1 From 6addb1d6de1968b84852f54561cc9a999909b5a9 Mon Sep 17 00:00:00 2001
2 From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
3 Date: Thu, 30 Aug 2007 00:22:18 -0400
4 Subject: Input: evdev - implement proper locking
6 From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
8 patch 6addb1d6de1968b84852f54561cc9a999909b5a9 in mainline.
10 Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
11 Cc: Al Viro <viro@ZenIV.linux.org.uk>
12 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
15 drivers/input/evdev.c | 719 +++++++++++++++++++++++++++++++++-----------------
16 1 file changed, 476 insertions(+), 243 deletions(-)
18 --- a/drivers/input/evdev.c
19 +++ b/drivers/input/evdev.c
20 @@ -30,6 +30,8 @@ struct evdev {
21 wait_queue_head_t wait;
22 struct evdev_client *grab;
23 struct list_head client_list;
24 + spinlock_t client_lock; /* protects client_list */
29 @@ -37,39 +39,53 @@ struct evdev_client {
30 struct input_event buffer[EVDEV_BUFFER_SIZE];
33 + spinlock_t buffer_lock; /* protects access to buffer, head and tail */
34 struct fasync_struct *fasync;
36 struct list_head node;
39 static struct evdev *evdev_table[EVDEV_MINORS];
40 +static DEFINE_MUTEX(evdev_table_mutex);
42 -static void evdev_event(struct input_handle *handle, unsigned int type, unsigned int code, int value)
43 +static void evdev_pass_event(struct evdev_client *client,
44 + struct input_event *event)
47 + * Interrupts are disabled, just acquire the lock
49 + spin_lock(&client->buffer_lock);
50 + client->buffer[client->head++] = *event;
51 + client->head &= EVDEV_BUFFER_SIZE - 1;
52 + spin_unlock(&client->buffer_lock);
54 + kill_fasync(&client->fasync, SIGIO, POLL_IN);
58 + * Pass incoming event to all connected clients. Note that we are
59 + * caleld under a spinlock with interrupts off so we don't need
60 + * to use rcu_read_lock() here. Writers will be using syncronize_sched()
61 + * instead of synchrnoize_rcu().
63 +static void evdev_event(struct input_handle *handle,
64 + unsigned int type, unsigned int code, int value)
66 struct evdev *evdev = handle->private;
67 struct evdev_client *client;
68 + struct input_event event;
71 - client = evdev->grab;
73 - do_gettimeofday(&client->buffer[client->head].time);
74 - client->buffer[client->head].type = type;
75 - client->buffer[client->head].code = code;
76 - client->buffer[client->head].value = value;
77 - client->head = (client->head + 1) & (EVDEV_BUFFER_SIZE - 1);
79 - kill_fasync(&client->fasync, SIGIO, POLL_IN);
81 - list_for_each_entry(client, &evdev->client_list, node) {
83 - do_gettimeofday(&client->buffer[client->head].time);
84 - client->buffer[client->head].type = type;
85 - client->buffer[client->head].code = code;
86 - client->buffer[client->head].value = value;
87 - client->head = (client->head + 1) & (EVDEV_BUFFER_SIZE - 1);
89 - kill_fasync(&client->fasync, SIGIO, POLL_IN);
91 + do_gettimeofday(&event.time);
94 + event.value = value;
96 + client = rcu_dereference(evdev->grab);
98 + evdev_pass_event(client, &event);
100 + list_for_each_entry_rcu(client, &evdev->client_list, node)
101 + evdev_pass_event(client, &event);
103 wake_up_interruptible(&evdev->wait);
105 @@ -88,38 +104,142 @@ static int evdev_flush(struct file *file
107 struct evdev_client *client = file->private_data;
108 struct evdev *evdev = client->evdev;
111 + retval = mutex_lock_interruptible(&evdev->mutex);
119 + retval = input_flush_device(&evdev->handle, file);
121 - return input_flush_device(&evdev->handle, file);
122 + mutex_unlock(&evdev->mutex);
126 static void evdev_free(struct device *dev)
128 struct evdev *evdev = container_of(dev, struct evdev, dev);
130 - evdev_table[evdev->minor] = NULL;
135 + * Grabs an event device (along with underlying input device).
