Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Routines for driver control interface
4 * Copyright (c) by Jaroslav Kysela <perex@perex.cz>
5 */
6
7#include <linux/threads.h>
8#include <linux/interrupt.h>
9#include <linux/module.h>
10#include <linux/moduleparam.h>
11#include <linux/slab.h>
12#include <linux/vmalloc.h>
13#include <linux/time.h>
14#include <linux/mm.h>
15#include <linux/math64.h>
16#include <linux/sched/signal.h>
17#include <sound/core.h>
18#include <sound/minors.h>
19#include <sound/info.h>
20#include <sound/control.h>
21
22// Max allocation size for user controls.
23static int max_user_ctl_alloc_size = 8 * 1024 * 1024;
24module_param_named(max_user_ctl_alloc_size, max_user_ctl_alloc_size, int, 0444);
25MODULE_PARM_DESC(max_user_ctl_alloc_size, "Max allocation size for user controls");
26
27#define MAX_CONTROL_COUNT 1028
28
29struct snd_kctl_ioctl {
30 struct list_head list; /* list of all ioctls */
31 snd_kctl_ioctl_func_t fioctl;
32};
33
34static DECLARE_RWSEM(snd_ioctl_rwsem);
35static DECLARE_RWSEM(snd_ctl_layer_rwsem);
36static LIST_HEAD(snd_control_ioctls);
37#ifdef CONFIG_COMPAT
38static LIST_HEAD(snd_control_compat_ioctls);
39#endif
40static struct snd_ctl_layer_ops *snd_ctl_layer;
41
42static int snd_ctl_remove_locked(struct snd_card *card,
43 struct snd_kcontrol *kcontrol);
44
45static int snd_ctl_open(struct inode *inode, struct file *file)
46{
47 unsigned long flags;
48 struct snd_card *card;
49 struct snd_ctl_file *ctl;
50 int i, err;
51
52 err = stream_open(inode, file);
53 if (err < 0)
54 return err;
55
56 card = snd_lookup_minor_data(iminor(inode), SNDRV_DEVICE_TYPE_CONTROL);
57 if (!card) {
58 err = -ENODEV;
59 goto __error1;
60 }
61 err = snd_card_file_add(card, file);
62 if (err < 0) {
63 err = -ENODEV;
64 goto __error1;
65 }
66 if (!try_module_get(card->module)) {
67 err = -EFAULT;
68 goto __error2;
69 }
70 ctl = kzalloc(sizeof(*ctl), GFP_KERNEL);
71 if (ctl == NULL) {
72 err = -ENOMEM;
73 goto __error;
74 }
75 INIT_LIST_HEAD(&ctl->events);
76 init_waitqueue_head(&ctl->change_sleep);
77 spin_lock_init(&ctl->read_lock);
78 ctl->card = card;
79 for (i = 0; i < SND_CTL_SUBDEV_ITEMS; i++)
80 ctl->preferred_subdevice[i] = -1;
81 ctl->pid = get_pid(task_pid(current));
82 file->private_data = ctl;
83 write_lock_irqsave(&card->ctl_files_rwlock, flags);
84 list_add_tail(&ctl->list, &card->ctl_files);
85 write_unlock_irqrestore(&card->ctl_files_rwlock, flags);
86 snd_card_unref(card);
87 return 0;
88
89 __error:
90 module_put(card->module);
91 __error2:
92 snd_card_file_remove(card, file);
93 __error1:
94 if (card)
95 snd_card_unref(card);
96 return err;
97}
98
99static void snd_ctl_empty_read_queue(struct snd_ctl_file * ctl)
100{
101 unsigned long flags;
102 struct snd_kctl_event *cread;
103
104 spin_lock_irqsave(&ctl->read_lock, flags);
105 while (!list_empty(&ctl->events)) {
106 cread = snd_kctl_event(ctl->events.next);
107 list_del(&cread->list);
108 kfree(cread);
109 }
110 spin_unlock_irqrestore(&ctl->read_lock, flags);
111}
112
113static int snd_ctl_release(struct inode *inode, struct file *file)
114{
115 unsigned long flags;
116 struct snd_card *card;
117 struct snd_ctl_file *ctl;
118 struct snd_kcontrol *control;
119 unsigned int idx;
120
121 ctl = file->private_data;
122 file->private_data = NULL;
123 card = ctl->card;
124 write_lock_irqsave(&card->ctl_files_rwlock, flags);
125 list_del(&ctl->list);
126 write_unlock_irqrestore(&card->ctl_files_rwlock, flags);
127 down_write(&card->controls_rwsem);
128 list_for_each_entry(control, &card->controls, list)
129 for (idx = 0; idx < control->count; idx++)
130 if (control->vd[idx].owner == ctl)
131 control->vd[idx].owner = NULL;
132 up_write(&card->controls_rwsem);
133 snd_fasync_free(ctl->fasync);
134 snd_ctl_empty_read_queue(ctl);
135 put_pid(ctl->pid);
136 kfree(ctl);
137 module_put(card->module);
138 snd_card_file_remove(card, file);
139 return 0;
140}
141
142/**
143 * snd_ctl_notify - Send notification to user-space for a control change
144 * @card: the card to send notification
145 * @mask: the event mask, SNDRV_CTL_EVENT_*
146 * @id: the ctl element id to send notification
147 *
148 * This function adds an event record with the given id and mask, appends
149 * to the list and wakes up the user-space for notification. This can be
150 * called in the atomic context.
151 */
152void snd_ctl_notify(struct snd_card *card, unsigned int mask,
153 struct snd_ctl_elem_id *id)
154{
155 unsigned long flags;
156 struct snd_ctl_file *ctl;
157 struct snd_kctl_event *ev;
158
159 if (snd_BUG_ON(!card || !id))
160 return;
161 if (card->shutdown)
162 return;
163 read_lock_irqsave(&card->ctl_files_rwlock, flags);
164#if IS_ENABLED(CONFIG_SND_MIXER_OSS)
165 card->mixer_oss_change_count++;
166#endif
167 list_for_each_entry(ctl, &card->ctl_files, list) {
168 if (!ctl->subscribed)
169 continue;
170 spin_lock(&ctl->read_lock);
171 list_for_each_entry(ev, &ctl->events, list) {
172 if (ev->id.numid == id->numid) {
173 ev->mask |= mask;
174 goto _found;
175 }
176 }
177 ev = kzalloc(sizeof(*ev), GFP_ATOMIC);
178 if (ev) {
179 ev->id = *id;
180 ev->mask = mask;
181 list_add_tail(&ev->list, &ctl->events);
182 } else {
183 dev_err(card->dev, "No memory available to allocate event\n");
184 }
185 _found:
186 wake_up(&ctl->change_sleep);
187 spin_unlock(&ctl->read_lock);
188 snd_kill_fasync(ctl->fasync, SIGIO, POLL_IN);
189 }
190 read_unlock_irqrestore(&card->ctl_files_rwlock, flags);
191}
192EXPORT_SYMBOL(snd_ctl_notify);
193
194/**
195 * snd_ctl_notify_one - Send notification to user-space for a control change
196 * @card: the card to send notification
197 * @mask: the event mask, SNDRV_CTL_EVENT_*
198 * @kctl: the pointer with the control instance
199 * @ioff: the additional offset to the control index
200 *
201 * This function calls snd_ctl_notify() and does additional jobs
202 * like LED state changes.
203 */
204void snd_ctl_notify_one(struct snd_card *card, unsigned int mask,
205 struct snd_kcontrol *kctl, unsigned int ioff)
206{
207 struct snd_ctl_elem_id id = kctl->id;
208 struct snd_ctl_layer_ops *lops;
209
210 id.index += ioff;
211 id.numid += ioff;
212 snd_ctl_notify(card, mask, &id);
213 down_read(&snd_ctl_layer_rwsem);
214 for (lops = snd_ctl_layer; lops; lops = lops->next)
215 lops->lnotify(card, mask, kctl, ioff);
216 up_read(&snd_ctl_layer_rwsem);
217}
218EXPORT_SYMBOL(snd_ctl_notify_one);
219
220/**
221 * snd_ctl_new - create a new control instance with some elements
222 * @kctl: the pointer to store new control instance
223 * @count: the number of elements in this control
224 * @access: the default access flags for elements in this control
225 * @file: given when locking these elements
226 *
227 * Allocates a memory object for a new control instance. The instance has
228 * elements as many as the given number (@count). Each element has given
229 * access permissions (@access). Each element is locked when @file is given.
230 *
231 * Return: 0 on success, error code on failure
232 */
233static int snd_ctl_new(struct snd_kcontrol **kctl, unsigned int count,
234 unsigned int access, struct snd_ctl_file *file)
235{
236 unsigned int idx;
237
238 if (count == 0 || count > MAX_CONTROL_COUNT)
239 return -EINVAL;
240
241 *kctl = kzalloc(struct_size(*kctl, vd, count), GFP_KERNEL);
242 if (!*kctl)
243 return -ENOMEM;
244
245 for (idx = 0; idx < count; idx++) {
246 (*kctl)->vd[idx].access = access;
247 (*kctl)->vd[idx].owner = file;
248 }
249 (*kctl)->count = count;
250
251 return 0;
252}
253
254/**
255 * snd_ctl_new1 - create a control instance from the template
256 * @ncontrol: the initialization record
257 * @private_data: the private data to set
258 *
259 * Allocates a new struct snd_kcontrol instance and initialize from the given
260 * template. When the access field of ncontrol is 0, it's assumed as
261 * READWRITE access. When the count field is 0, it's assumes as one.
262 *
263 * Return: The pointer of the newly generated instance, or %NULL on failure.
264 */
265struct snd_kcontrol *snd_ctl_new1(const struct snd_kcontrol_new *ncontrol,
266 void *private_data)
267{
268 struct snd_kcontrol *kctl;
269 unsigned int count;
270 unsigned int access;
271 int err;
272
273 if (snd_BUG_ON(!ncontrol || !ncontrol->info))
274 return NULL;
275
276 count = ncontrol->count;
277 if (count == 0)
278 count = 1;
279
280 access = ncontrol->access;
281 if (access == 0)
282 access = SNDRV_CTL_ELEM_ACCESS_READWRITE;
283 access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE |
284 SNDRV_CTL_ELEM_ACCESS_VOLATILE |
285 SNDRV_CTL_ELEM_ACCESS_INACTIVE |
286 SNDRV_CTL_ELEM_ACCESS_TLV_READWRITE |
287 SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND |
288 SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK |
289 SNDRV_CTL_ELEM_ACCESS_LED_MASK |
290 SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK);
291
292 err = snd_ctl_new(&kctl, count, access, NULL);
293 if (err < 0)
294 return NULL;
295
296 /* The 'numid' member is decided when calling snd_ctl_add(). */
297 kctl->id.iface = ncontrol->iface;
298 kctl->id.device = ncontrol->device;
299 kctl->id.subdevice = ncontrol->subdevice;
300 if (ncontrol->name) {
301 strscpy(kctl->id.name, ncontrol->name, sizeof(kctl->id.name));
302 if (strcmp(ncontrol->name, kctl->id.name) != 0)
303 pr_warn("ALSA: Control name '%s' truncated to '%s'\n",
304 ncontrol->name, kctl->id.name);
305 }
306 kctl->id.index = ncontrol->index;
307
308 kctl->info = ncontrol->info;
309 kctl->get = ncontrol->get;
310 kctl->put = ncontrol->put;
311 kctl->tlv.p = ncontrol->tlv.p;
312
313 kctl->private_value = ncontrol->private_value;
314 kctl->private_data = private_data;
315
316 return kctl;
317}
318EXPORT_SYMBOL(snd_ctl_new1);
319
320/**
321 * snd_ctl_free_one - release the control instance
322 * @kcontrol: the control instance
323 *
324 * Releases the control instance created via snd_ctl_new()
325 * or snd_ctl_new1().
326 * Don't call this after the control was added to the card.
327 */
328void snd_ctl_free_one(struct snd_kcontrol *kcontrol)
329{
330 if (kcontrol) {
331 if (kcontrol->private_free)
332 kcontrol->private_free(kcontrol);
333 kfree(kcontrol);
334 }
335}
336EXPORT_SYMBOL(snd_ctl_free_one);
337
338static bool snd_ctl_remove_numid_conflict(struct snd_card *card,
339 unsigned int count)
340{
341 struct snd_kcontrol *kctl;
342
343 /* Make sure that the ids assigned to the control do not wrap around */
344 if (card->last_numid >= UINT_MAX - count)
345 card->last_numid = 0;
346
347 list_for_each_entry(kctl, &card->controls, list) {
348 if (kctl->id.numid < card->last_numid + 1 + count &&
349 kctl->id.numid + kctl->count > card->last_numid + 1) {
350 card->last_numid = kctl->id.numid + kctl->count - 1;
351 return true;
352 }
353 }
354 return false;
355}
356
357static int snd_ctl_find_hole(struct snd_card *card, unsigned int count)
358{
359 unsigned int iter = 100000;
360
361 while (snd_ctl_remove_numid_conflict(card, count)) {
362 if (--iter == 0) {
363 /* this situation is very unlikely */
364 dev_err(card->dev, "unable to allocate new control numid\n");
365 return -ENOMEM;
366 }
367 }
368 return 0;
369}
370
371/* check whether the given id is contained in the given kctl */
372static bool elem_id_matches(const struct snd_kcontrol *kctl,
373 const struct snd_ctl_elem_id *id)
374{
375 return kctl->id.iface == id->iface &&
376 kctl->id.device == id->device &&
377 kctl->id.subdevice == id->subdevice &&
378 !strncmp(kctl->id.name, id->name, sizeof(kctl->id.name)) &&
379 kctl->id.index <= id->index &&
380 kctl->id.index + kctl->count > id->index;
381}
382
383#ifdef CONFIG_SND_CTL_FAST_LOOKUP
384/* Compute a hash key for the corresponding ctl id
385 * It's for the name lookup, hence the numid is excluded.
386 * The hash key is bound in LONG_MAX to be used for Xarray key.
387 */
388#define MULTIPLIER 37
389static unsigned long get_ctl_id_hash(const struct snd_ctl_elem_id *id)
390{
391 int i;
392 unsigned long h;
393
394 h = id->iface;
395 h = MULTIPLIER * h + id->device;
396 h = MULTIPLIER * h + id->subdevice;
397 for (i = 0; i < SNDRV_CTL_ELEM_ID_NAME_MAXLEN && id->name[i]; i++)
398 h = MULTIPLIER * h + id->name[i];
399 h = MULTIPLIER * h + id->index;
400 h &= LONG_MAX;
401 return h;
402}
403
404/* add hash entries to numid and ctl xarray tables */
405static void add_hash_entries(struct snd_card *card,
406 struct snd_kcontrol *kcontrol)
407{
408 struct snd_ctl_elem_id id = kcontrol->id;
409 int i;
410
411 xa_store_range(&card->ctl_numids, kcontrol->id.numid,
412 kcontrol->id.numid + kcontrol->count - 1,
413 kcontrol, GFP_KERNEL);
414
415 for (i = 0; i < kcontrol->count; i++) {
416 id.index = kcontrol->id.index + i;
417 if (xa_insert(&card->ctl_hash, get_ctl_id_hash(&id),
418 kcontrol, GFP_KERNEL)) {
419 /* skip hash for this entry, noting we had collision */
420 card->ctl_hash_collision = true;
421 dev_dbg(card->dev, "ctl_hash collision %d:%s:%d\n",
422 id.iface, id.name, id.index);
423 }
424 }
425}
426
427/* remove hash entries that have been added */
428static void remove_hash_entries(struct snd_card *card,
429 struct snd_kcontrol *kcontrol)
430{
431 struct snd_ctl_elem_id id = kcontrol->id;
432 struct snd_kcontrol *matched;
433 unsigned long h;
434 int i;
435
436 for (i = 0; i < kcontrol->count; i++) {
437 xa_erase(&card->ctl_numids, id.numid);
438 h = get_ctl_id_hash(&id);
439 matched = xa_load(&card->ctl_hash, h);
440 if (matched && (matched == kcontrol ||
441 elem_id_matches(matched, &id)))
442 xa_erase(&card->ctl_hash, h);
443 id.index++;
444 id.numid++;
445 }
446}
447#else /* CONFIG_SND_CTL_FAST_LOOKUP */
448static inline void add_hash_entries(struct snd_card *card,
449 struct snd_kcontrol *kcontrol)
450{
451}
452static inline void remove_hash_entries(struct snd_card *card,
453 struct snd_kcontrol *kcontrol)
454{
455}
456#endif /* CONFIG_SND_CTL_FAST_LOOKUP */
457
458enum snd_ctl_add_mode {
459 CTL_ADD_EXCLUSIVE, CTL_REPLACE, CTL_ADD_ON_REPLACE,
460};
461
462/* add/replace a new kcontrol object; call with card->controls_rwsem locked */
463static int __snd_ctl_add_replace(struct snd_card *card,
464 struct snd_kcontrol *kcontrol,
465 enum snd_ctl_add_mode mode)
466{
467 struct snd_ctl_elem_id id;
468 unsigned int idx;
469 struct snd_kcontrol *old;
470 int err;
471
472 lockdep_assert_held_write(&card->controls_rwsem);
473
474 id = kcontrol->id;
475 if (id.index > UINT_MAX - kcontrol->count)
476 return -EINVAL;
477
478 old = snd_ctl_find_id_locked(card, &id);
479 if (!old) {
480 if (mode == CTL_REPLACE)
481 return -EINVAL;
482 } else {
483 if (mode == CTL_ADD_EXCLUSIVE) {
484 dev_err(card->dev,
485 "control %i:%i:%i:%s:%i is already present\n",
486 id.iface, id.device, id.subdevice, id.name,
487 id.index);
488 return -EBUSY;
489 }
490
491 err = snd_ctl_remove_locked(card, old);
492 if (err < 0)
493 return err;
494 }
495
496 if (snd_ctl_find_hole(card, kcontrol->count) < 0)
497 return -ENOMEM;
498
499 list_add_tail(&kcontrol->list, &card->controls);
500 card->controls_count += kcontrol->count;
501 kcontrol->id.numid = card->last_numid + 1;
502 card->last_numid += kcontrol->count;
503
504 add_hash_entries(card, kcontrol);
505
506 for (idx = 0; idx < kcontrol->count; idx++)
507 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_ADD, kcontrol, idx);
508
509 return 0;
510}
511
512static int snd_ctl_add_replace(struct snd_card *card,
513 struct snd_kcontrol *kcontrol,
514 enum snd_ctl_add_mode mode)
515{
516 int err = -EINVAL;
517
518 if (! kcontrol)
519 return err;
520 if (snd_BUG_ON(!card || !kcontrol->info))
521 goto error;
522
523 down_write(&card->controls_rwsem);
524 err = __snd_ctl_add_replace(card, kcontrol, mode);
525 up_write(&card->controls_rwsem);
526 if (err < 0)
527 goto error;
528 return 0;
529
530 error:
531 snd_ctl_free_one(kcontrol);
532 return err;
533}
534
535/**
536 * snd_ctl_add - add the control instance to the card
537 * @card: the card instance
538 * @kcontrol: the control instance to add
539 *
540 * Adds the control instance created via snd_ctl_new() or
541 * snd_ctl_new1() to the given card. Assigns also an unique
542 * numid used for fast search.
543 *
544 * It frees automatically the control which cannot be added.
545 *
546 * Return: Zero if successful, or a negative error code on failure.
547 *
548 */
549int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
550{
551 return snd_ctl_add_replace(card, kcontrol, CTL_ADD_EXCLUSIVE);
552}
553EXPORT_SYMBOL(snd_ctl_add);
554
555/**
556 * snd_ctl_replace - replace the control instance of the card
557 * @card: the card instance
558 * @kcontrol: the control instance to replace
559 * @add_on_replace: add the control if not already added
560 *
561 * Replaces the given control. If the given control does not exist
562 * and the add_on_replace flag is set, the control is added. If the
563 * control exists, it is destroyed first.
564 *
565 * It frees automatically the control which cannot be added or replaced.
566 *
567 * Return: Zero if successful, or a negative error code on failure.
568 */
569int snd_ctl_replace(struct snd_card *card, struct snd_kcontrol *kcontrol,
570 bool add_on_replace)
571{
572 return snd_ctl_add_replace(card, kcontrol,
573 add_on_replace ? CTL_ADD_ON_REPLACE : CTL_REPLACE);
574}
575EXPORT_SYMBOL(snd_ctl_replace);
576
577static int __snd_ctl_remove(struct snd_card *card,
578 struct snd_kcontrol *kcontrol,
579 bool remove_hash)
580{
581 unsigned int idx;
582
583 lockdep_assert_held_write(&card->controls_rwsem);
584
585 if (snd_BUG_ON(!card || !kcontrol))
586 return -EINVAL;
587 list_del(&kcontrol->list);
588
589 if (remove_hash)
590 remove_hash_entries(card, kcontrol);
591
592 card->controls_count -= kcontrol->count;
593 for (idx = 0; idx < kcontrol->count; idx++)
594 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_REMOVE, kcontrol, idx);
595 snd_ctl_free_one(kcontrol);
596 return 0;
597}
598
599static inline int snd_ctl_remove_locked(struct snd_card *card,
600 struct snd_kcontrol *kcontrol)
601{
602 return __snd_ctl_remove(card, kcontrol, true);
603}
604
605/**
606 * snd_ctl_remove - remove the control from the card and release it
607 * @card: the card instance
608 * @kcontrol: the control instance to remove
609 *
610 * Removes the control from the card and then releases the instance.
611 * You don't need to call snd_ctl_free_one().
612 *
613 * Return: 0 if successful, or a negative error code on failure.
614 *
615 * Note that this function takes card->controls_rwsem lock internally.
616 */
617int snd_ctl_remove(struct snd_card *card, struct snd_kcontrol *kcontrol)
618{
619 int ret;
620
621 down_write(&card->controls_rwsem);
622 ret = snd_ctl_remove_locked(card, kcontrol);
623 up_write(&card->controls_rwsem);
624 return ret;
625}
626EXPORT_SYMBOL(snd_ctl_remove);
627
628/**
629 * snd_ctl_remove_id - remove the control of the given id and release it
630 * @card: the card instance
631 * @id: the control id to remove
632 *
633 * Finds the control instance with the given id, removes it from the
634 * card list and releases it.
635 *
636 * Return: 0 if successful, or a negative error code on failure.
637 */
638int snd_ctl_remove_id(struct snd_card *card, struct snd_ctl_elem_id *id)
639{
640 struct snd_kcontrol *kctl;
641 int ret;
642
643 down_write(&card->controls_rwsem);
644 kctl = snd_ctl_find_id_locked(card, id);
645 if (kctl == NULL) {
646 up_write(&card->controls_rwsem);
647 return -ENOENT;
648 }
649 ret = snd_ctl_remove_locked(card, kctl);
650 up_write(&card->controls_rwsem);
651 return ret;
652}
653EXPORT_SYMBOL(snd_ctl_remove_id);
654
655/**
656 * snd_ctl_remove_user_ctl - remove and release the unlocked user control
657 * @file: active control handle
658 * @id: the control id to remove
659 *
660 * Finds the control instance with the given id, removes it from the
661 * card list and releases it.
