1 /* 2 * Copyright (C) 1992 obz under the linux copyright 3 * 4 * Dynamic diacritical handling - aeb@cwi.nl - Dec 1993 5 * Dynamic keymap and string allocation - aeb@cwi.nl - May 1994 6 * Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995 7 * Some code moved for less code duplication - Andi Kleen - Mar 1997 8 * Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001 9 */ 10 11 #include <linux/types.h> 12 #include <linux/errno.h> 13 #include <linux/sched/signal.h> 14 #include <linux/tty.h> 15 #include <linux/timer.h> 16 #include <linux/kernel.h> 17 #include <linux/compat.h> 18 #include <linux/module.h> 19 #include <linux/kd.h> 20 #include <linux/vt.h> 21 #include <linux/string.h> 22 #include <linux/slab.h> 23 #include <linux/major.h> 24 #include <linux/fs.h> 25 #include <linux/console.h> 26 #include <linux/consolemap.h> 27 #include <linux/signal.h> 28 #include <linux/suspend.h> 29 #include <linux/timex.h> 30 31 #include <asm/io.h> 32 #include <linux/uaccess.h> 33 34 #include <linux/kbd_kern.h> 35 #include <linux/vt_kern.h> 36 #include <linux/kbd_diacr.h> 37 #include <linux/selection.h> 38 39 char vt_dont_switch; 40 extern struct tty_driver *console_driver; 41 42 #define VT_IS_IN_USE(i) (console_driver->ttys[i] && console_driver->ttys[i]->count) 43 #define VT_BUSY(i) (VT_IS_IN_USE(i) || i == fg_console || vc_cons[i].d == sel_cons) 44 45 /* 46 * Console (vt and kd) routines, as defined by USL SVR4 manual, and by 47 * experimentation and study of X386 SYSV handling. 48 * 49 * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and 50 * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console, 51 * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will 52 * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to 53 * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using 54 * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing 55 * to the current console is done by the main ioctl code. 56 */ 57 58 #ifdef CONFIG_X86 59 #include <linux/syscalls.h> 60 #endif 61 62 static void complete_change_console(struct vc_data *vc); 63 64 /* 65 * User space VT_EVENT handlers 66 */ 67 68 struct vt_event_wait { 69 struct list_head list; 70 struct vt_event event; 71 int done; 72 }; 73 74 static LIST_HEAD(vt_events); 75 static DEFINE_SPINLOCK(vt_event_lock); 76 static DECLARE_WAIT_QUEUE_HEAD(vt_event_waitqueue); 77 78 /** 79 * vt_event_post 80 * @event: the event that occurred 81 * @old: old console 82 * @new: new console 83 * 84 * Post an VT event to interested VT handlers 85 */ 86 87 void vt_event_post(unsigned int event, unsigned int old, unsigned int new) 88 { 89 struct list_head *pos, *head; 90 unsigned long flags; 91 int wake = 0; 92 93 spin_lock_irqsave(&vt_event_lock, flags); 94 head = &vt_events; 95 96 list_for_each(pos, head) { 97 struct vt_event_wait *ve = list_entry(pos, 98 struct vt_event_wait, list); 99 if (!(ve->event.event & event)) 100 continue; 101 ve->event.event = event; 102 /* kernel view is consoles 0..n-1, user space view is 103 console 1..n with 0 meaning current, so we must bias */ 104 ve->event.oldev = old + 1; 105 ve->event.newev = new + 1; 106 wake = 1; 107 ve->done = 1; 108 } 109 spin_unlock_irqrestore(&vt_event_lock, flags); 110 if (wake) 111 wake_up_interruptible(&vt_event_waitqueue); 112 } 113 114 static void __vt_event_queue(struct vt_event_wait *vw) 115 { 116 unsigned long flags; 117 /* Prepare the event */ 118 INIT_LIST_HEAD(&vw->list); 119 vw->done = 0; 120 /* Queue our event */ 121 spin_lock_irqsave(&vt_event_lock, flags); 122 list_add(&vw->list, &vt_events); 123 spin_unlock_irqrestore(&vt_event_lock, flags); 124 } 125 126 static void __vt_event_wait(struct vt_event_wait *vw) 127 { 128 /* Wait for it to pass */ 129 wait_event_interruptible(vt_event_waitqueue, vw->done); 130 } 131 132 static void __vt_event_dequeue(struct vt_event_wait *vw) 133 { 134 unsigned long flags; 135 136 /* Dequeue it */ 137 spin_lock_irqsave(&vt_event_lock, flags); 138 list_del(&vw->list); 139 spin_unlock_irqrestore(&vt_event_lock, flags); 140 } 141 142 /** 143 * vt_event_wait - wait for an event 144 * @vw: our event 145 * 146 * Waits for an event to occur which completes our vt_event_wait 147 * structure. On return the structure has wv->done set to 1 for success 148 * or 0 if some event such as a signal ended the wait. 149 */ 150 151 static void vt_event_wait(struct vt_event_wait *vw) 152 { 153 __vt_event_queue(vw); 154 __vt_event_wait(vw); 155 __vt_event_dequeue(vw); 156 } 157 158 /** 159 * vt_event_wait_ioctl - event ioctl handler 160 * @arg: argument to ioctl 161 * 162 * Implement the VT_WAITEVENT ioctl using the VT event interface 163 */ 164 165 static int