LXR linux/drivers/tty/vt/vt

   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 *  Copyright (C) 1992 obz under the linux copyright
   4 *
   5 *  Dynamic diacritical handling - aeb@cwi.nl - Dec 1993
   6 *  Dynamic keymap and string allocation - aeb@cwi.nl - May 1994
   7 *  Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995
   8 *  Some code moved for less code duplication - Andi Kleen - Mar 1997
   9 *  Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001
  10 */
  11
  12#include <linux/types.h>
  13#include <linux/errno.h>
  14#include <linux/sched/signal.h>
  15#include <linux/tty.h>
  16#include <linux/timer.h>
  17#include <linux/kernel.h>
  18#include <linux/compat.h>
  19#include <linux/module.h>
  20#include <linux/kd.h>
  21#include <linux/vt.h>
  22#include <linux/string.h>
  23#include <linux/slab.h>
  24#include <linux/major.h>
  25#include <linux/fs.h>
  26#include <linux/console.h>
  27#include <linux/consolemap.h>
  28#include <linux/signal.h>
  29#include <linux/suspend.h>
  30#include <linux/timex.h>
  31
  32#include <asm/io.h>
  33#include <linux/uaccess.h>
  34
  35#include <linux/nospec.h>
  36
  37#include <linux/kbd_kern.h>
  38#include <linux/vt_kern.h>
  39#include <linux/kbd_diacr.h>
  40#include <linux/selection.h>
  41
  42bool vt_dont_switch;
  43
  44static inline bool vt_in_use(unsigned int i)
  45{
  46        const struct vc_data *vc = vc_cons[i].d;
  47
  48        /*
  49         * console_lock must be held to prevent the vc from being deallocated
  50         * while we're checking whether it's in-use.
  51         */
  52        WARN_CONSOLE_UNLOCKED();
  53
  54        return vc && kref_read(&vc->port.kref) > 1;
  55}
  56
  57static inline bool vt_busy(int i)
  58{
  59        if (vt_in_use(i))
  60                return true;
  61        if (i == fg_console)
  62                return true;
  63        if (vc_is_sel(vc_cons[i].d))
  64                return true;
  65
  66        return false;
  67}
  68
  69/*
  70 * Console (vt and kd) routines, as defined by USL SVR4 manual, and by
  71 * experimentation and study of X386 SYSV handling.
  72 *
  73 * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and
  74 * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console,
  75 * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will
  76 * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to
  77 * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using
  78 * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing
  79 * to the current console is done by the main ioctl code.
  80 */
  81
  82#ifdef CONFIG_X86
  83#include <asm/syscalls.h>
  84#endif
  85
  86static void complete_change_console(struct vc_data *vc);
  87
  88/*
  89 *      User space VT_EVENT handlers
  90 */
  91
  92struct vt_event_wait {
  93        struct list_head list;
  94        struct vt_event event;
  95        int done;
  96};
  97
  98static LIST_HEAD(vt_events);
  99static DEFINE_SPINLOCK(vt_event_lock);
 100static DECLARE_WAIT_QUEUE_HEAD(vt_event_waitqueue);
 101
 102/**
 103 *      vt_event_post
 104 *      @event: the event that occurred
 105 *      @old: old console
 106 *      @new: new console
 107 *
 108 *      Post an VT event to interested VT handlers
 109 */
 110
 111void vt_event_post(unsigned int event, unsigned int old, unsigned int new)
 112{
 113        struct list_head *pos, *head;
 114        unsigned long flags;
 115        int wake = 0;
 116
 117        spin_lock_irqsave(&vt_event_lock, flags);
 118        head = &vt_events;
 119
 120        list_for_each(pos, head) {
 121                struct vt_event_wait *ve = list_entry(pos,
 122                                                struct vt_event_wait, list);
 123                if (!(ve->event.event & event))
 124                        continue;
 125                ve->event.event = event;
 126                /* kernel view is consoles 0..n-1, user space view is
 127                   console 1..n with 0 meaning current, so we must bias */
 128                ve->event.oldev = old + 1;
 129                ve->event.newev = new + 1;
 130                wake = 1;
 131                ve->done = 1;
 132        }
 133        spin_unlock_irqrestore(&vt_event_lock, flags);
 134        if (wake)
 135                wake_up_interruptible(&vt_event_waitqueue);
 136}
 137
 138static void __vt_event_queue(struct vt_event_wait *vw)
 139{
 140        unsigned long flags;
 141        /* Prepare the event */
 142        INIT_LIST_HEAD(&vw->list);
 143        vw->done = 0;
 144        /* Queue our event */
 145        spin_lock_irqsave(&vt_event_lock, flags);
 146        list_add(&vw->list, &vt_events);
 147        spin_unlock_irqrestore(&vt_event_lock, flags);
 148}
 149
 150static void __vt_event_wait(struct vt_event_wait *vw)
 151{
 152        /* Wait for it to pass */
 153        wait_event_interruptible(vt_event_waitqueue, vw->done);
 154}
 155
 156static void __vt_event_dequeue(struct vt_event_wait *vw)
 157{
 158        unsigned long flags;
 159
 160        /* Dequeue it */
 161        spin_lock_irqsave(&vt_event_lock, flags);
 162        list_del(&vw->list);
 163        spin_unlock_irqrestore(&vt_event_lock, flags);
 164}
 165
 166/**
 167 *      vt_event_wait           -       wait for an event
 168 *      @vw: our event
 169 *
 170 *      Waits for an event to occur which completes our vt_event_wait
 171 *      structure. On return the structure has wv->done set to 1 for success
 172 *      or 0 if some event such as a signal ended the wait.
