1 /*
2 * linux/drivers/char/vt.c
3 *
4 * Copyright (C) 1992 obz under the linux copyright
5 *
6 * Dynamic diacritical handling - aeb@cwi.nl - Dec 1993
7 * Dynamic keymap and string allocation - aeb@cwi.nl - May 1994
8 * Restrict VT switching via ioctl() - grif@cs.ucr.edu - Dec 1995
9 * Some code moved for less code duplication - Andi Kleen - Mar 1997
10 * Check put/get_user, cleanups - acme@conectiva.com.br - Jun 2001
11 */
12
13 #include <linux/config.h>
14 #include <linux/types.h>
15 #include <linux/errno.h>
16 #include <linux/sched.h>
17 #include <linux/tty.h>
18 #include <linux/timer.h>
19 #include <linux/kernel.h>
20 #include <linux/kd.h>
21 #include <linux/vt.h>
22 #include <linux/string.h>
23 #include <linux/slab.h>
24 #include <linux/major.h>
25 #include <linux/fs.h>
26 #include <linux/console.h>
27
28 #include <asm/io.h>
29 #include <asm/uaccess.h>
30
31 #include <linux/kbd_kern.h>
32 #include <linux/vt_kern.h>
33 #include <linux/kbd_diacr.h>
34 #include <linux/selection.h>
35
36 #ifdef CONFIG_FB_COMPAT_XPMAC
37 #include <asm/vc_ioctl.h>
38 #endif /* CONFIG_FB_COMPAT_XPMAC */
39
40 char vt_dont_switch;
41 extern struct tty_driver console_driver;
42
43 #define VT_IS_IN_USE(i) (console_driver.table[i] && console_driver.table[i]->count)
44 #define VT_BUSY(i) (VT_IS_IN_USE(i) || i == fg_console || i == sel_cons)
45
46 /*
47 * Console (vt and kd) routines, as defined by USL SVR4 manual, and by
48 * experimentation and study of X386 SYSV handling.
49 *
50 * One point of difference: SYSV vt's are /dev/vtX, which X >= 0, and
51 * /dev/console is a separate ttyp. Under Linux, /dev/tty0 is /dev/console,
52 * and the vc start at /dev/ttyX, X >= 1. We maintain that here, so we will
53 * always treat our set of vt as numbered 1..MAX_NR_CONSOLES (corresponding to
54 * ttys 0..MAX_NR_CONSOLES-1). Explicitly naming VT 0 is illegal, but using
55 * /dev/tty0 (fg_console) as a target is legal, since an implicit aliasing
56 * to the current console is done by the main ioctl code.
57 */
58
59 struct vt_struct *vt_cons[MAX_NR_CONSOLES];
60
61 /* Keyboard type: Default is KB_101, but can be set by machine
62 * specific code.
63 */
64 unsigned char keyboard_type = KB_101;
65
66 #if !defined(__alpha__) && !defined(__ia64__) && !defined(__mips__) && !defined(__arm__) && !defined(__sh__)
67 asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int on);
68 #endif
69
70 unsigned int video_font_height;
71 unsigned int default_font_height;
72 unsigned int video_scan_lines;
73
74 /*
75 * these are the valid i/o ports we're allowed to change. they map all the
76 * video ports
77 */
78 #define GPFIRST 0x3b4
79 #define GPLAST 0x3df
80 #define GPNUM (GPLAST - GPFIRST + 1)
81
82 /*
83 * Generates sound of some frequency for some number of clock ticks
84 *
85 * If freq is 0, will turn off sound, else will turn it on for that time.
86 * If msec is 0, will return immediately, else will sleep for msec time, then
87 * turn sound off.
88 *
89 * We also return immediately, which is what was implied within the X
90 * comments - KDMKTONE doesn't put the process to sleep.
91 */
92
93 #if defined(__i386__) || defined(__alpha__) || defined(CONFIG_PPC_ISATIMER) \
94 || (defined(__mips__) && defined(CONFIG_ISA)) \
95 || (defined(__arm__) && defined(CONFIG_HOST_FOOTBRIDGE)) \
96 || defined(__x86_64__)
97
98 static void
kd_nosound(unsigned long ignored)99 kd_nosound(unsigned long ignored)
100 {
101 /* disable counter 2 */
102 outb(inb_p(0x61)&0xFC, 0x61);
103 return;
104 }
105
106 void
_kd_mksound(unsigned int hz,unsigned int ticks)107 _kd_mksound(unsigned int hz, unsigned int ticks)
108 {
109 static struct timer_list sound_timer = { function: kd_nosound };
110 unsigned int count = 0;
111 unsigned long flags;
112
113 if (hz > 20 && hz < 32767)
114 count = 1193180 / hz;
115
116 save_flags(flags);
117 cli();
118 del_timer(&sound_timer);
119 if (count) {
120 /* enable counter 2 */
121 outb_p(inb_p(0x61)|3, 0x61);
122 /* set command for counter 2, 2 byte write */
123 outb_p(0xB6, 0x43);
124 /* select desired HZ */
125 outb_p(count & 0xff, 0x42);
126 outb((count >> 8) & 0xff, 0x42);
127
128 if (ticks) {
129 sound_timer.expires = jiffies+ticks;
130 add_timer(&sound_timer);
131 }
132 } else
133 kd_nosound(0);
134 restore_flags(flags);
135 return;
136 }
137
138 #else
139
140 void
_kd_mksound(unsigned int hz,unsigned int ticks)141 _kd_mksound(unsigned int hz, unsigned int ticks)
