changeset 220:0ed36de51973

ABB semaphore protection overhaul The ABB semaphone protection logic that came with TCS211 from TI was broken in several ways: * Some semaphore-protected functions were called from Application_Initialize() context. NU_Obtain_Semaphore() called with NU_SUSPEND fails with NU_INVALID_SUSPEND in this context, but the return value wasn't checked, and NU_Release_Semaphore() would be called unconditionally at the end. The latter call would increment the semaphore count past 1, making the semaphore no longer binary and thus no longer effective for resource protection. The fix is to check the return value from NU_Obtain_Semaphore() and skip the NU_Release_Semaphore() call if the semaphore wasn't properly obtained. * Some SPI hardware manipulation was being done before entering the semaphore- protected critical section. The fix is to reorder the code: first obtain the semaphore, then do everything else. * In the corner case of L1/DSP recovery, l1_abb_power_on() would call some non-semaphore-protected ABB & SPI init functions. The fix is to skip those calls in the case of recovery. * A few additional corner cases existed, all of which are fixed by making ABB semaphore protection 100% consistent for all ABB functions and code paths. There is still one remaining problem of priority inversion: suppose a low- priority task calls an ABB function, and some medium-priority task just happens to preempt right in the middle of that semaphore-protected ABB operation. Then the high-priority SPI task is locked out for a non-deterministic time until that medium-priority task finishes its work and goes back to sleep. This priority inversion problem remains outstanding for now.
author Mychaela Falconia <falcon@freecalypso.org>
date Mon, 26 Apr 2021 20:55:25 +0000
parents d00662aa64d8
children 5bf097aeaad7
files src/cs/drivers/drv_core/abb/abb.c src/cs/drivers/drv_core/abb/abb.h src/cs/layer1/cfile/l1_init.c
diffstat 3 files changed, 140 insertions(+), 123 deletions(-) [+]
line wrap: on
line diff
--- a/src/cs/drivers/drv_core/abb/abb.c	Mon Apr 26 17:12:08 2021 +0000
+++ b/src/cs/drivers/drv_core/abb/abb.c	Mon Apr 26 20:55:25 2021 +0000
@@ -142,11 +142,11 @@
 /*-----------------------------------------------------------------------*/
 void ABB_Wait_IBIC_Access(void)
 {
-  #if (ANLG_FAM ==1)
+  #if (ANLG_FAM == 1)
     // Wait 6 OSCAS cycles (100 KHz) for first IBIC access
     // (i.e wait 60us + 10% security marge = 66us)
     wait_ARM_cycles(convert_nanosec_to_cycles(66000));
-  #elif ((ANLG_FAM ==2) || (ANLG_FAM == 3))
+  #elif ((ANLG_FAM == 2) || (ANLG_FAM == 3))
     // Wait 6 x 32 KHz clock cycles for first IBIC access
     // (i.e wait 187us + 10% security marge = 210us)
     wait_ARM_cycles(convert_nanosec_to_cycles(210000));
@@ -154,7 +154,6 @@
 }
 
 
-
 /*-----------------------------------------------------------------------*/
 /* ABB_Write_Register_on_page()                                          */
 /*                                                                       */
@@ -165,22 +164,22 @@
 void ABB_Write_Register_on_page(SYS_UWORD16 page, SYS_UWORD16 reg_id, SYS_UWORD16 value)
 {
   volatile SYS_UWORD16 status;
-
-  // Start spi clock, mask IT for WR and read SPI_REG_STATUS to reset the RE and WE flags.
-  SPI_Ready_for_WR
-  status = * (volatile SYS_UWORD16 *) SPI_REG_STATUS;
+  STATUS sem_status;
 
   #if ((ABB_SEMAPHORE_PROTECTION == 1) || (ABB_SEMAPHORE_PROTECTION == 2) || (ABB_SEMAPHORE_PROTECTION == 3))
 
   // check if the semaphore has been correctly created and try to obtain it.
   // if the semaphore cannot be obtained, the task is suspended and then resumed
   // as soon as the semaphore is released.
-  if(&abb_sem != 0)
-  {
-    NU_Obtain_Semaphore(&abb_sem, NU_SUSPEND);
-  }
+
+  sem_status = NU_Obtain_Semaphore(&abb_sem, NU_SUSPEND);
+
   #endif  // ABB_SEMAPHORE_PROTECTION
 
