1 /* 2 * Copyright (C) 1992 obz under the linux copyright 3 * 4 * Dynamic diacritical handling - aeb@cwi.nl - Dec 1993 5 * Dynamic keymap and string allocation - aeb@cwi.nl - May 1994 6 * Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995 7 * Some code moved for less code duplication - Andi Kleen - Mar 1997 8 * Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001 9 */ 10 11 #include <linux/types.h> 12 #include <linux/errno.h> 13 #include <linux/sched.h> 14 #include <linux/tty.h> 15 #include <linux/timer.h> 16 #include <linux/kernel.h> 17 #include <linux/compat.h> 18 #include <linux/module.h> 19 #include <linux/kd.h> 20 #include <linux/vt.h> 21 #include <linux/string.h> 22 #include <linux/slab.h> 23 #include <linux/major.h> 24 #include <linux/fs.h> 25 #include <linux/console.h> 26 #include <linux/consolemap.h> 27 #include <linux/signal.h> 28 #include <linux/timex.h> 29 30 #include <asm/io.h> 31 #include <asm/uaccess.h> 32 33 #include <linux/kbd_kern.h> 34 #include <linux/vt_kern.h> 35 #include <linux/kbd_diacr.h> 36 #include <linux/selection.h> 37 38 char vt_dont_switch; 39 extern struct tty_driver *console_driver; 40 41 #define VT_IS_IN_USE(i) (console_driver->ttys[i] && console_driver->ttys[i]->count) 42 #define VT_BUSY(i) (VT_IS_IN_USE(i) || i == fg_console || vc_cons[i].d == sel_cons) 43 44 /* 45 * Console (vt and kd) routines, as defined by USL SVR4 manual, and by 46 * experimentation and study of X386 SYSV handling. 47 * 48 * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and 49 * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console, 50 * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will 51 * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to 52 * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using 53 * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing 54 * to the current console is done by the main ioctl code. 55 */ 56 57 #ifdef CONFIG_X86 58 #include <linux/syscalls.h> 59 #endif 60 61 static void complete_change_console(struct vc_data *vc); 62 63 /* 64 * User space VT_EVENT handlers 65 */ 66 67 struct vt_event_wait { 68 struct list_head list; 69 struct vt_event event; 70 int done; 71 }; 72 73 static LIST_HEAD(vt_events); 74 static DEFINE_SPINLOCK(vt_event_lock); 75 static DECLARE_WAIT_QUEUE_HEAD(vt_event_waitqueue); 76 77 /** 78 * vt_event_post 79 * @event: the event that occurred 80 * @old: old console 81 * @new: new console 82 * 83 * Post an VT event to interested VT handlers 84 */ 85 86 void vt_event_post(unsigned int event, unsigned int old, unsigned int new) 87 { 88 struct list_head *pos, *head; 89 unsigned long flags; 90 int wake = 0; 91 92 spin_lock_irqsave(&vt_event_lock, flags); 93 head = &vt_events; 94 95 list_for_each(pos, head) { 96 struct vt_event_wait *ve = list_entry(pos, 97 struct vt_event_wait, list); 98 if (!(ve->event.event & event)) 99 continue; 100 ve->event.event = event; 101 /* kernel view is consoles 0..n-1, user space view is 102 console 1..n with 0 meaning current, so we must bias */ 103 ve->event.oldev = old + 1; 104 ve->event.newev = new + 1; 105 wake = 1; 106 ve->done = 1; 107 } 108 spin_unlock_irqrestore(&vt_event_lock, flags); 109 if (wake) 110 wake_up_interruptible(&vt_event_waitqueue); 111 } 112 113 /** 114 * vt_event_wait - wait for an event 115 * @vw: our event 116 * 117 * Waits for an event to occur which completes our vt_event_wait 118 * structure. On return the structure has wv->done set to 1 for success 119 * or 0 if some event such as a signal ended the wait. 120 */ 121 122 static void vt_event_wait(struct vt_event_wait *vw) 123 { 124 unsigned long flags; 125 /* Prepare the event */ 126 INIT_LIST_HEAD(&vw->list); 127 vw->done = 0; 128 /* Queue our event */ 129 spin_lock_irqsave(&vt_event_lock, flags); 130 list_add(&vw->list, &vt_events); 131 spin_unlock_irqrestore(&vt_event_lock, flags); 132 /* Wait for it to pass */ 133 wait_event_interruptible(vt_event_waitqueue, vw->done); 134 /* Dequeue it */ 135 spin_lock_irqsave(&vt_event_lock, flags); 136 list_del(&vw->list); 137 spin_unlock_irqrestore(&vt_event_lock, flags); 138 } 139 140 /** 141 * vt_event_wait_ioctl - event ioctl handler 142 * @arg: argument to ioctl 143 * 144 * Implement the VT_WAITEVENT ioctl using the VT event interface 145 */ 146 147 static int vt_event_wait_ioctl(struct vt_event __user *event) 148 { 149 struct vt_event_wait vw; 150 151 if (copy_from_user(&vw.event, event, sizeof(struct vt_event))) 152 return -EFAULT; 153 /* Highest supported event for now */ 154 if (vw.event.event & ~VT_MAX_EVENT) 155 return -EINVAL; 156 157 