Commit Graph

184 Commits

Author SHA1 Message Date
Xin LI
9049b13f8f Use unsigned int for index value.
Without this change a local attacker could trigger a panic by
tricking the kernel into accessing undefined kernel memory.

We would like to acknowledge Francisco Falcon from CORE Security
Technologies who discovered the issue and reported to the
FreeBSD Security Team.

More information can be found at CORE Security's advisory at:
http://www.coresecurity.com/content/freebsd-kernel-multiple-vulnerabilities

This is an errata candidate for releng/10.1 and releng/9.3.  Earlier
releases are not affected.

Reported by:	Francisco Falcon from CORE Security Technologies
Security:	CVE-2014-0998
Reviewed by:	dumbbell
MFC after:	3 days
2015-01-27 19:35:41 +00:00
Andriy Gapon
85f95fffd7 hook userland threads suspend + resume into acpi suspend code
Also, split power_suspend into power_suspend and power_suspend_early.

power_suspend_early is called before the userland is frozen.
power_suspend is called after the userland is frozen.

Currently only VT switching is hooked to power_suspend_early.
This is needed because switching away from X server requires its
cooperation, so obviously X server must not be frozen when that happens.

Freezing userland during ACPI suspend is useful because not all drivers
correctly handle suspension concurrent with other activity.  This is
especially applicable to drivers ported from other operating systems
that suspend all software activity between placing drivers and hardware
into suspended state.
In particular drm2/radeon (radeonkms) depends on the described
procedure.  The driver does not have any internal synchronization
between suspension activities and processing of userland requests.

Many thanks to kib for the code that allows to freeze and thaw all
userland threads.

Note that ideally we also need to park / inhibit (non-special) kernel
threads as well to ensure that they do not call into drivers.

MFC after:	17 days
2015-01-27 17:33:18 +00:00
Andriy Gapon
6dfa4578d6 vt(4): Use power_{suspend,resume} event handlers to implement
suspend/resume

The goal is to avoid that the vt(4) resume happens before the video
display is resumed. The original patch was provided by Andriy Gapon.

This new patch registers the handlers in vt_upgrade(). This is done
once, thanks to the VDF_ASYNC flag. I abused this flag because it was
already abused by the keyboard allocation. The event handlers then call
the backend if it provides callbacks for suspend/resume.

Differential Revision:	https://reviews.freebsd.org/D1004
On behalf of:	dumbbell
MFC after:	2 weeks
2015-01-27 15:28:46 +00:00
Nathan Whitehorn
f1d2752f31 Make PS3 work with the userspace kboot loader. loader.ps3 will disappear
from the tree in the near future.

Done at:	Hackathon
2015-01-05 00:50:16 +00:00
Hans Petter Selasky
110cd60a28 The "vt_suspend_flush_timer()" function is sometimes called locked
which prevents us from doing a "callout_drain()" call. The callout in
question has a lock associated with it and we are not freeing the
callout. That means we can use the "callout_stop()" function to
atomically stop the callback iff the "callout_stop()" function is
called locked. This patch applies proper locking to "callout_stop()"
and replaces a "callout_drain()" with a "callout_stop()".

MFC after:    1 week
2015-01-02 13:35:10 +00:00
Roger Pau Monné
bc59086c88 vt_vga: fix an off-by-one error
This correctly sets the end of the memory region registered by vt_vga.

Reported by:	marius
2014-12-30 08:50:50 +00:00
Roger Pau Monné
3761128490 Partially revert "vt: register the memory regions used by the vt drivers"
Revert the EFI part of r276064 until I can test it properly on a real EFI
system. This was causing problems to people booting using UEFI and vt.