142 {
143 }
144
145 #endif
146
_kbd_rate(struct kbd_repeat * rep)147 int _kbd_rate(struct kbd_repeat *rep)
148 {
149 return -EINVAL;
150 }
151
152 void (*kd_mksound)(unsigned int hz, unsigned int ticks) = _kd_mksound;
153 int (*kbd_rate)(struct kbd_repeat *rep) = _kbd_rate;
154
155 #define i (tmp.kb_index)
156 #define s (tmp.kb_table)
157 #define v (tmp.kb_value)
158 static inline int
do_kdsk_ioctl(int cmd,struct kbentry * user_kbe,int perm,struct kbd_struct * kbd)159 do_kdsk_ioctl(int cmd, struct kbentry *user_kbe, int perm, struct kbd_struct *kbd)
160 {
161 struct kbentry tmp;
162 ushort *key_map, val, ov;
163
164 if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry)))
165 return -EFAULT;
166 if (i >= NR_KEYS || s >= MAX_NR_KEYMAPS)
167 return -EINVAL;
168
169 if (!capable(CAP_SYS_TTY_CONFIG))
170 perm = 0;
171
172 switch (cmd) {
173 case KDGKBENT:
174 key_map = key_maps[s];
175 if (key_map) {
176 val = U(key_map[i]);
177 if (kbd->kbdmode != VC_UNICODE && KTYP(val) >= NR_TYPES)
178 val = K_HOLE;
179 } else
180 val = (i ? K_HOLE : K_NOSUCHMAP);
181 return put_user(val, &user_kbe->kb_value);
182 case KDSKBENT:
183 if (!perm)
184 return -EPERM;
185 if (!i && v == K_NOSUCHMAP) {
186 /* disallocate map */
187 key_map = key_maps[s];
188 if (s && key_map) {
189 key_maps[s] = 0;
190 if (key_map[0] == U(K_ALLOCATED)) {
191 kfree(key_map);
192 keymap_count--;
193 }
194 }
195 break;
196 }
197
198 if (KTYP(v) < NR_TYPES) {
199 if (KVAL(v) > max_vals[KTYP(v)])
200 return -EINVAL;
201 } else
202 if (kbd->kbdmode != VC_UNICODE)
203 return -EINVAL;
204
205 /* ++Geert: non-PC keyboards may generate keycode zero */
206 #if !defined(__mc68000__) && !defined(__powerpc__)
207 /* assignment to entry 0 only tests validity of args */
208 if (!i)
209 break;
210 #endif
211
212 if (!(key_map = key_maps[s])) {
213 int j;
214
215 if (keymap_count >= MAX_NR_OF_USER_KEYMAPS &&
216 !capable(CAP_SYS_RESOURCE))
217 return -EPERM;
218
219 key_map = (ushort *) kmalloc(sizeof(plain_map),
220 GFP_KERNEL);
221 if (!key_map)
222 return -ENOMEM;
223 key_maps[s] = key_map;
224 key_map[0] = U(K_ALLOCATED);
225 for (j = 1; j < NR_KEYS; j++)
226 key_map[j] = U(K_HOLE);
227 keymap_count++;
228 }
229 ov = U(key_map[i]);
230 if (v == ov)
231 break; /* nothing to do */
232 /*
233 * Attention Key.
234 */
235 if (((ov == K_SAK) || (v == K_SAK)) && !capable(CAP_SYS_ADMIN))
236 return -EPERM;
237 key_map[i] = U(v);
238 if (!s && (KTYP(ov) == KT_SHIFT || KTYP(v) == KT_SHIFT))
239 compute_shiftstate();
240 break;
241 }
242 return 0;
243 }
244 #undef i
245 #undef s
246 #undef v
247
248 static inline int
do_kbkeycode_ioctl(int cmd,struct kbkeycode * user_kbkc,int perm)249 do_kbkeycode_ioctl(int cmd, struct kbkeycode *user_kbkc, int perm)
250 {
251 struct kbkeycode tmp;
252 int kc = 0;
253
254 if (copy_from_user(&tmp, user_kbkc, sizeof(struct kbkeycode)))
255 return -EFAULT;
256 switch (cmd) {
257 case KDGETKEYCODE:
258 kc = getkeycode(tmp.scancode);
259 if (kc >= 0)
260 kc = put_user(kc, &user_kbkc->keycode);
261 break;
262 case KDSETKEYCODE:
263 if (!perm)
264 return -EPERM;
265 kc = setkeycode(tmp.scancode, tmp.keycode);
266 break;
267 }
268 return kc;
269 }
270
271 static inline int
do_kdgkb_ioctl(int cmd,struct kbsentry * user_kdgkb,int perm)272 do_kdgkb_ioctl(int cmd, struct kbsentry *user_kdgkb, int perm)
273 {
274 struct kbsentry tmp;
275 char *p;
276 u_char *q;
277 int sz;
278 int delta;
279 char *first_free, *fj, *fnw;
280 int i, j, k;
281
282 if (!capable(CAP_SYS_TTY_CONFIG))
283 perm = 0;
284
285 /* we mostly copy too much here (512bytes), but who cares ;) */
286 if (copy_from_user(&tmp, user_kdgkb, sizeof(struct kbsentry)))
287 return -EFAULT;
288 tmp.kb_string[sizeof(tmp.kb_string)-1] = '\0';
289 if (tmp.kb_func >= MAX_NR_FUNC)
290 return -EINVAL;
291 i = tmp.kb_func;
292
293 switch (cmd) {
294 case KDGKBSENT:
295 sz = sizeof(tmp.kb_string) - 1; /* sz should have been
296 a struct member */
297 q = user_kdgkb->kb_string;
298 p = func_table[i];
299 if(p)
300 for ( ; *p && sz; p++, sz--)
301 if (put_user(*p, q++))
302 return -EFAULT;
303 if (put_user('\0', q))
304 return -EFAULT;
305 return ((p && *p) ? -EOVERFLOW : 0);
306 case KDSKBSENT:
307 if (!perm)
308 return -EPERM;
309
310 q = func_table[i];
311 first_free = funcbufptr + (funcbufsize - funcbufleft);