 173 */
 174
 175static void vt_event_wait(struct vt_event_wait *vw)
 176{
 177        __vt_event_queue(vw);
 178        __vt_event_wait(vw);
 179        __vt_event_dequeue(vw);
 180}
 181
 182/**
 183 *      vt_event_wait_ioctl     -       event ioctl handler
 184 *      @event: argument to ioctl (the event)
 185 *
 186 *      Implement the VT_WAITEVENT ioctl using the VT event interface
 187 */
 188
 189static int vt_event_wait_ioctl(struct vt_event __user *event)
 190{
 191        struct vt_event_wait vw;
 192
 193        if (copy_from_user(&vw.event, event, sizeof(struct vt_event)))
 194                return -EFAULT;
 195        /* Highest supported event for now */
 196        if (vw.event.event & ~VT_MAX_EVENT)
 197                return -EINVAL;
 198
 199        vt_event_wait(&vw);
 200        /* If it occurred report it */
 201        if (vw.done) {
 202                if (copy_to_user(event, &vw.event, sizeof(struct vt_event)))
 203                        return -EFAULT;
 204                return 0;
 205        }
 206        return -EINTR;
 207}
 208
 209/**
 210 *      vt_waitactive   -       active console wait
 211 *      @n: new console
 212 *
 213 *      Helper for event waits. Used to implement the legacy
 214 *      event waiting ioctls in terms of events
 215 */
 216
 217int vt_waitactive(int n)
 218{
 219        struct vt_event_wait vw;
 220        do {
 221                vw.event.event = VT_EVENT_SWITCH;
 222                __vt_event_queue(&vw);
 223                if (n == fg_console + 1) {
 224                        __vt_event_dequeue(&vw);
 225                        break;
 226                }
 227                __vt_event_wait(&vw);
 228                __vt_event_dequeue(&vw);
 229                if (vw.done == 0)
 230                        return -EINTR;
 231        } while (vw.event.newev != n);
 232        return 0;
 233}
 234
 235/*
 236 * these are the valid i/o ports we're allowed to change. they map all the
 237 * video ports
 238 */
 239#define GPFIRST 0x3b4
 240#define GPLAST 0x3df
 241#define GPNUM (GPLAST - GPFIRST + 1)
 242
 243/*
 244 * currently, setting the mode from KD_TEXT to KD_GRAPHICS doesn't do a whole
 245 * lot. i'm not sure if it should do any restoration of modes or what...
 246 *
 247 * XXX It should at least call into the driver, fbdev's definitely need to
 248 * restore their engine state. --BenH
 249 */
 250static int vt_kdsetmode(struct vc_data *vc, unsigned long mode)
 251{
 252        switch (mode) {
 253        case KD_GRAPHICS:
 254                break;
 255        case KD_TEXT0:
 256        case KD_TEXT1:
 257                mode = KD_TEXT;
 258                fallthrough;
 259        case KD_TEXT:
 260                break;
 261        default:
 262                return -EINVAL;
 263        }
 264
 265        /* FIXME: this needs the console lock extending */
 266        if (vc->vc_mode == mode)
 267                return 0;
 268
 269        vc->vc_mode = mode;
 270        if (vc->vc_num != fg_console)
 271                return 0;
 272
 273        /* explicitly blank/unblank the screen if switching modes */
 274        console_lock();
 275        if (mode == KD_TEXT)
 276                do_unblank_screen(1);
 277        else
 278                do_blank_screen(1);
 279        console_unlock();
 280
 281        return 0;
 282}
 283
 284static int vt_k_ioctl(struct tty_struct *tty, unsigned int cmd,
 285                unsigned long arg, bool perm)
 286{
 287        struct vc_data *vc = tty->driver_data;
 288        void __user *up = (void __user *)arg;
 289        unsigned int console = vc->vc_num;
 290        int ret;
 291
 292        switch (cmd) {
 293        case KIOCSOUND:
 294                if (!perm)
 295                        return -EPERM;
 296                /*
 297                 * The use of PIT_TICK_RATE is historic, it used to be
 298                 * the platform-dependent CLOCK_TICK_RATE between 2.6.12
 299                 * and 2.6.36, which was a minor but unfortunate ABI
 300                 * change. kd_mksound is locked by the input layer.
 301                 */
 302                if (arg)
 303                        arg = PIT_TICK_RATE / arg;
 304                kd_mksound(arg, 0);
 305                break;
 306
 307        case KDMKTONE:
 308                if (!perm)
 309                        return -EPERM;
 310        {
 311                unsigned int ticks, count;
 312
 313                /*
 314                 * Generate the tone for the appropriate number of ticks.
 315                 * If the time is zero, turn off sound ourselves.
 316                 */
 317                ticks = msecs_to_jiffies((arg >> 16) & 0xffff);
 318                count = ticks ? (arg & 0xffff) : 0;
 319                if (count)
 320                        count = PIT_TICK_RATE / count;
 321                kd_mksound(count, ticks);
 322                break;
 323        }
 324
 325        case KDGKBTYPE:
 326                /*
 327                 * this is naïve.
 328                 */
 329                return put_user(KB_101, (char __user *)arg);
 330
 331                /*
 332                 * These cannot be implemented on any machine that implements
 333                 * ioperm() in user level (such as Alpha PCs) or not at all.
 334                 *
 335                 * XXX: you should never use these, just call ioperm directly..
 336                 */
 337#ifdef CONFIG_X86
 338        case KDADDIO:
 339        case KDDELIO:
 340                /*
 341                 * KDADDIO and KDDELIO may be able to add ports beyond what
 342                 * we reject here, but to be safe...
 343                 *
 344                 * These are locked internally via sys_ioperm
 345                 */
 346                if (arg < GPFIRST || arg > GPLAST)
 347                        return -EINVAL;
 348
 349                return ksys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0;
 350
 351        case KDENABIO:
 352        case KDDISABIO:
 353                return ksys_ioperm(GPFIRST, GPNUM,
 354                                  (cmd == KDENABIO)) ? -ENXIO : 0;
 355#endif
 356
 357        /* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */
 358
 359        case KDKBDREP:
 360        {
 361                struct kbd_repeat kbrep;
 362
 363                if (!capable(CAP_SYS_TTY_CONFIG))
 364                        return -EPERM;
 365
 366                if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat)))
 367                        return -EFAULT;
 368
 369                ret = kbd_rate(&kbrep);
 370                if (ret)
 371                        return ret;
 372                if (copy_to_user(up, &kbrep, sizeof(struct kbd_repeat)))
 373                        return -EFAULT;
 374                break;
 375        }
 376
 377        case KDSETMODE:
 378                if (!perm)
 379                        return -EPERM;
 380
 381                return vt_kdsetmode(vc, arg);
 382
 383        case KDGETMODE:
 384                return put_user(vc->vc_mode, (int __user *)arg);
 385
 386        case KDMAPDISP:
 387        case KDUNMAPDISP:
 388                /*
 389                 * these work like a combination of mmap and KDENABIO.
