When issuing an ioctl for a file that exists in a FAT32 file system,
the FAT ioctl() is first executed, but it returns -ENOSYS in
an attempt to pass through to the vfs.
Therefore, the ioctl of the VFS layer, which expects -ENOTTY,
is not processed and an error occurs.
Signed-off-by: Takeyoshi Kikuchi <kikuchi@centurysys.co.jp>
It seems that RPMSGFS is missed from the list that doesn't need block or
MTD drivers. This attempts to add it.
Signed-off-by: Yanfeng Liu <yfliu2008@qq.com>
The DIRSEC_BYTENDX(f, i) is supposed to have DIRSEC_NDXMASK(f) in its expansion instead of DIRSEC_NDXMASK(fs). It went unnoticed in the codebase as DIRSEC_BYTENDX(fs, idx) is the way it is used, and it leads to a similar expansion as desired, and thus it has worked till now without any issues from this.
Signed-off-by: Saurav Pal <resyfer.dev@gmail.com>
When shmfs_truncate is called, it uses shmfs_alloc_object to create the
physical backing for the shm file. However, the allocated physical
memory returned by mm_pgalloc is not cleared when CONFIG_BUILD_KERNEL is
set, which is a clear POSIX violation:
https://pubs.opengroup.org/onlinepubs/9699919799/functions/truncate.html
"If the file was previously shorter than length, its size is increased,
and the extended area appears as if it were zero-filled."
For FLAT and PROTECTED modes zalloc is used, so the violation affects
KERNEL mode only.
nuttx/driver/rpmsg: new folder, extract common rpmsg api in rptun.c to rpmsg.c.
rpmsg provide rpmsg_ops to each backend for specific implementation.
Signed-off-by: wangyongrong <wangyongrong@xiaomi.com>
Fix the issue where fat driver is not using the last two clusters in
the file system.
The fat parameter fs->fs_nclusters is the maximum number of data clusters;
this doesn't include the two in the beginning. Many checks in the fat driver
treat the fs->fs_nclusters-1 as being the last accessible cluster, which is not
right, the last accessible one is actually this number + 2 when the cluster
count includes the two first ones.
Normally this is not an issue when writes are being done through the same
driver, the last two clusters are just never used. But if the filesystem is
modified by external driver, for example with a populated fat created with PC,
or modifying the FS via USB-MSC, this leads to the fat driver not being able to
read anything that uses the last two clusters.
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
Usage:
1. CONFIG_FS_PROCFS_MAX_STACK_RECORD > 0, such as 32,
2. add '-finstrument-functions' to CFLAGS for What you want to check
stack.
3. mount porcfs
4. cat /proc/<pid>/stack will print backtace & size
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
A segmentfault might happen when read/write/unlink ops called without an open
ops called because it bind ept's ops in rpmsgblk_open_handler.
proxy> rm /dev/ram1
segmentfault
proxy> ls /dev/ram1
segmentfault
Signed-off-by: liaoao <liaoao@xiaomi.com>
newsize = newsize + CONFIG_FS_TMPFS_FILE_ALLOCGUARD;
When newsize is a large value,
adding a relatively small value can cause the result to become very small,
resulting in program logic errors.
For example:
0xffffffff + 0x2 = 1
Signed-off-by: hujun5 <hujun5@xiaomi.com>
The task files should consult the "spawn action" and "O_CLOEXEC flags"
to determine further whether the file should be duplicated.
This PR will further optimize file list duplicating to avoid the performance
regression caused by additional file operations.
Signed-off-by: chao an <anchao@xiaomi.com>
This moves task / thread cancel point logic from the NuttX kernel into
libc, while the data needed by the cancel point logic is moved to TLS.
The change is an enabler to move user-space APIs to libc as well, for
a coherent user/kernel separation.
ubsan_prologue: ================================================================================
ubsan_prologue: UBSAN: shift-out-of-bounds in fat/fs_fat32util.c:989:40
__ubsan_handle_shift_out_of_bounds: left shift of 268435455 by 4 places cannot be represented in type 'int'
ubsan_epilogue: ================================================================================
Signed-off-by: chao an <anchao@xiaomi.com>
1. fs_epoll: try again when epoll_teardown() return 0
when poll_notify() called larger than twice when epoll_wait() blocked
in the eph->sem, the semcount will be larger than 1 when epoll_wait()
unblocked and will return 0 directly at the next epoll_wait.
So retry to wait the eph->sem again when epoll_teardown return 0.
2. fs_epoll: poll_setup the fd again even this fd got non-expected event
Some poll implementations need call poll_setup again when their internal
states changed (e.g., local socket), so should add the fd to the epoll
teardown list and poll_setup again at the next epoll_wait even this fd
got the user non-expected event.
Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>
VELAPLATFO-18473
refs:
https://man7.org/linux/man-pages/man2/fcntl.2.html
If the FD_CLOEXEC bit is set, the file descriptor will automatically
be closed during a successful execve(2).
(If the execve(2) fails, the file descriptor is left open.)
modify:
1. Ensure that the child task copies all fds of the parent task,
including those with O_CLOEXE.
2. Make sure spawn_file_action is executed under fd with O_CLOEXEC,
otherwise it will fail.
3. When a new task is activated or exec is called, close all fds
with O_CLOEXEC flags.
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
refs: https://man7.org/linux/man-pages/man2/dup.2.html
The two file descriptors do not share file descriptor flags (the
close-on-exec flag). The close-on-exec flag (FD_CLOEXEC; see
fcntl(2)) for the duplicate descriptor is off.
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
we can mount a zipfile in nuttx use mount command like this:
mount -t zipfs -o /data/test.zip /zip
The zipfs is a read only file system,The advantage is that it
does not occupy additional space when reading the decompressed file.
When used, reading and decompression operations are simultaneous.
The known disadvantage is that when using seek to read forward,
it will reopen and cause slow speed problems.
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
Fixes build error with -Werror:
shm/shmfs.c: In function 'shmfs_read':
shm/shmfs.c:122:33: error: pointer of type 'void *' used in arithmetic [-Werror=pointer-arith]
122 | memcpy(buffer, sho->paddr + startpos, nread);
| ^
shm/shmfs.c: In function 'shmfs_write':
shm/shmfs.c:166:25: error: pointer of type 'void *' used in arithmetic [-Werror=pointer-arith]
166 | memcpy(sho->paddr + startpos, buffer, nwritten);
| ^
cc1: all warnings being treated as errors
Implement I_SUID/I_SGID feature for binfs in the POSIX compliant way.
If set-user-ID bit is set in the file permissions, then the effective
user ID of process shall be set to UID of the new process image file.
test case:
hello example emulates to set uid and file set-user-ID bit, and call
geteuid and getegid API.
UID = 2000
GID = 3000
MODE = 06555
nsh> ls -l /bin/hello
-r-sr-sr-x 2000 3000 0 hello
nsh> hello
geteuid:2000
getegid:3000
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
The memory allocated with strdup and asprintf is done via lib_malloc
so we need to use lib_free to deallocate memory otherwise the assertion
"Free memory from the wrong heap" is hit with flat mode and user separated
heap enabled mode.
Signed-off-by: Petro Karashchenko <petro.karashchenko@gmail.com>
VELAPLATFO-12536
This provides the initial hooks for Flattened Device Tree support
with QEMU RV. It also provides a new procfs file that exposes the
fdt to userspace much like the /sys/firmware/fdt endpoint in Linux.
See https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-firmware-ofw
Nodes in the fdt are not yet usable by the OS.
Signed-off-by: Brennan Ashton <bashton@brennanashton.com>
Signed-off-by: liaoao <liaoao@xiaomi.com>
Both the device and the pipe used the FSNODEFLAG_TYPE_DRIVER type before,
and now add an independent pipe type
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
In POSIX standard spec https://pubs.opengroup.org/onlinepubs/7908799/xsh/mqueue.h.html, the field type in mq_attr should be long not size_t. And no logical judgment when mq_maxmsg <= 0 or mq_msgsize <= 0. In this change, i update the field type in mq_attr, and add the missing logical judgment.
Signed-off-by: yangjiao <yangjiao@xiaomi.com>
If the shm file is removed and a subsequent close, only release shm
object, but inode is leaked. Should decrease refcount to release inode
when unmapped, that matched with refcount increase when mapped.
Another fix that remove the shm file failed.
nsh> rm /var/shm/pts_mmap_1_2_5
nsh: rm: unlink failed: 6
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
mmap establish a mapping address space that refer to a tmpfs file,
there are two issues:
1. if the tmpfs file is removed and a subsequent close(), tmpfs_close
will release the backend memory object, use after free errors occur
when operating the mapping memory. We add an extra reference to memory object,
memory will be released when there are no more mappings.
2. if unmap only a portion of the memory, fix the bug that adds another map.
Use realloc and shrink the mapping memory instead.
The fix pass LTP posix case mmap/10-1.c and mmap/12-1.c
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
No memory map count limit that will exhaust memory and cause
the system hang. Also that fix pass LTP posix case mmap/24-1.c
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
If MAP_PRIVATE is specified, do not change the underlying object,
that is OK to open file with read-only permission. Change to pass:
testcases/open_posix_testsuite/conformance/interfaces/mmap/6-5.c
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
As posix spec, mmap() function shall fail with ENODEV if fd refers
to a file whose type is not supported. Change to pass ltp open_posix test:
testcases/open_posix_testsuite/conformance/interfaces/mmap/23-1.c
https://pubs.opengroup.org/onlinepubs/9699919799/functions/mmap.html
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
The FIOC_FILEPATH ioctl needs rf->rf_path, which is not initialized for
dup'ed romfs file and cause problems.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
1. command "memdump leak" can dump the leacked memory node;
2. fix the leak memory stat bug in memory manager;
Signed-off-by: wangbowen6 <wangbowen6@xiaomi.com>
since the same function can be achieved by mount:
mount(NULL, "/mnt/unionfs", "unionfs", 0,
"fspath1=/mnt/path1,prefix1=prefix1,"
"fspath2=/mnt/path2,prefix2=prefix2");
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
while iterate throuh all mapping memory to munmap and release,
the last entry is NUlL.
We need differentiate the case with invald entry at the first.
The fix is to pass ltp shm related cases.
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
Follow the POSIX specification in https://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_open.html, update the logic for condition that the semaphore name length is greater than PATH_MAX or a component length is greater than NAME_MAX.
Signed-off-by: yangjiao <yangjiao@xiaomi.com>
1. Update all CMakeLists.txt to adapt to new layout
2. Fix cmake build break
3. Update all new file license
4. Fully compatible with current compilation environment(use configure.sh or cmake as you choose)
------------------
How to test
From within nuttx/. Configure:
cmake -B build -DBOARD_CONFIG=sim/nsh -GNinja
cmake -B build -DBOARD_CONFIG=sim:nsh -GNinja
cmake -B build -DBOARD_CONFIG=sabre-6quad/smp -GNinja
cmake -B build -DBOARD_CONFIG=lm3s6965-ek/qemu-flat -GNinja
(or full path in custom board) :
cmake -B build -DBOARD_CONFIG=$PWD/boards/sim/sim/sim/configs/nsh -GNinja
This uses ninja generator (install with sudo apt install ninja-build). To build:
$ cmake --build build
menuconfig:
$ cmake --build build -t menuconfig
--------------------------
2. cmake/build: reformat the cmake style by cmake-format
https://github.com/cheshirekow/cmake_format
$ pip install cmakelang
$ for i in `find -name CMakeLists.txt`;do cmake-format $i -o $i;done
$ for i in `find -name *\.cmake`;do cmake-format $i -o $i;done
Co-authored-by: Matias N <matias@protobits.dev>
Signed-off-by: chao an <anchao@xiaomi.com>
Summary:
- Some network drivers such as GS2200M do not support to bind
a local port for TCP client socket. In this case, this config
disables to bind the port.
- See also https://github.com/apache/nuttx/pull/3707
Impact:
- None
Testing:
- Tested with spresense:wifi_smp (Kconfig will be updated later)
- Tested with sabre-6quad:netnsh_smp (QEMU)
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
Testing for overflow by adding a value to a variable to see if it "wraps
around" works only for unsigned integer values, because signed overflow
has undefined behavior according to the C and C++ standards.
Signed-off-by: Mingjie Shen <shen497@purdue.edu>
If sendfile() is called with a zero count, it will nevertheless
try to send the data. This is mostly meaningless, it causes
waste of resources, and in some cases delays.
This commit adds special handling for this case, allowing
sendfile to return immediately zero. The new behavior is
in line with the Linux variant of sendfile.
Directly return -ENOTTY in rpmsgxxx_ioctl() when the command is
not supported to avoid fdsan command FIOC_SETTAG and FIOC_GETTAG
pass to the rpmsg dev/mtd/blk server with CONFIG_FDSAN enabled.
Signed-off-by: wangbowen6 <wangbowen6@xiaomi.com>
Use sigandset function instead of & operation,
because the sigset_t structure has been changed.
This PR is to adapt to the changes made in #8885.
Signed-off-by: zhangyuan21 <zhangyuan21@xiaomi.com>
In embedded development environments, due to the lack of address isolation between processes,
fd may be passed between processes and lead to misuse,
We have designed an fd cross-process automatic detection tool,
fdcheck_protect returns the fd containing the pid information,
indicating that the ownership of the current fd belongs to the pid and is not allowed to be used by other processes.
fdcheck_restore will obtain the true fd and check if the ownership of the fd is legal
For ease of understanding, let's give an example where
the following information is represented in 32-bit binary format
fd 00000000 00000000 00000000 10001010
pid 00000000 00000000 00000011 01010101
ret 00000000 00000011 01010101 10001010
Signed-off-by: hujun5 <hujun5@xiaomi.com>
When the file pointer is reopened, keep f_tag unchanged as fd remains unchanged
fix issue https://github.com/apache/nuttx/issues/9494
Signed-off-by: hujun5 <hujun5@xiaomi.com>