xref: /titanic_44/usr/src/uts/common/io/vcons.c (revision 2d6b5ea734bb47d251c82670646fde46af15fd69)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #include <sys/types.h>
28 #include <sys/param.h>
29 #include <sys/signal.h>
30 #include <sys/cred.h>
31 #include <sys/vnode.h>
32 #include <sys/termios.h>
33 #include <sys/termio.h>
34 #include <sys/ttold.h>
35 #include <sys/stropts.h>
36 #include <sys/stream.h>
37 #include <sys/strsun.h>
38 #include <sys/tty.h>
39 #include <sys/buf.h>
40 #include <sys/uio.h>
41 #include <sys/stat.h>
42 #include <sys/sysmacros.h>
43 #include <sys/errno.h>
44 #include <sys/proc.h>
45 #include <sys/procset.h>
46 #include <sys/fault.h>
47 #include <sys/siginfo.h>
48 #include <sys/debug.h>
49 #include <sys/kd.h>
50 #include <sys/vt.h>
51 #include <sys/vtdaemon.h>
52 #include <sys/session.h>
53 #include <sys/door.h>
54 #include <sys/kmem.h>
55 #include <sys/cpuvar.h>
56 #include <sys/kbio.h>
57 #include <sys/strredir.h>
58 #include <sys/fs/snode.h>
59 #include <sys/consdev.h>
60 #include <sys/conf.h>
61 #include <sys/cmn_err.h>
62 #include <sys/console.h>
63 #include <sys/promif.h>
64 #include <sys/note.h>
65 #include <sys/polled_io.h>
66 #include <sys/systm.h>
67 #include <sys/ddi.h>
68 #include <sys/sunddi.h>
69 #include <sys/sunndi.h>
70 #include <sys/esunddi.h>
71 #include <sys/sunldi.h>
72 #include <sys/debug.h>
73 #include <sys/console.h>
74 #include <sys/ddi_impldefs.h>
75 #include <sys/policy.h>
76 #include <sys/tem.h>
77 #include <sys/wscons.h>
78 #include <sys/systm.h>
79 #include <sys/modctl.h>
80 #include <sys/vt_impl.h>
81 #include <sys/consconfig_dacf.h>
82 
83 /*
84  * This file belongs to wc STREAMS module which has a D_MTPERMODE
85  * inner perimeter. See "Locking Policy" comment in wscons.c for
86  * more information.
87  */
88 
89 /*
90  * Minor	name		device file		Hotkeys
91  *
92  * 0	the system console	/dev/console		Alt + F1
93  * 0:	virtual console #1	/dev/vt/0		Alt + F1
94  *
95  * 2:   virtual console #2	/dev/vt/2		Alt + F2
96  * 3:	virtual console #3	/dev/vt/3		Alt + F3
97  * ......
98  * n:	virtual console #n	/dev/vt/n		Alt + Fn
99  *
100  * Note that vtdaemon is running on /dev/vt/1 (minor=1),
101  * which is not available to end users.
102  *
103  */
104 
105 #define	VT_DAEMON_MINOR	1
106 #define	VT_IS_DAEMON(minor)	((minor) == VT_DAEMON_MINOR)
107 
108 extern void	wc_get_size(vc_state_t *pvc);
109 extern boolean_t consconfig_console_is_tipline(void);
110 
111 
112 minor_t vc_last_console = VT_MINOR_INVALID;	/* the last used console */
113 volatile uint_t	vc_target_console;		/* arg (1..n) */
114 
115 static volatile minor_t vc_inuse_max_minor = 0;
116 static list_t vc_waitactive_list;
117 _NOTE(SCHEME_PROTECTS_DATA("D_MTPERMOD protected data", vc_target_console))
118 _NOTE(SCHEME_PROTECTS_DATA("D_MTPERMOD protected data", vc_last_console))
119 _NOTE(SCHEME_PROTECTS_DATA("D_MTPERMOD protected data", vc_inuse_max_minor))
120 _NOTE(SCHEME_PROTECTS_DATA("D_MTPERMOD protected data", vc_waitactive_list))
121 
122 static int vt_pending_vtno = -1;
123 kmutex_t vt_pending_vtno_lock;
124 _NOTE(MUTEX_PROTECTS_DATA(vt_pending_vtno_lock, vt_pending_vtno))
125 
126 static int vt_activate(uint_t vt_no, cred_t *credp);
127 static void vt_copyout(queue_t *qp, mblk_t *mp, mblk_t *tmp, uint_t size);
128 static void vt_copyin(queue_t *qp, mblk_t *mp, uint_t size);
129 static void vt_iocnak(queue_t *qp, mblk_t *mp, int error);
130 static void vt_iocack(queue_t *qp, mblk_t *mp);
131 
132 static uint_t vt_minor2arg(minor_t minor);
133 static minor_t vt_arg2minor(uint_t arg);
134 
135 /*
136  * If the system console is directed to tipline, consider /dev/vt/0 as
137  * not being used.
138  * For other VT, if it is opened and tty is initialized, consider it
139  * as being used.
140  */
141 #define	VT_IS_INUSE(id)						\
142 	(((vt_minor2vc(id))->vc_flags & WCS_ISOPEN) &&		\
143 	((vt_minor2vc(id))->vc_flags & WCS_INIT) &&		\
144 	(id != 0 || !consconfig_console_is_tipline()))
145 
146 /*
147  * the vt switching message is encoded as:
148  *
149  *   -------------------------------------------------------------
150  *   |  \033  |  'Q'  |  vtno + 'A'  |  opcode  |  'z'  |  '\0'  |
151  *   -------------------------------------------------------------
152  */
153 #define	VT_MSG_SWITCH(mp)					\
154 	((int)((mp)->b_wptr - (mp)->b_rptr) >= 5 &&		\
155 	*((mp)->b_rptr) == '\033' &&				\
156 	*((mp)->b_rptr + 1) == 'Q' &&				\
157 	*((mp)->b_rptr + 4) == 'z')
158 
159 #define	VT_MSG_VTNO(mp)		(*((mp)->b_rptr + 2) - 'A')
160 #define	VT_MSG_OPCODE(mp)	(*((mp)->b_rptr + 3))
161 
162 #define	VT_DOORCALL_MAX_RETRY	3
163 
164 static void
165 vt_init_ttycommon(tty_common_t *pcommon)
166 {
167 	struct termios *termiosp;
168 	int len;
169 
170 	mutex_init(&pcommon->t_excl, NULL, MUTEX_DEFAULT, NULL);
171 	pcommon->t_iflag = 0;
172 
173 	/*
174 	 * Get the default termios settings (cflag).
175 	 * These are stored as a property in the
176 	 * "options" node.
177 	 */
178 	if (ddi_getlongprop(DDI_DEV_T_ANY,
179 	    ddi_root_node(), 0, "ttymodes",
180 	    (caddr_t)&termiosp, &len) == DDI_PROP_SUCCESS) {
181 
182 		if (len == sizeof (struct termios))
183 			pcommon->t_cflag = termiosp->c_cflag;
184 		else
185 			cmn_err(CE_WARN,
186 			    "wc: Couldn't get ttymodes property!");
187 
188 		kmem_free(termiosp, len);
189 	} else {
190 		/*
191 		 * Gack!  Whine about it.
192 		 */
193 		cmn_err(CE_WARN,
194 		    "wc: Couldn't get ttymodes property!");
195 	}
196 
197 	pcommon->t_iocpending = NULL;
198 }
199 
200 static int
201 vt_config(uint_t count)
202 {
203 	if (consmode != CONS_KFB)
204 		return (ENOTSUP);
205 
206 	/* one for system console, one for vtdaemon */
207 	if (count < 2)
208 		return (ENXIO);
209 
210 	/*
211 	 * Shouldn't allow to shrink the max vt minor to be smaller than
212 	 * the max in used minor.
213 	 */
214 	if (count <= vc_inuse_max_minor)
215 		return (EBUSY);
216 
217 	mutex_enter(&vc_lock);
218 	vt_resize(count);
219 	mutex_exit(&vc_lock);
220 
221 	return (0);
222 }
223 
224 void
225 vt_clean(queue_t *q, vc_state_t *pvc)
226 {
227 	ASSERT(MUTEX_HELD(&pvc->vc_state_lock));
228 
229 	if (pvc->vc_bufcallid != 0) {
230 		qunbufcall(q, pvc->vc_bufcallid);
231 		pvc->vc_bufcallid = 0;
232 	}
233 	if (pvc->vc_timeoutid != 0) {
234 		(void) quntimeout(q, pvc->vc_timeoutid);
235 		pvc->vc_timeoutid = 0;
236 	}
237 	ttycommon_close(&pvc->vc_ttycommon);
238 
239 	pvc->vc_flags &= ~WCS_INIT;
240 }
241 
242 /*
243  * Reply the VT_WAITACTIVE ioctl.
244  * Argument 'close' usage:
245  * B_TRUE:  the vt designated by argument 'minor' is being closed.
246  * B_FALSE: the vt designated by argument 'minor' has been activated just now.
247  */
248 static void
249 vc_waitactive_reply(int minor, boolean_t close)
250 {
251 	vc_waitactive_msg_t *index, *tmp;
252 	vc_state_t *pvc;
253 
254 	index = list_head(&vc_waitactive_list);
255 
256 	while (index != NULL) {
257 		tmp = index;
258 		index = list_next(&vc_waitactive_list, index);
259 
260 		if ((close && tmp->wa_msg_minor == minor) ||
261 		    (!close && tmp->wa_wait_minor == minor)) {
262 			list_remove(&vc_waitactive_list, tmp);
263 			pvc = vt_minor2vc(tmp->wa_msg_minor);
264 
265 			if (close)
266 				vt_iocnak(pvc->vc_wq, tmp->wa_mp, ENXIO);
267 			else
268 				vt_iocack(pvc->vc_wq, tmp->wa_mp);
269 
270 			kmem_free(tmp, sizeof (vc_waitactive_msg_t));
271 		}
272 	}
273 }
274 
275 void
276 vt_close(queue_t *q, vc_state_t *pvc, cred_t *credp)
277 {
278 	minor_t index;
279 
280 	mutex_enter(&pvc->vc_state_lock);
281 	vt_clean(q, pvc);
282 	pvc->vc_flags &= ~WCS_ISOPEN;
283 	mutex_exit(&pvc->vc_state_lock);
284 
285 	tem_destroy(pvc->vc_tem, credp);
286 	pvc->vc_tem = NULL;
287 
288 	index = pvc->vc_minor;
289 	if (index == vc_inuse_max_minor) {
290 		while ((--index > 0) && !VT_IS_INUSE(index))
291 			;
292 		vc_inuse_max_minor = index;
293 	}
294 
295 	vc_waitactive_reply(pvc->vc_minor, B_TRUE);
296 }
297 
298 static void
299 vt_init_tty(vc_state_t *pvc)
300 {
301 	ASSERT(MUTEX_HELD(&pvc->vc_state_lock));
302 
303 	pvc->vc_flags |= WCS_INIT;
304 	vt_init_ttycommon(&pvc->vc_ttycommon);
305 	wc_get_size(pvc);
306 }
307 
308 /*
309  * minor 0:	/dev/vt/0	(index = 0, indicating the system console)
310  * minor 1:	/dev/vt/1	(index = 1, vtdaemon special console)
311  * minor 2:	/dev/vt/2	(index = 2, virtual consoles)
312  * ......
313  * minor n:	/dev/vt/n	(index = n)
314  *
315  *
316  * The system console (minor 0), is opened firstly and used during console
317  * configuration.  It also acts as the system hard console even when all
318  * virtual consoles go off.
319  *
320  * In tipline case, minor 0 (/dev/vt/0) is reserved, and cannot be switched to.
321  * And the system console is redirected to the tipline. During normal cases,
322  * we can switch from virtual consoles to it by pressing 'Alt + F1'.