+  // Start spi clock, mask IT for WR and read SPI_REG_STATUS to reset the RE and WE flags.
+  SPI_Ready_for_WR
+  status = * (volatile SYS_UWORD16 *) SPI_REG_STATUS;
+
   // set the ABB page for register access
   ABB_SetPage(page);
 
@@ -190,18 +189,18 @@
   // set the ABB page for register access at page 0
   ABB_SetPage(PAGE0);
 
+  // Stop the SPI clock
+  #ifdef SPI_CLK_LOW_POWER
+    SPI_CLK_DISABLE
+  #endif
+
   #if ((ABB_SEMAPHORE_PROTECTION == 1) || (ABB_SEMAPHORE_PROTECTION == 2) || (ABB_SEMAPHORE_PROTECTION == 3))
   // release the semaphore only if it has correctly been created.
-  if(&abb_sem != 0)
+  if(sem_status == NU_SUCCESS)
   {
     NU_Release_Semaphore(&abb_sem);
   }
   #endif  // ABB_SEMAPHORE_PROTECTION
-
-  // Stop the SPI clock
-  #ifdef SPI_CLK_LOW_POWER
-    SPI_CLK_DISABLE
-  #endif
 }
 
 
@@ -217,23 +216,23 @@
 SYS_UWORD16 ABB_Read_Register_on_page(SYS_UWORD16 page, SYS_UWORD16 reg_id)
 {
   volatile SYS_UWORD16 status;
+  STATUS sem_status;
   SYS_UWORD16 reg_val;
 
-  // Start spi clock, mask IT for RD and WR and read SPI_REG_STATUS to reset the RE and WE flags.
-  SPI_Ready_for_RDWR
-  status = * (volatile SYS_UWORD16 *) SPI_REG_STATUS;
-
   #if ((ABB_SEMAPHORE_PROTECTION == 1) || (ABB_SEMAPHORE_PROTECTION == 2) || (ABB_SEMAPHORE_PROTECTION == 3))
 
   // check if the semaphore has been correctly created and try to obtain it.
   // if the semaphore cannot be obtained, the task is suspended and then resumed
   // as soon as the semaphore is released.
-  if(&abb_sem != 0)
-  {
-    NU_Obtain_Semaphore(&abb_sem, NU_SUSPEND);
-  }
+
+  sem_status = NU_Obtain_Semaphore(&abb_sem, NU_SUSPEND);
+
   #endif  // ABB_SEMAPHORE_PROTECTION
 
+  // Start spi clock, mask IT for RD and WR and read SPI_REG_STATUS to reset the RE and WE flags.
+  SPI_Ready_for_RDWR
+  status = * (volatile SYS_UWORD16 *) SPI_REG_STATUS;
+
   /* set the ABB page for register access */
   ABB_SetPage(page);
 
@@ -243,19 +242,19 @@
   /* set the ABB page for register access at page 0 */
   ABB_SetPage(PAGE0);
 
+  // Stop the SPI clock
+  #ifdef SPI_CLK_LOW_POWER
+    SPI_CLK_DISABLE
+  #endif
+
   #if ((ABB_SEMAPHORE_PROTECTION == 1) || (ABB_SEMAPHORE_PROTECTION == 2) || (ABB_SEMAPHORE_PROTECTION == 3))
   // release the semaphore only if it has correctly been created.
-  if(&abb_sem != 0)
+  if(sem_status == NU_SUCCESS)
   {
     NU_Release_Semaphore(&abb_sem);
   }
   #endif  // ABB_SEMAPHORE_PROTECTION
 
-  // Stop the SPI clock
-  #ifdef SPI_CLK_LOW_POWER
-    SPI_CLK_DISABLE
-  #endif
-
   return (reg_val);     // Return result
 }
 
@@ -297,7 +296,6 @@
 }
 
 
-
 /*------------------------------------------------------------------------*/
 /* ABB_stop_13M()                                                         */
 /*                                                                        */
@@ -327,7 +325,6 @@
 }
 
