1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (C) 1991, 1992 Linus Torvalds
4 */
5
6 #include <linux/types.h>
7 #include <linux/errno.h>
8 #include <linux/signal.h>
9 #include <linux/sched/signal.h>
10 #include <linux/sched/task.h>
11 #include <linux/tty.h>
12 #include <linux/fcntl.h>
13 #include <linux/uaccess.h>
14 #include "tty.h"
15
is_ignored(int sig)16 static int is_ignored(int sig)
17 {
18 return (sigismember(¤t->blocked, sig) ||
19 current->sighand->action[sig-1].sa.sa_handler == SIG_IGN);
20 }
21
22 /**
23 * tty_check_change - check for POSIX terminal changes
24 * @tty: tty to check
25 *
26 * If we try to write to, or set the state of, a terminal and we're
27 * not in the foreground, send a SIGTTOU. If the signal is blocked or
28 * ignored, go ahead and perform the operation. (POSIX 7.2)
29 *
30 * Locking: ctrl_lock
31 */
__tty_check_change(struct tty_struct * tty,int sig)32 int __tty_check_change(struct tty_struct *tty, int sig)
33 {
34 unsigned long flags;
35 struct pid *pgrp, *tty_pgrp;
36 int ret = 0;
37
38 if (current->signal->tty != tty)
39 return 0;
40
41 rcu_read_lock();
42 pgrp = task_pgrp(current);
43
44 spin_lock_irqsave(&tty->ctrl_lock, flags);
45 tty_pgrp = tty->pgrp;
46 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
47
48 if (tty_pgrp && pgrp != tty_pgrp) {
49 if (is_ignored(sig)) {
50 if (sig == SIGTTIN)
51 ret = -EIO;
52 } else if (is_current_pgrp_orphaned())
53 ret = -EIO;
54 else {
55 kill_pgrp(pgrp, sig, 1);
56 set_thread_flag(TIF_SIGPENDING);
57 ret = -ERESTARTSYS;
58 }
59 }
60 rcu_read_unlock();
61
62 if (!tty_pgrp)
63 tty_warn(tty, "sig=%d, tty->pgrp == NULL!\n", sig);
64
65 return ret;
66 }
67
tty_check_change(struct tty_struct * tty)68 int tty_check_change(struct tty_struct *tty)
69 {
70 return __tty_check_change(tty, SIGTTOU);
71 }
72 EXPORT_SYMBOL(tty_check_change);
73
proc_clear_tty(struct task_struct * p)74 void proc_clear_tty(struct task_struct *p)
75 {
76 unsigned long flags;
77 struct tty_struct *tty;
78 spin_lock_irqsave(&p->sighand->siglock, flags);
79 tty = p->signal->tty;
80 p->signal->tty = NULL;
81 spin_unlock_irqrestore(&p->sighand->siglock, flags);
82 tty_kref_put(tty);
83 }
84
85 /**
86 * proc_set_tty - set the controlling terminal
87 *
88 * Only callable by the session leader and only if it does not already have
89 * a controlling terminal.
90 *
91 * Caller must hold: tty_lock()
92 * a readlock on tasklist_lock
93 * sighand lock
94 */
__proc_set_tty(struct tty_struct * tty)95 static void __proc_set_tty(struct tty_struct *tty)
96 {
97 unsigned long flags;
98
99 spin_lock_irqsave(&tty->ctrl_lock, flags);
100 /*
101 * The session and fg pgrp references will be non-NULL if
102 * tiocsctty() is stealing the controlling tty
103 */
104 put_pid(tty->session);
105 put_pid(tty->pgrp);
106 tty->pgrp = get_pid(task_pgrp(current));
107 tty->session = get_pid(task_session(current));
108 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
109 if (current->signal->tty) {
110 tty_debug(tty, "current tty %s not NULL!!\n",
111 current->signal->tty->name);
112 tty_kref_put(current->signal->tty);
113 }
114 put_pid(current->signal->tty_old_pgrp);
115 current->signal->tty = tty_kref_get(tty);
116 current->signal->tty_old_pgrp = NULL;
117 }
118
proc_set_tty(struct tty_struct * tty)119 static void proc_set_tty(struct tty_struct *tty)
120 {
121 spin_lock_irq(¤t->sighand->siglock);
122 __proc_set_tty(tty);
123 spin_unlock_irq(¤t->sighand->siglock);
124 }
125
126 /*
127 * Called by tty_open() to set the controlling tty if applicable.
