Add QSPI mode to the GD25 MTD driver alongside the existing SPI path.
When CONFIG_GD25_QSPI is selected, sector erase, chip erase, byte read,
page write, and byte write all use the QSPI command/memory interfaces
instead of SPI. Reads use the quad I/O fast-read command (1-4-4) and
writes use the quad page-program command (1-1-4) via QSPIMEM_QUADDATA.
A new Kconfig option enables the QE bit in SR2 at initialisation so the
quad I/O pins are active.
Signed-off-by: Sammy Tran <sammytran@geotab.com>
Add QSPIMEM_QUADDATA to the QSPI memory flags. This flag selects quad
data width while keeping the address phase on a single line (1-1-4),
which QSPIMEM_QUADIO cannot express (it forces quad on both address and
data phases). Update stm32_qspi_memory() to honour the new flag by
setting CCR_DMODE_QUAD without touching the address mode.
Signed-off-by: Sammy Tran <sammytran@geotab.com>
Check open access against file mode and owner via fs_checkmode(), verify
parent directory permissions on create, and assign creator uid/gid to
newly created files.
Signed-off-by: Abhishek Mishra <mishra.abhishek2808@gmail.com>
Store uid/gid/mode on tmpfs objects, support chstat, enforce open and
path permissions via fs_checkmode()/fs_checkopenperm(), and inherit
creator identity on file creation.
Signed-off-by: Abhishek Mishra <mishra.abhishek2808@gmail.com>
Even after installing the ftdi library on CI it doesn't work to
compile the sim:ft2232h_gpio, so remove it from CI test.
Signed-off-by: Alan C. Assis <acassis@gmail.com>
Add fs_checkmode() and fs_checkopenperm() for reuse across filesystems.
Enforce pseudoFS mode bits in inode_checkperm() and allow world-readable
open of passwd/group entries so getpwnam() works after seteuid().
Signed-off-by: Abhishek Mishra <mishra.abhishek2808@gmail.com>
In arm_addrenv_create_region(), the inner loop already advances vaddr by
MM_PGSIZE for each mapped page, so after filling one L2 page table
(i.e., ENTRIES_PER_L2TABLE pages), vaddr has naturally advanced to the
start of the next 1MB section. The old code additionally added
i * SECTION_SIZE, causing the L1 entry for the second and subsequent
sections to skip one section each iteration—leaving virtual address
holes in the mapping.
Remove the redundant i * SECTION_SIZE offset so that the L1 entry tracks
the vaddr already maintained by the inner loop, producing contiguous
section mappings.
Signed-off-by: leisiji <2265215145@qq.com>
Update the function definitions in all 6 clk implementation files to
match the uintptr_t parameter type already declared in clk_provider.h.
Fixes CI error:
error: conflicting types for 'clk_register_divider'
Signed-off-by: hanzhijian <hanzhijian@zepp.com>
Change the 'reg' field type from uint32_t to uintptr_t in all clock
provider structs (clk_gate_s, clk_divider_s, clk_phase_s,
clk_fractional_divider_s, clk_multiplier_s, clk_mux_s) and their
corresponding clk_register_*() function prototypes.
Also update clk_write() and clk_read() inline functions to take
uintptr_t parameter and remove the now-redundant (uintptr_t) cast.
On 32-bit embedded platforms uintptr_t equals uint32_t so there is
no functional change. On 64-bit targets (e.g. sim) this fixes
-Wint-to-pointer-cast warnings that GCC15 promotes to errors.
Fixes: #16896
Signed-off-by: hanzhijian <hanzhijian@zepp.com>
This change mentions the special Kconfig settings for custom boards to
tell the build system about properties that are defined using the `HAVE`
options for in-tree boards. It also specifically mentions to avoid using
Kconfig `if` guards around the custom board Kconfig, which would be a
gotcha for people copying from in-tree boards.
Signed-off-by: Matteo Golin <matteo.golin@gmail.com>
fix
Document NSH identity commands and how login/su update the prompt (# for
effective root, $ for non-root). Cover flat-build euid semantics, related
Kconfig options, and session identity behavior after login.
The function seek which allows the user to move the cursor to a particular
offset in order to read and write from EEPROM storage does not validate the
offset is valid. Later, this can cause an out-of-bounds reads or writes.
Note that newpos may store a large value, larger than the size of the EEPROM.
