drivers/tty/tty_jobctrl.c

0001 // SPDX-License-Identifier: GPL-2.0
0002 /*
0003  *  Copyright (C) 1991, 1992  Linus Torvalds
0004  */
0005
0006 #include <linux/types.h>
0007 #include <linux/errno.h>
0008 #include <linux/signal.h>
0009 #include <linux/sched/signal.h>
0010 #include <linux/sched/task.h>
0011 #include <linux/tty.h>
0012 #include <linux/fcntl.h>
0013 #include <linux/uaccess.h>
0014 #include "tty.h"
0015
0016 static int is_ignored(int sig)
0017 {
0018     return (sigismember(&current->blocked, sig) ||
0019         current->sighand->action[sig-1].sa.sa_handler == SIG_IGN);
0020 }
0021
0022 /**
0023  *  __tty_check_change  -   check for POSIX terminal changes
0024  *  @tty: tty to check
0025  *  @sig: signal to send
0026  *
0027  *  If we try to write to, or set the state of, a terminal and we're
0028  *  not in the foreground, send a SIGTTOU.  If the signal is blocked or
0029  *  ignored, go ahead and perform the operation.  (POSIX 7.2)
0030  *
0031  *  Locking: ctrl.lock
0032  */
0033 int __tty_check_change(struct tty_struct *tty, int sig)
0034 {
0035     unsigned long flags;
0036     struct pid *pgrp, *tty_pgrp;
0037     int ret = 0;
0038
0039     if (current->signal->tty != tty)
0040         return 0;
0041
0042     rcu_read_lock();
0043     pgrp = task_pgrp(current);
0044
0045     spin_lock_irqsave(&tty->ctrl.lock, flags);
0046     tty_pgrp = tty->ctrl.pgrp;
0047     spin_unlock_irqrestore(&tty->ctrl.lock, flags);
0048
0049     if (tty_pgrp && pgrp != tty_pgrp) {
0050         if (is_ignored(sig)) {
0051             if (sig == SIGTTIN)
0052                 ret = -EIO;
0053         } else if (is_current_pgrp_orphaned())
0054             ret = -EIO;
0055         else {
0056             kill_pgrp(pgrp, sig, 1);
0057             set_thread_flag(TIF_SIGPENDING);
0058             ret = -ERESTARTSYS;
0059         }
0060     }
0061     rcu_read_unlock();
0062
0063     if (!tty_pgrp)
0064         tty_warn(tty, "sig=%d, tty->pgrp == NULL!\n", sig);
0065
0066     return ret;
0067 }
0068
0069 int tty_check_change(struct tty_struct *tty)
0070 {
0071     return __tty_check_change(tty, SIGTTOU);
0072 }
0073 EXPORT_SYMBOL(tty_check_change);
0074
0075 void proc_clear_tty(struct task_struct *p)
0076 {
0077     unsigned long flags;
0078     struct tty_struct *tty;
0079
0080     spin_lock_irqsave(&p->sighand->siglock, flags);
0081     tty = p->signal->tty;
0082     p->signal->tty = NULL;
0083     spin_unlock_irqrestore(&p->sighand->siglock, flags);
0084     tty_kref_put(tty);
0085 }
0086
0087 /**
0088  * __proc_set_tty -  set the controlling terminal
0089  *  @tty: tty structure
0090  *
0091  * Only callable by the session leader and only if it does not already have
0092  * a controlling terminal.
0093  *
0094  * Caller must hold:  tty_lock()
0095  *            a readlock on tasklist_lock
0096  *            sighand lock
0097  */
0098 static void __proc_set_tty(struct tty_struct *tty)
0099 {
0100     unsigned long flags;
0101
0102     spin_lock_irqsave(&tty->ctrl.lock, flags);
0103     /*
0104      * The session and fg pgrp references will be non-NULL if
0105      * tiocsctty() is stealing the controlling tty
0106      */
0107     put_pid(tty->ctrl.session);
0108     put_pid(tty->ctrl.pgrp);
0109     tty->ctrl.pgrp = get_pid(task_pgrp(current));
0110     tty->ctrl.session = get_pid(task_session(current));
0111     spin_unlock_irqrestore(&tty->ctrl.lock, flags);
0112     if (current->signal->tty) {
0113         tty_debug(tty, "current tty %s not NULL!!\n",
0114               current->signal->tty->name);
0115         tty_kref_put(current->signal->tty);
0116     }
0117     put_pid(current->signal->tty_old_pgrp);
0118     current->signal->tty = tty_kref_get(tty);
0119     current->signal->tty_old_pgrp = NULL;
0120 }
0121
0122 static void proc_set_tty(struct tty_struct *tty)
0123 {
0124     spin_lock_irq(&current->sighand->siglock);
0125     __proc_set_tty(tty);
0126     spin_unlock_irq(&current->sighand->siglock);
0127 }
0128
0129 /*
0130  * Called by tty_open() to set the controlling tty if applicable.