128 */
tty_open_proc_set_tty(struct file * filp,struct tty_struct * tty)129 void tty_open_proc_set_tty(struct file *filp, struct tty_struct *tty)
130 {
131 read_lock(&tasklist_lock);
132 spin_lock_irq(¤t->sighand->siglock);
133 if (current->signal->leader &&
134 !current->signal->tty &&
135 tty->session == NULL) {
136 /*
137 * Don't let a process that only has write access to the tty
138 * obtain the privileges associated with having a tty as
139 * controlling terminal (being able to reopen it with full
140 * access through /dev/tty, being able to perform pushback).
141 * Many distributions set the group of all ttys to "tty" and
142 * grant write-only access to all terminals for setgid tty
143 * binaries, which should not imply full privileges on all ttys.
144 *
145 * This could theoretically break old code that performs open()
146 * on a write-only file descriptor. In that case, it might be
147 * necessary to also permit this if
148 * inode_permission(inode, MAY_READ) == 0.
149 */
150 if (filp->f_mode & FMODE_READ)
151 __proc_set_tty(tty);
152 }
153 spin_unlock_irq(¤t->sighand->siglock);
154 read_unlock(&tasklist_lock);
155 }
156
get_current_tty(void)157 struct tty_struct *get_current_tty(void)
158 {
159 struct tty_struct *tty;
160 unsigned long flags;
161
162 spin_lock_irqsave(¤t->sighand->siglock, flags);
163 tty = tty_kref_get(current->signal->tty);
164 spin_unlock_irqrestore(¤t->sighand->siglock, flags);
165 return tty;
166 }
167 EXPORT_SYMBOL_GPL(get_current_tty);
168
169 /*
170 * Called from tty_release().
171 */
session_clear_tty(struct pid * session)172 void session_clear_tty(struct pid *session)
173 {
174 struct task_struct *p;
175 do_each_pid_task(session, PIDTYPE_SID, p) {
176 proc_clear_tty(p);
177 } while_each_pid_task(session, PIDTYPE_SID, p);
178 }
179
180 /**
181 * tty_signal_session_leader - sends SIGHUP to session leader
182 * @tty: controlling tty
183 * @exit_session: if non-zero, signal all foreground group processes
184 *
185 * Send SIGHUP and SIGCONT to the session leader and its process group.
186 * Optionally, signal all processes in the foreground process group.
187 *
188 * Returns the number of processes in the session with this tty
189 * as their controlling terminal. This value is used to drop
190 * tty references for those processes.
191 */
tty_signal_session_leader(struct tty_struct * tty,int exit_session)192 int tty_signal_session_leader(struct tty_struct *tty, int exit_session)
193 {
194 struct task_struct *p;
195 int refs = 0;
196 struct pid *tty_pgrp = NULL;
197
198 read_lock(&tasklist_lock);
199 if (tty->session) {
200 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
201 spin_lock_irq(&p->sighand->siglock);
202 if (p->signal->tty == tty) {
203 p->signal->tty = NULL;
204 /* We defer the dereferences outside fo
205 the tasklist lock */
206 refs++;
207 }
208 if (!p->signal->leader) {
209 spin_unlock_irq(&p->sighand->siglock);
210 continue;
211 }
212 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
213 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
214 put_pid(p->signal->tty_old_pgrp); /* A noop */
215 spin_lock(&tty->ctrl_lock);
216 tty_pgrp = get_pid(tty->pgrp);
217 if (tty->pgrp)
218 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
219 spin_unlock(&tty->ctrl_lock);
220 spin_unlock_irq(&p->sighand->siglock);
221 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
222 }
223 read_unlock(&tasklist_lock);
224
225 if (tty_pgrp) {
226 if (exit_session)
227 kill_pgrp(tty_pgrp, SIGHUP, exit_session);
228 put_pid(tty_pgrp);
229 }
230
231 return refs;
232 }
233
234 /**
235 * disassociate_ctty - disconnect controlling tty
236 * @on_exit: true if exiting so need to "hang up" the session
237 *
238 * This function is typically called only by the session leader, when
239 * it wants to disassociate itself from its controlling tty.
240 *
241 * It performs the following functions:
242 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
243 * (2) Clears the tty from being controlling the session
244 * (3) Clears the controlling tty for all processes in the
245 * session group.
246 *
247 * The argument on_exit is set to 1 if called when a process is
248 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
249 *
250 * Locking:
251 * BTM is taken for hysterical raisons, and held when
252 * called from no_tty().
253 * tty_mutex is taken to protect tty
254 * ->siglock is taken to protect ->signal/->sighand
255 * tasklist_lock is taken to walk process list for sessions
256 * ->siglock is taken to protect ->signal/->sighand
257 */
disassociate_ctty(int on_exit)258 void disassociate_ctty(int on_exit)
259 {
260 struct tty_struct *tty;
261
262 if (!current->signal->leader)
263 return;
264
265 tty = get_current_tty();
266 if (tty) {
267 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) {
268 tty_vhangup_session(tty);
269 } else {
270 struct pid *tty_pgrp = tty_get_pgrp(tty);
271 if (tty_pgrp) {
272 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
273 if (!on_exit)
274 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
275 put_pid(tty_pgrp);
276 }
277 }
278 tty_kref_put(tty);
279
280 } else if (on_exit) {
281 struct pid *old_pgrp;
282 spin_lock_irq(¤t->sighand->siglock);
283 old_pgrp = current->signal->tty_old_pgrp;
284 current->signal->tty_old_pgrp = NULL;
285 spin_unlock_irq(¤t->sighand->siglock);
286 if (old_pgrp) {
287 kill_pgrp(old_pgrp, SIGHUP, on_exit);
288 kill_pgrp(old_pgrp, SIGCONT, on_exit);
289 put_pid(old_pgrp);
290 }
291 return;
292 }
293
294 tty = get_current_tty();
295 if (tty) {
296 unsigned long flags;
297
298 tty_lock(tty);
299 spin_lock_irqsave(&tty->ctrl_lock, flags);
300 put_pid(tty->session);
301 put_pid(tty->pgrp);
302 tty->session = NULL;
303 tty->pgrp = NULL;
304 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
305 tty_unlock(tty);
306 tty_kref_put(tty);
307 }
308
309 /* If tty->ctrl.pgrp is not NULL, it may be assigned to
310 * current->signal->tty_old_pgrp in a race condition, and
311 * cause pid memleak. Release current->signal->tty_old_pgrp
312 * after tty->ctrl.pgrp set to NULL.
313 */
314 spin_lock_irq(¤t->sighand->siglock);
315 put_pid(current->signal->tty_old_pgrp);
316 current->signal->tty_old_pgrp = NULL;
317 spin_unlock_irq(¤t->sighand->siglock);
318
319 /* Now clear signal->tty under the lock */
320 read_lock(&tasklist_lock);
321 session_clear_tty(task_session(current));
322 read_unlock(&tasklist_lock);
323 }
324
325 /*
326 *
327 * no_tty - Ensure the current process does not have a controlling tty
328 */
no_tty(void)329 void no_tty(void)
330 {
331 /* FIXME: Review locking here. The tty_lock never covered any race
332 between a new association and proc_clear_tty but possible we need
333 to protect against this anyway */
334 struct task_struct *tsk = current;
335 disassociate_ctty(0);
336 proc_clear_tty(tsk);
337 }
338
339 /**
340 * tiocsctty - set controlling tty
341 * @tty: tty structure
342 * @arg: user argument
343 *
344 * This ioctl is used to manage job control. It permits a session
345 * leader to set this tty as the controlling tty for the session.
