1 /* 2 * Copyright (C) 1992 obz under the linux copyright 3 * 4 * Dynamic diacritical handling - aeb@cwi.nl - Dec 1993 5 * Dynamic keymap and string allocation - aeb@cwi.nl - May 1994 6 * Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995 7 * Some code moved for less code duplication - Andi Kleen - Mar 1997 8 * Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001 9 */ 10 11 #include <linux/types.h> 12 #include <linux/errno.h> 13 #include <linux/sched.h> 14 #include <linux/tty.h> 15 #include <linux/timer.h> 16 #include <linux/kernel.h> 17 #include <linux/compat.h> 18 #include <linux/module.h> 19 #include <linux/kd.h> 20 #include <linux/vt.h> 21 #include <linux/string.h> 22 #include <linux/slab.h> 23 #include <linux/major.h> 24 #include <linux/fs.h> 25 #include <linux/console.h> 26 #include <linux/consolemap.h> 27 #include <linux/signal.h> 28 #include <linux/timex.h> 29 30 #include <asm/io.h> 31 #include <asm/uaccess.h> 32 33 #include <linux/kbd_kern.h> 34 #include <linux/vt_kern.h> 35 #include <linux/kbd_diacr.h> 36 #include <linux/selection.h> 37 38 char vt_dont_switch; 39 extern struct tty_driver *console_driver; 40 41 #define VT_IS_IN_USE(i) (console_driver->ttys[i] && console_driver->ttys[i]->count) 42 #define VT_BUSY(i) (VT_IS_IN_USE(i) || i == fg_console || vc_cons[i].d == sel_cons) 43 44 /* 45 * Console (vt and kd) routines, as defined by USL SVR4 manual, and by 46 * experimentation and study of X386 SYSV handling. 47 * 48 * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and 49 * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console, 50 * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will 51 * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to 52 * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using 53 * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing 54 * to the current console is done by the main ioctl code. 55 */ 56 57 #ifdef CONFIG_X86 58 #include <linux/syscalls.h> 59 #endif 60 61 static void complete_change_console(struct vc_data *vc); 62 63 /* 64 * User space VT_EVENT handlers 65 */ 66 67 struct vt_event_wait { 68 struct list_head list; 69 struct vt_event event; 70 int done; 71 }; 72 73 static LIST_HEAD(vt_events); 74 static DEFINE_SPINLOCK(vt_event_lock); 75 static DECLARE_WAIT_QUEUE_HEAD(vt_event_waitqueue); 76 77 /** 78 * vt_event_post 79 * @event: the event that occurred 80 * @old: old console 81 * @new: new console 82 * 83 * Post an VT event to interested VT handlers 84 */ 85 86 void vt_event_post(unsigned int event, unsigned int old, unsigned int new) 87 { 88 struct list_head *pos, *head; 89 unsigned long flags; 90 int wake = 0; 91 92 spin_lock_irqsave(&vt_event_lock, flags); 93 head = &vt_events; 94 95 list_for_each(pos, head) { 96 struct vt_event_wait *ve = list_entry(pos, 97 struct vt_event_wait, list); 98 if (!(ve->event.event & event)) 99 continue; 100 ve->event.event = event; 101 /* kernel view is consoles 0..n-1, user space view is 102 console 1..n with 0 meaning current, so we must bias */ 103 ve->event.oldev = old + 1; 104 ve->event.newev = new + 1; 105 wake = 1; 106 ve->done = 1; 107 } 108 spin_unlock_irqrestore(&vt_event_lock, flags); 109 if (wake) 110 wake_up_interruptible(&vt_event_waitqueue); 111 } 112 113 static void __vt_event_queue(struct vt_event_wait *vw) 114 { 115 unsigned long flags; 116 /* Prepare the event */ 117 INIT_LIST_HEAD(&vw->list); 118 vw->done = 0; 119 /* Queue our event */ 120 spin_lock_irqsave(&vt_event_lock, flags); 121 list_add(&vw->list, &vt_events); 122 spin_unlock_irqrestore(&vt_event_lock, flags); 123 } 124 125 static void __vt_event_wait(struct vt_event_wait *vw) 126 { 127 /* Wait for it to pass */ 128 wait_event_interruptible(vt_event_waitqueue, vw->done); 129 } 130 131 static void __vt_event_dequeue(struct vt_event_wait *vw) 132 { 133 unsigned long flags; 134 135 /* Dequeue it */ 136 spin_lock_irqsave(&vt_event_lock, flags); 137 list_del(&vw->list); 138 spin_unlock_irqrestore(&vt_event_lock, flags); 139 } 140 141 /** 142 * vt_event_wait - wait for an event 143 * @vw: our event 144 * 145 * Waits for an event to occur which completes our vt_event_wait 146 * structure. On return the structure has wv->done set to 1 for success 147 * or 0 if some event such as a signal ended the wait. 148 */ 149 150 static void vt_event_wait(struct vt_event_wait *vw) 151 { 152 __vt_event_queue(vw); 153 __vt_event_wait(vw); 154 __vt_event_dequeue(vw); 155 } 156 157 /** 158 * vt_event_wait_ioctl - event ioctl handler 159 * @arg: argument to ioctl 160 * 161 * Implement the VT_WAITEVENT ioctl using the VT event interface 162 */ 163 164 static int