389} 1390 1391static int snd_ctl_elem_unlock(struct snd_ctl_file *file, 1392 struct snd_ctl_elem_id __user *_id) 1393{ 1394 struct snd_card *card = file->card; 1395 struct snd_ctl_elem_id id; 1396 struct snd_kcontrol *kctl; 1397 struct snd_kcontrol_volatile *vd; 1398 1399 if (copy_from_user(&id, _id, sizeof(id))) 1400 return -EFAULT; 1401 guard(rwsem_write)(&card->controls_rwsem); 1402 kctl = snd_ctl_find_id_locked(card, &id); 1403 if (!kctl) 1404 return -ENOENT; 1405 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)]; 1406 if (!vd->owner) 1407 return -EINVAL; 1408 if (vd->owner != file) 1409 return -EPERM; 1410 vd->owner = NULL; 1411 return 0; 1412} 1413 1414struct user_element { 1415 struct snd_ctl_elem_info info; 1416 struct snd_card *card; 1417 char *elem_data; /* element data */ 1418 unsigned long elem_data_size; /* size of element data in bytes */ 1419 void *tlv_data; /* TLV data */ 1420 unsigned long tlv_data_size; /* TLV data size */ 1421 void *priv_data; /* private data (like strings for enumerated type) */ 1422}; 1423 1424// check whether the addition (in bytes) of user ctl element may overflow the limit. 1425static bool check_user_elem_overflow(struct snd_card *card, ssize_t add) 1426{ 1427 return (ssize_t)card->user_ctl_alloc_size + add > max_user_ctl_alloc_size; 1428} 1429 1430static int snd_ctl_elem_user_info(struct snd_kcontrol *kcontrol, 1431 struct snd_ctl_elem_info *uinfo) 1432{ 1433 struct user_element *ue = kcontrol->private_data; 1434 unsigned int offset; 1435 1436 offset = snd_ctl_get_ioff(kcontrol, &uinfo->id); 1437 *uinfo = ue->info; 1438 snd_ctl_build_ioff(&uinfo->id, kcontrol, offset); 1439 1440 return 0; 1441} 1442 1443static int snd_ctl_elem_user_enum_info(struct snd_kcontrol *kcontrol, 1444 struct snd_ctl_elem_info *uinfo) 1445{ 1446 struct user_element *ue = kcontrol->private_data; 1447 const char *names; 1448 unsigned int item; 1449 unsigned int offset; 1450 1451 item = uinfo->value.enumerated.item; 1452 1453 offset = snd_ctl_get_ioff(kcontrol, &uinfo->id); 1454 *uinfo = ue->info; 1455 snd_ctl_build_ioff(&uinfo->id, kcontrol, offset); 1456 1457 item = min(item, uinfo->value.enumerated.items - 1); 1458 uinfo->value.enumerated.item = item; 1459 1460 names = ue->priv_data; 1461 for (; item > 0; --item) 1462 names += strlen(names) + 1; 1463 strcpy(uinfo->value.enumerated.name, names); 1464 1465 return 0; 1466} 1467 1468static int snd_ctl_elem_user_get(struct snd_kcontrol *kcontrol, 1469 struct snd_ctl_elem_value *ucontrol) 1470{ 1471 struct user_element *ue = kcontrol->private_data; 1472 unsigned int size = ue->elem_data_size; 1473 char *src = ue->elem_data + 1474 snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size; 1475 1476 memcpy(&ucontrol->value, src, size); 1477 return 0; 1478} 1479 1480static int snd_ctl_elem_user_put(struct snd_kcontrol *kcontrol, 1481 struct snd_ctl_elem_value *ucontrol) 1482{ 1483 int change; 1484 struct user_element *ue = kcontrol->private_data; 1485 unsigned int size = ue->elem_data_size; 1486 char *dst = ue->elem_data + 1487 snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size; 1488 1489 change = memcmp(&ucontrol->value, dst, size) != 0; 1490 if (change) 1491 memcpy(dst, &ucontrol->value, size); 1492 return change; 1493} 1494 1495/* called in controls_rwsem write lock */ 1496static int replace_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf, 1497 unsigned int size) 1498{ 1499 struct user_element *ue = kctl->private_data; 1500 unsigned int *container; 1501 unsigned int mask = 0; 1502 int i; 1503 int change; 1504 1505 lockdep_assert_held_write(&ue->card->controls_rwsem); 1506 1507 if (size > 1024 * 128) /* sane value */ 1508 return -EINVAL; 1509 1510 // does the TLV size change cause overflow? 