Loading...
1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * comedi/comedi_fops.c
4 * comedi kernel module
5 *
6 * COMEDI - Linux Control and Measurement Device Interface
7 * Copyright (C) 1997-2007 David A. Schleef <ds@schleef.org>
8 * compat ioctls:
9 * Author: Ian Abbott, MEV Ltd. <abbotti@mev.co.uk>
10 * Copyright (C) 2007 MEV Ltd. <http://www.mev.co.uk/>
11 */
12
13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
15#include <linux/module.h>
16#include <linux/errno.h>
17#include <linux/kernel.h>
18#include <linux/sched/signal.h>
19#include <linux/fcntl.h>
20#include <linux/delay.h>
21#include <linux/mm.h>
22#include <linux/slab.h>
23#include <linux/poll.h>
24#include <linux/device.h>
25#include <linux/fs.h>
26#include <linux/comedi/comedidev.h>
27#include <linux/cdev.h>
28
29#include <linux/io.h>
30#include <linux/uaccess.h>
31#include <linux/compat.h>
32
33#include "comedi_internal.h"
34
35/*
36 * comedi_subdevice "runflags"
37 * COMEDI_SRF_RT: DEPRECATED: command is running real-time
38 * COMEDI_SRF_ERROR: indicates an COMEDI_CB_ERROR event has occurred
39 * since the last command was started
40 * COMEDI_SRF_RUNNING: command is running
41 * COMEDI_SRF_FREE_SPRIV: free s->private on detach
42 *
43 * COMEDI_SRF_BUSY_MASK: runflags that indicate the subdevice is "busy"
44 */
45#define COMEDI_SRF_RT BIT(1)
46#define COMEDI_SRF_ERROR BIT(2)
47#define COMEDI_SRF_RUNNING BIT(27)
48#define COMEDI_SRF_FREE_SPRIV BIT(31)
49
50#define COMEDI_SRF_BUSY_MASK (COMEDI_SRF_ERROR | COMEDI_SRF_RUNNING)
51
52/**
53 * struct comedi_file - Per-file private data for COMEDI device
54 * @dev: COMEDI device.
55 * @read_subdev: Current "read" subdevice.
56 * @write_subdev: Current "write" subdevice.
57 * @last_detach_count: Last known detach count.
58 * @last_attached: Last known attached/detached state.
59 */
60struct comedi_file {
61 struct comedi_device *dev;
62 struct comedi_subdevice *read_subdev;
63 struct comedi_subdevice *write_subdev;
64 unsigned int last_detach_count;
65 unsigned int last_attached:1;
66};
67
68#define COMEDI_NUM_MINORS 0x100
69#define COMEDI_NUM_SUBDEVICE_MINORS \
70 (COMEDI_NUM_MINORS - COMEDI_NUM_BOARD_MINORS)
71
72static unsigned short comedi_num_legacy_minors;
73module_param(comedi_num_legacy_minors, ushort, 0444);
74MODULE_PARM_DESC(comedi_num_legacy_minors,
75 "number of comedi minor devices to reserve for non-auto-configured devices (default 0)"
76 );
77
78unsigned int comedi_default_buf_size_kb = CONFIG_COMEDI_DEFAULT_BUF_SIZE_KB;
79module_param(comedi_default_buf_size_kb, uint, 0644);
80MODULE_PARM_DESC(comedi_default_buf_size_kb,
81 "default asynchronous buffer size in KiB (default "
82 __MODULE_STRING(CONFIG_COMEDI_DEFAULT_BUF_SIZE_KB) ")");
83
84unsigned int comedi_default_buf_maxsize_kb =
85 CONFIG_COMEDI_DEFAULT_BUF_MAXSIZE_KB;
86module_param(comedi_default_buf_maxsize_kb, uint, 0644);
87MODULE_PARM_DESC(comedi_default_buf_maxsize_kb,
88 "default maximum size of asynchronous buffer in KiB (default "
89 __MODULE_STRING(CONFIG_COMEDI_DEFAULT_BUF_MAXSIZE_KB) ")");
90
91static DEFINE_MUTEX(comedi_board_minor_table_lock);
92static struct comedi_device
93*comedi_board_minor_table[COMEDI_NUM_BOARD_MINORS];
94
95static DEFINE_MUTEX(comedi_subdevice_minor_table_lock);
96/* Note: indexed by minor - COMEDI_NUM_BOARD_MINORS. */
97static struct comedi_subdevice
98*comedi_subdevice_minor_table[COMEDI_NUM_SUBDEVICE_MINORS];
99
100static struct class *comedi_class;
101static struct cdev comedi_cdev;
102
103static void comedi_device_init(struct comedi_device *dev)
104{
105 kref_init(&dev->refcount);
106 spin_lock_init(&dev->spinlock);
107 mutex_init(&dev->mutex);
108 init_rwsem(&dev->attach_lock);
109 dev->minor = -1;
110}
111
112static void comedi_dev_kref_release(struct kref *kref)
113{
114 struct comedi_device *dev =
115 container_of(kref, struct comedi_device, refcount);
116
117 mutex_destroy(&dev->mutex);
118 put_device(dev->class_dev);
119 kfree(dev);
120}
121
122/**
123 * comedi_dev_put() - Release a use of a COMEDI device
124 * @dev: COMEDI device.
125 *
126 * Must be called when a user of a COMEDI device is finished with it.
127 * When the last user of the COMEDI device calls this function, the
128 * COMEDI device is destroyed.
129 *
130 * Return: 1 if the COMEDI device is destroyed by this call or @dev is
131 * NULL, otherwise return 0. Callers must not assume the COMEDI
132 * device is still valid if this function returns 0.
133 */
134int comedi_dev_put(struct comedi_device *dev)
135{
136 if (dev)
137 return kref_put(&dev->refcount, comedi_dev_kref_release);
138 return 1;
139}
140EXPORT_SYMBOL_GPL(comedi_dev_put);
141
142static struct comedi_device *comedi_dev_get(struct comedi_device *dev)
143{
144 if (dev)
145 kref_get(&dev->refcount);
146 return dev;
147}
148
149static void comedi_device_cleanup(struct comedi_device *dev)
150{
151 struct module *driver_module = NULL;
152
153 if (!dev)
154 return;
155 mutex_lock(&dev->mutex);
156 if (dev->attached)
157 driver_module = dev->driver->module;
158 comedi_device_detach(dev);
159 if (driver_module && dev->use_count)
160 module_put(driver_module);
161 mutex_unlock(&dev->mutex);
162}
163
164static bool comedi_clear_board_dev(struct comedi_device *dev)
165{
166 unsigned int i = dev->minor;
167 bool cleared = false;
168
169 lockdep_assert_held(&dev->mutex);
170 mutex_lock(&comedi_board_minor_table_lock);
171 if (dev == comedi_board_minor_table[i]) {
172 comedi_board_minor_table[i] = NULL;
173 cleared = true;
174 }
175 mutex_unlock(&comedi_board_minor_table_lock);
176 return cleared;
177}
178
179static struct comedi_device *comedi_clear_board_minor(unsigned int minor)
180{
181 struct comedi_device *dev;
182
183 mutex_lock(&comedi_board_minor_table_lock);
184 dev = comedi_board_minor_table[minor];
185 comedi_board_minor_table[minor] = NULL;
186 mutex_unlock(&comedi_board_minor_table_lock);
187 return dev;
188}
189
190static void comedi_free_board_dev(struct comedi_device *dev)
191{
192 if (dev) {
193 comedi_device_cleanup(dev);
194 if (dev->class_dev) {
195 device_destroy(comedi_class,
196 MKDEV(COMEDI_MAJOR, dev->minor));
197 }
198 comedi_dev_put(dev);
199 }
200}
201
202static struct comedi_subdevice *
203comedi_subdevice_from_minor(const struct comedi_device *dev, unsigned int minor)
204{
205 struct comedi_subdevice *s;
206 unsigned int i = minor - COMEDI_NUM_BOARD_MINORS;
207
208 mutex_lock(&comedi_subdevice_minor_table_lock);
209 s = comedi_subdevice_minor_table[i];
210 if (s && s->device != dev)
211 s = NULL;
212 mutex_unlock(&comedi_subdevice_minor_table_lock);
213 return s;
214}
215
216static struct comedi_device *comedi_dev_get_from_board_minor(unsigned int minor)
217{
218 struct comedi_device *dev;
219
220 mutex_lock(&comedi_board_minor_table_lock);
221 dev = comedi_dev_get(comedi_board_minor_table[minor]);
222 mutex_unlock(&comedi_board_minor_table_lock);
223 return dev;
224}
225
226static struct comedi_device *
227comedi_dev_get_from_subdevice_minor(unsigned int minor)
228{
229 struct comedi_device *dev;
230 struct comedi_subdevice *s;
231 unsigned int i = minor - COMEDI_NUM_BOARD_MINORS;
232
233 mutex_lock(&comedi_subdevice_minor_table_lock);
234 s = comedi_subdevice_minor_table[i];
235 dev = comedi_dev_get(s ? s->device : NULL);
236 mutex_unlock(&comedi_subdevice_minor_table_lock);
237 return dev;
238}
239
240/**
241 * comedi_dev_get_from_minor() - Get COMEDI device by minor device number
242 * @minor: Minor device number.
243 *
244 * Finds the COMEDI device associated with the minor device number, if any,
245 * and increments its reference count. The COMEDI device is prevented from
246 * being freed until a matching call is made to comedi_dev_put().
247 *
248 * Return: A pointer to the COMEDI device if it exists, with its usage
249 * reference incremented. Return NULL if no COMEDI device exists with the
250 * specified minor device number.
251 */
252struct comedi_device *comedi_dev_get_from_minor(unsigned int minor)
253{
254 if (minor < COMEDI_NUM_BOARD_MINORS)
255 return comedi_dev_get_from_board_minor(minor);
256
257 return comedi_dev_get_from_subdevice_minor(minor);
258}
259EXPORT_SYMBOL_GPL(comedi_dev_get_from_minor);
260
261static struct comedi_subdevice *
262comedi_read_subdevice(const struct comedi_device *dev, unsigned int minor)
263{
264 struct comedi_subdevice *s;
265
266 lockdep_assert_held(&dev->mutex);
267 if (minor >= COMEDI_NUM_BOARD_MINORS) {
268 s = comedi_subdevice_from_minor(dev, minor);
269 if (!s || (s->subdev_flags & SDF_CMD_READ))
270 return s;
271 }
272 return dev->read_subdev;
273}
274
275static struct comedi_subdevice *
276comedi_write_subdevice(const struct comedi_device *dev, unsigned int minor)
277{
278 struct comedi_subdevice *s;
279
280 lockdep_assert_held(&dev->mutex);
281 if (minor >= COMEDI_NUM_BOARD_MINORS) {
282 s = comedi_subdevice_from_minor(dev, minor);
283 if (!s || (s->subdev_flags & SDF_CMD_WRITE))
284 return s;
285 }
286 return dev->write_subdev;
287}
288
289static void comedi_file_reset(struct file *file)
290{
291 struct comedi_file *cfp = file->private_data;
292 struct comedi_device *dev = cfp->dev;
293 struct comedi_subdevice *s, *read_s, *write_s;
294 unsigned int minor = iminor(file_inode(file));
295
296 read_s = dev->read_subdev;
297 write_s = dev->write_subdev;
298 if (minor >= COMEDI_NUM_BOARD_MINORS) {
299 s = comedi_subdevice_from_minor(dev, minor);
300 if (!s || s->subdev_flags & SDF_CMD_READ)
301 read_s = s;
302 if (!s || s->subdev_flags & SDF_CMD_WRITE)
303 write_s = s;
304 }
305 cfp->last_attached = dev->attached;
306 cfp->last_detach_count = dev->detach_count;
307 WRITE_ONCE(cfp->read_subdev, read_s);
308 WRITE_ONCE(cfp->write_subdev, write_s);
309}
310
311static void comedi_file_check(struct file *file)
312{
313 struct comedi_file *cfp = file->private_data;
314 struct comedi_device *dev = cfp->dev;
315
316 if (cfp->last_attached != dev->attached ||
317 cfp->last_detach_count != dev->detach_count)
318 comedi_file_reset(file);
319}
320
321static struct comedi_subdevice *comedi_file_read_subdevice(struct file *file)
322{
323 struct comedi_file *cfp = file->private_data;
324
325 comedi_file_check(file);
326 return READ_ONCE(cfp->read_subdev);
327}
328
329static struct comedi_subdevice *comedi_file_write_subdevice(struct file *file)
330{
331 struct comedi_file *cfp = file->private_data;
332
333 comedi_file_check(file);
334 return READ_ONCE(cfp->write_subdev);
335}
336
337static int resize_async_buffer(struct comedi_device *dev,
338 struct comedi_subdevice *s,
339 unsigned int new_size)
340{
341 struct comedi_async *async = s->async;
342 int retval;
343
344 lockdep_assert_held(&dev->mutex);
345
346 if (new_size > async->max_bufsize)
347 return -EPERM;
348
349 if (s->busy) {
350 dev_dbg(dev->class_dev,
351 "subdevice is busy, cannot resize buffer\n");
352 return -EBUSY;
353 }
354 if (comedi_buf_is_mmapped(s)) {
355 dev_dbg(dev->class_dev,
356 "subdevice is mmapped, cannot resize buffer\n");
357 return -EBUSY;
358 }
359
360 /* make sure buffer is an integral number of pages (we round up) */
361 new_size = (new_size + PAGE_SIZE - 1) & PAGE_MASK;
362
363 retval = comedi_buf_alloc(dev, s, new_size);
364 if (retval < 0)
365 return retval;
366
367 if (s->buf_change) {
368 retval = s->buf_change(dev, s);
369 if (retval < 0)
370 return retval;
371 }
372
373 dev_dbg(dev->class_dev, "subd %d buffer resized to %i bytes\n",
374 s->index, async->prealloc_bufsz);
375 return 0;
376}
377
378/* sysfs attribute files */
379
380static ssize_t max_read_buffer_kb_show(struct device *csdev,
381 struct device_attribute *attr, char *buf)
382{
383 unsigned int minor = MINOR(csdev->devt);
384 struct comedi_device *dev;
385 struct comedi_subdevice *s;
386 unsigned int size = 0;
387
388 dev = comedi_dev_get_from_minor(minor);
389 if (!dev)
390 return -ENODEV;
391
392 mutex_lock(&dev->mutex);
393 s = comedi_read_subdevice(dev, minor);
394 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async)
395 size = s->async->max_bufsize / 1024;
396 mutex_unlock(&dev->mutex);
397
398 comedi_dev_put(dev);
399 return sysfs_emit(buf, "%u\n", size);
400}
401
402static ssize_t max_read_buffer_kb_store(struct device *csdev,
403 struct device_attribute *attr,
404 const char *buf, size_t count)
405{
406 unsigned int minor = MINOR(csdev->devt);
407 struct comedi_device *dev;
408 struct comedi_subdevice *s;
409 unsigned int size;
410 int err;
411
412 err = kstrtouint(buf, 10, &size);
413 if (err)
414 return err;
415 if (size > (UINT_MAX / 1024))
416 return -EINVAL;
417 size *= 1024;
418
419 dev = comedi_dev_get_from_minor(minor);
420 if (!dev)
421 return -ENODEV;
422
423 mutex_lock(&dev->mutex);
424 s = comedi_read_subdevice(dev, minor);
425 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async)
426 s->async->max_bufsize = size;
427 else
428 err = -EINVAL;
429 mutex_unlock(&dev->mutex);
430
431 comedi_dev_put(dev);
432 return err ? err : count;
433}
434static DEVICE_ATTR_RW(max_read_buffer_kb);
435
436static ssize_t read_buffer_kb_show(struct device *csdev,
437 struct device_attribute *attr, char *buf)
438{
439 unsigned int minor = MINOR(csdev->devt);
440 struct comedi_device *dev;
441 struct comedi_subdevice *s;
442 unsigned int size = 0;
443
444 dev = comedi_dev_get_from_minor(minor);
445 if (!dev)
446 return -ENODEV;
447
448 mutex_lock(&dev->mutex);
449 s = comedi_read_subdevice(dev, minor);
450 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async)
451 size = s->async->prealloc_bufsz / 1024;
452 mutex_unlock(&dev->mutex);
453
454 comedi_dev_put(dev);
455 return sysfs_emit(buf, "%u\n", size);
456}
457
458static ssize_t read_buffer_kb_store(struct device *csdev,
459 struct device_attribute *attr,
460 const char *buf, size_t count)
461{
462 unsigned int minor = MINOR(csdev->devt);
463 struct comedi_device *dev;
464 struct comedi_subdevice *s;
465 unsigned int size;
466 int err;
467
468 err = kstrtouint(buf, 10, &size);
469 if (err)
470 return err;
471 if (size > (UINT_MAX / 1024))
472 return -EINVAL;
473 size *= 1024;
474
475 dev = comedi_dev_get_from_minor(minor);
476 if (!dev)
477 return -ENODEV;
478
479 mutex_lock(&dev->mutex);
480 s = comedi_read_subdevice(dev, minor);
481 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async)
482 err = resize_async_buffer(dev, s, size);
483 else
484 err = -EINVAL;
485 mutex_unlock(&dev->mutex);
486
487 comedi_dev_put(dev);
488 return err ? err : count;
489}
490static DEVICE_ATTR_RW(read_buffer_kb);
491
492static ssize_t max_write_buffer_kb_show(struct device *csdev,
493 struct device_attribute *attr,
494 char *buf)
495{
496 unsigned int minor = MINOR(csdev->devt);
497 struct comedi_device *dev;
498 struct comedi_subdevice *s;
499 unsigned int size = 0;
500
501 dev = comedi_dev_get_from_minor(minor);
502 if (!dev)
503 return -ENODEV;
504
505 mutex_lock(&dev->mutex);
506 s = comedi_write_subdevice(dev, minor);
507 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async)
508 size = s->async->max_bufsize / 1024;
509 mutex_unlock(&dev->mutex);
510
511 comedi_dev_put(dev);
512 return sysfs_emit(buf, "%u\n", size);
513}
514
515static ssize_t max_write_buffer_kb_store(struct device *csdev,
516 struct device_attribute *attr,
517 const char *buf, size_t count)
518{
519 unsigned int minor = MINOR(csdev->devt);
520 struct comedi_device *dev;
521 struct comedi_subdevice *s;
522 unsigned int size;
523 int err;
524
525 err = kstrtouint(buf, 10, &size);
526 if (err)
527 return err;
528 if (size > (UINT_MAX / 1024))
529 return -EINVAL;
530 size *= 1024;
531
532 dev = comedi_dev_get_from_minor(minor);
533 if (!dev)
534 return -ENODEV;
535
536 mutex_lock(&dev->mutex);
537 s = comedi_write_subdevice(dev, minor);
538 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async)
539 s->async->max_bufsize = size;
540 else
541 err = -EINVAL;
542 mutex_unlock(&dev->mutex);
543
544 comedi_dev_put(dev);
545 return err ? err : count;
546}
547static DEVICE_ATTR_RW(max_write_buffer_kb);
548
549static ssize_t write_buffer_kb_show(struct device *csdev,
550 struct device_attribute *attr, char *buf)
551{
552 unsigned int minor = MINOR(csdev->devt);
553 struct comedi_device *dev;
554 struct comedi_subdevice *s;
555 unsigned int size = 0;
556
557 dev = comedi_dev_get_from_minor(minor);
558 if (!dev)
559 return -ENODEV;
560
561 mutex_lock(&dev->mutex);
562 s = comedi_write_subdevice(dev, minor);
563 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async)
564 size = s->async->prealloc_bufsz / 1024;
565 mutex_unlock(&dev->mutex);
566
567 comedi_dev_put(dev);
568 return sysfs_emit(buf, "%u\n", size);
569}
570
571static ssize_t write_buffer_kb_store(struct device *csdev,
572 struct device_attribute *attr,
573 const char *buf, size_t count)
574{
575 unsigned int minor = MINOR(csdev->devt);
576 struct comedi_device *dev;
577 struct comedi_subdevice *s;
578 unsigned int size;
579 int err;
580
581 err = kstrtouint(buf, 10, &size);
582 if (err)
583 return err;
584 if (size > (UINT_MAX / 1024))
585 return -EINVAL;
586 size *= 1024;
587
588 dev = comedi_dev_get_from_minor(minor);
589 if (!dev)
590 return -ENODEV;
591
592 mutex_lock(&dev->mutex);
593 s = comedi_write_subdevice(dev, minor);
594 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async)
595 err = resize_async_buffer(dev, s, size);
596 else
597 err = -EINVAL;
598 mutex_unlock(&dev->mutex);
599
600 comedi_dev_put(dev);
601 return err ? err : count;
602}
603static DEVICE_ATTR_RW(write_buffer_kb);
604
605static struct attribute *comedi_dev_attrs[] = {
606 &dev_attr_max_read_buffer_kb.attr,
607 &dev_attr_read_buffer_kb.attr,
608 &dev_attr_max_write_buffer_kb.attr,
609 &dev_attr_write_buffer_kb.attr,
610 NULL,
611};
612ATTRIBUTE_GROUPS(comedi_dev);
613
614static void __comedi_clear_subdevice_runflags(struct comedi_subdevice *s,
615 unsigned int bits)
616{
617 s->runflags &= ~bits;
618}
619
620static void __comedi_set_subdevice_runflags(struct comedi_subdevice *s,
621 unsigned int bits)
622{
623 s->runflags |= bits;
624}
625
626static void comedi_update_subdevice_runflags(struct comedi_subdevice *s,
627 unsigned int mask,
628 unsigned int bits)
629{
630 unsigned long flags;
631
632 spin_lock_irqsave(&s->spin_lock, flags);
633 __comedi_clear_subdevice_runflags(s, mask);
634 __comedi_set_subdevice_runflags(s, bits & mask);
635 spin_unlock_irqrestore(&s->spin_lock, flags);
636}
637
638static unsigned int __comedi_get_subdevice_runflags(struct comedi_subdevice *s)
639{
640 return s->runflags;
641}
642
643static unsigned int comedi_get_subdevice_runflags(struct comedi_subdevice *s)
644{
645 unsigned long flags;
646 unsigned int runflags;
647
648 spin_lock_irqsave(&s->spin_lock, flags);
649 runflags = __comedi_get_subdevice_runflags(s);
650 spin_unlock_irqrestore(&s->spin_lock, flags);
651 return runflags;
652}
653
654static bool comedi_is_runflags_running(unsigned int runflags)
655{
656 return runflags & COMEDI_SRF_RUNNING;
657}
658
659static bool comedi_is_runflags_in_error(unsigned int runflags)
660{
661 return runflags & COMEDI_SRF_ERROR;
662}
663
664/**
665 * comedi_is_subdevice_running() - Check if async command running on subdevice
666 * @s: COMEDI subdevice.
667 *
668 * Return: %true if an asynchronous COMEDI command is active on the
669 * subdevice, else %false.
670 */
671bool comedi_is_subdevice_running(struct comedi_subdevice *s)
672{
673 unsigned int runflags = comedi_get_subdevice_runflags(s);
674
675 return comedi_is_runflags_running(runflags);
676}
677EXPORT_SYMBOL_GPL(comedi_is_subdevice_running);
678
679static bool __comedi_is_subdevice_running(struct comedi_subdevice *s)
680{
681 unsigned int runflags = __comedi_get_subdevice_runflags(s);
682
683 return comedi_is_runflags_running(runflags);
684}
685
686bool comedi_can_auto_free_spriv(struct comedi_subdevice *s)
687{
688 unsigned int runflags = __comedi_get_subdevice_runflags(s);
689
690 return runflags & COMEDI_SRF_FREE_SPRIV;
691}
692
693/**
694 * comedi_set_spriv_auto_free() - Mark subdevice private data as freeable
695 * @s: COMEDI subdevice.
696 *
697 * Mark the subdevice as having a pointer to private data that can be
698 * automatically freed when the COMEDI device is detached from the low-level
699 * driver.
700 */
701void comedi_set_spriv_auto_free(struct comedi_subdevice *s)
702{
703 __comedi_set_subdevice_runflags(s, COMEDI_SRF_FREE_SPRIV);
704}
705EXPORT_SYMBOL_GPL(comedi_set_spriv_auto_free);
706
707/**
708 * comedi_alloc_spriv - Allocate memory for the subdevice private data
709 * @s: COMEDI subdevice.
710 * @size: Size of the memory to allocate.
711 *
712 * Allocate memory for the subdevice private data and point @s->private
713 * to it. The memory will be freed automatically when the COMEDI device
714 * is detached from the low-level driver.
715 *
716 * Return: A pointer to the allocated memory @s->private on success.
717 * Return NULL on failure.
718 */
719void *comedi_alloc_spriv(struct comedi_subdevice *s, size_t size)
720{
721 s->private = kzalloc(size, GFP_KERNEL);
722 if (s->private)
723 comedi_set_spriv_auto_free(s);
724 return s->private;
725}
726EXPORT_SYMBOL_GPL(comedi_alloc_spriv);
727
728/*
729 * This function restores a subdevice to an idle state.
