1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1992 obz under the linux copyright 4 * 5 * Dynamic diacritical handling - aeb@cwi.nl - Dec 1993 6 * Dynamic keymap and string allocation - aeb@cwi.nl - May 1994 7 * Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995 8 * Some code moved for less code duplication - Andi Kleen - Mar 1997 9 * Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001 10 */ 11 12 #include <linux/types.h> 13 #include <linux/errno.h> 14 #include <linux/sched/signal.h> 15 #include <linux/tty.h> 16 #include <linux/timer.h> 17 #include <linux/kernel.h> 18 #include <linux/compat.h> 19 #include <linux/module.h> 20 #include <linux/kd.h> 21 #include <linux/vt.h> 22 #include <linux/string.h> 23 #include <linux/slab.h> 24 #include <linux/major.h> 25 #include <linux/fs.h> 26 #include <linux/console.h> 27 #include <linux/consolemap.h> 28 #include <linux/signal.h> 29 #include <linux/suspend.h> 30 #include <linux/timex.h> 31 32 #include <asm/io.h> 33 #include <linux/uaccess.h> 34 35 #include <linux/kbd_kern.h> 36 #include <linux/vt_kern.h> 37 #include <linux/kbd_diacr.h> 38 #include <linux/selection.h> 39 40 char vt_dont_switch; 41 extern struct tty_driver *console_driver; 42 43 #define VT_IS_IN_USE(i) (console_driver->ttys[i] && console_driver->ttys[i]->count) 44 #define VT_BUSY(i) (VT_IS_IN_USE(i) || i == fg_console || vc_cons[i].d == sel_cons) 45 46 /* 47 * Console (vt and kd) routines, as defined by USL SVR4 manual, and by 48 * experimentation and study of X386 SYSV handling. 49 * 50 * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and 51 * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console, 52 * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will 53 * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to 54 * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using 55 * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing 56 * to the current console is done by the main ioctl code. 57 */ 58 59 #ifdef CONFIG_X86 60 #include <asm/syscalls.h> 61 #endif 62 63 static void complete_change_console(struct vc_data *vc); 64 65 /* 66 * User space VT_EVENT handlers 67 */ 68 69 struct vt_event_wait { 70 struct list_head list; 71 struct vt_event event; 72 int done; 73 }; 74 75 static LIST_HEAD(vt_events); 76 static DEFINE_SPINLOCK(vt_event_lock); 77 static DECLARE_WAIT_QUEUE_HEAD(vt_event_waitqueue); 78 79 /** 80 * vt_event_post 81 * @event: the event that occurred 82 * @old: old console 83 * @new: new console 84 * 85 * Post an VT event to interested VT handlers 86 */ 87 88 void vt_event_post(unsigned int event, unsigned int old, unsigned int new) 89 { 90 struct list_head *pos, *head; 91 unsigned long flags; 92 int wake = 0; 93 94 spin_lock_irqsave(&vt_event_lock, flags); 95 head = &vt_events; 96 97 list_for_each(pos, head) { 98 struct vt_event_wait *ve = list_entry(pos, 99 struct vt_event_wait, list); 100 if (!(ve->event.event & event)) 101 continue; 102 ve->event.event = event; 103 /* kernel view is consoles 0..n-1, user space view is 104 console 1..n with 0 meaning current, so we must bias */ 105 ve->event.oldev = old + 1; 106 ve->event.newev = new + 1; 107 wake = 1; 108 ve->done = 1; 109 } 110 spin_unlock_irqrestore(&vt_event_lock, flags); 111 if (wake) 112 wake_up_interruptible(&vt_event_waitqueue); 113 } 114 115 static void __vt_event_queue(struct vt_event_wait *vw) 116 { 117 unsigned long flags; 118 /* Prepare the event */ 119 INIT_LIST_HEAD(&vw->list); 120 vw->done = 0; 121 /* Queue our event */ 122 spin_lock_irqsave(&vt_event_lock, flags); 123 list_add(&vw->list, &vt_events); 124 spin_unlock_irqrestore(&vt_event_lock, flags); 125 } 126 127 static void __vt_event_wait(struct vt_event_wait *vw) 128 { 129 /* Wait for it to pass */ 130 wait_event_interruptible(vt_event_waitqueue, vw->done); 131 } 132 133 static void __vt_event_dequeue(struct vt_event_wait *vw) 134 { 135 unsigned long flags; 136 137 /* Dequeue it */ 138 spin_lock_irqsave(&vt_event_lock, flags); 139 list_del(&vw->list); 140 spin_unlock_irqrestore(&vt_event_lock, flags); 141 } 142 143 /** 144 * vt_event_wait - wait for an event 145 * @vw: our event 146 * 147 * Waits for an event to occur which completes our vt_event_wait 148 * structure. On return the structure has wv->done set to 1 for success 149 * or 0 if some event such as a signal ended the wait. 150 */ 151 152 static void vt_event_wait(struct vt_event_wait *vw) 153 { 154 __vt_event_queue(vw); 155 __vt_event_wait(vw); 156 __vt_event_dequeue(vw); 157 } 158 159 /** 160 * vt_event_wait_ioctl - event ioctl handler 161 * @arg: argument to ioctl 162 * 163 * Implement the VT_WAITEVENT