caculate blk address when mempool_multiple_free
have a bug. need a real blocksize to caulate the
memory address.
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
D:\archer\code\nuttx\mm\mempool\mempool_multiple.c(180,72): warning C4098: "mempool_multiple_free_callback":"void" void function returning a value
Compiler Warning C4098:
A function declared with return type void has a return statement that returns a value. The compiler assumes the function returns a value of type int.
Reference:
https://learn.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4098?view=msvc-170
Signed-off-by: chao an <anchao@xiaomi.com>
NuttX kernel should not use the syscall functions, especially after
enabling CONFIG_SCHED_INSTRUMENTATION_SYSCALL, all system functions
will be traced to backend, which will impact system performance.
Signed-off-by: chao an <anchao@xiaomi.com>
Original code assumes the previous node in physical must be
ALLOCED, but other thread may free the previous node between
mm_malloc() and mm_lock(), and the original code didn't condsider
this, which will cause two adjacent free nodes situation and this
should not be happened.
This commit will merge the previous node and node if the previous
node is free to avoid the situation discribed above.
Signed-off-by: wangbowen6 <wangbowen6@xiaomi.com>
To avoid lto alias with override __asan_* symbols
undefined reference to `__asan_load4_noabort'
undefined reference to `__asan_load1_noabort'
undefined reference to `__asan_store1_noabort'
undefined reference to `__asan_load1_noabort'
undefined reference to `__asan_store1_noabort'
undefined reference to `__asan_load4_noabort'
undefined reference to `__asan_store4_noabort'
Signed-off-by: chao.an <anchao@xiaomi.com>
When adding more heap memory, the total heap size was not updated. This
results in a crash in mm_mallinfo:
DEBUGASSERT((size_t)info->uordblks + info->fordblks == heap->mm_heapsize);
This commit fixes this issue
Cast substraction arguments to FAR char *, which gives the same result as the
gcc extension on the original void * arithmetic.
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
There are many small memory block in NuttX system, eg: struct tcb_s,
struct inode, etc, and several disadvantages about them:
1.Their frequent allocate and free cause the system memory fragmentation.
2.Since each memory block has an overhead, the utilization of small memory
blocks is relatively low, which will cause memory waste.
So we can use mempool to alloc smallo block, to improve alloc speed
and utilization, to reduce fragmentation.
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
do simple copy to instead of memset and memcpy operation because
they have been instrumented, if you access the posion area,
the system will crash.
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
The memalign is special to multiple mempool because multiple mempool
doesn't support split and shrink chunk operate. So When you alloc a
memory block and find an aligned address in this block, you need to
occupy 8 bytes before the address to save the address of the padding
size and pool to ensure correct use in realloc and free operations.
So we will use bit1 in the previous address of the address to represent
that it is applied by memalign.
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
kasan_report (addr=0xf3c68618, size=1, is_write=false) at
kasan/kasan.c:106
0x56585fbf in __asan_loadN_noabort (addr=0xf3c68618, size=1) at
kasan/kasan.c:300
0x565860ac in __asan_load1_noabort (addr=0xf3c68618) at
kasan/kasan.c:354
0x565843af in memcpy (dest=0xf3de9d6c, src=0xf3c685cc, n=3) at
string/lib_memcpy.c:44
0x56587ae8 in mempool_multiple_realloc (mpool=0xf3c670fc,
oldblk=0xf3c685cc, size=416) at mempool/mempool_multiple.c:218
0x5658707a in mm_realloc (heap=0xf3c67000, oldmem=0xf3c685cc,
size=416) at mm_heap/mm_realloc.c:98
0x5658524e in realloc (oldmem=0xf3c685cc, size=416) at
umm_heap/umm_realloc.c:97
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
This delta describes the relationship between the block size of each
mempool in multiple mempool by user initialized. It is automatically
detected by the mempool_multiple_init function. If the delta is not
equal to 0, the block size of the pool in the multiple mempool is an
arithmetic progressions, otherwise it is an increasing progressions.
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
Let's specify size instead of number, so that we can unify the size of
expansion memory in the multiple mempool.
