1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (C) 1991, 1992 Linus Torvalds
4 */
5
6#include <linux/types.h>
7#include <linux/errno.h>
8#include <linux/signal.h>
9#include <linux/sched/signal.h>
10#include <linux/sched/task.h>
11#include <linux/tty.h>
12#include <linux/fcntl.h>
13#include <linux/uaccess.h>
14
15static int is_ignored(int sig)
16{
17 return (sigismember(&current->blocked, sig) ||
18 current->sighand->action[sig-1].sa.sa_handler == SIG_IGN);
19}
20
21/**
22 * tty_check_change - check for POSIX terminal changes
23 * @tty: tty to check
24 *
25 * If we try to write to, or set the state of, a terminal and we're
26 * not in the foreground, send a SIGTTOU. If the signal is blocked or
27 * ignored, go ahead and perform the operation. (POSIX 7.2)
28 *
29 * Locking: ctrl_lock
30 */
31int __tty_check_change(struct tty_struct *tty, int sig)
32{
33 unsigned long flags;
34 struct pid *pgrp, *tty_pgrp;
35 int ret = 0;
36
37 if (current->signal->tty != tty)
38 return 0;
39
40 rcu_read_lock();
41 pgrp = task_pgrp(current);
42
43 spin_lock_irqsave(&tty->ctrl_lock, flags);
44 tty_pgrp = tty->pgrp;
45 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
46
47 if (tty_pgrp && pgrp != tty->pgrp) {
48 if (is_ignored(sig)) {
49 if (sig == SIGTTIN)
50 ret = -EIO;
51 } else if (is_current_pgrp_orphaned())
52 ret = -EIO;
53 else {
54 kill_pgrp(pgrp, sig, 1);
55 set_thread_flag(TIF_SIGPENDING);
56 ret = -ERESTARTSYS;
57 }
58 }
59 rcu_read_unlock();
60
61 if (!tty_pgrp)
62 tty_warn(tty, "sig=%d, tty->pgrp == NULL!\n", sig);
63
64 return ret;
65}
66
67int tty_check_change(struct tty_struct *tty)
68{
69 return __tty_check_change(tty, SIGTTOU);
70}
71EXPORT_SYMBOL(tty_check_change);
72
73void proc_clear_tty(struct task_struct *p)
74{
75 unsigned long flags;
76 struct tty_struct *tty;
77 spin_lock_irqsave(&p->sighand->siglock, flags);
78 tty = p->signal->tty;
79 p->signal->tty = NULL;
80 spin_unlock_irqrestore(&p->sighand->siglock, flags);
81 tty_kref_put(tty);
82}
83
84/**
85 * proc_set_tty - set the controlling terminal
86 *
87 * Only callable by the session leader and only if it does not already have
88 * a controlling terminal.
89 *
90 * Caller must hold: tty_lock()
91 * a readlock on tasklist_lock
92 * sighand lock
93 */
94static void __proc_set_tty(struct tty_struct *tty)
95{
96 unsigned long flags;
97
98 spin_lock_irqsave(&tty->ctrl_lock, flags);
99 /*
100 * The session and fg pgrp references will be non-NULL if
101 * tiocsctty() is stealing the controlling tty
102 */
103 put_pid(tty->session);
104 put_pid(tty->pgrp);
105 tty->pgrp = get_pid(task_pgrp(current));
106 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
107 tty->session = get_pid(task_session(current));
108 if (current->signal->tty) {
109 tty_debug(tty, "current tty %s not NULL!!\n",
110 current->signal->tty->name);
111 tty_kref_put(current->signal->tty);
112 }
113 put_pid(current->signal->tty_old_pgrp);
114 current->signal->tty = tty_kref_get(tty);
115 current->signal->tty_old_pgrp = NULL;
116}
117
118static void proc_set_tty(struct tty_struct *tty)
119{
120 spin_lock_irq(&current->sighand->siglock);
121 __proc_set_tty(tty);
122 spin_unlock_irq(&current->sighand->siglock);
123}
124
125/*
126 * Called by tty_open() to set the controlling tty if applicable.
127 */
128void tty_open_proc_set_tty(struct file *filp, struct tty_struct *tty)
129{
130 read_lock(&tasklist_lock);
131 spin_lock_irq(&current->sighand->siglock);
132 if (current->signal->leader &&
133 !current->signal->tty &&
134 tty->session == NULL) {
135 /*
136 * Don't let a process that only has write access to the tty
137 * obtain the privileges associated with having a tty as
138 * controlling terminal (being able to reopen it with full
139 * access through /dev/tty, being able to perform pushback).
