Commit | Line | Data |
---|---|---|
e3b3d0f5 | 1 | // SPDX-License-Identifier: GPL-2.0 |
a1235b3e NP |
2 | /* |
3 | * Copyright (C) 1991, 1992 Linus Torvalds | |
4 | */ | |
5 | ||
6 | #include <linux/types.h> | |
7 | #include <linux/errno.h> | |
8 | #include <linux/signal.h> | |
9 | #include <linux/sched/signal.h> | |
10 | #include <linux/sched/task.h> | |
11 | #include <linux/tty.h> | |
12 | #include <linux/fcntl.h> | |
13 | #include <linux/uaccess.h> | |
14 | ||
15 | static int is_ignored(int sig) | |
16 | { | |
17 | return (sigismember(¤t->blocked, sig) || | |
18 | current->sighand->action[sig-1].sa.sa_handler == SIG_IGN); | |
19 | } | |
20 | ||
21 | /** | |
22 | * tty_check_change - check for POSIX terminal changes | |
23 | * @tty: tty to check | |
24 | * | |
25 | * If we try to write to, or set the state of, a terminal and we're | |
26 | * not in the foreground, send a SIGTTOU. If the signal is blocked or | |
27 | * ignored, go ahead and perform the operation. (POSIX 7.2) | |
28 | * | |
29 | * Locking: ctrl_lock | |
30 | */ | |
31 | int __tty_check_change(struct tty_struct *tty, int sig) | |
32 | { | |
33 | unsigned long flags; | |
34 | struct pid *pgrp, *tty_pgrp; | |
35 | int ret = 0; | |
36 | ||
37 | if (current->signal->tty != tty) | |
38 | return 0; | |
39 | ||
40 | rcu_read_lock(); | |
41 | pgrp = task_pgrp(current); | |
42 | ||
43 | spin_lock_irqsave(&tty->ctrl_lock, flags); | |
44 | tty_pgrp = tty->pgrp; | |
45 | spin_unlock_irqrestore(&tty->ctrl_lock, flags); | |
46 | ||
47 | if (tty_pgrp && pgrp != tty->pgrp) { | |
48 | if (is_ignored(sig)) { | |
49 | if (sig == SIGTTIN) | |
50 | ret = -EIO; | |
51 | } else if (is_current_pgrp_orphaned()) | |
52 | ret = -EIO; | |
53 | else { | |
54 | kill_pgrp(pgrp, sig, 1); | |
55 | set_thread_flag(TIF_SIGPENDING); | |
56 | ret = -ERESTARTSYS; | |
57 | } | |
58 | } | |
59 | rcu_read_unlock(); | |
60 | ||
61 | if (!tty_pgrp) | |
62 | tty_warn(tty, "sig=%d, tty->pgrp == NULL!\n", sig); | |
63 | ||
64 | return ret; | |
65 | } | |
66 | ||
67 | int tty_check_change(struct tty_struct *tty) | |
68 | { | |
69 | return __tty_check_change(tty, SIGTTOU); | |
70 | } | |
71 | EXPORT_SYMBOL(tty_check_change); | |
72 | ||
73 | void proc_clear_tty(struct task_struct *p) | |
74 | { | |
75 | unsigned long flags; | |
76 | struct tty_struct *tty; | |
77 | spin_lock_irqsave(&p->sighand->siglock, flags); | |
78 | tty = p->signal->tty; | |
79 | p->signal->tty = NULL; | |
80 | spin_unlock_irqrestore(&p->sighand->siglock, flags); | |
81 | tty_kref_put(tty); | |
82 | } | |
83 | ||
84 | /** | |
85 | * proc_set_tty - set the controlling terminal | |
86 | * | |
87 | * Only callable by the session leader and only if it does not already have | |
88 | * a controlling terminal. | |
89 | * | |
90 | * Caller must hold: tty_lock() | |
91 | * a readlock on tasklist_lock | |
92 | * sighand lock | |
93 | */ | |
94 | static void __proc_set_tty(struct tty_struct *tty) | |
95 | { | |
96 | unsigned long flags; | |
97 | ||
98 | spin_lock_irqsave(&tty->ctrl_lock, flags); | |
99 | /* | |
100 | * The session and fg pgrp references will be non-NULL if | |
101 | * tiocsctty() is stealing the controlling tty | |
