1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Written for linux by Johan Myreen as a translation from
4  * the assembly version by Linus (with diacriticals added)
5  *
6  * Some additional features added by Christoph Niemann (ChN), March 1993
7  *
8  * Loadable keymaps by Risto Kankkunen, May 1993
9  *
10  * Diacriticals redone & other small changes, aeb@cwi.nl, June 1993
11  * Added decr/incr_console, dynamic keymaps, Unicode support,
12  * dynamic function/string keys, led setting,  Sept 1994
13  * `Sticky' modifier keys, 951006.
14  *
15  * 11-11-96: SAK should now work in the raw mode (Martin Mares)
16  *
17  * Modified to provide 'generic' keyboard support by Hamish Macdonald
18  * Merge with the m68k keyboard driver and split-off of the PC low-level
19  * parts by Geert Uytterhoeven, May 1997
20  *
21  * 27-05-97: Added support for the Magic SysRq Key (Martin Mares)
22  * 30-07-98: Dead keys redone, aeb@cwi.nl.
23  * 21-08-02: Converted to input API, major cleanup. (Vojtech Pavlik)
24  */
25 
26 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
27 
28 #include <linux/consolemap.h>
29 #include <linux/init.h>
30 #include <linux/input.h>
31 #include <linux/jiffies.h>
32 #include <linux/kbd_diacr.h>
33 #include <linux/kbd_kern.h>
34 #include <linux/leds.h>
35 #include <linux/mm.h>
36 #include <linux/module.h>
37 #include <linux/nospec.h>
38 #include <linux/notifier.h>
39 #include <linux/reboot.h>
40 #include <linux/sched/debug.h>
41 #include <linux/sched/signal.h>
42 #include <linux/slab.h>
43 #include <linux/spinlock.h>
44 #include <linux/string.h>
45 #include <linux/tty_flip.h>
46 #include <linux/tty.h>
47 #include <linux/uaccess.h>
48 #include <linux/vt_kern.h>
49 
50 #include <asm/irq_regs.h>
51 
52 /*
53  * Exported functions/variables
54  */
55 
56 #define KBD_DEFMODE (BIT(VC_REPEAT) | BIT(VC_META))
57 
58 #if defined(CONFIG_X86) || defined(CONFIG_PARISC)
59 #include <asm/kbdleds.h>
60 #else
kbd_defleds(void)61 static inline int kbd_defleds(void)
62 {
63 	return 0;
64 }
65 #endif
66 
67 #define KBD_DEFLOCK 0
68 
69 /*
70  * Handler Tables.
71  */
72 
73 #define K_HANDLERS\
74 	k_self,		k_fn,		k_spec,		k_pad,\
75 	k_dead,		k_cons,		k_cur,		k_shift,\
76 	k_meta,		k_ascii,	k_lock,		k_lowercase,\
77 	k_slock,	k_dead2,	k_brl,		k_ignore
78 
79 typedef void (k_handler_fn)(struct vc_data *vc, unsigned char value,
80 			    char up_flag);
81 static k_handler_fn K_HANDLERS;
82 static k_handler_fn *k_handler[16] = { K_HANDLERS };
83 
84 #define FN_HANDLERS\
85 	fn_null,	fn_enter,	fn_show_ptregs,	fn_show_mem,\
86 	fn_show_state,	fn_send_intr,	fn_lastcons,	fn_caps_toggle,\
87 	fn_num,		fn_hold,	fn_scroll_forw,	fn_scroll_back,\
88 	fn_boot_it,	fn_caps_on,	fn_compose,	fn_SAK,\
89 	fn_dec_console, fn_inc_console, fn_spawn_con,	fn_bare_num
90 
91 typedef void (fn_handler_fn)(struct vc_data *vc);
92 static fn_handler_fn FN_HANDLERS;
93 static fn_handler_fn *fn_handler[] = { FN_HANDLERS };
94 
95 /*
96  * Variables exported for vt_ioctl.c
97  */
98 
99 struct vt_spawn_console vt_spawn_con = {
100 	.lock = __SPIN_LOCK_UNLOCKED(vt_spawn_con.lock),
101 	.pid  = NULL,
102 	.sig  = 0,
103 };
104 
105 
106 /*
107  * Internal Data.
108  */
109 
110 static struct kbd_struct kbd_table[MAX_NR_CONSOLES];
111 static struct kbd_struct *kbd = kbd_table;
112 
113 /* maximum values each key_handler can handle */
114 static const unsigned char max_vals[] = {
115 	[ KT_LATIN	] = 255,
116 	[ KT_FN		] = ARRAY_SIZE(func_table) - 1,
117 	[ KT_SPEC	] = ARRAY_SIZE(fn_handler) - 1,
118 	[ KT_PAD	] = NR_PAD - 1,
119 	[ KT_DEAD	] = NR_DEAD - 1,
120 	[ KT_CONS	] = 255,
121 	[ KT_CUR	] = 3,
122 	[ KT_SHIFT	] = NR_SHIFT - 1,
123 	[ KT_META	] = 255,
124 	[ KT_ASCII	] = NR_ASCII - 1,
125 	[ KT_LOCK	] = NR_LOCK - 1,
126 	[ KT_LETTER	] = 255,
127 	[ KT_SLOCK	] = NR_LOCK - 1,
128 	[ KT_DEAD2	] = 255,
129 	[ KT_BRL	] = NR_BRL - 1,
130 };
131 
132 static const int NR_TYPES = ARRAY_SIZE(max_vals);
133 
134 static void kbd_bh(struct tasklet_struct *unused);
135 static DECLARE_TASKLET_DISABLED(keyboard_tasklet, kbd_bh);
136 
137 static struct input_handler kbd_handler;
138 static DEFINE_SPINLOCK(kbd_event_lock);
139 static DEFINE_SPINLOCK(led_lock);
140 static DEFINE_SPINLOCK(func_buf_lock); /* guard 'func_buf'  and friends */
141 static DECLARE_BITMAP(key_down, KEY_CNT);	/* keyboard key bitmap */
142 static unsigned char shift_down[NR_SHIFT];		/* shift state counters.. */
143 static bool dead_key_next;
144 
145 /* Handles a number being assembled on the number pad */
146 static bool npadch_active;
147 static unsigned int npadch_value;
148 
149 static unsigned int diacr;
150 static bool rep;			/* flag telling character repeat */
151 
152 static int shift_state = 0;
153 
154 static unsigned int ledstate = -1U;			/* undefined */
155 static unsigned char ledioctl;
156 static bool vt_switch;
157 
158 /*
159  * Notifier list for console keyboard events
160  */
161 static ATOMIC_NOTIFIER_HEAD(keyboard_notifier_list);
162 
register_keyboard_notifier(struct notifier_block * nb)163 int register_keyboard_notifier(struct notifier_block *nb)
164 {
165 	return atomic_notifier_chain_register(&keyboard_notifier_list, nb);
166 }
167 EXPORT_SYMBOL_GPL(register_keyboard_notifier);
168 
unregister_keyboard_notifier(struct notifier_block * nb)169 int unregister_keyboard_notifier(struct notifier_block *nb)
170 {
171 	return atomic_notifier_chain_unregister(&keyboard_notifier_list, nb);
172 }
173 EXPORT_SYMBOL_GPL(unregister_keyboard_notifier);
174 
175 /*
176  * Translation of scancodes to keycodes. We set them on only the first
177  * keyboard in the list that accepts the scancode and keycode.
178  * Explanation for not choosing the first attached keyboard anymore:
179  *  USB keyboards for example have two event devices: one for all "normal"
180  *  keys and one for extra function keys (like "volume up", "make coffee",
181  *  etc.). So this means that scancodes for the extra function keys won't
182  *  be valid for the first event device, but will be for the second.
183  */
184 
185 struct getset_keycode_data {
186 	struct input_keymap_entry ke;
187 	int error;
188 };
189 
getkeycode_helper(struct input_handle * handle,void * data)190 static int getkeycode_helper(struct input_handle *handle, void *data)
191 {
192 	struct getset_keycode_data *d = data;
193 
194 	d->error = input_get_keycode(handle->dev, &d->ke);
195 
196 	return d->error == 0; /* stop as soon as we successfully get one */
197 }
198 
getkeycode(unsigned int scancode)199 static int getkeycode(unsigned int scancode)
200 {
201 	struct getset_keycode_data d = {
202 		.ke	= {
203 			.flags		= 0,
204 			.len		= sizeof(scancode),
205 			.keycode	= 0,
206 		},
207 		.error	= -ENODEV,
208 	};
209 
210 	memcpy(d.ke.scancode, &scancode, sizeof(scancode));
211 
212 	input_handler_for_each_handle(&kbd_handler, &d, getkeycode_helper);
213 
214 	return d.error ?: d.ke.keycode;
215 }
216 
setkeycode_helper(struct input_handle * handle,void * data)217 static int setkeycode_helper(struct input_handle *handle, void *data)
218 {
219 	struct getset_keycode_data *d = data;
220 
221 	d->error = input_set_keycode(handle->dev, &d->ke);
222 
223 	return d->error == 0; /* stop as soon as we successfully set one */
224 }
225 
setkeycode(unsigned int scancode,unsigned int keycode)226 static int setkeycode(unsigned int scancode, unsigned int keycode)
227 {
228 	struct getset_keycode_data d = {
229 		.ke	= {
230 			.flags		= 0,
231 			.len		= sizeof(scancode),
232 			.keycode	= keycode,
233 		},
234 		.error	= -ENODEV,
235 	};
236 
237 	memcpy(d.ke.scancode, &scancode, sizeof(scancode));
238 
239 	input_handler_for_each_handle(&kbd_handler, &d, setkeycode_helper);
240 
241 	return d.error;
242 }
243 
244 /*
245  * Making beeps and bells. Note that we prefer beeps to bells, but when
246  * shutting the sound off we do both.
247  */
248 
kd_sound_helper(struct input_handle * handle,void * data)249 static int kd_sound_helper(struct input_handle *handle, void *data)
250 {
251 	unsigned int *hz = data;
252 	struct input_dev *dev = handle->dev;
253 
254 	if (test_bit(EV_SND, dev->evbit)) {
255 		if (test_bit(SND_TONE, dev->sndbit)) {
256 			input_inject_event(handle, EV_SND, SND_TONE, *hz);
257 			if (*hz)
258 				return 0;
259 		}
260 		if (test_bit(SND_BELL, dev->sndbit))
261 			input_inject_event(handle, EV_SND, SND_BELL, *hz ? 1 : 0);
262 	}
263 
264 	return 0;
265 }
266 
kd_nosound(struct timer_list * unused)267 static void kd_nosound(struct timer_list *unused)
268 {
269 	static unsigned int zero;
270 
271 	input_handler_for_each_handle(&kbd_handler, &zero, kd_sound_helper);
272 }
273 
274 static DEFINE_TIMER(kd_mksound_timer, kd_nosound);
275 
kd_mksound(unsigned int hz,unsigned int ticks)276 void kd_mksound(unsigned int hz, unsigned int ticks)
277 {
278 	del_timer_sync(&kd_mksound_timer);
279 
280 	input_handler_for_each_handle(&kbd_handler, &hz, kd_sound_helper);
281 
282 	if (hz && ticks)
283 		mod_timer(&kd_mksound_timer, jiffies + ticks);
284 }
285 EXPORT_SYMBOL(kd_mksound);
286 
287 /*
288  * Setting the keyboard rate.