662 *
663 * Return: 0 if successful, or a negative error code on failure.
664 */
665static int snd_ctl_remove_user_ctl(struct snd_ctl_file * file,
666 struct snd_ctl_elem_id *id)
667{
668 struct snd_card *card = file->card;
669 struct snd_kcontrol *kctl;
670 int idx, ret;
671
672 down_write(&card->controls_rwsem);
673 kctl = snd_ctl_find_id_locked(card, id);
674 if (kctl == NULL) {
675 ret = -ENOENT;
676 goto error;
677 }
678 if (!(kctl->vd[0].access & SNDRV_CTL_ELEM_ACCESS_USER)) {
679 ret = -EINVAL;
680 goto error;
681 }
682 for (idx = 0; idx < kctl->count; idx++)
683 if (kctl->vd[idx].owner != NULL && kctl->vd[idx].owner != file) {
684 ret = -EBUSY;
685 goto error;
686 }
687 ret = snd_ctl_remove_locked(card, kctl);
688error:
689 up_write(&card->controls_rwsem);
690 return ret;
691}
692
693/**
694 * snd_ctl_activate_id - activate/inactivate the control of the given id
695 * @card: the card instance
696 * @id: the control id to activate/inactivate
697 * @active: non-zero to activate
698 *
699 * Finds the control instance with the given id, and activate or
700 * inactivate the control together with notification, if changed.
701 * The given ID data is filled with full information.
702 *
703 * Return: 0 if unchanged, 1 if changed, or a negative error code on failure.
704 */
705int snd_ctl_activate_id(struct snd_card *card, struct snd_ctl_elem_id *id,
706 int active)
707{
708 struct snd_kcontrol *kctl;
709 struct snd_kcontrol_volatile *vd;
710 unsigned int index_offset;
711 int ret;
712
713 down_write(&card->controls_rwsem);
714 kctl = snd_ctl_find_id_locked(card, id);
715 if (kctl == NULL) {
716 ret = -ENOENT;
717 goto unlock;
718 }
719 index_offset = snd_ctl_get_ioff(kctl, id);
720 vd = &kctl->vd[index_offset];
721 ret = 0;
722 if (active) {
723 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE))
724 goto unlock;
725 vd->access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE;
726 } else {
727 if (vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE)
728 goto unlock;
729 vd->access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE;
730 }
731 snd_ctl_build_ioff(id, kctl, index_offset);
732 downgrade_write(&card->controls_rwsem);
733 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_INFO, kctl, index_offset);
734 up_read(&card->controls_rwsem);
735 return 1;
736
737 unlock:
738 up_write(&card->controls_rwsem);
739 return ret;
740}
741EXPORT_SYMBOL_GPL(snd_ctl_activate_id);
742
743/**
744 * snd_ctl_rename_id - replace the id of a control on the card
745 * @card: the card instance
746 * @src_id: the old id
747 * @dst_id: the new id
748 *
749 * Finds the control with the old id from the card, and replaces the
750 * id with the new one.
751 *
752 * The function tries to keep the already assigned numid while replacing
753 * the rest.
754 *
755 * Note that this function should be used only in the card initialization
756 * phase. Calling after the card instantiation may cause issues with
757 * user-space expecting persistent numids.
758 *
759 * Return: Zero if successful, or a negative error code on failure.
760 */
761int snd_ctl_rename_id(struct snd_card *card, struct snd_ctl_elem_id *src_id,
762 struct snd_ctl_elem_id *dst_id)
763{
764 struct snd_kcontrol *kctl;
765 int saved_numid;
766
767 down_write(&card->controls_rwsem);
768 kctl = snd_ctl_find_id_locked(card, src_id);
769 if (kctl == NULL) {
770 up_write(&card->controls_rwsem);
771 return -ENOENT;
772 }
773 saved_numid = kctl->id.numid;
774 remove_hash_entries(card, kctl);
775 kctl->id = *dst_id;
776 kctl->id.numid = saved_numid;
777 add_hash_entries(card, kctl);
778 up_write(&card->controls_rwsem);
779 return 0;
780}
781EXPORT_SYMBOL(snd_ctl_rename_id);
782
783/**
784 * snd_ctl_rename - rename the control on the card
785 * @card: the card instance
786 * @kctl: the control to rename
787 * @name: the new name
788 *
789 * Renames the specified control on the card to the new name.
790 *
791 * Note that this function takes card->controls_rwsem lock internally.
792 */
793void snd_ctl_rename(struct snd_card *card, struct snd_kcontrol *kctl,
794 const char *name)
795{
796 down_write(&card->controls_rwsem);
797 remove_hash_entries(card, kctl);
798
799 if (strscpy(kctl->id.name, name, sizeof(kctl->id.name)) < 0)
800 pr_warn("ALSA: Renamed control new name '%s' truncated to '%s'\n",
801 name, kctl->id.name);
802
803 add_hash_entries(card, kctl);
804 up_write(&card->controls_rwsem);
805}
806EXPORT_SYMBOL(snd_ctl_rename);
807
808#ifndef CONFIG_SND_CTL_FAST_LOOKUP
809static struct snd_kcontrol *
810snd_ctl_find_numid_slow(struct snd_card *card, unsigned int numid)
811{
812 struct snd_kcontrol *kctl;
813
814 list_for_each_entry(kctl, &card->controls, list) {
815 if (kctl->id.numid <= numid && kctl->id.numid + kctl->count > numid)
816 return kctl;
817 }
818 return NULL;
819}
820#endif /* !CONFIG_SND_CTL_FAST_LOOKUP */
821
822/**
823 * snd_ctl_find_numid_locked - find the control instance with the given number-id
824 * @card: the card instance
825 * @numid: the number-id to search
826 *
827 * Finds the control instance with the given number-id from the card.
828 *
829 * The caller must down card->controls_rwsem before calling this function
830 * (if the race condition can happen).
831 *
832 * Return: The pointer of the instance if found, or %NULL if not.
833 */
834struct snd_kcontrol *
835snd_ctl_find_numid_locked(struct snd_card *card, unsigned int numid)
836{
837 if (snd_BUG_ON(!card || !numid))
838 return NULL;
839 lockdep_assert_held(&card->controls_rwsem);
840#ifdef CONFIG_SND_CTL_FAST_LOOKUP
841 return xa_load(&card->ctl_numids, numid);
842#else
843 return snd_ctl_find_numid_slow(card, numid);
844#endif
845}
846EXPORT_SYMBOL(snd_ctl_find_numid_locked);
847
848/**
849 * snd_ctl_find_numid - find the control instance with the given number-id
850 * @card: the card instance
851 * @numid: the number-id to search
852 *
853 * Finds the control instance with the given number-id from the card.
854 *
855 * Return: The pointer of the instance if found, or %NULL if not.
856 *
857 * Note that this function takes card->controls_rwsem lock internally.
858 */
859struct snd_kcontrol *snd_ctl_find_numid(struct snd_card *card,
860 unsigned int numid)
861{
862 struct snd_kcontrol *kctl;
863
864 down_read(&card->controls_rwsem);
865 kctl = snd_ctl_find_numid_locked(card, numid);
866 up_read(&card->controls_rwsem);
867 return kctl;
868}
869EXPORT_SYMBOL(snd_ctl_find_numid);
870
871/**
872 * snd_ctl_find_id_locked - find the control instance with the given id
873 * @card: the card instance
874 * @id: the id to search
875 *
876 * Finds the control instance with the given id from the card.
877 *
878 * The caller must down card->controls_rwsem before calling this function
879 * (if the race condition can happen).
880 *
881 * Return: The pointer of the instance if found, or %NULL if not.
882 */
883struct snd_kcontrol *snd_ctl_find_id_locked(struct snd_card *card,
884 const struct snd_ctl_elem_id *id)
885{
886 struct snd_kcontrol *kctl;
887
888 if (snd_BUG_ON(!card || !id))
889 return NULL;
890 lockdep_assert_held(&card->controls_rwsem);
891 if (id->numid != 0)
892 return snd_ctl_find_numid_locked(card, id->numid);
893#ifdef CONFIG_SND_CTL_FAST_LOOKUP
894 kctl = xa_load(&card->ctl_hash, get_ctl_id_hash(id));
895 if (kctl && elem_id_matches(kctl, id))
896 return kctl;
897 if (!card->ctl_hash_collision)
898 return NULL; /* we can rely on only hash table */
899#endif
900 /* no matching in hash table - try all as the last resort */
901 list_for_each_entry(kctl, &card->controls, list)
902 if (elem_id_matches(kctl, id))
903 return kctl;
904
905 return NULL;
906}
907EXPORT_SYMBOL(snd_ctl_find_id_locked);
908
909/**
910 * snd_ctl_find_id - find the control instance with the given id
911 * @card: the card instance
912 * @id: the id to search
913 *
914 * Finds the control instance with the given id from the card.
915 *
916 * Return: The pointer of the instance if found, or %NULL if not.
917 *
918 * Note that this function takes card->controls_rwsem lock internally.
919 */
920struct snd_kcontrol *snd_ctl_find_id(struct snd_card *card,
921 const struct snd_ctl_elem_id *id)
922{
923 struct snd_kcontrol *kctl;
924
925 down_read(&card->controls_rwsem);
926 kctl = snd_ctl_find_id_locked(card, id);
927 up_read(&card->controls_rwsem);
928 return kctl;
929}
930EXPORT_SYMBOL(snd_ctl_find_id);
931
932static int snd_ctl_card_info(struct snd_card *card, struct snd_ctl_file * ctl,
933 unsigned int cmd, void __user *arg)
934{
935 struct snd_ctl_card_info *info;
936
937 info = kzalloc(sizeof(*info), GFP_KERNEL);
938 if (! info)
939 return -ENOMEM;
940 down_read(&snd_ioctl_rwsem);
941 info->card = card->number;
942 strscpy(info->id, card->id, sizeof(info->id));
943 strscpy(info->driver, card->driver, sizeof(info->driver));
944 strscpy(info->name, card->shortname, sizeof(info->name));
945 strscpy(info->longname, card->longname, sizeof(info->longname));
946 strscpy(info->mixername, card->mixername, sizeof(info->mixername));
947 strscpy(info->components, card->components, sizeof(info->components));
948 up_read(&snd_ioctl_rwsem);
949 if (copy_to_user(arg, info, sizeof(struct snd_ctl_card_info))) {
950 kfree(info);
951 return -EFAULT;
952 }
953 kfree(info);
954 return 0;
955}
956
957static int snd_ctl_elem_list(struct snd_card *card,
958 struct snd_ctl_elem_list *list)
959{
960 struct snd_kcontrol *kctl;
961 struct snd_ctl_elem_id id;
962 unsigned int offset, space, jidx;
963 int err = 0;
964
965 offset = list->offset;
966 space = list->space;
967
968 down_read(&card->controls_rwsem);
969 list->count = card->controls_count;
970 list->used = 0;
971 if (space > 0) {
972 list_for_each_entry(kctl, &card->controls, list) {
973 if (offset >= kctl->count) {
974 offset -= kctl->count;
975 continue;
976 }
977 for (jidx = offset; jidx < kctl->count; jidx++) {
978 snd_ctl_build_ioff(&id, kctl, jidx);
979 if (copy_to_user(list->pids + list->used, &id,
980 sizeof(id))) {
981 err = -EFAULT;
982 goto out;
983 }
984 list->used++;
985 if (!--space)
986 goto out;
987 }
988 offset = 0;
989 }
990 }
991 out:
992 up_read(&card->controls_rwsem);
993 return err;
994}
995
996static int snd_ctl_elem_list_user(struct snd_card *card,
997 struct snd_ctl_elem_list __user *_list)
998{
999 struct snd_ctl_elem_list list;
1000 int err;
1001
1002 if (copy_from_user(&list, _list, sizeof(list)))
1003 return -EFAULT;
1004 err = snd_ctl_elem_list(card, &list);
1005 if (err)
1006 return err;
1007 if (copy_to_user(_list, &list, sizeof(list)))
1008 return -EFAULT;
1009
1010 return 0;
1011}
1012
1013/* Check whether the given kctl info is valid */
1014static int snd_ctl_check_elem_info(struct snd_card *card,
1015 const struct snd_ctl_elem_info *info)
1016{
1017 static const unsigned int max_value_counts[] = {
1018 [SNDRV_CTL_ELEM_TYPE_BOOLEAN] = 128,
1019 [SNDRV_CTL_ELEM_TYPE_INTEGER] = 128,
1020 [SNDRV_CTL_ELEM_TYPE_ENUMERATED] = 128,
1021 [SNDRV_CTL_ELEM_TYPE_BYTES] = 512,
1022 [SNDRV_CTL_ELEM_TYPE_IEC958] = 1,
1023 [SNDRV_CTL_ELEM_TYPE_INTEGER64] = 64,
1024 };
1025
1026 if (info->type < SNDRV_CTL_ELEM_TYPE_BOOLEAN ||
1027 info->type > SNDRV_CTL_ELEM_TYPE_INTEGER64) {
1028 if (card)
1029 dev_err(card->dev,
1030 "control %i:%i:%i:%s:%i: invalid type %d\n",
1031 info->id.iface, info->id.device,
1032 info->id.subdevice, info->id.name,
1033 info->id.index, info->type);
1034 return -EINVAL;
1035 }
1036 if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED &&
1037 info->value.enumerated.items == 0) {
1038 if (card)
1039 dev_err(card->dev,
1040 "control %i:%i:%i:%s:%i: zero enum items\n",
1041 info->id.iface, info->id.device,
1042 info->id.subdevice, info->id.name,
1043 info->id.index);
1044 return -EINVAL;
1045 }
1046 if (info->count > max_value_counts[info->type]) {
1047 if (card)
1048 dev_err(card->dev,
1049 "control %i:%i:%i:%s:%i: invalid count %d\n",
1050 info->id.iface, info->id.device,
1051 info->id.subdevice, info->id.name,
1052 info->id.index, info->count);
1053 return -EINVAL;
1054 }
1055
1056 return 0;
1057}
1058
1059/* The capacity of struct snd_ctl_elem_value.value.*/
1060static const unsigned int value_sizes[] = {
1061 [SNDRV_CTL_ELEM_TYPE_BOOLEAN] = sizeof(long),
1062 [SNDRV_CTL_ELEM_TYPE_INTEGER] = sizeof(long),
1063 [SNDRV_CTL_ELEM_TYPE_ENUMERATED] = sizeof(unsigned int),
1064 [SNDRV_CTL_ELEM_TYPE_BYTES] = sizeof(unsigned char),
1065 [SNDRV_CTL_ELEM_TYPE_IEC958] = sizeof(struct snd_aes_iec958),
1066 [SNDRV_CTL_ELEM_TYPE_INTEGER64] = sizeof(long long),
1067};
1068
1069/* fill the remaining snd_ctl_elem_value data with the given pattern */
1070static void fill_remaining_elem_value(struct snd_ctl_elem_value *control,
1071 struct snd_ctl_elem_info *info,
1072 u32 pattern)
1073{
1074 size_t offset = value_sizes[info->type] * info->count;
1075
1076 offset = DIV_ROUND_UP(offset, sizeof(u32));
1077 memset32((u32 *)control->value.bytes.data + offset, pattern,
1078 sizeof(control->value) / sizeof(u32) - offset);
1079}
1080
1081/* check whether the given integer ctl value is valid */
1082static int sanity_check_int_value(struct snd_card *card,
1083 const struct snd_ctl_elem_value *control,
1084 const struct snd_ctl_elem_info *info,
1085 int i, bool print_error)
1086{
1087 long long lval, lmin, lmax, lstep;
1088 u64 rem;
1089
1090 switch (info->type) {
1091 default:
1092 case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
1093 lval = control->value.integer.value[i];
1094 lmin = 0;
1095 lmax = 1;
1096 lstep = 0;
1097 break;
1098 case SNDRV_CTL_ELEM_TYPE_INTEGER:
1099 lval = control->value.integer.value[i];
1100 lmin = info->value.integer.min;
1101 lmax = info->value.integer.max;
1102 lstep = info->value.integer.step;
1103 break;
1104 case SNDRV_CTL_ELEM_TYPE_INTEGER64:
1105 lval = control->value.integer64.value[i];
1106 lmin = info->value.integer64.min;
1107 lmax = info->value.integer64.max;
1108 lstep = info->value.integer64.step;
1109 break;
1110 case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
1111 lval = control->value.enumerated.item[i];
1112 lmin = 0;
1113 lmax = info->value.enumerated.items - 1;
1114 lstep = 0;
1115 break;
1116 }
1117
1118 if (lval < lmin || lval > lmax) {
1119 if (print_error)
1120 dev_err(card->dev,
1121 "control %i:%i:%i:%s:%i: value out of range %lld (%lld/%lld) at count %i\n",
1122 control->id.iface, control->id.device,
1123 control->id.subdevice, control->id.name,
1124 control->id.index, lval, lmin, lmax, i);
1125 return -EINVAL;
1126 }
1127 if (lstep) {
1128 div64_u64_rem(lval, lstep, &rem);
1129 if (rem) {
1130 if (print_error)
1131 dev_err(card->dev,
1132 "control %i:%i:%i:%s:%i: unaligned value %lld (step %lld) at count %i\n",
1133 control->id.iface, control->id.device,
1134 control->id.subdevice, control->id.name,
1135 control->id.index, lval, lstep, i);
1136 return -EINVAL;
1137 }
1138 }
1139
1140 return 0;
1141}
1142
1143/* check whether the all input values are valid for the given elem value */
1144static int sanity_check_input_values(struct snd_card *card,
1145 const struct snd_ctl_elem_value *control,
1146 const struct snd_ctl_elem_info *info,
1147 bool print_error)
1148{
1149 int i, ret;
1150
1151 switch (info->type) {
1152 case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
1153 case SNDRV_CTL_ELEM_TYPE_INTEGER:
1154 case SNDRV_CTL_ELEM_TYPE_INTEGER64:
1155 case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
1156 for (i = 0; i < info->count; i++) {
1157 ret = sanity_check_int_value(card, control, info, i,
1158 print_error);
1159 if (ret < 0)
1160 return ret;
1161 }
1162 break;
1163 default:
1164 break;
1165 }
1166
1167 return 0;
1168}
1169
1170/* perform sanity checks to the given snd_ctl_elem_value object */
1171static int sanity_check_elem_value(struct snd_card *card,
1172 const struct snd_ctl_elem_value *control,
1173 const struct snd_ctl_elem_info *info,
1174 u32 pattern)
1175{
1176 size_t offset;
1177 int ret;
1178 u32 *p;
1179
1180 ret = sanity_check_input_values(card, control, info, true);
1181 if (ret < 0)
1182 return ret;
1183
1184 /* check whether the remaining area kept untouched */
1185 offset = value_sizes[info->type] * info->count;
1186 offset = DIV_ROUND_UP(offset, sizeof(u32));
1187 p = (u32 *)control->value.bytes.data + offset;
1188 for (; offset < sizeof(control->value) / sizeof(u32); offset++, p++) {
1189 if (*p != pattern) {
1190 ret = -EINVAL;
1191 break;
1192 }
1193 *p = 0; /* clear the checked area */
1194 }
1195
1196 return ret;
1197}
1198
1199static int __snd_ctl_elem_info(struct snd_card *card,
1200 struct snd_kcontrol *kctl,
1201 struct snd_ctl_elem_info *info,
1202 struct snd_ctl_file *ctl)
1203{
1204 struct snd_kcontrol_volatile *vd;
1205 unsigned int index_offset;
1206 int result;
1207
1208#ifdef CONFIG_SND_DEBUG
1209 info->access = 0;
1210#endif
1211 result = snd_power_ref_and_wait(card);
1212 if (!result)
1213 result = kctl->info(kctl, info);
1214 snd_power_unref(card);
1215 if (result >= 0) {
1216 snd_BUG_ON(info->access);
1217 index_offset = snd_ctl_get_ioff(kctl, &info->id);
1218 vd = &kctl->vd[index_offset];
1219 snd_ctl_build_ioff(&info->id, kctl, index_offset);
1220 info->access = vd->access;
1221 if (vd->owner) {
1222 info->access |= SNDRV_CTL_ELEM_ACCESS_LOCK;
1223 if (vd->owner == ctl)
1224 info->access |= SNDRV_CTL_ELEM_ACCESS_OWNER;
1225 info->owner = pid_vnr(vd->owner->pid);
1226 } else {
1227 info->owner = -1;
1228 }
1229 if (!snd_ctl_skip_validation(info) &&
1230 snd_ctl_check_elem_info(card, info) < 0)
1231 result = -EINVAL;
1232 }
1233 return result;
1234}
1235
1236static int snd_ctl_elem_info(struct snd_ctl_file *ctl,
1237 struct snd_ctl_elem_info *info)
1238{
1239 struct snd_card *card = ctl->card;
1240 struct snd_kcontrol *kctl;
1241 int result;
1242
1243 down_read(&card->controls_rwsem);
1244 kctl = snd_ctl_find_id_locked(card, &info->id);
1245 if (kctl == NULL)
1246 result = -ENOENT;