Similar change in the SPI driver.
Tested locally, builds fine.
Signed-off-by: Catalin Visinescu <catalin_visinescu@yahoo.com>
This commits adds an example of the NuttX Web Panel documentation
along with its usage on ESP32-P4.
Signed-off-by: Tiago Medicci Serrano <tiago.medicci@espressif.com>
This commit adds a defconfig for enabling the NuttX Web Panel on
ESP32-P4. It also create entries to automatically call the Web
panel application after system's boot up.
The `webpanel` is removed from regular ESP32-P4 CI testing because
it ships with Python and that would overload CI infrastructure.
Signed-off-by: Tiago Medicci Serrano <tiago.medicci@espressif.com>
An unchecked integer assignment in the CAN driver may result in a division-by-zero which would result in a kernel crash (denial of service).
Tested locally, builds fine.
An unchecked integer assignment in the CAN driver may result in a division-by-zero which would result in a kernel crash (denial of service).
The CAN driver `can_ioctl` function, shown below (drivers/can/can.c), receives commands from user processes. Its received arguments `cmd` and content of `arg` are under attacker's control. In the CAN driver, some `ioctl` commands are hardware specific and are processed by calling `dev_ioctl()`. Subsequently, depending on the hardware (STM32 or AT32), this function calls `fdcan_ioctl` or `at32can_ioctl`, as shown in the snippets that follow.
```c
static int can_ioctl(FAR struct file *filep, int cmd, unsigned long arg)
{
FAR struct inode *inode = filep->f_inode;
FAR struct can_dev_s *dev = inode->i_private;
FAR struct can_reader_s *reader = filep->f_priv;
...
flags = enter_critical_section();
/* Handle built-in ioctl commands */
switch (cmd)
{
...
/* Not a "built-in" ioctl command.. perhaps it is unique to this
* lower-half, device driver. */
default:
{
ret = dev_ioctl(dev, cmd, arg);
}
break;
}
leave_critical_section(flags);
return ret;
}
```
There are a few instances where the user can trigger a kernel crash, caused by a division by zero on `CANIOC_SET_BITTIMING` command. On STM32 platforms (arch/arm/src/stm32/stm32_fdcan.c), while there is a `DEBUGASSERT` assertion for `bt->bt_baud`, the check does not cover value `0`.
```c
static const struct can_ops_s g_fdcanops =
{
...
.co_ioctl = fdcan_ioctl,
...
};
static int fdcan_ioctl(struct can_dev_s *dev, int cmd, unsigned long arg)
{
...
switch (cmd)
{
...
case CANIOC_SET_BITTIMING:
{
const struct canioc_bittiming_s *bt = (const struct canioc_bittiming_s *)arg;
uint32_t nbrp;
uint32_t ntseg1;
uint32_t ntseg2;
uint32_t nsjw;
uint32_t ie;
uint8_t state;
DEBUGASSERT(bt != NULL);
DEBUGASSERT(bt->bt_baud < STM32_FDCANCLK_FREQUENCY); // <- not valid
DEBUGASSERT(bt->bt_sjw > 0 && bt->bt_sjw <= 16);
DEBUGASSERT(bt->bt_tseg1 > 1 && bt->bt_tseg1 <= 64);
DEBUGASSERT(bt->bt_tseg2 > 0 && bt->bt_tseg2 <= 16);
/* Extract bit timing data */
ntseg1 = bt->bt_tseg1 - 1;
ntseg2 = bt->bt_tseg2 - 1;
nsjw = bt->bt_sjw - 1;
nbrp = (uint32_t)
( ((float) STM32_FDCANCLK_FREQUENCY /
((float)(ntseg1 + ntseg2 + 3) * (float)bt->bt_baud)) - 1 ); // <- div by 0
```
Similarly, another division by zero was found in Artery Technology AT32 (arch/arm/src/stm32/stm32_can.c) driver:
```c
static const struct can_ops_s g_canops =
{
...
.co_ioctl = at32can_ioctl,
...
};
static int at32can_ioctl(struct can_dev_s *dev, int cmd, unsigned long arg)
{
...
