current-users: Re: NetBSD Security Advisory 1999-008

Subject: Re: NetBSD Security Advisory 1999-008
To: Bill Studenmund <wrstuden@nas.nasa.gov>
From: Matthew Orgass <darkstar@pgh.net>
List: current-users
Date: 04/15/1999 20:00:47

On Thu, 15 Apr 1999, Bill Studenmund wrote:

> > > Depending on whether some_path starts with a "/" or not, you get different
> > > problens. If no slash, you (should) get the panic, and with slash, you get
> > > a node left locked which will never get unlocked.
[...]
> >   Sure looks to me like the directory matters...
> 
> We are in a mood to split hairs, aren't we? :-)

  Well, not *exactly* a hair.  You said that it is the first character of
the path that determines if it would hang, which is just not true...

  Oh well, as long as it is fixed :) (thanks!). 

> >   In which case it would seem that the pmax behavior is what *should* be
> > happening.  ls should see that it is locked and patiently wait until it
> > gets unlocked, as happens with other blocking processes 
> 
> The "pmax is not doing right" comment revolves around the fact the upper
> case hangs rather than panics. The lock manager is sitting there (i.e. 
> sleeping) waiting for a lock to be freed. However, the lock is held by the
> sleeping process!

  I wasn't questioning the first case, only the second.  A panic is 
definatly right in the first case.  However, in the second case, when 
the lock is held by a process that no longer exists (or is hung), there is
no way to know if something has died or if it is just in use at the
moment.  In that case, why does the system hang instead of just this
process (and anything else that tries to access the affected file).
Hanging isn't terribly useful, is it?  If it stays up, you can at least
sync and probably save your data, as well as finding out what has hung and
where.  Meanwhile, everything that does not touch the locked file keeps
working (I assume that if sync sees a locked file, it continues syncing
other files instead of blocking for the locked one.  If it blocks, then a
hang would be better to prevent the appearence of new data that will be
lost).

  A panic is definatly the best option if possible, but if not then a
mostly working system is preferable to a hung one (isn't it?).

Matthew Orgass
darkstar@pgh.net