Commit Graph

719 Commits

Author SHA1 Message Date
wangmingrong
64cbafeaa0 mm/kasan: Delete the lock when adding regions
Signed-off-by: wangmingrong <wangmingrong@xiaomi.com>
2024-08-30 01:35:09 +08:00
wangjianyu3
fa5d843aa9 assert in kasan_set_poison() if size is zero
e.g. mm_realloc() => kasan_poison() => kasan_set_poison()
  _assert: Assertion failed p != ((void*)0): at file: kasan/kasan.c:239 task: nsh_main process: nsh_main 0x4402caa5
Signed-off-by: wangjianyu3 <wangjianyu3@xiaomi.com>
2024-08-30 01:35:09 +08:00
yinshengkai
5d0ffdf44e mm: add disable kasan panic configuration
In some cases we hope to be able to find errors without affecting the running of the program

Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-08-30 01:35:09 +08:00
yinshengkai
a9afed96b9 mm/kasan: print memory around poisoned address
Print shadow memory following asan format.
==3118004==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5618ac32a100 at pc 0x5618ac32727f bp 0x7ffe5f3e66f0 sp 0x7ffe5f3e66e0
WRITE of size 4 at 0x5618ac32a100 thread T0

#0 0x5618ac32727e in main /home/baerg/vela/x4b/asan_test.c:12
#1 0x7f221ce29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#2 0x7f221ce29e3f in __libc_start_main_impl ../csu/libc-start.c:392
#3 0x5618ac327144 in _start (/home/baerg/vela/x4b/asan_test+0x1144)
0x5618ac32a100 is located 0 bytes to the right of global variable 'buffer' defined in 'asan_test.c:5:6' (0x5618ac32a0e0) of size 32
SUMMARY: AddressSanitizer: global-buffer-overflow /home/baerg/vela/x4b/asan_test.c:12 in main
Shadow bytes around the buggy address:
0x0ac39585d3d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac39585d3e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac39585d3f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac39585d400: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 f9
0x0ac39585d410: f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
=>0x0ac39585d420:[f9]f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac39585d430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac39585d440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac39585d450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac39585d460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac39585d470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-08-30 01:35:09 +08:00
yinshengkai
84333881d7 mm: add mm_largest api to get the current largest available memory block
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-08-25 23:09:28 +08:00
yinshengkai
2cdfda149a mm: memory pressure support returns the maximum available memory
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-08-25 23:09:28 +08:00
yinshengkai
49d1b4198f mm: add memory pressure notification support
Add mm_heap_free interface to pass remaining memory to memory pressure

Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-08-25 23:09:28 +08:00
Petro Karashchenko
d499ac9d58 nuttx: fix multiple 'FAR', 'CODE' and style issues
Signed-off-by: Petro Karashchenko <petro.karashchenko@gmail.com>
2024-08-25 19:22:15 +08:00
fangpeina
dbdeaa2ada libc/execinfo: extract a common backtrace format function
Add a common method to format backtrace to buffer, so it can be used by both mm, fs and other possoble modules.

Signed-off-by: fangpeina <fangpeina@xiaomi.com>
2024-08-21 18:01:24 +08:00
anjiahao
a9fb366314 mempool:fix bug when deinit mpool, wrong parameters used
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-08-21 18:01:24 +08:00
anjiahao
e6bf25a714 mempool:Need check mpool is NULL
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-08-21 18:01:24 +08:00
anjiahao
8f92695ee1 mempool:need unposion memory when deinit
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-08-21 18:01:24 +08:00
anjiahao
80ea8c3cc7 mempool:fix bug when free a alignment address
The mempool mistakenly considers the heap memory as its own

The recurring scenario only occurs in mempool_deinit
test code in hello_main:

int main(int argc, FAR char *argv[])
{
  void *a = malloc(1024*64);
  void *d[16];
  void *heap = mm_initialize("123", a, 1024 * 64);
  for (int i = 0; i < 16; i++)
    {
        d[i] = mm_malloc(heap,32);
    }

  for (int i = 0; i < 16; i++)
    {
      if (d[i] != NULL)
        mm_free(heap,d[i]);
    }