 390                 * this could be easily finished.
 391                 */
 392                return -EINVAL;
 393
 394        case KDSKBMODE:
 395                if (!perm)
 396                        return -EPERM;
 397                ret = vt_do_kdskbmode(console, arg);
 398                if (ret)
 399                        return ret;
 400                tty_ldisc_flush(tty);
 401                break;
 402
 403        case KDGKBMODE:
 404                return put_user(vt_do_kdgkbmode(console), (int __user *)arg);
 405
 406        /* this could be folded into KDSKBMODE, but for compatibility
 407           reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */
 408        case KDSKBMETA:
 409                return vt_do_kdskbmeta(console, arg);
 410
 411        case KDGKBMETA:
 412                /* FIXME: should review whether this is worth locking */
 413                return put_user(vt_do_kdgkbmeta(console), (int __user *)arg);
 414
 415        case KDGETKEYCODE:
 416        case KDSETKEYCODE:
 417                if(!capable(CAP_SYS_TTY_CONFIG))
 418                        perm = 0;
 419                return vt_do_kbkeycode_ioctl(cmd, up, perm);
 420
 421        case KDGKBENT:
 422        case KDSKBENT:
 423                return vt_do_kdsk_ioctl(cmd, up, perm, console);
 424
 425        case KDGKBSENT:
 426        case KDSKBSENT:
 427                return vt_do_kdgkb_ioctl(cmd, up, perm);
 428
 429        /* Diacritical processing. Handled in keyboard.c as it has
 430           to operate on the keyboard locks and structures */
 431        case KDGKBDIACR:
 432        case KDGKBDIACRUC:
 433        case KDSKBDIACR:
 434        case KDSKBDIACRUC:
 435                return vt_do_diacrit(cmd, up, perm);
 436
 437        /* the ioctls below read/set the flags usually shown in the leds */
 438        /* don't use them - they will go away without warning */
 439        case KDGKBLED:
 440        case KDSKBLED:
 441        case KDGETLED:
 442        case KDSETLED:
 443                return vt_do_kdskled(console, cmd, arg, perm);
 444
 445        /*
 446         * A process can indicate its willingness to accept signals
 447         * generated by pressing an appropriate key combination.
 448         * Thus, one can have a daemon that e.g. spawns a new console
 449         * upon a keypress and then changes to it.
 450         * See also the kbrequest field of inittab(5).
 451         */
 452        case KDSIGACCEPT:
 453                if (!perm || !capable(CAP_KILL))
 454                        return -EPERM;
 455                if (!valid_signal(arg) || arg < 1 || arg == SIGKILL)
 456                        return -EINVAL;
 457
 458                spin_lock_irq(&vt_spawn_con.lock);
 459                put_pid(vt_spawn_con.pid);
 460                vt_spawn_con.pid = get_pid(task_pid(current));
 461                vt_spawn_con.sig = arg;
 462                spin_unlock_irq(&vt_spawn_con.lock);
 463                break;
 464
 465        case KDFONTOP: {
 466                struct console_font_op op;
 467
 468                if (copy_from_user(&op, up, sizeof(op)))
 469                        return -EFAULT;
 470                if (!perm && op.op != KD_FONT_OP_GET)
 471                        return -EPERM;
 472                ret = con_font_op(vc, &op);
 473                if (ret)
 474                        return ret;
 475                if (copy_to_user(up, &op, sizeof(op)))
 476                        return -EFAULT;
 477                break;
 478        }
 479
 480        default:
 481                return -ENOIOCTLCMD;
 482        }
 483
 484        return 0;
 485}
 486
 487static inline int do_fontx_ioctl(struct vc_data *vc, int cmd,
 488                struct consolefontdesc __user *user_cfd,
 489                struct console_font_op *op)
 490{
 491        struct consolefontdesc cfdarg;
 492        int i;
 493
 494        if (copy_from_user(&cfdarg, user_cfd, sizeof(struct consolefontdesc)))
 495                return -EFAULT;
 496
 497        switch (cmd) {
 498        case PIO_FONTX:
 499                op->op = KD_FONT_OP_SET;
 500                op->flags = KD_FONT_FLAG_OLD;
 501                op->width = 8;
 502                op->height = cfdarg.charheight;
 503                op->charcount = cfdarg.charcount;
 504                op->data = cfdarg.chardata;
 505                return con_font_op(vc, op);
 506
 507        case GIO_FONTX:
 508                op->op = KD_FONT_OP_GET;
 509                op->flags = KD_FONT_FLAG_OLD;
 510                op->width = 8;
 511                op->height = cfdarg.charheight;
 512                op->charcount = cfdarg.charcount;
 513                op->data = cfdarg.chardata;
 514                i = con_font_op(vc, op);
 515                if (i)
 516                        return i;
 517                cfdarg.charheight = op->height;
 518                cfdarg.charcount = op->charcount;
 519                if (copy_to_user(user_cfd, &cfdarg, sizeof(struct consolefontdesc)))
 520                        return -EFAULT;
 521                return 0;
 522        }
 523        return -EINVAL;
 524}
 525
 526static int vt_io_fontreset(struct vc_data *vc, struct console_font_op *op)
 527{
 528        int ret;
 529
 530        if (__is_defined(BROKEN_GRAPHICS_PROGRAMS)) {
 531                /*
 532                 * With BROKEN_GRAPHICS_PROGRAMS defined, the default font is
 533                 * not saved.
