|  | // SPDX-License-Identifier: GPL-2.0 | 
|  | /* | 
|  | *  Copyright (C) 1991, 1992  Linus Torvalds | 
|  | */ | 
|  |  | 
|  | #include <linux/types.h> | 
|  | #include <linux/errno.h> | 
|  | #include <linux/signal.h> | 
|  | #include <linux/sched/signal.h> | 
|  | #include <linux/sched/task.h> | 
|  | #include <linux/tty.h> | 
|  | #include <linux/fcntl.h> | 
|  | #include <linux/uaccess.h> | 
|  | #include "tty.h" | 
|  |  | 
|  | static int is_ignored(int sig) | 
|  | { | 
|  | return (sigismember(¤t->blocked, sig) || | 
|  | current->sighand->action[sig-1].sa.sa_handler == SIG_IGN); | 
|  | } | 
|  |  | 
|  | /** | 
|  | *	__tty_check_change	-	check for POSIX terminal changes | 
|  | *	@tty: tty to check | 
|  | *	@sig: signal to send | 
|  | * | 
|  | *	If we try to write to, or set the state of, a terminal and we're | 
|  | *	not in the foreground, send a SIGTTOU.  If the signal is blocked or | 
|  | *	ignored, go ahead and perform the operation.  (POSIX 7.2) | 
|  | * | 
|  | *	Locking: ctrl.lock | 
|  | */ | 
|  | int __tty_check_change(struct tty_struct *tty, int sig) | 
|  | { | 
|  | unsigned long flags; | 
|  | struct pid *pgrp, *tty_pgrp; | 
|  | int ret = 0; | 
|  |  | 
|  | if (current->signal->tty != tty) | 
|  | return 0; | 
|  |  | 
|  | rcu_read_lock(); | 
|  | pgrp = task_pgrp(current); | 
|  |  | 
|  | spin_lock_irqsave(&tty->ctrl.lock, flags); | 
|  | tty_pgrp = tty->ctrl.pgrp; | 
|  | spin_unlock_irqrestore(&tty->ctrl.lock, flags); | 
|  |  | 
|  | if (tty_pgrp && pgrp != tty_pgrp) { | 
|  | if (is_ignored(sig)) { | 
|  | if (sig == SIGTTIN) | 
|  | ret = -EIO; | 
|  | } else if (is_current_pgrp_orphaned()) | 
|  | ret = -EIO; | 
|  | else { | 
|  | kill_pgrp(pgrp, sig, 1); | 
|  | set_thread_flag(TIF_SIGPENDING); | 
|  | ret = -ERESTARTSYS; | 
|  | } | 
|  | } | 
|  | rcu_read_unlock(); | 
|  |  | 
|  | if (!tty_pgrp) | 
|  | tty_warn(tty, "sig=%d, tty->pgrp == NULL!\n", sig); | 
|  |  | 
|  | return ret; | 
|  | } | 
|  |  | 
|  | int tty_check_change(struct tty_struct *tty) | 
|  | { | 
|  | return __tty_check_change(tty, SIGTTOU); | 
|  | } | 
|  | EXPORT_SYMBOL(tty_check_change); | 
|  |  | 
|  | void proc_clear_tty(struct task_struct *p) | 
|  | { | 
|  | unsigned long flags; | 
|  | struct tty_struct *tty; | 
|  |  | 
|  | spin_lock_irqsave(&p->sighand->siglock, flags); | 
|  | tty = p->signal->tty; | 
|  | p->signal->tty = NULL; | 
|  | spin_unlock_irqrestore(&p->sighand->siglock, flags); | 
|  | tty_kref_put(tty); | 
|  | } | 
|  |  | 
|  | /** | 
|  | * __proc_set_tty -  set the controlling terminal | 
|  | *	@tty: tty structure | 
|  | * | 
|  | * Only callable by the session leader and only if it does not already have | 
|  | * a controlling terminal. | 
|  | * | 
|  | * Caller must hold:  tty_lock() | 
|  | *		      a readlock on tasklist_lock | 
|  | *		      sighand lock | 
|  | */ | 
|  | static void __proc_set_tty(struct tty_struct *tty) | 
|  | { | 
|  | unsigned long flags; | 
|  |  | 
|  | spin_lock_irqsave(&tty->ctrl.lock, flags); | 
|  | /* | 
|  | * The session and fg pgrp references will be non-NULL if | 
