1 /* 2 * Copyright (C) 1992 obz under the linux copyright 3 * 4 * Dynamic diacritical handling - aeb@cwi.nl - Dec 1993 5 * Dynamic keymap and string allocation - aeb@cwi.nl - May 1994 6 * Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995 7 * Some code moved for less code duplication - Andi Kleen - Mar 1997 8 * Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001 9 */ 10 11 #include <linux/types.h> 12 #include <linux/errno.h> 13 #include <linux/sched.h> 14 #include <linux/tty.h> 15 #include <linux/timer.h> 16 #include <linux/kernel.h> 17 #include <linux/compat.h> 18 #include <linux/module.h> 19 #include <linux/kd.h> 20 #include <linux/vt.h> 21 #include <linux/string.h> 22 #include <linux/slab.h> 23 #include <linux/major.h> 24 #include <linux/fs.h> 25 #include <linux/console.h> 26 #include <linux/consolemap.h> 27 #include <linux/signal.h> 28 #include <linux/timex.h> 29 30 #include <asm/io.h> 31 #include <asm/uaccess.h> 32 33 #include <linux/kbd_kern.h> 34 #include <linux/vt_kern.h> 35 #include <linux/kbd_diacr.h> 36 #include <linux/selection.h> 37 38 char vt_dont_switch; 39 extern struct tty_driver *console_driver; 40 41 #define VT_IS_IN_USE(i) (console_driver->ttys[i] && console_driver->ttys[i]->count) 42 #define VT_BUSY(i) (VT_IS_IN_USE(i) || i == fg_console || vc_cons[i].d == sel_cons) 43 44 /* 45 * Console (vt and kd) routines, as defined by USL SVR4 manual, and by 46 * experimentation and study of X386 SYSV handling. 47 * 48 * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and 49 * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console, 50 * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will 51 * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to 52 * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using 53 * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing 54 * to the current console is done by the main ioctl code. 55 */ 56 57 #ifdef CONFIG_X86 58 #include <linux/syscalls.h> 59 #endif 60 61 static void complete_change_console(struct vc_data *vc); 62 63 /* 64 * User space VT_EVENT handlers 65 */ 66 67 struct vt_event_wait { 68 struct list_head list; 69 struct vt_event event; 70 int done; 71 }; 72 73 static LIST_HEAD(vt_events); 74 static DEFINE_SPINLOCK(vt_event_lock); 75 static DECLARE_WAIT_QUEUE_HEAD(vt_event_waitqueue); 76 77 /** 78 * vt_event_post 79 * @event: the event that occurred 80 * @old: old console 81 * @new: new console 82 * 83 * Post an VT event to interested VT handlers 84 */ 85 86 void vt_event_post(unsigned int event, unsigned int old, unsigned int new) 87 { 88 struct list_head *pos, *head; 89 unsigned long flags; 90 int wake = 0; 91 92 spin_lock_irqsave(&vt_event_lock, flags); 93 head = &vt_events; 94 95 list_for_each(pos, head) { 96 struct vt_event_wait *ve = list_entry(pos, 97 struct vt_event_wait, list); 98 if (!(ve->event.event & event)) 99 continue; 100 ve->event.event = event; 101 /* kernel view is consoles 0..n-1, user space view is 102 console 1..n with 0 meaning current, so we must bias */ 103 ve->event.oldev = old + 1; 104 ve->event.newev = new + 1; 105 wake = 1; 106 ve->done = 1; 107 } 108 spin_unlock_irqrestore(&vt_event_lock, flags); 109 if (wake) 110 wake_up_interruptible(&vt_event_waitqueue); 111 } 112 113 /** 114 * vt_event_wait - wait for an event 115 * @vw: our event 116 * 117 * Waits for an event to occur which completes our vt_event_wait 118 * structure. On return the structure has wv->done set to 1 for success 119 * or 0 if some event such as a signal ended the wait. 120 */ 121 122 static void vt_event_wait(struct vt_event_wait *vw) 123 { 124 unsigned long flags; 125 /* Prepare the event */ 126 INIT_LIST_HEAD(&vw->list); 127 vw->done = 0; 128 /* Queue our event */ 129 spin_lock_irqsave(&vt_event_lock, flags); 130 list_add(&vw->list, &vt_events); 131 spin_unlock_irqrestore(&vt_event_lock, flags); 132 /* Wait for it to pass */ 133 wait_event_interruptible_tty(vt_event_waitqueue, vw->done); 134 /* Dequeue it */ 135 spin_lock_irqsave(&vt_event_lock, flags); 136 list_del(&vw->list); 137 spin_unlock_irqrestore(&vt_event_lock, flags); 138 } 139 140 /** 141 * vt_event_wait_ioctl - event ioctl handler 142 * @arg: argument to ioctl 143 * 144 * Implement the VT_WAITEVENT ioctl using the VT event interface 145 */ 146 147 static int vt_event_wait_ioctl(struct vt_event __user *event) 148 { 149 struct vt_event_wait vw; 150 151 if (copy_from_user(&vw.event, event, sizeof(struct vt_event))) 152 return -EFAULT; 153 /* Highest supported event for now */ 154 if (vw.event.event & ~VT_MAX_EVENT) 