1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1992 obz under the linux copyright 4 * 5 * Dynamic diacritical handling - aeb@cwi.nl - Dec 1993 6 * Dynamic keymap and string allocation - aeb@cwi.nl - May 1994 7 * Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995 8 * Some code moved for less code duplication - Andi Kleen - Mar 1997 9 * Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001 10 */ 11 12 #include <linux/types.h> 13 #include <linux/errno.h> 14 #include <linux/sched/signal.h> 15 #include <linux/tty.h> 16 #include <linux/timer.h> 17 #include <linux/kernel.h> 18 #include <linux/compat.h> 19 #include <linux/module.h> 20 #include <linux/kd.h> 21 #include <linux/vt.h> 22 #include <linux/string.h> 23 #include <linux/slab.h> 24 #include <linux/major.h> 25 #include <linux/fs.h> 26 #include <linux/console.h> 27 #include <linux/consolemap.h> 28 #include <linux/signal.h> 29 #include <linux/suspend.h> 30 #include <linux/timex.h> 31 32 #include <asm/io.h> 33 #include <linux/uaccess.h> 34 35 #include <linux/nospec.h> 36 37 #include <linux/kbd_kern.h> 38 #include <linux/vt_kern.h> 39 #include <linux/kbd_diacr.h> 40 #include <linux/selection.h> 41 42 char vt_dont_switch; 43 extern struct tty_driver *console_driver; 44 45 #define VT_IS_IN_USE(i) (console_driver->ttys[i] && console_driver->ttys[i]->count) 46 #define VT_BUSY(i) (VT_IS_IN_USE(i) || i == fg_console || vc_cons[i].d == sel_cons) 47 48 /* 49 * Console (vt and kd) routines, as defined by USL SVR4 manual, and by 50 * experimentation and study of X386 SYSV handling. 51 * 52 * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and 53 * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console, 54 * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will 55 * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to 56 * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using 57 * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing 58 * to the current console is done by the main ioctl code. 59 */ 60 61 #ifdef CONFIG_X86 62 #include <asm/syscalls.h> 63 #endif 64 65 static void complete_change_console(struct vc_data *vc); 66 67 /* 68 * User space VT_EVENT handlers 69 */ 70 71 struct vt_event_wait { 72 struct list_head list; 73 struct vt_event event; 74 int done; 75 }; 76 77 static LIST_HEAD(vt_events); 78 static DEFINE_SPINLOCK(vt_event_lock); 79 static DECLARE_WAIT_QUEUE_HEAD(vt_event_waitqueue); 80 81 /** 82 * vt_event_post 83 * @event: the event that occurred 84 * @old: old console 85 * @new: new console 86 * 87 * Post an VT event to interested VT handlers 88 */ 89 90 void vt_event_post(unsigned int event, unsigned int old, unsigned int new) 91 { 92 struct list_head *pos, *head; 93 unsigned long flags; 94 int wake = 0; 95 96 spin_lock_irqsave(&vt_event_lock, flags); 97 head = &vt_events; 98 99 list_for_each(pos, head) { 100 struct vt_event_wait *ve = list_entry(pos, 101 struct vt_event_wait, list); 102 if (!(ve->event.event & event)) 103 continue; 104 ve->event.event = event; 105 /* kernel view is consoles 0..n-1, user space view is 106 console 1..n with 0 meaning current, so we must bias */ 107 ve->event.oldev = old + 1; 108 ve->event.newev = new + 1; 109 wake = 1; 110 ve->done = 1; 111 } 112 spin_unlock_irqrestore(&vt_event_lock, flags); 113 if (wake) 114 wake_up_interruptible(&vt_event_waitqueue); 115 } 116 117 static void __vt_event_queue(struct vt_event_wait *vw) 118 { 119 unsigned long flags; 120 /* Prepare the event */ 121 INIT_LIST_HEAD(&vw->list); 122 vw->done = 0; 123 /* Queue our event */ 124 spin_lock_irqsave(&vt_event_lock, flags); 125 list_add(&vw->list, &vt_events); 126 spin_unlock_irqrestore(&vt_event_lock, flags); 127 } 128 129 static void __vt_event_wait(struct vt_event_wait *vw) 130 { 131 /* Wait for it to pass */ 132 wait_event_interruptible(vt_event_waitqueue, vw->done); 133 } 134 135 static void __vt_event_dequeue(struct vt_event_wait *vw) 136 { 137 unsigned long flags; 138 139 /* Dequeue it */ 140 spin_lock_irqsave(&vt_event_lock, flags); 141 list_del(&vw->list); 142 spin_unlock_irqrestore(&vt_event_lock, flags); 143 } 144 145 /** 146 * vt_event_wait - wait for an event 147 * @vw: our event 148 * 149 * Waits for an event to occur which completes our vt_event_wait 150 * structure. On return the structure has wv->done set to 1 for success 151 * or 0 if some event such as a signal ended the wait. 152 */ 153 154 static void vt_event_wait(struct vt_event_wait *vw) 155 { 156 __vt_event_queue(vw); 157 __vt_event_wait(vw); 158 __vt_event_dequeue(vw); 159 } 160 161 /** 162 * vt_event_wait_ioctl - event ioctl handler 163 * @arg: argument to