Commit | Line | Data |
---|---|---|
e3b3d0f5 | 1 | // SPDX-License-Identifier: GPL-2.0 |
a1235b3e NP |
2 | /* |
3 | * Copyright (C) 1991, 1992 Linus Torvalds | |
4 | */ | |
5 | ||
6 | #include <linux/types.h> | |
7 | #include <linux/errno.h> | |
8 | #include <linux/signal.h> | |
9 | #include <linux/sched/signal.h> | |
10 | #include <linux/sched/task.h> | |
11 | #include <linux/tty.h> | |
12 | #include <linux/fcntl.h> | |
13 | #include <linux/uaccess.h> | |
14 | ||
15 | static int is_ignored(int sig) | |
16 | { | |
17 | return (sigismember(¤t->blocked, sig) || | |
18 | current->sighand->action[sig-1].sa.sa_handler == SIG_IGN); | |
19 | } | |
20 | ||
21 | /** | |
22 | * tty_check_change - check for POSIX terminal changes | |
23 | * @tty: tty to check | |
bc38fe24 | 24 | * @sig: signal to send |
a1235b3e NP |
25 | * |
26 | * If we try to write to, or set the state of, a terminal and we're | |
27 | * not in the foreground, send a SIGTTOU. If the signal is blocked or | |
28 | * ignored, go ahead and perform the operation. (POSIX 7.2) | |
29 | * | |
30 | * Locking: ctrl_lock | |
31 | */ | |
32 | int __tty_check_change(struct tty_struct *tty, int sig) | |
33 | { | |
34 | unsigned long flags; | |
35 | struct pid *pgrp, *tty_pgrp; | |
36 | int ret = 0; | |
37 | ||
38 | if (current->signal->tty != tty) | |
39 | return 0; | |
40 | ||
41 | rcu_read_lock(); | |
42 | pgrp = task_pgrp(current); | |
43 | ||
44 | spin_lock_irqsave(&tty->ctrl_lock, flags); | |
45 | tty_pgrp = tty->pgrp; | |
46 | spin_unlock_irqrestore(&tty->ctrl_lock, flags); | |
47 | ||
cf90c06f | 48 | if (tty_pgrp && pgrp != tty_pgrp) { |
a1235b3e NP |
49 | if (is_ignored(sig)) { |
50 | if (sig == SIGTTIN) | |
51 | ret = -EIO; | |
52 | } else if (is_current_pgrp_orphaned()) | |
53 | ret = -EIO; | |
54 | else { | |
55 | kill_pgrp(pgrp, sig, 1); | |
56 | set_thread_flag(TIF_SIGPENDING); | |
57 | ret = -ERESTARTSYS; | |
58 | } | |
59 | } | |
60 | rcu_read_unlock(); | |
61 | ||
62 | if (!tty_pgrp) | |
63 | tty_warn(tty, "sig=%d, tty->pgrp == NULL!\n", sig); | |
64 | ||
65 | return ret; | |
66 | } | |
67 | ||
68 | int tty_check_change(struct tty_struct *tty) | |
69 | { | |
70 | return __tty_check_change(tty, SIGTTOU); | |
71 | } | |
72 | EXPORT_SYMBOL(tty_check_change); | |
73 | ||
74 | void proc_clear_tty(struct task_struct *p) | |
75 | { | |
76 | unsigned long flags; | |
77 | struct tty_struct *tty; | |
78 | spin_lock_irqsave(&p->sighand->siglock, flags); | |
79 | tty = p->signal->tty; | |
80 | p->signal->tty = NULL; | |
81 | spin_unlock_irqrestore(&p->sighand->siglock, flags); | |
82 | tty_kref_put(tty); | |
83 | } | |
84 | ||
85 | /** | |
86 | * proc_set_tty - set the controlling terminal | |
bc38fe24 | 87 | * @tty: tty structure |
a1235b3e NP |
88 | * |
89 | * Only callable by the session leader and only if it does not already have | |
90 | * a controlling terminal. | |
91 | * | |
92 | * Caller must hold: tty_lock() | |
93 | * a readlock on tasklist_lock | |
94 | * sighand lock | |
95 | */ | |
96 | static void __proc_set_tty(struct tty_struct *tty) | |
97 | { | |
98 | unsigned long flags; | |
99 | ||
100 | spin_lock_irqsave(&tty->ctrl_lock, flags); | |
101 | /* | |
102 | * The session and fg pgrp references will be non-NULL if | |
103 | * tiocsctty() is stealing the controlling tty | |
104 | */ | |