1511 if (check_user_elem_overflow(ue->card, (ssize_t)(size - ue->tlv_data_size))) 1512 return -ENOMEM; 1513 1514 container = vmemdup_user(buf, size); 1515 if (IS_ERR(container)) 1516 return PTR_ERR(container); 1517 1518 change = ue->tlv_data_size != size; 1519 if (!change) 1520 change = memcmp(ue->tlv_data, container, size) != 0; 1521 if (!change) { 1522 kvfree(container); 1523 return 0; 1524 } 1525 1526 if (ue->tlv_data == NULL) { 1527 /* Now TLV data is available. */ 1528 for (i = 0; i < kctl->count; ++i) 1529 kctl->vd[i].access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ; 1530 mask = SNDRV_CTL_EVENT_MASK_INFO; 1531 } else { 1532 ue->card->user_ctl_alloc_size -= ue->tlv_data_size; 1533 ue->tlv_data_size = 0; 1534 kvfree(ue->tlv_data); 1535 } 1536 1537 ue->tlv_data = container; 1538 ue->tlv_data_size = size; 1539 // decremented at private_free. 1540 ue->card->user_ctl_alloc_size += size; 1541 1542 mask |= SNDRV_CTL_EVENT_MASK_TLV; 1543 for (i = 0; i < kctl->count; ++i) 1544 snd_ctl_notify_one(ue->card, mask, kctl, i); 1545 1546 return change; 1547} 1548 1549static int read_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf, 1550 unsigned int size) 1551{ 1552 struct user_element *ue = kctl->private_data; 1553 1554 if (ue->tlv_data_size == 0 || ue->tlv_data == NULL) 1555 return -ENXIO; 1556 1557 if (size < ue->tlv_data_size) 1558 return -ENOSPC; 1559 1560 if (copy_to_user(buf, ue->tlv_data, ue->tlv_data_size)) 1561 return -EFAULT; 1562 1563 return 0; 1564} 1565 1566static int snd_ctl_elem_user_tlv(struct snd_kcontrol *kctl, int op_flag, 1567 unsigned int size, unsigned int __user *buf) 1568{ 1569 if (op_flag == SNDRV_CTL_TLV_OP_WRITE) 1570 return replace_user_tlv(kctl, buf, size); 1571 else 1572 return read_user_tlv(kctl, buf, size); 1573} 1574 1575/* called in controls_rwsem write lock */ 1576static int snd_ctl_elem_init_enum_names(struct user_element *ue) 1577{ 1578 char *names, *p; 1579 size_t buf_len, name_len; 1580 unsigned int i; 1581 const uintptr_t user_ptrval = ue->info.value.enumerated.names_ptr; 1582 1583 lockdep_assert_held_write(&ue->card->controls_rwsem); 1584 1585 buf_len = ue->info.value.enumerated.names_length; 1586 if (buf_len > 64 * 1024) 1587 return -EINVAL; 1588 1589 if (check_user_elem_overflow(ue->card, buf_len)) 1590 return -ENOMEM; 1591 names = vmemdup_user((const void __user *)user_ptrval, buf_len); 1592 if (IS_ERR(names)) 1593 return PTR_ERR(names); 1594 1595 /* check that there are enough valid names */ 1596 p = names; 1597 for (i = 0; i < ue->info.value.enumerated.items; ++i) { 1598 name_len = strnlen(p, buf_len); 1599 if (name_len == 0 || name_len >= 64 || name_len == buf_len) { 1600 kvfree(names); 1601 return -EINVAL; 1602 } 1603 p += name_len + 1; 1604 buf_len -= name_len + 1; 1605 } 1606 1607 ue->priv_data = names; 1608 ue->info.value.enumerated.names_ptr = 0; 1609 // increment the allocation size; decremented again at private_free. 1610 ue->card->user_ctl_alloc_size += ue->info.value.enumerated.names_length; 1611 1612 return 0; 1613} 1614 1615static size_t compute_user_elem_size(size_t size, unsigned int count) 1616{ 1617 return sizeof(struct user_element) + size * count; 1618} 1619 1620static void snd_ctl_elem_user_free(struct snd_kcontrol *kcontrol) 1621{ 1622 struct user_element *ue = kcontrol->private_data; 1623 1624 // decrement the allocation size. 1625 ue->card->user_ctl_alloc_size -= compute_user_elem_size(ue->elem_data_size, kcontrol->count); 1626 ue->card->user_ctl_alloc_size -= ue->tlv_data_size; 1627 if (ue->priv_data) 1628 ue->card->user_ctl_alloc_size -= ue->info.value.enumerated.names_length; 1629 1630 kvfree(ue->tlv_data); 1631 kvfree(ue->priv_data); 1632 kfree(ue); 1633} 1634 1635static int snd_ctl_elem_add(struct snd_ctl_file *file, 1636 struct snd_ctl_elem_info *info, int replace) 1637{ 1638 struct snd_card *card = file->card; 1639 struct snd_kcontrol *kctl; 1640 unsigned int count; 1641 unsigned int access; 1642 long private_size; 1643 size_t alloc_size; 1644 struct user_element *ue; 1645 unsigned int offset; 1646 int err; 1647 1648 if (!