1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1991, 1992 Linus Torvalds 4 */ 5 6 #include <linux/types.h> 7 #include <linux/errno.h> 8 #include <linux/signal.h> 9 #include <linux/sched/signal.h> 10 #include <linux/sched/task.h> 11 #include <linux/tty.h> 12 #include <linux/fcntl.h> 13 #include <linux/uaccess.h> 14 15 static int is_ignored(int sig) 16 { 17 return (sigismember(¤t->blocked, sig) || 18 current->sighand->action[sig-1].sa.sa_handler == SIG_IGN); 19 } 20 21 /** 22 * tty_check_change - check for POSIX terminal changes 23 * @tty: tty to check 24 * @sig: signal to send 25 * 26 * If we try to write to, or set the state of, a terminal and we're 27 * not in the foreground, send a SIGTTOU. If the signal is blocked or 28 * ignored, go ahead and perform the operation. (POSIX 7.2) 29 * 30 * Locking: ctrl_lock 31 */ 32 int __tty_check_change(struct tty_struct *tty, int sig) 33 { 34 unsigned long flags; 35 struct pid *pgrp, *tty_pgrp; 36 int ret = 0; 37 38 if (current->signal->tty != tty) 39 return 0; 40 41 rcu_read_lock(); 42 pgrp = task_pgrp(current); 43 44 spin_lock_irqsave(&tty->ctrl_lock, flags); 45 tty_pgrp = tty->pgrp; 46 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 47 48 if (tty_pgrp && pgrp != tty_pgrp) { 49 if (is_ignored(sig)) { 50 if (sig == SIGTTIN) 51 ret = -EIO; 52 } else if (is_current_pgrp_orphaned()) 53 ret = -EIO; 54 else { 55 kill_pgrp(pgrp, sig, 1); 56 set_thread_flag(TIF_SIGPENDING); 57 ret = -ERESTARTSYS; 58 } 59 } 60 rcu_read_unlock(); 61 62 if (!tty_pgrp) 63 tty_warn(tty, "sig=%d, tty->pgrp == NULL!\n", sig); 64 65 return ret; 66 } 67 68 int tty_check_change(struct tty_struct *tty) 69 { 70 return __tty_check_change(tty, SIGTTOU); 71 } 72 EXPORT_SYMBOL(tty_check_change); 73 74 void proc_clear_tty(struct task_struct *p) 75 { 76 unsigned long flags; 77 struct tty_struct *tty; 78 spin_lock_irqsave(&p->sighand->siglock, flags); 79 tty = p->signal->tty; 80 p->signal->tty = NULL; 81 spin_unlock_irqrestore(&p->sighand->siglock, flags); 82 tty_kref_put(tty); 83 } 84 85 /** 86 * proc_set_tty - set the controlling terminal 87 * @tty: tty structure 88 * 89 * Only callable by the session leader and only if it does not already have 90 * a controlling terminal. 91 * 92 * Caller must hold: tty_lock() 93 * a readlock on tasklist_lock 94 * sighand lock 95 */ 96 static void __proc_set_tty(struct tty_struct *tty) 97 { 98 unsigned long flags; 99 100 spin_lock_irqsave(&tty->ctrl_lock, flags); 101 /* 102 * The session and fg pgrp references will be non-NULL if 103 * tiocsctty() is stealing the controlling tty 104 */ 105 put_pid(tty->session); 106 put_pid(tty->pgrp); 107 tty->pgrp = get_pid(task_pgrp(current)); 108 tty->session = get_pid(task_session(current)); 109 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 110 if (current->signal->tty) { 111 tty_debug(tty, "current tty %s not NULL!!\n", 112 current->signal->tty->name); 113 tty_kref_put(current->signal->tty); 114 } 115 put_pid(current->signal->tty_old_pgrp); 116 current->signal->tty = tty_kref_get(tty); 117 current->signal->tty_old_pgrp = NULL; 118 } 119 120 static void proc_set_tty(struct tty_struct *tty) 121 { 122 spin_lock_irq(¤t->sighand->siglock); 123 __proc_set_tty(tty); 124 spin_unlock_irq(¤t->sighand->siglock); 125 } 126 127 /* 128 * Called by tty_open() to set the controlling tty if applicable. 129 */ 130 void tty_open_proc_set_tty(struct file *filp, struct tty_struct *tty) 131 { 132 read_lock(&tasklist_lock); 133 spin_lock_irq(¤t->sighand->siglock); 134 if (current->signal->leader && 135 !current->signal->tty && 136 tty->session == NULL) { 137 /* 138 * Don't let a process that only has write access to the tty 139 * obtain the privileges associated with having a tty as 140 * controlling terminal (being able to reopen it with full 141 * access through /dev/tty, being able to perform pushback). 