Commit Graph

740 Commits

Author SHA1 Message Date
yinshengkai
be86b03794 mm/kasan: support Disable Kasan read Panic
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-09-19 03:15:29 +08:00
yinshengkai
d365be9f2f kasan: remove kasan report recursive check
PANIC never returns and abort is called to exit the process after calling assert
When BOARD_RESET_ON_ASSERT < 2, the second kasan_report will not be executed.

Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-09-19 03:15:29 +08:00
yinshengkai
5ee7c563a5 mm: add kasan_unregister implementaion
In mm_uninitialize should unregister kasan

Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-09-19 03:15:29 +08:00
yinshengkai
1771d233c9 mm/kasan: fix kasan_is_poisoned check error
When size is less than or equal to KASAN_SHADOW_SCALE, no check will be performed
We need to check whether the memory is accessible based on bit

Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-09-19 03:15:29 +08:00
ligd
13a0682340 kasan: disable the built-in 'memset' function
In function kasan_set_poison:
{
  ...

  while (size--)
    {
      p[size] = value;
    }
}
This will optimize to 'memset' function when compile option > O2.

But the memset must be instrument by kasan, so there is recursive

Signed-off-by: ligd <liguiding1@xiaomi.com>
2024-09-19 03:15:29 +08:00
ligd
8a272511d5 kasan: remove unused statement
Signed-off-by: ligd <liguiding1@xiaomi.com>
2024-09-19 03:15:29 +08:00
yinshengkai
e0c8189818 mm/kasan: fix kasan false positives
When using memset via __asan_storeN check, not checking if all memory is accessible

Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-09-19 03:15:29 +08:00
wangmingrong
ae3facda53 kasan: Implementation of Kasan based on software tags.
Currently, only aarch64 is supported

Signed-off-by: wangmingrong <wangmingrong@xiaomi.com>
2024-09-19 03:15:29 +08:00
Xiang Xiao
9c6bed4b00 mm: Move kasan.h from mm/kasan to include/nuttx/mm
so other parts of the system can use it.

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
2024-09-19 03:15:29 +08:00
Xiang Xiao
47ffb9019f mm: Support the different kasan implementation
Split kasan.c to incorporate label based kasan:
hook.c: Implement compiler instrumentation function
generic.c: Implementation software kasan algorithm

Signed-off-by: wangmingrong <wangmingrong1@xiaomi.com>
2024-09-19 03:15:29 +08:00
anjiahao
70b9f63985 kasan:fix arch_xxx size is 0,kasan report
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-09-19 03:15:29 +08:00
anjiahao
e26e1ab2ab kasan:fix bug if kasan_mem_to_shadow mod size is 0 just return
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-09-19 03:15:29 +08:00
anjiahao
745611f800 kasan:fix bug for kasan_mem_to_shadow
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-09-19 03:15:29 +08:00
anjiahao
780abec239 kasan:support kasan_mem_to_shadow can check any size
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-09-19 03:15:29 +08:00
zhangshoukui
8e4e09be2d shm: The limits have been made in Make.defs and remove useless macro in code
ifeq ($(CONFIG_MM_SHM),y)
CSRCS += shmat.c shmctl.c shmdt.c shmget.c

DEPPATH += --dep-path shm
VPATH += :shm
endif

Signed-off-by: zhangshoukui <zhangshoukui@xiaomi.com>
2024-09-18 13:42:11 +08:00
Masayuki Ishikawa
df298c186f Revert "build depend:Revert Make.dep intermediate ddc file"
This reverts commit ddc3119c4e.
2024-09-15 19:29:47 +08:00
xuxin19
ddc3119c4e build depend:Revert Make.dep intermediate ddc file
Revert "Parallelize depend file generation"
This reverts commit d5b6ec450f.

parallel depend ddc does not significantly speed up compilation,
intermediately generated .ddc files can cause problems if compilation is interrupted unexpectedly

Signed-off-by: xuxin19 <xuxin19@xiaomi.com>
2024-09-15 10:01:58 +08:00
Alin Jerpelea
339457dda3 mm: migrate to SPDX identifier
Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.

Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
2024-09-13 08:49:05 +08:00
Daniel Jasinski
7dbb887f07 build: fix memory manager compile options for CMake
This enables CMake based build for sim:ostest. Flags which
are set by set_source_files_properties are not reflected in
final build. Changing these to target_compile_options makes
CMake build runnable.

Signed-off-by: Daniel Jasinski <jasinskidaniel95szcz@gmail.com>
2024-09-10 16:00:56 +08:00
hujun5
198630a809 sched: use this_task replace nxsched_self
reason:
We can reduce a function call to improve performance.
Signed-off-by: hujun5 <hujun5@xiaomi.com>
2024-09-05 09:33:50 -03:00
ligd
c75886b8f8 kasan: add new API kasan_init_early()
Signed-off-by: ligd <liguiding1@xiaomi.com>
2024-08-30 01:35:09 +08:00
wangmingrong
64cbafeaa0 mm/kasan: Delete the lock when adding regions
Signed-off-by: wangmingrong <wangmingrong@xiaomi.com>
2024-08-30 01:35:09 +08:00
wangjianyu3
fa5d843aa9 assert in kasan_set_poison() if size is zero
e.g. mm_realloc() => kasan_poison() => kasan_set_poison()
  _assert: Assertion failed p != ((void*)0): at file: kasan/kasan.c:239 task: nsh_main process: nsh_main 0x4402caa5
Signed-off-by: wangjianyu3 <wangjianyu3@xiaomi.com>
2024-08-30 01:35:09 +08:00
yinshengkai
5d0ffdf44e mm: add disable kasan panic configuration
In some cases we hope to be able to find errors without affecting the running of the program

Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-08-30 01:35:09 +08:00
yinshengkai
a9afed96b9 mm/kasan: print memory around poisoned address
Print shadow memory following asan format.
==3118004==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5618ac32a100 at pc 0x5618ac32727f bp 0x7ffe5f3e66f0 sp 0x7ffe5f3e66e0
WRITE of size 4 at 0x5618ac32a100 thread T0

#0 0x5618ac32727e in main /home/baerg/vela/x4b/asan_test.c:12
#1 0x7f221ce29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#2 0x7f221ce29e3f in __libc_start_main_impl ../csu/libc-start.c:392
#3 0x5618ac327144 in _start (/home/baerg/vela/x4b/asan_test+0x1144)
0x5618ac32a100 is located 0 bytes to the right of global variable 'buffer' defined in 'asan_test.c:5:6' (0x5618ac32a0e0) of size 32
SUMMARY: AddressSanitizer: global-buffer-overflow /home/baerg/vela/x4b/asan_test.c:12 in main
Shadow bytes around the buggy address:
0x0ac39585d3d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac39585d3e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac39585d3f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac39585d400: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 f9
0x0ac39585d410: f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
=>0x0ac39585d420:[f9]f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac39585d430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac39585d440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac39585d450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac39585d460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac39585d470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-08-30 01:35:09 +08:00
yinshengkai
84333881d7 mm: add mm_largest api to get the current largest available memory block
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-08-25 23:09:28 +08:00
yinshengkai
2cdfda149a mm: memory pressure support returns the maximum available memory
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-08-25 23:09:28 +08:00
yinshengkai
49d1b4198f mm: add memory pressure notification support
Add mm_heap_free interface to pass remaining memory to memory pressure

Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-08-25 23:09:28 +08:00
Petro Karashchenko
d499ac9d58 nuttx: fix multiple 'FAR', 'CODE' and style issues
Signed-off-by: Petro Karashchenko <petro.karashchenko@gmail.com>
2024-08-25 19:22:15 +08:00
fangpeina
dbdeaa2ada libc/execinfo: extract a common backtrace format function
Add a common method to format backtrace to buffer, so it can be used by both mm, fs and other possoble modules.

Signed-off-by: fangpeina <fangpeina@xiaomi.com>
2024-08-21 18:01:24 +08:00
anjiahao
a9fb366314 mempool:fix bug when deinit mpool, wrong parameters used
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-08-21 18:01:24 +08:00
anjiahao
e6bf25a714 mempool:Need check mpool is NULL
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-08-21 18:01:24 +08:00
anjiahao
8f92695ee1 mempool:need unposion memory when deinit
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-08-21 18:01:24 +08:00
anjiahao
80ea8c3cc7 mempool:fix bug when free a alignment address
The mempool mistakenly considers the heap memory as its own

The recurring scenario only occurs in mempool_deinit
test code in hello_main:

int main(int argc, FAR char *argv[])
{
  void *a = malloc(1024*64);
  void *d[16];
  void *heap = mm_initialize("123", a, 1024 * 64);
  for (int i = 0; i < 16; i++)
    {
        d[i] = mm_malloc(heap,32);
    }

  for (int i = 0; i < 16; i++)
    {
      if (d[i] != NULL)
        mm_free(heap,d[i]);
    }

  mm_uninitialize(heap);
  free(a);
  return 0;
}

and crash backtrace

0  _assert (filename=0x4ea20 "mempool/mempool.c", linenum=373, msg=0x0 <up_perf_convert>, regs=0x0 <up_perf_convert>)
   at misc/assert.c:551
1  0x0000a32c in __assert (filename=0x4ea20 "mempool/mempool.c", linenum=373, msg=0x0 <mempool_multiple_foreach>)
   at assert/lib_assert.c:36
2  0x0000f92c in mempool_release (pool=0x100e7a0, blk=0x100ff80) at mempool/mempool.c:373
3  0x000109ce in mempool_multiple_free (mpool=0x100e6f8, blk=0x100ff80) at mempool/mempool_multiple.c:648
4  0x0000deac in mm_delayfree (heap=0x100e090, mem=0x1010000, delay=false) at mm_heap/mm_free.c:83
5  0x0000e21c in mm_free (heap=0x100e090, mem=0x1010000) at mm_heap/mm_free.c:242
6  0x0001021c in mempool_multiple_free_chunk (mpool=0x100e6f8, ptr=0x1010000) at mempool/mempool_multiple.c:222
7  0x0001048e in mempool_multiple_free_callback (pool=0x100e7a0, addr=0x1010080) at mempool/mempool_multiple.c:291
8  0x0000ff6e in mempool_deinit (pool=0x100e7a0) at mempool/mempool.c:644
9  0x00010cba in mempool_multiple_deinit (mpool=0x100e6f8) at mempool/mempool_multiple.c:883
10 0x0000dd0c in mm_uninitialize (heap=0x100e090) at mm_heap/mm_initialize.c:326
11 0x0002c742 in hello_main (argc=1, argv=0x100d050) at hello_main.c:54
12 0x0000a83e in nxtask_startup (entrypt=0x2c6a5 <hello_main>, argc=1, argv=0x100d050) at sched/task_startup.c:70
13 0x00005272 in nxtask_start () at task/task_start.c:112

Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-08-21 18:01:24 +08:00
anjiahao
8c52317a45 mempool:fix mempool memdump address incorrect printing
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-08-21 18:01:24 +08:00
anjiahao
7c34ece5d6 mempool:fix memdump leak will hang on spinlock
root cuase is getpid use spinlock
can read mempool nodes without needing spinlock protection.

Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-08-21 18:01:24 +08:00
anjiahao
73f506b65f mempool: safe memdump for smp, if syslog will switch context
remove alist, switch to a convenient way to traverse
the physical address directly.