730 */
731static void do_become_nonbusy(struct comedi_device *dev,
732 struct comedi_subdevice *s)
733{
734 struct comedi_async *async = s->async;
735
736 lockdep_assert_held(&dev->mutex);
737 comedi_update_subdevice_runflags(s, COMEDI_SRF_RUNNING, 0);
738 if (async) {
739 comedi_buf_reset(s);
740 async->inttrig = NULL;
741 kfree(async->cmd.chanlist);
742 async->cmd.chanlist = NULL;
743 s->busy = NULL;
744 wake_up_interruptible_all(&async->wait_head);
745 } else {
746 dev_err(dev->class_dev,
747 "BUG: (?) %s called with async=NULL\n", __func__);
748 s->busy = NULL;
749 }
750}
751
752static int do_cancel(struct comedi_device *dev, struct comedi_subdevice *s)
753{
754 int ret = 0;
755
756 lockdep_assert_held(&dev->mutex);
757 if (comedi_is_subdevice_running(s) && s->cancel)
758 ret = s->cancel(dev, s);
759
760 do_become_nonbusy(dev, s);
761
762 return ret;
763}
764
765void comedi_device_cancel_all(struct comedi_device *dev)
766{
767 struct comedi_subdevice *s;
768 int i;
769
770 lockdep_assert_held(&dev->mutex);
771 if (!dev->attached)
772 return;
773
774 for (i = 0; i < dev->n_subdevices; i++) {
775 s = &dev->subdevices[i];
776 if (s->async)
777 do_cancel(dev, s);
778 }
779}
780
781static int is_device_busy(struct comedi_device *dev)
782{
783 struct comedi_subdevice *s;
784 int i;
785
786 lockdep_assert_held(&dev->mutex);
787 if (!dev->attached)
788 return 0;
789
790 for (i = 0; i < dev->n_subdevices; i++) {
791 s = &dev->subdevices[i];
792 if (s->busy)
793 return 1;
794 if (s->async && comedi_buf_is_mmapped(s))
795 return 1;
796 }
797
798 return 0;
799}
800
801/*
802 * COMEDI_DEVCONFIG ioctl
803 * attaches (and configures) or detaches a legacy device
804 *
805 * arg:
806 * pointer to comedi_devconfig structure (NULL if detaching)
807 *
808 * reads:
809 * comedi_devconfig structure (if attaching)
810 *
811 * writes:
812 * nothing
813 */
814static int do_devconfig_ioctl(struct comedi_device *dev,
815 struct comedi_devconfig __user *arg)
816{
817 struct comedi_devconfig it;
818
819 lockdep_assert_held(&dev->mutex);
820 if (!capable(CAP_SYS_ADMIN))
821 return -EPERM;
822
823 if (!arg) {
824 if (is_device_busy(dev))
825 return -EBUSY;
826 if (dev->attached) {
827 struct module *driver_module = dev->driver->module;
828
829 comedi_device_detach(dev);
830 module_put(driver_module);
831 }
832 return 0;
833 }
834
835 if (copy_from_user(&it, arg, sizeof(it)))
836 return -EFAULT;
837
838 it.board_name[COMEDI_NAMELEN - 1] = 0;
839
840 if (it.options[COMEDI_DEVCONF_AUX_DATA_LENGTH]) {
841 dev_warn(dev->class_dev,
842 "comedi_config --init_data is deprecated\n");
843 return -EINVAL;
844 }
845
846 if (dev->minor >= comedi_num_legacy_minors)
847 /* don't re-use dynamically allocated comedi devices */
848 return -EBUSY;
849
850 /* This increments the driver module count on success. */
851 return comedi_device_attach(dev, &it);
852}
853
854/*
855 * COMEDI_BUFCONFIG ioctl
856 * buffer configuration
857 *
858 * arg:
859 * pointer to comedi_bufconfig structure
860 *
861 * reads:
862 * comedi_bufconfig structure
863 *
864 * writes:
865 * modified comedi_bufconfig structure
866 */
867static int do_bufconfig_ioctl(struct comedi_device *dev,
868 struct comedi_bufconfig __user *arg)
869{
870 struct comedi_bufconfig bc;
871 struct comedi_async *async;
872 struct comedi_subdevice *s;
873 int retval = 0;
874
875 lockdep_assert_held(&dev->mutex);
876 if (copy_from_user(&bc, arg, sizeof(bc)))
877 return -EFAULT;
878
879 if (bc.subdevice >= dev->n_subdevices)
880 return -EINVAL;
881
882 s = &dev->subdevices[bc.subdevice];
883 async = s->async;
884
885 if (!async) {
886 dev_dbg(dev->class_dev,
887 "subdevice does not have async capability\n");
888 bc.size = 0;
889 bc.maximum_size = 0;
890 goto copyback;
891 }
892
893 if (bc.maximum_size) {
894 if (!capable(CAP_SYS_ADMIN))
895 return -EPERM;
896
897 async->max_bufsize = bc.maximum_size;
898 }
899
900 if (bc.size) {
901 retval = resize_async_buffer(dev, s, bc.size);
902 if (retval < 0)
903 return retval;
904 }
905
906 bc.size = async->prealloc_bufsz;
907 bc.maximum_size = async->max_bufsize;
908
909copyback:
910 if (copy_to_user(arg, &bc, sizeof(bc)))
911 return -EFAULT;
912
913 return 0;
914}
915
916/*
917 * COMEDI_DEVINFO ioctl
918 * device info
919 *
920 * arg:
921 * pointer to comedi_devinfo structure
922 *
923 * reads:
924 * nothing
925 *
926 * writes:
927 * comedi_devinfo structure
928 */
929static int do_devinfo_ioctl(struct comedi_device *dev,
930 struct comedi_devinfo __user *arg,
931 struct file *file)
932{
933 struct comedi_subdevice *s;
934 struct comedi_devinfo devinfo;
935
936 lockdep_assert_held(&dev->mutex);
937 memset(&devinfo, 0, sizeof(devinfo));
938
939 /* fill devinfo structure */
940 devinfo.version_code = COMEDI_VERSION_CODE;
941 devinfo.n_subdevs = dev->n_subdevices;
942 strscpy(devinfo.driver_name, dev->driver->driver_name, COMEDI_NAMELEN);
943 strscpy(devinfo.board_name, dev->board_name, COMEDI_NAMELEN);
944
945 s = comedi_file_read_subdevice(file);
946 if (s)
947 devinfo.read_subdevice = s->index;
948 else
949 devinfo.read_subdevice = -1;
950
951 s = comedi_file_write_subdevice(file);
952 if (s)
953 devinfo.write_subdevice = s->index;
954 else
955 devinfo.write_subdevice = -1;
956
957 if (copy_to_user(arg, &devinfo, sizeof(devinfo)))
958 return -EFAULT;
959
960 return 0;
961}
962
963/*
964 * COMEDI_SUBDINFO ioctl
965 * subdevices info
966 *
967 * arg:
968 * pointer to array of comedi_subdinfo structures
969 *
970 * reads:
971 * nothing
972 *
973 * writes:
974 * array of comedi_subdinfo structures
975 */
976static int do_subdinfo_ioctl(struct comedi_device *dev,
977 struct comedi_subdinfo __user *arg, void *file)
978{
979 int ret, i;
980 struct comedi_subdinfo *tmp, *us;
981 struct comedi_subdevice *s;
982
983 lockdep_assert_held(&dev->mutex);
984 tmp = kcalloc(dev->n_subdevices, sizeof(*tmp), GFP_KERNEL);
985 if (!tmp)
986 return -ENOMEM;
987
988 /* fill subdinfo structs */
989 for (i = 0; i < dev->n_subdevices; i++) {
990 s = &dev->subdevices[i];
991 us = tmp + i;
992
993 us->type = s->type;
994 us->n_chan = s->n_chan;
995 us->subd_flags = s->subdev_flags;
996 if (comedi_is_subdevice_running(s))
997 us->subd_flags |= SDF_RUNNING;
998#define TIMER_nanosec 5 /* backwards compatibility */
999 us->timer_type = TIMER_nanosec;
1000 us->len_chanlist = s->len_chanlist;
1001 us->maxdata = s->maxdata;
1002 if (s->range_table) {
1003 us->range_type =
1004 (i << 24) | (0 << 16) | (s->range_table->length);
1005 } else {
1006 us->range_type = 0; /* XXX */
1007 }
1008
1009 if (s->busy)
1010 us->subd_flags |= SDF_BUSY;
1011 if (s->busy == file)
1012 us->subd_flags |= SDF_BUSY_OWNER;
1013 if (s->lock)
1014 us->subd_flags |= SDF_LOCKED;
1015 if (s->lock == file)
1016 us->subd_flags |= SDF_LOCK_OWNER;
1017 if (!s->maxdata && s->maxdata_list)
1018 us->subd_flags |= SDF_MAXDATA;
1019 if (s->range_table_list)
1020 us->subd_flags |= SDF_RANGETYPE;
1021 if (s->do_cmd)
1022 us->subd_flags |= SDF_CMD;
1023
1024 if (s->insn_bits != &insn_inval)
1025 us->insn_bits_support = COMEDI_SUPPORTED;
1026 else
1027 us->insn_bits_support = COMEDI_UNSUPPORTED;
1028 }
1029
1030 ret = copy_to_user(arg, tmp, dev->n_subdevices * sizeof(*tmp));
1031
1032 kfree(tmp);
1033
1034 return ret ? -EFAULT : 0;
1035}
1036
1037/*
1038 * COMEDI_CHANINFO ioctl
1039 * subdevice channel info
1040 *
1041 * arg:
1042 * pointer to comedi_chaninfo structure
1043 *
1044 * reads:
1045 * comedi_chaninfo structure
1046 *
1047 * writes:
1048 * array of maxdata values to chaninfo->maxdata_list if requested
1049 * array of range table lengths to chaninfo->range_table_list if requested
1050 */
1051static int do_chaninfo_ioctl(struct comedi_device *dev,
1052 struct comedi_chaninfo *it)
1053{
1054 struct comedi_subdevice *s;
1055
1056 lockdep_assert_held(&dev->mutex);
1057
1058 if (it->subdev >= dev->n_subdevices)
1059 return -EINVAL;
1060 s = &dev->subdevices[it->subdev];
1061
1062 if (it->maxdata_list) {
1063 if (s->maxdata || !s->maxdata_list)
1064 return -EINVAL;
1065 if (copy_to_user(it->maxdata_list, s->maxdata_list,
1066 s->n_chan * sizeof(unsigned int)))
1067 return -EFAULT;
1068 }
1069
1070 if (it->flaglist)
1071 return -EINVAL; /* flaglist not supported */
1072
1073 if (it->rangelist) {
1074 int i;
1075
1076 if (!s->range_table_list)
1077 return -EINVAL;
1078 for (i = 0; i < s->n_chan; i++) {
1079 int x;
1080
1081 x = (dev->minor << 28) | (it->subdev << 24) | (i << 16) |
1082 (s->range_table_list[i]->length);
1083 if (put_user(x, it->rangelist + i))
1084 return -EFAULT;
1085 }
1086 }
1087
1088 return 0;
1089}
1090
1091/*
1092 * COMEDI_BUFINFO ioctl
1093 * buffer information
1094 *
1095 * arg:
1096 * pointer to comedi_bufinfo structure
1097 *
1098 * reads:
1099 * comedi_bufinfo structure
1100 *
1101 * writes:
1102 * modified comedi_bufinfo structure
1103 */
1104static int do_bufinfo_ioctl(struct comedi_device *dev,
1105 struct comedi_bufinfo __user *arg, void *file)
1106{
1107 struct comedi_bufinfo bi;
1108 struct comedi_subdevice *s;
1109 struct comedi_async *async;
1110 unsigned int runflags;
1111 int retval = 0;
1112 bool become_nonbusy = false;
1113
1114 lockdep_assert_held(&dev->mutex);
1115 if (copy_from_user(&bi, arg, sizeof(bi)))
1116 return -EFAULT;
1117
1118 if (bi.subdevice >= dev->n_subdevices)
1119 return -EINVAL;
1120
1121 s = &dev->subdevices[bi.subdevice];
1122
1123 async = s->async;
1124
1125 if (!async || s->busy != file)
1126 return -EINVAL;
1127
1128 runflags = comedi_get_subdevice_runflags(s);
1129 if (!(async->cmd.flags & CMDF_WRITE)) {
1130 /* command was set up in "read" direction */
1131 if (bi.bytes_read) {
1132 comedi_buf_read_alloc(s, bi.bytes_read);
1133 bi.bytes_read = comedi_buf_read_free(s, bi.bytes_read);
1134 }
1135 /*
1136 * If nothing left to read, and command has stopped, and
1137 * {"read" position not updated or command stopped normally},
1138 * then become non-busy.
1139 */
1140 if (comedi_buf_read_n_available(s) == 0 &&
1141 !comedi_is_runflags_running(runflags) &&
1142 (bi.bytes_read == 0 ||
1143 !comedi_is_runflags_in_error(runflags))) {
1144 become_nonbusy = true;
1145 if (comedi_is_runflags_in_error(runflags))
1146 retval = -EPIPE;
1147 }
1148 bi.bytes_written = 0;
1149 } else {
1150 /* command was set up in "write" direction */
1151 if (!comedi_is_runflags_running(runflags)) {
1152 bi.bytes_written = 0;
1153 become_nonbusy = true;
1154 if (comedi_is_runflags_in_error(runflags))
1155 retval = -EPIPE;
1156 } else if (bi.bytes_written) {
1157 comedi_buf_write_alloc(s, bi.bytes_written);
1158 bi.bytes_written =
1159 comedi_buf_write_free(s, bi.bytes_written);
1160 }
1161 bi.bytes_read = 0;
1162 }
1163
1164 bi.buf_write_count = async->buf_write_count;
1165 bi.buf_write_ptr = async->buf_write_ptr;
1166 bi.buf_read_count = async->buf_read_count;
1167 bi.buf_read_ptr = async->buf_read_ptr;
1168
1169 if (become_nonbusy)
1170 do_become_nonbusy(dev, s);
1171
1172 if (retval)
1173 return retval;
1174
1175 if (copy_to_user(arg, &bi, sizeof(bi)))
1176 return -EFAULT;
1177
1178 return 0;
1179}
1180
1181static int check_insn_config_length(struct comedi_insn *insn,
1182 unsigned int *data)
1183{
1184 if (insn->n < 1)
1185 return -EINVAL;
1186
1187 switch (data[0]) {
1188 case INSN_CONFIG_DIO_OUTPUT:
1189 case INSN_CONFIG_DIO_INPUT:
1190 case INSN_CONFIG_DISARM:
1191 case INSN_CONFIG_RESET:
1192 if (insn->n == 1)
1193 return 0;
1194 break;
1195 case INSN_CONFIG_ARM:
1196 case INSN_CONFIG_DIO_QUERY:
1197 case INSN_CONFIG_BLOCK_SIZE:
1198 case INSN_CONFIG_FILTER:
1199 case INSN_CONFIG_SERIAL_CLOCK:
1200 case INSN_CONFIG_BIDIRECTIONAL_DATA:
1201 case INSN_CONFIG_ALT_SOURCE:
1202 case INSN_CONFIG_SET_COUNTER_MODE:
1203 case INSN_CONFIG_8254_READ_STATUS:
1204 case INSN_CONFIG_SET_ROUTING:
1205 case INSN_CONFIG_GET_ROUTING:
1206 case INSN_CONFIG_GET_PWM_STATUS:
1207 case INSN_CONFIG_PWM_SET_PERIOD:
1208 case INSN_CONFIG_PWM_GET_PERIOD:
1209 if (insn->n == 2)
1210 return 0;
1211 break;
1212 case INSN_CONFIG_SET_GATE_SRC:
1213 case INSN_CONFIG_GET_GATE_SRC:
1214 case INSN_CONFIG_SET_CLOCK_SRC:
1215 case INSN_CONFIG_GET_CLOCK_SRC:
1216 case INSN_CONFIG_SET_OTHER_SRC:
1217 case INSN_CONFIG_GET_COUNTER_STATUS:
1218 case INSN_CONFIG_PWM_SET_H_BRIDGE:
1219 case INSN_CONFIG_PWM_GET_H_BRIDGE:
1220 case INSN_CONFIG_GET_HARDWARE_BUFFER_SIZE:
1221 if (insn->n == 3)
1222 return 0;
1223 break;
1224 case INSN_CONFIG_PWM_OUTPUT:
1225 case INSN_CONFIG_ANALOG_TRIG:
1226 case INSN_CONFIG_TIMER_1:
1227 if (insn->n == 5)
1228 return 0;
1229 break;
1230 case INSN_CONFIG_DIGITAL_TRIG:
1231 if (insn->n == 6)
1232 return 0;
1233 break;
1234 case INSN_CONFIG_GET_CMD_TIMING_CONSTRAINTS:
1235 if (insn->n >= 4)
1236 return 0;
1237 break;
1238 /*
1239 * by default we allow the insn since we don't have checks for
1240 * all possible cases yet
1241 */
1242 default:
1243 pr_warn("No check for data length of config insn id %i is implemented\n",
1244 data[0]);
1245 pr_warn("Add a check to %s in %s\n", __func__, __FILE__);
1246 pr_warn("Assuming n=%i is correct\n", insn->n);
1247 return 0;
1248 }
1249 return -EINVAL;
1250}
1251
1252static int check_insn_device_config_length(struct comedi_insn *insn,
1253 unsigned int *data)
1254{
1255 if (insn->n < 1)
1256 return -EINVAL;
1257
1258 switch (data[0]) {
1259 case INSN_DEVICE_CONFIG_TEST_ROUTE:
1260 case INSN_DEVICE_CONFIG_CONNECT_ROUTE:
1261 case INSN_DEVICE_CONFIG_DISCONNECT_ROUTE:
1262 if (insn->n == 3)
1263 return 0;
1264 break;
1265 case INSN_DEVICE_CONFIG_GET_ROUTES:
1266 /*
1267 * Big enough for config_id and the length of the userland
1268 * memory buffer. Additional length should be in factors of 2
1269 * to communicate any returned route pairs (source,destination).
1270 */
1271 if (insn->n >= 2)
1272 return 0;
1273 break;
1274 }
1275 return -EINVAL;
1276}
1277
1278/**
1279 * get_valid_routes() - Calls low-level driver get_valid_routes function to
1280 * either return a count of valid routes to user, or copy
1281 * of list of all valid device routes to buffer in
1282 * userspace.
1283 * @dev: comedi device pointer
1284 * @data: data from user insn call. The length of the data must be >= 2.
1285 * data[0] must contain the INSN_DEVICE_CONFIG config_id.
1286 * data[1](input) contains the number of _pairs_ for which memory is
1287 * allotted from the user. If the user specifies '0', then only
1288 * the number of pairs available is returned.
1289 * data[1](output) returns either the number of pairs available (if none
1290 * where requested) or the number of _pairs_ that are copied back
1291 * to the user.
1292 * data[2::2] returns each (source, destination) pair.
1293 *
1294 * Return: -EINVAL if low-level driver does not allocate and return routes as
1295 * expected. Returns 0 otherwise.
1296 */
1297static int get_valid_routes(struct comedi_device *dev, unsigned int *data)
1298{
1299 lockdep_assert_held(&dev->mutex);
1300 data[1] = dev->get_valid_routes(dev, data[1], data + 2);
1301 return 0;
1302}
1303
1304static int parse_insn(struct comedi_device *dev, struct comedi_insn *insn,
1305 unsigned int *data, void *file)
1306{
1307 struct comedi_subdevice *s;
1308 int ret = 0;
1309 int i;
1310
1311 lockdep_assert_held(&dev->mutex);
1312 if (insn->insn & INSN_MASK_SPECIAL) {
1313 /* a non-subdevice instruction */
1314
1315 switch (insn->insn) {
1316 case INSN_GTOD:
1317 {
1318 struct timespec64 tv;
1319
1320 if (insn->n != 2) {
1321 ret = -EINVAL;
1322 break;
1323 }
1324
1325 ktime_get_real_ts64(&tv);
1326 /* unsigned data safe until 2106 */
1327 data[0] = (unsigned int)tv.tv_sec;
1328 data[1] = tv.tv_nsec / NSEC_PER_USEC;
1329 ret = 2;
1330
1331 break;
1332 }
1333 case INSN_WAIT:
1334 if (insn->n != 1 || data[0] >= 100000) {
1335 ret = -EINVAL;
1336 break;
1337 }
1338 udelay(data[0] / 1000);
1339 ret = 1;
1340 break;
1341 case INSN_INTTRIG:
1342 if (insn->n != 1) {
1343 ret = -EINVAL;
1344 break;
1345 }
1346 if (insn->subdev >= dev->n_subdevices) {
1347 dev_dbg(dev->class_dev,
1348 "%d not usable subdevice\n",
1349 insn->subdev);
1350 ret = -EINVAL;
1351 break;
1352 }
1353 s = &dev->subdevices[insn->subdev];
1354 if (!s->async) {
1355 dev_dbg(dev->class_dev, "no async\n");
1356 ret = -EINVAL;
1357 break;
1358 }
1359 if (!s->async->inttrig) {
1360 dev_dbg(dev->class_dev, "no inttrig\n");
1361 ret = -EAGAIN;
1362 break;
1363 }
1364 ret = s->async->inttrig(dev, s, data[0]);
1365 if (ret >= 0)
1366 ret = 1;
1367 break;
1368 case INSN_DEVICE_CONFIG:
1369 ret = check_insn_device_config_length(insn, data);
1370 if (ret)
1371 break;
1372
1373 if (data[0] == INSN_DEVICE_CONFIG_GET_ROUTES) {
1374 /*
1375 * data[1] should be the number of _pairs_ that
1376 * the memory can hold.
1377 */
1378 data[1] = (insn->n - 2) / 2;
1379 ret = get_valid_routes(dev, data);
1380 break;
1381 }
1382
1383 /* other global device config instructions. */
1384 ret = dev->insn_device_config(dev, insn, data);
1385 break;
1386 default:
1387 dev_dbg(dev->class_dev, "invalid insn\n");
1388 ret = -EINVAL;
1389 break;
1390 }
1391 } else {
1392 /* a subdevice instruction */
1393 unsigned int maxdata;
1394
1395 if (insn->subdev >= dev->n_subdevices) {
1396 dev_dbg(dev->class_dev, "subdevice %d out of range\n",
1397 insn->subdev);
1398 ret = -EINVAL;
1399 goto out;
1400 }
1401 s = &dev->subdevices[insn->subdev];
1402
1403 if (s->type == COMEDI_SUBD_UNUSED) {
1404 dev_dbg(dev->class_dev, "%d not usable subdevice\n",
1405 insn->subdev);
1406 ret = -EIO;
1407 goto out;
1408 }
1409
1410 /* are we locked? (ioctl lock) */
1411 if (s->lock && s->lock != file) {
1412 dev_dbg(dev->class_dev, "device locked\n");
1413 ret = -EACCES;
1414 goto out;
1415 }
1416
1417 ret = comedi_check_chanlist(s, 1, &insn->chanspec);
1418 if (ret < 0) {
1419 ret = -EINVAL;
1420 dev_dbg(dev->class_dev, "bad chanspec\n");
1421 goto out;
1422 }
1423
1424 if (s->busy) {
1425 ret = -EBUSY;
1426 goto out;
1427 }
1428 /* This looks arbitrary. It is. */
1429 s->busy = parse_insn;
1430 switch (insn->insn) {
1431 case INSN_READ:
1432 ret = s->insn_read(dev, s, insn, data);
1433 if (ret == -ETIMEDOUT) {
1434 dev_dbg(dev->class_dev,
1435 "subdevice %d read instruction timed out\n",
1436 s->index);
1437 }
1438 break;
1439 case INSN_WRITE:
1440 maxdata = s->maxdata_list
1441 ? s->maxdata_list[CR_CHAN(insn->chanspec)]
1442 : s->maxdata;
1443 for (i = 0; i < insn->n; ++i) {
1444 if (data[i] > maxdata) {
1445 ret = -EINVAL;
1446 dev_dbg(dev->class_dev,
1447 "bad data value(s)\n");
1448 break;
1449 }
1450 }
1451 if (ret == 0) {
1452 ret = s->insn_write(dev, s, insn, data);
1453 if (ret == -ETIMEDOUT) {
1454 dev_dbg(dev->class_dev,
1455 "subdevice %d write instruction timed out\n",
1456 s->index);
1457 }
1458 }
1459 break;
1460 case INSN_BITS:
1461 if (insn->n != 2) {
1462 ret = -EINVAL;
1463 } else {
1464 /*
1465 * Most drivers ignore the base channel in
1466 * insn->chanspec. Fix this here if
1467 * the subdevice has <= 32 channels.
1468 */
1469 unsigned int orig_mask = data[0];
1470 unsigned int shift = 0;
1471
1472 if (s->n_chan <= 32) {
1473 shift = CR_CHAN(insn->chanspec);
1474 if (shift > 0) {
1475 insn->chanspec = 0;
1476 data[0] <<= shift;
1477 data[1] <<= shift;
1478 }
1479 }
1480 ret = s->insn_bits(dev, s, insn, data);
1481 data[0] = orig_mask;
1482 if (shift > 0)
1483 data[1] >>= shift;
1484 }
1485 break;
1486 case INSN_CONFIG:
1487 ret = check_insn_config_length(insn, data);
1488 if (ret)
1489 break;
1490 ret = s->insn_config(dev, s, insn, data);
1491 break;
1492 default:
1493 ret = -EINVAL;
1494 break;
1495 }
1496
1497 s->busy = NULL;
1498 }
1499
1500out:
1501 return ret;
1502}
1503
1504/*
1505 * COMEDI_INSNLIST ioctl
1506 * synchronous instruction list
1507 *
1508 * arg:
1509 * pointer to comedi_insnlist structure
1510 *
1511 * reads:
1512 * comedi_insnlist structure
1513 * array of comedi_insn structures from insnlist->insns pointer
1514 * data (for writes) from insns[].data pointers
1515 *
1516 * writes:
1517 * data (for reads) to insns[].data pointers
1518 */
1519/* arbitrary limits */
1520#define MIN_SAMPLES 16
1521#define MAX_SAMPLES 65536
1522static int do_insnlist_ioctl(struct comedi_device *dev,
1523 struct comedi_insn *insns,
1524 unsigned int n_insns,
1525 void *file)
1526{
1527 unsigned int *data = NULL;
1528 unsigned int max_n_data_required = MIN_SAMPLES;
1529 int i = 0;
1530 int ret = 0;
1531
1532 lockdep_assert_held(&dev->mutex);
1533
1534 /* Determine maximum memory needed for all instructions. */
1535 for (i = 0; i < n_insns; ++i) {
1536 if (insns[i].n > MAX_SAMPLES) {
1537 dev_dbg(dev->class_dev,
1538 "number of samples too large\n");
1539 ret = -EINVAL;
1540 goto error;
1541 }
1542 max_n_data_required = max(max_n_data_required, insns[i].n);
1543 }
1544
1545 /* Allocate scratch space for all instruction data. */
1546 data = kmalloc_array(max_n_data_required, sizeof(unsigned int),
1547 GFP_KERNEL);
1548 if (!data) {
1549 ret = -ENOMEM;
1550 goto error;
1551 }
1552
1553 for (i = 0; i < n_insns; ++i) {
1554 if (insns[i].insn & INSN_MASK_WRITE) {
1555 if (copy_from_user(data, insns[i].data,
1556 insns[i].n * sizeof(unsigned int))) {
1557 dev_dbg(dev->class_dev,
1558 "copy_from_user failed\n");
1559 ret = -EFAULT;
1560 goto error;
1561 }
1562 }
1563 ret = parse_insn(dev, insns + i, data, file);
1564 if (ret < 0)
1565 goto error;
1566 if (insns[i].insn & INSN_MASK_READ) {
1567 if (copy_to_user(insns[i].data, data,
1568 insns[i].n * sizeof(unsigned int))) {
1569 dev_dbg(dev->class_dev,
1570 "copy_to_user failed\n");
1571 ret = -EFAULT;
1572 goto error;
1573 }
1574 }
1575 if (need_resched())
1576 schedule();
1577 }
1578
1579error:
1580 kfree(data);
1581
1582 if (ret < 0)
1583 return ret;
1584 return i;
1585}
1586
1587/*
1588 * COMEDI_INSN ioctl
1589 * synchronous instruction
1590 *
1591 * arg:
1592 * pointer to comedi_insn structure
1593 *
1594 * reads:
1595 * comedi_insn structure
1596 * data (for writes) from insn->data pointer
1597 *
1598 * writes:
1599 * data (for reads) to insn->data pointer
1600 */
1601static int do_insn_ioctl(struct comedi_device *dev,
1602 struct comedi_insn *insn, void *file)
1603{
1604 unsigned int *data = NULL;
1605 unsigned int n_data = MIN_SAMPLES;
1606 int ret = 0;
1607
1608 lockdep_assert_held(&dev->mutex);
1609
1610 n_data = max(n_data, insn->n);
1611
1612 /* This is where the behavior of insn and insnlist deviate. */
1613 if (insn->n > MAX_SAMPLES) {
1614 insn->n = MAX_SAMPLES;
1615 n_data = MAX_SAMPLES;
1616 }
1617
1618 data = kmalloc_array(n_data, sizeof(unsigned int), GFP_KERNEL);
1619 if (!data) {
1620 ret = -ENOMEM;
1621 goto error;
1622 }
1623
1624 if (insn->insn & INSN_MASK_WRITE) {
1625 if (copy_from_user(data,
1626 insn->data,
1627 insn->n * sizeof(unsigned int))) {
1628 ret = -EFAULT;
1629 goto error;
1630 }
1631 }
1632 ret = parse_insn(dev, insn, data, file);
1633 if (ret < 0)
1634 goto error;
1635 if (insn->insn & INSN_MASK_READ) {
1636 if (copy_to_user(insn->data,
1637 data,
1638 insn->n * sizeof(unsigned int))) {
1639 ret = -EFAULT;
1640 goto error;
1641 }
1642 }
1643 ret = insn->n;
1644
1645error:
1646 kfree(data);
1647
1648 return ret;
1649}
1650
1651static int __comedi_get_user_cmd(struct comedi_device *dev,
1652 struct comedi_cmd *cmd)
1653{
1654 struct comedi_subdevice *s;
1655
1656 lockdep_assert_held(&dev->mutex);
1657 if (cmd->subdev >= dev->n_subdevices) {
1658 dev_dbg(dev->class_dev, "%d no such subdevice\n", cmd->subdev);
1659 return -ENODEV;
1660 }
1661
1662 s = &dev->subdevices[cmd->subdev];
1663
1664 if (s->type == COMEDI_SUBD_UNUSED) {
1665 dev_dbg(dev->class_dev, "%d not valid subdevice\n",
1666 cmd->subdev);
1667 return -EIO;
1668 }
1669
1670 if (!s->do_cmd || !s->do_cmdtest || !s->async) {
1671 dev_dbg(dev->class_dev,
1672 "subdevice %d does not support commands\n",
1673 cmd->subdev);
1674 return -EIO;
1675 }
1676
1677 /* make sure channel/gain list isn't too long */
1678 if (cmd->chanlist_len > s->len_chanlist) {
1679 dev_dbg(dev->class_dev, "channel/gain list too long %d > %d\n",
1680 cmd->chanlist_len, s->len_chanlist);
1681 return -EINVAL;
1682 }
1683
1684 /*
1685 * Set the CMDF_WRITE flag to the correct state if the subdevice
1686 * supports only "read" commands or only "write" commands.
1687 */
1688 switch (s->subdev_flags & (SDF_CMD_READ | SDF_CMD_WRITE)) {
1689 case SDF_CMD_READ:
1690 cmd->flags &= ~CMDF_WRITE;
1691 break;
1692 case SDF_CMD_WRITE:
1693 cmd->flags |= CMDF_WRITE;
1694 break;
1695 default:
1696 break;
1697 }
1698
1699 return 0;
1700}
1701
1702static int __comedi_get_user_chanlist(struct comedi_device *dev,
1703 struct comedi_subdevice *s,
1704 unsigned int __user *user_chanlist,
1705 struct comedi_cmd *cmd)
1706{
1707 unsigned int *chanlist;
1708 int ret;
1709
1710 lockdep_assert_held(&dev->mutex);
1711 cmd->chanlist = NULL;
1712 chanlist = memdup_user(user_chanlist,
1713 cmd->chanlist_len * sizeof(unsigned int));
1714 if (IS_ERR(chanlist))
1715 return PTR_ERR(chanlist);
1716
1717 /* make sure each element in channel/gain list is valid */
1718 ret = comedi_check_chanlist(s, cmd->chanlist_len, chanlist);
1719 if (ret < 0) {
1720 kfree(chanlist);
1721 return ret;
1722 }
1723
1724 cmd->chanlist = chanlist;
1725
1726 return 0;
1727}
1728
1729/*
1730 * COMEDI_CMD ioctl
1731 * asynchronous acquisition command set-up
1732 *
1733 * arg:
1734 * pointer to comedi_cmd structure
1735 *
1736 * reads:
1737 * comedi_cmd structure
1738 * channel/range list from cmd->chanlist pointer
1739 *
1740 * writes:
1741 * possibly modified comedi_cmd structure (when -EAGAIN returned)
1742 */
1743static int do_cmd_ioctl(struct comedi_device *dev,
1744 struct comedi_cmd *cmd, bool *copy, void *file)
1745{
1746 struct comedi_subdevice *s;
1747 struct comedi_async *async;
1748 unsigned int __user *user_chanlist;
1749 int ret;
1750
1751 lockdep_assert_held(&dev->mutex);
1752
1753 /* do some simple cmd validation */
1754 ret = __comedi_get_user_cmd(dev, cmd);
1755 if (ret)
1756 return ret;
1757
1758 /* save user's chanlist pointer so it can be restored later */
1759 user_chanlist = (unsigned int __user *)cmd->chanlist;
1760
1761 s = &dev->subdevices[cmd->subdev];
1762 async = s->async;
1763
1764 /* are we locked? (ioctl lock) */
1765 if (s->lock && s->lock != file) {
1766 dev_dbg(dev->class_dev, "subdevice locked\n");
1767 return -EACCES;
1768 }
1769
1770 /* are we busy? */
1771 if (s->busy) {
1772 dev_dbg(dev->class_dev, "subdevice busy\n");
1773 return -EBUSY;
1774 }
1775
1776 /* make sure channel/gain list isn't too short */
1777 if (cmd->chanlist_len < 1) {
1778 dev_dbg(dev->class_dev, "channel/gain list too short %u < 1\n",
1779 cmd->chanlist_len);
1780 return -EINVAL;
1781 }
1782
1783 async->cmd = *cmd;
1784 async->cmd.data = NULL;
1785
1786 /* load channel/gain list */
1787 ret = __comedi_get_user_chanlist(dev, s, user_chanlist, &async->cmd);
1788 if (ret)
1789 goto cleanup;
1790
1791 ret = s->do_cmdtest(dev, s, &async->cmd);
1792
1793 if (async->cmd.flags & CMDF_BOGUS || ret) {
1794 dev_dbg(dev->class_dev, "test returned %d\n", ret);
1795 *cmd = async->cmd;
1796 /* restore chanlist pointer before copying back */
1797 cmd->chanlist = (unsigned int __force *)user_chanlist;
1798 cmd->data = NULL;
1799 *copy = true;
1800 ret = -EAGAIN;
1801 goto cleanup;
1802 }
1803
1804 if (!async->prealloc_bufsz) {
1805 ret = -ENOMEM;
1806 dev_dbg(dev->class_dev, "no buffer (?)\n");
1807 goto cleanup;
1808 }
1809
1810 comedi_buf_reset(s);
1811
1812 async->cb_mask = COMEDI_CB_BLOCK | COMEDI_CB_CANCEL_MASK;
1813 if (async->cmd.flags & CMDF_WAKE_EOS)
1814 async->cb_mask |= COMEDI_CB_EOS;
1815
1816 comedi_update_subdevice_runflags(s, COMEDI_SRF_BUSY_MASK,
1817 COMEDI_SRF_RUNNING);
1818
1819 /*
1820 * Set s->busy _after_ setting COMEDI_SRF_RUNNING flag to avoid
1821 * race with comedi_read() or comedi_write().
