FD (file descriptor) is widely used in system software development,
and almost all implementations of posix os (including nuttx) use FD as an index.
the value of fd needs to be allocated starting from the minimum available value of 3, and each process has a copy,
so the same fd value is very easy to reuse in the program.
In multi threaded or multi process environments without address isolation,
If the ownership, global variables, and competition relationships of fd are not properly handled,
there may be issues with fd duplication or accidental closure.
Further leading to the following issues, which are difficult to troubleshoot.
1. Security vulnerability: the fd we wrote is not the expected fd and will be accessed by hackers to obtain data
2. Program exceptions or crashes: write or read fd failures, and program logic errors
3. The structured file XML or database is damaged: the data format written to the database is not the expected format.
The implementation principle of fdsan is based on the implementation of Android
https://android.googlesource.com/platform/bionic/+/master/docs/fdsan.md
Signed-off-by: hujun5 <hujun5@xiaomi.com>
https://pubs.opengroup.org/onlinepubs/9699919799/functions/pthread_setcancelstate.html
The pthread_setcancelstate() function may fail if:
[EINVAL]
The specified state is not PTHREAD_CANCEL_ENABLE or PTHREAD_CANCEL_DISABLE.
The pthread_setcanceltype() function may fail if:
[EINVAL]
The specified type is not PTHREAD_CANCEL_DEFERRED or PTHREAD_CANCEL_ASYNCHRONOUS.
Signed-off-by: zhangyuan21 <zhangyuan21@xiaomi.com>
https://pubs.opengroup.org/onlinepubs/9699919799/functions/pthread_once.html
If an implementation detects that the value specified by the once_control
argument to pthread_once() does not refer to a pthread_once_t object
initialized by PTHREAD_ONCE_INIT, it is recommended that the function
should fail and report an [EINVAL] error.
Signed-off-by: zhangyuan21 <zhangyuan21@xiaomi.com>
=================================================================
==2920138==ERROR: AddressSanitizer: invalid-pointer-pair: 0x603000000130 0x000000000000
#0 0x5602d3c6a89d in qsort stdlib/lib_qsort.c:180
#1 0x5602d3c28928 in romfs_cachenode romfs/fs_romfsutil.c:503
#2 0x5602d3c2854d in romfs_cachenode romfs/fs_romfsutil.c:486
#3 0x5602d3c2b056 in romfs_fsconfigure romfs/fs_romfsutil.c:777
#4 0x5602d3c24856 in romfs_bind romfs/fs_romfs.c:1111
#5 0x5602d3bf5179 in nx_mount mount/fs_mount.c:427
#6 0x5602d3bf5796 in mount mount/fs_mount.c:539
#7 0x5602d3bc1154 in nsh_romfsetc apps/nshlib/nsh_romfsetc.c:110
#8 0x5602d3b8f38d in nsh_initialize apps/nshlib/nsh_init.c:127
#9 0x5602d3b8f2b7 in nsh_main apps/system/nsh/nsh_main.c:69
#10 0x5602d3b7a3a6 in nxtask_startup sched/task_startup.c:70
#11 0x5602d3b5de89 in nxtask_start task/task_start.c:134
0x603000000130 is located 0 bytes inside of 32-byte region [0x603000000130,0x603000000150)
allocated by thread T0 here:
#0 0x7fcdac74793c in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226
#1 0x5602d3c9024e in host_memalign sim/posix/sim_hostmemory.c:180
#2 0x5602d3c907d2 in host_realloc sim/posix/sim_hostmemory.c:222
#3 0x5602d3b8aaff in mm_realloc sim/sim_heap.c:262
#4 0x5602d3b87a6a in realloc umm_heap/umm_realloc.c:91
#5 0x5602d3c280c4 in romfs_cachenode romfs/fs_romfsutil.c:466
#6 0x5602d3c2854d in romfs_cachenode romfs/fs_romfsutil.c:486
#7 0x5602d3c2b056 in romfs_fsconfigure romfs/fs_romfsutil.c:777
#8 0x5602d3c24856 in romfs_bind romfs/fs_romfs.c:1111
#9 0x5602d3bf5179 in nx_mount mount/fs_mount.c:427
#10 0x5602d3bf5796 in mount mount/fs_mount.c:539
#11 0x5602d3bc1154 in nsh_romfsetc apps/nshlib/nsh_romfsetc.c:110
#12 0x5602d3b8f38d in nsh_initialize apps/nshlib/nsh_init.c:127
#13 0x5602d3b8f2b7 in nsh_main apps/system/nsh/nsh_main.c:69
#14 0x5602d3b7a3a6 in nxtask_startup sched/task_startup.c:70
#15 0x5602d3b5de89 in nxtask_start task/task_start.c:134
Address 0x000000000000 is a wild pointer.
