xref: /openbmc/linux/drivers/tty/tty_jobctrl.c (revision b4e18b29)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  *  Copyright (C) 1991, 1992  Linus Torvalds
4  */
5 
6 #include <linux/types.h>
7 #include <linux/errno.h>
8 #include <linux/signal.h>
9 #include <linux/sched/signal.h>
10 #include <linux/sched/task.h>
11 #include <linux/tty.h>
12 #include <linux/fcntl.h>
13 #include <linux/uaccess.h>
14 
15 static int is_ignored(int sig)
16 {
17 	return (sigismember(&current->blocked, sig) ||
18 		current->sighand->action[sig-1].sa.sa_handler == SIG_IGN);
19 }
20 
21 /**
22  *	tty_check_change	-	check for POSIX terminal changes
23  *	@tty: tty to check
24  *	@sig: signal to send
25  *
26  *	If we try to write to, or set the state of, a terminal and we're
27  *	not in the foreground, send a SIGTTOU.  If the signal is blocked or
28  *	ignored, go ahead and perform the operation.  (POSIX 7.2)
29  *
30  *	Locking: ctrl_lock
31  */
32 int __tty_check_change(struct tty_struct *tty, int sig)
33 {
34 	unsigned long flags;
35 	struct pid *pgrp, *tty_pgrp;
36 	int ret = 0;
37 
38 	if (current->signal->tty != tty)
39 		return 0;
40 
41 	rcu_read_lock();
42 	pgrp = task_pgrp(current);
43 
44 	spin_lock_irqsave(&tty->ctrl_lock, flags);
45 	tty_pgrp = tty->pgrp;
46 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
47 
48 	if (tty_pgrp && pgrp != tty_pgrp) {
49 		if (is_ignored(sig)) {
50 			if (sig == SIGTTIN)
51 				ret = -EIO;
52 		} else if (is_current_pgrp_orphaned())
53 			ret = -EIO;
54 		else {
55 			kill_pgrp(pgrp, sig, 1);
56 			set_thread_flag(TIF_SIGPENDING);
57 			ret = -ERESTARTSYS;
58 		}
59 	}
60 	rcu_read_unlock();
61 
62 	if (!tty_pgrp)
63 		tty_warn(tty, "sig=%d, tty->pgrp == NULL!\n", sig);
64 
65 	return ret;
66 }
67 
68 int tty_check_change(struct tty_struct *tty)
69 {
70 	return __tty_check_change(tty, SIGTTOU);
71 }
72 EXPORT_SYMBOL(tty_check_change);
73 
74 void proc_clear_tty(struct task_struct *p)
75 {
76 	unsigned long flags;
77 	struct tty_struct *tty;
78 	spin_lock_irqsave(&p->sighand->siglock, flags);
79 	tty = p->signal->tty;
80 	p->signal->tty = NULL;
81 	spin_unlock_irqrestore(&p->sighand->siglock, flags);
82 	tty_kref_put(tty);
83 }
84 
85 /**
86  * proc_set_tty -  set the controlling terminal
87  *	@tty: tty structure
88  *
89  * Only callable by the session leader and only if it does not already have
90  * a controlling terminal.
91  *
92  * Caller must hold:  tty_lock()
93  *		      a readlock on tasklist_lock
94  *		      sighand lock
95  */
96 static void __proc_set_tty(struct tty_struct *tty)
97 {
98 	unsigned long flags;
99 
100 	spin_lock_irqsave(&tty->ctrl_lock, flags);
101 	/*
102 	 * The session and fg pgrp references will be non-NULL if
103 	 * tiocsctty() is stealing the controlling tty
104 	 */
105 	put_pid(tty->session);
106 	put_pid(tty->pgrp);
107 	tty->pgrp = get_pid(task_pgrp(current));
108 	tty->session = get_pid(task_session(current));
109 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
110 	if (current->signal->tty) {
111 		tty_debug(tty, "current tty %s not NULL!!\n",
112 			  current->signal->tty->name);
113 		tty_kref_put(current->signal->tty);
114 	}
115 	put_pid(current->signal->tty_old_pgrp);
116 	current->signal->tty = tty_kref_get(tty);
117 	current->signal->tty_old_pgrp = NULL;
118 }
119 
120 static void proc_set_tty(struct tty_struct *tty)
121 {
122 	spin_lock_irq(&current->sighand->siglock);
123 	__proc_set_tty(tty);
124 	spin_unlock_irq(&current->sighand->siglock);
125 }
126 
127 /*
128  * Called by tty_open() to set the controlling tty if applicable.
129  */
130 void tty_open_proc_set_tty(struct file *filp, struct tty_struct *tty)
131 {
132 	read_lock(&tasklist_lock);
133 	spin_lock_irq(&current->sighand->siglock);
134 	if (current->signal->leader &&
135 	    !current->signal->tty &&
136 	    tty->session == NULL) {
137 		/*
138 		 * Don't let a process that only has write access to the tty
139 		 * obtain the privileges associated with having a tty as
140 		 * controlling terminal (being able to reopen it with full
141 		 * access through /dev/tty, being able to perform pushback).
142 		 * Many distributions set the group of all ttys to "tty" and
143 		 * grant write-only access to all terminals for setgid tty
144 		 * binaries, which should not imply full privileges on all ttys.
145 		 *
146 		 * This could theoretically break old code that performs open()
147 		 * on a write-only file descriptor. In that case, it might be
148 		 * necessary to also permit this if
149 		 * inode_permission(inode, MAY_READ) == 0.
150 		 */
151 		if (filp->f_mode & FMODE_READ)
152 			__proc_set_tty(tty);
153 	}
154 	spin_unlock_irq(&current->sighand->siglock);
155 	read_unlock(&tasklist_lock);
156 }
157 
158 struct tty_struct *get_current_tty(void)
159 {
160 	struct tty_struct *tty;
161 	unsigned long flags;
162 
163 	spin_lock_irqsave(&current->sighand->siglock, flags);
164 	tty = tty_kref_get(current->signal->tty);
165 	spin_unlock_irqrestore(&current->sighand->siglock, flags);
166 	return tty;
167 }
168 EXPORT_SYMBOL_GPL(get_current_tty);
169 
170 /*
171  * Called from tty_release().
172  */
173 void session_clear_tty(struct pid *session)
174 {
175 	struct task_struct *p;
176 	do_each_pid_task(session, PIDTYPE_SID, p) {
177 		proc_clear_tty(p);
178 	} while_each_pid_task(session, PIDTYPE_SID, p);
179 }
180 
181 /**
182  *	tty_signal_session_leader	- sends SIGHUP to session leader
183  *	@tty: controlling tty
184  *	@exit_session: if non-zero, signal all foreground group processes
185  *
186  *	Send SIGHUP and SIGCONT to the session leader and its process group.
187  *	Optionally, signal all processes in the foreground process group.
188  *
189  *	Returns the number of processes in the session with this tty
190  *	as their controlling terminal. This value is used to drop
191  *	tty references for those processes.
192  */
193 int tty_signal_session_leader(struct tty_struct *tty, int exit_session)
194 {
195 	struct task_struct *p;
196 	int refs = 0;
197 	struct pid *tty_pgrp = NULL;
198 
199 	read_lock(&tasklist_lock);
200 	if (tty->session) {
201 		do_each_pid_task(tty->session, PIDTYPE_SID, p) {
202 			spin_lock_irq(&p->sighand->siglock);
203 			if (p->signal->tty == tty) {
204 				p->signal->tty = NULL;
205 				/* We defer the dereferences outside fo
206 				   the tasklist lock */
207 				refs++;
208 			}
209 			if (!p->signal->leader) {
210 				spin_unlock_irq(&p->sighand->siglock);
211 				continue;
212 			}
213 			__group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
214 			__group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
215 			put_pid(p->signal->tty_old_pgrp);  /* A noop */
216 			spin_lock(&tty->ctrl_lock);
217 			tty_pgrp = get_pid(tty->pgrp);
218 			if (tty->pgrp)
219 				p->signal->tty_old_pgrp = get_pid(tty->pgrp);
220 			spin_unlock(&tty->ctrl_lock);
221 			spin_unlock_irq(&p->sighand->siglock);
222 		} while_each_pid_task(tty->session, PIDTYPE_SID, p);
223 	}
224 	read_unlock(&tasklist_lock);
225 
226 	if (tty_pgrp) {
227 		if (exit_session)
228 			kill_pgrp(tty_pgrp, SIGHUP, exit_session);
229 		put_pid(tty_pgrp);
230 	}
231 
232 	return refs;
233 }
234 
235 /**
236  *	disassociate_ctty	-	disconnect controlling tty
237  *	@on_exit: true if exiting so need to "hang up" the session
238  *
239  *	This function is typically called only by the session leader, when
240  *	it wants to disassociate itself from its controlling tty.
