1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (C) 1991, 1992 Linus Torvalds
4 */
5
6 #include <linux/types.h>
7 #include <linux/errno.h>
8 #include <linux/signal.h>
9 #include <linux/sched/signal.h>
10 #include <linux/sched/task.h>
11 #include <linux/tty.h>
12 #include <linux/fcntl.h>
13 #include <linux/uaccess.h>
14 #include "tty.h"
15
is_ignored(int sig)16 static int is_ignored(int sig)
17 {
18 return (sigismember(¤t->blocked, sig) ||
19 current->sighand->action[sig-1].sa.sa_handler == SIG_IGN);
20 }
21
22 /**
23 * tty_check_change - check for POSIX terminal changes
24 * @tty: tty to check
25 *
26 * If we try to write to, or set the state of, a terminal and we're
27 * not in the foreground, send a SIGTTOU. If the signal is blocked or
28 * ignored, go ahead and perform the operation. (POSIX 7.2)
29 *
30 * Locking: ctrl_lock
31 */
__tty_check_change(struct tty_struct * tty,int sig)32 int __tty_check_change(struct tty_struct *tty, int sig)
33 {
34 unsigned long flags;
35 struct pid *pgrp, *tty_pgrp;
36 int ret = 0;
37
38 if (current->signal->tty != tty)
39 return 0;
40
41 rcu_read_lock();
42 pgrp = task_pgrp(current);
43
44 spin_lock_irqsave(&tty->ctrl_lock, flags);
45 tty_pgrp = tty->pgrp;
46 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
47
48 if (tty_pgrp && pgrp != tty_pgrp) {
49 if (is_ignored(sig)) {
50 if (sig == SIGTTIN)
51 ret = -EIO;
52 } else if (is_current_pgrp_orphaned())
53 ret = -EIO;
54 else {
55 kill_pgrp(pgrp, sig, 1);
56 set_thread_flag(TIF_SIGPENDING);
57 ret = -ERESTARTSYS;
58 }
59 }
60 rcu_read_unlock();
61
62 if (!tty_pgrp)
63 tty_warn(tty, "sig=%d, tty->pgrp == NULL!\n", sig);
64
65 return ret;
66 }
67
tty_check_change(struct tty_struct * tty)68 int tty_check_change(struct tty_struct *tty)
69 {
70 return __tty_check_change(tty, SIGTTOU);
71 }
72 EXPORT_SYMBOL(tty_check_change);
73
proc_clear_tty(struct task_struct * p)74 void proc_clear_tty(struct task_struct *p)
75 {
76 unsigned long flags;
77 struct tty_struct *tty;
78 spin_lock_irqsave(&p->sighand->siglock, flags);
79 tty = p->signal->tty;
80 p->signal->tty = NULL;
81 spin_unlock_irqrestore(&p->sighand->siglock, flags);
82 tty_kref_put(tty);
83 }
84
85 /**
86 * proc_set_tty - set the controlling terminal
87 *
88 * Only callable by the session leader and only if it does not already have
89 * a controlling terminal.
90 *
91 * Caller must hold: tty_lock()
92 * a readlock on tasklist_lock
93 * sighand lock
94 */
__proc_set_tty(struct tty_struct * tty)95 static void __proc_set_tty(struct tty_struct *tty)
96 {
97 unsigned long flags;
98
99 spin_lock_irqsave(&tty->ctrl_lock, flags);
100 /*
101 * The session and fg pgrp references will be non-NULL if
102 * tiocsctty() is stealing the controlling tty
103 */
104 put_pid(tty->session);
105 put_pid(tty->pgrp);
106 tty->pgrp = get_pid(task_pgrp(current));
107 tty->session = get_pid(task_session(current));
108 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
109 if (current->signal->tty) {
110 tty_debug(tty, "current tty %s not NULL!!\n",
111 current->signal->tty->name);
112 tty_kref_put(current->signal->tty);
113 }
114 put_pid(current->signal->tty_old_pgrp);
115 current->signal->tty = tty_kref_get(tty);
116 current->signal->tty_old_pgrp = NULL;
117 }
118
proc_set_tty(struct tty_struct * tty)119 static void proc_set_tty(struct tty_struct *tty)
120 {
121 spin_lock_irq(¤t->sighand->siglock);
122 __proc_set_tty(tty);
123 spin_unlock_irq(¤t->sighand->siglock);
124 }
125
126 /*
127 * Called by tty_open() to set the controlling tty if applicable.
