1 /* 2 * Copyright (C) 1992 obz under the linux copyright 3 * 4 * Dynamic diacritical handling - aeb@cwi.nl - Dec 1993 5 * Dynamic keymap and string allocation - aeb@cwi.nl - May 1994 6 * Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995 7 * Some code moved for less code duplication - Andi Kleen - Mar 1997 8 * Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001 9 */ 10 11 #include <linux/types.h> 12 #include <linux/errno.h> 13 #include <linux/sched.h> 14 #include <linux/tty.h> 15 #include <linux/timer.h> 16 #include <linux/kernel.h> 17 #include <linux/compat.h> 18 #include <linux/module.h> 19 #include <linux/kd.h> 20 #include <linux/vt.h> 21 #include <linux/string.h> 22 #include <linux/slab.h> 23 #include <linux/major.h> 24 #include <linux/fs.h> 25 #include <linux/console.h> 26 #include <linux/consolemap.h> 27 #include <linux/signal.h> 28 #include <linux/suspend.h> 29 #include <linux/timex.h> 30 31 #include <asm/io.h> 32 #include <asm/uaccess.h> 33 34 #include <linux/kbd_kern.h> 35 #include <linux/vt_kern.h> 36 #include <linux/kbd_diacr.h> 37 #include <linux/selection.h> 38 39 char vt_dont_switch; 40 extern struct tty_driver *console_driver; 41 42 #define VT_IS_IN_USE(i) (console_driver->ttys[i] && console_driver->ttys[i]->count) 43 #define VT_BUSY(i) (VT_IS_IN_USE(i) || i == fg_console || vc_cons[i].d == sel_cons) 44 45 /* 46 * Console (vt and kd) routines, as defined by USL SVR4 manual, and by 47 * experimentation and study of X386 SYSV handling. 48 * 49 * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and 50 * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console, 51 * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will 52 * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to 53 * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using 54 * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing 55 * to the current console is done by the main ioctl code. 56 */ 57 58 #ifdef CONFIG_X86 59 #include <linux/syscalls.h> 60 #endif 61 62 static void complete_change_console(struct vc_data *vc); 63 64 /* 65 * User space VT_EVENT handlers 66 */ 67 68 struct vt_event_wait { 69 struct list_head list; 70 struct vt_event event; 71 int done; 72 }; 73 74 static LIST_HEAD(vt_events); 75 static DEFINE_SPINLOCK(vt_event_lock); 76 static DECLARE_WAIT_QUEUE_HEAD(vt_event_waitqueue); 77 78 /** 79 * vt_event_post 80 * @event: the event that occurred 81 * @old: old console 82 * @new: new console 83 * 84 * Post an VT event to interested VT handlers 85 */ 86 87 void vt_event_post(unsigned int event, unsigned int old, unsigned int new) 88 { 89 struct list_head *pos, *head; 90 unsigned long flags; 91 int wake = 0; 92 93 spin_lock_irqsave(&vt_event_lock, flags); 94 head = &vt_events; 95 96 list_for_each(pos, head) { 97 struct vt_event_wait *ve = list_entry(pos, 98 struct vt_event_wait, list); 99 if (!(ve->event.event & event)) 100 continue; 101 ve->event.event = event; 102 /* kernel view is consoles 0..n-1, user space view is 103 console 1..n with 0 meaning current, so we must bias */ 104 ve->event.oldev = old + 1; 105 ve->event.newev = new + 1; 106 wake = 1; 107 ve->done = 1; 108 } 109 spin_unlock_irqrestore(&vt_event_lock, flags); 110 if (wake) 111 wake_up_interruptible(&vt_event_waitqueue); 112 } 113 114 static void __vt_event_queue(struct vt_event_wait *vw) 115 { 116 unsigned long flags; 117 /* Prepare the event */ 118 INIT_LIST_HEAD(&vw->list); 119 vw->done = 0; 120 /* Queue our event */ 121 spin_lock_irqsave(&vt_event_lock, flags); 122 list_add(&vw->list, &vt_events); 123 spin_unlock_irqrestore(&vt_event_lock, flags); 124 } 125 126 static void __vt_event_wait(struct vt_event_wait *vw) 127 { 128 /* Wait for it to pass */ 129 wait_event_interruptible(vt_event_waitqueue, vw->done); 130 } 131 132 static void __vt_event_dequeue(struct vt_event_wait *vw) 133 { 134 unsigned long flags; 135 136 /* Dequeue it */ 137 spin_lock_irqsave(&vt_event_lock, flags); 138 list_del(&vw->list); 139 spin_unlock_irqrestore(&vt_event_lock, flags); 140 } 141 142 /** 143 * vt_event_wait - wait for an event 144 * @vw: our event 145 * 146 * Waits for an event to occur which completes our vt_event_wait 147 * structure. On return the structure has wv->done set to 1 for success 148 * or 0 if some event such as a signal ended the wait. 149 */ 150 151 static void vt_event_wait(struct vt_event_wait *vw) 152 { 153 __vt_event_queue(vw); 154 __vt_event_wait(vw); 155 __vt_event_dequeue(vw); 156 } 157 158 /** 159 * vt_event_wait_ioctl - event ioctl handler 160 * @arg: argument to ioctl 161 * 162 * Implement the VT_WAITEVENT ioctl using the VT event interface 163 */ 164 