drivers/char/vt_ioctl.c at v2.6.28-rc8

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / drivers / char / vt_ioctl.c
at v2.6.28-rc8 1392 lines 32 kB view raw
wrap content
   1/*
   2 *  linux/drivers/char/vt_ioctl.c
   3 *
   4 *  Copyright (C) 1992 obz under the linux copyright
   5 *
   6 *  Dynamic diacritical handling - aeb@cwi.nl - Dec 1993
   7 *  Dynamic keymap and string allocation - aeb@cwi.nl - May 1994
   8 *  Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995
   9 *  Some code moved for less code duplication - Andi Kleen - Mar 1997
  10 *  Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001
  11 */
  12
  13#include <linux/types.h>
  14#include <linux/errno.h>
  15#include <linux/sched.h>
  16#include <linux/tty.h>
  17#include <linux/timer.h>
  18#include <linux/kernel.h>
  19#include <linux/kd.h>
  20#include <linux/vt.h>
  21#include <linux/string.h>
  22#include <linux/slab.h>
  23#include <linux/major.h>
  24#include <linux/fs.h>
  25#include <linux/console.h>
  26#include <linux/consolemap.h>
  27#include <linux/signal.h>
  28#include <linux/timex.h>
  29
  30#include <asm/io.h>
  31#include <asm/uaccess.h>
  32
  33#include <linux/kbd_kern.h>
  34#include <linux/vt_kern.h>
  35#include <linux/kbd_diacr.h>
  36#include <linux/selection.h>
  37
  38char vt_dont_switch;
  39extern struct tty_driver *console_driver;
  40
  41#define VT_IS_IN_USE(i)	(console_driver->ttys[i] && console_driver->ttys[i]->count)
  42#define VT_BUSY(i)	(VT_IS_IN_USE(i) || i == fg_console || vc_cons[i].d == sel_cons)
  43
  44/*
  45 * Console (vt and kd) routines, as defined by USL SVR4 manual, and by
  46 * experimentation and study of X386 SYSV handling.
  47 *
  48 * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and
  49 * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console,
  50 * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will
  51 * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to
  52 * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using
  53 * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing
  54 * to the current console is done by the main ioctl code.
  55 */
  56
  57#ifdef CONFIG_X86
  58#include <linux/syscalls.h>
  59#endif
  60
  61static void complete_change_console(struct vc_data *vc);
  62
  63/*
  64 * these are the valid i/o ports we're allowed to change. they map all the
  65 * video ports
  66 */
  67#define GPFIRST 0x3b4
  68#define GPLAST 0x3df
  69#define GPNUM (GPLAST - GPFIRST + 1)
  70
  71#define i (tmp.kb_index)
  72#define s (tmp.kb_table)
  73#define v (tmp.kb_value)
  74static inline int
  75do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, struct kbd_struct *kbd)
  76{
  77	struct kbentry tmp;
  78	ushort *key_map, val, ov;
  79
  80	if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry)))
  81		return -EFAULT;
  82
  83	if (!capable(CAP_SYS_TTY_CONFIG))
  84		perm = 0;
  85
  86	switch (cmd) {
  87	case KDGKBENT:
  88		key_map = key_maps[s];
  89		if (key_map) {
  90		    val = U(key_map[i]);
  91		    if (kbd->kbdmode != VC_UNICODE && KTYP(val) >= NR_TYPES)
  92			val = K_HOLE;
  93		} else
  94		    val = (i ? K_HOLE : K_NOSUCHMAP);
  95		return put_user(val, &user_kbe->kb_value);
  96	case KDSKBENT:
  97		if (!perm)
  98			return -EPERM;
  99		if (!i && v == K_NOSUCHMAP) {
 100			/* deallocate map */
 101			key_map = key_maps[s];
 102			if (s && key_map) {
 103			    key_maps[s] = NULL;
 104			    if (key_map[0] == U(K_ALLOCATED)) {
 105					kfree(key_map);
 106					keymap_count--;
 107			    }
 108			}
 109			break;
 110		}
 111
 112		if (KTYP(v) < NR_TYPES) {
 113		    if (KVAL(v) > max_vals[KTYP(v)])
 114				return -EINVAL;
 115		} else
 116		    if (kbd->kbdmode != VC_UNICODE)
 117				return -EINVAL;
 118
 119		/* ++Geert: non-PC keyboards may generate keycode zero */
 120#if !defined(__mc68000__) && !defined(__powerpc__)
 121		/* assignment to entry 0 only tests validity of args */
 122		if (!i)
 123			break;
 124#endif
 125
 126		if (!(key_map = key_maps[s])) {
 127			int j;
 128
 129			if (keymap_count >= MAX_NR_OF_USER_KEYMAPS &&
 130			    !capable(CAP_SYS_RESOURCE))
 131				return -EPERM;
 132
 133			key_map = kmalloc(sizeof(plain_map),
 134						     GFP_KERNEL);
 135			if (!key_map)
 136				return -ENOMEM;
 137			key_maps[s] = key_map;
 138			key_map[0] = U(K_ALLOCATED);
 139			for (j = 1; j < NR_KEYS; j++)
 140				key_map[j] = U(K_HOLE);
 141			keymap_count++;
 142		}
 143		ov = U(key_map[i]);
 144		if (v == ov)
 145			break;	/* nothing to do */
 146		/*
 147		 * Attention Key.