102 | */ | |
103 | put_pid(tty->session); | |
104 | put_pid(tty->pgrp); | |
105 | tty->pgrp = get_pid(task_pgrp(current)); | |
106 | spin_unlock_irqrestore(&tty->ctrl_lock, flags); | |
107 | tty->session = get_pid(task_session(current)); | |
108 | if (current->signal->tty) { | |
109 | tty_debug(tty, "current tty %s not NULL!!\n", | |
110 | current->signal->tty->name); | |
111 | tty_kref_put(current->signal->tty); | |
112 | } | |
113 | put_pid(current->signal->tty_old_pgrp); | |
114 | current->signal->tty = tty_kref_get(tty); | |
115 | current->signal->tty_old_pgrp = NULL; | |
116 | } | |
117 | ||
118 | static void proc_set_tty(struct tty_struct *tty) | |
119 | { | |
120 | spin_lock_irq(¤t->sighand->siglock); | |
121 | __proc_set_tty(tty); | |
122 | spin_unlock_irq(¤t->sighand->siglock); | |
123 | } | |
124 | ||
125 | /* | |
126 | * Called by tty_open() to set the controlling tty if applicable. | |
127 | */ | |
128 | void tty_open_proc_set_tty(struct file *filp, struct tty_struct *tty) | |
129 | { | |
130 | read_lock(&tasklist_lock); | |
131 | spin_lock_irq(¤t->sighand->siglock); | |
132 | if (current->signal->leader && | |
133 | !current->signal->tty && | |
134 | tty->session == NULL) { | |
135 | /* | |
136 | * Don't let a process that only has write access to the tty | |
137 | * obtain the privileges associated with having a tty as | |
138 | * controlling terminal (being able to reopen it with full | |
139 | * access through /dev/tty, being able to perform pushback). | |
140 | * Many distributions set the group of all ttys to "tty" and | |
141 | * grant write-only access to all terminals for setgid tty | |
142 | * binaries, which should not imply full privileges on all ttys. | |
143 | * | |
144 | * This could theoretically break old code that performs open() | |
145 | * on a write-only file descriptor. In that case, it might be | |
146 | * necessary to also permit this if | |
147 | * inode_permission(inode, MAY_READ) == 0. | |
148 | */ | |
149 | if (filp->f_mode & FMODE_READ) | |
150 | __proc_set_tty(tty); | |
151 | } | |
152 | spin_unlock_irq(¤t->sighand->siglock); | |
153 | read_unlock(&tasklist_lock); | |
154 | } | |
155 | ||
156 | struct tty_struct *get_current_tty(void) | |
157 | { | |
158 | struct tty_struct *tty; | |
159 | unsigned long flags; | |
160 | ||
161 | spin_lock_irqsave(¤t->sighand->siglock, flags); | |
162 | tty = tty_kref_get(current->signal->tty); | |
163 | spin_unlock_irqrestore(¤t->sighand->siglock, flags); | |
164 | return tty; | |
165 | } | |
166 | EXPORT_SYMBOL_GPL(get_current_tty); | |
167 | ||
168 | /* | |
169 | * Called from tty_release(). | |
170 | */ | |
171 | void session_clear_tty(struct pid *session) | |
172 | { | |
173 | struct task_struct *p; | |
174 | do_each_pid_task(session, PIDTYPE_SID, p) { | |
175 | proc_clear_tty(p); | |
176 | } while_each_pid_task(session, PIDTYPE_SID, p); | |
177 | } | |
178 | ||
179 | /** | |
180 | * tty_signal_session_leader - sends SIGHUP to session leader | |
181 | * @tty controlling tty | |
182 | * @exit_session if non-zero, signal all foreground group processes | |
183 | * | |
