drivers/char/vt_ioctl.c at v2.6.34

tjh.dev / kernel
fork atom
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / drivers / char / vt_ioctl.c
at v2.6.34 1782 lines 41 kB view raw
wrap content
   1/*
   2 *  linux/drivers/char/vt_ioctl.c
   3 *
   4 *  Copyright (C) 1992 obz under the linux copyright
   5 *
   6 *  Dynamic diacritical handling - aeb@cwi.nl - Dec 1993
   7 *  Dynamic keymap and string allocation - aeb@cwi.nl - May 1994
   8 *  Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995
   9 *  Some code moved for less code duplication - Andi Kleen - Mar 1997
  10 *  Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001
  11 */
  12
  13#include <linux/types.h>
  14#include <linux/errno.h>
  15#include <linux/sched.h>
  16#include <linux/tty.h>
  17#include <linux/timer.h>
  18#include <linux/kernel.h>
  19#include <linux/compat.h>
  20#include <linux/module.h>
  21#include <linux/kd.h>
  22#include <linux/vt.h>
  23#include <linux/string.h>
  24#include <linux/slab.h>
  25#include <linux/major.h>
  26#include <linux/fs.h>
  27#include <linux/console.h>
  28#include <linux/consolemap.h>
  29#include <linux/signal.h>
  30#include <linux/smp_lock.h>
  31#include <linux/timex.h>
  32
  33#include <asm/io.h>
  34#include <asm/uaccess.h>
  35
  36#include <linux/kbd_kern.h>
  37#include <linux/vt_kern.h>
  38#include <linux/kbd_diacr.h>
  39#include <linux/selection.h>
  40
  41char vt_dont_switch;
  42extern struct tty_driver *console_driver;
  43
  44#define VT_IS_IN_USE(i)	(console_driver->ttys[i] && console_driver->ttys[i]->count)
  45#define VT_BUSY(i)	(VT_IS_IN_USE(i) || i == fg_console || vc_cons[i].d == sel_cons)
  46
  47/*
  48 * Console (vt and kd) routines, as defined by USL SVR4 manual, and by
  49 * experimentation and study of X386 SYSV handling.
  50 *
  51 * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and
  52 * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console,
  53 * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will
  54 * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to
  55 * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using
  56 * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing
  57 * to the current console is done by the main ioctl code.
  58 */
  59
  60#ifdef CONFIG_X86
  61#include <linux/syscalls.h>
  62#endif
  63
  64static void complete_change_console(struct vc_data *vc);
  65
  66/*
  67 *	User space VT_EVENT handlers
  68 */
  69
  70struct vt_event_wait {
  71	struct list_head list;
  72	struct vt_event event;
  73	int done;
  74};
  75
  76static LIST_HEAD(vt_events);
  77static DEFINE_SPINLOCK(vt_event_lock);
  78static DECLARE_WAIT_QUEUE_HEAD(vt_event_waitqueue);
  79
  80/**
  81 *	vt_event_post
  82 *	@event: the event that occurred
  83 *	@old: old console
  84 *	@new: new console
  85 *
  86 *	Post an VT event to interested VT handlers
  87 */
  88
  89void vt_event_post(unsigned int event, unsigned int old, unsigned int new)
  90{
  91	struct list_head *pos, *head;
  92	unsigned long flags;
  93	int wake = 0;
  94
  95	spin_lock_irqsave(&vt_event_lock, flags);
  96	head = &vt_events;
  97
  98	list_for_each(pos, head) {
  99		struct vt_event_wait *ve = list_entry(pos,
 100						struct vt_event_wait, list);
 101		if (!(ve->event.event & event))
 102			continue;
 103		ve->event.event = event;
 104		/* kernel view is consoles 0..n-1, user space view is
 105		   console 1..n with 0 meaning current, so we must bias */
 106		ve->event.oldev = old + 1;
 107		ve->event.newev = new + 1;
 108		wake = 1;
 109		ve->done = 1;
 110	}
 111	spin_unlock_irqrestore(&vt_event_lock, flags);
 112	if (wake)
 113		wake_up_interruptible(&vt_event_waitqueue);
 114}
 115
 116/**
 117 *	vt_event_wait		-	wait for an event
 118 *	@vw: our event
 119 *
 120 *	Waits for an event to occur which completes our vt_event_wait
 121 *	structure. On return the structure has wv->done set to 1 for success
 122 *	or 0 if some event such as a signal ended the wait.
 123 */
 124
 125static void vt_event_wait(struct vt_event_wait *vw)
 126{
 127	unsigned long flags;
 128	/* Prepare the event */
 129	INIT_LIST_HEAD(&vw->list);
 130	vw->done = 0;
 131	/* Queue our event */
 132	spin_lock_irqsave(&vt_event_lock, flags);
 133	list_add(&vw->list, &vt_events);
 134	spin_unlock_irqrestore(&vt_event_lock, flags);
 135	/* Wait for it to pass */
 136	wait_event_interruptible(vt_event_waitqueue, vw->done);
 137	/* Dequeue it */
 138	spin_lock_irqsave(&vt_event_lock, flags);
 139	list_del(&vw->list);
 140	spin_unlock_irqrestore(&vt_event_lock, flags);
 141}
 142
 143/**
 144 *	vt_event_wait_ioctl	-	event ioctl handler
 145 *	@arg: argument to ioctl
 146 *
 147 *	Implement the VT_WAITEVENT ioctl using the VT event interface
 148 */
 149
 150static int vt_event_wait_ioctl(struct vt_event __user *event)
 151{
 152	struct vt_event_wait vw;
 153
 154	if (copy_from_user(&vw.event, event, sizeof(struct vt_event)))
 155		return -EFAULT;
 156	/* Highest supported event for now */
 157	if (vw.event.event & ~VT_MAX_EVENT)
 158		return -EINVAL;
 159
 160	vt_event_wait(&vw);
 161	/* If it occurred report it */
 162	if (vw.done) {
 163		if (copy_to_user(event, &vw.event, sizeof(struct vt_event)))
 164			return -EFAULT;
 165		return 0;
 166	}
 167	return -EINTR;
 168}
 169
 170/**
 171 *	vt_waitactive	-	active console wait
 172 *	@event: event code
 173 *	@n: new console
 174 *
 175 *	Helper for event waits. Used to implement the legacy
 176 *	event waiting ioctls in terms of events
 177 */
 178
 179int vt_waitactive(int n)
 180{
 181	struct vt_event_wait vw;
 182	do {
 183		if (n == fg_console + 1)
 184			break;
 185		vw.event.event = VT_EVENT_SWITCH;
 186		vt_event_wait(&vw);
 187		if (vw.done == 0)
 188			return -EINTR;
 189	} while (vw.event.newev != n);
 190	return 0;
 191}
 192
 193/*
 194 * these are the valid i/o ports we're allowed to change. they map all the
 195 * video ports
 196 */
 197#define GPFIRST 0x3b4
 198#define GPLAST 0x3df
 199#define GPNUM (GPLAST - GPFIRST + 1)
 200
 201#define i (tmp.kb_index)
 202#define s (tmp.kb_table)
 203#define v (tmp.kb_value)
 204static inline int
 205do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, struct kbd_struct *kbd)
 206{
 207	struct kbentry tmp;
 208	ushort *key_map, val, ov;
 209
 210	if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry)))
 211		return -EFAULT;
 212
 213	if (!capable(CAP_SYS_TTY_CONFIG))
 214		perm = 0;
 215
 216	switch (cmd) {
 217	case KDGKBENT:
 218		key_map = key_maps[s];
 219		if (key_map) {
 220		    val = U(key_map[i]);
 221		    if (kbd->kbdmode != VC_UNICODE && KTYP(val) >= NR_TYPES)
 222			val = K_HOLE;
 223		} else
 224		    val = (i ? K_HOLE : K_NOSUCHMAP);
 225		return put_user(val, &user_kbe->kb_value);
 226	case KDSKBENT:
 227		if (!perm)
 228			return -EPERM;
 229		if (!i && v == K_NOSUCHMAP) {
 230			/* deallocate map */
 231			key_map = key_maps[s];
 232			if (s && key_map) {
 233			    key_maps[s] = NULL;
 234			    if (key_map[0] == U(K_ALLOCATED)) {
 235					kfree(key_map);
 236					keymap_count--;
 237			    }
 238			}
 239			break;
 240		}
 241
 242		if (KTYP(v) < NR_TYPES) {
 243		    if (KVAL(v) > max_vals[KTYP(v)])
 244				return -EINVAL;
 245		} else
 246		    if (kbd->kbdmode != VC_UNICODE)
 247				return -EINVAL;
 248
 249		/* ++Geert: non-PC keyboards may generate keycode zero */
 250#if !defined(__mc68000__) && !defined(__powerpc__)
 251		/* assignment to entry 0 only tests validity of args */
 252		if (!i)
 253			break;
 254#endif
 255
 256		if (!(key_map = key_maps[s])) {
 257			int j;
 258
 259			if (keymap_count >= MAX_NR_OF_USER_KEYMAPS &&
 260			    !capable(CAP_SYS_RESOURCE))
 261				return -EPERM;
 262
 263			key_map = kmalloc(sizeof(plain_map),
 264						     GFP_KERNEL);
 265			if (!key_map)
 266				return -ENOMEM;
 267			key_maps[s] = key_map;
 268			key_map[0] = U(K_ALLOCATED);
 269			for (j = 1; j < NR_KEYS; j++)
 270				key_map[j] = U(K_HOLE);
 271			keymap_count++;
 272		}
 273		ov = U(key_map[i]);
 274		if (v == ov)
 275			break;	/* nothing to do */
 276		/*
 277		 * Attention Key.
