From c3989e398f809dcde2b0ed1b956498a4d9738619 Mon Sep 17 00:00:00 2001 From: Damien George Date: Tue, 2 Jan 2024 01:03:13 +1100 Subject: [PATCH 1/3] rp2/rp2_flash: Lockout second core only when doing flash erase/write. Using the multicore lockout feature in the general atomic section makes it much more difficult to get correct. Signed-off-by: Damien George --- ports/rp2/mpthreadport.c | 4 ---- ports/rp2/rp2_flash.c | 31 ++++++++++++++++++++++--------- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/ports/rp2/mpthreadport.c b/ports/rp2/mpthreadport.c index 968de1f782e69..7bffabb3355eb 100644 --- a/ports/rp2/mpthreadport.c +++ b/ports/rp2/mpthreadport.c @@ -52,9 +52,6 @@ uint32_t mp_thread_begin_atomic_section(void) { // When both cores are executing, we also need to provide // full mutual exclusion. mp_thread_mutex_lock(&atomic_mutex, 1); - // In case this atomic section is for flash access, then - // suspend the other core. - multicore_lockout_start_blocking(); } return save_and_disable_interrupts(); @@ -64,7 +61,6 @@ void mp_thread_end_atomic_section(uint32_t state) { restore_interrupts(state); if (core1_entry) { - multicore_lockout_end_blocking(); mp_thread_mutex_unlock(&atomic_mutex); } } diff --git a/ports/rp2/rp2_flash.c b/ports/rp2/rp2_flash.c index b1afe1cbd1e72..35c51641692f4 100644 --- a/ports/rp2/rp2_flash.c +++ b/ports/rp2/rp2_flash.c @@ -70,6 +70,22 @@ bi_decl(bi_block_device( BINARY_INFO_BLOCK_DEV_FLAG_WRITE | BINARY_INFO_BLOCK_DEV_FLAG_PT_UNKNOWN)); +// Flash erase and write must run with interrupts disabled and the other core suspended, +// because the XIP bit gets disabled. +static uint32_t begin_critical_flash_section(void) { + if (multicore_lockout_victim_is_initialized(1 - get_core_num())) { + multicore_lockout_start_blocking(); + } + return save_and_disable_interrupts(); +} + +static void end_critical_flash_section(uint32_t state) { + restore_interrupts(state); + if (multicore_lockout_victim_is_initialized(1 - get_core_num())) { + multicore_lockout_end_blocking(); + } +} + STATIC mp_obj_t rp2_flash_make_new(const mp_obj_type_t *type, size_t n_args, size_t n_kw, const mp_obj_t *all_args) { // Parse arguments enum { ARG_start, ARG_len }; @@ -135,19 +151,17 @@ STATIC mp_obj_t rp2_flash_writeblocks(size_t n_args, const mp_obj_t *args) { mp_buffer_info_t bufinfo; mp_get_buffer_raise(args[2], &bufinfo, MP_BUFFER_READ); if (n_args == 3) { - // Flash erase/program must run in an atomic section because the XIP bit gets disabled. - mp_uint_t atomic_state = MICROPY_BEGIN_ATOMIC_SECTION(); + mp_uint_t atomic_state = begin_critical_flash_section(); flash_range_erase(self->flash_base + offset, bufinfo.len); - MICROPY_END_ATOMIC_SECTION(atomic_state); + end_critical_flash_section(atomic_state); mp_event_handle_nowait(); // TODO check return value } else { offset += mp_obj_get_int(args[3]); } - // Flash erase/program must run in an atomic section because the XIP bit gets disabled. - mp_uint_t atomic_state = MICROPY_BEGIN_ATOMIC_SECTION(); + mp_uint_t atomic_state = begin_critical_flash_section(); flash_range_program(self->flash_base + offset, bufinfo.buf, bufinfo.len); - MICROPY_END_ATOMIC_SECTION(atomic_state); + end_critical_flash_section(atomic_state); mp_event_handle_nowait(); // TODO check return value return mp_const_none; @@ -170,10 +184,9 @@ STATIC mp_obj_t rp2_flash_ioctl(mp_obj_t