140 * Many distributions set the group of all ttys to "tty" and
141 * grant write-only access to all terminals for setgid tty
142 * binaries, which should not imply full privileges on all ttys.
143 *
144 * This could theoretically break old code that performs open()
145 * on a write-only file descriptor. In that case, it might be
146 * necessary to also permit this if
147 * inode_permission(inode, MAY_READ) == 0.
148 */
149 if (filp->f_mode & FMODE_READ)
150 __proc_set_tty(tty);
151 }
152 spin_unlock_irq(&current->sighand->siglock);
153 read_unlock(&tasklist_lock);
154}
155
156struct tty_struct *get_current_tty(void)
157{
158 struct tty_struct *tty;
159 unsigned long flags;
160
161 spin_lock_irqsave(&current->sighand->siglock, flags);
162 tty = tty_kref_get(current->signal->tty);
163 spin_unlock_irqrestore(&current->sighand->siglock, flags);
164 return tty;
165}
166EXPORT_SYMBOL_GPL(get_current_tty);
167
168/*
169 * Called from tty_release().
170 */
171void session_clear_tty(struct pid *session)
172{
173 struct task_struct *p;
174 do_each_pid_task(session, PIDTYPE_SID, p) {
175 proc_clear_tty(p);
176 } while_each_pid_task(session, PIDTYPE_SID, p);
177}
178
179/**
180 * tty_signal_session_leader - sends SIGHUP to session leader
181 * @tty controlling tty
182 * @exit_session if non-zero, signal all foreground group processes
183 *
184 * Send SIGHUP and SIGCONT to the session leader and its process group.
185 * Optionally, signal all processes in the foreground process group.
186 *
187 * Returns the number of processes in the session with this tty
188 * as their controlling terminal. This value is used to drop
189 * tty references for those processes.
190 */
191int tty_signal_session_leader(struct tty_struct *tty, int exit_session)
192{
193 struct task_struct *p;
194 int refs = 0;
195 struct pid *tty_pgrp = NULL;
196
197 read_lock(&tasklist_lock);
198 if (tty->session) {
199 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
200 spin_lock_irq(&p->sighand->siglock);
201 if (p->signal->tty == tty) {
202 p->signal->tty = NULL;
203 /* We defer the dereferences outside fo
204 the tasklist lock */
205 refs++;
206 }
207 if (!p->signal->leader) {
208 spin_unlock_irq(&p->sighand->siglock);
209 continue;
210 }
211 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
212 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
213 put_pid(p->signal->tty_old_pgrp); /* A noop */
214 spin_lock(&tty->ctrl_lock);
215 tty_pgrp = get_pid(tty->pgrp);
216 if (tty->pgrp)
217 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
218 spin_unlock(&tty->ctrl_lock);
219 spin_unlock_irq(&p->sighand->siglock);
220 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
221 }
222 read_unlock(&tasklist_lock);
223
224 if (tty_pgrp) {
225 if (exit_session)
226 kill_pgrp(tty_pgrp, SIGHUP, exit_session);
227 put_pid(tty_pgrp);
228 }
229
230 return refs;
231}
232
233/**
234 * disassociate_ctty - disconnect controlling tty
235 * @on_exit: true if exiting so need to "hang up" the session
236 *
237 * This function is typically called only by the session leader, when
238 * it wants to disassociate itself from its controlling tty.
239 *
240 * It performs the following functions:
241 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
242 * (2) Clears the tty from being controlling the session
243 * (3) Clears the controlling tty for all processes in the
244 * session group.
245 *
246 * The argument on_exit is set to 1 if called when a process is
247 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
248 *
249 * Locking:
250 * BTM is taken for hysterical raisons, and held when
251 * called from no_tty().
252 * tty_mutex is taken to protect tty
253 * ->siglock is taken to protect ->signal/->sighand
254 * tasklist_lock is taken to walk process list for sessions
255 * ->siglock is taken to protect ->signal/->sighand
256 */
257void disassociate_ctty(int on_exit)
258{
259 struct tty_struct *tty;
260
261 if (!current->signal->leader)
262 return;
263
264 tty = get_current_tty();
265 if (tty) {
266 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) {
267 tty_vhangup_session(tty);
268 } else {
269 struct pid *tty_pgrp = tty_get_pgrp(tty);
270 if (tty_pgrp) {
271 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
272 if (!on_exit)
273 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
274 put_pid(tty_pgrp);
275 }
276 }
277 tty_kref_put(tty);
278
279 } else if (on_exit) {
280 struct pid *old_pgrp;
281 spin_lock_irq(&current->sighand->siglock);
282 old_pgrp = current->signal->tty_old_pgrp;
283 current->signal->tty_old_pgrp = NULL;
284 spin_unlock_irq(&current->sighand->siglock);
285 if (old_pgrp) {
286 kill_pgrp(old_pgrp, SIGHUP, on_exit);
287 kill_pgrp(old_pgrp, SIGCONT, on_exit);
288 put_pid(old_pgrp);
289 }
290 return;
291 }
292
293 spin_lock_irq(&current->sighand->siglock);
294 put_pid(current->signal->tty_old_pgrp);
295 current->signal->tty_old_pgrp = NULL;
296
297 tty = tty_kref_get(current->signal->tty);
298 if (tty) {
299 unsigned long flags;
300 spin_lock_irqsave(&tty->ctrl_lock, flags);
301 put_pid(tty->session);
302 put_pid(tty->pgrp);
303 tty->session = NULL;
304 tty->pgrp = NULL;
305 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
306 tty_kref_put(tty);
307 }
308
309 spin_unlock_irq(&current->sighand->siglock);
310 /* Now clear signal->tty under the lock */
311 read_lock(&tasklist_lock);
312 session_clear_tty(task_session(current));
313 read_unlock(&tasklist_lock);
314}
315
316/**
317 *
318 * no_tty - Ensure the current process does not have a controlling tty
319 */
320void no_tty(void)
321{
322 /* FIXME: Review locking here. The tty_lock never covered any race
323 between a new association and proc_clear_tty but possible we need
324 to protect against this anyway */
325 struct task_struct *tsk = current;
326 disassociate_ctty(0);
327 proc_clear_tty(tsk);
328}
329
330/**
331 * tiocsctty - set controlling tty
332 * @tty: tty structure
333 * @arg: user argument
334 *
335 * This ioctl is used to manage job control. It permits a session
336 * leader to set this tty as the controlling tty for the session.
337 *
338 * Locking:
339 * Takes tty_lock() to serialize proc_set_tty() for this tty
340 * Takes tasklist_lock internally to walk sessions
341 * Takes ->siglock() when updating signal->tty
342 */
343static int tiocsctty(struct tty_struct *tty, struct file *file, int arg)
344{
345 int ret = 0;
346
347 tty_lock(tty);
348 read_lock(&tasklist_lock);
349
350 if (current->signal->leader && (task_session(current) == tty->session))
351 goto unlock;
352
353 /*
354 * The process must be a session leader and
355 * not have a controlling tty already.
356 */
357 if (!current->signal->leader || current->signal->tty) {
358 ret = -EPERM;
359 goto unlock;
360 }
361
362 if (tty->session) {
363 /*
364 * This tty is already the controlling
365 * tty for another session group!
366 */
367 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
368 /*
369 * Steal it away
370 */
371 session_clear_tty(tty->session);
372 } else {
373 ret = -EPERM;
374 goto unlock;
375 }
376 }
377
378 /* See the comment in tty_open_proc_set_tty(). */
379 if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) {
380 ret = -EPERM;
381 goto unlock;
382 }
383
384 proc_set_tty(tty);
385unlock:
386 read_unlock(&tasklist_lock);
387 tty_unlock(tty);
388 return ret;
389}
390
391/**
392 * tty_get_pgrp - return a ref counted pgrp pid
393 * @tty: tty to read
394 *
395 * Returns a refcounted instance of the pid struct for the process
396 * group controlling the tty.
397 */
398struct pid *tty_get_pgrp(struct tty_struct *tty)
399{
400 unsigned long flags;
401 struct pid *pgrp;
402
403 spin_lock_irqsave(&tty->ctrl_lock, flags);
404 pgrp = get_pid(tty->pgrp);
405 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
406
407 return pgrp;
408}
409EXPORT_SYMBOL_GPL(tty_get_pgrp);
410
411/*
412 * This checks not only the pgrp, but falls back on the pid if no
413 * satisfactory pgrp is found. I dunno - gdb doesn't work correctly
414 * without this...
415 *
416 * The caller must hold rcu lock or the tasklist lock.
