gpoulios commented on code in PR #16356:
URL: https://github.com/apache/nuttx/pull/16356#discussion_r2083967437
##########
drivers/misc/optee.c:
##########
@@ -529,10 +534,21 @@ static int optee_close(FAR struct file *filep)
{
FAR struct optee_priv_data *priv = filep->f_priv;
FAR struct optee_shm *shm;
+ FAR struct file *shm_filep;
int id = 0;
idr_for_each_entry(priv->shms, shm, id)
{
+ if (shm->fd > -1 && fs_getfilep(shm->fd, &shm_filep) >= 0)
+ {
+ /* The user did not call close(), prevent vfs auto-close from
+ * double-freeing our SHM
+ */
+
+ shm_filep->f_priv = NULL;
Review Comment:
> but how to free in optee_shm_close if we zero out f_priv here?
We don’t. In this case the free happens here, and `close(shmfd)` only frees
the file descriptor. `f_priv` is set to NULL here so we don’t double-free.
This addresses your initial concern:
> because the user may close shm handler manually, which may:
>
> 1. close return EBADF if the same handle doesn't reuse by open yet
> 2. close the wrong handle with succeed if the same handle reuse by open
>
> The first is minor issue, but the second one is fatal problem which must
be fixed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