346 *
347 * Locking:
348 * Takes tty_lock() to serialize proc_set_tty() for this tty
349 * Takes tasklist_lock internally to walk sessions
350 * Takes ->siglock() when updating signal->tty
351 */
tiocsctty(struct tty_struct * tty,struct file * file,int arg)352 static int tiocsctty(struct tty_struct *tty, struct file *file, int arg)
353 {
354 int ret = 0;
355
356 tty_lock(tty);
357 read_lock(&tasklist_lock);
358
359 if (current->signal->leader && (task_session(current) == tty->session))
360 goto unlock;
361
362 /*
363 * The process must be a session leader and
364 * not have a controlling tty already.
365 */
366 if (!current->signal->leader || current->signal->tty) {
367 ret = -EPERM;
368 goto unlock;
369 }
370
371 if (tty->session) {
372 /*
373 * This tty is already the controlling
374 * tty for another session group!
375 */
376 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
377 /*
378 * Steal it away
379 */
380 session_clear_tty(tty->session);
381 } else {
382 ret = -EPERM;
383 goto unlock;
384 }
385 }
386
387 /* See the comment in tty_open_proc_set_tty(). */
388 if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) {
389 ret = -EPERM;
390 goto unlock;
391 }
392
393 proc_set_tty(tty);
394 unlock:
395 read_unlock(&tasklist_lock);
396 tty_unlock(tty);
397 return ret;
398 }
399
400 /**
401 * tty_get_pgrp - return a ref counted pgrp pid
402 * @tty: tty to read
403 *
404 * Returns a refcounted instance of the pid struct for the process
405 * group controlling the tty.
406 */
tty_get_pgrp(struct tty_struct * tty)407 struct pid *tty_get_pgrp(struct tty_struct *tty)
408 {
409 unsigned long flags;
410 struct pid *pgrp;
411
412 spin_lock_irqsave(&tty->ctrl_lock, flags);
413 pgrp = get_pid(tty->pgrp);
414 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
415
416 return pgrp;
417 }
418 EXPORT_SYMBOL_GPL(tty_get_pgrp);
419
420 /*
421 * This checks not only the pgrp, but falls back on the pid if no
422 * satisfactory pgrp is found. I dunno - gdb doesn't work correctly
423 * without this...
424 *
425 * The caller must hold rcu lock or the tasklist lock.
426 */
session_of_pgrp(struct pid * pgrp)427 static struct pid *session_of_pgrp(struct pid *pgrp)
428 {
429 struct task_struct *p;
430 struct pid *sid = NULL;
431
432 p = pid_task(pgrp, PIDTYPE_PGID);
433 if (p == NULL)
434 p = pid_task(pgrp, PIDTYPE_PID);
435 if (p != NULL)
436 sid = task_session(p);
437
438 return sid;
439 }
440
441 /**
442 * tiocgpgrp - get process group
443 * @tty: tty passed by user
444 * @real_tty: tty side of the tty passed by the user if a pty else the tty
445 * @p: returned pid
446 *
447 * Obtain the process group of the tty. If there is no process group
448 * return an error.
449 *
450 * Locking: none. Reference to current->signal->tty is safe.
451 */
tiocgpgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)452 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
453 {
454 struct pid *pid;
455 int ret;
456 /*
457 * (tty == real_tty) is a cheap way of
458 * testing if the tty is NOT a master pty.
459 */
460 if (tty == real_tty && current->signal->tty != real_tty)
461 return -ENOTTY;
462 pid = tty_get_pgrp(real_tty);
463 ret = put_user(pid_vnr(pid), p);
464 put_pid(pid);
465 return ret;
466 }
467
468 /**
469 * tiocspgrp - attempt to set process group
470 * @tty: tty passed by user
471 * @real_tty: tty side device matching tty passed by user
472 * @p: pid pointer
473 *
474 * Set the process group of the tty to the session passed. Only
475 * permitted where the tty session is our session.
476 *
477 * Locking: RCU, ctrl lock
478 */
tiocspgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)479 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
480 {
481 struct pid *pgrp;
482 pid_t pgrp_nr;
483 int retval = tty_check_change(real_tty);
484
485 if (retval == -EIO)
486 return -ENOTTY;
487 if (retval)
488 return retval;
489
490 if (get_user(pgrp_nr, p))
491 return -EFAULT;
492 if (pgrp_nr < 0)
493 return -EINVAL;
494
495 spin_lock_irq(&real_tty->ctrl_lock);
496 if (!current->signal->tty ||
497 (current->signal->tty != real_tty) ||
498 (real_tty->session != task_session(current))) {
499 retval = -ENOTTY;
500 goto out_unlock_ctrl;
501 }
502 rcu_read_lock();
503 pgrp = find_vpid(pgrp_nr);
504 retval = -ESRCH;
505 if (!pgrp)
506 goto out_unlock;
507 retval = -EPERM;
508 if (session_of_pgrp(pgrp) != task_session(current))
509 goto out_unlock;
510 retval = 0;
511 put_pid(real_tty->pgrp);
512 real_tty->pgrp = get_pid(pgrp);
513 out_unlock:
514 rcu_read_unlock();
515 out_unlock_ctrl:
516 spin_unlock_irq(&real_tty->ctrl_lock);
517 return retval;
518 }
519
520 /**
521 * tiocgsid - get session id
522 * @tty: tty passed by user
523 * @real_tty: tty side of the tty passed by the user if a pty else the tty
524 * @p: pointer to returned session id
525 *
526 * Obtain the session id of the tty. If there is no session
527 * return an error.
528 */
tiocgsid(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)529 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
530 {
531 unsigned long flags;
532 pid_t sid;
533
534 /*
535 * (tty == real_tty) is a cheap way of
536 * testing if the tty is NOT a master pty.
537 */
538 if (tty == real_tty && current->signal->tty != real_tty)
539 return -ENOTTY;
540
541 spin_lock_irqsave(&real_tty->ctrl_lock, flags);
542 if (!real_tty->session)
543 goto err;
544 sid = pid_vnr(real_tty->session);
545 spin_unlock_irqrestore(&real_tty->ctrl_lock, flags);
546
547 return put_user(sid, p);
548
549 err:
550 spin_unlock_irqrestore(&real_tty->ctrl_lock, flags);
551 return -ENOTTY;
552 }
553
554 /*
555 * Called from tty_ioctl(). If tty is a pty then real_tty is the slave side,
556 * if not then tty == real_tty.
557 */
tty_jobctrl_ioctl(struct tty_struct * tty,struct tty_struct * real_tty,struct file * file,unsigned int cmd,unsigned long arg)558 long tty_jobctrl_ioctl(struct tty_struct *tty, struct tty_struct *real_tty,
559 struct file *file, unsigned int cmd, unsigned long arg)
560 {
561 void __user *p = (void __user *)arg;
562
563 switch (cmd) {
564 case TIOCNOTTY:
565 if (current->signal->tty != tty)
566 return -ENOTTY;
567 no_tty();
568 return 0;
569 case TIOCSCTTY:
570 return tiocsctty(real_tty, file, arg);
571 case TIOCGPGRP:
572 return tiocgpgrp(tty, real_tty, p);
573 case TIOCSPGRP:
574 return tiocspgrp(tty, real_tty, p);
575 case TIOCGSID:
576 return tiocgsid(tty, real_tty, p);
577 }
578 return -ENOIOCTLCMD;
579 }
580