1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *  Routines for driver control interface
4  *  Copyright (c) by Jaroslav Kysela <perex@perex.cz>
5  */
6 
7 #include <linux/threads.h>
8 #include <linux/interrupt.h>
9 #include <linux/module.h>
10 #include <linux/slab.h>
11 #include <linux/vmalloc.h>
12 #include <linux/time.h>
13 #include <linux/mm.h>
14 #include <linux/math64.h>
15 #include <linux/sched/signal.h>
16 #include <sound/core.h>
17 #include <sound/minors.h>
18 #include <sound/info.h>
19 #include <sound/control.h>
20 
21 /* max number of user-defined controls */
22 #define MAX_USER_CONTROLS	32
23 #define MAX_CONTROL_COUNT	1028
24 
25 struct snd_kctl_ioctl {
26 	struct list_head list;		/* list of all ioctls */
27 	snd_kctl_ioctl_func_t fioctl;
28 };
29 
30 static DECLARE_RWSEM(snd_ioctl_rwsem);
31 static LIST_HEAD(snd_control_ioctls);
32 #ifdef CONFIG_COMPAT
33 static LIST_HEAD(snd_control_compat_ioctls);
34 #endif
35 
snd_ctl_open(struct inode * inode,struct file * file)36 static int snd_ctl_open(struct inode *inode, struct file *file)
37 {
38 	unsigned long flags;
39 	struct snd_card *card;
40 	struct snd_ctl_file *ctl;
41 	int i, err;
42 
43 	err = stream_open(inode, file);
44 	if (err < 0)
45 		return err;
46 
47 	card = snd_lookup_minor_data(iminor(inode), SNDRV_DEVICE_TYPE_CONTROL);
48 	if (!card) {
49 		err = -ENODEV;
50 		goto __error1;
51 	}
52 	err = snd_card_file_add(card, file);
53 	if (err < 0) {
54 		err = -ENODEV;
55 		goto __error1;
56 	}
57 	if (!try_module_get(card->module)) {
58 		err = -EFAULT;
59 		goto __error2;
60 	}
61 	ctl = kzalloc(sizeof(*ctl), GFP_KERNEL);
62 	if (ctl == NULL) {
63 		err = -ENOMEM;
64 		goto __error;
65 	}
66 	INIT_LIST_HEAD(&ctl->events);
67 	init_waitqueue_head(&ctl->change_sleep);
68 	spin_lock_init(&ctl->read_lock);
69 	ctl->card = card;
70 	for (i = 0; i < SND_CTL_SUBDEV_ITEMS; i++)
71 		ctl->preferred_subdevice[i] = -1;
72 	ctl->pid = get_pid(task_pid(current));
73 	file->private_data = ctl;
74 	write_lock_irqsave(&card->ctl_files_rwlock, flags);
75 	list_add_tail(&ctl->list, &card->ctl_files);
76 	write_unlock_irqrestore(&card->ctl_files_rwlock, flags);
77 	snd_card_unref(card);
78 	return 0;
79 
80       __error:
81 	module_put(card->module);
82       __error2:
83 	snd_card_file_remove(card, file);
84       __error1:
85 	if (card)
86 		snd_card_unref(card);
87       	return err;
88 }
89 
snd_ctl_empty_read_queue(struct snd_ctl_file * ctl)90 static void snd_ctl_empty_read_queue(struct snd_ctl_file * ctl)
91 {
92 	unsigned long flags;
93 	struct snd_kctl_event *cread;
94 
95 	spin_lock_irqsave(&ctl->read_lock, flags);
96 	while (!list_empty(&ctl->events)) {
97 		cread = snd_kctl_event(ctl->events.next);
98 		list_del(&cread->list);
99 		kfree(cread);
100 	}
101 	spin_unlock_irqrestore(&ctl->read_lock, flags);
102 }
103 
snd_ctl_release(struct inode * inode,struct file * file)104 static int snd_ctl_release(struct inode *inode, struct file *file)
105 {
106 	unsigned long flags;
107 	struct snd_card *card;
108 	struct snd_ctl_file *ctl;
109 	struct snd_kcontrol *control;
110 	unsigned int idx;
111 
112 	ctl = file->private_data;
113 	file->private_data = NULL;
114 	card = ctl->card;
115 	write_lock_irqsave(&card->ctl_files_rwlock, flags);
116 	list_del(&ctl->list);
117 	write_unlock_irqrestore(&card->ctl_files_rwlock, flags);
118 	down_write(&card->controls_rwsem);
119 	list_for_each_entry(control, &card->controls, list)
120 		for (idx = 0; idx < control->count; idx++)
121 			if (control->vd[idx].owner == ctl)
122 				control->vd[idx].owner = NULL;
123 	up_write(&card->controls_rwsem);
124 	snd_ctl_empty_read_queue(ctl);
125 	put_pid(ctl->pid);
126 	kfree(ctl);
127 	module_put(card->module);
128 	snd_card_file_remove(card, file);
129 	return 0;
130 }
131 
132 /**
133  * snd_ctl_notify - Send notification to user-space for a control change
134  * @card: the card to send notification
135  * @mask: the event mask, SNDRV_CTL_EVENT_*
136  * @id: the ctl element id to send notification
137  *
138  * This function adds an event record with the given id and mask, appends
139  * to the list and wakes up the user-space for notification.  This can be
140  * called in the atomic context.
141  */
snd_ctl_notify(struct snd_card * card,unsigned int mask,struct snd_ctl_elem_id * id)142 void snd_ctl_notify(struct snd_card *card, unsigned int mask,
143 		    struct snd_ctl_elem_id *id)
144 {
145 	unsigned long flags;
146 	struct snd_ctl_file *ctl;
147 	struct snd_kctl_event *ev;
148 
149 	if (snd_BUG_ON(!card || !id))
150 		return;
151 	if (card->shutdown)
152 		return;
153 	read_lock_irqsave(&card->ctl_files_rwlock, flags);
154 #if IS_ENABLED(CONFIG_SND_MIXER_OSS)
155 	card->mixer_oss_change_count++;
156 #endif
157 	list_for_each_entry(ctl, &card->ctl_files, list) {
158 		if (!ctl->subscribed)
159 			continue;
160 		spin_lock(&ctl->read_lock);
161 		list_for_each_entry(ev, &ctl->events, list) {
162 			if (ev->id.numid == id->numid) {
163 				ev->mask |= mask;
164 				goto _found;
165 			}
166 		}
167 		ev = kzalloc(sizeof(*ev), GFP_ATOMIC);
168 		if (ev) {
169 			ev->id = *id;
170 			ev->mask = mask;
171 			list_add_tail(&ev->list, &ctl->events);
172 		} else {
173 			dev_err(card->dev, "No memory available to allocate event\n");
174 		}
175 	_found:
176 		wake_up(&ctl->change_sleep);
177 		spin_unlock(&ctl->read_lock);
178 		kill_fasync(&ctl->fasync, SIGIO, POLL_IN);
179 	}
180 	read_unlock_irqrestore(&card->ctl_files_rwlock, flags);
181 }
182 EXPORT_SYMBOL(snd_ctl_notify);
183 
184 /**
185  * snd_ctl_new - create a new control instance with some elements
186  * @kctl: the pointer to store new control instance
187  * @count: the number of elements in this control
188  * @access: the default access flags for elements in this control
189  * @file: given when locking these elements
190  *
191  * Allocates a memory object for a new control instance. The instance has
192  * elements as many as the given number (@count). Each element has given
193  * access permissions (@access). Each element is locked when @file is given.
194  *
195  * Return: 0 on success, error code on failure
196  */
snd_ctl_new(struct snd_kcontrol ** kctl,unsigned int count,unsigned int access,struct snd_ctl_file * file)197 static int snd_ctl_new(struct snd_kcontrol **kctl, unsigned int count,
198 		       unsigned int access, struct snd_ctl_file *file)
199 {
200 	unsigned int idx;
201 
202 	if (count == 0 || count > MAX_CONTROL_COUNT)
203 		return -EINVAL;
204 
205 	*kctl = kzalloc(struct_size(*kctl, vd, count), GFP_KERNEL);
206 	if (!*kctl)
207 		return -ENOMEM;
208 
209 	for (idx = 0; idx < count; idx++) {
210 		(*kctl)->vd[idx].access = access;
211 		(*kctl)->vd[idx].owner = file;
212 	}
213 	(*kctl)->count = count;
214 
215 	return 0;
216 }
217 
218 /**
219  * snd_ctl_new1 - create a control instance from the template
220  * @ncontrol: the initialization record
221  * @private_data: the private data to set
222  *
223  * Allocates a new struct snd_kcontrol instance and initialize from the given
224  * template.  When the access field of ncontrol is 0, it's assumed as
225  * READWRITE access. When the count field is 0, it's assumes as one.
226  *
227  * Return: The pointer of the newly generated instance, or %NULL on failure.
228  */
snd_ctl_new1(const struct snd_kcontrol_new * ncontrol,void * private_data)229 struct snd_kcontrol *snd_ctl_new1(const struct snd_kcontrol_new *ncontrol,
230 				  void *private_data)
231 {
232 	struct snd_kcontrol *kctl;
233 	unsigned int count;
234 	unsigned int access;
235 	int err;
236 
237 	if (snd_BUG_ON(!ncontrol || !ncontrol->info))
238 		return NULL;
239 
240 	count = ncontrol->count;
241 	if (count == 0)
242 		count = 1;
243 
244 	access = ncontrol->access;
245 	if (access == 0)
246 		access = SNDRV_CTL_ELEM_ACCESS_READWRITE;
247 	access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE |
248 		   SNDRV_CTL_ELEM_ACCESS_VOLATILE |
249 		   SNDRV_CTL_ELEM_ACCESS_INACTIVE |
250 		   SNDRV_CTL_ELEM_ACCESS_TLV_READWRITE |
251 		   SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND |
252 		   SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK |
253 		   SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK);
254 
255 	err = snd_ctl_new(&kctl, count, access, NULL);
256 	if (err < 0)
257 		return NULL;
258 
259 	/* The 'numid' member is decided when calling snd_ctl_add(). */
260 	kctl->id.iface = ncontrol->iface;
261 	kctl->id.device = ncontrol->device;
262 	kctl->id.subdevice = ncontrol->subdevice;
263 	if (ncontrol->name) {
264 		strlcpy(kctl->id.name, ncontrol->name, sizeof(kctl->id.name));
265 		if (strcmp(ncontrol->name, kctl->id.name) != 0)
266 			pr_warn("ALSA: Control name '%s' truncated to '%s'\n",
267 				ncontrol->name, kctl->id.name);
268 	}
269 	kctl->id.index = ncontrol->index;
270 
271 	kctl->info = ncontrol->info;
272 	kctl->get = ncontrol->get;
273 	kctl->put = ncontrol->put;
274 	kctl->tlv.p = ncontrol->tlv.p;
275 
276 	kctl->private_value = ncontrol->private_value;
277 	kctl->private_data = private_data;
278 
279 	return kctl;
280 }
281 EXPORT_SYMBOL(snd_ctl_new1);
282 
283 /**
284  * snd_ctl_free_one - release the control instance
285  * @kcontrol: the control instance
286  *
287  * Releases the control instance created via snd_ctl_new()
288  * or snd_ctl_new1().