vt_event_wait(&vw); 158 /* If it occurred report it */ 159 if (vw.done) { 160 if (copy_to_user(event, &vw.event, sizeof(struct vt_event))) 161 return -EFAULT; 162 return 0; 163 } 164 return -EINTR; 165 } 166 167 /** 168 * vt_waitactive - active console wait 169 * @event: event code 170 * @n: new console 171 * 172 * Helper for event waits. Used to implement the legacy 173 * event waiting ioctls in terms of events 174 */ 175 176 int vt_waitactive(int n) 177 { 178 struct vt_event_wait vw; 179 do { 180 if (n == fg_console + 1) 181 break; 182 vw.event.event = VT_EVENT_SWITCH; 183 vt_event_wait(&vw); 184 if (vw.done == 0) 185 return -EINTR; 186 } while (vw.event.newev != n); 187 return 0; 188 } 189 190 /* 191 * these are the valid i/o ports we're allowed to change. they map all the 192 * video ports 193 */ 194 #define GPFIRST 0x3b4 195 #define GPLAST 0x3df 196 #define GPNUM (GPLAST - GPFIRST + 1) 197 198 199 200 static inline int 201 do_fontx_ioctl(int cmd, struct consolefontdesc __user *user_cfd, int perm, struct console_font_op *op) 202 { 203 struct consolefontdesc cfdarg; 204 int i; 205 206 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct consolefontdesc))) 207 return -EFAULT; 208 209 switch (cmd) { 210 case PIO_FONTX: 211 if (!perm) 212 return -EPERM; 213 op->op = KD_FONT_OP_SET; 214 op->flags = KD_FONT_FLAG_OLD; 215 op->width = 8; 216 op->height = cfdarg.charheight; 217 op->charcount = cfdarg.charcount; 218 op->data = cfdarg.chardata; 219 return con_font_op(vc_cons[fg_console].d, op); 220 case GIO_FONTX: { 221 op->op = KD_FONT_OP_GET; 222 op->flags = KD_FONT_FLAG_OLD; 223 op->width = 8; 224 op->height = cfdarg.charheight; 225 op->charcount = cfdarg.charcount; 226 op->data = cfdarg.chardata; 227 i = con_font_op(vc_cons[fg_console].d, op); 228 if (i) 229 return i; 230 cfdarg.charheight = op->height; 231 cfdarg.charcount = op->charcount; 232 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct consolefontdesc))) 233 return -EFAULT; 234 return 0; 235 } 236 } 237 return -EINVAL; 238 } 239 240 static inline int 241 do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud, int perm, struct vc_data *vc) 242 { 243 struct unimapdesc tmp; 244 245 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 246 return -EFAULT; 247 if (tmp.entries) 248 if (!access_ok(VERIFY_WRITE, tmp.entries, 249 tmp.entry_ct*sizeof(struct unipair))) 250 return -EFAULT; 251 switch (cmd) { 252 case PIO_UNIMAP: 253 if (!perm) 254 return -EPERM; 255 return con_set_unimap(vc, tmp.entry_ct, tmp.entries); 256 case GIO_UNIMAP: 257 if (!perm && fg_console != vc->vc_num) 258 return -EPERM; 259 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp.entries); 260 } 261 return 0; 262 } 263 264 265 266 /* 267 * We handle the console-specific ioctl's here. We allow the 268 * capability to modify any console, not just the fg_console. 269 */ 270 int vt_ioctl(struct tty_struct *tty, 271 unsigned int cmd, unsigned long arg) 272 { 273 struct vc_data *vc = tty->driver_data; 274 struct console_font_op op; /* used in multiple places here */ 275 unsigned int console; 276 unsigned char ucval; 277 unsigned int uival; 278 void __user *up = (void __user *)arg; 279 int i, perm; 280 int ret = 0; 281 282 console = vc->vc_num; 283 284 285 if (!vc_cons_allocated(console)) { /* impossible? */ 286 ret = -ENOIOCTLCMD; 287 goto out; 288 } 289 290 291 /* 292 * To have permissions to do most of the vt ioctls, we either have 293 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 294 */ 295 perm = 0; 296 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 297 perm = 1; 298 299 switch (cmd) { 300 case TIOCLINUX: 301 ret = tioclinux(tty, arg); 302 break; 303 case KIOCSOUND: 304 if (!perm) 305 return -EPERM; 306 /* 307 * The use of PIT_TICK_RATE is historic, it used to be 308 * the platform-dependent CLOCK_TICK_RATE between 2.6.12 309 * and 2.6.36, which was a minor but unfortunate ABI 310 * change. kd_mksound is locked by the input layer. 311 */ 312 if (arg) 313 arg = PIT_TICK_RATE / arg; 314 kd_mksound(arg, 0); 315 break; 316 317 case KDMKTONE: 318 if (!perm) 319 return -EPERM; 320 { 321 unsigned int ticks, count; 322 323 /* 324 * Generate the tone for the appropriate number of ticks. 325 * If the time is zero, turn off sound ourselves. 326 */ 327 ticks = HZ * ((arg >> 16) & 0xffff) / 1000; 328 count = ticks ? (arg & 0xffff) : 0; 329 if (count) 330 count = PIT_TICK_RATE / count; 331 kd_mksound(count, ticks); 332 break; 333 } 334 335 case KDGKBTYPE: 336 /* 337 * this is naïve. 