Patch eap.o memory leak #8566
Merged
Patch eap.o memory leak #8566
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
mhightower83 force-pushed the pr-enterprise-patch-leak branch from 61b2e7b to f8675fa Compare 
Flole998 reviewed May 13, 2022
| Excellent job, I am really impressed. I tried to do something similar but failed miserably. |
mhightower83 force-pushed the pr-enterprise-patch-leak branch from f8675fa to abc5cff Compare WiFi Enterprise option can leak up to 3 allocations per connect/disconnect cycle: anonymous Identity, password, and some unidentified allocation. This solution patches eap.o from libwpa2 to call a special 2 part wrapper instead of vPortFree for cleanup. Corrected typos and adjusted tabs in script. Added script eval_fix_sdks.sh to aid in evaluating similarity between patch sections of .o files being patched across different SDKs.
mhightower83 force-pushed the pr-enterprise-patch-leak branch from abc5cff to a8d2054 Compare WiFi Enterprise option can leak up to 3 allocations per connect/disconnect cycle: anonymous Identity, password, and some unidentified allocation. This solution patches eap.o from libwpa2 to call a special 2 part wrapper instead of vPortFree for cleanup. Corrected typos and adjusted tabs in script. Added script eval_fix_sdks.sh to aid in evaluating similarity between patch sections of .o files being patched across different SDKs.
mhightower83 force-pushed the pr-enterprise-patch-leak branch from a2d2aa2 to 1d88df0 Compare …duino into pr-enterprise-patch-leak
| I've been watching this for a while and just want to say, great work @mhightower83 ! You must have spent much time delving through disassembled code to fix this! |
| @earlephilhower Thanks! I started using this bug to test some code I was working on to catch a double free. I ended out making several more debug enhancements to umm_malloc. These helped reduce the amount of assembly code I was reading. |
mcspr pushed a commit that referenced this pull request Dec 16, 2022
## WPA2 Enterprise connections References - merged PRs: * #8529 * #8566 - these occurred with connect/disconnect with WPA-Enterprise * #8736 (comment) The NON-OS SDK 3.0.x has breaking changes to the [`pvPortMalloc`](https://github.com/espressif/ESP8266_NONOS_SDK/blob/bf890b22e57a41d5cda00f9c8191f3f7035a87b4/include/mem.h#L42) function. They added a new `bool` argument for selecting a heap. ```cpp void *pvPortMalloc (size_t sz, const char *, unsigned, bool); ``` To avoid breaking the build, I added a new thin wrapper function `sdk3_pvPortMalloc` to `heap.cpp`. Edited new SDK LIBs to call `pvPortMalloc`'s replacement `sdk3_pvPortMalloc`. They also added `pvPortZallocIram` and `pvPortCallocIram`, which are not a problem to support. Support added to `heap.cpp`. Issues with WPA2 Enterprise in new SDKs: * v3.0.0 and v3.0.1 - have the same memory leak and duplicate free bugs from before * v3.0.2 through v3.0.5 - have the same memory leak; however, _no_ duplicate free crash. * memory leak can be seen by cycling through setup, connect, disconnect, and clear setup - repeatedly. Updated `wpa2_eap_patch.cpp` and binary patch scripts to handle v3.0.0 through v3.0.5. Patched SDKs v3.0.0 through v3.0.5 ## Duplicate Non-32-bit exception handler Issue: At v3.0.0 and above `libmain.a` supplies a built-in exception handler (`load_non_32_wide_handler`) for non-32-bit access. Our non-32-bit access handler (`non32xfer_exception_handler`) overrides it. Solution: Add "weak" attribute to symbol `load_non_32_wide_handler`. Adjust the build to default to the SDK's built-in non-32-bit handler. If there is a need to use our non-32-bit handler, make the selection from the Arduino IDE Tools menu `Non-32-Bit Access: "Byte/Word access to IRAM/PROGMEM (very slow)"`. With SDKs v3.0.0 and above a "non-32-bit exception handler" is always present.
