Currently at runtime it is hard to know the exact build config of
the current NuttX instance. Thus it is inconvenient when there are
multiple configs for the same board. This patch attempts to solve
the issue by adding build config to /proc/version.
Signed-off-by: Yanfeng Liu <yfliu2008@qq.com>
When we close a socket fd, it will call get path on sockets.
`close(socket_fd)` -> `file_closelk(filep)` -> `file_fcntl(F_GETPATH)`
It causes a heavy stack load for each socket close operation.
(We have `GETPATH` for sockets to be used for `fdinfo`)
But the socket fds are not intended to be used for file locks.
And so do some other file types, so we may just limit the usage of flock.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
These variables will trigger variable 'ret' set but not used warnings due to different configurations.
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
When issuing an ioctl for a file that exists in a FAT32 file system,
the FAT ioctl() is first executed, but it returns -ENOSYS in
an attempt to pass through to the vfs.
Therefore, the ioctl of the VFS layer, which expects -ENOTTY,
is not processed and an error occurs.
Signed-off-by: Takeyoshi Kikuchi <kikuchi@centurysys.co.jp>
It seems that RPMSGFS is missed from the list that doesn't need block or
MTD drivers. This attempts to add it.
Signed-off-by: Yanfeng Liu <yfliu2008@qq.com>
The DIRSEC_BYTENDX(f, i) is supposed to have DIRSEC_NDXMASK(f) in its expansion instead of DIRSEC_NDXMASK(fs). It went unnoticed in the codebase as DIRSEC_BYTENDX(fs, idx) is the way it is used, and it leads to a similar expansion as desired, and thus it has worked till now without any issues from this.
Signed-off-by: Saurav Pal <resyfer.dev@gmail.com>
When shmfs_truncate is called, it uses shmfs_alloc_object to create the
physical backing for the shm file. However, the allocated physical
memory returned by mm_pgalloc is not cleared when CONFIG_BUILD_KERNEL is
set, which is a clear POSIX violation:
https://pubs.opengroup.org/onlinepubs/9699919799/functions/truncate.html
"If the file was previously shorter than length, its size is increased,
and the extended area appears as if it were zero-filled."
For FLAT and PROTECTED modes zalloc is used, so the violation affects
KERNEL mode only.
nuttx/driver/rpmsg: new folder, extract common rpmsg api in rptun.c to rpmsg.c.
rpmsg provide rpmsg_ops to each backend for specific implementation.
Signed-off-by: wangyongrong <wangyongrong@xiaomi.com>
Fix the issue where fat driver is not using the last two clusters in
the file system.
The fat parameter fs->fs_nclusters is the maximum number of data clusters;
this doesn't include the two in the beginning. Many checks in the fat driver
treat the fs->fs_nclusters-1 as being the last accessible cluster, which is not
right, the last accessible one is actually this number + 2 when the cluster
count includes the two first ones.
Normally this is not an issue when writes are being done through the same
driver, the last two clusters are just never used. But if the filesystem is
modified by external driver, for example with a populated fat created with PC,
or modifying the FS via USB-MSC, this leads to the fat driver not being able to
read anything that uses the last two clusters.
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
Usage:
1. CONFIG_FS_PROCFS_MAX_STACK_RECORD > 0, such as 32,
2. add '-finstrument-functions' to CFLAGS for What you want to check
stack.
3. mount porcfs
4. cat /proc/<pid>/stack will print backtace & size
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
A segmentfault might happen when read/write/unlink ops called without an open
ops called because it bind ept's ops in rpmsgblk_open_handler.
proxy> rm /dev/ram1
segmentfault
proxy> ls /dev/ram1
segmentfault
Signed-off-by: liaoao <liaoao@xiaomi.com>
newsize = newsize + CONFIG_FS_TMPFS_FILE_ALLOCGUARD;
When newsize is a large value,
adding a relatively small value can cause the result to become very small,
resulting in program logic errors.
For example:
0xffffffff + 0x2 = 1
Signed-off-by: hujun5 <hujun5@xiaomi.com>
The task files should consult the "spawn action" and "O_CLOEXEC flags"
to determine further whether the file should be duplicated.
This PR will further optimize file list duplicating to avoid the performance
regression caused by additional file operations.
Signed-off-by: chao an <anchao@xiaomi.com>
This moves task / thread cancel point logic from the NuttX kernel into
libc, while the data needed by the cancel point logic is moved to TLS.
