vt_ioctl.c 30 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * Copyright (C) 1992 obz under the linux copyright
  4. *
  5. * Dynamic diacritical handling - aeb@cwi.nl - Dec 1993
  6. * Dynamic keymap and string allocation - aeb@cwi.nl - May 1994
  7. * Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995
  8. * Some code moved for less code duplication - Andi Kleen - Mar 1997
  9. * Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001
  10. */
  11. #include <linux/types.h>
  12. #include <linux/errno.h>
  13. #include <linux/sched/signal.h>
  14. #include <linux/tty.h>
  15. #include <linux/timer.h>
  16. #include <linux/kernel.h>
  17. #include <linux/compat.h>
  18. #include <linux/module.h>
  19. #include <linux/kd.h>
  20. #include <linux/vt.h>
  21. #include <linux/string.h>
  22. #include <linux/slab.h>
  23. #include <linux/major.h>
  24. #include <linux/fs.h>
  25. #include <linux/console.h>
  26. #include <linux/consolemap.h>
  27. #include <linux/signal.h>
  28. #include <linux/suspend.h>
  29. #include <linux/timex.h>
  30. #include <asm/io.h>
  31. #include <linux/uaccess.h>
  32. #include <linux/nospec.h>
  33. #include <linux/kbd_kern.h>
  34. #include <linux/vt_kern.h>
  35. #include <linux/kbd_diacr.h>
  36. #include <linux/selection.h>
  37. bool vt_dont_switch;
  38. static inline bool vt_in_use(unsigned int i)
  39. {
  40. const struct vc_data *vc = vc_cons[i].d;
  41. /*
  42. * console_lock must be held to prevent the vc from being deallocated
  43. * while we're checking whether it's in-use.
  44. */
  45. WARN_CONSOLE_UNLOCKED();
  46. return vc && kref_read(&vc->port.kref) > 1;
  47. }
  48. static inline bool vt_busy(int i)
  49. {
  50. if (vt_in_use(i))
  51. return true;
  52. if (i == fg_console)
  53. return true;
  54. if (vc_is_sel(vc_cons[i].d))
  55. return true;
  56. return false;
  57. }
  58. /*
  59. * Console (vt and kd) routines, as defined by USL SVR4 manual, and by
  60. * experimentation and study of X386 SYSV handling.
  61. *
  62. * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and
  63. * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console,
  64. * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will
  65. * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to
  66. * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using
  67. * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing
  68. * to the current console is done by the main ioctl code.
  69. */
  70. #ifdef CONFIG_X86
  71. #include <asm/syscalls.h>
  72. #endif
  73. static void complete_change_console(struct vc_data *vc);
  74. /*
  75. * User space VT_EVENT handlers
  76. */
  77. struct vt_event_wait {
  78. struct list_head list;
  79. struct vt_event event;
  80. int done;
  81. };
  82. static LIST_HEAD(vt_events);
  83. static DEFINE_SPINLOCK(vt_event_lock);
  84. static DECLARE_WAIT_QUEUE_HEAD(vt_event_waitqueue);
  85. /**
  86. * vt_event_post
  87. * @event: the event that occurred
  88. * @old: old console
  89. * @new: new console
  90. *
  91. * Post an VT event to interested VT handlers
  92. */
  93. void vt_event_post(unsigned int event, unsigned int old, unsigned int new)
  94. {
  95. struct list_head *pos, *head;
  96. unsigned long flags;
  97. int wake = 0;
  98. spin_lock_irqsave(&vt_event_lock, flags);
  99. head = &vt_events;
  100. list_for_each(pos, head) {
  101. struct vt_event_wait *ve = list_entry(pos,
  102. struct vt_event_wait, list);
  103. if (!(ve->event.event & event))
  104. continue;
  105. ve->event.event = event;
  106. /* kernel view is consoles 0..n-1, user space view is
  107. console 1..n with 0 meaning current, so we must bias */
  108. ve->event.oldev = old + 1;
  109. ve->event.newev = new + 1;
  110. wake = 1;
  111. ve->done = 1;
  112. }
  113. spin_unlock_irqrestore(&vt_event_lock, flags);
  114. if (wake)
  115. wake_up_interruptible(&vt_event_waitqueue);
  116. }
  117. static void __vt_event_queue(struct vt_event_wait *vw)
  118. {
  119. unsigned long flags;
  120. /* Prepare the event */
  121. INIT_LIST_HEAD(&vw->list);
  122. vw->done = 0;
  123. /* Queue our event */
  124. spin_lock_irqsave(&vt_event_lock, flags);
  125. list_add(&vw->list, &vt_events);
  126. spin_unlock_irqrestore(&vt_event_lock, flags);
  127. }
  128. static void __vt_event_wait(struct vt_event_wait *vw)
  129. {
  130. /* Wait for it to pass */
  131. wait_event_interruptible(vt_event_waitqueue, vw->done);
  132. }
  133. static void __vt_event_dequeue(struct vt_event_wait *vw)
  134. {
  135. unsigned long flags;
  136. /* Dequeue it */
  137. spin_lock_irqsave(&vt_event_lock, flags);
  138. list_del(&vw->list);
  139. spin_unlock_irqrestore(&vt_event_lock, flags);
  140. }
  141. /**
  142. * vt_event_wait - wait for an event
  143. * @vw: our event
  144. *
  145. * Waits for an event to occur which completes our vt_event_wait
  146. * structure. On return the structure has wv->done set to 1 for success
  147. * or 0 if some event such as a signal ended the wait.
