Re: [PR] Fix OP-TEE driver compatibility issues [nuttx]

Mon, 12 May 2025 09:32:36 -0700 


gpoulios commented on code in PR #16356:
URL: https://github.com/apache/nuttx/pull/16356#discussion_r2084812745


##########
drivers/misc/optee.c:
##########
@@ -529,10 +534,21 @@ static int optee_close(FAR struct file *filep)
 {
   FAR struct optee_priv_data *priv = filep->f_priv;
   FAR struct optee_shm *shm;
+  FAR struct file *shm_filep;
   int id = 0;
 
   idr_for_each_entry(priv->shms, shm, id)
     {
+      if (shm->fd > -1 && fs_getfilep(shm->fd, &shm_filep) >= 0)
+        {
+          /* The user did not call close(), prevent vfs auto-close from
+           * double-freeing our SHM
+           */
+
+          shm_filep->f_priv = NULL;

Review Comment:
   We don’t enter that block.
   
   There’s 2 privs here:
    - `shm->priv` is the optee driver. This is what is checked in line 1262.
    - `shm_filep->f_priv` is the shm. This is what we set to NULL and is then 
checked in line 479:
   
   So, the path of the special case that the user calls `close(driver_fd)` 
before calling `close(shm_fd)`, is the following:
   
   User calls `close(driver_fd)`:
   ```c
   File: drivers/misc/optee.c
   
   533: static int optee_close(FAR struct file *filep)
   534: {
   [...]
   540:   idr_for_each_entry(priv->shms, shm, id)
   541:     {
   542:       if (shm->fd > -1 && fs_getfilep(shm->fd, &shm_filep) >= 0)
   543:         {
   544:           /* The user did not call close(), prevent vfs auto-close from
   545:            * double-freeing our SHM
   546:            */
   547: 
   548:           shm_filep->f_priv = NULL;  // <<-- 1. we enter here
   549:           fs_putfilep(shm_filep);
   550:         }
   552:       optee_shm_free(shm);           // <<-- 2. and here 
   [...]
   558: }
   [...]
   1260: void optee_shm_free(FAR struct optee_shm *shm)
   1261: {
   1262:   if (!shm || !shm->priv)           // <<-- 3. we do NOT enter here
   1263:     {
   1264:       return;
   1265:     }
   [...]                                     // <<-- 4. shm gets freed
   ```
   
   User/system calls `close(shm_fd)`:
   ```c
   File: drivers/misc/optee.c
   
   475: static int optee_shm_close(FAR struct file *filep)
   476: {
   477:   FAR struct optee_shm *shm = filep->f_priv;
   478: 
   479:   if (shm != NULL && shm->id > -1)   // <<-- 5. we do NOT enter here
   480:     {
   481:       filep->f_priv = NULL;
   482:       shm->fd = -1;
   483:       optee_shm_free(shm);
   484:     }
   485: 
   486:   return 0;
   487: }
   ```
   
    @xiaoxiang781216 Does this make sense now?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to