1822 */
1823 s->busy = file;
1824 ret = s->do_cmd(dev, s);
1825 if (ret == 0)
1826 return 0;
1827
1828cleanup:
1829 do_become_nonbusy(dev, s);
1830
1831 return ret;
1832}
1833
1834/*
1835 * COMEDI_CMDTEST ioctl
1836 * asynchronous acquisition command testing
1837 *
1838 * arg:
1839 * pointer to comedi_cmd structure
1840 *
1841 * reads:
1842 * comedi_cmd structure
1843 * channel/range list from cmd->chanlist pointer
1844 *
1845 * writes:
1846 * possibly modified comedi_cmd structure
1847 */
1848static int do_cmdtest_ioctl(struct comedi_device *dev,
1849 struct comedi_cmd *cmd, bool *copy, void *file)
1850{
1851 struct comedi_subdevice *s;
1852 unsigned int __user *user_chanlist;
1853 int ret;
1854
1855 lockdep_assert_held(&dev->mutex);
1856
1857 /* do some simple cmd validation */
1858 ret = __comedi_get_user_cmd(dev, cmd);
1859 if (ret)
1860 return ret;
1861
1862 /* save user's chanlist pointer so it can be restored later */
1863 user_chanlist = (unsigned int __user *)cmd->chanlist;
1864
1865 s = &dev->subdevices[cmd->subdev];
1866
1867 /* user_chanlist can be NULL for COMEDI_CMDTEST ioctl */
1868 if (user_chanlist) {
1869 /* load channel/gain list */
1870 ret = __comedi_get_user_chanlist(dev, s, user_chanlist, cmd);
1871 if (ret)
1872 return ret;
1873 }
1874
1875 ret = s->do_cmdtest(dev, s, cmd);
1876
1877 kfree(cmd->chanlist); /* free kernel copy of user chanlist */
1878
1879 /* restore chanlist pointer before copying back */
1880 cmd->chanlist = (unsigned int __force *)user_chanlist;
1881 *copy = true;
1882
1883 return ret;
1884}
1885
1886/*
1887 * COMEDI_LOCK ioctl
1888 * lock subdevice
1889 *
1890 * arg:
1891 * subdevice number
1892 *
1893 * reads:
1894 * nothing
1895 *
1896 * writes:
1897 * nothing
1898 */
1899static int do_lock_ioctl(struct comedi_device *dev, unsigned long arg,
1900 void *file)
1901{
1902 int ret = 0;
1903 unsigned long flags;
1904 struct comedi_subdevice *s;
1905
1906 lockdep_assert_held(&dev->mutex);
1907 if (arg >= dev->n_subdevices)
1908 return -EINVAL;
1909 s = &dev->subdevices[arg];
1910
1911 spin_lock_irqsave(&s->spin_lock, flags);
1912 if (s->busy || s->lock)
1913 ret = -EBUSY;
1914 else
1915 s->lock = file;
1916 spin_unlock_irqrestore(&s->spin_lock, flags);
1917
1918 return ret;
1919}
1920
1921/*
1922 * COMEDI_UNLOCK ioctl
1923 * unlock subdevice
1924 *
1925 * arg:
1926 * subdevice number
1927 *
1928 * reads:
1929 * nothing
1930 *
1931 * writes:
1932 * nothing
1933 */
1934static int do_unlock_ioctl(struct comedi_device *dev, unsigned long arg,
1935 void *file)
1936{
1937 struct comedi_subdevice *s;
1938
1939 lockdep_assert_held(&dev->mutex);
1940 if (arg >= dev->n_subdevices)
1941 return -EINVAL;
1942 s = &dev->subdevices[arg];
1943
1944 if (s->busy)
1945 return -EBUSY;
1946
1947 if (s->lock && s->lock != file)
1948 return -EACCES;
1949
1950 if (s->lock == file)
1951 s->lock = NULL;
1952
1953 return 0;
1954}
1955
1956/*
1957 * COMEDI_CANCEL ioctl
1958 * cancel asynchronous acquisition
1959 *
1960 * arg:
1961 * subdevice number
1962 *
1963 * reads:
1964 * nothing
1965 *
1966 * writes:
1967 * nothing
1968 */
1969static int do_cancel_ioctl(struct comedi_device *dev, unsigned long arg,
1970 void *file)
1971{
1972 struct comedi_subdevice *s;
1973
1974 lockdep_assert_held(&dev->mutex);
1975 if (arg >= dev->n_subdevices)
1976 return -EINVAL;
1977 s = &dev->subdevices[arg];
1978 if (!s->async)
1979 return -EINVAL;
1980
1981 if (!s->busy)
1982 return 0;
1983
1984 if (s->busy != file)
1985 return -EBUSY;
1986
1987 return do_cancel(dev, s);
1988}
1989
1990/*
1991 * COMEDI_POLL ioctl
1992 * instructs driver to synchronize buffers
1993 *
1994 * arg:
1995 * subdevice number
1996 *
1997 * reads:
1998 * nothing
1999 *
2000 * writes:
2001 * nothing
2002 */
2003static int do_poll_ioctl(struct comedi_device *dev, unsigned long arg,
2004 void *file)
2005{
2006 struct comedi_subdevice *s;
2007
2008 lockdep_assert_held(&dev->mutex);
2009 if (arg >= dev->n_subdevices)
2010 return -EINVAL;
2011 s = &dev->subdevices[arg];
2012
2013 if (!s->busy)
2014 return 0;
2015
2016 if (s->busy != file)
2017 return -EBUSY;
2018
2019 if (s->poll)
2020 return s->poll(dev, s);
2021
2022 return -EINVAL;
2023}
2024
2025/*
2026 * COMEDI_SETRSUBD ioctl
2027 * sets the current "read" subdevice on a per-file basis
2028 *
2029 * arg:
2030 * subdevice number
2031 *
2032 * reads:
2033 * nothing
2034 *
2035 * writes:
2036 * nothing
2037 */
2038static int do_setrsubd_ioctl(struct comedi_device *dev, unsigned long arg,
2039 struct file *file)
2040{
2041 struct comedi_file *cfp = file->private_data;
2042 struct comedi_subdevice *s_old, *s_new;
2043
2044 lockdep_assert_held(&dev->mutex);
2045 if (arg >= dev->n_subdevices)
2046 return -EINVAL;
2047
2048 s_new = &dev->subdevices[arg];
2049 s_old = comedi_file_read_subdevice(file);
2050 if (s_old == s_new)
2051 return 0; /* no change */
2052
2053 if (!(s_new->subdev_flags & SDF_CMD_READ))
2054 return -EINVAL;
2055
2056 /*
2057 * Check the file isn't still busy handling a "read" command on the
2058 * old subdevice (if any).
2059 */
2060 if (s_old && s_old->busy == file && s_old->async &&
2061 !(s_old->async->cmd.flags & CMDF_WRITE))
2062 return -EBUSY;
2063
2064 WRITE_ONCE(cfp->read_subdev, s_new);
2065 return 0;
2066}
2067
2068/*
2069 * COMEDI_SETWSUBD ioctl
2070 * sets the current "write" subdevice on a per-file basis
2071 *
2072 * arg:
2073 * subdevice number
2074 *
2075 * reads:
2076 * nothing
2077 *
2078 * writes:
2079 * nothing
2080 */
2081static int do_setwsubd_ioctl(struct comedi_device *dev, unsigned long arg,
2082 struct file *file)
2083{
2084 struct comedi_file *cfp = file->private_data;
2085 struct comedi_subdevice *s_old, *s_new;
2086
2087 lockdep_assert_held(&dev->mutex);
2088 if (arg >= dev->n_subdevices)
2089 return -EINVAL;
2090
2091 s_new = &dev->subdevices[arg];
2092 s_old = comedi_file_write_subdevice(file);
2093 if (s_old == s_new)
2094 return 0; /* no change */
2095
2096 if (!(s_new->subdev_flags & SDF_CMD_WRITE))
2097 return -EINVAL;
2098
2099 /*
2100 * Check the file isn't still busy handling a "write" command on the
2101 * old subdevice (if any).
2102 */
2103 if (s_old && s_old->busy == file && s_old->async &&
2104 (s_old->async->cmd.flags & CMDF_WRITE))
2105 return -EBUSY;
2106
2107 WRITE_ONCE(cfp->write_subdev, s_new);
2108 return 0;
2109}
2110
2111static long comedi_unlocked_ioctl(struct file *file, unsigned int cmd,
2112 unsigned long arg)
2113{
2114 unsigned int minor = iminor(file_inode(file));
2115 struct comedi_file *cfp = file->private_data;
2116 struct comedi_device *dev = cfp->dev;
2117 int rc;
2118
2119 mutex_lock(&dev->mutex);
2120
2121 /*
2122 * Device config is special, because it must work on
2123 * an unconfigured device.
2124 */
2125 if (cmd == COMEDI_DEVCONFIG) {
2126 if (minor >= COMEDI_NUM_BOARD_MINORS) {
2127 /* Device config not appropriate on non-board minors. */
2128 rc = -ENOTTY;
2129 goto done;
2130 }
2131 rc = do_devconfig_ioctl(dev,
2132 (struct comedi_devconfig __user *)arg);
2133 if (rc == 0) {
2134 if (arg == 0 &&
2135 dev->minor >= comedi_num_legacy_minors) {
2136 /*
2137 * Successfully unconfigured a dynamically
2138 * allocated device. Try and remove it.
2139 */
2140 if (comedi_clear_board_dev(dev)) {
2141 mutex_unlock(&dev->mutex);
2142 comedi_free_board_dev(dev);
2143 return rc;
2144 }
2145 }
2146 }
2147 goto done;
2148 }
2149
2150 if (!dev->attached) {
2151 dev_dbg(dev->class_dev, "no driver attached\n");
2152 rc = -ENODEV;
2153 goto done;
2154 }
2155
2156 switch (cmd) {
2157 case COMEDI_BUFCONFIG:
2158 rc = do_bufconfig_ioctl(dev,
2159 (struct comedi_bufconfig __user *)arg);
2160 break;
2161 case COMEDI_DEVINFO:
2162 rc = do_devinfo_ioctl(dev, (struct comedi_devinfo __user *)arg,
2163 file);
2164 break;
2165 case COMEDI_SUBDINFO:
2166 rc = do_subdinfo_ioctl(dev,
2167 (struct comedi_subdinfo __user *)arg,
2168 file);
2169 break;
2170 case COMEDI_CHANINFO: {
2171 struct comedi_chaninfo it;
2172
2173 if (copy_from_user(&it, (void __user *)arg, sizeof(it)))
2174 rc = -EFAULT;
2175 else
2176 rc = do_chaninfo_ioctl(dev, &it);
2177 break;
2178 }
2179 case COMEDI_RANGEINFO: {
2180 struct comedi_rangeinfo it;
2181
2182 if (copy_from_user(&it, (void __user *)arg, sizeof(it)))
2183 rc = -EFAULT;
2184 else
2185 rc = do_rangeinfo_ioctl(dev, &it);
2186 break;
2187 }
2188 case COMEDI_BUFINFO:
2189 rc = do_bufinfo_ioctl(dev,
2190 (struct comedi_bufinfo __user *)arg,
2191 file);
2192 break;
2193 case COMEDI_LOCK:
2194 rc = do_lock_ioctl(dev, arg, file);
2195 break;
2196 case COMEDI_UNLOCK:
2197 rc = do_unlock_ioctl(dev, arg, file);
2198 break;
2199 case COMEDI_CANCEL:
2200 rc = do_cancel_ioctl(dev, arg, file);
2201 break;
2202 case COMEDI_CMD: {
2203 struct comedi_cmd cmd;
2204 bool copy = false;
2205
2206 if (copy_from_user(&cmd, (void __user *)arg, sizeof(cmd))) {
2207 rc = -EFAULT;
2208 break;
2209 }
2210 rc = do_cmd_ioctl(dev, &cmd, ©, file);
2211 if (copy && copy_to_user((void __user *)arg, &cmd, sizeof(cmd)))
2212 rc = -EFAULT;
2213 break;
2214 }
2215 case COMEDI_CMDTEST: {
2216 struct comedi_cmd cmd;
2217 bool copy = false;
2218
2219 if (copy_from_user(&cmd, (void __user *)arg, sizeof(cmd))) {
2220 rc = -EFAULT;
2221 break;
2222 }
2223 rc = do_cmdtest_ioctl(dev, &cmd, ©, file);
2224 if (copy && copy_to_user((void __user *)arg, &cmd, sizeof(cmd)))
2225 rc = -EFAULT;
2226 break;
2227 }
2228 case COMEDI_INSNLIST: {
2229 struct comedi_insnlist insnlist;
2230 struct comedi_insn *insns = NULL;
2231
2232 if (copy_from_user(&insnlist, (void __user *)arg,
2233 sizeof(insnlist))) {
2234 rc = -EFAULT;
2235 break;
2236 }
2237 insns = kcalloc(insnlist.n_insns, sizeof(*insns), GFP_KERNEL);
2238 if (!insns) {
2239 rc = -ENOMEM;
2240 break;
2241 }
2242 if (copy_from_user(insns, insnlist.insns,
2243 sizeof(*insns) * insnlist.n_insns)) {
2244 rc = -EFAULT;
2245 kfree(insns);
2246 break;
2247 }
2248 rc = do_insnlist_ioctl(dev, insns, insnlist.n_insns, file);
2249 kfree(insns);
2250 break;
2251 }
2252 case COMEDI_INSN: {
2253 struct comedi_insn insn;
2254
2255 if (copy_from_user(&insn, (void __user *)arg, sizeof(insn)))
2256 rc = -EFAULT;
2257 else
2258 rc = do_insn_ioctl(dev, &insn, file);
2259 break;
2260 }
2261 case COMEDI_POLL:
2262 rc = do_poll_ioctl(dev, arg, file);
2263 break;
2264 case COMEDI_SETRSUBD:
2265 rc = do_setrsubd_ioctl(dev, arg, file);
2266 break;
2267 case COMEDI_SETWSUBD:
2268 rc = do_setwsubd_ioctl(dev, arg, file);
2269 break;
2270 default:
2271 rc = -ENOTTY;
2272 break;
2273 }
2274
2275done:
2276 mutex_unlock(&dev->mutex);
2277 return rc;
2278}
2279
2280static void comedi_vm_open(struct vm_area_struct *area)
2281{
2282 struct comedi_buf_map *bm;
2283
2284 bm = area->vm_private_data;
2285 comedi_buf_map_get(bm);
2286}
2287
2288static void comedi_vm_close(struct vm_area_struct *area)
2289{
2290 struct comedi_buf_map *bm;
2291
2292 bm = area->vm_private_data;
2293 comedi_buf_map_put(bm);
2294}
2295
2296static int comedi_vm_access(struct vm_area_struct *vma, unsigned long addr,
2297 void *buf, int len, int write)
2298{
2299 struct comedi_buf_map *bm = vma->vm_private_data;
2300 unsigned long offset =
2301 addr - vma->vm_start + (vma->vm_pgoff << PAGE_SHIFT);
2302
2303 if (len < 0)
2304 return -EINVAL;
2305 if (len > vma->vm_end - addr)
2306 len = vma->vm_end - addr;
2307 return comedi_buf_map_access(bm, offset, buf, len, write);
2308}
2309
2310static const struct vm_operations_struct comedi_vm_ops = {
2311 .open = comedi_vm_open,
2312 .close = comedi_vm_close,
2313 .access = comedi_vm_access,
2314};
2315
2316static int comedi_mmap(struct file *file, struct vm_area_struct *vma)
2317{
2318 struct comedi_file *cfp = file->private_data;
2319 struct comedi_device *dev = cfp->dev;
2320 struct comedi_subdevice *s;
2321 struct comedi_async *async;
2322 struct comedi_buf_map *bm = NULL;
2323 struct comedi_buf_page *buf;
2324 unsigned long start = vma->vm_start;
2325 unsigned long size;
2326 int n_pages;
2327 int i;
2328 int retval = 0;
2329
2330 /*
2331 * 'trylock' avoids circular dependency with current->mm->mmap_lock
2332 * and down-reading &dev->attach_lock should normally succeed without
2333 * contention unless the device is in the process of being attached
2334 * or detached.
2335 */
2336 if (!down_read_trylock(&dev->attach_lock))
2337 return -EAGAIN;
2338
2339 if (!dev->attached) {
2340 dev_dbg(dev->class_dev, "no driver attached\n");
2341 retval = -ENODEV;
2342 goto done;
2343 }
2344
2345 if (vma->vm_flags & VM_WRITE)
2346 s = comedi_file_write_subdevice(file);
2347 else
2348 s = comedi_file_read_subdevice(file);
2349 if (!s) {
2350 retval = -EINVAL;
2351 goto done;
2352 }
2353
2354 async = s->async;
2355 if (!async) {
2356 retval = -EINVAL;
2357 goto done;
2358 }
2359
2360 if (vma->vm_pgoff != 0) {
2361 dev_dbg(dev->class_dev, "mmap() offset must be 0.\n");
2362 retval = -EINVAL;
2363 goto done;
2364 }
2365
2366 size = vma->vm_end - vma->vm_start;
2367 if (size > async->prealloc_bufsz) {
2368 retval = -EFAULT;
2369 goto done;
2370 }
2371 if (offset_in_page(size)) {
2372 retval = -EFAULT;
2373 goto done;
2374 }
2375
2376 n_pages = vma_pages(vma);
2377
2378 /* get reference to current buf map (if any) */
2379 bm = comedi_buf_map_from_subdev_get(s);
2380 if (!bm || n_pages > bm->n_pages) {
2381 retval = -EINVAL;
2382 goto done;
2383 }
2384 if (bm->dma_dir != DMA_NONE) {
2385 /*
2386 * DMA buffer was allocated as a single block.
2387 * Address is in page_list[0].
2388 */
2389 buf = &bm->page_list[0];
2390 retval = dma_mmap_coherent(bm->dma_hw_dev, vma, buf->virt_addr,
2391 buf->dma_addr, n_pages * PAGE_SIZE);
2392 } else {
2393 for (i = 0; i < n_pages; ++i) {
2394 unsigned long pfn;
2395
2396 buf = &bm->page_list[i];
2397 pfn = page_to_pfn(virt_to_page(buf->virt_addr));
2398 retval = remap_pfn_range(vma, start, pfn, PAGE_SIZE,
2399 PAGE_SHARED);
2400 if (retval)
2401 break;
2402
2403 start += PAGE_SIZE;
2404 }
2405 }
2406
2407 if (retval == 0) {
2408 vma->vm_ops = &comedi_vm_ops;
2409 vma->vm_private_data = bm;
2410
2411 vma->vm_ops->open(vma);
2412 }
2413
2414done:
2415 up_read(&dev->attach_lock);
2416 comedi_buf_map_put(bm); /* put reference to buf map - okay if NULL */
2417 return retval;
2418}
2419
2420static __poll_t comedi_poll(struct file *file, poll_table *wait)
2421{
2422 __poll_t mask = 0;
2423 struct comedi_file *cfp = file->private_data;
2424 struct comedi_device *dev = cfp->dev;
2425 struct comedi_subdevice *s, *s_read;
2426
2427 down_read(&dev->attach_lock);
2428
2429 if (!dev->attached) {
2430 dev_dbg(dev->class_dev, "no driver attached\n");
2431 goto done;
2432 }
2433
2434 s = comedi_file_read_subdevice(file);
2435 s_read = s;
2436 if (s && s->async) {
2437 poll_wait(file, &s->async->wait_head, wait);
2438 if (s->busy != file || !comedi_is_subdevice_running(s) ||
2439 (s->async->cmd.flags & CMDF_WRITE) ||
2440 comedi_buf_read_n_available(s) > 0)
2441 mask |= EPOLLIN | EPOLLRDNORM;
2442 }
2443
2444 s = comedi_file_write_subdevice(file);
2445 if (s && s->async) {
2446 unsigned int bps = comedi_bytes_per_sample(s);
2447
2448 if (s != s_read)
2449 poll_wait(file, &s->async->wait_head, wait);
2450 if (s->busy != file || !comedi_is_subdevice_running(s) ||
2451 !(s->async->cmd.flags & CMDF_WRITE) ||
2452 comedi_buf_write_n_available(s) >= bps)
2453 mask |= EPOLLOUT | EPOLLWRNORM;
2454 }
2455
2456done:
2457 up_read(&dev->attach_lock);
2458 return mask;
2459}
2460
2461static ssize_t comedi_write(struct file *file, const char __user *buf,
2462 size_t nbytes, loff_t *offset)
2463{
2464 struct comedi_subdevice *s;
2465 struct comedi_async *async;
2466 unsigned int n, m;
2467 ssize_t count = 0;
2468 int retval = 0;
2469 DECLARE_WAITQUEUE(wait, current);
2470 struct comedi_file *cfp = file->private_data;
2471 struct comedi_device *dev = cfp->dev;
2472 bool become_nonbusy = false;
2473 bool attach_locked;
2474 unsigned int old_detach_count;
2475
2476 /* Protect against device detachment during operation. */
2477 down_read(&dev->attach_lock);
2478 attach_locked = true;
2479 old_detach_count = dev->detach_count;
2480
2481 if (!dev->attached) {
2482 dev_dbg(dev->class_dev, "no driver attached\n");
2483 retval = -ENODEV;
2484 goto out;
2485 }
2486
2487 s = comedi_file_write_subdevice(file);
2488 if (!s || !s->async) {
2489 retval = -EIO;
2490 goto out;
2491 }
2492
2493 async = s->async;
2494 if (s->busy != file || !(async->cmd.flags & CMDF_WRITE)) {
2495 retval = -EINVAL;
2496 goto out;
2497 }
2498
2499 add_wait_queue(&async->wait_head, &wait);
2500 while (count == 0 && !retval) {
2501 unsigned int runflags;
2502 unsigned int wp, n1, n2;
2503
2504 set_current_state(TASK_INTERRUPTIBLE);
2505
2506 runflags = comedi_get_subdevice_runflags(s);
2507 if (!comedi_is_runflags_running(runflags)) {
2508 if (comedi_is_runflags_in_error(runflags))
2509 retval = -EPIPE;
2510 if (retval || nbytes)
2511 become_nonbusy = true;
2512 break;
2513 }
2514 if (nbytes == 0)
2515 break;
2516
2517 /* Allocate all free buffer space. */
2518 comedi_buf_write_alloc(s, async->prealloc_bufsz);
2519 m = comedi_buf_write_n_allocated(s);
2520 n = min_t(size_t, m, nbytes);
2521
2522 if (n == 0) {
2523 if (file->f_flags & O_NONBLOCK) {
2524 retval = -EAGAIN;
2525 break;
2526 }
2527 schedule();
2528 if (signal_pending(current)) {
2529 retval = -ERESTARTSYS;
2530 break;
2531 }
2532 if (s->busy != file ||
2533 !(async->cmd.flags & CMDF_WRITE)) {
2534 retval = -EINVAL;
2535 break;
2536 }
2537 continue;
2538 }
2539
2540 set_current_state(TASK_RUNNING);
2541 wp = async->buf_write_ptr;
2542 n1 = min(n, async->prealloc_bufsz - wp);
2543 n2 = n - n1;
2544 m = copy_from_user(async->prealloc_buf + wp, buf, n1);
2545 if (m)
2546 m += n2;
2547 else if (n2)
2548 m = copy_from_user(async->prealloc_buf, buf + n1, n2);
2549 if (m) {
2550 n -= m;
2551 retval = -EFAULT;
2552 }
2553 comedi_buf_write_free(s, n);
2554
2555 count += n;
2556 nbytes -= n;
2557
2558 buf += n;
2559 }
2560 remove_wait_queue(&async->wait_head, &wait);
2561 set_current_state(TASK_RUNNING);
2562 if (become_nonbusy && count == 0) {
2563 struct comedi_subdevice *new_s;
2564
2565 /*
2566 * To avoid deadlock, cannot acquire dev->mutex
2567 * while dev->attach_lock is held.
2568 */
2569 up_read(&dev->attach_lock);
2570 attach_locked = false;
2571 mutex_lock(&dev->mutex);
2572 /*
2573 * Check device hasn't become detached behind our back.
2574 * Checking dev->detach_count is unchanged ought to be
2575 * sufficient (unless there have been 2**32 detaches in the
2576 * meantime!), but check the subdevice pointer as well just in
2577 * case.
2578 *
2579 * Also check the subdevice is still in a suitable state to
2580 * become non-busy in case it changed behind our back.
2581 */
2582 new_s = comedi_file_write_subdevice(file);
2583 if (dev->attached && old_detach_count == dev->detach_count &&
2584 s == new_s && new_s->async == async && s->busy == file &&
2585 (async->cmd.flags & CMDF_WRITE) &&
2586 !comedi_is_subdevice_running(s))
2587 do_become_nonbusy(dev, s);
2588 mutex_unlock(&dev->mutex);
2589 }
2590out:
2591 if (attach_locked)
2592 up_read(&dev->attach_lock);
2593
2594 return count ? count : retval;
2595}
2596
2597static ssize_t comedi_read(struct file *file, char __user *buf, size_t nbytes,
2598 loff_t *offset)
2599{
2600 struct comedi_subdevice *s;
2601 struct comedi_async *async;
2602 unsigned int n, m;
2603 ssize_t count = 0;
2604 int retval = 0;
2605 DECLARE_WAITQUEUE(wait, current);
2606 struct comedi_file *cfp = file->private_data;
2607 struct comedi_device *dev = cfp->dev;
2608 unsigned int old_detach_count;
2609 bool become_nonbusy = false;
2610 bool attach_locked;
2611
2612 /* Protect against device detachment during operation. */
2613 down_read(&dev->attach_lock);
2614 attach_locked = true;
2615 old_detach_count = dev->detach_count;
2616
2617 if (!dev->attached) {
2618 dev_dbg(dev->class_dev, "no driver attached\n");
2619 retval = -ENODEV;
2620 goto out;
2621 }
2622
2623 s = comedi_file_read_subdevice(file);
2624 if (!s || !s->async) {
2625 retval = -EIO;
2626 goto out;
2627 }
2628
2629 async = s->async;
2630 if (s->busy != file || (async->cmd.flags & CMDF_WRITE)) {
2631 retval = -EINVAL;
2632 goto out;
2633 }
2634
2635 add_wait_queue(&async->wait_head, &wait);
2636 while (count == 0 && !retval) {
2637 unsigned int rp, n1, n2;
2638
2639 set_current_state(TASK_INTERRUPTIBLE);
2640
2641 m = comedi_buf_read_n_available(s);
2642 n = min_t(size_t, m, nbytes);
2643
2644 if (n == 0) {
2645 unsigned int runflags =
2646 comedi_get_subdevice_runflags(s);
2647
2648 if (!comedi_is_runflags_running(runflags)) {
2649 if (comedi_is_runflags_in_error(runflags))
2650 retval = -EPIPE;
2651 if (retval || nbytes)
2652 become_nonbusy = true;
2653 break;
2654 }
2655 if (nbytes == 0)
2656 break;
2657 if (file->f_flags & O_NONBLOCK) {
2658 retval = -EAGAIN;
2659 break;
2660 }
2661 schedule();
2662 if (signal_pending(current)) {
2663 retval = -ERESTARTSYS;
2664 break;
2665 }
2666 if (s->busy != file ||
2667 (async->cmd.flags & CMDF_WRITE)) {
2668 retval = -EINVAL;
2669 break;
2670 }
2671 continue;
2672 }
2673
2674 set_current_state(TASK_RUNNING);
2675 rp = async->buf_read_ptr;
2676 n1 = min(n, async->prealloc_bufsz - rp);
2677 n2 = n - n1;
2678 m = copy_to_user(buf, async->prealloc_buf + rp, n1);
2679 if (m)
2680 m += n2;
2681 else if (n2)
2682 m = copy_to_user(buf + n1, async->prealloc_buf, n2);
2683 if (m) {
2684 n -= m;
2685 retval = -EFAULT;
2686 }
2687
2688 comedi_buf_read_alloc(s, n);
2689 comedi_buf_read_free(s, n);
2690
2691 count += n;
2692 nbytes -= n;
2693
2694 buf += n;
2695 }
2696 remove_wait_queue(&async->wait_head, &wait);
2697 set_current_state(TASK_RUNNING);
2698 if (become_nonbusy && count == 0) {
2699 struct comedi_subdevice *new_s;
2700
2701 /*
2702 * To avoid deadlock, cannot acquire dev->mutex
2703 * while dev->attach_lock is held.
2704 */
2705 up_read(&dev->attach_lock);
2706 attach_locked = false;
2707 mutex_lock(&dev->mutex);
2708 /*
2709 * Check device hasn't become detached behind our back.
2710 * Checking dev->detach_count is unchanged ought to be
2711 * sufficient (unless there have been 2**32 detaches in the
2712 * meantime!), but check the subdevice pointer as well just in
2713 * case.
2714 *
2715 * Also check the subdevice is still in a suitable state to
2716 * become non-busy in case it changed behind our back.
2717 */
2718 new_s = comedi_file_read_subdevice(file);
2719 if (dev->attached && old_detach_count == dev->detach_count &&
2720 s == new_s && new_s->async == async && s->busy == file &&
2721 !(async->cmd.flags & CMDF_WRITE) &&
2722 !comedi_is_subdevice_running(s) &&
2723 comedi_buf_read_n_available(s) == 0)
2724 do_become_nonbusy(dev, s);
2725 mutex_unlock(&dev->mutex);
2726 }
2727out:
2728 if (attach_locked)
2729 up_read(&dev->attach_lock);
2730
2731 return count ? count : retval;
2732}
2733
2734static int comedi_open(struct inode *inode, struct file *file)
2735{
2736 const unsigned int minor = iminor(inode);
2737 struct comedi_file *cfp;
2738 struct comedi_device *dev = comedi_dev_get_from_minor(minor);
2739 int rc;
2740
2741 if (!dev) {
2742 pr_debug("invalid minor number\n");
2743 return -ENODEV;
2744 }
2745
2746 cfp = kzalloc(sizeof(*cfp), GFP_KERNEL);
2747 if (!cfp) {
2748 comedi_dev_put(dev);
2749 return -ENOMEM;
2750 }
2751
2752 cfp->dev = dev;
2753
2754 mutex_lock(&dev->mutex);
2755 if (!dev->attached && !capable(CAP_SYS_ADMIN)) {
2756 dev_dbg(dev->class_dev, "not attached and not CAP_SYS_ADMIN\n");
2757 rc = -ENODEV;
2758 goto out;
2759 }
2760 if (dev->attached && dev->use_count == 0) {
2761 if (!try_module_get(dev->driver->module)) {
2762 rc = -ENXIO;
2763 goto out;
2764 }
2765 if (dev->open) {
2766 rc = dev->open(dev);
2767 if (rc < 0) {
2768 module_put(dev->driver->module);
2769 goto out;
2770 }
2771 }
2772 }
2773
2774 dev->use_count++;
2775 file->private_data = cfp;
2776 comedi_file_reset(file);
2777 rc = 0;
2778
2779out:
2780 mutex_unlock(&dev->mutex);
2781 if (rc) {
2782 comedi_dev_put(dev);
2783 kfree(cfp);
2784 }
2785 return rc;
2786}
2787
2788static int comedi_fasync(int fd, struct file *file, int on)
2789{
2790 struct comedi_file *cfp = file->private_data;
2791 struct comedi_device *dev = cfp->dev;
2792
2793 return fasync_helper(fd, file, on, &dev->async_queue);
2794}
2795
2796static int comedi_close(struct inode *inode, struct file *file)
2797{
2798 struct comedi_file *cfp = file->private_data;
2799 struct comedi_device *dev = cfp->dev;
2800 struct comedi_subdevice *s = NULL;
2801 int i;
2802
2803 mutex_lock(&dev->mutex);
2804
2805 if (dev->subdevices) {
2806 for (i = 0; i < dev->n_subdevices; i++) {
2807 s = &dev->subdevices[i];
2808
2809 if (s->busy == file)
2810 do_cancel(dev, s);
2811 if (s->lock == file)
2812 s->lock = NULL;
2813 }
2814 }
2815 if (dev->attached && dev->use_count == 1) {
2816 if (dev->close)
2817 dev->close(dev);
2818 module_put(dev->driver->module);
2819 }
2820
2821 dev->use_count--;
2822
2823 mutex_unlock(&dev->mutex);
2824 comedi_dev_put(dev);
2825 kfree(cfp);
2826
2827 return 0;
2828}
2829
2830#ifdef CONFIG_COMPAT
2831
2832#define COMEDI32_CHANINFO _IOR(CIO, 3, struct comedi32_chaninfo_struct)
2833#define COMEDI32_RANGEINFO _IOR(CIO, 8, struct comedi32_rangeinfo_struct)
2834/*
2835 * N.B. COMEDI32_CMD and COMEDI_CMD ought to use _IOWR, not _IOR.
2836 * It's too late to change it now, but it only affects the command number.
2837 */
2838#define COMEDI32_CMD _IOR(CIO, 9, struct comedi32_cmd_struct)
2839/*
2840 * N.B. COMEDI32_CMDTEST and COMEDI_CMDTEST ought to use _IOWR, not _IOR.
2841 * It's too late to change it now, but it only affects the command number.
2842 */
2843#define COMEDI32_CMDTEST _IOR(CIO, 10, struct comedi32_cmd_struct)
2844#define COMEDI32_INSNLIST _IOR(CIO, 11, struct comedi32_insnlist_struct)
2845#define COMEDI32_INSN _IOR(CIO, 12, struct comedi32_insn_struct)
2846
2847struct comedi32_chaninfo_struct {
2848 unsigned int subdev;
2849 compat_uptr_t maxdata_list; /* 32-bit 'unsigned int *' */
2850 compat_uptr_t flaglist; /* 32-bit 'unsigned int *' */
2851 compat_uptr_t rangelist; /* 32-bit 'unsigned int *' */
2852 unsigned int unused[4];
2853};
2854
2855struct comedi32_rangeinfo_struct {
2856 unsigned int range_type;
2857 compat_uptr_t range_ptr; /* 32-bit 'void *' */
2858};
2859
2860struct comedi32_cmd_struct {
2861 unsigned int subdev;
2862 unsigned int flags;
2863 unsigned int start_src;
2864 unsigned int start_arg;
2865 unsigned int scan_begin_src;
2866 unsigned int scan_begin_arg;
2867 unsigned int convert_src;
2868 unsigned int convert_arg;
2869 unsigned int scan_end_src;
2870 unsigned int scan_end_arg;
2871 unsigned int stop_src;
2872 unsigned int stop_arg;
2873 compat_uptr_t chanlist; /* 32-bit 'unsigned int *' */
2874 unsigned int chanlist_len;
2875 compat_uptr_t data; /* 32-bit 'short *' */
2876 unsigned int data_len;
2877};
2878
2879struct comedi32_insn_struct {
2880 unsigned int insn;
2881 unsigned int n;
2882 compat_uptr_t data; /* 32-bit 'unsigned int *' */
2883 unsigned int subdev;
2884 unsigned int chanspec;
2885 unsigned int unused[3];
2886};
2887
2888struct comedi32_insnlist_struct {
2889 unsigned int n_insns;
2890 compat_uptr_t insns; /* 32-bit 'struct comedi_insn *' */
2891};
2892
2893/* Handle 32-bit COMEDI_CHANINFO ioctl. */
2894static int compat_chaninfo(struct file *file, unsigned long arg)
2895{
2896 struct comedi_file *cfp = file->private_data;
2897 struct comedi_device *dev = cfp->dev;
2898 struct comedi32_chaninfo_struct chaninfo32;
2899 struct comedi_chaninfo chaninfo;
2900 int err;
2901
2902 if (copy_from_user(&chaninfo32, compat_ptr(arg), sizeof(chaninfo32)))
2903 return -EFAULT;
2904
2905 memset(&chaninfo, 0, sizeof(chaninfo));
2906 chaninfo.subdev = chaninfo32.subdev;
2907 chaninfo.maxdata_list = compat_ptr(chaninfo32.maxdata_list);
2908 chaninfo.flaglist = compat_ptr(chaninfo32.flaglist);
2909 chaninfo.rangelist = compat_ptr(chaninfo32.rangelist);
2910
2911 mutex_lock(&dev->mutex);
2912 err = do_chaninfo_ioctl(dev, &chaninfo);
2913 mutex_unlock(&dev->mutex);
2914 return err;
2915}
2916
2917/* Handle 32-bit COMEDI_RANGEINFO ioctl. */
2918static int compat_rangeinfo(struct file *file, unsigned long arg)
2919{
2920 struct comedi_file *cfp = file->private_data;
2921 struct comedi_device *dev = cfp->dev;
2922 struct comedi32_rangeinfo_struct rangeinfo32;
2923 struct comedi_rangeinfo rangeinfo;
2924 int err;
2925
2926 if (copy_from_user(&rangeinfo32, compat_ptr(arg), sizeof(rangeinfo32)))
2927 return -EFAULT;
2928 memset(&rangeinfo, 0, sizeof(rangeinfo));
2929 rangeinfo.range_type = rangeinfo32.range_type;
2930 rangeinfo.range_ptr = compat_ptr(rangeinfo32.range_ptr);
2931
2932 mutex_lock(&dev->mutex);
2933 err = do_rangeinfo_ioctl(dev, &rangeinfo);
2934 mutex_unlock(&dev->mutex);
2935 return err;
2936}
2937
2938/* Copy 32-bit cmd structure to native cmd structure. */
2939static int get_compat_cmd(struct comedi_cmd *cmd,
2940 struct comedi32_cmd_struct __user *cmd32)
2941{
2942 struct comedi32_cmd_struct v32;
2943
2944 if (copy_from_user(&v32, cmd32, sizeof(v32)))
2945 return -EFAULT;
2946
2947 cmd->subdev = v32.subdev;
2948 cmd->flags = v32.flags;
2949 cmd->start_src = v32.start_src;
2950 cmd->start_arg = v32.start_arg;
2951 cmd->scan_begin_src = v32.scan_begin_src;
2952 cmd->scan_begin_arg = v32.scan_begin_arg;
2953 cmd->convert_src = v32.convert_src;
2954 cmd->convert_arg = v32.convert_arg;
2955 cmd->scan_end_src = v32.scan_end_src;
2956 cmd->scan_end_arg = v32.scan_end_arg;
2957 cmd->stop_src = v32.stop_src;
2958 cmd->stop_arg = v32.stop_arg;
2959 cmd->chanlist = (unsigned int __force *)compat_ptr(v32.chanlist);
2960 cmd->chanlist_len = v32.chanlist_len;
2961 cmd->data = compat_ptr(v32.data);
2962 cmd->data_len = v32.data_len;
2963 return 0;
2964}
2965
2966/* Copy native cmd structure to 32-bit cmd structure. */
2967static int put_compat_cmd(struct comedi32_cmd_struct __user *cmd32,
2968 struct comedi_cmd *cmd)
2969{
2970 struct comedi32_cmd_struct v32;
2971
2972 memset(&v32, 0, sizeof(v32));
2973 v32.subdev = cmd->subdev;
2974 v32.flags = cmd->flags;
2975 v32.start_src = cmd->start_src;
2976 v32.start_arg = cmd->start_arg;
2977 v32.scan_begin_src = cmd->scan_begin_src;
2978 v32.scan_begin_arg = cmd->scan_begin_arg;
2979 v32.convert_src = cmd->convert_src;
2980 v32.convert_arg = cmd->convert_arg;
2981 v32.scan_end_src = cmd->scan_end_src;
2982 v32.scan_end_arg = cmd->scan_end_arg;
2983 v32.stop_src = cmd->stop_src;
2984 v32.stop_arg = cmd->stop_arg;
2985 /* Assume chanlist pointer is unchanged. */
2986 v32.chanlist = ptr_to_compat((unsigned int __user *)cmd->chanlist);
2987 v32.chanlist_len = cmd->chanlist_len;
2988 v32.data = ptr_to_compat(cmd->data);
2989 v32.data_len = cmd->data_len;
2990 if (copy_to_user(cmd32, &v32, sizeof(v32)))
2991 return -EFAULT;
2992 return 0;
2993}
2994
2995/* Handle 32-bit COMEDI_CMD ioctl. */
2996static int compat_cmd(struct file *file, unsigned long arg)
2997{
2998 struct comedi_file *cfp = file->private_data;
2999 struct comedi_device *dev = cfp->dev;
3000 struct comedi_cmd cmd;
3001 bool copy = false;
3002 int rc, err;
3003
3004 rc = get_compat_cmd(&cmd, compat_ptr(arg));
3005 if (rc)
3006 return rc;
3007
3008 mutex_lock(&dev->mutex);
3009 rc = do_cmd_ioctl(dev, &cmd, ©, file);
3010 mutex_unlock(&dev->mutex);
3011 if (copy) {
3012 /* Special case: copy cmd back to user. */
3013 err = put_compat_cmd(compat_ptr(arg), &cmd);
3014 if (err)
3015 rc = err;
3016 }
3017 return rc;
3018}
3019
3020/* Handle 32-bit COMEDI_CMDTEST ioctl. */
3021static int compat_cmdtest(struct file *file, unsigned long arg)
3022{
3023 struct comedi_file *cfp = file->private_data;
3024 struct comedi_device *dev = cfp->dev;
3025 struct comedi_cmd cmd;
3026 bool copy = false;
3027 int rc, err;
3028
3029 rc = get_compat_cmd(&cmd, compat_ptr(arg));
3030 if (rc)
3031 return rc;
3032
3033 mutex_lock(&dev->mutex);
3034 rc = do_cmdtest_ioctl(dev, &cmd, ©, file);
3035 mutex_unlock(&dev->mutex);
3036 if (copy) {
3037 err = put_compat_cmd(compat_ptr(arg), &cmd);
3038 if (err)
3039 rc = err;
3040 }
3041 return rc;
3042}
3043
3044/* Copy 32-bit insn structure to native insn structure. */
3045static int get_compat_insn(struct comedi_insn *insn,
3046 struct comedi32_insn_struct __user *insn32)
3047{
3048 struct comedi32_insn_struct v32;
3049
3050 /* Copy insn structure. Ignore the unused members. */
3051 if (copy_from_user(&v32, insn32, sizeof(v32)))
3052 return -EFAULT;
3053 memset(insn, 0, sizeof(*insn));
3054 insn->insn = v32.insn;
3055 insn->n = v32.n;
3056 insn->data = compat_ptr(v32.data);
3057 insn->subdev = v32.subdev;
3058 insn->chanspec = v32.chanspec;
3059 return 0;
3060}
3061
3062/* Handle 32-bit COMEDI_INSNLIST ioctl. */
3063static int compat_insnlist(struct file *file, unsigned long arg)
3064{
3065 struct comedi_file *cfp = file->private_data;
3066 struct comedi_device *dev = cfp->dev;
3067 struct comedi32_insnlist_struct insnlist32;
3068 struct comedi32_insn_struct __user *insn32;
3069 struct comedi_insn *insns;
3070 unsigned int n;
3071 int rc;
3072
3073 if (copy_from_user(&insnlist32, compat_ptr(arg), sizeof(insnlist32)))
3074 return -EFAULT;
3075
3076 insns = kcalloc(insnlist32.n_insns, sizeof(*insns), GFP_KERNEL);
3077 if (!insns)
3078 return -ENOMEM;
3079
3080 /* Copy insn structures. */
3081 insn32 = compat_ptr(insnlist32.insns);
3082 for (n = 0; n < insnlist32.n_insns; n++) {
3083 rc = get_compat_insn(insns + n, insn32 + n);
3084 if (rc) {
3085 kfree(insns);
3086 return rc;
3087 }
3088 }
3089
3090 mutex_lock(&dev->mutex);
3091 rc = do_insnlist_ioctl(dev, insns, insnlist32.n_insns, file);
3092 mutex_unlock(&dev->mutex);
3093 kfree(insns);
3094 return rc;
3095}
3096
3097/* Handle 32-bit COMEDI_INSN ioctl. */
3098static int compat_insn(struct file *file, unsigned long arg)
3099{
3100 struct comedi_file *cfp = file->private_data;
3101 struct comedi_device *dev = cfp->dev;
3102 struct comedi_insn insn;
3103 int rc;
3104
3105 rc = get_compat_insn(&insn, (void __user *)arg);
3106 if (rc)
3107 return rc;
3108
3109 mutex_lock(&dev->mutex);
3110 rc = do_insn_ioctl(dev, &insn, file);
3111 mutex_unlock(&dev->mutex);
3112 return rc;
3113}
3114
3115/*
3116 * compat_ioctl file operation.
3117 *
3118 * Returns -ENOIOCTLCMD for unrecognised ioctl codes.
3119 */
3120static long comedi_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
3121{
3122 int rc;
3123
3124 switch (cmd) {
3125 case COMEDI_DEVCONFIG:
3126 case COMEDI_DEVINFO:
3127 case COMEDI_SUBDINFO:
3128 case COMEDI_BUFCONFIG:
3129 case COMEDI_BUFINFO:
3130 /* Just need to translate the pointer argument. */
3131 arg = (unsigned long)compat_ptr(arg);
3132 rc = comedi_unlocked_ioctl(file, cmd, arg);
3133 break;
3134 case COMEDI_LOCK:
3135 case COMEDI_UNLOCK:
3136 case COMEDI_CANCEL:
3137 case COMEDI_POLL:
3138 case COMEDI_SETRSUBD:
3139 case COMEDI_SETWSUBD:
3140 /* No translation needed. */
3141 rc = comedi_unlocked_ioctl(file, cmd, arg);
3142 break;
3143 case COMEDI32_CHANINFO:
3144 rc = compat_chaninfo(file, arg);
3145 break;
3146 case COMEDI32_RANGEINFO:
3147 rc = compat_rangeinfo(file, arg);
3148 break;
3149 case COMEDI32_CMD:
3150 rc = compat_cmd(file, arg);
3151 break;
3152 case COMEDI32_CMDTEST:
3153 rc = compat_cmdtest(file, arg);
3154 break;
3155 case COMEDI32_INSNLIST:
3156 rc = compat_insnlist(file, arg);
3157 break;
3158 case COMEDI32_INSN:
3159 rc = compat_insn(file, arg);
3160 break;
3161 default:
3162 rc = -ENOIOCTLCMD;
3163 break;
3164 }
3165 return rc;
3166}
3167#else
3168#define comedi_compat_ioctl NULL
3169#endif
3170
3171static const struct file_operations comedi_fops = {
3172 .owner = THIS_MODULE,
3173 .unlocked_ioctl = comedi_unlocked_ioctl,
3174 .compat_ioctl = comedi_compat_ioctl,
3175 .open = comedi_open,
3176 .release = comedi_close,
3177 .read = comedi_read,
3178 .write = comedi_write,
3179 .mmap = comedi_mmap,
3180 .poll = comedi_poll,
3181 .fasync = comedi_fasync,
3182 .llseek = noop_llseek,
3183};
3184
3185/**
3186 * comedi_event() - Handle events for asynchronous COMEDI command
3187 * @dev: COMEDI device.
3188 * @s: COMEDI subdevice.
3189 * Context: in_interrupt() (usually), @s->spin_lock spin-lock not held.
3190 *
3191 * If an asynchronous COMEDI command is active on the subdevice, process
3192 * any %COMEDI_CB_... event flags that have been set, usually by an
3193 * interrupt handler. These may change the run state of the asynchronous
3194 * command, wake a task, and/or send a %SIGIO signal.
3195 */
3196void comedi_event(struct comedi_device *dev, struct comedi_subdevice *s)
3197{
3198 struct comedi_async *async = s->async;
3199 unsigned int events;
3200 int si_code = 0;
3201 unsigned long flags;
3202
3203 spin_lock_irqsave(&s->spin_lock, flags);
3204
3205 events = async->events;
3206 async->events = 0;
3207 if (!__comedi_is_subdevice_running(s)) {
3208 spin_unlock_irqrestore(&s->spin_lock, flags);
3209 return;
3210 }
3211
3212 if (events & COMEDI_CB_CANCEL_MASK)
3213 __comedi_clear_subdevice_runflags(s, COMEDI_SRF_RUNNING);
3214
3215 /*
3216 * Remember if an error event has occurred, so an error can be
3217 * returned the next time the user does a read() or write().
3218 */
3219 if (events & COMEDI_CB_ERROR_MASK)
3220 __comedi_set_subdevice_runflags(s, COMEDI_SRF_ERROR);
3221
3222 if (async->cb_mask & events) {
3223 wake_up_interruptible(&async->wait_head);
3224 si_code = async->cmd.flags & CMDF_WRITE ? POLL_OUT : POLL_IN;
3225 }
3226
3227 spin_unlock_irqrestore(&s->spin_lock, flags);
3228
3229 if (si_code)
3230 kill_fasync(&dev->async_queue, SIGIO, si_code);
3231}
3232EXPORT_SYMBOL_GPL(comedi_event);
3233
3234/* Note: the ->mutex is pre-locked on successful return */
3235struct comedi_device *comedi_alloc_board_minor(struct device *hardware_device)
3236{
3237 struct comedi_device *dev;
3238 struct device *csdev;
3239 unsigned int i;
3240
3241 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3242 if (!dev)
3243 return ERR_PTR(-ENOMEM);
3244 comedi_device_init(dev);
3245 comedi_set_hw_dev(dev, hardware_device);
3246 mutex_lock(&dev->mutex);
3247 mutex_lock(&comedi_board_minor_table_lock);
3248 for (i = hardware_device ? comedi_num_legacy_minors : 0;
3249 i < COMEDI_NUM_BOARD_MINORS; ++i) {
3250 if (!comedi_board_minor_table[i]) {
3251 comedi_board_minor_table[i] = dev;
3252 break;
3253 }
3254 }
3255 mutex_unlock(&comedi_board_minor_table_lock);
3256 if (i == COMEDI_NUM_BOARD_MINORS) {
3257 mutex_unlock(&dev->mutex);
3258 comedi_device_cleanup(dev);
3259 comedi_dev_put(dev);
3260 dev_err(hardware_device,
3261 "ran out of minor numbers for board device files\n");
3262 return ERR_PTR(-EBUSY);
3263 }
3264 dev->minor = i;
3265 csdev = device_create(comedi_class, hardware_device,
3266 MKDEV(COMEDI_MAJOR, i), NULL, "comedi%i", i);
3267 if (!IS_ERR(csdev))
3268 dev->class_dev = get_device(csdev);
3269
3270 /* Note: dev->mutex needs to be unlocked by the caller. */
3271 return dev;
3272}
3273
3274void comedi_release_hardware_device(struct device *hardware_device)
3275{
3276 int minor;
3277 struct comedi_device *dev;
3278
3279 for (minor = comedi_num_legacy_minors; minor < COMEDI_NUM_BOARD_MINORS;
3280 minor++) {
3281 mutex_lock(&comedi_board_minor_table_lock);
3282 dev = comedi_board_minor_table[minor];
3283 if (dev && dev->hw_dev == hardware_device) {
3284 comedi_board_minor_table[minor] = NULL;
3285 mutex_unlock(&comedi_board_minor_table_lock);
3286 comedi_free_board_dev(dev);
3287 break;
3288 }
3289 mutex_unlock(&comedi_board_minor_table_lock);
3290 }
3291}
3292
3293int comedi_alloc_subdevice_minor(struct comedi_subdevice *s)
3294{
3295 struct comedi_device *dev = s->device;
3296 struct device *csdev;
3297 unsigned int i;
3298
3299 mutex_lock(&comedi_subdevice_minor_table_lock);
3300 for (i = 0; i < COMEDI_NUM_SUBDEVICE_MINORS; ++i) {
3301 if (!comedi_subdevice_minor_table[i]) {
3302 comedi_subdevice_minor_table[i] = s;
3303 break;
3304 }
3305 }
3306 mutex_unlock(&comedi_subdevice_minor_table_lock);
3307 if (i == COMEDI_NUM_SUBDEVICE_MINORS) {
3308 dev_err(dev->class_dev,
3309 "ran out of minor numbers for subdevice files\n");
3310 return -EBUSY;
3311 }
3312 i += COMEDI_NUM_BOARD_MINORS;
3313 s->minor = i;
3314 csdev = device_create(comedi_class, dev->class_dev,
3315 MKDEV(COMEDI_MAJOR, i), NULL, "comedi%i_subd%i",
3316 dev->minor, s->index);
3317 if (!IS_ERR(csdev))
3318 s->class_dev = csdev;
3319
3320 return 0;
3321}
3322
3323void comedi_free_subdevice_minor(struct comedi_subdevice *s)
3324{
3325 unsigned int i;
3326
3327 if (!s)
3328 return;
3329 if (s->minor < COMEDI_NUM_BOARD_MINORS ||
3330 s->minor >= COMEDI_NUM_MINORS)
3331 return;
3332
3333 i = s->minor - COMEDI_NUM_BOARD_MINORS;
3334 mutex_lock(&comedi_subdevice_minor_table_lock);
3335 if (s == comedi_subdevice_minor_table[i])
3336 comedi_subdevice_minor_table[i] = NULL;
3337 mutex_unlock(&comedi_subdevice_minor_table_lock);
3338 if (s->class_dev) {
3339 device_destroy(comedi_class, MKDEV(COMEDI_MAJOR, s->minor));
3340 s->class_dev = NULL;
3341 }
3342}
3343
3344static void comedi_cleanup_board_minors(void)
3345{
3346 struct comedi_device *dev;
3347 unsigned int i;
3348
3349 for (i = 0; i < COMEDI_NUM_BOARD_MINORS; i++) {
3350 dev = comedi_clear_board_minor(i);
3351 comedi_free_board_dev(dev);
3352 }
3353}
3354
3355static int __init comedi_init(void)
3356{
3357 int i;
3358 int retval;
3359
3360 pr_info("version " COMEDI_RELEASE " - http://www.comedi.org\n");
3361
3362 if (comedi_num_legacy_minors > COMEDI_NUM_BOARD_MINORS) {
3363 pr_err("invalid value for module parameter \"comedi_num_legacy_minors\". Valid values are 0 through %i.\n",
3364 COMEDI_NUM_BOARD_MINORS);
3365 return -EINVAL;
3366 }
3367
3368 retval = register_chrdev_region(MKDEV(COMEDI_MAJOR, 0),
3369 COMEDI_NUM_MINORS, "comedi");
3370 if (retval)
3371 return retval;
3372
3373 cdev_init(&comedi_cdev, &comedi_fops);
3374 comedi_cdev.owner = THIS_MODULE;
3375
3376 retval = kobject_set_name(&comedi_cdev.kobj, "comedi");
3377 if (retval)
3378 goto out_unregister_chrdev_region;
3379
3380 retval = cdev_add(&comedi_cdev, MKDEV(COMEDI_MAJOR, 0),
3381 COMEDI_NUM_MINORS);
3382 if (retval)
3383 goto out_unregister_chrdev_region;
3384
3385 comedi_class = class_create(THIS_MODULE, "comedi");
3386 if (IS_ERR(comedi_class)) {
3387 retval = PTR_ERR(comedi_class);
3388 pr_err("failed to create class\n");
3389 goto out_cdev_del;
3390 }
3391
3392 comedi_class->dev_groups = comedi_dev_groups;
3393
3394 /* create devices files for legacy/manual use */
3395 for (i = 0; i < comedi_num_legacy_minors; i++) {
3396 struct comedi_device *dev;
3397
3398 dev = comedi_alloc_board_minor(NULL);
3399 if (IS_ERR(dev)) {
3400 retval = PTR_ERR(dev);
3401 goto out_cleanup_board_minors;
3402 }
3403 /* comedi_alloc_board_minor() locked the mutex */
3404 lockdep_assert_held(&dev->mutex);
3405 mutex_unlock(&dev->mutex);
3406 }
3407
3408 /* XXX requires /proc interface */
3409 comedi_proc_init();
3410
3411 return 0;
3412
3413out_cleanup_board_minors:
3414 comedi_cleanup_board_minors();
3415 class_destroy(comedi_class);
3416out_cdev_del:
3417 cdev_del(&comedi_cdev);
3418out_unregister_chrdev_region:
3419 unregister_chrdev_region(MKDEV(COMEDI_MAJOR, 0), COMEDI_NUM_MINORS);
3420 return retval;
3421}
3422module_init(comedi_init);
3423
3424static void __exit comedi_cleanup(void)
3425{
3426 comedi_cleanup_board_minors();
3427 class_destroy(comedi_class);
3428 cdev_del(&comedi_cdev);
3429 unregister_chrdev_region(MKDEV(COMEDI_MAJOR, 0), COMEDI_NUM_MINORS);
3430
3431 comedi_proc_cleanup();
3432}
3433module_exit(comedi_cleanup);
3434
3435MODULE_AUTHOR("https://www.comedi.org");
3436MODULE_DESCRIPTION("Comedi core module");
3437MODULE_LICENSE("GPL");
1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * comedi/comedi_fops.c
4 * comedi kernel module
5 *
6 * COMEDI - Linux Control and Measurement Device Interface
7 * Copyright (C) 1997-2007 David A. Schleef <ds@schleef.org>
8 * compat ioctls:
9 * Author: Ian Abbott, MEV Ltd. <abbotti@mev.co.uk>
10 * Copyright (C) 2007 MEV Ltd. <http://www.mev.co.uk/>
11 */
12
13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
15#include <linux/module.h>
16#include <linux/errno.h>
17#include <linux/kernel.h>
18#include <linux/sched/signal.h>
19#include <linux/fcntl.h>
20#include <linux/delay.h>
21#include <linux/mm.h>
22#include <linux/slab.h>
23#include <linux/poll.h>
24#include <linux/device.h>
25#include <linux/fs.h>
26#include <linux/comedi/comedidev.h>
27#include <linux/cdev.h>
28
29#include <linux/io.h>
30#include <linux/uaccess.h>
31#include <linux/compat.h>
32
33#include "comedi_internal.h"
34
35/*
36 * comedi_subdevice "runflags"
37 * COMEDI_SRF_RT: DEPRECATED: command is running real-time
38 * COMEDI_SRF_ERROR: indicates an COMEDI_CB_ERROR event has occurred
39 * since the last command was started
40 * COMEDI_SRF_RUNNING: command is running
41 * COMEDI_SRF_FREE_SPRIV: free s->private on detach
42 *
43 * COMEDI_SRF_BUSY_MASK: runflags that indicate the subdevice is "busy"
44 */
45#define COMEDI_SRF_RT BIT(1)
46#define COMEDI_SRF_ERROR BIT(2)
47#define COMEDI_SRF_RUNNING BIT(27)
48#define COMEDI_SRF_FREE_SPRIV BIT(31)
49
50#define COMEDI_SRF_BUSY_MASK (COMEDI_SRF_ERROR | COMEDI_SRF_RUNNING)
51
52/**
53 * struct comedi_file - Per-file private data for COMEDI device
54 * @dev: COMEDI device.
