LXR linux/drivers/tty/vt/vt

   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 *  Copyright (C) 1992 obz under the linux copyright
   4 *
   5 *  Dynamic diacritical handling - aeb@cwi.nl - Dec 1993
   6 *  Dynamic keymap and string allocation - aeb@cwi.nl - May 1994
   7 *  Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995
   8 *  Some code moved for less code duplication - Andi Kleen - Mar 1997
   9 *  Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001
  10 */
  11
  12#include <linux/types.h>
  13#include <linux/errno.h>
  14#include <linux/sched/signal.h>
  15#include <linux/tty.h>
  16#include <linux/timer.h>
  17#include <linux/kernel.h>
  18#include <linux/compat.h>
  19#include <linux/module.h>
  20#include <linux/kd.h>
  21#include <linux/vt.h>
  22#include <linux/string.h>
  23#include <linux/slab.h>
  24#include <linux/major.h>
  25#include <linux/fs.h>
  26#include <linux/console.h>
  27#include <linux/consolemap.h>
  28#include <linux/signal.h>
  29#include <linux/suspend.h>
  30#include <linux/timex.h>
  31
  32#include <asm/io.h>
  33#include <linux/uaccess.h>
  34
  35#include <linux/nospec.h>
  36
  37#include <linux/kbd_kern.h>
  38#include <linux/vt_kern.h>
  39#include <linux/kbd_diacr.h>
  40#include <linux/selection.h>
  41
  42bool vt_dont_switch;
  43
  44static inline bool vt_in_use(unsigned int i)
  45{
  46        const struct vc_data *vc = vc_cons[i].d;
  47
  48        /*
  49         * console_lock must be held to prevent the vc from being deallocated
  50         * while we're checking whether it's in-use.
  51         */
  52        WARN_CONSOLE_UNLOCKED();
  53
  54        return vc && kref_read(&vc->port.kref) > 1;
  55}
  56
  57static inline bool vt_busy(int i)
  58{
  59        if (vt_in_use(i))
  60                return true;
  61        if (i == fg_console)
  62                return true;
  63        if (vc_is_sel(vc_cons[i].d))
  64                return true;
  65
  66        return false;
  67}
  68
  69/*
  70 * Console (vt and kd) routines, as defined by USL SVR4 manual, and by
  71 * experimentation and study of X386 SYSV handling.
  72 *
  73 * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and
  74 * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console,
  75 * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will
  76 * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to
  77 * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using
  78 * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing
  79 * to the current console is done by the main ioctl code.
  80 */
  81
  82#ifdef CONFIG_X86
  83#include <asm/syscalls.h>
  84#endif
  85
  86static void complete_change_console(struct vc_data *vc);
  87
  88/*
  89 *      User space VT_EVENT handlers
  90 */
  91
  92struct vt_event_wait {
  93        struct list_head list;
  94        struct vt_event event;
  95        int done;
  96};
  97
  98static LIST_HEAD(vt_events);
  99static DEFINE_SPINLOCK(vt_event_lock);
 100static DECLARE_WAIT_QUEUE_HEAD(vt_event_waitqueue);
 101
 102/**
 103 *      vt_event_post
 104 *      @event: the event that occurred
 105 *      @old: old console
 106 *      @new: new console
 107 *
 108 *      Post an VT event to interested VT handlers
 109 */
 110
 111void vt_event_post(unsigned int event, unsigned int old, unsigned int new)
 112{
 113        struct list_head *pos, *head;
 114        unsigned long flags;
 115        int wake = 0;
 116
 117        spin_lock_irqsave(&vt_event_lock, flags);
 118        head = &vt_events;
 119
 120        list_for_each(pos, head) {
 121                struct vt_event_wait *ve = list_entry(pos,
 122                                                struct vt_event_wait, list);
 123                if (!(ve->event.event & event))
 124                        continue;
 125                ve->event.event = event;
 126                /* kernel view is consoles 0..n-1, user space view is
 127                   console 1..n with 0 meaning current, so we must bias */
 128                ve->event.oldev = old + 1;
 129                ve->event.newev = new + 1;
 130                wake = 1;
 131                ve->done = 1;
 132        }
 133        spin_unlock_irqrestore(&vt_event_lock, flags);
 134        if (wake)
 135                wake_up_interruptible(&vt_event_waitqueue);
 136}
 137
 138static void __vt_event_queue(struct vt_event_wait *vw)
 139{
 140        unsigned long flags;
 141        /* Prepare the event */
 142        INIT_LIST_HEAD(&vw->list);
 143        vw->done = 0;
 144        /* Queue our event */
 145        spin_lock_irqsave(&vt_event_lock, flags);
 146        list_add(&vw->list, &vt_events);
 147        spin_unlock_irqrestore(&vt_event_lock, flags);
 148}
 149
 150static void __vt_event_wait(struct vt_event_wait *vw)
 151{
 152        /* Wait for it to pass */
 153        wait_event_interruptible(vt_event_waitqueue, vw->done);
 154}
 155
 156static void __vt_event_dequeue(struct vt_event_wait *vw)
 157{
 158        unsigned long flags;
 159
 160        /* Dequeue it */
 161        spin_lock_irqsave(&vt_event_lock, flags);
 162        list_del(&vw->list);
 163        spin_unlock_irqrestore(&vt_event_lock, flags);
 164}
 165
 166/**
 167 *      vt_event_wait           -       wait for an event
 168 *      @vw: our event
 169 *
 170 *      Waits for an event to occur which completes our vt_event_wait
 171 *      structure. On return the structure has wv->done set to 1 for success
 172 *      or 0 if some event such as a signal ended the wait.