The change is an enabler to move user-space APIs to libc as well, for
a coherent user/kernel separation.
ubsan_prologue: ================================================================================
ubsan_prologue: UBSAN: shift-out-of-bounds in fat/fs_fat32util.c:989:40
__ubsan_handle_shift_out_of_bounds: left shift of 268435455 by 4 places cannot be represented in type 'int'
ubsan_epilogue: ================================================================================
Signed-off-by: chao an <anchao@xiaomi.com>
1. fs_epoll: try again when epoll_teardown() return 0
when poll_notify() called larger than twice when epoll_wait() blocked
in the eph->sem, the semcount will be larger than 1 when epoll_wait()
unblocked and will return 0 directly at the next epoll_wait.
So retry to wait the eph->sem again when epoll_teardown return 0.
2. fs_epoll: poll_setup the fd again even this fd got non-expected event
Some poll implementations need call poll_setup again when their internal
states changed (e.g., local socket), so should add the fd to the epoll
teardown list and poll_setup again at the next epoll_wait even this fd
got the user non-expected event.
Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>
VELAPLATFO-18473
refs:
https://man7.org/linux/man-pages/man2/fcntl.2.html
If the FD_CLOEXEC bit is set, the file descriptor will automatically
be closed during a successful execve(2).
(If the execve(2) fails, the file descriptor is left open.)
modify:
1. Ensure that the child task copies all fds of the parent task,
including those with O_CLOEXE.
2. Make sure spawn_file_action is executed under fd with O_CLOEXEC,
otherwise it will fail.
3. When a new task is activated or exec is called, close all fds
with O_CLOEXEC flags.
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
refs: https://man7.org/linux/man-pages/man2/dup.2.html
The two file descriptors do not share file descriptor flags (the
close-on-exec flag). The close-on-exec flag (FD_CLOEXEC; see
fcntl(2)) for the duplicate descriptor is off.
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
we can mount a zipfile in nuttx use mount command like this:
mount -t zipfs -o /data/test.zip /zip
The zipfs is a read only file system,The advantage is that it
does not occupy additional space when reading the decompressed file.
When used, reading and decompression operations are simultaneous.
The known disadvantage is that when using seek to read forward,
it will reopen and cause slow speed problems.
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
Fixes build error with -Werror:
shm/shmfs.c: In function 'shmfs_read':
shm/shmfs.c:122:33: error: pointer of type 'void *' used in arithmetic [-Werror=pointer-arith]
122 | memcpy(buffer, sho->paddr + startpos, nread);
| ^
shm/shmfs.c: In function 'shmfs_write':
shm/shmfs.c:166:25: error: pointer of type 'void *' used in arithmetic [-Werror=pointer-arith]
166 | memcpy(sho->paddr + startpos, buffer, nwritten);
| ^
cc1: all warnings being treated as errors
Implement I_SUID/I_SGID feature for binfs in the POSIX compliant way.
If set-user-ID bit is set in the file permissions, then the effective
user ID of process shall be set to UID of the new process image file.
test case:
hello example emulates to set uid and file set-user-ID bit, and call
geteuid and getegid API.
UID = 2000
GID = 3000
MODE = 06555
nsh> ls -l /bin/hello
-r-sr-sr-x 2000 3000 0 hello
nsh> hello
geteuid:2000
getegid:3000
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
The memory allocated with strdup and asprintf is done via lib_malloc
so we need to use lib_free to deallocate memory otherwise the assertion
"Free memory from the wrong heap" is hit with flat mode and user separated
heap enabled mode.
Signed-off-by: Petro Karashchenko <petro.karashchenko@gmail.com>
VELAPLATFO-12536
This provides the initial hooks for Flattened Device Tree support
with QEMU RV. It also provides a new procfs file that exposes the
fdt to userspace much like the /sys/firmware/fdt endpoint in Linux.
See https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-firmware-ofw
Nodes in the fdt are not yet usable by the OS.
Signed-off-by: Brennan Ashton <bashton@brennanashton.com>
Signed-off-by: liaoao <liaoao@xiaomi.com>
Both the device and the pipe used the FSNODEFLAG_TYPE_DRIVER type before,
and now add an independent pipe type
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
In POSIX standard spec https://pubs.opengroup.org/onlinepubs/7908799/xsh/mqueue.h.html, the field type in mq_attr should be long not size_t. And no logical judgment when mq_maxmsg <= 0 or mq_msgsize <= 0. In this change, i update the field type in mq_attr, and add the missing logical judgment.
Signed-off-by: yangjiao <yangjiao@xiaomi.com>
If the shm file is removed and a subsequent close, only release shm
object, but inode is leaked. Should decrease refcount to release inode
when unmapped, that matched with refcount increase when mapped.