165 static int vt_event_wait_ioctl(struct vt_event __user *event) 166 { 167 struct vt_event_wait vw; 168 169 if (copy_from_user(&vw.event, event, sizeof(struct vt_event))) 170 return -EFAULT; 171 /* Highest supported event for now */ 172 if (vw.event.event & ~VT_MAX_EVENT) 173 return -EINVAL; 174 175 vt_event_wait(&vw); 176 /* If it occurred report it */ 177 if (vw.done) { 178 if (copy_to_user(event, &vw.event, sizeof(struct vt_event))) 179 return -EFAULT; 180 return 0; 181 } 182 return -EINTR; 183 } 184 185 /** 186 * vt_waitactive - active console wait 187 * @event: event code 188 * @n: new console 189 * 190 * Helper for event waits. Used to implement the legacy 191 * event waiting ioctls in terms of events 192 */ 193 194 int vt_waitactive(int n) 195 { 196 struct vt_event_wait vw; 197 do { 198 vw.event.event = VT_EVENT_SWITCH; 199 __vt_event_queue(&vw); 200 if (n == fg_console + 1) { 201 __vt_event_dequeue(&vw); 202 break; 203 } 204 __vt_event_wait(&vw); 205 __vt_event_dequeue(&vw); 206 if (vw.done == 0) 207 return -EINTR; 208 } while (vw.event.newev != n); 209 return 0; 210 } 211 212 /* 213 * these are the valid i/o ports we're allowed to change. they map all the 214 * video ports 215 */ 216 #define GPFIRST 0x3b4 217 #define GPLAST 0x3df 218 #define GPNUM (GPLAST - GPFIRST + 1) 219 220 221 222 static inline int 223 do_fontx_ioctl(int cmd, struct consolefontdesc __user *user_cfd, int perm, struct console_font_op *op) 224 { 225 struct consolefontdesc cfdarg; 226 int i; 227 228 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct consolefontdesc))) 229 return -EFAULT; 230 231 switch (cmd) { 232 case PIO_FONTX: 233 if (!perm) 234 return -EPERM; 235 op->op = KD_FONT_OP_SET; 236 op->flags = KD_FONT_FLAG_OLD; 237 op->width = 8; 238 op->height = cfdarg.charheight; 239 op->charcount = cfdarg.charcount; 240 op->data = cfdarg.chardata; 241 return con_font_op(vc_cons[fg_console].d, op); 242 case GIO_FONTX: { 243 op->op = KD_FONT_OP_GET; 244 op->flags = KD_FONT_FLAG_OLD; 245 op->width = 8; 246 op->height = cfdarg.charheight; 247 op->charcount = cfdarg.charcount; 248 op->data = cfdarg.chardata; 249 i = con_font_op(vc_cons[fg_console].d, op); 250 if (i) 251 return i; 252 cfdarg.charheight = op->height; 253 cfdarg.charcount = op->charcount; 254 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct consolefontdesc))) 255 return -EFAULT; 256 return 0; 257 } 258 } 259 return -EINVAL; 260 } 261 262 static inline int 263 do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud, int perm, struct vc_data *vc) 264 { 265 struct unimapdesc tmp; 266 267 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 268 return -EFAULT; 269 if (tmp.entries) 270 if (!access_ok(VERIFY_WRITE, tmp.entries, 271 tmp.entry_ct*sizeof(struct unipair))) 272 return -EFAULT; 273 switch (cmd) { 274 case PIO_UNIMAP: 275 if (!perm) 276 return -EPERM; 277 return con_set_unimap(vc, tmp.entry_ct, tmp.entries); 278 case GIO_UNIMAP: 279 if (!perm && fg_console != vc->vc_num) 280 return -EPERM; 281 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp.entries); 282 } 283 return 0; 284 } 285 286 287 288 /* 289 * We handle the console-specific ioctl's here. We allow the 290 * capability to modify any console, not just the fg_console. 291 */ 292 int vt_ioctl(struct tty_struct *tty, 293 unsigned int cmd, unsigned long arg) 294 { 295 struct vc_data *vc = tty->driver_data; 296 struct console_font_op op; /* used in multiple places here */ 297 unsigned int console; 298 unsigned char ucval; 299 unsigned int uival; 300 void __user *up = (void __user *)arg; 301 int i, perm; 302 int ret = 0; 303 304 console = vc->vc_num; 305 306 307 if (!vc_cons_allocated(console)) { /* impossible? */ 308 ret = -ENOIOCTLCMD; 309 goto out; 310 } 311 312 313 /* 314 * To have permissions to do most of the vt ioctls, we either have 315 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 316 */ 317 perm = 0; 318 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 319 perm = 1; 320 321 switch (cmd) { 322 case TIOCLINUX: 323 ret = tioclinux(tty, arg); 324 break; 325 case KIOCSOUND: 326 if (!perm) 327 return -EPERM; 328 /* 329 * The use of PIT_TICK_RATE is historic, it used to be 330 * the platform-dependent CLOCK_TICK_RATE between 2.6.12 331 * and 2.6.36, which was a minor but unfortunate ABI 332 * change. kd_mksound is locked by the input layer. 333 */ 334 if (arg) 335 arg = PIT_TICK_RATE / arg; 336 kd_mksound(arg, 0); 337 break; 338 339 case KDMKTONE: 340 if (!perm) 341 return -EPERM; 342 { 343 unsigned int ticks, count; 344 345 /* 346 * Generate the tone for the appropriate number of ticks. 