continue the follow work:
commit 43e7b13697
Author: Xiang Xiao <xiaoxiang@xiaomi.com>
Date: Sun Jan 22 19:31:32 2023 +0800
assert: Log the assertion expression in case of fail
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
A testcase as following:
child_task()
{
sleep(3);
}
main_task()
{
while (1)
{
ret = task_create("child_task", child_task, );
sleep(1);
task_delete(ret);
}
}
Root casuse:
task_delete hasn's cover the condition that the deleted-task
is justing running on the other CPU.
Fix:
Let the nxsched_remove_readytorun() do the real work
Signed-off-by: ligd <liguiding1@xiaomi.com>
1. When pthread exit, set the default cancellability state to NONCANCELABLE state.
2. Make sure modify tcb->flags is atomic operations.
Signed-off-by: zhangyuan21 <zhangyuan21@xiaomi.com>
This is just unnecessary, a process cannot be destroyed by another
process in any case, every time this is executed the active address
environment is the process getting destroyed.
Even in the hypothetical case this was possible, the system would
crash at once if a context switch happens between "select()" and
"restore()", which is possible as the granule allocator is protected by
a semaphore (which is a synchronization point).
- Also remove the nuttx private shm.h file nuttx/mm/shm.h, which became redundant
- Also remove the gran allocator initialization/release in binfmt since common
vpage allocator is initialized in group_create/group_leave
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
tg_info is still in use after task_uninit_info(), unifies
lib_stream_* with life cycle of task info to avoid this issue.
| ==1940861==ERROR: AddressSanitizer: heap-use-after-free on address 0xf47032e0 at pc 0x5676dc4f bp 0xf2f38c68 sp 0xf2f38c58
|
|#10 0xf7abec89 in __asan::__asan_report_load2 (addr=4100993760) at ../../../../src/libsanitizer/asan/asan_rtl.cpp:119
|#11 0x5677356a in nxsem_destroy (sem=0xf47032e0) at semaphore/sem_destroy.c:73
|#12 0x56773695 in sem_destroy (sem=0xf47032e0) at semaphore/sem_destroy.c:120
|#13 0x5676faa2 in nxmutex_destroy (mutex=0xf47032e0) at include/nuttx/mutex.h:126
|#14 0x567a3430 in lib_stream_release (group=0xf4901ba0) at stdio/lib_libstream.c:98
|#15 0x5676da75 in group_release (group=0xf4901ba0) at group/group_leave.c:162
|#16 0x5676e51c in group_leave (tcb=0xf5377740) at group/group_leave.c:360
|#17 0x569fe79b in nxtask_exithook (tcb=0xf5377740, status=0) at task/task_exithook.c:455
|#18 0x569f90b9 in _exit (status=0) at task/exit.c:82
|#19 0x56742680 in exit (status=0) at stdlib/lib_exit.c:61
|#20 0x56a69c78 in iperf_showusage (progname=0xf2f28838 "iperf", exitcode=0) at iperf_main.c:91
|#21 0x56a6a6ec in iperf_main (argc=1, argv=0xf2f28830) at iperf_main.c:140
|#22 0x5679c148 in nxtask_startup (entrypt=0x56a69c78 <iperf_main>, argc=1, argv=0xf2f28830) at sched/task_startup.c:70
|#23 0x56767f58 in nxtask_start () at task/task_start.c:134
Signed-off-by: chao an <anchao@xiaomi.com>
The task_group specific list can be used to store information about
mmappings.
For a driver or filesystem performing mmap can also enable munmap by
adding an item to this list using mm_map_add(). The item is then
returned in the corresponding munmap call.
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
Summary:
- I noticed that nxplayer (HTTP audio streaming) + command execution
via telnet sometimes causes memory corruption.
See https://github.com/apache/nuttx/pull/7947 for the detail.
- This commit fixes this issue by calling lib_stream_release() before
lib_stream_release() in group_leave.c
Impact:
- Should be none
Testing:
- Tested with spresense:wifi_smp
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
When the signal sent by the sender is blocked in the target task,
if the target task has an action registered with sa_flags SA_KENELHAND,
it will directly respond to the action in the context of the sender.