136 + * This function is called with evdev->mutex taken.
138 +static int evdev_grab(struct evdev *evdev, struct evdev_client *client)
145 + error = input_grab_device(&evdev->handle);
149 + rcu_assign_pointer(evdev->grab, client);
151 + * We don't use synchronize_rcu() here because read-side
152 + * critical section is protected by a spinlock instead
153 + * of rcu_read_lock().
155 + synchronize_sched();
160 +static int evdev_ungrab(struct evdev *evdev, struct evdev_client *client)
162 + if (evdev->grab != client)
165 + rcu_assign_pointer(evdev->grab, NULL);
166 + synchronize_sched();
167 + input_release_device(&evdev->handle);
172 +static void evdev_attach_client(struct evdev *evdev,
173 + struct evdev_client *client)
175 + spin_lock(&evdev->client_lock);
176 + list_add_tail_rcu(&client->node, &evdev->client_list);
177 + spin_unlock(&evdev->client_lock);
178 + synchronize_sched();
181 +static void evdev_detach_client(struct evdev *evdev,
182 + struct evdev_client *client)
184 + spin_lock(&evdev->client_lock);
185 + list_del_rcu(&client->node);
186 + spin_unlock(&evdev->client_lock);
187 + synchronize_sched();
190 +static int evdev_open_device(struct evdev *evdev)
194 + retval = mutex_lock_interruptible(&evdev->mutex);
200 + else if (!evdev->open++)
201 + retval = input_open_device(&evdev->handle);
203 + mutex_unlock(&evdev->mutex);
207 +static void evdev_close_device(struct evdev *evdev)
209 + mutex_lock(&evdev->mutex);
211 + if (evdev->exist && !--evdev->open)
212 + input_close_device(&evdev->handle);
214 + mutex_unlock(&evdev->mutex);
218 + * Wake up users waiting for IO so they can disconnect from
221 +static void evdev_hangup(struct evdev *evdev)
223 + struct evdev_client *client;
225 + spin_lock(&evdev->client_lock);
226 + list_for_each_entry(client, &evdev->client_list, node)
227 + kill_fasync(&client->fasync, SIGIO, POLL_HUP);
228 + spin_unlock(&evdev->client_lock);
230 + wake_up_interruptible(&evdev->wait);
233 static int evdev_release(struct inode *inode, struct file *file)
235 struct evdev_client *client = file->private_data;
236 struct evdev *evdev = client->evdev;
238 - if (evdev->grab == client) {
239 - input_release_device(&evdev->handle);
240 - evdev->grab = NULL;
242 + mutex_lock(&evdev->mutex);
243 + if (evdev->grab == client)
244 + evdev_ungrab(evdev, client);
245 + mutex_unlock(&evdev->mutex);
247 evdev_fasync(-1, file, 0);
248 - list_del(&client->node);
249 + evdev_detach_client(evdev, client);
252 - if (!--evdev->open && evdev->exist)
253 - input_close_device(&evdev->handle);
255 + evdev_close_device(evdev);
256 put_device(&evdev->dev);
259 @@ -127,41 +247,44 @@ static int evdev_release(struct inode *i
261 static int evdev_open(struct inode *inode, struct file *file)
263 - struct evdev_client *client;
265 + struct evdev_client *client;
266 int i = iminor(inode) - EVDEV_MINOR_BASE;
269 if (i >= EVDEV_MINORS)
272 + error = mutex_lock_interruptible(&evdev_table_mutex);
275 evdev = evdev_table[i];
277 + get_device(&evdev->dev);
278 + mutex_unlock(&evdev_table_mutex);
280 - if (!evdev || !evdev->exist)
284 - get_device(&evdev->dev);
286 client = kzalloc(sizeof(struct evdev_client), GFP_KERNEL);
292 + spin_lock_init(&client->buffer_lock);
293 client->evdev = evdev;
294 - list_add_tail(&client->node, &evdev->client_list);
295 + evdev_attach_client(evdev, client);
297 - if (!evdev->open++ && evdev->exist) {
298 - error = input_open_device(&evdev->handle);
300 - goto err_free_client;
302 + error = evdev_open_device(evdev);