128 */
tty_open_proc_set_tty(struct file * filp,struct tty_struct * tty)129 void tty_open_proc_set_tty(struct file *filp, struct tty_struct *tty)
130 {
131 read_lock(&tasklist_lock);
132 spin_lock_irq(¤t->sighand->siglock);
133 if (current->signal->leader &&
134 !current->signal->tty &&
135 tty->session == NULL) {
136 /*
137 * Don't let a process that only has write access to the tty
138 * obtain the privileges associated with having a tty as
139 * controlling terminal (being able to reopen it with full
140 * access through /dev/tty, being able to perform pushback).
141 * Many distributions set the group of all ttys to "tty" and
142 * grant write-only access to all terminals for setgid tty
143 * binaries, which should not imply full privileges on all ttys.
144 *
145 * This could theoretically break old code that performs open()
146 * on a write-only file descriptor. In that case, it might be
147 * necessary to also permit this if
148 * inode_permission(inode, MAY_READ) == 0.
149 */
150 if (filp->f_mode & FMODE_READ)
151 __proc_set_tty(tty);
152 }
153 spin_unlock_irq(¤t->sighand->siglock);
154 read_unlock(&tasklist_lock);
155 }
156
get_current_tty(void)157 struct tty_struct *get_current_tty(void)
158 {
159 struct tty_struct *tty;
160 unsigned long flags;
161
162 spin_lock_irqsave(¤t->sighand->siglock, flags);
163 tty = tty_kref_get(current->signal->tty);
164 spin_unlock_irqrestore(¤t->sighand->siglock, flags);
165 return tty;
166 }
167 EXPORT_SYMBOL_GPL(get_current_tty);
168
169 /*
170 * Called from tty_release().
171 */
session_clear_tty(struct pid * session)172 void session_clear_tty(struct pid *session)
173 {
174 struct task_struct *p;
175 do_each_pid_task(session, PIDTYPE_SID, p) {
176 proc_clear_tty(p);
177 } while_each_pid_task(session, PIDTYPE_SID, p);
178 }
179
180 /**
181 * tty_signal_session_leader - sends SIGHUP to session leader
182 * @tty: controlling tty
183 * @exit_session: if non-zero, signal all foreground group processes
184 *
185 * Send SIGHUP and SIGCONT to the session leader and its process group.
186 * Optionally, signal all processes in the foreground process group.
187 *
188 * Returns the number of processes in the session with this tty
189 * as their controlling terminal. This value is used to drop
190 * tty references for those processes.
