1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
27 /* All Rights Reserved */
28
29
30 #pragma ident "%Z%%M% %I% %E% SMI"
31
32 #include <sys/types.h>
33 #include <sys/sysmacros.h>
34 #include <sys/param.h>
35 #include <sys/systm.h>
36 #include <sys/file.h>
37 #include <sys/vnode.h>
38 #include <sys/errno.h>
39 #include <sys/signal.h>
40 #include <sys/cred.h>
41 #include <sys/policy.h>
42 #include <sys/conf.h>
43 #include <sys/debug.h>
44 #include <sys/proc.h>
45 #include <sys/session.h>
46 #include <sys/kmem.h>
47 #include <sys/cmn_err.h>
48 #include <sys/strsubr.h>
49 #include <sys/fs/snode.h>
50
51 sess_t session0 = {
52 &pid0, /* s_sidp */
53 {0}, /* s_lock */
54 1, /* s_ref */
55 B_FALSE, /* s_sighuped */
56 B_FALSE, /* s_exit */
57 0, /* s_exit_cv */
58 0, /* s_cnt */
59 0, /* s_cnt_cv */
60 NODEV, /* s_dev */
61 NULL, /* s_vp */
62 NULL /* s_cred */
63 };
64
65 void
66 sess_hold(proc_t *p)
67 {
68 ASSERT(MUTEX_HELD(&pidlock) || MUTEX_HELD(&p->p_splock));
69 mutex_enter(&p->p_sessp->s_lock);
70 p->p_sessp->s_ref++;
71 mutex_exit(&p->p_sessp->s_lock);
72 }
73
74 void
75 sess_rele(sess_t *sp, boolean_t pidlock_held)
76 {
77 ASSERT(MUTEX_HELD(&pidlock) || !pidlock_held);
78
79 mutex_enter(&sp->s_lock);
80
81 ASSERT(sp->s_ref != 0);
82 if (--sp->s_ref > 0) {
83 mutex_exit(&sp->s_lock);
84 return;
85 }
86 ASSERT(sp->s_ref == 0);
87
88 /*
89 * It's ok to free this session structure now because we know
90 * that no one else can have a pointer to it. We know this
91 * to be true because the only time that s_ref can possibly
92 * be incremented is when pidlock or p_splock is held AND there
93 * is a proc_t that points to that session structure. In that
94 * case we are guaranteed that the s_ref is at least 1 since there
95 * is a proc_t that points to it. So when s_ref finally drops to
96 * zero then no one else has a reference (and hence pointer) to
97 * this session structure and there is no valid proc_t pointing
98 * to this session structure anymore so, no one can acquire a
99 * reference (and pointer) to this session structure so it's
100 * ok to free it here.
101 */
102
103 if (sp == &session0)
104 panic("sp == &session0");
105
106 /* make sure there are no outstanding holds */
107 ASSERT(sp->s_cnt == 0);
108
109 /* make sure there is no exit in progress */
110 ASSERT(!sp->s_exit);
111
112 /* make sure someone already freed any ctty */
113 ASSERT(sp->s_vp == NULL);
114 ASSERT(sp->s_dev == NODEV);
115
116 if (!pidlock_held)
117 mutex_enter(&pidlock);
118 PID_RELE(sp->s_sidp);
119 if (!pidlock_held)
120 mutex_exit(&pidlock);
121
122 mutex_destroy(&sp->s_lock);
123 cv_destroy(&sp->s_cnt_cv);
124 kmem_free(sp, sizeof (sess_t));
125 }
126
127 sess_t *
128 tty_hold(void)
129 {
130 proc_t *p = curproc;
131 sess_t *sp;
132 boolean_t got_sig = B_FALSE;
133
134 /* make sure the caller isn't holding locks they shouldn't */
135 ASSERT(MUTEX_NOT_HELD(&pidlock));
136
137 for (;;) {
138 mutex_enter(&p->p_splock); /* protect p->p_sessp */
139 sp = p->p_sessp;
140 mutex_enter(&sp->s_lock); /* protect sp->* */
141
142 /* make sure the caller isn't holding locks they shouldn't */
143 ASSERT((sp->s_vp == NULL) ||
144 MUTEX_NOT_HELD(&sp->s_vp->v_stream->sd_lock));
145
146 /*
147 * If the session leader process is not exiting (and hence
148 * not trying to release the session's ctty) then we can
149 * safely grab a hold on the current session structure
150 * and return it. If on the other hand the session leader
151 * process is exiting and clearing the ctty then we'll
152 * wait till it's done before we loop around and grab a
153 * hold on the session structure.
