-
Notifications
You must be signed in to change notification settings - Fork 652
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: Fix cortex-m context switch bug with a custom flag for the SVC handler #3305
Conversation
This flag tells the SVC handler if we are switching from userspace to the kernel or from the kernel to userspace.
Based on the recent discussion in slack, I still don't think we have a good enough understanding of the issue in #3109 to be confident that this fix will address it, and I suspect this is not a direction we would choose to take if not needed (one reason being that I think this approach of using a raw global variable and volatile accesses for "inter-thread" communication between the exception handler and the main thread is not technically sound, although we do it with two other variables already) |
Why wouldn't it be sound? All the accesses are happening in a single hardware thread of execution. |
Ok, I actually didn't look at the code changes in this PR (shame on me), in which all accesses are actually made directly in https://internals.rust-lang.org/t/volatile-and-sensitive-memory/3188/65 This comment, for example, suggests that LLVM might make volatile reads/write normal reads/writes when it observes that the address pointed to by those reads/writes is also accessed as a normal pointer. Not sure whether the manipulation in our inline assembly (we take the address of the global, store it in a register, then write to the memory address stored in that register) would be treated as a "normal access" in the sense described by that comment. |
I am not concerned about mixed About mixed
|
This makes sense to me, I think I have just become a little jaded just from reading variations of "if you are using volatile for anything other than MMIO hardware access you are using the wrong tool" across various rust discussions about
|
Closing this as it doesn't necessarily fix the issue, and we shouldn't just scattershot changes like this that might not actually do anything. |
Pull Request Overview
This is related to #3109.
This PR adds a flag that tells the SVC handler if we are switching from userspace to the kernel or from the kernel to userspace. The flag is a global variable and called
KERNEL_TO_USERSPACE
.The hypothesis underlying this PR is that the issue in #3109 is based on the idea that this check in the SVC handler:
tock/arch/cortex-m/src/lib.rs
Lines 162 to 169 in 47664d8
does not work in every situation. Namely, there is some execution where SVC handler runs with
LR==0xfffffff9
, even though thesvc
instruction was called by userspace. (Note,0xfffffff9
is the cortex-m special EXC_RETURN value meaning privileged mode with the main stack). This could be from nested exceptions or tail-chained exceptions, but I don't know for sure.So, instead of trying to use the LR and the built-in architectural support for what should happen when the SVC handler executes, this PR adds our flag that we set to determine the "direction" of the context switch.
Testing Strategy
using apps on hail
TODO or Help Wanted
This PR isn't necessarily what I think we should merge, but hopefully it helps us make progress on this issue. It might not even fix the issue since we don't have a way to reproduce the issue while making modifications to the kernel. Since this bug relies on a particular execution order with interrupts it is difficult to reproduce. We also don't know if it only happens on the SAM4L for some reason.
Documentation Updated
/docs
, or no updates are required.Formatting
make prepush
.