1 /* 2 * Copyright (C) 1992 obz under the linux copyright 3 * 4 * Dynamic diacritical handling - aeb@cwi.nl - Dec 1993 5 * Dynamic keymap and string allocation - aeb@cwi.nl - May 1994 6 * Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995 7 * Some code moved for less code duplication - Andi Kleen - Mar 1997 8 * Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001 9 */ 10 11 #include <linux/types.h> 12 #include <linux/errno.h> 13 #include <linux/sched.h> 14 #include <linux/tty.h> 15 #include <linux/timer.h> 16 #include <linux/kernel.h> 17 #include <linux/compat.h> 18 #include <linux/module.h> 19 #include <linux/kd.h> 20 #include <linux/vt.h> 21 #include <linux/string.h> 22 #include <linux/slab.h> 23 #include <linux/major.h> 24 #include <linux/fs.h> 25 #include <linux/console.h> 26 #include <linux/consolemap.h> 27 #include <linux/signal.h> 28 #include <linux/suspend.h> 29 #include <linux/timex.h> 30 31 #include <asm/io.h> 32 #include <asm/uaccess.h> 33 34 #include <linux/kbd_kern.h> 35 #include <linux/vt_kern.h> 36 #include <linux/kbd_diacr.h> 37 #include <linux/selection.h> 38 39 char vt_dont_switch; 40 extern struct tty_driver *console_driver; 41 42 #define VT_IS_IN_USE(i) (console_driver->ttys[i] && console_driver->ttys[i]->count) 43 #define VT_BUSY(i) (VT_IS_IN_USE(i) || i == fg_console || vc_cons[i].d == sel_cons) 44 45 /* 46 * Console (vt and kd) routines, as defined by USL SVR4 manual, and by 47 * experimentation and study of X386 SYSV handling. 48 * 49 * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and 50 * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console, 51 * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will 52 * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to 53 * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using 54 * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing 55 * to the current console is done by the main ioctl code. 56 */ 57 58 #ifdef CONFIG_X86 59 #include <linux/syscalls.h> 60 #endif 61 62 static void complete_change_console(struct vc_data *vc); 63 64 /* 65 * User space VT_EVENT handlers 66 */ 67 68 struct vt_event_wait { 69 struct list_head list; 70 struct vt_event event; 71 int done; 72 }; 73 74 static LIST_HEAD(vt_events); 75 static DEFINE_SPINLOCK(vt_event_lock); 76 static DECLARE_WAIT_QUEUE_HEAD(vt_event_waitqueue); 77 78 /** 79 * vt_event_post 80 * @event: the event that occurred 81 * @old: old console 82 * @new: new console 83 * 84 * Post an VT event to interested VT handlers 85 */ 86 87 void vt_event_post(unsigned int event, unsigned int old, unsigned int new) 88 { 89 struct list_head *pos, *head; 90 unsigned long flags; 91 int wake = 0; 92 93 spin_lock_irqsave(&vt_event_lock, flags); 94 head = &vt_events; 95 96 list_for_each(pos, head) { 97 struct vt_event_wait *ve = list_entry(pos, 98 struct vt_event_wait, list); 99 if (!(ve->event.event & event)) 100 continue; 101 ve->event.event = event; 102 /* kernel view is consoles 0..n-1, user space view is 103 console 1..n with 0 meaning current, so we must bias */ 104 ve->event.oldev = old + 1; 105 ve->event.newev = new + 1; 106 wake = 1; 107 ve->done = 1; 108 } 109 spin_unlock_irqrestore(&vt_event_lock, flags); 110 if (wake) 111 wake_up_interruptible(&vt_event_waitqueue); 112 } 113 114 static void __vt_event_queue(struct vt_event_wait *vw) 115 { 116 unsigned long flags; 117 /* Prepare the event */ 118 INIT_LIST_HEAD(&vw->list); 119 vw->done = 0; 120 /* Queue our event */ 121 spin_lock_irqsave(&vt_event_lock, flags); 122 list_add(&vw->list, &vt_events); 123 spin_unlock_irqrestore(&vt_event_lock, flags); 124 } 125 126 static void __vt_event_wait(struct vt_event_wait *vw) 127 { 128 /* Wait for it to pass */ 129 wait_event_interruptible(vt_event_waitqueue, vw->done); 130 } 131 132 static void __vt_event_dequeue(struct vt_event_wait *vw) 133 { 134 unsigned long flags; 135 136 /* Dequeue it */ 137 spin_lock_irqsave(&vt_event_lock, flags); 138 list_del(&vw->list); 139 spin_unlock_irqrestore(&vt_event_lock, flags); 140 } 141 142 /** 143 * vt_event_wait - wait for an event 144 * @vw: our event 145 * 146 * Waits for an event to occur which completes our vt_event_wait 147 * structure. On return the structure has wv->done set to 1 for success 148 * or 0 if some event such as a signal ended the wait. 149 */ 150 151 static void vt_event_wait(struct vt_event_wait *vw) 152 { 153 __vt_event_queue(vw); 154 __vt_event_wait(vw); 155 __vt_event_dequeue(vw); 156 } 157 158 /** 159 * vt_event_wait_ioctl - event ioctl handler 160 * @arg: argument to ioctl 161 * 162 * Implement the VT_WAITEVENT ioctl using the VT event interface 163 */ 164 165 static int vt_event_wait_ioctl(struct vt_event __user *event) 166 { 167 