 173 */
 174
 175static void vt_event_wait(struct vt_event_wait *vw)
 176{
 177        __vt_event_queue(vw);
 178        __vt_event_wait(vw);
 179        __vt_event_dequeue(vw);
 180}
 181
 182/**
 183 *      vt_event_wait_ioctl     -       event ioctl handler
 184 *      @event: argument to ioctl (the event)
 185 *
 186 *      Implement the VT_WAITEVENT ioctl using the VT event interface
 187 */
 188
 189static int vt_event_wait_ioctl(struct vt_event __user *event)
 190{
 191        struct vt_event_wait vw;
 192
 193        if (copy_from_user(&vw.event, event, sizeof(struct vt_event)))
 194                return -EFAULT;
 195        /* Highest supported event for now */
 196        if (vw.event.event & ~VT_MAX_EVENT)
 197                return -EINVAL;
 198
 199        vt_event_wait(&vw);
 200        /* If it occurred report it */
 201        if (vw.done) {
 202                if (copy_to_user(event, &vw.event, sizeof(struct vt_event)))
 203                        return -EFAULT;
 204                return 0;
 205        }
 206        return -EINTR;
 207}
 208
 209/**
 210 *      vt_waitactive   -       active console wait
 211 *      @n: new console
 212 *
 213 *      Helper for event waits. Used to implement the legacy
 214 *      event waiting ioctls in terms of events
 215 */
 216
 217int vt_waitactive(int n)
 218{
 219        struct vt_event_wait vw;
 220        do {
 221                vw.event.event = VT_EVENT_SWITCH;
 222                __vt_event_queue(&vw);
 223                if (n == fg_console + 1) {
 224                        __vt_event_dequeue(&vw);
 225                        break;
 226                }
 227                __vt_event_wait(&vw);
 228                __vt_event_dequeue(&vw);
 229                if (vw.done == 0)
 230                        return -EINTR;
 231        } while (vw.event.newev != n);
 232        return 0;
 233}
 234
 235/*
 236 * these are the valid i/o ports we're allowed to change. they map all the
 237 * video ports
 238 */
 239#define GPFIRST 0x3b4
 240#define GPLAST 0x3df
 241#define GPNUM (GPLAST - GPFIRST + 1)
 242
 243/*
 244 * currently, setting the mode from KD_TEXT to KD_GRAPHICS doesn't do a whole
 245 * lot. i'm not sure if it should do any restoration of modes or what...
 246 *
 247 * XXX It should at least call into the driver, fbdev's definitely need to
 248 * restore their engine state. --BenH
 249 *
 250 * Called with the console lock held.
 251 */
 252static int vt_kdsetmode(struct vc_data *vc, unsigned long mode)
 253{
 254        switch (mode) {
 255        case KD_GRAPHICS:
 256                break;
 257        case KD_TEXT0:
 258        case KD_TEXT1:
 259                mode = KD_TEXT;
 260                fallthrough;
 261        case KD_TEXT:
 262                break;
 263        default:
 264                return -EINVAL;
 265        }
 266
 267        if (vc->vc_mode == mode)
 268                return 0;
 269
 270        vc->vc_mode = mode;
 271        if (vc->vc_num != fg_console)
 272                return 0;
 273
 274        /* explicitly blank/unblank the screen if switching modes */
 275        if (mode == KD_TEXT)
 276                do_unblank_screen(1);
 277        else
 278                do_blank_screen(1);
 279
 280        return 0;
 281}
 282
 283static int vt_k_ioctl(struct tty_struct *tty, unsigned int cmd,
 284                unsigned long arg, bool perm)
 285{
 286        struct vc_data *vc = tty->driver_data;
 287        void __user *up = (void __user *)arg;
 288        unsigned int console = vc->vc_num;
 289        int ret;
 290
 291        switch (cmd) {
 292        case KIOCSOUND:
 293                if (!perm)
 294                        return -EPERM;
 295                /*
 296                 * The use of PIT_TICK_RATE is historic, it used to be
 297                 * the platform-dependent CLOCK_TICK_RATE between 2.6.12
 298                 * and 2.6.36, which was a minor but unfortunate ABI
 299                 * change. kd_mksound is locked by the input layer.
 300                 */
 301                if (arg)
 302                        arg = PIT_TICK_RATE / arg;
 303                kd_mksound(arg, 0);
 304                break;
 305
 306        case KDMKTONE:
 307                if (!perm)
 308                        return -EPERM;
 309        {
 310                unsigned int ticks, count;
 311
 312                /*
 313                 * Generate the tone for the appropriate number of ticks.
 314                 * If the time is zero, turn off sound ourselves.
 315                 */
 316                ticks = msecs_to_jiffies((arg >> 16) & 0xffff);
 317                count = ticks ? (arg & 0xffff) : 0;
 318                if (count)
 319                        count = PIT_TICK_RATE / count;
 320                kd_mksound(count, ticks);
 321                break;
 322        }
 323
 324        case KDGKBTYPE:
 325                /*
 326                 * this is naïve.
 327                 */
 328                return put_user(KB_101, (char __user *)arg);
 329
 330                /*
 331                 * These cannot be implemented on any machine that implements
 332                 * ioperm() in user level (such as Alpha PCs) or not at all.
 333                 *
 334                 * XXX: you should never use these, just call ioperm directly..
