you can debug nuttx through any transport layer (serial port, network etc.),
currently supports the following functions:
1. Read and write registers
2. Read and write memory
3. Switch thread and read stack information
Future support plans:
1. Support breakpoint, watch point (requires architecture support).
related information:
https://sourceware.org/gdb/onlinedocs/gdb/Remote-Protocol.html
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
libs/libc/stdio/lib_libgetstreams.c: C source, UTF-8 Unicode text
->
libs/libc/stdio/lib_libgetstreams.c: C source, ASCII text
Signed-off-by: chao an <anchao@xiaomi.com>
1. the getpgid function can help to pass the
ltp/open_posix_testsuite/killpg related testcases
2. NuttX do not support process group, so we use the process id as
process group id
3. the implementation are referred to: https://pubs.opengroup.org/onlinepubs/9699919799/functions/getpgid.html
Signed-off-by: guoshichao <guoshichao@xiaomi.com>
sysconf add param _SC_THREAD_STACK_MIN deal
make the pthread_exit pass the ltp/open_posix_testsuite/pthread_exit/1-2.c testcase
(1) in pthread_exit/1-2.c testcase, if sysconf(_SC_THREAD_STACK_MIN) % sysconf(_SC_PAGESIZE) is not zero, will report error and test failed, so set CONFIG_PTHREAD_STACK_MIN as DEFAULT_MM_PGSIZE`s default value.
(2) in function sysconf add param _SC_THREAD_STACK_MIN deal.
Signed-off-by: yanghuatao <yanghuatao@xiaomi.com>
1. as we can use fork to implement vfork, so we rename the vfork to
fork, and use the fork method as the base to implement vfork method
2. create the vfork function as a libc function based on fork
function
Signed-off-by: guoshichao <guoshichao@xiaomi.com>
In nuttx function pthread_rwlock_init param attr is useless, so remove it to make rwlock_init pass rwlock_init/1-1.c and rwlock_init/3-1.c testcases.
Signed-off-by: yanghuatao <yanghuatao@xiaomi.com>
Prototype:
unsigned long strtoul(FAR const char *nptr, FAR char **endptr, int base);
unsigned long long strtoull(FAR const char *nptr, FAR char **endptr, int base);
If endptr is not NULL, strtoul()/strtoull() should store the address of the first
invalid character in *endptr. And if the correct value is outside the range of
representable values, {ULONG_MAX} or {ULLONG_MAX} shall be returned and errno set
to [ERANGE].
With such code:
strtoul("34592348345343453453455645765736575865767", &endptr, 10);
It indeed returns ULONG_MAX and sets errno to ERANGE. But after strtoul
return, endptr points to "3455645765736575865767", not NULL.
Signed-off-by: Sunny <zxcvbnm37425@gmail.com>
For "%e" conversion, the exponent always contains at least two digits.
That means if the value is zero, the exponent is 00, not 0.
Such as code:
printf(buffer, sizeof(buffer), "%e", 1.232323232323);
printf(buffer, sizeof(buffer), "%e", 12.32323232323);
printf(buffer, sizeof(buffer), "%e", 123.2323232323);
Expected output:
1.232323e+00
1.232323e+01
1.232323e+02
But real output:
1.232323e+0
1.232323e+1
1.232323e+2
Signed-off-by: Sunny <zxcvbnm37425@gmail.com>
1. Update all CMakeLists.txt to adapt to new layout
2. Fix cmake build break
3. Update all new file license
4. Fully compatible with current compilation environment(use configure.sh or cmake as you choose)
------------------
How to test
From within nuttx/. Configure:
cmake -B build -DBOARD_CONFIG=sim/nsh -GNinja
cmake -B build -DBOARD_CONFIG=sim:nsh -GNinja
cmake -B build -DBOARD_CONFIG=sabre-6quad/smp -GNinja
cmake -B build -DBOARD_CONFIG=lm3s6965-ek/qemu-flat -GNinja
(or full path in custom board) :
cmake -B build -DBOARD_CONFIG=$PWD/boards/sim/sim/sim/configs/nsh -GNinja
This uses ninja generator (install with sudo apt install ninja-build). To build:
$ cmake --build build
menuconfig:
$ cmake --build build -t menuconfig
--------------------------
2. cmake/build: reformat the cmake style by cmake-format
https://github.com/cheshirekow/cmake_format
$ pip install cmakelang
$ for i in `find -name CMakeLists.txt`;do cmake-format $i -o $i;done
$ for i in `find -name *\.cmake`;do cmake-format $i -o $i;done
Co-authored-by: Matias N <matias@protobits.dev>
Signed-off-by: chao an <anchao@xiaomi.com>
* build-globals.sh
- Macros for defining symbols etc. based on assembler in use
- Use the System.map to get all the nuttx symbols
* libs/libc/modlib/modlib_globals.S
- Provide an empty skeleton. If the dynamic loading functions
are required then run build-global.sh after a clean build
using the skeleton. This will fill out the skeleton with the
symbols to be available to dynamically loaded modules.
* libs/libc/modlib/modlib_loadhdrs.c
- Fix case where there are no program headers are avaiable
If cancellation points are enabled, then the following logic is activated in sem_wait(). This causes ECANCELED to be returned every time that sem_wait is called.
int sem_wait(FAR sem_t *sem)
{
...
/* sem_wait() is a cancellation point */
if (enter_cancellation_point())
{
#ifdef CONFIG_CANCELLATION_POINTS
/* If there is a pending cancellation, then do not perform
* the wait. Exit now with ECANCELED.
*/
errcode = ECANCELED;
goto errout_with_cancelpt;
#endif
}
...
Normally this works fine. sem_wait() is the OS API called by the application and will cancel the thread just before it returns to the application. Since it is cancellation point, it should never be called from within the OS.
There there is is one perverse cases where sem_wait() may be nested within another cancellation point. If open() is called, it will attempt to lock a VFS data structure and will eventually call nxmutex_lock(). nxmutex_lock() waits on a semaphore:
int nxmutex_lock(FAR mutex_t *mutex)
{
...
for (; ; )
{
/* Take the semaphore (perhaps waiting) */
ret = _SEM_WAIT(&mutex->sem);
if (ret >= 0)
{
mutex->holder = _SCHED_GETTID();
break;
}
ret = _SEM_ERRVAL(ret);
if (ret != -EINTR && ret != -ECANCELED)
{
break;
}
}
...
}
In the FLAT build, _SEM_WAIT expands to sem_wait(). That causes the error in the logic: It should always expand to nxsem_wait(). That is because sem_wait() is cancellation point and should never be called from with the OS or the C library internally.
The failure occurs because the cancellation point logic in sem_wait() returns -ECANCELED (via _SEM_ERRVAL) because sem_wait() is nested; it needs to return the -ECANCELED error to the outermost cancellation point which is open() in this case. Returning -ECANCELED then causes an infinite loop to occur in nxmutex_lock().
The correct behavior in this case is to call nxsem_wait() instead of sem_wait(). nxsem_wait() is identical to sem_wait() except that it is not a cancelation point. It will return -ECANCELED if the thread is canceled, but only once. So no infinite loop results.
In addition, an nxsem_wait() system call was added to support the call from nxmutex_lock().