1247 else
1248 result = __snd_ctl_elem_info(card, kctl, info, ctl);
1249 up_read(&card->controls_rwsem);
1250 return result;
1251}
1252
1253static int snd_ctl_elem_info_user(struct snd_ctl_file *ctl,
1254 struct snd_ctl_elem_info __user *_info)
1255{
1256 struct snd_ctl_elem_info info;
1257 int result;
1258
1259 if (copy_from_user(&info, _info, sizeof(info)))
1260 return -EFAULT;
1261 result = snd_ctl_elem_info(ctl, &info);
1262 if (result < 0)
1263 return result;
1264 /* drop internal access flags */
1265 info.access &= ~(SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK|
1266 SNDRV_CTL_ELEM_ACCESS_LED_MASK);
1267 if (copy_to_user(_info, &info, sizeof(info)))
1268 return -EFAULT;
1269 return result;
1270}
1271
1272static int snd_ctl_elem_read(struct snd_card *card,
1273 struct snd_ctl_elem_value *control)
1274{
1275 struct snd_kcontrol *kctl;
1276 struct snd_kcontrol_volatile *vd;
1277 unsigned int index_offset;
1278 struct snd_ctl_elem_info info;
1279 const u32 pattern = 0xdeadbeef;
1280 int ret;
1281
1282 down_read(&card->controls_rwsem);
1283 kctl = snd_ctl_find_id_locked(card, &control->id);
1284 if (kctl == NULL) {
1285 ret = -ENOENT;
1286 goto unlock;
1287 }
1288
1289 index_offset = snd_ctl_get_ioff(kctl, &control->id);
1290 vd = &kctl->vd[index_offset];
1291 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_READ) || kctl->get == NULL) {
1292 ret = -EPERM;
1293 goto unlock;
1294 }
1295
1296 snd_ctl_build_ioff(&control->id, kctl, index_offset);
1297
1298#ifdef CONFIG_SND_CTL_DEBUG
1299 /* info is needed only for validation */
1300 memset(&info, 0, sizeof(info));
1301 info.id = control->id;
1302 ret = __snd_ctl_elem_info(card, kctl, &info, NULL);
1303 if (ret < 0)
1304 goto unlock;
1305#endif
1306
1307 if (!snd_ctl_skip_validation(&info))
1308 fill_remaining_elem_value(control, &info, pattern);
1309 ret = snd_power_ref_and_wait(card);
1310 if (!ret)
1311 ret = kctl->get(kctl, control);
1312 snd_power_unref(card);
1313 if (ret < 0)
1314 goto unlock;
1315 if (!snd_ctl_skip_validation(&info) &&
1316 sanity_check_elem_value(card, control, &info, pattern) < 0) {
1317 dev_err(card->dev,
1318 "control %i:%i:%i:%s:%i: access overflow\n",
1319 control->id.iface, control->id.device,
1320 control->id.subdevice, control->id.name,
1321 control->id.index);
1322 ret = -EINVAL;
1323 goto unlock;
1324 }
1325unlock:
1326 up_read(&card->controls_rwsem);
1327 return ret;
1328}
1329
1330static int snd_ctl_elem_read_user(struct snd_card *card,
1331 struct snd_ctl_elem_value __user *_control)
1332{
1333 struct snd_ctl_elem_value *control;
1334 int result;
1335
1336 control = memdup_user(_control, sizeof(*control));
1337 if (IS_ERR(control))
1338 return PTR_ERR(control);
1339
1340 result = snd_ctl_elem_read(card, control);
1341 if (result < 0)
1342 goto error;
1343
1344 if (copy_to_user(_control, control, sizeof(*control)))
1345 result = -EFAULT;
1346 error:
1347 kfree(control);
1348 return result;
1349}
1350
1351static int snd_ctl_elem_write(struct snd_card *card, struct snd_ctl_file *file,
1352 struct snd_ctl_elem_value *control)
1353{
1354 struct snd_kcontrol *kctl;
1355 struct snd_kcontrol_volatile *vd;
1356 unsigned int index_offset;
1357 int result;
1358
1359 down_write(&card->controls_rwsem);
1360 kctl = snd_ctl_find_id_locked(card, &control->id);
1361 if (kctl == NULL) {
1362 up_write(&card->controls_rwsem);
1363 return -ENOENT;
1364 }
1365
1366 index_offset = snd_ctl_get_ioff(kctl, &control->id);
1367 vd = &kctl->vd[index_offset];
1368 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_WRITE) || kctl->put == NULL ||
1369 (file && vd->owner && vd->owner != file)) {
1370 up_write(&card->controls_rwsem);
1371 return -EPERM;
1372 }
1373
1374 snd_ctl_build_ioff(&control->id, kctl, index_offset);
1375 result = snd_power_ref_and_wait(card);
1376 /* validate input values */
1377 if (IS_ENABLED(CONFIG_SND_CTL_INPUT_VALIDATION) && !result) {
1378 struct snd_ctl_elem_info info;
1379
1380 memset(&info, 0, sizeof(info));
1381 info.id = control->id;
1382 result = __snd_ctl_elem_info(card, kctl, &info, NULL);
1383 if (!result)
1384 result = sanity_check_input_values(card, control, &info,
1385 false);
1386 }
1387 if (!result)
1388 result = kctl->put(kctl, control);
1389 snd_power_unref(card);
1390 if (result < 0) {
1391 up_write(&card->controls_rwsem);
1392 return result;
1393 }
1394
1395 if (result > 0) {
1396 downgrade_write(&card->controls_rwsem);
1397 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_VALUE, kctl, index_offset);
1398 up_read(&card->controls_rwsem);
1399 } else {
1400 up_write(&card->controls_rwsem);
1401 }
1402
1403 return 0;
1404}
1405
1406static int snd_ctl_elem_write_user(struct snd_ctl_file *file,
1407 struct snd_ctl_elem_value __user *_control)
1408{
1409 struct snd_ctl_elem_value *control;
1410 struct snd_card *card;
1411 int result;
1412
1413 control = memdup_user(_control, sizeof(*control));
1414 if (IS_ERR(control))
1415 return PTR_ERR(control);
1416
1417 card = file->card;
1418 result = snd_ctl_elem_write(card, file, control);
1419 if (result < 0)
1420 goto error;
1421
1422 if (copy_to_user(_control, control, sizeof(*control)))
1423 result = -EFAULT;
1424 error:
1425 kfree(control);
1426 return result;
1427}
1428
1429static int snd_ctl_elem_lock(struct snd_ctl_file *file,
1430 struct snd_ctl_elem_id __user *_id)
1431{
1432 struct snd_card *card = file->card;
1433 struct snd_ctl_elem_id id;
1434 struct snd_kcontrol *kctl;
1435 struct snd_kcontrol_volatile *vd;
1436 int result;
1437
1438 if (copy_from_user(&id, _id, sizeof(id)))
1439 return -EFAULT;
1440 down_write(&card->controls_rwsem);
1441 kctl = snd_ctl_find_id_locked(card, &id);
1442 if (kctl == NULL) {
1443 result = -ENOENT;
1444 } else {
1445 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)];
1446 if (vd->owner != NULL)
1447 result = -EBUSY;
1448 else {
1449 vd->owner = file;
1450 result = 0;
1451 }
1452 }
1453 up_write(&card->controls_rwsem);
1454 return result;
1455}
1456
1457static int snd_ctl_elem_unlock(struct snd_ctl_file *file,
1458 struct snd_ctl_elem_id __user *_id)
1459{
1460 struct snd_card *card = file->card;
1461 struct snd_ctl_elem_id id;
1462 struct snd_kcontrol *kctl;
1463 struct snd_kcontrol_volatile *vd;
1464 int result;
1465
1466 if (copy_from_user(&id, _id, sizeof(id)))
1467 return -EFAULT;
1468 down_write(&card->controls_rwsem);
1469 kctl = snd_ctl_find_id_locked(card, &id);
1470 if (kctl == NULL) {
1471 result = -ENOENT;
1472 } else {
1473 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)];
1474 if (vd->owner == NULL)
1475 result = -EINVAL;
1476 else if (vd->owner != file)
1477 result = -EPERM;
1478 else {
1479 vd->owner = NULL;
1480 result = 0;
1481 }
1482 }
1483 up_write(&card->controls_rwsem);
1484 return result;
1485}
1486
1487struct user_element {
1488 struct snd_ctl_elem_info info;
1489 struct snd_card *card;
1490 char *elem_data; /* element data */
1491 unsigned long elem_data_size; /* size of element data in bytes */
1492 void *tlv_data; /* TLV data */
1493 unsigned long tlv_data_size; /* TLV data size */
1494 void *priv_data; /* private data (like strings for enumerated type) */
1495};
1496
1497// check whether the addition (in bytes) of user ctl element may overflow the limit.
1498static bool check_user_elem_overflow(struct snd_card *card, ssize_t add)
1499{
1500 return (ssize_t)card->user_ctl_alloc_size + add > max_user_ctl_alloc_size;
1501}
1502
1503static int snd_ctl_elem_user_info(struct snd_kcontrol *kcontrol,
1504 struct snd_ctl_elem_info *uinfo)
1505{
1506 struct user_element *ue = kcontrol->private_data;
1507 unsigned int offset;
1508
1509 offset = snd_ctl_get_ioff(kcontrol, &uinfo->id);
1510 *uinfo = ue->info;
1511 snd_ctl_build_ioff(&uinfo->id, kcontrol, offset);
1512
1513 return 0;
1514}
1515
1516static int snd_ctl_elem_user_enum_info(struct snd_kcontrol *kcontrol,
1517 struct snd_ctl_elem_info *uinfo)
1518{
1519 struct user_element *ue = kcontrol->private_data;
1520 const char *names;
1521 unsigned int item;
1522 unsigned int offset;
1523
1524 item = uinfo->value.enumerated.item;
1525
1526 offset = snd_ctl_get_ioff(kcontrol, &uinfo->id);
1527 *uinfo = ue->info;
1528 snd_ctl_build_ioff(&uinfo->id, kcontrol, offset);
1529
1530 item = min(item, uinfo->value.enumerated.items - 1);
1531 uinfo->value.enumerated.item = item;
1532
1533 names = ue->priv_data;
1534 for (; item > 0; --item)
1535 names += strlen(names) + 1;
1536 strcpy(uinfo->value.enumerated.name, names);
1537
1538 return 0;
1539}
1540
1541static int snd_ctl_elem_user_get(struct snd_kcontrol *kcontrol,
1542 struct snd_ctl_elem_value *ucontrol)
1543{
1544 struct user_element *ue = kcontrol->private_data;
1545 unsigned int size = ue->elem_data_size;
1546 char *src = ue->elem_data +
1547 snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size;
1548
1549 memcpy(&ucontrol->value, src, size);
1550 return 0;
1551}
1552
1553static int snd_ctl_elem_user_put(struct snd_kcontrol *kcontrol,
1554 struct snd_ctl_elem_value *ucontrol)
1555{
1556 int change;
1557 struct user_element *ue = kcontrol->private_data;
1558 unsigned int size = ue->elem_data_size;
1559 char *dst = ue->elem_data +
1560 snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size;
1561
1562 change = memcmp(&ucontrol->value, dst, size) != 0;
1563 if (change)
1564 memcpy(dst, &ucontrol->value, size);
1565 return change;
1566}
1567
1568/* called in controls_rwsem write lock */
1569static int replace_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf,
1570 unsigned int size)
1571{
1572 struct user_element *ue = kctl->private_data;
1573 unsigned int *container;
1574 unsigned int mask = 0;
1575 int i;
1576 int change;
1577
1578 lockdep_assert_held_write(&ue->card->controls_rwsem);
1579
1580 if (size > 1024 * 128) /* sane value */
1581 return -EINVAL;
1582
1583 // does the TLV size change cause overflow?
1584 if (check_user_elem_overflow(ue->card, (ssize_t)(size - ue->tlv_data_size)))
1585 return -ENOMEM;
1586
1587 container = vmemdup_user(buf, size);
1588 if (IS_ERR(container))
1589 return PTR_ERR(container);
1590
1591 change = ue->tlv_data_size != size;
1592 if (!change)
1593 change = memcmp(ue->tlv_data, container, size) != 0;
1594 if (!change) {
1595 kvfree(container);
1596 return 0;
1597 }
1598
1599 if (ue->tlv_data == NULL) {
1600 /* Now TLV data is available. */
1601 for (i = 0; i < kctl->count; ++i)
1602 kctl->vd[i].access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ;
1603 mask = SNDRV_CTL_EVENT_MASK_INFO;
1604 } else {
1605 ue->card->user_ctl_alloc_size -= ue->tlv_data_size;
1606 ue->tlv_data_size = 0;
1607 kvfree(ue->tlv_data);
1608 }
1609
1610 ue->tlv_data = container;
1611 ue->tlv_data_size = size;
1612 // decremented at private_free.
1613 ue->card->user_ctl_alloc_size += size;
1614
1615 mask |= SNDRV_CTL_EVENT_MASK_TLV;
1616 for (i = 0; i < kctl->count; ++i)
1617 snd_ctl_notify_one(ue->card, mask, kctl, i);
1618
1619 return change;
1620}
1621
1622static int read_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf,
1623 unsigned int size)
1624{
1625 struct user_element *ue = kctl->private_data;
1626
1627 if (ue->tlv_data_size == 0 || ue->tlv_data == NULL)
1628 return -ENXIO;
1629
1630 if (size < ue->tlv_data_size)
1631 return -ENOSPC;
1632
1633 if (copy_to_user(buf, ue->tlv_data, ue->tlv_data_size))
1634 return -EFAULT;
1635
1636 return 0;
1637}
1638
1639static int snd_ctl_elem_user_tlv(struct snd_kcontrol *kctl, int op_flag,
1640 unsigned int size, unsigned int __user *buf)
1641{
1642 if (op_flag == SNDRV_CTL_TLV_OP_WRITE)
1643 return replace_user_tlv(kctl, buf, size);
1644 else
1645 return read_user_tlv(kctl, buf, size);
1646}
1647
1648/* called in controls_rwsem write lock */
1649static int snd_ctl_elem_init_enum_names(struct user_element *ue)
1650{
1651 char *names, *p;
1652 size_t buf_len, name_len;
1653 unsigned int i;
1654 const uintptr_t user_ptrval = ue->info.value.enumerated.names_ptr;
1655
1656 lockdep_assert_held_write(&ue->card->controls_rwsem);
1657
1658 buf_len = ue->info.value.enumerated.names_length;
1659 if (buf_len > 64 * 1024)
1660 return -EINVAL;
1661
1662 if (check_user_elem_overflow(ue->card, buf_len))
1663 return -ENOMEM;
1664 names = vmemdup_user((const void __user *)user_ptrval, buf_len);
1665 if (IS_ERR(names))
1666 return PTR_ERR(names);
1667
1668 /* check that there are enough valid names */
1669 p = names;
1670 for (i = 0; i < ue->info.value.enumerated.items; ++i) {
1671 name_len = strnlen(p, buf_len);
1672 if (name_len == 0 || name_len >= 64 || name_len == buf_len) {
1673 kvfree(names);
1674 return -EINVAL;
1675 }
1676 p += name_len + 1;
1677 buf_len -= name_len + 1;
1678 }
1679
1680 ue->priv_data = names;
1681 ue->info.value.enumerated.names_ptr = 0;
1682 // increment the allocation size; decremented again at private_free.
1683 ue->card->user_ctl_alloc_size += ue->info.value.enumerated.names_length;
1684
1685 return 0;
1686}
1687
1688static size_t compute_user_elem_size(size_t size, unsigned int count)
1689{
1690 return sizeof(struct user_element) + size * count;
1691}
1692
1693static void snd_ctl_elem_user_free(struct snd_kcontrol *kcontrol)
1694{
1695 struct user_element *ue = kcontrol->private_data;
1696
1697 // decrement the allocation size.
1698 ue->card->user_ctl_alloc_size -= compute_user_elem_size(ue->elem_data_size, kcontrol->count);
1699 ue->card->user_ctl_alloc_size -= ue->tlv_data_size;
1700 if (ue->priv_data)
1701 ue->card->user_ctl_alloc_size -= ue->info.value.enumerated.names_length;
1702
1703 kvfree(ue->tlv_data);
1704 kvfree(ue->priv_data);
1705 kfree(ue);
1706}
1707
1708static int snd_ctl_elem_add(struct snd_ctl_file *file,
1709 struct snd_ctl_elem_info *info, int replace)
1710{
1711 struct snd_card *card = file->card;
1712 struct snd_kcontrol *kctl;
1713 unsigned int count;
1714 unsigned int access;
1715 long private_size;
1716 size_t alloc_size;
1717 struct user_element *ue;
1718 unsigned int offset;
1719 int err;
1720
1721 if (!*info->id.name)
1722 return -EINVAL;
1723 if (strnlen(info->id.name, sizeof(info->id.name)) >= sizeof(info->id.name))
1724 return -EINVAL;
1725
1726 /* Delete a control to replace them if needed. */
1727 if (replace) {
1728 info->id.numid = 0;
1729 err = snd_ctl_remove_user_ctl(file, &info->id);
1730 if (err)
1731 return err;
1732 }
1733
1734 /* Check the number of elements for this userspace control. */
1735 count = info->owner;
1736 if (count == 0)
1737 count = 1;
1738
1739 /* Arrange access permissions if needed. */
1740 access = info->access;
1741 if (access == 0)
1742 access = SNDRV_CTL_ELEM_ACCESS_READWRITE;
1743 access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE |
1744 SNDRV_CTL_ELEM_ACCESS_INACTIVE |
1745 SNDRV_CTL_ELEM_ACCESS_TLV_WRITE);
1746
1747 /* In initial state, nothing is available as TLV container. */
1748 if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE)
1749 access |= SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK;
1750 access |= SNDRV_CTL_ELEM_ACCESS_USER;
1751
1752 /*
1753 * Check information and calculate the size of data specific to
1754 * this userspace control.
1755 */
1756 /* pass NULL to card for suppressing error messages */
1757 err = snd_ctl_check_elem_info(NULL, info);
1758 if (err < 0)
1759 return err;
1760 /* user-space control doesn't allow zero-size data */
1761 if (info->count < 1)
1762 return -EINVAL;
1763 private_size = value_sizes[info->type] * info->count;
1764 alloc_size = compute_user_elem_size(private_size, count);
1765
1766 down_write(&card->controls_rwsem);
1767 if (check_user_elem_overflow(card, alloc_size)) {
1768 err = -ENOMEM;
1769 goto unlock;
1770 }
1771
1772 /*
1773 * Keep memory object for this userspace control. After passing this
1774 * code block, the instance should be freed by snd_ctl_free_one().
1775 *
1776 * Note that these elements in this control are locked.
1777 */
1778 err = snd_ctl_new(&kctl, count, access, file);
1779 if (err < 0)
1780 goto unlock;
1781 memcpy(&kctl->id, &info->id, sizeof(kctl->id));
1782 ue = kzalloc(alloc_size, GFP_KERNEL);
1783 if (!ue) {
1784 kfree(kctl);
1785 err = -ENOMEM;
1786 goto unlock;
1787 }
1788 kctl->private_data = ue;
1789 kctl->private_free = snd_ctl_elem_user_free;
1790
1791 // increment the allocated size; decremented again at private_free.
1792 card->user_ctl_alloc_size += alloc_size;
1793
1794 /* Set private data for this userspace control. */
1795 ue->card = card;
1796 ue->info = *info;
1797 ue->info.access = 0;
1798 ue->elem_data = (char *)ue + sizeof(*ue);
1799 ue->elem_data_size = private_size;
1800 if (ue->info.type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) {
1801 err = snd_ctl_elem_init_enum_names(ue);
1802 if (err < 0) {
1803 snd_ctl_free_one(kctl);
1804 goto unlock;
1805 }
1806 }
1807
1808 /* Set callback functions. */
1809 if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED)
1810 kctl->info = snd_ctl_elem_user_enum_info;
1811 else
1812 kctl->info = snd_ctl_elem_user_info;
1813 if (access & SNDRV_CTL_ELEM_ACCESS_READ)
1814 kctl->get = snd_ctl_elem_user_get;
1815 if (access & SNDRV_CTL_ELEM_ACCESS_WRITE)
1816 kctl->put = snd_ctl_elem_user_put;
1817 if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE)
1818 kctl->tlv.c = snd_ctl_elem_user_tlv;
1819
1820 /* This function manage to free the instance on failure. */
1821 err = __snd_ctl_add_replace(card, kctl, CTL_ADD_EXCLUSIVE);
1822 if (err < 0) {
1823 snd_ctl_free_one(kctl);
1824 goto unlock;
1825 }
1826 offset = snd_ctl_get_ioff(kctl, &info->id);
1827 snd_ctl_build_ioff(&info->id, kctl, offset);
1828 /*
1829 * Here we cannot fill any field for the number of elements added by
1830 * this operation because there're no specific fields. The usage of
1831 * 'owner' field for this purpose may cause any bugs to userspace
1832 * applications because the field originally means PID of a process
1833 * which locks the element.