 335                 */
 336#ifdef CONFIG_X86
 337        case KDADDIO:
 338        case KDDELIO:
 339                /*
 340                 * KDADDIO and KDDELIO may be able to add ports beyond what
 341                 * we reject here, but to be safe...
 342                 *
 343                 * These are locked internally via sys_ioperm
 344                 */
 345                if (arg < GPFIRST || arg > GPLAST)
 346                        return -EINVAL;
 347
 348                return ksys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0;
 349
 350        case KDENABIO:
 351        case KDDISABIO:
 352                return ksys_ioperm(GPFIRST, GPNUM,
 353                                  (cmd == KDENABIO)) ? -ENXIO : 0;
 354#endif
 355
 356        /* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */
 357
 358        case KDKBDREP:
 359        {
 360                struct kbd_repeat kbrep;
 361
 362                if (!capable(CAP_SYS_TTY_CONFIG))
 363                        return -EPERM;
 364
 365                if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat)))
 366                        return -EFAULT;
 367
 368                ret = kbd_rate(&kbrep);
 369                if (ret)
 370                        return ret;
 371                if (copy_to_user(up, &kbrep, sizeof(struct kbd_repeat)))
 372                        return -EFAULT;
 373                break;
 374        }
 375
 376        case KDSETMODE:
 377                if (!perm)
 378                        return -EPERM;
 379
 380                console_lock();
 381                ret = vt_kdsetmode(vc, arg);
 382                console_unlock();
 383                return ret;
 384
 385        case KDGETMODE:
 386                return put_user(vc->vc_mode, (int __user *)arg);
 387
 388        case KDMAPDISP:
 389        case KDUNMAPDISP:
 390                /*
 391                 * these work like a combination of mmap and KDENABIO.
 392                 * this could be easily finished.
 393                 */
 394                return -EINVAL;
 395
 396        case KDSKBMODE:
 397                if (!perm)
 398                        return -EPERM;
 399                ret = vt_do_kdskbmode(console, arg);
 400                if (ret)
 401                        return ret;
 402                tty_ldisc_flush(tty);
 403                break;
 404
 405        case KDGKBMODE:
 406                return put_user(vt_do_kdgkbmode(console), (int __user *)arg);
 407
 408        /* this could be folded into KDSKBMODE, but for compatibility
 409           reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */
 410        case KDSKBMETA:
 411                return vt_do_kdskbmeta(console, arg);
 412
 413        case KDGKBMETA:
 414                /* FIXME: should review whether this is worth locking */
 415                return put_user(vt_do_kdgkbmeta(console), (int __user *)arg);
 416
 417        case KDGETKEYCODE:
 418        case KDSETKEYCODE:
 419                if(!capable(CAP_SYS_TTY_CONFIG))
 420                        perm = 0;
 421                return vt_do_kbkeycode_ioctl(cmd, up, perm);
 422
 423        case KDGKBENT:
 424        case KDSKBENT:
 425                return vt_do_kdsk_ioctl(cmd, up, perm, console);
 426
 427        case KDGKBSENT:
 428        case KDSKBSENT:
 429                return vt_do_kdgkb_ioctl(cmd, up, perm);
 430
 431        /* Diacritical processing. Handled in keyboard.c as it has
 432           to operate on the keyboard locks and structures */
 433        case KDGKBDIACR:
 434        case KDGKBDIACRUC:
 435        case KDSKBDIACR:
 436        case KDSKBDIACRUC:
 437                return vt_do_diacrit(cmd, up, perm);
 438
 439        /* the ioctls below read/set the flags usually shown in the leds */
 440        /* don't use them - they will go away without warning */
 441        case KDGKBLED:
 442        case KDSKBLED:
 443        case KDGETLED:
 444        case KDSETLED:
 445                return vt_do_kdskled(console, cmd, arg, perm);
 446
 447        /*
 448         * A process can indicate its willingness to accept signals
 449         * generated by pressing an appropriate key combination.
 450         * Thus, one can have a daemon that e.g. spawns a new console
 451         * upon a keypress and then changes to it.
 452         * See also the kbrequest field of inittab(5).
 453         */
 454        case KDSIGACCEPT:
 455                if (!perm || !capable(CAP_KILL))
 456                        return -EPERM;
 457                if (!valid_signal(arg) || arg < 1 || arg == SIGKILL)
 458                        return -EINVAL;
 459
 460                spin_lock_irq(&vt_spawn_con.lock);
 461                put_pid(vt_spawn_con.pid);
 462                vt_spawn_con.pid = get_pid(task_pid(current));
 463                vt_spawn_con.sig = arg;
 464                spin_unlock_irq(&vt_spawn_con.lock);
 465                break;
 466
 467        case KDFONTOP: {
 468                struct console_font_op op;
 469
 470                if (copy_from_user(&op, up, sizeof(op)))
 471                        return -EFAULT;
 472                if (!perm && op.op != KD_FONT_OP_GET)
 473                        return -EPERM;
 474                ret = con_font_op(vc, &op);
 475                if (ret)
 476                        return ret;
 477                if (copy_to_user(up, &op, sizeof(op)))
 478                        return -EFAULT;
 479                break;
 480        }
 481
 482        default:
 483                return -ENOIOCTLCMD;
 484        }
 485
 486        return 0;
 487}
 488
 489static inline int do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud,
 490                bool perm, struct vc_data *vc)
 491{
 492        struct unimapdesc tmp;
 493
 494        if (copy_from_user(&tmp, user_ud, sizeof tmp))
 495                return -EFAULT;
 496        switch (cmd) {
 497        case PIO_UNIMAP:
 498                if (!perm)
 499                        return -EPERM;
 500                return con_set_unimap(vc, tmp.entry_ct, tmp.entries);
 501        case GIO_UNIMAP:
 502                if (!perm && fg_console != vc->vc_num)
 503                        return -EPERM;
 504                return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct),
 505                                tmp.entries);
 506        }
 507        return 0;
 508}
 509
 510static int vt_io_ioctl(struct vc_data *vc, unsigned int cmd, void __user *up,
 511                bool perm)
 512{
 513        switch (cmd) {
 514        case PIO_CMAP:
 515                if (!perm)
 516                        return -EPERM;
 517                return con_set_cmap(up);
 518
 519        case GIO_CMAP:
 520                return con_get_cmap(up);
 521
 522        case PIO_SCRNMAP:
 523                if (!perm)
 524                        return -EPERM;
 525                return con_set_trans_old(up);
 526
 527        case GIO_SCRNMAP:
 528                return con_get_trans_old(up);
 529
 530        case PIO_UNISCRNMAP:
 531                if (!perm)
 532                        return -EPERM;
 533                return con_set_trans_new(up);
 534
 535        case GIO_UNISCRNMAP:
 536                return con_get_trans_new(up);
 537
 538        case PIO_UNIMAPCLR:
 539                if (!perm)
 540                        return -EPERM;
 541                con_clear_unimap(vc);
 542                break;
 543
 544        case PIO_UNIMAP:
 545        case GIO_UNIMAP:
 546                return do_unimap_ioctl(cmd, up, perm, vc);
 547
 548        default:
 549                return -ENOIOCTLCMD;
 550        }
 551
 552        return 0;
 553}
 554
 555static int vt_reldisp(struct vc_data *vc, unsigned int swtch)
 556{
 557        int newvt, ret;
 558
 559        if (vc->vt_mode.mode != VT_PROCESS)
 560                return -EINVAL;
 561
 562        /* Switched-to response */
 563        if (vc->vt_newvt < 0) {
 564                 /* If it's just an ACK, ignore it */
 565                return swtch == VT_ACKACQ ? 0 : -EINVAL;
 566        }
 567
 568        /* Switching-from response */
 569        if (swtch == 0) {
 570                /* Switch disallowed, so forget we were trying to do it. */
 571                vc->vt_newvt = -1;
 572                return 0;
 573        }
 574
 575        /* The current vt has been released, so complete the switch. */
 576        newvt = vc->vt_newvt;
 577        vc->vt_newvt = -1;
 578        ret = vc_allocate(newvt);
 579        if (ret)
 580                return ret;
 581
 582        /*
 583         * When we actually do the console switch, make sure we are atomic with
 584         * respect to other console switches..
 585         */
 586        complete_change_console(vc_cons[newvt].d);
 587
 588        return 0;
 589}
 590
 591static int vt_setactivate(struct vt_setactivate __user *sa)
 592{
 593        struct vt_setactivate vsa;
 594        struct vc_data *nvc;
 595        int ret;
 596
 597        if (copy_from_user(&vsa, sa, sizeof(vsa)))
 598                return -EFAULT;
 599        if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES)
 600                return -ENXIO;
 601
 602        vsa.console = array_index_nospec(vsa.console, MAX_NR_CONSOLES + 1);
 603        vsa.console--;
 604        console_lock();
 605        ret = vc_allocate(vsa.console);
 606        if (ret) {
 607                console_unlock();
 608                return ret;
 609        }
 610
 611        /*
 612         * This is safe providing we don't drop the console sem between
 613         * vc_allocate and finishing referencing nvc.
 614         */
 615        nvc = vc_cons[vsa.console].d;
 616        nvc->vt_mode = vsa.mode;
 617        nvc->vt_mode.frsig = 0;
 618        put_pid(nvc->vt_pid);
 619        nvc->vt_pid = get_pid(task_pid(current));
 620        console_unlock();
 621
 622        /* Commence switch and lock */
 623        /* Review set_console locks */
 624        set_console(vsa.console);
 625
 626        return 0;
 627}
 628
 629/* deallocate a single console, if possible (leave 0) */
 630static int vt_disallocate(unsigned int vc_num)
 631{
 632        struct vc_data *vc = NULL;
 633        int ret = 0;
 634
 635        console_lock();
 636        if (vt_busy(vc_num))
 637                ret = -EBUSY;
 638        else if (vc_num)
 639                vc = vc_deallocate(vc_num);
 640        console_unlock();
 641
 642        if (vc && vc_num >= MIN_NR_CONSOLES)
 643                tty_port_put(&vc->port);
 644
 645        return ret;
 646}
 647
 648/* deallocate all unused consoles, but leave 0 */
 649static void vt_disallocate_all(void)
 650{
 651        struct vc_data *vc[MAX_NR_CONSOLES];
 652        int i;
 653
 654        console_lock();
 655        for (i = 1; i < MAX_NR_CONSOLES; i++)
 656                if (!vt_busy(i))
 657                        vc[i] = vc_deallocate(i);
 658                else
 659                        vc[i] = NULL;
 660        console_unlock();
 661
