==1729315==ERROR: AddressSanitizer: heap-use-after-free on address 0xf0501d60 at pc 0x032ffe43 bp 0xef4ed158 sp 0xef4ed148
READ of size 2 at 0xf0501d60 thread T0
#0 0x32ffe42 in nxsem_wait semaphore/sem_wait.c:94
#1 0x3548cf5 in _net_timedwait utils/net_lock.c:97
#2 0x3548f48 in net_sem_timedwait utils/net_lock.c:236
#3 0x3548f8c in net_sem_wait utils/net_lock.c:318
#4 0x350124d in local_accept local/local_accept.c:246
#5 0x3492719 in psock_accept socket/accept.c:149
#6 0x3492bcc in accept4 socket/accept.c:280
#7 0x662dc04 in accept net/lib_accept.c:50
#8 0x55c81ab in kvdb_loop kvdb/server.c:415
#9 0x55c860a in kvdbd_main kvdb/server.c:458
#10 0x33d968b in nxtask_startup sched/task_startup.c:70
#11 0x32ec039 in nxtask_start task/task_start.c:134
#12 0x34109be in pre_start sim/sim_initialstate.c:52
0xf0501d60 is located 288 bytes inside of 420-byte region [0xf0501c40,0xf0501de4)
freed by thread T0 here:
#0 0xf7aa6a3f in __interceptor_free ../../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
#1 0x73aa06e in host_free sim/posix/sim_hostmemory.c:192
#2 0x34131d6 in mm_free sim/sim_heap.c:230
#3 0x3409388 in free umm_heap/umm_free.c:49
#4 0x35631f3 in local_free local/local_conn.c:225
#5 0x3563f75 in local_release local/local_release.c:129
#6 0x34f5a32 in local_close local/local_sockif.c:785
#7 0x3496ee8 in psock_close socket/net_close.c:102
#8 0x36500bc in sock_file_close socket/socket.c:115
#9 0x3635f6c in file_close vfs/fs_close.c:74
#10 0x3632439 in nx_close_from_tcb inode/fs_files.c:670
#11 0x36324f3 in nx_close inode/fs_files.c:697
#12 0x3632557 in close inode/fs_files.c:735
#13 0x55be289 in property_set_ kvdb/client.c:210
#14 0x55c0309 in property_set_int32_ kvdb/common.c:226
#15 0x55c03f5 in property_set_int32_oneway kvdb/common.c:236
Signed-off-by: ligd <liguiding1@xiaomi.com>
Summary
The following compilation error occurs after configuring CONFIG_DEBUG_OPTLEVEL="-O3"
CC: local/local_fifo.c In file included from local/local_fifo.c:25:
In function 'local_format_name',
inlined from 'local_cs_name' at local/local_fifo.c:101:3,
inlined from 'local_create_fifos' at local/local_fifo.c:431:3:
local/local_fifo.c:84:16: error: '%x' directive output may be truncated writing between 1 and 8 bytes into a region of size between 5 and 112 [-Werror=format-truncation=]
84 | CONFIG_NET_LOCAL_VFS_PATH "/%s%s%" PRIx32,
| ^~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: wangming9 <wangming9@xiaomi.com>
Some programs use EAGAIN to determine whether all data has been read,
so cancel the error print when the error code is EAGAIN.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
Verification:
Write a packet, the length is bigger than CONFIG_DEV_FIFO_SIZE.
The return value should be -1, and the errno is EMSGSIZE.
Signed-off-by: liqinhui <liqinhui@xiaomi.com>
Verifiction:
Write a bigger packet and read the packet using a smaller buffer.
The return length of reading should be the length of smaller buffer.
Signed-off-by: liqinhui <liqinhui@xiaomi.com>
net_lock/unlock is a big lock and repleace it to internal pool lock
to avoid the priority inversion problem.
Signed-off-by: zhangyuan21 <zhangyuan21@xiaomi.com>
Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>
if client is a noblocking socket, user can do close when server has not yet
invoke accept interface, so we need remove this socket from server.lc_waiters.
avoid server socket access the freed memory.
==936564==ERROR: AddressSanitizer: heap-use-after-free on address 0xf23071c8 at pc 0x58eaac3b bp 0xf0b9e218 sp 0xf0b9e208
READ of size 4 at 0xf23071c8 thread T0
#0 0x58eaac3a in dq_remfirst queue/dq_remfirst.c:45
#1 0x58fd1efe in local_accept local/local_accept.c:141
#2 0x58f66df6 in psock_accept socket/accept.c:149
#3 0x58f672a4 in accept4 socket/accept.c:280
#4 0x5be9ee0c in accept net/lib_accept.c:50
#5 0x592d6a5d in uv__accept libuv/src/unix/core.c:502
#6 0x5930d83b in uv__server_io libuv/src/unix/stream.c:550
#7 0x592efbde in uv__io_poll libuv/src/unix/posix-poll.c:335
#8 0x592d649a in uv_run libuv/src/unix/core.c:387
#9 0x5a7180f7 in service_schedule_loop service/common/service_loop.c:146
#10 0x591f300b in pthread_startup pthread/pthread_create.c:59
#11 0x5be8134f in pthread_start pthread/pthread_create.c:139
#12 0x58ee2762 in pre_start sim/sim_initialstate.c:53
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
Add the proccessing logic of udp socketpair, and modify the
logic of sending and receiving for udp socketpair.
Verification:
- Use the socketpair interface to create a pair of local udp sockets,
and perform read and write operations.
Signed-off-by: liqinhui <liqinhui@xiaomi.com>
1. Update all CMakeLists.txt to adapt to new layout
2. Fix cmake build break
3. Update all new file license
4. Fully compatible with current compilation environment(use configure.sh or cmake as you choose)
------------------
How to test
From within nuttx/. Configure:
cmake -B build -DBOARD_CONFIG=sim/nsh -GNinja
cmake -B build -DBOARD_CONFIG=sim:nsh -GNinja
cmake -B build -DBOARD_CONFIG=sabre-6quad/smp -GNinja
cmake -B build -DBOARD_CONFIG=lm3s6965-ek/qemu-flat -GNinja
(or full path in custom board) :
cmake -B build -DBOARD_CONFIG=$PWD/boards/sim/sim/sim/configs/nsh -GNinja
This uses ninja generator (install with sudo apt install ninja-build). To build:
$ cmake --build build
menuconfig:
$ cmake --build build -t menuconfig
--------------------------
2. cmake/build: reformat the cmake style by cmake-format
https://github.com/cheshirekow/cmake_format
$ pip install cmakelang
$ for i in `find -name CMakeLists.txt`;do cmake-format $i -o $i;done
$ for i in `find -name *\.cmake`;do cmake-format $i -o $i;done
Co-authored-by: Matias N <matias@protobits.dev>
Signed-off-by: chao an <anchao@xiaomi.com>
In file included from local/local_fifo.c:25:
In function ‘local_format_name’,
inlined from ‘local_hd_name’ at local/local_fifo.c:132:3,
inlined from ‘local_open_receiver’ at local/local_fifo.c:661:3:
local/local_fifo.c:77:16: warning: ‘%s’ directive output may be truncated writing up to 107 bytes into a region of size 100 [-Wformat-truncation=]
77 | CONFIG_NET_LOCAL_VFS_PATH "/%s%s", inpath, suffix);
| ^~~~~~~~~~~~~~~~~~~~~~~~~
local/local_fifo.c: In function ‘local_open_receiver’:
local/local_fifo.c:82:44: note: format string is defined here
82 | CONFIG_NET_LOCAL_VFS_PATH "/%s%s%" PRIx32,
| ^~
In function ‘local_format_name’,
inlined from ‘local_hd_name’ at local/local_fifo.c:132:3,
inlined from ‘local_open_receiver’ at local/local_fifo.c:661:3:
local/local_fifo.c:76:7: note: ‘snprintf’ output between 12 and 119 bytes into a destination of size 109
76 | snprintf(outpath, LOCAL_FULLPATH_LEN - 1,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
77 | CONFIG_NET_LOCAL_VFS_PATH "/%s%s", inpath, suffix);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: chao an <anchao@xiaomi.com>
Commit 4d6a8663fa made pipes and
named pipes block when opening for O_WRONLY or O_RDONLY. Local
sockets, however, require `local_open_client_tx` to be non-blocking
to enable the server side to prevent the server side from blocking.
If set otherwise, it would deadly block. This commit sets the FIFO
as non-blocking temporarily, open the TX side and, if originally
blocking - restores it to that state.
adapts to third-party code compilation. in the process of porting ConnMan,
multiple control message options are enabled, such as IPV6_RECVPKTINFO and
IPV6_RECVHOPLIMIT, so I changed the Filling implementation of the control
message.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
SOCK_CTRL is added to provide special control over network drivers
and daemons. Currently, SOCK_DGRAM and SOCK_STREAM perform this control,
but these use socket resources. In the case of usersocket in particular,
this is a waste of the device's limited socket resources.
SOCK_CTRL is added to provide special control over network drivers
and daemons. Currently, SOCK_DGRAM and SOCK_STREAM perform this control,
but these use socket resources. In the case of usersocket in particular,
this is a waste of the device's limited socket resources.
1.
net/slip.c:865:29: warning: unused variable ‘priv’ [-Wunused-variable]
865 | FAR struct slip_driver_s *priv =
| ^~~~
net/slip.c: In function ‘slip_rmmac’:
net/slip.c:895:29: warning: unused variable ‘priv’ [-Wunused-variable]
895 | FAR struct slip_driver_s *priv =
| ^~~~
2.
local/local_sendmsg.c: In function ‘local_sendmsg’:
local/local_sendmsg.c:423:18: warning: ‘count’ may be used uninitialized in this function [-Wmaybe-uninitialized]
423 | return count;
| ^~~~~
local/local_sendmsg.c:131:11: warning: ‘i’ may be used uninitialized in this function [-Wmaybe-uninitialized]
131 | while (i-- > 0)
| ~^~
local/local_sendmsg.c:71:7: note: ‘i’ was declared here
71 | int i;
| ^
Signed-off-by: chao an <anchao@xiaomi.com>
NuttX kernel should not use the syscall functions, especially after
enabling CONFIG_SCHED_INSTRUMENTATION_SYSCALL, all system functions
will be traced to backend, which will impact system performance.
Signed-off-by: chao an <anchao@xiaomi.com>
When using PIPE connect to a file, ENOTSOCK or ECONNREFUSED should be returned
and when using PIPE connect to invalid pipe name, ENOENT should be returned in libuv
Signed-off-by: yintao <yintao@xiaomi.com>
epoll_wait collects revent by checking fds->revent,
but local_socket will copy fds to the other two private pollfd shandow struct,
then the pipe_poll will not be able to update fds->revent directly,
so need local_socket save fds and implement a private poll_notify function
to passing revent to original fds->revent.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