289  */
290 
kbd_rate_helper(struct input_handle * handle,void * data)291 static int kbd_rate_helper(struct input_handle *handle, void *data)
292 {
293 	struct input_dev *dev = handle->dev;
294 	struct kbd_repeat *rpt = data;
295 
296 	if (test_bit(EV_REP, dev->evbit)) {
297 
298 		if (rpt[0].delay > 0)
299 			input_inject_event(handle,
300 					   EV_REP, REP_DELAY, rpt[0].delay);
301 		if (rpt[0].period > 0)
302 			input_inject_event(handle,
303 					   EV_REP, REP_PERIOD, rpt[0].period);
304 
305 		rpt[1].delay = dev->rep[REP_DELAY];
306 		rpt[1].period = dev->rep[REP_PERIOD];
307 	}
308 
309 	return 0;
310 }
311 
kbd_rate(struct kbd_repeat * rpt)312 int kbd_rate(struct kbd_repeat *rpt)
313 {
314 	struct kbd_repeat data[2] = { *rpt };
315 
316 	input_handler_for_each_handle(&kbd_handler, data, kbd_rate_helper);
317 	*rpt = data[1];	/* Copy currently used settings */
318 
319 	return 0;
320 }
321 
322 /*
323  * Helper Functions.
324  */
put_queue(struct vc_data * vc,int ch)325 static void put_queue(struct vc_data *vc, int ch)
326 {
327 	tty_insert_flip_char(&vc->port, ch, 0);
328 	tty_flip_buffer_push(&vc->port);
329 }
330 
puts_queue(struct vc_data * vc,const char * cp)331 static void puts_queue(struct vc_data *vc, const char *cp)
332 {
333 	tty_insert_flip_string(&vc->port, cp, strlen(cp));
334 	tty_flip_buffer_push(&vc->port);
335 }
336 
applkey(struct vc_data * vc,int key,char mode)337 static void applkey(struct vc_data *vc, int key, char mode)
338 {
339 	static char buf[] = { 0x1b, 'O', 0x00, 0x00 };
340 
341 	buf[1] = (mode ? 'O' : '[');
342 	buf[2] = key;
343 	puts_queue(vc, buf);
344 }
345 
346 /*
347  * Many other routines do put_queue, but I think either
348  * they produce ASCII, or they produce some user-assigned
349  * string, and in both cases we might assume that it is
350  * in utf-8 already.
351  */
to_utf8(struct vc_data * vc,uint c)352 static void to_utf8(struct vc_data *vc, uint c)
353 {
354 	if (c < 0x80)
355 		/*  0******* */
356 		put_queue(vc, c);
357 	else if (c < 0x800) {
358 		/* 110***** 10****** */
359 		put_queue(vc, 0xc0 | (c >> 6));
360 		put_queue(vc, 0x80 | (c & 0x3f));
361 	} else if (c < 0x10000) {
362 		if (c >= 0xD800 && c < 0xE000)
363 			return;
364 		if (c == 0xFFFF)
365 			return;
366 		/* 1110**** 10****** 10****** */
367 		put_queue(vc, 0xe0 | (c >> 12));
368 		put_queue(vc, 0x80 | ((c >> 6) & 0x3f));
369 		put_queue(vc, 0x80 | (c & 0x3f));
370 	} else if (c < 0x110000) {
371 		/* 11110*** 10****** 10****** 10****** */
372 		put_queue(vc, 0xf0 | (c >> 18));
373 		put_queue(vc, 0x80 | ((c >> 12) & 0x3f));
374 		put_queue(vc, 0x80 | ((c >> 6) & 0x3f));
375 		put_queue(vc, 0x80 | (c & 0x3f));
376 	}
377 }
378 
379 /* FIXME: review locking for vt.c callers */
set_leds(void)380 static void set_leds(void)
381 {
382 	tasklet_schedule(&keyboard_tasklet);
383 }
384 
385 /*
386  * Called after returning from RAW mode or when changing consoles - recompute
387  * shift_down[] and shift_state from key_down[] maybe called when keymap is
388  * undefined, so that shiftkey release is seen. The caller must hold the
389  * kbd_event_lock.
390  */
391 
do_compute_shiftstate(void)392 static void do_compute_shiftstate(void)
393 {
394 	unsigned int k, sym, val;
395 
396 	shift_state = 0;
397 	memset(shift_down, 0, sizeof(shift_down));
398 
399 	for_each_set_bit(k, key_down, min(NR_KEYS, KEY_CNT)) {
400 		sym = U(key_maps[0][k]);
401 		if (KTYP(sym) != KT_SHIFT && KTYP(sym) != KT_SLOCK)
402 			continue;
403 
404 		val = KVAL(sym);
405 		if (val == KVAL(K_CAPSSHIFT))
406 			val = KVAL(K_SHIFT);
407 
408 		shift_down[val]++;
409 		shift_state |= BIT(val);
410 	}
411 }
412 
413 /* We still have to export this method to vt.c */
vt_set_leds_compute_shiftstate(void)414 void vt_set_leds_compute_shiftstate(void)
415 {
416 	unsigned long flags;
417 
418 	/*
419 	 * When VT is switched, the keyboard led needs to be set once.
420 	 * Ensure that after the switch is completed, the state of the
421 	 * keyboard LED is consistent with the state of the keyboard lock.
422 	 */
423 	vt_switch = true;
424 	set_leds();
425 
426 	spin_lock_irqsave(&kbd_event_lock, flags);
427 	do_compute_shiftstate();
428 	spin_unlock_irqrestore(&kbd_event_lock, flags);
429 }
430 
431 /*
432  * We have a combining character DIACR here, followed by the character CH.
433  * If the combination occurs in the table, return the corresponding value.
434  * Otherwise, if CH is a space or equals DIACR, return DIACR.
435  * Otherwise, conclude that DIACR was not combining after all,
436  * queue it and return CH.
437  */
handle_diacr(struct vc_data * vc,unsigned int ch)438 static unsigned int handle_diacr(struct vc_data *vc, unsigned int ch)
439 {
440 	unsigned int d = diacr;
441 	unsigned int i;
442 
443 	diacr = 0;
444 
445 	if ((d & ~0xff) == BRL_UC_ROW) {
446 		if ((ch & ~0xff) == BRL_UC_ROW)
447 			return d | ch;
448 	} else {
449 		for (i = 0; i < accent_table_size; i++)
450 			if (accent_table[i].diacr == d && accent_table[i].base == ch)
451 				return accent_table[i].result;
452 	}
453 
454 	if (ch == ' ' || ch == (BRL_UC_ROW|0) || ch == d)
455 		return d;
456 
457 	if (kbd->kbdmode == VC_UNICODE)
458 		to_utf8(vc, d);
459 	else {
460 		int c = conv_uni_to_8bit(d);
461 		if (c != -1)
462 			put_queue(vc, c);
463 	}
464 
465 	return ch;
466 }
467 
468 /*
469  * Special function handlers
470  */
fn_enter(struct vc_data * vc)471 static void fn_enter(struct vc_data *vc)
472 {
473 	if (diacr) {
474 		if (kbd->kbdmode == VC_UNICODE)
475 			to_utf8(vc, diacr);
476 		else {
477 			int c = conv_uni_to_8bit(diacr);
478 			if (c != -1)
479 				put_queue(vc, c);
480 		}
481 		diacr = 0;
482 	}
483 
484 	put_queue(vc, '\r');
485 	if (vc_kbd_mode(kbd, VC_CRLF))
486 		put_queue(vc, '\n');
487 }
488 
fn_caps_toggle(struct vc_data * vc)489 static void fn_caps_toggle(struct vc_data *vc)
490 {
491 	if (rep)
492 		return;
493 
494 	chg_vc_kbd_led(kbd, VC_CAPSLOCK);
495 }
496 
fn_caps_on(struct vc_data * vc)497 static void fn_caps_on(struct vc_data *vc)
498 {
499 	if (rep)
500 		return;
501 
502 	set_vc_kbd_led(kbd, VC_CAPSLOCK);
503 }
504 
fn_show_ptregs(struct vc_data * vc)505 static void fn_show_ptregs(struct vc_data *vc)
506 {
507 	struct pt_regs *regs = get_irq_regs();
508 
509 	if (regs)
510 		show_regs(regs);
511 }
512 
fn_hold(struct vc_data * vc)513 static void fn_hold(struct vc_data *vc)
514 {
515 	struct tty_struct *tty = vc->port.tty;
516 
517 	if (rep || !tty)
518 		return;
519 
520 	/*
521 	 * Note: SCROLLOCK will be set (cleared) by stop_tty (start_tty);
522 	 * these routines are also activated by ^S/^Q.
523 	 * (And SCROLLOCK can also be set by the ioctl KDSKBLED.)
524 	 */
525 	if (tty->flow.stopped)
526 		start_tty(tty);
527 	else
528 		stop_tty(tty);
529 }
530 
fn_num(struct vc_data * vc)531 static void fn_num(struct vc_data *vc)
532 {
533 	if (vc_kbd_mode(kbd, VC_APPLIC))
534 		applkey(vc, 'P', 1);
535 	else
536 		fn_bare_num(vc);
537 }
538 
539 /*
540  * Bind this to Shift-NumLock if you work in application keypad mode
541  * but want to be able to change the NumLock flag.
542  * Bind this to NumLock if you prefer that the NumLock key always
543  * changes the NumLock flag.
