Fix more places where the user-mode allocator is used to allocate kernel thread resources -- before the user-mode allocator even exists

11 files changed, 82 insertions, 51 deletions

diff --git a/nuttx/fs/fs_fdopen.c b/nuttx/fs/fs_fdopen.c
index 3a474717f..ec0409c2f 100644
--- a/nuttx/fs/fs_fdopen.c
+++ b/nuttx/fs/fs_fdopen.c
@@ -1,7 +1,7 @@
 /****************************************************************************
  * fs/fs_fdopen.c
  *
- *   Copyright (C) 2007-2013 Gregory Nutt. All rights reserved.
+ *   Copyright (C) 2007-2014 Gregory Nutt. All rights reserved.
  *   Author: Gregory Nutt <gnutt@nuttx.org>
  *
  * Redistribution and use in source and binary forms, with or without
@@ -226,9 +226,13 @@ FAR struct file_struct *fs_fdopen(int fd, int oflags, FAR struct tcb_s *tcb)
 
           (void)sem_init(&stream->fs_sem, 0, 1);
 
-          /* Allocate the IO buffer */
+          /* Allocate the IO buffer at the appropriate privilege level for
+           * the group.
+           */
+
+          stream->fs_bufstart =
+            group_malloc(tcb->group, CONFIG_STDIO_BUFFER_SIZE);
 
-          stream->fs_bufstart = kumm_malloc(CONFIG_STDIO_BUFFER_SIZE);
           if (!stream->fs_bufstart)
             {
               err = ENOMEM;
diff --git a/nuttx/include/nuttx/addrenv.h b/nuttx/include/nuttx/addrenv.h
index a5e1de34b..9782e9918 100644
--- a/nuttx/include/nuttx/addrenv.h
+++ b/nuttx/include/nuttx/addrenv.h
@@ -201,7 +201,7 @@ struct addrenv_reserve_s
  */
 
 #define ARCH_DATA_RESERVE \
-  ((FAR struct addrenv_reserve_s *)CONFIG_ARCH_TEXT_VBASE)
+  ((FAR struct addrenv_reserve_s *)CONFIG_ARCH_DATA_VBASE)
 #endif
 
 /****************************************************************************
diff --git a/nuttx/include/nuttx/kmalloc.h b/nuttx/include/nuttx/kmalloc.h
index 68f8c7c7b..33b3b8910 100644
--- a/nuttx/include/nuttx/kmalloc.h
+++ b/nuttx/include/nuttx/kmalloc.h
@@ -81,7 +81,7 @@ extern "C"
  * from the kernel.  In the flat build, the following are declared in
  * stdlib.h and are directly callable.  In the kernel-phase of the kernel
  * build, the following are defined in userspace.h as macros that call
- * into user-space via a header at the begining of the user-space blob.
+ * into user-space via a header at the beginning of the user-space blob.
  */
 
 #define kumm_initialize(h,s)     umm_initialize(h,s)
@@ -157,6 +157,41 @@ extern "C"
 
 #endif
 
+#if (defined(CONFIG_BUILD_PROTECTED) || defined(CONFIG_BUILD_KERNEL)) && \
+     defined(CONFIG_MM_KERNEL_HEAP)
+/****************************************************************************
+ * Group memory management
+ *
+ *   Manage memory allocations appropriately for the group type.  If the
+ *   memory is part of a privileged group, then it should be allocated so
+ *   that it is only accessible by privileged code;  Otherwise, it is a
+ *   user mode group and must be allocated so that it accessible by
+ *   unprivileged code.
+ *
+ ****************************************************************************/
+/* Functions defined in group/group_malloc.c ********************************/
+
+FAR void *group_malloc(FAR struct task_group_s *group, size_t nbytes);
+
+/* Functions defined in group/group_zalloc.c ********************************/
+
+FAR void *group_zalloc(FAR struct task_group_s *group, size_t nbytes);
+
+/* Functions defined in group/group_free.c **********************************/
+
+void group_free(FAR struct task_group_s *group, FAR void *mem);
+
+#else
+  /* In the flat build, there is only one memory allocator and no distinction
+   * in privileges.
+   */
+
+#  define group_malloc(g,n) kumm_malloc(size)
+#  define group_zalloc(g,n) kumm_zalloc(size)
+#  define group_free(g,m)   kumm_free(size)
+
+#endif
+
 /* Functions defined in sched/sched_kfree.c **********************************/
 