347 * If the time is zero, turn off sound ourselves. 348 */ 349 ticks = HZ * ((arg >> 16) & 0xffff) / 1000; 350 count = ticks ? (arg & 0xffff) : 0; 351 if (count) 352 count = PIT_TICK_RATE / count; 353 kd_mksound(count, ticks); 354 break; 355 } 356 357 case KDGKBTYPE: 358 /* 359 * this is naïve. 360 */ 361 ucval = KB_101; 362 ret = put_user(ucval, (char __user *)arg); 363 break; 364 365 /* 366 * These cannot be implemented on any machine that implements 367 * ioperm() in user level (such as Alpha PCs) or not at all. 368 * 369 * XXX: you should never use these, just call ioperm directly.. 370 */ 371 #ifdef CONFIG_X86 372 case KDADDIO: 373 case KDDELIO: 374 /* 375 * KDADDIO and KDDELIO may be able to add ports beyond what 376 * we reject here, but to be safe... 377 * 378 * These are locked internally via sys_ioperm 379 */ 380 if (arg < GPFIRST || arg > GPLAST) { 381 ret = -EINVAL; 382 break; 383 } 384 ret = sys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0; 385 break; 386 387 case KDENABIO: 388 case KDDISABIO: 389 ret = sys_ioperm(GPFIRST, GPNUM, 390 (cmd == KDENABIO)) ? -ENXIO : 0; 391 break; 392 #endif 393 394 /* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */ 395 396 case KDKBDREP: 397 { 398 struct kbd_repeat kbrep; 399 400 if (!capable(CAP_SYS_TTY_CONFIG)) 401 return -EPERM; 402 403 if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat))) { 404 ret = -EFAULT; 405 break; 406 } 407 ret = kbd_rate(&kbrep); 408 if (ret) 409 break; 410 if (copy_to_user(up, &kbrep, sizeof(struct kbd_repeat))) 411 ret = -EFAULT; 412 break; 413 } 414 415 case KDSETMODE: 416 /* 417 * currently, setting the mode from KD_TEXT to KD_GRAPHICS 418 * doesn't do a whole lot. i'm not sure if it should do any 419 * restoration of modes or what... 420 * 421 * XXX It should at least call into the driver, fbdev's definitely 422 * need to restore their engine state. --BenH 423 */ 424 if (!perm) 425 return -EPERM; 426 switch (arg) { 427 case KD_GRAPHICS: 428 break; 429 case KD_TEXT0: 430 case KD_TEXT1: 431 arg = KD_TEXT; 432 case KD_TEXT: 433 break; 434 default: 435 ret = -EINVAL; 436 goto out; 437 } 438 /* FIXME: this needs the console lock extending */ 439 if (vc->vc_mode == (unsigned char) arg) 440 break; 441 vc->vc_mode = (unsigned char) arg; 442 if (console != fg_console) 443 break; 444 /* 445 * explicitly blank/unblank the screen if switching modes 446 */ 447 console_lock(); 448 if (arg == KD_TEXT) 449 do_unblank_screen(1); 450 else 451 do_blank_screen(1); 452 console_unlock(); 453 break; 454 455 case KDGETMODE: 456 uival = vc->vc_mode; 457 goto setint; 458 459 case KDMAPDISP: 460 case KDUNMAPDISP: 461 /* 462 * these work like a combination of mmap and KDENABIO. 463 * this could be easily finished. 464 */ 465 ret = -EINVAL; 466 break; 467 468 case KDSKBMODE: 469 if (!perm) 470 return -EPERM; 471 ret = vt_do_kdskbmode(console, arg); 472 if (ret == 0) 473 tty_ldisc_flush(tty); 474 break; 475 476 case KDGKBMODE: 477 uival = vt_do_kdgkbmode(console); 478 ret = put_user(uival, (int __user *)arg); 479 break; 480 481 /* this could be folded into KDSKBMODE, but for compatibility 482 reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */ 483 case KDSKBMETA: 484 ret = vt_do_kdskbmeta(console, arg); 485 break; 486 487 case KDGKBMETA: 488 /* FIXME: should review whether this is worth locking */ 489 uival = vt_do_kdgkbmeta(console); 490 setint: 491 ret = put_user(uival, (int __user *)arg); 492 break; 493 494 case KDGETKEYCODE: 495 case KDSETKEYCODE: 496 if(!capable(CAP_SYS_TTY_CONFIG)) 497 perm = 0; 498 ret = vt_do_kbkeycode_ioctl(cmd, up, perm); 499 break; 500 501 case KDGKBENT: 502 case KDSKBENT: 503 ret = vt_do_kdsk_ioctl(cmd, up, perm, console); 504 break; 505 506 case KDGKBSENT: 507 case KDSKBSENT: 508 ret = vt_do_kdgkb_ioctl(cmd, up, perm); 509 break; 510 511 /* Diacritical processing. Handled in keyboard.c as it has 512 to operate on the keyboard locks and structures */ 513 case KDGKBDIACR: 514 case KDGKBDIACRUC: 515 case KDSKBDIACR: 516 case KDSKBDIACRUC: 517 ret = vt_do_diacrit(cmd, up, perm); 518 break; 519 520 /* the ioctls below read/set the flags usually shown in the leds */ 521 /* don't use them - they will go away without warning */ 522 case KDGKBLED: 523 case KDSKBLED: 524 case KDGETLED: 525 case KDSETLED: 526 ret = vt_do_kdskled(console, cmd, arg, perm); 527 break; 528 529 /* 530 * A process can indicate its willingness to accept signals 531 * generated by pressing an appropriate key combination. 532 * Thus, one can have a daemon that e.g. spawns a new console 533 * upon a keypress and then changes to it. 534 * See also the kbrequest field of inittab(5). 