1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1992 obz under the linux copyright 4 * 5 * Dynamic diacritical handling - aeb@cwi.nl - Dec 1993 6 * Dynamic keymap and string allocation - aeb@cwi.nl - May 1994 7 * Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995 8 * Some code moved for less code duplication - Andi Kleen - Mar 1997 9 * Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001 10 */ 11 12 #include <linux/types.h> 13 #include <linux/errno.h> 14 #include <linux/sched/signal.h> 15 #include <linux/tty.h> 16 #include <linux/timer.h> 17 #include <linux/kernel.h> 18 #include <linux/compat.h> 19 #include <linux/module.h> 20 #include <linux/kd.h> 21 #include <linux/vt.h> 22 #include <linux/string.h> 23 #include <linux/slab.h> 24 #include <linux/major.h> 25 #include <linux/fs.h> 26 #include <linux/console.h> 27 #include <linux/consolemap.h> 28 #include <linux/signal.h> 29 #include <linux/suspend.h> 30 #include <linux/timex.h> 31 32 #include <asm/io.h> 33 #include <linux/uaccess.h> 34 35 #include <linux/kbd_kern.h> 36 #include <linux/vt_kern.h> 37 #include <linux/kbd_diacr.h> 38 #include <linux/selection.h> 39 40 char vt_dont_switch; 41 extern struct tty_driver *console_driver; 42 43 #define VT_IS_IN_USE(i) (console_driver->ttys[i] && console_driver->ttys[i]->count) 44 #define VT_BUSY(i) (VT_IS_IN_USE(i) || i == fg_console || vc_cons[i].d == sel_cons) 45 46 /* 47 * Console (vt and kd) routines, as defined by USL SVR4 manual, and by 48 * experimentation and study of X386 SYSV handling. 49 * 50 * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and 51 * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console, 52 * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will 53 * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to 54 * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using 55 * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing 56 * to the current console is done by the main ioctl code. 57 */ 58 59 #ifdef CONFIG_X86 60 #include <linux/syscalls.h> 61 #endif 62 63 static void complete_change_console(struct vc_data *vc); 64 65 /* 66 * User space VT_EVENT handlers 67 */ 68 69 struct vt_event_wait { 70 struct list_head list; 71 struct vt_event event; 72 int done; 73 }; 74 75 static LIST_HEAD(vt_events); 76 static DEFINE_SPINLOCK(vt_event_lock); 77 static DECLARE_WAIT_QUEUE_HEAD(vt_event_waitqueue); 78 79 /** 80 * vt_event_post 81 * @event: the event that occurred 82 * @old: old console 83 * @new: new console 84 * 85 * Post an VT event to interested VT handlers 86 */ 87 88 void vt_event_post(unsigned int event, unsigned int old, unsigned int new) 89 { 90 struct list_head *pos, *head; 91 unsigned long flags; 92 int wake = 0; 93 94 spin_lock_irqsave(&vt_event_lock, flags); 95 head = &vt_events; 96 97 list_for_each(pos, head) { 98 struct vt_event_wait *ve = list_entry(pos, 99 struct vt_event_wait, list); 100 if (!(ve->event.event & event)) 101 continue; 102 ve->event.event = event; 103 /* kernel view is consoles 0..n-1, user space view is 104 console 1..n with 0 meaning current, so we must bias */ 105 ve->event.oldev = old + 1; 106 ve->event.newev = new + 1; 107 wake = 1; 108 ve->done = 1; 109 } 110 spin_unlock_irqrestore(&vt_event_lock, flags); 111 if (wake) 112 wake_up_interruptible(&vt_event_waitqueue); 113 } 114 115 static void __vt_event_queue(struct vt_event_wait *vw) 116 { 117 unsigned long flags; 118 /* Prepare the event */ 119 INIT_LIST_HEAD(&vw->list); 120 vw->done = 0; 121 /* Queue our event */ 122 spin_lock_irqsave(&vt_event_lock, flags); 123 list_add(&vw->list, &vt_events); 124 spin_unlock_irqrestore(&vt_event_lock, flags); 125 } 126 127 static void __vt_event_wait(struct vt_event_wait *vw) 128 { 129 /* Wait for it to pass */ 130 wait_event_interruptible(vt_event_waitqueue, vw->done); 131 } 132 133 static void __vt_event_dequeue(struct vt_event_wait *vw) 134 { 135 unsigned long flags; 136 137 /* Dequeue it */ 138 spin_lock_irqsave(&vt_event_lock, flags); 139 list_del(&vw->list); 140 spin_unlock_irqrestore(&vt_event_lock, flags); 141 } 142 143 /** 144 * vt_event_wait - wait for an event 145 * @vw: our event 146 * 147 * Waits for an event to occur which completes our vt_event_wait 148 * structure. On return the structure has wv->done set to 1 for success 149 * or 0 if some event such as a signal ended the wait. 150 */ 151 152 static void vt_event_wait(struct vt_event_wait *vw) 153 { 154 __vt_event_queue(vw); 155 __vt_event_wait(vw); 156 __vt_event_dequeue(vw); 157 } 158 159 /** 160 * vt_event_wait_ioctl - event ioctl handler 161 * @arg: argument to ioctl 162 * 163 * Implement the VT_WAITEVENT ioctl using the VT event interface 