nuttx/mm
chao.an 27c888854d mm_heap/kasan: poison free node after return back the heap list
The free node is still in use after kasan_poison(), the node member
access will cause the assert report by kasan.

|  (gdb) bt
|  #0  kasan_report (addr=1743265406637584896, size=140737337053680, is_write=46) at kasan/kasan.c:97
|  #1  0x0000555555607bdd in __asan_loadN_noabort (addr=140737272831420, size=4) at kasan/kasan.c:289
|  #2  0x0000555555607cd7 in __asan_load4_noabort (addr=140737272831420) at kasan/kasan.c:323
|  #3  0x00005555556061ef in gmtime_r (timep=0x7ffff3275dbc, result=0x7ffff3275e10) at time/lib_gmtimer.c:301
|  #4  0x000055555560e507 in sim_rtc_rdtime (lower=0x55555576b780 <g_sim_rtc>, rtctime=0x7ffff3275e10) at sim/up_rtc.c:77
|  #5  0x00005555555fcbdb in up_rtc_gettime (tp=0x7ffff3275ef0) at timers/arch_rtc.c:128
|  #6  0x00005555555f08b4 in clock_systime_timespec (ts=0x7ffff3275ef0) at clock/clock_systime_timespec.c:72
|  #7  0x00005555555ecc77 in note_common (tcb=0x7ffff31d2180, note=0x7ffff3275f80, length=21 '\025', type=18 '\022') at sched/sched_note.c:144
|  #8  0x00005555555ed706 in sched_note_syscall_enter (nr=1, argc=0) at sched/sched_note.c:765
|  #9  0x000055555560eb37 in __wrap_getpid () at wraps/WRAP_getpid.c:26
|  #10 0x0000555555608d1c in mm_takesemaphore (heap=0x7ffff30ae000) at mm_heap/mm_sem.c:127
|  #11 0x0000555555609477 in mm_free (heap=0x7ffff30ae000, mem=0x7ffff3265b80) at mm_heap/mm_free.c:89
|  #12 0x00005555556070c5 in free (mem=0x7ffff3265b80) at umm_heap/umm_free.c:49
|  #13 0x000055555560c3b0 in up_release_stack (dtcb=0x7ffff31e4b00, ttype=0 '\000') at sim/up_releasestack.c:67
|  #14 0x00005555555f2515 in nxsched_release_tcb (tcb=0x7ffff31e4b00, ttype=0 '\000') at sched/sched_releasetcb.c:134
|  #15 0x00005555556bdf0c in nxtask_terminate (pid=4, nonblocking=true) at task/task_terminate.c:184
|  #16 0x00005555556bdb0f in nxtask_exit () at task/task_exit.c:168
|  #17 0x000055555566e05f in up_exit (status=0) at sim/up_exit.c:64
|  #18 0x000055555564f454 in _exit (status=0) at task/exit.c:78
|  #19 0x000055555560ea89 in __wrap__exit (parm1=0) at wraps/WRAP__exit.c:27
|  #20 0x00005555555eb288 in exit (status=0) at stdlib/lib_exit.c:54
|  #21 0x00005555555fe2cc in nxtask_startup (entrypt=0x555555670c34 <critmon_start_main>, argc=1, argv=0x7ffff3265bb0) at sched/task_startup.c:70
|  #22 0x00005555555f02a0 in nxtask_start () at task/task_start.c:134
|  #23 0x0000000000000000 in ?? ()

Signed-off-by: chao.an <anchao@xiaomi.com>
2022-08-02 01:45:08 +08:00
..
bin
circbuf mm/circbuf: add circ_peekat to read data with specified postion 2022-07-25 13:35:26 +08:00
iob Remove the private NULL, TRUE and FALSE macros 2022-07-31 22:12:57 +03:00
kasan
kbin
kmm_heap mm/mm_heap: change CONFIG_MM_BACKTRACE to int type 2022-07-26 23:45:31 +08:00
mm_gran fix array index range checking of gat[] in gran_alloc(). 2022-02-18 11:44:32 +08:00
mm_heap mm_heap/kasan: poison free node after return back the heap list 2022-08-02 01:45:08 +08:00
shm mm/shm: Initialize shm_info_s at the definition place 2022-03-12 15:06:39 -03:00
umm_heap mm/mm_heap: change CONFIG_MM_BACKTRACE to int type 2022-07-26 23:45:31 +08:00
Kconfig mm/mm_heap: change CONFIG_MM_BACKTRACE to int type 2022-07-26 23:45:31 +08:00
Makefile build: Fix dependencies of kernel targets. 2022-05-24 10:45:39 +08:00
README.txt

mm/README.txt
=============

This directory contains the NuttX memory management logic.  This include:

1) Standard Memory Management Functions:

   Standard Functions:

     The standard memory management functions as prototyped in stdlib.h as
     specified in the  Base definitions volume of IEEE Std 1003.1-2001.  This
     include the files:

     o Standard Interfaces: mm_malloc.c, mm_calloc.c, mm_realloc.c,
       mm_memalign.c, mm_free.c
     o Less-Standard Interfaces: mm_zalloc.c, mm_mallinfo.c
     o Internal Implementation: mm_initialize.c mm_sem.c  mm_addfreechunk.c
       mm_size2ndx.c mm_shrinkchunk.c
     o Build and Configuration files: Kconfig, Makefile

   Memory Models:

     o Small Memory Model.  If the MCU supports only 16-bit data addressing
       then the small memory model is automatically used.  The maximum size
       of the heap is then 64K.  The small memory model can also be forced
       MCUs with wider addressing by defining CONFIG_SMALL_MEMORY in the
       NuttX configuration file.
     o Large Memory Model.  Otherwise, the allocator uses a model that
       supports a heap of up to 4G.

     This implementation uses a variable length allocator with the following
     properties:

     o Overhead:  Either 8- or 4-bytes per allocation for large and small
       models, respectively.
     o Alignment:  All allocations are aligned to 8- or 4-bytes for large
       and small models, respectively.

   Multiple Heaps:

     This allocator can be used to manage multiple heaps (albeit with some
     non-standard interfaces).  A heap is represented by struct mm_heap_s
     as defined in the file include/nuttx/mm/mm.h.  To create another heap
     instance, you would allocate a heap structure, most likely statically
     in memory:

       include <nuttx/mm/mm.h>
       static struct mm_heap_s *g_myheap;

     Then initialize the heap using:

       g_myheap = mm_initialize(myheap_start, myheap_size);

     Where mm_initialize() and all related interfaces are prototyped in the
     header file include/nuttx/mm/mm.h.

     After the new heap instance has been initialized, it can then be used
     with these almost familiar interfaces: mm_malloc(), mm_realloc(), mm_free(),
     etc.  These are 'almost familiar' because they are analogous of the
     standard malloc(), realloc(), free(), etc. except that they expect a
     reference to the initialized heap structure as the first parameter.

     In fact, the standard malloc(), realloc(), free() use this same mechanism,
     but with a global heap structure called g_mmheap.

   User/Kernel Heaps

     This multiple heap capability is exploited in some of the more complex NuttX
     build configurations to provide separate kernel-mode and user-mode heaps.

   Sub-Directories:

     mm/mm_heap  - Holds the common base logic for all heap allocators
     mm/umm_heap - Holds the user-mode memory allocation interfaces
     mm/kmm_heap - Holds the kernel-mode memory allocation interfaces

   Debugging:

    Please follow these steps to hook all memory related routines:

    1.Add a new header file(e.g. xxx_malloc.h):

      ...
      #include <malloc.h>
      #include <stdlib.h>
      #include <string.h>
      #include <strings.h>

      #ifndef __ASSEMBLY__
      FAR void *xxx_malloc(FAR const char *file, int line, size_t size);
      void xxx_free(FAR const char *file, int line, FAR const void *ptr);
      FAR void *xxx_memcpy(FAR const char *file, int line,
                           FAR void *dst, FAR const void *src, size_t len);
      ...
      #define malloc(s) xxx_malloc(__FILE__, __LINE__, s)
      #define free(p) xxx_free(__FILE__, __LINE__, p)
      #define memcpy(d, s, l) xxx_memcpy(__FILE__, __LINE__, d, s, l)
      ...
      #endif
      ...