544  */
fn_bare_num(struct vc_data * vc)545 static void fn_bare_num(struct vc_data *vc)
546 {
547 	if (!rep)
548 		chg_vc_kbd_led(kbd, VC_NUMLOCK);
549 }
550 
fn_lastcons(struct vc_data * vc)551 static void fn_lastcons(struct vc_data *vc)
552 {
553 	/* switch to the last used console, ChN */
554 	set_console(last_console);
555 }
556 
fn_dec_console(struct vc_data * vc)557 static void fn_dec_console(struct vc_data *vc)
558 {
559 	int i, cur = fg_console;
560 
561 	/* Currently switching?  Queue this next switch relative to that. */
562 	if (want_console != -1)
563 		cur = want_console;
564 
565 	for (i = cur - 1; i != cur; i--) {
566 		if (i == -1)
567 			i = MAX_NR_CONSOLES - 1;
568 		if (vc_cons_allocated(i))
569 			break;
570 	}
571 	set_console(i);
572 }
573 
fn_inc_console(struct vc_data * vc)574 static void fn_inc_console(struct vc_data *vc)
575 {
576 	int i, cur = fg_console;
577 
578 	/* Currently switching?  Queue this next switch relative to that. */
579 	if (want_console != -1)
580 		cur = want_console;
581 
582 	for (i = cur+1; i != cur; i++) {
583 		if (i == MAX_NR_CONSOLES)
584 			i = 0;
585 		if (vc_cons_allocated(i))
586 			break;
587 	}
588 	set_console(i);
589 }
590 
fn_send_intr(struct vc_data * vc)591 static void fn_send_intr(struct vc_data *vc)
592 {
593 	tty_insert_flip_char(&vc->port, 0, TTY_BREAK);
594 	tty_flip_buffer_push(&vc->port);
595 }
596 
fn_scroll_forw(struct vc_data * vc)597 static void fn_scroll_forw(struct vc_data *vc)
598 {
599 	scrollfront(vc, 0);
600 }
601 
fn_scroll_back(struct vc_data * vc)602 static void fn_scroll_back(struct vc_data *vc)
603 {
604 	scrollback(vc);
605 }
606 
fn_show_mem(struct vc_data * vc)607 static void fn_show_mem(struct vc_data *vc)
608 {
609 	show_mem();
610 }
611 
fn_show_state(struct vc_data * vc)612 static void fn_show_state(struct vc_data *vc)
613 {
614 	show_state();
615 }
616 
fn_boot_it(struct vc_data * vc)617 static void fn_boot_it(struct vc_data *vc)
618 {
619 	ctrl_alt_del();
620 }
621 
fn_compose(struct vc_data * vc)622 static void fn_compose(struct vc_data *vc)
623 {
624 	dead_key_next = true;
625 }
626 
fn_spawn_con(struct vc_data * vc)627 static void fn_spawn_con(struct vc_data *vc)
628 {
629 	spin_lock(&vt_spawn_con.lock);
630 	if (vt_spawn_con.pid)
631 		if (kill_pid(vt_spawn_con.pid, vt_spawn_con.sig, 1)) {
632 			put_pid(vt_spawn_con.pid);
633 			vt_spawn_con.pid = NULL;
634 		}
635 	spin_unlock(&vt_spawn_con.lock);
636 }
637 
fn_SAK(struct vc_data * vc)638 static void fn_SAK(struct vc_data *vc)
639 {
640 	struct work_struct *SAK_work = &vc_cons[fg_console].SAK_work;
641 	schedule_work(SAK_work);
642 }
643 
fn_null(struct vc_data * vc)644 static void fn_null(struct vc_data *vc)
645 {
646 	do_compute_shiftstate();
647 }
648 
649 /*
650  * Special key handlers
651  */
k_ignore(struct vc_data * vc,unsigned char value,char up_flag)652 static void k_ignore(struct vc_data *vc, unsigned char value, char up_flag)
653 {
654 }
655 
k_spec(struct vc_data * vc,unsigned char value,char up_flag)656 static void k_spec(struct vc_data *vc, unsigned char value, char up_flag)
657 {
658 	if (up_flag)
659 		return;
660 	if (value >= ARRAY_SIZE(fn_handler))
661 		return;
662 	if ((kbd->kbdmode == VC_RAW ||
663 	     kbd->kbdmode == VC_MEDIUMRAW ||
664 	     kbd->kbdmode == VC_OFF) &&
665 	     value != KVAL(K_SAK))
666 		return;		/* SAK is allowed even in raw mode */
667 	fn_handler[value](vc);
668 }
669 
k_lowercase(struct vc_data * vc,unsigned char value,char up_flag)670 static void k_lowercase(struct vc_data *vc, unsigned char value, char up_flag)
671 {
672 	pr_err("k_lowercase was called - impossible\n");
673 }
674 
k_unicode(struct vc_data * vc,unsigned int value,char up_flag)675 static void k_unicode(struct vc_data *vc, unsigned int value, char up_flag)
676 {
677 	if (up_flag)
678 		return;		/* no action, if this is a key release */
679 
680 	if (diacr)
681 		value = handle_diacr(vc, value);
682 
683 	if (dead_key_next) {
684 		dead_key_next = false;
685 		diacr = value;
686 		return;
687 	}
688 	if (kbd->kbdmode == VC_UNICODE)
689 		to_utf8(vc, value);
690 	else {
691 		int c = conv_uni_to_8bit(value);
692 		if (c != -1)
693 			put_queue(vc, c);
694 	}
695 }
696 
697 /*
698  * Handle dead key. Note that we now may have several
699  * dead keys modifying the same character. Very useful
700  * for Vietnamese.
701  */
k_deadunicode(struct vc_data * vc,unsigned int value,char up_flag)702 static void k_deadunicode(struct vc_data *vc, unsigned int value, char up_flag)
703 {
704 	if (up_flag)
705 		return;
706 
707 	diacr = (diacr ? handle_diacr(vc, value) : value);
708 }
709 
k_self(struct vc_data * vc,unsigned char value,char up_flag)710 static void k_self(struct vc_data *vc, unsigned char value, char up_flag)
711 {
712 	k_unicode(vc, conv_8bit_to_uni(value), up_flag);
713 }
714 
k_dead2(struct vc_data * vc,unsigned char value,char up_flag)715 static void k_dead2(struct vc_data *vc, unsigned char value, char up_flag)
716 {
717 	k_deadunicode(vc, value, up_flag);
718 }
719 
720 /*
721  * Obsolete - for backwards compatibility only
722  */
k_dead(struct vc_data * vc,unsigned char value,char up_flag)723 static void k_dead(struct vc_data *vc, unsigned char value, char up_flag)
724 {
725 	static const unsigned char ret_diacr[NR_DEAD] = {
726 		'`',	/* dead_grave */
727 		'\'',	/* dead_acute */
728 		'^',	/* dead_circumflex */
729 		'~',	/* dead_tilda */
730 		'"',	/* dead_diaeresis */
731 		',',	/* dead_cedilla */
732 		'_',	/* dead_macron */
733 		'U',	/* dead_breve */
734 		'.',	/* dead_abovedot */
735 		'*',	/* dead_abovering */
736 		'=',	/* dead_doubleacute */
737 		'c',	/* dead_caron */
738 		'k',	/* dead_ogonek */
739 		'i',	/* dead_iota */
740 		'#',	/* dead_voiced_sound */
741 		'o',	/* dead_semivoiced_sound */
742 		'!',	/* dead_belowdot */
743 		'?',	/* dead_hook */
744 		'+',	/* dead_horn */
745 		'-',	/* dead_stroke */
746 		')',	/* dead_abovecomma */
747 		'(',	/* dead_abovereversedcomma */
748 		':',	/* dead_doublegrave */
749 		'n',	/* dead_invertedbreve */
750 		';',	/* dead_belowcomma */
751 		'$',	/* dead_currency */
752 		'@',	/* dead_greek */
753 	};
754 
755 	k_deadunicode(vc, ret_diacr[value], up_flag);
756 }
757 
k_cons(struct vc_data * vc,unsigned char value,char up_flag)758 static void k_cons(struct vc_data *vc, unsigned char value, char up_flag)
759 {
760 	if (up_flag)
761 		return;
762 
763 	set_console(value);
764 }
765 
k_fn(struct vc_data * vc,unsigned char value,char up_flag)766 static void k_fn(struct vc_data *vc, unsigned char value, char up_flag)
767 {
768 	if (up_flag)
769 		return;
770 
771 	if ((unsigned)value < ARRAY_SIZE(func_table)) {
772 		unsigned long flags;
773 
774 		spin_lock_irqsave(&func_buf_lock, flags);
775 		if (func_table[value])
776 			puts_queue(vc, func_table[value]);
777 		spin_unlock_irqrestore(&func_buf_lock, flags);
778 
779 	} else
780 		pr_err("k_fn called with value=%d\n", value);
781 }
782 
k_cur(struct vc_data * vc,unsigned char value,char up_flag)783 static void k_cur(struct vc_data *vc, unsigned char value, char up_flag)
784 {
785 	static const char cur_chars[] = "BDCA";
786 
787 	if (up_flag)
788 		return;
789 
790 	applkey(vc, cur_chars[value], vc_kbd_mode(kbd, VC_CKMODE));
791 }
792 
k_pad(struct vc_data * vc,unsigned char value,char up_flag)793 static void k_pad(struct vc_data *vc, unsigned char value, char up_flag)
794 {
795 	static const char pad_chars[] = "0123456789+-*/\015,.?()#";
796 	static const char app_map[] = "pqrstuvwxylSRQMnnmPQS";
797 
798 	if (up_flag)
799 		return;		/* no action, if this is a key release */
800 
801 	/* kludge... shift forces cursor/number keys */
802 	if (vc_kbd_mode(kbd, VC_APPLIC) && !shift_down[KG_SHIFT]) {
803 		applkey(vc, app_map[value], 1);
804 		return;
805 	}
806 
807 	if (!vc_kbd_led(kbd, VC_NUMLOCK)) {
808 
809 		switch (value) {
810 		case KVAL(K_PCOMMA):
811 		case KVAL(K_PDOT):
812 			k_fn(vc, KVAL(K_REMOVE), 0);
813 			return;
814 		case KVAL(K_P0):
815 			k_fn(vc, KVAL(K_INSERT), 0);
816 			return;
817 		case KVAL(K_P1):
818 			k_fn(vc, KVAL(K_SELECT), 0);
819 			return;
820 		case KVAL(K_P2):
821 			k_cur(vc, KVAL(K_DOWN), 0);
822 			return;
823 		case KVAL(K_P3):
824 			k_fn(vc, KVAL(K_PGDN), 0);
825 			return;
826 		case KVAL(K_P4):
827 			k_cur(vc, KVAL(K_LEFT), 0);
828 			return;
829 		case KVAL(K_P6):
830 			k_cur(vc, KVAL(K_RIGHT), 0);
831 			return;
832 		case KVAL(K_P7):
833 			k_fn(vc, KVAL(K_FIND), 0);
834 			return;
835 		case KVAL(K_P8):
836 			k_cur(vc, KVAL(K_UP), 0);
837 			return;
838 		case KVAL(K_P9):
839 			k_fn(vc, KVAL(K_PGUP), 0);
840 			return;
841 		case KVAL(K_P5):
842 			applkey(vc, 'G', vc_kbd_mode(kbd, VC_APPLIC));
843 			return;
844 		}
845 	}
846 
847 	put_queue(vc, pad_chars[value]);
848 	if (value == KVAL(K_PENTER) && vc_kbd_mode(kbd, VC_CRLF))
849 		put_queue(vc, '\n');
850 }
851 
k_shift(struct vc_data * vc,unsigned char value,char up_flag)852 static void k_shift(struct vc_data *vc, unsigned char value, char up_flag)
