vt_ioctl.c (30488B)
1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Copyright (C) 1992 obz under the linux copyright 4 * 5 * Dynamic diacritical handling - aeb@cwi.nl - Dec 1993 6 * Dynamic keymap and string allocation - aeb@cwi.nl - May 1994 7 * Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995 8 * Some code moved for less code duplication - Andi Kleen - Mar 1997 9 * Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001 10 */ 11 12#include <linux/types.h> 13#include <linux/errno.h> 14#include <linux/sched/signal.h> 15#include <linux/tty.h> 16#include <linux/timer.h> 17#include <linux/kernel.h> 18#include <linux/compat.h> 19#include <linux/module.h> 20#include <linux/kd.h> 21#include <linux/vt.h> 22#include <linux/string.h> 23#include <linux/slab.h> 24#include <linux/major.h> 25#include <linux/fs.h> 26#include <linux/console.h> 27#include <linux/consolemap.h> 28#include <linux/signal.h> 29#include <linux/suspend.h> 30#include <linux/timex.h> 31 32#include <asm/io.h> 33#include <linux/uaccess.h> 34 35#include <linux/nospec.h> 36 37#include <linux/kbd_kern.h> 38#include <linux/vt_kern.h> 39#include <linux/kbd_diacr.h> 40#include <linux/selection.h> 41 42bool vt_dont_switch; 43 44static inline bool vt_in_use(unsigned int i) 45{ 46 const struct vc_data *vc = vc_cons[i].d; 47 48 /* 49 * console_lock must be held to prevent the vc from being deallocated 50 * while we're checking whether it's in-use. 51 */ 52 WARN_CONSOLE_UNLOCKED(); 53 54 return vc && kref_read(&vc->port.kref) > 1; 55} 56 57static inline bool vt_busy(int i) 58{ 59 if (vt_in_use(i)) 60 return true; 61 if (i == fg_console) 62 return true; 63 if (vc_is_sel(vc_cons[i].d)) 64 return true; 65 66 return false; 67} 68 69/* 70 * Console (vt and kd) routines, as defined by USL SVR4 manual, and by 71 * experimentation and study of X386 SYSV handling. 72 * 73 * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and 74 * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console, 75 * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will 76 * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to 77 * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using 78 * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing 79 * to the current console is done by the main ioctl code. 80 */ 81 82#ifdef CONFIG_X86 83#include <asm/syscalls.h> 84#endif 85 86static void complete_change_console(struct vc_data *vc); 87 88/* 89 * User space VT_EVENT handlers 90 */ 91 92struct vt_event_wait { 93 struct list_head list; 94 struct vt_event event; 95 int done; 96}; 97 98static LIST_HEAD(vt_events); 99static DEFINE_SPINLOCK(vt_event_lock); 100static DECLARE_WAIT_QUEUE_HEAD(vt_event_waitqueue); 101 102/** 103 * vt_event_post 104 * @event: the event that occurred 105 * @old: old console 106 * @new: new console 107 * 108 * Post an VT event to interested VT handlers 109 */ 110 111void vt_event_post(unsigned int event, unsigned int old, unsigned int new) 112{ 113 struct list_head *pos, *head; 114 unsigned long flags; 115 int wake = 0; 116 117 spin_lock_irqsave(&vt_event_lock, flags); 118 head = &vt_events; 119 120 list_for_each(pos, head) { 121 struct vt_event_wait *ve = list_entry(pos, 122 struct vt_event_wait, list); 123 if (!(ve->event.event & event)) 124 continue; 125 ve->event.event = event; 126 /* kernel view is consoles 0..n-1, user space view is 127 console 1..n with 0 meaning current, so we must bias */ 128 ve->event.oldev = old + 1; 129 ve->event.newev = new + 1; 130 wake = 1; 131 ve->done = 1; 132 } 133 spin_unlock_irqrestore(&vt_event_lock, flags); 134 if (wake) 135 wake_up_interruptible(&vt_event_waitqueue); 136} 137 138static void __vt_event_queue(struct vt_event_wait *vw) 139{ 140 unsigned long flags; 141 /* Prepare the event */ 142 INIT_LIST_HEAD(&vw->list); 143 vw->done = 0; 144 /* Queue our event */ 145 spin_lock_irqsave(&vt_event_lock, flags); 146 list_add(&vw->list, &vt_events); 147 spin_unlock_irqrestore(&vt_event_lock, flags); 148} 149 150static void __vt_event_wait(struct vt_event_wait *vw) 151{ 152 /* Wait for it to pass */ 153 wait_event_interruptible(vt_event_waitqueue, vw->done); 154} 155 156static void __vt_event_dequeue(struct vt_event_wait *vw) 157{ 158 unsigned long flags; 159 160 /* Dequeue it */ 161 spin_lock_irqsave(&vt_event_lock, flags); 162 list_del(&vw->list); 163 spin_unlock_irqrestore(&vt_event_lock, flags); 164} 165 166/** 167 * vt_event_wait - wait for an event 168 * @vw: our event 169 * 170 * Waits for an event to occur which completes our vt_event_wait 171 * structure. On return the structure has wv->done set to 1 for success 172 * or 0 if some event such as a signal ended the wait. 173 */ 174 175static void vt_event_wait(struct vt_event_wait *vw) 176{ 177 __vt_event_queue(vw); 178 __vt_event_wait(vw); 179 __vt_event_dequeue(vw); 180} 181 182/** 183 * vt_event_wait_ioctl - event ioctl handler 184 * @event: argument to ioctl (the event) 185 * 186 * Implement the VT_WAITEVENT ioctl using the VT event interface 187 */ 188 189static int vt_event_wait_ioctl(struct vt_event __user *event) 190{ 191 struct vt_event_wait vw; 192 193 if (copy_from_user(&vw.event, event, sizeof(struct vt_event))) 194 return -EFAULT; 195 /* Highest supported event for now */ 196 if (vw.event.event & ~VT_MAX_EVENT) 197 return -EINVAL; 198 199 vt_event_wait(&vw); 200 /* If it occurred report it */ 201 if (vw.done) { 202 if (copy_to_user(event, &vw.event, sizeof(struct vt_event))) 203 return -EFAULT; 204 return 0; 205 } 206 return -EINTR; 207} 208 209/** 210 * vt_waitactive - active console wait 211 * @n: new console 212 * 213 * Helper for event waits. Used to implement the legacy 214 * event waiting ioctls in terms of events 215 */ 216 217int vt_waitactive(int n) 218{ 219 struct vt_event_wait vw; 220 do { 221 vw.event.event = VT_EVENT_SWITCH; 222 __vt_event_queue(&vw); 223 if (n == fg_console + 1) { 224 __vt_event_dequeue(&vw); 225 break; 226 } 227 __vt_event_wait(&vw); 228 __vt_event_dequeue(&vw); 229 if (vw.done == 0) 230 return -EINTR; 231 } while (vw.event.newev != n); 232 return 0; 233} 234 235/* 236 * these are the valid i/o ports we're allowed to change. they map all the 237 * video ports 238 */ 239#define GPFIRST 0x3b4 240#define GPLAST 0x3df 241#define GPNUM (GPLAST - GPFIRST + 1) 242 243/* 244 * currently, setting the mode from KD_TEXT to KD_GRAPHICS doesn't do a whole 245 * lot. i'm not sure if it should do any restoration of modes or what... 246 * 247 * XXX It should at least call into the driver, fbdev's definitely need to 248 * restore their engine state. --BenH 249 * 250 * Called with the console lock held. 251 */ 252static int vt_kdsetmode(struct vc_data *vc, unsigned long mode) 253{ 254 switch (mode) { 255 case KD_GRAPHICS: 256 break; 257 case KD_TEXT0: 258 case KD_TEXT1: 259 mode = KD_TEXT; 260 fallthrough; 261 case KD_TEXT: 262 break; 263 default: 264 return -EINVAL; 265 } 266 267 if (vc->vc_mode == mode) 268 return 0; 269 270 vc->vc_mode = mode; 271 if (vc->vc_num != fg_console) 272 return 0; 273 274 /* explicitly blank/unblank the screen if switching modes */ 275 if (mode == KD_TEXT) 276 do_unblank_screen(1); 277 else 278 do_blank_screen(1); 279 280 return 0; 281} 282 283static int vt_k_ioctl(struct tty_struct *tty, unsigned int cmd, 284 unsigned long arg, bool perm) 285{ 286 struct vc_data *vc = tty->driver_data; 287 void __user *up = (void __user *)arg; 288 unsigned int console = vc->vc_num; 289 int ret; 290 291 switch (cmd) { 292 case KIOCSOUND: 293 if (!perm) 294 return -EPERM; 295 /* 296 * The use of PIT_TICK_RATE is historic, it used to be 297 * the platform-dependent CLOCK_TICK_RATE between 2.6.12 298 * and 2.6.36, which was a minor but unfortunate ABI 299 * change. kd_mksound is locked by the input layer. 300 */ 301 if (arg) 302 arg = PIT_TICK_RATE / arg; 303 kd_mksound(arg, 0); 304 break; 305 306 case KDMKTONE: 307 if (!perm) 308 return -EPERM; 309 { 310 unsigned int ticks, count; 311 312 /* 313 * Generate the tone for the appropriate number of ticks. 314 * If the time is zero, turn off sound ourselves. 315 */ 316 ticks = msecs_to_jiffies((arg >> 16) & 0xffff); 317 count = ticks ? (arg & 0xffff) : 0; 318 if (count) 319 count = PIT_TICK_RATE / count; 320 kd_mksound(count, ticks); 321 break; 322 } 323 324 case KDGKBTYPE: 325 /* 326 * this is naïve. 327 */ 328 return put_user(KB_101, (char __user *)arg); 329 330 /* 331 * These cannot be implemented on any machine that implements 332 * ioperm() in user level (such as Alpha PCs) or not at all. 333 * 334 * XXX: you should never use these, just call ioperm directly.. 