1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (C) 1991, 1992 Linus Torvalds
4 */
5
6#include <linux/types.h>
7#include <linux/errno.h>
8#include <linux/signal.h>
9#include <linux/sched/signal.h>
10#include <linux/sched/task.h>
11#include <linux/tty.h>
12#include <linux/fcntl.h>
13#include <linux/uaccess.h>
14#include "tty.h"
15
16static int is_ignored(int sig)
17{
18 return (sigismember(set: &current->blocked, sig: sig) ||
19 current->sighand->action[sig-1].sa.sa_handler == SIG_IGN);
20}
21
22/**
23 * __tty_check_change - check for POSIX terminal changes
24 * @tty: tty to check
25 * @sig: signal to send
26 *
27 * If we try to write to, or set the state of, a terminal and we're
28 * not in the foreground, send a SIGTTOU. If the signal is blocked or
29 * ignored, go ahead and perform the operation. (POSIX 7.2)
30 *
31 * Locking: ctrl.lock
32 */
33int __tty_check_change(struct tty_struct *tty, int sig)
34{
35 unsigned long flags;
36 struct pid *pgrp, *tty_pgrp;
37 int ret = 0;
38
39 if (current->signal->tty != tty)
40 return 0;
41
42 rcu_read_lock();
43 pgrp = task_pgrp(current);
44
45 spin_lock_irqsave(&tty->ctrl.lock, flags);
46 tty_pgrp = tty->ctrl.pgrp;
47 spin_unlock_irqrestore(lock: &tty->ctrl.lock, flags);
48
49 if (tty_pgrp && pgrp != tty_pgrp) {
50 if (is_ignored(sig)) {
51 if (sig == SIGTTIN)
52 ret = -EIO;
53 } else if (is_current_pgrp_orphaned())
54 ret = -EIO;
55 else {
56 kill_pgrp(pid: pgrp, sig, priv: 1);
57 set_thread_flag(TIF_SIGPENDING);
58 ret = -ERESTARTSYS;
59 }
60 }
61 rcu_read_unlock();
62
63 if (!tty_pgrp)
64 tty_warn(tty, "sig=%d, tty->pgrp == NULL!\n", sig);
65
66 return ret;
67}
68
69int tty_check_change(struct tty_struct *tty)
70{
71 return __tty_check_change(tty, SIGTTOU);
72}
73EXPORT_SYMBOL(tty_check_change);
74
75void proc_clear_tty(struct task_struct *p)
76{
77 unsigned long flags;
78 struct tty_struct *tty;
79
80 spin_lock_irqsave(&p->sighand->siglock, flags);
81 tty = p->signal->tty;
82 p->signal->tty = NULL;
83 spin_unlock_irqrestore(lock: &p->sighand->siglock, flags);
84 tty_kref_put(tty);
85}
86
87/**
88 * __proc_set_tty - set the controlling terminal
89 * @tty: tty structure
90 *
91 * Only callable by the session leader and only if it does not already have
92 * a controlling terminal.
93 *
94 * Caller must hold: tty_lock()
95 * a readlock on tasklist_lock
96 * sighand lock
97 */
98static void __proc_set_tty(struct tty_struct *tty)
99{
100 unsigned long flags;
101
102 spin_lock_irqsave(&tty->ctrl.lock, flags);
103 /*
104 * The session and fg pgrp references will be non-NULL if
105 * tiocsctty() is stealing the controlling tty
106 */
107 put_pid(pid: tty->ctrl.session);
108 put_pid(pid: tty->ctrl.pgrp);
109 tty->ctrl.pgrp = get_pid(pid: task_pgrp(current));
110 tty->ctrl.session = get_pid(pid: task_session(current));
111 spin_unlock_irqrestore(lock: &tty->ctrl.lock, flags);
112 if (current->signal->tty) {
113 tty_debug(tty, "current tty %s not NULL!!\n",
114 current->signal->tty->name);
115 tty_kref_put(current->signal->tty);
116 }
117 put_pid(current->signal->tty_old_pgrp);
118 current->signal->tty = tty_kref_get(tty);
119 current->signal->tty_old_pgrp = NULL;
120}
121
122static void proc_set_tty(struct tty_struct *tty)
123{
124 spin_lock_irq(lock: &current->sighand->siglock);
125 __proc_set_tty(tty);
126 spin_unlock_irq(lock: &current->sighand->siglock);
127}
128
129/*
130 * Called by tty_open() to set the controlling tty if applicable.