323  *
324  * minor 1 (/dev/vt/1) is reserved for vtdaemon special console, and it's
325  * not available to end users.
326  *
327  * During early console configuration, consconfig_dacf opens wscons and then
328  * issue a WC_OPEN_FB ioctl to kick off terminal init process. So during
329  * consconfig_dacf first opening of wscons, tems (of type tem_state_t) is
330  * not initialized. We do not initialize the tem_vt_state_t instance returned
331  * by tem_init() for this open, since we do not have enough info to handle
332  * normal terminal operation at this moment. This tem_vt_state_t instance
333  * will get initialized when handling WC_OPEN_FB.
334  */
335 int
336 vt_open(minor_t minor, queue_t *rq, cred_t *crp)
337 {
338 	vc_state_t *pvc;
339 
340 	if (!vt_minor_valid(minor))
341 		return (ENXIO);
342 
343 	pvc = vt_minor2vc(minor);
344 	if (pvc == NULL)
345 		return (ENXIO);
346 
347 	mutex_enter(&vc_lock);
348 	mutex_enter(&pvc->vc_state_lock);
349 
350 	if (!(pvc->vc_flags & WCS_ISOPEN)) {
351 		/*
352 		 * vc_tem might not be intialized if !tems.ts_initialized,
353 		 * and this only happens during console configuration.
354 		 */
355 		pvc->vc_tem = tem_init(crp);
356 	}
357 
358 	if (!(pvc->vc_flags & WCS_INIT))
359 		vt_init_tty(pvc);
360 
361 	/*
362 	 * In normal case, the first screen is the system console;
363 	 * In tipline case, the first screen is the first VT that gets started.
364 	 */
365 	if (vc_active_console == VT_MINOR_INVALID && minor != VT_DAEMON_MINOR)
366 		if (minor == 0 || consmode == CONS_KFB) {
367 			boolean_t unblank = B_FALSE;
368 
369 			vc_active_console = minor;
370 			vc_last_console = minor;
371 			if (minor != 0) {
372 				/*
373 				 * If we are not opening the system console
374 				 * as the first console, clear the phyical
375 				 * screen.
376 				 */
377 				unblank = B_TRUE;
378 			}
379 
380 			tem_activate(pvc->vc_tem, unblank, crp);
381 		}
382 
383 	if ((pvc->vc_ttycommon.t_flags & TS_XCLUDE) &&
384 	    (secpolicy_excl_open(crp) != 0)) {
385 		mutex_exit(&pvc->vc_state_lock);
386 		mutex_exit(&vc_lock);
387 		return (EBUSY);
388 	}
389 
390 	if (minor > vc_inuse_max_minor)
391 		vc_inuse_max_minor = minor;
392 
393 	pvc->vc_flags |= WCS_ISOPEN;
394 	pvc->vc_ttycommon.t_readq = rq;
395 	pvc->vc_ttycommon.t_writeq = WR(rq);
396 
397 	mutex_exit(&pvc->vc_state_lock);
398 	mutex_exit(&vc_lock);
399 
400 	rq->q_ptr = pvc;
401 	WR(rq)->q_ptr = pvc;
402 	pvc->vc_wq = WR(rq);
403 
404 	qprocson(rq);
405 	return (0);
406 }
407 
408 static minor_t
409 vt_find_prev(minor_t cur)
410 {
411 	minor_t i, t, max;
412 
413 	ASSERT(vc_active_console != VT_MINOR_INVALID);
414 
415 	max = VC_INSTANCES_COUNT;
416 
417 	for (i = cur - 1; (t = (i + max) % max) != cur; i--)
418 		if (!VT_IS_DAEMON(t) && VT_IS_INUSE(t))
419 			return (t);
420 
421 	return (VT_MINOR_INVALID);
422 }
423 
424 static minor_t
425 vt_find_next(minor_t cur)
426 {
427 	minor_t i, t, max;
428 
429 	ASSERT(vc_active_console != VT_MINOR_INVALID);
430 
431 	max = VC_INSTANCES_COUNT;
432 
433 	for (i = cur + 1; (t = (i + max) % max) != cur; i++)
434 		if (!VT_IS_DAEMON(t) && VT_IS_INUSE(t))
435 			return (t);
436 
437 	return (VT_MINOR_INVALID);
438 }
439 
440 /* ARGSUSED */
441 void
442 vt_send_hotkeys(void *timeout_arg)
443 {
444 	door_handle_t door;
445 	vt_cmd_arg_t arg;
446 	int error = 0;
447 	int retries = 0;
448 	door_arg_t door_arg;
449 
450 	arg.vt_ev = VT_EV_HOTKEYS;
451 
452 	mutex_enter(&vt_pending_vtno_lock);
453 	arg.vt_num = vt_pending_vtno;
454 	mutex_exit(&vt_pending_vtno_lock);
455 
456 	/* only available in kernel context or user context */
457 	if (door_ki_open(VT_DAEMON_DOOR_FILE, &door) != 0) {
458 		mutex_enter(&vt_pending_vtno_lock);
459 		vt_pending_vtno = -1;
460 		mutex_exit(&vt_pending_vtno_lock);
461 		return;
462 	}
463 
464 	door_arg.rbuf = NULL;
465 	door_arg.rsize = 0;
466 	door_arg.data_ptr = (void *)&arg;
467 	door_arg.data_size = sizeof (arg);
468 	door_arg.desc_ptr = NULL;
469 	door_arg.desc_num = 0;
470 
471 	/*
472 	 * Make door upcall
473 	 */
474 	while ((error = door_ki_upcall(door, &door_arg)) != 0 &&
475 	    retries < VT_DOORCALL_MAX_RETRY)
476 		if (error == EAGAIN || error == EINTR)
477 			retries++;
478 		else
479 			break;
480 
481 	door_ki_rele(door);
482 
483 	mutex_enter(&vt_pending_vtno_lock);
484 	vt_pending_vtno = -1;
485 	mutex_exit(&vt_pending_vtno_lock);
486 }
487 
488 static boolean_t
489 vt_validate_hotkeys(int minor)
490 {
491 	/*
492 	 * minor should not succeed the existing minor numbers range.