0131  */
0132 void tty_open_proc_set_tty(struct file *filp, struct tty_struct *tty)
0133 {
0134     read_lock(&tasklist_lock);
0135     spin_lock_irq(&current->sighand->siglock);
0136     if (current->signal->leader &&
0137         !current->signal->tty &&
0138         tty->ctrl.session == NULL) {
0139         /*
0140          * Don't let a process that only has write access to the tty
0141          * obtain the privileges associated with having a tty as
0142          * controlling terminal (being able to reopen it with full
0143          * access through /dev/tty, being able to perform pushback).
0144          * Many distributions set the group of all ttys to "tty" and
0145          * grant write-only access to all terminals for setgid tty
0146          * binaries, which should not imply full privileges on all ttys.
0147          *
0148          * This could theoretically break old code that performs open()
0149          * on a write-only file descriptor. In that case, it might be
0150          * necessary to also permit this if
0151          * inode_permission(inode, MAY_READ) == 0.
0152          */
0153         if (filp->f_mode & FMODE_READ)
0154             __proc_set_tty(tty);
0155     }
0156     spin_unlock_irq(&current->sighand->siglock);
0157     read_unlock(&tasklist_lock);
0158 }
0159
0160 struct tty_struct *get_current_tty(void)
0161 {
0162     struct tty_struct *tty;
0163     unsigned long flags;
0164
0165     spin_lock_irqsave(&current->sighand->siglock, flags);
0166     tty = tty_kref_get(current->signal->tty);
0167     spin_unlock_irqrestore(&current->sighand->siglock, flags);
0168     return tty;
0169 }
0170 EXPORT_SYMBOL_GPL(get_current_tty);
0171
0172 /*
0173  * Called from tty_release().
0174  */
0175 void session_clear_tty(struct pid *session)
0176 {
0177     struct task_struct *p;
0178
0179     do_each_pid_task(session, PIDTYPE_SID, p) {
0180         proc_clear_tty(p);
0181     } while_each_pid_task(session, PIDTYPE_SID, p);
0182 }
0183
0184 /**
0185  *  tty_signal_session_leader   - sends SIGHUP to session leader
0186  *  @tty: controlling tty
0187  *  @exit_session: if non-zero, signal all foreground group processes
0188  *
0189  *  Send SIGHUP and SIGCONT to the session leader and its process group.
0190  *  Optionally, signal all processes in the foreground process group.
0191  *
0192  *  Returns the number of processes in the session with this tty
0193  *  as their controlling terminal. This value is used to drop
0194  *  tty references for those processes.
0195  */
0196 int tty_signal_session_leader(struct tty_struct *tty, int exit_session)
0197 {
0198     struct task_struct *p;
0199     int refs = 0;
0200     struct pid *tty_pgrp = NULL;
0201
0202     read_lock(&tasklist_lock);
0203     if (tty->ctrl.session) {
0204         do_each_pid_task(tty->ctrl.session, PIDTYPE_SID, p) {
0205             spin_lock_irq(&p->sighand->siglock);
0206             if (p->signal->tty == tty) {
0207                 p->signal->tty = NULL;
0208                 /*
0209                  * We defer the dereferences outside of
0210                  * the tasklist lock.