241  *
242  *	It performs the following functions:
243  * 	(1)  Sends a SIGHUP and SIGCONT to the foreground process group
244  * 	(2)  Clears the tty from being controlling the session
245  * 	(3)  Clears the controlling tty for all processes in the
246  * 		session group.
247  *
248  *	The argument on_exit is set to 1 if called when a process is
249  *	exiting; it is 0 if called by the ioctl TIOCNOTTY.
250  *
251  *	Locking:
252  *		BTM is taken for hysterical raisons, and held when
253  *		  called from no_tty().
254  *		  tty_mutex is taken to protect tty
255  *		  ->siglock is taken to protect ->signal/->sighand
256  *		  tasklist_lock is taken to walk process list for sessions
257  *		    ->siglock is taken to protect ->signal/->sighand
258  */
259 void disassociate_ctty(int on_exit)
260 {
261 	struct tty_struct *tty;
262 
263 	if (!current->signal->leader)
264 		return;
265 
266 	tty = get_current_tty();
267 	if (tty) {
268 		if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) {
269 			tty_vhangup_session(tty);
270 		} else {
271 			struct pid *tty_pgrp = tty_get_pgrp(tty);
272 			if (tty_pgrp) {
273 				kill_pgrp(tty_pgrp, SIGHUP, on_exit);
274 				if (!on_exit)
275 					kill_pgrp(tty_pgrp, SIGCONT, on_exit);
276 				put_pid(tty_pgrp);
277 			}
278 		}
279 		tty_kref_put(tty);
280 
281 	} else if (on_exit) {
282 		struct pid *old_pgrp;
283 		spin_lock_irq(&current->sighand->siglock);
284 		old_pgrp = current->signal->tty_old_pgrp;
285 		current->signal->tty_old_pgrp = NULL;
286 		spin_unlock_irq(&current->sighand->siglock);
287 		if (old_pgrp) {
288 			kill_pgrp(old_pgrp, SIGHUP, on_exit);
289 			kill_pgrp(old_pgrp, SIGCONT, on_exit);
290 			put_pid(old_pgrp);
291 		}
292 		return;
293 	}
294 
295 	spin_lock_irq(&current->sighand->siglock);
296 	put_pid(current->signal->tty_old_pgrp);
297 	current->signal->tty_old_pgrp = NULL;
298 	tty = tty_kref_get(current->signal->tty);
299 	spin_unlock_irq(&current->sighand->siglock);
300 
301 	if (tty) {
302 		unsigned long flags;
303 
304 		tty_lock(tty);
305 		spin_lock_irqsave(&tty->ctrl_lock, flags);
306 		put_pid(tty->session);
307 		put_pid(tty->pgrp);
308 		tty->session = NULL;
309 		tty->pgrp = NULL;
310 		spin_unlock_irqrestore(&tty->ctrl_lock, flags);
311 		tty_unlock(tty);
312 		tty_kref_put(tty);
313 	}
314 
315 	/* Now clear signal->tty under the lock */
316 	read_lock(&tasklist_lock);
317 	session_clear_tty(task_session(current));
318 	read_unlock(&tasklist_lock);
319 }
320 
321 /*
322  *
323  *	no_tty	- Ensure the current process does not have a controlling tty
324  */
325 void no_tty(void)
326 {
327 	/* FIXME: Review locking here. The tty_lock never covered any race
328 	   between a new association and proc_clear_tty but possible we need
329 	   to protect against this anyway */
330 	struct task_struct *tsk = current;
331 	disassociate_ctty(0);
332 	proc_clear_tty(tsk);
333 }
334 
335 /**
336  *	tiocsctty	-	set controlling tty
337  *	@tty: tty structure
338  *	@file: file structure used to check permissions
339  *	@arg: user argument
340  *
341  *	This ioctl is used to manage job control. It permits a session
342  *	leader to set this tty as the controlling tty for the session.
