chao.an
bf6cbbca5d
net/tcp: fix devif callback list corruption on tcp_close()
...
devif_conn_event() will be called recursively in the psock_send_eventhandler(),
if the tcp event tcp_close_eventhandler() is marked as "next" in first devif_conn_event()
and released from sencond recursive call, the "next" event in the first devif_conn_event()
will become a wild pointer.
479 uint16_t devif_conn_event(FAR struct net_driver_s *dev, uint16_t flags,
480 FAR struct devif_callback_s *list)
481 {
482 FAR struct devif_callback_s *next;
...
488 net_lock();
489 while (list && flags)
490 {
...
496 next = list->nxtconn; <------------------ event tcp_close_eventhandler() on next
...
500 if (list->event != NULL && devif_event_trigger(flags, list->flags))
501 {
...
507 flags = list->event(dev, list->priv, flags); <---------------- perform psock_send_eventhandler(), event tcp_close_eventhandler() will be remove from tcp_lost_connection()
508 }
...
512 list = next; <---------------- event tcp_close_eventhandler() has been released, wild pointer
513 }
514
515 net_unlock();
516 return flags;
517 }
The callstack as below:
Breakpoint 1, tcp_close_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_close.c:83
(gdb) bt
| #0 tcp_close_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_close.c:83
| #1 0x5658bb57 in devif_conn_event (dev=0x56607d80 <g_sim_dev>, flags=65, list=0x56609498 <g_cbprealloc+312>) at devif/devif_callback.c:507
----------------> devif_conn_event() recursively
| #2 0x56589f8c in tcp_callback (dev=0x56607d80 <g_sim_dev>, conn=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_callback.c:169
| #3 0x565c55e4 in tcp_shutdown_monitor (conn=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_monitor.c:211
| #4 0x565c584b in tcp_lost_connection (conn=0x566084a0 <g_tcp_connections>, cb=0x566094b0 <g_cbprealloc+336>, flags=65) at tcp/tcp_monitor.c:391
| #5 0x565c028a in psock_send_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_send_buffered.c:544
----------------> call psock_send_eventhandler() before tcp_close_eventhandler()
| #6 0x5658bb57 in devif_conn_event (dev=0x56607d80 <g_sim_dev>, flags=65, list=0x566094b0 <g_cbprealloc+336>) at devif/devif_callback.c:507
| #7 0x56589f8c in tcp_callback (dev=0x56607d80 <g_sim_dev>, conn=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_callback.c:169
| #8 0x5658e8cc in tcp_input (dev=0x56607d80 <g_sim_dev>, domain=2 '\002', iplen=20) at tcp/tcp_input.c:1059
| #9 0x5658ed77 in tcp_ipv4_input (dev=0x56607d80 <g_sim_dev>) at tcp/tcp_input.c:1355
| #10 0x5658c0a2 in ipv4_input (dev=0x56607d80 <g_sim_dev>) at devif/ipv4_input.c:358
| #11 0x56577017 in netdriver_recv_work (arg=0x56607d80 <g_sim_dev>) at sim/up_netdriver.c:182
| #12 0x5655999e in work_thread (argc=2, argv=0xf3db5dd0) at wqueue/kwork_thread.c:178
| #13 0x5655983f in nxtask_start () at task/task_start.c:129
(gdb) c
Continuing.
Breakpoint 1, tcp_close_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_close.c:83
(gdb) bt
| #0 tcp_close_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_close.c:83
----------------------> "next" corrupted, invaild call tcp_close_eventhandler()
| #1 0x5658bb57 in devif_conn_event (dev=0x56607d80 <g_sim_dev>, flags=65, list=0x56609498 <g_cbprealloc+312>) at devif/devif_callback.c:507
| #2 0x56589f8c in tcp_callback (dev=0x56607d80 <g_sim_dev>, conn=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_callback.c:169
| #3 0x5658e8cc in tcp_input (dev=0x56607d80 <g_sim_dev>, domain=2 '\002', iplen=20) at tcp/tcp_input.c:1059
| #4 0x5658ed77 in tcp_ipv4_input (dev=0x56607d80 <g_sim_dev>) at tcp/tcp_input.c:1355
| #5 0x5658c0a2 in ipv4_input (dev=0x56607d80 <g_sim_dev>) at devif/ipv4_input.c:358
| #6 0x56577017 in netdriver_recv_work (arg=0x56607d80 <g_sim_dev>) at sim/up_netdriver.c:182
| #7 0x5655999e in work_thread (argc=2, argv=0xf3db5dd0) at wqueue/kwork_thread.c:178
| #8 0x5655983f in nxtask_start () at task/task_start.c:129
(gdb) c
Continuing.