289  * Don't call this after the control was added to the card.
290  */
snd_ctl_free_one(struct snd_kcontrol * kcontrol)291 void snd_ctl_free_one(struct snd_kcontrol *kcontrol)
292 {
293 	if (kcontrol) {
294 		if (kcontrol->private_free)
295 			kcontrol->private_free(kcontrol);
296 		kfree(kcontrol);
297 	}
298 }
299 EXPORT_SYMBOL(snd_ctl_free_one);
300 
snd_ctl_remove_numid_conflict(struct snd_card * card,unsigned int count)301 static bool snd_ctl_remove_numid_conflict(struct snd_card *card,
302 					  unsigned int count)
303 {
304 	struct snd_kcontrol *kctl;
305 
306 	/* Make sure that the ids assigned to the control do not wrap around */
307 	if (card->last_numid >= UINT_MAX - count)
308 		card->last_numid = 0;
309 
310 	list_for_each_entry(kctl, &card->controls, list) {
311 		if (kctl->id.numid < card->last_numid + 1 + count &&
312 		    kctl->id.numid + kctl->count > card->last_numid + 1) {
313 		    	card->last_numid = kctl->id.numid + kctl->count - 1;
314 			return true;
315 		}
316 	}
317 	return false;
318 }
319 
snd_ctl_find_hole(struct snd_card * card,unsigned int count)320 static int snd_ctl_find_hole(struct snd_card *card, unsigned int count)
321 {
322 	unsigned int iter = 100000;
323 
324 	while (snd_ctl_remove_numid_conflict(card, count)) {
325 		if (--iter == 0) {
326 			/* this situation is very unlikely */
327 			dev_err(card->dev, "unable to allocate new control numid\n");
328 			return -ENOMEM;
329 		}
330 	}
331 	return 0;
332 }
333 
334 enum snd_ctl_add_mode {
335 	CTL_ADD_EXCLUSIVE, CTL_REPLACE, CTL_ADD_ON_REPLACE,
336 };
337 
338 /* add/replace a new kcontrol object; call with card->controls_rwsem locked */
__snd_ctl_add_replace(struct snd_card * card,struct snd_kcontrol * kcontrol,enum snd_ctl_add_mode mode)339 static int __snd_ctl_add_replace(struct snd_card *card,
340 				 struct snd_kcontrol *kcontrol,
341 				 enum snd_ctl_add_mode mode)
342 {
343 	struct snd_ctl_elem_id id;
344 	unsigned int idx;
345 	unsigned int count;
346 	struct snd_kcontrol *old;
347 	int err;
348 
349 	id = kcontrol->id;
350 	if (id.index > UINT_MAX - kcontrol->count)
351 		return -EINVAL;
352 
353 	old = snd_ctl_find_id(card, &id);
354 	if (!old) {
355 		if (mode == CTL_REPLACE)
356 			return -EINVAL;
357 	} else {
358 		if (mode == CTL_ADD_EXCLUSIVE) {
359 			dev_err(card->dev,
360 				"control %i:%i:%i:%s:%i is already present\n",
361 				id.iface, id.device, id.subdevice, id.name,
362 				id.index);
363 			return -EBUSY;
364 		}
365 
366 		err = snd_ctl_remove(card, old);
367 		if (err < 0)
368 			return err;
369 	}
370 
371 	if (snd_ctl_find_hole(card, kcontrol->count) < 0)
372 		return -ENOMEM;
373 
374 	list_add_tail(&kcontrol->list, &card->controls);
375 	card->controls_count += kcontrol->count;
376 	kcontrol->id.numid = card->last_numid + 1;
377 	card->last_numid += kcontrol->count;
378 
379 	id = kcontrol->id;
380 	count = kcontrol->count;
381 	for (idx = 0; idx < count; idx++, id.index++, id.numid++)
382 		snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id);
383 
384 	return 0;
385 }
386 
snd_ctl_add_replace(struct snd_card * card,struct snd_kcontrol * kcontrol,enum snd_ctl_add_mode mode)387 static int snd_ctl_add_replace(struct snd_card *card,
388 			       struct snd_kcontrol *kcontrol,
389 			       enum snd_ctl_add_mode mode)
390 {
391 	int err = -EINVAL;
392 
393 	if (! kcontrol)
394 		return err;
395 	if (snd_BUG_ON(!card || !kcontrol->info))
396 		goto error;
397 
398 	down_write(&card->controls_rwsem);
399 	err = __snd_ctl_add_replace(card, kcontrol, mode);
400 	up_write(&card->controls_rwsem);
401 	if (err < 0)
402 		goto error;
403 	return 0;
404 
405  error:
406 	snd_ctl_free_one(kcontrol);
407 	return err;
408 }
409 
410 /**
411  * snd_ctl_add - add the control instance to the card
412  * @card: the card instance
413  * @kcontrol: the control instance to add
414  *
415  * Adds the control instance created via snd_ctl_new() or
416  * snd_ctl_new1() to the given card. Assigns also an unique
417  * numid used for fast search.
418  *
419  * It frees automatically the control which cannot be added.
420  *
421  * Return: Zero if successful, or a negative error code on failure.
422  *
423  */
snd_ctl_add(struct snd_card * card,struct snd_kcontrol * kcontrol)424 int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
425 {
426 	return snd_ctl_add_replace(card, kcontrol, CTL_ADD_EXCLUSIVE);
427 }
428 EXPORT_SYMBOL(snd_ctl_add);
429 
430 /**
431  * snd_ctl_replace - replace the control instance of the card
432  * @card: the card instance
433  * @kcontrol: the control instance to replace
434  * @add_on_replace: add the control if not already added
435  *
436  * Replaces the given control.  If the given control does not exist
437  * and the add_on_replace flag is set, the control is added.  If the
438  * control exists, it is destroyed first.
439  *
440  * It frees automatically the control which cannot be added or replaced.
441  *
442  * Return: Zero if successful, or a negative error code on failure.
443  */
snd_ctl_replace(struct snd_card * card,struct snd_kcontrol * kcontrol,bool add_on_replace)444 int snd_ctl_replace(struct snd_card *card, struct snd_kcontrol *kcontrol,
445 		    bool add_on_replace)
446 {
447 	return snd_ctl_add_replace(card, kcontrol,
448 				   add_on_replace ? CTL_ADD_ON_REPLACE : CTL_REPLACE);
449 }
450 EXPORT_SYMBOL(snd_ctl_replace);
451 
452 /**
453  * snd_ctl_remove - remove the control from the card and release it
454  * @card: the card instance
455  * @kcontrol: the control instance to remove
456  *
457  * Removes the control from the card and then releases the instance.
458  * You don't need to call snd_ctl_free_one(). You must be in
459  * the write lock - down_write(&card->controls_rwsem).
460  *
461  * Return: 0 if successful, or a negative error code on failure.
462  */
snd_ctl_remove(struct snd_card * card,struct snd_kcontrol * kcontrol)463 int snd_ctl_remove(struct snd_card *card, struct snd_kcontrol *kcontrol)
464 {
465 	struct snd_ctl_elem_id id;
466 	unsigned int idx;
467 
468 	if (snd_BUG_ON(!card || !kcontrol))
469 		return -EINVAL;
470 	list_del(&kcontrol->list);
471 	card->controls_count -= kcontrol->count;
472 	id = kcontrol->id;
473 	for (idx = 0; idx < kcontrol->count; idx++, id.index++, id.numid++)
474 		snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_REMOVE, &id);
475 	snd_ctl_free_one(kcontrol);
476 	return 0;
477 }
478 EXPORT_SYMBOL(snd_ctl_remove);
479 
480 /**
481  * snd_ctl_remove_id - remove the control of the given id and release it
482  * @card: the card instance
483  * @id: the control id to remove
484  *
485  * Finds the control instance with the given id, removes it from the
486  * card list and releases it.
487  *
488  * Return: 0 if successful, or a negative error code on failure.
489  */
snd_ctl_remove_id(struct snd_card * card,struct snd_ctl_elem_id * id)490 int snd_ctl_remove_id(struct snd_card *card, struct snd_ctl_elem_id *id)
491 {
492 	struct snd_kcontrol *kctl;
493 	int ret;
494 
495 	down_write(&card->controls_rwsem);
496 	kctl = snd_ctl_find_id(card, id);
497 	if (kctl == NULL) {
498 		up_write(&card->controls_rwsem);
499 		return -ENOENT;
500 	}
501 	ret = snd_ctl_remove(card, kctl);
502 	up_write(&card->controls_rwsem);
503 	return ret;
504 }
505 EXPORT_SYMBOL(snd_ctl_remove_id);
506 
507 /**
508  * snd_ctl_remove_user_ctl - remove and release the unlocked user control
509  * @file: active control handle
510  * @id: the control id to remove
511  *
512  * Finds the control instance with the given id, removes it from the
513  * card list and releases it.
514  *
515  * Return: 0 if successful, or a negative error code on failure.
516  */
snd_ctl_remove_user_ctl(struct snd_ctl_file * file,struct snd_ctl_elem_id * id)517 static int snd_ctl_remove_user_ctl(struct snd_ctl_file * file,
518 				   struct snd_ctl_elem_id *id)
519 {
520 	struct snd_card *card = file->card;
521 	struct snd_kcontrol *kctl;
522 	int idx, ret;
523 
524 	down_write(&card->controls_rwsem);
525 	kctl = snd_ctl_find_id(card, id);
526 	if (kctl == NULL) {
527 		ret = -ENOENT;
528 		goto error;
529 	}
530 	if (!(kctl->vd[0].access & SNDRV_CTL_ELEM_ACCESS_USER)) {
531 		ret = -EINVAL;
532 		goto error;
533 	}
534 	for (idx = 0; idx < kctl->count; idx++)
535 		if (kctl->vd[idx].owner != NULL && kctl->vd[idx].owner != file) {
536 			ret = -EBUSY;
537 			goto error;
538 		}
539 	ret = snd_ctl_remove(card, kctl);
540 	if (ret < 0)
541 		goto error;
542 	card->user_ctl_count--;
543 error:
544 	up_write(&card->controls_rwsem);
545 	return ret;
546 }
547 
548 /**
549  * snd_ctl_activate_id - activate/inactivate the control of the given id
550  * @card: the card instance
551  * @id: the control id to activate/inactivate
552  * @active: non-zero to activate
553  *
554  * Finds the control instance with the given id, and activate or
555  * inactivate the control together with notification, if changed.
556  * The given ID data is filled with full information.
557  *
558  * Return: 0 if unchanged, 1 if changed, or a negative error code on failure.
