!1235 hidumper 漏洞修复

Merge pull request !1235 from hw_llm/master

OAT.xml

@@ -65,6 +65,8 @@
                 <!--filteritem type="filepath" name="projectroot/[a-zA-Z0-9]{20,}.sh" desc="Temp files"/-->
             </filefilter>
             <filefilter name="binaryFileTypePolicyFilter" desc="Filters for binary file policies">
+                <filteritem type="filepath" name="figures/architecture-of-the-openharmony-liteos-cortex-a-kernel.png" desc="architecture-of-the-openharmony-liteos-cortex-a-kernel"/>
+                <filteritem type="filepath" name="figures/OpenHarmony-LiteOS-A内核架构图.png" desc="LiteOS-A内核架构图"/>
                 <!--filteritem type="filename" name="*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
                 <!--filteritem type="filepath" name="abcdefg/.*.uvwxyz" desc="Describe the reason for filtering scan results"/-->
                 <!--filteritem type="filepath" name="projectroot/[a-zA-Z0-9]{20,}.sh" desc="Temp files"/-->

compat/posix/src/mqueue.c

@@ -270,6 +270,7 @@ STATIC INT32 DoMqueueClose(struct mqpersonal *privateMqPersonal)
 {
     struct mqarray *mqueueCB = NULL;
     struct mqpersonal *tmp = NULL;
+    INT32 ret;
 
     mqueueCB = privateMqPersonal->mq_posixdes;
     if (mqueueCB == NULL || mqueueCB->mq_personal == NULL) {
@@ -277,6 +278,12 @@ STATIC INT32 DoMqueueClose(struct mqpersonal *privateMqPersonal)
         return LOS_NOK;
     }
 
+    if ((mqueueCB->unlinkflag == TRUE) && (privateMqPersonal->mq_next == NULL)) {
+        ret = DoMqueueDelete(mqueueCB);
+        if (ret < 0) {
+            return ret;
+        }
+    }
     /* find the personal and remove */
     if (mqueueCB->mq_personal == privateMqPersonal) {
         mqueueCB->mq_personal = privateMqPersonal->mq_next;
@@ -298,9 +305,6 @@ STATIC INT32 DoMqueueClose(struct mqpersonal *privateMqPersonal)
     /* free the personal */
     (VOID)LOS_MemFree(OS_SYS_MEM_ADDR, privateMqPersonal);
 
-    if ((mqueueCB->unlinkflag == TRUE) && (mqueueCB->mq_personal == NULL)) {
-        return DoMqueueDelete(mqueueCB);
-    }
     return LOS_OK;
 }
 

drivers/char/mem/src/mem.c

@@ -61,7 +61,7 @@ static ssize_t MemMap(struct file *filep, LosVmMapRegion *region)
     VADDR_T vaddr = region->range.base;
     LosVmSpace *space = LOS_SpaceGet(vaddr);
 
-    if ((paddr >= SYS_MEM_BASE) && (paddr < SYS_MEM_END)) {
+    if (((paddr + size) >= SYS_MEM_BASE) && (paddr < SYS_MEM_END)) {
         return -EINVAL;
     }
 

fs/jffs2/jffs2.patch

@@ -6340,7 +6340,7 @@ diff -Nupr old/fs/jffs2/summary.h new/fs/jffs2/summary.h
 diff -Nupr old/fs/jffs2/super.c new/fs/jffs2/super.c
 --- old/fs/jffs2/super.c	2022-05-09 17:22:53.000000000 +0800
 +++ new/fs/jffs2/super.c	2022-05-09 20:09:32.170000000 +0800
-@@ -9,433 +9,188 @@
+@@ -9,434 +9,188 @@
   *
   */
  
@@ -6418,6 +6418,7 @@ diff -Nupr old/fs/jffs2/super.c new/fs/jffs2/super.c
 +	c->cleanmarker_size = sizeof(struct jffs2_unknown_node);
  
 -	mutex_init(&f->sem);
+-	f->target = NULL;
 -	inode_init_once(&f->vfs_inode);
 -}
 +	ret = jffs2_do_mount_fs(c);

fs/vfs/epoll/fs_epoll.c

@@ -326,7 +326,7 @@ int epoll_wait(int epfd, FAR struct epoll_event *evs, int maxevents, int timeout
         return -1;
     }
 