|  | * tiocsctty() is stealing the controlling tty | 
|  | */ | 
|  | put_pid(tty->ctrl.session); | 
|  | put_pid(tty->ctrl.pgrp); | 
|  | tty->ctrl.pgrp = get_pid(task_pgrp(current)); | 
|  | tty->ctrl.session = get_pid(task_session(current)); | 
|  | spin_unlock_irqrestore(&tty->ctrl.lock, flags); | 
|  | if (current->signal->tty) { | 
|  | tty_debug(tty, "current tty %s not NULL!!\n", | 
|  | current->signal->tty->name); | 
|  | tty_kref_put(current->signal->tty); | 
|  | } | 
|  | put_pid(current->signal->tty_old_pgrp); | 
|  | current->signal->tty = tty_kref_get(tty); | 
|  | current->signal->tty_old_pgrp = NULL; | 
|  | } | 
|  |  | 
|  | static void proc_set_tty(struct tty_struct *tty) | 
|  | { | 
|  | spin_lock_irq(¤t->sighand->siglock); | 
|  | __proc_set_tty(tty); | 
|  | spin_unlock_irq(¤t->sighand->siglock); | 
|  | } | 
|  |  | 
|  | /* | 
|  | * Called by tty_open() to set the controlling tty if applicable. | 
|  | */ | 
|  | void tty_open_proc_set_tty(struct file *filp, struct tty_struct *tty) | 
|  | { | 
|  | read_lock(&tasklist_lock); | 
|  | spin_lock_irq(¤t->sighand->siglock); | 
|  | if (current->signal->leader && | 
|  | !current->signal->tty && | 
|  | tty->ctrl.session == NULL) { | 
|  | /* | 
|  | * Don't let a process that only has write access to the tty | 
|  | * obtain the privileges associated with having a tty as | 
|  | * controlling terminal (being able to reopen it with full | 
|  | * access through /dev/tty, being able to perform pushback). | 
|  | * Many distributions set the group of all ttys to "tty" and | 
|  | * grant write-only access to all terminals for setgid tty | 
|  | * binaries, which should not imply full privileges on all ttys. | 
|  | * | 
|  | * This could theoretically break old code that performs open() | 
|  | * on a write-only file descriptor. In that case, it might be | 
|  | * necessary to also permit this if | 
|  | * inode_permission(inode, MAY_READ) == 0. | 
|  | */ | 
|  | if (filp->f_mode & FMODE_READ) | 
|  | __proc_set_tty(tty); | 
|  | } | 
|  | spin_unlock_irq(¤t->sighand->siglock); | 
|  | read_unlock(&tasklist_lock); | 
|  | } | 
|  |  | 
|  | struct tty_struct *get_current_tty(void) | 
|  | { | 
|  | struct tty_struct *tty; | 
|  | unsigned long flags; | 
|  |  | 
|  | spin_lock_irqsave(¤t->sighand->siglock, flags); | 
|  | tty = tty_kref_get(current->signal->tty); | 
|  | spin_unlock_irqrestore(¤t->sighand->siglock, flags); | 
|  | return tty; | 
|  | } | 
|  | EXPORT_SYMBOL_GPL(get_current_tty); | 
|  |  | 
|  | /* | 
|  | * Called from tty_release(). | 
|  | */ | 
|  | void session_clear_tty(struct pid *session) | 
|  | { | 
|  | struct task_struct *p; | 
|  |  | 
|  | do_each_pid_task(session, PIDTYPE_SID, p) { | 
|  | proc_clear_tty(p); | 
|  | } while_each_pid_task(session, PIDTYPE_SID, p); | 
|  | } | 
|  |  | 
|  | /** | 
|  | *	tty_signal_session_leader	- sends SIGHUP to session leader | 
|  | *	@tty: controlling tty | 
|  | *	@exit_session: if non-zero, signal all foreground group processes | 
|  | * | 
|  | *	Send SIGHUP and SIGCONT to the session leader and its process group. | 