559  */
snd_ctl_activate_id(struct snd_card * card,struct snd_ctl_elem_id * id,int active)560 int snd_ctl_activate_id(struct snd_card *card, struct snd_ctl_elem_id *id,
561 			int active)
562 {
563 	struct snd_kcontrol *kctl;
564 	struct snd_kcontrol_volatile *vd;
565 	unsigned int index_offset;
566 	int ret;
567 
568 	down_write(&card->controls_rwsem);
569 	kctl = snd_ctl_find_id(card, id);
570 	if (kctl == NULL) {
571 		ret = -ENOENT;
572 		goto unlock;
573 	}
574 	index_offset = snd_ctl_get_ioff(kctl, id);
575 	vd = &kctl->vd[index_offset];
576 	ret = 0;
577 	if (active) {
578 		if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE))
579 			goto unlock;
580 		vd->access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE;
581 	} else {
582 		if (vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE)
583 			goto unlock;
584 		vd->access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE;
585 	}
586 	snd_ctl_build_ioff(id, kctl, index_offset);
587 	ret = 1;
588  unlock:
589 	up_write(&card->controls_rwsem);
590 	if (ret > 0)
591 		snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_INFO, id);
592 	return ret;
593 }
594 EXPORT_SYMBOL_GPL(snd_ctl_activate_id);
595 
596 /**
597  * snd_ctl_rename_id - replace the id of a control on the card
598  * @card: the card instance
599  * @src_id: the old id
600  * @dst_id: the new id
601  *
602  * Finds the control with the old id from the card, and replaces the
603  * id with the new one.
604  *
605  * Return: Zero if successful, or a negative error code on failure.
606  */
snd_ctl_rename_id(struct snd_card * card,struct snd_ctl_elem_id * src_id,struct snd_ctl_elem_id * dst_id)607 int snd_ctl_rename_id(struct snd_card *card, struct snd_ctl_elem_id *src_id,
608 		      struct snd_ctl_elem_id *dst_id)
609 {
610 	struct snd_kcontrol *kctl;
611 
612 	down_write(&card->controls_rwsem);
613 	kctl = snd_ctl_find_id(card, src_id);
614 	if (kctl == NULL) {
615 		up_write(&card->controls_rwsem);
616 		return -ENOENT;
617 	}
618 	kctl->id = *dst_id;
619 	kctl->id.numid = card->last_numid + 1;
620 	card->last_numid += kctl->count;
621 	up_write(&card->controls_rwsem);
622 	return 0;
623 }
624 EXPORT_SYMBOL(snd_ctl_rename_id);
625 
626 /**
627  * snd_ctl_find_numid - find the control instance with the given number-id
628  * @card: the card instance
629  * @numid: the number-id to search
630  *
631  * Finds the control instance with the given number-id from the card.
632  *
633  * The caller must down card->controls_rwsem before calling this function
634  * (if the race condition can happen).
635  *
636  * Return: The pointer of the instance if found, or %NULL if not.
637  *
638  */
snd_ctl_find_numid(struct snd_card * card,unsigned int numid)639 struct snd_kcontrol *snd_ctl_find_numid(struct snd_card *card, unsigned int numid)
640 {
641 	struct snd_kcontrol *kctl;
642 
643 	if (snd_BUG_ON(!card || !numid))
644 		return NULL;
645 	list_for_each_entry(kctl, &card->controls, list) {
646 		if (kctl->id.numid <= numid && kctl->id.numid + kctl->count > numid)
647 			return kctl;
648 	}
649 	return NULL;
650 }
651 EXPORT_SYMBOL(snd_ctl_find_numid);
652 
653 /**
654  * snd_ctl_find_id - find the control instance with the given id
655  * @card: the card instance
656  * @id: the id to search
657  *
658  * Finds the control instance with the given id from the card.
659  *
660  * The caller must down card->controls_rwsem before calling this function
661  * (if the race condition can happen).
662  *
663  * Return: The pointer of the instance if found, or %NULL if not.
664  *
665  */
snd_ctl_find_id(struct snd_card * card,struct snd_ctl_elem_id * id)666 struct snd_kcontrol *snd_ctl_find_id(struct snd_card *card,
667 				     struct snd_ctl_elem_id *id)
668 {
669 	struct snd_kcontrol *kctl;
670 
671 	if (snd_BUG_ON(!card || !id))
672 		return NULL;
673 	if (id->numid != 0)
674 		return snd_ctl_find_numid(card, id->numid);
675 	list_for_each_entry(kctl, &card->controls, list) {
676 		if (kctl->id.iface != id->iface)
677 			continue;
678 		if (kctl->id.device != id->device)
679 			continue;
680 		if (kctl->id.subdevice != id->subdevice)
681 			continue;
682 		if (strncmp(kctl->id.name, id->name, sizeof(kctl->id.name)))
683 			continue;
684 		if (kctl->id.index > id->index)
685 			continue;
686 		if (kctl->id.index + kctl->count <= id->index)
687 			continue;
688 		return kctl;
689 	}
690 	return NULL;
691 }
692 EXPORT_SYMBOL(snd_ctl_find_id);
693 
snd_ctl_card_info(struct snd_card * card,struct snd_ctl_file * ctl,unsigned int cmd,void __user * arg)694 static int snd_ctl_card_info(struct snd_card *card, struct snd_ctl_file * ctl,
695 			     unsigned int cmd, void __user *arg)
696 {
697 	struct snd_ctl_card_info *info;
698 
699 	info = kzalloc(sizeof(*info), GFP_KERNEL);
700 	if (! info)
701 		return -ENOMEM;
702 	down_read(&snd_ioctl_rwsem);
703 	info->card = card->number;
704 	strlcpy(info->id, card->id, sizeof(info->id));
705 	strlcpy(info->driver, card->driver, sizeof(info->driver));
706 	strlcpy(info->name, card->shortname, sizeof(info->name));
707 	strlcpy(info->longname, card->longname, sizeof(info->longname));
708 	strlcpy(info->mixername, card->mixername, sizeof(info->mixername));
709 	strlcpy(info->components, card->components, sizeof(info->components));
710 	up_read(&snd_ioctl_rwsem);
711 	if (copy_to_user(arg, info, sizeof(struct snd_ctl_card_info))) {
712 		kfree(info);
713 		return -EFAULT;
714 	}
715 	kfree(info);
716 	return 0;
717 }
718 
snd_ctl_elem_list(struct snd_card * card,struct snd_ctl_elem_list * list)719 static int snd_ctl_elem_list(struct snd_card *card,
720 			     struct snd_ctl_elem_list *list)
721 {
722 	struct snd_kcontrol *kctl;
723 	struct snd_ctl_elem_id id;
724 	unsigned int offset, space, jidx;
725 	int err = 0;
726 
727 	offset = list->offset;
728 	space = list->space;
729 
730 	down_read(&card->controls_rwsem);
731 	list->count = card->controls_count;
732 	list->used = 0;
733 	if (space > 0) {
734 		list_for_each_entry(kctl, &card->controls, list) {
735 			if (offset >= kctl->count) {
736 				offset -= kctl->count;
737 				continue;
738 			}
739 			for (jidx = offset; jidx < kctl->count; jidx++) {
740 				snd_ctl_build_ioff(&id, kctl, jidx);
741 				if (copy_to_user(list->pids + list->used, &id,
742 						 sizeof(id))) {
743 					err = -EFAULT;
744 					goto out;
745 				}
746 				list->used++;
747 				if (!--space)
748 					goto out;
749 			}
750 			offset = 0;
751 		}
752 	}
753  out:
754 	up_read(&card->controls_rwsem);
755 	return err;
756 }
757 
snd_ctl_elem_list_user(struct snd_card * card,struct snd_ctl_elem_list __user * _list)758 static int snd_ctl_elem_list_user(struct snd_card *card,
759 				  struct snd_ctl_elem_list __user *_list)
760 {
761 	struct snd_ctl_elem_list list;
762 	int err;
763 
764 	if (copy_from_user(&list, _list, sizeof(list)))
765 		return -EFAULT;
766 	err = snd_ctl_elem_list(card, &list);
767 	if (err)
768 		return err;
769 	if (copy_to_user(_list, &list, sizeof(list)))
770 		return -EFAULT;
771 
772 	return 0;
773 }
774 
775 /* Check whether the given kctl info is valid */
snd_ctl_check_elem_info(struct snd_card * card,const struct snd_ctl_elem_info * info)776 static int snd_ctl_check_elem_info(struct snd_card *card,
777 				   const struct snd_ctl_elem_info *info)
778 {
779 	static const unsigned int max_value_counts[] = {
780 		[SNDRV_CTL_ELEM_TYPE_BOOLEAN]	= 128,
781 		[SNDRV_CTL_ELEM_TYPE_INTEGER]	= 128,
782 		[SNDRV_CTL_ELEM_TYPE_ENUMERATED] = 128,
783 		[SNDRV_CTL_ELEM_TYPE_BYTES]	= 512,
784 		[SNDRV_CTL_ELEM_TYPE_IEC958]	= 1,
785 		[SNDRV_CTL_ELEM_TYPE_INTEGER64] = 64,
786 	};
787 
788 	if (info->type < SNDRV_CTL_ELEM_TYPE_BOOLEAN ||
789 	    info->type > SNDRV_CTL_ELEM_TYPE_INTEGER64) {
790 		if (card)
791 			dev_err(card->dev,
792 				"control %i:%i:%i:%s:%i: invalid type %d\n",
793 				info->id.iface, info->id.device,
794 				info->id.subdevice, info->id.name,
795 				info->id.index, info->type);
796 		return -EINVAL;
797 	}
798 	if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED &&
799 	    info->value.enumerated.items == 0) {
800 		if (card)
801 			dev_err(card->dev,
802 				"control %i:%i:%i:%s:%i: zero enum items\n",
803 				info->id.iface, info->id.device,
804 				info->id.subdevice, info->id.name,
805 				info->id.index);
806 		return -EINVAL;
807 	}
808 	if (info->count > max_value_counts[info->type]) {
809 		if (card)
810 			dev_err(card->dev,
811 				"control %i:%i:%i:%s:%i: invalid count %d\n",
812 				info->id.iface, info->id.device,
813 				info->id.subdevice, info->id.name,
814 				info->id.index, info->count);
815 		return -EINVAL;
816 	}
817 
818 	return 0;
819 }
820 
821 /* The capacity of struct snd_ctl_elem_value.value.*/
822 static const unsigned int value_sizes[] = {
823 	[SNDRV_CTL_ELEM_TYPE_BOOLEAN]	= sizeof(long),
824 	[SNDRV_CTL_ELEM_TYPE_INTEGER]	= sizeof(long),
825 	[SNDRV_CTL_ELEM_TYPE_ENUMERATED] = sizeof(unsigned int),
826 	[SNDRV_CTL_ELEM_TYPE_BYTES]	= sizeof(unsigned char),
827 	[SNDRV_CTL_ELEM_TYPE_IEC958]	= sizeof(struct snd_aes_iec958),
828 	[SNDRV_CTL_ELEM_TYPE_INTEGER64] = sizeof(long long),
829 };
830 
831 #ifdef CONFIG_SND_CTL_VALIDATION
832 /* fill the remaining snd_ctl_elem_value data with the given pattern */
fill_remaining_elem_value(struct snd_ctl_elem_value * control,struct snd_ctl_elem_info * info,u32 pattern)833 static void fill_remaining_elem_value(struct snd_ctl_elem_value *control,
834 				      struct snd_ctl_elem_info *info,
835 				      u32 pattern)
836 {
837 	size_t offset = value_sizes[info->type] * info->count;
838 
839 	offset = (offset + sizeof(u32) - 1) / sizeof(u32);
840 	memset32((u32 *)control->value.bytes.data + offset, pattern,
841 		 sizeof(control->value) / sizeof(u32) - offset);
842 }
843 
844 /* check whether the given integer ctl value is valid */
sanity_check_int_value(struct snd_card * card,const struct snd_ctl_elem_value * control,const struct snd_ctl_elem_info * info,int i)845 static int sanity_check_int_value(struct snd_card *card,