131 */
132void tty_open_proc_set_tty(struct file *filp, struct tty_struct *tty)
133{
134 read_lock(&tasklist_lock);
135 spin_lock_irq(lock: &current->sighand->siglock);
136 if (current->signal->leader &&
137 !current->signal->tty &&
138 tty->ctrl.session == NULL) {
139 /*
140 * Don't let a process that only has write access to the tty
141 * obtain the privileges associated with having a tty as
142 * controlling terminal (being able to reopen it with full
143 * access through /dev/tty, being able to perform pushback).
144 * Many distributions set the group of all ttys to "tty" and
145 * grant write-only access to all terminals for setgid tty
146 * binaries, which should not imply full privileges on all ttys.
147 *
148 * This could theoretically break old code that performs open()
149 * on a write-only file descriptor. In that case, it might be
150 * necessary to also permit this if
151 * inode_permission(inode, MAY_READ) == 0.
152 */
153 if (filp->f_mode & FMODE_READ)
154 __proc_set_tty(tty);
155 }
156 spin_unlock_irq(lock: &current->sighand->siglock);
157 read_unlock(&tasklist_lock);
158}
159
160struct tty_struct *get_current_tty(void)
161{
162 struct tty_struct *tty;
163 unsigned long flags;
164
165 spin_lock_irqsave(&current->sighand->siglock, flags);
166 tty = tty_kref_get(current->signal->tty);
167 spin_unlock_irqrestore(lock: &current->sighand->siglock, flags);
168 return tty;
169}
170EXPORT_SYMBOL_GPL(get_current_tty);
171
172/*
173 * Called from tty_release().
174 */
175void session_clear_tty(struct pid *session)
176{
177 struct task_struct *p;
178
179 do_each_pid_task(session, PIDTYPE_SID, p) {
180 proc_clear_tty(p);
181 } while_each_pid_task(session, PIDTYPE_SID, p);
182}
183
184/**
185 * tty_signal_session_leader - sends SIGHUP to session leader
186 * @tty: controlling tty
187 * @exit_session: if non-zero, signal all foreground group processes
188 *
189 * Send SIGHUP and SIGCONT to the session leader and its process group.
190 * Optionally, signal all processes in the foreground process group.
191 *
192 * Returns the number of processes in the session with this tty
193 * as their controlling terminal. This value is used to drop
194 * tty references for those processes.
195 */
196int tty_signal_session_leader(struct tty_struct *tty, int exit_session)
197{
198 struct task_struct *p;
199 int refs = 0;
200 struct pid *tty_pgrp = NULL;
201
202 read_lock(&tasklist_lock);
203 if (tty->ctrl.session) {
204 do_each_pid_task(tty->ctrl.session, PIDTYPE_SID, p) {
205 spin_lock_irq(lock: &p->sighand->siglock);
206 if (p->signal->tty == tty) {
207 p->signal->tty = NULL;
208 /*
209 * We defer the dereferences outside of
210 * the tasklist lock.
