==1729315==ERROR: AddressSanitizer: heap-use-after-free on address 0xf0501d60 at pc 0x032ffe43 bp 0xef4ed158 sp 0xef4ed148
READ of size 2 at 0xf0501d60 thread T0
#0 0x32ffe42 in nxsem_wait semaphore/sem_wait.c:94
#1 0x3548cf5 in _net_timedwait utils/net_lock.c:97
#2 0x3548f48 in net_sem_timedwait utils/net_lock.c:236
#3 0x3548f8c in net_sem_wait utils/net_lock.c:318
#4 0x350124d in local_accept local/local_accept.c:246
#5 0x3492719 in psock_accept socket/accept.c:149
#6 0x3492bcc in accept4 socket/accept.c:280
#7 0x662dc04 in accept net/lib_accept.c:50
#8 0x55c81ab in kvdb_loop kvdb/server.c:415
#9 0x55c860a in kvdbd_main kvdb/server.c:458
#10 0x33d968b in nxtask_startup sched/task_startup.c:70
#11 0x32ec039 in nxtask_start task/task_start.c:134
#12 0x34109be in pre_start sim/sim_initialstate.c:52
0xf0501d60 is located 288 bytes inside of 420-byte region [0xf0501c40,0xf0501de4)
freed by thread T0 here:
#0 0xf7aa6a3f in __interceptor_free ../../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
#1 0x73aa06e in host_free sim/posix/sim_hostmemory.c:192
#2 0x34131d6 in mm_free sim/sim_heap.c:230
#3 0x3409388 in free umm_heap/umm_free.c:49
#4 0x35631f3 in local_free local/local_conn.c:225
#5 0x3563f75 in local_release local/local_release.c:129
#6 0x34f5a32 in local_close local/local_sockif.c:785
#7 0x3496ee8 in psock_close socket/net_close.c:102
#8 0x36500bc in sock_file_close socket/socket.c:115
#9 0x3635f6c in file_close vfs/fs_close.c:74
#10 0x3632439 in nx_close_from_tcb inode/fs_files.c:670
#11 0x36324f3 in nx_close inode/fs_files.c:697
#12 0x3632557 in close inode/fs_files.c:735
#13 0x55be289 in property_set_ kvdb/client.c:210
#14 0x55c0309 in property_set_int32_ kvdb/common.c:226
#15 0x55c03f5 in property_set_int32_oneway kvdb/common.c:236
Signed-off-by: ligd <liguiding1@xiaomi.com>
net_lock/unlock is a big lock and repleace it to internal pool lock
to avoid the priority inversion problem.
Signed-off-by: zhangyuan21 <zhangyuan21@xiaomi.com>
Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>
Add the proccessing logic of udp socketpair, and modify the
logic of sending and receiving for udp socketpair.
Verification:
- Use the socketpair interface to create a pair of local udp sockets,
and perform read and write operations.
Signed-off-by: liqinhui <liqinhui@xiaomi.com>
server:
at accept last nxsem_post(&client->lc_waitsem);
client:
connect wait(&client->lc_waitsem) then local_open_client_rx();
But if the server priority is higher then client,
and after server accept return, immediately call send().
At this time the client has no way do local_open_client_rx().
Then server send() return error.
Fix:
add lc_done sem to client
Signed-off-by: ligd <liguiding1@xiaomi.com>
Implement si_send/sendto/recvfrom with si_sendmsg/recvmsg, instead of
the other way round.
Change-Id: I7b858556996e0862df22807a6edf6d7cfe6518fc
Signed-off-by: Peter Bee <bijunda1@xiaomi.com>
Author: Gregory Nutt <gnutt@nuttx.org>
Run all .h and .c files modified in last PR through nxstyle.
Author: Xiang Xiao <xiaoxiang@xiaomi.com>
Net cleanup (#17)
* Fix the semaphore usage issue found in tcp/udp
1. The count semaphore need disable priority inheritance
2. Loop again if net_lockedwait return -EINTR
3. Call nxsem_trywait to avoid the race condition
4. Call nxsem_post instead of sem_post
* Put the work notifier into free list to avoid the heap fragment in the long run. Since the allocation strategy is encapsulated internally, we can even refine the implementation later.
* Network stack shouldn't allocate memory in the poll implementation to avoid the heap fragment in the long run, other modification include:
1. Select MM_IOB automatically since ICMP[v6] socket can't work without the read ahead buffer
2. Remove the net lock since xxx_callback_free already do the same thing
3. TCP/UDP poll should work even the read ahead buffer isn't enabled at all
* Add NET_ prefix for UDP_NOTIFIER and TCP_NOTIFIER option to align with other UDP/TCP option convention
* Remove the unused _SF_[IDLE|ACCEPT|SEND|RECV|MASK] flags since there are code to set/clear these flags, but nobody check them.
arch/: Removed all references to CONFIG_DISABLE_POLL. The standard POSIX poll() can not longer be disabled.
sched/ audio/ crypto/: Removed all references to CONFIG_DISABLE_POLL. The standard POSIX poll() can not longer be disabled.
Documentation/: Removed all references to CONFIG_DISABLE_POLL. The standard POSIX poll() can not longer be disabled.
fs/: Removed all references to CONFIG_DISABLE_POLL. The standard POSIX poll() can not longer be disabled.
graphics/: Removed all references to CONFIG_DISABLE_POLL. The standard POSIX poll() can not longer be disabled.
net/: Removed all references to CONFIG_DISABLE_POLL. The standard POSIX poll() can not longer be disabled.
drivers/: Removed all references to CONFIG_DISABLE_POLL. The standard POSIX poll() can not longer be disabled.
include/, syscall/, wireless/: Removed all references to CONFIG_DISABLE_POLL. The standard POSIX poll() can not longer be disabled.
configs/: Remove all references to CONFIG_DISABLE_POLL. Standard POSIX poll can no longer be disabled.
As a policy, all internal OS implementations must use "detached" files which are valid in any context and do not depend on the validity of a file descriptor at any point in time. This commit converts the usage of file descriptors to detached files throughout the local socket implementation.
Squashed commit of the following:
net/local: Finish change to eliminate use of file descriptors.
net/local: A little more of the conversion.
net/local: Beginning of chnages to eliminate use of file descriptors in the local socket implementeation. poll() will be a problem.