164 */ 165 166 static int vt_event_wait_ioctl(struct vt_event __user *event) 167 { 168 struct vt_event_wait vw; 169 170 if (copy_from_user(&vw.event, event, sizeof(struct vt_event))) 171 return -EFAULT; 172 /* Highest supported event for now */ 173 if (vw.event.event & ~VT_MAX_EVENT) 174 return -EINVAL; 175 176 vt_event_wait(&vw); 177 /* If it occurred report it */ 178 if (vw.done) { 179 if (copy_to_user(event, &vw.event, sizeof(struct vt_event))) 180 return -EFAULT; 181 return 0; 182 } 183 return -EINTR; 184 } 185 186 /** 187 * vt_waitactive - active console wait 188 * @event: event code 189 * @n: new console 190 * 191 * Helper for event waits. Used to implement the legacy 192 * event waiting ioctls in terms of events 193 */ 194 195 int vt_waitactive(int n) 196 { 197 struct vt_event_wait vw; 198 do { 199 vw.event.event = VT_EVENT_SWITCH; 200 __vt_event_queue(&vw); 201 if (n == fg_console + 1) { 202 __vt_event_dequeue(&vw); 203 break; 204 } 205 __vt_event_wait(&vw); 206 __vt_event_dequeue(&vw); 207 if (vw.done == 0) 208 return -EINTR; 209 } while (vw.event.newev != n); 210 return 0; 211 } 212 213 /* 214 * these are the valid i/o ports we're allowed to change. they map all the 215 * video ports 216 */ 217 #define GPFIRST 0x3b4 218 #define GPLAST 0x3df 219 #define GPNUM (GPLAST - GPFIRST + 1) 220 221 222 223 static inline int 224 do_fontx_ioctl(int cmd, struct consolefontdesc __user *user_cfd, int perm, struct console_font_op *op) 225 { 226 struct consolefontdesc cfdarg; 227 int i; 228 229 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct consolefontdesc))) 230 return -EFAULT; 231 232 switch (cmd) { 233 case PIO_FONTX: 234 if (!perm) 235 return -EPERM; 236 op->op = KD_FONT_OP_SET; 237 op->flags = KD_FONT_FLAG_OLD; 238 op->width = 8; 239 op->height = cfdarg.charheight; 240 op->charcount = cfdarg.charcount; 241 op->data = cfdarg.chardata; 242 return con_font_op(vc_cons[fg_console].d, op); 243 case GIO_FONTX: { 244 op->op = KD_FONT_OP_GET; 245 op->flags = KD_FONT_FLAG_OLD; 246 op->width = 8; 247 op->height = cfdarg.charheight; 248 op->charcount = cfdarg.charcount; 249 op->data = cfdarg.chardata; 250 i = con_font_op(vc_cons[fg_console].d, op); 251 if (i) 252 return i; 253 cfdarg.charheight = op->height; 254 cfdarg.charcount = op->charcount; 255 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct consolefontdesc))) 256 return -EFAULT; 257 return 0; 258 } 259 } 260 return -EINVAL; 261 } 262 263 static inline int 264 do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud, int perm, struct vc_data *vc) 265 { 266 struct unimapdesc tmp; 267 268 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 269 return -EFAULT; 270 switch (cmd) { 271 case PIO_UNIMAP: 272 if (!perm) 273 return -EPERM; 274 return con_set_unimap(vc, tmp.entry_ct, tmp.entries); 275 case GIO_UNIMAP: 276 if (!perm && fg_console != vc->vc_num) 277 return -EPERM; 278 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp.entries); 279 } 280 return 0; 281 } 282 283 /* deallocate a single console, if possible (leave 0) */ 284 static int vt_disallocate(unsigned int vc_num) 285 { 286 struct vc_data *vc = NULL; 287 int ret = 0; 288 289 console_lock(); 290 if (VT_BUSY(vc_num)) 291 ret = -EBUSY; 292 else if (vc_num) 293 vc = vc_deallocate(vc_num); 294 console_unlock(); 295 296 if (vc && vc_num >= MIN_NR_CONSOLES) { 297 tty_port_destroy(&vc->port); 298 kfree(vc); 299 } 300 301 return ret; 302 } 303 304 /* deallocate all unused consoles, but leave 0 */ 305 static void vt_disallocate_all(void) 306 { 307 struct vc_data *vc[MAX_NR_CONSOLES]; 308 int i; 309 310 console_lock(); 311 for (i = 1; i < MAX_NR_CONSOLES; i++) 312 if (!VT_BUSY(i)) 313 vc[i] = vc_deallocate(i); 314 else 315 vc[i] = NULL; 316 console_unlock(); 317 318 for (i = 1; i < MAX_NR_CONSOLES; i++) { 319 if (vc[i] && i >= MIN_NR_CONSOLES) { 320 tty_port_destroy(&vc[i]->port); 321 kfree(vc[i]); 322 } 323 } 324 } 325 326 327 /* 328 * We handle the console-specific ioctl's here. We allow the 329 * capability to modify any console, not just the fg_console. 330 */ 331 int vt_ioctl(struct tty_struct *tty, 332 unsigned int cmd, unsigned long arg) 333 { 334 struct vc_data *vc = tty->driver_data; 335 struct console_font_op op; /* used in multiple places here */ 336 unsigned int console; 337 unsigned char ucval; 338 unsigned int uival; 339 void __user *up = (void __user *)arg; 340 int i, perm; 341 int ret = 0; 342 343 console = vc->vc_num; 344 345 346 if (!vc_cons_allocated(console)) { /* impossible? */ 347 ret = -ENOIOCTLCMD; 348 goto out; 349 } 350 351 352 /* 353 * To have permissions to do most of the vt ioctls, we either have 354 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 355 */ 356 perm = 0; 357 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 358 perm = 1; 359 360 switch (cmd) { 361 case TIOCLINUX: 362 ret = tioclinux(tty, arg); 363 break; 364 case KIOCSOUND: 365 if (!perm) 366 return -EPERM; 367 /* 368 * The use of PIT_TICK_RATE is historic, it used to be 369 * the platform-dependent CLOCK_TICK_RATE between 2.6.12 370 * and 2.6.36, which was a minor but unfortunate ABI 371 * change. kd_mksound is locked by the input layer. 