vt_event_wait_ioctl(struct vt_event __user *event) 166 { 167 struct vt_event_wait vw; 168 169 if (copy_from_user(&vw.event, event, sizeof(struct vt_event))) 170 return -EFAULT; 171 /* Highest supported event for now */ 172 if (vw.event.event & ~VT_MAX_EVENT) 173 return -EINVAL; 174 175 vt_event_wait(&vw); 176 /* If it occurred report it */ 177 if (vw.done) { 178 if (copy_to_user(event, &vw.event, sizeof(struct vt_event))) 179 return -EFAULT; 180 return 0; 181 } 182 return -EINTR; 183 } 184 185 /** 186 * vt_waitactive - active console wait 187 * @event: event code 188 * @n: new console 189 * 190 * Helper for event waits. Used to implement the legacy 191 * event waiting ioctls in terms of events 192 */ 193 194 int vt_waitactive(int n) 195 { 196 struct vt_event_wait vw; 197 do { 198 vw.event.event = VT_EVENT_SWITCH; 199 __vt_event_queue(&vw); 200 if (n == fg_console + 1) { 201 __vt_event_dequeue(&vw); 202 break; 203 } 204 __vt_event_wait(&vw); 205 __vt_event_dequeue(&vw); 206 if (vw.done == 0) 207 return -EINTR; 208 } while (vw.event.newev != n); 209 return 0; 210 } 211 212 /* 213 * these are the valid i/o ports we're allowed to change. they map all the 214 * video ports 215 */ 216 #define GPFIRST 0x3b4 217 #define GPLAST 0x3df 218 #define GPNUM (GPLAST - GPFIRST + 1) 219 220 221 222 static inline int 223 do_fontx_ioctl(int cmd, struct consolefontdesc __user *user_cfd, int perm, struct console_font_op *op) 224 { 225 struct consolefontdesc cfdarg; 226 int i; 227 228 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct consolefontdesc))) 229 return -EFAULT; 230 231 switch (cmd) { 232 case PIO_FONTX: 233 if (!perm) 234 return -EPERM; 235 op->op = KD_FONT_OP_SET; 236 op->flags = KD_FONT_FLAG_OLD; 237 op->width = 8; 238 op->height = cfdarg.charheight; 239 op->charcount = cfdarg.charcount; 240 op->data = cfdarg.chardata; 241 return con_font_op(vc_cons[fg_console].d, op); 242 case GIO_FONTX: { 243 op->op = KD_FONT_OP_GET; 244 op->flags = KD_FONT_FLAG_OLD; 245 op->width = 8; 246 op->height = cfdarg.charheight; 247 op->charcount = cfdarg.charcount; 248 op->data = cfdarg.chardata; 249 i = con_font_op(vc_cons[fg_console].d, op); 250 if (i) 251 return i; 252 cfdarg.charheight = op->height; 253 cfdarg.charcount = op->charcount; 254 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct consolefontdesc))) 255 return -EFAULT; 256 return 0; 257 } 258 } 259 return -EINVAL; 260 } 261 262 static inline int 263 do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud, int perm, struct vc_data *vc) 264 { 265 struct unimapdesc tmp; 266 267 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 268 return -EFAULT; 269 switch (cmd) { 270 case PIO_UNIMAP: 271 if (!perm) 272 return -EPERM; 273 return con_set_unimap(vc, tmp.entry_ct, tmp.entries); 274 case GIO_UNIMAP: 275 if (!perm && fg_console != vc->vc_num) 276 return -EPERM; 277 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp.entries); 278 } 279 return 0; 280 } 281 282 /* deallocate a single console, if possible (leave 0) */ 283 static int vt_disallocate(unsigned int vc_num) 284 { 285 struct vc_data *vc = NULL; 286 int ret = 0; 287 288 console_lock(); 289 if (VT_BUSY(vc_num)) 290 ret = -EBUSY; 291 else if (vc_num) 292 vc = vc_deallocate(vc_num); 293 console_unlock(); 294 295 if (vc && vc_num >= MIN_NR_CONSOLES) { 296 tty_port_destroy(&vc->port); 297 kfree(vc); 298 } 299 300 return ret; 301 } 302 303 /* deallocate all unused consoles, but leave 0 */ 304 static void vt_disallocate_all(void) 305 { 306 struct vc_data *vc[MAX_NR_CONSOLES]; 307 int i; 308 309 console_lock(); 310 for (i = 1; i < MAX_NR_CONSOLES; i++) 311 if (!VT_BUSY(i)) 312 vc[i] = vc_deallocate(i); 313 else 314 vc[i] = NULL; 315 console_unlock(); 316 317 for (i = 1; i < MAX_NR_CONSOLES; i++) { 318 if (vc[i] && i >= MIN_NR_CONSOLES) { 319 tty_port_destroy(&vc[i]->port); 320 kfree(vc[i]); 321 } 322 } 323 } 324 325 326 /* 327 * We handle the console-specific ioctl's here. We allow the 328 * capability to modify any console, not just the fg_console. 329 */ 330 int vt_ioctl(struct tty_struct *tty, 331 unsigned int cmd, unsigned long arg) 332 { 333 struct vc_data *vc = tty->driver_data; 334 struct console_font_op op; /* used in multiple places here */ 335 unsigned int console; 336 unsigned char ucval; 337 unsigned int uival; 338 void __user *up = (void __user *)arg; 339 int i, perm; 340 int ret = 0; 341 342 console = vc->vc_num; 343 344 345 if (!vc_cons_allocated(console)) { /* impossible? */ 346 ret = -ENOIOCTLCMD; 347 goto out; 348 } 349 350 351 /* 352 * To have permissions to do most of the vt ioctls, we either have 353 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 354 */ 355 perm = 0; 356 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 357 perm = 1; 358 359 switch (cmd) { 360 case TIOCLINUX: 361 ret = tioclinux(tty, arg); 362 break; 363 case KIOCSOUND: 364 if (!perm) 365 return -EPERM; 366 /* 367 * The use of PIT_TICK_RATE is historic, it used to be 368 * the platform-dependent CLOCK_TICK_RATE between 2.6.12 369 * and 2.6.36, which was a minor but unfortunate ABI 370 * change. kd_mksound is locked by the input layer. 