tcp_conn: Check if the remote address is unspecified #5

xiaoxiang781216 · 2019-12-24T15:04:28Z

Change-Id: I6f547bb4bfb3bb621573db9097a531ce2260e794
Signed-off-by: chao.an anchao@xiaomi.com

Change-Id: I6f547bb4bfb3bb621573db9097a531ce2260e794 Signed-off-by: chao.an <anchao@xiaomi.com>

patacongo · 2019-12-24T15:09:51Z

This is also against master. See my comment and questions s with regard to PR 4. Please advise and I will expedite the inclusion of the change.

patacongo · 2019-12-24T15:40:35Z

I will assume that you will be unable to respond due to the time difference. I will go ahead and incorporate the change as a patch to keep things moving.

ASAN trace: ... ==32087==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4502120 at pc 0x56673ca3 bp 0xff9b6a08 sp 0xff9b69f8 WRITE of size 1 at 0xf4502120 thread T0 #0 0x56673ca2 in strcpy string/lib_strcpy.c:64 0xf4502120 is located 0 bytes to the right of 8224-byte region [0xf4500100,0xf4502120) allocated by thread T0 here: #0 0xf7a60f54 in malloc (/usr/lib32/libasan.so.4+0xe5f54) #1 0x5667725d in up_create_stack sim/up_createstack.c:135 #2 0x56657ed8 in nxthread_create task/task_create.c:125 #3 0x566580bb in kthread_create task/task_create.c:297 #4 0x5665935f in work_start_highpri wqueue/kwork_hpthread.c:149 #5 0x56656f31 in nx_workqueues init/nx_bringup.c:181 #6 0x56656fc6 in nx_bringup init/nx_bringup.c:436 apache#7 0x56656e95 in nx_start init/nx_start.c:809 apache#8 0x566548d4 in main sim/up_head.c:95 apache#9 0xf763ae80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80) CALLSTACK: apache#8 0xf79de7a5 in __asan_report_store1 () from /usr/lib32/libasan.so.4 apache#9 0x565fd4d7 in strcpy (dest=0xf4a02121 "", src=0xf5c00895 "k") at string/lib_strcpy.c:64 apache#10 0x565e4eb2 in nxtask_setup_stackargs (tcb=0xf5c00810, argv=0x0) at task/task_setup.c:570 apache#11 0x565e50ff in nxtask_setup_arguments (tcb=0xf5c00810, name=0x5679e580 "hpwork", argv=0x0) at task/task_setup.c:714 apache#12 0x565e414e in nxthread_create (name=0x5679e580 "hpwork", ttype=2 '\002', priority=224, stack=0x0, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:143 apache#13 0x565e42e3 in kthread_create (name=0x5679e580 "hpwork", priority=224, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:297 apache#14 0x565e5557 in work_start_highpri () at wqueue/kwork_hpthread.c:149 apache#15 0x565e3e32 in nx_workqueues () at init/nx_bringup.c:181 apache#16 0x565e3ec7 in nx_bringup () at init/nx_bringup.c:436 apache#17 0x565e3d96 in nx_start () at init/nx_start.c:809 apache#18 0x565e3195 in main (argc=1, argv=0xffe6b954, envp=0xffe6b95c) at sim/up_head.c:95 Change-Id: I096f7952aae67d055daa737e967242eb217ef8ac Signed-off-by: chao.an <anchao@xiaomi.com>

ASAN trace: ... ==32087==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4502120 at pc 0x56673ca3 bp 0xff9b6a08 sp 0xff9b69f8 WRITE of size 1 at 0xf4502120 thread T0 #0 0x56673ca2 in strcpy string/lib_strcpy.c:64 0xf4502120 is located 0 bytes to the right of 8224-byte region [0xf4500100,0xf4502120) allocated by thread T0 here: #0 0xf7a60f54 in malloc (/usr/lib32/libasan.so.4+0xe5f54) #1 0x5667725d in up_create_stack sim/up_createstack.c:135 #2 0x56657ed8 in nxthread_create task/task_create.c:125 #3 0x566580bb in kthread_create task/task_create.c:297 #4 0x5665935f in work_start_highpri wqueue/kwork_hpthread.c:149 #5 0x56656f31 in nx_workqueues init/nx_bringup.c:181 #6 0x56656fc6 in nx_bringup init/nx_bringup.c:436 #7 0x56656e95 in nx_start init/nx_start.c:809 #8 0x566548d4 in main sim/up_head.c:95 #9 0xf763ae80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80) CALLSTACK: #8 0xf79de7a5 in __asan_report_store1 () from /usr/lib32/libasan.so.4 #9 0x565fd4d7 in strcpy (dest=0xf4a02121 "", src=0xf5c00895 "k") at string/lib_strcpy.c:64 #10 0x565e4eb2 in nxtask_setup_stackargs (tcb=0xf5c00810, argv=0x0) at task/task_setup.c:570 #11 0x565e50ff in nxtask_setup_arguments (tcb=0xf5c00810, name=0x5679e580 "hpwork", argv=0x0) at task/task_setup.c:714 #12 0x565e414e in nxthread_create (name=0x5679e580 "hpwork", ttype=2 '\002', priority=224, stack=0x0, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:143 #13 0x565e42e3 in kthread_create (name=0x5679e580 "hpwork", priority=224, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:297 #14 0x565e5557 in work_start_highpri () at wqueue/kwork_hpthread.c:149 #15 0x565e3e32 in nx_workqueues () at init/nx_bringup.c:181 #16 0x565e3ec7 in nx_bringup () at init/nx_bringup.c:436 #17 0x565e3d96 in nx_start () at init/nx_start.c:809 #18 0x565e3195 in main (argc=1, argv=0xffe6b954, envp=0xffe6b95c) at sim/up_head.c:95 Change-Id: I096f7952aae67d055daa737e967242eb217ef8ac Signed-off-by: chao.an <anchao@xiaomi.com>

Note: dlsymtab is not in standards. but just in case. (gdb) bt #0 getpid () at task/task_getpid.c:91 apache#1 0x00000000004fbc9d in modlib_registry_lock () at modlib/modlib_registry.c:89 apache#2 0x0000000000719ee0 in modsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at module/mod_modsym.c:92 apache#3 0x000000000071597d in dlsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at dlfcn/lib_dlsym.c:164 apache#4 0x00007fa7ebdbeb39 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 apache#5 0x00007fa7ebd79b28 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 apache#6 0x00007fa7ebd9d7a7 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 apache#7 0x00007fa7ec6ce03a in ?? () from /lib64/ld-linux-x86-64.so.2 apache#8 0x00007fa7ec6ce141 in ?? () from /lib64/ld-linux-x86-64.so.2 apache#9 0x00007fa7ec6be13a in ?? () from /lib64/ld-linux-x86-64.so.2 apache#10 0x0000000000000001 in ?? () apache#11 0x00007fff028f686b in ?? () apache#12 0x0000000000000000 in ?? () (gdb) quit

Note: dlsymtab is not in standards. but just in case. (gdb) bt #0 getpid () at task/task_getpid.c:91 #1 0x00000000004fbc9d in modlib_registry_lock () at modlib/modlib_registry.c:89 #2 0x0000000000719ee0 in modsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at module/mod_modsym.c:92 #3 0x000000000071597d in dlsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at dlfcn/lib_dlsym.c:164 #4 0x00007fa7ebdbeb39 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 #5 0x00007fa7ebd79b28 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 #6 0x00007fa7ebd9d7a7 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 #7 0x00007fa7ec6ce03a in ?? () from /lib64/ld-linux-x86-64.so.2 #8 0x00007fa7ec6ce141 in ?? () from /lib64/ld-linux-x86-64.so.2 #9 0x00007fa7ec6be13a in ?? () from /lib64/ld-linux-x86-64.so.2 #10 0x0000000000000001 in ?? () #11 0x00007fff028f686b in ?? () #12 0x0000000000000000 in ?? () (gdb) quit