 148		 */
 149		if (((ov == K_SAK) || (v == K_SAK)) && !capable(CAP_SYS_ADMIN))
 150			return -EPERM;
 151		key_map[i] = U(v);
 152		if (!s && (KTYP(ov) == KT_SHIFT || KTYP(v) == KT_SHIFT))
 153			compute_shiftstate();
 154		break;
 155	}
 156	return 0;
 157}
 158#undef i
 159#undef s
 160#undef v
 161
 162static inline int 
 163do_kbkeycode_ioctl(int cmd, struct kbkeycode __user *user_kbkc, int perm)
 164{
 165	struct kbkeycode tmp;
 166	int kc = 0;
 167
 168	if (copy_from_user(&tmp, user_kbkc, sizeof(struct kbkeycode)))
 169		return -EFAULT;
 170	switch (cmd) {
 171	case KDGETKEYCODE:
 172		kc = getkeycode(tmp.scancode);
 173		if (kc >= 0)
 174			kc = put_user(kc, &user_kbkc->keycode);
 175		break;
 176	case KDSETKEYCODE:
 177		if (!perm)
 178			return -EPERM;
 179		kc = setkeycode(tmp.scancode, tmp.keycode);
 180		break;
 181	}
 182	return kc;
 183}
 184
 185static inline int
 186do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm)
 187{
 188	struct kbsentry *kbs;
 189	char *p;
 190	u_char *q;
 191	u_char __user *up;
 192	int sz;
 193	int delta;
 194	char *first_free, *fj, *fnw;
 195	int i, j, k;
 196	int ret;
 197
 198	if (!capable(CAP_SYS_TTY_CONFIG))
 199		perm = 0;
 200
 201	kbs = kmalloc(sizeof(*kbs), GFP_KERNEL);
 202	if (!kbs) {
 203		ret = -ENOMEM;
 204		goto reterr;
 205	}
 206
 207	/* we mostly copy too much here (512bytes), but who cares ;) */
 208	if (copy_from_user(kbs, user_kdgkb, sizeof(struct kbsentry))) {
 209		ret = -EFAULT;
 210		goto reterr;
 211	}
 212	kbs->kb_string[sizeof(kbs->kb_string)-1] = '\0';
 213	i = kbs->kb_func;
 214
 215	switch (cmd) {
 216	case KDGKBSENT:
 217		sz = sizeof(kbs->kb_string) - 1; /* sz should have been
 218						  a struct member */
 219		up = user_kdgkb->kb_string;
 220		p = func_table[i];
 221		if(p)
 222			for ( ; *p && sz; p++, sz--)
 223				if (put_user(*p, up++)) {
 224					ret = -EFAULT;
 225					goto reterr;
 226				}
 227		if (put_user('\0', up)) {
 228			ret = -EFAULT;
 229			goto reterr;
 230		}
 231		kfree(kbs);
 232		return ((p && *p) ? -EOVERFLOW : 0);
 233	case KDSKBSENT:
 234		if (!perm) {
 235			ret = -EPERM;
 236			goto reterr;
 237		}
 238
 239		q = func_table[i];
 240		first_free = funcbufptr + (funcbufsize - funcbufleft);
 241		for (j = i+1; j < MAX_NR_FUNC && !func_table[j]; j++) 
 242			;
 243		if (j < MAX_NR_FUNC)
 244			fj = func_table[j];
 245		else
 246			fj = first_free;
 247
 248		delta = (q ? -strlen(q) : 1) + strlen(kbs->kb_string);
 249		if (delta <= funcbufleft) { 	/* it fits in current buf */
 250		    if (j < MAX_NR_FUNC) {
 251			memmove(fj + delta, fj, first_free - fj);
 252			for (k = j; k < MAX_NR_FUNC; k++)
 253			    if (func_table[k])
 254				func_table[k] += delta;
 255		    }
 256		    if (!q)
 257		      func_table[i] = fj;
 258		    funcbufleft -= delta;
 259		} else {			/* allocate a larger buffer */
 260		    sz = 256;
 261		    while (sz < funcbufsize - funcbufleft + delta)
 262		      sz <<= 1;
 263		    fnw = kmalloc(sz, GFP_KERNEL);
 264		    if(!fnw) {
 265		      ret = -ENOMEM;
 266		      goto reterr;
 267		    }
 268
 269		    if (!q)
 270		      func_table[i] = fj;
 271		    if (fj > funcbufptr)
 272			memmove(fnw, funcbufptr, fj - funcbufptr);
 273		    for (k = 0; k < j; k++)
 274		      if (func_table[k])
 275			func_table[k] = fnw + (func_table[k] - funcbufptr);
 276
 277		    if (first_free > fj) {
 278			memmove(fnw + (fj - funcbufptr) + delta, fj, first_free - fj);
 279			for (k = j; k < MAX_NR_FUNC; k++)
 280			  if (func_table[k])
 281			    func_table[k] = fnw + (func_table[k] - funcbufptr) + delta;
 282		    }
 283		    if (funcbufptr != func_buf)
 284		      kfree(funcbufptr);
 285		    funcbufptr = fnw;
 286		    funcbufleft = funcbufleft - delta + sz - funcbufsize;
 287		    funcbufsize = sz;
 288		}
 289		strcpy(func_table[i], kbs->kb_string);
 290		break;
 291	}
 292	ret = 0;
 293reterr:
 294	kfree(kbs);
 295	return ret;
 296}
 297
 298static inline int 
 299do_fontx_ioctl(int cmd, struct consolefontdesc __user *user_cfd, int perm, struct console_font_op *op)
 300{
 301	struct consolefontdesc cfdarg;
 302	int i;
 303
 304	if (copy_from_user(&cfdarg, user_cfd, sizeof(struct consolefontdesc))) 
 305		return -EFAULT;
 306 	
 307	switch (cmd) {
 308	case PIO_FONTX:
 309		if (!perm)
 310			return -EPERM;
 311		op->op = KD_FONT_OP_SET;
 312		op->flags = KD_FONT_FLAG_OLD;
 313		op->width = 8;
 314		op->height = cfdarg.charheight;
 315		op->charcount = cfdarg.charcount;
 316		op->data = cfdarg.chardata;
 317		return con_font_op(vc_cons[fg_console].d, op);
 318	case GIO_FONTX: {
 319		op->op = KD_FONT_OP_GET;
 320		op->flags = KD_FONT_FLAG_OLD;
 321		op->width = 8;
 322		op->height = cfdarg.charheight;
 323		op->charcount = cfdarg.charcount;
 324		op->data = cfdarg.chardata;
 325		i = con_font_op(vc_cons[fg_console].d, op);
 326		if (i)
 327			return i;
 328		cfdarg.charheight = op->height;
 329		cfdarg.charcount = op->charcount;
 330		if (copy_to_user(user_cfd, &cfdarg, sizeof(struct consolefontdesc)))
 331			return -EFAULT;
 332		return 0;
 333		}
 334	}
 335	return -EINVAL;
 336}
 337
 338static inline int 
 339do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud, int perm, struct vc_data *vc)
 340{
 341	struct unimapdesc tmp;
 342
 343	if (copy_from_user(&tmp, user_ud, sizeof tmp))
 344		return -EFAULT;
 345	if (tmp.entries)
 346		if (!access_ok(VERIFY_WRITE, tmp.entries,
 347				tmp.entry_ct*sizeof(struct unipair)))
 348			return -EFAULT;
 349	switch (cmd) {
 350	case PIO_UNIMAP:
 351		if (!perm)
 352			return -EPERM;
 353		return con_set_unimap(vc, tmp.entry_ct, tmp.entries);
 354	case GIO_UNIMAP:
 355		if (!perm && fg_console != vc->vc_num)
 356			return -EPERM;
 357		return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp.entries);
 358	}
 359	return 0;
 360}
 361
 362/*
 363 * We handle the console-specific ioctl's here.  We allow the
 364 * capability to modify any console, not just the fg_console. 
