The delete flag is not synchronized with the life cycle of the group,
if the flag set before waitpid(), the tcb will be mistakenly deleted
by group_del_waiter(), use-after-free will happen.
Regression by:
| commit 29e50ffa73 (origin/master, origin/HEAD)
| Author: chao an <anchao@lixiang.com>
| Date: Mon Mar 4 09:19:27 2024 +0800
|
| sched/group: move task group into task_tcb_s to improve performance
|
| move task group into task_tcb_s to avoid access allocator to improve performance
|
| for Task Termination, the time consumption will be reduced ~2us (Tricore TC397 300MHZ):
| 15.97(us) -> 13.55(us)
|
| Signed-off-by: chao an <anchao@lixiang.com>
Signed-off-by: chao an <anchao@lixiang.com>
move task group into task_tcb_s to avoid access allocator to improve performance
for Task Termination, the time consumption will be reduced ~2us (Tricore TC397 300MHZ):
15.97(us) -> 13.55(us)
Signed-off-by: chao an <anchao@lixiang.com>
Change the type of task group member to single list chain to
avoid accessing the memory allocator to improve the performance
Signed-off-by: chao an <anchao@lixiang.com>
Task group could find from process id, replace group_findbypid to
task_getgroup to simplify the search logic
Signed-off-by: chao an <anchao@lixiang.com>
Detach the address environment handling from the group structure to the
tcb. This is preparation to fix rare cases where the system (MMU) is left
without a valid page directory, e.g. when a process exits.
Implement a function for dropping references to the group structure and
finally freeing the allocated memory, if the group has been marked for
destruction
This is just unnecessary, a process cannot be destroyed by another
process in any case, every time this is executed the active address
environment is the process getting destroyed.
Even in the hypothetical case this was possible, the system would
crash at once if a context switch happens between "select()" and
"restore()", which is possible as the granule allocator is protected by
a semaphore (which is a synchronization point).
- Also remove the nuttx private shm.h file nuttx/mm/shm.h, which became redundant
- Also remove the gran allocator initialization/release in binfmt since common
vpage allocator is initialized in group_create/group_leave
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
tg_info is still in use after task_uninit_info(), unifies
lib_stream_* with life cycle of task info to avoid this issue.
| ==1940861==ERROR: AddressSanitizer: heap-use-after-free on address 0xf47032e0 at pc 0x5676dc4f bp 0xf2f38c68 sp 0xf2f38c58
|
|#10 0xf7abec89 in __asan::__asan_report_load2 (addr=4100993760) at ../../../../src/libsanitizer/asan/asan_rtl.cpp:119
|#11 0x5677356a in nxsem_destroy (sem=0xf47032e0) at semaphore/sem_destroy.c:73
|#12 0x56773695 in sem_destroy (sem=0xf47032e0) at semaphore/sem_destroy.c:120
|#13 0x5676faa2 in nxmutex_destroy (mutex=0xf47032e0) at include/nuttx/mutex.h:126
|#14 0x567a3430 in lib_stream_release (group=0xf4901ba0) at stdio/lib_libstream.c:98
|#15 0x5676da75 in group_release (group=0xf4901ba0) at group/group_leave.c:162
|#16 0x5676e51c in group_leave (tcb=0xf5377740) at group/group_leave.c:360
|#17 0x569fe79b in nxtask_exithook (tcb=0xf5377740, status=0) at task/task_exithook.c:455
|#18 0x569f90b9 in _exit (status=0) at task/exit.c:82
|#19 0x56742680 in exit (status=0) at stdlib/lib_exit.c:61
|#20 0x56a69c78 in iperf_showusage (progname=0xf2f28838 "iperf", exitcode=0) at iperf_main.c:91
|#21 0x56a6a6ec in iperf_main (argc=1, argv=0xf2f28830) at iperf_main.c:140
|#22 0x5679c148 in nxtask_startup (entrypt=0x56a69c78 <iperf_main>, argc=1, argv=0xf2f28830) at sched/task_startup.c:70
|#23 0x56767f58 in nxtask_start () at task/task_start.c:134
Signed-off-by: chao an <anchao@xiaomi.com>
The task_group specific list can be used to store information about
mmappings.
