ASAN trace:
...
==32087==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4502120 at pc 0x56673ca3 bp 0xff9b6a08 sp 0xff9b69f8
WRITE of size 1 at 0xf4502120 thread T0
#0 0x56673ca2 in strcpy string/lib_strcpy.c:64
0xf4502120 is located 0 bytes to the right of 8224-byte region [0xf4500100,0xf4502120)
allocated by thread T0 here:
#0 0xf7a60f54 in malloc (/usr/lib32/libasan.so.4+0xe5f54)
#1 0x5667725d in up_create_stack sim/up_createstack.c:135
#2 0x56657ed8 in nxthread_create task/task_create.c:125
#3 0x566580bb in kthread_create task/task_create.c:297
#4 0x5665935f in work_start_highpri wqueue/kwork_hpthread.c:149
#5 0x56656f31 in nx_workqueues init/nx_bringup.c:181
#6 0x56656fc6 in nx_bringup init/nx_bringup.c:436
#7 0x56656e95 in nx_start init/nx_start.c:809
#8 0x566548d4 in main sim/up_head.c:95
#9 0xf763ae80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80)
CALLSTACK:
#8 0xf79de7a5 in __asan_report_store1 () from /usr/lib32/libasan.so.4
#9 0x565fd4d7 in strcpy (dest=0xf4a02121 "", src=0xf5c00895 "k") at string/lib_strcpy.c:64
#10 0x565e4eb2 in nxtask_setup_stackargs (tcb=0xf5c00810, argv=0x0) at task/task_setup.c:570
#11 0x565e50ff in nxtask_setup_arguments (tcb=0xf5c00810, name=0x5679e580 "hpwork", argv=0x0) at task/task_setup.c:714
#12 0x565e414e in nxthread_create (name=0x5679e580 "hpwork", ttype=2 '\002', priority=224, stack=0x0, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:143
#13 0x565e42e3 in kthread_create (name=0x5679e580 "hpwork", priority=224, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:297
#14 0x565e5557 in work_start_highpri () at wqueue/kwork_hpthread.c:149
#15 0x565e3e32 in nx_workqueues () at init/nx_bringup.c:181
#16 0x565e3ec7 in nx_bringup () at init/nx_bringup.c:436
#17 0x565e3d96 in nx_start () at init/nx_start.c:809
#18 0x565e3195 in main (argc=1, argv=0xffe6b954, envp=0xffe6b95c) at sim/up_head.c:95
Change-Id: I096f7952aae67d055daa737e967242eb217ef8ac
Signed-off-by: chao.an <anchao@xiaomi.com>
like other related macro(e.g. INTMAX_MIN, INTMAX_MAX...)
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: I8863599960b1a9b1c22ae9c35735a379a4c745b0
utilize the call inside nxtask_exit instead, also move
nxsched_suspend_scheduler to nxtask_exit for symmetry
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: I219fc15faf0026e452b0db3906aa40b40ac677f3
-Move task_init() and task_activate() prototypes from include/sched.h to include/nuttx/sched.h. These are internal OS functions and should not be exposed to the user.
-Remove references to task_init() and task_activate() from the User Manual.
-Rename task_init() to nxtask_init() since since it is an OS internal function
-Rename task_activate() to nxtask_activate since it is an OS internal function
remove the TLS alignment check
Regression by:
--------------------------------------------------------
commit a6da3c2cb6
Author: Ouss4 <abdelatif.guettouche@gmail.com>
Date: Thu May 7 18:50:07 2020 +0100
arch/*/*_checkstack.c: Get aligned address only when
CONFIG_TLS_ALIGNED is enabled.
--------------------------------------------------------
commit c2244a2382
Author: Gregory Nutt <gnutt@nuttx.org>
Date: Thu May 7 09:46:47 2020 -0600
Remove CONFIG_TLS
A first step in implementing the user-space error is
force TLS to be enabled at all times. It is no longer optional
Signed-off-by: chao.an <anchao@xiaomi.com>
Move the logic to get TLS information from an inline function to a normal function. For the unaligned case, it is probably too large to be inlined.
Also fixes some minor things from review of previous commits.
Fix it after the following change:
commit bb4458b63f
Author: Ouss4 <abdelatif.guettouche@gmail.com>
Date: Thu Apr 30 19:05:12 2020 +0100
include/sys/stat.h: Per the POSIX standard, the atime, ctime and mtime field
s
have changed their type from time_t to struct timespec.