ioctl 164 * 165 * Implement the VT_WAITEVENT ioctl using the VT event interface 166 */ 167 168 static int vt_event_wait_ioctl(struct vt_event __user *event) 169 { 170 struct vt_event_wait vw; 171 172 if (copy_from_user(&vw.event, event, sizeof(struct vt_event))) 173 return -EFAULT; 174 /* Highest supported event for now */ 175 if (vw.event.event & ~VT_MAX_EVENT) 176 return -EINVAL; 177 178 vt_event_wait(&vw); 179 /* If it occurred report it */ 180 if (vw.done) { 181 if (copy_to_user(event, &vw.event, sizeof(struct vt_event))) 182 return -EFAULT; 183 return 0; 184 } 185 return -EINTR; 186 } 187 188 /** 189 * vt_waitactive - active console wait 190 * @event: event code 191 * @n: new console 192 * 193 * Helper for event waits. Used to implement the legacy 194 * event waiting ioctls in terms of events 195 */ 196 197 int vt_waitactive(int n) 198 { 199 struct vt_event_wait vw; 200 do { 201 vw.event.event = VT_EVENT_SWITCH; 202 __vt_event_queue(&vw); 203 if (n == fg_console + 1) { 204 __vt_event_dequeue(&vw); 205 break; 206 } 207 __vt_event_wait(&vw); 208 __vt_event_dequeue(&vw); 209 if (vw.done == 0) 210 return -EINTR; 211 } while (vw.event.newev != n); 212 return 0; 213 } 214 215 /* 216 * these are the valid i/o ports we're allowed to change. they map all the 217 * video ports 218 */ 219 #define GPFIRST 0x3b4 220 #define GPLAST 0x3df 221 #define GPNUM (GPLAST - GPFIRST + 1) 222 223 224 225 static inline int 226 do_fontx_ioctl(int cmd, struct consolefontdesc __user *user_cfd, int perm, struct console_font_op *op) 227 { 228 struct consolefontdesc cfdarg; 229 int i; 230 231 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct consolefontdesc))) 232 return -EFAULT; 233 234 switch (cmd) { 235 case PIO_FONTX: 236 if (!perm) 237 return -EPERM; 238 op->op = KD_FONT_OP_SET; 239 op->flags = KD_FONT_FLAG_OLD; 240 op->width = 8; 241 op->height = cfdarg.charheight; 242 op->charcount = cfdarg.charcount; 243 op->data = cfdarg.chardata; 244 return con_font_op(vc_cons[fg_console].d, op); 245 case GIO_FONTX: { 246 op->op = KD_FONT_OP_GET; 247 op->flags = KD_FONT_FLAG_OLD; 248 op->width = 8; 249 op->height = cfdarg.charheight; 250 op->charcount = cfdarg.charcount; 251 op->data = cfdarg.chardata; 252 i = con_font_op(vc_cons[fg_console].d, op); 253 if (i) 254 return i; 255 cfdarg.charheight = op->height; 256 cfdarg.charcount = op->charcount; 257 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct consolefontdesc))) 258 return -EFAULT; 259 return 0; 260 } 261 } 262 return -EINVAL; 263 } 264 265 static inline int 266 do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud, int perm, struct vc_data *vc) 267 { 268 struct unimapdesc tmp; 269 270 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 271 return -EFAULT; 272 switch (cmd) { 273 case PIO_UNIMAP: 274 if (!perm) 275 return -EPERM; 276 return con_set_unimap(vc, tmp.entry_ct, tmp.entries); 277 case GIO_UNIMAP: 278 if (!perm && fg_console != vc->vc_num) 279 return -EPERM; 280 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp.entries); 281 } 282 return 0; 283 } 284 285 /* deallocate a single console, if possible (leave 0) */ 286 static int vt_disallocate(unsigned int vc_num) 287 { 288 struct vc_data *vc = NULL; 289 int ret = 0; 290 291 console_lock(); 292 if (VT_BUSY(vc_num)) 293 ret = -EBUSY; 294 else if (vc_num) 295 vc = vc_deallocate(vc_num); 296 console_unlock(); 297 298 if (vc && vc_num >= MIN_NR_CONSOLES) { 299 tty_port_destroy(&vc->port); 300 kfree(vc); 301 } 302 303 return ret; 304 } 305 306 /* deallocate all unused consoles, but leave 0 */ 307 static void vt_disallocate_all(void) 308 { 309 struct vc_data *vc[MAX_NR_CONSOLES]; 310 int i; 311 312 console_lock(); 313 for (i = 1; i < MAX_NR_CONSOLES; i++) 314 if (!VT_BUSY(i)) 315 vc[i] = vc_deallocate(i); 316 else 317 vc[i] = NULL; 318 console_unlock(); 319 320 for (i = 1; i < MAX_NR_CONSOLES; i++) { 321 if (vc[i] && i >= MIN_NR_CONSOLES) { 322 tty_port_destroy(&vc[i]->port); 323 kfree(vc[i]); 324 } 325 } 326 } 327 328 329 /* 330 * We handle the console-specific ioctl's here. We allow the 331 * capability to modify any console, not just the fg_console. 332 */ 333 int vt_ioctl(struct tty_struct *tty, 334 unsigned int cmd, unsigned long arg) 335 { 336 struct vc_data *vc = tty->driver_data; 337 struct console_font_op op; /* used in multiple places here */ 338 unsigned int console; 339 unsigned char ucval; 340 unsigned int uival; 341 void __user *up = (void __user *)arg; 342 int i, perm; 343 int ret = 0; 344 345 console = vc->vc_num; 346 347 348 if (!vc_cons_allocated(console)) { /* impossible? */ 349 ret = -ENOIOCTLCMD; 350 goto out; 351 } 352 353 354 /* 355 * To have permissions to do most of the vt ioctls, we either have 356 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 357 */ 358 perm = 0; 359 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 360 perm = 1; 361 362 switch (cmd) { 363 case TIOCLINUX: 364 ret = tioclinux(tty, arg); 365 break; 366 case KIOCSOUND: 367 if (!perm) 368 return -EPERM; 369 /* 370 * The use of PIT_TICK_RATE is historic, it used to be 371 * the platform-dependent CLOCK_TICK_RATE between 2.6.12 372 * and 2.6.36, which was a minor but unfortunate ABI 373 * change. kd_mksound is locked by the input layer. 374 */ 375 if (arg) 376 arg = PIT_TICK_RATE / arg; 377 kd_mksound(arg, 0); 378 break; 379 380 case KDMKTONE: 381 if (!perm) 382 return -EPERM; 383 { 384 unsigned int ticks, count; 385 386 /* 387 * Generate the tone for the appropriate number of ticks. 388 * If the time is zero, turn off sound ourselves. 389 */ 390 ticks = msecs_to_jiffies((arg >> 16) & 0xffff); 391 count = ticks ? (arg & 0xffff) : 0; 392 if (count) 393 count = PIT_TICK_RATE / count; 394 kd_mksound(count, ticks); 395 break; 396 } 397 398 case KDGKBTYPE: 399 /* 400 * this is naïve. 401 */ 402 ucval = KB_101; 403 ret = put_user(ucval, (char __user *)arg); 404 break; 405 406 /* 407 * These cannot be implemented on any machine that implements 408 * ioperm() in user level (such as Alpha PCs) or not at all. 409 * 410 * XXX: you should never use these, just call ioperm directly.. 411 */ 412 #ifdef CONFIG_X86 413 case KDADDIO: 414 case KDDELIO: 415 /* 416 * KDADDIO and KDDELIO may be able to add ports beyond what 417 * we reject here, but to be safe... 418 * 419 * These are locked internally via sys_ioperm 420 */ 421 if (arg < GPFIRST || arg > GPLAST) { 422 ret = -EINVAL; 423 break; 424 } 425 ret = ksys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0; 426 break; 427 428 case KDENABIO: 429 case KDDISABIO: 430 ret = ksys_ioperm(GPFIRST, GPNUM, 431 (cmd == KDENABIO)) ? -ENXIO : 0; 432 break; 433 #endif 434 435 /* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */ 436 437 case KDKBDREP: 438 { 439 struct kbd_repeat kbrep; 440 441 if (!capable(CAP_SYS_TTY_CONFIG)) 442 return -EPERM; 443 444 if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat))) { 445 ret = -EFAULT; 446 break; 447 } 448 ret = kbd_rate(&kbrep); 449 if (ret) 450 break; 451 if (copy_to_user(up, &kbrep, sizeof(struct kbd_repeat))) 452 ret = -EFAULT; 453 break; 454 } 455 456 case KDSETMODE: 457 /* 458 * currently, setting the mode from KD_TEXT to KD_GRAPHICS 459 * doesn't do a whole lot. i'm not sure if it should do any 460 * restoration of modes or what... 461 * 462 * XXX It should at least call into the driver, fbdev's definitely 463 * need to restore their engine state. --BenH 464 */ 465 if (!perm) 466 return -EPERM; 467 switch (arg) { 468 case KD_GRAPHICS: 469 break; 470 case KD_TEXT0: 471 case KD_TEXT1: 472 arg = KD_TEXT; 473 case KD_TEXT: 474 break; 475 default: 476 ret = -EINVAL; 477 goto out; 478 } 479 /* FIXME: this needs the console lock extending */ 480 if (vc->vc_mode == (unsigned char) arg) 481 break; 482 vc->vc_mode = (unsigned char) arg; 483 if (console != fg_console) 484 break; 485 /* 486 * explicitly blank/unblank the screen if switching modes 487 */ 488 console_lock(); 489 if (arg == KD_TEXT) 490 do_unblank_screen(1); 491 else 492 do_blank_screen(1); 493 console_unlock(); 494 break; 495 496 case KDGETMODE: 497 uival = vc->vc_mode; 498 goto setint; 499 500 case KDMAPDISP: 501 case KDUNMAPDISP: 502 /* 503 * these work like a combination of mmap and KDENABIO. 504 * this could be easily finished. 505 */ 506 ret = -EINVAL; 507 break; 508 509 case KDSKBMODE: 510 if (!perm) 511 return -EPERM; 512 ret = vt_do_kdskbmode(console, arg); 513 if (ret == 0) 514 tty_ldisc_flush(tty); 515 break; 516 517 case KDGKBMODE: 518 uival = vt_do_kdgkbmode(console); 519 ret = put_user(uival, (int __user *)arg); 520 break; 521 522 /* this could be folded into KDSKBMODE, but for compatibility 523 reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */ 524 case KDSKBMETA: 525 ret = vt_do_kdskbmeta(console, arg); 526 break; 527 528 case KDGKBMETA: 529 /* FIXME: should review whether this is worth locking */ 530 uival = vt_do_kdgkbmeta(console); 531 setint: 532 ret = put_user(uival, (int __user *)arg); 533 break; 534 535 case KDGETKEYCODE: 536 case KDSETKEYCODE: 537 if(!capable(CAP_SYS_TTY_CONFIG)) 538 perm = 0; 539 ret = vt_do_kbkeycode_ioctl(cmd, up, perm); 540 break; 541 542 case KDGKBENT: 543 case KDSKBENT: 544 ret = vt_do_kdsk_ioctl(cmd, up, perm, console); 545 break; 546 547 case KDGKBSENT: 548 case