arm: fix exception handling

For exceptions where we are just going to abort the current thread, we need to exit handler mode properly so that PendSV can run and perform a context switch. For ARM architecture this means that the fatal error handling code path can indeed return if we were 1) in handler mode and 2) only wish to abort the current thread. Fixes a very long-standing bug where a thread that generates an exception, and should only abort the thread, instead takes down the entire system. Issue: ZEP-2052 Change-Id: Ib356a34a6fda2e0f8aff39c4b3270efceb81e54d Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2017-04-20 15:32:10 -07:00 · 2017-04-20 15:32:10 -07:00 · e09a04f068
parent 61de8f892b
commit e09a04f068
5 changed files with 11 additions and 15 deletions
--- a/arch/arm/core/fatal.c
+++ b/arch/arm/core/fatal.c
@ -61,12 +61,16 @@ const NANO_ESF _default_esf = {
 * fatal error does not have a hardware generated ESF, the caller should either
 * create its own or use a pointer to the global default ESF <_default_esf>.
 *
+ * Unlike other arches, this function may return if _SysFatalErrorHandler
+ * determines that only the current thread should be aborted and the CPU
+ * was in handler mode. PendSV will be asserted in this case and the current
+ * thread taken off the run queue. Leaving the exception will immediately
+ * trigger a context switch.
+ *
 * @param reason the reason that the handler was called
 * @param pEsf pointer to the exception stack frame
- *
- * @return This function does not return.
 */
-FUNC_NORETURN void _NanoFatalErrorHandler(unsigned int reason,
+void _NanoFatalErrorHandler(unsigned int reason,
 					  const NANO_ESF *pEsf)
 {
 	switch (reason) {
@ -101,7 +105,4 @@ FUNC_NORETURN void _NanoFatalErrorHandler(unsigned int reason,
 	 */

 	_SysFatalErrorHandler(reason, pEsf);
-
-	for (;;)
-		;
 }
--- a/arch/arm/core/fault.c
+++ b/arch/arm/core/fault.c
@ -355,8 +355,6 @@ static void _FaultDump(const NANO_ESF *esf, int fault)
 *
 * @param esf ESF on the stack, either MSP or PSP depending at what processor
 *            state the exception was taken.
- *
- * @return This function does not return.
 */
 void _Fault(const NANO_ESF *esf)
 {
--- a/arch/arm/core/sys_fatal_error_handler.c
+++ b/arch/arm/core/sys_fatal_error_handler.c
@ -38,7 +38,7 @@
 *
 * @return N/A
 */
-FUNC_NORETURN void _SysFatalErrorHandler(unsigned int reason,
+void _SysFatalErrorHandler(unsigned int reason,
 					 const NANO_ESF *pEsf)
 {
 	ARG_UNUSED(reason);
@ -53,12 +53,9 @@ FUNC_NORETURN void _SysFatalErrorHandler(unsigned int reason,
 	}
 	printk("Fatal fault in thread %p! Aborting.\n", _current);
 	k_thread_abort(_current);
-
 #else
 	for (;;) {
 		k_cpu_idle();
 	}
 #endif
-
-	CODE_UNREACHABLE;
 }
--- a/include/arch/arm/cortex_m/error.h
+++ b/include/arch/arm/cortex_m/error.h
@ -21,9 +21,8 @@ extern "C" {
 #endif

 #ifndef _ASMLANGUAGE
-extern FUNC_NORETURN void _NanoFatalErrorHandler(unsigned int,
-						 const NANO_ESF*);
-extern void _SysFatalErrorHandler(unsigned int, const NANO_ESF*);
+extern void _NanoFatalErrorHandler(unsigned int reason, const NANO_ESF *esf);
+extern void _SysFatalErrorHandler(unsigned int reason, const NANO_ESF *esf);
 #endif

 #define _NANO_ERR_HW_EXCEPTION (0)      /* MPU/Bus/Usage fault */
--- a/kernel/compiler_stack_protect.c
+++ b/kernel/compiler_stack_protect.c
@ -36,6 +36,7 @@ void FUNC_NORETURN _StackCheckHandler(void)
 	 */

 	_NanoFatalErrorHandler(_NANO_ERR_STACK_CHK_FAIL, &_default_esf);
+	CODE_UNREACHABLE;
 }

 /* Global variable */