fix : futex requeue机制中，头节点的queueList 为NULL, 导致系统异常

queuelist中的普通节点在调整为futexList的节点时，未校验其queueList的有效性，导致queueList未初始化，出现访问空指针；且在从旧链表迁移节点到新链表时，节点从旧链表删除之后又插入到另一个链表中，导致对旧链表的为NULL判断出错。 Close #I4024F Change-Id: I506a10fc5740ce16e682c2c419b9d92a82000b86 Signed-off-by: N zhushengle <zhushengle@huawei.com>

fix : futex requeue机制中，头节点的queueList 为NULL, 导致系统异常
queuelist中的普通节点在调整为futexList的节点时，未校验其queueList的有效性，导致queueList未初始化，出现访问空指针；且在从旧链表迁移节点到新链表时，节点从旧链表删除之后又插入到另一个链表中，导致对旧链表的为NULL判断出错。 Close #I4024F Change-Id: I506a10fc5740ce16e682c2c419b9d92a82000b86 Signed-off-by: N zhushengle <zhushengle@huawei.com>
1157c4a2 · zhushengle · b29d9d88 · 1157c4a2
隐藏空白更改
内联并排

Showing with 19 addition and 8 deletion

kernel/base/ipc/los_futex.c kernel/base/ipc/los_futex.c +19 -8

未找到文件。
--- a/kernel/base/ipc/los_futex.c
+++ b/kernel/base/ipc/los_futex.c
@@ -199,6 +199,9 @@ STATIC INLINE VOID OsFutexReplaceQueueListHeadNode(FutexNode *oldHeadNode, Futex
    LOS_DL_LIST *futexList = oldHeadNode->futexList.pstPrev;
    LOS_ListDelete(&oldHeadNode->futexList);
    LOS_ListHeadInsert(futexList, &newHeadNode->futexList);
+    if ((newHeadNode->queueList.pstNext == NULL) || (newHeadNode->queueList.pstPrev == NULL)) {
+        LOS_ListInit(&newHeadNode->queueList);
+    }
 }
 STATIC INLINE VOID OsFutexDeleteKeyFromFutexList(FutexNode *node)
@@ -319,11 +322,10 @@ STATIC VOID OsFutexInsertNewFutexKeyToHash(FutexNode *node)
         futexList != &(hashNode->lockList);
         futexList = futexList->pstNext) {
        headNode = OS_FUTEX_FROM_FUTEXLIST(futexList);
-        if (node->key <= headNode->key) {                 
+        if (node->key <= headNode->key) {
            LOS_ListTailInsert(&(headNode->futexList), &(node->futexList));
            break;
        }
    }
 EXIT:
@@ -797,6 +799,7 @@ EXIT_UNLOCK_ERR:
 STATIC INT32 OsFutexRequeueInsertNewKey(UINTPTR newFutexKey, INT32 newIndex, FutexNode *oldHeadNode)
 {
+    BOOL queueListIsEmpty = FALSE;
    INT32 ret;
    UINT32 intSave;
    LosTaskCB *task = NULL;
@@ -817,25 +820,33 @@ STATIC INT32 OsFutexRequeueInsertNewKey(UINTPTR newFutexKey, INT32 newIndex, Fut
        nextNode = OS_FUTEX_FROM_QUEUELIST(queueList);
        SCHEDULER_LOCK(intSave);
        if (LOS_ListEmpty(&nextNode->pendList)) {
-            queueList = queueList->pstNext;
+            if (LOS_ListEmpty(queueList)) {
+                queueListIsEmpty = TRUE;
+            } else {
+                queueList = queueList->pstNext;
+            }
            OsFutexDeinitFutexNode(nextNode);
            SCHEDULER_UNLOCK(intSave);
-            if (queueList->pstNext != NULL) {
+            if (queueListIsEmpty) {
-                continue;
-            } else {
                return LOS_OK;
            }
+            continue;
        }
        task = OS_TCB_FROM_PENDLIST(LOS_DL_LIST_FIRST(&(nextNode->pendList)));
-        queueList = queueList->pstNext;
+        if (LOS_ListEmpty(queueList)) {
+            queueListIsEmpty = TRUE;
+        } else {
+            queueList = queueList->pstNext;
+        }
        LOS_ListDelete(&nextNode->queueList);
        ret = OsFutexInsertTasktoPendList(&newHeadNode, nextNode, task);
        SCHEDULER_UNLOCK(intSave);
        if (ret != LOS_OK) {
            PRINT_ERR("Futex requeue insert new key failed!\n");
        }
-    } while (queueList->pstNext != NULL);
+    } while (!queueListIsEmpty);
    return LOS_OK;
 }