!112 修复代码段及只读段在uncache映射区域可以篡改的漏洞

Merge pull request !112 from JerryH/mmu
2021-04-01 09:51:59 +08:00
parent b1655de5ab 25ab07f136
commit be5e5fdf42
40 changed files with 423 additions and 183 deletions
--- a/fs/vfs/operation/fs_file_mapping.c
+++ b/fs/vfs/operation/fs_file_mapping.c
@@ -38,6 +38,8 @@
 #include "los_atomic.h"
 #include "los_vm_filemap.h"

+#ifdef LOSCFG_KERNEL_VM
+
 static struct file_map g_file_mapping = {0};

 uint init_file_mapping()
@@ -275,3 +277,4 @@ int update_file_path(const char *old_path, const char *new_path)
    (void)sem_post(&f_list->fl_sem);
    return LOS_OK;
 }
+#endif
--- a/fs/vfs/operation/fs_init.c
+++ b/fs/vfs/operation/fs_init.c
@@ -79,12 +79,13 @@ void los_vfs_init(void)
        PRINT_ERR("los_vfs_init VnodeDevInit failed error %d\n", retval);
        return;
    }
-
+ 
+#ifdef LOSCFG_KERNEL_VM
    retval = init_file_mapping();
    if (retval != LOS_OK) {
        PRINT_ERR("Page cache file map init failed\n");
        return;
    }
-
+#endif
    g_vfs_init = true;
 }
--- a/fs/vfs/operation/fs_readv.c
+++ b/fs/vfs/operation/fs_readv.c
@@ -63,7 +63,11 @@ static char *pread_buf_and_check(int fd, const struct iovec *iov, int iovcnt, ss
        return NULL;
    }

+#ifdef LOSCFG_KERNEL_VM
    buf = (char *)LOS_VMalloc(buflen * sizeof(char));
+#else
+    buf = (char *)malloc(buflen * sizeof(char));
+#endif
    if (buf == NULL) {
        set_errno(ENOMEM);
        *totalbytesread = VFS_ERROR;
@@ -73,7 +77,11 @@ static char *pread_buf_and_check(int fd, const struct iovec *iov, int iovcnt, ss
    *totalbytesread = (offset == NULL) ? read(fd, buf, buflen)
                                       : pread(fd, buf, buflen, *offset);
    if ((*totalbytesread == VFS_ERROR) || (*totalbytesread == 0)) {
+#ifdef LOSCFG_KERNEL_VM
        LOS_VFree(buf);
+#else
+        free(buf);
+#endif
        return NULL;
    }

@@ -119,7 +127,11 @@ ssize_t vfs_readv(int fd, const struct iovec *iov, int iovcnt, off_t *offset)
    }

 out:
+#ifdef LOSCFG_KERNEL_VM
    LOS_VFree(buf);
+#else
+    free(buf);
+#endif
    if ((i == 0) && (ret == iov[i].iov_len)) {
        /* failed in the first iovec copy, and 0 bytes copied */
        set_errno(EFAULT);
--- a/fs/vfs/operation/fs_writev.c
+++ b/fs/vfs/operation/fs_writev.c
@@ -103,21 +103,33 @@ ssize_t vfs_writev(int fd, const struct iovec *iov, int iovcnt, off_t *offset)
    }

    totallen = buflen * sizeof(char);
+#ifdef LOSCFG_KERNEL_VM
    buf = (char *)LOS_VMalloc(totallen);
+#else
+    buf = (char *)malloc(totallen);
+#endif
    if (buf == NULL) {
        return VFS_ERROR;
    }

    ret = iov_trans_to_buf(buf, totallen, iov, iovcnt);
    if (ret <= 0) {
+#ifdef LOSCFG_KERNEL_VM
        LOS_VFree(buf);
+#else
+        free(buf);
+#endif
        return VFS_ERROR;
    }

    bytestowrite = (ssize_t)ret;
    totalbyteswritten = (offset == NULL) ? write(fd, buf, bytestowrite)
                                         : pwrite(fd, buf, bytestowrite, *offset);
+#ifdef LOSCFG_KERNEL_VM
    LOS_VFree(buf);
+#else
+    free(buf);
+#endif
    return totalbyteswritten;
 }