sync code form master #1
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Petro Karashchenko <petro.karashchenko@gmail.com>
to simplify the code logic Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
to make the code more general for both x86 and x64. Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Summary: - I noticed that the following error happened when loading the init 'elf_symvalue: SHN_COMMON: Re-compile with -fno-common' - This commit fixes this issue Impact: - sabre-6quad only Testings: - Tested with sabre-6quad:netknsh (not merged yet) Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
…CHCXXFLAGS Summary: - Apply the same style as sabre-6quad Impact: - None Testing: - Build only Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
Summary: - Apply the same style as sabre-6quad Impact: - None - NOTE: esp32c3-devkit still remains old style because of link errors Testing: - Build only Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
Summary: - Apply the same style as sabre-6quad Impact: - None Testing: - Build only Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
Summary: - This commit adds debug messages for addrenv Impact: - None Testing: - Tested with sabre-6quad:netknsh (not merged yet) Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
The packed-attribute on the tcb_info_s type was misplaced, which caused incompatible memory layout between host and target. According to current GCC documentation: > You may specify type attributes in an enum, struct or union type > declaration or definition by placing them immediately after the struct, > union or enum keyword. You can also place them just past the closing > curly brace of the definition, but this is less preferred because > logically the type should be fully defined at the closing brace. I also added jlink-nuttx.so to the .gitignore list and updated nxstyle to ignore the camel case function names required by JLinkGDBServer. Signed-off-by: Michael Jung <mijung@gmx.net>
since it is defined globally in tools/Config.mk now Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
If attaching to a target that is already running JLinkGDBServer calls RTOS_GetNumThreads() without a prior call to RTOS_UpdateThreads(). So do this within RTOS_GetNumThreads() if g_plugin_priv.ntcb has not yet been initialized. Note: If after attaching the debugger to the target, the target is resumed and then stopped again, the RTOS_UpdateThreads is actually called. Thus, we are not running on stale thread data in this case. I also changed PLUGIN_VER to API_VER and its value to 101, as RTOS_GetVersion() does not query the version of the plugin, but the API version implemented by the plugin, which in our case is 1.1. Signed-off-by: Michael Jung <mijung@gmx.net>
They can be used completely independently, so they should'n be coupled. For example, a sensored motor controller in speed control mode doesn't need an angle estimator.
The angle observer always refer to a motor electrical angle, while the speed observer can be applied to a motor electrical speed or a motor mechanical speed.
We can automatically detect the direction of movement from angle diff
Co-authored-by: Petro Karashchenko <petro.karashchenko@gmail.com>
to follow other arch/x86 arch/x86_64 convention Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
State of problem: - Some drivers that do not support write operations (does not have write handler or ioctl do not perform any write actions) are registered with write permissions - Some drivers that do not support read operation (does not have read handler or ioctl do not perform any read actions) are registered with read permissions - Some drivers are registered with execute permissions Solution: - Iterate code where register_driver() is used and change 'mode' parameter to reflect the actual read/write operations executed by a driver - Remove execute permissions from 'mode' parameter Signed-off-by: Petro Karashchenko <petro.karashchenko@gmail.com>
Summary: - I noticed that pthread always crashes when started if CONFIG_BUILD_KERNEL=y - This commit fixes this issue Impact: - None Testing: - Tested with sabre-6quad:netknsh (not merged yet) Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
Signed-off-by: ligd <liguiding1@xiaomi.com>
`vnc_remove_queue` would waiting for new frame update request forever even if the connection is lost, the updater thread wouldn't exit. But the server thread will join updater thread before accept new client connection, then we can't re-conncet to vnc server. Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
…smart gate driver This is intended to use in a board-specific logic and depends highly on a custom application. That's why no common driver logic is provided for now.
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
## Summary A lot of linker scripts were listed twice, once for unix, once for windows. This PR cleans up the logic so they're only listed once. ## Impact Any opportunity to use a single source of truth and reduce lines of code is a win! ## Testing CI will test all build
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
until this patch get merged: apache/mynewt-nimble#1161 Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
This reverts commit 8785673.
Signed-off-by: chao.an <anchao@xiaomi.com>
Signed-off-by: chao.an <anchao@xiaomi.com>
since it is fully suppported now Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
to simplify the code logic Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reason: xtensa svcall only have level-1 interrupt level. Sush do not generate interrupt when up_irq_save. Software int can generate interrupt when up_irq_save. Signed-off-by: zhuyanlin <zhuyanlin1@xiaomi.com>
here is the reason: 1.clock_systime_timespec(core function) always exist regardless the setting 2.CLOCK_MONOTONIC is a foundamental clock type required by many places Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
arch/arm/src/efm32/efm32_start.c:
/* For the case of the separate user-/kernel-space build, perform whatever
* platform specific initialization of the user memory is required.
* Normally this just means initializing the user space .data and .bss
* segments.