 365 */
 366int vt_ioctl(struct tty_struct *tty, struct file * file,
 367	     unsigned int cmd, unsigned long arg)
 368{
 369	struct vc_data *vc = (struct vc_data *)tty->driver_data;
 370	struct console_font_op op;	/* used in multiple places here */
 371	struct kbd_struct * kbd;
 372	unsigned int console;
 373	unsigned char ucval;
 374	void __user *up = (void __user *)arg;
 375	int i, perm;
 376	int ret = 0;
 377
 378	console = vc->vc_num;
 379
 380	lock_kernel();
 381
 382	if (!vc_cons_allocated(console)) { 	/* impossible? */
 383		ret = -ENOIOCTLCMD;
 384		goto out;
 385	}
 386
 387
 388	/*
 389	 * To have permissions to do most of the vt ioctls, we either have
 390	 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
 391	 */
 392	perm = 0;
 393	if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG))
 394		perm = 1;
 395 
 396	kbd = kbd_table + console;
 397	switch (cmd) {
 398	case TIOCLINUX:
 399		return tioclinux(tty, arg);
 400	case KIOCSOUND:
 401		if (!perm)
 402			goto eperm;
 403		if (arg)
 404			arg = CLOCK_TICK_RATE / arg;
 405		kd_mksound(arg, 0);
 406		break;
 407
 408	case KDMKTONE:
 409		if (!perm)
 410			goto eperm;
 411	{
 412		unsigned int ticks, count;
 413		
 414		/*
 415		 * Generate the tone for the appropriate number of ticks.
 416		 * If the time is zero, turn off sound ourselves.
 417		 */
 418		ticks = HZ * ((arg >> 16) & 0xffff) / 1000;
 419		count = ticks ? (arg & 0xffff) : 0;
 420		if (count)
 421			count = CLOCK_TICK_RATE / count;
 422		kd_mksound(count, ticks);
 423		break;
 424	}
 425
 426	case KDGKBTYPE:
 427		/*
 428		 * this is naive.
 429		 */
 430		ucval = KB_101;
 431		goto setchar;
 432
 433		/*
 434		 * These cannot be implemented on any machine that implements
 435		 * ioperm() in user level (such as Alpha PCs) or not at all.
 436		 *
 437		 * XXX: you should never use these, just call ioperm directly..
 438		 */
 439#ifdef CONFIG_X86
 440	case KDADDIO:
 441	case KDDELIO:
 442		/*
 443		 * KDADDIO and KDDELIO may be able to add ports beyond what
 444		 * we reject here, but to be safe...
 445		 */
 446		if (arg < GPFIRST || arg > GPLAST) {
 447			ret = -EINVAL;
 448			break;
 449		}
 450		ret = sys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0;
 451		break;
 452
 453	case KDENABIO:
 454	case KDDISABIO:
 455		ret = sys_ioperm(GPFIRST, GPNUM,
 456				  (cmd == KDENABIO)) ? -ENXIO : 0;
 457		break;
 458#endif
 459
 460	/* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */
 461		
 462	case KDKBDREP:
 463	{
 464		struct kbd_repeat kbrep;
 465		
 466		if (!capable(CAP_SYS_TTY_CONFIG))
 467			goto eperm;
 468
 469		if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat))) {
 470			ret =  -EFAULT;
 471			break;
 472		}
 473		ret = kbd_rate(&kbrep);
 474		if (ret)
 475			break;
 476		if (copy_to_user(up, &kbrep, sizeof(struct kbd_repeat)))
 477			ret = -EFAULT;
 478		break;
 479	}
 480
 481	case KDSETMODE:
 482		/*
 483		 * currently, setting the mode from KD_TEXT to KD_GRAPHICS
 484		 * doesn't do a whole lot. i'm not sure if it should do any
 485		 * restoration of modes or what...
 486		 *
 487		 * XXX It should at least call into the driver, fbdev's definitely
 488		 * need to restore their engine state. --BenH
 489		 */
 490		if (!perm)
 491			goto eperm;
 492		switch (arg) {
 493		case KD_GRAPHICS:
 494			break;
 495		case KD_TEXT0:
 496		case KD_TEXT1:
 497			arg = KD_TEXT;
 498		case KD_TEXT:
 499			break;
 500		default:
 501			ret = -EINVAL;
 502			goto out;
 503		}
 504		if (vc->vc_mode == (unsigned char) arg)
 505			break;
 506		vc->vc_mode = (unsigned char) arg;
 507		if (console != fg_console)
 508			break;
 509		/*
 510		 * explicitly blank/unblank the screen if switching modes
 511		 */
 512		acquire_console_sem();
 513		if (arg == KD_TEXT)
 514			do_unblank_screen(1);
 515		else
 516			do_blank_screen(1);
 517		release_console_sem();
 518		break;
 519
 520	case KDGETMODE:
 521		ucval = vc->vc_mode;
 522		goto setint;
 523
 524	case KDMAPDISP:
 525	case KDUNMAPDISP:
 526		/*
 527		 * these work like a combination of mmap and KDENABIO.
