kern/38188: handling of pathbufs in componentname is slightly suboptimal

[pooka%iki.fi@localhost]

>Number:         38188
>Category:       kern
>Synopsis:       handling of pathbufs in componentname is slightly suboptimal
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 06 21:40:00 +0000 2008
>Originator:     Antti Kantee
>Release:        
>Organization:
>Environment:
>Description:
A pathbuf can be saved by a file system for further use by setting
SAVENAME in VOP_LOOKUP().  Regardless of this, struct componentname
is passed to e.g. the remove operation.  ufs does not use the pathbuf
in there, since it caches the correct directory offset in the directory
inode during lookup.  Other file systems might copypaste the ufs
lookup logic but neglect to set SAVENAME for DELETE even if using the
pathbuffer.  E.g. puffs has always been broken this way and tmpfs
was broken recently.  Luckily (or, actually, unluckily?), the
pathbuf is a pool_cache and likely to be intact even if freed.
>How-To-Repeat:
instead of doing fun stuff, read file system code
>Fix:
quick fix: Go over file systems (yippee) and fix violators.
Since componentname has a flag HASBUF, actually use that and
sprinkle KASSERTs everywhere.

real fix: buy lots of sushi to a certain developer and cross fingers.