 278		 */
 279		if (((ov == K_SAK) || (v == K_SAK)) && !capable(CAP_SYS_ADMIN))
 280			return -EPERM;
 281		key_map[i] = U(v);
 282		if (!s && (KTYP(ov) == KT_SHIFT || KTYP(v) == KT_SHIFT))
 283			compute_shiftstate();
 284		break;
 285	}
 286	return 0;
 287}
 288#undef i
 289#undef s
 290#undef v
 291
 292static inline int 
 293do_kbkeycode_ioctl(int cmd, struct kbkeycode __user *user_kbkc, int perm)
 294{
 295	struct kbkeycode tmp;
 296	int kc = 0;
 297
 298	if (copy_from_user(&tmp, user_kbkc, sizeof(struct kbkeycode)))
 299		return -EFAULT;
 300	switch (cmd) {
 301	case KDGETKEYCODE:
 302		kc = getkeycode(tmp.scancode);
 303		if (kc >= 0)
 304			kc = put_user(kc, &user_kbkc->keycode);
 305		break;
 306	case KDSETKEYCODE:
 307		if (!perm)
 308			return -EPERM;
 309		kc = setkeycode(tmp.scancode, tmp.keycode);
 310		break;
 311	}
 312	return kc;
 313}
 314
 315static inline int
 316do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm)
 317{
 318	struct kbsentry *kbs;
 319	char *p;
 320	u_char *q;
 321	u_char __user *up;
 322	int sz;
 323	int delta;
 324	char *first_free, *fj, *fnw;
 325	int i, j, k;
 326	int ret;
 327
 328	if (!capable(CAP_SYS_TTY_CONFIG))
 329		perm = 0;
 330
 331	kbs = kmalloc(sizeof(*kbs), GFP_KERNEL);
 332	if (!kbs) {
 333		ret = -ENOMEM;
 334		goto reterr;
 335	}
 336
 337	/* we mostly copy too much here (512bytes), but who cares ;) */
 338	if (copy_from_user(kbs, user_kdgkb, sizeof(struct kbsentry))) {
 339		ret = -EFAULT;
 340		goto reterr;
 341	}
 342	kbs->kb_string[sizeof(kbs->kb_string)-1] = '\0';
 343	i = kbs->kb_func;
 344
 345	switch (cmd) {
 346	case KDGKBSENT:
 347		sz = sizeof(kbs->kb_string) - 1; /* sz should have been
 348						  a struct member */
 349		up = user_kdgkb->kb_string;
 350		p = func_table[i];
 351		if(p)
 352			for ( ; *p && sz; p++, sz--)
 353				if (put_user(*p, up++)) {
 354					ret = -EFAULT;
 355					goto reterr;
 356				}
 357		if (put_user('\0', up)) {
 358			ret = -EFAULT;
 359			goto reterr;
 360		}
 361		kfree(kbs);
 362		return ((p && *p) ? -EOVERFLOW : 0);
 363	case KDSKBSENT:
 364		if (!perm) {
 365			ret = -EPERM;
 366			goto reterr;
 367		}
 368
 369		q = func_table[i];
 370		first_free = funcbufptr + (funcbufsize - funcbufleft);
 371		for (j = i+1; j < MAX_NR_FUNC && !func_table[j]; j++) 
 372			;
 373		if (j < MAX_NR_FUNC)
 374			fj = func_table[j];
 375		else
 376			fj = first_free;
 377
 378		delta = (q ? -strlen(q) : 1) + strlen(kbs->kb_string);
 379		if (delta <= funcbufleft) { 	/* it fits in current buf */
 380		    if (j < MAX_NR_FUNC) {
 381			memmove(fj + delta, fj, first_free - fj);
 382			for (k = j; k < MAX_NR_FUNC; k++)
 383			    if (func_table[k])
 384				func_table[k] += delta;
 385		    }
 386		    if (!q)
 387		      func_table[i] = fj;
 388		    funcbufleft -= delta;
 389		} else {			/* allocate a larger buffer */
 390		    sz = 256;
 391		    while (sz < funcbufsize - funcbufleft + delta)
 392		      sz <<= 1;
 393		    fnw = kmalloc(sz, GFP_KERNEL);
 394		    if(!fnw) {
 395		      ret = -ENOMEM;
 396		      goto reterr;
 397		    }
 398
 399		    if (!q)
 400		      func_table[i] = fj;
 401		    if (fj > funcbufptr)
 402			memmove(fnw, funcbufptr, fj - funcbufptr);
 403		    for (k = 0; k < j; k++)
 404		      if (func_table[k])
 405			func_table[k] = fnw + (func_table[k] - funcbufptr);
 406
 407		    if (first_free > fj) {
 408			memmove(fnw + (fj - funcbufptr) + delta, fj, first_free - fj);
 409			for (k = j; k < MAX_NR_FUNC; k++)
 410			  if (func_table[k])
 411			    func_table[k] = fnw + (func_table[k] - funcbufptr) + delta;
 412		    }
 413		    if (funcbufptr != func_buf)
 414		      kfree(funcbufptr);
 415		    funcbufptr = fnw;
 416		    funcbufleft = funcbufleft - delta + sz - funcbufsize;
 417		    funcbufsize = sz;
 418		}
 419		strcpy(func_table[i], kbs->kb_string);
 420		break;
 421	}
 422	ret = 0;
 423reterr:
 424	kfree(kbs);
 425	return ret;
 426}
 427
 428static inline int 
 429do_fontx_ioctl(int cmd, struct consolefontdesc __user *user_cfd, int perm, struct console_font_op *op)
 430{
 431	struct consolefontdesc cfdarg;
 432	int i;
 433
 434	if (copy_from_user(&cfdarg, user_cfd, sizeof(struct consolefontdesc))) 
 435		return -EFAULT;
 436 	
 437	switch (cmd) {
 438	case PIO_FONTX:
 439		if (!perm)
 440			return -EPERM;
 441		op->op = KD_FONT_OP_SET;
 442		op->flags = KD_FONT_FLAG_OLD;
 443		op->width = 8;
 444		op->height = cfdarg.charheight;
 445		op->charcount = cfdarg.charcount;
 446		op->data = cfdarg.chardata;
 447		return con_font_op(vc_cons[fg_console].d, op);
 448	case GIO_FONTX: {
 449		op->op = KD_FONT_OP_GET;
 450		op->flags = KD_FONT_FLAG_OLD;
 451		op->width = 8;
 452		op->height = cfdarg.charheight;
 453		op->charcount = cfdarg.charcount;
 454		op->data = cfdarg.chardata;
 455		i = con_font_op(vc_cons[fg_console].d, op);
 456		if (i)
 457			return i;
 458		cfdarg.charheight = op->height;
 459		cfdarg.charcount = op->charcount;
 460		if (copy_to_user(user_cfd, &cfdarg, sizeof(struct consolefontdesc)))
 461			return -EFAULT;
 462		return 0;
 463		}
 464	}
 465	return -EINVAL;
 466}
 467
 468static inline int 
 469do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud, int perm, struct vc_data *vc)
