diff options
Diffstat (limited to 'drivers/tty/vt')
-rw-r--r-- | drivers/tty/vt/consolemap.c | 51 | ||||
-rw-r--r-- | drivers/tty/vt/keyboard.c | 803 | ||||
-rw-r--r-- | drivers/tty/vt/selection.c | 58 | ||||
-rw-r--r-- | drivers/tty/vt/vc_screen.c | 4 | ||||
-rw-r--r-- | drivers/tty/vt/vt.c | 70 | ||||
-rw-r--r-- | drivers/tty/vt/vt_ioctl.c | 495 |
6 files changed, 964 insertions, 517 deletions
diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c index a0f3d6c4d39..8308fc7cdc2 100644 --- a/drivers/tty/vt/consolemap.c +++ b/drivers/tty/vt/consolemap.c @@ -516,6 +516,7 @@ int con_set_unimap(struct vc_data *vc, ushort ct, struct unipair __user *list) int err = 0, err1, i; struct uni_pagedir *p, *q; + /* Save original vc_unipagdir_loc in case we allocate a new one */ p = (struct uni_pagedir *)*vc->vc_uni_pagedir_loc; if (p->readonly) return -EIO; @@ -528,26 +529,57 @@ int con_set_unimap(struct vc_data *vc, ushort ct, struct unipair __user *list) err1 = con_clear_unimap(vc, NULL); if (err1) return err1; + /* + * Since refcount was > 1, con_clear_unimap() allocated a + * a new uni_pagedir for this vc. Re: p != q + */ q = (struct uni_pagedir *)*vc->vc_uni_pagedir_loc; - for (i = 0, l = 0; i < 32; i++) + + /* + * uni_pgdir is a 32*32*64 table with rows allocated + * when its first entry is added. The unicode value must + * still be incremented for empty rows. We are copying + * entries from "p" (old) to "q" (new). + */ + l = 0; /* unicode value */ + for (i = 0; i < 32; i++) if ((p1 = p->uni_pgdir[i])) for (j = 0; j < 32; j++) - if ((p2 = p1[j])) + if ((p2 = p1[j])) { for (k = 0; k < 64; k++, l++) if (p2[k] != 0xffff) { + /* + * Found one, copy entry for unicode + * l with fontpos value p2[k]. + */ err1 = con_insert_unipair(q, l, p2[k]); if (err1) { p->refcount++; *vc->vc_uni_pagedir_loc = (unsigned long)p; con_release_unimap(q); kfree(q); - return err1; + return err1; } - } - p = q; - } else if (p == dflt) + } + } else { + /* Account for row of 64 empty entries */ + l += 64; + } + else + /* Account for empty table */ + l += 32 * 64; + + /* + * Finished copying font table, set vc_uni_pagedir to new table + */ + p = q; + } else if (p == dflt) { dflt = NULL; - + } + + /* + * Insert user specified unicode pairs into new table. + */ while (ct--) { unsigned short unicode, fontpos; __get_user(unicode, &list->unicode); @@ -557,11 +589,14 @@ int con_set_unimap(struct vc_data *vc, ushort ct, struct unipair __user *list) list++; } + /* + * Merge with fontmaps of any other virtual consoles. + */ if (con_unify_unimap(vc, p)) return err; for (i = 0; i <= 3; i++) - set_inverse_transl(vc, p, i); /* Update all inverse translations */ + set_inverse_transl(vc, p, i); /* Update inverse translations */ set_inverse_trans_unicode(vc, p); return err; diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c index a605549ee28..86dd1e302bb 100644 --- a/drivers/tty/vt/keyboard.c +++ b/drivers/tty/vt/keyboard.c @@ -41,6 +41,7 @@ #include <linux/reboot.h> #include <linux/notifier.h> #include <linux/jiffies.h> +#include <linux/uaccess.h> #include <asm/irq_regs.h> @@ -55,8 +56,8 @@ extern void ctrl_alt_del(void); /* * Some laptops take the 789uiojklm,. keys as number pad when NumLock is on. * This seems a good reason to start with NumLock off. On HIL keyboards - * of PARISC machines however there is no NumLock key and everyone expects the keypad - * to be used for numbers. + * of PARISC machines however there is no NumLock key and everyone expects the + * keypad to be used for numbers. */ #if defined(CONFIG_PARISC) && (defined(CONFIG_KEYBOARD_HIL) || defined(CONFIG_KEYBOARD_HIL_OLD)) @@ -67,8 +68,6 @@ extern void ctrl_alt_del(void); #define KBD_DEFLOCK 0 -void compute_shiftstate(void); - /* * Handler Tables. */ @@ -99,35 +98,29 @@ static fn_handler_fn *fn_handler[] = { FN_HANDLERS }; * Variables exported for vt_ioctl.c */ -/* maximum values each key_handler can handle */ -const int max_vals[] = { - 255, ARRAY_SIZE(func_table) - 1, ARRAY_SIZE(fn_handler) - 1, NR_PAD - 1, - NR_DEAD - 1, 255, 3, NR_SHIFT - 1, 255, NR_ASCII - 1, NR_LOCK - 1, - 255, NR_LOCK - 1, 255, NR_BRL - 1 -}; - -const int NR_TYPES = ARRAY_SIZE(max_vals); - -struct kbd_struct kbd_table[MAX_NR_CONSOLES]; -EXPORT_SYMBOL_GPL(kbd_table); -static struct kbd_struct *kbd = kbd_table; - struct vt_spawn_console vt_spawn_con = { .lock = __SPIN_LOCK_UNLOCKED(vt_spawn_con.lock), .pid = NULL, .sig = 0, }; -/* - * Variables exported for vt.c - */ - -int shift_state = 0; /* * Internal Data. */ +static struct kbd_struct kbd_table[MAX_NR_CONSOLES]; +static struct kbd_struct *kbd = kbd_table; + +/* maximum values each key_handler can handle */ +static const int max_vals[] = { + 255, ARRAY_SIZE(func_table) - 1, ARRAY_SIZE(fn_handler) - 1, NR_PAD - 1, + NR_DEAD - 1, 255, 3, NR_SHIFT - 1, 255, NR_ASCII - 1, NR_LOCK - 1, + 255, NR_LOCK - 1, 255, NR_BRL - 1 +}; + +static const int NR_TYPES = ARRAY_SIZE(max_vals); + static struct input_handler kbd_handler; static DEFINE_SPINLOCK(kbd_event_lock); static unsigned long key_down[BITS_TO_LONGS(KEY_CNT)]; /* keyboard key bitmap */ @@ -137,6 +130,8 @@ static int npadch = -1; /* -1 or number assembled on pad */ static unsigned int diacr; static char rep; /* flag telling character repeat */ +static int shift_state = 0; + static unsigned char ledstate = 0xff; /* undefined */ static unsigned char ledioctl; @@ -187,7 +182,7 @@ static int getkeycode_helper(struct input_handle *handle, void *data) return d->error == 0; /* stop as soon as we successfully get one */ } -int getkeycode(unsigned int scancode) +static int getkeycode(unsigned int scancode) { struct getset_keycode_data d = { .ke = { @@ -214,7 +209,7 @@ static int setkeycode_helper(struct input_handle *handle, void *data) return d->error == 0; /* stop as soon as we successfully set one */ } -int setkeycode(unsigned int scancode, unsigned int keycode) +static int setkeycode(unsigned int scancode, unsigned int keycode) { struct getset_keycode_data d = { .ke = { @@ -382,9 +377,11 @@ static void to_utf8(struct vc_data *vc, uint c) /* * Called after returning from RAW mode or when changing consoles - recompute * shift_down[] and shift_state from key_down[] maybe called when keymap is - * undefined, so that shiftkey release is seen + * undefined, so that shiftkey release is seen. The caller must hold the + * kbd_event_lock. */ -void compute_shiftstate(void) + +static void do_compute_shiftstate(void) { unsigned int i, j, k, sym, val; @@ -417,6 +414,15 @@ void compute_shiftstate(void) } } +/* We still have to export this method to vt.c */ +void compute_shiftstate(void) +{ + unsigned long flags; + spin_lock_irqsave(&kbd_event_lock, flags); + do_compute_shiftstate(); + spin_unlock_irqrestore(&kbd_event_lock, flags); +} + /* * We have a combining character DIACR here, followed by the character CH. * If the combination occurs in the table, return the corresponding value. @@ -636,7 +642,7 @@ static void fn_SAK(struct vc_data *vc) static void fn_null(struct vc_data *vc) { - compute_shiftstate(); + do_compute_shiftstate(); } /* @@ -989,6 +995,8 @@ unsigned char getledstate(void) void setledstate(struct kbd_struct *kbd, unsigned int led) { + unsigned long flags; + spin_lock_irqsave(&kbd_event_lock, flags); if (!(led & ~7)) { ledioctl = led; kbd->ledmode = LED_SHOW_IOCTL; @@ -996,6 +1004,7 @@ void setledstate(struct kbd_struct *kbd, unsigned int led) kbd->ledmode = LED_SHOW_FLAGS; set_leds(); + spin_unlock_irqrestore(&kbd_event_lock, flags); } static inline unsigned char getleds(void) @@ -1035,6 +1044,75 @@ static int kbd_update_leds_helper(struct input_handle *handle, void *data) return 0; } +/** + * vt_get_leds - helper for braille console + * @console: console to read + * @flag: flag we want to check + * + * Check the status of a keyboard led flag and report it back + */ +int vt_get_leds(int console, int flag) +{ + unsigned long flags; + struct kbd_struct * kbd = kbd_table + console; + int ret; + + spin_lock_irqsave(&kbd_event_lock, flags); + ret = vc_kbd_led(kbd, flag); + spin_unlock_irqrestore(&kbd_event_lock, flags); + + return ret; +} +EXPORT_SYMBOL_GPL(vt_get_leds); + +/** + * vt_set_led_state - set LED state of a console + * @console: console to set + * @leds: LED bits + * + * Set the LEDs on a console. This is a wrapper for the VT layer + * so that we can keep kbd knowledge internal + */ +void vt_set_led_state(int console, int leds) +{ + struct kbd_struct * kbd = kbd_table + console; + setledstate(kbd, leds); +} + +/** + * vt_kbd_con_start - Keyboard side of console start + * @console: console + * + * Handle console start. This is a wrapper for the VT layer + * so that we can keep kbd knowledge internal + */ +void vt_kbd_con_start(int console) +{ + struct kbd_struct * kbd = kbd_table + console; + unsigned long flags; + spin_lock_irqsave(&kbd_event_lock, flags); + clr_vc_kbd_led(kbd, VC_SCROLLOCK); + set_leds(); + spin_unlock_irqrestore(&kbd_event_lock, flags); +} + +/** + * vt_kbd_con_stop - Keyboard side of console stop + * @console: console + * + * Handle console stop. This is a wrapper for the VT layer + * so that we can keep kbd knowledge internal + */ +void vt_kbd_con_stop(int console) +{ + struct kbd_struct * kbd = kbd_table + console; + unsigned long flags; + spin_lock_irqsave(&kbd_event_lock, flags); + set_vc_kbd_led(kbd, VC_SCROLLOCK); + set_leds(); + spin_unlock_irqrestore(&kbd_event_lock, flags); +} + /* * This is the tasklet that updates LED state on all keyboards * attached to the box. The reason we use tasklet is that we @@ -1254,7 +1332,7 @@ static void kbd_keycode(unsigned int keycode, int down, int hw_raw) if (rc == NOTIFY_STOP || !key_map) { atomic_notifier_call_chain(&keyboard_notifier_list, KBD_UNBOUND_KEYCODE, ¶m); - compute_shiftstate(); + do_compute_shiftstate(); kbd->slockstate = 0; return; } @@ -1404,14 +1482,14 @@ static void kbd_start(struct input_handle *handle) static const struct input_device_id kbd_ids[] = { { - .flags = INPUT_DEVICE_ID_MATCH_EVBIT, - .evbit = { BIT_MASK(EV_KEY) }, - }, + .flags = INPUT_DEVICE_ID_MATCH_EVBIT, + .evbit = { BIT_MASK(EV_KEY) }, + }, { - .flags = INPUT_DEVICE_ID_MATCH_EVBIT, - .evbit = { BIT_MASK(EV_SND) }, - }, + .flags = INPUT_DEVICE_ID_MATCH_EVBIT, + .evbit = { BIT_MASK(EV_SND) }, + }, { }, /* Terminating entry */ }; @@ -1433,7 +1511,7 @@ int __init kbd_init(void) int i; int error; - for (i = 0; i < MAX_NR_CONSOLES; i++) { + for (i = 0; i < MAX_NR_CONSOLES; i++) { kbd_table[i].ledflagstate = KBD_DEFLEDS; kbd_table[i].default_ledflagstate = KBD_DEFLEDS; kbd_table[i].ledmode = LED_SHOW_FLAGS; @@ -1452,3 +1530,658 @@ int __init kbd_init(void) return 0; } + +/* Ioctl support code */ + +/** + * vt_do_diacrit - diacritical table updates + * @cmd: ioctl request + * @up: pointer to user data for ioctl + * @perm: permissions check computed by caller + * + * Update the diacritical tables atomically and safely. Lock them + * against simultaneous keypresses + */ +int vt_do_diacrit(unsigned int cmd, void __user *up, int perm) +{ + struct kbdiacrs __user *a = up; + unsigned long flags; + int asize; + int ret = 0; + + switch (cmd) { + case KDGKBDIACR: + { + struct kbdiacr *diacr; + int i; + + diacr = kmalloc(MAX_DIACR * sizeof(struct kbdiacr), + GFP_KERNEL); + if (diacr == NULL) + return -ENOMEM; + + /* Lock the diacriticals table, make a copy and then + copy it after we unlock */ + spin_lock_irqsave(&kbd_event_lock, flags); + + asize = accent_table_size; + for (i = 0; i < asize; i++) { + diacr[i].diacr = conv_uni_to_8bit( + accent_table[i].diacr); + diacr[i].base = conv_uni_to_8bit( + accent_table[i].base); + diacr[i].result = conv_uni_to_8bit( + accent_table[i].result); + } + spin_unlock_irqrestore(&kbd_event_lock, flags); + + if (put_user(asize, &a->kb_cnt)) + ret = -EFAULT; + else if (copy_to_user(a->kbdiacr, diacr, + asize * sizeof(struct kbdiacr))) + ret = -EFAULT; + kfree(diacr); + return ret; + } + case KDGKBDIACRUC: + { + struct kbdiacrsuc __user *a = up; + void *buf; + + buf = kmalloc(MAX_DIACR * sizeof(struct kbdiacruc), + GFP_KERNEL); + if (buf == NULL) + return -ENOMEM; + + /* Lock the diacriticals table, make a copy and then + copy it after we unlock */ + spin_lock_irqsave(&kbd_event_lock, flags); + + asize = accent_table_size; + memcpy(buf, accent_table, asize * sizeof(struct kbdiacruc)); + + spin_unlock_irqrestore(&kbd_event_lock, flags); + + if (put_user(asize, &a->kb_cnt)) + ret = -EFAULT; + else if (copy_to_user(a->kbdiacruc, buf, + asize*sizeof(struct kbdiacruc))) + ret = -EFAULT; + kfree(buf); + return ret; + } + + case KDSKBDIACR: + { + struct kbdiacrs __user *a = up; + struct kbdiacr *diacr = NULL; + unsigned int ct; + int i; + + if (!perm) + return -EPERM; + if (get_user(ct, &a->kb_cnt)) + return -EFAULT; + if (ct >= MAX_DIACR) + return -EINVAL; + + if (ct) { + diacr = kmalloc(sizeof(struct kbdiacr) * ct, + GFP_KERNEL); + if (diacr == NULL) + return -ENOMEM; + + if (copy_from_user(diacr, a->kbdiacr, + sizeof(struct kbdiacr) * ct)) { + kfree(diacr); + return -EFAULT; + } + } + + spin_lock_irqsave(&kbd_event_lock, flags); + accent_table_size = ct; + for (i = 0; i < ct; i++) { + accent_table[i].diacr = + conv_8bit_to_uni(diacr[i].diacr); + accent_table[i].base = + conv_8bit_to_uni(diacr[i].base); + accent_table[i].result = + conv_8bit_to_uni(diacr[i].result); + } + spin_unlock_irqrestore(&kbd_event_lock, flags); + kfree(diacr); + return 0; + } + + case KDSKBDIACRUC: + { + struct kbdiacrsuc __user *a = up; + unsigned int ct; + void *buf = NULL; + + if (!perm) + return -EPERM; + + if (get_user(ct, &a->kb_cnt)) + return -EFAULT; + + if (ct >= MAX_DIACR) + return -EINVAL; + + if (ct) { + buf = kmalloc(ct * sizeof(struct kbdiacruc), + GFP_KERNEL); + if (buf == NULL) + return -ENOMEM; + + if (copy_from_user(buf, a->kbdiacruc, + ct * sizeof(struct kbdiacruc))) { + kfree(buf); + return -EFAULT; + } + } + spin_lock_irqsave(&kbd_event_lock, flags); + if (ct) + memcpy(accent_table, buf, + ct * sizeof(struct kbdiacruc)); + accent_table_size = ct; + spin_unlock_irqrestore(&kbd_event_lock, flags); + kfree(buf); + return 0; + } + } + return ret; +} + +/** + * vt_do_kdskbmode - set keyboard mode ioctl + * @console: the console to use + * @arg: the requested mode + * + * Update the keyboard mode bits while holding the correct locks. + * Return 0 for success or an error code. + */ +int vt_do_kdskbmode(int console, unsigned int arg) +{ + struct kbd_struct * kbd = kbd_table + console; + int ret = 0; + unsigned long flags; + + spin_lock_irqsave(&kbd_event_lock, flags); + switch(arg) { + case K_RAW: + kbd->kbdmode = VC_RAW; + break; + case K_MEDIUMRAW: + kbd->kbdmode = VC_MEDIUMRAW; + break; + case K_XLATE: + kbd->kbdmode = VC_XLATE; + do_compute_shiftstate(); + break; + case K_UNICODE: + kbd->kbdmode = VC_UNICODE; + do_compute_shiftstate(); + break; + case K_OFF: + kbd->kbdmode = VC_OFF; + break; + default: + ret = -EINVAL; + } + spin_unlock_irqrestore(&kbd_event_lock, flags); + return ret; +} + +/** + * vt_do_kdskbmeta - set keyboard meta state + * @console: the console to use + * @arg: the requested meta state + * + * Update the keyboard meta bits while holding the correct locks. + * Return 0 for success or an error code. + */ +int vt_do_kdskbmeta(int console, unsigned int arg) +{ + struct kbd_struct * kbd = kbd_table + console; + int ret = 0; + unsigned long flags; + + spin_lock_irqsave(&kbd_event_lock, flags); + switch(arg) { + case K_METABIT: + clr_vc_kbd_mode(kbd, VC_META); + break; + case K_ESCPREFIX: + set_vc_kbd_mode(kbd, VC_META); + break; + default: + ret = -EINVAL; + } + spin_unlock_irqrestore(&kbd_event_lock, flags); + return ret; +} + +int vt_do_kbkeycode_ioctl(int cmd, struct kbkeycode __user *user_kbkc, + int perm) +{ + struct kbkeycode tmp; + int kc = 0; + + if (copy_from_user(&tmp, user_kbkc, sizeof(struct kbkeycode))) + return -EFAULT; + switch (cmd) { + case KDGETKEYCODE: + kc = getkeycode(tmp.scancode); + if (kc >= 0) + kc = put_user(kc, &user_kbkc->keycode); + break; + case KDSETKEYCODE: + if (!perm) + return -EPERM; + kc = setkeycode(tmp.scancode, tmp.keycode); + break; + } + return kc; +} + +#define i (tmp.kb_index) +#define s (tmp.kb_table) +#define v (tmp.kb_value) + +int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, + int console) +{ + struct kbd_struct * kbd = kbd_table + console; + struct kbentry tmp; + ushort *key_map, *new_map, val, ov; + unsigned long flags; + + if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry))) + return -EFAULT; + + if (!capable(CAP_SYS_TTY_CONFIG)) + perm = 0; + + switch (cmd) { + case KDGKBENT: + /* Ensure another thread doesn't free it under us */ + spin_lock_irqsave(&kbd_event_lock, flags); + key_map = key_maps[s]; + if (key_map) { + val = U(key_map[i]); + if (kbd->kbdmode != VC_UNICODE && KTYP(val) >= NR_TYPES) + val = K_HOLE; + } else + val = (i ? K_HOLE : K_NOSUCHMAP); + spin_unlock_irqrestore(&kbd_event_lock, flags); + return put_user(val, &user_kbe->kb_value); + case KDSKBENT: + if (!perm) + return -EPERM; + if (!i && v == K_NOSUCHMAP) { + spin_lock_irqsave(&kbd_event_lock, flags); + /* deallocate map */ + key_map = key_maps[s]; + if (s && key_map) { + key_maps[s] = NULL; + if (key_map[0] == U(K_ALLOCATED)) { + kfree(key_map); + keymap_count--; + } + } + spin_unlock_irqrestore(&kbd_event_lock, flags); + break; + } + + if (KTYP(v) < NR_TYPES) { + if (KVAL(v) > max_vals[KTYP(v)]) + return -EINVAL; + } else + if (kbd->kbdmode != VC_UNICODE) + return -EINVAL; + + /* ++Geert: non-PC keyboards may generate keycode zero */ +#if !defined(__mc68000__) && !defined(__powerpc__) + /* assignment to entry 0 only tests validity of args */ + if (!i) + break; +#endif + + new_map = kmalloc(sizeof(plain_map), GFP_KERNEL); + if (!new_map) + return -ENOMEM; + spin_lock_irqsave(&kbd_event_lock, flags); + key_map = key_maps[s]; + if (key_map == NULL) { + int j; + + if (keymap_count >= MAX_NR_OF_USER_KEYMAPS && + !capable(CAP_SYS_RESOURCE)) { + spin_unlock_irqrestore(&kbd_event_lock, flags); + kfree(new_map); + return -EPERM; + } + key_maps[s] = new_map; + key_map = new_map; + key_map[0] = U(K_ALLOCATED); + for (j = 1; j < NR_KEYS; j++) + key_map[j] = U(K_HOLE); + keymap_count++; + } else + kfree(new_map); + + ov = U(key_map[i]); + if (v == ov) + goto out; + /* + * Attention Key. + */ + if (((ov == K_SAK) || (v == K_SAK)) && !capable(CAP_SYS_ADMIN)) { + spin_unlock_irqrestore(&kbd_event_lock, flags); + return -EPERM; + } + key_map[i] = U(v); + if (!s && (KTYP(ov) == KT_SHIFT || KTYP(v) == KT_SHIFT)) + do_compute_shiftstate(); +out: + spin_unlock_irqrestore(&kbd_event_lock, flags); + break; + } + return 0; +} +#undef i +#undef s +#undef v + +/* FIXME: This one needs untangling and locking */ +int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) +{ + struct kbsentry *kbs; + char *p; + u_char *q; + u_char __user *up; + int sz; + int delta; + char *first_free, *fj, *fnw; + int i, j, k; + int ret; + + if (!capable(CAP_SYS_TTY_CONFIG)) + perm = 0; + + kbs = kmalloc(sizeof(*kbs), GFP_KERNEL); + if (!kbs) { + ret = -ENOMEM; + goto reterr; + } + + /* we mostly copy too much here (512bytes), but who cares ;) */ + if (copy_from_user(kbs, user_kdgkb, sizeof(struct kbsentry))) { + ret = -EFAULT; + goto reterr; + } + kbs->kb_string[sizeof(kbs->kb_string)-1] = '\0'; + i = kbs->kb_func; + + switch (cmd) { + case KDGKBSENT: + sz = sizeof(kbs->kb_string) - 1; /* sz should have been + a struct member */ + up = user_kdgkb->kb_string; + p = func_table[i]; + if(p) + for ( ; *p && sz; p++, sz--) + if (put_user(*p, up++)) { + ret = -EFAULT; + goto reterr; + } + if (put_user('\0', up)) { + ret = -EFAULT; + goto reterr; + } + kfree(kbs); + return ((p && *p) ? -EOVERFLOW : 0); + case KDSKBSENT: + if (!perm) { + ret = -EPERM; + goto reterr; + } + + q = func_table[i]; + first_free = funcbufptr + (funcbufsize - funcbufleft); + for (j = i+1; j < MAX_NR_FUNC && !func_table[j]; j++) + ; + if (j < MAX_NR_FUNC) + fj = func_table[j]; + else + fj = first_free; + + delta = (q ? -strlen(q) : 1) + strlen(kbs->kb_string); + if (delta <= funcbufleft) { /* it fits in current buf */ + if (j < MAX_NR_FUNC) { + memmove(fj + delta, fj, first_free - fj); + for (k = j; k < MAX_NR_FUNC; k++) + if (func_table[k]) + func_table[k] += delta; + } + if (!q) + func_table[i] = fj; + funcbufleft -= delta; + } else { /* allocate a larger buffer */ + sz = 256; + while (sz < funcbufsize - funcbufleft + delta) + sz <<= 1; + fnw = kmalloc(sz, GFP_KERNEL); + if(!fnw) { + ret = -ENOMEM; + goto reterr; + } + + if (!q) + func_table[i] = fj; + if (fj > funcbufptr) + memmove(fnw, funcbufptr, fj - funcbufptr); + for (k = 0; k < j; k++) + if (func_table[k]) + func_table[k] = fnw + (func_table[k] - funcbufptr); + + if (first_free > fj) { + memmove(fnw + (fj - funcbufptr) + delta, fj, first_free - fj); + for (k = j; k < MAX_NR_FUNC; k++) + if (func_table[k]) + func_table[k] = fnw + (func_table[k] - funcbufptr) + delta; + } + if (funcbufptr != func_buf) + kfree(funcbufptr); + funcbufptr = fnw; + funcbufleft = funcbufleft - delta + sz - funcbufsize; + funcbufsize = sz; + } + strcpy(func_table[i], kbs->kb_string); + break; + } + ret = 0; +reterr: + kfree(kbs); + return ret; +} + +int vt_do_kdskled(int console, int cmd, unsigned long arg, int perm) +{ + struct kbd_struct * kbd = kbd_table + console; + unsigned long flags; + unsigned char ucval; + + switch(cmd) { + /* the ioctls below read/set the flags usually shown in the leds */ + /* don't use them - they will go away without warning */ + case KDGKBLED: + spin_lock_irqsave(&kbd_event_lock, flags); + ucval = kbd->ledflagstate | (kbd->default_ledflagstate << 4); + spin_unlock_irqrestore(&kbd_event_lock, flags); + return put_user(ucval, (char __user *)arg); + + case KDSKBLED: + if (!perm) + return -EPERM; + if (arg & ~0x77) + return -EINVAL; + spin_lock_irqsave(&kbd_event_lock, flags); + kbd->ledflagstate = (arg & 7); + kbd->default_ledflagstate = ((arg >> 4) & 7); + set_leds(); + spin_unlock_irqrestore(&kbd_event_lock, flags); + break; + + /* the ioctls below only set the lights, not the functions */ + /* for those, see KDGKBLED and KDSKBLED above */ + case KDGETLED: + ucval = getledstate(); + return put_user(ucval, (char __user *)arg); + + case KDSETLED: + if (!perm) + return -EPERM; + setledstate(kbd, arg); + return 0; + } + return -ENOIOCTLCMD; +} + +int vt_do_kdgkbmode(int console) +{ + struct kbd_struct * kbd = kbd_table + console; + /* This is a spot read so needs no locking */ + switch (kbd->kbdmode) { + case VC_RAW: + return K_RAW; + case VC_MEDIUMRAW: + return K_MEDIUMRAW; + case VC_UNICODE: + return K_UNICODE; + case VC_OFF: + return K_OFF; + default: + return K_XLATE; + } +} + +/** + * vt_do_kdgkbmeta - report meta status + * @console: console to report + * + * Report the meta flag status of this console + */ +int vt_do_kdgkbmeta(int console) +{ + struct kbd_struct * kbd = kbd_table + console; + /* Again a spot read so no locking */ + return vc_kbd_mode(kbd, VC_META) ? K_ESCPREFIX : K_METABIT; +} + +/** + * vt_reset_unicode - reset the unicode status + * @console: console being reset + * + * Restore the unicode console state to its default + */ +void vt_reset_unicode(int console) +{ + unsigned long flags; + + spin_lock_irqsave(&kbd_event_lock, flags); + kbd_table[console].kbdmode = default_utf8 ? VC_UNICODE : VC_XLATE; + spin_unlock_irqrestore(&kbd_event_lock, flags); +} + +/** + * vt_get_shiftstate - shift bit state + * + * Report the shift bits from the keyboard state. We have to export + * this to support some oddities in the vt layer. + */ +int vt_get_shift_state(void) +{ + /* Don't lock as this is a transient report */ + return shift_state; +} + +/** + * vt_reset_keyboard - reset keyboard state + * @console: console to reset + * + * Reset the keyboard bits for a console as part of a general console + * reset event + */ +void vt_reset_keyboard(int console) +{ + struct kbd_struct * kbd = kbd_table + console; + unsigned long flags; + + spin_lock_irqsave(&kbd_event_lock, flags); + set_vc_kbd_mode(kbd, VC_REPEAT); + clr_vc_kbd_mode(kbd, VC_CKMODE); + clr_vc_kbd_mode(kbd, VC_APPLIC); + clr_vc_kbd_mode(kbd, VC_CRLF); + kbd->lockstate = 0; + kbd->slockstate = 0; + kbd->ledmode = LED_SHOW_FLAGS; + kbd->ledflagstate = kbd->default_ledflagstate; + /* do not do set_leds here because this causes an endless tasklet loop + when the keyboard hasn't been initialized yet */ + spin_unlock_irqrestore(&kbd_event_lock, flags); +} + +/** + * vt_get_kbd_mode_bit - read keyboard status bits + * @console: console to read from + * @bit: mode bit to read + * + * Report back a vt mode bit. We do this without locking so the + * caller must be sure that there are no synchronization needs + */ + +int vt_get_kbd_mode_bit(int console, int bit) +{ + struct kbd_struct * kbd = kbd_table + console; + return vc_kbd_mode(kbd, bit); +} + +/** + * vt_set_kbd_mode_bit - read keyboard status bits + * @console: console to read from + * @bit: mode bit to read + * + * Set a vt mode bit. We do this without locking so the + * caller must be sure that there are no synchronization needs + */ + +void vt_set_kbd_mode_bit(int console, int bit) +{ + struct kbd_struct * kbd = kbd_table + console; + unsigned long flags; + + spin_lock_irqsave(&kbd_event_lock, flags); + set_vc_kbd_mode(kbd, bit); + spin_unlock_irqrestore(&kbd_event_lock, flags); +} + +/** + * vt_clr_kbd_mode_bit - read keyboard status bits + * @console: console to read from + * @bit: mode bit to read + * + * Report back a vt mode bit. We do this without locking so the + * caller must be sure that there are no synchronization needs + */ + +void vt_clr_kbd_mode_bit(int console, int bit) +{ + struct kbd_struct * kbd = kbd_table + console; + unsigned long flags; + + spin_lock_irqsave(&kbd_event_lock, flags); + clr_vc_kbd_mode(kbd, bit); + spin_unlock_irqrestore(&kbd_event_lock, flags); +} diff --git a/drivers/tty/vt/selection.c b/drivers/tty/vt/selection.c index 7a0a12ae545..8e9b4be97a2 100644 --- a/drivers/tty/vt/selection.c +++ b/drivers/tty/vt/selection.c @@ -30,6 +30,7 @@ extern void poke_blanked_console(void); +/* FIXME: all this needs locking */ /* Variables for selection control. */ /* Use a dynamic buffer, instead of static (Dec 1994) */ struct vc_data *sel_cons; /* must not be deallocated */ @@ -61,10 +62,14 @@ sel_pos(int n) use_unicode); } -/* remove the current selection highlight, if any, - from the console holding the selection. */ -void -clear_selection(void) { +/** + * clear_selection - remove current selection + * + * Remove the current selection highlight, if any from the console + * holding the selection. The caller must hold the console lock. + */ +void clear_selection(void) +{ highlight_pointer(-1); /* hide the pointer */ if (sel_start != -1) { highlight(sel_start, sel_end); @@ -74,7 +79,7 @@ clear_selection(void) { /* * User settable table: what characters are to be considered alphabetic? - * 256 bits + * 256 bits. Locked by the console lock. */ static u32 inwordLut[8]={ 0x00000000, /* control chars */ @@ -91,10 +96,20 @@ static inline int inword(const u16 c) { return c > 0xff || (( inwordLut[c>>5] >> (c & 0x1F) ) & 1); } -/* set inwordLut contents. Invoked by ioctl(). */ +/** + * set loadlut - load the LUT table + * @p: user table + * + * Load the LUT table from user space. The caller must hold the console + * lock. Make a temporary copy so a partial update