155 return -EINVAL; 156 157 vt_event_wait(&vw); 158 /* If it occurred report it */ 159 if (vw.done) { 160 if (copy_to_user(event, &vw.event, sizeof(struct vt_event))) 161 return -EFAULT; 162 return 0; 163 } 164 return -EINTR; 165 } 166 167 /** 168 * vt_waitactive - active console wait 169 * @event: event code 170 * @n: new console 171 * 172 * Helper for event waits. Used to implement the legacy 173 * event waiting ioctls in terms of events 174 */ 175 176 int vt_waitactive(int n) 177 { 178 struct vt_event_wait vw; 179 do { 180 if (n == fg_console + 1) 181 break; 182 vw.event.event = VT_EVENT_SWITCH; 183 vt_event_wait(&vw); 184 if (vw.done == 0) 185 return -EINTR; 186 } while (vw.event.newev != n); 187 return 0; 188 } 189 190 /* 191 * these are the valid i/o ports we're allowed to change. they map all the 192 * video ports 193 */ 194 #define GPFIRST 0x3b4 195 #define GPLAST 0x3df 196 #define GPNUM (GPLAST - GPFIRST + 1) 197 198 199 200 static inline int 201 do_fontx_ioctl(int cmd, struct consolefontdesc __user *user_cfd, int perm, struct console_font_op *op) 202 { 203 struct consolefontdesc cfdarg; 204 int i; 205 206 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct consolefontdesc))) 207 return -EFAULT; 208 209 switch (cmd) { 210 case PIO_FONTX: 211 if (!perm) 212 return -EPERM; 213 op->op = KD_FONT_OP_SET; 214 op->flags = KD_FONT_FLAG_OLD; 215 op->width = 8; 216 op->height = cfdarg.charheight; 217 op->charcount = cfdarg.charcount; 218 op->data = cfdarg.chardata; 219 return con_font_op(vc_cons[fg_console].d, op); 220 case GIO_FONTX: { 221 op->op = KD_FONT_OP_GET; 222 op->flags = KD_FONT_FLAG_OLD; 223 op->width = 8; 224 op->height = cfdarg.charheight; 225 op->charcount = cfdarg.charcount; 226 op->data = cfdarg.chardata; 227 i = con_font_op(vc_cons[fg_console].d, op); 228 if (i) 229 return i; 230 cfdarg.charheight = op->height; 231 cfdarg.charcount = op->charcount; 232 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct consolefontdesc))) 233 return -EFAULT; 234 return 0; 235 } 236 } 237 return -EINVAL; 238 } 239 240 static inline int 241 do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud, int perm, struct vc_data *vc) 242 { 243 struct unimapdesc tmp; 244 245 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 246 return -EFAULT; 247 if (tmp.entries) 248 if (!access_ok(VERIFY_WRITE, tmp.entries, 249 tmp.entry_ct*sizeof(struct unipair))) 250 return -EFAULT; 251 switch (cmd) { 252 case PIO_UNIMAP: 253 if (!perm) 254 return -EPERM; 255 return con_set_unimap(vc, tmp.entry_ct, tmp.entries); 256 case GIO_UNIMAP: 257 if (!perm && fg_console != vc->vc_num) 258 return -EPERM; 259 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp.entries); 260 } 261 return 0; 262 } 263 264 265 266 /* 267 * We handle the console-specific ioctl's here. We allow the 268 * capability to modify any console, not just the fg_console. 269 */ 270 int vt_ioctl(struct tty_struct *tty, 271 unsigned int cmd, unsigned long arg) 272 { 273 struct vc_data *vc = tty->driver_data; 274 struct console_font_op op; /* used in multiple places here */ 275 unsigned int console; 276 unsigned char ucval; 277 unsigned int uival; 278 void __user *up = (void __user *)arg; 279 int i, perm; 280 int ret = 0; 281 282 console = vc->vc_num; 283 284 tty_lock(); 285 286 if (!vc_cons_allocated(console)) { /* impossible? */ 287 ret = -ENOIOCTLCMD; 288 goto out; 289 } 290 291 292 /* 293 * To have permissions to do most of the vt ioctls, we either have 294 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 295 */ 296 perm = 0; 297 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 298 perm = 1; 299 300 switch (cmd) { 301 case TIOCLINUX: 302 ret = tioclinux(tty, arg); 303 break; 304 case KIOCSOUND: 305 if (!perm) 306 goto eperm; 307 /* 308 * The use of PIT_TICK_RATE is historic, it used to be 309 * the platform-dependent CLOCK_TICK_RATE between 2.6.12 310 * and 2.6.36, which was a minor but unfortunate ABI 311 * change. 312 */ 313 if (arg) 314 arg = PIT_TICK_RATE / arg; 315 kd_mksound(arg, 0); 316 break; 317 318 case KDMKTONE: 319 if (!perm) 320 goto eperm; 321 { 322 unsigned int ticks, count; 323 324 /* 325 * Generate the tone for the appropriate number of ticks. 326 * If the time is zero, turn off sound ourselves. 327 */ 328 ticks = HZ * ((arg >> 16) & 0xffff) / 1000; 329 count = ticks ? (arg & 0xffff) : 0; 330 if (count) 331 count = PIT_TICK_RATE / count; 332 kd_mksound(count, ticks); 333 break; 334 } 335 336 case KDGKBTYPE: 337 /* 338 * this is naive. 