154 */
155 if (!sp->s_exit)
156 break;
157
158 /* need to hold the session so it can't be freed */
159 sp->s_ref++;
160 mutex_exit(&p->p_splock);
161
162 /* Wait till the session leader is done */
163 if (!cv_wait_sig(&sp->s_exit_cv, &sp->s_lock))
164 got_sig = B_TRUE;
165
166 /*
167 * Now we need to drop our hold on the session structure,
168 * but we can't hold any locks when we do this because
169 * sess_rele() may need to acquire pidlock.
170 */
171 mutex_exit(&sp->s_lock);
172 sess_rele(sp, B_FALSE);
173
174 if (got_sig)
175 return (NULL);
176 }
177
178 /* whew, we finally got a hold */
179 sp->s_cnt++;
180 sp->s_ref++;
181 mutex_exit(&sp->s_lock);
182 mutex_exit(&p->p_splock);
183 return (sp);
184 }
185
186 void
187 tty_rele(sess_t *sp)
188 {
189 /* make sure the caller isn't holding locks they shouldn't */
190 ASSERT(MUTEX_NOT_HELD(&pidlock));
191
192 mutex_enter(&sp->s_lock);
193 if ((--sp->s_cnt) == 0)
194 cv_broadcast(&sp->s_cnt_cv);
195 mutex_exit(&sp->s_lock);
196
197 sess_rele(sp, B_FALSE);
198 }
199
200 void
201 sess_create(void)
202 {
203 proc_t *p = curproc;
204 sess_t *sp, *old_sp;
205
206 sp = kmem_zalloc(sizeof (sess_t), KM_SLEEP);
207
208 mutex_init(&sp->s_lock, NULL, MUTEX_DEFAULT, NULL);
209 cv_init(&sp->s_cnt_cv, NULL, CV_DEFAULT, NULL);
210
211 /*
212 * we need to grap p_lock to protect p_pgidp because
213 * /proc looks at p_pgidp while holding only p_lock.
214 *
215 * we don't need to hold p->p_sessp->s_lock or get a hold on the
216 * session structure since we're not actually updating any of
217 * the contents of the old session structure.
218 */
219 mutex_enter(&pidlock);
220 mutex_enter(&p->p_lock);
221 mutex_enter(&p->p_splock);
222
223 pgexit(p);
224
225 sp->s_sidp = p->p_pidp;
226 sp->s_ref = 1;
227 sp->s_dev = NODEV;
228
229 old_sp = p->p_sessp;
230 p->p_sessp = sp;
231
232 pgjoin(p, p->p_pidp);
233 PID_HOLD(p->p_pidp);
234
235 mutex_exit(&p->p_splock);
236 mutex_exit(&p->p_lock);
237 mutex_exit(&pidlock);
238
239 sess_rele(old_sp, B_FALSE);
240 }
241
242 /*
243 * Note that sess_ctty_clear() resets all the fields in the session
244 * structure but doesn't release any holds or free any objects
245 * that the session structure might currently point to. it is the
246 * callers responsibility to do this.
247 */
248 static void
249 sess_ctty_clear(sess_t *sp, stdata_t *stp)
250 {
251 /*
252 * Assert that we hold all the necessary locks. We also need
253 * to be holding proc_t->p_splock for the process associated
254 * with this session, but since we don't have a proc pointer
255 * passed in we can't assert this here.
256 */
257 ASSERT(MUTEX_HELD(&stp->sd_lock) && MUTEX_HELD(&pidlock) &&
258 MUTEX_HELD(&sp->s_lock));
259
260 /* reset the session structure members to defaults */
261 sp->s_sighuped = B_FALSE;
262 sp->s_dev = NODEV;
263 sp->s_vp = NULL;
264 sp->s_cred = NULL;
265
266 /* reset the stream session and group pointers */
267 stp->sd_pgidp = NULL;
268 stp->sd_sidp = NULL;
269 }
270
271 static void
272 sess_ctty_set(proc_t *p, sess_t *sp, stdata_t *stp)
273 {
274 cred_t *crp;
275
276 /* Assert that we hold all the necessary locks. */
277 ASSERT(MUTEX_HELD(&stp->sd_lock) && MUTEX_HELD(&pidlock) &&
278 MUTEX_HELD(&p->p_splock) && MUTEX_HELD(&sp->s_lock));
279
280 /* get holds on structures */
281 mutex_enter(&p->p_crlock);
282 crhold(crp = p->p_cred);
283 mutex_exit(&p->p_crlock);
284 PID_HOLD(sp->s_sidp); /* requires pidlock */
285 PID_HOLD(sp->s_sidp); /* requires pidlock */
286
287 /* update the session structure members */
288 sp->s_vp = makectty(stp->sd_vnode);
289 sp->s_dev = sp->s_vp->v_rdev;
290 sp->s_cred = crp;
291
292 /* update the stream emebers */
293 stp->sd_flag |= STRISTTY; /* just to be sure */
294 stp->sd_sidp = sp->s_sidp;
295 stp->sd_pgidp = sp->s_sidp;
296 }
297
298 int
299 strctty(stdata_t *stp)
300 {
301 sess_t *sp;
302 proc_t *p = curproc;
303 boolean_t got_sig = B_FALSE;
304
305 /*
306 * We are going to try to make stp the default ctty for the session
307 * associated with curproc. Not only does this require holding a
308 * bunch of locks but it also requires waiting for any outstanding
309 * holds on the session structure (acquired via tty_hold()) to be
310 * released. Hence, we have the following for(;;) loop that will
311 * acquire our locks, do some sanity checks, and wait for the hold
312 * count on the session structure to hit zero. If we get a signal
313 * while waiting for outstanding holds to be released then we abort
314 * the operation and return.
315 */
316 for (;;) {
317 mutex_enter(&stp->sd_lock); /* protects sd_pgidp/sd_sidp */
318 mutex_enter(&pidlock); /* protects p_pidp */
319 mutex_enter(&p->p_splock); /* protects p_sessp */
320 sp = p->p_sessp;
321 mutex_enter(&sp->s_lock); /* protects sp->* */
322
323 if (((stp->sd_flag & (STRHUP|STRDERR|STWRERR|STPLEX)) != 0) ||
324 (stp->sd_sidp != NULL) || /* stp already ctty? */
325 (p->p_pidp != sp->s_sidp) || /* we're not leader? */
326 (sp->s_vp != NULL)) { /* session has ctty? */
327 mutex_exit(&sp->s_lock);
328 mutex_exit(&p->p_splock);
329 mutex_exit(&pidlock);
330 mutex_exit(&stp->sd_lock);
331 return (ENOTTY);
332 }
333
334 /* sanity check. we can't be exiting right now */
335 ASSERT(!sp->s_exit);
336
337 /*
338 * If no one else has a hold on this session structure
339 * then we now have exclusive access to it, so break out
340 * of this loop and update the session structure.
