1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1991, 1992 Linus Torvalds 4 */ 5 6 #include <linux/types.h> 7 #include <linux/errno.h> 8 #include <linux/signal.h> 9 #include <linux/sched/signal.h> 10 #include <linux/sched/task.h> 11 #include <linux/tty.h> 12 #include <linux/fcntl.h> 13 #include <linux/uaccess.h> 14 15 static int is_ignored(int sig) 16 { 17 return (sigismember(¤t->blocked, sig) || 18 current->sighand->action[sig-1].sa.sa_handler == SIG_IGN); 19 } 20 21 /** 22 * tty_check_change - check for POSIX terminal changes 23 * @tty: tty to check 24 * 25 * If we try to write to, or set the state of, a terminal and we're 26 * not in the foreground, send a SIGTTOU. If the signal is blocked or 27 * ignored, go ahead and perform the operation. (POSIX 7.2) 28 * 29 * Locking: ctrl_lock 30 */ 31 int __tty_check_change(struct tty_struct *tty, int sig) 32 { 33 unsigned long flags; 34 struct pid *pgrp, *tty_pgrp; 35 int ret = 0; 36 37 if (current->signal->tty != tty) 38 return 0; 39 40 rcu_read_lock(); 41 pgrp = task_pgrp(current); 42 43 spin_lock_irqsave(&tty->ctrl_lock, flags); 44 tty_pgrp = tty->pgrp; 45 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 46 47 if (tty_pgrp && pgrp != tty_pgrp) { 48 if (is_ignored(sig)) { 49 if (sig == SIGTTIN) 50 ret = -EIO; 51 } else if (is_current_pgrp_orphaned()) 52 ret = -EIO; 53 else { 54 kill_pgrp(pgrp, sig, 1); 55 set_thread_flag(TIF_SIGPENDING); 56 ret = -ERESTARTSYS; 57 } 58 } 59 rcu_read_unlock(); 60 61 if (!tty_pgrp) 62 tty_warn(tty, "sig=%d, tty->pgrp == NULL!\n", sig); 63 64 return ret; 65 } 66 67 int tty_check_change(struct tty_struct *tty) 68 { 69 return __tty_check_change(tty, SIGTTOU); 70 } 71 EXPORT_SYMBOL(tty_check_change); 72 73 void proc_clear_tty(struct task_struct *p) 74 { 75 unsigned long flags; 76 struct tty_struct *tty; 77 spin_lock_irqsave(&p->sighand->siglock, flags); 78 tty = p->signal->tty; 79 p->signal->tty = NULL; 80 spin_unlock_irqrestore(&p->sighand->siglock, flags); 81 tty_kref_put(tty); 82 } 83 84 /** 85 * proc_set_tty - set the controlling terminal 86 * 87 * Only callable by the session leader and only if it does not already have 88 * a controlling terminal. 89 * 90 * Caller must hold: tty_lock() 91 * a readlock on tasklist_lock 92 * sighand lock 93 */ 94 static void __proc_set_tty(struct tty_struct *tty) 95 { 96 unsigned long flags; 97 98 spin_lock_irqsave(&tty->ctrl_lock, flags); 99 /* 100 * The session and fg pgrp references will be non-NULL if 101 * tiocsctty() is stealing the controlling tty 102 */ 103 put_pid(tty->session); 104 put_pid(tty->pgrp); 105 tty->pgrp = get_pid(task_pgrp(current)); 106 tty->session = get_pid(task_session(current)); 107 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 108 if (current->signal->tty) { 109 tty_debug(tty, "current tty %s not NULL!!\n", 110 current->signal->tty->name); 111 tty_kref_put(current->signal->tty); 112 } 113 put_pid(current->signal->tty_old_pgrp); 114 current->signal->tty = tty_kref_get(tty); 115 current->signal->tty_old_pgrp = NULL; 116 } 117 118 static void proc_set_tty(struct tty_struct *tty) 119 { 120 spin_lock_irq(¤t->sighand->siglock); 121 __proc_set_tty(tty); 122 spin_unlock_irq(¤t->sighand->siglock); 123 } 124 125 /* 126 * Called by tty_open() to set the controlling tty if applicable. 127 */ 128 void tty_open_proc_set_tty(struct file *filp, struct tty_struct *tty) 129 { 130 read_lock(&tasklist_lock); 131 spin_lock_irq(¤t->sighand->siglock); 132 if (current->signal->leader && 133 !current->signal->tty && 134 tty->session == NULL) { 135 /* 136 * Don't let a process that only has write access to the tty 137 * obtain the privileges associated with having a tty as 138 * controlling terminal (being able to reopen it with full 139 * access through /dev/tty, being able to perform pushback). 