 534                 */
 535                return -ENOSYS;
 536        }
 537
 538        op->op = KD_FONT_OP_SET_DEFAULT;
 539        op->data = NULL;
 540        ret = con_font_op(vc, op);
 541        if (ret)
 542                return ret;
 543
 544        console_lock();
 545        con_set_default_unimap(vc);
 546        console_unlock();
 547
 548        return 0;
 549}
 550
 551static inline int do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud,
 552                bool perm, struct vc_data *vc)
 553{
 554        struct unimapdesc tmp;
 555
 556        if (copy_from_user(&tmp, user_ud, sizeof tmp))
 557                return -EFAULT;
 558        switch (cmd) {
 559        case PIO_UNIMAP:
 560                if (!perm)
 561                        return -EPERM;
 562                return con_set_unimap(vc, tmp.entry_ct, tmp.entries);
 563        case GIO_UNIMAP:
 564                if (!perm && fg_console != vc->vc_num)
 565                        return -EPERM;
 566                return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct),
 567                                tmp.entries);
 568        }
 569        return 0;
 570}
 571
 572static int vt_io_ioctl(struct vc_data *vc, unsigned int cmd, void __user *up,
 573                bool perm)
 574{
 575        struct console_font_op op;      /* used in multiple places here */
 576
 577        switch (cmd) {
 578        case PIO_FONT:
 579                if (!perm)
 580                        return -EPERM;
 581                op.op = KD_FONT_OP_SET;
 582                op.flags = KD_FONT_FLAG_OLD | KD_FONT_FLAG_DONT_RECALC; /* Compatibility */
 583                op.width = 8;
 584                op.height = 0;
 585                op.charcount = 256;
 586                op.data = up;
 587                return con_font_op(vc, &op);
 588
 589        case GIO_FONT:
 590                op.op = KD_FONT_OP_GET;
 591                op.flags = KD_FONT_FLAG_OLD;
 592                op.width = 8;
 593                op.height = 32;
 594                op.charcount = 256;
 595                op.data = up;
 596                return con_font_op(vc, &op);
 597
 598        case PIO_CMAP:
 599                if (!perm)
 600                        return -EPERM;
 601                return con_set_cmap(up);
 602
 603        case GIO_CMAP:
 604                return con_get_cmap(up);
 605
 606        case PIO_FONTX:
 607                if (!perm)
 608                        return -EPERM;
 609
 610                fallthrough;
 611        case GIO_FONTX:
 612                return do_fontx_ioctl(vc, cmd, up, &op);
 613
 614        case PIO_FONTRESET:
 615                if (!perm)
 616                        return -EPERM;
 617
 618                return vt_io_fontreset(vc, &op);
 619
 620        case PIO_SCRNMAP:
 621                if (!perm)
 622                        return -EPERM;
 623                return con_set_trans_old(up);
 624
 625        case GIO_SCRNMAP:
 626                return con_get_trans_old(up);
 627
 628        case PIO_UNISCRNMAP:
 629                if (!perm)
 630                        return -EPERM;
 631                return con_set_trans_new(up);
 632
 633        case GIO_UNISCRNMAP:
 634                return con_get_trans_new(up);
 635
 636        case PIO_UNIMAPCLR:
 637                if (!perm)
 638                        return -EPERM;
 639                con_clear_unimap(vc);
 640                break;
 641
 642        case PIO_UNIMAP:
 643        case GIO_UNIMAP:
 644                return do_unimap_ioctl(cmd, up, perm, vc);
 645
 646        default:
 647                return -ENOIOCTLCMD;
 648        }
 649
 650        return 0;
 651}
 652
 653static int vt_reldisp(struct vc_data *vc, unsigned int swtch)
 654{
 655        int newvt, ret;
 656
 657        if (vc->vt_mode.mode != VT_PROCESS)
 658                return -EINVAL;
 659
 660        /* Switched-to response */
 661        if (vc->vt_newvt < 0) {
 662                 /* If it's just an ACK, ignore it */
 663                return swtch == VT_ACKACQ ? 0 : -EINVAL;
 664        }
 665
 666        /* Switching-from response */
 667        if (swtch == 0) {
 668                /* Switch disallowed, so forget we were trying to do it. */
 669                vc->vt_newvt = -1;
 670                return 0;
 671        }
 672
 673        /* The current vt has been released, so complete the switch. */
 674        newvt = vc->vt_newvt;
 675        vc->vt_newvt = -1;
 676        ret = vc_allocate(newvt);
 677        if (ret)
 678                return ret;
 679
 680        /*
 681         * When we actually do the console switch, make sure we are atomic with
 682         * respect to other console switches..
 683         */
 684        complete_change_console(vc_cons[newvt].d);
 685
 686        return 0;
 687}
 688
 689static int vt_setactivate(struct vt_setactivate __user *sa)
 690{
 691        struct vt_setactivate vsa;
 692        struct vc_data *nvc;
 693        int ret;
 694
 695        if (copy_from_user(&vsa, sa, sizeof(vsa)))
 696                return -EFAULT;
 697        if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES)
 698                return -ENXIO;
 699
 700        vsa.console = array_index_nospec(vsa.console, MAX_NR_CONSOLES + 1);
 701        vsa.console--;
 702        console_lock();
 703        ret = vc_allocate(vsa.console);
 704        if (ret) {
 705                console_unlock();
 706                return ret;
 707        }
 708
 709        /*
 710         * This is safe providing we don't drop the console sem between
 711         * vc_allocate and finishing referencing nvc.