SUMMARY: AddressSanitizer: invalid-pointer-pair stdlib/lib_qsort.c:180 in qsort
==2920138==ABORTING
Aborted (core dumped)
Signed-off-by: chao an <anchao@xiaomi.com>
Follow the change: https://github.com/apache/nuttx/pull/9151,
that is no need to deal with zero size in C++ allocator.
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
CURRENT_REGS may change during assert handling, so pass
in the 'regs' parameter at the entry point of _assert.
Signed-off-by: zhangyuan21 <zhangyuan21@xiaomi.com>
The setbuffer() function is a wrapper around setvbuf() which
enables full buffering on a buffer allocated by the caller, assuming
buffer is not a null pointer.
The current implementation requires the use of enter_critical_section, so the source code needs to be moved to kernel space
Signed-off-by: hujun5 <hujun5@xiaomi.com>
Use double delim to fix windows native build and give an error:
makefile:132: *** target mode do not include“%”. stop.
In Windows environment DELIM := $(strip \) but \ has two role:
first: \ as directory, and second \ as Escape character, Reference:
https://github.com/apache/nuttx/pull/7572#discussion_r1028219229
Signed-off-by: chao an <anchao@xiaomi.com>
Refer to issue #8867 for details and rational.
Convert sigset_t to an array type so that more than 32 signals can be supported.
Why not use a uin64_t?
- Using a uin32_t is more flexible if we decide to increase the number of signals beyound 64.
- 64-bit accesses are not atomic, at least not on 32-bit ARMv7-M and similar
- Keeping the base type as uint32_t does not introduce additional overhead due to padding to achieve 64-bit alignment of uin64_t
- Some architectures still supported by NuttX do not support uin64_t
types,
Increased the number of signals to 64. This matches Linux. This will support all xsignals defined by Linux and also 32 real time signals (also like Linux).
This is is a work in progress; a draft PR that you are encouraged to comment on.
CONFIG_SERIAL_TERMIOS only decide whether to support c_cflag field since
many terminal application need the first three fields to work correctly.
For more information please reference:
https://www.mail-archive.com/dev@nuttx.apache.org/msg09321.html
before this change(olimexino-stm32:tiny):
text data bss dec hex filename
34884 328 1768 36980 9074 nuttx
after this change:
text data bss dec hex filename
35052 340 1768 37160 9128 nuttx
delta
text data bss dec hex filename
168 12 0 180 b4 nuttx
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Return the error code when all gets occur when an error is wrong
and return immediately when obtaining any valid data
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
Use lib_get_stream() to fetch stdin/stdout/stderr,
since is more easy to works with other language by function call
than export native C structure memory layout.
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
The POSIX standard dictates that during abnormal termination the functions
registered by atexit() are _not_ called, also flushing the streams is
optional. So in this case, it is perfectly legal / better to call the
kernel system call _exit() instead.
This fixes regression issues caused by removal exit() from the kernel.
POSIX dictates that assert() terminates via abort(), even though in NuttX
abort() just calls exit(EXIT_FAILURE) it is better to use the correct
API here, if at some point a proper implementation for abort() is made.
Also, as the kernel must not use abort() which is a userspace API, direct
the exit to PANIC() if for some reason _assert() returns (it should not
but trap it here just in case).
Remove calls to the userspace API exit() from the kernel. The problem
with doing such calls is that the exit functions are called with kernel
mode privileges which is a big security no-no.
In the Nim language "selectors"(I/O multiplexing) module, the maximum
number of file descriptors is obtained with getrlimit() as follows.
var fdLim: RLimit
var res = int(getrlimit(RLIMIT_NOFILE, fdLim))
if res >= 0:
res = int(fdLim.rlim_cur) - 1
To be able to use the same implementation as other POSIX-based OS,
getrlimit() should return a value.
(For now, let it return 128.)
Signed-off-by: Takeyoshi Kikuchi <kikuchi@centurysys.co.jp>
The TERMIOS(3) function tcsendbreak() and the IOCTLs TCSBRK and TCSBRKP
transmit a serial line Break.
Previously NuttX included an extern declaration for tcsendbreak() and
defines for TCSBRK and TCSBRKP but none of these were implemented.
Attempting to build programs that called tcsendbreak() would fail with
a linker error; attempting to use TCSBRK and TCSBRKP would result in an
error at runtime.