343  *
344  *	Locking:
345  *		Takes tty_lock() to serialize proc_set_tty() for this tty
346  *		Takes tasklist_lock internally to walk sessions
347  *		Takes ->siglock() when updating signal->tty
348  */
349 static int tiocsctty(struct tty_struct *tty, struct file *file, int arg)
350 {
351 	int ret = 0;
352 
353 	tty_lock(tty);
354 	read_lock(&tasklist_lock);
355 
356 	if (current->signal->leader && (task_session(current) == tty->session))
357 		goto unlock;
358 
359 	/*
360 	 * The process must be a session leader and
361 	 * not have a controlling tty already.
362 	 */
363 	if (!current->signal->leader || current->signal->tty) {
364 		ret = -EPERM;
365 		goto unlock;
366 	}
367 
368 	if (tty->session) {
369 		/*
370 		 * This tty is already the controlling
371 		 * tty for another session group!
372 		 */
373 		if (arg == 1 && capable(CAP_SYS_ADMIN)) {
374 			/*
375 			 * Steal it away
376 			 */
377 			session_clear_tty(tty->session);
378 		} else {
379 			ret = -EPERM;
380 			goto unlock;
381 		}
382 	}
383 
384 	/* See the comment in tty_open_proc_set_tty(). */
385 	if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) {
386 		ret = -EPERM;
387 		goto unlock;
388 	}
389 
390 	proc_set_tty(tty);
391 unlock:
392 	read_unlock(&tasklist_lock);
393 	tty_unlock(tty);
394 	return ret;
395 }
396 
397 /**
398  *	tty_get_pgrp	-	return a ref counted pgrp pid
399  *	@tty: tty to read
400  *
401  *	Returns a refcounted instance of the pid struct for the process
402  *	group controlling the tty.
403  */
404 struct pid *tty_get_pgrp(struct tty_struct *tty)
405 {
406 	unsigned long flags;
407 	struct pid *pgrp;
408 
409 	spin_lock_irqsave(&tty->ctrl_lock, flags);
410 	pgrp = get_pid(tty->pgrp);
411 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
412 
413 	return pgrp;
414 }
415 EXPORT_SYMBOL_GPL(tty_get_pgrp);
416 
417 /*
418  * This checks not only the pgrp, but falls back on the pid if no
419  * satisfactory pgrp is found. I dunno - gdb doesn't work correctly
420  * without this...
421  *
422  * The caller must hold rcu lock or the tasklist lock.
423  */
424 static struct pid *session_of_pgrp(struct pid *pgrp)
425 {
426 	struct task_struct *p;
427 	struct pid *sid = NULL;
428 
429 	p = pid_task(pgrp, PIDTYPE_PGID);
430 	if (p == NULL)
431 		p = pid_task(pgrp, PIDTYPE_PID);
432 	if (p != NULL)
433 		sid = task_session(p);
434 
435 	return sid;
436 }
437 
438 /**
439  *	tiocgpgrp		-	get process group
440  *	@tty: tty passed by user
441  *	@real_tty: tty side of the tty passed by the user if a pty else the tty
442  *	@p: returned pid
443  *
444  *	Obtain the process group of the tty. If there is no process group
445  *	return an error.
446  *
447  *	Locking: none. Reference to current->signal->tty is safe.
448  */
449 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
450 {
451 	struct pid *pid;
452 	int ret;
453 	/*
454 	 * (tty == real_tty) is a cheap way of
455 	 * testing if the tty is NOT a master pty.
