server:
at accept last nxsem_post(&client->lc_waitsem);
client:
connect wait(&client->lc_waitsem) then local_open_client_rx();
But if the server priority is higher then client,
and after server accept return, immediately call send().
At this time the client has no way do local_open_client_rx().
Then server send() return error.
Fix:
add lc_done sem to client
Signed-off-by: ligd <liguiding1@xiaomi.com>
bc_rxtail/rxtail should always point to newly frame.
If input more than one frame before receive,
missing assignment can result in old frame lost.
Signed-off-by: larry <larry@transtekcorp.com>
fix regression of invalid update the rexmit_seq in buffer mode
rexmit_seq should not be used instead of sndseq in fast retransmission,
sndseq of retransmission in the packet does not need to be re-updated
Signed-off-by: chao.an <anchao@xiaomi.com>
Net poll teardown is not protected by net lock, if the conn is released
before teardown, the assertion failure will be triggered during free dev
callback, this patch will add the net lock around net poll teardown to
fix race condition
nuttx/libs/libc/assert/lib_assert.c:36
nuttx/net/devif/devif_callback.c:85
nuttx/net/tcp/tcp_netpoll.c:405
nuttx/fs/vfs/fs_poll.c:244
nuttx/fs/vfs/fs_poll.c:500
Signed-off-by: chao.an <anchao@xiaomi.com>
When the free connection list is unenough to alloc a new instance,
the TCP stack will reuse the currently closed connection, but if
the handle is not released by the user via close(2), the reference
count of the connection remains in a non-zero value, it will cause
the assertion to fail, so when the handle is not released we should
not use such a conn instance when being actively closed, and ensure
that the reference count is assigned within the net lock protection
|(gdb) bt
|#0 up_assert (filename=0x565c78f7 "tcp/tcp_conn.c", lineno=771) at sim/up_assert.c:75
|#1 0x56566177 in _assert (filename=0x565c78f7 "tcp/tcp_conn.c", linenum=771) at assert/lib_assert.c:36
|#2 0x5657d620 in tcp_free (conn=0x565fb3e0 <g_tcp_connections>) at tcp/tcp_conn.c:771
|#3 0x5657d5a1 in tcp_alloc (domain=2 '\002') at tcp/tcp_conn.c:700
|#4 0x565b1f50 in inet_tcp_alloc (psock=0xf3dea150) at inet/inet_sockif.c:144
|#5 0x565b2082 in inet_setup (psock=0xf3dea150, protocol=0) at inet/inet_sockif.c:253
|#6 0x565b1bf0 in psock_socket (domain=2, type=1, protocol=0, psock=0xf3dea150) at socket/socket.c:121
|#7 0x56588f5f in socket (domain=2, type=1, protocol=0) at socket/socket.c:278
|#8 0x565b11c0 in hello_main (argc=1, argv=0xf3dfab10) at hello_main.c:35
|#9 0x56566631 in nxtask_startup (entrypt=0x565b10ef <hello_main>, argc=1, argv=0xf3dfab10) at sched/task_startup.c:70
|#10 0x565597fa in nxtask_start () at task/task_start.c:134
Signed-off-by: chao.an <anchao@xiaomi.com>
This reverts commit b88a1fd7fd. [1]
Because:
* It casues assertion failures like [2].
* I don't understand what it attempted to fix.
[1]
```
commit b88a1fd7fd
Author: chao.an <anchao@xiaomi.com>
Date: Sat Jul 2 13:17:41 2022 +0800
net/tcp: discard connect reference before free
connect reference should be set to 0 before free
Signed-off-by: chao.an <anchao@xiaomi.com>
```
[2]
```
#0 up_assert (filename=0x5516d0 "tcp/tcp_conn.c", lineno=771) at sim/up_assert.c:75
#1 0x000000000040a4bb in _assert (filename=0x5516d0 "tcp/tcp_conn.c", linenum=771) at assert/lib_assert.c:36
#2 0x000000000042a2ad in tcp_free (conn=0x597fe0 <g_tcp_connections+384>) at tcp/tcp_conn.c:771
#3 0x000000000053bdc2 in tcp_close_disconnect (psock=0x7f58d1abbd80) at tcp/tcp_close.c:331
#4 0x000000000053bc69 in tcp_close (psock=0x7f58d1abbd80) at tcp/tcp_close.c:366
#5 0x000000000052eefe in inet_close (psock=0x7f58d1abbd80) at inet/inet_sockif.c:1689
#6 0x000000000052eb9b in psock_close (psock=0x7f58d1abbd80) at socket/net_close.c:102
#7 0x0000000000440495 in sock_file_close (filep=0x7f58d1b35f40) at socket/socket.c:115
#8 0x000000000043b8b6 in file_close (filep=0x7f58d1b35f40) at vfs/fs_close.c:74
#9 0x000000000043ab22 in nx_close (fd=9) at inode/fs_files.c:544
#10 0x000000000043ab7f in close (fd=9) at inode/fs_files.c:578
```
Retransmit only one the earliest not acknowledged segment
(according to RFC 6298 (5.4)). The issue is the same as it was
in tcp_send_unbuffered.c and tcp_sendfile.c.