142 * Many distributions set the group of all ttys to "tty" and 143 * grant write-only access to all terminals for setgid tty 144 * binaries, which should not imply full privileges on all ttys. 145 * 146 * This could theoretically break old code that performs open() 147 * on a write-only file descriptor. In that case, it might be 148 * necessary to also permit this if 149 * inode_permission(inode, MAY_READ) == 0. 150 */ 151 if (filp->f_mode & FMODE_READ) 152 __proc_set_tty(tty); 153 } 154 spin_unlock_irq(¤t->sighand->siglock); 155 read_unlock(&tasklist_lock); 156 } 157 158 struct tty_struct *get_current_tty(void) 159 { 160 struct tty_struct *tty; 161 unsigned long flags; 162 163 spin_lock_irqsave(¤t->sighand->siglock, flags); 164 tty = tty_kref_get(current->signal->tty); 165 spin_unlock_irqrestore(¤t->sighand->siglock, flags); 166 return tty; 167 } 168 EXPORT_SYMBOL_GPL(get_current_tty); 169 170 /* 171 * Called from tty_release(). 172 */ 173 void session_clear_tty(struct pid *session) 174 { 175 struct task_struct *p; 176 do_each_pid_task(session, PIDTYPE_SID, p) { 177 proc_clear_tty(p); 178 } while_each_pid_task(session, PIDTYPE_SID, p); 179 } 180 181 /** 182 * tty_signal_session_leader - sends SIGHUP to session leader 183 * @tty: controlling tty 184 * @exit_session: if non-zero, signal all foreground group processes 185 * 186 * Send SIGHUP and SIGCONT to the session leader and its process group. 187 * Optionally, signal all processes in the foreground process group. 188 * 189 * Returns the number of processes in the session with this tty 190 * as their controlling terminal. This value is used to drop 191 * tty references for those processes. 192 */ 193 int tty_signal_session_leader(struct tty_struct *tty, int exit_session) 194 { 195 struct task_struct *p; 196 int refs = 0; 197 struct pid *tty_pgrp = NULL; 198 199 read_lock(&tasklist_lock); 200 if (tty->session) { 201 do_each_pid_task(tty->session, PIDTYPE_SID, p) { 202 spin_lock_irq(&p->sighand->siglock); 203 if (p->signal->tty == tty) { 204 p->signal->tty = NULL; 205 /* We defer the dereferences outside fo 206 the tasklist lock */ 207 refs++; 208 } 209 if (!p->signal->leader) { 210 spin_unlock_irq(&p->sighand->siglock); 211 continue; 212 } 213 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p); 214 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p); 215 put_pid(p->signal->tty_old_pgrp); /* A noop */ 216 spin_lock(&tty->ctrl_lock); 217 tty_pgrp = get_pid(tty->pgrp); 218 if (tty->pgrp) 219 p->signal->tty_old_pgrp = get_pid(tty->pgrp); 220 spin_unlock(&tty->ctrl_lock); 221 spin_unlock_irq(&p->sighand->siglock); 222 } while_each_pid_task(tty->session, PIDTYPE_SID, p); 223 } 224 read_unlock(&tasklist_lock); 225 226 if (tty_pgrp) { 227 if (exit_session) 228 kill_pgrp(tty_pgrp, SIGHUP, exit_session); 229 put_pid(tty_pgrp); 230 } 231 232 return refs; 233 } 234 235 /** 236 * disassociate_ctty - disconnect controlling tty 237 * @on_exit: true if exiting so need to "hang up" the session 238 * 239 * This function is typically called only by the session leader, when 240 * it wants to disassociate itself from its controlling tty. 241 * 242 * It performs the following functions: 243 * (1) Sends a SIGHUP and SIGCONT to the foreground process group 244 * (2) Clears the tty from being controlling the session 245 * (3) Clears the controlling tty for all processes in the 246 * session group. 247 * 248 * The argument on_exit is set to 1 if called when a process is 249 * exiting; it is 0 if called by the ioctl TIOCNOTTY. 250 * 251 * Locking: 252 * BTM is taken for hysterical raisons, and held when 253 * called from no_tty(). 