From 247ff8e610cb63c015de19191db9666754c2ed79 Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Fri, 24 Feb 2012 12:47:11 +0000 Subject: vt: lock the accent table First step to debletcherising the vt console layer - pick a victim and fix the locking This is a nice simple object with its own rules so lets pick it out for treatment. The user of the table already has a lock so we will also use the same lock for updates. Signed-off-by: Alan Cox Signed-off-by: Greg Kroah-Hartman --- drivers/tty/vt/keyboard.c | 162 ++++++++++++++++++++++++++++++++++++++++++++++ drivers/tty/vt/vt_ioctl.c | 81 +---------------------- 2 files changed, 165 insertions(+), 78 deletions(-) (limited to 'drivers/tty/vt') diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c index a605549ee28..bdf838dd3e4 100644 --- a/drivers/tty/vt/keyboard.c +++ b/drivers/tty/vt/keyboard.c @@ -1452,3 +1452,165 @@ int __init kbd_init(void) return 0; } + +/* Ioctl support code */ + +/** + * vt_do_diacrit - diacritical table updates + * @cmd: ioctl request + * @up: pointer to user data for ioctl + * @perm: permissions check computed by caller + * + * Update the diacritical tables atomically and safely. Lock them + * against simultaneous keypresses + */ +int vt_do_diacrit(unsigned int cmd, void __user *up, int perm) +{ + struct kbdiacrs __user *a = up; + unsigned long flags; + int asize; + int ret = 0; + + switch (cmd) { + case KDGKBDIACR: + { + struct kbdiacr *diacr; + int i; + + diacr = kmalloc(MAX_DIACR * sizeof(struct kbdiacr), + GFP_KERNEL); + if (diacr == NULL) + return -ENOMEM; + + /* Lock the diacriticals table, make a copy and then + copy it after we unlock */ + spin_lock_irqsave(&kbd_event_lock, flags); + + asize = accent_table_size; + for (i = 0; i < asize; i++) { + diacr[i].diacr = conv_uni_to_8bit( + accent_table[i].diacr); + diacr[i].base = conv_uni_to_8bit( + accent_table[i].base); + diacr[i].result = conv_uni_to_8bit( + accent_table[i].result); + } + spin_unlock_irqrestore(&kbd_event_lock, flags); + + if (put_user(asize, &a->kb_cnt)) + ret = -EFAULT; + else if (copy_to_user(a->kbdiacr, diacr, + asize * sizeof(struct kbdiacr))) + ret = -EFAULT; + kfree(diacr); + return ret; + } + case KDGKBDIACRUC: + { + struct kbdiacrsuc __user *a = up; + void *buf; + + buf = kmalloc(MAX_DIACR * sizeof(struct kbdiacruc), + GFP_KERNEL); + if (buf == NULL) + return -ENOMEM; + + /* Lock the diacriticals table, make a copy and then + copy it after we unlock */ + spin_lock_irqsave(&kbd_event_lock, flags); + + asize = accent_table_size; + memcpy(buf, accent_table, asize * sizeof(struct kbdiacruc)); + + spin_unlock_irqrestore(&kbd_event_lock, flags); + + if (put_user(asize, &a->kb_cnt)) + ret = -EFAULT; + else if (copy_to_user(a->kbdiacruc, buf, + asize*sizeof(struct kbdiacruc))) + ret = -EFAULT; + kfree(buf); + return ret; + } + + case KDSKBDIACR: + { + struct kbdiacrs __user *a = up; + struct kbdiacr *diacr = NULL; + unsigned int ct; + int i; + + if (!perm) + return -EPERM; + if (get_user(ct, &a->kb_cnt)) + return -EFAULT; + if (ct >= MAX_DIACR) + return -EINVAL; + + if (ct) { + diacr = kmalloc(sizeof(struct kbdiacr) * ct, + GFP_KERNEL); + if (diacr == NULL) + return -ENOMEM; + + if (copy_from_user(diacr, a->kbdiacr, + sizeof(struct kbdiacr) * ct)) { + kfree(diacr); + return -EFAULT; + } + } + + spin_lock_irqsave(&kbd_event_lock, flags); + accent_table_size = ct; + for (i = 0; i < ct; i++) { + accent_table[i].diacr = + conv_8bit_to_uni(diacr[i].diacr); + accent_table[i].base = + conv_8bit_to_uni(diacr[i].base); + accent_table[i].result = + conv_8bit_to_uni(diacr[i].result); + } + spin_unlock_irqrestore(&kbd_event_lock, flags); + kfree(diacr); + return 0; + } + + case KDSKBDIACRUC: + { + struct kbdiacrsuc __user *a = up; + unsigned int ct; + void *buf = NULL; + + if (!perm) + return -EPERM; + + if (get_user(ct, &a->kb_cnt)) + return -EFAULT; + + if (ct >= MAX_DIACR) + return -EINVAL; + + if (ct) { + buf = kmalloc(ct * sizeof(struct kbdiacruc), + GFP_KERNEL); + if (buf == NULL) + return -ENOMEM; + + if (copy_from_user(buf, a->kbdiacruc, + ct * sizeof(struct kbdiacruc))) { + kfree(buf); + return -EFAULT; + } + } + spin_lock_irqsave(&kbd_event_lock, flags); + if (ct) + memcpy(accent_table, buf, + ct * sizeof(struct kbdiacruc)); + accent_table_size = ct; + spin_unlock_irqrestore(&kbd_event_lock, flags); + kfree(buf); + return 0; + } + } + return ret; +} diff --git a/drivers/tty/vt/vt_ioctl.c b/drivers/tty/vt/vt_ioctl.c index 65447c5f91d..80af0f9bef5 100644 --- a/drivers/tty/vt/vt_ioctl.c +++ b/drivers/tty/vt/vt_ioctl.c @@ -753,89 +753,14 @@ int vt_ioctl(struct tty_struct *tty, ret = do_kdgkb_ioctl(cmd, up, perm); break; + /* Diacritical processing. Handled in keyboard.c as it has + to operate on the keyboard locks and structures */ case KDGKBDIACR: - { - struct kbdiacrs __user *a = up; - struct kbdiacr diacr; - int i; - - if (put_user(accent_table_size, &a->kb_cnt)) { - ret = -EFAULT; - break; - } - for (i = 0; i < accent_table_size; i++) { - diacr.diacr = conv_uni_to_8bit(accent_table[i].diacr); - diacr.base = conv_uni_to_8bit(accent_table[i].base); - diacr.result = conv_uni_to_8bit(accent_table[i].result); - if (copy_to_user(a->kbdiacr + i, &diacr, sizeof(struct kbdiacr))) { - ret = -EFAULT; - break; - } - } - break; - } case KDGKBDIACRUC: - { - struct kbdiacrsuc __user *a = up; - - if (put_user(accent_table_size, &a->kb_cnt)) - ret = -EFAULT; - else if (copy_to_user(a->kbdiacruc, accent_table, - accent_table_size*sizeof(struct kbdiacruc))) - ret = -EFAULT; - break; - } - case KDSKBDIACR: - { - struct kbdiacrs __user *a = up; - struct kbdiacr diacr; - unsigned int ct; - int i; - - if (!perm) - goto eperm; - if (get_user(ct,&a->kb_cnt)) { - ret = -EFAULT; - break; - } - if (ct >= MAX_DIACR) { - ret = -EINVAL; - break; - } - accent_table_size = ct; - for (i = 0; i < ct; i++) { - if (copy_from_user(&diacr, a->kbdiacr + i, sizeof(struct kbdiacr))) { - ret = -EFAULT; - break; - } - accent_table[i].diacr = conv_8bit_to_uni(diacr.diacr); - accent_table[i].base = conv_8bit_to_uni(diacr.base); - accent_table[i].result = conv_8bit_to_uni(diacr.result); - } - break; - } - case KDSKBDIACRUC: - { - struct kbdiacrsuc __user *a = up; - unsigned int ct; - - if (!perm) - goto eperm; - if (get_user(ct,&a->kb_cnt)) { - ret = -EFAULT; - break; - } - if (ct >= MAX_DIACR) { - ret = -EINVAL; - break; - } - accent_table_size = ct; - if (copy_from_user(accent_table, a->kbdiacruc, ct*sizeof(struct kbdiacruc))) - ret = -EFAULT; + ret = vt_do_diacrit(cmd, up, perm); break; - } /* the ioctls below read/set the flags usually shown in the leds */ /* don't use them - they will go away without warning */ -- cgit v1.2.3-70-g09d2 From 6aeed479fdef85e6874c2d41cca9f121c294c536 Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Fri, 24 Feb 2012 12:47:29 +0000 Subject: vt: tidy a few bits of checkpatch noise Signed-off-by: Alan Cox Signed-off-by: Greg Kroah-Hartman --- drivers/tty/vt/keyboard.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'drivers/tty/vt') diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c index bdf838dd3e4..0479114397c 100644 --- a/drivers/tty/vt/keyboard.c +++ b/drivers/tty/vt/keyboard.c @@ -55,8 +55,8 @@ extern void ctrl_alt_del(void); /* * Some laptops take the 789uiojklm,. keys as number pad when NumLock is on. * This seems a good reason to start with NumLock off. On HIL keyboards - * of PARISC machines however there is no NumLock key and everyone expects the keypad - * to be used for numbers. + * of PARISC machines however there is no NumLock key and everyone expects the + * keypad to be used for numbers. */ #if defined(CONFIG_PARISC) && (defined(CONFIG_KEYBOARD_HIL) || defined(CONFIG_KEYBOARD_HIL_OLD)) @@ -1404,14 +1404,14 @@ static void kbd_start(struct input_handle *handle) static const struct input_device_id kbd_ids[] = { { - .flags = INPUT_DEVICE_ID_MATCH_EVBIT, - .evbit = { BIT_MASK(EV_KEY) }, - }, + .flags = INPUT_DEVICE_ID_MATCH_EVBIT, + .evbit = { BIT_MASK(EV_KEY) }, + }, { - .flags = INPUT_DEVICE_ID_MATCH_EVBIT, - .evbit = { BIT_MASK(EV_SND) }, - }, + .flags = INPUT_DEVICE_ID_MATCH_EVBIT, + .evbit = { BIT_MASK(EV_SND) }, + }, { }, /* Terminating entry */ }; @@ -1433,7 +1433,7 @@ int __init kbd_init(void) int i; int error; - for (i = 0; i < MAX_NR_CONSOLES; i++) { + for (i = 0; i < MAX_NR_CONSOLES; i++) { kbd_table[i].ledflagstate = KBD_DEFLEDS; kbd_table[i].default_ledflagstate = KBD_DEFLEDS; kbd_table[i].ledmode = LED_SHOW_FLAGS; -- cgit v1.2.3-70-g09d2 From 6623d64021469b0094bb070d3eb7d0e3f5e928af Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 27 Feb 2012 15:18:56 -0800 Subject: tty: keyboard.c: add uaccess.h to fix a build problem on sparc32 Reported-by: Stephen Rothwell Cc: Alan Cox Signed-off-by: Greg Kroah-Hartman --- drivers/tty/vt/keyboard.c | 1 + 1 file changed, 1 insertion(+) (limited to 'drivers/tty/vt') diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c index 0479114397c..898e359c542 100644 --- a/drivers/tty/vt/keyboard.c +++ b/drivers/tty/vt/keyboard.c @@ -41,6 +41,7 @@ #include #include #include +#include #include -- cgit v1.2.3-70-g09d2 From 079c9534a96da9a85a2a2f9715851050fbfbf749 Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Tue, 28 Feb 2012 14:49:23 +0000 Subject: vt:tackle kbd_table Keyboard struct lifetime is easy, but the locking is not and is completely ignored by the existing code. Tackle this one head on - Make the kbd_table private so we can run down all direct users - Hoick the relevant ioctl handlers into the keyboard layer - Lock them with the keyboard lock so they don't change mid keypress - Add helpers for things like console stop/start so we isolate the poking around properly - Tweak the braille console so it still builds There are a couple of FIXME locking cases left for ioctls that are so hideous they should be addressed in a later patch. After this patch the kbd_table is private and all the keyboard jiggery pokery is in one place. This update fixes speakup and also a memory leak in the original. Signed-off-by: Alan Cox Signed-off-by: Greg Kroah-Hartman --- drivers/accessibility/braille/braille_console.c | 9 +- drivers/staging/speakup/main.c | 8 +- drivers/tty/sysrq.c | 6 +- drivers/tty/vt/keyboard.c | 621 +++++++++++++++++++++++- drivers/tty/vt/selection.c | 9 +- drivers/tty/vt/vt.c | 27 +- drivers/tty/vt/vt_ioctl.c | 325 +------------ include/linux/kbd_kern.h | 7 +- include/linux/keyboard.h | 2 - include/linux/vt_kern.h | 23 + 10 files changed, 660 insertions(+), 377 deletions(-) (limited to 'drivers/tty/vt') diff --git a/drivers/accessibility/braille/braille_console.c b/drivers/accessibility/braille/braille_console.c index c339a0880e6..d21167bfc86 100644 --- a/drivers/accessibility/braille/braille_console.c +++ b/drivers/accessibility/braille/braille_console.c @@ -244,16 +244,13 @@ static int keyboard_notifier_call(struct notifier_block *blk, switch (val) { case KVAL(K_CAPS): - on_off = vc_kbd_led(kbd_table + fg_console, - VC_CAPSLOCK); + on_off = vt_get_leds(fg_console, VC_CAPSLOCK); break; case KVAL(K_NUM): - on_off = vc_kbd_led(kbd_table + fg_console, - VC_NUMLOCK); + on_off = vt_get_leds(fg_console, VC_NUMLOCK); break; case KVAL(K_HOLD): - on_off = vc_kbd_led(kbd_table + fg_console, - VC_SCROLLOCK); + on_off = vt_get_leds(fg_console, VC_SCROLLOCK); break; } if (on_off == 1) diff --git a/drivers/staging/speakup/main.c b/drivers/staging/speakup/main.c index c7b03f0ef2d..92b34e29ad0 100644 --- a/drivers/staging/speakup/main.c +++ b/drivers/staging/speakup/main.c @@ -1731,15 +1731,15 @@ static void do_handle_spec(struct vc_data *vc, u_char value, char up_flag) switch (value) { case KVAL(K_CAPS): label = msg_get(MSG_KEYNAME_CAPSLOCK); - on_off = (vc_kbd_led(kbd_table + vc->vc_num, VC_CAPSLOCK)); + on_off = vt_get_leds(fg_console, VC_CAPSLOCK); break; case KVAL(K_NUM): label = msg_get(MSG_KEYNAME_NUMLOCK); - on_off = (vc_kbd_led(kbd_table + vc->vc_num, VC_NUMLOCK)); + on_off = vt_get_leds(fg_console, VC_NUMLOCK); break; case KVAL(K_HOLD): label = msg_get(MSG_KEYNAME_SCROLLLOCK); - on_off = (vc_kbd_led(kbd_table + vc->vc_num, VC_SCROLLOCK)); + on_off = vt_get_leds(fg_console, VC_SCROLLOCK); if (speakup_console[vc->vc_num]) speakup_console[vc->vc_num]->tty_stopped = on_off; break; @@ -2020,7 +2020,7 @@ speakup_key(struct vc_data *vc, int shift_state, int keycode, u_short keysym, if (type >= 0xf0) type -= 0xf0; if (type == KT_PAD - && (vc_kbd_led(kbd_table + fg_console, VC_NUMLOCK))) { + && (vt_get_leds(fg_console, VC_NUMLOCK))) { if (up_flag) { spk_keydown = 0; goto out; diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c index 8db9125133b..ecb8e2203ac 100644 --- a/drivers/tty/sysrq.c +++ b/drivers/tty/sysrq.c @@ -110,11 +110,9 @@ static struct sysrq_key_op sysrq_SAK_op = { #ifdef CONFIG_VT static void sysrq_handle_unraw(int key) { - struct kbd_struct *kbd = &kbd_table[fg_console]; - - if (kbd) - kbd->kbdmode = default_utf8 ? VC_UNICODE : VC_XLATE; + vt_reset_unicode(fg_console); } + static struct sysrq_key_op sysrq_unraw_op = { .handler = sysrq_handle_unraw, .help_msg = "unRaw", diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c index 898e359c542..70d0593d3bc 100644 --- a/drivers/tty/vt/keyboard.c +++ b/drivers/tty/vt/keyboard.c @@ -68,8 +68,6 @@ extern void ctrl_alt_del(void); #define KBD_DEFLOCK 0 -void compute_shiftstate(void); - /* * Handler Tables. */ @@ -100,35 +98,29 @@ static fn_handler_fn *fn_handler[] = { FN_HANDLERS }; * Variables exported for vt_ioctl.c */ -/* maximum values each key_handler can handle */ -const int max_vals[] = { - 255, ARRAY_SIZE(func_table) - 1, ARRAY_SIZE(fn_handler) - 1, NR_PAD - 1, - NR_DEAD - 1, 255, 3, NR_SHIFT - 1, 255, NR_ASCII - 1, NR_LOCK - 1, - 255, NR_LOCK - 1, 255, NR_BRL - 1 -}; - -const int NR_TYPES = ARRAY_SIZE(max_vals); - -struct kbd_struct kbd_table[MAX_NR_CONSOLES]; -EXPORT_SYMBOL_GPL(kbd_table); -static struct kbd_struct *kbd = kbd_table; - struct vt_spawn_console vt_spawn_con = { .lock = __SPIN_LOCK_UNLOCKED(vt_spawn_con.lock), .pid = NULL, .sig = 0, }; -/* - * Variables exported for vt.c - */ - -int shift_state = 0; /* * Internal Data. */ +static struct kbd_struct kbd_table[MAX_NR_CONSOLES]; +static struct kbd_struct *kbd = kbd_table; + +/* maximum values each key_handler can handle */ +static const int max_vals[] = { + 255, ARRAY_SIZE(func_table) - 1, ARRAY_SIZE(fn_handler) - 1, NR_PAD - 1, + NR_DEAD - 1, 255, 3, NR_SHIFT - 1, 255, NR_ASCII - 1, NR_LOCK - 1, + 255, NR_LOCK - 1, 255, NR_BRL - 1 +}; + +static const int NR_TYPES = ARRAY_SIZE(max_vals); + static struct input_handler kbd_handler; static DEFINE_SPINLOCK(kbd_event_lock); static unsigned long key_down[BITS_TO_LONGS(KEY_CNT)]; /* keyboard key bitmap */ @@ -138,6 +130,8 @@ static int npadch = -1; /* -1 or number assembled on pad */ static unsigned int diacr; static char rep; /* flag telling character repeat */ +static int shift_state = 0; + static unsigned char ledstate = 0xff; /* undefined */ static unsigned char ledioctl; @@ -188,7 +182,7 @@ static int getkeycode_helper(struct input_handle *handle, void *data) return d->error == 0; /* stop as soon as we successfully get one */ } -int getkeycode(unsigned int scancode) +static int getkeycode(unsigned int scancode) { struct getset_keycode_data d = { .ke = { @@ -215,7 +209,7 @@ static int setkeycode_helper(struct input_handle *handle, void *data) return d->error == 0; /* stop as soon as we successfully set one */ } -int setkeycode(unsigned int scancode, unsigned int keycode) +static int setkeycode(unsigned int scancode, unsigned int keycode) { struct getset_keycode_data d = { .ke = { @@ -383,9 +377,11 @@ static void to_utf8(struct vc_data *vc, uint c) /* * Called after returning from RAW mode or when changing consoles - recompute * shift_down[] and shift_state from key_down[] maybe called when keymap is - * undefined, so that shiftkey release is seen + * undefined, so that shiftkey release is seen. The caller must hold the + * kbd_event_lock. */ -void compute_shiftstate(void) + +static void do_compute_shiftstate(void) { unsigned int i, j, k, sym, val; @@ -418,6 +414,15 @@ void compute_shiftstate(void) } } +/* We still have to export this method to vt.c */ +void compute_shiftstate(void) +{ + unsigned long flags; + spin_lock_irqsave(&kbd_event_lock, flags); + do_compute_shiftstate(); + spin_unlock_irqrestore(&kbd_event_lock, flags); +} + /* * We have a combining character DIACR here, followed by the character CH. * If the combination occurs in the table, return the corresponding value. @@ -637,7 +642,7 @@ static void fn_SAK(struct vc_data *vc) static void fn_null(struct vc_data *vc) { - compute_shiftstate(); + do_compute_shiftstate(); } /* @@ -990,6 +995,8 @@ unsigned char getledstate(void) void setledstate(struct kbd_struct *kbd, unsigned int led) { + unsigned long flags; + spin_lock_irqsave(&kbd_event_lock, flags); if (!(led & ~7)) { ledioctl = led; kbd->ledmode = LED_SHOW_IOCTL; @@ -997,6 +1004,7 @@ void setledstate(struct kbd_struct *kbd, unsigned int led) kbd->ledmode = LED_SHOW_FLAGS; set_leds(); + spin_unlock_irqrestore(&kbd_event_lock, flags); } static inline unsigned char getleds(void) @@ -1036,6 +1044,75 @@ static int kbd_update_leds_helper(struct input_handle *handle, void *data) return 0; } +/** + * vt_get_leds - helper for braille console + * @console: console to read + * @flag: flag we want to check + * + * Check the status of a keyboard led flag and report it back + */ +int vt_get_leds(int console, int flag) +{ + unsigned long flags; + struct kbd_struct * kbd = kbd_table + console; + int ret; + + spin_lock_irqsave(&kbd_event_lock, flags); + ret = vc_kbd_led(kbd, flag); + spin_unlock_irqrestore(&kbd_event_lock, flags); + + return ret; +} +EXPORT_SYMBOL_GPL(vt_get_leds); + +/** + * vt_set_led_state - set LED state of a console + * @console: console to set + * @leds: LED bits + * + * Set the LEDs on a console. This is a wrapper for the VT layer + * so that we can keep kbd knowledge internal + */ +void vt_set_led_state(int console, int leds) +{ + struct kbd_struct * kbd = kbd_table + console; + setledstate(kbd, leds); +} + +/** + * vt_kbd_con_start - Keyboard side of console start + * @console: console + * + * Handle console start. This is a wrapper for the VT layer + * so that we can keep kbd knowledge internal + */ +void vt_kbd_con_start(int console) +{ + struct kbd_struct * kbd = kbd_table + console; + unsigned long flags; + spin_lock_irqsave(&kbd_event_lock, flags); + clr_vc_kbd_led(kbd, VC_SCROLLOCK); + set_leds(); + spin_unlock_irqrestore(&kbd_event_lock, flags); +} + +/** + * vt_kbd_con_stop - Keyboard side of console stop + * @console: console + * + * Handle console stop. This is a wrapper for the VT layer + * so that we can keep kbd knowledge internal + */ +void vt_kbd_con_stop(int console) +{ + struct kbd_struct * kbd = kbd_table + console; + unsigned long flags; + spin_lock_irqsave(&kbd_event_lock, flags); + set_vc_kbd_led(kbd, VC_SCROLLOCK); + set_leds(); + spin_unlock_irqrestore(&kbd_event_lock, flags); +} + /* * This is the tasklet that updates LED state on all keyboards * attached to the box. The reason we use tasklet is that we @@ -1255,7 +1332,7 @@ static void kbd_keycode(unsigned int keycode, int down, int hw_raw) if (rc == NOTIFY_STOP || !key_map) { atomic_notifier_call_chain(&keyboard_notifier_list, KBD_UNBOUND_KEYCODE, ¶m); - compute_shiftstate(); + do_compute_shiftstate(); kbd->slockstate = 0; return; } @@ -1615,3 +1692,495 @@ int vt_do_diacrit(unsigned int cmd, void __user *up, int perm) } return ret; } + +/** + * vt_do_kdskbmode - set keyboard mode ioctl + * @console: the console to use + * @arg: the requested mode + * + * Update the keyboard mode bits while holding the correct locks. + * Return 0 for success or an error code. + */ +int vt_do_kdskbmode(int console, unsigned int arg) +{ + struct kbd_struct * kbd = kbd_table + console; + int ret = 0; + unsigned long flags; + + spin_lock_irqsave(&kbd_event_lock, flags); + switch(arg) { + case K_RAW: + kbd->kbdmode = VC_RAW; + break; + case K_MEDIUMRAW: + kbd->kbdmode = VC_MEDIUMRAW; + break; + case K_XLATE: + kbd->kbdmode = VC_XLATE; + do_compute_shiftstate(); + break; + case K_UNICODE: + kbd->kbdmode = VC_UNICODE; + do_compute_shiftstate(); + break; + case K_OFF: + kbd->kbdmode = VC_OFF; + break; + default: + ret = -EINVAL; + } + spin_unlock_irqrestore(&kbd_event_lock, flags); + return ret; +} + +/** + * vt_do_kdskbmeta - set keyboard meta state + * @console: the console to use + * @arg: the requested meta state + * + * Update the keyboard meta bits while holding the correct locks. + * Return 0 for success or an error code. + */ +int vt_do_kdskbmeta(int console, unsigned int arg) +{ + struct kbd_struct * kbd = kbd_table + console; + int ret = 0; + unsigned long flags; + + spin_lock_irqsave(&kbd_event_lock, flags); + switch(arg) { + case K_METABIT: + clr_vc_kbd_mode(kbd, VC_META); + break; + case K_ESCPREFIX: + set_vc_kbd_mode(kbd, VC_META); + break; + default: + ret = -EINVAL; + } + spin_unlock_irqrestore(&kbd_event_lock, flags); + return ret; +} + +int vt_do_kbkeycode_ioctl(int cmd, struct kbkeycode __user *user_kbkc, + int perm) +{ + struct kbkeycode tmp; + int kc = 0; + + if (copy_from_user(&tmp, user_kbkc, sizeof(struct kbkeycode))) + return -EFAULT; + switch (cmd) { + case KDGETKEYCODE: + kc = getkeycode(tmp.scancode); + if (kc >= 0) + kc = put_user(kc, &user_kbkc->keycode); + break; + case KDSETKEYCODE: + if (!perm) + return -EPERM; + kc = setkeycode(tmp.scancode, tmp.keycode); + break; + } + return kc; +} + +#define i (tmp.kb_index) +#define s (tmp.kb_table) +#define v (tmp.kb_value) + +int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, + int console) +{ + struct kbd_struct * kbd = kbd_table + console; + struct kbentry tmp; + ushort *key_map, *new_map, val, ov; + unsigned long flags; + + if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry))) + return -EFAULT; + + if (!capable(CAP_SYS_TTY_CONFIG)) + perm = 0; + + switch (cmd) { + case KDGKBENT: + /* Ensure another thread doesn't free it under us */ + spin_lock_irqsave(&kbd_event_lock, flags); + key_map = key_maps[s]; + if (key_map) { + val = U(key_map[i]); + if (kbd->kbdmode != VC_UNICODE && KTYP(val) >= NR_TYPES) + val = K_HOLE; + } else + val = (i ? K_HOLE : K_NOSUCHMAP); + spin_unlock_irqrestore(&kbd_event_lock, flags); + return put_user(val, &user_kbe->kb_value); + case KDSKBENT: + if (!perm) + return -EPERM; + if (!i && v == K_NOSUCHMAP) { + spin_lock_irqsave(&kbd_event_lock, flags); + /* deallocate map */ + key_map = key_maps[s]; + if (s && key_map) { + key_maps[s] = NULL; + if (key_map[0] == U(K_ALLOCATED)) { + kfree(key_map); + keymap_count--; + } + } + spin_unlock_irqrestore(&kbd_event_lock, flags); + break; + } + + if (KTYP(v) < NR_TYPES) { + if (KVAL(v) > max_vals[KTYP(v)]) + return -EINVAL; + } else + if (kbd->kbdmode != VC_UNICODE) + return -EINVAL; + + /* ++Geert: non-PC keyboards may generate keycode zero */ +#if !defined(__mc68000__) && !defined(__powerpc__) + /* assignment to entry 0 only