xref: /titanic_52/usr/src/uts/common/io/vcons.c (revision 30e01c537fd78d139ff463ccb3ef064e7190f9a8)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #include <sys/types.h>
28 #include <sys/param.h>
29 #include <sys/signal.h>
30 #include <sys/cred.h>
31 #include <sys/vnode.h>
32 #include <sys/termios.h>
33 #include <sys/termio.h>
34 #include <sys/ttold.h>
35 #include <sys/stropts.h>
36 #include <sys/stream.h>
37 #include <sys/strsun.h>
38 #include <sys/tty.h>
39 #include <sys/buf.h>
40 #include <sys/uio.h>
41 #include <sys/stat.h>
42 #include <sys/sysmacros.h>
43 #include <sys/errno.h>
44 #include <sys/proc.h>
45 #include <sys/procset.h>
46 #include <sys/fault.h>
47 #include <sys/siginfo.h>
48 #include <sys/debug.h>
49 #include <sys/kd.h>
50 #include <sys/vt.h>
51 #include <sys/vtdaemon.h>
52 #include <sys/session.h>
53 #include <sys/door.h>
54 #include <sys/kmem.h>
55 #include <sys/cpuvar.h>
56 #include <sys/kbio.h>
57 #include <sys/strredir.h>
58 #include <sys/fs/snode.h>
59 #include <sys/consdev.h>
60 #include <sys/conf.h>
61 #include <sys/cmn_err.h>
62 #include <sys/console.h>
63 #include <sys/promif.h>
64 #include <sys/note.h>
65 #include <sys/polled_io.h>
66 #include <sys/systm.h>
67 #include <sys/ddi.h>
68 #include <sys/sunddi.h>
69 #include <sys/sunndi.h>
70 #include <sys/esunddi.h>
71 #include <sys/sunldi.h>
72 #include <sys/debug.h>
73 #include <sys/console.h>
74 #include <sys/ddi_impldefs.h>
75 #include <sys/policy.h>
76 #include <sys/tem.h>
77 #include <sys/wscons.h>
78 #include <sys/systm.h>
79 #include <sys/modctl.h>
80 #include <sys/vt_impl.h>
81 #include <sys/consconfig_dacf.h>
82 
83 /*
84  * This file belongs to wc STREAMS module which has a D_MTPERMODE
85  * inner perimeter. See "Locking Policy" comment in wscons.c for
86  * more information.
87  */
88 
89 /*
90  * Minor	name		device file		Hotkeys
91  *
92  * 0	the system console	/dev/console		Alt + F1
93  * 0:	virtual console #1	/dev/vt/0		Alt + F1
94  *
95  * 2:   virtual console #2	/dev/vt/2		Alt + F2
96  * 3:	virtual console #3	/dev/vt/3		Alt + F3
97  * ......
98  * n:	virtual console #n	/dev/vt/n		Alt + Fn
99  *
100  * Note that vtdaemon is running on /dev/vt/1 (minor=1),
101  * which is not available to end users.
102  *
103  */
104 
105 #define	VT_DAEMON_MINOR	1
106 #define	VT_IS_DAEMON(minor)	((minor) == VT_DAEMON_MINOR)
107 
108 extern void	wc_get_size(vc_state_t *pvc);
109 extern boolean_t consconfig_console_is_tipline(void);
110 
111 
112 minor_t vc_last_console = VT_MINOR_INVALID;	/* the last used console */
113 volatile uint_t	vc_target_console;		/* arg (1..n) */
114 
115 static volatile minor_t vc_inuse_max_minor = 0;
116 static list_t vc_waitactive_list;
117 _NOTE(SCHEME_PROTECTS_DATA("D_MTPERMOD protected data", vc_target_console))
118 _NOTE(SCHEME_PROTECTS_DATA("D_MTPERMOD protected data", vc_last_console))
119 _NOTE(SCHEME_PROTECTS_DATA("D_MTPERMOD protected data", vc_inuse_max_minor))
120 _NOTE(SCHEME_PROTECTS_DATA("D_MTPERMOD protected data", vc_waitactive_list))
121 
122 static int vt_pending_vtno = -1;
123 kmutex_t vt_pending_vtno_lock;
124 _NOTE(MUTEX_PROTECTS_DATA(vt_pending_vtno_lock, vt_pending_vtno))
125 
126 static int vt_activate(uint_t vt_no, cred_t *credp);
127 static void vt_copyout(queue_t *qp, mblk_t *mp, mblk_t *tmp, uint_t size);
128 static void vt_copyin(queue_t *qp, mblk_t *mp, uint_t size);
129 static void vt_iocnak(queue_t *qp, mblk_t *mp, int error);
130 static void vt_iocack(queue_t *qp, mblk_t *mp);
131 
132 static uint_t vt_minor2arg(minor_t minor);
133 static minor_t vt_arg2minor(uint_t arg);
134 
135 /*
136  * If the system console is directed to tipline, consider /dev/vt/0 as
137  * not being used.
138  * For other VT, if it is opened and tty is initialized, consider it
139  * as being used.
140  */
141 #define	VT_IS_INUSE(id)						\
142 	(((vt_minor2vc(id))->vc_flags & WCS_ISOPEN) &&		\
143 	((vt_minor2vc(id))->vc_flags & WCS_INIT) &&		\
144 	(id != 0 || !consconfig_console_is_tipline()))
145 
146 /*
147  * the vt switching message is encoded as:
148  *
149  *   -------------------------------------------------------------
150  *   |  \033  |  'Q'  |  vtno + 'A'  |  opcode  |  'z'  |  '\0'  |
151  *   -------------------------------------------------------------
152  */
153 #define	VT_MSG_SWITCH(mp)					\
154 	((int)((mp)->b_wptr - (mp)->b_rptr) >= 5 &&		\
155 	*((mp)->b_rptr) == '\033' &&				\
156 	*((mp)->b_rptr + 1) == 'Q' &&				\
157 	*((mp)->b_rptr + 4) == 'z')
158 
159 #define	VT_MSG_VTNO(mp)		(*((mp)->b_rptr + 2) - 'A')
160 #define	VT_MSG_OPCODE(mp)	(*((mp)->b_rptr + 3))
161 
162 #define	VT_DOORCALL_MAX_RETRY	3
163 
164 static void
165 vt_init_ttycommon(tty_common_t *pcommon)
166 {
167 	struct termios *termiosp;
168 	int len;
169 
170 	mutex_init(&pcommon->t_excl, NULL, MUTEX_DEFAULT, NULL);
171 	pcommon->t_iflag = 0;
172 
173 	/*
174 	 * Get the default termios settings (cflag).
