From 1157c4a28997e877a6e5e4da76f6095bddb12c51 Mon Sep 17 00:00:00 2001 From: zhushengle Date: Sat, 10 Jul 2021 17:36:56 +0800 Subject: [PATCH] =?UTF-8?q?fix=20:=20futex=20requeue=E6=9C=BA=E5=88=B6?= =?UTF-8?q?=E4=B8=AD=EF=BC=8C=E5=A4=B4=E8=8A=82=E7=82=B9=E7=9A=84queueList?= =?UTF-8?q?=20=E4=B8=BANULL,=20=E5=AF=BC=E8=87=B4=E7=B3=BB=E7=BB=9F?= =?UTF-8?q?=E5=BC=82=E5=B8=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit queuelist中的普通节点在调整为futexList的节点时, 未校验其queueList的有效性,导致queueList未初始化, 出现访问空指针;且在从旧链表迁移节点到新链表时, 节点从旧链表删除之后又插入到另一个链表中,导致对 旧链表的为NULL判断出错。 Close #I4024F Change-Id: I506a10fc5740ce16e682c2c419b9d92a82000b86 Signed-off-by: zhushengle --- kernel/base/ipc/los_futex.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/kernel/base/ipc/los_futex.c b/kernel/base/ipc/los_futex.c index 9e720e2f..d831a7c5 100644 --- a/kernel/base/ipc/los_futex.c +++ b/kernel/base/ipc/los_futex.c @@ -199,6 +199,9 @@ STATIC INLINE VOID OsFutexReplaceQueueListHeadNode(FutexNode *oldHeadNode, Futex LOS_DL_LIST *futexList = oldHeadNode->futexList.pstPrev; LOS_ListDelete(&oldHeadNode->futexList); LOS_ListHeadInsert(futexList, &newHeadNode->futexList); + if ((newHeadNode->queueList.pstNext == NULL) || (newHeadNode->queueList.pstPrev == NULL)) { + LOS_ListInit(&newHeadNode->queueList); + } } STATIC INLINE VOID OsFutexDeleteKeyFromFutexList(FutexNode *node) @@ -319,11 +322,10 @@ STATIC VOID OsFutexInsertNewFutexKeyToHash(FutexNode *node) futexList != &(hashNode->lockList); futexList = futexList->pstNext) { headNode = OS_FUTEX_FROM_FUTEXLIST(futexList); - if (node->key <= headNode->key) { + if (node->key <= headNode->key) { LOS_ListTailInsert(&(headNode->futexList), &(node->futexList)); break; } - } EXIT: @@ -797,6 +799,7 @@ EXIT_UNLOCK_ERR: STATIC INT32 OsFutexRequeueInsertNewKey(UINTPTR newFutexKey, INT32 newIndex, FutexNode *oldHeadNode) { + BOOL queueListIsEmpty = FALSE; INT32 ret; UINT32 intSave; LosTaskCB *task = NULL; @@ -817,25 +820,33 @@ STATIC INT32 OsFutexRequeueInsertNewKey(UINTPTR newFutexKey, INT32 newIndex, Fut nextNode = OS_FUTEX_FROM_QUEUELIST(queueList); SCHEDULER_LOCK(intSave); if (LOS_ListEmpty(&nextNode->pendList)) { - queueList = queueList->pstNext; + if (LOS_ListEmpty(queueList)) { + queueListIsEmpty = TRUE; + } else { + queueList = queueList->pstNext; + } OsFutexDeinitFutexNode(nextNode); SCHEDULER_UNLOCK(intSave); - if (queueList->pstNext != NULL) { - continue; - } else { + if (queueListIsEmpty) { return LOS_OK; } + + continue; } task = OS_TCB_FROM_PENDLIST(LOS_DL_LIST_FIRST(&(nextNode->pendList))); - queueList = queueList->pstNext; + if (LOS_ListEmpty(queueList)) { + queueListIsEmpty = TRUE; + } else { + queueList = queueList->pstNext; + } LOS_ListDelete(&nextNode->queueList); ret = OsFutexInsertTasktoPendList(&newHeadNode, nextNode, task); SCHEDULER_UNLOCK(intSave); if (ret != LOS_OK) { PRINT_ERR("Futex requeue insert new key failed!\n"); } - } while (queueList->pstNext != NULL); + } while (!queueListIsEmpty); return LOS_OK; }