Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix interrupt::free() unsoundness on multicore systems. #111

Closed
wants to merge 3 commits into from
Closed

Fix interrupt::free() unsoundness on multicore systems. #111

wants to merge 3 commits into from

Conversation

Dirbaio
Copy link
Member

@Dirbaio Dirbaio commented Aug 21, 2022
edited

depends on #109, #110

This is unsound on multicore systems because it only disables interrupts in the
current core. For multicore chips, a chip-specific critical section implementation
is needed instead.

Unsoundness is fixed by not returning the CriticalSection token.

This is a breaking change.

This is the riscv equivalent of rust-embedded/cortex-m#447

@Dirbaio
Update to edition 2021.
d75714a 
This shouldn't be a breaking change since Edition 2021 came out in
Rust 1.56, and MSRV is already higher than that (Rust 1.59)
@Dirbaio
Add implementation for critical-section 1.0 for single-core chips.
8429f8c
@Dirbaio
Fix interrupt::free() unsoundness on multicore systems.
e38d775 
This is unsound on multicore systems because it only disables interrupts in the
current core. For multicore chips, a chip-specific critical section implementation
is needed instead.

Unsoundness is fixed by not returning the `CriticalSection` token.

This is a breaking change.
@Dirbaio Dirbaio requested a review from a team as a code owner August 21, 2022 22:26
dkhayes117
dkhayes117 approved these changes Aug 21, 2022
View reviewed changes
Copy link
Member

@dkhayes117 dkhayes117 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Again, lgtm. Defer to disasm/almindor for final review.

Disasm
Disasm reviewed Aug 22, 2022
View reviewed changes
src/macros.rs
@@ -6,7 +6,10 @@
/// at most once in the whole lifetime of the program.
///
/// # Note
/// this macro is unsound on multi-core systems
///
/// this macro requires a `critical-section` implementation to be set. For single core systems, you can
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe feature-gate this macro with critical-section-single-core?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The macro can still be used if critical-section-single-core is not enabled, if the user supplies a c-s implementation from somewhere else (such as a chip-specific impl for a multicore chip, from its HAL crate).

@Dirbaio Dirbaio mentioned this pull request Aug 22, 2022
Merged
@Dirbaio
Copy link
Member Author

Dirbaio commented Aug 22, 2022

Folded into #110

@Dirbaio Dirbaio closed this Aug 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Disasm Disasm Disasm left review comments

@dkhayes117 dkhayes117 dkhayes117 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Dirbaio @Disasm @dkhayes117