 /* Handles memory freed from an interrupt handler.  In that context, kmm_free()
diff --git a/nuttx/sched/group/group.h b/nuttx/sched/group/group.h
index 4f74d4156..2dc74e709 100644
--- a/nuttx/sched/group/group.h
+++ b/nuttx/sched/group/group.h
@@ -95,7 +95,7 @@ void weak_function task_initialize(void);
 /* Task group data structure management */
 
 #ifdef HAVE_TASK_GROUP
-int  group_allocate(FAR struct task_tcb_s *tcb);
+int  group_allocate(FAR struct task_tcb_s *tcb, uint8_t ttype);
 int  group_initialize(FAR struct task_tcb_s *tcb);
 #ifndef CONFIG_DISABLE_PTHREAD
 int  group_bind(FAR struct pthread_tcb_s *tcb);
@@ -114,25 +114,6 @@ int group_foreachchild(FAR struct task_group_s *group,
 int group_killchildren(FAR struct task_tcb_s *tcb);
 #endif
 
-/* Group memory management */
-
-#if (defined(CONFIG_BUILD_PROTECTED) || defined(CONFIG_BUILD_KERNEL)) && \
-     defined(CONFIG_MM_KERNEL_HEAP)
-  /* Functions to pick the correct allocator based on group privileges */
-
-FAR void *group_malloc(FAR struct task_group_s *group, size_t nbytes);
-FAR void *group_zalloc(FAR struct task_group_s *group, size_t nbytes);
-void group_free(FAR struct task_group_s *group, FAR void *mem);
-
-#else
-  /* There is only one allocator */
-
-#  define group_malloc(g,n) kumm_malloc(size)
-#  define group_zalloc(g,n) kumm_zalloc(size)
-#  define group_free(g,m)   kumm_free(size)
-
-#endif
-
 #ifdef CONFIG_ARCH_ADDRENV
 /* Group address environment management */
 
diff --git a/nuttx/sched/group/group_create.c b/nuttx/sched/group/group_create.c
index fce7beee8..7d84e3e20 100644
--- a/nuttx/sched/group/group_create.c
+++ b/nuttx/sched/group/group_create.c
@@ -46,8 +46,8 @@
 
 #include <nuttx/kmalloc.h>
 
-#include "group/group.h"
 #include "environ/environ.h"
+#include "group/group.h"
 
 #ifdef HAVE_TASK_GROUP
 
@@ -164,7 +164,8 @@ static void group_assigngid(FAR struct task_group_s *group)
  *   group membership.
  *
  * Parameters:
- *   tcb - The tcb in need of the task group.
+ *   tcb   - The tcb in need of the task group.
+ *   ttype - Type of the thread that is the parent of the group
  *
  * Return Value:
  *   0 (OK) on success; a negated errno value on failure.
@@ -175,7 +176,7 @@ static void group_assigngid(FAR struct task_group_s *group)
  *
  *****************************************************************************/
 
-int group_allocate(FAR struct task_tcb_s *tcb)
+int group_allocate(FAR struct task_tcb_s *tcb, uint8_t ttype)
 {
   FAR struct task_group_s *group;
   int ret;
@@ -196,7 +197,7 @@ int group_allocate(FAR struct task_tcb_s *tcb)
    * of the group must be created for privileged access.
    */
 
-  if ((tcb->cmn.flags & TCB_FLAG_TTYPE_MASK) == TCB_FLAG_TTYPE_KERNEL)
+  if ((ttype & TCB_FLAG_TTYPE_MASK) == TCB_FLAG_TTYPE_KERNEL)
     {
       group->tg_flags |= GROUP_FLAG_PRIVILEGED;
     }
diff --git a/nuttx/sched/group/group_free.c b/nuttx/sched/group/group_free.c
index f71bebdcc..631482e06 100644
--- a/nuttx/sched/group/group_free.c
+++ b/nuttx/sched/group/group_free.c
@@ -39,6 +39,8 @@
 
 #include <sys/types.h>
 
+#include <assert.h>
+
 #include <nuttx/sched.h>
 #include <nuttx/kmalloc.h>
 
@@ -82,6 +84,8 @@
 
 void group_free(FAR struct task_group_s *group, FAR void *mem)
 {
+  DEBUGASSERT(group && mem);
+
   /* Check the group is privileged */
 
   if ((group->tg_flags & GROUP_FLAG_PRIVILEGED) != 0)
diff --git a/nuttx/sched/group/group_malloc.c b/nuttx/sched/group/group_malloc.c
index d00b5c2c0..3ca23a5b6 100644
--- a/nuttx/sched/group/group_malloc.c
+++ b/nuttx/sched/group/group_malloc.c
@@ -39,6 +39,8 @@
 
