Fix FAT/ext2 heap corruption: skip kfree on static root nodes

fat_close_impl and ext2_close_impl unconditionally called kfree() on
the node passed to vfs_close(). When a directory fd pointed to a
filesystem mount root (a static variable like g_fat_root or
g_ext2_root), this kfree corrupted the heap (bad magic 0x0).

diskfs_close_impl already had the guard pattern (dn == &g_root).
Apply the same guard to fat and ext2 close handlers.

diff --git a/src/kernel/ext2.c b/src/kernel/ext2.c
index fd9214baa8778243d5d0856ee81ffed7204428f3..4df284c3932a68f0a6c8748bd57e803a1fd3d21c 100644 (file)
--- a/src/kernel/ext2.c
+++ b/src/kernel/ext2.c
@@ -569,6 +569,7 @@ static const struct inode_operations ext2_dir_iops = {
 static void ext2_close_impl(fs_node_t* node) {
     if (!node) return;
     struct ext2_node* en = (struct ext2_node*)node;
+    if (en == &g_ext2_root) return;
     kfree(en);
 }
 

diff --git a/src/kernel/fat.c b/src/kernel/fat.c
index cab38b81abe9397cc69b2e9e9d17546469c341b1..8c1581ee4410841bce26178cdeba342a40894f76 100644 (file)
--- a/src/kernel/fat.c
+++ b/src/kernel/fat.c
@@ -519,6 +519,7 @@ static const struct inode_operations fat_dir_iops = {
 static void fat_close_impl(fs_node_t* node) {
     if (!node) return;
     struct fat_node* fn = (struct fat_node*)node;
+    if (fn == &g_fat_root) return;
     kfree(fn);
 }