846 				  const struct snd_ctl_elem_value *control,
847 				  const struct snd_ctl_elem_info *info,
848 				  int i)
849 {
850 	long long lval, lmin, lmax, lstep;
851 	u64 rem;
852 
853 	switch (info->type) {
854 	default:
855 	case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
856 		lval = control->value.integer.value[i];
857 		lmin = 0;
858 		lmax = 1;
859 		lstep = 0;
860 		break;
861 	case SNDRV_CTL_ELEM_TYPE_INTEGER:
862 		lval = control->value.integer.value[i];
863 		lmin = info->value.integer.min;
864 		lmax = info->value.integer.max;
865 		lstep = info->value.integer.step;
866 		break;
867 	case SNDRV_CTL_ELEM_TYPE_INTEGER64:
868 		lval = control->value.integer64.value[i];
869 		lmin = info->value.integer64.min;
870 		lmax = info->value.integer64.max;
871 		lstep = info->value.integer64.step;
872 		break;
873 	case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
874 		lval = control->value.enumerated.item[i];
875 		lmin = 0;
876 		lmax = info->value.enumerated.items - 1;
877 		lstep = 0;
878 		break;
879 	}
880 
881 	if (lval < lmin || lval > lmax) {
882 		dev_err(card->dev,
883 			"control %i:%i:%i:%s:%i: value out of range %lld (%lld/%lld) at count %i\n",
884 			control->id.iface, control->id.device,
885 			control->id.subdevice, control->id.name,
886 			control->id.index, lval, lmin, lmax, i);
887 		return -EINVAL;
888 	}
889 	if (lstep) {
890 		div64_u64_rem(lval, lstep, &rem);
891 		if (rem) {
892 			dev_err(card->dev,
893 				"control %i:%i:%i:%s:%i: unaligned value %lld (step %lld) at count %i\n",
894 				control->id.iface, control->id.device,
895 				control->id.subdevice, control->id.name,
896 				control->id.index, lval, lstep, i);
897 			return -EINVAL;
898 		}
899 	}
900 
901 	return 0;
902 }
903 
904 /* perform sanity checks to the given snd_ctl_elem_value object */
sanity_check_elem_value(struct snd_card * card,const struct snd_ctl_elem_value * control,const struct snd_ctl_elem_info * info,u32 pattern)905 static int sanity_check_elem_value(struct snd_card *card,
906 				   const struct snd_ctl_elem_value *control,
907 				   const struct snd_ctl_elem_info *info,
908 				   u32 pattern)
909 {
910 	size_t offset;
911 	int i, ret = 0;
912 	u32 *p;
913 
914 	switch (info->type) {
915 	case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
916 	case SNDRV_CTL_ELEM_TYPE_INTEGER:
917 	case SNDRV_CTL_ELEM_TYPE_INTEGER64:
918 	case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
919 		for (i = 0; i < info->count; i++) {
920 			ret = sanity_check_int_value(card, control, info, i);
921 			if (ret < 0)
922 				return ret;
923 		}
924 		break;
925 	default:
926 		break;
927 	}
928 
929 	/* check whether the remaining area kept untouched */
930 	offset = value_sizes[info->type] * info->count;
931 	offset = (offset + sizeof(u32) - 1) / sizeof(u32);
932 	p = (u32 *)control->value.bytes.data + offset;
933 	for (; offset < sizeof(control->value) / sizeof(u32); offset++, p++) {
934 		if (*p != pattern) {
935 			ret = -EINVAL;
936 			break;
937 		}
938 		*p = 0; /* clear the checked area */
939 	}
940 
941 	return ret;
942 }
943 #else
fill_remaining_elem_value(struct snd_ctl_elem_value * control,struct snd_ctl_elem_info * info,u32 pattern)944 static inline void fill_remaining_elem_value(struct snd_ctl_elem_value *control,
945 					     struct snd_ctl_elem_info *info,
946 					     u32 pattern)
947 {
948 }
949 
sanity_check_elem_value(struct snd_card * card,struct snd_ctl_elem_value * control,struct snd_ctl_elem_info * info,u32 pattern)950 static inline int sanity_check_elem_value(struct snd_card *card,
951 					  struct snd_ctl_elem_value *control,
952 					  struct snd_ctl_elem_info *info,
953 					  u32 pattern)
954 {
955 	return 0;
956 }
957 #endif
958 
__snd_ctl_elem_info(struct snd_card * card,struct snd_kcontrol * kctl,struct snd_ctl_elem_info * info,struct snd_ctl_file * ctl)959 static int __snd_ctl_elem_info(struct snd_card *card,
960 			       struct snd_kcontrol *kctl,
961 			       struct snd_ctl_elem_info *info,
962 			       struct snd_ctl_file *ctl)
963 {
964 	struct snd_kcontrol_volatile *vd;
965 	unsigned int index_offset;
966 	int result;
967 
968 #ifdef CONFIG_SND_DEBUG
969 	info->access = 0;
970 #endif
971 	result = kctl->info(kctl, info);
972 	if (result >= 0) {
973 		snd_BUG_ON(info->access);
974 		index_offset = snd_ctl_get_ioff(kctl, &info->id);
975 		vd = &kctl->vd[index_offset];
976 		snd_ctl_build_ioff(&info->id, kctl, index_offset);
977 		info->access = vd->access;
978 		if (vd->owner) {
979 			info->access |= SNDRV_CTL_ELEM_ACCESS_LOCK;
980 			if (vd->owner == ctl)
981 				info->access |= SNDRV_CTL_ELEM_ACCESS_OWNER;
982 			info->owner = pid_vnr(vd->owner->pid);
983 		} else {
984 			info->owner = -1;
985 		}
986 		if (!snd_ctl_skip_validation(info) &&
987 		    snd_ctl_check_elem_info(card, info) < 0)
988 			result = -EINVAL;
989 	}
990 	return result;
991 }
992 
snd_ctl_elem_info(struct snd_ctl_file * ctl,struct snd_ctl_elem_info * info)993 static int snd_ctl_elem_info(struct snd_ctl_file *ctl,
994 			     struct snd_ctl_elem_info *info)
995 {
996 	struct snd_card *card = ctl->card;
997 	struct snd_kcontrol *kctl;
998 	int result;
999 
1000 	down_read(&card->controls_rwsem);
1001 	kctl = snd_ctl_find_id(card, &info->id);
1002 	if (kctl == NULL)
1003 		result = -ENOENT;
1004 	else
1005 		result = __snd_ctl_elem_info(card, kctl, info, ctl);
1006 	up_read(&card->controls_rwsem);
1007 	return result;
1008 }
1009 
snd_ctl_elem_info_user(struct snd_ctl_file * ctl,struct snd_ctl_elem_info __user * _info)1010 static int snd_ctl_elem_info_user(struct snd_ctl_file *ctl,
1011 				  struct snd_ctl_elem_info __user *_info)
1012 {
1013 	struct snd_ctl_elem_info info;
1014 	int result;
1015 
1016 	if (copy_from_user(&info, _info, sizeof(info)))
1017 		return -EFAULT;
1018 	result = snd_power_wait(ctl->card, SNDRV_CTL_POWER_D0);
1019 	if (result < 0)
1020 		return result;
1021 	result = snd_ctl_elem_info(ctl, &info);
1022 	if (result < 0)
1023 		return result;
1024 	/* drop internal access flags */
1025 	info.access &= ~SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK;
1026 	if (copy_to_user(_info, &info, sizeof(info)))
1027 		return -EFAULT;
1028 	return result;
1029 }
1030 
snd_ctl_elem_read(struct snd_card * card,struct snd_ctl_elem_value * control)1031 static int snd_ctl_elem_read(struct snd_card *card,
1032 			     struct snd_ctl_elem_value *control)
1033 {
1034 	struct snd_kcontrol *kctl;
1035 	struct snd_kcontrol_volatile *vd;
1036 	unsigned int index_offset;
1037 	struct snd_ctl_elem_info info;
1038 	const u32 pattern = 0xdeadbeef;
1039 	int ret;
1040 
1041 	kctl = snd_ctl_find_id(card, &control->id);
1042 	if (kctl == NULL)
1043 		return -ENOENT;
1044 
1045 	index_offset = snd_ctl_get_ioff(kctl, &control->id);
1046 	vd = &kctl->vd[index_offset];
1047 	if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_READ) || kctl->get == NULL)
1048 		return -EPERM;
1049 
1050 	snd_ctl_build_ioff(&control->id, kctl, index_offset);
1051 
1052 #ifdef CONFIG_SND_CTL_VALIDATION
1053 	/* info is needed only for validation */
1054 	memset(&info, 0, sizeof(info));
1055 	info.id = control->id;
1056 	ret = __snd_ctl_elem_info(card, kctl, &info, NULL);
1057 	if (ret < 0)
1058 		return ret;
1059 #endif
1060 
1061 	if (!snd_ctl_skip_validation(&info))
1062 		fill_remaining_elem_value(control, &info, pattern);
1063 	ret = kctl->get(kctl, control);
1064 	if (ret < 0)
1065 		return ret;
1066 	if (!snd_ctl_skip_validation(&info) &&
1067 	    sanity_check_elem_value(card, control, &info, pattern) < 0) {
1068 		dev_err(card->dev,
1069 			"control %i:%i:%i:%s:%i: access overflow\n",
1070 			control->id.iface, control->id.device,
1071 			control->id.subdevice, control->id.name,
1072 			control->id.index);
1073 		return -EINVAL;
1074 	}
1075 	return ret;
1076 }
1077 
snd_ctl_elem_read_user(struct snd_card * card,struct snd_ctl_elem_value __user * _control)1078 static int snd_ctl_elem_read_user(struct snd_card *card,
1079 				  struct snd_ctl_elem_value __user *_control)
1080 {
1081 	struct snd_ctl_elem_value *control;
1082 	int result;
1083 
1084 	control = memdup_user(_control, sizeof(*control));
1085 	if (IS_ERR(control))
1086 		return PTR_ERR(control);
1087 
1088 	result = snd_power_wait(card, SNDRV_CTL_POWER_D0);
1089 	if (result < 0)
1090 		goto error;
1091 
1092 	down_read(&card->controls_rwsem);
1093 	result = snd_ctl_elem_read(card, control);
1094 	up_read(&card->controls_rwsem);
1095 	if (result < 0)
1096 		goto error;
1097 
1098 	if (copy_to_user(_control, control, sizeof(*control)))
1099 		result = -EFAULT;
1100  error:
1101 	kfree(control);
1102 	return result;
1103 }
1104 
snd_ctl_elem_write(struct snd_card * card,struct snd_ctl_file * file,struct snd_ctl_elem_value * control)1105 static int snd_ctl_elem_write(struct snd_card *card, struct snd_ctl_file *file,
1106 			      struct snd_ctl_elem_value *control)
1107 {
1108 	struct snd_kcontrol *kctl;
1109 	struct snd_kcontrol_volatile *vd;
1110 	unsigned int index_offset;
1111 	int result;
1112 
1113 	kctl = snd_ctl_find_id(card, &control->id);
1114 	if (kctl == NULL)
1115 		return -ENOENT;
1116 
1117 	index_offset = snd_ctl_get_ioff(kctl, &control->id);
1118 	vd = &kctl->vd[index_offset];
1119 	if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_WRITE) || kctl->put == NULL ||
1120 	    (file && vd->owner && vd->owner != file)) {
1121 		return -EPERM;
1122 	}
1123 
1124 	snd_ctl_build_ioff(&control->id, kctl, index_offset);
1125 	result = kctl->put(kctl, control);
1126 	if (result < 0)
1127 		return result;
1128 
1129 	if (result > 0) {
1130 		struct snd_ctl_elem_id id = control->id;
1131 		snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_VALUE, &id);
1132 	}
1133 
1134 	return 0;
1135 }
1136 
snd_ctl_elem_write_user(struct snd_ctl_file * file,struct snd_ctl_elem_value __user * _control)1137 static int snd_ctl_elem_write_user(struct snd_ctl_file *file,
1138 				   struct snd_ctl_elem_value __user *_control)
1139 {
1140 	struct snd_ctl_elem_value *control;
1141 	struct snd_card *card;
1142 	int result;
1143 
1144 	control = memdup_user(_control, sizeof(*control));
1145 	if (IS_ERR(control))
1146 		return PTR_ERR(control);
1147 
1148 	card = file->card;
1149 	result = snd_power_wait(card, SNDRV_CTL_POWER_D0);
1150 	if (result < 0)
1151 		goto error;
1152 
1153 	down_write(&card->controls_rwsem);
1154 	result = snd_ctl_elem_write(card, file, control);
1155 	up_write(&card->controls_rwsem);
1156 	if (result < 0)
1157 		goto error;
1158 
1159 	if (copy_to_user(_control, control, sizeof(*control)))
1160 		result = -EFAULT;
1161  error:
1162 	kfree(control);
1163 	return result;
1164 }
1165 
snd_ctl_elem_lock(struct snd_ctl_file * file,struct snd_ctl_elem_id __user * _id)1166 static int snd_ctl_elem_lock(struct snd_ctl_file *file,
1167 			     struct snd_ctl_elem_id __user *_id)
1168 {
1169 	struct snd_card *card = file->card;
1170 	struct snd_ctl_elem_id id;
1171 	struct snd_kcontrol *kctl;
1172 	struct snd_kcontrol_volatile *vd;
1173 	int result;
1174 
1175 	if (copy_from_user(&id, _id, sizeof(id)))
1176 		return -EFAULT;
1177 	down_write(&card->controls_rwsem);
1178 	kctl = snd_ctl_find_id(card, &id);
1179 	if (kctl == NULL) {
1180 		result = -ENOENT;
1181 	} else {
1182 		vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)];
1183 		if (vd->owner != NULL)
1184 			result = -EBUSY;
1185 		else {
1186 			vd->owner = file;
1187 			result = 0;
1188 		}
1189 	}
1190 	up_write(&card->controls_rwsem);
1191 	return result;
1192 }
1193 
snd_ctl_elem_unlock(struct snd_ctl_file * file,struct snd_ctl_elem_id __user * _id)1194 static int snd_ctl_elem_unlock(struct snd_ctl_file *file,
1195 			       struct snd_ctl_elem_id __user *_id)
1196 {
1197 	struct snd_card *card = file->card;
1198 	struct snd_ctl_elem_id id;
1199 	struct snd_kcontrol *kctl;
1200 	struct snd_kcontrol_volatile *vd;
1201 	int result;
1202 
1203 	if (copy_from_user(&id, _id, sizeof(id)))
1204 		return -EFAULT;
1205 	down_write(&card->controls_rwsem);
1206 	kctl = snd_ctl_find_id(card, &id);
1207 	if (kctl == NULL) {
1208 		result = -ENOENT;
1209 	} else {
1210 		vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)];
1211 		if (vd->owner == NULL)
1212 			result = -EINVAL;
1213 		else if (vd->owner != file)
1214 			result = -EPERM;
1215 		else {
1216 			vd->owner = NULL;
1217 			result = 0;
1218 		}
1219 	}
1220 	up_write(&card->controls_rwsem);
1221 	return result;
1222 }
1223 
1224 struct user_element {
1225 	struct snd_ctl_elem_info info;
1226 	struct snd_card *card;
1227 	char *elem_data;		/* element data */
1228 	unsigned long elem_data_size;	/* size of element data in bytes */
1229 	void *tlv_data;			/* TLV data */
1230 	unsigned long tlv_data_size;	/* TLV data size */
1231 	void *priv_data;		/* private data (like strings for enumerated type) */
1232 };
1233 
snd_ctl_elem_user_info(struct snd_kcontrol * kcontrol,struct snd_ctl_elem_info * uinfo)1234 static int snd_ctl_elem_user_info(struct snd_kcontrol *kcontrol,
1235 				  struct snd_ctl_elem_info *uinfo)
1236 {
1237 	struct user_element *ue = kcontrol->private_data;
1238 	unsigned int offset;
1239 
1240 	offset = snd_ctl_get_ioff(kcontrol, &uinfo->id);
1241 	*uinfo = ue->info;
1242 	snd_ctl_build_ioff(&uinfo->id, kcontrol, offset);
1243 
1244 	return 0;
1245 }
1246 
snd_ctl_elem_user_enum_info(struct snd_kcontrol * kcontrol,struct snd_ctl_elem_info * uinfo)1247 static int snd_ctl_elem_user_enum_info(struct snd_kcontrol *kcontrol,
1248 				       struct snd_ctl_elem_info *uinfo)
1249 {
1250 	struct user_element *ue = kcontrol->private_data;
1251 	const char *names;
1252 	unsigned int item;
1253 	unsigned int offset;
1254 
1255 	item = uinfo->value.enumerated.item;
1256 
1257 	offset = snd_ctl_get_ioff(kcontrol, &uinfo->id);
1258 	*uinfo = ue->info;
1259 	snd_ctl_build_ioff(&uinfo->id, kcontrol, offset);
1260 
1261 	item = min(item, uinfo->value.enumerated.items - 1);
1262 	uinfo->value.enumerated.item = item;
1263 
1264 	names = ue->priv_data;
1265 	for (; item > 0; --item)
1266 		names += strlen(names) + 1;
1267 	strcpy(uinfo->value.enumerated.name, names);
1268 
1269 	return 0;
1270 }
1271 
snd_ctl_elem_user_get(struct snd_kcontrol * kcontrol,struct snd_ctl_elem_value * ucontrol)1272 static int snd_ctl_elem_user_get(struct snd_kcontrol *kcontrol,
1273 				 struct snd_ctl_elem_value *ucontrol)
1274 {
1275 	struct user_element *ue = kcontrol->private_data;
1276 	unsigned int size = ue->elem_data_size;
1277 	char *src = ue->elem_data +
1278 			snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size;
1279 
1280 	memcpy(&ucontrol->value, src, size);
1281 	return 0;
1282 }
1283 
snd_ctl_elem_user_put(struct snd_kcontrol * kcontrol,struct snd_ctl_elem_value * ucontrol)1284 static int snd_ctl_elem_user_put(struct snd_kcontrol *kcontrol,
1285 				 struct snd_ctl_elem_value *ucontrol)
1286 {
1287 	int change;
1288 	struct user_element *ue = kcontrol->private_data;
1289 	unsigned int size = ue->elem_data_size;
1290 	char *dst = ue->elem_data +
1291 			snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size;
1292 
1293 	change = memcmp(&ucontrol->value, dst, size) != 0;
1294 	if (change)
1295 		memcpy(dst, &ucontrol->value, size);
1296 	return change;
1297 }
1298 
replace_user_tlv(struct snd_kcontrol * kctl,unsigned int __user * buf,unsigned int size)1299 static int replace_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf,
1300 			    unsigned int size)
1301 {
1302 	struct user_element *ue = kctl->private_data;
1303 	unsigned int *container;
1304 	struct snd_ctl_elem_id id;
1305 	unsigned int mask = 0;
1306 	int i;
1307 	int change;
1308 
1309 	if (size > 1024 * 128)	/* sane value */
1310 		return -EINVAL;
1311 
1312 	container = vmemdup_user(buf, size);
1313 	if (IS_ERR(container))
1314 		return PTR_ERR(container);
1315 
1316 	change = ue->tlv_data_size != size;
1317 	if (!change)
1318 		change = memcmp(ue->tlv_data, container, size) != 0;
1319 	if (!change) {
1320 		kvfree(container);
1321 		return 0;
1322 	}
1323 
1324 	if (ue->tlv_data == NULL) {
1325 		/* Now TLV data is available. */
1326 		for (i = 0; i < kctl->count; ++i)
1327 			kctl->vd[i].access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ;
1328 		mask = SNDRV_CTL_EVENT_MASK_INFO;
1329 	}
1330 
1331 	kvfree(ue->tlv_data);
1332 	ue->tlv_data = container;
1333 	ue->tlv_data_size = size;
1334 
1335 	mask |= SNDRV_CTL_EVENT_MASK_TLV;
1336 	for (i = 0; i < kctl->count; ++i) {
1337 		snd_ctl_build_ioff(&id, kctl, i);
1338 		snd_ctl_notify(ue->card, mask, &id);
1339 	}
1340 
1341 	return change;
1342 }
1343 
read_user_tlv(struct snd_kcontrol * kctl,unsigned int __user * buf,unsigned int size)1344 static int read_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf,
1345 			 unsigned int size)
1346 {
1347 	struct user_element *ue = kctl->private_data;
1348 
1349 	if (ue->tlv_data_size == 0 || ue->tlv_data == NULL)
1350 		return -ENXIO;
1351 
1352 	if (size < ue->tlv_data_size)
1353 		return -ENOSPC;
1354 
1355 	if (copy_to_user(buf, ue->tlv_data, ue->tlv_data_size))
1356 		return -EFAULT;
1357 
1358 	return 0;
1359 }
1360 
snd_ctl_elem_user_tlv(struct snd_kcontrol * kctl,int op_flag,unsigned int size,unsigned int __user * buf)1361 static int snd_ctl_elem_user_tlv(struct snd_kcontrol *kctl, int op_flag,
1362 				 unsigned int size, unsigned int __user *buf)
1363 {
1364 	if (op_flag == SNDRV_CTL_TLV_OP_WRITE)
1365 		return replace_user_tlv(kctl, buf, size);
1366 	else
1367 		return read_user_tlv(kctl, buf, size);
1368 }
1369 
snd_ctl_elem_init_enum_names(struct user_element * ue)1370 static int snd_ctl_elem_init_enum_names(struct user_element *ue)
1371 {
1372 	char *names, *p;
1373 	size_t buf_len, name_len;
1374 	unsigned int i;
1375 	const uintptr_t user_ptrval = ue->info.value.enumerated.names_ptr;
1376 
1377 	if (ue->info.value.enumerated.names_length > 64 * 1024)
1378 		return -EINVAL;
1379 
1380 	names = vmemdup_user((const void __user *)user_ptrval,
1381 		ue->info.value.enumerated.names_length);
1382 	if (IS_ERR(names))
1383 		return PTR_ERR(names);
1384 
1385 	/* check that there are enough valid names */
1386 	buf_len = ue->info.value.enumerated.names_length;
1387 	p = names;
1388 	for (i = 0; i < ue->info.value.enumerated.items; ++i) {
1389 		name_len = strnlen(p, buf_len);
1390 		if (name_len == 0 || name_len >= 64 || name_len == buf_len) {
1391 			kvfree(names);
1392 			return -EINVAL;
1393 		}
1394 		p += name_len + 1;
1395 		buf_len -= name_len + 1;
1396 	}
1397 
1398 	ue->priv_data = names;
1399 	ue->info.value.enumerated.names_ptr = 0;
1400 
1401 	return 0;
1402 }
1403 
snd_ctl_elem_user_free(struct snd_kcontrol * kcontrol)1404 static void snd_ctl_elem_user_free(struct snd_kcontrol *kcontrol)
1405 {
1406 	struct user_element *ue = kcontrol->private_data;
1407 
1408 	kvfree(ue->tlv_data);
1409 	kvfree(ue->priv_data);
1410 	kfree(ue);
1411 }
1412 
snd_ctl_elem_add(struct snd_ctl_file * file,struct snd_ctl_elem_info * info,int replace)1413 static int snd_ctl_elem_add(struct snd_ctl_file *file,
1414 			    struct snd_ctl_elem_info *info, int replace)
1415 {
1416 	struct snd_card *card = file->card;
1417 	struct snd_kcontrol *kctl;
1418 	unsigned int count;
1419 	unsigned int access;
1420 	long private_size;
1421 	struct user_element *ue;
1422 	unsigned int offset;
1423 	int err;
1424 
1425 	if (!*info->id.name)
1426 		return -EINVAL;
1427 	if (strnlen(info->id.name, sizeof(info->id.name)) >= sizeof(info->id.name))
1428 		return -EINVAL;
1429 
1430 	/* Delete a control to replace them if needed. */
1431 	if (replace) {
1432 		info->id.numid = 0;
1433 		err = snd_ctl_remove_user_ctl(file, &info->id);
1434 		if (err)
1435 			return err;
1436 	}
1437 
1438 	/*
1439 	 * The number of userspace controls are counted control by control,
1440 	 * not element by element.