 662        for (i = 1; i < MAX_NR_CONSOLES; i++) {
 663                if (vc[i] && i >= MIN_NR_CONSOLES)
 664                        tty_port_put(&vc[i]->port);
 665        }
 666}
 667
 668static int vt_resizex(struct vc_data *vc, struct vt_consize __user *cs)
 669{
 670        struct vt_consize v;
 671        int i;
 672
 673        if (copy_from_user(&v, cs, sizeof(struct vt_consize)))
 674                return -EFAULT;
 675
 676        /* FIXME: Should check the copies properly */
 677        if (!v.v_vlin)
 678                v.v_vlin = vc->vc_scan_lines;
 679
 680        if (v.v_clin) {
 681                int rows = v.v_vlin / v.v_clin;
 682                if (v.v_rows != rows) {
 683                        if (v.v_rows) /* Parameters don't add up */
 684                                return -EINVAL;
 685                        v.v_rows = rows;
 686                }
 687        }
 688
 689        if (v.v_vcol && v.v_ccol) {
 690                int cols = v.v_vcol / v.v_ccol;
 691                if (v.v_cols != cols) {
 692                        if (v.v_cols)
 693                                return -EINVAL;
 694                        v.v_cols = cols;
 695                }
 696        }
 697
 698        if (v.v_clin > 32)
 699                return -EINVAL;
 700
 701        for (i = 0; i < MAX_NR_CONSOLES; i++) {
 702                struct vc_data *vcp;
 703
 704                if (!vc_cons[i].d)
 705                        continue;
 706                console_lock();
 707                vcp = vc_cons[i].d;
 708                if (vcp) {
 709                        int ret;
 710                        int save_scan_lines = vcp->vc_scan_lines;
 711                        int save_cell_height = vcp->vc_cell_height;
 712
 713                        if (v.v_vlin)
 714                                vcp->vc_scan_lines = v.v_vlin;
 715                        if (v.v_clin)
 716                                vcp->vc_cell_height = v.v_clin;
 717                        vcp->vc_resize_user = 1;
 718                        ret = vc_resize(vcp, v.v_cols, v.v_rows);
 719                        if (ret) {
 720                                vcp->vc_scan_lines = save_scan_lines;
 721                                vcp->vc_cell_height = save_cell_height;
 722                                console_unlock();
 723                                return ret;
 724                        }
 725                }
 726                console_unlock();
 727        }
 728
 729        return 0;
 730}
 731
 732/*
 733 * We handle the console-specific ioctl's here.  We allow the
 734 * capability to modify any console, not just the fg_console.
 735 */
 736int vt_ioctl(struct tty_struct *tty,
 737             unsigned int cmd, unsigned long arg)
 738{
 739        struct vc_data *vc = tty->driver_data;
 740        void __user *up = (void __user *)arg;
 741        int i, perm;
 742        int ret;
 743
 744        /*
 745         * To have permissions to do most of the vt ioctls, we either have
 746         * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
 747         */
 748        perm = 0;
 749        if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG))
 750                perm = 1;
 751
 752        ret = vt_k_ioctl(tty, cmd, arg, perm);
 753        if (ret != -ENOIOCTLCMD)
 754                return ret;
 755
 756        ret = vt_io_ioctl(vc, cmd, up, perm);
 757        if (ret != -ENOIOCTLCMD)
 758                return ret;
 759
 760        switch (cmd) {
 761        case TIOCLINUX:
 762                return tioclinux(tty, arg);
 763        case VT_SETMODE:
 764        {
 765                struct vt_mode tmp;
 766
 767                if (!perm)
 768                        return -EPERM;
 769                if (copy_from_user(&tmp, up, sizeof(struct vt_mode)))
 770                        return -EFAULT;
 771                if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS)
 772                        return -EINVAL;
 773
 774                console_lock();
 775                vc->vt_mode = tmp;
 776                /* the frsig is ignored, so we set it to 0 */
 777                vc->vt_mode.frsig = 0;
 778                put_pid(vc->vt_pid);
 779                vc->vt_pid = get_pid(task_pid(current));
 780                /* no switch is required -- saw@shade.msu.ru */
 781                vc->vt_newvt = -1;
 782                console_unlock();
 783                break;
 784        }
 785
 786        case VT_GETMODE:
 787        {
 788                struct vt_mode tmp;
 789                int rc;
 790
 791                console_lock();
 792                memcpy(&tmp, &vc->vt_mode, sizeof(struct vt_mode));
 793                console_unlock();
 794
 795                rc = copy_to_user(up, &tmp, sizeof(struct vt_mode));
 796                if (rc)
 797                        return -EFAULT;
 798                break;
 799        }
 800
 801        /*
 802         * Returns global vt state. Note that VT 0 is always open, since
 803         * it's an alias for the current VT, and people can't use it here.
 804         * We cannot return state for more than 16 VTs, since v_state is short.
 805         */
 806        case VT_GETSTATE:
 807        {
 808                struct vt_stat __user *vtstat = up;
 809                unsigned short state, mask;
 810
 811                if (put_user(fg_console + 1, &vtstat->v_active))
 812                        return -EFAULT;
 813
 814                state = 1;      /* /dev/tty0 is always open */
 815                console_lock(); /* required by vt_in_use() */
 816                for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask;
 817                                ++i, mask <<= 1)
 818                        if (vt_in_use(i))
 819                                state |= mask;
 820                console_unlock();
 821                return put_user(state, &vtstat->v_state);
 822        }
 823
 824        /*
 825         * Returns the first available (non-opened) console.
 826         */
 827        case VT_OPENQRY:
 828                console_lock(); /* required by vt_in_use() */
 829                for (i = 0; i < MAX_NR_CONSOLES; ++i)
 830                        if (!vt_in_use(i))
 831                                break;
 832                console_unlock();
 833                i = i < MAX_NR_CONSOLES ? (i+1) : -1;
 834                return put_user(i, (int __user *)arg);
 835
 836        /*
 837         * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num,
 838         * with num >= 1 (switches to vt 0, our console, are not allowed, just
 839         * to preserve sanity).
 840         */
 841        case VT_ACTIVATE:
 842                if (!perm)
 843                        return -EPERM;
 844                if (arg == 0 || arg > MAX_NR_CONSOLES)
 845                        return -ENXIO;
 846
 847                arg--;
 848                console_lock();
 849                ret = vc_allocate(arg);
 850                console_unlock();
 851                if (ret)
 852                        return ret;
 853                set_console(arg);
 854                break;
 855
 856        case VT_SETACTIVATE:
 857                if (!perm)
 858                        return -EPERM;
 859
 860                return vt_setactivate(up);
 861
 862        /*
 863         * wait until the specified VT has been activated
 864         */
 865        case VT_WAITACTIVE:
 866                if (!perm)
 867                        return -EPERM;
 868                if (arg == 0 || arg > MAX_NR_CONSOLES)
 869                        return -ENXIO;
 870                return vt_waitactive(arg);
 871
 872        /*
 873         * If a vt is under process control, the kernel will not switch to it
 874         * immediately, but postpone the operation until the process calls this
 875         * ioctl, allowing the switch to complete.
 876         *
 877         * According to the X sources this is the behavior:
 878         *      0:      pending switch-from not OK
 879         *      1:      pending switch-from OK
 880         *      2:      completed switch-to OK
 881         */
 882        case VT_RELDISP:
 883                if (!perm)
 884                        return -EPERM;
 885
 886                console_lock();
 887                ret = vt_reldisp(vc, arg);
 888                console_unlock();
 889
 890                return ret;
 891
 892
 893         /*
 894          * Disallocate memory associated to VT (but leave VT1)
 895          */
 896         case VT_DISALLOCATE:
 897                if (arg > MAX_NR_CONSOLES)
 898                        return -ENXIO;
 899
 900                if (arg == 0)
 901                        vt_disallocate_all();
 902                else
 903                        return vt_disallocate(--arg);
 904                break;
 905
 906        case VT_RESIZE:
 907        {
 908                struct vt_sizes __user *vtsizes = up;
 909                struct vc_data *vc;
 910                ushort ll,cc;
 911
 912                if (!perm)
 913                        return -EPERM;
 914                if (get_user(ll, &vtsizes->v_rows) ||
 915                    get_user(cc, &vtsizes->v_cols))
 916                        return -EFAULT;
 917
 918                console_lock();
 919                for (i = 0; i < MAX_NR_CONSOLES; i++) {
 920                        vc = vc_cons[i].d;
 921
 922                        if (vc) {
 923                                vc->vc_resize_user = 1;
 924                                /* FIXME: review v tty lock */
 925                                vc_resize(vc_cons[i].d, cc, ll);
 926                        }
 927                }
 928                console_unlock();
 929                break;
 930        }
 931
 932        case VT_RESIZEX:
 933                if (!perm)
 934                        return -EPERM;
 935
 936                return vt_resizex(vc, up);
 937
 938        case VT_LOCKSWITCH:
 939                if (!capable(CAP_SYS_TTY_CONFIG))
 940                        return -EPERM;
 941                vt_dont_switch = true;
 942                break;
 943        case VT_UNLOCKSWITCH:
 944                if (!capable(CAP_SYS_TTY_CONFIG))
 945                        return -EPERM;
 946                vt_dont_switch = false;
 947                break;
 948        case VT_GETHIFONTMASK:
 949                return put_user(vc->vc_hi_font_mask,
 950                                        (unsigned short __user *)arg);
 951        case VT_WAITEVENT:
 952                return vt_event_wait_ioctl((struct vt_event __user *)arg);
 953        default:
 954                return -ENOIOCTLCMD;
 955        }
 956
 957        return 0;
 958}
 959
 960void reset_vc(struct vc_data *vc)
 961{
 962        vc->vc_mode = KD_TEXT;
 963        vt_reset_unicode(vc->vc_num);
 964        vc->vt_mode.mode = VT_AUTO;
 965        vc->vt_mode.waitv = 0;
 966        vc->vt_mode.relsig = 0;
 967        vc->vt_mode.acqsig = 0;
 968        vc->vt_mode.frsig = 0;
 969        put_pid(vc->vt_pid);
 970        vc->vt_pid = NULL;
 971        vc->vt_newvt = -1;
 972        reset_palette(vc);
 973}
 974
 975void vc_SAK(struct work_struct *work)
 976{
 977        struct vc *vc_con =
 978                container_of(work, struct vc, SAK_work);
 979        struct vc_data *vc;
 980        struct tty_struct *tty;
 981
 982        console_lock();
 983        vc = vc_con->d;
 984        if (vc) {
 985                /* FIXME: review tty ref counting */
 986                tty = vc->port.tty;
 987                /*
 988                 * SAK should also work in all raw modes and reset
 989                 * them properly.
 990                 */
 991                if (tty)
 992                        __do_SAK(tty);
 993                reset_vc(vc);
 994        }
 995        console_unlock();
 996}
 997
 998#ifdef CONFIG_COMPAT
 999
1000struct compat_console_font_op {

1001        compat_uint_t op;        /* operation code KD_FONT_OP_* */
1002        compat_uint_t flags;     /* KD_FONT_FLAG_* */
1003        compat_uint_t width, height;     /* font size */
1004        compat_uint_t charcount;
1005        compat_caddr_t data;    /* font data with height fixed to 32 */
1006};
1007
1008static inline int
1009compat_kdfontop_ioctl(struct compat_console_font_op __user *fontop,
1010                         int perm, struct console_font_op *op, struct vc_data *vc)
1011{
1012        int i;
1013
1014        if (copy_from_user(op, fontop, sizeof(struct compat_console_font_op)))
1015                return -EFAULT;
1016        if (!perm && op->op != KD_FONT_OP_GET)
1017                return -EPERM;
1018        op->data = compat_ptr(((struct compat_console_font_op *)op)->data);
1019        i = con_font_op(vc, op);
1020        if (i)
1021                return i;
1022        ((struct compat_console_font_op *)op)->data = (unsigned long)op->data;
1023        if (copy_to_user(fontop, op, sizeof(struct compat_console_font_op)))
1024                return -EFAULT;
1025        return 0;
1026}
1027
1028struct compat_unimapdesc {
1029        unsigned short entry_ct;
1030        compat_caddr_t entries;
1031};
1032
1033static inline int
1034compat_unimap_ioctl(unsigned int cmd, struct compat_unimapdesc __user *user_ud,
1035                         int perm, struct vc_data *vc)
1036{
1037        struct compat_unimapdesc tmp;
1038        struct unipair __user *tmp_entries;
1039
1040        if (copy_from_user(&tmp, user_ud, sizeof tmp))
1041                return -EFAULT;
1042        tmp_entries = compat_ptr(tmp.entries);
1043        switch (cmd) {
1044        case PIO_UNIMAP:
1045                if (!perm)
1046                        return -EPERM;
1047                return con_set_unimap(vc, tmp.entry_ct, tmp_entries);
1048        case GIO_UNIMAP:
1049                if (!perm && fg_console != vc->vc_num)
1050                        return -EPERM;
1051                return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp_entries);
1052        }
1053        return 0;
1054}
1055
1056long vt_compat_ioctl(struct tty_struct *tty,
1057             unsigned int cmd, unsigned long arg)
1058{
1059        struct vc_data *vc = tty->driver_data;
1060        struct console_font_op op;      /* used in multiple places here */
1061        void __user *up = compat_ptr(arg);
1062        int perm;
1063
1064        /*
1065         * To have permissions to do most of the vt ioctls, we either have
1066         * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
1067         */
1068        perm = 0;
1069        if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG))
1070                perm = 1;
1071
1072        switch (cmd) {
1073        /*
1074         * these need special handlers for incompatible data structures
1075         */
1076
1077        case KDFONTOP:
1078                return compat_kdfontop_ioctl(up, perm, &op, vc);
1079
1080        case PIO_UNIMAP:
1081        case GIO_UNIMAP:
1082                return compat_unimap_ioctl(cmd, up, perm, vc);
1083
1084        /*
1085         * all these treat 'arg' as an integer
1086         */
1087        case KIOCSOUND:
1088        case KDMKTONE:
1089#ifdef CONFIG_X86
1090        case KDADDIO:
1091        case KDDELIO:
1092#endif
1093        case KDSETMODE:
1094        case KDMAPDISP:
1095        case KDUNMAPDISP:
1096        case KDSKBMODE:
1097        case KDSKBMETA:
1098        case KDSKBLED:
1099        case KDSETLED:
1100        case KDSIGACCEPT:
1101        case VT_ACTIVATE:
1102        case VT_WAITACTIVE:
1103        case VT_RELDISP:
1104        case VT_DISALLOCATE:
1105        case VT_RESIZE:
1106        case VT_RESIZEX:
1107                return vt_ioctl(tty, cmd, arg);
1108
1109        /*
1110         * the rest has a compatible data structure behind arg,
1111         * but we have to convert it to a proper 64 bit pointer.
1112         */
1113        default:
1114                return vt_ioctl(tty, cmd, (unsigned long)up);
1115        }
1116}
1117
1118
1119#endif /* CONFIG_COMPAT */
1120
1121
1122/*
1123 * Performs the back end of a vt switch. Called under the console
1124 * semaphore.
1125 */
1126static void complete_change_console(struct vc_data *vc)
1127{
1128        unsigned char old_vc_mode;
1129        int old = fg_console;
1130
1131        last_console = fg_console;
1132
1133        /*
1134         * If we're switching, we could be going from KD_GRAPHICS to
1135         * KD_TEXT mode or vice versa, which means we need to blank or
1136         * unblank the screen later.
1137         */
1138        old_vc_mode = vc_cons[fg_console].d->vc_mode;
1139        switch_screen(vc);
1140
1141        /*
1142         * This can't appear below a successful kill_pid().  If it did,
1143         * then the *blank_screen operation could occur while X, having
1144         * received acqsig, is waking up on another processor.  This
1145         * condition can lead to overlapping accesses to the VGA range
1146         * and the framebuffer (causing system lockups).
1147         *
1148         * To account for this we duplicate this code below only if the
1149         * controlling process is gone and we've called reset_vc.