 528		 * this could be easily finished.
 529		 */
 530		ret = -EINVAL;
 531		break;
 532
 533	case KDSKBMODE:
 534		if (!perm)
 535			goto eperm;
 536		switch(arg) {
 537		  case K_RAW:
 538			kbd->kbdmode = VC_RAW;
 539			break;
 540		  case K_MEDIUMRAW:
 541			kbd->kbdmode = VC_MEDIUMRAW;
 542			break;
 543		  case K_XLATE:
 544			kbd->kbdmode = VC_XLATE;
 545			compute_shiftstate();
 546			break;
 547		  case K_UNICODE:
 548			kbd->kbdmode = VC_UNICODE;
 549			compute_shiftstate();
 550			break;
 551		  default:
 552			ret = -EINVAL;
 553			goto out;
 554		}
 555		tty_ldisc_flush(tty);
 556		break;
 557
 558	case KDGKBMODE:
 559		ucval = ((kbd->kbdmode == VC_RAW) ? K_RAW :
 560				 (kbd->kbdmode == VC_MEDIUMRAW) ? K_MEDIUMRAW :
 561				 (kbd->kbdmode == VC_UNICODE) ? K_UNICODE :
 562				 K_XLATE);
 563		goto setint;
 564
 565	/* this could be folded into KDSKBMODE, but for compatibility
 566	   reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */
 567	case KDSKBMETA:
 568		switch(arg) {
 569		  case K_METABIT:
 570			clr_vc_kbd_mode(kbd, VC_META);
 571			break;
 572		  case K_ESCPREFIX:
 573			set_vc_kbd_mode(kbd, VC_META);
 574			break;
 575		  default:
 576			ret = -EINVAL;
 577		}
 578		break;
 579
 580	case KDGKBMETA:
 581		ucval = (vc_kbd_mode(kbd, VC_META) ? K_ESCPREFIX : K_METABIT);
 582	setint:
 583		ret = put_user(ucval, (int __user *)arg);
 584		break;
 585
 586	case KDGETKEYCODE:
 587	case KDSETKEYCODE:
 588		if(!capable(CAP_SYS_TTY_CONFIG))
 589			perm = 0;
 590		ret = do_kbkeycode_ioctl(cmd, up, perm);
 591		break;
 592
 593	case KDGKBENT:
 594	case KDSKBENT:
 595		ret = do_kdsk_ioctl(cmd, up, perm, kbd);
 596		break;
 597
 598	case KDGKBSENT:
 599	case KDSKBSENT:
 600		ret = do_kdgkb_ioctl(cmd, up, perm);
 601		break;
 602
 603	case KDGKBDIACR:
 604	{
 605		struct kbdiacrs __user *a = up;
 606		struct kbdiacr diacr;
 607		int i;
 608
 609		if (put_user(accent_table_size, &a->kb_cnt)) {
 610			ret = -EFAULT;
 611			break;
 612		}
 613		for (i = 0; i < accent_table_size; i++) {
 614			diacr.diacr = conv_uni_to_8bit(accent_table[i].diacr);
 615			diacr.base = conv_uni_to_8bit(accent_table[i].base);
 616			diacr.result = conv_uni_to_8bit(accent_table[i].result);
 617			if (copy_to_user(a->kbdiacr + i, &diacr, sizeof(struct kbdiacr))) {
 618				ret = -EFAULT;
 619				break;
 620			}
 621		}
 622		break;
 623	}
 624	case KDGKBDIACRUC:
 625	{
 626		struct kbdiacrsuc __user *a = up;
 627
 628		if (put_user(accent_table_size, &a->kb_cnt))
 629			ret = -EFAULT;
 630		else if (copy_to_user(a->kbdiacruc, accent_table,
 631				accent_table_size*sizeof(struct kbdiacruc)))
 632			ret = -EFAULT;
 633		break;
 634	}
 635
 636	case KDSKBDIACR:
 637	{
 638		struct kbdiacrs __user *a = up;
 639		struct kbdiacr diacr;
 640		unsigned int ct;
 641		int i;
 642
 643		if (!perm)
 644			goto eperm;
 645		if (get_user(ct,&a->kb_cnt)) {
 646			ret = -EFAULT;
 647			break;
 648		}
 649		if (ct >= MAX_DIACR) {
 650			ret = -EINVAL;
 651			break;
 652		}
 653		accent_table_size = ct;
 654		for (i = 0; i < ct; i++) {
 655			if (copy_from_user(&diacr, a->kbdiacr + i, sizeof(struct kbdiacr))) {
 656				ret = -EFAULT;
 657				break;
 658			}
 659			accent_table[i].diacr = conv_8bit_to_uni(diacr.diacr);
 660			accent_table[i].base = conv_8bit_to_uni(diacr.base);
 661			accent_table[i].result = conv_8bit_to_uni(diacr.result);
 662		}
 663		break;
 664	}
 665
 666	case KDSKBDIACRUC:
 667	{
 668		struct kbdiacrsuc __user *a = up;
 669		unsigned int ct;
 670
 671		if (!perm)
 672			goto eperm;
 673		if (get_user(ct,&a->kb_cnt)) {
 674			ret = -EFAULT;
 675			break;
 676		}
 677		if (ct >= MAX_DIACR) {
 678			ret = -EINVAL;
 679			break;
 680		}
 681		accent_table_size = ct;
 682		if (copy_from_user(accent_table, a->kbdiacruc, ct*sizeof(struct kbdiacruc)))
 683			ret = -EFAULT;
 684		break;
 685	}
 686
 687	/* the ioctls below read/set the flags usually shown in the leds */
 688	/* don't use them - they will go away without warning */
 689	case KDGKBLED:
 690		ucval = kbd->ledflagstate | (kbd->default_ledflagstate << 4);
 691		goto setchar;
 692
 693	case KDSKBLED:
 694		if (!perm)
 695			goto eperm;
 696		if (arg & ~0x77) {
 697			ret = -EINVAL;
 698			break;
 699		}
 700		kbd->ledflagstate = (arg & 7);
 701		kbd->default_ledflagstate = ((arg >> 4) & 7);
 702		set_leds();
 703		break;
 704
 705	/* the ioctls below only set the lights, not the functions */
 706	/* for those, see KDGKBLED and KDSKBLED above */
 707	case KDGETLED:
 708		ucval = getledstate();
 709	setchar:
 710		ret = put_user(ucval, (char __user *)arg);
 711		break;
 712
 713	case KDSETLED:
 714		if (!perm)
 715			goto eperm;
 716		setledstate(kbd, arg);
 717		break;
 718
 719	/*
 720	 * A process can indicate its willingness to accept signals
 721	 * generated by pressing an appropriate key combination.
