Mirrors_Framework/nuttx
1
0
Fork 0
mirror of https://github.com/apache/nuttx.git synced 2026-05-25 01:39:44 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

drivers/rpmsg: fix double free at rpmsg_router_hub_unbind

Browse Source 
/home/yintao/o61-2800/nuttx/libs/libc/assert/lib_assert.c:36
mempool_release
/home/yintao/o61-2800/nuttx/mm/mempool/mempool.c:431 (discriminator 1)
mempool_multiple_free
/home/yintao/o61-2800/nuttx/mm/mempool/mempool_multiple.c:637
mm_free
/home/yintao/o61-2800/nuttx/mm/mm_heap/mm_free.c:248
free
/home/yintao/o61-2800/nuttx/mm/umm_heap/umm_free.c:49
rpmsg_router_hub_unbind
/home/yintao/o61-2800/nuttx/drivers/rpmsg/rpmsg_router_hub.c:127
rpmsg_virtio_ns_callback
/home/yintao/o61-2800/nuttx/openamp/open-amp/lib/rpmsg/rpmsg_virtio.c:684
rpmsg_virtio_rx_callback
/home/yintao/o61-2800/nuttx/openamp/open-amp/lib/rpmsg/rpmsg_virtio.c:599
virtqueue_notification
/home/yintao/o61-2800/nuttx/openamp/open-amp/lib/virtio/virtqueue.c:600
rproc_virtio_notified
/home/yintao/o61-2800/nuttx/openamp/open-amp/lib/remoteproc/remoteproc_virtio.c:394
remoteproc_get_notification
/home/yintao/o61-2800/nuttx/openamp/open-amp/lib/remoteproc/remoteproc.c:1059
rptun_worker
/home/yintao/o61-2800/nuttx/drivers/rptun/rptun.c:324
rptun_worker
/home/yintao/o61-2800/nuttx/drivers/rptun/rptun.c:324
nxtask_start
/home/yintao/o61-2800/nuttx/sched/task/task_start.c:111

Signed-off-by: yintao <yintao@xiaomi.com>
This commit is contained in:
yintao
2024-12-04 23:33:46 +08:00
committed by Xiang Xiao
parent 863c20544c
commit 773db122a3
1 changed files with 18 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
drivers/rpmsg/rpmsg_router_hub.c
+18 -2
View File
@@ -103,6 +103,22 @@ static int rpmsg_router_hub_cb(FAR struct rpmsg_endpoint *ept,
return rpmsg_send(dst_ept, data, len);
}
/****************************************************************************
* Name: rpmsg_router_hub_ept_release
*
* Description:
* This is the release endpoint callback function for router core.
*
* Parameters:
* ept - rpmsg_endpoint for communicating with edge core (r:cpu:name)
*
****************************************************************************/
static void rpmsg_router_hub_ept_release(FAR struct rpmsg_endpoint *ept)
{
kmm_free(ept);
}
/****************************************************************************
* Name: rpmsg_router_hub_unbind
*
@@ -123,13 +139,11 @@ static void rpmsg_router_hub_unbind(FAR struct rpmsg_endpoint *ept)
if (dst_ept)
{
rpmsg_destroy_ept(dst_ept);
kmm_free(dst_ept);
}
/* Destroy source edge ept */
rpmsg_destroy_ept(ept);
kmm_free(ept);
}
/****************************************************************************
@@ -277,12 +291,14 @@ static void rpmsg_router_hub_bind(FAR struct rpmsg_device *rdev,
src_ept->priv = dst_ept;
src_ept->rdev = rdev;
src_ept->dest_addr = dest;
src_ept->release_cb = rpmsg_router_hub_ept_release;
strlcpy(src_ept->name, name, sizeof(src_ept->name));
/* Create endpoint (r:src_cpu:name) to another dest cpu */
dst_ept->priv = src_ept;
dst_ept->ns_bound_cb = rpmsg_router_hub_bound;
dst_ept->release_cb = rpmsg_router_hub_ept_release;
ret = rpmsg_create_ept(dst_ept, dst_rdev, dst_name,
RPMSG_ADDR_ANY, RPMSG_ADDR_ANY,
rpmsg_router_hub_cb,