From 84e6f15c828869eb7d293096cfcfa0563b5752b3 Mon Sep 17 00:00:00 2001 From: Sebastian Huber Date: Thu, 10 Nov 2016 12:02:28 +0100 Subject: score: Robust thread dispatch On SMP configurations, it is a fatal error to call blocking operating system with interrupts disabled, since this prevents delivery of inter-processor interrupts. This could lead to executing threads which are not allowed to execute resulting in undefined behaviour. The ARM Cortex-M port has a similar problem, since the interrupt state is not a part of the thread context. Update #2811. --- cpukit/sapi/src/interrtext.c | 3 +- cpukit/score/cpu/arm/rtems/score/cpu.h | 6 ++ cpukit/score/cpu/bfin/rtems/score/cpu.h | 2 + cpukit/score/cpu/epiphany/rtems/score/cpu.h | 2 + cpukit/score/cpu/i386/rtems/score/cpu.h | 2 + cpukit/score/cpu/lm32/rtems/score/cpu.h | 2 + cpukit/score/cpu/m32c/rtems/score/cpu.h | 2 + cpukit/score/cpu/m68k/rtems/score/cpu.h | 1 + cpukit/score/cpu/mips/rtems/score/cpu.h | 2 + cpukit/score/cpu/moxie/rtems/score/cpu.h | 2 + cpukit/score/cpu/nios2/rtems/score/cpu.h | 2 + cpukit/score/cpu/no_cpu/rtems/score/cpu.h | 12 ++++ cpukit/score/cpu/or1k/rtems/score/cpu.h | 2 + cpukit/score/cpu/powerpc/rtems/score/cpu.h | 2 + cpukit/score/cpu/sh/rtems/score/cpu.h | 2 + cpukit/score/cpu/sparc/rtems/score/cpu.h | 2 + cpukit/score/cpu/sparc64/rtems/score/cpu.h | 2 + cpukit/score/cpu/v850/rtems/score/cpu.h | 2 + cpukit/score/include/rtems/score/interr.h | 3 +- cpukit/score/include/rtems/score/threaddispatch.h | 19 ++++++- cpukit/score/src/threaddispatch.c | 15 +++++ testsuites/smptests/Makefile.am | 1 + testsuites/smptests/configure.ac | 1 + testsuites/smptests/smpfatal06/Makefile.am | 19 +++++++ testsuites/smptests/smpfatal06/init.c | 69 +++++++++++++++++++++++ testsuites/smptests/smpfatal06/smpfatal06.doc | 13 +++++ testsuites/smptests/smpfatal06/smpfatal06.scn | 2 + testsuites/sptests/spinternalerror02/init.c | 2 +- 28 files changed, 190 insertions(+), 4 deletions(-) create mode 100644 testsuites/smptests/smpfatal06/Makefile.am create mode 100644 testsuites/smptests/smpfatal06/init.c create mode 100644 testsuites/smptests/smpfatal06/smpfatal06.doc create mode 100644 testsuites/smptests/smpfatal06/smpfatal06.scn diff --git a/cpukit/sapi/src/interrtext.c b/cpukit/sapi/src/interrtext.c index edf09dbd93..ce69461cab 100644 --- a/cpukit/sapi/src/interrtext.c +++ b/cpukit/sapi/src/interrtext.c @@ -57,7 +57,8 @@ static const char *const internal_error_text[] = { "INTERNAL_ERROR_POSIX_INIT_THREAD_ENTRY_IS_NULL", "INTERNAL_ERROR_THREAD_QUEUE_DEADLOCK", "INTERNAL_ERROR_THREAD_QUEUE_ENQUEUE_STICKY_FROM_BAD_STATE", - "INTERNAL_ERROR_BAD_THREAD_DISPATCH_DISABLE_LEVEL" + "INTERNAL_ERROR_BAD_THREAD_DISPATCH_DISABLE_LEVEL", + "INTERNAL_ERROR_BAD_THREAD_DISPATCH_ENVIRONMENT" }; const char *rtems_internal_error_text( rtems_fatal_code error ) diff --git a/cpukit/score/cpu/arm/rtems/score/cpu.h b/cpukit/score/cpu/arm/rtems/score/cpu.h index df3034134c..df946798f7 100644 --- a/cpukit/score/cpu/arm/rtems/score/cpu.h +++ b/cpukit/score/cpu/arm/rtems/score/cpu.h @@ -130,6 +130,12 @@ #define CPU_USE_DEFERRED_FP_SWITCH FALSE +#if defined(ARM_MULTILIB_ARCH_V7M) + #define CPU_ENABLE_ROBUST_THREAD_DISPATCH TRUE +#else + #define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE +#endif + #if defined(ARM_MULTILIB_HAS_WFI) #define CPU_PROVIDES_IDLE_THREAD_BODY TRUE #else diff --git a/cpukit/score/cpu/bfin/rtems/score/cpu.h