1834 */
1835 unlock:
1836 up_write(&card->controls_rwsem);
1837 return err;
1838}
1839
1840static int snd_ctl_elem_add_user(struct snd_ctl_file *file,
1841 struct snd_ctl_elem_info __user *_info, int replace)
1842{
1843 struct snd_ctl_elem_info info;
1844 int err;
1845
1846 if (copy_from_user(&info, _info, sizeof(info)))
1847 return -EFAULT;
1848 err = snd_ctl_elem_add(file, &info, replace);
1849 if (err < 0)
1850 return err;
1851 if (copy_to_user(_info, &info, sizeof(info))) {
1852 snd_ctl_remove_user_ctl(file, &info.id);
1853 return -EFAULT;
1854 }
1855
1856 return 0;
1857}
1858
1859static int snd_ctl_elem_remove(struct snd_ctl_file *file,
1860 struct snd_ctl_elem_id __user *_id)
1861{
1862 struct snd_ctl_elem_id id;
1863
1864 if (copy_from_user(&id, _id, sizeof(id)))
1865 return -EFAULT;
1866 return snd_ctl_remove_user_ctl(file, &id);
1867}
1868
1869static int snd_ctl_subscribe_events(struct snd_ctl_file *file, int __user *ptr)
1870{
1871 int subscribe;
1872 if (get_user(subscribe, ptr))
1873 return -EFAULT;
1874 if (subscribe < 0) {
1875 subscribe = file->subscribed;
1876 if (put_user(subscribe, ptr))
1877 return -EFAULT;
1878 return 0;
1879 }
1880 if (subscribe) {
1881 file->subscribed = 1;
1882 return 0;
1883 } else if (file->subscribed) {
1884 snd_ctl_empty_read_queue(file);
1885 file->subscribed = 0;
1886 }
1887 return 0;
1888}
1889
1890static int call_tlv_handler(struct snd_ctl_file *file, int op_flag,
1891 struct snd_kcontrol *kctl,
1892 struct snd_ctl_elem_id *id,
1893 unsigned int __user *buf, unsigned int size)
1894{
1895 static const struct {
1896 int op;
1897 int perm;
1898 } pairs[] = {
1899 {SNDRV_CTL_TLV_OP_READ, SNDRV_CTL_ELEM_ACCESS_TLV_READ},
1900 {SNDRV_CTL_TLV_OP_WRITE, SNDRV_CTL_ELEM_ACCESS_TLV_WRITE},
1901 {SNDRV_CTL_TLV_OP_CMD, SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND},
1902 };
1903 struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)];
1904 int i, ret;
1905
1906 /* Check support of the request for this element. */
1907 for (i = 0; i < ARRAY_SIZE(pairs); ++i) {
1908 if (op_flag == pairs[i].op && (vd->access & pairs[i].perm))
1909 break;
1910 }
1911 if (i == ARRAY_SIZE(pairs))
1912 return -ENXIO;
1913
1914 if (kctl->tlv.c == NULL)
1915 return -ENXIO;
1916
1917 /* Write and command operations are not allowed for locked element. */
1918 if (op_flag != SNDRV_CTL_TLV_OP_READ &&
1919 vd->owner != NULL && vd->owner != file)
1920 return -EPERM;
1921
1922 ret = snd_power_ref_and_wait(file->card);
1923 if (!ret)
1924 ret = kctl->tlv.c(kctl, op_flag, size, buf);
1925 snd_power_unref(file->card);
1926 return ret;
1927}
1928
1929static int read_tlv_buf(struct snd_kcontrol *kctl, struct snd_ctl_elem_id *id,
1930 unsigned int __user *buf, unsigned int size)
1931{
1932 struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)];
1933 unsigned int len;
1934
1935 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_READ))
1936 return -ENXIO;
1937
1938 if (kctl->tlv.p == NULL)
1939 return -ENXIO;
1940
1941 len = sizeof(unsigned int) * 2 + kctl->tlv.p[1];
1942 if (size < len)
1943 return -ENOMEM;
1944
1945 if (copy_to_user(buf, kctl->tlv.p, len))
1946 return -EFAULT;
1947
1948 return 0;
1949}
1950
1951static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file,
1952 struct snd_ctl_tlv __user *buf,
1953 int op_flag)
1954{
1955 struct snd_ctl_tlv header;
1956 unsigned int __user *container;
1957 unsigned int container_size;
1958 struct snd_kcontrol *kctl;
1959 struct snd_ctl_elem_id id;
1960 struct snd_kcontrol_volatile *vd;
1961
1962 lockdep_assert_held(&file->card->controls_rwsem);
1963
1964 if (copy_from_user(&header, buf, sizeof(header)))
1965 return -EFAULT;
1966
1967 /* In design of control core, numerical ID starts at 1. */
1968 if (header.numid == 0)
1969 return -EINVAL;
1970
1971 /* At least, container should include type and length fields. */
1972 if (header.length < sizeof(unsigned int) * 2)
1973 return -EINVAL;
1974 container_size = header.length;
1975 container = buf->tlv;
1976
1977 kctl = snd_ctl_find_numid_locked(file->card, header.numid);
1978 if (kctl == NULL)
1979 return -ENOENT;
1980
1981 /* Calculate index of the element in this set. */
1982 id = kctl->id;
1983 snd_ctl_build_ioff(&id, kctl, header.numid - id.numid);
1984 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)];
1985
1986 if (vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK) {
1987 return call_tlv_handler(file, op_flag, kctl, &id, container,
1988 container_size);
1989 } else {
1990 if (op_flag == SNDRV_CTL_TLV_OP_READ) {
1991 return read_tlv_buf(kctl, &id, container,
1992 container_size);
1993 }
1994 }
1995
1996 /* Not supported. */
1997 return -ENXIO;
1998}
1999
2000static long snd_ctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2001{
2002 struct snd_ctl_file *ctl;
2003 struct snd_card *card;
2004 struct snd_kctl_ioctl *p;
2005 void __user *argp = (void __user *)arg;
2006 int __user *ip = argp;
2007 int err;
2008
2009 ctl = file->private_data;
2010 card = ctl->card;
2011 if (snd_BUG_ON(!card))
2012 return -ENXIO;
2013 switch (cmd) {
2014 case SNDRV_CTL_IOCTL_PVERSION:
2015 return put_user(SNDRV_CTL_VERSION, ip) ? -EFAULT : 0;
2016 case SNDRV_CTL_IOCTL_CARD_INFO:
2017 return snd_ctl_card_info(card, ctl, cmd, argp);
2018 case SNDRV_CTL_IOCTL_ELEM_LIST:
2019 return snd_ctl_elem_list_user(card, argp);
2020 case SNDRV_CTL_IOCTL_ELEM_INFO:
2021 return snd_ctl_elem_info_user(ctl, argp);
2022 case SNDRV_CTL_IOCTL_ELEM_READ:
2023 return snd_ctl_elem_read_user(card, argp);
2024 case SNDRV_CTL_IOCTL_ELEM_WRITE:
2025 return snd_ctl_elem_write_user(ctl, argp);
2026 case SNDRV_CTL_IOCTL_ELEM_LOCK:
2027 return snd_ctl_elem_lock(ctl, argp);
2028 case SNDRV_CTL_IOCTL_ELEM_UNLOCK:
2029 return snd_ctl_elem_unlock(ctl, argp);
2030 case SNDRV_CTL_IOCTL_ELEM_ADD:
2031 return snd_ctl_elem_add_user(ctl, argp, 0);
2032 case SNDRV_CTL_IOCTL_ELEM_REPLACE:
2033 return snd_ctl_elem_add_user(ctl, argp, 1);
2034 case SNDRV_CTL_IOCTL_ELEM_REMOVE:
2035 return snd_ctl_elem_remove(ctl, argp);
2036 case SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS:
2037 return snd_ctl_subscribe_events(ctl, ip);
2038 case SNDRV_CTL_IOCTL_TLV_READ:
2039 down_read(&ctl->card->controls_rwsem);
2040 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_READ);
2041 up_read(&ctl->card->controls_rwsem);
2042 return err;
2043 case SNDRV_CTL_IOCTL_TLV_WRITE:
2044 down_write(&ctl->card->controls_rwsem);
2045 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_WRITE);
2046 up_write(&ctl->card->controls_rwsem);
2047 return err;
2048 case SNDRV_CTL_IOCTL_TLV_COMMAND:
2049 down_write(&ctl->card->controls_rwsem);
2050 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_CMD);
2051 up_write(&ctl->card->controls_rwsem);
2052 return err;
2053 case SNDRV_CTL_IOCTL_POWER:
2054 return -ENOPROTOOPT;
2055 case SNDRV_CTL_IOCTL_POWER_STATE:
2056 return put_user(SNDRV_CTL_POWER_D0, ip) ? -EFAULT : 0;
2057 }
2058 down_read(&snd_ioctl_rwsem);
2059 list_for_each_entry(p, &snd_control_ioctls, list) {
2060 err = p->fioctl(card, ctl, cmd, arg);
2061 if (err != -ENOIOCTLCMD) {
2062 up_read(&snd_ioctl_rwsem);
2063 return err;
2064 }
2065 }
2066 up_read(&snd_ioctl_rwsem);
2067 dev_dbg(card->dev, "unknown ioctl = 0x%x\n", cmd);
2068 return -ENOTTY;
2069}
2070
2071static ssize_t snd_ctl_read(struct file *file, char __user *buffer,
2072 size_t count, loff_t * offset)
2073{
2074 struct snd_ctl_file *ctl;
2075 int err = 0;
2076 ssize_t result = 0;
2077
2078 ctl = file->private_data;
2079 if (snd_BUG_ON(!ctl || !ctl->card))
2080 return -ENXIO;
2081 if (!ctl->subscribed)
2082 return -EBADFD;
2083 if (count < sizeof(struct snd_ctl_event))
2084 return -EINVAL;
2085 spin_lock_irq(&ctl->read_lock);
2086 while (count >= sizeof(struct snd_ctl_event)) {
2087 struct snd_ctl_event ev;
2088 struct snd_kctl_event *kev;
2089 while (list_empty(&ctl->events)) {
2090 wait_queue_entry_t wait;
2091 if ((file->f_flags & O_NONBLOCK) != 0 || result > 0) {
2092 err = -EAGAIN;
2093 goto __end_lock;
2094 }
2095 init_waitqueue_entry(&wait, current);
2096 add_wait_queue(&ctl->change_sleep, &wait);
2097 set_current_state(TASK_INTERRUPTIBLE);
2098 spin_unlock_irq(&ctl->read_lock);
2099 schedule();
2100 remove_wait_queue(&ctl->change_sleep, &wait);
2101 if (ctl->card->shutdown)
2102 return -ENODEV;
2103 if (signal_pending(current))
2104 return -ERESTARTSYS;
2105 spin_lock_irq(&ctl->read_lock);
2106 }
2107 kev = snd_kctl_event(ctl->events.next);
2108 ev.type = SNDRV_CTL_EVENT_ELEM;
2109 ev.data.elem.mask = kev->mask;
2110 ev.data.elem.id = kev->id;
2111 list_del(&kev->list);
2112 spin_unlock_irq(&ctl->read_lock);
2113 kfree(kev);
2114 if (copy_to_user(buffer, &ev, sizeof(struct snd_ctl_event))) {
2115 err = -EFAULT;
2116 goto __end;
2117 }
2118 spin_lock_irq(&ctl->read_lock);
2119 buffer += sizeof(struct snd_ctl_event);
2120 count -= sizeof(struct snd_ctl_event);
2121 result += sizeof(struct snd_ctl_event);
2122 }
2123 __end_lock:
2124 spin_unlock_irq(&ctl->read_lock);
2125 __end:
2126 return result > 0 ? result : err;
2127}
2128
2129static __poll_t snd_ctl_poll(struct file *file, poll_table * wait)
2130{
2131 __poll_t mask;
2132 struct snd_ctl_file *ctl;
2133
2134 ctl = file->private_data;
2135 if (!ctl->subscribed)
2136 return 0;
2137 poll_wait(file, &ctl->change_sleep, wait);
2138
2139 mask = 0;
2140 if (!list_empty(&ctl->events))
2141 mask |= EPOLLIN | EPOLLRDNORM;
2142
2143 return mask;
2144}
2145
2146/*
2147 * register the device-specific control-ioctls.
2148 * called from each device manager like pcm.c, hwdep.c, etc.
2149 */
2150static int _snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn, struct list_head *lists)
2151{
2152 struct snd_kctl_ioctl *pn;
2153
2154 pn = kzalloc(sizeof(struct snd_kctl_ioctl), GFP_KERNEL);
2155 if (pn == NULL)
2156 return -ENOMEM;
2157 pn->fioctl = fcn;
2158 down_write(&snd_ioctl_rwsem);
2159 list_add_tail(&pn->list, lists);
2160 up_write(&snd_ioctl_rwsem);
2161 return 0;
2162}
2163
2164/**
2165 * snd_ctl_register_ioctl - register the device-specific control-ioctls
2166 * @fcn: ioctl callback function
2167 *
2168 * called from each device manager like pcm.c, hwdep.c, etc.
2169 *
2170 * Return: zero if successful, or a negative error code
2171 */
2172int snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn)
2173{
2174 return _snd_ctl_register_ioctl(fcn, &snd_control_ioctls);
2175}
2176EXPORT_SYMBOL(snd_ctl_register_ioctl);
2177
2178#ifdef CONFIG_COMPAT
2179/**
2180 * snd_ctl_register_ioctl_compat - register the device-specific 32bit compat
2181 * control-ioctls
2182 * @fcn: ioctl callback function
2183 *
2184 * Return: zero if successful, or a negative error code
2185 */
2186int snd_ctl_register_ioctl_compat(snd_kctl_ioctl_func_t fcn)
2187{
2188 return _snd_ctl_register_ioctl(fcn, &snd_control_compat_ioctls);
2189}
2190EXPORT_SYMBOL(snd_ctl_register_ioctl_compat);
2191#endif
2192
2193/*
2194 * de-register the device-specific control-ioctls.
2195 */
2196static int _snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn,
2197 struct list_head *lists)
2198{
2199 struct snd_kctl_ioctl *p;
2200
2201 if (snd_BUG_ON(!fcn))
2202 return -EINVAL;
2203 down_write(&snd_ioctl_rwsem);
2204 list_for_each_entry(p, lists, list) {
2205 if (p->fioctl == fcn) {
2206 list_del(&p->list);
2207 up_write(&snd_ioctl_rwsem);
2208 kfree(p);
2209 return 0;
2210 }
2211 }
2212 up_write(&snd_ioctl_rwsem);
2213 snd_BUG();
2214 return -EINVAL;
2215}
2216
2217/**
2218 * snd_ctl_unregister_ioctl - de-register the device-specific control-ioctls
2219 * @fcn: ioctl callback function to unregister
2220 *
2221 * Return: zero if successful, or a negative error code
2222 */
2223int snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn)
2224{
2225 return _snd_ctl_unregister_ioctl(fcn, &snd_control_ioctls);
2226}
2227EXPORT_SYMBOL(snd_ctl_unregister_ioctl);
2228
2229#ifdef CONFIG_COMPAT
2230/**
2231 * snd_ctl_unregister_ioctl_compat - de-register the device-specific compat
2232 * 32bit control-ioctls
2233 * @fcn: ioctl callback function to unregister
2234 *
2235 * Return: zero if successful, or a negative error code
2236 */
2237int snd_ctl_unregister_ioctl_compat(snd_kctl_ioctl_func_t fcn)
2238{
2239 return _snd_ctl_unregister_ioctl(fcn, &snd_control_compat_ioctls);
2240}
2241EXPORT_SYMBOL(snd_ctl_unregister_ioctl_compat);
2242#endif
2243
2244static int snd_ctl_fasync(int fd, struct file * file, int on)
2245{
2246 struct snd_ctl_file *ctl;
2247
2248 ctl = file->private_data;
2249 return snd_fasync_helper(fd, file, on, &ctl->fasync);
2250}
2251
2252/* return the preferred subdevice number if already assigned;
2253 * otherwise return -1
2254 */
2255int snd_ctl_get_preferred_subdevice(struct snd_card *card, int type)
2256{
2257 struct snd_ctl_file *kctl;
2258 int subdevice = -1;
2259 unsigned long flags;
2260
2261 read_lock_irqsave(&card->ctl_files_rwlock, flags);
2262 list_for_each_entry(kctl, &card->ctl_files, list) {
2263 if (kctl->pid == task_pid(current)) {
2264 subdevice = kctl->preferred_subdevice[type];
2265 if (subdevice != -1)
2266 break;
2267 }
2268 }
2269 read_unlock_irqrestore(&card->ctl_files_rwlock, flags);
2270 return subdevice;
2271}
2272EXPORT_SYMBOL_GPL(snd_ctl_get_preferred_subdevice);
2273
2274/*
2275 * ioctl32 compat
2276 */
2277#ifdef CONFIG_COMPAT
2278#include "control_compat.c"
2279#else
2280#define snd_ctl_ioctl_compat NULL
2281#endif
2282
2283/*
2284 * control layers (audio LED etc.)
2285 */
2286
2287/**
2288 * snd_ctl_request_layer - request to use the layer
2289 * @module_name: Name of the kernel module (NULL == build-in)
2290 *
2291 * Return: zero if successful, or an error code when the module cannot be loaded
2292 */
2293int snd_ctl_request_layer(const char *module_name)
2294{
2295 struct snd_ctl_layer_ops *lops;
2296
2297 if (module_name == NULL)
2298 return 0;
2299 down_read(&snd_ctl_layer_rwsem);
2300 for (lops = snd_ctl_layer; lops; lops = lops->next)
2301 if (strcmp(lops->module_name, module_name) == 0)
2302 break;
2303 up_read(&snd_ctl_layer_rwsem);
2304 if (lops)
2305 return 0;
2306 return request_module(module_name);
2307}
2308EXPORT_SYMBOL_GPL(snd_ctl_request_layer);
2309
2310/**
2311 * snd_ctl_register_layer - register new control layer
2312 * @lops: operation structure
2313 *
2314 * The new layer can track all control elements and do additional
2315 * operations on top (like audio LED handling).
2316 */
2317void snd_ctl_register_layer(struct snd_ctl_layer_ops *lops)
2318{
2319 struct snd_card *card;
2320 int card_number;
2321
2322 down_write(&snd_ctl_layer_rwsem);
2323 lops->next = snd_ctl_layer;
2324 snd_ctl_layer = lops;
2325 up_write(&snd_ctl_layer_rwsem);
2326 for (card_number = 0; card_number < SNDRV_CARDS; card_number++) {
2327 card = snd_card_ref(card_number);
2328 if (card) {
2329 down_read(&card->controls_rwsem);
2330 lops->lregister(card);
2331 up_read(&card->controls_rwsem);
2332 snd_card_unref(card);
2333 }
2334 }
2335}
2336EXPORT_SYMBOL_GPL(snd_ctl_register_layer);
2337
2338/**
2339 * snd_ctl_disconnect_layer - disconnect control layer
2340 * @lops: operation structure
2341 *
2342 * It is expected that the information about tracked cards
2343 * is freed before this call (the disconnect callback is
2344 * not called here).
2345 */
2346void snd_ctl_disconnect_layer(struct snd_ctl_layer_ops *lops)
2347{
2348 struct snd_ctl_layer_ops *lops2, *prev_lops2;
2349
2350 down_write(&snd_ctl_layer_rwsem);
2351 for (lops2 = snd_ctl_layer, prev_lops2 = NULL; lops2; lops2 = lops2->next) {
2352 if (lops2 == lops) {
2353 if (!prev_lops2)
2354 snd_ctl_layer = lops->next;
2355 else
2356 prev_lops2->next = lops->next;
2357 break;
2358 }
2359 prev_lops2 = lops2;
2360 }
2361 up_write(&snd_ctl_layer_rwsem);
2362}
2363EXPORT_SYMBOL_GPL(snd_ctl_disconnect_layer);
2364
2365/*
2366 * INIT PART
2367 */
2368
2369static const struct file_operations snd_ctl_f_ops =
2370{
2371 .owner = THIS_MODULE,
2372 .read = snd_ctl_read,
2373 .open = snd_ctl_open,
2374 .release = snd_ctl_release,
2375 .llseek = no_llseek,
2376 .poll = snd_ctl_poll,
2377 .unlocked_ioctl = snd_ctl_ioctl,
2378 .compat_ioctl = snd_ctl_ioctl_compat,
2379 .fasync = snd_ctl_fasync,
2380};
2381
2382/*
2383 * registration of the control device
2384 */
2385static int snd_ctl_dev_register(struct snd_device *device)
2386{
2387 struct snd_card *card = device->device_data;
2388 struct snd_ctl_layer_ops *lops;
2389 int err;
2390
2391 err = snd_register_device(SNDRV_DEVICE_TYPE_CONTROL, card, -1,
2392 &snd_ctl_f_ops, card, card->ctl_dev);
2393 if (err < 0)
2394 return err;
2395 down_read(&card->controls_rwsem);
2396 down_read(&snd_ctl_layer_rwsem);
2397 for (lops = snd_ctl_layer; lops; lops = lops->next)
2398 lops->lregister(card);
2399 up_read(&snd_ctl_layer_rwsem);
2400 up_read(&card->controls_rwsem);
2401 return 0;
2402}
2403
2404/*
2405 * disconnection of the control device
2406 */
2407static int snd_ctl_dev_disconnect(struct snd_device *device)
2408{
2409 struct snd_card *card = device->device_data;
2410 struct snd_ctl_file *ctl;
2411 struct snd_ctl_layer_ops *lops;
2412 unsigned long flags;
2413
2414 read_lock_irqsave(&card->ctl_files_rwlock, flags);
2415 list_for_each_entry(ctl, &card->ctl_files, list) {
2416 wake_up(&ctl->change_sleep);
2417 snd_kill_fasync(ctl->fasync, SIGIO, POLL_ERR);
2418 }
2419 read_unlock_irqrestore(&card->ctl_files_rwlock, flags);
2420
2421 down_read(&card->controls_rwsem);
2422 down_read(&snd_ctl_layer_rwsem);
2423 for (lops = snd_ctl_layer; lops; lops = lops->next)
2424 lops->ldisconnect(card);
2425 up_read(&snd_ctl_layer_rwsem);
2426 up_read(&card->controls_rwsem);
2427
2428 return snd_unregister_device(card->ctl_dev);
2429}
2430
2431/*
2432 * free all controls
2433 */
2434static int snd_ctl_dev_free(struct snd_device *device)
2435{
2436 struct snd_card *card = device->device_data;
2437 struct snd_kcontrol *control;
2438
2439 down_write(&card->controls_rwsem);
2440 while (!list_empty(&card->controls)) {
2441 control = snd_kcontrol(card->controls.next);
2442 __snd_ctl_remove(card, control, false);
2443 }
2444
2445#ifdef CONFIG_SND_CTL_FAST_LOOKUP
2446 xa_destroy(&card->ctl_numids);
2447 xa_destroy(&card->ctl_hash);
2448#endif
2449 up_write(&card->controls_rwsem);
2450 put_device(card->ctl_dev);
2451 return 0;
2452}
2453
2454/*
2455 * create control core:
2456 * called from init.c
2457 */
2458int snd_ctl_create(struct snd_card *card)
2459{
2460 static const struct snd_device_ops ops = {
2461 .dev_free = snd_ctl_dev_free,
2462 .dev_register = snd_ctl_dev_register,
2463 .dev_disconnect = snd_ctl_dev_disconnect,
2464 };
2465 int err;
2466
2467 if (snd_BUG_ON(!card))
2468 return -ENXIO;
2469 if (snd_BUG_ON(card->number < 0 || card->number >= SNDRV_CARDS))
2470 return -ENXIO;
2471
2472 err = snd_device_alloc(&card->ctl_dev, card);
2473 if (err < 0)
2474 return err;
2475 dev_set_name(card->ctl_dev, "controlC%d", card->number);
2476
2477 err = snd_device_new(card, SNDRV_DEV_CONTROL, card, &ops);
2478 if (err < 0)
2479 put_device(card->ctl_dev);
2480 return err;
2481}
2482
2483/*
2484 * Frequently used control callbacks/helpers
2485 */
2486
2487/**
2488 * snd_ctl_boolean_mono_info - Helper function for a standard boolean info
2489 * callback with a mono channel
2490 * @kcontrol: the kcontrol instance
2491 * @uinfo: info to store
2492 *
2493 * This is a function that can be used as info callback for a standard
2494 * boolean control with a single mono channel.
2495 *
2496 * Return: Zero (always successful)
2497 */
2498int snd_ctl_boolean_mono_info(struct snd_kcontrol *kcontrol,
2499 struct snd_ctl_elem_info *uinfo)
2500{
2501 uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN;
2502 uinfo->count = 1;
2503 uinfo->value.integer.min = 0;
2504 uinfo->value.integer.max = 1;
2505 return 0;
2506}
2507EXPORT_SYMBOL(snd_ctl_boolean_mono_info);
2508
2509/**
2510 * snd_ctl_boolean_stereo_info - Helper function for a standard boolean info
2511 * callback with stereo two channels
2512 * @kcontrol: the kcontrol instance
2513 * @uinfo: info to store
2514 *
2515 * This is a function that can be used as info callback for a standard
2516 * boolean control with stereo two channels.
2517 *
2518 * Return: Zero (always successful)
2519 */
2520int snd_ctl_boolean_stereo_info(struct snd_kcontrol *kcontrol,
2521 struct snd_ctl_elem_info *uinfo)
2522{
2523 uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN;
2524 uinfo->count = 2;
2525 uinfo->value.integer.min = 0;
2526 uinfo->value.integer.max = 1;
2527 return 0;
2528}
2529EXPORT_SYMBOL(snd_ctl_boolean_stereo_info);
2530
2531/**
2532 * snd_ctl_enum_info - fills the info structure for an enumerated control
2533 * @info: the structure to be filled
2534 * @channels: the number of the control's channels; often one
2535 * @items: the number of control values; also the size of @names
2536 * @names: an array containing the names of all control values
2537 *
2538 * Sets all required fields in @info to their appropriate values.