vt_event_wait_ioctl(struct vt_event __user *event) 165 { 166 struct vt_event_wait vw; 167 168 if (copy_from_user(&vw.event, event, sizeof(struct vt_event))) 169 return -EFAULT; 170 /* Highest supported event for now */ 171 if (vw.event.event & ~VT_MAX_EVENT) 172 return -EINVAL; 173 174 vt_event_wait(&vw); 175 /* If it occurred report it */ 176 if (vw.done) { 177 if (copy_to_user(event, &vw.event, sizeof(struct vt_event))) 178 return -EFAULT; 179 return 0; 180 } 181 return -EINTR; 182 } 183 184 /** 185 * vt_waitactive - active console wait 186 * @event: event code 187 * @n: new console 188 * 189 * Helper for event waits. Used to implement the legacy 190 * event waiting ioctls in terms of events 191 */ 192 193 int vt_waitactive(int n) 194 { 195 struct vt_event_wait vw; 196 do { 197 vw.event.event = VT_EVENT_SWITCH; 198 __vt_event_queue(&vw); 199 if (n == fg_console + 1) { 200 __vt_event_dequeue(&vw); 201 break; 202 } 203 __vt_event_wait(&vw); 204 __vt_event_dequeue(&vw); 205 if (vw.done == 0) 206 return -EINTR; 207 } while (vw.event.newev != n); 208 return 0; 209 } 210 211 /* 212 * these are the valid i/o ports we're allowed to change. they map all the 213 * video ports 214 */ 215 #define GPFIRST 0x3b4 216 #define GPLAST 0x3df 217 #define GPNUM (GPLAST - GPFIRST + 1) 218 219 220 221 static inline int 222 do_fontx_ioctl(int cmd, struct consolefontdesc __user *user_cfd, int perm, struct console_font_op *op) 223 { 224 struct consolefontdesc cfdarg; 225 int i; 226 227 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct consolefontdesc))) 228 return -EFAULT; 229 230 switch (cmd) { 231 case PIO_FONTX: 232 if (!perm) 233 return -EPERM; 234 op->op = KD_FONT_OP_SET; 235 op->flags = KD_FONT_FLAG_OLD; 236 op->width = 8; 237 op->height = cfdarg.charheight; 238 op->charcount = cfdarg.charcount; 239 op->data = cfdarg.chardata; 240 return con_font_op(vc_cons[fg_console].d, op); 241 case GIO_FONTX: { 242 op->op = KD_FONT_OP_GET; 243 op->flags = KD_FONT_FLAG_OLD; 244 op->width = 8; 245 op->height = cfdarg.charheight; 246 op->charcount = cfdarg.charcount; 247 op->data = cfdarg.chardata; 248 i = con_font_op(vc_cons[fg_console].d, op); 249 if (i) 250 return i; 251 cfdarg.charheight = op->height; 252 cfdarg.charcount = op->charcount; 253 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct consolefontdesc))) 254 return -EFAULT; 255 return 0; 256 } 257 } 258 return -EINVAL; 259 } 260 261 static inline int 262 do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud, int perm, struct vc_data *vc) 263 { 264 struct unimapdesc tmp; 265 266 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 267 return -EFAULT; 268 if (tmp.entries) 269 if (!access_ok(VERIFY_WRITE, tmp.entries, 270 tmp.entry_ct*sizeof(struct unipair))) 271 return -EFAULT; 272 switch (cmd) { 273 case PIO_UNIMAP: 274 if (!perm) 275 return -EPERM; 276 return con_set_unimap(vc, tmp.entry_ct, tmp.entries); 277 case GIO_UNIMAP: 278 if (!perm && fg_console != vc->vc_num) 279 return -EPERM; 280 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp.entries); 281 } 282 return 0; 283 } 284 285 286 287 /* 288 * We handle the console-specific ioctl's here. We allow the 289 * capability to modify any console, not just the fg_console. 290 */ 291 int vt_ioctl(struct tty_struct *tty, 292 unsigned int cmd, unsigned long arg) 293 { 294 struct vc_data *vc = tty->driver_data; 295 struct console_font_op op; /* used in multiple places here */ 296 unsigned int console; 297 unsigned char ucval; 298 unsigned int uival; 299 void __user *up = (void __user *)arg; 300 int i, perm; 301 int ret = 0; 302 303 console = vc->vc_num; 304 305 306 if (!vc_cons_allocated(console)) { /* impossible? */ 307 ret = -ENOIOCTLCMD; 308 goto out; 309 } 310 311 312 /* 313 * To have permissions to do most of the vt ioctls, we either have 314 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 315 */ 316 perm = 0; 317 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 318 perm = 1; 319 320 switch (cmd) { 321 case TIOCLINUX: 322 ret = tioclinux(tty, arg); 323 break; 324 case KIOCSOUND: 325 if (!perm) 326 return -EPERM; 327 /* 328 * The use of PIT_TICK_RATE is historic, it used to be 329 * the platform-dependent CLOCK_TICK_RATE between 2.6.12 330 * and 2.6.36, which was a minor but unfortunate ABI 331 * change. kd_mksound is locked by the input layer. 332 */ 333 if (arg) 334 arg = PIT_TICK_RATE / arg; 335 kd_mksound(arg, 0); 336 break; 337 338 case KDMKTONE: 339 if (!perm) 340 return -EPERM; 341 { 342 unsigned int ticks, count; 343 344 /* 345 * Generate the tone for the appropriate number of ticks. 346 * If the time is zero, turn off sound ourselves. 