#807 closed defect (fixed)

Timer chain corruption if same timer set simultaneously by different priority interrupts. (rtems_timer_fire_after, rtems_timer_server_fire_after)

Reported by: andrew.sinclair Owned by: Joel Sherrill
Priority: normal Milestone: 2
Component: score Version: 4.6
Severity: major Keywords:
Cc: bugs@…, andrew.sinclair@… Blocked By:
Blocking:

Description

There is a critical section in rtems_timer_fire_after and rtems_timer_server_fire_after and watchdog_insert. According to previous discussions on the mailing list it is acceptable to call rtems_timer_fire_after and rtems_timer_server_fire_after during interrupts.

If a task or low priority interrupt modify the same timer as a high priority interrupt, then corruption of the timer chain can occur.

For sake of simplicity, I have listed the general algorithm in RTEMS below.

Consider a task/low priority interrupt calling rtems_timer_fire_after. Inside the marked critical section, a high priority interrupt may occur and insert the same timer into the chain without the task/lower priority interrupt having knowledge. When the task/lower priority interrupt resumes, it blindly modifies watchdog->state back to inactive, and reinserts the timer. This usually results in the timer chain previous and next pointers forming a loop, and ultimately locking up the device when another timer must be inserted.

Task

\-->rtems_timer_fire_after

\-->Watchdog_Remove

\--> disable interrrupts
\--> remove timer if WATCHDOG_ACTIVE or stop if being inserted
\--> watchdog->state=WATCHDOG_INACTIVE
\--> enable interrupts

[critical section start]

\-->Watchdog_Initialize

\--> watchdog->state=WATCHDOG_INACTIVE

\-->Watchdog_Insert_ticks

\-->Watchdog_Insert

\-->watchdog->state=WATCHDOG_BEING_INSERTED

[critical section end]

\-->disable interrupts
\-->while in timer chain

\-->if at insert position exit
\-->flash interrupts
\-->check if timer has been touched

\-->insert timer
\-->enable interrupts

Release:
4.6.2

How-To-Repeat:
Call rtems_timer_fire_after or rtems_timer_server_fire_after on the same timer, simultaneously in low and high priority tasks.

Attachments (3)

pr807.diff (4.0 KB) - added by andrew.sinclair on 12/03/06 at 13:31:13.
pr807.diff
pr807a.diff (1.2 KB) - added by andrew.sinclair on 12/03/06 at 13:31:13.
pr807a.diff
rtems-4.6.2_timerCS20050620.diff (3.7 KB) - added by andrew.sinclair on 12/03/06 at 13:31:13.
rtems-4.6.2_timerCS20050620.diff

Download all attachments as: .zip

Change History (3)

comment:1 Changed on 08/17/05 at 21:47:28 by Joel Sherrill

Status: assignedwaiting

comment:2 Changed on 08/18/05 at 12:38:57 by Joel Sherrill

Status: waitingclosed

State-Changed-From-To: feedback->closed
State-Changed-Why: Per feedback from Andrew, added _Thread_Enable_dispatch().
pr807a.diff is an ADDITION not a replacement for pr807.diff.

Changed on 12/03/06 at 13:31:13 by andrew.sinclair

rtems-4.6.2_timerCS20050620.diff

Note: See TracTickets for help on using tickets.