    2.Implement xxx_malloc, xxx_free, xxx_memcpy... in source code, you can:
      a.Modify some arguments(e.g. extend the allocation size for redzone)
      d.Check the critical arguments(e.g. pointer and length) in the range 
      b.Forward to the original implementation(call malloc/free/memcpy)
      c.Attach the context info(e.g. file and line) before return

    3.Enable the hook by either:
      a.Include xxx_malloc.h in your source code to hook one file
      b.Add -include xxx_malloc.h to CFLAGS to hook all source code

2) Granule Allocator.

     A non-standard granule allocator is also available in this directory  The
     granule allocator allocates memory in units of a fixed sized block ("granule").
     Allocations may be aligned to a user-provided address boundary.

     The granule allocator interfaces are defined in nuttx/include/nuttx/mm/gran.h.
     The granule allocator consists of these files in this directory:

       mm_gran.h, mm_granalloc.c, mm_grancritical.c, mm_granfree.c
       mm_graninit.c

     The granule allocator is not used anywhere within the base NuttX code
     as of this writing.  The intent of the granule allocator is to provide
     a tool to support platform-specific management of aligned DMA memory.

     NOTE: Because each granule may be aligned and each allocation is in
     units of the granule size, selection of the granule size is important:
     Larger granules will give better performance and less overhead but more
     losses of memory due to quantization waste.  Additional memory waste
     can occur from alignment;  Of course, heap alignment should no be
     used unless (a) you are using the granule allocator to manage DMA memory
     and (b) your hardware has specific memory alignment requirements.

     The current implementation also restricts the maximum allocation size
     to 32 granules.  That restriction could be eliminated with some
     additional coding effort, but currently requires larger granule
     sizes for larger allocations.

   General Usage Example.

     This is an example using the GCC section attribute to position a DMA
     heap in memory (logic in the linker script would assign the section
     .dmaheap to the DMA memory.

        FAR uint32_t g_dmaheap[DMAHEAP_SIZE] locate_data(.dmaheap);

     The heap is created by calling gran_initialize.  Here the granule size
     is set to 64 bytes and the alignment to 16 bytes:

       GRAN_HANDLE handle = gran_initialize(g_dmaheap, DMAHEAP_SIZE, 6, 4);

     Then the GRAN_HANDLE can be used to allocate memory:

       FAR uint8_t *dma_memory = (FAR uint8_t *)gran_alloc(handle, 47);

     The actual memory allocates will be 64 byte (wasting 17 bytes) and
     will be aligned at least to (1 << log2align).

   Sub-Directories:

     mm/mm_gran - Holds the granule allocation logic

3) Page Allocator

   The page allocator is an application of the granule allocator.  It is a
   special purpose memory allocator intended to allocate physical memory
   pages for use with systems that have a memory management unit (MMU).

   Sub-Directories:

     mm/mm_gran - The page allocator cohabits the same directory as the
       granule allocator.

4) Shared Memory Management

   When NuttX is build in kernel mode with a separate, privileged, kernel-
   mode address space and multiple, unprivileged, user-mode address spaces,
   then shared memory regions must also be managed.  Shared memory regions
   are user-accessible memory regions that can be attached into the user
   process address space for sharing between user process.

   Sub-Directories:

     mm/shm - The shared memory logic

   The shared memory management logic has its own README file that can be
   found at nuttx/mm/shm/README.txt.

5) I/O Buffers

   The iob subdirectory contains a simple allocator of I/O buffers.  These
   I/O buffers, IOBs, are used extensively for networking but are generally
   available for usage by drivers.  The I/O buffers have these properties:

   1. Uses a pool of a fixed number of fixed fixed size buffers.
   2. Free buffers are retained in free list:  When a buffer is allocated
      it is removed from the free list; when a buffer is freed it is
      returned to the free list.
   3. The calling application will wait if there are not free buffers.