1441 	 */
1442 	if (card->user_ctl_count + 1 > MAX_USER_CONTROLS)
1443 		return -ENOMEM;
1444 
1445 	/* Check the number of elements for this userspace control. */
1446 	count = info->owner;
1447 	if (count == 0)
1448 		count = 1;
1449 
1450 	/* Arrange access permissions if needed. */
1451 	access = info->access;
1452 	if (access == 0)
1453 		access = SNDRV_CTL_ELEM_ACCESS_READWRITE;
1454 	access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE |
1455 		   SNDRV_CTL_ELEM_ACCESS_INACTIVE |
1456 		   SNDRV_CTL_ELEM_ACCESS_TLV_WRITE);
1457 
1458 	/* In initial state, nothing is available as TLV container. */
1459 	if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE)
1460 		access |= SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK;
1461 	access |= SNDRV_CTL_ELEM_ACCESS_USER;
1462 
1463 	/*
1464 	 * Check information and calculate the size of data specific to
1465 	 * this userspace control.
1466 	 */
1467 	/* pass NULL to card for suppressing error messages */
1468 	err = snd_ctl_check_elem_info(NULL, info);
1469 	if (err < 0)
1470 		return err;
1471 	/* user-space control doesn't allow zero-size data */
1472 	if (info->count < 1)
1473 		return -EINVAL;
1474 	private_size = value_sizes[info->type] * info->count;
1475 
1476 	/*
1477 	 * Keep memory object for this userspace control. After passing this
1478 	 * code block, the instance should be freed by snd_ctl_free_one().
1479 	 *
1480 	 * Note that these elements in this control are locked.
1481 	 */
1482 	err = snd_ctl_new(&kctl, count, access, file);
1483 	if (err < 0)
1484 		return err;
1485 	memcpy(&kctl->id, &info->id, sizeof(kctl->id));
1486 	kctl->private_data = kzalloc(sizeof(struct user_element) + private_size * count,
1487 				     GFP_KERNEL);
1488 	if (kctl->private_data == NULL) {
1489 		kfree(kctl);
1490 		return -ENOMEM;
1491 	}
1492 	kctl->private_free = snd_ctl_elem_user_free;
1493 
1494 	/* Set private data for this userspace control. */
1495 	ue = (struct user_element *)kctl->private_data;
1496 	ue->card = card;
1497 	ue->info = *info;
1498 	ue->info.access = 0;
1499 	ue->elem_data = (char *)ue + sizeof(*ue);
1500 	ue->elem_data_size = private_size;
1501 	if (ue->info.type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) {
1502 		err = snd_ctl_elem_init_enum_names(ue);
1503 		if (err < 0) {
1504 			snd_ctl_free_one(kctl);
1505 			return err;
1506 		}
1507 	}
1508 
1509 	/* Set callback functions. */
1510 	if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED)
1511 		kctl->info = snd_ctl_elem_user_enum_info;
1512 	else
1513 		kctl->info = snd_ctl_elem_user_info;
1514 	if (access & SNDRV_CTL_ELEM_ACCESS_READ)
1515 		kctl->get = snd_ctl_elem_user_get;
1516 	if (access & SNDRV_CTL_ELEM_ACCESS_WRITE)
1517 		kctl->put = snd_ctl_elem_user_put;
1518 	if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE)
1519 		kctl->tlv.c = snd_ctl_elem_user_tlv;
1520 
1521 	/* This function manage to free the instance on failure. */
1522 	down_write(&card->controls_rwsem);
1523 	err = __snd_ctl_add_replace(card, kctl, CTL_ADD_EXCLUSIVE);
1524 	if (err < 0) {
1525 		snd_ctl_free_one(kctl);
1526 		goto unlock;
1527 	}
1528 	offset = snd_ctl_get_ioff(kctl, &info->id);
1529 	snd_ctl_build_ioff(&info->id, kctl, offset);
1530 	/*
1531 	 * Here we cannot fill any field for the number of elements added by
1532 	 * this operation because there're no specific fields. The usage of
1533 	 * 'owner' field for this purpose may cause any bugs to userspace
1534 	 * applications because the field originally means PID of a process
1535 	 * which locks the element.
1536 	 */
1537 
1538 	card->user_ctl_count++;
1539 
1540  unlock:
1541 	up_write(&card->controls_rwsem);
1542 	return err;
1543 }
1544 
snd_ctl_elem_add_user(struct snd_ctl_file * file,struct snd_ctl_elem_info __user * _info,int replace)1545 static int snd_ctl_elem_add_user(struct snd_ctl_file *file,
1546 				 struct snd_ctl_elem_info __user *_info, int replace)
1547 {
1548 	struct snd_ctl_elem_info info;
1549 	int err;
1550 
1551 	if (copy_from_user(&info, _info, sizeof(info)))
1552 		return -EFAULT;
1553 	err = snd_ctl_elem_add(file, &info, replace);
1554 	if (err < 0)
1555 		return err;
1556 	if (copy_to_user(_info, &info, sizeof(info))) {
1557 		snd_ctl_remove_user_ctl(file, &info.id);
1558 		return -EFAULT;
1559 	}
1560 
1561 	return 0;
1562 }
1563 
snd_ctl_elem_remove(struct snd_ctl_file * file,struct snd_ctl_elem_id __user * _id)1564 static int snd_ctl_elem_remove(struct snd_ctl_file *file,
1565 			       struct snd_ctl_elem_id __user *_id)
1566 {
1567 	struct snd_ctl_elem_id id;
1568 
1569 	if (copy_from_user(&id, _id, sizeof(id)))
1570 		return -EFAULT;
1571 	return snd_ctl_remove_user_ctl(file, &id);
1572 }
1573 
snd_ctl_subscribe_events(struct snd_ctl_file * file,int __user * ptr)1574 static int snd_ctl_subscribe_events(struct snd_ctl_file *file, int __user *ptr)
1575 {
1576 	int subscribe;
1577 	if (get_user(subscribe, ptr))
1578 		return -EFAULT;
1579 	if (subscribe < 0) {
1580 		subscribe = file->subscribed;
1581 		if (put_user(subscribe, ptr))
1582 			return -EFAULT;
1583 		return 0;
1584 	}
1585 	if (subscribe) {
1586 		file->subscribed = 1;
1587 		return 0;
1588 	} else if (file->subscribed) {
1589 		snd_ctl_empty_read_queue(file);
1590 		file->subscribed = 0;
1591 	}
1592 	return 0;
1593 }
1594 
call_tlv_handler(struct snd_ctl_file * file,int op_flag,struct snd_kcontrol * kctl,struct snd_ctl_elem_id * id,unsigned int __user * buf,unsigned int size)1595 static int call_tlv_handler(struct snd_ctl_file *file, int op_flag,
1596 			    struct snd_kcontrol *kctl,
1597 			    struct snd_ctl_elem_id *id,
1598 			    unsigned int __user *buf, unsigned int size)
1599 {
1600 	static const struct {
1601 		int op;
1602 		int perm;
1603 	} pairs[] = {
1604 		{SNDRV_CTL_TLV_OP_READ,  SNDRV_CTL_ELEM_ACCESS_TLV_READ},
1605 		{SNDRV_CTL_TLV_OP_WRITE, SNDRV_CTL_ELEM_ACCESS_TLV_WRITE},
1606 		{SNDRV_CTL_TLV_OP_CMD,   SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND},
1607 	};
1608 	struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)];
1609 	int i;
1610 
1611 	/* Check support of the request for this element. */
1612 	for (i = 0; i < ARRAY_SIZE(pairs); ++i) {
1613 		if (op_flag == pairs[i].op && (vd->access & pairs[i].perm))
1614 			break;
1615 	}
1616 	if (i == ARRAY_SIZE(pairs))
1617 		return -ENXIO;
1618 
1619 	if (kctl->tlv.c == NULL)
1620 		return -ENXIO;
1621 
1622 	/* Write and command operations are not allowed for locked element. */
1623 	if (op_flag != SNDRV_CTL_TLV_OP_READ &&
1624 	    vd->owner != NULL && vd->owner != file)
1625 		return -EPERM;
1626 
1627 	return kctl->tlv.c(kctl, op_flag, size, buf);
1628 }
1629 
read_tlv_buf(struct snd_kcontrol * kctl,struct snd_ctl_elem_id * id,unsigned int __user * buf,unsigned int size)1630 static int read_tlv_buf(struct snd_kcontrol *kctl, struct snd_ctl_elem_id *id,
1631 			unsigned int __user *buf, unsigned int size)
1632 {
1633 	struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)];
1634 	unsigned int len;
1635 
1636 	if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_READ))
1637 		return -ENXIO;
1638 
1639 	if (kctl->tlv.p == NULL)
1640 		return -ENXIO;
1641 
1642 	len = sizeof(unsigned int) * 2 + kctl->tlv.p[1];
1643 	if (size < len)
1644 		return -ENOMEM;
1645 
1646 	if (copy_to_user(buf, kctl->tlv.p, len))
1647 		return -EFAULT;
1648 
1649 	return 0;
1650 }
1651 
snd_ctl_tlv_ioctl(struct snd_ctl_file * file,struct snd_ctl_tlv __user * buf,int op_flag)1652 static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file,