0211                  */
0212                 refs++;
0213             }
0214             if (!p->signal->leader) {
0215                 spin_unlock_irq(&p->sighand->siglock);
0216                 continue;
0217             }
0218             send_signal_locked(SIGHUP, SEND_SIG_PRIV, p, PIDTYPE_TGID);
0219             send_signal_locked(SIGCONT, SEND_SIG_PRIV, p, PIDTYPE_TGID);
0220             put_pid(p->signal->tty_old_pgrp);  /* A noop */
0221             spin_lock(&tty->ctrl.lock);
0222             tty_pgrp = get_pid(tty->ctrl.pgrp);
0223             if (tty->ctrl.pgrp)
0224                 p->signal->tty_old_pgrp =
0225                     get_pid(tty->ctrl.pgrp);
0226             spin_unlock(&tty->ctrl.lock);
0227             spin_unlock_irq(&p->sighand->siglock);
0228         } while_each_pid_task(tty->ctrl.session, PIDTYPE_SID, p);
0229     }
0230     read_unlock(&tasklist_lock);
0231
0232     if (tty_pgrp) {
0233         if (exit_session)
0234             kill_pgrp(tty_pgrp, SIGHUP, exit_session);
0235         put_pid(tty_pgrp);
0236     }
0237
0238     return refs;
0239 }
0240
0241 /**
0242  *  disassociate_ctty   -   disconnect controlling tty
0243  *  @on_exit: true if exiting so need to "hang up" the session
0244  *
0245  *  This function is typically called only by the session leader, when
0246  *  it wants to disassociate itself from its controlling tty.
0247  *
0248  *  It performs the following functions:
0249  *  (1)  Sends a SIGHUP and SIGCONT to the foreground process group
0250  *  (2)  Clears the tty from being controlling the session
0251  *  (3)  Clears the controlling tty for all processes in the
0252  *      session group.
0253  *
0254  *  The argument on_exit is set to 1 if called when a process is
0255  *  exiting; it is 0 if called by the ioctl TIOCNOTTY.
0256  *
0257  *  Locking:
0258  *      BTM is taken for hysterical raisons, and held when
0259  *        called from no_tty().
0260  *        tty_mutex is taken to protect tty
0261  *        ->siglock is taken to protect ->signal/->sighand
0262  *        tasklist_lock is taken to walk process list for sessions
0263  *          ->siglock is taken to protect ->signal/->sighand
0264  */
0265 void disassociate_ctty(int on_exit)
0266 {
0267     struct tty_struct *tty;
0268
0269     if (!current->signal->leader)
0270         return;
0271
0272     tty = get_current_tty();
0273     if (tty) {
0274         if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) {
0275             tty_vhangup_session(tty);
0276         } else {
0277             struct pid *tty_pgrp = tty_get_pgrp(tty);
0278
0279             if (tty_pgrp) {
0280                 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
0281                 if (!on_exit)
0282                     kill_pgrp(tty_pgrp, SIGCONT, on_exit);
0283                 put_pid(tty_pgrp);
0284             }
0285         }
0286         tty_kref_put(tty);
0287
0288     } else if (on_exit) {
0289         struct pid *old_pgrp;
0290
0291         spin_lock_irq(&current->sighand->siglock);
0292         old_pgrp = current->signal->tty_old_pgrp;
0293         current->signal->tty_old_pgrp = NULL;
0294         spin_unlock_irq(&current->sighand->siglock);
0295         if (old_pgrp) {
0296             kill_pgrp(old_pgrp, SIGHUP, on_exit);
0297             kill_pgrp(old_pgrp, SIGCONT, on_exit);
0298             put_pid(old_pgrp);
0299         }
0300         return;
0301     }
0302
0303     spin_lock_irq(&current->sighand->siglock);
0304     put_pid(current->signal->tty_old_pgrp);
0305     current->signal->tty_old_pgrp = NULL;
0306     tty = tty_kref_get(current->signal->tty);
0307     spin_unlock_irq(&current->sighand->siglock);
0308
0309     if (tty) {
0310         unsigned long flags;
0311
0312         tty_lock(tty);
0313         spin_lock_irqsave(&tty->ctrl.lock, flags);
0314         put_pid(tty->ctrl.session);
0315         put_pid(tty->ctrl.pgrp);
0316         tty->ctrl.session = NULL;
0317         tty->ctrl.pgrp = NULL;
0318         spin_unlock_irqrestore(&tty->ctrl.lock, flags);
0319         tty_unlock(tty);
0320         tty_kref_put(tty);
0321     }
0322
0323     /* Now clear signal->tty under the lock */
0324     read_lock(&tasklist_lock);
0325     session_clear_tty(task_session(current));
0326     read_unlock(&tasklist_lock);
0327 }
0328
0329 /*
0330  *
0331  *  no_tty  - Ensure the current process does not have a controlling tty
0332  */
0333 void no_tty(void)
0334 {
0335     /*
0336      * FIXME: Review locking here. The tty_lock never covered any race
0337      * between a new association and proc_clear_tty but possibly we need
0338      * to protect against this anyway.