105 | put_pid(tty->session); | |
106 | put_pid(tty->pgrp); | |
107 | tty->pgrp = get_pid(task_pgrp(current)); | |
a1235b3e | 108 | tty->session = get_pid(task_session(current)); |
c8bcd9c5 | 109 | spin_unlock_irqrestore(&tty->ctrl_lock, flags); |
a1235b3e NP |
110 | if (current->signal->tty) { |
111 | tty_debug(tty, "current tty %s not NULL!!\n", | |
112 | current->signal->tty->name); | |
113 | tty_kref_put(current->signal->tty); | |
114 | } | |
115 | put_pid(current->signal->tty_old_pgrp); | |
116 | current->signal->tty = tty_kref_get(tty); | |
117 | current->signal->tty_old_pgrp = NULL; | |
118 | } | |
119 | ||
120 | static void proc_set_tty(struct tty_struct *tty) | |
121 | { | |
122 | spin_lock_irq(¤t->sighand->siglock); | |
123 | __proc_set_tty(tty); | |
124 | spin_unlock_irq(¤t->sighand->siglock); | |
125 | } | |
126 | ||
127 | /* | |
128 | * Called by tty_open() to set the controlling tty if applicable. | |
129 | */ | |
130 | void tty_open_proc_set_tty(struct file *filp, struct tty_struct *tty) | |
131 | { | |
132 | read_lock(&tasklist_lock); | |
133 | spin_lock_irq(¤t->sighand->siglock); | |
134 | if (current->signal->leader && | |
135 | !current->signal->tty && | |
136 | tty->session == NULL) { | |
137 | /* | |
138 | * Don't let a process that only has write access to the tty | |
139 | * obtain the privileges associated with having a tty as | |
140 | * controlling terminal (being able to reopen it with full | |
141 | * access through /dev/tty, being able to perform pushback). | |
142 | * Many distributions set the group of all ttys to "tty" and | |
143 | * grant write-only access to all terminals for setgid tty | |
144 | * binaries, which should not imply full privileges on all ttys. | |
145 | * | |
146 | * This could theoretically break old code that performs open() | |
147 | * on a write-only file descriptor. In that case, it might be | |
148 | * necessary to also permit this if | |
149 | * inode_permission(inode, MAY_READ) == 0. | |
150 | */ | |
151 | if (filp->f_mode & FMODE_READ) | |
152 | __proc_set_tty(tty); | |
153 | } | |
154 | spin_unlock_irq(¤t->sighand->siglock); | |
155 | read_unlock(&tasklist_lock); | |
156 | } | |
157 | ||
158 | struct tty_struct *get_current_tty(void) | |
159 | { | |
160 | struct tty_struct *tty; | |
161 | unsigned long flags; | |
162 | ||
163 | spin_lock_irqsave(¤t->sighand->siglock, flags); | |
164 | tty = tty_kref_get(current->signal->tty); | |
165 | spin_unlock_irqrestore(¤t->sighand->siglock, flags); | |
166 | return tty; | |
167 | } | |
168 | EXPORT_SYMBOL_GPL(get_current_tty); | |
169 | ||
170 | /* | |
171 | * Called from tty_release(). | |
172 | */ | |
173 | void session_clear_tty(struct pid *session) | |
174 | { | |
175 | struct task_struct *p; | |
176 | do_each_pid_task(session, PIDTYPE_SID, p) { | |
177 | proc_clear_tty(p); | |
178 | } while_each_pid_task(session, PIDTYPE_SID, p); | |
179 | } | |
180 | ||
181 | /** | |
182 | * tty_signal_session_leader - sends SIGHUP to session leader | |
fa441954 JS |
183 | * @tty: controlling tty |
184 | * @exit_session: if non-zero, signal all foreground group processes | |
a1235b3e NP |
185 | * |
186 | * Send SIGHUP and SIGCONT to the session leader and its process group. | |
187 | * Optionally, signal all processes in the foreground process group. | |