This resolves Issue #9695
* libs/libc/machine/arm/armv7-m/arch_elf.c
- Fix cast of error message parameters
* build-globals.sh
- Build the modlib_globals.S file used to resolve symbols when dynamically loading
* libs/libc/modlib/Make.defs
- Build modlib_globals.S for all targets
* libs/libc/modlib/modlib_load.c
- Calculate sizes and text/data addresses based on program headers rather than section headers
- Handle objects with no program headers
* libs/libc/modlib/modlib_bind.c
- Call modlib_readsym with pointer to symbol table
- Add modlib_relocatedyn to manage relocation of symbols with shared object (ET_DYN)
- Differentiate between ET_REL and ET_DYN objects
- Use arch independent symbol ELF_R_SYM
- Cast sizes to avoid warnings
* libs/libc/modlib/modlib_load.c
- Cast sizes to avoid warnings
* include/elf.h
- Add definitions that may be found in shared objects
* include/nuttx/lib/modlib.h
- Add parameter to modlib_readsym prototype
- Add prototypes for:
- modlib_insertsymtab
- modlib_findglobal
- Define Elf_Dyn and Elf_Off according to the elf architecture
- Add fields to mod_loadifno_s:
- Program headers
- Exported symbols
- Data section address
- Padding requirement
- Section index for dynamic symbol table
- Number of symbols exported
- Add prottotype for modlib_freesymtab
* libs/libc/dlfcn/lib_dlclose.c
- Free the symbol table when the dll is closed
* libs/libc/dlfcn/lib_dlopen.c
- Add dump of program headers to debug routine
- Differentiate between ET_REL and ET_DYN objects
* libs/libc/machine/arm/armv7-m/arch_elf.c
- Add handling of R_ARM_RELATIVE and R_ARM_JUMP slot relocation types
* libs/libc/modlib/modlib_loadshdrs.c
- Rename modlib_loadshdrs.c to modlib_loadhdrs.c
- Rename modlib_loadshdrs to modlib_loadhdrs
- Add code to load program headers
* libs/libc/modlib/modlib_symbols.c
- Define entry point structure
- Add offset parameter to modlib_symname() and use to find symbol names
- Add symtab section header parameter to modlib_readsym()
- Add offset parameter to modlib_symvalue() to locate symbol names
- Add modlib_insertsyntab() to create a symbol table for exporting and resolution
- Add findEP() to resolve a symbol in the modlib_global table
- Add modlib_findglobal() to find symbol in the modlib_global table
- Add modlib_freesymtab() to free the symbol table
* libs/libc/modlib/modlib_uninit.c
- Free header and sections from a module_loadinfo_s control block
* libs/libc/modlib/modlib_verify.c
- Handle ET_DYN shared objects
* libs/libc/modlib/modlib_globals.S
- Multi-target global table
- Define library APIs that may be resolved when loading a shared object
With double value=3.141593 initialized in va_list ap,
such code:
vsnprintf(buffer, sizeof(buffer), "%#.0f", ap);
expected output string: "3."
but real output string: ".3"
Signed-off-by: Sunny <zxcvbnm37425@gmail.com>
1. the lio_sigsetup() method use a universal sighand instance across all
aiocb instances, but inside the lio_sighandler() method, if one aiocb is
handle finished, then this method will free the sighand instance that
come along with current aiocb instance. thus when handle next aiocb
instance, use-after-free crash will happen. in order to solve this
problem, we make each aiocb instance have their own sighand instance
2. make the lio_listio implementation can pass the
ltp/open_posix_testsuite/lio_listio testcases
3. the modification are referred to https://pubs.opengroup.org/onlinepubs/9699919799/functions/lio_listio.html
Signed-off-by: guoshichao <guoshichao@xiaomi.com>
Separately checking the state of a file before operating on it may allow
an attacker to modify the file between the two operations.
Reference:
CWE-367
4290aed051/sysdeps/posix/remove.c (L29-L41)
Signed-off-by: Mingjie Shen <shen497@purdue.edu>
1. the killpg function can make all the
ltp/open_posix_testsuite/killpg testcaes passed
2. Nuttx do not support process group, so we use kill process instead
3. the implementation are referred to:
https://pubs.opengroup.org/onlinepubs/9699919799/functions/killpg.html
Signed-off-by: guoshichao <guoshichao@xiaomi.com>
since symbols defined in arch/elf.h is also used in other case, for example:
CC: pthread/pthread_testcancel.c machine/arm/gnu_unwind_find_exidx.c:32:8: error: unknown type name '__EIT_entry'
32 | static __EIT_entry *__exidx_start_elf;
| ^~~~~~~~~~~
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
1. the getpgrp function can help to pass the ltp/open_posix_teststuite/killpg related testcases
2. Nuttx do not support process group, so we use getpid to implement this
3. the implementation are referred to: https://pubs.opengroup.org/onlinepubs/9699919799/functions/getpgrp.html
Signed-off-by: guoshichao <guoshichao@xiaomi.com>
This PR is a modification that optimizes priority inheritance
for only one holder. After the above modifications are completed,
the mutex lock->unlock process that supports priority inheritance
can be optimized by 200 cycles.