 712         */
 713        nvc = vc_cons[vsa.console].d;
 714        nvc->vt_mode = vsa.mode;
 715        nvc->vt_mode.frsig = 0;
 716        put_pid(nvc->vt_pid);
 717        nvc->vt_pid = get_pid(task_pid(current));
 718        console_unlock();
 719
 720        /* Commence switch and lock */
 721        /* Review set_console locks */
 722        set_console(vsa.console);
 723
 724        return 0;
 725}
 726
 727/* deallocate a single console, if possible (leave 0) */
 728static int vt_disallocate(unsigned int vc_num)
 729{
 730        struct vc_data *vc = NULL;
 731        int ret = 0;
 732
 733        console_lock();
 734        if (vt_busy(vc_num))
 735                ret = -EBUSY;
 736        else if (vc_num)
 737                vc = vc_deallocate(vc_num);
 738        console_unlock();
 739
 740        if (vc && vc_num >= MIN_NR_CONSOLES)
 741                tty_port_put(&vc->port);
 742
 743        return ret;
 744}
 745
 746/* deallocate all unused consoles, but leave 0 */
 747static void vt_disallocate_all(void)
 748{
 749        struct vc_data *vc[MAX_NR_CONSOLES];
 750        int i;
 751
 752        console_lock();
 753        for (i = 1; i < MAX_NR_CONSOLES; i++)
 754                if (!vt_busy(i))
 755                        vc[i] = vc_deallocate(i);
 756                else
 757                        vc[i] = NULL;
 758        console_unlock();
 759
 760        for (i = 1; i < MAX_NR_CONSOLES; i++) {
 761                if (vc[i] && i >= MIN_NR_CONSOLES)
 762                        tty_port_put(&vc[i]->port);
 763        }
 764}
 765
 766static int vt_resizex(struct vc_data *vc, struct vt_consize __user *cs)
 767{
 768        struct vt_consize v;
 769        int i;
 770
 771        if (copy_from_user(&v, cs, sizeof(struct vt_consize)))
 772                return -EFAULT;
 773
 774        if (v.v_vlin)
 775                pr_info_once("\"struct vt_consize\"->v_vlin is ignored. Please report if you need this.\n");
 776        if (v.v_clin)
 777                pr_info_once("\"struct vt_consize\"->v_clin is ignored. Please report if you need this.\n");
 778
 779        console_lock();
 780        for (i = 0; i < MAX_NR_CONSOLES; i++) {
 781                vc = vc_cons[i].d;
 782
 783                if (vc) {
 784                        vc->vc_resize_user = 1;
 785                        vc_resize(vc, v.v_cols, v.v_rows);
 786                }
 787        }
 788        console_unlock();
 789
 790        return 0;
 791}
 792
 793/*
 794 * We handle the console-specific ioctl's here.  We allow the
 795 * capability to modify any console, not just the fg_console.
 796 */
 797int vt_ioctl(struct tty_struct *tty,
 798             unsigned int cmd, unsigned long arg)
 799{
 800        struct vc_data *vc = tty->driver_data;
 801        void __user *up = (void __user *)arg;
 802        int i, perm;
 803        int ret;
 804
 805        /*
 806         * To have permissions to do most of the vt ioctls, we either have
 807         * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
 808         */
 809        perm = 0;
 810        if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG))
 811                perm = 1;
 812
 813        ret = vt_k_ioctl(tty, cmd, arg, perm);
 814        if (ret != -ENOIOCTLCMD)
 815                return ret;
 816
 817        ret = vt_io_ioctl(vc, cmd, up, perm);
 818        if (ret != -ENOIOCTLCMD)
 819                return ret;
 820
 821        switch (cmd) {
 822        case TIOCLINUX:
 823                return tioclinux(tty, arg);
 824        case VT_SETMODE:
 825        {
 826                struct vt_mode tmp;
 827
 828                if (!perm)
 829                        return -EPERM;
 830                if (copy_from_user(&tmp, up, sizeof(struct vt_mode)))
 831                        return -EFAULT;
 832                if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS)
 833                        return -EINVAL;
 834
 835                console_lock();
 836                vc->vt_mode = tmp;
 837                /* the frsig is ignored, so we set it to 0 */
 838                vc->vt_mode.frsig = 0;
 839                put_pid(vc->vt_pid);
 840                vc->vt_pid = get_pid(task_pid(current));
 841                /* no switch is required -- saw@shade.msu.ru */
 842                vc->vt_newvt = -1;
 843                console_unlock();
 844                break;
 845        }
 846
 847        case VT_GETMODE:
 848        {
 849                struct vt_mode tmp;
 850                int rc;
 851
 852                console_lock();
 853                memcpy(&tmp, &vc->vt_mode, sizeof(struct vt_mode));
 854                console_unlock();
 855
 856                rc = copy_to_user(up, &tmp, sizeof(struct vt_mode));
 857                if (rc)
 858                        return -EFAULT;
 859                break;
 860        }
 861
 862        /*
 863         * Returns global vt state. Note that VT 0 is always open, since
 864         * it's an alias for the current VT, and people can't use it here.
 865         * We cannot return state for more than 16 VTs, since v_state is short.
 866         */
 867        case VT_GETSTATE:
 868        {
 869                struct vt_stat __user *vtstat = up;
 870                unsigned short state, mask;
 871
 872                if (put_user(fg_console + 1, &vtstat->v_active))
 873                        return -EFAULT;
 874
 875                state = 1;      /* /dev/tty0 is always open */
 876                console_lock(); /* required by vt_in_use() */
 877                for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask;
 878                                ++i, mask <<= 1)
 879                        if (vt_in_use(i))
 880                                state |= mask;
 881                console_unlock();
 882                return put_user(state, &vtstat->v_state);
 883        }
 884
 885        /*
 886         * Returns the first available (non-opened) console.
 887         */
 888        case VT_OPENQRY:
 889                console_lock(); /* required by vt_in_use() */
 890                for (i = 0; i < MAX_NR_CONSOLES; ++i)
 891                        if (!vt_in_use(i))
 892                                break;
 893                console_unlock();
 894                i = i < MAX_NR_CONSOLES ? (i+1) : -1;
 895                return put_user(i, (int __user *)arg);
 896
 897        /*
 898         * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num,
 899         * with num >= 1 (switches to vt 0, our console, are not allowed, just
 900         * to preserve sanity).
