1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Copyright (C) 1991, 1992 Linus Torvalds 4 */ 5 6#include <linux/types.h> 7#include <linux/errno.h> 8#include <linux/signal.h> 9#include <linux/sched/signal.h> 10#include <linux/sched/task.h> 11#include <linux/tty.h> 12#include <linux/fcntl.h> 13#include <linux/uaccess.h> 14#include "tty.h" 15 16static int is_ignored(int sig) 17{ 18 return (sigismember(¤t->blocked, sig) || 19 current->sighand->action[sig-1].sa.sa_handler == SIG_IGN); 20} 21 22/** 23 * tty_check_change - check for POSIX terminal changes 24 * @tty: tty to check 25 * 26 * If we try to write to, or set the state of, a terminal and we're 27 * not in the foreground, send a SIGTTOU. If the signal is blocked or 28 * ignored, go ahead and perform the operation. (POSIX 7.2) 29 * 30 * Locking: ctrl_lock 31 */ 32int __tty_check_change(struct tty_struct *tty, int sig) 33{ 34 unsigned long flags; 35 struct pid *pgrp, *tty_pgrp; 36 int ret = 0; 37 38 if (current->signal->tty != tty) 39 return 0; 40 41 rcu_read_lock(); 42 pgrp = task_pgrp(current); 43 44 spin_lock_irqsave(&tty->ctrl_lock, flags); 45 tty_pgrp = tty->pgrp; 46 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 47 48 if (tty_pgrp && pgrp != tty_pgrp) { 49 if (is_ignored(sig)) { 50 if (sig == SIGTTIN) 51 ret = -EIO; 52 } else if (is_current_pgrp_orphaned()) 53 ret = -EIO; 54 else { 55 kill_pgrp(pgrp, sig, 1); 56 set_thread_flag(TIF_SIGPENDING); 57 ret = -ERESTARTSYS; 58 } 59 } 60 rcu_read_unlock(); 61 62 if (!tty_pgrp) 63 tty_warn(tty, "sig=%d, tty->pgrp == NULL!\n", sig); 64 65 return ret; 66} 67 68int tty_check_change(struct tty_struct *tty) 69{ 70 return __tty_check_change(tty, SIGTTOU); 71} 72EXPORT_SYMBOL(tty_check_change); 73 74void proc_clear_tty(struct task_struct *p) 75{ 76 unsigned long flags; 77 struct tty_struct *tty; 78 spin_lock_irqsave(&p->sighand->siglock, flags); 79 tty = p->signal->tty; 80 p->signal->tty = NULL; 81 spin_unlock_irqrestore(&p->sighand->siglock, flags); 82 tty_kref_put(tty); 83} 84 85/** 86 * proc_set_tty - set the controlling terminal 87 * 88 * Only callable by the session leader and only if it does not already have 89 * a controlling terminal. 90 * 91 * Caller must hold: tty_lock() 92 * a readlock on tasklist_lock 93 * sighand lock 94 */ 95static void __proc_set_tty(struct tty_struct *tty) 96{ 97 unsigned long flags; 98 99 spin_lock_irqsave(&tty->ctrl_lock, flags); 100 /* 101 * The session and fg pgrp references will be non-NULL if 102 * tiocsctty() is stealing the controlling tty 103 */ 104 put_pid(tty->session); 105 put_pid(tty->pgrp); 106 tty->pgrp = get_pid(task_pgrp(current)); 107 tty->session = get_pid(task_session(current)); 108 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 109 if (current->signal->tty) { 110 tty_debug(tty, "current tty %s not NULL!!\n", 111 current->signal->tty->name); 112 tty_kref_put(current->signal->tty); 113 } 114 put_pid(current->signal->tty_old_pgrp); 115 current->signal->tty = tty_kref_get(tty); 116 current->signal->tty_old_pgrp = NULL; 117} 118 119static void proc_set_tty(struct tty_struct *tty) 120{ 121 spin_lock_irq(¤t->sighand->siglock); 122 __proc_set_tty(tty); 123 spin_unlock_irq(¤t->sighand->siglock); 124} 125 126/* 127 * Called by tty_open() to set the controlling tty if applicable. 128 */ 129void tty_open_proc_set_tty(struct file *filp, struct tty_struct *tty) 130{ 131 read_lock(&tasklist_lock); 132 spin_lock_irq(¤t->sighand->siglock); 133 if (current->signal->leader && 134 !current->signal->tty && 135 tty->session == NULL) { 136 /* 137 * Don't let a process that only has write access to the tty 138 * obtain the privileges associated with having a tty as 139 * controlling terminal (being able to reopen it with full 140 * access through /dev/tty, being able to perform pushback). 141 * Many distributions set the group of all ttys to "tty" and 142 * grant write-only access to all terminals for setgid tty 143 * binaries, which should not imply full privileges on all ttys. 144 * 145 * This could theoretically break old code that performs open() 146 * on a write-only file descriptor. In that case, it might be 147 * necessary to also permit this if 148 * inode_permission(inode, MAY_READ) == 0. 