 722	 * Thus, one can have a daemon that e.g. spawns a new console
 723	 * upon a keypress and then changes to it.
 724	 * See also the kbrequest field of inittab(5).
 725	 */
 726	case KDSIGACCEPT:
 727	{
 728		if (!perm || !capable(CAP_KILL))
 729			goto eperm;
 730		if (!valid_signal(arg) || arg < 1 || arg == SIGKILL)
 731			ret = -EINVAL;
 732		else {
 733			spin_lock_irq(&vt_spawn_con.lock);
 734			put_pid(vt_spawn_con.pid);
 735			vt_spawn_con.pid = get_pid(task_pid(current));
 736			vt_spawn_con.sig = arg;
 737			spin_unlock_irq(&vt_spawn_con.lock);
 738		}
 739		break;
 740	}
 741
 742	case VT_SETMODE:
 743	{
 744		struct vt_mode tmp;
 745
 746		if (!perm)
 747			goto eperm;
 748		if (copy_from_user(&tmp, up, sizeof(struct vt_mode))) {
 749			ret = -EFAULT;
 750			goto out;
 751		}
 752		if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS) {
 753			ret = -EINVAL;
 754			goto out;
 755		}
 756		acquire_console_sem();
 757		vc->vt_mode = tmp;
 758		/* the frsig is ignored, so we set it to 0 */
 759		vc->vt_mode.frsig = 0;
 760		put_pid(vc->vt_pid);
 761		vc->vt_pid = get_pid(task_pid(current));
 762		/* no switch is required -- saw@shade.msu.ru */
 763		vc->vt_newvt = -1;
 764		release_console_sem();
 765		break;
 766	}
 767
 768	case VT_GETMODE:
 769	{
 770		struct vt_mode tmp;
 771		int rc;
 772
 773		acquire_console_sem();
 774		memcpy(&tmp, &vc->vt_mode, sizeof(struct vt_mode));
 775		release_console_sem();
 776
 777		rc = copy_to_user(up, &tmp, sizeof(struct vt_mode));
 778		if (rc)
 779			ret = -EFAULT;
 780		break;
 781	}
 782
 783	/*
 784	 * Returns global vt state. Note that VT 0 is always open, since
 785	 * it's an alias for the current VT, and people can't use it here.
 786	 * We cannot return state for more than 16 VTs, since v_state is short.
 787	 */
 788	case VT_GETSTATE:
 789	{
 790		struct vt_stat __user *vtstat = up;
 791		unsigned short state, mask;
 792
 793		if (put_user(fg_console + 1, &vtstat->v_active))
 794			ret = -EFAULT;
 795		else {
 796			state = 1;	/* /dev/tty0 is always open */
 797			for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask;
 798							++i, mask <<= 1)
 799				if (VT_IS_IN_USE(i))
 800					state |= mask;
 801			ret = put_user(state, &vtstat->v_state);
 802		}
 803		break;
 804	}
 805
 806	/*
 807	 * Returns the first available (non-opened) console.
 808	 */
 809	case VT_OPENQRY:
 810		for (i = 0; i < MAX_NR_CONSOLES; ++i)
 811			if (! VT_IS_IN_USE(i))
 812				break;
 813		ucval = i < MAX_NR_CONSOLES ? (i+1) : -1;
 814		goto setint;		 
 815
 816	/*
 817	 * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num,
 818	 * with num >= 1 (switches to vt 0, our console, are not allowed, just
 819	 * to preserve sanity).
 820	 */
 821	case VT_ACTIVATE:
 822		if (!perm)
 823			goto eperm;
 824		if (arg == 0 || arg > MAX_NR_CONSOLES)
 825			ret =  -ENXIO;
 826		else {
 827			arg--;
 828			acquire_console_sem();
 829			ret = vc_allocate(arg);
 830			release_console_sem();
 831			if (ret)
 832				break;
 833			set_console(arg);
 834		}
 835		break;
 836
 837	/*
 838	 * wait until the specified VT has been activated
 839	 */
 840	case VT_WAITACTIVE:
 841		if (!perm)
 842			goto eperm;
 843		if (arg == 0 || arg > MAX_NR_CONSOLES)
 844			ret = -ENXIO;
 845		else
 846			ret = vt_waitactive(arg - 1);
 847		break;
 848
 849	/*
 850	 * If a vt is under process control, the kernel will not switch to it
 851	 * immediately, but postpone the operation until the process calls this
 852	 * ioctl, allowing the switch to complete.