Before modify: 2000 cycle
After modify: 1742 cycle
Signed-off-by: zhangyuan21 <zhangyuan21@xiaomi.com>
In many cases, it is legal for the child process to use the fd
created by the parent process,
so to improve compatibility, we allow the child process
to use the fd of the Parent process.
Signed-off-by: hujun5 <hujun5@xiaomi.com>
use PTHREAD_CLEANUP_STACKSIZE to enable or disable interfaces pthread_cleanup_push() and pthread_cleanup_pop().
reasons:(1)same as TLS_TASK_NELEM (2)it is no need to use two variables
Signed-off-by: yanghuatao <yanghuatao@xiaomi.com>
In embedded development environments, due to the lack of address isolation between processes,
fd may be passed between processes and lead to misuse,
We have designed an fd cross-process automatic detection tool,
fdcheck_protect returns the fd containing the pid information,
indicating that the ownership of the current fd belongs to the pid and is not allowed to be used by other processes.
fdcheck_restore will obtain the true fd and check if the ownership of the fd is legal
For ease of understanding, let's give an example where
the following information is represented in 32-bit binary format
fd 00000000 00000000 00000000 10001010
pid 00000000 00000000 00000011 01010101
ret 00000000 00000011 01010101 10001010
Signed-off-by: hujun5 <hujun5@xiaomi.com>
in the initial impl, the regex is depends on ALLOW_MIT_COMPONENTS, and
if other modules want to use regex, also needs to depends on
ALLOW_MIT_COMPONENTS, which is ambiguity, so we provide a seperate
kconfig option for regex: LIBC_REGEX, which is depends on
ALLOW_MIT_COMPONENTS, but is enabled by default. Thus if
ALLOW_MIT_COMPONENTS is enabled, then the LIBC_REGEX is also enabled
either automatically, and this is more clear than controlled by
ALLOW_MIT_COMPONENTS option only.
Signed-off-by: guoshichao <guoshichao@xiaomi.com>
- Linux: What inside /etc/hosts comes first.
- NuttX: Even if we write a domain in /etc/hosts, we still use DNS
result instead of hosts lines. This patch change this behavior.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
Add the `LIBC_PREVENT_STRING_KERNEL` and `LIBC_PREVENT_STRING_USER`
that are meant to be selected by the chip if no libc implementation
is going to be built. If selected, neither NuttX's software version
of the libc nor any architecture-specific implementation will be
built in the kernel or in the userspace, respectively. In this
case, the linker may provide a ROM-defined version of the libc
functions instead.
FD (file descriptor) is widely used in system software development,
and almost all implementations of posix os (including nuttx) use FD as an index.
the value of fd needs to be allocated starting from the minimum available value of 3, and each process has a copy,
so the same fd value is very easy to reuse in the program.
In multi threaded or multi process environments without address isolation,
If the ownership, global variables, and competition relationships of fd are not properly handled,
there may be issues with fd duplication or accidental closure.
Further leading to the following issues, which are difficult to troubleshoot.
1. Security vulnerability: the fd we wrote is not the expected fd and will be accessed by hackers to obtain data
2. Program exceptions or crashes: write or read fd failures, and program logic errors
3. The structured file XML or database is damaged: the data format written to the database is not the expected format.
The implementation principle of fdsan is based on the implementation of Android
https://android.googlesource.com/platform/bionic/+/master/docs/fdsan.md
Signed-off-by: hujun5 <hujun5@xiaomi.com>
https://pubs.opengroup.org/onlinepubs/9699919799/functions/pthread_setcancelstate.html
The pthread_setcancelstate() function may fail if:
[EINVAL]
The specified state is not PTHREAD_CANCEL_ENABLE or PTHREAD_CANCEL_DISABLE.
