id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc,blockedby,blocking 3132,Add reference counting to file descriptors,Sebastian Huber,Sebastian Huber,"The use of a file descriptor after or during a close() operation may result in a [https://cwe.mitre.org/data/definitions/416.html use after free]. Finding such errors in applications is difficult. Especially in SMP systems using the highly dynamic libbsd network stack. The file descriptor objects reside in a table with a application configuration defined size. So, the storage of a file descriptor object is always present, only the referenced file system node may change over time. The file system nodes may use an internal reference counting, which is independent of the file descriptors. To implement reference counting for the file descriptors add a bit field for the reference count to the rtems_libio_t::flags and use atomic operations to maintain the flags. Each operation using a file descriptor should perform a sequence like this: {{{ int op( int fd, ... ) { rtems_libio_t *iop; unsigned int flags; if ( (uint32_t) fd >= rtems_libio_number_iops ) { rtems_set_errno_and_return_minus_one( EBADF ); } iop = rtems_libio_iop( fd ); flags = rtems_libio_iop_hold( iop ); if ( ( flags & LIBIO_FLAGS_OPEN ) == 0 ) { rtems_libio_iop_drop( _iop ); rtems_set_errno_and_return_minus_one( EBADF ); } do_op( iop, ... ); rtems_libio_iop_drop( iop ); return 0; } }}} A close() should return -1 with EBUSY in case the file descriptor is referenced. In this case, no close operation will be performed.",enhancement,closed,normal,5.1,fs,5,normal,fixed,,,,