2539 * If the control's accessibility is not the default (readable and writable),
2540 * the caller has to fill @info->access.
2541 *
2542 * Return: Zero (always successful)
2543 */
2544int snd_ctl_enum_info(struct snd_ctl_elem_info *info, unsigned int channels,
2545 unsigned int items, const char *const names[])
2546{
2547 info->type = SNDRV_CTL_ELEM_TYPE_ENUMERATED;
2548 info->count = channels;
2549 info->value.enumerated.items = items;
2550 if (!items)
2551 return 0;
2552 if (info->value.enumerated.item >= items)
2553 info->value.enumerated.item = items - 1;
2554 WARN(strlen(names[info->value.enumerated.item]) >= sizeof(info->value.enumerated.name),
2555 "ALSA: too long item name '%s'\n",
2556 names[info->value.enumerated.item]);
2557 strscpy(info->value.enumerated.name,
2558 names[info->value.enumerated.item],
2559 sizeof(info->value.enumerated.name));
2560 return 0;
2561}
2562EXPORT_SYMBOL(snd_ctl_enum_info);
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Routines for driver control interface
4 * Copyright (c) by Jaroslav Kysela <perex@perex.cz>
5 */
6
7#include <linux/threads.h>
8#include <linux/interrupt.h>
9#include <linux/module.h>
10#include <linux/moduleparam.h>
11#include <linux/slab.h>
12#include <linux/vmalloc.h>
13#include <linux/time.h>
14#include <linux/mm.h>
15#include <linux/math64.h>
16#include <linux/sched/signal.h>
17#include <sound/core.h>
18#include <sound/minors.h>
19#include <sound/info.h>
20#include <sound/control.h>
21
22// Max allocation size for user controls.
23static int max_user_ctl_alloc_size = 8 * 1024 * 1024;
24module_param_named(max_user_ctl_alloc_size, max_user_ctl_alloc_size, int, 0444);
25MODULE_PARM_DESC(max_user_ctl_alloc_size, "Max allocation size for user controls");
26
27#define MAX_CONTROL_COUNT 1028
28
29struct snd_kctl_ioctl {
30 struct list_head list; /* list of all ioctls */
31 snd_kctl_ioctl_func_t fioctl;
32};
33
34static DECLARE_RWSEM(snd_ioctl_rwsem);
35static DECLARE_RWSEM(snd_ctl_layer_rwsem);
36static LIST_HEAD(snd_control_ioctls);
37#ifdef CONFIG_COMPAT
38static LIST_HEAD(snd_control_compat_ioctls);
39#endif
40static struct snd_ctl_layer_ops *snd_ctl_layer;
41
42static int snd_ctl_remove_locked(struct snd_card *card,
43 struct snd_kcontrol *kcontrol);
44
45static int snd_ctl_open(struct inode *inode, struct file *file)
46{
47 struct snd_card *card;
48 struct snd_ctl_file *ctl;
49 int i, err;
50
51 err = stream_open(inode, file);
52 if (err < 0)
53 return err;
54
55 card = snd_lookup_minor_data(iminor(inode), SNDRV_DEVICE_TYPE_CONTROL);
56 if (!card) {
57 err = -ENODEV;
58 goto __error1;
59 }
60 err = snd_card_file_add(card, file);
61 if (err < 0) {
62 err = -ENODEV;
63 goto __error1;
64 }
65 if (!try_module_get(card->module)) {
66 err = -EFAULT;
67 goto __error2;
68 }
69 ctl = kzalloc(sizeof(*ctl), GFP_KERNEL);
70 if (ctl == NULL) {
71 err = -ENOMEM;
72 goto __error;
73 }
74 INIT_LIST_HEAD(&ctl->events);
75 init_waitqueue_head(&ctl->change_sleep);
76 spin_lock_init(&ctl->read_lock);
77 ctl->card = card;
78 for (i = 0; i < SND_CTL_SUBDEV_ITEMS; i++)
79 ctl->preferred_subdevice[i] = -1;
80 ctl->pid = get_pid(task_pid(current));
81 file->private_data = ctl;
82 scoped_guard(write_lock_irqsave, &card->ctl_files_rwlock)
83 list_add_tail(&ctl->list, &card->ctl_files);
84 snd_card_unref(card);
85 return 0;
86
87 __error:
88 module_put(card->module);
89 __error2:
90 snd_card_file_remove(card, file);
91 __error1:
92 if (card)
93 snd_card_unref(card);
94 return err;
95}
96
97static void snd_ctl_empty_read_queue(struct snd_ctl_file * ctl)
98{
99 struct snd_kctl_event *cread;
100
101 guard(spinlock_irqsave)(&ctl->read_lock);
102 while (!list_empty(&ctl->events)) {
103 cread = snd_kctl_event(ctl->events.next);
104 list_del(&cread->list);
105 kfree(cread);
106 }
107}
108
109static int snd_ctl_release(struct inode *inode, struct file *file)
110{
111 struct snd_card *card;
112 struct snd_ctl_file *ctl;
113 struct snd_kcontrol *control;
114 unsigned int idx;
115
116 ctl = file->private_data;
117 file->private_data = NULL;
118 card = ctl->card;
119
120 scoped_guard(write_lock_irqsave, &card->ctl_files_rwlock)
121 list_del(&ctl->list);
122
123 scoped_guard(rwsem_write, &card->controls_rwsem) {
124 list_for_each_entry(control, &card->controls, list)
125 for (idx = 0; idx < control->count; idx++)
126 if (control->vd[idx].owner == ctl)
127 control->vd[idx].owner = NULL;
128 }
129
130 snd_fasync_free(ctl->fasync);
131 snd_ctl_empty_read_queue(ctl);
132 put_pid(ctl->pid);
133 kfree(ctl);
134 module_put(card->module);
135 snd_card_file_remove(card, file);
136 return 0;
137}
138
139/**
140 * snd_ctl_notify - Send notification to user-space for a control change
141 * @card: the card to send notification
142 * @mask: the event mask, SNDRV_CTL_EVENT_*
143 * @id: the ctl element id to send notification
144 *
145 * This function adds an event record with the given id and mask, appends
146 * to the list and wakes up the user-space for notification. This can be
147 * called in the atomic context.
148 */
149void snd_ctl_notify(struct snd_card *card, unsigned int mask,
150 struct snd_ctl_elem_id *id)
151{
152 struct snd_ctl_file *ctl;
153 struct snd_kctl_event *ev;
154
155 if (snd_BUG_ON(!card || !id))
156 return;
157 if (card->shutdown)
158 return;
159
160 guard(read_lock_irqsave)(&card->ctl_files_rwlock);
161#if IS_ENABLED(CONFIG_SND_MIXER_OSS)
162 card->mixer_oss_change_count++;
163#endif
164 list_for_each_entry(ctl, &card->ctl_files, list) {
165 if (!ctl->subscribed)
166 continue;
167 scoped_guard(spinlock, &ctl->read_lock) {
168 list_for_each_entry(ev, &ctl->events, list) {
169 if (ev->id.numid == id->numid) {
170 ev->mask |= mask;
171 goto _found;
172 }
173 }
174 ev = kzalloc(sizeof(*ev), GFP_ATOMIC);
175 if (ev) {
176 ev->id = *id;
177 ev->mask = mask;
178 list_add_tail(&ev->list, &ctl->events);
179 } else {
180 dev_err(card->dev, "No memory available to allocate event\n");
181 }
182_found:
183 wake_up(&ctl->change_sleep);
184 }
185 snd_kill_fasync(ctl->fasync, SIGIO, POLL_IN);
186 }
187}
188EXPORT_SYMBOL(snd_ctl_notify);
189
190/**
191 * snd_ctl_notify_one - Send notification to user-space for a control change
192 * @card: the card to send notification
193 * @mask: the event mask, SNDRV_CTL_EVENT_*
194 * @kctl: the pointer with the control instance
195 * @ioff: the additional offset to the control index
196 *
197 * This function calls snd_ctl_notify() and does additional jobs
198 * like LED state changes.
199 */
200void snd_ctl_notify_one(struct snd_card *card, unsigned int mask,
201 struct snd_kcontrol *kctl, unsigned int ioff)
202{
203 struct snd_ctl_elem_id id = kctl->id;
204 struct snd_ctl_layer_ops *lops;
205
206 id.index += ioff;
207 id.numid += ioff;
208 snd_ctl_notify(card, mask, &id);
209 guard(rwsem_read)(&snd_ctl_layer_rwsem);
210 for (lops = snd_ctl_layer; lops; lops = lops->next)
211 lops->lnotify(card, mask, kctl, ioff);
212}
213EXPORT_SYMBOL(snd_ctl_notify_one);
214
215/**
216 * snd_ctl_new - create a new control instance with some elements
217 * @kctl: the pointer to store new control instance
218 * @count: the number of elements in this control
219 * @access: the default access flags for elements in this control
220 * @file: given when locking these elements
221 *
222 * Allocates a memory object for a new control instance. The instance has
223 * elements as many as the given number (@count). Each element has given
224 * access permissions (@access). Each element is locked when @file is given.
225 *
226 * Return: 0 on success, error code on failure
227 */
228static int snd_ctl_new(struct snd_kcontrol **kctl, unsigned int count,
229 unsigned int access, struct snd_ctl_file *file)
230{
231 unsigned int idx;
232
233 if (count == 0 || count > MAX_CONTROL_COUNT)
234 return -EINVAL;
235
236 *kctl = kzalloc(struct_size(*kctl, vd, count), GFP_KERNEL);
237 if (!*kctl)
238 return -ENOMEM;
239
240 for (idx = 0; idx < count; idx++) {
241 (*kctl)->vd[idx].access = access;
242 (*kctl)->vd[idx].owner = file;
243 }
244 (*kctl)->count = count;
245
246 return 0;
247}
248
249/**
250 * snd_ctl_new1 - create a control instance from the template
251 * @ncontrol: the initialization record
252 * @private_data: the private data to set
253 *
254 * Allocates a new struct snd_kcontrol instance and initialize from the given
255 * template. When the access field of ncontrol is 0, it's assumed as
256 * READWRITE access. When the count field is 0, it's assumes as one.
257 *
258 * Return: The pointer of the newly generated instance, or %NULL on failure.
259 */
260struct snd_kcontrol *snd_ctl_new1(const struct snd_kcontrol_new *ncontrol,
261 void *private_data)
262{
263 struct snd_kcontrol *kctl;
264 unsigned int count;
265 unsigned int access;
266 int err;
267
268 if (snd_BUG_ON(!ncontrol || !ncontrol->info))
269 return NULL;
270
271 count = ncontrol->count;
272 if (count == 0)
273 count = 1;
274
275 access = ncontrol->access;
276 if (access == 0)
277 access = SNDRV_CTL_ELEM_ACCESS_READWRITE;
278 access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE |
279 SNDRV_CTL_ELEM_ACCESS_VOLATILE |
280 SNDRV_CTL_ELEM_ACCESS_INACTIVE |
281 SNDRV_CTL_ELEM_ACCESS_TLV_READWRITE |
282 SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND |
283 SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK |
284 SNDRV_CTL_ELEM_ACCESS_LED_MASK |
285 SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK);
286
287 err = snd_ctl_new(&kctl, count, access, NULL);
288 if (err < 0)
289 return NULL;
290
291 /* The 'numid' member is decided when calling snd_ctl_add(). */
292 kctl->id.iface = ncontrol->iface;
293 kctl->id.device = ncontrol->device;
294 kctl->id.subdevice = ncontrol->subdevice;
295 if (ncontrol->name) {
296 strscpy(kctl->id.name, ncontrol->name, sizeof(kctl->id.name));
297 if (strcmp(ncontrol->name, kctl->id.name) != 0)
298 pr_warn("ALSA: Control name '%s' truncated to '%s'\n",
299 ncontrol->name, kctl->id.name);
300 }
301 kctl->id.index = ncontrol->index;
302
303 kctl->info = ncontrol->info;
304 kctl->get = ncontrol->get;
305 kctl->put = ncontrol->put;
306 kctl->tlv.p = ncontrol->tlv.p;
307
308 kctl->private_value = ncontrol->private_value;
309 kctl->private_data = private_data;
310
311 return kctl;
312}
313EXPORT_SYMBOL(snd_ctl_new1);
314
315/**
316 * snd_ctl_free_one - release the control instance
317 * @kcontrol: the control instance
318 *
319 * Releases the control instance created via snd_ctl_new()
320 * or snd_ctl_new1().
321 * Don't call this after the control was added to the card.
322 */
323void snd_ctl_free_one(struct snd_kcontrol *kcontrol)
324{
325 if (kcontrol) {
326 if (kcontrol->private_free)
327 kcontrol->private_free(kcontrol);
328 kfree(kcontrol);
329 }
330}
331EXPORT_SYMBOL(snd_ctl_free_one);
332
333static bool snd_ctl_remove_numid_conflict(struct snd_card *card,
334 unsigned int count)
335{
336 struct snd_kcontrol *kctl;
337
338 /* Make sure that the ids assigned to the control do not wrap around */
339 if (card->last_numid >= UINT_MAX - count)
340 card->last_numid = 0;
341
342 list_for_each_entry(kctl, &card->controls, list) {
343 if (kctl->id.numid < card->last_numid + 1 + count &&
344 kctl->id.numid + kctl->count > card->last_numid + 1) {
345 card->last_numid = kctl->id.numid + kctl->count - 1;
346 return true;
347 }
348 }
349 return false;
350}
351
352static int snd_ctl_find_hole(struct snd_card *card, unsigned int count)
353{
354 unsigned int iter = 100000;
355
356 while (snd_ctl_remove_numid_conflict(card, count)) {
357 if (--iter == 0) {
358 /* this situation is very unlikely */
359 dev_err(card->dev, "unable to allocate new control numid\n");
360 return -ENOMEM;
361 }
362 }
363 return 0;
364}
365
366/* check whether the given id is contained in the given kctl */
367static bool elem_id_matches(const struct snd_kcontrol *kctl,
368 const struct snd_ctl_elem_id *id)
369{
370 return kctl->id.iface == id->iface &&
371 kctl->id.device == id->device &&
372 kctl->id.subdevice == id->subdevice &&
373 !strncmp(kctl->id.name, id->name, sizeof(kctl->id.name)) &&
374 kctl->id.index <= id->index &&
375 kctl->id.index + kctl->count > id->index;
376}
377
378#ifdef CONFIG_SND_CTL_FAST_LOOKUP
379/* Compute a hash key for the corresponding ctl id
380 * It's for the name lookup, hence the numid is excluded.
381 * The hash key is bound in LONG_MAX to be used for Xarray key.
382 */
383#define MULTIPLIER 37
384static unsigned long get_ctl_id_hash(const struct snd_ctl_elem_id *id)
385{
386 int i;
387 unsigned long h;
388
389 h = id->iface;
390 h = MULTIPLIER * h + id->device;
391 h = MULTIPLIER * h + id->subdevice;
392 for (i = 0; i < SNDRV_CTL_ELEM_ID_NAME_MAXLEN && id->name[i]; i++)
393 h = MULTIPLIER * h + id->name[i];
394 h = MULTIPLIER * h + id->index;
395 h &= LONG_MAX;
396 return h;
397}
398
399/* add hash entries to numid and ctl xarray tables */
400static void add_hash_entries(struct snd_card *card,
401 struct snd_kcontrol *kcontrol)
402{
403 struct snd_ctl_elem_id id = kcontrol->id;
404 int i;
405
406 xa_store_range(&card->ctl_numids, kcontrol->id.numid,
407 kcontrol->id.numid + kcontrol->count - 1,
408 kcontrol, GFP_KERNEL);
409
410 for (i = 0; i < kcontrol->count; i++) {
411 id.index = kcontrol->id.index + i;
412 if (xa_insert(&card->ctl_hash, get_ctl_id_hash(&id),
413 kcontrol, GFP_KERNEL)) {
414 /* skip hash for this entry, noting we had collision */
415 card->ctl_hash_collision = true;
416 dev_dbg(card->dev, "ctl_hash collision %d:%s:%d\n",
417 id.iface, id.name, id.index);
418 }
419 }
420}
421
422/* remove hash entries that have been added */
423static void remove_hash_entries(struct snd_card *card,
424 struct snd_kcontrol *kcontrol)
425{
426 struct snd_ctl_elem_id id = kcontrol->id;
427 struct snd_kcontrol *matched;
428 unsigned long h;
429 int i;
430
431 for (i = 0; i < kcontrol->count; i++) {
432 xa_erase(&card->ctl_numids, id.numid);
433 h = get_ctl_id_hash(&id);
434 matched = xa_load(&card->ctl_hash, h);
435 if (matched && (matched == kcontrol ||
436 elem_id_matches(matched, &id)))
437 xa_erase(&card->ctl_hash, h);
438 id.index++;
439 id.numid++;
440 }
441}
442#else /* CONFIG_SND_CTL_FAST_LOOKUP */
443static inline void add_hash_entries(struct snd_card *card,
444 struct snd_kcontrol *kcontrol)
445{
446}
447static inline void remove_hash_entries(struct snd_card *card,
448 struct snd_kcontrol *kcontrol)
449{
450}
451#endif /* CONFIG_SND_CTL_FAST_LOOKUP */
452
453enum snd_ctl_add_mode {
454 CTL_ADD_EXCLUSIVE, CTL_REPLACE, CTL_ADD_ON_REPLACE,
455};
456
457/* add/replace a new kcontrol object; call with card->controls_rwsem locked */
458static int __snd_ctl_add_replace(struct snd_card *card,
459 struct snd_kcontrol *kcontrol,
460 enum snd_ctl_add_mode mode)
461{
462 struct snd_ctl_elem_id id;
463 unsigned int idx;
464 struct snd_kcontrol *old;
465 int err;
466
467 lockdep_assert_held_write(&card->controls_rwsem);
468
469 id = kcontrol->id;
470 if (id.index > UINT_MAX - kcontrol->count)
471 return -EINVAL;
472
473 old = snd_ctl_find_id_locked(card, &id);
474 if (!old) {
475 if (mode == CTL_REPLACE)
476 return -EINVAL;
477 } else {
478 if (mode == CTL_ADD_EXCLUSIVE) {
479 dev_err(card->dev,
480 "control %i:%i:%i:%s:%i is already present\n",
481 id.iface, id.device, id.subdevice, id.name,
482 id.index);
483 return -EBUSY;
484 }
485
486 err = snd_ctl_remove_locked(card, old);
487 if (err < 0)
488 return err;
489 }
490
491 if (snd_ctl_find_hole(card, kcontrol->count) < 0)
492 return -ENOMEM;
493
494 list_add_tail(&kcontrol->list, &card->controls);
495 card->controls_count += kcontrol->count;
496 kcontrol->id.numid = card->last_numid + 1;
497 card->last_numid += kcontrol->count;
498
499 add_hash_entries(card, kcontrol);
500
501 for (idx = 0; idx < kcontrol->count; idx++)
502 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_ADD, kcontrol, idx);
503
504 return 0;
505}
506
507static int snd_ctl_add_replace(struct snd_card *card,
508 struct snd_kcontrol *kcontrol,
509 enum snd_ctl_add_mode mode)
510{
511 int err = -EINVAL;
512
513 if (! kcontrol)
514 return err;
515 if (snd_BUG_ON(!card || !kcontrol->info))
516 goto error;
517
518 scoped_guard(rwsem_write, &card->controls_rwsem)
519 err = __snd_ctl_add_replace(card, kcontrol, mode);
520
521 if (err < 0)
522 goto error;
523 return 0;
524
525 error:
526 snd_ctl_free_one(kcontrol);
527 return err;
528}
529
530/**
531 * snd_ctl_add - add the control instance to the card
532 * @card: the card instance
533 * @kcontrol: the control instance to add
534 *
535 * Adds the control instance created via snd_ctl_new() or
536 * snd_ctl_new1() to the given card. Assigns also an unique
537 * numid used for fast search.
538 *
539 * It frees automatically the control which cannot be added.
540 *
541 * Return: Zero if successful, or a negative error code on failure.
542 *
543 */
544int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
545{
546 return snd_ctl_add_replace(card, kcontrol, CTL_ADD_EXCLUSIVE);
547}
548EXPORT_SYMBOL(snd_ctl_add);
549
550/**
551 * snd_ctl_replace - replace the control instance of the card
552 * @card: the card instance
553 * @kcontrol: the control instance to replace
554 * @add_on_replace: add the control if not already added
555 *
556 * Replaces the given control. If the given control does not exist
557 * and the add_on_replace flag is set, the control is added. If the
558 * control exists, it is destroyed first.
559 *
560 * It frees automatically the control which cannot be added or replaced.
561 *
562 * Return: Zero if successful, or a negative error code on failure.
563 */
564int snd_ctl_replace(struct snd_card *card, struct snd_kcontrol *kcontrol,
565 bool add_on_replace)
566{
567 return snd_ctl_add_replace(card, kcontrol,
568 add_on_replace ? CTL_ADD_ON_REPLACE : CTL_REPLACE);
569}
570EXPORT_SYMBOL(snd_ctl_replace);
571
572static int __snd_ctl_remove(struct snd_card *card,
573 struct snd_kcontrol *kcontrol,
574 bool remove_hash)
575{
576 unsigned int idx;
577
578 lockdep_assert_held_write(&card->controls_rwsem);
579
580 if (snd_BUG_ON(!card || !kcontrol))
581 return -EINVAL;
582 list_del(&kcontrol->list);
583
584 if (remove_hash)
585 remove_hash_entries(card, kcontrol);
586
587 card->controls_count -= kcontrol->count;
588 for (idx = 0; idx < kcontrol->count; idx++)
589 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_REMOVE, kcontrol, idx);
590 snd_ctl_free_one(kcontrol);
591 return 0;
592}
593
594static inline int snd_ctl_remove_locked(struct snd_card *card,
595 struct snd_kcontrol *kcontrol)
596{
597 return __snd_ctl_remove(card, kcontrol, true);
598}
599
600/**
601 * snd_ctl_remove - remove the control from the card and release it
602 * @card: the card instance
603 * @kcontrol: the control instance to remove
604 *
605 * Removes the control from the card and then releases the instance.
606 * You don't need to call snd_ctl_free_one().
607 *
608 * Return: 0 if successful, or a negative error code on failure.
609 *
610 * Note that this function takes card->controls_rwsem lock internally.
611 */
612int snd_ctl_remove(struct snd_card *card, struct snd_kcontrol *kcontrol)
613{
614 guard(rwsem_write)(&card->controls_rwsem);
615 return snd_ctl_remove_locked(card, kcontrol);
616}
617EXPORT_SYMBOL(snd_ctl_remove);
618
619/**
620 * snd_ctl_remove_id - remove the control of the given id and release it
621 * @card: the card instance
622 * @id: the control id to remove
623 *
624 * Finds the control instance with the given id, removes it from the
625 * card list and releases it.
