Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential thread stack overflow in AP_MSP::loop #28458

Open
mirusu400 opened this issue Oct 23, 2024 · 0 comments
Open

Potential thread stack overflow in AP_MSP::loop #28458

mirusu400 opened this issue Oct 23, 2024 · 0 comments

Comments

@mirusu400
Copy link

Bug report

Issue details

While some detailed build configuration, There are potential stack overflow in thread function named AP_MSP::loop.

ardupilot/libraries/AP_MSP/AP_MSP.cpp

Lines 114 to 121 in 92693e0

if (backends_using_msp_thread > 0) {
// we've found at least 1 msp backend, start protocol handler
if (!hal.scheduler->thread_create(FUNCTOR_BIND_MEMBER(&AP_MSP::loop, void),
"MSP",
1024, AP_HAL::Scheduler::PRIORITY_IO, 1)) {
return;
}
}

In this line, AP_MSP::loop Allows 1024 stack size.

However, after manually checking stack, it might have 1096 Bytes in with some detailed configurations.

Steps to reproduce
Step to reproduce is quite same as #28374 and #27937

  1. In boards.py, Add this line:
# In 224 line..
        env.CFLAGS += [
++          '-fstack-usage',
            '-ffunction-sections',
            '-fdata-sections',
            '-fsigned-char',
...
# In 343 line...
        env.CXXFLAGS += [
++          '-fstack-usage',
            '-std=gnu++11',

            '-fdata-sections',

This will help you automatically calculating stack size of each function.

  1. Build ardupilot normally, using this configurations:
./waf configure --board r9pilot -g --check-verbose --disable-Werror --toolchain=arm-none-eabi --notests --enable-scripting --enable-opendroneid --enable-check-firmware --enable-custom-controller --enable-gps-logging --enable-header-checks --enable-stats 
./waf -v copter

Now we can get stack usage file (*.su) for each source file, So we can manually check stack size of each function.

In case of AP_MSP::loop:

There are large call stack with this flow:

AP_MSP::loop() => 32 byte
AP_MSP_Telem_Backend::hide_osd_items() => 64 byte
AP_MSP_Telem_Backend::get_rssi => 8 byte
AP_RSSI::read_receiver_rssi => 8 byte
AP_RSSI::read_pwm_pin_rssi => 8 byte
AP_HAL::PWMSource::set_pin => 40 byte
GCS::send_text => 0 byte
GCS::send_textv => 160 byte
GCS::service_statustext => 24 byte
GCS_MAVLINK::service_statustext => 120 byte
_mav_finalize_message_chan_send => 88 byte
mavlink_sign_packet => 136 byte
mavlink_sha256_update => 416 byte

=> SUM: 1096

So, there are potentially occur stack overflow in AP_SmartAudio::loop Thread function.

I only check with R9Pilot with copter, but it seems that there are lots of any other configurations that potentially make thread stack overflow.

Version

Ardupilot latest version (commit 92693e0)

Platform
[ ] All
[ ] AntennaTracker
[ x ] Copter
[ ] Plane
[ ] Rover
[ ] Submarine

Hardware type
R9Pilot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mirusu400