 901         */
 902        case VT_ACTIVATE:
 903                if (!perm)
 904                        return -EPERM;
 905                if (arg == 0 || arg > MAX_NR_CONSOLES)
 906                        return -ENXIO;
 907
 908                arg--;
 909                console_lock();
 910                ret = vc_allocate(arg);
 911                console_unlock();
 912                if (ret)
 913                        return ret;
 914                set_console(arg);
 915                break;
 916
 917        case VT_SETACTIVATE:
 918                if (!perm)
 919                        return -EPERM;
 920
 921                return vt_setactivate(up);
 922
 923        /*
 924         * wait until the specified VT has been activated
 925         */
 926        case VT_WAITACTIVE:
 927                if (!perm)
 928                        return -EPERM;
 929                if (arg == 0 || arg > MAX_NR_CONSOLES)
 930                        return -ENXIO;
 931                return vt_waitactive(arg);
 932
 933        /*
 934         * If a vt is under process control, the kernel will not switch to it
 935         * immediately, but postpone the operation until the process calls this
 936         * ioctl, allowing the switch to complete.
 937         *
 938         * According to the X sources this is the behavior:
 939         *      0:      pending switch-from not OK
 940         *      1:      pending switch-from OK
 941         *      2:      completed switch-to OK
 942         */
 943        case VT_RELDISP:
 944                if (!perm)
 945                        return -EPERM;
 946
 947                console_lock();
 948                ret = vt_reldisp(vc, arg);
 949                console_unlock();
 950
 951                return ret;
 952
 953
 954         /*
 955          * Disallocate memory associated to VT (but leave VT1)
 956          */
 957         case VT_DISALLOCATE:
 958                if (arg > MAX_NR_CONSOLES)
 959                        return -ENXIO;
 960
 961                if (arg == 0)
 962                        vt_disallocate_all();
 963                else
 964                        return vt_disallocate(--arg);
 965                break;
 966
 967        case VT_RESIZE:
 968        {
 969                struct vt_sizes __user *vtsizes = up;
 970                struct vc_data *vc;
 971                ushort ll,cc;
 972
 973                if (!perm)
 974                        return -EPERM;
 975                if (get_user(ll, &vtsizes->v_rows) ||
 976                    get_user(cc, &vtsizes->v_cols))
 977                        return -EFAULT;
 978
 979                console_lock();
 980                for (i = 0; i < MAX_NR_CONSOLES; i++) {
 981                        vc = vc_cons[i].d;
 982
 983                        if (vc) {
 984                                vc->vc_resize_user = 1;
 985                                /* FIXME: review v tty lock */
 986                                vc_resize(vc_cons[i].d, cc, ll);
 987                        }
 988                }
 989                console_unlock();
 990                break;
 991        }
 992
 993        case VT_RESIZEX:
 994                if (!perm)
 995                        return -EPERM;
 996
 997                return vt_resizex(vc, up);
 998
 999        case VT_LOCKSWITCH:
1000                if (!capable(CAP_SYS_TTY_CONFIG))

1001                        return -EPERM;
1002                vt_dont_switch = true;
1003                break;
1004        case VT_UNLOCKSWITCH:
1005                if (!capable(CAP_SYS_TTY_CONFIG))
1006                        return -EPERM;
1007                vt_dont_switch = false;
1008                break;
1009        case VT_GETHIFONTMASK:
1010                return put_user(vc->vc_hi_font_mask,
1011                                        (unsigned short __user *)arg);
1012        case VT_WAITEVENT:
1013                return vt_event_wait_ioctl((struct vt_event __user *)arg);
1014        default:
1015                return -ENOIOCTLCMD;
1016        }
1017
1018        return 0;
1019}
1020
1021void reset_vc(struct vc_data *vc)
1022{
1023        vc->vc_mode = KD_TEXT;
1024        vt_reset_unicode(vc->vc_num);
1025        vc->vt_mode.mode = VT_AUTO;
1026        vc->vt_mode.waitv = 0;
1027        vc->vt_mode.relsig = 0;
1028        vc->vt_mode.acqsig = 0;
1029        vc->vt_mode.frsig = 0;
1030        put_pid(vc->vt_pid);
1031        vc->vt_pid = NULL;
1032        vc->vt_newvt = -1;
1033        if (!in_interrupt())    /* Via keyboard.c:SAK() - akpm */
1034                reset_palette(vc);
1035}
1036
1037void vc_SAK(struct work_struct *work)
1038{
1039        struct vc *vc_con =
1040                container_of(work, struct vc, SAK_work);
1041        struct vc_data *vc;
1042        struct tty_struct *tty;
1043
1044        console_lock();
1045        vc = vc_con->d;
1046        if (vc) {
1047                /* FIXME: review tty ref counting */
1048                tty = vc->port.tty;
1049                /*
1050                 * SAK should also work in all raw modes and reset
1051                 * them properly.