341 */
342 if (sp->s_cnt == 0)
343 break;
344
345 /* need to hold the session so it can't be freed */
346 sp->s_ref++;
347
348 /* ain't locking order fun? */
349 mutex_exit(&p->p_splock);
350 mutex_exit(&pidlock);
351 mutex_exit(&stp->sd_lock);
352
353 if (!cv_wait_sig(&sp->s_cnt_cv, &sp->s_lock))
354 got_sig = B_TRUE;
355 mutex_exit(&sp->s_lock);
356 sess_rele(sp, B_FALSE);
357
358 if (got_sig)
359 return (EINTR);
360 }
361
362 /* set the session ctty bindings */
363 sess_ctty_set(p, sp, stp);
364
365 mutex_exit(&sp->s_lock);
366 mutex_exit(&p->p_splock);
367 mutex_exit(&pidlock);
368 mutex_exit(&stp->sd_lock);
369 return (0);
370 }
371
372 /*
373 * freectty_lock() attempts to acquire the army of locks required to free
374 * the ctty associated with a given session leader process. If it returns
375 * successfully the following locks will be held:
376 * sd_lock, pidlock, p_splock, s_lock
377 *
378 * as a secondary bit of convenience, freectty_lock() will also return
379 * pointers to the session, ctty, and ctty stream associated with the
380 * specified session leader process.
381 */
382 static boolean_t
383 freectty_lock(proc_t *p, sess_t **spp, vnode_t **vpp, stdata_t **stpp,
384 boolean_t at_exit)
385 {
386 sess_t *sp;
387 vnode_t *vp;
388 stdata_t *stp;
389
390 mutex_enter(&pidlock); /* protect p_pidp */
391 mutex_enter(&p->p_splock); /* protect p->p_sessp */
392 sp = p->p_sessp;
393 mutex_enter(&sp->s_lock); /* protect sp->* */
394
395 if ((sp->s_sidp != p->p_pidp) || /* we're not leader? */
396 (sp->s_vp == NULL)) { /* no ctty? */
397 mutex_exit(&sp->s_lock);
398 mutex_exit(&p->p_splock);
399 mutex_exit(&pidlock);
400 return (B_FALSE);
401 }
402
403 vp = sp->s_vp;
404 stp = sp->s_vp->v_stream;
405
406 if (at_exit) {
407 /* stop anyone else calling tty_hold() */
408 sp->s_exit = B_TRUE;
409 } else {
410 /*
411 * due to locking order we have to grab stp->sd_lock before
412 * grabbing all the other proc/session locks. but after we
413 * drop all our current locks it's possible that someone
414 * could come in and change our current session or close
415 * the current ctty (vp) there by making sp or stp invalid.
416 * (a VN_HOLD on vp won't protect stp because that only
417 * prevents the vnode from being freed not closed.) so
418 * to prevent this we bump s_ref and s_cnt here.
419 *
420 * course this doesn't matter if we're the last thread in
421 * an exiting process that is the session leader, since no
422 * one else can change our session or free our ctty.
423 */
424 sp->s_ref++; /* hold the session structure */
425 sp->s_cnt++; /* protect vp and stp */
426 }
427
428 /* drop our session locks */
429 mutex_exit(&sp->s_lock);
430 mutex_exit(&p->p_splock);
431 mutex_exit(&pidlock);
432
433 /* grab locks in the right order */
434 mutex_enter(&stp->sd_lock); /* protects sd_pgidp/sd_sidp */
435 mutex_enter(&pidlock); /* protect p_pidp */
436 mutex_enter(&p->p_splock); /* protects p->p_sessp */
437 mutex_enter(&sp->s_lock); /* protects sp->* */
438
439 /* if the session has changed, abort mission */
440 if (sp != p->p_sessp) {
441 /*
442 * this can't happen during process exit since we're the
443 * only thread in the process and we sure didn't change
444 * our own session at this point.
445 */
446 ASSERT(!at_exit);
447
448 /* release our locks and holds */
449 mutex_exit(&sp->s_lock);
450 mutex_exit(&p->p_splock);
451 mutex_exit(&pidlock);
452 mutex_exit(&stp->sd_lock);
453 tty_rele(sp);
454 return (B_FALSE);
455 }
456
457 /*
458 * sanity checks. none of this should have changed since we had
459 * holds on the current ctty.
