[RTEMS Project] #3132: Add reference counting to file descriptors
RTEMS trac
trac at rtems.org
Thu Sep 14 06:36:11 UTC 2017
#3132: Add reference counting to file descriptors
-----------------------------+------------------------------
Reporter: Sebastian Huber | Owner: Sebastian Huber
Type: enhancement | Status: accepted
Priority: normal | Milestone: 4.12.0
Component: filesystem | Version: 4.12
Severity: normal | Resolution:
Keywords: |
-----------------------------+------------------------------
Description changed by Sebastian Huber:
Old description:
> The use of a file descriptor after or during a close() operation may
> result in a [https://cwe.mitre.org/data/definitions/416.html use after
> free]. Finding such errors in applications is difficult. Especially in
> SMP systems using the highly dynamic libbsd network stack.
>
> The file descriptor objects reside in a table with a application
> configuration defined size. So, the storage of a file descriptor object
> is always present, only the referenced file system node may change over
> time. The file system nodes may use an internal reference counting, which
> is independent of the file descriptors.
>
> To implement reference counting for the file descriptors add a bit field
> for the reference count to the rtems_libio_t::flags and use atomic
> operations to maintain the flags.
>
> Each operation using a file descriptor should perform a sequence like
> this:
> {{{
> int op(int fd, ...)
> {
> uint32_t flags;
> rtems_libio_t *iop;
>
> iop = rtems_libio_iop(fd, &flags);
> if (iop == NULL) {
> return EBADF;
> }
>
> if (conditions_for_op_are_not_ok(flags)) {
> rtems_libio_iop_done(iop);
> }
>
> do_op(iop);
> rtems_libio_iop_done(iop);
> return 0;
> }
> }}}
>
> A close() should return -1 with EBUSY in case the file descriptor is
> referenced. In this case, no close operation will be performed.
New description:
The use of a file descriptor after or during a close() operation may
result in a [https://cwe.mitre.org/data/definitions/416.html use after
free]. Finding such errors in applications is difficult. Especially in SMP
systems using the highly dynamic libbsd network stack.
The file descriptor objects reside in a table with a application
configuration defined size. So, the storage of a file descriptor object is
always present, only the referenced file system node may change over time.
The file system nodes may use an internal reference counting, which is
independent of the file descriptors.
To implement reference counting for the file descriptors add a bit field
for the reference count to the rtems_libio_t::flags and use atomic
operations to maintain the flags.
Each operation using a file descriptor should perform a sequence like
this:
{{{
int op( int fd, ... )
{
rtems_libio_t *iop;
unsigned int flags;
if ( (uint32_t) fd >= rtems_libio_number_iops ) {
rtems_set_errno_and_return_minus_one( EBADF );
}
iop = rtems_libio_iop( fd );
flags = rtems_libio_iop_hold( iop );
if ( ( flags & LIBIO_FLAGS_OPEN ) == 0 ) {
rtems_libio_iop_drop( _iop );
rtems_set_errno_and_return_minus_one( EBADF );
}
do_op( iop, ... );
rtems_libio_iop_drop( iop );
return 0;
}
}}}
A close() should return -1 with EBUSY in case the file descriptor is
referenced. In this case, no close operation will be performed.
--
--
Ticket URL: <http://devel.rtems.org/ticket/3132#comment:3>
RTEMS Project <http://www.rtems.org/>
RTEMS Project
More information about the bugs
mailing list