filep Reference count

[Zhangshoukui]

Summary

ncrease the reference count of filep，fs_getfilep adds +1 to the reference count. After the call is complete, run the fs_putfilep command to release the reference count.When the reference count reaches 0, the file is actually closed.

Impact

This prevents the file from being closed while it is being read or written

Testing

[Zhangshoukui]

Sorry, due to my irregular rebase, this PR is closed and a new trace is used.

./tools/configure.sh -l stm3240g-eval:knxwm
make -j7
I failed to build this configuration locally, any good suggestions？If not, I can only verify it through github's CI environment

[xiaoxiang781216]

Sorry, due to my irregular rebase, this PR is closed and a new trace is used.

./tools/configure.sh -l stm3240g-eval:knxwm make -j7 I failed to build this configuration locally, any good suggestions？If not, I can only verify it through github's CI environment

the code size exceeds the reserved space, either:

1. optimize the code
2. extend the reserved space in ld script

[anchao]

this is a complete feature，please merge all patches into one

[Zhangshoukui]

@anchao ./tools/configure.sh -l stm3240g-eval:knxwm
There are also configurations that do not compile locally, is this a general configuration, and is it reasonable to add it to CI?

[anchao]

@anchao ./tools/configure.sh -l stm3240g-eval:knxwm There are also configurations that do not compile locally, is this a general configuration, and is it reasonable to add it to CI?

You could set the Kconfig default value of CONFIG_FS_REFCOUNT to n to keep the original configuration without any overhead.

[xiaoxiang781216]

@Zhangshoukui please fix the conflict.

[Zhangshoukui]

@Zhangshoukui please fix the conflict.

done

[Zhangshoukui]

@anchao help me review this PR. thanks

[anchao]

@anchao help me review this PR. thanks

please set CONFIG_FS_REFCOUNT default value to n to keep the original configuration， we should not add unnecessary code size loads to IoT developers, especially for some chips that may only have 32k available RAM

[Zhangshoukui]

@anchao I do not think this code is unnecessary, for the operation of a system security is the first.At present, CI has passed, I think it can be approve

[xiaoxiang781216]

@anchao help me review this PR. thanks

please set CONFIG_FS_REFCOUNT default value to n to keep the original configuration， we should not add unnecessary code size loads to IoT developers, especially for some chips that may only have 32k available RAM

The default value should keep as safe as possible, since not all users understand the fs internal implementation. @Zhangshoukui let's change default value to !DEFAULT_SMALL.

[Zhangshoukui]

@xiaoxiang781216 help me review this PR.thanks

[yamt]

This prevents the file from being closed while it is being read or written

what happens w/o this enabled? a crash?

[yamt]

my impression is that this kind of things should not be a user-visible option.

[Zhangshoukui]

In theory, it should be used by default and should not be configured by the user, but it actually increases the code size, so it is configurable.Any better suggestions? I can try to optimize

[Zhangshoukui]

This prevents the file from being closed while it is being read or written

what happens w/o this enabled? a crash?

Prevent multithreaded operations on the same filep when one is in r/w and the other is closed

[yamt]

This prevents the file from being closed while it is being read or written

what happens w/o this enabled? a crash?

Prevent multithreaded operations on the same filep when one is in r/w and the other is closed

my question is, why do you need to prevent it?

[Zhangshoukui]

This prevents the file from being closed while it is being read or written

what happens w/o this enabled? a crash?

Prevent multithreaded operations on the same filep when one is in r/w and the other is closed

my question is, why do you need to prevent it?

This commit can solve the above problem and avoid the crash, in turn, why let such an operation crash? Reference counting makes the read and write process more robust

[yamt]

This prevents the file from being closed while it is being read or written

what happens w/o this enabled? a crash?

Prevent multithreaded operations on the same filep when one is in r/w and the other is closed

my question is, why do you need to prevent it?

This commit can solve the above problem and avoid the crash, in turn, why let such an operation crash? Reference counting makes the read and write process more robust

if this is to fix a crash, i don't understand why it should be optional.

[xiaoxiang781216]

The patch tries to fix this common issue: thread 1 call read(fd, ...) and block, thread2 call close(fd).
without this patch, read will access the memory which is freed by close.

[xiaoxiang781216]

This prevents the file from being closed while it is being read or written

what happens w/o this enabled? a crash?

Prevent multithreaded operations on the same filep when one is in r/w and the other is closed

my question is, why do you need to prevent it?

This commit can solve the above problem and avoid the crash, in turn, why let such an operation crash? Reference counting makes the read and write process more robust

if this is to fix a crash, i don't understand why it should be optional.

Yes, I also think it should be always enabled, but @anchao think this is a corner case and should give the user the freedom to disable it.

[anchao]

This commit can solve the above problem and avoid the crash, in turn, why let such an operation crash? Reference counting makes the read and write process more robust

if this is to fix a crash, i don't understand why it should be optional.

Yes, I also think it should be always enabled, but @anchao think this is a corner case and should give the user the freedom to disable it.

But this feature consumes a lot of rom size. e.g on ARM32 platform, the flash usage will increase by ~500 bytes caused by bl/blx instructions are inserted in many places in the fs.

[anchao]

We should ensure that NuttX remains compact and lightweight, rather than expanding endlessly like Linux. @xiaoxiang781216 @yamt

[yamt]

This commit can solve the above problem and avoid the crash, in turn, why let such an operation crash? Reference counting makes the read and write process more robust

if this is to fix a crash, i don't understand why it should be optional.

Yes, I also think it should be always enabled, but @anchao think this is a corner case and should give the user the freedom to disable it.

But this feature consumes a lot of rom size. e.g on ARM32 platform, the flash usage will increase by ~500 bytes caused by bl/blx instructions are inserted in many places in the fs.

do you have a suggestion of an alternative fix for the crash?
to me, saving 500 bytes doesn't sound like a good reason to leave a crashing bug.

[yamt]

We should ensure that NuttX remains compact and lightweight, rather than expanding endlessly like Linux. @xiaoxiang781216 @yamt

i agree.
i hope it doesn't mean to leave crashing bugs though.
also, i suspect moderate continuous size increase is natural for a software like this.

[anchao]

Most RTOS developers typically do not do the following things:

1. Open and close file descriptors after system bringup frequently.
2. Open and close file descriptors via different task contexts.

FS_REFCOUNT enhances the detection of such issues.

do you have a suggestion of an alternative fix for the crash? to me, saving 500 bytes doesn't sound like a good reason to leave a crashing bug.

if disable FS_REFCOUNT, I think we could add some error catch and print error log on failure case, which will help developers identify issues more quickly.

[yamt]

Most RTOS developers typically do not do the following things:

1. Open and close file descriptors after system bringup frequently.

2. Open and close file descriptors via different task contexts.

FS_REFCOUNT enhances the detection of such issues.

i guess what you need is a config option or whatever which allows users to
limit themselves to a small restricted subset of posix semantics, which doesn't need
these reference counting.

as we don't have such a mechanism right now, i suppose we need to enable this reference counting
(or whatever fix for the crash) unconditionally.

do you have a suggestion of an alternative fix for the crash? to me, saving 500 bytes doesn't sound like a good reason to leave a crashing bug.

if disable FS_REFCOUNT, I think we could add some error catch and print error log on failure case, which will help developers identify issues more quickly.

do you have an idea how to detect the failure cases?