  148. */
  149. static void vt_event_wait(struct vt_event_wait *vw)
  150. {
  151. __vt_event_queue(vw);
  152. __vt_event_wait(vw);
  153. __vt_event_dequeue(vw);
  154. }
  155. /**
  156. * vt_event_wait_ioctl - event ioctl handler
  157. * @event: argument to ioctl (the event)
  158. *
  159. * Implement the VT_WAITEVENT ioctl using the VT event interface
  160. */
  161. static int vt_event_wait_ioctl(struct vt_event __user *event)
  162. {
  163. struct vt_event_wait vw;
  164. if (copy_from_user(&vw.event, event, sizeof(struct vt_event)))
  165. return -EFAULT;
  166. /* Highest supported event for now */
  167. if (vw.event.event & ~VT_MAX_EVENT)
  168. return -EINVAL;
  169. vt_event_wait(&vw);
  170. /* If it occurred report it */
  171. if (vw.done) {
  172. if (copy_to_user(event, &vw.event, sizeof(struct vt_event)))
  173. return -EFAULT;
  174. return 0;
  175. }
  176. return -EINTR;
  177. }
  178. /**
  179. * vt_waitactive - active console wait
  180. * @n: new console
  181. *
  182. * Helper for event waits. Used to implement the legacy
  183. * event waiting ioctls in terms of events
  184. */
  185. int vt_waitactive(int n)
  186. {
  187. struct vt_event_wait vw;
  188. do {
  189. vw.event.event = VT_EVENT_SWITCH;
  190. __vt_event_queue(&vw);
  191. if (n == fg_console + 1) {
  192. __vt_event_dequeue(&vw);
  193. break;
  194. }
  195. __vt_event_wait(&vw);
  196. __vt_event_dequeue(&vw);
  197. if (vw.done == 0)
  198. return -EINTR;
  199. } while (vw.event.newev != n);
  200. return 0;
  201. }
  202. /*
  203. * these are the valid i/o ports we're allowed to change. they map all the
  204. * video ports
  205. */
  206. #define GPFIRST 0x3b4
  207. #define GPLAST 0x3df
  208. #define GPNUM (GPLAST - GPFIRST + 1)
  209. /*
  210. * currently, setting the mode from KD_TEXT to KD_GRAPHICS doesn't do a whole
  211. * lot. i'm not sure if it should do any restoration of modes or what...
  212. *
  213. * XXX It should at least call into the driver, fbdev's definitely need to
  214. * restore their engine state. --BenH
  215. *
  216. * Called with the console lock held.
  217. */
  218. static int vt_kdsetmode(struct vc_data *vc, unsigned long mode)
  219. {
  220. switch (mode) {
  221. case KD_GRAPHICS:
  222. break;
  223. case KD_TEXT0:
  224. case KD_TEXT1:
  225. mode = KD_TEXT;
  226. fallthrough;
  227. case KD_TEXT:
  228. break;
  229. default:
  230. return -EINVAL;
  231. }
  232. if (vc->vc_mode == mode)
  233. return 0;
  234. vc->vc_mode = mode;
  235. if (vc->vc_num != fg_console)
  236. return 0;
  237. /* explicitly blank/unblank the screen if switching modes */
  238. if (mode == KD_TEXT)
  239. do_unblank_screen(1);
  240. else
  241. do_blank_screen(1);
  242. return 0;
  243. }
  244. static int vt_k_ioctl(struct tty_struct *tty, unsigned int cmd,
  245. unsigned long arg, bool perm)
  246. {
  247. struct vc_data *vc = tty->driver_data;
  248. void __user *up = (void __user *)arg;
  249. unsigned int console = vc->vc_num;
  250. int ret;
  251. switch (cmd) {
  252. case KIOCSOUND:
  253. if (!perm)
  254. return -EPERM;
  255. /*
  256. * The use of PIT_TICK_RATE is historic, it used to be
  257. * the platform-dependent CLOCK_TICK_RATE between 2.6.12
  258. * and 2.6.36, which was a minor but unfortunate ABI
  259. * change. kd_mksound is locked by the input layer.
  260. */
  261. if (arg)
  262. arg = PIT_TICK_RATE / arg;
  263. kd_mksound(arg, 0);
  264. break;
  265. case KDMKTONE:
  266. if (!perm)
  267. return -EPERM;
  268. {
  269. unsigned int ticks, count;
  270. /*
  271. * Generate the tone for the appropriate number of ticks.
  272. * If the time is zero, turn off sound ourselves.
  273. */
  274. ticks = msecs_to_jiffies((arg >> 16) & 0xffff);
  275. count = ticks ? (arg & 0xffff) : 0;
  276. if (count)
  277. count = PIT_TICK_RATE / count;
  278. kd_mksound(count, ticks);
  279. break;
  280. }
  281. case KDGKBTYPE:
  282. /*
  283. * this is naïve.
  284. */
  285. return put_user(KB_101, (char __user *)arg);
  286. /*
  287. * These cannot be implemented on any machine that implements
  288. * ioperm() in user level (such as Alpha PCs) or not at all.
  289. *
  290. * XXX: you should never use these, just call ioperm directly..
  291. */
  292. #ifdef CONFIG_X86
  293. case KDADDIO:
  294. case KDDELIO:
  295. /*
  296. * KDADDIO and KDDELIO may be able to add ports beyond what
  297. * we reject here, but to be safe...