304 + goto err_free_client;
306 file->private_data = client;
310 - list_del(&client->node);
311 + evdev_detach_client(evdev, client);
314 put_device(&evdev->dev);
315 @@ -197,12 +320,14 @@ static inline size_t evdev_event_size(vo
316 sizeof(struct input_event_compat) : sizeof(struct input_event);
319 -static int evdev_event_from_user(const char __user *buffer, struct input_event *event)
320 +static int evdev_event_from_user(const char __user *buffer,
321 + struct input_event *event)
324 struct input_event_compat compat_event;
326 - if (copy_from_user(&compat_event, buffer, sizeof(struct input_event_compat)))
327 + if (copy_from_user(&compat_event, buffer,
328 + sizeof(struct input_event_compat)))
331 event->time.tv_sec = compat_event.time.tv_sec;
332 @@ -219,7 +344,8 @@ static int evdev_event_from_user(const c
336 -static int evdev_event_to_user(char __user *buffer, const struct input_event *event)
337 +static int evdev_event_to_user(char __user *buffer,
338 + const struct input_event *event)
341 struct input_event_compat compat_event;
342 @@ -230,7 +356,8 @@ static int evdev_event_to_user(char __us
343 compat_event.code = event->code;
344 compat_event.value = event->value;
346 - if (copy_to_user(buffer, &compat_event, sizeof(struct input_event_compat)))
347 + if (copy_to_user(buffer, &compat_event,
348 + sizeof(struct input_event_compat)))
352 @@ -248,7 +375,8 @@ static inline size_t evdev_event_size(vo
353 return sizeof(struct input_event);
356 -static int evdev_event_from_user(const char __user *buffer, struct input_event *event)
357 +static int evdev_event_from_user(const char __user *buffer,
358 + struct input_event *event)
360 if (copy_from_user(event, buffer, sizeof(struct input_event)))
362 @@ -256,7 +384,8 @@ static int evdev_event_from_user(const c
366 -static int evdev_event_to_user(char __user *buffer, const struct input_event *event)
367 +static int evdev_event_to_user(char __user *buffer,
368 + const struct input_event *event)
370 if (copy_to_user(buffer, event, sizeof(struct input_event)))
372 @@ -266,37 +395,71 @@ static int evdev_event_to_user(char __us
374 #endif /* CONFIG_COMPAT */
376 -static ssize_t evdev_write(struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
377 +static ssize_t evdev_write(struct file *file, const char __user *buffer,
378 + size_t count, loff_t *ppos)
380 struct evdev_client *client = file->private_data;
381 struct evdev *evdev = client->evdev;
382 struct input_event event;
388 + retval = mutex_lock_interruptible(&evdev->mutex);
392 + if (!evdev->exist) {
397 while (retval < count) {
399 - if (evdev_event_from_user(buffer + retval, &event))
401 - input_inject_event(&evdev->handle, event.type, event.code, event.value);
402 + if (evdev_event_from_user(buffer + retval, &event)) {
407 + input_inject_event(&evdev->handle,
408 + event.type, event.code, event.value);
409 retval += evdev_event_size();
413 + mutex_unlock(&evdev->mutex);
417 -static ssize_t evdev_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos)
418 +static int evdev_fetch_next_event(struct evdev_client *client,
419 + struct input_event *event)
423 + spin_lock_irq(&client->buffer_lock);
425 + have_event = client->head != client->tail;
427 + *event = client->buffer[client->tail++];
428 + client->tail &= EVDEV_BUFFER_SIZE - 1;
431 + spin_unlock_irq(&client->buffer_lock);
436 +static ssize_t evdev_read(struct file *file, char __user *buffer,
437 + size_t count, loff_t *ppos)
439 struct evdev_client *client = file->private_data;
440 struct evdev *evdev = client->evdev;