853 {
854 	int old_state = shift_state;
855 
856 	if (rep)
857 		return;
858 	/*
859 	 * Mimic typewriter:
860 	 * a CapsShift key acts like Shift but undoes CapsLock
861 	 */
862 	if (value == KVAL(K_CAPSSHIFT)) {
863 		value = KVAL(K_SHIFT);
864 		if (!up_flag)
865 			clr_vc_kbd_led(kbd, VC_CAPSLOCK);
866 	}
867 
868 	if (up_flag) {
869 		/*
870 		 * handle the case that two shift or control
871 		 * keys are depressed simultaneously
872 		 */
873 		if (shift_down[value])
874 			shift_down[value]--;
875 	} else
876 		shift_down[value]++;
877 
878 	if (shift_down[value])
879 		shift_state |= BIT(value);
880 	else
881 		shift_state &= ~BIT(value);
882 
883 	/* kludge */
884 	if (up_flag && shift_state != old_state && npadch_active) {
885 		if (kbd->kbdmode == VC_UNICODE)
886 			to_utf8(vc, npadch_value);
887 		else
888 			put_queue(vc, npadch_value & 0xff);
889 		npadch_active = false;
890 	}
891 }
892 
k_meta(struct vc_data * vc,unsigned char value,char up_flag)893 static void k_meta(struct vc_data *vc, unsigned char value, char up_flag)
894 {
895 	if (up_flag)
896 		return;
897 
898 	if (vc_kbd_mode(kbd, VC_META)) {
899 		put_queue(vc, '\033');
900 		put_queue(vc, value);
901 	} else
902 		put_queue(vc, value | BIT(7));
903 }
904 
k_ascii(struct vc_data * vc,unsigned char value,char up_flag)905 static void k_ascii(struct vc_data *vc, unsigned char value, char up_flag)
906 {
907 	unsigned int base;
908 
909 	if (up_flag)
910 		return;
911 
912 	if (value < 10) {
913 		/* decimal input of code, while Alt depressed */
914 		base = 10;
915 	} else {
916 		/* hexadecimal input of code, while AltGr depressed */
917 		value -= 10;
918 		base = 16;
919 	}
920 
921 	if (!npadch_active) {
922 		npadch_value = 0;
923 		npadch_active = true;
924 	}
925 
926 	npadch_value = npadch_value * base + value;
927 }
928 
k_lock(struct vc_data * vc,unsigned char value,char up_flag)929 static void k_lock(struct vc_data *vc, unsigned char value, char up_flag)
930 {
931 	if (up_flag || rep)
932 		return;
933 
934 	chg_vc_kbd_lock(kbd, value);
935 }
936 
k_slock(struct vc_data * vc,unsigned char value,char up_flag)937 static void k_slock(struct vc_data *vc, unsigned char value, char up_flag)
938 {
939 	k_shift(vc, value, up_flag);
940 	if (up_flag || rep)
941 		return;
942 
943 	chg_vc_kbd_slock(kbd, value);
944 	/* try to make Alt, oops, AltGr and such work */
945 	if (!key_maps[kbd->lockstate ^ kbd->slockstate]) {
946 		kbd->slockstate = 0;
947 		chg_vc_kbd_slock(kbd, value);
948 	}
949 }
950 
951 /* by default, 300ms interval for combination release */
952 static unsigned brl_timeout = 300;
953 MODULE_PARM_DESC(brl_timeout, "Braille keys release delay in ms (0 for commit on first key release)");
954 module_param(brl_timeout, uint, 0644);
955 
956 static unsigned brl_nbchords = 1;
957 MODULE_PARM_DESC(brl_nbchords, "Number of chords that produce a braille pattern (0 for dead chords)");
958 module_param(brl_nbchords, uint, 0644);
959 
k_brlcommit(struct vc_data * vc,unsigned int pattern,char up_flag)960 static void k_brlcommit(struct vc_data *vc, unsigned int pattern, char up_flag)
961 {
962 	static unsigned long chords;
963 	static unsigned committed;
964 
965 	if (!brl_nbchords)
966 		k_deadunicode(vc, BRL_UC_ROW | pattern, up_flag);
967 	else {
968 		committed |= pattern;
969 		chords++;
970 		if (chords == brl_nbchords) {
971 			k_unicode(vc, BRL_UC_ROW | committed, up_flag);
972 			chords = 0;
973 			committed = 0;
974 		}
975 	}
976 }
977 
k_brl(struct vc_data * vc,unsigned char value,char up_flag)978 static void k_brl(struct vc_data *vc, unsigned char value, char up_flag)
979 {
980 	static unsigned pressed, committing;
981 	static unsigned long releasestart;
982 
983 	if (kbd->kbdmode != VC_UNICODE) {
984 		if (!up_flag)
985 			pr_warn("keyboard mode must be unicode for braille patterns\n");
986 		return;
987 	}
988 
989 	if (!value) {
990 		k_unicode(vc, BRL_UC_ROW, up_flag);
991 		return;
992 	}
993 
994 	if (value > 8)
995 		return;
996 
997 	if (!up_flag) {
998 		pressed |= BIT(value - 1);
999 		if (!brl_timeout)
1000 			committing = pressed;
1001 	} else if (brl_timeout) {
1002 		if (!committing ||
1003 		    time_after(jiffies,
1004 			       releasestart + msecs_to_jiffies(brl_timeout))) {
1005 			committing = pressed;
1006 			releasestart = jiffies;
1007 		}
1008 		pressed &= ~BIT(value - 1);
1009 		if (!pressed && committing) {
1010 			k_brlcommit(vc, committing, 0);
1011 			committing = 0;
1012 		}
1013 	} else {
1014 		if (committing) {
1015 			k_brlcommit(vc, committing, 0);
1016 			committing = 0;
1017 		}
1018 		pressed &= ~BIT(value - 1);
1019 	}
1020 }
1021 
1022 #if IS_ENABLED(CONFIG_INPUT_LEDS) && IS_ENABLED(CONFIG_LEDS_TRIGGERS)
1023 
1024 struct kbd_led_trigger {
1025 	struct led_trigger trigger;
1026 	unsigned int mask;
1027 };
1028 
kbd_led_trigger_activate(struct led_classdev * cdev)1029 static int kbd_led_trigger_activate(struct led_classdev *cdev)
1030 {
1031 	struct kbd_led_trigger *trigger =
1032 		container_of(cdev->trigger, struct kbd_led_trigger, trigger);
1033 
1034 	tasklet_disable(&keyboard_tasklet);
1035 	if (ledstate != -1U)
1036 		led_trigger_event(&trigger->trigger,
1037 				  ledstate & trigger->mask ?
1038 					LED_FULL : LED_OFF);
1039 	tasklet_enable(&keyboard_tasklet);
1040 
1041 	return 0;
1042 }
1043 
1044 #define KBD_LED_TRIGGER(_led_bit, _name) {			\
1045 		.trigger = {					\
1046 			.name = _name,				\
1047 			.activate = kbd_led_trigger_activate,	\
1048 		},						\
1049 		.mask	= BIT(_led_bit),			\
1050 	}
1051 
1052 #define KBD_LOCKSTATE_TRIGGER(_led_bit, _name)		\
1053 	KBD_LED_TRIGGER((_led_bit) + 8, _name)
1054 
1055 static struct kbd_led_trigger kbd_led_triggers[] = {
1056 	KBD_LED_TRIGGER(VC_SCROLLOCK, "kbd-scrolllock"),
1057 	KBD_LED_TRIGGER(VC_NUMLOCK,   "kbd-numlock"),
1058 	KBD_LED_TRIGGER(VC_CAPSLOCK,  "kbd-capslock"),
1059 	KBD_LED_TRIGGER(VC_KANALOCK,  "kbd-kanalock"),
1060 
1061 	KBD_LOCKSTATE_TRIGGER(VC_SHIFTLOCK,  "kbd-shiftlock"),
1062 	KBD_LOCKSTATE_TRIGGER(VC_ALTGRLOCK,  "kbd-altgrlock"),
1063 	KBD_LOCKSTATE_TRIGGER(VC_CTRLLOCK,   "kbd-ctrllock"),
1064 	KBD_LOCKSTATE_TRIGGER(VC_ALTLOCK,    "kbd-altlock"),
1065 	KBD_LOCKSTATE_TRIGGER(VC_SHIFTLLOCK, "kbd-shiftllock"),
1066 	KBD_LOCKSTATE_TRIGGER(VC_SHIFTRLOCK, "kbd-shiftrlock"),
1067 	KBD_LOCKSTATE_TRIGGER(VC_CTRLLLOCK,  "kbd-ctrlllock"),
1068 	KBD_LOCKSTATE_TRIGGER(VC_CTRLRLOCK,  "kbd-ctrlrlock"),
1069 };
1070 
kbd_propagate_led_state(unsigned int old_state,unsigned int new_state)1071 static void kbd_propagate_led_state(unsigned int old_state,
1072 				    unsigned int new_state)
1073 {
1074 	struct kbd_led_trigger *trigger;
1075 	unsigned int changed = old_state ^ new_state;
1076 	int i;
1077 
1078 	for (i = 0; i < ARRAY_SIZE(kbd_led_triggers); i++) {
1079 		trigger = &kbd_led_triggers[i];
1080 
1081 		if (changed & trigger->mask)
1082 			led_trigger_event(&trigger->trigger,
1083 					  new_state & trigger->mask ?
1084 						LED_FULL : LED_OFF);
1085 	}
1086 }
1087 
kbd_update_leds_helper(struct input_handle * handle,void * data)1088 static int kbd_update_leds_helper(struct input_handle *handle, void *data)
1089 {
1090 	unsigned int led_state = *(unsigned int *)data;
1091 
1092 	if (test_bit(EV_LED, handle->dev->evbit))
1093 		kbd_propagate_led_state(~led_state, led_state);
1094 
1095 	return 0;
1096 }
1097 
kbd_init_leds(void)1098 static void kbd_init_leds(void)
1099 {
1100 	int error;
1101 	int i;
1102 
1103 	for (i = 0; i < ARRAY_SIZE(kbd_led_triggers); i++) {
1104 		error = led_trigger_register(&kbd_led_triggers[i].trigger);
1105 		if (error)
1106 			pr_err("error %d while registering trigger %s\n",
1107 			       error, kbd_led_triggers[i].trigger.name);
1108 	}
1109 }
1110 
1111 #else
1112 
kbd_update_leds_helper(struct input_handle * handle,void * data)1113 static int kbd_update_leds_helper(struct input_handle *handle, void *data)
1114 {
1115 	unsigned int leds = *(unsigned int *)data;
1116 
1117 	if (test_bit(EV_LED, handle->dev->evbit)) {
1118 		input_inject_event(handle, EV_LED, LED_SCROLLL, !!(leds & BIT(0)));
1119 		input_inject_event(handle, EV_LED, LED_NUML,    !!(leds & BIT(1)));
1120 		input_inject_event(handle, EV_LED, LED_CAPSL,   !!(leds & BIT(2)));
1121 		input_inject_event(handle, EV_SYN, SYN_REPORT, 0);
1122 	}
1123 
1124 	return 0;
1125 }
1126 
kbd_propagate_led_state(unsigned int old_state,unsigned int new_state)1127 static void kbd_propagate_led_state(unsigned int old_state,
1128 				    unsigned int new_state)
1129 {
1130 	input_handler_for_each_handle(&kbd_handler, &new_state,
1131 				      kbd_update_leds_helper);
1132 }
1133 
kbd_init_leds(void)1134 static void kbd_init_leds(void)
1135 {
1136 }
1137 
1138 #endif
1139 
1140 /*
1141  * The leds display either (i) the status of NumLock, CapsLock, ScrollLock,
1142  * or (ii) whatever pattern of lights people want to show using KDSETLED,
1143  * or (iii) specified bits of specified words in kernel memory.