371 */ 372 if (arg) 373 arg = PIT_TICK_RATE / arg; 374 kd_mksound(arg, 0); 375 break; 376 377 case KDMKTONE: 378 if (!perm) 379 return -EPERM; 380 { 381 unsigned int ticks, count; 382 383 /* 384 * Generate the tone for the appropriate number of ticks. 385 * If the time is zero, turn off sound ourselves. 386 */ 387 ticks = msecs_to_jiffies((arg >> 16) & 0xffff); 388 count = ticks ? (arg & 0xffff) : 0; 389 if (count) 390 count = PIT_TICK_RATE / count; 391 kd_mksound(count, ticks); 392 break; 393 } 394 395 case KDGKBTYPE: 396 /* 397 * this is naïve. 398 */ 399 ucval = KB_101; 400 ret = put_user(ucval, (char __user *)arg); 401 break; 402 403 /* 404 * These cannot be implemented on any machine that implements 405 * ioperm() in user level (such as Alpha PCs) or not at all. 406 * 407 * XXX: you should never use these, just call ioperm directly.. 408 */ 409 #ifdef CONFIG_X86 410 case KDADDIO: 411 case KDDELIO: 412 /* 413 * KDADDIO and KDDELIO may be able to add ports beyond what 414 * we reject here, but to be safe... 415 * 416 * These are locked internally via sys_ioperm 417 */ 418 if (arg < GPFIRST || arg > GPLAST) { 419 ret = -EINVAL; 420 break; 421 } 422 ret = sys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0; 423 break; 424 425 case KDENABIO: 426 case KDDISABIO: 427 ret = sys_ioperm(GPFIRST, GPNUM, 428 (cmd == KDENABIO)) ? -ENXIO : 0; 429 break; 430 #endif 431 432 /* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */ 433 434 case KDKBDREP: 435 { 436 struct kbd_repeat kbrep; 437 438 if (!capable(CAP_SYS_TTY_CONFIG)) 439 return -EPERM; 440 441 if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat))) { 442 ret = -EFAULT; 443 break; 444 } 445 ret = kbd_rate(&kbrep); 446 if (ret) 447 break; 448 if (copy_to_user(up, &kbrep, sizeof(struct kbd_repeat))) 449 ret = -EFAULT; 450 break; 451 } 452 453 case KDSETMODE: 454 /* 455 * currently, setting the mode from KD_TEXT to KD_GRAPHICS 456 * doesn't do a whole lot. i'm not sure if it should do any 457 * restoration of modes or what... 458 * 459 * XXX It should at least call into the driver, fbdev's definitely 460 * need to restore their engine state. --BenH 461 */ 462 if (!perm) 463 return -EPERM; 464 switch (arg) { 465 case KD_GRAPHICS: 466 break; 467 case KD_TEXT0: 468 case KD_TEXT1: 469 arg = KD_TEXT; 470 case KD_TEXT: 471 break; 472 default: 473 ret = -EINVAL; 474 goto out; 475 } 476 /* FIXME: this needs the console lock extending */ 477 if (vc->vc_mode == (unsigned char) arg) 478 break; 479 vc->vc_mode = (unsigned char) arg; 480 if (console != fg_console) 481 break; 482 /* 483 * explicitly blank/unblank the screen if switching modes 484 */ 485 console_lock(); 486 if (arg == KD_TEXT) 487 do_unblank_screen(1); 488 else 489 do_blank_screen(1); 490 console_unlock(); 491 break; 492 493 case KDGETMODE: 494 uival = vc->vc_mode; 495 goto setint; 496 497 case KDMAPDISP: 498 case KDUNMAPDISP: 499 /* 500 * these work like a combination of mmap and KDENABIO. 501 * this could be easily finished. 502 */ 503 ret = -EINVAL; 504 break; 505 506 case KDSKBMODE: 507 if (!perm) 508 return -EPERM; 509 ret = vt_do_kdskbmode(console, arg); 510 if (ret == 0) 511 tty_ldisc_flush(tty); 512 break; 513 514 case KDGKBMODE: 515 uival = vt_do_kdgkbmode(console); 516 ret = put_user(uival, (int __user *)arg); 517 break; 518 519 /* this could be folded into KDSKBMODE, but for compatibility 520 reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */ 521 case KDSKBMETA: 522 ret = vt_do_kdskbmeta(console, arg); 523 break; 524 525 case KDGKBMETA: 526 /* FIXME: should review whether this is worth locking */ 527 uival = vt_do_kdgkbmeta(console); 528 setint: 529 ret = put_user(uival, (int __user *)arg); 530 break; 531 532 case KDGETKEYCODE: 533 case KDSETKEYCODE: 534 if(!capable(CAP_SYS_TTY_CONFIG)) 535 perm = 0; 536 ret = vt_do_kbkeycode_ioctl(cmd, up, perm); 537 break; 538 539 case KDGKBENT: 540 case KDSKBENT: 541 ret = vt_do_kdsk_ioctl(cmd, up, perm, console); 542 break; 543 544 case KDGKBSENT: 545 case KDSKBSENT: 546 ret = vt_do_kdgkb_ioctl(cmd, up, perm); 547 break; 548 549 /* Diacritical processing. Handled in keyboard.c as it has 550 to operate on the keyboard locks and structures */ 551 case KDGKBDIACR: 552 case KDGKBDIACRUC: 553 case KDSKBDIACR: 554 case KDSKBDIACRUC: 555 ret = vt_do_diacrit(cmd, up, perm); 556 break; 557 558 /* the ioctls below read/set the flags usually shown in the leds */ 559 /* don't use them - they will go away without warning */ 560 case KDGKBLED: 561 case KDSKBLED: 562 case KDGETLED: 563 case KDSETLED: 564 ret = vt_do_kdskled(console, cmd, arg, perm); 565 break; 566 567 /* 568 * A process can indicate its willingness to accept signals 569 * generated by pressing an appropriate key combination. 570 * Thus, one can have a daemon that e.g. spawns a new console 571 * upon a keypress and then changes to it. 572 * See also the kbrequest field of inittab(5). 573 */ 574 case KDSIGACCEPT: 575 { 576 if (!perm || !capable(CAP_KILL)) 577 return -EPERM; 578 if (!valid_signal(arg) || arg < 1 || arg == SIGKILL) 579 ret = -EINVAL; 580 else { 581 spin_lock_irq(&vt_spawn_con.lock); 582 put_pid(vt_spawn_con.pid); 583 vt_spawn_con.pid = get_pid(task_pid(current)); 584 vt_spawn_con.sig = arg; 585 spin_unlock_irq(&vt_spawn_con.lock); 586 } 587 break; 588 } 589 590 case VT_SETMODE: 591 { 592 struct vt_mode tmp; 593 594 if (!perm) 595 return -EPERM; 596 if (copy_from_user(&tmp, up, sizeof(struct vt_mode))) { 597 ret = -EFAULT; 598 goto out; 599 } 600 if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS) { 601 ret = -EINVAL; 602 goto out; 603 } 604 console_lock(); 605 vc->vt_mode = tmp; 606 /* the frsig is ignored, so we set it to 0 */ 607 vc->vt_mode.frsig = 0; 608 put_pid(vc->vt_pid); 609 vc->vt_pid = get_pid(task_pid(current)); 610 /* no switch is required -- saw@shade.msu.ru */ 611 vc->vt_newvt = -1; 612 console_unlock(); 613 break; 614 } 615 616 case VT_GETMODE: 617 { 618 struct vt_mode tmp; 619 int rc; 620 621 console_lock(); 622 memcpy(&tmp, &vc->vt_mode, sizeof(struct vt_mode)); 623 console_unlock(); 624 625 rc = copy_to_user(up, &tmp, sizeof(struct vt_mode)); 626 if (rc) 627 ret = -EFAULT; 628 break; 629 } 630 631 /* 632 * Returns global vt state. Note that VT 0 is always open, since 633 * it's an alias for the current VT, and people can't use it here. 634 * We cannot return state for more than 16 VTs, since v_state is short. 635 */ 636 case VT_GETSTATE: 637 { 638 struct vt_stat __user *vtstat = up; 639 unsigned short state, mask; 640 641 /* Review: FIXME: Console lock ? */ 642 if (put_user(fg_console + 1, &vtstat->v_active)) 643 ret = -EFAULT; 644 else { 645 state = 1; /* /dev/tty0 is always open */ 646 for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask; 647 ++i, mask <<= 1) 648 if (VT_IS_IN_USE(i)) 649 state |= mask; 650 ret = put_user(state, &vtstat->v_state); 651 } 652 break; 653 } 654 655 /* 656 * Returns the first available (non-opened) console. 657 */ 658 case VT_OPENQRY: 659 /* FIXME: locking ? - but then this is a stupid API */ 660 for (i = 0; i < MAX_NR_CONSOLES; ++i) 661 if (! VT_IS_IN_USE(i)) 662 break; 663 uival = i < MAX_NR_CONSOLES ? (i+1) : -1; 664 goto setint; 665 666 /* 667 * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num, 668 * with num >= 1 (switches to vt 0, our console, are not allowed, just 669 * to preserve sanity). 670 */ 671 case VT_ACTIVATE: 672 if (!perm) 673 return -EPERM; 674 if (arg == 0 || arg > MAX_NR_CONSOLES) 675 ret = -ENXIO; 676 else { 677 arg--; 678 console_lock(); 679 ret = vc_allocate(arg); 680 console_unlock(); 681 if (ret) 682 break; 683 set_console(arg); 684 } 685 break; 686 687 case VT_SETACTIVATE: 688 { 689 struct vt_setactivate vsa; 690 691 if (!perm) 692 return -EPERM; 693 694 if (copy_from_user(&vsa, (struct vt_setactivate __user *)arg, 695 sizeof(struct vt_setactivate))) { 696 ret = -EFAULT; 697 goto out; 698 } 699 if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES) 700 ret = -ENXIO; 701 else { 702 vsa.console--; 703 console_lock(); 704 ret = vc_allocate(vsa.console); 705 if (ret == 0) { 706 struct vc_data *nvc; 707 /* This is safe providing we don't drop the 708 console sem between vc_allocate and 709 finishing referencing nvc */ 710 nvc = vc_cons[vsa.console].d; 711 nvc->vt_mode = vsa.mode; 712 nvc->vt_mode.frsig = 0; 713 put_pid(nvc->vt_pid); 714 nvc->vt_pid = get_pid(task_pid(current)); 715 } 716 console_unlock(); 717 if (ret) 718 break; 719 /* Commence switch and lock */ 720 /* Review set_console locks */ 721 set_console(vsa.console); 722 } 723 break; 724 } 725 726 /* 727 * wait until the specified VT has been activated 728 */ 729 case VT_WAITACTIVE: 730 if (!perm) 731 return -EPERM; 732 if (arg == 0 || arg > MAX_NR_CONSOLES) 733 ret = -ENXIO; 734 else 735 ret = vt_waitactive(arg); 736 break; 737 738 /* 739 * If a vt is under process control, the kernel will not switch to it 740 * immediately, but postpone the operation until the process calls this 741 * ioctl, allowing the switch to complete. 