d4a0747609
intended behaviour in its man page. Simplify tty_drain() to match. Don't call ttydevsw methods in tty_flush() if the device is gone since we now sometimes call it then. The flushing was supposed to be implemented by passing the FNONBLOCK flag to VOP_CLOSE() for revoke(). The tty driver is one of the few that can block in close and was one of the fewer that knew about this. This almost worked in FreeBSD-1 and similarly in Net/2. These versions only almost worked because there was and is considerable confusion between IO_NDELAY and FNONBLOCK (aka O_NONBLOCK). IO_NDELAY is only valid for VOP_READ() and VOP_WRITE(). For other VOPs it has the same value as O_SHLOCK. But since vfs_subr.c and tty.c consistently used the wrong flag and the O_SHLOCK flag is rarely set, this mostly worked. It also gave the feature than applications could get the non-blocking close by abusing O_SHLOCK. This was first broken then fixed in 1995. I changed only the tty driver to use FNONBLOCK, as a hack to get non-blocking via the normal flag FNONBLOCK for last closes. I didn't know about revoke()'s use of IO_NDELAY or change it to be consistent, so revoke() was broken. Then I changed revoke() to match. This was next broken in 1997 then fixed in 1998. Importing Lite2 made the flags inconsistent again by undoing the fix only in vfs_subr.c. This was next broken in 2008 by replacing everything in tty.c and not checking any flags in last close. Other bugs in draining limited the resulting unbounded waits to drain in some cases. It is now possible to fix this better using the new FREVOKE flag. Just restore flushing for revoke() for now. Don't restore or undo any hacks for ordinary last closes yet. But remove dead code in the 1-second relative timeout (r272789). This did extra work to extend the buggy draining for revoke() for as long as possible. The 1-second timeout made this not very long by usually flushing after 1 second. Submitted by: bde MFC after: 2 weeks
111 lines
3.8 KiB
Groff
111 lines
3.8 KiB
Groff
.\" Copyright (c) 1993
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" This code is derived from software contributed to Berkeley by
|
|
.\" Berkeley Software Design, Inc.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" @(#)revoke.2 8.1 (Berkeley) 6/4/93
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd Jan 25, 2016
|
|
.Dt REVOKE 2
|
|
.Os
|
|
.Sh NAME
|
|
.Nm revoke
|
|
.Nd revoke file access
|
|
.Sh LIBRARY
|
|
.Lb libc
|
|
.Sh SYNOPSIS
|
|
.In unistd.h
|
|
.Ft int
|
|
.Fn revoke "const char *path"
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Fn revoke
|
|
system call invalidates all current open file descriptors in the system
|
|
for the file named by
|
|
.Fa path .
|
|
Subsequent operations on any such descriptors
|
|
fail, with the exceptions that a
|
|
.Fn read
|
|
from a character device file which has been revoked
|
|
returns a count of zero (end of file),
|
|
and a
|
|
.Fn close
|
|
system call will succeed.
|
|
If the file is a special file for a device which is open,
|
|
the device close function
|
|
is called as if all open references to the file had been closed
|
|
using a special close method which does not block.
|
|
.Pp
|
|
Access to a file may be revoked only by its owner or the super user.
|
|
The
|
|
.Fn revoke
|
|
system call is currently supported only for block and character special
|
|
device files.
|
|
It is normally used to prepare a terminal device for a new login session,
|
|
preventing any access by a previous user of the terminal.
|
|
.Sh RETURN VALUES
|
|
.Rv -std revoke
|
|
.Sh ERRORS
|
|
Access to the named file is revoked unless one of the following:
|
|
.Bl -tag -width Er
|
|
.It Bq Er ENOTDIR
|
|
A component of the path prefix is not a directory.
|
|
.It Bq Er ENAMETOOLONG
|
|
A component of a pathname exceeded 255 characters,
|
|
or an entire path name exceeded 1024 characters.
|
|
.It Bq Er ENOENT
|
|
The named file or a component of the path name does not exist.
|
|
.It Bq Er EACCES
|
|
Search permission is denied for a component of the path prefix.
|
|
.It Bq Er ELOOP
|
|
Too many symbolic links were encountered in translating the pathname.
|
|
.It Bq Er EFAULT
|
|
The
|
|
.Fa path
|
|
argument
|
|
points outside the process's allocated address space.
|
|
.It Bq Er EINVAL
|
|
The implementation does not support the
|
|
.Fn revoke
|
|
operation on the named file.
|
|
.It Bq Er EPERM
|
|
The caller is neither the owner of the file nor the super user.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr revoke 1 ,
|
|
.Xr close 2
|
|
.Sh HISTORY
|
|
The
|
|
.Fn revoke
|
|
system call first appeared in
|
|
.Bx 4.3 Reno .
|
|
.Sh BUGS
|
|
The non-blocking close method is only correctly implemented for
|
|
terminal devices.
|