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
the crash backtrace:
kasan_report (addr=0xf3d02fd4, size=4, is_write=false) at
kasan/kasan.c:106
0x5658518d in __asan_loadN_noabort (addr=0xf3d02fd4, size=4) at
kasan/kasan.c:300
0x565851ee in __asan_load4_noabort (addr=0xf3d02fd4) at
kasan/kasan.c:334
0x56580b02 in sq_remfirst (queue=0xf3d02b08) at
queue/sq_remfirst.c:45
0x565e0e0b in mempool_alloc (pool=0xf3d02aec) at
mempool/mempool.c:161
0x566033d2 in mempool_multiple_alloc (mpool=0xf3d02a30, size=16) at
mempool/mempool_multiple.c:147
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
- Also remove the nuttx private shm.h file nuttx/mm/shm.h, which became redundant
- Also remove the gran allocator initialization/release in binfmt since common
vpage allocator is initialized in group_create/group_leave
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
The dependency should be vice versa; the MM_SHM should depend on the
existence of the virtual memory range allocator.
Create a new CONFIG flag CONFIG_ARCH_VMA_MAPPING, which will define that
there is a virtual memory range allocator. Make MM_SHM select that flag
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
Replace static gs_vaddr with a new dynamic mapping list. Collecting all
this kind of virtual memory mappings into a single structure makes
things more consistent.
This still leaves the task group specific granule alloocator, gs_handle,
in the task group
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
The task_group specific list can be used to store information about
mmappings.
For a driver or filesystem performing mmap can also enable munmap by
adding an item to this list using mm_map_add(). The item is then
returned in the corresponding munmap call.
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
ubsan/ubsan.c: In function ‘get_signed_val’:
ubsan/ubsan.c:162:22: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
162 | uint64_t ret = (uint64_t)val & mask;
|
Signed-off-by: chao an <anchao@xiaomi.com>
This will allow changing the underlying backend, i.e. granule allocator,
to something more efficient, if this is needed later.
Also, it gives easier access to the common SHM book keeping.
User can ask for specific granules to be allocated.
This is useful for one thing only: when mmap() is called for a specific
vaddr. The parameter itself is non-sensical, this is just to satisfy
the POSIX standard.
In the past, header file paths were generated by the incdir command
Now they are generated by concatenating environment variables
In this way, when executing makefile, no shell command will be executed,
it will improve the speed of executing makfile
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
In the past, predefined macros were generated by define.sh scripts
Now they are generated by concatenating environment variables
In this way, when executing makefile, no shell command will be executed,
it will improve the speed of executing makfile
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
The return value of function mm_takesemaphore will never below
than zero, DEBUGVERIFY make no effect to check it, use DEBUGASSERT
instead.
Signed-off-by: xiangdong6 <xiangdong6@xiaomi.com>
Summary:
- In the case of CONFIG_BUILD_KERNEL=y, showing Kmem and Page
info is enough for free command
Impact:
- CONFIG_BUILD_KERNEL=y only
Testing:
- Tested with sabre-6quad:netknsh
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
It is ok to call kmm_free with a NULL pointer. Thus adopt the
DEBUGASSERT statement to cover this case.
Signed-off-by: Michael Jung <michael.jung@secore.ly>
so the user could disable the full image instrumentation,
but enable the instrumentation by files or directories.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
without UBSan
```
text data bss dec hex filename
85612 208 142258 228078 37aee nuttx
```
with UBSan:
```
text data bss dec hex filename
194290 98164 208634 501088 7a560 nuttx
```
```c
int main(int argc, FAR char *argv[])
{
uint32_t ptr[32];
printf("Hello, World!! %lu\n", ptr[64]);
return 0;
}
```
Try to run this sample:
```
nsh> hello
ubsan_prologue: ================================================================================
ubsan_prologue: UBSAN: array-index-out-of-bounds in hello_main.c:39:37
__ubsan_handle_out_of_bounds: index 64 is out of range for type 'uint32_t [32]'
ubsan_epilogue: ================================================================================
Hello, World!! 1070182368
nsh>
```
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
since it is impossible to track producer and consumer
correctly if TCP/IP stack pass IOB directly to netdev
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
The free node is still in use after kasan_poison(), the node member
access will cause the assert report by kasan.
