From 0bc2c6ff72e302dcae291471c78065d721c31f95 Mon Sep 17 00:00:00 2001 From: wdfk-prog <1425075683@qq.com> Date: Mon, 5 Jan 2026 10:34:16 +0800 Subject: [PATCH] fix[dfs_v1]: prevent vnode ref underflow and double release on close/fd release --- components/dfs/dfs_v1/src/dfs.c | 7 +++++-- components/dfs/dfs_v1/src/dfs_file.c | 7 ++++--- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/components/dfs/dfs_v1/src/dfs.c b/components/dfs/dfs_v1/src/dfs.c index 42f73280b0f..ee7161178d1 100644 --- a/components/dfs/dfs_v1/src/dfs.c +++ b/components/dfs/dfs_v1/src/dfs.c @@ -412,13 +412,16 @@ void fdt_fd_release(struct dfs_fdtable* fdt, int fd) if (fd_slot->ref_count == 0) { struct dfs_vnode *vnode = fd_slot->vnode; + fd_slot->vnode = RT_NULL; if (vnode) { - vnode->ref_count--; + if (vnode->ref_count > 0) + { + vnode->ref_count--; + } if(vnode->ref_count == 0) { rt_free(vnode); - fd_slot->vnode = RT_NULL; } } rt_free(fd_slot); diff --git a/components/dfs/dfs_v1/src/dfs_file.c b/components/dfs/dfs_v1/src/dfs_file.c index 75bbd219bca..f1c4e7ee4d2 100644 --- a/components/dfs/dfs_v1/src/dfs_file.c +++ b/components/dfs/dfs_v1/src/dfs_file.c @@ -337,7 +337,7 @@ int dfs_file_close(struct dfs_file *fd) dfs_fm_lock(); vnode = fd->vnode; - if (vnode->ref_count <= 0) + if (vnode == NULL || vnode->ref_count <= 0) { dfs_fm_unlock(); return -ENXIO; @@ -348,11 +348,12 @@ int dfs_file_close(struct dfs_file *fd) result = vnode->fops->close(fd); } - if (vnode->ref_count == 1) + vnode->ref_count--; + fd->vnode = NULL; + if (vnode->ref_count == 0) { /* remove from hash */ rt_list_remove(&vnode->list); - fd->vnode = NULL; if (vnode->path != vnode->fullpath) {