Another fix that remove the shm file failed.
nsh> rm /var/shm/pts_mmap_1_2_5
nsh: rm: unlink failed: 6
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
mmap establish a mapping address space that refer to a tmpfs file,
there are two issues:
1. if the tmpfs file is removed and a subsequent close(), tmpfs_close
will release the backend memory object, use after free errors occur
when operating the mapping memory. We add an extra reference to memory object,
memory will be released when there are no more mappings.
2. if unmap only a portion of the memory, fix the bug that adds another map.
Use realloc and shrink the mapping memory instead.
The fix pass LTP posix case mmap/10-1.c and mmap/12-1.c
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
No memory map count limit that will exhaust memory and cause
the system hang. Also that fix pass LTP posix case mmap/24-1.c
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
If MAP_PRIVATE is specified, do not change the underlying object,
that is OK to open file with read-only permission. Change to pass:
testcases/open_posix_testsuite/conformance/interfaces/mmap/6-5.c
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
As posix spec, mmap() function shall fail with ENODEV if fd refers
to a file whose type is not supported. Change to pass ltp open_posix test:
testcases/open_posix_testsuite/conformance/interfaces/mmap/23-1.c
https://pubs.opengroup.org/onlinepubs/9699919799/functions/mmap.html
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
The FIOC_FILEPATH ioctl needs rf->rf_path, which is not initialized for
dup'ed romfs file and cause problems.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
1. command "memdump leak" can dump the leacked memory node;
2. fix the leak memory stat bug in memory manager;
Signed-off-by: wangbowen6 <wangbowen6@xiaomi.com>
since the same function can be achieved by mount:
mount(NULL, "/mnt/unionfs", "unionfs", 0,
"fspath1=/mnt/path1,prefix1=prefix1,"
"fspath2=/mnt/path2,prefix2=prefix2");
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
while iterate throuh all mapping memory to munmap and release,
the last entry is NUlL.
We need differentiate the case with invald entry at the first.
The fix is to pass ltp shm related cases.
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
Follow the POSIX specification in https://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_open.html, update the logic for condition that the semaphore name length is greater than PATH_MAX or a component length is greater than NAME_MAX.
Signed-off-by: yangjiao <yangjiao@xiaomi.com>
1. Update all CMakeLists.txt to adapt to new layout
2. Fix cmake build break
3. Update all new file license
4. Fully compatible with current compilation environment(use configure.sh or cmake as you choose)
------------------
How to test
From within nuttx/. Configure:
cmake -B build -DBOARD_CONFIG=sim/nsh -GNinja
cmake -B build -DBOARD_CONFIG=sim:nsh -GNinja
cmake -B build -DBOARD_CONFIG=sabre-6quad/smp -GNinja
cmake -B build -DBOARD_CONFIG=lm3s6965-ek/qemu-flat -GNinja
(or full path in custom board) :
cmake -B build -DBOARD_CONFIG=$PWD/boards/sim/sim/sim/configs/nsh -GNinja
This uses ninja generator (install with sudo apt install ninja-build). To build:
$ cmake --build build
menuconfig:
$ cmake --build build -t menuconfig
--------------------------
2. cmake/build: reformat the cmake style by cmake-format
https://github.com/cheshirekow/cmake_format
$ pip install cmakelang
$ for i in `find -name CMakeLists.txt`;do cmake-format $i -o $i;done
$ for i in `find -name *\.cmake`;do cmake-format $i -o $i;done
Co-authored-by: Matias N <matias@protobits.dev>
Signed-off-by: chao an <anchao@xiaomi.com>
Summary:
- Some network drivers such as GS2200M do not support to bind
a local port for TCP client socket. In this case, this config
disables to bind the port.
- See also https://github.com/apache/nuttx/pull/3707
Impact:
- None
Testing:
- Tested with spresense:wifi_smp (Kconfig will be updated later)
- Tested with sabre-6quad:netnsh_smp (QEMU)
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
Testing for overflow by adding a value to a variable to see if it "wraps
around" works only for unsigned integer values, because signed overflow
has undefined behavior according to the C and C++ standards.
Signed-off-by: Mingjie Shen <shen497@purdue.edu>
If sendfile() is called with a zero count, it will nevertheless
try to send the data. This is mostly meaningless, it causes
waste of resources, and in some cases delays.
This commit adds special handling for this case, allowing
sendfile to return immediately zero. The new behavior is
in line with the Linux variant of sendfile.