tests validity of args */ + if (!i) + break; +#endif + + new_map = kmalloc(sizeof(plain_map), GFP_KERNEL); + if (!new_map) + return -ENOMEM; + spin_lock_irqsave(&kbd_event_lock, flags); + key_map = key_maps[s]; + if (key_map == NULL) { + int j; + + if (keymap_count >= MAX_NR_OF_USER_KEYMAPS && + !capable(CAP_SYS_RESOURCE)) { + spin_unlock_irqrestore(&kbd_event_lock, flags); + kfree(new_map); + return -EPERM; + } + key_maps[s] = new_map; + key_map[0] = U(K_ALLOCATED); + for (j = 1; j < NR_KEYS; j++) + key_map[j] = U(K_HOLE); + keymap_count++; + } else + kfree(new_map); + + ov = U(key_map[i]); + if (v == ov) + goto out; + /* + * Attention Key. + */ + if (((ov == K_SAK) || (v == K_SAK)) && !capable(CAP_SYS_ADMIN)) { + spin_unlock_irqrestore(&kbd_event_lock, flags); + return -EPERM; + } + key_map[i] = U(v); + if (!s && (KTYP(ov) == KT_SHIFT || KTYP(v) == KT_SHIFT)) + do_compute_shiftstate(); +out: + spin_unlock_irqrestore(&kbd_event_lock, flags); + break; + } + return 0; +} +#undef i +#undef s +#undef v + +/* FIXME: This one needs untangling and locking */ +int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) +{ + struct kbsentry *kbs; + char *p; + u_char *q; + u_char __user *up; + int sz; + int delta; + char *first_free, *fj, *fnw; + int i, j, k; + int ret; + + if (!capable(CAP_SYS_TTY_CONFIG)) + perm = 0; + + kbs = kmalloc(sizeof(*kbs), GFP_KERNEL); + if (!kbs) { + ret = -ENOMEM; + goto reterr; + } + + /* we mostly copy too much here (512bytes), but who cares ;) */ + if (copy_from_user(kbs, user_kdgkb, sizeof(struct kbsentry))) { + ret = -EFAULT; + goto reterr; + } + kbs->kb_string[sizeof(kbs->kb_string)-1] = '\0'; + i = kbs->kb_func; + + switch (cmd) { + case KDGKBSENT: + sz = sizeof(kbs->kb_string) - 1; /* sz should have been + a struct member */ + up = user_kdgkb->kb_string; + p = func_table[i]; + if(p) + for ( ; *p && sz; p++, sz--) + if (put_user(*p, up++)) { + ret = -EFAULT; + goto reterr; + } + if (put_user('\0', up)) { + ret = -EFAULT; + goto reterr; + } + kfree(kbs); + return ((p && *p) ? -EOVERFLOW : 0); + case KDSKBSENT: + if (!perm) { + ret = -EPERM; + goto reterr; + } + + q = func_table[i]; + first_free = funcbufptr + (funcbufsize - funcbufleft); + for (j = i+1; j < MAX_NR_FUNC && !func_table[j]; j++) + ; + if (j < MAX_NR_FUNC) + fj = func_table[j]; + else + fj = first_free; + + delta = (q ? -strlen(q) : 1) + strlen(kbs->kb_string); + if (delta <= funcbufleft) { /* it fits in current buf */ + if (j < MAX_NR_FUNC) { + memmove(fj + delta, fj, first_free - fj); + for (k = j; k < MAX_NR_FUNC; k++) + if (func_table[k]) + func_table[k] += delta; + } + if (!q) + func_table[i] = fj; + funcbufleft -= delta; + } else { /* allocate a larger buffer */ + sz = 256; + while (sz < funcbufsize - funcbufleft + delta) + sz <<= 1; + fnw = kmalloc(sz, GFP_KERNEL); + if(!fnw) { + ret = -ENOMEM; + goto reterr; + } + + if (!q) + func_table[i] = fj; + if (fj > funcbufptr) + memmove(fnw, funcbufptr, fj - funcbufptr); + for (k = 0; k < j; k++) + if (func_table[k]) + func_table[k] = fnw + (func_table[k] - funcbufptr); + + if (first_free > fj) { + memmove(fnw + (fj - funcbufptr) + delta, fj, first_free - fj); + for (k = j; k < MAX_NR_FUNC; k++) + if (func_table[k]) + func_table[k] = fnw + (func_table[k] - funcbufptr) + delta; + } + if (funcbufptr != func_buf) + kfree(funcbufptr); + funcbufptr = fnw; + funcbufleft = funcbufleft - delta + sz - funcbufsize; + funcbufsize = sz; + } + strcpy(func_table[i], kbs->kb_string); + break; + } + ret = 0; +reterr: + kfree(kbs); + return ret; +} + +int vt_do_kdskled(int console, int cmd, unsigned long arg, int perm) +{ + struct kbd_struct * kbd = kbd_table + console; + unsigned long flags; + unsigned char ucval; + + switch(cmd) { + /* the ioctls below read/set the flags usually shown in the leds */ + /* don't use them - they will go away without warning */ + case KDGKBLED: + spin_lock_irqsave(&kbd_event_lock, flags); + ucval = kbd->ledflagstate | (kbd->default_ledflagstate << 4); + spin_unlock_irqrestore(&kbd_event_lock, flags); + return put_user(ucval, (char __user *)arg); + + case KDSKBLED: + if (!perm) + return -EPERM; + if (arg & ~0x77) + return -EINVAL; + spin_lock_irqsave(&kbd_event_lock, flags); + kbd->ledflagstate = (arg & 7); + kbd->default_ledflagstate = ((arg >> 4) & 7); + set_leds(); + spin_unlock_irqrestore(&kbd_event_lock, flags); + break; + + /* the ioctls below only set the lights, not the functions */ + /* for those, see KDGKBLED and KDSKBLED above */ + case KDGETLED: + ucval = getledstate(); + return put_user(ucval, (char __user *)arg); + + case KDSETLED: + if (!perm) + return -EPERM; + setledstate(kbd, arg); + return 0; + } + return -ENOIOCTLCMD; +} + +int vt_do_kdgkbmode(int console) +{ + struct kbd_struct * kbd = kbd_table + console; + /* This is a spot read so needs no locking */ + switch (kbd->kbdmode) { + case VC_RAW: + return K_RAW; + case VC_MEDIUMRAW: + return K_MEDIUMRAW; + case VC_UNICODE: + return K_UNICODE; + case VC_OFF: + return K_OFF; + default: + return K_XLATE; + } +} + +/** + * vt_do_kdgkbmeta - report meta status + * @console: console to report + * + * Report the meta flag status of this console + */ +int vt_do_kdgkbmeta(int console) +{ + struct kbd_struct * kbd = kbd_table + console; + /* Again a spot read so no locking */ + return vc_kbd_mode(kbd, VC_META) ? K_ESCPREFIX : K_METABIT; +} + +/** + * vt_reset_unicode - reset the unicode status + * @console: console being reset + * + * Restore the unicode console state to its default + */ +void vt_reset_unicode(int console) +{ + unsigned long flags; + + spin_lock_irqsave(&kbd_event_lock, flags); + kbd_table[console].kbdmode = default_utf8 ? VC_UNICODE : VC_XLATE; + spin_unlock_irqrestore(&kbd_event_lock, flags); +} + +/** + * vt_get_shiftstate - shift bit state + * + * Report the shift bits from the keyboard state. We have to export + * this to support some oddities in the vt layer. + */ +int vt_get_shift_state(void) +{ + /* Don't lock as this is a transient report */ + return shift_state; +} + +/** + * vt_reset_keyboard - reset keyboard state + * @console: console to reset + * + * Reset the keyboard bits for a console as part of a general console + * reset event + */ +void vt_reset_keyboard(int console) +{ + struct kbd_struct * kbd = kbd_table + console; + unsigned long flags; + + spin_lock_irqsave(&kbd_event_lock, flags); + set_vc_kbd_mode(kbd, VC_REPEAT); + clr_vc_kbd_mode(kbd, VC_CKMODE); + clr_vc_kbd_mode(kbd, VC_APPLIC); + clr_vc_kbd_mode(kbd, VC_CRLF); + kbd->lockstate = 0; + kbd->slockstate = 0; + kbd->ledmode = LED_SHOW_FLAGS; + kbd->ledflagstate = kbd->default_ledflagstate; + /* do not do set_leds here because this causes an endless tasklet loop + when the keyboard hasn't been initialized yet */ + spin_unlock_irqrestore(&kbd_event_lock, flags); +} + +/** + * vt_get_kbd_mode_bit - read keyboard status bits + * @console: console to read from + * @bit: mode bit to read + * + * Report back a vt mode bit. We do this without locking so the + * caller must be sure that there are no synchronization needs + */ + +int vt_get_kbd_mode_bit(int console, int bit) +{ + struct kbd_struct * kbd = kbd_table + console; + return vc_kbd_mode(kbd, bit); +} + +/** + * vt_set_kbd_mode_bit - read keyboard status bits + * @console: console to read from + * @bit: mode bit to read + * + * Set a vt mode bit. We do this without locking so the + * caller must be sure that there are no synchronization needs + */ + +void vt_set_kbd_mode_bit(int console, int bit) +{ + struct kbd_struct * kbd = kbd_table + console; + unsigned long flags; + + spin_lock_irqsave(&kbd_event_lock, flags); + set_vc_kbd_mode(kbd, bit); + spin_unlock_irqrestore(&kbd_event_lock, flags); +} + +/** + * vt_clr_kbd_mode_bit - read keyboard status bits + * @console: console to read from + * @bit: mode bit to read + * + * Report back a vt mode bit. We do this without locking so the + * caller must be sure that there are no synchronization needs + */ + +void vt_clr_kbd_mode_bit(int console, int bit) +{ + struct kbd_struct * kbd = kbd_table + console; + unsigned long flags; + + spin_lock_irqsave(&kbd_event_lock, flags); + clr_vc_kbd_mode(kbd, bit); + spin_unlock_irqrestore(&kbd_event_lock, flags); +} diff --git a/drivers/tty/vt/selection.c b/drivers/tty/vt/selection.c index 7a0a12ae545..738e45a3513 100644 --- a/drivers/tty/vt/selection.c +++ b/drivers/tty/vt/selection.c @@ -30,6 +30,7 @@ extern void poke_blanked_console(void); +/* FIXME: all this needs locking */ /* Variables for selection control. */ /* Use a dynamic buffer, instead of static (Dec 1994) */ struct vc_data *sel_cons; /* must not be deallocated */ @@ -138,7 +139,7 @@ int set_selection(const struct tiocl_selection __user *sel, struct tty_struct *t char *bp, *obp; int i, ps, pe, multiplier; u16 c; - struct kbd_struct *kbd = kbd_table + fg_console; + int mode; poke_blanked_console(); @@ -182,7 +183,11 @@ int set_selection(const struct tiocl_selection __user *sel, struct tty_struct *t clear_selection(); sel_cons = vc_cons[fg_console].d; } - use_unicode = kbd && kbd->kbdmode == VC_UNICODE; + mode = vt_do_kdgkbmode(fg_console); + if (mode == K_UNICODE) + use_unicode = 1; + else + use_unicode = 0; switch (sel_mode) { diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c index e716839fab6..ecdcc8a8f0c 100644 --- a/drivers/tty/vt/vt.c +++ b/drivers/tty/vt/vt.c @@ -1028,9 +1028,9 @@ void vc_deallocate(unsigned int currcons) * VT102 emulator */ -#define set_kbd(vc, x) set_vc_kbd_mode(kbd_table + (vc)->vc_num, (x)) -#define clr_kbd(vc, x) clr_vc_kbd_mode(kbd_table + (vc)->vc_num, (x)) -#define is_kbd(vc, x) vc_kbd_mode(kbd_table + (vc)->vc_num, (x)) +#define set_kbd(vc, x) vt_set_kbd_mode_bit((vc)->vc_num, (x)) +#define clr_kbd(vc, x) vt_clr_kbd_mode_bit((vc)->vc_num, (x)) +#define is_kbd(vc, x) vt_get_kbd_mode_bit((vc)->vc_num, (x)) #define decarm VC_REPEAT #define decckm VC_CKMODE @@ -1652,16 +1652,7 @@ static void reset_terminal(struct vc_data *vc, int do_clear) vc->vc_deccm = global_cursor_default; vc->vc_decim = 0; - set_kbd(vc, decarm); - clr_kbd(vc, decckm); - clr_kbd(vc, kbdapplic); - clr_kbd(vc, lnm); - kbd_table[vc->vc_num].lockstate = 0; - kbd_table[vc->vc_num].slockstate = 0; - kbd_table[vc->vc_num].ledmode = LED_SHOW_FLAGS; - kbd_table[vc->vc_num].ledflagstate = kbd_table[vc->vc_num].default_ledflagstate; - /* do not do set_leds here because this causes an endless tasklet loop - when the keyboard hasn't been initialized yet */ + vt_reset_keyboard(vc->vc_num); vc->vc_cursor_type = cur_default; vc->vc_complement_mask = vc->vc_s_complement_mask; @@ -1979,7 +1970,7 @@ static void do_con_trol(struct tty_struct *tty, struct vc_data *vc, int c) case 'q': /* DECLL - but only 3 leds */ /* map 0,1,2,3 to 0,1,2,4 */ if (vc->vc_par[0] < 4) - setledstate(kbd_table + vc->vc_num, + vt_set_led_state(vc->vc_num, (vc->vc_par[0] < 3) ? vc->vc_par[0] : 4); return; case 'r': @@ -2642,7 +2633,7 @@ int tioclinux(struct tty_struct *tty, unsigned long arg) * kernel-internal variable; programs not closely * related to the kernel should not use this. */ - data = shift_state; + data = vt_get_shift_state(); ret = __put_user(data, p); break; case TIOCL_GETMOUSEREPORTING: @@ -2753,8 +2744,7 @@ static void con_stop(struct tty_struct *tty) console_num = tty->index; if (!vc_cons_allocated(console_num)) return; - set_vc_kbd_led(kbd_table + console_num, VC_SCROLLOCK); - set_leds(); + vt_kbd_con_stop(console_num); } /* @@ -2768,8 +2758,7 @@ static void con_start(struct tty_struct *tty) console_num = tty->index; if (!vc_cons_allocated(console_num)) return; - clr_vc_kbd_led(kbd_table + console_num, VC_SCROLLOCK); - set_leds(); + vt_kbd_con_start(console_num); } static void con_flush_chars(struct tty_struct *tty) diff --git a/drivers/tty/vt/vt_ioctl.c b/drivers/tty/vt/vt_ioctl.c index 80af0f9bef5..28ca0aa8664 100644 --- a/drivers/tty/vt/vt_ioctl.c +++ b/drivers/tty/vt/vt_ioctl.c @@ -195,232 +195,7 @@ int vt_waitactive(int n) #define GPLAST 0x3df #define GPNUM (GPLAST - GPFIRST + 1) -#define i (tmp.kb_index) -#define s (tmp.kb_table) -#define v (tmp.kb_value) -static inline int -do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, struct kbd_struct *kbd) -{ - struct kbentry tmp; - ushort *key_map, val, ov; - - if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry))) - return -EFAULT; - - if (!capable(CAP_SYS_TTY_CONFIG)) - perm = 0; - - switch (cmd) { - case KDGKBENT: - key_map = key_maps[s]; - if (key_map) { - val = U(key_map[i]); - if (kbd->kbdmode != VC_UNICODE && KTYP(val) >= NR_TYPES) - val = K_HOLE; - } else - val = (i ? K_HOLE : K_NOSUCHMAP); - return put_user(val, &user_kbe->kb_value); - case KDSKBENT: - if (!perm) - return -EPERM; - if (!i && v == K_NOSUCHMAP) { - /* deallocate map */ - key_map = key_maps[s]; - if (s && key_map) { - key_maps[s] = NULL; - if (key_map[0] == U(K_ALLOCATED)) { - kfree(key_map); - keymap_count--; - } - } - break; - } - - if (KTYP(v) < NR_TYPES) { - if (KVAL(v) > max_vals[KTYP(v)]) - return -EINVAL; - } else - if (kbd->kbdmode != VC_UNICODE) - return -EINVAL; - - /* ++Geert: non-PC keyboards may generate keycode zero */ -#if !defined(__mc68000__) && !defined(__powerpc__) - /* assignment to entry 0 only tests validity of args */ - if (!i) - break; -#endif - - if (!(key_map = key_maps[s])) { - int j; - - if (keymap_count >= MAX_NR_OF_USER_KEYMAPS && - !capable(CAP_SYS_RESOURCE)) - return -EPERM; - - key_map = kmalloc(sizeof(plain_map), - GFP_KERNEL); - if (!key_map) - return -ENOMEM; - key_maps[s] = key_map; - key_map[0] = U(K_ALLOCATED); - for (j = 1; j < NR_KEYS; j++) - key_map[j] = U(K_HOLE); - keymap_count++; - } - ov = U(key_map[i]); - if (v == ov) - break; /* nothing to do */ - /* - * Attention Key. - */ - if (((ov == K_SAK) || (v == K_SAK)) && !capable(CAP_SYS_ADMIN)) - return -EPERM; - key_map[i] = U(v); - if (!s && (KTYP(ov) == KT_SHIFT || KTYP(v) == KT_SHIFT)) - compute_shiftstate(); - break; - } - return 0; -} -#undef i -#undef s -#undef v - -static inline int -do_kbkeycode_ioctl(int cmd, struct kbkeycode __user *user_kbkc, int perm) -{ - struct kbkeycode tmp; - int kc = 0; - - if (copy_from_user(&tmp, user_kbkc, sizeof(struct kbkeycode))) - return -EFAULT; - switch (cmd) { - case KDGETKEYCODE: - kc = getkeycode(tmp.scancode); - if (kc >= 0) - kc = put_user(kc, &user_kbkc->keycode); - break; - case KDSETKEYCODE: - if (!perm) - return -EPERM; - kc = setkeycode(tmp.scancode, tmp.keycode); - break; - } - return kc; -} - -static inline int -do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) -{ - struct kbsentry *kbs; - char *p; - u_char *q; - u_char __user *up; - int sz; - int delta; - char *first_free, *fj, *fnw; - int i, j, k; - int ret; - - if (!capable(CAP_SYS_TTY_CONFIG)) - perm = 0; - - kbs = kmalloc(sizeof(*kbs), GFP_KERNEL); - if (!kbs) { - ret = -ENOMEM; - goto reterr; - } - - /* we mostly copy too much here (512bytes), but who cares ;) */ - if (copy_from_user(kbs, user_kdgkb, sizeof(struct kbsentry))) { - ret = -EFAULT; - goto reterr; - } - kbs->kb_string[sizeof(kbs->kb_string)-1] = '\0'; - i = kbs->kb_func; - - switch (cmd) { - case KDGKBSENT: - sz = sizeof(kbs->kb_string) - 1; /* sz should have been - a struct member */ - up = user_kdgkb->kb_string; - p = func_table[i]; - if(p) - for ( ; *p && sz; p++, sz--) - if (put_user(*p, up++)) { - ret = -EFAULT; - goto reterr; - } - if (put_user('\0', up)) { - ret = -EFAULT; - goto reterr; - } - kfree(kbs); - return ((p && *p) ? -EOVERFLOW : 0); - case KDSKBSENT: - if (!perm) { - ret = -EPERM; - goto reterr; - } - q = func_table[i]; - first_free = funcbufptr + (funcbufsize - funcbufleft); - for (j = i+1; j < MAX_NR_FUNC && !func_table[j]; j++) - ; - if (j < MAX_NR_FUNC) - fj = func_table[j]; - else - fj = first_free; - - delta = (q ? -strlen(q) : 1) + strlen(kbs->kb_string); - if (delta <= funcbufleft) { /* it fits in current buf */ - if (j < MAX_NR_FUNC) { - memmove(fj + delta, fj, first_free - fj); - for (k = j; k < MAX_NR_FUNC; k++) - if (func_table[k]) - func_table[k] += delta; - } - if (!q) - func_table[i] = fj; - funcbufleft -= delta; - } else { /* allocate a larger buffer */ - sz = 256; - while (sz < funcbufsize - funcbufleft + delta) - sz <<= 1; - fnw = kmalloc(sz, GFP_KERNEL); - if(!fnw) { - ret = -ENOMEM; - goto reterr; - } - - if (!q) - func_table[i] = fj; - if (fj > funcbufptr) - memmove(fnw, funcbufptr, fj - funcbufptr); - for (k = 0; k < j; k++) - if (func_table[k]) - func_table[k] = fnw + (func_table[k] - funcbufptr); - - if (first_free > fj) { - memmove(fnw + (fj - funcbufptr) + delta, fj, first_free - fj); - for (k = j; k < MAX_NR_FUNC; k++) - if (func_table[k]) - func_table[k] = fnw + (func_table[k] - funcbufptr) + delta; - } - if (funcbufptr != func_buf) - kfree(funcbufptr); - funcbufptr = fnw; - funcbufleft = funcbufleft - delta + sz - funcbufsize; - funcbufsize = sz; - } - strcpy(func_table[i], kbs->kb_string); - break; - } - ret = 0; -reterr: - kfree(kbs); - return ret; -} static inline int do_fontx_ioctl(int cmd, struct consolefontdesc __user *user_cfd, int perm, struct console_font_op *op) @@ -497,7 +272,6 @@ int vt_ioctl(struct tty_struct *tty, { struct vc_data *vc = tty->driver_data; struct console_font_op op; /* used in multiple places here */ - struct kbd_struct * kbd; unsigned int console; unsigned char ucval; unsigned int uival; @@ -523,7 +297,6 @@ int vt_ioctl(struct tty_struct *tty, if (current->signal->tty == tty || capable(CAP_SYS_TTY_CONFIG)) perm = 1; - kbd = kbd_table + console; switch (cmd) { case TIOCLINUX: ret = tioclinux(tty, arg); @@ -565,7 +338,8 @@ int vt_ioctl(struct tty_struct *tty, * this is naive. */ ucval = KB_101; - goto setchar; + ret = put_user(ucval, (char __user *)arg); + break; /* * These cannot be implemented on any machine that implements @@ -670,68 +444,25 @@ int vt_ioctl(struct tty_struct *tty, case KDSKBMODE: if (!perm) goto eperm; - switch(arg) { - case K_RAW: - kbd->kbdmode = VC_RAW; - break; - case K_MEDIUMRAW: - kbd->kbdmode = VC_MEDIUMRAW; - break; - case K_XLATE: - kbd->kbdmode = VC_XLATE; - compute_shiftstate(); - break; - case K_UNICODE: - kbd->kbdmode = VC_UNICODE; - compute_shiftstate(); - break; - case K_OFF: - kbd->kbdmode = VC_OFF; - break; - default: - ret = -EINVAL; - goto out; - } - tty_ldisc_flush(tty); + ret = vt_do_kdskbmode(console, arg); + if (ret == 0) + tty_ldisc_flush(tty); break; case KDGKBMODE: - switch (kbd->kbdmode) { - case VC_RAW: - uival = K_RAW; - break; - case VC_MEDIUMRAW: - uival = K_MEDIUMRAW; - break; - case VC_UNICODE: - uival = K_UNICODE; - break; - case VC_OFF: - uival = K_OFF; - break; - default: - uival = K_XLATE; - break; - } - goto setint; + uival = vt_do_kdgkbmode(console); + ret = put_user(uival, (int __user *)arg); + break; /* this could be folded into KDSKBMODE, but for compatibility reasons it is not so easy to fold KDGKBMETA into KDGKBMODE */ case KDSKBMETA: - switch(arg) { - case K_METABIT: - clr_vc_kbd_mode(kbd, VC_META); - break; - case K_ESCPREFIX: - set_vc_kbd_mode(kbd, VC_META); - break; - default: - ret = -EINVAL; - } + ret = vt_do_kdskbmeta(console, arg); break; case KDGKBMETA: - uival = (vc_kbd_mode(kbd, VC_META) ? K_ESCPREFIX : K_METABIT); + /* FIXME: should review whether this is worth locking */ + uival = vt_do_kdgkbmeta(console); setint: ret = put_user(uival, (int __user *)arg); break; @@ -740,17 +471,17 @@ int vt_ioctl(struct tty_struct *tty, case KDSETKEYCODE: if(!capable(CAP_SYS_TTY_CONFIG)) perm = 0; - ret = do_kbkeycode_ioctl(cmd, up, perm); + ret = vt_do_kbkeycode_ioctl(cmd, up, perm); break; case KDGKBENT: case KDSKBENT: - ret = do_kdsk_ioctl(cmd, up, perm, kbd); + ret = vt_do_kdsk_ioctl(cmd, up, perm, console); break; case KDGKBSENT: case KDSKBSENT: - ret = do_kdgkb_ioctl(cmd, up, perm); + ret = vt_do_kdgkb_ioctl(cmd, up, perm); break; /* Diacritical processing. Handled in keyboard.c as it has @@ -765,33 +496,10 @@ int vt_ioctl(struct tty_struct *tty, /* the ioctls below read/set the flags usually shown in the leds */ /* don't use them - they will go away without warning */ case KDGKBLED: - ucval = kbd->ledflagstate | (kbd->default_ledflagstate << 4); - goto setchar; - case KDSKBLED: - if (!perm) - goto eperm; - if (arg & ~0x77) { - ret = -EINVAL; - break; - } - kbd->ledflagstate = (arg & 7); - kbd->default_ledflagstate = ((arg >> 4) & 7); - set_leds(); - break; - - /* the ioctls below only set the lights, not the functions */ - /* for those, see KDGKBLED and KDSKBLED above */ case KDGETLED: - ucval = getledstate(); - setchar: - ret = put_user(ucval, (char __user *)arg); - break; - case KDSETLED: - if (!perm) - goto eperm; - setledstate(kbd, arg); + ret = vt_do_kdskled(console, cmd, arg, perm); break; /* @@ -1286,7 +994,7 @@ eperm: void reset_vc(struct vc_data *vc) { vc->vc_mode = KD_TEXT; - kbd_table[vc->vc_num].kbdmode = default_utf8 ? VC_UNICODE : VC_XLATE; + vt_reset_unicode(vc->vc_num); vc->vt_mode.mode = VT_AUTO; vc->vt_mode.waitv = 0; vc->vt_mode.relsig = 0; @@ -1309,6 +1017,7 @@ void vc_SAK(struct work_struct *work) console_lock(); vc = vc_con->d; if (vc) { + /* FIXME: review tty ref counting */ tty = vc->port.tty; /* * SAK should also work in all raw modes and reset diff --git a/include/linux/kbd_kern.h b/include/linux/kbd_kern.h index ec2d17bc1f1..daf4a3a40ee 100644 --- a/include/linux/kbd_kern.h +++ b/include/linux/kbd_kern.h @@ -7,8 +7,6 @@ extern struct tasklet_struct keyboard_tasklet; -extern int shift_state; - extern char *func_table[MAX_NR_FUNC]; extern char func_buf[]; extern char *funcbufptr; @@ -65,8 +63,6 @@ struct kbd_struct { #define VC_META 4 /* 0 - meta, 1 - meta=prefix with ESC */ }; -extern struct kbd_struct kbd_table[]; - extern int kbd_init(void); extern unsigned char getledstate(void); @@ -79,6 +75,7 @@ extern void (*kbd_ledfunc)(unsigned int led); extern int set_console(int nr); extern void schedule_console_callback(void); +/* FIXME: review locking for vt.c callers */ static inline void set_leds(void) { tasklet_schedule(&keyboard_tasklet); @@ -142,8 +139,6 @@ static inline void chg_vc_kbd_led(struct kbd_struct * kbd, int flag) struct console; -int getkeycode(unsigned int scancode); -int setkeycode(unsigned int scancode, unsigned int keycode); void compute_shiftstate(void); /* defkeymap.c */ diff --git a/include/linux/keyboard.h b/include/linux/keyboard.h index 33a63f62d57..86e5214ae73 100644 --- a/include/linux/keyboard.h +++ b/include/linux/keyboard.h @@ -24,8 +24,6 @@ #ifdef __KERNEL__ struct notifier_block; -extern const int NR_TYPES; -extern const int max_vals[]; extern unsigned short *key_maps[MAX_NR_KEYMAPS]; extern unsigned short plain_map[NR_KEYS]; diff --git a/include/linux/vt_kern.h b/include/linux/vt_kern.h index 5d8726ad572..e33d77f15bd 100644 --- a/include/linux/vt_kern.h +++ b/include/linux/vt_kern.h @@ -169,5 +169,28 @@ extern void hide_boot_cursor(bool hide); /* keyboard provided interfaces */ extern int vt_do_diacrit(unsigned int cmd, void __user *up, int eperm); +extern int vt_do_kdskbmode(int console, unsigned int arg); +extern int vt_do_kdskbmeta(int console, unsigned int arg); +extern int vt_do_kbkeycode_ioctl(int cmd, struct kbkeycode __user *user_kbkc, + int perm); +extern int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, + int perm, int console); +extern int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, + int perm); +extern int vt_do_kdskled(int console, int cmd, unsigned long arg, int perm); +extern int vt_do_kdgkbmode(int console); +extern int vt_do_kdgkbmeta(int console); +extern void vt_reset_unicode(int console); +extern int vt_get_shift_state(void); +extern void vt_reset_keyboard(int console); +extern int vt_get_leds(int console, int flag); +extern int vt_get_kbd_mode_bit(int console, int bit); +extern void vt_set_kbd_mode_bit(int console, int bit); +extern void vt_clr_kbd_mode_bit(int console, int bit); +extern void vt_set_led_state(int console, int leds); +extern void vt_set_led_state(int console, int leds); +extern void vt_kbd_con_start(int console); +extern void vt_kbd_con_stop(int console); + #endif /* _VT_KERN_H */ -- cgit v1.2.3-70-g09d2 From edab558feba1e2826ae8d65506168d7ccea7aad9 Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Fri, 2 Mar 2012 14:59:08 +0000 Subject: vt: sort out locking for font handling The font methods are console_lock covered. Unfortunately they don't extend the lock over all the needed tests. Signed-off-by: Alan Cox Signed-off-by: Greg Kroah-Hartman --- drivers/tty/vt/vt.