*info->id.name) 1649 return -EINVAL; 1650 if (strnlen(info->id.name, sizeof(info->id.name)) >= sizeof(info->id.name)) 1651 return -EINVAL; 1652 1653 /* Delete a control to replace them if needed. */ 1654 if (replace) { 1655 info->id.numid = 0; 1656 err = snd_ctl_remove_user_ctl(file, &info->id); 1657 if (err) 1658 return err; 1659 } 1660 1661 /* Check the number of elements for this userspace control. */ 1662 count = info->owner; 1663 if (count == 0) 1664 count = 1; 1665 1666 /* Arrange access permissions if needed. */ 1667 access = info->access; 1668 if (access == 0) 1669 access = SNDRV_CTL_ELEM_ACCESS_READWRITE; 1670 access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE | 1671 SNDRV_CTL_ELEM_ACCESS_INACTIVE | 1672 SNDRV_CTL_ELEM_ACCESS_TLV_WRITE); 1673 1674 /* In initial state, nothing is available as TLV container. */ 1675 if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE) 1676 access |= SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK; 1677 access |= SNDRV_CTL_ELEM_ACCESS_USER; 1678 1679 /* 1680 * Check information and calculate the size of data specific to 1681 * this userspace control. 1682 */ 1683 /* pass NULL to card for suppressing error messages */ 1684 err = snd_ctl_check_elem_info(NULL, info); 1685 if (err < 0) 1686 return err; 1687 /* user-space control doesn't allow zero-size data */ 1688 if (info->count < 1) 1689 return -EINVAL; 1690 private_size = value_sizes[info->type] * info->count; 1691 alloc_size = compute_user_elem_size(private_size, count); 1692 1693 guard(rwsem_write)(&card->controls_rwsem); 1694 if (check_user_elem_overflow(card, alloc_size)) 1695 return -ENOMEM; 1696 1697 /* 1698 * Keep memory object for this userspace control. After passing this 1699 * code block, the instance should be freed by snd_ctl_free_one(). 1700 * 1701 * Note that these elements in this control are locked. 1702 */ 1703 err = snd_ctl_new(&kctl, count, access, file); 1704 if (err < 0) 1705 return err; 1706 memcpy(&kctl->id, &info->id, sizeof(kctl->id)); 1707 ue = kzalloc(alloc_size, GFP_KERNEL); 1708 if (!ue) { 1709 kfree(kctl); 1710 return -ENOMEM; 1711 } 1712 kctl->private_data = ue; 1713 kctl->private_free = snd_ctl_elem_user_free; 1714 1715 // increment the allocated size; decremented again at private_free. 1716 card->user_ctl_alloc_size += alloc_size; 1717 1718 /* Set private data for this userspace control. */ 1719 ue->card = card; 1720 ue->info = *info; 1721 ue->info.access = 0; 1722 ue->elem_data = (char *)ue + sizeof(*ue); 1723 ue->elem_data_size = private_size; 1724 if (ue->info.type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) { 1725 err = snd_ctl_elem_init_enum_names(ue); 1726 if (err < 0) { 1727 snd_ctl_free_one(kctl); 1728 return err; 1729 } 1730 } 1731 1732 /* Set callback functions. */ 1733 if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) 1734 kctl->info = snd_ctl_elem_user_enum_info; 1735 else 1736 kctl->info = snd_ctl_elem_user_info; 1737 if (access & SNDRV_CTL_ELEM_ACCESS_READ) 1738 kctl->get = snd_ctl_elem_user_get; 1739 if (access & SNDRV_CTL_ELEM_ACCESS_WRITE) 1740 kctl->put = snd_ctl_elem_user_put; 1741 if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE) 1742 kctl->tlv.c = snd_ctl_elem_user_tlv; 1743 1744 /* This function manage to free the instance on failure. */ 1745 err = __snd_ctl_add_replace(card, kctl, CTL_ADD_EXCLUSIVE); 1746 if (err < 0) { 1747 snd_ctl_free_one(kctl); 1748 return err; 1749 } 1750 offset = snd_ctl_get_ioff(kctl, &info->id); 1751 snd_ctl_build_ioff(&info->id, kctl, offset); 1752 /* 1753 * Here we cannot fill any field for the number of elements added by 1754 * this operation because there're no specific fields. The usage of 1755 * 'owner' field for this purpose may cause any bugs to userspace 1756 * applications because the field originally means PID of a process 1757 * which locks the element. 1758 */ 1759 return 0; 1760} 1761 1762static int snd_ctl_elem_add_user(struct snd_ctl_file *file, 1763 struct snd_ctl_elem_info __user *_info, int replace) 1764{ 1765 struct snd_ctl_elem_info info; 1766 int err; 1767 1768 if (copy_from_user(&info, _info, sizeof(info))) 1769 return -EFAULT; 1770 err = snd_ctl_elem_add(file, &info, replace); 1771 if (err < 0) 1772 return err; 1773 if (copy_to_user(_info, &info, sizeof(info))) { 1774 snd_ctl_remove_user_ctl(file, &info.id); 1775 return -EFAULT; 1776 } 1777 1778 return 0; 1779} 1780 1781static int snd_ctl_elem_remove(struct snd_ctl_file *file, 1782 struct snd_ctl_elem_id __user *_id) 