self_in, mp_obj_t cmd_in, mp_obj_t arg_ return MP_OBJ_NEW_SMALL_INT(BLOCK_SIZE_BYTES); case MP_BLOCKDEV_IOCTL_BLOCK_ERASE: { uint32_t offset = mp_obj_get_int(arg_in) * BLOCK_SIZE_BYTES; - // Flash erase/program must run in an atomic section because the XIP bit gets disabled. - mp_uint_t atomic_state = MICROPY_BEGIN_ATOMIC_SECTION(); + mp_uint_t atomic_state = begin_critical_flash_section(); flash_range_erase(self->flash_base + offset, BLOCK_SIZE_BYTES); - MICROPY_END_ATOMIC_SECTION(atomic_state); + end_critical_flash_section(atomic_state); // TODO check return value return MP_OBJ_NEW_SMALL_INT(0); } From 8438c8790c0ad11545371a07f0b0ce4c65c62101 Mon Sep 17 00:00:00 2001 From: Damien George Date: Tue, 2 Jan 2024 14:45:44 +1100 Subject: [PATCH 2/3] rp2/mutex_extra: Implement additional mutex functions. These allow entering/exiting a mutex and also disabling/restoring interrupts, in an atomic way. Signed-off-by: Damien George --- LICENSE | 2 ++ ports/rp2/CMakeLists.txt | 1 + ports/rp2/mutex_extra.c | 30 ++++++++++++++++++++++++++++++ ports/rp2/mutex_extra.h | 34 ++++++++++++++++++++++++++++++++++ 4 files changed, 67 insertions(+) create mode 100644 ports/rp2/mutex_extra.c create mode 100644 ports/rp2/mutex_extra.h diff --git a/LICENSE b/LICENSE index 9bd457b42acea..b85f31808a483 100644 --- a/LICENSE +++ b/LICENSE @@ -69,6 +69,8 @@ used during the build process and is not part of the compiled source code. /FreeRTOS (GPL-2.0 with FreeRTOS exception) /esp32 /ppp_set_auth.* (Apache-2.0) + /rp2 + /mutex_extra.c (BSD-3-clause) /stm32 /usbd*.c (MCD-ST Liberty SW License Agreement V2) /stm32_it.* (MIT + BSD-3-clause) diff --git a/ports/rp2/CMakeLists.txt b/ports/rp2/CMakeLists.txt index 559ae23f52e3c..281b0c3bc2846 100644 --- a/ports/rp2/CMakeLists.txt +++ b/ports/rp2/CMakeLists.txt @@ -129,6 +129,7 @@ set(MICROPY_SOURCE_PORT mphalport.c mpnetworkport.c mpthreadport.c + mutex_extra.c pendsv.c rp2_flash.c rp2_pio.c diff --git a/ports/rp2/mutex_extra.c b/ports/rp2/mutex_extra.c new file mode 100644 index 0000000000000..6df57e64ce50f --- /dev/null +++ b/ports/rp2/mutex_extra.c @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include "mutex_extra.h" + +// These functions are taken from lib/pico-sdk/src/common/pico_sync/mutex.c and modified +// so that they atomically obtain the mutex and disable interrupts. + +uint32_t __time_critical_func(mutex_enter_blocking_and_disable_interrupts)(mutex_t * mtx) { + lock_owner_id_t caller = lock_get_caller_owner_id(); + do { + uint32_t save = spin_lock_blocking(mtx->core.spin_lock); + if (!lock_is_owner_id_valid(mtx->owner)) { + mtx->owner = caller; + spin_unlock_unsafe(mtx->core.spin_lock); + return save; + } + lock_internal_spin_unlock_with_wait(&mtx->core, save); + } while (true); +} + +void __time_critical_func(mutex_exit_and_restore_interrupts)(mutex_t * mtx, uint32_t save) { + spin_lock_unsafe_blocking(mtx->core.spin_lock); + assert(lock_is_owner_id_valid(mtx->owner)); + mtx->owner = LOCK_INVALID_OWNER_ID; + lock_internal_spin_unlock_with_notify(&mtx->core, save); +} diff --git a/ports/rp2/mutex_extra.h b/ports/rp2/mutex_extra.h new file mode 100644 index 0000000000000..be7cb96dcc53d --- /dev/null +++ b/ports/rp2/mutex_extra.h @@ -0,0 +1,34 @@ +/* + * This file is part of the MicroPython project, http://micropython.org/ + * + * The MIT License (MIT) + * + * Copyright (c) 