ioctl using the VT event interface 164 */ 165 166 static int vt_event_wait_ioctl(struct vt_event __user *event) 167 { 168 struct vt_event_wait vw; 169 170 if (copy_from_user(&vw.event, event, sizeof(struct vt_event))) 171 return -EFAULT; 172 /* Highest supported event for now */ 173 if (vw.event.event & ~VT_MAX_EVENT) 174 return -EINVAL; 175 176 vt_event_wait(&vw); 177 /* If it occurred report it */ 178 if (vw.done) { 179 if (copy_to_user(event, &vw.event, sizeof(struct vt_event))) 180 return -EFAULT; 181 return 0; 182 } 183 return -EINTR; 184 } 185 186 /** 187 * vt_waitactive - active console wait 188 * @event: event code 189 * @n: new console 190 * 191 * Helper for event waits. Used to implement the legacy 192 * event waiting ioctls in terms of events 193 */ 194 195 int vt_waitactive(int n) 196 { 197 struct vt_event_wait vw; 198 do { 199 vw.event.event = VT_EVENT_SWITCH; 200 __vt_event_queue(&vw); 201 if (n == fg_console + 1) { 202 __vt_event_dequeue(&vw); 203 break; 204 } 205 __vt_event_wait(&vw); 206 __vt_event_dequeue(&vw); 207 if (vw.done == 0) 208 return -EINTR; 209 } while (vw.event.newev != n); 210 return 0; 211 } 212 213 /* 214 * these are the valid i/o ports we're allowed to change. they map all the 215 * video ports 216 */ 217 #define GPFIRST 0x3b4 218 #define GPLAST 0x3df 219 #define GPNUM (GPLAST - GPFIRST + 1) 220 221 222 223 static inline int 224 do_fontx_ioctl(int cmd, struct consolefontdesc __user *user_cfd, int perm, struct console_font_op *op) 225 { 226 struct consolefontdesc cfdarg; 227 int i; 228 229 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct consolefontdesc))) 230 return -EFAULT; 231 232 switch (cmd) { 233 case PIO_FONTX: 234 if (!perm) 235 return -EPERM; 236 op->op = KD_FONT_OP_SET; 237 op->flags = KD_FONT_FLAG_OLD; 238 op->width = 8; 239 op->height = cfdarg.charheight; 240 op->charcount = cfdarg.charcount; 241 op->data = cfdarg.chardata; 242 return con_font_op(vc_cons[fg_console].d, op); 243 case GIO_FONTX: { 244 op->op = KD_FONT_OP_GET; 245 op->flags = KD_FONT_FLAG_OLD; 246 op->width = 8; 247 op->height = cfdarg.charheight; 248 op->charcount = cfdarg.charcount; 249 op->data = cfdarg.chardata; 250 i = con_font_op(vc_cons[fg_console].d, op); 251 if (i) 252 return i; 253 cfdarg.charheight = op->height; 254 cfdarg.charcount = op->charcount; 255 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct consolefontdesc))) 256 return -EFAULT; 257 return 0; 258 } 259 } 260 return -EINVAL; 261 } 262 263 static inline int 264 do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud, int perm, struct vc_data *vc) 265 { 266 struct unimapdesc tmp; 267 268 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 269 return -EFAULT; 270 switch (cmd) { 271 case PIO_UNIMAP: 272 if (!perm) 273 return -EPERM; 274 return con_set_unimap(vc, tmp.entry_ct, tmp.entries); 275 case GIO_UNIMAP: 276 if (!perm && fg_console != vc->vc_num) 277 return -EPERM; 278 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp.entries); 279 } 280 return 0; 281 } 282 283 /* deallocate a single console, if possible (leave 0) */ 284 static int vt_disallocate(unsigned int vc_num) 285 { 286 struct vc_data *vc = NULL; 287 int ret = 0; 288 289 console_lock(); 290 if (VT_BUSY(vc_num)) 291 ret = -EBUSY; 292 else if (vc_num) 293 vc = vc_deallocate(vc_num); 294 console_unlock(); 295 296 if (vc && vc_num >= MIN_NR_CONSOLES) { 297 tty_port_destroy(&vc->port); 298 kfree(vc); 299 } 300 301 return ret; 302 } 303 304 /* deallocate all unused consoles, but leave 0 */ 305 static void vt_disallocate_all(void) 306 { 307 struct vc_data *vc[MAX_NR_CONSOLES]; 308 int i; 309 310 console_lock(); 311 for (i = 1; i < MAX_NR_CONSOLES; i++) 312 if (!VT_BUSY(i)) 313 vc[i] = vc_deallocate(i); 314 else 315 vc[i] = NULL; 316 console_unlock(); 317 318 for (i = 1; i < MAX_NR_CONSOLES; i++) { 319 if (vc[i] && i >= MIN_NR_CONSOLES) { 320 tty_port_destroy(&vc[i]->port); 321 kfree(vc[i]); 322 } 323 } 324 } 325 326 327 /* 328 * We handle the console-specific ioctl's here. We allow the 329 * capability to modify any console, not just the fg_console. 