*/
#ifdef CONFIG_NUTTX_KERNEL
efm32_userspace();
showprogress('E');
#endif
But there is no CONFIG_NUTTX_KERNEL configuration setting. Comparing this to other architectures it is clear this should be
#ifdef CONFIG_BUILD_PROTECTED
Signed-off-by: chao.an <anchao@xiaomi.com>
Signed-off-by: chao.an <anchao@xiaomi.com>
Signed-off-by: chao.an <anchao@xiaomi.com>
Signed-off-by: chao.an <anchao@xiaomi.com>
freakishness
pushed a commit
that referenced
this pull request
Apr 25, 2022
==1598322==ERROR: AddressSanitizer: heap-use-after-free on address 0xf514f8a8 at pc 0x58ac3898 bp 0xd0b4d488 sp 0xd0b4d478
READ of size 4 at 0xf514f8a8 thread T0
#0 0x58ac3897 in rpmsg_socket_pollnotify rpmsg/rpmsg_sockif.c:211
#1 0x58ac512f in rpmsg_socket_ept_cb rpmsg/rpmsg_sockif.c:312
#2 0x5787881c in rpmsg_virtio_rx_callback open-amp/lib/rpmsg/rpmsg_virtio.c:331
#3 0x57886a67 in virtqueue_notification open-amp/lib/virtio/virtqueue.c:623
#4 0x5786fb89 in rproc_virtio_notified open-amp/lib/remoteproc/remoteproc_virtio.c:340
#5 0x5786bde3 in remoteproc_get_notification open-amp/lib/remoteproc/remoteproc.c:985
#6 0x57755a50 in rptun_worker rptun/rptun.c:303
apache#7 0x57755e51 in rptun_thread rptun/rptun.c:352
apache#8 0x57730d4a in nxtask_start task/task_start.c:128
apache#9 0xdeadbeee (/memfd:pulseaudio (deleted)+0x15dbeee)
Signed-off-by: ligd <liguiding1@xiaomi.com>
freakishness
pushed a commit
that referenced
this pull request
Aug 26, 2022
This reverts commit b88a1fd. [1] Because: * It casues assertion failures like [2]. * I don't understand what it attempted to fix. [1] ``` commit b88a1fd Author: chao.an <anchao@xiaomi.com> Date: Sat Jul 2 13:17:41 2022 +0800 net/tcp: discard connect reference before free connect reference should be set to 0 before free Signed-off-by: chao.an <anchao@xiaomi.com> ``` [2] ``` #0 up_assert (filename=0x5516d0 "tcp/tcp_conn.c", lineno=771) at sim/up_assert.c:75 #1 0x000000000040a4bb in _assert (filename=0x5516d0 "tcp/tcp_conn.c", linenum=771) at assert/lib_assert.c:36 #2 0x000000000042a2ad in tcp_free (conn=0x597fe0 <g_tcp_connections+384>) at tcp/tcp_conn.c:771 #3 0x000000000053bdc2 in tcp_close_disconnect (psock=0x7f58d1abbd80) at tcp/tcp_close.c:331 #4 0x000000000053bc69 in tcp_close (psock=0x7f58d1abbd80) at tcp/tcp_close.c:366 #5 0x000000000052eefe in inet_close (psock=0x7f58d1abbd80) at inet/inet_sockif.c:1689 #6 0x000000000052eb9b in psock_close (psock=0x7f58d1abbd80) at socket/net_close.c:102 apache#7 0x0000000000440495 in sock_file_close (filep=0x7f58d1b35f40) at socket/socket.c:115 apache#8 0x000000000043b8b6 in file_close (filep=0x7f58d1b35f40) at vfs/fs_close.c:74 apache#9 0x000000000043ab22 in nx_close (fd=9) at inode/fs_files.c:544 apache#10 0x000000000043ab7f in close (fd=9) at inode/fs_files.c:578 ```
freakishness
pushed a commit
that referenced
this pull request
Aug 26, 2022
When the free connection list is unenough to alloc a new instance, the TCP stack will reuse the currently closed connection, but if the handle is not released by the user via close(2), the reference count of the connection remains in a non-zero value, it will cause the assertion to fail, so when the handle is not released we should not use such a conn instance when being actively closed, and ensure that the reference count is assigned within the net lock protection |(gdb) bt |#0 up_assert (filename=0x565c78f7 "tcp/tcp_conn.c", lineno=771) at sim/up_assert.c:75 |#1 0x56566177 in _assert (filename=0x565c78f7 "tcp/tcp_conn.c", linenum=771) at assert/lib_assert.c:36 |#2 0x5657d620 in tcp_free (conn=0x565fb3e0 <g_tcp_connections>) at tcp/tcp_conn.c:771 |#3 0x5657d5a1 in tcp_alloc (domain=2 '\002') at tcp/tcp_conn.c:700 |#4 0x565b1f50 in inet_tcp_alloc (psock=0xf3dea150) at inet/inet_sockif.c:144 |#5 0x565b2082 in inet_setup (psock=0xf3dea150, protocol=0) at inet/inet_sockif.c:253 |#6 0x565b1bf0 in psock_socket (domain=2, type=1, protocol=0, psock=0xf3dea150) at socket/socket.c:121 |apache#7 0x56588f5f in socket (domain=2, type=1, protocol=0) at socket/socket.c:278 |apache#8 0x565b11c0 in hello_main (argc=1, argv=0xf3dfab10) at hello_main.c:35 |apache#9 0x56566631 in nxtask_startup (entrypt=0x565b10ef <hello_main>, argc=1, argv=0xf3dfab10) at sched/task_startup.c:70 |apache#10 0x565597fa in nxtask_start () at task/task_start.c:134 Signed-off-by: chao.an <anchao@xiaomi.com>
freakishness
pushed a commit
that referenced
this pull request
Aug 26, 2022
| (gdb) bt | #0 up_assert (filename=0x7fffffffdc6c "\001", lineno=0) at sim/up_assert.c:75 | #1 0x00005555555e636b in _assert (filename=0x555555627225 "kasan/kasan.c", linenum=104) at assert/lib_assert.c:36 | #2 0x00005555555a388e in kasan_report (addr=140737284458088, size=1, is_write=true) at kasan/kasan.c:104 | #3 0x00005555555a40a1 in __asan_storeN_noabort (addr=140737284458088, size=1) at kasan/kasan.c:297 | #4 0x00005555555a4519 in __asan_store1_noabort (addr=140737284458088) at kasan/kasan.c:348 | #5 0x00005555555a26d7 in memset (s=0x7ffff3d8c668, c=0, n=63) at string/lib_memset.c:169 | #6 0x00005555555a46a4 in mm_addregion (heap=0x7ffff3d8c000, heapstart=0x7ffff3d8c648, heapsize=66058656) at mm_heap/mm_initialize.c:131 | apache#7 0x00005555555a4a00 in mm_initialize (name=0x555555627068 "Umem", heapstart=0x7ffff3d8c648, heapsize=67107256) at mm_heap/mm_initialize.c:231 | apache#8 0x00005555555a33b1 in umm_initialize (heap_start=0x7ffff3d8c000, heap_size=67108864) at umm_heap/umm_initialize.c:84 | apache#9 0x000055555558f17c in nx_start () at init/nx_start.c:469 | apache#10 0x0000555555589559 in main (argc=1, argv=0x7fffffffdf58, envp=0x7fffffffdf68) at sim/up_head.c:131 | (gdb) Signed-off-by: chao.an <anchao@xiaomi.com>
freakishness
pushed a commit
that referenced
this pull request
Aug 26, 2022
The free node is still in use after kasan_poison(), the node member access will cause the assert report by kasan. | (gdb) bt | #0 kasan_report (addr=1743265406637584896, size=140737337053680, is_write=46) at kasan/kasan.c:97 | #1 0x0000555555607bdd in __asan_loadN_noabort (addr=140737272831420, size=4) at kasan/kasan.c:289 | #2 0x0000555555607cd7 in __asan_load4_noabort (addr=140737272831420) at kasan/kasan.c:323 | #3 0x00005555556061ef in gmtime_r (timep=0x7ffff3275dbc, result=0x7ffff3275e10) at time/lib_gmtimer.c:301 | #4 0x000055555560e507 in sim_rtc_rdtime (lower=0x55555576b780 <g_sim_rtc>, rtctime=0x7ffff3275e10) at sim/up_rtc.c:77 | #5 0x00005555555fcbdb in up_rtc_gettime (tp=0x7ffff3275ef0) at timers/arch_rtc.c:128 | #6 0x00005555555f08b4 in clock_systime_timespec (ts=0x7ffff3275ef0) at clock/clock_systime_timespec.c:72 | apache#7 0x00005555555ecc77 in note_common (tcb=0x7ffff31d2180, note=0x7ffff3275f80, length=21 '\025', type=18 '\022') at sched/sched_note.c:144 | apache#8 0x00005555555ed706 in sched_note_syscall_enter (nr=1, argc=0) at sched/sched_note.c:765 | apache#9 0x000055555560eb37 in __wrap_getpid () at wraps/WRAP_getpid.c:26 | apache#10 0x0000555555608d1c in mm_takesemaphore (heap=0x7ffff30ae000) at mm_heap/mm_sem.c:127 | apache#11 0x0000555555609477 in mm_free (heap=0x7ffff30ae000, mem=0x7ffff3265b80) at mm_heap/mm_free.c:89 | apache#12 0x00005555556070c5 in free (mem=0x7ffff3265b80) at umm_heap/umm_free.c:49 | apache#13 0x000055555560c3b0 in up_release_stack (dtcb=0x7ffff31e4b00, ttype=0 '\000') at sim/up_releasestack.c:67 | apache#14 0x00005555555f2515 in nxsched_release_tcb (tcb=0x7ffff31e4b00, ttype=0 '\000') at sched/sched_releasetcb.c:134 | apache#15 0x00005555556bdf0c in nxtask_terminate (pid=4, nonblocking=true) at task/task_terminate.c:184 | apache#16 0x00005555556bdb0f in nxtask_exit () at task/task_exit.c:168 | apache#17 0x000055555566e05f in up_exit (status=0) at sim/up_exit.c:64 | apache#18 0x000055555564f454 in _exit (status=0) at task/exit.c:78 | apache#19 0x000055555560ea89 in __wrap__exit (parm1=0) at wraps/WRAP__exit.c:27 | apache#20 0x00005555555eb288 in exit (status=0) at stdlib/lib_exit.c:54 | apache#21 0x00005555555fe2cc in nxtask_startup (entrypt=0x555555670c34 <critmon_start_main>, argc=1, argv=0x7ffff3265bb0) at sched/task_startup.c:70 | apache#22 0x00005555555f02a0 in nxtask_start () at task/task_start.c:134 | apache#23 0x0000000000000000 in ?? () Signed-off-by: chao.an <anchao@xiaomi.com>
freakishness
pushed a commit
that referenced
this pull request
Oct 11, 2022
devif_conn_event() will be called recursively in the psock_send_eventhandler(),
if the tcp event tcp_close_eventhandler() is marked as "next" in first devif_conn_event()
and released from sencond recursive call, the "next" event in the first devif_conn_event()
will become a wild pointer.