55 * @read_subdev: Current "read" subdevice.
56 * @write_subdev: Current "write" subdevice.
57 * @last_detach_count: Last known detach count.
58 * @last_attached: Last known attached/detached state.
59 */
60struct comedi_file {
61 struct comedi_device *dev;
62 struct comedi_subdevice *read_subdev;
63 struct comedi_subdevice *write_subdev;
64 unsigned int last_detach_count;
65 unsigned int last_attached:1;
66};
67
68#define COMEDI_NUM_MINORS 0x100
69#define COMEDI_NUM_SUBDEVICE_MINORS \
70 (COMEDI_NUM_MINORS - COMEDI_NUM_BOARD_MINORS)
71
72static unsigned short comedi_num_legacy_minors;
73module_param(comedi_num_legacy_minors, ushort, 0444);
74MODULE_PARM_DESC(comedi_num_legacy_minors,
75 "number of comedi minor devices to reserve for non-auto-configured devices (default 0)"
76 );
77
78unsigned int comedi_default_buf_size_kb = CONFIG_COMEDI_DEFAULT_BUF_SIZE_KB;
79module_param(comedi_default_buf_size_kb, uint, 0644);
80MODULE_PARM_DESC(comedi_default_buf_size_kb,
81 "default asynchronous buffer size in KiB (default "
82 __MODULE_STRING(CONFIG_COMEDI_DEFAULT_BUF_SIZE_KB) ")");
83
84unsigned int comedi_default_buf_maxsize_kb =
85 CONFIG_COMEDI_DEFAULT_BUF_MAXSIZE_KB;
86module_param(comedi_default_buf_maxsize_kb, uint, 0644);
87MODULE_PARM_DESC(comedi_default_buf_maxsize_kb,
88 "default maximum size of asynchronous buffer in KiB (default "
89 __MODULE_STRING(CONFIG_COMEDI_DEFAULT_BUF_MAXSIZE_KB) ")");
90
91static DEFINE_MUTEX(comedi_board_minor_table_lock);
92static struct comedi_device
93*comedi_board_minor_table[COMEDI_NUM_BOARD_MINORS];
94
95static DEFINE_MUTEX(comedi_subdevice_minor_table_lock);
96/* Note: indexed by minor - COMEDI_NUM_BOARD_MINORS. */
97static struct comedi_subdevice
98*comedi_subdevice_minor_table[COMEDI_NUM_SUBDEVICE_MINORS];
99
100static struct cdev comedi_cdev;
101
102static void comedi_device_init(struct comedi_device *dev)
103{
104 kref_init(&dev->refcount);
105 spin_lock_init(&dev->spinlock);
106 mutex_init(&dev->mutex);
107 init_rwsem(&dev->attach_lock);
108 dev->minor = -1;
109}
110
111static void comedi_dev_kref_release(struct kref *kref)
112{
113 struct comedi_device *dev =
114 container_of(kref, struct comedi_device, refcount);
115
116 mutex_destroy(&dev->mutex);
117 put_device(dev->class_dev);
118 kfree(dev);
119}
120
121/**
122 * comedi_dev_put() - Release a use of a COMEDI device
123 * @dev: COMEDI device.
124 *
125 * Must be called when a user of a COMEDI device is finished with it.
126 * When the last user of the COMEDI device calls this function, the
127 * COMEDI device is destroyed.
128 *
129 * Return: 1 if the COMEDI device is destroyed by this call or @dev is
130 * NULL, otherwise return 0. Callers must not assume the COMEDI
131 * device is still valid if this function returns 0.
132 */
133int comedi_dev_put(struct comedi_device *dev)
134{
135 if (dev)
136 return kref_put(&dev->refcount, comedi_dev_kref_release);
137 return 1;
138}
139EXPORT_SYMBOL_GPL(comedi_dev_put);
140
141static struct comedi_device *comedi_dev_get(struct comedi_device *dev)
142{
143 if (dev)
144 kref_get(&dev->refcount);
145 return dev;
146}
147
148static void comedi_device_cleanup(struct comedi_device *dev)
149{
150 struct module *driver_module = NULL;
151
152 if (!dev)
153 return;
154 mutex_lock(&dev->mutex);
155 if (dev->attached)
156 driver_module = dev->driver->module;
157 comedi_device_detach(dev);
158 if (driver_module && dev->use_count)
159 module_put(driver_module);
160 mutex_unlock(&dev->mutex);
161}
162
163static bool comedi_clear_board_dev(struct comedi_device *dev)
164{
165 unsigned int i = dev->minor;
166 bool cleared = false;
167
168 lockdep_assert_held(&dev->mutex);
169 mutex_lock(&comedi_board_minor_table_lock);
170 if (dev == comedi_board_minor_table[i]) {
171 comedi_board_minor_table[i] = NULL;
172 cleared = true;
173 }
174 mutex_unlock(&comedi_board_minor_table_lock);
175 return cleared;
176}
177
178static struct comedi_device *comedi_clear_board_minor(unsigned int minor)
179{
180 struct comedi_device *dev;
181
182 mutex_lock(&comedi_board_minor_table_lock);
183 dev = comedi_board_minor_table[minor];
184 comedi_board_minor_table[minor] = NULL;
185 mutex_unlock(&comedi_board_minor_table_lock);
186 return dev;
187}
188
189static struct comedi_subdevice *
190comedi_subdevice_from_minor(const struct comedi_device *dev, unsigned int minor)
191{
192 struct comedi_subdevice *s;
193 unsigned int i = minor - COMEDI_NUM_BOARD_MINORS;
194
195 mutex_lock(&comedi_subdevice_minor_table_lock);
196 s = comedi_subdevice_minor_table[i];
197 if (s && s->device != dev)
198 s = NULL;
199 mutex_unlock(&comedi_subdevice_minor_table_lock);
200 return s;
201}
202
203static struct comedi_device *comedi_dev_get_from_board_minor(unsigned int minor)
204{
205 struct comedi_device *dev;
206
207 mutex_lock(&comedi_board_minor_table_lock);
208 dev = comedi_dev_get(comedi_board_minor_table[minor]);
209 mutex_unlock(&comedi_board_minor_table_lock);
210 return dev;
211}
212
213static struct comedi_device *
214comedi_dev_get_from_subdevice_minor(unsigned int minor)
215{
216 struct comedi_device *dev;
217 struct comedi_subdevice *s;
218 unsigned int i = minor - COMEDI_NUM_BOARD_MINORS;
219
220 mutex_lock(&comedi_subdevice_minor_table_lock);
221 s = comedi_subdevice_minor_table[i];
222 dev = comedi_dev_get(s ? s->device : NULL);
223 mutex_unlock(&comedi_subdevice_minor_table_lock);
224 return dev;
225}
226
227/**
228 * comedi_dev_get_from_minor() - Get COMEDI device by minor device number
229 * @minor: Minor device number.
230 *
231 * Finds the COMEDI device associated with the minor device number, if any,
232 * and increments its reference count. The COMEDI device is prevented from
233 * being freed until a matching call is made to comedi_dev_put().
234 *
235 * Return: A pointer to the COMEDI device if it exists, with its usage
236 * reference incremented. Return NULL if no COMEDI device exists with the
237 * specified minor device number.
238 */
239struct comedi_device *comedi_dev_get_from_minor(unsigned int minor)
240{
241 if (minor < COMEDI_NUM_BOARD_MINORS)
242 return comedi_dev_get_from_board_minor(minor);
243
244 return comedi_dev_get_from_subdevice_minor(minor);
245}
246EXPORT_SYMBOL_GPL(comedi_dev_get_from_minor);
247
248static struct comedi_subdevice *
249comedi_read_subdevice(const struct comedi_device *dev, unsigned int minor)
250{
251 struct comedi_subdevice *s;
252
253 lockdep_assert_held(&dev->mutex);
254 if (minor >= COMEDI_NUM_BOARD_MINORS) {
255 s = comedi_subdevice_from_minor(dev, minor);
256 if (!s || (s->subdev_flags & SDF_CMD_READ))
257 return s;
258 }
259 return dev->read_subdev;
260}
261
262static struct comedi_subdevice *
263comedi_write_subdevice(const struct comedi_device *dev, unsigned int minor)
264{
265 struct comedi_subdevice *s;
266
267 lockdep_assert_held(&dev->mutex);
268 if (minor >= COMEDI_NUM_BOARD_MINORS) {
269 s = comedi_subdevice_from_minor(dev, minor);
270 if (!s || (s->subdev_flags & SDF_CMD_WRITE))
271 return s;
272 }
273 return dev->write_subdev;
274}
275
276static void comedi_file_reset(struct file *file)
277{
278 struct comedi_file *cfp = file->private_data;
279 struct comedi_device *dev = cfp->dev;
280 struct comedi_subdevice *s, *read_s, *write_s;
281 unsigned int minor = iminor(file_inode(file));
282
283 read_s = dev->read_subdev;
284 write_s = dev->write_subdev;
285 if (minor >= COMEDI_NUM_BOARD_MINORS) {
286 s = comedi_subdevice_from_minor(dev, minor);
287 if (!s || s->subdev_flags & SDF_CMD_READ)
288 read_s = s;
289 if (!s || s->subdev_flags & SDF_CMD_WRITE)
290 write_s = s;
291 }
292 cfp->last_attached = dev->attached;
293 cfp->last_detach_count = dev->detach_count;
294 WRITE_ONCE(cfp->read_subdev, read_s);
295 WRITE_ONCE(cfp->write_subdev, write_s);
296}
297
298static void comedi_file_check(struct file *file)
299{
300 struct comedi_file *cfp = file->private_data;
301 struct comedi_device *dev = cfp->dev;
302
303 if (cfp->last_attached != dev->attached ||
304 cfp->last_detach_count != dev->detach_count)
305 comedi_file_reset(file);
306}
307
308static struct comedi_subdevice *comedi_file_read_subdevice(struct file *file)
309{
310 struct comedi_file *cfp = file->private_data;
311
312 comedi_file_check(file);
313 return READ_ONCE(cfp->read_subdev);
314}
315
316static struct comedi_subdevice *comedi_file_write_subdevice(struct file *file)
317{
318 struct comedi_file *cfp = file->private_data;
319
320 comedi_file_check(file);
321 return READ_ONCE(cfp->write_subdev);
322}
323
324static int resize_async_buffer(struct comedi_device *dev,
325 struct comedi_subdevice *s,
326 unsigned int new_size)
327{
328 struct comedi_async *async = s->async;
329 int retval;
330
331 lockdep_assert_held(&dev->mutex);
332
333 if (new_size > async->max_bufsize)
334 return -EPERM;
335
336 if (s->busy) {
337 dev_dbg(dev->class_dev,
338 "subdevice is busy, cannot resize buffer\n");
339 return -EBUSY;
340 }
341 if (comedi_buf_is_mmapped(s)) {
342 dev_dbg(dev->class_dev,
343 "subdevice is mmapped, cannot resize buffer\n");
344 return -EBUSY;
345 }
346
347 /* make sure buffer is an integral number of pages (we round up) */
348 new_size = (new_size + PAGE_SIZE - 1) & PAGE_MASK;
349
350 retval = comedi_buf_alloc(dev, s, new_size);
351 if (retval < 0)
352 return retval;
353
354 if (s->buf_change) {
355 retval = s->buf_change(dev, s);
356 if (retval < 0)
357 return retval;
358 }
359
360 dev_dbg(dev->class_dev, "subd %d buffer resized to %i bytes\n",
361 s->index, async->prealloc_bufsz);
362 return 0;
363}
364
365/* sysfs attribute files */
366
367static ssize_t max_read_buffer_kb_show(struct device *csdev,
368 struct device_attribute *attr, char *buf)
369{
370 unsigned int minor = MINOR(csdev->devt);
371 struct comedi_device *dev;
372 struct comedi_subdevice *s;
373 unsigned int size = 0;
374
375 dev = comedi_dev_get_from_minor(minor);
376 if (!dev)
377 return -ENODEV;
378
379 mutex_lock(&dev->mutex);
380 s = comedi_read_subdevice(dev, minor);
381 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async)
382 size = s->async->max_bufsize / 1024;
383 mutex_unlock(&dev->mutex);
384
385 comedi_dev_put(dev);
386 return sysfs_emit(buf, "%u\n", size);
387}
388
389static ssize_t max_read_buffer_kb_store(struct device *csdev,
390 struct device_attribute *attr,
391 const char *buf, size_t count)
392{
393 unsigned int minor = MINOR(csdev->devt);
394 struct comedi_device *dev;
395 struct comedi_subdevice *s;
396 unsigned int size;
397 int err;
398
399 err = kstrtouint(buf, 10, &size);
400 if (err)
401 return err;
402 if (size > (UINT_MAX / 1024))
403 return -EINVAL;
404 size *= 1024;
405
406 dev = comedi_dev_get_from_minor(minor);
407 if (!dev)
408 return -ENODEV;
409
410 mutex_lock(&dev->mutex);
411 s = comedi_read_subdevice(dev, minor);
412 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async)
413 s->async->max_bufsize = size;
414 else
415 err = -EINVAL;
416 mutex_unlock(&dev->mutex);
417
418 comedi_dev_put(dev);
419 return err ? err : count;
420}
421static DEVICE_ATTR_RW(max_read_buffer_kb);
422
423static ssize_t read_buffer_kb_show(struct device *csdev,
424 struct device_attribute *attr, char *buf)
425{
426 unsigned int minor = MINOR(csdev->devt);
427 struct comedi_device *dev;
428 struct comedi_subdevice *s;
429 unsigned int size = 0;
430
431 dev = comedi_dev_get_from_minor(minor);
432 if (!dev)
433 return -ENODEV;
434
435 mutex_lock(&dev->mutex);
436 s = comedi_read_subdevice(dev, minor);
437 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async)
438 size = s->async->prealloc_bufsz / 1024;
439 mutex_unlock(&dev->mutex);
440
441 comedi_dev_put(dev);
442 return sysfs_emit(buf, "%u\n", size);
443}
444
445static ssize_t read_buffer_kb_store(struct device *csdev,
446 struct device_attribute *attr,
447 const char *buf, size_t count)
448{
449 unsigned int minor = MINOR(csdev->devt);
450 struct comedi_device *dev;
451 struct comedi_subdevice *s;
452 unsigned int size;
453 int err;
454
455 err = kstrtouint(buf, 10, &size);
456 if (err)
457 return err;
458 if (size > (UINT_MAX / 1024))
459 return -EINVAL;
460 size *= 1024;
461
462 dev = comedi_dev_get_from_minor(minor);
463 if (!dev)
464 return -ENODEV;
465
466 mutex_lock(&dev->mutex);
467 s = comedi_read_subdevice(dev, minor);
468 if (s && (s->subdev_flags & SDF_CMD_READ) && s->async)
469 err = resize_async_buffer(dev, s, size);
470 else
471 err = -EINVAL;
472 mutex_unlock(&dev->mutex);
473
474 comedi_dev_put(dev);
475 return err ? err : count;
476}
477static DEVICE_ATTR_RW(read_buffer_kb);
478
479static ssize_t max_write_buffer_kb_show(struct device *csdev,
480 struct device_attribute *attr,
481 char *buf)
482{
483 unsigned int minor = MINOR(csdev->devt);
484 struct comedi_device *dev;
485 struct comedi_subdevice *s;
486 unsigned int size = 0;
487
488 dev = comedi_dev_get_from_minor(minor);
489 if (!dev)
490 return -ENODEV;
491
492 mutex_lock(&dev->mutex);
493 s = comedi_write_subdevice(dev, minor);
494 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async)
495 size = s->async->max_bufsize / 1024;
496 mutex_unlock(&dev->mutex);
497
498 comedi_dev_put(dev);
499 return sysfs_emit(buf, "%u\n", size);
500}
501
502static ssize_t max_write_buffer_kb_store(struct device *csdev,
503 struct device_attribute *attr,
504 const char *buf, size_t count)
505{
506 unsigned int minor = MINOR(csdev->devt);
507 struct comedi_device *dev;
508 struct comedi_subdevice *s;
509 unsigned int size;
510 int err;
511
512 err = kstrtouint(buf, 10, &size);
513 if (err)
514 return err;
515 if (size > (UINT_MAX / 1024))
516 return -EINVAL;
517 size *= 1024;
518
519 dev = comedi_dev_get_from_minor(minor);
520 if (!dev)
521 return -ENODEV;
522
523 mutex_lock(&dev->mutex);
524 s = comedi_write_subdevice(dev, minor);
525 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async)
526 s->async->max_bufsize = size;
527 else
528 err = -EINVAL;
529 mutex_unlock(&dev->mutex);
530
531 comedi_dev_put(dev);
532 return err ? err : count;
533}
534static DEVICE_ATTR_RW(max_write_buffer_kb);
535
536static ssize_t write_buffer_kb_show(struct device *csdev,
537 struct device_attribute *attr, char *buf)
538{
539 unsigned int minor = MINOR(csdev->devt);
540 struct comedi_device *dev;
541 struct comedi_subdevice *s;
542 unsigned int size = 0;
543
544 dev = comedi_dev_get_from_minor(minor);
545 if (!dev)
546 return -ENODEV;
547
548 mutex_lock(&dev->mutex);
549 s = comedi_write_subdevice(dev, minor);
550 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async)
551 size = s->async->prealloc_bufsz / 1024;
552 mutex_unlock(&dev->mutex);
553
554 comedi_dev_put(dev);
555 return sysfs_emit(buf, "%u\n", size);
556}
557
558static ssize_t write_buffer_kb_store(struct device *csdev,
559 struct device_attribute *attr,
560 const char *buf, size_t count)
561{
562 unsigned int minor = MINOR(csdev->devt);
563 struct comedi_device *dev;
564 struct comedi_subdevice *s;
565 unsigned int size;
566 int err;
567
568 err = kstrtouint(buf, 10, &size);
569 if (err)
570 return err;
571 if (size > (UINT_MAX / 1024))
572 return -EINVAL;
573 size *= 1024;
574
575 dev = comedi_dev_get_from_minor(minor);
576 if (!dev)
577 return -ENODEV;
578
579 mutex_lock(&dev->mutex);
580 s = comedi_write_subdevice(dev, minor);
581 if (s && (s->subdev_flags & SDF_CMD_WRITE) && s->async)
582 err = resize_async_buffer(dev, s, size);
583 else
584 err = -EINVAL;
585 mutex_unlock(&dev->mutex);
586
587 comedi_dev_put(dev);
588 return err ? err : count;
589}
590static DEVICE_ATTR_RW(write_buffer_kb);
591
592static struct attribute *comedi_dev_attrs[] = {
593 &dev_attr_max_read_buffer_kb.attr,
594 &dev_attr_read_buffer_kb.attr,
595 &dev_attr_max_write_buffer_kb.attr,
596 &dev_attr_write_buffer_kb.attr,
597 NULL,
598};
599ATTRIBUTE_GROUPS(comedi_dev);
600
601static const struct class comedi_class = {
602 .name = "comedi",
603 .dev_groups = comedi_dev_groups,
604};
605
606static void comedi_free_board_dev(struct comedi_device *dev)
607{
608 if (dev) {
609 comedi_device_cleanup(dev);
610 if (dev->class_dev) {
611 device_destroy(&comedi_class,
612 MKDEV(COMEDI_MAJOR, dev->minor));
613 }
614 comedi_dev_put(dev);
615 }
616}
617
618static void __comedi_clear_subdevice_runflags(struct comedi_subdevice *s,
619 unsigned int bits)
620{
621 s->runflags &= ~bits;
622}
623
624static void __comedi_set_subdevice_runflags(struct comedi_subdevice *s,
625 unsigned int bits)
626{
627 s->runflags |= bits;
628}
629
630static void comedi_update_subdevice_runflags(struct comedi_subdevice *s,
631 unsigned int mask,
632 unsigned int bits)
633{
634 unsigned long flags;
635
636 spin_lock_irqsave(&s->spin_lock, flags);
637 __comedi_clear_subdevice_runflags(s, mask);
638 __comedi_set_subdevice_runflags(s, bits & mask);
639 spin_unlock_irqrestore(&s->spin_lock, flags);
640}
641
642static unsigned int __comedi_get_subdevice_runflags(struct comedi_subdevice *s)
643{
644 return s->runflags;
645}
646
647static unsigned int comedi_get_subdevice_runflags(struct comedi_subdevice *s)
648{
649 unsigned long flags;
650 unsigned int runflags;
651
652 spin_lock_irqsave(&s->spin_lock, flags);
653 runflags = __comedi_get_subdevice_runflags(s);
654 spin_unlock_irqrestore(&s->spin_lock, flags);
655 return runflags;
656}
657
658static bool comedi_is_runflags_running(unsigned int runflags)
659{
660 return runflags & COMEDI_SRF_RUNNING;
661}
662
663static bool comedi_is_runflags_in_error(unsigned int runflags)
664{
665 return runflags & COMEDI_SRF_ERROR;
666}
667
668/**
669 * comedi_is_subdevice_running() - Check if async command running on subdevice
670 * @s: COMEDI subdevice.
671 *
672 * Return: %true if an asynchronous COMEDI command is active on the
673 * subdevice, else %false.
674 */
675bool comedi_is_subdevice_running(struct comedi_subdevice *s)
676{
677 unsigned int runflags = comedi_get_subdevice_runflags(s);
678
679 return comedi_is_runflags_running(runflags);
680}
681EXPORT_SYMBOL_GPL(comedi_is_subdevice_running);
682
683static bool __comedi_is_subdevice_running(struct comedi_subdevice *s)
684{
685 unsigned int runflags = __comedi_get_subdevice_runflags(s);
686
687 return comedi_is_runflags_running(runflags);
688}
689
690bool comedi_can_auto_free_spriv(struct comedi_subdevice *s)
691{
692 unsigned int runflags = __comedi_get_subdevice_runflags(s);
693
694 return runflags & COMEDI_SRF_FREE_SPRIV;
695}
696
697/**
698 * comedi_set_spriv_auto_free() - Mark subdevice private data as freeable
699 * @s: COMEDI subdevice.
700 *
701 * Mark the subdevice as having a pointer to private data that can be
702 * automatically freed when the COMEDI device is detached from the low-level
703 * driver.
704 */
705void comedi_set_spriv_auto_free(struct comedi_subdevice *s)
706{
707 __comedi_set_subdevice_runflags(s, COMEDI_SRF_FREE_SPRIV);
708}
709EXPORT_SYMBOL_GPL(comedi_set_spriv_auto_free);
710
711/**
712 * comedi_alloc_spriv - Allocate memory for the subdevice private data
713 * @s: COMEDI subdevice.
714 * @size: Size of the memory to allocate.
715 *
716 * Allocate memory for the subdevice private data and point @s->private
717 * to it. The memory will be freed automatically when the COMEDI device
718 * is detached from the low-level driver.
719 *
720 * Return: A pointer to the allocated memory @s->private on success.
721 * Return NULL on failure.
722 */
723void *comedi_alloc_spriv(struct comedi_subdevice *s, size_t size)
724{
725 s->private = kzalloc(size, GFP_KERNEL);
726 if (s->private)
727 comedi_set_spriv_auto_free(s);
728 return s->private;
729}
730EXPORT_SYMBOL_GPL(comedi_alloc_spriv);
731
732/*
733 * This function restores a subdevice to an idle state.