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) (limited to 'drivers/tty/vt') diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c index ecdcc8a8f0c..ce2b8234362 100644 --- a/drivers/tty/vt/vt.c +++ b/drivers/tty/vt/vt.c @@ -3969,9 +3969,6 @@ static int con_font_get(struct vc_data *vc, struct console_font_op *op) int rc = -EINVAL; int c; - if (vc->vc_mode != KD_TEXT) - return -EINVAL; - if (op->data) { font.data = kmalloc(max_font_size, GFP_KERNEL); if (!font.data) @@ -3980,7 +3977,9 @@ static int con_font_get(struct vc_data *vc, struct console_font_op *op) font.data = NULL; console_lock(); - if (vc->vc_sw->con_font_get) + if (vc->vc_mode != KD_TEXT) + rc = -EINVAL; + else if (vc->vc_sw->con_font_get) rc = vc->vc_sw->con_font_get(vc, &font); else rc = -ENOSYS; @@ -4062,7 +4061,9 @@ static int con_font_set(struct vc_data *vc, struct console_font_op *op) if (IS_ERR(font.data)) return PTR_ERR(font.data); console_lock(); - if (vc->vc_sw->con_font_set) + if (vc->vc_mode != KD_TEXT) + rc = -EINVAL; + else if (vc->vc_sw->con_font_set) rc = vc->vc_sw->con_font_set(vc, &font, op->flags); else rc = -ENOSYS; @@ -4078,8 +4079,6 @@ static int con_font_default(struct vc_data *vc, struct console_font_op *op) char *s = name; int rc; - if (vc->vc_mode != KD_TEXT) - return -EINVAL; if (!op->data) s = NULL; @@ -4089,6 +4088,10 @@ static int con_font_default(struct vc_data *vc, struct console_font_op *op) name[MAX_FONT_NAME - 1] = 0; console_lock(); + if (vc->vc_mode != KD_TEXT) { + console_unlock(); + return -EINVAL; + } if (vc->vc_sw->con_font_default) rc = vc->vc_sw->con_font_default(vc, &font, s); else @@ -4106,11 +4109,11 @@ static int con_font_copy(struct vc_data *vc, struct console_font_op *op) int con = op->height; int rc; - if (vc->vc_mode != KD_TEXT) - return -EINVAL; console_lock(); - if (!vc->vc_sw->con_font_copy) + if (vc->vc_mode != KD_TEXT) + rc = -EINVAL; + else if (!vc->vc_sw->con_font_copy) rc = -ENOSYS; else if (con < 0 || !vc_cons_allocated(con)) rc = -ENOTTY; -- cgit v1.2.3-70-g09d2 From 4001d7b7fc271052ebff43f327c26dc64806bbdf Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Fri, 2 Mar 2012 14:59:20 +0000 Subject: vt: push down the tty lock so we can see what is left to tackle At this point we have the tty_lock guarding a couple of oddities, plus the translation and unimap still. We also extend the console_lock in a couple of spots where coverage is wrong and switch vcs_open to use the right lock ! [Fixed the locking issue Jiri reported] Signed-off-by: Alan Cox Signed-off-by: Greg Kroah-Hartman --- drivers/tty/vt/vc_screen.c | 4 +- drivers/tty/vt/vt_ioctl.c | 92 ++++++++++++++++++++++++++++------------------ 2 files changed, 59 insertions(+), 37 deletions(-) (limited to 'drivers/tty/vt') diff --git a/drivers/tty/vt/vc_screen.c b/drivers/tty/vt/vc_screen.c index 7a367ff5122..fa7268a93c0 100644 --- a/drivers/tty/vt/vc_screen.c +++ b/drivers/tty/vt/vc_screen.c @@ -608,10 +608,10 @@ vcs_open(struct inode *inode, struct file *filp) unsigned int currcons = iminor(inode) & 127; int ret = 0; - tty_lock(); + console_lock(); if(currcons && !vc_cons_allocated(currcons-1)) ret = -ENXIO; - tty_unlock(); + console_unlock(); return ret; } diff --git a/drivers/tty/vt/vt_ioctl.c b/drivers/tty/vt/vt_ioctl.c index 28ca0aa8664..e05094d7634 100644 --- a/drivers/tty/vt/vt_ioctl.c +++ b/drivers/tty/vt/vt_ioctl.c @@ -281,7 +281,6 @@ int vt_ioctl(struct tty_struct *tty, console = vc->vc_num; - tty_lock(); if (!vc_cons_allocated(console)) { /* impossible? */ ret = -ENOIOCTLCMD; @@ -299,16 +298,18 @@ int vt_ioctl(struct tty_struct *tty, switch (cmd) { case TIOCLINUX: + tty_lock(); ret = tioclinux(tty, arg); + tty_unlock(); break; case KIOCSOUND: if (!perm) - goto eperm; + return -EPERM; /* * The use of PIT_TICK_RATE is historic, it used to be * the platform-dependent CLOCK_TICK_RATE between 2.6.12 * and 2.6.36, which was a minor but unfortunate ABI - * change. + * change. kd_mksound is locked by the input layer. */ if (arg) arg = PIT_TICK_RATE / arg; @@ -317,7 +318,7 @@ int vt_ioctl(struct tty_struct *tty, case KDMKTONE: if (!perm) - goto eperm; + return -EPERM; { unsigned int ticks, count; @@ -335,7 +336,7 @@ int vt_ioctl(struct tty_struct *tty, case KDGKBTYPE: /* - * this is naive. + * this is naïve. */ ucval = KB_101; ret = put_user(ucval, (char __user *)arg); @@ -353,6 +354,8 @@ int vt_ioctl(struct tty_struct *tty, /* * KDADDIO and KDDELIO may be able to add ports beyond what * we reject here, but to be safe... + * + * These are locked internally via sys_ioperm */ if (arg < GPFIRST || arg > GPLAST) { ret = -EINVAL; @@ -375,7 +378,7 @@ int vt_ioctl(struct tty_struct *tty, struct kbd_repeat kbrep; if (!capable(CAP_SYS_TTY_CONFIG)) - goto eperm; + return -EPERM; if (copy_from_user(&kbrep, up, sizeof(struct kbd_repeat))) { ret = -EFAULT; @@ -399,7 +402,7 @@ int vt_ioctl(struct tty_struct *tty, * need to restore their engine state. --BenH */ if (!perm) - goto eperm; + return -EPERM; switch (arg) { case KD_GRAPHICS: break; @@ -412,6 +415,7 @@ int vt_ioctl(struct tty_struct *tty, ret = -EINVAL; goto out; } + /* FIXME: this needs the console lock extending */ if (vc->vc_mode == (unsigned char) arg) break; vc->vc_mode = (unsigned char) arg; @@ -443,7 +447,7 @@ int vt_ioctl(struct tty_struct *tty, case KDSKBMODE: if (!perm) - goto eperm; + return -EPERM; ret = vt_do_kdskbmode(console, arg); if (ret == 0) tty_ldisc_flush(tty); @@ -512,7 +516,7 @@ int vt_ioctl(struct tty_struct *tty, case KDSIGACCEPT: { if (!perm || !capable(CAP_KILL)) - goto eperm; + return -EPERM; if (!valid_signal(arg) || arg < 1 || arg == SIGKILL) ret = -EINVAL; else { @@ -530,7 +534,7 @@ int vt_ioctl(struct tty_struct *tty, struct vt_mode tmp; if (!perm) - goto eperm; + return -EPERM; if (copy_from_user(&tmp, up, sizeof(struct vt_mode))) { ret = -EFAULT; goto out; @@ -576,6 +580,7 @@ int vt_ioctl(struct tty_struct *tty, struct vt_stat __user *vtstat = up; unsigned short state, mask; + /* Review: FIXME: Console lock ? */ if (put_user(fg_console + 1, &vtstat->v_active)) ret = -EFAULT; else { @@ -593,6 +598,7 @@ int vt_ioctl(struct tty_struct *tty, * Returns the first available (non-opened) console. */ case VT_OPENQRY: + /* FIXME: locking ? - but then this is a stupid API */ for (i = 0; i < MAX_NR_CONSOLES; ++i) if (! VT_IS_IN_USE(i)) break; @@ -606,7 +612,7 @@ int vt_ioctl(struct tty_struct *tty, */ case VT_ACTIVATE: if (!perm) - goto eperm; + return -EPERM; if (arg == 0 || arg > MAX_NR_CONSOLES) ret = -ENXIO; else { @@ -625,7 +631,7 @@ int vt_ioctl(struct tty_struct *tty, struct vt_setactivate vsa; if (!perm) - goto eperm; + return -EPERM; if (copy_from_user(&vsa, (struct vt_setactivate __user *)arg, sizeof(struct vt_setactivate))) { @@ -653,6 +659,7 @@ int vt_ioctl(struct tty_struct *tty, if (ret) break; /* Commence switch and lock */ + /* Review set_console locks */ set_console(vsa.console); } break; @@ -663,11 +670,14 @@ int vt_ioctl(struct tty_struct *tty, */ case VT_WAITACTIVE: if (!perm) - goto eperm; + return -EPERM; if (arg == 0 || arg > MAX_NR_CONSOLES) ret = -ENXIO; - else + else { + tty_lock(); ret = vt_waitactive(arg); + tty_unlock(); + } break; /* @@ -682,16 +692,17 @@ int vt_ioctl(struct tty_struct *tty, */ case VT_RELDISP: if (!perm) - goto eperm; + return -EPERM; + console_lock(); if (vc->vt_mode.mode != VT_PROCESS) { + console_unlock(); ret = -EINVAL; break; } /* * Switching-from response */ - console_lock(); if (vc->vt_newvt >= 0) { if (arg == 0) /* @@ -768,7 +779,7 @@ int vt_ioctl(struct tty_struct *tty, ushort ll,cc; if (!perm) - goto eperm; + return -EPERM; if (get_user(ll, &vtsizes->v_rows) || get_user(cc, &vtsizes->v_cols)) ret = -EFAULT; @@ -779,6 +790,7 @@ int vt_ioctl(struct tty_struct *tty, if (vc) { vc->vc_resize_user = 1; + /* FIXME: review v tty lock */ vc_resize(vc_cons[i].d, cc, ll); } } @@ -792,7 +804,7 @@ int vt_ioctl(struct tty_struct *tty, struct vt_consize __user *vtconsize = up; ushort ll,cc,vlin,clin,vcol,ccol; if (!perm) - goto eperm; + return -EPERM; if (!access_ok(VERIFY_READ, vtconsize, sizeof(struct vt_consize))) { ret = -EFAULT; @@ -848,7 +860,7 @@ int vt_ioctl(struct tty_struct *tty, case PIO_FONT: { if (!perm) - goto eperm; + return -EPERM; op.op = KD_FONT_OP_SET; op.flags = KD_FONT_FLAG_OLD | KD_FONT_FLAG_DONT_RECALC; /* Compatibility */ op.width = 8; @@ -889,7 +901,7 @@ int vt_ioctl(struct tty_struct *tty, case PIO_FONTRESET: { if (!perm) - goto eperm; + return -EPERM; #ifdef BROKEN_GRAPHICS_PROGRAMS /* With BROKEN_GRAPHICS_PROGRAMS defined, the default @@ -915,7 +927,7 @@ int vt_ioctl(struct tty_struct *tty, break; } if (!perm && op.op != KD_FONT_OP_GET) - goto eperm; + return -EPERM; ret = con_font_op(vc, &op); if (ret) break; @@ -927,50 +939,65 @@ int vt_ioctl(struct tty_struct *tty, case PIO_SCRNMAP: if (!perm) ret = -EPERM; - else + else { + tty_lock(); ret = con_set_trans_old(up); + tty_unlock(); + } break; case GIO_SCRNMAP: + tty_lock(); ret = con_get_trans_old(up); + tty_unlock(); break; case PIO_UNISCRNMAP: if (!perm) ret = -EPERM; - else + else { + tty_lock(); ret = con_set_trans_new(up); + tty_unlock(); + } break; case GIO_UNISCRNMAP: + tty_lock(); ret = con_get_trans_new(up); + tty_unlock(); break; case PIO_UNIMAPCLR: { struct unimapinit ui; if (!perm) - goto eperm; + return -EPERM; ret = copy_from_user(&ui, up, sizeof(struct unimapinit)); if (ret) ret = -EFAULT; - else + else { + tty_lock(); con_clear_unimap(vc, &ui); + tty_unlock(); + } break; } case PIO_UNIMAP: case GIO_UNIMAP: + tty_lock(); ret = do_unimap_ioctl(cmd, up, perm, vc); + tty_unlock(); break; case VT_LOCKSWITCH: if (!capable(CAP_SYS_TTY_CONFIG)) - goto eperm; + return -EPERM; vt_dont_switch = 1; break; case VT_UNLOCKSWITCH: if (!capable(CAP_SYS_TTY_CONFIG)) - goto eperm; + return -EPERM; vt_dont_switch = 0; break; case VT_GETHIFONTMASK: @@ -984,11 +1011,7 @@ int vt_ioctl(struct tty_struct *tty, ret = -ENOIOCTLCMD; } out: - tty_unlock(); return ret; -eperm: - ret = -EPERM; - goto out; } void reset_vc(struct vc_data *vc) @@ -1150,8 +1173,6 @@ long vt_compat_ioctl(struct tty_struct *tty, console = vc->vc_num; - tty_lock(); - if (!vc_cons_allocated(console)) { /* impossible? */ ret = -ENOIOCTLCMD; goto out; @@ -1180,7 +1201,9 @@ long vt_compat_ioctl(struct tty_struct *tty, case PIO_UNIMAP: case GIO_UNIMAP: + tty_lock(); ret = compat_unimap_ioctl(cmd, up, perm, vc); + tty_unlock(); break; /* @@ -1217,11 +1240,9 @@ long vt_compat_ioctl(struct tty_struct *tty, goto fallback; } out: - tty_unlock(); return ret; fallback: - tty_unlock(); return vt_ioctl(tty, cmd, arg); } @@ -1407,6 +1428,7 @@ int vt_move_to_console(unsigned int vt, int alloc) return -EIO; } console_unlock(); + /* Review: I don't see why we need tty_lock here FIXME */ tty_lock(); if (vt_waitactive(vt + 1)) { pr_debug("Suspend: Can't switch VCs."); -- cgit v1.2.3-70-g09d2 From 20f62579dccc84428554b914e24a312a6554f841 Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Fri, 2 Mar 2012 14:59:37 +0000 Subject: vt: push down tioclinux cases Some of this ventures into selection which is still a complete lost cause. We are not making it any worse. It's completely busted anyway. Signed-off-by: Alan Cox Signed-off-by: Greg Kroah-Hartman --- drivers/tty/vt/selection.c | 12 ++++++------ drivers/tty/vt/vt.c | 12 ++++++++++++ drivers/tty/vt/vt_ioctl.c | 2 -- 3 files changed, 18 insertions(+), 8 deletions(-) (limited to 'drivers/tty/vt') diff --git a/drivers/tty/vt/selection.c b/drivers/tty/vt/selection.c index 738e45a3513..2a509167092 100644 --- a/drivers/tty/vt/selection.c +++ b/drivers/tty/vt/selection.c @@ -75,7 +75,7 @@ clear_selection(void) { /* * User settable table: what characters are to be considered alphabetic? - * 256 bits + * 256 bits. FIXME: Needs a locking model. */ static u32 inwordLut[8]={ 0x00000000, /* control chars */ @@ -307,7 +307,8 @@ int set_selection(const struct tiocl_selection __user *sel, struct tty_struct *t * queue of the tty associated with the current console. * Invoked by ioctl(). * - * Locking: always called with BTM from vt_ioctl + * Locking: called without locks. Calls the ldisc wrongly with + * unsafe methods, */ int paste_selection(struct tty_struct *tty) { @@ -322,13 +323,12 @@ int paste_selection(struct tty_struct *tty) poke_blanked_console(); console_unlock(); + /* FIXME: wtf is this supposed to achieve ? */ ld = tty_ldisc_ref(tty); - if (!ld) { - tty_unlock(); + if (!ld) ld = tty_ldisc_ref_wait(tty); - tty_lock(); - } + /* FIXME: this is completely unsafe */ add_wait_queue(&vc->paste_wait, &wait); while (sel_buffer && sel_buffer_lth > pasted) { set_current_state(TASK_INTERRUPTIBLE); diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c index ce2b8234362..ab7385e526a 100644 --- a/drivers/tty/vt/vt.c +++ b/drivers/tty/vt/vt.c @@ -2637,11 +2637,15 @@ int tioclinux(struct tty_struct *tty, unsigned long arg) ret = __put_user(data, p); break; case TIOCL_GETMOUSEREPORTING: + console_lock(); /* May be overkill */ data = mouse_reporting(); + console_unlock(); ret = __put_user(data, p); break; case TIOCL_SETVESABLANK: + console_lock(); ret = set_vesa_blanking(p); + console_unlock(); break; case TIOCL_GETKMSGREDIRECT: data = vt_get_kmsg_redirect(); @@ -2658,13 +2662,21 @@ int tioclinux(struct tty_struct *tty, unsigned long arg) } break; case TIOCL_GETFGCONSOLE: + /* No locking needed as this is a transiently + correct return anyway if the caller hasn't + disabled switching */ ret = fg_console; break; case TIOCL_SCROLLCONSOLE: if (get_user(lines, (s32 __user *)(p+4))) { ret = -EFAULT; } else { + /* Need the console lock here. Note that lots + of other calls need fixing before the lock + is actually useful ! */ + console_lock(); scrollfront(vc_cons[fg_console].d, lines); + console_unlock(); ret = 0; } break; diff --git a/drivers/tty/vt/vt_ioctl.c b/drivers/tty/vt/vt_ioctl.c index e05094d7634..c6720be8d21 100644 --- a/drivers/tty/vt/vt_ioctl.c +++ b/drivers/tty/vt/vt_ioctl.c @@ -298,9 +298,7 @@ int vt_ioctl(struct tty_struct *tty, switch (cmd) { case TIOCLINUX: - tty_lock(); ret = tioclinux(tty, arg); - tty_unlock(); break; case KIOCSOUND: if (!perm) -- cgit v1.2.3-70-g09d2 From 99cceb4e50cb67720e779f6611476bcb611af6b8 Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Fri, 2 Mar 2012 14:59:49 +0000 Subject: vt: waitevent is self locked so drop the tty_lock Signed-off-by: Alan Cox Signed-off-by: Greg Kroah-Hartman --- drivers/tty/vt/vt_ioctl.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) (limited to 'drivers/tty/vt') diff --git a/drivers/tty/vt/vt_ioctl.c b/drivers/tty/vt/vt_ioctl.c index c6720be8d21..ede2ef18d2f 100644 --- a/drivers/tty/vt/vt_ioctl.c +++ b/drivers/tty/vt/vt_ioctl.c @@ -130,7 +130,7 @@ static void vt_event_wait(struct vt_event_wait *vw) list_add(&vw->list, &vt_events); spin_unlock_irqrestore(&vt_event_lock, flags); /* Wait for it to pass */ - wait_event_interruptible_tty(vt_event_waitqueue, vw->done); + wait_event_interruptible(vt_event_waitqueue, vw->done); /* Dequeue it */ spin_lock_irqsave(&vt_event_lock, flags); list_del(&vw->list); @@ -671,11 +671,8 @@ int vt_ioctl(struct tty_struct *tty, return -EPERM; if (arg == 0 || arg > MAX_NR_CONSOLES) ret = -ENXIO; - else { - tty_lock(); + else ret = vt_waitactive(arg); - tty_unlock(); - } break; /* @@ -1426,14 +1423,10 @@ int vt_move_to_console(unsigned int vt, int alloc) return -EIO; } console_unlock(); - /* Review: I don't see why we need tty_lock here FIXME */ - tty_lock(); if (vt_waitactive(vt + 1)) { pr_debug("Suspend: Can't switch VCs."); - tty_unlock(); return -EINTR; } - tty_unlock(); return prev; } -- cgit v1.2.3-70-g09d2 From 5289475d1375017ab4288b276383e9684280876d Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Fri, 2 Mar 2012 15:00:02 +0000 Subject: vt: tackle the main part of the selection logic We leave the existing paste mess alone and just fix up the vt side of things. Signed-off-by: Alan Cox Signed-off-by: Greg Kroah-Hartman --- drivers/tty/vt/selection.c | 39 +++++++++++++++++++++++++++++++-------- drivers/tty/vt/vt.c | 2 ++ 2 files changed, 33 insertions(+), 8 deletions(-) (limited to 'drivers/tty/vt') diff --git a/drivers/tty/vt/selection.c b/drivers/tty/vt/selection.c index 2a509167092..8e9b4be97a2 100644 --- a/drivers/tty/vt/selection.c +++ b/drivers/tty/vt/selection.c @@ -62,10 +62,14 @@ sel_pos(int n) use_unicode); } -/* remove the current selection highlight, if any, - from the console holding the selection. */ -void -clear_selection(void) { +/** + * clear_selection - remove current selection + * + * Remove the current selection highlight, if any from the console + * holding the selection. The caller must hold the console lock. + */ +void clear_selection(void) +{ highlight_pointer(-1); /* hide the pointer */ if (sel_start != -1) { highlight(sel_start, sel_end); @@ -75,7 +79,7 @@ clear_selection(void) { /* * User settable table: what characters are to be considered alphabetic? - * 256 bits. FIXME: Needs a locking model. + * 256 bits. Locked by the console lock. */ static u32 inwordLut[8]={ 0x00000000, /* control chars */ @@ -92,10 +96,20 @@ static inline int inword(const u16 c) { return c > 0xff || (( inwordLut[c>>5] >> (c & 0x1F) ) & 1); } -/* set inwordLut contents. Invoked by ioctl(). */ +/** + * set loadlut - load the LUT table + * @p: user table + * + * Load the LUT table from user space. The caller must hold the console + * lock. Make a temporary copy so a partial update doesn't make a mess. + */ int sel_loadlut(char __user *p) { - return copy_from_user(inwordLut, (u32 __user *)(p+4), 32) ? -EFAULT : 0; + u32 tmplut[8]; + if (copy_from_user(tmplut, (u32 __user *)(p+4), 32)) + return -EFAULT; + memcpy(inwordLut, tmplut, 32); + return 0; } /* does screen address p correspond to character at LH/RH edge of screen? */ @@ -131,7 +145,16 @@ static int store_utf8(u16 c, char *p) } } -/* set the current selection. Invoked by ioctl() or by kernel code. */ +/** + * set_selection - set the current selection. + * @sel: user selection info + * @tty: the console tty + * + * Invoked by the ioctl handle for the vt layer. + * + * The entire selection process is managed under the console_lock. It's + * a lot under the lock but its hardly a performance path + */ int set_selection(const struct tiocl_selection __user *sel, struct tty_struct *tty) { struct vc_data *vc = vc_cons[fg_console].d; diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c index ab7385e526a..e5abceacc2d 100644 --- a/drivers/tty/vt/vt.c +++ b/drivers/tty/vt/vt.c @@ -2623,7 +2623,9 @@ int tioclinux(struct tty_struct *tty, unsigned long arg) console_unlock(); break; case TIOCL_SELLOADLUT: + console_lock(); ret = sel_loadlut(p); + console_unlock(); break; case TIOCL_GETSHIFTSTATE: -- cgit v1.2.3-70-g09d2 From 2f16669d322e05171c9e1cfd94f402f7399bd2a3 Mon Sep 17 00:00:00 2001 From: Jiri Slaby Date: Mon, 5 Mar 2012 14:51:52 +0100 Subject: TTY: remove re-assignments to tty_driver members All num, magic and owner are set by alloc_tty_driver. No need to re-set them on each allocation site. pti driver sets something different to what it passes to alloc_tty_driver. It is not a bug, since we don't use the lines parameter in any way. Anyway this is fixed, and now we do the right thing. Signed-off-by: Jiri Slaby Acked-by: Tilman Schmidt Signed-off-by: Greg Kroah-Hartman --- arch/ia64/hp/sim/simserial.c | 1 - arch/m68k/emu/nfcon.c | 1 - arch/xtensa/platforms/iss/console.c | 1 - drivers/char/pcmcia/synclink_cs.c | 1 - drivers/char/ttyprintk.c | 2 -- drivers/isdn/capi/capi.c | 1 - drivers/isdn/gigaset/interface.c | 7 +------ drivers/misc/pti.c | 5 +---- drivers/mmc/card/sdio_uart.c | 1 - drivers/net/usb/hso.c | 2 -- drivers/s390/char/con3215.c | 1 - drivers/s390/char/sclp_tty.c | 1 - drivers/s390/char/sclp_vt220.c | 1 - drivers/s390/char/tty3270.c | 1 - drivers/tty/amiserial.c | 1 - drivers/tty/bfin_jtag_comm.c | 1 - drivers/tty/cyclades.c | 1 - drivers/tty/ehv_bytechan.c | 1 - drivers/tty/hvc/hvc_console.c | 1 - drivers/tty/hvc/hvcs.c | 2 -- drivers/tty/hvc/hvsi.c | 1 - drivers/tty/ipwireless/tty.c | 1 - drivers/tty/isicom.c | 1 - drivers/tty/moxa.c | 1 - drivers/tty/mxser.c | 3 --- drivers/tty/n_gsm.c | 1 - drivers/tty/nozomi.c | 1 - drivers/tty/pty.c | 4 ---- drivers/tty/rocket.c | 1 - drivers/tty/serial/ifx6x60.c | 3 --- drivers/tty/serial/msm_smd_tty.c | 1 - drivers/tty/serial/serial_core.c | 1 - drivers/tty/synclink.c | 1 - drivers/tty/synclink_gt.c | 1 - drivers/tty/synclinkmp.c | 1 - drivers/tty/vt/vt.c | 2 +- drivers/usb/class/cdc-acm.c | 1 - drivers/usb/gadget/u_serial.c | 1 - drivers/usb/serial/usb-serial.c | 1 - net/bluetooth/rfcomm/tty.c | 1 - net/irda/ircomm/ircomm_tty.c | 1 - 41 files changed, 3 insertions(+), 59 deletions(-) (limited to 'drivers/tty/vt') diff --git a/arch/ia64/hp/sim/simserial.c b/arch/ia64/hp/sim/simserial.c index bff0824cf8a..f513dc02bb8 100644 --- a/arch/ia64/hp/sim/simserial.c +++ b/arch/ia64/hp/sim/simserial.c @@ -928,7 +928,6 @@ simrs_init (void) /* Initialize the tty_driver structure */ - hp_simserial_driver->owner = THIS_MODULE; hp_simserial_driver->driver_name = "simserial"; hp_simserial_driver->name = "ttyS"; hp_simserial_driver->major = TTY_MAJOR; diff --git a/arch/m68k/emu/nfcon.c b/arch/m68k/emu/nfcon.c index ab20dc0ff63..8db25e80694 100644 --- a/arch/m68k/emu/nfcon.c +++ b/arch/m68k/emu/nfcon.c @@ -127,7 +127,6 @@ static int __init nfcon_init(void) if (!nfcon_tty_driver) return -ENOMEM; - nfcon_tty_driver->owner = THIS_MODULE; nfcon_tty_driver->driver_name = "nfcon"; nfcon_tty_driver->name = "nfcon"; nfcon_tty_driver->type = TTY_DRIVER_TYPE_SYSTEM; diff --git a/arch/xtensa/platforms/iss/console.c b/arch/xtensa/platforms/iss/console.c