  298. *
  299. * These are locked internally via sys_ioperm
  300. */
  301. if (arg < GPFIRST || arg > GPLAST)
  302. return -EINVAL;
  303. return ksys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0;
  304. case KDENABIO:
  305. case KDDISABIO:
  306. return ksys_ioperm(GPFIRST, GPNUM,
  307. (cmd == KDENABIO)) ? -ENXIO : 0;
  308. #endif
  309. /* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */
  310. case KDKBDREP:
  311. {
  312. struct kbd_repeat kbrep;
  313. if (!capable(CAP_SYS_TTY_CONFIG))
  314. return -EPERM;
  315. if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat)))
  316. return -EFAULT;
  317. ret = kbd_rate(&kbrep);
  318. if (ret)
  319. return ret;
  320. if (copy_to_user(up, &kbrep, sizeof(struct kbd_repeat)))
  321. return -EFAULT;
  322. break;
  323. }
  324. case KDSETMODE: {
  325. if (!perm)
  326. return -EPERM;
  327. guard(console_lock)();
  328. return vt_kdsetmode(vc, arg);
  329. }
  330. case KDGETMODE:
  331. return put_user(vc->vc_mode, (int __user *)arg);
  332. case KDMAPDISP:
  333. case KDUNMAPDISP:
  334. /*
  335. * these work like a combination of mmap and KDENABIO.
  336. * this could be easily finished.
  337. */
  338. return -EINVAL;
  339. case KDSKBMODE:
  340. if (!perm)
  341. return -EPERM;
  342. ret = vt_do_kdskbmode(console, arg);
  343. if (ret)
  344. return ret;
  345. tty_ldisc_flush(tty);
  346. break;
  347. case KDGKBMODE:
  348. return put_user(vt_do_kdgkbmode(console), (int __user *)arg);
  349. /* this could be folded into KDSKBMODE, but for compatibility
  350. reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */
  351. case KDSKBMETA:
  352. return vt_do_kdskbmeta(console, arg);
  353. case KDGKBMETA:
  354. /* FIXME: should review whether this is worth locking */
  355. return put_user(vt_do_kdgkbmeta(console), (int __user *)arg);
  356. case KDGETKEYCODE:
  357. case KDSETKEYCODE:
  358. if(!capable(CAP_SYS_TTY_CONFIG))
  359. perm = 0;
  360. return vt_do_kbkeycode_ioctl(cmd, up, perm);
  361. case KDGKBENT:
  362. case KDSKBENT:
  363. return vt_do_kdsk_ioctl(cmd, up, perm, console);
  364. case KDGKBSENT:
  365. case KDSKBSENT:
  366. return vt_do_kdgkb_ioctl(cmd, up, perm);
  367. /* Diacritical processing. Handled in keyboard.c as it has
  368. to operate on the keyboard locks and structures */
  369. case KDGKBDIACR:
  370. case KDGKBDIACRUC:
  371. case KDSKBDIACR:
  372. case KDSKBDIACRUC:
  373. return vt_do_diacrit(cmd, up, perm);
  374. /* the ioctls below read/set the flags usually shown in the leds */
  375. /* don't use them - they will go away without warning */
  376. case KDGKBLED:
  377. case KDSKBLED:
  378. case KDGETLED:
  379. case KDSETLED:
  380. return vt_do_kdskled(console, cmd, arg, perm);
  381. /*
  382. * A process can indicate its willingness to accept signals
  383. * generated by pressing an appropriate key combination.
  384. * Thus, one can have a daemon that e.g. spawns a new console
  385. * upon a keypress and then changes to it.
  386. * See also the kbrequest field of inittab(5).
  387. */
  388. case KDSIGACCEPT:
  389. if (!perm || !capable(CAP_KILL))
  390. return -EPERM;
  391. if (!valid_signal(arg) || arg < 1 || arg == SIGKILL)
  392. return -EINVAL;
  393. spin_lock_irq(&vt_spawn_con.lock);
  394. put_pid(vt_spawn_con.pid);
  395. vt_spawn_con.pid = get_pid(task_pid(current));
  396. vt_spawn_con.sig = arg;
  397. spin_unlock_irq(&vt_spawn_con.lock);
  398. break;
  399. case KDFONTOP: {
  400. struct console_font_op op;
  401. if (copy_from_user(&op, up, sizeof(op)))
  402. return -EFAULT;
  403. if (!perm && op.op != KD_FONT_OP_GET)
  404. return -EPERM;
  405. ret = con_font_op(vc, &op);
  406. if (ret)
  407. return ret;
  408. if (copy_to_user(up, &op, sizeof(op)))
  409. return -EFAULT;
  410. break;
  411. }
  412. default:
  413. return -ENOIOCTLCMD;
  414. }
  415. return 0;
  416. }
  417. static inline int do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud,
  418. bool perm, struct vc_data *vc)
  419. {
  420. struct unimapdesc tmp;
  421. if (copy_from_user(&tmp, user_ud, sizeof tmp))
  422. return -EFAULT;
  423. switch (cmd) {
  424. case PIO_UNIMAP:
  425. if (!perm)
  426. return -EPERM;
  427. return con_set_unimap(vc, tmp.entry_ct, tmp.entries);
  428. case GIO_UNIMAP:
  429. if (!perm && fg_console != vc->vc_num)
  430. return -EPERM;
  431. return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct),
  432. tmp.entries);
  433. }
  434. return 0;
  435. }
  436. static int vt_io_ioctl(struct vc_data *vc, unsigned int cmd, void __user *up,
  437. bool perm)
  438. {
  439. switch (cmd) {
  440. case PIO_CMAP:
  441. if (!perm)
  442. return -EPERM;
  443. return con_set_cmap(up);
  444. case GIO_CMAP:
  445. return con_get_cmap(up);
  446. case PIO_SCRNMAP:
  447. if (!perm)
  448. return -EPERM;
  449. return con_set_trans_old(up);