734 */
735static void do_become_nonbusy(struct comedi_device *dev,
736 struct comedi_subdevice *s)
737{
738 struct comedi_async *async = s->async;
739
740 lockdep_assert_held(&dev->mutex);
741 comedi_update_subdevice_runflags(s, COMEDI_SRF_RUNNING, 0);
742 if (async) {
743 comedi_buf_reset(s);
744 async->inttrig = NULL;
745 kfree(async->cmd.chanlist);
746 async->cmd.chanlist = NULL;
747 s->busy = NULL;
748 wake_up_interruptible_all(&async->wait_head);
749 } else {
750 dev_err(dev->class_dev,
751 "BUG: (?) %s called with async=NULL\n", __func__);
752 s->busy = NULL;
753 }
754}
755
756static int do_cancel(struct comedi_device *dev, struct comedi_subdevice *s)
757{
758 int ret = 0;
759
760 lockdep_assert_held(&dev->mutex);
761 if (comedi_is_subdevice_running(s) && s->cancel)
762 ret = s->cancel(dev, s);
763
764 do_become_nonbusy(dev, s);
765
766 return ret;
767}
768
769void comedi_device_cancel_all(struct comedi_device *dev)
770{
771 struct comedi_subdevice *s;
772 int i;
773
774 lockdep_assert_held(&dev->mutex);
775 if (!dev->attached)
776 return;
777
778 for (i = 0; i < dev->n_subdevices; i++) {
779 s = &dev->subdevices[i];
780 if (s->async)
781 do_cancel(dev, s);
782 }
783}
784
785static int is_device_busy(struct comedi_device *dev)
786{
787 struct comedi_subdevice *s;
788 int i;
789
790 lockdep_assert_held(&dev->mutex);
791 if (!dev->attached)
792 return 0;
793
794 for (i = 0; i < dev->n_subdevices; i++) {
795 s = &dev->subdevices[i];
796 if (s->busy)
797 return 1;
798 if (s->async && comedi_buf_is_mmapped(s))
799 return 1;
800 }
801
802 return 0;
803}
804
805/*
806 * COMEDI_DEVCONFIG ioctl
807 * attaches (and configures) or detaches a legacy device
808 *
809 * arg:
810 * pointer to comedi_devconfig structure (NULL if detaching)
811 *
812 * reads:
813 * comedi_devconfig structure (if attaching)
814 *
815 * writes:
816 * nothing
817 */
818static int do_devconfig_ioctl(struct comedi_device *dev,
819 struct comedi_devconfig __user *arg)
820{
821 struct comedi_devconfig it;
822
823 lockdep_assert_held(&dev->mutex);
824 if (!capable(CAP_SYS_ADMIN))
825 return -EPERM;
826
827 if (!arg) {
828 if (is_device_busy(dev))
829 return -EBUSY;
830 if (dev->attached) {
831 struct module *driver_module = dev->driver->module;
832
833 comedi_device_detach(dev);
834 module_put(driver_module);
835 }
836 return 0;
837 }
838
839 if (copy_from_user(&it, arg, sizeof(it)))
840 return -EFAULT;
841
842 it.board_name[COMEDI_NAMELEN - 1] = 0;
843
844 if (it.options[COMEDI_DEVCONF_AUX_DATA_LENGTH]) {
845 dev_warn(dev->class_dev,
846 "comedi_config --init_data is deprecated\n");
847 return -EINVAL;
848 }
849
850 if (dev->minor >= comedi_num_legacy_minors)
851 /* don't re-use dynamically allocated comedi devices */
852 return -EBUSY;
853
854 /* This increments the driver module count on success. */
855 return comedi_device_attach(dev, &it);
856}
857
858/*
859 * COMEDI_BUFCONFIG ioctl
860 * buffer configuration
861 *
862 * arg:
863 * pointer to comedi_bufconfig structure
864 *
865 * reads:
866 * comedi_bufconfig structure
867 *
868 * writes:
869 * modified comedi_bufconfig structure
870 */
871static int do_bufconfig_ioctl(struct comedi_device *dev,
872 struct comedi_bufconfig __user *arg)
873{
874 struct comedi_bufconfig bc;
875 struct comedi_async *async;
876 struct comedi_subdevice *s;
877 int retval = 0;
878
879 lockdep_assert_held(&dev->mutex);
880 if (copy_from_user(&bc, arg, sizeof(bc)))
881 return -EFAULT;
882
883 if (bc.subdevice >= dev->n_subdevices)
884 return -EINVAL;
885
886 s = &dev->subdevices[bc.subdevice];
887 async = s->async;
888
889 if (!async) {
890 dev_dbg(dev->class_dev,
891 "subdevice does not have async capability\n");
892 bc.size = 0;
893 bc.maximum_size = 0;
894 goto copyback;
895 }
896
897 if (bc.maximum_size) {
898 if (!capable(CAP_SYS_ADMIN))
899 return -EPERM;
900
901 async->max_bufsize = bc.maximum_size;
902 }
903
904 if (bc.size) {
905 retval = resize_async_buffer(dev, s, bc.size);
906 if (retval < 0)
907 return retval;
908 }
909
910 bc.size = async->prealloc_bufsz;
911 bc.maximum_size = async->max_bufsize;
912
913copyback:
914 if (copy_to_user(arg, &bc, sizeof(bc)))
915 return -EFAULT;
916
917 return 0;
918}
919
920/*
921 * COMEDI_DEVINFO ioctl
922 * device info
923 *
924 * arg:
925 * pointer to comedi_devinfo structure
926 *
927 * reads:
928 * nothing
929 *
930 * writes:
931 * comedi_devinfo structure
932 */
933static int do_devinfo_ioctl(struct comedi_device *dev,
934 struct comedi_devinfo __user *arg,
935 struct file *file)
936{
937 struct comedi_subdevice *s;
938 struct comedi_devinfo devinfo;
939
940 lockdep_assert_held(&dev->mutex);
941 memset(&devinfo, 0, sizeof(devinfo));
942
943 /* fill devinfo structure */
944 devinfo.version_code = COMEDI_VERSION_CODE;
945 devinfo.n_subdevs = dev->n_subdevices;
946 strscpy(devinfo.driver_name, dev->driver->driver_name, COMEDI_NAMELEN);
947 strscpy(devinfo.board_name, dev->board_name, COMEDI_NAMELEN);
948
949 s = comedi_file_read_subdevice(file);
950 if (s)
951 devinfo.read_subdevice = s->index;
952 else
953 devinfo.read_subdevice = -1;
954
955 s = comedi_file_write_subdevice(file);
956 if (s)
957 devinfo.write_subdevice = s->index;
958 else
959 devinfo.write_subdevice = -1;
960
961 if (copy_to_user(arg, &devinfo, sizeof(devinfo)))
962 return -EFAULT;
963
964 return 0;
965}
966
967/*
968 * COMEDI_SUBDINFO ioctl
969 * subdevices info
970 *
971 * arg:
972 * pointer to array of comedi_subdinfo structures
973 *
974 * reads:
975 * nothing
976 *
977 * writes:
978 * array of comedi_subdinfo structures
979 */
980static int do_subdinfo_ioctl(struct comedi_device *dev,
981 struct comedi_subdinfo __user *arg, void *file)
982{
983 int ret, i;
984 struct comedi_subdinfo *tmp, *us;
985 struct comedi_subdevice *s;
986
987 lockdep_assert_held(&dev->mutex);
988 tmp = kcalloc(dev->n_subdevices, sizeof(*tmp), GFP_KERNEL);
989 if (!tmp)
990 return -ENOMEM;
991
992 /* fill subdinfo structs */
993 for (i = 0; i < dev->n_subdevices; i++) {
994 s = &dev->subdevices[i];
995 us = tmp + i;
996
997 us->type = s->type;
998 us->n_chan = s->n_chan;
999 us->subd_flags = s->subdev_flags;
1000 if (comedi_is_subdevice_running(s))
1001 us->subd_flags |= SDF_RUNNING;
1002#define TIMER_nanosec 5 /* backwards compatibility */
1003 us->timer_type = TIMER_nanosec;
1004 us->len_chanlist = s->len_chanlist;
1005 us->maxdata = s->maxdata;
1006 if (s->range_table) {
1007 us->range_type =
1008 (i << 24) | (0 << 16) | (s->range_table->length);
1009 } else {
1010 us->range_type = 0; /* XXX */
1011 }
1012
1013 if (s->busy)
1014 us->subd_flags |= SDF_BUSY;
1015 if (s->busy == file)
1016 us->subd_flags |= SDF_BUSY_OWNER;
1017 if (s->lock)
1018 us->subd_flags |= SDF_LOCKED;
1019 if (s->lock == file)
1020 us->subd_flags |= SDF_LOCK_OWNER;
1021 if (!s->maxdata && s->maxdata_list)
1022 us->subd_flags |= SDF_MAXDATA;
1023 if (s->range_table_list)
1024 us->subd_flags |= SDF_RANGETYPE;
1025 if (s->do_cmd)
1026 us->subd_flags |= SDF_CMD;
1027
1028 if (s->insn_bits != &insn_inval)
1029 us->insn_bits_support = COMEDI_SUPPORTED;
1030 else
1031 us->insn_bits_support = COMEDI_UNSUPPORTED;
1032 }
1033
1034 ret = copy_to_user(arg, tmp, dev->n_subdevices * sizeof(*tmp));
1035
1036 kfree(tmp);
1037
1038 return ret ? -EFAULT : 0;
1039}
1040
1041/*
1042 * COMEDI_CHANINFO ioctl
1043 * subdevice channel info
1044 *
1045 * arg:
1046 * pointer to comedi_chaninfo structure
1047 *
1048 * reads:
1049 * comedi_chaninfo structure
1050 *
1051 * writes:
1052 * array of maxdata values to chaninfo->maxdata_list if requested
1053 * array of range table lengths to chaninfo->range_table_list if requested
1054 */
1055static int do_chaninfo_ioctl(struct comedi_device *dev,
1056 struct comedi_chaninfo *it)
1057{
1058 struct comedi_subdevice *s;
1059
1060 lockdep_assert_held(&dev->mutex);
1061
1062 if (it->subdev >= dev->n_subdevices)
1063 return -EINVAL;
1064 s = &dev->subdevices[it->subdev];
1065
1066 if (it->maxdata_list) {
1067 if (s->maxdata || !s->maxdata_list)
1068 return -EINVAL;
1069 if (copy_to_user(it->maxdata_list, s->maxdata_list,
1070 s->n_chan * sizeof(unsigned int)))
1071 return -EFAULT;
1072 }
1073
1074 if (it->flaglist)
1075 return -EINVAL; /* flaglist not supported */
1076
1077 if (it->rangelist) {
1078 int i;
1079
1080 if (!s->range_table_list)
1081 return -EINVAL;
1082 for (i = 0; i < s->n_chan; i++) {
1083 int x;
1084
1085 x = (dev->minor << 28) | (it->subdev << 24) | (i << 16) |
1086 (s->range_table_list[i]->length);
1087 if (put_user(x, it->rangelist + i))
1088 return -EFAULT;
1089 }
1090 }
1091
1092 return 0;
1093}
1094
1095/*
1096 * COMEDI_BUFINFO ioctl
1097 * buffer information
1098 *
1099 * arg:
1100 * pointer to comedi_bufinfo structure
1101 *
1102 * reads:
1103 * comedi_bufinfo structure
1104 *
1105 * writes:
1106 * modified comedi_bufinfo structure
1107 */
1108static int do_bufinfo_ioctl(struct comedi_device *dev,
1109 struct comedi_bufinfo __user *arg, void *file)
1110{
1111 struct comedi_bufinfo bi;
1112 struct comedi_subdevice *s;
1113 struct comedi_async *async;
1114 unsigned int runflags;
1115 int retval = 0;
1116 bool become_nonbusy = false;
1117
1118 lockdep_assert_held(&dev->mutex);
1119 if (copy_from_user(&bi, arg, sizeof(bi)))
1120 return -EFAULT;
1121
1122 if (bi.subdevice >= dev->n_subdevices)
1123 return -EINVAL;
1124
1125 s = &dev->subdevices[bi.subdevice];
1126
1127 async = s->async;
1128
1129 if (!async || s->busy != file)
1130 return -EINVAL;
1131
1132 runflags = comedi_get_subdevice_runflags(s);
1133 if (!(async->cmd.flags & CMDF_WRITE)) {
1134 /* command was set up in "read" direction */
1135 if (bi.bytes_read) {
1136 comedi_buf_read_alloc(s, bi.bytes_read);
1137 bi.bytes_read = comedi_buf_read_free(s, bi.bytes_read);
1138 }
1139 /*
1140 * If nothing left to read, and command has stopped, and
1141 * {"read" position not updated or command stopped normally},
1142 * then become non-busy.
1143 */
1144 if (comedi_buf_read_n_available(s) == 0 &&
1145 !comedi_is_runflags_running(runflags) &&
1146 (bi.bytes_read == 0 ||
1147 !comedi_is_runflags_in_error(runflags))) {
1148 become_nonbusy = true;
1149 if (comedi_is_runflags_in_error(runflags))
1150 retval = -EPIPE;
1151 }
1152 bi.bytes_written = 0;
1153 } else {
1154 /* command was set up in "write" direction */
1155 if (!comedi_is_runflags_running(runflags)) {
1156 bi.bytes_written = 0;
1157 become_nonbusy = true;
1158 if (comedi_is_runflags_in_error(runflags))
1159 retval = -EPIPE;
1160 } else if (bi.bytes_written) {
1161 comedi_buf_write_alloc(s, bi.bytes_written);
1162 bi.bytes_written =
1163 comedi_buf_write_free(s, bi.bytes_written);
1164 }
1165 bi.bytes_read = 0;
1166 }
1167
1168 bi.buf_write_count = async->buf_write_count;
1169 bi.buf_write_ptr = async->buf_write_ptr;
1170 bi.buf_read_count = async->buf_read_count;
1171 bi.buf_read_ptr = async->buf_read_ptr;
1172
1173 if (become_nonbusy)
1174 do_become_nonbusy(dev, s);
1175
1176 if (retval)
1177 return retval;
1178
1179 if (copy_to_user(arg, &bi, sizeof(bi)))
1180 return -EFAULT;
1181
1182 return 0;
1183}
1184
1185static int check_insn_config_length(struct comedi_insn *insn,
1186 unsigned int *data)
1187{
1188 if (insn->n < 1)
1189 return -EINVAL;
1190
1191 switch (data[0]) {
1192 case INSN_CONFIG_DIO_OUTPUT:
1193 case INSN_CONFIG_DIO_INPUT:
1194 case INSN_CONFIG_DISARM:
1195 case INSN_CONFIG_RESET:
1196 if (insn->n == 1)
1197 return 0;
1198 break;
1199 case INSN_CONFIG_ARM:
1200 case INSN_CONFIG_DIO_QUERY:
1201 case INSN_CONFIG_BLOCK_SIZE:
1202 case INSN_CONFIG_FILTER:
1203 case INSN_CONFIG_SERIAL_CLOCK:
1204 case INSN_CONFIG_BIDIRECTIONAL_DATA:
1205 case INSN_CONFIG_ALT_SOURCE:
1206 case INSN_CONFIG_SET_COUNTER_MODE:
1207 case INSN_CONFIG_8254_READ_STATUS:
1208 case INSN_CONFIG_SET_ROUTING:
1209 case INSN_CONFIG_GET_ROUTING:
1210 case INSN_CONFIG_GET_PWM_STATUS:
1211 case INSN_CONFIG_PWM_SET_PERIOD:
1212 case INSN_CONFIG_PWM_GET_PERIOD:
1213 if (insn->n == 2)
1214 return 0;
1215 break;
1216 case INSN_CONFIG_SET_GATE_SRC:
1217 case INSN_CONFIG_GET_GATE_SRC:
1218 case INSN_CONFIG_SET_CLOCK_SRC:
1219 case INSN_CONFIG_GET_CLOCK_SRC:
1220 case INSN_CONFIG_SET_OTHER_SRC:
1221 case INSN_CONFIG_GET_COUNTER_STATUS:
1222 case INSN_CONFIG_GET_PWM_OUTPUT:
1223 case INSN_CONFIG_PWM_SET_H_BRIDGE:
1224 case INSN_CONFIG_PWM_GET_H_BRIDGE:
1225 case INSN_CONFIG_GET_HARDWARE_BUFFER_SIZE:
1226 if (insn->n == 3)
1227 return 0;
1228 break;
1229 case INSN_CONFIG_PWM_OUTPUT:
1230 case INSN_CONFIG_ANALOG_TRIG:
1231 case INSN_CONFIG_TIMER_1:
1232 if (insn->n == 5)
1233 return 0;
1234 break;
1235 case INSN_CONFIG_DIGITAL_TRIG:
1236 if (insn->n == 6)
1237 return 0;
1238 break;
1239 case INSN_CONFIG_GET_CMD_TIMING_CONSTRAINTS:
1240 if (insn->n >= 4)
1241 return 0;
1242 break;
1243 /*
1244 * by default we allow the insn since we don't have checks for
1245 * all possible cases yet
1246 */
1247 default:
1248 pr_warn("No check for data length of config insn id %i is implemented\n",
1249 data[0]);
1250 pr_warn("Add a check to %s in %s\n", __func__, __FILE__);
1251 pr_warn("Assuming n=%i is correct\n", insn->n);
1252 return 0;
1253 }
1254 return -EINVAL;
1255}
1256
1257static int check_insn_device_config_length(struct comedi_insn *insn,
1258 unsigned int *data)
1259{
1260 if (insn->n < 1)
1261 return -EINVAL;
1262
1263 switch (data[0]) {
1264 case INSN_DEVICE_CONFIG_TEST_ROUTE:
1265 case INSN_DEVICE_CONFIG_CONNECT_ROUTE:
1266 case INSN_DEVICE_CONFIG_DISCONNECT_ROUTE:
1267 if (insn->n == 3)
1268 return 0;
1269 break;
1270 case INSN_DEVICE_CONFIG_GET_ROUTES:
1271 /*
1272 * Big enough for config_id and the length of the userland
1273 * memory buffer. Additional length should be in factors of 2
1274 * to communicate any returned route pairs (source,destination).
1275 */
1276 if (insn->n >= 2)
1277 return 0;
1278 break;
1279 }
1280 return -EINVAL;
1281}
1282
1283/**
1284 * get_valid_routes() - Calls low-level driver get_valid_routes function to
1285 * either return a count of valid routes to user, or copy
1286 * of list of all valid device routes to buffer in
1287 * userspace.
1288 * @dev: comedi device pointer
1289 * @data: data from user insn call. The length of the data must be >= 2.
1290 * data[0] must contain the INSN_DEVICE_CONFIG config_id.
1291 * data[1](input) contains the number of _pairs_ for which memory is
1292 * allotted from the user. If the user specifies '0', then only
1293 * the number of pairs available is returned.
1294 * data[1](output) returns either the number of pairs available (if none
1295 * where requested) or the number of _pairs_ that are copied back
1296 * to the user.
1297 * data[2::2] returns each (source, destination) pair.
1298 *
1299 * Return: -EINVAL if low-level driver does not allocate and return routes as
1300 * expected. Returns 0 otherwise.
1301 */
1302static int get_valid_routes(struct comedi_device *dev, unsigned int *data)
1303{
1304 lockdep_assert_held(&dev->mutex);
1305 data[1] = dev->get_valid_routes(dev, data[1], data + 2);
1306 return 0;
1307}
1308
1309static int parse_insn(struct comedi_device *dev, struct comedi_insn *insn,
1310 unsigned int *data, void *file)
1311{
1312 struct comedi_subdevice *s;
1313 int ret = 0;
1314 int i;
1315
1316 lockdep_assert_held(&dev->mutex);
1317 if (insn->insn & INSN_MASK_SPECIAL) {
1318 /* a non-subdevice instruction */
1319
1320 switch (insn->insn) {
1321 case INSN_GTOD:
1322 {
1323 struct timespec64 tv;
1324
1325 if (insn->n != 2) {
1326 ret = -EINVAL;
1327 break;
1328 }
1329
1330 ktime_get_real_ts64(&tv);
1331 /* unsigned data safe until 2106 */
1332 data[0] = (unsigned int)tv.tv_sec;
1333 data[1] = tv.tv_nsec / NSEC_PER_USEC;
1334 ret = 2;
1335
1336 break;
1337 }
1338 case INSN_WAIT:
1339 if (insn->n != 1 || data[0] >= 100000) {
1340 ret = -EINVAL;
1341 break;
1342 }
1343 udelay(data[0] / 1000);
1344 ret = 1;
1345 break;
1346 case INSN_INTTRIG:
1347 if (insn->n != 1) {
1348 ret = -EINVAL;
1349 break;
1350 }
1351 if (insn->subdev >= dev->n_subdevices) {
1352 dev_dbg(dev->class_dev,
1353 "%d not usable subdevice\n",
1354 insn->subdev);
1355 ret = -EINVAL;
1356 break;
1357 }
1358 s = &dev->subdevices[insn->subdev];
1359 if (!s->async) {
1360 dev_dbg(dev->class_dev, "no async\n");
1361 ret = -EINVAL;
1362 break;
1363 }
1364 if (!s->async->inttrig) {
1365 dev_dbg(dev->class_dev, "no inttrig\n");
1366 ret = -EAGAIN;
1367 break;
1368 }
1369 ret = s->async->inttrig(dev, s, data[0]);
1370 if (ret >= 0)
1371 ret = 1;
1372 break;
1373 case INSN_DEVICE_CONFIG:
1374 ret = check_insn_device_config_length(insn, data);
1375 if (ret)
1376 break;
1377
1378 if (data[0] == INSN_DEVICE_CONFIG_GET_ROUTES) {
1379 /*
1380 * data[1] should be the number of _pairs_ that
1381 * the memory can hold.
1382 */
1383 data[1] = (insn->n - 2) / 2;
1384 ret = get_valid_routes(dev, data);
1385 break;
1386 }
1387
1388 /* other global device config instructions. */
1389 ret = dev->insn_device_config(dev, insn, data);
1390 break;
1391 default:
1392 dev_dbg(dev->class_dev, "invalid insn\n");
1393 ret = -EINVAL;
1394 break;
1395 }
1396 } else {
1397 /* a subdevice instruction */
1398 unsigned int maxdata;
1399
1400 if (insn->subdev >= dev->n_subdevices) {
1401 dev_dbg(dev->class_dev, "subdevice %d out of range\n",
1402 insn->subdev);
1403 ret = -EINVAL;
1404 goto out;
1405 }
1406 s = &dev->subdevices[insn->subdev];
1407
1408 if (s->type == COMEDI_SUBD_UNUSED) {
1409 dev_dbg(dev->class_dev, "%d not usable subdevice\n",
1410 insn->subdev);
1411 ret = -EIO;
1412 goto out;
1413 }
1414
1415 /* are we locked? (ioctl lock) */
1416 if (s->lock && s->lock != file) {
1417 dev_dbg(dev->class_dev, "device locked\n");
1418 ret = -EACCES;
1419 goto out;
1420 }
1421
1422 ret = comedi_check_chanlist(s, 1, &insn->chanspec);
1423 if (ret < 0) {
1424 ret = -EINVAL;
1425 dev_dbg(dev->class_dev, "bad chanspec\n");
1426 goto out;
1427 }
1428
1429 if (s->busy) {
1430 ret = -EBUSY;
1431 goto out;
1432 }
1433 /* This looks arbitrary. It is. */
1434 s->busy = parse_insn;
1435 switch (insn->insn) {
1436 case INSN_READ:
1437 ret = s->insn_read(dev, s, insn, data);
1438 if (ret == -ETIMEDOUT) {
1439 dev_dbg(dev->class_dev,
1440 "subdevice %d read instruction timed out\n",
1441 s->index);
1442 }
1443 break;
1444 case INSN_WRITE:
1445 maxdata = s->maxdata_list
1446 ? s->maxdata_list[CR_CHAN(insn->chanspec)]
1447 : s->maxdata;
1448 for (i = 0; i < insn->n; ++i) {
1449 if (data[i] > maxdata) {
1450 ret = -EINVAL;
1451 dev_dbg(dev->class_dev,
1452 "bad data value(s)\n");
1453 break;
1454 }
1455 }
1456 if (ret == 0) {
1457 ret = s->insn_write(dev, s, insn, data);
1458 if (ret == -ETIMEDOUT) {
1459 dev_dbg(dev->class_dev,
1460 "subdevice %d write instruction timed out\n",
1461 s->index);
1462 }
1463 }
1464 break;
1465 case INSN_BITS:
1466 if (insn->n != 2) {
1467 ret = -EINVAL;
1468 } else {
1469 /*
1470 * Most drivers ignore the base channel in
1471 * insn->chanspec. Fix this here if
1472 * the subdevice has <= 32 channels.
1473 */
1474 unsigned int orig_mask = data[0];
1475 unsigned int shift = 0;
1476
1477 if (s->n_chan <= 32) {
1478 shift = CR_CHAN(insn->chanspec);
1479 if (shift > 0) {
1480 insn->chanspec = 0;
1481 data[0] <<= shift;
1482 data[1] <<= shift;
1483 }
1484 }
1485 ret = s->insn_bits(dev, s, insn, data);
1486 data[0] = orig_mask;
1487 if (shift > 0)
1488 data[1] >>= shift;
1489 }
1490 break;
1491 case INSN_CONFIG:
1492 ret = check_insn_config_length(insn, data);
1493 if (ret)
1494 break;
1495 ret = s->insn_config(dev, s, insn, data);
1496 break;
1497 default:
1498 ret = -EINVAL;
1499 break;
1500 }
1501
1502 s->busy = NULL;
1503 }
1504
1505out:
1506 return ret;
1507}
1508
1509/*
1510 * COMEDI_INSNLIST ioctl
1511 * synchronous instruction list
1512 *
1513 * arg:
1514 * pointer to comedi_insnlist structure
1515 *
1516 * reads:
1517 * comedi_insnlist structure
1518 * array of comedi_insn structures from insnlist->insns pointer
1519 * data (for writes) from insns[].data pointers
1520 *
1521 * writes:
1522 * data (for reads) to insns[].data pointers
1523 */
1524/* arbitrary limits */
1525#define MIN_SAMPLES 16
1526#define MAX_SAMPLES 65536
1527static int do_insnlist_ioctl(struct comedi_device *dev,
1528 struct comedi_insn *insns,
1529 unsigned int n_insns,
1530 void *file)
1531{
1532 unsigned int *data = NULL;
1533 unsigned int max_n_data_required = MIN_SAMPLES;
1534 int i = 0;
1535 int ret = 0;
1536
1537 lockdep_assert_held(&dev->mutex);
1538
1539 /* Determine maximum memory needed for all instructions. */
1540 for (i = 0; i < n_insns; ++i) {
1541 if (insns[i].n > MAX_SAMPLES) {
1542 dev_dbg(dev->class_dev,
1543 "number of samples too large\n");
1544 ret = -EINVAL;
1545 goto error;
1546 }
1547 max_n_data_required = max(max_n_data_required, insns[i].n);
1548 }
1549
1550 /* Allocate scratch space for all instruction data. */
1551 data = kmalloc_array(max_n_data_required, sizeof(unsigned int),
1552 GFP_KERNEL);
1553 if (!data) {
1554 ret = -ENOMEM;
1555 goto error;
1556 }
1557
1558 for (i = 0; i < n_insns; ++i) {
1559 if (insns[i].insn & INSN_MASK_WRITE) {
1560 if (copy_from_user(data, insns[i].data,
1561 insns[i].n * sizeof(unsigned int))) {
1562 dev_dbg(dev->class_dev,
1563 "copy_from_user failed\n");
1564 ret = -EFAULT;
1565 goto error;
1566 }
1567 }
1568 ret = parse_insn(dev, insns + i, data, file);
1569 if (ret < 0)
1570 goto error;
1571 if (insns[i].insn & INSN_MASK_READ) {
1572 if (copy_to_user(insns[i].data, data,
1573 insns[i].n * sizeof(unsigned int))) {
1574 dev_dbg(dev->class_dev,
1575 "copy_to_user failed\n");
1576 ret = -EFAULT;
1577 goto error;
1578 }
1579 }
1580 if (need_resched())
1581 schedule();
1582 }
1583
1584error:
1585 kfree(data);
1586
1587 if (ret < 0)
1588 return ret;
1589 return i;
1590}
1591
1592/*
1593 * COMEDI_INSN ioctl
1594 * synchronous instruction
1595 *
1596 * arg:
1597 * pointer to comedi_insn structure
1598 *
1599 * reads:
1600 * comedi_insn structure
1601 * data (for writes) from insn->data pointer
1602 *
1603 * writes:
1604 * data (for reads) to insn->data pointer
1605 */
1606static int do_insn_ioctl(struct comedi_device *dev,
1607 struct comedi_insn *insn, void *file)
1608{
1609 unsigned int *data = NULL;
1610 unsigned int n_data = MIN_SAMPLES;
1611 int ret = 0;
1612
1613 lockdep_assert_held(&dev->mutex);
1614
1615 n_data = max(n_data, insn->n);
1616
1617 /* This is where the behavior of insn and insnlist deviate. */
1618 if (insn->n > MAX_SAMPLES) {
1619 insn->n = MAX_SAMPLES;
1620 n_data = MAX_SAMPLES;
1621 }
1622
1623 data = kmalloc_array(n_data, sizeof(unsigned int), GFP_KERNEL);
1624 if (!data) {
1625 ret = -ENOMEM;
1626 goto error;
1627 }
1628
1629 if (insn->insn & INSN_MASK_WRITE) {
1630 if (copy_from_user(data,
1631 insn->data,
1632 insn->n * sizeof(unsigned int))) {
1633 ret = -EFAULT;
1634 goto error;
1635 }
1636 }
1637 ret = parse_insn(dev, insn, data, file);
1638 if (ret < 0)
1639 goto error;
1640 if (insn->insn & INSN_MASK_READ) {
1641 if (copy_to_user(insn->data,
1642 data,
1643 insn->n * sizeof(unsigned int))) {
1644 ret = -EFAULT;
1645 goto error;
1646 }
1647 }
1648 ret = insn->n;
1649
1650error:
1651 kfree(data);
1652
1653 return ret;
1654}
1655
1656static int __comedi_get_user_cmd(struct comedi_device *dev,
1657 struct comedi_cmd *cmd)
1658{
1659 struct comedi_subdevice *s;
1660
1661 lockdep_assert_held(&dev->mutex);
1662 if (cmd->subdev >= dev->n_subdevices) {
1663 dev_dbg(dev->class_dev, "%d no such subdevice\n", cmd->subdev);
1664 return -ENODEV;
1665 }
1666
1667 s = &dev->subdevices[cmd->subdev];
1668
1669 if (s->type == COMEDI_SUBD_UNUSED) {
1670 dev_dbg(dev->class_dev, "%d not valid subdevice\n",
1671 cmd->subdev);
1672 return -EIO;
1673 }
1674
1675 if (!s->do_cmd || !s->do_cmdtest || !s->async) {
1676 dev_dbg(dev->class_dev,
1677 "subdevice %d does not support commands\n",
1678 cmd->subdev);
1679 return -EIO;
1680 }
1681
1682 /* make sure channel/gain list isn't too long */
1683 if (cmd->chanlist_len > s->len_chanlist) {
1684 dev_dbg(dev->class_dev, "channel/gain list too long %d > %d\n",
1685 cmd->chanlist_len, s->len_chanlist);
1686 return -EINVAL;
1687 }
1688
1689 /*
1690 * Set the CMDF_WRITE flag to the correct state if the subdevice
1691 * supports only "read" commands or only "write" commands.