Mac OS X was renamed to macOS at some point. Update references to
OSX, OS X, Mac OS X, Mac OSX, and other permutations, to macOS,
in README files and in comments of other files.
So call 'make EXTRAFLAGS=-Wno-cpp' could suppress the warnings with pre-processor
directive #warning in GCC.
Change-Id: Iaa618238924c9969bf91db22117b39e6d2fc9bb6
Signed-off-by: liuhaitao <liuhaitao@xiaomi.com>
On modern environments, bss is not executable.
Alternatively we can use the ARCH_HAVE_MODULE_TEXT mechanism.
But it's considered overkill for the sim, which is mainly
for development.
From:
https://github.com/moby/vpnkit
commit 2ffc1dd8a84ea7359dd09b1f4b51bb728d4f46a0
c/vpnkit-tap-vsockd/tap-vsockd.c
With minimum changes to make it build.
And remove syslog_init_e because all initialization is later now and we don't
distinguish the initialition phase anymore after ramlog don't need special
initialize.
Because we can get the same function by CONSOLE_SYSLOG/syslog_console_init.
BTW, it isn't a good choice to use g_ramlogfops as /dev/console since nsh
will read back what it send out which will surprise most people.
it doesn't make sense that iob initialization is in up_initialize
but other memory components initialization is called in nx_start
Change-Id: Id43aeaa995f340c5943f59a0067a483ff3ac34a2
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
To ensure size_t same as toolchain definition in the first place and rename CXX_NEWLONG to ARCH_SIZET_LONG. The change also check whether __SIZE_TYPE__ exist before CONFIG_ARCH_SIZET_LONG so our definition can align with toolchain(gcc/clang) definition automatically.
The benefit include:
1. Simplify the implementation
2. Support both tick and tickless automatically
3. No time drift in tickless mode
4. Support critmon arch API automatically
To avoid ps generate "Segmentation fault" because do_stackcheck
check the stack color if the stack size doesn't equal zero
BTW, it is better to set idle task stack size to zero since idle
task use the host thread and the stack size from config isn't the
actual value.
The benefits include:
1. Simplify the implementation
2. Support Ctrl+C automatically
3. Support poll automatically
4. Call pm_activity automatically
5. Save one polling thread
Call xxx_timer_initialize from clock subsystem to make timer ready for use as soon as possiblei and revert the workaround:
commit 0863e771a9
Author: Gregory Nutt <gnutt@nuttx.org>
Date: Fri Apr 26 07:24:57 2019 -0600
Revert "sched/clock/clock_initialize.c: clock_inittime() needs to be done with CONFIG_SCHED_TICKLESS and clock_initialize should skip clock_inittime() for external RTC case since the RTC isn't ready yet."
This reverts commit 2bc709d4b9.
Commit 2bc709d4b9 was intended to handle the case where up_timer_gettime may not start from zero case. However, this change has the side-effect of breaking every implementation of tickless mode: After this change the tickless timer structures are used before they are initialized in clock_inittime(). Initialization happens later when up_initialize is called() when arm_timer_initialize().
Since the tickless mode timer is very special, one solution might be to
1. Rename xxx_timer_initialize to up_timer_initialize
2 Move up_timer_initialize to include/nuttx/arch.h
3. Call it from clock subsystem instead up_initialize
Basically, this change make timer initialization almost same as rtc initialization(up_rtc_initialize).
For now, however, we just need to revert the change.
commit 39bd9ff670
Author: YAMAMOTO Takashi <yamamoto@midokura.com>
Date: Wed Jan 29 00:17:05 2020 +0900
sim: Prefix symbols with _ for non-ELF
Namely for Mach-O. Leave __CYGWIN__ case as it is.
* ld doesn't have --start-groupi/--end-group things. As far as I know,
it works that way by default.
* objcopy with Mach-O support is not widely available.
(GNU binutils seem to claim the support but it didn't actually work
for me. llvm-objcopy --redefine-syms explicitly rejects Mach-O.)
Instead, use -unexported_symbols_list linker flag to hide symbols
to avoid conflicts with host symbols.
The recent x86-64 convention requires 16-byte alignment before
(not after) calling a function.
This fixes snprintf crash I observed on macOS while saving XMM registers.
1. No .c file should include a "Public Types" section. Only a header file can define a public type. A .c file can only define a private type. Several files contained private type definitions. The section that they were defined in, however, was incorrectly named "Public Types." Those were easilty changed to "Private Types" which is what they are.