188 | * | |
189 | * Returns the number of processes in the session with this tty | |
190 | * as their controlling terminal. This value is used to drop | |
191 | * tty references for those processes. | |
192 | */ | |
193 | int tty_signal_session_leader(struct tty_struct *tty, int exit_session) | |
194 | { | |
195 | struct task_struct *p; | |
196 | int refs = 0; | |
197 | struct pid *tty_pgrp = NULL; | |
198 | ||
199 | read_lock(&tasklist_lock); | |
200 | if (tty->session) { | |
201 | do_each_pid_task(tty->session, PIDTYPE_SID, p) { | |
202 | spin_lock_irq(&p->sighand->siglock); | |
203 | if (p->signal->tty == tty) { | |
204 | p->signal->tty = NULL; | |
205 | /* We defer the dereferences outside fo | |
206 | the tasklist lock */ | |
207 | refs++; | |
208 | } | |
209 | if (!p->signal->leader) { | |
210 | spin_unlock_irq(&p->sighand->siglock); | |
211 | continue; | |
212 | } | |
213 | __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p); | |
214 | __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p); | |
215 | put_pid(p->signal->tty_old_pgrp); /* A noop */ | |
216 | spin_lock(&tty->ctrl_lock); | |
217 | tty_pgrp = get_pid(tty->pgrp); | |
218 | if (tty->pgrp) | |
219 | p->signal->tty_old_pgrp = get_pid(tty->pgrp); | |
220 | spin_unlock(&tty->ctrl_lock); | |
221 | spin_unlock_irq(&p->sighand->siglock); | |
222 | } while_each_pid_task(tty->session, PIDTYPE_SID, p); | |
223 | } | |
224 | read_unlock(&tasklist_lock); | |
225 | ||
226 | if (tty_pgrp) { | |
227 | if (exit_session) | |
228 | kill_pgrp(tty_pgrp, SIGHUP, exit_session); | |
229 | put_pid(tty_pgrp); | |
230 | } | |
231 | ||
232 | return refs; | |
233 | } | |
234 | ||
235 | /** | |
236 | * disassociate_ctty - disconnect controlling tty | |
237 | * @on_exit: true if exiting so need to "hang up" the session | |
238 | * | |
239 | * This function is typically called only by the session leader, when | |
240 | * it wants to disassociate itself from its controlling tty. | |
241 | * | |
242 | * It performs the following functions: | |
243 | * (1) Sends a SIGHUP and SIGCONT to the foreground process group | |
244 | * (2) Clears the tty from being controlling the session | |
245 | * (3) Clears the controlling tty for all processes in the | |
246 | * session group. | |
247 | * | |
248 | * The argument on_exit is set to 1 if called when a process is | |
249 | * exiting; it is 0 if called by the ioctl TIOCNOTTY. | |
250 | * | |
251 | * Locking: | |
252 | * BTM is taken for hysterical raisons, and held when | |
253 | * called from no_tty(). | |
254 | * tty_mutex is taken to protect tty | |
255 | * ->siglock is taken to protect ->signal/->sighand | |
256 | * tasklist_lock is taken to walk process list for sessions | |
257 | * ->siglock is taken to protect ->signal/->sighand | |
258 | */ | |
259 | void disassociate_ctty(int on_exit) | |
260 | { | |
261 | struct tty_struct *tty; | |
262 | ||
263 | if (!current->signal->leader) | |
264 | return; | |
265 | ||
266 | tty = get_current_tty(); | |
267 | if (tty) { | |
268 | if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) { | |
269 | tty_vhangup_session(tty); | |
270 | } else { | |
271 | struct pid *tty_pgrp = tty_get_pgrp(tty); | |
272 | if (tty_pgrp) { | |
273 | kill_pgrp(tty_pgrp, SIGHUP, on_exit); | |
274 | if (!on_exit) | |
275 | kill_pgrp(tty_pgrp, SIGCONT, on_exit); | |