When the action is executed, it will have the parameters set by the
target task with sigaction:sa_user.
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
_assert is a kernel procedure, entered via system call to make the core
dump in privileged mode.
Running exit() from this context is not OK as it runs the registered
exit functions and flushes streams, which must not be done
from privileged mode as it is a security hole.
Thus, implement assert() into user space (again) and remove the exit()
call from the kernel procedure.
Instantiate the correct address environment when reading the process's
argument vector. Otherwise doing this will crash the system every time,
causing a recursive assert loop.
Also try to do a bit of sanity checking before attempting to read the
process's memory, it might be in a bad state in which case this will
fail anyway.
This is preparation for flushing streams from user space, like it should
be done.
- Move tg_streamlist (group, kernel space) ->
ta_streamlist (TLS, user space)
- Access stream list via tg_info in kernel
- Access stream list via TLS in user space
- Remove / rename nxsched_get_streams -> lib_getstreams
- Remove system call for nxsched_get_streams
The user stack is dependent on the user address environment. As the
process exits, this address environment is destroyed anyway, so the
stack does not need to be released separately.
There is also an issue with this when the process exits via exit(). The
problem is that the task group is released prior to this "up_release_stack()"
call along with the address environment, and trying to free the memory
either causes an immediate crash (no valid addrenv), or frees memory into
another process' heap (addrenv from a different process).
Signed-off-by: Ville Juven <ville.juven@unikie.com>
According to posix spec, this function should never return `EINTR`.
This fixes the call to `pthread_mutex_take` so it keeps retrying the
lock and doesn't return `EINTR`
It takes about 10 cycles to obtain the task list according to the task
status. In most cases, we know the task status, so we can directly
add the task from the specified task list to reduce time consuming.
It takes about 10 cycles to obtain the task list according to the task
status. In most cases, we know the task status, so we can directly
delete the task from the specified task list to reduce time consuming.
In the past, header file paths were generated by the incdir command
Now they are generated by concatenating environment variables
In this way, when executing makefile, no shell command will be executed,
it will improve the speed of executing makfile
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
TIMER_SETTIME(2)
NAME
timer_settime, timer_gettime - arm/disarm and fetch state of POSIX per-process timer
SYNOPSIS
#include <time.h>
int timer_settime(timer_t timerid, int flags,
const struct itimerspec *new_value,
struct itimerspec *old_value);
int timer_gettime(timer_t timerid, struct itimerspec *curr_value);
...
ERRORS
...
EINVAL timerid is invalid.
Signed-off-by: chao an <anchao@xiaomi.com>
because if we pass predefined environment variables table explicitly,
the environment variables created by the board code will be lost.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
This commit is intended to solve the bug caused by #7159.
It will fixed data abort issue when task restart in wait sem status.
If delete waitobj in the sem recover function, then we will get the wrong
task list when remove the task from task list.
1.Don't include unwind.h when arch specific backtrace is enable
2.Built arch specific backtrace wrapper only when enable
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Optimize sched_note_begin/end, replace note_printf with note_string
sched_note_begin/end optimized from 50us to 1us per consumption
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
Situation:
Assume we have 2 cpus, and busy run task0.