  450. case GIO_SCRNMAP:
  451. return con_get_trans_old(up);
  452. case PIO_UNISCRNMAP:
  453. if (!perm)
  454. return -EPERM;
  455. return con_set_trans_new(up);
  456. case GIO_UNISCRNMAP:
  457. return con_get_trans_new(up);
  458. case PIO_UNIMAPCLR:
  459. if (!perm)
  460. return -EPERM;
  461. con_clear_unimap(vc);
  462. break;
  463. case PIO_UNIMAP:
  464. case GIO_UNIMAP:
  465. return do_unimap_ioctl(cmd, up, perm, vc);
  466. default:
  467. return -ENOIOCTLCMD;
  468. }
  469. return 0;
  470. }
  471. static int vt_reldisp(struct vc_data *vc, unsigned int swtch)
  472. {
  473. int newvt, ret;
  474. if (vc->vt_mode.mode != VT_PROCESS)
  475. return -EINVAL;
  476. /* Switched-to response */
  477. if (vc->vt_newvt < 0) {
  478. /* If it's just an ACK, ignore it */
  479. return swtch == VT_ACKACQ ? 0 : -EINVAL;
  480. }
  481. /* Switching-from response */
  482. if (swtch == 0) {
  483. /* Switch disallowed, so forget we were trying to do it. */
  484. vc->vt_newvt = -1;
  485. return 0;
  486. }
  487. /* The current vt has been released, so complete the switch. */
  488. newvt = vc->vt_newvt;
  489. vc->vt_newvt = -1;
  490. ret = vc_allocate(newvt);
  491. if (ret)
  492. return ret;
  493. /*
  494. * When we actually do the console switch, make sure we are atomic with
  495. * respect to other console switches..
  496. */
  497. complete_change_console(vc_cons[newvt].d);
  498. return 0;
  499. }
  500. static int vt_setactivate(struct vt_setactivate __user *sa)
  501. {
  502. struct vt_setactivate vsa;
  503. struct vc_data *nvc;
  504. int ret;
  505. if (copy_from_user(&vsa, sa, sizeof(vsa)))
  506. return -EFAULT;
  507. if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES)
  508. return -ENXIO;
  509. vsa.console--;
  510. vsa.console = array_index_nospec(vsa.console, MAX_NR_CONSOLES);
  511. scoped_guard(console_lock) {
  512. ret = vc_allocate(vsa.console);
  513. if (ret)
  514. return ret;
  515. /*
  516. * This is safe providing we don't drop the console sem between
  517. * vc_allocate and finishing referencing nvc.
  518. */
  519. nvc = vc_cons[vsa.console].d;
  520. nvc->vt_mode = vsa.mode;
  521. nvc->vt_mode.frsig = 0;
  522. put_pid(nvc->vt_pid);
  523. nvc->vt_pid = get_pid(task_pid(current));
  524. }
  525. /* Commence switch and lock */
  526. /* Review set_console locks */
  527. set_console(vsa.console);
  528. return 0;
  529. }
  530. /* deallocate a single console, if possible (leave 0) */
  531. static int vt_disallocate(unsigned int vc_num)
  532. {
  533. struct vc_data *vc = NULL;
  534. scoped_guard(console_lock) {
  535. if (vt_busy(vc_num))
  536. return -EBUSY;
  537. if (vc_num)
  538. vc = vc_deallocate(vc_num);
  539. }
  540. if (vc && vc_num >= MIN_NR_CONSOLES)
  541. tty_port_put(&vc->port);
  542. return 0;
  543. }
  544. /* deallocate all unused consoles, but leave 0 */
  545. static void vt_disallocate_all(void)
  546. {
  547. struct vc_data *vc[MAX_NR_CONSOLES];
  548. int i;
  549. scoped_guard(console_lock)
  550. for (i = 1; i < MAX_NR_CONSOLES; i++)
  551. if (!vt_busy(i))
  552. vc[i] = vc_deallocate(i);
  553. else
  554. vc[i] = NULL;
  555. for (i = 1; i < MAX_NR_CONSOLES; i++) {
  556. if (vc[i] && i >= MIN_NR_CONSOLES)
  557. tty_port_put(&vc[i]->port);
  558. }
  559. }
  560. static int vt_resizex(struct vc_data *vc, struct vt_consize __user *cs)
  561. {
  562. struct vt_consize v;
  563. int i;
  564. if (copy_from_user(&v, cs, sizeof(struct vt_consize)))
  565. return -EFAULT;
  566. /* FIXME: Should check the copies properly */
  567. if (!v.v_vlin)
  568. v.v_vlin = vc->vc_scan_lines;
  569. if (v.v_clin) {
  570. int rows = v.v_vlin / v.v_clin;
  571. if (v.v_rows != rows) {
  572. if (v.v_rows) /* Parameters don't add up */
  573. return -EINVAL;
  574. v.v_rows = rows;
  575. }
  576. }
  577. if (v.v_vcol && v.v_ccol) {
  578. int cols = v.v_vcol / v.v_ccol;
  579. if (v.v_cols != cols) {
  580. if (v.v_cols)
  581. return -EINVAL;
  582. v.v_cols = cols;
  583. }
  584. }
  585. if (v.v_clin > 32)
  586. return -EINVAL;
  587. for (i = 0; i < MAX_NR_CONSOLES; i++) {
  588. struct vc_data *vcp;
  589. if (!vc_cons[i].d)
  590. continue;
  591. guard(console_lock)();
  592. vcp = vc_cons[i].d;
  593. if (vcp) {
  594. int ret;
  595. int save_scan_lines = vcp->vc_scan_lines;
  596. int save_cell_height = vcp->vc_cell_height;
  597. if (v.v_vlin)
  598. vcp->vc_scan_lines = v.v_vlin;
  599. if (v.v_clin)
  600. vcp->vc_cell_height = v.v_clin;
  601. ret = __vc_resize(vcp, v.v_cols, v.v_rows, true);
  602. if (ret) {
  603. vcp->vc_scan_lines = save_scan_lines;
  604. vcp->vc_cell_height = save_cell_height;
  605. return ret;
  606. }
  607. }
  608. }
  609. return 0;
  610. }
  611. /*
  612. * We handle the console-specific ioctl's here. We allow the
  613. * capability to modify any console, not just the fg_console.