338 */ 339 ucval = KB_101; 340 ret = put_user(ucval, (char __user *)arg); 341 break; 342 343 /* 344 * These cannot be implemented on any machine that implements 345 * ioperm() in user level (such as Alpha PCs) or not at all. 346 * 347 * XXX: you should never use these, just call ioperm directly.. 348 */ 349 #ifdef CONFIG_X86 350 case KDADDIO: 351 case KDDELIO: 352 /* 353 * KDADDIO and KDDELIO may be able to add ports beyond what 354 * we reject here, but to be safe... 355 * 356 * These are locked internally via sys_ioperm 357 */ 358 if (arg < GPFIRST || arg > GPLAST) { 359 ret = -EINVAL; 360 break; 361 } 362 ret = sys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0; 363 break; 364 365 case KDENABIO: 366 case KDDISABIO: 367 ret = sys_ioperm(GPFIRST, GPNUM, 368 (cmd == KDENABIO)) ? -ENXIO : 0; 369 break; 370 #endif 371 372 /* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */ 373 374 case KDKBDREP: 375 { 376 struct kbd_repeat kbrep; 377 378 if (!capable(CAP_SYS_TTY_CONFIG)) 379 return -EPERM; 380 381 if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat))) { 382 ret = -EFAULT; 383 break; 384 } 385 ret = kbd_rate(&kbrep); 386 if (ret) 387 break; 388 if (copy_to_user(up, &kbrep, sizeof(struct kbd_repeat))) 389 ret = -EFAULT; 390 break; 391 } 392 393 case KDSETMODE: 394 /* 395 * currently, setting the mode from KD_TEXT to KD_GRAPHICS 396 * doesn't do a whole lot. i'm not sure if it should do any 397 * restoration of modes or what... 398 * 399 * XXX It should at least call into the driver, fbdev's definitely 400 * need to restore their engine state. --BenH 401 */ 402 if (!perm) 403 return -EPERM; 404 switch (arg) { 405 case KD_GRAPHICS: 406 break; 407 case KD_TEXT0: 408 case KD_TEXT1: 409 arg = KD_TEXT; 410 case KD_TEXT: 411 break; 412 default: 413 ret = -EINVAL; 414 goto out; 415 } 416 /* FIXME: this needs the console lock extending */ 417 if (vc->vc_mode == (unsigned char) arg) 418 break; 419 vc->vc_mode = (unsigned char) arg; 420 if (console != fg_console) 421 break; 422 /* 423 * explicitly blank/unblank the screen if switching modes 424 */ 425 console_lock(); 426 if (arg == KD_TEXT) 427 do_unblank_screen(1); 428 else 429 do_blank_screen(1); 430 console_unlock(); 431 break; 432 433 case KDGETMODE: 434 uival = vc->vc_mode; 435 goto setint; 436 437 case KDMAPDISP: 438 case KDUNMAPDISP: 439 /* 440 * these work like a combination of mmap and KDENABIO. 441 * this could be easily finished. 442 */ 443 ret = -EINVAL; 444 break; 445 446 case KDSKBMODE: 447 if (!perm) 448 return -EPERM; 449 ret = vt_do_kdskbmode(console, arg); 450 if (ret == 0) 451 tty_ldisc_flush(tty); 452 break; 453 454 case KDGKBMODE: 455 uival = vt_do_kdgkbmode(console); 456 ret = put_user(uival, (int __user *)arg); 457 break; 458 459 /* this could be folded into KDSKBMODE, but for compatibility 460 reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */ 461 case KDSKBMETA: 462 ret = vt_do_kdskbmeta(console, arg); 463 break; 464 465 case KDGKBMETA: 466 /* FIXME: should review whether this is worth locking */ 467 uival = vt_do_kdgkbmeta(console); 468 setint: 469 ret = put_user(uival, (int __user *)arg); 470 break; 471 472 case KDGETKEYCODE: 473 case KDSETKEYCODE: 474 if(!capable(CAP_SYS_TTY_CONFIG)) 475 perm = 0; 476 ret = vt_do_kbkeycode_ioctl(cmd, up, perm); 477 break; 478 479 case KDGKBENT: 480 case KDSKBENT: 481 ret = vt_do_kdsk_ioctl(cmd, up, perm, console); 482 break; 483 484 case KDGKBSENT: 485 case KDSKBSENT: 486 ret = vt_do_kdgkb_ioctl(cmd, up, perm); 487 break; 488 489 /* Diacritical processing. Handled in keyboard.c as it has 490 to operate on the keyboard locks and structures */ 491 case KDGKBDIACR: 492 case KDGKBDIACRUC: 493 case KDSKBDIACR: 494 case KDSKBDIACRUC: 495 ret = vt_do_diacrit(cmd, up, perm); 496 break; 497 498 /* the ioctls below read/set the flags usually shown in the leds */ 499 /* don't use them - they will go away without warning */ 500 case KDGKBLED: 501 case KDSKBLED: 502 case KDGETLED: 503 case KDSETLED: 504 ret = vt_do_kdskled(console, cmd, arg, perm); 505 break; 506 507 /* 508 * A process can indicate its willingness to accept signals 509 * generated by pressing an appropriate key combination. 510 * Thus, one can have a daemon that e.g. spawns a new console 511 * upon a keypress and then changes to it. 512 * See also the kbrequest field of inittab(5). 