Re: Vnode scope implementation

[David Holland <dholland-tech%netbsd.org@localhost>]

On Wed, Jul 22, 2009 at 01:46:42PM +0300, Elad Efrat wrote:
 > I was under the impression that the VFS locking protocol is about to
 > change at some point, which resulted in the decision to place the
 > authorization call inside the file-systems rather than outside as I
 > originally proposed. Since, at this point, I don't know exactly what
 > the new locking protocol will be, I can't really comment on it.

It isn't clear yet (and probably won't be resolved anytime soon) but
also is unlikely to affect you.

Some things that will not (cannot!) change:

  - there will be some concept of a locked vs. an unlocked vnode;
  - to avoid race conditions, any vnode on which access control checks
    are being made must be locked, and stay locked, from before the
    check is made to after the operation is complete;
  - starting more filesystem operations while holding vnode locks for
    an access control check is unsafe.

These points are sufficient to constrain your design to something that
should remain workable regardless of VFS-level changes.

-- 
David A. Holland
dholland%netbsd.org@localhost