1144  */
getledstate(void)1145 static unsigned char getledstate(void)
1146 {
1147 	return ledstate & 0xff;
1148 }
1149 
setledstate(struct kbd_struct * kb,unsigned int led)1150 void setledstate(struct kbd_struct *kb, unsigned int led)
1151 {
1152         unsigned long flags;
1153         spin_lock_irqsave(&led_lock, flags);
1154 	if (!(led & ~7)) {
1155 		ledioctl = led;
1156 		kb->ledmode = LED_SHOW_IOCTL;
1157 	} else
1158 		kb->ledmode = LED_SHOW_FLAGS;
1159 
1160 	set_leds();
1161 	spin_unlock_irqrestore(&led_lock, flags);
1162 }
1163 
getleds(void)1164 static inline unsigned char getleds(void)
1165 {
1166 	struct kbd_struct *kb = kbd_table + fg_console;
1167 
1168 	if (kb->ledmode == LED_SHOW_IOCTL)
1169 		return ledioctl;
1170 
1171 	return kb->ledflagstate;
1172 }
1173 
1174 /**
1175  *	vt_get_leds	-	helper for braille console
1176  *	@console: console to read
1177  *	@flag: flag we want to check
1178  *
1179  *	Check the status of a keyboard led flag and report it back
1180  */
vt_get_leds(unsigned int console,int flag)1181 int vt_get_leds(unsigned int console, int flag)
1182 {
1183 	struct kbd_struct *kb = &kbd_table[console];
1184 	int ret;
1185 	unsigned long flags;
1186 
1187 	spin_lock_irqsave(&led_lock, flags);
1188 	ret = vc_kbd_led(kb, flag);
1189 	spin_unlock_irqrestore(&led_lock, flags);
1190 
1191 	return ret;
1192 }
1193 EXPORT_SYMBOL_GPL(vt_get_leds);
1194 
1195 /**
1196  *	vt_set_led_state	-	set LED state of a console
1197  *	@console: console to set
1198  *	@leds: LED bits
1199  *
1200  *	Set the LEDs on a console. This is a wrapper for the VT layer
1201  *	so that we can keep kbd knowledge internal
1202  */
vt_set_led_state(unsigned int console,int leds)1203 void vt_set_led_state(unsigned int console, int leds)
1204 {
1205 	struct kbd_struct *kb = &kbd_table[console];
1206 	setledstate(kb, leds);
1207 }
1208 
1209 /**
1210  *	vt_kbd_con_start	-	Keyboard side of console start
1211  *	@console: console
1212  *
1213  *	Handle console start. This is a wrapper for the VT layer
1214  *	so that we can keep kbd knowledge internal
1215  *
1216  *	FIXME: We eventually need to hold the kbd lock here to protect
1217  *	the LED updating. We can't do it yet because fn_hold calls stop_tty
1218  *	and start_tty under the kbd_event_lock, while normal tty paths
1219  *	don't hold the lock. We probably need to split out an LED lock
1220  *	but not during an -rc release!
1221  */
vt_kbd_con_start(unsigned int console)1222 void vt_kbd_con_start(unsigned int console)
1223 {
1224 	struct kbd_struct *kb = &kbd_table[console];
1225 	unsigned long flags;
1226 	spin_lock_irqsave(&led_lock, flags);
1227 	clr_vc_kbd_led(kb, VC_SCROLLOCK);
1228 	set_leds();
1229 	spin_unlock_irqrestore(&led_lock, flags);
1230 }
1231 
1232 /**
1233  *	vt_kbd_con_stop		-	Keyboard side of console stop
1234  *	@console: console
1235  *
1236  *	Handle console stop. This is a wrapper for the VT layer
1237  *	so that we can keep kbd knowledge internal
1238  */
vt_kbd_con_stop(unsigned int console)1239 void vt_kbd_con_stop(unsigned int console)
1240 {
1241 	struct kbd_struct *kb = &kbd_table[console];
1242 	unsigned long flags;
1243 	spin_lock_irqsave(&led_lock, flags);
1244 	set_vc_kbd_led(kb, VC_SCROLLOCK);
1245 	set_leds();
1246 	spin_unlock_irqrestore(&led_lock, flags);
1247 }
1248 
1249 /*
1250  * This is the tasklet that updates LED state of LEDs using standard
1251  * keyboard triggers. The reason we use tasklet is that we need to
1252  * handle the scenario when keyboard handler is not registered yet
1253  * but we already getting updates from the VT to update led state.
1254  */
kbd_bh(struct tasklet_struct * unused)1255 static void kbd_bh(struct tasklet_struct *unused)
1256 {
1257 	unsigned int leds;
1258 	unsigned long flags;
1259 
1260 	spin_lock_irqsave(&led_lock, flags);
1261 	leds = getleds();
1262 	leds |= (unsigned int)kbd->lockstate << 8;
1263 	spin_unlock_irqrestore(&led_lock, flags);
1264 
1265 	if (vt_switch) {
1266 		ledstate = ~leds;
1267 		vt_switch = false;
1268 	}
1269 
1270 	if (leds != ledstate) {
1271 		kbd_propagate_led_state(ledstate, leds);
1272 		ledstate = leds;
1273 	}
1274 }
1275 
1276 #if defined(CONFIG_X86) || defined(CONFIG_IA64) || defined(CONFIG_ALPHA) ||\
1277     defined(CONFIG_MIPS) || defined(CONFIG_PPC) || defined(CONFIG_SPARC) ||\
1278     defined(CONFIG_PARISC) || defined(CONFIG_SUPERH) ||\
1279     (defined(CONFIG_ARM) && defined(CONFIG_KEYBOARD_ATKBD) && !defined(CONFIG_ARCH_RPC))
1280 
kbd_is_hw_raw(const struct input_dev * dev)1281 static inline bool kbd_is_hw_raw(const struct input_dev *dev)
1282 {
1283 	if (!test_bit(EV_MSC, dev->evbit) || !test_bit(MSC_RAW, dev->mscbit))
1284 		return false;
1285 
1286 	return dev->id.bustype == BUS_I8042 &&
1287 		dev->id.vendor == 0x0001 && dev->id.product == 0x0001;
1288 }
1289 
1290 static const unsigned short x86_keycodes[256] =
1291 	{ 0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
1292 	 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
1293 	 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
1294 	 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63,
1295 	 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79,
1296 	 80, 81, 82, 83, 84,118, 86, 87, 88,115,120,119,121,112,123, 92,
1297 	284,285,309,  0,312, 91,327,328,329,331,333,335,336,337,338,339,
1298 	367,288,302,304,350, 89,334,326,267,126,268,269,125,347,348,349,
1299 	360,261,262,263,268,376,100,101,321,316,373,286,289,102,351,355,
1300 	103,104,105,275,287,279,258,106,274,107,294,364,358,363,362,361,
1301 	291,108,381,281,290,272,292,305,280, 99,112,257,306,359,113,114,
1302 	264,117,271,374,379,265,266, 93, 94, 95, 85,259,375,260, 90,116,
1303 	377,109,111,277,278,282,283,295,296,297,299,300,301,293,303,307,
1304 	308,310,313,314,315,317,318,319,320,357,322,323,324,325,276,330,
1305 	332,340,365,342,343,344,345,346,356,270,341,368,369,370,371,372 };
1306 
1307 #ifdef CONFIG_SPARC
1308 static int sparc_l1_a_state;
1309 extern void sun_do_break(void);
1310 #endif
1311 
emulate_raw(struct vc_data * vc,unsigned int keycode,unsigned char up_flag)1312 static int emulate_raw(struct vc_data *vc, unsigned int keycode,
1313 		       unsigned char up_flag)
1314 {
1315 	int code;
1316 
1317 	switch (keycode) {
1318 
1319 	case KEY_PAUSE:
1320 		put_queue(vc, 0xe1);
1321 		put_queue(vc, 0x1d | up_flag);
1322 		put_queue(vc, 0x45 | up_flag);
1323 		break;
1324 
1325 	case KEY_HANGEUL:
1326 		if (!up_flag)
1327 			put_queue(vc, 0xf2);
1328 		break;
1329 
1330 	case KEY_HANJA:
1331 		if (!up_flag)
1332 			put_queue(vc, 0xf1);
1333 		break;
1334 
1335 	case KEY_SYSRQ:
1336 		/*
1337 		 * Real AT keyboards (that's what we're trying
1338 		 * to emulate here) emit 0xe0 0x2a 0xe0 0x37 when
1339 		 * pressing PrtSc/SysRq alone, but simply 0x54
1340 		 * when pressing Alt+PrtSc/SysRq.
1341 		 */
1342 		if (test_bit(KEY_LEFTALT, key_down) ||
1343 		    test_bit(KEY_RIGHTALT, key_down)) {
1344 			put_queue(vc, 0x54 | up_flag);
1345 		} else {
1346 			put_queue(vc, 0xe0);
1347 			put_queue(vc, 0x2a | up_flag);
1348 			put_queue(vc, 0xe0);
1349 			put_queue(vc, 0x37 | up_flag);
1350 		}
1351 		break;
1352 
1353 	default:
1354 		if (keycode > 255)
1355 			return -1;
1356 
1357 		code = x86_keycodes[keycode];
1358 		if (!code)
1359 			return -1;
1360 
1361 		if (code & 0x100)
1362 			put_queue(vc, 0xe0);
1363 		put_queue(vc, (code & 0x7f) | up_flag);
1364 
1365 		break;
1366 	}
1367 
1368 	return 0;
1369 }
1370 
1371 #else
1372 
kbd_is_hw_raw(const struct input_dev * dev)1373 static inline bool kbd_is_hw_raw(const struct input_dev *dev)
1374 {
1375 	return false;
1376 }
1377 
emulate_raw(struct vc_data * vc,unsigned int keycode,unsigned char up_flag)1378 static int emulate_raw(struct vc_data *vc, unsigned int keycode, unsigned char up_flag)
1379 {
1380 	if (keycode > 127)
1381 		return -1;
1382 
1383 	put_queue(vc, keycode | up_flag);
1384 	return 0;
1385 }
1386 #endif
1387 
kbd_rawcode(unsigned char data)1388 static void kbd_rawcode(unsigned char data)
1389 {
1390 	struct vc_data *vc = vc_cons[fg_console].d;
1391 
1392 	kbd = &kbd_table[vc->vc_num];
1393 	if (kbd->kbdmode == VC_RAW)
1394 		put_queue(vc, data);
1395 }
1396 
kbd_keycode(unsigned int keycode,int down,bool hw_raw)1397 static void kbd_keycode(unsigned int keycode, int down, bool hw_raw)
1398 {
1399 	struct vc_data *vc = vc_cons[fg_console].d;
1400 	unsigned short keysym, *key_map;
1401 	unsigned char type;
1402 	bool raw_mode;
1403 	struct tty_struct *tty;
1404 	int shift_final;
1405 	struct keyboard_notifier_param param = { .vc = vc, .value = keycode, .down = down };
1406 	int rc;
1407 
1408 	tty = vc->port.tty;
1409 
1410 	if (tty && (!tty->driver_data)) {
1411 		/* No driver data? Strange. Okay we fix it then. */
1412 		tty->driver_data = vc;
1413 	}
1414 
1415 	kbd = &kbd_table[vc->vc_num];
1416 
1417 #ifdef CONFIG_SPARC
1418 	if (keycode == KEY_STOP)
1419 		sparc_l1_a_state = down;
1420 #endif
1421 
1422 	rep = (down == 2);
1423 
1424 	raw_mode = (kbd->kbdmode == VC_RAW);
1425 	if (raw_mode && !hw_raw)
1426 		if (emulate_raw(vc, keycode, !down << 7))
1427 			if (keycode < BTN_MISC && printk_ratelimit())
1428 				pr_warn("can't emulate rawmode for keycode %d\n",
1429 					keycode);
1430 
1431 #ifdef CONFIG_SPARC
1432 	if (keycode == KEY_A && sparc_l1_a_state) {
1433 		sparc_l1_a_state = false;
1434 		sun_do_break();
1435 	}
1436 #endif
1437 
1438 	if (kbd->kbdmode == VC_MEDIUMRAW) {
1439 		/*
1440 		 * This is extended medium raw mode, with keys above 127
1441 		 * encoded as 0, high 7 bits, low 7 bits, with the 0 bearing
1442 		 * the 'up' flag if needed. 0 is reserved, so this shouldn't
1443 		 * interfere with anything else. The two bytes after 0 will
1444 		 * always have the up flag set not to interfere with older
1445 		 * applications. This allows for 16384 different keycodes,
1446 		 * which should be enough.