479 uint16_t devif_conn_event(FAR struct net_driver_s *dev, uint16_t flags,
480 FAR struct devif_callback_s *list)
481 {
482 FAR struct devif_callback_s *next;
...
488 net_lock();
489 while (list && flags)
490 {
...
496 next = list->nxtconn; <------------------ event tcp_close_eventhandler() on next
...
500 if (list->event != NULL && devif_event_trigger(flags, list->flags))
501 {
...
507 flags = list->event(dev, list->priv, flags); <---------------- perform psock_send_eventhandler(), event tcp_close_eventhandler() will be remove from tcp_lost_connection()
508 }
...
512 list = next; <---------------- event tcp_close_eventhandler() has been released, wild pointer
513 }
514
515 net_unlock();
516 return flags;
517 }
The callstack as below:
Breakpoint 1, tcp_close_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_close.c:83
(gdb) bt
| #0 tcp_close_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_close.c:83
| #1 0x5658bb57 in devif_conn_event (dev=0x56607d80 <g_sim_dev>, flags=65, list=0x56609498 <g_cbprealloc+312>) at devif/devif_callback.c:507
----------------> devif_conn_event() recursively
| #2 0x56589f8c in tcp_callback (dev=0x56607d80 <g_sim_dev>, conn=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_callback.c:169
| #3 0x565c55e4 in tcp_shutdown_monitor (conn=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_monitor.c:211
| #4 0x565c584b in tcp_lost_connection (conn=0x566084a0 <g_tcp_connections>, cb=0x566094b0 <g_cbprealloc+336>, flags=65) at tcp/tcp_monitor.c:391
| #5 0x565c028a in psock_send_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_send_buffered.c:544
----------------> call psock_send_eventhandler() before tcp_close_eventhandler()
| #6 0x5658bb57 in devif_conn_event (dev=0x56607d80 <g_sim_dev>, flags=65, list=0x566094b0 <g_cbprealloc+336>) at devif/devif_callback.c:507
| apache#7 0x56589f8c in tcp_callback (dev=0x56607d80 <g_sim_dev>, conn=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_callback.c:169
| apache#8 0x5658e8cc in tcp_input (dev=0x56607d80 <g_sim_dev>, domain=2 '\002', iplen=20) at tcp/tcp_input.c:1059
| apache#9 0x5658ed77 in tcp_ipv4_input (dev=0x56607d80 <g_sim_dev>) at tcp/tcp_input.c:1355
| apache#10 0x5658c0a2 in ipv4_input (dev=0x56607d80 <g_sim_dev>) at devif/ipv4_input.c:358
| apache#11 0x56577017 in netdriver_recv_work (arg=0x56607d80 <g_sim_dev>) at sim/up_netdriver.c:182
| apache#12 0x5655999e in work_thread (argc=2, argv=0xf3db5dd0) at wqueue/kwork_thread.c:178
| apache#13 0x5655983f in nxtask_start () at task/task_start.c:129
(gdb) c
Continuing.
Breakpoint 1, tcp_close_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_close.c:83
(gdb) bt
| #0 tcp_close_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_close.c:83
----------------------> "next" corrupted, invaild call tcp_close_eventhandler()
| #1 0x5658bb57 in devif_conn_event (dev=0x56607d80 <g_sim_dev>, flags=65, list=0x56609498 <g_cbprealloc+312>) at devif/devif_callback.c:507
| #2 0x56589f8c in tcp_callback (dev=0x56607d80 <g_sim_dev>, conn=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_callback.c:169
| #3 0x5658e8cc in tcp_input (dev=0x56607d80 <g_sim_dev>, domain=2 '\002', iplen=20) at tcp/tcp_input.c:1059
| #4 0x5658ed77 in tcp_ipv4_input (dev=0x56607d80 <g_sim_dev>) at tcp/tcp_input.c:1355
| #5 0x5658c0a2 in ipv4_input (dev=0x56607d80 <g_sim_dev>) at devif/ipv4_input.c:358
| #6 0x56577017 in netdriver_recv_work (arg=0x56607d80 <g_sim_dev>) at sim/up_netdriver.c:182
| apache#7 0x5655999e in work_thread (argc=2, argv=0xf3db5dd0) at wqueue/kwork_thread.c:178
| apache#8 0x5655983f in nxtask_start () at task/task_start.c:129
(gdb) c
Continuing.