  614. */
  615. int vt_ioctl(struct tty_struct *tty,
  616. unsigned int cmd, unsigned long arg)
  617. {
  618. struct vc_data *vc = tty->driver_data;
  619. void __user *up = (void __user *)arg;
  620. int i, perm;
  621. int ret;
  622. /*
  623. * To have permissions to do most of the vt ioctls, we either have
  624. * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
  625. */
  626. perm = 0;
  627. if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG))
  628. perm = 1;
  629. ret = vt_k_ioctl(tty, cmd, arg, perm);
  630. if (ret != -ENOIOCTLCMD)
  631. return ret;
  632. ret = vt_io_ioctl(vc, cmd, up, perm);
  633. if (ret != -ENOIOCTLCMD)
  634. return ret;
  635. switch (cmd) {
  636. case TIOCLINUX:
  637. return tioclinux(tty, arg);
  638. case VT_SETMODE:
  639. {
  640. struct vt_mode tmp;
  641. if (!perm)
  642. return -EPERM;
  643. if (copy_from_user(&tmp, up, sizeof(struct vt_mode)))
  644. return -EFAULT;
  645. if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS)
  646. return -EINVAL;
  647. guard(console_lock)();
  648. vc->vt_mode = tmp;
  649. /* the frsig is ignored, so we set it to 0 */
  650. vc->vt_mode.frsig = 0;
  651. put_pid(vc->vt_pid);
  652. vc->vt_pid = get_pid(task_pid(current));
  653. /* no switch is required -- saw@shade.msu.ru */
  654. vc->vt_newvt = -1;
  655. break;
  656. }
  657. case VT_GETMODE:
  658. {
  659. struct vt_mode tmp;
  660. int rc;
  661. scoped_guard(console_lock)
  662. memcpy(&tmp, &vc->vt_mode, sizeof(struct vt_mode));
  663. rc = copy_to_user(up, &tmp, sizeof(struct vt_mode));
  664. if (rc)
  665. return -EFAULT;
  666. break;
  667. }
  668. /*
  669. * Returns global vt state. Note that VT 0 is always open, since
  670. * it's an alias for the current VT, and people can't use it here.
  671. * We cannot return state for more than 16 VTs, since v_state is short.
  672. */
  673. case VT_GETSTATE:
  674. {
  675. struct vt_stat __user *vtstat = up;
  676. unsigned short state, mask;
  677. if (put_user(fg_console + 1, &vtstat->v_active))
  678. return -EFAULT;
  679. state = 1; /* /dev/tty0 is always open */
  680. scoped_guard(console_lock) /* required by vt_in_use() */
  681. for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask; ++i, mask <<= 1)
  682. if (vt_in_use(i))
  683. state |= mask;
  684. return put_user(state, &vtstat->v_state);
  685. }
  686. /*
  687. * Returns the first available (non-opened) console.
  688. */
  689. case VT_OPENQRY:
  690. scoped_guard(console_lock) /* required by vt_in_use() */
  691. for (i = 0; i < MAX_NR_CONSOLES; ++i)
  692. if (!vt_in_use(i))
  693. break;
  694. i = i < MAX_NR_CONSOLES ? (i+1) : -1;
  695. return put_user(i, (int __user *)arg);
  696. /*
  697. * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num,
  698. * with num >= 1 (switches to vt 0, our console, are not allowed, just
  699. * to preserve sanity).