535 */ 536 case KDSIGACCEPT: 537 { 538 if (!perm || !capable(CAP_KILL)) 539 return -EPERM; 540 if (!valid_signal(arg) || arg < 1 || arg == SIGKILL) 541 ret = -EINVAL; 542 else { 543 spin_lock_irq(&vt_spawn_con.lock); 544 put_pid(vt_spawn_con.pid); 545 vt_spawn_con.pid = get_pid(task_pid(current)); 546 vt_spawn_con.sig = arg; 547 spin_unlock_irq(&vt_spawn_con.lock); 548 } 549 break; 550 } 551 552 case VT_SETMODE: 553 { 554 struct vt_mode tmp; 555 556 if (!perm) 557 return -EPERM; 558 if (copy_from_user(&tmp, up, sizeof(struct vt_mode))) { 559 ret = -EFAULT; 560 goto out; 561 } 562 if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS) { 563 ret = -EINVAL; 564 goto out; 565 } 566 console_lock(); 567 vc->vt_mode = tmp; 568 /* the frsig is ignored, so we set it to 0 */ 569 vc->vt_mode.frsig = 0; 570 put_pid(vc->vt_pid); 571 vc->vt_pid = get_pid(task_pid(current)); 572 /* no switch is required -- saw@shade.msu.ru */ 573 vc->vt_newvt = -1; 574 console_unlock(); 575 break; 576 } 577 578 case VT_GETMODE: 579 { 580 struct vt_mode tmp; 581 int rc; 582 583 console_lock(); 584 memcpy(&tmp, &vc->vt_mode, sizeof(struct vt_mode)); 585 console_unlock(); 586 587 rc = copy_to_user(up, &tmp, sizeof(struct vt_mode)); 588 if (rc) 589 ret = -EFAULT; 590 break; 591 } 592 593 /* 594 * Returns global vt state. Note that VT 0 is always open, since 595 * it's an alias for the current VT, and people can't use it here. 596 * We cannot return state for more than 16 VTs, since v_state is short. 597 */ 598 case VT_GETSTATE: 599 { 600 struct vt_stat __user *vtstat = up; 601 unsigned short state, mask; 602 603 /* Review: FIXME: Console lock ? */ 604 if (put_user(fg_console + 1, &vtstat->v_active)) 605 ret = -EFAULT; 606 else { 607 state = 1; /* /dev/tty0 is always open */ 608 for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask; 609 ++i, mask <<= 1) 610 if (VT_IS_IN_USE(i)) 611 state |= mask; 612 ret = put_user(state, &vtstat->v_state); 613 } 614 break; 615 } 616 617 /* 618 * Returns the first available (non-opened) console. 619 */ 620 case VT_OPENQRY: 621 /* FIXME: locking ? - but then this is a stupid API */ 622 for (i = 0; i < MAX_NR_CONSOLES; ++i) 623 if (! VT_IS_IN_USE(i)) 624 break; 625 uival = i < MAX_NR_CONSOLES ? (i+1) : -1; 626 goto setint; 627 628 /* 629 * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num, 630 * with num >= 1 (switches to vt 0, our console, are not allowed, just 631 * to preserve sanity). 632 */ 633 case VT_ACTIVATE: 634 if (!perm) 635 return -EPERM; 636 if (arg == 0 || arg > MAX_NR_CONSOLES) 637 ret = -ENXIO; 638 else { 639 arg--; 640 console_lock(); 641 ret = vc_allocate(arg); 642 console_unlock(); 643 if (ret) 644 break; 645 set_console(arg); 646 } 647 break; 648 649 case VT_SETACTIVATE: 650 { 651 struct vt_setactivate vsa; 652 653 if (!perm) 654 return -EPERM; 655 656 if (copy_from_user(&vsa, (struct vt_setactivate __user *)arg, 657 sizeof(struct vt_setactivate))) { 658 ret = -EFAULT; 659 goto out; 660 } 661 if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES) 662 ret = -ENXIO; 663 else { 664 vsa.console--; 665 console_lock(); 666 ret = vc_allocate(vsa.console); 667 if (ret == 0) { 668 struct vc_data *nvc; 669 /* This is safe providing we don't drop the 670 console sem between vc_allocate and 671 finishing referencing nvc */ 672 nvc = vc_cons[vsa.console].d; 673 nvc->vt_mode = vsa.mode; 674 nvc->vt_mode.frsig = 0; 675 put_pid(nvc->vt_pid); 676 nvc->vt_pid = get_pid(task_pid(current)); 677 } 678 console_unlock(); 679 if (ret) 680 break; 681 /* Commence switch and lock */ 682 /* Review set_console locks */ 683 set_console(vsa.console); 684 } 685 break; 686 } 687 688 /* 689 * wait until the specified VT has been activated 690 */ 691 case VT_WAITACTIVE: 692 if (!perm) 693 return -EPERM; 694 if (arg == 0 || arg > MAX_NR_CONSOLES) 695 ret = -ENXIO; 696 else 697 ret = vt_waitactive(arg); 698 break; 699 700 /* 701 * If a vt is under process control, the kernel will not switch to it 702 * immediately, but postpone the operation until the process calls this 703 * ioctl, allowing the switch to complete. 704 * 705 * According to the X sources this is the behavior: 706 * 0: pending switch-from not OK 707 * 1: pending switch-from OK 708 * 2: completed switch-to OK 709 */ 710 case VT_RELDISP: 711 if (!perm) 712 return -EPERM; 713 714 console_lock(); 715 if (vc->vt_mode.mode != VT_PROCESS) { 716 console_unlock(); 717 ret = -EINVAL; 718 break; 719 } 720 /* 721 * Switching-from response 722 */ 723 if (vc->vt_newvt >= 0) { 724 if (arg == 0) 725 /* 726 * Switch disallowed, so forget we were trying 727 * to do it. 728 */ 729 vc->vt_newvt = -1; 730 731 else { 732 /* 733 * The current vt has been released, so 734 * complete the switch. 