提交 7e2aef24 编写于 作者: C Caoruihong

fix: race condition in liteipc

global data should be accessed in protection

fix: #I3PW5Y
Change-Id: I9dfa09992eb8e78935ed367240628300fc033193
Signed-off-by: NCaoruihong <crh.cao@huawei.com>
上级 91696370
...@@ -70,11 +70,11 @@ typedef struct { ...@@ -70,11 +70,11 @@ typedef struct {
VOID *ptr; VOID *ptr;
} IpcUsedNode; } IpcUsedNode;
LosMux g_serviceHandleMapMux; STATIC LosMux g_serviceHandleMapMux;
#if (USE_TASKID_AS_HANDLE == YES) #if (USE_TASKID_AS_HANDLE == YES)
HandleInfo g_cmsTask; STATIC HandleInfo g_cmsTask;
#else #else
HandleInfo g_serviceHandleMap[MAX_SERVICE_NUM]; STATIC HandleInfo g_serviceHandleMap[MAX_SERVICE_NUM];
#endif #endif
STATIC LOS_DL_LIST g_ipcPendlist; STATIC LOS_DL_LIST g_ipcPendlist;
STATIC LOS_DL_LIST g_ipcUsedNodelist[LOSCFG_BASE_CORE_PROCESS_LIMIT]; STATIC LOS_DL_LIST g_ipcUsedNodelist[LOSCFG_BASE_CORE_PROCESS_LIMIT];
...@@ -408,41 +408,44 @@ LITE_OS_SEC_TEXT STATIC UINT32 GetTid(UINT32 serviceHandle, UINT32 *taskID) ...@@ -408,41 +408,44 @@ LITE_OS_SEC_TEXT STATIC UINT32 GetTid(UINT32 serviceHandle, UINT32 *taskID)
if (serviceHandle >= MAX_SERVICE_NUM) { if (serviceHandle >= MAX_SERVICE_NUM) {
return -EINVAL; return -EINVAL;
} }
(VOID)LOS_MuxLock(&g_serviceHandleMapMux, LOS_WAIT_FOREVER);
#if (USE_TASKID_AS_HANDLE == YES) #if (USE_TASKID_AS_HANDLE == YES)
*taskID = serviceHandle ? serviceHandle : g_cmsTask.taskID; *taskID = serviceHandle ? serviceHandle : g_cmsTask.taskID;
(VOID)LOS_MuxUnlock(&g_serviceHandleMapMux);
return LOS_OK; return LOS_OK;
#else #else
if (g_serviceHandleMap[serviceHandle].status == HANDLE_REGISTED) { if (g_serviceHandleMap[serviceHandle].status == HANDLE_REGISTED) {
*taskID = g_serviceHandleMap[serviceHandle].taskID; *taskID = g_serviceHandleMap[serviceHandle].taskID;
(VOID)LOS_MuxUnlock(&g_serviceHandleMapMux);
return LOS_OK; return LOS_OK;
} }
(VOID)LOS_MuxUnlock(&g_serviceHandleMapMux);
return -EINVAL; return -EINVAL;
#endif #endif
} }
LITE_OS_SEC_TEXT STATIC UINT32 GenerateServiceHandle(UINT32 taskID, HandleStatus status, UINT32 *serviceHandle) LITE_OS_SEC_TEXT STATIC UINT32 GenerateServiceHandle(UINT32 taskID, HandleStatus status, UINT32 *serviceHandle)
{ {
(VOID)LOS_MuxLock(&g_serviceHandleMapMux, LOS_WAIT_FOREVER);
#if (USE_TASKID_AS_HANDLE == YES) #if (USE_TASKID_AS_HANDLE == YES)
*serviceHandle = taskID ? taskID : LOS_CurTaskIDGet(); /* if taskID is 0, return curTaskID */ *serviceHandle = taskID ? taskID : LOS_CurTaskIDGet(); /* if taskID is 0, return curTaskID */
if (*serviceHandle == g_cmsTask.taskID) { if (*serviceHandle != g_cmsTask.taskID) {
return -EINVAL; (VOID)LOS_MuxUnlock(&g_serviceHandleMapMux);
}
return LOS_OK; return LOS_OK;
}
#else #else
UINT32 i; for (UINT32 i = 1; i < MAX_SERVICE_NUM; i++) {
(VOID)LOS_MuxLock(&g_serviceHandleMapMux, LOS_WAIT_FOREVER);
for (i = 1; i < MAX_SERVICE_NUM; i++) {
if (g_serviceHandleMap[i].status == HANDLE_NOT_USED) { if (g_serviceHandleMap[i].status == HANDLE_NOT_USED) {
g_serviceHandleMap[i].taskID = taskID; g_serviceHandleMap[i].taskID = taskID;
g_serviceHandleMap[i].status = status; g_serviceHandleMap[i].status = status;
*serviceHandle = i; *serviceHandle = i;
(VOID)LOS_MuxUnLock(&g_serviceHandleMapMux); (VOID)LOS_MuxUnlock(&g_serviceHandleMapMux);
return LOS_OK; return LOS_OK;
} }
} }
#endif