742 * 743 * According to the X sources this is the behavior: 744 * 0: pending switch-from not OK 745 * 1: pending switch-from OK 746 * 2: completed switch-to OK 747 */ 748 case VT_RELDISP: 749 if (!perm) 750 return -EPERM; 751 752 console_lock(); 753 if (vc->vt_mode.mode != VT_PROCESS) { 754 console_unlock(); 755 ret = -EINVAL; 756 break; 757 } 758 /* 759 * Switching-from response 760 */ 761 if (vc->vt_newvt >= 0) { 762 if (arg == 0) 763 /* 764 * Switch disallowed, so forget we were trying 765 * to do it. 766 */ 767 vc->vt_newvt = -1; 768 769 else { 770 /* 771 * The current vt has been released, so 772 * complete the switch. 773 */ 774 int newvt; 775 newvt = vc->vt_newvt; 776 vc->vt_newvt = -1; 777 ret = vc_allocate(newvt); 778 if (ret) { 779 console_unlock(); 780 break; 781 } 782 /* 783 * When we actually do the console switch, 784 * make sure we are atomic with respect to 785 * other console switches.. 786 */ 787 complete_change_console(vc_cons[newvt].d); 788 } 789 } else { 790 /* 791 * Switched-to response 792 */ 793 /* 794 * If it's just an ACK, ignore it 795 */ 796 if (arg != VT_ACKACQ) 797 ret = -EINVAL; 798 } 799 console_unlock(); 800 break; 801 802 /* 803 * Disallocate memory associated to VT (but leave VT1) 804 */ 805 case VT_DISALLOCATE: 806 if (arg > MAX_NR_CONSOLES) { 807 ret = -ENXIO; 808 break; 809 } 810 if (arg == 0) 811 vt_disallocate_all(); 812 else 813 ret = vt_disallocate(--arg); 814 break; 815 816 case VT_RESIZE: 817 { 818 struct vt_sizes __user *vtsizes = up; 819 struct vc_data *vc; 820 821 ushort ll,cc; 822 if (!perm) 823 return -EPERM; 824 if (get_user(ll, &vtsizes->v_rows) || 825 get_user(cc, &vtsizes->v_cols)) 826 ret = -EFAULT; 827 else { 828 console_lock(); 829 for (i = 0; i < MAX_NR_CONSOLES; i++) { 830 vc = vc_cons[i].d; 831 832 if (vc) { 833 vc->vc_resize_user = 1; 834 /* FIXME: review v tty lock */ 835 vc_resize(vc_cons[i].d, cc, ll); 836 } 837 } 838 console_unlock(); 839 } 840 break; 841 } 842 843 case VT_RESIZEX: 844 { 845 struct vt_consize __user *vtconsize = up; 846 ushort ll,cc,vlin,clin,vcol,ccol; 847 if (!perm) 848 return -EPERM; 849 if (!access_ok(VERIFY_READ, vtconsize, 850 sizeof(struct vt_consize))) { 851 ret = -EFAULT; 852 break; 853 } 854 /* FIXME: Should check the copies properly */ 855 __get_user(ll, &vtconsize->v_rows); 856 __get_user(cc, &vtconsize->v_cols); 857 __get_user(vlin, &vtconsize->v_vlin); 858 __get_user(clin, &vtconsize->v_clin); 859 __get_user(vcol, &vtconsize->v_vcol); 860 __get_user(ccol, &vtconsize->v_ccol); 861 vlin = vlin ? vlin : vc->vc_scan_lines; 862 if (clin) { 863 if (ll) { 864 if (ll != vlin/clin) { 865 /* Parameters don't add up */ 866 ret = -EINVAL; 867 break; 868 } 869 } else 870 ll = vlin/clin; 871 } 872 if (vcol && ccol) { 873 if (cc) { 874 if (cc != vcol/ccol) { 875 ret = -EINVAL; 876 break; 877 } 878 } else 879 cc = vcol/ccol; 880 } 881 882 if (clin > 32) { 883 ret = -EINVAL; 884 break; 885 } 886 887 for (i = 0; i < MAX_NR_CONSOLES; i++) { 888 if (!vc_cons[i].d) 889 continue; 890 console_lock(); 891 if (vlin) 892 vc_cons[i].d->vc_scan_lines = vlin; 893 if (clin) 894 vc_cons[i].d->vc_font.height = clin; 895 vc_cons[i].d->vc_resize_user = 1; 896 vc_resize(vc_cons[i].d, cc, ll); 897 console_unlock(); 898 } 899 break; 900 } 901 902 case PIO_FONT: { 903 if (!perm) 904 return -EPERM; 905 op.op = KD_FONT_OP_SET; 906 op.flags = KD_FONT_FLAG_OLD | KD_FONT_FLAG_DONT_RECALC; /* Compatibility */ 907 op.width = 8; 908 op.height = 0; 909 op.charcount = 256; 910 op.data = up; 911 ret = con_font_op(vc_cons[fg_console].d, &op); 912 break; 913 } 914 915 case GIO_FONT: { 916 op.op = KD_FONT_OP_GET; 917 op.flags = KD_FONT_FLAG_OLD; 918 op.width = 8; 919 op.height = 32; 920 op.charcount = 256; 921 op.data = up; 922 ret = con_font_op(vc_cons[fg_console].d, &op); 923 break; 924 } 925 926 case PIO_CMAP: 927 if (!perm) 928 ret = -EPERM; 929 else 930 ret = con_set_cmap(up); 931 break; 932 933 case GIO_CMAP: 934 ret = con_get_cmap(up); 935 break; 936 937 case PIO_FONTX: 938 case GIO_FONTX: 939 ret = do_fontx_ioctl(cmd, up, perm, &op); 940 break; 941 942 case PIO_FONTRESET: 943 { 944 if (!perm) 945 return -EPERM; 946 947 #ifdef BROKEN_GRAPHICS_PROGRAMS 948 /* With BROKEN_GRAPHICS_PROGRAMS defined, the default 949 font is not saved. */ 950 ret = -ENOSYS; 951 break; 952 #else 953 { 954 op.op = KD_FONT_OP_SET_DEFAULT; 955 op.data = NULL; 956 ret = con_font_op(vc_cons[fg_console].d, &op); 957 if (ret) 958 break; 959 console_lock(); 960 con_set_default_unimap(vc_cons[fg_console].d); 