493 	 */
494 	if (!vt_minor_valid(minor))
495 		return (B_FALSE);
496 
497 	/*
498 	 * Shouldn't switch to /dev/vt/1 or an unused vt.
499 	 */
500 	if (!VT_IS_DAEMON(minor) && VT_IS_INUSE(minor))
501 		return (B_TRUE);
502 
503 	return (B_FALSE);
504 }
505 
506 static void
507 vt_trigger_hotkeys(int vtno)
508 {
509 	mutex_enter(&vt_pending_vtno_lock);
510 
511 	if (vt_pending_vtno != -1) {
512 		mutex_exit(&vt_pending_vtno_lock);
513 		return;
514 	}
515 
516 	vt_pending_vtno = vtno;
517 	mutex_exit(&vt_pending_vtno_lock);
518 	(void) timeout(vt_send_hotkeys, NULL, 1);
519 }
520 
521 /*
522  * return value:
523  *    0:    non msg of vt hotkeys
524  *    1:    msg of vt hotkeys
525  */
526 int
527 vt_check_hotkeys(mblk_t *mp)
528 {
529 	int vtno = 0;
530 	minor_t minor = 0;
531 
532 	/* LINTED E_PTRDIFF_OVERFLOW */
533 	if (!VT_MSG_SWITCH(mp))
534 		return (0);
535 
536 	switch (VT_MSG_OPCODE(mp)) {
537 	case 'B':
538 		/* find out the previous vt */
539 		if (vc_active_console == VT_MINOR_INVALID)
540 			return (1);
541 
542 		if (VT_IS_DAEMON(vc_active_console)) {
543 			minor = vt_find_prev(vt_arg2minor(vc_target_console));
544 			break;
545 		}
546 
547 		minor = vt_find_prev(vc_active_console);
548 		break;
549 	case 'F':
550 		/* find out the next vt */
551 		if (vc_active_console == VT_MINOR_INVALID)
552 			return (1);
553 
554 		if (VT_IS_DAEMON(vc_active_console)) {
555 			minor = vt_find_next(vt_arg2minor(vc_target_console));
556 			break;
557 		}
558 
559 		minor = vt_find_next(vc_active_console);
560 		break;
561 	case 'H':
562 		/* find out the specified vt */
563 		minor = VT_MSG_VTNO(mp);
564 
565 		/* check for system console, Alt + F1 */
566 		if (minor == 1)
567 			minor = 0;
568 		break;
569 	case 'L':
570 		/* find out the last vt */
571 		if ((minor = vc_last_console) == VT_MINOR_INVALID)
572 			return (1);
573 		break;
574 	default:
575 		return (1);
576 	}
577 
578 	if (!vt_validate_hotkeys(minor))
579 		return (1);
580 
581 	/*
582 	 * for system console, the argument of vtno for
583 	 * vt_activate is 1, though its minor is 0
584 	 */
585 	if (minor == 0)
586 		vtno = 1;	/* for system console */
587 	else
588 		vtno = minor;
589 
590 	vt_trigger_hotkeys(vtno);
591 	return (1);
592 }
593 
594 static void
595 vt_proc_sendsig(pid_t pid, int sig)
596 {
597 	register proc_t *p;
598 
599 	if (pid <= 0)
600 		return;
601 
602 	mutex_enter(&pidlock);
603 	if ((p = prfind(pid)) == NULL || p->p_stat == SIDL) {
604 		mutex_exit(&pidlock);
605 		return;
606 	}
607 
608 	psignal(p, sig);
609 	mutex_exit(&pidlock);
610 }
611 
612 static int
613 vt_proc_exists(pid_t pid)
614 {
615 	register proc_t *p;
616 
617 	if (pid <= 0)
618 		return (EINVAL);
619 
620 	mutex_enter(&pidlock);
621 	if ((p = prfind(pid)) == NULL || p->p_stat == SIDL) {
622 		mutex_exit(&pidlock);
623 		return (ESRCH);
624 	}
625 	mutex_exit(&pidlock);
626 
627 	return (0);
628 }
629 
630 #define	SIG_VALID(x)	(((x) > 0) && ((x) < _SIGRTMAX) && \
631 			((x) != SIGKILL) && ((x) != SIGSTOP))
632 
633 static int
634 vt_setmode(vc_state_t *pvc, struct vt_mode *pmode)
635 {
636 	if ((pmode->mode != VT_PROCESS) && (pmode->mode != VT_AUTO))
637 		return (EINVAL);
638 
639 	if (!SIG_VALID(pmode->relsig) || !SIG_VALID(pmode->acqsig))
640 		return (EINVAL);
641 
642 	if (pmode->mode == VT_PROCESS) {
643 		pvc->vc_pid = curproc->p_pid;
644 	} else {
645 		pvc->vc_dispnum = 0;
646 		pvc->vc_login = 0;
647 	}
648 
649 	pvc->vc_switch_mode = pmode->mode;
650 	pvc->vc_waitv = pmode->waitv;
651 	pvc->vc_relsig = pmode->relsig;
652 	pvc->vc_acqsig = pmode->acqsig;
653 
654 	return (0);
655 }
656 
657 static void
658 vt_reset(vc_state_t *pvc)
659 {
660 	pvc->vc_switch_mode = VT_AUTO;
661 	pvc->vc_pid = -1;
662 	pvc->vc_dispnum = 0;
663 	pvc->vc_login = 0;
664 	pvc->vc_switchto = VT_MINOR_INVALID;
665 }
666 
667 /*
668  * switch to vt_no from vc_active_console
669  */
670 static void
671 vt_switch(uint_t vt_no, cred_t *credp)
672 {
673 	vc_state_t *pvc_active = vt_minor2vc(vc_active_console);
674 	vc_state_t *pvc = vt_minor2vc(vt_no);
675 	minor_t index;
676 
677 	ASSERT(pvc_active && pvc);
678 
679 	mutex_enter(&vc_lock);
680 
681 	tem_switch(pvc_active->vc_tem, pvc->vc_tem, credp);
682 
683 	if (!VT_IS_DAEMON(vc_active_console))
684 		vc_last_console = vc_active_console;
685 	else
686 		vc_last_console = vt_arg2minor(vc_target_console);
687 
688 	vc_active_console = pvc->vc_minor;
689 
690 	if (pvc->vc_switch_mode == VT_PROCESS) {
691 		pvc->vc_switchto = pvc->vc_minor;
692 
693 		/* send it an acquired signal */
694 		vt_proc_sendsig(pvc->vc_pid, pvc->vc_acqsig);
695 	}
696 
697 	vc_waitactive_reply(vc_active_console, B_FALSE);
698 
699 	mutex_exit(&vc_lock);
700 
701 	if (!VT_IS_DAEMON(vt_no)) {
702 		/*
703 		 * Applications that open the virtual console device may request
704 		 * asynchronous notification of VT switching from a previous VT
705 		 * to another one by setting the S_MSG flag in an I_SETSIG
706 		 * STREAMS ioctl. Such processes receive a SIGPOLL signal when
707 		 * a VT switching succeeds.
708 		 */
709 		for (index = 0; index < VC_INSTANCES_COUNT; index++) {
710 			vc_state_t *tmp_pvc = vt_minor2vc(index);
711 			mblk_t *mp;
712 
713 			if ((tmp_pvc->vc_flags & WCS_ISOPEN) &&
714 			    (tmp_pvc->vc_flags & WCS_INIT) &&
715 			    (mp = allocb(sizeof (unsigned char), BPRI_HI))) {
716 				mp->b_datap->db_type = M_PCSIG;
717 				*mp->b_wptr = SIGPOLL;
718 				mp->b_wptr += sizeof (unsigned char);
719 				putnext(RD(tmp_pvc->vc_wq), mp);
720 			}
721 		}
722 	}
723 
724 }
725 
726 /*
727  * vt_no	from 0 to n
728  *
729  * 0	for the vtdaemon sepcial console (only vtdaemon will use it)
730  * 1    for the system console (Alt + F1, or Alt + Ctrl + F1),
731  *      aka Virtual Console #1
732  *
733  * 2    for Virtual Console #2
734  * n    for Virtual Console #n
735  */
736 static minor_t
737 vt_arg2minor(uint_t arg)
738 {
739 	if (arg == 0)
740 		return (1);
741 
742 	if (arg == 1)
743 		return (0);
744 
745 	return (arg);
746 }
747 
748 static uint_t
749 vt_minor2arg(minor_t minor)
750 {
751 	if (minor == 0)
752 		return (1);
753 
754 	if (VT_IS_DAEMON(minor)) {
755 		/* here it should be the real console */
756 		return (vc_target_console);
757 	}
758 
759 	return (minor);
760 }
761 
762 static int
763 vt_activate(uint_t vt_no, cred_t *credp)
764 {
765 	vc_state_t *pvc;
766 	minor_t minor;
767 
768 	minor = vt_arg2minor(vt_no);
769 	if (!vt_minor_valid(minor))
770 		return (ENXIO);
771 	if (minor == vc_active_console) {
772 		if (VT_IS_DAEMON(minor)) {
773 			/*
774 			 * vtdaemon is reactivating itself to do locking
775 			 * on behalf of another console, so record current
776 			 * target console as the last console.
777 			 */
778 			vc_last_console = vt_arg2minor(vc_target_console);
779 		}
780 
781 		return (0);
782 	}
783 
784 	/*
785 	 * In tipline case, the system console is redirected to tipline
786 	 * and thus is always available.
787 	 */
788 	if (minor == 0 && consconfig_console_is_tipline())
789 		return (0);
790 
791 	if (!VT_IS_INUSE(minor))
792 		return (ENXIO);
793 
794 	pvc = vt_minor2vc(minor);
795 	if (pvc == NULL)
796 		return (ENXIO);
797 	if (pvc->vc_tem == NULL)
798 		return (ENXIO);
799 
800 	pvc = vt_minor2vc(vc_active_console);
801 	if (pvc == NULL)
802 		return (ENXIO);
803 	if (pvc->vc_switch_mode != VT_PROCESS) {
804 		vt_switch(minor, credp);
805 		return (0);
806 	}
807 
808 	/*
809 	 * Validate the process, reset the
810 	 * vt to auto mode if failed.
811 	 */
812 	if (pvc->vc_pid == -1 || vt_proc_exists(pvc->vc_pid) != 0) {
813 		/*
814 		 * Xserver has not started up yet,
815 		 * or it dose not exist.
816 		 */
817 		vt_reset(pvc);
818 		return (0);
819 	}
820 
821 	/*
822 	 * Send the release signal to the process,
823 	 * and wait VT_RELDISP ioctl from Xserver
824 	 * after its leaving VT.
825 	 */
826 	vt_proc_sendsig(pvc->vc_pid, pvc->vc_relsig);
827 	pvc->vc_switchto = minor;
828 
829 	/*
830 	 * We don't need a timeout here, for if Xserver refuses
831 	 * or fails to respond to release signal using VT_RELDISP,
832 	 * we cannot successfully switch to our text mode. Actually
833 	 * users can try again. At present we don't support force
834 	 * switch.
