1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1991, 1992 Linus Torvalds 4 */ 5 6 #include <linux/types.h> 7 #include <linux/errno.h> 8 #include <linux/signal.h> 9 #include <linux/sched/signal.h> 10 #include <linux/sched/task.h> 11 #include <linux/tty.h> 12 #include <linux/fcntl.h> 13 #include <linux/uaccess.h> 14 #include "tty.h" 15 is_ignored(int sig)16 static int is_ignored(int sig) 17 { 18 return (sigismember(¤t->blocked, sig) || 19 current->sighand->action[sig-1].sa.sa_handler == SIG_IGN); 20 } 21 22 /** 23 * __tty_check_change - check for POSIX terminal changes 24 * @tty: tty to check 25 * @sig: signal to send 26 * 27 * If we try to write to, or set the state of, a terminal and we're 28 * not in the foreground, send a SIGTTOU. If the signal is blocked or 29 * ignored, go ahead and perform the operation. (POSIX 7.2) 30 * 31 * Locking: ctrl.lock 32 */ __tty_check_change(struct tty_struct * tty,int sig)33 int __tty_check_change(struct tty_struct *tty, int sig) 34 { 35 unsigned long flags; 36 struct pid *pgrp, *tty_pgrp; 37 int ret = 0; 38 39 if (current->signal->tty != tty) 40 return 0; 41 42 rcu_read_lock(); 43 pgrp = task_pgrp(current); 44 45 spin_lock_irqsave(&tty->ctrl.lock, flags); 46 tty_pgrp = tty->ctrl.pgrp; 47 spin_unlock_irqrestore(&tty->ctrl.lock, flags); 48 49 if (tty_pgrp && pgrp != tty_pgrp) { 50 if (is_ignored(sig)) { 51 if (sig == SIGTTIN) 52 ret = -EIO; 53 } else if (is_current_pgrp_orphaned()) 54 ret = -EIO; 55 else { 56 kill_pgrp(pgrp, sig, 1); 57 set_thread_flag(TIF_SIGPENDING); 58 ret = -ERESTARTSYS; 59 } 60 } 61 rcu_read_unlock(); 62 63 if (!tty_pgrp) 64 tty_warn(tty, "sig=%d, tty->pgrp == NULL!\n", sig); 65 66 return ret; 67 } 68 tty_check_change(struct tty_struct * tty)69 int tty_check_change(struct tty_struct *tty) 70 { 71 return __tty_check_change(tty, SIGTTOU); 72 } 73 EXPORT_SYMBOL(tty_check_change); 74 proc_clear_tty(struct task_struct * p)75 void proc_clear_tty(struct task_struct *p) 76 { 77 unsigned long flags; 78 struct tty_struct *tty; 79 80 spin_lock_irqsave(&p->sighand->siglock, flags); 81 tty = p->signal->tty; 82 p->signal->tty = NULL; 83 spin_unlock_irqrestore(&p->sighand->siglock, flags); 84 tty_kref_put(tty); 85 } 86 87 /** 88 * __proc_set_tty - set the controlling terminal 89 * @tty: tty structure 90 * 91 * Only callable by the session leader and only if it does not already have 92 * a controlling terminal. 93 * 94 * Caller must hold: tty_lock() 95 * a readlock on tasklist_lock 96 * sighand lock 97 */ __proc_set_tty(struct tty_struct * tty)98 static void __proc_set_tty(struct tty_struct *tty) 99 { 100 unsigned long flags; 101 102 spin_lock_irqsave(&tty->ctrl.lock, flags); 103 /* 104 * The session and fg pgrp references will be non-NULL if 105 * tiocsctty() is stealing the controlling tty 106 */ 107 put_pid(tty->ctrl.session); 108 put_pid(tty->ctrl.pgrp); 109 tty->ctrl.pgrp = get_pid(task_pgrp(current)); 110 tty->ctrl.session = get_pid(task_session(current)); 111 spin_unlock_irqrestore(&tty->ctrl.lock, flags); 112 if (current->signal->tty) { 113 tty_debug(tty, "current tty %s not NULL!!\n", 114 current->signal->tty->name); 115 tty_kref_put(current->signal->tty); 116 } 117 put_pid(current->signal->tty_old_pgrp); 118 current->signal->tty = tty_kref_get(tty); 119 current->signal->tty_old_pgrp = NULL; 120 } 121 proc_set_tty(struct tty_struct * tty)122 static void proc_set_tty(struct tty_struct *tty) 123 { 124 spin_lock_irq(¤t->sighand->siglock); 125 __proc_set_tty(tty); 126 spin_unlock_irq(¤t->sighand->siglock); 127 } 128 129 /* 130 * Called by tty_open() to set the controlling tty if applicable. 