For a driver or filesystem performing mmap can also enable munmap by
adding an item to this list using mm_map_add(). The item is then
returned in the corresponding munmap call.
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
Summary:
- I noticed that nxplayer (HTTP audio streaming) + command execution
via telnet sometimes causes memory corruption.
See https://github.com/apache/nuttx/pull/7947 for the detail.
- This commit fixes this issue by calling lib_stream_release() before
lib_stream_release() in group_leave.c
Impact:
- Should be none
Testing:
- Tested with spresense:wifi_smp
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
This is preparation for flushing streams from user space, like it should
be done.
- Move tg_streamlist (group, kernel space) ->
ta_streamlist (TLS, user space)
- Access stream list via tg_info in kernel
- Access stream list via TLS in user space
- Remove / rename nxsched_get_streams -> lib_getstreams
- Remove system call for nxsched_get_streams
Summary:
- In case of SMP and ADDRENV, allocate current group for each cpu
- g_pid_current holds pid of the group and uses for addrenv switching
- allocate g_group_current for each cpu in stead of g_pid_current
- g_group_current is the array that pointed to the current task_group_s struct
Impact:
- ADDRENV=y and SMP=y
Testing:
- sabre-6quad:smp w/ qemu
- sabre-6quad:knsh w/ qemu
- sabre-6quad:knsh_smp w/ qemu (WIP)
Signed-off-by: Oki Minabe <minabe.oki@gmail.com>
Summary:
- I noticed that exiting task or pthread causes dataabort if ARCH_ADDRENV=y
- This commit fixes this issue by switching the addrenv correctly
Impact:
- CONFIG_ARCH_ADDRENV=y only
Testing:
- Tested with sabre-6quad:netknsh (not merged yet)
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
it is wrong to define a new grpid_t, but not reuse pid_t,
because it make getpid(parent) == getppid(child) impossible.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
1. remove descript management in mqueue, save code size
2. use i_ops instead of i_mqueue to remove the dup logic
Change-Id: Ie88960e50ddcae9c87977c9ad65a45297c663291
Signed-off-by: ligd <liguiding1@xiaomi.com>
1.Reduce the default size of task_group_s(~512B each task)
2.Scale better between simple and complex application
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: Ia872137504fddcf64d89c48d6f0593d76d582710
* Simplify EINTR/ECANCEL error handling
1. Add semaphore uninterruptible wait function
2 .Replace semaphore wait loop with a single uninterruptible wait
3. Replace all sem_xxx to nxsem_xxx
* Unify the void cast usage
1. Remove void cast for function because many place ignore the returned value witout cast
2. Replace void cast for variable with UNUSED macro
ez80: Fixing a few more compile problems. I am afraid that the 5.3.0 compiler it too buggy to use.
ez80: Additional build-related fixed.
eZ80: Updating to use the newest ZDSII 5.3.0 toolchain.
libs/: Remove references to CONFIG_DISABLE_SIGNALS. Signals can no longer be disabled.
syscall/: Remove references to CONFIG_DISABLE_SIGNALS. Signals can no longer be disabled.
wireless/: Remove references to CONFIG_DISABLE_SIGNALS. Signals can no longer be disabled.
Documentation/: Remove references to CONFIG_DISABLE_SIGNALS. Signals can no longer be disabled.
include/: Remove references to CONFIG_DISABLE_SIGNALS. Signals can no longer be disabled.
drivers/: Remove references to CONFIG_DISABLE_SIGNALS. Signals can no longer be disabled.
sched/: Remove references to CONFIG_DISABLE_SIGNALS. Signals can no longer be disabled.
configs: Remove references to CONFIG_DISABLE_SIGNALS. Signals can no longer be disabled.
arch/xtensa: Remove references to CONFIG_DISABLE_SIGNALS. Signals can no longer be disabled.
arch/z80: Remove references to CONFIG_DISABLE_SIGNALS. Signals can no longer be disabled.
arch/x86: Remove references to CONFIG_DISABLE_SIGNALS. Signals can no longer be disabled.