 470{
 471	struct unimapdesc tmp;
 472
 473	if (copy_from_user(&tmp, user_ud, sizeof tmp))
 474		return -EFAULT;
 475	if (tmp.entries)
 476		if (!access_ok(VERIFY_WRITE, tmp.entries,
 477				tmp.entry_ct*sizeof(struct unipair)))
 478			return -EFAULT;
 479	switch (cmd) {
 480	case PIO_UNIMAP:
 481		if (!perm)
 482			return -EPERM;
 483		return con_set_unimap(vc, tmp.entry_ct, tmp.entries);
 484	case GIO_UNIMAP:
 485		if (!perm && fg_console != vc->vc_num)
 486			return -EPERM;
 487		return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp.entries);
 488	}
 489	return 0;
 490}
 491
 492
 493
 494/*
 495 * We handle the console-specific ioctl's here.  We allow the
 496 * capability to modify any console, not just the fg_console. 
 497 */
 498int vt_ioctl(struct tty_struct *tty, struct file * file,
 499	     unsigned int cmd, unsigned long arg)
 500{
 501	struct vc_data *vc = tty->driver_data;
 502	struct console_font_op op;	/* used in multiple places here */
 503	struct kbd_struct * kbd;
 504	unsigned int console;
 505	unsigned char ucval;
 506	void __user *up = (void __user *)arg;
 507	int i, perm;
 508	int ret = 0;
 509
 510	console = vc->vc_num;
 511
 512	lock_kernel();
 513
 514	if (!vc_cons_allocated(console)) { 	/* impossible? */
 515		ret = -ENOIOCTLCMD;
 516		goto out;
 517	}
 518
 519
 520	/*
 521	 * To have permissions to do most of the vt ioctls, we either have
 522	 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
 523	 */
 524	perm = 0;
 525	if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG))
 526		perm = 1;
 527 
 528	kbd = kbd_table + console;
 529	switch (cmd) {
 530	case TIOCLINUX:
 531		ret = tioclinux(tty, arg);
 532		break;
 533	case KIOCSOUND:
 534		if (!perm)
 535			goto eperm;
 536		/* FIXME: This is an old broken API but we need to keep it
 537		   supported and somehow separate the historic advertised
 538		   tick rate from any real one */
 539		if (arg)
 540			arg = CLOCK_TICK_RATE / arg;
 541		kd_mksound(arg, 0);
 542		break;
 543
 544	case KDMKTONE:
 545		if (!perm)
 546			goto eperm;
 547	{
 548		unsigned int ticks, count;
 549		
 550		/*
 551		 * Generate the tone for the appropriate number of ticks.
 552		 * If the time is zero, turn off sound ourselves.
 553		 */
 554		ticks = HZ * ((arg >> 16) & 0xffff) / 1000;
 555		count = ticks ? (arg & 0xffff) : 0;
 556		/* FIXME: This is an old broken API but we need to keep it
 557		   supported and somehow separate the historic advertised
 558		   tick rate from any real one */
 559		if (count)
 560			count = CLOCK_TICK_RATE / count;
 561		kd_mksound(count, ticks);
 562		break;
 563	}
 564
 565	case KDGKBTYPE:
 566		/*
 567		 * this is naive.
 568		 */
 569		ucval = KB_101;
 570		goto setchar;
 571
 572		/*
 573		 * These cannot be implemented on any machine that implements
 574		 * ioperm() in user level (such as Alpha PCs) or not at all.
 575		 *
 576		 * XXX: you should never use these, just call ioperm directly..
 577		 */
 578#ifdef CONFIG_X86
 579	case KDADDIO:
 580	case KDDELIO:
 581		/*
 582		 * KDADDIO and KDDELIO may be able to add ports beyond what
 583		 * we reject here, but to be safe...
 584		 */
 585		if (arg < GPFIRST || arg > GPLAST) {
 586			ret = -EINVAL;
 587			break;
 588		}
 589		ret = sys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0;
 590		break;
 591
 592	case KDENABIO:
 593	case KDDISABIO:
 594		ret = sys_ioperm(GPFIRST, GPNUM,
 595				  (cmd == KDENABIO)) ? -ENXIO : 0;
 596		break;
 597#endif
 598
 599	/* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */
 600		
 601	case KDKBDREP:
 602	{
 603		struct kbd_repeat kbrep;
 604		
 605		if (!capable(CAP_SYS_TTY_CONFIG))
 606			goto eperm;
 607
 608		if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat))) {
 609			ret =  -EFAULT;
 610			break;
 611		}
 612		ret = kbd_rate(&kbrep);
 613		if (ret)
 614			break;
 615		if (copy_to_user(up, &kbrep, sizeof(struct kbd_repeat)))
 616			ret = -EFAULT;
 617		break;
 618	}
 619
 620	case KDSETMODE:
 621		/*
 622		 * currently, setting the mode from KD_TEXT to KD_GRAPHICS
 623		 * doesn't do a whole lot. i'm not sure if it should do any
 624		 * restoration of modes or what...
 625		 *
 626		 * XXX It should at least call into the driver, fbdev's definitely
 627		 * need to restore their engine state. --BenH
 628		 */
 629		if (!perm)
 630			goto eperm;
 631		switch (arg) {
 632		case KD_GRAPHICS:
 633			break;
 634		case KD_TEXT0:
 635		case KD_TEXT1:
 636			arg = KD_TEXT;
 637		case KD_TEXT:
 638			break;
 639		default:
 640			ret = -EINVAL;
 641			goto out;
 642		}
 643		if (vc->vc_mode == (unsigned char) arg)
 644			break;
 645		vc->vc_mode = (unsigned char) arg;
 646		if (console != fg_console)
 647			break;
 648		/*
 649		 * explicitly blank/unblank the screen if switching modes
 650		 */
 651		acquire_console_sem();
 652		if (arg == KD_TEXT)
 653			do_unblank_screen(1);
 654		else
 655			do_blank_screen(1);
 656		release_console_sem();
 657		break;
 658
 659	case KDGETMODE:
 660		ucval = vc->vc_mode;
 661		goto setint;
 662
 663	case KDMAPDISP:
 664	case KDUNMAPDISP:
 665		/*
 666		 * these work like a combination of mmap and KDENABIO.