| (gdb) bt
| #0 kasan_report (addr=1743265406637584896, size=140737337053680, is_write=46) at kasan/kasan.c:97
| #1 0x0000555555607bdd in __asan_loadN_noabort (addr=140737272831420, size=4) at kasan/kasan.c:289
| #2 0x0000555555607cd7 in __asan_load4_noabort (addr=140737272831420) at kasan/kasan.c:323
| #3 0x00005555556061ef in gmtime_r (timep=0x7ffff3275dbc, result=0x7ffff3275e10) at time/lib_gmtimer.c:301
| #4 0x000055555560e507 in sim_rtc_rdtime (lower=0x55555576b780 <g_sim_rtc>, rtctime=0x7ffff3275e10) at sim/up_rtc.c:77
| #5 0x00005555555fcbdb in up_rtc_gettime (tp=0x7ffff3275ef0) at timers/arch_rtc.c:128
| #6 0x00005555555f08b4 in clock_systime_timespec (ts=0x7ffff3275ef0) at clock/clock_systime_timespec.c:72
| #7 0x00005555555ecc77 in note_common (tcb=0x7ffff31d2180, note=0x7ffff3275f80, length=21 '\025', type=18 '\022') at sched/sched_note.c:144
| #8 0x00005555555ed706 in sched_note_syscall_enter (nr=1, argc=0) at sched/sched_note.c:765
| #9 0x000055555560eb37 in __wrap_getpid () at wraps/WRAP_getpid.c:26
| #10 0x0000555555608d1c in mm_takesemaphore (heap=0x7ffff30ae000) at mm_heap/mm_sem.c:127
| #11 0x0000555555609477 in mm_free (heap=0x7ffff30ae000, mem=0x7ffff3265b80) at mm_heap/mm_free.c:89
| #12 0x00005555556070c5 in free (mem=0x7ffff3265b80) at umm_heap/umm_free.c:49
| #13 0x000055555560c3b0 in up_release_stack (dtcb=0x7ffff31e4b00, ttype=0 '\000') at sim/up_releasestack.c:67
| #14 0x00005555555f2515 in nxsched_release_tcb (tcb=0x7ffff31e4b00, ttype=0 '\000') at sched/sched_releasetcb.c:134
| #15 0x00005555556bdf0c in nxtask_terminate (pid=4, nonblocking=true) at task/task_terminate.c:184
| #16 0x00005555556bdb0f in nxtask_exit () at task/task_exit.c:168
| #17 0x000055555566e05f in up_exit (status=0) at sim/up_exit.c:64
| #18 0x000055555564f454 in _exit (status=0) at task/exit.c:78
| #19 0x000055555560ea89 in __wrap__exit (parm1=0) at wraps/WRAP__exit.c:27
| #20 0x00005555555eb288 in exit (status=0) at stdlib/lib_exit.c:54
| #21 0x00005555555fe2cc in nxtask_startup (entrypt=0x555555670c34 <critmon_start_main>, argc=1, argv=0x7ffff3265bb0) at sched/task_startup.c:70
| #22 0x00005555555f02a0 in nxtask_start () at task/task_start.c:134
| #23 0x0000000000000000 in ?? ()
Signed-off-by: chao.an <anchao@xiaomi.com>
Targets build during the kernel phase did not have their dependencies
specified and thus they were not rebuilt after their dependencies have
changed, for example by changing options in menuconfig.
Signed-off-by: Abdelatif Guettouche <abdelatif.guettouche@espressif.com>
When allocation failed, it isn't too uncommon for the caller
to fall back to other allocation method.
(eg. esp32 textheap code tries iram heap when an allocation from rtc heap
failed.)
DEBUGASSERT(false) is too much in that case.
This commit removes the DEBUGASSERT, and also makes the heap dump
a separate option.
malloc() should return aligned (with MM_MIN_CHUNK) pointer, but
pr #5906 destroy that, this pr find a better method to solve
these questions.
Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
and
Signed-off-by: wangbowen6 <wangbowen6@xiaomi.com>
usage:
echo <pid/used/free> trace > /proc/memdump
echo used > /proc/memdump //output all used memory info with backtrace
echo free > /proc/memdump //output all free memory info
echo 22 > /proc/memdump //output used memory info for task pid is 22 with backtrace
Signed-off-by: Jiuzhu Dong <dongjiuzhu1@xiaomi.com>
This is a fix of:
0169a51220
This is caused by wrong memory sem operation in IDLE.
Fix:
Obey the original design, don't check the IDLE in mm_takesemaphore()
Signed-off-by: ligd <liguiding1@xiaomi.com>
Summary:
- I noticed that the user heap is corrupted
- This commit fixes this issue by reverting the change to
the NuttX-9.0.0
Impact:
- None
Testing:
- sabre6-quad:netknsh (not merged yet)
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
Co-authored-by: Oki Minabe <minabe.oki@gmail.com>
For CEVA platform CHAR_BIT is 16, and will do lots of extra work
when use IPC.
We will not support this platform anymore, so remove all the b2c operations.