This reverts commit 21cff9f. It broke sim on macOS. In the following backtrace, the host socket() should be used instead of nuttx's. (lldb) bt * thread apache#1, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1 * frame #0: 0x00000001000f5391 nuttx`socket(domain=1, type=1, protocol=0) at socket.c:192:12 frame apache#1: 0x000000010012b682 nuttx`vpnkit_connect at up_vpnkit.c:75:8 frame apache#2: 0x000000010012b60b nuttx`vpnkit_init at up_vpnkit.c:136:3 frame apache#3: 0x0000000100034b56 nuttx`netdriver_init at up_netdriver.c:334:3 frame apache#4: 0x0000000100033294 nuttx`up_initialize at up_initialize.c:260:3 frame apache#5: 0x00000001000031e3 nuttx`nx_start at nx_start.c:701:3 frame apache#6: 0x0000000100000b12 nuttx`main(argc=1, argv=0x00007ffeefbfd6c8, envp=0x00007ffeefbfd6d8) at up_head.c:96:7 frame apache#7: 0x00007fff7831b3d5 libdyld.dylib`start + 1 frame apache#8: 0x00007fff7831b3d5 libdyld.dylib`start + 1 (lldb)

(gdb) b longjmp Breakpoint 1 at 0x8270 (gdb) r Starting program: /home/chao/code/m3/nuttx/nuttx [ 0.000000] Assertion failed at file:task/task_onexit.c line: 99 Breakpoint 1, 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 (gdb) (gdb) bt |#0 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 |#1 0xf7f9c3dc in siglongjmp_alias () from /lib/i386-linux-gnu/libpthread.so.0 |#2 0x5655d668 in up_assert (filename=0x56641018 "task/task_onexit.c", line=99) at sim/up_head.c:132 |#3 0x56567413 in _assert (filename=0x56641018 "task/task_onexit.c", linenum=99) at assert/lib_assert.c:36 |#4 0x565f8cfd in on_exit (func=0x565f8c12 <exitfunc>, arg=0x565fd780 <simuart_restoremode>) at task/task_onexit.c:99 |#5 0x565f8c89 in atexit (func=0x565fd780 <simuart_restoremode>) at task/task_atexit.c:109 |#6 0x565fd819 in simuart_start () at sim/up_simuart.c:112 |apache#7 0x5656c844 in up_uartinit () at sim/up_uart.c:496 |apache#8 0x5656ba7a in up_initialize () at sim/up_initialize.c:234 |apache#9 0x5655da56 in nx_start () at init/nx_start.c:701 |apache#10 0x5655d5e9 in main (argc=1, argv=0xffffd6f4, envp=0xffffd6fc) at sim/up_head.c:96 Change-Id: Ifd7196b2de7bf9fc7cea764c19a5c0eacf08fdb6 Signed-off-by: chao.an <anchao@xiaomi.com>

(gdb) b longjmp Breakpoint 1 at 0x8270 (gdb) r Starting program: /home/chao/code/m3/nuttx/nuttx [ 0.000000] Assertion failed at file:task/task_onexit.c line: 99 Breakpoint 1, 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 (gdb) (gdb) bt |#0 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 |#1 0xf7f9c3dc in siglongjmp_alias () from /lib/i386-linux-gnu/libpthread.so.0 |#2 0x5655d668 in up_assert (filename=0x56641018 "task/task_onexit.c", line=99) at sim/up_head.c:132 |#3 0x56567413 in _assert (filename=0x56641018 "task/task_onexit.c", linenum=99) at assert/lib_assert.c:36 |#4 0x565f8cfd in on_exit (func=0x565f8c12 <exitfunc>, arg=0x565fd780 <simuart_restoremode>) at task/task_onexit.c:99 |#5 0x565f8c89 in atexit (func=0x565fd780 <simuart_restoremode>) at task/task_atexit.c:109 |#6 0x565fd819 in simuart_start () at sim/up_simuart.c:112 |#7 0x5656c844 in up_uartinit () at sim/up_uart.c:496 |#8 0x5656ba7a in up_initialize () at sim/up_initialize.c:234 |#9 0x5655da56 in nx_start () at init/nx_start.c:701 |#10 0x5655d5e9 in main (argc=1, argv=0xffffd6f4, envp=0xffffd6fc) at sim/up_head.c:96 Change-Id: Ifd7196b2de7bf9fc7cea764c19a5c0eacf08fdb6 Signed-off-by: chao.an <anchao@xiaomi.com>

Deadlock during recursive access if unionfs overlays procfs, check the critical segment only and remove the useless protection part. |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 ... |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |apache#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 original call stack: (gdb) bt |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 |#1 0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119 |#2 0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90 |#3 0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193 |#4 0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169 |#5 0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537 |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |apache#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 |apache#8 0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110 |apache#9 0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175 |apache#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206 |apache#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116 |apache#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73 |apache#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061 |apache#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741 |apache#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578 |apache#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662 |apache#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191 |apache#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115 |apache#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168 |apache#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165 |apache#21 0x08049713 in nxtask_start () at task/task_start.c:144 |apache#22 0x00000000 in ?? () Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca Signed-off-by: chao.an <anchao@xiaomi.com>