 667		 * this could be easily finished.
 668		 */
 669		ret = -EINVAL;
 670		break;
 671
 672	case KDSKBMODE:
 673		if (!perm)
 674			goto eperm;
 675		switch(arg) {
 676		  case K_RAW:
 677			kbd->kbdmode = VC_RAW;
 678			break;
 679		  case K_MEDIUMRAW:
 680			kbd->kbdmode = VC_MEDIUMRAW;
 681			break;
 682		  case K_XLATE:
 683			kbd->kbdmode = VC_XLATE;
 684			compute_shiftstate();
 685			break;
 686		  case K_UNICODE:
 687			kbd->kbdmode = VC_UNICODE;
 688			compute_shiftstate();
 689			break;
 690		  default:
 691			ret = -EINVAL;
 692			goto out;
 693		}
 694		tty_ldisc_flush(tty);
 695		break;
 696
 697	case KDGKBMODE:
 698		ucval = ((kbd->kbdmode == VC_RAW) ? K_RAW :
 699				 (kbd->kbdmode == VC_MEDIUMRAW) ? K_MEDIUMRAW :
 700				 (kbd->kbdmode == VC_UNICODE) ? K_UNICODE :
 701				 K_XLATE);
 702		goto setint;
 703
 704	/* this could be folded into KDSKBMODE, but for compatibility
 705	   reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */
 706	case KDSKBMETA:
 707		switch(arg) {
 708		  case K_METABIT:
 709			clr_vc_kbd_mode(kbd, VC_META);
 710			break;
 711		  case K_ESCPREFIX:
 712			set_vc_kbd_mode(kbd, VC_META);
 713			break;
 714		  default:
 715			ret = -EINVAL;
 716		}
 717		break;
 718
 719	case KDGKBMETA:
 720		ucval = (vc_kbd_mode(kbd, VC_META) ? K_ESCPREFIX : K_METABIT);
 721	setint:
 722		ret = put_user(ucval, (int __user *)arg);
 723		break;
 724
 725	case KDGETKEYCODE:
 726	case KDSETKEYCODE:
 727		if(!capable(CAP_SYS_TTY_CONFIG))
 728			perm = 0;
 729		ret = do_kbkeycode_ioctl(cmd, up, perm);
 730		break;
 731
 732	case KDGKBENT:
 733	case KDSKBENT:
 734		ret = do_kdsk_ioctl(cmd, up, perm, kbd);
 735		break;
 736
 737	case KDGKBSENT:
 738	case KDSKBSENT:
 739		ret = do_kdgkb_ioctl(cmd, up, perm);
 740		break;
 741
 742	case KDGKBDIACR:
 743	{
 744		struct kbdiacrs __user *a = up;
 745		struct kbdiacr diacr;
 746		int i;
 747
 748		if (put_user(accent_table_size, &a->kb_cnt)) {
 749			ret = -EFAULT;
 750			break;
 751		}
 752		for (i = 0; i < accent_table_size; i++) {
 753			diacr.diacr = conv_uni_to_8bit(accent_table[i].diacr);
 754			diacr.base = conv_uni_to_8bit(accent_table[i].base);
 755			diacr.result = conv_uni_to_8bit(accent_table[i].result);
 756			if (copy_to_user(a->kbdiacr + i, &diacr, sizeof(struct kbdiacr))) {
 757				ret = -EFAULT;
 758				break;
 759			}
 760		}
 761		break;
 762	}
 763	case KDGKBDIACRUC:
 764	{
 765		struct kbdiacrsuc __user *a = up;
 766
 767		if (put_user(accent_table_size, &a->kb_cnt))
 768			ret = -EFAULT;
 769		else if (copy_to_user(a->kbdiacruc, accent_table,
 770				accent_table_size*sizeof(struct kbdiacruc)))
 771			ret = -EFAULT;
 772		break;
 773	}
 774
 775	case KDSKBDIACR:
 776	{
 777		struct kbdiacrs __user *a = up;
 778		struct kbdiacr diacr;
 779		unsigned int ct;
 780		int i;
 781
 782		if (!perm)
 783			goto eperm;
 784		if (get_user(ct,&a->kb_cnt)) {
 785			ret = -EFAULT;
 786			break;
 787		}
 788		if (ct >= MAX_DIACR) {
 789			ret = -EINVAL;
 790			break;
 791		}
 792		accent_table_size = ct;
 793		for (i = 0; i < ct; i++) {
 794			if (copy_from_user(&diacr, a->kbdiacr + i, sizeof(struct kbdiacr))) {
 795				ret = -EFAULT;
 796				break;
 797			}
 798			accent_table[i].diacr = conv_8bit_to_uni(diacr.diacr);
 799			accent_table[i].base = conv_8bit_to_uni(diacr.base);
 800			accent_table[i].result = conv_8bit_to_uni(diacr.result);
 801		}
 802		break;
 803	}
 804
 805	case KDSKBDIACRUC:
 806	{
 807		struct kbdiacrsuc __user *a = up;
 808		unsigned int ct;
 809
 810		if (!perm)
 811			goto eperm;
 812		if (get_user(ct,&a->kb_cnt)) {
 813			ret = -EFAULT;
 814			break;
 815		}
 816		if (ct >= MAX_DIACR) {
 817			ret = -EINVAL;
 818			break;
 819		}
 820		accent_table_size = ct;
 821		if (copy_from_user(accent_table, a->kbdiacruc, ct*sizeof(struct kbdiacruc)))
 822			ret = -EFAULT;
 823		break;
 824	}
 825
 826	/* the ioctls below read/set the flags usually shown in the leds */
 827	/* don't use them - they will go away without warning */
 828	case KDGKBLED:
 829		ucval = kbd->ledflagstate | (kbd->default_ledflagstate << 4);
 830		goto setchar;
 831
 832	case KDSKBLED:
 833		if (!perm)
 834			goto eperm;
 835		if (arg & ~0x77) {
 836			ret = -EINVAL;
 837			break;
 838		}
 839		kbd->ledflagstate = (arg & 7);
 840		kbd->default_ledflagstate = ((arg >> 4) & 7);
 841		set_leds();
 842		break;
 843
 844	/* the ioctls below only set the lights, not the functions */
 845	/* for those, see KDGKBLED and KDSKBLED above */
 846	case KDGETLED:
 847		ucval = getledstate();
 848	setchar:
 849		ret = put_user(ucval, (char __user *)arg);
 850		break;
 851
 852	case KDSETLED:
 853		if (!perm)
 854			goto eperm;
 855		setledstate(kbd, arg);
 856		break;
 857
 858	/*
 859	 * A process can indicate its willingness to accept signals
 860	 * generated by pressing an appropriate key combination.
 861	 * Thus, one can have a daemon that e.g. spawns a new console
 862	 * upon a keypress and then changes to it.
 863	 * See also the kbrequest field of inittab(5).