2. No .c file should include a "Public Function Prototypes" section. All global function prototypes should be provided via a header file and never declared with a .c file.
For No. 2, I corrected as many cases as was reasonable for the time that I had available. But there are still a dozen or so .c files that declare "Public Function Prototypes" within a .c file. This is bad programming style. These declarations should all be moved to the proper header files.
* Simplify EINTR/ECANCEL error handling
1. Add semaphore uninterruptible wait function
2 .Replace semaphore wait loop with a single uninterruptible wait
3. Replace all sem_xxx to nxsem_xxx
* Unify the void cast usage
1. Remove void cast for function because many place ignore the returned value witout cast
2. Replace void cast for variable with UNUSED macro
Squashed commit of the following:
Author: Gregory Nutt <gnutt@nuttx.org>
Ran nxstyle against many of the affected files. But this job was too big for today. Many of the network drivers under arch are highly non-compiant and generate many, many faults from nxstyle. Those will have to be visited again another day.
Author: Xiang Xiao <xiaoxiang@xiaomi.com>
This effects all network drivers as well as timing related portions of net/: devif_poll_tcp_timer shouldn't be skipped in the multiple card case. devif_timer will be called multiple time in one period if the multiple card exist, the elapsed time calculated for the first callback is right, but the flowing callback in the same period is wrong(very short) because the global variable g_polltimer is used in the calculation. So let's pass the delay time to devif_timer and remove g_polltimer.
This change decouples that upper activity-based logic from the lower random walk logic and allows use of other upper state detection logic (such as a custom, application-specific state machine).
Move boards to boards folder
* boards: rename configs folder to boards
This is the proposed layout after the change:
boards: - folder containing board folders
<board>: - name of each board
drivers: - extra drivers specific for platform
include: - header files for the boars
scripts: - extra scripts specific for platform
src: - board specific code
tools: - extra tools specific for platform
<config>: - board specific configuration(s)
Note:
<xxx> names are dependent on platform
This is a logical change to aim to the arch layout but this is a
huge change it should be done in several steps to lower the risk.
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
* Kconfig: replace configs with boards
The change is needed after the path change
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
* Makefile: replace configs with boards
The change is needed after the path change
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
* Makefile.*: replace configs with boards
The change is needed after the path change
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
* Make.defs: replace configs with boards
The change is needed after the path change
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
* .sh: replace configs with boards
The change is needed after the path change
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
* .mk: replace configs with boards
The change is needed after the path change
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
* .c & .h: replace configs with boards
The change is needed after the path change
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
* .bat: replace configs with boards
The change is needed after the path change
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
Approved-by: Gregory Nutt <gnutt@nuttx.org>
arch/: Removed all references to CONFIG_DISABLE_POLL. The standard POSIX poll() can not longer be disabled.
sched/ audio/ crypto/: Removed all references to CONFIG_DISABLE_POLL. The standard POSIX poll() can not longer be disabled.
Documentation/: Removed all references to CONFIG_DISABLE_POLL. The standard POSIX poll() can not longer be disabled.
fs/: Removed all references to CONFIG_DISABLE_POLL. The standard POSIX poll() can not longer be disabled.
graphics/: Removed all references to CONFIG_DISABLE_POLL. The standard POSIX poll() can not longer be disabled.
net/: Removed all references to CONFIG_DISABLE_POLL. The standard POSIX poll() can not longer be disabled.
drivers/: Removed all references to CONFIG_DISABLE_POLL. The standard POSIX poll() can not longer be disabled.
include/, syscall/, wireless/: Removed all references to CONFIG_DISABLE_POLL. The standard POSIX poll() can not longer be disabled.
configs/: Remove all references to CONFIG_DISABLE_POLL. Standard POSIX poll can no longer be disabled.
include/nuttx/nx/nxcursor.h: Add a header file descrbing the implementation of an NX cursor interface. There is no implementation in place yet.
include/nuttx/video/cursor.h: Separate out cursor definitions from fb.h. Other graphic interfaces other than a framebuffer may support a cursor, possible a software cursor.