626 *
627 * Return: 0 if successful, or a negative error code on failure.
628 */
629int snd_ctl_remove_id(struct snd_card *card, struct snd_ctl_elem_id *id)
630{
631 struct snd_kcontrol *kctl;
632
633 guard(rwsem_write)(&card->controls_rwsem);
634 kctl = snd_ctl_find_id_locked(card, id);
635 if (kctl == NULL)
636 return -ENOENT;
637 return snd_ctl_remove_locked(card, kctl);
638}
639EXPORT_SYMBOL(snd_ctl_remove_id);
640
641/**
642 * snd_ctl_remove_user_ctl - remove and release the unlocked user control
643 * @file: active control handle
644 * @id: the control id to remove
645 *
646 * Finds the control instance with the given id, removes it from the
647 * card list and releases it.
648 *
649 * Return: 0 if successful, or a negative error code on failure.
650 */
651static int snd_ctl_remove_user_ctl(struct snd_ctl_file * file,
652 struct snd_ctl_elem_id *id)
653{
654 struct snd_card *card = file->card;
655 struct snd_kcontrol *kctl;
656 int idx;
657
658 guard(rwsem_write)(&card->controls_rwsem);
659 kctl = snd_ctl_find_id_locked(card, id);
660 if (kctl == NULL)
661 return -ENOENT;
662 if (!(kctl->vd[0].access & SNDRV_CTL_ELEM_ACCESS_USER))
663 return -EINVAL;
664 for (idx = 0; idx < kctl->count; idx++)
665 if (kctl->vd[idx].owner != NULL && kctl->vd[idx].owner != file)
666 return -EBUSY;
667 return snd_ctl_remove_locked(card, kctl);
668}
669
670/**
671 * snd_ctl_activate_id - activate/inactivate the control of the given id
672 * @card: the card instance
673 * @id: the control id to activate/inactivate
674 * @active: non-zero to activate
675 *
676 * Finds the control instance with the given id, and activate or
677 * inactivate the control together with notification, if changed.
678 * The given ID data is filled with full information.
679 *
680 * Return: 0 if unchanged, 1 if changed, or a negative error code on failure.
681 */
682int snd_ctl_activate_id(struct snd_card *card, struct snd_ctl_elem_id *id,
683 int active)
684{
685 struct snd_kcontrol *kctl;
686 struct snd_kcontrol_volatile *vd;
687 unsigned int index_offset;
688 int ret;
689
690 down_write(&card->controls_rwsem);
691 kctl = snd_ctl_find_id_locked(card, id);
692 if (kctl == NULL) {
693 ret = -ENOENT;
694 goto unlock;
695 }
696 index_offset = snd_ctl_get_ioff(kctl, id);
697 vd = &kctl->vd[index_offset];
698 ret = 0;
699 if (active) {
700 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE))
701 goto unlock;
702 vd->access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE;
703 } else {
704 if (vd->access & SNDRV_CTL_ELEM_ACCESS_INACTIVE)
705 goto unlock;
706 vd->access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE;
707 }
708 snd_ctl_build_ioff(id, kctl, index_offset);
709 downgrade_write(&card->controls_rwsem);
710 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_INFO, kctl, index_offset);
711 up_read(&card->controls_rwsem);
712 return 1;
713
714 unlock:
715 up_write(&card->controls_rwsem);
716 return ret;
717}
718EXPORT_SYMBOL_GPL(snd_ctl_activate_id);
719
720/**
721 * snd_ctl_rename_id - replace the id of a control on the card
722 * @card: the card instance
723 * @src_id: the old id
724 * @dst_id: the new id
725 *
726 * Finds the control with the old id from the card, and replaces the
727 * id with the new one.
728 *
729 * The function tries to keep the already assigned numid while replacing
730 * the rest.
731 *
732 * Note that this function should be used only in the card initialization
733 * phase. Calling after the card instantiation may cause issues with
734 * user-space expecting persistent numids.
735 *
736 * Return: Zero if successful, or a negative error code on failure.
737 */
738int snd_ctl_rename_id(struct snd_card *card, struct snd_ctl_elem_id *src_id,
739 struct snd_ctl_elem_id *dst_id)
740{
741 struct snd_kcontrol *kctl;
742 int saved_numid;
743
744 guard(rwsem_write)(&card->controls_rwsem);
745 kctl = snd_ctl_find_id_locked(card, src_id);
746 if (kctl == NULL)
747 return -ENOENT;
748 saved_numid = kctl->id.numid;
749 remove_hash_entries(card, kctl);
750 kctl->id = *dst_id;
751 kctl->id.numid = saved_numid;
752 add_hash_entries(card, kctl);
753 return 0;
754}
755EXPORT_SYMBOL(snd_ctl_rename_id);
756
757/**
758 * snd_ctl_rename - rename the control on the card
759 * @card: the card instance
760 * @kctl: the control to rename
761 * @name: the new name
762 *
763 * Renames the specified control on the card to the new name.
764 *
765 * Note that this function takes card->controls_rwsem lock internally.
766 */
767void snd_ctl_rename(struct snd_card *card, struct snd_kcontrol *kctl,
768 const char *name)
769{
770 guard(rwsem_write)(&card->controls_rwsem);
771 remove_hash_entries(card, kctl);
772
773 if (strscpy(kctl->id.name, name, sizeof(kctl->id.name)) < 0)
774 pr_warn("ALSA: Renamed control new name '%s' truncated to '%s'\n",
775 name, kctl->id.name);
776
777 add_hash_entries(card, kctl);
778}
779EXPORT_SYMBOL(snd_ctl_rename);
780
781#ifndef CONFIG_SND_CTL_FAST_LOOKUP
782static struct snd_kcontrol *
783snd_ctl_find_numid_slow(struct snd_card *card, unsigned int numid)
784{
785 struct snd_kcontrol *kctl;
786
787 list_for_each_entry(kctl, &card->controls, list) {
788 if (kctl->id.numid <= numid && kctl->id.numid + kctl->count > numid)
789 return kctl;
790 }
791 return NULL;
792}
793#endif /* !CONFIG_SND_CTL_FAST_LOOKUP */
794
795/**
796 * snd_ctl_find_numid_locked - find the control instance with the given number-id
797 * @card: the card instance
798 * @numid: the number-id to search
799 *
800 * Finds the control instance with the given number-id from the card.
801 *
802 * The caller must down card->controls_rwsem before calling this function
803 * (if the race condition can happen).
804 *
805 * Return: The pointer of the instance if found, or %NULL if not.
806 */
807struct snd_kcontrol *
808snd_ctl_find_numid_locked(struct snd_card *card, unsigned int numid)
809{
810 if (snd_BUG_ON(!card || !numid))
811 return NULL;
812 lockdep_assert_held(&card->controls_rwsem);
813#ifdef CONFIG_SND_CTL_FAST_LOOKUP
814 return xa_load(&card->ctl_numids, numid);
815#else
816 return snd_ctl_find_numid_slow(card, numid);
817#endif
818}
819EXPORT_SYMBOL(snd_ctl_find_numid_locked);
820
821/**
822 * snd_ctl_find_numid - find the control instance with the given number-id
823 * @card: the card instance
824 * @numid: the number-id to search
825 *
826 * Finds the control instance with the given number-id from the card.
827 *
828 * Return: The pointer of the instance if found, or %NULL if not.
829 *
830 * Note that this function takes card->controls_rwsem lock internally.
831 */
832struct snd_kcontrol *snd_ctl_find_numid(struct snd_card *card,
833 unsigned int numid)
834{
835 guard(rwsem_read)(&card->controls_rwsem);
836 return snd_ctl_find_numid_locked(card, numid);
837}
838EXPORT_SYMBOL(snd_ctl_find_numid);
839
840/**
841 * snd_ctl_find_id_locked - find the control instance with the given id
842 * @card: the card instance
843 * @id: the id to search
844 *
845 * Finds the control instance with the given id from the card.
846 *
847 * The caller must down card->controls_rwsem before calling this function
848 * (if the race condition can happen).
849 *
850 * Return: The pointer of the instance if found, or %NULL if not.
851 */
852struct snd_kcontrol *snd_ctl_find_id_locked(struct snd_card *card,
853 const struct snd_ctl_elem_id *id)
854{
855 struct snd_kcontrol *kctl;
856
857 if (snd_BUG_ON(!card || !id))
858 return NULL;
859 lockdep_assert_held(&card->controls_rwsem);
860 if (id->numid != 0)
861 return snd_ctl_find_numid_locked(card, id->numid);
862#ifdef CONFIG_SND_CTL_FAST_LOOKUP
863 kctl = xa_load(&card->ctl_hash, get_ctl_id_hash(id));
864 if (kctl && elem_id_matches(kctl, id))
865 return kctl;
866 if (!card->ctl_hash_collision)
867 return NULL; /* we can rely on only hash table */
868#endif
869 /* no matching in hash table - try all as the last resort */
870 list_for_each_entry(kctl, &card->controls, list)
871 if (elem_id_matches(kctl, id))
872 return kctl;
873
874 return NULL;
875}
876EXPORT_SYMBOL(snd_ctl_find_id_locked);
877
878/**
879 * snd_ctl_find_id - find the control instance with the given id
880 * @card: the card instance
881 * @id: the id to search
882 *
883 * Finds the control instance with the given id from the card.
884 *
885 * Return: The pointer of the instance if found, or %NULL if not.
886 *
887 * Note that this function takes card->controls_rwsem lock internally.
888 */
889struct snd_kcontrol *snd_ctl_find_id(struct snd_card *card,
890 const struct snd_ctl_elem_id *id)
891{
892 guard(rwsem_read)(&card->controls_rwsem);
893 return snd_ctl_find_id_locked(card, id);
894}
895EXPORT_SYMBOL(snd_ctl_find_id);
896
897static int snd_ctl_card_info(struct snd_card *card, struct snd_ctl_file * ctl,
898 unsigned int cmd, void __user *arg)
899{
900 struct snd_ctl_card_info *info __free(kfree) = NULL;
901
902 info = kzalloc(sizeof(*info), GFP_KERNEL);
903 if (! info)
904 return -ENOMEM;
905 scoped_guard(rwsem_read, &snd_ioctl_rwsem) {
906 info->card = card->number;
907 strscpy(info->id, card->id, sizeof(info->id));
908 strscpy(info->driver, card->driver, sizeof(info->driver));
909 strscpy(info->name, card->shortname, sizeof(info->name));
910 strscpy(info->longname, card->longname, sizeof(info->longname));
911 strscpy(info->mixername, card->mixername, sizeof(info->mixername));
912 strscpy(info->components, card->components, sizeof(info->components));
913 }
914 if (copy_to_user(arg, info, sizeof(struct snd_ctl_card_info)))
915 return -EFAULT;
916 return 0;
917}
918
919static int snd_ctl_elem_list(struct snd_card *card,
920 struct snd_ctl_elem_list *list)
921{
922 struct snd_kcontrol *kctl;
923 struct snd_ctl_elem_id id;
924 unsigned int offset, space, jidx;
925
926 offset = list->offset;
927 space = list->space;
928
929 guard(rwsem_read)(&card->controls_rwsem);
930 list->count = card->controls_count;
931 list->used = 0;
932 if (!space)
933 return 0;
934 list_for_each_entry(kctl, &card->controls, list) {
935 if (offset >= kctl->count) {
936 offset -= kctl->count;
937 continue;
938 }
939 for (jidx = offset; jidx < kctl->count; jidx++) {
940 snd_ctl_build_ioff(&id, kctl, jidx);
941 if (copy_to_user(list->pids + list->used, &id, sizeof(id)))
942 return -EFAULT;
943 list->used++;
944 if (!--space)
945 return 0;
946 }
947 offset = 0;
948 }
949 return 0;
950}
951
952static int snd_ctl_elem_list_user(struct snd_card *card,
953 struct snd_ctl_elem_list __user *_list)
954{
955 struct snd_ctl_elem_list list;
956 int err;
957
958 if (copy_from_user(&list, _list, sizeof(list)))
959 return -EFAULT;
960 err = snd_ctl_elem_list(card, &list);
961 if (err)
962 return err;
963 if (copy_to_user(_list, &list, sizeof(list)))
964 return -EFAULT;
965
966 return 0;
967}
968
969/* Check whether the given kctl info is valid */
970static int snd_ctl_check_elem_info(struct snd_card *card,
971 const struct snd_ctl_elem_info *info)
972{
973 static const unsigned int max_value_counts[] = {
974 [SNDRV_CTL_ELEM_TYPE_BOOLEAN] = 128,
975 [SNDRV_CTL_ELEM_TYPE_INTEGER] = 128,
976 [SNDRV_CTL_ELEM_TYPE_ENUMERATED] = 128,
977 [SNDRV_CTL_ELEM_TYPE_BYTES] = 512,
978 [SNDRV_CTL_ELEM_TYPE_IEC958] = 1,
979 [SNDRV_CTL_ELEM_TYPE_INTEGER64] = 64,
980 };
981
982 if (info->type < SNDRV_CTL_ELEM_TYPE_BOOLEAN ||
983 info->type > SNDRV_CTL_ELEM_TYPE_INTEGER64) {
984 if (card)
985 dev_err(card->dev,
986 "control %i:%i:%i:%s:%i: invalid type %d\n",
987 info->id.iface, info->id.device,
988 info->id.subdevice, info->id.name,
989 info->id.index, info->type);
990 return -EINVAL;
991 }
992 if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED &&
993 info->value.enumerated.items == 0) {
994 if (card)
995 dev_err(card->dev,
996 "control %i:%i:%i:%s:%i: zero enum items\n",
997 info->id.iface, info->id.device,
998 info->id.subdevice, info->id.name,
999 info->id.index);
1000 return -EINVAL;
1001 }
1002 if (info->count > max_value_counts[info->type]) {
1003 if (card)
1004 dev_err(card->dev,
1005 "control %i:%i:%i:%s:%i: invalid count %d\n",
1006 info->id.iface, info->id.device,
1007 info->id.subdevice, info->id.name,
1008 info->id.index, info->count);
1009 return -EINVAL;
1010 }
1011
1012 return 0;
1013}
1014
1015/* The capacity of struct snd_ctl_elem_value.value.*/
1016static const unsigned int value_sizes[] = {
1017 [SNDRV_CTL_ELEM_TYPE_BOOLEAN] = sizeof(long),
1018 [SNDRV_CTL_ELEM_TYPE_INTEGER] = sizeof(long),
1019 [SNDRV_CTL_ELEM_TYPE_ENUMERATED] = sizeof(unsigned int),
1020 [SNDRV_CTL_ELEM_TYPE_BYTES] = sizeof(unsigned char),
1021 [SNDRV_CTL_ELEM_TYPE_IEC958] = sizeof(struct snd_aes_iec958),
1022 [SNDRV_CTL_ELEM_TYPE_INTEGER64] = sizeof(long long),
1023};
1024
1025/* fill the remaining snd_ctl_elem_value data with the given pattern */
1026static void fill_remaining_elem_value(struct snd_ctl_elem_value *control,
1027 struct snd_ctl_elem_info *info,
1028 u32 pattern)
1029{
1030 size_t offset = value_sizes[info->type] * info->count;
1031
1032 offset = DIV_ROUND_UP(offset, sizeof(u32));
1033 memset32((u32 *)control->value.bytes.data + offset, pattern,
1034 sizeof(control->value) / sizeof(u32) - offset);
1035}
1036
1037/* check whether the given integer ctl value is valid */
1038static int sanity_check_int_value(struct snd_card *card,
1039 const struct snd_ctl_elem_value *control,
1040 const struct snd_ctl_elem_info *info,
1041 int i, bool print_error)
1042{
1043 long long lval, lmin, lmax, lstep;
1044 u64 rem;
1045
1046 switch (info->type) {
1047 default:
1048 case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
1049 lval = control->value.integer.value[i];
1050 lmin = 0;
1051 lmax = 1;
1052 lstep = 0;
1053 break;
1054 case SNDRV_CTL_ELEM_TYPE_INTEGER:
1055 lval = control->value.integer.value[i];
1056 lmin = info->value.integer.min;
1057 lmax = info->value.integer.max;
1058 lstep = info->value.integer.step;
1059 break;
1060 case SNDRV_CTL_ELEM_TYPE_INTEGER64:
1061 lval = control->value.integer64.value[i];
1062 lmin = info->value.integer64.min;
1063 lmax = info->value.integer64.max;
1064 lstep = info->value.integer64.step;
1065 break;
1066 case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
1067 lval = control->value.enumerated.item[i];
1068 lmin = 0;
1069 lmax = info->value.enumerated.items - 1;
1070 lstep = 0;
1071 break;
1072 }
1073
1074 if (lval < lmin || lval > lmax) {
1075 if (print_error)
1076 dev_err(card->dev,
1077 "control %i:%i:%i:%s:%i: value out of range %lld (%lld/%lld) at count %i\n",
1078 control->id.iface, control->id.device,
1079 control->id.subdevice, control->id.name,
1080 control->id.index, lval, lmin, lmax, i);
1081 return -EINVAL;
1082 }
1083 if (lstep) {
1084 div64_u64_rem(lval, lstep, &rem);
1085 if (rem) {
1086 if (print_error)
1087 dev_err(card->dev,
1088 "control %i:%i:%i:%s:%i: unaligned value %lld (step %lld) at count %i\n",
1089 control->id.iface, control->id.device,
1090 control->id.subdevice, control->id.name,
1091 control->id.index, lval, lstep, i);
1092 return -EINVAL;
1093 }
1094 }
1095
1096 return 0;
1097}
1098
1099/* check whether the all input values are valid for the given elem value */
1100static int sanity_check_input_values(struct snd_card *card,
1101 const struct snd_ctl_elem_value *control,
1102 const struct snd_ctl_elem_info *info,
1103 bool print_error)
1104{
1105 int i, ret;
1106
1107 switch (info->type) {
1108 case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
1109 case SNDRV_CTL_ELEM_TYPE_INTEGER:
1110 case SNDRV_CTL_ELEM_TYPE_INTEGER64:
1111 case SNDRV_CTL_ELEM_TYPE_ENUMERATED:
1112 for (i = 0; i < info->count; i++) {
1113 ret = sanity_check_int_value(card, control, info, i,
1114 print_error);
1115 if (ret < 0)
1116 return ret;
1117 }
1118 break;
1119 default:
1120 break;
1121 }
1122
1123 return 0;
1124}
1125
1126/* perform sanity checks to the given snd_ctl_elem_value object */
1127static int sanity_check_elem_value(struct snd_card *card,
1128 const struct snd_ctl_elem_value *control,
1129 const struct snd_ctl_elem_info *info,
1130 u32 pattern)
1131{
1132 size_t offset;
1133 int ret;
1134 u32 *p;
1135
1136 ret = sanity_check_input_values(card, control, info, true);
1137 if (ret < 0)
1138 return ret;
1139
1140 /* check whether the remaining area kept untouched */
1141 offset = value_sizes[info->type] * info->count;
1142 offset = DIV_ROUND_UP(offset, sizeof(u32));
1143 p = (u32 *)control->value.bytes.data + offset;
1144 for (; offset < sizeof(control->value) / sizeof(u32); offset++, p++) {
1145 if (*p != pattern) {
1146 ret = -EINVAL;
1147 break;
1148 }
1149 *p = 0; /* clear the checked area */
1150 }
1151
1152 return ret;
1153}
1154
1155static int __snd_ctl_elem_info(struct snd_card *card,
1156 struct snd_kcontrol *kctl,
1157 struct snd_ctl_elem_info *info,
1158 struct snd_ctl_file *ctl)
1159{
1160 struct snd_kcontrol_volatile *vd;
1161 unsigned int index_offset;
1162 int result;
1163
1164#ifdef CONFIG_SND_DEBUG
1165 info->access = 0;
1166#endif
1167 result = snd_power_ref_and_wait(card);
1168 if (!result)
1169 result = kctl->info(kctl, info);
1170 snd_power_unref(card);
1171 if (result >= 0) {
1172 snd_BUG_ON(info->access);
1173 index_offset = snd_ctl_get_ioff(kctl, &info->id);
1174 vd = &kctl->vd[index_offset];
1175 snd_ctl_build_ioff(&info->id, kctl, index_offset);
1176 info->access = vd->access;
1177 if (vd->owner) {
1178 info->access |= SNDRV_CTL_ELEM_ACCESS_LOCK;
1179 if (vd->owner == ctl)
1180 info->access |= SNDRV_CTL_ELEM_ACCESS_OWNER;
1181 info->owner = pid_vnr(vd->owner->pid);
1182 } else {
1183 info->owner = -1;
1184 }
1185 if (!snd_ctl_skip_validation(info) &&
1186 snd_ctl_check_elem_info(card, info) < 0)
1187 result = -EINVAL;
1188 }
1189 return result;
1190}
1191
1192static int snd_ctl_elem_info(struct snd_ctl_file *ctl,
1193 struct snd_ctl_elem_info *info)
1194{
1195 struct snd_card *card = ctl->card;
1196 struct snd_kcontrol *kctl;
1197
1198 guard(rwsem_read)(&card->controls_rwsem);
1199 kctl = snd_ctl_find_id_locked(card, &info->id);
1200 if (!kctl)
1201 return -ENOENT;
1202 return __snd_ctl_elem_info(card, kctl, info, ctl);
1203}
1204
1205static int snd_ctl_elem_info_user(struct snd_ctl_file *ctl,
1206 struct snd_ctl_elem_info __user *_info)
1207{
1208 struct snd_ctl_elem_info info;
1209 int result;
1210
1211 if (copy_from_user(&info, _info, sizeof(info)))
1212 return -EFAULT;
1213 result = snd_ctl_elem_info(ctl, &info);
1214 if (result < 0)
1215 return result;
1216 /* drop internal access flags */
1217 info.access &= ~(SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK|
1218 SNDRV_CTL_ELEM_ACCESS_LED_MASK);
1219 if (copy_to_user(_info, &info, sizeof(info)))
1220 return -EFAULT;
1221 return result;
1222}
1223
1224static int snd_ctl_elem_read(struct snd_card *card,
1225 struct snd_ctl_elem_value *control)
1226{
1227 struct snd_kcontrol *kctl;
1228 struct snd_kcontrol_volatile *vd;
1229 unsigned int index_offset;
1230 struct snd_ctl_elem_info info;
1231 const u32 pattern = 0xdeadbeef;
1232 int ret;
1233
1234 guard(rwsem_read)(&card->controls_rwsem);
1235 kctl = snd_ctl_find_id_locked(card, &control->id);
1236 if (!kctl)
1237 return -ENOENT;
1238
1239 index_offset = snd_ctl_get_ioff(kctl, &control->id);
1240 vd = &kctl->vd[index_offset];
1241 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_READ) || !kctl->get)
1242 return -EPERM;
1243
1244 snd_ctl_build_ioff(&control->id, kctl, index_offset);
1245
1246#ifdef CONFIG_SND_CTL_DEBUG
1247 /* info is needed only for validation */
1248 memset(&info, 0, sizeof(info));
1249 info.id = control->id;
1250 ret = __snd_ctl_elem_info(card, kctl, &info, NULL);
1251 if (ret < 0)
1252 return ret;
1253#endif
1254
1255 if (!snd_ctl_skip_validation(&info))
1256 fill_remaining_elem_value(control, &info, pattern);
1257 ret = snd_power_ref_and_wait(card);
1258 if (!ret)
1259 ret = kctl->get(kctl, control);
1260 snd_power_unref(card);
1261 if (ret < 0)
1262 return ret;
1263 if (!snd_ctl_skip_validation(&info) &&
1264 sanity_check_elem_value(card, control, &info, pattern) < 0) {
1265 dev_err(card->dev,
1266 "control %i:%i:%i:%s:%i: access overflow\n",
1267 control->id.iface, control->id.device,
1268 control->id.subdevice, control->id.name,
1269 control->id.index);
1270 return -EINVAL;
1271 }
1272 return 0;
1273}
1274
1275static int snd_ctl_elem_read_user(struct snd_card *card,
1276 struct snd_ctl_elem_value __user *_control)
1277{
1278 struct snd_ctl_elem_value *control __free(kfree) = NULL;
1279 int result;
1280
1281 control = memdup_user(_control, sizeof(*control));
1282 if (IS_ERR(control))
1283 return PTR_ERR(no_free_ptr(control));
1284
1285 result = snd_ctl_elem_read(card, control);
1286 if (result < 0)
1287 return result;
1288
1289 if (copy_to_user(_control, control, sizeof(*control)))
1290 return -EFAULT;
1291 return result;
1292}
1293
1294static int snd_ctl_elem_write(struct snd_card *card, struct snd_ctl_file *file,
1295 struct snd_ctl_elem_value *control)
1296{
1297 struct snd_kcontrol *kctl;
1298 struct snd_kcontrol_volatile *vd;
1299 unsigned int index_offset;
1300 int result;
1301
1302 down_write(&card->controls_rwsem);
1303 kctl = snd_ctl_find_id_locked(card, &control->id);
1304 if (kctl == NULL) {
1305 up_write(&card->controls_rwsem);
1306 return -ENOENT;
1307 }
1308
1309 index_offset = snd_ctl_get_ioff(kctl, &control->id);
1310 vd = &kctl->vd[index_offset];
1311 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_WRITE) || kctl->put == NULL ||
1312 (file && vd->owner && vd->owner != file)) {
1313 up_write(&card->controls_rwsem);
1314 return -EPERM;
1315 }
1316
1317 snd_ctl_build_ioff(&control->id, kctl, index_offset);
1318 result = snd_power_ref_and_wait(card);
1319 /* validate input values */
1320 if (IS_ENABLED(CONFIG_SND_CTL_INPUT_VALIDATION) && !result) {
1321 struct snd_ctl_elem_info info;
1322
1323 memset(&info, 0, sizeof(info));
1324 info.id = control->id;
1325 result = __snd_ctl_elem_info(card, kctl, &info, NULL);
1326 if (!result)
1327 result = sanity_check_input_values(card, control, &info,
1328 false);
1329 }
1330 if (!result)
1331 result = kctl->put(kctl, control);
1332 snd_power_unref(card);
1333 if (result < 0) {
1334 up_write(&card->controls_rwsem);
1335 return result;
1336 }
1337
1338 if (result > 0) {
1339 downgrade_write(&card->controls_rwsem);
1340 snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_VALUE, kctl, index_offset);
1341 up_read(&card->controls_rwsem);
1342 } else {
1343 up_write(&card->controls_rwsem);
1344 }
1345
1346 return 0;
1347}
1348
1349static int snd_ctl_elem_write_user(struct snd_ctl_file *file,
1350 struct snd_ctl_elem_value __user *_control)
1351{
1352 struct snd_ctl_elem_value *control __free(kfree) = NULL;
1353 struct snd_card *card;
1354 int result;
1355
1356 control = memdup_user(_control, sizeof(*control));
1357 if (IS_ERR(control))
1358 return PTR_ERR(no_free_ptr(control));
1359
1360 card = file->card;
1361 result = snd_ctl_elem_write(card, file, control);
1362 if (result < 0)
1363 return result;
1364
1365 if (copy_to_user(_control, control, sizeof(*control)))
1366 return -EFAULT;
1367 return result;
1368}
1369
1370static int snd_ctl_elem_lock(struct snd_ctl_file *file,
1371 struct snd_ctl_elem_id __user *_id)
1372{
1373 struct snd_card *card = file->card;
1374 struct snd_ctl_elem_id id;
1375 struct snd_kcontrol *kctl;
1376 struct snd_kcontrol_volatile *vd;
1377
1378 if (copy_from_user(&id, _id, sizeof(id)))
1379 return -EFAULT;
1380 guard(rwsem_write)(&card->controls_rwsem);
1381 kctl = snd_ctl_find_id_locked(card, &id);
1382 if (!kctl)
1383 return -ENOENT;
1384 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)];
1385 if (vd->owner)
1386 return -EBUSY;
1387 vd->owner = file;
1388 return 0;
1389}
1390
1391static int snd_ctl_elem_unlock(struct snd_ctl_file *file,
1392 struct snd_ctl_elem_id __user *_id)
1393{
1394 struct snd_card *card = file->card;
1395 struct snd_ctl_elem_id id;
1396 struct snd_kcontrol *kctl;
1397 struct snd_kcontrol_volatile *vd;
1398
1399 if (copy_from_user(&id, _id, sizeof(id)))
1400 return -EFAULT;
1401 guard(rwsem_write)(&card->controls_rwsem);
1402 kctl = snd_ctl_find_id_locked(card, &id);
1403 if (!kctl)
1404 return -ENOENT;
1405 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)];
1406 if (!vd->owner)
1407 return -EINVAL;
1408 if (vd->owner != file)
1409 return -EPERM;
1410 vd->owner = NULL;
1411 return 0;
1412}
1413
1414struct user_element {
1415 struct snd_ctl_elem_info info;
1416 struct snd_card *card;
1417 char *elem_data; /* element data */
1418 unsigned long elem_data_size; /* size of element data in bytes */
1419 void *tlv_data; /* TLV data */
1420 unsigned long tlv_data_size; /* TLV data size */
1421 void *priv_data; /* private data (like strings for enumerated type) */
1422};
1423
1424// check whether the addition (in bytes) of user ctl element may overflow the limit.