  700. */
  701. case VT_ACTIVATE:
  702. if (!perm)
  703. return -EPERM;
  704. if (arg == 0 || arg > MAX_NR_CONSOLES)
  705. return -ENXIO;
  706. arg--;
  707. arg = array_index_nospec(arg, MAX_NR_CONSOLES);
  708. scoped_guard(console_lock) {
  709. ret = vc_allocate(arg);
  710. if (ret)
  711. return ret;
  712. }
  713. set_console(arg);
  714. break;
  715. case VT_SETACTIVATE:
  716. if (!perm)
  717. return -EPERM;
  718. return vt_setactivate(up);
  719. /*
  720. * wait until the specified VT has been activated
  721. */
  722. case VT_WAITACTIVE:
  723. if (!perm)
  724. return -EPERM;
  725. if (arg == 0 || arg > MAX_NR_CONSOLES)
  726. return -ENXIO;
  727. return vt_waitactive(arg);
  728. /*
  729. * If a vt is under process control, the kernel will not switch to it
  730. * immediately, but postpone the operation until the process calls this
  731. * ioctl, allowing the switch to complete.
  732. *
  733. * According to the X sources this is the behavior:
  734. * 0: pending switch-from not OK
  735. * 1: pending switch-from OK
  736. * 2: completed switch-to OK
  737. */
  738. case VT_RELDISP:
  739. {
  740. if (!perm)
  741. return -EPERM;
  742. guard(console_lock)();
  743. return vt_reldisp(vc, arg);
  744. }
  745. /*
  746. * Disallocate memory associated to VT (but leave VT1)
  747. */
  748. case VT_DISALLOCATE:
  749. if (arg > MAX_NR_CONSOLES)
  750. return -ENXIO;
  751. if (arg == 0) {
  752. vt_disallocate_all();
  753. break;
  754. }
  755. arg = array_index_nospec(arg - 1, MAX_NR_CONSOLES);
  756. return vt_disallocate(arg);
  757. case VT_RESIZE:
  758. {
  759. struct vt_sizes __user *vtsizes = up;
  760. struct vc_data *vc;
  761. ushort ll,cc;
  762. if (!perm)
  763. return -EPERM;
  764. if (get_user(ll, &vtsizes->v_rows) ||
  765. get_user(cc, &vtsizes->v_cols))
  766. return -EFAULT;
  767. guard(console_lock)();
  768. for (i = 0; i < MAX_NR_CONSOLES; i++) {
  769. vc = vc_cons[i].d;
  770. if (vc) {
  771. /* FIXME: review v tty lock */
  772. ret = __vc_resize(vc_cons[i].d, cc, ll, true);
  773. if (ret)
  774. return ret;
  775. }
  776. }
  777. break;
  778. }
  779. case VT_RESIZEX:
  780. if (!perm)
  781. return -EPERM;
  782. return vt_resizex(vc, up);
  783. case VT_LOCKSWITCH:
  784. if (!capable(CAP_SYS_TTY_CONFIG))
  785. return -EPERM;
  786. vt_dont_switch = true;
  787. break;
  788. case VT_UNLOCKSWITCH:
  789. if (!capable(CAP_SYS_TTY_CONFIG))
  790. return -EPERM;
  791. vt_dont_switch = false;
  792. break;
  793. case VT_GETHIFONTMASK:
  794. return put_user(vc->vc_hi_font_mask,
  795. (unsigned short __user *)arg);
  796. case VT_WAITEVENT:
  797. return vt_event_wait_ioctl((struct vt_event __user *)arg);
  798. case VT_GETCONSIZECSRPOS:
  799. {
  800. struct vt_consizecsrpos concsr;
  801. console_lock();
  802. concsr.con_cols = vc->vc_cols;
  803. concsr.con_rows = vc->vc_rows;
  804. concsr.csr_col = vc->state.x;
  805. concsr.csr_row = vc->state.y;
  806. console_unlock();
  807. if (copy_to_user(up, &concsr, sizeof(concsr)))
  808. return -EFAULT;
  809. return 0;
  810. }
  811. default:
  812. return -ENOIOCTLCMD;
  813. }
  814. return 0;
  815. }
  816. void reset_vc(struct vc_data *vc)
  817. {
  818. vc->vc_mode = KD_TEXT;
  819. vt_reset_unicode(vc->vc_num);
  820. vc->vt_mode.mode = VT_AUTO;
  821. vc->vt_mode.waitv = 0;
  822. vc->vt_mode.relsig = 0;
  823. vc->vt_mode.acqsig = 0;
  824. vc->vt_mode.frsig = 0;
  825. put_pid(vc->vt_pid);
  826. vc->vt_pid = NULL;
  827. vc->vt_newvt = -1;
  828. reset_palette(vc);
  829. }
  830. void vc_SAK(struct work_struct *work)
  831. {
  832. struct vc *vc_con =
  833. container_of(work, struct vc, SAK_work);
  834. struct vc_data *vc;
  835. struct tty_struct *tty;
  836. guard(console_lock)();
  837. vc = vc_con->d;
  838. if (!vc)
  839. return;
  840. /* FIXME: review tty ref counting */
  841. tty = vc->port.tty;
  842. /* SAK should also work in all raw modes and reset them properly. */
  843. if (tty)
  844. __do_SAK(tty);
  845. reset_vc(vc);
  846. }
  847. #ifdef CONFIG_COMPAT
  848. struct compat_console_font_op {
  849. compat_uint_t op; /* operation code KD_FONT_OP_* */
  850. compat_uint_t flags; /* KD_FONT_FLAG_* */
  851. compat_uint_t width, height; /* font size */
  852. compat_uint_t charcount;
  853. compat_caddr_t data; /* font data with height fixed to 32 */
  854. };
  855. static inline int
  856. compat_kdfontop_ioctl(struct compat_console_font_op __user *fontop,
  857. int perm, struct console_font_op *op, struct vc_data *vc)
  858. {
  859. int i;
  860. if (copy_from_user(op, fontop, sizeof(struct compat_console_font_op)))
  861. return -EFAULT;
  862. if (!perm && op->op != KD_FONT_OP_GET)
  863. return -EPERM;
  864. op->data = compat_ptr(((struct compat_console_font_op *)op)->data);
  865. i = con_font_op(vc, op);