|  | *	Optionally, signal all processes in the foreground process group. | 
|  | * | 
|  | *	Returns the number of processes in the session with this tty | 
|  | *	as their controlling terminal. This value is used to drop | 
|  | *	tty references for those processes. | 
|  | */ | 
|  | int tty_signal_session_leader(struct tty_struct *tty, int exit_session) | 
|  | { | 
|  | struct task_struct *p; | 
|  | int refs = 0; | 
|  | struct pid *tty_pgrp = NULL; | 
|  |  | 
|  | read_lock(&tasklist_lock); | 
|  | if (tty->ctrl.session) { | 
|  | do_each_pid_task(tty->ctrl.session, PIDTYPE_SID, p) { | 
|  | spin_lock_irq(&p->sighand->siglock); | 
|  | if (p->signal->tty == tty) { | 
|  | p->signal->tty = NULL; | 
|  | /* | 
|  | * We defer the dereferences outside of | 
|  | * the tasklist lock. | 
|  | */ | 
|  | refs++; | 
|  | } | 
|  | if (!p->signal->leader) { | 
|  | spin_unlock_irq(&p->sighand->siglock); | 
|  | continue; | 
|  | } | 
|  | __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p); | 
|  | __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p); | 
|  | put_pid(p->signal->tty_old_pgrp);  /* A noop */ | 
|  | spin_lock(&tty->ctrl.lock); | 
|  | tty_pgrp = get_pid(tty->ctrl.pgrp); | 
|  | if (tty->ctrl.pgrp) | 
|  | p->signal->tty_old_pgrp = | 
|  | get_pid(tty->ctrl.pgrp); | 
|  | spin_unlock(&tty->ctrl.lock); | 
|  | spin_unlock_irq(&p->sighand->siglock); | 
|  | } while_each_pid_task(tty->ctrl.session, PIDTYPE_SID, p); | 
|  | } | 
|  | read_unlock(&tasklist_lock); | 
|  |  | 
|  | if (tty_pgrp) { | 
|  | if (exit_session) | 
|  | kill_pgrp(tty_pgrp, SIGHUP, exit_session); | 
|  | put_pid(tty_pgrp); | 
|  | } | 
|  |  | 
|  | return refs; | 
|  | } | 
|  |  | 
|  | /** | 
|  | *	disassociate_ctty	-	disconnect controlling tty | 
|  | *	@on_exit: true if exiting so need to "hang up" the session | 
|  | * | 
|  | *	This function is typically called only by the session leader, when | 
|  | *	it wants to disassociate itself from its controlling tty. | 
|  | * | 
|  | *	It performs the following functions: | 
|  | *	(1)  Sends a SIGHUP and SIGCONT to the foreground process group | 
|  | *	(2)  Clears the tty from being controlling the session | 
|  | *	(3)  Clears the controlling tty for all processes in the | 
|  | *		session group. | 
|  | * | 
|  | *	The argument on_exit is set to 1 if called when a process is | 
|  | *	exiting; it is 0 if called by the ioctl TIOCNOTTY. | 
|  | * | 
|  | *	Locking: | 
|  | *		BTM is taken for hysterical raisons, and held when | 
|  | *		  called from no_tty(). | 
|  | *		  tty_mutex is taken to protect tty | 
|  | *		  ->siglock is taken to protect ->signal/->sighand | 
|  | *		  tasklist_lock is taken to walk process list for sessions | 
|  | *		    ->siglock is taken to protect ->signal/->sighand | 
|  | */ | 
|  | void disassociate_ctty(int on_exit) | 
|  | { | 
|  | struct tty_struct *tty; | 
|  |  | 
|  | if (!current->signal->leader) | 
|  | return; | 
|  |  | 
|  | tty = get_current_tty(); | 
|  | if (tty) { | 
|  | if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) { | 
|  | tty_vhangup_session(tty); | 
|  | } else { | 