513 */ 514 case KDSIGACCEPT: 515 { 516 if (!perm || !capable(CAP_KILL)) 517 return -EPERM; 518 if (!valid_signal(arg) || arg < 1 || arg == SIGKILL) 519 ret = -EINVAL; 520 else { 521 spin_lock_irq(&vt_spawn_con.lock); 522 put_pid(vt_spawn_con.pid); 523 vt_spawn_con.pid = get_pid(task_pid(current)); 524 vt_spawn_con.sig = arg; 525 spin_unlock_irq(&vt_spawn_con.lock); 526 } 527 break; 528 } 529 530 case VT_SETMODE: 531 { 532 struct vt_mode tmp; 533 534 if (!perm) 535 return -EPERM; 536 if (copy_from_user(&tmp, up, sizeof(struct vt_mode))) { 537 ret = -EFAULT; 538 goto out; 539 } 540 if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS) { 541 ret = -EINVAL; 542 goto out; 543 } 544 console_lock(); 545 vc->vt_mode = tmp; 546 /* the frsig is ignored, so we set it to 0 */ 547 vc->vt_mode.frsig = 0; 548 put_pid(vc->vt_pid); 549 vc->vt_pid = get_pid(task_pid(current)); 550 /* no switch is required -- saw@shade.msu.ru */ 551 vc->vt_newvt = -1; 552 console_unlock(); 553 break; 554 } 555 556 case VT_GETMODE: 557 { 558 struct vt_mode tmp; 559 int rc; 560 561 console_lock(); 562 memcpy(&tmp, &vc->vt_mode, sizeof(struct vt_mode)); 563 console_unlock(); 564 565 rc = copy_to_user(up, &tmp, sizeof(struct vt_mode)); 566 if (rc) 567 ret = -EFAULT; 568 break; 569 } 570 571 /* 572 * Returns global vt state. Note that VT 0 is always open, since 573 * it's an alias for the current VT, and people can't use it here. 574 * We cannot return state for more than 16 VTs, since v_state is short. 575 */ 576 case VT_GETSTATE: 577 { 578 struct vt_stat __user *vtstat = up; 579 unsigned short state, mask; 580 581 /* Review: FIXME: Console lock ? */ 582 if (put_user(fg_console + 1, &vtstat->v_active)) 583 ret = -EFAULT; 584 else { 585 state = 1; /* /dev/tty0 is always open */ 586 for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask; 587 ++i, mask <<= 1) 588 if (VT_IS_IN_USE(i)) 589 state |= mask; 590 ret = put_user(state, &vtstat->v_state); 591 } 592 break; 593 } 594 595 /* 596 * Returns the first available (non-opened) console. 597 */ 598 case VT_OPENQRY: 599 /* FIXME: locking ? - but then this is a stupid API */ 600 for (i = 0; i < MAX_NR_CONSOLES; ++i) 601 if (! VT_IS_IN_USE(i)) 602 break; 603 uival = i < MAX_NR_CONSOLES ? (i+1) : -1; 604 goto setint; 605 606 /* 607 * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num, 608 * with num >= 1 (switches to vt 0, our console, are not allowed, just 609 * to preserve sanity). 610 */ 611 case VT_ACTIVATE: 612 if (!perm) 613 return -EPERM; 614 if (arg == 0 || arg > MAX_NR_CONSOLES) 615 ret = -ENXIO; 616 else { 617 arg--; 618 console_lock(); 619 ret = vc_allocate(arg); 620 console_unlock(); 621 if (ret) 622 break; 623 set_console(arg); 624 } 625 break; 626 627 case VT_SETACTIVATE: 628 { 629 struct vt_setactivate vsa; 630 631 if (!perm) 632 return -EPERM; 633 634 if (copy_from_user(&vsa, (struct vt_setactivate __user *)arg, 635 sizeof(struct vt_setactivate))) { 636 ret = -EFAULT; 637 goto out; 638 } 639 if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES) 640 ret = -ENXIO; 641 else { 642 vsa.console--; 643 console_lock(); 644 ret = vc_allocate(vsa.console); 645 if (ret == 0) { 646 struct vc_data *nvc; 647 /* This is safe providing we don't drop the 648 console sem between vc_allocate and 649 finishing referencing nvc */ 650 nvc = vc_cons[vsa.console].d; 651 nvc->vt_mode = vsa.mode; 652 nvc->vt_mode.frsig = 0; 653 put_pid(nvc->vt_pid); 654 nvc->vt_pid = get_pid(task_pid(current)); 655 } 656 console_unlock(); 657 if (ret) 658 break; 659 /* Commence switch and lock */ 660 /* Review set_console locks */ 661 set_console(vsa.console); 662 } 663 break; 664 } 665 666 /* 667 * wait until the specified VT has been activated 668 */ 669 case VT_WAITACTIVE: 670 if (!perm) 671 return -EPERM; 672 if (arg == 0 || arg > MAX_NR_CONSOLES) 673 ret = -ENXIO; 674 else 675 ret = vt_waitactive(arg); 676 break; 677 678 /* 679 * If a vt is under process control, the kernel will not switch to it 680 * immediately, but postpone the operation until the process calls this 681 * ioctl, allowing the switch to complete. 682 * 683 * According to the X sources this is the behavior: 684 * 0: pending switch-from not OK 685 * 1: pending switch-from OK 686 * 2: completed switch-to OK 687 */ 688 case VT_RELDISP: 689 if (!perm) 690 return -EPERM; 691 692 console_lock(); 693 if (vc->vt_mode.mode != VT_PROCESS) { 694 console_unlock(); 695 ret = -EINVAL; 696 break; 697 } 698 /* 699 * Switching-from response 700 */ 701 if (vc->vt_newvt >= 0) { 702 if (arg == 0) 703 /* 704 * Switch disallowed, so forget we were trying 705 * to do it. 706 */ 707 vc->vt_newvt = -1; 708 709 else { 710 /* 711 * The current vt has been released, so 712 * complete the switch. 