372 */ 373 if (arg) 374 arg = PIT_TICK_RATE / arg; 375 kd_mksound(arg, 0); 376 break; 377 378 case KDMKTONE: 379 if (!perm) 380 return -EPERM; 381 { 382 unsigned int ticks, count; 383 384 /* 385 * Generate the tone for the appropriate number of ticks. 386 * If the time is zero, turn off sound ourselves. 387 */ 388 ticks = msecs_to_jiffies((arg >> 16) & 0xffff); 389 count = ticks ? (arg & 0xffff) : 0; 390 if (count) 391 count = PIT_TICK_RATE / count; 392 kd_mksound(count, ticks); 393 break; 394 } 395 396 case KDGKBTYPE: 397 /* 398 * this is naïve. 399 */ 400 ucval = KB_101; 401 ret = put_user(ucval, (char __user *)arg); 402 break; 403 404 /* 405 * These cannot be implemented on any machine that implements 406 * ioperm() in user level (such as Alpha PCs) or not at all. 407 * 408 * XXX: you should never use these, just call ioperm directly.. 409 */ 410 #ifdef CONFIG_X86 411 case KDADDIO: 412 case KDDELIO: 413 /* 414 * KDADDIO and KDDELIO may be able to add ports beyond what 415 * we reject here, but to be safe... 416 * 417 * These are locked internally via sys_ioperm 418 */ 419 if (arg < GPFIRST || arg > GPLAST) { 420 ret = -EINVAL; 421 break; 422 } 423 ret = sys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0; 424 break; 425 426 case KDENABIO: 427 case KDDISABIO: 428 ret = sys_ioperm(GPFIRST, GPNUM, 429 (cmd == KDENABIO)) ? -ENXIO : 0; 430 break; 431 #endif 432 433 /* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */ 434 435 case KDKBDREP: 436 { 437 struct kbd_repeat kbrep; 438 439 if (!capable(CAP_SYS_TTY_CONFIG)) 440 return -EPERM; 441 442 if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat))) { 443 ret = -EFAULT; 444 break; 445 } 446 ret = kbd_rate(&kbrep); 447 if (ret) 448 break; 449 if (copy_to_user(up, &kbrep, sizeof(struct kbd_repeat))) 450 ret = -EFAULT; 451 break; 452 } 453 454 case KDSETMODE: 455 /* 456 * currently, setting the mode from KD_TEXT to KD_GRAPHICS 457 * doesn't do a whole lot. i'm not sure if it should do any 458 * restoration of modes or what... 459 * 460 * XXX It should at least call into the driver, fbdev's definitely 461 * need to restore their engine state. --BenH 462 */ 463 if (!perm) 464 return -EPERM; 465 switch (arg) { 466 case KD_GRAPHICS: 467 break; 468 case KD_TEXT0: 469 case KD_TEXT1: 470 arg = KD_TEXT; 471 case KD_TEXT: 472 break; 473 default: 474 ret = -EINVAL; 475 goto out; 476 } 477 /* FIXME: this needs the console lock extending */ 478 if (vc->vc_mode == (unsigned char) arg) 479 break; 480 vc->vc_mode = (unsigned char) arg; 481 if (console != fg_console) 482 break; 483 /* 484 * explicitly blank/unblank the screen if switching modes 485 */ 486 console_lock(); 487 if (arg == KD_TEXT) 488 do_unblank_screen(1); 489 else 490 do_blank_screen(1); 491 console_unlock(); 492 break; 493 494 case KDGETMODE: 495 uival = vc->vc_mode; 496 goto setint; 497 498 case KDMAPDISP: 499 case KDUNMAPDISP: 500 /* 501 * these work like a combination of mmap and KDENABIO. 502 * this could be easily finished. 503 */ 504 ret = -EINVAL; 505 break; 506 507 case KDSKBMODE: 508 if (!perm) 509 return -EPERM; 510 ret = vt_do_kdskbmode(console, arg); 511 if (ret == 0) 512 tty_ldisc_flush(tty); 513 break; 514 515 case KDGKBMODE: 516 uival = vt_do_kdgkbmode(console); 517 ret = put_user(uival, (int __user *)arg); 518 break; 519 520 /* this could be folded into KDSKBMODE, but for compatibility 521 reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */ 522 case KDSKBMETA: 523 ret = vt_do_kdskbmeta(console, arg); 524 break; 525 526 case KDGKBMETA: 527 /* FIXME: should review whether this is worth locking */ 528 uival = vt_do_kdgkbmeta(console); 529 setint: 530 ret = put_user(uival, (int __user *)arg); 531 break; 532 533 case KDGETKEYCODE: 534 case KDSETKEYCODE: 535 if(!capable(CAP_SYS_TTY_CONFIG)) 536 perm = 0; 537 ret = vt_do_kbkeycode_ioctl(cmd, up, perm); 538 break; 539 540 case KDGKBENT: 541 case KDSKBENT: 542 ret = vt_do_kdsk_ioctl(cmd, up, perm, console); 543 break; 544 545 case KDGKBSENT: 546 case KDSKBSENT: 547 ret = vt_do_kdgkb_ioctl(cmd, up, perm); 548 break; 549 550 /* Diacritical processing. Handled in keyboard.c as it has 551 to operate on the keyboard locks and structures */ 552 case KDGKBDIACR: 553 case KDGKBDIACRUC: 554 case KDSKBDIACR: 555 case KDSKBDIACRUC: 556 ret = vt_do_diacrit(cmd, up, perm); 557 break; 558 559 /* the ioctls below read/set the flags usually shown in the leds */ 560 /* don't use them - they will go away without warning */ 561 case KDGKBLED: 562 case KDSKBLED: 563 case KDGETLED: 564 case KDSETLED: 565 ret = vt_do_kdskled(console, cmd, arg, perm); 566 break; 567 568 /* 569 * A process can indicate its willingness to accept signals 570 * generated by pressing an appropriate key combination. 