/* Handle the command */
switch (cmd)
{
...
case CANIOC_SET_BITTIMING:
{
const struct canioc_bittiming_s *bt = (const struct canioc_bittiming_s *)arg;
...
uint32_t tmp;
uint32_t regval;
DEBUGASSERT(bt != NULL);
DEBUGASSERT(bt->bt_baud < AT32_PCLK1_FREQUENCY); // <- not valid
DEBUGASSERT(bt->bt_sjw > 0 && bt->bt_sjw <= 4);
DEBUGASSERT(bt->bt_tseg1 > 0 && bt->bt_tseg1 <= 16);
DEBUGASSERT(bt->bt_tseg2 > 0 && bt->bt_tseg2 <= 8);
regval = at32can_getreg(priv, AT32_CAN_BTMG_OFFSET);
/* Extract bit timing data tmp is in clocks per bit time */
tmp = AT32_PCLK1_FREQUENCY / bt->bt_baud; // <- div by 0
```
Instances found are listed in the *Location* section below. They are not shown in detail to reduce the length of the issue.
Ensure the attacker-controlled data is properly validated before use, to stop division by zero situations. For instance:
```c
DEBUGASSERT(bt->bt_baud > 0 && bt->bt_baud < AT32_PCLK1_FREQUENCY);
```
* arch/arm/src/stm32/stm32_fdcan.c
* arch/arm/src/stm32/stm32_can.c
* arch/arm/src/sama5/sam_mcan.c
* arch/arm/src/at32/at32_can.c
* arch/arm/src/samv7/sam_mcan.c
* arch/arm/src/stm32f0l0g0/stm32_fdcan.c
* arch/arm/src/stm32f7/stm32_can.c
* arch/arm/src/stm32h5/stm32_fdcan.c
* arch/arm/src/stm32l4/stm32l4_can.c
* arch/arm/src/tiva/common/tiva_can.c
* drivers/can/mcp2515.c
Signed-off-by: Catalin Visinescu <catalin_visinescu@yahoo.com>
struct pthread_cond_s contains three fields: sem, clockid, and
wait_count. However, PTHREAD_COND_INITIALIZER only initialized the first
two fields, which triggers -Wmissing-field-initializers when a condition
variable is statically initialized.
Initialize wait_count explicitly to zero so the macro matches the structure
definition and remains warning-free with strict compiler flags.
Validated with a minimal compile test using:
pthread_cond_t cond = PTHREAD_COND_INITIALIZER;
Signed-off-by: nicolasWDC <nicolasWDC@users.noreply.github.com>
1. Don't fail LTE GETQUAL on AT+CSQ error
The LTE_CMDID_GETQUAL handler queried the modem with AT+CESQ (RSRP/RSRQ)
and then AT+CSQ (RSSI), returning the result of the last command.
Set 'valid' only when AT+CESQ parses, treat AT+CSQ as optional, zero
the metrics up front, and return OK so the caller inspects 'valid'.
2. get SNIR
Signed-off-by: raiden00pl <raiden00@railab.me>
Add LTE_CMDID_SETPSM / LTE_CMDID_SETEDRX handling that encodes the requested
PSM (T3412/T3324) and eDRX timers to AT+CPSMS / AT+CEDRXS, so the LTE power
saving modes are controllable through the common LTE API.
Signed-off-by: raiden00pl <raiden00@railab.me>
Correct build errors when CONFIG_ENABLE_ALL_SIGNALS is not defined
- sched makefiles: Move pending-signal helpers from the ENABLE_ALL_SIGNALS-only
list to the !DISABLE_ALL_SIGNALS list so signal dispatch is available in
PARTIAL builds sched: make SIG_PREALLOC_ACTIONS, SIG_ALLOC_ACTIONS and
SIG_DEFAULT depend on ENABLE_ALL_SIGNALS
- sched: fix ifdefs around pending-signal queue access and signal-mask for
PARTIAL/DISABLE modes
- arch: gate SYS_signal_handler / _return calls and SYSCALL_LOOKUP(signal)
with ENABLE_ALL_SIGNALS
Signed-off-by: Jukka Laitinen <jukka.laitinen@tii.ae>
This removes the DEBUGASSERT in ftl_initialize_by_path. Instead, check
compile time that FTL is enabled in case some of the drivers implement
the isbad and markbad functions.
Also select the FTL_BBM for those drivers as they require it.
Signed-off-by: Jukka Laitinen <jukka.laitinen@tii.ae>
When a board switches storage technology but wants to mount a littlefs
filesystem onto this storage it is desired to still use the same firmware.