1447 		 */
1448 		if (keycode < 128) {
1449 			put_queue(vc, keycode | (!down << 7));
1450 		} else {
1451 			put_queue(vc, !down << 7);
1452 			put_queue(vc, (keycode >> 7) | BIT(7));
1453 			put_queue(vc, keycode | BIT(7));
1454 		}
1455 		raw_mode = true;
1456 	}
1457 
1458 	assign_bit(keycode, key_down, down);
1459 
1460 	if (rep &&
1461 	    (!vc_kbd_mode(kbd, VC_REPEAT) ||
1462 	     (tty && !L_ECHO(tty) && tty_chars_in_buffer(tty)))) {
1463 		/*
1464 		 * Don't repeat a key if the input buffers are not empty and the
1465 		 * characters get aren't echoed locally. This makes key repeat
1466 		 * usable with slow applications and under heavy loads.
1467 		 */
1468 		return;
1469 	}
1470 
1471 	param.shift = shift_final = (shift_state | kbd->slockstate) ^ kbd->lockstate;
1472 	param.ledstate = kbd->ledflagstate;
1473 	key_map = key_maps[shift_final];
1474 
1475 	rc = atomic_notifier_call_chain(&keyboard_notifier_list,
1476 					KBD_KEYCODE, &param);
1477 	if (rc == NOTIFY_STOP || !key_map) {
1478 		atomic_notifier_call_chain(&keyboard_notifier_list,
1479 					   KBD_UNBOUND_KEYCODE, &param);
1480 		do_compute_shiftstate();
1481 		kbd->slockstate = 0;
1482 		return;
1483 	}
1484 
1485 	if (keycode < NR_KEYS)
1486 		keysym = key_map[keycode];
1487 	else if (keycode >= KEY_BRL_DOT1 && keycode <= KEY_BRL_DOT8)
1488 		keysym = U(K(KT_BRL, keycode - KEY_BRL_DOT1 + 1));
1489 	else
1490 		return;
1491 
1492 	type = KTYP(keysym);
1493 
1494 	if (type < 0xf0) {
1495 		param.value = keysym;
1496 		rc = atomic_notifier_call_chain(&keyboard_notifier_list,
1497 						KBD_UNICODE, &param);
1498 		if (rc != NOTIFY_STOP)
1499 			if (down && !raw_mode)
1500 				k_unicode(vc, keysym, !down);
1501 		return;
1502 	}
1503 
1504 	type -= 0xf0;
1505 
1506 	if (type == KT_LETTER) {
1507 		type = KT_LATIN;
1508 		if (vc_kbd_led(kbd, VC_CAPSLOCK)) {
1509 			key_map = key_maps[shift_final ^ BIT(KG_SHIFT)];
1510 			if (key_map)
1511 				keysym = key_map[keycode];
1512 		}
1513 	}
1514 
1515 	param.value = keysym;
1516 	rc = atomic_notifier_call_chain(&keyboard_notifier_list,
1517 					KBD_KEYSYM, &param);
1518 	if (rc == NOTIFY_STOP)
1519 		return;
1520 
1521 	if ((raw_mode || kbd->kbdmode == VC_OFF) && type != KT_SPEC && type != KT_SHIFT)
1522 		return;
1523 
1524 	(*k_handler[type])(vc, keysym & 0xff, !down);
1525 
1526 	param.ledstate = kbd->ledflagstate;
1527 	atomic_notifier_call_chain(&keyboard_notifier_list, KBD_POST_KEYSYM, &param);
1528 
1529 	if (type != KT_SLOCK)
1530 		kbd->slockstate = 0;
1531 }
1532 
kbd_event(struct input_handle * handle,unsigned int event_type,unsigned int event_code,int value)1533 static void kbd_event(struct input_handle *handle, unsigned int event_type,
1534 		      unsigned int event_code, int value)
1535 {
1536 	/* We are called with interrupts disabled, just take the lock */
1537 	spin_lock(&kbd_event_lock);
1538 
1539 	if (event_type == EV_MSC && event_code == MSC_RAW &&
1540 			kbd_is_hw_raw(handle->dev))
1541 		kbd_rawcode(value);
1542 	if (event_type == EV_KEY && event_code <= KEY_MAX)
1543 		kbd_keycode(event_code, value, kbd_is_hw_raw(handle->dev));
1544 
1545 	spin_unlock(&kbd_event_lock);
1546 
1547 	tasklet_schedule(&keyboard_tasklet);
1548 	do_poke_blanked_console = 1;
1549 	schedule_console_callback();
1550 }
1551 
kbd_match(struct input_handler * handler,struct input_dev * dev)1552 static bool kbd_match(struct input_handler *handler, struct input_dev *dev)
1553 {
1554 	if (test_bit(EV_SND, dev->evbit))
1555 		return true;
1556 
1557 	if (test_bit(EV_KEY, dev->evbit)) {
1558 		if (find_next_bit(dev->keybit, BTN_MISC, KEY_RESERVED) <
1559 				BTN_MISC)
1560 			return true;
1561 		if (find_next_bit(dev->keybit, KEY_BRL_DOT10 + 1,
1562 					KEY_BRL_DOT1) <= KEY_BRL_DOT10)
1563 			return true;
1564 	}
1565 
1566 	return false;
1567 }
1568 
1569 /*
1570  * When a keyboard (or other input device) is found, the kbd_connect
1571  * function is called. The function then looks at the device, and if it
1572  * likes it, it can open it and get events from it. In this (kbd_connect)
1573  * function, we should decide which VT to bind that keyboard to initially.
1574  */
kbd_connect(struct input_handler * handler,struct input_dev * dev,const struct input_device_id * id)1575 static int kbd_connect(struct input_handler *handler, struct input_dev *dev,
1576 			const struct input_device_id *id)
1577 {
1578 	struct input_handle *handle;
1579 	int error;
1580 
1581 	handle = kzalloc(sizeof(struct input_handle), GFP_KERNEL);
1582 	if (!handle)
1583 		return -ENOMEM;
1584 
1585 	handle->dev = dev;
1586 	handle->handler = handler;
1587 	handle->name = "kbd";
1588 
1589 	error = input_register_handle(handle);
1590 	if (error)
1591 		goto err_free_handle;
1592 
1593 	error = input_open_device(handle);
1594 	if (error)
1595 		goto err_unregister_handle;
1596 
1597 	return 0;
1598 
1599  err_unregister_handle:
1600 	input_unregister_handle(handle);
1601  err_free_handle:
1602 	kfree(handle);
1603 	return error;
1604 }
1605 
kbd_disconnect(struct input_handle * handle)1606 static void kbd_disconnect(struct input_handle *handle)
1607 {
1608 	input_close_device(handle);
1609 	input_unregister_handle(handle);
1610 	kfree(handle);
1611 }
1612 
1613 /*
1614  * Start keyboard handler on the new keyboard by refreshing LED state to
1615  * match the rest of the system.
1616  */
kbd_start(struct input_handle * handle)1617 static void kbd_start(struct input_handle *handle)
1618 {
1619 	tasklet_disable(&keyboard_tasklet);
1620 
1621 	if (ledstate != -1U)
1622 		kbd_update_leds_helper(handle, &ledstate);
1623 
1624 	tasklet_enable(&keyboard_tasklet);
1625 }
1626 
1627 static const struct input_device_id kbd_ids[] = {
1628 	{
1629 		.flags = INPUT_DEVICE_ID_MATCH_EVBIT,
1630 		.evbit = { BIT_MASK(EV_KEY) },
1631 	},
1632 
1633 	{
1634 		.flags = INPUT_DEVICE_ID_MATCH_EVBIT,
1635 		.evbit = { BIT_MASK(EV_SND) },
1636 	},
1637 
1638 	{ },    /* Terminating entry */
1639 };
1640 
1641 MODULE_DEVICE_TABLE(input, kbd_ids);
1642 
1643 static struct input_handler kbd_handler = {
1644 	.event		= kbd_event,
1645 	.match		= kbd_match,
1646 	.connect	= kbd_connect,
1647 	.disconnect	= kbd_disconnect,
1648 	.start		= kbd_start,
1649 	.name		= "kbd",
1650 	.id_table	= kbd_ids,
1651 };
1652 
kbd_init(void)1653 int __init kbd_init(void)
1654 {
1655 	int i;
1656 	int error;
1657 
1658 	for (i = 0; i < MAX_NR_CONSOLES; i++) {
1659 		kbd_table[i].ledflagstate = kbd_defleds();
1660 		kbd_table[i].default_ledflagstate = kbd_defleds();
1661 		kbd_table[i].ledmode = LED_SHOW_FLAGS;
1662 		kbd_table[i].lockstate = KBD_DEFLOCK;
1663 		kbd_table[i].slockstate = 0;
1664 		kbd_table[i].modeflags = KBD_DEFMODE;
1665 		kbd_table[i].kbdmode = default_utf8 ? VC_UNICODE : VC_XLATE;
1666 	}
1667 
1668 	kbd_init_leds();
1669 
1670 	error = input_register_handler(&kbd_handler);
1671 	if (error)
1672 		return error;
1673 
1674 	tasklet_enable(&keyboard_tasklet);
1675 	tasklet_schedule(&keyboard_tasklet);
1676 
1677 	return 0;
1678 }
1679 
1680 /* Ioctl support code */
1681 
1682 /**
1683  *	vt_do_diacrit		-	diacritical table updates
1684  *	@cmd: ioctl request
1685  *	@udp: pointer to user data for ioctl
1686  *	@perm: permissions check computed by caller
1687  *
1688  *	Update the diacritical tables atomically and safely. Lock them
1689  *	against simultaneous keypresses
1690  */
vt_do_diacrit(unsigned int cmd,void __user * udp,int perm)1691 int vt_do_diacrit(unsigned int cmd, void __user *udp, int perm)
1692 {
1693 	unsigned long flags;
1694 	int asize;
1695 	int ret = 0;
1696 
1697 	switch (cmd) {
1698 	case KDGKBDIACR:
1699 	{
1700 		struct kbdiacrs __user *a = udp;
1701 		struct kbdiacr *dia;
1702 		int i;
1703 
1704 		dia = kmalloc_array(MAX_DIACR, sizeof(struct kbdiacr),
1705 								GFP_KERNEL);
1706 		if (!dia)
1707 			return -ENOMEM;
1708 
1709 		/* Lock the diacriticals table, make a copy and then
1710 		   copy it after we unlock */
1711 		spin_lock_irqsave(&kbd_event_lock, flags);
1712 
1713 		asize = accent_table_size;
1714 		for (i = 0; i < asize; i++) {
1715 			dia[i].diacr = conv_uni_to_8bit(
1716 						accent_table[i].diacr);
1717 			dia[i].base = conv_uni_to_8bit(
1718 						accent_table[i].base);
1719 			dia[i].result = conv_uni_to_8bit(
1720 						accent_table[i].result);
1721 		}
1722 		spin_unlock_irqrestore(&kbd_event_lock, flags);
1723 
1724 		if (put_user(asize, &a->kb_cnt))
1725 			ret = -EFAULT;
1726 		else  if (copy_to_user(a->kbdiacr, dia,
1727 				asize * sizeof(struct kbdiacr)))
1728 			ret = -EFAULT;
1729 		kfree(dia);
1730 		return ret;
1731 	}
1732 	case KDGKBDIACRUC:
1733 	{
1734 		struct kbdiacrsuc __user *a = udp;
1735 		void *buf;
1736 
1737 		buf = kmalloc_array(MAX_DIACR, sizeof(struct kbdiacruc),
1738 								GFP_KERNEL);
1739 		if (buf == NULL)
1740 			return -ENOMEM;
1741 
1742 		/* Lock the diacriticals table, make a copy and then
1743 		   copy it after we unlock */
1744 		spin_lock_irqsave(&kbd_event_lock, flags);
1745 
1746 		asize = accent_table_size;
1747 		memcpy(buf, accent_table, asize * sizeof(struct kbdiacruc));
1748 
1749 		spin_unlock_irqrestore(&kbd_event_lock, flags);
1750 
1751 		if (put_user(asize, &a->kb_cnt))
1752 			ret = -EFAULT;
1753 		else if (copy_to_user(a->kbdiacruc, buf,
1754 				asize*sizeof(struct kbdiacruc)))
1755 			ret = -EFAULT;