This changeset adds the tcsendbreak() function and handling for TCSBRK
and TCSBRKP; tcsendbreak() is implemented in terms of TCSBRK. Both
TCSBRK and TCSBRKP are implemented in terms of the BSD-compatible Break
IOCTLs TIOCSBRK and TIOCCBRK, which must be provided by the lower half
serial driver. Currently, not all lower half serial drivers in NuttX
support these IOCTLs. Those that do implement them may need one or more
Kconfig options to be set, such as `CONFIG_*_U[S]ART_BREAKS` and, on
some architectures, a separate `CONFIG_*_SERIALBRK_BSDCOMPAT`.
* drivers/serial/serial.c
(uart_tcsendbreak): New function.
(uart_ioctl): Implement TCSBRK and TCSBRKP.
* libs/libc/termios/lib_tcsendbreak.c
(): New file.
* libs/libc/termios/Make.defs
(CSRCS): Add lib_tcsendbreak.c to the build.
Thanks to Xiang Xiao for PR feedback.
Co-authored-by: Xiang Xiao <xiaoxiang781216@gmail.com>
with the test of sim:lua ,I have fixed some bug of error output
1.input: " " and error output string is "NULL"
2.input: "1.2e+", error output string is "NULL"
3.input: "." error output string is "NULL"
sim/rpserver
NuttShell (NSH) NuttX-12.0.0
server> cu
_assert: Current Version: NuttX server 12.0.0 3ead669e7a-dirty Feb 2 2023 23:53:48 sim
_assert: Assertion failed : at file: libs/libc/misc/lib_mutex.c:303 task: cu 0x5662fff4
Signed-off-by: chao an <anchao@xiaomi.com>
NuttX kernel should not use the syscall functions, especially after
enabling CONFIG_SCHED_INSTRUMENTATION_SYSCALL, all system functions
will be traced to backend, which will impact system performance.
Signed-off-by: chao an <anchao@xiaomi.com>
1. When pthread exit, set the default cancellability state to NONCANCELABLE state.
2. Make sure modify tcb->flags is atomic operations.
Signed-off-by: zhangyuan21 <zhangyuan21@xiaomi.com>
The pw_gecos field is not specified in POSIX, but is
present on most implementations.
passwd file format:
name:uid:gid:gecos:dir:shell
ex: gdm❌127:133:Gnome Display Manager:/var/lib/gdm3:/bin/false
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
_assert is a kernel procedure, entered via system call to make the core
dump in privileged mode.
Running exit() from this context is not OK as it runs the registered
exit functions and flushes streams, which must not be done
from privileged mode as it is a security hole.
Thus, implement assert() into user space (again) and remove the exit()
call from the kernel procedure.
This is preparation for flushing streams from user space, like it should
be done.
- Move tg_streamlist (group, kernel space) ->
ta_streamlist (TLS, user space)
- Access stream list via tg_info in kernel
- Access stream list via TLS in user space
- Remove / rename nxsched_get_streams -> lib_getstreams
- Remove system call for nxsched_get_streams
This PR adds the driver for Allwinner A64's MIPI Display Serial Interface (DSI) and MIPI Display Physical Layer (D-PHY).
This driver will be used by the upcoming Display Driver for PINE64 PinePhone.
- `include/nuttx/crc16.h`: Added 16-bit CRC-CCITT
- `libs/libc/misc/Make.defs`: Added 16-bit CRC-CCITT to Makefile
- `arch/arm64/src/a64/Kconfig`: Added the Kconfig option for "A64 Peripheral Selection > MIPI DSI" (`CONFIG_A64_MIPI_DSI`), which enables the MIPI DSI Driver
- `arch/arm64/src/a64/hardware/a64_memorymap.h`: Added the Base Address for MIPI DSI
- `arch/arm64/src/a64/Make.defs`: Added the MIPI DSI Driver to the Makefile
- `libs/libc/misc/lib_crc16ccitt.c`: Compute 16-bit CRC-CCITT
- `arch/arm64/src/a64/mipi_dsi.c`, `mipi_dsi.h`: Compose MIPI DSI Packets (Long, Short, Short with Parameter)
- `arch/arm64/src/a64/a64_mipi_dsi.c`, `a64_mipi_dsi.h`: MIPI DSI Driver for Allwinner A64
- `arch/arm64/src/a64/a64_mipi_dphy.c`, `a64_mipi_dphy.h`: MIPI D-PHY Driver for Allwinner A64
- `platforms/arm/a64/boards/pinephone/index.rst`: Added MIPI DSI as supported peripheral for PinePhone
Co-Authored-By: Petro Karashchenko <petro.karashchenko@gmail.com>
"The number of characters written if successful or negative value if an error occurred.