Reported by:	O. Hartmann <ohartman@zedat.fu-berlin.de>
2014-12-30 08:50:07 +00:00
Ed Maste
a09a539f06 Support ALT_BREAK_TO_DEBUGGER in vt(4)
Submitted by:	Andre Albsmeier on -hackers
2014-12-27 04:21:24 +00:00
Roger Pau Monné
acb332a8a1 vt: register the memory regions used by the vt drivers
Current VT drivers don't register the memory regions they use with the
nexus. This patch makes vt_vga and vt_efifb register the memory regions they
use.

This is needed (at least) for Xen support, since the FreeBSD kernel will try
to use the holes in the memory map to map memory from other domains and
setup it's grant table.

Sponsored by:		Citrix Systems R&D
Reported by:		sbruno
Tested by:		emaste
Reviewed by:		ray
PR:			195537
Differential Revision:	https://reviews.freebsd.org/D1291
2014-12-22 16:46:07 +00:00
Jean-Sébastien Pédron
0d265707aa vt(4): Support syscons' SC_HISTORY_SIZE to configure history size
Therefore, to set histry size to 2000 lines, add the following line to
your kernel configuration file:
    options SC_HISTORY_SIZE=2000

The default history remains at 500 lines.

MFC after:	1 week
2014-11-04 23:51:35 +00:00
Jean-Sébastien Pédron
9fc2d29ead vt(4): Fix keyboard allocation when kbdmux(4) isn't used
The problem was that only the kbdmux keyboard index was saved in
vd->vd_keyboard. This index is -1 when kbdmux isn't used. In this
case, the keyboard was correctly allocated, but the returned index was
discarded.

PR:		194718
MFC after:	1 week
2014-11-02 16:04:48 +00:00
Jean-Sébastien Pédron
da49f6bcc3 vt(4): Adjust the cursor position after changing the window size
A new terminal_set_cursor() is added: it wraps the existing
teken_set_cursor() function.

In vtbuf_grow(), the cursor position is adjusted at the end of the
function. In vt_change_font(), we call terminal_set_cursor() just after
terminal_set_winsize_blank(), while the terminal is mute.

This fixes a bug where, after loading a kernel video driver which
increases the terminal window size, the cursor remains at its old
position, in other words, in the middle of the display content.

PR:		194421
MFC after:	1 week
2014-11-01 17:05:15 +00:00
Jean-Sébastien Pédron
069f1c256a vt(4): Add PIO_VFONT_DEFAULT ioctl to restore the default builtin font
To restore the default font using vidcontrol(1), use the "-f" flag
without an argument:
    vidcontrol -f < /dev/ttyv0

PR:		193910
Differential Revision:	https://reviews.freebsd.org/D971
Submitted by:	Marcin Cieslak <saper@saper.info>
Reviewed by:	ray@, emaste@
Approved by:	ray@
MFC after:	1 week
2014-10-23 12:38:05 +00:00
Jean-Sébastien Pédron
2113857ae0 vt(4): Refuse to load a font if hw.vga.textmode is selected
Before, the font was loaded and the window size recalculated, giving an
unusable terminal, even if the actual font didn't change.

Reported by:	beeessdee@ruggedinbox.com
MFC after:	3 days
2014-10-20 14:25:23 +00:00
Ed Maste
0e53ac55b7 Do nothing in vt_upgrade if there is no vt driver
Previously, if no drivers attached at boot we would panic with
"vtbuf_fill_locked begin.tp_row 0 must be < screen height 0".

PR:		192248
Reviewed by:	ray
MFC after:	3 days
Sponsored by:	DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D954
2014-10-17 13:55:45 +00:00
Aleksandr Rybalko
c32f462f28 Allow vt(4) to disable terminal bell with sysctl kern.vt.bell_enable=0,
similar as syscons(4) do.

Submitted by:	Tiwei Bie <btw@mail.ustc.edu.cn>
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2014-10-07 18:47:53 +00:00
Jean-Sébastien Pédron
0d06446812 vt(4): Don't recalculate buffer size if we don't know screen size
When the screen size is unknown, it's set to 0x0. We can't use that as
the buffer size, otherwise, functions such as vtbuf_fill() will fail.

This fixes a panic on RaspberryPi, where there's no vt(4) backend
configured early in boot.

PR:		193981
Tested by:	danilo@
MFC after:	3 days
2014-10-04 18:40:40 +00:00
Jean-Sébastien Pédron
61220c0d64 vt(4): Save/restore keyboard mode & LED states when switching window
Add new functions to manipulate these mode & state, instead of calling
kbdd_ioctl() everyhere.

This fixes at least two bugs:

    1. The state of the Scroll Lock LED and the state of scroll mode
       could be out-of-sync. For instance, if one enables scroll mode on
       window #1 and switches to window #2, the LED would remain on, but
       the window wouldn't be in scroll mode.

       Similarily, when switching between a console and an X.Org
       session, the LED states could be inconsistent with the real
       state.

    2. When exiting from an X.Org session, the user could be unable to
       type anything. The workaround was to switch to another console
       window and come back.

Differential Revision:	https://reviews.freebsd.org/D821
Reviewed by:	ray@
Approved by:	ray@
Tested by:	kwm@
MFC after:	3 days
2014-10-02 16:36:37 +00:00
Bjoern A. Zeeb
a10068fdf5 Make gcc happy by initialising the variable only set in a couple of
case statements without a default.

MFC after:	2 days
X-MFC with:	r271871
2014-09-20 08:18:48 +00:00
Jean-Sébastien Pédron
09d058d153 vt(4): Remove superfluous word in comment
Submitted by:	brueffer@
MFC after:	3 days
MFC with:	271871
2014-09-19 12:38:43 +00:00
Jean-Sébastien Pédron
1454439c13 vt(4): Rewrite history scrolling
It's now possible to scroll up the 500 hard-coded lines of history, not
just a fraction of them. For instance, one can reach the top of the boot
process.

Sometimes, when scrolling or when changing the screen size (by changing
the font or loading a KMS driver for instance), one could see the
history cycling (old content appeared below latest lines). This is
fixed.

Now, when the resolution changes are more lines can be shown, the
displayed area is adjusted so that, if the screen was filled with
content before, it's filled with content after as well: more history
is visible, instead of having blank lines below the previously visible
content.

MFC after:	3 days
2014-09-19 12:20:43 +00:00
Jean-Sébastien Pédron
c3a05e5422 vt(4): Remove vt_buf->vb_dirtymask
This structure and the associated functions were unused since the
implementation of vd_bitblt_text_t callbacks.

MFC after:	3 days
2014-09-19 11:02:44 +00:00
Jean-Sébastien Pédron
18b21af2d2 vt(4): Use strncpy() to copy into a fixed-size buffer
CID:		1230007
MFC after:	3 days
2014-09-18 13:24:06 +00:00
Jean-Sébastien Pédron
46867de5dd vt(4): Fix out-of-bounds array access in VT_ACTIVATE ioctl handling
CID:		1229964
MFC after:	3 days
2014-09-18 12:20:19 +00:00
Jean-Sébastien Pédron
1365d0770d vt(4): Use vt_fb_drawrect() and vt_fb_setpixel() in all vt_fb-derivative
Review:		https://reviews.freebsd.org/D789
Reviewed by:	nwhitehorn
Approved by:	nwhitehorn
MFC after:	2 days
2014-09-16 18:02:24 +00:00
Jean-Sébastien Pédron
1952f0b519 vt(4): Fix a LOR which occurs during a call to vt_upgrade()
Reported by:	kib@
Review:		https://reviews.freebsd.org/D785
Reviewed by:	ray@
Approved by:	ray@
MFC after:	2 days
2014-09-16 17:42:37 +00:00
Jean-Sébastien Pédron
87684766b0 vt(4): Enclose vt_mouse_paste() prototype inside #ifndef SC_NO_CUTPASTE/#endif
This fixes the build with sparc64 LINT for instance.