 864	 */
 865	case KDSIGACCEPT:
 866	{
 867		if (!perm || !capable(CAP_KILL))
 868			goto eperm;
 869		if (!valid_signal(arg) || arg < 1 || arg == SIGKILL)
 870			ret = -EINVAL;
 871		else {
 872			spin_lock_irq(&vt_spawn_con.lock);
 873			put_pid(vt_spawn_con.pid);
 874			vt_spawn_con.pid = get_pid(task_pid(current));
 875			vt_spawn_con.sig = arg;
 876			spin_unlock_irq(&vt_spawn_con.lock);
 877		}
 878		break;
 879	}
 880
 881	case VT_SETMODE:
 882	{
 883		struct vt_mode tmp;
 884
 885		if (!perm)
 886			goto eperm;
 887		if (copy_from_user(&tmp, up, sizeof(struct vt_mode))) {
 888			ret = -EFAULT;
 889			goto out;
 890		}
 891		if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS) {
 892			ret = -EINVAL;
 893			goto out;
 894		}
 895		acquire_console_sem();
 896		vc->vt_mode = tmp;
 897		/* the frsig is ignored, so we set it to 0 */
 898		vc->vt_mode.frsig = 0;
 899		put_pid(vc->vt_pid);
 900		vc->vt_pid = get_pid(task_pid(current));
 901		/* no switch is required -- saw@shade.msu.ru */
 902		vc->vt_newvt = -1;
 903		release_console_sem();
 904		break;
 905	}
 906
 907	case VT_GETMODE:
 908	{
 909		struct vt_mode tmp;
 910		int rc;
 911
 912		acquire_console_sem();
 913		memcpy(&tmp, &vc->vt_mode, sizeof(struct vt_mode));
 914		release_console_sem();
 915
 916		rc = copy_to_user(up, &tmp, sizeof(struct vt_mode));
 917		if (rc)
 918			ret = -EFAULT;
 919		break;
 920	}
 921
 922	/*
 923	 * Returns global vt state. Note that VT 0 is always open, since
 924	 * it's an alias for the current VT, and people can't use it here.
 925	 * We cannot return state for more than 16 VTs, since v_state is short.
 926	 */
 927	case VT_GETSTATE:
 928	{
 929		struct vt_stat __user *vtstat = up;
 930		unsigned short state, mask;
 931
 932		if (put_user(fg_console + 1, &vtstat->v_active))
 933			ret = -EFAULT;
 934		else {
 935			state = 1;	/* /dev/tty0 is always open */
 936			for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask;
 937							++i, mask <<= 1)
 938				if (VT_IS_IN_USE(i))
 939					state |= mask;
 940			ret = put_user(state, &vtstat->v_state);
 941		}
 942		break;
 943	}
 944
 945	/*
 946	 * Returns the first available (non-opened) console.
 947	 */
 948	case VT_OPENQRY:
 949		for (i = 0; i < MAX_NR_CONSOLES; ++i)
 950			if (! VT_IS_IN_USE(i))
 951				break;
 952		ucval = i < MAX_NR_CONSOLES ? (i+1) : -1;
 953		goto setint;		 
 954
 955	/*
 956	 * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num,
 957	 * with num >= 1 (switches to vt 0, our console, are not allowed, just
 958	 * to preserve sanity).
 959	 */
 960	case VT_ACTIVATE:
 961		if (!perm)
 962			goto eperm;
 963		if (arg == 0 || arg > MAX_NR_CONSOLES)
 964			ret =  -ENXIO;
 965		else {
 966			arg--;
 967			acquire_console_sem();
 968			ret = vc_allocate(arg);
 969			release_console_sem();
 970			if (ret)
 971				break;
 972			set_console(arg);
 973		}
 974		break;
 975
 976	case VT_SETACTIVATE:
 977	{
 978		struct vt_setactivate vsa;
 979
 980		if (!perm)
 981			goto eperm;
 982
 983		if (copy_from_user(&vsa, (struct vt_setactivate __user *)arg,
 984					sizeof(struct vt_setactivate))) {
 985			ret = -EFAULT;
 986			goto out;
 987		}
 988		if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES)
 989			ret = -ENXIO;
 990		else {
 991			vsa.console--;
 992			acquire_console_sem();
 993			ret = vc_allocate(vsa.console);
 994			if (ret == 0) {
 995				struct vc_data *nvc;
 996				/* This is safe providing we don't drop the
 997				   console sem between vc_allocate and
 998				   finishing referencing nvc */
 999				nvc = vc_cons[vsa.console].d;
1000				nvc->vt_mode = vsa.mode;
1001				nvc->vt_mode.frsig = 0;
1002				put_pid(nvc->vt_pid);
1003				nvc->vt_pid = get_pid(task_pid(current));
1004			}
1005			release_console_sem();
1006			if (ret)
1007				break;
1008			/* Commence switch and lock */
1009			set_console(arg);
1010		}
1011	}
1012
1013	/*
1014	 * wait until the specified VT has been activated
1015	 */
1016	case VT_WAITACTIVE:
1017		if (!perm)
1018			goto eperm;
1019		if (arg == 0 || arg > MAX_NR_CONSOLES)
1020			ret = -ENXIO;
1021		else
1022			ret = vt_waitactive(arg);
1023		break;
1024
1025	/*
1026	 * If a vt is under process control, the kernel will not switch to it
1027	 * immediately, but postpone the operation until the process calls this
1028	 * ioctl, allowing the switch to complete.
1029	 *
1030	 * According to the X sources this is the behavior:
1031	 *	0:	pending switch-from not OK
1032	 *	1:	pending switch-from OK
1033	 *	2:	completed switch-to OK
1034	 */
1035	case VT_RELDISP:
1036		if (!perm)
1037			goto eperm;
1038
1039		if (vc->vt_mode.mode != VT_PROCESS) {
1040			ret = -EINVAL;
1041			break;
1042		}
1043		/*
1044		 * Switching-from response
1045		 */
1046		acquire_console_sem();
1047		if (vc->vt_newvt >= 0) {
1048			if (arg == 0)
1049				/*
1050				 * Switch disallowed, so forget we were trying
1051				 * to do it.
1052				 */
1053				vc->vt_newvt = -1;
1054
1055			else {
1056				/*
1057				 * The current vt has been released, so
1058				 * complete the switch.
1059				 */
1060				int newvt;
1061				newvt = vc->vt_newvt;
1062				vc->vt_newvt = -1;
1063				ret = vc_allocate(newvt);
1064				if (ret) {
1065					release_console_sem();
1066					break;
1067				}
1068				/*
1069				 * When we actually do the console switch,
1070				 * make sure we are atomic with respect to
1071				 * other console switches..