347 */ 348 ticks = HZ * ((arg >> 16) & 0xffff) / 1000; 349 count = ticks ? (arg & 0xffff) : 0; 350 if (count) 351 count = PIT_TICK_RATE / count; 352 kd_mksound(count, ticks); 353 break; 354 } 355 356 case KDGKBTYPE: 357 /* 358 * this is naïve. 359 */ 360 ucval = KB_101; 361 ret = put_user(ucval, (char __user *)arg); 362 break; 363 364 /* 365 * These cannot be implemented on any machine that implements 366 * ioperm() in user level (such as Alpha PCs) or not at all. 367 * 368 * XXX: you should never use these, just call ioperm directly.. 369 */ 370 #ifdef CONFIG_X86 371 case KDADDIO: 372 case KDDELIO: 373 /* 374 * KDADDIO and KDDELIO may be able to add ports beyond what 375 * we reject here, but to be safe... 376 * 377 * These are locked internally via sys_ioperm 378 */ 379 if (arg < GPFIRST || arg > GPLAST) { 380 ret = -EINVAL; 381 break; 382 } 383 ret = sys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0; 384 break; 385 386 case KDENABIO: 387 case KDDISABIO: 388 ret = sys_ioperm(GPFIRST, GPNUM, 389 (cmd == KDENABIO)) ? -ENXIO : 0; 390 break; 391 #endif 392 393 /* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */ 394 395 case KDKBDREP: 396 { 397 struct kbd_repeat kbrep; 398 399 if (!capable(CAP_SYS_TTY_CONFIG)) 400 return -EPERM; 401 402 if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat))) { 403 ret = -EFAULT; 404 break; 405 } 406 ret = kbd_rate(&kbrep); 407 if (ret) 408 break; 409 if (copy_to_user(up, &kbrep, sizeof(struct kbd_repeat))) 410 ret = -EFAULT; 411 break; 412 } 413 414 case KDSETMODE: 415 /* 416 * currently, setting the mode from KD_TEXT to KD_GRAPHICS 417 * doesn't do a whole lot. i'm not sure if it should do any 418 * restoration of modes or what... 419 * 420 * XXX It should at least call into the driver, fbdev's definitely 421 * need to restore their engine state. --BenH 422 */ 423 if (!perm) 424 return -EPERM; 425 switch (arg) { 426 case KD_GRAPHICS: 427 break; 428 case KD_TEXT0: 429 case KD_TEXT1: 430 arg = KD_TEXT; 431 case KD_TEXT: 432 break; 433 default: 434 ret = -EINVAL; 435 goto out; 436 } 437 /* FIXME: this needs the console lock extending */ 438 if (vc->vc_mode == (unsigned char) arg) 439 break; 440 vc->vc_mode = (unsigned char) arg; 441 if (console != fg_console) 442 break; 443 /* 444 * explicitly blank/unblank the screen if switching modes 445 */ 446 console_lock(); 447 if (arg == KD_TEXT) 448 do_unblank_screen(1); 449 else 450 do_blank_screen(1); 451 console_unlock(); 452 break; 453 454 case KDGETMODE: 455 uival = vc->vc_mode; 456 goto setint; 457 458 case KDMAPDISP: 459 case KDUNMAPDISP: 460 /* 461 * these work like a combination of mmap and KDENABIO. 462 * this could be easily finished. 463 */ 464 ret = -EINVAL; 465 break; 466 467 case KDSKBMODE: 468 if (!perm) 469 return -EPERM; 470 ret = vt_do_kdskbmode(console, arg); 471 if (ret == 0) 472 tty_ldisc_flush(tty); 473 break; 474 475 case KDGKBMODE: 476 uival = vt_do_kdgkbmode(console); 477 ret = put_user(uival, (int __user *)arg); 478 break; 479 480 /* this could be folded into KDSKBMODE, but for compatibility 481 reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */ 482 case KDSKBMETA: 483 ret = vt_do_kdskbmeta(console, arg); 484 break; 485 486 case KDGKBMETA: 487 /* FIXME: should review whether this is worth locking */ 488 uival = vt_do_kdgkbmeta(console); 489 setint: 490 ret = put_user(uival, (int __user *)arg); 491 break; 492 493 case KDGETKEYCODE: 494 case KDSETKEYCODE: 495 if(!capable(CAP_SYS_TTY_CONFIG)) 496 perm = 0; 497 ret = vt_do_kbkeycode_ioctl(cmd, up, perm); 498 break; 499 500 case KDGKBENT: 501 case KDSKBENT: 502 ret = vt_do_kdsk_ioctl(cmd, up, perm, console); 503 break; 504 505 case KDGKBSENT: 506 case KDSKBSENT: 507 ret = vt_do_kdgkb_ioctl(cmd, up, perm); 508 break; 509 510 /* Diacritical processing. Handled in keyboard.c as it has 511 to operate on the keyboard locks and structures */ 512 case KDGKBDIACR: 513 case KDGKBDIACRUC: 514 case KDSKBDIACR: 515 case KDSKBDIACRUC: 516 ret = vt_do_diacrit(cmd, up, perm); 517 break; 518 519 /* the ioctls below read/set the flags usually shown in the leds */ 520 /* don't use them - they will go away without warning */ 521 case KDGKBLED: 522 case KDSKBLED: 523 case KDGETLED: 524 case KDSETLED: 525 ret = vt_do_kdskled(console, cmd, arg, perm); 526 break; 527 528 /* 529 * A process can indicate its willingness to accept signals 530 * generated by pressing an appropriate key combination. 531 * Thus, one can have a daemon that e.g. spawns a new console 532 * upon a keypress and then changes to it. 533 * See also the kbrequest field of inittab(5). 