Line data Source code
1 : // SPDX-License-Identifier: GPL-2.0
2 : /*
3 : * Copyright (C) 1992 obz under the linux copyright
4 : *
5 : * Dynamic diacritical handling - aeb@cwi.nl - Dec 1993
6 : * Dynamic keymap and string allocation - aeb@cwi.nl - May 1994
7 : * Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995
8 : * Some code moved for less code duplication - Andi Kleen - Mar 1997
9 : * Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001
10 : */
11 :
12 : #include <linux/types.h>
13 : #include <linux/errno.h>
14 : #include <linux/sched/signal.h>
15 : #include <linux/tty.h>
16 : #include <linux/timer.h>
17 : #include <linux/kernel.h>
18 : #include <linux/compat.h>
19 : #include <linux/module.h>
20 : #include <linux/kd.h>
21 : #include <linux/vt.h>
22 : #include <linux/string.h>
23 : #include <linux/slab.h>
24 : #include <linux/major.h>
25 : #include <linux/fs.h>
26 : #include <linux/console.h>
27 : #include <linux/consolemap.h>
28 : #include <linux/signal.h>
29 : #include <linux/suspend.h>
30 : #include <linux/timex.h>
31 :
32 : #include <asm/io.h>
33 : #include <linux/uaccess.h>
34 :
35 : #include <linux/nospec.h>
36 :
37 : #include <linux/kbd_kern.h>
38 : #include <linux/vt_kern.h>
39 : #include <linux/kbd_diacr.h>
40 : #include <linux/selection.h>
41 :
42 : bool vt_dont_switch;
43 :
44 16 : static inline bool vt_in_use(unsigned int i)
45 : {
46 16 : const struct vc_data *vc = vc_cons[i].d;
47 :
48 : /*
49 : * console_lock must be held to prevent the vc from being deallocated
50 : * while we're checking whether it's in-use.
51 : */
52 16 : WARN_CONSOLE_UNLOCKED();
53 :
54 16 : return vc && kref_read(&vc->port.kref) > 1;
55 : }
56 :
57 1 : static inline bool vt_busy(int i)
58 : {
59 1 : if (vt_in_use(i))
60 : return true;
61 0 : if (i == fg_console)
62 : return true;
63 0 : if (vc_is_sel(vc_cons[i].d))
64 0 : return true;
65 :
66 : return false;
67 : }
68 :
69 : /*
70 : * Console (vt and kd) routines, as defined by USL SVR4 manual, and by
71 : * experimentation and study of X386 SYSV handling.
72 : *
73 : * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and
74 : * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console,
75 : * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will
76 : * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to
77 : * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using
78 : * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing
79 : * to the current console is done by the main ioctl code.
80 : */
81 :
82 : #ifdef CONFIG_X86
83 : #include <asm/syscalls.h>
84 : #endif
85 :
86 : static void complete_change_console(struct vc_data *vc);
87 :
88 : /*
89 : * User space VT_EVENT handlers
90 : */
91 :
92 : struct vt_event_wait {
93 : struct list_head list;
94 : struct vt_event event;
95 : int done;
96 : };
97 :
98 : static LIST_HEAD(vt_events);
99 : static DEFINE_SPINLOCK(vt_event_lock);
100 : static DECLARE_WAIT_QUEUE_HEAD(vt_event_waitqueue);
101 :
102 : /**
103 : * vt_event_post
104 : * @event: the event that occurred
105 : * @old: old console
106 : * @new: new console
107 : *
108 : * Post an VT event to interested VT handlers
109 : */
110 :
111 0 : void vt_event_post(unsigned int event, unsigned int old, unsigned int new)
112 : {
113 0 : struct list_head *pos, *head;
114 0 : unsigned long flags;
115 0 : int wake = 0;
116 :
117 0 : spin_lock_irqsave(&vt_event_lock, flags);
118 0 : head = &vt_events;
119 :
120 0 : list_for_each(pos, head) {
121 0 : struct vt_event_wait *ve = list_entry(pos,
122 : struct vt_event_wait, list);
123 0 : if (!(ve->event.event & event))
124 0 : continue;
125 0 : ve->event.event = event;
126 : /* kernel view is consoles 0..n-1, user space view is
127 : console 1..n with 0 meaning current, so we must bias */
128 0 : ve->event.oldev = old + 1;
129 0 : ve->event.newev = new + 1;
130 0 : wake = 1;
131 0 : ve->done = 1;
132 : }
133 0 : spin_unlock_irqrestore(&vt_event_lock, flags);
134 0 : if (wake)
135 0 : wake_up_interruptible(&vt_event_waitqueue);
136 0 : }
137 :
138 0 : static void __vt_event_queue(struct vt_event_wait *vw)
139 : {
140 0 : unsigned long flags;
141 : /* Prepare the event */
142 0 : INIT_LIST_HEAD(&vw->list);
143 0 : vw->done = 0;
144 : /* Queue our event */
145 0 : spin_lock_irqsave(&vt_event_lock, flags);
146 0 : list_add(&vw->list, &vt_events);
147 0 : spin_unlock_irqrestore(&vt_event_lock, flags);
148 0 : }
149 :
150 0 : static void __vt_event_wait(struct vt_event_wait *vw)
151 : {
152 : /* Wait for it to pass */
153 0 : wait_event_interruptible(vt_event_waitqueue, vw->done);
154 0 : }
155 :
156 0 : static void __vt_event_dequeue(struct vt_event_wait *vw)
157 : {
158 0 : unsigned long flags;
159 :
160 : /* Dequeue it */
161 0 : spin_lock_irqsave(&vt_event_lock, flags);
162 0 : list_del(&vw->list);
163 0 : spin_unlock_irqrestore(&vt_event_lock, flags);
164 0 : }
165 :
166 : /**
167 : * vt_event_wait - wait for an event
168 : * @vw: our event
169 : *
170 : * Waits for an event to occur which completes our vt_event_wait
171 : * structure. On return the structure has wv->done set to 1 for success
172 : * or 0 if some event such as a signal ended the wait.
