freebsd-skq/lib/libc/sys/revoke.2
kib d4a0747609 Restore flushing of output for revoke(2) again. Document revoke()'s
intended behaviour in its man page.  Simplify tty_drain() to match.
Don't call ttydevsw methods in tty_flush() if the device is gone
since we now sometimes call it then.

The flushing was supposed to be implemented by passing the FNONBLOCK
flag to VOP_CLOSE() for revoke().  The tty driver is one of the few
that can block in close and was one of the fewer that knew about this.

This almost worked in FreeBSD-1 and similarly in Net/2.  These
versions only almost worked because there was and is considerable
confusion between IO_NDELAY and FNONBLOCK (aka O_NONBLOCK).  IO_NDELAY
is only valid for VOP_READ() and VOP_WRITE().  For other VOPs it has
the same value as O_SHLOCK.  But since vfs_subr.c and tty.c
consistently used the wrong flag and the O_SHLOCK flag is rarely set,
this mostly worked.  It also gave the feature than applications could
get the non-blocking close by abusing O_SHLOCK.

This was first broken then fixed in 1995.  I changed only the tty
driver to use FNONBLOCK, as a hack to get non-blocking via the normal
flag FNONBLOCK for last closes.  I didn't know about revoke()'s use
of IO_NDELAY or change it to be consistent, so revoke() was broken.
Then I changed revoke() to match.

This was next broken in 1997 then fixed in 1998.  Importing Lite2 made
the flags inconsistent again by undoing the fix only in vfs_subr.c.

This was next broken in 2008 by replacing everything in tty.c and not
checking any flags in last close.  Other bugs in draining limited the
resulting unbounded waits to drain in some cases.

It is now possible to fix this better using the new FREVOKE flag.
Just restore flushing for revoke() for now.  Don't restore or undo any
hacks for ordinary last closes yet.  But remove dead code in the
1-second relative timeout (r272789).  This did extra work to extend
the buggy draining for revoke() for as long as possible.  The 1-second
timeout made this not very long by usually flushing after 1 second.

Submitted by:	bde
MFC after:	2 weeks
2016-01-26 07:57:44 +00:00

111 lines
3.8 KiB
Groff

.\" Copyright (c) 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" This code is derived from software contributed to Berkeley by
.\" Berkeley Software Design, Inc.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 4. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" @(#)revoke.2 8.1 (Berkeley) 6/4/93
.\" $FreeBSD$
.\"
.Dd Jan 25, 2016
.Dt REVOKE 2
.Os
.Sh NAME
.Nm revoke
.Nd revoke file access
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In unistd.h
.Ft int
.Fn revoke "const char *path"
.Sh DESCRIPTION
The
.Fn revoke
system call invalidates all current open file descriptors in the system
for the file named by
.Fa path .
Subsequent operations on any such descriptors
fail, with the exceptions that a
.Fn read
from a character device file which has been revoked
returns a count of zero (end of file),
and a
.Fn close
system call will succeed.
If the file is a special file for a device which is open,
the device close function
is called as if all open references to the file had been closed
using a special close method which does not block.
.Pp
Access to a file may be revoked only by its owner or the super user.
The
.Fn revoke
system call is currently supported only for block and character special
device files.
It is normally used to prepare a terminal device for a new login session,
preventing any access by a previous user of the terminal.
.Sh RETURN VALUES
.Rv -std revoke
.Sh ERRORS
Access to the named file is revoked unless one of the following:
.Bl -tag -width Er
.It Bq Er ENOTDIR
A component of the path prefix is not a directory.
.It Bq Er ENAMETOOLONG
A component of a pathname exceeded 255 characters,
or an entire path name exceeded 1024 characters.
.It Bq Er ENOENT
The named file or a component of the path name does not exist.
.It Bq Er EACCES
Search permission is denied for a component of the path prefix.
.It Bq Er ELOOP
Too many symbolic links were encountered in translating the pathname.
.It Bq Er EFAULT
The
.Fa path
argument
points outside the process's allocated address space.
.It Bq Er EINVAL
The implementation does not support the
.Fn revoke
operation on the named file.
.It Bq Er EPERM
The caller is neither the owner of the file nor the super user.
.El
.Sh SEE ALSO
.Xr revoke 1 ,
.Xr close 2
.Sh HISTORY
The
.Fn revoke
system call first appeared in
.Bx 4.3 Reno .
.Sh BUGS
The non-blocking close method is only correctly implemented for
terminal devices.