KDSKBSENT: 549 ret = vt_do_kdgkb_ioctl(cmd, up, perm); 550 break; 551 552 /* Diacritical processing. Handled in keyboard.c as it has 553 to operate on the keyboard locks and structures */ 554 case KDGKBDIACR: 555 case KDGKBDIACRUC: 556 case KDSKBDIACR: 557 case KDSKBDIACRUC: 558 ret = vt_do_diacrit(cmd, up, perm); 559 break; 560 561 /* the ioctls below read/set the flags usually shown in the leds */ 562 /* don't use them - they will go away without warning */ 563 case KDGKBLED: 564 case KDSKBLED: 565 case KDGETLED: 566 case KDSETLED: 567 ret = vt_do_kdskled(console, cmd, arg, perm); 568 break; 569 570 /* 571 * A process can indicate its willingness to accept signals 572 * generated by pressing an appropriate key combination. 573 * Thus, one can have a daemon that e.g. spawns a new console 574 * upon a keypress and then changes to it. 575 * See also the kbrequest field of inittab(5). 576 */ 577 case KDSIGACCEPT: 578 { 579 if (!perm || !capable(CAP_KILL)) 580 return -EPERM; 581 if (!valid_signal(arg) || arg < 1 || arg == SIGKILL) 582 ret = -EINVAL; 583 else { 584 spin_lock_irq(&vt_spawn_con.lock); 585 put_pid(vt_spawn_con.pid); 586 vt_spawn_con.pid = get_pid(task_pid(current)); 587 vt_spawn_con.sig = arg; 588 spin_unlock_irq(&vt_spawn_con.lock); 589 } 590 break; 591 } 592 593 case VT_SETMODE: 594 { 595 struct vt_mode tmp; 596 597 if (!perm) 598 return -EPERM; 599 if (copy_from_user(&tmp, up, sizeof(struct vt_mode))) { 600 ret = -EFAULT; 601 goto out; 602 } 603 if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS) { 604 ret = -EINVAL; 605 goto out; 606 } 607 console_lock(); 608 vc->vt_mode = tmp; 609 /* the frsig is ignored, so we set it to 0 */ 610 vc->vt_mode.frsig = 0; 611 put_pid(vc->vt_pid); 612 vc->vt_pid = get_pid(task_pid(current)); 613 /* no switch is required -- saw@shade.msu.ru */ 614 vc->vt_newvt = -1; 615 console_unlock(); 616 break; 617 } 618 619 case VT_GETMODE: 620 { 621 struct vt_mode tmp; 622 int rc; 623 624 console_lock(); 625 memcpy(&tmp, &vc->vt_mode, sizeof(struct vt_mode)); 626 console_unlock(); 627 628 rc = copy_to_user(up, &tmp, sizeof(struct vt_mode)); 629 if (rc) 630 ret = -EFAULT; 631 break; 632 } 633 634 /* 635 * Returns global vt state. Note that VT 0 is always open, since 636 * it's an alias for the current VT, and people can't use it here. 637 * We cannot return state for more than 16 VTs, since v_state is short. 638 */ 639 case VT_GETSTATE: 640 { 641 struct vt_stat __user *vtstat = up; 642 unsigned short state, mask; 643 644 /* Review: FIXME: Console lock ? */ 645 if (put_user(fg_console + 1, &vtstat->v_active)) 646 ret = -EFAULT; 647 else { 648 state = 1; /* /dev/tty0 is always open */ 649 for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask; 650 ++i, mask <<= 1) 651 if (VT_IS_IN_USE(i)) 652 state |= mask; 653 ret = put_user(state, &vtstat->v_state); 654 } 655 break; 656 } 657 658 /* 659 * Returns the first available (non-opened) console. 660 */ 661 case VT_OPENQRY: 662 /* FIXME: locking ? - but then this is a stupid API */ 663 for (i = 0; i < MAX_NR_CONSOLES; ++i) 664 if (! VT_IS_IN_USE(i)) 665 break; 666 uival = i < MAX_NR_CONSOLES ? (i+1) : -1; 667 goto setint; 668 669 /* 670 * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num, 671 * with num >= 1 (switches to vt 0, our console, are not allowed, just 672 * to preserve sanity). 673 */ 674 case VT_ACTIVATE: 675 if (!perm) 676 return -EPERM; 677 if (arg == 0 || arg > MAX_NR_CONSOLES) 678 ret = -ENXIO; 679 else { 680 arg--; 681 console_lock(); 682 ret = vc_allocate(arg); 683 console_unlock(); 684 if (ret) 685 break; 686 set_console(arg); 687 } 688 break; 689 690 case VT_SETACTIVATE: 691 { 692 struct vt_setactivate vsa; 693 694 if (!perm) 695 return -EPERM; 696 697 if (copy_from_user(&vsa, (struct vt_setactivate __user *)arg, 698 sizeof(struct vt_setactivate))) { 699 ret = -EFAULT; 700 goto out; 701 } 702 if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES) 703 ret = -ENXIO; 704 else { 705 vsa.console = array_index_nospec(vsa.console, 706 MAX_NR_CONSOLES + 1); 707 vsa.console--; 708 console_lock(); 709 ret = vc_allocate(vsa.console); 710 if (ret == 0) { 711 struct vc_data *nvc; 712 /* This is safe providing we don't drop the 713 console sem between vc_allocate and 714 finishing referencing nvc */ 715 nvc = vc_cons[vsa.console].d; 716 nvc->vt_mode = vsa.mode; 717 nvc->vt_mode.frsig = 0; 718 put_pid(nvc->vt_pid); 719 nvc->vt_pid = get_pid(task_pid(current)); 720 } 721 console_unlock(); 722 if (ret) 723 break; 724 /* Commence switch and lock */ 725 /* Review set_console locks */ 726 set_console(vsa.console); 727 } 728 break; 729 } 730 731 /* 732 * wait until the specified VT has been activated 733 */ 734 case VT_WAITACTIVE: 735 if (!perm) 736 return -EPERM; 737 if (arg == 0 || arg > MAX_NR_CONSOLES) 738 ret = -ENXIO; 739 else 740 ret = vt_waitactive(arg); 741 break; 742 743 /* 744 * If a vt is under process control, the kernel will not switch to it 745 * immediately, but postpone the operation until the process calls this 746 * ioctl, allowing the switch to complete. 