131 */ tty_open_proc_set_tty(struct file * filp,struct tty_struct * tty)132 void tty_open_proc_set_tty(struct file *filp, struct tty_struct *tty) 133 { 134 read_lock(&tasklist_lock); 135 spin_lock_irq(¤t->sighand->siglock); 136 if (current->signal->leader && 137 !current->signal->tty && 138 tty->ctrl.session == NULL) { 139 /* 140 * Don't let a process that only has write access to the tty 141 * obtain the privileges associated with having a tty as 142 * controlling terminal (being able to reopen it with full 143 * access through /dev/tty, being able to perform pushback). 144 * Many distributions set the group of all ttys to "tty" and 145 * grant write-only access to all terminals for setgid tty 146 * binaries, which should not imply full privileges on all ttys. 147 * 148 * This could theoretically break old code that performs open() 149 * on a write-only file descriptor. In that case, it might be 150 * necessary to also permit this if 151 * inode_permission(inode, MAY_READ) == 0. 152 */ 153 if (filp->f_mode & FMODE_READ) 154 __proc_set_tty(tty); 155 } 156 spin_unlock_irq(¤t->sighand->siglock); 157 read_unlock(&tasklist_lock); 158 } 159 get_current_tty(void)160 struct tty_struct *get_current_tty(void) 161 { 162 struct tty_struct *tty; 163 unsigned long flags; 164 165 spin_lock_irqsave(¤t->sighand->siglock, flags); 166 tty = tty_kref_get(current->signal->tty); 167 spin_unlock_irqrestore(¤t->sighand->siglock, flags); 168 return tty; 169 } 170 EXPORT_SYMBOL_GPL(get_current_tty); 171 172 /* 173 * Called from tty_release(). 174 */ session_clear_tty(struct pid * session)175 void session_clear_tty(struct pid *session) 176 { 177 struct task_struct *p; 178 179 do_each_pid_task(session, PIDTYPE_SID, p) { 180 proc_clear_tty(p); 181 } while_each_pid_task(session, PIDTYPE_SID, p); 182 } 183 184 /** 185 * tty_signal_session_leader - sends SIGHUP to session leader 186 * @tty: controlling tty 187 * @exit_session: if non-zero, signal all foreground group processes 188 * 189 * Send SIGHUP and SIGCONT to the session leader and its process group. 190 * Optionally, signal all processes in the foreground process group. 191 * 192 * Returns the number of processes in the session with this tty 193 * as their controlling terminal. This value is used to drop 194 * tty references for those processes. 195 */ tty_signal_session_leader(struct tty_struct * tty,int exit_session)196 int tty_signal_session_leader(struct tty_struct *tty, int exit_session) 197 { 198 struct task_struct *p; 199 int refs = 0; 200 struct pid *tty_pgrp = NULL; 201 202 read_lock(&tasklist_lock); 203 if (tty->ctrl.session) { 204 do_each_pid_task(tty->ctrl.session, PIDTYPE_SID, p) { 205 spin_lock_irq(&p->sighand->siglock); 206 if (p->signal->tty == tty) { 207 p->signal->tty = NULL; 208 /* 209 * We defer the dereferences outside of 210 * the tasklist lock. 211 */ 212 refs++; 213 } 214 if (!p->signal->leader) { 215 spin_unlock_irq(&p->sighand->siglock); 216 continue; 217 } 218 send_signal_locked(SIGHUP, SEND_SIG_PRIV, p, PIDTYPE_TGID); 219 send_signal_locked(SIGCONT, SEND_SIG_PRIV, p, PIDTYPE_TGID); 220 put_pid(p->signal->tty_old_pgrp); /* A noop */ 221 spin_lock(&tty->ctrl.lock); 222 tty_pgrp = get_pid(tty->ctrl.pgrp); 223 if (tty->ctrl.pgrp) 224 p->signal->tty_old_pgrp = 225 get_pid(tty->ctrl.pgrp); 226 spin_unlock(&tty->ctrl.lock); 227 spin_unlock_irq(&p->sighand->siglock); 228 } while_each_pid_task(tty->ctrl.session, PIDTYPE_SID, p); 229 } 230 read_unlock(&tasklist_lock); 231 232 if (tty_pgrp) { 233 if (exit_session) 234 kill_pgrp(tty_pgrp, SIGHUP, exit_session); 235 put_pid(tty_pgrp); 236 } 237 238 return refs; 239 } 240 241 /** 242 * disassociate_ctty - disconnect controlling tty 243 * @on_exit: true if exiting so need to "hang up" the session 244 * 245 * This function is typically called only by the session leader, when 246 * it wants to disassociate itself from its controlling tty. 247 * 248 * It performs the following functions: 249 * (1) Sends a SIGHUP and SIGCONT to the foreground process group 250 * (2) Clears the tty from being controlling the session 251 * (3) Clears the controlling tty for all processes in the 252 * session group. 253 * 254 * The argument on_exit is set to 1 if called when a process is 255 * exiting; it is 0 if called by the ioctl TIOCNOTTY. 256 * 257 * Locking: 258 * BTM is taken for hysterical raisons, and held when 259 * called from no_tty(). 260 * tty_mutex is taken to protect tty 261 * ->siglock is taken to protect ->signal/->sighand 262 * tasklist_lock is taken to walk process list for sessions 263 * ->siglock is taken to protect ->signal/->sighand 264 */ disassociate_ctty(int on_exit)265 void disassociate_ctty(int on_exit) 266 { 267 struct tty_struct *tty; 268 269 if (!current->signal->leader) 270 return; 271 272 tty = get_current_tty(); 273 if (tty) { 274 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) { 275 tty_vhangup_session(tty); 276 } else { 277 struct pid *tty_pgrp = tty_get_pgrp(tty); 278 279 if (tty_pgrp) { 280 kill_pgrp(tty_pgrp, SIGHUP, on_exit); 281 if (!on_exit) 282 kill_pgrp(tty_pgrp, SIGCONT, on_exit); 283 put_pid(tty_pgrp); 284 } 285 } 286 tty_kref_put(tty); 287 288 } else if (on_exit) { 289 struct pid *old_pgrp; 290 291 spin_lock_irq(¤t->sighand->siglock); 292 old_pgrp = current->signal->tty_old_pgrp; 293 current->signal->tty_old_pgrp = NULL; 294 spin_unlock_irq(¤t->sighand->siglock); 295 if (old_pgrp) { 296 kill_pgrp(old_pgrp, SIGHUP, on_exit); 297 kill_pgrp(old_pgrp, SIGCONT, on_exit); 298 put_pid(old_pgrp); 299 } 300 return; 301 } 302 303 tty = get_current_tty(); 304 if (tty) { 305 unsigned long flags; 306 307 tty_lock(tty); 308 spin_lock_irqsave(&tty->ctrl.lock, flags); 309 put_pid(tty->ctrl.session); 310 put_pid(tty->ctrl.pgrp); 311 tty->ctrl.session = NULL; 312 tty->ctrl.pgrp = NULL; 313 spin_unlock_irqrestore(&tty->ctrl.lock, flags); 314 tty_unlock(tty); 315 tty_kref_put(tty); 316 } 317 318 /* If tty->ctrl.pgrp is not NULL, it may be assigned to 319 * current->signal->tty_old_pgrp in a race condition, and 320 * cause pid memleak. Release current->signal->tty_old_pgrp 321 * after tty->ctrl.pgrp set to NULL. 322 */ 323 spin_lock_irq(¤t->sighand->siglock); 324 put_pid(current->signal->tty_old_pgrp); 325 current->signal->tty_old_pgrp = NULL; 326 spin_unlock_irq(¤t->sighand->siglock); 327 328 /* Now clear signal->tty under the lock */ 329 read_lock(&tasklist_lock); 330 session_clear_tty(task_session(current)); 331 read_unlock(&tasklist_lock); 332 } 333 334 /* 335 * 336 * no_tty - Ensure the current process does not have a controlling tty 337 */ no_tty(void)338 void no_tty(void) 339 { 340 /* 341 * FIXME: Review locking here. The tty_lock never covered any race 342 * between a new association and proc_clear_tty but possibly we need 343 * to protect against this anyway. 