140 * Many distributions set the group of all ttys to "tty" and 141 * grant write-only access to all terminals for setgid tty 142 * binaries, which should not imply full privileges on all ttys. 143 * 144 * This could theoretically break old code that performs open() 145 * on a write-only file descriptor. In that case, it might be 146 * necessary to also permit this if 147 * inode_permission(inode, MAY_READ) == 0. 148 */ 149 if (filp->f_mode & FMODE_READ) 150 __proc_set_tty(tty); 151 } 152 spin_unlock_irq(¤t->sighand->siglock); 153 read_unlock(&tasklist_lock); 154 } 155 156 struct tty_struct *get_current_tty(void) 157 { 158 struct tty_struct *tty; 159 unsigned long flags; 160 161 spin_lock_irqsave(¤t->sighand->siglock, flags); 162 tty = tty_kref_get(current->signal->tty); 163 spin_unlock_irqrestore(¤t->sighand->siglock, flags); 164 return tty; 165 } 166 EXPORT_SYMBOL_GPL(get_current_tty); 167 168 /* 169 * Called from tty_release(). 170 */ 171 void session_clear_tty(struct pid *session) 172 { 173 struct task_struct *p; 174 do_each_pid_task(session, PIDTYPE_SID, p) { 175 proc_clear_tty(p); 176 } while_each_pid_task(session, PIDTYPE_SID, p); 177 } 178 179 /** 180 * tty_signal_session_leader - sends SIGHUP to session leader 181 * @tty: controlling tty 182 * @exit_session: if non-zero, signal all foreground group processes 183 * 184 * Send SIGHUP and SIGCONT to the session leader and its process group. 185 * Optionally, signal all processes in the foreground process group. 186 * 187 * Returns the number of processes in the session with this tty 188 * as their controlling terminal. This value is used to drop 189 * tty references for those processes. 190 */ 191 int tty_signal_session_leader(struct tty_struct *tty, int exit_session) 192 { 193 struct task_struct *p; 194 int refs = 0; 195 struct pid *tty_pgrp = NULL; 196 197 read_lock(&tasklist_lock); 198 if (tty->session) { 199 do_each_pid_task(tty->session, PIDTYPE_SID, p) { 200 spin_lock_irq(&p->sighand->siglock); 201 if (p->signal->tty == tty) { 202 p->signal->tty = NULL; 203 /* We defer the dereferences outside fo 204 the tasklist lock */ 205 refs++; 206 } 207 if (!p->signal->leader) { 208 spin_unlock_irq(&p->sighand->siglock); 209 continue; 210 } 211 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p); 212 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p); 213 put_pid(p->signal->tty_old_pgrp); /* A noop */ 214 spin_lock(&tty->ctrl_lock); 215 tty_pgrp = get_pid(tty->pgrp); 216 if (tty->pgrp) 217 p->signal->tty_old_pgrp = get_pid(tty->pgrp); 218 spin_unlock(&tty->ctrl_lock); 219 spin_unlock_irq(&p->sighand->siglock); 220 } while_each_pid_task(tty->session, PIDTYPE_SID, p); 221 } 222 read_unlock(&tasklist_lock); 223 224 if (tty_pgrp) { 225 if (exit_session) 226 kill_pgrp(tty_pgrp, SIGHUP, exit_session); 227 put_pid(tty_pgrp); 228 } 229 230 return refs; 231 } 232 233 /** 234 * disassociate_ctty - disconnect controlling tty 235 * @on_exit: true if exiting so need to "hang up" the session 236 * 237 * This function is typically called only by the session leader, when 238 * it wants to disassociate itself from its controlling tty. 239 * 240 * It performs the following functions: 241 * (1) Sends a SIGHUP and SIGCONT to the foreground process group 242 * (2) Clears the tty from being controlling the session 243 * (3) Clears the controlling tty for all processes in the 244 * session group. 245 * 246 * The argument on_exit is set to 1 if called when a process is 247 * exiting; it is 0 if called by the ioctl TIOCNOTTY. 248 * 249 * Locking: 250 * BTM is taken for hysterical raisons, and held when 251 * called from no_tty(). 