1783{ 1784 struct snd_ctl_elem_id id; 1785 1786 if (copy_from_user(&id, _id, sizeof(id))) 1787 return -EFAULT; 1788 return snd_ctl_remove_user_ctl(file, &id); 1789} 1790 1791static int snd_ctl_subscribe_events(struct snd_ctl_file *file, int __user *ptr) 1792{ 1793 int subscribe; 1794 if (get_user(subscribe, ptr)) 1795 return -EFAULT; 1796 if (subscribe < 0) { 1797 subscribe = file->subscribed; 1798 if (put_user(subscribe, ptr)) 1799 return -EFAULT; 1800 return 0; 1801 } 1802 if (subscribe) { 1803 file->subscribed = 1; 1804 return 0; 1805 } else if (file->subscribed) { 1806 snd_ctl_empty_read_queue(file); 1807 file->subscribed = 0; 1808 } 1809 return 0; 1810} 1811 1812static int call_tlv_handler(struct snd_ctl_file *file, int op_flag, 1813 struct snd_kcontrol *kctl, 1814 struct snd_ctl_elem_id *id, 1815 unsigned int __user *buf, unsigned int size) 1816{ 1817 static const struct { 1818 int op; 1819 int perm; 1820 } pairs[] = { 1821 {SNDRV_CTL_TLV_OP_READ, SNDRV_CTL_ELEM_ACCESS_TLV_READ}, 1822 {SNDRV_CTL_TLV_OP_WRITE, SNDRV_CTL_ELEM_ACCESS_TLV_WRITE}, 1823 {SNDRV_CTL_TLV_OP_CMD, SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND}, 1824 }; 1825 struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)]; 1826 int i, ret; 1827 1828 /* Check support of the request for this element. */ 1829 for (i = 0; i < ARRAY_SIZE(pairs); ++i) { 1830 if (op_flag == pairs[i].op && (vd->access & pairs[i].perm)) 1831 break; 1832 } 1833 if (i == ARRAY_SIZE(pairs)) 1834 return -ENXIO; 1835 1836 if (kctl->tlv.c == NULL) 1837 return -ENXIO; 1838 1839 /* Write and command operations are not allowed for locked element. */ 1840 if (op_flag != SNDRV_CTL_TLV_OP_READ && 1841 vd->owner != NULL && vd->owner != file) 1842 return -EPERM; 1843 1844 ret = snd_power_ref_and_wait(file->card); 1845 if (!ret) 1846 ret = kctl->tlv.c(kctl, op_flag, size, buf); 1847 snd_power_unref(file->card); 1848 return ret; 1849} 1850 1851static int read_tlv_buf(struct snd_kcontrol *kctl, struct snd_ctl_elem_id *id, 1852 unsigned int __user *buf, unsigned int size) 1853{ 1854 struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)]; 1855 unsigned int len; 1856 1857 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_READ)) 1858 return -ENXIO; 1859 1860 if (kctl->tlv.p == NULL) 1861 return -ENXIO; 1862 1863 len = sizeof(unsigned int) * 2 + kctl->tlv.p[1]; 1864 if (size < len) 1865 return -ENOMEM; 1866 1867 if (copy_to_user(buf, kctl->tlv.p, len)) 1868 return -EFAULT; 1869 1870 return 0; 1871} 1872 1873static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file, 1874 struct snd_ctl_tlv __user *buf, 1875 int op_flag) 1876{ 1877 struct snd_ctl_tlv header; 1878 unsigned int __user *container; 1879 unsigned int container_size; 1880 struct snd_kcontrol *kctl; 1881 struct snd_ctl_elem_id id; 1882 struct snd_kcontrol_volatile *vd; 1883 1884 lockdep_assert_held(&file->card->controls_rwsem); 1885 1886 if (copy_from_user(&header, buf, sizeof(header))) 1887 return -EFAULT; 1888 1889 /* In design of control core, numerical ID starts at 1. */ 1890 if (header.numid == 0) 1891 return -EINVAL; 1892 1893 /* At least, container should include type and length fields. */ 1894 if (header.length < sizeof(unsigned int) * 2) 1895 return -EINVAL; 1896 container_size = header.length; 1897 container = buf->tlv; 1898 1899 kctl = snd_ctl_find_numid_locked(file->card, header.numid); 1900 if (kctl == NULL) 1901 return -ENOENT; 1902 1903 /* Calculate index of the element in this set. */ 1904 id = kctl->id; 1905 snd_ctl_build_ioff(&id, kctl, header.numid - id.numid); 1906 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)]; 1907 1908 if (vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK) { 1909 return call_tlv_handler(file, op_flag, kctl, &id, container, 1910 container_size); 1911 } else { 1912 if (op_flag == SNDRV_CTL_TLV_OP_READ) { 1913 return read_tlv_buf(kctl, &id, container, 1914 container_size); 1915 } 1916 } 1917 1918 /* Not supported. */ 1919 return -ENXIO; 1920} 1921 1922static long snd_ctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1923{ 1924 struct snd_ctl_file *ctl; 1925 struct snd_card *card; 1926 struct snd_kctl_ioctl *p; 1927 void __user *argp = (void __user *)arg; 1928 int __user *ip = argp; 1929 int err; 1930 1931 ctl = file->private_data; 1932 card = ctl->card; 1933 if (snd_BUG_ON(!card)) 1934 return -ENXIO; 1935 switch (cmd) { 1936 case SNDRV_CTL_IOCTL_PVERSION: 1937 return put_user(SNDRV_CTL_VERSION, ip) ? -EFAULT : 0; 1938 case SNDRV_CTL_IOCTL_CARD_INFO: 1939 return snd_ctl_card_info(card, ctl, cmd, argp); 1940 case SNDRV_CTL_IOCTL_ELEM_LIST: 1941 return snd_ctl_elem_list_user(card, argp); 1942 case SNDRV_CTL_IOCTL_ELEM_INFO: 1943 return snd_ctl_elem_info_user(ctl, argp); 1944 case SNDRV_CTL_IOCTL_ELEM_READ: 1945 return snd_ctl_elem_read_user(card, argp); 1946 case SNDRV_CTL_IOCTL_ELEM_WRITE: 1947 return snd_ctl_elem_write_user(ctl, argp); 1948 case SNDRV_CTL_IOCTL_ELEM_LOCK: 1949 return snd_ctl_elem_lock(ctl, argp); 1950 case SNDRV_CTL_IOCTL_ELEM_UNLOCK: 1951 return snd_ctl_elem_unlock(ctl, argp); 1952 case SNDRV_CTL_IOCTL_ELEM_ADD: 1953 return snd_ctl_elem_add_user(ctl, argp, 0); 1954 case SNDRV_CTL_IOCTL_ELEM_REPLACE: 1955 return snd_ctl_elem_add_user(ctl, argp, 1); 1956 case SNDRV_CTL_IOCTL_ELEM_REMOVE: 1957 return snd_ctl_elem_remove(ctl, argp); 1958 case SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS: 1959 return snd_ctl_subscribe_events(ctl, ip); 1960 case SNDRV_CTL_IOCTL_TLV_READ: 1961 scoped_guard(rwsem_read, &ctl->card->controls_rwsem) 1962 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_READ); 1963 return err; 1964 case SNDRV_CTL_IOCTL_TLV_WRITE: 1965 scoped_guard(rwsem_write, &ctl->card->controls_rwsem) 1966 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_WRITE); 1967 return err; 1968 case SNDRV_CTL_IOCTL_TLV_COMMAND: 1969 scoped_guard(rwsem_write, &ctl->card->controls_rwsem) 1970 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_CMD); 1971 return err; 1972 case SNDRV_CTL_IOCTL_POWER: 1973 return -ENOPROTOOPT; 1974 case SNDRV_CTL_IOCTL_POWER_STATE: 1975 return put_user(SNDRV_CTL_POWER_D0, ip) ? -EFAULT : 0; 1976 } 1977 1978 guard(rwsem_read)(&snd_ioctl_rwsem); 1979 list_for_each_entry(p, &snd_control_ioctls, list) { 1980 err = p->fioctl(card, ctl, cmd, arg); 1981 if (err != -ENOIOCTLCMD) 1982 return err; 1983 } 1984 dev_dbg(card->dev, "unknown ioctl = 0x%x\n", cmd); 1985 return -ENOTTY; 1986} 1987 1988static ssize_t snd_ctl_read(struct file *file, char __user *buffer, 1989 size_t count, loff_t * offset) 1990{ 1991 struct snd_ctl_file *ctl; 1992 int err = 0; 1993 ssize_t result = 0; 1994 1995 ctl = file->private_data; 1996 if (snd_BUG_ON(!ctl || !ctl->card)) 1997 return -ENXIO; 1998 if (!ctl->subscribed) 1999 return -EBADFD; 2000 if (count < sizeof(struct snd_ctl_event)) 2001 return -EINVAL; 2002 spin_lock_irq(&ctl->read_lock); 2003 while (count >= sizeof(struct snd_ctl_event)) { 2004 struct snd_ctl_event ev; 2005 struct snd_kctl_event *kev; 2006 while (list_empty(&ctl->events)) { 2007 wait_queue_entry_t wait; 2008 if ((file->f_flags & O_NONBLOCK) != 0 || result > 0) { 2009 err = -EAGAIN; 2010 goto __end_lock; 2011 } 2012 init_waitqueue_entry(&wait, current); 2013 add_wait_queue(&ctl->change_sleep, &wait); 2014 set_current_state(TASK_INTERRUPTIBLE); 2015 spin_unlock_irq(&ctl->read_lock); 2016 schedule(); 2017 remove_wait_queue(&ctl->change_sleep, &wait); 2018 if (ctl->card->shutdown) 2019 return -ENODEV; 2020 if (signal_pending(current)) 2021 return -ERESTARTSYS; 2022 spin_lock_irq(&ctl->read_lock); 2023 } 2024 kev = snd_kctl_event(ctl->events.next); 2025 ev.type = SNDRV_CTL_EVENT_ELEM; 2026 ev.data.elem.mask = kev->mask; 2027 ev.data.elem.id = kev->id; 2028 list_del(&kev->list); 2029 spin_unlock_irq(&ctl->read_lock); 2030 kfree(kev); 2031 if (copy_to_user(buffer, &ev, sizeof(struct snd_ctl_event))) { 2032 err = -EFAULT; 2033 goto __end; 2034 } 2035 spin_lock_irq(&ctl->read_lock); 2036 buffer += sizeof(struct snd_ctl_event); 2037 count -= sizeof(struct snd_ctl_event); 2038 result += sizeof(struct snd_ctl_event); 2039 } 2040 __end_lock: 2041 spin_unlock_irq(&ctl->read_lock); 2042 __end: 2043 return result > 0 ? result : err; 2044} 2045 2046static __poll_t snd_ctl_poll(struct file *file, poll_table * wait) 2047{ 2048 __poll_t mask; 2049 struct snd_ctl_file *ctl; 2050 2051 ctl = file->private_data; 2052 if (!ctl->subscribed) 2053 return 0; 2054 poll_wait(file, &ctl->change_sleep, wait); 2055 2056 mask = 0; 2057 if (!list_empty(&ctl->events)) 2058 mask |= EPOLLIN | EPOLLRDNORM; 2059 2060 return mask; 2061} 2062 2063/* 2064 * register the device-specific control-ioctls. 