211 */
212 refs++;
213 }
214 if (!p->signal->leader) {
215 spin_unlock_irq(lock: &p->sighand->siglock);
216 continue;
217 }
218 send_signal_locked(SIGHUP, SEND_SIG_PRIV, p, type: PIDTYPE_TGID);
219 send_signal_locked(SIGCONT, SEND_SIG_PRIV, p, type: PIDTYPE_TGID);
220 put_pid(pid: p->signal->tty_old_pgrp); /* A noop */
221 spin_lock(lock: &tty->ctrl.lock);
222 tty_pgrp = get_pid(pid: tty->ctrl.pgrp);
223 if (tty->ctrl.pgrp)
224 p->signal->tty_old_pgrp =
225 get_pid(pid: tty->ctrl.pgrp);
226 spin_unlock(lock: &tty->ctrl.lock);
227 spin_unlock_irq(lock: &p->sighand->siglock);
228 } while_each_pid_task(tty->ctrl.session, PIDTYPE_SID, p);
229 }
230 read_unlock(&tasklist_lock);
231
232 if (tty_pgrp) {
233 if (exit_session)
234 kill_pgrp(pid: tty_pgrp, SIGHUP, priv: exit_session);
235 put_pid(pid: tty_pgrp);
236 }
237
238 return refs;
239}
240
241/**
242 * disassociate_ctty - disconnect controlling tty
243 * @on_exit: true if exiting so need to "hang up" the session
244 *
245 * This function is typically called only by the session leader, when
246 * it wants to disassociate itself from its controlling tty.
247 *
248 * It performs the following functions:
249 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
250 * (2) Clears the tty from being controlling the session
251 * (3) Clears the controlling tty for all processes in the
252 * session group.
253 *
254 * The argument on_exit is set to 1 if called when a process is
255 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
256 *
257 * Locking:
258 * BTM is taken for hysterical raisons, and held when
259 * called from no_tty().
260 * tty_mutex is taken to protect tty
261 * ->siglock is taken to protect ->signal/->sighand
262 * tasklist_lock is taken to walk process list for sessions
263 * ->siglock is taken to protect ->signal/->sighand
264 */
265void disassociate_ctty(int on_exit)
266{
267 struct tty_struct *tty;
268
269 if (!current->signal->leader)
270 return;
271
272 tty = get_current_tty();
273 if (tty) {
274 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) {
275 tty_vhangup_session(tty);
276 } else {
277 struct pid *tty_pgrp = tty_get_pgrp(tty);
278
279 if (tty_pgrp) {
280 kill_pgrp(pid: tty_pgrp, SIGHUP, priv: on_exit);
281 if (!on_exit)
282 kill_pgrp(pid: tty_pgrp, SIGCONT, priv: on_exit);
283 put_pid(pid: tty_pgrp);
284 }
285 }
286 tty_kref_put(tty);
287
288 } else if (on_exit) {
289 struct pid *old_pgrp;
290
291 spin_lock_irq(lock: &current->sighand->siglock);
292 old_pgrp = current->signal->tty_old_pgrp;
293 current->signal->tty_old_pgrp = NULL;
294 spin_unlock_irq(lock: &current->sighand->siglock);
295 if (old_pgrp) {
296 kill_pgrp(pid: old_pgrp, SIGHUP, priv: on_exit);
297 kill_pgrp(pid: old_pgrp, SIGCONT, priv: on_exit);
298 put_pid(pid: old_pgrp);
299 }
300 return;
301 }
302
303 tty = get_current_tty();
304 if (tty) {
305 unsigned long flags;
306
307 tty_lock(tty);
308 spin_lock_irqsave(&tty->ctrl.lock, flags);
309 put_pid(pid: tty->ctrl.session);
310 put_pid(pid: tty->ctrl.pgrp);
311 tty->ctrl.session = NULL;
312 tty->ctrl.pgrp = NULL;
313 spin_unlock_irqrestore(lock: &tty->ctrl.lock, flags);
314 tty_unlock(tty);
315 tty_kref_put(tty);
316 }
317
318 /* If tty->ctrl.pgrp is not NULL, it may be assigned to
319 * current->signal->tty_old_pgrp in a race condition, and
320 * cause pid memleak. Release current->signal->tty_old_pgrp
321 * after tty->ctrl.pgrp set to NULL.
322 */
323 spin_lock_irq(lock: &current->sighand->siglock);
324 put_pid(current->signal->tty_old_pgrp);
325 current->signal->tty_old_pgrp = NULL;
326 spin_unlock_irq(lock: &current->sighand->siglock);
327
328 /* Now clear signal->tty under the lock */
329 read_lock(&tasklist_lock);
330 session_clear_tty(session: task_session(current));
331 read_unlock(&tasklist_lock);
332}
333
334/*
335 *
336 * no_tty - Ensure the current process does not have a controlling tty
337 */
338void no_tty(void)
339{
340 /*
341 * FIXME: Review locking here. The tty_lock never covered any race
342 * between a new association and proc_clear_tty but possibly we need
343 * to protect against this anyway.