441 + struct input_event event;
444 if (count < evdev_event_size())
447 - if (client->head == client->tail && evdev->exist && (file->f_flags & O_NONBLOCK))
448 + if (client->head == client->tail && evdev->exist &&
449 + (file->f_flags & O_NONBLOCK))
452 retval = wait_event_interruptible(evdev->wait,
453 @@ -307,14 +470,12 @@ static ssize_t evdev_read(struct file *f
457 - while (client->head != client->tail && retval + evdev_event_size() <= count) {
459 - struct input_event *event = (struct input_event *) client->buffer + client->tail;
460 + while (retval + evdev_event_size() <= count &&
461 + evdev_fetch_next_event(client, &event)) {
463 - if (evdev_event_to_user(buffer + retval, event))
464 + if (evdev_event_to_user(buffer + retval, &event))
467 - client->tail = (client->tail + 1) & (EVDEV_BUFFER_SIZE - 1);
468 retval += evdev_event_size();
471 @@ -409,8 +570,8 @@ static int str_to_user(const char *str,
472 return copy_to_user(p, str, len) ? -EFAULT : len;
475 -static long evdev_ioctl_handler(struct file *file, unsigned int cmd,
476 - void __user *p, int compat_mode)
477 +static long evdev_do_ioctl(struct file *file, unsigned int cmd,
478 + void __user *p, int compat_mode)
480 struct evdev_client *client = file->private_data;
481 struct evdev *evdev = client->evdev;
482 @@ -421,186 +582,208 @@ static long evdev_ioctl_handler(struct f
491 - case EVIOCGVERSION:
492 - return put_user(EV_VERSION, ip);
493 + case EVIOCGVERSION:
494 + return put_user(EV_VERSION, ip);
497 - if (copy_to_user(p, &dev->id, sizeof(struct input_id)))
501 + if (copy_to_user(p, &dev->id, sizeof(struct input_id)))
506 - if (!test_bit(EV_REP, dev->evbit))
508 - if (put_user(dev->rep[REP_DELAY], ip))
510 - if (put_user(dev->rep[REP_PERIOD], ip + 1))
514 + if (!test_bit(EV_REP, dev->evbit))
516 + if (put_user(dev->rep[REP_DELAY], ip))
518 + if (put_user(dev->rep[REP_PERIOD], ip + 1))
523 - if (!test_bit(EV_REP, dev->evbit))
525 - if (get_user(u, ip))
527 - if (get_user(v, ip + 1))
530 + if (!test_bit(EV_REP, dev->evbit))
532 + if (get_user(u, ip))
534 + if (get_user(v, ip + 1))
537 - input_inject_event(&evdev->handle, EV_REP, REP_DELAY, u);
538 - input_inject_event(&evdev->handle, EV_REP, REP_PERIOD, v);
539 + input_inject_event(&evdev->handle, EV_REP, REP_DELAY, u);
540 + input_inject_event(&evdev->handle, EV_REP, REP_PERIOD, v);
545 - case EVIOCGKEYCODE:
546 - if (get_user(t, ip))
548 + case EVIOCGKEYCODE:
549 + if (get_user(t, ip))
552 - error = dev->getkeycode(dev, t, &v);
555 + error = dev->getkeycode(dev, t, &v);
559 - if (put_user(v, ip + 1))
561 + if (put_user(v, ip + 1))
567 - case EVIOCSKEYCODE:
568 - if (get_user(t, ip) || get_user(v, ip + 1))
570 + case EVIOCSKEYCODE:
571 + if (get_user(t, ip) || get_user(v, ip + 1))
574 - return dev->setkeycode(dev, t, v);
575 + return dev->setkeycode(dev, t, v);
578 - if (copy_from_user(&effect, p, sizeof(effect)))
581 + if (copy_from_user(&effect, p, sizeof(effect)))
584 - error = input_ff_upload(dev, &effect, file);
585 + error = input_ff_upload(dev, &effect, file);
587 - if (put_user(effect.id, &(((struct ff_effect __user *)p)->id)))
589 + if (put_user(effect.id, &(((struct ff_effect __user *)p)->id)))
596 - return input_ff_erase(dev, (int)(unsigned long) p, file);
598 + return input_ff_erase(dev, (int)(unsigned long) p, file);
600 - case EVIOCGEFFECTS:
601 - i = test_bit(EV_FF, dev->evbit) ? dev->ff->max_effects : 0;
602 - if (put_user(i, ip))
605 + case EVIOCGEFFECTS:
606 + i = test_bit(EV_FF, dev->evbit) ?