276 | put_pid(tty_pgrp); | |
277 | } | |
278 | } | |
279 | tty_kref_put(tty); | |
280 | ||
281 | } else if (on_exit) { | |
282 | struct pid *old_pgrp; | |
283 | spin_lock_irq(¤t->sighand->siglock); | |
284 | old_pgrp = current->signal->tty_old_pgrp; | |
285 | current->signal->tty_old_pgrp = NULL; | |
286 | spin_unlock_irq(¤t->sighand->siglock); | |
287 | if (old_pgrp) { | |
288 | kill_pgrp(old_pgrp, SIGHUP, on_exit); | |
289 | kill_pgrp(old_pgrp, SIGCONT, on_exit); | |
290 | put_pid(old_pgrp); | |
291 | } | |
292 | return; | |
293 | } | |
294 | ||
295 | spin_lock_irq(¤t->sighand->siglock); | |
296 | put_pid(current->signal->tty_old_pgrp); | |
297 | current->signal->tty_old_pgrp = NULL; | |
a1235b3e | 298 | tty = tty_kref_get(current->signal->tty); |
c8bcd9c5 JH |
299 | spin_unlock_irq(¤t->sighand->siglock); |
300 | ||
a1235b3e NP |
301 | if (tty) { |
302 | unsigned long flags; | |
c8bcd9c5 JH |
303 | |
304 | tty_lock(tty); | |
a1235b3e NP |
305 | spin_lock_irqsave(&tty->ctrl_lock, flags); |
306 | put_pid(tty->session); | |
307 | put_pid(tty->pgrp); | |
308 | tty->session = NULL; | |
309 | tty->pgrp = NULL; | |
310 | spin_unlock_irqrestore(&tty->ctrl_lock, flags); | |
c8bcd9c5 | 311 | tty_unlock(tty); |
a1235b3e NP |
312 | tty_kref_put(tty); |
313 | } | |
314 | ||
a1235b3e NP |
315 | /* Now clear signal->tty under the lock */ |
316 | read_lock(&tasklist_lock); | |
317 | session_clear_tty(task_session(current)); | |
318 | read_unlock(&tasklist_lock); | |
319 | } | |
320 | ||
3adf2aa8 | 321 | /* |
a1235b3e NP |
322 | * |
323 | * no_tty - Ensure the current process does not have a controlling tty | |
324 | */ | |
325 | void no_tty(void) | |
326 | { | |
327 | /* FIXME: Review locking here. The tty_lock never covered any race | |
328 | between a new association and proc_clear_tty but possible we need | |
329 | to protect against this anyway */ | |
330 | struct task_struct *tsk = current; | |
331 | disassociate_ctty(0); | |
332 | proc_clear_tty(tsk); | |
333 | } | |
334 | ||
335 | /** | |
336 | * tiocsctty - set controlling tty | |
337 | * @tty: tty structure | |
bc38fe24 | 338 | * @file: file structure used to check permissions |
a1235b3e NP |
339 | * @arg: user argument |
340 | * | |
341 | * This ioctl is used to manage job control. It permits a session | |
342 | * leader to set this tty as the controlling tty for the session. | |
343 | * | |
344 | * Locking: | |
345 | * Takes tty_lock() to serialize proc_set_tty() for this tty | |
346 | * Takes tasklist_lock internally to walk sessions | |
347 | * Takes ->siglock() when updating signal->tty | |
348 | */ | |
349 | static int tiocsctty(struct tty_struct *tty, struct file *file, int arg) | |
350 | { | |
351 | int ret = 0; | |
352 | ||
353 | tty_lock(tty); | |
354 | read_lock(&tasklist_lock); | |
355 | ||
356 | if (current->signal->leader && (task_session(current) == tty->session)) | |
357 | goto unlock; | |
358 | ||
359 | /* | |
360 | * The process must be a session leader and | |
361 | * not have a controlling tty already. | |
362 | */ | |
363 | if (!current->signal->leader || current->signal->tty) { | |
364 | ret = -EPERM; | |
365 | goto unlock; | |
366 | } | |
367 | ||
368 | if (tty->session) { | |
369 | /* | |
370 | * This tty is already the controlling | |
371 | * tty for another session group! | |