713 */ 714 int newvt; 715 newvt = vc->vt_newvt; 716 vc->vt_newvt = -1; 717 ret = vc_allocate(newvt); 718 if (ret) { 719 console_unlock(); 720 break; 721 } 722 /* 723 * When we actually do the console switch, 724 * make sure we are atomic with respect to 725 * other console switches.. 726 */ 727 complete_change_console(vc_cons[newvt].d); 728 } 729 } else { 730 /* 731 * Switched-to response 732 */ 733 /* 734 * If it's just an ACK, ignore it 735 */ 736 if (arg != VT_ACKACQ) 737 ret = -EINVAL; 738 } 739 console_unlock(); 740 break; 741 742 /* 743 * Disallocate memory associated to VT (but leave VT1) 744 */ 745 case VT_DISALLOCATE: 746 if (arg > MAX_NR_CONSOLES) { 747 ret = -ENXIO; 748 break; 749 } 750 if (arg == 0) { 751 /* deallocate all unused consoles, but leave 0 */ 752 console_lock(); 753 for (i=1; i<MAX_NR_CONSOLES; i++) 754 if (! VT_BUSY(i)) 755 vc_deallocate(i); 756 console_unlock(); 757 } else { 758 /* deallocate a single console, if possible */ 759 arg--; 760 if (VT_BUSY(arg)) 761 ret = -EBUSY; 762 else if (arg) { /* leave 0 */ 763 console_lock(); 764 vc_deallocate(arg); 765 console_unlock(); 766 } 767 } 768 break; 769 770 case VT_RESIZE: 771 { 772 struct vt_sizes __user *vtsizes = up; 773 struct vc_data *vc; 774 775 ushort ll,cc; 776 if (!perm) 777 return -EPERM; 778 if (get_user(ll, &vtsizes->v_rows) || 779 get_user(cc, &vtsizes->v_cols)) 780 ret = -EFAULT; 781 else { 782 console_lock(); 783 for (i = 0; i < MAX_NR_CONSOLES; i++) { 784 vc = vc_cons[i].d; 785 786 if (vc) { 787 vc->vc_resize_user = 1; 788 /* FIXME: review v tty lock */ 789 vc_resize(vc_cons[i].d, cc, ll); 790 } 791 } 792 console_unlock(); 793 } 794 break; 795 } 796 797 case VT_RESIZEX: 798 { 799 struct vt_consize __user *vtconsize = up; 800 ushort ll,cc,vlin,clin,vcol,ccol; 801 if (!perm) 802 return -EPERM; 803 if (!access_ok(VERIFY_READ, vtconsize, 804 sizeof(struct vt_consize))) { 805 ret = -EFAULT; 806 break; 807 } 808 /* FIXME: Should check the copies properly */ 809 __get_user(ll, &vtconsize->v_rows); 810 __get_user(cc, &vtconsize->v_cols); 811 __get_user(vlin, &vtconsize->v_vlin); 812 __get_user(clin, &vtconsize->v_clin); 813 __get_user(vcol, &vtconsize->v_vcol); 814 __get_user(ccol, &vtconsize->v_ccol); 815 vlin = vlin ? vlin : vc->vc_scan_lines; 816 if (clin) { 817 if (ll) { 818 if (ll != vlin/clin) { 819 /* Parameters don't add up */ 820 ret = -EINVAL; 821 break; 822 } 823 } else 824 ll = vlin/clin; 825 } 826 if (vcol && ccol) { 827 if (cc) { 828 if (cc != vcol/ccol) { 829 ret = -EINVAL; 830 break; 831 } 832 } else 833 cc = vcol/ccol; 834 } 835 836 if (clin > 32) { 837 ret = -EINVAL; 838 break; 839 } 840 841 for (i = 0; i < MAX_NR_CONSOLES; i++) { 842 if (!vc_cons[i].d) 843 continue; 844 console_lock(); 845 if (vlin) 846 vc_cons[i].d->vc_scan_lines = vlin; 847 if (clin) 848 vc_cons[i].d->vc_font.height = clin; 849 vc_cons[i].d->vc_resize_user = 1; 850 vc_resize(vc_cons[i].d, cc, ll); 851 console_unlock(); 852 } 853 break; 854 } 855 856 case PIO_FONT: { 857 if (!perm) 858 return -EPERM; 859 op.op = KD_FONT_OP_SET; 860 op.flags = KD_FONT_FLAG_OLD | KD_FONT_FLAG_DONT_RECALC; /* Compatibility */ 861 op.width = 8; 862 op.height = 0; 863 op.charcount = 256; 864 op.data = up; 865 ret = con_font_op(vc_cons[fg_console].d, &op); 866 break; 867 } 868 869 case GIO_FONT: { 870 op.op = KD_FONT_OP_GET; 871 op.flags = KD_FONT_FLAG_OLD; 872 op.width = 8; 873 op.height = 32; 874 op.charcount = 256; 875 op.data = up; 876 ret = con_font_op(vc_cons[fg_console].d, &op); 877 break; 878 } 879 880 case PIO_CMAP: 881 if (!perm) 882 ret = -EPERM; 883 else 884 ret = con_set_cmap(up); 885 break; 886 887 case GIO_CMAP: 888 ret = con_get_cmap(up); 889 break; 890 891 case PIO_FONTX: 892 case GIO_FONTX: 893 ret = do_fontx_ioctl(cmd, up, perm, &op); 894 break; 895 896 case PIO_FONTRESET: 897 { 898 if (!perm) 899 return -EPERM; 900 901 #ifdef BROKEN_GRAPHICS_PROGRAMS 902 /* With BROKEN_GRAPHICS_PROGRAMS defined, the default 903 font is not saved. */ 904 ret = -ENOSYS; 905 break; 906 #else 907 { 908 op.op = KD_FONT_OP_SET_DEFAULT; 909 op.data = NULL; 910 ret = con_font_op(vc_cons[fg_console].d, &op); 911 if (ret) 912 break; 913 console_lock(); 914 con_set_default_unimap(vc_cons[fg_console].d); 915 console_unlock(); 916 break; 917 } 918 #endif 919 } 920 921 case KDFONTOP: { 922 if (copy_from_user(&op, up, sizeof(op))) { 923 ret = -EFAULT; 924 break; 925 } 926 if (!perm && op.op != KD_FONT_OP_GET) 927 return -EPERM; 928 ret = con_font_op(vc, &op); 929 if (ret) 930 break; 931 if (copy_to_user(up, &op, sizeof(op))) 932 ret = -EFAULT; 933 break; 934 } 935 936 case PIO_SCRNMAP: 937 if (!perm) 938 ret = -EPERM; 939 else 940 ret = con_set_trans_old(up); 941 break; 942 943 