Deadlock during recursive access if unionfs overlays procfs, check the critical segment only and remove the useless protection part. |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 ... |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 original call stack: (gdb) bt |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 |#1 0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119 |#2 0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90 |#3 0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193 |#4 0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169 |#5 0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537 |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 |#8 0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110 |#9 0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175 |#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206 |#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116 |#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73 |#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061 |#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741 |#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578 |#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662 |#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191 |#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115 |#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168 |#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165 |#21 0x08049713 in nxtask_start () at task/task_start.c:144 |#22 0x00000000 in ?? () Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca Signed-off-by: chao.an <anchao@xiaomi.com>

``` Program received signal SIGSEGV, Segmentation fault. getpid () at task/task_getpid.c:76 76 task/task_getpid.c: No such file or directory. rax 0x2feeb4 3141300 rbx 0xc53f83 12926851 rcx 0x6837665ee4c00 1833394399759360 rdx 0x472080 4661376 rsi 0xc53f83 12926851 rdi 0xffffffffffffffff -1 rbp 0x7ffe4cdfe140 0x7ffe4cdfe140 rsp 0x7ffe4cdfe0f0 0x7ffe4cdfe0f0 r8 0xffffffffffffffff -1 r9 0x0 0 r10 0x22 34 r11 0x246 582 r12 0x472080 4661376 r13 0x7ffe4cdfe3e8 140730188162024 r14 0x472080 4661376 r15 0xf60398 16122776 rip 0x4e9b93 0x4e9b93 <getpid+35> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 #0 getpid () at task/task_getpid.c:76 apache#1 0x00000000006ad25a in modlib_registry_lock () at modlib/modlib_registry.c:89 apache#2 0x0000000000c3648d in modsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at module/mod_modsym.c:77 apache#3 0x0000000000c2cd3a in dlsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at dlfcn/lib_dlsym.c:149 apache#4 0x00000000004a0034 in __interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long) () apache#5 0x000000000048181e in InitializeCommonInterceptors() () apache#6 0x000000000048106a in __asan::InitializeAsanInterceptors() () apache#7 0x000000000049b85e in __asan::AsanInitInternal() () apache#8 0x00007f09cfb04ce6 in ?? () from /lib64/ld-linux-x86-64.so.2 apache#9 0x00007f09cfaf413a in ?? () from /lib64/ld-linux-x86-64.so.2 apache#10 0x0000000000000001 in ?? () apache#11 0x00007ffe4cdfff56 in ?? () apache#12 0x0000000000000000 in ?? () ```

Fixes the following crash with CONFIG_SIM_SANITIZE=y on Linux. ``` Program received signal SIGSEGV, Segmentation fault. getpid () at task/task_getpid.c:76 76 task/task_getpid.c: No such file or directory. rax 0x2feeb4 3141300 rbx 0xc53f83 12926851 rcx 0x6837665ee4c00 1833394399759360 rdx 0x472080 4661376 rsi 0xc53f83 12926851 rdi 0xffffffffffffffff -1 rbp 0x7ffe4cdfe140 0x7ffe4cdfe140 rsp 0x7ffe4cdfe0f0 0x7ffe4cdfe0f0 r8 0xffffffffffffffff -1 r9 0x0 0 r10 0x22 34 r11 0x246 582 r12 0x472080 4661376 r13 0x7ffe4cdfe3e8 140730188162024 r14 0x472080 4661376 r15 0xf60398 16122776 rip 0x4e9b93 0x4e9b93 <getpid+35> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 #0 getpid () at task/task_getpid.c:76 apache#1 0x00000000006ad25a in modlib_registry_lock () at modlib/modlib_registry.c:89 apache#2 0x0000000000c3648d in modsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at module/mod_modsym.c:77 apache#3 0x0000000000c2cd3a in dlsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at dlfcn/lib_dlsym.c:149 apache#4 0x00000000004a0034 in __interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long) () apache#5 0x000000000048181e in InitializeCommonInterceptors() () apache#6 0x000000000048106a in __asan::InitializeAsanInterceptors() () apache#7 0x000000000049b85e in __asan::AsanInitInternal() () apache#8 0x00007f09cfb04ce6 in ?? () from /lib64/ld-linux-x86-64.so.2 apache#9 0x00007f09cfaf413a in ?? () from /lib64/ld-linux-x86-64.so.2 apache#10 0x0000000000000001 in ?? () apache#11 0x00007ffe4cdfff56 in ?? () apache#12 0x0000000000000000 in ?? () ```

Fixes the following crash with CONFIG_SIM_SANITIZE=y on Linux. ``` Program received signal SIGSEGV, Segmentation fault. getpid () at task/task_getpid.c:76 76 task/task_getpid.c: No such file or directory. rax 0x2feeb4 3141300 rbx 0xc53f83 12926851 rcx 0x6837665ee4c00 1833394399759360 rdx 0x472080 4661376 rsi 0xc53f83 12926851 rdi 0xffffffffffffffff -1 rbp 0x7ffe4cdfe140 0x7ffe4cdfe140 rsp 0x7ffe4cdfe0f0 0x7ffe4cdfe0f0 r8 0xffffffffffffffff -1 r9 0x0 0 r10 0x22 34 r11 0x246 582 r12 0x472080 4661376 r13 0x7ffe4cdfe3e8 140730188162024 r14 0x472080 4661376 r15 0xf60398 16122776 rip 0x4e9b93 0x4e9b93 <getpid+35> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 #0 getpid () at task/task_getpid.c:76 #1 0x00000000006ad25a in modlib_registry_lock () at modlib/modlib_registry.c:89 #2 0x0000000000c3648d in modsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at module/mod_modsym.c:77 #3 0x0000000000c2cd3a in dlsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at dlfcn/lib_dlsym.c:149 #4 0x00000000004a0034 in __interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long) () #5 0x000000000048181e in InitializeCommonInterceptors() () #6 0x000000000048106a in __asan::InitializeAsanInterceptors() () #7 0x000000000049b85e in __asan::AsanInitInternal() () #8 0x00007f09cfb04ce6 in ?? () from /lib64/ld-linux-x86-64.so.2 #9 0x00007f09cfaf413a in ?? () from /lib64/ld-linux-x86-64.so.2 #10 0x0000000000000001 in ?? () #11 0x00007ffe4cdfff56 in ?? () #12 0x0000000000000000 in ?? () ```

This reverts commit 2335b69. It seems that the commit is question broke sim/Linux and sim/macOS. Both of the following crashes are fixed by this revert. My app running with sim/Linux started crashing with the commit. ``` Program received signal SIGSEGV, Segmentation fault. 0x00000000004583ad in snprintf (buf=0x7f6260682b30 "\020", size=140060500962096, format=0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff>) at stdio/lib_snprintf.c:41 41 stdio/lib_snprintf.c: No such file or directory. rax 0x0 0 rbx 0x0 0 rcx 0x1 1 rdx 0x5515d0 5576144 rsi 0x10 16 rdi 0x7f6260682858 140060500961368 rbp 0x7f6260682808 0x7f6260682808 rsp 0x7f6260682628 0x7f6260682628 r8 0x7f62606825e0 140060500960736 r9 0x0 0 r10 0x8 8 r11 0x246 582 r12 0x0 0 r13 0x0 0 r14 0x0 0 r15 0x0 0 rip 0x4583ad 0x4583ad <snprintf+13> eflags 0x10246 [ PF ZF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 ``` sim:ostest on macOS crashes like the following. ``` spacetanuki% lldb ./nuttx (lldb) target create "./nuttx" Current executable set to './nuttx' (x86_64). (lldb) run Process 67434 launched: '/Users/yamamoto/git/nuttx/nuttx/nuttx' (x86_64) Process 67434 stopped * thread apache#1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x00007fff6f1633a6 libdyld.dylib`stack_not_16_byte_aligned_error libdyld.dylib`stack_not_16_byte_aligned_error: -> 0x7fff6f1633a6 <+0>: movdqa %xmm0, (%rsp) 0x7fff6f1633ab <+5>: int3 libdyld.dylib`_dyld_fast_stub_entry: 0x7fff6f1633ac <+0>: pushq %rbp 0x7fff6f1633ad <+1>: movq %rsp, %rbp Target 0: (nuttx) stopped. (lldb) bt * thread apache#1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) * frame #0: 0x00007fff6f1633a6 libdyld.dylib`stack_not_16_byte_aligned_error frame