On Thu, 23 Nov 2000, Greywolf wrote:

> reserve() would return a filehandle of sorts which could then be passed to
> ropen() to return a descriptor?  One could also have an rstat() call to
> stat the filehandle and find out what you've reserved.  Since the reserve
> would lock the node, the rstat() would be guaranteed to return valid
> information, and ropen() would be guaranteed to return a valid fd into
> the data, even if an unlink() has transpired.

Vnode locks should NEVER be held when a system call returns to userland.
If you do that, you open up a huge Denial of Service attack:

reserve(pathname, other options); for (;;;) stat(pathname, &a buffer);

You've just panic'd the computer. This (the lossage resulting from leaving
a vnode locked) is called, "the race for root."

Take care,

Bill