191 */
tty_signal_session_leader(struct tty_struct * tty,int exit_session)192 int tty_signal_session_leader(struct tty_struct *tty, int exit_session)
193 {
194 struct task_struct *p;
195 int refs = 0;
196 struct pid *tty_pgrp = NULL;
197
198 read_lock(&tasklist_lock);
199 if (tty->session) {
200 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
201 spin_lock_irq(&p->sighand->siglock);
202 if (p->signal->tty == tty) {
203 p->signal->tty = NULL;
204 /* We defer the dereferences outside fo
205 the tasklist lock */
206 refs++;
207 }
208 if (!p->signal->leader) {
209 spin_unlock_irq(&p->sighand->siglock);
210 continue;
211 }
212 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
213 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
214 put_pid(p->signal->tty_old_pgrp); /* A noop */
215 spin_lock(&tty->ctrl_lock);
216 tty_pgrp = get_pid(tty->pgrp);
217 if (tty->pgrp)
218 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
219 spin_unlock(&tty->ctrl_lock);
220 spin_unlock_irq(&p->sighand->siglock);
221 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
222 }
223 read_unlock(&tasklist_lock);
224
225 if (tty_pgrp) {
226 if (exit_session)
227 kill_pgrp(tty_pgrp, SIGHUP, exit_session);
228 put_pid(tty_pgrp);
229 }
230
231 return refs;
232 }
233
234 /**
235 * disassociate_ctty - disconnect controlling tty
236 * @on_exit: true if exiting so need to "hang up" the session
237 *
238 * This function is typically called only by the session leader, when
239 * it wants to disassociate itself from its controlling tty.
240 *
241 * It performs the following functions:
242 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
243 * (2) Clears the tty from being controlling the session
244 * (3) Clears the controlling tty for all processes in the
245 * session group.
246 *
247 * The argument on_exit is set to 1 if called when a process is
248 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
249 *
250 * Locking:
251 * BTM is taken for hysterical raisons, and held when
252 * called from no_tty().
253 * tty_mutex is taken to protect tty
254 * ->siglock is taken to protect ->signal/->sighand
255 * tasklist_lock is taken to walk process list for sessions
256 * ->siglock is taken to protect ->signal/->sighand
257 */
disassociate_ctty(int on_exit)258 void disassociate_ctty(int on_exit)
259 {
260 struct tty_struct *tty;
261
262 if (!current->signal->leader)
263 return;
264
265 tty = get_current_tty();
266 if (tty) {
267 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) {
268 tty_vhangup_session(tty);
269 } else {
270 struct pid *tty_pgrp = tty_get_pgrp(tty);
271 if (tty_pgrp) {
272 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
273 if (!on_exit)
274 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
275 put_pid(tty_pgrp);
276 }
277 }
278 tty_kref_put(tty);
279
280 } else if (on_exit) {
281 struct pid *old_pgrp;
282 spin_lock_irq(¤t->sighand->siglock);
283 old_pgrp = current->signal->tty_old_pgrp;
284 current->signal->tty_old_pgrp = NULL;
285 spin_unlock_irq(¤t->sighand->siglock);
286 if (old_pgrp) {
287 kill_pgrp(old_pgrp, SIGHUP, on_exit);
288 kill_pgrp(old_pgrp, SIGCONT, on_exit);
289 put_pid(old_pgrp);
290 }
291 return;
292 }
293
294 spin_lock_irq(¤t->sighand->siglock);
295 put_pid(current->signal->tty_old_pgrp);
296 current->signal->tty_old_pgrp = NULL;
297 tty = tty_kref_get(current->signal->tty);
298 spin_unlock_irq(¤t->sighand->siglock);
299
300 if (tty) {
301 unsigned long flags;
302
303 tty_lock(tty);
304 spin_lock_irqsave(&tty->ctrl_lock, flags);
305 put_pid(tty->session);
306 put_pid(tty->pgrp);
307 tty->session = NULL;
308 tty->pgrp = NULL;
309 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
310 tty_unlock(tty);
311 tty_kref_put(tty);
312 }
313
314 /* Now clear signal->tty under the lock */
315 read_lock(&tasklist_lock);
316 session_clear_tty(task_session(current));
317 read_unlock(&tasklist_lock);
318 }
319
320 /*
321 *
322 * no_tty - Ensure the current process does not have a controlling tty
323 */
no_tty(void)324 void no_tty(void)
325 {
326 /* FIXME: Review locking here. The tty_lock never covered any race
327 between a new association and proc_clear_tty but possible we need
328 to protect against this anyway */
329 struct task_struct *tsk = current;
330 disassociate_ctty(0);
331 proc_clear_tty(tsk);
332 }
333
334 /**
335 * tiocsctty - set controlling tty
336 * @tty: tty structure
337 * @arg: user argument
338 *
339 * This ioctl is used to manage job control. It permits a session
340 * leader to set this tty as the controlling tty for the session.