Directly return -ENOTTY in rpmsgxxx_ioctl() when the command is
not supported to avoid fdsan command FIOC_SETTAG and FIOC_GETTAG
pass to the rpmsg dev/mtd/blk server with CONFIG_FDSAN enabled.
Signed-off-by: wangbowen6 <wangbowen6@xiaomi.com>
Use sigandset function instead of & operation,
because the sigset_t structure has been changed.
This PR is to adapt to the changes made in #8885.
Signed-off-by: zhangyuan21 <zhangyuan21@xiaomi.com>
In embedded development environments, due to the lack of address isolation between processes,
fd may be passed between processes and lead to misuse,
We have designed an fd cross-process automatic detection tool,
fdcheck_protect returns the fd containing the pid information,
indicating that the ownership of the current fd belongs to the pid and is not allowed to be used by other processes.
fdcheck_restore will obtain the true fd and check if the ownership of the fd is legal
For ease of understanding, let's give an example where
the following information is represented in 32-bit binary format
fd 00000000 00000000 00000000 10001010
pid 00000000 00000000 00000011 01010101
ret 00000000 00000011 01010101 10001010
Signed-off-by: hujun5 <hujun5@xiaomi.com>
When the file pointer is reopened, keep f_tag unchanged as fd remains unchanged
fix issue https://github.com/apache/nuttx/issues/9494
Signed-off-by: hujun5 <hujun5@xiaomi.com>
Add a new field to record the global on the basis of mm_backtrace.
When using alloc, the field is incremented by 1,
so that the memory usage can be dumped within the range
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
FD (file descriptor) is widely used in system software development,
and almost all implementations of posix os (including nuttx) use FD as an index.
the value of fd needs to be allocated starting from the minimum available value of 3, and each process has a copy,
so the same fd value is very easy to reuse in the program.
In multi threaded or multi process environments without address isolation,
If the ownership, global variables, and competition relationships of fd are not properly handled,
there may be issues with fd duplication or accidental closure.
Further leading to the following issues, which are difficult to troubleshoot.
1. Security vulnerability: the fd we wrote is not the expected fd and will be accessed by hackers to obtain data
2. Program exceptions or crashes: write or read fd failures, and program logic errors
3. The structured file XML or database is damaged: the data format written to the database is not the expected format.
The implementation principle of fdsan is based on the implementation of Android
https://android.googlesource.com/platform/bionic/+/master/docs/fdsan.md
Signed-off-by: hujun5 <hujun5@xiaomi.com>
The spawn proxy thread is a special existence in NuttX, usually some developers
spend a lot of time on stack overflow of spawn proxy thread:
https://github.com/apache/nuttx/issues/9046https://github.com/apache/nuttx/pull/9081
In order to avoid similar issues, this PR will remove spawn proxy thread to simplify
the process of task/posix_spawn().
1. Postpone the related processing of spawn file actions until after task_init()
2. Delete the temporary thread of spawn proxy and related global variables
Signed-off-by: chao an <anchao@xiaomi.com>
fix the problem that stat fails to use the relative path
An error will be reported if used in the following way:
stat("//./bin", &st);
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
and remove the check of SYS_DOWN since it defines to SYS_RESTART in reboot_notifer.h:
#define SYS_DOWN 0x0001 /* Notify of system down */
#define SYS_RESTART SYS_DOWN
#define SYS_HALT 0x0002 /* Notify of system halt */
#define SYS_POWER_OFF 0x0003 /* Notify of system power off */
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
This way the mappings can be modified for any vm area, not only the
process that is running.
Why? This allows mapping pages to kernel dynamically, this functionality
will be presented later.
Refer to issue #8867 for details and rational.
Convert sigset_t to an array type so that more than 32 signals can be supported.
Why not use a uin64_t?
- Using a uin32_t is more flexible if we decide to increase the number of signals beyound 64.
- 64-bit accesses are not atomic, at least not on 32-bit ARMv7-M and similar
- Keeping the base type as uint32_t does not introduce additional overhead due to padding to achieve 64-bit alignment of uin64_t
- Some architectures still supported by NuttX do not support uin64_t
types,
Increased the number of signals to 64. This matches Linux. This will support all xsignals defined by Linux and also 32 real time signals (also like Linux).
This is is a work in progress; a draft PR that you are encouraged to comment on.
In the last change, the assert behavior test was not considered. Therefore, in this change, sync will be performed only when SYS_RESTART/SYS_DOWN situation occurs, avoiding unpredictable results caused by handling locks or semaphores in interrupts.