When do socket bind, if the connection domain is not equal to the bound address type, this will cause the stack-buffer-overflow.
Signed-off-by: liqinhui <liqinhui@xiaomi.com>
to avoid the infinite recusive dispatch:
*0 myhandler (signo=27, info=0xf3e38b9c, context=0x0) at ltp/testcases/open_posix_testsuite/conformance/interfaces/sigqueue/7-1.c:39
*1 0x58f1c39e in nxsig_deliver (stcb=0xf4e20f40) at signal/sig_deliver.c:167
*2 0x58fa0664 in up_schedule_sigaction (tcb=0xf4e20f40, sigdeliver=0x58f1bab5 <nxsig_deliver>) at sim/sim_schedulesigaction.c:88
*3 0x58f19907 in nxsig_queue_action (stcb=0xf4e20f40, info=0xf4049334) at signal/sig_dispatch.c:115
*4 0x58f1b089 in nxsig_tcbdispatch (stcb=0xf4e20f40, info=0xf4049334) at signal/sig_dispatch.c:435
*5 0x58f31853 in nxsig_unmask_pendingsignal () at signal/sig_unmaskpendingsignal.c:104
*6 0x58f1ca09 in nxsig_deliver (stcb=0xf4e20f40) at signal/sig_deliver.c:199
*7 0x58fa0664 in up_schedule_sigaction (tcb=0xf4e20f40, sigdeliver=0x58f1bab5 <nxsig_deliver>) at sim/sim_schedulesigaction.c:88
*8 0x58f19907 in nxsig_queue_action (stcb=0xf4e20f40, info=0xf4049304) at signal/sig_dispatch.c:115
*9 0x58f1b089 in nxsig_tcbdispatch (stcb=0xf4e20f40, info=0xf4049304) at signal/sig_dispatch.c:435
*10 0x58f31853 in nxsig_unmask_pendingsignal () at signal/sig_unmaskpendingsignal.c:104
*11 0x58f1ca09 in nxsig_deliver (stcb=0xf4e20f40) at signal/sig_deliver.c:199
*12 0x58fa0664 in up_schedule_sigaction (tcb=0xf4e20f40, sigdeliver=0x58f1bab5 <nxsig_deliver>) at sim/sim_schedulesigaction.c:88
*13 0x58f19907 in nxsig_queue_action (stcb=0xf4e20f40, info=0xf40492d4) at signal/sig_dispatch.c:115
*14 0x58f1b089 in nxsig_tcbdispatch (stcb=0xf4e20f40, info=0xf40492d4) at signal/sig_dispatch.c:435
*15 0x58f31853 in nxsig_unmask_pendingsignal () at signal/sig_unmaskpendingsignal.c:104
*16 0x58f1ca09 in nxsig_deliver (stcb=0xf4e20f40) at signal/sig_deliver.c:199
*17 0x58fa0664 in up_schedule_sigaction (tcb=0xf4e20f40, sigdeliver=0x58f1bab5 <nxsig_deliver>) at sim/sim_schedulesigaction.c:88
*18 0x58f19907 in nxsig_queue_action (stcb=0xf4e20f40, info=0xf40492a4) at signal/sig_dispatch.c:115
*19 0x58f1b089 in nxsig_tcbdispatch (stcb=0xf4e20f40, info=0xf40492a4) at signal/sig_dispatch.c:435
*20 0x58f31853 in nxsig_unmask_pendingsignal () at signal/sig_unmaskpendingsignal.c:104
*21 0x58f1ca09 in nxsig_deliver (stcb=0xf4e20f40) at signal/sig_deliver.c:199
*22 0x58fa0664 in up_schedule_sigaction (tcb=0xf4e20f40, sigdeliver=0x58f1bab5 <nxsig_deliver>) at sim/sim_schedulesigaction.c:88
*23 0x58f19907 in nxsig_queue_action (stcb=0xf4e20f40, info=0xf4049274) at signal/sig_dispatch.c:115
*24 0x58f1b089 in nxsig_tcbdispatch (stcb=0xf4e20f40, info=0xf4049274) at signal/sig_dispatch.c:435
*25 0x58f31853 in nxsig_unmask_pendingsignal () at signal/sig_unmaskpendingsignal.c:104
*26 0x58f1ca09 in nxsig_deliver (stcb=0xf4e20f40) at signal/sig_deliver.c:199
*27 0x58fa0664 in up_schedule_sigaction (tcb=0xf4e20f40, sigdeliver=0x58f1bab5 <nxsig_deliver>) at sim/sim_schedulesigaction.c:88
*28 0x58f19907 in nxsig_queue_action (stcb=0xf4e20f40, info=0xf4049244) at signal/sig_dispatch.c:115
*29 0x58f1b089 in nxsig_tcbdispatch (stcb=0xf4e20f40, info=0xf4049244) at signal/sig_dispatch.c:435
*30 0x58f31853 in nxsig_unmask_pendingsignal () at signal/sig_unmaskpendingsignal.c:104
*31 0x58f1ca09 in nxsig_deliver (stcb=0xf4e20f40) at signal/sig_deliver.c:199
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Signal must be masked when it is delivered to a signal handler per:
https://pubs.opengroup.org/onlinepubs/007904875/functions/sigaction.html:
When a signal is caught by a signal-catching function installed by sigaction(), a new signal mask is calculated and installed for the duration of the signal-catching function (or until a call to either sigprocmask() or sigsuspend() is made). This mask is formed by taking the union of the current signal mask and the value of the sa_mask for the signal being delivered [XSI] [Option Start] unless SA_NODEFER or SA_RESETHAND is set, [Option End] and then including the signal being delivered. If and when the user's signal handler returns normally, the original signal mask is restored.