This almost works out of the box in NuttX with the exception of setting the
correct block size, which may be different depending on the used storage.
An incorrect block size may lead to suboptimal performance or worse.
To avoid writing a firmware variant that only differs by
CONFIG_FS_LITTLEFS_BLOCK_SIZE_FACTOR this adds the option to pass the
intended block size at the mount call. To still enable the usage of the existing
options this adds a parser for comma-separated mount options, allowing multiple
options to be passed simultaneously.
Example: "autoformat,block_size_factor=4",
"autoformat,block_size_factor=1"
This is backwards compatible: single options passed without commas continue to
work as before.
Signed-off-by: alexcekay <alexander@auterion.com>
A malformed packet can trigger memory corruption in the kernel leading to a
system crash or potentially arbitrary code execution in the kernel.
The CAN driver for the CTU CAN FD IP Core connected to the NuttX device
via a PCI / PCI Express (PCIe) bus shows a lack of consideration for
malformed data, assuming the CAN frames are always correct.
Ensure `frame->fmt.rwcnt` is 21 or less before it is used in the `for` loop.
A similar change was done in ctucanfd_sock_recv().
Tested locally, builds fine.
Signed-off-by: Catalin Visinescu <catalin_visinescu@yahoo.com>
BREAKING CHANGE: STM32N6 Kconfig symbols were renamed from CONFIG_STM32N6_* to CONFIG_STM32_*.
Out-of-tree code must update defconfigs and Kconfig references to the new CONFIG_STM32_* names.
Signed-off-by: raiden00pl <raiden00@railab.me>
BREAKING CHANGE: STM32WL5 Kconfig symbols were renamed from CONFIG_STM32WL5_* to CONFIG_STM32_*.
Out-of-tree code must update defconfigs and Kconfig references to the new CONFIG_STM32_* names.
Signed-off-by: raiden00pl <raiden00@railab.me>
BREAKING CHANGE: STM32WB Kconfig symbols were renamed from CONFIG_STM32WB_* to CONFIG_STM32_*.
Out-of-tree code must update defconfigs and Kconfig references to the new CONFIG_STM32_* names.
The custom clock option is a special breaking case that does not follow the family-to-common pattern:
CONFIG_ARCH_BOARD_STM32WB_CUSTOM_CLOCKCONFIG was renamed to CONFIG_ARCH_BOARD_STM32_CUSTOM_CLOCKCONFIG.
Signed-off-by: raiden00pl <raiden00@railab.me>
BREAKING CHANGE: STM32U5 Kconfig symbols were renamed from CONFIG_STM32U5_* to CONFIG_STM32_*.
Out-of-tree code must update defconfigs and Kconfig references to the new CONFIG_STM32_* names.
The custom clock option is a special breaking case that does not follow the family-to-common pattern:
CONFIG_ARCH_BOARD_STM32U5_CUSTOM_CLOCKCONFIG was renamed to CONFIG_ARCH_BOARD_STM32_CUSTOM_CLOCKCONFIG.
Signed-off-by: raiden00pl <raiden00@railab.me>
BREAKING CHANGE: STM32L5 Kconfig symbols were renamed from CONFIG_STM32L5_* to CONFIG_STM32_*.
Out-of-tree code must update defconfigs and Kconfig references to the new CONFIG_STM32_* names.
The custom clock option is a special breaking case that does not follow the family-to-common pattern:
CONFIG_ARCH_BOARD_STM32L5_CUSTOM_CLOCKCONFIG was renamed to CONFIG_ARCH_BOARD_STM32_CUSTOM_CLOCKCONFIG.
Signed-off-by: raiden00pl <raiden00@railab.me>
BREAKING CHANGE: STM32L4 Kconfig symbols were renamed from CONFIG_STM32L4_* to CONFIG_STM32_*.
Out-of-tree code must update defconfigs and Kconfig references to the new CONFIG_STM32_* names.
The custom clock option is a special breaking case that does not follow the family-to-common pattern:
CONFIG_ARCH_BOARD_STM32L4_CUSTOM_CLOCKCONFIG was renamed to CONFIG_ARCH_BOARD_STM32_CUSTOM_CLOCKCONFIG.
Signed-off-by: raiden00pl <raiden00@railab.me>
BREAKING CHANGE: STM32H7 Kconfig symbols were renamed from CONFIG_STM32H7_* to CONFIG_STM32_*.