 853	 *
 854	 * According to the X sources this is the behavior:
 855	 *	0:	pending switch-from not OK
 856	 *	1:	pending switch-from OK
 857	 *	2:	completed switch-to OK
 858	 */
 859	case VT_RELDISP:
 860		if (!perm)
 861			goto eperm;
 862
 863		if (vc->vt_mode.mode != VT_PROCESS) {
 864			ret = -EINVAL;
 865			break;
 866		}
 867		/*
 868		 * Switching-from response
 869		 */
 870		acquire_console_sem();
 871		if (vc->vt_newvt >= 0) {
 872			if (arg == 0)
 873				/*
 874				 * Switch disallowed, so forget we were trying
 875				 * to do it.
 876				 */
 877				vc->vt_newvt = -1;
 878
 879			else {
 880				/*
 881				 * The current vt has been released, so
 882				 * complete the switch.
 883				 */
 884				int newvt;
 885				newvt = vc->vt_newvt;
 886				vc->vt_newvt = -1;
 887				ret = vc_allocate(newvt);
 888				if (ret) {
 889					release_console_sem();
 890					break;
 891				}
 892				/*
 893				 * When we actually do the console switch,
 894				 * make sure we are atomic with respect to
 895				 * other console switches..
 896				 */
 897				complete_change_console(vc_cons[newvt].d);
 898			}
 899		} else {
 900			/*
 901			 * Switched-to response
 902			 */
 903			/*
 904			 * If it's just an ACK, ignore it
 905			 */
 906			if (arg != VT_ACKACQ)
 907				ret = -EINVAL;
 908		}
 909		release_console_sem();
 910		break;
 911
 912	 /*
 913	  * Disallocate memory associated to VT (but leave VT1)
 914	  */
 915	 case VT_DISALLOCATE:
 916		if (arg > MAX_NR_CONSOLES) {
 917			ret = -ENXIO;
 918			break;
 919		}
 920		if (arg == 0) {
 921		    /* deallocate all unused consoles, but leave 0 */
 922			acquire_console_sem();
 923			for (i=1; i<MAX_NR_CONSOLES; i++)
 924				if (! VT_BUSY(i))
 925					vc_deallocate(i);
 926			release_console_sem();
 927		} else {
 928			/* deallocate a single console, if possible */
 929			arg--;
 930			if (VT_BUSY(arg))
 931				ret = -EBUSY;
 932			else if (arg) {			      /* leave 0 */
 933				acquire_console_sem();
 934				vc_deallocate(arg);
 935				release_console_sem();
 936			}
 937		}
 938		break;
 939
 940	case VT_RESIZE:
 941	{
 942		struct vt_sizes __user *vtsizes = up;
 943		struct vc_data *vc;
 944
 945		ushort ll,cc;
 946		if (!perm)
 947			goto eperm;
 948		if (get_user(ll, &vtsizes->v_rows) ||
 949		    get_user(cc, &vtsizes->v_cols))
 950			ret = -EFAULT;
 951		else {
 952			acquire_console_sem();
 953			for (i = 0; i < MAX_NR_CONSOLES; i++) {
 954				vc = vc_cons[i].d;
 955
 956				if (vc) {
 957					vc->vc_resize_user = 1;
 958					vc_resize(vc_cons[i].d, cc, ll);
 959				}
 960			}
 961			release_console_sem();
 962		}
 963		break;
 964	}
 965
 966	case VT_RESIZEX:
 967	{
 968		struct vt_consize __user *vtconsize = up;
 969		ushort ll,cc,vlin,clin,vcol,ccol;
 970		if (!perm)
 971			goto eperm;
 972		if (!access_ok(VERIFY_READ, vtconsize,
 973				sizeof(struct vt_consize))) {
 974			ret = -EFAULT;
 975			break;
 976		}
 977		/* FIXME: Should check the copies properly */
 978		__get_user(ll, &vtconsize->v_rows);
 979		__get_user(cc, &vtconsize->v_cols);
 980		__get_user(vlin, &vtconsize->v_vlin);
 981		__get_user(clin, &vtconsize->v_clin);
 982		__get_user(vcol, &vtconsize->v_vcol);
 983		__get_user(ccol, &vtconsize->v_ccol);
 984		vlin = vlin ? vlin : vc->vc_scan_lines;
 985		if (clin) {
 986			if (ll) {
 987				if (ll != vlin/clin) {
 988					/* Parameters don't add up */
 989					ret = -EINVAL;
 990					break;
 991				}
 992			} else 
 993				ll = vlin/clin;
 994		}
 995		if (vcol && ccol) {
 996			if (cc) {
 997				if (cc != vcol/ccol) {
 998					ret = -EINVAL;
 999					break;
1000				}
1001			} else
1002				cc = vcol/ccol;
1003		}
1004
1005		if (clin > 32) {
1006			ret =  -EINVAL;
1007			break;
1008		}
1009		    
1010		for (i = 0; i < MAX_NR_CONSOLES; i++) {
1011			if (!vc_cons[i].d)
1012				continue;
1013			acquire_console_sem();
1014			if (vlin)
1015				vc_cons[i].d->vc_scan_lines = vlin;
1016			if (clin)
1017				vc_cons[i].d->vc_font.height = clin;
1018			vc_cons[i].d->vc_resize_user = 1;
1019			vc_resize(vc_cons[i].d, cc, ll);
1020			release_console_sem();
1021		}
1022		break;
1023	}
1024
1025	case PIO_FONT: {
1026		if (!perm)
1027			goto eperm;
1028		op.op = KD_FONT_OP_SET;
1029		op.flags = KD_FONT_FLAG_OLD | KD_FONT_FLAG_DONT_RECALC;	/* Compatibility */
1030		op.width = 8;
1031		op.height = 0;
1032		op.charcount = 256;
1033		op.data = up;
1034		ret = con_font_op(vc_cons[fg_console].d, &op);
1035		break;
1036	}
1037
1038	case GIO_FONT: {
1039		op.op = KD_FONT_OP_GET;
1040		op.flags = KD_FONT_FLAG_OLD;
1041		op.width = 8;
1042		op.height = 32;
1043		op.charcount = 256;
1044		op.data = up;
1045		ret = con_font_op(vc_cons[fg_console].d, &op);
1046		break;
1047	}
1048
1049	case PIO_CMAP:
1050                if (!perm)
1051			ret = -EPERM;
1052		else