1756 		kfree(buf);
1757 		return ret;
1758 	}
1759 
1760 	case KDSKBDIACR:
1761 	{
1762 		struct kbdiacrs __user *a = udp;
1763 		struct kbdiacr *dia = NULL;
1764 		unsigned int ct;
1765 		int i;
1766 
1767 		if (!perm)
1768 			return -EPERM;
1769 		if (get_user(ct, &a->kb_cnt))
1770 			return -EFAULT;
1771 		if (ct >= MAX_DIACR)
1772 			return -EINVAL;
1773 
1774 		if (ct) {
1775 
1776 			dia = memdup_user(a->kbdiacr,
1777 					sizeof(struct kbdiacr) * ct);
1778 			if (IS_ERR(dia))
1779 				return PTR_ERR(dia);
1780 
1781 		}
1782 
1783 		spin_lock_irqsave(&kbd_event_lock, flags);
1784 		accent_table_size = ct;
1785 		for (i = 0; i < ct; i++) {
1786 			accent_table[i].diacr =
1787 					conv_8bit_to_uni(dia[i].diacr);
1788 			accent_table[i].base =
1789 					conv_8bit_to_uni(dia[i].base);
1790 			accent_table[i].result =
1791 					conv_8bit_to_uni(dia[i].result);
1792 		}
1793 		spin_unlock_irqrestore(&kbd_event_lock, flags);
1794 		kfree(dia);
1795 		return 0;
1796 	}
1797 
1798 	case KDSKBDIACRUC:
1799 	{
1800 		struct kbdiacrsuc __user *a = udp;
1801 		unsigned int ct;
1802 		void *buf = NULL;
1803 
1804 		if (!perm)
1805 			return -EPERM;
1806 
1807 		if (get_user(ct, &a->kb_cnt))
1808 			return -EFAULT;
1809 
1810 		if (ct >= MAX_DIACR)
1811 			return -EINVAL;
1812 
1813 		if (ct) {
1814 			buf = memdup_user(a->kbdiacruc,
1815 					  ct * sizeof(struct kbdiacruc));
1816 			if (IS_ERR(buf))
1817 				return PTR_ERR(buf);
1818 		}
1819 		spin_lock_irqsave(&kbd_event_lock, flags);
1820 		if (ct)
1821 			memcpy(accent_table, buf,
1822 					ct * sizeof(struct kbdiacruc));
1823 		accent_table_size = ct;
1824 		spin_unlock_irqrestore(&kbd_event_lock, flags);
1825 		kfree(buf);
1826 		return 0;
1827 	}
1828 	}
1829 	return ret;
1830 }
1831 
1832 /**
1833  *	vt_do_kdskbmode		-	set keyboard mode ioctl
1834  *	@console: the console to use
1835  *	@arg: the requested mode
1836  *
1837  *	Update the keyboard mode bits while holding the correct locks.
1838  *	Return 0 for success or an error code.
1839  */
vt_do_kdskbmode(unsigned int console,unsigned int arg)1840 int vt_do_kdskbmode(unsigned int console, unsigned int arg)
1841 {
1842 	struct kbd_struct *kb = &kbd_table[console];
1843 	int ret = 0;
1844 	unsigned long flags;
1845 
1846 	spin_lock_irqsave(&kbd_event_lock, flags);
1847 	switch(arg) {
1848 	case K_RAW:
1849 		kb->kbdmode = VC_RAW;
1850 		break;
1851 	case K_MEDIUMRAW:
1852 		kb->kbdmode = VC_MEDIUMRAW;
1853 		break;
1854 	case K_XLATE:
1855 		kb->kbdmode = VC_XLATE;
1856 		do_compute_shiftstate();
1857 		break;
1858 	case K_UNICODE:
1859 		kb->kbdmode = VC_UNICODE;
1860 		do_compute_shiftstate();
1861 		break;
1862 	case K_OFF:
1863 		kb->kbdmode = VC_OFF;
1864 		break;
1865 	default:
1866 		ret = -EINVAL;
1867 	}
1868 	spin_unlock_irqrestore(&kbd_event_lock, flags);
1869 	return ret;
1870 }
1871 
1872 /**
1873  *	vt_do_kdskbmeta		-	set keyboard meta state
1874  *	@console: the console to use
1875  *	@arg: the requested meta state
1876  *
1877  *	Update the keyboard meta bits while holding the correct locks.
1878  *	Return 0 for success or an error code.
1879  */
vt_do_kdskbmeta(unsigned int console,unsigned int arg)1880 int vt_do_kdskbmeta(unsigned int console, unsigned int arg)
1881 {
1882 	struct kbd_struct *kb = &kbd_table[console];
1883 	int ret = 0;
1884 	unsigned long flags;
1885 
1886 	spin_lock_irqsave(&kbd_event_lock, flags);
1887 	switch(arg) {
1888 	case K_METABIT:
1889 		clr_vc_kbd_mode(kb, VC_META);
1890 		break;
1891 	case K_ESCPREFIX:
1892 		set_vc_kbd_mode(kb, VC_META);
1893 		break;
1894 	default:
1895 		ret = -EINVAL;
1896 	}
1897 	spin_unlock_irqrestore(&kbd_event_lock, flags);
1898 	return ret;
1899 }
1900 
vt_do_kbkeycode_ioctl(int cmd,struct kbkeycode __user * user_kbkc,int perm)1901 int vt_do_kbkeycode_ioctl(int cmd, struct kbkeycode __user *user_kbkc,
1902 								int perm)
1903 {
1904 	struct kbkeycode tmp;
1905 	int kc = 0;
1906 
1907 	if (copy_from_user(&tmp, user_kbkc, sizeof(struct kbkeycode)))
1908 		return -EFAULT;
1909 	switch (cmd) {
1910 	case KDGETKEYCODE:
1911 		kc = getkeycode(tmp.scancode);
1912 		if (kc >= 0)
1913 			kc = put_user(kc, &user_kbkc->keycode);
1914 		break;
1915 	case KDSETKEYCODE:
1916 		if (!perm)
1917 			return -EPERM;
1918 		kc = setkeycode(tmp.scancode, tmp.keycode);
1919 		break;
1920 	}
1921 	return kc;
1922 }
1923 
vt_kdgkbent(unsigned char kbdmode,unsigned char idx,unsigned char map)1924 static unsigned short vt_kdgkbent(unsigned char kbdmode, unsigned char idx,
1925 		unsigned char map)
1926 {
1927 	unsigned short *key_map, val;
1928 	unsigned long flags;
1929 
1930 	/* Ensure another thread doesn't free it under us */
1931 	spin_lock_irqsave(&kbd_event_lock, flags);
1932 	key_map = key_maps[map];
1933 	if (key_map) {
1934 		val = U(key_map[idx]);
1935 		if (kbdmode != VC_UNICODE && KTYP(val) >= NR_TYPES)
1936 			val = K_HOLE;
1937 	} else
1938 		val = idx ? K_HOLE : K_NOSUCHMAP;
1939 	spin_unlock_irqrestore(&kbd_event_lock, flags);
1940 
1941 	return val;
1942 }
1943 
vt_kdskbent(unsigned char kbdmode,unsigned char idx,unsigned char map,unsigned short val)1944 static int vt_kdskbent(unsigned char kbdmode, unsigned char idx,
1945 		unsigned char map, unsigned short val)
1946 {
1947 	unsigned long flags;
1948 	unsigned short *key_map, *new_map, oldval;
1949 
1950 	if (!idx && val == K_NOSUCHMAP) {
1951 		spin_lock_irqsave(&kbd_event_lock, flags);
1952 		/* deallocate map */
1953 		key_map = key_maps[map];
1954 		if (map && key_map) {
1955 			key_maps[map] = NULL;
1956 			if (key_map[0] == U(K_ALLOCATED)) {
1957 				kfree(key_map);
1958 				keymap_count--;
1959 			}
1960 		}
1961 		spin_unlock_irqrestore(&kbd_event_lock, flags);
1962 
1963 		return 0;
1964 	}
1965 
1966 	if (KTYP(val) < NR_TYPES) {
1967 		if (KVAL(val) > max_vals[KTYP(val)])
1968 			return -EINVAL;
1969 	} else if (kbdmode != VC_UNICODE)
1970 		return -EINVAL;
1971 
1972 	/* ++Geert: non-PC keyboards may generate keycode zero */
1973 #if !defined(__mc68000__) && !defined(__powerpc__)
1974 	/* assignment to entry 0 only tests validity of args */
1975 	if (!idx)
1976 		return 0;
1977 #endif
1978 
1979 	new_map = kmalloc(sizeof(plain_map), GFP_KERNEL);
1980 	if (!new_map)
1981 		return -ENOMEM;
1982 
1983 	spin_lock_irqsave(&kbd_event_lock, flags);
1984 	key_map = key_maps[map];
1985 	if (key_map == NULL) {
1986 		int j;
1987 
1988 		if (keymap_count >= MAX_NR_OF_USER_KEYMAPS &&
1989 		    !capable(CAP_SYS_RESOURCE)) {
1990 			spin_unlock_irqrestore(&kbd_event_lock, flags);
1991 			kfree(new_map);
1992 			return -EPERM;
1993 		}
1994 		key_maps[map] = new_map;
1995 		key_map = new_map;
1996 		key_map[0] = U(K_ALLOCATED);
1997 		for (j = 1; j < NR_KEYS; j++)
1998 			key_map[j] = U(K_HOLE);
1999 		keymap_count++;
2000 	} else
2001 		kfree(new_map);
2002 
2003 	oldval = U(key_map[idx]);
2004 	if (val == oldval)
2005 		goto out;
2006 
2007 	/* Attention Key */
2008 	if ((oldval == K_SAK || val == K_SAK) && !capable(CAP_SYS_ADMIN)) {
2009 		spin_unlock_irqrestore(&kbd_event_lock, flags);
2010 		return -EPERM;
2011 	}
2012 
2013 	key_map[idx] = U(val);
2014 	if (!map && (KTYP(oldval) == KT_SHIFT || KTYP(val) == KT_SHIFT))
2015 		do_compute_shiftstate();
2016 out:
2017 	spin_unlock_irqrestore(&kbd_event_lock, flags);
2018 
2019 	return 0;
2020 }
2021 
vt_do_kdsk_ioctl(int cmd,struct kbentry __user * user_kbe,int perm,unsigned int console)2022 int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm,
2023 						unsigned int console)
2024 {
2025 	struct kbd_struct *kb = &kbd_table[console];
2026 	struct kbentry kbe;
2027 
2028 	if (copy_from_user(&kbe, user_kbe, sizeof(struct kbentry)))
2029 		return -EFAULT;
2030 
2031 	switch (cmd) {
2032 	case KDGKBENT:
2033 		return put_user(vt_kdgkbent(kb->kbdmode, kbe.kb_index,
2034 					kbe.kb_table),
2035 				&user_kbe->kb_value);
2036 	case KDSKBENT:
2037 		if (!perm || !capable(CAP_SYS_TTY_CONFIG))
2038 			return -EPERM;
2039 		return vt_kdskbent(kb->kbdmode, kbe.kb_index, kbe.kb_table,
2040 				kbe.kb_value);
2041 	}
2042 	return 0;
2043 }
2044 
vt_kdskbsent(char * kbs,unsigned char cur)2045 static char *vt_kdskbsent(char *kbs, unsigned char cur)
2046 {
2047 	static DECLARE_BITMAP(is_kmalloc, MAX_NR_FUNC);
2048 	char *cur_f = func_table[cur];
2049 
2050 	if (cur_f && strlen(cur_f) >= strlen(kbs)) {
2051 		strcpy(cur_f, kbs);
2052 		return kbs;
2053 	}
2054 
2055 	func_table[cur] = kbs;
2056 
2057 	return __test_and_set_bit(cur, is_kmalloc) ? cur_f : NULL;
2058 }
2059 
vt_do_kdgkb_ioctl(int cmd,struct kbsentry __user * user_kdgkb,int perm)2060 int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm)
2061 {
2062 	unsigned char kb_func;
2063 	unsigned long flags;
2064 	char *kbs;
2065 	int ret;
2066 
2067 	if (get_user(kb_func, &user_kdgkb->kb_func))
2068 		return -EFAULT;
2069 
2070 	kb_func = array_index_nospec(kb_func, MAX_NR_FUNC);
2071 
2072 	switch (cmd) {
2073 	case KDGKBSENT: {
2074 		/* size should have been a struct member */
2075 		ssize_t len = sizeof(user_kdgkb->kb_string);
2076 
2077 		kbs = kmalloc(len, GFP_KERNEL);
2078 		if (!kbs)
2079 			return -ENOMEM;
2080 
2081 		spin_lock_irqsave(&func_buf_lock, flags);
2082 		len = strlcpy(kbs, func_table[kb_func] ? : "", len);
2083 		spin_unlock_irqrestore(&func_buf_lock, flags);
2084 
2085 		ret = copy_to_user(user_kdgkb->kb_string, kbs, len + 1) ?