339 */ 340 ucval = KB_101; 341 ret = put_user(ucval, (char __user *)arg); 342 break; 343 344 /* 345 * These cannot be implemented on any machine that implements 346 * ioperm() in user level (such as Alpha PCs) or not at all. 347 * 348 * XXX: you should never use these, just call ioperm directly.. 349 */ 350 #ifdef CONFIG_X86 351 case KDADDIO: 352 case KDDELIO: 353 /* 354 * KDADDIO and KDDELIO may be able to add ports beyond what 355 * we reject here, but to be safe... 356 */ 357 if (arg < GPFIRST || arg > GPLAST) { 358 ret = -EINVAL; 359 break; 360 } 361 ret = sys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0; 362 break; 363 364 case KDENABIO: 365 case KDDISABIO: 366 ret = sys_ioperm(GPFIRST, GPNUM, 367 (cmd == KDENABIO)) ? -ENXIO : 0; 368 break; 369 #endif 370 371 /* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */ 372 373 case KDKBDREP: 374 { 375 struct kbd_repeat kbrep; 376 377 if (!capable(CAP_SYS_TTY_CONFIG)) 378 goto eperm; 379 380 if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat))) { 381 ret = -EFAULT; 382 break; 383 } 384 ret = kbd_rate(&kbrep); 385 if (ret) 386 break; 387 if (copy_to_user(up, &kbrep, sizeof(struct kbd_repeat))) 388 ret = -EFAULT; 389 break; 390 } 391 392 case KDSETMODE: 393 /* 394 * currently, setting the mode from KD_TEXT to KD_GRAPHICS 395 * doesn't do a whole lot. i'm not sure if it should do any 396 * restoration of modes or what... 397 * 398 * XXX It should at least call into the driver, fbdev's definitely 399 * need to restore their engine state. --BenH 400 */ 401 if (!perm) 402 goto eperm; 403 switch (arg) { 404 case KD_GRAPHICS: 405 break; 406 case KD_TEXT0: 407 case KD_TEXT1: 408 arg = KD_TEXT; 409 case KD_TEXT: 410 break; 411 default: 412 ret = -EINVAL; 413 goto out; 414 } 415 if (vc->vc_mode == (unsigned char) arg) 416 break; 417 vc->vc_mode = (unsigned char) arg; 418 if (console != fg_console) 419 break; 420 /* 421 * explicitly blank/unblank the screen if switching modes 422 */ 423 console_lock(); 424 if (arg == KD_TEXT) 425 do_unblank_screen(1); 426 else 427 do_blank_screen(1); 428 console_unlock(); 429 break; 430 431 case KDGETMODE: 432 uival = vc->vc_mode; 433 goto setint; 434 435 case KDMAPDISP: 436 case KDUNMAPDISP: 437 /* 438 * these work like a combination of mmap and KDENABIO. 439 * this could be easily finished. 440 */ 441 ret = -EINVAL; 442 break; 443 444 case KDSKBMODE: 445 if (!perm) 446 goto eperm; 447 ret = vt_do_kdskbmode(console, arg); 448 if (ret == 0) 449 tty_ldisc_flush(tty); 450 break; 451 452 case KDGKBMODE: 453 uival = vt_do_kdgkbmode(console); 454 ret = put_user(uival, (int __user *)arg); 455 break; 456 457 /* this could be folded into KDSKBMODE, but for compatibility 458 reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */ 459 case KDSKBMETA: 460 ret = vt_do_kdskbmeta(console, arg); 461 break; 462 463 case KDGKBMETA: 464 /* FIXME: should review whether this is worth locking */ 465 uival = vt_do_kdgkbmeta(console); 466 setint: 467 ret = put_user(uival, (int __user *)arg); 468 break; 469 470 case KDGETKEYCODE: 471 case KDSETKEYCODE: 472 if(!capable(CAP_SYS_TTY_CONFIG)) 473 perm = 0; 474 ret = vt_do_kbkeycode_ioctl(cmd, up, perm); 475 break; 476 477 case KDGKBENT: 478 case KDSKBENT: 479 ret = vt_do_kdsk_ioctl(cmd, up, perm, console); 480 break; 481 482 case KDGKBSENT: 483 case KDSKBSENT: 484 ret = vt_do_kdgkb_ioctl(cmd, up, perm); 485 break; 486 487 /* Diacritical processing. Handled in keyboard.c as it has 488 to operate on the keyboard locks and structures */ 489 case KDGKBDIACR: 490 case KDGKBDIACRUC: 491 case KDSKBDIACR: 492 case KDSKBDIACRUC: 493 ret = vt_do_diacrit(cmd, up, perm); 494 break; 495 496 /* the ioctls below read/set the flags usually shown in the leds */ 497 /* don't use them - they will go away without warning */ 498 case KDGKBLED: 499 case KDSKBLED: 500 case KDGETLED: 501 case KDSETLED: 502 ret = vt_do_kdskled(console, cmd, arg, perm); 503 break; 504 505 /* 506 * A process can indicate its willingness to accept signals 507 * generated by pressing an appropriate key combination. 508 * Thus, one can have a daemon that e.g. spawns a new console 509 * upon a keypress and then changes to it. 510 * See also the kbrequest field of inittab(5). 511 */ 512 case KDSIGACCEPT: 513 { 514 if (!perm || !capable(CAP_KILL)) 515 goto eperm; 516 if (!valid_signal(arg) || arg < 1 || arg == SIGKILL) 517 ret = -EINVAL; 518 else { 519 spin_lock_irq(&vt_spawn_con.lock); 520 put_pid(vt_spawn_con.pid); 521 vt_spawn_con.pid = get_pid(task_pid(current)); 522 vt_spawn_con.sig = arg; 523 spin_unlock_irq(&vt_spawn_con.lock); 524 } 525 break; 526 } 527 528 case VT_SETMODE: 529 { 530 struct vt_mode tmp; 531 532 if (!perm) 533 goto eperm; 534 if (copy_from_user(&tmp, up, sizeof(struct vt_mode))) { 535 ret = -EFAULT; 536 goto out; 537 } 538 if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS) { 539 ret = -EINVAL; 540 goto out; 541 } 542 console_lock(); 543 vc->vt_mode = tmp; 544 /* the frsig is ignored, so we set it to 0 */ 545 vc->vt_mode.frsig = 0; 546 put_pid(vc->vt_pid); 547 vc->vt_pid = get_pid(task_pid(current)); 548 /* no switch is required -- saw@shade.msu.ru */ 549 vc->vt_newvt = -1; 550 console_unlock(); 551 break; 552 } 553 554 case VT_GETMODE: 555 { 556 struct vt_mode tmp; 557 int rc; 558 559 console_lock(); 560 memcpy(&tmp, &vc->vt_mode, sizeof(struct vt_mode)); 561 console_unlock(); 562 563 rc = copy_to_user(up, &tmp, sizeof(struct vt_mode)); 564 if (rc) 565 ret = -EFAULT; 566 break; 567 } 568 569 /* 570 * Returns global vt state. Note that VT 0 is always open, since 571 * it's an alias for the current VT, and people can't use it here. 572 * We cannot return state for more than 16 VTs, since v_state is short. 573 */ 574 case VT_GETSTATE: 575 { 576 struct vt_stat __user *vtstat = up; 577 unsigned short state, mask; 578 579 if (put_user(fg_console + 1, &vtstat->v_active)) 580 ret = -EFAULT; 581 else { 582 state = 1; /* /dev/tty0 is always open */ 583 for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask; 584 ++i, mask <<= 1) 585 if (VT_IS_IN_USE(i)) 586 state |= mask; 587 ret = put_user(state, &vtstat->v_state); 588 } 589 break; 590 } 591 592 /* 593 * Returns the first available (non-opened) console. 594 */ 595 case VT_OPENQRY: 596 for (i = 0; i < MAX_NR_CONSOLES; ++i) 597 if (! VT_IS_IN_USE(i)) 598 break; 599 uival = i < MAX_NR_CONSOLES ? (i+1) : -1; 600 goto setint; 601 602 /* 603 * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num, 604 * with num >= 1 (switches to vt 0, our console, are not allowed, just 605 * to preserve sanity). 606 */ 607 case VT_ACTIVATE: 608 if (!perm) 609 goto eperm; 610 if (arg == 0 || arg > MAX_NR_CONSOLES) 611 ret = -ENXIO; 612 else { 613 arg--; 614 console_lock(); 615 ret = vc_allocate(arg); 616 console_unlock(); 617 if (ret) 618 break; 619 set_console(arg); 620 } 621 break; 622 623 case VT_SETACTIVATE: 624 { 625 struct vt_setactivate vsa; 626 627 if (!perm) 628 goto eperm; 629 630 if (copy_from_user(&vsa, (struct vt_setactivate __user *)arg, 631 sizeof(struct vt_setactivate))) { 632 ret = -EFAULT; 633 goto out; 634 } 635 if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES) 636 ret = -ENXIO; 637 else { 638 vsa.console--; 639 console_lock(); 640 ret = vc_allocate(vsa.console); 641 if (ret == 0) { 642 struct vc_data *nvc; 643 /* This is safe providing we don't drop the 644 console sem between vc_allocate and 645 finishing referencing nvc */ 646 nvc = vc_cons[vsa.console].d; 647 nvc->vt_mode = vsa.mode; 648 nvc->vt_mode.frsig = 0; 649 put_pid(nvc->vt_pid); 650 nvc->vt_pid = get_pid(task_pid(current)); 651 } 652 console_unlock(); 653 if (ret) 654 break; 655 /* Commence switch and lock */ 656 set_console(vsa.console); 657 } 658 break; 659 } 660 661 /* 662 * wait until the specified VT has been activated 663 */ 664 case VT_WAITACTIVE: 665 if (!perm) 666 goto eperm; 667 if (arg == 0 || arg > MAX_NR_CONSOLES) 668 ret = -ENXIO; 669 else 670 ret = vt_waitactive(arg); 671 break; 672 673 /* 674 * If a vt is under process control, the kernel will not switch to it 675 * immediately, but postpone the operation until the process calls this 676 * ioctl, allowing the switch to complete. 677 * 678 * According to the X sources this is the behavior: 679 * 0: pending switch-from not OK 680 * 1: pending switch-from OK 681 * 2: completed switch-to OK 682 */ 683 case VT_RELDISP: 684 if (!perm) 685 goto eperm; 686 687 if (vc->vt_mode.mode != VT_PROCESS) { 688 ret = -EINVAL; 689 break; 690 } 691 /* 692 * Switching-from response 693 */ 694 console_lock(); 695 if (vc->vt_newvt >= 0) { 696 if (arg == 0) 697 /* 698 * Switch disallowed, so forget we were trying 699 * to do it. 700 */ 701 vc->vt_newvt = -1; 702 703 else { 704 /* 705 * The current vt has been released, so 706 * complete the switch. 707 */ 708 int newvt; 709 newvt = vc->vt_newvt; 710 vc->vt_newvt = -1; 711 ret = vc_allocate(newvt); 712 if (ret) { 713 console_unlock(); 714 break; 715 } 716 /* 717 * When we actually do the console switch, 718 * make sure we are atomic with respect to 719 * other console switches.. 