0339      */
0340     struct task_struct *tsk = current;
0341
0342     disassociate_ctty(0);
0343     proc_clear_tty(tsk);
0344 }
0345
0346 /**
0347  *  tiocsctty   -   set controlling tty
0348  *  @tty: tty structure
0349  *  @file: file structure used to check permissions
0350  *  @arg: user argument
0351  *
0352  *  This ioctl is used to manage job control. It permits a session
0353  *  leader to set this tty as the controlling tty for the session.
0354  *
0355  *  Locking:
0356  *      Takes tty_lock() to serialize proc_set_tty() for this tty
0357  *      Takes tasklist_lock internally to walk sessions
0358  *      Takes ->siglock() when updating signal->tty
0359  */
0360 static int tiocsctty(struct tty_struct *tty, struct file *file, int arg)
0361 {
0362     int ret = 0;
0363
0364     tty_lock(tty);
0365     read_lock(&tasklist_lock);
0366
0367     if (current->signal->leader &&
0368             task_session(current) == tty->ctrl.session)
0369         goto unlock;
0370
0371     /*
0372      * The process must be a session leader and
0373      * not have a controlling tty already.
0374      */
0375     if (!current->signal->leader || current->signal->tty) {
0376         ret = -EPERM;
0377         goto unlock;
0378     }
0379
0380     if (tty->ctrl.session) {
0381         /*
0382          * This tty is already the controlling
0383          * tty for another session group!
0384          */
0385         if (arg == 1 && capable(CAP_SYS_ADMIN)) {
0386             /*
0387              * Steal it away
0388              */
0389             session_clear_tty(tty->ctrl.session);
0390         } else {
0391             ret = -EPERM;
0392             goto unlock;
0393         }
0394     }
0395
0396     /* See the comment in tty_open_proc_set_tty(). */
0397     if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) {
0398         ret = -EPERM;
0399         goto unlock;
0400     }
0401
0402     proc_set_tty(tty);
0403 unlock:
0404     read_unlock(&tasklist_lock);
0405     tty_unlock(tty);
0406     return ret;
0407 }
0408
0409 /**
0410  *  tty_get_pgrp    -   return a ref counted pgrp pid
0411  *  @tty: tty to read
0412  *
0413  *  Returns a refcounted instance of the pid struct for the process
0414  *  group controlling the tty.
0415  */
0416 struct pid *tty_get_pgrp(struct tty_struct *tty)
0417 {
0418     unsigned long flags;
0419     struct pid *pgrp;
0420
0421     spin_lock_irqsave(&tty->ctrl.lock, flags);
0422     pgrp = get_pid(tty->ctrl.pgrp);
0423     spin_unlock_irqrestore(&tty->ctrl.lock, flags);
0424
0425     return pgrp;
0426 }
0427 EXPORT_SYMBOL_GPL(tty_get_pgrp);
0428
0429 /*
0430  * This checks not only the pgrp, but falls back on the pid if no
0431  * satisfactory pgrp is found. I dunno - gdb doesn't work correctly
0432  * without this...
0433  *
0434  * The caller must hold rcu lock or the tasklist lock.
0435  */
0436 static struct pid *session_of_pgrp(struct pid *pgrp)
0437 {
0438     struct task_struct *p;
0439     struct pid *sid = NULL;
0440
0441     p = pid_task(pgrp, PIDTYPE_PGID);
0442     if (p == NULL)
0443         p = pid_task(pgrp, PIDTYPE_PID);
0444     if (p != NULL)
0445         sid = task_session(p);
0446
0447     return sid;
0448 }
0449
0450 /**
0451  *  tiocgpgrp       -   get process group
0452  *  @tty: tty passed by user
0453  *  @real_tty: tty side of the tty passed by the user if a pty else the tty
0454  *  @p: returned pid
0455  *
0456  *  Obtain the process group of the tty. If there is no process group
0457  *  return an error.
0458  *
0459  *  Locking: none. Reference to current->signal->tty is safe.
0460  */
0461 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
0462 {
0463     struct pid *pid;
0464     int ret;
0465     /*
0466      * (tty == real_tty) is a cheap way of
0467      * testing if the tty is NOT a master pty.
