You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by GitBox <gi...@apache.org> on 2022/01/25 08:07:02 UTC
[GitHub] [incubator-nuttx] yamt commented on a change in pull request #5252: net/tcp/tcp_send*: reliably obtain the TCP connection pointer in TCP event handlers
yamt commented on a change in pull request #5252:
URL: https://github.com/apache/incubator-nuttx/pull/5252#discussion_r791448848
##########
File path: net/tcp/tcp_send_buffered.c
##########
@@ -355,10 +355,39 @@ static uint16_t psock_send_eventhandler(FAR struct net_driver_s *dev,
FAR void *pvconn, FAR void *pvpriv,
uint16_t flags)
{
- FAR struct tcp_conn_s *conn = (FAR struct tcp_conn_s *)pvconn;
+ /* FAR struct tcp_conn_s *conn = (FAR struct tcp_conn_s *)pvconn;
+ *
+ * Do not use pvconn argument to get the TCP connection pointer (the above
+ * commented line) because pvconn is normally NULL for some events like
+ * NETDEV_DOWN. Instead, the TCP connection pointer can be reliably
+ * obtained from the corresponding TCP socket.
+ */
+
FAR struct socket *psock = (FAR struct socket *)pvpriv;
+ FAR struct tcp_conn_s *conn;
bool rexmit = false;
+ DEBUGASSERT(psock != NULL);
+
+ /* Get the TCP connection pointer reliably from
+ * the corresponding TCP socket.
+ */
+
+ conn = psock->s_conn;
+ DEBUGASSERT(conn != NULL);
+
+ /* The TCP socket is connected and, hence, should be bound to a device.
+ * Make sure that the polling device is the one that we are bound to.
+ */
+
+ DEBUGASSERT(conn->dev != NULL);
Review comment:
this crashed in our private ci.
```
Program received signal SIGSEGV, Segmentation fault.
0x000000000053ff81 in psock_send_eventhandler (dev=0x59ebe0 <g_sim_dev>, pvconn=
0x59ef00 <g_tcp_connections>, pvpriv=0x7f93505f0c70, flags=16) at tcp/tcp_send_b
uffered.c:383
rax 0x10 16
rbx 0x0 0
rcx 0x10 16
rdx 0x7f93505f0c70 140270685326448
rsi 0x59ef00 5893888
rdi 0x59ebe0 5893088
rbp 0x0 0x0
rsp 0x7f93505c8560 0x7f93505c8560
r8 0x10 16
r9 0x27d729d3b3fa6400 2870809276706350080
r10 0x8 8
r11 0x246 582
r12 0x0 0
r13 0x0 0
r14 0x0 0
r15 0x0 0
rip 0x53ff81 0x53ff81 <psock_send_eventhandler+193>
eflags 0x10202 [ IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
k0 0x0 0
k1 0x0 0
k2 0x0 0
k3 0x0 0
k4 0x0 0
k5 0x0 0
k6 0x0 0
k7 0x0 0
#0 0x000000000053ff81 in psock_send_eventhandler (dev=0x59ebe0 <g_sim_dev>, pvconn=0x59ef00 <g_tcp_connections>, pvpriv=0x7f93505f0c70, flags=16) at tcp/tcp_send_buffered.c:383
#1 0x000000000043294f in devif_conn_event (dev=0x59ebe0 <g_sim_dev>, pvconn=0x59ef00 <g_tcp_connections>, flags=16, list=0x59ff00 <g_cbprealloc+672>) at devif/devif_callback.c:510
#2 0x000000000043b9f1 in tcp_callback (dev=0x59ebe0 <g_sim_dev>, conn=0x59ef00 <g_tcp_connections>, flags=16) at tcp/tcp_callback.c:169
#3 0x0000000000438c3f in tcp_timer (dev=0x59ebe0 <g_sim_dev>, conn=0x59ef00 <g_tcp_connections>, hsec=0) at tcp/tcp_timer.c:518
#4 0x0000000000432224 in devif_poll_tcp_timer (dev=0x59ebe0 <g_sim_dev>, callback=0x4156b0 <netdriver_txpoll>, hsec=0) at devif/devif_poll.c:652
#5 0x0000000000432136 in devif_timer (dev=0x59ebe0 <g_sim_dev>, delay=0, callback=0x4156b0 <netdriver_txpoll>) at devif/devif_poll.c:862
#6 0x00000000004157ae in netdriver_txavail_work (arg=0x59ebe0 <g_sim_dev>) at sim/up_netdriver.c:313
#7 0x0000000000404344 in work_thread (argc=2, argv=0x7f93505b7820) at wqueue/kwork_thread.c:174
#8 0x0000000000404054 in nxtask_start () at task/task_start.c:125
#9 0xaaaaaaaaaaaaaaaa in ?? ()
#10 0xaaaaaaaaaaaaaaaa in ?? ()
#11 0x8001104000000140 in ?? ()
#12 0x00007f93505dbaf0 in ?? ()
#13 0x0000000000000000 in ?? ()
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org