312 for (j = i+1; j < MAX_NR_FUNC && !func_table[j]; j++)
313 ;
314 if (j < MAX_NR_FUNC)
315 fj = func_table[j];
316 else
317 fj = first_free;
318
319 delta = (q ? -strlen(q) : 1) + strlen(tmp.kb_string);
320 if (delta <= funcbufleft) { /* it fits in current buf */
321 if (j < MAX_NR_FUNC) {
322 memmove(fj + delta, fj, first_free - fj);
323 for (k = j; k < MAX_NR_FUNC; k++)
324 if (func_table[k])
325 func_table[k] += delta;
326 }
327 if (!q)
328 func_table[i] = fj;
329 funcbufleft -= delta;
330 } else { /* allocate a larger buffer */
331 sz = 256;
332 while (sz < funcbufsize - funcbufleft + delta)
333 sz <<= 1;
334 fnw = (char *) kmalloc(sz, GFP_KERNEL);
335 if(!fnw)
336 return -ENOMEM;
337
338 if (!q)
339 func_table[i] = fj;
340 if (fj > funcbufptr)
341 memmove(fnw, funcbufptr, fj - funcbufptr);
342 for (k = 0; k < j; k++)
343 if (func_table[k])
344 func_table[k] = fnw + (func_table[k] - funcbufptr);
345
346 if (first_free > fj) {
347 memmove(fnw + (fj - funcbufptr) + delta, fj, first_free - fj);
348 for (k = j; k < MAX_NR_FUNC; k++)
349 if (func_table[k])
350 func_table[k] = fnw + (func_table[k] - funcbufptr) + delta;
351 }
352 if (funcbufptr != func_buf)
353 kfree(funcbufptr);
354 funcbufptr = fnw;
355 funcbufleft = funcbufleft - delta + sz - funcbufsize;
356 funcbufsize = sz;
357 }
358 strcpy(func_table[i], tmp.kb_string);
359 break;
360 }
361 return 0;
362 }
363
364 static inline int
do_fontx_ioctl(int cmd,struct consolefontdesc * user_cfd,int perm)365 do_fontx_ioctl(int cmd, struct consolefontdesc *user_cfd, int perm)
366 {
367 struct consolefontdesc cfdarg;
368 struct console_font_op op;
369 int i;
370
371 if (copy_from_user(&cfdarg, user_cfd, sizeof(struct consolefontdesc)))
372 return -EFAULT;
373
374 switch (cmd) {
375 case PIO_FONTX:
376 if (!perm)
377 return -EPERM;
378 op.op = KD_FONT_OP_SET;
379 op.flags = KD_FONT_FLAG_OLD;
380 op.width = 8;
381 op.height = cfdarg.charheight;
382 op.charcount = cfdarg.charcount;
383 op.data = cfdarg.chardata;
384 return con_font_op(fg_console, &op);
385 case GIO_FONTX: {
386 op.op = KD_FONT_OP_GET;
387 op.flags = KD_FONT_FLAG_OLD;
388 op.width = 8;
389 op.height = cfdarg.charheight;
390 op.charcount = cfdarg.charcount;
391 op.data = cfdarg.chardata;
392 i = con_font_op(fg_console, &op);
393 if (i)
394 return i;
395 cfdarg.charheight = op.height;
396 cfdarg.charcount = op.charcount;
397 if (copy_to_user(user_cfd, &cfdarg, sizeof(struct consolefontdesc)))
398 return -EFAULT;
399 return 0;
400 }
401 }
402 return -EINVAL;
403 }
404
405 static inline int
do_unimap_ioctl(int cmd,struct unimapdesc * user_ud,int perm)406 do_unimap_ioctl(int cmd, struct unimapdesc *user_ud,int perm)
407 {
408 struct unimapdesc tmp;
409 int i = 0;
410
411 if (copy_from_user(&tmp, user_ud, sizeof tmp))
412 return -EFAULT;
413 if (tmp.entries) {
414 i = verify_area(VERIFY_WRITE, tmp.entries,
415 tmp.entry_ct*sizeof(struct unipair));
416 if (i) return i;
417 }
418 switch (cmd) {
419 case PIO_UNIMAP:
420 if (!perm)
421 return -EPERM;
422 return con_set_unimap(fg_console, tmp.entry_ct, tmp.entries);
423 case GIO_UNIMAP:
424 return con_get_unimap(fg_console, tmp.entry_ct, &(user_ud->entry_ct), tmp.entries);
425 }
426 return 0;
427 }
428
429 /*
430 * We handle the console-specific ioctl's here. We allow the
431 * capability to modify any console, not just the fg_console.
432 */
vt_ioctl(struct tty_struct * tty,struct file * file,unsigned int cmd,unsigned long arg)433 int vt_ioctl(struct tty_struct *tty, struct file * file,
434 unsigned int cmd, unsigned long arg)
435 {
436 int i, perm;
437 unsigned int console;
438 unsigned char ucval;
439 struct kbd_struct * kbd;
440 struct vt_struct *vt = (struct vt_struct *)tty->driver_data;
441
442 console = vt->vc_num;
443
444 if (!vc_cons_allocated(console)) /* impossible? */
445 return -ENOIOCTLCMD;
446
447 /*
448 * To have permissions to do most of the vt ioctls, we either have
449 * to be the owner of the tty, or super-user.
450 */
451 perm = 0;
452 if (current->tty == tty || suser())
453 perm = 1;
454
455 kbd = kbd_table + console;
456 switch (cmd) {
457 case KIOCSOUND:
458 if (!perm)
459 return -EPERM;
460 if (arg)
461 arg = 1193180 / arg;
462 kd_mksound(arg, 0);
463 return 0;
464
465 case KDMKTONE:
466 if (!perm)
467 return -EPERM;
468 {
469 unsigned int ticks, count;
470
471 /*
472 * Generate the tone for the appropriate number of ticks.