 
-
 /*------------------------------------------------------------------------*/
 /* ABB_Read_Status()                                                      */
 /*                                                                        */
@@ -337,23 +334,23 @@
 SYS_UWORD16 ABB_Read_Status(void)
 {
   volatile SYS_UWORD16 status;
+  STATUS sem_status;
   SYS_UWORD16 reg_val;
 
-  // Start spi clock, mask IT for WR and read SPI_REG_STATUS to reset the RE and WE flags.
-  SPI_Ready_for_WR
-  status = * (volatile SYS_UWORD16 *) SPI_REG_STATUS;
-
   #if ((ABB_SEMAPHORE_PROTECTION == 2) || (ABB_SEMAPHORE_PROTECTION == 3))
 
   // check if the semaphore has been correctly created and try to obtain it.
   // if the semaphore cannot be obtained, the task is suspended and then resumed
   // as soon as the semaphore is released.
-  if(&abb_sem != 0)
-  {
-    NU_Obtain_Semaphore(&abb_sem, NU_SUSPEND);
-  }
+
+  sem_status = NU_Obtain_Semaphore(&abb_sem, NU_SUSPEND);
+
   #endif  // ABB_SEMAPHORE_PROTECTION
 
+  // Start spi clock, mask IT for WR and read SPI_REG_STATUS to reset the RE and WE flags.
+  SPI_Ready_for_WR
+  status = * (volatile SYS_UWORD16 *) SPI_REG_STATUS;
+
   ABB_SetPage(PAGE0);
 
   #if (ANLG_FAM == 1) || (ANLG_FAM == 2)
@@ -364,19 +361,19 @@
     reg_val = ABB_ReadRegister(VRPCCFG);
   #endif
 
+  // Stop the SPI clock
+  #ifdef SPI_CLK_LOW_POWER
+    SPI_CLK_DISABLE
+  #endif
+
   #if ((ABB_SEMAPHORE_PROTECTION == 2) || (ABB_SEMAPHORE_PROTECTION == 3))
   // release the semaphore only if it has correctly been created.
-  if(&abb_sem != 0)
+  if(sem_status == NU_SUCCESS)
   {
     NU_Release_Semaphore(&abb_sem);
   }
   #endif  // ABB_SEMAPHORE_PROTECTION
 
-  // Stop the SPI clock
-  #ifdef SPI_CLK_LOW_POWER
-    SPI_CLK_DISABLE
-  #endif
-
   return (reg_val);
 }
 
@@ -389,10 +386,21 @@
 void ABB_on(SYS_UWORD16 modules, SYS_UWORD8 bRecoveryFlag)
 {
   volatile SYS_UWORD16 status;
-  #if ((ANLG_FAM ==2) || (ANLG_FAM == 3))
+  STATUS sem_status;
+  #if ((ANLG_FAM == 2) || (ANLG_FAM == 3))
     SYS_UWORD32 reg;
   #endif
 
+  #if (ABB_SEMAPHORE_PROTECTION == 3)
+
+  // check if the semaphore has been correctly created and try to obtain it.
+  // if the semaphore cannot be obtained, the task is suspended and then resumed
+  // as soon as the semaphore is released.
+
+  sem_status = NU_Obtain_Semaphore(&abb_sem, NU_SUSPEND);
+
+  #endif  // ABB_SEMAPHORE_PROTECTION
+
   // a possible cause of the recovery is that ABB is on Oscas => switch from Oscas to CLK13
   if (bRecoveryFlag)
   {
@@ -409,17 +417,6 @@
   SPI_Ready_for_RDWR
   status = * (volatile SYS_UWORD16 *) SPI_REG_STATUS;
 
-  #if (ABB_SEMAPHORE_PROTECTION == 3)
-
-  // check if the semaphore has been correctly created and try to obtain it.
-  // if the semaphore cannot be obtained, the task is suspended and then resumed
-  // as soon as the semaphore is released.
-  if(&abb_sem != 0)
-  {
-    NU_Obtain_Semaphore(&abb_sem, NU_SUSPEND);
-  }
-  #endif  // ABB_SEMAPHORE_PROTECTION
-
   ABB_SetPage(PAGE0);
 