372 | */ | |
373 | if (arg == 1 && capable(CAP_SYS_ADMIN)) { | |
374 | /* | |
375 | * Steal it away | |
376 | */ | |
377 | session_clear_tty(tty->session); | |
378 | } else { | |
379 | ret = -EPERM; | |
380 | goto unlock; | |
381 | } | |
382 | } | |
383 | ||
384 | /* See the comment in tty_open_proc_set_tty(). */ | |
385 | if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) { | |
386 | ret = -EPERM; | |
387 | goto unlock; | |
388 | } | |
389 | ||
390 | proc_set_tty(tty); | |
391 | unlock: | |
392 | read_unlock(&tasklist_lock); | |
393 | tty_unlock(tty); | |
394 | return ret; | |
395 | } | |
396 | ||
397 | /** | |
398 | * tty_get_pgrp - return a ref counted pgrp pid | |
399 | * @tty: tty to read | |
400 | * | |
401 | * Returns a refcounted instance of the pid struct for the process | |
402 | * group controlling the tty. | |
403 | */ | |
404 | struct pid *tty_get_pgrp(struct tty_struct *tty) | |
405 | { | |
406 | unsigned long flags; | |
407 | struct pid *pgrp; | |
408 | ||
409 | spin_lock_irqsave(&tty->ctrl_lock, flags); | |
410 | pgrp = get_pid(tty->pgrp); | |
411 | spin_unlock_irqrestore(&tty->ctrl_lock, flags); | |
412 | ||
413 | return pgrp; | |
414 | } | |
415 | EXPORT_SYMBOL_GPL(tty_get_pgrp); | |
416 | ||
417 | /* | |
418 | * This checks not only the pgrp, but falls back on the pid if no | |
419 | * satisfactory pgrp is found. I dunno - gdb doesn't work correctly | |
420 | * without this... | |
421 | * | |
422 | * The caller must hold rcu lock or the tasklist lock. | |
423 | */ | |
424 | static struct pid *session_of_pgrp(struct pid *pgrp) | |
425 | { | |
426 | struct task_struct *p; | |
427 | struct pid *sid = NULL; | |
428 | ||
429 | p = pid_task(pgrp, PIDTYPE_PGID); | |
430 | if (p == NULL) | |
431 | p = pid_task(pgrp, PIDTYPE_PID); | |
432 | if (p != NULL) | |
433 | sid = task_session(p); | |
434 | ||
435 | return sid; | |
436 | } | |
437 | ||
438 | /** | |
439 | * tiocgpgrp - get process group | |
440 | * @tty: tty passed by user | |
441 | * @real_tty: tty side of the tty passed by the user if a pty else the tty | |
442 | * @p: returned pid | |
443 | * | |
444 | * Obtain the process group of the tty. If there is no process group | |
445 | * return an error. | |
446 | * | |
447 | * Locking: none. Reference to current->signal->tty is safe. | |
448 | */ | |
449 | static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) | |
450 | { | |
451 | struct pid *pid; | |
452 | int ret; | |
453 | /* | |
454 | * (tty == real_tty) is a cheap way of | |
455 | * testing if the tty is NOT a master pty. | |
456 | */ | |
457 | if (tty == real_tty && current->signal->tty != real_tty) | |
458 | return -ENOTTY; | |
459 | pid = tty_get_pgrp(real_tty); | |
460 | ret = put_user(pid_vnr(pid), p); | |
461 | put_pid(pid); | |
462 | return ret; | |
463 | } | |
464 | ||
465 | /** | |
466 | * tiocspgrp - attempt to set process group | |
467 | * @tty: tty passed by user | |
468 | * @real_tty: tty side device matching tty passed by user | |
469 | * @p: pid pointer | |
470 | * | |
471 | * Set the process group of the tty to the session passed. Only | |
472 | * permitted where the tty session is our session. | |
473 | * | |
474 | * Locking: RCU, ctrl lock | |
475 | */ | |
476 | static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) | |
477 | { | |