2023 Damien P. George + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +#ifndef MICROPY_INCLUDED_RP2_MUTEX_EXTRA_H +#define MICROPY_INCLUDED_RP2_MUTEX_EXTRA_H + +#include "pico/mutex.h" + +uint32_t mutex_enter_blocking_and_disable_interrupts(mutex_t *mtx); +void mutex_exit_and_restore_interrupts(mutex_t *mtx, uint32_t save); + +#endif // MICROPY_INCLUDED_RP2_MUTEX_EXTRA_H From dc2a4e3cbd1755228ae3de2d15ec8f95721b9ac9 Mon Sep 17 00:00:00 2001 From: Damien George Date: Tue, 2 Jan 2024 01:04:03 +1100 Subject: [PATCH 3/3] rp2/mpthreadport: Fix race with IRQ when entering atomic section. Prior to this commit there is a potential deadlock in mp_thread_begin_atomic_section(), when obtaining the atomic_mutex, in the following situation: - main thread calls mp_thread_begin_atomic_section() (for whatever reason, doesn't matter) - the second core is running so the main thread grabs the mutex via the call mp_thread_mutex_lock(&atomic_mutex, 1), and this succeeds - before the main thread has a chance to run save_and_disable_interrupts() a USB IRQ comes in and the main thread jumps off to process this IRQ - that USB processing triggers a call to the dcd_event_handler() wrapper from commit bcbdee235719d459a4cd60d51021454fba54cd0f - that then calls mp_sched_schedule_node() - that then attempts to obtain the atomic section, calling mp_thread_begin_atomic_section() - that call then blocks trying to obtain atomic_mutex - core0 is now deadlocked on itself, because the main thread has the mutex but the IRQ handler (which preempted the main thread) is blocked waiting for the mutex, which will never be free The solution in this commit is to use mutex enter/exit functions that also atomically disable/restore interrupts. Fixes issues #12980 and #13288. Signed-off-by: Damien George --- ports/rp2/mpthreadport.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/ports/rp2/mpthreadport.c b/ports/rp2/mpthreadport.c index 7bffabb3355eb..fd868329c38d5 100644 --- a/ports/rp2/mpthreadport.c +++ b/ports/rp2/mpthreadport.c @@ -30,6 +30,7 @@ #include "py/mpthread.h" #include "pico/stdlib.h" #include "pico/multicore.h" +#include "mutex_extra.h" #if MICROPY_PY_THREAD @@ -45,23 +46,23 @@ STATIC uint32_t *core1_stack = NULL; STATIC size_t core1_stack_num_words = 0; // Thread mutex. -STATIC mp_thread_mutex_t atomic_mutex; +STATIC mutex_t atomic_mutex; uint32_t mp_thread_begin_atomic_section(void) { if (core1_entry) { // When both cores are executing, we also need to provide // full mutual exclusion. - mp_thread_mutex_lock(&atomic_mutex, 1); + return mutex_enter_blocking_and_disable_interrupts(&atomic_mutex); + } else { + return save_and_disable_interrupts(); } - - return save_and_disable_interrupts(); } void mp_thread_end_atomic_section(uint32_t state) { - restore_interrupts(state); - - if (core1_entry) { - mp_thread_mutex_unlock(&atomic_mutex); + if (atomic_mutex.owner != LOCK_INVALID_OWNER_ID) { + mutex_exit_and_restore_interrupts(&atomic_mutex, state); + } else { + restore_interrupts(state); } } @@ -69,7 +70,7 @@ void mp_thread_end_atomic_section(uint32_t state) { void mp_thread_init(void) { assert(get_core_num() == 0); - mp_thread_mutex_init(&atomic_mutex); + mutex_init(&atomic_mutex); // Allow MICROPY_BEGIN_ATOMIC_SECTION to be invoked from core1. multicore_lockout_victim_init(); pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy