[RTEMS Project] #3132: Add reference counting to file descriptors
RTEMS trac
trac at rtems.org
Wed Sep 13 05:56:39 UTC 2017
#3132: Add reference counting to file descriptors
-----------------------------+-----------------------------
Reporter: Sebastian Huber | Owner: Sebastian Huber
Type: enhancement | Status: assigned
Priority: normal | Milestone: 4.12.0
Component: filesystem | Version: 4.12
Severity: normal | Keywords:
-----------------------------+-----------------------------
The use of a file descriptor after or during a close() operation may
result in a [https://cwe.mitre.org/data/definitions/416.html use after
free]. Finding such errors in applications is difficult. Especially in SMP
systems using the highly dynamic libbsd network stack.
The file descriptor objects reside in a table with a application
configuration defined size. So, the storage of a file descriptor object is
always present, only the referenced file system node may change over time.
The file system nodes may use an internal reference counting, which is
independent of the file descriptors.
To implement reference counting for the file descriptors add a bit field
for the reference count to the rtems_libio_t::flags and use atomic
operations to maintain the flags.
Each operation using a file descriptor should perform a sequence like
this:
{{{
int op(int fd, ...)
{
uint32_t flags;
rtems_libio_t *iop;
iop = rtems_libio_iop(fd, &flags);
if (iop == NULL) {
return EBADF;
}
if (conditions_for_op_are_not_ok(flags)) {
rtems_libio_iop_done(iop);
}
do_op(iop);
rtems_libio_iop_done(iop);
return 0;
}
}}}
A close() should return -1 with EBUSY in case the file descriptor is
referenced. In this case, no close operation will be performed.
--
Ticket URL: <http://devel.rtems.org/ticket/3132>
RTEMS Project <http://www.rtems.org/>
RTEMS Project
More information about the bugs
mailing list