Hello,

> Here's what can happen:  A process opens a device and tells the driver
> it want's SIGIO notification.  It then forks and exits.  Since the
> driver is not notified that the original process has closed its descriptor
> it keeps the reference to the original process.  When this reference
> (proc pointer or pid) gets reused a totally unsuspecting process can
> get the signal.

A very good example of difficulties that you'll get into if you store
process related information at the file system or device driver level.
I once implemented a kernfs file, admittably with some questionable
semantics, that needed to know when a process doesn't reference it
anymore. Well, thanks to POSIX locks I got this information through
VOP_ADVLOCK() which gets called on every close(). A very ugly hack...

> I don't see how to implement this right unless the driver gets notified
> on each close so it can drop the reference to the process.

Perhaps there should be some kind of capability associated with the
request that gets invalidated when a process terminates. BTW, isn't it
a bit unsafe to store a pointer to proc? Isn't it possible that the
memory area gets reused by a totally different object?

Notification on each close is not just a specfs issue, I think. The upper
layer needs to be modified as well. Maybe there should be VOP for informing
the file system that a process gets or loses a reference to a file, so that
inheritance and FD passing cases get noticed too.

(I wrote this mail couple days ago, I noticed that decref/incref have
already been suggested.)

-- 
Aaro Koskinen, aaro@iki.fi, http://www.iki.fi/aaro