 #include <sys/types.h>
 
+#include <assert.h>
+
 #include <nuttx/sched.h>
 #include <nuttx/kmalloc.h>
 
@@ -76,8 +78,8 @@
  *
  * Description:
  *   Allocate memory appropriate for the group type.  If the memory is
- *   part of a privileged, then it should be allocated so that it is
- *   only accessed by privileged code;  Otherwise, it is a user mode
+ *   part of a privileged group, then it should be allocated so that it
+ *   is only accessible by privileged code;  Otherwise, it is a user mode
  *   group and must be allocated so that it accessible by unprivileged
  *   code.
  *
@@ -85,6 +87,8 @@
 
 FAR void *group_malloc(FAR struct task_group_s *group, size_t nbytes)
 {
+  DEBUGASSERT(group);
+
   /* Check the group type */
 
   if ((group->tg_flags & GROUP_FLAG_PRIVILEGED) != 0)
diff --git a/nuttx/sched/init/os_start.c b/nuttx/sched/init/os_start.c
index 8f3a190c2..05278111a 100644
--- a/nuttx/sched/init/os_start.c
+++ b/nuttx/sched/init/os_start.c
@@ -380,9 +380,9 @@ void os_start(void)
 #endif
   }
 
+#if defined(CONFIG_SCHED_HAVE_PARENT) && defined(CONFIG_SCHED_CHILD_STATUS)
   /* Initialize tasking data structures */
 
-#if defined(CONFIG_SCHED_HAVE_PARENT) && defined(CONFIG_SCHED_CHILD_STATUS)
 #ifdef CONFIG_HAVE_WEAKFUNCTIONS
   if (task_initialize != NULL)
 #endif
@@ -427,9 +427,9 @@ void os_start(void)
     }
 #endif
 
+#ifndef CONFIG_DISABLE_SIGNALS
   /* Initialize the signal facility (if in link) */
 
-#ifndef CONFIG_DISABLE_SIGNALS
 #ifdef CONFIG_HAVE_WEAKFUNCTIONS
   if (sig_initialize != NULL)
 #endif
@@ -438,9 +438,9 @@ void os_start(void)
     }
 #endif
 
+#ifndef CONFIG_DISABLE_MQUEUE
   /* Initialize the named message queue facility (if in link) */
 
-#ifndef CONFIG_DISABLE_MQUEUE
 #ifdef CONFIG_HAVE_WEAKFUNCTIONS
   if (mq_initialize != NULL)
 #endif
@@ -449,9 +449,9 @@ void os_start(void)
     }
 #endif
 
+#ifndef CONFIG_DISABLE_PTHREAD
   /* Initialize the thread-specific data facility (if in link) */
 
-#ifndef CONFIG_DISABLE_PTHREAD
 #ifdef CONFIG_HAVE_WEAKFUNCTIONS
   if (pthread_initialize != NULL)
 #endif
@@ -460,9 +460,9 @@ void os_start(void)
     }
 #endif
 
+#if CONFIG_NFILE_DESCRIPTORS > 0
   /* Initialize the file system (needed to support device drivers) */
 
-#if CONFIG_NFILE_DESCRIPTORS > 0
 #ifdef CONFIG_HAVE_WEAKFUNCTIONS
   if (fs_initialize != NULL)
 #endif
@@ -471,9 +471,9 @@ void os_start(void)
     }
 #endif
 
+#ifdef CONFIG_NET
   /* Initialize the network system */
 
-#ifdef CONFIG_NET
   net_initialize();
 #endif
 
@@ -497,25 +497,25 @@ void os_start(void)
     }
 
   /* IDLE Group Initialization **********************************************/
-  /* Allocate the IDLE group and suppress child status. */
-
 #ifdef HAVE_TASK_GROUP
-  DEBUGVERIFY(group_allocate(&g_idletcb));
+  /* Allocate the IDLE group */
+
+  DEBUGVERIFY(group_allocate(&g_idletcb, g_idletcb.cmn.flags));
 #endif
 
+#if CONFIG_NFILE_DESCRIPTORS > 0 || CONFIG_NSOCKET_DESCRIPTORS > 0
   /* Create stdout, stderr, stdin on the IDLE task.  These will be
    * inherited by all of the threads created by the IDLE task.
    */
 