184 | * Send SIGHUP and SIGCONT to the session leader and its process group. | |
185 | * Optionally, signal all processes in the foreground process group. | |
186 | * | |
187 | * Returns the number of processes in the session with this tty | |
188 | * as their controlling terminal. This value is used to drop | |
189 | * tty references for those processes. | |
190 | */ | |
191 | int tty_signal_session_leader(struct tty_struct *tty, int exit_session) | |
192 | { | |
193 | struct task_struct *p; | |
194 | int refs = 0; | |
195 | struct pid *tty_pgrp = NULL; | |
196 | ||
197 | read_lock(&tasklist_lock); | |
198 | if (tty->session) { | |
199 | do_each_pid_task(tty->session, PIDTYPE_SID, p) { | |
200 | spin_lock_irq(&p->sighand->siglock); | |
201 | if (p->signal->tty == tty) { | |
202 | p->signal->tty = NULL; | |
203 | /* We defer the dereferences outside fo | |
204 | the tasklist lock */ | |
205 | refs++; | |
206 | } | |
207 | if (!p->signal->leader) { | |
208 | spin_unlock_irq(&p->sighand->siglock); | |
209 | continue; | |
210 | } | |
211 | __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p); | |
212 | __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p); | |
213 | put_pid(p->signal->tty_old_pgrp); /* A noop */ | |
214 | spin_lock(&tty->ctrl_lock); | |
215 | tty_pgrp = get_pid(tty->pgrp); | |
216 | if (tty->pgrp) | |
217 | p->signal->tty_old_pgrp = get_pid(tty->pgrp); | |
218 | spin_unlock(&tty->ctrl_lock); | |
219 | spin_unlock_irq(&p->sighand->siglock); | |
220 | } while_each_pid_task(tty->session, PIDTYPE_SID, p); | |
221 | } | |
222 | read_unlock(&tasklist_lock); | |
223 | ||
224 | if (tty_pgrp) { | |
225 | if (exit_session) | |
226 | kill_pgrp(tty_pgrp, SIGHUP, exit_session); | |
227 | put_pid(tty_pgrp); | |
228 | } | |
229 | ||
230 | return refs; | |
231 | } | |
232 | ||
233 | /** | |
234 | * disassociate_ctty - disconnect controlling tty | |
235 | * @on_exit: true if exiting so need to "hang up" the session | |
236 | * | |
237 | * This function is typically called only by the session leader, when | |
238 | * it wants to disassociate itself from its controlling tty. | |
239 | * | |
240 | * It performs the following functions: | |
241 | * (1) Sends a SIGHUP and SIGCONT to the foreground process group | |
242 | * (2) Clears the tty from being controlling the session | |
243 | * (3) Clears the controlling tty for all processes in the | |
244 | * session group. | |
245 | * | |
246 | * The argument on_exit is set to 1 if called when a process is | |
247 | * exiting; it is 0 if called by the ioctl TIOCNOTTY. | |
248 | * | |
249 | * Locking: | |
250 | * BTM is taken for hysterical raisons, and held when | |
251 | * called from no_tty(). | |
252 | * tty_mutex is taken to protect tty | |
253 | * ->siglock is taken to protect ->signal/->sighand | |
254 | * tasklist_lock is taken to walk process list for sessions | |
255 | * ->siglock is taken to protect ->signal/->sighand | |
256 | */ | |
257 | void disassociate_ctty(int on_exit) | |
258 | { | |
259 | struct tty_struct *tty; | |
260 | ||
261 | if (!current->signal->leader) | |
262 | return; | |
263 | ||
264 | tty = get_current_tty(); | |
265 | if (tty) { | |