|  | struct pid *tty_pgrp = tty_get_pgrp(tty); | 
|  |  | 
|  | if (tty_pgrp) { | 
|  | kill_pgrp(tty_pgrp, SIGHUP, on_exit); | 
|  | if (!on_exit) | 
|  | kill_pgrp(tty_pgrp, SIGCONT, on_exit); | 
|  | put_pid(tty_pgrp); | 
|  | } | 
|  | } | 
|  | tty_kref_put(tty); | 
|  |  | 
|  | } else if (on_exit) { | 
|  | struct pid *old_pgrp; | 
|  |  | 
|  | spin_lock_irq(¤t->sighand->siglock); | 
|  | old_pgrp = current->signal->tty_old_pgrp; | 
|  | current->signal->tty_old_pgrp = NULL; | 
|  | spin_unlock_irq(¤t->sighand->siglock); | 
|  | if (old_pgrp) { | 
|  | kill_pgrp(old_pgrp, SIGHUP, on_exit); | 
|  | kill_pgrp(old_pgrp, SIGCONT, on_exit); | 
|  | put_pid(old_pgrp); | 
|  | } | 
|  | return; | 
|  | } | 
|  |  | 
|  | spin_lock_irq(¤t->sighand->siglock); | 
|  | put_pid(current->signal->tty_old_pgrp); | 
|  | current->signal->tty_old_pgrp = NULL; | 
|  | tty = tty_kref_get(current->signal->tty); | 
|  | spin_unlock_irq(¤t->sighand->siglock); | 
|  |  | 
|  | if (tty) { | 
|  | unsigned long flags; | 
|  |  | 
|  | tty_lock(tty); | 
|  | spin_lock_irqsave(&tty->ctrl.lock, flags); | 
|  | put_pid(tty->ctrl.session); | 
|  | put_pid(tty->ctrl.pgrp); | 
|  | tty->ctrl.session = NULL; | 
|  | tty->ctrl.pgrp = NULL; | 
|  | spin_unlock_irqrestore(&tty->ctrl.lock, flags); | 
|  | tty_unlock(tty); | 
|  | tty_kref_put(tty); | 
|  | } | 
|  |  | 
|  | /* Now clear signal->tty under the lock */ | 
|  | read_lock(&tasklist_lock); | 
|  | session_clear_tty(task_session(current)); | 
|  | read_unlock(&tasklist_lock); | 
|  | } | 
|  |  | 
|  | /* | 
|  | * | 
|  | *	no_tty	- Ensure the current process does not have a controlling tty | 
|  | */ | 
|  | void no_tty(void) | 
|  | { | 
|  | /* | 
|  | * FIXME: Review locking here. The tty_lock never covered any race | 
|  | * between a new association and proc_clear_tty but possibly we need | 
|  | * to protect against this anyway. | 
|  | */ | 
|  | struct task_struct *tsk = current; | 
|  |  | 
|  | disassociate_ctty(0); | 
|  | proc_clear_tty(tsk); | 
|  | } | 
|  |  | 
|  | /** | 
|  | *	tiocsctty	-	set controlling tty | 
|  | *	@tty: tty structure | 
|  | *	@file: file structure used to check permissions | 
|  | *	@arg: user argument | 
|  | * | 
|  | *	This ioctl is used to manage job control. It permits a session | 
|  | *	leader to set this tty as the controlling tty for the session. | 
|  | * | 
|  | *	Locking: | 
|  | *		Takes tty_lock() to serialize proc_set_tty() for this tty | 
|  | *		Takes tasklist_lock internally to walk sessions | 
|  | *		Takes ->siglock() when updating signal->tty | 
|  | */ | 
|  | static int tiocsctty(struct tty_struct *tty, struct file *file, int arg) | 
|  | { | 
|  | int ret = 0; | 
|  |  | 
|  | tty_lock(tty); | 
|  | read_lock(&tasklist_lock); | 
|  |  | 
|  | if (current->signal->leader && | 
|  | task_session(current) == tty->ctrl.session) | 
|  | goto unlock; | 
|  |  | 
|  | /* | 
|  | * The process must be a session leader and | 
|  | * not have a controlling tty already. | 
|  | */ | 
|  | if (!current->signal->leader || current->signal->tty) { | 
|  | ret = -EPERM; | 
|  | goto unlock; | 