case GIO_SCRNMAP: 944 ret = con_get_trans_old(up); 945 break; 946 947 case PIO_UNISCRNMAP: 948 if (!perm) 949 ret = -EPERM; 950 else 951 ret = con_set_trans_new(up); 952 break; 953 954 case GIO_UNISCRNMAP: 955 ret = con_get_trans_new(up); 956 break; 957 958 case PIO_UNIMAPCLR: 959 { struct unimapinit ui; 960 if (!perm) 961 return -EPERM; 962 ret = copy_from_user(&ui, up, sizeof(struct unimapinit)); 963 if (ret) 964 ret = -EFAULT; 965 else 966 con_clear_unimap(vc, &ui); 967 break; 968 } 969 970 case PIO_UNIMAP: 971 case GIO_UNIMAP: 972 ret = do_unimap_ioctl(cmd, up, perm, vc); 973 break; 974 975 case VT_LOCKSWITCH: 976 if (!capable(CAP_SYS_TTY_CONFIG)) 977 return -EPERM; 978 vt_dont_switch = 1; 979 break; 980 case VT_UNLOCKSWITCH: 981 if (!capable(CAP_SYS_TTY_CONFIG)) 982 return -EPERM; 983 vt_dont_switch = 0; 984 break; 985 case VT_GETHIFONTMASK: 986 ret = put_user(vc->vc_hi_font_mask, 987 (unsigned short __user *)arg); 988 break; 989 case VT_WAITEVENT: 990 ret = vt_event_wait_ioctl((struct vt_event __user *)arg); 991 break; 992 default: 993 ret = -ENOIOCTLCMD; 994 } 995 out: 996 return ret; 997 } 998 999 void reset_vc(struct vc_data *vc) 1000 { 1001 vc->vc_mode = KD_TEXT; 1002 vt_reset_unicode(vc->vc_num); 1003 vc->vt_mode.mode = VT_AUTO; 1004 vc->vt_mode.waitv = 0; 1005 vc->vt_mode.relsig = 0; 1006 vc->vt_mode.acqsig = 0; 1007 vc->vt_mode.frsig = 0; 1008 put_pid(vc->vt_pid); 1009 vc->vt_pid = NULL; 1010 vc->vt_newvt = -1; 1011 if (!in_interrupt()) /* Via keyboard.c:SAK() - akpm */ 1012 reset_palette(vc); 1013 } 1014 1015 void vc_SAK(struct work_struct *work) 1016 { 1017 struct vc *vc_con = 1018 container_of(work, struct vc, SAK_work); 1019 struct vc_data *vc; 1020 struct tty_struct *tty; 1021 1022 console_lock(); 1023 vc = vc_con->d; 1024 if (vc) { 1025 /* FIXME: review tty ref counting */ 1026 tty = vc->port.tty; 1027 /* 1028 * SAK should also work in all raw modes and reset 1029 * them properly. 1030 */ 1031 if (tty) 1032 __do_SAK(tty); 1033 reset_vc(vc); 1034 } 1035 console_unlock(); 1036 } 1037 1038 #ifdef CONFIG_COMPAT 1039 1040 struct compat_consolefontdesc { 1041 unsigned short charcount; /* characters in font (256 or 512) */ 1042 unsigned short charheight; /* scan lines per character (1-32) */ 1043 compat_caddr_t chardata; /* font data in expanded form */ 1044 }; 1045 1046 static inline int 1047 compat_fontx_ioctl(int cmd, struct compat_consolefontdesc __user *user_cfd, 1048 int perm, struct console_font_op *op) 1049 { 1050 struct compat_consolefontdesc cfdarg; 1051 int i; 1052 1053 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct compat_consolefontdesc))) 1054 return -EFAULT; 1055 1056 switch (cmd) { 1057 case PIO_FONTX: 1058 if (!perm) 1059 return -EPERM; 1060 op->op = KD_FONT_OP_SET; 1061 op->flags = KD_FONT_FLAG_OLD; 1062 op->width = 8; 1063 op->height = cfdarg.charheight; 1064 op->charcount = cfdarg.charcount; 1065 op->data = compat_ptr(cfdarg.chardata); 1066 return con_font_op(vc_cons[fg_console].d, op); 1067 case GIO_FONTX: 1068 op->op = KD_FONT_OP_GET; 1069 op->flags = KD_FONT_FLAG_OLD; 1070 op->width = 8; 1071 op->height = cfdarg.charheight; 1072 op->charcount = cfdarg.charcount; 1073 op->data = compat_ptr(cfdarg.chardata); 1074 i = con_font_op(vc_cons[fg_console].d, op); 1075 if (i) 1076 return i; 1077 cfdarg.charheight = op->height; 1078 cfdarg.charcount = op->charcount; 1079 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct compat_consolefontdesc))) 1080 return -EFAULT; 1081 return 0; 1082 } 1083 return -EINVAL; 1084 } 1085 1086 struct compat_console_font_op { 1087 compat_uint_t op; /* operation code KD_FONT_OP_* */ 1088 compat_uint_t flags; /* KD_FONT_FLAG_* */ 1089 compat_uint_t width, height; /* font size */ 1090 compat_uint_t charcount; 1091 compat_caddr_t data; /* font data with height fixed to 32 */ 1092 }; 1093 1094 static inline int 1095 compat_kdfontop_ioctl(struct compat_console_font_op __user *fontop, 1096 int perm, struct console_font_op *op, struct vc_data *vc) 1097 { 1098 int i; 1099 1100 if (copy_from_user(op, fontop, sizeof(struct compat_console_font_op))) 1101 return -EFAULT; 1102 if (!perm && op->op != KD_FONT_OP_GET) 1103 return -EPERM; 1104 op->data = compat_ptr(((struct compat_console_font_op *)op)->data); 1105 i = con_font_op(vc, op); 1106 if (i) 1107 return i; 1108 ((struct compat_console_font_op *)op)->data = (unsigned long)op->data; 1109 if (copy_to_user(fontop, op, sizeof(struct compat_console_font_op))) 1110 return -EFAULT; 1111 return 0; 1112 } 1113 1114 struct compat_unimapdesc { 1115 unsigned short entry_ct; 1116 