344 */
345 struct task_struct *tsk = current;
346
347 disassociate_ctty(on_exit: 0);
348 proc_clear_tty(p: tsk);
349}
350
351/**
352 * tiocsctty - set controlling tty
353 * @tty: tty structure
354 * @file: file structure used to check permissions
355 * @arg: user argument
356 *
357 * This ioctl is used to manage job control. It permits a session
358 * leader to set this tty as the controlling tty for the session.
359 *
360 * Locking:
361 * Takes tty_lock() to serialize proc_set_tty() for this tty
362 * Takes tasklist_lock internally to walk sessions
363 * Takes ->siglock() when updating signal->tty
364 */
365static int tiocsctty(struct tty_struct *tty, struct file *file, int arg)
366{
367 int ret = 0;
368
369 tty_lock(tty);
370 read_lock(&tasklist_lock);
371
372 if (current->signal->leader &&
373 task_session(current) == tty->ctrl.session)
374 goto unlock;
375
376 /*
377 * The process must be a session leader and
378 * not have a controlling tty already.
379 */
380 if (!current->signal->leader || current->signal->tty) {
381 ret = -EPERM;
382 goto unlock;
383 }
384
385 if (tty->ctrl.session) {
386 /*
387 * This tty is already the controlling
388 * tty for another session group!
389 */
390 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
391 /*
392 * Steal it away
393 */
394 session_clear_tty(session: tty->ctrl.session);
395 } else {
396 ret = -EPERM;
397 goto unlock;
398 }
399 }
400
401 /* See the comment in tty_open_proc_set_tty(). */
402 if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) {
403 ret = -EPERM;
404 goto unlock;
405 }
406
407 proc_set_tty(tty);
408unlock:
409 read_unlock(&tasklist_lock);
410 tty_unlock(tty);
411 return ret;
412}
413
414/**
415 * tty_get_pgrp - return a ref counted pgrp pid
416 * @tty: tty to read
417 *
418 * Returns a refcounted instance of the pid struct for the process
419 * group controlling the tty.
420 */
421struct pid *tty_get_pgrp(struct tty_struct *tty)
422{
423 unsigned long flags;
424 struct pid *pgrp;
425
426 spin_lock_irqsave(&tty->ctrl.lock, flags);
427 pgrp = get_pid(pid: tty->ctrl.pgrp);
428 spin_unlock_irqrestore(lock: &tty->ctrl.lock, flags);
429
430 return pgrp;
431}
432EXPORT_SYMBOL_GPL(tty_get_pgrp);
433
434/*
435 * This checks not only the pgrp, but falls back on the pid if no
436 * satisfactory pgrp is found. I dunno - gdb doesn't work correctly
437 * without this...
438 *
439 * The caller must hold rcu lock or the tasklist lock.
440 */
441static struct pid *session_of_pgrp(struct pid *pgrp)
442{
443 struct task_struct *p;
444 struct pid *sid = NULL;
445
446 p = pid_task(pid: pgrp, PIDTYPE_PGID);
447 if (p == NULL)
448 p = pid_task(pid: pgrp, PIDTYPE_PID);
449 if (p != NULL)
450 sid = task_session(task: p);
451
452 return sid;
453}
454
455/**
456 * tiocgpgrp - get process group
457 * @tty: tty passed by user
458 * @real_tty: tty side of the tty passed by the user if a pty else the tty
459 * @p: returned pid
460 *
461 * Obtain the process group of the tty. If there is no process group
462 * return an error.
463 *
464 * Locking: none. Reference to current->signal->tty is safe.
465 */
466static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
467{
468 struct pid *pid;
469 int ret;
470 /*
471 * (tty == real_tty) is a cheap way of
472 * testing if the tty is NOT a master pty.
