Subject: Re: Addition to force open to open only regular files
To: Greywolf <firstname.lastname@example.org>
From: Bill Studenmund <email@example.com>
Date: 11/28/2000 13:36:11
On Thu, 23 Nov 2000, Greywolf wrote:
> reserve() would return a filehandle of sorts which could then be passed to
> ropen() to return a descriptor? One could also have an rstat() call to
> stat the filehandle and find out what you've reserved. Since the reserve
> would lock the node, the rstat() would be guaranteed to return valid
> information, and ropen() would be guaranteed to return a valid fd into
> the data, even if an unlink() has transpired.
Vnode locks should NEVER be held when a system call returns to userland.
If you do that, you open up a huge Denial of Service attack:
reserve(pathname, other options); for (;;;) stat(pathname, &a buffer);
You've just panic'd the computer. This (the lossage resulting from leaving
a vnode locked) is called, "the race for root."