1052                 */
1053                if (tty)
1054                        __do_SAK(tty);
1055                reset_vc(vc);
1056        }
1057        console_unlock();
1058}
1059
1060#ifdef CONFIG_COMPAT
1061
1062struct compat_consolefontdesc {
1063        unsigned short charcount;       /* characters in font (256 or 512) */
1064        unsigned short charheight;      /* scan lines per character (1-32) */
1065        compat_caddr_t chardata;        /* font data in expanded form */
1066};
1067
1068static inline int
1069compat_fontx_ioctl(struct vc_data *vc, int cmd,
1070                   struct compat_consolefontdesc __user *user_cfd,
1071                   int perm, struct console_font_op *op)
1072{
1073        struct compat_consolefontdesc cfdarg;
1074        int i;
1075
1076        if (copy_from_user(&cfdarg, user_cfd, sizeof(struct compat_consolefontdesc)))
1077                return -EFAULT;
1078
1079        switch (cmd) {
1080        case PIO_FONTX:
1081                if (!perm)
1082                        return -EPERM;
1083                op->op = KD_FONT_OP_SET;
1084                op->flags = KD_FONT_FLAG_OLD;
1085                op->width = 8;
1086                op->height = cfdarg.charheight;
1087                op->charcount = cfdarg.charcount;
1088                op->data = compat_ptr(cfdarg.chardata);
1089                return con_font_op(vc, op);
1090
1091        case GIO_FONTX:
1092                op->op = KD_FONT_OP_GET;
1093                op->flags = KD_FONT_FLAG_OLD;
1094                op->width = 8;
1095                op->height = cfdarg.charheight;
1096                op->charcount = cfdarg.charcount;
1097                op->data = compat_ptr(cfdarg.chardata);
1098                i = con_font_op(vc, op);
1099                if (i)
1100                        return i;
1101                cfdarg.charheight = op->height;
1102                cfdarg.charcount = op->charcount;
1103                if (copy_to_user(user_cfd, &cfdarg, sizeof(struct compat_consolefontdesc)))
1104                        return -EFAULT;
1105                return 0;
1106        }
1107        return -EINVAL;
1108}
1109
1110struct compat_console_font_op {
1111        compat_uint_t op;        /* operation code KD_FONT_OP_* */
1112        compat_uint_t flags;     /* KD_FONT_FLAG_* */
1113        compat_uint_t width, height;     /* font size */
1114        compat_uint_t charcount;
1115        compat_caddr_t data;    /* font data with height fixed to 32 */
1116};
1117
1118static inline int
1119compat_kdfontop_ioctl(struct compat_console_font_op __user *fontop,
1120                         int perm, struct console_font_op *op, struct vc_data *vc)
1121{
1122        int i;
1123
1124        if (copy_from_user(op, fontop, sizeof(struct compat_console_font_op)))
1125                return -EFAULT;
1126        if (!perm && op->op != KD_FONT_OP_GET)
1127                return -EPERM;
1128        op->data = compat_ptr(((struct compat_console_font_op *)op)->data);
1129        i = con_font_op(vc, op);
1130        if (i)
1131                return i;
1132        ((struct compat_console_font_op *)op)->data = (unsigned long)op->data;
1133        if (copy_to_user(fontop, op, sizeof(struct compat_console_font_op)))
1134                return -EFAULT;
1135        return 0;
1136}
1137
1138struct compat_unimapdesc {
1139        unsigned short entry_ct;
1140        compat_caddr_t entries;
1141};
1142
1143static inline int
1144compat_unimap_ioctl(unsigned int cmd, struct compat_unimapdesc __user *user_ud,
1145                         int perm, struct vc_data *vc)
1146{
1147        struct compat_unimapdesc tmp;
1148        struct unipair __user *tmp_entries;
1149
1150        if (copy_from_user(&tmp, user_ud, sizeof tmp))
1151                return -EFAULT;
1152        tmp_entries = compat_ptr(tmp.entries);
1153        switch (cmd) {
1154        case PIO_UNIMAP:
1155                if (!perm)
1156                        return -EPERM;
1157                return con_set_unimap(vc, tmp.entry_ct, tmp_entries);
1158        case GIO_UNIMAP:
1159                if (!perm && fg_console != vc->vc_num)
1160                        return -EPERM;
1161                return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp_entries);
1162        }
1163        return 0;
1164}
1165
1166long vt_compat_ioctl(struct tty_struct *tty,
1167             unsigned int cmd, unsigned long arg)
1168{
1169        struct vc_data *vc = tty->driver_data;
1170        struct console_font_op op;      /* used in multiple places here */
1171        void __user *up = compat_ptr(arg);
1172        int perm;
1173
1174        /*
1175         * To have permissions to do most of the vt ioctls, we either have
1176         * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
1177         */
1178        perm = 0;
1179        if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1180                perm = 1;
1181
1182        switch (cmd) {
1183        /*
1184         * these need special handlers for incompatible data structures
1185         */
1186        case PIO_FONTX:
1187        case GIO_FONTX:
1188                return compat_fontx_ioctl(vc, cmd, up, perm, &op);
1189
1190        case KDFONTOP:
1191                return compat_kdfontop_ioctl(up, perm, &op, vc);
1192
1193        case PIO_UNIMAP:
1194        case GIO_UNIMAP:
1195                return compat_unimap_ioctl(cmd, up, perm, vc);
1196
1197        /*
1198         * all these treat 'arg' as an integer
1199         */
1200        case KIOCSOUND:
1201        case KDMKTONE:
1202#ifdef CONFIG_X86
1203        case KDADDIO:
1204        case KDDELIO:
1205#endif
1206        case KDSETMODE:
1207        case KDMAPDISP:
1208        case KDUNMAPDISP:
1209        case KDSKBMODE:
1210        case KDSKBMETA:
1211        case KDSKBLED:
1212        case KDSETLED:
1213        case KDSIGACCEPT:
1214        case VT_ACTIVATE:
1215        case VT_WAITACTIVE:
1216        case VT_RELDISP:
1217        case VT_DISALLOCATE:
1218        case VT_RESIZE:
1219        case VT_RESIZEX:
1220                return vt_ioctl(tty, cmd, arg);
1221
1222        /*
1223         * the rest has a compatible data structure behind arg,
1224         * but we have to convert it to a proper 64 bit pointer.
1225         */
1226        default:
1227                return vt_ioctl(tty, cmd, (unsigned long)up);
1228        }
1229}
1230
1231
1232#endif /* CONFIG_COMPAT */
1233
1234
1235/*
1236 * Performs the back end of a vt switch. Called under the console
1237 * semaphore.
1238 */
1239static void complete_change_console(struct vc_data *vc)
1240{
1241        unsigned char old_vc_mode;
1242        int old = fg_console;
1243
1244        last_console = fg_console;
1245
1246        /*
1247         * If we're switching, we could be going from KD_GRAPHICS to
1248         * KD_TEXT mode or vice versa, which means we need to blank or
1249         * unblank the screen later.
1250         */
1251        old_vc_mode = vc_cons[fg_console].d->vc_mode;
1252        switch_screen(vc);
1253
1254        /*
1255         * This can't appear below a successful kill_pid().  If it did,
1256         * then the *blank_screen operation could occur while X, having
1257         * received acqsig, is waking up on another processor.  This
1258         * condition can lead to overlapping accesses to the VGA range
1259         * and the framebuffer (causing system lockups).