Reported by:	bz@
MFC after:	3 days
2014-09-13 09:33:37 +00:00
Aleksandr Rybalko
673279c59b Fix 'function declaration isn't a prototype' warning.
Pointed by:	ian
MFC after:	1 week
2014-09-12 20:55:17 +00:00
Aleksandr Rybalko
44f751a21e Fix stray char on paste.
Tested by:	dumbbell and me
MFC after:	1 week
2014-09-12 14:17:09 +00:00
Aleksandr Rybalko
4f4b93ae98 Switch vt(4) to traditional behaviour with copy-paste same as syscons(4) do.
(forgetted in last commit)

Reviewed by:	dumbbell (as D755)
MFC after:	1 week
2014-09-12 14:16:10 +00:00
Aleksandr Rybalko
dd0de63eab Switch vt(4) to traditional behaviour with copy-paste same as syscons(4) do.
Reviewed by:	dumbbell (as D755)
MFC after:	1 week
2014-09-12 14:14:50 +00:00
Aleksandr Rybalko
2204db863d Remove stray whitespaces. 2014-09-12 14:07:20 +00:00
Aleksandr Rybalko
f7f6c6024d Fix one more spelling mistake.
Pointed by:	danfe
2014-09-10 11:48:13 +00:00
Aleksandr Rybalko
13c6f8a053 spelling fixes
Submitted by:	"Sam Fourman Jr." <sfourman@gmail.com>
MFC after:	1 week
2014-09-10 11:27:33 +00:00
Aleksandr Rybalko
ab763ff846 o Add sysctls to enable/disable potentially dengerous key combinations, like
reboot/halt/debug.
o Add support for most key combinations supported by syscons(4).

Reviewed by:	dumbbell, emaste (prev revision of D747)
MFC after:	5 days
Sponsored by:	The FreeBSD Foundation
2014-09-10 11:13:13 +00:00
Aleksandr Rybalko
8a6a589219 Revert r269474. Special keyboard combinations should be handled by separate
sysctls.
2014-09-09 14:18:56 +00:00
Jean-Sébastien Pédron
313ef9368f vt(4): Change the terminal and buffer sizes, even without a font
This fixes a bug where scroll lock would not work for tty #0 when using
vt_vga's textmode. The reason was that this window is created with a
static 256x100 buffer, larger than the real size of 80x25.

Now, in vt_change_font() and vt_compute_drawable_area(), we still
perform operations even of the window has no font loaded (this is the
case in textmode here vw->vw_font == NULL). One of these operation
resizes the buffer accordingly.

In vt_compute_drawable_area(), we take the terminal size as is (ie.
80x25) for the drawable area.

The font argument to vt_set_border() is removed (it was never used) and
the code now uses the computed drawable area instead of re-doing its own
calculation.

Reported by:	Harald Schmalzbauer <h.schmalzbauer_omnilan.de>
Tested by:	Harald Schmalzbauer <h.schmalzbauer_omnilan.de>
MFC after:	3 days
2014-09-08 07:37:03 +00:00
Jean-Sébastien Pédron
6cbf3f62e0 vt_vga: vd_setpixel_t and vd_drawrect_t are noop in text mode
MFC after:	3 days
2014-09-05 18:11:39 +00:00
Jean-Sébastien Pédron
ba572d1a95 vt(4): Indicate that KDSETRAD case falls through the next case
CID:		1229953
MFC after:	1 week
2014-08-29 08:20:03 +00:00
Jean-Sébastien Pédron
b7fe496196 vt(4): Change vb_history_size from "int" to "unsigned int"
CID:		1230002, 1230003
MFC after:	1 week
2014-08-29 08:16:31 +00:00
Jean-Sébastien Pédron
fa2694eec8 vt(4): If the terminal shrinks, make sure the mouse is inside the new area
MFC after:	1 week
2014-08-27 17:16:52 +00:00
Jean-Sébastien Pédron
84d623c61e vt(4): Fix mouse cursor handling in vt_fb/creator_vt/ofwfb
There were two issues:
    1. The area given to vt_is_cursor_in_area() was adding the drawable
       area offset, something already handled by this function.
    2. The cursor was shifted on the screen by the offset of this area
       and thus was misplaced or not erased. Furthermore, when reaching
       the bottom or right borders, the cursor was either totally
       removed or not erased correctly.