607 + dev->ff->max_effects : 0;
608 + if (put_user(i, ip))
616 - if (input_grab_device(&evdev->handle))
618 - evdev->grab = client;
621 - if (evdev->grab != client)
623 - input_release_device(&evdev->handle);
624 - evdev->grab = NULL;
628 + return evdev_grab(evdev, client);
630 + return evdev_ungrab(evdev, client);
634 + if (_IOC_TYPE(cmd) != 'E')
637 + if (_IOC_DIR(cmd) == _IOC_READ) {
639 + if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0, 0))) {
641 + unsigned long *bits;
644 + switch (_IOC_NR(cmd) & EV_MAX) {
646 + case 0: bits = dev->evbit; len = EV_MAX; break;
647 + case EV_KEY: bits = dev->keybit; len = KEY_MAX; break;
648 + case EV_REL: bits = dev->relbit; len = REL_MAX; break;
649 + case EV_ABS: bits = dev->absbit; len = ABS_MAX; break;
650 + case EV_MSC: bits = dev->mscbit; len = MSC_MAX; break;
651 + case EV_LED: bits = dev->ledbit; len = LED_MAX; break;
652 + case EV_SND: bits = dev->sndbit; len = SND_MAX; break;
653 + case EV_FF: bits = dev->ffbit; len = FF_MAX; break;
654 + case EV_SW: bits = dev->swbit; len = SW_MAX; break;
655 + default: return -EINVAL;
657 + return bits_to_user(bits, len, _IOC_SIZE(cmd), p, compat_mode);
661 + if (_IOC_NR(cmd) == _IOC_NR(EVIOCGKEY(0)))
662 + return bits_to_user(dev->key, KEY_MAX, _IOC_SIZE(cmd),
665 - if (_IOC_TYPE(cmd) != 'E')
667 + if (_IOC_NR(cmd) == _IOC_NR(EVIOCGLED(0)))
668 + return bits_to_user(dev->led, LED_MAX, _IOC_SIZE(cmd),
671 - if (_IOC_DIR(cmd) == _IOC_READ) {
672 + if (_IOC_NR(cmd) == _IOC_NR(EVIOCGSND(0)))
673 + return bits_to_user(dev->snd, SND_MAX, _IOC_SIZE(cmd),
676 - if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0,0))) {
677 + if (_IOC_NR(cmd) == _IOC_NR(EVIOCGSW(0)))
678 + return bits_to_user(dev->sw, SW_MAX, _IOC_SIZE(cmd),
681 - unsigned long *bits;
683 + if (_IOC_NR(cmd) == _IOC_NR(EVIOCGNAME(0)))
684 + return str_to_user(dev->name, _IOC_SIZE(cmd), p);
686 - switch (_IOC_NR(cmd) & EV_MAX) {
687 - case 0: bits = dev->evbit; len = EV_MAX; break;
688 - case EV_KEY: bits = dev->keybit; len = KEY_MAX; break;
689 - case EV_REL: bits = dev->relbit; len = REL_MAX; break;
690 - case EV_ABS: bits = dev->absbit; len = ABS_MAX; break;
691 - case EV_MSC: bits = dev->mscbit; len = MSC_MAX; break;
692 - case EV_LED: bits = dev->ledbit; len = LED_MAX; break;
693 - case EV_SND: bits = dev->sndbit; len = SND_MAX; break;
694 - case EV_FF: bits = dev->ffbit; len = FF_MAX; break;
695 - case EV_SW: bits = dev->swbit; len = SW_MAX; break;
696 - default: return -EINVAL;
698 - return bits_to_user(bits, len, _IOC_SIZE(cmd), p, compat_mode);
700 + if (_IOC_NR(cmd) == _IOC_NR(EVIOCGPHYS(0)))