473 * If the time is zero, turn off sound ourselves.
474 */
475 ticks = HZ * ((arg >> 16) & 0xffff) / 1000;
476 count = ticks ? (arg & 0xffff) : 0;
477 if (count)
478 count = 1193180 / count;
479 kd_mksound(count, ticks);
480 return 0;
481 }
482
483 case KDGKBTYPE:
484 /*
485 * this is naive.
486 */
487 ucval = keyboard_type;
488 goto setchar;
489
490 #if defined(CONFIG_X86)
491 /*
492 * These cannot be implemented on any machine that implements
493 * ioperm() in user level (such as Alpha PCs).
494 */
495 case KDADDIO:
496 case KDDELIO:
497 /*
498 * KDADDIO and KDDELIO may be able to add ports beyond what
499 * we reject here, but to be safe...
500 */
501 if (arg < GPFIRST || arg > GPLAST)
502 return -EINVAL;
503 return sys_ioperm(arg, 1, (cmd == KDADDIO)) ? -ENXIO : 0;
504
505 case KDENABIO:
506 case KDDISABIO:
507 return sys_ioperm(GPFIRST, GPNUM,
508 (cmd == KDENABIO)) ? -ENXIO : 0;
509 #endif
510
511 /* Linux m68k/i386 interface for setting the keyboard delay/repeat rate */
512
513 case KDKBDREP:
514 {
515 struct kbd_repeat kbrep;
516
517 if (!capable(CAP_SYS_ADMIN))
518 return -EPERM;
519
520 if (copy_from_user(&kbrep, (void *)arg,
521 sizeof(struct kbd_repeat)))
522 return -EFAULT;
523 if ((i = kbd_rate( &kbrep )))
524 return i;
525 if (copy_to_user((void *)arg, &kbrep,
526 sizeof(struct kbd_repeat)))
527 return -EFAULT;
528 return 0;
529 }
530
531 case KDSETMODE:
532 /*
533 * currently, setting the mode from KD_TEXT to KD_GRAPHICS
534 * doesn't do a whole lot. i'm not sure if it should do any
535 * restoration of modes or what...
536 */
537 if (!perm)
538 return -EPERM;
539 switch (arg) {
540 case KD_GRAPHICS:
541 break;
542 case KD_TEXT0:
543 case KD_TEXT1:
544 arg = KD_TEXT;
545 case KD_TEXT:
546 break;
547 default:
548 return -EINVAL;
549 }
550 if (vt_cons[console]->vc_mode == (unsigned char) arg)
551 return 0;
552 vt_cons[console]->vc_mode = (unsigned char) arg;
553 if (console != fg_console)
554 return 0;
555 /*
556 * explicitly blank/unblank the screen if switching modes
557 */
558 if (arg == KD_TEXT)
559 unblank_screen();
560 else
561 do_blank_screen(1);
562 return 0;
563
564 case KDGETMODE:
565 ucval = vt_cons[console]->vc_mode;
566 goto setint;
567
568 case KDMAPDISP:
569 case KDUNMAPDISP:
570 /*
571 * these work like a combination of mmap and KDENABIO.
572 * this could be easily finished.
573 */
574 return -EINVAL;
575
576 case KDSKBMODE:
577 if (!perm)
578 return -EPERM;
579 switch(arg) {
580 case K_RAW:
581 kbd->kbdmode = VC_RAW;
582 break;
583 case K_MEDIUMRAW:
584 kbd->kbdmode = VC_MEDIUMRAW;
585 break;
586 case K_XLATE:
587 kbd->kbdmode = VC_XLATE;
588 compute_shiftstate();
589 break;
590 case K_UNICODE:
591 kbd->kbdmode = VC_UNICODE;
592 compute_shiftstate();
593 break;
594 default:
595 return -EINVAL;
596 }
597 tty_ldisc_flush(tty);
598 return 0;
599
600 case KDGKBMODE:
601 ucval = ((kbd->kbdmode == VC_RAW) ? K_RAW :
602 (kbd->kbdmode == VC_MEDIUMRAW) ? K_MEDIUMRAW :
603 (kbd->kbdmode == VC_UNICODE) ? K_UNICODE :
604 K_XLATE);
605 goto setint;
606
607 /* this could be folded into KDSKBMODE, but for compatibility
608 reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */
609 case KDSKBMETA:
610 switch(arg) {
611 case K_METABIT:
612 clr_vc_kbd_mode(kbd, VC_META);
613 break;
614 case K_ESCPREFIX:
615 set_vc_kbd_mode(kbd, VC_META);
616 break;
617 default:
618 return -EINVAL;
619 }
620 return 0;
621
622 case KDGKBMETA:
623 ucval = (vc_kbd_mode(kbd, VC_META) ? K_ESCPREFIX : K_METABIT);
624 setint:
625 return put_user(ucval, (int *)arg);
626
627 case KDGETKEYCODE:
628 case KDSETKEYCODE:
629 if(!capable(CAP_SYS_ADMIN))
630 perm=0;
631 return do_kbkeycode_ioctl(cmd, (struct kbkeycode *)arg, perm);
632
633 case KDGKBENT:
634 case KDSKBENT:
635 return do_kdsk_ioctl(cmd, (struct kbentry *)arg, perm, kbd);
636
637 case KDGKBSENT:
638 case KDSKBSENT:
639 return do_kdgkb_ioctl(cmd, (struct kbsentry *)arg, perm);
640
641 case KDGKBDIACR:
642 {
643 struct kbdiacrs *a = (struct kbdiacrs *)arg;
644
645 if (put_user(accent_table_size, &a->kb_cnt))
646 return -EFAULT;
647 if (copy_to_user(a->kbdiacr, accent_table, accent_table_size*sizeof(struct kbdiacr)))
648 return -EFAULT;
649 return 0;
650 }
651
652 case KDSKBDIACR:
653 {
654 struct kbdiacrs *a = (struct kbdiacrs *)arg;
655 unsigned int ct;
656
657 if (!perm)
658 return -EPERM;
659 if (get_user(ct,&a->kb_cnt))
660 return -EFAULT;
661 if (ct >= MAX_DIACR)
662 return -EINVAL;
663 accent_table_size = ct;
664 if (copy_from_user(accent_table, a->kbdiacr, ct*sizeof(struct kbdiacr)))
665 return -EFAULT;
666 return 0;
667 }
668
669 /* the ioctls below read/set the flags usually shown in the leds */
670 /* don't use them - they will go away without warning */
671 case KDGKBLED:
672 ucval = kbd->ledflagstate | (kbd->default_ledflagstate << 4);
673 goto setchar;
674
675 case KDSKBLED:
676 if (!perm)
677 return -EPERM;
678 if (arg & ~0x77)
679 return -EINVAL;
680 kbd->ledflagstate = (arg & 7);
681 kbd->default_ledflagstate = ((arg >> 4) & 7);
682 set_leds();
683 return 0;
684
685 /* the ioctls below only set the lights, not the functions */
686 /* for those, see KDGKBLED and KDSKBLED above */
687 case KDGETLED:
688 ucval = getledstate();
689 setchar:
690 return put_user(ucval, (char*)arg);
691
692 case KDSETLED:
693 if (!perm)
694 return -EPERM;
695 setledstate(kbd, arg);
696 return 0;
697
698 /*
699 * A process can indicate its willingness to accept signals
700 * generated by pressing an appropriate key combination.