  mm_uninitialize(heap);
  free(a);
  return 0;
}

and crash backtrace

0  _assert (filename=0x4ea20 "mempool/mempool.c", linenum=373, msg=0x0 <up_perf_convert>, regs=0x0 <up_perf_convert>)
   at misc/assert.c:551
1  0x0000a32c in __assert (filename=0x4ea20 "mempool/mempool.c", linenum=373, msg=0x0 <mempool_multiple_foreach>)
   at assert/lib_assert.c:36
2  0x0000f92c in mempool_release (pool=0x100e7a0, blk=0x100ff80) at mempool/mempool.c:373
3  0x000109ce in mempool_multiple_free (mpool=0x100e6f8, blk=0x100ff80) at mempool/mempool_multiple.c:648
4  0x0000deac in mm_delayfree (heap=0x100e090, mem=0x1010000, delay=false) at mm_heap/mm_free.c:83
5  0x0000e21c in mm_free (heap=0x100e090, mem=0x1010000) at mm_heap/mm_free.c:242
6  0x0001021c in mempool_multiple_free_chunk (mpool=0x100e6f8, ptr=0x1010000) at mempool/mempool_multiple.c:222
7  0x0001048e in mempool_multiple_free_callback (pool=0x100e7a0, addr=0x1010080) at mempool/mempool_multiple.c:291
8  0x0000ff6e in mempool_deinit (pool=0x100e7a0) at mempool/mempool.c:644
9  0x00010cba in mempool_multiple_deinit (mpool=0x100e6f8) at mempool/mempool_multiple.c:883
10 0x0000dd0c in mm_uninitialize (heap=0x100e090) at mm_heap/mm_initialize.c:326
11 0x0002c742 in hello_main (argc=1, argv=0x100d050) at hello_main.c:54
12 0x0000a83e in nxtask_startup (entrypt=0x2c6a5 <hello_main>, argc=1, argv=0x100d050) at sched/task_startup.c:70
13 0x00005272 in nxtask_start () at task/task_start.c:112

Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-08-21 18:01:24 +08:00
anjiahao
8c52317a45 mempool:fix mempool memdump address incorrect printing
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-08-21 18:01:24 +08:00
anjiahao
7c34ece5d6 mempool:fix memdump leak will hang on spinlock
root cuase is getpid use spinlock
can read mempool nodes without needing spinlock protection.

Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-08-21 18:01:24 +08:00
anjiahao
73f506b65f mempool: safe memdump for smp, if syslog will switch context
remove alist, switch to a convenient way to traverse
the physical address directly.

At the same time, we can use `gurad` to mark whether
it is free or alloc or out of bounds check

Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-08-21 18:01:24 +08:00
yinshengkai
659f3b5ff6 mm: remove mempool_sq_count
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-08-21 18:01:24 +08:00
anjiahao
0687466223 mempool:alloc for sq head, free to sq last useful debug
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
Signed-off-by: liwenxiang1 <liwenxiang1@xiaomi.com>
2024-08-21 18:01:24 +08:00
guoshichao
61cd8c379e mm/mempool: rename the mempool_alloc and mempool_free function
the mempool_alloc and mempool_free function are duplicate with the
mempool method that provided in optee_os, in order to port optee_os, so
we rename the mempool related functions in nuttx

Signed-off-by: guoshichao <guoshichao@xiaomi.com>
2024-08-18 19:46:54 +08:00
Ville Juven
073bb31c3b mm/map/vm_region.c: Fix formatting error
mm/map/vm_region.c:131:7: error: If statement followed by garbage
2024-08-16 09:50:23 -03:00
Ville Juven
971ca501b9 mm/map/vm_region.c: Fix usage of void* arithmetics
Fixes build error:
map/vm_region.c: In function 'vm_map_region':
map/vm_region.c:128:16: error: pointer of type 'void *' used in arithmetic [-Werror=pointer-arith]
  128 |   return vaddr + (MM_PGMASK & paddr);
      |                ^
cc1: all warnings being treated as errors
2024-08-16 09:50:23 -03:00
anjiahao
aee17d6cc2 kasan:fix bug write error is recognized as read error
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-08-12 02:00:04 +08:00
Yanfeng Liu
cafee0e086 mm/mm.h: add mm_free_delaylist interface
This adds explicit `void mm_free_delaylist(heap)` interface so that
to force freeing the heap's delaylist.

Signed-off-by: Yanfeng Liu <yfliu2008@qq.com>
2024-08-03 01:30:04 +08:00
buxiasen
de460b5a10 mm_ubsan: add dummy to bypass runtime actions
Signed-off-by: buxiasen <buxiasen@xiaomi.com>
2024-07-10 20:09:39 +08:00
buxiasen
410ed94655 mm_ubsan: add implement for dynamic_type_cache_miss
Signed-off-by: buxiasen <buxiasen@xiaomi.com>
2024-07-09 17:07:50 +08:00
fangpeina
242b50f921 libc/execinfo: extract a common backtrace format function
Add a common method to format backtrace to buffer, so it can be used by both mm, fs and other possoble modules.

