Merge pull request #9617 from kjbracey-arm/spe_atomics

Cruz Monrreal · web-flow · commit 19474fcab14c · 2019-02-19T15:27:54.000-06:00
SPE: Fix up atomic usage
diff --git a/components/TARGET_PSA/TARGET_MBED_SPM/COMPONENT_SPE/handles_manager.c b/components/TARGET_PSA/TARGET_MBED_SPM/COMPONENT_SPE/handles_manager.c
@@ -47,35 +47,30 @@ psa_handle_t psa_hndl_mgr_handle_create(psa_handle_manager_t *handle_mgr, void *
     // Get active partition id - Needed for requester identification
     spm_partition_t *curr_part_ptr = get_active_partition();
     int32_t          current_pid   = ((curr_part_ptr != NULL) ? curr_part_ptr->partition_id : PSA_NSPE_IDENTIFIER);
-    uint32_t         expected      = UINT16_MAX;
-
-    // Avoid passing UINT16_MAX. Start again from 0 if reached.
-    // The reason for this is that we use the 16 upper bits to store the handle's index in the handles pool (for performance reasons)
-    core_util_atomic_cas_u32((uint32_t *)(&(handle_mgr->handle_generator)),
-                             &expected,
-                             PSA_HANDLE_MGR_INVALID_HANDLE
-                            );
 
     // Generate a new handle identifier
-    uint32_t tmp_handle = core_util_atomic_incr_u32(&(handle_mgr->handle_generator), 1);
-    uint32_t new_handle = PSA_HANDLE_MGR_INVALID_HANDLE;
-    uint32_t pool_ix    = 0;
+    uint32_t tmp_handle;
+    do {
+        tmp_handle = core_util_atomic_incr_u16(&(handle_mgr->handle_generator), 1);
+    } while (tmp_handle == PSA_HANDLE_MGR_INVALID_HANDLE);
+    psa_handle_t new_handle = PSA_NULL_HANDLE;
 
     // Look for a vacant space in handles pool for the generated handle
-    for (pool_ix = 0; pool_ix < handle_mgr->pool_size; pool_ix++) {
+    for (uint32_t pool_ix = 0; pool_ix < handle_mgr->pool_size; pool_ix++) {
 
-        expected = PSA_HANDLE_MGR_INVALID_HANDLE;
+        psa_handle_t expected = PSA_NULL_HANDLE;
 
         // Write the handles pool index in the upper 16 bits of the handle
-        new_handle = ((pool_ix << PSA_HANDLE_MGR_HANDLE_INDEX_POS) | tmp_handle);
+        psa_handle_t desired_handle = ((pool_ix << PSA_HANDLE_MGR_HANDLE_INDEX_POS) | tmp_handle);
 
         // Store the generated handle in the handles pool
-        if (core_util_atomic_cas_u32((uint32_t *)(&(handle_mgr->handles_pool[pool_ix].handle)),
+        if (core_util_atomic_cas_s32(&(handle_mgr->handles_pool[pool_ix].handle),
                                      &expected,
-                                     new_handle
+                                     desired_handle
                                     )) {
 
             // Handle is successfully stored in handles pool
+            new_handle = desired_handle;
 
             // Store the handle memory in the handles pool, "coupled" with the stored handle
             handle_mgr->handles_pool[pool_ix].handle_mem    = handle_mem;
@@ -90,7 +85,7 @@ psa_handle_t psa_hndl_mgr_handle_create(psa_handle_manager_t *handle_mgr, void *
 
     // Handle creation should only occur after a successful memory allocation
     // and is not expected to fail.
-    SPM_ASSERT(pool_ix != handle_mgr->pool_size);
+    SPM_ASSERT(new_handle != PSA_NULL_HANDLE);
 
     return new_handle;
 }
@@ -123,9 +118,9 @@ void psa_hndl_mgr_handle_destroy(psa_handle_manager_t *handle_mgr, psa_handle_t
         SPM_PANIC("[ERROR] Request for destroy by non-owner or friend!\n");
     }
 
-    handle_mgr->handles_pool[pool_ix].handle        = PSA_NULL_HANDLE;
     handle_mgr->handles_pool[pool_ix].handle_owner  = PSA_HANDLE_MGR_INVALID_FRIEND_OWNER;
     handle_mgr->handles_pool[pool_ix].handle_friend = PSA_HANDLE_MGR_INVALID_FRIEND_OWNER;
+    core_util_atomic_store_s32(&(handle_mgr->handles_pool[pool_ix].handle), PSA_NULL_HANDLE);
 }
 
 
diff --git a/components/TARGET_PSA/TARGET_MBED_SPM/COMPONENT_SPE/handles_manager.h b/components/TARGET_PSA/TARGET_MBED_SPM/COMPONENT_SPE/handles_manager.h
@@ -55,7 +55,7 @@ extern "C" {
 
 /* ------------------------------------ Definitions ---------------------------------- */
 
-#define PSA_HANDLE_MGR_INVALID_HANDLE           ((uint32_t)PSA_NULL_HANDLE)
+#define PSA_HANDLE_MGR_INVALID_HANDLE           ((uint16_t)PSA_NULL_HANDLE)
 
 #define PSA_HANDLE_MGR_INVALID_FRIEND_OWNER     0       // Denoting invalid friend or invalid owner
 
@@ -80,8 +80,10 @@ typedef struct psa_handle_item_t {
 
 typedef struct psa_handle_manager_t {
 
-    uint32_t           handle_generator;    /* A counter supplying handle numbers.  */
-    uint32_t           pool_size;           /* The maximum number of handles that pool can contain. */
+    // Handle generator uses only 16 bits, and wraps.
+    // The reason for this is that we use the 16 upper bits to store the handle's index in the handles pool (for performance reasons)
+    uint16_t           handle_generator;    /* A counter supplying handle numbers.  */
+    uint16_t           pool_size;           /* The maximum number of handles that pool can contain. */
     psa_handle_item_t *handles_pool;        /* Holds couples of handles and their memory "blocks". */
 
