tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / drivers / char / vt_ioctl.c
at v2.6.27-rc2 1388 lines 32 kB view raw
1/* 2 * linux/drivers/char/vt_ioctl.c 3 * 4 * Copyright (C) 1992 obz under the linux copyright 5 * 6 * Dynamic diacritical handling - aeb@cwi.nl - Dec 1993 7 * Dynamic keymap and string allocation - aeb@cwi.nl - May 1994 8 * Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995 9 * Some code moved for less code duplication - Andi Kleen - Mar 1997 10 * Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001 11 */ 12 13#include <linux/types.h> 14#include <linux/errno.h> 15#include <linux/sched.h> 16#include <linux/tty.h> 17#include <linux/timer.h> 18#include <linux/kernel.h> 19#include <linux/kd.h> 20#include <linux/vt.h> 21#include <linux/string.h> 22#include <linux/slab.h> 23#include <linux/major.h> 24#include <linux/fs.h> 25#include <linux/console.h> 26#include <linux/consolemap.h> 27#include <linux/signal.h> 28#include <linux/timex.h> 29 30#include <asm/io.h> 31#include <asm/uaccess.h> 32 33#include <linux/kbd_kern.h> 34#include <linux/vt_kern.h> 35#include <linux/kbd_diacr.h> 36#include <linux/selection.h> 37 38char vt_dont_switch; 39extern struct tty_driver *console_driver; 40 41#define VT_IS_IN_USE(i) (console_driver->ttys[i] && console_driver->ttys[i]->count) 42#define VT_BUSY(i) (VT_IS_IN_USE(i) || i == fg_console || vc_cons[i].d == sel_cons) 43 44/* 45 * Console (vt and kd) routines, as defined by USL SVR4 manual, and by 46 * experimentation and study of X386 SYSV handling. 47 * 48 * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and 49 * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console, 50 * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will 51 * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to 52 * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using 53 * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing 54 * to the current console is done by the main ioctl code. 55 */ 56 57#ifdef CONFIG_X86 58#include <linux/syscalls.h> 59#endif 60 61static void complete_change_console(struct vc_data *vc); 62 63/* 64 * these are the valid i/o ports we're allowed to change. they map all the 65 * video ports 66 */ 67#define GPFIRST 0x3b4 68#define GPLAST 0x3df 69#define GPNUM (GPLAST - GPFIRST + 1) 70 71#define i (tmp.kb_index) 72#define s (tmp.kb_table) 73#define v (tmp.kb_value) 74static inline int 75do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, struct kbd_struct *kbd) 76{ 77 struct kbentry tmp; 78 ushort *key_map, val, ov; 79 80 if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry))) 81 return -EFAULT; 82 83 if (!capable(CAP_SYS_TTY_CONFIG)) 84 perm = 0; 85 86 switch (cmd) { 87 case KDGKBENT: 88 key_map = key_maps[s]; 89 if (key_map) { 90 val = U(key_map[i]); 91 if (kbd->kbdmode != VC_UNICODE && KTYP(val) >= NR_TYPES) 92 val = K_HOLE; 93 } else 94 val = (i ? K_HOLE : K_NOSUCHMAP); 95 return put_user(val, &user_kbe->kb_value); 96 case KDSKBENT: 97 if (!perm) 98 return -EPERM; 99 if (!i && v == K_NOSUCHMAP) { 100 /* deallocate map */ 101 key_map = key_maps[s]; 102 if (s && key_map) { 103 key_maps[s] = NULL; 104 if (key_map[0] == U(K_ALLOCATED)) { 105 kfree(key_map); 106 keymap_count--; 107 } 108 } 109 break; 110 } 111 112 if (KTYP(v) < NR_TYPES) { 113 if (KVAL(v) > max_vals[KTYP(v)]) 114 return -EINVAL; 115 } else 116 if (kbd->kbdmode != VC_UNICODE) 117 return -EINVAL; 118 119 /* ++Geert: non-PC keyboards may generate keycode zero */ 120#if !defined(__mc68000__) && !defined(__powerpc__) 121 /* assignment to entry 0 only tests validity of args */ 122 if (!i) 123 break; 124#endif 125 126 if (!(key_map = key_maps[s])) { 127 int j; 128 129 if (keymap_count >= MAX_NR_OF_USER_KEYMAPS && 130 !capable(CAP_SYS_RESOURCE)) 131 return -EPERM; 132 133 key_map = kmalloc(sizeof(plain_map), 134 GFP_KERNEL); 135 if (!key_map) 136 return -ENOMEM; 137 key_maps[s] = key_map; 138 key_map[0] = U(K_ALLOCATED); 139 for (j = 1; j < NR_KEYS; j++) 140 key_map[j] = U(K_HOLE); 141 keymap_count++; 142 } 143 ov = U(key_map[i]); 144 if (v == ov) 145 break; /* nothing to do */ 146 /* 147 * Attention Key. 148 */ 149 if (((ov == K_SAK) || (v == K_SAK)) && !capable(CAP_SYS_ADMIN)) 150 return -EPERM; 151 key_map[i] = U(v); 152 if (!s && (KTYP(ov) == KT_SHIFT || KTYP(v) == KT_SHIFT)) 153 compute_shiftstate(); 