341 *
342 * Locking:
343 * Takes tty_lock() to serialize proc_set_tty() for this tty
344 * Takes tasklist_lock internally to walk sessions
345 * Takes ->siglock() when updating signal->tty
346 */
tiocsctty(struct tty_struct * tty,struct file * file,int arg)347 static int tiocsctty(struct tty_struct *tty, struct file *file, int arg)
348 {
349 int ret = 0;
350
351 tty_lock(tty);
352 read_lock(&tasklist_lock);
353
354 if (current->signal->leader && (task_session(current) == tty->session))
355 goto unlock;
356
357 /*
358 * The process must be a session leader and
359 * not have a controlling tty already.
360 */
361 if (!current->signal->leader || current->signal->tty) {
362 ret = -EPERM;
363 goto unlock;
364 }
365
366 if (tty->session) {
367 /*
368 * This tty is already the controlling
369 * tty for another session group!
370 */
371 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
372 /*
373 * Steal it away
374 */
375 session_clear_tty(tty->session);
376 } else {
377 ret = -EPERM;
378 goto unlock;
379 }
380 }
381
382 /* See the comment in tty_open_proc_set_tty(). */
383 if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) {
384 ret = -EPERM;
385 goto unlock;
386 }
387
388 proc_set_tty(tty);
389 unlock:
390 read_unlock(&tasklist_lock);
391 tty_unlock(tty);
392 return ret;
393 }
394
395 /**
396 * tty_get_pgrp - return a ref counted pgrp pid
397 * @tty: tty to read
398 *
399 * Returns a refcounted instance of the pid struct for the process
400 * group controlling the tty.
401 */
tty_get_pgrp(struct tty_struct * tty)402 struct pid *tty_get_pgrp(struct tty_struct *tty)
403 {
404 unsigned long flags;
405 struct pid *pgrp;
406
407 spin_lock_irqsave(&tty->ctrl_lock, flags);
408 pgrp = get_pid(tty->pgrp);
409 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
410
411 return pgrp;
412 }
413 EXPORT_SYMBOL_GPL(tty_get_pgrp);
414
415 /*
416 * This checks not only the pgrp, but falls back on the pid if no
417 * satisfactory pgrp is found. I dunno - gdb doesn't work correctly
418 * without this...
419 *
420 * The caller must hold rcu lock or the tasklist lock.
421 */
session_of_pgrp(struct pid * pgrp)422 static struct pid *session_of_pgrp(struct pid *pgrp)
423 {
424 struct task_struct *p;
425 struct pid *sid = NULL;
426
427 p = pid_task(pgrp, PIDTYPE_PGID);
428 if (p == NULL)
429 p = pid_task(pgrp, PIDTYPE_PID);
430 if (p != NULL)
431 sid = task_session(p);
432
433 return sid;
434 }
435
436 /**
437 * tiocgpgrp - get process group
438 * @tty: tty passed by user
439 * @real_tty: tty side of the tty passed by the user if a pty else the tty
440 * @p: returned pid
441 *
442 * Obtain the process group of the tty. If there is no process group
443 * return an error.
444 *
445 * Locking: none. Reference to current->signal->tty is safe.
446 */
tiocgpgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)447 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
448 {
449 struct pid *pid;
450 int ret;
451 /*
452 * (tty == real_tty) is a cheap way of
453 * testing if the tty is NOT a master pty.
454 */
455 if (tty == real_tty && current->signal->tty != real_tty)
456 return -ENOTTY;
457 pid = tty_get_pgrp(real_tty);
458 ret = put_user(pid_vnr(pid), p);
459 put_pid(pid);
460 return ret;
461 }
462
463 /**
464 * tiocspgrp - attempt to set process group
465 * @tty: tty passed by user
466 * @real_tty: tty side device matching tty passed by user
467 * @p: pid pointer
468 *
469 * Set the process group of the tty to the session passed. Only
470 * permitted where the tty session is our session.
471 *
472 * Locking: RCU, ctrl lock
473 */
tiocspgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)474 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
475 {
476 struct pid *pgrp;
477 pid_t pgrp_nr;
478 int retval = tty_check_change(real_tty);
479
480 if (retval == -EIO)
481 return -ENOTTY;
482 if (retval)
483 return retval;
484
485 if (get_user(pgrp_nr, p))
486 return -EFAULT;
487 if (pgrp_nr < 0)
488 return -EINVAL;
489
490 spin_lock_irq(&real_tty->ctrl_lock);
491 if (!current->signal->tty ||
492 (current->signal->tty != real_tty) ||
493 (real_tty->session != task_session(current))) {
494 retval = -ENOTTY;
495 goto out_unlock_ctrl;
496 }
497 rcu_read_lock();
498 pgrp = find_vpid(pgrp_nr);
499 retval = -ESRCH;
500 if (!pgrp)
501 goto out_unlock;
502 retval = -EPERM;
503 if (session_of_pgrp(pgrp) != task_session(current))
504 goto out_unlock;
505 retval = 0;
506 put_pid(real_tty->pgrp);
507 real_tty->pgrp = get_pid(pgrp);
508 out_unlock:
509 rcu_read_unlock();
510 out_unlock_ctrl:
511 spin_unlock_irq(&real_tty->ctrl_lock);
512 return retval;
513 }
514
515 /**
516 * tiocgsid - get session id
517 * @tty: tty passed by user
518 * @real_tty: tty side of the tty passed by the user if a pty else the tty
519 * @p: pointer to returned session id
520 *
521 * Obtain the session id of the tty. If there is no session
522 * return an error.
523 */
tiocgsid(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)524 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
525 {
526 unsigned long flags;
527 pid_t sid;
528
529 /*
530 * (tty == real_tty) is a cheap way of
531 * testing if the tty is NOT a master pty.
532 */
533 if (tty == real_tty && current->signal->tty != real_tty)
534 return -ENOTTY;
535
536 spin_lock_irqsave(&real_tty->ctrl_lock, flags);
537 if (!real_tty->session)
538 goto err;
539 sid = pid_vnr(real_tty->session);
540 spin_unlock_irqrestore(&real_tty->ctrl_lock, flags);
541
542 return put_user(sid, p);
543
544 err:
545 spin_unlock_irqrestore(&real_tty->ctrl_lock, flags);
546 return -ENOTTY;
547 }
548
549 /*
550 * Called from tty_ioctl(). If tty is a pty then real_tty is the slave side,
551 * if not then tty == real_tty.
552 */
tty_jobctrl_ioctl(struct tty_struct * tty,struct tty_struct * real_tty,struct file * file,unsigned int cmd,unsigned long arg)553 long tty_jobctrl_ioctl(struct tty_struct *tty, struct tty_struct *real_tty,
554 struct file *file, unsigned int cmd, unsigned long arg)
555 {
556 void __user *p = (void __user *)arg;
557
558 switch (cmd) {
559 case TIOCNOTTY:
560 if (current->signal->tty != tty)
561 return -ENOTTY;
562 no_tty();
563 return 0;
564 case TIOCSCTTY:
565 return tiocsctty(real_tty, file, arg);
566 case TIOCGPGRP:
567 return tiocgpgrp(tty, real_tty, p);
568 case TIOCSPGRP:
569 return tiocspgrp(tty, real_tty, p);
570 case TIOCGSID:
571 return tiocgsid(tty, real_tty, p);
572 }
573 return -ENOIOCTLCMD;
574 }
575