252 * tty_mutex is taken to protect tty 253 * ->siglock is taken to protect ->signal/->sighand 254 * tasklist_lock is taken to walk process list for sessions 255 * ->siglock is taken to protect ->signal/->sighand 256 */ 257 void disassociate_ctty(int on_exit) 258 { 259 struct tty_struct *tty; 260 261 if (!current->signal->leader) 262 return; 263 264 tty = get_current_tty(); 265 if (tty) { 266 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) { 267 tty_vhangup_session(tty); 268 } else { 269 struct pid *tty_pgrp = tty_get_pgrp(tty); 270 if (tty_pgrp) { 271 kill_pgrp(tty_pgrp, SIGHUP, on_exit); 272 if (!on_exit) 273 kill_pgrp(tty_pgrp, SIGCONT, on_exit); 274 put_pid(tty_pgrp); 275 } 276 } 277 tty_kref_put(tty); 278 279 } else if (on_exit) { 280 struct pid *old_pgrp; 281 spin_lock_irq(¤t->sighand->siglock); 282 old_pgrp = current->signal->tty_old_pgrp; 283 current->signal->tty_old_pgrp = NULL; 284 spin_unlock_irq(¤t->sighand->siglock); 285 if (old_pgrp) { 286 kill_pgrp(old_pgrp, SIGHUP, on_exit); 287 kill_pgrp(old_pgrp, SIGCONT, on_exit); 288 put_pid(old_pgrp); 289 } 290 return; 291 } 292 293 spin_lock_irq(¤t->sighand->siglock); 294 put_pid(current->signal->tty_old_pgrp); 295 current->signal->tty_old_pgrp = NULL; 296 tty = tty_kref_get(current->signal->tty); 297 spin_unlock_irq(¤t->sighand->siglock); 298 299 if (tty) { 300 unsigned long flags; 301 302 tty_lock(tty); 303 spin_lock_irqsave(&tty->ctrl_lock, flags); 304 put_pid(tty->session); 305 put_pid(tty->pgrp); 306 tty->session = NULL; 307 tty->pgrp = NULL; 308 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 309 tty_unlock(tty); 310 tty_kref_put(tty); 311 } 312 313 /* Now clear signal->tty under the lock */ 314 read_lock(&tasklist_lock); 315 session_clear_tty(task_session(current)); 316 read_unlock(&tasklist_lock); 317 } 318 319 /* 320 * 321 * no_tty - Ensure the current process does not have a controlling tty 322 */ 323 void no_tty(void) 324 { 325 /* FIXME: Review locking here. The tty_lock never covered any race 326 between a new association and proc_clear_tty but possible we need 327 to protect against this anyway */ 328 struct task_struct *tsk = current; 329 disassociate_ctty(0); 330 proc_clear_tty(tsk); 331 } 332 333 /** 334 * tiocsctty - set controlling tty 335 * @tty: tty structure 336 * @arg: user argument 337 * 338 * This ioctl is used to manage job control. It permits a session 339 * leader to set this tty as the controlling tty for the session. 340 * 341 * Locking: 342 * Takes tty_lock() to serialize proc_set_tty() for this tty 343 * Takes tasklist_lock internally to walk sessions 344 * Takes ->siglock() when updating signal->tty 345 */ 346 static int tiocsctty(struct tty_struct *tty, struct file *file, int arg) 347 { 348 int ret = 0; 349 350 tty_lock(tty); 351 read_lock(&tasklist_lock); 352 353 if (current->signal->leader && (task_session(current) == tty->session)) 354 goto unlock; 355 356 /* 357 * The process must be a session leader and 358 * not have a controlling tty already. 359 */ 360 if (!current->signal->leader || current->signal->tty) { 361 ret = -EPERM; 362 goto unlock; 363 } 364 365 if (tty->session) { 366 /* 367 * This tty is already the controlling 368 * tty for another session group! 369 */ 370 if (arg == 1 && capable(CAP_SYS_ADMIN)) { 371 /* 372 * Steal it away 373 */ 374 session_clear_tty(tty->session); 375 } else { 376 ret = -EPERM; 377 goto unlock; 378 } 379 } 380 381 /* See the comment in tty_open_proc_set_tty(). */ 382 if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) { 383 ret = -EPERM; 384 goto unlock; 385 } 386 387 proc_set_tty(tty); 388 unlock: 389 read_unlock(&tasklist_lock); 390 tty_unlock(tty); 391 return ret; 392 } 393 394 /** 395 * tty_get_pgrp - return a ref counted pgrp pid 396 * @tty: tty to read 397 * 398 * Returns a refcounted instance of the pid struct for the process 399 * group controlling the tty. 400 */ 401 struct pid *tty_get_pgrp(struct tty_struct *tty) 402 { 403 unsigned long flags; 404 struct pid *pgrp; 405 406 spin_lock_irqsave(&tty->ctrl_lock, flags); 407 pgrp = get_pid(tty->pgrp); 408 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 409 410 return pgrp; 411 } 412 EXPORT_SYMBOL_GPL(tty_get_pgrp); 413 414 /* 415 * This checks not only the pgrp, but falls back on the pid if no 416 * satisfactory pgrp is found. I dunno - gdb doesn't work correctly 417 * without this... 418 * 419 * The caller must hold rcu lock or the tasklist lock. 420 */ 421 static struct pid *session_of_pgrp(struct pid *pgrp) 422 { 423 struct task_struct *p; 424 struct pid *sid = NULL; 425 426 p = pid_task(pgrp, PIDTYPE_PGID); 427 if (p == NULL) 428 p = pid_task(pgrp, PIDTYPE_PID); 429 if (p != NULL) 430 sid = task_session(p); 431 432 return sid; 433 } 434 435 /** 436 * tiocgpgrp - get process group 437 * @tty: tty passed by user 438 * @real_tty: tty side of the tty passed by the user if a pty else the tty 439 * @p: returned pid 440 * 441 * Obtain the process group of the tty. If there is no process group 442 * return an error. 