254 * tty_mutex is taken to protect tty 255 * ->siglock is taken to protect ->signal/->sighand 256 * tasklist_lock is taken to walk process list for sessions 257 * ->siglock is taken to protect ->signal/->sighand 258 */ 259 void disassociate_ctty(int on_exit) 260 { 261 struct tty_struct *tty; 262 263 if (!current->signal->leader) 264 return; 265 266 tty = get_current_tty(); 267 if (tty) { 268 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) { 269 tty_vhangup_session(tty); 270 } else { 271 struct pid *tty_pgrp = tty_get_pgrp(tty); 272 if (tty_pgrp) { 273 kill_pgrp(tty_pgrp, SIGHUP, on_exit); 274 if (!on_exit) 275 kill_pgrp(tty_pgrp, SIGCONT, on_exit); 276 put_pid(tty_pgrp); 277 } 278 } 279 tty_kref_put(tty); 280 281 } else if (on_exit) { 282 struct pid *old_pgrp; 283 spin_lock_irq(¤t->sighand->siglock); 284 old_pgrp = current->signal->tty_old_pgrp; 285 current->signal->tty_old_pgrp = NULL; 286 spin_unlock_irq(¤t->sighand->siglock); 287 if (old_pgrp) { 288 kill_pgrp(old_pgrp, SIGHUP, on_exit); 289 kill_pgrp(old_pgrp, SIGCONT, on_exit); 290 put_pid(old_pgrp); 291 } 292 return; 293 } 294 295 spin_lock_irq(¤t->sighand->siglock); 296 put_pid(current->signal->tty_old_pgrp); 297 current->signal->tty_old_pgrp = NULL; 298 tty = tty_kref_get(current->signal->tty); 299 spin_unlock_irq(¤t->sighand->siglock); 300 301 if (tty) { 302 unsigned long flags; 303 304 tty_lock(tty); 305 spin_lock_irqsave(&tty->ctrl_lock, flags); 306 put_pid(tty->session); 307 put_pid(tty->pgrp); 308 tty->session = NULL; 309 tty->pgrp = NULL; 310 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 311 tty_unlock(tty); 312 tty_kref_put(tty); 313 } 314 315 /* Now clear signal->tty under the lock */ 316 read_lock(&tasklist_lock); 317 session_clear_tty(task_session(current)); 318 read_unlock(&tasklist_lock); 319 } 320 321 /* 322 * 323 * no_tty - Ensure the current process does not have a controlling tty 324 */ 325 void no_tty(void) 326 { 327 /* FIXME: Review locking here. The tty_lock never covered any race 328 between a new association and proc_clear_tty but possible we need 329 to protect against this anyway */ 330 struct task_struct *tsk = current; 331 disassociate_ctty(0); 332 proc_clear_tty(tsk); 333 } 334 335 /** 336 * tiocsctty - set controlling tty 337 * @tty: tty structure 338 * @file: file structure used to check permissions 339 * @arg: user argument 340 * 341 * This ioctl is used to manage job control. It permits a session 342 * leader to set this tty as the controlling tty for the session. 343 * 344 * Locking: 345 * Takes tty_lock() to serialize proc_set_tty() for this tty 346 * Takes tasklist_lock internally to walk sessions 347 * Takes ->siglock() when updating signal->tty 348 */ 349 static int tiocsctty(struct tty_struct *tty, struct file *file, int arg) 350 { 351 int ret = 0; 352 353 tty_lock(tty); 354 read_lock(&tasklist_lock); 355 356 if (current->signal->leader && (task_session(current) == tty->session)) 357 goto unlock; 358 359 /* 360 * The process must be a session leader and 361 * not have a controlling tty already. 362 */ 363 if (!current->signal->leader || current->signal->tty) { 364 ret = -EPERM; 365 goto unlock; 366 } 367 368 if (tty->session) { 369 /* 370 * This tty is already the controlling 371 * tty for another session group! 372 */ 373 if (arg == 1 && capable(CAP_SYS_ADMIN)) { 374 /* 375 * Steal it away 376 */ 377 session_clear_tty(tty->session); 378 } else { 379 ret = -EPERM; 380 goto unlock; 381 } 382 } 383 384 /* See the comment in tty_open_proc_set_tty(). */ 385 if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) { 386 ret = -EPERM; 387 goto unlock; 388 } 389 390 proc_set_tty(tty); 391 unlock: 392 read_unlock(&tasklist_lock); 393 tty_unlock(tty); 394 return ret; 395 } 396 397 /** 398 * tty_get_pgrp - return a ref counted pgrp pid 399 * @tty: tty to read 400 * 401 * Returns a refcounted instance of the pid struct for the process 402 * group controlling the tty. 403 */ 404 struct pid *tty_get_pgrp(struct tty_struct *tty) 405 { 406 unsigned long flags; 407 struct pid *pgrp; 408 409 spin_lock_irqsave(&tty->ctrl_lock, flags); 410 pgrp = get_pid(tty->pgrp); 411 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 412 413 return pgrp; 414 } 415 EXPORT_SYMBOL_GPL(tty_get_pgrp); 416 417 /* 418 * This checks not only the pgrp, but falls back on the pid if no 419 * satisfactory pgrp is found. I dunno - gdb doesn't work correctly 420 * without this... 421 * 422 * The caller must hold rcu lock or the tasklist lock. 423 */ 424 static struct pid *session_of_pgrp(struct pid *pgrp) 425 { 426 struct task_struct *p; 427 struct pid *sid = NULL; 428 429 p = pid_task(pgrp, PIDTYPE_PGID); 430 if (p == NULL) 431 p = pid_task(pgrp, PIDTYPE_PID); 432 if (p != NULL) 433 sid = task_session(p); 434 435 return sid; 436 } 437 438 /** 439 * tiocgpgrp - get process group 440 * @tty: tty passed by user 441 * @real_tty: tty side of the tty passed by the user if a pty else the tty 442 * @p: returned pid 443 * 444 * Obtain the process group of the tty. If there is no process group 445 * return an error. 