534 */ 535 case KDSIGACCEPT: 536 { 537 if (!perm || !capable(CAP_KILL)) 538 return -EPERM; 539 if (!valid_signal(arg) || arg < 1 || arg == SIGKILL) 540 ret = -EINVAL; 541 else { 542 spin_lock_irq(&vt_spawn_con.lock); 543 put_pid(vt_spawn_con.pid); 544 vt_spawn_con.pid = get_pid(task_pid(current)); 545 vt_spawn_con.sig = arg; 546 spin_unlock_irq(&vt_spawn_con.lock); 547 } 548 break; 549 } 550 551 case VT_SETMODE: 552 { 553 struct vt_mode tmp; 554 555 if (!perm) 556 return -EPERM; 557 if (copy_from_user(&tmp, up, sizeof(struct vt_mode))) { 558 ret = -EFAULT; 559 goto out; 560 } 561 if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS) { 562 ret = -EINVAL; 563 goto out; 564 } 565 console_lock(); 566 vc->vt_mode = tmp; 567 /* the frsig is ignored, so we set it to 0 */ 568 vc->vt_mode.frsig = 0; 569 put_pid(vc->vt_pid); 570 vc->vt_pid = get_pid(task_pid(current)); 571 /* no switch is required -- saw@shade.msu.ru */ 572 vc->vt_newvt = -1; 573 console_unlock(); 574 break; 575 } 576 577 case VT_GETMODE: 578 { 579 struct vt_mode tmp; 580 int rc; 581 582 console_lock(); 583 memcpy(&tmp, &vc->vt_mode, sizeof(struct vt_mode)); 584 console_unlock(); 585 586 rc = copy_to_user(up, &tmp, sizeof(struct vt_mode)); 587 if (rc) 588 ret = -EFAULT; 589 break; 590 } 591 592 /* 593 * Returns global vt state. Note that VT 0 is always open, since 594 * it's an alias for the current VT, and people can't use it here. 595 * We cannot return state for more than 16 VTs, since v_state is short. 596 */ 597 case VT_GETSTATE: 598 { 599 struct vt_stat __user *vtstat = up; 600 unsigned short state, mask; 601 602 /* Review: FIXME: Console lock ? */ 603 if (put_user(fg_console + 1, &vtstat->v_active)) 604 ret = -EFAULT; 605 else { 606 state = 1; /* /dev/tty0 is always open */ 607 for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask; 608 ++i, mask <<= 1) 609 if (VT_IS_IN_USE(i)) 610 state |= mask; 611 ret = put_user(state, &vtstat->v_state); 612 } 613 break; 614 } 615 616 /* 617 * Returns the first available (non-opened) console. 618 */ 619 case VT_OPENQRY: 620 /* FIXME: locking ? - but then this is a stupid API */ 621 for (i = 0; i < MAX_NR_CONSOLES; ++i) 622 if (! VT_IS_IN_USE(i)) 623 break; 624 uival = i < MAX_NR_CONSOLES ? (i+1) : -1; 625 goto setint; 626 627 /* 628 * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num, 629 * with num >= 1 (switches to vt 0, our console, are not allowed, just 630 * to preserve sanity). 631 */ 632 case VT_ACTIVATE: 633 if (!perm) 634 return -EPERM; 635 if (arg == 0 || arg > MAX_NR_CONSOLES) 636 ret = -ENXIO; 637 else { 638 arg--; 639 console_lock(); 640 ret = vc_allocate(arg); 641 console_unlock(); 642 if (ret) 643 break; 644 set_console(arg); 645 } 646 break; 647 648 case VT_SETACTIVATE: 649 { 650 struct vt_setactivate vsa; 651 652 if (!perm) 653 return -EPERM; 654 655 if (copy_from_user(&vsa, (struct vt_setactivate __user *)arg, 656 sizeof(struct vt_setactivate))) { 657 ret = -EFAULT; 658 goto out; 659 } 660 if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES) 661 ret = -ENXIO; 662 else { 663 vsa.console--; 664 console_lock(); 665 ret = vc_allocate(vsa.console); 666 if (ret == 0) { 667 struct vc_data *nvc; 668 /* This is safe providing we don't drop the 669 console sem between vc_allocate and 670 finishing referencing nvc */ 671 nvc = vc_cons[vsa.console].d; 672 nvc->vt_mode = vsa.mode; 673 nvc->vt_mode.frsig = 0; 674 put_pid(nvc->vt_pid); 675 nvc->vt_pid = get_pid(task_pid(current)); 676 } 677 console_unlock(); 678 if (ret) 679 break; 680 /* Commence switch and lock */ 681 /* Review set_console locks */ 682 set_console(vsa.console); 683 } 684 break; 685 } 686 687 /* 688 * wait until the specified VT has been activated 689 */ 690 case VT_WAITACTIVE: 691 if (!perm) 692 return -EPERM; 693 if (arg == 0 || arg > MAX_NR_CONSOLES) 694 ret = -ENXIO; 695 else 696 ret = vt_waitactive(arg); 697 break; 698 699 /* 700 * If a vt is under process control, the kernel will not switch to it 701 * immediately, but postpone the operation until the process calls this 702 * ioctl, allowing the switch to complete. 703 * 704 * According to the X sources this is the behavior: 705 * 0: pending switch-from not OK 706 * 1: pending switch-from OK 707 * 2: completed switch-to OK 708 */ 709 case VT_RELDISP: 710 if (!perm) 711 return -EPERM; 712 713 console_lock(); 714 if (vc->vt_mode.mode != VT_PROCESS) { 715 console_unlock(); 716 ret = -EINVAL; 717 break; 718 } 719 /* 720 * Switching-from response 721 */ 722 if (vc->vt_newvt >= 0) { 723 if (arg == 0) 724 /* 725 * Switch disallowed, so forget we were trying 726 * to do it. 727 */ 728 vc->vt_newvt = -1; 729 730 else { 731 /* 732 * The current vt has been released, so 733 * complete the switch. 