tree-wide: acquire /dev/console lock around any attempts to reset TTY

author Lennart Poettering <lennart@poettering.net>

Wed, 17 Jul 2024 13:06:27 +0000 (15:06 +0200)

committer Lennart Poettering <lennart@poettering.net>

Fri, 19 Jul 2024 09:44:04 +0000 (11:44 +0200)
author Lennart Poettering <lennart@poettering.net>
Wed, 17 Jul 2024 13:06:27 +0000 (15:06 +0200)
committer Lennart Poettering <lennart@poettering.net>
Fri, 19 Jul 2024 09:44:04 +0000 (11:44 +0200)
diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c

index 93f356bde06ec11fa308275f517d5205ede0e3ab..058f8df1097489f5eb2c7e5a21cbdfab90c5cda0 100644 (file)
--- a/src/basic/terminal-util.c
+++ b/src/basic/terminal-util.c
@@ -599,6 +599,10 @@ void reset_dev_console_fd(int fd, bool switch_to_text) {
  
          assert(fd >= 0);
  
+        _cleanup_close_ int lock_fd = lock_dev_console();
+        if (lock_fd < 0)
+                log_debug_errno(lock_fd, "Failed to lock /dev/console, ignoring: %m");
+
          r = terminal_reset_ioctl(fd, switch_to_text);
          if (r < 0)
                  log_warning_errno(r, "Failed to reset /dev/console, ignoring: %m");
@@ -1592,6 +1596,16 @@ int terminal_reset_defensive(int fd, bool switch_to_text) {
          return r;
  }
  
+int terminal_reset_defensive_locked(int fd, bool switch_to_text) {
+        assert(fd >= 0);
+
+        _cleanup_close_ int lock_fd = lock_dev_console();
+        if (lock_fd < 0)
+                log_debug_errno(lock_fd, "Failed to acquire lock for /dev/console, ignoring: %m");
+
+        return terminal_reset_defensive(fd, switch_to_text);
+}
+
  void termios_disable_echo(struct termios *termios) {
          assert(termios);
  
diff --git a/src/basic/terminal-util.h b/src/basic/terminal-util.h

index 3cf0ff984852ea9c49c474e9af9fc50f4870b784..84d4731ea8b300173cfdd9f82889b083b7d044d7 100644 (file)
--- a/src/basic/terminal-util.h
+++ b/src/basic/terminal-util.h
@@ -30,6 +30,7 @@
  bool isatty_safe(int fd);
  
  int terminal_reset_defensive(int fd, bool switch_to_text);
+int terminal_reset_defensive_locked(int fd, bool switch_to_text);
  
  int terminal_set_cursor_position(int fd, unsigned row, unsigned column);
  
diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c

index 2521e940c9b505db95f945cfce69f1de8cb91f10..4c6f35827cb02f9a21c8ab62912bb486e801131a 100644 (file)
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -660,6 +660,10 @@ static int setup_confirm_stdio(
          if (fd < 0)
                  return fd;
  
+        _cleanup_close_ int lock_fd = lock_dev_console();
+        if (lock_fd < 0)
+                log_debug_errno(lock_fd, "Failed to lock /dev/console, ignoring: %m");
+
          r = chown_terminal(fd, getuid());
          if (r < 0)
                  return r;
diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c

index 86aa8e8c181b33f6cf055a5fcb0900fc64d3be31..c70bfa468fdcd35f73b547b3ea8d5e999f71c13c 100644 (file)
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@@ -133,7 +133,7 @@ static void print_welcome(int rfd) {
          pn = os_release_pretty_name(pretty_name, os_name);
          ac = isempty(ansi_color) ? "0" : ansi_color;
  
-        (void) terminal_reset_defensive(STDOUT_FILENO, /* switch_to_text= */ false);
+        (void) terminal_reset_defensive_locked(STDOUT_FILENO, /* switch_to_text= */ false);
  
          if (colors_enabled())
                  printf("\nWelcome to your new installation of \x1B[%sm%s\x1B[0m!\n", ac, pn);
diff --git a/src/home/homectl.c b/src/home/homectl.c

index 8022694f704a40f9d220c23c2b5fe93cc43d874b..a71548439e2fc2f4bc71c0e5263a71fb31718213 100644 (file)
--- a/src/home/homectl.c
+++ b/src/home/homectl.c
@@ -2438,7 +2438,7 @@ static int create_interactively(void) {
  
          (void) polkit_agent_open_if_enabled(arg_transport, arg_ask_password);
  
-        (void) terminal_reset_defensive(STDOUT_FILENO, /* switch_to_text= */ false);
+        (void) terminal_reset_defensive_locked(STDOUT_FILENO, /* switch_to_text= */ false);
  
          for (;;) {
                  username = mfree(username);
diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c

index b411c9c309d38d55c42fb654a3f003588c650491..4b1e848749045f03a7639b1eec358177e6f56065 100644 (file)
--- a/src/tty-ask-password-agent/tty-ask-password-agent.c
+++ b/src/tty-ask-password-agent/tty-ask-password-agent.c
@@ -150,7 +150,7 @@ static int agent_ask_password_tty(
                  if (tty_fd < 0)
                          return log_error_errno(tty_fd, "Failed to acquire %s: %m", con);
  
-                (void) terminal_reset_defensive(tty_fd, /* switch_to_text= */ true);
+                (void) terminal_reset_defensive_locked(tty_fd, /* switch_to_text= */ true);
  
                  log_info("Starting password query on %s.", con);
          }
author	Lennart Poettering <lennart@poettering.net>
	Wed, 17 Jul 2024 13:06:27 +0000 (15:06 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Fri, 19 Jul 2024 09:44:04 +0000 (11:44 +0200)
src/basic/terminal-util.c		patch \| blob \| blame \| history
src/basic/terminal-util.h		patch \| blob \| blame \| history
src/core/exec-invoke.c		patch \| blob \| blame \| history
src/firstboot/firstboot.c		patch \| blob \| blame \| history
src/home/homectl.c		patch \| blob \| blame \| history
src/tty-ask-password-agent/tty-ask-password-agent.c		patch \| blob \| blame \| history