571 * Thus, one can have a daemon that e.g. spawns a new console 572 * upon a keypress and then changes to it. 573 * See also the kbrequest field of inittab(5). 574 */ 575 case KDSIGACCEPT: 576 { 577 if (!perm || !capable(CAP_KILL)) 578 return -EPERM; 579 if (!valid_signal(arg) || arg < 1 || arg == SIGKILL) 580 ret = -EINVAL; 581 else { 582 spin_lock_irq(&vt_spawn_con.lock); 583 put_pid(vt_spawn_con.pid); 584 vt_spawn_con.pid = get_pid(task_pid(current)); 585 vt_spawn_con.sig = arg; 586 spin_unlock_irq(&vt_spawn_con.lock); 587 } 588 break; 589 } 590 591 case VT_SETMODE: 592 { 593 struct vt_mode tmp; 594 595 if (!perm) 596 return -EPERM; 597 if (copy_from_user(&tmp, up, sizeof(struct vt_mode))) { 598 ret = -EFAULT; 599 goto out; 600 } 601 if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS) { 602 ret = -EINVAL; 603 goto out; 604 } 605 console_lock(); 606 vc->vt_mode = tmp; 607 /* the frsig is ignored, so we set it to 0 */ 608 vc->vt_mode.frsig = 0; 609 put_pid(vc->vt_pid); 610 vc->vt_pid = get_pid(task_pid(current)); 611 /* no switch is required -- saw@shade.msu.ru */ 612 vc->vt_newvt = -1; 613 console_unlock(); 614 break; 615 } 616 617 case VT_GETMODE: 618 { 619 struct vt_mode tmp; 620 int rc; 621 622 console_lock(); 623 memcpy(&tmp, &vc->vt_mode, sizeof(struct vt_mode)); 624 console_unlock(); 625 626 rc = copy_to_user(up, &tmp, sizeof(struct vt_mode)); 627 if (rc) 628 ret = -EFAULT; 629 break; 630 } 631 632 /* 633 * Returns global vt state. Note that VT 0 is always open, since 634 * it's an alias for the current VT, and people can't use it here. 635 * We cannot return state for more than 16 VTs, since v_state is short. 636 */ 637 case VT_GETSTATE: 638 { 639 struct vt_stat __user *vtstat = up; 640 unsigned short state, mask; 641 642 /* Review: FIXME: Console lock ? */ 643 if (put_user(fg_console + 1, &vtstat->v_active)) 644 ret = -EFAULT; 645 else { 646 state = 1; /* /dev/tty0 is always open */ 647 for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask; 648 ++i, mask <<= 1) 649 if (VT_IS_IN_USE(i)) 650 state |= mask; 651 ret = put_user(state, &vtstat->v_state); 652 } 653 break; 654 } 655 656 /* 657 * Returns the first available (non-opened) console. 658 */ 659 case VT_OPENQRY: 660 /* FIXME: locking ? - but then this is a stupid API */ 661 for (i = 0; i < MAX_NR_CONSOLES; ++i) 662 if (! VT_IS_IN_USE(i)) 663 break; 664 uival = i < MAX_NR_CONSOLES ? (i+1) : -1; 665 goto setint; 666 667 /* 668 * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num, 669 * with num >= 1 (switches to vt 0, our console, are not allowed, just 670 * to preserve sanity). 671 */ 672 case VT_ACTIVATE: 673 if (!perm) 674 return -EPERM; 675 if (arg == 0 || arg > MAX_NR_CONSOLES) 676 ret = -ENXIO; 677 else { 678 arg--; 679 console_lock(); 680 ret = vc_allocate(arg); 681 console_unlock(); 682 if (ret) 683 break; 684 set_console(arg); 685 } 686 break; 687 688 case VT_SETACTIVATE: 689 { 690 struct vt_setactivate vsa; 691 692 if (!perm) 693 return -EPERM; 694 695 if (copy_from_user(&vsa, (struct vt_setactivate __user *)arg, 696 sizeof(struct vt_setactivate))) { 697 ret = -EFAULT; 698 goto out; 699 } 700 if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES) 701 ret = -ENXIO; 702 else { 703 vsa.console--; 704 console_lock(); 705 ret = vc_allocate(vsa.console); 706 if (ret == 0) { 707 struct vc_data *nvc; 708 /* This is safe providing we don't drop the 709 console sem between vc_allocate and 710 finishing referencing nvc */ 711 nvc = vc_cons[vsa.console].d; 712 nvc->vt_mode = vsa.mode; 713 nvc->vt_mode.frsig = 0; 714 put_pid(nvc->vt_pid); 715 nvc->vt_pid = get_pid(task_pid(current)); 716 } 717 console_unlock(); 718 if (ret) 719 break; 720 /* Commence switch and lock */ 721 /* Review set_console locks */ 722 set_console(vsa.console); 723 } 724 break; 725 } 726 727 /* 728 * wait until the specified VT has been activated 729 */ 730 case VT_WAITACTIVE: 731 if (!perm) 732 return -EPERM; 733 if (arg == 0 || arg > MAX_NR_CONSOLES) 734 ret = -ENXIO; 735 else 736 ret = vt_waitactive(arg); 737 break; 738 739 /* 740 * If a vt is under process control, the kernel will not switch to it 741 * immediately, but postpone the operation until the process calls this 742 * ioctl, allowing the switch to complete. 