Do not allow a deferred cancellation if the group is exiting, it is too
dangerous to allow the threads to execute any user space code after the
exit has started.
If the cancelled thread is not inside a cancellation point, just kill it
immediately via asynchronous cancellation. This will create far less
problems than allowing it to continue running user code.
Detach the address environment handling from the group structure to the
tcb. This is preparation to fix rare cases where the system (MMU) is left
without a valid page directory, e.g. when a process exits.
Implement a function for dropping references to the group structure and
finally freeing the allocated memory, if the group has been marked for
destruction
This is just unnecessary, a process cannot be destroyed by another
process in any case, every time this is executed the active address
environment is the process getting destroyed.
Even in the hypothetical case this was possible, the system would
crash at once if a context switch happens between "select()" and
"restore()", which is possible as the granule allocator is protected by
a semaphore (which is a synchronization point).
- Also remove the nuttx private shm.h file nuttx/mm/shm.h, which became redundant
- Also remove the gran allocator initialization/release in binfmt since common
vpage allocator is initialized in group_create/group_leave
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
tg_info is still in use after task_uninit_info(), unifies
lib_stream_* with life cycle of task info to avoid this issue.
| ==1940861==ERROR: AddressSanitizer: heap-use-after-free on address 0xf47032e0 at pc 0x5676dc4f bp 0xf2f38c68 sp 0xf2f38c58
|
|#10 0xf7abec89 in __asan::__asan_report_load2 (addr=4100993760) at ../../../../src/libsanitizer/asan/asan_rtl.cpp:119
|#11 0x5677356a in nxsem_destroy (sem=0xf47032e0) at semaphore/sem_destroy.c:73
|#12 0x56773695 in sem_destroy (sem=0xf47032e0) at semaphore/sem_destroy.c:120
|#13 0x5676faa2 in nxmutex_destroy (mutex=0xf47032e0) at include/nuttx/mutex.h:126
|#14 0x567a3430 in lib_stream_release (group=0xf4901ba0) at stdio/lib_libstream.c:98
|#15 0x5676da75 in group_release (group=0xf4901ba0) at group/group_leave.c:162
|#16 0x5676e51c in group_leave (tcb=0xf5377740) at group/group_leave.c:360
|#17 0x569fe79b in nxtask_exithook (tcb=0xf5377740, status=0) at task/task_exithook.c:455
|#18 0x569f90b9 in _exit (status=0) at task/exit.c:82
|#19 0x56742680 in exit (status=0) at stdlib/lib_exit.c:61
|#20 0x56a69c78 in iperf_showusage (progname=0xf2f28838 "iperf", exitcode=0) at iperf_main.c:91
|#21 0x56a6a6ec in iperf_main (argc=1, argv=0xf2f28830) at iperf_main.c:140
|#22 0x5679c148 in nxtask_startup (entrypt=0x56a69c78 <iperf_main>, argc=1, argv=0xf2f28830) at sched/task_startup.c:70
|#23 0x56767f58 in nxtask_start () at task/task_start.c:134
Signed-off-by: chao an <anchao@xiaomi.com>
The task_group specific list can be used to store information about
mmappings.
For a driver or filesystem performing mmap can also enable munmap by
adding an item to this list using mm_map_add(). The item is then
returned in the corresponding munmap call.
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
Summary:
- I noticed that nxplayer (HTTP audio streaming) + command execution
via telnet sometimes causes memory corruption.
See https://github.com/apache/nuttx/pull/7947 for the detail.
- This commit fixes this issue by calling lib_stream_release() before
lib_stream_release() in group_leave.c
Impact:
- Should be none
Testing:
- Tested with spresense:wifi_smp
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
This is preparation for flushing streams from user space, like it should
be done.
- Move tg_streamlist (group, kernel space) ->
ta_streamlist (TLS, user space)
- Access stream list via tg_info in kernel
- Access stream list via TLS in user space
- Remove / rename nxsched_get_streams -> lib_getstreams
- Remove system call for nxsched_get_streams
It takes about 10 cycles to obtain the task list according to the task
status. In most cases, we know the task status, so we can directly
delete the task from the specified task list to reduce time consuming.
because not all compiler support the weak attribute, and
many features are either always used or guarded by config.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
D:\code\incubator-nuttx\sched\pthread\pthread_create.c(154,22):
warning C4189: “pjoin”: local variable is initialized but not referenced
[D:\code\incubator-nuttx\vs20221\sched\sched.vcxproj]
D:\code\incubator-nuttx\sched\group\group_setupidlefiles.c(61,28):
warning C4189: “group”: local variable is initialized but not referenced
[D:\code\incubator-nuttx\vs20221\sched\sched.vcxproj]
Reference:
https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-4-c4189?view=msvc-170
Signed-off-by: chao.an <anchao@xiaomi.com>
Summary:
- In case of SMP and ADDRENV, allocate current group for each cpu
- g_pid_current holds pid of the group and uses for addrenv switching
- allocate g_group_current for each cpu in stead of g_pid_current
- g_group_current is the array that pointed to the current task_group_s struct
Impact:
- ADDRENV=y and SMP=y
Testing:
- sabre-6quad:smp w/ qemu
- sabre-6quad:knsh w/ qemu
- sabre-6quad:knsh_smp w/ qemu (WIP)
Signed-off-by: Oki Minabe <minabe.oki@gmail.com>
If address environments are in use, it is not possible to simply
memcpy from from one process to another. The current implementation
of env_dup does precisely this and thus, it fails at once when it is
attempted between two user processes.
The solution is to use the kernel's heap as an intermediate buffer.
This is a simple, effective and common way to do a fork().
Obviously this is not needed for kernel processes.
- User mode allocator was used for setting up the environment. This
works in flat mode and probably in protected mode as well, as there
is always a a single user allocator present
- This does not work in kernel mode, where each user task has its own
heap allocator. Also, when the idle tasks environment is being set,
no allocator is ready and the system crashes at once.
Fix this by using the group allocators instead:
- Idle task is a kernel task, so its group is privileged
- Add group_realloc
- Use the group_malloc/realloc functions instead of kumm_malloc
since the temporary kernel spawn proxy need duplicate file handler
from caller, please reference the follow source code for more info:
sched/task/task_posixspawn.c
sched/task/task_spawn.c
This reverts commit 5c5f1dec08.
Summary:
- I noticed that exiting task or pthread causes dataabort if ARCH_ADDRENV=y
- This commit fixes this issue by switching the addrenv correctly
Impact:
- CONFIG_ARCH_ADDRENV=y only
Testing:
- Tested with sabre-6quad:netknsh (not merged yet)
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
the number of members in the group is zero.
Repetition step:
If using waitpid() to wait a task has exited, the waitpid will use
nxsing_kill with signal number 0 to determine if that task is still
alive, and will call group_signal to dispatch signal for each member
of the group and perform signal handing checks, it will assert at
sched/group/group_signal.c:261.
Change-Id: I75ef015a261101277436d742897ce68fed44b5da
Signed-off-by: Jiuzhu Dong <dongjiuzhu1@xiaomi.com>
Summary:
- This commit fixes the signest_test issue with lc823450-xgevk
Impact:
- SMP with CONFIG_SCHED_CHILD_STATUS=y
Testing:
- Tested with ostest with lc82345-xgevk:rndis
- NOTE: need to revert the commit 65274d5fdf
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
arch: Allocate the space from the beginning in up_stack_frame
and modify the affected portion:
1.Correct the stack dump and check
2.Allocate tls_info_s by up_stack_frame too
3.Move the stack fork allocation from arch to sched
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>