wangjianyu3 223088d847 misc/rpmsgdev: The private data should be freed only when endpoint is released ... A use-after-free problem occurs when there are multiple remotes in the list `g_rpmsg` and the matching remote is not the last item in the list. Log # Export the device "/dev/LOCAL_DEV" to remote "REMOTE_CPU" ap> testdev -d 2 -c "REMOTE_CPU" -l "/dev/LOCAL_DEV" [ap] kasan_report: kasan detected a read access error, address at 0x3c3d4740,size is 4, return address: 0x2c33620f [ap] kasan_show_memory: Shadow bytes around the buggy address: [ap] kasan_show_memory: 0x3c3d46f0: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc [ap] kasan_show_memory: 0x3c3d4700: aa aa aa aa cc cc cc cc cc cc cc cc cc cc cc cc [ap] kasan_show_memory: 0x3c3d4710: 40 47 3d 3c ed 61 33 2c 00 00 00 00 00 00 00 00 [ap] kasan_show_memory: 0x3c3d4720: 00 00 00 00 00 00 00 00 00 00 00 00 cc cc cc cc [ap] kasan_show_memory: 0x3c3d4730: 55 55 55 55 38 00 00 00 02 2c 00 00 cc cc cc cc [ap] kasan_show_memory: 0x3c3d4740:[00 00 00 00]66 e0 42 3c cc cc cc cc cc cc cc cc [ap] kasan_show_memory: 0x3c3d4750: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc [ap] kasan_show_memory: 0x3c3d4760: aa aa aa aa 38 00 00 00 01 2c 00 00 cc cc cc cc [ap] kasan_show_memory: 0x3c3d4770: 50 57 44 3d 2f 00 cc cc cc cc cc cc cc cc cc cc [ap] kasan_show_memory: 0x3c3d4780: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc [ap] dump_assert_info: Current Version: NuttX ****** ***** *** 12.3.0 **********-***** *** ** 2024 **:**:** arm [ap] dump_assert_info: Assertion failed panic: at file: kasan/hook.c:187 task: testdev process: testdev 0x2ca20495 $ addr2line -fe nuttx/nuttx 0x2c33620f rpmsgdev_server_created /workspace/nuttx/drivers/misc/rpmsgdev_server.c:529 # Line 529 => strcmp() Signed-off-by: wangjianyu3 <wangjianyu3@xiaomi.com>		2024-10-13 14:42:30 +08:00
..
addrenv.c
CMakeLists.txt	cmake: add include path for special source	2023-11-07 17:39:03 +01:00
dev_ascii.c	drivers: add ascii drvier, returns a printable string of 0x21-0x7f	2023-07-12 11:13:37 -06:00
dev_mem.c	Simplify BOARD_MEMORY_RANGE initialization logic	2024-10-09 15:41:48 +08:00
dev_null.c	poll: pollsetup should notify only one fd passd by caller	2023-11-21 09:07:17 +01:00
dev_zero.c	poll: pollsetup should notify only one fd passd by caller	2023-11-21 09:07:17 +01:00
goldfish_pipe.c	misc/goldfish: Compatible with x86_64 goldfish pipe	2024-09-15 19:28:55 +08:00
Kconfig	drivers/misc: support nuttx goldfish_pipe	2024-09-15 19:28:55 +08:00
lwl_console.c	Remove the unnecessary NULL fields in global instance definition of file_operations	2023-01-04 00:32:13 +02:00
Make.defs	drivers/misc: support nuttx goldfish_pipe	2024-09-15 19:28:55 +08:00
mkrd.c	mm/alloc: remove all unnecessary cast for alloc	2023-08-30 14:34:20 +08:00
optee.c	drivers/optee: Return error if optee_recv return prematurely	2024-10-13 02:48:29 +08:00
optee_msg.h	Remove @ and % tag from all comments	2023-12-11 17:00:10 -03:00
ramdisk.c	drivers/ramdisk: add missing 'FAR'	2023-09-16 14:17:47 +08:00
rpmsgblk.c	rpmsg: upgrade API passing on parameters with the upgrade of OpenAMP	2024-10-09 23:32:58 +08:00
rpmsgblk.h	rpmsgblk: use a fixed length struct to transfer between two cpus	2023-11-22 08:08:12 -08:00
rpmsgblk_server.c	nuttx/drivers: add ept_release_cb for destroy server resource	2024-10-10 08:44:29 +08:00
rpmsgdev.c	misc/rpmsgdev: fix block mode read/write bug in rpmsgdev	2024-10-09 19:53:28 +08:00
rpmsgdev.h	rpmsgdev: devpath may exceed RPMSG_NAME_SIZE	2024-09-28 19:09:54 +08:00
rpmsgdev_server.c	misc/rpmsgdev: The private data should be freed only when endpoint is released	2024-10-13 14:42:30 +08:00
rwbuffer.c	drivers/rwbuffer: Set nblocks 0 after using wrflush(skip rwbuffer)	2024-09-10 15:22:03 +08:00