835 	 */
836 	return (0);
837 }
838 
839 static int
840 vt_reldisp(vc_state_t *pvc, int arg, cred_t *credp)
841 {
842 	minor_t target_vtno = pvc->vc_switchto;
843 
844 	if ((pvc->vc_switch_mode != VT_PROCESS) ||
845 	    (pvc->vc_minor != vc_active_console))
846 		return (EACCES);
847 
848 	if (target_vtno == VT_MINOR_INVALID)
849 		return (EINVAL);
850 
851 	pvc->vc_switchto = VT_MINOR_INVALID;
852 
853 	if (arg == VT_ACKACQ)
854 		return (0);
855 
856 	if (arg == 0)
857 		return (0); /* refuse to release */
858 
859 	/* Xserver has left VT */
860 	vt_switch(target_vtno, credp);
861 	return (0);
862 }
863 
864 void
865 vt_ioctl(queue_t *q, mblk_t *mp)
866 {
867 	vc_state_t *pvc = (vc_state_t *)q->q_ptr;
868 	struct iocblk	*iocp;
869 	struct vt_mode vtmode;
870 	struct vt_stat vtinfo;
871 	struct vt_dispinfo vtdisp;
872 	mblk_t *tmp;
873 	int minor;
874 	int arg;
875 	int error = 0;
876 	vc_waitactive_msg_t *wait_msg;
877 
878 	iocp = (struct iocblk *)(void *)mp->b_rptr;
879 	if (consmode != CONS_KFB && iocp->ioc_cmd != VT_ENABLED) {
880 		vt_iocnak(q, mp, EINVAL);
881 		return;
882 	}
883 
884 	switch (iocp->ioc_cmd) {
885 	case VT_ENABLED:
886 		if (!(tmp = allocb(sizeof (int), BPRI_MED))) {
887 			error = ENOMEM;
888 			break;
889 		}
890 		*(int *)(void *)tmp->b_rptr = consmode;
891 		tmp->b_wptr += sizeof (int);
892 		vt_copyout(q, mp, tmp, sizeof (int));
893 		return;
894 
895 	case KDSETMODE:
896 		arg = *(intptr_t *)(void *)mp->b_cont->b_rptr;
897 		if (arg != KD_TEXT && arg != KD_GRAPHICS) {
898 			error = EINVAL;
899 			break;
900 		}
901 		if (tem_get_fbmode(pvc->vc_tem) == arg)
902 			break;
903 
904 		tem_set_fbmode(pvc->vc_tem, (uchar_t)arg, iocp->ioc_cr);
905 
906 		break;
907 
908 	case KDGETMODE:
909 		if (!(tmp = allocb(sizeof (int), BPRI_MED))) {
910 			error = ENOMEM;
911 			break;
912 		}
913 		*(int *)(void *)tmp->b_rptr = tem_get_fbmode(pvc->vc_tem);
914 		tmp->b_wptr += sizeof (int);
915 		vt_copyout(q, mp, tmp, sizeof (int));
916 		return;
917 
918 	case VT_OPENQRY: /* return number of first free VT */
919 		if (!(tmp = allocb(sizeof (int), BPRI_MED))) {
920 			error = ENOMEM;
921 			break;
922 		}
923 
924 		/* minors of 0 and 1 are not available to end users */
925 		for (minor = 2; vt_minor_valid(minor); minor++)
926 			if (!VT_IS_INUSE(minor))
927 				break;
928 
929 		if (!vt_minor_valid(minor))
930 			minor = -1;
931 		*(int *)(void *)tmp->b_rptr = minor; /* /dev/vt/minor */
932 		tmp->b_wptr += sizeof (int);
933 		vt_copyout(q, mp, tmp, sizeof (int));
934 		return;
935 
936 	case VT_GETMODE:
937 		vtmode.mode = pvc->vc_switch_mode;
938 		vtmode.waitv = pvc->vc_waitv;
939 		vtmode.relsig = pvc->vc_relsig;
940 		vtmode.acqsig = pvc->vc_acqsig;
941 		vtmode.frsig = 0;
942 		if (!(tmp = allocb(sizeof (struct vt_mode), BPRI_MED))) {
943 			error = ENOMEM;
944 			break;
945 		}
946 		*(struct vt_mode *)(void *)tmp->b_rptr = vtmode;
947 		tmp->b_wptr += sizeof (struct vt_mode);
948 		vt_copyout(q, mp, tmp, sizeof (struct vt_mode));
949 		return;
950 
951 	case VT_SETMODE:
952 		vt_copyin(q, mp, sizeof (struct vt_mode));
953 		return;
954 
955 	case VT_SETDISPINFO:
956 		/* always enforce sys_devices privilege for setdispinfo */
957 		if ((error = secpolicy_console(iocp->ioc_cr)) != 0)
958 			break;
959 
960 		pvc->vc_dispnum = *(intptr_t *)(void *)mp->b_cont->b_rptr;
961 		break;
962 
963 	case VT_SETDISPLOGIN:
964 		pvc->vc_login = *(intptr_t *)(void *)mp->b_cont->b_rptr;
965 		break;
966 
967 	case VT_GETDISPINFO:
968 		vtdisp.v_pid = pvc->vc_pid;
969 		vtdisp.v_dispnum = pvc->vc_dispnum;
970 		vtdisp.v_login = pvc->vc_login;
971 		if (!(tmp = allocb(sizeof (struct vt_dispinfo), BPRI_MED))) {
972 			error = ENOMEM;
973 			break;
974 		}
975 		*(struct vt_dispinfo *)(void *)tmp->b_rptr = vtdisp;
976 		tmp->b_wptr += sizeof (struct vt_dispinfo);
977 		vt_copyout(q, mp, tmp, sizeof (struct vt_dispinfo));
978 		return;
979 
980 	case VT_RELDISP:
981 		arg = *(intptr_t *)(void *)mp->b_cont->b_rptr;
982 		error = vt_reldisp(pvc, arg, iocp->ioc_cr);
983 		break;
984 
985 	case VT_CONFIG:
986 		/* always enforce sys_devices privilege for config */
987 		if ((error = secpolicy_console(iocp->ioc_cr)) != 0)
988 			break;
989 
990 		arg = *(intptr_t *)(void *)mp->b_cont->b_rptr;
991 		error = vt_config(arg);
992 		break;
993 
994 	case VT_ACTIVATE:
995 		/* always enforce sys_devices privilege for secure switch */
996 		if ((error = secpolicy_console(iocp->ioc_cr)) != 0)
997 			break;
998 
999 		arg = *(intptr_t *)(void *)mp->b_cont->b_rptr;
1000 		error = vt_activate(arg, iocp->ioc_cr);
1001 		break;
1002 
1003 	case VT_WAITACTIVE:
1004 		arg = *(intptr_t *)(void *)mp->b_cont->b_rptr;
1005 		arg = vt_arg2minor(arg);
1006 		if (!vt_minor_valid(arg)) {
1007 			error = ENXIO;
1008 			break;
1009 		}
1010 		if (arg == vc_active_console)
1011 			break;
1012 
1013 		wait_msg = kmem_zalloc(sizeof (vc_waitactive_msg_t),
1014 		    KM_NOSLEEP);
1015 		if (wait_msg == NULL) {
1016 			error = ENXIO;
1017 			break;
1018 		}
1019 
1020 		wait_msg->wa_mp = mp;
1021 		wait_msg->wa_msg_minor = pvc->vc_minor;
1022 		wait_msg->wa_wait_minor = arg;
1023 		list_insert_head(&vc_waitactive_list, wait_msg);
1024 
1025 		return;
1026 
1027 	case VT_GETSTATE:
1028 		/*
1029 		 * Here v_active is the argument for vt_activate,
1030 		 * not minor.