743 * 744 * According to the X sources this is the behavior: 745 * 0: pending switch-from not OK 746 * 1: pending switch-from OK 747 * 2: completed switch-to OK 748 */ 749 case VT_RELDISP: 750 if (!perm) 751 return -EPERM; 752 753 console_lock(); 754 if (vc->vt_mode.mode != VT_PROCESS) { 755 console_unlock(); 756 ret = -EINVAL; 757 break; 758 } 759 /* 760 * Switching-from response 761 */ 762 if (vc->vt_newvt >= 0) { 763 if (arg == 0) 764 /* 765 * Switch disallowed, so forget we were trying 766 * to do it. 767 */ 768 vc->vt_newvt = -1; 769 770 else { 771 /* 772 * The current vt has been released, so 773 * complete the switch. 774 */ 775 int newvt; 776 newvt = vc->vt_newvt; 777 vc->vt_newvt = -1; 778 ret = vc_allocate(newvt); 779 if (ret) { 780 console_unlock(); 781 break; 782 } 783 /* 784 * When we actually do the console switch, 785 * make sure we are atomic with respect to 786 * other console switches.. 787 */ 788 complete_change_console(vc_cons[newvt].d); 789 } 790 } else { 791 /* 792 * Switched-to response 793 */ 794 /* 795 * If it's just an ACK, ignore it 796 */ 797 if (arg != VT_ACKACQ) 798 ret = -EINVAL; 799 } 800 console_unlock(); 801 break; 802 803 /* 804 * Disallocate memory associated to VT (but leave VT1) 805 */ 806 case VT_DISALLOCATE: 807 if (arg > MAX_NR_CONSOLES) { 808 ret = -ENXIO; 809 break; 810 } 811 if (arg == 0) 812 vt_disallocate_all(); 813 else 814 ret = vt_disallocate(--arg); 815 break; 816 817 case VT_RESIZE: 818 { 819 struct vt_sizes __user *vtsizes = up; 820 struct vc_data *vc; 821 822 ushort ll,cc; 823 if (!perm) 824 return -EPERM; 825 if (get_user(ll, &vtsizes->v_rows) || 826 get_user(cc, &vtsizes->v_cols)) 827 ret = -EFAULT; 828 else { 829 console_lock(); 830 for (i = 0; i < MAX_NR_CONSOLES; i++) { 831 vc = vc_cons[i].d; 832 833 if (vc) { 834 vc->vc_resize_user = 1; 835 /* FIXME: review v tty lock */ 836 vc_resize(vc_cons[i].d, cc, ll); 837 } 838 } 839 console_unlock(); 840 } 841 break; 842 } 843 844 case VT_RESIZEX: 845 { 846 struct vt_consize __user *vtconsize = up; 847 ushort ll,cc,vlin,clin,vcol,ccol; 848 if (!perm) 849 return -EPERM; 850 if (!access_ok(VERIFY_READ, vtconsize, 851 sizeof(struct vt_consize))) { 852 ret = -EFAULT; 853 break; 854 } 855 /* FIXME: Should check the copies properly */ 856 __get_user(ll, &vtconsize->v_rows); 857 __get_user(cc, &vtconsize->v_cols); 858 __get_user(vlin, &vtconsize->v_vlin); 859 __get_user(clin, &vtconsize->v_clin); 860 __get_user(vcol, &vtconsize->v_vcol); 861 __get_user(ccol, &vtconsize->v_ccol); 862 vlin = vlin ? vlin : vc->vc_scan_lines; 863 if (clin) { 864 if (ll) { 865 if (ll != vlin/clin) { 866 /* Parameters don't add up */ 867 ret = -EINVAL; 868 break; 869 } 870 } else 871 ll = vlin/clin; 872 } 873 if (vcol && ccol) { 874 if (cc) { 875 if (cc != vcol/ccol) { 876 ret = -EINVAL; 877 break; 878 } 879 } else 880 cc = vcol/ccol; 881 } 882 883 if (clin > 32) { 884 ret = -EINVAL; 885 break; 886 } 887 888 for (i = 0; i < MAX_NR_CONSOLES; i++) { 889 if (!vc_cons[i].d) 890 continue; 891 console_lock(); 892 if (vlin) 893 vc_cons[i].d->vc_scan_lines = vlin; 894 if (clin) 895 vc_cons[i].d->vc_font.height = clin; 896 vc_cons[i].d->vc_resize_user = 1; 897 vc_resize(vc_cons[i].d, cc, ll); 898 console_unlock(); 899 } 900 break; 901 } 902 903 case PIO_FONT: { 904 if (!perm) 905 return -EPERM; 906 op.op = KD_FONT_OP_SET; 907 op.flags = KD_FONT_FLAG_OLD | KD_FONT_FLAG_DONT_RECALC; /* Compatibility */ 908 op.width = 8; 909 op.height = 0; 910 op.charcount = 256; 911 op.data = up; 912 ret = con_font_op(vc_cons[fg_console].d, &op); 913 break; 914 } 915 916 case GIO_FONT: { 917 op.op = KD_FONT_OP_GET; 918 op.flags = KD_FONT_FLAG_OLD; 919 op.width = 8; 920 op.height = 32; 921 op.charcount = 256; 922 op.data = up; 923 ret = con_font_op(vc_cons[fg_console].d, &op); 924 break; 925 } 926 927 case PIO_CMAP: 928 if (!perm) 929 ret = -EPERM; 930 else 931 ret = con_set_cmap(up); 932 break; 933 934 case GIO_CMAP: 935 ret = con_get_cmap(up); 936 break; 937 938 case PIO_FONTX: 939 case GIO_FONTX: 940 ret = do_fontx_ioctl(cmd, up, perm, &op); 941 break; 942 943 case PIO_FONTRESET: 944 { 945 if (!perm) 946 return -EPERM; 947 948 #ifdef BROKEN_GRAPHICS_PROGRAMS 949 /* With BROKEN_GRAPHICS_PROGRAMS defined, the default 950 font is not saved. */ 951 ret = -ENOSYS; 952 break; 953 #else 954 { 955 op.op = KD_FONT_OP_SET_DEFAULT; 956 op.data = NULL; 957 ret = con_font_op(vc_cons[fg_console].d, &op); 958 if (ret) 959 break; 960 console_lock(); 961 con_set_default_unimap(vc_cons[fg_console].d); 962 console_unlock(); 963 break; 964 } 965 #endif 966 } 967 968 case KDFONTOP: { 969 if (copy_from_user(&op, up, sizeof(op))) { 970 ret = -EFAULT; 971 break; 972 } 973 if (!perm && op.op != KD_FONT_OP_GET) 974 return -EPERM; 975 ret = con_font_op(vc, &op); 976 if (ret) 977 break; 978 if (copy_to_user(up, &op, sizeof(op))) 979 ret = -EFAULT; 980 break; 981 } 982 983 case PIO_SCRNMAP: 984 if (!perm) 985 ret = -EPERM; 986 else 987 ret = con_set_trans_old(up); 988 break; 989 990 case GIO_SCRNMAP: 991 ret = con_get_trans_old(up); 992 break; 993 994 case PIO_UNISCRNMAP: 995 if (!perm) 996 ret = -EPERM; 997 else 998 ret = con_set_trans_new(up); 999 break; 1000 1001 case GIO_UNISCRNMAP: 1002 ret = con_get_trans_new(up); 1003 break; 1004 1005 case PIO_UNIMAPCLR: 1006 if (!perm) 1007 return -EPERM; 1008 con_clear_unimap(vc); 1009 break; 1010 1011 case PIO_UNIMAP: 1012 case GIO_UNIMAP: 1013 ret = do_unimap_ioctl(cmd, up, perm, vc); 1014 break; 1015 1016 case VT_LOCKSWITCH: 1017 if (!capable(CAP_SYS_TTY_CONFIG)) 1018 return -EPERM; 1019 vt_dont_switch = 1; 1020 break; 1021 case VT_UNLOCKSWITCH: 1022 if (!capable(CAP_SYS_TTY_CONFIG)) 1023 return -EPERM; 1024 vt_dont_switch = 0; 1025 break; 1026 case VT_GETHIFONTMASK: 1027 ret = put_user(vc->vc_hi_font_mask, 1028 (unsigned short __user *)arg); 1029 break; 1030 case VT_WAITEVENT: 1031 ret = vt_event_wait_ioctl((struct vt_event __user *)arg); 1032 break; 1033 default: 1034 ret = -ENOIOCTLCMD; 1035 } 1036 out: 1037 return ret; 1038 } 1039 1040 void reset_vc(struct vc_data *vc) 1041 { 1042 vc->vc_mode = KD_TEXT; 1043 vt_reset_unicode(vc->vc_num); 1044 vc->vt_mode.mode = VT_AUTO; 1045 vc->vt_mode.waitv = 0; 1046 vc->vt_mode.relsig = 0; 1047 vc->vt_mode.acqsig = 0; 1048 vc->vt_mode.frsig = 0; 1049 put_pid(vc->vt_pid); 1050 vc->vt_pid = NULL; 1051 vc->vt_newvt = -1; 1052 if (!in_interrupt()) /* Via keyboard.c:SAK() - akpm */ 1053 reset_palette(vc); 1054 } 1055 1056 void vc_SAK(struct work_struct *work) 1057 { 1058 struct vc *vc_con = 1059 container_of(work, struct vc, SAK_work); 1060 struct vc_data *vc; 1061 struct tty_struct *tty; 1062 1063 console_lock(); 1064 vc = vc_con->d; 1065 if (vc) { 1066 /* FIXME: review tty ref counting */ 1067 tty = vc->port.tty; 1068 /* 1069 * SAK should also work in all raw modes and reset 1070 * them properly. 1071 */ 1072 if (tty) 1073 __do_SAK(tty); 1074 reset_vc(vc); 1075 } 1076 console_unlock(); 1077 } 1078 1079 #ifdef CONFIG_COMPAT 1080 1081 struct compat_consolefontdesc { 1082 unsigned short charcount; /* characters in font (256 or 512) */ 1083 unsigned short charheight; /* scan lines per character (1-32) */ 1084 compat_caddr_t chardata; /* font data in expanded form */ 1085 }; 1086 1087 static inline int 1088 compat_fontx_ioctl(int cmd, struct compat_consolefontdesc __user *user_cfd, 1089 int perm, struct console_font_op *op) 1090 { 1091 struct compat_consolefontdesc cfdarg; 1092 int i; 1093 1094 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct compat_consolefontdesc))) 1095 return -EFAULT; 1096 1097 switch (cmd) { 1098 case PIO_FONTX: 1099 if (!perm) 1100 return -EPERM; 1101 op->op = KD_FONT_OP_SET; 1102 op->flags = KD_FONT_FLAG_OLD; 1103 op->width = 8; 1104 op->height = cfdarg.charheight; 1105 op->charcount = cfdarg.charcount; 1106 op->data = compat_ptr(cfdarg.chardata); 1107 return con_font_op(vc_cons[fg_console].d, op); 1108 case GIO_FONTX: 1109 op->op = KD_FONT_OP_GET; 1110 op->flags = KD_FONT_FLAG_OLD; 1111 op->width = 8; 1112 op->height = cfdarg.charheight; 1113 op->charcount = cfdarg.charcount; 1114 op->data = compat_ptr(cfdarg.chardata); 1115 i = con_font_op(vc_cons[fg_console].d, op); 1116 if (i) 1117 return i; 1118 cfdarg.charheight = op->height; 1119 cfdarg.charcount = op->charcount; 1120 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct compat_consolefontdesc))) 1121 return -EFAULT; 1122 return 0; 1123 } 1124 return -EINVAL; 1125 } 1126 1127 struct compat_console_font_op { 1128 compat_uint_t op; /* operation code KD_FONT_OP_* */ 1129 compat_uint_t flags; /* KD_FONT_FLAG_* */ 1130 compat_uint_t width, height; /* font size */ 1131 compat_uint_t charcount; 1132 compat_caddr_t data; /* font data with height fixed to 32 */ 1133 }; 1134 1135 static inline int 1136 compat_kdfontop_ioctl(struct compat_console_font_op __user *fontop, 1137 int perm, struct console_font_op *op, struct vc_data *vc) 1138 { 1139 int i; 1140 1141 if (copy_from_user(op, fontop, sizeof(struct compat_console_font_op))) 1142 return -EFAULT; 1143 if (!perm && op->op != KD_FONT_OP_GET) 1144 return -EPERM; 1145 op->data = compat_ptr(((struct compat_console_font_op *)op)->data); 1146 i = con_font_op(vc, op); 1147 if (i) 1148 return i; 1149 ((struct compat_console_font_op *)op)->data = (unsigned long)op->data; 1150 if (copy_to_user(fontop, op, sizeof(struct compat_console_font_op))) 1151 return -EFAULT; 1152 return 0; 1153 } 1154 1155 struct compat_unimapdesc { 1156 unsigned short entry_ct; 1157 compat_caddr_t entries; 1158 }; 1159 1160 static inline int 1161 compat_unimap_ioctl(unsigned int cmd, struct compat_unimapdesc __user *user_ud, 1162 int perm, struct vc_data *vc) 1163 { 1164 struct compat_unimapdesc tmp; 1165 struct unipair __user *tmp_entries; 1166 1167 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 1168 return -EFAULT; 1169 tmp_entries = compat_ptr(tmp.entries); 1170 switch (cmd) { 1171 case PIO_UNIMAP: 1172 if (!perm) 1173 return -EPERM; 1174 return con_set_unimap(vc, tmp.entry_ct, tmp_entries); 1175 case GIO_UNIMAP: 1176 if (!perm && fg_console != vc->vc_num) 1177 return -EPERM; 1178 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp_entries); 1179 } 1180 return 0; 1181 } 1182 1183 long vt_compat_ioctl(struct tty_struct *tty, 1184 unsigned int cmd, unsigned long arg) 1185 { 1186 struct vc_data *vc = tty->driver_data; 1187 struct console_font_op op; /* used in multiple places here */ 1188 unsigned int console; 1189 void __user *up = (void __user *)arg; 1190 int perm; 1191 int ret = 0; 1192 1193 console = vc->vc_num; 1194 1195 if (!vc_cons_allocated(console)) { /* impossible? */ 1196 ret = -ENOIOCTLCMD; 1197 goto out; 1198 } 1199 1200 /* 1201 * To have permissions to do most of the vt ioctls, we either have 1202 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 1203 */ 1204 perm = 0; 1205 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 1206 perm = 1; 1207 1208 switch (cmd) { 1209 /* 1210 * these need special handlers for incompatible data structures 1211 */ 1212 case PIO_FONTX: 1213 case GIO_FONTX: 1214 ret = compat_fontx_ioctl(cmd, up, perm, &op); 1215 break; 1216 1217 case KDFONTOP: 1218 ret = compat_kdfontop_ioctl(up, perm, &op, vc); 1219 break; 1220 1221 case PIO_UNIMAP: 1222 case GIO_UNIMAP: 1223 ret = compat_unimap_ioctl(cmd, up, perm, vc); 1224 break; 1225 1226 /* 1227 * all these treat 'arg' as an integer 1228 */ 1229 case KIOCSOUND: 1230 case KDMKTONE: 1231 #ifdef CONFIG_X86 1232 case KDADDIO: 1233 case KDDELIO: 1234 #endif 1235 case KDSETMODE: 1236 case KDMAPDISP: 1237 case KDUNMAPDISP: 1238 case KDSKBMODE: 1239 case KDSKBMETA: 1240 case KDSKBLED: 1241 case KDSETLED: 1242 case KDSIGACCEPT: 1243 case VT_ACTIVATE: 1244 case VT_WAITACTIVE: 1245 case VT_RELDISP: 1246 case VT_DISALLOCATE: 1247 case VT_RESIZE: 1248 case VT_RESIZEX: 1249 goto fallback; 1250 1251 /* 1252 * the rest has a compatible data structure behind arg, 1253 * but we have to convert it to a proper 64 bit pointer. 1254 */ 1255 default: 1256 arg = (unsigned long)compat_ptr(arg); 1257 goto fallback; 1258 } 1259 out: 1260 return ret; 1261 1262 fallback: 1263 return vt_ioctl(tty, cmd, arg); 1264 } 1265 1266 1267 #endif /* CONFIG_COMPAT */ 1268 1269 1270 /* 1271 * Performs the back end of a vt switch. Called under the console 1272 * semaphore. 1273 */ 1274 static void complete_change_console(struct vc_data *vc) 1275 { 1276 unsigned char old_vc_mode; 1277 int old = fg_console; 1278 1279 last_console = fg_console; 1280 1281 /* 1282 * If we're switching, we could be going from KD_GRAPHICS to 1283 * KD_TEXT mode or vice versa, which means we need to blank or 1284 * unblank the screen later. 1285 */ 1286 old_vc_mode = vc_cons[fg_console].d->vc_mode; 1287 switch_screen(vc); 1288 1289 /* 1290 * This can't appear below a successful kill_pid(). If it did, 1291 * then the *blank_screen operation could occur while X, having 1292 * received acqsig, is waking up on another processor. This 1293 * condition can lead to overlapping accesses to the VGA range 1294 * and the framebuffer (causing system lockups). 1295 * 1296 * To account for this we duplicate this code below only if the 1297 * controlling process is gone and we've called reset_vc. 1298 */ 1299 if (old_vc_mode != vc->vc_mode) { 1300 if (vc->vc_mode == KD_TEXT) 1301 do_unblank_screen(1); 1302 else 1303 do_blank_screen(1); 1304 } 1305 1306 /* 1307 * If this new console is under process control, send it a signal 1308 * telling it that it has acquired. Also check if it has died and 1309 * clean up (similar to logic employed in change_console()) 1310 */ 1311 if (vc->vt_mode.mode == VT_PROCESS) { 1312 /* 1313 * Send the signal as privileged - kill_pid() will 1314 * tell us if the process has gone or something else 1315 * is awry 1316 */ 1317 if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) { 1318 /* 1319 * The controlling process has died, so we revert back to 1320 * normal operation. In this case, we'll also change back 1321 * to KD_TEXT mode. I'm not sure if this is strictly correct 1322 * but it saves the agony when the X server dies and the screen 1323 * remains blanked due to KD_GRAPHICS! It would be nice to do 1324 * this outside of VT_PROCESS but there is no single process 1325 * to account for and tracking tty count may be undesirable. 