In order to turn longjmp context-switch safe, it's necessary
to disable interrupts before modifying windowbase and windowstart.
Otherwise, after a context switch, windowstart and windowbase
would be different, leading to a wrongly set windowstart bit due to
longjmp writing it based on the windowbase before the context switch.
This corrupts the registers at the next window overflow reaching
that wrongly set bit.
*Background:*
This PR is related to an issue first observed on ESP-IDF
https://github.com/espressif/esp-idf/issues/5229 and it was, then,
checked on NuttX using a test application.
*The test application:*
To check if the problem affects ESP32, ESP32-S2 and ESP32-S3 on
NuttX, it was created an application based on:
https://en.cppreference.com/w/c/program/longjmp
The application creates 16 tasks (`#define NUMBER_OF_TASKS 16`)
that implements the following daemon:
```
static int setjmp_longjmp_daemon(int argc, char *argv[])
{
for (int i = 0; i < NUMBER_OF_TASKS * 2; i++)
{
jmp_buf env;
volatile int count = 0;
if (setjmp(env) != UINT16_MAX)
{
foo(&env, ++count);
}
}
sem_post(&g_sem);
return EXIT_SUCCESS;
}
```
The main function also initializes a semaphore to avoid application
exiting before tasks return successfully:
```
sem_init(&g_sem, 0, -NUMBER_OF_TASKS);
```
Finally, the round-robin interval was lowered to 1ms to raise the
chances of the longjmp being interrupted by a context switch
(`CONFIG_RR_INTERVAL=1).
This setup was able to reproduce the problem prior to this patch
being applied.
It takes about 10 cycles to obtain the task list according to the task
status. In most cases, we know the task status, so we can directly
add the task from the specified task list to reduce time consuming.
It takes about 10 cycles to obtain the task list according to the task
status. In most cases, we know the task status, so we can directly
delete the task from the specified task list to reduce time consuming.
- Add ioctl method to enable allocating the apb buffer.
- Add RX methods to set data width, sample rate, channels and
for receiving data from the I2S peripheral.
- Update the i2schar defconfig to enable the I2S receiver.
- Add nxlooper defconfig to enable testing the RX interface.
- Add specific bindings on ESP32-S2 bringup to enable nxlooper
to work without the need of any specific codec.
- Add ioctl method to enable allocating the apb buffer.
- Add RX methods to set data width, sample rate, channels and
for receiving data from the I2S peripheral.
- Update the i2schar defconfig to enable the I2S receiver.
- Add nxlooper defconfig to enable testing the RX interface.
- Add specific bindings on ESP32 bringup to enable nxlooper
to work without the need of any specific codec.
In the past, header file paths were generated by the incdir command
Now they are generated by concatenating environment variables
In this way, when executing makefile, no shell command will be executed,
it will improve the speed of executing makfile
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
- Reduce "SPI Flash configuration" menu dependency on SPI Flash driver
just to MTD-related configs.
- Move SPI Flash Mode and Frequency configs to SPI Flash configuration
menu.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
Add initial support for the I2S peripheral on ESP32S2.
Add I2S character driver and generic I2S audio driver.
Include i2schar defconfig for ESP32-S2-Saola-1 board.
Add initial support for the I2S peripheral on ESP32.
Add I2S character driver and generic I2S audio driver.
Include i2schar defconfig for ESP32-DevKitC board.
Situation:
Assume we have 2 cpus, and busy run task0.