266 | if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) { | |
267 | tty_vhangup_session(tty); | |
268 | } else { | |
269 | struct pid *tty_pgrp = tty_get_pgrp(tty); | |
270 | if (tty_pgrp) { | |
271 | kill_pgrp(tty_pgrp, SIGHUP, on_exit); | |
272 | if (!on_exit) | |
273 | kill_pgrp(tty_pgrp, SIGCONT, on_exit); | |
274 | put_pid(tty_pgrp); | |
275 | } | |
276 | } | |
277 | tty_kref_put(tty); | |
278 | ||
279 | } else if (on_exit) { | |
280 | struct pid *old_pgrp; | |
281 | spin_lock_irq(¤t->sighand->siglock); | |
282 | old_pgrp = current->signal->tty_old_pgrp; | |
283 | current->signal->tty_old_pgrp = NULL; | |
284 | spin_unlock_irq(¤t->sighand->siglock); | |
285 | if (old_pgrp) { | |
286 | kill_pgrp(old_pgrp, SIGHUP, on_exit); | |
287 | kill_pgrp(old_pgrp, SIGCONT, on_exit); | |
288 | put_pid(old_pgrp); | |
289 | } | |
290 | return; | |
291 | } | |
292 | ||
293 | spin_lock_irq(¤t->sighand->siglock); | |
294 | put_pid(current->signal->tty_old_pgrp); | |
295 | current->signal->tty_old_pgrp = NULL; | |
296 | ||
297 | tty = tty_kref_get(current->signal->tty); | |
298 | if (tty) { | |
299 | unsigned long flags; | |
300 | spin_lock_irqsave(&tty->ctrl_lock, flags); | |
301 | put_pid(tty->session); | |
302 | put_pid(tty->pgrp); | |
303 | tty->session = NULL; | |
304 | tty->pgrp = NULL; | |
305 | spin_unlock_irqrestore(&tty->ctrl_lock, flags); | |
306 | tty_kref_put(tty); | |
307 | } | |
308 | ||
309 | spin_unlock_irq(¤t->sighand->siglock); | |
310 | /* Now clear signal->tty under the lock */ | |
311 | read_lock(&tasklist_lock); | |
312 | session_clear_tty(task_session(current)); | |
313 | read_unlock(&tasklist_lock); | |
314 | } | |
315 | ||
316 | /** | |
317 | * | |
318 | * no_tty - Ensure the current process does not have a controlling tty | |
319 | */ | |
320 | void no_tty(void) | |
321 | { | |
322 | /* FIXME: Review locking here. The tty_lock never covered any race | |
323 | between a new association and proc_clear_tty but possible we need | |
324 | to protect against this anyway */ | |
325 | struct task_struct *tsk = current; | |
326 | disassociate_ctty(0); | |
327 | proc_clear_tty(tsk); | |
328 | } | |
329 | ||
330 | /** | |
331 | * tiocsctty - set controlling tty | |
332 | * @tty: tty structure | |
333 | * @arg: user argument | |
334 | * | |
335 | * This ioctl is used to manage job control. It permits a session | |
336 | * leader to set this tty as the controlling tty for the session. | |
337 | * | |
338 | * Locking: | |
339 | * Takes tty_lock() to serialize proc_set_tty() for this tty | |
340 | * Takes tasklist_lock internally to walk sessions | |
341 | * Takes ->siglock() when updating signal->tty | |
342 | */ | |
343 | static int tiocsctty(struct tty_struct *tty, struct file *file, int arg) | |
344 | { | |
345 | int ret = 0; | |
346 | ||
347 | tty_lock(tty); | |
348 | read_lock(&tasklist_lock); | |
349 | ||
350 | if (current->signal->leader && (task_session(current) == tty->session)) | |
351 | goto unlock; | |
352 | ||
353 | /* | |
354 | * The process must be a session leader and | |
355 | * not have a controlling tty already. | |
356 | */ | |
357 | if (!current->signal->leader || current->signal->tty) { | |