154 break; 155 } 156 return 0; 157} 158#undef i 159#undef s 160#undef v 161 162static inline int 163do_kbkeycode_ioctl(int cmd, struct kbkeycode __user *user_kbkc, int perm) 164{ 165 struct kbkeycode tmp; 166 int kc = 0; 167 168 if (copy_from_user(&tmp, user_kbkc, sizeof(struct kbkeycode))) 169 return -EFAULT; 170 switch (cmd) { 171 case KDGETKEYCODE: 172 kc = getkeycode(tmp.scancode); 173 if (kc >= 0) 174 kc = put_user(kc, &user_kbkc->keycode); 175 break; 176 case KDSETKEYCODE: 177 if (!perm) 178 return -EPERM; 179 kc = setkeycode(tmp.scancode, tmp.keycode); 180 break; 181 } 182 return kc; 183} 184 185static inline int 186do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) 187{ 188 struct kbsentry *kbs; 189 char *p; 190 u_char *q; 191 u_char __user *up; 192 int sz; 193 int delta; 194 char *first_free, *fj, *fnw; 195 int i, j, k; 196 int ret; 197 198 if (!capable(CAP_SYS_TTY_CONFIG)) 199 perm = 0; 200 201 kbs = kmalloc(sizeof(*kbs), GFP_KERNEL); 202 if (!kbs) { 203 ret = -ENOMEM; 204 goto reterr; 205 } 206 207 /* we mostly copy too much here (512bytes), but who cares ;) */ 208 if (copy_from_user(kbs, user_kdgkb, sizeof(struct kbsentry))) { 209 ret = -EFAULT; 210 goto reterr; 211 } 212 kbs->kb_string[sizeof(kbs->kb_string)-1] = '\0'; 213 i = kbs->kb_func; 214 215 switch (cmd) { 216 case KDGKBSENT: 217 sz = sizeof(kbs->kb_string) - 1; /* sz should have been 218 a struct member */ 219 up = user_kdgkb->kb_string; 220 p = func_table[i]; 221 if(p) 222 for ( ; *p && sz; p++, sz--) 223 if (put_user(*p, up++)) { 224 ret = -EFAULT; 225 goto reterr; 226 } 227 if (put_user('\0', up)) { 228 ret = -EFAULT; 229 goto reterr; 230 } 231 kfree(kbs); 232 return ((p && *p) ? -EOVERFLOW : 0); 233 case KDSKBSENT: 234 if (!perm) { 235 ret = -EPERM; 236 goto reterr; 237 } 238 239 q = func_table[i]; 240 first_free = funcbufptr + (funcbufsize - funcbufleft); 241 for (j = i+1; j < MAX_NR_FUNC && !func_table[j]; j++) 242 ; 243 if (j < MAX_NR_FUNC) 244 fj = func_table[j]; 245 else 246 fj = first_free; 247 248 delta = (q ? -strlen(q) : 1) + strlen(kbs->kb_string); 249 if (delta <= funcbufleft) { /* it fits in current buf */ 250 if (j < MAX_NR_FUNC) { 251 memmove(fj + delta, fj, first_free - fj); 252 for (k = j; k < MAX_NR_FUNC; k++) 253 if (func_table[k]) 254 func_table[k] += delta; 255 } 256 if (!q) 257 func_table[i] = fj; 258 funcbufleft -= delta; 259 } else { /* allocate a larger buffer */ 260 sz = 256; 261 while (sz < funcbufsize - funcbufleft + delta) 262 sz <<= 1; 263 fnw = kmalloc(sz, GFP_KERNEL); 264 if(!fnw) { 265 ret = -ENOMEM; 266 goto reterr; 267 } 268 269 if (!q) 270 func_table[i] = fj; 271 if (fj > funcbufptr) 272 memmove(fnw, funcbufptr, fj - funcbufptr); 273 for (k = 0; k < j; k++) 274 if (func_table[k]) 275 func_table[k] = fnw + (func_table[k] - funcbufptr); 276 277 if (first_free > fj) { 278 memmove(fnw + (fj - funcbufptr) + delta, fj, first_free - fj); 279 for (k = j; k < MAX_NR_FUNC; k++) 280 if (func_table[k]) 281 func_table[k] = fnw + (func_table[k] - funcbufptr) + delta; 282 } 283 if (funcbufptr != func_buf) 284 kfree(funcbufptr); 285 funcbufptr = fnw; 286 funcbufleft = funcbufleft - delta + sz - funcbufsize; 287 funcbufsize = sz; 288 } 289 strcpy(func_table[i], kbs->kb_string); 290 break; 291 } 292 ret = 0; 293reterr: 294 kfree(kbs); 295 return ret; 296} 297 298static inline int 299do_fontx_ioctl(int cmd, struct consolefontdesc __user *user_cfd, int perm, struct console_font_op *op) 300{ 301 struct consolefontdesc cfdarg; 302 int i; 303 304 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct consolefontdesc))) 305 return -EFAULT; 306 307 switch (cmd) { 308 case PIO_FONTX: 309 if (!perm) 310 return -EPERM; 311 op->op = KD_FONT_OP_SET; 312 op->flags = KD_FONT_FLAG_OLD; 313 op->width = 8; 314 op->height = cfdarg.charheight; 315 op->charcount = cfdarg.charcount; 316 op->data = cfdarg.chardata; 317 return con_font_op(vc_cons[fg_console].d, op); 318 case GIO_FONTX: { 319 op->op = KD_FONT_OP_GET; 320 op->flags = KD_FONT_FLAG_OLD; 321 op->width = 8; 322 op->height = cfdarg.charheight; 323 op->charcount = cfdarg.charcount; 324 op->data = cfdarg.chardata; 325 i = con_font_op(vc_cons[fg_console].d, op); 326 if (i) 327 return i; 328 cfdarg.charheight = op->height; 329 cfdarg.charcount = op->charcount; 330 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct consolefontdesc))) 331 return -EFAULT; 332 return 0; 333 } 334 } 335 return -EINVAL; 336} 337 338static inline int 339do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud, int perm, struct vc_data *vc) 340{ 341 struct unimapdesc tmp; 342 343 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 344 return -EFAULT; 345 if (tmp.entries) 346 if (!access_ok(VERIFY_WRITE, tmp.entries, 347 tmp.entry_ct*sizeof(struct unipair))) 348 return -EFAULT; 349 switch (cmd) { 350 case PIO_UNIMAP: 351 if (!perm) 352 return -EPERM; 353 return con_set_unimap(vc, tmp.entry_ct, tmp.entries); 354 case GIO_UNIMAP: 355 if (!perm && fg_console != vc->vc_num) 356 return -EPERM; 357 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp.entries); 358 } 359 return 0; 360} 361 362/* 363 * We handle the console-specific ioctl's here. We allow the 364 * capability to modify any console, not just the fg_console. 365 */ 366int vt_ioctl(struct tty_struct *tty, struct file * file, 367 unsigned int cmd, unsigned long arg) 368{ 369 struct vc_data *vc = (struct vc_data *)tty->driver_data; 370 struct console_font_op op; /* used in multiple places here */ 371 struct kbd_struct * kbd; 372 unsigned int console; 373 unsigned char ucval; 374 void __user *up = (void __user *)arg; 375 int i, perm; 376 int ret = 0; 377 378 console = vc->vc_num; 379 380 lock_kernel(); 381 382 if (!vc_cons_allocated(console)) { /* impossible? */ 383 ret = -ENOIOCTLCMD; 384 goto out; 385 } 386 387 388 /* 389 * To have permissions to do most of the vt ioctls, we either have 390 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 391 */ 392 perm = 0; 393 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 394 perm = 1; 395 396 kbd = kbd_table + console; 397 switch (cmd) { 398 case KIOCSOUND: 399 if (!perm) 400 goto eperm; 401 if (arg) 402 arg = CLOCK_TICK_RATE / arg; 403 kd_mksound(arg, 0); 404 break; 405 406 case KDMKTONE: 407 if (!perm) 408 goto eperm; 409 { 410 unsigned int ticks, count; 411 412 /* 413 * Generate the tone for the appropriate number of ticks. 414 * If the time is zero, turn off sound ourselves. 415 */ 416 ticks = HZ * ((arg >> 16) & 0xffff) / 1000; 417 count = ticks ? (arg & 0xffff) : 0; 418 if (count) 419 count = CLOCK_TICK_RATE / count; 420 kd_mksound(count, ticks); 421 break; 422 } 423 424 case KDGKBTYPE: 425 /* 426 * this is naive. 427 */ 428 ucval = KB_101; 429 goto setchar; 430 431 /* 432 * These cannot be implemented on any machine that implements 433 * ioperm() in user level (such as Alpha PCs) or not at all. 434 * 435 * XXX: you should never use these, just call ioperm directly.. 436 */ 437#ifdef CONFIG_X86 438 case KDADDIO: 439 case KDDELIO: 440 /* 441 * KDADDIO and KDDELIO may be able to add ports beyond what 442 * we reject here, but to be safe... 443 */ 444 if (arg < GPFIRST || arg > GPLAST) { 445 ret = -EINVAL; 446 break; 447 } 448 ret = sys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0; 449 break; 450 451 case KDENABIO: 452 case KDDISABIO: 453 ret = sys_ioperm(GPFIRST, GPNUM, 454 (cmd == KDENABIO)) ? -ENXIO : 0; 455 break; 456#endif 457 458 /* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */ 459 460 case KDKBDREP: 461 { 462 struct kbd_repeat kbrep; 463 464 if (!capable(CAP_SYS_TTY_CONFIG)) 465 goto eperm; 466 467 if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat))) { 468 ret = -EFAULT; 469 break; 470 } 471 ret = kbd_rate(&kbrep); 472 if (ret) 473 break; 474 if (copy_to_user(up, &kbrep, sizeof(struct kbd_repeat))) 475 ret = -EFAULT; 476 break; 477 } 478 479 case KDSETMODE: 480 /* 481 * currently, setting the mode from KD_TEXT to KD_GRAPHICS 482 * doesn't do a whole lot. i'm not sure if it should do any 483 * restoration of modes or what... 484 * 485 * XXX It should at least call into the driver, fbdev's definitely 486 * need to restore their engine state. --BenH 487 */ 488 if (!perm) 489 goto eperm; 490 switch (arg) { 491 case KD_GRAPHICS: 492 break; 493 case KD_TEXT0: 494 case KD_TEXT1: 495 arg = KD_TEXT; 496 case KD_TEXT: 497 break; 498 default: 499 ret = -EINVAL; 500 goto out; 501 } 502 if (vc->vc_mode == (unsigned char) arg) 503 break; 504 vc->vc_mode = (unsigned char) arg; 505 if (console != fg_console) 506 break; 507 /* 508 * explicitly blank/unblank the screen if switching modes 509 */ 510 acquire_console_sem(); 511 if (arg == KD_TEXT) 512 do_unblank_screen(1); 513 else 514 do_blank_screen(1); 515 release_console_sem(); 516 break; 517 518 case KDGETMODE: 519 ucval = vc->vc_mode; 520 goto setint; 521 522 case KDMAPDISP: 523 case KDUNMAPDISP: 524 /* 525 * these work like a combination of mmap and KDENABIO. 