Summary:
Fixed the problem of releasing the bucket prematurely in multi-threaded flock scenarios.
A thread setlk
B thread setlk_wait
A thread releases lock but fails to determine if nwaiter causes the bucket to be released prematurely
post B thread causes crash due to heap use after free
https://github.com/apache/nuttx/issues/13821
Signed-off-by: chenrun1 <chenrun1@xiaomi.com>
The upper layer expects -ENOTTY is returned if ioctl command is not
found in file system specific implementation.
Signed-off-by: Michal Lenc <michallenc@seznam.cz>
Example:
When executing "df -h" on Core A to view mount information, this
process will traverse inode nodes, thereby holding the inode_lock.
Since the inode type of the mount point may be rpmsgfs, it will fetch statfs
information from another Core B.
Meanwhile, rcS on Core B needs to obtain file information from Core A,
which will be achieved by fetching stat information through rpmsgfs.
When this message arrives at Core A, a deadlock can occur between Core A's
rptun ap and nsh task.
However, both of these places involve read operations only, thus a reader-writer lock
can be utilized to prevent such a deadlock.
Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
Summary:
1.Add configuration to allocate memory from the specified section
2.Replace all memory operations (kmm_) in the vfs with
fs_heap_. When FS_HEAPSIZE > 0, memory is requested for the file system by specifying a configured heap location. By default (i.e. FS_HEAPSIZE=0) fs_heap_ is equivalent to kmm_
Signed-off-by: chenrun1 <chenrun1@xiaomi.com>
Summary:
Implementation in accept4 is special, the requested newsock is saved as filep->priv. This will cause sock_file_close to use fs_heap_free filep->priv during close. When fs_heap is configured, the released memory will not be on fs_heap, causing a crash.
Signed-off-by: chenrun1 <chenrun1@xiaomi.com>
ap> cat pm
=================================================================
==30235==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf436edd9 at pc 0x03338a48 bp 0x9d1b6ca8 sp 0x9d1b6c98
READ of size 1 at 0xf436edd9 thread T0
#0 0x3338a47 in strncmp string/lib_strncmp.c:42
#1 0x371af87 in pm_get_file_index power/pm/pm_procfs.c:174
#2 0x371b066 in pm_open power/pm/pm_procfs.c:207
#3 0x3640d20 in procfs_open procfs/fs_procfs.c:419
#4 0x359bce2 in file_vopen vfs/fs_open.c:240
#5 0x359c431 in nx_vopen vfs/fs_open.c:312
#6 0x359cb53 in open vfs/fs_open.c:465
#7 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140
#8 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556
#9 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164
#10 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845
#11 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744
#12 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828
#13 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245
#14 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75
#15 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74
#16 0x332b6e6 in nxtask_startup sched/task_startup.c:70
#17 0x323ec3f in nxtask_start task/task_start.c:134
#18 0x33636ea in pre_start sim/sim_initialstate.c:52
ap> cat net
=================================================================
==30303==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4479a5a at pc 0x03338a48 bp 0x9d2b6ce8 sp 0x9d2b6cd8
READ of size 1 at 0xf4479a5a thread T0
#0 0x3338a47 in strncmp string/lib_strncmp.c:42
#1 0x5395d62 in netprocfs_open procfs/net_procfs.c:215
#2 0x3640d20 in procfs_open procfs/fs_procfs.c:419
#3 0x359bce2 in file_vopen vfs/fs_open.c:240
#4 0x359c431 in nx_vopen vfs/fs_open.c:312
#5 0x359cb53 in open vfs/fs_open.c:465
#6 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140
#7 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556
#8 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164
#9 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845
#10 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744
#11 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828
#12 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245
#13 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75
#14 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74
#15 0x332b6e6 in nxtask_startup sched/task_startup.c:70
#16 0x323ec3f in nxtask_start task/task_start.c:134
#17 0x33636ea in pre_start sim/sim_initialstate.c:52
Signed-off-by: dulibo1 <dulibo1@xiaomi.com>
Signed-off-by: buxiasen <buxiasen@xiaomi.com>
The FIOC_FILEPATH ioctl call is required if smartfs is to be used
together with inotify monitoring system. This implements the
call support to smartfs file system. The path to the file has to
be stored in smartfs_ofile_s structure during file open (and is freed
during close) as smartfs currently is not able to obtain the path
knowing only the file node. The full path is concatenated with the file
name and creates the full path needed for inotify to detect whether
the file is on the watchlist.
Signed-off-by: Michal Lenc <michallenc@seznam.cz>
Summary:
When restoring rammap fpos, we check the return value to avoid potential problems caused by no error return if the restore fails.
Signed-off-by: chenrun1 <chenrun1@xiaomi.com>
Summary:
1.Modified the i_crefs from int16_t to atomic_int
2.Modified the i_crefs add, delete, read, and initialize interfaces to atomic operations
The purpose of this change is to avoid deadlock in cross-core scenarios, where A Core blocks B Core’s request for a write operation to A Core when A Core requests a read operation to B Core.
Signed-off-by: chenrun1 <chenrun1@xiaomi.com>
CC: obstack/lib_obstack_printf.c "mmap/fs_rammap.c", line 126: warning #188-D: enumerated type mixed with
another type
enum mm_map_type_e type = (uintptr_t)entry->priv.p & 3;
^
Signed-off-by: guoshichao <guoshichao@xiaomi.com>
There will be a large performance loss after SCHED_CRITMONITOR is enabled.
By isolating thread running time-related functions, CPU load can be run with less overhead.
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
Signed-off-by: buxiasen <buxiasen@xiaomi.com>
mmap/fs_rammap.c:81:39: error: expected ‘)’ before ‘PRIdOFF’
81 | ferr("ERRORL Seek to position %"PRIdOFF" failed\n", fpos);
| ^~~~~~~
mmap/fs_rammap.c:81:12: warning: spurious trailing ‘%’ in format [-Wformat=]
81 | ferr("ERRORL Seek to position %"PRIdOFF" failed\n", fpos);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
mmap/fs_rammap.c:81:37: note: format string is defined here
81 | ferr("ERRORL Seek to position %"PRIdOFF" failed\n", fpos);
| ^
In file included from mmap/fs_rammap.c:30:
mmap/fs_rammap.c:98:51: error: expected ‘)’ before ‘PRIdOFF’
98 | ferr("ERROR: Write failed: offset=%"PRIdOFF" nwrite=%zd\n",
| ^~~~~~~
mmap/fs_rammap.c:98:20: warning: spurious trailing ‘%’ in format [-Wformat=]
98 | ferr("ERROR: Write failed: offset=%"PRIdOFF" nwrite=%zd\n",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mmap/fs_rammap.c:98:49: note: format string is defined here
98 | ferr("ERROR: Write failed: offset=%"PRIdOFF" nwrite=%zd\n",
Signed-off-by: zhangshoukui <zhangshoukui@xiaomi.com>
Summary:
In rammap:
1.0 - User
2.1 - Kernel
3.2 - XIP
Therefore we need to use 2 bits to represent the type
Signed-off-by: chenrun1 <chenrun1@xiaomi.com>
Summary:
1.Added msync callback in struct mm_map_entry_s
2.Added msync API in fs_msync.c
3.Added static msync_rammap for rammap.
Signed-off-by: chenrun1 <chenrun1@xiaomi.com>
Xiang Xiao