==2117790==ERROR: AddressSanitizer: global-buffer-overflow on address 0x64d9e3c0 at pc 0x59ac4e16 bp 0xcefe8058 sp 0xcefe8048
READ of size 1 at 0x64d9e3c0 thread T0
#0 0x59ac4e15 in up_nputs sim/up_nputs.c:54
#1 0x59a67e4c in syslog_default_write syslog/syslog_channel.c:220
#2 0x59a67823 in syslog_default_write syslog/syslog_write.c:101
#3 0x59a67f10 in syslog_write syslog/syslog_write.c:153
#4 0x59a651c3 in syslogstream_flush syslog/syslog_stream.c:60
#5 0x59a6564e in syslogstream_addchar syslog/syslog_stream.c:104
#6 0x59a6576f in syslogstream_putc syslog/syslog_stream.c:140
#7 0x5989fc4d in vsprintf_internal stdio/lib_libvsprintf.c:952
#8 0x598a1298 in lib_vsprintf stdio/lib_libvsprintf.c:1379
#9 0x59a64ea4 in nx_vsyslog syslog/vsyslog.c:223
#10 0x598a601a in vsyslog syslog/lib_syslog.c:68
#11 0x59b0e3dc in AIOTJS::logPrintf(int, char const*, ...) src/ajs_log.cpp:45
#12 0x59b03d56 in jse_dump_obj src/jse/quickjs/jse_quickjs.cpp:569
#13 0x59b03ea1 in jse_dump_error1(JSContext*, unsigned long long) src/jse/quickjs/jse_quickjs.cpp:602
#14 0x59b03dd9 in jse_dump_error(JSContext*) src/jse/quickjs/jse_quickjs.cpp:591
#15 0x59bed615 in ferry::DomComponent::callHook(char const*) src/framework/dom/component.cpp:65
#16 0x59bfe0ff in ferry::DomComponent::initialize() src/framework/dom/component.cpp:645
#17 0x59bb141d in dom_create_component(JSContext*, unsigned long long, unsigned long long, unsigned long long) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x365c41d)
#18 0x59b4c0d3 in AIOTJS::__createComponent(JSContext*, unsigned long long, int, unsigned long long*) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x35f70d3)
#19 0x5a56ec17 in js_call_c_function quickjs/quickjs.c:16108
Signed-off-by: wangbowen6 <wangbowen6@xiaomi.com>
Summary:
- I noticed that ps shows incorrect stack usage when running
getprime in the background.
- With CONFIG_ARCH_ADDRENV=y, a user task including pthread
allocates its stack in the user space that needs to be
accessed with a correct address environment.
- This commit fixes this issue.
Impact:
- CONFIG_ARCH_ADDRENV=y only
Testing:
- Tested with rv-virt:knsh64 on qemu-6.2
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
Summary:
- Current RISC-V/NuttX implementation assumes that text/data/heap
areas are continuous. In fact, CONFIG_ARCH_TEXT_VBASE and
CONFIG_ARCH_HEAP_VBASE are not used for memory allocation.
- This commit assigns dedicated virtual addresses for text and heap
which are the same approach to ARM-v7A/NuttX implementation.
Impact:
- None
Testing:
- Tested with rv-virt:knsh64 (will be updated later)
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
mpfs_write_tx_fifo() gets stuck in the following case:
- CDCACM is used
- ttyACM0 is opened and then closed from the remote end,
such as Linux or Windows
- data is written into ttyACM0 from NuttX
- tx fifo will never get empty and the system is stuck
Fix this by issuing an error code if the transmit fifo doesn't
proceed as expected. The error code is then propagated into
higher level keeping the system functional.
Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
nxsig_usleep() will wait for the next timer tick which is way
too much here. It's not sleeping 100 us, but rather, near 1/60 s.
This causes severe performance problems. Fix this by polling the
register for a while if the remote end is busy.
Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
- Clarify the macros MSSIO_EC_DEFAULT and MSSIO_EC_USB_DEFAULT
- Remove PULLDOWN bit from MSSIO_EC_DEFAULT, it was on by accident
- Fix some EC configuration macros; DRVSTR was wrong, clean up the others
- Define GPIO_PULLUP and GPIO_PULLDOWN like on many other platforms
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
Since the commit cf22dd8 (related to OpenAMP update), the notifyid
is no longer NOTIFY_ALL, but the vq id.
Utilize the vq id now properly as it's being provided. However,
vq id 0 generates action.
Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
so the user could disable the full image instrumentation,
but enable the instrumentation by files or directories.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
so the user could disable the full image instrumentation,
but enable the instrumentation by files or directories.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
without UBSan
```
text data bss dec hex filename
85612 208 142258 228078 37aee nuttx
```
with UBSan:
```
text data bss dec hex filename
194290 98164 208634 501088 7a560 nuttx
```
```c
int main(int argc, FAR char *argv[])
{
uint32_t ptr[32];
printf("Hello, World!! %lu\n", ptr[64]);
return 0;
}
```
Try to run this sample:
```
nsh> hello
ubsan_prologue: ================================================================================
ubsan_prologue: UBSAN: array-index-out-of-bounds in hello_main.c:39:37
__ubsan_handle_out_of_bounds: index 64 is out of range for type 'uint32_t [32]'
ubsan_epilogue: ================================================================================
Hello, World!! 1070182368
nsh>
```
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
OpenSBI vendor extension calls must not cause scheduling, as they're
part of M-mode trap handling. Thus, comment out nxsig_usleep() as
well, which is occasionally taken and crashes the system in that
case. Fix this by commenting out lines that have the potential to
cause scheduling.
Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
Summary:
- I noticed that QEMU shows high CPU usage if the number of
CPUs does not match the kernel configuration. (e.g. -smp 8
and CONFIG_SMP_NCPUS=2)
- This commit fixes this issue.
Impact:
- qemu-rv only
Testing:
- Tested with the following configs
- rv-virt:smp64 (CONFIG_NCPUS=1/2/8)
- rv-virt:nsh64
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
It is not really needed; g_hart_stacks is only used during SBI init as
a temporary stack area. We can use the scratch area buffers for this, as
the scratch areas define almost 4K of extra space, which is used for
exception stacks anyway.
The L3 table address was calculated incorrectly. For every 2MiB of
mapped memory, an offset of 4KiB is needed from the base of the L3
table. The old calculation failed if paddr was not aligned to a 2MiB
boundary.
RX_FIFO_ADDRs and TX_FIFO_ADDR were misconfigured. These addresses
overlapped causing data corruption during high USB loads. For
example, data corruption was present during the following conditions:
1. Composite USB driver was used (CDC/ACM + Mass storage)
2. /dev/ttyACM0 was accessed instantly from Linux side when
starting up.
3. Training data was sent to /dev/ttyACM0 from NuttX from the
very beginning periodically.
It was observed that while Mass storage was negotiating, sometimes
data sent from NuttX to Linux via CDC/ACM was corrupt, although it
was sent properly on the TX fifo.
Also, don't access TXCSRL_REG_EPN_TX_FIFO_NE_MASK for EP0 as it's
not applicable.
Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
Initialize .domains_init function entry point in sbi_platform_operations when
CONFIG_OPENSBI_DOMAINS=y. In this case, the board specific code must provide
the "board_domains_init" function.
Signed-off-by: Jouni Ukkonen <jouni.ukkonen@unikie.com>
With faster data transfer rates, it was seen that the read
requests occasionally were issued while the USB RX operation
was actually in progress. This patch makes sure the system
doesn't accidentally read the RX fifo while it's being filled
up, but rather, checks for the RXCSRL_REG_EPN_RX_PKT_RDY_MASK
flag. This flag indicates the packet is ready to be read.
Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
cache_dbus_mmu_set and cache_ibus_mmu_set return positive values in case
of errors, so DEBUVERIFY could never detect them since this macro checks
for negative values.