335 */ 336#ifdef CONFIG_X86 337 case KDADDIO: 338 case KDDELIO: 339 /* 340 * KDADDIO and KDDELIO may be able to add ports beyond what 341 * we reject here, but to be safe... 342 * 343 * These are locked internally via sys_ioperm 344 */ 345 if (arg < GPFIRST || arg > GPLAST) 346 return -EINVAL; 347 348 return ksys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0; 349 350 case KDENABIO: 351 case KDDISABIO: 352 return ksys_ioperm(GPFIRST, GPNUM, 353 (cmd == KDENABIO)) ? -ENXIO : 0; 354#endif 355 356 /* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */ 357 358 case KDKBDREP: 359 { 360 struct kbd_repeat kbrep; 361 362 if (!capable(CAP_SYS_TTY_CONFIG)) 363 return -EPERM; 364 365 if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat))) 366 return -EFAULT; 367 368 ret = kbd_rate(&kbrep); 369 if (ret) 370 return ret; 371 if (copy_to_user(up, &kbrep, sizeof(struct kbd_repeat))) 372 return -EFAULT; 373 break; 374 } 375 376 case KDSETMODE: 377 if (!perm) 378 return -EPERM; 379 380 console_lock(); 381 ret = vt_kdsetmode(vc, arg); 382 console_unlock(); 383 return ret; 384 385 case KDGETMODE: 386 return put_user(vc->vc_mode, (int __user *)arg); 387 388 case KDMAPDISP: 389 case KDUNMAPDISP: 390 /* 391 * these work like a combination of mmap and KDENABIO. 392 * this could be easily finished. 393 */ 394 return -EINVAL; 395 396 case KDSKBMODE: 397 if (!perm) 398 return -EPERM; 399 ret = vt_do_kdskbmode(console, arg); 400 if (ret) 401 return ret; 402 tty_ldisc_flush(tty); 403 break; 404 405 case KDGKBMODE: 406 return put_user(vt_do_kdgkbmode(console), (int __user *)arg); 407 408 /* this could be folded into KDSKBMODE, but for compatibility 409 reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */ 410 case KDSKBMETA: 411 return vt_do_kdskbmeta(console, arg); 412 413 case KDGKBMETA: 414 /* FIXME: should review whether this is worth locking */ 415 return put_user(vt_do_kdgkbmeta(console), (int __user *)arg); 416 417 case KDGETKEYCODE: 418 case KDSETKEYCODE: 419 if(!capable(CAP_SYS_TTY_CONFIG)) 420 perm = 0; 421 return vt_do_kbkeycode_ioctl(cmd, up, perm); 422 423 case KDGKBENT: 424 case KDSKBENT: 425 return vt_do_kdsk_ioctl(cmd, up, perm, console); 426 427 case KDGKBSENT: 428 case KDSKBSENT: 429 return vt_do_kdgkb_ioctl(cmd, up, perm); 430 431 /* Diacritical processing. Handled in keyboard.c as it has 432 to operate on the keyboard locks and structures */ 433 case KDGKBDIACR: 434 case KDGKBDIACRUC: 435 case KDSKBDIACR: 436 case KDSKBDIACRUC: 437 return vt_do_diacrit(cmd, up, perm); 438 439 /* the ioctls below read/set the flags usually shown in the leds */ 440 /* don't use them - they will go away without warning */ 441 case KDGKBLED: 442 case KDSKBLED: 443 case KDGETLED: 444 case KDSETLED: 445 return vt_do_kdskled(console, cmd, arg, perm); 446 447 /* 448 * A process can indicate its willingness to accept signals 449 * generated by pressing an appropriate key combination. 450 * Thus, one can have a daemon that e.g. spawns a new console 451 * upon a keypress and then changes to it. 452 * See also the kbrequest field of inittab(5). 453 */ 454 case KDSIGACCEPT: 455 if (!perm || !capable(CAP_KILL)) 456 return -EPERM; 457 if (!valid_signal(arg) || arg < 1 || arg == SIGKILL) 458 return -EINVAL; 459 460 spin_lock_irq(&vt_spawn_con.lock); 461 put_pid(vt_spawn_con.pid); 462 vt_spawn_con.pid = get_pid(task_pid(current)); 463 vt_spawn_con.sig = arg; 464 spin_unlock_irq(&vt_spawn_con.lock); 465 break; 466 467 case KDFONTOP: { 468 struct console_font_op op; 469 470 if (copy_from_user(&op, up, sizeof(op))) 471 return -EFAULT; 472 if (!perm && op.op != KD_FONT_OP_GET) 473 return -EPERM; 474 ret = con_font_op(vc, &op); 475 if (ret) 476 return ret; 477 if (copy_to_user(up, &op, sizeof(op))) 478 return -EFAULT; 479 break; 480 } 481 482 default: 483 return -ENOIOCTLCMD; 484 } 485 486 return 0; 487} 488 489static inline int do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud, 490 bool perm, struct vc_data *vc) 491{ 492 struct unimapdesc tmp; 493 494 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 495 return -EFAULT; 496 switch (cmd) { 497 case