1150         */
1151        if (old_vc_mode != vc->vc_mode) {
1152                if (vc->vc_mode == KD_TEXT)
1153                        do_unblank_screen(1);
1154                else
1155                        do_blank_screen(1);
1156        }
1157
1158        /*
1159         * If this new console is under process control, send it a signal
1160         * telling it that it has acquired. Also check if it has died and
1161         * clean up (similar to logic employed in change_console())
1162         */
1163        if (vc->vt_mode.mode == VT_PROCESS) {
1164                /*
1165                 * Send the signal as privileged - kill_pid() will
1166                 * tell us if the process has gone or something else
1167                 * is awry
1168                 */
1169                if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) {
1170                /*
1171                 * The controlling process has died, so we revert back to
1172                 * normal operation. In this case, we'll also change back
1173                 * to KD_TEXT mode. I'm not sure if this is strictly correct
1174                 * but it saves the agony when the X server dies and the screen
1175                 * remains blanked due to KD_GRAPHICS! It would be nice to do
1176                 * this outside of VT_PROCESS but there is no single process
1177                 * to account for and tracking tty count may be undesirable.
1178                 */
1179                        reset_vc(vc);
1180
1181                        if (old_vc_mode != vc->vc_mode) {
1182                                if (vc->vc_mode == KD_TEXT)
1183                                        do_unblank_screen(1);
1184                                else
1185                                        do_blank_screen(1);
1186                        }
1187                }
1188        }
1189
1190        /*
1191         * Wake anyone waiting for their VT to activate
1192         */
1193        vt_event_post(VT_EVENT_SWITCH, old, vc->vc_num);
1194        return;
1195}
1196
1197/*
1198 * Performs the front-end of a vt switch
1199 */
1200void change_console(struct vc_data *new_vc)
1201{
1202        struct vc_data *vc;
1203
1204        if (!new_vc || new_vc->vc_num == fg_console || vt_dont_switch)
1205                return;
1206
1207        /*
1208         * If this vt is in process mode, then we need to handshake with
1209         * that process before switching. Essentially, we store where that
1210         * vt wants to switch to and wait for it to tell us when it's done
1211         * (via VT_RELDISP ioctl).
1212         *
1213         * We also check to see if the controlling process still exists.
1214         * If it doesn't, we reset this vt to auto mode and continue.
1215         * This is a cheap way to track process control. The worst thing
1216         * that can happen is: we send a signal to a process, it dies, and
1217         * the switch gets "lost" waiting for a response; hopefully, the
1218         * user will try again, we'll detect the process is gone (unless
1219         * the user waits just the right amount of time :-) and revert the
1220         * vt to auto control.
1221         */
1222        vc = vc_cons[fg_console].d;
1223        if (vc->vt_mode.mode == VT_PROCESS) {
1224                /*
1225                 * Send the signal as privileged - kill_pid() will
1226                 * tell us if the process has gone or something else
1227                 * is awry.
1228                 *
1229                 * We need to set vt_newvt *before* sending the signal or we
1230                 * have a race.
1231                 */
1232                vc->vt_newvt = new_vc->vc_num;
1233                if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) {
1234                        /*
1235                         * It worked. Mark the vt to switch to and
1236                         * return. The process needs to send us a
1237                         * VT_RELDISP ioctl to complete the switch.
1238                         */
1239                        return;
1240                }
1241
1242                /*
1243                 * The controlling process has died, so we revert back to
1244                 * normal operation. In this case, we'll also change back
1245                 * to KD_TEXT mode. I'm not sure if this is strictly correct
1246                 * but it saves the agony when the X server dies and the screen
1247                 * remains blanked due to KD_GRAPHICS! It would be nice to do
1248                 * this outside of VT_PROCESS but there is no single process
1249                 * to account for and tracking tty count may be undesirable.
1250                 */
1251                reset_vc(vc);
1252
1253                /*
1254                 * Fall through to normal (VT_AUTO) handling of the switch...
1255                 */
1256        }
1257
1258        /*
1259         * Ignore all switches in KD_GRAPHICS+VT_AUTO mode
1260         */
1261        if (vc->vc_mode == KD_GRAPHICS)
1262                return;
1263
1264        complete_change_console(new_vc);
1265}
1266
1267/* Perform a kernel triggered VT switch for suspend/resume */
1268
1269static int disable_vt_switch;
1270
1271int vt_move_to_console(unsigned int vt, int alloc)
1272{
1273        int prev;
1274
1275        console_lock();
1276        /* Graphics mode - up to X */
1277        if (disable_vt_switch) {
1278                console_unlock();
1279                return 0;
1280        }
1281        prev = fg_console;
1282
1283        if (alloc && vc_allocate(vt)) {
1284                /* we can't have a free VC for now. Too bad,
1285                 * we don't want to mess the screen for now. */
1286                console_unlock();
1287                return -ENOSPC;
1288        }
1289
1290        if (set_console(vt)) {
1291                /*
1292                 * We're unable to switch to the SUSPEND_CONSOLE.
1293                 * Let the calling function know so it can decide
1294                 * what to do.
1295                 */
1296                console_unlock();
1297                return -EIO;
1298        }
1299        console_unlock();
1300        if (vt_waitactive(vt + 1)) {
1301                pr_debug("Suspend: Can't switch VCs.");
1302                return -EINTR;
1303        }
1304        return prev;
1305}
1306
1307/*
1308 * Normally during a suspend, we allocate a new console and switch to it.
1309 * When we resume, we switch back to the original console.  This switch
1310 * can be slow, so on systems where the framebuffer can handle restoration
1311 * of video registers anyways, there's little point in doing the console
1312 * switch.  This function allows you to disable it by passing it '0'.
1313 */
1314void pm_set_vt_switch(int do_switch)
1315{
1316        console_lock();
1317        disable_vt_switch = !do_switch;
1318        console_unlock();
1319}
1320EXPORT_SYMBOL(pm_set_vt_switch);
1321