149 */ 150 if (filp->f_mode & FMODE_READ) 151 __proc_set_tty(tty); 152 } 153 spin_unlock_irq(¤t->sighand->siglock); 154 read_unlock(&tasklist_lock); 155} 156 157struct tty_struct *get_current_tty(void) 158{ 159 struct tty_struct *tty; 160 unsigned long flags; 161 162 spin_lock_irqsave(¤t->sighand->siglock, flags); 163 tty = tty_kref_get(current->signal->tty); 164 spin_unlock_irqrestore(¤t->sighand->siglock, flags); 165 return tty; 166} 167EXPORT_SYMBOL_GPL(get_current_tty); 168 169/* 170 * Called from tty_release(). 171 */ 172void session_clear_tty(struct pid *session) 173{ 174 struct task_struct *p; 175 do_each_pid_task(session, PIDTYPE_SID, p) { 176 proc_clear_tty(p); 177 } while_each_pid_task(session, PIDTYPE_SID, p); 178} 179 180/** 181 * tty_signal_session_leader - sends SIGHUP to session leader 182 * @tty: controlling tty 183 * @exit_session: if non-zero, signal all foreground group processes 184 * 185 * Send SIGHUP and SIGCONT to the session leader and its process group. 186 * Optionally, signal all processes in the foreground process group. 187 * 188 * Returns the number of processes in the session with this tty 189 * as their controlling terminal. This value is used to drop 190 * tty references for those processes. 191 */ 192int tty_signal_session_leader(struct tty_struct *tty, int exit_session) 193{ 194 struct task_struct *p; 195 int refs = 0; 196 struct pid *tty_pgrp = NULL; 197 198 read_lock(&tasklist_lock); 199 if (tty->session) { 200 do_each_pid_task(tty->session, PIDTYPE_SID, p) { 201 spin_lock_irq(&p->sighand->siglock); 202 if (p->signal->tty == tty) { 203 p->signal->tty = NULL; 204 /* We defer the dereferences outside fo 205 the tasklist lock */ 206 refs++; 207 } 208 if (!p->signal->leader) { 209 spin_unlock_irq(&p->sighand->siglock); 210 continue; 211 } 212 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p); 213 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p); 214 put_pid(p->signal->tty_old_pgrp); /* A noop */ 215 spin_lock(&tty->ctrl_lock); 216 tty_pgrp = get_pid(tty->pgrp); 217 if (tty->pgrp) 218 p->signal->tty_old_pgrp = get_pid(tty->pgrp); 219 spin_unlock(&tty->ctrl_lock); 220 spin_unlock_irq(&p->sighand->siglock); 221 } while_each_pid_task(tty->session, PIDTYPE_SID, p); 222 } 223 read_unlock(&tasklist_lock); 224 225 if (tty_pgrp) { 226 if (exit_session) 227 kill_pgrp(tty_pgrp, SIGHUP, exit_session); 228 put_pid(tty_pgrp); 229 } 230 231 return refs; 232} 233 234/** 235 * disassociate_ctty - disconnect controlling tty 236 * @on_exit: true if exiting so need to "hang up" the session 237 * 238 * This function is typically called only by the session leader, when 239 * it wants to disassociate itself from its controlling tty. 240 * 241 * It performs the following functions: 242 * (1) Sends a SIGHUP and SIGCONT to the foreground process group 243 * (2) Clears the tty from being controlling the session 244 * (3) Clears the controlling tty for all processes in the 245 * session group. 246 * 247 * The argument on_exit is set to 1 if called when a process is 248 * exiting; it is 0 if called by the ioctl TIOCNOTTY. 249 * 250 * Locking: 251 * BTM is taken for hysterical raisons, and held when 252 * called from no_tty(). 253 * tty_mutex is taken to protect tty 254 * ->siglock is taken to protect ->signal/->sighand 255 * tasklist_lock is taken to walk process list for sessions 256 * ->siglock is taken to protect ->signal/->sighand 257 */ 258void disassociate_ctty(int on_exit) 259{ 260 struct tty_struct *tty; 261 262 if (!current->signal->leader) 263 return; 264 265 tty = get_current_tty(); 266 if (tty) { 267 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) { 268 tty_vhangup_session(tty); 269 } else { 270 struct pid *tty_pgrp = tty_get_pgrp(tty); 271 if (tty_pgrp) { 272 kill_pgrp(tty_pgrp, SIGHUP, on_exit); 273 if (!on_exit) 274 kill_pgrp(tty_pgrp, SIGCONT, on_exit); 275 put_pid(tty_pgrp); 276 } 277 } 278 tty_kref_put(tty); 279 280 } else if (on_exit) { 281 struct pid *old_pgrp; 282 spin_lock_irq(¤t->sighand->siglock); 283 old_pgrp = current->signal->tty_old_pgrp; 284 current->signal->tty_old_pgrp = NULL; 285 spin_unlock_irq(¤t->sighand->siglock); 286 if (old_pgrp) { 287 kill_pgrp(old_pgrp, SIGHUP, on_exit); 288 kill_pgrp(old_pgrp, SIGCONT, on_exit); 289 put_pid(old_pgrp); 290 } 291 return; 292 } 293 294 tty = get_current_tty(); 295 if (tty) { 296 unsigned long flags; 297 298 tty_lock(tty); 299 spin_lock_irqsave(&tty->ctrl_lock, flags); 300 put_pid(tty->session); 301 put_pid(tty->pgrp); 302 tty->session = NULL; 303 tty->pgrp = NULL; 304 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 305 tty_unlock(tty); 306 tty_kref_put(tty); 307 } 308 309 /* If tty->ctrl.pgrp is not NULL, it may be assigned to 310 * current->signal->tty_old_pgrp in a race condition, and 311 * cause pid memleak. Release current->signal->tty_old_pgrp 312 * after tty->ctrl.pgrp set to NULL. 313 */ 314 spin_lock_irq(¤t->sighand->siglock); 315 put_pid(current->signal->tty_old_pgrp); 316 current->signal->tty_old_pgrp = NULL; 317 spin_unlock_irq(¤t->sighand->siglock); 318 319 /* Now clear signal->tty under the lock */ 320 read_lock(&tasklist_lock); 321 session_clear_tty(task_session(current)); 322 read_unlock(&tasklist_lock); 323} 324 325/* 326 * 327 * no_tty - Ensure the current process does not have a controlling tty 328 */ 329void no_tty(void) 330{ 331 /* FIXME: Review locking here. The tty_lock never covered any race 332 between a new association and proc_clear_tty but possible we need 333 to protect against this anyway */ 334 struct task_struct *tsk = current; 335 disassociate_ctty(0); 336 proc_clear_tty(tsk); 337} 338 339/** 340 * tiocsctty - set controlling tty 341 * @tty: tty structure 342 * @arg: user argument 343 * 344 * This ioctl is used to manage job control. It permits a session 345 * leader to set this tty as the controlling tty for the session. 346 * 347 * Locking: 348 * Takes tty_lock() to serialize proc_set_tty() for this tty 349 * Takes tasklist_lock internally to walk sessions 350 * Takes ->siglock() when updating signal->tty 351 */ 352static int tiocsctty(struct tty_struct *tty, struct file *file, int arg) 353{ 354 int ret = 0; 355 356 tty_lock(tty); 357 read_lock(&tasklist_lock); 358 359 if (current->signal->leader && (task_session(current) == tty->session)) 360 goto unlock; 361 362 /* 363 * The process must be a session leader and 364 * not have a controlling tty already. 365 */ 366 if (!current->signal->leader || current->signal->tty) { 367 ret = -EPERM; 368 goto unlock; 369 } 370 371 if (tty->session) { 372 /* 373 * This tty is already the controlling 374 * tty for another session group! 375 */ 376 if (arg == 1 && capable(CAP_SYS_ADMIN)) { 377 /* 378 * Steal it away 379 */ 380 session_clear_tty(tty->session); 381 } else { 382 ret = -EPERM; 383 goto unlock; 384 } 385 } 386 387 /* See the comment in tty_open_proc_set_tty(). */ 388 if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) { 389 ret = -EPERM; 390 goto unlock; 391 } 392 393 proc_set_tty(tty); 394unlock: 395 read_unlock(&tasklist_lock); 396 tty_unlock(tty); 397 return ret; 398} 399 400/** 401 * tty_get_pgrp - return a ref counted pgrp pid 402 * @tty: tty to read 403 * 404 * Returns a refcounted instance of the pid struct for the process 405 * group controlling the tty. 406 */ 407struct pid *tty_get_pgrp(struct tty_struct *tty) 408{ 409 unsigned long flags; 410 struct pid *pgrp; 411 412 spin_lock_irqsave(&tty->ctrl_lock, flags); 413 pgrp = get_pid(tty->pgrp); 414 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 415 416 return pgrp; 417} 418EXPORT_SYMBOL_GPL(tty_get_pgrp); 419 420/* 421 * This checks not only the pgrp, but falls back on the pid if no 422 * satisfactory pgrp is found. I dunno - gdb doesn't work correctly 423 * without this... 424 * 425 * The caller must hold rcu lock or the tasklist lock. 426 */ 427static struct pid *session_of_pgrp(struct pid *pgrp) 428{ 429 struct task_struct *p; 430 struct pid *sid = NULL; 431 432 p = pid_task(pgrp, PIDTYPE_PGID); 433 if (p == NULL) 434 p = pid_task(pgrp, PIDTYPE_PID); 435 if (p != NULL) 436 sid = task_session(p); 437 438 return sid; 439} 440 441/** 442 * tiocgpgrp - get process group 443 * @tty: tty passed by user 444 * @real_tty: tty side of the tty passed by the user if a pty else the tty 445 * @p: returned pid 446 * 447 * Obtain the process group of the tty. If there is no process group 448 * return an error. 