We have had a problem where our product crashes when we are using PPP to negotiate the DNS server, when we resolve a host name.
The problem only occurs the second time we dial up.
I am working with MQX 4.0.1 on a K70 based product which uses a 3G modem connected internally via USBOTG.
(I have checked MQX 18.104.22.168, and it seems to have the same issue.)
Reproducing the problem:
We establish a PPP connection through the modem, with negotiation of DNS enabled.
On the first connection, we are able to resolve host names no problem.
If we simulate a modem connection failure, the connection drops, the PPP tasks are terminated, and our application begins retrying connection.
Once a new connection is established, the unit will crash on the first attempt to resolve a host name.
We have done some investigation and we have determined the cause:
When the PPP negotiates the DNS, it adds the DNS server to the slist with a call to DNS_prepend_slist_entry from a PPP task.
The slist is a linked list, and the new DNS_SLIST_STRUCT is allocated and set as the first server to query (DNS_First_Local_server).
When the connection is terminated, the PPP task is destroyed, and all it's resources are freed automatically as part of the task destruction.
This leaves DNS_First_Local_server containing an invalid pointer.
Re-establishing the connection requires memory to be allocated, and the memory is reused, so contains undefined data.
When an attempt is made to resolve a host name, DNS_First_Local_server is used and the behaviour is unpredictable (but usually crashes or watchdogs).
To solve the problem I have changed DNS_insert_slist_entry function to use RTCS_mem_alloc_system rather than RTCS_mem_alloc (in 3 places).
Since system memory is associated with the system task, not the task that does the allocating.
This means when the PPP task is destroyed the memory is not freed.
Is this the best solution to the problem?
Are there any consequences I haven't foreseen?