330 */ 331 int vt_ioctl(struct tty_struct *tty, 332 unsigned int cmd, unsigned long arg) 333 { 334 struct vc_data *vc = tty->driver_data; 335 struct console_font_op op; /* used in multiple places here */ 336 unsigned int console; 337 unsigned char ucval; 338 unsigned int uival; 339 void __user *up = (void __user *)arg; 340 int i, perm; 341 int ret = 0; 342 343 console = vc->vc_num; 344 345 346 if (!vc_cons_allocated(console)) { /* impossible? */ 347 ret = -ENOIOCTLCMD; 348 goto out; 349 } 350 351 352 /* 353 * To have permissions to do most of the vt ioctls, we either have 354 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 355 */ 356 perm = 0; 357 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 358 perm = 1; 359 360 switch (cmd) { 361 case TIOCLINUX: 362 ret = tioclinux(tty, arg); 363 break; 364 case KIOCSOUND: 365 if (!perm) 366 return -EPERM; 367 /* 368 * The use of PIT_TICK_RATE is historic, it used to be 369 * the platform-dependent CLOCK_TICK_RATE between 2.6.12 370 * and 2.6.36, which was a minor but unfortunate ABI 371 * change. kd_mksound is locked by the input layer. 372 */ 373 if (arg) 374 arg = PIT_TICK_RATE / arg; 375 kd_mksound(arg, 0); 376 break; 377 378 case KDMKTONE: 379 if (!perm) 380 return -EPERM; 381 { 382 unsigned int ticks, count; 383 384 /* 385 * Generate the tone for the appropriate number of ticks. 386 * If the time is zero, turn off sound ourselves. 387 */ 388 ticks = msecs_to_jiffies((arg >> 16) & 0xffff); 389 count = ticks ? (arg & 0xffff) : 0; 390 if (count) 391 count = PIT_TICK_RATE / count; 392 kd_mksound(count, ticks); 393 break; 394 } 395 396 case KDGKBTYPE: 397 /* 398 * this is naïve. 399 */ 400 ucval = KB_101; 401 ret = put_user(ucval, (char __user *)arg); 402 break; 403 404 /* 405 * These cannot be implemented on any machine that implements 406 * ioperm() in user level (such as Alpha PCs) or not at all. 407 * 408 * XXX: you should never use these, just call ioperm directly.. 409 */ 410 #ifdef CONFIG_X86 411 case KDADDIO: 412 case KDDELIO: 413 /* 414 * KDADDIO and KDDELIO may be able to add ports beyond what 415 * we reject here, but to be safe... 416 * 417 * These are locked internally via sys_ioperm 418 */ 419 if (arg < GPFIRST || arg > GPLAST) { 420 ret = -EINVAL; 421 break; 422 } 423 ret = ksys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0; 424 break; 425 426 case KDENABIO: 427 case KDDISABIO: 428 ret = ksys_ioperm(GPFIRST, GPNUM, 429 (cmd == KDENABIO)) ? -ENXIO : 0; 430 break; 431 #endif 432 433 /* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */ 434 435 case KDKBDREP: 436 { 437 struct kbd_repeat kbrep; 438 439 if (!capable(CAP_SYS_TTY_CONFIG)) 440 return -EPERM; 441 442 if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat))) { 443 ret = -EFAULT; 444 break; 445 } 446 ret = kbd_rate(&kbrep); 447 if (ret) 448 break; 449 if (copy_to_user(up, &kbrep, sizeof(struct kbd_repeat))) 450 ret = -EFAULT; 451 break; 452 } 453 454 case KDSETMODE: 455 /* 456 * currently, setting the mode from KD_TEXT to KD_GRAPHICS 457 * doesn't do a whole lot. i'm not sure if it should do any 458 * restoration of modes or what... 459 * 460 * XXX It should at least call into the driver, fbdev's definitely 461 * need to restore their engine state. --BenH 462 */ 463 if (!perm) 464 return -EPERM; 465 switch (arg) { 466 case KD_GRAPHICS: 467 break; 468 case KD_TEXT0: 469 case KD_TEXT1: 470 arg = KD_TEXT; 471 case KD_TEXT: 472 break; 473 default: 474 ret = -EINVAL; 475 goto out; 476 } 477 /* FIXME: this needs the console lock extending */ 478 if (vc->vc_mode == (unsigned char) arg) 479 break; 480 vc->vc_mode = (unsigned char) arg; 481 if (console != fg_console) 482 break; 483 /* 484 * explicitly blank/unblank the screen if switching modes 485 */ 486 console_lock(); 487 if (arg == KD_TEXT) 488 do_unblank_screen(1); 489 else 490 do_blank_screen(1); 491 console_unlock(); 492 break; 493 494 case KDGETMODE: 495 uival = vc->vc_mode; 496 goto setint; 497 498 case KDMAPDISP: 499 case KDUNMAPDISP: 500 /* 501 * these work like a combination of mmap and KDENABIO. 502 * this could be easily finished. 503 */ 504 ret = -EINVAL; 505 break; 506 507 case KDSKBMODE: 508 if (!perm) 509 return -EPERM; 510 ret = vt_do_kdskbmode(console, arg); 511 if (ret == 0) 512 tty_ldisc_flush(tty); 513 break; 514 515 case KDGKBMODE: 516 uival = vt_do_kdgkbmode(console); 517 ret = put_user(uival, (int __user *)arg); 518 break; 519 520 /* this could be folded into KDSKBMODE, but for compatibility 521 reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */ 522 case KDSKBMETA: 523 ret = vt_do_kdskbmeta(console, arg); 524 break; 525 526 case KDGKBMETA: 527 /* FIXME: should review whether this is worth locking */ 528 uival = vt_do_kdgkbmeta(console); 529 setint: 530 ret = put_user(uival, (int __user *)arg); 531 break; 532 533 case KDGETKEYCODE: 534 case KDSETKEYCODE: 535 if(!capable(CAP_SYS_TTY_CONFIG)) 536 perm = 0; 537 ret = vt_do_kbkeycode_ioctl(cmd, up, perm); 538 break; 539 540 case KDGKBENT: 541 case KDSKBENT: 542 ret = vt_do_kdsk_ioctl(cmd, up, perm, console); 543 break; 544 545 case KDGKBSENT: 546 case KDSKBSENT: 547 ret = vt_do_kdgkb_ioctl(cmd, up, perm); 548 break; 549 550 /* Diacritical processing. Handled in keyboard.c as it has 551 to operate on the keyboard locks and structures */ 552 case KDGKBDIACR: 553 case KDGKBDIACRUC: 554 case KDSKBDIACR: 555 case KDSKBDIACRUC: 556 ret = vt_do_diacrit(cmd, up, perm); 557 break; 558 559 /* the ioctls below read/set the flags usually shown in the leds */ 560 /* don't use them - they will go away without warning */ 561 case KDGKBLED: 562 case KDSKBLED: 563 case KDGETLED: 564 case KDSETLED: 565 ret = vt_do_kdskled(console, cmd, arg, perm); 566 break; 567 568 /* 569 * A process can indicate its willingness to accept signals 570 * generated by pressing an appropriate key combination. 571 * Thus, one can have a daemon that e.g. spawns a new console 572 * upon a keypress and then changes to it. 573 * See also the kbrequest field of inittab(5). 574 */ 575 case KDSIGACCEPT: 576 { 577 if (!perm || !capable(CAP_KILL)) 578 return -EPERM; 579 if (!valid_signal(arg) || arg < 1 || arg == SIGKILL) 580 ret = -EINVAL; 581 else { 582 spin_lock_irq(&vt_spawn_con.lock); 583 put_pid(vt_spawn_con.pid); 584 vt_spawn_con.pid = get_pid(task_pid(current)); 585 vt_spawn_con.sig = arg; 586 spin_unlock_irq(&vt_spawn_con.lock); 587 } 588 break; 589 } 590 591 case VT_SETMODE: 592 { 593 struct vt_mode tmp; 594 595 if (!perm) 596 return -EPERM; 597 if (copy_from_user(&tmp, up, sizeof(struct vt_mode))) { 598 ret = -EFAULT; 599 goto out; 600 } 601 if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS) { 602 ret = -EINVAL; 603 goto out; 604 } 605 console_lock(); 606 vc->vt_mode = tmp; 607 /* the frsig is ignored, so we set it to 0 */ 608 vc->vt_mode.frsig = 0; 609 put_pid(vc->vt_pid); 610 vc->vt_pid = get_pid(task_pid(current)); 611 /* no switch is required -- saw@shade.msu.ru */ 612 vc->vt_newvt = -1; 613 console_unlock(); 614 break; 615 } 616 617 case VT_GETMODE: 618 { 619 struct vt_mode tmp; 620 int rc; 621 622 console_lock(); 623 memcpy(&tmp, &vc->vt_mode, sizeof(struct vt_mode)); 624 console_unlock(); 625 626 rc = copy_to_user(up, &tmp, sizeof(struct vt_mode)); 627 if (rc) 628 ret = -EFAULT; 629 break; 630 } 631 632 /* 633 * Returns global vt state. Note that VT 0 is always open, since 634 * it's an alias for the current VT, and people can't use it here. 635 * We cannot return state for more than 16 VTs, since v_state is short. 636 */ 637 case VT_GETSTATE: 638 { 639 struct vt_stat __user *vtstat = up; 640 unsigned short state, mask; 641 642 /* Review: FIXME: Console lock ? */ 643 if (put_user(fg_console + 1, &vtstat->v_active)) 644 ret = -EFAULT; 645 else { 646 state = 1; /* /dev/tty0 is always open */ 647 for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask; 648 ++i, mask <<= 1) 649 if (VT_IS_IN_USE(i)) 650 state |= mask; 651 ret = put_user(state, &vtstat->v_state); 652 } 653 break; 654 } 655 656 /* 657 * Returns the first available (non-opened) console. 658 */ 659 case VT_OPENQRY: 660 /* FIXME: locking ? - but then this is a stupid API */ 661 for (i = 0; i < MAX_NR_CONSOLES; ++i) 662 if (! VT_IS_IN_USE(i)) 663 break; 664 uival = i < MAX_NR_CONSOLES ? (i+1) : -1; 665 goto setint; 666 667 /* 668 * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num, 669 * with num >= 1 (switches to vt 0, our console, are not allowed, just 670 * to preserve sanity). 671 */ 672 case VT_ACTIVATE: 673 if (!perm) 674 return -EPERM; 675 if (arg == 0 || arg > MAX_NR_CONSOLES) 676 ret = -ENXIO; 677 else { 678 arg--; 679 console_lock(); 680 ret = vc_allocate(arg); 681 console_unlock(); 682 if (ret) 683 break; 684 set_console(arg); 685 } 686 break; 687 688 case VT_SETACTIVATE: 689 { 690 struct vt_setactivate vsa; 691 692 if (!perm) 693 return -EPERM; 694 695 if (copy_from_user(&vsa, (struct vt_setactivate __user *)arg, 696 sizeof(struct vt_setactivate))) { 697 ret = -EFAULT; 698 goto out; 699 } 700 if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES) 701 ret = -ENXIO; 702 else { 703 vsa.console--; 704 console_lock(); 705 ret = vc_allocate(vsa.console); 706 if (ret == 0) { 707 struct vc_data *nvc; 708 /* This is safe providing we don't drop the 709 console sem between vc_allocate and 710 finishing referencing nvc */ 711 nvc = vc_cons[vsa.console].d; 712 nvc->vt_mode = vsa.mode; 713 nvc->vt_mode.frsig = 0; 714 put_pid(nvc->vt_pid); 715 nvc->vt_pid = get_pid(task_pid(current)); 716 } 717 console_unlock(); 718 if (ret) 719 break; 720 /* Commence switch and lock */ 721 /* Review set_console locks */ 722 set_console(vsa.console); 723 } 724 break; 725 } 726 727 /* 728 * wait until the specified VT has been activated 729 */ 730 case VT_WAITACTIVE: 731 if (!perm) 732 return -EPERM; 733 if (arg == 0 || arg > MAX_NR_CONSOLES) 734 ret = -ENXIO; 735 else 736 ret = vt_waitactive(arg); 737 break; 738 739 /* 740 * If a vt is under process control, the kernel will not switch to it 741 * immediately, but postpone the operation until the process calls this 742 * ioctl, allowing the switch to complete. 