1 /* 2 * Copyright (C) 1991, 1992 Linus Torvalds 3 */ 4 5 #include <linux/types.h> 6 #include <linux/errno.h> 7 #include <linux/signal.h> 8 #include <linux/sched/signal.h> 9 #include <linux/sched/task.h> 10 #include <linux/tty.h> 11 #include <linux/fcntl.h> 12 #include <linux/uaccess.h> 13 14 static int is_ignored(int sig) 15 { 16 return (sigismember(¤t->blocked, sig) || 17 current->sighand->action[sig-1].sa.sa_handler == SIG_IGN); 18 } 19 20 /** 21 * tty_check_change - check for POSIX terminal changes 22 * @tty: tty to check 23 * 24 * If we try to write to, or set the state of, a terminal and we're 25 * not in the foreground, send a SIGTTOU. If the signal is blocked or 26 * ignored, go ahead and perform the operation. (POSIX 7.2) 27 * 28 * Locking: ctrl_lock 29 */ 30 int __tty_check_change(struct tty_struct *tty, int sig) 31 { 32 unsigned long flags; 33 struct pid *pgrp, *tty_pgrp; 34 int ret = 0; 35 36 if (current->signal->tty != tty) 37 return 0; 38 39 rcu_read_lock(); 40 pgrp = task_pgrp(current); 41 42 spin_lock_irqsave(&tty->ctrl_lock, flags); 43 tty_pgrp = tty->pgrp; 44 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 45 46 if (tty_pgrp && pgrp != tty->pgrp) { 47 if (is_ignored(sig)) { 48 if (sig == SIGTTIN) 49 ret = -EIO; 50 } else if (is_current_pgrp_orphaned()) 51 ret = -EIO; 52 else { 53 kill_pgrp(pgrp, sig, 1); 54 set_thread_flag(TIF_SIGPENDING); 55 ret = -ERESTARTSYS; 56 } 57 } 58 rcu_read_unlock(); 59 60 if (!tty_pgrp) 61 tty_warn(tty, "sig=%d, tty->pgrp == NULL!\n", sig); 62 63 return ret; 64 } 65 66 int tty_check_change(struct tty_struct *tty) 67 { 68 return __tty_check_change(tty, SIGTTOU); 69 } 70 EXPORT_SYMBOL(tty_check_change); 71 72 void proc_clear_tty(struct task_struct *p) 73 { 74 unsigned long flags; 75 struct tty_struct *tty; 76 spin_lock_irqsave(&p->sighand->siglock, flags); 77 tty = p->signal->tty; 78 p->signal->tty = NULL; 79 spin_unlock_irqrestore(&p->sighand->siglock, flags); 80 tty_kref_put(tty); 81 } 82 83 /** 84 * proc_set_tty - set the controlling terminal 85 * 86 * Only callable by the session leader and only if it does not already have 87 * a controlling terminal. 88 * 89 * Caller must hold: tty_lock() 90 * a readlock on tasklist_lock 91 * sighand lock 92 */ 93 static void __proc_set_tty(struct tty_struct *tty) 94 { 95 unsigned long flags; 96 97 spin_lock_irqsave(&tty->ctrl_lock, flags); 98 /* 99 * The session and fg pgrp references will be non-NULL if 100 * tiocsctty() is stealing the controlling tty 101 */ 102 put_pid(tty->session); 103 put_pid(tty->pgrp); 104 tty->pgrp = get_pid(task_pgrp(current)); 105 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 106 tty->session = get_pid(task_session(current)); 107 if (current->signal->tty) { 108 tty_debug(tty, "current tty %s not NULL!!\n", 109 current->signal->tty->name); 110 tty_kref_put(current->signal->tty); 111 } 112 put_pid(current->signal->tty_old_pgrp); 113 current->signal->tty = tty_kref_get(tty); 114 current->signal->tty_old_pgrp = NULL; 115 } 116 117 static void proc_set_tty(struct tty_struct *tty) 118 { 119 spin_lock_irq(¤t->sighand->siglock); 120 __proc_set_tty(tty); 121 spin_unlock_irq(¤t->sighand->siglock); 122 } 123 124 /* 125 * Called by tty_open() to set the controlling tty if applicable. 126 */ 127 void tty_open_proc_set_tty(struct file *filp, struct tty_struct *tty) 128 { 129 read_lock(&tasklist_lock); 130 spin_lock_irq(¤t->sighand->siglock); 131 if (current->signal->leader && 132 !current->signal->tty && 133 tty->session == NULL) { 134 /* 135 * Don't let a process that only has write access to the tty 136 * obtain the privileges associated with having a tty as 137 * controlling terminal (being able to reopen it with full 138 * access through /dev/tty, being able to perform pushback). 