734 */ 735 int newvt; 736 newvt = vc->vt_newvt; 737 vc->vt_newvt = -1; 738 ret = vc_allocate(newvt); 739 if (ret) { 740 console_unlock(); 741 break; 742 } 743 /* 744 * When we actually do the console switch, 745 * make sure we are atomic with respect to 746 * other console switches.. 747 */ 748 complete_change_console(vc_cons[newvt].d); 749 } 750 } else { 751 /* 752 * Switched-to response 753 */ 754 /* 755 * If it's just an ACK, ignore it 756 */ 757 if (arg != VT_ACKACQ) 758 ret = -EINVAL; 759 } 760 console_unlock(); 761 break; 762 763 /* 764 * Disallocate memory associated to VT (but leave VT1) 765 */ 766 case VT_DISALLOCATE: 767 if (arg > MAX_NR_CONSOLES) { 768 ret = -ENXIO; 769 break; 770 } 771 if (arg == 0) { 772 /* deallocate all unused consoles, but leave 0 */ 773 console_lock(); 774 for (i=1; i<MAX_NR_CONSOLES; i++) 775 if (! VT_BUSY(i)) 776 vc_deallocate(i); 777 console_unlock(); 778 } else { 779 /* deallocate a single console, if possible */ 780 arg--; 781 if (VT_BUSY(arg)) 782 ret = -EBUSY; 783 else if (arg) { /* leave 0 */ 784 console_lock(); 785 vc_deallocate(arg); 786 console_unlock(); 787 } 788 } 789 break; 790 791 case VT_RESIZE: 792 { 793 struct vt_sizes __user *vtsizes = up; 794 struct vc_data *vc; 795 796 ushort ll,cc; 797 if (!perm) 798 return -EPERM; 799 if (get_user(ll, &vtsizes->v_rows) || 800 get_user(cc, &vtsizes->v_cols)) 801 ret = -EFAULT; 802 else { 803 console_lock(); 804 for (i = 0; i < MAX_NR_CONSOLES; i++) { 805 vc = vc_cons[i].d; 806 807 if (vc) { 808 vc->vc_resize_user = 1; 809 /* FIXME: review v tty lock */ 810 vc_resize(vc_cons[i].d, cc, ll); 811 } 812 } 813 console_unlock(); 814 } 815 break; 816 } 817 818 case VT_RESIZEX: 819 { 820 struct vt_consize __user *vtconsize = up; 821 ushort ll,cc,vlin,clin,vcol,ccol; 822 if (!perm) 823 return -EPERM; 824 if (!access_ok(VERIFY_READ, vtconsize, 825 sizeof(struct vt_consize))) { 826 ret = -EFAULT; 827 break; 828 } 829 /* FIXME: Should check the copies properly */ 830 __get_user(ll, &vtconsize->v_rows); 831 __get_user(cc, &vtconsize->v_cols); 832 __get_user(vlin, &vtconsize->v_vlin); 833 __get_user(clin, &vtconsize->v_clin); 834 __get_user(vcol, &vtconsize->v_vcol); 835 __get_user(ccol, &vtconsize->v_ccol); 836 vlin = vlin ? vlin : vc->vc_scan_lines; 837 if (clin) { 838 if (ll) { 839 if (ll != vlin/clin) { 840 /* Parameters don't add up */ 841 ret = -EINVAL; 842 break; 843 } 844 } else 845 ll = vlin/clin; 846 } 847 if (vcol && ccol) { 848 if (cc) { 849 if (cc != vcol/ccol) { 850 ret = -EINVAL; 851 break; 852 } 853 } else 854 cc = vcol/ccol; 855 } 856 857 if (clin > 32) { 858 ret = -EINVAL; 859 break; 860 } 861 862 for (i = 0; i < MAX_NR_CONSOLES; i++) { 863 if (!vc_cons[i].d) 864 continue; 865 console_lock(); 866 if (vlin) 867 vc_cons[i].d->vc_scan_lines = vlin; 868 if (clin) 869 vc_cons[i].d->vc_font.height = clin; 870 vc_cons[i].d->vc_resize_user = 1; 871 vc_resize(vc_cons[i].d, cc, ll); 872 console_unlock(); 873 } 874 break; 875 } 876 877 case PIO_FONT: { 878 if (!perm) 879 return -EPERM; 880 op.op = KD_FONT_OP_SET; 881 op.flags = KD_FONT_FLAG_OLD | KD_FONT_FLAG_DONT_RECALC; /* Compatibility */ 882 op.width = 8; 883 op.height = 0; 884 op.charcount = 256; 885 op.data = up; 886 ret = con_font_op(vc_cons[fg_console].d, &op); 887 break; 888 } 889 890 case GIO_FONT: { 891 op.op = KD_FONT_OP_GET; 892 op.flags = KD_FONT_FLAG_OLD; 893 op.width = 8; 894 op.height = 32; 895 op.charcount = 256; 896 op.data = up; 897 ret = con_font_op(vc_cons[fg_console].d, &op); 898 break; 899 } 900 901 case PIO_CMAP: 902 if (!perm) 903 ret = -EPERM; 904 else 905 ret = con_set_cmap(up); 906 break; 907 908 case GIO_CMAP: 909 ret = con_get_cmap(up); 910 break; 911 912 case PIO_FONTX: 913 case GIO_FONTX: 914 ret = do_fontx_ioctl(cmd, up, perm, &op); 915 break; 916 917 case PIO_FONTRESET: 918 { 919 if (!perm) 920 return -EPERM; 921 922 #ifdef BROKEN_GRAPHICS_PROGRAMS 923 /* With BROKEN_GRAPHICS_PROGRAMS defined, the default 924 font is not saved. */ 925 ret = -ENOSYS; 926 break; 927 #else 928 { 929 op.op = KD_FONT_OP_SET_DEFAULT; 930 op.data = NULL; 931 ret = con_font_op(vc_cons[fg_console].d, &op); 932 if (ret) 933 break; 934 console_lock(); 935 con_set_default_unimap(vc_cons[fg_console].d); 936 console_unlock(); 937 break; 938 } 939 #endif 940 } 941 942 case KDFONTOP: { 943 if (copy_from_user(&op, up, sizeof(op))) { 944 ret = -EFAULT; 945 break; 946 } 947 if (!perm && op.op != KD_FONT_OP_GET) 948 return -EPERM; 949 ret = con_font_op(vc, &op); 950 if (ret) 951 break; 952 if (copy_to_user(up, &op, sizeof(op))) 953 ret = -EFAULT; 954 break; 955 } 956 957 case PIO_SCRNMAP: 958 if (!perm) 959 ret = -EPERM; 960 else 961 ret = con_set_trans_old(up); 962 break; 963 964 case GIO_SCRNMAP: 965 ret = con_get_trans_old(up); 966 break; 967 968 case PIO_UNISCRNMAP: 969 if (!perm) 970 ret = -EPERM; 971 else 972 ret = con_set_trans_new(up); 973 break; 974 975 case GIO_UNISCRNMAP: 976 ret = con_get_trans_new(up); 977 break; 978 979 case PIO_UNIMAPCLR: 980 { struct unimapinit ui; 981 if (!perm) 982 return -EPERM; 983 ret = copy_from_user(&ui, up, sizeof(struct unimapinit)); 984 if (ret) 985 ret = -EFAULT; 986 else 987 con_clear_unimap(vc, &ui); 988 break; 989 } 990 991 case PIO_UNIMAP: 992 case GIO_UNIMAP: 993 ret = do_unimap_ioctl(cmd, up, perm, vc); 994 break; 995 996 case VT_LOCKSWITCH: 997 if (!capable(CAP_SYS_TTY_CONFIG)) 998 return -EPERM; 999 vt_dont_switch = 1; 1000 break; 1001 case VT_UNLOCKSWITCH: 1002 if (!capable(CAP_SYS_TTY_CONFIG)) 1003 return -EPERM; 1004 vt_dont_switch = 0; 1005 break; 1006 case VT_GETHIFONTMASK: 1007 ret = put_user(vc->vc_hi_font_mask, 1008 (unsigned short __user *)arg); 1009 break; 1010 case VT_WAITEVENT: 1011 ret = vt_event_wait_ioctl((struct vt_event __user *)arg); 1012 break; 1013 default: 1014 ret = -ENOIOCTLCMD; 1015 } 1016 out: 1017 return ret; 1018 } 1019 1020 void reset_vc(struct vc_data *vc) 1021 { 1022 vc->vc_mode = KD_TEXT; 1023 vt_reset_unicode(vc->vc_num); 1024 vc->vt_mode.mode = VT_AUTO; 1025 vc->vt_mode.waitv = 0; 1026 vc->vt_mode.relsig = 0; 1027 vc->vt_mode.acqsig = 0; 1028 vc->vt_mode.frsig = 0; 1029 put_pid(vc->vt_pid); 1030 vc->vt_pid = NULL; 1031 vc->vt_newvt = -1; 1032 if (!in_interrupt()) /* Via keyboard.c:SAK() - akpm */ 1033 reset_palette(vc); 1034 } 1035 1036 void vc_SAK(struct work_struct *work) 1037 { 1038 struct vc *vc_con = 1039 container_of(work, struct vc, SAK_work); 1040 struct vc_data *vc; 1041 struct tty_struct *tty; 1042 1043 console_lock(); 1044 vc = vc_con->d; 1045 if (vc) { 1046 /* FIXME: review tty ref counting */ 1047 tty = vc->port.tty; 1048 /* 1049 * SAK should also work in all raw modes and reset 1050 * them properly. 1051 */ 1052 if (tty) 1053 __do_SAK(tty); 1054 reset_vc(vc); 1055 } 1056 console_unlock(); 1057 } 1058 1059 #ifdef CONFIG_COMPAT 1060 1061 struct compat_consolefontdesc { 1062 unsigned short charcount; /* characters in font (256 or 512) */ 1063 unsigned short charheight; /* scan lines per character (1-32) */ 1064 compat_caddr_t chardata; /* font data in expanded form */ 1065 }; 1066 1067 static inline int 1068 compat_fontx_ioctl(int cmd, struct compat_consolefontdesc __user *user_cfd, 1069 int perm, struct console_font_op *op) 1070 { 1071 struct compat_consolefontdesc cfdarg; 1072 int i; 1073 1074 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct compat_consolefontdesc))) 1075 return -EFAULT; 1076 1077 switch (cmd) { 1078 case PIO_FONTX: 1079 if (!perm) 1080 return -EPERM; 1081 op->op = KD_FONT_OP_SET; 1082 op->flags = KD_FONT_FLAG_OLD; 1083 op->width = 8; 1084 op->height = cfdarg.charheight; 1085 op->charcount = cfdarg.charcount; 1086 op->data = compat_ptr(cfdarg.chardata); 1087 return con_font_op(vc_cons[fg_console].d, op); 1088 case GIO_FONTX: 1089 op->op = KD_FONT_OP_GET; 1090 op->flags = KD_FONT_FLAG_OLD; 1091 op->width = 8; 1092 op->height = cfdarg.charheight; 1093 op->charcount = cfdarg.charcount; 1094 op->data = compat_ptr(cfdarg.chardata); 1095 i = con_font_op(vc_cons[fg_console].d, op); 1096 if (i) 1097 return i; 1098 cfdarg.charheight = op->height; 1099 cfdarg.charcount = op->charcount; 1100 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct compat_consolefontdesc))) 1101 return -EFAULT; 1102 return 0; 1103 } 1104 return -EINVAL; 1105 } 1106 1107 struct compat_console_font_op { 1108 compat_uint_t op; /* operation code KD_FONT_OP_* */ 1109 compat_uint_t flags; /* KD_FONT_FLAG_* */ 1110 compat_uint_t width, height; /* font size */ 1111 compat_uint_t charcount; 1112 compat_caddr_t data; /* font data with height fixed to 32 */ 1113 }; 1114 1115 static inline int 1116 compat_kdfontop_ioctl(struct compat_console_font_op __user *fontop, 1117 int perm, struct console_font_op *op, struct vc_data *vc) 1118 { 1119 int i; 1120 1121 if (copy_from_user(op, fontop, sizeof(struct compat_console_font_op))) 1122 return -EFAULT; 1123 if (!perm && op->op != KD_FONT_OP_GET) 1124 return -EPERM; 1125 op->data = compat_ptr(((struct compat_console_font_op *)op)->data); 1126 i = con_font_op(vc, op); 1127 if (i) 1128 return i; 1129 ((struct compat_console_font_op *)op)->data = (unsigned long)op->data; 1130 if (copy_to_user(fontop, op, sizeof(struct compat_console_font_op))) 1131 