Out-of-tree code must update defconfigs and Kconfig references to the new CONFIG_STM32_* names.
The custom clock option is a special breaking case that does not follow the family-to-common pattern:
CONFIG_STM32H7_CUSTOM_CLOCKCONFIG was renamed to CONFIG_ARCH_BOARD_STM32_CUSTOM_CLOCKCONFIG.
Signed-off-by: raiden00pl <raiden00@railab.me>
BREAKING CHANGE: STM32H5 Kconfig symbols were renamed from CONFIG_STM32H5_* to CONFIG_STM32_*.
Out-of-tree code must update defconfigs and Kconfig references to the new CONFIG_STM32_* names.
The custom clock option is a special breaking case that does not follow the family-to-common pattern:
CONFIG_ARCH_BOARD_STM32H5_CUSTOM_CLOCKCONFIG was renamed to CONFIG_ARCH_BOARD_STM32_CUSTOM_CLOCKCONFIG.
Signed-off-by: raiden00pl <raiden00@railab.me>
BREAKING CHANGE: STM32F7 Kconfig symbols were renamed from CONFIG_STM32F7_* to CONFIG_STM32_*.
Out-of-tree code must update defconfigs and Kconfig references to the new CONFIG_STM32_* names.
The custom clock option is a special breaking case that does not follow the family-to-common pattern:
CONFIG_STM32F7_CUSTOM_CLOCKCONFIG was renamed to CONFIG_ARCH_BOARD_STM32_CUSTOM_CLOCKCONFIG.
Signed-off-by: raiden00pl <raiden00@railab.me>
Shared STM32 Kconfig option definitions from the stm32 (F1/F2/F3/F4/G4/L1)
and stm32f0l0g0 (F0/L0/G0/C0) families moved into arch/arm/src/common/stm32.
Signed-off-by: raiden00pl <raiden00@railab.me>
BREAKING CHANGE: STM32F0/L0/G0/C0 Kconfig symbols were renamed from
CONFIG_STM32F0L0G0_* to CONFIG_STM32_*. Out-of-tree code must update defconfigs
and Kconfig references to the new CONFIG_STM32_* names.
The custom clock option is a special breaking case that does not follow the
family-to-common pattern:
CONFIG_ARCH_BOARD_STM32F0G0L0_CUSTOM_CLOCKCONFIG was renamed to CONFIG_ARCH_BOARD_STM32_CUSTOM_CLOCKCONFIG.
Signed-off-by: raiden00pl <raiden00@railab.me>
Add the shared STM32 Kconfig include and introduce the hidden
common ARCH_CHIP_STM32 selector used by concrete STM32 families.
Signed-off-by: raiden00pl <raiden00@railab.me>
Add CONFIG_NRF91_GPIOTE1_NS so the secure firmware can hand the non-secure
GPIOTE instance to the application, allowing a non-secure app to use GPIO
interrupts.
Signed-off-by: raiden00pl <raiden00@railab.me>
Port the GPIOTE driver from nrf53, which shares the same secure/non-secure
TrustZone split. The non-secure application uses GPIOTE1 (the register base
and interrupt are selected by the build security domain). This provides GPIO
edge interrupts, e.g. for board buttons.
Signed-off-by: raiden00pl <raiden00@railab.me>
Coexistence policy does not belong in the driver. Replace the in-driver
priority-boost arbitration (the NRF91_MODEM_GNSS_BOOST_PRIO knob and the
NOT_ENOUGH_WINDOW_TIME counter heuristic) with a user space mechanism:
SNIOC_GNSS_SET_PRIORITY toggles nrf_modem_gnss priority mode on request,
leaving the when-to-use-it decision to the application.
Signed-off-by: raiden00pl <raiden00@railab.me>
When calling Set RF Configuration command, a compromised user
process can trigger memory corruption in the kernel. This can
lead to a system crash or potentially arbitrary code execution
in the kernel.
It addresses an earlier incomplete fix.
Tested locally.
Signed-off-by: Your Name <catalin_visinescu@yahoo.com>
Sammy Tran
Abhishek Mishra
Alan Carvalho de Assis
leisiji
Michael Rogov Papernov
dependabot[bot]
hanzhijian
Matteo Golin
Catalin Visinescu
Tiago Medicci Serrano
nicolasWDC
raiden00pl
Jukka Laitinen
alexcekay
Serg Podtynnyi