417 */
418static struct pid *session_of_pgrp(struct pid *pgrp)
419{
420 struct task_struct *p;
421 struct pid *sid = NULL;
422
423 p = pid_task(pgrp, PIDTYPE_PGID);
424 if (p == NULL)
425 p = pid_task(pgrp, PIDTYPE_PID);
426 if (p != NULL)
427 sid = task_session(p);
428
429 return sid;
430}
431
432/**
433 * tiocgpgrp - get process group
434 * @tty: tty passed by user
435 * @real_tty: tty side of the tty passed by the user if a pty else the tty
436 * @p: returned pid
437 *
438 * Obtain the process group of the tty. If there is no process group
439 * return an error.
440 *
441 * Locking: none. Reference to current->signal->tty is safe.
442 */
443static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
444{
445 struct pid *pid;
446 int ret;
447 /*
448 * (tty == real_tty) is a cheap way of
449 * testing if the tty is NOT a master pty.
450 */
451 if (tty == real_tty && current->signal->tty != real_tty)
452 return -ENOTTY;
453 pid = tty_get_pgrp(real_tty);
454 ret = put_user(pid_vnr(pid), p);
455 put_pid(pid);
456 return ret;
457}
458
459/**
460 * tiocspgrp - attempt to set process group
461 * @tty: tty passed by user
462 * @real_tty: tty side device matching tty passed by user
463 * @p: pid pointer
464 *
465 * Set the process group of the tty to the session passed. Only
466 * permitted where the tty session is our session.
467 *
468 * Locking: RCU, ctrl lock
469 */
470static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
471{
472 struct pid *pgrp;
473 pid_t pgrp_nr;
474 int retval = tty_check_change(real_tty);
475
476 if (retval == -EIO)
477 return -ENOTTY;
478 if (retval)
479 return retval;
480 if (!current->signal->tty ||
481 (current->signal->tty != real_tty) ||
482 (real_tty->session != task_session(current)))
483 return -ENOTTY;
484 if (get_user(pgrp_nr, p))
485 return -EFAULT;
486 if (pgrp_nr < 0)
487 return -EINVAL;
488 rcu_read_lock();
489 pgrp = find_vpid(pgrp_nr);
490 retval = -ESRCH;
491 if (!pgrp)
492 goto out_unlock;
493 retval = -EPERM;
494 if (session_of_pgrp(pgrp) != task_session(current))
495 goto out_unlock;
496 retval = 0;
497 spin_lock_irq(&tty->ctrl_lock);
498 put_pid(real_tty->pgrp);
499 real_tty->pgrp = get_pid(pgrp);
500 spin_unlock_irq(&tty->ctrl_lock);
501out_unlock:
502 rcu_read_unlock();
503 return retval;
504}
505
506/**
507 * tiocgsid - get session id
508 * @tty: tty passed by user
509 * @real_tty: tty side of the tty passed by the user if a pty else the tty
510 * @p: pointer to returned session id
511 *
512 * Obtain the session id of the tty. If there is no session
513 * return an error.
514 *
515 * Locking: none. Reference to current->signal->tty is safe.
516 */
517static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
518{
519 /*
520 * (tty == real_tty) is a cheap way of
521 * testing if the tty is NOT a master pty.
522 */
523 if (tty == real_tty && current->signal->tty != real_tty)
524 return -ENOTTY;
525 if (!real_tty->session)
526 return -ENOTTY;
527 return put_user(pid_vnr(real_tty->session), p);
528}
529
530/*
531 * Called from tty_ioctl(). If tty is a pty then real_tty is the slave side,
532 * if not then tty == real_tty.
533 */
534long tty_jobctrl_ioctl(struct tty_struct *tty, struct tty_struct *real_tty,
535 struct file *file, unsigned int cmd, unsigned long arg)
536{
537 void __user *p = (void __user *)arg;
538
539 switch (cmd) {
540 case TIOCNOTTY:
541 if (current->signal->tty != tty)
542 return -ENOTTY;
543 no_tty();
544 return 0;
545 case TIOCSCTTY:
546 return tiocsctty(real_tty, file, arg);
547 case TIOCGPGRP:
548 return tiocgpgrp(tty, real_tty, p);
549 case TIOCSPGRP:
550 return tiocspgrp(tty, real_tty, p);
551 case TIOCGSID:
552 return tiocgsid(tty, real_tty, p);
553 }
554 return -ENOIOCTLCMD;
555}
556