-    for (i = 0; i < epHead->nodeCount; i++) {
+    for (i = 0; i < pollSize; i++) {
         pFd[i].fd = epHead->evs[i].data.fd;
         pFd[i].events = (short)epHead->evs[i].events;
     }

kernel/base/include/los_vm_map.h

@@ -157,7 +157,8 @@ typedef struct VmSpace {
 #define     VM_MAP_REGION_FLAG_SHM                  (1<<16)
 #define     VM_MAP_REGION_FLAG_FIXED                (1<<17)
 #define     VM_MAP_REGION_FLAG_FIXED_NOREPLACE      (1<<18)
-#define     VM_MAP_REGION_FLAG_INVALID              (1<<19) /* indicates that flags are not specified */
+#define     VM_MAP_REGION_FLAG_LITEIPC              (1<<19)
+#define     VM_MAP_REGION_FLAG_INVALID              (1<<20) /* indicates that flags are not specified */
 
 STATIC INLINE UINT32 OsCvtProtFlagsToRegionFlags(unsigned long prot, unsigned long flags)
 {

kernel/base/mem/tlsf/los_memory.c

@@ -887,7 +887,7 @@ STATIC UINT32 OsMemPoolInit(VOID *pool, UINT32 size)
 }
 
 #ifdef LOSCFG_MEM_MUL_POOL
-STATIC VOID OsMemPoolDeinit(const VOID *pool, UINT32 size)
+STATIC VOID OsMemPoolDeInit(const VOID *pool, UINT32 size)
 {
 #ifdef LOSCFG_KERNEL_LMS
     if (g_lms != NULL) {

kernel/base/misc/task_shellcmd.c

@@ -379,6 +379,7 @@ LITE_OS_SEC_TEXT_MINOR UINT32 OsShellCmdTskInfoGet(UINT32 processID, VOID *seqBu
     (VOID)memset_s(threadInfo, sizeof(ProcessThreadInfo), 0, sizeof(ProcessThreadInfo));
 
     if (OsGetProcessThreadInfo(processID, threadInfo) != LOS_OK) {
+        (VOID)LOS_MemFree(m_aucSysMem1, threadInfo);
         return LOS_NOK;
     }
 

kernel/base/vm/los_vm_dump.c

@@ -76,6 +76,8 @@ const CHAR *OsGetRegionNameOrFilePath(LosVmMapRegion *region)
         return "MMAP";
     } else if (region->regionFlags & VM_MAP_REGION_FLAG_SHM) {
         return "SHM";
+    } else if (region->regionFlags & VM_MAP_REGION_FLAG_LITEIPC) {
+        return "LITEIPC";
     } else {
         return "";
     }

kernel/base/vm/los_vm_filemap.c

@@ -261,7 +261,7 @@ STATIC UINT32 GetDirtySize(LosFilePage *fpage, struct Vnode *vnode)
 
 STATIC INT32 OsFlushDirtyPage(LosFilePage *fpage)
 {
-    UINT32 ret;
+    ssize_t ret;
     size_t len;
     char *buff = NULL;
     struct Vnode *vnode = fpage->mapping->host;

kernel/base/vm/los_vm_syscall.c

@@ -273,6 +273,8 @@ STATIC UINT32 OsInheritOldRegionName(UINT32 oldRegionFlags)
         vmFlags |= VM_MAP_REGION_FLAG_MMAP;
     } else if (oldRegionFlags & VM_MAP_REGION_FLAG_SHM) {
         vmFlags |= VM_MAP_REGION_FLAG_SHM;
+    } else if (oldRegionFlags & VM_MAP_REGION_FLAG_LITEIPC) {
+        vmFlags |= VM_MAP_REGION_FLAG_LITEIPC;
     }
 
     return vmFlags;
@@ -298,7 +300,9 @@ INT32 LOS_DoMprotect(VADDR_T vaddr, size_t len, unsigned long prot)
         goto OUT_MPROTECT;
     }
 
-    if ((region->regionFlags & VM_MAP_REGION_FLAG_VDSO) || (region->regionFlags & VM_MAP_REGION_FLAG_HEAP)) {
+    if ((region->regionFlags & VM_MAP_REGION_FLAG_VDSO) ||
+        (region->regionFlags & VM_MAP_REGION_FLAG_HEAP) ||
+        (region->regionFlags & VM_MAP_REGION_FLAG_LITEIPC)) {
         ret = -EPERM;
         goto OUT_MPROTECT;
     }

kernel/common/console.c

@@ -687,7 +687,7 @@ STATIC ssize_t ConsoleRead(struct file *filep, CHAR *buffer, size_t bufLen)
     }
 
     if (userBuf) {
-        if (LOS_ArchCopyToUser(buffer, sbuffer, bufLen) != 0) {
+        if (LOS_ArchCopyToUser(buffer, sbuffer, ret) != 0) {
             ret = -EFAULT;
             goto ERROUT;
         }

