Double free occurred in lib_put_pathbuffer if CONFIG_FS_NOTIFY option
was enabled. The second if statement has to be called only if the
close operation returned error. The bug was introduced in 14f5c48
and was causing misc/lib_tempbuffer.c:141 debug assertion.
Signed-off-by: Michal Lenc <michallenc@seznam.cz>
these command FIOGCLEX/FIOCLEX/FIONCLEX are related to struct fd,
so need to use ioctl to implement.
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
When writing to the next sector after the forward position has been written
by seek, the old sector buffer is used, which may corrupt the file system.
Therefore, the sector buffer must always be updated after a writing by seek.
Signed-off-by: SPRESENSE <41312067+SPRESENSE@users.noreply.github.com>
This patch is a rework of the NuttX file descriptor implementation. The
goal is two-fold:
1. Improve POSIX compliance. The old implementation tied file description
to inode only, not the file struct. POSIX however dictates otherwise.
2. Fix a bug with descriptor duplication (dup2() and dup3()). There is
an existing race condition with this POSIX API that currently results
in a kernel side crash.
The crash occurs when a partially open / closed file descriptor is
duplicated. The reason for the crash is that even if the descriptor is
closed, the file might still be in use by the kernel (due to e.g. ongoing
write to file). The open file data is changed by file_dup3() and this
causes a crash in the device / drivers themselves as they lose access to
the inode and private data.
The fix is done by separating struct file into file and file descriptor
structs. The file struct can live on even if the descriptor is closed,
fixing the crash. This also fixes the POSIX issue, as two descriptors
can now point to the same file.
Signed-off-by: Ville Juven <ville.juven@unikie.com>
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
1. The call to file_close_without_clear in file_dup3 does not clear
the tag information, so there is no need to back it up.
2. file_dup3 don't need to copy tag information, tag is only valid for fd.
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
Previously, this config was added to ensure that the size of the struct
file remained unchanged, thereby preventing the Flash memory of
resource-constrained MCUs from being unnecessarily increased.
However, we have now refactored the relationship between struct fd and struct file,
reducing their memory footprint in both Flash and RAM.
Consequently, this config can be removed.
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
Currently the code is dumped into one massive file; fs_files. Move the
different logical parts into their own files.
Signed-off-by: Ville Juven <ville.juven@unikie.com>
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
When a new pseudofile is created, the inode reference count needs to
be bumped to protect the node.
Signed-off-by: Ville Juven <ville.juven@unikie.com>
Allow users to operate poll in the kernel using the file_poll
approach, as file is protected with reference counting,
making it more secure.
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
This modification ensures that inoderemove will error instead of
trying to remove an inode without parent.
This fix was implement by Richard Jiayang Liu.
Signed-off-by: Richard Jiayang Liu <rjliu3@illinois.edu>
Fix some misspelled field names.
These field names seem to be used only in private contexts.
Thus, the probability of external code accessing these fields is very
low.
In the rare case of external usage, compile time errors will easily
direct users to the new field name.
When we use fcntl for dup, an fd is directly passed. If we have opened FDCHECK. we need to restore this file descriptor.
open FDCHECK and test this:
`
int main(int ac, char **av)
{
int fd1= open("./1.txt", O_WRONLY | O_CREAT, 0666);
if (fd1 < 0)
{
printf("open err\n");
return fd1;
}
int fd2= open("./2.txt", O_WRONLY | O_CREAT, 0666);
if (fd2 < 0)
{
printf("open err\n");
close(fd1);
return fd2;
}
//close(fd2);
int fd3 = fcntl(fd1, F_DUPFD, fd2);
printf("fd3 = %d\n", fd3);
close(fd1);
close(fd3);
return 0;
}
`
Signed-off-by: zhangshoukui <zhangshoukui@xiaomi.com>
This patch fixes https://github.com/apache/nuttx/issues/16237, where
cd'ing to a non-directory prefix of a procfs entry would succeed.
Signed-off-by: Pip Cet <pipcet@protonmail.com>
Because sync is a rather expensive operation.
While I'm here, improve the comment after the recent discussion
in https://github.com/apache/nuttx/pull/2913.
IMHO, we should not perform the sync even for O_TRUNC.
But I'm not going to propose the change for now.
Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Some entries have the opendir function set to NULL, for example
g_mount_operations.
A null pointer dereference can be triggered by an
opendir("/proc/fs/blocks") for example.
Signed-off-by: Beat Küng <beat-kueng@gmx.net>
i couldn't find any documenation about this attribute.
this comment is purely based on my reading of the code.
Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Add the noinstrument_function attribute to the poll_notify function
to avoid it being looped if -finstrument-functions is set to the
fs/vfs files.
Signed-off-by: Tiago Medicci Serrano <tiago.medicci@espressif.com>
examples:
There are two threads involved: thread A with a priority of 100 and
thread B with a priority of 101. Here's how they interact:
When thread A releases a semaphore, thread B is scheduled to execute
some code and may reacquire the semaphore. If no other tasks are ready,
thread A will be scheduled to run.
This continuous process can lead to a busy loop.
Thread A: Thread B:
while (nxsem_get_value(&priv->wait, &semcount) >= 0 && <---
semcount <= 0) | 2)context switch
{ 1)contex switch |
nxsem_post(&priv->wait); -------------> run some code and nxsem_wait again
}
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
Summary:
When the operating environment does not support virtio-9p and the virtio-9p server driver is not provided, -ENODEV should be returned for virtio-9p to avoid crash caused by continued execution.
Signed-off-by: chenrun1 <chenrun1@xiaomi.com>
This fixes issue on Ubuntu 22.04 with cmake v3.22.1:
```
/usr/bin/arm-none-eabi-gcc -D-DLFS_ASSERT=DEBUGASSERT -D-DLFS_CONFIG=/home/yf/Projects/Nuttx/nuttx/fs/littlefs/lfs_vfs.h -D-DLFS_DEBUG=finfo -D-DLFS_ERROR=ferr -D-DLFS_TRACE=finfo -D-DLFS_WARN=fwarn -DLFS_ATTR_MAX=1022 -DLFS_FILE_MAX=2147483647 -DLFS_NAME_MAX=32 -D__KERNEL__ -D__NuttX__
```
It happeed when building `qemu-armv7a:rpproxy_ivshmem`.
Signed-off-by: Yanfeng Liu <p-liuyanfeng9@xiaomi.com>
after below change merge to kernel, spin_lock() will turn off preemption by default,
but this change is not applicable to all scenarios. The locations in the kernel that
use spin_lock() extensively only require short critical sections and do not trigger
scheduling, which leads to serious performance degradation of NuttX in AMP mode.
In this PR, I try to expose similar problems and hope that each subsystem will carefully check the code coverage
https://github.com/apache/nuttx/pull/14578
|commit b69111d16a
|Author: hujun5 <hujun5@xiaomi.com>
|Date: Thu Jan 23 16:14:18 2025 +0800
|
| spinlock: add sched_lock to spin_lock_irqsave
|
| reason:
| We aim to replace big locks with smaller ones. So we will use spin_lock_irqsave extensively to
| replace enter_critical_section in the subsequent process. We imitate the implementation of Linux
| by adding sched_lock to spin_lock_irqsave in order to address scenarios where sem_post occurs
| within spin_lock_irqsave, which can lead to spinlock failures and deadlocks.
|
| Signed-off-by: hujun5 <hujun5@xiaomi.com>
Signed-off-by: chao an <anchao.archer@bytedance.com>
reason:
We decouple semcount from business logic
by using an independent counting variable,
which allows us to remove critical sections in many cases.
Signed-off-by: hujun5 <hujun5@xiaomi.com>
* Make readv/writev implementations update struct uio
This can simplify partial result handling.
* change the error number on the overflow from EOVERFLOW to EINVAL
to match NetBSD
* add a commented out uio_offset field. I used "#if 0" here as
C comments can't nest.
* add a few helper functions
Note on uio_copyfrom/uio_copyto:
although i'm not quite happy with the "offset" functionality,
it's necessary to simplify the adaptation of some drivers like
drivers/serial/serial.c, which (ab)uses the user-supplied buffer
as a line-buffer.
Summary:
There are differences in different server implementations, so it is necessary to check whether the returned nwqid satisfies the requested number.
Signed-off-by: chenrun1 <chenrun1@xiaomi.com>
Fixes an issue in kernel build where the user addresses passed
to accept() would be accessed when the wrong MMU mappings were
active. A crash would manifest when attempting to accept() on a
TCP server socket for instance under significant load. The accept
event handler would be called by the HP worker upon client
connection. At this point, accept_tcpsender() would attempt to
write to `addr` resulting in a page fault. Reproducibility would
depend on the current system load (num tasks or CPU stress) but
in loaded environments, it would crash almost 100% of the times.
It should be noted that Linux does this the other way around: it
operates on kernel stack allocated data and once done, it copies
them to user. This can also be a viable alternative, albeit with
one extra copy and a little extra memory.
Signed-off-by: George Poulios <gpoulios@census-labs.com>