doesn't make a mess. + */ int sel_loadlut(char __user *p) { - return copy_from_user(inwordLut, (u32 __user *)(p+4), 32) ? -EFAULT : 0; + u32 tmplut[8]; + if (copy_from_user(tmplut, (u32 __user *)(p+4), 32)) + return -EFAULT; + memcpy(inwordLut, tmplut, 32); + return 0; } /* does screen address p correspond to character at LH/RH edge of screen? */ @@ -130,7 +145,16 @@ static int store_utf8(u16 c, char *p) } } -/* set the current selection. Invoked by ioctl() or by kernel code. */ +/** + * set_selection - set the current selection. + * @sel: user selection info + * @tty: the console tty + * + * Invoked by the ioctl handle for the vt layer. + * + * The entire selection process is managed under the console_lock. It's + * a lot under the lock but its hardly a performance path + */ int set_selection(const struct tiocl_selection __user *sel, struct tty_struct *tty) { struct vc_data *vc = vc_cons[fg_console].d; @@ -138,7 +162,7 @@ int set_selection(const struct tiocl_selection __user *sel, struct tty_struct *t char *bp, *obp; int i, ps, pe, multiplier; u16 c; - struct kbd_struct *kbd = kbd_table + fg_console; + int mode; poke_blanked_console(); @@ -182,7 +206,11 @@ int set_selection(const struct tiocl_selection __user *sel, struct tty_struct *t clear_selection(); sel_cons = vc_cons[fg_console].d; } - use_unicode = kbd && kbd->kbdmode == VC_UNICODE; + mode = vt_do_kdgkbmode(fg_console); + if (mode == K_UNICODE) + use_unicode = 1; + else + use_unicode = 0; switch (sel_mode) { @@ -302,7 +330,8 @@ int set_selection(const struct tiocl_selection __user *sel, struct tty_struct *t * queue of the tty associated with the current console. * Invoked by ioctl(). * - * Locking: always called with BTM from vt_ioctl + * Locking: called without locks. Calls the ldisc wrongly with + * unsafe methods, */ int paste_selection(struct tty_struct *tty) { @@ -317,13 +346,12 @@ int paste_selection(struct tty_struct *tty) poke_blanked_console(); console_unlock(); + /* FIXME: wtf is this supposed to achieve ? */ ld = tty_ldisc_ref(tty); - if (!ld) { - tty_unlock(); + if (!ld) ld = tty_ldisc_ref_wait(tty); - tty_lock(); - } + /* FIXME: this is completely unsafe */ add_wait_queue(&vc->paste_wait, &wait); while (sel_buffer && sel_buffer_lth > pasted) { set_current_state(TASK_INTERRUPTIBLE); diff --git a/drivers/tty/vt/vc_screen.c b/drivers/tty/vt/vc_screen.c index 7a367ff5122..fa7268a93c0 100644 --- a/drivers/tty/vt/vc_screen.c +++ b/drivers/tty/vt/vc_screen.c @@ -608,10 +608,10 @@ vcs_open(struct inode *inode, struct file *filp) unsigned int currcons = iminor(inode) & 127; int ret = 0; - tty_lock(); + console_lock(); if(currcons && !vc_cons_allocated(currcons-1)) ret = -ENXIO; - tty_unlock(); + console_unlock(); return ret; } diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c index e716839fab6..2156188db4a 100644 --- a/drivers/tty/vt/vt.c +++ b/drivers/tty/vt/vt.c @@ -99,7 +99,6 @@ #include <linux/notifier.h> #include <linux/device.h> #include <linux/io.h> -#include <asm/system.h> #include <linux/uaccess.h> #include <linux/kdb.h> #include <linux/ctype.h> @@ -1028,9 +1027,9 @@ void vc_deallocate(unsigned int currcons) * VT102 emulator */ -#define set_kbd(vc, x) set_vc_kbd_mode(kbd_table + (vc)->vc_num, (x)) -#define clr_kbd(vc, x) clr_vc_kbd_mode(kbd_table + (vc)->vc_num, (x)) -#define is_kbd(vc, x) vc_kbd_mode(kbd_table + (vc)->vc_num, (x)) +#define set_kbd(vc, x) vt_set_kbd_mode_bit((vc)->vc_num, (x)) +#define clr_kbd(vc, x) vt_clr_kbd_mode_bit((vc)->vc_num, (x)) +#define is_kbd(vc, x) vt_get_kbd_mode_bit((vc)->vc_num, (x)) #define decarm VC_REPEAT #define decckm VC_CKMODE @@ -1652,16 +1651,7 @@ static void reset_terminal(struct vc_data *vc, int do_clear) vc->vc_deccm = global_cursor_default; vc->vc_decim = 0; - set_kbd(vc, decarm); - clr_kbd(vc, decckm); - clr_kbd(vc, kbdapplic); - clr_kbd(vc, lnm); - kbd_table[vc->vc_num].lockstate = 0; - kbd_table[vc->vc_num].slockstate = 0; - kbd_table[vc->vc_num].ledmode = LED_SHOW_FLAGS; - kbd_table[vc->vc_num].ledflagstate = kbd_table[vc->vc_num].default_ledflagstate; - /* do not do set_leds here because this causes an endless tasklet loop - when the keyboard hasn't been initialized yet */ + vt_reset_keyboard(vc->vc_num); vc->vc_cursor_type = cur_default; vc->vc_complement_mask = vc->vc_s_complement_mask; @@ -1979,7 +1969,7 @@ static void do_con_trol(struct tty_struct *tty, struct vc_data *vc, int c) case 'q': /* DECLL - but only 3 leds */ /* map 0,1,2,3 to 0,1,2,4 */ if (vc->vc_par[0] < 4) - setledstate(kbd_table + vc->vc_num, + vt_set_led_state(vc->vc_num, (vc->vc_par[0] < 3) ? vc->vc_par[0] : 4); return; case 'r': @@ -2632,7 +2622,9 @@ int tioclinux(struct tty_struct *tty, unsigned long arg) console_unlock(); break; case TIOCL_SELLOADLUT: + console_lock(); ret = sel_loadlut(p); + console_unlock(); break; case TIOCL_GETSHIFTSTATE: @@ -2642,15 +2634,19 @@ int tioclinux(struct tty_struct *tty, unsigned long arg) * kernel-internal variable; programs not closely * related to the kernel should not use this. */ - data = shift_state; + data = vt_get_shift_state(); ret = __put_user(data, p); break; case TIOCL_GETMOUSEREPORTING: + console_lock(); /* May be overkill */ data = mouse_reporting(); + console_unlock(); ret = __put_user(data, p); break; case TIOCL_SETVESABLANK: + console_lock(); ret = set_vesa_blanking(p); + console_unlock(); break; case TIOCL_GETKMSGREDIRECT: data = vt_get_kmsg_redirect(); @@ -2667,13 +2663,21 @@ int tioclinux(struct tty_struct *tty, unsigned long arg) } break; case TIOCL_GETFGCONSOLE: + /* No locking needed as this is a transiently + correct return anyway if the caller hasn't + disabled switching */ ret = fg_console; break; case TIOCL_SCROLLCONSOLE: if (get_user(lines, (s32 __user *)(p+4))) { ret = -EFAULT; } else { + /* Need the console lock here. Note that lots + of other calls need fixing before the lock + is actually useful ! */ + console_lock(); scrollfront(vc_cons[fg_console].d, lines); + console_unlock(); ret = 0; } break; @@ -2753,8 +2757,7 @@ static void con_stop(struct tty_struct *tty) console_num = tty->index; if (!vc_cons_allocated(console_num)) return; - set_vc_kbd_led(kbd_table + console_num, VC_SCROLLOCK); - set_leds(); + vt_kbd_con_stop(console_num); } /* @@ -2768,8 +2771,7 @@ static void con_start(struct tty_struct *tty) console_num = tty->index; if (!vc_cons_allocated(console_num)) return; - clr_vc_kbd_led(kbd_table + console_num, VC_SCROLLOCK); - set_leds(); + vt_kbd_con_start(console_num); } static void con_flush_chars(struct tty_struct *tty) @@ -2930,11 +2932,10 @@ static int __init con_init(void) gotoxy(vc, vc->vc_x, vc->vc_y); csi_J(vc, 0); update_screen(vc); - pr_info("Console: %s %s %dx%d", + pr_info("Console: %s %s %dx%d\n", vc->vc_can_do_color ? "colour" : "mono", display_desc, vc->vc_cols, vc->vc_rows); printable = 1; - printk("\n"); console_unlock(); @@ -2991,7 +2992,7 @@ int __init vty_init(const struct file_operations *console_fops) console_driver = alloc_tty_driver(MAX_NR_CONSOLES); if (!console_driver) panic("Couldn't allocate console driver\n"); - console_driver->owner = THIS_MODULE; + console_driver->name = "tty"; console_driver->name_base = 1; console_driver->major = TTY_MAJOR; @@ -3980,9 +3981,6 @@ static int con_font_get(struct vc_data *vc, struct console_font_op *op) int rc = -EINVAL; int c; - if (vc->vc_mode != KD_TEXT) - return -EINVAL; - if (op->data) { font.data = kmalloc(max_font_size, GFP_KERNEL); if (!font.data) @@ -3991,7 +3989,9 @@ static int con_font_get(struct vc_data *vc, struct console_font_op *op) font.data = NULL; console_lock(); - if (vc->vc_sw->con_font_get) + if (vc->vc_mode != KD_TEXT) + rc = -EINVAL; + else if (vc->vc_sw->con_font_get) rc = vc->vc_sw->con_font_get(vc, &font); else rc = -ENOSYS; @@ -4073,7 +4073,9 @@ static int con_font_set(struct vc_data *vc, struct console_font_op *op) if (IS_ERR(font.data)) return PTR_ERR(font.data); console_lock(); - if (vc->vc_sw->con_font_set) + if (vc->vc_mode != KD_TEXT) + rc = -EINVAL; + else if (vc->vc_sw->con_font_set) rc = vc->vc_sw->con_font_set(vc, &font, op->flags); else rc = -ENOSYS; @@ -4089,8 +4091,6 @@ static int con_font_default(struct vc_data *vc, struct console_font_op *op) char *s = name; int rc; - if (vc->vc_mode != KD_TEXT) - return -EINVAL; if (!op->data) s = NULL; @@ -4100,6 +4100,10 @@ static int con_font_default(struct vc_data *vc, struct console_font_op *op) name[MAX_FONT_NAME - 1] = 0; console_lock(); + if (vc->vc_mode != KD_TEXT) { + console_unlock(); + return -EINVAL; + } if (vc->vc_sw->con_font_default) rc = vc->vc_sw->con_font_default(vc, &font, s); else @@ -4117,11 +4121,11 @@ static int con_font_copy(struct vc_data *vc, struct console_font_op *op) int con = op->height; int rc; - if (vc->vc_mode != KD_TEXT) - return -EINVAL; console_lock(); - if (!vc->vc_sw->con_font_copy) + if (vc->vc_mode != KD_TEXT) + rc = -EINVAL; + else if (!vc->vc_sw->con_font_copy) rc = -ENOSYS; else if (con < 0 || !vc_cons_allocated(con)) rc = -ENOTTY; diff --git a/drivers/tty/vt/vt_ioctl.c b/drivers/tty/vt/vt_ioctl.c index 65447c5f91d..ede2ef18d2f 100644 --- a/drivers/tty/vt/vt_ioctl.c +++ b/drivers/tty/vt/vt_ioctl.c @@ -130,7 +130,7 @@ static void vt_event_wait(struct vt_event_wait *vw) list_add(&vw->list, &vt_events); spin_unlock_irqrestore(&vt_event_lock, flags); /* Wait for it to pass */ - wait_event_interruptible_tty(vt_event_waitqueue, vw->done); + wait_event_interruptible(vt_event_waitqueue, vw->done); /* Dequeue it */ spin_lock_irqsave(&vt_event_lock, flags); list_del(&vw->list); @@ -195,232 +195,7 @@ int vt_waitactive(int n) #define GPLAST 0x3df #define GPNUM (GPLAST - GPFIRST + 1) -#define i (tmp.kb_index) -#define s (tmp.kb_table) -#define v (tmp.kb_value) -static inline int -do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, struct kbd_struct *kbd) -{ - struct kbentry tmp; - ushort *key_map, val, ov; - - if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry))) - return -EFAULT; - if (!capable(CAP_SYS_TTY_CONFIG)) - perm = 0; - - switch (cmd) { - case KDGKBENT: - key_map = key_maps[s]; - if (key_map) { - val = U(key_map[i]); - if (kbd->kbdmode != VC_UNICODE && KTYP(val) >= NR_TYPES) - val = K_HOLE; - } else - val = (i ? K_HOLE : K_NOSUCHMAP); - return put_user(val, &user_kbe->kb_value); - case KDSKBENT: - if (!perm) - return -EPERM; - if (!i && v == K_NOSUCHMAP) { - /* deallocate map */ - key_map = key_maps[s]; - if (s && key_map) { - key_maps[s] = NULL; - if (key_map[0] == U(K_ALLOCATED)) { - kfree(key_map); - keymap_count--; - } - } - break; - } - - if (KTYP(v) < NR_TYPES) { - if (KVAL(v) > max_vals[KTYP(v)]) - return -EINVAL; - } else - if (kbd->kbdmode != VC_UNICODE) - return -EINVAL; - - /* ++Geert: non-PC keyboards may generate keycode zero */ -#if !defined(__mc68000__) && !defined(__powerpc__) - /* assignment to entry 0 only tests validity of args */ - if (!i) - break; -#endif - - if (!(key_map = key_maps[s])) { - int j; - - if (keymap_count >= MAX_NR_OF_USER_KEYMAPS && - !capable(CAP_SYS_RESOURCE)) - return -EPERM; - - key_map = kmalloc(sizeof(plain_map), - GFP_KERNEL); - if (!key_map) - return -ENOMEM; - key_maps[s] = key_map; - key_map[0] = U(K_ALLOCATED); - for (j = 1; j < NR_KEYS; j++) - key_map[j] = U(K_HOLE); - keymap_count++; - } - ov = U(key_map[i]); - if (v == ov) - break; /* nothing to do */ - /* - * Attention Key. - */ - if (((ov == K_SAK) || (v == K_SAK)) && !capable(CAP_SYS_ADMIN)) - return -EPERM; - key_map[i] = U(v); - if (!s && (KTYP(ov) == KT_SHIFT || KTYP(v) == KT_SHIFT)) - compute_shiftstate(); - break; - } - return 0; -} -#undef i -#undef s -#undef v - -static inline int -do_kbkeycode_ioctl(int cmd, struct kbkeycode __user *user_kbkc, int perm) -{ - struct kbkeycode tmp; - int kc = 0; - - if (copy_from_user(&tmp, user_kbkc, sizeof(struct kbkeycode))) - return -EFAULT; - switch (cmd) { - case KDGETKEYCODE: - kc = getkeycode(tmp.scancode); - if (kc >= 0) - kc = put_user(kc, &user_kbkc->keycode); - break; - case KDSETKEYCODE: - if (!perm) - return -EPERM; - kc = setkeycode(tmp.scancode, tmp.keycode); - break; - } - return kc; -} - -static inline int -do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) -{ - struct kbsentry *kbs; - char *p; - u_char *q; - u_char __user *up; - int sz; - int delta; - char *first_free, *fj, *fnw; - int i, j, k; - int ret; - - if (!capable(CAP_SYS_TTY_CONFIG)) - perm = 0; - - kbs = kmalloc(sizeof(*kbs), GFP_KERNEL); - if (!kbs) { - ret = -ENOMEM; - goto reterr; - } - - /* we mostly copy too much here (512bytes), but who cares ;) */ - if (copy_from_user(kbs, user_kdgkb, sizeof(struct kbsentry))) { - ret = -EFAULT; - goto reterr; - } - kbs->kb_string[sizeof(kbs->kb_string)-1] = '\0'; - i = kbs->kb_func; - - switch (cmd) { - case KDGKBSENT: - sz = sizeof(kbs->kb_string) - 1; /* sz should have been - a struct member */ - up = user_kdgkb->kb_string; - p = func_table[i]; - if(p) - for ( ; *p && sz; p++, sz--) - if (put_user(*p, up++)) { - ret = -EFAULT; - goto reterr; - } - if (put_user('\0', up)) { - ret = -EFAULT; - goto reterr; - } - kfree(kbs); - return ((p && *p) ? -EOVERFLOW : 0); - case KDSKBSENT: - if (!perm) { - ret = -EPERM; - goto reterr; - } - - q = func_table[i]; - first_free = funcbufptr + (funcbufsize - funcbufleft); - for (j = i+1; j < MAX_NR_FUNC && !func_table[j]; j++) - ; - if (j < MAX_NR_FUNC) - fj = func_table[j]; - else - fj = first_free; - - delta = (q ? -strlen(q) : 1) + strlen(kbs->kb_string); - if (delta <= funcbufleft) { /* it fits in current buf */ - if (j < MAX_NR_FUNC) { - memmove(fj + delta, fj, first_free - fj); - for (k = j; k < MAX_NR_FUNC; k++) - if (func_table[k]) - func_table[k] += delta; - } - if (!q) - func_table[i] = fj; - funcbufleft -= delta; - } else { /* allocate a larger buffer */ - sz = 256; - while (sz < funcbufsize - funcbufleft + delta) - sz <<= 1; - fnw = kmalloc(sz, GFP_KERNEL); - if(!fnw) { - ret = -ENOMEM; - goto reterr; - } - - if (!q) - func_table[i] = fj; - if (fj > funcbufptr) - memmove(fnw, funcbufptr, fj - funcbufptr); - for (k = 0; k < j; k++) - if (func_table[k]) - func_table[k] = fnw + (func_table[k] - funcbufptr); - - if (first_free > fj) { - memmove(fnw + (fj - funcbufptr) + delta, fj, first_free - fj); - for (k = j; k < MAX_NR_FUNC; k++) - if (func_table[k]) - func_table[k] = fnw + (func_table[k] - funcbufptr) + delta; - } - if (funcbufptr != func_buf) - kfree(funcbufptr); - funcbufptr = fnw; - funcbufleft = funcbufleft - delta + sz - funcbufsize; - funcbufsize = sz; - } - strcpy(func_table[i], kbs->kb_string); - break; - } - ret = 0; -reterr: - kfree(kbs); - return ret; -} static inline int do_fontx_ioctl(int cmd, struct consolefontdesc __user *user_cfd, int perm, struct console_font_op *op) @@ -497,7 +272,6 @@ int vt_ioctl(struct tty_struct *tty, { struct vc_data *vc = tty->driver_data; struct console_font_op op; /* used in multiple places here */ - struct kbd_struct * kbd; unsigned int console; unsigned char ucval; unsigned int uival; @@ -507,7 +281,6 @@ int vt_ioctl(struct tty_struct *tty, console = vc->vc_num; - tty_lock(); if (!vc_cons_allocated(console)) { /* impossible? */ ret = -ENOIOCTLCMD; @@ -523,19 +296,18 @@ int vt_ioctl(struct tty_struct *tty, if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) perm = 1; - kbd = kbd_table + console; switch (cmd) { case TIOCLINUX: ret = tioclinux(tty, arg); break; case KIOCSOUND: if (!perm) - goto eperm; + return -EPERM; /* * The use of PIT_TICK_RATE is historic, it used to be * the platform-dependent CLOCK_TICK_RATE between 2.6.12 * and 2.6.36, which was a minor but unfortunate ABI - * change. + * change. kd_mksound is locked by the input layer. */ if (arg) arg = PIT_TICK_RATE / arg; @@ -544,7 +316,7 @@ int vt_ioctl(struct tty_struct *tty, case KDMKTONE: if (!perm) - goto eperm; + return -EPERM; { unsigned int ticks, count; @@ -562,10 +334,11 @@ int vt_ioctl(struct tty_struct *tty, case KDGKBTYPE: /* - * this is naive. + * this is naïve. */ ucval = KB_101; - goto setchar; + ret = put_user(ucval, (char __user *)arg); + break; /* * These cannot be implemented on any machine that implements @@ -579,6 +352,8 @@ int vt_ioctl(struct tty_struct *tty, /* * KDADDIO and KDDELIO may be able to add ports beyond what * we reject here, but to be safe... + * + * These are locked internally via sys_ioperm */ if (arg < GPFIRST || arg > GPLAST) { ret = -EINVAL; @@ -601,7 +376,7 @@ int vt_ioctl(struct tty_struct *tty, struct kbd_repeat kbrep; if (!capable(CAP_SYS_TTY_CONFIG)) - goto eperm; + return -EPERM; if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat))) { ret = -EFAULT; @@ -625,7 +400,7 @@ int vt_ioctl(struct tty_struct *tty, * need to restore their engine state. --BenH */ if (!perm) - goto eperm; + return -EPERM; switch (arg) { case KD_GRAPHICS: break; @@ -638,6 +413,7 @@ int vt_ioctl(struct tty_struct *tty, ret = -EINVAL; goto out; } + /* FIXME: this needs the console lock extending */ if (vc->vc_mode == (unsigned char) arg) break; vc->vc_mode = (unsigned char) arg; @@ -669,69 +445,26 @@ int vt_ioctl(struct tty_struct *tty, case KDSKBMODE: if (!perm) - goto eperm; - switch(arg) { - case K_RAW: - kbd->kbdmode = VC_RAW; - break; - case K_MEDIUMRAW: - kbd->kbdmode = VC_MEDIUMRAW; - break; - case K_XLATE: - kbd->kbdmode = VC_XLATE; - compute_shiftstate(); - break; - case K_UNICODE: - kbd->kbdmode = VC_UNICODE; - compute_shiftstate(); - break; - case K_OFF: - kbd->kbdmode = VC_OFF; - break; - default: - ret = -EINVAL; - goto out; - } - tty_ldisc_flush(tty); + return -EPERM; + ret = vt_do_kdskbmode(console, arg); + if (ret == 0) + tty_ldisc_flush(tty); break; case KDGKBMODE: - switch (kbd->kbdmode) { - case VC_RAW: - uival = K_RAW; - break; - case VC_MEDIUMRAW: - uival = K_MEDIUMRAW; - break; - case VC_UNICODE: - uival = K_UNICODE; - break; - case VC_OFF: - uival = K_OFF; - break; - default: - uival = K_XLATE; - break; - } - goto setint; + uival = vt_do_kdgkbmode(console); + ret = put_user(uival, (int __user *)arg); + break; /* this could be folded into KDSKBMODE, but for compatibility reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */ case KDSKBMETA: - switch(arg) { - case K_METABIT: - clr_vc_kbd_mode(kbd, VC_META); - break; - case K_ESCPREFIX: - set_vc_kbd_mode(kbd, VC_META); - break; - default: - ret = -EINVAL; - } + ret = vt_do_kdskbmeta(console, arg); break; case KDGKBMETA: - uival = (vc_kbd_mode(kbd, VC_META) ? K_ESCPREFIX : K_METABIT); + /* FIXME: should review whether this is worth locking */ + uival = vt_do_kdgkbmeta(console); setint: ret = put_user(uival, (int __user *)arg); break; @@ -740,133 +473,35 @@ int vt_ioctl(struct tty_struct *tty, case KDSETKEYCODE: if(!capable(CAP_SYS_TTY_CONFIG)) perm = 0; - ret = do_kbkeycode_ioctl(cmd, up, perm); + ret = vt_do_kbkeycode_ioctl(cmd, up, perm); break; case KDGKBENT: case KDSKBENT: - ret = do_kdsk_ioctl(cmd, up, perm, kbd); + ret = vt_do_kdsk_ioctl(cmd, up, perm, console); break; case KDGKBSENT: case KDSKBSENT: - ret = do_kdgkb_ioctl(cmd, up, perm); + ret = vt_do_kdgkb_ioctl(cmd, up, perm); break; + /* Diacritical processing. Handled in keyboard.c as it has + to operate on the keyboard locks and structures */ case KDGKBDIACR: - { - struct kbdiacrs __user *a = up; - struct kbdiacr diacr; - int i; - - if (put_user(accent_table_size, &a->kb_cnt)) { - ret = -EFAULT; - break; - } - for (i = 0; i < accent_table_size; i++) { - diacr.diacr = conv_uni_to_8bit(accent_table[i].diacr); - diacr.base = conv_uni_to_8bit(accent_table[i].base); - diacr.result = conv_uni_to_8bit(accent_table[i].result); - if (copy_to_user(a->kbdiacr + i, &diacr, sizeof(struct kbdiacr))) { - ret = -EFAULT; - break; - } - } - break; - } case KDGKBDIACRUC: - { - struct kbdiacrsuc __user *a = up; - - if (put_user(accent_table_size, &a->kb_cnt)) - ret = -EFAULT; - else if (copy_to_user(a->kbdiacruc, accent_table, - accent_table_size*sizeof(struct kbdiacruc))) - ret = -EFAULT; - break; - } - case KDSKBDIACR: - { - struct kbdiacrs __user *a = up; - struct kbdiacr diacr; - unsigned int ct; - int i; - - if (!perm) - goto eperm; - if (get_user(ct,&a->kb_cnt)) { - ret = -EFAULT; - break; - } - if (ct >= MAX_DIACR) { - ret = -EINVAL; - break; - } - accent_table_size = ct; - for (i = 0; i < ct; i++) { - if (copy_from_user(&diacr, a->kbdiacr + i, sizeof(struct kbdiacr))) { - ret = -EFAULT; - break; - } - accent_table[i].diacr = conv_8bit_to_uni(diacr.diacr); - accent_table[i].base = conv_8bit_to_uni(diacr.base); - accent_table[i].result = conv_8bit_to_uni(diacr.result); - } - break; - } - case KDSKBDIACRUC: - { - struct kbdiacrsuc __user *a = up; - unsigned