OrgApache/incubator-nuttx
OrgApache
/
incubator-nuttx
mirror of https://github.com/apache/incubator-nuttx.git
1
0
Fork 0
Code Issues Releases Wiki Activity
incubator-nuttx/drivers
History
wangjianyu3 223088d847 misc/rpmsgdev: The private data should be freed only when endpoint is released 
A use-after-free problem occurs when there are multiple remotes in the list `g_rpmsg` and the matching remote is not the last item in the list.

Log
  # Export the device "/dev/LOCAL_DEV" to remote "REMOTE_CPU"
  ap> testdev -d 2 -c "REMOTE_CPU" -l "/dev/LOCAL_DEV"
  [ap] kasan_report: kasan detected a read access error, address at 0x3c3d4740,size is 4, return address: 0x2c33620f
  [ap] kasan_show_memory: Shadow bytes around the buggy address:
  [ap] kasan_show_memory:   0x3c3d46f0: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
  [ap] kasan_show_memory:   0x3c3d4700: aa aa aa aa cc cc cc cc cc cc cc cc cc cc cc cc
  [ap] kasan_show_memory:   0x3c3d4710: 40 47 3d 3c ed 61 33 2c 00 00 00 00 00 00 00 00
  [ap] kasan_show_memory:   0x3c3d4720: 00 00 00 00 00 00 00 00 00 00 00 00 cc cc cc cc
  [ap] kasan_show_memory:   0x3c3d4730: 55 55 55 55 38 00 00 00 02 2c 00 00 cc cc cc cc
  [ap] kasan_show_memory:   0x3c3d4740:[00 00 00 00]66 e0 42 3c cc cc cc cc cc cc cc cc
  [ap] kasan_show_memory:   0x3c3d4750: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
  [ap] kasan_show_memory:   0x3c3d4760: aa aa aa aa 38 00 00 00 01 2c 00 00 cc cc cc cc
  [ap] kasan_show_memory:   0x3c3d4770: 50 57 44 3d 2f 00 cc cc cc cc cc cc cc cc cc cc
  [ap] kasan_show_memory:   0x3c3d4780: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
  [ap] dump_assert_info: Current Version: NuttX ****** ***** *** 12.3.0 **********-***** *** ** 2024 **:**:** arm
  [ap] dump_assert_info: Assertion failed panic: at file: kasan/hook.c:187 task: testdev process: testdev 0x2ca20495

  $ addr2line -fe nuttx/nuttx 0x2c33620f
  rpmsgdev_server_created
  /workspace/nuttx/drivers/misc/rpmsgdev_server.c:529
  # Line 529 => strcmp()

Signed-off-by: wangjianyu3 <wangjianyu3@xiaomi.com>
 		2024-10-13 14:42:30 +08:00
..
1wire
analog Check if the lower half is initialized for af_channel and af_data 2024-09-30 15:46:58 +08:00
audio audio: update audio null driver 2024-10-07 13:33:34 +08:00
bch drivers/bch: ioctl() - BIOC_FLUSH: Add calling ioctl() of block driver 2024-09-27 00:12:43 +08:00
can char driver CAN: add tx_confirm function in upperCAN driver. 2024-10-02 21:22:07 +08:00
clk nuttx/drivers: add ept_release_cb for destroy server resource 2024-10-10 08:44:29 +08:00
contactless
coresight drivers/coresight:Add TRFCR_EL1 initialization 2024-10-09 08:37:48 +08:00
crypto
devicetree pci: fix compile failed, fdt_get_reg_base() need 3 args 2024-10-09 02:18:49 +08:00
dma
dummy
eeprom
efuse
i2c driver: Post sempahore only when it's value is smaller than one 2024-10-13 02:12:01 +08:00
i2s
i3c drivers/i3c: avoid return error when i3c_master_register without i3c/i2c device 2024-09-24 23:36:50 +08:00
input drivers/input: fix complie err about undefined 2024-10-13 02:03:40 +08:00
ioexpander nuttx/drivers: add ept_release_cb for destroy server resource 2024-10-10 08:44:29 +08:00
ipcc driver: Post sempahore only when it's value is smaller than one 2024-10-13 02:12:01 +08:00
lcd lcd/st7735: add option to invert display color 2024-10-02 20:52:55 +08:00
leds
loop
math
misc misc/rpmsgdev: The private data should be freed only when endpoint is released 2024-10-13 14:42:30 +08:00
mmcsd mmcsd: refine emmc capacity calculate 2024-10-09 22:24:18 +08:00
modem drivers/modem/alt1250: Fix issue where the program would get stuck 2024-09-24 20:00:21 +08:00
motor
mtd mtd/nvs: Trigger recovery process in nvs_startup 2024-10-13 03:10:19 +08:00
net e1000: add polling mode support for tx/rx 2024-10-08 13:15:31 +02:00
note drivers/note:add the poll function for noteram 2024-10-13 14:05:50 +08:00
pci drivers/pci: fix pci framework warning in 32bit chip 2024-10-13 02:28:32 +08:00
pinctrl driver/pinctl: add pinctrl framework 2024-09-17 02:25:47 +08:00
pipes circbuf: Move from mm/circbuf to libs/libc/misc 2024-10-09 08:41:49 +08:00
power nuttx/drivers: add ept_release_cb for destroy server resource 2024-10-10 08:44:29 +08:00
rc circbuf: Move from mm/circbuf to libs/libc/misc 2024-10-09 08:41:49 +08:00
regmap
reset nuttx/drivers: add ept_release_cb for destroy server resource 2024-10-10 08:44:29 +08:00
rf
rmt circbuf: Move from mm/circbuf to libs/libc/misc 2024-10-09 08:41:49 +08:00
rpmsg include/nuttx.h: replace all the align macros to nuttx version 2024-10-11 16:55:43 +08:00
rptun drivers/rptun: minor fix about rptun 2024-10-12 12:12:00 +08:00
segger note:support filter for each note channel 2024-10-13 14:05:50 +08:00
sensors nuttx/drivers: add ept_release_cb for destroy server resource 2024-10-10 08:44:29 +08:00
serial serial: use nxsig_tgkill instead of nxsig_kill 2024-10-12 09:30:37 +08:00
spi
syslog syslog: support syslog redirection to sched_note 2024-10-11 01:30:11 +08:00
thermal cmake:add driver thermal CMake scripts 2024-10-13 02:25:06 +08:00
timers drivers/timer: fix goldfish timer did not included in cmake 2024-10-12 09:31:15 +08:00
usbdev usb: If usb3.0, set the ep0 sssize to cfgdescsize 2024-10-09 14:19:16 +08:00
usbhost
usbmisc
usbmonitor
usrsock nuttx/drivers: add ept_release_cb for destroy server resource 2024-10-10 08:44:29 +08:00
vhost virtio devices: update virtqueue operate buffer add lock API 2024-10-06 08:37:53 +08:00
video circbuf: Move from mm/circbuf to libs/libc/misc 2024-10-09 08:41:49 +08:00
virtio virtio-mmio/pci: add alloc_buf/free_buf for mmio and pci transport layer 2024-10-09 23:32:58 +08:00
wireless nuttx/drivers: add ept_release_cb for destroy server resource 2024-10-10 08:44:29 +08:00
.gitignore
CMakeLists.txt
Kconfig drivers/vhost: add vhost framework for NuttX 2024-10-03 17:37:40 +08:00
Makefile drivers/vhost: add vhost framework for NuttX 2024-10-03 17:37:40 +08:00
drivers_initialize.c drivers/vhost: add vhost framework for NuttX 2024-10-03 17:37:40 +08:00