index 2c723e8b30d..247e9d40a52 100644 --- a/arch/xtensa/platforms/iss/console.c +++ b/arch/xtensa/platforms/iss/console.c @@ -216,7 +216,6 @@ int __init rs_init(void) /* Initialize the tty_driver structure */ - serial_driver->owner = THIS_MODULE; serial_driver->driver_name = "iss_serial"; serial_driver->name = "ttyS"; serial_driver->major = TTY_MAJOR; diff --git a/drivers/char/pcmcia/synclink_cs.c b/drivers/char/pcmcia/synclink_cs.c index 07f6a5abe37..c3bcb1221e6 100644 --- a/drivers/char/pcmcia/synclink_cs.c +++ b/drivers/char/pcmcia/synclink_cs.c @@ -2836,7 +2836,6 @@ static int __init synclink_cs_init(void) /* Initialize the tty_driver structure */ - serial_driver->owner = THIS_MODULE; serial_driver->driver_name = "synclink_cs"; serial_driver->name = "ttySLP"; serial_driver->major = ttymajor; diff --git a/drivers/char/ttyprintk.c b/drivers/char/ttyprintk.c index eedd5474850..46b77ede84c 100644 --- a/drivers/char/ttyprintk.c +++ b/drivers/char/ttyprintk.c @@ -184,12 +184,10 @@ static int __init ttyprintk_init(void) if (!ttyprintk_driver) return ret; - ttyprintk_driver->owner = THIS_MODULE; ttyprintk_driver->driver_name = "ttyprintk"; ttyprintk_driver->name = "ttyprintk"; ttyprintk_driver->major = TTYAUX_MAJOR; ttyprintk_driver->minor_start = 3; - ttyprintk_driver->num = 1; ttyprintk_driver->type = TTY_DRIVER_TYPE_CONSOLE; ttyprintk_driver->init_termios = tty_std_termios; ttyprintk_driver->init_termios.c_oflag = OPOST | OCRNL | ONOCR | ONLRET; diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c index 94948be5d36..baf08eba495 100644 --- a/drivers/isdn/capi/capi.c +++ b/drivers/isdn/capi/capi.c @@ -1287,7 +1287,6 @@ static int __init capinc_tty_init(void) kfree(capiminors); return -ENOMEM; } - drv->owner = THIS_MODULE; drv->driver_name = "capi_nc"; drv->name = "capi"; drv->major = 0; diff --git a/drivers/isdn/gigaset/interface.c b/drivers/isdn/gigaset/interface.c index ee0a549a933..648260b07f1 100644 --- a/drivers/isdn/gigaset/interface.c +++ b/drivers/isdn/gigaset/interface.c @@ -669,17 +669,15 @@ EXPORT_SYMBOL_GPL(gigaset_if_receive); void gigaset_if_initdriver(struct gigaset_driver *drv, const char *procname, const char *devname) { - unsigned minors = drv->minors; int ret; struct tty_driver *tty; drv->have_tty = 0; - drv->tty = tty = alloc_tty_driver(minors); + drv->tty = tty = alloc_tty_driver(drv->minors); if (tty == NULL) goto enomem; - tty->magic = TTY_DRIVER_MAGIC, tty->type = TTY_DRIVER_TYPE_SERIAL, tty->subtype = SERIAL_TYPE_NORMAL, tty->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; @@ -687,9 +685,6 @@ void gigaset_if_initdriver(struct gigaset_driver *drv, const char *procname, tty->driver_name = procname; tty->name = devname; tty->minor_start = drv->minor; - tty->num = drv->minors; - - tty->owner = THIS_MODULE; tty->init_termios = tty_std_termios; tty->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; diff --git a/drivers/misc/pti.c b/drivers/misc/pti.c index 9a35db3d27f..383133b201a 100644 --- a/drivers/misc/pti.c +++ b/drivers/misc/pti.c @@ -907,20 +907,17 @@ static int __init pti_init(void) /* First register module as tty device */ - pti_tty_driver = alloc_tty_driver(1); + pti_tty_driver = alloc_tty_driver(PTITTY_MINOR_NUM); if (pti_tty_driver == NULL) { pr_err("%s(%d): Memory allocation failed for ptiTTY driver\n", __func__, __LINE__); return -ENOMEM; } - pti_tty_driver->owner = THIS_MODULE; - pti_tty_driver->magic = TTY_DRIVER_MAGIC; pti_tty_driver->driver_name = DRIVERNAME; pti_tty_driver->name = TTYNAME; pti_tty_driver->major = 0; pti_tty_driver->minor_start = PTITTY_MINOR_START; - pti_tty_driver->num = PTITTY_MINOR_NUM; pti_tty_driver->type = TTY_DRIVER_TYPE_SYSTEM; pti_tty_driver->subtype = SYSTEM_TYPE_SYSCONS; pti_tty_driver->flags = TTY_DRIVER_REAL_RAW | diff --git a/drivers/mmc/card/sdio_uart.c b/drivers/mmc/card/sdio_uart.c index bd4a67cdac3..5a2cbfac66d 100644 --- a/drivers/mmc/card/sdio_uart.c +++ b/drivers/mmc/card/sdio_uart.c @@ -1175,7 +1175,6 @@ static int __init sdio_uart_init(void) if (!tty_drv) return -ENOMEM; - tty_drv->owner = THIS_MODULE; tty_drv->driver_name = "sdio_uart"; tty_drv->name = "ttySDIO"; tty_drv->major = 0; /* dynamically allocated */ diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c index 304fe78ff60..a73090f4c68 100644 --- a/drivers/net/usb/hso.c +++ b/drivers/net/usb/hso.c @@ -3313,7 +3313,6 @@ static int __init hso_init(void) /* fill in all needed values */ tty_drv->magic = TTY_DRIVER_MAGIC; - tty_drv->owner = THIS_MODULE; tty_drv->driver_name = driver_name; tty_drv->name = tty_filename; @@ -3322,7 +3321,6 @@ static int __init hso_init(void) tty_drv->major = tty_major; tty_drv->minor_start = 0; - tty_drv->num = HSO_SERIAL_TTY_MINORS; tty_drv->type = TTY_DRIVER_TYPE_SERIAL; tty_drv->subtype = SERIAL_TYPE_NORMAL; tty_drv->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; diff --git a/drivers/s390/char/con3215.c b/drivers/s390/char/con3215.c index 934458ad55e..fe916bfd60f 100644 --- a/drivers/s390/char/con3215.c +++ b/drivers/s390/char/con3215.c @@ -1137,7 +1137,6 @@ static int __init tty3215_init(void) * proc_entry, set_termios, flush_buffer, set_ldisc, write_proc */ - driver->owner = THIS_MODULE; driver->driver_name = "tty3215"; driver->name = "ttyS"; driver->major = TTY_MAJOR; diff --git a/drivers/s390/char/sclp_tty.c b/drivers/s390/char/sclp_tty.c index a879c139926..40a9d69c898 100644 --- a/drivers/s390/char/sclp_tty.c +++ b/drivers/s390/char/sclp_tty.c @@ -551,7 +551,6 @@ sclp_tty_init(void) return rc; } - driver->owner = THIS_MODULE; driver->driver_name = "sclp_line"; driver->name = "sclp_line"; driver->major = TTY_MAJOR; diff --git a/drivers/s390/char/sclp_vt220.c b/drivers/s390/char/sclp_vt220.c index 5d706e6c946..b635472ae66 100644 --- a/drivers/s390/char/sclp_vt220.c +++ b/drivers/s390/char/sclp_vt220.c @@ -685,7 +685,6 @@ static int __init sclp_vt220_tty_init(void) if (rc) goto out_driver; - driver->owner = THIS_MODULE; driver->driver_name = SCLP_VT220_DRIVER_NAME; driver->name = SCLP_VT220_DEVICE_NAME; driver->major = SCLP_VT220_MAJOR; diff --git a/drivers/s390/char/tty3270.c b/drivers/s390/char/tty3270.c index 2db1482b406..b43445a55cb 100644 --- a/drivers/s390/char/tty3270.c +++ b/drivers/s390/char/tty3270.c @@ -1784,7 +1784,6 @@ static int __init tty3270_init(void) * Entries in tty3270_driver that are NOT initialized: * proc_entry, set_termios, flush_buffer, set_ldisc, write_proc */ - driver->owner = THIS_MODULE; driver->driver_name = "ttyTUB"; driver->name = "ttyTUB"; driver->major = IBM_TTY3270_MAJOR; diff --git a/drivers/tty/amiserial.c b/drivers/tty/amiserial.c index b84c83456dc..b42f00d987a 100644 --- a/drivers/tty/amiserial.c +++ b/drivers/tty/amiserial.c @@ -1974,7 +1974,6 @@ static int __init amiga_serial_probe(struct platform_device *pdev) /* Initialize the tty_driver structure */ - serial_driver->owner = THIS_MODULE; serial_driver->driver_name = "amiserial"; serial_driver->name = "ttyS"; serial_driver->major = TTY_MAJOR; diff --git a/drivers/tty/bfin_jtag_comm.c b/drivers/tty/bfin_jtag_comm.c index 3a997760ec3..946f799861f 100644 --- a/drivers/tty/bfin_jtag_comm.c +++ b/drivers/tty/bfin_jtag_comm.c @@ -257,7 +257,6 @@ static int __init bfin_jc_init(void) if (!bfin_jc_driver) goto err_driver; - bfin_jc_driver->owner = THIS_MODULE; bfin_jc_driver->driver_name = DRV_NAME; bfin_jc_driver->name = DEV_NAME; bfin_jc_driver->type = TTY_DRIVER_TYPE_SERIAL; diff --git a/drivers/tty/cyclades.c b/drivers/tty/cyclades.c index 5575fee7a55..bc7b5a5650b 100644 --- a/drivers/tty/cyclades.c +++ b/drivers/tty/cyclades.c @@ -4090,7 +4090,6 @@ static int __init cy_init(void) /* Initialize the tty_driver structure */ - cy_serial_driver->owner = THIS_MODULE; cy_serial_driver->driver_name = "cyclades"; cy_serial_driver->name = "ttyC"; cy_serial_driver->major = CYCLADES_MAJOR; diff --git a/drivers/tty/ehv_bytechan.c b/drivers/tty/ehv_bytechan.c index 1595dba0072..4813684cb63 100644 --- a/drivers/tty/ehv_bytechan.c +++ b/drivers/tty/ehv_bytechan.c @@ -825,7 +825,6 @@ static int __init ehv_bc_init(void) goto error; } - ehv_bc_driver->owner = THIS_MODULE; ehv_bc_driver->driver_name = "ehv-bc"; ehv_bc_driver->name = ehv_bc_console.name; ehv_bc_driver->type = TTY_DRIVER_TYPE_CONSOLE; diff --git a/drivers/tty/hvc/hvc_console.c b/drivers/tty/hvc/hvc_console.c index b6b2d18fa38..8880adf5fc6 100644 --- a/drivers/tty/hvc/hvc_console.c +++ b/drivers/tty/hvc/hvc_console.c @@ -917,7 +917,6 @@ static int hvc_init(void) goto out; } - drv->owner = THIS_MODULE; drv->driver_name = "hvc"; drv->name = "hvc"; drv->major = HVC_MAJOR; diff --git a/drivers/tty/hvc/hvcs.c b/drivers/tty/hvc/hvcs.c index df7e7a0a5e6..da0aa476804 100644 --- a/drivers/tty/hvc/hvcs.c +++ b/drivers/tty/hvc/hvcs.c @@ -1499,8 +1499,6 @@ static int __devinit hvcs_initialize(void) goto index_fail; } - hvcs_tty_driver->owner = THIS_MODULE; - hvcs_tty_driver->driver_name = hvcs_driver_name; hvcs_tty_driver->name = hvcs_device_node; diff --git a/drivers/tty/hvc/hvsi.c b/drivers/tty/hvc/hvsi.c index 1b5f28bd793..60bc4516418 100644 --- a/drivers/tty/hvc/hvsi.c +++ b/drivers/tty/hvc/hvsi.c @@ -1088,7 +1088,6 @@ static int __init hvsi_init(void) if (!hvsi_driver) return -ENOMEM; - hvsi_driver->owner = THIS_MODULE; hvsi_driver->driver_name = "hvsi"; hvsi_driver->name = "hvsi"; hvsi_driver->major = HVSI_MAJOR; diff --git a/drivers/tty/ipwireless/tty.c b/drivers/tty/ipwireless/tty.c index ef92869502a..6990b3b649d 100644 --- a/drivers/tty/ipwireless/tty.c +++ b/drivers/tty/ipwireless/tty.c @@ -614,7 +614,6 @@ int ipwireless_tty_init(void) if (!ipw_tty_driver) return -ENOMEM; - ipw_tty_driver->owner = THIS_MODULE; ipw_tty_driver->driver_name = IPWIRELESS_PCCARD_NAME; ipw_tty_driver->name = "ttyIPWp"; ipw_tty_driver->major = 0; diff --git a/drivers/tty/isicom.c b/drivers/tty/isicom.c index e5c295ab5de..b3a28b5f02a 100644 --- a/drivers/tty/isicom.c +++ b/drivers/tty/isicom.c @@ -1678,7 +1678,6 @@ static int __init isicom_init(void) goto error; } - isicom_normal->owner = THIS_MODULE; isicom_normal->name = "ttyM"; isicom_normal->major = ISICOM_NMAJOR; isicom_normal->minor_start = 0; diff --git a/drivers/tty/moxa.c b/drivers/tty/moxa.c index d15a071b1a5..4a26323a926 100644 --- a/drivers/tty/moxa.c +++ b/drivers/tty/moxa.c @@ -1036,7 +1036,6 @@ static int __init moxa_init(void) if (!moxaDriver) return -ENOMEM; - moxaDriver->owner = THIS_MODULE; moxaDriver->name = "ttyMX"; moxaDriver->major = ttymajor; moxaDriver->minor_start = 0; diff --git a/drivers/tty/mxser.c b/drivers/tty/mxser.c index 8998d527232..260d0312352 100644 --- a/drivers/tty/mxser.c +++ b/drivers/tty/mxser.c @@ -2658,12 +2658,9 @@ static int __init mxser_module_init(void) MXSER_VERSION); /* Initialize the tty_driver structure */ - mxvar_sdriver->owner = THIS_MODULE; - mxvar_sdriver->magic = TTY_DRIVER_MAGIC; mxvar_sdriver->name = "ttyMI"; mxvar_sdriver->major = ttymajor; mxvar_sdriver->minor_start = 0; - mxvar_sdriver->num = MXSER_PORTS + 1; mxvar_sdriver->type = TTY_DRIVER_TYPE_SERIAL; mxvar_sdriver->subtype = SERIAL_TYPE_NORMAL; mxvar_sdriver->init_termios = tty_std_termios; diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c index fc7bbba585c..c43b683b6eb 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -3120,7 +3120,6 @@ static int __init gsm_init(void) pr_err("gsm_init: tty allocation failed.