743 * 744 * According to the X sources this is the behavior: 745 * 0: pending switch-from not OK 746 * 1: pending switch-from OK 747 * 2: completed switch-to OK 748 */ 749 case VT_RELDISP: 750 if (!perm) 751 return -EPERM; 752 753 console_lock(); 754 if (vc->vt_mode.mode != VT_PROCESS) { 755 console_unlock(); 756 ret = -EINVAL; 757 break; 758 } 759 /* 760 * Switching-from response 761 */ 762 if (vc->vt_newvt >= 0) { 763 if (arg == 0) 764 /* 765 * Switch disallowed, so forget we were trying 766 * to do it. 767 */ 768 vc->vt_newvt = -1; 769 770 else { 771 /* 772 * The current vt has been released, so 773 * complete the switch. 774 */ 775 int newvt; 776 newvt = vc->vt_newvt; 777 vc->vt_newvt = -1; 778 ret = vc_allocate(newvt); 779 if (ret) { 780 console_unlock(); 781 break; 782 } 783 /* 784 * When we actually do the console switch, 785 * make sure we are atomic with respect to 786 * other console switches.. 787 */ 788 complete_change_console(vc_cons[newvt].d); 789 } 790 } else { 791 /* 792 * Switched-to response 793 */ 794 /* 795 * If it's just an ACK, ignore it 796 */ 797 if (arg != VT_ACKACQ) 798 ret = -EINVAL; 799 } 800 console_unlock(); 801 break; 802 803 /* 804 * Disallocate memory associated to VT (but leave VT1) 805 */ 806 case VT_DISALLOCATE: 807 if (arg > MAX_NR_CONSOLES) { 808 ret = -ENXIO; 809 break; 810 } 811 if (arg == 0) 812 vt_disallocate_all(); 813 else 814 ret = vt_disallocate(--arg); 815 break; 816 817 case VT_RESIZE: 818 { 819 struct vt_sizes __user *vtsizes = up; 820 struct vc_data *vc; 821 822 ushort ll,cc; 823 if (!perm) 824 return -EPERM; 825 if (get_user(ll, &vtsizes->v_rows) || 826 get_user(cc, &vtsizes->v_cols)) 827 ret = -EFAULT; 828 else { 829 console_lock(); 830 for (i = 0; i < MAX_NR_CONSOLES; i++) { 831 vc = vc_cons[i].d; 832 833 if (vc) { 834 vc->vc_resize_user = 1; 835 /* FIXME: review v tty lock */ 836 vc_resize(vc_cons[i].d, cc, ll); 837 } 838 } 839 console_unlock(); 840 } 841 break; 842 } 843 844 case VT_RESIZEX: 845 { 846 struct vt_consize v; 847 if (!perm) 848 return -EPERM; 849 if (copy_from_user(&v, up, sizeof(struct vt_consize))) 850 return -EFAULT; 851 /* FIXME: Should check the copies properly */ 852 if (!v.v_vlin) 853 v.v_vlin = vc->vc_scan_lines; 854 if (v.v_clin) { 855 int rows = v.v_vlin/v.v_clin; 856 if (v.v_rows != rows) { 857 if (v.v_rows) /* Parameters don't add up */ 858 return -EINVAL; 859 v.v_rows = rows; 860 } 861 } 862 if (v.v_vcol && v.v_ccol) { 863 int cols = v.v_vcol/v.v_ccol; 864 if (v.v_cols != cols) { 865 if (v.v_cols) 866 return -EINVAL; 867 v.v_cols = cols; 868 } 869 } 870 871 if (v.v_clin > 32) 872 return -EINVAL; 873 874 for (i = 0; i < MAX_NR_CONSOLES; i++) { 875 if (!vc_cons[i].d) 876 continue; 877 console_lock(); 878 if (v.v_vlin) 879 vc_cons[i].d->vc_scan_lines = v.v_vlin; 880 if (v.v_clin) 881 vc_cons[i].d->vc_font.height = v.v_clin; 882 vc_cons[i].d->vc_resize_user = 1; 883 vc_resize(vc_cons[i].d, v.v_cols, v.v_rows); 884 console_unlock(); 885 } 886 break; 887 } 888 889 case PIO_FONT: { 890 if (!perm) 891 return -EPERM; 892 op.op = KD_FONT_OP_SET; 893 op.flags = KD_FONT_FLAG_OLD | KD_FONT_FLAG_DONT_RECALC; /* Compatibility */ 894 op.width = 8; 895 op.height = 0; 896 op.charcount = 256; 897 op.data = up; 898 ret = con_font_op(vc_cons[fg_console].d, &op); 899 break; 900 } 901 902 case GIO_FONT: { 903 op.op = KD_FONT_OP_GET; 904 op.flags = KD_FONT_FLAG_OLD; 905 op.width = 8; 906 op.height = 32; 907 op.charcount = 256; 908 op.data = up; 909 ret = con_font_op(vc_cons[fg_console].d, &op); 910 break; 911 } 912 913 case PIO_CMAP: 914 if (!perm) 915 ret = -EPERM; 916 else 917 ret = con_set_cmap(up); 918 break; 919 920 case GIO_CMAP: 921 ret = con_get_cmap(up); 922 break; 923 924 case PIO_FONTX: 925 case GIO_FONTX: 926 ret = do_fontx_ioctl(cmd, up, perm, &op); 927 break; 928 929 case PIO_FONTRESET: 930 { 931 if (!perm) 932 return -EPERM; 933 934 #ifdef BROKEN_GRAPHICS_PROGRAMS 935 /* With BROKEN_GRAPHICS_PROGRAMS defined, the default 936 font is not saved. */ 937 ret = -ENOSYS; 938 break; 939 #else 940 { 941 op.op = KD_FONT_OP_SET_DEFAULT; 942 op.data = NULL; 943 ret = con_font_op(vc_cons[fg_console].d, &op); 944 if (ret) 945 break; 946 console_lock(); 947 con_set_default_unimap(vc_cons[fg_console].d); 948 console_unlock(); 949 break; 950 } 951 #endif 952 } 953 954 case