701 * Thus, one can have a daemon that e.g. spawns a new console
702 * upon a keypress and then changes to it.
703 * Probably init should be changed to do this (and have a
704 * field ks (`keyboard signal') in inittab describing the
705 * desired action), so that the number of background daemons
706 * does not increase.
707 */
708 case KDSIGACCEPT:
709 {
710 extern int spawnpid, spawnsig;
711 if (!perm || !capable(CAP_KILL))
712 return -EPERM;
713 if (arg < 1 || arg > _NSIG || arg == SIGKILL)
714 return -EINVAL;
715 spawnpid = current->pid;
716 spawnsig = arg;
717 return 0;
718 }
719
720 case VT_SETMODE:
721 {
722 struct vt_mode tmp;
723
724 if (!perm)
725 return -EPERM;
726 if (copy_from_user(&tmp, (void*)arg, sizeof(struct vt_mode)))
727 return -EFAULT;
728 if (tmp.mode != VT_AUTO && tmp.mode != VT_PROCESS)
729 return -EINVAL;
730 vt_cons[console]->vt_mode = tmp;
731 /* the frsig is ignored, so we set it to 0 */
732 vt_cons[console]->vt_mode.frsig = 0;
733 vt_cons[console]->vt_pid = current->pid;
734 /* no switch is required -- saw@shade.msu.ru */
735 vt_cons[console]->vt_newvt = -1;
736 return 0;
737 }
738
739 case VT_GETMODE:
740 return copy_to_user((void*)arg, &(vt_cons[console]->vt_mode),
741 sizeof(struct vt_mode)) ? -EFAULT : 0;
742
743 /*
744 * Returns global vt state. Note that VT 0 is always open, since
745 * it's an alias for the current VT, and people can't use it here.
746 * We cannot return state for more than 16 VTs, since v_state is short.
747 */
748 case VT_GETSTATE:
749 {
750 struct vt_stat *vtstat = (struct vt_stat *)arg;
751 unsigned short state, mask;
752
753 if (put_user(fg_console + 1, &vtstat->v_active))
754 return -EFAULT;
755 state = 1; /* /dev/tty0 is always open */
756 for (i = 0, mask = 2; i < MAX_NR_CONSOLES && mask; ++i, mask <<= 1)
757 if (VT_IS_IN_USE(i))
758 state |= mask;
759 return put_user(state, &vtstat->v_state);
760 }
761
762 /*
763 * Returns the first available (non-opened) console.
764 */
765 case VT_OPENQRY:
766 for (i = 0; i < MAX_NR_CONSOLES; ++i)
767 if (! VT_IS_IN_USE(i))
768 break;
769 ucval = i < MAX_NR_CONSOLES ? (i+1) : -1;
770 goto setint;
771
772 /*
773 * ioctl(fd, VT_ACTIVATE, num) will cause us to switch to vt # num,
774 * with num >= 1 (switches to vt 0, our console, are not allowed, just
775 * to preserve sanity).
776 */
777 case VT_ACTIVATE:
778 if (!perm)
779 return -EPERM;
780 if (arg == 0 || arg > MAX_NR_CONSOLES)
781 return -ENXIO;
782 arg--;
783 i = vc_allocate(arg);
784 if (i)
785 return i;
786 set_console(arg);
787 return 0;
788
789 /*
790 * wait until the specified VT has been activated
791 */
792 case VT_WAITACTIVE:
793 if (!perm)
794 return -EPERM;
795 if (arg == 0 || arg > MAX_NR_CONSOLES)
796 return -ENXIO;
797 return vt_waitactive(arg-1);
798
799 /*
800 * If a vt is under process control, the kernel will not switch to it
801 * immediately, but postpone the operation until the process calls this
802 * ioctl, allowing the switch to complete.
803 *
804 * According to the X sources this is the behavior:
805 * 0: pending switch-from not OK
806 * 1: pending switch-from OK
807 * 2: completed switch-to OK
808 */
809 case VT_RELDISP:
810 if (!perm)
811 return -EPERM;
812 if (vt_cons[console]->vt_mode.mode != VT_PROCESS)
813 return -EINVAL;
814
815 /*
816 * Switching-from response
817 */
818 if (vt_cons[console]->vt_newvt >= 0)
819 {
820 if (arg == 0)
821 /*
822 * Switch disallowed, so forget we were trying
823 * to do it.