Signed-off-by: chao.an <anchao@xiaomi.com>
The time consuming of tcp waving hands(close(2)) will be affected
by network jitter, especially the wireless device cannot receive
the last-ack under worst environment, in this change we move the
tcp close callback into background and invoke the resource free
from workqueue, which will avoid the user application from being
blocked for a long time and unable to return in the call of close
Signed-off-by: chao.an <anchao@xiaomi.com>
since devif_timer has been removed in:
commit 035d925864
Author: zhanghongyu <zhanghongyu@xiaomi.com>
Date: Sun May 29 21:47:28 2022 +0800
devif: remove all devif_timer
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
since the code could map the unsupported work to the
supported one and remove select SCHED_WORKQUEUE from
Kconfig since SCHED_[L|H]PWORK already do the selection
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
When a Netlink response is issued, which a task is currently polling for
on the corresponding AF_NETLINK socket, then the poll call will return
with a ENOENT error. This is due to the fact that the Netlink response
notifier is automatically torn down after the notification.
Fixed by making netlink_notifier_teardown a best-effort function that
does not return a result code.
Signed-off-by: Michael Jung <michael.jung@secore.ly>
According to POSIX the length of the source address of the received
message shall be stored in the object pointed to by the address_len
argument.
This patch fixes two places where this did not happen correctly.
Signed-off-by: Michael Jung <michael.jung@secore.ly>
This fixes a regression caused by the following commit,
which prevents the file flag from being updated.
```
commit 28860b5242
Author: chao.an <anchao@xiaomi.com>
Date: Sat Mar 19 14:47:37 2022 +0800
net/netdev: fix switch case missing break
Signed-off-by: chao.an <anchao@xiaomi.com>
```
Note: some applications like mbedtls uses F_GETFL to confirm
the nonblock-ness of the socket. This is critical for such
applications.
==1598322==ERROR: AddressSanitizer: heap-use-after-free on address 0xf514f8a8 at pc 0x58ac3898 bp 0xd0b4d488 sp 0xd0b4d478
READ of size 4 at 0xf514f8a8 thread T0
#0 0x58ac3897 in rpmsg_socket_pollnotify rpmsg/rpmsg_sockif.c:211
#1 0x58ac512f in rpmsg_socket_ept_cb rpmsg/rpmsg_sockif.c:312
#2 0x5787881c in rpmsg_virtio_rx_callback open-amp/lib/rpmsg/rpmsg_virtio.c:331
#3 0x57886a67 in virtqueue_notification open-amp/lib/virtio/virtqueue.c:623
#4 0x5786fb89 in rproc_virtio_notified open-amp/lib/remoteproc/remoteproc_virtio.c:340
#5 0x5786bde3 in remoteproc_get_notification open-amp/lib/remoteproc/remoteproc.c:985
#6 0x57755a50 in rptun_worker rptun/rptun.c:303
#7 0x57755e51 in rptun_thread rptun/rptun.c:352
#8 0x57730d4a in nxtask_start task/task_start.c:128
#9 0xdeadbeee (/memfd:pulseaudio (deleted)+0x15dbeee)
Signed-off-by: ligd <liguiding1@xiaomi.com>
reference:
https: //man7.org/linux/man-pages/man2/accept.2.html
1. default set block mode if accept() a new socket
2. local_socket support FIONBIO
Signed-off-by: ligd <liguiding1@xiaomi.com>
Fix this compile-time warning:
rpmsg/rpmsg_sockif.c:381:24: warning: format '%d' expects argument of type 'int', but argument 3 has type 'ssize_t' {aka 'long int'} [-Wformat=]
381 | nerr("circbuf_write overflow, %d, %d\n", written, len);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~
| |
| ssize_t {aka long int}
Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
newsock = accept(server, &addr, &addrlen);
replace the socket flags from newsock to server to ensure that
the nonblock flags is handled correctly
Signed-off-by: chao.an <anchao@xiaomi.com>
Error: module/mod_insmod.c:203:3: error: 'strncpy' specified bound 16 equals destination size [-Werror=stringop-truncation]
203 | strncpy(modp->modname, modname, MODLIB_NAMEMAX);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
wqueue/kwork_thread.c: In function 'work_start_lowpri':