apache#1: 0x0000000101002048 frame apache#2: 0x000000010001682d nuttx`tty_send(dev=0x000000010002f370, ch=115) at up_uart.c:447:3 frame apache#3: 0x000000010000d7df nuttx`uart_xmitchars(dev=0x000000010002f370) at serial_io.c:68:7 frame apache#4: 0x0000000100016a95 nuttx`tty_txint(dev=0x000000010002f370, enable='\x01') at up_uart.c:462:7 frame apache#5: 0x000000010000ce48 nuttx`uart_write(filep=0x00000001010011e8, buffer="", buflen=0) at serial.c:1260:7 frame apache#6: 0x0000000100024ef3 nuttx`file_write(filep=0x00000001010011e8, buf=0x0000000100027a30, nbytes=23) at fs_write.c:89:10 frame apache#7: 0x0000000100024f6a nuttx`nx_write(fd=1, buf=0x0000000100027a30, nbytes=23) at fs_write.c:138:13 frame apache#8: 0x0000000100024fab nuttx`file_write(filep=0x0000000100027a30, buf=0x0000000000000017, nbytes=0) at fs_write.c:76:7 frame apache#9: 0x000000010002215e nuttx`stdio_test at ostest_main.c:574:3 frame apache#10: 0x0000000100021f1b nuttx`ostest_main(argc=1, argv=0x0000000101001300) at ostest_main.c:602:3 frame apache#11: 0x000000010000ff05 nuttx`nxtask_startup(entrypt=(nuttx`ostest_main at ostest_main.c:592), argc=1, argv=0x0000000101001300) at task_startup.c:150:8 frame apache#12: 0x000000010000a580 nuttx`nxtask_start at task_start.c:129:7 (lldb) ```

==1598322==ERROR: AddressSanitizer: heap-use-after-free on address 0xf514f8a8 at pc 0x58ac3898 bp 0xd0b4d488 sp 0xd0b4d478 READ of size 4 at 0xf514f8a8 thread T0 #0 0x58ac3897 in rpmsg_socket_pollnotify rpmsg/rpmsg_sockif.c:211 #1 0x58ac512f in rpmsg_socket_ept_cb rpmsg/rpmsg_sockif.c:312 #2 0x5787881c in rpmsg_virtio_rx_callback open-amp/lib/rpmsg/rpmsg_virtio.c:331 apache#3 0x57886a67 in virtqueue_notification open-amp/lib/virtio/virtqueue.c:623 apache#4 0x5786fb89 in rproc_virtio_notified open-amp/lib/remoteproc/remoteproc_virtio.c:340 apache#5 0x5786bde3 in remoteproc_get_notification open-amp/lib/remoteproc/remoteproc.c:985 apache#6 0x57755a50 in rptun_worker rptun/rptun.c:303 apache#7 0x57755e51 in rptun_thread rptun/rptun.c:352 apache#8 0x57730d4a in nxtask_start task/task_start.c:128 apache#9 0xdeadbeee (/memfd:pulseaudio (deleted)+0x15dbeee) Signed-off-by: ligd <liguiding1@xiaomi.com>

==1598322==ERROR: AddressSanitizer: heap-use-after-free on address 0xf514f8a8 at pc 0x58ac3898 bp 0xd0b4d488 sp 0xd0b4d478 READ of size 4 at 0xf514f8a8 thread T0 #0 0x58ac3897 in rpmsg_socket_pollnotify rpmsg/rpmsg_sockif.c:211 #1 0x58ac512f in rpmsg_socket_ept_cb rpmsg/rpmsg_sockif.c:312 #2 0x5787881c in rpmsg_virtio_rx_callback open-amp/lib/rpmsg/rpmsg_virtio.c:331 #3 0x57886a67 in virtqueue_notification open-amp/lib/virtio/virtqueue.c:623 #4 0x5786fb89 in rproc_virtio_notified open-amp/lib/remoteproc/remoteproc_virtio.c:340 #5 0x5786bde3 in remoteproc_get_notification open-amp/lib/remoteproc/remoteproc.c:985 #6 0x57755a50 in rptun_worker rptun/rptun.c:303 #7 0x57755e51 in rptun_thread rptun/rptun.c:352 #8 0x57730d4a in nxtask_start task/task_start.c:128 #9 0xdeadbeee (/memfd:pulseaudio (deleted)+0x15dbeee) Signed-off-by: ligd <liguiding1@xiaomi.com>

deshacer error

set CONFIG_PRIORITY_INHERITANCE=y set CONFIG_SEM_PREALLOCHOLDERS=0 semaphore/sem_holder.c:320:34: runtime error: member access within null pointer of type 'struct tcb_s' #0 0xd8b540 in nxsem_boostholderprio semaphore/sem_holder.c:320 #1 0xd8c1cf in nxsem_boost_priority semaphore/sem_holder.c:703 #2 0xda5dfa in nxsem_wait semaphore/sem_wait.c:145 #3 0xda61d9 in nxsem_wait_uninterruptible semaphore/sem_wait.c:248 #4 0x12f2477 in media_service_thread0 /home/ligd/platform/dev/apps/examples/hello/hello_main.c:44 #5 0x1204154 in pthread_startup pthread/pthread_create.c:59 #6 0x1cd906f in pthread_start pthread/pthread_create.c:139 #7 0xe72fcb in pre_start sim/sim_initialstate.c:52 Signed-off-by: ligd <liguiding1@xiaomi.com>

note/note_driver.c:1405:11: runtime error: null pointer passed as argument 2, which is declared to never be null #0 0x33bf5cc in sched_note_event_ip note/note_driver.c:1405 #1 0x33bfb57 in note_driver_instrument_enter note/note_initialize.c:55 #2 0x347b084 in __cyg_profile_func_enter misc/lib_instrument.c:68 #3 0x34179de in binder_initialize binder/binder.c:669 #4 0x339a936 in drivers_initialize /home/cuiziwei/vela/happy/nuttx/drivers/drivers_initialize.c:242 #5 0x335a179 in nx_start init/nx_start.c:632 #6 0x32f755c in main sim/sim_head.c:180 #7 0xf6821518 (/lib/i386-linux-gnu/libc.so.6+0x21518) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036) #8 0xf68215f2 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x215f2) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036) #9 0x32b401a in _start (/home/cuiziwei/vela/happy/nuttx/nuttx+0x32b401a) (BuildId: 33f8f7b361d44a008de87fea1bc970b22b48b700) Signed-off-by: cuiziwei <cuiziwei@xiaomi.com>

stdio/lib_libvsprintf.c:1018:17: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself #0 0x3326a86 in vsprintf_internal stdio/lib_libvsprintf.c:1018 #1 0x332926b in lib_vsprintf stdio/lib_libvsprintf.c:1363 #2 0x3777978 in vfprintf stdio/lib_vfprintf.c:52 apache#3 0x671b3a0 in printf stdio/lib_printf.c:44 apache#4 0x37abc0c in hello_main /data/project/code/vela-pt/apps/examples/hello/hello_main.c:38 apache#5 0x33201d3 in nxtask_startup sched/task_startup.c:70 apache#6 0x3208ecb in nxtask_start task/task_start.c:134 apache#7 0x3357a49 in pre_start sim/sim_initialstate.c:52 Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>

stdio/lib_libvsprintf.c:1018:17: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself #0 0x3326a86 in vsprintf_internal stdio/lib_libvsprintf.c:1018 #1 0x332926b in lib_vsprintf stdio/lib_libvsprintf.c:1363 #2 0x3777978 in vfprintf stdio/lib_vfprintf.c:52 #3 0x671b3a0 in printf stdio/lib_printf.c:44 #4 0x37abc0c in hello_main /data/project/code/vela-pt/apps/examples/hello/hello_main.c:38 #5 0x33201d3 in nxtask_startup sched/task_startup.c:70 #6 0x3208ecb in nxtask_start task/task_start.c:134 #7 0x3357a49 in pre_start sim/sim_initialstate.c:52 Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>

sim/posix/sim_offload.c:369:18: runtime error: left shift of 255 by 24 places cannot be represented in type 'int' #0 0x3a146c2 (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x3a146c2) apache#1 0x3a0ecb0 (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x3a0ecb0) apache#2 0x3a1193a (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x3a1193a) apache#3 0x3a13141 (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x3a13141) apache#4 0x39fc3ef (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x39fc3ef) apache#5 0x38ca7f2 (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x38ca7f2) apache#6 0x39fc6cf (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x39fc6cf) Signed-off-by: qiaohaijiao1 <qiaohaijiao1@xiaomi.com>

sim/posix/sim_offload.c:369:18: runtime error: left shift of 255 by 24 places cannot be represented in type 'int' #0 0x3a146c2 (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x3a146c2) #1 0x3a0ecb0 (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x3a0ecb0) #2 0x3a1193a (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x3a1193a) #3 0x3a13141 (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x3a13141) #4 0x39fc3ef (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x39fc3ef) #5 0x38ca7f2 (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x38ca7f2) #6 0x39fc6cf (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x39fc6cf) Signed-off-by: qiaohaijiao1 <qiaohaijiao1@xiaomi.com>

RTOSXMDPYX-575 string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int' #0 0x48e77096 in strcpy string/lib_strcpy.c:87 #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60 apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186 apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561 apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677 apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114 apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356 apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501 apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72 apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70 apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112 apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52 Change-Id: I6e969ce530edefdf4307d36dc6944dcf7ce5958f Signed-off-by: yangguangcai <yangguangcai@xiaomi.com>