return -EFAULT; 1132 return 0; 1133 } 1134 1135 struct compat_unimapdesc { 1136 unsigned short entry_ct; 1137 compat_caddr_t entries; 1138 }; 1139 1140 static inline int 1141 compat_unimap_ioctl(unsigned int cmd, struct compat_unimapdesc __user *user_ud, 1142 int perm, struct vc_data *vc) 1143 { 1144 struct compat_unimapdesc tmp; 1145 struct unipair __user *tmp_entries; 1146 1147 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 1148 return -EFAULT; 1149 tmp_entries = compat_ptr(tmp.entries); 1150 if (tmp_entries) 1151 if (!access_ok(VERIFY_WRITE, tmp_entries, 1152 tmp.entry_ct*sizeof(struct unipair))) 1153 return -EFAULT; 1154 switch (cmd) { 1155 case PIO_UNIMAP: 1156 if (!perm) 1157 return -EPERM; 1158 return con_set_unimap(vc, tmp.entry_ct, tmp_entries); 1159 case GIO_UNIMAP: 1160 if (!perm && fg_console != vc->vc_num) 1161 return -EPERM; 1162 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp_entries); 1163 } 1164 return 0; 1165 } 1166 1167 long vt_compat_ioctl(struct tty_struct *tty, 1168 unsigned int cmd, unsigned long arg) 1169 { 1170 struct vc_data *vc = tty->driver_data; 1171 struct console_font_op op; /* used in multiple places here */ 1172 unsigned int console; 1173 void __user *up = (void __user *)arg; 1174 int perm; 1175 int ret = 0; 1176 1177 console = vc->vc_num; 1178 1179 if (!vc_cons_allocated(console)) { /* impossible? */ 1180 ret = -ENOIOCTLCMD; 1181 goto out; 1182 } 1183 1184 /* 1185 * To have permissions to do most of the vt ioctls, we either have 1186 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 1187 */ 1188 perm = 0; 1189 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 1190 perm = 1; 1191 1192 switch (cmd) { 1193 /* 1194 * these need special handlers for incompatible data structures 1195 */ 1196 case PIO_FONTX: 1197 case GIO_FONTX: 1198 ret = compat_fontx_ioctl(cmd, up, perm, &op); 1199 break; 1200 1201 case KDFONTOP: 1202 ret = compat_kdfontop_ioctl(up, perm, &op, vc); 1203 break; 1204 1205 case PIO_UNIMAP: 1206 case GIO_UNIMAP: 1207 ret = compat_unimap_ioctl(cmd, up, perm, vc); 1208 break; 1209 1210 /* 1211 * all these treat 'arg' as an integer 1212 */ 1213 case KIOCSOUND: 1214 case KDMKTONE: 1215 #ifdef CONFIG_X86 1216 case KDADDIO: 1217 case KDDELIO: 1218 #endif 1219 case KDSETMODE: 1220 case KDMAPDISP: 1221 case KDUNMAPDISP: 1222 case KDSKBMODE: 1223 case KDSKBMETA: 1224 case KDSKBLED: 1225 case KDSETLED: 1226 case KDSIGACCEPT: 1227 case VT_ACTIVATE: 1228 case VT_WAITACTIVE: 1229 case VT_RELDISP: 1230 case VT_DISALLOCATE: 1231 case VT_RESIZE: 1232 case VT_RESIZEX: 1233 goto fallback; 1234 1235 /* 1236 * the rest has a compatible data structure behind arg, 1237 * but we have to convert it to a proper 64 bit pointer. 1238 */ 1239 default: 1240 arg = (unsigned long)compat_ptr(arg); 1241 goto fallback; 1242 } 1243 out: 1244 return ret; 1245 1246 fallback: 1247 return vt_ioctl(tty, cmd, arg); 1248 } 1249 1250 1251 #endif /* CONFIG_COMPAT */ 1252 1253 1254 /* 1255 * Performs the back end of a vt switch. Called under the console 1256 * semaphore. 1257 */ 1258 static void complete_change_console(struct vc_data *vc) 1259 { 1260 unsigned char old_vc_mode; 1261 int old = fg_console; 1262 1263 last_console = fg_console; 1264 1265 /* 1266 * If we're switching, we could be going from KD_GRAPHICS to 1267 * KD_TEXT mode or vice versa, which means we need to blank or 1268 * unblank the screen later. 1269 */ 1270 old_vc_mode = vc_cons[fg_console].d->vc_mode; 1271 switch_screen(vc); 1272 1273 /* 1274 * This can't appear below a successful kill_pid(). If it did, 1275 * then the *blank_screen operation could occur while X, having 1276 * received acqsig, is waking up on another processor. This 1277 * condition can lead to overlapping accesses to the VGA range 1278 * and the framebuffer (causing system lockups). 1279 * 1280 * To account for this we duplicate this code below only if the 1281 * controlling process is gone and we've called reset_vc. 1282 */ 1283 if (old_vc_mode != vc->vc_mode) { 1284 if (vc->vc_mode == KD_TEXT) 1285 do_unblank_screen(1); 1286 else 1287 do_blank_screen(1); 1288 } 1289 1290 /* 1291 * If this new console is under process control, send it a signal 1292 * telling it that it has acquired. Also check if it has died and 1293 * clean up (similar to logic employed in change_console()) 1294 */ 1295 if (vc->vt_mode.mode == VT_PROCESS) { 1296 /* 1297 * Send the signal as privileged - kill_pid() will 1298 * tell us if the process has gone or something else 1299 * is awry 1300 */ 1301 if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) { 1302 /* 1303 * The controlling process has died, so we revert back to 1304 * normal operation. In this case, we'll also change back 1305 * to KD_TEXT mode. I'm not sure if this is strictly correct 1306 * but it saves the agony when the X server dies and the screen 1307 * remains blanked due to KD_GRAPHICS! It would be nice to do 1308 * this outside of VT_PROCESS but there is no single process 1309 * to account for and tracking tty count may be undesirable. 