526 * this could be easily finished. 527 */ 528 ret = -EINVAL; 529 break; 530 531 case KDSKBMODE: 532 if (!perm) 533 goto eperm; 534 switch(arg) { 535 case K_RAW: 536 kbd->kbdmode = VC_RAW; 537 break; 538 case K_MEDIUMRAW: 539 kbd->kbdmode = VC_MEDIUMRAW; 540 break; 541 case K_XLATE: 542 kbd->kbdmode = VC_XLATE; 543 compute_shiftstate(); 544 break; 545 case K_UNICODE: 546 kbd->kbdmode = VC_UNICODE; 547 compute_shiftstate(); 548 break; 549 default: 550 ret = -EINVAL; 551 goto out; 552 } 553 tty_ldisc_flush(tty); 554 break; 555 556 case KDGKBMODE: 557 ucval = ((kbd->kbdmode == VC_RAW) ? K_RAW : 558 (kbd->kbdmode == VC_MEDIUMRAW) ? K_MEDIUMRAW : 559 (kbd->kbdmode == VC_UNICODE) ? K_UNICODE : 560 K_XLATE); 561 goto setint; 562 563 /* this could be folded into KDSKBMODE, but for compatibility 564 reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */ 565 case KDSKBMETA: 566 switch(arg) { 567 case K_METABIT: 568 clr_vc_kbd_mode(kbd, VC_META); 569 break; 570 case K_ESCPREFIX: 571 set_vc_kbd_mode(kbd, VC_META); 572 break; 573 default: 574 ret = -EINVAL; 575 } 576 break; 577 578 case KDGKBMETA: 579 ucval = (vc_kbd_mode(kbd, VC_META) ? K_ESCPREFIX : K_METABIT); 580 setint: 581 ret = put_user(ucval, (int __user *)arg); 582 break; 583 584 case KDGETKEYCODE: 585 case KDSETKEYCODE: 586 if(!capable(CAP_SYS_TTY_CONFIG)) 587 perm = 0; 588 ret = do_kbkeycode_ioctl(cmd, up, perm); 589 break; 590 591 case KDGKBENT: 592 case KDSKBENT: 593 ret = do_kdsk_ioctl(cmd, up, perm, kbd); 594 break; 595 596 case KDGKBSENT: 597 case KDSKBSENT: 598 ret = do_kdgkb_ioctl(cmd, up, perm); 599 break; 600 601 case KDGKBDIACR: 602 { 603 struct kbdiacrs __user *a = up; 604 struct kbdiacr diacr; 605 int i; 606 607 if (put_user(accent_table_size, &a->kb_cnt)) { 608 ret = -EFAULT; 609 break; 610 } 611 for (i = 0; i < accent_table_size; i++) { 612 diacr.diacr = conv_uni_to_8bit(accent_table[i].diacr); 613 diacr.base = conv_uni_to_8bit(accent_table[i].base); 614 diacr.result = conv_uni_to_8bit(accent_table[i].result); 615 if (copy_to_user(a->kbdiacr + i, &diacr, sizeof(struct kbdiacr))) { 616 ret = -EFAULT; 617 break; 618 } 619 } 620 break; 621 } 622 case KDGKBDIACRUC: 623 { 624 struct kbdiacrsuc __user *a = up; 625 626 if (put_user(accent_table_size, &a->kb_cnt)) 627 ret = -EFAULT; 628 else if (copy_to_user(a->kbdiacruc, accent_table, 629 accent_table_size*sizeof(struct kbdiacruc))) 630 ret = -EFAULT; 631 break; 632 } 633 634 case KDSKBDIACR: 635 { 636 struct kbdiacrs __user *a = up; 637 struct kbdiacr diacr; 638 unsigned int ct; 639 int i; 640 641 if (!perm) 642 goto eperm; 643 if (get_user(ct,&a->kb_cnt)) { 644 ret = -EFAULT; 645 break; 646 } 647 if (ct >= MAX_DIACR) { 648 ret = -EINVAL; 649 break; 650 } 651 accent_table_size = ct; 652 for (i = 0; i < ct; i++) { 653 if (copy_from_user(&diacr, a->kbdiacr + i, sizeof(struct kbdiacr))) { 654 ret = -EFAULT; 655 break; 656 } 657 accent_table[i].diacr = conv_8bit_to_uni(diacr.diacr); 658 accent_table[i].base = conv_8bit_to_uni(diacr.base); 659 accent_table[i].result = conv_8bit_to_uni(diacr.result); 660 } 661 break; 662 } 663 664 case KDSKBDIACRUC: 665 { 666 struct kbdiacrsuc __user *a = up; 667 unsigned int ct; 668 669 if (!perm) 670 goto eperm; 671 if (get_user(ct,&a->kb_cnt)) { 672 ret = -EFAULT; 673 break; 674 } 675 if (ct >= MAX_DIACR) { 676 ret = -EINVAL; 677 break; 678 } 679 accent_table_size = ct; 680 if (copy_from_user(accent_table, a->kbdiacruc, ct*sizeof(struct kbdiacruc))) 681 ret = -EFAULT; 682 break; 683 } 684 685 /* the ioctls below read/set the flags usually shown in the leds */ 686 /* don't use them - they will go away without warning */ 687 case KDGKBLED: 688 ucval = kbd->ledflagstate | (kbd->default_ledflagstate << 4); 689 goto setchar; 690 691 case KDSKBLED: 692 if (!perm) 693 goto eperm; 694 if (arg & ~0x77) { 695 ret = -EINVAL; 696 break; 697 } 698 kbd->ledflagstate = (arg & 7); 699 kbd->default_ledflagstate = ((arg >> 4) & 7); 700 set_leds(); 701 break; 702 703 /* the ioctls below only set the lights, not the functions */ 704 /* for those, see KDGKBLED and KDSKBLED above */ 705 case KDGETLED: 706 ucval = getledstate(); 707 setchar: 708 ret = put_user(ucval, (char __user *)arg); 709 break; 710 711 case KDSETLED: 712 if (!perm) 713 goto eperm; 714 setledstate(kbd, arg); 715 break; 716 717 /* 718 * A process can indicate its willingness to accept signals 719 * generated by pressing an appropriate key combination. 720 * Thus, one can have a daemon that e.g. spawns a new console 721 * upon a keypress and then changes to it. 722 * See also the kbrequest field of inittab(5). 723 */ 724 case KDSIGACCEPT: 725 { 726 if (!perm || !capable(CAP_KILL)) 727 goto eperm; 728 if (!valid_signal(arg) || arg < 1 || arg == SIGKILL) 729 ret = -EINVAL; 730 else { 731 spin_lock_irq(&vt_spawn_con.lock); 732 put_pid(vt_spawn_con.pid); 733 vt_spawn_con.pid = get_pid(task_pid(current)); 734 vt_spawn_con.sig = arg; 735 spin_unlock_irq(&vt_spawn_con.lock); 736 } 737 break; 738 } 739 740 case VT_SETMODE: 741 { 742 struct vt_mode tmp; 743 744 if (!perm) 745 goto eperm; 746 if (copy_from_user(&tmp, up, sizeof(struct vt_mode))) { 747 ret = -EFAULT; 748 goto out; 749 } 750 if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS) { 751 ret = -EINVAL; 752 goto out; 753 } 754 acquire_console_sem(); 755 vc->vt_mode = tmp; 756 /* the frsig is ignored, so we set it to 0 */ 757 vc->vt_mode.frsig = 0; 758 put_pid(vc->vt_pid); 759 vc->vt_pid = get_pid(task_pid(current)); 760 /* no switch is required -- saw@shade.msu.ru */ 761 vc->vt_newvt = -1; 762 release_console_sem(); 763 break; 764 } 765 766 case VT_GETMODE: 767 { 768 struct vt_mode tmp; 769 int rc; 770 771 acquire_console_sem(); 772 memcpy(&tmp, &vc->vt_mode, sizeof(struct vt_mode)); 773 release_console_sem(); 774 775 rc = copy_to_user(up, &tmp, sizeof(struct vt_mode)); 776 if (rc) 777 ret = -EFAULT; 778 break; 779 } 780 781 /* 782 * Returns global vt state. Note that VT 0 is always open, since 783 * it's an alias for the current VT, and people can't use it here. 784 * We cannot return state for more than 16 VTs, since v_state is short. 785 */ 786 case VT_GETSTATE: 787 { 788 struct vt_stat __user *vtstat = up; 789 unsigned short state, mask; 790 791 if (put_user(fg_console + 1, &vtstat->v_active)) 792 ret = -EFAULT; 793 else { 794 state = 1; /* /dev/tty0 is always open */ 795 for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask; 796 ++i, mask <<= 1) 797 if (VT_IS_IN_USE(i)) 798 state |= mask; 799 ret = put_user(state, &vtstat->v_state); 800 } 801 break; 802 } 803 804 /* 805 * Returns the first available (non-opened) console. 806 */ 807 case VT_OPENQRY: 808 for (i = 0; i < MAX_NR_CONSOLES; ++i) 809 if (! VT_IS_IN_USE(i)) 810 break; 811 ucval = i < MAX_NR_CONSOLES ? (i+1) : -1; 812 goto setint; 813 814 /* 815 * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num, 816 * with num >= 1 (switches to vt 0, our console, are not allowed, just 817 * to preserve sanity). 818 */ 819 case VT_ACTIVATE: 820 if (!perm) 821 goto eperm; 822 if (arg == 0 || arg > MAX_NR_CONSOLES) 823 ret = -ENXIO; 824 else { 825 arg--; 826 acquire_console_sem(); 827 ret = vc_allocate(arg); 828 release_console_sem(); 829 if (ret) 830 break; 831 set_console(arg); 832 } 833 break; 834 835 /* 836 * wait until the specified VT has been activated 837 */ 838 case VT_WAITACTIVE: 839 if (!perm) 840 goto eperm; 841 if (arg == 0 || arg > MAX_NR_CONSOLES) 842 ret = -ENXIO; 843 else 844 ret = vt_waitactive(arg - 1); 845 break; 846 847 /* 848 * If a vt is under process control, the kernel will not switch to it 849 * immediately, but postpone the operation until the process calls this 850 * ioctl, allowing the switch to complete. 851 * 852 * According to the X sources this is the behavior: 853 * 0: pending switch-from not OK 854 * 1: pending switch-from OK 855 * 2: completed switch-to OK 856 */ 857 case VT_RELDISP: 858 if (!perm) 859 goto eperm; 860 861 if (vc->vt_mode.mode != VT_PROCESS) { 862 ret = -EINVAL; 863 break; 864 } 865 /* 866 * Switching-from response 867 */ 868 acquire_console_sem(); 869 if (vc->vt_newvt >= 0) { 870 if (arg == 0) 871 /* 872 * Switch disallowed, so forget we were trying 873 * to do it. 874 */ 875 vc->vt_newvt = -1; 876 877 else { 878 /* 879 * The current vt has been released, so 880 * complete the switch. 