175 	 * These are stored as a property in the
176 	 * "options" node.
177 	 */
178 	if (ddi_getlongprop(DDI_DEV_T_ANY,
179 	    ddi_root_node(), 0, "ttymodes",
180 	    (caddr_t)&termiosp, &len) == DDI_PROP_SUCCESS) {
181 
182 		if (len == sizeof (struct termios))
183 			pcommon->t_cflag = termiosp->c_cflag;
184 		else
185 			cmn_err(CE_WARN,
186 			    "wc: Couldn't get ttymodes property!");
187 
188 		kmem_free(termiosp, len);
189 	} else {
190 		/*
191 		 * Gack!  Whine about it.
192 		 */
193 		cmn_err(CE_WARN,
194 		    "wc: Couldn't get ttymodes property!");
195 	}
196 
197 	pcommon->t_iocpending = NULL;
198 }
199 
200 static int
201 vt_config(uint_t count)
202 {
203 	if (consmode != CONS_KFB)
204 		return (ENOTSUP);
205 
206 	/* one for system console, one for vtdaemon */
207 	if (count < 2)
208 		return (ENXIO);
209 
210 	/*
211 	 * Shouldn't allow to shrink the max vt minor to be smaller than
212 	 * the max in used minor.
213 	 */
214 	if (count <= vc_inuse_max_minor)
215 		return (EBUSY);
216 
217 	mutex_enter(&vc_lock);
218 	vt_resize(count);
219 	mutex_exit(&vc_lock);
220 
221 	return (0);
222 }
223 
224 void
225 vt_clean(queue_t *q, vc_state_t *pvc)
226 {
227 	ASSERT(MUTEX_HELD(&pvc->vc_state_lock));
228 
229 	if (pvc->vc_bufcallid != 0) {
230 		qunbufcall(q, pvc->vc_bufcallid);
231 		pvc->vc_bufcallid = 0;
232 	}
233 	if (pvc->vc_timeoutid != 0) {
234 		(void) quntimeout(q, pvc->vc_timeoutid);
235 		pvc->vc_timeoutid = 0;
236 	}
237 	ttycommon_close(&pvc->vc_ttycommon);
238 
239 	pvc->vc_flags &= ~WCS_INIT;
240 }
241 
242 /*
243  * Reply the VT_WAITACTIVE ioctl.
244  * Argument 'close' usage:
245  * B_TRUE:  the vt designated by argument 'minor' is being closed.
246  * B_FALSE: the vt designated by argument 'minor' has been activated just now.
247  */
248 static void
249 vc_waitactive_reply(int minor, boolean_t close)
250 {
251 	vc_waitactive_msg_t *index, *tmp;
252 	vc_state_t *pvc;
253 
254 	index = list_head(&vc_waitactive_list);
255 
256 	while (index != NULL) {
257 		tmp = index;
258 		index = list_next(&vc_waitactive_list, index);
259 
260 		if ((close && tmp->wa_msg_minor == minor) ||
261 		    (!close && tmp->wa_wait_minor == minor)) {
262 			list_remove(&vc_waitactive_list, tmp);
263 			pvc = vt_minor2vc(tmp->wa_msg_minor);
264 
265 			if (close)
266 				vt_iocnak(pvc->vc_wq, tmp->wa_mp, ENXIO);
267 			else
268 				vt_iocack(pvc->vc_wq, tmp->wa_mp);
269 
270 			kmem_free(tmp, sizeof (vc_waitactive_msg_t));
271 		}
272 	}
273 }
274 
275 void
276 vt_close(queue_t *q, vc_state_t *pvc, cred_t *credp)
277 {
278 	minor_t index;
279 
280 	mutex_enter(&pvc->vc_state_lock);
281 	vt_clean(q, pvc);
282 	pvc->vc_flags &= ~WCS_ISOPEN;
283 	mutex_exit(&pvc->vc_state_lock);
284 
285 	tem_destroy(pvc->vc_tem, credp);
286 	pvc->vc_tem = NULL;
287 
288 	index = pvc->vc_minor;
289 	if (index == vc_inuse_max_minor) {
290 		while ((--index > 0) && !VT_IS_INUSE(index))
291 			;
292 		vc_inuse_max_minor = index;
293 	}
294 
295 	vc_waitactive_reply(pvc->vc_minor, B_TRUE);
296 }
297 
298 static void
299 vt_init_tty(vc_state_t *pvc)
300 {
301 	ASSERT(MUTEX_HELD(&pvc->vc_state_lock));
302 
303 	pvc->vc_flags |= WCS_INIT;
304 	vt_init_ttycommon(&pvc->vc_ttycommon);
305 	wc_get_size(pvc);
306 }
307 
308 /*
309  * minor 0:	/dev/vt/0	(index = 0, indicating the system console)
310  * minor 1:	/dev/vt/1	(index = 1, vtdaemon special console)
311  * minor 2:	/dev/vt/2	(index = 2, virtual consoles)
312  * ......
313  * minor n:	/dev/vt/n	(index = n)
314  *
315  *
316  * The system console (minor 0), is opened firstly and used during console
317  * configuration.  It also acts as the system hard console even when all
318  * virtual consoles go off.
319  *
320  * In tipline case, minor 0 (/dev/vt/0) is reserved, and cannot be switched to.
321  * And the system console is redirected to the tipline. During normal cases,
322  * we can switch from virtual consoles to it by pressing 'Alt + F1'.
323  *
324  * minor 1 (/dev/vt/1) is reserved for vtdaemon special console, and it's
325  * not available to end users.
326  *
327  * During early console configuration, consconfig_dacf opens wscons and then
328  * issue a WC_OPEN_FB ioctl to kick off terminal init process. So during
329  * consconfig_dacf first opening of wscons, tems (of type tem_state_t) is
330  * not initialized. We do not initialize the tem_vt_state_t instance returned
331  * by tem_init() for this open, since we do not have enough info to handle
332  * normal terminal operation at this moment. This tem_vt_state_t instance
333  * will get initialized when handling WC_OPEN_FB.
334  */
335 int
336 vt_open(minor_t minor, queue_t *rq, cred_t *crp)
337 {
338 	vc_state_t *pvc;
339 
340 	if (!vt_minor_valid(minor))
341 		return (ENXIO);
342 
343 	pvc = vt_minor2vc(minor);
344 	if (pvc == NULL)
345 		return (ENXIO);
346 
347 	mutex_enter(&vc_lock);
348 	mutex_enter(&pvc->vc_state_lock);
349 
350 	if (!(pvc->vc_flags & WCS_ISOPEN)) {
351 		/*
352 		 * vc_tem might not be intialized if !tems.ts_initialized,
353 		 * and this only happens during console configuration.
354 		 */
355 		pvc->vc_tem = tem_init(crp);
356 	}
357 
358 	if (!(pvc->vc_flags & WCS_INIT))
359 		vt_init_tty(pvc);
360 
361 	/*
362 	 * In normal case, the first screen is the system console;
363 	 * In tipline case, the first screen is the first VT that gets started.
364 	 */
365 	if (vc_active_console == VT_MINOR_INVALID && minor != VT_DAEMON_MINOR)
366 		if (minor == 0 || consmode == CONS_KFB) {
367 			boolean_t unblank = B_FALSE;
368 
369 			vc_active_console = minor;
370 			vc_last_console = minor;
371 			if (minor != 0) {
372 				/*
373 				 * If we are not opening the system console
374 				 * as the first console, clear the phyical
375 				 * screen.
376 				 */
377 				unblank = B_TRUE;
378 			}
379 
380 			tem_activate(pvc->vc_tem, unblank, crp);
381 		}
382 
383 	if ((pvc->vc_ttycommon.t_flags & TS_XCLUDE) &&
384 	    (secpolicy_excl_open(crp) != 0)) {
385 		mutex_exit(&pvc->vc_state_lock);
386 		mutex_exit(&vc_lock);
387 		return (EBUSY);
388 	}
389 
390 	if (minor > vc_inuse_max_minor)
391 		vc_inuse_max_minor = minor;
392 
393 	pvc->vc_flags |= WCS_ISOPEN;
394 	pvc->vc_ttycommon.t_readq = rq;
395 	pvc->vc_ttycommon.t_writeq = WR(rq);
396 
397 	mutex_exit(&pvc->vc_state_lock);
398 	mutex_exit(&vc_lock);
399 
400 	rq->q_ptr = pvc;
401 	WR(rq)->q_ptr = pvc;
402 	pvc->vc_wq = WR(rq);
403 
404 	qprocson(rq);
405 	return (0);
406 }
407 
408 static minor_t
409 vt_find_prev(minor_t cur)
410 {
411 	minor_t i, t, max;
412 
413 	ASSERT(vc_active_console != VT_MINOR_INVALID);
414 
415 	max = VC_INSTANCES_COUNT;
416 
417 	for (i = cur - 1; (t = (i + max) % max) != cur; i--)
418 		if (!VT_IS_DAEMON(t) && VT_IS_INUSE(t))
419 			return (t);
420 
421 	return (VT_MINOR_INVALID);
422 }
423 
424 static minor_t
425 vt_find_next(minor_t cur)
426 {
427 	minor_t i, t, max;
428 
429 	ASSERT(vc_active_console != VT_MINOR_INVALID);
430 
431 	max = VC_INSTANCES_COUNT;
432 
433 	for (i = cur + 1; (t = (i + max) % max) != cur; i++)
434 		if (!VT_IS_DAEMON(t) && VT_IS_INUSE(t))
435 			return (t);
436 
437 	return (VT_MINOR_INVALID);
438 }
439 
440 /* ARGSUSED */
441 void
442 vt_send_hotkeys(void *timeout_arg)
443 {
444 	door_handle_t door;
445 	vt_cmd_arg_t arg;
446 	int error = 0;
447 	int retries = 0;
448 	door_arg_t door_arg;
449 
450 	arg.vt_ev = VT_EV_HOTKEYS;
451 
452 	mutex_enter(&vt_pending_vtno_lock);
453 	arg.vt_num = vt_pending_vtno;
454 	mutex_exit(&vt_pending_vtno_lock);
455 
456 	/* only available in kernel context or user context */
457 	if (door_ki_open(VT_DAEMON_DOOR_FILE, &door) != 0) {
458 		mutex_enter(&vt_pending_vtno_lock);
459 		vt_pending_vtno = -1;
460 		mutex_exit(&vt_pending_vtno_lock);
461 		return;
462 	}
463 
464 	door_arg.rbuf = NULL;
465 	door_arg.rsize = 0;
466 	door_arg.data_ptr = (void *)&arg;
467 	door_arg.data_size = sizeof (arg);
468 	door_arg.desc_ptr = NULL;
469 	door_arg.desc_num = 0;
470 
471 	/*
472 	 * Make door upcall
473 	 */
474 	while ((error = door_ki_upcall(door, &door_arg)) != 0 &&
475 	    retries < VT_DOORCALL_MAX_RETRY)
476 		if (error == EAGAIN || error == EINTR)
477 			retries++;
478 		else
479 			break;
480 
481 	door_ki_rele(door);
482 
483 	mutex_enter(&vt_pending_vtno_lock);
484 	vt_pending_vtno = -1;
485 	mutex_exit(&vt_pending_vtno_lock);
486 }
487 
488 static boolean_t
489 vt_validate_hotkeys(int minor)
490 {
491 	/*
492 	 * minor should not succeed the existing minor numbers range.
