tty,vcs: lseek/VC-release race fix
[linux-2.6.git] / drivers / tty / vt / vc_screen.c
1 /*
2  * linux/drivers/char/vc_screen.c
3  *
4  * Provide access to virtual console memory.
5  * /dev/vcs0: the screen as it is being viewed right now (possibly scrolled)
6  * /dev/vcsN: the screen of /dev/ttyN (1 <= N <= 63)
7  *            [minor: N]
8  *
9  * /dev/vcsaN: idem, but including attributes, and prefixed with
10  *      the 4 bytes lines,columns,x,y (as screendump used to give).
11  *      Attribute/character pair is in native endianity.
12  *            [minor: N+128]
13  *
14  * This replaces screendump and part of selection, so that the system
15  * administrator can control access using file system permissions.
16  *
17  * aeb@cwi.nl - efter Friedas begravelse - 950211
18  *
19  * machek@k332.feld.cvut.cz - modified not to send characters to wrong console
20  *       - fixed some fatal off-by-one bugs (0-- no longer == -1 -> looping and looping and looping...)
21  *       - making it shorter - scr_readw are macros which expand in PRETTY long code
22  */
23
24 #include <linux/kernel.h>
25 #include <linux/major.h>
26 #include <linux/errno.h>
27 #include <linux/tty.h>
28 #include <linux/interrupt.h>
29 #include <linux/mm.h>
30 #include <linux/init.h>
31 #include <linux/mutex.h>
32 #include <linux/vt_kern.h>
33 #include <linux/selection.h>
34 #include <linux/kbd_kern.h>
35 #include <linux/console.h>
36 #include <linux/device.h>
37 #include <linux/smp_lock.h>
38 #include <linux/sched.h>
39 #include <linux/fs.h>
40 #include <linux/poll.h>
41 #include <linux/signal.h>
42 #include <linux/slab.h>
43 #include <linux/notifier.h>
44
45 #include <asm/uaccess.h>
46 #include <asm/byteorder.h>
47 #include <asm/unaligned.h>
48
49 #undef attr
50 #undef org
51 #undef addr
52 #define HEADER_SIZE     4
53
54 struct vcs_poll_data {
55         struct notifier_block notifier;
56         unsigned int cons_num;
57         bool seen_last_update;
58         wait_queue_head_t waitq;
59         struct fasync_struct *fasync;
60 };
61
62 static int
63 vcs_notifier(struct notifier_block *nb, unsigned long code, void *_param)
64 {
65         struct vt_notifier_param *param = _param;
66         struct vc_data *vc = param->vc;
67         struct vcs_poll_data *poll =
68                 container_of(nb, struct vcs_poll_data, notifier);
69         int currcons = poll->cons_num;
70
71         if (code != VT_UPDATE)
72                 return NOTIFY_DONE;
73
74         if (currcons == 0)
75                 currcons = fg_console;
76         else
77                 currcons--;
78         if (currcons != vc->vc_num)
79                 return NOTIFY_DONE;
80
81         poll->seen_last_update = false;
82         wake_up_interruptible(&poll->waitq);
83         kill_fasync(&poll->fasync, SIGIO, POLL_IN);
84         return NOTIFY_OK;
85 }
86
87 static void
88 vcs_poll_data_free(struct vcs_poll_data *poll)
89 {
90         unregister_vt_notifier(&poll->notifier);
91         kfree(poll);
92 }
93
94 static struct vcs_poll_data *
95 vcs_poll_data_get(struct file *file)
96 {
97         struct vcs_poll_data *poll = file->private_data;
98
99         if (poll)
100                 return poll;
101
102         poll = kzalloc(sizeof(*poll), GFP_KERNEL);
103         if (!poll)
104                 return NULL;
105         poll->cons_num = iminor(file->f_path.dentry->d_inode) & 127;
106         init_waitqueue_head(&poll->waitq);
107         poll->notifier.notifier_call = vcs_notifier;
108         if (register_vt_notifier(&poll->notifier) != 0) {
109                 kfree(poll);
110                 return NULL;
111         }
112
113         /*
114          * This code may be called either through ->poll() or ->fasync().
115          * If we have two threads using the same file descriptor, they could
116          * both enter this function, both notice that the structure hasn't
117          * been allocated yet and go ahead allocating it in parallel, but
118          * only one of them must survive and be shared otherwise we'd leak
119          * memory with a dangling notifier callback.
120          */
121         spin_lock(&file->f_lock);
122         if (!file->private_data) {
123                 file->private_data = poll;
124         } else {
125                 /* someone else raced ahead of us */
126                 vcs_poll_data_free(poll);
127                 poll = file->private_data;
128         }
129         spin_unlock(&file->f_lock);
130
131         return poll;
132 }
133
134 static int
135 vcs_size(struct inode *inode)
136 {
137         int size;
138         int minor = iminor(inode);
139         int currcons = minor & 127;
140         struct vc_data *vc;
141
142         if (currcons == 0)
143                 currcons = fg_console;
144         else
145                 currcons--;
146         if (!vc_cons_allocated(currcons))
147                 return -ENXIO;
148         vc = vc_cons[currcons].d;
149
150         size = vc->vc_rows * vc->vc_cols;
151
152         if (minor & 128)
153                 size = 2*size + HEADER_SIZE;
154         return size;
155 }
156
157 static loff_t vcs_lseek(struct file *file, loff_t offset, int orig)
158 {
159         int size;
160
161         mutex_lock(&con_buf_mtx);
162         console_lock();
163         size = vcs_size(file->f_path.dentry->d_inode);
164         console_unlock();
165         if (size < 0) {
166                 mutex_unlock(&con_buf_mtx);
167                 return size;
168         }
169         switch (orig) {
170                 default:
171                         mutex_unlock(&con_buf_mtx);
172                         return -EINVAL;
173                 case 2:
174                         offset += size;
175                         break;
176                 case 1:
177                         offset += file->f_pos;
178                 case 0:
179                         break;
180         }
181         if (offset < 0 || offset > size) {
182                 mutex_unlock(&con_buf_mtx);
183                 return -EINVAL;
184         }
185         file->f_pos = offset;
186         mutex_unlock(&con_buf_mtx);
187         return file->f_pos;
188 }
189
190
191 static ssize_t
192 vcs_read(struct file *file, char __user *buf, size_t count, loff_t *ppos)
193 {
194         struct inode *inode = file->f_path.dentry->d_inode;
195         unsigned int currcons = iminor(inode);
196         struct vc_data *vc;
197         struct vcs_poll_data *poll;
198         long pos;
199         long viewed, attr, read;
200         int col, maxcol;
201         unsigned short *org = NULL;
202         ssize_t ret;
203
204         mutex_lock(&con_buf_mtx);
205
206         pos = *ppos;
207
208         /* Select the proper current console and verify
209          * sanity of the situation under the console lock.
210          */
211         console_lock();
212
213         attr = (currcons & 128);
214         currcons = (currcons & 127);
215         if (currcons == 0) {
216                 currcons = fg_console;
217                 viewed = 1;
218         } else {
219                 currcons--;
220                 viewed = 0;
221         }
222         ret = -ENXIO;
223         if (!vc_cons_allocated(currcons))
224                 goto unlock_out;
225         vc = vc_cons[currcons].d;
226
227         ret = -EINVAL;
228         if (pos < 0)
229                 goto unlock_out;
230         poll = file->private_data;
231         if (count && poll)
232                 poll->seen_last_update = true;
233         read = 0;
234         ret = 0;
235         while (count) {
236                 char *con_buf0, *con_buf_start;
237                 long this_round, size;
238                 ssize_t orig_count;
239                 long p = pos;
240
241                 /* Check whether we are above size each round,
242                  * as copy_to_user at the end of this loop
243                  * could sleep.
244                  */
245                 size = vcs_size(inode);
246                 if (size < 0) {
247                         if (read)
248                                 break;
249                         ret = size;
250                         goto unlock_out;
251                 }
252                 if (pos >= size)
253                         break;
254                 if (count > size - pos)
255                         count = size - pos;
256
257                 this_round = count;
258                 if (this_round > CON_BUF_SIZE)
259                         this_round = CON_BUF_SIZE;
260
261                 /* Perform the whole read into the local con_buf.
262                  * Then we can drop the console spinlock and safely
263                  * attempt to move it to userspace.
