fix : futex requeue机制中，头节点的queueList 为NULL, 导致系统异常

queuelist中的普通节点在调整为futexList的节点时，未校验其queueList的有效性，导致queueList未初始化，出现访问空指针；且在从旧链表迁移节点到新链表时，节点从旧链表删除之后又插入到另一个链表中，导致对旧链表的为NULL判断出错。 Close #I4024F Change-Id: I506a10fc5740ce16e682c2c419b9d92a82000b86 Signed-off-by: zhushengle <zhushengle@huawei.com>
2021-07-10 17:36:56 +08:00 · 2021-07-10 17:36:56 +08:00 · 1157c4a289
parent b29d9d88ab
commit 1157c4a289
1 changed files with 19 additions and 8 deletions
--- a/kernel/base/ipc/los_futex.c
+++ b/kernel/base/ipc/los_futex.c
@ -199,6 +199,9 @@ STATIC INLINE VOID OsFutexReplaceQueueListHeadNode(FutexNode *oldHeadNode, Futex
    LOS_DL_LIST *futexList = oldHeadNode->futexList.pstPrev;
    LOS_ListDelete(&oldHeadNode->futexList);
    LOS_ListHeadInsert(futexList, &newHeadNode->futexList);
    if ((newHeadNode->queueList.pstNext == NULL) || (newHeadNode->queueList.pstPrev == NULL)) {
        LOS_ListInit(&newHeadNode->queueList);
    }
 }
 STATIC INLINE VOID OsFutexDeleteKeyFromFutexList(FutexNode *node)
@ -323,7 +326,6 @@ STATIC VOID OsFutexInsertNewFutexKeyToHash(FutexNode *node)
            LOS_ListTailInsert(&(headNode->futexList), &(node->futexList));
            break;
        }
    }
 EXIT:
@ -797,6 +799,7 @@ EXIT_UNLOCK_ERR:
 STATIC INT32 OsFutexRequeueInsertNewKey(UINTPTR newFutexKey, INT32 newIndex, FutexNode *oldHeadNode)
 {
    BOOL queueListIsEmpty = FALSE;
    INT32 ret;
    UINT32 intSave;
    LosTaskCB *task = NULL;
@ -817,25 +820,33 @@ STATIC INT32 OsFutexRequeueInsertNewKey(UINTPTR newFutexKey, INT32 newIndex, Fut
        nextNode = OS_FUTEX_FROM_QUEUELIST(queueList);
        SCHEDULER_LOCK(intSave);
        if (LOS_ListEmpty(&nextNode->pendList)) {
            if (LOS_ListEmpty(queueList)) {
                queueListIsEmpty = TRUE;
            } else {
                queueList = queueList->pstNext;
            }
            OsFutexDeinitFutexNode(nextNode);
            SCHEDULER_UNLOCK(intSave);
-            if (queueList->pstNext != NULL) {
+            if (queueListIsEmpty) {
                continue;
            } else {
                return LOS_OK;
            }
            continue;
        }
        task = OS_TCB_FROM_PENDLIST(LOS_DL_LIST_FIRST(&(nextNode->pendList)));
        if (LOS_ListEmpty(queueList)) {
            queueListIsEmpty = TRUE;
        } else {
            queueList = queueList->pstNext;
        }
        LOS_ListDelete(&nextNode->queueList);
        ret = OsFutexInsertTasktoPendList(&newHeadNode, nextNode, task);
        SCHEDULER_UNLOCK(intSave);
        if (ret != LOS_OK) {
            PRINT_ERR("Futex requeue insert new key failed!\n");
        }
-    } while (queueList->pstNext != NULL);
+    } while (!queueListIsEmpty);
    return LOS_OK;
 }