824 */
825 vt_cons[console]->vt_newvt = -1;
826
827 else
828 {
829 /*
830 * The current vt has been released, so
831 * complete the switch.
832 */
833 int newvt = vt_cons[console]->vt_newvt;
834 vt_cons[console]->vt_newvt = -1;
835 i = vc_allocate(newvt);
836 if (i)
837 return i;
838 /*
839 * When we actually do the console switch,
840 * make sure we are atomic with respect to
841 * other console switches..
842 */
843 acquire_console_sem();
844 complete_change_console(newvt);
845 release_console_sem();
846 }
847 }
848
849 /*
850 * Switched-to response
851 */
852 else
853 {
854 /*
855 * If it's just an ACK, ignore it
856 */
857 if (arg != VT_ACKACQ)
858 return -EINVAL;
859 }
860
861 return 0;
862
863 /*
864 * Disallocate memory associated to VT (but leave VT1)
865 */
866 case VT_DISALLOCATE:
867 if (arg > MAX_NR_CONSOLES)
868 return -ENXIO;
869 if (arg == 0) {
870 /* disallocate all unused consoles, but leave 0 */
871 for (i=1; i<MAX_NR_CONSOLES; i++)
872 if (! VT_BUSY(i))
873 vc_disallocate(i);
874 } else {
875 /* disallocate a single console, if possible */
876 arg--;
877 if (VT_BUSY(arg))
878 return -EBUSY;
879 if (arg) /* leave 0 */
880 vc_disallocate(arg);
881 }
882 return 0;
883
884 case VT_RESIZE:
885 {
886 struct vt_sizes *vtsizes = (struct vt_sizes *) arg;
887 ushort ll,cc;
888 if (!perm)
889 return -EPERM;
890 if (get_user(ll, &vtsizes->v_rows) ||
891 get_user(cc, &vtsizes->v_cols))
892 return -EFAULT;
893 return vc_resize_all(ll, cc);
894 }
895
896 case VT_RESIZEX:
897 {
898 struct vt_consize *vtconsize = (struct vt_consize *) arg;
899 ushort ll,cc,vlin,clin,vcol,ccol;
900 if (!perm)
901 return -EPERM;
902 if (verify_area(VERIFY_READ, (void *)vtconsize,
903 sizeof(struct vt_consize)))
904 return -EFAULT;
905 __get_user(ll, &vtconsize->v_rows);
906 __get_user(cc, &vtconsize->v_cols);
907 __get_user(vlin, &vtconsize->v_vlin);
908 __get_user(clin, &vtconsize->v_clin);
909 __get_user(vcol, &vtconsize->v_vcol);
910 __get_user(ccol, &vtconsize->v_ccol);
911 vlin = vlin ? vlin : video_scan_lines;
912 if ( clin )
913 {
914 if ( ll )
915 {
916 if ( ll != vlin/clin )
917 return -EINVAL; /* Parameters don't add up */
918 }
919 else
920 ll = vlin/clin;
921 }
922 if ( vcol && ccol )
923 {
924 if ( cc )
925 {
926 if ( cc != vcol/ccol )
927 return -EINVAL;
928 }
929 else
930 cc = vcol/ccol;
931 }
932
933 if ( clin > 32 )
934 return -EINVAL;
935
936 if ( vlin )
937 video_scan_lines = vlin;
938 if ( clin )
939 video_font_height = clin;
940
941 return vc_resize_all(ll, cc);
942 }
943
944 case PIO_FONT: {
945 struct console_font_op op;
946 if (!perm)
947 return -EPERM;
948 op.op = KD_FONT_OP_SET;
949 op.flags = KD_FONT_FLAG_OLD | KD_FONT_FLAG_DONT_RECALC; /* Compatibility */
950 op.width = 8;
951 op.height = 0;
952 op.charcount = 256;
953 op.data = (char *) arg;
954 return con_font_op(fg_console, &op);
955 }
956
957 case GIO_FONT: {
958 struct console_font_op op;
959 op.op = KD_FONT_OP_GET;
960 op.flags = KD_FONT_FLAG_OLD;
961 op.width = 8;
962 op.height = 32;
963 op.charcount = 256;
964 op.data = (char *) arg;
965 return con_font_op(fg_console, &op);
966 }
967
968 case PIO_CMAP:
969 if (!perm)
970 return -EPERM;
971 return con_set_cmap((char *)arg);
972
973 case GIO_CMAP:
974 return con_get_cmap((char *)arg);
975
976 case PIO_FONTX:
977 case GIO_FONTX:
978 return do_fontx_ioctl(cmd, (struct consolefontdesc *)arg, perm);
979
980 case PIO_FONTRESET:
981 {
982 if (!perm)
983 return -EPERM;
984
985 #ifdef BROKEN_GRAPHICS_PROGRAMS
986 /* With BROKEN_GRAPHICS_PROGRAMS defined, the default
987 font is not saved. */
988 return -ENOSYS;
989 #else
990 {
991 struct console_font_op op;
992 op.op = KD_FONT_OP_SET_DEFAULT;
993 op.data = NULL;
994 i = con_font_op(fg_console, &op);
995 if (i) return i;
996 con_set_default_unimap(fg_console);
997 return 0;
998 }
999 #endif
1000 }
1001
1002 case KDFONTOP: {
1003 struct console_font_op op;
1004 if (copy_from_user(&op, (void *) arg, sizeof(op)))
1005 return -EFAULT;
1006 if (!perm && op.op != KD_FONT_OP_GET)
1007 return -EPERM;
1008 i = con_font_op(console, &op);
1009 if (i) return i;
1010 if (copy_to_user((void *) arg, &op, sizeof(op)))
1011 return -EFAULT;
1012 return 0;
1013 }
1014
1015 case PIO_SCRNMAP:
1016 if (!perm)
1017 return -EPERM;
1018 return con_set_trans_old((unsigned char *)arg);
1019
1020 case GIO_SCRNMAP:
1021 return con_get_trans_old((unsigned char *)arg);
1022
1023 case PIO_UNISCRNMAP:
1024 if (!perm)
1025 return -EPERM;
1026 return con_set_trans_new((unsigned short *)arg);
1027
1028 case GIO_UNISCRNMAP:
1029 return con_get_trans_new((unsigned short *)arg);
1030
1031 case PIO_UNIMAPCLR:
1032 { struct unimapinit ui;
1033 if (!perm)
1034 return -EPERM;
1035 i = copy_from_user(&ui, (void *)arg, sizeof(struct unimapinit));
1036 if (i) return -EFAULT;
1037 con_clear_unimap(fg_console, &ui);
1038 return 0;
1039 }
1040
1041 case PIO_UNIMAP:
1042 case GIO_UNIMAP:
1043 return do_unimap_ioctl(cmd, (struct unimapdesc *)arg, perm);
1044
1045 case VT_LOCKSWITCH:
1046 if (!suser())
1047 return -EPERM;
1048 vt_dont_switch = 1;
1049 return 0;
1050 case VT_UNLOCKSWITCH:
1051 if (!suser())
1052 return -EPERM;
1053 vt_dont_switch = 0;
1054 return 0;
1055 #ifdef CONFIG_FB_COMPAT_XPMAC
1056 case VC_GETMODE:
1057 {
1058 struct vc_mode mode;
1059
1060 i = verify_area(VERIFY_WRITE, (void *) arg,
1061 sizeof(struct vc_mode));
1062 if (i == 0)
1063 i = console_getmode(&mode);
1064 if (i)
1065 return i;
1066 if (copy_to_user((void *) arg, &mode, sizeof(mode)))
1067 return -EFAULT;
1068 return 0;
1069 }
1070 case VC_SETMODE:
1071 case VC_INQMODE:
1072 {
1073 struct vc_mode mode;
1074
1075 if (!perm)
1076 return -EPERM;
1077 if (copy_from_user(&mode, (void *) arg, sizeof(mode)))
1078 return -EFAULT;
1079 return console_setmode(&mode, cmd == VC_SETMODE);
1080 }
1081 case VC_SETCMAP:
1082 {
1083 unsigned char cmap[3][256], *p;
1084 int n_entries, cmap_size, i, j;
1085
1086 if (!perm)
1087 return -EPERM;
1088 if (arg == (unsigned long) VC_POWERMODE_INQUIRY
1089 || arg <= VESA_POWERDOWN) {
1090 /* compatibility hack: VC_POWERMODE
1091 was changed from 0x766a to 0x766c */
1092 return console_powermode((int) arg);
1093 }
1094 if (get_user(cmap_size, (int *) arg))
1095 return -EFAULT;
1096 if (cmap_size % 3)
1097 return -EINVAL;
1098 n_entries = cmap_size / 3;
1099 if ((unsigned) n_entries > 256)
1100 return -EINVAL;
1101 p = (unsigned char *) (arg + sizeof(int));
1102 for (j = 0; j < n_entries; ++j)
1103 for (i = 0; i < 3; ++i)
1104 if (get_user(cmap[i][j], p++))
1105 return -EFAULT;
1106 return console_setcmap(n_entries, cmap[0],
1107 cmap[1], cmap[2]);
1108 }
1109 case VC_GETCMAP:
1110 /* not implemented yet */
1111 return -ENOIOCTLCMD;
1112 case VC_POWERMODE:
1113 if (!perm)
1114 return -EPERM;
1115 return console_powermode((int) arg);
1116 #endif /* CONFIG_FB_COMPAT_XPMAC */
1117 default:
1118 return -ENOIOCTLCMD;
1119 }
1120 }
1121
1122 /*
1123 * Sometimes we want to wait until a particular VT has been activated. We
1124 * do it in a very simple manner. Everybody waits on a single queue and
1125 * get woken up at once. Those that are satisfied go on with their business,
1126 * while those not ready go back to sleep. Seems overkill to add a wait
1127 * to each vt just for this - usually this does nothing!
1128 */
1129 static DECLARE_WAIT_QUEUE_HEAD(vt_activate_queue);
1130
1131 /*
1132 * Sleeps until a vt is activated, or the task is interrupted. Returns
1133 * 0 if activation, -EINTR if interrupted.
1134 */
vt_waitactive(int vt)1135 int vt_waitactive(int vt)
1136 {
1137 int retval;
1138 DECLARE_WAITQUEUE(wait, current);
1139
1140 add_wait_queue(&vt_activate_queue, &wait);
1141 for (;;) {
1142 set_current_state(TASK_INTERRUPTIBLE);
1143 retval = 0;
1144 if (vt == fg_console)
1145 break;
1146 retval = -EINTR;
1147 if (signal_pending(current))
1148 break;
1149 schedule();
1150 }
1151 remove_wait_queue(&vt_activate_queue, &wait);
1152 current->state = TASK_RUNNING;
1153 return retval;
1154 }
1155
1156 #define vt_wake_waitactive() wake_up(&vt_activate_queue)
1157
reset_vc(unsigned int new_console)1158 void reset_vc(unsigned int new_console)
1159 {
1160 vt_cons[new_console]->vc_mode = KD_TEXT;
1161 kbd_table[new_console].kbdmode = VC_XLATE;
1162 vt_cons[new_console]->vt_mode.mode = VT_AUTO;
1163 vt_cons[new_console]->vt_mode.waitv = 0;
1164 vt_cons[new_console]->vt_mode.relsig = 0;
1165 vt_cons[new_console]->vt_mode.acqsig = 0;
1166 vt_cons[new_console]->vt_mode.frsig = 0;
1167 vt_cons[new_console]->vt_pid = -1;
1168 vt_cons[new_console]->vt_newvt = -1;
1169 if (!in_interrupt()) /* Via keyboard.c:SAK() - akpm */
1170 reset_palette(new_console) ;
1171 }
1172
1173 /*
1174 * Performs the back end of a vt switch
1175 */
complete_change_console(unsigned int new_console)1176 void complete_change_console(unsigned int new_console)
1177 {
1178 unsigned char old_vc_mode;
1179
1180 last_console = fg_console;
1181
1182 /*
1183 * If we're switching, we could be going from KD_GRAPHICS to
1184 * KD_TEXT mode or vice versa, which means we need to blank or
1185 * unblank the screen later.