443 * 444 * Locking: none. Reference to current->signal->tty is safe. 445 */ 446 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 447 { 448 struct pid *pid; 449 int ret; 450 /* 451 * (tty == real_tty) is a cheap way of 452 * testing if the tty is NOT a master pty. 453 */ 454 if (tty == real_tty && current->signal->tty != real_tty) 455 return -ENOTTY; 456 pid = tty_get_pgrp(real_tty); 457 ret = put_user(pid_vnr(pid), p); 458 put_pid(pid); 459 return ret; 460 } 461 462 /** 463 * tiocspgrp - attempt to set process group 464 * @tty: tty passed by user 465 * @real_tty: tty side device matching tty passed by user 466 * @p: pid pointer 467 * 468 * Set the process group of the tty to the session passed. Only 469 * permitted where the tty session is our session. 470 * 471 * Locking: RCU, ctrl lock 472 */ 473 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 474 { 475 struct pid *pgrp; 476 pid_t pgrp_nr; 477 int retval = tty_check_change(real_tty); 478 479 if (retval == -EIO) 480 return -ENOTTY; 481 if (retval) 482 return retval; 483 484 if (get_user(pgrp_nr, p)) 485 return -EFAULT; 486 if (pgrp_nr < 0) 487 return -EINVAL; 488 489 spin_lock_irq(&real_tty->ctrl_lock); 490 if (!current->signal->tty || 491 (current->signal->tty != real_tty) || 492 (real_tty->session != task_session(current))) { 493 retval = -ENOTTY; 494 goto out_unlock_ctrl; 495 } 496 rcu_read_lock(); 497 pgrp = find_vpid(pgrp_nr); 498 retval = -ESRCH; 499 if (!pgrp) 500 goto out_unlock; 501 retval = -EPERM; 502 if (session_of_pgrp(pgrp) != task_session(current)) 503 goto out_unlock; 504 retval = 0; 505 put_pid(real_tty->pgrp); 506 real_tty->pgrp = get_pid(pgrp); 507 out_unlock: 508 rcu_read_unlock(); 509 out_unlock_ctrl: 510 spin_unlock_irq(&real_tty->ctrl_lock); 511 return retval; 512 } 513 514 /** 515 * tiocgsid - get session id 516 * @tty: tty passed by user 517 * @real_tty: tty side of the tty passed by the user if a pty else the tty 518 * @p: pointer to returned session id 519 * 520 * Obtain the session id of the tty. If there is no session 521 * return an error. 522 */ 523 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 524 { 525 unsigned long flags; 526 pid_t sid; 527 528 /* 529 * (tty == real_tty) is a cheap way of 530 * testing if the tty is NOT a master pty. 531 */ 532 if (tty == real_tty && current->signal->tty != real_tty) 533 return -ENOTTY; 534 535 spin_lock_irqsave(&real_tty->ctrl_lock, flags); 536 if (!real_tty->session) 537 goto err; 538 sid = pid_vnr(real_tty->session); 539 spin_unlock_irqrestore(&real_tty->ctrl_lock, flags); 540 541 return put_user(sid, p); 542 543 err: 544 spin_unlock_irqrestore(&real_tty->ctrl_lock, flags); 545 return -ENOTTY; 546 } 547 548 /* 549 * Called from tty_ioctl(). If tty is a pty then real_tty is the slave side, 550 * if not then tty == real_tty. 551 */ 552 long tty_jobctrl_ioctl(struct tty_struct *tty, struct tty_struct *real_tty, 553 struct file *file, unsigned int cmd, unsigned long arg) 554 { 555 void __user *p = (void __user *)arg; 556 557 switch (cmd) { 558 case TIOCNOTTY: 559 if (current->signal->tty != tty) 560 return -ENOTTY; 561 no_tty(); 562 return 0; 563 case TIOCSCTTY: 564 return tiocsctty(real_tty, file, arg); 565 case TIOCGPGRP: 566 return tiocgpgrp(tty, real_tty, p); 567 case TIOCSPGRP: 568 return tiocspgrp(tty, real_tty, p); 569 case TIOCGSID: 570 return tiocgsid(tty, real_tty, p); 571 } 572 return -ENOIOCTLCMD; 573 } 574