1072				 */
1073				complete_change_console(vc_cons[newvt].d);
1074			}
1075		} else {
1076			/*
1077			 * Switched-to response
1078			 */
1079			/*
1080			 * If it's just an ACK, ignore it
1081			 */
1082			if (arg != VT_ACKACQ)
1083				ret = -EINVAL;
1084		}
1085		release_console_sem();
1086		break;
1087
1088	 /*
1089	  * Disallocate memory associated to VT (but leave VT1)
1090	  */
1091	 case VT_DISALLOCATE:
1092		if (arg > MAX_NR_CONSOLES) {
1093			ret = -ENXIO;
1094			break;
1095		}
1096		if (arg == 0) {
1097		    /* deallocate all unused consoles, but leave 0 */
1098			acquire_console_sem();
1099			for (i=1; i<MAX_NR_CONSOLES; i++)
1100				if (! VT_BUSY(i))
1101					vc_deallocate(i);
1102			release_console_sem();
1103		} else {
1104			/* deallocate a single console, if possible */
1105			arg--;
1106			if (VT_BUSY(arg))
1107				ret = -EBUSY;
1108			else if (arg) {			      /* leave 0 */
1109				acquire_console_sem();
1110				vc_deallocate(arg);
1111				release_console_sem();
1112			}
1113		}
1114		break;
1115
1116	case VT_RESIZE:
1117	{
1118		struct vt_sizes __user *vtsizes = up;
1119		struct vc_data *vc;
1120
1121		ushort ll,cc;
1122		if (!perm)
1123			goto eperm;
1124		if (get_user(ll, &vtsizes->v_rows) ||
1125		    get_user(cc, &vtsizes->v_cols))
1126			ret = -EFAULT;
1127		else {
1128			acquire_console_sem();
1129			for (i = 0; i < MAX_NR_CONSOLES; i++) {
1130				vc = vc_cons[i].d;
1131
1132				if (vc) {
1133					vc->vc_resize_user = 1;
1134					vc_resize(vc_cons[i].d, cc, ll);
1135				}
1136			}
1137			release_console_sem();
1138		}
1139		break;
1140	}
1141
1142	case VT_RESIZEX:
1143	{
1144		struct vt_consize __user *vtconsize = up;
1145		ushort ll,cc,vlin,clin,vcol,ccol;
1146		if (!perm)
1147			goto eperm;
1148		if (!access_ok(VERIFY_READ, vtconsize,
1149				sizeof(struct vt_consize))) {
1150			ret = -EFAULT;
1151			break;
1152		}
1153		/* FIXME: Should check the copies properly */
1154		__get_user(ll, &vtconsize->v_rows);
1155		__get_user(cc, &vtconsize->v_cols);
1156		__get_user(vlin, &vtconsize->v_vlin);
1157		__get_user(clin, &vtconsize->v_clin);
1158		__get_user(vcol, &vtconsize->v_vcol);
1159		__get_user(ccol, &vtconsize->v_ccol);
1160		vlin = vlin ? vlin : vc->vc_scan_lines;
1161		if (clin) {
1162			if (ll) {
1163				if (ll != vlin/clin) {
1164					/* Parameters don't add up */
1165					ret = -EINVAL;
1166					break;
1167				}
1168			} else 
1169				ll = vlin/clin;
1170		}
1171		if (vcol && ccol) {
1172			if (cc) {
1173				if (cc != vcol/ccol) {
1174					ret = -EINVAL;
1175					break;
1176				}
1177			} else
1178				cc = vcol/ccol;
1179		}
1180
1181		if (clin > 32) {
1182			ret =  -EINVAL;
1183			break;
1184		}
1185		    
1186		for (i = 0; i < MAX_NR_CONSOLES; i++) {
1187			if (!vc_cons[i].d)
1188				continue;
1189			acquire_console_sem();
1190			if (vlin)
1191				vc_cons[i].d->vc_scan_lines = vlin;
1192			if (clin)
1193				vc_cons[i].d->vc_font.height = clin;
1194			vc_cons[i].d->vc_resize_user = 1;
1195			vc_resize(vc_cons[i].d, cc, ll);
1196			release_console_sem();
1197		}
1198		break;
1199	}
1200
1201	case PIO_FONT: {
1202		if (!perm)
1203			goto eperm;
1204		op.op = KD_FONT_OP_SET;
1205		op.flags = KD_FONT_FLAG_OLD | KD_FONT_FLAG_DONT_RECALC;	/* Compatibility */
1206		op.width = 8;
1207		op.height = 0;
1208		op.charcount = 256;
1209		op.data = up;
1210		ret = con_font_op(vc_cons[fg_console].d, &op);
1211		break;
1212	}
1213
1214	case GIO_FONT: {
1215		op.op = KD_FONT_OP_GET;
1216		op.flags = KD_FONT_FLAG_OLD;
1217		op.width = 8;
1218		op.height = 32;
1219		op.charcount = 256;
1220		op.data = up;
1221		ret = con_font_op(vc_cons[fg_console].d, &op);
1222		break;
1223	}
1224
1225	case PIO_CMAP:
1226                if (!perm)
1227			ret = -EPERM;
1228		else
1229	                ret = con_set_cmap(up);
1230		break;
1231
1232	case GIO_CMAP:
1233                ret = con_get_cmap(up);
1234		break;
1235
1236	case PIO_FONTX:
1237	case GIO_FONTX:
1238		ret = do_fontx_ioctl(cmd, up, perm, &op);
1239		break;
1240
1241	case PIO_FONTRESET:
1242	{
1243		if (!perm)
1244			goto eperm;
1245
1246#ifdef BROKEN_GRAPHICS_PROGRAMS
1247		/* With BROKEN_GRAPHICS_PROGRAMS defined, the default
1248		   font is not saved. */
1249		ret = -ENOSYS;
1250		break;
1251#else
1252		{
1253		op.op = KD_FONT_OP_SET_DEFAULT;
1254		op.data = NULL;
1255		ret = con_font_op(vc_cons[fg_console].d, &op);
1256		if (ret)
1257			break;
1258		con_set_default_unimap(vc_cons[fg_console].d);
1259		break;
1260		}
1261#endif
1262	}
1263
1264	case KDFONTOP: {
1265		if (copy_from_user(&op, up, sizeof(op))) {
1266			ret = -EFAULT;
1267			break;
1268		}
1269		if (!perm && op.op != KD_FONT_OP_GET)
1270			goto eperm;
1271		ret = con_font_op(vc, &op);
1272		if (ret)
1273			break;
1274		if (copy_to_user(up, &op, sizeof(op)))
1275			ret = -EFAULT;
1276		break;
1277	}
1278
1279	case PIO_SCRNMAP:
1280		if (!perm)
1281			ret = -EPERM;
1282		else
1283			ret = con_set_trans_old(up);
1284		break;
1285
1286	case GIO_SCRNMAP:
1287		ret = con_get_trans_old(up);
1288		break;
1289
1290	case PIO_UNISCRNMAP:
1291		if (!perm)
1292			ret = -EPERM;
1293		else
1294			ret = con_set_trans_new(up);
1295		break;
1296
1297	case GIO_UNISCRNMAP:
1298		ret = con_get_trans_new(up);
1299		break;
1300
1301	case PIO_UNIMAPCLR:
1302	      { struct unimapinit ui;
1303		if (!perm)
1304			goto eperm;
1305		ret = copy_from_user(&ui, up, sizeof(struct unimapinit));
1306		if (!ret)
1307			con_clear_unimap(vc, &ui);
1308		break;
1309	      }
1310
1311	case PIO_UNIMAP:
1312	case GIO_UNIMAP:
1313		ret = do_unimap_ioctl(cmd, up, perm, vc);
1314		break;
1315
1316	case VT_LOCKSWITCH:
1317		if (!capable(CAP_SYS_TTY_CONFIG))
1318			goto eperm;
1319		vt_dont_switch = 1;
1320		break;
1321	case VT_UNLOCKSWITCH:
1322		if (!capable(CAP_SYS_TTY_CONFIG))
1323			goto eperm;
1324		vt_dont_switch = 0;
1325		break;
1326	case VT_GETHIFONTMASK:
1327		ret = put_user(vc->vc_hi_font_mask,
1328					(unsigned short __user *)arg);
1329		break;
1330	case VT_WAITEVENT:
1331		ret = vt_event_wait_ioctl((struct vt_event __user *)arg);
1332		break;
1333	default:
1334		ret = -ENOIOCTLCMD;
1335	}
1336out:
1337	unlock_kernel();
1338	return ret;
1339eperm:
1340	ret = -EPERM;
1341	goto out;
1342}
1343
1344void reset_vc(struct vc_data *vc)
1345{
1346	vc->vc_mode = KD_TEXT;
1347	kbd_table[vc->vc_num].kbdmode = default_utf8 ? VC_UNICODE : VC_XLATE;
1348	vc->vt_mode.mode = VT_AUTO;
1349	vc->vt_mode.waitv = 0;
1350	vc->vt_mode.relsig = 0;
1351	vc->vt_mode.acqsig = 0;
1352	vc->vt_mode.frsig = 0;
1353	put_pid(vc->vt_pid);
1354	vc->vt_pid = NULL;
1355	vc->vt_newvt = -1;
1356	if (!in_interrupt())    /* Via keyboard.c:SAK() - akpm */
1357		reset_palette(vc);
1358}
1359
1360void vc_SAK(struct work_struct *work)
1361{
1362	struct vc *vc_con =
1363		container_of(work, struct vc, SAK_work);
1364	struct vc_data *vc;
1365	struct tty_struct *tty;
1366
1367	acquire_console_sem();
1368	vc = vc_con->d;
1369	if (vc) {
1370		tty = vc->vc_tty;
1371		/*
1372		 * SAK should also work in all raw modes and reset
1373		 * them properly.