720 */ 721 complete_change_console(vc_cons[newvt].d); 722 } 723 } else { 724 /* 725 * Switched-to response 726 */ 727 /* 728 * If it's just an ACK, ignore it 729 */ 730 if (arg != VT_ACKACQ) 731 ret = -EINVAL; 732 } 733 console_unlock(); 734 break; 735 736 /* 737 * Disallocate memory associated to VT (but leave VT1) 738 */ 739 case VT_DISALLOCATE: 740 if (arg > MAX_NR_CONSOLES) { 741 ret = -ENXIO; 742 break; 743 } 744 if (arg == 0) { 745 /* deallocate all unused consoles, but leave 0 */ 746 console_lock(); 747 for (i=1; i<MAX_NR_CONSOLES; i++) 748 if (! VT_BUSY(i)) 749 vc_deallocate(i); 750 console_unlock(); 751 } else { 752 /* deallocate a single console, if possible */ 753 arg--; 754 if (VT_BUSY(arg)) 755 ret = -EBUSY; 756 else if (arg) { /* leave 0 */ 757 console_lock(); 758 vc_deallocate(arg); 759 console_unlock(); 760 } 761 } 762 break; 763 764 case VT_RESIZE: 765 { 766 struct vt_sizes __user *vtsizes = up; 767 struct vc_data *vc; 768 769 ushort ll,cc; 770 if (!perm) 771 goto eperm; 772 if (get_user(ll, &vtsizes->v_rows) || 773 get_user(cc, &vtsizes->v_cols)) 774 ret = -EFAULT; 775 else { 776 console_lock(); 777 for (i = 0; i < MAX_NR_CONSOLES; i++) { 778 vc = vc_cons[i].d; 779 780 if (vc) { 781 vc->vc_resize_user = 1; 782 vc_resize(vc_cons[i].d, cc, ll); 783 } 784 } 785 console_unlock(); 786 } 787 break; 788 } 789 790 case VT_RESIZEX: 791 { 792 struct vt_consize __user *vtconsize = up; 793 ushort ll,cc,vlin,clin,vcol,ccol; 794 if (!perm) 795 goto eperm; 796 if (!access_ok(VERIFY_READ, vtconsize, 797 sizeof(struct vt_consize))) { 798 ret = -EFAULT; 799 break; 800 } 801 /* FIXME: Should check the copies properly */ 802 __get_user(ll, &vtconsize->v_rows); 803 __get_user(cc, &vtconsize->v_cols); 804 __get_user(vlin, &vtconsize->v_vlin); 805 __get_user(clin, &vtconsize->v_clin); 806 __get_user(vcol, &vtconsize->v_vcol); 807 __get_user(ccol, &vtconsize->v_ccol); 808 vlin = vlin ? vlin : vc->vc_scan_lines; 809 if (clin) { 810 if (ll) { 811 if (ll != vlin/clin) { 812 /* Parameters don't add up */ 813 ret = -EINVAL; 814 break; 815 } 816 } else 817 ll = vlin/clin; 818 } 819 if (vcol && ccol) { 820 if (cc) { 821 if (cc != vcol/ccol) { 822 ret = -EINVAL; 823 break; 824 } 825 } else 826 cc = vcol/ccol; 827 } 828 829 if (clin > 32) { 830 ret = -EINVAL; 831 break; 832 } 833 834 for (i = 0; i < MAX_NR_CONSOLES; i++) { 835 if (!vc_cons[i].d) 836 continue; 837 console_lock(); 838 if (vlin) 839 vc_cons[i].d->vc_scan_lines = vlin; 840 if (clin) 841 vc_cons[i].d->vc_font.height = clin; 842 vc_cons[i].d->vc_resize_user = 1; 843 vc_resize(vc_cons[i].d, cc, ll); 844 console_unlock(); 845 } 846 break; 847 } 848 849 case PIO_FONT: { 850 if (!perm) 851 goto eperm; 852 op.op = KD_FONT_OP_SET; 853 op.flags = KD_FONT_FLAG_OLD | KD_FONT_FLAG_DONT_RECALC; /* Compatibility */ 854 op.width = 8; 855 op.height = 0; 856 op.charcount = 256; 857 op.data = up; 858 ret = con_font_op(vc_cons[fg_console].d, &op); 859 break; 860 } 861 862 case GIO_FONT: { 863 op.op = KD_FONT_OP_GET; 864 op.flags = KD_FONT_FLAG_OLD; 865 op.width = 8; 866 op.height = 32; 867 op.charcount = 256; 868 op.data = up; 869 ret = con_font_op(vc_cons[fg_console].d, &op); 870 break; 871 } 872 873 case PIO_CMAP: 874 if (!perm) 875 ret = -EPERM; 876 else 877 ret = con_set_cmap(up); 878 break; 879 880 case GIO_CMAP: 881 ret = con_get_cmap(up); 882 break; 883 884 case PIO_FONTX: 885 case GIO_FONTX: 886 ret = do_fontx_ioctl(cmd, up, perm, &op); 887 break; 888 889 case PIO_FONTRESET: 890 { 891 if (!perm) 892 goto eperm; 893 894 #ifdef BROKEN_GRAPHICS_PROGRAMS 895 /* With BROKEN_GRAPHICS_PROGRAMS defined, the default 896 font is not saved. */ 897 ret = -ENOSYS; 898 break; 899 #else 900 { 901 op.op = KD_FONT_OP_SET_DEFAULT; 902 op.data = NULL; 903 ret = con_font_op(vc_cons[fg_console].d, &op); 904 if (ret) 905 break; 906 con_set_default_unimap(vc_cons[fg_console].d); 907 break; 908 } 909 #endif 910 } 911 912 case KDFONTOP: { 913 if (copy_from_user(&op, up, sizeof(op))) { 914 ret = -EFAULT; 915 break; 916 } 917 if (!perm && op.op != KD_FONT_OP_GET) 918 goto eperm; 919 ret = con_font_op(vc, &op); 920 if (ret) 921 break; 922 if (copy_to_user(up, &op, sizeof(op))) 923 ret = -EFAULT; 924 break; 925 } 926 927 case PIO_SCRNMAP: 928 if (!perm) 929 ret = -EPERM; 930 else 931 ret = con_set_trans_old(up); 932 break; 933 934 case GIO_SCRNMAP: 935 ret = con_get_trans_old(up); 936 break; 937 938 case PIO_UNISCRNMAP: 939 if (!perm) 940 ret = -EPERM; 941 else 942 ret = con_set_trans_new(up); 943 break; 944 945 case GIO_UNISCRNMAP: 946 ret = con_get_trans_new(up); 947 break; 948 949 