Signed-off-by: fangpeina <fangpeina@xiaomi.com>
2024-06-29 22:44:39 +08:00
buxiasen
756d9508bc mm: mm_threshold perfer from init
Signed-off-by: buxiasen <buxiasen@xiaomi.com>
2024-06-26 00:20:44 +08:00
buxiasen
cf574fa466 mm: add mm_initialize_pool, make pool more flexible
now allow enable pool for extra heap, and disable umm/kmm pool.

Signed-off-by: buxiasen <buxiasen@xiaomi.com>
2024-06-25 16:42:06 +08:00
Tiago Medicci Serrano
50aeea2dc0 mm/iob: Simplify IOB alloc/free logic
- `g_iob_sem.semcount` must be equal to the total number of free IOBs.
It can also be negative if there are no free IOBs and there are threads
waiting for an IOB.
- g_throttle_sem.semcount represents the number of IOBs available for
throttled IOB allocations. Like any other semaphore, it should only go
negative if there is a thread waiting for it.
- Both semaphores are related to the same resource (free IOBs), hence,
they must be incremented/decremented simultaneously:
  - Whenever a IOB buffer is freed, if a thread is waiting for a
non-throttled IOB or a thread is waiting for a throttled IOB and we
have at least `CONFIG_IOB_THROTTLE` buffers available, the IOB is put
in the committed list (`g_iob_committed`). Otherwise, it is put in the
common free list (`g_iob_freelist`).
  - `g_iob_sem` is always incremented when an IOB buffer is freed, but
`g_throttle_sem` is incremented only if we have at least CONFIG_IOB_THROTTLE
buffers free.
  - Both semaphores are posted with the schedule locked to avoid any
mismatches in the semaphores count.
  - If a task is waiting for an IOB semaphore (`iob_allocwait`) is
awakened and would check the `g_iob_committed`. The highest priority
task waiting for a semaphore will be awakened first.
2024-06-25 15:21:00 +08:00
buxiasen
870d989d6c mm: seperate mm_pool and mm_pool init
make possible enable pool, but disabled in system heap.
also compatible for further extra heap use/not use pool.
Now use MM_HEAP_MEMPOOL_THRESHOLD -1 to indicate pool disabled.

Signed-off-by: buxiasen <buxiasen@xiaomi.com>
2024-06-23 11:09:39 +08:00
gaohedong
dc651e090e net/can: Add SO_RCVBUF option for can socket
If the CAN stack receiving packets fast, but the application layer reading packets slow. Then `conn->readahead` will continue to grow, leading to memory leaks. Finally CAN stack potentially starve out all IOB buffers. To prevent memory leaks, users can restrict can socket buffer length.

Signed-off-by: gaohedong <gaohedong@xiaomi.com>
2024-06-14 19:54:07 +08:00
buxiasen
bdcda24a68 mm: fix mm_curused calculate err
before fix, the maxused shown in free command is not accurate.

Signed-off-by: buxiasen <buxiasen@xiaomi.com>
2024-06-07 03:29:02 +08:00
Xu Xingliang
b5f8498142 mm: check double free before adding to delaylist
If free memory is delayed, check case of double free in the first
place.

Signed-off-by: Xu Xingliang <xuxingliang@xiaomi.com>
2024-06-04 17:42:28 -03:00
Ville Juven
36cafbb37f mm/gran: Fix GRAN_ALIGNED() macro
GRAN_ALIGNED should check that the memory block's alignment (log2align)
is correct, not that the memory block is aligned with the granule size.

This fixes DEBUGASSERT() in mm_granfree:
_assert: Assertion failed : at file: mm_gran/mm_granfree.c:49

The assertion triggers if granule size != alignment.
2024-06-03 22:06:38 +08:00
yinshengkai
20ebe0e64c Replace all asserts in kernel code with ASSERT
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-05-17 10:18:16 -03:00
Yanfeng Liu
0f5ba00a50 mm/map: revise device mapping functions
This revises vm_map_region() by accepting unaligned paddr, which is
aligned-down before mapping and in-page offset is then added to vaddr
before returning. It also moves vm_map_region() and vm_unmap_region()
to vm_region.c.

Signed-off-by: Yanfeng Liu <yfliu2008@qq.com>
2024-05-03 23:58:39 +08:00
Yanfeng Liu
3822d88669 mm/arch: userspace device mapping support
This patch adds definitions to support user space device mappings
that allows devices like frame buffer to be accessible from user
space in kernel mode.