[ 2.680000] up_assert: Assertion failed at file:devif/devif_callback.c line: 85 task: lpwork
Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-30 19:41:18 +08:00
Huang Qi
28872ca3ed
libc: Fix wrong report from UBSan
...
```
ubsan_prologue: ================================================================================
ubsan_prologue: UBSAN: array-index-out-of-bounds in symtab/symtab_allsyms.c:62:37
__ubsan_handle_out_of_bounds: index 1619 is out of range for type 'symtab_s [1]'
ubsan_epilogue: ================================================================================
```
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
2022-08-30 19:35:24 +08:00
Huang Qi
7e316d0ba9
compiler.h: Add a new attribute nosanitize_undefined
...
This allow us to disable UBSan for particular function.
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
2022-08-30 19:35:24 +08:00
Xiang Xiao
1b04bfae20
sched: Remove the unnecessary weak_function
...
because not all compiler support the weak attribute, and
many features are either always used or guarded by config.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2022-08-30 09:42:24 +02:00
Huang Qi
f93964ad3c
riscv: Dump trap val in exception handler
...
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
2022-08-30 14:55:33 +08:00
Nathan Hartman
a0ee5d3747
libc: Port strtod fixes to strtof, strtold and improve comments
...
* libs/libc/stdlib/lib_strtod.c:
(strtod): Add a note about limitations of this implementation
as compared to POSIX in the function's docstring. Also fix a
typo.
* libs/libc/stdlib/lib_strtof.c:
(strtof): Port the changes made to strtod in PR-6952 (commit
c83985c5ce
) and add same note as above to docstring.
* libs/libc/stdlib/lib_strtold.c:
(strtold): Same changes as strtof.
2022-08-30 09:47:50 +08:00
Fotis Panagiotopoulos
c83985c5ce
Fixes in strtod parser.
2022-08-29 17:13:11 -03:00
Eero Nurkkala
3665180795
risc-v/mpfs: usb: fix cppcheck findings
...
Fix the following cppcheck findings. Privreq may be NULL,
thus perform checks before using its member variables.
Checking mpfs_usb.c ...
mpfs_usb.c:1093:12: warning: Possible null pointer dereference: privreq [nullPointer]
if ((privreq->inflight > 0) && (count != 0) &&
^
mpfs_usb.c:1090:21: note: Assignment 'privreq=NULL', assigned value is 0
privreq = NULL;
^
mpfs_usb.c:1093:12: note: Null pointer dereference
if ((privreq->inflight > 0) && (count != 0) &&
^
mpfs_usb.c:1138:3: warning: Possible null pointer dereference: privreq [nullPointer]
privreq->req.xfrd = 0;
^
mpfs_usb.c:1130:21: note: Assignment 'privreq=NULL', assigned value is 0
privreq = NULL;
^
mpfs_usb.c:1138:3: note: Null pointer dereference
privreq->req.xfrd = 0;
^
mpfs_usb.c:1139:3: warning: Possible null pointer dereference: privreq [nullPointer]
privreq->inflight = privreq->req.len;
^
mpfs_usb.c:1130:21: note: Assignment 'privreq=NULL', assigned value is 0
privreq = NULL;
^
mpfs_usb.c:1139:3: note: Null pointer dereference
privreq->inflight = privreq->req.len;
^
mpfs_usb.c:1140:50: warning: Possible null pointer dereference: privreq [nullPointer]
priv->eplist[epno].descb[0]->addr = (uintptr_t)privreq->req.buf;
^
mpfs_usb.c:1130:21: note: Assignment 'privreq=NULL', assigned value is 0
privreq = NULL;
^
mpfs_usb.c:1140:50: note: Null pointer dereference
priv->eplist[epno].descb[0]->addr = (uintptr_t)privreq->req.buf;
Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
2022-08-30 01:41:28 +08:00
Xiang Xiao
3b0516f6a2
libc/crc: Add full suffix to avoid the the penitential symbol collision
...
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2022-08-29 18:06:53 +02:00
Alex
767ab06ecd
Update build.yml
...
Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com>
2022-08-29 21:36:04 +08:00
Eero Nurkkala
90d9b6b8ac
risc-v/mpfs: usb: fix infinite loop issue
...
mpfs_write_tx_fifo() gets stuck in the following case:
- CDCACM is used
- ttyACM0 is opened and then closed from the remote end,
such as Linux or Windows
- data is written into ttyACM0 from NuttX
- tx fifo will never get empty and the system is stuck
Fix this by issuing an error code if the transmit fifo doesn't
proceed as expected. The error code is then propagated into
higher level keeping the system functional.
Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
2022-08-29 21:35:54 +08:00
Huang Qi
a97a6e1539
sim: Add a new config minmea to detect build break
...
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
2022-08-29 18:08:53 +08:00
xiaoxiang
5548676ab5
sched: Fix macro "SCHED_NOTE_PRINTF" requires 3 argumnets, but only 1 given
...
Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-29 12:04:50 +02:00
Xiang Xiao
8e895fee76
borads/z80: Remove the woraround for CHECK_[ALLOC|FREE]NODE_SIZE
...
since both macros are removed by:
https://github.com/apache/incubator-nuttx/pull/5585
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2022-08-28 06:35:16 +02:00
Xiang Xiao
c7f9d9b150
borads/z80: Remove the known issue about lib_strtof.c
...
since it's fixed by:
https://github.com/apache/incubator-nuttx/pull/6909
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2022-08-28 06:35:16 +02:00
Huang Qi
e0185faa78
Don't download tarballs if a local git repo found
...
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
2022-08-28 03:07:58 +08:00
Xiang Xiao
38af5befad
bt_bridge: Fix error: address argument to atomic operation must be a pointer to _Atomic type
...
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2022-08-27 22:38:43 +08:00
chengkai
b352a625bf
arch/sim: add bth4 bridge codes
...
Signed-off-by: chengkai <chengkai@xiaomi.com>
2022-08-27 22:38:43 +08:00
raiden00pl
d7e2704dff
arch/stm32/stm32_adc.c: cosmetics
2022-08-27 20:40:06 +08:00
raiden00pl
b01ea50e44
arch/stm32/stm32_foc.c: cosmetics
2022-08-27 20:40:06 +08:00
raiden00pl
c563d8a993
arch/stm32/stm32_pwm.c: cosmetics
2022-08-27 20:40:06 +08:00
raiden00pl
9a85a0959a
stm32/Kconfig: remove the unnecessary option
2022-08-27 20:40:06 +08:00
ligd
51d31cc4a2
cpuload: fix cpuload error
...
Signed-off-by: ligd <liguiding1@xiaomi.com>
2022-08-27 20:39:41 +08:00
chengkai
40f7872668
wireless/bluetooth:add btsnoop for bt bridge
...
Signed-off-by: chengkai <chengkai@xiaomi.com>
2022-08-27 15:57:30 +08:00
chengkai
7a7b5e5779
wireless/bluetooth:add bt bridge codes
...
Signed-off-by: chengkai <chengkai@xiaomi.com>
2022-08-27 15:57:30 +08:00
zouboan
b933ea63c4
as5048b.c: change initialization of struct to C89 standard
2022-08-27 07:24:21 +02:00
Gustavo Henrique Nihei
a5fd1140cb
arch/xtensa: Remove non-existent ARCH_HAVE_TESTSET support for ESP32-S2
...
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2022-08-27 06:14:57 +02:00
Fotis Panagiotopoulos
4b6d4de972
sim: Added gcov dump on application exit.
2022-08-26 23:58:30 +08:00
yangxuan8282
9c0b71469c
fs/aio: fix typo ail
2022-08-26 20:58:45 +08:00
chao.an
162fcd10ca
net: cleanup pvconn reference to avoid confuse
...
More reference:
https://github.com/apache/incubator-nuttx/pull/5252
https://github.com/apache/incubator-nuttx/pull/5434
Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-26 20:58:11 +08:00
chao.an
ea621599fd
net: remove pvconn reference from all devif callback
...
Do not use 'pvconn' argument to get the connection pointer since
pvconn is normally NULL for some events like NETDEV_DOWN.
Instead, the connection pointer can be reliably obtained from the
corresponding private pointer.
Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-26 20:58:11 +08:00
Michael Jung
1ad066955f
Avoid assertion violation in case of kmm_free(NULL)
...