struct vt_event_wait vw; 168 169 if (copy_from_user(&vw.event, event, sizeof(struct vt_event))) 170 return -EFAULT; 171 /* Highest supported event for now */ 172 if (vw.event.event & ~VT_MAX_EVENT) 173 return -EINVAL; 174 175 vt_event_wait(&vw); 176 /* If it occurred report it */ 177 if (vw.done) { 178 if (copy_to_user(event, &vw.event, sizeof(struct vt_event))) 179 return -EFAULT; 180 return 0; 181 } 182 return -EINTR; 183 } 184 185 /** 186 * vt_waitactive - active console wait 187 * @event: event code 188 * @n: new console 189 * 190 * Helper for event waits. Used to implement the legacy 191 * event waiting ioctls in terms of events 192 */ 193 194 int vt_waitactive(int n) 195 { 196 struct vt_event_wait vw; 197 do { 198 vw.event.event = VT_EVENT_SWITCH; 199 __vt_event_queue(&vw); 200 if (n == fg_console + 1) { 201 __vt_event_dequeue(&vw); 202 break; 203 } 204 __vt_event_wait(&vw); 205 __vt_event_dequeue(&vw); 206 if (vw.done == 0) 207 return -EINTR; 208 } while (vw.event.newev != n); 209 return 0; 210 } 211 212 /* 213 * these are the valid i/o ports we're allowed to change. they map all the 214 * video ports 215 */ 216 #define GPFIRST 0x3b4 217 #define GPLAST 0x3df 218 #define GPNUM (GPLAST - GPFIRST + 1) 219 220 221 222 static inline int 223 do_fontx_ioctl(int cmd, struct consolefontdesc __user *user_cfd, int perm, struct console_font_op *op) 224 { 225 struct consolefontdesc cfdarg; 226 int i; 227 228 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct consolefontdesc))) 229 return -EFAULT; 230 231 switch (cmd) { 232 case PIO_FONTX: 233 if (!perm) 234 return -EPERM; 235 op->op = KD_FONT_OP_SET; 236 op->flags = KD_FONT_FLAG_OLD; 237 op->width = 8; 238 op->height = cfdarg.charheight; 239 op->charcount = cfdarg.charcount; 240 op->data = cfdarg.chardata; 241 return con_font_op(vc_cons[fg_console].d, op); 242 case GIO_FONTX: { 243 op->op = KD_FONT_OP_GET; 244 op->flags = KD_FONT_FLAG_OLD; 245 op->width = 8; 246 op->height = cfdarg.charheight; 247 op->charcount = cfdarg.charcount; 248 op->data = cfdarg.chardata; 249 i = con_font_op(vc_cons[fg_console].d, op); 250 if (i) 251 return i; 252 cfdarg.charheight = op->height; 253 cfdarg.charcount = op->charcount; 254 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct consolefontdesc))) 255 return -EFAULT; 256 return 0; 257 } 258 } 259 return -EINVAL; 260 } 261 262 static inline int 263 do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud, int perm, struct vc_data *vc) 264 { 265 struct unimapdesc tmp; 266 267 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 268 return -EFAULT; 269 if (tmp.entries) 270 if (!access_ok(VERIFY_WRITE, tmp.entries, 271 tmp.entry_ct*sizeof(struct unipair))) 272 return -EFAULT; 273 switch (cmd) { 274 case PIO_UNIMAP: 275 if (!perm) 276 return -EPERM; 277 return con_set_unimap(vc, tmp.entry_ct, tmp.entries); 278 case GIO_UNIMAP: 279 if (!perm && fg_console != vc->vc_num) 280 return -EPERM; 281 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp.entries); 282 } 283 return 0; 284 } 285 286 /* deallocate a single console, if possible (leave 0) */ 287 static int vt_disallocate(unsigned int vc_num) 288 { 289 struct vc_data *vc = NULL; 290 int ret = 0; 291 292 if (!vc_num) 293 return 0; 294 295 console_lock(); 296 if (VT_BUSY(vc_num)) 297 ret = -EBUSY; 298 else 299 vc = vc_deallocate(vc_num); 300 console_unlock(); 301 302 if (vc && vc_num >= MIN_NR_CONSOLES) { 303 tty_port_destroy(&vc->port); 304 kfree(vc); 305 } 306 307 return ret; 308 } 309 310 /* deallocate all unused consoles, but leave 0 */ 311 static void vt_disallocate_all(void) 312 { 313 struct vc_data *vc[MAX_NR_CONSOLES]; 314 int i; 315 316 console_lock(); 317 for (i = 1; i < MAX_NR_CONSOLES; i++) 318 if (!VT_BUSY(i)) 319 vc[i] = vc_deallocate(i); 320 else 321 vc[i] = NULL; 322 console_unlock(); 323 324 for (i = 1; i < MAX_NR_CONSOLES; i++) { 325 if (vc[i] && i >= MIN_NR_CONSOLES) { 326 tty_port_destroy(&vc[i]->port); 327 kfree(vc[i]); 328 } 329 } 330 } 331 332 333 /* 334 * We handle the console-specific ioctl's here. We allow the 335 * capability to modify any console, not just the fg_console. 336 */ 337 int vt_ioctl(struct tty_struct *tty, 338 unsigned int cmd, unsigned long arg) 339 { 340 struct vc_data *vc = tty->driver_data; 341 struct console_font_op op; /* used in multiple places here */ 342 unsigned int console; 343 unsigned char ucval; 344 unsigned int uival; 345 void __user *up = (void __user *)arg; 346 int i, perm; 347 int ret = 0; 348 349 console = vc->vc_num; 350 351 352 if (!vc_cons_allocated(console)) { /* impossible? */ 353 ret = -ENOIOCTLCMD; 354 goto out; 355 } 356 357 358 /* 359 * To have permissions to do most of the vt ioctls, we either have 360 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 361 */ 362 perm = 0; 363 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 364 perm = 1; 365 366 switch (cmd) { 367 case TIOCLINUX: 368 ret = tioclinux(tty, arg); 369 break; 370 case KIOCSOUND: 371 if (!perm) 372 return -EPERM; 373 /* 374 * The use of PIT_TICK_RATE is historic, it used to be 375 * the platform-dependent CLOCK_TICK_RATE between 2.6.12 376 * and 2.6.36, which was a minor but unfortunate ABI 377 * change. kd_mksound is locked by the input layer. 