From 84e6f15c828869eb7d293096cfcfa0563b5752b3 Mon Sep 17 00:00:00 2001 From: Sebastian Huber Date: Thu, 10 Nov 2016 12:02:28 +0100 Subject: score: Robust thread dispatch On SMP configurations, it is a fatal error to call blocking operating system with interrupts disabled, since this prevents delivery of inter-processor interrupts. This could lead to executing threads which are not allowed to execute resulting in undefined behaviour. The ARM Cortex-M port has a similar problem, since the interrupt state is not a part of the thread context. Update #2811. --- cpukit/score/cpu/arm/rtems/score/cpu.h | 6 ++++++ cpukit/score/cpu/bfin/rtems/score/cpu.h | 2 ++ cpukit/score/cpu/epiphany/rtems/score/cpu.h | 2 ++ cpukit/score/cpu/i386/rtems/score/cpu.h | 2 ++ cpukit/score/cpu/lm32/rtems/score/cpu.h | 2 ++ cpukit/score/cpu/m32c/rtems/score/cpu.h | 2 ++ cpukit/score/cpu/m68k/rtems/score/cpu.h | 1 + cpukit/score/cpu/mips/rtems/score/cpu.h | 2 ++ cpukit/score/cpu/moxie/rtems/score/cpu.h | 2 ++ cpukit/score/cpu/nios2/rtems/score/cpu.h | 2 ++ cpukit/score/cpu/no_cpu/rtems/score/cpu.h | 12 ++++++++++++ cpukit/score/cpu/or1k/rtems/score/cpu.h | 2 ++ cpukit/score/cpu/powerpc/rtems/score/cpu.h | 2 ++ cpukit/score/cpu/sh/rtems/score/cpu.h | 2 ++ cpukit/score/cpu/sparc/rtems/score/cpu.h | 2 ++ cpukit/score/cpu/sparc64/rtems/score/cpu.h | 2 ++ cpukit/score/cpu/v850/rtems/score/cpu.h | 2 ++ cpukit/score/include/rtems/score/interr.h | 3 ++- cpukit/score/include/rtems/score/threaddispatch.h | 19 ++++++++++++++++++- cpukit/score/src/threaddispatch.c | 15 +++++++++++++++ 20 files changed, 82 insertions(+), 2 deletions(-) (limited to 'cpukit/score') diff --git a/cpukit/score/cpu/arm/rtems/score/cpu.h b/cpukit/score/cpu/arm/rtems/score/cpu.h index df3034134c..df946798f7 100644 --- a/cpukit/score/cpu/arm/rtems/score/cpu.h +++ b/cpukit/score/cpu/arm/rtems/score/cpu.h @@ -130,6 +130,12 @@ #define CPU_USE_DEFERRED_FP_SWITCH FALSE +#if defined(ARM_MULTILIB_ARCH_V7M) + #define CPU_ENABLE_ROBUST_THREAD_DISPATCH TRUE +#else + #define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE +#endif + #if defined(ARM_MULTILIB_HAS_WFI) #define CPU_PROVIDES_IDLE_THREAD_BODY TRUE #else diff --git a/cpukit/score/cpu/bfin/rtems/score/cpu.h b/cpukit/score/cpu/bfin/rtems/score/cpu.h index 3be10a6b71..9b54d6c6f1 100644 --- a/cpukit/score/cpu/bfin/rtems/score/cpu.h +++ b/cpukit/score/cpu/bfin/rtems/score/cpu.h @@ -233,6 +233,8 @@ extern "C" { */ #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /** * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/epiphany/rtems/score/cpu.h b/cpukit/score/cpu/epiphany/rtems/score/cpu.h index 871f30ef9c..43192039be 100644 --- a/cpukit/score/cpu/epiphany/rtems/score/cpu.h +++ b/cpukit/score/cpu/epiphany/rtems/score/cpu.h @@ -205,6 +205,8 @@ extern "C" { #define CPU_USE_DEFERRED_FP_SWITCH FALSE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /* * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/i386/rtems/score/cpu.h b/cpukit/score/cpu/i386/rtems/score/cpu.h index f70e2c6f1a..c45d914afc 100644 --- a/cpukit/score/cpu/i386/rtems/score/cpu.h +++ b/cpukit/score/cpu/i386/rtems/score/cpu.h @@ -92,6 +92,8 @@ extern "C" { #endif #endif /* __SSE__ */ +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + #define CPU_STACK_GROWS_UP FALSE /* FIXME: The Pentium 4 used 128 bytes, it this processor still relevant? */ diff --git a/cpukit/score/cpu/lm32/rtems/score/cpu.h b/cpukit/score/cpu/lm32/rtems/score/cpu.h index ed397dc34f..e6f6c51509 100644 --- a/cpukit/score/cpu/lm32/rtems/score/cpu.h +++ b/cpukit/score/cpu/lm32/rtems/score/cpu.h @@ -227,6 +227,8 @@ extern "C" { */ #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /** * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/m32c/rtems/score/cpu.h b/cpukit/score/cpu/m32c/rtems/score/cpu.h index e37cda99e3..b1ef486095 100644 --- a/cpukit/score/cpu/m32c/rtems/score/cpu.h +++ b/cpukit/score/cpu/m32c/rtems/score/cpu.h @@ -249,6 +249,8 @@ extern "C" { */ #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /** * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/m68k/rtems/score/cpu.h b/cpukit/score/cpu/m68k/rtems/score/cpu.h index 5936e15b85..0e3cd81363 100644 --- a/cpukit/score/cpu/m68k/rtems/score/cpu.h +++ b/cpukit/score/cpu/m68k/rtems/score/cpu.h @@ -94,6 +94,7 @@ extern "C" { #define CPU_ALL_TASKS_ARE_FP FALSE #define CPU_IDLE_TASK_IS_FP FALSE #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE #define CPU_PROVIDES_IDLE_THREAD_BODY TRUE #define CPU_STACK_GROWS_UP FALSE diff --git a/cpukit/score/cpu/mips/rtems/score/cpu.h b/cpukit/score/cpu/mips/rtems/score/cpu.h index 3fe0b8d022..60bec59b86 100644 --- a/cpukit/score/cpu/mips/rtems/score/cpu.h +++ b/cpukit/score/cpu/mips/rtems/score/cpu.h @@ -226,6 +226,8 @@ extern "C" { #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /* * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/moxie/rtems/score/cpu.h b/cpukit/score/cpu/moxie/rtems/score/cpu.h index fdefdcbeb5..a85b1998cf 100644 --- a/cpukit/score/cpu/moxie/rtems/score/cpu.h +++ b/cpukit/score/cpu/moxie/rtems/score/cpu.h @@ -196,6 +196,8 @@ extern "C" { */ #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /* * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/nios2/rtems/score/cpu.h b/cpukit/score/cpu/nios2/rtems/score/cpu.h index 1e9b7b3801..902b209794 100644 --- a/cpukit/score/cpu/nios2/rtems/score/cpu.h +++ b/cpukit/score/cpu/nios2/rtems/score/cpu.h @@ -55,6 +55,8 @@ extern "C" { #define CPU_USE_DEFERRED_FP_SWITCH FALSE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + #define CPU_PROVIDES_IDLE_THREAD_BODY FALSE #define CPU_STACK_GROWS_UP FALSE diff --git a/cpukit/score/cpu/no_cpu/rtems/score/cpu.h b/cpukit/score/cpu/no_cpu/rtems/score/cpu.h index 9af357111e..58a024ef0c 100644 --- a/cpukit/score/cpu/no_cpu/rtems/score/cpu.h +++ b/cpukit/score/cpu/no_cpu/rtems/score/cpu.h @@ -248,6 +248,18 @@ extern "C" { */ #define CPU_USE_DEFERRED_FP_SWITCH TRUE +/** + * @brief Enables a robust thread dispatch if set to TRUE. + * + * In general, it is an application bug to call blocking operating system + * services with interrupts disabled. In most situations this only increases + * the interrupt latency. However, on SMP configurations or on some CPU port + * like ARM Cortex-M it leads to undefined system behaviour. It order to ease + * the application development, this error condition is checked at run-time in + * case this CPU port option is defined to TRUE. + */ +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /** * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/or1k/rtems/score/cpu.h b/cpukit/score/cpu/or1k/rtems/score/cpu.h index 58bc9275df..13dd33403f 100644 --- a/cpukit/score/cpu/or1k/rtems/score/cpu.h +++ b/cpukit/score/cpu/or1k/rtems/score/cpu.h @@ -197,6 +197,8 @@ extern "C" { #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /* * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/powerpc/rtems/score/cpu.h b/cpukit/score/cpu/powerpc/rtems/score/cpu.h index 903bfa5216..91f8f63342 100644 --- a/cpukit/score/cpu/powerpc/rtems/score/cpu.h +++ b/cpukit/score/cpu/powerpc/rtems/score/cpu.h @@ -555,6 +555,8 @@ typedef struct { /* conservative setting (FALSE); probably doesn't affect performance too much */ #define CPU_USE_DEFERRED_FP_SWITCH FALSE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /* * Processor defined structures required for cpukit/score. */ diff --git a/cpukit/score/cpu/sh/rtems/score/cpu.h b/cpukit/score/cpu/sh/rtems/score/cpu.h index 2b47bae908..b4e553273d 100644 --- a/cpukit/score/cpu/sh/rtems/score/cpu.h +++ b/cpukit/score/cpu/sh/rtems/score/cpu.h @@ -177,6 +177,8 @@ extern "C" { #define CPU_USE_DEFERRED_FP_SWITCH TRUE #endif +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /* * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/sparc/rtems/score/cpu.h b/cpukit/score/cpu/sparc/rtems/score/cpu.h index 07601de648..1bc4a0e681 100644 --- a/cpukit/score/cpu/sparc/rtems/score/cpu.h +++ b/cpukit/score/cpu/sparc/rtems/score/cpu.h @@ -173,6 +173,8 @@ extern "C" { #define CPU_USE_DEFERRED_FP_SWITCH TRUE #endif +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /** * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/sparc64/rtems/score/cpu.h b/cpukit/score/cpu/sparc64/rtems/score/cpu.h index bf6f643d95..4402bde70b 100644 --- a/cpukit/score/cpu/sparc64/rtems/score/cpu.h +++ b/cpukit/score/cpu/sparc64/rtems/score/cpu.h @@ -136,6 +136,8 @@ extern "C" { #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /* * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/cpu/v850/rtems/score/cpu.h b/cpukit/score/cpu/v850/rtems/score/cpu.h index 263c88d5bc..8f3fbd96f4 100644 --- a/cpukit/score/cpu/v850/rtems/score/cpu.h +++ b/cpukit/score/cpu/v850/rtems/score/cpu.h @@ -225,6 +225,8 @@ extern "C" { */ #define CPU_USE_DEFERRED_FP_SWITCH TRUE +#define CPU_ENABLE_ROBUST_THREAD_DISPATCH FALSE + /** * Does this port provide a CPU dependent IDLE task implementation? * diff --git a/cpukit/score/include/rtems/score/interr.h b/cpukit/score/include/rtems/score/interr.h index e23db5c58d..4e499d8198 100644 --- a/cpukit/score/include/rtems/score/interr.h +++ b/cpukit/score/include/rtems/score/interr.h @@ -166,7 +166,8 @@ typedef enum { INTERNAL_ERROR_POSIX_INIT_THREAD_ENTRY_IS_NULL, INTERNAL_ERROR_THREAD_QUEUE_DEADLOCK, INTERNAL_ERROR_THREAD_QUEUE_ENQUEUE_STICKY_FROM_BAD_STATE, - INTERNAL_ERROR_BAD_THREAD_DISPATCH_DISABLE_LEVEL + INTERNAL_ERROR_BAD_THREAD_DISPATCH_DISABLE_LEVEL, + INTERNAL_ERROR_BAD_THREAD_DISPATCH_ENVIRONMENT } Internal_errors_Core_list; typedef CPU_Uint32ptr Internal_errors_t; diff --git a/cpukit/score/include/rtems/score/threaddispatch.h b/cpukit/score/include/rtems/score/threaddispatch.h index f4ca096783..0238f8f5d5 100644 --- a/cpukit/score/include/rtems/score/threaddispatch.h +++ b/cpukit/score/include/rtems/score/threaddispatch.h @@ -28,6 +28,18 @@ extern "C" { * @{ */ +#if defined(RTEMS_SMP) || ( CPU_ENABLE_ROBUST_THREAD_DISPATCH == TRUE ) +/** + * @brief Enables a robust thread dispatch. + * + * On each change of the thread dispatch disable level from one to zero the + * interrupt status is checked. In case interrupts are disabled and SMP is + * enabled or the CPU port needs it, then the system terminates with the fatal + * internal error INTERNAL_ERROR_BAD_THREAD_DISPATCH_ENVIRONMENT. + */ +#define RTEMS_SCORE_ROBUST_THREAD_DISPATCH +#endif + /** * @brief Indicates if the executing thread is inside a thread dispatch * critical section. @@ -206,7 +218,12 @@ RTEMS_INLINE_ROUTINE void _Thread_Dispatch_enable( Per_CPU_Control *cpu_self ) _ISR_Local_disable( level ); - if ( cpu_self->dispatch_necessary ) { + if ( + cpu_self->dispatch_necessary +#if defined(RTEMS_SCORE_ROBUST_THREAD_DISPATCH) + || !_ISR_Is_enabled( level ) +#endif + ) { _Thread_Do_dispatch( cpu_self, level ); } else { cpu_self->thread_dispatch_disable_level = 0; diff --git a/cpukit/score/src/threaddispatch.c b/cpukit/score/src/threaddispatch.c index f2c24905dc..4f89475578 100644 --- a/cpukit/score/src/threaddispatch.c +++ b/cpukit/score/src/threaddispatch.c @@ -147,6 +147,21 @@ void _Thread_Do_dispatch( Per_CPU_Control *cpu_self, ISR_Level level ) _Assert( cpu_self->thread_dispatch_disable_level == 1 ); +#if defined(RTEMS_SCORE_ROBUST_THREAD_DISPATCH) + if ( + !_ISR_Is_enabled( level ) +#if defined(RTEMS_SMP) + && rtems_configuration_is_smp_enabled() +#endif + ) { + _Terminate( + INTERNAL_ERROR_CORE, + false, + INTERNAL_ERROR_BAD_THREAD_DISPATCH_ENVIRONMENT + ); + } +#endif + executing = cpu_self->executing; do { -- cgit v1.2.3