881 */ 882 int newvt; 883 newvt = vc->vt_newvt; 884 vc->vt_newvt = -1; 885 ret = vc_allocate(newvt); 886 if (ret) { 887 release_console_sem(); 888 break; 889 } 890 /* 891 * When we actually do the console switch, 892 * make sure we are atomic with respect to 893 * other console switches.. 894 */ 895 complete_change_console(vc_cons[newvt].d); 896 } 897 } else { 898 /* 899 * Switched-to response 900 */ 901 /* 902 * If it's just an ACK, ignore it 903 */ 904 if (arg != VT_ACKACQ) 905 ret = -EINVAL; 906 } 907 release_console_sem(); 908 break; 909 910 /* 911 * Disallocate memory associated to VT (but leave VT1) 912 */ 913 case VT_DISALLOCATE: 914 if (arg > MAX_NR_CONSOLES) { 915 ret = -ENXIO; 916 break; 917 } 918 if (arg == 0) { 919 /* deallocate all unused consoles, but leave 0 */ 920 acquire_console_sem(); 921 for (i=1; i<MAX_NR_CONSOLES; i++) 922 if (! VT_BUSY(i)) 923 vc_deallocate(i); 924 release_console_sem(); 925 } else { 926 /* deallocate a single console, if possible */ 927 arg--; 928 if (VT_BUSY(arg)) 929 ret = -EBUSY; 930 else if (arg) { /* leave 0 */ 931 acquire_console_sem(); 932 vc_deallocate(arg); 933 release_console_sem(); 934 } 935 } 936 break; 937 938 case VT_RESIZE: 939 { 940 struct vt_sizes __user *vtsizes = up; 941 struct vc_data *vc; 942 943 ushort ll,cc; 944 if (!perm) 945 goto eperm; 946 if (get_user(ll, &vtsizes->v_rows) || 947 get_user(cc, &vtsizes->v_cols)) 948 ret = -EFAULT; 949 else { 950 for (i = 0; i < MAX_NR_CONSOLES; i++) { 951 vc = vc_cons[i].d; 952 953 if (vc) { 954 vc->vc_resize_user = 1; 955 vc_lock_resize(vc_cons[i].d, cc, ll); 956 } 957 } 958 } 959 break; 960 } 961 962 case VT_RESIZEX: 963 { 964 struct vt_consize __user *vtconsize = up; 965 ushort ll,cc,vlin,clin,vcol,ccol; 966 if (!perm) 967 goto eperm; 968 if (!access_ok(VERIFY_READ, vtconsize, 969 sizeof(struct vt_consize))) { 970 ret = -EFAULT; 971 break; 972 } 973 /* FIXME: Should check the copies properly */ 974 __get_user(ll, &vtconsize->v_rows); 975 __get_user(cc, &vtconsize->v_cols); 976 __get_user(vlin, &vtconsize->v_vlin); 977 __get_user(clin, &vtconsize->v_clin); 978 __get_user(vcol, &vtconsize->v_vcol); 979 __get_user(ccol, &vtconsize->v_ccol); 980 vlin = vlin ? vlin : vc->vc_scan_lines; 981 if (clin) { 982 if (ll) { 983 if (ll != vlin/clin) { 984 /* Parameters don't add up */ 985 ret = -EINVAL; 986 break; 987 } 988 } else 989 ll = vlin/clin; 990 } 991 if (vcol && ccol) { 992 if (cc) { 993 if (cc != vcol/ccol) { 994 ret = -EINVAL; 995 break; 996 } 997 } else 998 cc = vcol/ccol; 999 } 1000 1001 if (clin > 32) { 1002 ret = -EINVAL; 1003 break; 1004 } 1005 1006 for (i = 0; i < MAX_NR_CONSOLES; i++) { 1007 if (!vc_cons[i].d) 1008 continue; 1009 acquire_console_sem(); 1010 if (vlin) 1011 vc_cons[i].d->vc_scan_lines = vlin; 1012 if (clin) 1013 vc_cons[i].d->vc_font.height = clin; 1014 vc_cons[i].d->vc_resize_user = 1; 1015 vc_resize(vc_cons[i].d, cc, ll); 1016 release_console_sem(); 1017 } 1018 break; 1019 } 1020 1021 case PIO_FONT: { 1022 if (!perm) 1023 goto eperm; 1024 op.op = KD_FONT_OP_SET; 1025 op.flags = KD_FONT_FLAG_OLD | KD_FONT_FLAG_DONT_RECALC; /* Compatibility */ 1026 op.width = 8; 1027 op.height = 0; 1028 op.charcount = 256; 1029 op.data = up; 1030 ret = con_font_op(vc_cons[fg_console].d, &op); 1031 break; 1032 } 1033 1034 case GIO_FONT: { 1035 op.op = KD_FONT_OP_GET; 1036 op.flags = KD_FONT_FLAG_OLD; 1037 op.width = 8; 1038 op.height = 32; 1039 op.charcount = 256; 1040 op.data = up; 1041 ret = con_font_op(vc_cons[fg_console].d, &op); 1042 break; 1043 } 1044 1045 case PIO_CMAP: 1046 if (!perm) 1047 ret = -EPERM; 1048 else 1049 ret = con_set_cmap(up); 1050 break; 1051 1052 case GIO_CMAP: 1053 ret = con_get_cmap(up); 1054 break; 1055 1056 case PIO_FONTX: 1057 case GIO_FONTX: 1058 ret = do_fontx_ioctl(cmd, up, perm, &op); 1059 break; 1060 1061 case PIO_FONTRESET: 1062 { 1063 if (!perm) 1064 goto eperm; 1065 1066#ifdef BROKEN_GRAPHICS_PROGRAMS 1067 /* With BROKEN_GRAPHICS_PROGRAMS defined, the default 1068 font is not saved. */ 1069 ret = -ENOSYS; 1070 break; 1071#else 1072 { 1073 op.op = KD_FONT_OP_SET_DEFAULT; 1074 op.data = NULL; 1075 ret = con_font_op(vc_cons[fg_console].d, &op); 1076 if (ret) 1077 break; 1078 con_set_default_unimap(vc_cons[fg_console].d); 1079 break; 1080 } 1081#endif 1082 } 1083 1084 case KDFONTOP: { 1085 if (copy_from_user(&op, up, sizeof(op))) { 1086 ret = -EFAULT; 1087 