0468      */
0469     if (tty == real_tty && current->signal->tty != real_tty)
0470         return -ENOTTY;
0471     pid = tty_get_pgrp(real_tty);
0472     ret =  put_user(pid_vnr(pid), p);
0473     put_pid(pid);
0474     return ret;
0475 }
0476
0477 /**
0478  *  tiocspgrp       -   attempt to set process group
0479  *  @tty: tty passed by user
0480  *  @real_tty: tty side device matching tty passed by user
0481  *  @p: pid pointer
0482  *
0483  *  Set the process group of the tty to the session passed. Only
0484  *  permitted where the tty session is our session.
0485  *
0486  *  Locking: RCU, ctrl lock
0487  */
0488 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
0489 {
0490     struct pid *pgrp;
0491     pid_t pgrp_nr;
0492     int retval = tty_check_change(real_tty);
0493
0494     if (retval == -EIO)
0495         return -ENOTTY;
0496     if (retval)
0497         return retval;
0498
0499     if (get_user(pgrp_nr, p))
0500         return -EFAULT;
0501     if (pgrp_nr < 0)
0502         return -EINVAL;
0503
0504     spin_lock_irq(&real_tty->ctrl.lock);
0505     if (!current->signal->tty ||
0506         (current->signal->tty != real_tty) ||
0507         (real_tty->ctrl.session != task_session(current))) {
0508         retval = -ENOTTY;
0509         goto out_unlock_ctrl;
0510     }
0511     rcu_read_lock();
0512     pgrp = find_vpid(pgrp_nr);
0513     retval = -ESRCH;
0514     if (!pgrp)
0515         goto out_unlock;
0516     retval = -EPERM;
0517     if (session_of_pgrp(pgrp) != task_session(current))
0518         goto out_unlock;
0519     retval = 0;
0520     put_pid(real_tty->ctrl.pgrp);
0521     real_tty->ctrl.pgrp = get_pid(pgrp);
0522 out_unlock:
0523     rcu_read_unlock();
0524 out_unlock_ctrl:
0525     spin_unlock_irq(&real_tty->ctrl.lock);
0526     return retval;
0527 }
0528
0529 /**
0530  *  tiocgsid        -   get session id
0531  *  @tty: tty passed by user
0532  *  @real_tty: tty side of the tty passed by the user if a pty else the tty
0533  *  @p: pointer to returned session id
0534  *
0535  *  Obtain the session id of the tty. If there is no session
0536  *  return an error.
0537  */
0538 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
0539 {
0540     unsigned long flags;
0541     pid_t sid;
0542
0543     /*
0544      * (tty == real_tty) is a cheap way of
0545      * testing if the tty is NOT a master pty.
0546      */
0547     if (tty == real_tty && current->signal->tty != real_tty)
0548         return -ENOTTY;
0549
0550     spin_lock_irqsave(&real_tty->ctrl.lock, flags);
0551     if (!real_tty->ctrl.session)
0552         goto err;
0553     sid = pid_vnr(real_tty->ctrl.session);
0554     spin_unlock_irqrestore(&real_tty->ctrl.lock, flags);
0555
0556     return put_user(sid, p);
0557
0558 err:
0559     spin_unlock_irqrestore(&real_tty->ctrl.lock, flags);
0560     return -ENOTTY;
0561 }
0562
0563 /*
0564  * Called from tty_ioctl(). If tty is a pty then real_tty is the slave side,
0565  * if not then tty == real_tty.
0566  */
0567 long tty_jobctrl_ioctl(struct tty_struct *tty, struct tty_struct *real_tty,
0568                struct file *file, unsigned int cmd, unsigned long arg)
0569 {
0570     void __user *p = (void __user *)arg;
0571
0572     switch (cmd) {
0573     case TIOCNOTTY:
0574         if (current->signal->tty != tty)
0575             return -ENOTTY;
0576         no_tty();
0577         return 0;
0578     case TIOCSCTTY:
0579         return tiocsctty(real_tty, file, arg);
0580     case TIOCGPGRP:
0581         return tiocgpgrp(tty, real_tty, p);
0582     case TIOCSPGRP:
0583         return tiocspgrp(tty, real_tty, p);
0584     case TIOCGSID:
0585         return tiocgsid(tty, real_tty, p);
0586     }
0587     return -ENOIOCTLCMD;
0588 }