without UBSan
```
text data bss dec hex filename
85612 208 142258 228078 37aee nuttx
```
with UBSan:
```
text data bss dec hex filename
194290 98164 208634 501088 7a560 nuttx
```
```c
int main(int argc, FAR char *argv[])
{
uint32_t ptr[32];
printf("Hello, World!! %lu\n", ptr[64]);
return 0;
}
```
Try to run this sample:
```
nsh> hello
ubsan_prologue: ================================================================================
ubsan_prologue: UBSAN: array-index-out-of-bounds in hello_main.c:39:37
__ubsan_handle_out_of_bounds: index 64 is out of range for type 'uint32_t [32]'
ubsan_epilogue: ================================================================================
Hello, World!! 1070182368
nsh>
```
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
since it is impossible to track producer and consumer
correctly if TCP/IP stack pass IOB directly to netdev
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
The free node is still in use after kasan_poison(), the node member
access will cause the assert report by kasan.
| (gdb) bt
| #0 kasan_report (addr=1743265406637584896, size=140737337053680, is_write=46) at kasan/kasan.c:97
| #1 0x0000555555607bdd in __asan_loadN_noabort (addr=140737272831420, size=4) at kasan/kasan.c:289
| #2 0x0000555555607cd7 in __asan_load4_noabort (addr=140737272831420) at kasan/kasan.c:323
| #3 0x00005555556061ef in gmtime_r (timep=0x7ffff3275dbc, result=0x7ffff3275e10) at time/lib_gmtimer.c:301
| #4 0x000055555560e507 in sim_rtc_rdtime (lower=0x55555576b780 <g_sim_rtc>, rtctime=0x7ffff3275e10) at sim/up_rtc.c:77
| #5 0x00005555555fcbdb in up_rtc_gettime (tp=0x7ffff3275ef0) at timers/arch_rtc.c:128
| #6 0x00005555555f08b4 in clock_systime_timespec (ts=0x7ffff3275ef0) at clock/clock_systime_timespec.c:72
| #7 0x00005555555ecc77 in note_common (tcb=0x7ffff31d2180, note=0x7ffff3275f80, length=21 '\025', type=18 '\022') at sched/sched_note.c:144
| #8 0x00005555555ed706 in sched_note_syscall_enter (nr=1, argc=0) at sched/sched_note.c:765
| #9 0x000055555560eb37 in __wrap_getpid () at wraps/WRAP_getpid.c:26
| #10 0x0000555555608d1c in mm_takesemaphore (heap=0x7ffff30ae000) at mm_heap/mm_sem.c:127
| #11 0x0000555555609477 in mm_free (heap=0x7ffff30ae000, mem=0x7ffff3265b80) at mm_heap/mm_free.c:89
| #12 0x00005555556070c5 in free (mem=0x7ffff3265b80) at umm_heap/umm_free.c:49
| #13 0x000055555560c3b0 in up_release_stack (dtcb=0x7ffff31e4b00, ttype=0 '\000') at sim/up_releasestack.c:67
| #14 0x00005555555f2515 in nxsched_release_tcb (tcb=0x7ffff31e4b00, ttype=0 '\000') at sched/sched_releasetcb.c:134
| #15 0x00005555556bdf0c in nxtask_terminate (pid=4, nonblocking=true) at task/task_terminate.c:184
| #16 0x00005555556bdb0f in nxtask_exit () at task/task_exit.c:168
| #17 0x000055555566e05f in up_exit (status=0) at sim/up_exit.c:64
| #18 0x000055555564f454 in _exit (status=0) at task/exit.c:78
| #19 0x000055555560ea89 in __wrap__exit (parm1=0) at wraps/WRAP__exit.c:27
| #20 0x00005555555eb288 in exit (status=0) at stdlib/lib_exit.c:54
| #21 0x00005555555fe2cc in nxtask_startup (entrypt=0x555555670c34 <critmon_start_main>, argc=1, argv=0x7ffff3265bb0) at sched/task_startup.c:70
| #22 0x00005555555f02a0 in nxtask_start () at task/task_start.c:134
| #23 0x0000000000000000 in ?? ()
Signed-off-by: chao.an <anchao@xiaomi.com>
Targets build during the kernel phase did not have their dependencies
specified and thus they were not rebuilt after their dependencies have
changed, for example by changing options in menuconfig.
Signed-off-by: Abdelatif Guettouche <abdelatif.guettouche@espressif.com>
When allocation failed, it isn't too uncommon for the caller
to fall back to other allocation method.