compat_caddr_t entries; 1117 }; 1118 1119 static inline int 1120 compat_unimap_ioctl(unsigned int cmd, struct compat_unimapdesc __user *user_ud, 1121 int perm, struct vc_data *vc) 1122 { 1123 struct compat_unimapdesc tmp; 1124 struct unipair __user *tmp_entries; 1125 1126 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 1127 return -EFAULT; 1128 tmp_entries = compat_ptr(tmp.entries); 1129 if (tmp_entries) 1130 if (!access_ok(VERIFY_WRITE, tmp_entries, 1131 tmp.entry_ct*sizeof(struct unipair))) 1132 return -EFAULT; 1133 switch (cmd) { 1134 case PIO_UNIMAP: 1135 if (!perm) 1136 return -EPERM; 1137 return con_set_unimap(vc, tmp.entry_ct, tmp_entries); 1138 case GIO_UNIMAP: 1139 if (!perm && fg_console != vc->vc_num) 1140 return -EPERM; 1141 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp_entries); 1142 } 1143 return 0; 1144 } 1145 1146 long vt_compat_ioctl(struct tty_struct *tty, 1147 unsigned int cmd, unsigned long arg) 1148 { 1149 struct vc_data *vc = tty->driver_data; 1150 struct console_font_op op; /* used in multiple places here */ 1151 unsigned int console; 1152 void __user *up = (void __user *)arg; 1153 int perm; 1154 int ret = 0; 1155 1156 console = vc->vc_num; 1157 1158 if (!vc_cons_allocated(console)) { /* impossible? */ 1159 ret = -ENOIOCTLCMD; 1160 goto out; 1161 } 1162 1163 /* 1164 * To have permissions to do most of the vt ioctls, we either have 1165 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 1166 */ 1167 perm = 0; 1168 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 1169 perm = 1; 1170 1171 switch (cmd) { 1172 /* 1173 * these need special handlers for incompatible data structures 1174 */ 1175 case PIO_FONTX: 1176 case GIO_FONTX: 1177 ret = compat_fontx_ioctl(cmd, up, perm, &op); 1178 break; 1179 1180 case KDFONTOP: 1181 ret = compat_kdfontop_ioctl(up, perm, &op, vc); 1182 break; 1183 1184 case PIO_UNIMAP: 1185 case GIO_UNIMAP: 1186 ret = compat_unimap_ioctl(cmd, up, perm, vc); 1187 break; 1188 1189 /* 1190 * all these treat 'arg' as an integer 1191 */ 1192 case KIOCSOUND: 1193 case KDMKTONE: 1194 #ifdef CONFIG_X86 1195 case KDADDIO: 1196 case KDDELIO: 1197 #endif 1198 case KDSETMODE: 1199 case KDMAPDISP: 1200 case KDUNMAPDISP: 1201 case KDSKBMODE: 1202 case KDSKBMETA: 1203 case KDSKBLED: 1204 case KDSETLED: 1205 case KDSIGACCEPT: 1206 case VT_ACTIVATE: 1207 case VT_WAITACTIVE: 1208 case VT_RELDISP: 1209 case VT_DISALLOCATE: 1210 case VT_RESIZE: 1211 case VT_RESIZEX: 1212 goto fallback; 1213 1214 /* 1215 * the rest has a compatible data structure behind arg, 1216 * but we have to convert it to a proper 64 bit pointer. 1217 */ 1218 default: 1219 arg = (unsigned long)compat_ptr(arg); 1220 goto fallback; 1221 } 1222 out: 1223 return ret; 1224 1225 fallback: 1226 return vt_ioctl(tty, cmd, arg); 1227 } 1228 1229 1230 #endif /* CONFIG_COMPAT */ 1231 1232 1233 /* 1234 * Performs the back end of a vt switch. Called under the console 1235 * semaphore. 1236 */ 1237 static void complete_change_console(struct vc_data *vc) 1238 { 1239 unsigned char old_vc_mode; 1240 int old = fg_console; 1241 1242 last_console = fg_console; 1243 1244 /* 1245 * If we're switching, we could be going from KD_GRAPHICS to 1246 * KD_TEXT mode or vice versa, which means we need to blank or 1247 * unblank the screen later. 1248 */ 1249 old_vc_mode = vc_cons[fg_console].d->vc_mode; 1250 switch_screen(vc); 1251 1252 /* 1253 * This can't appear below a successful kill_pid(). If it did, 1254 * then the *blank_screen operation could occur while X, having 1255 * received acqsig, is waking up on another processor. This 1256 * condition can lead to overlapping accesses to the VGA range 1257 * and the framebuffer (causing system lockups). 1258 * 1259 * To account for this we duplicate this code below only if the 1260 * controlling process is gone and we've called reset_vc. 1261 */ 1262 if (old_vc_mode != vc->vc_mode) { 1263 if (vc->vc_mode == KD_TEXT) 1264 do_unblank_screen(1); 1265 else 1266 do_blank_screen(1); 1267 } 1268 1269 /* 1270 * If this new console is under process control, send it a signal 1271 * telling it that it has acquired. Also check if it has died and 1272 * clean up (similar to logic employed in change_console()) 1273 */ 1274 if (vc->vt_mode.mode == VT_PROCESS) { 1275 /* 1276 * Send the signal as privileged - kill_pid() will 1277 * tell us if the process has gone or something else 1278 * is awry 1279 */ 1280 if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) { 1281 /* 1282 * The controlling process has died, so we revert back to 1283 * normal operation. In this case, we'll also change back 1284 * to KD_TEXT mode. I'm not sure if this is strictly correct 1285 * but it saves the agony when the X server dies and the screen 1286 * remains blanked due to KD_GRAPHICS! It would be nice to do 1287 * this outside of VT_PROCESS but there is no single process 1288 * to account for and tracking tty count may be undesirable. 