Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cpu/stm32/periph/timer: prevent spurious IRQs #20926

Merged
merged 2 commits into from
Nov 20, 2024
Merged

cpu/stm32/periph/timer: prevent spurious IRQs #20926

merged 2 commits into from
Nov 20, 2024

Conversation

Enoch247
Copy link
Contributor

Contribution description

This patch hardens the STM32 timer driver against some possible causes of spurious IRQs.

I did not actually observe spurious IRQs happening, but this PR comes as the result of a deep dive into the timer code to solve the bug in #20924. This PR is a defensive measure only.

Testing procedure

Timers should continue to work.

Issues/PRs references

@Enoch247
cpu/stm32/periph/timer: prevnt spurious IRQs
4e357d4 
This patch hardens the STM32 timer driver against some possible causes
of spurious IRQs.
@github-actions github-actions bot added Platform: ARM Platform: This PR/issue effects ARM-based platforms Area: cpu Area: CPU/MCU ports labels Oct 18, 2024
@Enoch247 Enoch247 mentioned this pull request Oct 18, 2024
Draft
@benpicco benpicco changed the title cpu/stm32/periph/timer: prevnt spurious IRQs cpu/stm32/periph/timer: prevent spurious IRQs Oct 21, 2024
@benpicco benpicco requested a review from maribu October 21, 2024 11:16
@benpicco
Copy link
Contributor

I did not actually observe spurious IRQs happening

hmm I'm not convinced - what makes you think the current code is incorrect then?

@Enoch247
Copy link
Contributor Author

Enoch247 commented Nov 14, 2024
edited
Loading

what makes you think the current code is incorrect then?

The first change in timer_set() swaps the order of operations that already existed. Previously any pending IRQ was cleared, then the timer channel's new trigger value is set. Technically, it is possible that between those two operations, an IRQ could trigger if the timer reaches the old trigger value, before the new value is set.

The second change in timer_clear() adds the clearing of IRQ pending flag, whenever a timer's channel is cleared.

Both changes are intended to prevent situations like following (nonsense) example:

int *ptr = NULL;

void timer_callback(int channel)
{
    *ptr++;
}

void func(void)
{
    int val = 0;
    ptr = &val;

    timer_set(timer, 0, 100);

    // do some stuff

    const irq_state = irq_disable()
    timer_clear(timer, 0);  /* or */ timer_set(timer, 0, 999999);
    // at this point, callers will expect that the timer will not fire, or fire at some point way in the future
    ptr = NULL
    irq_restore(irq_state);
    // once we leave the critical section, spurious timer IRQ fires and NULL is dereferenced

   ptr = &val;
}

@benpicco benpicco added the Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors) label Nov 14, 2024
@benpicco
Copy link
Contributor

benpicco commented Nov 14, 2024
edited
Loading

Ok sounds reasonable.
While you're at it, can you also please add that whitespace after the while( on line 241 😉

@Enoch247
Copy link
Contributor Author

While you're at it, can you also please add that whitespace after the while( on line 241 😉

Done.

@benpicco benpicco added the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Nov 20, 2024
@riot-ci
Copy link

riot-ci commented Nov 20, 2024

Murdock results

✔️ PASSED

f24fc69 cpu/stm32/periph/timer: fix whitespace style

Success Failures Total Runtime
10249 0 10249 15m:52s

Artifacts

@benpicco benpicco added this pull request to the merge queue Nov 20, 2024
Merged via the queue into RIOT-OS:master with commit 1938002 Nov 20, 2024
27 checks passed
@Enoch247 Enoch247 deleted the fix-stm32-periph-timer-spurious-irq branch November 21, 2024 01:10
@MrKevinWeiss MrKevinWeiss added this to the Release 2025.01 milestone Jan 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benpicco benpicco benpicco approved these changes

@aabadie aabadie Awaiting requested review from aabadie aabadie is a code owner

@vincent-d vincent-d Awaiting requested review from vincent-d vincent-d is a code owner

@maribu maribu Awaiting requested review from maribu

Assignees
No one assigned
Labels
Area: cpu Area: CPU/MCU ports CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Platform: ARM Platform: This PR/issue effects ARM-based platforms Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors)
Projects
None yet
Milestone
Release 2025.01
Development

Successfully merging this pull request may close these issues.
4 participants
@Enoch247 @benpicco @riot-ci @MrKevinWeiss