1692 */
1693 switch (s->subdev_flags & (SDF_CMD_READ | SDF_CMD_WRITE)) {
1694 case SDF_CMD_READ:
1695 cmd->flags &= ~CMDF_WRITE;
1696 break;
1697 case SDF_CMD_WRITE:
1698 cmd->flags |= CMDF_WRITE;
1699 break;
1700 default:
1701 break;
1702 }
1703
1704 return 0;
1705}
1706
1707static int __comedi_get_user_chanlist(struct comedi_device *dev,
1708 struct comedi_subdevice *s,
1709 unsigned int __user *user_chanlist,
1710 struct comedi_cmd *cmd)
1711{
1712 unsigned int *chanlist;
1713 int ret;
1714
1715 lockdep_assert_held(&dev->mutex);
1716 cmd->chanlist = NULL;
1717 chanlist = memdup_array_user(user_chanlist,
1718 cmd->chanlist_len, sizeof(unsigned int));
1719 if (IS_ERR(chanlist))
1720 return PTR_ERR(chanlist);
1721
1722 /* make sure each element in channel/gain list is valid */
1723 ret = comedi_check_chanlist(s, cmd->chanlist_len, chanlist);
1724 if (ret < 0) {
1725 kfree(chanlist);
1726 return ret;
1727 }
1728
1729 cmd->chanlist = chanlist;
1730
1731 return 0;
1732}
1733
1734/*
1735 * COMEDI_CMD ioctl
1736 * asynchronous acquisition command set-up
1737 *
1738 * arg:
1739 * pointer to comedi_cmd structure
1740 *
1741 * reads:
1742 * comedi_cmd structure
1743 * channel/range list from cmd->chanlist pointer
1744 *
1745 * writes:
1746 * possibly modified comedi_cmd structure (when -EAGAIN returned)
1747 */
1748static int do_cmd_ioctl(struct comedi_device *dev,
1749 struct comedi_cmd *cmd, bool *copy, void *file)
1750{
1751 struct comedi_subdevice *s;
1752 struct comedi_async *async;
1753 unsigned int __user *user_chanlist;
1754 int ret;
1755
1756 lockdep_assert_held(&dev->mutex);
1757
1758 /* do some simple cmd validation */
1759 ret = __comedi_get_user_cmd(dev, cmd);
1760 if (ret)
1761 return ret;
1762
1763 /* save user's chanlist pointer so it can be restored later */
1764 user_chanlist = (unsigned int __user *)cmd->chanlist;
1765
1766 s = &dev->subdevices[cmd->subdev];
1767 async = s->async;
1768
1769 /* are we locked? (ioctl lock) */
1770 if (s->lock && s->lock != file) {
1771 dev_dbg(dev->class_dev, "subdevice locked\n");
1772 return -EACCES;
1773 }
1774
1775 /* are we busy? */
1776 if (s->busy) {
1777 dev_dbg(dev->class_dev, "subdevice busy\n");
1778 return -EBUSY;
1779 }
1780
1781 /* make sure channel/gain list isn't too short */
1782 if (cmd->chanlist_len < 1) {
1783 dev_dbg(dev->class_dev, "channel/gain list too short %u < 1\n",
1784 cmd->chanlist_len);
1785 return -EINVAL;
1786 }
1787
1788 async->cmd = *cmd;
1789 async->cmd.data = NULL;
1790
1791 /* load channel/gain list */
1792 ret = __comedi_get_user_chanlist(dev, s, user_chanlist, &async->cmd);
1793 if (ret)
1794 goto cleanup;
1795
1796 ret = s->do_cmdtest(dev, s, &async->cmd);
1797
1798 if (async->cmd.flags & CMDF_BOGUS || ret) {
1799 dev_dbg(dev->class_dev, "test returned %d\n", ret);
1800 *cmd = async->cmd;
1801 /* restore chanlist pointer before copying back */
1802 cmd->chanlist = (unsigned int __force *)user_chanlist;
1803 cmd->data = NULL;
1804 *copy = true;
1805 ret = -EAGAIN;
1806 goto cleanup;
1807 }
1808
1809 if (!async->prealloc_bufsz) {
1810 ret = -ENOMEM;
1811 dev_dbg(dev->class_dev, "no buffer (?)\n");
1812 goto cleanup;
1813 }
1814
1815 comedi_buf_reset(s);
1816
1817 async->cb_mask = COMEDI_CB_BLOCK | COMEDI_CB_CANCEL_MASK;
1818 if (async->cmd.flags & CMDF_WAKE_EOS)
1819 async->cb_mask |= COMEDI_CB_EOS;
1820
1821 comedi_update_subdevice_runflags(s, COMEDI_SRF_BUSY_MASK,
1822 COMEDI_SRF_RUNNING);
1823
1824 /*
1825 * Set s->busy _after_ setting COMEDI_SRF_RUNNING flag to avoid
1826 * race with comedi_read() or comedi_write().
1827 */
1828 s->busy = file;
1829 ret = s->do_cmd(dev, s);
1830 if (ret == 0)
1831 return 0;
1832
1833cleanup:
1834 do_become_nonbusy(dev, s);
1835
1836 return ret;
1837}
1838
1839/*
1840 * COMEDI_CMDTEST ioctl
1841 * asynchronous acquisition command testing
1842 *
1843 * arg:
1844 * pointer to comedi_cmd structure
1845 *
1846 * reads:
1847 * comedi_cmd structure
1848 * channel/range list from cmd->chanlist pointer
1849 *
1850 * writes:
1851 * possibly modified comedi_cmd structure
1852 */
1853static int do_cmdtest_ioctl(struct comedi_device *dev,
1854 struct comedi_cmd *cmd, bool *copy, void *file)
1855{
1856 struct comedi_subdevice *s;
1857 unsigned int __user *user_chanlist;
1858 int ret;
1859
1860 lockdep_assert_held(&dev->mutex);
1861
1862 /* do some simple cmd validation */
1863 ret = __comedi_get_user_cmd(dev, cmd);
1864 if (ret)
1865 return ret;
1866
1867 /* save user's chanlist pointer so it can be restored later */
1868 user_chanlist = (unsigned int __user *)cmd->chanlist;
1869
1870 s = &dev->subdevices[cmd->subdev];
1871
1872 /* user_chanlist can be NULL for COMEDI_CMDTEST ioctl */
1873 if (user_chanlist) {
1874 /* load channel/gain list */
1875 ret = __comedi_get_user_chanlist(dev, s, user_chanlist, cmd);
1876 if (ret)
1877 return ret;
1878 }
1879
1880 ret = s->do_cmdtest(dev, s, cmd);
1881
1882 kfree(cmd->chanlist); /* free kernel copy of user chanlist */
1883
1884 /* restore chanlist pointer before copying back */
1885 cmd->chanlist = (unsigned int __force *)user_chanlist;
1886 *copy = true;
1887
1888 return ret;
1889}
1890
1891/*
1892 * COMEDI_LOCK ioctl
1893 * lock subdevice
1894 *
1895 * arg:
1896 * subdevice number
1897 *
1898 * reads:
1899 * nothing
1900 *
1901 * writes:
1902 * nothing
1903 */
1904static int do_lock_ioctl(struct comedi_device *dev, unsigned long arg,
1905 void *file)
1906{
1907 int ret = 0;
1908 unsigned long flags;
1909 struct comedi_subdevice *s;
1910
1911 lockdep_assert_held(&dev->mutex);
1912 if (arg >= dev->n_subdevices)
1913 return -EINVAL;
1914 s = &dev->subdevices[arg];
1915
1916 spin_lock_irqsave(&s->spin_lock, flags);
1917 if (s->busy || s->lock)
1918 ret = -EBUSY;
1919 else
1920 s->lock = file;
1921 spin_unlock_irqrestore(&s->spin_lock, flags);
1922
1923 return ret;
1924}
1925
1926/*
1927 * COMEDI_UNLOCK ioctl
1928 * unlock subdevice
1929 *
1930 * arg:
1931 * subdevice number
1932 *
1933 * reads:
1934 * nothing
1935 *
1936 * writes:
1937 * nothing
1938 */
1939static int do_unlock_ioctl(struct comedi_device *dev, unsigned long arg,
1940 void *file)
1941{
1942 struct comedi_subdevice *s;
1943
1944 lockdep_assert_held(&dev->mutex);
1945 if (arg >= dev->n_subdevices)
1946 return -EINVAL;
1947 s = &dev->subdevices[arg];
1948
1949 if (s->busy)
1950 return -EBUSY;
1951
1952 if (s->lock && s->lock != file)
1953 return -EACCES;
1954
1955 if (s->lock == file)
1956 s->lock = NULL;
1957
1958 return 0;
1959}
1960
1961/*
1962 * COMEDI_CANCEL ioctl
1963 * cancel asynchronous acquisition
1964 *
1965 * arg:
1966 * subdevice number
1967 *
1968 * reads:
1969 * nothing
1970 *
1971 * writes:
1972 * nothing
1973 */
1974static int do_cancel_ioctl(struct comedi_device *dev, unsigned long arg,
1975 void *file)
1976{
1977 struct comedi_subdevice *s;
1978
1979 lockdep_assert_held(&dev->mutex);
1980 if (arg >= dev->n_subdevices)
1981 return -EINVAL;
1982 s = &dev->subdevices[arg];
1983 if (!s->async)
1984 return -EINVAL;
1985
1986 if (!s->busy)
1987 return 0;
1988
1989 if (s->busy != file)
1990 return -EBUSY;
1991
1992 return do_cancel(dev, s);
1993}
1994
1995/*
1996 * COMEDI_POLL ioctl
1997 * instructs driver to synchronize buffers
1998 *
1999 * arg:
2000 * subdevice number
2001 *
2002 * reads:
2003 * nothing
2004 *
2005 * writes:
2006 * nothing
2007 */
2008static int do_poll_ioctl(struct comedi_device *dev, unsigned long arg,
2009 void *file)
2010{
2011 struct comedi_subdevice *s;
2012
2013 lockdep_assert_held(&dev->mutex);
2014 if (arg >= dev->n_subdevices)
2015 return -EINVAL;
2016 s = &dev->subdevices[arg];
2017
2018 if (!s->busy)
2019 return 0;
2020
2021 if (s->busy != file)
2022 return -EBUSY;
2023
2024 if (s->poll)
2025 return s->poll(dev, s);
2026
2027 return -EINVAL;
2028}
2029
2030/*
2031 * COMEDI_SETRSUBD ioctl
2032 * sets the current "read" subdevice on a per-file basis
2033 *
2034 * arg:
2035 * subdevice number
2036 *
2037 * reads:
2038 * nothing
2039 *
2040 * writes:
2041 * nothing
2042 */
2043static int do_setrsubd_ioctl(struct comedi_device *dev, unsigned long arg,
2044 struct file *file)
2045{
2046 struct comedi_file *cfp = file->private_data;
2047 struct comedi_subdevice *s_old, *s_new;
2048
2049 lockdep_assert_held(&dev->mutex);
2050 if (arg >= dev->n_subdevices)
2051 return -EINVAL;
2052
2053 s_new = &dev->subdevices[arg];
2054 s_old = comedi_file_read_subdevice(file);
2055 if (s_old == s_new)
2056 return 0; /* no change */
2057
2058 if (!(s_new->subdev_flags & SDF_CMD_READ))
2059 return -EINVAL;
2060
2061 /*
2062 * Check the file isn't still busy handling a "read" command on the
2063 * old subdevice (if any).
2064 */
2065 if (s_old && s_old->busy == file && s_old->async &&
2066 !(s_old->async->cmd.flags & CMDF_WRITE))
2067 return -EBUSY;
2068
2069 WRITE_ONCE(cfp->read_subdev, s_new);
2070 return 0;
2071}
2072
2073/*
2074 * COMEDI_SETWSUBD ioctl
2075 * sets the current "write" subdevice on a per-file basis
2076 *
2077 * arg:
2078 * subdevice number
2079 *
2080 * reads:
2081 * nothing
2082 *
2083 * writes:
2084 * nothing
2085 */
2086static int do_setwsubd_ioctl(struct comedi_device *dev, unsigned long arg,
2087 struct file *file)
2088{
2089 struct comedi_file *cfp = file->private_data;
2090 struct comedi_subdevice *s_old, *s_new;
2091
2092 lockdep_assert_held(&dev->mutex);
2093 if (arg >= dev->n_subdevices)
2094 return -EINVAL;
2095
2096 s_new = &dev->subdevices[arg];
2097 s_old = comedi_file_write_subdevice(file);
2098 if (s_old == s_new)
2099 return 0; /* no change */
2100
2101 if (!(s_new->subdev_flags & SDF_CMD_WRITE))
2102 return -EINVAL;
2103
2104 /*
2105 * Check the file isn't still busy handling a "write" command on the
2106 * old subdevice (if any).
2107 */
2108 if (s_old && s_old->busy == file && s_old->async &&
2109 (s_old->async->cmd.flags & CMDF_WRITE))
2110 return -EBUSY;
2111
2112 WRITE_ONCE(cfp->write_subdev, s_new);
2113 return 0;
2114}
2115
2116static long comedi_unlocked_ioctl(struct file *file, unsigned int cmd,
2117 unsigned long arg)
2118{
2119 unsigned int minor = iminor(file_inode(file));
2120 struct comedi_file *cfp = file->private_data;
2121 struct comedi_device *dev = cfp->dev;
2122 int rc;
2123
2124 mutex_lock(&dev->mutex);
2125
2126 /*
2127 * Device config is special, because it must work on
2128 * an unconfigured device.
2129 */
2130 if (cmd == COMEDI_DEVCONFIG) {
2131 if (minor >= COMEDI_NUM_BOARD_MINORS) {
2132 /* Device config not appropriate on non-board minors. */
2133 rc = -ENOTTY;
2134 goto done;
2135 }
2136 rc = do_devconfig_ioctl(dev,
2137 (struct comedi_devconfig __user *)arg);
2138 if (rc == 0) {
2139 if (arg == 0 &&
2140 dev->minor >= comedi_num_legacy_minors) {
2141 /*
2142 * Successfully unconfigured a dynamically
2143 * allocated device. Try and remove it.
2144 */
2145 if (comedi_clear_board_dev(dev)) {
2146 mutex_unlock(&dev->mutex);
2147 comedi_free_board_dev(dev);
2148 return rc;
2149 }
2150 }
2151 }
2152 goto done;
2153 }
2154
2155 if (!dev->attached) {
2156 dev_dbg(dev->class_dev, "no driver attached\n");
2157 rc = -ENODEV;
2158 goto done;
2159 }
2160
2161 switch (cmd) {
2162 case COMEDI_BUFCONFIG:
2163 rc = do_bufconfig_ioctl(dev,
2164 (struct comedi_bufconfig __user *)arg);
2165 break;
2166 case COMEDI_DEVINFO:
2167 rc = do_devinfo_ioctl(dev, (struct comedi_devinfo __user *)arg,
2168 file);
2169 break;
2170 case COMEDI_SUBDINFO:
2171 rc = do_subdinfo_ioctl(dev,
2172 (struct comedi_subdinfo __user *)arg,
2173 file);
2174 break;
2175 case COMEDI_CHANINFO: {
2176 struct comedi_chaninfo it;
2177
2178 if (copy_from_user(&it, (void __user *)arg, sizeof(it)))
2179 rc = -EFAULT;
2180 else
2181 rc = do_chaninfo_ioctl(dev, &it);
2182 break;
2183 }
2184 case COMEDI_RANGEINFO: {
2185 struct comedi_rangeinfo it;
2186
2187 if (copy_from_user(&it, (void __user *)arg, sizeof(it)))
2188 rc = -EFAULT;
2189 else
2190 rc = do_rangeinfo_ioctl(dev, &it);
2191 break;
2192 }
2193 case COMEDI_BUFINFO:
2194 rc = do_bufinfo_ioctl(dev,
2195 (struct comedi_bufinfo __user *)arg,
2196 file);
2197 break;
2198 case COMEDI_LOCK:
2199 rc = do_lock_ioctl(dev, arg, file);
2200 break;
2201 case COMEDI_UNLOCK:
2202 rc = do_unlock_ioctl(dev, arg, file);
2203 break;
2204 case COMEDI_CANCEL:
2205 rc = do_cancel_ioctl(dev, arg, file);
2206 break;
2207 case COMEDI_CMD: {
2208 struct comedi_cmd cmd;
2209 bool copy = false;
2210
2211 if (copy_from_user(&cmd, (void __user *)arg, sizeof(cmd))) {
2212 rc = -EFAULT;
2213 break;
2214 }
2215 rc = do_cmd_ioctl(dev, &cmd, ©, file);
2216 if (copy && copy_to_user((void __user *)arg, &cmd, sizeof(cmd)))
2217 rc = -EFAULT;
2218 break;
2219 }
2220 case COMEDI_CMDTEST: {
2221 struct comedi_cmd cmd;
2222 bool copy = false;
2223
2224 if (copy_from_user(&cmd, (void __user *)arg, sizeof(cmd))) {
2225 rc = -EFAULT;
2226 break;
2227 }
2228 rc = do_cmdtest_ioctl(dev, &cmd, ©, file);
2229 if (copy && copy_to_user((void __user *)arg, &cmd, sizeof(cmd)))
2230 rc = -EFAULT;
2231 break;
2232 }
2233 case COMEDI_INSNLIST: {
2234 struct comedi_insnlist insnlist;
2235 struct comedi_insn *insns = NULL;
2236
2237 if (copy_from_user(&insnlist, (void __user *)arg,
2238 sizeof(insnlist))) {
2239 rc = -EFAULT;
2240 break;
2241 }
2242 insns = kcalloc(insnlist.n_insns, sizeof(*insns), GFP_KERNEL);
2243 if (!insns) {
2244 rc = -ENOMEM;
2245 break;
2246 }
2247 if (copy_from_user(insns, insnlist.insns,
2248 sizeof(*insns) * insnlist.n_insns)) {
2249 rc = -EFAULT;
2250 kfree(insns);
2251 break;
2252 }
2253 rc = do_insnlist_ioctl(dev, insns, insnlist.n_insns, file);
2254 kfree(insns);
2255 break;
2256 }
2257 case COMEDI_INSN: {
2258 struct comedi_insn insn;
2259
2260 if (copy_from_user(&insn, (void __user *)arg, sizeof(insn)))
2261 rc = -EFAULT;
2262 else
2263 rc = do_insn_ioctl(dev, &insn, file);
2264 break;
2265 }
2266 case COMEDI_POLL:
2267 rc = do_poll_ioctl(dev, arg, file);
2268 break;
2269 case COMEDI_SETRSUBD:
2270 rc = do_setrsubd_ioctl(dev, arg, file);
2271 break;
2272 case COMEDI_SETWSUBD:
2273 rc = do_setwsubd_ioctl(dev, arg, file);
2274 break;
2275 default:
2276 rc = -ENOTTY;
2277 break;
2278 }
2279
2280done:
2281 mutex_unlock(&dev->mutex);
2282 return rc;
2283}
2284
2285static void comedi_vm_open(struct vm_area_struct *area)
2286{
2287 struct comedi_buf_map *bm;
2288
2289 bm = area->vm_private_data;
2290 comedi_buf_map_get(bm);
2291}
2292
2293static void comedi_vm_close(struct vm_area_struct *area)
2294{
2295 struct comedi_buf_map *bm;
2296
2297 bm = area->vm_private_data;
2298 comedi_buf_map_put(bm);
2299}
2300
2301static int comedi_vm_access(struct vm_area_struct *vma, unsigned long addr,
2302 void *buf, int len, int write)
2303{
2304 struct comedi_buf_map *bm = vma->vm_private_data;
2305 unsigned long offset =
2306 addr - vma->vm_start + (vma->vm_pgoff << PAGE_SHIFT);
2307
2308 if (len < 0)
2309 return -EINVAL;
2310 if (len > vma->vm_end - addr)
2311 len = vma->vm_end - addr;
2312 return comedi_buf_map_access(bm, offset, buf, len, write);
2313}
2314
2315static const struct vm_operations_struct comedi_vm_ops = {
2316 .open = comedi_vm_open,
2317 .close = comedi_vm_close,
2318 .access = comedi_vm_access,
2319};
2320
2321static int comedi_mmap(struct file *file, struct vm_area_struct *vma)
2322{
2323 struct comedi_file *cfp = file->private_data;
2324 struct comedi_device *dev = cfp->dev;
2325 struct comedi_subdevice *s;
2326 struct comedi_async *async;
2327 struct comedi_buf_map *bm = NULL;
2328 struct comedi_buf_page *buf;
2329 unsigned long start = vma->vm_start;
2330 unsigned long size;
2331 int n_pages;
2332 int i;
2333 int retval = 0;
2334
2335 /*
2336 * 'trylock' avoids circular dependency with current->mm->mmap_lock
2337 * and down-reading &dev->attach_lock should normally succeed without
2338 * contention unless the device is in the process of being attached
2339 * or detached.
2340 */
2341 if (!down_read_trylock(&dev->attach_lock))
2342 return -EAGAIN;
2343
2344 if (!dev->attached) {
2345 dev_dbg(dev->class_dev, "no driver attached\n");
2346 retval = -ENODEV;
2347 goto done;
2348 }
2349
2350 if (vma->vm_flags & VM_WRITE)
2351 s = comedi_file_write_subdevice(file);
2352 else
2353 s = comedi_file_read_subdevice(file);
2354 if (!s) {
2355 retval = -EINVAL;
2356 goto done;
2357 }
2358
2359 async = s->async;
2360 if (!async) {
2361 retval = -EINVAL;
2362 goto done;
2363 }
2364
2365 if (vma->vm_pgoff != 0) {
2366 dev_dbg(dev->class_dev, "mmap() offset must be 0.\n");
2367 retval = -EINVAL;
2368 goto done;
2369 }
2370
2371 size = vma->vm_end - vma->vm_start;
2372 if (size > async->prealloc_bufsz) {
2373 retval = -EFAULT;
2374 goto done;
2375 }
2376 if (offset_in_page(size)) {
2377 retval = -EFAULT;
2378 goto done;
2379 }
2380
2381 n_pages = vma_pages(vma);
2382
2383 /* get reference to current buf map (if any) */
2384 bm = comedi_buf_map_from_subdev_get(s);
2385 if (!bm || n_pages > bm->n_pages) {
2386 retval = -EINVAL;
2387 goto done;
2388 }
2389 if (bm->dma_dir != DMA_NONE) {
2390 /*
2391 * DMA buffer was allocated as a single block.
2392 * Address is in page_list[0].
2393 */
2394 buf = &bm->page_list[0];
2395 retval = dma_mmap_coherent(bm->dma_hw_dev, vma, buf->virt_addr,
2396 buf->dma_addr, n_pages * PAGE_SIZE);
2397 } else {
2398 for (i = 0; i < n_pages; ++i) {
2399 unsigned long pfn;
2400
2401 buf = &bm->page_list[i];
2402 pfn = page_to_pfn(virt_to_page(buf->virt_addr));
2403 retval = remap_pfn_range(vma, start, pfn, PAGE_SIZE,
2404 PAGE_SHARED);
2405 if (retval)
2406 break;
2407
2408 start += PAGE_SIZE;
2409 }
2410 }
2411
2412 if (retval == 0) {
2413 vma->vm_ops = &comedi_vm_ops;
2414 vma->vm_private_data = bm;
2415
2416 vma->vm_ops->open(vma);
2417 }
2418
2419done:
2420 up_read(&dev->attach_lock);
2421 comedi_buf_map_put(bm); /* put reference to buf map - okay if NULL */
2422 return retval;
2423}
2424
2425static __poll_t comedi_poll(struct file *file, poll_table *wait)
2426{
2427 __poll_t mask = 0;
2428 struct comedi_file *cfp = file->private_data;
2429 struct comedi_device *dev = cfp->dev;
2430 struct comedi_subdevice *s, *s_read;
2431
2432 down_read(&dev->attach_lock);
2433
2434 if (!dev->attached) {
2435 dev_dbg(dev->class_dev, "no driver attached\n");
2436 goto done;
2437 }
2438
2439 s = comedi_file_read_subdevice(file);
2440 s_read = s;
2441 if (s && s->async) {
2442 poll_wait(file, &s->async->wait_head, wait);
2443 if (s->busy != file || !comedi_is_subdevice_running(s) ||
2444 (s->async->cmd.flags & CMDF_WRITE) ||
2445 comedi_buf_read_n_available(s) > 0)
2446 mask |= EPOLLIN | EPOLLRDNORM;
2447 }
2448
2449 s = comedi_file_write_subdevice(file);
2450 if (s && s->async) {
2451 unsigned int bps = comedi_bytes_per_sample(s);
2452
2453 if (s != s_read)
2454 poll_wait(file, &s->async->wait_head, wait);
2455 if (s->busy != file || !comedi_is_subdevice_running(s) ||
2456 !(s->async->cmd.flags & CMDF_WRITE) ||
2457 comedi_buf_write_n_available(s) >= bps)
2458 mask |= EPOLLOUT | EPOLLWRNORM;
2459 }
2460
2461done:
2462 up_read(&dev->attach_lock);
2463 return mask;
2464}
2465
2466static ssize_t comedi_write(struct file *file, const char __user *buf,
2467 size_t nbytes, loff_t *offset)
2468{
2469 struct comedi_subdevice *s;
2470 struct comedi_async *async;
2471 unsigned int n, m;
2472 ssize_t count = 0;
2473 int retval = 0;
2474 DECLARE_WAITQUEUE(wait, current);
2475 struct comedi_file *cfp = file->private_data;
2476 struct comedi_device *dev = cfp->dev;
2477 bool become_nonbusy = false;
2478 bool attach_locked;
2479 unsigned int old_detach_count;
2480
2481 /* Protect against device detachment during operation. */
2482 down_read(&dev->attach_lock);
2483 attach_locked = true;
2484 old_detach_count = dev->detach_count;
2485
2486 if (!dev->attached) {
2487 dev_dbg(dev->class_dev, "no driver attached\n");
2488 retval = -ENODEV;
2489 goto out;
2490 }
2491
2492 s = comedi_file_write_subdevice(file);
2493 if (!s || !s->async) {
2494 retval = -EIO;
2495 goto out;
2496 }
2497
2498 async = s->async;
2499 if (s->busy != file || !(async->cmd.flags & CMDF_WRITE)) {
2500 retval = -EINVAL;
2501 goto out;
2502 }
2503
2504 add_wait_queue(&async->wait_head, &wait);
2505 while (count == 0 && !retval) {
2506 unsigned int runflags;
2507 unsigned int wp, n1, n2;
2508
2509 set_current_state(TASK_INTERRUPTIBLE);
2510
2511 runflags = comedi_get_subdevice_runflags(s);
2512 if (!comedi_is_runflags_running(runflags)) {
2513 if (comedi_is_runflags_in_error(runflags))
2514 retval = -EPIPE;
2515 if (retval || nbytes)
2516 become_nonbusy = true;
2517 break;
2518 }
2519 if (nbytes == 0)
2520 break;
2521
2522 /* Allocate all free buffer space. */
2523 comedi_buf_write_alloc(s, async->prealloc_bufsz);
2524 m = comedi_buf_write_n_allocated(s);
2525 n = min_t(size_t, m, nbytes);
2526
2527 if (n == 0) {
2528 if (file->f_flags & O_NONBLOCK) {
2529 retval = -EAGAIN;
2530 break;
2531 }
2532 schedule();
2533 if (signal_pending(current)) {
2534 retval = -ERESTARTSYS;
2535 break;
2536 }
2537 if (s->busy != file ||
2538 !(async->cmd.flags & CMDF_WRITE)) {
2539 retval = -EINVAL;
2540 break;
2541 }
2542 continue;
2543 }
2544
2545 set_current_state(TASK_RUNNING);
2546 wp = async->buf_write_ptr;
2547 n1 = min(n, async->prealloc_bufsz - wp);
2548 n2 = n - n1;
2549 m = copy_from_user(async->prealloc_buf + wp, buf, n1);
2550 if (m)
2551 m += n2;
2552 else if (n2)
2553 m = copy_from_user(async->prealloc_buf, buf + n1, n2);
2554 if (m) {
2555 n -= m;
2556 retval = -EFAULT;
2557 }
2558 comedi_buf_write_free(s, n);
2559
2560 count += n;
2561 nbytes -= n;
2562
2563 buf += n;
2564 }
2565 remove_wait_queue(&async->wait_head, &wait);
2566 set_current_state(TASK_RUNNING);
2567 if (become_nonbusy && count == 0) {
2568 struct comedi_subdevice *new_s;
2569
2570 /*
2571 * To avoid deadlock, cannot acquire dev->mutex
2572 * while dev->attach_lock is held.
2573 */
2574 up_read(&dev->attach_lock);
2575 attach_locked = false;
2576 mutex_lock(&dev->mutex);
2577 /*
2578 * Check device hasn't become detached behind our back.
2579 * Checking dev->detach_count is unchanged ought to be
2580 * sufficient (unless there have been 2**32 detaches in the
2581 * meantime!), but check the subdevice pointer as well just in
2582 * case.
2583 *
2584 * Also check the subdevice is still in a suitable state to
2585 * become non-busy in case it changed behind our back.
2586 */
2587 new_s = comedi_file_write_subdevice(file);
2588 if (dev->attached && old_detach_count == dev->detach_count &&
2589 s == new_s && new_s->async == async && s->busy == file &&
2590 (async->cmd.flags & CMDF_WRITE) &&
2591 !comedi_is_subdevice_running(s))
2592 do_become_nonbusy(dev, s);
2593 mutex_unlock(&dev->mutex);
2594 }
2595out:
2596 if (attach_locked)
2597 up_read(&dev->attach_lock);
2598
2599 return count ? count : retval;
2600}
2601
2602static ssize_t comedi_read(struct file *file, char __user *buf, size_t nbytes,
2603 loff_t *offset)
2604{
2605 struct comedi_subdevice *s;
2606 struct comedi_async *async;
2607 unsigned int n, m;
2608 ssize_t count = 0;
2609 int retval = 0;
2610 DECLARE_WAITQUEUE(wait, current);
2611 struct comedi_file *cfp = file->private_data;
2612 struct comedi_device *dev = cfp->dev;
2613 unsigned int old_detach_count;
2614 bool become_nonbusy = false;
2615 bool attach_locked;
2616
2617 /* Protect against device detachment during operation. */
2618 down_read(&dev->attach_lock);
2619 attach_locked = true;
2620 old_detach_count = dev->detach_count;
2621
2622 if (!dev->attached) {
2623 dev_dbg(dev->class_dev, "no driver attached\n");
2624 retval = -ENODEV;
2625 goto out;
2626 }
2627
2628 s = comedi_file_read_subdevice(file);
2629 if (!s || !s->async) {
2630 retval = -EIO;
2631 goto out;
2632 }
2633
2634 async = s->async;
2635 if (s->busy != file || (async->cmd.flags & CMDF_WRITE)) {
2636 retval = -EINVAL;
2637 goto out;
2638 }
2639
2640 add_wait_queue(&async->wait_head, &wait);
2641 while (count == 0 && !retval) {
2642 unsigned int rp, n1, n2;
2643
2644 set_current_state(TASK_INTERRUPTIBLE);
2645
2646 m = comedi_buf_read_n_available(s);
2647 n = min_t(size_t, m, nbytes);
2648
2649 if (n == 0) {
2650 unsigned int runflags =
2651 comedi_get_subdevice_runflags(s);
2652
2653 if (!comedi_is_runflags_running(runflags)) {
2654 if (comedi_is_runflags_in_error(runflags))
2655 retval = -EPIPE;
2656 if (retval || nbytes)
2657 become_nonbusy = true;
2658 break;
2659 }
2660 if (nbytes == 0)
2661 break;
2662 if (file->f_flags & O_NONBLOCK) {
2663 retval = -EAGAIN;
2664 break;
2665 }
2666 schedule();
2667 if (signal_pending(current)) {
2668 retval = -ERESTARTSYS;
2669 break;
2670 }
2671 if (s->busy != file ||
2672 (async->cmd.flags & CMDF_WRITE)) {
2673 retval = -EINVAL;
2674 break;
2675 }
2676 continue;
2677 }
2678
2679 set_current_state(TASK_RUNNING);
2680 rp = async->buf_read_ptr;
2681 n1 = min(n, async->prealloc_bufsz - rp);
2682 n2 = n - n1;
2683 m = copy_to_user(buf, async->prealloc_buf + rp, n1);
2684 if (m)
2685 m += n2;
2686 else if (n2)
2687 m = copy_to_user(buf + n1, async->prealloc_buf, n2);
2688 if (m) {
2689 n -= m;
2690 retval = -EFAULT;
2691 }
2692
2693 comedi_buf_read_alloc(s, n);
2694 comedi_buf_read_free(s, n);
2695
2696 count += n;
2697 nbytes -= n;
2698
2699 buf += n;
2700 }
2701 remove_wait_queue(&async->wait_head, &wait);
2702 set_current_state(TASK_RUNNING);
2703 if (become_nonbusy && count == 0) {
2704 struct comedi_subdevice *new_s;
2705
2706 /*
2707 * To avoid deadlock, cannot acquire dev->mutex
2708 * while dev->attach_lock is held.
