jnippula opened a new pull request, #17304: URL: https://github.com/apache/nuttx/pull/17304
## Summary Currently in devif_iob_poll releases the IOB buffer unconditionally, even the devif_poll_connections() returned "false", indicating that no data has been handled. If IOB is unconditionally released, it may cause race condition in TCP accept connection (SYN packet) where tcp_alloc waits for free conn with net_breaklock called. During that period another core can trigger devif_poll and even the IOB is not yet connected to any connection, it is release and dev->d_iob is set to NULL. So, the dev->d_iob is released before tcp_alloc_accept has read the ip address info from the buffer. => kernel crash due to referencing NULL pointer. Fixed to release IOB only in case it is really handled (bstop == true). ## Testing Verified with custom NXP i.mx9 device connected to laptop via ethernet cable. Running a tcp server in nuttx and connecting that from tcp client running of laptop. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