1186 */
1187 old_vc_mode = vt_cons[fg_console]->vc_mode;
1188 switch_screen(new_console);
1189
1190 /*
1191 * This can't appear below a successful kill_proc(). If it did,
1192 * then the *blank_screen operation could occur while X, having
1193 * received acqsig, is waking up on another processor. This
1194 * condition can lead to overlapping accesses to the VGA range
1195 * and the framebuffer (causing system lockups).
1196 *
1197 * To account for this we duplicate this code below only if the
1198 * controlling process is gone and we've called reset_vc.
1199 */
1200 if (old_vc_mode != vt_cons[new_console]->vc_mode)
1201 {
1202 if (vt_cons[new_console]->vc_mode == KD_TEXT)
1203 unblank_screen();
1204 else
1205 do_blank_screen(1);
1206 }
1207
1208 /*
1209 * If this new console is under process control, send it a signal
1210 * telling it that it has acquired. Also check if it has died and
1211 * clean up (similar to logic employed in change_console())
1212 */
1213 if (vt_cons[new_console]->vt_mode.mode == VT_PROCESS)
1214 {
1215 /*
1216 * Send the signal as privileged - kill_proc() will
1217 * tell us if the process has gone or something else
1218 * is awry
1219 */
1220 if (kill_proc(vt_cons[new_console]->vt_pid,
1221 vt_cons[new_console]->vt_mode.acqsig,
1222 1) != 0)
1223 {
1224 /*
1225 * The controlling process has died, so we revert back to
1226 * normal operation. In this case, we'll also change back
1227 * to KD_TEXT mode. I'm not sure if this is strictly correct
1228 * but it saves the agony when the X server dies and the screen
1229 * remains blanked due to KD_GRAPHICS! It would be nice to do
1230 * this outside of VT_PROCESS but there is no single process
1231 * to account for and tracking tty count may be undesirable.
1232 */
1233 reset_vc(new_console);
1234
1235 if (old_vc_mode != vt_cons[new_console]->vc_mode)
1236 {
1237 if (vt_cons[new_console]->vc_mode == KD_TEXT)
1238 unblank_screen();
1239 else
1240 do_blank_screen(1);
1241 }
1242 }
1243 }
1244
1245 /*
1246 * Wake anyone waiting for their VT to activate
1247 */
1248 vt_wake_waitactive();
1249 return;
1250 }
1251
1252 /*
1253 * Performs the front-end of a vt switch
1254 */
change_console(unsigned int new_console)1255 void change_console(unsigned int new_console)
1256 {
1257 if ((new_console == fg_console) || (vt_dont_switch))
1258 return;
1259 if (!vc_cons_allocated(new_console))
1260 return;
1261
1262 /*
1263 * If this vt is in process mode, then we need to handshake with
1264 * that process before switching. Essentially, we store where that
1265 * vt wants to switch to and wait for it to tell us when it's done
1266 * (via VT_RELDISP ioctl).
1267 *
1268 * We also check to see if the controlling process still exists.
1269 * If it doesn't, we reset this vt to auto mode and continue.
1270 * This is a cheap way to track process control. The worst thing
1271 * that can happen is: we send a signal to a process, it dies, and
1272 * the switch gets "lost" waiting for a response; hopefully, the
1273 * user will try again, we'll detect the process is gone (unless
1274 * the user waits just the right amount of time :-) and revert the
1275 * vt to auto control.
1276 */
1277 if (vt_cons[fg_console]->vt_mode.mode == VT_PROCESS)
1278 {
1279 /*
1280 * Send the signal as privileged - kill_proc() will
1281 * tell us if the process has gone or something else
1282 * is awry
1283 */
1284 if (kill_proc(vt_cons[fg_console]->vt_pid,
1285 vt_cons[fg_console]->vt_mode.relsig,
1286 1) == 0)
1287 {
1288 /*
1289 * It worked. Mark the vt to switch to and
1290 * return. The process needs to send us a
1291 * VT_RELDISP ioctl to complete the switch.
1292 */
1293 vt_cons[fg_console]->vt_newvt = new_console;
1294 return;
1295 }
1296
1297 /*
1298 * The controlling process has died, so we revert back to
1299 * normal operation. In this case, we'll also change back
1300 * to KD_TEXT mode. I'm not sure if this is strictly correct
1301 * but it saves the agony when the X server dies and the screen
1302 * remains blanked due to KD_GRAPHICS! It would be nice to do
1303 * this outside of VT_PROCESS but there is no single process
1304 * to account for and tracking tty count may be undesirable.
1305 */
1306 reset_vc(fg_console);
1307
1308 /*
1309 * Fall through to normal (VT_AUTO) handling of the switch...
1310 */
1311 }
1312
1313 /*
1314 * Ignore all switches in KD_GRAPHICS+VT_AUTO mode
1315 */
1316 if (vt_cons[fg_console]->vc_mode == KD_GRAPHICS)
1317 return;
1318
1319 complete_change_console(new_console);
1320 }
1321
1322