RTEMS | cpukit/libio: Support close with IOP references held (!516)

Gedare Bloom (@gedare) gitlab at rtems.org
Tue Jun 24 21:59:09 UTC 2025 


Merge request https://gitlab.rtems.org/rtems/rtos/rtems/-/merge_requests/516 was reviewed by Gedare Bloom

--
  
Gedare Bloom started a new discussion on cpukit/include/rtems/libio_.h: https://gitlab.rtems.org/rtems/rtos/rtems/-/merge_requests/516#note_125225

 > + */
 > +int rtems_libio_to_fcntl_flags( unsigned int flags );
 > +

I think these two functions are too similar. maybe the first one could be `rtems_libio_from_fcntl_flags`?

--
  
Gedare Bloom started a new discussion on cpukit/include/rtems/libio_.h: https://gitlab.rtems.org/rtems/rtos/rtems/-/merge_requests/516#note_125226

 > + * descriptor) and clears the slot in the IOP Table. The IOP has to
 > + * close (open flag not set) and no references held or the call will
 > + * ignore the request.

should there be an error returned if it was not freed?

--
  
Gedare Bloom started a new discussion on cpukit/include/rtems/libio_.h: https://gitlab.rtems.org/rtems/rtos/rtems/-/merge_requests/516#note_125227

 > +  const unsigned int flags = rtems_libio_iop_flags( iop );
 > +  if ( ( ( flags & LIBIO_FLAGS_OPEN ) == 0 )
 > +       && ( ( flags & LIBIO_FLAGS_REFERENCE_MASK ) == 0 ) ) {

Is there a TOCTOU bug waiting here? There seems to be nothing that prevents another thread from acquiring this libio between the time the flags are read, and the time the free_iop is called.

--
  
Gedare Bloom started a new discussion on cpukit/include/rtems/libio_.h: https://gitlab.rtems.org/rtems/rtos/rtems/-/merge_requests/516#note_125228

 > +  *iop = rtems_libio_iop( fd );
 > +  const unsigned int flags = rtems_libio_iop_hold( *iop );
 > +  const unsigned int mandatory = LIBIO_FLAGS_OPEN | access_flags ;

prefer to declare variables at start of the block

--
  
Gedare Bloom started a new discussion on cpukit/libcsupport/src/libio.c: https://gitlab.rtems.org/rtems/rtos/rtems/-/merge_requests/516#note_125229

 > -  rtems_libio_iop_free_tail = &iop->data1;
 > +    zero = offsetof( rtems_libio_t, offset );
 > +    memset( (char *) iop + zero, 0, sizeof( *iop ) - zero );

this could probably use a brief comment to explain


-- 
View it on GitLab: https://gitlab.rtems.org/rtems/rtos/rtems/-/merge_requests/516
You're receiving this email because of your account on gitlab.rtems.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/bugs/attachments/20250624/bbf84dea/attachment-0001.htm>

More information about the bugs mailing list