arch/renesas and arch/risc-v: Remove references to CONFIG_DISABLE_SIGNALS. Signals can no longer be disabled.
arch/or1k: Remove all references to CONFIG_DISABLE_SIGNALS. Signals are always enabled.
arch/misoc: Remove all references to CONFIG_DISABLE_SIGNALS. Signals are always enabled.
arch/mips: Remove all references to CONFIG_DISABLE_SIGNALS. Signals are always enabled.
arch/avr: Remove all references to CONFIG_DISABLE_SIGNALS. Signals are always enabled.
arch/arm: Remove all references to CONFIG_DISABLE_SIGNALS. Signals are always enabled.
Squashed commit of the following:
sched/sched/sched_getsockets.c: Fix an error in conditional compilation.
fs/: Remove all conditional logic based on CONFIG_NSOCKET_DESCRIPTORS == 0
Documentation/: Remove all references to CONFIG_NSOCKET_DESCRIPTORS == 0
include/: Remove all conditional logic based on CONFIG_NSOCKET_DESCRIPTORS == 0
libs/: Remove all conditional logic based on CONFIG_NSOCKET_DESCRIPTORS == 0
net/: Remove all conditional logic based on CONFIG_NSOCKET_DESCRIPTORS == 0
sched/: Remove all conditional logic based on CONFIG_NSOCKET_DESCRIPTORS == 0
syscall/: Remove all conditional logic based on CONFIG_NSOCKET_DESCRIPTORS == 0
tools/: Fixups for CONFIG_NSOCKET_DESCRIPTORS no longer used to disable sockets.
Squashed commit of the following:
configs/: The few configurations that formerly set CONFIG_NFILE_DESCRIPTORS=0 should not default, rather they should set the number of descriptors to 3.
fs/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
tools/: Tools updates for changes to usage of CONFIG_NFILE_DESCRIPTORS.
syscall/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
libs/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
include/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
drivers/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
Documentation/: Remove all references to CONFIG_NFILE_DESCRIPTORS == 0
binfmt/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
arch/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
net/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
sched/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
sched/Kconfig: CONFIG_NFILE_DESCRIPTORS may no longer to set to a value less than 3
configs/: Remove all settings for CONFIG_NFILE_DESCRIPTORS < 3
sched/mqueue: Rename all private static functions for use the nxmq_ vs. mq_ naming.
sched/mqueue: Rename all OS internal functions declared in sched/mqueue/mqueue.h to begin with nxmq_ vs. mq_. The mq_ prefix is reserved for standard application interfaces.
This is analogous to similar renaming that was done previously for semaphores.
Squashed commit of the following:
sched/signal: Fix a few compile warnings introduced by naming changes.
sched/signal: Rename all private, internal signl functions to use the nxsig_ prefix.
sched/signal: Rename sig_removependingsignal, sig_unmaskpendingsignal, and sig_mqnotempty to nxsig_remove_pendingsignal, nxsig_unmask_pendingsignal, and nxsig_mqnotempty to make it clear that these are OS internal interfaces.
sched/signal: Rename sig_findaction and sig_lowest to nxsig_find_action and nxsig_lowest to make it clear that these are OS internal interfaces.
sched/signal: Rename sig_allocatepingsigaction and sig_deliver to nxsig_alloc_pendingsigaction and nxsig_deliver to make it clear that these are OS internal interfaces.
sched/signal: Rename sig_cleanup, sig_release, sig_releasependingaction, and sig_releasependingsignal to nxsig_cleanup, nxsig_release, nxsig_release_pendingaction, and nxsig_release_pendingsignal to make it clear that these are OS internal interfaces.
sched/signal: Rename sig_tcbdispatch and sig_dispatch to nxsig_tcbdispatch and nxsig_dispatch to make it clear that these are OS internal interfaces.
sched/signal: Rename sig_releaseaction and sig_pendingset to nxsig_release_action and nxsig_pendingset to make it clear that these are OS internal interfaces.
sched/signal: Rename sig_initialize and sig_allocateactionblock to nxsig_initialize and nxsig_alloc_actionblock to make it clear that these are OS internal interfaces.