==1598322==ERROR: AddressSanitizer: heap-use-after-free on address 0xf514f8a8 at pc 0x58ac3898 bp 0xd0b4d488 sp 0xd0b4d478
READ of size 4 at 0xf514f8a8 thread T0
#0 0x58ac3897 in rpmsg_socket_pollnotify rpmsg/rpmsg_sockif.c:211
#1 0x58ac512f in rpmsg_socket_ept_cb rpmsg/rpmsg_sockif.c:312
#2 0x5787881c in rpmsg_virtio_rx_callback open-amp/lib/rpmsg/rpmsg_virtio.c:331
#3 0x57886a67 in virtqueue_notification open-amp/lib/virtio/virtqueue.c:623
#4 0x5786fb89 in rproc_virtio_notified open-amp/lib/remoteproc/remoteproc_virtio.c:340
#5 0x5786bde3 in remoteproc_get_notification open-amp/lib/remoteproc/remoteproc.c:985
#6 0x57755a50 in rptun_worker rptun/rptun.c:303
#7 0x57755e51 in rptun_thread rptun/rptun.c:352
#8 0x57730d4a in nxtask_start task/task_start.c:128
#9 0xdeadbeee (/memfd:pulseaudio (deleted)+0x15dbeee)
Signed-off-by: ligd <liguiding1@xiaomi.com>
reference:
https: //man7.org/linux/man-pages/man2/accept.2.html
1. default set block mode if accept() a new socket
2. local_socket support FIONBIO
Signed-off-by: ligd <liguiding1@xiaomi.com>
As xtensa timer is common in all xtensa chips,
Use oneshot ops, implement a common xtensa oneshot timer.
Signed-off-by: zhuyanlin <zhuyanlin1@xiaomi.com>
## Summary
SPI Poll Send `bl602_spi_poll_send()` doesn't send any SPI Data because it doesn't enable SPI Master and it doesn't clear the SPI FIFO. Also it hangs because it loops forever waiting for the FIFO.
We fix this problem by moving the code that enables SPI Master and clears the FIFO, from SPI Poll Exchange `bl602_spi_poll_exchange()` to SPI Poll Send. (Note that SPI Poll Exchange calls SPI Poll Send)
[More Details Here](https://github.com/lupyuen/st7789-nuttx#fix-spi-send)
## Impact
This problem affects all NuttX Drivers that call `SPI_SEND()` on BL602, including the ST7789 Display Driver.
Previously `SPI_SEND()` didn't send any SPI Data and never returns, because it loops forever waiting to receive data.
Now `SPI_SEND()` sends data and returns correctly.
[More Details Here](https://github.com/lupyuen/st7789-nuttx#fix-spi-send)
## Testing
We tested the modified SPI Poll Send with NuttX ST7789 Driver and a Logic Analyser on PineCone BL602:
- [Testing with Logic Analyser](https://github.com/lupyuen/st7789-nuttx#fix-spi-send)
We also tested LVGL with ST7789 on PineCone BL602:
- [Testing with LVGL](https://github.com/lupyuen/st7789-nuttx#run-lvgl-demo)
As for the modified SPI Poll Exchange, we tested with Semtech SX1262 SPI Transceiver on PineCone BL602:
- [Testing SPI Poll Exchange](https://github.com/lupyuen/incubator-nuttx/releases/tag/release-2022-03-25)
-#9 0xf7abf899 in __asan::__asan_report_load2 (addr=4072681776) at ../../../../../src/libsanitizer/asan/asan_rtl.cc:117
-#10 0x5693f718 in inode_release (node=0xf2c03124) at inode/fs_inoderelease.c:69
-#11 0x568ea61b in file_close (filep=0xf55fedd0) at vfs/fs_close.c:79
-#12 0x568e7e56 in nx_close (fd=3) at inode/fs_files.c:528
-#13 0x568e7f0e in close (fd=3) at inode/fs_files.c:562
-#14 0x56e76c39 in epoll_close (epfd=3) at vfs/fs_epoll.c:252
-#15 0x56c33829 in sensor_service_delete (ctrl=0x578b8540 <control>) at src/common.c:439
-#16 0x56a0561e in sensor_middle_service_main (argc=1, argv=0xf55de820) at sensor_main.c:118
-#17 0x56878675 in nxtask_startup (entrypt=0x56a054cc <sensor_middle_service_main>, argc=1, argv=0xf55de820) at sched/task_startup.c:70
-#18 0x5684427a in nxtask_start () at task/task_start.c:133
-#19 0xdeadbeef in ?? ()
reason:
epoll_close -> close -> epoll_do_close (free inode)
-> inode_release (reuse inode, crash)
fix:
use the global inode to match the fd which will return to user.
like the g_sock_inode in fs/socket/socket.c
Signed-off-by: ligd <liguiding1@xiaomi.com>
tianxin7