(VOID)LOS_MuxUnlock(&g_serviceHandleMapMux); (VOID)LOS_MuxUnlock(&g_serviceHandleMapMux);
return -EINVAL; return -EINVAL;
#endif
} }
LITE_OS_SEC_TEXT STATIC VOID RefreshServiceHandle(UINT32 serviceHandle, UINT32 result) LITE_OS_SEC_TEXT STATIC VOID RefreshServiceHandle(UINT32 serviceHandle, UINT32 result)
...@@ -627,21 +630,29 @@ LITE_OS_SEC_TEXT STATIC UINT32 SetCms(UINTPTR maxMsgSize) ...@@ -627,21 +630,29 @@ LITE_OS_SEC_TEXT STATIC UINT32 SetCms(UINTPTR maxMsgSize)
LITE_OS_SEC_TEXT STATIC BOOL IsCmsSet(VOID) LITE_OS_SEC_TEXT STATIC BOOL IsCmsSet(VOID)
{ {
BOOL ret;
(VOID)LOS_MuxLock(&g_serviceHandleMapMux, LOS_WAIT_FOREVER);
#if (USE_TASKID_AS_HANDLE == YES) #if (USE_TASKID_AS_HANDLE == YES)
return g_cmsTask.status == HANDLE_REGISTED; ret = g_cmsTask.status == HANDLE_REGISTED;
#else #else
return g_serviceHandleMap[0].status == HANDLE_REGISTED; ret = g_serviceHandleMap[0].status == HANDLE_REGISTED;
#endif #endif
(VOID)LOS_MuxUnlock(&g_serviceHandleMapMux);
return ret;
} }
LITE_OS_SEC_TEXT STATIC BOOL IsCmsTask(UINT32 taskID) LITE_OS_SEC_TEXT STATIC BOOL IsCmsTask(UINT32 taskID)
{ {
BOOL ret;
(VOID)LOS_MuxLock(&g_serviceHandleMapMux, LOS_WAIT_FOREVER);
#if (USE_TASKID_AS_HANDLE == YES) #if (USE_TASKID_AS_HANDLE == YES)
return IsCmsSet() ? (OS_TCB_FROM_TID(taskID)->processID == OS_TCB_FROM_TID(g_cmsTask.taskID)->processID) : FALSE; ret = IsCmsSet() ? (OS_TCB_FROM_TID(taskID)->processID == OS_TCB_FROM_TID(g_cmsTask.taskID)->processID) : FALSE;
#else #else
return IsCmsSet() ? (OS_TCB_FROM_TID(taskID)->processID == ret = IsCmsSet() ? (OS_TCB_FROM_TID(taskID)->processID ==
OS_TCB_FROM_TID(g_serviceHandleMap[0].taskID)->processID) : FALSE; OS_TCB_FROM_TID(g_serviceHandleMap[0].taskID)->processID) : FALSE;
#endif #endif
(VOID)LOS_MuxUnlock(&g_serviceHandleMapMux);
return ret;
} }
LITE_OS_SEC_TEXT STATIC BOOL IsTaskAlive(UINT32 taskID) LITE_OS_SEC_TEXT STATIC BOOL IsTaskAlive(UINT32 taskID)
...@@ -816,9 +827,12 @@ LITE_OS_SEC_TEXT STATIC UINT32 CheckMsgSize(IpcMsg *msg) ...@@ -816,9 +827,12 @@ LITE_OS_SEC_TEXT STATIC UINT32 CheckMsgSize(IpcMsg *msg)
totalSize += obj->content.ptr.buffSz; totalSize += obj->content.ptr.buffSz;
} }
} }
(VOID)LOS_MuxUnlock(&g_serviceHandleMapMux);
if (totalSize > g_cmsTask.maxMsgSize) { if (totalSize > g_cmsTask.maxMsgSize) {
(VOID)LOS_MuxUnlock(&g_serviceHandleMapMux);
return -EINVAL; return -EINVAL;
} }
(VOID)LOS_MuxUnlock(&g_serviceHandleMapMux);
return LOS_OK; return LOS_OK;
} }
...@@ -1200,7 +1214,9 @@ LITE_OS_SEC_TEXT STATIC UINT32 HandleCmsCmd(CmsCmdContent *content) ...@@ -1200,7 +1214,9 @@ LITE_OS_SEC_TEXT STATIC UINT32 HandleCmsCmd(CmsCmdContent *content)
if (ret == LOS_OK) { if (ret == LOS_OK) {
ret = copy_to_user((void *)content, (const void *)(&localContent), sizeof(CmsCmdContent)); ret = copy_to_user((void *)content, (const void *)(&localContent), sizeof(CmsCmdContent));
} }
(VOID)LOS_MuxLock(&g_serviceHandleMapMux, LOS_WAIT_FOREVER);
AddServiceAccess(g_cmsTask.taskID, localContent.serviceHandle); AddServiceAccess(g_cmsTask.taskID, localContent.serviceHandle);
(VOID)LOS_MuxUnlock(&g_serviceHandleMapMux);
break; break;
case CMS_REMOVE_HANDLE: case CMS_REMOVE_HANDLE:
if (localContent.serviceHandle >= MAX_SERVICE_NUM) { if (localContent.serviceHandle >= MAX_SERVICE_NUM) {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册