747 * 748 * According to the X sources this is the behavior: 749 * 0: pending switch-from not OK 750 * 1: pending switch-from OK 751 * 2: completed switch-to OK 752 */ 753 case VT_RELDISP: 754 if (!perm) 755 return -EPERM; 756 757 console_lock(); 758 if (vc->vt_mode.mode != VT_PROCESS) { 759 console_unlock(); 760 ret = -EINVAL; 761 break; 762 } 763 /* 764 * Switching-from response 765 */ 766 if (vc->vt_newvt >= 0) { 767 if (arg == 0) 768 /* 769 * Switch disallowed, so forget we were trying 770 * to do it. 771 */ 772 vc->vt_newvt = -1; 773 774 else { 775 /* 776 * The current vt has been released, so 777 * complete the switch. 778 */ 779 int newvt; 780 newvt = vc->vt_newvt; 781 vc->vt_newvt = -1; 782 ret = vc_allocate(newvt); 783 if (ret) { 784 console_unlock(); 785 break; 786 } 787 /* 788 * When we actually do the console switch, 789 * make sure we are atomic with respect to 790 * other console switches.. 791 */ 792 complete_change_console(vc_cons[newvt].d); 793 } 794 } else { 795 /* 796 * Switched-to response 797 */ 798 /* 799 * If it's just an ACK, ignore it 800 */ 801 if (arg != VT_ACKACQ) 802 ret = -EINVAL; 803 } 804 console_unlock(); 805 break; 806 807 /* 808 * Disallocate memory associated to VT (but leave VT1) 809 */ 810 case VT_DISALLOCATE: 811 if (arg > MAX_NR_CONSOLES) { 812 ret = -ENXIO; 813 break; 814 } 815 if (arg == 0) 816 vt_disallocate_all(); 817 else 818 ret = vt_disallocate(--arg); 819 break; 820 821 case VT_RESIZE: 822 { 823 struct vt_sizes __user *vtsizes = up; 824 struct vc_data *vc; 825 826 ushort ll,cc; 827 if (!perm) 828 return -EPERM; 829 if (get_user(ll, &vtsizes->v_rows) || 830 get_user(cc, &vtsizes->v_cols)) 831 ret = -EFAULT; 832 else { 833 console_lock(); 834 for (i = 0; i < MAX_NR_CONSOLES; i++) { 835 vc = vc_cons[i].d; 836 837 if (vc) { 838 vc->vc_resize_user = 1; 839 /* FIXME: review v tty lock */ 840 vc_resize(vc_cons[i].d, cc, ll); 841 } 842 } 843 console_unlock(); 844 } 845 break; 846 } 847 848 case VT_RESIZEX: 849 { 850 struct vt_consize v; 851 if (!perm) 852 return -EPERM; 853 if (copy_from_user(&v, up, sizeof(struct vt_consize))) 854 return -EFAULT; 855 /* FIXME: Should check the copies properly */ 856 if (!v.v_vlin) 857 v.v_vlin = vc->vc_scan_lines; 858 if (v.v_clin) { 859 int rows = v.v_vlin/v.v_clin; 860 if (v.v_rows != rows) { 861 if (v.v_rows) /* Parameters don't add up */ 862 return -EINVAL; 863 v.v_rows = rows; 864 } 865 } 866 if (v.v_vcol && v.v_ccol) { 867 int cols = v.v_vcol/v.v_ccol; 868 if (v.v_cols != cols) { 869 if (v.v_cols) 870 return -EINVAL; 871 v.v_cols = cols; 872 } 873 } 874 875 if (v.v_clin > 32) 876 return -EINVAL; 877 878 for (i = 0; i < MAX_NR_CONSOLES; i++) { 879 if (!vc_cons[i].d) 880 continue; 881 console_lock(); 882 if (v.v_vlin) 883 vc_cons[i].d->vc_scan_lines = v.v_vlin; 884 if (v.v_clin) 885 vc_cons[i].d->vc_font.height = v.v_clin; 886 vc_cons[i].d->vc_resize_user = 1; 887 vc_resize(vc_cons[i].d, v.v_cols, v.v_rows); 888 console_unlock(); 889 } 890 break; 891 } 892 893 case PIO_FONT: { 894 if (!perm) 895 return -EPERM; 896 op.op = KD_FONT_OP_SET; 897 op.flags = KD_FONT_FLAG_OLD | KD_FONT_FLAG_DONT_RECALC; /* Compatibility */ 898 op.width = 8; 899 op.height = 0; 900 op.charcount = 256; 901 op.data = up; 902 ret = con_font_op(vc_cons[fg_console].d, &op); 903 break; 904 } 905 906 case GIO_FONT: { 907 op.op = KD_FONT_OP_GET; 908 op.flags = KD_FONT_FLAG_OLD; 909 op.width = 8; 910 op.height = 32; 911 op.charcount = 256; 912 op.data = up; 913 ret = con_font_op(vc_cons[fg_console].d, &op); 914 break; 915 } 916 917 case PIO_CMAP: 918 if (!perm) 919 ret = -EPERM; 920 else 921 ret = con_set_cmap(up); 922 break; 923 924 case GIO_CMAP: 925 ret = con_get_cmap(up); 926 break; 927 928 case PIO_FONTX: 929 case GIO_FONTX: 930 ret = do_fontx_ioctl(cmd, up, perm, &op); 931 break; 932 933 case PIO_FONTRESET: 934 { 935 if (!perm) 936 return -EPERM; 937 938 #ifdef BROKEN_GRAPHICS_PROGRAMS 939 /* With BROKEN_GRAPHICS_PROGRAMS defined, the default 940 font is not saved. */ 941 ret = -ENOSYS; 942 break; 943 #else 944 { 945 op.op = KD_FONT_OP_SET_DEFAULT; 946 op.data = NULL; 947 ret = con_font_op(vc_cons[fg_console].d, &op); 948 if (ret) 949 