735 */ 736 int newvt; 737 newvt = vc->vt_newvt; 738 vc->vt_newvt = -1; 739 ret = vc_allocate(newvt); 740 if (ret) { 741 console_unlock(); 742 break; 743 } 744 /* 745 * When we actually do the console switch, 746 * make sure we are atomic with respect to 747 * other console switches.. 748 */ 749 complete_change_console(vc_cons[newvt].d); 750 } 751 } else { 752 /* 753 * Switched-to response 754 */ 755 /* 756 * If it's just an ACK, ignore it 757 */ 758 if (arg != VT_ACKACQ) 759 ret = -EINVAL; 760 } 761 console_unlock(); 762 break; 763 764 /* 765 * Disallocate memory associated to VT (but leave VT1) 766 */ 767 case VT_DISALLOCATE: 768 if (arg > MAX_NR_CONSOLES) { 769 ret = -ENXIO; 770 break; 771 } 772 if (arg == 0) { 773 /* deallocate all unused consoles, but leave 0 */ 774 console_lock(); 775 for (i=1; i<MAX_NR_CONSOLES; i++) 776 if (! VT_BUSY(i)) 777 vc_deallocate(i); 778 console_unlock(); 779 } else { 780 /* deallocate a single console, if possible */ 781 arg--; 782 if (VT_BUSY(arg)) 783 ret = -EBUSY; 784 else if (arg) { /* leave 0 */ 785 console_lock(); 786 vc_deallocate(arg); 787 console_unlock(); 788 } 789 } 790 break; 791 792 case VT_RESIZE: 793 { 794 struct vt_sizes __user *vtsizes = up; 795 struct vc_data *vc; 796 797 ushort ll,cc; 798 if (!perm) 799 return -EPERM; 800 if (get_user(ll, &vtsizes->v_rows) || 801 get_user(cc, &vtsizes->v_cols)) 802 ret = -EFAULT; 803 else { 804 console_lock(); 805 for (i = 0; i < MAX_NR_CONSOLES; i++) { 806 vc = vc_cons[i].d; 807 808 if (vc) { 809 vc->vc_resize_user = 1; 810 /* FIXME: review v tty lock */ 811 vc_resize(vc_cons[i].d, cc, ll); 812 } 813 } 814 console_unlock(); 815 } 816 break; 817 } 818 819 case VT_RESIZEX: 820 { 821 struct vt_consize __user *vtconsize = up; 822 ushort ll,cc,vlin,clin,vcol,ccol; 823 if (!perm) 824 return -EPERM; 825 if (!access_ok(VERIFY_READ, vtconsize, 826 sizeof(struct vt_consize))) { 827 ret = -EFAULT; 828 break; 829 } 830 /* FIXME: Should check the copies properly */ 831 __get_user(ll, &vtconsize->v_rows); 832 __get_user(cc, &vtconsize->v_cols); 833 __get_user(vlin, &vtconsize->v_vlin); 834 __get_user(clin, &vtconsize->v_clin); 835 __get_user(vcol, &vtconsize->v_vcol); 836 __get_user(ccol, &vtconsize->v_ccol); 837 vlin = vlin ? vlin : vc->vc_scan_lines; 838 if (clin) { 839 if (ll) { 840 if (ll != vlin/clin) { 841 /* Parameters don't add up */ 842 ret = -EINVAL; 843 break; 844 } 845 } else 846 ll = vlin/clin; 847 } 848 if (vcol && ccol) { 849 if (cc) { 850 if (cc != vcol/ccol) { 851 ret = -EINVAL; 852 break; 853 } 854 } else 855 cc = vcol/ccol; 856 } 857 858 if (clin > 32) { 859 ret = -EINVAL; 860 break; 861 } 862 863 for (i = 0; i < MAX_NR_CONSOLES; i++) { 864 if (!vc_cons[i].d) 865 continue; 866 console_lock(); 867 if (vlin) 868 vc_cons[i].d->vc_scan_lines = vlin; 869 if (clin) 870 vc_cons[i].d->vc_font.height = clin; 871 vc_cons[i].d->vc_resize_user = 1; 872 vc_resize(vc_cons[i].d, cc, ll); 873 console_unlock(); 874 } 875 break; 876 } 877 878 case PIO_FONT: { 879 if (!perm) 880 return -EPERM; 881 op.op = KD_FONT_OP_SET; 882 op.flags = KD_FONT_FLAG_OLD | KD_FONT_FLAG_DONT_RECALC; /* Compatibility */ 883 op.width = 8; 884 op.height = 0; 885 op.charcount = 256; 886 op.data = up; 887 ret = con_font_op(vc_cons[fg_console].d, &op); 888 break; 889 } 890 891 case GIO_FONT: { 892 op.op = KD_FONT_OP_GET; 893 op.flags = KD_FONT_FLAG_OLD; 894 op.width = 8; 895 op.height = 32; 896 op.charcount = 256; 897 op.data = up; 898 ret = con_font_op(vc_cons[fg_console].d, &op); 899 break; 900 } 901 902 case PIO_CMAP: 903 if (!perm) 904 ret = -EPERM; 905 else 906 ret = con_set_cmap(up); 907 break; 908 909 case GIO_CMAP: 910 ret = con_get_cmap(up); 911 break; 912 913 case PIO_FONTX: 914 case GIO_FONTX: 915 ret = do_fontx_ioctl(cmd, up, perm, &op); 916 break; 917 918 case PIO_FONTRESET: 919 { 920 if (!perm) 921 return -EPERM; 922 923 #ifdef BROKEN_GRAPHICS_PROGRAMS 924 /* With BROKEN_GRAPHICS_PROGRAMS defined, the default 925 font is not saved. */ 926 ret = -ENOSYS; 927 break; 928 #else 929 { 930 op.op = KD_FONT_OP_SET_DEFAULT; 931 op.data = NULL; 932 ret = con_font_op(vc_cons[fg_console].d, &op); 933 if (ret) 934 break; 935 console_lock(); 936 con_set_default_unimap(vc_cons[fg_console].d); 937 console_unlock(); 938 break; 939 } 940 #endif 941 } 942 943 case KDFONTOP: { 944 if (copy_from_user(&op, up, sizeof(op))) { 945 ret = -EFAULT; 946 break; 947 } 948 if (!perm && op.op != KD_FONT_OP_GET) 949 return -EPERM; 950 ret = con_font_op(vc, &op); 951 if (ret) 952 break; 953 if (copy_to_user(up, &op, sizeof(op))) 