1653 			     struct snd_ctl_tlv __user *buf,
1654                              int op_flag)
1655 {
1656 	struct snd_ctl_tlv header;
1657 	unsigned int __user *container;
1658 	unsigned int container_size;
1659 	struct snd_kcontrol *kctl;
1660 	struct snd_ctl_elem_id id;
1661 	struct snd_kcontrol_volatile *vd;
1662 
1663 	if (copy_from_user(&header, buf, sizeof(header)))
1664 		return -EFAULT;
1665 
1666 	/* In design of control core, numerical ID starts at 1. */
1667 	if (header.numid == 0)
1668 		return -EINVAL;
1669 
1670 	/* At least, container should include type and length fields.  */
1671 	if (header.length < sizeof(unsigned int) * 2)
1672 		return -EINVAL;
1673 	container_size = header.length;
1674 	container = buf->tlv;
1675 
1676 	kctl = snd_ctl_find_numid(file->card, header.numid);
1677 	if (kctl == NULL)
1678 		return -ENOENT;
1679 
1680 	/* Calculate index of the element in this set. */
1681 	id = kctl->id;
1682 	snd_ctl_build_ioff(&id, kctl, header.numid - id.numid);
1683 	vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)];
1684 
1685 	if (vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK) {
1686 		return call_tlv_handler(file, op_flag, kctl, &id, container,
1687 					container_size);
1688 	} else {
1689 		if (op_flag == SNDRV_CTL_TLV_OP_READ) {
1690 			return read_tlv_buf(kctl, &id, container,
1691 					    container_size);
1692 		}
1693 	}
1694 
1695 	/* Not supported. */
1696 	return -ENXIO;
1697 }
1698 
snd_ctl_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1699 static long snd_ctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1700 {
1701 	struct snd_ctl_file *ctl;
1702 	struct snd_card *card;
1703 	struct snd_kctl_ioctl *p;
1704 	void __user *argp = (void __user *)arg;
1705 	int __user *ip = argp;
1706 	int err;
1707 
1708 	ctl = file->private_data;
1709 	card = ctl->card;
1710 	if (snd_BUG_ON(!card))
1711 		return -ENXIO;
1712 	switch (cmd) {
1713 	case SNDRV_CTL_IOCTL_PVERSION:
1714 		return put_user(SNDRV_CTL_VERSION, ip) ? -EFAULT : 0;
1715 	case SNDRV_CTL_IOCTL_CARD_INFO:
1716 		return snd_ctl_card_info(card, ctl, cmd, argp);
1717 	case SNDRV_CTL_IOCTL_ELEM_LIST:
1718 		return snd_ctl_elem_list_user(card, argp);
1719 	case SNDRV_CTL_IOCTL_ELEM_INFO:
1720 		return snd_ctl_elem_info_user(ctl, argp);
1721 	case SNDRV_CTL_IOCTL_ELEM_READ:
1722 		return snd_ctl_elem_read_user(card, argp);
1723 	case SNDRV_CTL_IOCTL_ELEM_WRITE:
1724 		return snd_ctl_elem_write_user(ctl, argp);
1725 	case SNDRV_CTL_IOCTL_ELEM_LOCK:
1726 		return snd_ctl_elem_lock(ctl, argp);
1727 	case SNDRV_CTL_IOCTL_ELEM_UNLOCK:
1728 		return snd_ctl_elem_unlock(ctl, argp);
1729 	case SNDRV_CTL_IOCTL_ELEM_ADD:
1730 		return snd_ctl_elem_add_user(ctl, argp, 0);
1731 	case SNDRV_CTL_IOCTL_ELEM_REPLACE:
1732 		return snd_ctl_elem_add_user(ctl, argp, 1);
1733 	case SNDRV_CTL_IOCTL_ELEM_REMOVE:
1734 		return snd_ctl_elem_remove(ctl, argp);
1735 	case SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS:
1736 		return snd_ctl_subscribe_events(ctl, ip);
1737 	case SNDRV_CTL_IOCTL_TLV_READ:
1738 		down_read(&ctl->card->controls_rwsem);
1739 		err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_READ);
1740 		up_read(&ctl->card->controls_rwsem);
1741 		return err;
1742 	case SNDRV_CTL_IOCTL_TLV_WRITE:
1743 		down_write(&ctl->card->controls_rwsem);
1744 		err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_WRITE);
1745 		up_write(&ctl->card->controls_rwsem);
1746 		return err;
1747 	case SNDRV_CTL_IOCTL_TLV_COMMAND:
1748 		down_write(&ctl->card->controls_rwsem);
1749 		err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_CMD);
1750 		up_write(&ctl->card->controls_rwsem);
1751 		return err;
1752 	case SNDRV_CTL_IOCTL_POWER:
1753 		return -ENOPROTOOPT;
1754 	case SNDRV_CTL_IOCTL_POWER_STATE:
1755 #ifdef CONFIG_PM
1756 		return put_user(card->power_state, ip) ? -EFAULT : 0;
1757 #else
1758 		return put_user(SNDRV_CTL_POWER_D0, ip) ? -EFAULT : 0;
1759 #endif
1760 	}
1761 	down_read(&snd_ioctl_rwsem);
1762 	list_for_each_entry(p, &snd_control_ioctls, list) {
1763 		err = p->fioctl(card, ctl, cmd, arg);
1764 		if (err != -ENOIOCTLCMD) {
1765 			up_read(&snd_ioctl_rwsem);
1766 			return err;
1767 		}
1768 	}
1769 	up_read(&snd_ioctl_rwsem);
1770 	dev_dbg(card->dev, "unknown ioctl = 0x%x\n", cmd);
1771 	return -ENOTTY;
1772 }
1773 
snd_ctl_read(struct file * file,char __user * buffer,size_t count,loff_t * offset)1774 static ssize_t snd_ctl_read(struct file *file, char __user *buffer,
1775 			    size_t count, loff_t * offset)
1776 {
1777 	struct snd_ctl_file *ctl;
1778 	int err = 0;
1779 	ssize_t result = 0;
1780 
1781 	ctl = file->private_data;
1782 	if (snd_BUG_ON(!ctl || !ctl->card))
1783 		return -ENXIO;
1784 	if (!ctl->subscribed)
1785 		return -EBADFD;
1786 	if (count < sizeof(struct snd_ctl_event))
1787 		return -EINVAL;
1788 	spin_lock_irq(&ctl->read_lock);
1789 	while (count >= sizeof(struct snd_ctl_event)) {
1790 		struct snd_ctl_event ev;
1791 		struct snd_kctl_event *kev;
1792 		while (list_empty(&ctl->events)) {
1793 			wait_queue_entry_t wait;
1794 			if ((file->f_flags & O_NONBLOCK) != 0 || result > 0) {
1795 				err = -EAGAIN;
1796 				goto __end_lock;
1797 			}
1798 			init_waitqueue_entry(&wait, current);
1799 			add_wait_queue(&ctl->change_sleep, &wait);
1800 			set_current_state(TASK_INTERRUPTIBLE);
1801 			spin_unlock_irq(&ctl->read_lock);
1802 			schedule();
1803 			remove_wait_queue(&ctl->change_sleep, &wait);
1804 			if (ctl->card->shutdown)
1805 				return -ENODEV;
1806 			if (signal_pending(current))
1807 				return -ERESTARTSYS;
1808 			spin_lock_irq(&ctl->read_lock);
1809 		}
1810 		kev = snd_kctl_event(ctl->events.next);
1811 		ev.type = SNDRV_CTL_EVENT_ELEM;
1812 		ev.data.elem.mask = kev->mask;
1813 		ev.data.elem.id = kev->id;
1814 		list_del(&kev->list);
1815 		spin_unlock_irq(&ctl->read_lock);
1816 		kfree(kev);
1817 		if (copy_to_user(buffer, &ev, sizeof(struct snd_ctl_event))) {
1818 			err = -EFAULT;
1819 			goto __end;
1820 		}
1821 		spin_lock_irq(&ctl->read_lock);
1822 		buffer += sizeof(struct snd_ctl_event);
1823 		count -= sizeof(struct snd_ctl_event);
1824 		result += sizeof(struct snd_ctl_event);
1825 	}
1826       __end_lock:
1827 	spin_unlock_irq(&ctl->read_lock);
1828       __end:
1829       	return result > 0 ? result : err;
1830 }
1831 
snd_ctl_poll(struct file * file,poll_table * wait)1832 static __poll_t snd_ctl_poll(struct file *file, poll_table * wait)
1833 {
1834 	__poll_t mask;
1835 	struct snd_ctl_file *ctl;
1836 
1837 	ctl = file->private_data;
1838 	if (!ctl->subscribed)
1839 		return 0;
1840 	poll_wait(file, &ctl->change_sleep, wait);
1841 
1842 	mask = 0;
1843 	if (!list_empty(&ctl->events))
1844 		mask |= EPOLLIN | EPOLLRDNORM;
1845 
1846 	return mask;
1847 }
1848 
1849 /*
1850  * register the device-specific control-ioctls.
1851  * called from each device manager like pcm.c, hwdep.c, etc.
1852  */
_snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn,struct list_head * lists)1853 static int _snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn, struct list_head *lists)
1854 {
1855 	struct snd_kctl_ioctl *pn;
1856 
1857 	pn = kzalloc(sizeof(struct snd_kctl_ioctl), GFP_KERNEL);
1858 	if (pn == NULL)
1859 		return -ENOMEM;
1860 	pn->fioctl = fcn;
1861 	down_write(&snd_ioctl_rwsem);
1862 	list_add_tail(&pn->list, lists);
1863 	up_write(&snd_ioctl_rwsem);
1864 	return 0;
1865 }
1866 
1867 /**
1868  * snd_ctl_register_ioctl - register the device-specific control-ioctls
1869  * @fcn: ioctl callback function
1870  *
1871  * called from each device manager like pcm.c, hwdep.c, etc.
1872  */
snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn)1873 int snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn)
1874 {
1875 	return _snd_ctl_register_ioctl(fcn, &snd_control_ioctls);
1876 }
1877 EXPORT_SYMBOL(snd_ctl_register_ioctl);
1878 
1879 #ifdef CONFIG_COMPAT
1880 /**
1881  * snd_ctl_register_ioctl_compat - register the device-specific 32bit compat
1882  * control-ioctls
1883  * @fcn: ioctl callback function
1884  */
snd_ctl_register_ioctl_compat(snd_kctl_ioctl_func_t fcn)1885 int snd_ctl_register_ioctl_compat(snd_kctl_ioctl_func_t fcn)
1886 {
1887 	return _snd_ctl_register_ioctl(fcn, &snd_control_compat_ioctls);
1888 }
1889 EXPORT_SYMBOL(snd_ctl_register_ioctl_compat);
1890 #endif
1891 
1892 /*
1893  * de-register the device-specific control-ioctls.
1894  */
_snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn,struct list_head * lists)1895 static int _snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn,
1896 				     struct list_head *lists)
1897 {
1898 	struct snd_kctl_ioctl *p;
1899 
1900 	if (snd_BUG_ON(!fcn))
1901 		return -EINVAL;
1902 	down_write(&snd_ioctl_rwsem);
1903 	list_for_each_entry(p, lists, list) {
1904 		if (p->fioctl == fcn) {
1905 			list_del(&p->list);
1906 			up_write(&snd_ioctl_rwsem);
1907 			kfree(p);
1908 			return 0;
1909 		}
1910 	}
1911 	up_write(&snd_ioctl_rwsem);
1912 	snd_BUG();
1913 	return -EINVAL;
1914 }
1915 
1916 /**
1917  * snd_ctl_unregister_ioctl - de-register the device-specific control-ioctls
1918  * @fcn: ioctl callback function to unregister
1919  */
snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn)1920 int snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn)
1921 {
1922 	return _snd_ctl_unregister_ioctl(fcn, &snd_control_ioctls);
1923 }
1924 EXPORT_SYMBOL(snd_ctl_unregister_ioctl);
1925 
1926 #ifdef CONFIG_COMPAT
1927 /**
1928  * snd_ctl_unregister_ioctl_compat - de-register the device-specific compat
1929  * 32bit control-ioctls
1930  * @fcn: ioctl callback function to unregister
1931  */
snd_ctl_unregister_ioctl_compat(snd_kctl_ioctl_func_t fcn)1932 int snd_ctl_unregister_ioctl_compat(snd_kctl_ioctl_func_t fcn)
1933 {
1934 	return _snd_ctl_unregister_ioctl(fcn, &snd_control_compat_ioctls);
1935 }
1936 EXPORT_SYMBOL(snd_ctl_unregister_ioctl_compat);
1937 #endif
1938 
snd_ctl_fasync(int fd,struct file * file,int on)1939 static int snd_ctl_fasync(int fd, struct file * file, int on)
1940 {
1941 	struct snd_ctl_file *ctl;
1942 
1943 	ctl = file->private_data;
1944 	return fasync_helper(fd, file, on, &ctl->fasync);
1945 }
1946 
1947 /* return the preferred subdevice number if already assigned;
1948  * otherwise return -1
1949  */
snd_ctl_get_preferred_subdevice(struct snd_card * card,int type)1950 int snd_ctl_get_preferred_subdevice(struct snd_card *card, int type)
1951 {
1952 	struct snd_ctl_file *kctl;
1953 	int subdevice = -1;
1954 	unsigned long flags;
1955 
1956 	read_lock_irqsave(&card->ctl_files_rwlock, flags);
1957 	list_for_each_entry(kctl, &card->ctl_files, list) {
1958 		if (kctl->pid == task_pid(current)) {
1959 			subdevice = kctl->preferred_subdevice[type];
1960 			if (subdevice != -1)
1961 				break;
1962 		}
1963 	}
1964 	read_unlock_irqrestore(&card->ctl_files_rwlock, flags);
1965 	return subdevice;
1966 }
1967 EXPORT_SYMBOL_GPL(snd_ctl_get_preferred_subdevice);
1968 
1969 /*
1970  * ioctl32 compat
1971  */
1972 #ifdef CONFIG_COMPAT
1973 #include "control_compat.c"
1974 #else
1975 #define snd_ctl_ioctl_compat	NULL
1976 #endif
1977 
1978 /*
1979  *  INIT PART
1980  */
1981 
1982 static const struct file_operations snd_ctl_f_ops =
1983 {
1984 	.owner =	THIS_MODULE,
1985 	.read =		snd_ctl_read,
1986 	.open =		snd_ctl_open,
1987 	.release =	snd_ctl_release,
1988 	.llseek =	no_llseek,
1989 	.poll =		snd_ctl_poll,
1990 	.unlocked_ioctl =	snd_ctl_ioctl,
1991 	.compat_ioctl =	snd_ctl_ioctl_compat,
1992 	.fasync =	snd_ctl_fasync,
1993 };
1994 
1995 /*
1996  * registration of the control device
1997  */
snd_ctl_dev_register(struct snd_device * device)1998 static int snd_ctl_dev_register(struct snd_device *device)
1999 {
2000 	struct snd_card *card = device->device_data;
2001 
2002 	return snd_register_device(SNDRV_DEVICE_TYPE_CONTROL, card, -1,
2003 				   &snd_ctl_f_ops, card, &card->ctl_dev);
2004 }
2005 
2006 /*
2007  * disconnection of the control device
2008  */
snd_ctl_dev_disconnect(struct snd_device * device)2009 static int snd_ctl_dev_disconnect(struct snd_device *device)
2010 {
2011 	struct snd_card *card = device->device_data;
2012 	struct snd_ctl_file *ctl;
2013 	unsigned long flags;
2014 
2015 	read_lock_irqsave(&card->ctl_files_rwlock, flags);
2016 	list_for_each_entry(ctl, &card->ctl_files, list) {
2017 		wake_up(&ctl->change_sleep);
2018 		kill_fasync(&ctl->fasync, SIGIO, POLL_ERR);
2019 	}
2020 	read_unlock_irqrestore(&card->ctl_files_rwlock, flags);
2021 
2022 	return snd_unregister_device(&card->ctl_dev);
2023 }
2024 
2025 /*
2026  * free all controls
2027  */
snd_ctl_dev_free(struct snd_device * device)2028 static int snd_ctl_dev_free(struct snd_device *device)
2029 {
2030 	struct snd_card *card = device->device_data;
2031 	struct snd_kcontrol *control;
2032 
2033 	down_write(&card->controls_rwsem);
2034 	while (!list_empty(&card->controls)) {
2035 		control = snd_kcontrol(card->controls.next);
2036 		snd_ctl_remove(card, control);
2037 	}
2038 	up_write(&card->controls_rwsem);
2039 	put_device(&card->ctl_dev);
2040 	return 0;
2041 }
2042 
2043 /*
2044  * create control core:
2045  * called from init.c
2046  */
snd_ctl_create(struct snd_card * card)2047 int snd_ctl_create(struct snd_card *card)
2048 {
2049 	static const struct snd_device_ops ops = {
2050 		.dev_free = snd_ctl_dev_free,
2051 		.dev_register =	snd_ctl_dev_register,
2052 		.dev_disconnect = snd_ctl_dev_disconnect,
2053 	};
2054 	int err;
2055 
2056 	if (snd_BUG_ON(!card))
2057 		return -ENXIO;
2058 	if (snd_BUG_ON(card->number < 0 || card->number >= SNDRV_CARDS))
2059 		return -ENXIO;
2060 
2061 	snd_device_initialize(&card->ctl_dev, card);
2062 	dev_set_name(&card->ctl_dev, "controlC%d", card->number);
2063 
2064 	err = snd_device_new(card, SNDRV_DEV_CONTROL, card, &ops);
2065 	if (err < 0)
2066 		put_device(&card->ctl_dev);
2067 	return err;
2068 }
2069 
2070 /*
2071  * Frequently used control callbacks/helpers
2072  */
2073 
2074 /**
2075  * snd_ctl_boolean_mono_info - Helper function for a standard boolean info
2076  * callback with a mono channel
2077  * @kcontrol: the kcontrol instance
2078  * @uinfo: info to store
2079  *
2080  * This is a function that can be used as info callback for a standard
2081  * boolean control with a single mono channel.
2082  */
snd_ctl_boolean_mono_info(struct snd_kcontrol * kcontrol,struct snd_ctl_elem_info * uinfo)2083 int snd_ctl_boolean_mono_info(struct snd_kcontrol *kcontrol,
2084 			      struct snd_ctl_elem_info *uinfo)
2085 {
2086 	uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN;
2087 	uinfo->count = 1;
2088 	uinfo->value.integer.min = 0;
2089 	uinfo->value.integer.max = 1;
2090 	return 0;
2091 }
2092 EXPORT_SYMBOL(snd_ctl_boolean_mono_info);
2093 
2094 /**
2095  * snd_ctl_boolean_stereo_info - Helper function for a standard boolean info
2096  * callback with stereo two channels
2097  * @kcontrol: the kcontrol instance
2098  * @uinfo: info to store
2099  *
2100  * This is a function that can be used as info callback for a standard
2101  * boolean control with stereo two channels.
2102  */
snd_ctl_boolean_stereo_info(struct snd_kcontrol * kcontrol,struct snd_ctl_elem_info * uinfo)2103 int snd_ctl_boolean_stereo_info(struct snd_kcontrol *kcontrol,
2104 				struct snd_ctl_elem_info *uinfo)
2105 {
2106 	uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN;
2107 	uinfo->count = 2;
2108 	uinfo->value.integer.min = 0;
2109 	uinfo->value.integer.max = 1;
2110 	return 0;
2111 }
2112 EXPORT_SYMBOL(snd_ctl_boolean_stereo_info);
2113 
2114 /**
2115  * snd_ctl_enum_info - fills the info structure for an enumerated control
2116  * @info: the structure to be filled
2117  * @channels: the number of the control's channels; often one
2118  * @items: the number of control values; also the size of @names
2119  * @names: an array containing the names of all control values
2120  *
2121  * Sets all required fields in @info to their appropriate values.
2122  * If the control's accessibility is not the default (readable and writable),
2123  * the caller has to fill @info->access.
2124  *
2125  * Return: Zero.
2126  */
snd_ctl_enum_info(struct snd_ctl_elem_info * info,unsigned int channels,unsigned int items,const char * const names[])2127 int snd_ctl_enum_info(struct snd_ctl_elem_info *info, unsigned int channels,
2128 		      unsigned int items, const char *const names[])
2129 {
2130 	info->type = SNDRV_CTL_ELEM_TYPE_ENUMERATED;
2131 	info->count = channels;
2132 	info->value.enumerated.items = items;
2133 	if (!items)
2134 		return 0;
2135 	if (info->value.enumerated.item >= items)
2136 		info->value.enumerated.item = items - 1;
2137 	WARN(strlen(names[info->value.enumerated.item]) >= sizeof(info->value.enumerated.name),
2138 	     "ALSA: too long item name '%s'\n",
2139 	     names[info->value.enumerated.item]);
2140 	strlcpy(info->value.enumerated.name,
2141 		names[info->value.enumerated.item],
2142 		sizeof(info->value.enumerated.name));
2143 	return 0;
2144 }
2145 EXPORT_SYMBOL(snd_ctl_enum_info);
2146