CPU0 CPU1
task0 -> task1 task2 -> task0
1. remove task0 form runninglist
2. take task1 as new tcb
3. add task0 to blocklist
4. clear spinlock
4.1 remove task2 form runninglist
4.2 take task0 as new tcb
4.3 add task2 to blocklist
4.4 use svc ISR swith to task0
4.5 crash
5. use svc ISR swith to task1
Fix:
Move clear spinlock to the end of svc ISR
Signed-off-by: ligd <liguiding1@xiaomi.com>
==2117790==ERROR: AddressSanitizer: global-buffer-overflow on address 0x64d9e3c0 at pc 0x59ac4e16 bp 0xcefe8058 sp 0xcefe8048
READ of size 1 at 0x64d9e3c0 thread T0
#0 0x59ac4e15 in up_nputs sim/up_nputs.c:54
#1 0x59a67e4c in syslog_default_write syslog/syslog_channel.c:220
#2 0x59a67823 in syslog_default_write syslog/syslog_write.c:101
#3 0x59a67f10 in syslog_write syslog/syslog_write.c:153
#4 0x59a651c3 in syslogstream_flush syslog/syslog_stream.c:60
#5 0x59a6564e in syslogstream_addchar syslog/syslog_stream.c:104
#6 0x59a6576f in syslogstream_putc syslog/syslog_stream.c:140
#7 0x5989fc4d in vsprintf_internal stdio/lib_libvsprintf.c:952
#8 0x598a1298 in lib_vsprintf stdio/lib_libvsprintf.c:1379
#9 0x59a64ea4 in nx_vsyslog syslog/vsyslog.c:223
#10 0x598a601a in vsyslog syslog/lib_syslog.c:68
#11 0x59b0e3dc in AIOTJS::logPrintf(int, char const*, ...) src/ajs_log.cpp:45
#12 0x59b03d56 in jse_dump_obj src/jse/quickjs/jse_quickjs.cpp:569
#13 0x59b03ea1 in jse_dump_error1(JSContext*, unsigned long long) src/jse/quickjs/jse_quickjs.cpp:602
#14 0x59b03dd9 in jse_dump_error(JSContext*) src/jse/quickjs/jse_quickjs.cpp:591
#15 0x59bed615 in ferry::DomComponent::callHook(char const*) src/framework/dom/component.cpp:65
#16 0x59bfe0ff in ferry::DomComponent::initialize() src/framework/dom/component.cpp:645
#17 0x59bb141d in dom_create_component(JSContext*, unsigned long long, unsigned long long, unsigned long long) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x365c41d)
#18 0x59b4c0d3 in AIOTJS::__createComponent(JSContext*, unsigned long long, int, unsigned long long*) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x35f70d3)
#19 0x5a56ec17 in js_call_c_function quickjs/quickjs.c:16108
Signed-off-by: wangbowen6 <wangbowen6@xiaomi.com>
so the user could disable the full image instrumentation,
but enable the instrumentation by files or directories.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
so the user could disable the full image instrumentation,
but enable the instrumentation by files or directories.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
without UBSan
```
text data bss dec hex filename
85612 208 142258 228078 37aee nuttx
```
with UBSan:
```
text data bss dec hex filename
194290 98164 208634 501088 7a560 nuttx
```
```c
int main(int argc, FAR char *argv[])
{
uint32_t ptr[32];
printf("Hello, World!! %lu\n", ptr[64]);
return 0;
}
```
Try to run this sample:
```
nsh> hello
ubsan_prologue: ================================================================================
ubsan_prologue: UBSAN: array-index-out-of-bounds in hello_main.c:39:37
__ubsan_handle_out_of_bounds: index 64 is out of range for type 'uint32_t [32]'
ubsan_epilogue: ================================================================================
Hello, World!! 1070182368
nsh>
```
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
- Introduce the ESP32_WIFI option to replace the broader
ESP32_WIRELESS option. ESP32_WIRELESS is used by both WIFI and BLE.
- Move common functions from esp32_wifi_adapter to esp32_wireless.
- Change the order of including the external libraries to avoid undefined references.
Signed-off-by: Abdelatif Guettouche <abdelatif.guettouche@espressif.com>
forget to update in this patch:
commit b02db04e00
Author: Xiang Xiao <xiaoxiang@xiaomi.com>
Date: Sun Jun 5 17:10:19 2022 +0800
arch/assert: Keep the thread dump column order same as ps
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