954 ret = -EFAULT; 955 break; 956 } 957 958 case PIO_SCRNMAP: 959 if (!perm) 960 ret = -EPERM; 961 else 962 ret = con_set_trans_old(up); 963 break; 964 965 case GIO_SCRNMAP: 966 ret = con_get_trans_old(up); 967 break; 968 969 case PIO_UNISCRNMAP: 970 if (!perm) 971 ret = -EPERM; 972 else 973 ret = con_set_trans_new(up); 974 break; 975 976 case GIO_UNISCRNMAP: 977 ret = con_get_trans_new(up); 978 break; 979 980 case PIO_UNIMAPCLR: 981 { struct unimapinit ui; 982 if (!perm) 983 return -EPERM; 984 ret = copy_from_user(&ui, up, sizeof(struct unimapinit)); 985 if (ret) 986 ret = -EFAULT; 987 else 988 con_clear_unimap(vc, &ui); 989 break; 990 } 991 992 case PIO_UNIMAP: 993 case GIO_UNIMAP: 994 ret = do_unimap_ioctl(cmd, up, perm, vc); 995 break; 996 997 case VT_LOCKSWITCH: 998 if (!capable(CAP_SYS_TTY_CONFIG)) 999 return -EPERM; 1000 vt_dont_switch = 1; 1001 break; 1002 case VT_UNLOCKSWITCH: 1003 if (!capable(CAP_SYS_TTY_CONFIG)) 1004 return -EPERM; 1005 vt_dont_switch = 0; 1006 break; 1007 case VT_GETHIFONTMASK: 1008 ret = put_user(vc->vc_hi_font_mask, 1009 (unsigned short __user *)arg); 1010 break; 1011 case VT_WAITEVENT: 1012 ret = vt_event_wait_ioctl((struct vt_event __user *)arg); 1013 break; 1014 default: 1015 ret = -ENOIOCTLCMD; 1016 } 1017 out: 1018 return ret; 1019 } 1020 1021 void reset_vc(struct vc_data *vc) 1022 { 1023 vc->vc_mode = KD_TEXT; 1024 vt_reset_unicode(vc->vc_num); 1025 vc->vt_mode.mode = VT_AUTO; 1026 vc->vt_mode.waitv = 0; 1027 vc->vt_mode.relsig = 0; 1028 vc->vt_mode.acqsig = 0; 1029 vc->vt_mode.frsig = 0; 1030 put_pid(vc->vt_pid); 1031 vc->vt_pid = NULL; 1032 vc->vt_newvt = -1; 1033 if (!in_interrupt()) /* Via keyboard.c:SAK() - akpm */ 1034 reset_palette(vc); 1035 } 1036 1037 void vc_SAK(struct work_struct *work) 1038 { 1039 struct vc *vc_con = 1040 container_of(work, struct vc, SAK_work); 1041 struct vc_data *vc; 1042 struct tty_struct *tty; 1043 1044 console_lock(); 1045 vc = vc_con->d; 1046 if (vc) { 1047 /* FIXME: review tty ref counting */ 1048 tty = vc->port.tty; 1049 /* 1050 * SAK should also work in all raw modes and reset 1051 * them properly. 1052 */ 1053 if (tty) 1054 __do_SAK(tty); 1055 reset_vc(vc); 1056 } 1057 console_unlock(); 1058 } 1059 1060 #ifdef CONFIG_COMPAT 1061 1062 struct compat_consolefontdesc { 1063 unsigned short charcount; /* characters in font (256 or 512) */ 1064 unsigned short charheight; /* scan lines per character (1-32) */ 1065 compat_caddr_t chardata; /* font data in expanded form */ 1066 }; 1067 1068 static inline int 1069 compat_fontx_ioctl(int cmd, struct compat_consolefontdesc __user *user_cfd, 1070 int perm, struct console_font_op *op) 1071 { 1072 struct compat_consolefontdesc cfdarg; 1073 int i; 1074 1075 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct compat_consolefontdesc))) 1076 return -EFAULT; 1077 1078 switch (cmd) { 1079 case PIO_FONTX: 1080 if (!perm) 1081 return -EPERM; 1082 op->op = KD_FONT_OP_SET; 1083 op->flags = KD_FONT_FLAG_OLD; 1084 op->width = 8; 1085 op->height = cfdarg.charheight; 1086 op->charcount = cfdarg.charcount; 1087 op->data = compat_ptr(cfdarg.chardata); 1088 return con_font_op(vc_cons[fg_console].d, op); 1089 case GIO_FONTX: 1090 op->op = KD_FONT_OP_GET; 1091 op->flags = KD_FONT_FLAG_OLD; 1092 op->width = 8; 1093 op->height = cfdarg.charheight; 1094 op->charcount = cfdarg.charcount; 1095 op->data = compat_ptr(cfdarg.chardata); 1096 i = con_font_op(vc_cons[fg_console].d, op); 1097 if (i) 1098 return i; 1099 cfdarg.charheight = op->height; 1100 cfdarg.charcount = op->charcount; 1101 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct compat_consolefontdesc))) 1102 return -EFAULT; 1103 return 0; 1104 } 1105 return -EINVAL; 1106 } 1107 1108 struct compat_console_font_op { 1109 compat_uint_t op; /* operation code KD_FONT_OP_* */ 1110 compat_uint_t flags; /* KD_FONT_FLAG_* */ 1111 compat_uint_t width, height; /* font size */ 1112 compat_uint_t charcount; 1113 compat_caddr_t data; /* font data with height fixed to 32 */ 1114 }; 1115 1116 static inline int 1117 compat_kdfontop_ioctl(struct compat_console_font_op __user *fontop, 1118 int perm, struct console_font_op *op, struct vc_data *vc) 1119 { 1120 int i; 1121 1122 if (copy_from_user(op, fontop, sizeof(struct compat_console_font_op))) 1123 return -EFAULT; 1124 if (!perm && op->op != KD_FONT_OP_GET) 1125 return -EPERM; 1126 op->data = compat_ptr(((struct compat_console_font_op *)op)->data); 1127 i = con_font_op(vc, op); 1128 if (i) 1129 return i; 1130 ((struct compat_console_font_op *)op)->data = (unsigned long)op->data; 1131 if (copy_to_user(fontop, op, sizeof(struct compat_console_font_op))) 