string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int' #0 0x48e77096 in strcpy string/lib_strcpy.c:87 #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60 apache#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186 apache#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561 apache#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677 apache#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114 apache#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356 apache#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501 apache#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72 apache#9 0x48bee720 in nxtask_startup sched/task_startup.c:70 apache#10 0x48b41eb4 in nxtask_start task/task_start.c:112 apache#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52 Signed-off-by: yangguangcai <yangguangcai@xiaomi.com>

string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int' #0 0x48e77096 in strcpy string/lib_strcpy.c:87 #1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60 #2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186 #3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561 #4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677 #5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114 #6 0x52cde739 in default_tts_vendor_get src/vendor.c:356 #7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501 #8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72 #9 0x48bee720 in nxtask_startup sched/task_startup.c:70 #10 0x48b41eb4 in nxtask_start task/task_start.c:112 #11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52 Signed-off-by: yangguangcai <yangguangcai@xiaomi.com>

Changed stm32 to stm32h5 in pwr.c. Added additional logic for selecting PLL sources. Added additional logic for enabling LSE or LSI. Set VCORE properly with stm32h5_pwr.c function. Fixes to adjustvcore function.

Deadlock during recursive access if unionfs overlays procfs, check the critical segment only and remove the useless protection part. |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 ... |apache#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |apache#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 original call stack: (gdb) bt |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 |apache#1 0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119 |apache#2 0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90 |apache#3 0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193 |apache#4 0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169 |apache#5 0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537 |apache#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |apache#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 |apache#8 0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110 |apache#9 0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175 |apache#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206 |apache#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116 |apache#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73 |apache#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061 |apache#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741 |apache#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578 |apache#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662 |apache#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191 |apache#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115 |apache#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168 |apache#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165 |apache#21 0x08049713 in nxtask_start () at task/task_start.c:144 |apache#22 0x00000000 in ?? () Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca Signed-off-by: chao.an <anchao@xiaomi.com>

VELAPLATFO-1585 ==1598322==ERROR: AddressSanitizer: heap-use-after-free on address 0xf514f8a8 at pc 0x58ac3898 bp 0xd0b4d488 sp 0xd0b4d478 READ of size 4 at 0xf514f8a8 thread T0 #0 0x58ac3897 in rpmsg_socket_pollnotify rpmsg/rpmsg_sockif.c:211 apache#1 0x58ac512f in rpmsg_socket_ept_cb rpmsg/rpmsg_sockif.c:312 apache#2 0x5787881c in rpmsg_virtio_rx_callback open-amp/lib/rpmsg/rpmsg_virtio.c:331 apache#3 0x57886a67 in virtqueue_notification open-amp/lib/virtio/virtqueue.c:623 apache#4 0x5786fb89 in rproc_virtio_notified open-amp/lib/remoteproc/remoteproc_virtio.c:340 apache#5 0x5786bde3 in remoteproc_get_notification open-amp/lib/remoteproc/remoteproc.c:985 apache#6 0x57755a50 in rptun_worker rptun/rptun.c:303 apache#7 0x57755e51 in rptun_thread rptun/rptun.c:352 apache#8 0x57730d4a in nxtask_start task/task_start.c:128 apache#9 0xdeadbeee (/memfd:pulseaudio (deleted)+0x15dbeee) Change-Id: I29fc2ab82376ff6cd421fd383cdaa8ac85216364 Signed-off-by: ligd <liguiding1@xiaomi.com>

Initial STM32H5 Commit Initial commit of what I deemed essential files for bringing up the STM32H5. src/stm32h5/hardware files were edited by me, but need review. files in src/stm32h5 all need review and edits. include/stm32h5 files need review, some were edited by me. Add Nucleo-H563ZI Folder Add the board folder for the nucleo-h563zi. Right now this is largely a copy of the stm32l562e-dk configuration. Some files may be deleted in the future. Also made minor modifications to arch/arm/src/stm32h5/Kconfig file. hardware/stm32h562xx_rcc.h update Finished register and bit mapping for STM32H5 RCC Rename hardware/stm32h5_rcc.h Renamed stm32h562xx_rcc.h to stm32h5_rcc.h. The RCC register is the same for all versions of the STM32H5. Defined rcc_enableperipherals functions Defined all the functions wihtin rcc_enableperipherals. Getting started on stm32h5_stdclockconfig. Incremental STM32H5 RCC Updates Incremental Updates apache#2 Added stm32h5_lse.c and stm32h5_lsi.c files. Incremental updates to board.h, stm32h5xx_rcc.c, and hardware/stm32h5_rcc.h Incremental Updates apache#3 Added stm32h5_hsi48.c and stm32h5_hsi48.h files. Incremental updates to board.h, stm32h5xx_rcc.c, and hardware/stm32h5_rcc.h. Renamed hardware crs file. Fixed lse.c and lsi.c for STM32H5. Incremental Updates apache#4 Updated setting of VOS for STM32H5. Added HSIDIV definition to hardware/stm32h5_rcc.h for potential of changing HSIDIV from default. Changed board.h to use HSI of 32 MHz, which is the default. We still set SYSCLK to the max of 250MHz. First STM32H5 PWR Commit Rewrote hardware/stm32h5_pwr.h. Added stm32h5_pwr.c and stm32h5_pwr.h. Made minor changes to RCC files based on PWR peripheral. PWR Peripheral Changes Removed enablesmps function. LDO or SMPS is decided by hardware. Removed enablepwrclk. There is no PWREN for the STM32H5. Rewrote adustvcore. vcore must be adjusted incrementally. Incremental Updates apache#5 Changed stm32 to stm32h5 in pwr.c. Added additional logic for selecting PLL sources. Added additional logic for enabling LSE or LSI. Set VCORE properly with stm32h5_pwr.c function. Fixes to adjustvcore function. STM32H5 Power and RCC cleanup Fixed some errors with private functions and incorrect preprocessor variables. Changed adjustvcore to not select intermediate VOS levels. Figure 49 in RM shows changing directly from VOS3 to VOS1. Added function adjustvos_ext for externally supplied VCORE. However I'm not sure if VOS should be incremented, then voltage incremented, then frequency incremented, or if VOS should be incremented one by one to final setting, then adjust voltage, then frequency. adjustvos does the former. Won't be used in stdclockconfig. STM32H5 serial update This commit primarily adds functionality taken from the stm32g4 lpuart implementation. The template I used, from the stm32l5, already had the LPUART in there but did not calculate the baud correctly. Added more USARTS and UARTS supported by STM32H5. Minor changes to chip.h, stm32h5_start.c, and Kconfig. STM32H5 Serial Update apache#2 Added support for additional USARTS and UARTS on STM32H5. Other minor serial updates. Build Fixes Various fixes to get the stm32h5 arch to build. Many changes to follow. But for now, Nuttx builds. Remove unnecessary hardware files from STM32H5 directory More build changes Even more build fixes Minor fixes in stm32h5_rcc.c and stm32h5_pwr.c. Changed nucleo-h563zi defconfig to use std clock config. This resulted in errors that were fixed here. Also added stm32h5_lse.c and stm32h5_lsi.c to Make.defs. Removed legacy pinmap. It is deprecated and should not be used on new designs. Confirmed hardware crs and i2c files are correct. Will keep them for now. IRQ info for STM32H52, STM32H53, STM32H56, STM32H57 libcxx: fix compile error from ServiceManager.cpp:17: /home/ligd/platform/dev/apps/external/android/frameworks/native/libs/binder/ndk/include_cpp/android/binder_to_string.h:71:24: error: expected nested-name-specifier before numeric constant 71 | template <typename _U> | ^~ /home/ligd/platform/dev/apps/external/android/frameworks/native/libs/binder/ndk/include_cpp/android/binder_to_string.h:71:24: error: expected ‘>’ before numeric constant In file included from /home/ligd/platform/dev/apps/external/android/frameworks/native/libs/binder/aidl/android/os/ConnectionInfo.h:3, from /home/ligd/platform/dev/apps/external/android/frameworks/native/libs/binder/aidl/android/os/IServiceManager.h:3, from /home/ligd/platform/dev/apps/external/android/frameworks/native/libs/binder/aidl/android/os/BnServiceManager.h:4: /home/ligd/platform/dev/apps/external/android/frameworks/native/libs/binder/ndk/include_cpp/android/binder_to_string.h:72:56: error: no matching function for call to ‘declval<1>()’ 72 | static auto _test(int) -> decltype(std::declval<_U>().toString(), std::true_type()); | ~~~~~~~~~~~~~~~~^~ In file included from /home/ligd/platform/dev/nuttx/include/libcxx/__type_traits/is_convertible.h:18, Signed-off-by: ligd <liguiding1@xiaomi.com> libc string:Separate code. Separate the code that follows the BSD license into independent files. Signed-off-by: yangguangcai <yangguangcai@xiaomi.com> arch/sim/cmake: remove the host specific -U when HOSTSRCS fix macos compile hostfs.c compile issue. /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX15.0.sdk/usr/include/_string.h:131:62: error: expected function body after function declarator 131 | char *stpncpy(char *__dst, const char *__src, size_t __n) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_4_3); | ^ Signed-off-by: buxiasen <buxiasen@gmail.com> Revert "libc/lib_bzero:Add bzero prototype." This reverts commit 908814a. In macos, memset will be automatic optmize to bzero, caused dead loop, as we not using bzero, macro re-define should ablt to cover the requirements. Signed-off-by: buxiasen <buxiasen@gmail.com> arhc/arm64: vector table may be far away form arm64_fatal_handle use 33-bit (+/-4GB) pc-relative addressing to load the address of arm64_fatal_handle Signed-off-by: lipengfei28 <lipengfei28@xiaomi.com> sim: fix asan address space conflict Modify the starting position of the elf segment to 0x5000000 ==2561587==Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING. ==2561587==ASan shadow was supposed to be located in the [0x1ffff000-0x3fffffff] range. ==2561587==Process memory map follows: Signed-off-by: yinshengkai <yinshengkai@xiaomi.com> arm64/toolchains:Add the following kasan compilation options Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com> remove unused variable 'cpu_freq' Signed-off-by: lipengfei28 <lipengfei28@xiaomi.com> drivers/timers/arch_alarm.c: Remove ndelay_accurate Using ONESHOT_CURRENT retrieves the tick number multiplied by tick time; thus it doesn't give the accurate monotonic time - it is quantized by the tick time. This cannot be used as a ndelay timer, it would always loop at least to the end of the ongoing tick. Revert the up_udelay to use the original "coarse" looping. The "accurate" udelay, if such is needed, should either be done under arch specific code, or there should be a function for getting the accurate time that is available for all the platforms. Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae> boards/imx93-evk: Define CONFIG_BOARD_LOOPSPERMSEC Use value measured with 1.8GHz CPU speed Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae> arch/x86_64:Fix variable used before assignment Signed-off-by: liwenxiang1 <liwenxiang1@xiaomi.com> arch/arm64: vector table 2K align Signed-off-by: lipengfei28 <lipengfei28@xiaomi.com> arm/build: suppress LOAD RWX linker warning Add --no-warn-rwx-segments in case of RAM boot mode to linker to suppress the below warning: "nuttx has a LOAD segment with RWX permissions" Signed-off-by: Jinliang Li <lijinliang1@lixiang.com> arch/arm64/src/imx9/imx9_lpspi.c: Fix 9-16 bit transfers Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae> arch/arm64/src/imx9/imx9_lpspi.c: Small cache operation optimization There is no need to invalidate the RX buffer before every transfer. It is never gets dirty, so it is good to invalidate initially after allocation, and after each transfer. Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae> libxx: C++ low level library select LIBSUPCXX by default. Signed-off-by: cuiziwei <cuiziwei@xiaomi.com> nuttx/sim: Fix m64 build error. LD: nuttx nuttx.rel: in function `ff_dct32_float_sse2': (.text+0x66f9e): relocation truncated to fit: R_X86_64_32S against symbol `ff_cos_32' defined in .bss.ff_cos_32 section in nuttx.rel (.text+0x66fa7): relocation truncated to fit: R_X86_64_32S against symbol `ff_cos_32' defined in .bss.ff_cos_32 section in nuttx.rel (.text+0x672a6): relocation truncated to fit: R_X86_64_32S against symbol `ff_cos_16' defined in .bss.ff_cos_16 section in nuttx.rel (.text+0x672ae): relocation truncated to fit: R_X86_64_32S against symbol `ff_cos_16' defined in .bss.ff_cos_16 section in nuttx.rel nuttx.rel: in function `ff_imdct_calc_sse': (.text+0x67905): relocation truncated to fit: R_X86_64_32S against symbol `ff_cos_64' defined in .bss.ff_cos_64 section in nuttx.rel (.text+0x67948): relocation truncated to fit: R_X86_64_32S against symbol `ff_cos_128' defined in .bss.ff_cos_128 section in nuttx.rel (.text+0x67988): relocation truncated to fit: R_X86_64_32S against symbol `ff_cos_256' defined in .bss.ff_cos_256 section in nuttx.rel (.text+0x679c8): relocation truncated to fit: R_X86_64_32S against symbol `ff_cos_512' defined in .bss.ff_cos_512 section in nuttx.rel (.text+0x67a08): relocation truncated to fit: R_X86_64_32S against symbol `ff_cos_1024' defined in .bss.ff_cos_1024 section in nuttx.rel (.text+0x67a48): relocation truncated to fit: R_X86_64_32S against symbol `ff_cos_2048' defined in .bss.ff_cos_2048 section in nuttx.rel (.text+0x67a88): additional relocation overflows omitted from the output Signed-off-by: cuiziwei <cuiziwei@xiaomi.com> tls.h: list.h should depends on CONFIG_PTHREAD_ATFORK Signed-off-by: ligd <liguiding1@xiaomi.com> bluetooth: fix bt missing header files nuttx/wqueue.h Signed-off-by: ligd <liguiding1@xiaomi.com> lib_gdbstub: fix container of Signed-off-by: buxiasen <buxiasen@xiaomi.com> Signed-off-by: ligd <liguiding1@xiaomi.com> container_of: fix compile failed cause of list.h not support container_of Signed-off-by: ligd <liguiding1@xiaomi.com> nuttx/arch:Enabling ARCH_MATH_H is required when compiling sim with the 13.2 version of the toolchain. Signed-off-by: cuiziwei <cuiziwei@xiaomi.com> Signed-off-by: ligd <liguiding1@xiaomi.com> arm/stm32f401rc-rs485: Add support to WS2812 addressable LED Signed-off-by: Rodrigo Sim <rcsim10@gmail.com> syslog: Don't allow blocking when in signal handler Blocking while running a signal handler is not advisable, instead write the log string character by character. There is also a potential for a deadlock, as discussed in apache#6618 Note: querying for rtcb->sigdeliver is not 100% ideal, as it only tells _if_ a signal handler has been queued, not if it is running. However, it makes syslog safe / usable which is a debug feature anyhow. boards/risc-v: Remove ref to riscv_internal.h `riscv_internal.h` is a private chip level header file, and it should not be included in the board files. Signed-off-by: Huang Qi <huangqi3@xiaomi.com> boards/esp32s3: Merge MCUboot and "simple-boot" linker scripts To make it easier to keep the linker scripts updated for both MCUboot and "simple-boot", this commit merges them into a single linker script with macros to enable/disable specific sections. task_exit.c: Add missing sched_note_stop() A regression from apache#13728 ; sched_note_stop() is never called for tasks that exit normally via exit(). nuttx: Add LIBSUPCXX_TOOLCHAIN to link the prebuilt library provide by toolchain. Signed-off-by: cuiziwei <cuiziwei@xiaomi.com> serial/gdbstub:Adjust serial port gdbstub Kconfig dependencies Signed-off-by: anjiahao <anjiahao@xiaomi.com> gdbstub:fix typo Signed-off-by: anjiahao <anjiahao@xiaomi.com> coredump: coredump_add_memory_region need use flags Signed-off-by: anjiahao <anjiahao@xiaomi.com> arm64: fix fvp smp faild to boot reason: we should give a busy wait addr This commit fixes the regression from apache#13640 Signed-off-by: hujun5 <hujun5@xiaomi.com> CI: Enable sim-02 build when we create or update a Complex PR CI Build Job sim-02 was disabled to reduce our usage of GitHub Runners, to comply with ASF Policy: apache#14376 (comment) However this causes the Scheduled Merge Job to fail, due to reduced CI Checks: https://github.com/NuttX/nuttx/actions/runs/11490041505/job/31980056690#step:7:465 This PR re-enables sim-02 when we create or update a Complex PR. arch/Kconfig: remove ARCH_MATH_H if LIBCXX Because some libraries do require a full libm implementation. Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com> Documentation: migrate README.txt from boards and fixes for mps boards migrate some README.txt form boards/ and fixes for mps boards rst samv7: fix QSPI build Commit 313d6df caused the following build error: CC: fixedmath/lib_b16atan2.c chip/sam_qspi.c: In function 'qspi_memory': chip/sam_qspi.c:1552:7: warning: implicit declaration of function 'IS_ALIGNED' [-Wimplicit-function-declaration] 1552 | IS_ALIGNED((uintptr_t)meminfo->buffer, 4) && | ^~~~~~~~~~ In file included from chip/sam_qspi.c:41: chip/sam_qspi.c: In function 'qspi_alloc': chip/sam_qspi.c:1591:21: warning: implicit declaration of function 'ALIGN_UP' [-Wimplicit-function-declaration] 1591 | return kmm_malloc(ALIGN_UP(buflen, 4)); This was caused by missing include of nuttx.h header defining ALIGN_UP and IS_ALIGNED. Signed-off-by: Michal Lenc <michallenc@seznam.cz> mmcsd: SDIO_CAPS_4BIT_ONLY set buswidth MMCSD_SCR_BUSWIDTH_4BIT uint8_t buswidth:4; /* Bus widths supported (SD only) */ Signed-off-by: zhangshoukui <zhangshoukui@xiaomi.com> armv8m/clang.cmake: add armv8m clang config Its makefile is implemented in arch/arm/src/armv8-m/Toolchain.defs as follows: ifeq ($(CONFIG_ARM_TOOLCHAIN_CLANG),y) ifeq ($(CONFIG_ARCH_CORTEXM23),y) TOOLCHAIN_CLANG_CONFIG = armv8m.main_soft_nofp else ifeq ($(CONFIG_ARCH_CORTEXM33),y) ifeq ($(CONFIG_ARCH_FPU),y) TOOLCHAIN_CLANG_CONFIG = armv8m.main_hard_fp else TOOLCHAIN_CLANG_CONFIG = armv8m.main_soft_nofp endif else ifeq ($(CONFIG_ARCH_CORTEXM35P),y) ifeq ($(CONFIG_ARCH_FPU),y) TOOLCHAIN_CLANG_CONFIG = armv8m.main_hard_fp else TOOLCHAIN_CLANG_CONFIG = armv8m.main_soft_nofp endif else ifeq ($(CONFIG_ARCH_CORTEXM55),y) ifeq ($(CONFIG_ARCH_FPU),y) TOOLCHAIN_CLANG_CONFIG = armv8.1m.main_hard_fp else TOOLCHAIN_CLANG_CONFIG = armv8.1m.main_soft_nofp_nomve endif else ifeq ($(CONFIG_ARCH_CORTEXM85),y) ifeq ($(CONFIG_ARCH_FPU),y) TOOLCHAIN_CLANG_CONFIG = armv8.1m.main_hard_fp else TOOLCHAIN_CLANG_CONFIG = armv8.1m.main_soft_nofp_nomve endif endif Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com> Writing documentation related to SPI slave. Fix build issues Fix xtensa build error with choice LIBSUPCXX by default. Signed-off-by: cuiziwei <cuiziwei@xiaomi.com> sim/cmake: compatible when nuttx COMPILE_OPTIONS is not set yet Signed-off-by: buxiasen <buxiasen@xiaomi.com> Fix cdcncm printf formatter compiler warning esp32s3: Increase the init task stask size when using NSH After recent changes on nuttx-apps (not limited to, but related to nuttx-apps#2738, for instance), the stack usage for the NSH task increased, causing stack overflows under specific situations (when running `ps` command, for instance). This commit increases the init task stack size to avoid it. Please note that, even before these changes, the stack usage of the NSH task was around 90% and, then, increasing the stack size of it was recommended. kconfig: Add link parameters that can print remaining memory information LD: nuttx Memory region Used Size Region Size %age Used flash: 284272 B 512 KB 54.22% sram1: 13296 B 2 MB 0.63% sram2: 0 GB 2 MB 0.00% CP: nuttx.hex CP: nuttx.bin Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com> Fixed selection of irq file. Added flash.ld script to nucleo-h563zi/scripts folder. Changed Make.defs to use it. Minor change to Kconfig regarding flash configurations. Various changes Fix include guards.

Initial STM32H5 Commit Initial commit of what I deemed essential files for bringing up the STM32H5. src/stm32h5/hardware files were edited by me, but need review. files in src/stm32h5 all need review and edits. include/stm32h5 files need review, some were edited by me. Add Nucleo-H563ZI Folder Add the board folder for the nucleo-h563zi. Right now this is largely a copy of the stm32l562e-dk configuration. Some files may be deleted in the future. Also made minor modifications to arch/arm/src/stm32h5/Kconfig file. hardware/stm32h562xx_rcc.h update Finished register and bit mapping for STM32H5 RCC Rename hardware/stm32h5_rcc.h Renamed stm32h562xx_rcc.h to stm32h5_rcc.h. The RCC register is the same for all versions of the STM32H5. Defined rcc_enableperipherals functions Defined all the functions wihtin rcc_enableperipherals. Getting started on stm32h5_stdclockconfig. Incremental STM32H5 RCC Updates Incremental Updates apache#2 Added stm32h5_lse.c and stm32h5_lsi.c files. Incremental updates to board.h, stm32h5xx_rcc.c, and hardware/stm32h5_rcc.h Incremental Updates apache#3 Added stm32h5_hsi48.c and stm32h5_hsi48.h files. Incremental updates to board.h, stm32h5xx_rcc.c, and hardware/stm32h5_rcc.h. Renamed hardware crs file. Fixed lse.c and lsi.c for STM32H5. Incremental Updates apache#4 Updated setting of VOS for STM32H5. Added HSIDIV definition to hardware/stm32h5_rcc.h for potential of changing HSIDIV from default. Changed board.h to use HSI of 32 MHz, which is the default. We still set SYSCLK to the max of 250MHz. First STM32H5 PWR Commit Rewrote hardware/stm32h5_pwr.h. Added stm32h5_pwr.c and stm32h5_pwr.h. Made minor changes to RCC files based on PWR peripheral. PWR Peripheral Changes Removed enablesmps function. LDO or SMPS is decided by hardware. Removed enablepwrclk. There is no PWREN for the STM32H5. Rewrote adustvcore. vcore must be adjusted incrementally. Incremental Updates apache#5 Changed stm32 to stm32h5 in pwr.c. Added additional logic for selecting PLL sources. Added additional logic for enabling LSE or LSI. Set VCORE properly with stm32h5_pwr.c function. Fixes to adjustvcore function. STM32H5 Power and RCC cleanup Fixed some errors with private functions and incorrect preprocessor variables. Changed adjustvcore to not select intermediate VOS levels. Figure 49 in RM shows changing directly from VOS3 to VOS1. Added function adjustvos_ext for externally supplied VCORE. However I'm not sure if VOS should be incremented, then voltage incremented, then