On Tue, 2022-04-26 at 10:46 +0200, Oliver Neukum wrote: > > > On 26.04.22 09:21, Greg Kroah-Hartman wrote: > > Yes, but, it's not so simple. Many people have asked for revoke() > > to be > > added as a syscall like is in the BSDs, but the BSDs only allow > > that for > > a very small subset of file descriptor types, and doing it in a > > generic > > fashion seems very difficult (I tried a few years ago and gave up, > > but > > my knowledge of the vfs layer is minimal.) > Well, then we should go for the minimalist approach and just > add a hook to VFS. Multiple different ioctl()s are definitely a bad > idea. > An frevoke() looks much easier to do than one based on paths. > If I understand the issue behind the proposal correctly the caller > has opened the device. Doesn't look like FreeBSD at least has an frevoke() syscall anymore, it had an FREVOKE flag, which is now a define for the O_VERIFY option which has quite different semantics: https://www.freebsd.org/cgi/man.cgi?sektion=2&query=open "O_VERIFY may be used to indicate to the kernel that the contents of the file should be verified before allowing the open to proceed. The details of what "verified" means is implementation specific. The run- time linker (rtld) uses this flag to ensure shared objects have been verified before operating on them." The AIX frevoke() also has different semantics: https://www.ibm.com/docs/en/aix/7.3?topic=f-frevoke-subroutine "All accesses to the file are revoked, except through the file descriptor specified by the FileDescriptor parameter to the frevoke subroutine." and: "Currently the frevoke subroutine works only on terminal devices." The point of USBDEVFS_REVOKE, and the other variants is to revoke access to the device, not to the file descriptor itself. If you're reticent to adding new ioctls, we could try and do that exclusively through BPF. The only thing that didn't look like the BPF codepath could do was wake up the fd so that fd could be poll()ed and error out immediately.
