I can't recommend it, but I can't stop people from doing it, so at least
document the ground rules.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
This can't fail in the kernel anyway, so cast it to shut up Coverity.
Error message:
"Calling function "ioctl(int, unsigned long, ...)" without checking return
value (as is done elsewhere 35 out of 36 times)."
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Using LIBEVDEV_UINPUT_OPEN_MANAGED can leak the fd if an error occurs after
opening it.
Found by Coverity.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
The static library currently leaks log_msg and log_priority. Both are too
generic, so rename them, with a leading underscore to hint they're supposed to
be private.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
12717d79 "Add libevdev_event_type/code_from_name() resolvers" added the
lookup functions for types and codes, this commit adds the missing ones for
input properties.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
We use the negative errno internally, but the proper errno is always positive.
Fixes device creation failures on kernels that don't support UI_SET_PROPBIT.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Older kernels don't have UI_GET_SYSNAME, and upstream is adding a few more
ioctls to the uinput code. So ship the header we're using to avoid compilation
errors.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Better protection against buffer overflow, though by the time someone
is manipulating your sysfs, libevdev is unlikely to be the biggest worry.
Slight change in functionality: before we checked the timestamp of
/sys/devices/virtual/input/inputXYZ before looking at /inputXYZ/name, now we
just check the name file for the timestamp.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
The global log handler isn't a good choice for a low-level library. In the
caser of the X server, both evdev and synaptics are now using the libevdev but
are loaded from the same server process. Thus, there's only one log handler,
but evdev and synaptics don't talk to each other (a bit childish, I know).
Add a per-device log handler that overrides the global log handler, and fall
back to the global log handler if no device log handler is set. The log
macros take care of that automatically, especially as we can't do per-device
log handlers for the uinput code.
Note that we use the same struct for the global and device logging, so in each
instance one of the two function pointers is NULL. Suicide triggers are in
place in case we mess that up.
This also makes libevdev_new_from_fd() a bit less useful since we can't set
the log handler beforehand.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Triggered by the tests when run as non-root. Simply ignore any attempt to
destroy a NULL device, which also matches the behaviour of libevdev_free().
Reported-by: Andreas Radke <a.radke@arcor.de>
Reviewed-by: Daniel Martin <consume.noise@gmail.com>
Tested-by: Daniel Martin <consume.noise@gmail.com>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
The kernel ring buffer drops all events on SYN_DROPPED, but then continues to
fill up again. So by the time we read the events, the kernel's client buffer is
essentially like this:
SYN_DROPPED, ev1, ev2, ev3, ...., evN
The kernel's device state represents the device after evN, and that is what
the ioctls return. For EV_KEY, EV_SND, EV_LED and EV_SW the kernel removes
potential duplicates from the client buffer [1], it doesn't do so for EV_ABS.
So we can't actually sync while there are events on the wire because the
events represent an earlier state. So simply discard all events in the kernel
buffer, synchronize, and then start processing again. We lose some granularity
but at least the events are correct.
[1] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/drivers/input/evdev.c?id=483180281f0ac60d1138710eb21f4b9961901294
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Follow-up to
commit 41334b5b40
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Thu Mar 6 11:54:00 2014 +1000
If the tracking ID changes during SYN_DROPPED, terminate the touch first
In normal mode, we may get double tracking ID events in the same slot, but
only if we either have a user-generated event sequence (uinput) or a malicious
device that tries to send data on a slot > dev->num_slots.
Since the client is unlikely to be able to handle these events, discard the
ABS_MT_TRACKING_ID completely. This is a bug somewhere in the stack, so
complain and hobble on along.
Note: the kernel doesn't allow that, but we cap to num_slots anyway, see
66fee1bec4.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
No real effects, but improves readability
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
We can't allocate in sync_mt_state since it may be called in the signal
handler. So pre-allocate based on the device's number of slots, store that in
the libevdev struct and use it for the sync process.
This fixes a remaining bug with the handling of ABS_MT_TRACKING_ID. If a
device had > MAX_SLOTS and a slot above that limit would start or stop during
a SYN_DROPPED event, the slot would not be synced, and a subsequent touch in
that slot may double-terminate or double-open a touchpoint in the client.
For the effects of that see
commit 41334b5b40
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Thu Mar 6 11:54:00 2014 +1000
If the tracking ID changes during SYN_DROPPED, terminate the touch first
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
For protocol A devices we won't get the information from the kernel anyway and
we expect all axes to be updated in the next event.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
The EVICOCGMTSLOTS ioctl returns all slot values for the requested code or an
error code, it doesn't return the number of bytes successfully transferred.
Thus all values in the input array are always defined (on success), we don't
need to memset it.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
If a touch starts and terminates while in SYN_DROPPED, the tracking ID appears
to stay at -1, but the other axes may update. We need to pass these on to the
client since the kernel may buffer the next event with the same value
otherwise. Note this in the documentation so that client's don't create touch
points based on out-of-touchpoint updates.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
This doesn't really do much here, but strictly speaking: if asprintf returns
-1, devnode is undefined. So reset it to NULL to avoid weird pointers. And
also free the rest of the names if we ever have more than one device - which
also shouldn't happen.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Triggered with -O3
../libevdev/libevdev.c: In function ‘libevdev_get_event_value’:
../libevdev/libevdev.c:1112:6: warning: ‘value’ may be used uninitialized in
this function [-Wmaybe-uninitialized]
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Triggered with -O
../libevdev/libevdev.c: In function ‘libevdev_has_event_code’:
../libevdev/libevdev-util.h:58:20: warning: ‘mask’ may be used uninitialized
in this function [-Wmaybe-uninitialized]
Optimisation clearly shuffles things around here: in the code, if no max is
found, we return -1 and bail out before we access mask.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
If a client doesn't sync expliciltly, make sure we sanitize the events when we
update the internal library state.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
"Related Pages" in doxygen are ordered in the order they appear in the source
file. The internal test suite is least likely to be of interest to the
reader, so move it to the bottom.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
This makes it easier to look up what specific version libevdev was compiled
against.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
This is getting a bit complex, so add some high-level documentation that we at
least know what we're trying to do.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Clients may not care about the events generated during SYN_DROPPED, but the
current slot must be updated to avoid a client being out-of-date.
Same with tracking IDs, if they changed, the caller will likely have to update
some internal states.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Most clients can't deal with tracking ID changes unless a -1 is sent first. So
if we notice that the tracking ID has changed during the sync process, send a
set of ABS_MT_TRACKING_ID -1 events for each of those, then send the rest of
the events.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
If multiple slots have changed during the sync handling, the client must be
re-set to the current slot before continuing with normal events.
Signed-off-by: Benjamin Tissoires <btissoir@redhat.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Devices with ABS_MT_SLOT-1 are fake MT devices, they merely overlap the
axis range but don't actually provide slots. The EVIOCGABS ioctl won't work to
retrieve the current value - the kernel does not store values for those axes
and the return value is always 0.
Thus, simply ignore those axes for fake MT devices and instead rely on the
next event to update the caller with the correct state for each axis.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
This allows libevdev-util.h to be used by tests, it no longer relies on
libevdev internal structs.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
A malicious device may announce N slots but then send a slot index >= N. The
slot state is almost always allocated (definitely the case in libevdev and
true for most callers), so providing a slot number higher than the announced
maximum is likely to lead to invalid dereferences. Don't allow that.
Likewise, don't allow negative slot numbers.
Note that the kernel filters these events anyway, the only way to trigger this
is to change the device fd to something outside the kernel's control.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
As seen on 3M devices, which seems to be the maximum seen so far. Some Stantum
devices report 255 touches but are only capable of 10, so the are not affected
by our limits.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Changes the algorithm: before we'd ioctl all axes for all slots, then generate
events for all slots one-by-one.
Now we ioctl the slot state for each axis, copy the new event value into
the device and mark a bitfield that we've updated the value. Then loop through
the slots and generate events where changed.
Side-effect: this makes it easy to check if anything in the slot has updated,
so we can skip empty slot events during sync.
Min memory requirement for the state storage was:
MAX_SLOTS * (ABS_MT_CNT + 1) * sizeof(int) = 1980
Min memory requirement now:
(ABS_MT_CNT + 1) * sizeof(int) + NLONGS((MAX_SLOTS * ABS_MT_CNT) bits) = 544
This is sigsafe code, so this was stack memory. Reducing the requirement
allows us to up MAX_SLOTS in the future if we need to.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Instead of relying on a static MAX_SLOTS array, allocated it based on the
number of slots we have on the device. The previous checks for MAX_SLOTS were
incomplete, causing out-of-bound reads.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
If a device has more than MAX_SLOTS slots, we'd run out-of-bounds on the sync
array. This function is sig-safe, so we can't alloc here, merely limit the
access.
Reported-by: Jonas Ådahl <jadahl@gmail.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