961 console_unlock(); 962 break; 963 } 964 #endif 965 } 966 967 case KDFONTOP: { 968 if (copy_from_user(&op, up, sizeof(op))) { 969 ret = -EFAULT; 970 break; 971 } 972 if (!perm && op.op != KD_FONT_OP_GET) 973 return -EPERM; 974 ret = con_font_op(vc, &op); 975 if (ret) 976 break; 977 if (copy_to_user(up, &op, sizeof(op))) 978 ret = -EFAULT; 979 break; 980 } 981 982 case PIO_SCRNMAP: 983 if (!perm) 984 ret = -EPERM; 985 else 986 ret = con_set_trans_old(up); 987 break; 988 989 case GIO_SCRNMAP: 990 ret = con_get_trans_old(up); 991 break; 992 993 case PIO_UNISCRNMAP: 994 if (!perm) 995 ret = -EPERM; 996 else 997 ret = con_set_trans_new(up); 998 break; 999 1000 case GIO_UNISCRNMAP: 1001 ret = con_get_trans_new(up); 1002 break; 1003 1004 case PIO_UNIMAPCLR: 1005 if (!perm) 1006 return -EPERM; 1007 con_clear_unimap(vc); 1008 break; 1009 1010 case PIO_UNIMAP: 1011 case GIO_UNIMAP: 1012 ret = do_unimap_ioctl(cmd, up, perm, vc); 1013 break; 1014 1015 case VT_LOCKSWITCH: 1016 if (!capable(CAP_SYS_TTY_CONFIG)) 1017 return -EPERM; 1018 vt_dont_switch = 1; 1019 break; 1020 case VT_UNLOCKSWITCH: 1021 if (!capable(CAP_SYS_TTY_CONFIG)) 1022 return -EPERM; 1023 vt_dont_switch = 0; 1024 break; 1025 case VT_GETHIFONTMASK: 1026 ret = put_user(vc->vc_hi_font_mask, 1027 (unsigned short __user *)arg); 1028 break; 1029 case VT_WAITEVENT: 1030 ret = vt_event_wait_ioctl((struct vt_event __user *)arg); 1031 break; 1032 default: 1033 ret = -ENOIOCTLCMD; 1034 } 1035 out: 1036 return ret; 1037 } 1038 1039 void reset_vc(struct vc_data *vc) 1040 { 1041 vc->vc_mode = KD_TEXT; 1042 vt_reset_unicode(vc->vc_num); 1043 vc->vt_mode.mode = VT_AUTO; 1044 vc->vt_mode.waitv = 0; 1045 vc->vt_mode.relsig = 0; 1046 vc->vt_mode.acqsig = 0; 1047 vc->vt_mode.frsig = 0; 1048 put_pid(vc->vt_pid); 1049 vc->vt_pid = NULL; 1050 vc->vt_newvt = -1; 1051 if (!in_interrupt()) /* Via keyboard.c:SAK() - akpm */ 1052 reset_palette(vc); 1053 } 1054 1055 void vc_SAK(struct work_struct *work) 1056 { 1057 struct vc *vc_con = 1058 container_of(work, struct vc, SAK_work); 1059 struct vc_data *vc; 1060 struct tty_struct *tty; 1061 1062 console_lock(); 1063 vc = vc_con->d; 1064 if (vc) { 1065 /* FIXME: review tty ref counting */ 1066 tty = vc->port.tty; 1067 /* 1068 * SAK should also work in all raw modes and reset 1069 * them properly. 1070 */ 1071 if (tty) 1072 __do_SAK(tty); 1073 reset_vc(vc); 1074 } 1075 console_unlock(); 1076 } 1077 1078 #ifdef CONFIG_COMPAT 1079 1080 struct compat_consolefontdesc { 1081 unsigned short charcount; /* characters in font (256 or 512) */ 1082 unsigned short charheight; /* scan lines per character (1-32) */ 1083 compat_caddr_t chardata; /* font data in expanded form */ 1084 }; 1085 1086 static inline int 1087 compat_fontx_ioctl(int cmd, struct compat_consolefontdesc __user *user_cfd, 1088 int perm, struct console_font_op *op) 1089 { 1090 struct compat_consolefontdesc cfdarg; 1091 int i; 1092 1093 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct compat_consolefontdesc))) 1094 return -EFAULT; 1095 1096 switch (cmd) { 1097 case PIO_FONTX: 1098 if (!perm) 1099 return -EPERM; 1100 op->op = KD_FONT_OP_SET; 1101 op->flags = KD_FONT_FLAG_OLD; 1102 op->width = 8; 1103 op->height = cfdarg.charheight; 1104 op->charcount = cfdarg.charcount; 1105 op->data = compat_ptr(cfdarg.chardata); 1106 return con_font_op(vc_cons[fg_console].d, op); 1107 case GIO_FONTX: 1108 op->op = KD_FONT_OP_GET; 1109 op->flags = KD_FONT_FLAG_OLD; 1110 op->width = 8; 1111 op->height = cfdarg.charheight; 1112 op->charcount = cfdarg.charcount; 1113 op->data = compat_ptr(cfdarg.chardata); 1114 i = con_font_op(vc_cons[fg_console].d, op); 1115 if (i) 1116 return i; 1117 cfdarg.charheight = op->height; 1118 cfdarg.charcount = op->charcount; 1119 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct compat_consolefontdesc))) 1120 return -EFAULT; 1121 return 0; 1122 } 1123 return -EINVAL; 1124 } 1125 1126 struct compat_console_font_op { 1127 compat_uint_t op; /* operation code KD_FONT_OP_* */ 1128 compat_uint_t flags; /* KD_FONT_FLAG_* */ 1129 compat_uint_t width, height; /* font size */ 1130 compat_uint_t charcount; 1131 compat_caddr_t data; /* font data with height fixed to 32 */ 1132 }; 1133 1134 static inline int 1135 compat_kdfontop_ioctl(struct compat_console_font_op __user *fontop, 1136 int perm, struct console_font_op *op, struct vc_data *vc) 1137 { 1138 int i; 1139 1140 if (copy_from_user(op, fontop, sizeof(struct compat_console_font_op))) 1141 return -EFAULT; 1142 if (!perm && op->op != KD_FONT_OP_GET) 1143 return -EPERM; 1144 op->data = compat_ptr(((struct compat_console_font_op *)op)->data); 1145 i = con_font_op(vc, op); 