Signed-off-by: ligd <liguiding1@xiaomi.com>
The operations of struct iob_queue_s in qh_head & qh_tail are performed with interrupts disabled.
change iflags to flags
add header file ref
update for check
If threads are blocking for throttled allocation,
g_throttle_sem.semcount doesn't represent the number of
usable IOBs well.
Note: For non-throttled allocations, the g_iob_committed mechanism
is a rescue. But there is no equivalent for throttled allocations.
since it's useful to redirect these functions to others
sometime(e.g. validate the memory before write).
Change-Id: I6253a9231af8809e8362f4bc5a1bd67fb094c3b0
1.Move all special process to mm_takesemaphore
2.Remove the support of recurive lock
3.Remove mm_trysemaphore function
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: Ie216a6294ab67c5d427f31b089beb15c532f08fe
it's more simple to make mm_heap_s opaque outside of mm
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: I5c8e435f6baba6d22b10c5f7e8d9191104fb5af2
and remove mm_sbrk and kmm_sbrk since it's wrong to expose
sbrk to other heaps except the default userspace heap.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Root casue:
when do thread exit, need add free stack operation to mm_delaylist,
but in SMP mode, CPU0 thread1 exit, at this time, CPU1 call malloc
and free mm_delaylist.
Fix:
Divide mm_delaylist for per CPU in SMP mode.
Change-Id: Ibf7d04614ea2f99fb5b506356b7346a0d94f0590
Signed-off-by: ligd <liguiding1@xiaomi.com>
since the similar functions(e.g. strdup/strndup) put into libs/libc/string
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: Ifb2c0c51298b09014748e5ee8275db51213d6911
Gregory Nutt is the copyright holder for those files and he has submitted the
SGA as a result we can migrate the licenses to Apache.
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
Broken by 635cfa.
On an stm32 the heap is formed from
const uintptr_t g_idle_topstack = HEAP_BASE;
where HEAP_BASE is &_bss + CONFIG_IDLE_STACKSIZE.
Both these values are not deterministic. One
comes from the compiler, the other the system
configurator.
a 3 byte bss and 250 byte stack would lead to
and unaligned address used as the heap to be.
The compiler used clever `strd r1,r3,[r5,#8]` to
store 2 values in one memory cycle into the
heap_impl struct. Resulting in a hardfault.
Change the amount of bss or the CONFIG_IDLE_STACKSIZE
could lead to a non-functional NuttX system.
Summary:
- This commit removes critical section in mm_sem.c which was
added to stabilize the NuttX SMP kernel in Mar 2018.
Impact:
- SMP only
Testing:
- Tested with ostest with the following configs
- maix-bit:smp (QEMU), esp32-devkitc:smp (QEMU)
- sabre-6quad:smp (QEMU), spresense:smp, sim:smp
- Tested with nxplayer with the following configs
- spresense:wifi_smp, spresense:rndis_smp
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
since other subsystem doesn't need call these function anymore
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: Idfb217c412db62d9f17f427310b75bb78785dc50
Make.dep file should be updated by .config changed after first make.
There are 2 cases affected for this problem:
1) Add source files by config symbol
2) Include header files in #ifdef directive
These 2 cases may not be included in Make.dep and this may prevent the
differential build from working correctly.
When realloc up from a mem area to a larger one where a new node
is needed. The the larger memory region is copied from the source
this can both leak data as well as cause memory faults accesssing
invalid data.
This was first reported by Kwonsk
Signed-off-by: Brennan Ashton <bashton@brennanashton.com>
All complaints fixed except for those that were not possible to fix:
- Used of Mixed case identifier in ESP32 files. These are references to Expressif ROM functions which are outside of the scope of NuttX.
This commit resolves issue #620:
Remove CONFIG_CAN_PASS_STRUCTS #620
The configuration option CONFIG_CAN_PASS_STRUCTS was added many years ago to support an old version of the SDCC compiler. That compiler is currently used only with the Z80 and Z180 targets. The limitation of that old compiler was that it could not pass structures or unions as either inputs or outputs. For example:
#ifdef CONFIG_CAN_PASS_STRUCTS
struct mallinfo mallinfo(void);
#else
int mallinfo(FAR struct mallinfo *info);
#endif
And even leads to violation of a few POSIX interfaces like:
#ifdef CONFIG_CAN_PASS_STRUCTS
int sigqueue(int pid, int signo, union sigval value);
#else
int sigqueue(int pid, int signo, FAR void *sival_ptr);
#endif
This breaks the 1st INVIOLABLES rule:
Strict POSIX compliance
-----------------------
o Strict conformance to the portable standard OS interface as defined at
OpenGroup.org.
o A deeply embedded system requires some special support. Special
support must be minimized.
o The portable interface must never be compromised only for the sake of
expediency.
o Expediency or even improved performance are not justifications for
violation of the strict POSIX interface
Also, it appears that the current SDCC compilers have resolve this issue and so, perhaps, this is no longer a problem: z88dk/z88dk#1132
NOTE: This commit cannot pass the PR checks because it depends on matching changes to the apps/ directory.