1289 */ 1290 reset_vc(vc); 1291 1292 if (old_vc_mode != vc->vc_mode) { 1293 if (vc->vc_mode == KD_TEXT) 1294 do_unblank_screen(1); 1295 else 1296 do_blank_screen(1); 1297 } 1298 } 1299 } 1300 1301 /* 1302 * Wake anyone waiting for their VT to activate 1303 */ 1304 vt_event_post(VT_EVENT_SWITCH, old, vc->vc_num); 1305 return; 1306 } 1307 1308 /* 1309 * Performs the front-end of a vt switch 1310 */ 1311 void change_console(struct vc_data *new_vc) 1312 { 1313 struct vc_data *vc; 1314 1315 if (!new_vc || new_vc->vc_num == fg_console || vt_dont_switch) 1316 return; 1317 1318 /* 1319 * If this vt is in process mode, then we need to handshake with 1320 * that process before switching. Essentially, we store where that 1321 * vt wants to switch to and wait for it to tell us when it's done 1322 * (via VT_RELDISP ioctl). 1323 * 1324 * We also check to see if the controlling process still exists. 1325 * If it doesn't, we reset this vt to auto mode and continue. 1326 * This is a cheap way to track process control. The worst thing 1327 * that can happen is: we send a signal to a process, it dies, and 1328 * the switch gets "lost" waiting for a response; hopefully, the 1329 * user will try again, we'll detect the process is gone (unless 1330 * the user waits just the right amount of time :-) and revert the 1331 * vt to auto control. 1332 */ 1333 vc = vc_cons[fg_console].d; 1334 if (vc->vt_mode.mode == VT_PROCESS) { 1335 /* 1336 * Send the signal as privileged - kill_pid() will 1337 * tell us if the process has gone or something else 1338 * is awry. 1339 * 1340 * We need to set vt_newvt *before* sending the signal or we 1341 * have a race. 1342 */ 1343 vc->vt_newvt = new_vc->vc_num; 1344 if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) { 1345 /* 1346 * It worked. Mark the vt to switch to and 1347 * return. The process needs to send us a 1348 * VT_RELDISP ioctl to complete the switch. 1349 */ 1350 return; 1351 } 1352 1353 /* 1354 * The controlling process has died, so we revert back to 1355 * normal operation. In this case, we'll also change back 1356 * to KD_TEXT mode. I'm not sure if this is strictly correct 1357 * but it saves the agony when the X server dies and the screen 1358 * remains blanked due to KD_GRAPHICS! It would be nice to do 1359 * this outside of VT_PROCESS but there is no single process 1360 * to account for and tracking tty count may be undesirable. 1361 */ 1362 reset_vc(vc); 1363 1364 /* 1365 * Fall through to normal (VT_AUTO) handling of the switch... 1366 */ 1367 } 1368 1369 /* 1370 * Ignore all switches in KD_GRAPHICS+VT_AUTO mode 1371 */ 1372 if (vc->vc_mode == KD_GRAPHICS) 1373 return; 1374 1375 complete_change_console(new_vc); 1376 } 1377 1378 /* Perform a kernel triggered VT switch for suspend/resume */ 1379 1380 static int disable_vt_switch; 1381 1382 int vt_move_to_console(unsigned int vt, int alloc) 1383 { 1384 int prev; 1385 1386 console_lock(); 1387 /* Graphics mode - up to X */ 1388 if (disable_vt_switch) { 1389 console_unlock(); 1390 return 0; 1391 } 1392 prev = fg_console; 1393 1394 if (alloc && vc_allocate(vt)) { 1395 /* we can't have a free VC for now. Too bad, 1396 * we don't want to mess the screen for now. */ 1397 console_unlock(); 1398 return -ENOSPC; 1399 } 1400 1401 if (set_console(vt)) { 1402 /* 1403 * We're unable to switch to the SUSPEND_CONSOLE. 1404 * Let the calling function know so it can decide 1405 * what to do. 1406 */ 1407 console_unlock(); 1408 return -EIO; 1409 } 1410 console_unlock(); 1411 if (vt_waitactive(vt + 1)) { 1412 pr_debug("Suspend: Can't switch VCs."); 1413 return -EINTR; 1414 } 1415 return prev; 1416 } 1417 1418 /* 1419 * Normally during a suspend, we allocate a new console and switch to it. 1420 * When we resume, we switch back to the original console. This switch 1421 * can be slow, so on systems where the framebuffer can handle restoration 1422 * of video registers anyways, there's little point in doing the console 1423 * switch. This function allows you to disable it by passing it '0'. 1424 */ 1425 void pm_set_vt_switch(int do_switch) 1426 { 1427 console_lock(); 1428 disable_vt_switch = !do_switch; 1429 console_unlock(); 1430 } 1431 EXPORT_SYMBOL(pm_set_vt_switch); 1432