358 | ret = -EPERM; | |
359 | goto unlock; | |
360 | } | |
361 | ||
362 | if (tty->session) { | |
363 | /* | |
364 | * This tty is already the controlling | |
365 | * tty for another session group! | |
366 | */ | |
367 | if (arg == 1 && capable(CAP_SYS_ADMIN)) { | |
368 | /* | |
369 | * Steal it away | |
370 | */ | |
371 | session_clear_tty(tty->session); | |
372 | } else { | |
373 | ret = -EPERM; | |
374 | goto unlock; | |
375 | } | |
376 | } | |
377 | ||
378 | /* See the comment in tty_open_proc_set_tty(). */ | |
379 | if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) { | |
380 | ret = -EPERM; | |
381 | goto unlock; | |
382 | } | |
383 | ||
384 | proc_set_tty(tty); | |
385 | unlock: | |
386 | read_unlock(&tasklist_lock); | |
387 | tty_unlock(tty); | |
388 | return ret; | |
389 | } | |
390 | ||
391 | /** | |
392 | * tty_get_pgrp - return a ref counted pgrp pid | |
393 | * @tty: tty to read | |
394 | * | |
395 | * Returns a refcounted instance of the pid struct for the process | |
396 | * group controlling the tty. | |
397 | */ | |
398 | struct pid *tty_get_pgrp(struct tty_struct *tty) | |
399 | { | |
400 | unsigned long flags; | |
401 | struct pid *pgrp; | |
402 | ||
403 | spin_lock_irqsave(&tty->ctrl_lock, flags); | |
404 | pgrp = get_pid(tty->pgrp); | |
405 | spin_unlock_irqrestore(&tty->ctrl_lock, flags); | |
406 | ||
407 | return pgrp; | |
408 | } | |
409 | EXPORT_SYMBOL_GPL(tty_get_pgrp); | |
410 | ||
411 | /* | |
412 | * This checks not only the pgrp, but falls back on the pid if no | |
413 | * satisfactory pgrp is found. I dunno - gdb doesn't work correctly | |
414 | * without this... | |
415 | * | |
416 | * The caller must hold rcu lock or the tasklist lock. | |
417 | */ | |
418 | static struct pid *session_of_pgrp(struct pid *pgrp) | |
419 | { | |
420 | struct task_struct *p; | |
421 | struct pid *sid = NULL; | |
422 | ||
423 | p = pid_task(pgrp, PIDTYPE_PGID); | |
424 | if (p == NULL) | |
425 | p = pid_task(pgrp, PIDTYPE_PID); | |
426 | if (p != NULL) | |
427 | sid = task_session(p); | |
428 | ||
429 | return sid; | |
430 | } | |
431 | ||
432 | /** | |
433 | * tiocgpgrp - get process group | |
434 | * @tty: tty passed by user | |
435 | * @real_tty: tty side of the tty passed by the user if a pty else the tty | |
436 | * @p: returned pid | |
437 | * | |
438 | * Obtain the process group of the tty. If there is no process group | |
439 | * return an error. | |
440 | * | |
441 | * Locking: none. Reference to current->signal->tty is safe. | |
442 | */ | |
443 | static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) | |
444 | { | |
445 | struct pid *pid; | |
446 | int ret; | |
447 | /* | |
448 | * (tty == real_tty) is a cheap way of | |
449 | * testing if the tty is NOT a master pty. | |
450 | */ | |
451 | if (tty == real_tty && current->signal->tty != real_tty) | |
452 | return -ENOTTY; | |
453 | pid = tty_get_pgrp(real_tty); | |
454 | ret = put_user(pid_vnr(pid), p); | |
455 | put_pid(pid); | |
456 | return ret; | |
457 | } | |
458 | ||
459 | /** | |
460 | * tiocspgrp - attempt to set process group | |
461 | * @tty: tty passed by user | |