Besides, the successful execution of those functions is mandatory for
the reliable operation under Protected Mode, so the verification is
always performed, even when DEBUG is not enabled.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
forget to update in this patch:
commit b02db04e00
Author: Xiang Xiao <xiaoxiang@xiaomi.com>
Date: Sun Jun 5 17:10:19 2022 +0800
arch/assert: Keep the thread dump column order same as ps
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
1.Move __XSTR from include/arch.h to include/irq.h
2.Move FLOAD/FSTORE and REGLOAD/REGSTORE from include/arch.h to src/common/riscv_internal.h
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
The "p" format specifier already prepends the pointer address with "0x"
when printing.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
Starting the rptun with the autostart flag set will cause significant
delays at the boot, as it will wait for the master to be up. U-boot/linux
combination may take more than 10 seconds to boot to the point where the
rpmsg bus is initialized.
For now, the user needs to initialize the rptun separately, for example,
by issuing the following command:
rptun start /dev/rptun/mpfs-ihc
This command will also block if started before the rpmsg bus master is up.
Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
Move the linker defined symbols to a separate file, so they can be
accessed without pulling in everything from riscv_internal.h and
whatever it includes (e.g. syscall.h drags in a lot).
Add a function to easily enable event handling on fabric and mss gpios. This
is similar to what exists e.g. for stm32 arm chips.
Also fix some small bugs in mpfs_configgpio related to IRQ bits configuration
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
This patch fixes the following issues:
1. MPFS_EMMCSD_HRS06_EMM bitmask had to be 0x7, not 0x03
2. putreg32() caused outright memory corruption as the
arguments were in wrong order
Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
The old implementation needed a contiguous memory block for user
ROM/RAM. This is because there was only 1 L3 page table which can only
map a contiguous memory area.
Also, remove the PMP configuration which just complicates things,
rely on the MMU mappings instead.
Update PLL configuration parameters to match the values provided
by the vendor.
Also remove extra call to mpfs_pll_config() as it's already called
at mpfs_clockconfig().
Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
Summary:
- I noticed that sometimes uart shows nothing on the maix-bit board.
- This commit adds a workaround to avoid such the issue
Impact:
- k210 only
Testing:
- Tested with maix-bit
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
This provides USB composite (CDC/ACM and Mass Storage) support
for mpfs board. In addition, a number of USB fixes are included:
- Support for Setup Out packets
- Proper support for larger than packet size writes
- Finishing setup packets properly
Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
Output "X" with showprogress and make a system reset.
Silently ignoring failed training is dangerous and will cause random behaviour if DDR is used
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
since the code could map the unsupported work to the
supported one and remove select SCHED_WORKQUEUE from
Kconfig since SCHED_[L|H]PWORK already do the selection
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Linux kernel uses M-mode trap for handling Inter-Hart Communication (IHC).
This patch provides all the required functionalities for this purpose.
Previously, HSS bootloader was required. Now, NuttX is run as the
bootloader providing OpenSBI vendor extensions instead. This setup has
been tested on the following configuration:
- Hart 0 has NuttX in bootloader mode with OpenSBI
- Hart 1 unused
- Hart 2 has NuttX configured at 0xa2000000
- Hart 3 has U-boot / Linux kernel (at 0x80200000)
- Hart 4 has U-boot / Linux kernel (at 0x80200000)
Upon startup, NuttX on hart 0 will initialize SD-card driver, loads
the hart 2 NuttX from the SD-card and loads the U-boot to 0x80200000.
Also the nuttx.sbi -binary is loaded from SD-card into address 0x80000000,
which is also marked as reserved area in the Linux kernel device tree (for
the chuck 0x80000000 - 0x80200000).
Hart 2 NuttX waits until Linux kernel (IHC master) is started. After the
initial handshake, RPMsg / virtIO bus along with the IHC may be used for
proper AMP mode.
Signed-off-by: Eero Nurkkala <eero.nurkkala@offcode.fi>
Summary:
- I noticed that rv-virt:knsh64 crashes when it executes the init.
- This commit fixes this issue.
Impact:
- None
Testing:
- Tested with rv-virt:knsh64
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
The FPU register saving upon vfork entry was missing.
Also added macro that tells the actual size of an FPU reg, instead
of just having a coefficient for qfpu/no-qfpu.