break; 1088 } 1089 if (!perm && op.op != KD_FONT_OP_GET) 1090 goto eperm; 1091 ret = con_font_op(vc, &op); 1092 if (ret) 1093 break; 1094 if (copy_to_user(up, &op, sizeof(op))) 1095 ret = -EFAULT; 1096 break; 1097 } 1098 1099 case PIO_SCRNMAP: 1100 if (!perm) 1101 ret = -EPERM; 1102 else 1103 ret = con_set_trans_old(up); 1104 break; 1105 1106 case GIO_SCRNMAP: 1107 ret = con_get_trans_old(up); 1108 break; 1109 1110 case PIO_UNISCRNMAP: 1111 if (!perm) 1112 ret = -EPERM; 1113 else 1114 ret = con_set_trans_new(up); 1115 break; 1116 1117 case GIO_UNISCRNMAP: 1118 ret = con_get_trans_new(up); 1119 break; 1120 1121 case PIO_UNIMAPCLR: 1122 { struct unimapinit ui; 1123 if (!perm) 1124 goto eperm; 1125 ret = copy_from_user(&ui, up, sizeof(struct unimapinit)); 1126 if (!ret) 1127 con_clear_unimap(vc, &ui); 1128 break; 1129 } 1130 1131 case PIO_UNIMAP: 1132 case GIO_UNIMAP: 1133 ret = do_unimap_ioctl(cmd, up, perm, vc); 1134 break; 1135 1136 case VT_LOCKSWITCH: 1137 if (!capable(CAP_SYS_TTY_CONFIG)) 1138 goto eperm; 1139 vt_dont_switch = 1; 1140 break; 1141 case VT_UNLOCKSWITCH: 1142 if (!capable(CAP_SYS_TTY_CONFIG)) 1143 goto eperm; 1144 vt_dont_switch = 0; 1145 break; 1146 case VT_GETHIFONTMASK: 1147 ret = put_user(vc->vc_hi_font_mask, 1148 (unsigned short __user *)arg); 1149 break; 1150 default: 1151 ret = -ENOIOCTLCMD; 1152 } 1153out: 1154 unlock_kernel(); 1155 return ret; 1156eperm: 1157 ret = -EPERM; 1158 goto out; 1159} 1160 1161/* 1162 * Sometimes we want to wait until a particular VT has been activated. We 1163 * do it in a very simple manner. Everybody waits on a single queue and 1164 * get woken up at once. Those that are satisfied go on with their business, 1165 * while those not ready go back to sleep. Seems overkill to add a wait 1166 * to each vt just for this - usually this does nothing! 1167 */ 1168static DECLARE_WAIT_QUEUE_HEAD(vt_activate_queue); 1169 1170/* 1171 * Sleeps until a vt is activated, or the task is interrupted. Returns 1172 * 0 if activation, -EINTR if interrupted by a signal handler. 1173 */ 1174int vt_waitactive(int vt) 1175{ 1176 int retval; 1177 DECLARE_WAITQUEUE(wait, current); 1178 1179 add_wait_queue(&vt_activate_queue, &wait); 1180 for (;;) { 1181 retval = 0; 1182 1183 /* 1184 * Synchronize with redraw_screen(). By acquiring the console 1185 * semaphore we make sure that the console switch is completed 1186 * before we return. If we didn't wait for the semaphore, we 1187 * could return at a point where fg_console has already been 1188 * updated, but the console switch hasn't been completed. 1189 */ 1190 acquire_console_sem(); 1191 set_current_state(TASK_INTERRUPTIBLE); 1192 if (vt == fg_console) { 1193 release_console_sem(); 1194 break; 1195 } 1196 release_console_sem(); 1197 retval = -ERESTARTNOHAND; 1198 if (signal_pending(current)) 1199 break; 1200 schedule(); 1201 } 1202 remove_wait_queue(&vt_activate_queue, &wait); 1203 __set_current_state(TASK_RUNNING); 1204 return retval; 1205} 1206 1207#define vt_wake_waitactive() wake_up(&vt_activate_queue) 1208 1209void reset_vc(struct vc_data *vc) 1210{ 1211 vc->vc_mode = KD_TEXT; 1212 kbd_table[vc->vc_num].kbdmode = default_utf8 ? VC_UNICODE : VC_XLATE; 1213 vc->vt_mode.mode = VT_AUTO; 1214 vc->vt_mode.waitv = 0; 1215 vc->vt_mode.relsig = 0; 1216 vc->vt_mode.acqsig = 0; 1217 vc->vt_mode.frsig = 0; 1218 put_pid(vc->vt_pid); 1219 vc->vt_pid = NULL; 1220 vc->vt_newvt = -1; 1221 if (!in_interrupt()) /* Via keyboard.c:SAK() - akpm */ 1222 reset_palette(vc); 1223} 1224 1225void vc_SAK(struct work_struct *work) 1226{ 1227 struct vc *vc_con = 1228 container_of(work, struct vc, SAK_work); 1229 struct vc_data *vc; 1230 struct tty_struct *tty; 1231 1232 acquire_console_sem(); 1233 vc = vc_con->d; 1234 if (vc) { 1235 tty = vc->vc_tty; 1236 /* 1237 * SAK should also work in all raw modes and reset 1238 * them properly. 1239 */ 1240 if (tty) 1241 __do_SAK(tty); 1242 reset_vc(vc); 1243 } 1244 release_console_sem(); 1245} 1246 1247/* 1248 * Performs the back end of a vt switch 1249 */ 1250static void complete_change_console(struct vc_data *vc) 1251{ 1252 unsigned char old_vc_mode; 1253 1254 last_console = fg_console; 1255 1256 /* 1257 * If we're switching, we could be going from KD_GRAPHICS to 1258 * KD_TEXT mode or vice versa, which means we need to blank or 1259 * unblank the screen later. 