2086 			-EFAULT : 0;
2087 
2088 		break;
2089 	}
2090 	case KDSKBSENT:
2091 		if (!perm || !capable(CAP_SYS_TTY_CONFIG))
2092 			return -EPERM;
2093 
2094 		kbs = strndup_user(user_kdgkb->kb_string,
2095 				sizeof(user_kdgkb->kb_string));
2096 		if (IS_ERR(kbs))
2097 			return PTR_ERR(kbs);
2098 
2099 		spin_lock_irqsave(&func_buf_lock, flags);
2100 		kbs = vt_kdskbsent(kbs, kb_func);
2101 		spin_unlock_irqrestore(&func_buf_lock, flags);
2102 
2103 		ret = 0;
2104 		break;
2105 	}
2106 
2107 	kfree(kbs);
2108 
2109 	return ret;
2110 }
2111 
vt_do_kdskled(unsigned int console,int cmd,unsigned long arg,int perm)2112 int vt_do_kdskled(unsigned int console, int cmd, unsigned long arg, int perm)
2113 {
2114 	struct kbd_struct *kb = &kbd_table[console];
2115         unsigned long flags;
2116 	unsigned char ucval;
2117 
2118         switch(cmd) {
2119 	/* the ioctls below read/set the flags usually shown in the leds */
2120 	/* don't use them - they will go away without warning */
2121 	case KDGKBLED:
2122                 spin_lock_irqsave(&kbd_event_lock, flags);
2123 		ucval = kb->ledflagstate | (kb->default_ledflagstate << 4);
2124                 spin_unlock_irqrestore(&kbd_event_lock, flags);
2125 		return put_user(ucval, (char __user *)arg);
2126 
2127 	case KDSKBLED:
2128 		if (!perm)
2129 			return -EPERM;
2130 		if (arg & ~0x77)
2131 			return -EINVAL;
2132                 spin_lock_irqsave(&led_lock, flags);
2133 		kb->ledflagstate = (arg & 7);
2134 		kb->default_ledflagstate = ((arg >> 4) & 7);
2135 		set_leds();
2136                 spin_unlock_irqrestore(&led_lock, flags);
2137 		return 0;
2138 
2139 	/* the ioctls below only set the lights, not the functions */
2140 	/* for those, see KDGKBLED and KDSKBLED above */
2141 	case KDGETLED:
2142 		ucval = getledstate();
2143 		return put_user(ucval, (char __user *)arg);
2144 
2145 	case KDSETLED:
2146 		if (!perm)
2147 			return -EPERM;
2148 		setledstate(kb, arg);
2149 		return 0;
2150         }
2151         return -ENOIOCTLCMD;
2152 }
2153 
vt_do_kdgkbmode(unsigned int console)2154 int vt_do_kdgkbmode(unsigned int console)
2155 {
2156 	struct kbd_struct *kb = &kbd_table[console];
2157 	/* This is a spot read so needs no locking */
2158 	switch (kb->kbdmode) {
2159 	case VC_RAW:
2160 		return K_RAW;
2161 	case VC_MEDIUMRAW:
2162 		return K_MEDIUMRAW;
2163 	case VC_UNICODE:
2164 		return K_UNICODE;
2165 	case VC_OFF:
2166 		return K_OFF;
2167 	default:
2168 		return K_XLATE;
2169 	}
2170 }
2171 
2172 /**
2173  *	vt_do_kdgkbmeta		-	report meta status
2174  *	@console: console to report
2175  *
2176  *	Report the meta flag status of this console
2177  */
vt_do_kdgkbmeta(unsigned int console)2178 int vt_do_kdgkbmeta(unsigned int console)
2179 {
2180 	struct kbd_struct *kb = &kbd_table[console];
2181         /* Again a spot read so no locking */
2182 	return vc_kbd_mode(kb, VC_META) ? K_ESCPREFIX : K_METABIT;
2183 }
2184 
2185 /**
2186  *	vt_reset_unicode	-	reset the unicode status
2187  *	@console: console being reset
2188  *
2189  *	Restore the unicode console state to its default
2190  */
vt_reset_unicode(unsigned int console)2191 void vt_reset_unicode(unsigned int console)
2192 {
2193 	unsigned long flags;
2194 
2195 	spin_lock_irqsave(&kbd_event_lock, flags);
2196 	kbd_table[console].kbdmode = default_utf8 ? VC_UNICODE : VC_XLATE;
2197 	spin_unlock_irqrestore(&kbd_event_lock, flags);
2198 }
2199 
2200 /**
2201  *	vt_get_shift_state	-	shift bit state
2202  *
2203  *	Report the shift bits from the keyboard state. We have to export
2204  *	this to support some oddities in the vt layer.
2205  */
vt_get_shift_state(void)2206 int vt_get_shift_state(void)
2207 {
2208         /* Don't lock as this is a transient report */
2209         return shift_state;
2210 }
2211 
2212 /**
2213  *	vt_reset_keyboard	-	reset keyboard state
2214  *	@console: console to reset
2215  *
2216  *	Reset the keyboard bits for a console as part of a general console
2217  *	reset event
2218  */
vt_reset_keyboard(unsigned int console)2219 void vt_reset_keyboard(unsigned int console)
2220 {
2221 	struct kbd_struct *kb = &kbd_table[console];
2222 	unsigned long flags;
2223 
2224 	spin_lock_irqsave(&kbd_event_lock, flags);
2225 	set_vc_kbd_mode(kb, VC_REPEAT);
2226 	clr_vc_kbd_mode(kb, VC_CKMODE);
2227 	clr_vc_kbd_mode(kb, VC_APPLIC);
2228 	clr_vc_kbd_mode(kb, VC_CRLF);
2229 	kb->lockstate = 0;
2230 	kb->slockstate = 0;
2231 	spin_lock(&led_lock);
2232 	kb->ledmode = LED_SHOW_FLAGS;
2233 	kb->ledflagstate = kb->default_ledflagstate;
2234 	spin_unlock(&led_lock);
2235 	/* do not do set_leds here because this causes an endless tasklet loop
2236 	   when the keyboard hasn't been initialized yet */
2237 	spin_unlock_irqrestore(&kbd_event_lock, flags);
2238 }
2239 
2240 /**
2241  *	vt_get_kbd_mode_bit	-	read keyboard status bits
2242  *	@console: console to read from
2243  *	@bit: mode bit to read
2244  *
2245  *	Report back a vt mode bit. We do this without locking so the
2246  *	caller must be sure that there are no synchronization needs
2247  */
2248 
vt_get_kbd_mode_bit(unsigned int console,int bit)2249 int vt_get_kbd_mode_bit(unsigned int console, int bit)
2250 {
2251 	struct kbd_struct *kb = &kbd_table[console];
2252 	return vc_kbd_mode(kb, bit);
2253 }
2254 
2255 /**
2256  *	vt_set_kbd_mode_bit	-	read keyboard status bits
2257  *	@console: console to read from
2258  *	@bit: mode bit to read
2259  *
2260  *	Set a vt mode bit. We do this without locking so the
2261  *	caller must be sure that there are no synchronization needs
2262  */
2263 
vt_set_kbd_mode_bit(unsigned int console,int bit)2264 void vt_set_kbd_mode_bit(unsigned int console, int bit)
2265 {
2266 	struct kbd_struct *kb = &kbd_table[console];
2267 	unsigned long flags;
2268 
2269 	spin_lock_irqsave(&kbd_event_lock, flags);
2270 	set_vc_kbd_mode(kb, bit);
2271 	spin_unlock_irqrestore(&kbd_event_lock, flags);
2272 }
2273 
2274 /**
2275  *	vt_clr_kbd_mode_bit	-	read keyboard status bits
2276  *	@console: console to read from
2277  *	@bit: mode bit to read
2278  *
2279  *	Report back a vt mode bit. We do this without locking so the
2280  *	caller must be sure that there are no synchronization needs
2281  */
2282 
vt_clr_kbd_mode_bit(unsigned int console,int bit)2283 void vt_clr_kbd_mode_bit(unsigned int console, int bit)
2284 {
2285 	struct kbd_struct *kb = &kbd_table[console];
2286 	unsigned long flags;
2287 
2288 	spin_lock_irqsave(&kbd_event_lock, flags);
2289 	clr_vc_kbd_mode(kb, bit);
2290 	spin_unlock_irqrestore(&kbd_event_lock, flags);
2291 }
2292