b/cpukit/score/cpu/bfin/rtems/score/cpu.h index 3be10a6b71..9b54d6c6f1 100644 --- a/cpukit/score/cpu/bfin/rtems/score/cpu.h +++ b/cpukit/score/cpu/bfin/rtems/score/cpu.h @@ -233,6 +233,8 @@ extern "C" { */ #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /** * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/epiphany/rtems/score/cpu.h b/cpukit/score/cpu/epiphany/rtems/score/cpu.h index 871f30ef9c..43192039be 100644 --- a/cpukit/score/cpu/epiphany/rtems/score/cpu.h +++ b/cpukit/score/cpu/epiphany/rtems/score/cpu.h @@ -205,6 +205,8 @@ extern "C" { #define CPU_USE_DEFERRED_FP_SWITCH FALSE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /* * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/i386/rtems/score/cpu.h b/cpukit/score/cpu/i386/rtems/score/cpu.h index f70e2c6f1a..c45d914afc 100644 --- a/cpukit/score/cpu/i386/rtems/score/cpu.h +++ b/cpukit/score/cpu/i386/rtems/score/cpu.h @@ -92,6 +92,8 @@ extern "C" { #endif #endif /* __SSE__ */ +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + #define CPU_STACK_GROWS_UP FALSE /* FIXME: The Pentium 4 used 128 bytes, it this processor still relevant? */ diff --git a/cpukit/score/cpu/lm32/rtems/score/cpu.h b/cpukit/score/cpu/lm32/rtems/score/cpu.h index ed397dc34f..e6f6c51509 100644 --- a/cpukit/score/cpu/lm32/rtems/score/cpu.h +++ b/cpukit/score/cpu/lm32/rtems/score/cpu.h @@ -227,6 +227,8 @@ extern "C" { */ #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /** * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/m32c/rtems/score/cpu.h b/cpukit/score/cpu/m32c/rtems/score/cpu.h index e37cda99e3..b1ef486095 100644 --- a/cpukit/score/cpu/m32c/rtems/score/cpu.h +++ b/cpukit/score/cpu/m32c/rtems/score/cpu.h @@ -249,6 +249,8 @@ extern "C" { */ #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /** * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/m68k/rtems/score/cpu.h b/cpukit/score/cpu/m68k/rtems/score/cpu.h index 5936e15b85..0e3cd81363 100644 --- a/cpukit/score/cpu/m68k/rtems/score/cpu.h +++ b/cpukit/score/cpu/m68k/rtems/score/cpu.h @@ -94,6 +94,7 @@ extern "C" { #define CPU_ALL_TASKS_ARE_FP FALSE #define CPU_IDLE_TASK_IS_FP FALSE #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE #define CPU_PROVIDES_IDLE_THREAD_BODY TRUE #define CPU_STACK_GROWS_UP FALSE diff --git a/cpukit/score/cpu/mips/rtems/score/cpu.h b/cpukit/score/cpu/mips/rtems/score/cpu.h index 3fe0b8d022..60bec59b86 100644 --- a/cpukit/score/cpu/mips/rtems/score/cpu.h +++ b/cpukit/score/cpu/mips/rtems/score/cpu.h @@ -226,6 +226,8 @@ extern "C" { #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /* * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/moxie/rtems/score/cpu.h b/cpukit/score/cpu/moxie/rtems/score/cpu.h index fdefdcbeb5..a85b1998cf 100644 --- a/cpukit/score/cpu/moxie/rtems/score/cpu.h +++ b/cpukit/score/cpu/moxie/rtems/score/cpu.h @@ -196,6 +196,8 @@ extern "C" { */ #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /* * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/nios2/rtems/score/cpu.h b/cpukit/score/cpu/nios2/rtems/score/cpu.h index 1e9b7b3801..902b209794 100644 --- a/cpukit/score/cpu/nios2/rtems/score/cpu.h +++ b/cpukit/score/cpu/nios2/rtems/score/cpu.h @@ -55,6 +55,8 @@ extern "C" { #define CPU_USE_DEFERRED_FP_SWITCH FALSE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + #define CPU_PROVIDES_IDLE_THREAD_BODY FALSE #define CPU_STACK_GROWS_UP FALSE diff --git