At the same time, we can use `gurad` to mark whether
it is free or alloc or out of bounds check

Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-08-21 18:01:24 +08:00
yinshengkai
659f3b5ff6 mm: remove mempool_sq_count
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
2024-08-21 18:01:24 +08:00
anjiahao
0687466223 mempool:alloc for sq head, free to sq last useful debug
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
Signed-off-by: liwenxiang1 <liwenxiang1@xiaomi.com>
2024-08-21 18:01:24 +08:00
guoshichao
61cd8c379e mm/mempool: rename the mempool_alloc and mempool_free function
the mempool_alloc and mempool_free function are duplicate with the
mempool method that provided in optee_os, in order to port optee_os, so
we rename the mempool related functions in nuttx

Signed-off-by: guoshichao <guoshichao@xiaomi.com>
2024-08-18 19:46:54 +08:00
Ville Juven
073bb31c3b mm/map/vm_region.c: Fix formatting error
mm/map/vm_region.c:131:7: error: If statement followed by garbage
2024-08-16 09:50:23 -03:00
Ville Juven
971ca501b9 mm/map/vm_region.c: Fix usage of void* arithmetics
Fixes build error:
map/vm_region.c: In function 'vm_map_region':
map/vm_region.c:128:16: error: pointer of type 'void *' used in arithmetic [-Werror=pointer-arith]
  128 |   return vaddr + (MM_PGMASK & paddr);
      |                ^
cc1: all warnings being treated as errors
2024-08-16 09:50:23 -03:00
anjiahao
aee17d6cc2 kasan:fix bug write error is recognized as read error
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2024-08-12 02:00:04 +08:00
Yanfeng Liu
cafee0e086 mm/mm.h: add mm_free_delaylist interface
This adds explicit `void mm_free_delaylist(heap)` interface so that
to force freeing the heap's delaylist.

Signed-off-by: Yanfeng Liu <yfliu2008@qq.com>
2024-08-03 01:30:04 +08:00
buxiasen
de460b5a10 mm_ubsan: add dummy to bypass runtime actions
Signed-off-by: buxiasen <buxiasen@xiaomi.com>
2024-07-10 20:09:39 +08:00
buxiasen
410ed94655 mm_ubsan: add implement for dynamic_type_cache_miss
Signed-off-by: buxiasen <buxiasen@xiaomi.com>
2024-07-09 17:07:50 +08:00
fangpeina
242b50f921 libc/execinfo: extract a common backtrace format function
Add a common method to format backtrace to buffer, so it can be used by both mm, fs and other possoble modules.

Signed-off-by: fangpeina <fangpeina@xiaomi.com>
2024-06-29 22:44:39 +08:00
buxiasen
756d9508bc mm: mm_threshold perfer from init
Signed-off-by: buxiasen <buxiasen@xiaomi.com>
2024-06-26 00:20:44 +08:00
buxiasen
cf574fa466 mm: add mm_initialize_pool, make pool more flexible
now allow enable pool for extra heap, and disable umm/kmm pool.

Signed-off-by: buxiasen <buxiasen@xiaomi.com>
2024-06-25 16:42:06 +08:00
Tiago Medicci Serrano
50aeea2dc0 mm/iob: Simplify IOB alloc/free logic
- `g_iob_sem.semcount` must be equal to the total number of free IOBs.
It can also be negative if there are no free IOBs and there are threads
waiting for an IOB.
- g_throttle_sem.semcount represents the number of IOBs available for
throttled IOB allocations. Like any other semaphore, it should only go
negative if there is a thread waiting for it.
- Both semaphores are related to the same resource (free IOBs), hence,
they must be incremented/decremented simultaneously:
  - Whenever a IOB buffer is freed, if a thread is waiting for a
non-throttled IOB or a thread is waiting for a throttled IOB and we
have at least `CONFIG_IOB_THROTTLE` buffers available, the IOB is put
in the committed list (`g_iob_committed`). Otherwise, it is put in the
common free list (`g_iob_freelist`).
  - `g_iob_sem` is always incremented when an IOB buffer is freed, but
`g_throttle_sem` is incremented only if we have at least CONFIG_IOB_THROTTLE
buffers free.
  - Both semaphores are posted with the schedule locked to avoid any
mismatches in the semaphores count.
  - If a task is waiting for an IOB semaphore (`iob_allocwait`) is
awakened and would check the `g_iob_committed`. The highest priority
task waiting for a semaphore will be awakened first.
2024-06-25 15:21:00 +08:00