Commit Graph

46644 Commits

Author SHA1 Message Date
chao.an
bf6cbbca5d net/tcp: fix devif callback list corruption on tcp_close()
devif_conn_event() will be called recursively in the psock_send_eventhandler(),
if the tcp event tcp_close_eventhandler() is marked as "next" in first devif_conn_event()
and released from sencond recursive call, the "next" event in the first devif_conn_event()
will become a wild pointer.

479 uint16_t devif_conn_event(FAR struct net_driver_s *dev, uint16_t flags,
480                           FAR struct devif_callback_s *list)
481 {
482   FAR struct devif_callback_s *next;
...
488   net_lock();
489   while (list && flags)
490     {
...
496       next = list->nxtconn;  <------------------  event tcp_close_eventhandler() on next
...
500       if (list->event != NULL && devif_event_trigger(flags, list->flags))
501         {
...
507           flags = list->event(dev, list->priv, flags);  <---------------- perform  psock_send_eventhandler(), event tcp_close_eventhandler() will be remove from tcp_lost_connection()
508         }
...
512       list = next;  <---------------- event tcp_close_eventhandler() has been released, wild pointer
513     }
514
515   net_unlock();
516   return flags;
517 }

The callstack as below:

Breakpoint 1, tcp_close_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_close.c:83
(gdb) bt
| #0  tcp_close_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_close.c:83
| #1  0x5658bb57 in devif_conn_event (dev=0x56607d80 <g_sim_dev>, flags=65, list=0x56609498 <g_cbprealloc+312>) at devif/devif_callback.c:507
                    ----------------> devif_conn_event() recursively
| #2  0x56589f8c in tcp_callback (dev=0x56607d80 <g_sim_dev>, conn=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_callback.c:169
| #3  0x565c55e4 in tcp_shutdown_monitor (conn=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_monitor.c:211
| #4  0x565c584b in tcp_lost_connection (conn=0x566084a0 <g_tcp_connections>, cb=0x566094b0 <g_cbprealloc+336>, flags=65) at tcp/tcp_monitor.c:391
| #5  0x565c028a in psock_send_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_send_buffered.c:544
                    ----------------> call psock_send_eventhandler() before tcp_close_eventhandler()
| #6  0x5658bb57 in devif_conn_event (dev=0x56607d80 <g_sim_dev>, flags=65, list=0x566094b0 <g_cbprealloc+336>) at devif/devif_callback.c:507
| #7  0x56589f8c in tcp_callback (dev=0x56607d80 <g_sim_dev>, conn=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_callback.c:169
| #8  0x5658e8cc in tcp_input (dev=0x56607d80 <g_sim_dev>, domain=2 '\002', iplen=20) at tcp/tcp_input.c:1059
| #9  0x5658ed77 in tcp_ipv4_input (dev=0x56607d80 <g_sim_dev>) at tcp/tcp_input.c:1355
| #10 0x5658c0a2 in ipv4_input (dev=0x56607d80 <g_sim_dev>) at devif/ipv4_input.c:358
| #11 0x56577017 in netdriver_recv_work (arg=0x56607d80 <g_sim_dev>) at sim/up_netdriver.c:182
| #12 0x5655999e in work_thread (argc=2, argv=0xf3db5dd0) at wqueue/kwork_thread.c:178
| #13 0x5655983f in nxtask_start () at task/task_start.c:129
(gdb) c
Continuing.
Breakpoint 1, tcp_close_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_close.c:83
(gdb) bt
| #0  tcp_close_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_close.c:83
      ----------------------> "next" corrupted, invaild call tcp_close_eventhandler()
| #1  0x5658bb57 in devif_conn_event (dev=0x56607d80 <g_sim_dev>, flags=65, list=0x56609498 <g_cbprealloc+312>) at devif/devif_callback.c:507
| #2  0x56589f8c in tcp_callback (dev=0x56607d80 <g_sim_dev>, conn=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_callback.c:169
| #3  0x5658e8cc in tcp_input (dev=0x56607d80 <g_sim_dev>, domain=2 '\002', iplen=20) at tcp/tcp_input.c:1059
| #4  0x5658ed77 in tcp_ipv4_input (dev=0x56607d80 <g_sim_dev>) at tcp/tcp_input.c:1355
| #5  0x5658c0a2 in ipv4_input (dev=0x56607d80 <g_sim_dev>) at devif/ipv4_input.c:358
| #6  0x56577017 in netdriver_recv_work (arg=0x56607d80 <g_sim_dev>) at sim/up_netdriver.c:182
| #7  0x5655999e in work_thread (argc=2, argv=0xf3db5dd0) at wqueue/kwork_thread.c:178
| #8  0x5655983f in nxtask_start () at task/task_start.c:129
(gdb) c
Continuing.
[    2.680000] up_assert: Assertion failed at file:devif/devif_callback.c line: 85 task: lpwork

Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-30 19:41:18 +08:00
Huang Qi
28872ca3ed libc: Fix wrong report from UBSan
```
ubsan_prologue: ================================================================================
ubsan_prologue: UBSAN: array-index-out-of-bounds in symtab/symtab_allsyms.c:62:37
__ubsan_handle_out_of_bounds: index 1619 is out of range for type 'symtab_s [1]'
ubsan_epilogue: ================================================================================
```

Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
2022-08-30 19:35:24 +08:00
Huang Qi
7e316d0ba9 compiler.h: Add a new attribute nosanitize_undefined
This allow us to disable UBSan for particular function.

Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
2022-08-30 19:35:24 +08:00
Xiang Xiao
1b04bfae20 sched: Remove the unnecessary weak_function
because not all compiler support the weak attribute, and
many features are either always used or guarded by config.

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2022-08-30 09:42:24 +02:00
Huang Qi
f93964ad3c riscv: Dump trap val in exception handler
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
2022-08-30 14:55:33 +08:00
Nathan Hartman
a0ee5d3747 libc: Port strtod fixes to strtof, strtold and improve comments
* libs/libc/stdlib/lib_strtod.c:
  (strtod): Add a note about limitations of this implementation
   as compared to POSIX in the function's docstring. Also fix a
   typo.

* libs/libc/stdlib/lib_strtof.c:
  (strtof): Port the changes made to strtod in PR-6952 (commit
   c83985c5ce) and add same note as above to docstring.

* libs/libc/stdlib/lib_strtold.c:
  (strtold): Same changes as strtof.
2022-08-30 09:47:50 +08:00
Fotis Panagiotopoulos
c83985c5ce Fixes in strtod parser. 2022-08-29 17:13:11 -03:00
Eero Nurkkala
3665180795 risc-v/mpfs: usb: fix cppcheck findings
Fix the following cppcheck findings. Privreq may be NULL,
thus perform checks before using its member variables.

Checking mpfs_usb.c ...
mpfs_usb.c:1093:12: warning: Possible null pointer dereference: privreq [nullPointer]
      if ((privreq->inflight > 0) && (count != 0) &&
           ^
mpfs_usb.c:1090:21: note: Assignment 'privreq=NULL', assigned value is 0
          privreq = NULL;
                    ^
mpfs_usb.c:1093:12: note: Null pointer dereference
      if ((privreq->inflight > 0) && (count != 0) &&
           ^
mpfs_usb.c:1138:3: warning: Possible null pointer dereference: privreq [nullPointer]
  privreq->req.xfrd = 0;
  ^
mpfs_usb.c:1130:21: note: Assignment 'privreq=NULL', assigned value is 0
          privreq = NULL;
                    ^
mpfs_usb.c:1138:3: note: Null pointer dereference
  privreq->req.xfrd = 0;
  ^
mpfs_usb.c:1139:3: warning: Possible null pointer dereference: privreq [nullPointer]
  privreq->inflight = privreq->req.len;
  ^
mpfs_usb.c:1130:21: note: Assignment 'privreq=NULL', assigned value is 0
          privreq = NULL;
                    ^
mpfs_usb.c:1139:3: note: Null pointer dereference
  privreq->inflight = privreq->req.len;
  ^
mpfs_usb.c:1140:50: warning: Possible null pointer dereference: privreq [nullPointer]
  priv->eplist[epno].descb[0]->addr = (uintptr_t)privreq->req.buf;
                                                 ^
mpfs_usb.c:1130:21: note: Assignment 'privreq=NULL', assigned value is 0
          privreq = NULL;
                    ^
mpfs_usb.c:1140:50: note: Null pointer dereference
  priv->eplist[epno].descb[0]->addr = (uintptr_t)privreq->req.buf;

Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
2022-08-30 01:41:28 +08:00
Xiang Xiao
3b0516f6a2 libc/crc: Add full suffix to avoid the the penitential symbol collision
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2022-08-29 18:06:53 +02:00
Alex
767ab06ecd Update build.yml
Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com>
2022-08-29 21:36:04 +08:00
Eero Nurkkala
90d9b6b8ac risc-v/mpfs: usb: fix infinite loop issue
mpfs_write_tx_fifo() gets stuck in the following case:
  - CDCACM is used
  - ttyACM0 is opened and then closed from the remote end,
    such as Linux or Windows
  - data is written into ttyACM0 from NuttX
  - tx fifo will never get empty and the system is stuck

Fix this by issuing an error code if the transmit fifo doesn't
proceed as expected. The error code is then propagated into
higher level keeping the system functional.

Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
2022-08-29 21:35:54 +08:00
Huang Qi
a97a6e1539 sim: Add a new config minmea to detect build break
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
2022-08-29 18:08:53 +08:00
xiaoxiang
5548676ab5 sched: Fix macro "SCHED_NOTE_PRINTF" requires 3 argumnets, but only 1 given
Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-29 12:04:50 +02:00
Xiang Xiao
8e895fee76 borads/z80: Remove the woraround for CHECK_[ALLOC|FREE]NODE_SIZE
since both macros are removed by:
https://github.com/apache/incubator-nuttx/pull/5585

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2022-08-28 06:35:16 +02:00
Xiang Xiao
c7f9d9b150 borads/z80: Remove the known issue about lib_strtof.c
since it's fixed by:
https://github.com/apache/incubator-nuttx/pull/6909

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2022-08-28 06:35:16 +02:00
Huang Qi
e0185faa78 Don't download tarballs if a local git repo found
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
2022-08-28 03:07:58 +08:00
Xiang Xiao
38af5befad bt_bridge: Fix error: address argument to atomic operation must be a pointer to _Atomic type
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2022-08-27 22:38:43 +08:00
chengkai
b352a625bf arch/sim: add bth4 bridge codes
Signed-off-by: chengkai <chengkai@xiaomi.com>
2022-08-27 22:38:43 +08:00
raiden00pl
d7e2704dff arch/stm32/stm32_adc.c: cosmetics 2022-08-27 20:40:06 +08:00
raiden00pl
b01ea50e44 arch/stm32/stm32_foc.c: cosmetics 2022-08-27 20:40:06 +08:00
raiden00pl
c563d8a993 arch/stm32/stm32_pwm.c: cosmetics 2022-08-27 20:40:06 +08:00
raiden00pl
9a85a0959a stm32/Kconfig: remove the unnecessary option 2022-08-27 20:40:06 +08:00
ligd
51d31cc4a2 cpuload: fix cpuload error
Signed-off-by: ligd <liguiding1@xiaomi.com>
2022-08-27 20:39:41 +08:00
chengkai
40f7872668 wireless/bluetooth:add btsnoop for bt bridge
Signed-off-by: chengkai <chengkai@xiaomi.com>
2022-08-27 15:57:30 +08:00
chengkai
7a7b5e5779 wireless/bluetooth:add bt bridge codes
Signed-off-by: chengkai <chengkai@xiaomi.com>
2022-08-27 15:57:30 +08:00
zouboan
b933ea63c4 as5048b.c: change initialization of struct to C89 standard 2022-08-27 07:24:21 +02:00
Gustavo Henrique Nihei
a5fd1140cb arch/xtensa: Remove non-existent ARCH_HAVE_TESTSET support for ESP32-S2
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2022-08-27 06:14:57 +02:00
Fotis Panagiotopoulos
4b6d4de972 sim: Added gcov dump on application exit. 2022-08-26 23:58:30 +08:00
yangxuan8282
9c0b71469c fs/aio: fix typo ail 2022-08-26 20:58:45 +08:00
chao.an
162fcd10ca net: cleanup pvconn reference to avoid confuse
More reference:
https://github.com/apache/incubator-nuttx/pull/5252
https://github.com/apache/incubator-nuttx/pull/5434

Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-26 20:58:11 +08:00
chao.an
ea621599fd net: remove pvconn reference from all devif callback
Do not use 'pvconn' argument to get the connection pointer since
pvconn is normally NULL for some events like NETDEV_DOWN.
Instead, the connection pointer can be reliably obtained from the
corresponding private pointer.

Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-26 20:58:11 +08:00
Michael Jung
1ad066955f Avoid assertion violation in case of kmm_free(NULL)
It is ok to call kmm_free with a NULL pointer.  Thus adopt the
DEBUGASSERT statement to cover this case.

Signed-off-by: Michael Jung <michael.jung@secore.ly>
2022-08-26 20:47:05 +08:00
yangxuan8282
2d32ebe952 arch/arm/src/stm32f7/stm32_otghost.c: fix syslog formats 2022-08-26 20:46:50 +08:00
Huang Qi
a1afd66d19 boards/k210/maix-bit: Fix a typo in README
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
2022-08-26 20:46:34 +08:00
yangxuan8282
448c53a6f6 boards/arm/stm32f7/nucleo-144/src/stm32_usb.c: fix CONFIG_STM32F4DISCO_USBHOST_PRIO && CONFIG_STM32F4DISCO_USBHOST_STACKSIZE 2022-08-26 20:46:18 +08:00
Masayuki Ishikawa
e68c975c41 boards: lm3s6965-ek: Fix to load ELF applications for qemu-protected
Summary:
- I noticed that error happens in loading nettest elf application.
- This commit fixes this issue by adding SYMTAB to the NSH
  as well as adjusting some parameters in CONFIG_ELF_XXX
- Also, CONFIG_EXAMPLES_HELLO is changed from y to m for testing.

Impact:
- lm3s6965-ek:qemu-protected only

Tested:
- Tested with qemu-6.2

Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
2022-08-26 18:11:42 +08:00
chao.an
77a99acc98 net/icmpv6: fix build break "duplicate macro parameter"
Error: net/icmpv6/icmpv6.h:442:33: error: duplicate macro parameter "d"
 #  define icmpv6_setaddresses(d,d,p,p) (0)

Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-26 10:00:22 +02:00
zhanghongyu
cc421e43e4 icmpv6: add NTOHL when parse ICMPV6 option MTU
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-26 10:00:22 +02:00
luojun1
00cf3e559d update IPv6 NIC parameters unconditionally when ICMPv6 RA is received
Signed-off-by: luojun1 <luojun1@xiaomi.com>
Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-26 10:00:22 +02:00
luojun1
7c2986bb34 finetune the RA parsing procedure
Signed-off-by: luojun1 <luojun1@xiaomi.com>
Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-26 10:00:22 +02:00
Simon Filgis
423ee67554 Double the MMCSD_IDLE_DELAY from 50ms to 100ms because I found one card that needs this to work after initial CMD0. 2022-08-26 13:37:08 +08:00
Gustavo Henrique Nihei
2fb8af0c20 xtensa: Refactor up_fpucmp to only consider enabled coprocessors
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2022-08-26 11:57:06 +08:00
Gustavo Henrique Nihei
fe2d37aa33 xtensa: Fix allocation of FPU registers in exception context
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2022-08-26 11:57:06 +08:00
Gustavo Henrique Nihei
5ed2ee85c9 arch: Improve documentation for up_fpucmp function
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2022-08-26 11:57:06 +08:00
Gustavo Henrique Nihei
e31e69aa30 xtensa: Fix comparison result for up_fpucmp function
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2022-08-26 11:57:06 +08:00
Takayoshi Koizumi
ea5ba0113e spresense/configs: Add fmsynth defconfig
Add a defconfig for using fmsynth audio utility library.
2022-08-26 11:12:15 +09:00
Eero Nurkkala
71ace555f2 risc-v/mpfs: ihc: fix performance issue
nxsig_usleep() will wait for the next timer tick which is way
too much here. It's not sleeping 100 us, but rather, near 1/60 s.

This causes severe performance problems. Fix this by polling the
register for a while if the remote end is busy.

Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
2022-08-26 02:12:26 +08:00
Xiang Xiao
130b196876 Refine how to specify iob and ramlog data section
1.Remove the default value(.bss)
2.Remove !ARCH_SIM dependence

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2022-08-25 14:05:17 +02:00
Fotis Panagiotopoulos
9bc47ecdce Added lock in ifr ioctl calls. 2022-08-25 14:02:20 +02:00
chao.an
9cb17841d8 net/sockopt: move BINDTODEVICE to socket level
rename the UDP_BINDTODEVICE to SO_BINDTODEVICE to follow the linux
style to be compatible with non-UDP protocol binding requirements

Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-25 17:56:52 +08:00