PIO_UNIMAP: 498 if (!perm) 499 return -EPERM; 500 return con_set_unimap(vc, tmp.entry_ct, tmp.entries); 501 case GIO_UNIMAP: 502 if (!perm && fg_console != vc->vc_num) 503 return -EPERM; 504 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), 505 tmp.entries); 506 } 507 return 0; 508} 509 510static int vt_io_ioctl(struct vc_data *vc, unsigned int cmd, void __user *up, 511 bool perm) 512{ 513 switch (cmd) { 514 case PIO_CMAP: 515 if (!perm) 516 return -EPERM; 517 return con_set_cmap(up); 518 519 case GIO_CMAP: 520 return con_get_cmap(up); 521 522 case PIO_SCRNMAP: 523 if (!perm) 524 return -EPERM; 525 return con_set_trans_old(up); 526 527 case GIO_SCRNMAP: 528 return con_get_trans_old(up); 529 530 case PIO_UNISCRNMAP: 531 if (!perm) 532 return -EPERM; 533 return con_set_trans_new(up); 534 535 case GIO_UNISCRNMAP: 536 return con_get_trans_new(up); 537 538 case PIO_UNIMAPCLR: 539 if (!perm) 540 return -EPERM; 541 con_clear_unimap(vc); 542 break; 543 544 case PIO_UNIMAP: 545 case GIO_UNIMAP: 546 return do_unimap_ioctl(cmd, up, perm, vc); 547 548 default: 549 return -ENOIOCTLCMD; 550 } 551 552 return 0; 553} 554 555static int vt_reldisp(struct vc_data *vc, unsigned int swtch) 556{ 557 int newvt, ret; 558 559 if (vc->vt_mode.mode != VT_PROCESS) 560 return -EINVAL; 561 562 /* Switched-to response */ 563 if (vc->vt_newvt < 0) { 564 /* If it's just an ACK, ignore it */ 565 return swtch == VT_ACKACQ ? 0 : -EINVAL; 566 } 567 568 /* Switching-from response */ 569 if (swtch == 0) { 570 /* Switch disallowed, so forget we were trying to do it. */ 571 vc->vt_newvt = -1; 572 return 0; 573 } 574 575 /* The current vt has been released, so complete the switch. */ 576 newvt = vc->vt_newvt; 577 vc->vt_newvt = -1; 578 ret = vc_allocate(newvt); 579 if (ret) 580 return ret; 581 582 /* 583 * When we actually do the console switch, make sure we are atomic with 584 * respect to other console switches.. 585 */ 586 complete_change_console(vc_cons[newvt].d); 587 588 return 0; 589} 590 591static int vt_setactivate(struct vt_setactivate __user *sa) 592{ 593 struct vt_setactivate vsa; 594 struct vc_data *nvc; 595 int ret; 596 597 if (copy_from_user(&vsa, sa, sizeof(vsa))) 598 return -EFAULT; 599 if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES) 600 return -ENXIO; 601 602 vsa.console--; 603 vsa.console = array_index_nospec(vsa.console, MAX_NR_CONSOLES); 604 console_lock(); 605 ret = vc_allocate(vsa.console); 606 if (ret) { 607 console_unlock(); 608 return ret; 609 } 610 611 /* 612 * This is safe providing we don't drop the console sem between 613 * vc_allocate and finishing referencing nvc. 614 */ 615 nvc = vc_cons[vsa.console].d; 616 nvc->vt_mode = vsa.mode; 617 nvc->vt_mode.frsig = 0; 618 put_pid(nvc->vt_pid); 619 nvc->vt_pid = get_pid(task_pid(current)); 620 console_unlock(); 621 622 /* Commence switch and lock */ 623 /* Review set_console locks */ 624 set_console(vsa.console); 625 626 return 0; 627} 628 629/* deallocate a single console, if possible (leave 0) */ 630static int vt_disallocate(unsigned int vc_num) 631{ 632 struct vc_data *vc = NULL; 633 int ret = 0; 634 635 console_lock(); 636 if (vt_busy(vc_num)) 637 ret = -EBUSY; 638 else if (vc_num) 639 vc = vc_deallocate(vc_num); 640 console_unlock(); 641 642 if (vc && vc_num >= MIN_NR_CONSOLES) 643 tty_port_put(&vc->port); 644 645 return ret; 646} 647 648/* deallocate all unused consoles, but leave 0 */ 649static void vt_disallocate_all(void) 650{ 651 struct vc_data *vc[MAX_NR_CONSOLES]; 652 int i; 653 654 console_lock(); 655 for (i = 1; i < MAX_NR_CONSOLES; i++) 656 if (!vt_busy(i)) 657 vc[i] = vc_deallocate(i); 658 else 659 vc[i] = NULL; 660 console_unlock(); 661 662 for (i = 1; i < MAX_NR_CONSOLES; i++) { 663 if (vc[i] && i >= MIN_NR_CONSOLES) 664 tty_port_put(&vc[i]->port); 665 } 666} 667 668static int vt_resizex(struct vc_data *vc, struct vt_consize __user *cs) 669{ 670 struct vt_consize v; 671 int i; 672 673 if (copy_from_user(&v, cs, sizeof(struct vt_consize))) 674 return -EFAULT; 675 676 /* FIXME: Should check the copies properly */ 677 if (!v.v_vlin) 678 v.v_vlin = vc->vc_scan_lines; 679 680 if (v.v_clin) { 681 int rows = v.v_vlin / v.v_clin; 682 if (v.v_rows != rows) { 683 if (v.v_rows) /* Parameters