CPU0 CPU1
task0 -> task1 task2 -> task0
1. remove task0 form runninglist
2. take task1 as new tcb
3. add task0 to blocklist
4. clear spinlock
4.1 remove task2 form runninglist
4.2 take task0 as new tcb
4.3 add task2 to blocklist
4.4 use svc ISR swith to task0
4.5 crash
5. use svc ISR swith to task1
Fix:
Move clear spinlock to the end of svc ISR
Signed-off-by: ligd <liguiding1@xiaomi.com>
reason:
1. g_running_tasks = thread A
2. thread A exit (free thread A's tcb) -> thread B
3. thread B interrupt by irq
4. check g_running_tasks->flags -> kasan report used after free
rootcause:
g_running_tasks has't set completely when syscall hanppened
Resolve:
Use rtcb (get at ISR begining) instead
Signed-off-by: ligd <liguiding1@xiaomi.com>
There one ways can caused this:
mq_timedreceive
TIMER IRQ do wd_timer -> wd_func1 mq_send
-> wd_func2 nxmq_rcvtimeout -> crash
Resolve:
Stop the watchdog when mq_send
Signed-off-by: ligd <liguiding1@xiaomi.com>
it inappropriate to apply volatile to the task list:
1.The code access task list is already protected by critical section
2.The queue is complex struct, it isn't enough to protect by volatile
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
because not all compiler support the weak attribute, and
many features are either always used or guarded by config.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
strlcpy ensure the destination is NUL-terminated, and also fix warning:
```c
task/task_prctl.c:138:15: warning: 'strncpy' output may be truncated copying 30 bytes from a string of length 31 [-Wstringop-truncation]
138 | strncpy(name, tcb->name, CONFIG_TASK_NAME_SIZE - 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
1.Forward nxsched_process_cpuload to nxsched_process_cpuload_ticks directly
2.Define the dummy nxsched_process_cpuload_ticks when CPULOAD isn't enabled
3.Remove the weak attribute from nxsched_process_cpuload_ticks
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
D:\code\incubator-nuttx\sched\pthread\pthread_create.c(154,22):
warning C4189: “pjoin”: local variable is initialized but not referenced
[D:\code\incubator-nuttx\vs20221\sched\sched.vcxproj]
D:\code\incubator-nuttx\sched\group\group_setupidlefiles.c(61,28):
warning C4189: “group”: local variable is initialized but not referenced
[D:\code\incubator-nuttx\vs20221\sched\sched.vcxproj]
Reference:
https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-4-c4189?view=msvc-170
Signed-off-by: chao.an <anchao@xiaomi.com>
and remove CONFIG_LIBC_LONG_LONG option to simplify the usage.
note: the size will increase 668
before change:
text data bss dec hex filename
168440 348 4480 173268 2a4d4 nuttx
after change:
text data bss dec hex filename
169108 348 4480 173936 2a770 nuttx
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
clock/clock_settime.c: In function ‘clock_settime’:
clock/clock_settime.c:120:45: warning: passing argument 1 of ‘clock_timekeeping_set_wall_time’
discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
120 | ret = clock_timekeeping_set_wall_time(tp);
| ^~
In file included from clock/clock_settime.c:37:
sched/clock/clock_timekeeping.h:40:58: note: expected ‘struct timespec *’
but argument is of type ‘const struct timespec *’
40 | int clock_timekeeping_set_wall_time(FAR struct timespec *ts);
|
Signed-off-by: chao.an <anchao@xiaomi.com>
The "p" format specifier already prepends the pointer address with
"0x" when printing.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
since _exit may kill all sibling thread when
HAVE_GROUP_MEMBERS equal true. Regressed by:
commit 622677d4a1
Author: Ville Juven <ville.juven@unikie.com>
Date: Mon May 2 15:15:06 2022 +0300
libc: Implement exit, atexit, on_exit and cxa_exit on the user side
For CONFIG_BUILD_KERNEL using the sched/task/task_exithook implementation
will just not work. It calls user code with kernel privileges which is
a bit of a security issue.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
For CONFIG_BUILD_KERNEL using the sched/task/task_exithook implementation
will just not work. It calls user code with kernel privileges which is
a bit of a security issue.
pthread_condclockwait() can not distinguish between interrupt and timeout,
which cause these API not follow POSIX:
pthread_rwlock_timedrdlock()
pthread_rwlock_timedwrlock()
pthread_condtimedwait()
POSIX:
Upon return from the signal handler the thread resumes waiting for
the condition variable as if it wasnot interrupted
These functions shall not return an error code of [EINTR].
Replacing nxsem_wait() with nxsem_clockwait_uninterruptible() can solve it.
Signed-off-by: jihandong <jihandong@xiaomi.com>
Deleting a task from another task's context will not do, so shut
this gate down for BUILD_KERNEL. In this case if a task wants another
task to terminate, it must ask the other task to politely kill itself.
Note: kthreads still need this, also, the kernel can delete a task
without asking.