264                  */
265
266                 con_buf_start = con_buf0 = con_buf;
267                 orig_count = this_round;
268                 maxcol = vc->vc_cols;
269                 if (!attr) {
270                         org = screen_pos(vc, p, viewed);
271                         col = p % maxcol;
272                         p += maxcol - col;
273                         while (this_round-- > 0) {
274                                 *con_buf0++ = (vcs_scr_readw(vc, org++) & 0xff);
275                                 if (++col == maxcol) {
276                                         org = screen_pos(vc, p, viewed);
277                                         col = 0;
278                                         p += maxcol;
279                                 }
280                         }
281                 } else {
282                         if (p < HEADER_SIZE) {
283                                 size_t tmp_count;
284
285                                 con_buf0[0] = (char)vc->vc_rows;
286                                 con_buf0[1] = (char)vc->vc_cols;
287                                 getconsxy(vc, con_buf0 + 2);
288
289                                 con_buf_start += p;
290                                 this_round += p;
291                                 if (this_round > CON_BUF_SIZE) {
292                                         this_round = CON_BUF_SIZE;
293                                         orig_count = this_round - p;
294                                 }
295
296                                 tmp_count = HEADER_SIZE;
297                                 if (tmp_count > this_round)
298                                         tmp_count = this_round;
299
300                                 /* Advance state pointers and move on. */
301                                 this_round -= tmp_count;
302                                 p = HEADER_SIZE;
303                                 con_buf0 = con_buf + HEADER_SIZE;
304                                 /* If this_round >= 0, then p is even... */
305                         } else if (p & 1) {
306                                 /* Skip first byte for output if start address is odd
307                                  * Update region sizes up/down depending on free
308                                  * space in buffer.
309                                  */
310                                 con_buf_start++;
311                                 if (this_round < CON_BUF_SIZE)
312                                         this_round++;
313                                 else
314                                         orig_count--;
315                         }
316                         if (this_round > 0) {
317                                 unsigned short *tmp_buf = (unsigned short *)con_buf0;
318
319                                 p -= HEADER_SIZE;
320                                 p /= 2;
321                                 col = p % maxcol;
322
323                                 org = screen_pos(vc, p, viewed);
324                                 p += maxcol - col;
325
326                                 /* Buffer has even length, so we can always copy
327                                  * character + attribute. We do not copy last byte
328                                  * to userspace if this_round is odd.
329                                  */
330                                 this_round = (this_round + 1) >> 1;
331
332                                 while (this_round) {
333                                         *tmp_buf++ = vcs_scr_readw(vc, org++);
334                                         this_round --;
335                                         if (++col == maxcol) {
336                                                 org = screen_pos(vc, p, viewed);
337                                                 col = 0;
338                                                 p += maxcol;
339                                         }
340                                 }
341                         }
342                 }
343
344                 /* Finally, release the console semaphore while we push
345                  * all the data to userspace from our temporary buffer.
346                  *
347                  * AKPM: Even though it's a semaphore, we should drop it because
348                  * the pagefault handling code may want to call printk().
349                  */
350
351                 console_unlock();
352                 ret = copy_to_user(buf, con_buf_start, orig_count);
353                 console_lock();
354
355                 if (ret) {
356                         read += (orig_count - ret);
357                         ret = -EFAULT;
358                         break;
359                 }
360                 buf += orig_count;
361                 pos += orig_count;
362                 read += orig_count;
363                 count -= orig_count;
364         }
365         *ppos += read;
366         if (read)
367                 ret = read;
368 unlock_out:
369         console_unlock();
370         mutex_unlock(&con_buf_mtx);
371         return ret;
372 }
373
374 static ssize_t
375 vcs_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos)
376 {
377         struct inode *inode = file->f_path.dentry->d_inode;
378         unsigned int currcons = iminor(inode);
379         struct vc_data *vc;
380         long pos;
381         long viewed, attr, size, written;
382         char *con_buf0;
383         int col, maxcol;
384         u16 *org0 = NULL, *org = NULL;
385         size_t ret;
386
387         mutex_lock(&con_buf_mtx);
388
389         pos = *ppos;
390
391         /* Select the proper current console and verify
392          * sanity of the situation under the console lock.