1326 */ 1327 reset_vc(vc); 1328 1329 if (old_vc_mode != vc->vc_mode) { 1330 if (vc->vc_mode == KD_TEXT) 1331 do_unblank_screen(1); 1332 else 1333 do_blank_screen(1); 1334 } 1335 } 1336 } 1337 1338 /* 1339 * Wake anyone waiting for their VT to activate 1340 */ 1341 vt_event_post(VT_EVENT_SWITCH, old, vc->vc_num); 1342 return; 1343 } 1344 1345 /* 1346 * Performs the front-end of a vt switch 1347 */ 1348 void change_console(struct vc_data *new_vc) 1349 { 1350 struct vc_data *vc; 1351 1352 if (!new_vc || new_vc->vc_num == fg_console || vt_dont_switch) 1353 return; 1354 1355 /* 1356 * If this vt is in process mode, then we need to handshake with 1357 * that process before switching. Essentially, we store where that 1358 * vt wants to switch to and wait for it to tell us when it's done 1359 * (via VT_RELDISP ioctl). 1360 * 1361 * We also check to see if the controlling process still exists. 1362 * If it doesn't, we reset this vt to auto mode and continue. 1363 * This is a cheap way to track process control. The worst thing 1364 * that can happen is: we send a signal to a process, it dies, and 1365 * the switch gets "lost" waiting for a response; hopefully, the 1366 * user will try again, we'll detect the process is gone (unless 1367 * the user waits just the right amount of time :-) and revert the 1368 * vt to auto control. 1369 */ 1370 vc = vc_cons[fg_console].d; 1371 if (vc->vt_mode.mode == VT_PROCESS) { 1372 /* 1373 * Send the signal as privileged - kill_pid() will 1374 * tell us if the process has gone or something else 1375 * is awry. 1376 * 1377 * We need to set vt_newvt *before* sending the signal or we 1378 * have a race. 1379 */ 1380 vc->vt_newvt = new_vc->vc_num; 1381 if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) { 1382 /* 1383 * It worked. Mark the vt to switch to and 1384 * return. The process needs to send us a 1385 * VT_RELDISP ioctl to complete the switch. 1386 */ 1387 return; 1388 } 1389 1390 /* 1391 * The controlling process has died, so we revert back to 1392 * normal operation. In this case, we'll also change back 1393 * to KD_TEXT mode. I'm not sure if this is strictly correct 1394 * but it saves the agony when the X server dies and the screen 1395 * remains blanked due to KD_GRAPHICS! It would be nice to do 1396 * this outside of VT_PROCESS but there is no single process 1397 * to account for and tracking tty count may be undesirable. 1398 */ 1399 reset_vc(vc); 1400 1401 /* 1402 * Fall through to normal (VT_AUTO) handling of the switch... 1403 */ 1404 } 1405 1406 /* 1407 * Ignore all switches in KD_GRAPHICS+VT_AUTO mode 1408 */ 1409 if (vc->vc_mode == KD_GRAPHICS) 1410 return; 1411 1412 complete_change_console(new_vc); 1413 } 1414 1415 /* Perform a kernel triggered VT switch for suspend/resume */ 1416 1417 static int disable_vt_switch; 1418 1419 int vt_move_to_console(unsigned int vt, int alloc) 1420 { 1421 int prev; 1422 1423 console_lock(); 1424 /* Graphics mode - up to X */ 1425 if (disable_vt_switch) { 1426 console_unlock(); 1427 return 0; 1428 } 1429 prev = fg_console; 1430 1431 if (alloc && vc_allocate(vt)) { 1432 /* we can't have a free VC for now. Too bad, 1433 * we don't want to mess the screen for now. */ 1434 console_unlock(); 1435 return -ENOSPC; 1436 } 1437 1438 if (set_console(vt)) { 1439 /* 1440 * We're unable to switch to the SUSPEND_CONSOLE. 1441 * Let the calling function know so it can decide 1442 * what to do. 1443 */ 1444 console_unlock(); 1445 return -EIO; 1446 } 1447 console_unlock(); 1448 if (vt_waitactive(vt + 1)) { 1449 pr_debug("Suspend: Can't switch VCs."); 1450 return -EINTR; 1451 } 1452 return prev; 1453 } 1454 1455 /* 1456 * Normally during a suspend, we allocate a new console and switch to it. 1457 * When we resume, we switch back to the original console. This switch 1458 * can be slow, so on systems where the framebuffer can handle restoration 1459 * of video registers anyways, there's little point in doing the console 1460 * switch. This function allows you to disable it by passing it '0'. 1461 */ 1462 void pm_set_vt_switch(int do_switch) 1463 { 1464 console_lock(); 1465 disable_vt_switch = !do_switch; 1466 console_unlock(); 1467 } 1468 EXPORT_SYMBOL(pm_set_vt_switch); 1469