460 */
461 ASSERT(sp->s_sidp == p->p_pidp); /* we're the leader */
462 ASSERT(sp->s_vp != NULL); /* a ctty exists */
463 ASSERT(vp == sp->s_vp);
464 ASSERT(stp == sp->s_vp->v_stream);
465
466 /* release our holds */
467 if (!at_exit) {
468 if ((--(sp)->s_cnt) == 0)
469 cv_broadcast(&sp->s_cnt_cv);
470 sp->s_ref--;
471 ASSERT(sp->s_ref > 0);
472 }
473
474 /* return our pointers */
475 *spp = sp;
476 *vpp = vp;
477 *stpp = stp;
478
479 return (B_TRUE);
480 }
481
482 /*
483 * Returns B_FALSE if no signal is sent to the process group associated with
484 * this ctty. Returns B_TRUE if a signal is sent to the process group.
485 * If it return B_TRUE it also means that all the locks we were holding
486 * were dropped so that we could send the signal.
487 */
488 static boolean_t
489 freectty_signal(proc_t *p, sess_t *sp, stdata_t *stp, boolean_t at_exit)
490 {
491 /* Assert that we hold all the necessary locks. */
492 ASSERT(MUTEX_HELD(&stp->sd_lock) && MUTEX_HELD(&pidlock) &&
493 MUTEX_HELD(&p->p_splock) && MUTEX_HELD(&sp->s_lock));
494
495 /* check if we already signaled this group */
496 if (sp->s_sighuped)
497 return (B_FALSE);
498
499 sp->s_sighuped = B_TRUE;
500
501 if (!at_exit) {
502 /*
503 * once again, we're about to drop our army of locks and we
504 * don't want sp or stp to be freed. (see the comment in
505 * freectty_lock())
506 */
507 sp->s_ref++; /* hold the session structure */
508 sp->s_cnt++; /* protect vp and stp */
509 }
510
511 /* can't hold these locks while calling pgsignal() */
512 mutex_exit(&sp->s_lock);
513 mutex_exit(&p->p_splock);
514 mutex_exit(&pidlock);
515
516 /* signal anyone in the foreground process group */
517 pgsignal(stp->sd_pgidp, SIGHUP);
518
519 /* signal anyone blocked in poll on this stream */
520 if (!(stp->sd_flag & STRHUP))
521 strhup(stp);
522
523 mutex_exit(&stp->sd_lock);
524
525 /* release our holds */
526 if (!at_exit)
527 tty_rele(sp);
528
529 return (B_TRUE);
530 }
531
532 int
533 freectty(boolean_t at_exit)
534 {
535 proc_t *p = curproc;
536 stdata_t *stp;
537 vnode_t *vp;
538 cred_t *cred;
539 sess_t *sp;
540 struct pid *pgidp, *sidp;
541 boolean_t got_sig = B_FALSE;
542
543 /*
544 * If the current process is a session leader we are going to
545 * try to release the ctty associated our current session. To
546 * do this we need to acquire a bunch of locks, signal any
547 * processes in the forground that are associated with the ctty,
548 * and make sure no one has any outstanding holds on the current
549 * session * structure (acquired via tty_hold()). Hence, we have
550 * the following for(;;) loop that will do all this work for
551 * us and break out when the hold count on the session structure
552 * hits zero.
553 */
554 for (;;) {
555 if (!freectty_lock(p, &sp, &vp, &stp, at_exit))
556 return (EIO);
557
558 if (freectty_signal(p, sp, stp, at_exit)) {
559 /* loop around to re-acquire locks */
560 continue;
561 }
562
563 /*
564 * Only a session leader process can free a ctty. So if
565 * we've made it here we know we're a session leader and
566 * if we're not actively exiting it impossible for another
567 * thread in this process to be exiting. (Because that
568 * thread would have already stopped all other threads
569 * in the current process.)
570 */
571 ASSERT(at_exit || !sp->s_exit);
572
573 /*
574 * If no one else has a hold on this session structure
575 * then we now have exclusive access to it, so break out
576 * of this loop and update the session structure.