Any action queued for that signal while the signal is masked should be deferred. It should go into the group pending signal list and should not be processed until until the signal is unmasked (which should occur when the signal handler returns).
1 Gbit W25Q01JV flash uses two 512 Mbit dies. This requires specific
operations in the driver in order to support the entire 1 Gbit region.
This commit adds dual die support for W25Q01JV flash.
Generally the driver has to switch active dies when die specific read from
status register is required (therefore before read, write, erase and when
checking if write status register was successful).
Signed-off-by: Michal Lenc <michallenc@seznam.cz>
The "CONFIG_APPS_DIR" generated in .config has double quotes and is not recognized as a path by most make systems. This commits removes these double quotes to make the compile successfully.
ESP32 and ESP32-S3 should use the ROM-defined versions of the libc
in flat build and, when building the protected mode, in the kernel.
The ROM-defined version of the libc functions can't be used in the
userspace, however, because it isn't allowed to access the memory
region in flash directly from the userspace. That being said,
`LIBC_PREVENT_STRING_KERNEL` should be selected to avoid building
any implementation of the libc, being the ROM-defined versions
linked instead.
NuttX's software implemented version of the libc will be built in
the userspace. Also, the assembly-defined version of some of the
libc functions (`XTENSA_xxx`) may also be selected to be used in
the userspace.
Add the `LIBC_PREVENT_STRING_KERNEL` and `LIBC_PREVENT_STRING_USER`
that are meant to be selected by the chip if no libc implementation
is going to be built. If selected, neither NuttX's software version
of the libc nor any architecture-specific implementation will be
built in the kernel or in the userspace, respectively. In this
case, the linker may provide a ROM-defined version of the libc
functions instead.
if multiple threads are doing serial read/write at the same time,
the driver will only wake up one of the thread, which will cause
other threads fail to be woken up in time and cause blocking
Signed-off-by: chao an <anchao@xiaomi.com>
FD (file descriptor) is widely used in system software development,
and almost all implementations of posix os (including nuttx) use FD as an index.
the value of fd needs to be allocated starting from the minimum available value of 3, and each process has a copy,
so the same fd value is very easy to reuse in the program.
In multi threaded or multi process environments without address isolation,
If the ownership, global variables, and competition relationships of fd are not properly handled,
there may be issues with fd duplication or accidental closure.
Further leading to the following issues, which are difficult to troubleshoot.
1. Security vulnerability: the fd we wrote is not the expected fd and will be accessed by hackers to obtain data
2. Program exceptions or crashes: write or read fd failures, and program logic errors
3. The structured file XML or database is damaged: the data format written to the database is not the expected format.
The implementation principle of fdsan is based on the implementation of Android
https://android.googlesource.com/platform/bionic/+/master/docs/fdsan.md
Signed-off-by: hujun5 <hujun5@xiaomi.com>
- NewReno congestion control algorithm is used to solve the problem
of network congestion breakdown. NewReno congestion control includes
slow start, collision avoidance, fast retransmission, and fast
recovery. The implementation refers to RFC6582 and RFC5681.
- In addition, we optimize the congestion algorithm. In the conflict
avoidance stage, the maximum congestion window max_cwnd is used to
limit the excessive growth of cwnd and prevent network jitter
caused by congestion. Maximum congestion window max_cwnd is updated
with the current congestion window cwnd and the update weight is
0.875 when an RTO timeout occurs.
Signed-off-by: liqinhui <liqinhui@xiaomi.com>
The offset of the relevant registers in xcp will change after
enabling the FPU, this PR will add fpu offset correct the register offset
Signed-off-by: chao an <anchao@xiaomi.com>
Before atomic is ready on every platform, we need a way to protect
quota, previously it's protected by net_lock, but this makes netpkt_xxx
interfaces unable to be called under interrupt context, so changed to
spin lock. Also, we can easily change them into atomic under this
implementation.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
recvmsg() will incorrectly return 0 if the count of sema before waiting is greater than 0,
This commit will reinitialize the sema count before waiting:
1181 static ssize_t rpmsg_socket_recvmsg(FAR struct socket *psock,
1182 FAR struct msghdr *msg, int flags)
1183 {
...
1255 ret = net_sem_timedwait(&conn->recvsem,
1256 _SO_TIMEOUT(conn->sconn.s_rcvtimeo)); // recvsem.sem_count == 1; return 0
...
1264 if (!conn->recvdata) // recvdata not consumed; goto else
1265 {
1266 ret = conn->recvlen;
1267 }
1268 else
1269 {
1270 conn->recvdata = NULL;
1271 }
...