|  | } | 
|  |  | 
|  | if (tty->ctrl.session) { | 
|  | /* | 
|  | * This tty is already the controlling | 
|  | * tty for another session group! | 
|  | */ | 
|  | if (arg == 1 && capable(CAP_SYS_ADMIN)) { | 
|  | /* | 
|  | * Steal it away | 
|  | */ | 
|  | session_clear_tty(tty->ctrl.session); | 
|  | } else { | 
|  | ret = -EPERM; | 
|  | goto unlock; | 
|  | } | 
|  | } | 
|  |  | 
|  | /* See the comment in tty_open_proc_set_tty(). */ | 
|  | if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) { | 
|  | ret = -EPERM; | 
|  | goto unlock; | 
|  | } | 
|  |  | 
|  | proc_set_tty(tty); | 
|  | unlock: | 
|  | read_unlock(&tasklist_lock); | 
|  | tty_unlock(tty); | 
|  | return ret; | 
|  | } | 
|  |  | 
|  | /** | 
|  | *	tty_get_pgrp	-	return a ref counted pgrp pid | 
|  | *	@tty: tty to read | 
|  | * | 
|  | *	Returns a refcounted instance of the pid struct for the process | 
|  | *	group controlling the tty. | 
|  | */ | 
|  | struct pid *tty_get_pgrp(struct tty_struct *tty) | 
|  | { | 
|  | unsigned long flags; | 
|  | struct pid *pgrp; | 
|  |  | 
|  | spin_lock_irqsave(&tty->ctrl.lock, flags); | 
|  | pgrp = get_pid(tty->ctrl.pgrp); | 
|  | spin_unlock_irqrestore(&tty->ctrl.lock, flags); | 
|  |  | 
|  | return pgrp; | 
|  | } | 
|  | EXPORT_SYMBOL_GPL(tty_get_pgrp); | 
|  |  | 
|  | /* | 
|  | * This checks not only the pgrp, but falls back on the pid if no | 
|  | * satisfactory pgrp is found. I dunno - gdb doesn't work correctly | 
|  | * without this... | 
|  | * | 
|  | * The caller must hold rcu lock or the tasklist lock. | 
|  | */ | 
|  | static struct pid *session_of_pgrp(struct pid *pgrp) | 
|  | { | 
|  | struct task_struct *p; | 
|  | struct pid *sid = NULL; | 
|  |  | 
|  | p = pid_task(pgrp, PIDTYPE_PGID); | 
|  | if (p == NULL) | 
|  | p = pid_task(pgrp, PIDTYPE_PID); | 
|  | if (p != NULL) | 
|  | sid = task_session(p); | 
|  |  | 
|  | return sid; | 
|  | } | 
|  |  | 
|  | /** | 
|  | *	tiocgpgrp		-	get process group | 
|  | *	@tty: tty passed by user | 
|  | *	@real_tty: tty side of the tty passed by the user if a pty else the tty | 
|  | *	@p: returned pid | 
|  | * | 
|  | *	Obtain the process group of the tty. If there is no process group | 
|  | *	return an error. | 
|  | * | 
|  | *	Locking: none. Reference to current->signal->tty is safe. | 
|  | */ | 
|  | static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) | 
|  | { | 
|  | struct pid *pid; | 
|  | int ret; | 
|  | /* | 
|  | * (tty == real_tty) is a cheap way of | 
|  | * testing if the tty is NOT a master pty. | 
|  | */ | 
|  | if (tty == real_tty && current->signal->tty != real_tty) | 
|  | return -ENOTTY; | 
|  | pid = tty_get_pgrp(real_tty); | 
|  | ret =  put_user(pid_vnr(pid), p); | 
|  | put_pid(pid); | 
|  | return ret; | 
|  | } | 
|  |  | 
|  | /** | 
|  | *	tiocspgrp		-	attempt to set process group | 
|  | *	@tty: tty passed by user | 
|  | *	@real_tty: tty side device matching tty passed by user | 
|  | *	@p: pid pointer | 
|  | * | 
|  | *	Set the process group of the tty to the session passed. Only | 
|  | *	permitted where the tty session is our session. | 