1310 */ 1311 reset_vc(vc); 1312 1313 if (old_vc_mode != vc->vc_mode) { 1314 if (vc->vc_mode == KD_TEXT) 1315 do_unblank_screen(1); 1316 else 1317 do_blank_screen(1); 1318 } 1319 } 1320 } 1321 1322 /* 1323 * Wake anyone waiting for their VT to activate 1324 */ 1325 vt_event_post(VT_EVENT_SWITCH, old, vc->vc_num); 1326 return; 1327 } 1328 1329 /* 1330 * Performs the front-end of a vt switch 1331 */ 1332 void change_console(struct vc_data *new_vc) 1333 { 1334 struct vc_data *vc; 1335 1336 if (!new_vc || new_vc->vc_num == fg_console || vt_dont_switch) 1337 return; 1338 1339 /* 1340 * If this vt is in process mode, then we need to handshake with 1341 * that process before switching. Essentially, we store where that 1342 * vt wants to switch to and wait for it to tell us when it's done 1343 * (via VT_RELDISP ioctl). 1344 * 1345 * We also check to see if the controlling process still exists. 1346 * If it doesn't, we reset this vt to auto mode and continue. 1347 * This is a cheap way to track process control. The worst thing 1348 * that can happen is: we send a signal to a process, it dies, and 1349 * the switch gets "lost" waiting for a response; hopefully, the 1350 * user will try again, we'll detect the process is gone (unless 1351 * the user waits just the right amount of time :-) and revert the 1352 * vt to auto control. 1353 */ 1354 vc = vc_cons[fg_console].d; 1355 if (vc->vt_mode.mode == VT_PROCESS) { 1356 /* 1357 * Send the signal as privileged - kill_pid() will 1358 * tell us if the process has gone or something else 1359 * is awry. 1360 * 1361 * We need to set vt_newvt *before* sending the signal or we 1362 * have a race. 1363 */ 1364 vc->vt_newvt = new_vc->vc_num; 1365 if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) { 1366 /* 1367 * It worked. Mark the vt to switch to and 1368 * return. The process needs to send us a 1369 * VT_RELDISP ioctl to complete the switch. 1370 */ 1371 return; 1372 } 1373 1374 /* 1375 * The controlling process has died, so we revert back to 1376 * normal operation. In this case, we'll also change back 1377 * to KD_TEXT mode. I'm not sure if this is strictly correct 1378 * but it saves the agony when the X server dies and the screen 1379 * remains blanked due to KD_GRAPHICS! It would be nice to do 1380 * this outside of VT_PROCESS but there is no single process 1381 * to account for and tracking tty count may be undesirable. 1382 */ 1383 reset_vc(vc); 1384 1385 /* 1386 * Fall through to normal (VT_AUTO) handling of the switch... 1387 */ 1388 } 1389 1390 /* 1391 * Ignore all switches in KD_GRAPHICS+VT_AUTO mode 1392 */ 1393 if (vc->vc_mode == KD_GRAPHICS) 1394 return; 1395 1396 complete_change_console(new_vc); 1397 } 1398 1399 /* Perform a kernel triggered VT switch for suspend/resume */ 1400 1401 static int disable_vt_switch; 1402 1403 int vt_move_to_console(unsigned int vt, int alloc) 1404 { 1405 int prev; 1406 1407 console_lock(); 1408 /* Graphics mode - up to X */ 1409 if (disable_vt_switch) { 1410 console_unlock(); 1411 return 0; 1412 } 1413 prev = fg_console; 1414 1415 if (alloc && vc_allocate(vt)) { 1416 /* we can't have a free VC for now. Too bad, 1417 * we don't want to mess the screen for now. */ 1418 console_unlock(); 1419 return -ENOSPC; 1420 } 1421 1422 if (set_console(vt)) { 1423 /* 1424 * We're unable to switch to the SUSPEND_CONSOLE. 1425 * Let the calling function know so it can decide 1426 * what to do. 1427 */ 1428 console_unlock(); 1429 return -EIO; 1430 } 1431 console_unlock(); 1432 if (vt_waitactive(vt + 1)) { 1433 pr_debug("Suspend: Can't switch VCs."); 1434 return -EINTR; 1435 } 1436 return prev; 1437 } 1438 1439 /* 1440 * Normally during a suspend, we allocate a new console and switch to it. 1441 * When we resume, we switch back to the original console. This switch 1442 * can be slow, so on systems where the framebuffer can handle restoration 1443 * of video registers anyways, there's little point in doing the console 1444 * switch. This function allows you to disable it by passing it '0'. 1445 */ 1446 void pm_set_vt_switch(int do_switch) 1447 { 1448 console_lock(); 1449 disable_vt_switch = !do_switch; 1450 console_unlock(); 1451 } 1452 EXPORT_SYMBOL(pm_set_vt_switch); 1453