The are mainly two changes:

- in `mm/`:
  added vm_map_region(), vm_unmap_region() for drivers to do
  device mapping easily.
- in `arch/`:
  extended ARCH_SHM_NPAGES as user-space mapping region size.
  decoupled ARCH_SHM_MAXREGIONS from region size calculations and
  limit its usage only for SysV shm purposes.

Signed-off-by: Yanfeng Liu <yfliu2008@qq.com>
2024-04-26 12:11:35 +08:00
zhanghongyu
b934555fd1 mm/iob: Support alloc IOB via malloc
Support the network interface card driver to receive zero copies of packets and send and receive giant frame packets, allowing drivers to initialize the DMA buffer to the iob structure, and we can apply for IOB with large memory

Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
2024-04-26 01:06:21 +08:00
zhanghongyu
00d208baf6 mm/iob: replace CONFIG_IOB_BUFSIZE to IOB_BUFSIZE(iob)
Variable length iob can be supported

Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
2024-04-26 01:06:21 +08:00
Yanfeng Liu
102a62c7e3 mm/mm_gran: remove allocation size limitation
This patch refactors granule allocator to remove the 32 granules
limitation with the help of a gran_range_s structure and related
functions, see "mm_grantable.h" for details.

Below are the major functions explaining how this works:

- The gran_match() checks if a gran range all in the given state.
  it gives last mismatch position when fails free range matching.
- The gran_search() tries to find the position of a free range.
  It leverages last mismatch position from gran_match() to speed
  up the search.

range size handling is mainly in gran_match() and gran_set_().

Signed-off-by: Yanfeng Liu <yfliu2008@qq.com>
2024-04-20 16:24:37 -03:00
Yanfeng Liu
8d4eae41c1 arch/kconfig: revising kernel mapping configs
- Add ARCH_KVMA_MAPPING to guard kernel mapping.
- Set dependency from MM_KMAP to ARCH_KVMA_MAPPING, as per commit
  70de321de3.

Signed-off-by: Yanfeng Liu <yfliu2008@qq.com>
2024-04-18 17:10:04 +08:00
Yanfeng Liu
24df2cc177 mm/map: minor reformating
This is for easier grep searching.

Signed-off-by: Yanfeng Liu <yfliu2008@qq.com>
2024-04-11 14:15:57 +08:00
W-M-R
0ede3fc377 kasan: Implementing global variable out of bounds detection
Extracting global variable information using scripts:
kasan_global.py:
1. Extract the global variable information provided by the -- param asan globals=1 option
2. Generate shadow regions for global variable out of bounds detection
Makefile:
1. Implement multiple links, embed the shadow area into the program, and call it by the Kasan module

Signed-off-by: W-M-R <mike_0528@163.com>
2024-04-07 23:31:13 +08:00
chao an
feb6ede434 sched/cpu: replace up_cpu_index() to this_cpu()
In SMP mode, up_cpu_index()/this_cpu() are the same, both return the index of the physical core.
In AMP mode, up_cpu_index() will return the index of the physical core, and this_cpu() will always return 0

| #ifdef CONFIG_SMP
| #  define this_cpu()             up_cpu_index()
| #elif defined(CONFIG_AMP)
| #  define this_cpu()             (0)
| #else
| #  define this_cpu()             (0)
| #endif

Signed-off-by: chao an <anchao@lixiang.com>
2024-03-21 18:52:35 +08:00
wangmingrong
d2fd043575 mm: Using Macros Instead of Memory to Fill Labels
Signed-off-by: wangmingrong <wangmingrong@xiaomi.com>
2024-03-14 22:48:19 +08:00
Yanfeng Liu
813f67f93b mm_heap/mm.h: revising comments
Revising comments to be in line with code

Signed-off-by: Yanfeng Liu <yfliu2008@qq.com>
2024-03-12 19:44:48 +08:00
Yanfeng Liu
5ac401d941 mm/kconfig: fix typo in MM_DEFAULT_ALIGNMENT
This fixes minor typo in MM_DEFAULT_ALIGNMENT

Signed-off-by: Yanfeng Liu <yfliu2008@qq.com>
2024-03-11 13:12:34 +08:00
Masayuki Ishikawa
e67d32a5ba Revert "fix variable set but not used"
This reverts commit d2d93ba58c.
2024-02-21 21:29:48 -08:00
yinshengkai
d2d93ba58c fix variable set but not used
These variables will trigger variable 'ret' set but not used warnings due to different configurations.

Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-02-21 13:28:20 -03:00
chao an
39a0e6fa74 toolchain/lto: enable lto flags only on GNU toolchain
Some commercial customized toolchains do not support these options

Signed-off-by: chao an <anchao@lixiang.com>
2024-02-18 00:47:53 -08:00