1374		 */
1375		if (tty)
1376			__do_SAK(tty);
1377		reset_vc(vc);
1378	}
1379	release_console_sem();
1380}
1381
1382#ifdef CONFIG_COMPAT
1383
1384struct compat_consolefontdesc {
1385	unsigned short charcount;       /* characters in font (256 or 512) */
1386	unsigned short charheight;      /* scan lines per character (1-32) */
1387	compat_caddr_t chardata;	/* font data in expanded form */
1388};
1389
1390static inline int
1391compat_fontx_ioctl(int cmd, struct compat_consolefontdesc __user *user_cfd,
1392			 int perm, struct console_font_op *op)
1393{
1394	struct compat_consolefontdesc cfdarg;
1395	int i;
1396
1397	if (copy_from_user(&cfdarg, user_cfd, sizeof(struct compat_consolefontdesc)))
1398		return -EFAULT;
1399
1400	switch (cmd) {
1401	case PIO_FONTX:
1402		if (!perm)
1403			return -EPERM;
1404		op->op = KD_FONT_OP_SET;
1405		op->flags = KD_FONT_FLAG_OLD;
1406		op->width = 8;
1407		op->height = cfdarg.charheight;
1408		op->charcount = cfdarg.charcount;
1409		op->data = compat_ptr(cfdarg.chardata);
1410		return con_font_op(vc_cons[fg_console].d, op);
1411	case GIO_FONTX:
1412		op->op = KD_FONT_OP_GET;
1413		op->flags = KD_FONT_FLAG_OLD;
1414		op->width = 8;
1415		op->height = cfdarg.charheight;
1416		op->charcount = cfdarg.charcount;
1417		op->data = compat_ptr(cfdarg.chardata);
1418		i = con_font_op(vc_cons[fg_console].d, op);
1419		if (i)
1420			return i;
1421		cfdarg.charheight = op->height;
1422		cfdarg.charcount = op->charcount;
1423		if (copy_to_user(user_cfd, &cfdarg, sizeof(struct compat_consolefontdesc)))
1424			return -EFAULT;
1425		return 0;
1426	}
1427	return -EINVAL;
1428}
1429
1430struct compat_console_font_op {
1431	compat_uint_t op;        /* operation code KD_FONT_OP_* */
1432	compat_uint_t flags;     /* KD_FONT_FLAG_* */
1433	compat_uint_t width, height;     /* font size */
1434	compat_uint_t charcount;
1435	compat_caddr_t data;    /* font data with height fixed to 32 */
1436};
1437
1438static inline int
1439compat_kdfontop_ioctl(struct compat_console_font_op __user *fontop,
1440			 int perm, struct console_font_op *op, struct vc_data *vc)
1441{
1442	int i;
1443
1444	if (copy_from_user(op, fontop, sizeof(struct compat_console_font_op)))
1445		return -EFAULT;
1446	if (!perm && op->op != KD_FONT_OP_GET)
1447		return -EPERM;
1448	op->data = compat_ptr(((struct compat_console_font_op *)op)->data);
1449	op->flags |= KD_FONT_FLAG_OLD;
1450	i = con_font_op(vc, op);
1451	if (i)
1452		return i;
1453	((struct compat_console_font_op *)op)->data = (unsigned long)op->data;
1454	if (copy_to_user(fontop, op, sizeof(struct compat_console_font_op)))
1455		return -EFAULT;
1456	return 0;
1457}
1458
1459struct compat_unimapdesc {
1460	unsigned short entry_ct;
1461	compat_caddr_t entries;
1462};
1463
1464static inline int
1465compat_unimap_ioctl(unsigned int cmd, struct compat_unimapdesc __user *user_ud,
1466			 int perm, struct vc_data *vc)
1467{
1468	struct compat_unimapdesc tmp;
1469	struct unipair __user *tmp_entries;
1470
1471	if (copy_from_user(&tmp, user_ud, sizeof tmp))
1472		return -EFAULT;
1473	tmp_entries = compat_ptr(tmp.entries);
1474	if (tmp_entries)
1475		if (!access_ok(VERIFY_WRITE, tmp_entries,
1476				tmp.entry_ct*sizeof(struct unipair)))
1477			return -EFAULT;
1478	switch (cmd) {
1479	case PIO_UNIMAP:
1480		if (!perm)
1481			return -EPERM;
1482		return con_set_unimap(vc, tmp.entry_ct, tmp_entries);
1483	case GIO_UNIMAP:
1484		if (!perm && fg_console != vc->vc_num)
1485			return -EPERM;
1486		return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp_entries);
1487	}
1488	return 0;
1489}
1490
1491long vt_compat_ioctl(struct tty_struct *tty, struct file * file,
1492	     unsigned int cmd, unsigned long arg)
1493{
1494	struct vc_data *vc = tty->driver_data;
1495	struct console_font_op op;	/* used in multiple places here */
1496	struct kbd_struct *kbd;
1497	unsigned int console;
1498	void __user *up = (void __user *)arg;
1499	int perm;
1500	int ret = 0;
1501
1502	console = vc->vc_num;
1503
1504	lock_kernel();
1505
1506	if (!vc_cons_allocated(console)) { 	/* impossible? */
1507		ret = -ENOIOCTLCMD;
1508		goto out;
1509	}
1510
1511	/*
1512	 * To have permissions to do most of the vt ioctls, we either have
1513	 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
1514	 */
1515	perm = 0;
1516	if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1517		perm = 1;
1518
1519	kbd = kbd_table + console;
1520	switch (cmd) {
1521	/*
1522	 * these need special handlers for incompatible data structures
1523	 */
1524	case PIO_FONTX:
1525	case GIO_FONTX:
1526		ret = compat_fontx_ioctl(cmd, up, perm, &op);
1527		break;
1528
1529	case KDFONTOP:
1530		ret = compat_kdfontop_ioctl(up, perm, &op, vc);
1531		break;
1532
1533	case PIO_UNIMAP:
1534	case GIO_UNIMAP:
1535		ret = compat_unimap_ioctl(cmd, up, perm, vc);
1536		break;
1537
1538	/*
1539	 * all these treat 'arg' as an integer
1540	 */
1541	case KIOCSOUND:
1542	case KDMKTONE:
1543#ifdef CONFIG_X86
1544	case KDADDIO:
1545	case KDDELIO:
1546#endif
1547	case KDSETMODE:
1548	case KDMAPDISP:
1549	case KDUNMAPDISP:
1550	case KDSKBMODE:
1551	case KDSKBMETA:
1552	case KDSKBLED:
1553	case KDSETLED:
1554	case KDSIGACCEPT:
1555	case VT_ACTIVATE:
1556	case VT_WAITACTIVE:
1557	case VT_RELDISP:
1558	case VT_DISALLOCATE:
1559	case VT_RESIZE:
1560	case VT_RESIZEX:
1561		goto fallback;
1562
1563	/*
1564	 * the rest has a compatible data structure behind arg,
1565	 * but we have to convert it to a proper 64 bit pointer.