  866. if (i)
  867. return i;
  868. ((struct compat_console_font_op *)op)->data = (unsigned long)op->data;
  869. if (copy_to_user(fontop, op, sizeof(struct compat_console_font_op)))
  870. return -EFAULT;
  871. return 0;
  872. }
  873. struct compat_unimapdesc {
  874. unsigned short entry_ct;
  875. compat_caddr_t entries;
  876. };
  877. static inline int
  878. compat_unimap_ioctl(unsigned int cmd, struct compat_unimapdesc __user *user_ud,
  879. int perm, struct vc_data *vc)
  880. {
  881. struct compat_unimapdesc tmp;
  882. struct unipair __user *tmp_entries;
  883. if (copy_from_user(&tmp, user_ud, sizeof tmp))
  884. return -EFAULT;
  885. tmp_entries = compat_ptr(tmp.entries);
  886. switch (cmd) {
  887. case PIO_UNIMAP:
  888. if (!perm)
  889. return -EPERM;
  890. return con_set_unimap(vc, tmp.entry_ct, tmp_entries);
  891. case GIO_UNIMAP:
  892. if (!perm && fg_console != vc->vc_num)
  893. return -EPERM;
  894. return con_get_unimap(vc, tmp.entry_ct, &(user_ud->entry_ct), tmp_entries);
  895. }
  896. return 0;
  897. }
  898. long vt_compat_ioctl(struct tty_struct *tty,
  899. unsigned int cmd, unsigned long arg)
  900. {
  901. struct vc_data *vc = tty->driver_data;
  902. struct console_font_op op; /* used in multiple places here */
  903. void __user *up = compat_ptr(arg);
  904. int perm;
  905. /*
  906. * To have permissions to do most of the vt ioctls, we either have
  907. * to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
  908. */
  909. perm = 0;
  910. if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG))
  911. perm = 1;
  912. switch (cmd) {
  913. /*
  914. * these need special handlers for incompatible data structures
  915. */
  916. case KDFONTOP:
  917. return compat_kdfontop_ioctl(up, perm, &op, vc);
  918. case PIO_UNIMAP:
  919. case GIO_UNIMAP:
  920. return compat_unimap_ioctl(cmd, up, perm, vc);
  921. /*
  922. * all these treat 'arg' as an integer
  923. */
  924. case KIOCSOUND:
  925. case KDMKTONE:
  926. #ifdef CONFIG_X86
  927. case KDADDIO:
  928. case KDDELIO:
  929. #endif
  930. case KDSETMODE:
  931. case KDMAPDISP:
  932. case KDUNMAPDISP:
  933. case KDSKBMODE:
  934. case KDSKBMETA:
  935. case KDSKBLED:
  936. case KDSETLED:
  937. case KDSIGACCEPT:
  938. case VT_ACTIVATE:
  939. case VT_WAITACTIVE:
  940. case VT_RELDISP:
  941. case VT_DISALLOCATE:
  942. return vt_ioctl(tty, cmd, arg);
  943. /*
  944. * the rest has a compatible data structure behind arg,
  945. * but we have to convert it to a proper 64 bit pointer.
  946. */
  947. default:
  948. return vt_ioctl(tty, cmd, (unsigned long)up);
  949. }
  950. }
  951. #endif /* CONFIG_COMPAT */
  952. /*
  953. * Performs the back end of a vt switch. Called under the console
  954. * semaphore.
  955. */
  956. static void complete_change_console(struct vc_data *vc)
  957. {
  958. unsigned char old_vc_mode;
  959. int old = fg_console;
  960. last_console = fg_console;
  961. /*
  962. * If we're switching, we could be going from KD_GRAPHICS to
  963. * KD_TEXT mode or vice versa, which means we need to blank or
  964. * unblank the screen later.
  965. */
  966. old_vc_mode = vc_cons[fg_console].d->vc_mode;
  967. switch_screen(vc);
  968. /*
  969. * This can't appear below a successful kill_pid(). If it did,
  970. * then the *blank_screen operation could occur while X, having
  971. * received acqsig, is waking up on another processor. This
  972. * condition can lead to overlapping accesses to the VGA range
  973. * and the framebuffer (causing system lockups).
  974. *
  975. * To account for this we duplicate this code below only if the
  976. * controlling process is gone and we've called reset_vc.
  977. */
  978. if (old_vc_mode != vc->vc_mode) {
  979. if (vc->vc_mode == KD_TEXT)
  980. do_unblank_screen(1);
  981. else
  982. do_blank_screen(1);
  983. }
  984. /*
  985. * If this new console is under process control, send it a signal
  986. * telling it that it has acquired. Also check if it has died and
  987. * clean up (similar to logic employed in change_console())
  988. */
  989. if (vc->vt_mode.mode == VT_PROCESS) {
  990. /*
  991. * Send the signal as privileged - kill_pid() will
  992. * tell us if the process has gone or something else
  993. * is awry
  994. */
  995. if (kill_pid(vc->vt_pid, vc->vt_mode.acqsig, 1) != 0) {
  996. /*
  997. * The controlling process has died, so we revert back to
  998. * normal operation. In this case, we'll also change back
  999. * to KD_TEXT mode. I'm not sure if this is strictly correct
  1000. * but it saves the agony when the X server dies and the screen
  1001. * remains blanked due to KD_GRAPHICS! It would be nice to do
  1002. * this outside of VT_PROCESS but there is no single process
  1003. * to account for and tracking tty count may be undesirable.
  1004. */
  1005. reset_vc(vc);
  1006. if (old_vc_mode != vc->vc_mode) {
  1007. if (vc->vc_mode == KD_TEXT)
  1008. do_unblank_screen(1);
  1009. else
  1010. do_blank_screen(1);
  1011. }
  1012. }
  1013. }
  1014. /*
  1015. * Wake anyone waiting for their VT to activate
  1016. */
  1017. vt_event_post(VT_EVENT_SWITCH, old, vc->vc_num);
  1018. return;
  1019. }
  1020. /*
  1021. * Performs the front-end of a vt switch
  1022. */
  1023. void change_console(struct vc_data *new_vc)
  1024. {
  1025. struct vc_data *vc;
  1026. if (!new_vc || new_vc->vc_num == fg_console || vt_dont_switch)
  1027. return;
  1028. /*
  1029. * If this vt is in process mode, then we need to handshake with
  1030. * that process before switching. Essentially, we store where that
  1031. * vt wants to switch to and wait for it to tell us when it's done
  1032. * (via VT_RELDISP ioctl).
  1033. *
  1034. * We also check to see if the controlling process still exists.
  1035. * If it doesn't, we reset this vt to auto mode and continue.
  1036. * This is a cheap way to track process control. The worst thing
  1037. * that can happen is: we send a signal to a process, it dies, and
  1038. * the switch gets "lost" waiting for a response; hopefully, the
  1039. * user will try again, we'll detect the process is gone (unless
  1040. * the user waits just the right amount of time :-) and revert the
  1041. * vt to auto control.
  1042. */
  1043. vc = vc_cons[fg_console].d;
  1044. if (vc->vt_mode.mode == VT_PROCESS) {
  1045. /*
  1046. * Send the signal as privileged - kill_pid() will
  1047. * tell us if the process has gone or something else
  1048. * is awry.
  1049. *
  1050. * We need to set vt_newvt *before* sending the signal or we
  1051. * have a race.
  1052. */
  1053. vc->vt_newvt = new_vc->vc_num;
  1054. if (kill_pid(vc->vt_pid, vc->vt_mode.relsig, 1) == 0) {
  1055. /*
  1056. * It worked. Mark the vt to switch to and
  1057. * return. The process needs to send us a
  1058. * VT_RELDISP ioctl to complete the switch.
  1059. */
  1060. return;
  1061. }
  1062. /*
  1063. * The controlling process has died, so we revert back to
  1064. * normal operation. In this case, we'll also change back
  1065. * to KD_TEXT mode. I'm not sure if this is strictly correct
  1066. * but it saves the agony when the X server dies and the screen
  1067. * remains blanked due to KD_GRAPHICS! It would be nice to do
  1068. * this outside of VT_PROCESS but there is no single process
  1069. * to account for and tracking tty count may be undesirable.
  1070. */
  1071. reset_vc(vc);
  1072. /*
  1073. * Fall through to normal (VT_AUTO) handling of the switch...
  1074. */
  1075. }
  1076. /*
  1077. * Ignore all switches in KD_GRAPHICS+VT_AUTO mode
  1078. */
  1079. if (vc->vc_mode == KD_GRAPHICS)
  1080. return;
  1081. complete_change_console(new_vc);
  1082. }
  1083. /* Perform a kernel triggered VT switch for suspend/resume */
  1084. static int disable_vt_switch;
  1085. int vt_move_to_console(unsigned int vt, int alloc)
  1086. {
  1087. int prev;
  1088. scoped_guard(console_lock) {
  1089. /* Graphics mode - up to X */
  1090. if (disable_vt_switch)
  1091. return 0;
  1092. prev = fg_console;
  1093. if (alloc && vc_allocate(vt)) {
  1094. /*
  1095. * We can't have a free VC for now. Too bad, we don't want to mess the
  1096. * screen for now.
  1097. */
  1098. return -ENOSPC;
  1099. }
  1100. if (set_console(vt)) {
  1101. /*
  1102. * We're unable to switch to the SUSPEND_CONSOLE. Let the calling function
  1103. * know so it can decide what to do.
  1104. */
  1105. return -EIO;
  1106. }
  1107. }
  1108. if (vt_waitactive(vt + 1)) {
  1109. pr_debug("Suspend: Can't switch VCs.");
  1110. return -EINTR;
  1111. }
  1112. return prev;
  1113. }
  1114. /*
  1115. * Normally during a suspend, we allocate a new console and switch to it.
  1116. * When we resume, we switch back to the original console. This switch
  1117. * can be slow, so on systems where the framebuffer can handle restoration
  1118. * of video registers anyways, there's little point in doing the console
  1119. * switch. This function allows you to disable it by passing it '0'.
  1120. */
  1121. void pm_set_vt_switch(int do_switch)
  1122. {
  1123. guard(console_lock)();
  1124. disable_vt_switch = !do_switch;
  1125. }
  1126. EXPORT_SYMBOL(pm_set_vt_switch);