gpoulios commented on code in PR #16356:
URL: https://github.com/apache/nuttx/pull/16356#discussion_r2083967437
##########
drivers/misc/optee.c:
##########
@@ -529,10 +534,21 @@ static int optee_close(FAR struct file *filep)
{
FAR struct optee_priv_data *priv = filep->f_priv;
FAR struct optee_shm *shm;
+ FAR struct file *shm_filep;
int id = 0;
idr_for_each_entry(priv->shms, shm, id)
{
+ if (shm->fd > -1 && fs_getfilep(shm->fd, &shm_filep) >= 0)
+ {
+ /* The user did not call close(), prevent vfs auto-close from
+ * double-freeing our SHM
+ */
+
+ shm_filep->f_priv = NULL;
Review Comment:
We don’t. In this case the free happens here, and `close(shmfd)` only frees
the file descriptor. `f_priv` is set to NULL here so we don’t double-free.
This addresses your initial concern:
> because the user may close shm handler manually, which may:
>
> 1. close return EBADF if the same handle doesn't reuse by open yet
> 2. close the wrong handle with succeed if the same handle reuse by open
>
> The first is minor issue, but the second one is fatal problem which must
be fixed.
##########
drivers/misc/optee.c:
##########
@@ -529,10 +534,21 @@ static int optee_close(FAR struct file *filep)
{
FAR struct optee_priv_data *priv = filep->f_priv;
FAR struct optee_shm *shm;
+ FAR struct file *shm_filep;
int id = 0;
idr_for_each_entry(priv->shms, shm, id)
{
+ if (shm->fd > -1 && fs_getfilep(shm->fd, &shm_filep) >= 0)
+ {
+ /* The user did not call close(), prevent vfs auto-close from
+ * double-freeing our SHM
+ */
+
+ shm_filep->f_priv = NULL;
Review Comment:
And again, other than your concern, there is no reason to NOT free the shm
upon driver close.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