577 */
578 if (sp->s_cnt == 0)
579 break;
580
581 if (!at_exit) {
582 /* need to hold the session so it can't be freed */
583 sp->s_ref++;
584 }
585
586 /* ain't locking order fun? */
587 mutex_exit(&p->p_splock);
588 mutex_exit(&pidlock);
589 mutex_exit(&stp->sd_lock);
590
591 if (at_exit) {
592 /*
593 * if we're exiting then we can't allow this operation
594 * to fail so we do a cw_wait() instead of a
595 * cv_wait_sig(). if there are threads with active
596 * holds on this ctty that are blocked, then
597 * they should only be blocked in a cv_wait_sig()
598 * and hopefully they were in the foreground process
599 * group and recieved the SIGHUP we sent above. of
600 * course it's possible that they weren't in the
601 * foreground process group and didn't get our
602 * signal (or they could be stopped by job control
603 * in which case our signal wouldn't matter until
604 * they are restarted). in this case we won't
605 * exit until someone else sends them a signal.
606 */
607 cv_wait(&sp->s_cnt_cv, &sp->s_lock);
608 mutex_exit(&sp->s_lock);
609 continue;
610 }
611
612 if (!cv_wait_sig(&sp->s_cnt_cv, &sp->s_lock)) {
613 got_sig = B_TRUE;
614 }
615
616 mutex_exit(&sp->s_lock);
617 sess_rele(sp, B_FALSE);
618
619 if (got_sig)
620 return (EINTR);
621 }
622 ASSERT(sp->s_cnt == 0);
623
624 /* save some pointers for later */
625 cred = sp->s_cred;
626 pgidp = stp->sd_pgidp;
627 sidp = stp->sd_sidp;
628
629 /* clear the session ctty bindings */
630 sess_ctty_clear(sp, stp);
631
632 /* wake up anyone blocked in tty_hold() */
633 if (at_exit) {
634 ASSERT(sp->s_exit);
635 sp->s_exit = B_FALSE;
636 cv_broadcast(&sp->s_exit_cv);
637 }
638
639 /* we can drop these locks now */
640 mutex_exit(&sp->s_lock);
641 mutex_exit(&p->p_splock);
642 mutex_exit(&pidlock);
643 mutex_exit(&stp->sd_lock);
644
645 /* This is the only remaining thread with access to this vnode */
646 (void) VOP_CLOSE(vp, 0, 1, (offset_t)0, cred, NULL);
647 VN_RELE(vp);
648 crfree(cred);
649
650 /* release our holds on assorted structures and return */
651 mutex_enter(&pidlock);
652 PID_RELE(pgidp);
653 PID_RELE(sidp);
654 mutex_exit(&pidlock);
655
656 return (1);
657 }
658
659 /*
660 * ++++++++++++++++++++++++
661 * ++ SunOS4.1 Buyback ++
662 * ++++++++++++++++++++++++
663 *
664 * vhangup: Revoke access of the current tty by all processes
665 * Used by privileged users to give a "clean" terminal at login
666 */
667 int
668 vhangup(void)
669 {
670 if (secpolicy_sys_config(CRED(), B_FALSE) != 0)
671 return (set_errno(EPERM));
672 /*
673 * This routine used to call freectty() under a condition that
674 * could never happen. So this code has never actually done
675 * anything, and evidently nobody has ever noticed.
676 */
677 return (0);
678 }
679
680 dev_t
681 cttydev(proc_t *pp)
682 {
683 sess_t *sp;
684 dev_t dev;
685
686 mutex_enter(&pp->p_splock); /* protects p->p_sessp */
687 sp = pp->p_sessp;
688
689 #ifdef DEBUG
690 mutex_enter(&sp->s_lock); /* protects sp->* */
691 if (sp->s_vp == NULL)
692 ASSERT(sp->s_dev == NODEV);
693 else
694 ASSERT(sp->s_dev != NODEV);
695 mutex_exit(&sp->s_lock);
696 #endif /* DEBUG */
697
698 dev = sp->s_dev;
699 mutex_exit(&pp->p_splock);
700 return (dev);
701 }
702
703 void
704 ctty_clear_sighuped(void)
705 {
706 ASSERT(MUTEX_HELD(&pidlock) || MUTEX_HELD(&curproc->p_splock));
707 curproc->p_sessp->s_sighuped = B_FALSE;
708 }