hasenradball pushed a commit to hasenradball/Arduino that referenced this pull request Nov 18, 2024
* Patch eap.o memory leak WiFi Enterprise option can leak up to 3 allocations per connect/disconnect cycle: anonymous Identity, password, and some unidentified allocation. This solution patches eap.o from libwpa2 to call a special 2 part wrapper instead of vPortFree for cleanup. Corrected typos and adjusted tabs in script. Added script eval_fix_sdks.sh to aid in evaluating similarity between patch sections of .o files being patched across different SDKs. * Add some dev debug code and improve comments * Patch eap.o memory leak WiFi Enterprise option can leak up to 3 allocations per connect/disconnect cycle: anonymous Identity, password, and some unidentified allocation. This solution patches eap.o from libwpa2 to call a special 2 part wrapper instead of vPortFree for cleanup. Corrected typos and adjusted tabs in script. Added script eval_fix_sdks.sh to aid in evaluating similarity between patch sections of .o files being patched across different SDKs. * Add some dev debug code and improve comments
hasenradball pushed a commit to hasenradball/Arduino that referenced this pull request Nov 18, 2024
## WPA2 Enterprise connections References - merged PRs: * esp8266#8529 * esp8266#8566 - these occurred with connect/disconnect with WPA-Enterprise * esp8266#8736 (comment) The NON-OS SDK 3.0.x has breaking changes to the [`pvPortMalloc`](https://github.com/espressif/ESP8266_NONOS_SDK/blob/bf890b22e57a41d5cda00f9c8191f3f7035a87b4/include/mem.h#L42) function. They added a new `bool` argument for selecting a heap. ```cpp void *pvPortMalloc (size_t sz, const char *, unsigned, bool); ``` To avoid breaking the build, I added a new thin wrapper function `sdk3_pvPortMalloc` to `heap.cpp`. Edited new SDK LIBs to call `pvPortMalloc`'s replacement `sdk3_pvPortMalloc`. They also added `pvPortZallocIram` and `pvPortCallocIram`, which are not a problem to support. Support added to `heap.cpp`. Issues with WPA2 Enterprise in new SDKs: * v3.0.0 and v3.0.1 - have the same memory leak and duplicate free bugs from before * v3.0.2 through v3.0.5 - have the same memory leak; however, _no_ duplicate free crash. * memory leak can be seen by cycling through setup, connect, disconnect, and clear setup - repeatedly. Updated `wpa2_eap_patch.cpp` and binary patch scripts to handle v3.0.0 through v3.0.5. Patched SDKs v3.0.0 through v3.0.5 ## Duplicate Non-32-bit exception handler Issue: At v3.0.0 and above `libmain.a` supplies a built-in exception handler (`load_non_32_wide_handler`) for non-32-bit access. Our non-32-bit access handler (`non32xfer_exception_handler`) overrides it. Solution: Add "weak" attribute to symbol `load_non_32_wide_handler`. Adjust the build to default to the SDK's built-in non-32-bit handler. If there is a need to use our non-32-bit handler, make the selection from the Arduino IDE Tools menu `Non-32-Bit Access: "Byte/Word access to IRAM/PROGMEM (very slow)"`. With SDKs v3.0.0 and above a "non-32-bit exception handler" is always present.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
WiFi Enterprise option can leak up to 3 allocations per connect/disconnect cycle (configuration dependent): anonymous Identity, password, and some unidentified allocation.
This solution patches
eap.ofromlibwpa2.ato call a special 2-part wrapper instead ofvPortFreeat cleanup.This is supplemental to #8529 (comment) and should not be merged prior.
There may be a better way of doing this. My knowledge of
xtensa-lx106-elf-objcopyis near zero and everything that sounded promising didn't work the way I needed.I don't have a use case for WiFi Enterprise so my testing has been limited. More testing is needed.
To minimize resources used, the patch will only be linked in when you have a call to
enable_wifi_enterprise_patch().Use something like this to enable patch: