You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RTX: Main thread should not write MAGIC_WORD to stack
This is a fix for issue #285. This fix is similar to that proposed by
@oresths in the original issue.
There is code in rt_init_stack() which compares the task_id against the
value of 1 before writing MAGIC_WORD to the bottom of the stack. This
is supposed to stop the write from occurring for the main thread but
svcThreadCreate() doesn't initialize the P_TCB's task_id field until
after rt_init_stack() is executed. If any dynamic memory allocation
has occurred before the main thread is started (from the standard C
startup code) then this write could overwrite data in that allocation.
This change:
* moves the task_id initialization in svcThreadCreate() to happen
before the call to rt_init_context() is made.
* cleans up some comments in svcThreadCreate() which appear to
reference older versions of the code which would automatically
allocate stack memory if size == 0.
* still keeps the call to rt_dispatch() occurring after the call to
rt_init_context() so that the task is not dispatched to the
scheduler until the task fields have been populated.
I stepped through the rt_init_stack() code on my mbedLPC1768 after this
change was made to make sure that the write of MAGIC_WORD is now
skipped.
-----------------------------------------------------------------------
(gdb) break HAL_CM.c:95
Breakpoint 1 at 0x482c: file ../../external/mbed/libraries/rtos/rtx/TARGET_CORTEX_M/HAL_CM.c, line 95.
(gdb) c
Continuing.
Note: automatically using hardware breakpoints for read-only addresses.
Breakpoint 1, rt_init_stack (p_TCB=0x10000774 <os_idle_TCB>, task_body=0x4899 <os_idle_demon>)
at ../../external/mbed/libraries/rtos/rtx/TARGET_CORTEX_M/HAL_CM.c:95
95 if (p_TCB->task_id != 0x01)
(gdb) p *p_TCB
$1 = {
cb_type = 0 '\000',
state = 1 '\001',
prio = 0 '\000',
task_id = 255 '\377',
p_lnk = 0x0 <_reclaim_reent>,
p_rlnk = 0x0 <_reclaim_reent>,
p_dlnk = 0x0 <_reclaim_reent>,
p_blnk = 0x0 <_reclaim_reent>,
delta_time = 0,
interval_time = 0,
events = 0,
waits = 0,
msg = 0x0 <_reclaim_reent>,
stack_frame = 0 '\000',
reserved = 0 '\000',
priv_stack = 128,
tsk_stack = 268437480,
stack = 0x100007a8 <idle_task_stack>,
ptask = 0x4899 <os_idle_demon>
}
(gdb) c
Continuing.
Breakpoint 1, rt_init_stack (p_TCB=0x10000120 <os_thread_def_main+16>, task_body=0x620d <__wrap_main()>)
at ../../external/mbed/libraries/rtos/rtx/TARGET_CORTEX_M/HAL_CM.c:95
95 if (p_TCB->task_id != 0x01)
(gdb) p *p_TCB
$2 = {
cb_type = 0 '\000',
state = 1 '\001',
prio = 4 '\004',
task_id = 1 '\001',
p_lnk = 0x0 <_reclaim_reent>,
p_rlnk = 0x0 <_reclaim_reent>,
p_dlnk = 0x0 <_reclaim_reent>,
p_blnk = 0x0 <_reclaim_reent>,
delta_time = 0,
interval_time = 0,
events = 0,
waits = 0,
msg = 0x0 <_reclaim_reent>,
stack_frame = 0 '\000',
reserved = 0 '\000',
priv_stack = 26968,
tsk_stack = 268467136,
stack = 0x100012a8,
ptask = 0x620d <__wrap_main()>
}
(gdb) n
97 }
When the p_TCB for ptask==__wrap_main() is encountered, the task_id
now has a value of 1 and the write of MAGIC_WORD on line 96 is
skipped.
0 commit comments