1425static bool check_user_elem_overflow(struct snd_card *card, ssize_t add)
1426{
1427 return (ssize_t)card->user_ctl_alloc_size + add > max_user_ctl_alloc_size;
1428}
1429
1430static int snd_ctl_elem_user_info(struct snd_kcontrol *kcontrol,
1431 struct snd_ctl_elem_info *uinfo)
1432{
1433 struct user_element *ue = kcontrol->private_data;
1434 unsigned int offset;
1435
1436 offset = snd_ctl_get_ioff(kcontrol, &uinfo->id);
1437 *uinfo = ue->info;
1438 snd_ctl_build_ioff(&uinfo->id, kcontrol, offset);
1439
1440 return 0;
1441}
1442
1443static int snd_ctl_elem_user_enum_info(struct snd_kcontrol *kcontrol,
1444 struct snd_ctl_elem_info *uinfo)
1445{
1446 struct user_element *ue = kcontrol->private_data;
1447 const char *names;
1448 unsigned int item;
1449 unsigned int offset;
1450
1451 item = uinfo->value.enumerated.item;
1452
1453 offset = snd_ctl_get_ioff(kcontrol, &uinfo->id);
1454 *uinfo = ue->info;
1455 snd_ctl_build_ioff(&uinfo->id, kcontrol, offset);
1456
1457 item = min(item, uinfo->value.enumerated.items - 1);
1458 uinfo->value.enumerated.item = item;
1459
1460 names = ue->priv_data;
1461 for (; item > 0; --item)
1462 names += strlen(names) + 1;
1463 strcpy(uinfo->value.enumerated.name, names);
1464
1465 return 0;
1466}
1467
1468static int snd_ctl_elem_user_get(struct snd_kcontrol *kcontrol,
1469 struct snd_ctl_elem_value *ucontrol)
1470{
1471 struct user_element *ue = kcontrol->private_data;
1472 unsigned int size = ue->elem_data_size;
1473 char *src = ue->elem_data +
1474 snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size;
1475
1476 memcpy(&ucontrol->value, src, size);
1477 return 0;
1478}
1479
1480static int snd_ctl_elem_user_put(struct snd_kcontrol *kcontrol,
1481 struct snd_ctl_elem_value *ucontrol)
1482{
1483 int change;
1484 struct user_element *ue = kcontrol->private_data;
1485 unsigned int size = ue->elem_data_size;
1486 char *dst = ue->elem_data +
1487 snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size;
1488
1489 change = memcmp(&ucontrol->value, dst, size) != 0;
1490 if (change)
1491 memcpy(dst, &ucontrol->value, size);
1492 return change;
1493}
1494
1495/* called in controls_rwsem write lock */
1496static int replace_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf,
1497 unsigned int size)
1498{
1499 struct user_element *ue = kctl->private_data;
1500 unsigned int *container;
1501 unsigned int mask = 0;
1502 int i;
1503 int change;
1504
1505 lockdep_assert_held_write(&ue->card->controls_rwsem);
1506
1507 if (size > 1024 * 128) /* sane value */
1508 return -EINVAL;
1509
1510 // does the TLV size change cause overflow?
1511 if (check_user_elem_overflow(ue->card, (ssize_t)(size - ue->tlv_data_size)))
1512 return -ENOMEM;
1513
1514 container = vmemdup_user(buf, size);
1515 if (IS_ERR(container))
1516 return PTR_ERR(container);
1517
1518 change = ue->tlv_data_size != size;
1519 if (!change)
1520 change = memcmp(ue->tlv_data, container, size) != 0;
1521 if (!change) {
1522 kvfree(container);
1523 return 0;
1524 }
1525
1526 if (ue->tlv_data == NULL) {
1527 /* Now TLV data is available. */
1528 for (i = 0; i < kctl->count; ++i)
1529 kctl->vd[i].access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ;
1530 mask = SNDRV_CTL_EVENT_MASK_INFO;
1531 } else {
1532 ue->card->user_ctl_alloc_size -= ue->tlv_data_size;
1533 ue->tlv_data_size = 0;
1534 kvfree(ue->tlv_data);
1535 }
1536
1537 ue->tlv_data = container;
1538 ue->tlv_data_size = size;
1539 // decremented at private_free.
1540 ue->card->user_ctl_alloc_size += size;
1541
1542 mask |= SNDRV_CTL_EVENT_MASK_TLV;
1543 for (i = 0; i < kctl->count; ++i)
1544 snd_ctl_notify_one(ue->card, mask, kctl, i);
1545
1546 return change;
1547}
1548
1549static int read_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf,
1550 unsigned int size)
1551{
1552 struct user_element *ue = kctl->private_data;
1553
1554 if (ue->tlv_data_size == 0 || ue->tlv_data == NULL)
1555 return -ENXIO;
1556
1557 if (size < ue->tlv_data_size)
1558 return -ENOSPC;
1559
1560 if (copy_to_user(buf, ue->tlv_data, ue->tlv_data_size))
1561 return -EFAULT;
1562
1563 return 0;
1564}
1565
1566static int snd_ctl_elem_user_tlv(struct snd_kcontrol *kctl, int op_flag,
1567 unsigned int size, unsigned int __user *buf)
1568{
1569 if (op_flag == SNDRV_CTL_TLV_OP_WRITE)
1570 return replace_user_tlv(kctl, buf, size);
1571 else
1572 return read_user_tlv(kctl, buf, size);
1573}
1574
1575/* called in controls_rwsem write lock */
1576static int snd_ctl_elem_init_enum_names(struct user_element *ue)
1577{
1578 char *names, *p;
1579 size_t buf_len, name_len;
1580 unsigned int i;
1581 const uintptr_t user_ptrval = ue->info.value.enumerated.names_ptr;
1582
1583 lockdep_assert_held_write(&ue->card->controls_rwsem);
1584
1585 buf_len = ue->info.value.enumerated.names_length;
1586 if (buf_len > 64 * 1024)
1587 return -EINVAL;
1588
1589 if (check_user_elem_overflow(ue->card, buf_len))
1590 return -ENOMEM;
1591 names = vmemdup_user((const void __user *)user_ptrval, buf_len);
1592 if (IS_ERR(names))
1593 return PTR_ERR(names);
1594
1595 /* check that there are enough valid names */
1596 p = names;
1597 for (i = 0; i < ue->info.value.enumerated.items; ++i) {
1598 name_len = strnlen(p, buf_len);
1599 if (name_len == 0 || name_len >= 64 || name_len == buf_len) {
1600 kvfree(names);
1601 return -EINVAL;
1602 }
1603 p += name_len + 1;
1604 buf_len -= name_len + 1;
1605 }
1606
1607 ue->priv_data = names;
1608 ue->info.value.enumerated.names_ptr = 0;
1609 // increment the allocation size; decremented again at private_free.
1610 ue->card->user_ctl_alloc_size += ue->info.value.enumerated.names_length;
1611
1612 return 0;
1613}
1614
1615static size_t compute_user_elem_size(size_t size, unsigned int count)
1616{
1617 return sizeof(struct user_element) + size * count;
1618}
1619
1620static void snd_ctl_elem_user_free(struct snd_kcontrol *kcontrol)
1621{
1622 struct user_element *ue = kcontrol->private_data;
1623
1624 // decrement the allocation size.
1625 ue->card->user_ctl_alloc_size -= compute_user_elem_size(ue->elem_data_size, kcontrol->count);
1626 ue->card->user_ctl_alloc_size -= ue->tlv_data_size;
1627 if (ue->priv_data)
1628 ue->card->user_ctl_alloc_size -= ue->info.value.enumerated.names_length;
1629
1630 kvfree(ue->tlv_data);
1631 kvfree(ue->priv_data);
1632 kfree(ue);
1633}
1634
1635static int snd_ctl_elem_add(struct snd_ctl_file *file,
1636 struct snd_ctl_elem_info *info, int replace)
1637{
1638 struct snd_card *card = file->card;
1639 struct snd_kcontrol *kctl;
1640 unsigned int count;
1641 unsigned int access;
1642 long private_size;
1643 size_t alloc_size;
1644 struct user_element *ue;
1645 unsigned int offset;
1646 int err;
1647
1648 if (!*info->id.name)
1649 return -EINVAL;
1650 if (strnlen(info->id.name, sizeof(info->id.name)) >= sizeof(info->id.name))
1651 return -EINVAL;
1652
1653 /* Delete a control to replace them if needed. */
1654 if (replace) {
1655 info->id.numid = 0;
1656 err = snd_ctl_remove_user_ctl(file, &info->id);
1657 if (err)
1658 return err;
1659 }
1660
1661 /* Check the number of elements for this userspace control. */
1662 count = info->owner;
1663 if (count == 0)
1664 count = 1;
1665
1666 /* Arrange access permissions if needed. */
1667 access = info->access;
1668 if (access == 0)
1669 access = SNDRV_CTL_ELEM_ACCESS_READWRITE;
1670 access &= (SNDRV_CTL_ELEM_ACCESS_READWRITE |
1671 SNDRV_CTL_ELEM_ACCESS_INACTIVE |
1672 SNDRV_CTL_ELEM_ACCESS_TLV_WRITE);
1673
1674 /* In initial state, nothing is available as TLV container. */
1675 if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE)
1676 access |= SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK;
1677 access |= SNDRV_CTL_ELEM_ACCESS_USER;
1678
1679 /*
1680 * Check information and calculate the size of data specific to
1681 * this userspace control.
1682 */
1683 /* pass NULL to card for suppressing error messages */
1684 err = snd_ctl_check_elem_info(NULL, info);
1685 if (err < 0)
1686 return err;
1687 /* user-space control doesn't allow zero-size data */
1688 if (info->count < 1)
1689 return -EINVAL;
1690 private_size = value_sizes[info->type] * info->count;
1691 alloc_size = compute_user_elem_size(private_size, count);
1692
1693 guard(rwsem_write)(&card->controls_rwsem);
1694 if (check_user_elem_overflow(card, alloc_size))
1695 return -ENOMEM;
1696
1697 /*
1698 * Keep memory object for this userspace control. After passing this
1699 * code block, the instance should be freed by snd_ctl_free_one().
1700 *
1701 * Note that these elements in this control are locked.
1702 */
1703 err = snd_ctl_new(&kctl, count, access, file);
1704 if (err < 0)
1705 return err;
1706 memcpy(&kctl->id, &info->id, sizeof(kctl->id));
1707 ue = kzalloc(alloc_size, GFP_KERNEL);
1708 if (!ue) {
1709 kfree(kctl);
1710 return -ENOMEM;
1711 }
1712 kctl->private_data = ue;
1713 kctl->private_free = snd_ctl_elem_user_free;
1714
1715 // increment the allocated size; decremented again at private_free.
1716 card->user_ctl_alloc_size += alloc_size;
1717
1718 /* Set private data for this userspace control. */
1719 ue->card = card;
1720 ue->info = *info;
1721 ue->info.access = 0;
1722 ue->elem_data = (char *)ue + sizeof(*ue);
1723 ue->elem_data_size = private_size;
1724 if (ue->info.type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) {
1725 err = snd_ctl_elem_init_enum_names(ue);
1726 if (err < 0) {
1727 snd_ctl_free_one(kctl);
1728 return err;
1729 }
1730 }
1731
1732 /* Set callback functions. */
1733 if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED)
1734 kctl->info = snd_ctl_elem_user_enum_info;
1735 else
1736 kctl->info = snd_ctl_elem_user_info;
1737 if (access & SNDRV_CTL_ELEM_ACCESS_READ)
1738 kctl->get = snd_ctl_elem_user_get;
1739 if (access & SNDRV_CTL_ELEM_ACCESS_WRITE)
1740 kctl->put = snd_ctl_elem_user_put;
1741 if (access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE)
1742 kctl->tlv.c = snd_ctl_elem_user_tlv;
1743
1744 /* This function manage to free the instance on failure. */
1745 err = __snd_ctl_add_replace(card, kctl, CTL_ADD_EXCLUSIVE);
1746 if (err < 0) {
1747 snd_ctl_free_one(kctl);
1748 return err;
1749 }
1750 offset = snd_ctl_get_ioff(kctl, &info->id);
1751 snd_ctl_build_ioff(&info->id, kctl, offset);
1752 /*
1753 * Here we cannot fill any field for the number of elements added by
1754 * this operation because there're no specific fields. The usage of
1755 * 'owner' field for this purpose may cause any bugs to userspace
1756 * applications because the field originally means PID of a process
1757 * which locks the element.