If the resulting string gets truncated due to buf_size limit, function returns the total
number of characters (not including the terminating null-byte) which would have been written,
if the limit was not imposed." --- https://en.cppreference.com/w/c/io/vfprintf
Signed-off-by: jihandong <jihandong@xiaomi.com>
solve:
almost the Hexadecimal string string->float
such as:
code:float num;
const char *s= "0x123p32lala";
char *p;
num=strtof(s,&p);
printf("num is %f\n",num);
printf("str is %s\n",p);
output:num is 1249835483136.000000
str is lala
but if the input number is much big;
like:
code:const char *s2= "0x999999p100";
num=strtof(s2,&p);
printf("num is %f\n",num);
printf("str is %s\n",p);
corrent : num is 12760587998944832242938906880669384704.000000
real: num is 12760587998944800000000000000000000000.000000
it didn't have enough precision
such as code: double value = +0x1.000000000000080000000000p-600;
printf("Hello, World!! %.7g:f64\n", value);
expected output : Hello, World!! 2.40992e-181:f64
but real output : Hello, World!! 2.40992e-B1:f64
the reason: we want printf "18", but the flag of character is 'B'
and 'B' is '0'+18,so printf 'B';
In order to turn longjmp context-switch safe, it's necessary
to disable interrupts before modifying windowbase and windowstart.
Otherwise, after a context switch, windowstart and windowbase
would be different, leading to a wrongly set windowstart bit due to
longjmp writing it based on the windowbase before the context switch.
This corrupts the registers at the next window overflow reaching
that wrongly set bit.
*Background:*
This PR is related to an issue first observed on ESP-IDF
https://github.com/espressif/esp-idf/issues/5229 and it was, then,
checked on NuttX using a test application.
*The test application:*
To check if the problem affects ESP32, ESP32-S2 and ESP32-S3 on
NuttX, it was created an application based on:
https://en.cppreference.com/w/c/program/longjmp
The application creates 16 tasks (`#define NUMBER_OF_TASKS 16`)
that implements the following daemon:
```
static int setjmp_longjmp_daemon(int argc, char *argv[])
{
for (int i = 0; i < NUMBER_OF_TASKS * 2; i++)
{
jmp_buf env;
volatile int count = 0;
if (setjmp(env) != UINT16_MAX)
{
foo(&env, ++count);
}
}
sem_post(&g_sem);
return EXIT_SUCCESS;
}
```
The main function also initializes a semaphore to avoid application
exiting before tasks return successfully:
```
sem_init(&g_sem, 0, -NUMBER_OF_TASKS);
```
Finally, the round-robin interval was lowered to 1ms to raise the
chances of the longjmp being interrupted by a context switch
(`CONFIG_RR_INTERVAL=1).
This setup was able to reproduce the problem prior to this patch
being applied.
When a7 curl calls dns_query via usrsock, it will wait a usrsock
response with the dns lock held. If a7 rptun recv a dns_addnameserver
event from another core at this time, rptun waits the lock held by
curl in callback. Then curl will never get its usrsock response with
rptun blocked, so the deadlock occurs.
This change will break lock when do usrsock request.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
this is fix a ltp test case and update
the error code of pthread_barrierdestroy
ltptcase is : apps/testing/ltp/ltp/testcases/open_posix_testsuite/conformance/interfaces/pthread_barrier_destroy/2-1.c
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
In the past, header file paths were generated by the incdir command
Now they are generated by concatenating environment variables
In this way, when executing makefile, no shell command will be executed,
it will improve the speed of executing makfile
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
In the past, predefined macros were generated by define.sh scripts
Now they are generated by concatenating environment variables
In this way, when executing makefile, no shell command will be executed,
it will improve the speed of executing makfile
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
instead of lib_psa_[get|set]stackaddr.c since the later doesn't exist in kernel mode
regression by:
commit b9b032af72
Author: Xiang Xiao <xiaoxiang@xiaomi.com>
Date: Thu Oct 20 03:10:23 2022 +0800
sched/spawn: Support task_spawnattr_[set|get]stacksize in kernel mode
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
modify the return value according to posix standard
------------
SCHED_GET_PRIORITY_MAX(2)
NAME
sched_get_priority_max, sched_get_priority_min - get static priority range
RETURN VALUE
On success, sched_get_priority_max() and sched_get_priority_min() return the
maximum/minimum priority value for the named scheduling policy.
On error, -1 is returned, and errno is set appropriately.
ERRORS
EINVAL The argument policy does not identify a defined scheduling policy.
Signed-off-by: chao an <anchao@xiaomi.com>