KDFONTOP: { 955 if (copy_from_user(&op, up, sizeof(op))) { 956 ret = -EFAULT; 957 break; 958 } 959 if (!perm && op.op != KD_FONT_OP_GET) 960 return -EPERM; 961 ret = con_font_op(vc, &op); 962 if (ret) 963 break; 964 if (copy_to_user(up, &op, sizeof(op))) 965 ret = -EFAULT; 966 break; 967 } 968 969 case PIO_SCRNMAP: 970 if (!perm) 971 ret = -EPERM; 972 else 973 ret = con_set_trans_old(up); 974 break; 975 976 case GIO_SCRNMAP: 977 ret = con_get_trans_old(up); 978 break; 979 980 case PIO_UNISCRNMAP: 981 if (!perm) 982 ret = -EPERM; 983 else 984 ret = con_set_trans_new(up); 985 break; 986 987 case GIO_UNISCRNMAP: 988 ret = con_get_trans_new(up); 989 break; 990 991 case PIO_UNIMAPCLR: 992 if (!perm) 993 return -EPERM; 994 con_clear_unimap(vc); 995 break; 996 997 case PIO_UNIMAP: 998 case GIO_UNIMAP: 999 ret = do_unimap_ioctl(cmd, up, perm, vc); 1000 break; 1001 1002 case VT_LOCKSWITCH: 1003 if (!capable(CAP_SYS_TTY_CONFIG)) 1004 return -EPERM; 1005 vt_dont_switch = 1; 1006 break; 1007 case VT_UNLOCKSWITCH: 1008 if (!capable(CAP_SYS_TTY_CONFIG)) 1009 return -EPERM; 1010 vt_dont_switch = 0; 1011 break; 1012 case VT_GETHIFONTMASK: 1013 ret = put_user(vc->vc_hi_font_mask, 1014 (unsigned short __user *)arg); 1015 break; 1016 case VT_WAITEVENT: 1017 ret = vt_event_wait_ioctl((struct vt_event __user *)arg); 1018 break; 1019 default: 1020 ret = -ENOIOCTLCMD; 1021 } 1022 out: 1023 return ret; 1024 } 1025 1026 void reset_vc(struct vc_data *vc) 1027 { 1028 vc->vc_mode = KD_TEXT; 1029 vt_reset_unicode(vc->vc_num); 1030 vc->vt_mode.mode = VT_AUTO; 1031 vc->vt_mode.waitv = 0; 1032 vc->vt_mode.relsig = 0; 1033 vc->vt_mode.acqsig = 0; 1034 vc->vt_mode.frsig = 0; 1035 put_pid(vc->vt_pid); 1036 vc->vt_pid = NULL; 1037 vc->vt_newvt = -1; 1038 if (!in_interrupt()) /* Via keyboard.c:SAK() - akpm */ 1039 reset_palette(vc); 1040 } 1041 1042 void vc_SAK(struct work_struct *work) 1043 { 1044 struct vc *vc_con = 1045 container_of(work, struct vc, SAK_work); 1046 struct vc_data *vc; 1047 struct tty_struct *tty; 1048 1049 console_lock(); 1050 vc = vc_con->d; 1051 if (vc) { 1052 /* FIXME: review tty ref counting */ 1053 tty = vc->port.tty; 1054 /* 1055 * SAK should also work in all raw modes and reset 1056 * them properly. 1057 */ 1058 if (tty) 1059 __do_SAK(tty); 1060 reset_vc(vc); 1061 } 1062 console_unlock(); 1063 } 1064 1065 #ifdef CONFIG_COMPAT 1066 1067 struct compat_consolefontdesc { 1068 unsigned short charcount; /* characters in font (256 or 512) */ 1069 unsigned short charheight; /* scan lines per character (1-32) */ 1070 compat_caddr_t chardata; /* font data in expanded form */ 1071 }; 1072 1073 static inline int 1074 compat_fontx_ioctl(int cmd, struct compat_consolefontdesc __user *user_cfd, 1075 int perm, struct console_font_op *op) 1076 { 1077 struct compat_consolefontdesc cfdarg; 1078 int i; 1079 1080 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct compat_consolefontdesc))) 1081 return -EFAULT; 1082 1083 switch (cmd) { 1084 case PIO_FONTX: 1085 if (!perm) 1086 return -EPERM; 1087 op->op = KD_FONT_OP_SET; 1088 op->flags = KD_FONT_FLAG_OLD; 1089 op->width = 8; 1090 op->height = cfdarg.charheight; 1091 op->charcount = cfdarg.charcount; 1092 op->data = compat_ptr(cfdarg.chardata); 1093 return con_font_op(vc_cons[fg_console].d, op); 1094 case GIO_FONTX: 1095 op->op = KD_FONT_OP_GET; 1096 op->flags = KD_FONT_FLAG_OLD; 1097 op->width = 8; 1098 op->height = cfdarg.charheight; 1099 op->charcount = cfdarg.charcount; 1100 op->data = compat_ptr(cfdarg.chardata); 1101 i = con_font_op(vc_cons[fg_console].d, op); 1102 if (i) 1103 return i; 1104 cfdarg.charheight = op->height; 1105 cfdarg.charcount = op->charcount; 1106 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct compat_consolefontdesc))) 1107 return -EFAULT; 1108 return 0; 1109 } 1110 return -EINVAL; 1111 } 1112 1113 struct compat_console_font_op { 1114 compat_uint_t op; /* operation code KD_FONT_OP_* */ 1115 compat_uint_t flags; /* KD_FONT_FLAG_* */ 1116 compat_uint_t width, height; /* font size */ 1117 compat_uint_t charcount; 1118 compat_caddr_t data; /* font data with height fixed to 32 */ 1119 }; 1120 1121 static inline int 1122 compat_kdfontop_ioctl(struct compat_console_font_op __user *fontop, 1123 int perm, struct console_font_op *op, struct vc_data *vc) 1124 { 1125 int i; 1126 1127 if (copy_from_user(op, fontop, sizeof(struct compat_console_font_op))) 1128 return -EFAULT; 1129 if (!perm && op->op != KD_FONT_OP_GET) 1130 return -EPERM; 1131 op->data = compat_ptr(((struct compat_console_font_op *)op)->data); 1132 i = con_font_op(vc, op); 1133 if (i) 1134 return i; 1135 ((struct compat_console_font_op *)op)->data = (unsigned long)op->data; 1136 if (copy_to_user(fontop, op, sizeof(struct compat_console_font_op))) 1137 return -EFAULT; 1138 return 0; 1139 } 1140 1141 struct compat_unimapdesc { 1142 unsigned short entry_ct; 1143 compat_caddr_t entries; 1144 }; 1145 1146 static inline int 1147 compat_unimap_ioctl(unsigned int cmd, struct compat_unimapdesc __user *user_ud, 1148 int perm, struct vc_data *vc) 1149 { 1150 struct compat_unimapdesc tmp; 1151 struct unipair __user *tmp_entries; 1152 1153 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 1154 return -EFAULT; 1155 tmp_entries = compat_ptr(tmp.entries); 1156 switch (cmd) { 1157 case PIO_UNIMAP: 1158 if (!perm) 1159 return -EPERM; 1160 return con_set_unimap(vc, tmp.entry_ct, tmp_entries); 1161 case GIO_UNIMAP: 1162 if (!perm && fg_console != vc->vc_num) 1163 return -EPERM; 1164 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp_entries); 1165 } 1166 return 0; 1167 } 1168 1169 long vt_compat_ioctl(struct tty_struct *tty, 1170 unsigned int cmd, unsigned long arg) 1171 { 1172 struct vc_data *vc = tty->driver_data; 1173 struct console_font_op op; /* used in multiple places here */ 1174 unsigned int console; 1175 void __user *up = (void __user *)arg; 1176 int perm; 1177 int ret = 0; 1178 1179 console = vc->vc_num; 1180 1181 if (!vc_cons_allocated(console)) { /* impossible? */ 1182 ret = -ENOIOCTLCMD; 1183 goto out; 1184 } 1185 1186 /* 1187 * To have permissions to do most of the vt ioctls, we either have 1188 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 1189 */ 1190 perm = 0; 1191 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 1192 perm = 1; 1193 1194 switch (cmd) { 1195 /* 1196 * these need special handlers for incompatible data structures 1197 */ 1198 case PIO_FONTX: 1199 case GIO_FONTX: 1200 ret = compat_fontx_ioctl(cmd, up, perm, &op); 1201 break; 1202 1203 case KDFONTOP: 1204 ret = compat_kdfontop_ioctl(up, perm, &op, vc); 1205 break; 1206 1207 case PIO_UNIMAP: 1208 case GIO_UNIMAP: 1209 ret = compat_unimap_ioctl(cmd, up, perm, vc); 1210 break; 1211 1212 /* 1213 * all these treat 'arg' as an integer 1214 */ 1215 case KIOCSOUND: 1216 case KDMKTONE: 1217 #ifdef CONFIG_X86 1218 case KDADDIO: 1219 case KDDELIO: 1220 #endif 1221 case KDSETMODE: 1222 case KDMAPDISP: 1223 case KDUNMAPDISP: 1224 case KDSKBMODE: 1225 case KDSKBMETA: 1226 case KDSKBLED: 1227 case KDSETLED: 1228 case KDSIGACCEPT: 1229 case VT_ACTIVATE: 1230 case VT_WAITACTIVE: 1231 case VT_RELDISP: 1232 case VT_DISALLOCATE: 1233 case VT_RESIZE: 1234 case VT_RESIZEX: 1235 goto fallback; 1236 1237 /* 1238 * the rest has a compatible data structure behind arg, 1239 * but we have to convert it to a proper 64 bit pointer. 1240 */ 1241 default: 1242 arg = (unsigned long)compat_ptr(arg); 1243 goto fallback; 1244 } 1245 out: 1246 return ret; 1247 1248 fallback: 1249 return vt_ioctl(tty, cmd, arg); 1250 } 1251 1252 1253 #endif /* CONFIG_COMPAT */ 1254 1255 1256 /* 1257 * Performs the back end of a vt switch. Called under the console 1258 * semaphore. 1259 */ 1260 static void complete_change_console(struct vc_data *vc) 1261 { 1262 unsigned char old_vc_mode; 1263 int old = fg_console; 1264 1265 last_console = fg_console; 1266 1267 /* 1268 * If we're switching, we could be going from KD_GRAPHICS to 1269 * KD_TEXT mode or vice versa, which means we need to blank or 1270 * unblank the screen later. 1271 */ 1272 old_vc_mode = vc_cons[fg_console].d->vc_mode; 1273 switch_screen(vc); 1274 1275 /* 1276 * This can't appear below a successful kill_pid(). If it did, 1277 * then the *blank_screen operation could occur while X, having 1278 * received acqsig, is waking up on another processor. This 1279 * condition can lead to overlapping accesses to the VGA range 1280 * and the framebuffer (causing system lockups). 1281 * 1282 * To account for this we duplicate this code below only if the 1283 * controlling process is gone and we've called reset_vc. 1284 */ 1285 if (old_vc_mode != vc->vc_mode) { 1286 if (vc->vc_mode == KD_TEXT) 1287 do_unblank_screen(1); 1288 else 1289 do_blank_screen(1); 1290 } 1291 1292 /* 1293 * If this new console is under process control, send it a signal 1294 * telling it that it has acquired. Also check if it has died and 1295 * clean up (similar to logic employed in change_console()) 1296 */ 1297 if (vc->vt_mode.mode == VT_PROCESS) { 1298 /* 1299 * Send the signal as privileged - kill_pid() will 1300 * tell us if the process has gone or something else 1301 * is awry 1302 */ 1303 if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) { 1304 /* 1305 * The controlling process has died, so we revert back to 1306 * normal operation. In this case, we'll also change back 1307 * to KD_TEXT mode. I'm not sure if this is strictly correct 1308 * but it saves the agony when the X server dies and the screen 1309 * remains blanked due to KD_GRAPHICS! It would be nice to do 1310 * this outside of VT_PROCESS but there is no single process 1311 * to account for and tracking tty count may be undesirable. 