From eac13a113d55b7634f59b01082f1af22c6157736 Mon Sep 17 00:00:00 2001 From: "chao.an" Date: Tue, 8 Feb 2022 23:24:04 +0800 Subject: [PATCH] net/udp: remove psock hook to avoid invalid reference Signed-off-by: chao.an --- net/udp/udp.h | 6 +++--- net/udp/udp_netpoll.c | 16 +++++++-------- net/udp/udp_recvfrom.c | 19 +++++++++-------- net/udp/udp_sendto_buffered.c | 36 ++++++++++++++------------------- net/udp/udp_sendto_unbuffered.c | 4 ++-- 5 files changed, 37 insertions(+), 44 deletions(-) diff --git a/net/udp/udp.h b/net/udp/udp.h index a5e779b65b..4f6ce5973d 100644 --- a/net/udp/udp.h +++ b/net/udp/udp.h @@ -90,7 +90,7 @@ struct udp_hdr_s; /* Forward reference */ struct udp_poll_s { - FAR struct socket *psock; /* Needed to handle loss of connection */ + FAR struct udp_conn_s *conn; /* Needed to handle loss of connection */ FAR struct net_driver_s *dev; /* Needed to free the callback structure */ struct pollfd *fds; /* Needed to handle poll events */ FAR struct devif_callback_s *cb; /* Needed to teardown the poll */ @@ -375,7 +375,7 @@ void udp_poll(FAR struct net_driver_s *dev, FAR struct udp_conn_s *conn); * write occurs first. * * Input Parameters: - * psock An instance of the internal socket structure. + * conn A reference to UDP connection structure. * * Returned Value: * -ENOSYS (Function not implemented, always have to wait to send). @@ -385,7 +385,7 @@ void udp_poll(FAR struct net_driver_s *dev, FAR struct udp_conn_s *conn); * ****************************************************************************/ -int psock_udp_cansend(FAR struct socket *psock); +int psock_udp_cansend(FAR struct udp_conn_s *conn); /**************************************************************************** * Name: udp_send diff --git a/net/udp/udp_netpoll.c b/net/udp/udp_netpoll.c index f463d2ce36..bb26cf7af2 100644 --- a/net/udp/udp_netpoll.c +++ b/net/udp/udp_netpoll.c @@ -69,7 +69,7 @@ static uint16_t udp_poll_eventhandler(FAR struct net_driver_s *dev, ninfo("flags: %04x\n", flags); - DEBUGASSERT(!info || (info->psock && info->fds)); + DEBUGASSERT(!info || (info->conn && info->fds)); /* 'priv' might be null in some race conditions (?) */ @@ -93,7 +93,7 @@ static uint16_t udp_poll_eventhandler(FAR struct net_driver_s *dev, /* A poll is a sign that we are free to send data. */ - else if (psock_udp_cansend(info->psock) >= 0) + else if (psock_udp_cansend(info->conn) >= 0) { eventset |= (POLLOUT & info->fds->events); } @@ -153,7 +153,7 @@ int udp_pollsetup(FAR struct socket *psock, FAR struct pollfd *fds) /* Find a container to hold the poll information */ info = conn->pollinfo; - while (info->psock != NULL) + while (info->conn != NULL) { if (++info >= &conn->pollinfo[CONFIG_NET_UDP_NPOLLWAITERS]) { @@ -180,9 +180,9 @@ int udp_pollsetup(FAR struct socket *psock, FAR struct pollfd *fds) /* Initialize the poll info container */ - info->psock = psock; - info->fds = fds; - info->cb = cb; + info->conn = conn; + info->fds = fds; + info->cb = cb; /* Initialize the callback structure. Save the reference to the info * structure as callback private data so that it will be available during @@ -218,7 +218,7 @@ int udp_pollsetup(FAR struct socket *psock, FAR struct pollfd *fds) fds->revents |= (POLLRDNORM & fds->events); } - if (psock_udp_cansend(psock) >= 0) + if (psock_udp_cansend(conn) >= 0) { /* Normal data may be sent without blocking (at least one byte). */ @@ -285,7 +285,7 @@ int udp_pollteardown(FAR struct socket *psock, FAR struct pollfd *fds) /* Then free the poll info container */ - info->psock = NULL; + info->conn = NULL; } return OK; diff --git a/net/udp/udp_recvfrom.c b/net/udp/udp_recvfrom.c index bed664189a..e6364fc103 100644 --- a/net/udp/udp_recvfrom.c +++ b/net/udp/udp_recvfrom.c @@ -58,7 +58,7 @@ struct udp_recvfrom_s { - FAR struct socket *ir_sock; /* The parent socket structure */ + FAR struct udp_conn_s *ir_conn; /* Connection associated with the socket */ FAR struct devif_callback_s *ir_cb; /* Reference to callback instance */ sem_t ir_sem; /* Semaphore signals recv completion */ size_t ir_buflen; /* Length of receive buffer */ @@ -181,8 +181,7 @@ static inline void udp_newdata(FAR struct net_driver_s *dev, static inline void udp_readahead(struct udp_recvfrom_s *pstate) { - FAR struct udp_conn_s *conn = (FAR struct udp_conn_s *) - pstate->ir_sock->s_conn; + FAR struct udp_conn_s *conn = pstate->ir_conn; FAR struct iob_s *iob; int recvlen; @@ -325,8 +324,7 @@ static inline void udp_sender(FAR struct net_driver_s *dev, if (infrom) { #ifdef CONFIG_NET_IPv6 - FAR struct udp_conn_s *conn = - (FAR struct udp_conn_s *)pstate->ir_sock->s_conn; + FAR struct udp_conn_s *conn = pstate->ir_conn; /* Hybrid dual-stack IPv6/IPv4 implementations recognize a special * class of addresses, the IPv4-mapped IPv6 addresses. @@ -482,7 +480,7 @@ static uint16_t udp_eventhandler(FAR struct net_driver_s *dev, * Initialize the state structure * * Input Parameters: - * psock Pointer to the socket structure for the socket + * conn The UDP connection of interest * buf Buffer to receive data * len Length of buffer * pstate A pointer to the state structure to be initialized @@ -494,8 +492,9 @@ static uint16_t udp_eventhandler(FAR struct net_driver_s *dev, * ****************************************************************************/ -static void udp_recvfrom_initialize(FAR struct socket *psock, FAR void *buf, - size_t len, FAR struct sockaddr *infrom, +static void udp_recvfrom_initialize(FAR struct udp_conn_s *conn, + FAR void *buf, size_t len, + FAR struct sockaddr *infrom, FAR socklen_t *fromlen, FAR struct udp_recvfrom_s *pstate) { @@ -517,7 +516,7 @@ static void udp_recvfrom_initialize(FAR struct socket *psock, FAR void *buf, /* Set up the start time for the timeout */ - pstate->ir_sock = psock; + pstate->ir_conn = conn; } /* The only un-initialization that has to be performed is destroying the @@ -611,7 +610,7 @@ ssize_t psock_udp_recvfrom(FAR struct socket *psock, FAR void *buf, */ net_lock(); - udp_recvfrom_initialize(psock, buf, len, from, fromlen, &state); + udp_recvfrom_initialize(conn, buf, len, from, fromlen, &state); /* Copy the read-ahead data from the packet */ diff --git a/net/udp/udp_sendto_buffered.c b/net/udp/udp_sendto_buffered.c index 07adf714c8..0f2b2fc749 100644 --- a/net/udp/udp_sendto_buffered.c +++ b/net/udp/udp_sendto_buffered.c @@ -95,8 +95,7 @@ static inline void sendto_ipselect(FAR struct net_driver_s *dev, FAR struct udp_conn_s *conn); #endif -static int sendto_next_transfer(FAR struct socket *psock, - FAR struct udp_conn_s *conn); +static int sendto_next_transfer(FAR struct udp_conn_s *conn); static uint16_t sendto_eventhandler(FAR struct net_driver_s *dev, FAR void *pvconn, FAR void *pvpriv, uint16_t flags); @@ -146,8 +145,7 @@ static uint32_t udp_inqueue_wrb_size(FAR struct udp_conn_s *conn) * Release the write buffer at the head of the write buffer queue. * * Input Parameters: - * dev - The structure of the network driver that caused the event - * psock - Socket state structure + * conn - The UDP connection of interest * * Returned Value: * None @@ -157,8 +155,7 @@ static uint32_t udp_inqueue_wrb_size(FAR struct udp_conn_s *conn) * ****************************************************************************/ -static void sendto_writebuffer_release(FAR struct socket *psock, - FAR struct udp_conn_s *conn) +static void sendto_writebuffer_release(FAR struct udp_conn_s *conn) { FAR struct udp_wrbuffer_s *wrb; int ret = OK; @@ -200,7 +197,7 @@ static void sendto_writebuffer_release(FAR struct socket *psock, * the write buffer queue. */ - ret = sendto_next_transfer(psock, conn); + ret = sendto_next_transfer(conn); } } while (wrb != NULL && ret < 0); @@ -223,7 +220,7 @@ static void sendto_writebuffer_release(FAR struct socket *psock, * * Input Parameters: * dev - The structure of the network driver that caused the event - * psock - Socket state structure + * conn - The UDP connection of interest * * Returned Value: * None @@ -266,7 +263,6 @@ static inline void sendto_ipselect(FAR struct net_driver_s *dev, * the head of the write queue. * * Input Parameters: - * psock - Socket state structure * conn - The UDP connection structure * * Returned Value: @@ -274,8 +270,7 @@ static inline void sendto_ipselect(FAR struct net_driver_s *dev, * ****************************************************************************/ -static int sendto_next_transfer(FAR struct socket *psock, - FAR struct udp_conn_s *conn) +static int sendto_next_transfer(FAR struct udp_conn_s *conn) { FAR struct udp_wrbuffer_s *wrb; FAR struct net_driver_s *dev; @@ -361,7 +356,7 @@ static int sendto_next_transfer(FAR struct socket *psock, /* Set up the callback in the connection */ conn->sndcb->flags = (UDP_POLL | NETDEV_DOWN); - conn->sndcb->priv = (FAR void *)psock; + conn->sndcb->priv = (FAR void *)conn; conn->sndcb->event = sendto_eventhandler; /* Notify the device driver of the availability of TX data */ @@ -394,10 +389,9 @@ static uint16_t sendto_eventhandler(FAR struct net_driver_s *dev, FAR void *pvconn, FAR void *pvpriv, uint16_t flags) { - FAR struct udp_conn_s *conn = (FAR struct udp_conn_s *)pvconn; - FAR struct socket *psock = (FAR struct socket *)pvpriv; + FAR struct udp_conn_s *conn = (FAR struct udp_conn_s *)pvpriv; - DEBUGASSERT(dev != NULL && psock != NULL); + DEBUGASSERT(dev != NULL && conn != NULL); ninfo("flags: %04x\n", flags); @@ -411,7 +405,7 @@ static uint16_t sendto_eventhandler(FAR struct net_driver_s *dev, * the next transfer. */ - sendto_writebuffer_release(psock, psock->s_conn); + sendto_writebuffer_release(conn); return flags; } @@ -492,7 +486,7 @@ static uint16_t sendto_eventhandler(FAR struct net_driver_s *dev, * setup the next transfer. */ - sendto_writebuffer_release(psock, conn); + sendto_writebuffer_release(conn); /* Only one data can be sent by low level driver at once, * tell the caller stop polling the other connections. @@ -826,7 +820,7 @@ ssize_t psock_udp_sendto(FAR struct socket *psock, FAR const void *buf, * the write buffer queue. */ - ret = sendto_next_transfer(psock, conn); + ret = sendto_next_transfer(conn); if (ret < 0) { sq_remlast(&conn->write_q); @@ -859,7 +853,7 @@ errout_with_lock: * another means. * * Input Parameters: - * psock An instance of the internal socket structure. + * conn A reference to UDP connection structure. * * Returned Value: * OK @@ -871,11 +865,11 @@ errout_with_lock: * ****************************************************************************/ -int psock_udp_cansend(FAR struct socket *psock) +int psock_udp_cansend(FAR struct udp_conn_s *conn) { /* Verify that we received a valid socket */ - if (psock == NULL || psock->s_conn == NULL) + if (conn == NULL) { nerr("ERROR: Invalid socket\n"); return -EBADF; diff --git a/net/udp/udp_sendto_unbuffered.c b/net/udp/udp_sendto_unbuffered.c index 871b5bc2bd..d3fa39067d 100644 --- a/net/udp/udp_sendto_unbuffered.c +++ b/net/udp/udp_sendto_unbuffered.c @@ -510,7 +510,7 @@ errout_with_lock: * write occurs first. * * Input Parameters: - * psock An instance of the internal socket structure. + * conn A reference to UDP connection structure. * * Returned Value: * OK (Always can send). @@ -520,7 +520,7 @@ errout_with_lock: * ****************************************************************************/ -int psock_udp_cansend(FAR struct socket *psock) +int psock_udp_cansend(FAR struct udp_conn_s *conn) { return OK; }