[ 2.680000] up_assert: Assertion failed at file:devif/devif_callback.c line: 85 task: lpwork
Signed-off-by: chao.an <anchao@xiaomi.com>
freakishness
pushed a commit
that referenced
this pull request
Oct 11, 2022
==2117790==ERROR: AddressSanitizer: global-buffer-overflow on address 0x64d9e3c0 at pc 0x59ac4e16 bp 0xcefe8058 sp 0xcefe8048
READ of size 1 at 0x64d9e3c0 thread T0
#0 0x59ac4e15 in up_nputs sim/up_nputs.c:54
#1 0x59a67e4c in syslog_default_write syslog/syslog_channel.c:220
#2 0x59a67823 in syslog_default_write syslog/syslog_write.c:101
#3 0x59a67f10 in syslog_write syslog/syslog_write.c:153
#4 0x59a651c3 in syslogstream_flush syslog/syslog_stream.c:60
#5 0x59a6564e in syslogstream_addchar syslog/syslog_stream.c:104
#6 0x59a6576f in syslogstream_putc syslog/syslog_stream.c:140
apache#7 0x5989fc4d in vsprintf_internal stdio/lib_libvsprintf.c:952
apache#8 0x598a1298 in lib_vsprintf stdio/lib_libvsprintf.c:1379
apache#9 0x59a64ea4 in nx_vsyslog syslog/vsyslog.c:223
apache#10 0x598a601a in vsyslog syslog/lib_syslog.c:68
apache#11 0x59b0e3dc in AIOTJS::logPrintf(int, char const*, ...) src/ajs_log.cpp:45
apache#12 0x59b03d56 in jse_dump_obj src/jse/quickjs/jse_quickjs.cpp:569
apache#13 0x59b03ea1 in jse_dump_error1(JSContext*, unsigned long long) src/jse/quickjs/jse_quickjs.cpp:602
apache#14 0x59b03dd9 in jse_dump_error(JSContext*) src/jse/quickjs/jse_quickjs.cpp:591
apache#15 0x59bed615 in ferry::DomComponent::callHook(char const*) src/framework/dom/component.cpp:65
apache#16 0x59bfe0ff in ferry::DomComponent::initialize() src/framework/dom/component.cpp:645
apache#17 0x59bb141d in dom_create_component(JSContext*, unsigned long long, unsigned long long, unsigned long long) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x365c41d)
apache#18 0x59b4c0d3 in AIOTJS::__createComponent(JSContext*, unsigned long long, int, unsigned long long*) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x35f70d3)
apache#19 0x5a56ec17 in js_call_c_function quickjs/quickjs.c:16108
Signed-off-by: wangbowen6 <wangbowen6@xiaomi.com>
freakishness
pushed a commit
that referenced
this pull request
Oct 11, 2022
apps/examples/usrsocktest/usrsocktest_basic_daemon.c:
321 static void basic_daemon_dup2(FAR struct usrsocktest_daemon_conf_s *dconf)
322 {
...
335 ret = dup2(sd2, sd);
352 }
Usrsocktest Task hold the file group lock and send the close request to usrsock deamon :
| #0 net_lockedwait_uninterruptible (sem=0x5555555f8ba2 <g_usrsockdev+34>) at utils/net_lock.c:427
| #1 0x000055555557489c in usrsockdev_do_request (conn=0x5555555f8800 <g_usrsock_connections>, iov=0x7ffff3f36040, iovcnt=1) at usrsock/usrsock_dev.c:1185
| --> send close request to usrsock deamon
|
| #2 0x00005555555d0439 in do_close_request (conn=0x5555555f8800 <g_usrsock_connections>) at usrsock/usrsock_close.c:109
| #3 0x00005555555d04f5 in usrsock_close (conn=0x5555555f8800 <g_usrsock_connections>) at usrsock/usrsock_close.c:157
| #4 0x00005555555cf100 in usrsock_sockif_close (psock=0x7ffff3ea4a60) at usrsock/usrsock_sockif.c:234
| #5 0x00005555555c7b2f in psock_close (psock=0x7ffff3ea4a60) at socket/net_close.c:102
| #6 0x000055555557a518 in sock_file_close (filep=0x7ffff3f253d0) at socket/socket.c:115
| apache#7 0x000055555557678f in file_close (filep=0x7ffff3f253d0) at vfs/fs_close.c:74
| apache#8 0x000055555557694c in file_dup2 (filep1=0x7ffff3f253e8, filep2=0x7ffff3f253d0) at vfs/fs_dup2.c:129
| ---> hold group file list lock ( _files_semtake(list) )
|
| apache#9 0x0000555555575aab in nx_dup2 (fd1=7, fd2=6) at inode/fs_files.c:451
| apache#10 0x0000555555575af3 in dup2 (fd1=7, fd2=6) at inode/fs_files.c:473
| apache#11 0x000055555559d937 in basic_daemon_dup2 (dconf=0x5555555f8d80 <usrsocktest_daemon_config>) at usrsocktest_basic_daemon.c:335
