NuttShell (NSH) NuttX-10.3.0
ap> ifconfig
=================================================================
Program received signal SIGSEGV, Segmentation fault.
==3920365==ERROR: AddressSanitizer: global-buffer-overflow on address 0x57fb4f2a at pc 0x57177067 bp 0xf1ffebb8 sp 0xf1ffeba8
READ of size 1 at 0x57fb4f2a thread T0
...................
| #10 0xf7ac4339 in __asan::__asan_report_load1 (addr=1476087594) at ../../../../../src/libsanitizer/asan/asan_rtl.cpp:117
| #11 0x57177067 in strncmp (cs=0x57fb4f2a "", ct=0x582d36e0 "stat", nb=4) at string/lib_strncmp.c:40
| #12 0x57f3b467 in netprocfs_opendir (relpath=0x57fb4f26 "net", dir=0xf1ffed80) at procfs/net_procfs.c:398
| #13 0x572b3ae1 in procfs_opendir (mountpt=0xf4602c20, relpath=0x57fb4f26 "net", dir=0xf1ffed80) at procfs/fs_procfs.c:625
| #14 0x572879ff in open_mountpoint (inode=0xf4602c20, relpath=0x57fb4f26 "net", dir=0xf1ffed80) at vfs/fs_dir.c:127
...................
Signed-off-by: chao an <anchao@xiaomi.com>
I noticed that the conn instance will leak during stress test,
The close work queued from tcp_close_eventhandler() will be canceled
by tcp_timer() immediately:
Breakpoint 1, tcp_close_eventhandler (dev=0x565cd338 <up_irq_restore+108>, pvpriv=0x5655e6ff <getpid+12>, flags=0) at tcp/tcp_close.c:71
(gdb) bt
| #0 tcp_close_eventhandler (dev=0x565cd338 <up_irq_restore+108>, pvpriv=0x5655e6ff <getpid+12>, flags=0) at tcp/tcp_close.c:71
| #1 0x5658bf1e in devif_conn_event (dev=0x5660bd80 <g_sim_dev>, flags=512, list=0x5660d558 <g_cbprealloc+312>) at devif/devif_callback.c:508
| #2 0x5658a219 in tcp_callback (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>, flags=512) at tcp/tcp_callback.c:167
| #3 0x56589253 in tcp_timer (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_timer.c:378
| #4 0x5658dd47 in tcp_poll (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_devpoll.c:95
| #5 0x5658b95f in devif_poll_tcp_connections (dev=0x5660bd80 <g_sim_dev>, callback=0x565770f2 <netdriver_txpoll>) at devif/devif_poll.c:601
| #6 0x5658b9ea in devif_poll (dev=0x5660bd80 <g_sim_dev>, callback=0x565770f2 <netdriver_txpoll>) at devif/devif_poll.c:722
| #7 0x56577230 in netdriver_txavail_work (arg=0x5660bd80 <g_sim_dev>) at sim/up_netdriver.c:308
| #8 0x5655999e in work_thread (argc=2, argv=0xf3db5dd0) at wqueue/kwork_thread.c:178
| #9 0x5655983f in nxtask_start () at task/task_start.c:129
(gdb) c
Continuing.
Breakpoint 2, tcp_update_timer (conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_timer.c:178
(gdb) bt
| #0 tcp_update_timer (conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_timer.c:178
| #1 0x5658952a in tcp_timer (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_timer.c:708
| #2 0x5658dd47 in tcp_poll (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_devpoll.c:95
| #3 0x5658b95f in devif_poll_tcp_connections (dev=0x5660bd80 <g_sim_dev>, callback=0x565770f2 <netdriver_txpoll>) at devif/devif_poll.c:601
| #4 0x5658b9ea in devif_poll (dev=0x5660bd80 <g_sim_dev>, callback=0x565770f2 <netdriver_txpoll>) at devif/devif_poll.c:722
| #5 0x56577230 in netdriver_txavail_work (arg=0x5660bd80 <g_sim_dev>) at sim/up_netdriver.c:308
| #6 0x5655999e in work_thread (argc=2, argv=0xf3db5dd0) at wqueue/kwork_thread.c:178
| #7 0x5655983f in nxtask_start () at task/task_start.c:129
Since a separate work will add 24 bytes to each conn instance,
but in order to support the feature of asynchronous close(),
I can not find a better way than adding a separate work,
for resource constraints, I recommend the developers to enable
CONFIG_NET_ALLOC_CONNS, which will reduce the ram usage.
Signed-off-by: chao an <anchao@xiaomi.com>
1. separate command catagory of bt/pktradio from wireless ioctl
2. Remove commoand count limit to support vendor command
Signed-off-by: chao an <anchao@xiaomi.com>
* net/netdev/netdev_ioctl.c:
(netdev_ifr_ioctl): The ioctl SIOCGIFHWADDR provides the hardware
address (e.g., Ethernet MAC, etc.) of a network interface. It is
based on Linux. (BSD-based systems don't have this ioctl.) The Linux
implementation sets sa_family to ARPHRD_ETHER for Ethernet and IEEE
802.11 interfaces [1]. NuttX was setting it to NET_SOCK_FAMILY for
these interface types as well as 6LoWPAN and PKTRADIO; this was
incorrect and also the value of NET_SOCK_FAMILY varies based on
Kconfig settings. Correcting this to ARPHRD_ETHER for Ethernet and
IEEE 802.11 and ARPHRD_IEEE802154 for 6LoWPAN and PKTRADIO.
