Changeset 6d9d7b1 in rtems-libbsd


Ignore:
Timestamp:
Jul 26, 2018, 12:12:46 PM (11 months ago)
Author:
Sebastian Huber <sebastian.huber@…>
Branches:
eeb3fd5d9b07ac9a2e280cff60a1b762bd273a8d, 1e989998de954bef51e6c19cc3d64d39f32100aa
Children:
e37f03e
Parents:
3df89c0
Message:

Critical bug fix for callouts

FreeBSD has two callout executors, one in software and one in hardware
interrupt context. In libbsd, all callouts are executed by the timer
server. Entirely remove the different execution contexts for libbsd.
Previously, this was not properly done which could result an invalid
callout_drain() sequence leading to system memory corruption.

Location:
freebsd/sys
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • freebsd/sys/kern/kern_timeout.c

    r3df89c0 r6d9d7b1  
    165165struct callout_cpu {
    166166        struct mtx_padalign     cc_lock;
     167#ifndef __rtems__
    167168        struct cc_exec          cc_exec_entity[2];
     169#else /* __rtems__ */
     170        struct cc_exec          cc_exec_entity;
     171#endif /* __rtems__ */
    168172        struct callout          *cc_next;
    169173        struct callout          *cc_callout;
     
    183187#define callout_migrating(c)    ((c)->c_iflags & CALLOUT_DFRMIGRATION)
    184188
     189#ifndef __rtems__
    185190#define cc_exec_curr(cc, dir)           cc->cc_exec_entity[dir].cc_curr
    186191#define cc_exec_drain(cc, dir)          cc->cc_exec_entity[dir].cc_drain
     192#else /* __rtems__ */
     193#define cc_exec_curr(cc, dir)           cc->cc_exec_entity.cc_curr
     194#define cc_exec_drain(cc, dir)          cc->cc_exec_entity.cc_drain
     195#endif /* __rtems__ */
    187196#define cc_exec_next(cc)                cc->cc_next
     197#ifndef __rtems__
    188198#define cc_exec_cancel(cc, dir)         cc->cc_exec_entity[dir].cc_cancel
    189199#define cc_exec_waiting(cc, dir)        cc->cc_exec_entity[dir].cc_waiting
     200#else /* __rtems__ */
     201#define cc_exec_cancel(cc, dir)         cc->cc_exec_entity.cc_cancel
     202#define cc_exec_waiting(cc, dir)        cc->cc_exec_entity.cc_waiting
     203#endif /* __rtems__ */
    190204#ifdef SMP
    191205#define cc_migration_func(cc, dir)      cc->cc_exec_entity[dir].ce_migration_func
     
    498512callout_process(sbintime_t now)
    499513{
     514#ifndef __rtems__
    500515        struct callout *tmp, *tmpn;
     516#else /* __rtems__ */
     517        struct callout *tmp;
     518#endif /* __rtems__ */
    501519        struct callout_cpu *cc;
    502520        struct callout_list *sc;
     
    666684        c->c_iflags &= ~CALLOUT_PROCESSED;
    667685        c->c_flags |= CALLOUT_ACTIVE;
     686#ifndef __rtems__
    668687        if (flags & C_DIRECT_EXEC)
    669688                c->c_iflags |= CALLOUT_DIRECT;
     689#endif /* __rtems__ */
    670690        c->c_func = func;
    671691        c->c_time = sbt;
     
    10981118        sbintime_t to_sbt, precision;
    10991119        struct callout_cpu *cc;
     1120#ifndef __rtems__
    11001121        int cancelled, direct;
     1122#else /* __rtems__ */
     1123        int cancelled;
     1124#endif /* __rtems__ */
    11011125        int ignore_cpu=0;
    11021126
     
    11111135        callout_when(sbt, prec, flags, &to_sbt, &precision);
    11121136
     1137#ifndef __rtems__
    11131138        /*
    11141139         * This flag used to be added by callout_cc_add, but the
     
    11231148        KASSERT(!direct || c->c_lock == NULL,
    11241149            ("%s: direct callout %p has lock", __func__, c));
     1150#endif /* __rtems__ */
    11251151        cc = callout_lock(c);
    11261152        /*
     
    12611287        struct callout_cpu *cc, *old_cc;
    12621288        struct lock_class *class;
     1289#ifndef __rtems__
    12631290        int direct, sq_locked, use_lock;
     1291#else /* __rtems__ */
     1292        int sq_locked, use_lock;
     1293#endif /* __rtems__ */
    12641294        int cancelled, not_on_a_list;
    12651295#ifdef __rtems__
     
    12861316        } else
    12871317                use_lock = 0;
     1318#ifndef __rtems__
    12881319        if (c->c_iflags & CALLOUT_DIRECT) {
    12891320                direct = 1;
     
    12921323        }
    12931324
    1294 #ifndef __rtems__
    12951325        sq_locked = 0;
    12961326        old_cc = NULL;
  • freebsd/sys/sys/callout.h

    r3df89c0 r6d9d7b1  
    4949#define CALLOUT_DFRMIGRATION    0x0040 /* callout in deferred migration mode */
    5050#define CALLOUT_PROCESSED       0x0080 /* callout in wheel or processing list? */
     51#ifndef __rtems__
    5152#define CALLOUT_DIRECT          0x0100 /* allow exec from hw int context */
     53#endif /* __rtems__ */
    5254
    5355#define C_DIRECT_EXEC           0x0001 /* direct execution of callout */
Note: See TracChangeset for help on using the changeset viewer.