   // This transmission disables MADC,AFC,VDL,VUL modules.
@@ -617,22 +614,21 @@
   // This transmission enables selected ABB modules.
   ABB_WriteRegister(TOGBR1, 0x05);
 
+  // Stop the SPI clock
+  #ifdef SPI_CLK_LOW_POWER
+    SPI_CLK_DISABLE
+  #endif
+
   #if (ABB_SEMAPHORE_PROTECTION == 3)
   // release the semaphore only if it has correctly been created.
-  if(&abb_sem != 0)
+  if(sem_status == NU_SUCCESS)
   {
     NU_Release_Semaphore(&abb_sem);
   }
   #endif  // ABB_SEMAPHORE_PROTECTION
-
-  // Stop the SPI clock
-  #ifdef SPI_CLK_LOW_POWER
-    SPI_CLK_DISABLE
-  #endif
 }
 
 
-
 /*-----------------------------------------------------------------------*/
 /* ABB_Read_ADC()                                                        */
 /*                                                                       */
@@ -644,22 +640,22 @@
 void ABB_Read_ADC(SYS_UWORD16 *Buff)
 {
   volatile SYS_UWORD16 status;
-
-  // Start spi clock, mask IT for RD and WR and read SPI_REG_STATUS to reset the RE and WE flags.
-  SPI_Ready_for_RDWR
-  status = * (volatile SYS_UWORD16 *) SPI_REG_STATUS;
+  STATUS sem_status;
 
   #if (ABB_SEMAPHORE_PROTECTION == 3)
 
   // check if the semaphore has been correctly created and try to obtain it.
   // if the semaphore cannot be obtained, the task is suspended and then resumed
   // as soon as the semaphore is released.
-  if(&abb_sem != 0)
-  {
-    NU_Obtain_Semaphore(&abb_sem, NU_SUSPEND);
-  }
+
+  sem_status = NU_Obtain_Semaphore(&abb_sem, NU_SUSPEND);
+
   #endif  // ABB_SEMAPHORE_PROTECTION
 
+  // Start spi clock, mask IT for RD and WR and read SPI_REG_STATUS to reset the RE and WE flags.
+  SPI_Ready_for_RDWR
+  status = * (volatile SYS_UWORD16 *) SPI_REG_STATUS;
+
   // This transmission changes the register page in the ABB for usp to pg0.
   ABB_SetPage(PAGE0);
 
@@ -672,32 +668,31 @@
   *Buff++ = ABB_ReadRegister(ADIN2REG);
   *Buff++ = ABB_ReadRegister(ADIN3REG);
 
-  #if (ANLG_FAM ==1)
+  #if (ANLG_FAM == 1)
     *Buff++ = ABB_ReadRegister(ADIN4XREG);
     *Buff++ = ABB_ReadRegister(ADIN5YREG);
-  #elif (ANLG_FAM ==2)
+  #elif (ANLG_FAM == 2)
     *Buff++ = ABB_ReadRegister(ADIN4REG);
-   #elif (ANLG_FAM == 3)
+  #elif (ANLG_FAM == 3)
     *Buff++ = ABB_ReadRegister(ADIN4REG);
     *Buff++ = ABB_ReadRegister(ADIN5REG);
   #endif   // ANLG_FAM
 
-  #if (ABB_SEMAPHORE_PROTECTION == 3)
-  // release the semaphore only if it has correctly been created.
-  if(&abb_sem != 0)
-  {
-    NU_Release_Semaphore(&abb_sem);
-  }
-  #endif  // ABB_SEMAPHORE_PROTECTION
-
   // Stop the SPI clock
   #ifdef SPI_CLK_LOW_POWER
     SPI_CLK_DISABLE
   #endif
+
+  #if (ABB_SEMAPHORE_PROTECTION == 3)
+  // release the semaphore only if it has correctly been created.
+  if(sem_status == NU_SUCCESS)
+  {
+    NU_Release_Semaphore(&abb_sem);
+  }
+  #endif  // ABB_SEMAPHORE_PROTECTION
 }
 