References:
[1] 'man 7 netdevice' on Linux.
* net/netdev/netdev_ioctl.c:
(netdev_ifr_ioctl): The ioctl SIOCSIFHWADDR sets the hardware address
(e.g., Ethernet MAC, etc.) of a network interface. Radio devices may
have different lengths of hardware addresses, such as
NET_6LOWPAN_EADDRSIZE (8), NET_6LOWPAN_SADDRSIZE (2), or
RADIO_MAX_ADDRLEN (8). Also, Kconfig CONFIG_PKTRADIO_ADDRLEN allows
the user to set any arbitrary size. Note that while the sister ioctl
SIOCGIFHWADDR "get hardware address" copies
`dev->d_mac.radio.nv_addrlen` bytes, SIOCSIFHWADDR was copying
NET_6LOWPAN_ADDRSIZE bytes unconditionally. Depending on which radio
is used, this could be incorrect. Fixing it to use
`dev->d_mac.radio.nv_addrlen` for SIOCSIFHWADDR as well. Also adding
DEBUGASSERT to ensure this is within bounds of source and
destination of the copy.
Seperate usrsock device driver with usrsock core function layer
to make it more flexiable to adopt other kind of usrsock interface driver
Signed-off-by: liangchaozhong <liangchaozhong@xiaomi.com>
In file included from route/net_del_ramroute.c:30:
route/net_del_ramroute.c: In function ‘net_match_ipv4’:
route/net_del_ramroute.c:93:9: warning: format ‘%lx’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘unsigned int’ [-Wformat=]
93 | ninfo(" target=%08lx netmask=%08lx\n",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
route/net_del_ramroute.c:93:23: note: format string is defined here
93 | ninfo(" target=%08lx netmask=%08lx\n",
| ~~~~^
| |
| long unsigned int
| %08x
mld/mld_timer.c: In function ‘mld_gendog_work’:
mld/mld_timer.c:118:13: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
118 | ifindex = (int)arg;
| ^
mld/mld_timer.c: In function ‘mld_v1dog_work’:
mld/mld_timer.c:237:13: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
237 | ifindex = (int)arg;
| ^
Signed-off-by: chao an <anchao@xiaomi.com>
allow usrsock USRSOCK_MESSAGE_RESPONSE_DATA_ACK with no-preload data
so addrlen could be updated to valuelen_nontrunc of usrsock_message_datareq_ack_s
nsh> usrsocktest
...
Testing group "basic_getsockname" =>
[TEST ASSERT FAILED!]
In function "basic_getsockname_open":
line 170: Assertion `(ssize_t)((ret)) == (ssize_t)((0))' failed.
got value: -1
should be: 0
Group "basic_getsockname": [FAILED]
Signed-off-by: chao an <anchao@xiaomi.com>
fix usrsock remote_disconnect fail:
nsh> usrsocktest
...
Testing group "remote_disconnect" =>
[TEST ASSERT FAILED!]
In function "receive":
line 497: Assertion `(ssize_t)((ret)) == (ssize_t)((0))' failed.
got value: -1
should be: 0
Group "remote_disconnect": [FAILED]
...
Reference:
RECV(2)
NAME
recv, recvfrom, recvmsg - receive a message from a socket
...
RETURN VALUE
...
When a stream socket peer has performed an orderly shutdown,
the return value will be 0 (the traditional "end-of-file" return).
Datagram sockets in various domains (e.g., the UNIX and Internet domains)
permit zero-length datagrams. When such a datagram is received, the return value is 0.
Signed-off-by: chao an <anchao@xiaomi.com>
fix usrsock getsockname fail
nsh> usrsocktest
...
Testing group "basic_getsockname" =>
[TEST ASSERT FAILED!]
In function "basic_getsockname_open":
line 170: Assertion `(ssize_t)((ret)) == (ssize_t)((0))' failed.
got value: -1
should be: 0
Group "basic_getsockname": [FAILED]
...
Reference:
GETSOCKNAME(2)
NAME
getsockname - get socket name
...
DESCRIPTION
...
The returned address is truncated if the buffer provided is too small;
in this case, addrlen will return a value greater than was supplied to the call.
Signed-off-by: chao an <anchao@xiaomi.com>
follow the below change:
-----------------------------------------------
commit 0334819742
Author: Xiang Xiao <xiaoxiang@xiaomi.com>
Date: Mon Aug 22 05:10:47 2022 +0800
net/usrsock: Change xid from uint64_t to uint32_t
by generating the new xid for each transaction
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Signed-off-by: chao an <anchao@xiaomi.com>
Do not use 'pvconn' argument to get the connection pointer since
pvconn is normally NULL for some events like NETDEV_DOWN.
Instead, the connection pointer can be reliably obtained from the
corresponding private pointer.
Signed-off-by: chao.an <anchao@xiaomi.com>
rename the UDP_BINDTODEVICE to SO_BINDTODEVICE to follow the linux
style to be compatible with non-UDP protocol binding requirements
Signed-off-by: chao.an <anchao@xiaomi.com>