173 : */
174 :
175 0 : static void vt_event_wait(struct vt_event_wait *vw)
176 : {
177 0 : __vt_event_queue(vw);
178 0 : __vt_event_wait(vw);
179 0 : __vt_event_dequeue(vw);
180 0 : }
181 :
182 : /**
183 : * vt_event_wait_ioctl - event ioctl handler
184 : * @event: argument to ioctl (the event)
185 : *
186 : * Implement the VT_WAITEVENT ioctl using the VT event interface
187 : */
188 :
189 0 : static int vt_event_wait_ioctl(struct vt_event __user *event)
190 : {
191 0 : struct vt_event_wait vw;
192 :
193 0 : if (copy_from_user(&vw.event, event, sizeof(struct vt_event)))
194 : return -EFAULT;
195 : /* Highest supported event for now */
196 0 : if (vw.event.event & ~VT_MAX_EVENT)
197 : return -EINVAL;
198 :
199 0 : vt_event_wait(&vw);
200 : /* If it occurred report it */
201 0 : if (vw.done) {
202 0 : if (copy_to_user(event, &vw.event, sizeof(struct vt_event)))
203 : return -EFAULT;
204 0 : return 0;
205 : }
206 : return -EINTR;
207 : }
208 :
209 : /**
210 : * vt_waitactive - active console wait
211 : * @n: new console
212 : *
213 : * Helper for event waits. Used to implement the legacy
214 : * event waiting ioctls in terms of events
215 : */
216 :
217 0 : int vt_waitactive(int n)
218 : {
219 0 : struct vt_event_wait vw;
220 0 : do {
221 0 : vw.event.event = VT_EVENT_SWITCH;
222 0 : __vt_event_queue(&vw);
223 0 : if (n == fg_console + 1) {
224 0 : __vt_event_dequeue(&vw);
225 0 : break;
226 : }
227 0 : __vt_event_wait(&vw);
228 0 : __vt_event_dequeue(&vw);
229 0 : if (vw.done == 0)
230 : return -EINTR;
231 0 : } while (vw.event.newev != n);
232 : return 0;
233 : }
234 :
235 : /*
236 : * these are the valid i/o ports we're allowed to change. they map all the
237 : * video ports
238 : */
239 : #define GPFIRST 0x3b4
240 : #define GPLAST 0x3df
241 : #define GPNUM (GPLAST - GPFIRST + 1)
242 :
243 : /*
244 : * currently, setting the mode from KD_TEXT to KD_GRAPHICS doesn't do a whole
245 : * lot. i'm not sure if it should do any restoration of modes or what...
246 : *
247 : * XXX It should at least call into the driver, fbdev's definitely need to
248 : * restore their engine state. --BenH
249 : */
250 1 : static int vt_kdsetmode(struct vc_data *vc, unsigned long mode)
251 : {
252 1 : switch (mode) {
253 : case KD_GRAPHICS:
254 : break;
255 0 : case KD_TEXT0:
256 : case KD_TEXT1:
257 0 : mode = KD_TEXT;
258 : fallthrough;
259 : case KD_TEXT:
260 : break;
261 : default:
262 : return -EINVAL;
263 : }
264 :
265 : /* FIXME: this needs the console lock extending */
266 1 : if (vc->vc_mode == mode)
267 : return 0;
268 :
269 0 : vc->vc_mode = mode;
270 0 : if (vc->vc_num != fg_console)
271 : return 0;
272 :
273 : /* explicitly blank/unblank the screen if switching modes */
274 0 : console_lock();
275 0 : if (mode == KD_TEXT)
276 0 : do_unblank_screen(1);
277 : else
278 0 : do_blank_screen(1);
279 0 : console_unlock();
280 :
281 0 : return 0;
282 : }
283 :
284 14039 : static int vt_k_ioctl(struct tty_struct *tty, unsigned int cmd,
285 : unsigned long arg, bool perm)
286 : {
287 14039 : struct vc_data *vc = tty->driver_data;
288 14039 : void __user *up = (void __user *)arg;
289 14039 : unsigned int console = vc->vc_num;
290 14039 : int ret;
291 :
292 14039 : switch (cmd) {
293 0 : case KIOCSOUND:
294 0 : if (!perm)
295 : return -EPERM;
296 : /*
297 : * The use of PIT_TICK_RATE is historic, it used to be
298 : * the platform-dependent CLOCK_TICK_RATE between 2.6.12
299 : * and 2.6.36, which was a minor but unfortunate ABI
300 : * change. kd_mksound is locked by the input layer.
301 : */
302 0 : if (arg)
303 0 : arg = PIT_TICK_RATE / arg;
304 0 : kd_mksound(arg, 0);
305 0 : break;
306 :
307 0 : case KDMKTONE:
308 0 : if (!perm)
309 : return -EPERM;
310 : {
311 0 : unsigned int ticks, count;
312 :
313 : /*
314 : * Generate the tone for the appropriate number of ticks.
315 : * If the time is zero, turn off sound ourselves.
316 : */
317 0 : ticks = msecs_to_jiffies((arg >> 16) & 0xffff);
318 0 : count = ticks ? (arg & 0xffff) : 0;
319 0 : if (count)
320 0 : count = PIT_TICK_RATE / count;
321 0 : kd_mksound(count, ticks);
322 0 : break;
323 : }
324 :
325 8 : case KDGKBTYPE:
326 : /*
327 : * this is naïve.
328 : */
329 8 : return put_user(KB_101, (char __user *)arg);
330 :
331 : /*
332 : * These cannot be implemented on any machine that implements
333 : * ioperm() in user level (such as Alpha PCs) or not at all.
334 : *
335 : * XXX: you should never use these, just call ioperm directly..
336 : */
337 : #ifdef CONFIG_X86
338 0 : case KDADDIO:
339 : case KDDELIO:
340 : /*
341 : * KDADDIO and KDDELIO may be able to add ports beyond what
342 : * we reject here, but to be safe...
343 : *
344 : * These are locked internally via sys_ioperm
345 : */
346 0 : if (arg < GPFIRST || arg > GPLAST)
347 : return -EINVAL;
348 :
349 0 : return ksys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0;
350 :
351 0 : case KDENABIO:
352 : case KDDISABIO:
353 0 : return ksys_ioperm(GPFIRST, GPNUM,
354 0 : (cmd == KDENABIO)) ? -ENXIO : 0;
355 : #endif
356 :
357 : /* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */
358 :
359 0 : case KDKBDREP:
360 : {
361 0 : struct kbd_repeat kbrep;
362 :
363 0 : if (!capable(CAP_SYS_TTY_CONFIG))
364 0 : return -EPERM;
365 :
366 0 : if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat)))
367 : return -EFAULT;
368 :
369 0 : ret = kbd_rate(&kbrep);
370 0 : if (ret)
371 : return ret;
372 0 : if (copy_to_user(up, &kbrep, sizeof(struct kbd_repeat)))
373 : return -EFAULT;
374 0 : break;
375 : }
376 :
377 1 : case KDSETMODE:
378 1 : if (!perm)
379 : return -EPERM;
380 :
381 1 : return vt_kdsetmode(vc, arg);
382 :
383 2 : case KDGETMODE:
384 2 : return put_user(vc->vc_mode, (int __user *)arg);
385 :
386 : case KDMAPDISP:
387 : case KDUNMAPDISP:
388 : /*
389 : * these work like a combination of mmap and KDENABIO.
390 : * this could be easily finished.
391 : */
392 : return -EINVAL;
393 :
394 9 : case KDSKBMODE:
395 9 : if (!perm)
396 : return -EPERM;
397 9 : ret = vt_do_kdskbmode(console, arg);
398 9 : if (ret)
399 : return ret;
400 9 : tty_ldisc_flush(tty);
401 9 : break;
402 :
403 2 : case KDGKBMODE:
404 2 : return put_user(vt_do_kdgkbmode(console), (int __user *)arg);
405 :
406 : /* this could be folded into KDSKBMODE, but for compatibility
407 : reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */
408 0 : case KDSKBMETA:
409 0 : return vt_do_kdskbmeta(console, arg);
410 :
411 0 : case KDGKBMETA:
412 : /* FIXME: should review whether this is worth locking */
413 0 : return put_user(vt_do_kdgkbmeta(console), (int __user *)arg);
414 :
415 0 : case KDGETKEYCODE:
416 : case KDSETKEYCODE:
417 0 : if(!capable(CAP_SYS_TTY_CONFIG))
418 0 : perm = 0;
419 0 : return vt_do_kbkeycode_ioctl(cmd, up, perm);
420 :
421 13952 : case KDGKBENT:
422 : case KDSKBENT:
423 13952 : return vt_do_kdsk_ioctl(cmd, up, perm, console);
424 :
425 26 : case KDGKBSENT:
426 : case KDSKBSENT:
427 26 : return vt_do_kdgkb_ioctl(cmd, up, perm);
428 :
429 : /* Diacritical processing. Handled in keyboard.c as it has
430 : to operate on the keyboard locks and structures */
431 0 : case KDGKBDIACR:
432 : case KDGKBDIACRUC:
433 : case KDSKBDIACR:
434 : case KDSKBDIACRUC:
435 0 : return vt_do_diacrit(cmd, up, perm);
436 :
437 : /* the ioctls below read/set the flags usually shown in the leds */
438 : /* don't use them - they will go away without warning */
439 1 : case KDGKBLED:
440 : case KDSKBLED:
441 : case KDGETLED:
442 : case KDSETLED:
443 1 : return vt_do_kdskled(console, cmd, arg, perm);
444 :
445 : /*
446 : * A process can indicate its willingness to accept signals
447 : * generated by pressing an appropriate key combination.
448 : * Thus, one can have a daemon that e.g. spawns a new console
449 : * upon a keypress and then changes to it.
450 : * See also the kbrequest field of inittab(5).
451 : */
452 1 : case KDSIGACCEPT:
453 1 : if (!perm || !capable(CAP_KILL))
454 0 : return -EPERM;
455 1 : if (!valid_signal(arg) || arg < 1 || arg == SIGKILL)
456 : return -EINVAL;
457 :
458 1 : spin_lock_irq(&vt_spawn_con.lock);
459 1 : put_pid(vt_spawn_con.pid);
460 1 : vt_spawn_con.pid = get_pid(task_pid(current));
461 1 : vt_spawn_con.sig = arg;
462 1 : spin_unlock_irq(&vt_spawn_con.lock);
463 : break;
464 :
465 : case KDFONTOP: {
466 1 : struct console_font_op op;
467 :
468 1 : if (copy_from_user(&op, up, sizeof(op)))
469 1 : return -EFAULT;
470 1 : if (!perm && op.op != KD_FONT_OP_GET)
471 : return -EPERM;
472 1 : ret = con_font_op(vc, &op);
473 1 : if (ret)
474 : return ret;
475 0 : if (copy_to_user(up, &op, sizeof(op)))
476 : return -EFAULT;
477 0 : break;
478 : }
479 :
480 36 : default:
481 36 : return -ENOIOCTLCMD;
482 : }
483 :
484 : return 0;
485 : }
486 :
487 0 : static inline int do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud,
488 : bool perm, struct vc_data *vc)
489 : {
490 0 : struct unimapdesc tmp;
491 :
492 0 : if (copy_from_user(&tmp, user_ud, sizeof tmp))
493 : return -EFAULT;
494 0 : switch (cmd) {
495 0 : case PIO_UNIMAP:
496 0 : if (!perm)
497 : return -EPERM;
498 0 : return con_set_unimap(vc, tmp.entry_ct, tmp.entries);
499 0 : case GIO_UNIMAP:
500 0 : if (!perm && fg_console != vc->vc_num)
501 : return -EPERM;
502 0 : return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct),
503 : tmp.entries);
504 : }
505 : return 0;
506 : }
507 :
508 36 : static int vt_io_ioctl(struct vc_data *vc, unsigned int cmd, void __user *up,
509 : bool perm)
510 : {
511 36 : switch (cmd) {
512 0 : case PIO_CMAP:
513 0 : if (!perm)
514 : return -EPERM;
515 0 : return con_set_cmap(up);
516 :
517 0 : case GIO_CMAP:
518 0 : return con_get_cmap(up);
519 :
520 0 : case PIO_SCRNMAP:
521 0 : if (!perm)
522 : return -EPERM;
523 0 : return con_set_trans_old(up);
524 :
525 0 : case GIO_SCRNMAP:
526 0 : return con_get_trans_old(up);
527 :
528 0 : case PIO_UNISCRNMAP:
529 0 : if (!perm)
530 : return -EPERM;
531 0 : return con_set_trans_new(up);
532 :
533 0 : case GIO_UNISCRNMAP:
534 0 : return con_get_trans_new(up);
535 :
536 0 : case PIO_UNIMAPCLR:
537 0 : if (!perm)
538 : return -EPERM;
539 0 : con_clear_unimap(vc);
540 0 : break;
541 :
542 0 : case PIO_UNIMAP:
543 : case GIO_UNIMAP:
544 0 : return do_unimap_ioctl(cmd, up, perm, vc);
545 :
546 : default:
547 : return -ENOIOCTLCMD;
548 : }
549 :
550 0 : return 0;
551 : }
552 :
553 0 : static int vt_reldisp(struct vc_data *vc, unsigned int swtch)
554 : {
555 0 : int newvt, ret;
556 :
557 0 : if (vc->vt_mode.mode != VT_PROCESS)
558 : return -EINVAL;
559 :
560 : /* Switched-to response */
561 0 : if (vc->vt_newvt < 0) {
562 : /* If it's just an ACK, ignore it */
563 0 : return swtch == VT_ACKACQ ? 0 : -EINVAL;
564 : }
565 :
566 : /* Switching-from response */
567 0 : if (swtch == 0) {
568 : /* Switch disallowed, so forget we were trying to do it. */
569 0 : vc->vt_newvt = -1;
570 0 : return 0;
571 : }
572 :
573 : /* The current vt has been released, so complete the switch. */
574 0 : newvt = vc->vt_newvt;
575 0 : vc->vt_newvt = -1;
576 0 : ret = vc_allocate(newvt);
577 0 : if (ret)
578 : return ret;
579 :
580 : /*
581 : * When we actually do the console switch, make sure we are atomic with
582 : * respect to other console switches..
583 : */
584 0 : complete_change_console(vc_cons[newvt].d);
585 :
586 0 : return 0;
587 : }
588 :
589 0 : static int vt_setactivate(struct vt_setactivate __user *sa)
590 : {
591 0 : struct vt_setactivate vsa;
592 0 : struct vc_data *nvc;
593 0 : int ret;
594 :
595 0 : if (copy_from_user(&vsa, sa, sizeof(vsa)))
596 : return -EFAULT;
597 0 : if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES)
598 : return -ENXIO;
599 :
600 0 : vsa.console = array_index_nospec(vsa.console, MAX_NR_CONSOLES + 1);
601 0 : vsa.console--;
602 0 : console_lock();
603 0 : ret = vc_allocate(vsa.console);
604 0 : if (ret) {
605 0 : console_unlock();
606 0 : return ret;
607 : }
608 :
609 : /*
610 : * This is safe providing we don't drop the console sem between
611 : * vc_allocate and finishing referencing nvc.
612 : */
613 0 : nvc = vc_cons[vsa.console].d;
614 0 : nvc->vt_mode = vsa.mode;
615 0 : nvc->vt_mode.frsig = 0;
616 0 : put_pid(nvc->vt_pid);
617 0 : nvc->vt_pid = get_pid(task_pid(current));
618 0 : console_unlock();
619 :
620 : /* Commence switch and lock */
621 : /* Review set_console locks */
622 0 : set_console(vsa.console);
623 :
624 0 : return 0;
625 : }
626 :
627 : /* deallocate a single console, if possible (leave 0) */
628 1 : static int vt_disallocate(unsigned int vc_num)
629 : {
630 1 : struct vc_data *vc = NULL;
631 1 : int ret = 0;
632 :
633 1 : console_lock();
634 1 : if (vt_busy(vc_num))
635 : ret = -EBUSY;
636 0 : else if (vc_num)
637 0 : vc = vc_deallocate(vc_num);
638 1 : console_unlock();
639 :
640 1 : if (vc && vc_num >= MIN_NR_CONSOLES)
641 0 : tty_port_put(&vc->port);
642 :
643 1 : return ret;
644 : }
645 :
646 : /* deallocate all unused consoles, but leave 0 */
647 0 : static void vt_disallocate_all(void)
648 : {
649 0 : struct vc_data *vc[MAX_NR_CONSOLES];
650 0 : int i;
651 :
652 0 : console_lock();
653 0 : for (i = 1; i < MAX_NR_CONSOLES; i++)
654 0 : if (!vt_busy(i))
655 0 : vc[i] = vc_deallocate(i);
656 : else
657 0 : vc[i] = NULL;
658 0 : console_unlock();
659 :
660 0 : for (i = 1; i < MAX_NR_CONSOLES; i++) {
661 0 : if (vc[i] && i >= MIN_NR_CONSOLES)
662 0 : tty_port_put(&vc[i]->port);
663 : }
664 0 : }
665 :
666 0 : static int vt_resizex(struct vc_data *vc, struct vt_consize __user *cs)
667 : {
668 0 : struct vt_consize v;
669 0 : int i;
670 :
671 0 : if (copy_from_user(&v, cs, sizeof(struct vt_consize)))
672 : return -EFAULT;
673 :
674 0 : if (v.v_vlin)
675 0 : pr_info_once("\"struct vt_consize\"->v_vlin is ignored. Please report if you need this.\n");
676 0 : if (v.v_clin)
677 0 : pr_info_once("\"struct vt_consize\"->v_clin is ignored. Please report if you need this.\n");
678 :
679 0 : console_lock();
680 0 : for (i = 0; i < MAX_NR_CONSOLES; i++) {
681 0 : vc = vc_cons[i].d;
682 :
683 0 : if (vc) {
684 0 : vc->vc_resize_user = 1;
685 0 : vc_resize(vc, v.v_cols, v.v_rows);
686 : }
687 : }
688 0 : console_unlock();
689 :
690 0 : return 0;
691 : }
692 :
693 : /*
694 : * We handle the console-specific ioctl's here. We allow the
695 : * capability to modify any console, not just the fg_console.
696 : */
697 14039 : int vt_ioctl(struct tty_struct *tty,
698 : unsigned int cmd, unsigned long arg)
699 : {
700 14039 : struct vc_data *vc = tty->driver_data;
701 14039 : void __user *up = (void __user *)arg;
702 14039 : int i, perm;
703 14039 : int ret;
704 :
705 : /*
706 : * To have permissions to do most of the vt ioctls, we either have
707 : * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
708 : */
709 14039 : perm = 0;
710 14039 : if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG))
711 : perm = 1;
712 :
713 14039 : ret = vt_k_ioctl(tty, cmd, arg, perm);
714 14039 : if (ret != -ENOIOCTLCMD)
715 : return ret;
716 :
717 36 : ret = vt_io_ioctl(vc, cmd, up, perm);
718 36 : if (ret != -ENOIOCTLCMD)
719 : return ret;
720 :
721 36 : switch (cmd) {
722 0 : case TIOCLINUX:
723 0 : return tioclinux(tty, arg);
724 0 : case VT_SETMODE:
725 : {
726 0 : struct vt_mode tmp;
727 :
728 0 : if (!perm)
729 0 : return -EPERM;
730 0 : if (copy_from_user(&tmp, up, sizeof(struct vt_mode)))
731 : return -EFAULT;
732 0 : if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS)
733 : return -EINVAL;
734 :
735 0 : console_lock();
736 0 : vc->vt_mode = tmp;
737 : /* the frsig is ignored, so we set it to 0 */
738 0 : vc->vt_mode.frsig = 0;
739 0 : put_pid(vc->vt_pid);
740 0 : vc->vt_pid = get_pid(task_pid(current));
741 : /* no switch is required -- saw@shade.msu.ru */
742 0 : vc->vt_newvt = -1;
743 0 : console_unlock();
744 0 : break;
745 : }
746 :
747 0 : case VT_GETMODE:
748 : {
749 0 : struct vt_mode tmp;
750 0 : int rc;
751 :
752 0 : console_lock();
753 0 : memcpy(&tmp, &vc->vt_mode, sizeof(struct vt_mode));
754 0 : console_unlock();
755 :
756 0 : rc = copy_to_user(up, &tmp, sizeof(struct vt_mode));
757 0 : if (rc)
758 0 : return -EFAULT;
759 0 : break;
760 : }
761 :
762 : /*
763 : * Returns global vt state. Note that VT 0 is always open, since
764 : * it's an alias for the current VT, and people can't use it here.
765 : * We cannot return state for more than 16 VTs, since v_state is short.
766 : */
767 1 : case VT_GETSTATE:
768 : {
769 1 : struct vt_stat __user *vtstat = up;
770 1 : unsigned short state, mask;
771 :
772 1 : if (put_user(fg_console + 1, &vtstat->v_active))
773 : return -EFAULT;
774 :
775 1 : state = 1; /* /dev/tty0 is always open */
776 1 : console_lock(); /* required by vt_in_use() */
777 17 : for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask;
778 15 : ++i, mask <<= 1)
779 15 : if (vt_in_use(i))
780 2 : state |= mask;
781 1 : console_unlock();
782 1 : return put_user(state, &vtstat->v_state);
783 : }
784 :
785 : /*
786 : * Returns the first available (non-opened) console.
787 : */
788 0 : case VT_OPENQRY:
789 0 : console_lock(); /* required by vt_in_use() */
790 0 : for (i = 0; i < MAX_NR_CONSOLES; ++i)
791 0 : if (!vt_in_use(i))
792 : break;
793 0 : console_unlock();
794 0 : i = i < MAX_NR_CONSOLES ? (i+1) : -1;
795 0 : return put_user(i, (int __user *)arg);
796 :
797 : /*
798 : * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num,
799 : * with num >= 1 (switches to vt 0, our console, are not allowed, just
800 : * to preserve sanity).
801 : */
802 0 : case VT_ACTIVATE:
803 0 : if (!perm)
804 : return -EPERM;
805 0 : if (arg == 0 || arg > MAX_NR_CONSOLES)
806 : return -ENXIO;
807 :
808 0 : arg--;
809 0 : console_lock();
810 0 : ret = vc_allocate(arg);
811 0 : console_unlock();
812 0 : if (ret)
813 : return ret;
814 0 : set_console(arg);
815 0 : break;
816 :
817 0 : case VT_SETACTIVATE:
818 0 : if (!perm)
819 : return -EPERM;
820 :
821 0 : return vt_setactivate(up);
822 :
823 : /*
824 : * wait until the specified VT has been activated
825 : */
826 0 : case VT_WAITACTIVE:
827 0 : if (!perm)
828 : return -EPERM;
829 0 : if (arg == 0 || arg > MAX_NR_CONSOLES)
830 : return -ENXIO;
831 0 : return vt_waitactive(arg);
832 :
833 : /*
834 : * If a vt is under process control, the kernel will not switch to it
835 : * immediately, but postpone the operation until the process calls this
836 : * ioctl, allowing the switch to complete.
837 : *
838 : * According to the X sources this is the behavior:
839 : * 0: pending switch-from not OK
840 : * 1: pending switch-from OK
841 : * 2: completed switch-to OK
842 : */
843 0 : case VT_RELDISP:
844 0 : if (!perm)
845 : return -EPERM;
846 :
847 0 : console_lock();
848 0 : ret = vt_reldisp(vc, arg);
849 0 : console_unlock();
850 :
851 0 : return ret;
852 :
853 :
854 : /*
855 : * Disallocate memory associated to VT (but leave VT1)
856 : */
857 1 : case VT_DISALLOCATE:
858 1 : if (arg > MAX_NR_CONSOLES)
859 : return -ENXIO;
860 :
861 1 : if (arg == 0)
862 0 : vt_disallocate_all();
863 : else
864 1 : return vt_disallocate(--arg);
865 0 : break;
866 :
867 0 : case VT_RESIZE:
868 : {
869 0 : struct vt_sizes __user *vtsizes = up;
870 0 : struct vc_data *vc;
871 0 : ushort ll,cc;
872 :
873 0 : if (!perm)
874 : return -EPERM;
875 0 : if (get_user(ll, &vtsizes->v_rows) ||
876 0 : get_user(cc, &vtsizes->v_cols))
877 0 : return -EFAULT;
878 :
879 0 : console_lock();
880 0 : for (i = 0; i < MAX_NR_CONSOLES; i++) {
881 0 : vc = vc_cons[i].d;
882 :
883 0 : if (vc) {
884 0 : vc->vc_resize_user = 1;
885 : /* FIXME: review v tty lock */
886 0 : vc_resize(vc_cons[i].d, cc, ll);
887 : }
888 : }
889 0 : console_unlock();
890 0 : break;
891 : }
892 :
893 0 : case VT_RESIZEX:
894 0 : if (!perm)
895 : return -EPERM;
896 :
897 0 : return vt_resizex(vc, up);
898 :
899 0 : case VT_LOCKSWITCH:
900 0 : if (!capable(CAP_SYS_TTY_CONFIG))
901 : return -EPERM;
902 0 : vt_dont_switch = true;
903 0 : break;
904 0 : case VT_UNLOCKSWITCH:
905 0 : if (!capable(CAP_SYS_TTY_CONFIG))
906 : return -EPERM;
907 0 : vt_dont_switch = false;
908 0 : break;
909 0 : case VT_GETHIFONTMASK:
910 0 : return put_user(vc->vc_hi_font_mask,
911 : (unsigned short __user *)arg);
912 0 : case VT_WAITEVENT:
913 0 : return vt_event_wait_ioctl((struct vt_event __user *)arg);
914 : default:
915 : return -ENOIOCTLCMD;
916 : }
917 :
918 : return 0;
919 : }
920 :
921 6 : void reset_vc(struct vc_data *vc)
922 : {
923 6 : vc->vc_mode = KD_TEXT;
924 6 : vt_reset_unicode(vc->vc_num);
925 6 : vc->vt_mode.mode = VT_AUTO;
926 6 : vc->vt_mode.waitv = 0;
927 6 : vc->vt_mode.relsig = 0;
928 6 : vc->vt_mode.acqsig = 0;
929 6 : vc->vt_mode.frsig = 0;
930 6 : put_pid(vc->vt_pid);
931 6 : vc->vt_pid = NULL;
932 6 : vc->vt_newvt = -1;
933 6 : reset_palette(vc);
934 6 : }
935 :
936 0 : void vc_SAK(struct work_struct *work)
937 : {
938 0 : struct vc *vc_con =
939 0 : container_of(work, struct vc, SAK_work);
940 0 : struct vc_data *vc;
941 0 : struct tty_struct *tty;
942 :
943 0 : console_lock();
944 0 : vc = vc_con->d;
945 0 : if (vc) {
946 : /* FIXME: review tty ref counting */
947 0 : tty = vc->port.tty;
948 : /*
949 : * SAK should also work in all raw modes and reset
950 : * them properly.
951 : */
952 0 : if (tty)
953 0 : __do_SAK(tty);
954 0 : reset_vc(vc);
955 : }
956 0 : console_unlock();
957 0 : }
958 :
959 : #ifdef CONFIG_COMPAT
960 :
961 : struct compat_console_font_op {
962 : compat_uint_t op; /* operation code KD_FONT_OP_* */
963 : compat_uint_t flags; /* KD_FONT_FLAG_* */
964 : compat_uint_t width, height; /* font size */
965 : compat_uint_t charcount;
966 : compat_caddr_t data; /* font data with height fixed to 32 */
967 : };
968 :
969 : static inline int
970 0 : compat_kdfontop_ioctl(struct compat_console_font_op __user *fontop,
971 : int perm, struct console_font_op *op, struct vc_data *vc)
972 : {
973 0 : int i;
974 :
975 0 : if (copy_from_user(op, fontop, sizeof(struct compat_console_font_op)))
976 0 : return -EFAULT;
977 0 : if (!perm && op->op != KD_FONT_OP_GET)
978 : return -EPERM;
979 0 : op->data = compat_ptr(((struct compat_console_font_op *)op)->data);
980 0 : i = con_font_op(vc, op);
981 0 : if (i)
982 : return i;
983 0 : ((struct compat_console_font_op *)op)->data = (unsigned long)op->data;
984 0 : if (copy_to_user(fontop, op, sizeof(struct compat_console_font_op)))
985 0 : return -EFAULT;
986 : return 0;
987 : }
988 :
989 : struct compat_unimapdesc {
990 : unsigned short entry_ct;
991 : compat_caddr_t entries;
992 : };
993 :
994 : static inline int
995 0 : compat_unimap_ioctl(unsigned int cmd, struct compat_unimapdesc __user *user_ud,
996 : int perm, struct vc_data *vc)
997 : {
998 0 : struct compat_unimapdesc tmp;
999 0 : struct unipair __user *tmp_entries;
1000 :
1001 0 : if (copy_from_user(&tmp, user_ud, sizeof tmp))
1002 : return -EFAULT;
1003 0 : tmp_entries = compat_ptr(tmp.entries);
1004 0 : switch (cmd) {
1005 0 : case PIO_UNIMAP:
1006 0 : if (!perm)
1007 : return -EPERM;
1008 0 : return con_set_unimap(vc, tmp.entry_ct, tmp_entries);
1009 0 : case GIO_UNIMAP:
1010 0 : if (!perm && fg_console != vc->vc_num)
1011 : return -EPERM;
1012 0 : return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp_entries);
1013 : }
1014 : return 0;
1015 : }
1016 :
1017 0 : long vt_compat_ioctl(struct tty_struct *tty,
1018 : unsigned int cmd, unsigned long arg)
1019 : {
1020 0 : struct vc_data *vc = tty->driver_data;
1021 0 : struct console_font_op op; /* used in multiple places here */
1022 0 : void __user *up = compat_ptr(arg);
1023 0 : int perm;
1024 :
1025 : /*
1026 : * To have permissions to do most of the vt ioctls, we either have
1027 : * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
1028 : */
1029 0 : perm = 0;
1030 0 : if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1031 : perm = 1;
1032 :
1033 0 : switch (cmd) {
1034 : /*
1035 : * these need special handlers for incompatible data structures
1036 : */
1037 :
1038 0 : case KDFONTOP:
1039 0 : return compat_kdfontop_ioctl(up, perm, &op, vc);
1040 :
1041 0 : case PIO_UNIMAP:
1042 : case GIO_UNIMAP:
1043 0 : return compat_unimap_ioctl(cmd, up, perm, vc);
1044 :
1045 : /*
1046 : * all these treat 'arg' as an integer
1047 : */
1048 0 : case KIOCSOUND:
1049 : case KDMKTONE:
1050 : #ifdef CONFIG_X86
1051 : case KDADDIO:
1052 : case KDDELIO:
1053 : #endif
1054 : case KDSETMODE:
1055 : case KDMAPDISP:
1056 : case KDUNMAPDISP:
1057 : case KDSKBMODE:
1058 : case KDSKBMETA:
1059 : case KDSKBLED:
1060 : case KDSETLED:
1061 : case KDSIGACCEPT:
1062 : case VT_ACTIVATE:
1063 : case VT_WAITACTIVE:
1064 : case VT_RELDISP:
1065 : case VT_DISALLOCATE:
1066 : case VT_RESIZE:
1067 : case VT_RESIZEX:
1068 0 : return vt_ioctl(tty, cmd, arg);
1069 :
1070 : /*
1071 : * the rest has a compatible data structure behind arg,
1072 : * but we have to convert it to a proper 64 bit pointer.
1073 : */
1074 0 : default:
1075 0 : return vt_ioctl(tty, cmd, (unsigned long)up);
1076 : }
1077 : }
1078 :
1079 :
1080 : #endif /* CONFIG_COMPAT */
1081 :
1082 :
1083 : /*
1084 : * Performs the back end of a vt switch. Called under the console
1085 : * semaphore.
1086 : */
1087 0 : static void complete_change_console(struct vc_data *vc)
1088 : {
1089 0 : unsigned char old_vc_mode;
1090 0 : int old = fg_console;
1091 :
1092 0 : last_console = fg_console;
1093 :
1094 : /*
1095 : * If we're switching, we could be going from KD_GRAPHICS to
1096 : * KD_TEXT mode or vice versa, which means we need to blank or
1097 : * unblank the screen later.
1098 : */
1099 0 : old_vc_mode = vc_cons[fg_console].d->vc_mode;
1100 0 : switch_screen(vc);
1101 :
1102 : /*
1103 : * This can't appear below a successful kill_pid(). If it did,
1104 : * then the *blank_screen operation could occur while X, having
1105 : * received acqsig, is waking up on another processor. This
1106 : * condition can lead to overlapping accesses to the VGA range
1107 : * and the framebuffer (causing system lockups).
1108 : *
1109 : * To account for this we duplicate this code below only if the
1110 : * controlling process is gone and we've called reset_vc.
1111 : */
1112 0 : if (old_vc_mode != vc->vc_mode) {
1113 0 : if (vc->vc_mode == KD_TEXT)
1114 0 : do_unblank_screen(1);
1115 : else
1116 0 : do_blank_screen(1);
1117 : }
1118 :
1119 : /*
1120 : * If this new console is under process control, send it a signal
1121 : * telling it that it has acquired. Also check if it has died and
1122 : * clean up (similar to logic employed in change_console())
1123 : */
1124 0 : if (vc->vt_mode.mode == VT_PROCESS) {
1125 : /*
1126 : * Send the signal as privileged - kill_pid() will
1127 : * tell us if the process has gone or something else
1128 : * is awry
1129 : */
1130 0 : if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) {
1131 : /*
1132 : * The controlling process has died, so we revert back to
1133 : * normal operation. In this case, we'll also change back
1134 : * to KD_TEXT mode. I'm not sure if this is strictly correct
1135 : * but it saves the agony when the X server dies and the screen
1136 : * remains blanked due to KD_GRAPHICS! It would be nice to do
1137 : * this outside of VT_PROCESS but there is no single process
1138 : * to account for and tracking tty count may be undesirable.