MFC after:	1 week
2014-08-27 15:10:28 +00:00
Jean-Sébastien Pédron
c0b72c11ea vt(4): Recompute the drawable area when the resolution changes
This was only done when the font changed.

MFC after:	1 week
2014-08-27 11:27:48 +00:00
Jean-Sébastien Pédron
fba582e5f4 vt(4): Pause the vt_flush() timer when the screen is up-to-date
The timer is restarted whenever a window buffer is marked as dirty or
the mouse cursor moves.

There's still room for improvement. For instance, we should not mark a
window buffer as dirty when this window isn't displayed.

Review:		https://reviews.freebsd.org/D683
Reviewed by:	ray@
Approved by:	ray@
MFC after:	1 week
2014-08-27 11:08:09 +00:00
Jean-Sébastien Pédron
3e206539a1 vt(4): Add cngrab() and cnungrab() callbacks
They are used when a panic occurs or when entering a DDB session for
instance.

cngrab() forces a vt-switch to the console window, no matter if the
original window is another terminal or an X session. However, cnungrab()
doesn't vt-switch back to the original window currently.

MFC after:	1 week
2014-08-27 10:04:10 +00:00
Jean-Sébastien Pédron
d3773c6e8e vt(4): Implement basic support for KDSETMODE ioctl
With the current implementation, this allows an X11 server to tell
the console it switches a particular window in "graphics mode". This
information is used by the mouse handling code to ignore sysmouse events
in the window taken by the X server: only him should receive those
events.

Reported by:	flo@, glebius@, kan@
Tested by:	flo@
Reviewed by:	kan@
MFC after:	1 week
2014-08-27 09:34:41 +00:00
Jean-Sébastien Pédron
cb81897a72 vt(4): When creating a window buffer, fill it entirely
... not just the visible part.

This fixes a bug where, when switching from eg. vt_vga to vt_fb (ie. the
resolution goes up), the originally hidden, uninitialized area of the
buffer is displayed on the screen. This leads to a missing text cursor
when it's over an unitialized area.

This was also visible when selecting text: the uninitialized area was
not highlighted.

Internally, this area was zeroed: characters were all 0x00000000,
meaning the foreground and background color was black. Now, everything
is filled with a space with a gray foreground color, like the visible
area.

While here, remove the check for the mute flag and always use
TERMINAL_NORM_ATTR as the character attribute (ie. gray foreground,
black background).

MFC after:	1 week
2014-08-26 17:48:05 +00:00
Jean-Sébastien Pédron
af9f67ea3d vt_vga: Use Write Mode 0 to draw group of 8 pixels using 3 or more colors
This replaces the method based on Write Mode 3, which required reads
from the video memory to load the latches.

MFC after:	1 week
2014-08-25 20:15:19 +00:00
Jean-Sébastien Pédron
a8ca6ae235 vt(4): Intialize drawable area rectangle each time a font is loaded
This also fixes a problem where early in boot, the area was zero,
leading to nothing displayed for a few seconds.

MFC after:	1 week
2014-08-25 19:52:13 +00:00
Jean-Sébastien Pédron
83fbb296a9 vt(4): Store a rectangle for the drawable area, not just the top-left corner
This allows backends to verify they do not draw outside of this area.
This fixes a bug in vt_vga where the text was happily drawn over the
right and bottom margins, when using the Gallant font.

MFC after:	1 week
2014-08-25 19:06:31 +00:00