393          */
394         console_lock();
395
396         attr = (currcons & 128);
397         currcons = (currcons & 127);
398
399         if (currcons == 0) {
400                 currcons = fg_console;
401                 viewed = 1;
402         } else {
403                 currcons--;
404                 viewed = 0;
405         }
406         ret = -ENXIO;
407         if (!vc_cons_allocated(currcons))
408                 goto unlock_out;
409         vc = vc_cons[currcons].d;
410
411         size = vcs_size(inode);
412         ret = -EINVAL;
413         if (pos < 0 || pos > size)
414                 goto unlock_out;
415         if (count > size - pos)
416                 count = size - pos;
417         written = 0;
418         while (count) {
419                 long this_round = count;
420                 size_t orig_count;
421                 long p;
422
423                 if (this_round > CON_BUF_SIZE)
424                         this_round = CON_BUF_SIZE;
425
426                 /* Temporarily drop the console lock so that we can read
427                  * in the write data from userspace safely.
428                  */
429                 console_unlock();
430                 ret = copy_from_user(con_buf, buf, this_round);
431                 console_lock();
432
433                 if (ret) {
434                         this_round -= ret;
435                         if (!this_round) {
436                                 /* Abort loop if no data were copied. Otherwise
437                                  * fail with -EFAULT.
438                                  */
439                                 if (written)
440                                         break;
441                                 ret = -EFAULT;
442                                 goto unlock_out;
443                         }
444                 }
445
446                 /* The vcs_size might have changed while we slept to grab
447                  * the user buffer, so recheck.
448                  * Return data written up to now on failure.
449                  */
450                 size = vcs_size(inode);
451                 if (size < 0) {
452                         if (written)
453                                 break;
454                         ret = size;
455                         goto unlock_out;
456                 }
457                 if (pos >= size)
458                         break;
459                 if (this_round > size - pos)
460                         this_round = size - pos;
461
462                 /* OK, now actually push the write to the console
463                  * under the lock using the local kernel buffer.
464                  */
465
466                 con_buf0 = con_buf;
467                 orig_count = this_round;
468                 maxcol = vc->vc_cols;
469                 p = pos;
470                 if (!attr) {
471                         org0 = org = screen_pos(vc, p, viewed);
472                         col = p % maxcol;
473                         p += maxcol - col;
474
475                         while (this_round > 0) {
476                                 unsigned char c = *con_buf0++;
477
478                                 this_round--;
479                                 vcs_scr_writew(vc,
480                                                (vcs_scr_readw(vc, org) & 0xff00) | c, org);
481                                 org++;
482                                 if (++col == maxcol) {
483                                         org = screen_pos(vc, p, viewed);
484                                         col = 0;
485                                         p += maxcol;
486                                 }
487                         }
488                 } else {
489                         if (p < HEADER_SIZE) {
490                                 char header[HEADER_SIZE];
491
492                                 getconsxy(vc, header + 2);
493                                 while (p < HEADER_SIZE && this_round > 0) {
494                                         this_round--;
495                                         header[p++] = *con_buf0++;
496                                 }
497                                 if (!viewed)
498                                         putconsxy(vc, header + 2);
499                         }
500                         p -= HEADER_SIZE;
501                         col = (p/2) % maxcol;
502                         if (this_round > 0) {
503                                 org0 = org = screen_pos(vc, p/2, viewed);
504                                 if ((p & 1) && this_round > 0) {
505                                         char c;
506
507                                         this_round--;
508                                         c = *con_buf0++;
509 #ifdef __BIG_ENDIAN
510                                         vcs_scr_writew(vc, c |
511                                              (vcs_scr_readw(vc, org) & 0xff00), org);
512 #else
513                                         vcs_scr_writew(vc, (c << 8) |
514                                              (vcs_scr_readw(vc, org) & 0xff), org);
515 #endif