2065 * called from each device manager like pcm.c, hwdep.c, etc. 2066 */ 2067static int _snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn, struct list_head *lists) 2068{ 2069 struct snd_kctl_ioctl *pn; 2070 2071 pn = kzalloc(sizeof(struct snd_kctl_ioctl), GFP_KERNEL); 2072 if (pn == NULL) 2073 return -ENOMEM; 2074 pn->fioctl = fcn; 2075 guard(rwsem_write)(&snd_ioctl_rwsem); 2076 list_add_tail(&pn->list, lists); 2077 return 0; 2078} 2079 2080/** 2081 * snd_ctl_register_ioctl - register the device-specific control-ioctls 2082 * @fcn: ioctl callback function 2083 * 2084 * called from each device manager like pcm.c, hwdep.c, etc. 2085 * 2086 * Return: zero if successful, or a negative error code 2087 */ 2088int snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn) 2089{ 2090 return _snd_ctl_register_ioctl(fcn, &snd_control_ioctls); 2091} 2092EXPORT_SYMBOL(snd_ctl_register_ioctl); 2093 2094#ifdef CONFIG_COMPAT 2095/** 2096 * snd_ctl_register_ioctl_compat - register the device-specific 32bit compat 2097 * control-ioctls 2098 * @fcn: ioctl callback function 2099 * 2100 * Return: zero if successful, or a negative error code 2101 */ 2102int snd_ctl_register_ioctl_compat(snd_kctl_ioctl_func_t fcn) 2103{ 2104 return _snd_ctl_register_ioctl(fcn, &snd_control_compat_ioctls); 2105} 2106EXPORT_SYMBOL(snd_ctl_register_ioctl_compat); 2107#endif 2108 2109/* 2110 * de-register the device-specific control-ioctls. 2111 */ 2112static int _snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn, 2113 struct list_head *lists) 2114{ 2115 struct snd_kctl_ioctl *p; 2116 2117 if (snd_BUG_ON(!fcn)) 2118 return -EINVAL; 2119 guard(rwsem_write)(&snd_ioctl_rwsem); 2120 list_for_each_entry(p, lists, list) { 2121 if (p->fioctl == fcn) { 2122 list_del(&p->list); 2123 kfree(p); 2124 return 0; 2125 } 2126 } 2127 snd_BUG(); 2128 return -EINVAL; 2129} 2130 2131/** 2132 * snd_ctl_unregister_ioctl - de-register the device-specific control-ioctls 2133 * @fcn: ioctl callback function to unregister 2134 * 2135 * Return: zero if successful, or a negative error code 2136 */ 2137int snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn) 2138{ 2139 return _snd_ctl_unregister_ioctl(fcn, &snd_control_ioctls); 2140} 2141EXPORT_SYMBOL(snd_ctl_unregister_ioctl); 2142 2143#ifdef CONFIG_COMPAT 2144/** 2145 * snd_ctl_unregister_ioctl_compat - de-register the device-specific compat 2146 * 32bit control-ioctls 2147 * @fcn: ioctl callback function to unregister 2148 * 2149 * Return: zero if successful, or a negative error code 2150 */ 2151int snd_ctl_unregister_ioctl_compat(snd_kctl_ioctl_func_t fcn) 2152{ 2153 return _snd_ctl_unregister_ioctl(fcn, &snd_control_compat_ioctls); 2154} 2155EXPORT_SYMBOL(snd_ctl_unregister_ioctl_compat); 2156#endif 2157 2158static int snd_ctl_fasync(int fd, struct file * file, int on) 2159{ 2160 struct snd_ctl_file *ctl; 2161 2162 ctl = file->private_data; 2163 return snd_fasync_helper(fd, file, on, &ctl->fasync); 2164} 2165 2166/* return the preferred subdevice number if already assigned; 2167 * otherwise return -1 2168 */ 2169int snd_ctl_get_preferred_subdevice(struct snd_card *card, int type) 2170{ 2171 struct snd_ctl_file *kctl; 2172 int subdevice = -1; 2173 2174 guard(read_lock_irqsave)(&card->ctl_files_rwlock); 2175 list_for_each_entry(kctl, &card->ctl_files, list) { 2176 if (kctl->pid == task_pid(current)) { 2177 subdevice = kctl->preferred_subdevice[type]; 2178 if (subdevice != -1) 2179 break; 2180 } 2181 } 2182 return subdevice; 2183} 2184EXPORT_SYMBOL_GPL(snd_ctl_get_preferred_subdevice); 2185 2186/* 2187 * ioctl32 compat 2188 */ 2189#ifdef CONFIG_COMPAT 2190#include "control_compat.c" 2191#else 2192#define snd_ctl_ioctl_compat