1260         *
1261         * To account for this we duplicate this code below only if the
1262         * controlling process is gone and we've called reset_vc.
1263         */
1264        if (old_vc_mode != vc->vc_mode) {
1265                if (vc->vc_mode == KD_TEXT)
1266                        do_unblank_screen(1);
1267                else
1268                        do_blank_screen(1);
1269        }
1270
1271        /*
1272         * If this new console is under process control, send it a signal
1273         * telling it that it has acquired. Also check if it has died and
1274         * clean up (similar to logic employed in change_console())
1275         */
1276        if (vc->vt_mode.mode == VT_PROCESS) {
1277                /*
1278                 * Send the signal as privileged - kill_pid() will
1279                 * tell us if the process has gone or something else
1280                 * is awry
1281                 */
1282                if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) {
1283                /*
1284                 * The controlling process has died, so we revert back to
1285                 * normal operation. In this case, we'll also change back
1286                 * to KD_TEXT mode. I'm not sure if this is strictly correct
1287                 * but it saves the agony when the X server dies and the screen
1288                 * remains blanked due to KD_GRAPHICS! It would be nice to do
1289                 * this outside of VT_PROCESS but there is no single process
1290                 * to account for and tracking tty count may be undesirable.
1291                 */
1292                        reset_vc(vc);
1293
1294                        if (old_vc_mode != vc->vc_mode) {
1295                                if (vc->vc_mode == KD_TEXT)
1296                                        do_unblank_screen(1);
1297                                else
1298                                        do_blank_screen(1);
1299                        }
1300                }
1301        }
1302
1303        /*
1304         * Wake anyone waiting for their VT to activate
1305         */
1306        vt_event_post(VT_EVENT_SWITCH, old, vc->vc_num);
1307        return;
1308}
1309
1310/*
1311 * Performs the front-end of a vt switch
1312 */
1313void change_console(struct vc_data *new_vc)
1314{
1315        struct vc_data *vc;
1316
1317        if (!new_vc || new_vc->vc_num == fg_console || vt_dont_switch)
1318                return;
1319
1320        /*
1321         * If this vt is in process mode, then we need to handshake with
1322         * that process before switching. Essentially, we store where that
1323         * vt wants to switch to and wait for it to tell us when it's done
1324         * (via VT_RELDISP ioctl).
1325         *
1326         * We also check to see if the controlling process still exists.
1327         * If it doesn't, we reset this vt to auto mode and continue.
1328         * This is a cheap way to track process control. The worst thing
1329         * that can happen is: we send a signal to a process, it dies, and
1330         * the switch gets "lost" waiting for a response; hopefully, the
1331         * user will try again, we'll detect the process is gone (unless
1332         * the user waits just the right amount of time :-) and revert the
1333         * vt to auto control.
1334         */
1335        vc = vc_cons[fg_console].d;
1336        if (vc->vt_mode.mode == VT_PROCESS) {
1337                /*
1338                 * Send the signal as privileged - kill_pid() will
1339                 * tell us if the process has gone or something else
1340                 * is awry.
1341                 *
1342                 * We need to set vt_newvt *before* sending the signal or we
1343                 * have a race.
1344                 */
1345                vc->vt_newvt = new_vc->vc_num;
1346                if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) {
1347                        /*
1348                         * It worked. Mark the vt to switch to and
1349                         * return. The process needs to send us a
1350                         * VT_RELDISP ioctl to complete the switch.
1351                         */
1352                        return;
1353                }
1354
1355                /*
1356                 * The controlling process has died, so we revert back to
1357                 * normal operation. In this case, we'll also change back
1358                 * to KD_TEXT mode. I'm not sure if this is strictly correct
1359                 * but it saves the agony when the X server dies and the screen
1360                 * remains blanked due to KD_GRAPHICS! It would be nice to do
1361                 * this outside of VT_PROCESS but there is no single process
1362                 * to account for and tracking tty count may be undesirable.
1363                 */
1364                reset_vc(vc);
1365
1366                /*
1367                 * Fall through to normal (VT_AUTO) handling of the switch...
1368                 */
1369        }
1370
1371        /*
1372         * Ignore all switches in KD_GRAPHICS+VT_AUTO mode
1373         */
1374        if (vc->vc_mode == KD_GRAPHICS)
1375                return;
1376
1377        complete_change_console(new_vc);
1378}
1379
1380/* Perform a kernel triggered VT switch for suspend/resume */
1381
1382static int disable_vt_switch;
1383
1384int vt_move_to_console(unsigned int vt, int alloc)
1385{
1386        int prev;
1387
1388        console_lock();
1389        /* Graphics mode - up to X */
1390        if (disable_vt_switch) {
1391                console_unlock();
1392                return 0;
1393        }
1394        prev = fg_console;
1395
1396        if (alloc && vc_allocate(vt)) {
1397                /* we can't have a free VC for now. Too bad,
1398                 * we don't want to mess the screen for now. */
1399                console_unlock();
1400                return -ENOSPC;
1401        }
1402
1403        if (set_console(vt)) {
1404                /*
1405                 * We're unable to switch to the SUSPEND_CONSOLE.
1406                 * Let the calling function know so it can decide
1407                 * what to do.
1408                 */
1409                console_unlock();
1410                return -EIO;
1411        }
1412        console_unlock();
1413        if (vt_waitactive(vt + 1)) {
1414                pr_debug("Suspend: Can't switch VCs.");
1415                return -EINTR;
1416        }
1417        return prev;
1418}
1419
1420/*
1421 * Normally during a suspend, we allocate a new console and switch to it.
1422 * When we resume, we switch back to the original console.  This switch
1423 * can be slow, so on systems where the framebuffer can handle restoration
1424 * of video registers anyways, there's little point in doing the console
1425 * switch.  This function allows you to disable it by passing it '0'.
1426 */
1427void pm_set_vt_switch(int do_switch)
1428{
1429        console_lock();
1430        disable_vt_switch = !do_switch;
1431        console_unlock();
1432}
1433EXPORT_SYMBOL(pm_set_vt_switch);
1434