478 | struct pid *pgrp; | |
479 | pid_t pgrp_nr; | |
480 | int retval = tty_check_change(real_tty); | |
481 | ||
482 | if (retval == -EIO) | |
483 | return -ENOTTY; | |
484 | if (retval) | |
485 | return retval; | |
c8bcd9c5 | 486 | |
a1235b3e NP |
487 | if (get_user(pgrp_nr, p)) |
488 | return -EFAULT; | |
489 | if (pgrp_nr < 0) | |
490 | return -EINVAL; | |
c8bcd9c5 JH |
491 | |
492 | spin_lock_irq(&real_tty->ctrl_lock); | |
493 | if (!current->signal->tty || | |
494 | (current->signal->tty != real_tty) || | |
495 | (real_tty->session != task_session(current))) { | |
496 | retval = -ENOTTY; | |
497 | goto out_unlock_ctrl; | |
498 | } | |
a1235b3e NP |
499 | rcu_read_lock(); |
500 | pgrp = find_vpid(pgrp_nr); | |
501 | retval = -ESRCH; | |
502 | if (!pgrp) | |
503 | goto out_unlock; | |
504 | retval = -EPERM; | |
505 | if (session_of_pgrp(pgrp) != task_session(current)) | |
506 | goto out_unlock; | |
507 | retval = 0; | |
a1235b3e NP |
508 | put_pid(real_tty->pgrp); |
509 | real_tty->pgrp = get_pid(pgrp); | |
a1235b3e NP |
510 | out_unlock: |
511 | rcu_read_unlock(); | |
c8bcd9c5 JH |
512 | out_unlock_ctrl: |
513 | spin_unlock_irq(&real_tty->ctrl_lock); | |
a1235b3e NP |
514 | return retval; |
515 | } | |
516 | ||
517 | /** | |
518 | * tiocgsid - get session id | |
519 | * @tty: tty passed by user | |
520 | * @real_tty: tty side of the tty passed by the user if a pty else the tty | |
521 | * @p: pointer to returned session id | |
522 | * | |
523 | * Obtain the session id of the tty. If there is no session | |
524 | * return an error. | |
a1235b3e NP |
525 | */ |
526 | static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) | |
527 | { | |
c8bcd9c5 JH |
528 | unsigned long flags; |
529 | pid_t sid; | |
530 | ||
a1235b3e NP |
531 | /* |
532 | * (tty == real_tty) is a cheap way of | |
533 | * testing if the tty is NOT a master pty. | |
534 | */ | |
535 | if (tty == real_tty && current->signal->tty != real_tty) | |
536 | return -ENOTTY; | |
c8bcd9c5 JH |
537 | |
538 | spin_lock_irqsave(&real_tty->ctrl_lock, flags); | |
a1235b3e | 539 | if (!real_tty->session) |
c8bcd9c5 JH |
540 | goto err; |
541 | sid = pid_vnr(real_tty->session); | |
542 | spin_unlock_irqrestore(&real_tty->ctrl_lock, flags); | |
543 | ||
544 | return put_user(sid, p); | |
545 | ||
546 | err: | |
547 | spin_unlock_irqrestore(&real_tty->ctrl_lock, flags); | |
548 | return -ENOTTY; | |
a1235b3e NP |
549 | } |
550 | ||
551 | /* | |
552 | * Called from tty_ioctl(). If tty is a pty then real_tty is the slave side, | |
553 | * if not then tty == real_tty. | |
554 | */ | |
555 | long tty_jobctrl_ioctl(struct tty_struct *tty, struct tty_struct *real_tty, | |
556 | struct file *file, unsigned int cmd, unsigned long arg) | |
557 | { | |
558 | void __user *p = (void __user *)arg; | |
559 | ||
560 | switch (cmd) { | |
561 | case TIOCNOTTY: | |
562 | if (current->signal->tty != tty) | |
563 | return -ENOTTY; | |
564 | no_tty(); | |
565 | return 0; | |
566 | case TIOCSCTTY: | |
567 | return tiocsctty(real_tty, file, arg); | |
568 | case TIOCGPGRP: | |
569 | return tiocgpgrp(tty, real_tty, p); | |
570 | case TIOCSPGRP: | |
571 | return tiocspgrp(tty, real_tty, p); | |
572 | case TIOCGSID: | |
573 | return tiocgsid(tty, real_tty, p); | |
574 | } | |
575 | return -ENOIOCTLCMD; | |
576 | } |