344 */ 345 struct task_struct *tsk = current; 346 347 disassociate_ctty(0); 348 proc_clear_tty(tsk); 349 } 350 351 /** 352 * tiocsctty - set controlling tty 353 * @tty: tty structure 354 * @file: file structure used to check permissions 355 * @arg: user argument 356 * 357 * This ioctl is used to manage job control. It permits a session 358 * leader to set this tty as the controlling tty for the session. 359 * 360 * Locking: 361 * Takes tty_lock() to serialize proc_set_tty() for this tty 362 * Takes tasklist_lock internally to walk sessions 363 * Takes ->siglock() when updating signal->tty 364 */ tiocsctty(struct tty_struct * tty,struct file * file,int arg)365 static int tiocsctty(struct tty_struct *tty, struct file *file, int arg) 366 { 367 int ret = 0; 368 369 tty_lock(tty); 370 read_lock(&tasklist_lock); 371 372 if (current->signal->leader && 373 task_session(current) == tty->ctrl.session) 374 goto unlock; 375 376 /* 377 * The process must be a session leader and 378 * not have a controlling tty already. 379 */ 380 if (!current->signal->leader || current->signal->tty) { 381 ret = -EPERM; 382 goto unlock; 383 } 384 385 if (tty->ctrl.session) { 386 /* 387 * This tty is already the controlling 388 * tty for another session group! 389 */ 390 if (arg == 1 && capable(CAP_SYS_ADMIN)) { 391 /* 392 * Steal it away 393 */ 394 session_clear_tty(tty->ctrl.session); 395 } else { 396 ret = -EPERM; 397 goto unlock; 398 } 399 } 400 401 /* See the comment in tty_open_proc_set_tty(). */ 402 if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) { 403 ret = -EPERM; 404 goto unlock; 405 } 406 407 proc_set_tty(tty); 408 unlock: 409 read_unlock(&tasklist_lock); 410 tty_unlock(tty); 411 return ret; 412 } 413 414 /** 415 * tty_get_pgrp - return a ref counted pgrp pid 416 * @tty: tty to read 417 * 418 * Returns a refcounted instance of the pid struct for the process 419 * group controlling the tty. 420 */ tty_get_pgrp(struct tty_struct * tty)421 struct pid *tty_get_pgrp(struct tty_struct *tty) 422 { 423 unsigned long flags; 424 struct pid *pgrp; 425 426 spin_lock_irqsave(&tty->ctrl.lock, flags); 427 pgrp = get_pid(tty->ctrl.pgrp); 428 spin_unlock_irqrestore(&tty->ctrl.lock, flags); 429 430 return pgrp; 431 } 432 EXPORT_SYMBOL_GPL(tty_get_pgrp); 433 434 /* 435 * This checks not only the pgrp, but falls back on the pid if no 436 * satisfactory pgrp is found. I dunno - gdb doesn't work correctly 437 * without this... 438 * 439 * The caller must hold rcu lock or the tasklist lock. 440 */ session_of_pgrp(struct pid * pgrp)441 static struct pid *session_of_pgrp(struct pid *pgrp) 442 { 443 struct task_struct *p; 444 struct pid *sid = NULL; 445 446 p = pid_task(pgrp, PIDTYPE_PGID); 447 if (p == NULL) 448 p = pid_task(pgrp, PIDTYPE_PID); 449 if (p != NULL) 450 sid = task_session(p); 451 452 return sid; 453 } 454 455 /** 456 * tiocgpgrp - get process group 457 * @tty: tty passed by user 458 * @real_tty: tty side of the tty passed by the user if a pty else the tty 459 * @p: returned pid 460 * 461 * Obtain the process group of the tty. If there is no process group 462 * return an error. 