| apache#12 0x000055555559ed80 in usrsocktest_test_basic_daemon_basic_daemon_dup2 () at usrsocktest_basic_daemon.c:612
| apache#13 0x000055555559f18d in usrsocktest_group_basic_daemon_run () at usrsocktest_basic_daemon.c:666
| apache#14 0x0000555555599f8d in run_tests (name=0x5555555dc8c3 "basic_daemon", test_fn=0x55555559ef50 <usrsocktest_group_basic_daemon_run>) at usrsocktest_main.c:117
| apache#15 0x000055555559a06c in run_all_tests () at usrsocktest_main.c:154
| apache#16 0x000055555559a3d1 in usrsocktest_main (argc=1, argv=0x7ffff3f25450) at usrsocktest_main.c:248
| apache#17 0x000055555555cad8 in nxtask_startup (entrypt=0x55555559a357 <usrsocktest_main>, argc=1, argv=0x7ffff3f25450) at sched/task_startup.c:70
| apache#18 0x0000555555559938 in nxtask_start () at task/task_start.c:134
Usrsock Deamon weakup and setup the poll want to perform close request, but locked on fs_getfilep():
| #0 _files_semtake (list=0x7ffff3f250b8) at inode/fs_files.c:51
| --> Request group lock but which hold by close request, deadlock
| #1 0x00005555555758b1 in fs_getfilep (fd=5, filep=0x7ffff3f47190) at inode/fs_files.c:375
| #2 0x00005555555d3064 in poll_fdsetup (fd=5, fds=0x7ffff3f47290, setup=true) at vfs/fs_poll.c:79
| #3 0x00005555555d3243 in poll_setup (fds=0x7ffff3f47290, nfds=2, sem=0x7ffff3f47206) at vfs/fs_poll.c:139
| #4 0x00005555555d39a6 in nx_poll (fds=0x7ffff3f47290, nfds=2, timeout=-1) at vfs/fs_poll.c:383
| #5 0x00005555555d3abd in poll (fds=0x7ffff3f47290, nfds=2, timeout=-1) at vfs/fs_poll.c:501
| --> daemon weak up
| #6 0x00005555555c62c7 in usrsocktest_daemon (param=0x5555555f5360 <g_ub_daemon>) at usrsocktest_daemon.c:1846
| apache#7 0x000055555559161e in pthread_startup (entry=0x5555555c60d3 <usrsocktest_daemon>, arg=0x5555555f5360 <g_ub_daemon>) at pthread/pthread_create.c:59
| apache#8 0x00005555555d45f0 in pthread_start () at pthread/pthread_create.c:175
| apache#9 0x0000000000000000 in ?? ()
Signed-off-by: chao an <anchao@xiaomi.com>
freakishness
pushed a commit
that referenced
this pull request
Oct 11, 2022
I noticed that the conn instance will leak during stress test, The close work queued from tcp_close_eventhandler() will be canceled by tcp_timer() immediately: Breakpoint 1, tcp_close_eventhandler (dev=0x565cd338 <up_irq_restore+108>, pvpriv=0x5655e6ff <getpid+12>, flags=0) at tcp/tcp_close.c:71 (gdb) bt | #0 tcp_close_eventhandler (dev=0x565cd338 <up_irq_restore+108>, pvpriv=0x5655e6ff <getpid+12>, flags=0) at tcp/tcp_close.c:71 | #1 0x5658bf1e in devif_conn_event (dev=0x5660bd80 <g_sim_dev>, flags=512, list=0x5660d558 <g_cbprealloc+312>) at devif/devif_callback.c:508 | #2 0x5658a219 in tcp_callback (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>, flags=512) at tcp/tcp_callback.c:167 | #3 0x56589253 in tcp_timer (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_timer.c:378 | #4 0x5658dd47 in tcp_poll (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_devpoll.c:95 | #5 0x5658b95f in devif_poll_tcp_connections (dev=0x5660bd80 <g_sim_dev>, callback=0x565770f2 <netdriver_txpoll>) at devif/devif_poll.c:601 | #6 0x5658b9ea in devif_poll (dev=0x5660bd80 <g_sim_dev>, callback=0x565770f2 <netdriver_txpoll>) at devif/devif_poll.c:722 | apache#7 0x56577230 in netdriver_txavail_work (arg=0x5660bd80 <g_sim_dev>) at sim/up_netdriver.c:308 | apache#8 0x5655999e in work_thread (argc=2, argv=0xf3db5dd0) at wqueue/kwork_thread.c:178 | apache#9 0x5655983f in nxtask_start () at task/task_start.c:129 (gdb) c Continuing. Breakpoint 2, tcp_update_timer (conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_timer.c:178 (gdb) bt | #0 tcp_update_timer (conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_timer.c:178 | #1 0x5658952a in tcp_timer (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_timer.c:708 | #2 0x5658dd47 in tcp_poll (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_devpoll.c:95 | #3 0x5658b95f in devif_poll_tcp_connections (dev=0x5660bd80 <g_sim_dev>, callback=0x565770f2 <netdriver_txpoll>) at devif/devif_poll.c:601 | #4 0x5658b9ea in devif_poll (dev=0x5660bd80 <g_sim_dev>, callback=0x565770f2 <netdriver_txpoll>) at devif/devif_poll.c:722 | #5 0x56577230 in netdriver_txavail_work (arg=0x5660bd80 <g_sim_dev>) at sim/up_netdriver.c:308 | #6 0x5655999e in work_thread (argc=2, argv=0xf3db5dd0) at wqueue/kwork_thread.c:178 | apache#7 0x5655983f in nxtask_start () at task/task_start.c:129 Since a separate work will add 24 bytes to each conn instance, but in order to support the feature of asynchronous close(), I can not find a better way than adding a separate work, for resource constraints, I recommend the developers to enable CONFIG_NET_ALLOC_CONNS, which will reduce the ram usage. Signed-off-by: chao an <anchao@xiaomi.com>
freakishness
pushed a commit
that referenced
this pull request
Sep 26, 2023
==1729315==ERROR: AddressSanitizer: heap-use-after-free on address 0xf0501d60 at pc 0x032ffe43 bp 0xef4ed158 sp 0xef4ed148
READ of size 2 at 0xf0501d60 thread T0
#0 0x32ffe42 in nxsem_wait semaphore/sem_wait.c:94
#1 0x3548cf5 in _net_timedwait utils/net_lock.c:97
#2 0x3548f48 in net_sem_timedwait utils/net_lock.c:236
#3 0x3548f8c in net_sem_wait utils/net_lock.c:318
#4 0x350124d in local_accept local/local_accept.c:246
#5 0x3492719 in psock_accept socket/accept.c:149
#6 0x3492bcc in accept4 socket/accept.c:280
apache#7 0x662dc04 in accept net/lib_accept.c:50
apache#8 0x55c81ab in kvdb_loop kvdb/server.c:415
apache#9 0x55c860a in kvdbd_main kvdb/server.c:458
apache#10 0x33d968b in nxtask_startup sched/task_startup.c:70
apache#11 0x32ec039 in nxtask_start task/task_start.c:134
apache#12 0x34109be in pre_start sim/sim_initialstate.c:52
0xf0501d60 is located 288 bytes inside of 420-byte region [0xf0501c40,0xf0501de4)
freed by thread T0 here:
#0 0xf7aa6a3f in __interceptor_free ../../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
#1 0x73aa06e in host_free sim/posix/sim_hostmemory.c:192
#2 0x34131d6 in mm_free sim/sim_heap.c:230
#3 0x3409388 in free umm_heap/umm_free.c:49
#4 0x35631f3 in local_free local/local_conn.c:225
#5 0x3563f75 in local_release local/local_release.c:129
#6 0x34f5a32 in local_close local/local_sockif.c:785
apache#7 0x3496ee8 in psock_close socket/net_close.c:102
apache#8 0x36500bc in sock_file_close socket/socket.c:115
apache#9 0x3635f6c in file_close vfs/fs_close.c:74
apache#10 0x3632439 in nx_close_from_tcb inode/fs_files.c:670
apache#11 0x36324f3 in nx_close inode/fs_files.c:697
apache#12 0x3632557 in close inode/fs_files.c:735
apache#13 0x55be289 in property_set_ kvdb/client.c:210
apache#14 0x55c0309 in property_set_int32_ kvdb/common.c:226
apache#15 0x55c03f5 in property_set_int32_oneway kvdb/common.c:236
Signed-off-by: ligd <liguiding1@xiaomi.com>
freakishness
pushed a commit
that referenced
this pull request
Feb 7, 2024
Race condition if the remote proc is stoped during initialization phase | #0 0x0249f959 in rpmsg_destroy_ept (ept=0xffffffc0) at open-amp/lib/rpmsg/rpmsg.c:376 | #1 0x024a938c in rpmsg_deinit_vdev (rvdev=0xf2303a48) at open-amp/lib/rpmsg/rpmsg_virtio.c:971 | #2 0x02117e33 in rptun_dev_stop (rproc=0xf2303a04, stop_ns=true) at rptun/rptun.c:891 | #3 0x021181d8 in rptun_do_ioctl (priv=0xf2303a00, cmd=11010, arg=0) at rptun/rptun.c:922 | #4 0x02119722 in rptun_ioctl_foreach (cpuname=0x0, cmd=11010, value=0) at rptun/rptun.c:1086 | #5 0x0211b9df in rptun_poweroff (cpuname=0x0) at rptun/rptun.c:1378 | #6 0x02053aa6 in board_power_off (status=0) at sim/sim_head.c:206 | apache#7 0x0253d65c in boardctl (cmd=65283, arg=0) at boardctl.c:400 | apache#8 0x021eb497 in