1031 		 */
1032 		vtinfo.v_active = vt_minor2arg(vc_active_console);
1033 		vtinfo.v_state = 3;	/* system console and vtdaemon */
1034 
1035 		/* we only support 16 vt states since the v_state is short */
1036 		for (minor = 2; minor < 16; minor++) {
1037 			pvc = vt_minor2vc(minor);
1038 			if (pvc == NULL)
1039 				break;
1040 			if (VT_IS_INUSE(minor))
1041 				vtinfo.v_state |= (1 << pvc->vc_minor);
1042 		}
1043 
1044 		if (!(tmp = allocb(sizeof (struct vt_stat), BPRI_MED))) {
1045 			error = ENOMEM;
1046 			break;
1047 		}
1048 		*(struct vt_stat *)(void *)tmp->b_rptr = vtinfo;
1049 		tmp->b_wptr += sizeof (struct vt_stat);
1050 		vt_copyout(q, mp, tmp, sizeof (struct vt_stat));
1051 		return;
1052 
1053 	case VT_SET_TARGET:
1054 		/* always enforce sys_devices privilege */
1055 		if ((error = secpolicy_console(iocp->ioc_cr)) != 0)
1056 			break;
1057 
1058 		arg = *(intptr_t *)(void *)mp->b_cont->b_rptr;
1059 
1060 		/* vtdaemon is doing authentication for this target console */
1061 		vc_target_console = arg;
1062 		break;
1063 
1064 	case VT_GETACTIVE:	/* get real active console (minor) */
1065 		if (!(tmp = allocb(sizeof (int), BPRI_MED))) {
1066 			error = ENOMEM;
1067 			break;
1068 		}
1069 		*(int *)(void *)tmp->b_rptr = vc_active_console;
1070 		tmp->b_wptr += sizeof (int);
1071 		vt_copyout(q, mp, tmp, sizeof (int));
1072 		return;
1073 
1074 	default:
1075 		error = ENXIO;
1076 		break;
1077 	}
1078 
1079 	if (error != 0)
1080 		vt_iocnak(q, mp, error);
1081 	else
1082 		vt_iocack(q, mp);
1083 }
1084 
1085 void
1086 vt_miocdata(queue_t *qp, mblk_t *mp)
1087 {
1088 	vc_state_t *pvc = (vc_state_t *)qp->q_ptr;
1089 	struct copyresp *copyresp;
1090 	struct vt_mode *pmode;
1091 	int error = 0;
1092 
1093 	copyresp = (struct copyresp *)(void *)mp->b_rptr;
1094 	if (copyresp->cp_rval) {
1095 		vt_iocnak(qp, mp, EAGAIN);
1096 		return;
1097 	}
1098 
1099 	switch (copyresp->cp_cmd) {
1100 	case VT_SETMODE:
1101 		pmode = (struct vt_mode *)(void *)mp->b_cont->b_rptr;
1102 		error = vt_setmode(pvc, pmode);
1103 		break;
1104 
1105 	case KDGETMODE:
1106 	case VT_OPENQRY:
1107 	case VT_GETMODE:
1108 	case VT_GETDISPINFO:
1109 	case VT_GETSTATE:
1110 	case VT_ENABLED:
1111 	case VT_GETACTIVE:
1112 		break;
1113 
1114 	default:
1115 		error = ENXIO;
1116 		break;
1117 	}
1118 
1119 	if (error != 0)
1120 		vt_iocnak(qp, mp, error);
1121 	else
1122 		vt_iocack(qp, mp);
1123 }
1124 
1125 static void
1126 vt_iocack(queue_t *qp, mblk_t *mp)
1127 {
1128 	struct iocblk	*iocbp = (struct iocblk *)(void *)mp->b_rptr;
1129 
1130 	mp->b_datap->db_type = M_IOCACK;
1131 	mp->b_wptr = mp->b_rptr + sizeof (struct iocblk);
1132 	iocbp->ioc_error = 0;
1133 	iocbp->ioc_count = 0;
1134 	iocbp->ioc_rval = 0;
1135 	if (mp->b_cont != NULL) {
1136 		freemsg(mp->b_cont);
1137 		mp->b_cont = NULL;
1138 	}
1139 	qreply(qp, mp);
1140 }
1141 
1142 static void
1143 vt_iocnak(queue_t *qp, mblk_t *mp, int error)
1144 {
1145 	struct iocblk *iocp = (struct iocblk *)(void *)mp->b_rptr;
1146 
1147 	mp->b_datap->db_type = M_IOCNAK;
1148 	iocp->ioc_rval = 0;
1149 	iocp->ioc_count = 0;
1150 	iocp->ioc_error = error;
1151 	if (mp->b_cont != NULL) {
1152 		freemsg(mp->b_cont);
1153 		mp->b_cont = NULL;
1154 	}
1155 	qreply(qp, mp);
1156 }
1157 
1158 static void
1159 vt_copyin(queue_t *qp, mblk_t *mp, uint_t size)
1160 {
1161 	struct copyreq  *cqp;
1162 
1163 	cqp = (struct copyreq *)(void *)mp->b_rptr;
1164 	cqp->cq_addr = *((caddr_t *)(void *)mp->b_cont->b_rptr);
1165 	cqp->cq_size = size;
1166 	cqp->cq_flag = 0;
1167 	cqp->cq_private = (mblk_t *)NULL;
1168 	mp->b_wptr = mp->b_rptr + sizeof (struct copyreq);
1169 	mp->b_datap->db_type = M_COPYIN;
1170 	if (mp->b_cont)
1171 		freemsg(mp->b_cont);
1172 	mp->b_cont = (mblk_t *)NULL;
1173 	qreply(qp, mp);
1174 }
1175 
1176 static void
1177 vt_copyout(queue_t *qp, mblk_t *mp, mblk_t *tmp, uint_t size)
1178 {
1179 	struct copyreq  *cqp;
1180 
1181 	cqp = (struct copyreq *)(void *)mp->b_rptr;
1182 	cqp->cq_size = size;
1183 	cqp->cq_addr = *((caddr_t *)(void *)mp->b_cont->b_rptr);
1184 	cqp->cq_flag = 0;
1185 	cqp->cq_private = (mblk_t *)NULL;
1186 	mp->b_wptr = mp->b_rptr + sizeof (struct copyreq);
1187 	mp->b_datap->db_type = M_COPYOUT;
1188 	if (mp->b_cont)
1189 		freemsg(mp->b_cont);
1190 	mp->b_cont = tmp;
1191 	qreply(qp, mp);
1192 }
1193 
1194 /*
1195  * Get vc state from minor.