don't add up */ 684 return -EINVAL; 685 v.v_rows = rows; 686 } 687 } 688 689 if (v.v_vcol && v.v_ccol) { 690 int cols = v.v_vcol / v.v_ccol; 691 if (v.v_cols != cols) { 692 if (v.v_cols) 693 return -EINVAL; 694 v.v_cols = cols; 695 } 696 } 697 698 if (v.v_clin > 32) 699 return -EINVAL; 700 701 for (i = 0; i < MAX_NR_CONSOLES; i++) { 702 struct vc_data *vcp; 703 704 if (!vc_cons[i].d) 705 continue; 706 console_lock(); 707 vcp = vc_cons[i].d; 708 if (vcp) { 709 int ret; 710 int save_scan_lines = vcp->vc_scan_lines; 711 int save_cell_height = vcp->vc_cell_height; 712 713 if (v.v_vlin) 714 vcp->vc_scan_lines = v.v_vlin; 715 if (v.v_clin) 716 vcp->vc_cell_height = v.v_clin; 717 vcp->vc_resize_user = 1; 718 ret = vc_resize(vcp, v.v_cols, v.v_rows); 719 if (ret) { 720 vcp->vc_scan_lines = save_scan_lines; 721 vcp->vc_cell_height = save_cell_height; 722 console_unlock(); 723 return ret; 724 } 725 } 726 console_unlock(); 727 } 728 729 return 0; 730} 731 732/* 733 * We handle the console-specific ioctl's here. We allow the 734 * capability to modify any console, not just the fg_console. 735 */ 736int vt_ioctl(struct tty_struct *tty, 737 unsigned int cmd, unsigned long arg) 738{ 739 struct vc_data *vc = tty->driver_data; 740 void __user *up = (void __user *)arg; 741 int i, perm; 742 int ret; 743 744 /* 745 * To have permissions to do most of the vt ioctls, we either have 746 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 747 */ 748 perm = 0; 749 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 750 perm = 1; 751 752 ret = vt_k_ioctl(tty, cmd, arg, perm); 753 if (ret != -ENOIOCTLCMD) 754 return ret; 755 756 ret = vt_io_ioctl(vc, cmd, up, perm); 757 if (ret != -ENOIOCTLCMD) 758 return ret; 759 760 switch (cmd) { 761 case TIOCLINUX: 762 return tioclinux(tty, arg); 763 case VT_SETMODE: 764 { 765 struct vt_mode tmp; 766 767 if (!perm) 768 return -EPERM; 769 if (copy_from_user(&tmp, up, sizeof(struct vt_mode))) 770 return -EFAULT; 771 if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS) 772 return -EINVAL; 773 774 console_lock(); 775 vc->vt_mode = tmp; 776 /* the frsig is ignored, so we set it to 0 */ 777 vc->vt_mode.frsig = 0; 778 put_pid(vc->vt_pid); 779 vc->vt_pid = get_pid(task_pid(current)); 780 /* no switch is required -- saw@shade.msu.ru */ 781 vc->vt_newvt = -1; 782 console_unlock(); 783 break; 784 } 785 786 case VT_GETMODE: 787 { 788 struct vt_mode tmp; 789 int rc; 790 791 console_lock(); 792 memcpy(&tmp, &vc->vt_mode, sizeof(struct vt_mode)); 793 console_unlock(); 794 795 rc = copy_to_user(up, &tmp, sizeof(struct vt_mode)); 796 if (rc) 797 return -EFAULT; 798 break; 799 } 800 801 /* 802 * Returns global vt state. Note that VT 0 is always open, since 803 * it's an alias for the current VT, and people can't use it here. 804 * We cannot return state for more than 16 VTs, since v_state is short. 805 */ 806 case VT_GETSTATE: 807 { 808 struct vt_stat __user *vtstat = up; 809 unsigned short state, mask; 810 811 if (put_user(fg_console + 1, &vtstat->v_active)) 812 return -EFAULT; 813 814 state = 1; /* /dev/tty0 is always open */ 815 console_lock(); /* required by vt_in_use() */ 816 for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask; 817 ++i, mask <<= 1) 818 if (vt_in_use(i)) 819 state |= mask; 820 console_unlock(); 821 return put_user(state, &vtstat->v_state); 822 } 823 824 /* 825 * Returns the first available (non-opened) console. 826 */ 827 case VT_OPENQRY: 828 console_lock(); /* required by vt_in_use() */ 829 for (i = 0; i < MAX_NR_CONSOLES; ++i) 830 if (!vt_in_use(i)) 831 break; 832 console_unlock(); 833 i = i < MAX_NR_CONSOLES ? (i+1) : -1; 834 return put_user(i, (int __user *)arg); 835 836 /* 837 * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num, 838 * with num >= 1 (switches to vt 0, our console, are not allowed, just 839 * to preserve sanity). 840 */ 841 case VT_ACTIVATE: 842 if (!perm) 843 return -EPERM; 844 if (arg == 0 || arg > MAX_NR_CONSOLES) 845 return -ENXIO; 846 847 arg--; 848 arg = array_index_nospec(arg, MAX_NR_CONSOLES); 849 console_lock(); 850 ret = vc_allocate(arg); 851 console_unlock(); 852 if (ret) 853 return ret; 854 set_console(arg); 855 break; 856 857 case VT_SETACTIVATE: 858 if (!perm) 859 return -EPERM; 860 861 return vt_setactivate(up); 862 863 /* 864 * wait until the specified VT has been activated 865 */ 866 case VT_WAITACTIVE: 867 if (!perm) 868 return -EPERM; 869 if (arg == 0 || arg > MAX_NR_CONSOLES) 870 return -ENXIO; 871 return vt_waitactive(arg); 872 873 /* 874 * If a vt is under process control, the kernel will not switch to it 875 * immediately, but postpone the operation until the process calls this 876 * ioctl, allowing the switch to complete. 877 * 878 * According to the X sources this is the behavior: 879 * 0: pending switch-from not OK 880 * 1: pending switch-from OK 881 * 2: completed switch-to OK 882 */ 883 case VT_RELDISP: 884 if (!perm) 885 return -EPERM; 886 887 console_lock(); 888 ret = vt_reldisp(vc, arg); 889 console_unlock(); 890 891 return ret; 892 893 894 /* 895 * Disallocate memory associated to VT (but leave VT1) 896 */ 897 case VT_DISALLOCATE: 898 if (arg > MAX_NR_CONSOLES) 899 return -ENXIO; 900 901 if (arg == 0) { 902 vt_disallocate_all(); 903 break; 904 } 905 906 arg = array_index_nospec(arg - 1, MAX_NR_CONSOLES); 907 return vt_disallocate(arg); 908 909 case VT_RESIZE: 910 { 911 struct vt_sizes __user *vtsizes = up; 912 struct vc_data *vc; 913 ushort ll,cc; 914 915 if (!perm) 916 return -EPERM; 917 if (get_user(ll, &vtsizes->v_rows) || 918 get_user(cc, &vtsizes->v_cols)) 919 return -EFAULT; 920 921 console_lock(); 922 for (i = 0; i < MAX_NR_CONSOLES; i++) { 923 vc = vc_cons[i].d; 924 925 if (vc) { 926 vc->vc_resize_user = 1; 927 /* FIXME: review v tty lock */ 928 vc_resize(vc_cons[i].d, cc, ll); 929 } 930 } 931 console_unlock(); 932 break; 933 } 934 935 case VT_RESIZEX: 936 if (!perm) 937 return -EPERM; 938 939 return vt_resizex(vc, up); 940 941 case VT_LOCKSWITCH: 942 if (!capable(CAP_SYS_TTY_CONFIG)) 943 return -EPERM; 944 vt_dont_switch = true; 945 break; 946 case VT_UNLOCKSWITCH: 947 if (!capable(CAP_SYS_TTY_CONFIG)) 948 return -EPERM; 949 vt_dont_switch = false; 950 break; 951 case VT_GETHIFONTMASK: 952 return put_user(vc->vc_hi_font_mask, 953 (unsigned short __user *)arg); 954 case VT_WAITEVENT: 955 return vt_event_wait_ioctl((struct vt_event __user *)arg); 956 default: 957 return -ENOIOCTLCMD; 958 } 959 960 return 0; 961} 962 963void reset_vc(struct vc_data *vc) 964{ 965 vc->vc_mode = KD_TEXT; 966 vt_reset_unicode(vc->vc_num); 967 vc->vt_mode.mode = VT_AUTO; 968 vc->vt_mode.waitv = 0; 969 vc->vt_mode.relsig = 0; 970 vc->vt_mode.acqsig = 0; 971 vc->vt_mode.frsig = 0; 972 put_pid(vc->vt_pid); 973 vc->vt_pid = NULL; 974 vc->vt_newvt = -1; 975 reset_palette(vc); 976} 977 978void vc_SAK(struct work_struct *work) 979{ 980 struct vc *vc_con = 981 container_of(work, struct vc, SAK_work); 982 struct vc_data *vc; 983 struct tty_struct *tty; 984 985 console_lock(); 986 vc = vc_con->d; 987 if (vc) { 988 /* FIXME: review tty ref counting */ 989 tty = vc->port.tty; 990 /* 991 * SAK should also work in all raw modes and reset 992 * them properly. 993 */ 994 if (tty) 995 __do_SAK(tty); 996 reset_vc(vc); 997 } 998 console_unlock(); 999} 1000 1001#ifdef CONFIG_COMPAT 1002 1003struct compat_console_font_op { 1004 compat_uint_t op; /* operation code KD_FONT_OP_* */ 1005 compat_uint_t flags; /* KD_FONT_FLAG_* */ 1006 compat_uint_t width, height; /* font size */ 1007 compat_uint_t charcount; 1008 compat_caddr_t data; /* font data with height fixed to 32 */ 1009}; 1010 1011static inline int 1012compat_kdfontop_ioctl(struct compat_console_font_op __user *fontop, 1013 int perm, struct console_font_op *op, struct vc_data *vc) 1014{ 1015 int i; 1016 1017 if (copy_from_user(op, fontop, sizeof(struct compat_console_font_op))) 1018 return -EFAULT; 1019 if (!perm && op->op != KD_FONT_OP_GET) 1020 return -EPERM; 1021 op->data = compat_ptr(((struct compat_console_font_op *)op)->data); 1022 i = con_font_op(vc, op); 1023 if (i) 1024 return i; 1025 ((struct compat_console_font_op *)op)->data = (unsigned long)op->data; 1026 if (copy_to_user(fontop, op, sizeof(struct compat_console_font_op))) 1027 return -EFAULT; 1028 return 0; 1029} 1030 1031struct compat_unimapdesc { 1032 unsigned short entry_ct; 1033 compat_caddr_t entries; 1034}; 1035 1036static inline int 1037compat_unimap_ioctl(unsigned int cmd, struct compat_unimapdesc __user *user_ud, 1038 int perm, struct vc_data *vc) 1039{ 1040 struct compat_unimapdesc tmp; 1041 struct unipair __user *tmp_entries; 1042 1043 if (copy_from_user(&tmp, user_ud, sizeof tmp)) 1044 return -EFAULT; 1045 tmp_entries = compat_ptr(tmp.entries); 1046 switch (cmd) { 1047 case PIO_UNIMAP: 1048 if (!perm) 1049 return -EPERM; 1050 return con_set_unimap(vc, tmp.entry_ct, tmp_entries); 1051 case GIO_UNIMAP: 1052 if (!perm && fg_console != vc->vc_num) 1053 return -EPERM; 1054 return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp_entries); 1055 } 1056 return 0; 1057} 1058 1059long vt_compat_ioctl(struct tty_struct *tty, 1060 unsigned int cmd, unsigned long arg) 1061{ 1062 struct vc_data *vc = tty->driver_data; 1063 struct console_font_op op; /* used in multiple places here */ 1064 void __user *up = compat_ptr(arg); 1065 int perm; 1066 1067 /* 1068 * To have permissions to do most of the vt ioctls, we either have 1069 * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG. 1070 */ 1071 perm = 0; 1072 if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) 1073 perm = 1; 1074 1075 switch (cmd) { 1076 /* 1077 * these need special handlers for incompatible data structures 1078 */ 1079 1080 case KDFONTOP: 1081 return compat_kdfontop_ioctl(up, perm, &op, vc); 1082 1083 case PIO_UNIMAP: 1084 case GIO_UNIMAP: 1085 return compat_unimap_ioctl(cmd, up, perm, vc); 1086 1087 /* 1088 * all these treat 'arg' as an integer 1089 */ 1090 case KIOCSOUND: 1091 case KDMKTONE: 1092#ifdef CONFIG_X86 1093 case KDADDIO: 1094 case KDDELIO: 1095#endif 1096 case KDSETMODE: 1097 case KDMAPDISP: 1098 case KDUNMAPDISP: 1099 case KDSKBMODE: 1100 case KDSKBMETA: 1101 case KDSKBLED: 1102 case KDSETLED: 1103 case KDSIGACCEPT: 1104 case VT_ACTIVATE: 1105 case VT_WAITACTIVE: 1106 case VT_RELDISP: 1107 case VT_DISALLOCATE: 1108 case VT_RESIZE: 1109 case VT_RESIZEX: 1110 return vt_ioctl(tty, cmd, arg); 1111 1112 /* 1113 * the rest has a compatible data structure behind arg, 1114 * but we have to convert it to a proper 64 bit pointer. 1115 */ 1116 default: 1117 return vt_ioctl(tty, cmd, (unsigned long)up); 1118 } 1119} 1120 1121 1122#endif /* CONFIG_COMPAT */ 1123 1124 1125/* 1126 * Performs the back end of a vt switch. Called under the console 1127 * semaphore. 1128 */ 1129static void complete_change_console(struct vc_data *vc) 1130{ 1131 unsigned char old_vc_mode; 1132 int old = fg_console; 1133 1134 last_console = fg_console; 1135 1136 /* 1137 * If we're switching, we could be going from KD_GRAPHICS to 1138 * KD_TEXT mode or vice versa, which means we need to blank or 1139 * unblank the screen later. 1140 */ 1141 old_vc_mode = vc_cons[fg_console].d->vc_mode; 1142 switch_screen(vc); 1143 1144 /* 1145 * This can't appear below a successful kill_pid(). If it did, 1146 * then the *blank_screen operation could occur while X, having 1147 * received acqsig, is waking up on another processor. This 1148 * condition can lead to overlapping accesses to the VGA range 1149 * and the framebuffer (causing system lockups). 1150 * 1151 * To account for this we duplicate this code below only if the 1152 * controlling process is gone and we've called reset_vc. 1153 */ 1154 if (old_vc_mode != vc->vc_mode) { 1155 if (vc->vc_mode == KD_TEXT) 1156 do_unblank_screen(1); 1157 else 1158 do_blank_screen(1); 1159 } 1160 1161 /* 1162 * If this new console is under process control, send it a signal 1163 * telling it that it has acquired. Also check if it has died and 1164 * clean up (similar to logic employed in change_console()) 1165 */ 1166 if (vc->vt_mode.mode == VT_PROCESS) { 1167 /* 1168 * Send the signal as privileged - kill_pid() will 1169 * tell us if the process has gone or something else 1170 * is awry 1171 */ 1172 if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) { 1173 /* 1174 * The controlling process has died, so we revert back to 1175 * normal operation. In this case, we'll also change back 1176 * to KD_TEXT mode. I'm not sure if this is strictly correct 1177 * but it saves the agony when the X server dies and the screen 1178 * remains blanked due to KD_GRAPHICS! It would be nice to do 1179 * this outside of VT_PROCESS but there is no single process 1180 * to account for and tracking tty count may be undesirable. 