Subject: kern/568: rename of one linked file onto its brother removes the target!
To: None <gnats-admin@sun-lamp.cs.berkeley.edu>
From: John Kohl <jtk@kolvir.blrc.ma.us>
List: netbsd-bugs
Date: 11/11/1994 12:35:07
>Number: 568
>Category: kern
>Synopsis: rename of one linked file onto its brother removes the target
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: gnats-admin (Kernel Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Nov 11 12:35:03 1994
>Originator: John Kohl
>Organization:
>Release: 1.0
>Environment:
System: NetBSD kolvir 1.0 NetBSD 1.0 (KOLVIR) #0: Thu Nov 10 20:10:51 EST 1994 jtk@kolvir:/u1/NetBSD-1.0/src/sys/arch/i386/compile/KOLVIR i386
>Description:
If you link two files, and do a rename("a", "b"), "a" is retained while
"b" is unlinked. Whoops!
>How-To-Repeat:
% cd /tmp
% mkdir bar
% cd bar
% cp /etc/motd .
% ln motd xxx
% ls -lai
total 4
7 drwxr-xr-x 2 jtk wheel 512 Nov 10 23:34 .
2 drwxrwxrwt 4 root wheel 512 Nov 10 23:34 ..
8 -rw-r--r-- 2 jtk wheel 54 Nov 10 23:34 motd
8 -rw-r--r-- 2 jtk wheel 54 Nov 10 23:34 xxx
% mv motd xxx
% ls -lai
total 3
7 drwxr-xr-x 2 jtk wheel 512 Nov 10 23:34 .
2 drwxrwxrwt 4 root wheel 512 Nov 10 23:34 ..
8 -rw-r--r-- 1 jtk wheel 54 Nov 10 23:34 motd
>Fix:
The short-circuit code in ufs_vnops.c:ufs_rename() which calls
to VOP_REMOVE() is short-circuiting the wrong entry. A quick look
convinced me that I need to think carefully about locking/flags/etc
before touching this code.
>Audit-Trail:
>Unformatted: