In embedded development environments, due to the lack of address isolation between processes,
fd may be passed between processes and lead to misuse,
We have designed an fd cross-process automatic detection tool,
fdcheck_protect returns the fd containing the pid information,
indicating that the ownership of the current fd belongs to the pid and is not allowed to be used by other processes.
fdcheck_restore will obtain the true fd and check if the ownership of the fd is legal
For ease of understanding, let's give an example where
the following information is represented in 32-bit binary format
fd 00000000 00000000 00000000 10001010
pid 00000000 00000000 00000011 01010101
ret 00000000 00000011 01010101 10001010
Signed-off-by: hujun5 <hujun5@xiaomi.com>
in the initial impl, the regex is depends on ALLOW_MIT_COMPONENTS, and
if other modules want to use regex, also needs to depends on
ALLOW_MIT_COMPONENTS, which is ambiguity, so we provide a seperate
kconfig option for regex: LIBC_REGEX, which is depends on
ALLOW_MIT_COMPONENTS, but is enabled by default. Thus if
ALLOW_MIT_COMPONENTS is enabled, then the LIBC_REGEX is also enabled
either automatically, and this is more clear than controlled by
ALLOW_MIT_COMPONENTS option only.
Signed-off-by: guoshichao <guoshichao@xiaomi.com>
- Linux: What inside /etc/hosts comes first.
- NuttX: Even if we write a domain in /etc/hosts, we still use DNS
result instead of hosts lines. This patch change this behavior.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Add the `LIBC_PREVENT_STRING_KERNEL` and `LIBC_PREVENT_STRING_USER`
that are meant to be selected by the chip if no libc implementation
is going to be built. If selected, neither NuttX's software version
of the libc nor any architecture-specific implementation will be
built in the kernel or in the userspace, respectively. In this
case, the linker may provide a ROM-defined version of the libc
functions instead.
FD (file descriptor) is widely used in system software development,
and almost all implementations of posix os (including nuttx) use FD as an index.
the value of fd needs to be allocated starting from the minimum available value of 3, and each process has a copy,
so the same fd value is very easy to reuse in the program.
In multi threaded or multi process environments without address isolation,
If the ownership, global variables, and competition relationships of fd are not properly handled,
there may be issues with fd duplication or accidental closure.
Further leading to the following issues, which are difficult to troubleshoot.
1. Security vulnerability: the fd we wrote is not the expected fd and will be accessed by hackers to obtain data
2. Program exceptions or crashes: write or read fd failures, and program logic errors
3. The structured file XML or database is damaged: the data format written to the database is not the expected format.
The implementation principle of fdsan is based on the implementation of Android
https://android.googlesource.com/platform/bionic/+/master/docs/fdsan.md
Signed-off-by: hujun5 <hujun5@xiaomi.com>
https://pubs.opengroup.org/onlinepubs/9699919799/functions/pthread_setcancelstate.html
The pthread_setcancelstate() function may fail if:
[EINVAL]
The specified state is not PTHREAD_CANCEL_ENABLE or PTHREAD_CANCEL_DISABLE.
The pthread_setcanceltype() function may fail if:
[EINVAL]
The specified type is not PTHREAD_CANCEL_DEFERRED or PTHREAD_CANCEL_ASYNCHRONOUS.
Signed-off-by: zhangyuan21 <zhangyuan21@xiaomi.com>
https://pubs.opengroup.org/onlinepubs/9699919799/functions/pthread_once.html
If an implementation detects that the value specified by the once_control
argument to pthread_once() does not refer to a pthread_once_t object
initialized by PTHREAD_ONCE_INIT, it is recommended that the function
should fail and report an [EINVAL] error.
Signed-off-by: zhangyuan21 <zhangyuan21@xiaomi.com>
=================================================================
==2920138==ERROR: AddressSanitizer: invalid-pointer-pair: 0x603000000130 0x000000000000
#0 0x5602d3c6a89d in qsort stdlib/lib_qsort.c:180
#1 0x5602d3c28928 in romfs_cachenode romfs/fs_romfsutil.c:503
#2 0x5602d3c2854d in romfs_cachenode romfs/fs_romfsutil.c:486
#3 0x5602d3c2b056 in romfs_fsconfigure romfs/fs_romfsutil.c:777
#4 0x5602d3c24856 in romfs_bind romfs/fs_romfs.c:1111
#5 0x5602d3bf5179 in nx_mount mount/fs_mount.c:427
#6 0x5602d3bf5796 in mount mount/fs_mount.c:539
#7 0x5602d3bc1154 in nsh_romfsetc apps/nshlib/nsh_romfsetc.c:110
#8 0x5602d3b8f38d in nsh_initialize apps/nshlib/nsh_init.c:127
#9 0x5602d3b8f2b7 in nsh_main apps/system/nsh/nsh_main.c:69
#10 0x5602d3b7a3a6 in nxtask_startup sched/task_startup.c:70
#11 0x5602d3b5de89 in nxtask_start task/task_start.c:134
0x603000000130 is located 0 bytes inside of 32-byte region [0x603000000130,0x603000000150)
allocated by thread T0 here:
#0 0x7fcdac74793c in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226
#1 0x5602d3c9024e in host_memalign sim/posix/sim_hostmemory.c:180
#2 0x5602d3c907d2 in host_realloc sim/posix/sim_hostmemory.c:222
#3 0x5602d3b8aaff in mm_realloc sim/sim_heap.c:262
#4 0x5602d3b87a6a in realloc umm_heap/umm_realloc.c:91
#5 0x5602d3c280c4 in romfs_cachenode romfs/fs_romfsutil.c:466
#6 0x5602d3c2854d in romfs_cachenode romfs/fs_romfsutil.c:486
#7 0x5602d3c2b056 in romfs_fsconfigure romfs/fs_romfsutil.c:777
#8 0x5602d3c24856 in romfs_bind romfs/fs_romfs.c:1111
#9 0x5602d3bf5179 in nx_mount mount/fs_mount.c:427
#10 0x5602d3bf5796 in mount mount/fs_mount.c:539
#11 0x5602d3bc1154 in nsh_romfsetc apps/nshlib/nsh_romfsetc.c:110
#12 0x5602d3b8f38d in nsh_initialize apps/nshlib/nsh_init.c:127
#13 0x5602d3b8f2b7 in nsh_main apps/system/nsh/nsh_main.c:69
#14 0x5602d3b7a3a6 in nxtask_startup sched/task_startup.c:70
#15 0x5602d3b5de89 in nxtask_start task/task_start.c:134
Address 0x000000000000 is a wild pointer.
SUMMARY: AddressSanitizer: invalid-pointer-pair stdlib/lib_qsort.c:180 in qsort
==2920138==ABORTING
Aborted (core dumped)
Signed-off-by: chao an <anchao@xiaomi.com>
CURRENT_REGS may change during assert handling, so pass
in the 'regs' parameter at the entry point of _assert.
Signed-off-by: zhangyuan21 <zhangyuan21@xiaomi.com>
The setbuffer() function is a wrapper around setvbuf() which
enables full buffering on a buffer allocated by the caller, assuming
buffer is not a null pointer.
The current implementation requires the use of enter_critical_section, so the source code needs to be moved to kernel space
Signed-off-by: hujun5 <hujun5@xiaomi.com>
Use double delim to fix windows native build and give an error:
makefile:132: *** target mode do not include“%”. stop.
In Windows environment DELIM := $(strip \) but \ has two role:
first: \ as directory, and second \ as Escape character, Reference:
https://github.com/apache/nuttx/pull/7572#discussion_r1028219229
Signed-off-by: chao an <anchao@xiaomi.com>