1181 */ 1182 reset_vc(vc); 1183 1184 if (old_vc_mode != vc->vc_mode) { 1185 if (vc->vc_mode == KD_TEXT) 1186 do_unblank_screen(1); 1187 else 1188 do_blank_screen(1); 1189 } 1190 } 1191 } 1192 1193 /* 1194 * Wake anyone waiting for their VT to activate 1195 */ 1196 vt_event_post(VT_EVENT_SWITCH, old, vc->vc_num); 1197 return; 1198} 1199 1200/* 1201 * Performs the front-end of a vt switch 1202 */ 1203void change_console(struct vc_data *new_vc) 1204{ 1205 struct vc_data *vc; 1206 1207 if (!new_vc || new_vc->vc_num == fg_console || vt_dont_switch) 1208 return; 1209 1210 /* 1211 * If this vt is in process mode, then we need to handshake with 1212 * that process before switching. Essentially, we store where that 1213 * vt wants to switch to and wait for it to tell us when it's done 1214 * (via VT_RELDISP ioctl). 1215 * 1216 * We also check to see if the controlling process still exists. 1217 * If it doesn't, we reset this vt to auto mode and continue. 1218 * This is a cheap way to track process control. The worst thing 1219 * that can happen is: we send a signal to a process, it dies, and 1220 * the switch gets "lost" waiting for a response; hopefully, the 1221 * user will try again, we'll detect the process is gone (unless 1222 * the user waits just the right amount of time :-) and revert the 1223 * vt to auto control. 1224 */ 1225 vc = vc_cons[fg_console].d; 1226 if (vc->vt_mode.mode == VT_PROCESS) { 1227 /* 1228 * Send the signal as privileged - kill_pid() will 1229 * tell us if the process has gone or something else 1230 * is awry. 1231 * 1232 * We need to set vt_newvt *before* sending the signal or we 1233 * have a race. 1234 */ 1235 vc->vt_newvt = new_vc->vc_num; 1236 if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) { 1237 /* 1238 * It worked. Mark the vt to switch to and 1239 * return. The process needs to send us a 1240 * VT_RELDISP ioctl to complete the switch. 1241 */ 1242 return; 1243 } 1244 1245 /* 1246 * The controlling process has died, so we revert back to 1247 * normal operation. In this case, we'll also change back 1248 * to KD_TEXT mode. I'm not sure if this is strictly correct 1249 * but it saves the agony when the X server dies and the screen 1250 * remains blanked due to KD_GRAPHICS! It would be nice to do 1251 * this outside of VT_PROCESS but there is no single process 1252 * to account for and tracking tty count may be undesirable. 1253 */ 1254 reset_vc(vc); 1255 1256 /* 1257 * Fall through to normal (VT_AUTO) handling of the switch... 1258 */ 1259 } 1260 1261 /* 1262 * Ignore all switches in KD_GRAPHICS+VT_AUTO mode 1263 */ 1264 if (vc->vc_mode == KD_GRAPHICS) 1265 return; 1266 1267 complete_change_console(new_vc); 1268} 1269 1270/* Perform a kernel triggered VT switch for suspend/resume */ 1271 1272static int disable_vt_switch; 1273 1274int vt_move_to_console(unsigned int vt, int alloc) 1275{ 1276 int prev; 1277 1278 console_lock(); 1279 /* Graphics mode - up to X */ 1280 if (disable_vt_switch) { 1281 console_unlock(); 1282 return 0; 1283 } 1284 prev = fg_console; 1285 1286 if (alloc && vc_allocate(vt)) { 1287 /* we can't have a free VC for now. Too bad, 1288 * we don't want to mess the screen for now. */ 1289 console_unlock(); 1290 return -ENOSPC; 1291 } 1292 1293 if (set_console(vt)) { 1294 /* 1295 * We're unable to switch to the SUSPEND_CONSOLE. 1296 * Let the calling function know so it can decide 1297 * what to do. 1298 */ 1299 console_unlock(); 1300 return -EIO; 1301 } 1302 console_unlock(); 1303 if (vt_waitactive(vt + 1)) { 1304 pr_debug("Suspend: Can't switch VCs."); 1305 return -EINTR; 1306 } 1307 return prev; 1308} 1309 1310/* 1311 * Normally during a suspend, we allocate a new console and switch to it. 1312 * When we resume, we switch back to the original console. This switch 1313 * can be slow, so on systems where the framebuffer can handle restoration 1314 * of video registers anyways, there's little point in doing the console 1315 * switch. This function allows you to disable it by passing it '0'. 1316 */ 1317void pm_set_vt_switch(int do_switch) 1318{ 1319 console_lock(); 1320 disable_vt_switch = !do_switch; 1321 console_unlock(); 1322} 1323EXPORT_SYMBOL(pm_set_vt_switch);