462 | * @real_tty: tty side device matching tty passed by user | |
463 | * @p: pid pointer | |
464 | * | |
465 | * Set the process group of the tty to the session passed. Only | |
466 | * permitted where the tty session is our session. | |
467 | * | |
468 | * Locking: RCU, ctrl lock | |
469 | */ | |
470 | static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) | |
471 | { | |
472 | struct pid *pgrp; | |
473 | pid_t pgrp_nr; | |
474 | int retval = tty_check_change(real_tty); | |
475 | ||
476 | if (retval == -EIO) | |
477 | return -ENOTTY; | |
478 | if (retval) | |
479 | return retval; | |
480 | if (!current->signal->tty || | |
481 | (current->signal->tty != real_tty) || | |
482 | (real_tty->session != task_session(current))) | |
483 | return -ENOTTY; | |
484 | if (get_user(pgrp_nr, p)) | |
485 | return -EFAULT; | |
486 | if (pgrp_nr < 0) | |
487 | return -EINVAL; | |
488 | rcu_read_lock(); | |
489 | pgrp = find_vpid(pgrp_nr); | |
490 | retval = -ESRCH; | |
491 | if (!pgrp) | |
492 | goto out_unlock; | |
493 | retval = -EPERM; | |
494 | if (session_of_pgrp(pgrp) != task_session(current)) | |
495 | goto out_unlock; | |
496 | retval = 0; | |
497 | spin_lock_irq(&tty->ctrl_lock); | |
498 | put_pid(real_tty->pgrp); | |
499 | real_tty->pgrp = get_pid(pgrp); | |
500 | spin_unlock_irq(&tty->ctrl_lock); | |
501 | out_unlock: | |
502 | rcu_read_unlock(); | |
503 | return retval; | |
504 | } | |
505 | ||
506 | /** | |
507 | * tiocgsid - get session id | |
508 | * @tty: tty passed by user | |
509 | * @real_tty: tty side of the tty passed by the user if a pty else the tty | |
510 | * @p: pointer to returned session id | |
511 | * | |
512 | * Obtain the session id of the tty. If there is no session | |
513 | * return an error. | |
514 | * | |
515 | * Locking: none. Reference to current->signal->tty is safe. | |
516 | */ | |
517 | static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) | |
518 | { | |
519 | /* | |
520 | * (tty == real_tty) is a cheap way of | |
521 | * testing if the tty is NOT a master pty. | |
522 | */ | |
523 | if (tty == real_tty && current->signal->tty != real_tty) | |
524 | return -ENOTTY; | |
525 | if (!real_tty->session) | |
526 | return -ENOTTY; | |
527 | return put_user(pid_vnr(real_tty->session), p); | |
528 | } | |
529 | ||
530 | /* | |
531 | * Called from tty_ioctl(). If tty is a pty then real_tty is the slave side, | |
532 | * if not then tty == real_tty. | |
533 | */ | |
534 | long tty_jobctrl_ioctl(struct tty_struct *tty, struct tty_struct *real_tty, | |
535 | struct file *file, unsigned int cmd, unsigned long arg) | |
536 | { | |
537 | void __user *p = (void __user *)arg; | |
538 | ||
539 | switch (cmd) { | |
540 | case TIOCNOTTY: | |
541 | if (current->signal->tty != tty) | |
542 | return -ENOTTY; | |
543 | no_tty(); | |
544 | return 0; | |
545 | case TIOCSCTTY: | |
546 | return tiocsctty(real_tty, file, arg); | |
547 | case TIOCGPGRP: | |
548 | return tiocgpgrp(tty, real_tty, p); | |
549 | case TIOCSPGRP: | |
550 | return tiocspgrp(tty, real_tty, p); | |
551 | case TIOCGSID: | |
552 | return tiocgsid(tty, real_tty, p); | |
553 | } | |
554 | return -ENOIOCTLCMD; | |
555 | } |