The pthread_setcanceltype() function may fail if:
[EINVAL]
The specified type is not PTHREAD_CANCEL_DEFERRED or PTHREAD_CANCEL_ASYNCHRONOUS.
Signed-off-by: zhangyuan21 <zhangyuan21@xiaomi.com>
https://pubs.opengroup.org/onlinepubs/9699919799/functions/pthread_once.html
If an implementation detects that the value specified by the once_control
argument to pthread_once() does not refer to a pthread_once_t object
initialized by PTHREAD_ONCE_INIT, it is recommended that the function
should fail and report an [EINVAL] error.
Signed-off-by: zhangyuan21 <zhangyuan21@xiaomi.com>
=================================================================
==2920138==ERROR: AddressSanitizer: invalid-pointer-pair: 0x603000000130 0x000000000000
#0 0x5602d3c6a89d in qsort stdlib/lib_qsort.c:180
#1 0x5602d3c28928 in romfs_cachenode romfs/fs_romfsutil.c:503
#2 0x5602d3c2854d in romfs_cachenode romfs/fs_romfsutil.c:486
#3 0x5602d3c2b056 in romfs_fsconfigure romfs/fs_romfsutil.c:777
#4 0x5602d3c24856 in romfs_bind romfs/fs_romfs.c:1111
#5 0x5602d3bf5179 in nx_mount mount/fs_mount.c:427
#6 0x5602d3bf5796 in mount mount/fs_mount.c:539
#7 0x5602d3bc1154 in nsh_romfsetc apps/nshlib/nsh_romfsetc.c:110
#8 0x5602d3b8f38d in nsh_initialize apps/nshlib/nsh_init.c:127
#9 0x5602d3b8f2b7 in nsh_main apps/system/nsh/nsh_main.c:69
#10 0x5602d3b7a3a6 in nxtask_startup sched/task_startup.c:70
#11 0x5602d3b5de89 in nxtask_start task/task_start.c:134
0x603000000130 is located 0 bytes inside of 32-byte region [0x603000000130,0x603000000150)
allocated by thread T0 here:
#0 0x7fcdac74793c in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226
#1 0x5602d3c9024e in host_memalign sim/posix/sim_hostmemory.c:180
#2 0x5602d3c907d2 in host_realloc sim/posix/sim_hostmemory.c:222
#3 0x5602d3b8aaff in mm_realloc sim/sim_heap.c:262
#4 0x5602d3b87a6a in realloc umm_heap/umm_realloc.c:91
#5 0x5602d3c280c4 in romfs_cachenode romfs/fs_romfsutil.c:466
#6 0x5602d3c2854d in romfs_cachenode romfs/fs_romfsutil.c:486
#7 0x5602d3c2b056 in romfs_fsconfigure romfs/fs_romfsutil.c:777
#8 0x5602d3c24856 in romfs_bind romfs/fs_romfs.c:1111
#9 0x5602d3bf5179 in nx_mount mount/fs_mount.c:427
#10 0x5602d3bf5796 in mount mount/fs_mount.c:539
#11 0x5602d3bc1154 in nsh_romfsetc apps/nshlib/nsh_romfsetc.c:110
#12 0x5602d3b8f38d in nsh_initialize apps/nshlib/nsh_init.c:127
#13 0x5602d3b8f2b7 in nsh_main apps/system/nsh/nsh_main.c:69
#14 0x5602d3b7a3a6 in nxtask_startup sched/task_startup.c:70
#15 0x5602d3b5de89 in nxtask_start task/task_start.c:134
Address 0x000000000000 is a wild pointer.
SUMMARY: AddressSanitizer: invalid-pointer-pair stdlib/lib_qsort.c:180 in qsort
==2920138==ABORTING
Aborted (core dumped)
Signed-off-by: chao an <anchao@xiaomi.com>