frequency incremented, or if VOS should be incremented one by one to final setting, then adjust voltage, then frequency. adjustvos does the former. Won't be used in stdclockconfig. STM32H5 serial update This commit primarily adds functionality taken from the stm32g4 lpuart implementation. The template I used, from the stm32l5, already had the LPUART in there but did not calculate the baud correctly. Added more USARTS and UARTS supported by STM32H5. Minor changes to chip.h, stm32h5_start.c, and Kconfig. STM32H5 Serial Update apache#2 Added support for additional USARTS and UARTS on STM32H5. Other minor serial updates. Build Fixes Various fixes to get the stm32h5 arch to build. Many changes to follow. But for now, Nuttx builds. Remove unnecessary hardware files from STM32H5 directory More build changes Even more build fixes Minor fixes in stm32h5_rcc.c and stm32h5_pwr.c. Changed nucleo-h563zi defconfig to use std clock config. This resulted in errors that were fixed here. Also added stm32h5_lse.c and stm32h5_lsi.c to Make.defs. Removed legacy pinmap. It is deprecated and should not be used on new designs. Confirmed hardware crs and i2c files are correct. Will keep them for now. IRQ info for STM32H52, STM32H53, STM32H56, STM32H57 Fixed selection of irq file. Added flash.ld script to nucleo-h563zi/scripts folder. Changed Make.defs to use it. Minor change to Kconfig regarding flash configurations. Various changes Changed STM32L5/stm32l5 to STM32H5/stm32h5.

current sizeof(struct sockaddr_in) is 66 arp/arp_table.c:241:28: runtime error: member access within misaligned address 0xe5f134e6 for type 'struct sockaddr_in', which requires 4 byte alignment 0xe5f134e6: note: pointer points here 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ #0 0x543287c1 in arp_get_arpreq arp/arp_table.c:241 #1 0x5432a11f in arp_snapshot arp/arp_table.c:574 #2 0x5435f0be in netlink_fill_arptable netlink/netlink_route.c:547 apache#3 0x5435ffca in netlink_get_neighbor netlink/netlink_route.c:715 apache#4 0x54360116 in netlink_get_neighborlist netlink/netlink_route.c:743 apache#5 0x54363b20 in netlink_route_sendto netlink/netlink_route.c:1382 apache#6 0x542ef1b1 in netlink_sendmsg netlink/netlink_sockif.c:625 apache#7 0x542be94d in psock_sendmsg socket/sendmsg.c:96 apache#8 0x542bc94b in psock_sendto socket/sendto.c:134 apache#9 0x542bcb28 in sendto socket/sendto.c:247 apache#10 0x542bc5ea in send socket/send.c:163 apache#11 0x542aa715 in netlib_get_arptable /home/mi/gaofengzhi/code/dev1025/apps/netutils/netlib/netlib_getarptab.c:152 apache#12 0x54279109 in cmd_arp /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_netcmds.c:1197 apache#13 0x54257faf in nsh_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_command.c:1263 apache#14 0x54231982 in nsh_execute /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:718 apache#15 0x5423da42 in nsh_parse_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2619 apache#16 0x5423e12a in nsh_parse /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2706 apache#17 0x5424088f in nsh_session /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_session.c:245 apache#18 0x5422efc9 in nsh_consolemain /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_consolemain.c:75 apache#19 0x5419e89f in nsh_main /home/mi/gaofengzhi/code/dev1025/apps/system/nsh/nsh_main.c:74 apache#20 0x54067ee1 in nxtask_startup sched/task_startup.c:70 apache#21 0x53f366c6 in nxtask_start task/task_start.c:116 apache#22 0x5409e1a4 in pre_start sim/sim_initialstate.c:52 Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>

current sizeof(struct sockaddr_in) is 66 arp/arp_table.c:241:28: runtime error: member access within misaligned address 0xe5f134e6 for type 'struct sockaddr_in', which requires 4 byte alignment 0xe5f134e6: note: pointer points here 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ #0 0x543287c1 in arp_get_arpreq arp/arp_table.c:241 #1 0x5432a11f in arp_snapshot arp/arp_table.c:574 #2 0x5435f0be in netlink_fill_arptable netlink/netlink_route.c:547 #3 0x5435ffca in netlink_get_neighbor netlink/netlink_route.c:715 #4 0x54360116 in netlink_get_neighborlist netlink/netlink_route.c:743 #5 0x54363b20 in netlink_route_sendto netlink/netlink_route.c:1382 #6 0x542ef1b1 in netlink_sendmsg netlink/netlink_sockif.c:625 #7 0x542be94d in psock_sendmsg socket/sendmsg.c:96 #8 0x542bc94b in psock_sendto socket/sendto.c:134 #9 0x542bcb28 in sendto socket/sendto.c:247 #10 0x542bc5ea in send socket/send.c:163 #11 0x542aa715 in netlib_get_arptable /home/mi/gaofengzhi/code/dev1025/apps/netutils/netlib/netlib_getarptab.c:152 #12 0x54279109 in cmd_arp /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_netcmds.c:1197 #13 0x54257faf in nsh_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_command.c:1263 #14 0x54231982 in nsh_execute /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:718 #15 0x5423da42 in nsh_parse_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2619 #16 0x5423e12a in nsh_parse /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2706 #17 0x5424088f in nsh_session /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_session.c:245 #18 0x5422efc9 in nsh_consolemain /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_consolemain.c:75 #19 0x5419e89f in nsh_main /home/mi/gaofengzhi/code/dev1025/apps/system/nsh/nsh_main.c:74 #20 0x54067ee1 in nxtask_startup sched/task_startup.c:70 #21 0x53f366c6 in nxtask_start task/task_start.c:116 #22 0x5409e1a4 in pre_start sim/sim_initialstate.c:52 Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>

tcp_conn: Check if the remote address is unspecified

bcd85f9

Change-Id: I6f547bb4bfb3bb621573db9097a531ce2260e794 Signed-off-by: chao.an <anchao@xiaomi.com>

xiaoxiang781216 closed this Dec 24, 2019

xiaoxiang781216 deleted the fix_conn_addr_any branch December 24, 2019 16:52

anchao mentioned this pull request Jun 15, 2020

arch/stackframe: fix heap buffer overflow #1234

Merged

acassis mentioned this pull request Aug 27, 2020

SIM: Add support Linux HCI Socket as BLE adaptor #1655

Merged

sebastianene07 mentioned this pull request Oct 31, 2020

sim:nxwm Test failure #2093

Closed

GUIDINGLI mentioned this pull request Nov 4, 2020

arch/sim: add sim audio support #2124

Merged

anchao mentioned this pull request Nov 9, 2020

boards/sim: add atexit(2) into naming list #2259

Merged

anchao mentioned this pull request Dec 14, 2020

fs/unionfs: remove excessive protection to avoid deadlock #2532

Merged

zhuyanlinzyl mentioned this pull request Nov 9, 2021

debug: add tools for task aware debug #4810

Merged

GUIDINGLI mentioned this pull request Mar 28, 2022

rpmsg_socket: fix kasan report error #5889

Merged

tito97sp referenced this pull request in tito97sp/incubator-nuttx May 26, 2022

Merge pull request #5 from tito97sp/prueba_fallo

d585102

deshacer error

yintao707 mentioned this pull request Oct 11, 2024

rpmsg_sockif: add some modifaction for rpsocket #14118

Merged

CV-Bowen mentioned this pull request Oct 15, 2024

vsprintf:fix bug when print int64 0x8000000000000000 #14279

Merged

hiccupzhu mentioned this pull request Oct 16, 2024

sim/alsa: fix runtime warning. #14344

Merged

zhhyu7 mentioned this pull request Oct 29, 2024

arp.h: make struct arpreq four-byte aligned #14535

Merged

hujun260 mentioned this pull request Nov 1, 2024

remove up_cpu_pause up_cpu_resume up_cpu_paused up_cpu_pausereq #13863

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

tcp_conn: Check if the remote address is unspecified #5

tcp_conn: Check if the remote address is unspecified #5

xiaoxiang781216 commented Dec 24, 2019

patacongo commented Dec 24, 2019

patacongo commented Dec 24, 2019

tcp_conn: Check if the remote address is unspecified #5

tcp_conn: Check if the remote address is unspecified #5

Conversation

xiaoxiang781216 commented Dec 24, 2019

patacongo commented Dec 24, 2019

patacongo commented Dec 24, 2019