463 * 464 * Locking: none. Reference to current->signal->tty is safe. 465 */ tiocgpgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)466 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 467 { 468 struct pid *pid; 469 int ret; 470 /* 471 * (tty == real_tty) is a cheap way of 472 * testing if the tty is NOT a master pty. 473 */ 474 if (tty == real_tty && current->signal->tty != real_tty) 475 return -ENOTTY; 476 pid = tty_get_pgrp(real_tty); 477 ret = put_user(pid_vnr(pid), p); 478 put_pid(pid); 479 return ret; 480 } 481 482 /** 483 * tiocspgrp - attempt to set process group 484 * @tty: tty passed by user 485 * @real_tty: tty side device matching tty passed by user 486 * @p: pid pointer 487 * 488 * Set the process group of the tty to the session passed. Only 489 * permitted where the tty session is our session. 490 * 491 * Locking: RCU, ctrl lock 492 */ tiocspgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)493 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 494 { 495 struct pid *pgrp; 496 pid_t pgrp_nr; 497 int retval = tty_check_change(real_tty); 498 499 if (retval == -EIO) 500 return -ENOTTY; 501 if (retval) 502 return retval; 503 504 if (get_user(pgrp_nr, p)) 505 return -EFAULT; 506 if (pgrp_nr < 0) 507 return -EINVAL; 508 509 spin_lock_irq(&real_tty->ctrl.lock); 510 if (!current->signal->tty || 511 (current->signal->tty != real_tty) || 512 (real_tty->ctrl.session != task_session(current))) { 513 retval = -ENOTTY; 514 goto out_unlock_ctrl; 515 } 516 rcu_read_lock(); 517 pgrp = find_vpid(pgrp_nr); 518 retval = -ESRCH; 519 if (!pgrp) 520 goto out_unlock; 521 retval = -EPERM; 522 if (session_of_pgrp(pgrp) != task_session(current)) 523 goto out_unlock; 524 retval = 0; 525 put_pid(real_tty->ctrl.pgrp); 526 real_tty->ctrl.pgrp = get_pid(pgrp); 527 out_unlock: 528 rcu_read_unlock(); 529 out_unlock_ctrl: 530 spin_unlock_irq(&real_tty->ctrl.lock); 531 return retval; 532 } 533 534 /** 535 * tiocgsid - get session id 536 * @tty: tty passed by user 537 * @real_tty: tty side of the tty passed by the user if a pty else the tty 538 * @p: pointer to returned session id 539 * 540 * Obtain the session id of the tty. If there is no session 541 * return an error. 542 */ tiocgsid(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)543 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 544 { 545 unsigned long flags; 546 pid_t sid; 547 548 /* 549 * (tty == real_tty) is a cheap way of 550 * testing if the tty is NOT a master pty. 551 */ 552 if (tty == real_tty && current->signal->tty != real_tty) 553 return -ENOTTY; 554 555 spin_lock_irqsave(&real_tty->ctrl.lock, flags); 556 if (!real_tty->ctrl.session) 557 goto err; 558 sid = pid_vnr(real_tty->ctrl.session); 559 spin_unlock_irqrestore(&real_tty->ctrl.lock, flags); 560 561 return put_user(sid, p); 562 563 err: 564 spin_unlock_irqrestore(&real_tty->ctrl.lock, flags); 565 return -ENOTTY; 566 } 567 568 /* 569 * Called from tty_ioctl(). If tty is a pty then real_tty is the slave side, 570 * if not then tty == real_tty. 571 */ tty_jobctrl_ioctl(struct tty_struct * tty,struct tty_struct * real_tty,struct file * file,unsigned int cmd,unsigned long arg)572 long tty_jobctrl_ioctl(struct tty_struct *tty, struct tty_struct *real_tty, 573 struct file *file, unsigned int cmd, unsigned long arg) 574 { 575 void __user *p = (void __user *)arg; 576 577 switch (cmd) { 578 case TIOCNOTTY: 579 if (current->signal->tty != tty) 580 return -ENOTTY; 581 no_tty(); 582 return 0; 583 case TIOCSCTTY: 584 return tiocsctty(real_tty, file, arg); 585 case TIOCGPGRP: 586 return tiocgpgrp(tty, real_tty, p); 587 case TIOCSPGRP: 588 return tiocspgrp(tty, real_tty, p); 589 case TIOCGSID: 590 return tiocgsid(tty, real_tty, p); 591 } 592 return -ENOIOCTLCMD; 593 } 594