cmd_poweroff (vtbl=0xef606280, argc=1, argv=0xef9b73e0) at nsh_syscmds.c:356 | apache#9 0x021cdb4d in nsh_command (vtbl=0xef606280, argc=1, argv=0xef9b73e0) at nsh_command.c:1164 | apache#10 0x021baa72 in nsh_execute (vtbl=0xef606280, argc=1, argv=0xef9b73e0, redirfile=0x0, oflags=0) at nsh_parse.c:845 | apache#11 0x021c6b0a in nsh_parse_command (vtbl=0xef606280, cmdline=0xef606708 "poweroff") at nsh_parse.c:2744 | apache#12 0x021c7166 in nsh_parse (vtbl=0xef606280, cmdline=0xef606708 "poweroff") at nsh_parse.c:2828 | apache#13 0x0221fa2f in nsh_session (pstate=0xef606280, login=1, argc=1, argv=0xef7a7860) at nsh_session.c:245 | apache#14 0x021f8c04 in nsh_consolemain (argc=1, argv=0xef7a7860) at nsh_consolemain.c:75 | apache#15 0x021b77eb in nsh_main (argc=1, argv=0xef7a7860) at nsh_main.c:74 | apache#16 0x02166ddf in nxtask_startup (entrypt=0x21b76ca <nsh_main>, argc=1, argv=0xef7a7860) at sched/task_startup.c:70 | apache#17 0x020b363c in nxtask_start () at task/task_start.c:134 Signed-off-by: chao an <anchao@xiaomi.com>
freakishness
pushed a commit
that referenced
this pull request
Feb 7, 2024
| #0 0x2119bf1 in rpmsg_get_cpuname rptun/rptun.c:1157 | #1 0x24f97bd in uart_rpmsg_device_destroy serial/uart_rpmsg.c:342 | #2 0x2117d56 in rptun_dev_stop rptun/rptun.c:883 | #3 0x21181d7 in rptun_do_ioctl rptun/rptun.c:922 | #4 0x2119721 in rptun_ioctl_foreach rptun/rptun.c:1086 Signed-off-by: chao an <anchao@xiaomi.com>
freakishness
pushed a commit
that referenced
this pull request
Feb 18, 2024
Race condition if the remote proc is stoped during initialization phase | #0 0x0249f959 in rpmsg_destroy_ept (ept=0xffffffc0) at open-amp/lib/rpmsg/rpmsg.c:376 | #1 0x024a938c in rpmsg_deinit_vdev (rvdev=0xf2303a48) at open-amp/lib/rpmsg/rpmsg_virtio.c:971 | #2 0x02117e33 in rptun_dev_stop (rproc=0xf2303a04, stop_ns=true) at rptun/rptun.c:891 | #3 0x021181d8 in rptun_do_ioctl (priv=0xf2303a00, cmd=11010, arg=0) at rptun/rptun.c:922 | #4 0x02119722 in rptun_ioctl_foreach (cpuname=0x0, cmd=11010, value=0) at rptun/rptun.c:1086 | #5 0x0211b9df in rptun_poweroff (cpuname=0x0) at rptun/rptun.c:1378 | #6 0x02053aa6 in board_power_off (status=0) at sim/sim_head.c:206 | apache#7 0x0253d65c in boardctl (cmd=65283, arg=0) at boardctl.c:400 | apache#8 0x021eb497 in cmd_poweroff (vtbl=0xef606280, argc=1, argv=0xef9b73e0) at nsh_syscmds.c:356 | apache#9 0x021cdb4d in nsh_command (vtbl=0xef606280, argc=1, argv=0xef9b73e0) at nsh_command.c:1164 | apache#10 0x021baa72 in nsh_execute (vtbl=0xef606280, argc=1, argv=0xef9b73e0, redirfile=0x0, oflags=0) at nsh_parse.c:845 | apache#11 0x021c6b0a in nsh_parse_command (vtbl=0xef606280, cmdline=0xef606708 "poweroff") at nsh_parse.c:2744 | apache#12 0x021c7166 in nsh_parse (vtbl=0xef606280, cmdline=0xef606708 "poweroff") at nsh_parse.c:2828 | apache#13 0x0221fa2f in nsh_session (pstate=0xef606280, login=1, argc=1, argv=0xef7a7860) at nsh_session.c:245 | apache#14 0x021f8c04 in nsh_consolemain (argc=1, argv=0xef7a7860) at nsh_consolemain.c:75 | apache#15 0x021b77eb in nsh_main (argc=1, argv=0xef7a7860) at nsh_main.c:74 | apache#16 0x02166ddf in nxtask_startup (entrypt=0x21b76ca <nsh_main>, argc=1, argv=0xef7a7860) at sched/task_startup.c:70 | apache#17 0x020b363c in nxtask_start () at task/task_start.c:134 Signed-off-by: chao an <anchao@xiaomi.com>
freakishness
pushed a commit
that referenced
this pull request
Feb 18, 2024
| #0 0x2119bf1 in rpmsg_get_cpuname rptun/rptun.c:1157 | #1 0x24f97bd in uart_rpmsg_device_destroy serial/uart_rpmsg.c:342 | #2 0x2117d56 in rptun_dev_stop rptun/rptun.c:883 | #3 0x21181d7 in rptun_do_ioctl rptun/rptun.c:922 | #4 0x2119721 in rptun_ioctl_foreach rptun/rptun.c:1086 Signed-off-by: chao an <anchao@xiaomi.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Impact
Testing