a/cpukit/score/cpu/no_cpu/rtems/score/cpu.h b/cpukit/score/cpu/no_cpu/rtems/score/cpu.h index 9af357111e..58a024ef0c 100644 --- a/cpukit/score/cpu/no_cpu/rtems/score/cpu.h +++ b/cpukit/score/cpu/no_cpu/rtems/score/cpu.h @@ -248,6 +248,18 @@ extern "C" { */ #define CPU_USE_DEFERRED_FP_SWITCH TRUE +/** + * @brief Enables a robust thread dispatch if set to TRUE. + * + * In general, it is an application bug to call blocking operating system + * services with interrupts disabled. In most situations this only increases + * the interrupt latency. However, on SMP configurations or on some CPU port + * like ARM Cortex-M it leads to undefined system behaviour. It order to ease + * the application development, this error condition is checked at run-time in + * case this CPU port option is defined to TRUE. + */ +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /** * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/or1k/rtems/score/cpu.h b/cpukit/score/cpu/or1k/rtems/score/cpu.h index 58bc9275df..13dd33403f 100644 --- a/cpukit/score/cpu/or1k/rtems/score/cpu.h +++ b/cpukit/score/cpu/or1k/rtems/score/cpu.h @@ -197,6 +197,8 @@ extern "C" { #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /* * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/powerpc/rtems/score/cpu.h b/cpukit/score/cpu/powerpc/rtems/score/cpu.h index 903bfa5216..91f8f63342 100644 --- a/cpukit/score/cpu/powerpc/rtems/score/cpu.h +++ b/cpukit/score/cpu/powerpc/rtems/score/cpu.h @@ -555,6 +555,8 @@ typedef struct { /* conservative setting (FALSE); probably doesn't affect performance too much */ #define CPU_USE_DEFERRED_FP_SWITCH FALSE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /* * Processor defined structures required for cpukit/score. */ diff --git a/cpukit/score/cpu/sh/rtems/score/cpu.h b/cpukit/score/cpu/sh/rtems/score/cpu.h index 2b47bae908..b4e553273d 100644 --- a/cpukit/score/cpu/sh/rtems/score/cpu.h +++ b/cpukit/score/cpu/sh/rtems/score/cpu.h @@ -177,6 +177,8 @@ extern "C" { #define CPU_USE_DEFERRED_FP_SWITCH TRUE #endif +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /* * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/sparc/rtems/score/cpu.h b/cpukit/score/cpu/sparc/rtems/score/cpu.h index 07601de648..1bc4a0e681 100644 --- a/cpukit/score/cpu/sparc/rtems/score/cpu.h +++ b/cpukit/score/cpu/sparc/rtems/score/cpu.h @@ -173,6 +173,8 @@ extern "C" { #define CPU_USE_DEFERRED_FP_SWITCH TRUE #endif +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /** * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/sparc64/rtems/score/cpu.h b/cpukit/score/cpu/sparc64/rtems/score/cpu.h index bf6f643d95..4402bde70b 100644 --- a/cpukit/score/cpu/sparc64/rtems/score/cpu.h +++ b/cpukit/score/cpu/sparc64/rtems/score/cpu.h @@ -136,6 +136,8 @@ extern "C" { #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /* * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/v850/rtems/score/cpu.h b/cpukit/score/cpu/v850/rtems/score/cpu.h index 263c88d5bc..8f3fbd96f4 100644 --- a/cpukit/score/cpu/v850/rtems/score/cpu.h +++ b/cpukit/score/cpu/v850/rtems/score/cpu.h @@ -225,6 +225,8 @@ extern "C" { */ #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /** * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/include/rtems/score/interr.h b/cpukit/score/include/rtems/score/interr.h index e23db5c58d..4e499d8198 100644 --- a/cpukit/score/include/rtems/score/interr.h +++ b/cpukit/score/include/rtems/score/interr.h @@ -166,7 +166,8 @@ typedef enum { INTERNAL_ERROR_POSIX_INIT_THREAD_ENTRY_IS_NULL, INTERNAL_ERROR_THREAD_QUEUE_DEADLOCK, INTERNAL_ERROR_THREAD_QUEUE_ENQUEUE_STICKY_FROM_BAD_STATE, - INTERNAL_ERROR_BAD_THREAD_DISPATCH_DISABLE_LEVEL + INTERNAL_ERROR_BAD_THREAD_DISPATCH_DISABLE_LEVEL, + INTERNAL_ERROR_BAD_THREAD_DISPATCH_ENVIRONMENT } Internal_errors_Core_list; typedef CPU_Uint32ptr Internal_errors_t; diff --git a/cpukit/score/include/rtems/score/threaddispatch.h b/cpukit/score/include/rtems/score/threaddispatch.h index f4ca096783..0238f8f5d5 100644 --- a/cpukit/score/include/rtems/score/threaddispatch.h +++ b/cpukit/score/include/rtems/score/threaddispatch.h @@ -28,6 +28,18 @@ extern "C" { * @{ */ +#if defined(RTEMS_SMP) || ( CPU_ENABLE_ROBUST_THREAD_DISPATCH == TRUE ) +/** + * @brief Enables a robust thread dispatch. + * + * On each change of the thread dispatch disable level from one to zero the + * interrupt status is checked. In case interrupts are disabled and SMP is + * enabled or the CPU port needs it, then the system terminates with the fatal + * internal error INTERNAL_ERROR_BAD_THREAD_DISPATCH_ENVIRONMENT. + */ +#define RTEMS_SCORE_ROBUST_THREAD_DISPATCH +#endif + /** * @brief Indicates if the executing thread is inside a thread dispatch * critical section. @@ -206,7 +218,12 @@ RTEMS_INLINE_ROUTINE void _Thread_Dispatch_enable( Per_CPU_Control *cpu_self ) _ISR_Local_disable( level ); - if ( cpu_self->dispatch_necessary ) { + if ( + cpu_self->dispatch_necessary +#if defined(RTEMS_SCORE_ROBUST_THREAD_DISPATCH) + || !_ISR_Is_enabled( level ) +#endif + ) { _Thread_Do_dispatch( cpu_self, level ); } else { cpu_self->thread_dispatch_disable_level = 0; diff --git a/cpukit/score/src/threaddispatch.c b/cpukit/score/src/threaddispatch.c index f2c24905dc..4f89475578 100644 --- a/cpukit/score/src/threaddispatch.c +++ b/cpukit/score/src/threaddispatch.c @@ -147,6 +147,21 @@ void _Thread_Do_dispatch( Per_CPU_Control *cpu_self, ISR_Level level ) _Assert( cpu_self->thread_dispatch_disable_level == 1 ); +#if defined(RTEMS_SCORE_ROBUST_THREAD_DISPATCH) + if ( + !_ISR_Is_enabled( level ) +#if defined(RTEMS_SMP) + && rtems_configuration_is_smp_enabled() +#endif + ) { + _Terminate( + INTERNAL_ERROR_CORE, + false, + INTERNAL_ERROR_BAD_THREAD_DISPATCH_ENVIRONMENT + ); + } +#endif + executing = cpu_self->executing; do { diff --git a/testsuites/smptests/Makefile.am b/testsuites/smptests/Makefile.am index 86b9fed1db..ba5b35f973 100644 --- a/testsuites/smptests/Makefile.am +++ b/testsuites/smptests/Makefile.am @@ -20,6 +20,7 @@ SUBDIRS += smpfatal02 SUBDIRS += smpfatal03 SUBDIRS += smpfatal04 SUBDIRS += smpfatal05 +SUBDIRS += smpfatal06 SUBDIRS += smpfatal08 SUBDIRS += smpipi01 SUBDIRS += smpload01 diff --git a/testsuites/smptests/configure.ac b/testsuites/smptests/configure.ac index 75fef51fca..bec8149f36 100644 --- a/testsuites/smptests/configure.ac +++ b/testsuites/smptests/configure.ac @@ -78,6 +78,7 @@ smpfatal02/Makefile smpfatal03/Makefile smpfatal04/Makefile smpfatal05/Makefile +smpfatal06/Makefile smpfatal08/Makefile smpipi01/Makefile smpload01/Makefile diff --git a/testsuites/smptests/smpfatal06/Makefile.am b/testsuites/smptests/smpfatal06/Makefile.am new file mode 100644 index 0000000000..c0bdf5bb23 --- /dev/null +++ b/testsuites/smptests/smpfatal06/Makefile.am @@ -0,0 +1,19 @@ +rtems_tests_PROGRAMS = smpfatal06 +smpfatal06_SOURCES = init.c + +dist_rtems_tests_DATA = smpfatal06.scn smpfatal06.doc + +include $(RTEMS_ROOT)/make/custom/@RTEMS_BSP@.cfg +include $(top_srcdir)/../automake/compile.am +include $(top_srcdir)/../automake/leaf.am + +AM_CPPFLAGS += -I$(top_srcdir)/../support/include + +LINK_OBJS = $(smpfatal06_OBJECTS) +LINK_LIBS = $(smpfatal06_LDLIBS) + +smpfatal06$(EXEEXT): $(smpfatal06_OBJECTS) $(smpfatal06_DEPENDENCIES) + @rm -f smpfatal06$(EXEEXT) + $(make-exe) + +include $(top_srcdir)/../automake/local.am diff --git a/testsuites/smptests/smpfatal06/init.c b/testsuites/smptests/smpfatal06/init.c new file mode 100644 index 0000000000..f871112b1a --- /dev/null +++ b/testsuites/smptests/smpfatal06/init.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2016 embedded brains GmbH. All rights reserved. + * + * embedded brains GmbH + * Dornierstr. 4 + * 82178 Puchheim + * Germany + * + * + * The license and distribution terms for this file may be + * found in the file LICENSE in this distribution or at + * http://www.rtems.org/license/LICENSE. + */ + +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + +#define TESTS_USE_PRINTK +#include "tmacros.h" + +#include + +const char rtems_test_name[] = "SMPFATAL 6"; + +static void Init(rtems_task_argument arg) +{ + rtems_interrupt_level level; + + TEST_BEGIN(); + + rtems_interrupt_local_disable(level); + (void) level; + rtems_task_wake_after(1); +} + +static void fatal_extension( + rtems_fatal_source source, + bool is_internal, + rtems_fatal_code code +) +{ + if ( + source == INTERNAL_ERROR_CORE + && !is_internal + && code == INTERNAL_ERROR_BAD_THREAD_DISPATCH_ENVIRONMENT + ) { + TEST_END(); + } +} + +#define CONFIGURE_APPLICATION_NEEDS_CLOCK_DRIVER +#define CONFIGURE_APPLICATION_NEEDS_CONSOLE_DRIVER + +#define CONFIGURE_INITIAL_EXTENSIONS \ + { .fatal = fatal_extension }, \ + RTEMS_TEST_INITIAL_EXTENSION + +#define CONFIGURE_SMP_APPLICATION + +#define CONFIGURE_SMP_MAXIMUM_PROCESSORS 1 + +#define CONFIGURE_MAXIMUM_TASKS 1 + +#define CONFIGURE_RTEMS_INIT_TASKS_TABLE + +#define CONFIGURE_INIT + +#include diff --git a/testsuites/smptests/smpfatal06/smpfatal06.doc b/testsuites/smptests/smpfatal06/smpfatal06.doc new file mode 100644 index 0000000000..57a6508625 --- /dev/null +++ b/testsuites/smptests/smpfatal06/smpfatal06.doc @@ -0,0 +1,13 @@ +This file describes the directives and concepts tested by this test set. + +test set name: smpfatal06 + +directives: + + - _Thread_Do_dispatch() + +concepts: + + - Ensure that the fatal error INTERNAL_ERROR_BAD_THREAD_DISPATCH_ENVIRONMENT + occurs in case a blocking operating system service is called with + interrupts disabled. diff --git a/testsuites/smptests/smpfatal06/smpfatal06.scn b/testsuites/smptests/smpfatal06/smpfatal06.scn new file mode 100644 index 0000000000..25bc9f7929 --- /dev/null +++ b/testsuites/smptests/smpfatal06/smpfatal06.scn @@ -0,0 +1,2 @@ +*** BEGIN OF TEST SMPFATAL 6 *** +*** END OF TEST SMPFATAL 6 *** diff --git a/testsuites/sptests/spinternalerror02/init.c b/testsuites/sptests/spinternalerror02/init.c index af9d764271..8c1ab366f8 100644 --- a/testsuites/sptests/spinternalerror02/init.c +++ b/testsuites/sptests/spinternalerror02/init.c @@ -36,7 +36,7 @@ static void test_internal_error_text(void) } while ( text != text_last ); rtems_test_assert( - error - 3 == INTERNAL_ERROR_BAD_THREAD_DISPATCH_DISABLE_LEVEL + error - 3 == INTERNAL_ERROR_BAD_THREAD_DISPATCH_ENVIRONMENT ); } -- cgit v1.2.3