1260 */ 1261 old_vc_mode = vc_cons[fg_console].d->vc_mode; 1262 switch_screen(vc); 1263 1264 /* 1265 * This can't appear below a successful kill_pid(). If it did, 1266 * then the *blank_screen operation could occur while X, having 1267 * received acqsig, is waking up on another processor. This 1268 * condition can lead to overlapping accesses to the VGA range 1269 * and the framebuffer (causing system lockups). 1270 * 1271 * To account for this we duplicate this code below only if the 1272 * controlling process is gone and we've called reset_vc. 1273 */ 1274 if (old_vc_mode != vc->vc_mode) { 1275 if (vc->vc_mode == KD_TEXT) 1276 do_unblank_screen(1); 1277 else 1278 do_blank_screen(1); 1279 } 1280 1281 /* 1282 * If this new console is under process control, send it a signal 1283 * telling it that it has acquired. Also check if it has died and 1284 * clean up (similar to logic employed in change_console()) 1285 */ 1286 if (vc->vt_mode.mode == VT_PROCESS) { 1287 /* 1288 * Send the signal as privileged - kill_pid() will 1289 * tell us if the process has gone or something else 1290 * is awry 1291 */ 1292 if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) { 1293 /* 1294 * The controlling process has died, so we revert back to 1295 * normal operation. In this case, we'll also change back 1296 * to KD_TEXT mode. I'm not sure if this is strictly correct 1297 * but it saves the agony when the X server dies and the screen 1298 * remains blanked due to KD_GRAPHICS! It would be nice to do 1299 * this outside of VT_PROCESS but there is no single process 1300 * to account for and tracking tty count may be undesirable. 1301 */ 1302 reset_vc(vc); 1303 1304 if (old_vc_mode != vc->vc_mode) { 1305 if (vc->vc_mode == KD_TEXT) 1306 do_unblank_screen(1); 1307 else 1308 do_blank_screen(1); 1309 } 1310 } 1311 } 1312 1313 /* 1314 * Wake anyone waiting for their VT to activate 1315 */ 1316 vt_wake_waitactive(); 1317 return; 1318} 1319 1320/* 1321 * Performs the front-end of a vt switch 1322 */ 1323void change_console(struct vc_data *new_vc) 1324{ 1325 struct vc_data *vc; 1326 1327 if (!new_vc || new_vc->vc_num == fg_console || vt_dont_switch) 1328 return; 1329 1330 /* 1331 * If this vt is in process mode, then we need to handshake with 1332 * that process before switching. Essentially, we store where that 1333 * vt wants to switch to and wait for it to tell us when it's done 1334 * (via VT_RELDISP ioctl). 1335 * 1336 * We also check to see if the controlling process still exists. 1337 * If it doesn't, we reset this vt to auto mode and continue. 1338 * This is a cheap way to track process control. The worst thing 1339 * that can happen is: we send a signal to a process, it dies, and 1340 * the switch gets "lost" waiting for a response; hopefully, the 1341 * user will try again, we'll detect the process is gone (unless 1342 * the user waits just the right amount of time :-) and revert the 1343 * vt to auto control. 1344 */ 1345 vc = vc_cons[fg_console].d; 1346 if (vc->vt_mode.mode == VT_PROCESS) { 1347 /* 1348 * Send the signal as privileged - kill_pid() will 1349 * tell us if the process has gone or something else 1350 * is awry. 1351 * 1352 * We need to set vt_newvt *before* sending the signal or we 1353 * have a race. 1354 */ 1355 vc->vt_newvt = new_vc->vc_num; 1356 if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) { 1357 /* 1358 * It worked. Mark the vt to switch to and 1359 * return. The process needs to send us a 1360 * VT_RELDISP ioctl to complete the switch. 1361 */ 1362 return; 1363 } 1364 1365 /* 1366 * The controlling process has died, so we revert back to 1367 * normal operation. In this case, we'll also change back 1368 * to KD_TEXT mode. I'm not sure if this is strictly correct 1369 * but it saves the agony when the X server dies and the screen 1370 * remains blanked due to KD_GRAPHICS! It would be nice to do 1371 * this outside of VT_PROCESS but there is no single process 1372 * to account for and tracking tty count may be undesirable. 1373 */ 1374 reset_vc(vc); 1375 1376 /* 1377 * Fall through to normal (VT_AUTO) handling of the switch... 1378 */ 1379 } 1380 1381 /* 1382 * Ignore all switches in KD_GRAPHICS+VT_AUTO mode 1383 */ 1384 if (vc->vc_mode == KD_GRAPHICS) 1385 return; 1386 1387 complete_change_console(new_vc); 1388}