139 * Many distributions set the group of all ttys to "tty" and 140 * grant write-only access to all terminals for setgid tty 141 * binaries, which should not imply full privileges on all ttys. 142 * 143 * This could theoretically break old code that performs open() 144 * on a write-only file descriptor. In that case, it might be 145 * necessary to also permit this if 146 * inode_permission(inode, MAY_READ) == 0. 147 */ 148 if (filp->f_mode & FMODE_READ) 149 __proc_set_tty(tty); 150 } 151 spin_unlock_irq(¤t->sighand->siglock); 152 read_unlock(&tasklist_lock); 153 } 154 155 struct tty_struct *get_current_tty(void) 156 { 157 struct tty_struct *tty; 158 unsigned long flags; 159 160 spin_lock_irqsave(¤t->sighand->siglock, flags); 161 tty = tty_kref_get(current->signal->tty); 162 spin_unlock_irqrestore(¤t->sighand->siglock, flags); 163 return tty; 164 } 165 EXPORT_SYMBOL_GPL(get_current_tty); 166 167 /* 168 * Called from tty_release(). 169 */ 170 void session_clear_tty(struct pid *session) 171 { 172 struct task_struct *p; 173 do_each_pid_task(session, PIDTYPE_SID, p) { 174 proc_clear_tty(p); 175 } while_each_pid_task(session, PIDTYPE_SID, p); 176 } 177 178 /** 179 * tty_signal_session_leader - sends SIGHUP to session leader 180 * @tty controlling tty 181 * @exit_session if non-zero, signal all foreground group processes 182 * 183 * Send SIGHUP and SIGCONT to the session leader and its process group. 184 * Optionally, signal all processes in the foreground process group. 185 * 186 * Returns the number of processes in the session with this tty 187 * as their controlling terminal. This value is used to drop 188 * tty references for those processes. 189 */ 190 int tty_signal_session_leader(struct tty_struct *tty, int exit_session) 191 { 192 struct task_struct *p; 193 int refs = 0; 194 struct pid *tty_pgrp = NULL; 195 196 read_lock(&tasklist_lock); 197 if (tty->session) { 198 do_each_pid_task(tty->session, PIDTYPE_SID, p) { 199 spin_lock_irq(&p->sighand->siglock); 200 if (p->signal->tty == tty) { 201 p->signal->tty = NULL; 202 /* We defer the dereferences outside fo 203 the tasklist lock */ 204 refs++; 205 } 206 if (!p->signal->leader) { 207 spin_unlock_irq(&p->sighand->siglock); 208 continue; 209 } 210 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p); 211 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p); 212 put_pid(p->signal->tty_old_pgrp); /* A noop */ 213 spin_lock(&tty->ctrl_lock); 214 tty_pgrp = get_pid(tty->pgrp); 215 if (tty->pgrp) 216 p->signal->tty_old_pgrp = get_pid(tty->pgrp); 217 spin_unlock(&tty->ctrl_lock); 218 spin_unlock_irq(&p->sighand->siglock); 219 } while_each_pid_task(tty->session, PIDTYPE_SID, p); 220 } 221 read_unlock(&tasklist_lock); 222 223 if (tty_pgrp) { 224 if (exit_session) 225 kill_pgrp(tty_pgrp, SIGHUP, exit_session); 226 put_pid(tty_pgrp); 227 } 228 229 return refs; 230 } 231 232 /** 233 * disassociate_ctty - disconnect controlling tty 234 * @on_exit: true if exiting so need to "hang up" the session 235 * 236 * This function is typically called only by the session leader, when 237 * it wants to disassociate itself from its controlling tty. 238 * 239 * It performs the following functions: 240 * (1) Sends a SIGHUP and SIGCONT to the foreground process group 241 * (2) Clears the tty from being controlling the session 242 * (3) Clears the controlling tty for all processes in the 243 * session group. 244 * 245 * The argument on_exit is set to 1 if called when a process is 246 * exiting; it is 0 if called by the ioctl TIOCNOTTY. 247 * 248 * Locking: 249 * BTM is taken for hysterical raisons, and held when 250 * called from no_tty(). 