1566	 */
1567	default:
1568		arg = (unsigned long)compat_ptr(arg);
1569		goto fallback;
1570	}
1571out:
1572	unlock_kernel();
1573	return ret;
1574
1575fallback:
1576	unlock_kernel();
1577	return vt_ioctl(tty, file, cmd, arg);
1578}
1579
1580
1581#endif /* CONFIG_COMPAT */
1582
1583
1584/*
1585 * Performs the back end of a vt switch. Called under the console
1586 * semaphore.
1587 */
1588static void complete_change_console(struct vc_data *vc)
1589{
1590	unsigned char old_vc_mode;
1591	int old = fg_console;
1592
1593	last_console = fg_console;
1594
1595	/*
1596	 * If we're switching, we could be going from KD_GRAPHICS to
1597	 * KD_TEXT mode or vice versa, which means we need to blank or
1598	 * unblank the screen later.
1599	 */
1600	old_vc_mode = vc_cons[fg_console].d->vc_mode;
1601	switch_screen(vc);
1602
1603	/*
1604	 * This can't appear below a successful kill_pid().  If it did,
1605	 * then the *blank_screen operation could occur while X, having
1606	 * received acqsig, is waking up on another processor.  This
1607	 * condition can lead to overlapping accesses to the VGA range
1608	 * and the framebuffer (causing system lockups).
1609	 *
1610	 * To account for this we duplicate this code below only if the
1611	 * controlling process is gone and we've called reset_vc.
1612	 */
1613	if (old_vc_mode != vc->vc_mode) {
1614		if (vc->vc_mode == KD_TEXT)
1615			do_unblank_screen(1);
1616		else
1617			do_blank_screen(1);
1618	}
1619
1620	/*
1621	 * If this new console is under process control, send it a signal
1622	 * telling it that it has acquired. Also check if it has died and
1623	 * clean up (similar to logic employed in change_console())
1624	 */
1625	if (vc->vt_mode.mode == VT_PROCESS) {
1626		/*
1627		 * Send the signal as privileged - kill_pid() will
1628		 * tell us if the process has gone or something else
1629		 * is awry
1630		 */
1631		if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) {
1632		/*
1633		 * The controlling process has died, so we revert back to
1634		 * normal operation. In this case, we'll also change back
1635		 * to KD_TEXT mode. I'm not sure if this is strictly correct
1636		 * but it saves the agony when the X server dies and the screen
1637		 * remains blanked due to KD_GRAPHICS! It would be nice to do
1638		 * this outside of VT_PROCESS but there is no single process
1639		 * to account for and tracking tty count may be undesirable.
1640		 */
1641			reset_vc(vc);
1642
1643			if (old_vc_mode != vc->vc_mode) {
1644				if (vc->vc_mode == KD_TEXT)
1645					do_unblank_screen(1);
1646				else
1647					do_blank_screen(1);
1648			}
1649		}
1650	}
1651
1652	/*
1653	 * Wake anyone waiting for their VT to activate
1654	 */
1655	vt_event_post(VT_EVENT_SWITCH, old, vc->vc_num);
1656	return;
1657}
1658
1659/*
1660 * Performs the front-end of a vt switch
1661 */
1662void change_console(struct vc_data *new_vc)
1663{
1664	struct vc_data *vc;
1665
1666	if (!new_vc || new_vc->vc_num == fg_console || vt_dont_switch)
1667		return;
1668
1669	/*
1670	 * If this vt is in process mode, then we need to handshake with
1671	 * that process before switching. Essentially, we store where that
1672	 * vt wants to switch to and wait for it to tell us when it's done
1673	 * (via VT_RELDISP ioctl).
1674	 *
1675	 * We also check to see if the controlling process still exists.
1676	 * If it doesn't, we reset this vt to auto mode and continue.
1677	 * This is a cheap way to track process control. The worst thing
1678	 * that can happen is: we send a signal to a process, it dies, and
1679	 * the switch gets "lost" waiting for a response; hopefully, the
1680	 * user will try again, we'll detect the process is gone (unless
1681	 * the user waits just the right amount of time :-) and revert the
1682	 * vt to auto control.
1683	 */
1684	vc = vc_cons[fg_console].d;
1685	if (vc->vt_mode.mode == VT_PROCESS) {
1686		/*
1687		 * Send the signal as privileged - kill_pid() will
1688		 * tell us if the process has gone or something else
1689		 * is awry.
1690		 *
1691		 * We need to set vt_newvt *before* sending the signal or we
1692		 * have a race.
1693		 */
1694		vc->vt_newvt = new_vc->vc_num;
1695		if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) {
1696			/*
1697			 * It worked. Mark the vt to switch to and
1698			 * return. The process needs to send us a
1699			 * VT_RELDISP ioctl to complete the switch.
1700			 */
1701			return;
1702		}
1703
1704		/*
1705		 * The controlling process has died, so we revert back to
1706		 * normal operation. In this case, we'll also change back
1707		 * to KD_TEXT mode. I'm not sure if this is strictly correct
1708		 * but it saves the agony when the X server dies and the screen
1709		 * remains blanked due to KD_GRAPHICS! It would be nice to do
1710		 * this outside of VT_PROCESS but there is no single process
1711		 * to account for and tracking tty count may be undesirable.
1712		 */
1713		reset_vc(vc);
1714
1715		/*
1716		 * Fall through to normal (VT_AUTO) handling of the switch...
1717		 */
1718	}
1719
1720	/*
1721	 * Ignore all switches in KD_GRAPHICS+VT_AUTO mode
1722	 */
1723	if (vc->vc_mode == KD_GRAPHICS)
1724		return;
1725
1726	complete_change_console(new_vc);
1727}
1728
1729/* Perform a kernel triggered VT switch for suspend/resume */
1730
1731static int disable_vt_switch;
1732
1733int vt_move_to_console(unsigned int vt, int alloc)
1734{
1735	int prev;
1736
1737	acquire_console_sem();
1738	/* Graphics mode - up to X */
1739	if (disable_vt_switch) {
1740		release_console_sem();
1741		return 0;
1742	}
1743	prev = fg_console;
1744
1745	if (alloc && vc_allocate(vt)) {
1746		/* we can't have a free VC for now. Too bad,
1747		 * we don't want to mess the screen for now. */
1748		release_console_sem();
1749		return -ENOSPC;
1750	}
1751
1752	if (set_console(vt)) {
1753		/*
1754		 * We're unable to switch to the SUSPEND_CONSOLE.
1755		 * Let the calling function know so it can decide
1756		 * what to do.
1757		 */
1758		release_console_sem();
1759		return -EIO;
1760	}
1761	release_console_sem();
1762	if (vt_waitactive(vt + 1)) {
1763		pr_debug("Suspend: Can't switch VCs.");
1764		return -EINTR;
1765	}
1766	return prev;
1767}
1768
1769/*
1770 * Normally during a suspend, we allocate a new console and switch to it.
1771 * When we resume, we switch back to the original console.  This switch
1772 * can be slow, so on systems where the framebuffer can handle restoration
1773 * of video registers anyways, there's little point in doing the console
1774 * switch.  This function allows you to disable it by passing it '0'.
1775 */
1776void pm_set_vt_switch(int do_switch)
1777{
1778	acquire_console_sem();
1779	disable_vt_switch = !do_switch;
1780	release_console_sem();
1781}
1782EXPORT_SYMBOL(pm_set_vt_switch);