break; 950 console_lock(); 951 con_set_default_unimap(vc_cons[fg_console].d); 952 console_unlock(); 953 break; 954 } 955 #endif 956 } 957 958 case KDFONTOP: { 959 if (copy_from_user(&op, up, sizeof(op))) { 960 ret = -EFAULT; 961 break; 962 } 963 if (!perm && op.op != KD_FONT_OP_GET) 964 return -EPERM; 965 ret = con_font_op(vc, &op); 966 if (ret) 967 break; 968 if (copy_to_user(up, &op, sizeof(op))) 969 ret = -EFAULT; 970 break; 971 } 972 973 case PIO_SCRNMAP: 974 if (!perm) 975 ret = -EPERM; 976 else 977 ret = con_set_trans_old(up); 978 break; 979 980 case GIO_SCRNMAP: 981 ret = con_get_trans_old(up); 982 break; 983 984 case PIO_UNISCRNMAP: 985 if (!perm) 986 ret = -EPERM; 987 else 988 ret = con_set_trans_new(up); 989 break; 990 991 case GIO_UNISCRNMAP: 992 ret = con_get_trans_new(up); 993 break; 994 995 case PIO_UNIMAPCLR: 996 if (!perm) 997 return -EPERM; 998 con_clear_unimap(vc); 999 break; 1000 1001 case PIO_UNIMAP: 1002 case GIO_UNIMAP: 1003 ret = do_unimap_ioctl(cmd, up, perm, vc); 1004 break; 1005 1006 case VT_LOCKSWITCH: 1007 if (!capable(CAP_SYS_TTY_CONFIG)) 1008 return -EPERM; 1009 vt_dont_switch = 1; 1010 break; 1011 case VT_UNLOCKSWITCH: 1012 if (!capable(CAP_SYS_TTY_CONFIG)) 1013 return -EPERM; 1014 vt_dont_switch = 0; 1015 break; 1016 case VT_GETHIFONTMASK: 1017 ret = put_user(vc->vc_hi_font_mask, 1018 (unsigned short __user *)arg); 1019 break; 1020 case VT_WAITEVENT: 1021 ret = vt_event_wait_ioctl((struct vt_event __user *)arg); 1022 break; 1023 default: 1024 ret = -ENOIOCTLCMD; 1025 } 1026 out: 1027 return ret; 1028 } 1029 1030 void reset_vc(struct vc_data *vc) 1031 { 1032 vc->vc_mode = KD_TEXT; 1033 vt_reset_unicode(vc->vc_num); 1034 vc->vt_mode.mode = VT_AUTO; 1035 vc->vt_mode.waitv = 0; 1036 vc->vt_mode.relsig = 0; 1037 vc->vt_mode.acqsig = 0; 1038 vc->vt_mode.frsig = 0; 1039 put_pid(vc->vt_pid); 1040 vc->vt_pid = NULL; 1041 vc->vt_newvt = -1; 1042 if (!in_interrupt()) /* Via keyboard.c:SAK() - akpm */ 1043 reset_palette(vc); 1044 } 1045 1046 void vc_SAK(struct work_struct *work) 1047 { 1048 struct vc *vc_con = 1049 container_of(work, struct vc, SAK_work); 1050 struct vc_data *vc; 1051 struct tty_struct *tty; 1052 1053 console_lock(); 1054 vc = vc_con->d; 1055 if (vc) { 1056 /* FIXME: review tty ref counting */ 1057 tty = vc->port.tty; 1058 /* 1059 * SAK should also work in all raw modes and reset 1060 * them properly. 1061 */ 1062 if (tty) 1063 __do_SAK(tty); 1064 reset_vc(vc); 1065 } 1066 console_unlock(); 1067 } 1068 1069 #ifdef CONFIG_COMPAT 1070 1071 struct compat_consolefontdesc { 1072 unsigned short charcount; /* characters in font (256 or 512) */ 1073 unsigned short charheight; /* scan lines per character (1-32) */ 1074 compat_caddr_t chardata; /* font data in expanded form */ 1075 }; 1076 1077 static inline int 1078 compat_fontx_ioctl(int cmd, struct compat_consolefontdesc __user *user_cfd, 1079 int perm, struct console_font_op *op) 1080 { 1081 struct compat_consolefontdesc cfdarg; 1082 int i; 1083 1084 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct compat_consolefontdesc))) 1085 return -EFAULT; 1086 1087 switch (cmd) { 1088 case PIO_FONTX: 1089 if (!perm) 1090 return -EPERM; 1091 op->op = KD_FONT_OP_SET; 1092 op->flags = KD_FONT_FLAG_OLD; 1093 op->width = 8; 1094 op->height = cfdarg.charheight; 1095 op->charcount = cfdarg.charcount; 1096 op->data = compat_ptr(cfdarg.chardata); 1097 return con_font_op(vc_cons[fg_console].d, op); 1098 case GIO_FONTX: 1099 op->op = KD_FONT_OP_GET; 1100 op->flags = KD_FONT_FLAG_OLD; 1101 op->width = 8; 1102 op->height = cfdarg.charheight; 1103 op->charcount = cfdarg.charcount; 1104 op->data = compat_ptr(cfdarg.chardata); 1105 i = con_font_op(vc_cons[fg_console].d, op); 1106 if (i) 1107 return i; 1108 cfdarg.charheight = op->height; 1109 cfdarg.charcount = op->charcount; 1110 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct compat_consolefontdesc))) 1111 return -EFAULT; 1112 return 0; 1113 } 1114 return -EINVAL; 1115 } 1116 1117 struct compat_console_font_op { 1118 compat_uint_t op; /* operation code KD_FONT_OP_* */ 1119 compat_uint_t flags; /* KD_FONT_FLAG_* */ 1120 compat_uint_t width, height; /* font size */ 1121 compat_uint_t charcount; 1122 compat_caddr_t data; /* font data with height fixed to 32 */ 1123 }; 1124 1125 static inline int 1126 compat_kdfontop_ioctl(struct compat_console_font_op __user *fontop, 1127 int perm, struct console_font_op *op, struct vc_data *vc) 1128 { 1129 int i; 1130 1131 if (copy_from_user(op, fontop, sizeof(struct compat_console_font_op))) 1132 return -EFAULT; 1133 if (!perm && op->op != KD_FONT_OP_GET) 1134 return -EPERM; 