378 */ 379 if (arg) 380 arg = PIT_TICK_RATE / arg; 381 kd_mksound(arg, 0); 382 break; 383 384 case KDMKTONE: 385 if (!perm) 386 return -EPERM; 387 { 388 unsigned int ticks, count; 389 390 /* 391 * Generate the tone for the appropriate number of ticks. 392 * If the time is zero, turn off sound ourselves. 393 */ 394 ticks = HZ * ((arg >> 16) & 0xffff) / 1000; 395 count = ticks ? (arg & 0xffff) : 0; 396 if (count) 397 count = PIT_TICK_RATE / count; 398 kd_mksound(count, ticks); 399 break; 400 } 401 402 case KDGKBTYPE: 403 /* 404 * this is naïve. 405 */ 406 ucval = KB_101; 407 ret = put_user(ucval, (char __user *)arg); 408 break; 409 410 /* 411 * These cannot be implemented on any machine that implements 412 * ioperm() in user level (such as Alpha PCs) or not at all. 413 * 414 * XXX: you should never use these, just call ioperm directly.. 415 */ 416 #ifdef CONFIG_X86 417 case KDADDIO: 418 case KDDELIO: 419 /* 420 * KDADDIO and KDDELIO may be able to add ports beyond what 421 * we reject here, but to be safe... 422 * 423 * These are locked internally via sys_ioperm 424 */ 425 if (arg < GPFIRST || arg > GPLAST) { 426 ret = -EINVAL; 427 break; 428 } 429 ret = sys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0; 430 break; 431 432 case KDENABIO: 433 case KDDISABIO: 434 ret = sys_ioperm(GPFIRST, GPNUM, 435 (cmd == KDENABIO)) ? -ENXIO : 0; 436 break; 437 #endif 438 439 /* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */ 440 441 case KDKBDREP: 442 { 443 struct kbd_repeat kbrep; 444 445 if (!capable(CAP_SYS_TTY_CONFIG)) 446 return -EPERM; 447 448 if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat))) { 449 ret = -EFAULT; 450 break; 451 } 452 ret = kbd_rate(&kbrep); 453 if (ret) 454 break; 455 if (copy_to_user(up, &kbrep, sizeof(struct kbd_repeat))) 456 ret = -EFAULT; 457 break; 458 } 459 460 case KDSETMODE: 461 /* 462 * currently, setting the mode from KD_TEXT to KD_GRAPHICS 463 * doesn't do a whole lot. i'm not sure if it should do any 464 * restoration of modes or what... 465 * 466 * XXX It should at least call into the driver, fbdev's definitely 467 * need to restore their engine state. --BenH 468 */ 469 if (!perm) 470 return -EPERM; 471 switch (arg) { 472 case KD_GRAPHICS: 473 break; 474 case KD_TEXT0: 475 case KD_TEXT1: 476 arg = KD_TEXT; 477 case KD_TEXT: 478 break; 479 default: 480 ret = -EINVAL; 481 goto out; 482 } 483 /* FIXME: this needs the console lock extending */ 484 if (vc->vc_mode == (unsigned char) arg) 485 break; 486 vc->vc_mode = (unsigned char) arg; 487 if (console != fg_console) 488 break; 489 /* 490 * explicitly blank/unblank the screen if switching modes 491 */ 492 console_lock(); 493 if (arg == KD_TEXT) 494 do_unblank_screen(1); 495 else 496 do_blank_screen(1); 497 console_unlock(); 498 break; 499 500 case KDGETMODE: 501 uival = vc->vc_mode; 502 goto setint; 503 504 case KDMAPDISP: 505 case KDUNMAPDISP: 506 /* 507 * these work like a combination of mmap and KDENABIO. 508 * this could be easily finished. 509 */ 510 ret = -EINVAL; 511 break; 512 513 case KDSKBMODE: 514 if (!perm) 515 return -EPERM; 516 ret = vt_do_kdskbmode(console, arg); 517 if (ret == 0) 518 tty_ldisc_flush(tty); 519 break; 520 521 case KDGKBMODE: 522 uival = vt_do_kdgkbmode(console); 523 ret = put_user(uival, (int __user *)arg); 524 break; 525 526 /* this could be folded into KDSKBMODE, but for compatibility 527 reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */ 528 case KDSKBMETA: 529 ret = vt_do_kdskbmeta(console, arg); 530 break; 531 532 case KDGKBMETA: 533 /* FIXME: should review whether this is worth locking */ 534 uival = vt_do_kdgkbmeta(console); 535 setint: 536 ret = put_user(uival, (int __user *)arg); 537 break; 538 539 case KDGETKEYCODE: 540 case KDSETKEYCODE: 541 if(!capable(CAP_SYS_TTY_CONFIG)) 542 perm = 0; 543 ret = vt_do_kbkeycode_ioctl(cmd, up, perm); 544 break; 545 546 case KDGKBENT: 547 case KDSKBENT: 548 ret = vt_do_kdsk_ioctl(cmd, up, perm, console); 549 break; 550 551 case KDGKBSENT: 552 case KDSKBSENT: 553 ret = vt_do_kdgkb_ioctl(cmd, up, perm); 554 break; 555 556 /* Diacritical processing. Handled in keyboard.c as it has 557 to operate on the keyboard locks and structures */ 558 case KDGKBDIACR: 559 case KDGKBDIACRUC: 560 case KDSKBDIACR: 561 case KDSKBDIACRUC: 562 ret = vt_do_diacrit(cmd, up, perm); 563 break; 564 565 /* the ioctls below read/set the flags usually shown in the leds */ 566 /* don't use them - they will go away without warning */ 567 case KDGKBLED: 568 case KDSKBLED: 569 case KDGETLED: 570 case KDSETLED: 571 ret = vt_do_kdskled(console, cmd, arg, perm); 572 break; 573 574 /* 575 * A process can indicate its willingness to accept signals 576 * generated by pressing an appropriate key combination. 