yystopf
/
openharmony_kernel_liteos_a
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

!1243 【Pick 4.0 Release】fs_epoll竞争漏洞修复 

Merge pull request !1243 from hw_llm/cherry-pick-1729040606
This commit is contained in:
openharmony_ci 2024-10-16 04:00:14 +00:00 committed by Gitee
parent d42922e488 de87f53cca
commit 241b9206a7
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
1 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
fs/vfs/epoll/fs_epoll.c
View File

@ -220,14 +220,18 @@ int epoll_close(int epfd)
{ {
struct epoll_head *epHead = NULL; struct epoll_head *epHead = NULL;
(VOID)pthread_mutex_lock(&g_epollMutex);
epHead = EpollGetDataBuff(epfd); epHead = EpollGetDataBuff(epfd);
if (epHead == NULL) { if (epHead == NULL) {
(VOID)pthread_mutex_unlock(&g_epollMutex);
set_errno(EBADF); set_errno(EBADF);
return -1; return -1;
} }
DoEpollClose(epHead); DoEpollClose(epHead);
return EpollFreeSysFd(epfd); int ret = EpollFreeSysFd(epfd);
(VOID)pthread_mutex_unlock(&g_epollMutex);
return ret;
} }
int epoll_ctl(int epfd, int op, int fd, struct epoll_event *ev) int epoll_ctl(int epfd, int op, int fd, struct epoll_event *ev)
@ -236,15 +240,16 @@ int epoll_ctl(int epfd, int op, int fd, struct epoll_event *ev)
int i; int i;
int ret = -1; int ret = -1;
(VOID)pthread_mutex_lock(&g_epollMutex);
epHead = EpollGetDataBuff(epfd); epHead = EpollGetDataBuff(epfd);
if (epHead == NULL) { if (epHead == NULL) {
set_errno(EBADF); set_errno(EBADF);
return ret; goto OUT_RELEASE;
} }
if (ev == NULL) { if (ev == NULL) {
set_errno(EINVAL); set_errno(EINVAL);
return -1; goto OUT_RELEASE;
} }
switch (op) { switch (op) {
@ -252,18 +257,19 @@ int epoll_ctl(int epfd, int op, int fd, struct epoll_event *ev)
ret = CheckFdExist(epHead, fd); ret = CheckFdExist(epHead, fd);
if (ret == -1) { if (ret == -1) {
set_errno(EEXIST); set_errno(EEXIST);
return -1; goto OUT_RELEASE;
} }
if (epHead->nodeCount == EPOLL_DEFAULT_SIZE) { if (epHead->nodeCount == EPOLL_DEFAULT_SIZE) {
set_errno(ENOMEM); set_errno(ENOMEM);
return -1; goto OUT_RELEASE;
} }
epHead->evs[epHead->nodeCount].events = ev->events | POLLERR | POLLHUP; epHead->evs[epHead->nodeCount].events = ev->events | POLLERR | POLLHUP;
epHead->evs[epHead->nodeCount].data.fd = fd; epHead->evs[epHead->nodeCount].data.fd = fd;
epHead->nodeCount++; epHead->nodeCount++;
return 0; ret = 0;
break;
case EPOLL_CTL_DEL: case EPOLL_CTL_DEL:
for (i = 0; i < epHead->nodeCount; i++) { for (i = 0; i < epHead->nodeCount; i++) {
if (epHead->evs[i].data.fd != fd) { if (epHead->evs[i].data.fd != fd) {
@ -275,23 +281,29 @@ int epoll_ctl(int epfd, int op, int fd, struct epoll_event *ev)
epHead->nodeCount - i); epHead->nodeCount - i);
} }
epHead->nodeCount--; epHead->nodeCount--;
return 0; ret = 0;
goto OUT_RELEASE;
} }
set_errno(ENOENT); set_errno(ENOENT);
return -1; break;
case EPOLL_CTL_MOD: case EPOLL_CTL_MOD:
for (i = 0; i < epHead->nodeCount; i++) { for (i = 0; i < epHead->nodeCount; i++) {
if (epHead->evs[i].data.fd == fd) { if (epHead->evs[i].data.fd == fd) {
epHead->evs[i].events = ev->events | POLLERR | POLLHUP; epHead->evs[i].events = ev->events | POLLERR | POLLHUP;
return 0; ret = 0;
goto OUT_RELEASE;
} }
} }
set_errno(ENOENT); set_errno(ENOENT);
return -1; break;
default: default:
set_errno(EINVAL); set_errno(EINVAL);
return -1; break;
} }
OUT_RELEASE:
(VOID)pthread_mutex_unlock(&g_epollMutex);
return ret;
} }
int epoll_wait(int epfd, FAR struct epoll_event *evs, int maxevents, int timeout) int epoll_wait(int epfd, FAR struct epoll_event *evs, int maxevents, int timeout)