1. fix typo spilock -> spinlock
2. fix build break
sched/sched_note.c: In function ‘note_spincommon’:
sched/sched_note.c:435:3: error: aggregate value used where an integer was expected
435 | note.nsp_value = (uint8_t)*spinlock;
| ^~~~
Signed-off-by: chao.an <anchao@xiaomi.com>
Summary:
- In case of SMP and ADDRENV, allocate current group for each cpu
- g_pid_current holds pid of the group and uses for addrenv switching
- allocate g_group_current for each cpu in stead of g_pid_current
- g_group_current is the array that pointed to the current task_group_s struct
Impact:
- ADDRENV=y and SMP=y
Testing:
- sabre-6quad:smp w/ qemu
- sabre-6quad:knsh w/ qemu
- sabre-6quad:knsh_smp w/ qemu (WIP)
Signed-off-by: Oki Minabe <minabe.oki@gmail.com>
If address environments are in use, it is not possible to simply
memcpy from from one process to another. The current implementation
of env_dup does precisely this and thus, it fails at once when it is
attempted between two user processes.
The solution is to use the kernel's heap as an intermediate buffer.
This is a simple, effective and common way to do a fork().
Obviously this is not needed for kernel processes.
if a pthread set attr is detach,and when call pthread_create,
new thread exit quikly,new thread's tcb be free,then pthread_create
use new thread's tcb will crash.
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
pthread_join need check thread is DETACHED,
Whether to wait according to the result.And,
if a thread is DETACHED,it will not set a new
attr.
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
The implementation of this feature is based on android systrace:
https://source.android.com/devices/tech/debug/ftrace
Application developers are more concerned about the performance of
the specified application section,
added two APIs to implement performance measurement:
void sched_note_begin(uintptr_t ip, FAR const char *buf);
void sched_note_end(uintptr_t ip, FAR const char *buf);
or
SCHED_NOTE_BEGIN(); /* defined to sched_note_begin(_THIS_IP_, __FUNCTION__) */
SCHED_NOTE_END(); /* defined to sched_note_end(_THIS_IP_, __FUNCTION__) */
Signed-off-by: chao.an <anchao@xiaomi.com>
When the initial proxy task is duplicated into the first user task,
the environment exists in kernel memory and this must be copied to user
memory.
The memory allocated for the new task was allocated with the parent's
priority which is incorrect. Use the new task's priority instead.
Follow-up for: #5753
- User mode allocator was used for setting up the environment. This
works in flat mode and probably in protected mode as well, as there
is always a a single user allocator present
- This does not work in kernel mode, where each user task has its own
heap allocator. Also, when the idle tasks environment is being set,
no allocator is ready and the system crashes at once.
Fix this by using the group allocators instead:
- Idle task is a kernel task, so its group is privileged
- Add group_realloc
- Use the group_malloc/realloc functions instead of kumm_malloc
Error: module/mod_insmod.c:203:3: error: 'strncpy' specified bound 16 equals destination size [-Werror=stringop-truncation]
203 | strncpy(modp->modname, modname, MODLIB_NAMEMAX);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
wqueue/kwork_thread.c: In function 'work_start_lowpri':
Error: wqueue/kwork_thread.c:212:22: error: '%lx' directive output may be truncated writing between 1 and 16 bytes into a region of size 14 [-Werror=format-truncation=]
212 | snprintf(args, 16, "0x%" PRIxPTR, (uintptr_t)wqueue);
local/local_sockif.c: In function 'local_getsockname':
Error: local/local_sockif.c:392:11: error: 'strncpy' specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
392 | strncpy(unaddr->sun_path, conn->lc_path, namelen);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
chip/esp32_wifi_utils.c: In function 'esp_wifi_scan_event_parse':
Error: chip/esp32_wifi_utils.c:373:37: error: argument to 'sizeof' in 'memset' call is the same expression as the destination; did you mean to dereference it? [-Werror=sizeof-pointer-memaccess]