577 * Thus, one can have a daemon that e.g. spawns a new console 578 * upon a keypress and then changes to it. 579 * See also the kbrequest field of inittab(5). 580 */ 581 case KDSIGACCEPT: 582 { 583 if (!perm || !capable(CAP_KILL)) 584 return -EPERM; 585 if (!valid_signal(arg) || arg < 1 || arg == SIGKILL) 586 ret = -EINVAL; 587 else { 588 spin_lock_irq(&vt_spawn_con.lock); 589 put_pid(vt_spawn_con.pid); 590 vt_spawn_con.pid = get_pid(task_pid(current)); 591 vt_spawn_con.sig = arg; 592 spin_unlock_irq(&vt_spawn_con.lock); 593 } 594 break; 595 } 596 597 case VT_SETMODE: 598 { 599 struct vt_mode tmp; 600 601 if (!perm) 602 return -EPERM; 603 if (copy_from_user(&tmp, up, sizeof(struct vt_mode))) { 604 ret = -EFAULT; 605 goto out; 606 } 607 if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS) { 608 ret = -EINVAL; 609 goto out; 610 } 611 console_lock(); 612 vc->vt_mode = tmp; 613 /* the frsig is ignored, so we set it to 0 */ 614 vc->vt_mode.frsig = 0; 615 put_pid(vc->vt_pid); 616 vc->vt_pid = get_pid(task_pid(current)); 617 /* no switch is required -- saw@shade.msu.ru */ 618 vc->vt_newvt = -1; 619 console_unlock(); 620 break; 621 } 622 623 case VT_GETMODE: 624 { 625 struct vt_mode tmp; 626 int rc; 627 628 console_lock(); 629 memcpy(&tmp, &vc->vt_mode, sizeof(struct vt_mode)); 630 console_unlock(); 631 632 rc = copy_to_user(up, &tmp, sizeof(struct vt_mode)); 633 if (rc) 634 ret = -EFAULT; 635 break; 636 } 637 638 /* 639 * Returns global vt state. Note that VT 0 is always open, since 640 * it's an alias for the current VT, and people can't use it here. 641 * We cannot return state for more than 16 VTs, since v_state is short. 642 */ 643 case VT_GETSTATE: 644 { 645 struct vt_stat __user *vtstat = up; 646 unsigned short state, mask; 647 648 /* Review: FIXME: Console lock ? */ 649 if (put_user(fg_console + 1, &vtstat->v_active)) 650 ret = -EFAULT; 651 else { 652 state = 1; /* /dev/tty0 is always open */ 653 for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask; 654 ++i, mask <<= 1) 655 if (VT_IS_IN_USE(i)) 656 state |= mask; 657 ret = put_user(state, &vtstat->v_state); 658 } 659 break; 660 } 661 662 /* 663 * Returns the first available (non-opened) console. 664 */ 665 case VT_OPENQRY: 666 /* FIXME: locking ? - but then this is a stupid API */ 667 for (i = 0; i < MAX_NR_CONSOLES; ++i) 668 if (! VT_IS_IN_USE(i)) 669 break; 670 uival = i < MAX_NR_CONSOLES ? (i+1) : -1; 671 goto setint; 672 673 /* 674 * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num, 675 * with num >= 1 (switches to vt 0, our console, are not allowed, just 676 * to preserve sanity). 677 */ 678 case VT_ACTIVATE: 679 if (!perm) 680 return -EPERM; 681 if (arg == 0 || arg > MAX_NR_CONSOLES) 682 ret = -ENXIO; 683 else { 684 arg--; 685 console_lock(); 686 ret = vc_allocate(arg); 687 console_unlock(); 688 if (ret) 689 break; 690 set_console(arg); 691 } 692 break; 693 694 case VT_SETACTIVATE: 695 { 696 struct vt_setactivate vsa; 697 698 if (!perm) 699 return -EPERM; 700 701 if (copy_from_user(&vsa, (struct vt_setactivate __user *)arg, 702 sizeof(struct vt_setactivate))) { 703 ret = -EFAULT; 704 goto out; 705 } 706 if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES) 707 ret = -ENXIO; 708 else { 709 vsa.console--; 710 console_lock(); 711 ret = vc_allocate(vsa.console); 712 if (ret == 0) { 713 struct vc_data *nvc; 714 /* This is safe providing we don't drop the 715 console sem between vc_allocate and 716 finishing referencing nvc */ 717 nvc = vc_cons[vsa.console].d; 718 nvc->vt_mode = vsa.mode; 719 nvc->vt_mode.frsig = 0; 720 put_pid(nvc->vt_pid); 721 nvc->vt_pid = get_pid(task_pid(current)); 722 } 723 console_unlock(); 724 if (ret) 725 break; 726 /* Commence switch and lock */ 727 /* Review set_console locks */ 728 set_console(vsa.console); 729 } 730 break; 731 } 732 733 /* 734 * wait until the specified VT has been activated 735 */ 736 case VT_WAITACTIVE: 737 if (!perm) 738 return -EPERM; 739 if (arg == 0 || arg > MAX_NR_CONSOLES) 740 ret = -ENXIO; 741 else 742 ret = vt_waitactive(arg); 743 break; 744 745 /* 746 * If a vt is under process control, the kernel will not switch to it 747 * immediately, but postpone the operation until the process calls this 748 * ioctl, allowing the switch to complete. 749 * 750 * According to the X sources this is the behavior: 751 * 0: pending switch-from not OK 752 * 1: pending switch-from OK 753 * 2: completed switch-to OK 754 */ 755 case VT_RELDISP: 756 if (!perm) 757 return -EPERM; 758 759 console_lock(); 760 if (vc->vt_mode.mode != VT_PROCESS) { 761 console_unlock(); 762 ret = -EINVAL; 763 break; 764 } 765 /* 766 * Switching-from response 767 */ 768 if (vc->vt_newvt >= 0) { 769 if (arg == 0) 770 /* 771 * Switch disallowed, so forget we were trying 772 * to do it. 773 */ 774 vc->vt_newvt = -1; 775 776 else { 777 /* 778 * The current vt has been released, so 779 * complete the switch. 780 */ 781 int newvt; 782 newvt = vc->vt_newvt; 783 vc->vt_newvt = -1; 784 ret = vc_allocate(newvt); 785 if (ret) { 786 console_unlock(); 787 break; 788 } 789 /* 790 * When we actually do the console switch, 791 * make sure we are atomic with respect to 792 * other console switches.. 793 */ 794 complete_change_console(vc_cons[newvt].d); 795 } 796 } else { 797 /* 798 * Switched-to response 799 */ 800 /* 801 * If it's just an ACK, ignore it 802 */ 803 if (arg != VT_ACKACQ) 804 ret = -EINVAL; 805 } 806 console_unlock(); 807 break; 808 809 /* 810 * Disallocate memory associated to VT (but leave VT1) 811 */ 812 case VT_DISALLOCATE: 813 if (arg > MAX_NR_CONSOLES) { 814 ret = -ENXIO; 815 break; 816 } 817 if (arg == 0) 818 vt_disallocate_all(); 819 else 820 ret = vt_disallocate(--arg); 821 break; 822 823 case VT_RESIZE: 824 { 825 struct vt_sizes __user *vtsizes = up; 826 struct vc_data *vc; 827 828 ushort ll,cc; 829 if (!perm) 830 return -EPERM; 831 if (get_user(ll, &vtsizes->v_rows) || 832 get_user(cc, &vtsizes->v_cols)) 833 ret = -EFAULT; 834 else { 835 console_lock(); 836 for (i = 0; i < MAX_NR_CONSOLES; i++) { 837 vc = vc_cons[i].d; 838 839 if (vc) { 840 vc->vc_resize_user = 1; 841 /* FIXME: review v tty lock */ 842 vc_resize(vc_cons[i].d, cc, ll); 843 } 844 } 845 console_unlock(); 846 } 847 break; 848 } 849 850 case VT_RESIZEX: 851 { 852 struct vt_consize __user *vtconsize = up; 853 ushort ll,cc,vlin,clin,vcol,ccol; 854 if (!perm) 855 return -EPERM; 856 if (!access_ok(VERIFY_READ, vtconsize, 857 sizeof(struct vt_consize))) { 858 ret = -EFAULT; 859 break; 860 } 861 /* FIXME: Should check the copies properly */ 862 __get_user(ll, &vtconsize->v_rows); 863 __get_user(cc, &vtconsize->v_cols); 864 __get_user(vlin, &vtconsize->v_vlin); 865 __get_user(clin, &vtconsize->v_clin); 866 __get_user(vcol, &vtconsize->v_vcol); 867 __get_user(ccol, &vtconsize->v_ccol); 868 vlin = vlin ? vlin : vc->vc_scan_lines; 869 if (clin) { 870 if (ll) { 871 if (ll != vlin/clin) { 872 /* Parameters don't add up */ 873 ret = -EINVAL; 874 break; 875 } 876 } else 877 ll = vlin/clin; 878 } 879 if (vcol && ccol) { 880 if (cc) { 881 if (cc != vcol/ccol) { 882 ret = -EINVAL; 883 break; 884 } 885 } else 886 cc = vcol/ccol; 887 } 888 889 if (clin > 32) { 890 ret = -EINVAL; 891 break; 892 } 893 894 for (i = 0; i < MAX_NR_CONSOLES; i++) { 895 if (!vc_cons[i].d) 896 continue; 897 console_lock(); 898 if (vlin) 899 vc_cons[i].d->vc_scan_lines = vlin; 900 if (clin) 901 vc_cons[i].d->vc_font.height = clin; 902 vc_cons[i].d->vc_resize_user = 1; 903 vc_resize(vc_cons[i].d, cc, ll); 904 console_unlock(); 905 } 906 break; 907 } 908 909 case PIO_FONT: { 910 if (!perm) 911 return -EPERM; 912 op.op = KD_FONT_OP_SET; 913 op.flags = KD_FONT_FLAG_OLD | KD_FONT_FLAG_DONT_RECALC; /* Compatibility */ 914 op.width = 8; 915 op.height = 0; 916 op.charcount = 256; 917 op.data = up; 918 ret = con_font_op(vc_cons[fg_console].d, &op); 919 break; 920 } 921 922 case GIO_FONT: { 923 op.op = KD_FONT_OP_GET; 924 op.flags = KD_FONT_FLAG_OLD; 925 op.width = 8; 926 op.height = 32; 927 op.charcount = 256; 928 op.data = up; 929 ret = con_font_op(vc_cons[fg_console].d, &op); 930 break; 931 } 932 933 case PIO_CMAP: 934 if (!perm) 935 ret = -EPERM; 936 else 937 ret = con_set_cmap(up); 938 break; 939 940 case GIO_CMAP: 941 ret = con_get_cmap(up); 942 break; 943 944 case PIO_FONTX: 945 case GIO_FONTX: 946 ret = do_fontx_ioctl(cmd, up, perm, &op); 947 break; 948 949 case PIO_FONTRESET: 950 { 951 if (!perm) 952 return -EPERM; 953 954 #ifdef BROKEN_GRAPHICS_PROGRAMS 955 /* With BROKEN_GRAPHICS_PROGRAMS defined, the default 956 font is not saved. */ 957 ret = -ENOSYS; 958 break; 959 #else 960 { 961 op.op = KD_FONT_OP_SET_DEFAULT; 962 op.data = NULL; 963 ret = con_font_op(vc_cons[fg_console].d, &op); 964 if (ret) 965 break; 966 console_lock(); 967 con_set_default_unimap(vc_cons[fg_console].d); 968 console_unlock(); 969 break; 970 } 971 #endif 972 } 973 974 case KDFONTOP: { 975 if (copy_from_user(&op, up, sizeof(op))) { 976 ret = -EFAULT; 977 break; 978 } 979 if (!perm && op.op != KD_FONT_OP_GET) 980 return -EPERM; 981 ret = con_font_op(vc, &op); 982 if (ret) 983 break; 984 if (copy_to_user(up, &op, sizeof(op))) 985 ret = -EFAULT; 986 break; 987 } 988 989 case PIO_SCRNMAP: 990 if (!perm) 991 ret = -EPERM; 992 else 993 ret = con_set_trans_old(up); 994 break; 995 996 case GIO_SCRNMAP: 997 ret = con_get_trans_old(up); 998 break; 999 1000 case PIO_UNISCRNMAP: 1001 if (!perm) 1002 ret = -EPERM; 1003 else 1004 ret = con_set_trans_new(up); 1005 break; 1006 1007 case GIO_UNISCRNMAP: 1008 ret = con_get_trans_new(up); 1009 break; 1010 1011 case PIO_UNIMAPCLR: 1012 { struct unimapinit ui; 1013 if (!perm) 1014 return -EPERM; 1015 ret = copy_from_user(&ui, up, sizeof(struct unimapinit)); 1016 if (ret) 1017 ret = -EFAULT; 1018 else 1019 con_clear_unimap(vc, &ui); 1020 break; 1021 } 1022 1023 case PIO_UNIMAP: 1024 case GIO_UNIMAP: 1025 ret = do_unimap_ioctl(cmd, up, perm, vc); 1026 break; 1027 1028 case VT_LOCKSWITCH: 1029 if (!capable(CAP_SYS_TTY_CONFIG)) 1030 return -EPERM; 1031 vt_dont_switch = 1; 1032 break; 1033 case VT_UNLOCKSWITCH: 1034 if (!capable(CAP_SYS_TTY_CONFIG)) 1035 return -EPERM; 1036 vt_dont_switch = 0; 1037 break; 1038 case VT_GETHIFONTMASK: 1039 ret = put_user(vc->vc_hi_font_mask, 1040 (unsigned short __user *)arg); 1041 break; 1042 case VT_WAITEVENT: 1043 ret = vt_event_wait_ioctl((struct vt_event __user *)arg); 1044 break; 1045 default: 1046 ret = -ENOIOCTLCMD; 1047 } 1048 out: 1049 return ret; 1050 } 1051 1052 void reset_vc(struct vc_data *vc) 1053 { 1054 vc->vc_mode = KD_TEXT; 1055 vt_reset_unicode(vc->vc_num); 1056 vc->vt_mode.mode = VT_AUTO; 1057 vc->vt_mode.waitv = 0; 1058 vc->vt_mode.relsig = 0; 1059 vc->vt_mode.acqsig = 0; 1060 vc->vt_mode.frsig = 0; 1061 put_pid(vc->vt_pid); 1062 vc->vt_pid = NULL; 1063 vc->vt_newvt = -1; 1064 if (!in_interrupt()) /* Via keyboard.c:SAK() - akpm */ 1065 reset_palette(vc); 1066 } 1067 1068 void vc_SAK(struct work_struct *work) 1069 { 1070 struct vc *vc_con = 1071 container_of(work, struct vc, SAK_work); 1072 struct vc_data *vc; 1073 struct tty_struct *tty; 1074 1075 console_lock(); 1076 vc = vc_con->d; 1077 if (vc) { 1078 /* FIXME: review tty ref counting */ 1079 tty = vc->port.tty; 1080 /* 1081 * SAK should also work in all raw modes and reset 1082 * them properly. 1083 */ 1084 if (tty) 1085 __do_SAK(tty); 1086 reset_vc(vc); 1087 } 1088 console_unlock(); 1089 } 1090 1091 #ifdef CONFIG_COMPAT 1092 1093 struct compat_consolefontdesc { 1094 unsigned short charcount; /* characters in font (256 or 512) */ 1095 unsigned short charheight; /* scan lines per character (1-32) */ 1096 compat_caddr_t chardata; /* font data in expanded form */ 1097 }; 1098 1099 static inline int 1100 compat_fontx_ioctl(int cmd, struct compat_consolefontdesc __user *user_cfd, 1101 int perm, struct console_font_op *op) 1102 { 1103 struct compat_consolefontdesc cfdarg; 1104 int i; 1105 1106 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct compat_consolefontdesc))) 1107 return -EFAULT; 1108 1109 switch (cmd) { 1110 case PIO_FONTX: 1111 if (!perm) 1112 return -EPERM; 1113 op->op = KD_FONT_OP_SET; 1114 op->flags = KD_FONT_FLAG_OLD; 1115 op->width = 8; 1116 op->height = cfdarg.charheight; 1117 op->charcount = cfdarg.charcount; 1118 op->data = compat_ptr(cfdarg.chardata); 1119 return con_font_op(vc_cons[fg_console].d, op); 1120 case GIO_FONTX: 1121 op->op = KD_FONT_OP_GET; 1122 op->flags = KD_FONT_FLAG_OLD; 1123 op->width = 8; 1124 op->height = cfdarg.charheight; 1125 op->charcount = cfdarg.charcount; 1126 op->data = compat_ptr(cfdarg.chardata); 1127 i = con_font_op(vc_cons[fg_console].d, op); 1128 if (i) 1129 return i; 1130 cfdarg.charheight = op->height; 1131 cfdarg.charcount = op->charcount; 1132 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct compat_consolefontdesc))) 1133 return -EFAULT; 1134 return 0; 1135 } 1136 return -EINVAL; 1137 } 1138 1139 struct compat_console_font_op { 1140 compat_uint_t op; /* operation code KD_FONT_OP_* */ 1141 compat_uint_t flags; /* KD_FONT_FLAG_* */ 1142 compat_uint_t width, height; /* font size */ 1143 compat_uint_t charcount; 1144 compat_caddr_t data; /* font data with height fixed to 32 */ 1145 }; 1146 1147 static inline int 1148 compat_kdfontop_ioctl(struct compat_console_font_op __user *fontop, 1149 int perm, struct console_font_op *op, struct vc_data *vc) 1150 { 1151 int i; 1152 1153 if (copy_from_user(op, fontop, sizeof(struct compat_console_font_op))) 1154 return -EFAULT; 1155 if (!perm && op->op != KD_FONT_OP_GET) 1156 return -EPERM; 1157 op->data = compat_ptr(((struct compat_console_font_op *)op)->data); 1158 i = con_font_op(vc, op); 1159 if (i) 1160 return i; 1161 ((struct compat_console_font_op *)op)->data = (unsigned long)op->data; 1162 if (copy_to_user(fontop, op, sizeof(struct compat_console_font_op))) 1163 return -EFAULT; 1164 return 0; 1165 } 1166 1167 struct compat_unimapdesc { 1168 unsigned short entry_ct; 1169 compat_caddr_t entries; 1170 }; 1171 1172 static inline int 1173 compat_unimap_ioctl(unsigned int cmd, struct compat_unimapdesc __user *user_ud, 1174 int perm, struct vc_data *vc) 1175 { 1176 struct compat_unimapdesc tmp; 1177 struct unipair __user *tmp_entries; 1178 1179 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 1180 return -EFAULT; 1181 tmp_entries = compat_ptr(tmp.entries); 1182 if (tmp_entries) 1183 if (!access_ok(VERIFY_WRITE, tmp_entries, 1184 tmp.entry_ct*sizeof(struct unipair))) 1185 return -EFAULT; 1186 switch (cmd) { 1187 case PIO_UNIMAP: 1188 if (!perm) 1189 return -EPERM; 1190 return con_set_unimap(vc, tmp.entry_ct, tmp_entries); 1191 case GIO_UNIMAP: 1192 if (!perm && fg_console != vc->vc_num) 1193 return -EPERM; 1194 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp_entries); 1195 } 1196 return 0; 1197 } 1198 1199 long vt_compat_ioctl(struct tty_struct *tty, 1200 unsigned int cmd, unsigned long arg) 1201 { 1202 struct vc_data *vc = tty->driver_data; 1203 struct console_font_op op; /* used in multiple places here */ 1204 unsigned int console; 1205 void __user *up = (void __user *)arg; 1206 int perm; 1207 int ret = 0; 1208 1209 console = vc->vc_num; 1210 1211 if (!vc_cons_allocated(console)) { /* impossible? */ 1212 ret = -ENOIOCTLCMD; 1213 goto out; 1214 } 1215 1216 /* 1217 * To have permissions to do most of the vt ioctls, we either have 1218 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 1219 */ 1220 perm = 0; 1221 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 1222 perm = 1; 1223 1224 switch (cmd) { 1225 /* 1226 * these need special handlers for incompatible data structures 1227 */ 1228 case PIO_FONTX: 1229 case GIO_FONTX: 1230 ret = compat_fontx_ioctl(cmd, up, perm, &op); 1231 break; 1232 1233 case KDFONTOP: 1234 ret = compat_kdfontop_ioctl(up, perm, &op, vc); 1235 break; 1236 1237 case PIO_UNIMAP: 1238 case GIO_UNIMAP: 1239 ret = compat_unimap_ioctl(cmd, up, perm, vc); 1240 break; 1241 1242 /* 1243 * all these treat 'arg' as an integer 1244 */ 1245 case KIOCSOUND: 1246 case KDMKTONE: 1247 #ifdef CONFIG_X86 1248 case KDADDIO: 1249 case KDDELIO: 1250 #endif 1251 case KDSETMODE: 1252 case KDMAPDISP: 1253 case KDUNMAPDISP: 1254 case KDSKBMODE: 1255 case KDSKBMETA: 1256 case KDSKBLED: 1257 case KDSETLED: 1258 case KDSIGACCEPT: 1259 case VT_ACTIVATE: 1260 case VT_WAITACTIVE: 1261 case VT_RELDISP: 1262 case VT_DISALLOCATE: 1263 case VT_RESIZE: 1264 case VT_RESIZEX: 1265 goto fallback; 1266 1267 /* 1268 * the rest has a compatible data structure behind arg, 1269 * but we have to convert it to a proper 64 bit pointer. 1270 */ 1271 default: 1272 arg = (unsigned long)compat_ptr(arg); 1273 goto fallback; 1274 } 1275 out: 1276 return ret; 1277 1278 fallback: 1279 return vt_ioctl(tty, cmd, arg); 1280 } 1281 1282 1283 #endif /* CONFIG_COMPAT */ 1284 1285 1286 /* 1287 * Performs the back end of a vt switch. Called under the console 1288 * semaphore. 1289 */ 1290 static void complete_change_console(struct vc_data *vc) 1291 { 1292 unsigned char old_vc_mode; 1293 int old = fg_console; 1294 1295 last_console = fg_console; 1296 1297 /* 1298 * If we're switching, we could be going from KD_GRAPHICS to 1299 * KD_TEXT mode or vice versa, which means we need to blank or 1300 * unblank the screen later. 1301 */ 1302 old_vc_mode = vc_cons[fg_console].d->vc_mode; 1303 switch_screen(vc); 1304 1305 /* 1306 * This can't appear below a successful kill_pid(). If it did, 1307 * then the *blank_screen operation could occur while X, having 1308 * received acqsig, is waking up on another processor. This 1309 * condition can lead to overlapping accesses to the VGA range 1310 * and the framebuffer (causing system lockups). 1311 * 1312 * To account for this we duplicate this code below only if the 1313 * controlling process is gone and we've called reset_vc. 1314 */ 1315 if (old_vc_mode != vc->vc_mode) { 1316 if (vc->vc_mode == KD_TEXT) 1317 do_unblank_screen(1); 1318 else 1319 do_blank_screen(1); 1320 } 1321 1322 /* 1323 * If this new console is under process control, send it a signal 1324 * telling it that it has acquired. Also check if it has died and 1325 * clean up (similar to logic employed in change_console()) 1326 */ 1327 if (vc->vt_mode.mode == VT_PROCESS) { 1328 /* 1329 * Send the signal as privileged - kill_pid() will 1330 * tell us if the process has gone or something else 1331 * is awry 1332 */ 1333 if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) { 1334 /* 1335 * The controlling process has died, so we revert back to 1336 * normal operation. In this case, we'll also change back 1337 * to KD_TEXT mode. I'm not sure if this is strictly correct 1338 * but it saves the agony when the X server dies and the screen 1339 * remains blanked due to KD_GRAPHICS! It would be nice to do 1340 * this outside of VT_PROCESS but there is no single process 1341 * to account for and tracking tty count may be undesirable. 1342 */ 1343 reset_vc(vc); 1344 1345 if (old_vc_mode != vc->vc_mode) { 1346 if (vc->vc_mode == KD_TEXT) 1347 do_unblank_screen(1); 1348 else 1349 do_blank_screen(1); 1350 } 1351 } 1352 } 1353 1354 /* 1355 * Wake anyone waiting for their VT to activate 1356 */ 1357 vt_event_post(VT_EVENT_SWITCH, old, vc->vc_num); 1358 return; 1359 } 1360 1361 /* 1362 * Performs the front-end of a vt switch 1363 */ 1364 void change_console(struct vc_data *new_vc) 1365 { 1366 struct vc_data *vc; 1367 1368 if (!new_vc || new_vc->vc_num == fg_console || vt_dont_switch) 1369 return; 1370 1371 /* 1372 * If this vt is in process mode, then we need to handshake with 1373 * that process before switching. Essentially, we store where that 1374 * vt wants to switch to and wait for it to tell us when it's done 1375 * (via VT_RELDISP ioctl). 1376 * 1377 * We also check to see if the controlling process still exists. 1378 * If it doesn't, we reset this vt to auto mode and continue. 1379 * This is a cheap way to track process control. The worst thing 1380 * that can happen is: we send a signal to a process, it dies, and 1381 * the switch gets "lost" waiting for a response; hopefully, the 1382 * user will try again, we'll detect the process is gone (unless 1383 * the user waits just the right amount of time :-) and revert the 1384 * vt to auto control. 1385 */ 1386 vc = vc_cons[fg_console].d; 1387 if (vc->vt_mode.mode == VT_PROCESS) { 1388 /* 1389 * Send the signal as privileged - kill_pid() will 1390 * tell us if the process has gone or something else 1391 * is awry. 1392 * 1393 * We need to set vt_newvt *before* sending the signal or we 1394 * have a race. 1395 */ 1396 vc->vt_newvt = new_vc->vc_num; 1397 if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) { 1398 /* 1399 * It worked. Mark the vt to switch to and 1400 * return. The process needs to send us a 1401 * VT_RELDISP ioctl to complete the switch. 1402 */ 1403 return; 1404 } 1405 1406 /* 1407 * The controlling process has died, so we revert back to 1408 * normal operation. In this case, we'll also change back 1409 * to KD_TEXT mode. I'm not sure if this is strictly correct 1410 * but it saves the agony when the X server dies and the screen 1411 * remains blanked due to KD_GRAPHICS! It would be nice to do 1412 * this outside of VT_PROCESS but there is no single process 1413 * to account for and tracking tty count may be undesirable. 1414 */ 1415 reset_vc(vc); 1416 1417 /* 1418 * Fall through to normal (VT_AUTO) handling of the switch... 1419 */ 1420 } 1421 1422 /* 1423 * Ignore all switches in KD_GRAPHICS+VT_AUTO mode 1424 */ 1425 if (vc->vc_mode == KD_GRAPHICS) 1426 return; 1427 1428 complete_change_console(new_vc); 1429 } 1430 1431 /* Perform a kernel triggered VT switch for suspend/resume */ 1432 1433 static int disable_vt_switch; 1434 1435 int vt_move_to_console(unsigned int vt, int alloc) 1436 { 1437 int prev; 1438 1439 console_lock(); 1440 /* Graphics mode - up to X */ 1441 if (disable_vt_switch) { 1442 console_unlock(); 1443 return 0; 1444 } 1445 prev = fg_console; 1446 1447 if (alloc && vc_allocate(vt)) { 1448 /* we can't have a free VC for now. Too bad, 1449 * we don't want to mess the screen for now. */ 1450 console_unlock(); 1451 return -ENOSPC; 1452 } 1453 1454 if (set_console(vt)) { 1455 /* 1456 * We're unable to switch to the SUSPEND_CONSOLE. 1457 * Let the calling function know so it can decide 1458 * what to do. 1459 */ 1460 console_unlock(); 1461 return -EIO; 1462 } 1463 console_unlock(); 1464 if (vt_waitactive(vt + 1)) { 1465 pr_debug("Suspend: Can't switch VCs."); 1466 return -EINTR; 1467 } 1468 return prev; 1469 } 1470 1471 /* 1472 * Normally during a suspend, we allocate a new console and switch to it. 1473 * When we resume, we switch back to the original console. This switch 1474 * can be slow, so on systems where the framebuffer can handle restoration 1475 * of video registers anyways, there's little point in doing the console 1476 * switch. This function allows you to disable it by passing it '0'. 1477 */ 1478 void pm_set_vt_switch(int do_switch) 1479 { 1480 console_lock(); 1481 disable_vt_switch = !do_switch; 1482 console_unlock(); 1483 } 1484 EXPORT_SYMBOL(pm_set_vt_switch); 1485