1053	                ret = con_set_cmap(up);
1054		break;
1055
1056	case GIO_CMAP:
1057                ret = con_get_cmap(up);
1058		break;
1059
1060	case PIO_FONTX:
1061	case GIO_FONTX:
1062		ret = do_fontx_ioctl(cmd, up, perm, &op);
1063		break;
1064
1065	case PIO_FONTRESET:
1066	{
1067		if (!perm)
1068			goto eperm;
1069
1070#ifdef BROKEN_GRAPHICS_PROGRAMS
1071		/* With BROKEN_GRAPHICS_PROGRAMS defined, the default
1072		   font is not saved. */
1073		ret = -ENOSYS;
1074		break;
1075#else
1076		{
1077		op.op = KD_FONT_OP_SET_DEFAULT;
1078		op.data = NULL;
1079		ret = con_font_op(vc_cons[fg_console].d, &op);
1080		if (ret)
1081			break;
1082		con_set_default_unimap(vc_cons[fg_console].d);
1083		break;
1084		}
1085#endif
1086	}
1087
1088	case KDFONTOP: {
1089		if (copy_from_user(&op, up, sizeof(op))) {
1090			ret = -EFAULT;
1091			break;
1092		}
1093		if (!perm && op.op != KD_FONT_OP_GET)
1094			goto eperm;
1095		ret = con_font_op(vc, &op);
1096		if (ret)
1097			break;
1098		if (copy_to_user(up, &op, sizeof(op)))
1099			ret = -EFAULT;
1100		break;
1101	}
1102
1103	case PIO_SCRNMAP:
1104		if (!perm)
1105			ret = -EPERM;
1106		else
1107			ret = con_set_trans_old(up);
1108		break;
1109
1110	case GIO_SCRNMAP:
1111		ret = con_get_trans_old(up);
1112		break;
1113
1114	case PIO_UNISCRNMAP:
1115		if (!perm)
1116			ret = -EPERM;
1117		else
1118			ret = con_set_trans_new(up);
1119		break;
1120
1121	case GIO_UNISCRNMAP:
1122		ret = con_get_trans_new(up);
1123		break;
1124
1125	case PIO_UNIMAPCLR:
1126	      { struct unimapinit ui;
1127		if (!perm)
1128			goto eperm;
1129		ret = copy_from_user(&ui, up, sizeof(struct unimapinit));
1130		if (!ret)
1131			con_clear_unimap(vc, &ui);
1132		break;
1133	      }
1134
1135	case PIO_UNIMAP:
1136	case GIO_UNIMAP:
1137		ret = do_unimap_ioctl(cmd, up, perm, vc);
1138		break;
1139
1140	case VT_LOCKSWITCH:
1141		if (!capable(CAP_SYS_TTY_CONFIG))
1142			goto eperm;
1143		vt_dont_switch = 1;
1144		break;
1145	case VT_UNLOCKSWITCH:
1146		if (!capable(CAP_SYS_TTY_CONFIG))
1147			goto eperm;
1148		vt_dont_switch = 0;
1149		break;
1150	case VT_GETHIFONTMASK:
1151		ret = put_user(vc->vc_hi_font_mask,
1152					(unsigned short __user *)arg);
1153		break;
1154	default:
1155		ret = -ENOIOCTLCMD;
1156	}
1157out:
1158	unlock_kernel();
1159	return ret;
1160eperm:
1161	ret = -EPERM;
1162	goto out;
1163}
1164
1165/*
1166 * Sometimes we want to wait until a particular VT has been activated. We
1167 * do it in a very simple manner. Everybody waits on a single queue and
1168 * get woken up at once. Those that are satisfied go on with their business,
1169 * while those not ready go back to sleep. Seems overkill to add a wait
1170 * to each vt just for this - usually this does nothing!
1171 */
1172static DECLARE_WAIT_QUEUE_HEAD(vt_activate_queue);
1173
1174/*
1175 * Sleeps until a vt is activated, or the task is interrupted. Returns
1176 * 0 if activation, -EINTR if interrupted by a signal handler.
1177 */
1178int vt_waitactive(int vt)
1179{
1180	int retval;
1181	DECLARE_WAITQUEUE(wait, current);
1182
1183	add_wait_queue(&vt_activate_queue, &wait);
1184	for (;;) {
1185		retval = 0;
1186
1187		/*
1188		 * Synchronize with redraw_screen(). By acquiring the console
1189		 * semaphore we make sure that the console switch is completed
1190		 * before we return. If we didn't wait for the semaphore, we
1191		 * could return at a point where fg_console has already been
1192		 * updated, but the console switch hasn't been completed.
1193		 */
1194		acquire_console_sem();
1195		set_current_state(TASK_INTERRUPTIBLE);
1196		if (vt == fg_console) {
1197			release_console_sem();
1198			break;
1199		}
1200		release_console_sem();
1201		retval = -ERESTARTNOHAND;
1202		if (signal_pending(current))
1203			break;
1204		schedule();
1205	}
1206	remove_wait_queue(&vt_activate_queue, &wait);
1207	__set_current_state(TASK_RUNNING);
1208	return retval;
1209}
1210
1211#define vt_wake_waitactive() wake_up(&vt_activate_queue)
1212
1213void reset_vc(struct vc_data *vc)
1214{
1215	vc->vc_mode = KD_TEXT;
1216	kbd_table[vc->vc_num].kbdmode = default_utf8 ? VC_UNICODE : VC_XLATE;
1217	vc->vt_mode.mode = VT_AUTO;
1218	vc->vt_mode.waitv = 0;
1219	vc->vt_mode.relsig = 0;
1220	vc->vt_mode.acqsig = 0;
1221	vc->vt_mode.frsig = 0;
1222	put_pid(vc->vt_pid);
1223	vc->vt_pid = NULL;
1224	vc->vt_newvt = -1;
1225	if (!in_interrupt())    /* Via keyboard.c:SAK() - akpm */
1226		reset_palette(vc);
1227}
1228
1229void vc_SAK(struct work_struct *work)
1230{
1231	struct vc *vc_con =
1232		container_of(work, struct vc, SAK_work);
1233	struct vc_data *vc;
1234	struct tty_struct *tty;
1235
1236	acquire_console_sem();
1237	vc = vc_con->d;
1238	if (vc) {
1239		tty = vc->vc_tty;
1240		/*
1241		 * SAK should also work in all raw modes and reset
1242		 * them properly.
