32698293c8
There was a possible race condition when setting the return value of a thread that is pending, from an ISR. A kernel function causes a thread to pend, with the following series of steps: - disable interrupts - move current thread to wait_q - call _Swap Depending if running on M3/4 or M0+, _Swap will either issue a svc #0, or pend PendSV directly. The same problem exists in both cases. M3/4: __svc will: - enable interrupts - trigger __pendsv M0+: _Swap() will enable interrupts. __pendsv will: - save register context including PSP into the thread struct If an interrupt occurs between interrupts being enabled them and __pendsv saving PSP, and the ISR sets the pending thread's return value, this will happen: - sees the thread in a wait_q - removes it - makes it ready - calls _set_thread_return_value - _set_thread_return_value looks at the thread's saved PSP to poke the value In this scenario, PSP hasn't yet been updated by __pendsv so it's a stale value from the previous context switch, resulting in unpredictable word on the stack getting set to the return value. There is no way to fix this issue and still have the return value being delivered directly in the pending thread's exception stack frame, in the M0+ case. There will always be a window between the unlocking of interrupts and PendSV being handled. On M3/4, it could be possible with the mix of SVC and PendSV, since the exception stack frame is created in the __svc handler. However, because we want to keep the two implementations as close as possible, and there were talks of moving M3/4 to using PendSV only, to save an exception, the approach taken solves both cases. The approach taken is similar to the ARC and Nios2 ports, where there is a field in the thread structure that holds the return value. _Swap() then loads r0/a1 with that value just before returning. Fixes ZEP-1289. Change-Id: Iee7e06fe3f8ded84aff918fd43408c7f589344d9 Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
69 lines
1.8 KiB
C
69 lines
1.8 KiB
C
/*
|
|
* Copyright (c) 2013-2016 Wind River Systems, Inc.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
/**
|
|
* @file
|
|
* @brief Private kernel definitions (ARM)
|
|
*
|
|
* This file contains private kernel function definitions and various
|
|
* other definitions for the ARM Cortex-M3 processor architecture.
|
|
*
|
|
* This file is also included by assembly language files which must #define
|
|
* _ASMLANGUAGE before including this header file. Note that kernel
|
|
* assembly source files obtains structure offset values via "absolute symbols"
|
|
* in the offsets.o module.
|
|
*/
|
|
|
|
/* this file is only meant to be included by kernel_structs.h */
|
|
|
|
#ifndef _kernel_arch_func__h_
|
|
#define _kernel_arch_func__h_
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
#ifndef _ASMLANGUAGE
|
|
extern void _FaultInit(void);
|
|
extern void _CpuIdleInit(void);
|
|
static ALWAYS_INLINE void nanoArchInit(void)
|
|
{
|
|
_InterruptStackSetup();
|
|
_ExcSetup();
|
|
_FaultInit();
|
|
_CpuIdleInit();
|
|
}
|
|
|
|
static ALWAYS_INLINE void
|
|
_set_thread_return_value(struct k_thread *thread, unsigned int value)
|
|
{
|
|
thread->arch.swap_return_value = value;
|
|
}
|
|
|
|
extern void nano_cpu_atomic_idle(unsigned int);
|
|
|
|
#define _is_in_isr() _IsInIsr()
|
|
|
|
extern void _IntLibInit(void);
|
|
|
|
#endif /* _ASMLANGUAGE */
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* _kernel_arch_func__h_ */
|