Subject: Re: Time to fix a 25 year old misdesign
To: Lennart Augustsson <email@example.com>
From: Aaro J Koskinen <firstname.lastname@example.org>
Date: 10/17/2000 13:20:34
> Here's what can happen: A process opens a device and tells the driver
> it want's SIGIO notification. It then forks and exits. Since the
> driver is not notified that the original process has closed its descriptor
> it keeps the reference to the original process. When this reference
> (proc pointer or pid) gets reused a totally unsuspecting process can
> get the signal.
A very good example of difficulties that you'll get into if you store
process related information at the file system or device driver level.
I once implemented a kernfs file, admittably with some questionable
semantics, that needed to know when a process doesn't reference it
anymore. Well, thanks to POSIX locks I got this information through
VOP_ADVLOCK() which gets called on every close(). A very ugly hack...
> I don't see how to implement this right unless the driver gets notified
> on each close so it can drop the reference to the process.
Perhaps there should be some kind of capability associated with the
request that gets invalidated when a process terminates. BTW, isn't it
a bit unsafe to store a pointer to proc? Isn't it possible that the
memory area gets reused by a totally different object?
Notification on each close is not just a specfs issue, I think. The upper
layer needs to be modified as well. Maybe there should be VOP for informing
the file system that a process gets or loses a reference to a file, so that
inheritance and FD passing cases get noticed too.
(I wrote this mail couple days ago, I noticed that decref/incref have
already been suggested.)
Aaro Koskinen, email@example.com, http://www.iki.fi/aaro