case PIO_UNIMAPCLR: 950 { struct unimapinit ui; 951 if (!perm) 952 goto eperm; 953 ret = copy_from_user(&ui, up, sizeof(struct unimapinit)); 954 if (ret) 955 ret = -EFAULT; 956 else 957 con_clear_unimap(vc, &ui); 958 break; 959 } 960 961 case PIO_UNIMAP: 962 case GIO_UNIMAP: 963 ret = do_unimap_ioctl(cmd, up, perm, vc); 964 break; 965 966 case VT_LOCKSWITCH: 967 if (!capable(CAP_SYS_TTY_CONFIG)) 968 goto eperm; 969 vt_dont_switch = 1; 970 break; 971 case VT_UNLOCKSWITCH: 972 if (!capable(CAP_SYS_TTY_CONFIG)) 973 goto eperm; 974 vt_dont_switch = 0; 975 break; 976 case VT_GETHIFONTMASK: 977 ret = put_user(vc->vc_hi_font_mask, 978 (unsigned short __user *)arg); 979 break; 980 case VT_WAITEVENT: 981 ret = vt_event_wait_ioctl((struct vt_event __user *)arg); 982 break; 983 default: 984 ret = -ENOIOCTLCMD; 985 } 986 out: 987 tty_unlock(); 988 return ret; 989 eperm: 990 ret = -EPERM; 991 goto out; 992 } 993 994 void reset_vc(struct vc_data *vc) 995 { 996 vc->vc_mode = KD_TEXT; 997 vt_reset_unicode(vc->vc_num); 998 vc->vt_mode.mode = VT_AUTO; 999 vc->vt_mode.waitv = 0; 1000 vc->vt_mode.relsig = 0; 1001 vc->vt_mode.acqsig = 0; 1002 vc->vt_mode.frsig = 0; 1003 put_pid(vc->vt_pid); 1004 vc->vt_pid = NULL; 1005 vc->vt_newvt = -1; 1006 if (!in_interrupt()) /* Via keyboard.c:SAK() - akpm */ 1007 reset_palette(vc); 1008 } 1009 1010 void vc_SAK(struct work_struct *work) 1011 { 1012 struct vc *vc_con = 1013 container_of(work, struct vc, SAK_work); 1014 struct vc_data *vc; 1015 struct tty_struct *tty; 1016 1017 console_lock(); 1018 vc = vc_con->d; 1019 if (vc) { 1020 /* FIXME: review tty ref counting */ 1021 tty = vc->port.tty; 1022 /* 1023 * SAK should also work in all raw modes and reset 1024 * them properly. 1025 */ 1026 if (tty) 1027 __do_SAK(tty); 1028 reset_vc(vc); 1029 } 1030 console_unlock(); 1031 } 1032 1033 #ifdef CONFIG_COMPAT 1034 1035 struct compat_consolefontdesc { 1036 unsigned short charcount; /* characters in font (256 or 512) */ 1037 unsigned short charheight; /* scan lines per character (1-32) */ 1038 compat_caddr_t chardata; /* font data in expanded form */ 1039 }; 1040 1041 static inline int 1042 compat_fontx_ioctl(int cmd, struct compat_consolefontdesc __user *user_cfd, 1043 int perm, struct console_font_op *op) 1044 { 1045 struct compat_consolefontdesc cfdarg; 1046 int i; 1047 1048 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct compat_consolefontdesc))) 1049 return -EFAULT; 1050 1051 switch (cmd) { 1052 case PIO_FONTX: 1053 if (!perm) 1054 return -EPERM; 1055 op->op = KD_FONT_OP_SET; 1056 op->flags = KD_FONT_FLAG_OLD; 1057 op->width = 8; 1058 op->height = cfdarg.charheight; 1059 op->charcount = cfdarg.charcount; 1060 op->data = compat_ptr(cfdarg.chardata); 1061 return con_font_op(vc_cons[fg_console].d, op); 1062 case GIO_FONTX: 1063 op->op = KD_FONT_OP_GET; 1064 op->flags = KD_FONT_FLAG_OLD; 1065 op->width = 8; 1066 op->height = cfdarg.charheight; 1067 op->charcount = cfdarg.charcount; 1068 op->data = compat_ptr(cfdarg.chardata); 1069 i = con_font_op(vc_cons[fg_console].d, op); 1070 if (i) 1071 return i; 1072 cfdarg.charheight = op->height; 1073 cfdarg.charcount = op->charcount; 1074 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct compat_consolefontdesc))) 1075 return -EFAULT; 1076 return 0; 1077 } 1078 return -EINVAL; 1079 } 1080 1081 struct compat_console_font_op { 1082 compat_uint_t op; /* operation code KD_FONT_OP_* */ 1083 compat_uint_t flags; /* KD_FONT_FLAG_* */ 1084 compat_uint_t width, height; /* font size */ 1085 compat_uint_t charcount; 1086 compat_caddr_t data; /* font data with height fixed to 32 */ 1087 }; 1088 1089 static inline int 1090 compat_kdfontop_ioctl(struct compat_console_font_op __user *fontop, 1091 int perm, struct console_font_op *op, struct vc_data *vc) 1092 { 1093 int i; 1094 1095 if (copy_from_user(op, fontop, sizeof(struct compat_console_font_op))) 1096 return -EFAULT; 1097 if (!perm && op->op != KD_FONT_OP_GET) 1098 return -EPERM; 1099 op->data = compat_ptr(((struct compat_console_font_op *)op)->data); 1100 i = con_font_op(vc, op); 1101 if (i) 1102 return i; 1103 ((struct compat_console_font_op *)op)->data = (unsigned long)op->data; 1104 if (copy_to_user(fontop, op, sizeof(struct compat_console_font_op))) 1105 return -EFAULT; 1106 return 0; 1107 } 1108 1109 struct compat_unimapdesc { 1110 unsigned short entry_ct; 1111 compat_caddr_t entries; 1112 }; 1113 1114 static inline int 1115 compat_unimap_ioctl(unsigned int cmd, struct compat_unimapdesc __user *user_ud, 1116 int perm, struct vc_data *vc) 