493 	 */
494 	if (!vt_minor_valid(minor))
495 		return (B_FALSE);
496 
497 	/*
498 	 * Shouldn't switch to /dev/vt/1 or an unused vt.
499 	 */
500 	if (!VT_IS_DAEMON(minor) && VT_IS_INUSE(minor))
501 		return (B_TRUE);
502 
503 	return (B_FALSE);
504 }
505 
506 static void
507 vt_trigger_hotkeys(int vtno)
508 {
509 	mutex_enter(&vt_pending_vtno_lock);
510 
511 	if (vt_pending_vtno != -1) {
512 		mutex_exit(&vt_pending_vtno_lock);
513 		return;
514 	}
515 
516 	vt_pending_vtno = vtno;
517 	mutex_exit(&vt_pending_vtno_lock);
518 	(void) timeout(vt_send_hotkeys, NULL, 1);
519 }
520 
521 /*
522  * return value:
523  *    0:    non msg of vt hotkeys
524  *    1:    msg of vt hotkeys
525  */
526 int
527 vt_check_hotkeys(mblk_t *mp)
528 {
529 	int vtno = 0;
530 	minor_t minor = 0;
531 
532 	/* LINTED E_PTRDIFF_OVERFLOW */
533 	if (!VT_MSG_SWITCH(mp))
534 		return (0);
535 
536 	switch (VT_MSG_OPCODE(mp)) {
537 	case 'B':
538 		/* find out the previous vt */
539 		if (vc_active_console == VT_MINOR_INVALID)
540 			return (1);
541 
542 		if (VT_IS_DAEMON(vc_active_console)) {
543 			minor = vt_find_prev(vt_arg2minor(vc_target_console));
544 			break;
545 		}
546 
547 		minor = vt_find_prev(vc_active_console);
548 		break;
549 	case 'F':
550 		/* find out the next vt */
551 		if (vc_active_console == VT_MINOR_INVALID)
552 			return (1);
553 
554 		if (VT_IS_DAEMON(vc_active_console)) {
555 			minor = vt_find_next(vt_arg2minor(vc_target_console));
556 			break;
557 		}
558 
559 		minor = vt_find_next(vc_active_console);
560 		break;
561 	case 'H':
562 		/* find out the specified vt */
563 		minor = VT_MSG_VTNO(mp);
564 
565 		/* check for system console, Alt + F1 */
566 		if (minor == 1)
567 			minor = 0;
568 		break;
569 	case 'L':
570 		/* find out the last vt */
571 		if ((minor = vc_last_console) == VT_MINOR_INVALID)
572 			return (1);
573 		break;
574 	default:
575 		return (1);
576 	}
577 
578 	if (!vt_validate_hotkeys(minor))
579 		return (1);
580 
581 	/*
582 	 * for system console, the argument of vtno for
583 	 * vt_activate is 1, though its minor is 0
584 	 */
585 	if (minor == 0)
586 		vtno = 1;	/* for system console */
587 	else
588 		vtno = minor;
589 
590 	vt_trigger_hotkeys(vtno);
591 	return (1);
592 }
593 
594 static void
595 vt_proc_sendsig(pid_t pid, int sig)
596 {
597 	register proc_t *p;
598 
599 	if (pid <= 0)
600 		return;
601 
602 	mutex_enter(&pidlock);
603 	if ((p = prfind(pid)) == NULL || p->p_stat == SIDL) {
604 		mutex_exit(&pidlock);
605 		return;
606 	}
607 
608 	psignal(p, sig);
609 	mutex_exit(&pidlock);
610 }
611 
612 static int
613 vt_proc_exists(pid_t pid)
614 {
615 	register proc_t *p;
616 
617 	if (pid <= 0)
618 		return (EINVAL);
619 
620 	mutex_enter(&pidlock);
621 	if ((p = prfind(pid)) == NULL || p->p_stat == SIDL) {
622 		mutex_exit(&pidlock);
623 		return (ESRCH);
624 	}
625 	mutex_exit(&pidlock);
626 
627 	return (0);
628 }
629 
630 #define	SIG_VALID(x)	(((x) > 0) && ((x) < _SIGRTMAX) && \
631 			((x) != SIGKILL) && ((x) != SIGSTOP))
632 
633 static int
634 vt_setmode(vc_state_t *pvc, struct vt_mode *pmode)
635 {
636 	if ((pmode->mode != VT_PROCESS) && (pmode->mode != VT_AUTO))
637 		return (EINVAL);
638 
639 	if (!SIG_VALID(pmode->relsig) || !SIG_VALID(pmode->acqsig))
640 		return (EINVAL);
641 
642 	if (pmode->mode == VT_PROCESS) {
643 		pvc->vc_pid = curproc->p_pid;
644 	} else {
645 		pvc->vc_dispnum = 0;
646 		pvc->vc_login = 0;
647 	}
648 
649 	pvc->vc_switch_mode = pmode->mode;
650 	pvc->vc_waitv = pmode->waitv;
651 	pvc->vc_relsig = pmode->relsig;
652 	pvc->vc_acqsig = pmode->acqsig;
653 
654 	return (0);
655 }
656 
657 static void
658 vt_reset(vc_state_t *pvc)
659 {
660 	pvc->vc_switch_mode = VT_AUTO;
661 	pvc->vc_pid = -1;
662 	pvc->vc_dispnum = 0;
663 	pvc->vc_login = 0;
664 	pvc->vc_switchto = VT_MINOR_INVALID;
665 }
666 
667 /*
668  * switch to vt_no from vc_active_console
669  */
670 static int
671 vt_switch(uint_t vt_no, cred_t *credp)
672 {
673 	vc_state_t *pvc_active = vt_minor2vc(vc_active_console);
674 	vc_state_t *pvc = vt_minor2vc(vt_no);
675 	minor_t index;
676 
677 	ASSERT(pvc_active && pvc);
678 
679 	/* sanity test for the target VT and the active VT */
680 	if (!((pvc->vc_flags & WCS_ISOPEN) && (pvc->vc_flags & WCS_INIT)))
681 		return (EINVAL);
682 
683 	if (!((pvc_active->vc_flags & WCS_ISOPEN) &&
684 	    (pvc_active->vc_flags & WCS_INIT)))
685 		return (EINVAL);
686 
687 	mutex_enter(&vc_lock);
688 
689 	tem_switch(pvc_active->vc_tem, pvc->vc_tem, credp);
690 
691 	if (!VT_IS_DAEMON(vc_active_console))
692 		vc_last_console = vc_active_console;
693 	else
694 		vc_last_console = vt_arg2minor(vc_target_console);
695 
696 	vc_active_console = pvc->vc_minor;
697 
698 	if (pvc->vc_switch_mode == VT_PROCESS) {
699 		pvc->vc_switchto = pvc->vc_minor;
700 
701 		/* send it an acquired signal */
702 		vt_proc_sendsig(pvc->vc_pid, pvc->vc_acqsig);
703 	}
704 
705 	vc_waitactive_reply(vc_active_console, B_FALSE);
706 
707 	mutex_exit(&vc_lock);
708 
709 	if (!VT_IS_DAEMON(vt_no)) {
710 		/*
711 		 * Applications that open the virtual console device may request
712 		 * asynchronous notification of VT switching from a previous VT
713 		 * to another one by setting the S_MSG flag in an I_SETSIG
714 		 * STREAMS ioctl. Such processes receive a SIGPOLL signal when
715 		 * a VT switching succeeds.
716 		 */
717 		for (index = 0; index < VC_INSTANCES_COUNT; index++) {
718 			vc_state_t *tmp_pvc = vt_minor2vc(index);
719 			mblk_t *mp;
720 
721 			if ((tmp_pvc->vc_flags & WCS_ISOPEN) &&
722 			    (tmp_pvc->vc_flags & WCS_INIT) &&
723 			    (mp = allocb(sizeof (unsigned char), BPRI_HI))) {
724 				mp->b_datap->db_type = M_PCSIG;
725 				*mp->b_wptr = SIGPOLL;
726 				mp->b_wptr += sizeof (unsigned char);
727 				putnext(RD(tmp_pvc->vc_wq), mp);
728 			}
729 		}
730 	}
731 
732 	return (0);
733 
734 }
735 
736 /*
737  * vt_no	from 0 to n
738  *
739  * 0	for the vtdaemon sepcial console (only vtdaemon will use it)
740  * 1    for the system console (Alt + F1, or Alt + Ctrl + F1),
741  *      aka Virtual Console #1
742  *
743  * 2    for Virtual Console #2
744  * n    for Virtual Console #n
745  */
746 static minor_t
747 vt_arg2minor(uint_t arg)
748 {
749 	if (arg == 0)
750 		return (1);
751 
752 	if (arg == 1)
753 		return (0);
754 
755 	return (arg);
756 }
757 
758 static uint_t
759 vt_minor2arg(minor_t minor)
760 {
761 	if (minor == 0)
762 		return (1);
763 
764 	if (VT_IS_DAEMON(minor)) {
765 		/* here it should be the real console */
766 		return (vc_target_console);
767 	}
768 
769 	return (minor);
770 }
771 
772 static int
773 vt_activate(uint_t vt_no, cred_t *credp)
774 {
775 	vc_state_t *pvc;
776 	minor_t minor;
777 
778 	minor = vt_arg2minor(vt_no);
779 	if (!vt_minor_valid(minor))
780 		return (ENXIO);
781 	if (minor == vc_active_console) {
782 		if (VT_IS_DAEMON(minor)) {
783 			/*
784 			 * vtdaemon is reactivating itself to do locking
785 			 * on behalf of another console, so record current
786 			 * target console as the last console.
787 			 */
788 			vc_last_console = vt_arg2minor(vc_target_console);
789 		}
790 
791 		return (0);
792 	}
793 
794 	/*
795 	 * In tipline case, the system console is redirected to tipline
796 	 * and thus is always available.
797 	 */
798 	if (minor == 0 && consconfig_console_is_tipline())
799 		return (0);
800 
801 	if (!VT_IS_INUSE(minor))
802 		return (ENXIO);
803 
804 	pvc = vt_minor2vc(minor);
805 	if (pvc == NULL)
806 		return (ENXIO);
807 	if (pvc->vc_tem == NULL)
808 		return (ENXIO);
809 
810 	pvc = vt_minor2vc(vc_active_console);
811 	if (pvc == NULL)
812 		return (ENXIO);
813 	if (pvc->vc_switch_mode != VT_PROCESS)
814 		return (vt_switch(minor, credp));
815 
816 	/*
817 	 * Validate the process, reset the
818 	 * vt to auto mode if failed.
819 	 */
820 	if (pvc->vc_pid == -1 || vt_proc_exists(pvc->vc_pid) != 0) {
821 		/*
822 		 * Xserver has not started up yet,
823 		 * or it dose not exist.
824 		 */
825 		vt_reset(pvc);
826 		return (0);
827 	}
828 
829 	/*
830 	 * Send the release signal to the process,
831 	 * and wait VT_RELDISP ioctl from Xserver
832 	 * after its leaving VT.
833 	 */
834 	vt_proc_sendsig(pvc->vc_pid, pvc->vc_relsig);
835 	pvc->vc_switchto = minor;
836 
837 	/*
838 	 * We don't need a timeout here, for if Xserver refuses
839 	 * or fails to respond to release signal using VT_RELDISP,
840 	 * we cannot successfully switch to our text mode. Actually
841 	 * users can try again. At present we don't support force
842 	 * switch.
843 	 */
844 	return (0);
845 }
846 
847 static int
848 vt_reldisp(vc_state_t *pvc, int arg, cred_t *credp)
849 {
850 	minor_t target_vtno = pvc->vc_switchto;
851 
852 	if ((pvc->vc_switch_mode != VT_PROCESS) ||
853 	    (pvc->vc_minor != vc_active_console))
854 		return (EACCES);
855 
856 	if (target_vtno == VT_MINOR_INVALID)
857 		return (EINVAL);
858 
859 	pvc->vc_switchto = VT_MINOR_INVALID;
860 
861 	if (arg == VT_ACKACQ)
862 		return (0);
863 
864 	if (arg == 0)
865 		return (0); /* refuse to release */
866 
867 	/* Xserver has left VT */
868 	return (vt_switch(target_vtno, credp));
869 }
870 
871 void
872 vt_ioctl(queue_t *q, mblk_t *mp)
873 {
874 	vc_state_t *pvc = (vc_state_t *)q->q_ptr;
875 	struct iocblk	*iocp;
876 	struct vt_mode vtmode;
877 	struct vt_stat vtinfo;
878 	struct vt_dispinfo vtdisp;
879 	mblk_t *tmp;
880 	int minor;
881 	int arg;
882 	int error = 0;
883 	vc_waitactive_msg_t *wait_msg;
884 
885 	iocp = (struct iocblk *)(void *)mp->b_rptr;
886 	if (consmode != CONS_KFB && iocp->ioc_cmd != VT_ENABLED) {
887 		vt_iocnak(q, mp, EINVAL);
888 		return;
889 	}
890 
891 	switch (iocp->ioc_cmd) {
892 	case VT_ENABLED:
893 		if (!(tmp = allocb(sizeof (int), BPRI_MED))) {
894 			error = ENOMEM;
895 			break;
896 		}
897 		*(int *)(void *)tmp->b_rptr = consmode;
898 		tmp->b_wptr += sizeof (int);
899 		vt_copyout(q, mp, tmp, sizeof (int));
900 		return;
901 
902 	case KDSETMODE:
903 		arg = *(intptr_t *)(void *)mp->b_cont->b_rptr;
904 		if (arg != KD_TEXT && arg != KD_GRAPHICS) {
905 			error = EINVAL;
906 			break;
907 		}
908 		if (tem_get_fbmode(pvc->vc_tem) == arg)
909 			break;
910 
911 		tem_set_fbmode(pvc->vc_tem, (uchar_t)arg, iocp->ioc_cr);
912 
913 		break;
914 
915 	case KDGETMODE:
916 		if (!(tmp = allocb(sizeof (int), BPRI_MED))) {
917 			error = ENOMEM;
918 			break;
919 		}
920 		*(int *)(void *)tmp->b_rptr = tem_get_fbmode(pvc->vc_tem);
921 		tmp->b_wptr += sizeof (int);
922 		vt_copyout(q, mp, tmp, sizeof (int));
923 		return;
924 
925 	case VT_OPENQRY: /* return number of first free VT */
926 		if (!(tmp = allocb(sizeof (int), BPRI_MED))) {
927 			error = ENOMEM;
928 			break;
929 		}
930 
931 		/* minors of 0 and 1 are not available to end users */
932 		for (minor = 2; vt_minor_valid(minor); minor++)
933 			if (!VT_IS_INUSE(minor))
934 				break;
935 
936 		if (!vt_minor_valid(minor))
937 			minor = -1;
938 		*(int *)(void *)tmp->b_rptr = minor; /* /dev/vt/minor */
939 		tmp->b_wptr += sizeof (int);
940 		vt_copyout(q, mp, tmp, sizeof (int));
941 		return;
942 
943 	case VT_GETMODE:
944 		vtmode.mode = pvc->vc_switch_mode;
945 		vtmode.waitv = pvc->vc_waitv;
946 		vtmode.relsig = pvc->vc_relsig;
947 		vtmode.acqsig = pvc->vc_acqsig;
948 		vtmode.frsig = 0;
949 		if (!(tmp = allocb(sizeof (struct vt_mode), BPRI_MED))) {
950 			error = ENOMEM;
951 			break;
952 		}
953 		*(struct vt_mode *)(void *)tmp->b_rptr = vtmode;
954 		tmp->b_wptr += sizeof (struct vt_mode);
955 		vt_copyout(q, mp, tmp, sizeof (struct vt_mode));
956 		return;
957 
958 	case VT_SETMODE:
959 		vt_copyin(q, mp, sizeof (struct vt_mode));
960 		return;
961 
962 	case VT_SETDISPINFO:
963 		/* always enforce sys_devices privilege for setdispinfo */
964 		if ((error = secpolicy_console(iocp->ioc_cr)) != 0)
965 			break;
966 
967 		pvc->vc_dispnum = *(intptr_t *)(void *)mp->b_cont->b_rptr;
968 		break;
969 
970 	case VT_SETDISPLOGIN:
971 		pvc->vc_login = *(intptr_t *)(void *)mp->b_cont->b_rptr;
972 		break;
973 
974 	case VT_GETDISPINFO:
975 		vtdisp.v_pid = pvc->vc_pid;
976 		vtdisp.v_dispnum = pvc->vc_dispnum;
977 		vtdisp.v_login = pvc->vc_login;
978 		if (!(tmp = allocb(sizeof (struct vt_dispinfo), BPRI_MED))) {
979 			error = ENOMEM;
980 			break;
981 		}
982 		*(struct vt_dispinfo *)(void *)tmp->b_rptr = vtdisp;
983 		tmp->b_wptr += sizeof (struct vt_dispinfo);
984 		vt_copyout(q, mp, tmp, sizeof (struct vt_dispinfo));
985 		return;
986 
987 	case VT_RELDISP:
988 		arg = *(intptr_t *)(void *)mp->b_cont->b_rptr;
989 		error = vt_reldisp(pvc, arg, iocp->ioc_cr);
990 		break;
991 
992 	case VT_CONFIG:
993 		/* always enforce sys_devices privilege for config */
994 		if ((error = secpolicy_console(iocp->ioc_cr)) != 0)
995 			break;
996 
997 		arg = *(intptr_t *)(void *)mp->b_cont->b_rptr;
998 		error = vt_config(arg);
999 		break;
1000 
1001 	case VT_ACTIVATE:
1002 		/* always enforce sys_devices privilege for secure switch */
1003 		if ((error = secpolicy_console(iocp->ioc_cr)) != 0)
1004 			break;
1005 
1006 		arg = *(intptr_t *)(void *)mp->b_cont->b_rptr;
1007 		error = vt_activate(arg, iocp->ioc_cr);
1008 		break;
1009 
1010 	case VT_WAITACTIVE:
1011 		arg = *(intptr_t *)(void *)mp->b_cont->b_rptr;
1012 		arg = vt_arg2minor(arg);
1013 		if (!vt_minor_valid(arg)) {
1014 			error = ENXIO;
1015 			break;
1016 		}
1017 		if (arg == vc_active_console)
1018 			break;
1019 
1020 		wait_msg = kmem_zalloc(sizeof (vc_waitactive_msg_t),
1021 		    KM_NOSLEEP);
1022 		if (wait_msg == NULL) {
1023 			error = ENXIO;
1024 			break;
1025 		}
1026 
1027 		wait_msg->wa_mp = mp;
1028 		wait_msg->wa_msg_minor = pvc->vc_minor;
1029 		wait_msg->wa_wait_minor = arg;
1030 		list_insert_head(&vc_waitactive_list, wait_msg);
1031 
1032 		return;
1033 
1034 	case VT_GETSTATE:
1035 		/*
1036 		 * Here v_active is the argument for vt_activate,
1037 		 * not minor.
1038 		 */
1039 		vtinfo.v_active = vt_minor2arg(vc_active_console);
1040 		vtinfo.v_state = 3;	/* system console and vtdaemon */
1041 
1042 		/* we only support 16 vt states since the v_state is short */
1043 		for (minor = 2; minor < 16; minor++) {
1044 			pvc = vt_minor2vc(minor);
1045 			if (pvc == NULL)
1046 				break;
1047 			if (VT_IS_INUSE(minor))
1048 				vtinfo.v_state |= (1 << pvc->vc_minor);
1049 		}
1050 
1051 		if (!(tmp = allocb(sizeof (struct vt_stat), BPRI_MED))) {
1052 			error = ENOMEM;
1053 			break;
1054 		}
1055 		*(struct vt_stat *)(void *)tmp->b_rptr = vtinfo;
1056 		tmp->b_wptr += sizeof (struct vt_stat);
1057 		vt_copyout(q, mp, tmp, sizeof (struct vt_stat));
1058 		return;
1059 
1060 	case VT_SET_TARGET:
1061 		/* always enforce sys_devices privilege */
1062 		if ((error = secpolicy_console(iocp->ioc_cr)) != 0)
1063 			break;
1064 
1065 		arg = *(intptr_t *)(void *)mp->b_cont->b_rptr;
1066 
1067 		/* vtdaemon is doing authentication for this target console */
1068 		vc_target_console = arg;
1069 		break;
1070 
1071 	case VT_GETACTIVE:	/* get real active console (minor) */
1072 		if (!(tmp = allocb(sizeof (int), BPRI_MED))) {
1073 			error = ENOMEM;
1074 			break;
1075 		}
1076 		*(int *)(void *)tmp->b_rptr = vc_active_console;
1077 		tmp->b_wptr += sizeof (int);
1078 		vt_copyout(q, mp, tmp, sizeof (int));
1079 		return;
1080 
1081 	default:
1082 		error = ENXIO;
1083 		break;
1084 	}
1085 
1086 	if (error != 0)
1087 		vt_iocnak(q, mp, error);
1088 	else
1089 		vt_iocack(q, mp);
1090 }
1091 
1092 void
1093 vt_miocdata(queue_t *qp, mblk_t *mp)
1094 {
1095 	vc_state_t *pvc = (vc_state_t *)qp->q_ptr;
1096 	struct copyresp *copyresp;
1097 	struct vt_mode *pmode;
1098 	int error = 0;
1099 
1100 	copyresp = (struct copyresp *)(void *)mp->b_rptr;
1101 	if (copyresp->cp_rval) {
1102 		vt_iocnak(qp, mp, EAGAIN);
1103 		return;
1104 	}
1105 
1106 	switch (copyresp->cp_cmd) {
1107 	case VT_SETMODE:
1108 		pmode = (struct vt_mode *)(void *)mp->b_cont->b_rptr;
1109 		error = vt_setmode(pvc, pmode);
1110 		break;
1111 
1112 	case KDGETMODE:
1113 	case VT_OPENQRY:
1114 	case VT_GETMODE:
1115 	case VT_GETDISPINFO:
1116 	case VT_GETSTATE:
1117 	case VT_ENABLED:
1118 	case VT_GETACTIVE:
1119 		break;
1120 
1121 	default:
1122 		error = ENXIO;
1123 		break;
1124 	}
1125 
1126 	if (error != 0)
1127 		vt_iocnak(qp, mp, error);
1128 	else
1129 		vt_iocack(qp, mp);
1130 }
1131 
1132 static void
1133 vt_iocack(queue_t *qp, mblk_t *mp)
1134 {
1135 	struct iocblk	*iocbp = (struct iocblk *)(void *)mp->b_rptr;
1136 
1137 	mp->b_datap->db_type = M_IOCACK;
1138 	mp->b_wptr = mp->b_rptr + sizeof (struct iocblk);
1139 	iocbp->ioc_error = 0;
1140 	iocbp->ioc_count = 0;
1141 	iocbp->ioc_rval = 0;
1142 	if (mp->b_cont != NULL) {
1143 		freemsg(mp->b_cont);
1144 		mp->b_cont = NULL;
1145 	}
1146 	qreply(qp, mp);
1147 }
1148 
1149 static void
1150 vt_iocnak(queue_t *qp, mblk_t *mp, int error)
1151 {
1152 	struct iocblk *iocp = (struct iocblk *)(void *)mp->b_rptr;
1153 
1154 	mp->b_datap->db_type = M_IOCNAK;
1155 	iocp->ioc_rval = 0;
1156 	iocp->ioc_count = 0;
1157 	iocp->ioc_error = error;
1158 	if (mp->b_cont != NULL) {
1159 		freemsg(mp->b_cont);
1160 		mp->b_cont = NULL;
1161 	}
1162 	qreply(qp, mp);
1163 }
1164 
1165 static void
1166 vt_copyin(queue_t *qp, mblk_t *mp, uint_t size)
1167 {
1168 	struct copyreq  *cqp;
1169 
1170 	cqp = (struct copyreq *)(void *)mp->b_rptr;
1171 	cqp->cq_addr = *((caddr_t *)(void *)mp->b_cont->b_rptr);
1172 	cqp->cq_size = size;
1173 	cqp->cq_flag = 0;
1174 	cqp->cq_private = (mblk_t *)NULL;
1175 	mp->b_wptr = mp->b_rptr + sizeof (struct copyreq);
1176 	mp->b_datap->db_type = M_COPYIN;
1177 	if (mp->b_cont)
1178 		freemsg(mp->b_cont);
1179 	mp->b_cont = (mblk_t *)NULL;
1180 	qreply(qp, mp);
1181 }
1182 
1183 static void
1184 vt_copyout(queue_t *qp, mblk_t *mp, mblk_t *tmp, uint_t size)
1185 {
1186 	struct copyreq  *cqp;
1187 
1188 	cqp = (struct copyreq *)(void *)mp->b_rptr;
1189 	cqp->cq_size = size;
1190 	cqp->cq_addr = *((caddr_t *)(void *)mp->b_cont->b_rptr);
1191 	cqp->cq_flag = 0;
1192 	cqp->cq_private = (mblk_t *)NULL;
1193 	mp->b_wptr = mp->b_rptr + sizeof (struct copyreq);
1194 	mp->b_datap->db_type = M_COPYOUT;
1195 	if (mp->b_cont)
1196 		freemsg(mp->b_cont);
1197 	mp->b_cont = tmp;
1198 	qreply(qp, mp);
1199 }
1200 
1201 /*
1202  * Get vc state from minor.
1203  * Once a caller gets a vc_state_t from this function,
1204  * the vc_state_t is guaranteed not being freed before
1205  * the caller leaves this STREAMS module by the D_MTPERMOD
1206  * perimeter.
1207  */
1208 vc_state_t *
1209 vt_minor2vc(minor_t minor)
1210 {
1211 	avl_index_t where;
1212 	vc_state_t target;
1213 
1214 	if (minor != VT_ACTIVE) {
1215 		target.vc_minor = minor;
1216 		return (avl_find(&vc_avl_root, &target, &where));
1217 	}
1218 
1219 	if (vc_active_console == VT_MINOR_INVALID)
1220 		target.vc_minor = 0;
1221 	else
1222 		target.vc_minor = vc_active_console;
1223 
1224 	return (avl_find(&vc_avl_root, &target, &where));
1225 }
1226 
1227 static void
1228 vt_state_init(vc_state_t *vcptr, minor_t minor)
1229 {
1230 	mutex_init(&vcptr->vc_state_lock, NULL, MUTEX_DRIVER, NULL);
1231 
1232 	mutex_enter(&vcptr->vc_state_lock);
1233 	vcptr->vc_flags = 0;
1234 	mutex_exit(&vcptr->vc_state_lock);
1235 
1236 	vcptr->vc_pid = -1;
1237 	vcptr->vc_dispnum = 0;
1238 	vcptr->vc_login = 0;
1239 	vcptr->vc_switchto = VT_MINOR_INVALID;
1240 	vcptr->vc_switch_mode = VT_AUTO;
1241 	vcptr->vc_relsig = SIGUSR1;
1242 	vcptr->vc_acqsig = SIGUSR1;
1243 	vcptr->vc_tem = NULL;
1244 	vcptr->vc_bufcallid = 0;
1245 	vcptr->vc_timeoutid = 0;
1246 	vcptr->vc_wq = NULL;
1247 	vcptr->vc_minor = minor;
1248 }
1249 
1250 void
1251 vt_resize(uint_t count)
1252 {
1253 	uint_t vc_num, i;
1254 
1255 	ASSERT(MUTEX_HELD(&vc_lock));
1256 
1257 	vc_num = VC_INSTANCES_COUNT;
1258 
1259 	if (count == vc_num)
1260 		return;
1261 
1262 	if (count > vc_num) {
1263 		for (i = vc_num; i < count; i++) {
1264 			vc_state_t *vcptr = kmem_zalloc(sizeof (vc_state_t),
1265 			    KM_SLEEP);
1266 			vt_state_init(vcptr, i);
1267 			avl_add(&vc_avl_root, vcptr);
1268 		}
1269 		return;
1270 	}
1271 
1272 	for (i = vc_num; i > count; i--) {
1273 		avl_index_t where;
1274 		vc_state_t target, *found;
1275 
1276 		target.vc_minor = i - 1;
1277 		found = avl_find(&vc_avl_root, &target, &where);
1278 		ASSERT(found != NULL && found->vc_flags == 0);
1279 		avl_remove(&vc_avl_root, found);
1280 		kmem_free(found, sizeof (vc_state_t));
1281 	}
1282 }
1283 
1284 static int
1285 vc_avl_compare(const void *first, const void *second)
1286 {
1287 	const vc_state_t *vcptr1 = first;
1288 	const vc_state_t *vcptr2 = second;
1289 
1290 	if (vcptr1->vc_minor < vcptr2->vc_minor)
1291 		return (-1);
1292 
1293 	if (vcptr1->vc_minor == vcptr2->vc_minor)
1294 		return (0);
1295 
1296 	return (1);
1297 }
1298 
1299 /*
1300  * Only called from wc init().
1301  */
1302 void
1303 vt_init(void)
1304 {
1305 #ifdef	__lock_lint
1306 	ASSERT(NO_COMPETING_THREADS);
1307 #endif
1308 
1309 	avl_create(&vc_avl_root, vc_avl_compare, sizeof (vc_state_t),
1310 	    offsetof(vc_state_t, vc_avl_node));
1311 
1312 	list_create(&vc_waitactive_list, sizeof (vc_waitactive_msg_t),
1313 	    offsetof(vc_waitactive_msg_t, wa_list_node));
1314 
1315 	mutex_init(&vc_lock, NULL, MUTEX_DRIVER, NULL);
1316 	mutex_init(&vt_pending_vtno_lock, NULL, MUTEX_DRIVER, NULL);
1317 }
1318