251 * tty_mutex is taken to protect tty 252 * ->siglock is taken to protect ->signal/->sighand 253 * tasklist_lock is taken to walk process list for sessions 254 * ->siglock is taken to protect ->signal/->sighand 255 */ 256 void disassociate_ctty(int on_exit) 257 { 258 struct tty_struct *tty; 259 260 if (!current->signal->leader) 261 return; 262 263 tty = get_current_tty(); 264 if (tty) { 265 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) { 266 tty_vhangup_session(tty); 267 } else { 268 struct pid *tty_pgrp = tty_get_pgrp(tty); 269 if (tty_pgrp) { 270 kill_pgrp(tty_pgrp, SIGHUP, on_exit); 271 if (!on_exit) 272 kill_pgrp(tty_pgrp, SIGCONT, on_exit); 273 put_pid(tty_pgrp); 274 } 275 } 276 tty_kref_put(tty); 277 278 } else if (on_exit) { 279 struct pid *old_pgrp; 280 spin_lock_irq(¤t->sighand->siglock); 281 old_pgrp = current->signal->tty_old_pgrp; 282 current->signal->tty_old_pgrp = NULL; 283 spin_unlock_irq(¤t->sighand->siglock); 284 if (old_pgrp) { 285 kill_pgrp(old_pgrp, SIGHUP, on_exit); 286 kill_pgrp(old_pgrp, SIGCONT, on_exit); 287 put_pid(old_pgrp); 288 } 289 return; 290 } 291 292 spin_lock_irq(¤t->sighand->siglock); 293 put_pid(current->signal->tty_old_pgrp); 294 current->signal->tty_old_pgrp = NULL; 295 296 tty = tty_kref_get(current->signal->tty); 297 if (tty) { 298 unsigned long flags; 299 spin_lock_irqsave(&tty->ctrl_lock, flags); 300 put_pid(tty->session); 301 put_pid(tty->pgrp); 302 tty->session = NULL; 303 tty->pgrp = NULL; 304 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 305 tty_kref_put(tty); 306 } 307 308 spin_unlock_irq(¤t->sighand->siglock); 309 /* Now clear signal->tty under the lock */ 310 read_lock(&tasklist_lock); 311 session_clear_tty(task_session(current)); 312 read_unlock(&tasklist_lock); 313 } 314 315 /** 316 * 317 * no_tty - Ensure the current process does not have a controlling tty 318 */ 319 void no_tty(void) 320 { 321 /* FIXME: Review locking here. The tty_lock never covered any race 322 between a new association and proc_clear_tty but possible we need 323 to protect against this anyway */ 324 struct task_struct *tsk = current; 325 disassociate_ctty(0); 326 proc_clear_tty(tsk); 327 } 328 329 /** 330 * tiocsctty - set controlling tty 331 * @tty: tty structure 332 * @arg: user argument 333 * 334 * This ioctl is used to manage job control. It permits a session 335 * leader to set this tty as the controlling tty for the session. 336 * 337 * Locking: 338 * Takes tty_lock() to serialize proc_set_tty() for this tty 339 * Takes tasklist_lock internally to walk sessions 340 * Takes ->siglock() when updating signal->tty 341 */ 342 static int tiocsctty(struct tty_struct *tty, struct file *file, int arg) 343 { 344 int ret = 0; 345 346 tty_lock(tty); 347 read_lock(&tasklist_lock); 348 349 if (current->signal->leader && (task_session(current) == tty->session)) 350 goto unlock; 351 352 /* 353 * The process must be a session leader and 354 * not have a controlling tty already. 355 */ 356 if (!current->signal->leader || current->signal->tty) { 357 ret = -EPERM; 358 goto unlock; 359 } 360 361 if (tty->session) { 362 /* 363 * This tty is already the controlling 364 * tty for another session group! 365 */ 366 if (arg == 1 && capable(CAP_SYS_ADMIN)) { 367 /* 368 * Steal it away 369 */ 370 session_clear_tty(tty->session); 371 } else { 372 ret = -EPERM; 373 goto unlock; 374 } 375 } 376 377 /* See the comment in tty_open_proc_set_tty(). */ 378 if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) { 379 ret = -EPERM; 380 goto unlock; 381 } 382 383 proc_set_tty(tty); 384 unlock: 385 read_unlock(&tasklist_lock); 386 tty_unlock(tty); 387 return ret; 388 } 389 390 /** 391 * tty_get_pgrp - return a ref counted pgrp pid 392 * @tty: tty to read 393 * 394 * Returns a refcounted instance of the pid struct for the process 395 * group controlling the tty. 396 */ 397 struct pid *tty_get_pgrp(struct tty_struct *tty) 398 { 399 unsigned long flags; 400 struct pid *pgrp; 401 402 spin_lock_irqsave(&tty->ctrl_lock, flags); 403 pgrp = get_pid(tty->pgrp); 404 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 405 406 return pgrp; 407 } 408 EXPORT_SYMBOL_GPL(tty_get_pgrp); 409 410 /* 411 * This checks not only the pgrp, but falls back on the pid if no 412 * satisfactory pgrp is found. I dunno - gdb doesn't work correctly 413 * without this... 414 * 415 * The caller must hold rcu lock or the tasklist lock. 416 */ 417 static struct pid *session_of_pgrp(struct pid *pgrp) 418 { 419 struct task_struct *p; 420 struct pid *sid = NULL; 421 422 p = pid_task(pgrp, PIDTYPE_PGID); 423 if (p == NULL) 424 p = pid_task(pgrp, PIDTYPE_PID); 425 if (p != NULL) 426 sid = task_session(p); 427 428 return sid; 429 } 430 431 /** 432 * tiocgpgrp - get process group 433 * @tty: tty passed by user 434 * @real_tty: tty side of the tty passed by the user if a pty else the tty 435 * @p: returned pid 436 * 437 * Obtain the process group of the tty. If there is no process group 438 * return an error. 439 * 440 * Locking: none. Reference to current->signal->tty is safe. 441 */ 442 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 443 { 444 struct pid *pid; 445 int ret; 446 /* 447 * (tty == real_tty) is a cheap way of 448 * testing if the tty is NOT a master pty. 449 */ 450 if (tty == real_tty && current->signal->tty != real_tty) 451 return -ENOTTY; 452 pid = tty_get_pgrp(real_tty); 453 ret = put_user(pid_vnr(pid), p); 454 put_pid(pid); 455 return ret; 456 } 457 458 /** 459 * tiocspgrp - attempt to set process group 460 * @tty: tty passed by user 461 * @real_tty: tty side device matching tty passed by user 462 * @p: pid pointer 463 * 464 * Set the process group of the tty to the session passed. Only 465 * permitted where the tty session is our session. 466 * 467 * Locking: RCU, ctrl lock 468 */ 469 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 470 { 471 struct pid *pgrp; 472 pid_t pgrp_nr; 473 int retval = tty_check_change(real_tty); 474 475 if (retval == -EIO) 476 return -ENOTTY; 477 if (retval) 478 return retval; 479 if (!current->signal->tty || 480 (current->signal->tty != real_tty) || 481 (real_tty->session != task_session(current))) 482 return -ENOTTY; 483 if (get_user(pgrp_nr, p)) 484 return -EFAULT; 485 if (pgrp_nr < 0) 486 return -EINVAL; 487 rcu_read_lock(); 488 pgrp = find_vpid(pgrp_nr); 489 retval = -ESRCH; 490 if (!pgrp) 491 goto out_unlock; 492 retval = -EPERM; 493 if (session_of_pgrp(pgrp) != task_session(current)) 494 goto out_unlock; 495 retval = 0; 496 spin_lock_irq(&tty->ctrl_lock); 497 put_pid(real_tty->pgrp); 498 real_tty->pgrp = get_pid(pgrp); 499 spin_unlock_irq(&tty->ctrl_lock); 500 out_unlock: 501 rcu_read_unlock(); 502 return retval; 503 } 504 505 /** 506 * tiocgsid - get session id 507 * @tty: tty passed by user 508 * @real_tty: tty side of the tty passed by the user if a pty else the tty 509 * @p: pointer to returned session id 510 * 511 * Obtain the session id of the tty. If there is no session 512 * return an error. 513 * 514 * Locking: none. Reference to current->signal->tty is safe. 515 */ 516 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 517 { 518 /* 519 * (tty == real_tty) is a cheap way of 520 * testing if the tty is NOT a master pty. 521 */ 522 if (tty == real_tty && current->signal->tty != real_tty) 523 return -ENOTTY; 524 if (!real_tty->session) 525 return -ENOTTY; 526 return put_user(pid_vnr(real_tty->session), p); 527 } 528 529 /* 530 * Called from tty_ioctl(). If tty is a pty then real_tty is the slave side, 531 * if not then tty == real_tty. 532 */ 533 long tty_jobctrl_ioctl(struct tty_struct *tty, struct tty_struct *real_tty, 534 struct file *file, unsigned int cmd, unsigned long arg) 535 { 536 void __user *p = (void __user *)arg; 537 538 switch (cmd) { 539 case TIOCNOTTY: 540 if (current->signal->tty != tty) 541 return -ENOTTY; 542 no_tty(); 543 return 0; 544 case TIOCSCTTY: 545 return tiocsctty(real_tty, file, arg); 546 case TIOCGPGRP: 547 return tiocgpgrp(tty, real_tty, p); 548 case TIOCSPGRP: 549 return tiocspgrp(tty, real_tty, p); 550 case TIOCGSID: 551 return tiocgsid(tty, real_tty, p); 552 } 553 return -ENOIOCTLCMD; 554 } 555