1758 */
1759 return 0;
1760}
1761
1762static int snd_ctl_elem_add_user(struct snd_ctl_file *file,
1763 struct snd_ctl_elem_info __user *_info, int replace)
1764{
1765 struct snd_ctl_elem_info info;
1766 int err;
1767
1768 if (copy_from_user(&info, _info, sizeof(info)))
1769 return -EFAULT;
1770 err = snd_ctl_elem_add(file, &info, replace);
1771 if (err < 0)
1772 return err;
1773 if (copy_to_user(_info, &info, sizeof(info))) {
1774 snd_ctl_remove_user_ctl(file, &info.id);
1775 return -EFAULT;
1776 }
1777
1778 return 0;
1779}
1780
1781static int snd_ctl_elem_remove(struct snd_ctl_file *file,
1782 struct snd_ctl_elem_id __user *_id)
1783{
1784 struct snd_ctl_elem_id id;
1785
1786 if (copy_from_user(&id, _id, sizeof(id)))
1787 return -EFAULT;
1788 return snd_ctl_remove_user_ctl(file, &id);
1789}
1790
1791static int snd_ctl_subscribe_events(struct snd_ctl_file *file, int __user *ptr)
1792{
1793 int subscribe;
1794 if (get_user(subscribe, ptr))
1795 return -EFAULT;
1796 if (subscribe < 0) {
1797 subscribe = file->subscribed;
1798 if (put_user(subscribe, ptr))
1799 return -EFAULT;
1800 return 0;
1801 }
1802 if (subscribe) {
1803 file->subscribed = 1;
1804 return 0;
1805 } else if (file->subscribed) {
1806 snd_ctl_empty_read_queue(file);
1807 file->subscribed = 0;
1808 }
1809 return 0;
1810}
1811
1812static int call_tlv_handler(struct snd_ctl_file *file, int op_flag,
1813 struct snd_kcontrol *kctl,
1814 struct snd_ctl_elem_id *id,
1815 unsigned int __user *buf, unsigned int size)
1816{
1817 static const struct {
1818 int op;
1819 int perm;
1820 } pairs[] = {
1821 {SNDRV_CTL_TLV_OP_READ, SNDRV_CTL_ELEM_ACCESS_TLV_READ},
1822 {SNDRV_CTL_TLV_OP_WRITE, SNDRV_CTL_ELEM_ACCESS_TLV_WRITE},
1823 {SNDRV_CTL_TLV_OP_CMD, SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND},
1824 };
1825 struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)];
1826 int i, ret;
1827
1828 /* Check support of the request for this element. */
1829 for (i = 0; i < ARRAY_SIZE(pairs); ++i) {
1830 if (op_flag == pairs[i].op && (vd->access & pairs[i].perm))
1831 break;
1832 }
1833 if (i == ARRAY_SIZE(pairs))
1834 return -ENXIO;
1835
1836 if (kctl->tlv.c == NULL)
1837 return -ENXIO;
1838
1839 /* Write and command operations are not allowed for locked element. */
1840 if (op_flag != SNDRV_CTL_TLV_OP_READ &&
1841 vd->owner != NULL && vd->owner != file)
1842 return -EPERM;
1843
1844 ret = snd_power_ref_and_wait(file->card);
1845 if (!ret)
1846 ret = kctl->tlv.c(kctl, op_flag, size, buf);
1847 snd_power_unref(file->card);
1848 return ret;
1849}
1850
1851static int read_tlv_buf(struct snd_kcontrol *kctl, struct snd_ctl_elem_id *id,
1852 unsigned int __user *buf, unsigned int size)
1853{
1854 struct snd_kcontrol_volatile *vd = &kctl->vd[snd_ctl_get_ioff(kctl, id)];
1855 unsigned int len;
1856
1857 if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_READ))
1858 return -ENXIO;
1859
1860 if (kctl->tlv.p == NULL)
1861 return -ENXIO;
1862
1863 len = sizeof(unsigned int) * 2 + kctl->tlv.p[1];
1864 if (size < len)
1865 return -ENOMEM;
1866
1867 if (copy_to_user(buf, kctl->tlv.p, len))
1868 return -EFAULT;
1869
1870 return 0;
1871}
1872
1873static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file,
1874 struct snd_ctl_tlv __user *buf,
1875 int op_flag)
1876{
1877 struct snd_ctl_tlv header;
1878 unsigned int __user *container;
1879 unsigned int container_size;
1880 struct snd_kcontrol *kctl;
1881 struct snd_ctl_elem_id id;
1882 struct snd_kcontrol_volatile *vd;
1883
1884 lockdep_assert_held(&file->card->controls_rwsem);
1885
1886 if (copy_from_user(&header, buf, sizeof(header)))
1887 return -EFAULT;
1888
1889 /* In design of control core, numerical ID starts at 1. */
1890 if (header.numid == 0)
1891 return -EINVAL;
1892
1893 /* At least, container should include type and length fields. */
1894 if (header.length < sizeof(unsigned int) * 2)
1895 return -EINVAL;
1896 container_size = header.length;
1897 container = buf->tlv;
1898
1899 kctl = snd_ctl_find_numid_locked(file->card, header.numid);
1900 if (kctl == NULL)
1901 return -ENOENT;
1902
1903 /* Calculate index of the element in this set. */
1904 id = kctl->id;
1905 snd_ctl_build_ioff(&id, kctl, header.numid - id.numid);
1906 vd = &kctl->vd[snd_ctl_get_ioff(kctl, &id)];
1907
1908 if (vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK) {
1909 return call_tlv_handler(file, op_flag, kctl, &id, container,
1910 container_size);
1911 } else {
1912 if (op_flag == SNDRV_CTL_TLV_OP_READ) {
1913 return read_tlv_buf(kctl, &id, container,
1914 container_size);
1915 }
1916 }
1917
1918 /* Not supported. */
1919 return -ENXIO;
1920}
1921
1922static long snd_ctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1923{
1924 struct snd_ctl_file *ctl;
1925 struct snd_card *card;
1926 struct snd_kctl_ioctl *p;
1927 void __user *argp = (void __user *)arg;
1928 int __user *ip = argp;
1929 int err;
1930
1931 ctl = file->private_data;
1932 card = ctl->card;
1933 if (snd_BUG_ON(!card))
1934 return -ENXIO;
1935 switch (cmd) {
1936 case SNDRV_CTL_IOCTL_PVERSION:
1937 return put_user(SNDRV_CTL_VERSION, ip) ? -EFAULT : 0;
1938 case SNDRV_CTL_IOCTL_CARD_INFO:
1939 return snd_ctl_card_info(card, ctl, cmd, argp);
1940 case SNDRV_CTL_IOCTL_ELEM_LIST:
1941 return snd_ctl_elem_list_user(card, argp);
1942 case SNDRV_CTL_IOCTL_ELEM_INFO:
1943 return snd_ctl_elem_info_user(ctl, argp);
1944 case SNDRV_CTL_IOCTL_ELEM_READ:
1945 return snd_ctl_elem_read_user(card, argp);
1946 case SNDRV_CTL_IOCTL_ELEM_WRITE:
1947 return snd_ctl_elem_write_user(ctl, argp);
1948 case SNDRV_CTL_IOCTL_ELEM_LOCK:
1949 return snd_ctl_elem_lock(ctl, argp);
1950 case SNDRV_CTL_IOCTL_ELEM_UNLOCK:
1951 return snd_ctl_elem_unlock(ctl, argp);
1952 case SNDRV_CTL_IOCTL_ELEM_ADD:
1953 return snd_ctl_elem_add_user(ctl, argp, 0);
1954 case SNDRV_CTL_IOCTL_ELEM_REPLACE:
1955 return snd_ctl_elem_add_user(ctl, argp, 1);
1956 case SNDRV_CTL_IOCTL_ELEM_REMOVE:
1957 return snd_ctl_elem_remove(ctl, argp);
1958 case SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS:
1959 return snd_ctl_subscribe_events(ctl, ip);
1960 case SNDRV_CTL_IOCTL_TLV_READ:
1961 scoped_guard(rwsem_read, &ctl->card->controls_rwsem)
1962 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_READ);
1963 return err;
1964 case SNDRV_CTL_IOCTL_TLV_WRITE:
1965 scoped_guard(rwsem_write, &ctl->card->controls_rwsem)
1966 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_WRITE);
1967 return err;
1968 case SNDRV_CTL_IOCTL_TLV_COMMAND:
1969 scoped_guard(rwsem_write, &ctl->card->controls_rwsem)
1970 err = snd_ctl_tlv_ioctl(ctl, argp, SNDRV_CTL_TLV_OP_CMD);
1971 return err;
1972 case SNDRV_CTL_IOCTL_POWER:
1973 return -ENOPROTOOPT;
1974 case SNDRV_CTL_IOCTL_POWER_STATE:
1975 return put_user(SNDRV_CTL_POWER_D0, ip) ? -EFAULT : 0;
1976 }
1977
1978 guard(rwsem_read)(&snd_ioctl_rwsem);
1979 list_for_each_entry(p, &snd_control_ioctls, list) {
1980 err = p->fioctl(card, ctl, cmd, arg);
1981 if (err != -ENOIOCTLCMD)
1982 return err;
1983 }
1984 dev_dbg(card->dev, "unknown ioctl = 0x%x\n", cmd);
1985 return -ENOTTY;
1986}
1987
1988static ssize_t snd_ctl_read(struct file *file, char __user *buffer,
1989 size_t count, loff_t * offset)
1990{
1991 struct snd_ctl_file *ctl;
1992 int err = 0;
1993 ssize_t result = 0;
1994
1995 ctl = file->private_data;
1996 if (snd_BUG_ON(!ctl || !ctl->card))
1997 return -ENXIO;
1998 if (!ctl->subscribed)
1999 return -EBADFD;
2000 if (count < sizeof(struct snd_ctl_event))
2001 return -EINVAL;
2002 spin_lock_irq(&ctl->read_lock);
2003 while (count >= sizeof(struct snd_ctl_event)) {
2004 struct snd_ctl_event ev;
2005 struct snd_kctl_event *kev;
2006 while (list_empty(&ctl->events)) {
2007 wait_queue_entry_t wait;
2008 if ((file->f_flags & O_NONBLOCK) != 0 || result > 0) {
2009 err = -EAGAIN;
2010 goto __end_lock;
2011 }
2012 init_waitqueue_entry(&wait, current);
2013 add_wait_queue(&ctl->change_sleep, &wait);
2014 set_current_state(TASK_INTERRUPTIBLE);
2015 spin_unlock_irq(&ctl->read_lock);
2016 schedule();
2017 remove_wait_queue(&ctl->change_sleep, &wait);
2018 if (ctl->card->shutdown)
2019 return -ENODEV;
2020 if (signal_pending(current))
2021 return -ERESTARTSYS;
2022 spin_lock_irq(&ctl->read_lock);
2023 }
2024 kev = snd_kctl_event(ctl->events.next);
2025 ev.type = SNDRV_CTL_EVENT_ELEM;
2026 ev.data.elem.mask = kev->mask;
2027 ev.data.elem.id = kev->id;
2028 list_del(&kev->list);
2029 spin_unlock_irq(&ctl->read_lock);
2030 kfree(kev);
2031 if (copy_to_user(buffer, &ev, sizeof(struct snd_ctl_event))) {
2032 err = -EFAULT;
2033 goto __end;
2034 }
2035 spin_lock_irq(&ctl->read_lock);
2036 buffer += sizeof(struct snd_ctl_event);
2037 count -= sizeof(struct snd_ctl_event);
2038 result += sizeof(struct snd_ctl_event);
2039 }
2040 __end_lock:
2041 spin_unlock_irq(&ctl->read_lock);
2042 __end:
2043 return result > 0 ? result : err;
2044}
2045
2046static __poll_t snd_ctl_poll(struct file *file, poll_table * wait)
2047{
2048 __poll_t mask;
2049 struct snd_ctl_file *ctl;
2050
2051 ctl = file->private_data;
2052 if (!ctl->subscribed)
2053 return 0;
2054 poll_wait(file, &ctl->change_sleep, wait);
2055
2056 mask = 0;
2057 if (!list_empty(&ctl->events))
2058 mask |= EPOLLIN | EPOLLRDNORM;
2059
2060 return mask;
2061}
2062
2063/*
2064 * register the device-specific control-ioctls.
2065 * called from each device manager like pcm.c, hwdep.c, etc.
2066 */
2067static int _snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn, struct list_head *lists)
2068{
2069 struct snd_kctl_ioctl *pn;
2070
2071 pn = kzalloc(sizeof(struct snd_kctl_ioctl), GFP_KERNEL);
2072 if (pn == NULL)
2073 return -ENOMEM;
2074 pn->fioctl = fcn;
2075 guard(rwsem_write)(&snd_ioctl_rwsem);
2076 list_add_tail(&pn->list, lists);
2077 return 0;
2078}
2079
2080/**
2081 * snd_ctl_register_ioctl - register the device-specific control-ioctls
2082 * @fcn: ioctl callback function
2083 *
2084 * called from each device manager like pcm.c, hwdep.c, etc.
2085 *
2086 * Return: zero if successful, or a negative error code
2087 */
2088int snd_ctl_register_ioctl(snd_kctl_ioctl_func_t fcn)
2089{
2090 return _snd_ctl_register_ioctl(fcn, &snd_control_ioctls);
2091}
2092EXPORT_SYMBOL(snd_ctl_register_ioctl);
2093
2094#ifdef CONFIG_COMPAT
2095/**
2096 * snd_ctl_register_ioctl_compat - register the device-specific 32bit compat
2097 * control-ioctls
2098 * @fcn: ioctl callback function
2099 *
2100 * Return: zero if successful, or a negative error code
2101 */
2102int snd_ctl_register_ioctl_compat(snd_kctl_ioctl_func_t fcn)
2103{
2104 return _snd_ctl_register_ioctl(fcn, &snd_control_compat_ioctls);
2105}
2106EXPORT_SYMBOL(snd_ctl_register_ioctl_compat);
2107#endif
2108
2109/*
2110 * de-register the device-specific control-ioctls.
2111 */
2112static int _snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn,
2113 struct list_head *lists)
2114{
2115 struct snd_kctl_ioctl *p;
2116
2117 if (snd_BUG_ON(!fcn))
2118 return -EINVAL;
2119 guard(rwsem_write)(&snd_ioctl_rwsem);
2120 list_for_each_entry(p, lists, list) {
2121 if (p->fioctl == fcn) {
2122 list_del(&p->list);
2123 kfree(p);
2124 return 0;
2125 }
2126 }
2127 snd_BUG();
2128 return -EINVAL;
2129}
2130
2131/**
2132 * snd_ctl_unregister_ioctl - de-register the device-specific control-ioctls
2133 * @fcn: ioctl callback function to unregister
2134 *
2135 * Return: zero if successful, or a negative error code
2136 */
2137int snd_ctl_unregister_ioctl(snd_kctl_ioctl_func_t fcn)
2138{
2139 return _snd_ctl_unregister_ioctl(fcn, &snd_control_ioctls);
2140}
2141EXPORT_SYMBOL(snd_ctl_unregister_ioctl);
2142
2143#ifdef CONFIG_COMPAT
2144/**
2145 * snd_ctl_unregister_ioctl_compat - de-register the device-specific compat
2146 * 32bit control-ioctls
2147 * @fcn: ioctl callback function to unregister
2148 *
2149 * Return: zero if successful, or a negative error code
2150 */
2151int snd_ctl_unregister_ioctl_compat(snd_kctl_ioctl_func_t fcn)
2152{
2153 return _snd_ctl_unregister_ioctl(fcn, &snd_control_compat_ioctls);
2154}
2155EXPORT_SYMBOL(snd_ctl_unregister_ioctl_compat);
2156#endif
2157
2158static int snd_ctl_fasync(int fd, struct file * file, int on)
2159{
2160 struct snd_ctl_file *ctl;
2161
2162 ctl = file->private_data;
2163 return snd_fasync_helper(fd, file, on, &ctl->fasync);
2164}
2165
2166/* return the preferred subdevice number if already assigned;
2167 * otherwise return -1
2168 */
2169int snd_ctl_get_preferred_subdevice(struct snd_card *card, int type)
2170{
2171 struct snd_ctl_file *kctl;
2172 int subdevice = -1;
2173
2174 guard(read_lock_irqsave)(&card->ctl_files_rwlock);
2175 list_for_each_entry(kctl, &card->ctl_files, list) {
2176 if (kctl->pid == task_pid(current)) {
2177 subdevice = kctl->preferred_subdevice[type];
2178 if (subdevice != -1)
2179 break;
2180 }
2181 }
2182 return subdevice;
2183}
2184EXPORT_SYMBOL_GPL(snd_ctl_get_preferred_subdevice);
2185
2186/*
2187 * ioctl32 compat
2188 */
2189#ifdef CONFIG_COMPAT
2190#include "control_compat.c"
2191#else
2192#define snd_ctl_ioctl_compat NULL
2193#endif
2194
2195/*
2196 * control layers (audio LED etc.)
2197 */
2198
2199/**
2200 * snd_ctl_request_layer - request to use the layer
2201 * @module_name: Name of the kernel module (NULL == build-in)
2202 *
2203 * Return: zero if successful, or an error code when the module cannot be loaded
2204 */
2205int snd_ctl_request_layer(const char *module_name)
2206{
2207 struct snd_ctl_layer_ops *lops;
2208
2209 if (module_name == NULL)
2210 return 0;
2211 scoped_guard(rwsem_read, &snd_ctl_layer_rwsem) {
2212 for (lops = snd_ctl_layer; lops; lops = lops->next)
2213 if (strcmp(lops->module_name, module_name) == 0)
2214 return 0;
2215 }
2216 return request_module(module_name);
2217}
2218EXPORT_SYMBOL_GPL(snd_ctl_request_layer);
2219
2220/**
2221 * snd_ctl_register_layer - register new control layer
2222 * @lops: operation structure
2223 *
2224 * The new layer can track all control elements and do additional
2225 * operations on top (like audio LED handling).
2226 */
2227void snd_ctl_register_layer(struct snd_ctl_layer_ops *lops)
2228{
2229 struct snd_card *card;
2230 int card_number;
2231
2232 scoped_guard(rwsem_write, &snd_ctl_layer_rwsem) {
2233 lops->next = snd_ctl_layer;
2234 snd_ctl_layer = lops;
2235 }
2236 for (card_number = 0; card_number < SNDRV_CARDS; card_number++) {
2237 card = snd_card_ref(card_number);
2238 if (card) {
2239 scoped_guard(rwsem_read, &card->controls_rwsem)
2240 lops->lregister(card);
2241 snd_card_unref(card);
2242 }
2243 }
2244}
2245EXPORT_SYMBOL_GPL(snd_ctl_register_layer);
2246
2247/**
2248 * snd_ctl_disconnect_layer - disconnect control layer
2249 * @lops: operation structure
2250 *
2251 * It is expected that the information about tracked cards
2252 * is freed before this call (the disconnect callback is
2253 * not called here).
2254 */
2255void snd_ctl_disconnect_layer(struct snd_ctl_layer_ops *lops)
2256{
2257 struct snd_ctl_layer_ops *lops2, *prev_lops2;
2258
2259 guard(rwsem_write)(&snd_ctl_layer_rwsem);
2260 for (lops2 = snd_ctl_layer, prev_lops2 = NULL; lops2; lops2 = lops2->next) {
2261 if (lops2 == lops) {
2262 if (!prev_lops2)
2263 snd_ctl_layer = lops->next;
2264 else
2265 prev_lops2->next = lops->next;
2266 break;
2267 }
2268 prev_lops2 = lops2;
2269 }
2270}
2271EXPORT_SYMBOL_GPL(snd_ctl_disconnect_layer);
2272
2273/*
2274 * INIT PART
2275 */
2276
2277static const struct file_operations snd_ctl_f_ops =
2278{
2279 .owner = THIS_MODULE,
2280 .read = snd_ctl_read,
2281 .open = snd_ctl_open,
2282 .release = snd_ctl_release,
2283 .llseek = no_llseek,
2284 .poll = snd_ctl_poll,
2285 .unlocked_ioctl = snd_ctl_ioctl,
2286 .compat_ioctl = snd_ctl_ioctl_compat,
2287 .fasync = snd_ctl_fasync,
2288};
2289
2290/* call lops under rwsems; called from snd_ctl_dev_*() below() */
2291#define call_snd_ctl_lops(_card, _op) \
2292 do { \
2293 struct snd_ctl_layer_ops *lops; \
2294 guard(rwsem_read)(&(_card)->controls_rwsem); \
2295 guard(rwsem_read)(&snd_ctl_layer_rwsem); \
2296 for (lops = snd_ctl_layer; lops; lops = lops->next) \
2297 lops->_op(_card); \
2298 } while (0)
2299
2300/*
2301 * registration of the control device
2302 */
2303static int snd_ctl_dev_register(struct snd_device *device)
2304{
2305 struct snd_card *card = device->device_data;
2306 int err;
2307
2308 err = snd_register_device(SNDRV_DEVICE_TYPE_CONTROL, card, -1,
2309 &snd_ctl_f_ops, card, card->ctl_dev);
2310 if (err < 0)
2311 return err;
2312 call_snd_ctl_lops(card, lregister);
2313 return 0;
2314}
2315
2316/*
2317 * disconnection of the control device
2318 */
2319static int snd_ctl_dev_disconnect(struct snd_device *device)
2320{
2321 struct snd_card *card = device->device_data;
2322 struct snd_ctl_file *ctl;
2323
2324 scoped_guard(read_lock_irqsave, &card->ctl_files_rwlock) {
2325 list_for_each_entry(ctl, &card->ctl_files, list) {
2326 wake_up(&ctl->change_sleep);
2327 snd_kill_fasync(ctl->fasync, SIGIO, POLL_ERR);
2328 }
2329 }
2330
2331 call_snd_ctl_lops(card, ldisconnect);
2332 return snd_unregister_device(card->ctl_dev);
2333}
2334
2335/*
2336 * free all controls
2337 */
2338static int snd_ctl_dev_free(struct snd_device *device)
2339{
2340 struct snd_card *card = device->device_data;
2341 struct snd_kcontrol *control;
2342
2343 scoped_guard(rwsem_write, &card->controls_rwsem) {
2344 while (!list_empty(&card->controls)) {
2345 control = snd_kcontrol(card->controls.next);
2346 __snd_ctl_remove(card, control, false);
2347 }
2348
2349#ifdef CONFIG_SND_CTL_FAST_LOOKUP
2350 xa_destroy(&card->ctl_numids);
2351 xa_destroy(&card->ctl_hash);
2352#endif
2353 }
2354 put_device(card->ctl_dev);
2355 return 0;
2356}
2357
2358/*
2359 * create control core:
2360 * called from init.c
2361 */
2362int snd_ctl_create(struct snd_card *card)
2363{
2364 static const struct snd_device_ops ops = {
2365 .dev_free = snd_ctl_dev_free,
2366 .dev_register = snd_ctl_dev_register,
2367 .dev_disconnect = snd_ctl_dev_disconnect,
2368 };
2369 int err;
2370
2371 if (snd_BUG_ON(!card))
2372 return -ENXIO;
2373 if (snd_BUG_ON(card->number < 0 || card->number >= SNDRV_CARDS))
2374 return -ENXIO;
2375
2376 err = snd_device_alloc(&card->ctl_dev, card);
2377 if (err < 0)
2378 return err;
2379 dev_set_name(card->ctl_dev, "controlC%d", card->number);
2380
2381 err = snd_device_new(card, SNDRV_DEV_CONTROL, card, &ops);
2382 if (err < 0)
2383 put_device(card->ctl_dev);
2384 return err;
2385}
2386
2387/*
2388 * Frequently used control callbacks/helpers
2389 */
2390
2391/**
2392 * snd_ctl_boolean_mono_info - Helper function for a standard boolean info
2393 * callback with a mono channel
2394 * @kcontrol: the kcontrol instance
2395 * @uinfo: info to store
2396 *
2397 * This is a function that can be used as info callback for a standard
2398 * boolean control with a single mono channel.
2399 *
2400 * Return: Zero (always successful)
2401 */
2402int snd_ctl_boolean_mono_info(struct snd_kcontrol *kcontrol,
2403 struct snd_ctl_elem_info *uinfo)
2404{
2405 uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN;
2406 uinfo->count = 1;
2407 uinfo->value.integer.min = 0;
2408 uinfo->value.integer.max = 1;
2409 return 0;
2410}
2411EXPORT_SYMBOL(snd_ctl_boolean_mono_info);
2412
2413/**
2414 * snd_ctl_boolean_stereo_info - Helper function for a standard boolean info
2415 * callback with stereo two channels
2416 * @kcontrol: the kcontrol instance
2417 * @uinfo: info to store
2418 *
2419 * This is a function that can be used as info callback for a standard
2420 * boolean control with stereo two channels.
2421 *
2422 * Return: Zero (always successful)
2423 */
2424int snd_ctl_boolean_stereo_info(struct snd_kcontrol *kcontrol,
2425 struct snd_ctl_elem_info *uinfo)
2426{
2427 uinfo->type = SNDRV_CTL_ELEM_TYPE_BOOLEAN;
2428 uinfo->count = 2;
2429 uinfo->value.integer.min = 0;
2430 uinfo->value.integer.max = 1;
2431 return 0;
2432}
2433EXPORT_SYMBOL(snd_ctl_boolean_stereo_info);
2434
2435/**
2436 * snd_ctl_enum_info - fills the info structure for an enumerated control
2437 * @info: the structure to be filled
2438 * @channels: the number of the control's channels; often one
2439 * @items: the number of control values; also the size of @names
2440 * @names: an array containing the names of all control values
2441 *
2442 * Sets all required fields in @info to their appropriate values.
2443 * If the control's accessibility is not the default (readable and writable),
2444 * the caller has to fill @info->access.
2445 *
2446 * Return: Zero (always successful)
2447 */
2448int snd_ctl_enum_info(struct snd_ctl_elem_info *info, unsigned int channels,
2449 unsigned int items, const char *const names[])
2450{
2451 info->type = SNDRV_CTL_ELEM_TYPE_ENUMERATED;
2452 info->count = channels;
2453 info->value.enumerated.items = items;
2454 if (!items)
2455 return 0;
2456 if (info->value.enumerated.item >= items)
2457 info->value.enumerated.item = items - 1;
2458 WARN(strlen(names[info->value.enumerated.item]) >= sizeof(info->value.enumerated.name),
2459 "ALSA: too long item name '%s'\n",
2460 names[info->value.enumerated.item]);
2461 strscpy(info->value.enumerated.name,
2462 names[info->value.enumerated.item],
2463 sizeof(info->value.enumerated.name));
2464 return 0;
2465}
2466EXPORT_SYMBOL(snd_ctl_enum_info);