Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.
NOTE
The code was reported as GPL by FOSS ID
and Xiaomi scanned the file xform.c with Black Duck Security and it showed
that the license was BSD-3-Clause and no risk was reported.
Since there is no clause on the license it was concluded as 0BSD
Refference
https://github.com/apache/nuttx/pull/15252
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
This breaks the libuv build without CONFIG_PIPES
as expected:
```
LD: nuttx
/usr/bin/ld: nuttx.rel: in function `uv_pipe':
/src/apps/system/libuv/libuv/src/unix/pipe.c:516: undefined reference to `NXpipe2'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:427: nuttx] Error 1
make: *** [tools/Unix.mk:551: nuttx] Error 2
```
That is, this correctly exposes https://github.com/apache/nuttx/issues/14773
on linux.
When enable CONFIG_STACK_CANARIES, in general, the stack check in the __gcov_fork function is:
" return fork();
18: e59f3020 ldr r3, [pc, #32] @ 40 <__gcov_fork+0x40>
1c: e5932000 ldr r2, [r3]
20: e59d3004 ldr r3, [sp, #4]
24: e0332002 eors r2, r3, r2
28: e3a03000 mov r3, #0
2c: 1a000002 bne 3c <__gcov_fork+0x3c>"
r3 is obtained by taking the value of sp offset. But after opening thumb, the second comparison value in
"8c6: 4a06 ldr r2, [pc, #24] @ (8e0 <__gcov_fork+0x30>)
8c8: 6811 ldr r1, [r2, #0]
8ca: 687a ldr r2, [r7, #4]
8cc: 4051 eors r1, r2"
is obtained through r7. Since r7 stores the stack address at this time, which stores the address of the parent process, the stack out of bounds will occur in the child process
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
1. Add "-s" to specify the path to collect gcno files
2. Add "-a" to specify the path to collect gcda files.
3. Add "-x" for copy-only operation
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
The holder list can be modified via interrupt so using addrenv_select is
not safe. Access the semaphore by mapping it into kernel virtual memory
instead.
The temporary mappings via addrenv_select() and addrenv_restore() simply
do not work from interrupt, so remove its usage and replace with kmap
which is safe.
This allows mapping pages from others than the running task. Obiously
this can only be done with proper preparations (the task in question
cannot exit before the mapping is released).
reason:
The list->fl_files may be modified by files_extend.
If it is being modified, there will be a race condition for fl_files[l1][l2].
Signed-off-by: hujun5 <hujun5@xiaomi.com>