1117 { 1118 struct compat_unimapdesc tmp; 1119 struct unipair __user *tmp_entries; 1120 1121 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 1122 return -EFAULT; 1123 tmp_entries = compat_ptr(tmp.entries); 1124 if (tmp_entries) 1125 if (!access_ok(VERIFY_WRITE, tmp_entries, 1126 tmp.entry_ct*sizeof(struct unipair))) 1127 return -EFAULT; 1128 switch (cmd) { 1129 case PIO_UNIMAP: 1130 if (!perm) 1131 return -EPERM; 1132 return con_set_unimap(vc, tmp.entry_ct, tmp_entries); 1133 case GIO_UNIMAP: 1134 if (!perm && fg_console != vc->vc_num) 1135 return -EPERM; 1136 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp_entries); 1137 } 1138 return 0; 1139 } 1140 1141 long vt_compat_ioctl(struct tty_struct *tty, 1142 unsigned int cmd, unsigned long arg) 1143 { 1144 struct vc_data *vc = tty->driver_data; 1145 struct console_font_op op; /* used in multiple places here */ 1146 unsigned int console; 1147 void __user *up = (void __user *)arg; 1148 int perm; 1149 int ret = 0; 1150 1151 console = vc->vc_num; 1152 1153 tty_lock(); 1154 1155 if (!vc_cons_allocated(console)) { /* impossible? */ 1156 ret = -ENOIOCTLCMD; 1157 goto out; 1158 } 1159 1160 /* 1161 * To have permissions to do most of the vt ioctls, we either have 1162 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 1163 */ 1164 perm = 0; 1165 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 1166 perm = 1; 1167 1168 switch (cmd) { 1169 /* 1170 * these need special handlers for incompatible data structures 1171 */ 1172 case PIO_FONTX: 1173 case GIO_FONTX: 1174 ret = compat_fontx_ioctl(cmd, up, perm, &op); 1175 break; 1176 1177 case KDFONTOP: 1178 ret = compat_kdfontop_ioctl(up, perm, &op, vc); 1179 break; 1180 1181 case PIO_UNIMAP: 1182 case GIO_UNIMAP: 1183 ret = compat_unimap_ioctl(cmd, up, perm, vc); 1184 break; 1185 1186 /* 1187 * all these treat 'arg' as an integer 1188 */ 1189 case KIOCSOUND: 1190 case KDMKTONE: 1191 #ifdef CONFIG_X86 1192 case KDADDIO: 1193 case KDDELIO: 1194 #endif 1195 case KDSETMODE: 1196 case KDMAPDISP: 1197 case KDUNMAPDISP: 1198 case KDSKBMODE: 1199 case KDSKBMETA: 1200 case KDSKBLED: 1201 case KDSETLED: 1202 case KDSIGACCEPT: 1203 case VT_ACTIVATE: 1204 case VT_WAITACTIVE: 1205 case VT_RELDISP: 1206 case VT_DISALLOCATE: 1207 case VT_RESIZE: 1208 case VT_RESIZEX: 1209 goto fallback; 1210 1211 /* 1212 * the rest has a compatible data structure behind arg, 1213 * but we have to convert it to a proper 64 bit pointer. 1214 */ 1215 default: 1216 arg = (unsigned long)compat_ptr(arg); 1217 goto fallback; 1218 } 1219 out: 1220 tty_unlock(); 1221 return ret; 1222 1223 fallback: 1224 tty_unlock(); 1225 return vt_ioctl(tty, cmd, arg); 1226 } 1227 1228 1229 #endif /* CONFIG_COMPAT */ 1230 1231 1232 /* 1233 * Performs the back end of a vt switch. Called under the console 1234 * semaphore. 1235 */ 1236 static void complete_change_console(struct vc_data *vc) 1237 { 1238 unsigned char old_vc_mode; 1239 int old = fg_console; 1240 1241 last_console = fg_console; 1242 1243 /* 1244 * If we're switching, we could be going from KD_GRAPHICS to 1245 * KD_TEXT mode or vice versa, which means we need to blank or 1246 * unblank the screen later. 1247 */ 1248 old_vc_mode = vc_cons[fg_console].d->vc_mode; 1249 switch_screen(vc); 1250 1251 /* 1252 * This can't appear below a successful kill_pid(). If it did, 1253 * then the *blank_screen operation could occur while X, having 1254 * received acqsig, is waking up on another processor. This 1255 * condition can lead to overlapping accesses to the VGA range 1256 * and the framebuffer (causing system lockups). 1257 * 1258 * To account for this we duplicate this code below only if the 1259 * controlling process is gone and we've called reset_vc. 1260 */ 1261 if (old_vc_mode != vc->vc_mode) { 1262 if (vc->vc_mode == KD_TEXT) 1263 do_unblank_screen(1); 1264 else 1265 do_blank_screen(1); 1266 } 1267 1268 /* 1269 * If this new console is under process control, send it a signal 1270 * telling it that it has acquired. Also check if it has died and 1271 * clean up (similar to logic employed in change_console()) 1272 */ 1273 if (vc->vt_mode.mode == VT_PROCESS) { 1274 /* 1275 * Send the signal as privileged - kill_pid() will 1276 * tell us if the process has gone or something else 1277 * is awry 1278 */ 1279 if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) { 1280 /* 1281 * The controlling process has died, so we revert back to 1282 * normal operation. In this case, we'll also change back 1283 * to KD_TEXT mode. I'm not sure if this is strictly correct 1284 * but it saves the agony when the X server dies and the screen 1285 * remains blanked due to KD_GRAPHICS! It would be nice to do 1286 * this outside of VT_PROCESS but there is no single process 1287 * to account for and tracking tty count may be undesirable. 