1132 return -EFAULT; 1133 return 0; 1134 } 1135 1136 struct compat_unimapdesc { 1137 unsigned short entry_ct; 1138 compat_caddr_t entries; 1139 }; 1140 1141 static inline int 1142 compat_unimap_ioctl(unsigned int cmd, struct compat_unimapdesc __user *user_ud, 1143 int perm, struct vc_data *vc) 1144 { 1145 struct compat_unimapdesc tmp; 1146 struct unipair __user *tmp_entries; 1147 1148 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 1149 return -EFAULT; 1150 tmp_entries = compat_ptr(tmp.entries); 1151 if (tmp_entries) 1152 if (!access_ok(VERIFY_WRITE, tmp_entries, 1153 tmp.entry_ct*sizeof(struct unipair))) 1154 return -EFAULT; 1155 switch (cmd) { 1156 case PIO_UNIMAP: 1157 if (!perm) 1158 return -EPERM; 1159 return con_set_unimap(vc, tmp.entry_ct, tmp_entries); 1160 case GIO_UNIMAP: 1161 if (!perm && fg_console != vc->vc_num) 1162 return -EPERM; 1163 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp_entries); 1164 } 1165 return 0; 1166 } 1167 1168 long vt_compat_ioctl(struct tty_struct *tty, 1169 unsigned int cmd, unsigned long arg) 1170 { 1171 struct vc_data *vc = tty->driver_data; 1172 struct console_font_op op; /* used in multiple places here */ 1173 unsigned int console; 1174 void __user *up = (void __user *)arg; 1175 int perm; 1176 int ret = 0; 1177 1178 console = vc->vc_num; 1179 1180 if (!vc_cons_allocated(console)) { /* impossible? */ 1181 ret = -ENOIOCTLCMD; 1182 goto out; 1183 } 1184 1185 /* 1186 * To have permissions to do most of the vt ioctls, we either have 1187 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 1188 */ 1189 perm = 0; 1190 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 1191 perm = 1; 1192 1193 switch (cmd) { 1194 /* 1195 * these need special handlers for incompatible data structures 1196 */ 1197 case PIO_FONTX: 1198 case GIO_FONTX: 1199 ret = compat_fontx_ioctl(cmd, up, perm, &op); 1200 break; 1201 1202 case KDFONTOP: 1203 ret = compat_kdfontop_ioctl(up, perm, &op, vc); 1204 break; 1205 1206 case PIO_UNIMAP: 1207 case GIO_UNIMAP: 1208 ret = compat_unimap_ioctl(cmd, up, perm, vc); 1209 break; 1210 1211 /* 1212 * all these treat 'arg' as an integer 1213 */ 1214 case KIOCSOUND: 1215 case KDMKTONE: 1216 #ifdef CONFIG_X86 1217 case KDADDIO: 1218 case KDDELIO: 1219 #endif 1220 case KDSETMODE: 1221 case KDMAPDISP: 1222 case KDUNMAPDISP: 1223 case KDSKBMODE: 1224 case KDSKBMETA: 1225 case KDSKBLED: 1226 case KDSETLED: 1227 case KDSIGACCEPT: 1228 case VT_ACTIVATE: 1229 case VT_WAITACTIVE: 1230 case VT_RELDISP: 1231 case VT_DISALLOCATE: 1232 case VT_RESIZE: 1233 case VT_RESIZEX: 1234 goto fallback; 1235 1236 /* 1237 * the rest has a compatible data structure behind arg, 1238 * but we have to convert it to a proper 64 bit pointer. 1239 */ 1240 default: 1241 arg = (unsigned long)compat_ptr(arg); 1242 goto fallback; 1243 } 1244 out: 1245 return ret; 1246 1247 fallback: 1248 return vt_ioctl(tty, cmd, arg); 1249 } 1250 1251 1252 #endif /* CONFIG_COMPAT */ 1253 1254 1255 /* 1256 * Performs the back end of a vt switch. Called under the console 1257 * semaphore. 1258 */ 1259 static void complete_change_console(struct vc_data *vc) 1260 { 1261 unsigned char old_vc_mode; 1262 int old = fg_console; 1263 1264 last_console = fg_console; 1265 1266 /* 1267 * If we're switching, we could be going from KD_GRAPHICS to 1268 * KD_TEXT mode or vice versa, which means we need to blank or 1269 * unblank the screen later. 1270 */ 1271 old_vc_mode = vc_cons[fg_console].d->vc_mode; 1272 switch_screen(vc); 1273 1274 /* 1275 * This can't appear below a successful kill_pid(). If it did, 1276 * then the *blank_screen operation could occur while X, having 1277 * received acqsig, is waking up on another processor. This 1278 * condition can lead to overlapping accesses to the VGA range 1279 * and the framebuffer (causing system lockups). 1280 * 1281 * To account for this we duplicate this code below only if the 1282 * controlling process is gone and we've called reset_vc. 1283 */ 1284 if (old_vc_mode != vc->vc_mode) { 1285 if (vc->vc_mode == KD_TEXT) 1286 do_unblank_screen(1); 1287 else 1288 do_blank_screen(1); 1289 } 1290 1291 /* 1292 * If this new console is under process control, send it a signal 1293 * telling it that it has acquired. Also check if it has died and 1294 * clean up (similar to logic employed in change_console()) 1295 */ 1296 if (vc->vt_mode.mode == VT_PROCESS) { 1297 /* 1298 * Send the signal as privileged - kill_pid() will 1299 * tell us if the process has gone or something else 1300 * is awry 1301 */ 1302 if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) { 1303 /* 1304 * The controlling process has died, so we revert back to 1305 * normal operation. In this case, we'll also change back 1306 * to KD_TEXT mode. I'm not sure if this is strictly correct 1307 * but it saves the agony when the X server dies and the screen 1308 * remains blanked due to KD_GRAPHICS! It would be nice to do 1309 * this outside of VT_PROCESS but there is no single process 1310 * to account for and tracking tty count may be undesirable. 1311 */ 1312 reset_vc(vc); 1313 1314 if (old_vc_mode != vc->vc_mode) { 1315 if (vc->vc_mode == KD_TEXT) 1316 do_unblank_screen(1); 1317 else 1318 do_blank_screen(1); 1319 } 1320 } 1321 } 1322 1323 /* 1324 * Wake anyone waiting for their VT to activate 1325 */ 1326 vt_event_post(VT_EVENT_SWITCH, old, vc->vc_num); 1327 return; 1328 } 1329 1330 /* 1331 * Performs the front-end of a vt switch 1332 */ 1333 void change_console(struct vc_data *new_vc) 1334 { 1335 struct vc_data *vc; 1336 1337 if (!new_vc || new_vc->vc_num == fg_console || vt_dont_switch) 1338 return; 1339 1340 /* 1341 * If this vt is in process mode, then we need to handshake with 1342 * that process before switching. Essentially, we store where that 1343 * vt wants to switch to and wait for it to tell us when it's done 1344 * (via VT_RELDISP ioctl). 1345 * 1346 * We also check to see if the controlling process still exists. 1347 * If it doesn't, we reset this vt to auto mode and continue. 1348 * This is a cheap way to track process control. The worst thing 1349 * that can happen is: we send a signal to a process, it dies, and 1350 * the switch gets "lost" waiting for a response; hopefully, the 1351 * user will try again, we'll detect the process is gone (unless 1352 * the user waits just the right amount of time :-) and revert the 1353 * vt to auto control. 1354 */ 1355 vc = vc_cons[fg_console].d; 1356 if (vc->vt_mode.mode == VT_PROCESS) { 1357 /* 1358 * Send the signal as privileged - kill_pid() will 1359 * tell us if the process has gone or something else 1360 * is awry. 1361 * 1362 * We need to set vt_newvt *before* sending the signal or we 1363 * have a race. 1364 */ 1365 vc->vt_newvt = new_vc->vc_num; 1366 if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) { 1367 /* 1368 * It worked. Mark the vt to switch to and 1369 * return. The process needs to send us a 1370 * VT_RELDISP ioctl to complete the switch. 1371 */ 1372 return; 1373 } 1374 1375 /* 1376 * The controlling process has died, so we revert back to 1377 * normal operation. In this case, we'll also change back 1378 * to KD_TEXT mode. I'm not sure if this is strictly correct 1379 * but it saves the agony when the X server dies and the screen 1380 * remains blanked due to KD_GRAPHICS! It would be nice to do 1381 * this outside of VT_PROCESS but there is no single process 1382 * to account for and tracking tty count may be undesirable. 1383 */ 1384 reset_vc(vc); 1385 1386 /* 1387 * Fall through to normal (VT_AUTO) handling of the switch... 1388 */ 1389 } 1390 1391 /* 1392 * Ignore all switches in KD_GRAPHICS+VT_AUTO mode 1393 */ 1394 if (vc->vc_mode == KD_GRAPHICS) 1395 return; 1396 1397 complete_change_console(new_vc); 1398 } 1399 1400 /* Perform a kernel triggered VT switch for suspend/resume */ 1401 1402 static int disable_vt_switch; 1403 1404 int vt_move_to_console(unsigned int vt, int alloc) 1405 { 1406 int prev; 1407 1408 console_lock(); 1409 /* Graphics mode - up to X */ 1410 if (disable_vt_switch) { 1411 console_unlock(); 1412 return 0; 1413 } 1414 prev = fg_console; 1415 1416 if (alloc && vc_allocate(vt)) { 1417 /* we can't have a free VC for now. Too bad, 1418 * we don't want to mess the screen for now. */ 1419 console_unlock(); 1420 return -ENOSPC; 1421 } 1422 1423 if (set_console(vt)) { 1424 /* 1425 * We're unable to switch to the SUSPEND_CONSOLE. 1426 * Let the calling function know so it can decide 1427 * what to do. 1428 */ 1429 console_unlock(); 1430 return -EIO; 1431 } 1432 console_unlock(); 1433 if (vt_waitactive(vt + 1)) { 1434 pr_debug("Suspend: Can't switch VCs."); 1435 return -EINTR; 1436 } 1437 return prev; 1438 } 1439 1440 /* 1441 * Normally during a suspend, we allocate a new console and switch to it. 1442 * When we resume, we switch back to the original console. This switch 1443 * can be slow, so on systems where the framebuffer can handle restoration 1444 * of video registers anyways, there's little point in doing the console 1445 * switch. This function allows you to disable it by passing it '0'. 1446 */ 1447 void pm_set_vt_switch(int do_switch) 1448 { 1449 console_lock(); 1450 disable_vt_switch = !do_switch; 1451 console_unlock(); 1452 } 1453 EXPORT_SYMBOL(pm_set_vt_switch); 1454