int ct; - - if (!perm) - goto eperm; - if (get_user(ct,&a->kb_cnt)) { - ret = -EFAULT; - break; - } - if (ct >= MAX_DIACR) { - ret = -EINVAL; - break; - } - accent_table_size = ct; - if (copy_from_user(accent_table, a->kbdiacruc, ct*sizeof(struct kbdiacruc))) - ret = -EFAULT; + ret = vt_do_diacrit(cmd, up, perm); break; - } /* the ioctls below read/set the flags usually shown in the leds */ /* don't use them - they will go away without warning */ case KDGKBLED: - ucval = kbd->ledflagstate | (kbd->default_ledflagstate << 4); - goto setchar; - case KDSKBLED: - if (!perm) - goto eperm; - if (arg & ~0x77) { - ret = -EINVAL; - break; - } - kbd->ledflagstate = (arg & 7); - kbd->default_ledflagstate = ((arg >> 4) & 7); - set_leds(); - break; - - /* the ioctls below only set the lights, not the functions */ - /* for those, see KDGKBLED and KDSKBLED above */ case KDGETLED: - ucval = getledstate(); - setchar: - ret = put_user(ucval, (char __user *)arg); - break; - case KDSETLED: - if (!perm) - goto eperm; - setledstate(kbd, arg); + ret = vt_do_kdskled(console, cmd, arg, perm); break; /* @@ -879,7 +514,7 @@ int vt_ioctl(struct tty_struct *tty, case KDSIGACCEPT: { if (!perm || !capable(CAP_KILL)) - goto eperm; + return -EPERM; if (!valid_signal(arg) || arg < 1 || arg == SIGKILL) ret = -EINVAL; else { @@ -897,7 +532,7 @@ int vt_ioctl(struct tty_struct *tty, struct vt_mode tmp; if (!perm) - goto eperm; + return -EPERM; if (copy_from_user(&tmp, up, sizeof(struct vt_mode))) { ret = -EFAULT; goto out; @@ -943,6 +578,7 @@ int vt_ioctl(struct tty_struct *tty, struct vt_stat __user *vtstat = up; unsigned short state, mask; + /* Review: FIXME: Console lock ? */ if (put_user(fg_console + 1, &vtstat->v_active)) ret = -EFAULT; else { @@ -960,6 +596,7 @@ int vt_ioctl(struct tty_struct *tty, * Returns the first available (non-opened) console. */ case VT_OPENQRY: + /* FIXME: locking ? - but then this is a stupid API */ for (i = 0; i < MAX_NR_CONSOLES; ++i) if (! VT_IS_IN_USE(i)) break; @@ -973,7 +610,7 @@ int vt_ioctl(struct tty_struct *tty, */ case VT_ACTIVATE: if (!perm) - goto eperm; + return -EPERM; if (arg == 0 || arg > MAX_NR_CONSOLES) ret = -ENXIO; else { @@ -992,7 +629,7 @@ int vt_ioctl(struct tty_struct *tty, struct vt_setactivate vsa; if (!perm) - goto eperm; + return -EPERM; if (copy_from_user(&vsa, (struct vt_setactivate __user *)arg, sizeof(struct vt_setactivate))) { @@ -1020,6 +657,7 @@ int vt_ioctl(struct tty_struct *tty, if (ret) break; /* Commence switch and lock */ + /* Review set_console locks */ set_console(vsa.console); } break; @@ -1030,7 +668,7 @@ int vt_ioctl(struct tty_struct *tty, */ case VT_WAITACTIVE: if (!perm) - goto eperm; + return -EPERM; if (arg == 0 || arg > MAX_NR_CONSOLES) ret = -ENXIO; else @@ -1049,16 +687,17 @@ int vt_ioctl(struct tty_struct *tty, */ case VT_RELDISP: if (!perm) - goto eperm; + return -EPERM; + console_lock(); if (vc->vt_mode.mode != VT_PROCESS) { + console_unlock(); ret = -EINVAL; break; } /* * Switching-from response */ - console_lock(); if (vc->vt_newvt >= 0) { if (arg == 0) /* @@ -1135,7 +774,7 @@ int vt_ioctl(struct tty_struct *tty, ushort ll,cc; if (!perm) - goto eperm; + return -EPERM; if (get_user(ll, &vtsizes->v_rows) || get_user(cc, &vtsizes->v_cols)) ret = -EFAULT; @@ -1146,6 +785,7 @@ int vt_ioctl(struct tty_struct *tty, if (vc) { vc->vc_resize_user = 1; + /* FIXME: review v tty lock */ vc_resize(vc_cons[i].d, cc, ll); } } @@ -1159,7 +799,7 @@ int vt_ioctl(struct tty_struct *tty, struct vt_consize __user *vtconsize = up; ushort ll,cc,vlin,clin,vcol,ccol; if (!perm) - goto eperm; + return -EPERM; if (!access_ok(VERIFY_READ, vtconsize, sizeof(struct vt_consize))) { ret = -EFAULT; @@ -1215,7 +855,7 @@ int vt_ioctl(struct tty_struct *tty, case PIO_FONT: { if (!perm) - goto eperm; + return -EPERM; op.op = KD_FONT_OP_SET; op.flags = KD_FONT_FLAG_OLD | KD_FONT_FLAG_DONT_RECALC; /* Compatibility */ op.width = 8; @@ -1256,7 +896,7 @@ int vt_ioctl(struct tty_struct *tty, case PIO_FONTRESET: { if (!perm) - goto eperm; + return -EPERM; #ifdef BROKEN_GRAPHICS_PROGRAMS /* With BROKEN_GRAPHICS_PROGRAMS defined, the default @@ -1282,7 +922,7 @@ int vt_ioctl(struct tty_struct *tty, break; } if (!perm && op.op != KD_FONT_OP_GET) - goto eperm; + return -EPERM; ret = con_font_op(vc, &op); if (ret) break; @@ -1294,50 +934,65 @@ int vt_ioctl(struct tty_struct *tty, case PIO_SCRNMAP: if (!perm) ret = -EPERM; - else + else { + tty_lock(); ret = con_set_trans_old(up); + tty_unlock(); + } break; case GIO_SCRNMAP: + tty_lock(); ret = con_get_trans_old(up); + tty_unlock(); break; case PIO_UNISCRNMAP: if (!perm) ret = -EPERM; - else + else { + tty_lock(); ret = con_set_trans_new(up); + tty_unlock(); + } break; case GIO_UNISCRNMAP: + tty_lock(); ret = con_get_trans_new(up); + tty_unlock(); break; case PIO_UNIMAPCLR: { struct unimapinit ui; if (!perm) - goto eperm; + return -EPERM; ret = copy_from_user(&ui, up, sizeof(struct unimapinit)); if (ret) ret = -EFAULT; - else + else { + tty_lock(); con_clear_unimap(vc, &ui); + tty_unlock(); + } break; } case PIO_UNIMAP: case GIO_UNIMAP: + tty_lock(); ret = do_unimap_ioctl(cmd, up, perm, vc); + tty_unlock(); break; case VT_LOCKSWITCH: if (!capable(CAP_SYS_TTY_CONFIG)) - goto eperm; + return -EPERM; vt_dont_switch = 1; break; case VT_UNLOCKSWITCH: if (!capable(CAP_SYS_TTY_CONFIG)) - goto eperm; + return -EPERM; vt_dont_switch = 0; break; case VT_GETHIFONTMASK: @@ -1351,17 +1006,13 @@ int vt_ioctl(struct tty_struct *tty, ret = -ENOIOCTLCMD; } out: - tty_unlock(); return ret; -eperm: - ret = -EPERM; - goto out; } void reset_vc(struct vc_data *vc) { vc->vc_mode = KD_TEXT; - kbd_table[vc->vc_num].kbdmode = default_utf8 ? VC_UNICODE : VC_XLATE; + vt_reset_unicode(vc->vc_num); vc->vt_mode.mode = VT_AUTO; vc->vt_mode.waitv = 0; vc->vt_mode.relsig = 0; @@ -1384,6 +1035,7 @@ void vc_SAK(struct work_struct *work) console_lock(); vc = vc_con->d; if (vc) { + /* FIXME: review tty ref counting */ tty = vc->port.tty; /* * SAK should also work in all raw modes and reset @@ -1516,8 +1168,6 @@ long vt_compat_ioctl(struct tty_struct *tty, console = vc->vc_num; - tty_lock(); - if (!vc_cons_allocated(console)) { /* impossible? */ ret = -ENOIOCTLCMD; goto out; @@ -1546,7 +1196,9 @@ long vt_compat_ioctl(struct tty_struct *tty, case PIO_UNIMAP: case GIO_UNIMAP: + tty_lock(); ret = compat_unimap_ioctl(cmd, up, perm, vc); + tty_unlock(); break; /* @@ -1583,11 +1235,9 @@ long vt_compat_ioctl(struct tty_struct *tty, goto fallback; } out: - tty_unlock(); return ret; fallback: - tty_unlock(); return vt_ioctl(tty, cmd, arg); } @@ -1773,13 +1423,10 @@ int vt_move_to_console(unsigned int vt, int alloc) return -EIO; } console_unlock(); - tty_lock(); if (vt_waitactive(vt + 1)) { pr_debug("Suspend: Can't switch VCs."); - tty_unlock(); return -EINTR; } - tty_unlock(); return prev; } |