516                                         org++;
517                                         p++;
518                                         if (++col == maxcol) {
519                                                 org = screen_pos(vc, p/2, viewed);
520                                                 col = 0;
521                                         }
522                                 }
523                                 p /= 2;
524                                 p += maxcol - col;
525                         }
526                         while (this_round > 1) {
527                                 unsigned short w;
528
529                                 w = get_unaligned(((unsigned short *)con_buf0));
530                                 vcs_scr_writew(vc, w, org++);
531                                 con_buf0 += 2;
532                                 this_round -= 2;
533                                 if (++col == maxcol) {
534                                         org = screen_pos(vc, p, viewed);
535                                         col = 0;
536                                         p += maxcol;
537                                 }
538                         }
539                         if (this_round > 0) {
540                                 unsigned char c;
541
542                                 c = *con_buf0++;
543 #ifdef __BIG_ENDIAN
544                                 vcs_scr_writew(vc, (vcs_scr_readw(vc, org) & 0xff) | (c << 8), org);
545 #else
546                                 vcs_scr_writew(vc, (vcs_scr_readw(vc, org) & 0xff00) | c, org);
547 #endif
548                         }
549                 }
550                 count -= orig_count;
551                 written += orig_count;
552                 buf += orig_count;
553                 pos += orig_count;
554                 if (org0)
555                         update_region(vc, (unsigned long)(org0), org - org0);
556         }
557         *ppos += written;
558         ret = written;
559         if (written)
560                 vcs_scr_updated(vc);
561
562 unlock_out:
563         console_unlock();
564
565         mutex_unlock(&con_buf_mtx);
566
567         return ret;
568 }
569
570 static unsigned int
571 vcs_poll(struct file *file, poll_table *wait)
572 {
573         struct vcs_poll_data *poll = vcs_poll_data_get(file);
574         int ret = DEFAULT_POLLMASK|POLLERR|POLLPRI;
575
576         if (poll) {
577                 poll_wait(file, &poll->waitq, wait);
578                 if (poll->seen_last_update)
579                         ret = DEFAULT_POLLMASK;
580         }
581         return ret;
582 }
583
584 static int
585 vcs_fasync(int fd, struct file *file, int on)
586 {
587         struct vcs_poll_data *poll = file->private_data;
588
589         if (!poll) {
590                 /* don't allocate anything if all we want is disable fasync */
591                 if (!on)
592                         return 0;
593                 poll = vcs_poll_data_get(file);
594                 if (!poll)
595                         return -ENOMEM;
596         }
597
598         return fasync_helper(fd, file, on, &poll->fasync);
599 }
600
601 static int
602 vcs_open(struct inode *inode, struct file *filp)
603 {
604         unsigned int currcons = iminor(inode) & 127;
605         int ret = 0;
606         
607         tty_lock();
608         if(currcons && !vc_cons_allocated(currcons-1))
609                 ret = -ENXIO;
610         tty_unlock();
611         return ret;
612 }
613
614 static int vcs_release(struct inode *inode, struct file *file)
615 {
616         struct vcs_poll_data *poll = file->private_data;
617
618         if (poll)
619                 vcs_poll_data_free(poll);
620         return 0;
621 }
622
623 static const struct file_operations vcs_fops = {
624         .llseek         = vcs_lseek,
625         .read           = vcs_read,
626         .write          = vcs_write,
627         .poll           = vcs_poll,
628         .fasync         = vcs_fasync,
629         .open           = vcs_open,
630         .release        = vcs_release,
631 };
632
633 static struct class *vc_class;
634
635 void vcs_make_sysfs(int index)
636 {
637         device_create(vc_class, NULL, MKDEV(VCS_MAJOR, index + 1), NULL,
638                       "vcs%u", index + 1);
639         device_create(vc_class, NULL, MKDEV(VCS_MAJOR, index + 129), NULL,
640                       "vcsa%u", index + 1);
641 }
642
643 void vcs_remove_sysfs(int index)
644 {
645         device_destroy(vc_class, MKDEV(VCS_MAJOR, index + 1));
646         device_destroy(vc_class, MKDEV(VCS_MAJOR, index + 129));
647 }
648
649 int __init vcs_init(void)
650 {
651         unsigned int i;
652
653         if (register_chrdev(VCS_MAJOR, "vcs", &vcs_fops))
654                 panic("unable to get major %d for vcs device", VCS_MAJOR);
655         vc_class = class_create(THIS_MODULE, "vc");
656
657         device_create(vc_class, NULL, MKDEV(VCS_MAJOR, 0), NULL, "vcs");
658         device_create(vc_class, NULL, MKDEV(VCS_MAJOR, 128), NULL, "vcsa");
659         for (i = 0; i < MIN_NR_CONSOLES; i++)
660                 vcs_make_sysfs(i);
661         return 0;
662 }