1312 */ 1313 reset_vc(vc); 1314 1315 if (old_vc_mode != vc->vc_mode) { 1316 if (vc->vc_mode == KD_TEXT) 1317 do_unblank_screen(1); 1318 else 1319 do_blank_screen(1); 1320 } 1321 } 1322 } 1323 1324 /* 1325 * Wake anyone waiting for their VT to activate 1326 */ 1327 vt_event_post(VT_EVENT_SWITCH, old, vc->vc_num); 1328 return; 1329 } 1330 1331 /* 1332 * Performs the front-end of a vt switch 1333 */ 1334 void change_console(struct vc_data *new_vc) 1335 { 1336 struct vc_data *vc; 1337 1338 if (!new_vc || new_vc->vc_num == fg_console || vt_dont_switch) 1339 return; 1340 1341 /* 1342 * If this vt is in process mode, then we need to handshake with 1343 * that process before switching. Essentially, we store where that 1344 * vt wants to switch to and wait for it to tell us when it's done 1345 * (via VT_RELDISP ioctl). 1346 * 1347 * We also check to see if the controlling process still exists. 1348 * If it doesn't, we reset this vt to auto mode and continue. 1349 * This is a cheap way to track process control. The worst thing 1350 * that can happen is: we send a signal to a process, it dies, and 1351 * the switch gets "lost" waiting for a response; hopefully, the 1352 * user will try again, we'll detect the process is gone (unless 1353 * the user waits just the right amount of time :-) and revert the 1354 * vt to auto control. 1355 */ 1356 vc = vc_cons[fg_console].d; 1357 if (vc->vt_mode.mode == VT_PROCESS) { 1358 /* 1359 * Send the signal as privileged - kill_pid() will 1360 * tell us if the process has gone or something else 1361 * is awry. 1362 * 1363 * We need to set vt_newvt *before* sending the signal or we 1364 * have a race. 1365 */ 1366 vc->vt_newvt = new_vc->vc_num; 1367 if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) { 1368 /* 1369 * It worked. Mark the vt to switch to and 1370 * return. The process needs to send us a 1371 * VT_RELDISP ioctl to complete the switch. 1372 */ 1373 return; 1374 } 1375 1376 /* 1377 * The controlling process has died, so we revert back to 1378 * normal operation. In this case, we'll also change back 1379 * to KD_TEXT mode. I'm not sure if this is strictly correct 1380 * but it saves the agony when the X server dies and the screen 1381 * remains blanked due to KD_GRAPHICS! It would be nice to do 1382 * this outside of VT_PROCESS but there is no single process 1383 * to account for and tracking tty count may be undesirable. 1384 */ 1385 reset_vc(vc); 1386 1387 /* 1388 * Fall through to normal (VT_AUTO) handling of the switch... 1389 */ 1390 } 1391 1392 /* 1393 * Ignore all switches in KD_GRAPHICS+VT_AUTO mode 1394 */ 1395 if (vc->vc_mode == KD_GRAPHICS) 1396 return; 1397 1398 complete_change_console(new_vc); 1399 } 1400 1401 /* Perform a kernel triggered VT switch for suspend/resume */ 1402 1403 static int disable_vt_switch; 1404 1405 int vt_move_to_console(unsigned int vt, int alloc) 1406 { 1407 int prev; 1408 1409 console_lock(); 1410 /* Graphics mode - up to X */ 1411 if (disable_vt_switch) { 1412 console_unlock(); 1413 return 0; 1414 } 1415 prev = fg_console; 1416 1417 if (alloc && vc_allocate(vt)) { 1418 /* we can't have a free VC for now. Too bad, 1419 * we don't want to mess the screen for now. */ 1420 console_unlock(); 1421 return -ENOSPC; 1422 } 1423 1424 if (set_console(vt)) { 1425 /* 1426 * We're unable to switch to the SUSPEND_CONSOLE. 1427 * Let the calling function know so it can decide 1428 * what to do. 1429 */ 1430 console_unlock(); 1431 return -EIO; 1432 } 1433 console_unlock(); 1434 if (vt_waitactive(vt + 1)) { 1435 pr_debug("Suspend: Can't switch VCs."); 1436 return -EINTR; 1437 } 1438 return prev; 1439 } 1440 1441 /* 1442 * Normally during a suspend, we allocate a new console and switch to it. 1443 * When we resume, we switch back to the original console. This switch 1444 * can be slow, so on systems where the framebuffer can handle restoration 1445 * of video registers anyways, there's little point in doing the console 1446 * switch. This function allows you to disable it by passing it '0'. 1447 */ 1448 void pm_set_vt_switch(int do_switch) 1449 { 1450 console_lock(); 1451 disable_vt_switch = !do_switch; 1452 console_unlock(); 1453 } 1454 EXPORT_SYMBOL(pm_set_vt_switch); 1455