[Devel] [PATCH RH9 3/8] ve/tty: TIOSAK Secure Attention Key ioctl

Cyrill Gorcunov gorcunov at gmail.com
Thu Oct 7 18:18:48 MSK 2021


From: Konstantin Khlebnikov <khlebnikov at openvz.org>

port of 2.6.32-x diff-tty-TIOSAK-Secure-Attention-Key-ioctl
ported by Dmitry Guryanov <dguryanov at parallels.com>

Signed-off-by: Konstantin Khlebnikov <khlebnikov at openvz.org>
Signed-off-by: Dmitry Guryanov <dguryanov at parallels.com>

Author: Konstantin Khlebnikov
Email: khlebnikov at openvz.org
Subject: tty: TIOSAK Secure Attention Key ioctl
Date: Fri, 17 Feb 2012 19:01:48 +0400

This patch exposes SAK function via ioctl().
Require CAP_SYS_ADMIN if argument isn't pty-master.

Very useful for securing conteiner's vtty.

https://jira.sw.ru/browse/PSBM-11881

Acked-by: Pavel Emelyanov <xemul at parallels.com>

Problem is that there is no any output to user on second attach (i.e., login
prompt, bash prompt or vim screen, etc.) till some key pressed for refresh.
User should remind what program he ran on last console attach and issue proper
refresh action. It is very inconvenient.

Decided to kill run processes on detach in order to make second attach behavior
the same as first one.

(cherry picked from commit 9017b750a1e09d9d67941f24deb9cfc495b9e856)
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>

gorcunov@: PPC definition of ioctl code comes from commit
(b67c122d1cd2db8811d8cd39d04b3edd869afc53) by Kir Kolyshkin <kir at openvz.org>
 | This was found while tring to compile the kernel with a stock
 | config (i.e. no CONFIG_BEANCOUNTERS, CONFIG_VE etc.) and
 | boot it on IBM Power8.
 |
 | =============================================================
 |
 | Fix the following error:
 |
 |   CC      drivers/tty/tty_io.o
 | drivers/tty/tty_io.c: In function ‘tty_ioctl’:
 | drivers/tty/tty_io.c:2843:7: error: ‘TIOSAK’ undeclared (first use in
 | this function)
 |   case TIOSAK:
 |
 | This is an addition to commit 28f8dfa.

Keep it for backward compatibility.

Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
---
 arch/powerpc/include/uapi/asm/ioctls.h | 2 ++
 drivers/tty/tty_io.c                   | 5 +++++
 include/uapi/asm-generic/ioctls.h      | 2 ++
 3 files changed, 9 insertions(+)

diff --git a/arch/powerpc/include/uapi/asm/ioctls.h b/arch/powerpc/include/uapi/asm/ioctls.h
index 2c145da3b774..9a3de49ce79f 100644
--- a/arch/powerpc/include/uapi/asm/ioctls.h
+++ b/arch/powerpc/include/uapi/asm/ioctls.h
@@ -120,4 +120,6 @@
 #define TIOCMIWAIT	0x545C	/* wait for a change on serial input line(s) */
 #define TIOCGICOUNT	0x545D	/* read serial port inline interrupt counts */
 
+#define TIOSAK		_IO('T', 0x66)	/* "Secure Attention Key" */
+
 #endif	/* _ASM_POWERPC_IOCTLS_H */
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
index e7268372edb6..7f8006227451 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -2796,6 +2796,11 @@ long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 	case TIOCGPTPEER:
 		/* Special because the struct file is needed */
 		return ptm_open_peer(file, tty, (int)arg);
+	case TIOSAK:
+		if (real_tty == tty && !capable(CAP_SYS_ADMIN))
+			return -EPERM;
+		__do_SAK(real_tty);
+		return 0;
 	default:
 		retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
 		if (retval != -ENOIOCTLCMD)
diff --git a/include/uapi/asm-generic/ioctls.h b/include/uapi/asm-generic/ioctls.h
index cdc9f4ca8c27..cf5d9211f552 100644
--- a/include/uapi/asm-generic/ioctls.h
+++ b/include/uapi/asm-generic/ioctls.h
@@ -98,6 +98,8 @@
 #define TIOCMIWAIT	0x545C	/* wait for a change on serial input line(s) */
 #define TIOCGICOUNT	0x545D	/* read serial port inline interrupt counts */
 
+#define TIOSAK		_IO('T', 0x66)  /* "Secure Attention Key" */
+
 /*
  * Some arches already define FIOQSIZE due to a historical
  * conflict with a Hayes modem-specific ioctl value.
-- 
2.31.1



More information about the Devel mailing list