2709 */
2710 up_read(&dev->attach_lock);
2711 attach_locked = false;
2712 mutex_lock(&dev->mutex);
2713 /*
2714 * Check device hasn't become detached behind our back.
2715 * Checking dev->detach_count is unchanged ought to be
2716 * sufficient (unless there have been 2**32 detaches in the
2717 * meantime!), but check the subdevice pointer as well just in
2718 * case.
2719 *
2720 * Also check the subdevice is still in a suitable state to
2721 * become non-busy in case it changed behind our back.
2722 */
2723 new_s = comedi_file_read_subdevice(file);
2724 if (dev->attached && old_detach_count == dev->detach_count &&
2725 s == new_s && new_s->async == async && s->busy == file &&
2726 !(async->cmd.flags & CMDF_WRITE) &&
2727 !comedi_is_subdevice_running(s) &&
2728 comedi_buf_read_n_available(s) == 0)
2729 do_become_nonbusy(dev, s);
2730 mutex_unlock(&dev->mutex);
2731 }
2732out:
2733 if (attach_locked)
2734 up_read(&dev->attach_lock);
2735
2736 return count ? count : retval;
2737}
2738
2739static int comedi_open(struct inode *inode, struct file *file)
2740{
2741 const unsigned int minor = iminor(inode);
2742 struct comedi_file *cfp;
2743 struct comedi_device *dev = comedi_dev_get_from_minor(minor);
2744 int rc;
2745
2746 if (!dev) {
2747 pr_debug("invalid minor number\n");
2748 return -ENODEV;
2749 }
2750
2751 cfp = kzalloc(sizeof(*cfp), GFP_KERNEL);
2752 if (!cfp) {
2753 comedi_dev_put(dev);
2754 return -ENOMEM;
2755 }
2756
2757 cfp->dev = dev;
2758
2759 mutex_lock(&dev->mutex);
2760 if (!dev->attached && !capable(CAP_SYS_ADMIN)) {
2761 dev_dbg(dev->class_dev, "not attached and not CAP_SYS_ADMIN\n");
2762 rc = -ENODEV;
2763 goto out;
2764 }
2765 if (dev->attached && dev->use_count == 0) {
2766 if (!try_module_get(dev->driver->module)) {
2767 rc = -ENXIO;
2768 goto out;
2769 }
2770 if (dev->open) {
2771 rc = dev->open(dev);
2772 if (rc < 0) {
2773 module_put(dev->driver->module);
2774 goto out;
2775 }
2776 }
2777 }
2778
2779 dev->use_count++;
2780 file->private_data = cfp;
2781 comedi_file_reset(file);
2782 rc = 0;
2783
2784out:
2785 mutex_unlock(&dev->mutex);
2786 if (rc) {
2787 comedi_dev_put(dev);
2788 kfree(cfp);
2789 }
2790 return rc;
2791}
2792
2793static int comedi_fasync(int fd, struct file *file, int on)
2794{
2795 struct comedi_file *cfp = file->private_data;
2796 struct comedi_device *dev = cfp->dev;
2797
2798 return fasync_helper(fd, file, on, &dev->async_queue);
2799}
2800
2801static int comedi_close(struct inode *inode, struct file *file)
2802{
2803 struct comedi_file *cfp = file->private_data;
2804 struct comedi_device *dev = cfp->dev;
2805 struct comedi_subdevice *s = NULL;
2806 int i;
2807
2808 mutex_lock(&dev->mutex);
2809
2810 if (dev->subdevices) {
2811 for (i = 0; i < dev->n_subdevices; i++) {
2812 s = &dev->subdevices[i];
2813
2814 if (s->busy == file)
2815 do_cancel(dev, s);
2816 if (s->lock == file)
2817 s->lock = NULL;
2818 }
2819 }
2820 if (dev->attached && dev->use_count == 1) {
2821 if (dev->close)
2822 dev->close(dev);
2823 module_put(dev->driver->module);
2824 }
2825
2826 dev->use_count--;
2827
2828 mutex_unlock(&dev->mutex);
2829 comedi_dev_put(dev);
2830 kfree(cfp);
2831
2832 return 0;
2833}
2834
2835#ifdef CONFIG_COMPAT
2836
2837#define COMEDI32_CHANINFO _IOR(CIO, 3, struct comedi32_chaninfo_struct)
2838#define COMEDI32_RANGEINFO _IOR(CIO, 8, struct comedi32_rangeinfo_struct)
2839/*
2840 * N.B. COMEDI32_CMD and COMEDI_CMD ought to use _IOWR, not _IOR.
2841 * It's too late to change it now, but it only affects the command number.
2842 */
2843#define COMEDI32_CMD _IOR(CIO, 9, struct comedi32_cmd_struct)
2844/*
2845 * N.B. COMEDI32_CMDTEST and COMEDI_CMDTEST ought to use _IOWR, not _IOR.
2846 * It's too late to change it now, but it only affects the command number.
2847 */
2848#define COMEDI32_CMDTEST _IOR(CIO, 10, struct comedi32_cmd_struct)
2849#define COMEDI32_INSNLIST _IOR(CIO, 11, struct comedi32_insnlist_struct)
2850#define COMEDI32_INSN _IOR(CIO, 12, struct comedi32_insn_struct)
2851
2852struct comedi32_chaninfo_struct {
2853 unsigned int subdev;
2854 compat_uptr_t maxdata_list; /* 32-bit 'unsigned int *' */
2855 compat_uptr_t flaglist; /* 32-bit 'unsigned int *' */
2856 compat_uptr_t rangelist; /* 32-bit 'unsigned int *' */
2857 unsigned int unused[4];
2858};
2859
2860struct comedi32_rangeinfo_struct {
2861 unsigned int range_type;
2862 compat_uptr_t range_ptr; /* 32-bit 'void *' */
2863};
2864
2865struct comedi32_cmd_struct {
2866 unsigned int subdev;
2867 unsigned int flags;
2868 unsigned int start_src;
2869 unsigned int start_arg;
2870 unsigned int scan_begin_src;
2871 unsigned int scan_begin_arg;
2872 unsigned int convert_src;
2873 unsigned int convert_arg;
2874 unsigned int scan_end_src;
2875 unsigned int scan_end_arg;
2876 unsigned int stop_src;
2877 unsigned int stop_arg;
2878 compat_uptr_t chanlist; /* 32-bit 'unsigned int *' */
2879 unsigned int chanlist_len;
2880 compat_uptr_t data; /* 32-bit 'short *' */
2881 unsigned int data_len;
2882};
2883
2884struct comedi32_insn_struct {
2885 unsigned int insn;
2886 unsigned int n;
2887 compat_uptr_t data; /* 32-bit 'unsigned int *' */
2888 unsigned int subdev;
2889 unsigned int chanspec;
2890 unsigned int unused[3];
2891};
2892
2893struct comedi32_insnlist_struct {
2894 unsigned int n_insns;
2895 compat_uptr_t insns; /* 32-bit 'struct comedi_insn *' */
2896};
2897
2898/* Handle 32-bit COMEDI_CHANINFO ioctl. */
2899static int compat_chaninfo(struct file *file, unsigned long arg)
2900{
2901 struct comedi_file *cfp = file->private_data;
2902 struct comedi_device *dev = cfp->dev;
2903 struct comedi32_chaninfo_struct chaninfo32;
2904 struct comedi_chaninfo chaninfo;
2905 int err;
2906
2907 if (copy_from_user(&chaninfo32, compat_ptr(arg), sizeof(chaninfo32)))
2908 return -EFAULT;
2909
2910 memset(&chaninfo, 0, sizeof(chaninfo));
2911 chaninfo.subdev = chaninfo32.subdev;
2912 chaninfo.maxdata_list = compat_ptr(chaninfo32.maxdata_list);
2913 chaninfo.flaglist = compat_ptr(chaninfo32.flaglist);
2914 chaninfo.rangelist = compat_ptr(chaninfo32.rangelist);
2915
2916 mutex_lock(&dev->mutex);
2917 err = do_chaninfo_ioctl(dev, &chaninfo);
2918 mutex_unlock(&dev->mutex);
2919 return err;
2920}
2921
2922/* Handle 32-bit COMEDI_RANGEINFO ioctl. */
2923static int compat_rangeinfo(struct file *file, unsigned long arg)
2924{
2925 struct comedi_file *cfp = file->private_data;
2926 struct comedi_device *dev = cfp->dev;
2927 struct comedi32_rangeinfo_struct rangeinfo32;
2928 struct comedi_rangeinfo rangeinfo;
2929 int err;
2930
2931 if (copy_from_user(&rangeinfo32, compat_ptr(arg), sizeof(rangeinfo32)))
2932 return -EFAULT;
2933 memset(&rangeinfo, 0, sizeof(rangeinfo));
2934 rangeinfo.range_type = rangeinfo32.range_type;
2935 rangeinfo.range_ptr = compat_ptr(rangeinfo32.range_ptr);
2936
2937 mutex_lock(&dev->mutex);
2938 err = do_rangeinfo_ioctl(dev, &rangeinfo);
2939 mutex_unlock(&dev->mutex);
2940 return err;
2941}
2942
2943/* Copy 32-bit cmd structure to native cmd structure. */
2944static int get_compat_cmd(struct comedi_cmd *cmd,
2945 struct comedi32_cmd_struct __user *cmd32)
2946{
2947 struct comedi32_cmd_struct v32;
2948
2949 if (copy_from_user(&v32, cmd32, sizeof(v32)))
2950 return -EFAULT;
2951
2952 cmd->subdev = v32.subdev;
2953 cmd->flags = v32.flags;
2954 cmd->start_src = v32.start_src;
2955 cmd->start_arg = v32.start_arg;
2956 cmd->scan_begin_src = v32.scan_begin_src;
2957 cmd->scan_begin_arg = v32.scan_begin_arg;
2958 cmd->convert_src = v32.convert_src;
2959 cmd->convert_arg = v32.convert_arg;
2960 cmd->scan_end_src = v32.scan_end_src;
2961 cmd->scan_end_arg = v32.scan_end_arg;
2962 cmd->stop_src = v32.stop_src;
2963 cmd->stop_arg = v32.stop_arg;
2964 cmd->chanlist = (unsigned int __force *)compat_ptr(v32.chanlist);
2965 cmd->chanlist_len = v32.chanlist_len;
2966 cmd->data = compat_ptr(v32.data);
2967 cmd->data_len = v32.data_len;
2968 return 0;
2969}
2970
2971/* Copy native cmd structure to 32-bit cmd structure. */
2972static int put_compat_cmd(struct comedi32_cmd_struct __user *cmd32,
2973 struct comedi_cmd *cmd)
2974{
2975 struct comedi32_cmd_struct v32;
2976
2977 memset(&v32, 0, sizeof(v32));
2978 v32.subdev = cmd->subdev;
2979 v32.flags = cmd->flags;
2980 v32.start_src = cmd->start_src;
2981 v32.start_arg = cmd->start_arg;
2982 v32.scan_begin_src = cmd->scan_begin_src;
2983 v32.scan_begin_arg = cmd->scan_begin_arg;
2984 v32.convert_src = cmd->convert_src;
2985 v32.convert_arg = cmd->convert_arg;
2986 v32.scan_end_src = cmd->scan_end_src;
2987 v32.scan_end_arg = cmd->scan_end_arg;
2988 v32.stop_src = cmd->stop_src;
2989 v32.stop_arg = cmd->stop_arg;
2990 /* Assume chanlist pointer is unchanged. */
2991 v32.chanlist = ptr_to_compat((unsigned int __user *)cmd->chanlist);
2992 v32.chanlist_len = cmd->chanlist_len;
2993 v32.data = ptr_to_compat(cmd->data);
2994 v32.data_len = cmd->data_len;
2995 if (copy_to_user(cmd32, &v32, sizeof(v32)))
2996 return -EFAULT;
2997 return 0;
2998}
2999
3000/* Handle 32-bit COMEDI_CMD ioctl. */
3001static int compat_cmd(struct file *file, unsigned long arg)
3002{
3003 struct comedi_file *cfp = file->private_data;
3004 struct comedi_device *dev = cfp->dev;
3005 struct comedi_cmd cmd;
3006 bool copy = false;
3007 int rc, err;
3008
3009 rc = get_compat_cmd(&cmd, compat_ptr(arg));
3010 if (rc)
3011 return rc;
3012
3013 mutex_lock(&dev->mutex);
3014 rc = do_cmd_ioctl(dev, &cmd, ©, file);
3015 mutex_unlock(&dev->mutex);
3016 if (copy) {
3017 /* Special case: copy cmd back to user. */
3018 err = put_compat_cmd(compat_ptr(arg), &cmd);
3019 if (err)
3020 rc = err;
3021 }
3022 return rc;
3023}
3024
3025/* Handle 32-bit COMEDI_CMDTEST ioctl. */
3026static int compat_cmdtest(struct file *file, unsigned long arg)
3027{
3028 struct comedi_file *cfp = file->private_data;
3029 struct comedi_device *dev = cfp->dev;
3030 struct comedi_cmd cmd;
3031 bool copy = false;
3032 int rc, err;
3033
3034 rc = get_compat_cmd(&cmd, compat_ptr(arg));
3035 if (rc)
3036 return rc;
3037
3038 mutex_lock(&dev->mutex);
3039 rc = do_cmdtest_ioctl(dev, &cmd, ©, file);
3040 mutex_unlock(&dev->mutex);
3041 if (copy) {
3042 err = put_compat_cmd(compat_ptr(arg), &cmd);
3043 if (err)
3044 rc = err;
3045 }
3046 return rc;
3047}
3048
3049/* Copy 32-bit insn structure to native insn structure. */
3050static int get_compat_insn(struct comedi_insn *insn,
3051 struct comedi32_insn_struct __user *insn32)
3052{
3053 struct comedi32_insn_struct v32;
3054
3055 /* Copy insn structure. Ignore the unused members. */
3056 if (copy_from_user(&v32, insn32, sizeof(v32)))
3057 return -EFAULT;
3058 memset(insn, 0, sizeof(*insn));
3059 insn->insn = v32.insn;
3060 insn->n = v32.n;
3061 insn->data = compat_ptr(v32.data);
3062 insn->subdev = v32.subdev;
3063 insn->chanspec = v32.chanspec;
3064 return 0;
3065}
3066
3067/* Handle 32-bit COMEDI_INSNLIST ioctl. */
3068static int compat_insnlist(struct file *file, unsigned long arg)
3069{
3070 struct comedi_file *cfp = file->private_data;
3071 struct comedi_device *dev = cfp->dev;
3072 struct comedi32_insnlist_struct insnlist32;
3073 struct comedi32_insn_struct __user *insn32;
3074 struct comedi_insn *insns;
3075 unsigned int n;
3076 int rc;
3077
3078 if (copy_from_user(&insnlist32, compat_ptr(arg), sizeof(insnlist32)))
3079 return -EFAULT;
3080
3081 insns = kcalloc(insnlist32.n_insns, sizeof(*insns), GFP_KERNEL);
3082 if (!insns)
3083 return -ENOMEM;
3084
3085 /* Copy insn structures. */
3086 insn32 = compat_ptr(insnlist32.insns);
3087 for (n = 0; n < insnlist32.n_insns; n++) {
3088 rc = get_compat_insn(insns + n, insn32 + n);
3089 if (rc) {
3090 kfree(insns);
3091 return rc;
3092 }
3093 }
3094
3095 mutex_lock(&dev->mutex);
3096 rc = do_insnlist_ioctl(dev, insns, insnlist32.n_insns, file);
3097 mutex_unlock(&dev->mutex);
3098 kfree(insns);
3099 return rc;
3100}
3101
3102/* Handle 32-bit COMEDI_INSN ioctl. */
3103static int compat_insn(struct file *file, unsigned long arg)
3104{
3105 struct comedi_file *cfp = file->private_data;
3106 struct comedi_device *dev = cfp->dev;
3107 struct comedi_insn insn;
3108 int rc;
3109
3110 rc = get_compat_insn(&insn, (void __user *)arg);
3111 if (rc)
3112 return rc;
3113
3114 mutex_lock(&dev->mutex);
3115 rc = do_insn_ioctl(dev, &insn, file);
3116 mutex_unlock(&dev->mutex);
3117 return rc;
3118}
3119
3120/*
3121 * compat_ioctl file operation.
3122 *
3123 * Returns -ENOIOCTLCMD for unrecognised ioctl codes.
3124 */
3125static long comedi_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
3126{
3127 int rc;
3128
3129 switch (cmd) {
3130 case COMEDI_DEVCONFIG:
3131 case COMEDI_DEVINFO:
3132 case COMEDI_SUBDINFO:
3133 case COMEDI_BUFCONFIG:
3134 case COMEDI_BUFINFO:
3135 /* Just need to translate the pointer argument. */
3136 arg = (unsigned long)compat_ptr(arg);
3137 rc = comedi_unlocked_ioctl(file, cmd, arg);
3138 break;
3139 case COMEDI_LOCK:
3140 case COMEDI_UNLOCK:
3141 case COMEDI_CANCEL:
3142 case COMEDI_POLL:
3143 case COMEDI_SETRSUBD:
3144 case COMEDI_SETWSUBD:
3145 /* No translation needed. */
3146 rc = comedi_unlocked_ioctl(file, cmd, arg);
3147 break;
3148 case COMEDI32_CHANINFO:
3149 rc = compat_chaninfo(file, arg);
3150 break;
3151 case COMEDI32_RANGEINFO:
3152 rc = compat_rangeinfo(file, arg);
3153 break;
3154 case COMEDI32_CMD:
3155 rc = compat_cmd(file, arg);
3156 break;
3157 case COMEDI32_CMDTEST:
3158 rc = compat_cmdtest(file, arg);
3159 break;
3160 case COMEDI32_INSNLIST:
3161 rc = compat_insnlist(file, arg);
3162 break;
3163 case COMEDI32_INSN:
3164 rc = compat_insn(file, arg);
3165 break;
3166 default:
3167 rc = -ENOIOCTLCMD;
3168 break;
3169 }
3170 return rc;
3171}
3172#else
3173#define comedi_compat_ioctl NULL
3174#endif
3175
3176static const struct file_operations comedi_fops = {
3177 .owner = THIS_MODULE,
3178 .unlocked_ioctl = comedi_unlocked_ioctl,
3179 .compat_ioctl = comedi_compat_ioctl,
3180 .open = comedi_open,
3181 .release = comedi_close,
3182 .read = comedi_read,
3183 .write = comedi_write,
3184 .mmap = comedi_mmap,
3185 .poll = comedi_poll,
3186 .fasync = comedi_fasync,
3187 .llseek = noop_llseek,
3188};
3189
3190/**
3191 * comedi_event() - Handle events for asynchronous COMEDI command
3192 * @dev: COMEDI device.
3193 * @s: COMEDI subdevice.
3194 * Context: in_interrupt() (usually), @s->spin_lock spin-lock not held.
3195 *
3196 * If an asynchronous COMEDI command is active on the subdevice, process
3197 * any %COMEDI_CB_... event flags that have been set, usually by an
3198 * interrupt handler. These may change the run state of the asynchronous
3199 * command, wake a task, and/or send a %SIGIO signal.
3200 */
3201void comedi_event(struct comedi_device *dev, struct comedi_subdevice *s)
3202{
3203 struct comedi_async *async = s->async;
3204 unsigned int events;
3205 int si_code = 0;
3206 unsigned long flags;
3207
3208 spin_lock_irqsave(&s->spin_lock, flags);
3209
3210 events = async->events;
3211 async->events = 0;
3212 if (!__comedi_is_subdevice_running(s)) {
3213 spin_unlock_irqrestore(&s->spin_lock, flags);
3214 return;
3215 }
3216
3217 if (events & COMEDI_CB_CANCEL_MASK)
3218 __comedi_clear_subdevice_runflags(s, COMEDI_SRF_RUNNING);
3219
3220 /*
3221 * Remember if an error event has occurred, so an error can be
3222 * returned the next time the user does a read() or write().
3223 */
3224 if (events & COMEDI_CB_ERROR_MASK)
3225 __comedi_set_subdevice_runflags(s, COMEDI_SRF_ERROR);
3226
3227 if (async->cb_mask & events) {
3228 wake_up_interruptible(&async->wait_head);
3229 si_code = async->cmd.flags & CMDF_WRITE ? POLL_OUT : POLL_IN;
3230 }
3231
3232 spin_unlock_irqrestore(&s->spin_lock, flags);
3233
3234 if (si_code)
3235 kill_fasync(&dev->async_queue, SIGIO, si_code);
3236}
3237EXPORT_SYMBOL_GPL(comedi_event);
3238
3239/* Note: the ->mutex is pre-locked on successful return */
3240struct comedi_device *comedi_alloc_board_minor(struct device *hardware_device)
3241{
3242 struct comedi_device *dev;
3243 struct device *csdev;
3244 unsigned int i;
3245
3246 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3247 if (!dev)
3248 return ERR_PTR(-ENOMEM);
3249 comedi_device_init(dev);
3250 comedi_set_hw_dev(dev, hardware_device);
3251 mutex_lock(&dev->mutex);
3252 mutex_lock(&comedi_board_minor_table_lock);
3253 for (i = hardware_device ? comedi_num_legacy_minors : 0;
3254 i < COMEDI_NUM_BOARD_MINORS; ++i) {
3255 if (!comedi_board_minor_table[i]) {
3256 comedi_board_minor_table[i] = dev;
3257 break;
3258 }
3259 }
3260 mutex_unlock(&comedi_board_minor_table_lock);
3261 if (i == COMEDI_NUM_BOARD_MINORS) {
3262 mutex_unlock(&dev->mutex);
3263 comedi_device_cleanup(dev);
3264 comedi_dev_put(dev);
3265 dev_err(hardware_device,
3266 "ran out of minor numbers for board device files\n");
3267 return ERR_PTR(-EBUSY);
3268 }
3269 dev->minor = i;
3270 csdev = device_create(&comedi_class, hardware_device,
3271 MKDEV(COMEDI_MAJOR, i), NULL, "comedi%i", i);
3272 if (!IS_ERR(csdev))
3273 dev->class_dev = get_device(csdev);
3274
3275 /* Note: dev->mutex needs to be unlocked by the caller. */
3276 return dev;
3277}
3278
3279void comedi_release_hardware_device(struct device *hardware_device)
3280{
3281 int minor;
3282 struct comedi_device *dev;
3283
3284 for (minor = comedi_num_legacy_minors; minor < COMEDI_NUM_BOARD_MINORS;
3285 minor++) {
3286 mutex_lock(&comedi_board_minor_table_lock);
3287 dev = comedi_board_minor_table[minor];
3288 if (dev && dev->hw_dev == hardware_device) {
3289 comedi_board_minor_table[minor] = NULL;
3290 mutex_unlock(&comedi_board_minor_table_lock);
3291 comedi_free_board_dev(dev);
3292 break;
3293 }
3294 mutex_unlock(&comedi_board_minor_table_lock);
3295 }
3296}
3297
3298int comedi_alloc_subdevice_minor(struct comedi_subdevice *s)
3299{
3300 struct comedi_device *dev = s->device;
3301 struct device *csdev;
3302 unsigned int i;
3303
3304 mutex_lock(&comedi_subdevice_minor_table_lock);
3305 for (i = 0; i < COMEDI_NUM_SUBDEVICE_MINORS; ++i) {
3306 if (!comedi_subdevice_minor_table[i]) {
3307 comedi_subdevice_minor_table[i] = s;
3308 break;
3309 }
3310 }
3311 mutex_unlock(&comedi_subdevice_minor_table_lock);
3312 if (i == COMEDI_NUM_SUBDEVICE_MINORS) {
3313 dev_err(dev->class_dev,
3314 "ran out of minor numbers for subdevice files\n");
3315 return -EBUSY;
3316 }
3317 i += COMEDI_NUM_BOARD_MINORS;
3318 s->minor = i;
3319 csdev = device_create(&comedi_class, dev->class_dev,
3320 MKDEV(COMEDI_MAJOR, i), NULL, "comedi%i_subd%i",
3321 dev->minor, s->index);
3322 if (!IS_ERR(csdev))
3323 s->class_dev = csdev;
3324
3325 return 0;
3326}
3327
3328void comedi_free_subdevice_minor(struct comedi_subdevice *s)
3329{
3330 unsigned int i;
3331
3332 if (!s)
3333 return;
3334 if (s->minor < COMEDI_NUM_BOARD_MINORS ||
3335 s->minor >= COMEDI_NUM_MINORS)
3336 return;
3337
3338 i = s->minor - COMEDI_NUM_BOARD_MINORS;
3339 mutex_lock(&comedi_subdevice_minor_table_lock);
3340 if (s == comedi_subdevice_minor_table[i])
3341 comedi_subdevice_minor_table[i] = NULL;
3342 mutex_unlock(&comedi_subdevice_minor_table_lock);
3343 if (s->class_dev) {
3344 device_destroy(&comedi_class, MKDEV(COMEDI_MAJOR, s->minor));
3345 s->class_dev = NULL;
3346 }
3347}
3348
3349static void comedi_cleanup_board_minors(void)
3350{
3351 struct comedi_device *dev;
3352 unsigned int i;
3353
3354 for (i = 0; i < COMEDI_NUM_BOARD_MINORS; i++) {
3355 dev = comedi_clear_board_minor(i);
3356 comedi_free_board_dev(dev);
3357 }
3358}
3359
3360static int __init comedi_init(void)
3361{
3362 int i;
3363 int retval;
3364
3365 pr_info("version " COMEDI_RELEASE " - http://www.comedi.org\n");
3366
3367 if (comedi_num_legacy_minors > COMEDI_NUM_BOARD_MINORS) {
3368 pr_err("invalid value for module parameter \"comedi_num_legacy_minors\". Valid values are 0 through %i.\n",
3369 COMEDI_NUM_BOARD_MINORS);
3370 return -EINVAL;
3371 }
3372
3373 retval = register_chrdev_region(MKDEV(COMEDI_MAJOR, 0),
3374 COMEDI_NUM_MINORS, "comedi");
3375 if (retval)
3376 return retval;
3377
3378 cdev_init(&comedi_cdev, &comedi_fops);
3379 comedi_cdev.owner = THIS_MODULE;
3380
3381 retval = kobject_set_name(&comedi_cdev.kobj, "comedi");
3382 if (retval)
3383 goto out_unregister_chrdev_region;
3384
3385 retval = cdev_add(&comedi_cdev, MKDEV(COMEDI_MAJOR, 0),
3386 COMEDI_NUM_MINORS);
3387 if (retval)
3388 goto out_unregister_chrdev_region;
3389
3390 retval = class_register(&comedi_class);
3391 if (retval) {
3392 pr_err("failed to create class\n");
3393 goto out_cdev_del;
3394 }
3395
3396 /* create devices files for legacy/manual use */
3397 for (i = 0; i < comedi_num_legacy_minors; i++) {
3398 struct comedi_device *dev;
3399
3400 dev = comedi_alloc_board_minor(NULL);
3401 if (IS_ERR(dev)) {
3402 retval = PTR_ERR(dev);
3403 goto out_cleanup_board_minors;
3404 }
3405 /* comedi_alloc_board_minor() locked the mutex */
3406 lockdep_assert_held(&dev->mutex);
3407 mutex_unlock(&dev->mutex);
3408 }
3409
3410 /* XXX requires /proc interface */
3411 comedi_proc_init();
3412
3413 return 0;
3414
3415out_cleanup_board_minors:
3416 comedi_cleanup_board_minors();
3417 class_unregister(&comedi_class);
3418out_cdev_del:
3419 cdev_del(&comedi_cdev);
3420out_unregister_chrdev_region:
3421 unregister_chrdev_region(MKDEV(COMEDI_MAJOR, 0), COMEDI_NUM_MINORS);
3422 return retval;
3423}
3424module_init(comedi_init);
3425
3426static void __exit comedi_cleanup(void)
3427{
3428 comedi_cleanup_board_minors();
3429 class_unregister(&comedi_class);
3430 cdev_del(&comedi_cdev);
3431 unregister_chrdev_region(MKDEV(COMEDI_MAJOR, 0), COMEDI_NUM_MINORS);
3432
3433 comedi_proc_cleanup();
3434}
3435module_exit(comedi_cleanup);
3436
3437MODULE_AUTHOR("https://www.comedi.org");
3438MODULE_DESCRIPTION("Comedi core module");
3439MODULE_LICENSE("GPL");