So call 'make EXTRAFLAGS=-Wno-cpp' could suppress the warnings with pre-processor
directive #warning in GCC.
Change-Id: Iaa618238924c9969bf91db22117b39e6d2fc9bb6
Signed-off-by: liuhaitao <liuhaitao@xiaomi.com>
Resolution of Issue 619 will require multiple steps, this part of the first step in that resolution: Every call to nxsem_wait_uninterruptible() must handle the return value from nxsem_wait_uninterruptible properly. This commit is only for those files under fs/tmpfs and fs/spiffs. Still do do: The rest of fs/ and all of drivers/ and arch/.
Resolution of Issue 619 will require multiple steps, this part of the first step in that resolution: Every call to nxsem_wait_uninterruptible() must handle the return value from nxsem_wait_uninterruptible properly. This commit is only for those files under graphics/, mm/, net/, sched/, wireless/bluetooth.
Still to do: Files under fs/, drivers/, and arch. The last is 116 files and will take some effort.
This reverts commit b9ace36fcc.
This change was added by PR 625 but has a serious logic flaw. It removes all occurrences of INCDIROPT and replaces it with a definition in tools/Config.mk:
else ifeq ($(WINTOOL),y)
DEFINE = "$(TOPDIR)/tools/define.sh"
INCDIR = "$(TOPDIR)/tools/incdir.sh" -w
This logic flaw is the Config.mk is included in all Make.defs files BEFORE WINTOOL is defined. As a result, the definition is wrong in many places when building under Cygwin with a Windows native toolchain.
Eliminate the MOVEOBJ definition from tools/Config.mk, Makefiles, and other locations. The MOVEOBJ definition was used to work around the case where the object output of a compile or assemble is in a different directory than the source file. The ZDS-II tools have no command line option to perform this move; MOVEOBJ handled the move as a post-compiler operation.
MOVEOBJ is no longer needed because this the ez80 COMPILE and ASSEMBLE definitions now handle all of the object file movement cases.
It seems that "ld -r" on macOS doesn't include objects from
libraries for common symbols. Because of that, sim build
ends up with undefined references to globals like g_binfmts
and g_mmheap.
@(#)PROGRAM:ld PROJECT:ld64-530
BUILD 18:57:17 Dec 13 2019
configured to support archs: armv6 armv7 armv7s arm64 arm64e arm64_32 i386 x86_64 x86_64h armv6m armv7k armv7m armv7em
LTO support using: LLVM version 11.0.0, (clang-1100.0.33.17) (static support for 23, runtime is 23)
TAPI support using: Apple TAPI version 11.0.0 (tapi-1100.0.11)
mm/Makefile: Same change should be applied to mm/Makefile since the mm/ build is identical to the libc/ build.
libs/libnx/Makefile: Same change should be applied to libnx/Makefile since the mm/ build is identical to the libc/ build.
Author: chao.an <anchao@xiaomi.com>
libs/libc/Makefile: Correct the dependents path
Here is the email loop talk about why it is better to remove the option:
https://groups.google.com/forum/#!topic/nuttx/AaNkS7oU6R0
Change-Id: Ib66c037752149ad4b2787ef447f966c77aa12aad
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
* Simplify EINTR/ECANCEL error handling
1. Add semaphore uninterruptible wait function
2 .Replace semaphore wait loop with a single uninterruptible wait
3. Replace all sem_xxx to nxsem_xxx
* Unify the void cast usage
1. Remove void cast for function because many place ignore the returned value witout cast
2. Replace void cast for variable with UNUSED macro
Iobinstrumentation
* mm/iob: Introduces producer/consumer id to every iob call. This is so that the calls can be instrumented to monitor the IOB resources.
* iob instrumentation - Merges producer/consumer enumeration for simpler IOB user.
* fs/procfs: Starts adding support for /proc/iobinfo
* fs/procfs: Finishes first pass of simple IOB user stastics and /proc/iobinfo entry
Approved-by: Gregory Nutt <gnutt@nuttx.org>