456 	 */
457 	if (tty == real_tty && current->signal->tty != real_tty)
458 		return -ENOTTY;
459 	pid = tty_get_pgrp(real_tty);
460 	ret =  put_user(pid_vnr(pid), p);
461 	put_pid(pid);
462 	return ret;
463 }
464 
465 /**
466  *	tiocspgrp		-	attempt to set process group
467  *	@tty: tty passed by user
468  *	@real_tty: tty side device matching tty passed by user
469  *	@p: pid pointer
470  *
471  *	Set the process group of the tty to the session passed. Only
472  *	permitted where the tty session is our session.
473  *
474  *	Locking: RCU, ctrl lock
475  */
476 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
477 {
478 	struct pid *pgrp;
479 	pid_t pgrp_nr;
480 	int retval = tty_check_change(real_tty);
481 
482 	if (retval == -EIO)
483 		return -ENOTTY;
484 	if (retval)
485 		return retval;
486 
487 	if (get_user(pgrp_nr, p))
488 		return -EFAULT;
489 	if (pgrp_nr < 0)
490 		return -EINVAL;
491 
492 	spin_lock_irq(&real_tty->ctrl_lock);
493 	if (!current->signal->tty ||
494 	    (current->signal->tty != real_tty) ||
495 	    (real_tty->session != task_session(current))) {
496 		retval = -ENOTTY;
497 		goto out_unlock_ctrl;
498 	}
499 	rcu_read_lock();
500 	pgrp = find_vpid(pgrp_nr);
501 	retval = -ESRCH;
502 	if (!pgrp)
503 		goto out_unlock;
504 	retval = -EPERM;
505 	if (session_of_pgrp(pgrp) != task_session(current))
506 		goto out_unlock;
507 	retval = 0;
508 	put_pid(real_tty->pgrp);
509 	real_tty->pgrp = get_pid(pgrp);
510 out_unlock:
511 	rcu_read_unlock();
512 out_unlock_ctrl:
513 	spin_unlock_irq(&real_tty->ctrl_lock);
514 	return retval;
515 }
516 
517 /**
518  *	tiocgsid		-	get session id
519  *	@tty: tty passed by user
520  *	@real_tty: tty side of the tty passed by the user if a pty else the tty
521  *	@p: pointer to returned session id
522  *
523  *	Obtain the session id of the tty. If there is no session
524  *	return an error.
525  */
526 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
527 {
528 	unsigned long flags;
529 	pid_t sid;
530 
531 	/*
532 	 * (tty == real_tty) is a cheap way of
533 	 * testing if the tty is NOT a master pty.
534 	*/
535 	if (tty == real_tty && current->signal->tty != real_tty)
536 		return -ENOTTY;
537 
538 	spin_lock_irqsave(&real_tty->ctrl_lock, flags);
539 	if (!real_tty->session)
540 		goto err;
541 	sid = pid_vnr(real_tty->session);
542 	spin_unlock_irqrestore(&real_tty->ctrl_lock, flags);
543 
544 	return put_user(sid, p);
545 
546 err:
547 	spin_unlock_irqrestore(&real_tty->ctrl_lock, flags);
548 	return -ENOTTY;
549 }
550 
551 /*
552  * Called from tty_ioctl(). If tty is a pty then real_tty is the slave side,
553  * if not then tty == real_tty.
554  */
555 long tty_jobctrl_ioctl(struct tty_struct *tty, struct tty_struct *real_tty,
556 		       struct file *file, unsigned int cmd, unsigned long arg)
557 {
558 	void __user *p = (void __user *)arg;
559 
560 	switch (cmd) {
561 	case TIOCNOTTY:
562 		if (current->signal->tty != tty)
563 			return -ENOTTY;
564 		no_tty();
565 		return 0;
566 	case TIOCSCTTY:
567 		return tiocsctty(real_tty, file, arg);
568 	case TIOCGPGRP:
569 		return tiocgpgrp(tty, real_tty, p);
570 	case TIOCSPGRP:
571 		return tiocspgrp(tty, real_tty, p);
572 	case TIOCGSID:
573 		return tiocgsid(tty, real_tty, p);
574 	}
575 	return -ENOIOCTLCMD;
576 }
577