1196  * Once a caller gets a vc_state_t from this function,
1197  * the vc_state_t is guaranteed not being freed before
1198  * the caller leaves this STREAMS module by the D_MTPERMOD
1199  * perimeter.
1200  */
1201 vc_state_t *
1202 vt_minor2vc(minor_t minor)
1203 {
1204 	avl_index_t where;
1205 	vc_state_t target;
1206 
1207 	if (minor != VT_ACTIVE) {
1208 		target.vc_minor = minor;
1209 		return (avl_find(&vc_avl_root, &target, &where));
1210 	}
1211 
1212 	if (vc_active_console == VT_MINOR_INVALID)
1213 		target.vc_minor = 0;
1214 	else
1215 		target.vc_minor = vc_active_console;
1216 
1217 	return (avl_find(&vc_avl_root, &target, &where));
1218 }
1219 
1220 static void
1221 vt_state_init(vc_state_t *vcptr, minor_t minor)
1222 {
1223 	mutex_init(&vcptr->vc_state_lock, NULL, MUTEX_DRIVER, NULL);
1224 
1225 	mutex_enter(&vcptr->vc_state_lock);
1226 	vcptr->vc_flags = 0;
1227 	mutex_exit(&vcptr->vc_state_lock);
1228 
1229 	vcptr->vc_pid = -1;
1230 	vcptr->vc_dispnum = 0;
1231 	vcptr->vc_login = 0;
1232 	vcptr->vc_switchto = VT_MINOR_INVALID;
1233 	vcptr->vc_switch_mode = VT_AUTO;
1234 	vcptr->vc_relsig = SIGUSR1;
1235 	vcptr->vc_acqsig = SIGUSR1;
1236 	vcptr->vc_tem = NULL;
1237 	vcptr->vc_bufcallid = 0;
1238 	vcptr->vc_timeoutid = 0;
1239 	vcptr->vc_wq = NULL;
1240 	vcptr->vc_minor = minor;
1241 }
1242 
1243 void
1244 vt_resize(uint_t count)
1245 {
1246 	uint_t vc_num, i;
1247 
1248 	ASSERT(MUTEX_HELD(&vc_lock));
1249 
1250 	vc_num = VC_INSTANCES_COUNT;
1251 
1252 	if (count == vc_num)
1253 		return;
1254 
1255 	if (count > vc_num) {
1256 		for (i = vc_num; i < count; i++) {
1257 			vc_state_t *vcptr = kmem_zalloc(sizeof (vc_state_t),
1258 			    KM_SLEEP);
1259 			vt_state_init(vcptr, i);
1260 			avl_add(&vc_avl_root, vcptr);
1261 		}
1262 		return;
1263 	}
1264 
1265 	for (i = vc_num; i > count; i--) {
1266 		avl_index_t where;
1267 		vc_state_t target, *found;
1268 
1269 		target.vc_minor = i - 1;
1270 		found = avl_find(&vc_avl_root, &target, &where);
1271 		ASSERT(found != NULL && found->vc_flags == 0);
1272 		avl_remove(&vc_avl_root, found);
1273 		kmem_free(found, sizeof (vc_state_t));
1274 	}
1275 }
1276 
1277 static int
1278 vc_avl_compare(const void *first, const void *second)
1279 {
1280 	const vc_state_t *vcptr1 = first;
1281 	const vc_state_t *vcptr2 = second;
1282 
1283 	if (vcptr1->vc_minor < vcptr2->vc_minor)
1284 		return (-1);
1285 
1286 	if (vcptr1->vc_minor == vcptr2->vc_minor)
1287 		return (0);
1288 
1289 	return (1);
1290 }
1291 
1292 /*
1293  * Only called from wc init().
1294  */
1295 void
1296 vt_init(void)
1297 {
1298 #ifdef	__lock_lint
1299 	ASSERT(NO_COMPETING_THREADS);
1300 #endif
1301 
1302 	avl_create(&vc_avl_root, vc_avl_compare, sizeof (vc_state_t),
1303 	    offsetof(vc_state_t, vc_avl_node));
1304 
1305 	list_create(&vc_waitactive_list, sizeof (vc_waitactive_msg_t),
1306 	    offsetof(vc_waitactive_msg_t, wa_list_node));
1307 
1308 	mutex_init(&vc_lock, NULL, MUTEX_DRIVER, NULL);
1309 	mutex_init(&vt_pending_vtno_lock, NULL, MUTEX_DRIVER, NULL);
1310 }
1311