Extracting global variable information using scripts:
kasan_global.py:
1. Extract the global variable information provided by the -- param asan globals=1 option
2. Generate shadow regions for global variable out of bounds detection
Makefile:
1. Implement multiple links, embed the shadow area into the program, and call it by the Kasan module
Signed-off-by: W-M-R <mike_0528@163.com>
In SMP mode, up_cpu_index()/this_cpu() are the same, both return the index of the physical core.
In AMP mode, up_cpu_index() will return the index of the physical core, and this_cpu() will always return 0
| #ifdef CONFIG_SMP
| # define this_cpu() up_cpu_index()
| #elif defined(CONFIG_AMP)
| # define this_cpu() (0)
| #else
| # define this_cpu() (0)
| #endif
Signed-off-by: chao an <anchao@lixiang.com>
These variables will trigger variable 'ret' set but not used warnings due to different configurations.
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
ctc E246: ["map/mm_map.c" 67/41] left side of '.' or '->' is not struct or union
ctc E260: ["map/mm_map.c" 67/25] not an lvalue
ctc E246: ["map/mm_map.c" 80/3] left side of '.' or '->' is not struct or union
ctc E260: ["map/mm_map.c" 80/3] not an lvalue
Signed-off-by: chao an <anchao@lixiang.com>
After this, RISC-V fully supports the kmap interface.
Due to the current design limitations of having only a single L2 table
per process, the kernel kmap area cannot be mapped via any user page
directory, as they do not contain the page tables to address that range.
So a "kernel address environment" is added, which can do the mapping. The
mapping is reflected to every process as only the root page directory (L1)
is copied to users, which means every change to L2 / L3 tables will be
seen by every user.
Mapping a physical page to a kernel virtual page is very simple and does
not need the kernel vma list, just get the kernel addressable virtual
address for the page.
is_kmap_vaddr is added and used to test that a given (v)addr is actually
inside the kernel map area. This gives a speed optimization for kmm_unmap,
as it is no longer necessary to take the mm_map_lock to check if such a
mapping exists; obviously if the address is not within the kmap area, it
won't be in the list either.
User pages are mapped from the currently active address environment. If
the process is running on a borrowed address environment, then the
mapping should be created from there.
This happens during (new) process creation only.
rndis header length is 36, L2 header is 14, IPv6 header is 40, tcp header is 56 when sack option count is 4(default max_ofosegs is 4). so the iob bufsize should greater than we need.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
Modification based on opengroup's description for shmget: "When the shared memory segment is created, it shall be initialized with all zero values."
Link to documentation page for shmget: https://pubs.opengroup.org/onlinepubs/9699919799/
If we apply `iob_reserve` on an IOB with `io_offset != 0`, the `head->io_pktlen` and `iob->io_len` will become wrong value, because we only need to trim `offset - iob->io_offset`.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
if there are two throttled wait, when iob_free occurs, one of wait
will be awakened to execute iob_alloc_committed, but it will fail
to execute, sem will be posted at this time, then another wait will
be awakened. after the other wait thread is awakened, This step is
repeated. the two threads are in the critical_section state and
cannot be switched to other threads. then cpu will busy util timeout.
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
If malloc chunk fails, and if malloc fails to dump all memory,
it will cause deadlock in multiple_mempool_info
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
No memory map count limit that will exhaust memory and cause
the system hang. Also that fix pass LTP posix case mmap/24-1.c
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
When other code use nuttx memory manager by call mm_xx api directly,
it better to let other code to control weather dump or panic when
malloc failed.
Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>
The circbuf_peekat should copy valid content from the specfied position
of buffer, so skip the area from this position to the tail.
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
1. command "memdump leak" can dump the leacked memory node;
2. fix the leak memory stat bug in memory manager;
Signed-off-by: wangbowen6 <wangbowen6@xiaomi.com>
1. Update all CMakeLists.txt to adapt to new layout
2. Fix cmake build break
3. Update all new file license
4. Fully compatible with current compilation environment(use configure.sh or cmake as you choose)
------------------
How to test
From within nuttx/. Configure:
cmake -B build -DBOARD_CONFIG=sim/nsh -GNinja
cmake -B build -DBOARD_CONFIG=sim:nsh -GNinja
cmake -B build -DBOARD_CONFIG=sabre-6quad/smp -GNinja
cmake -B build -DBOARD_CONFIG=lm3s6965-ek/qemu-flat -GNinja
(or full path in custom board) :
cmake -B build -DBOARD_CONFIG=$PWD/boards/sim/sim/sim/configs/nsh -GNinja
This uses ninja generator (install with sudo apt install ninja-build). To build:
$ cmake --build build
menuconfig:
$ cmake --build build -t menuconfig
--------------------------
2. cmake/build: reformat the cmake style by cmake-format
https://github.com/cheshirekow/cmake_format
$ pip install cmakelang
$ for i in `find -name CMakeLists.txt`;do cmake-format $i -o $i;done
$ for i in `find -name *\.cmake`;do cmake-format $i -o $i;done
Co-authored-by: Matias N <matias@protobits.dev>
Signed-off-by: chao an <anchao@xiaomi.com>
This adds functionality to map pages dynamically into kernel virtual
memory. This allows implementing I/O remap for example, which is a useful
(future) feature.