473 */
474 if (tty == real_tty && current->signal->tty != real_tty)
475 return -ENOTTY;
476 pid = tty_get_pgrp(real_tty);
477 ret = put_user(pid_vnr(pid), p);
478 put_pid(pid);
479 return ret;
480}
481
482/**
483 * tiocspgrp - attempt to set process group
484 * @tty: tty passed by user
485 * @real_tty: tty side device matching tty passed by user
486 * @p: pid pointer
487 *
488 * Set the process group of the tty to the session passed. Only
489 * permitted where the tty session is our session.
490 *
491 * Locking: RCU, ctrl lock
492 */
493static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
494{
495 struct pid *pgrp;
496 pid_t pgrp_nr;
497 int retval = tty_check_change(real_tty);
498
499 if (retval == -EIO)
500 return -ENOTTY;
501 if (retval)
502 return retval;
503
504 if (get_user(pgrp_nr, p))
505 return -EFAULT;
506 if (pgrp_nr < 0)
507 return -EINVAL;
508
509 spin_lock_irq(lock: &real_tty->ctrl.lock);
510 if (!current->signal->tty ||
511 (current->signal->tty != real_tty) ||
512 (real_tty->ctrl.session != task_session(current))) {
513 retval = -ENOTTY;
514 goto out_unlock_ctrl;
515 }
516 rcu_read_lock();
517 pgrp = find_vpid(nr: pgrp_nr);
518 retval = -ESRCH;
519 if (!pgrp)
520 goto out_unlock;
521 retval = -EPERM;
522 if (session_of_pgrp(pgrp) != task_session(current))
523 goto out_unlock;
524 retval = 0;
525 put_pid(pid: real_tty->ctrl.pgrp);
526 real_tty->ctrl.pgrp = get_pid(pid: pgrp);
527out_unlock:
528 rcu_read_unlock();
529out_unlock_ctrl:
530 spin_unlock_irq(lock: &real_tty->ctrl.lock);
531 return retval;
532}
533
534/**
535 * tiocgsid - get session id
536 * @tty: tty passed by user
537 * @real_tty: tty side of the tty passed by the user if a pty else the tty
538 * @p: pointer to returned session id
539 *
540 * Obtain the session id of the tty. If there is no session
541 * return an error.
542 */
543static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
544{
545 unsigned long flags;
546 pid_t sid;
547
548 /*
549 * (tty == real_tty) is a cheap way of
550 * testing if the tty is NOT a master pty.
551 */
552 if (tty == real_tty && current->signal->tty != real_tty)
553 return -ENOTTY;
554
555 spin_lock_irqsave(&real_tty->ctrl.lock, flags);
556 if (!real_tty->ctrl.session)
557 goto err;
558 sid = pid_vnr(pid: real_tty->ctrl.session);
559 spin_unlock_irqrestore(lock: &real_tty->ctrl.lock, flags);
560
561 return put_user(sid, p);
562
563err:
564 spin_unlock_irqrestore(lock: &real_tty->ctrl.lock, flags);
565 return -ENOTTY;
566}
567
568/*
569 * Called from tty_ioctl(). If tty is a pty then real_tty is the slave side,
570 * if not then tty == real_tty.
571 */
572long tty_jobctrl_ioctl(struct tty_struct *tty, struct tty_struct *real_tty,
573 struct file *file, unsigned int cmd, unsigned long arg)
574{
575 void __user *p = (void __user *)arg;
576
577 switch (cmd) {
578 case TIOCNOTTY:
579 if (current->signal->tty != tty)
580 return -ENOTTY;
581 no_tty();
582 return 0;
583 case TIOCSCTTY:
584 return tiocsctty(tty: real_tty, file, arg);
585 case TIOCGPGRP:
586 return tiocgpgrp(tty, real_tty, p);
587 case TIOCSPGRP:
588 return tiocspgrp(tty, real_tty, p);
589 case TIOCGSID:
590 return tiocgsid(tty, real_tty, p);
591 }
592 return -ENOIOCTLCMD;
593}
594

source code of linux/drivers/tty/tty_jobctrl.c