From 80f1868e980b9b59db03b807cd0550bf34970576 Mon Sep 17 00:00:00 2001
From: hw_llm <liu.limin@huawei.com>
Date: Fri, 27 Dec 2024 10:41:24 +0800
Subject: [PATCH] =?UTF-8?q?Description:=20SysEpollWait=20&=20SysEpollPWait?=
 =?UTF-8?q?=20cpy=5Ffrom=5Fuser=20=E6=BC=8F=E6=B4=9E=E4=BF=AE=E6=94=B9=20I?=
 =?UTF-8?q?ssueNo:=20https://gitee.com/openharmony/kernel=5Fliteos=5Fa/iss?=
 =?UTF-8?q?ues/IBEB48=20Feature=20Or=20Bugfix:=20Bugfix=20Binary=20Source:?=
 =?UTF-8?q?=20No=20Signed-off-by:=20hw=5Fllm=20<liu.limin@huawei.com>=20?=
 =?UTF-8?q?=EF=BC=88cherry=20picked=20commit=20from=20<gitee.com//openharm?=
 =?UTF-8?q?ony/kernel=5Fliteos=5Fa/commit/5ad72578c1f247771a46a1cd0e81e0bf?=
 =?UTF-8?q?e443f9dc>?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 syscall/fs_syscall.c | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/syscall/fs_syscall.c b/syscall/fs_syscall.c
index eec9b5b4..697a9bd0 100644
--- a/syscall/fs_syscall.c
+++ b/syscall/fs_syscall.c
@@ -59,6 +59,7 @@
 
 #define HIGH_SHIFT_BIT 32
 #define TIMESPEC_TIMES_NUM  2
+#define EPOLL_DEFAULT_SIZE  100
 
 static int CheckNewAttrTime(struct IATTR *attr, struct timespec times[TIMESPEC_TIMES_NUM])
 {
@@ -2797,8 +2798,13 @@ int SysEpollWait(int epfd, struct epoll_event *evs, int maxevents, int timeout)
 {
     int ret = 0;
 
-    CHECK_ASPACE(evs, sizeof(struct epoll_event));
-    CPY_FROM_USER(evs);
+    if ((maxevents <= 0) || (maxevents > EPOLL_DEFAULT_SIZE)) {
+        ret = -EINVAL;
+        goto OUT;
+    }
+
+    CHECK_ASPACE(evs, sizeof(struct epoll_event) * maxevents);
+    DUP_FROM_USER_NOCOPY(evs, sizeof(struct epoll_event) * maxevents);
 
     epfd = GetAssociatedSystemFd(epfd);
     if  (epfd < 0) {
@@ -2811,7 +2817,8 @@ int SysEpollWait(int epfd, struct epoll_event *evs, int maxevents, int timeout)
         ret = -get_errno();
     }
 
-    CPY_TO_USER(evs);
+    DUP_TO_USER(evs, sizeof(struct epoll_event) * ret);
+    FREE_DUP(evs);
 OUT:
     return (ret == -1) ? -get_errno() : ret;
 }
@@ -2822,6 +2829,11 @@ int SysEpollPwait(int epfd, struct epoll_event *evs, int maxevents, int timeout,
     sigset_t_l setl;
     int ret = 0;
 
+    if ((maxevents <= 0) || (maxevents > EPOLL_DEFAULT_SIZE)) {
+        ret = -EINVAL;
+        goto OUT;
+    }
+
     CHECK_ASPACE(mask, sizeof(sigset_t));
 
     if (mask != NULL) {
@@ -2831,8 +2843,8 @@ int SysEpollPwait(int epfd, struct epoll_event *evs, int maxevents, int timeout,
         }
     }
 
-    CHECK_ASPACE(evs, sizeof(struct epoll_event));
-    CPY_FROM_USER(evs);
+    CHECK_ASPACE(evs, sizeof(struct epoll_event) * maxevents);
+    DUP_FROM_USER_NOCOPY(evs, sizeof(struct epoll_event) * maxevents);
 
     epfd = GetAssociatedSystemFd(epfd);
     if (epfd < 0) {
@@ -2848,7 +2860,8 @@ int SysEpollPwait(int epfd, struct epoll_event *evs, int maxevents, int timeout,
 
     OsSigprocMask(SIG_SETMASK, &origMask, NULL);
 
-    CPY_TO_USER(evs);
+    DUP_TO_USER(evs, sizeof(struct epoll_event) * ret);
+    FREE_DUP(evs);
 OUT:
     return (ret == -1) ? -get_errno() : ret;
 }
-- 
Gitee