It is ok to call kmm_free with a NULL pointer. Thus adopt the
DEBUGASSERT statement to cover this case.
Signed-off-by: Michael Jung <michael.jung@secore.ly>
2022-08-26 20:47:05 +08:00
yangxuan8282
2d32ebe952
arch/arm/src/stm32f7/stm32_otghost.c: fix syslog formats
2022-08-26 20:46:50 +08:00
Huang Qi
a1afd66d19
boards/k210/maix-bit: Fix a typo in README
...
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
2022-08-26 20:46:34 +08:00
yangxuan8282
448c53a6f6
boards/arm/stm32f7/nucleo-144/src/stm32_usb.c: fix CONFIG_STM32F4DISCO_USBHOST_PRIO && CONFIG_STM32F4DISCO_USBHOST_STACKSIZE
2022-08-26 20:46:18 +08:00
Masayuki Ishikawa
e68c975c41
boards: lm3s6965-ek: Fix to load ELF applications for qemu-protected
...
Summary:
- I noticed that error happens in loading nettest elf application.
- This commit fixes this issue by adding SYMTAB to the NSH
as well as adjusting some parameters in CONFIG_ELF_XXX
- Also, CONFIG_EXAMPLES_HELLO is changed from y to m for testing.
Impact:
- lm3s6965-ek:qemu-protected only
Tested:
- Tested with qemu-6.2
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
2022-08-26 18:11:42 +08:00
chao.an
77a99acc98
net/icmpv6: fix build break "duplicate macro parameter"
...
Error: net/icmpv6/icmpv6.h:442:33: error: duplicate macro parameter "d"
# define icmpv6_setaddresses(d,d,p,p) (0)
Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-26 10:00:22 +02:00
zhanghongyu
cc421e43e4
icmpv6: add NTOHL when parse ICMPV6 option MTU
...
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-26 10:00:22 +02:00
luojun1
00cf3e559d
update IPv6 NIC parameters unconditionally when ICMPv6 RA is received
...
Signed-off-by: luojun1 <luojun1@xiaomi.com>
Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-26 10:00:22 +02:00
luojun1
7c2986bb34
finetune the RA parsing procedure
...
Signed-off-by: luojun1 <luojun1@xiaomi.com>
Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-26 10:00:22 +02:00
Simon Filgis
423ee67554
Double the MMCSD_IDLE_DELAY from 50ms to 100ms because I found one card that needs this to work after initial CMD0.
2022-08-26 13:37:08 +08:00
Gustavo Henrique Nihei
2fb8af0c20
xtensa: Refactor up_fpucmp to only consider enabled coprocessors
...
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2022-08-26 11:57:06 +08:00
Gustavo Henrique Nihei
fe2d37aa33
xtensa: Fix allocation of FPU registers in exception context
...
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2022-08-26 11:57:06 +08:00
Gustavo Henrique Nihei
5ed2ee85c9
arch: Improve documentation for up_fpucmp function
...
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2022-08-26 11:57:06 +08:00
Gustavo Henrique Nihei
e31e69aa30
xtensa: Fix comparison result for up_fpucmp function
...
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2022-08-26 11:57:06 +08:00
Takayoshi Koizumi
ea5ba0113e
spresense/configs: Add fmsynth defconfig
...
Add a defconfig for using fmsynth audio utility library.
2022-08-26 11:12:15 +09:00
Eero Nurkkala
71ace555f2
risc-v/mpfs: ihc: fix performance issue
...
nxsig_usleep() will wait for the next timer tick which is way
too much here. It's not sleeping 100 us, but rather, near 1/60 s.
This causes severe performance problems. Fix this by polling the
register for a while if the remote end is busy.
Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
2022-08-26 02:12:26 +08:00
Xiang Xiao
130b196876
Refine how to specify iob and ramlog data section
...
1.Remove the default value(.bss)
2.Remove !ARCH_SIM dependence
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2022-08-25 14:05:17 +02:00
Fotis Panagiotopoulos
9bc47ecdce
Added lock in ifr ioctl calls.
2022-08-25 14:02:20 +02:00
chao.an
9cb17841d8
net/sockopt: move BINDTODEVICE to socket level
...
rename the UDP_BINDTODEVICE to SO_BINDTODEVICE to follow the linux
style to be compatible with non-UDP protocol binding requirements
Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-25 17:56:52 +08:00