1139 : */
1140 0 : reset_vc(vc);
1141 :
1142 0 : if (old_vc_mode != vc->vc_mode) {
1143 0 : if (vc->vc_mode == KD_TEXT)
1144 0 : do_unblank_screen(1);
1145 : else
1146 0 : do_blank_screen(1);
1147 : }
1148 : }
1149 : }
1150 :
1151 : /*
1152 : * Wake anyone waiting for their VT to activate
1153 : */
1154 0 : vt_event_post(VT_EVENT_SWITCH, old, vc->vc_num);
1155 0 : return;
1156 : }
1157 :
1158 : /*
1159 : * Performs the front-end of a vt switch
1160 : */
1161 0 : void change_console(struct vc_data *new_vc)
1162 : {
1163 0 : struct vc_data *vc;
1164 :
1165 0 : if (!new_vc || new_vc->vc_num == fg_console || vt_dont_switch)
1166 : return;
1167 :
1168 : /*
1169 : * If this vt is in process mode, then we need to handshake with
1170 : * that process before switching. Essentially, we store where that
1171 : * vt wants to switch to and wait for it to tell us when it's done
1172 : * (via VT_RELDISP ioctl).
1173 : *
1174 : * We also check to see if the controlling process still exists.
1175 : * If it doesn't, we reset this vt to auto mode and continue.
1176 : * This is a cheap way to track process control. The worst thing
1177 : * that can happen is: we send a signal to a process, it dies, and
1178 : * the switch gets "lost" waiting for a response; hopefully, the
1179 : * user will try again, we'll detect the process is gone (unless
1180 : * the user waits just the right amount of time :-) and revert the
1181 : * vt to auto control.
1182 : */
1183 0 : vc = vc_cons[fg_console].d;
1184 0 : if (vc->vt_mode.mode == VT_PROCESS) {
1185 : /*
1186 : * Send the signal as privileged - kill_pid() will
1187 : * tell us if the process has gone or something else
1188 : * is awry.
1189 : *
1190 : * We need to set vt_newvt *before* sending the signal or we
1191 : * have a race.
1192 : */
1193 0 : vc->vt_newvt = new_vc->vc_num;
1194 0 : if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) {
1195 : /*
1196 : * It worked. Mark the vt to switch to and
1197 : * return. The process needs to send us a
1198 : * VT_RELDISP ioctl to complete the switch.
1199 : */
1200 : return;
1201 : }
1202 :
1203 : /*
1204 : * The controlling process has died, so we revert back to
1205 : * normal operation. In this case, we'll also change back
1206 : * to KD_TEXT mode. I'm not sure if this is strictly correct
1207 : * but it saves the agony when the X server dies and the screen
1208 : * remains blanked due to KD_GRAPHICS! It would be nice to do
1209 : * this outside of VT_PROCESS but there is no single process
1210 : * to account for and tracking tty count may be undesirable.
1211 : */
1212 0 : reset_vc(vc);
1213 :
1214 : /*
1215 : * Fall through to normal (VT_AUTO) handling of the switch...
1216 : */
1217 : }
1218 :
1219 : /*
1220 : * Ignore all switches in KD_GRAPHICS+VT_AUTO mode
1221 : */
1222 0 : if (vc->vc_mode == KD_GRAPHICS)
1223 : return;
1224 :
1225 0 : complete_change_console(new_vc);
1226 : }
1227 :
1228 : /* Perform a kernel triggered VT switch for suspend/resume */
1229 :
1230 : static int disable_vt_switch;
1231 :
1232 0 : int vt_move_to_console(unsigned int vt, int alloc)
1233 : {
1234 0 : int prev;
1235 :
1236 0 : console_lock();
1237 : /* Graphics mode - up to X */
1238 0 : if (disable_vt_switch) {
1239 0 : console_unlock();
1240 0 : return 0;
1241 : }
1242 0 : prev = fg_console;
1243 :
1244 0 : if (alloc && vc_allocate(vt)) {
1245 : /* we can't have a free VC for now. Too bad,
1246 : * we don't want to mess the screen for now. */
1247 0 : console_unlock();
1248 0 : return -ENOSPC;
1249 : }
1250 :
1251 0 : if (set_console(vt)) {
1252 : /*
1253 : * We're unable to switch to the SUSPEND_CONSOLE.
1254 : * Let the calling function know so it can decide
1255 : * what to do.
1256 : */
1257 0 : console_unlock();
1258 0 : return -EIO;
1259 : }
1260 0 : console_unlock();
1261 0 : if (vt_waitactive(vt + 1)) {
1262 0 : pr_debug("Suspend: Can't switch VCs.");
1263 0 : return -EINTR;
1264 : }
1265 : return prev;
1266 : }
1267 :
1268 : /*
1269 : * Normally during a suspend, we allocate a new console and switch to it.
1270 : * When we resume, we switch back to the original console. This switch
1271 : * can be slow, so on systems where the framebuffer can handle restoration
1272 : * of video registers anyways, there's little point in doing the console
1273 : * switch. This function allows you to disable it by passing it '0'.
1274 : */
1275 0 : void pm_set_vt_switch(int do_switch)
1276 : {
1277 0 : console_lock();
1278 0 : disable_vt_switch = !do_switch;
1279 0 : console_unlock();
1280 0 : }
1281 : EXPORT_SYMBOL(pm_set_vt_switch);
|