memset(ap_list_buffer, 0x0, sizeof(ap_list_buffer));
^
stdio/lib_fputs.c: In function 'fputs':
Error: stdio/lib_fputs.c:99:9: error: nonnull argument 's' compared to NULL [-Werror=nonnull-compare]
if (s == NULL || stream == NULL)
^
Error: stdio/lib_fputs.c:99:27: error: nonnull argument 'stream' compared to NULL [-Werror=nonnull-compare]
if (s == NULL || stream == NULL)
^
stdio/lib_vfprintf.c: In function 'vfprintf':
Error: stdio/lib_vfprintf.c:40:6: error: nonnull argument 'stream' compared to NULL [-Werror=nonnull-compare]
if (stream)
^
string/lib_strdup.c: In function 'strdup':
Error: string/lib_strdup.c:39:6: error: nonnull argument 's' compared to NULL [-Werror=nonnull-compare]
if (s)
^
string/lib_strndup.c: In function 'strndup':
Error: string/lib_strndup.c:56:6: error: nonnull argument 's' compared to NULL [-Werror=nonnull-compare]
if (s)
^
string/lib_strpbrk.c: In function 'strpbrk':
Error: string/lib_strpbrk.c:39:7: error: nonnull argument 'str' compared to NULL [-Werror=nonnull-compare]
if (!str || !charset)
^~~~
Error: string/lib_strpbrk.c:39:15: error: nonnull argument 'charset' compared to NULL [-Werror=nonnull-compare]
if (!str || !charset)
^~~~~~~~
string/lib_strrchr.c: In function 'strrchr':
Error: string/lib_strrchr.c:40:6: error: nonnull argument 's' compared to NULL [-Werror=nonnull-compare]
if (s)
^
Error: time/lib_asctimer.c:73:50: error: '%d' directive output may be truncated writing between 1 and 11 bytes into a region of size between 0 and 12 [-Werror=format-truncation=]
snprintf(buf, 26, "%.3s %.3s%3d %.2d:%.2d:%.2d %d\n",
^~
time/lib_asctimer.c:73:21: note: directive argument in the range [-2147481748, 2147483647]
snprintf(buf, 26, "%.3s %.3s%3d %.2d:%.2d:%.2d %d\n",
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
time/lib_asctimer.c:73:3: note: 'snprintf' output between 17 and 68 bytes into a destination of size 26
snprintf(buf, 26, "%.3s %.3s%3d %.2d:%.2d:%.2d %d\n",
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
g_wday_name[tp->tm_wday], g_mon_name[tp->tm_mon],
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tp->tm_mday, tp->tm_hour, tp->tm_min, tp->tm_sec,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1900 + tp->tm_year);
~~~~~~~~~~~~~~~~~~~
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
since the temporary kernel spawn proxy need duplicate file handler
from caller, please reference the follow source code for more info:
sched/task/task_posixspawn.c
sched/task/task_spawn.c
This reverts commit 5c5f1dec08.
Summary:
- I noticed that exiting task or pthread causes dataabort if ARCH_ADDRENV=y
- This commit fixes this issue by switching the addrenv correctly
Impact:
- CONFIG_ARCH_ADDRENV=y only
Testing:
- Tested with sabre-6quad:netknsh (not merged yet)
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
here is the reason:
1.clock_systime_timespec(core function) always exist regardless the setting
2.CLOCK_MONOTONIC is a foundamental clock type required by many places
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
State of problem:
- Some drivers that do not support write operations (does not
have write handler or ioctl do not perform any write actions)
are registered with write permissions
- Some drivers that do not support read operation (does not
have read handler or ioctl do not perform any read actions)
are registered with read permissions
- Some drivers are registered with execute permissions
Solution:
- Iterate code where register_driver() is used and change 'mode'
parameter to reflect the actual read/write operations executed
by a driver
- Remove execute permissions from 'mode' parameter
Signed-off-by: Petro Karashchenko <petro.karashchenko@gmail.com>
1. The task which called nxsem_release_holder may not be a holder of the semaphore,
counts of the holder would not be decreamented.
This commit try to resolve the problem if there is only one holder.
2. Avoid counts overflow.
Signed-off-by: Zeng Zhaoxiu <walker.zeng@transtekcorp.com>