kernel/extended/hidumper/los_hidumper.c

@@ -278,7 +278,6 @@ static void DumpFaultLog(void)
 
 static void DumpMemData(struct MemDumpParam *param)
 {
-    PRINTK("\nDumpType: %d\n", param->type);
     PRINTK("Unsupported now!\n");
 }
 

kernel/extended/liteipc/hm_liteipc.c

@@ -239,6 +239,7 @@ LITE_OS_SEC_TEXT STATIC int LiteIpcMmap(struct file *filep, LosVmMapRegion *regi
         goto ERROR_MAP_OUT;
     }
     ipcInfo->pool.poolSize = region->range.size;
+    region->regionFlags |= VM_MAP_REGION_FLAG_LITEIPC;
     return 0;
 ERROR_MAP_OUT:
     LOS_VFree(ipcInfo->pool.kvaddr);
@@ -757,7 +758,10 @@ LITE_OS_SEC_TEXT STATIC UINT32 HandlePtr(LosProcessCB *pcb, SpecialObj *obj, BOO
         obj->content.ptr.buff = (VOID *)GetIpcUserAddr(pcb, (INTPTR)buf);
         EnableIpcNodeFreeByUser(pcb, (VOID *)buf);
     } else {
-        (VOID)LiteIpcNodeFree(pcb, (VOID *)GetIpcKernelAddr(pcb, (INTPTR)obj->content.ptr.buff));
+        buf = (VOID *)GetIpcKernelAddr(pcb, (INTPTR)obj->content.ptr.buff);
+        if (IsIpcNode(pcb, buf) == TRUE) {
+            (VOID)LiteIpcNodeFree(pcb, buf);
+        }
     }
     return LOS_OK;
 }

kernel/extended/plimit/los_devicelimit.c

@@ -488,7 +488,7 @@ UINT32 OsDevLimitWriteDeny(ProcLimitSet *plimit, const CHAR *buf, UINT32 size)
 STATIC VOID DevLimitItemSetAccess(CHAR *accArray, INT16 access)
 {
     INT32 index = 0;
-    (VOID)memset_s(acc, ACCLEN, 0, ACCLEN);
+    (VOID)memset_s(accArray, ACCLEN, 0, ACCLEN);
     if (access & DEVLIMIT_ACC_READ) {
         accArray[index] = 'r';
         index++;

shell/full/src/base/shell_lk.c

@@ -154,7 +154,6 @@ INT32 CmdLog(INT32 argc, const CHAR **argv)
             PRINTK("not support yet\n");
         }
     } else if (!strncmp(argv[0], "path", strlen(argv[0]) + 1)) {
-        OsLkLogFileSet(argv[1]);
         PRINTK("not support yet\n");
     } else {
         PRINTK("Usage: log level <num>\n");

syscall/net_syscall.c

@@ -401,7 +401,7 @@ ssize_t SysSendMsg(int s, const struct msghdr *message, int flags)
     CHECK_ASPACE(message, sizeof(struct msghdr));
     CPY_FROM_CONST_USER(struct msghdr, message);
 
-    if (message && message->msg_iovlen > IOV_MAX) {
+    if (message && (size_t)message->msg_iovlen > IOV_MAX) {
         set_errno(EMSGSIZE);
         return -get_errno();
     }
@@ -449,7 +449,7 @@ ssize_t SysRecvMsg(int s, struct msghdr *message, int flags)
     CHECK_ASPACE(message, sizeof(struct msghdr));
     CPY_FROM_NONCONST_USER(message);
 
-    if (message && message->msg_iovlen > IOV_MAX) {
+    if (message && (size_t)message->msg_iovlen > IOV_MAX) {
         set_errno(EMSGSIZE);
         return -get_errno();
     }

tools/build/mk/los_config.mk

@@ -124,6 +124,11 @@ LITEOS_BASELIB += -lcommon
 LIB_SUBDIRS       += kernel/common
 LITEOS_KERNEL_INCLUDE   += -I $(LITEOSTOPDIR)/kernel/common
 
+ifeq ($(LOSCFG_KERNEL_CONTAINER), y)
+    LITEOS_BASELIB    += -lcontainer
+    LIB_SUBDIRS       += kernel/extended/container
+endif
+
 ifeq ($(LOSCFG_KERNEL_CPPSUPPORT), y)
     LITEOS_BASELIB += -lcppsupport
     LIB_SUBDIRS       += kernel/extended/cppsupport