1288 */ 1289 reset_vc(vc); 1290 1291 if (old_vc_mode != vc->vc_mode) { 1292 if (vc->vc_mode == KD_TEXT) 1293 do_unblank_screen(1); 1294 else 1295 do_blank_screen(1); 1296 } 1297 } 1298 } 1299 1300 /* 1301 * Wake anyone waiting for their VT to activate 1302 */ 1303 vt_event_post(VT_EVENT_SWITCH, old, vc->vc_num); 1304 return; 1305 } 1306 1307 /* 1308 * Performs the front-end of a vt switch 1309 */ 1310 void change_console(struct vc_data *new_vc) 1311 { 1312 struct vc_data *vc; 1313 1314 if (!new_vc || new_vc->vc_num == fg_console || vt_dont_switch) 1315 return; 1316 1317 /* 1318 * If this vt is in process mode, then we need to handshake with 1319 * that process before switching. Essentially, we store where that 1320 * vt wants to switch to and wait for it to tell us when it's done 1321 * (via VT_RELDISP ioctl). 1322 * 1323 * We also check to see if the controlling process still exists. 1324 * If it doesn't, we reset this vt to auto mode and continue. 1325 * This is a cheap way to track process control. The worst thing 1326 * that can happen is: we send a signal to a process, it dies, and 1327 * the switch gets "lost" waiting for a response; hopefully, the 1328 * user will try again, we'll detect the process is gone (unless 1329 * the user waits just the right amount of time :-) and revert the 1330 * vt to auto control. 1331 */ 1332 vc = vc_cons[fg_console].d; 1333 if (vc->vt_mode.mode == VT_PROCESS) { 1334 /* 1335 * Send the signal as privileged - kill_pid() will 1336 * tell us if the process has gone or something else 1337 * is awry. 1338 * 1339 * We need to set vt_newvt *before* sending the signal or we 1340 * have a race. 1341 */ 1342 vc->vt_newvt = new_vc->vc_num; 1343 if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) { 1344 /* 1345 * It worked. Mark the vt to switch to and 1346 * return. The process needs to send us a 1347 * VT_RELDISP ioctl to complete the switch. 1348 */ 1349 return; 1350 } 1351 1352 /* 1353 * The controlling process has died, so we revert back to 1354 * normal operation. In this case, we'll also change back 1355 * to KD_TEXT mode. I'm not sure if this is strictly correct 1356 * but it saves the agony when the X server dies and the screen 1357 * remains blanked due to KD_GRAPHICS! It would be nice to do 1358 * this outside of VT_PROCESS but there is no single process 1359 * to account for and tracking tty count may be undesirable. 1360 */ 1361 reset_vc(vc); 1362 1363 /* 1364 * Fall through to normal (VT_AUTO) handling of the switch... 1365 */ 1366 } 1367 1368 /* 1369 * Ignore all switches in KD_GRAPHICS+VT_AUTO mode 1370 */ 1371 if (vc->vc_mode == KD_GRAPHICS) 1372 return; 1373 1374 complete_change_console(new_vc); 1375 } 1376 1377 /* Perform a kernel triggered VT switch for suspend/resume */ 1378 1379 static int disable_vt_switch; 1380 1381 int vt_move_to_console(unsigned int vt, int alloc) 1382 { 1383 int prev; 1384 1385 console_lock(); 1386 /* Graphics mode - up to X */ 1387 if (disable_vt_switch) { 1388 console_unlock(); 1389 return 0; 1390 } 1391 prev = fg_console; 1392 1393 if (alloc && vc_allocate(vt)) { 1394 /* we can't have a free VC for now. Too bad, 1395 * we don't want to mess the screen for now. */ 1396 console_unlock(); 1397 return -ENOSPC; 1398 } 1399 1400 if (set_console(vt)) { 1401 /* 1402 * We're unable to switch to the SUSPEND_CONSOLE. 1403 * Let the calling function know so it can decide 1404 * what to do. 1405 */ 1406 console_unlock(); 1407 return -EIO; 1408 } 1409 console_unlock(); 1410 tty_lock(); 1411 if (vt_waitactive(vt + 1)) { 1412 pr_debug("Suspend: Can't switch VCs."); 1413 tty_unlock(); 1414 return -EINTR; 1415 } 1416 tty_unlock(); 1417 return prev; 1418 } 1419 1420 /* 1421 * Normally during a suspend, we allocate a new console and switch to it. 1422 * When we resume, we switch back to the original console. This switch 1423 * can be slow, so on systems where the framebuffer can handle restoration 1424 * of video registers anyways, there's little point in doing the console 1425 * switch. This function allows you to disable it by passing it '0'. 1426 */ 1427 void pm_set_vt_switch(int do_switch) 1428 { 1429 console_lock(); 1430 disable_vt_switch = !do_switch; 1431 console_unlock(); 1432 } 1433 EXPORT_SYMBOL(pm_set_vt_switch); 1434