Error: wqueue/kwork_thread.c:212:22: error: '%lx' directive output may be truncated writing between 1 and 16 bytes into a region of size 14 [-Werror=format-truncation=]
212 | snprintf(args, 16, "0x%" PRIxPTR, (uintptr_t)wqueue);
local/local_sockif.c: In function 'local_getsockname':
Error: local/local_sockif.c:392:11: error: 'strncpy' specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
392 | strncpy(unaddr->sun_path, conn->lc_path, namelen);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
chip/esp32_wifi_utils.c: In function 'esp_wifi_scan_event_parse':
Error: chip/esp32_wifi_utils.c:373:37: error: argument to 'sizeof' in 'memset' call is the same expression as the destination; did you mean to dereference it? [-Werror=sizeof-pointer-memaccess]
memset(ap_list_buffer, 0x0, sizeof(ap_list_buffer));
^
stdio/lib_fputs.c: In function 'fputs':
Error: stdio/lib_fputs.c:99:9: error: nonnull argument 's' compared to NULL [-Werror=nonnull-compare]
if (s == NULL || stream == NULL)
^
Error: stdio/lib_fputs.c:99:27: error: nonnull argument 'stream' compared to NULL [-Werror=nonnull-compare]
if (s == NULL || stream == NULL)
^
stdio/lib_vfprintf.c: In function 'vfprintf':
Error: stdio/lib_vfprintf.c:40:6: error: nonnull argument 'stream' compared to NULL [-Werror=nonnull-compare]
if (stream)
^
string/lib_strdup.c: In function 'strdup':
Error: string/lib_strdup.c:39:6: error: nonnull argument 's' compared to NULL [-Werror=nonnull-compare]
if (s)
^
string/lib_strndup.c: In function 'strndup':
Error: string/lib_strndup.c:56:6: error: nonnull argument 's' compared to NULL [-Werror=nonnull-compare]
if (s)
^
string/lib_strpbrk.c: In function 'strpbrk':
Error: string/lib_strpbrk.c:39:7: error: nonnull argument 'str' compared to NULL [-Werror=nonnull-compare]
if (!str || !charset)
^~~~
Error: string/lib_strpbrk.c:39:15: error: nonnull argument 'charset' compared to NULL [-Werror=nonnull-compare]
if (!str || !charset)
^~~~~~~~
string/lib_strrchr.c: In function 'strrchr':
Error: string/lib_strrchr.c:40:6: error: nonnull argument 's' compared to NULL [-Werror=nonnull-compare]
if (s)
^
Error: time/lib_asctimer.c:73:50: error: '%d' directive output may be truncated writing between 1 and 11 bytes into a region of size between 0 and 12 [-Werror=format-truncation=]
snprintf(buf, 26, "%.3s %.3s%3d %.2d:%.2d:%.2d %d\n",
^~
time/lib_asctimer.c:73:21: note: directive argument in the range [-2147481748, 2147483647]
snprintf(buf, 26, "%.3s %.3s%3d %.2d:%.2d:%.2d %d\n",
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
time/lib_asctimer.c:73:3: note: 'snprintf' output between 17 and 68 bytes into a destination of size 26
snprintf(buf, 26, "%.3s %.3s%3d %.2d:%.2d:%.2d %d\n",
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
g_wday_name[tp->tm_wday], g_mon_name[tp->tm_mon],
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tp->tm_mday, tp->tm_hour, tp->tm_min, tp->tm_sec,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1900 + tp->tm_year);
~~~~~~~~~~~~~~~~~~~
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
socket/setsockopt.c: In function ‘psock_socketlevel_option’:
socket/setsockopt.c:168:38: warning: declaration of ‘conn’ shadows a previous local [-Wshadow]
168 | FAR struct tcp_conn_s *conn;
| ^~~~
Signed-off-by: chao.an <anchao@xiaomi.com>
1. remove the unnecessary interfaces tcp_close_monitor()
socket flags(s_flags) is a global state for net connection
remove the incorrect update for stop monitor
2. do not start the tcp monitor from duplicated psock
the tcp monitor has already registered in connect callback
------------------------------------------------------------
This patch also fix the telnet issue reported by:
https://github.com/apache/incubator-nuttx/pull/5434#issuecomment-1035600651
the orignal session fd is closed after dup, the connect state
has incorrectly migrated to close:
drivers/net/telnet.c:
977 static int telnet_session(FAR struct telnet_session_s *session)
...
1031 ret = psock_dup2(psock, &priv->td_psock);
...
1082 nx_close(session->ts_sd);
Signed-off-by: chao.an <anchao@xiaomi.com>