\n"); return -EINVAL; } - gsm_tty_driver->owner = THIS_MODULE; gsm_tty_driver->driver_name = "gsmtty"; gsm_tty_driver->name = "gsmtty"; gsm_tty_driver->major = 0; /* Dynamic */ diff --git a/drivers/tty/nozomi.c b/drivers/tty/nozomi.c index 580da78b2d8..e7592f9037d 100644 --- a/drivers/tty/nozomi.c +++ b/drivers/tty/nozomi.c @@ -1916,7 +1916,6 @@ static __init int nozomi_init(void) if (!ntty_driver) return -ENOMEM; - ntty_driver->owner = THIS_MODULE; ntty_driver->driver_name = NOZOMI_NAME_TTY; ntty_driver->name = "noz"; ntty_driver->major = 0; diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c index d505837b347..f96ecaec24f 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c @@ -393,7 +393,6 @@ static void __init legacy_pty_init(void) if (!pty_slave_driver) panic("Couldn't allocate pty slave driver"); - pty_driver->owner = THIS_MODULE; pty_driver->driver_name = "pty_master"; pty_driver->name = "pty"; pty_driver->major = PTY_MASTER_MAJOR; @@ -411,7 +410,6 @@ static void __init legacy_pty_init(void) pty_driver->other = pty_slave_driver; tty_set_operations(pty_driver, &master_pty_ops_bsd); - pty_slave_driver->owner = THIS_MODULE; pty_slave_driver->driver_name = "pty_slave"; pty_slave_driver->name = "ttyp"; pty_slave_driver->major = PTY_SLAVE_MAJOR; @@ -671,7 +669,6 @@ static void __init unix98_pty_init(void) if (!pts_driver) panic("Couldn't allocate Unix98 pts driver"); - ptm_driver->owner = THIS_MODULE; ptm_driver->driver_name = "pty_master"; ptm_driver->name = "ptm"; ptm_driver->major = UNIX98_PTY_MASTER_MAJOR; @@ -690,7 +687,6 @@ static void __init unix98_pty_init(void) ptm_driver->other = pts_driver; tty_set_operations(ptm_driver, &ptm_unix98_ops); - pts_driver->owner = THIS_MODULE; pts_driver->driver_name = "pty_slave"; pts_driver->name = "pts"; pts_driver->major = UNIX98_PTY_SLAVE_MAJOR; diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c index de88aa5566e..b088e1ea433 100644 --- a/drivers/tty/rocket.c +++ b/drivers/tty/rocket.c @@ -2277,7 +2277,6 @@ static int __init rp_init(void) * driver with the tty layer. */ - rocket_driver->owner = THIS_MODULE; rocket_driver->flags = TTY_DRIVER_DYNAMIC_DEV; rocket_driver->name = "ttyR"; rocket_driver->driver_name = "Comtrol RocketPort"; diff --git a/drivers/tty/serial/ifx6x60.c b/drivers/tty/serial/ifx6x60.c index 7e925e20cba..144cd3987d4 100644 --- a/drivers/tty/serial/ifx6x60.c +++ b/drivers/tty/serial/ifx6x60.c @@ -1375,12 +1375,9 @@ static int __init ifx_spi_init(void) return -ENOMEM; } - tty_drv->magic = TTY_DRIVER_MAGIC; - tty_drv->owner = THIS_MODULE; tty_drv->driver_name = DRVNAME; tty_drv->name = TTYNAME; tty_drv->minor_start = IFX_SPI_TTY_ID; - tty_drv->num = 1; tty_drv->type = TTY_DRIVER_TYPE_SERIAL; tty_drv->subtype = SERIAL_TYPE_NORMAL; tty_drv->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; diff --git a/drivers/tty/serial/msm_smd_tty.c b/drivers/tty/serial/msm_smd_tty.c index 4f41dcdcb77..b25e6ee7144 100644 --- a/drivers/tty/serial/msm_smd_tty.c +++ b/drivers/tty/serial/msm_smd_tty.c @@ -203,7 +203,6 @@ static int __init smd_tty_init(void) if (smd_tty_driver == 0) return -ENOMEM; - smd_tty_driver->owner = THIS_MODULE; smd_tty_driver->driver_name = "smd_tty_driver"; smd_tty_driver->name = "smd"; smd_tty_driver->major = 0; diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 13056180adf..9c4c05b2825 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -2230,7 +2230,6 @@ int uart_register_driver(struct uart_driver *drv) drv->tty_driver = normal; - normal->owner = drv->owner; normal->driver_name = drv->driver_name; normal->name = drv->dev_name; normal->major = drv->major; diff --git a/drivers/tty/synclink.c b/drivers/tty/synclink.c index ff8017f8791..2b2988c779c 100644 --- a/drivers/tty/synclink.c +++ b/drivers/tty/synclink.c @@ -4333,7 +4333,6 @@ static int mgsl_init_tty(void) if (!serial_driver) return -ENOMEM; - serial_driver->owner = THIS_MODULE; serial_driver->driver_name = "synclink"; serial_driver->name = "ttySL"; serial_driver->major = ttymajor; diff --git a/drivers/tty/synclink_gt.c b/drivers/tty/synclink_gt.c index 18b48cd3b41..a8b66be37e6 100644 --- a/drivers/tty/synclink_gt.c +++ b/drivers/tty/synclink_gt.c @@ -3795,7 +3795,6 @@ static int __init slgt_init(void) /* Initialize the tty_driver structure */ - serial_driver->owner = THIS_MODULE; serial_driver->driver_name = tty_driver_name; serial_driver->name = tty_dev_prefix; serial_driver->major = ttymajor; diff --git a/drivers/tty/synclinkmp.c b/drivers/tty/synclinkmp.c index a7efe538df0..ddabb61c85b 100644 --- a/drivers/tty/synclinkmp.c +++ b/drivers/tty/synclinkmp.c @@ -3977,7 +3977,6 @@ static int __init synclinkmp_init(void) /* Initialize the tty_driver structure */ - serial_driver->owner = THIS_MODULE; serial_driver->driver_name = "synclinkmp"; serial_driver->name = "ttySLM"; serial_driver->major = ttymajor; diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c index e5abceacc2d..84c4a7d5603 100644 --- a/drivers/tty/vt/vt.c +++ b/drivers/tty/vt/vt.c @@ -2994,7 +2994,7 @@ int __init vty_init(const struct file_operations *console_fops) console_driver = alloc_tty_driver(MAX_NR_CONSOLES); if (!console_driver) panic("Couldn't allocate console driver\n"); - console_driver->owner = THIS_MODULE; + console_driver->name = "tty"; console_driver->name_base = 1; console_driver->major = TTY_MAJOR; diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index 11a1130319d..6bb8472155c 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -1670,7 +1670,6 @@ static int __init acm_init(void) acm_tty_driver = alloc_tty_driver(ACM_TTY_MINORS); if (!acm_tty_driver) return -ENOMEM; - acm_tty_driver->owner = THIS_MODULE, acm_tty_driver->driver_name = "acm", acm_tty_driver->name = "ttyACM", acm_tty_driver->major = ACM_TTY_MAJOR, diff --git a/drivers/usb/gadget/u_serial.c b/drivers/usb/gadget/u_serial.c index 6597a6813e4..490b01dd5d6 100644 --- a/drivers/usb/gadget/u_serial.c +++ b/drivers/usb/gadget/u_serial.c @@ -1087,7 +1087,6 @@ int __init gserial_setup(struct usb_gadget *g, unsigned count) if (!gs_tty_driver) return -ENOMEM; - gs_tty_driver->owner = THIS_MODULE; gs_tty_driver->driver_name = "g_serial"; gs_tty_driver->name = PREFIX; /* uses dynamically assigned dev_t values */ diff --git a/drivers/usb/serial/usb-serial.c b/drivers/usb/serial/usb-serial.c index 1e30cc92719..d4e724d9b1f 100644 --- a/drivers/usb/serial/usb-serial.c +++ b/drivers/usb/serial/usb-serial.c @@ -1235,7 +1235,6 @@ static int __init usb_serial_init(void) goto exit_bus; } - usb_serial_tty_driver->owner = THIS_MODULE; usb_serial_tty_driver->driver_name = "usbserial"; usb_serial_tty_driver->name = "ttyUSB"; usb_serial_tty_driver->major = SERIAL_TTY_MAJOR; diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c index a2d4f5122a6..7adb03ca51c 100644 --- a/net/bluetooth/rfcomm/tty.c +++ b/net/bluetooth/rfcomm/tty.c @@ -1157,7 +1157,6 @@ int __init rfcomm_init_ttys(void) if (!rfcomm_tty_driver) return -ENOMEM; - rfcomm_tty_driver->owner = THIS_MODULE; rfcomm_tty_driver->driver_name = "rfcomm"; rfcomm_tty_driver->name = "rfcomm"; rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c index 253695d43fd..828f88603d6 100644 --- a/net/irda/ircomm/ircomm_tty.c +++ b/net/irda/ircomm/ircomm_tty.c @@ -122,7 +122,6 @@ static int __init ircomm_tty_init(void) return -ENOMEM; } - driver->owner = THIS_MODULE; driver->driver_name = "ircomm"; driver->name = "ircomm"; driver->major = IRCOMM_TTY_MAJOR; -- cgit v1.2.3-70-g09d2 From 82896210aa3c59eaa4f78f7ba2f5f947601dd8f8 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Sat, 10 Mar 2012 11:59:23 +0300 Subject: vt: NULL dereference in vt_do_kdsk_ioctl() We forgot to set the "key_map" variable here, so it's still NULL. This was introduced recently in 079c9534a9 "vt:tackle kbd_table". Signed-off-by: Dan Carpenter Signed-off-by: Jiri Slaby Acked-by: Alan Cox Signed-off-by: Greg Kroah-Hartman --- drivers/tty/vt/keyboard.c | 1 + 1 file changed, 1 insertion(+) (limited to 'drivers/tty/vt') diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c index 70d0593d3bc..86dd1e302bb 100644 --- a/drivers/tty/vt/keyboard.c +++ b/drivers/tty/vt/keyboard.c @@ -1863,6 +1863,7 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, return -EPERM; } key_maps[s] = new_map; + key_map = new_map; key_map[0] = U(K_ALLOCATED); for (j = 1; j < NR_KEYS; j++) key_map[j] = U(K_HOLE); -- cgit v1.2.3-70-g09d2 From 4a4c61b7ce26bfc9d49ea4bd121d52114bad9f99 Mon Sep 17 00:00:00 2001 From: Liz Clark Date: Thu, 15 Mar 2012 10:33:29 -0700 Subject: TTY: Wrong unicode value copied in con_set_unimap() Bugzilla 40012: PIO_UNIMAP bug: error updating Unicode-to-font map https://bugzilla.kernel.org/show_bug.cgi?id=40012 The unicode font map for the virtual console is a 32x32x64 table which allocates rows dynamically as entries are added. The unicode value increases sequentially and should count all entries even in empty rows. The defect is when copying the unicode font map in con_set_unimap(), the unicode value is not incremented properly. The wrong unicode value is entered in the new font map. Signed-off-by: Liz Clark Cc: stable Signed-off-by: Greg Kroah-Hartman --- drivers/tty/vt/consolemap.c | 51 ++++++++++++++++++++++++++++++++++++++------- 1 file changed, 43 insertions(+), 8 deletions(-) (limited to 'drivers/tty/vt') diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c index a0f3d6c4d39..8308fc7cdc2 100644 --- a/drivers/tty/vt/consolemap.c +++ b/drivers/tty/vt/consolemap.c @@ -516,6 +516,7 @@ int con_set_unimap(struct vc_data *vc, ushort ct, struct unipair __user *list) int err = 0, err1, i; struct uni_pagedir *p, *q; + /* Save original vc_unipagdir_loc in case we allocate a new one */ p = (struct uni_pagedir *)*vc->vc_uni_pagedir_loc; if (p->readonly) return -EIO; @@ -528,26 +529,57 @@ int con_set_unimap(struct vc_data *vc, ushort ct, struct unipair __user *list) err1 = con_clear_unimap(vc, NULL); if (err1) return err1; + /* + * Since refcount was > 1, con_clear_unimap() allocated a + * a new uni_pagedir for this vc. Re: p != q + */ q = (struct uni_pagedir *)*vc->vc_uni_pagedir_loc; - for (i = 0, l = 0; i < 32; i++) + + /* + * uni_pgdir is a 32*32*64 table with rows allocated + * when its first entry is added. The unicode value must + * still be incremented for empty rows. We are copying + * entries from "p" (old) to "q" (new). + */ + l = 0; /* unicode value */ + for (i = 0; i < 32; i++) if ((p1 = p->uni_pgdir[i])) for (j = 0; j < 32; j++) - if ((p2 = p1[j])) + if ((p2 = p1[j])) { for (k = 0; k < 64; k++, l++) if (p2[k] != 0xffff) { + /* + * Found one, copy entry for unicode + * l with fontpos value p2[k]. + */ err1 = con_insert_unipair(q, l, p2[k]); if (err1) { p->refcount++; *vc->vc_uni_pagedir_loc = (unsigned long)p; con_release_unimap(q); kfree(q); - return err1; + return err1; } - } - p = q; - } else if (p == dflt) + } + } else { + /* Account for row of 64 empty entries */ + l += 64; + } + else + /* Account for empty table */ + l += 32 * 64; + + /* + * Finished copying font table, set vc_uni_pagedir to new table + */ + p = q; + } else if (p == dflt) { dflt = NULL; - + } + + /* + * Insert user specified unicode pairs into new table. + */ while (ct--) { unsigned short unicode, fontpos; __get_user(unicode, &list->unicode); @@ -557,11 +589,14 @@ int con_set_unimap(struct vc_data *vc, ushort ct, struct unipair __user *list) list++; } + /* + * Merge with fontmaps of any other virtual consoles. + */ if (con_unify_unimap(vc, p)) return err; for (i = 0; i <= 3; i++) - set_inverse_transl(vc, p, i); /* Update all inverse translations */ + set_inverse_transl(vc, p, i); /* Update inverse translations */ set_inverse_trans_unicode(vc, p); return err; -- cgit v1.2.3-70-g09d2