NULL 2193#endif 2194 2195/* 2196 * control layers (audio LED etc.) 2197 */ 2198 2199/** 2200 * snd_ctl_request_layer - request to use the layer 2201 * @module_name: Name of the kernel module (NULL == build-in) 2202 * 2203 * Return: zero if successful, or an error code when the module cannot be loaded 2204 */ 2205int snd_ctl_request_layer(const char *module_name) 2206{ 2207 struct snd_ctl_layer_ops *lops; 2208 2209 if (module_name == NULL) 2210 return 0; 2211 scoped_guard(rwsem_read, &snd_ctl_layer_rwsem) { 2212 for (lops = snd_ctl_layer; lops; lops = lops->next) 2213 if (strcmp(lops->module_name, module_name) == 0) 2214 return 0; 2215 } 2216 return request_module(module_name); 2217} 2218EXPORT_SYMBOL_GPL(snd_ctl_request_layer); 2219 2220/** 2221 * snd_ctl_register_layer - register new control layer 2222 * @lops: operation structure 2223 * 2224 * The new layer can track all control elements and do additional 2225 * operations on top (like audio LED handling). 2226 */ 2227void snd_ctl_register_layer(struct snd_ctl_layer_ops *lops) 2228{ 2229 struct snd_card *card; 2230 int card_number; 2231 2232 scoped_guard(rwsem_write, &snd_ctl_layer_rwsem) { 2233 lops->next = snd_ctl_layer; 2234 snd_ctl_layer = lops; 2235 } 2236 for (card_number = 0; card_number < SNDRV_CARDS; card_number++) { 2237 card = snd_card_ref(card_number); 2238 if (card) { 2239 scoped_guard(rwsem_read, &card->controls_rwsem) 2240 lops->lregister(card); 2241 snd_card_unref(card); 2242 } 2243 } 2244} 2245EXPORT_SYMBOL_GPL(snd_ctl_register_layer); 2246 2247/** 2248 * snd_ctl_disconnect_layer - disconnect control layer 2249 * @lops: operation structure 2250 * 2251 * It is expected that the information about tracked cards 2252 * is freed before this call (the disconnect callback is 2253 * not called here). 2254 */ 2255void snd_ctl_disconnect_layer(struct snd_ctl_layer_ops *lops) 2256{ 2257 struct snd_ctl_layer_ops *lops2, *prev_lops2; 2258 2259 guard(rwsem_write)(&snd_ctl_layer_rwsem); 2260 for (lops2 = snd_ctl_layer, prev_lops2 = NULL; lops2; lops2 = lops2->next) { 2261 if (lops2 == lops) { 2262 if (!prev_lops2) 2263 snd_ctl_layer = lops->next; 2264 else 2265 prev_lops2->next = lops->next; 2266 break; 2267 } 2268 prev_lops2 = lops2; 2269 } 2270} 2271EXPORT_SYMBOL_GPL(snd_ctl_disconnect_layer); 2272 2273/* 2274 * INIT PART 2275 */ 2276 2277static const struct file_operations snd_ctl_f_ops = 2278{ 2279 .owner = THIS_MODULE, 2280 .read = snd_ctl_read, 2281 .open = snd_ctl_open, 2282 .release = snd_ctl_release, 2283 .llseek = no_llseek, 2284 .poll = snd_ctl_poll, 2285 .unlocked_ioctl = snd_ctl_ioctl, 2286 .compat_ioctl = snd_ctl_ioctl_compat, 2287 .fasync = snd_ctl_fasync, 2288}; 2289 2290/* call lops under rwsems; called from snd_ctl_dev_*() below() */ 2291#define call_snd_ctl_lops(_card, _op) \ 2292 do { \ 2293 struct snd_ctl_layer_ops *lops; \ 2294 guard(rwsem_read)(&(_card)->controls_rwsem); \ 2295 guard(rwsem_read)(&snd_ctl_layer_rwsem); \ 2296 for (lops = snd_ctl_layer; lops; lops = lops->next) \ 2297 lops->_op(_card); \ 2298 } while (0) 2299 2300/* 2301 * registration of the control device 2302 */ 2303static int snd_ctl_dev_register(struct snd_device *device) 2304{ 2305 struct snd_card *card = device->device_data; 2306 int err; 2307 2308 err = snd_register_device(SNDRV_DEVICE_TYPE_CONTROL, card, -1, 2309 &snd_ctl_f_ops, card, card->ctl_dev); 2310 if (err < 0) 2311 return err; 2312 call_snd_ctl_lops(card, lregister); 2313 return 0; 2314} 2315 2316/* 2317 * disconnection of the control device 2318 */ 2319static int snd_ctl_dev_disconnect(struct snd_device *device) 2320{ 2321 struct snd_card *card = device->device_data; 2322 struct snd_ctl_file *ctl; 2323 2324 scoped_guard(read_lock_irqsave, &card->ctl_files_rwlock) { 2325 list_for_each_entry(ctl, &card->ctl_files, list) { 2326 wake_up(&ctl->change_sleep); 2327 snd_kill_fasync(ctl->fasync, SIGIO, POLL_ERR); 2328 } 2329 } 2330 2331 call_snd_ctl_lops(card, ldisconnect); 2332 return snd_unregister_device(card->ctl_dev); 2333} 2334 2335/* 2336 * free all controls 2337 */ 2338static int snd_ctl_dev_free(struct snd_device *device) 2339{ 2340 struct snd_card *card = device->device_data; 2341 struct snd_kcontrol *control; 2342 2343 scoped_guard(rwsem_write, &card->controls_rwsem) { 2344 while (!list_empty(&card->controls)) { 2345 control = snd_kcontrol(card->controls.next); 2346 __snd_ctl_remove(card, control, false); 2347 } 2348 2349#ifdef CONFIG_SND_CTL_FAST_LOOKUP 2350 xa_destroy(&card->ctl_numids); 2351 xa_destroy(&card->ctl_hash); 2352#endif 2353 } 2354 put_device(card->ctl_dev); 2355 return 0; 2356} 2357 2358/* 2359 * create control core: 2360 * called from init.c 2361 */ 2362int snd_ctl_create(struct snd_card *card) 2363{ 2364 static const struct snd_device_ops ops = { 2365 .dev_free = snd_ctl_dev_free, 2366 .dev_register = snd_ctl_dev_register, 2367 .dev_disconnect = snd_ctl_dev_disconnect, 2368 }; 2369 int err; 2370 2371 if (snd_BUG_ON(!card)) 2372 return -ENXIO; 2373 if (snd_BUG_ON(card->number < 0 || card->number >= SNDRV_CARDS)) 2374 return -ENXIO; 2375 2376 err = snd_device_alloc(&card->ctl_dev, card); 2377 if (err < 0) 2378 return err; 2379 dev_set_name(card->ctl_dev, "controlC%d", card->number); 2380 2381 err = snd_device_new(card, SNDRV_DEV_CONTROL, card, &ops); 2382 if (err < 0) 2383 put_device(card->ctl_dev); 2384 return err; 2385} 2386 2387/* 2388 * Frequently used control callbacks/helpers 2389 */ 2390 2391/** 2392 * snd_ctl_boolean_mono_info - Helper function for a standard boolean info 2393 * callback with a mono channel 2394 * @kcontrol: the kcontrol instance 2395 * @uinfo: info to store 2396 * 2397 * This is a function that can be used as info callback for a standard 2398 * boolean control with a single mono channel. 2399 * 2400 * Return: Zero (always successful) 2401 */ 2402int snd_ctl_boolean_mono_info(struct snd_kcontrol *kcontrol, 2403 struct snd_ctl_elem_info *uinfo) 2404{ 2405 uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN; 2406 uinfo->count = 1; 2407 uinfo->value.integer.min = 0; 2408 uinfo->value.integer.max = 1; 2409 return 0; 2410} 2411EXPORT_SYMBOL(snd_ctl_boolean_mono_info); 2412 2413/** 2414 * snd_ctl_boolean_stereo_info - Helper function for a standard boolean info 2415 * callback with stereo two channels 2416 * @kcontrol: the kcontrol instance 2417 * @uinfo: info to store 2418 * 2419 * This is a function that can be used as info callback for a standard 2420 * boolean control with stereo two channels. 2421 * 2422 * Return: Zero (always successful) 2423 */ 2424int snd_ctl_boolean_stereo_info(struct snd_kcontrol *kcontrol, 2425 struct snd_ctl_elem_info *uinfo) 2426{ 2427 uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN; 2428 uinfo->count = 2; 2429 uinfo->value.integer.min = 0; 2430 uinfo->value.integer.max = 1; 2431 return 0; 2432} 2433EXPORT_SYMBOL(snd_ctl_boolean_stereo_info); 2434 2435/** 2436 * snd_ctl_enum_info - fills the info structure for an enumerated control 2437 * @info: the structure to be filled 2438 * @channels: the number of the control's channels; often one 2439 * @items: the number of control values; also the size of @names 2440 * @names: an array containing the names of all control values 2441 * 2442 * Sets all required fields in @info to their appropriate values. 2443 * If the control's accessibility is not the default (readable and writable), 2444 * the caller has to fill @info->access. 2445 * 2446 * Return: Zero (always successful) 2447 */ 2448int snd_ctl_enum_info(struct snd_ctl_elem_info *info, unsigned int channels, 2449 unsigned int items, const char *const names[]) 2450{ 2451 info->type = SNDRV_CTL_ELEM_TYPE_ENUMERATED; 2452 info->count = channels; 2453 info->value.enumerated.items = items; 2454 if (!items) 2455 return 0; 2456 if (info->value.enumerated.item >= items) 2457 info->value.enumerated.item = items - 1; 2458 WARN(strlen(names[info->value.enumerated.item]) >= sizeof(info->value.enumerated.name), 2459 "ALSA: too long item name '%s'\n", 2460 names[info->value.enumerated.item]); 2461 strscpy(info->value.enumerated.name, 2462 names[info->value.enumerated.item], 2463 sizeof(info->value.enumerated.name)); 2464 return 0; 2465} 2466EXPORT_SYMBOL(snd_ctl_enum_info); 2467