 
-
 /*-----------------------------------------------------------------------*/
 /* ABB_Conf_ADC()                                                        */
 /*                                                                       */
@@ -709,23 +704,23 @@
 void ABB_Conf_ADC(SYS_UWORD16 Channels, SYS_UWORD16 ItVal)
 {
   volatile SYS_UWORD16 status;
+  STATUS sem_status;
   SYS_UWORD16 reg_val;
 
-  // Start spi clock, mask IT for RD and WR and read SPI_REG_STATUS to reset the RE and WE flags.
-  SPI_Ready_for_RDWR
-  status = * (volatile SYS_UWORD16 *) SPI_REG_STATUS;
-
   #if (ABB_SEMAPHORE_PROTECTION == 3)
 
   // check if the semaphore has been correctly created and try to obtain it.
   // if the semaphore cannot be obtained, the task is suspended and then resumed
   // as soon as the semaphore is released.
-  if(&abb_sem != 0)
-  {
-    NU_Obtain_Semaphore(&abb_sem, NU_SUSPEND);
-  }
+
+  sem_status = NU_Obtain_Semaphore(&abb_sem, NU_SUSPEND);
+
   #endif  // ABB_SEMAPHORE_PROTECTION
 
+  // Start spi clock, mask IT for RD and WR and read SPI_REG_STATUS to reset the RE and WE flags.
+  SPI_Ready_for_RDWR
+  status = * (volatile SYS_UWORD16 *) SPI_REG_STATUS;
+
   // This transmission changes the register page in the ABB for usp to pg0.
   ABB_SetPage(PAGE0);
 
@@ -744,23 +739,21 @@
   else if(ItVal == EOC_INTMASK)
     ABB_WriteRegister(ITMASK, reg_val | EOC_INTMASK);
 
+  // Stop the SPI clock
+  #ifdef SPI_CLK_LOW_POWER
+    SPI_CLK_DISABLE
+  #endif
+
   #if (ABB_SEMAPHORE_PROTECTION == 3)
   // release the semaphore only if it has correctly been created.
-  if(&abb_sem != 0)
+  if(sem_status == NU_SUCCESS)
   {
     NU_Release_Semaphore(&abb_sem);
   }
   #endif  // ABB_SEMAPHORE_PROTECTION
-
-  // Stop the SPI clock
-  #ifdef SPI_CLK_LOW_POWER
-    SPI_CLK_DISABLE
-  #endif
 }
 
 
-
-
 /*------------------------------------------------------------------------*/
 /* ABB_sleep()                                                            */
 /*                                                                        */
@@ -1070,22 +1063,22 @@
 void ABB_wa_VRPC(SYS_UWORD16 value)
 {
   volatile SYS_UWORD16 status;
-
-  // Start spi clock, mask IT for WR and read SPI_REG_STATUS to reset the RE and WE flags.
-  SPI_Ready_for_WR
-  status = * (volatile SYS_UWORD16 *) SPI_REG_STATUS;
+  STATUS sem_status;
 
   #if ((ABB_SEMAPHORE_PROTECTION == 1) || (ABB_SEMAPHORE_PROTECTION == 2) || (ABB_SEMAPHORE_PROTECTION == 3))
 
   // check if the semaphore has been correctly created and try to obtain it.
   // if the semaphore cannot be obtained, the task is suspended and then resumed
   // as soon as the semaphore is released.
-  if(&abb_sem != 0)
-  {
-    NU_Obtain_Semaphore(&abb_sem, NU_SUSPEND);
-  }
+
+  sem_status = NU_Obtain_Semaphore(&abb_sem, NU_SUSPEND);
+
   #endif  // ABB_SEMAPHORE_PROTECTION
 
+  // Start spi clock, mask IT for WR and read SPI_REG_STATUS to reset the RE and WE flags.
+  SPI_Ready_for_WR
+  status = * (volatile SYS_UWORD16 *) SPI_REG_STATUS;
+
   ABB_SetPage(PAGE1);
 
   #if (ANLG_FAM == 1)
@@ -1104,18 +1097,18 @@
 
   ABB_SetPage(PAGE0);
 