|  | * | 
|  | *	Locking: RCU, ctrl lock | 
|  | */ | 
|  | static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) | 
|  | { | 
|  | struct pid *pgrp; | 
|  | pid_t pgrp_nr; | 
|  | int retval = tty_check_change(real_tty); | 
|  |  | 
|  | if (retval == -EIO) | 
|  | return -ENOTTY; | 
|  | if (retval) | 
|  | return retval; | 
|  |  | 
|  | if (get_user(pgrp_nr, p)) | 
|  | return -EFAULT; | 
|  | if (pgrp_nr < 0) | 
|  | return -EINVAL; | 
|  |  | 
|  | spin_lock_irq(&real_tty->ctrl.lock); | 
|  | if (!current->signal->tty || | 
|  | (current->signal->tty != real_tty) || | 
|  | (real_tty->ctrl.session != task_session(current))) { | 
|  | retval = -ENOTTY; | 
|  | goto out_unlock_ctrl; | 
|  | } | 
|  | rcu_read_lock(); | 
|  | pgrp = find_vpid(pgrp_nr); | 
|  | retval = -ESRCH; | 
|  | if (!pgrp) | 
|  | goto out_unlock; | 
|  | retval = -EPERM; | 
|  | if (session_of_pgrp(pgrp) != task_session(current)) | 
|  | goto out_unlock; | 
|  | retval = 0; | 
|  | put_pid(real_tty->ctrl.pgrp); | 
|  | real_tty->ctrl.pgrp = get_pid(pgrp); | 
|  | out_unlock: | 
|  | rcu_read_unlock(); | 
|  | out_unlock_ctrl: | 
|  | spin_unlock_irq(&real_tty->ctrl.lock); | 
|  | return retval; | 
|  | } | 
|  |  | 
|  | /** | 
|  | *	tiocgsid		-	get session id | 
|  | *	@tty: tty passed by user | 
|  | *	@real_tty: tty side of the tty passed by the user if a pty else the tty | 
|  | *	@p: pointer to returned session id | 
|  | * | 
|  | *	Obtain the session id of the tty. If there is no session | 
|  | *	return an error. | 
|  | */ | 
|  | static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) | 
|  | { | 
|  | unsigned long flags; | 
|  | pid_t sid; | 
|  |  | 
|  | /* | 
|  | * (tty == real_tty) is a cheap way of | 
|  | * testing if the tty is NOT a master pty. | 
|  | */ | 
|  | if (tty == real_tty && current->signal->tty != real_tty) | 
|  | return -ENOTTY; | 
|  |  | 
|  | spin_lock_irqsave(&real_tty->ctrl.lock, flags); | 
|  | if (!real_tty->ctrl.session) | 
|  | goto err; | 
|  | sid = pid_vnr(real_tty->ctrl.session); | 
|  | spin_unlock_irqrestore(&real_tty->ctrl.lock, flags); | 
|  |  | 
|  | return put_user(sid, p); | 
|  |  | 
|  | err: | 
|  | spin_unlock_irqrestore(&real_tty->ctrl.lock, flags); | 
|  | return -ENOTTY; | 
|  | } | 
|  |  | 
|  | /* | 
|  | * Called from tty_ioctl(). If tty is a pty then real_tty is the slave side, | 
|  | * if not then tty == real_tty. | 
|  | */ | 
|  | long tty_jobctrl_ioctl(struct tty_struct *tty, struct tty_struct *real_tty, | 
|  | struct file *file, unsigned int cmd, unsigned long arg) | 
|  | { | 
|  | void __user *p = (void __user *)arg; | 
|  |  | 
|  | switch (cmd) { | 
|  | case TIOCNOTTY: | 
|  | if (current->signal->tty != tty) | 
|  | return -ENOTTY; | 
|  | no_tty(); | 
|  | return 0; | 
|  | case TIOCSCTTY: | 
|  | return tiocsctty(real_tty, file, arg); | 
|  | case TIOCGPGRP: | 
|  | return tiocgpgrp(tty, real_tty, p); | 
|  | case TIOCSPGRP: | 
|  | return tiocspgrp(tty, real_tty, p); | 
|  | case TIOCGSID: | 
|  | return tiocgsid(tty, real_tty, p); | 
|  | } | 
|  | return -ENOIOCTLCMD; | 
|  | } |