1135 op->data = compat_ptr(((struct compat_console_font_op *)op)->data); 1136 i = con_font_op(vc, op); 1137 if (i) 1138 return i; 1139 ((struct compat_console_font_op *)op)->data = (unsigned long)op->data; 1140 if (copy_to_user(fontop, op, sizeof(struct compat_console_font_op))) 1141 return -EFAULT; 1142 return 0; 1143 } 1144 1145 struct compat_unimapdesc { 1146 unsigned short entry_ct; 1147 compat_caddr_t entries; 1148 }; 1149 1150 static inline int 1151 compat_unimap_ioctl(unsigned int cmd, struct compat_unimapdesc __user *user_ud, 1152 int perm, struct vc_data *vc) 1153 { 1154 struct compat_unimapdesc tmp; 1155 struct unipair __user *tmp_entries; 1156 1157 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 1158 return -EFAULT; 1159 tmp_entries = compat_ptr(tmp.entries); 1160 switch (cmd) { 1161 case PIO_UNIMAP: 1162 if (!perm) 1163 return -EPERM; 1164 return con_set_unimap(vc, tmp.entry_ct, tmp_entries); 1165 case GIO_UNIMAP: 1166 if (!perm && fg_console != vc->vc_num) 1167 return -EPERM; 1168 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp_entries); 1169 } 1170 return 0; 1171 } 1172 1173 long vt_compat_ioctl(struct tty_struct *tty, 1174 unsigned int cmd, unsigned long arg) 1175 { 1176 struct vc_data *vc = tty->driver_data; 1177 struct console_font_op op; /* used in multiple places here */ 1178 unsigned int console = vc->vc_num; 1179 void __user *up = compat_ptr(arg); 1180 int perm; 1181 1182 1183 if (!vc_cons_allocated(console)) /* impossible? */ 1184 return -ENOIOCTLCMD; 1185 1186 /* 1187 * To have permissions to do most of the vt ioctls, we either have 1188 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 1189 */ 1190 perm = 0; 1191 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 1192 perm = 1; 1193 1194 switch (cmd) { 1195 /* 1196 * these need special handlers for incompatible data structures 1197 */ 1198 case PIO_FONTX: 1199 case GIO_FONTX: 1200 return compat_fontx_ioctl(cmd, up, perm, &op); 1201 1202 case KDFONTOP: 1203 return compat_kdfontop_ioctl(up, perm, &op, vc); 1204 1205 case PIO_UNIMAP: 1206 case GIO_UNIMAP: 1207 return compat_unimap_ioctl(cmd, up, perm, vc); 1208 1209 /* 1210 * all these treat 'arg' as an integer 1211 */ 1212 case KIOCSOUND: 1213 case KDMKTONE: 1214 #ifdef CONFIG_X86 1215 case KDADDIO: 1216 case KDDELIO: 1217 #endif 1218 case KDSETMODE: 1219 case KDMAPDISP: 1220 case KDUNMAPDISP: 1221 case KDSKBMODE: 1222 case KDSKBMETA: 1223 case KDSKBLED: 1224 case KDSETLED: 1225 case KDSIGACCEPT: 1226 case VT_ACTIVATE: 1227 case VT_WAITACTIVE: 1228 case VT_RELDISP: 1229 case VT_DISALLOCATE: 1230 case VT_RESIZE: 1231 case VT_RESIZEX: 1232 return vt_ioctl(tty, cmd, arg); 1233 1234 /* 1235 * the rest has a compatible data structure behind arg, 1236 * but we have to convert it to a proper 64 bit pointer. 1237 */ 1238 default: 1239 return vt_ioctl(tty, cmd, (unsigned long)up); 1240 } 1241 } 1242 1243 1244 #endif /* CONFIG_COMPAT */ 1245 1246 1247 /* 1248 * Performs the back end of a vt switch. Called under the console 1249 * semaphore. 1250 */ 1251 static void complete_change_console(struct vc_data *vc) 1252 { 1253 unsigned char old_vc_mode; 1254 int old = fg_console; 1255 1256 last_console = fg_console; 1257 1258 /* 1259 * If we're switching, we could be going from KD_GRAPHICS to 1260 * KD_TEXT mode or vice versa, which means we need to blank or 1261 * unblank the screen later. 1262 */ 1263 old_vc_mode = vc_cons[fg_console].d->vc_mode; 1264 switch_screen(vc); 1265 1266 /* 1267 * This can't appear below a successful kill_pid(). If it did, 1268 * then the *blank_screen operation could occur while X, having 1269 * received acqsig, is waking up on another processor. This 1270 * condition can lead to overlapping accesses to the VGA range 1271 * and the framebuffer (causing system lockups). 1272 * 1273 * To account for this we duplicate this code below only if the 1274 * controlling process is gone and we've called reset_vc. 1275 */ 1276 if (old_vc_mode != vc->vc_mode) { 1277 if (vc->vc_mode == KD_TEXT) 1278 do_unblank_screen(1); 1279 else 1280 do_blank_screen(1); 1281 } 1282 1283 /* 1284 * If this new console is under process control, send it a signal 1285 * telling it that it has acquired. Also check if it has died and 1286 * clean up (similar to logic employed in change_console()) 1287 */ 1288 if (vc->vt_mode.mode == VT_PROCESS) { 1289 /* 1290 * Send the signal as privileged - kill_pid() will 1291 * tell us if the process has gone or something else 1292 * is awry 1293 */ 1294 if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) { 1295 /* 1296 * The controlling process has died, so we revert back to 1297 * normal operation. In this case, we'll also change back 1298 * to KD_TEXT mode. I'm not sure if this is strictly correct 1299 * but it saves the agony when the X server dies and the screen 1300 * remains blanked due to KD_GRAPHICS! It would be nice to do 1301 * this outside of VT_PROCESS but there is no single process 1302 * to account for and tracking tty count may be undesirable. 