+  // Stop the SPI clock
+  #ifdef SPI_CLK_LOW_POWER
+    SPI_CLK_DISABLE
+  #endif
+
   #if ((ABB_SEMAPHORE_PROTECTION == 1) || (ABB_SEMAPHORE_PROTECTION == 2) || (ABB_SEMAPHORE_PROTECTION == 3))
   // release the semaphore only if it has correctly been created.
-  if(&abb_sem != 0)
+  if(sem_status == NU_SUCCESS)
   {
     NU_Release_Semaphore(&abb_sem);
   }
   #endif  // ABB_SEMAPHORE_PROTECTION
-
-  // Stop the SPI clock
-  #ifdef SPI_CLK_LOW_POWER
-    SPI_CLK_DISABLE
-  #endif
 }
 
 
@@ -1129,6 +1122,17 @@
 {
   SYS_UWORD8 i;
   volatile SYS_UWORD16 status;
+  STATUS sem_status;
+
+  #if ((ABB_SEMAPHORE_PROTECTION == 2) || (ABB_SEMAPHORE_PROTECTION == 3))
+
+  // check if the semaphore has been correctly created and try to obtain it.
+  // if the semaphore cannot be obtained, the task is suspended and then resumed
+  // as soon as the semaphore is released.
+
+  sem_status = NU_Obtain_Semaphore(&abb_sem, NU_SUSPEND);
+
+  #endif  // ABB_SEMAPHORE_PROTECTION
 
   // Start spi clock, mask IT for WR and read SPI_REG_STATUS to reset the RE and WE flags.
   SPI_Ready_for_WR
@@ -1151,6 +1155,14 @@
   #ifdef SPI_CLK_LOW_POWER
     SPI_CLK_DISABLE
   #endif
+
+  #if ((ABB_SEMAPHORE_PROTECTION == 2) || (ABB_SEMAPHORE_PROTECTION == 3))
+  // release the semaphore only if it has correctly been created.
+  if(sem_status == NU_SUCCESS)
+  {
+    NU_Release_Semaphore(&abb_sem);
+  }
+  #endif  // ABB_SEMAPHORE_PROTECTION
 }
 
 //////////////////////// IDEV-INLO integration of sleep mode for Syren ///////////////////////////////////////
@@ -1209,6 +1221,3 @@
   #endif
 }
 #endif
-
-
-
--- a/src/cs/drivers/drv_core/abb/abb.h	Mon Apr 26 17:12:08 2021 +0000
+++ b/src/cs/drivers/drv_core/abb/abb.h	Mon Apr 26 20:55:25 2021 +0000
@@ -560,7 +560,7 @@
 #if (OP_L1_STANDALONE == 1)
 #define ABB_SEMAPHORE_PROTECTION     (0)
 #else
-#define ABB_SEMAPHORE_PROTECTION     (2)
+#define ABB_SEMAPHORE_PROTECTION     (3)
 #endif
 
 
--- a/src/cs/layer1/cfile/l1_init.c	Mon Apr 26 17:12:08 2021 +0000
+++ b/src/cs/layer1/cfile/l1_init.c	Mon Apr 26 20:55:25 2021 +0000
@@ -722,10 +722,18 @@
     Abb->TspEnLevel   = SPI_NTSPEN_NEG_LEV;
     Abb->TspEnForm    = SPI_NTSPEN_LEV_TRIG;
 
-    SPI_InitDev(Abb);                   /* Initialize the spi to work with ABB */
+    /*
+     * FreeCalypso change: skip the following two non-semaphore-protected
+     * steps in the case of L1/DSP recovery, and limit our ABB poking to
+     * semaphore-protected functions.
+     */
+    if (l1a_l1s_com.recovery_flag == FALSE)
+    {
+      SPI_InitDev(Abb);              /* Initialize the spi to work with ABB */
+      ABB_free_13M();                /* Set up Abb connection (CLK 13M free).*/
+    }
 
-    ABB_free_13M();                     /* Set up Abb connection (CLK 13M free).*/
-    Abb_Status = ABB_Read_Status();     /* Aknowledge the Abb status register.  */
+    Abb_Status = ABB_Read_Status();  /* Aknowledge the Abb status register.  */
 
     /*------------------------------------------------------------------*/
     /* Add here SW to manage Abb VRPCSTS status register informations   */