 } psa_handle_manager_t;
diff --git a/components/TARGET_PSA/TARGET_MBED_SPM/COMPONENT_SPE/spm_common.c b/components/TARGET_PSA/TARGET_MBED_SPM/COMPONENT_SPE/spm_common.c
@@ -16,12 +16,11 @@
  */
 
 #include "cmsis_os2.h"
+#include "mbed_critical.h"
 #include "psa_defs.h"
 #include "spm_internal.h"
 #include "spm_panic.h"
 
-bool core_util_atomic_cas_u8(volatile uint8_t *ptr, uint8_t *expectedCurrentValue, uint8_t desiredValue);
-
 inline void validate_iovec(
     const void *in_vec,
     const uint32_t in_len,
@@ -42,18 +41,19 @@ inline void validate_iovec(
 
 inline void channel_state_switch(uint8_t *current_state, uint8_t expected_state, uint8_t new_state)
 {
-    uint8_t backup_expected = expected_state;
-    if (!core_util_atomic_cas_u8(current_state, &expected_state, new_state)) {
+    uint8_t actual_state = expected_state;
+    if (!core_util_atomic_cas_u8(current_state, &actual_state, new_state)) {
         SPM_PANIC("channel in incorrect processing state: %d while %d is expected!\n",
-                  expected_state, backup_expected);
+                  actual_state, expected_state);
     }
 }
 
-inline void channel_state_assert(uint8_t *current_state, uint8_t expected_state)
+inline void channel_state_assert(const uint8_t *current_state, uint8_t expected_state)
 {
-    if (*current_state != expected_state) {
+    uint8_t actual_state = core_util_atomic_load_u8(current_state);
+    if (actual_state != expected_state) {
         SPM_PANIC("channel in incorrect processing state: %d while %d is expected!\n",
-                  *current_state, expected_state);
+                  actual_state, expected_state);
     }
 }
 
diff --git a/components/TARGET_PSA/TARGET_MBED_SPM/COMPONENT_SPE/spm_internal.h b/components/TARGET_PSA/TARGET_MBED_SPM/COMPONENT_SPE/spm_internal.h
@@ -242,7 +242,7 @@ void channel_state_switch(uint8_t *current_state, uint8_t expected_state, uint8_
  * @param[in] current_state - current state
  * @param[in] expected_state - expected state
 */
-void channel_state_assert(uint8_t *current_state, uint8_t expected_state);
+void channel_state_assert(const uint8_t *current_state, uint8_t expected_state);
 
 #ifdef __cplusplus
 }

Original file line number	Diff line number	Diff line change
`@@ -16,12 +16,11 @@`
`16`	`16`	`*/`
`17`	`17`
`18`	`18`	`#include "cmsis_os2.h"`
	`19`	`+#include "mbed_critical.h"`
`19`	`20`	`#include "psa_defs.h"`
`20`	`21`	`#include "spm_internal.h"`
`21`	`22`	`#include "spm_panic.h"`
`22`	`23`
`23`		`-bool core_util_atomic_cas_u8(volatile uint8_t ptr, uint8_t expectedCurrentValue, uint8_t desiredValue);`
`24`		`-`
`25`	`24`	`inline void validate_iovec(`
`26`	`25`	`const void *in_vec,`
`27`	`26`	`const uint32_t in_len,`
`@@ -42,18 +41,19 @@ inline void validate_iovec(`
`42`	`41`
`43`	`42`	`inline void channel_state_switch(uint8_t *current_state, uint8_t expected_state, uint8_t new_state)`
`44`	`43`	`{`
`45`		`- uint8_t backup_expected = expected_state;`
`46`		`- if (!core_util_atomic_cas_u8(current_state, &expected_state, new_state)) {`
	`44`	`+ uint8_t actual_state = expected_state;`
	`45`	`+ if (!core_util_atomic_cas_u8(current_state, &actual_state, new_state)) {`
`47`	`46`	`SPM_PANIC("channel in incorrect processing state: %d while %d is expected!\n",`
`48`		`- expected_state, backup_expected);`
	`47`	`+ actual_state, expected_state);`
`49`	`48`	`}`
`50`	`49`	`}`
`51`	`50`
`52`		`-inline void channel_state_assert(uint8_t *current_state, uint8_t expected_state)`
	`51`	`+inline void channel_state_assert(const uint8_t *current_state, uint8_t expected_state)`
`53`	`52`	`{`
`54`		`- if (*current_state != expected_state) {`
	`53`	`+ uint8_t actual_state = core_util_atomic_load_u8(current_state);`
	`54`	`+ if (actual_state != expected_state) {`
`55`	`55`	`SPM_PANIC("channel in incorrect processing state: %d while %d is expected!\n",`
`56`		`- *current_state, expected_state);`
	`56`	`+ actual_state, expected_state);`
`57`	`57`	`}`
`58`	`58`	`}`
`59`	`59`
Original file line number	Diff line number	Diff line change
`@@ -242,7 +242,7 @@ void channel_state_switch(uint8_t *current_state, uint8_t expected_state, uint8_`
`242`	`242`	`* @param[in] current_state - current state`
`243`	`243`	`* @param[in] expected_state - expected state`
`244`	`244`	`*/`
`245`		`-void channel_state_assert(uint8_t *current_state, uint8_t expected_state);`
	`245`	`+void channel_state_assert(const uint8_t *current_state, uint8_t expected_state);`
`246`	`246`
`247`	`247`	`#ifdef __cplusplus`
`248`	`248`	`}`