[Do not merge]fs/mqueue/mq_check.c: group level error check for mq operations

os/fs/mqueue/mq_close.c

@@ -60,10 +60,13 @@
 #include <mqueue.h>
 #include <assert.h>
 #include <debug.h>
+#include <stdio.h>
+#include <errno.h>
 
 #include <tinyara/kmalloc.h>
 #include <tinyara/sched.h>
 #include <tinyara/mqueue.h>
+#include <tinyara/arch.h>
 
 #include "inode/inode.h"
 #include "mqueue/mqueue.h"
@@ -72,6 +75,52 @@
  * Public Functions
  ****************************************************************************/
 
+/************************************************************************
+ * Name: mq_desc_in_grouplist
+ *
+ * Description:
+ *   This function checks if a message queue descriptor is present in the
+ *   calling task's group list of mq des.
+ *
+ * Parameters:
+ *   mqdes - Message queue descriptor
+ *
+ * Return Value:
+ *   OK - if mqdes is present in the calling task group list of mqdes
+ *   EBADF - if mqdes is not present in the calling task group of mqdes
+ *
+ ************************************************************************/
+
+int mq_desc_in_grouplist(mqd_t mqdes)
+{
+	int ret = -EBADF;
+    	mqd_t mqdes_ptr;
+
+	/* If we are in irq hanlder, then we must NOT perform this check.
+	 * Because in irq handler, we will not be able to find which task or
+	 * task's group opened the current mqdes */
+	if (up_interrupt_context()) {
+		return OK;
+	}
+
+	FAR struct task_group_s *group = sched_self()->group;
+
+	DEBUGASSERT(mqdes != NULL && group != NULL);
+
+    	sched_lock();
+    	mqdes_ptr = (mqd_t)sq_peek(&group->tg_msgdesq);
+    	while (mqdes_ptr) {
+        	if (mqdes_ptr == mqdes) {
+            		ret = OK;
+            		break;
+        	}
+        	mqdes_ptr = (mqd_t)sq_next(mqdes_ptr);
+    	}
+    	sched_unlock();
+
+	return ret;
+}
+
 /****************************************************************************
  * Name: mq_close_group
  *
@@ -96,7 +145,6 @@ int mq_close_group(mqd_t mqdes, FAR struct task_group_s *group)
 	int ret = OK;
 	FAR struct mqueue_inode_s *msgq;
 	FAR struct inode *inode;
-	mqd_t mqdes_ptr;
 
 	DEBUGASSERT(mqdes != NULL && group != NULL);
 
@@ -105,17 +153,8 @@ int mq_close_group(mqd_t mqdes, FAR struct task_group_s *group)
 	if (mqdes) {
 		sched_lock();
 
-		/* Check that mqdes is in one's group */
-		mqdes_ptr = (mqd_t)sq_peek(&group->tg_msgdesq);
-		while (mqdes_ptr) {
-			if (mqdes_ptr == mqdes) {
-				break;
-			}
-			mqdes_ptr = (mqd_t)sq_next(mqdes_ptr);
-		}
-
 		/* If there is no mqdes in one's group, skip to desclose and inode release. */
-		if (mqdes_ptr != NULL) {
+		if (mq_desc_in_grouplist(mqdes) == OK) {
 
 			/* Find the message queue associated with the message descriptor */
 

os/fs/mqueue/mq_open.c

@@ -164,6 +164,7 @@ mqd_t mq_open(FAR const char *mq_name, int oflags, ...)
 			errcode = ENOMEM;
 			goto errout_with_inode;
 		}
+		inode->i_crefs++;
 	} else {
 		/* The mqueue does not exists.  Were we asked to create it? */
 

os/include/mqueue.h

@@ -188,6 +188,11 @@ int mq_setattr(mqd_t mqdes, FAR const struct mq_attr *mq_stat, FAR struct mq_att
  * @since TizenRT v1.0
  */
 int mq_getattr(mqd_t mqdes, FAR struct mq_attr *mq_stat);
+/**
+ * @brief check mq descriptor in calling task's group's list of mq descriptors
+ * @details @b #include <mqueue.h> \n
+ */
+int mq_desc_in_grouplist(mqd_t mqdes);
 
 #undef EXTERN
 #ifdef __cplusplus

os/kernel/mqueue/mq_getattr.c

@@ -57,6 +57,7 @@
 #include <tinyara/config.h>
 
 #include <mqueue.h>
+#include <errno.h>
 #include <tinyara/mqueue.h>
 
 /************************************************************************
@@ -105,6 +106,11 @@ int mq_getattr(mqd_t mqdes, struct mq_attr *mq_stat)
 {
 	int ret = ERROR;
 
+	if (mq_desc_in_grouplist(mqdes) != OK) {
+		set_errno(EBADF);
+		return ERROR;
+	}
+
 	if (mqdes && mq_stat) {
 		/* Return the attributes */
 

os/kernel/mqueue/mq_notify.c

@@ -161,6 +161,11 @@ int mq_notify(mqd_t mqdes, const struct sigevent *notification)
 		return ERROR;
 	}
 