449 * 450 * Locking: none. Reference to current->signal->tty is safe. 451 */ 452static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 453{ 454 struct pid *pid; 455 int ret; 456 /* 457 * (tty == real_tty) is a cheap way of 458 * testing if the tty is NOT a master pty. 459 */ 460 if (tty == real_tty && current->signal->tty != real_tty) 461 return -ENOTTY; 462 pid = tty_get_pgrp(real_tty); 463 ret = put_user(pid_vnr(pid), p); 464 put_pid(pid); 465 return ret; 466} 467 468/** 469 * tiocspgrp - attempt to set process group 470 * @tty: tty passed by user 471 * @real_tty: tty side device matching tty passed by user 472 * @p: pid pointer 473 * 474 * Set the process group of the tty to the session passed. Only 475 * permitted where the tty session is our session. 476 * 477 * Locking: RCU, ctrl lock 478 */ 479static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 480{ 481 struct pid *pgrp; 482 pid_t pgrp_nr; 483 int retval = tty_check_change(real_tty); 484 485 if (retval == -EIO) 486 return -ENOTTY; 487 if (retval) 488 return retval; 489 490 if (get_user(pgrp_nr, p)) 491 return -EFAULT; 492 if (pgrp_nr < 0) 493 return -EINVAL; 494 495 spin_lock_irq(&real_tty->ctrl_lock); 496 if (!current->signal->tty || 497 (current->signal->tty != real_tty) || 498 (real_tty->session != task_session(current))) { 499 retval = -ENOTTY; 500 goto out_unlock_ctrl; 501 } 502 rcu_read_lock(); 503 pgrp = find_vpid(pgrp_nr); 504 retval = -ESRCH; 505 if (!pgrp) 506 goto out_unlock; 507 retval = -EPERM; 508 if (session_of_pgrp(pgrp) != task_session(current)) 509 goto out_unlock; 510 retval = 0; 511 put_pid(real_tty->pgrp); 512 real_tty->pgrp = get_pid(pgrp); 513out_unlock: 514 rcu_read_unlock(); 515out_unlock_ctrl: 516 spin_unlock_irq(&real_tty->ctrl_lock); 517 return retval; 518} 519 520/** 521 * tiocgsid - get session id 522 * @tty: tty passed by user 523 * @real_tty: tty side of the tty passed by the user if a pty else the tty 524 * @p: pointer to returned session id 525 * 526 * Obtain the session id of the tty. If there is no session 527 * return an error. 528 */ 529static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 530{ 531 unsigned long flags; 532 pid_t sid; 533 534 /* 535 * (tty == real_tty) is a cheap way of 536 * testing if the tty is NOT a master pty. 537 */ 538 if (tty == real_tty && current->signal->tty != real_tty) 539 return -ENOTTY; 540 541 spin_lock_irqsave(&real_tty->ctrl_lock, flags); 542 if (!real_tty->session) 543 goto err; 544 sid = pid_vnr(real_tty->session); 545 spin_unlock_irqrestore(&real_tty->ctrl_lock, flags); 546 547 return put_user(sid, p); 548 549err: 550 spin_unlock_irqrestore(&real_tty->ctrl_lock, flags); 551 return -ENOTTY; 552} 553 554/* 555 * Called from tty_ioctl(). If tty is a pty then real_tty is the slave side, 556 * if not then tty == real_tty. 557 */ 558long tty_jobctrl_ioctl(struct tty_struct *tty, struct tty_struct *real_tty, 559 struct file *file, unsigned int cmd, unsigned long arg) 560{ 561 void __user *p = (void __user *)arg; 562 563 switch (cmd) { 564 case TIOCNOTTY: 565 if (current->signal->tty != tty) 566 return -ENOTTY; 567 no_tty(); 568 return 0; 569 case TIOCSCTTY: 570 return tiocsctty(real_tty, file, arg); 571 case TIOCGPGRP: 572 return tiocgpgrp(tty, real_tty, p); 573 case TIOCSPGRP: 574 return tiocspgrp(tty, real_tty, p); 575 case TIOCGSID: 576 return tiocgsid(tty, real_tty, p); 577 } 578 return -ENOIOCTLCMD; 579} 580