1146 if (i) 1147 return i; 1148 ((struct compat_console_font_op *)op)->data = (unsigned long)op->data; 1149 if (copy_to_user(fontop, op, sizeof(struct compat_console_font_op))) 1150 return -EFAULT; 1151 return 0; 1152 } 1153 1154 struct compat_unimapdesc { 1155 unsigned short entry_ct; 1156 compat_caddr_t entries; 1157 }; 1158 1159 static inline int 1160 compat_unimap_ioctl(unsigned int cmd, struct compat_unimapdesc __user *user_ud, 1161 int perm, struct vc_data *vc) 1162 { 1163 struct compat_unimapdesc tmp; 1164 struct unipair __user *tmp_entries; 1165 1166 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 1167 return -EFAULT; 1168 tmp_entries = compat_ptr(tmp.entries); 1169 switch (cmd) { 1170 case PIO_UNIMAP: 1171 if (!perm) 1172 return -EPERM; 1173 return con_set_unimap(vc, tmp.entry_ct, tmp_entries); 1174 case GIO_UNIMAP: 1175 if (!perm && fg_console != vc->vc_num) 1176 return -EPERM; 1177 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp_entries); 1178 } 1179 return 0; 1180 } 1181 1182 long vt_compat_ioctl(struct tty_struct *tty, 1183 unsigned int cmd, unsigned long arg) 1184 { 1185 struct vc_data *vc = tty->driver_data; 1186 struct console_font_op op; /* used in multiple places here */ 1187 unsigned int console; 1188 void __user *up = (void __user *)arg; 1189 int perm; 1190 int ret = 0; 1191 1192 console = vc->vc_num; 1193 1194 if (!vc_cons_allocated(console)) { /* impossible? */ 1195 ret = -ENOIOCTLCMD; 1196 goto out; 1197 } 1198 1199 /* 1200 * To have permissions to do most of the vt ioctls, we either have 1201 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 1202 */ 1203 perm = 0; 1204 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 1205 perm = 1; 1206 1207 switch (cmd) { 1208 /* 1209 * these need special handlers for incompatible data structures 1210 */ 1211 case PIO_FONTX: 1212 case GIO_FONTX: 1213 ret = compat_fontx_ioctl(cmd, up, perm, &op); 1214 break; 1215 1216 case KDFONTOP: 1217 ret = compat_kdfontop_ioctl(up, perm, &op, vc); 1218 break; 1219 1220 case PIO_UNIMAP: 1221 case GIO_UNIMAP: 1222 ret = compat_unimap_ioctl(cmd, up, perm, vc); 1223 break; 1224 1225 /* 1226 * all these treat 'arg' as an integer 1227 */ 1228 case KIOCSOUND: 1229 case KDMKTONE: 1230 #ifdef CONFIG_X86 1231 case KDADDIO: 1232 case KDDELIO: 1233 #endif 1234 case KDSETMODE: 1235 case KDMAPDISP: 1236 case KDUNMAPDISP: 1237 case KDSKBMODE: 1238 case KDSKBMETA: 1239 case KDSKBLED: 1240 case KDSETLED: 1241 case KDSIGACCEPT: 1242 case VT_ACTIVATE: 1243 case VT_WAITACTIVE: 1244 case VT_RELDISP: 1245 case VT_DISALLOCATE: 1246 case VT_RESIZE: 1247 case VT_RESIZEX: 1248 goto fallback; 1249 1250 /* 1251 * the rest has a compatible data structure behind arg, 1252 * but we have to convert it to a proper 64 bit pointer. 1253 */ 1254 default: 1255 arg = (unsigned long)compat_ptr(arg); 1256 goto fallback; 1257 } 1258 out: 1259 return ret; 1260 1261 fallback: 1262 return vt_ioctl(tty, cmd, arg); 1263 } 1264 1265 1266 #endif /* CONFIG_COMPAT */ 1267 1268 1269 /* 1270 * Performs the back end of a vt switch. Called under the console 1271 * semaphore. 1272 */ 1273 static void complete_change_console(struct vc_data *vc) 1274 { 1275 unsigned char old_vc_mode; 1276 int old = fg_console; 1277 1278 last_console = fg_console; 1279 1280 /* 1281 * If we're switching, we could be going from KD_GRAPHICS to 1282 * KD_TEXT mode or vice versa, which means we need to blank or 1283 * unblank the screen later. 1284 */ 1285 old_vc_mode = vc_cons[fg_console].d->vc_mode; 1286 switch_screen(vc); 1287 1288 /* 1289 * This can't appear below a successful kill_pid(). If it did, 1290 * then the *blank_screen operation could occur while X, having 1291 * received acqsig, is waking up on another processor. This 1292 * condition can lead to overlapping accesses to the VGA range 1293 * and the framebuffer (causing system lockups). 1294 * 1295 * To account for this we duplicate this code below only if the 1296 * controlling process is gone and we've called reset_vc. 1297 */ 1298 if (old_vc_mode != vc->vc_mode) { 1299 if (vc->vc_mode == KD_TEXT) 1300 do_unblank_screen(1); 1301 else 1302 do_blank_screen(1); 1303 } 1304 1305 /* 1306 * If this new console is under process control, send it a signal 1307 * telling it that it has acquired. Also check if it has died and 1308 * clean up (similar to logic employed in change_console()) 1309 */ 1310 if (vc->vt_mode.mode == VT_PROCESS) { 1311 /* 1312 * Send the signal as privileged - kill_pid() will 1313 * tell us if the process has gone or something else 1314 * is awry 1315 */ 1316 if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) { 1317 /* 1318 * The controlling process has died, so we revert back to 1319 * normal operation. In this case, we'll also change back 1320 * to KD_TEXT mode. I'm not sure if this is strictly correct 1321 * but it saves the agony when the X server dies and the screen 1322 * remains blanked due to KD_GRAPHICS! It would be nice to do 1323 * this outside of VT_PROCESS but there is no single process 1324 * to account for and tracking tty count may be undesirable. 