+	if (mq_desc_in_grouplist(mqdes) != OK) {
+		set_errno(EBADF);
+		return ERROR;
+	}
+
 	/* Get a pointer to the message queue */
 
 	msgq = mqdes->msgq;

os/kernel/mqueue/mq_receive.c

@@ -125,6 +125,7 @@
  *            message queue.
  *   EINTR    The call was interrupted by a signal handler.
  *   EINVAL   Invalid 'msg' or 'mqdes'
+ *   EBADF    Mqdes is not present in calling task group's mq list.
  *
  * Assumptions:
  *
@@ -145,6 +146,12 @@ ssize_t mq_receive(mqd_t mqdes, FAR char *msg, size_t msglen, FAR int *prio)
 	/* mq_receive() is a cancellation point */
 	(void)enter_cancellation_point();
 
+	if (mq_desc_in_grouplist(mqdes) != OK) {
+		leave_cancellation_point();
+		set_errno(EBADF);
+		return ERROR;
+	}
+
 	if (mq_verifyreceive(mqdes, msg, msglen) != OK) {
 		leave_cancellation_point();
 		return ERROR;

os/kernel/mqueue/mq_send.c

@@ -124,6 +124,7 @@
  *   EAGAIN   The queue was empty, and the O_NONBLOCK flag was set for the
  *            message queue description referred to by mqdes.
  *   EINVAL   Either msg or mqdes is NULL or the value of prio is invalid.
+ *   EBADF    Mqdes is not present in calling task group's mq list.
  *   EPERM    Message queue opened not opened for writing.
  *   EMSGSIZE 'msglen' was greater than the maxmsgsize attribute of the
  *            message queue.
@@ -149,6 +150,12 @@ int mq_send(mqd_t mqdes, FAR const char *msg, size_t msglen, int prio)
 	/* mq_send() is a cancellation point */
 	(void)enter_cancellation_point();
 
+	if (mq_desc_in_grouplist(mqdes) != OK) {
+		leave_cancellation_point();
+		set_errno(EBADF);
+		return ERROR;
+	}
+
 	if (mq_verifysend(mqdes, msg, msglen, prio) != OK) {
 		leave_cancellation_point();
 		return ERROR;

os/kernel/mqueue/mq_setattr.c

@@ -58,6 +58,7 @@
 
 #include <fcntl.h>				/* O_NONBLOCK */
 #include <mqueue.h>
+#include <errno.h>
 
 #include <tinyara/mqueue.h>
 
@@ -114,6 +115,11 @@ int mq_setattr(mqd_t mqdes, const struct mq_attr *mq_stat, struct mq_attr *oldst
 {
 	int ret = ERROR;
 
+	if (mq_desc_in_grouplist(mqdes) != OK) {
+		set_errno(EBADF);
+		return ERROR;
+	}
+
 	if (mqdes && mq_stat) {
 		/* Return the attributes if so requested */
 

os/kernel/mqueue/mq_timedreceive.c

@@ -190,6 +190,7 @@ static void mq_rcvtimeout(int argc, uint32_t pid)
  *             message queue.
  *   EINTR     The call was interrupted by a signal handler.
  *   EINVAL    Invalid 'msg' or 'mqdes' or 'abstime'
+ *   EBADF     Mqdes is not present in calling task group's mq list.
  *   ETIMEDOUT The call timed out before a message could be transferred.
  *   ENOMEM    The system lacks sufficient memory resources for watchdog.
  *
@@ -209,6 +210,12 @@ ssize_t mq_timedreceive(mqd_t mqdes, FAR char *msg, size_t msglen, FAR int *prio
 	/* mq_timedreceive() is not a cancellation point */
 	(void)enter_cancellation_point();
 
+	if (mq_desc_in_grouplist(mqdes) != OK) {
+		leave_cancellation_point();
+		set_errno(EBADF);
+		return ERROR;
+	}
+
 	/* Verify the input parameters and, in case of an error, set
 	 * errno appropriately.
 	 */

os/kernel/mqueue/mq_timedsend.c

@@ -188,6 +188,7 @@ static void mq_sndtimeout(int argc, uint32_t pid)
  *   EAGAIN   The queue was empty, and the O_NONBLOCK flag was set for the
  *            message queue description referred to by mqdes.
  *   EINVAL   Either msg or mqdes is NULL or the value of prio is invalid.
+ *   EBADF    Mqdes is not present in calling task group's mq list.
  *   EPERM    Message queue opened not opened for writing.
  *   EMSGSIZE 'msglen' was greater than the maxmsgsize attribute of the
  *            message queue.
@@ -212,6 +213,12 @@ int mq_timedsend(mqd_t mqdes, FAR const char *msg, size_t msglen, int prio, FAR
 	/* mq_timedsend() is a cancellation point */
 	(void)enter_cancellation_point();
 
+	if (mq_desc_in_grouplist(mqdes) != OK) {
+		leave_cancellation_point();
+		set_errno(EBADF);
+		return ERROR;
+	}
+
 	/* Verify the input parameters -- setting errno appropriately
 	 * on any failures to verify.
 	 */