(eg. esp32 textheap code tries iram heap when an allocation from rtc heap
failed.)
DEBUGASSERT(false) is too much in that case.
This commit removes the DEBUGASSERT, and also makes the heap dump
a separate option.
malloc() should return aligned (with MM_MIN_CHUNK) pointer, but
pr #5906 destroy that, this pr find a better method to solve
these questions.
Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
and
Signed-off-by: wangbowen6 <wangbowen6@xiaomi.com>
usage:
echo <pid/used/free> trace > /proc/memdump
echo used > /proc/memdump //output all used memory info with backtrace
echo free > /proc/memdump //output all free memory info
echo 22 > /proc/memdump //output used memory info for task pid is 22 with backtrace
Signed-off-by: Jiuzhu Dong <dongjiuzhu1@xiaomi.com>
This is a fix of:
0169a51220
This is caused by wrong memory sem operation in IDLE.
Fix:
Obey the original design, don't check the IDLE in mm_takesemaphore()
Signed-off-by: ligd <liguiding1@xiaomi.com>
Summary:
- I noticed that the user heap is corrupted
- This commit fixes this issue by reverting the change to
the NuttX-9.0.0
Impact:
- None
Testing:
- sabre6-quad:netknsh (not merged yet)
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
Co-authored-by: Oki Minabe <minabe.oki@gmail.com>
For CEVA platform CHAR_BIT is 16, and will do lots of extra work
when use IPC.
We will not support this platform anymore, so remove all the b2c operations.
Signed-off-by: ligd <liguiding1@xiaomi.com>
The operations of struct iob_queue_s in qh_head & qh_tail are performed with interrupts disabled.
change iflags to flags
add header file ref
update for check
If threads are blocking for throttled allocation,
g_throttle_sem.semcount doesn't represent the number of
usable IOBs well.
Note: For non-throttled allocations, the g_iob_committed mechanism
is a rescue. But there is no equivalent for throttled allocations.
since it's useful to redirect these functions to others
sometime(e.g. validate the memory before write).
Change-Id: I6253a9231af8809e8362f4bc5a1bd67fb094c3b0
1.Move all special process to mm_takesemaphore
2.Remove the support of recurive lock
3.Remove mm_trysemaphore function
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: Ie216a6294ab67c5d427f31b089beb15c532f08fe
it's more simple to make mm_heap_s opaque outside of mm
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: I5c8e435f6baba6d22b10c5f7e8d9191104fb5af2
and remove mm_sbrk and kmm_sbrk since it's wrong to expose
sbrk to other heaps except the default userspace heap.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Root casue:
when do thread exit, need add free stack operation to mm_delaylist,
but in SMP mode, CPU0 thread1 exit, at this time, CPU1 call malloc
and free mm_delaylist.
Fix:
Divide mm_delaylist for per CPU in SMP mode.
Change-Id: Ibf7d04614ea2f99fb5b506356b7346a0d94f0590
Signed-off-by: ligd <liguiding1@xiaomi.com>
since the similar functions(e.g. strdup/strndup) put into libs/libc/string
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: Ifb2c0c51298b09014748e5ee8275db51213d6911
Gregory Nutt is the copyright holder for those files and he has submitted the
SGA as a result we can migrate the licenses to Apache.
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
Broken by 635cfa.
On an stm32 the heap is formed from
const uintptr_t g_idle_topstack = HEAP_BASE;
where HEAP_BASE is &_bss + CONFIG_IDLE_STACKSIZE.
Both these values are not deterministic. One
comes from the compiler, the other the system
configurator.
a 3 byte bss and 250 byte stack would lead to
and unaligned address used as the heap to be.
The compiler used clever `strd r1,r3,[r5,#8]` to
store 2 values in one memory cycle into the
heap_impl struct. Resulting in a hardfault.
Change the amount of bss or the CONFIG_IDLE_STACKSIZE
could lead to a non-functional NuttX system.
Summary:
- This commit removes critical section in mm_sem.c which was
added to stabilize the NuttX SMP kernel in Mar 2018.
Impact:
- SMP only
Testing:
- Tested with ostest with the following configs
- maix-bit:smp (QEMU), esp32-devkitc:smp (QEMU)
- sabre-6quad:smp (QEMU), spresense:smp, sim:smp
- Tested with nxplayer with the following configs
- spresense:wifi_smp, spresense:rndis_smp
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
since other subsystem doesn't need call these function anymore
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: Idfb217c412db62d9f17f427310b75bb78785dc50