fw/filesystem: fix crash when temp file closes while original name is open

jplexer · jplexer · commit bda1ef285f9d · 2025-12-22T11:20:33.000+01:00
When closing a temp file, pfs_close() calls pfs_remove() on the original
filename to delete it from flash. However, if another fd had the same
filename open as a non-temp file, pfs_remove() would find that fd with
status=IN_USE and crash with "Cannot delete X, it is currently in use".

This could happen in scenarios like:
1. A temp file is created for "app_comm" (is_tmp=TRUE)
2. Someone opens "app_comm" as regular file (is_tmp=FALSE)
3. Temp file is closed -&gt; pfs_remove("app_comm") finds the fd from step 2
4. Crash because that fd is still IN_USE

Fix this by checking in file_found_in_cache() whether a temp file with the
same name is already in use when opening a non-temp file. If so, return
E_BUSY to prevent creating conflicting fd entries.

Signed-off-by: Joshua Jun &lt;joshuajun@proton.me&gt;
diff --git a/src/fw/services/normal/filesystem/pfs.c b/src/fw/services/normal/filesystem/pfs.c
@@ -1413,7 +1413,8 @@ status_t pfs_close(int fd) {
 
   File *f = &PFS_FD(fd).file;
   if (f->is_tmp) {
-    // TODO: For safety, could disallow this op if user has orig file hdl open
+    // Note: file_found_in_cache() now prevents opening a non-temp file while a
+    // temp file with the same name is in use, so pfs_remove() here is safe.
     pfs_remove(f->name);
     // Note: if we reboot before updating the tmp state flag to done, the tmp &
     // original file will be deleted. This is an extremely small window, but
@@ -1716,6 +1717,17 @@ static NOINLINE bool file_found_in_cache(const char *name, uint8_t op_flags, int
     goto cleanup;
   }
 
+  // When opening a non-temp file, check if a temp file with the same name is in use.
+  // If so, block the open to prevent crashes when the temp file is later closed
+  // (pfs_close for temp files calls pfs_remove on the original filename).
+  if (!is_tmp) {
+    int tmp_fd;
+    if (get_avail_fd(name, &tmp_fd, true) == FDBusy) {
+      res = E_BUSY;
+      goto cleanup;
+    }
+  }
+
   File *file = &PFS_FD(fd).file;
 
   // settings for cached & new fds
