sigtimedwait: When timer expires, up_unblock_task() is called. This is okay in the single CPU case because interrupts are disable in the timer interrupt handler. But it is insufficient in the SMP case. enter_ and leave_critical_section() must be called in order to manage spinlocks correctly.

2017-02-24 10:07:23 -06:00 · 2017-02-24 10:07:23 -06:00 · dca77fa06a
commit dca77fa06a
parent e08660c335
6 changed files with 49 additions and 7 deletions
--- a/sched/mqueue/mq_sndinternal.c
+++ b/sched/mqueue/mq_sndinternal.c
@ -224,7 +224,7 @@ FAR struct mqueue_msg_s *mq_msgalloc(void)
 *
 * Assumptions/restrictions:
 * - The caller has verified the input parameters using mq_verifysend().
- * - Interrupts are disabled.
+ * - Executes within a critical section established by the caller.
 *
 ****************************************************************************/

--- a/sched/sched/sched_processtimer.c
+++ b/sched/sched/sched_processtimer.c
@ -124,9 +124,18 @@ static inline void sched_process_scheduler(void)
  irqstate_t flags;
  int i;

-  /* Perform scheduler operations on all CPUs */
+  /* If we are running on a single CPU architecture, then we know interrupts
+   * a disabled an there is no need to explicitly call
+   * enter_critical_section().  However, in the SMP case,
+   * enter_critical_section() does much more than just disable interrupts on
+   * the local CPU; it also manages spinlocks to assure the stability of the
+   * TCB that we are manipulating.
+   */

  flags = enter_critical_section();
+
+  /* Perform scheduler operations on all CPUs */
+
  for (i = 0; i < CONFIG_SMP_NCPUS; i++)
    {
      sched_cpu_scheduler(i);
--- a/sched/sched/sched_timerexpiration.c
+++ b/sched/sched/sched_timerexpiration.c
@ -290,9 +290,18 @@ static uint32_t sched_process_scheduler(uint32_t ticks, bool noswitches)
  irqstate_t flags;
  int i;

-  /* Perform scheduler operations on all CPUs */
+  /* If we are running on a single CPU architecture, then we know interrupts
+   * a disabled an there is no need to explicitly call
+   * enter_critical_section().  However, in the SMP case,
+   * enter_critical_section() does much more than just disable interrupts on
+   * the local CPU; it also manages spinlocks to assure the stability of the
+   * TCB that we are manipulating.
+   */

  flags = enter_critical_section();
+
+  /* Perform scheduler operations on all CPUs */
+
  for (i = 0; i < CONFIG_SMP_NCPUS; i++)
    {
      timeslice = sched_cpu_scheduler(i, ticks, noswitches);
--- a/sched/sched/sched_unlock.c
+++ b/sched/sched/sched_unlock.c
@ -145,7 +145,6 @@ int sched_unlock(void)
           * we should go ahead and release the pending tasks.  See the logic
           * leave_critical_section():  It will call up_release_pending()
           * BEFORE it clears IRQ lock.
-           * BEFORE it clears IRQ lock.
           */

          if (!spin_islocked(&g_cpu_schedlock) && !irq_cpu_locked(cpu) &&
--- a/sched/signal/sig_timedwait.c
+++ b/sched/signal/sig_timedwait.c
@ -1,7 +1,7 @@
 /****************************************************************************
 * sched/signal/sig_timedwait.c
 *
- *   Copyright (C) 2007-2009, 2012-2016 Gregory Nutt. All rights reserved.
+ *   Copyright (C) 2007-2009, 2012-2017 Gregory Nutt. All rights reserved.
 *   Author: Gregory Nutt <gnutt@nuttx.org>
 *
 * Redistribution and use in source and binary forms, with or without
@ -76,12 +76,20 @@
 * Name: sig_timeout
 *
 * Description:
- *  A timeout elapsed while waiting for signals to be queued.
+ *   A timeout elapsed while waiting for signals to be queued.
+ *
+ * Assumptions:
+ *   This function executes in the context of the timer interrupt handler.
+ *   Local interrupts are assumed to be disabled on entry.
 *
 ****************************************************************************/

 static void sig_timeout(int argc, wdparm_t itcb)
 {
+#ifdef CONFIG_SMP
+  irqstate_t flags;
+#endif
+
  /* On many small machines, pointers are encoded and cannot be simply cast
   * from uint32_t to struct tcb_s *.  The following union works around this
   * (see wdogparm_t).  This odd logic could be conditioned on
@ -97,6 +105,19 @@ static void sig_timeout(int argc, wdparm_t itcb)
  u.itcb = itcb;
  ASSERT(u.wtcb);

+#ifdef CONFIG_SMP
+  /* We must be in a critical section in order to call up_unblock_task()
+   * below.  If we are running on a single CPU architecture, then we know
+   * interrupts a disabled an there is no need to explicitly call
+   * enter_critical_section().  However, in the SMP case,
+   * enter_critical_section() does much more than just disable interrupts on
+   * the local CPU; it also manages spinlocks to assure the stability of the
+   * TCB that we are manipulating.
+   */
+
+  flags = enter_critical_section();
+#endif
+
  /* There may be a race condition -- make sure the task is
   * still waiting for a signal
   */
@ -113,6 +134,10 @@ static void sig_timeout(int argc, wdparm_t itcb)
 #endif
      up_unblock_task(u.wtcb);
    }
+
+#ifdef CONFIG_SMP
+  leave_critical_section(flags);
+#endif
 }

 /****************************************************************************
--- a/sched/task/task_exit.c
+++ b/sched/task/task_exit.c
@ -76,7 +76,7 @@
 *   OK on success; or ERROR on failure
 *
 * Assumeptions:
- *   Interrupts are disabled.
+ *   Executing within a critical section established by the caller.
 *
 ****************************************************************************/