Now, the first target is to support mapping user pages for the kernel.
Why? There are some userspace structures that might be needed when the
userspace process is not running. Semaphores are one such example. Signals
and the WDT timeout both need access to the user semaphore to work
properly. Even though for this only obtaining the kernel addressable
page pool virtual address is needed, for completeness a procedure is
provided to map several pages.
Add a new field to record the global on the basis of mm_backtrace.
When using alloc, the field is incremented by 1,
so that the memory usage can be dumped within the range
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
This change introduce 2 items:
1. If the size of the space requested is 0, the behavior is implementation-defined:
either a null pointer shall be returned, or the behavior shall be as if the size
were some non-zero value, except that the behavior is undefined if the returned
pointer is used to access an object.
Change the behavior to be similar to Linux and Android and allocates an object
of a minimum size instead of returning null pointer.
https://pubs.opengroup.org/onlinepubs/9699919799/functions/malloc.htmlhttps://pubs.opengroup.org/onlinepubs/9699919799/functions/calloc.htmlhttps://pubs.opengroup.org/onlinepubs/9699919799/functions/realloc.html
2. The description of realloc() has been modified from previous versions of this
standard to align with the ISO/IEC 9899:1999 standard. Previous versions explicitly
permitted a call to realloc (p, 0) to free the space pointed to by p and return
a null pointer. While this behavior could be interpreted as permitted by this
version of the standard, the C language committee have indicated that this
interpretation is incorrect. Applications should assume that if realloc() returns
a null pointer, the space pointed to by p has not been freed. Since this could lead
to double-frees, implementations should also set errno if a null pointer actually
indicates a failure, and applications should only free the space if errno was changed.
Do not free memory of zero-length reallocation is requested
https://pubs.opengroup.org/onlinepubs/9699919799/functions/realloc.html
Co-authored-by: fangxinyong <fangxinyong@xiaomi.com>
Signed-off-by: Petro Karashchenko <petro.karashchenko@gmail.com>
Use double delim to fix windows native build and give an error:
makefile:132: *** target mode do not include“%”. stop.
In Windows environment DELIM := $(strip \) but \ has two role:
first: \ as directory, and second \ as Escape character, Reference:
https://github.com/apache/nuttx/pull/7572#discussion_r1028219229
Signed-off-by: chao an <anchao@xiaomi.com>
We don't want to get a NULL pointer after iob_pack on an IOB chain with
several iobs with length 0, it should return one IOB with length 0.
Otherwise each place calls iob_pack needs to check the result.
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
This way the mappings can be modified for any vm area, not only the
process that is running.
Why? This allows mapping pages to kernel dynamically, this functionality
will be presented later.
caculate blk address when mempool_multiple_free
have a bug. need a real blocksize to caulate the
memory address.
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
D:\archer\code\nuttx\mm\mempool\mempool_multiple.c(180,72): warning C4098: "mempool_multiple_free_callback":"void" void function returning a value
Compiler Warning C4098:
A function declared with return type void has a return statement that returns a value. The compiler assumes the function returns a value of type int.
Reference:
https://learn.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4098?view=msvc-170
Signed-off-by: chao an <anchao@xiaomi.com>
NuttX kernel should not use the syscall functions, especially after
enabling CONFIG_SCHED_INSTRUMENTATION_SYSCALL, all system functions
will be traced to backend, which will impact system performance.
Signed-off-by: chao an <anchao@xiaomi.com>
Original code assumes the previous node in physical must be
ALLOCED, but other thread may free the previous node between
mm_malloc() and mm_lock(), and the original code didn't condsider
this, which will cause two adjacent free nodes situation and this
should not be happened.
This commit will merge the previous node and node if the previous
node is free to avoid the situation discribed above.
Signed-off-by: wangbowen6 <wangbowen6@xiaomi.com>
To avoid lto alias with override __asan_* symbols
undefined reference to `__asan_load4_noabort'
undefined reference to `__asan_load1_noabort'
undefined reference to `__asan_store1_noabort'
undefined reference to `__asan_load1_noabort'
undefined reference to `__asan_store1_noabort'
undefined reference to `__asan_load4_noabort'
undefined reference to `__asan_store4_noabort'
Signed-off-by: chao.an <anchao@xiaomi.com>
When adding more heap memory, the total heap size was not updated. This
results in a crash in mm_mallinfo:
DEBUGASSERT((size_t)info->uordblks + info->fordblks == heap->mm_heapsize);
This commit fixes this issue
Cast substraction arguments to FAR char *, which gives the same result as the
gcc extension on the original void * arithmetic.
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