1282 return ret; // BUGON! incorrectly return 0 to user
1283 }
Signed-off-by: chao an <anchao@xiaomi.com>
This implements the changes required to genreate the pdf version
of the documentation. The pdf will be generated as a build artifact
attached to the build. This is the first patch to enable this
a follow on patch to the website repo will publish the pdf to the
NuttX website.
All interrupts must be disabled to prevent re-entrancy and to prevent
interrupts from firing in the serial driver code.
Signed-off-by: hujun5 <hujun5@xiaomi.com>
Make low/full speed devices work with EHCI while OHCI is disabled. A
high speed USB hub has to be plugged into the root hub. This change
will also allow the optional use of a full speed hub between the
high speed hub and the low/full speed device. A recursive mutex is
used to avoid deadlocks.
Currently when we modify some Kconfig related to some chip or
some architecture we need to run refresh.sh to all boards that
is too slow (more than one hour to finish).
This patch modify the script to update only the boards configs
of an specific chip or only the boards of an specific architecture.
Examples:
$ ./tools/refresh.sh --silent --defaults arch:renesas
Normalize us7032evb1/ostest
Normalize us7032evb1/nsh
Normalize skp16c26/ostest
Normalize rx65n-rsk2mb/netnsh
Normalize rx65n-rsk2mb/ipv6
Normalize rx65n-rsk2mb/nsh
Normalize rx65n-rsk1mb/netnsh
Normalize rx65n-rsk1mb/nsh
Normalize rx65n-grrose/netnsh
Normalize rx65n-grrose/ipv6
Normalize rx65n-grrose/nsh
Normalize rx65n/nsh
It updates the boards from all 'renesas' architecture (m9c, rx65n, sh1)
$ ./tools/refresh.sh --silent --defaults chip:rx65n
Normalize rx65n-rsk2mb/netnsh
Normalize rx65n-rsk2mb/ipv6
Normalize rx65n-rsk2mb/nsh
Normalize rx65n-rsk1mb/netnsh
Normalize rx65n-rsk1mb/nsh
Normalize rx65n-grrose/netnsh
Normalize rx65n-grrose/ipv6
Normalize rx65n-grrose/nsh
Normalize rx65n/nsh
It updates all the boards from renesas chip 'rx65n' family
W25QXXXJV_WRITE_STATUS_2 register uses just first byte therefore all
operations has to be done in priv->cmdbuf[0]. Previous priv->cmdbuf[1]
caused QuadSPI mode not being enabled.
Signed-off-by: Michal Lenc <michallenc@seznam.cz>
Added simple support for IPV6_UNICAST_HOPS and IPV6_UNICAST_HOPS, the application can configure the ttl parameters of the socket in user mode.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
Summary:
- This commit adds virtio-mmio-blk driver
Impact:
- None
Testing:
- Tested with rv-virt:netnsh which will be updated later
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
If the current poll setup only has POLLIN, adding POLLOUT does not cause the
protocol stack to refocus on flags such as TCP_ACK or UDP_POLL, the user is
not notified when flags for POLLOUT relationships appear and vice versa,
so we have to call poll_setup again.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
Move the mapping functionality from up_shmat/shmdt into two generic
mapping functions. This makes it possible to do other mappings besides
user shared memory area mappings.
RFC 1191
When a router is unable to forward a datagram because it exceeds the
MTU of the next-hop network and its Don't Fragment bit is set, the
router is required to return an ICMP Destination Unreachable message
to the source of the datagram, with the Code indicating
"fragmentation needed and DF set". To support the Path MTU Discovery
technique specified in this memo, the router MUST include the MTU of
that next-hop network in the low-order 16 bits of the ICMP header
field that is labelled "unused" in the ICMP specification [7]. The
high-order 16 bits remain unused, and MUST be set to zero. Thus, the
message has the following format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 3 | Code = 4 | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| unused = 0 | Next-Hop MTU |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Internet Header + 64 bits of Original Datagram Data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
RFC 1185
Packet Too Big Message
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MTU |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| As much of invoking packet |
+ as will fit without the ICMPv6 packet +
| exceeding 576 octets |
IPv6 Fields:
Destination Address
Copied from the Source Address field of the invoking
packet.
ICMPv6 Fields:
Type 2
Code 0
MTU The Maximum Transmission Unit of the next-hop link.
Description
A Packet Too Big MUST be sent by a router in response to a packet
that it cannot forward because the packet is larger than the MTU of
the outgoing link. The information in this message is used as part
of the Path MTU Discovery process [RFC-1191].
Signed-off-by: wangchen <wangchen41@xiaomi.com>
An off-by-one error caused invalid memory to be accessed when the
last port was used. The first entry, at index 0, was never used.
The USB standard uses 1-based numbering for hub ports. This number
was used to index an array. This change converts the port number to
a zero-based port index when the array is accessed. The zero-based
value in the port field of the usbhost_hubport_s structure is also
converted before printing.
For testing, this bug was exposed on a 4 port hub when port 4 was
used after changing USBHUB_MAX_PORTS to 4 in hub.h. The bug should
also be triggered without changing hub.h if a 7 port hub is
available.