701 + return str_to_user(dev->phys, _IOC_SIZE(cmd), p);
703 - if (_IOC_NR(cmd) == _IOC_NR(EVIOCGKEY(0)))
704 - return bits_to_user(dev->key, KEY_MAX, _IOC_SIZE(cmd),
706 + if (_IOC_NR(cmd) == _IOC_NR(EVIOCGUNIQ(0)))
707 + return str_to_user(dev->uniq, _IOC_SIZE(cmd), p);
709 - if (_IOC_NR(cmd) == _IOC_NR(EVIOCGLED(0)))
710 - return bits_to_user(dev->led, LED_MAX, _IOC_SIZE(cmd),
712 + if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) {
714 - if (_IOC_NR(cmd) == _IOC_NR(EVIOCGSND(0)))
715 - return bits_to_user(dev->snd, SND_MAX, _IOC_SIZE(cmd),
717 + t = _IOC_NR(cmd) & ABS_MAX;
719 - if (_IOC_NR(cmd) == _IOC_NR(EVIOCGSW(0)))
720 - return bits_to_user(dev->sw, SW_MAX, _IOC_SIZE(cmd),
722 + abs.value = dev->abs[t];
723 + abs.minimum = dev->absmin[t];
724 + abs.maximum = dev->absmax[t];
725 + abs.fuzz = dev->absfuzz[t];
726 + abs.flat = dev->absflat[t];
728 - if (_IOC_NR(cmd) == _IOC_NR(EVIOCGNAME(0)))
729 - return str_to_user(dev->name, _IOC_SIZE(cmd), p);
730 + if (copy_to_user(p, &abs, sizeof(struct input_absinfo)))
733 - if (_IOC_NR(cmd) == _IOC_NR(EVIOCGPHYS(0)))
734 - return str_to_user(dev->phys, _IOC_SIZE(cmd), p);
738 - if (_IOC_NR(cmd) == _IOC_NR(EVIOCGUNIQ(0)))
739 - return str_to_user(dev->uniq, _IOC_SIZE(cmd), p);
742 - if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) {
743 + if (_IOC_DIR(cmd) == _IOC_WRITE) {
745 - t = _IOC_NR(cmd) & ABS_MAX;
746 + if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) {
748 - abs.value = dev->abs[t];
749 - abs.minimum = dev->absmin[t];
750 - abs.maximum = dev->absmax[t];
751 - abs.fuzz = dev->absfuzz[t];
752 - abs.flat = dev->absflat[t];
753 + t = _IOC_NR(cmd) & ABS_MAX;
755 - if (copy_to_user(p, &abs, sizeof(struct input_absinfo)))
757 + if (copy_from_user(&abs, p,
758 + sizeof(struct input_absinfo)))
762 + * Take event lock to ensure that we are not
763 + * changing device parameters in the middle
766 + spin_lock_irq(&dev->event_lock);
768 + dev->abs[t] = abs.value;
769 + dev->absmin[t] = abs.minimum;
770 + dev->absmax[t] = abs.maximum;
771 + dev->absfuzz[t] = abs.fuzz;
772 + dev->absflat[t] = abs.flat;
776 + spin_unlock_irq(&dev->event_lock);
785 - if (_IOC_DIR(cmd) == _IOC_WRITE) {
787 - if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) {
788 +static long evdev_ioctl_handler(struct file *file, unsigned int cmd,
789 + void __user *p, int compat_mode)
791 + struct evdev_client *client = file->private_data;
792 + struct evdev *evdev = client->evdev;
795 - t = _IOC_NR(cmd) & ABS_MAX;
796 + retval = mutex_lock_interruptible(&evdev->mutex);
800 - if (copy_from_user(&abs, p, sizeof(struct input_absinfo)))