-#if CONFIG_NFILE_DESCRIPTORS > 0 || CONFIG_NSOCKET_DESCRIPTORS > 0
   DEBUGVERIFY(group_setupidlefiles(&g_idletcb));
 #endif
 
+#ifdef HAVE_TASK_GROUP
   /* Complete initialization of the IDLE group.  Suppress retention
    * of child status in the IDLE group.
    */
 
-#ifdef HAVE_TASK_GROUP
   DEBUGVERIFY(group_initialize(&g_idletcb));
   g_idletcb.cmn.group->tg_flags = GROUP_FLAG_NOCLDWAIT;
 #endif
diff --git a/nuttx/sched/task/task_create.c b/nuttx/sched/task/task_create.c
index 4e7d656f7..cb01ff496 100644
--- a/nuttx/sched/task/task_create.c
+++ b/nuttx/sched/task/task_create.c
@@ -1,7 +1,7 @@
 /****************************************************************************
  * sched/task/task_create.c
  *
- *   Copyright (C) 2007-2010, 2013 Gregory Nutt. All rights reserved.
+ *   Copyright (C) 2007-2010, 2013-2014 Gregory Nutt. All rights reserved.
  *   Author: Gregory Nutt <gnutt@nuttx.org>
  *
  * Redistribution and use in source and binary forms, with or without
@@ -78,7 +78,7 @@
  * Description:
  *   This function creates and activates a new thread of the specified type
  *   with a specified priority and returns its system-assigned ID.  It is the
- *   internal, commn implementation of task_create() and kernel_thread().
+ *   internal, common implementation of task_create() and kernel_thread().
  *   See comments with task_create() for further information.
  *
  * Input Parameters:
@@ -118,10 +118,12 @@ static int thread_create(FAR const char *name, uint8_t ttype, int priority,
       goto errout;
     }
 
-  /* Allocate a new task group */
+  /* Allocate a new task group with privileges appropriate for the parent
+   * thread type.
+   */
 
 #ifdef HAVE_TASK_GROUP
-  ret = group_allocate(tcb);
+  ret = group_allocate(tcb, ttype);
   if (ret < 0)
     {
       errcode = -ret;
diff --git a/nuttx/sched/task/task_init.c b/nuttx/sched/task/task_init.c
index 6ad31e7f2..a4cf9fcfa 100644
--- a/nuttx/sched/task/task_init.c
+++ b/nuttx/sched/task/task_init.c
@@ -1,7 +1,7 @@
 /****************************************************************************
  * sched/task/task_init.c
  *
- *   Copyright (C) 2007, 2009, 2013 Gregory Nutt. All rights reserved.
+ *   Copyright (C) 2007, 2009, 2013-2014 Gregory Nutt. All rights reserved.
  *   Author: Gregory Nutt <gnutt@nuttx.org>
  *
  * Redistribution and use in source and binary forms, with or without
@@ -130,7 +130,7 @@ int task_init(FAR struct tcb_s *tcb, const char *name, int priority,
   /* Create a new task group */
 
 #ifdef HAVE_TASK_GROUP
-  ret = group_allocate(ttcb);
+  ret = group_allocate(ttcb, tcb->flags);
   if (ret < 0)
     {
       errcode = -ret;
diff --git a/nuttx/sched/task/task_vfork.c b/nuttx/sched/task/task_vfork.c
index 6b073b421..4368f2408 100644
--- a/nuttx/sched/task/task_vfork.c
+++ b/nuttx/sched/task/task_vfork.c
@@ -1,7 +1,7 @@
 /****************************************************************************
  * sched/task/task_vfork
  *
- *   Copyright (C) 2013 Gregory Nutt. All rights reserved.
+ *   Copyright (C) 2013-2014 Gregory Nutt. All rights reserved.
  *   Author: Gregory Nutt <gnutt@nuttx.org>
  *
  * Redistribution and use in source and binary forms, with or without
@@ -144,10 +144,10 @@ FAR struct task_tcb_s *task_vforksetup(start_t retaddr)
       return NULL;
     }
 
-  /* Allocate a new task group */
+  /* Allocate a new task group with the same privileges as the parent */
 
 #ifdef HAVE_TASK_GROUP
-  ret = group_allocate(child);
+  ret = group_allocate(child, parent->flags);
   if (ret < 0)
     {
       goto errout_with_tcb;