1303 */ 1304 reset_vc(vc); 1305 1306 if (old_vc_mode != vc->vc_mode) { 1307 if (vc->vc_mode == KD_TEXT) 1308 do_unblank_screen(1); 1309 else 1310 do_blank_screen(1); 1311 } 1312 } 1313 } 1314 1315 /* 1316 * Wake anyone waiting for their VT to activate 1317 */ 1318 vt_event_post(VT_EVENT_SWITCH, old, vc->vc_num); 1319 return; 1320 } 1321 1322 /* 1323 * Performs the front-end of a vt switch 1324 */ 1325 void change_console(struct vc_data *new_vc) 1326 { 1327 struct vc_data *vc; 1328 1329 if (!new_vc || new_vc->vc_num == fg_console || vt_dont_switch) 1330 return; 1331 1332 /* 1333 * If this vt is in process mode, then we need to handshake with 1334 * that process before switching. Essentially, we store where that 1335 * vt wants to switch to and wait for it to tell us when it's done 1336 * (via VT_RELDISP ioctl). 1337 * 1338 * We also check to see if the controlling process still exists. 1339 * If it doesn't, we reset this vt to auto mode and continue. 1340 * This is a cheap way to track process control. The worst thing 1341 * that can happen is: we send a signal to a process, it dies, and 1342 * the switch gets "lost" waiting for a response; hopefully, the 1343 * user will try again, we'll detect the process is gone (unless 1344 * the user waits just the right amount of time :-) and revert the 1345 * vt to auto control. 1346 */ 1347 vc = vc_cons[fg_console].d; 1348 if (vc->vt_mode.mode == VT_PROCESS) { 1349 /* 1350 * Send the signal as privileged - kill_pid() will 1351 * tell us if the process has gone or something else 1352 * is awry. 1353 * 1354 * We need to set vt_newvt *before* sending the signal or we 1355 * have a race. 1356 */ 1357 vc->vt_newvt = new_vc->vc_num; 1358 if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) { 1359 /* 1360 * It worked. Mark the vt to switch to and 1361 * return. The process needs to send us a 1362 * VT_RELDISP ioctl to complete the switch. 1363 */ 1364 return; 1365 } 1366 1367 /* 1368 * The controlling process has died, so we revert back to 1369 * normal operation. In this case, we'll also change back 1370 * to KD_TEXT mode. I'm not sure if this is strictly correct 1371 * but it saves the agony when the X server dies and the screen 1372 * remains blanked due to KD_GRAPHICS! It would be nice to do 1373 * this outside of VT_PROCESS but there is no single process 1374 * to account for and tracking tty count may be undesirable. 1375 */ 1376 reset_vc(vc); 1377 1378 /* 1379 * Fall through to normal (VT_AUTO) handling of the switch... 1380 */ 1381 } 1382 1383 /* 1384 * Ignore all switches in KD_GRAPHICS+VT_AUTO mode 1385 */ 1386 if (vc->vc_mode == KD_GRAPHICS) 1387 return; 1388 1389 complete_change_console(new_vc); 1390 } 1391 1392 /* Perform a kernel triggered VT switch for suspend/resume */ 1393 1394 static int disable_vt_switch; 1395 1396 int vt_move_to_console(unsigned int vt, int alloc) 1397 { 1398 int prev; 1399 1400 console_lock(); 1401 /* Graphics mode - up to X */ 1402 if (disable_vt_switch) { 1403 console_unlock(); 1404 return 0; 1405 } 1406 prev = fg_console; 1407 1408 if (alloc && vc_allocate(vt)) { 1409 /* we can't have a free VC for now. Too bad, 1410 * we don't want to mess the screen for now. */ 1411 console_unlock(); 1412 return -ENOSPC; 1413 } 1414 1415 if (set_console(vt)) { 1416 /* 1417 * We're unable to switch to the SUSPEND_CONSOLE. 1418 * Let the calling function know so it can decide 1419 * what to do. 1420 */ 1421 console_unlock(); 1422 return -EIO; 1423 } 1424 console_unlock(); 1425 if (vt_waitactive(vt + 1)) { 1426 pr_debug("Suspend: Can't switch VCs."); 1427 return -EINTR; 1428 } 1429 return prev; 1430 } 1431 1432 /* 1433 * Normally during a suspend, we allocate a new console and switch to it. 1434 * When we resume, we switch back to the original console. This switch 1435 * can be slow, so on systems where the framebuffer can handle restoration 1436 * of video registers anyways, there's little point in doing the console 1437 * switch. This function allows you to disable it by passing it '0'. 1438 */ 1439 void pm_set_vt_switch(int do_switch) 1440 { 1441 console_lock(); 1442 disable_vt_switch = !do_switch; 1443 console_unlock(); 1444 } 1445 EXPORT_SYMBOL(pm_set_vt_switch); 1446