802 + if (!evdev->exist) {
807 - dev->abs[t] = abs.value;
808 - dev->absmin[t] = abs.minimum;
809 - dev->absmax[t] = abs.maximum;
810 - dev->absfuzz[t] = abs.fuzz;
811 - dev->absflat[t] = abs.flat;
812 + retval = evdev_do_ioctl(file, cmd, p, compat_mode);
820 + mutex_unlock(&evdev->mutex);
824 static long evdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
825 @@ -609,27 +792,79 @@ static long evdev_ioctl(struct file *fil
829 -static long evdev_ioctl_compat(struct file *file, unsigned int cmd, unsigned long arg)
830 +static long evdev_ioctl_compat(struct file *file,
831 + unsigned int cmd, unsigned long arg)
833 return evdev_ioctl_handler(file, cmd, compat_ptr(arg), 1);
837 static const struct file_operations evdev_fops = {
838 - .owner = THIS_MODULE,
839 - .read = evdev_read,
840 - .write = evdev_write,
841 - .poll = evdev_poll,
842 - .open = evdev_open,
843 - .release = evdev_release,
844 - .unlocked_ioctl = evdev_ioctl,
845 + .owner = THIS_MODULE,
846 + .read = evdev_read,
847 + .write = evdev_write,
848 + .poll = evdev_poll,
849 + .open = evdev_open,
850 + .release = evdev_release,
851 + .unlocked_ioctl = evdev_ioctl,
853 - .compat_ioctl = evdev_ioctl_compat,
854 + .compat_ioctl = evdev_ioctl_compat,
856 - .fasync = evdev_fasync,
857 - .flush = evdev_flush
858 + .fasync = evdev_fasync,
859 + .flush = evdev_flush
862 +static int evdev_install_chrdev(struct evdev *evdev)
865 + * No need to do any locking here as calls to connect and
866 + * disconnect are serialized by the input core
868 + evdev_table[evdev->minor] = evdev;
872 +static void evdev_remove_chrdev(struct evdev *evdev)
875 + * Lock evdev table to prevent race with evdev_open()
877 + mutex_lock(&evdev_table_mutex);
878 + evdev_table[evdev->minor] = NULL;
879 + mutex_unlock(&evdev_table_mutex);
883 + * Mark device non-existent. This disables writes, ioctls and
884 + * prevents new users from opening the device. Already posted
885 + * blocking reads will stay, however new ones will fail.
887 +static void evdev_mark_dead(struct evdev *evdev)
889 + mutex_lock(&evdev->mutex);
891 + mutex_unlock(&evdev->mutex);
894 +static void evdev_cleanup(struct evdev *evdev)
896 + struct input_handle *handle = &evdev->handle;
898 + evdev_mark_dead(evdev);
899 + evdev_hangup(evdev);
900 + evdev_remove_chrdev(evdev);
902 + /* evdev is marked dead so no one else accesses evdev->open */
904 + input_flush_device(handle, NULL);
905 + input_close_device(handle);
910 + * Create new evdev device. Note that input core serializes calls
911 + * to connect and disconnect so we don't need to lock evdev_table here.
913 static int evdev_connect(struct input_handler *handler, struct input_dev *dev,
914 const struct input_device_id *id)
916 @@ -637,7 +872,10 @@ static int evdev_connect(struct input_ha
920 - for (minor = 0; minor < EVDEV_MINORS && evdev_table[minor]; minor++);
921 + for (minor = 0; minor < EVDEV_MINORS; minor++)
922 + if (!evdev_table[minor])
925 if (minor == EVDEV_MINORS) {
926 printk(KERN_ERR "evdev: no more free evdev devices\n");
928 @@ -648,38 +886,44 @@ static int evdev_connect(struct input_ha
931 INIT_LIST_HEAD(&evdev->client_list);
932 + spin_lock_init(&evdev->client_lock);
933 + mutex_init(&evdev->mutex);
934 init_waitqueue_head(&evdev->wait);
936 + snprintf(evdev->name, sizeof(evdev->name), "event%d", minor);
938 evdev->minor = minor;
940 evdev->handle.dev = dev;
941 evdev->handle.name = evdev->name;
942 evdev->handle.handler = handler;
943 evdev->handle.private = evdev;
944 - snprintf(evdev->name, sizeof(evdev->name), "event%d", minor);
946 - snprintf(evdev->dev.bus_id, sizeof(evdev->dev.bus_id),
948 + strlcpy(evdev->dev.bus_id, evdev->name, sizeof(evdev->dev.bus_id));
949 + evdev->dev.devt = MKDEV(INPUT_MAJOR, EVDEV_MINOR_BASE + minor);
950 evdev->dev.class = &input_class;
951 evdev->dev.parent = &dev->dev;
952 - evdev->dev.devt = MKDEV(INPUT_MAJOR, EVDEV_MINOR_BASE + minor);
953 evdev->dev.release = evdev_free;
954 device_initialize(&evdev->dev);
956 - evdev_table[minor] = evdev;
958 - error = device_add(&evdev->dev);
959 + error = input_register_handle(&evdev->handle);
963 - error = input_register_handle(&evdev->handle);
964 + error = evdev_install_chrdev(evdev);
966 + goto err_unregister_handle;
968 + error = device_add(&evdev->dev);
970 - goto err_delete_evdev;
971 + goto err_cleanup_evdev;
976 - device_del(&evdev->dev);
978 + evdev_cleanup(evdev);
979 + err_unregister_handle:
980 + input_unregister_handle(&evdev->handle);
982 put_device(&evdev->dev);
984 @@ -688,21 +932,10 @@ static int evdev_connect(struct input_ha
985 static void evdev_disconnect(struct input_handle *handle)
987 struct evdev *evdev = handle->private;
988 - struct evdev_client *client;
990 - input_unregister_handle(handle);
991 device_del(&evdev->dev);
996 - input_flush_device(handle, NULL);
997 - input_close_device(handle);
998 - list_for_each_entry(client, &evdev->client_list, node)
999 - kill_fasync(&client->fasync, SIGIO, POLL_HUP);
1000 - wake_up_interruptible(&evdev->wait);
1003 + evdev_cleanup(evdev);
1004 + input_unregister_handle(handle);
1005 put_device(&evdev->dev);
1008 @@ -714,13 +947,13 @@ static const struct input_device_id evde
1009 MODULE_DEVICE_TABLE(input, evdev_ids);
1011 static struct input_handler evdev_handler = {
1012 - .event = evdev_event,
1013 - .connect = evdev_connect,
1014 - .disconnect = evdev_disconnect,
1015 - .fops = &evdev_fops,
1016 - .minor = EVDEV_MINOR_BASE,
1018 - .id_table = evdev_ids,
1019 + .event = evdev_event,
1020 + .connect = evdev_connect,
1021 + .disconnect = evdev_disconnect,
1022 + .fops = &evdev_fops,
1023 + .minor = EVDEV_MINOR_BASE,
1025 + .id_table = evdev_ids,
1028 static int __init evdev_init(void)
projects / thirdparty / kernel / stable-queue.git / blob