446 * 447 * Locking: none. Reference to current->signal->tty is safe. 448 */ 449 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 450 { 451 struct pid *pid; 452 int ret; 453 /* 454 * (tty == real_tty) is a cheap way of 455 * testing if the tty is NOT a master pty. 456 */ 457 if (tty == real_tty && current->signal->tty != real_tty) 458 return -ENOTTY; 459 pid = tty_get_pgrp(real_tty); 460 ret = put_user(pid_vnr(pid), p); 461 put_pid(pid); 462 return ret; 463 } 464 465 /** 466 * tiocspgrp - attempt to set process group 467 * @tty: tty passed by user 468 * @real_tty: tty side device matching tty passed by user 469 * @p: pid pointer 470 * 471 * Set the process group of the tty to the session passed. Only 472 * permitted where the tty session is our session. 473 * 474 * Locking: RCU, ctrl lock 475 */ 476 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 477 { 478 struct pid *pgrp; 479 pid_t pgrp_nr; 480 int retval = tty_check_change(real_tty); 481 482 if (retval == -EIO) 483 return -ENOTTY; 484 if (retval) 485 return retval; 486 487 if (get_user(pgrp_nr, p)) 488 return -EFAULT; 489 if (pgrp_nr < 0) 490 return -EINVAL; 491 492 spin_lock_irq(&real_tty->ctrl_lock); 493 if (!current->signal->tty || 494 (current->signal->tty != real_tty) || 495 (real_tty->session != task_session(current))) { 496 retval = -ENOTTY; 497 goto out_unlock_ctrl; 498 } 499 rcu_read_lock(); 500 pgrp = find_vpid(pgrp_nr); 501 retval = -ESRCH; 502 if (!pgrp) 503 goto out_unlock; 504 retval = -EPERM; 505 if (session_of_pgrp(pgrp) != task_session(current)) 506 goto out_unlock; 507 retval = 0; 508 put_pid(real_tty->pgrp); 509 real_tty->pgrp = get_pid(pgrp); 510 out_unlock: 511 rcu_read_unlock(); 512 out_unlock_ctrl: 513 spin_unlock_irq(&real_tty->ctrl_lock); 514 return retval; 515 } 516 517 /** 518 * tiocgsid - get session id 519 * @tty: tty passed by user 520 * @real_tty: tty side of the tty passed by the user if a pty else the tty 521 * @p: pointer to returned session id 522 * 523 * Obtain the session id of the tty. If there is no session 524 * return an error. 525 */ 526 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 527 { 528 unsigned long flags; 529 pid_t sid; 530 531 /* 532 * (tty == real_tty) is a cheap way of 533 * testing if the tty is NOT a master pty. 534 */ 535 if (tty == real_tty && current->signal->tty != real_tty) 536 return -ENOTTY; 537 538 spin_lock_irqsave(&real_tty->ctrl_lock, flags); 539 if (!real_tty->session) 540 goto err; 541 sid = pid_vnr(real_tty->session); 542 spin_unlock_irqrestore(&real_tty->ctrl_lock, flags); 543 544 return put_user(sid, p); 545 546 err: 547 spin_unlock_irqrestore(&real_tty->ctrl_lock, flags); 548 return -ENOTTY; 549 } 550 551 /* 552 * Called from tty_ioctl(). If tty is a pty then real_tty is the slave side, 553 * if not then tty == real_tty. 554 */ 555 long tty_jobctrl_ioctl(struct tty_struct *tty, struct tty_struct *real_tty, 556 struct file *file, unsigned int cmd, unsigned long arg) 557 { 558 void __user *p = (void __user *)arg; 559 560 switch (cmd) { 561 case TIOCNOTTY: 562 if (current->signal->tty != tty) 563 return -ENOTTY; 564 no_tty(); 565 return 0; 566 case TIOCSCTTY: 567 return tiocsctty(real_tty, file, arg); 568 case TIOCGPGRP: 569 return tiocgpgrp(tty, real_tty, p); 570 case TIOCSPGRP: 571 return tiocspgrp(tty, real_tty, p); 572 case TIOCGSID: 573 return tiocgsid(tty, real_tty, p); 574 } 575 return -ENOIOCTLCMD; 576 } 577