1243		 */
1244		if (tty)
1245			__do_SAK(tty);
1246		reset_vc(vc);
1247	}
1248	release_console_sem();
1249}
1250
1251/*
1252 * Performs the back end of a vt switch
1253 */
1254static void complete_change_console(struct vc_data *vc)
1255{
1256	unsigned char old_vc_mode;
1257
1258	last_console = fg_console;
1259
1260	/*
1261	 * If we're switching, we could be going from KD_GRAPHICS to
1262	 * KD_TEXT mode or vice versa, which means we need to blank or
1263	 * unblank the screen later.
1264	 */
1265	old_vc_mode = vc_cons[fg_console].d->vc_mode;
1266	switch_screen(vc);
1267
1268	/*
1269	 * This can't appear below a successful kill_pid().  If it did,
1270	 * then the *blank_screen operation could occur while X, having
1271	 * received acqsig, is waking up on another processor.  This
1272	 * condition can lead to overlapping accesses to the VGA range
1273	 * and the framebuffer (causing system lockups).
1274	 *
1275	 * To account for this we duplicate this code below only if the
1276	 * controlling process is gone and we've called reset_vc.
1277	 */
1278	if (old_vc_mode != vc->vc_mode) {
1279		if (vc->vc_mode == KD_TEXT)
1280			do_unblank_screen(1);
1281		else
1282			do_blank_screen(1);
1283	}
1284
1285	/*
1286	 * If this new console is under process control, send it a signal
1287	 * telling it that it has acquired. Also check if it has died and
1288	 * clean up (similar to logic employed in change_console())
1289	 */
1290	if (vc->vt_mode.mode == VT_PROCESS) {
1291		/*
1292		 * Send the signal as privileged - kill_pid() will
1293		 * tell us if the process has gone or something else
1294		 * is awry
1295		 */
1296		if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) {
1297		/*
1298		 * The controlling process has died, so we revert back to
1299		 * normal operation. In this case, we'll also change back
1300		 * to KD_TEXT mode. I'm not sure if this is strictly correct
1301		 * but it saves the agony when the X server dies and the screen
1302		 * remains blanked due to KD_GRAPHICS! It would be nice to do
1303		 * this outside of VT_PROCESS but there is no single process
1304		 * to account for and tracking tty count may be undesirable.
1305		 */
1306			reset_vc(vc);
1307
1308			if (old_vc_mode != vc->vc_mode) {
1309				if (vc->vc_mode == KD_TEXT)
1310					do_unblank_screen(1);
1311				else
1312					do_blank_screen(1);
1313			}
1314		}
1315	}
1316
1317	/*
1318	 * Wake anyone waiting for their VT to activate
1319	 */
1320	vt_wake_waitactive();
1321	return;
1322}
1323
1324/*
1325 * Performs the front-end of a vt switch
1326 */
1327void change_console(struct vc_data *new_vc)
1328{
1329	struct vc_data *vc;
1330
1331	if (!new_vc || new_vc->vc_num == fg_console || vt_dont_switch)
1332		return;
1333
1334	/*
1335	 * If this vt is in process mode, then we need to handshake with
1336	 * that process before switching. Essentially, we store where that
1337	 * vt wants to switch to and wait for it to tell us when it's done
1338	 * (via VT_RELDISP ioctl).
1339	 *
1340	 * We also check to see if the controlling process still exists.
1341	 * If it doesn't, we reset this vt to auto mode and continue.
1342	 * This is a cheap way to track process control. The worst thing
1343	 * that can happen is: we send a signal to a process, it dies, and
1344	 * the switch gets "lost" waiting for a response; hopefully, the
1345	 * user will try again, we'll detect the process is gone (unless
1346	 * the user waits just the right amount of time :-) and revert the
1347	 * vt to auto control.
1348	 */
1349	vc = vc_cons[fg_console].d;
1350	if (vc->vt_mode.mode == VT_PROCESS) {
1351		/*
1352		 * Send the signal as privileged - kill_pid() will
1353		 * tell us if the process has gone or something else
1354		 * is awry.
1355		 *
1356		 * We need to set vt_newvt *before* sending the signal or we
1357		 * have a race.
1358		 */
1359		vc->vt_newvt = new_vc->vc_num;
1360		if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) {
1361			/*
1362			 * It worked. Mark the vt to switch to and
1363			 * return. The process needs to send us a
1364			 * VT_RELDISP ioctl to complete the switch.
1365			 */
1366			return;
1367		}
1368
1369		/*
1370		 * The controlling process has died, so we revert back to
1371		 * normal operation. In this case, we'll also change back
1372		 * to KD_TEXT mode. I'm not sure if this is strictly correct
1373		 * but it saves the agony when the X server dies and the screen
1374		 * remains blanked due to KD_GRAPHICS! It would be nice to do
1375		 * this outside of VT_PROCESS but there is no single process
1376		 * to account for and tracking tty count may be undesirable.
1377		 */
1378		reset_vc(vc);
1379
1380		/*
1381		 * Fall through to normal (VT_AUTO) handling of the switch...
1382		 */
1383	}
1384
1385	/*
1386	 * Ignore all switches in KD_GRAPHICS+VT_AUTO mode
1387	 */
1388	if (vc->vc_mode == KD_GRAPHICS)
1389		return;
1390
1391	complete_change_console(new_vc);
1392}
Configure Feed

Configure Feed