Squashed commit of the following:
configs/: The few configurations that formerly set CONFIG_NFILE_DESCRIPTORS=0 should not default, rather they should set the number of descriptors to 3.
fs/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
tools/: Tools updates for changes to usage of CONFIG_NFILE_DESCRIPTORS.
syscall/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
libs/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
include/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
drivers/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
Documentation/: Remove all references to CONFIG_NFILE_DESCRIPTORS == 0
binfmt/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
arch/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
net/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
sched/: Remove all conditional logic based on CONFIG_NFILE_DESCRIPTORS == 0
sched/Kconfig: CONFIG_NFILE_DESCRIPTORS may no longer to set to a value less than 3
configs/: Remove all settings for CONFIG_NFILE_DESCRIPTORS < 3
sched/init/nx_bringup.c: Fix a naming collision.
sched/init: Rename os_start() to nx_start()
sched/init: Rename os_smp* to nx_smp*
sched/init: Rename os_bringup to nx_bringup
sched/init: rename all internal static functions to begin with nx_ vs os_
Squashed commit of the following:
Trivial, cosmetic
sched/, arch/, and include: Rename task_vforkstart() as nxtask_vforkstart()
sched/, arch/, and include: Rename task_vforkabort() as nxtask_vforkabort()
sched/, arch/, and include: Rename task_vforksetup() as nxtask_vfork_setup()
sched/: Rename notify_cancellation() as nxnotify_cancellation()
sched/: Rename task_recover() to nxtask_recover()
sched/task, sched/pthread/, Documentation/: Rename task_argsetup() and task_terminate() to nxtask_argsetup() and nxtask_terminate(), respectively.
sched/task: Rename task_schedsetup() to nxtask_schedsetup()
sched/ (plus some binfmt/, include/, and arch/): Rename task_start() and task_starthook() to nxtask_start() and nxtask_starthook().
arch/ and sched/: Rename task_exit() and task_exithook() to nxtask_exit() and nxtask_exithook(), respectively.
sched/task: Rename all internal, static, functions to begin with the nx prefix.
This makes the user interface a little hostile. People thing of an MTU of 1500 bytes, but the corresponding packet is really 1514 bytes (including the 14 byte Ethernet header). A more friendly solution would configure the MTU (as before), but then derive the packet buffer size by adding the MAC header length. Instead, we define the packet buffer size then derive the MTU.
The MTU is not common currency in networking. On the wire, the only real issue is the MSS which is derived from MTU by subtracting the IP header and TCP header sizes (for the case of TCP). Now it is derived for the PKTSIZE by subtracting the IP header, the TCP header, and the MAC header sizes. So we should be all good and without the recurring 14 byte error in MTU's and MSS's.
Squashed commit of the following:
Trivial update to fix some spacing issues.
net/: Rename several macros containing _MTU to _PKTSIZE.
net/: Rename CONFIG_NET_SLIP_MTU to CONFIG_NET_SLIP_PKTSIZE and similarly for CONFIG_NET_TUN_MTU. These are not the MTU which does not include the size of the link layer header. These are the full size of the packet buffer memory (minus any GUARD bytes).
net/: Rename CONFIG_NET_6LOWPAN_MTU to CONFIG_NET_6LOWPAN_PKTSIZE and similarly for CONFIG_NET_TUN_MTU. These are not the MTU which does not include the size of the link layer header. These are the full size of the packet buffer memory (minus any GUARD bytes).
net/: Rename CONFIG_NET_ETH_MTU to CONFIG_NET_ETH_PKTSIZE. This is not the MTU which does not include the size of the link layer header. This is the full size of the packet buffer memory (minus any GUARD bytes).
net/: Rename the file d_mtu in the network driver structure to d_pktsize. That value saved there is not the MTU. The packetsize is the memory large enough to hold the maximum packet PLUS the size of the link layer header. The MTU does not include the link layer header.
Squashed commit of the following:
sched: Rename all use of system_t to clock_t.
syscall: Rename all use of system_t to clock_t.
net: Rename all use of system_t to clock_t.
libs: Rename all use of system_t to clock_t.
fs: Rename all use of system_t to clock_t.
drivers: Rename all use of system_t to clock_t.
arch: Rename all use of system_t to clock_t.
include: Remove definition of systime_t; rename all use of system_t to clock_t.
This commit backs out most of commit b4747286b1. That change was added because sem_wait() would sometimes cause cancellation points inappropriated. But with these recent changes, nxsem_wait() is used instead and it is not a cancellation point.
In the OS, all calls to sem_wait() changed to nxsem_wait(). nxsem_wait() does not return errors via errno so each place where nxsem_wait() is now called must not examine the errno variable.
In all OS functions (not libraries), change sem_wait() to nxsem_wait(). This will prevent the OS from creating bogus cancellation points and from modifying the per-task errno variable.
sched/semaphore: Add the function nxsem_wait(). This is a new internal OS interface. It is functionally equivalent to sem_wait() except that (1) it is not a cancellation point, and (2) it does not set the per-thread errno value on return.
sched/semaphore: Add nxsem_post() which is identical to sem_post() except that it never modifies the errno variable. Changed all references to sem_post in the OS to nxsem_post().
sched/semaphore: Add nxsem_destroy() which is identical to sem_destroy() except that it never modifies the errno variable. Changed all references to sem_destroy() in the OS to nxsem_destroy().
libc/semaphore and sched/semaphore: Add nxsem_getprotocol() and nxsem_setprotocola which are identical to sem_getprotocol() and set_setprotocol() except that they never modifies the errno variable. Changed all references to sem_setprotocol in the OS to nxsem_setprotocol(). sem_getprotocol() was not used in the OS
libc/semaphore: Add nxsem_getvalue() which is identical to sem_getvalue() except that it never modifies the errno variable. Changed all references to sem_getvalue in the OS to nxsem_getvalue().
sched/semaphore: Rename all internal private functions from sem_xyz to nxsem_xyz. The sem_ prefix is (will be) reserved only for the application semaphore interfaces.
libc/semaphore: Add nxsem_init() which is identical to sem_init() except that it never modifies the errno variable. Changed all references to sem_init in the OS to nxsem_init().
sched/semaphore: Rename sem_tickwait() to nxsem_tickwait() so that it is clear this is an internal OS function.
sched/semaphoate: Rename sem_reset() to nxsem_reset() so that it is clear this is an internal OS function.
STM32, STM32 F7: LTDC and DMA2D drivers are not permitted to set the errno.
SIM LPC31xx: Serial and console drivers are not permitted to set the errno.
SAMv7, STM32, STM32 L4: DAC and ADC drivers are not permitted to set the errno.
-------
This patch enhances networking support for the simulation under Linux.
Includes updated support for Linux TUN/TAP, and the addition of support for
Linux bridge devices.
CHANGES
-------
o Check to see if the d_txavail callback is present before calling it in
the arp send code. This prevents a segfault when simulating the telnetd
daemon with arp send enabled.
o Adjust the simulation's netdriver_loop() so it will detect and respond to
ARP requests.
o Do not attempt to take the tap device's hardware address for use by the
simulation. That hardware address belongs to the host end of the link,
not the simulation end. Generate a randomized MAC address instead.
o Do not assign an IP address to the interface on the host side of the TAP
link.
+ Provide two modes: "host route" and "bridge".
+ In host route mode, maintain a host route that points any traffic for the
simulation's IP address to the tap device. In this mode, so long as the
simulation's IP is a free address in the same subnet as the host, no
additional configuration will be required to talk to it from the host.
Note that address changes are handled automatically if they follow the
rule of if-down/set-address/if-up, which everything seems to.
+ In bridge mode, add the tap device to the specified bridge instance. See
configs/sim/NETWORK-LINUX.txt for information and usage examples. This
enables much more flexible configurations (with fewer headaches), such as
running multiple simulations on a single host, all of which can access
the network the host is connected to.
o Refresh configurations in configs/sim where CONFIG_NET=y. They default
to "host route" mode.
o Add configs/sim/NETWORK-LINUX.txt
CAVEATS
-------
- The MAC address generation code is extremely simplistic, and does not
check for potential conflicts on the network. Probably not an issue, but
something to be aware of.
- I was careful to leave it in a state where Cygwin/pcap should still work,
but I don't have a Windows environment to test in. This should be
checked.
- I don't know if this was ever intended to work with OS X. I didn't even
try to test it there.
NOTES
-----
- Was able to get telnetd working and simulate nsh over telnet, but only so
long as listen backlogs were disabled.
There appears to be a bug in the backlog code where sockets are being
returned in SYN_RCVD state instead of waiting until they're ESTABLISHED;
if you perform an immediate send after accepting the connection, it will
confuse the stack and the send will hang; additionally, the connection
will never reach ESTABLISHED state.
Can be worked around by adding a sleep(1) after the accept in telnetd. I
don't have the necessary knowledge of the IP stack to know what the
correct fix is.