1325 */ 1326 reset_vc(vc); 1327 1328 if (old_vc_mode != vc->vc_mode) { 1329 if (vc->vc_mode == KD_TEXT) 1330 do_unblank_screen(1); 1331 else 1332 do_blank_screen(1); 1333 } 1334 } 1335 } 1336 1337 /* 1338 * Wake anyone waiting for their VT to activate 1339 */ 1340 vt_event_post(VT_EVENT_SWITCH, old, vc->vc_num); 1341 return; 1342 } 1343 1344 /* 1345 * Performs the front-end of a vt switch 1346 */ 1347 void change_console(struct vc_data *new_vc) 1348 { 1349 struct vc_data *vc; 1350 1351 if (!new_vc || new_vc->vc_num == fg_console || vt_dont_switch) 1352 return; 1353 1354 /* 1355 * If this vt is in process mode, then we need to handshake with 1356 * that process before switching. Essentially, we store where that 1357 * vt wants to switch to and wait for it to tell us when it's done 1358 * (via VT_RELDISP ioctl). 1359 * 1360 * We also check to see if the controlling process still exists. 1361 * If it doesn't, we reset this vt to auto mode and continue. 1362 * This is a cheap way to track process control. The worst thing 1363 * that can happen is: we send a signal to a process, it dies, and 1364 * the switch gets "lost" waiting for a response; hopefully, the 1365 * user will try again, we'll detect the process is gone (unless 1366 * the user waits just the right amount of time :-) and revert the 1367 * vt to auto control. 1368 */ 1369 vc = vc_cons[fg_console].d; 1370 if (vc->vt_mode.mode == VT_PROCESS) { 1371 /* 1372 * Send the signal as privileged - kill_pid() will 1373 * tell us if the process has gone or something else 1374 * is awry. 1375 * 1376 * We need to set vt_newvt *before* sending the signal or we 1377 * have a race. 1378 */ 1379 vc->vt_newvt = new_vc->vc_num; 1380 if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) { 1381 /* 1382 * It worked. Mark the vt to switch to and 1383 * return. The process needs to send us a 1384 * VT_RELDISP ioctl to complete the switch. 1385 */ 1386 return; 1387 } 1388 1389 /* 1390 * The controlling process has died, so we revert back to 1391 * normal operation. In this case, we'll also change back 1392 * to KD_TEXT mode. I'm not sure if this is strictly correct 1393 * but it saves the agony when the X server dies and the screen 1394 * remains blanked due to KD_GRAPHICS! It would be nice to do 1395 * this outside of VT_PROCESS but there is no single process 1396 * to account for and tracking tty count may be undesirable. 1397 */ 1398 reset_vc(vc); 1399 1400 /* 1401 * Fall through to normal (VT_AUTO) handling of the switch... 1402 */ 1403 } 1404 1405 /* 1406 * Ignore all switches in KD_GRAPHICS+VT_AUTO mode 1407 */ 1408 if (vc->vc_mode == KD_GRAPHICS) 1409 return; 1410 1411 complete_change_console(new_vc); 1412 } 1413 1414 /* Perform a kernel triggered VT switch for suspend/resume */ 1415 1416 static int disable_vt_switch; 1417 1418 int vt_move_to_console(unsigned int vt, int alloc) 1419 { 1420 int prev; 1421 1422 console_lock(); 1423 /* Graphics mode - up to X */ 1424 if (disable_vt_switch) { 1425 console_unlock(); 1426 return 0; 1427 } 1428 prev = fg_console; 1429 1430 if (alloc && vc_allocate(vt)) { 1431 /* we can't have a free VC for now. Too bad, 1432 * we don't want to mess the screen for now. */ 1433 console_unlock(); 1434 return -ENOSPC; 1435 } 1436 1437 if (set_console(vt)) { 1438 /* 1439 * We're unable to switch to the SUSPEND_CONSOLE. 1440 * Let the calling function know so it can decide 1441 * what to do. 1442 */ 1443 console_unlock(); 1444 return -EIO; 1445 } 1446 console_unlock(); 1447 if (vt_waitactive(vt + 1)) { 1448 pr_debug("Suspend: Can't switch VCs."); 1449 return -EINTR; 1450 } 1451 return prev; 1452 } 1453 1454 /* 1455 * Normally during a suspend, we allocate a new console and switch to it. 1456 * When we resume, we switch back to the original console. This switch 1457 * can be slow, so on systems where the framebuffer can handle restoration 1458 * of video registers anyways, there's little point in doing the console 1459 * switch. This function allows you to disable it by passing it '0'. 1460 */ 1461 void pm_set_vt_switch(int do_switch) 1462 { 1463 console_lock(); 1464 disable_vt_switch = !do_switch; 1465 console_unlock(); 1466 } 1467 EXPORT_SYMBOL(pm_set_vt_switch); 1468