Debug box: Do not reboot by default

AlessandroA · AlessandroA · commit 54d8fc28ff4d · 2016-09-20T10:34:46.000+01:00
The `debug_halt_error` handler should not implicitly infer a reboot of
the system.

The debug box handler can reboot, if it thinks it's necessary. The newly
introduced vIRQ_SystemReset API can be used for this purpose.

By default, the debug handler will go back to `debug_halt_error`. Since
it has been called twice, this function will eventually halt forever
(hence implementing a proper halt, as expected by the API name).
diff --git a/core/debug/src/debug.c b/core/debug/src/debug.c
@@ -156,20 +156,10 @@ void debug_fault(THaltError reason, uint32_t lr, uint32_t sp)
     DEBUG_PRINT_END();
 }
 
-static void __debug_reboot(void)
-{
-    UVISOR_SVC(UVISOR_SVC_ID_DEBUG_REBOOT, "");
-}
-
-/* This function must be called as an SVCall handler.
- * All debug handlers that are required to reboot upon exit should use the
- * __debug_reboot function as return value, which triggers the SVCall. This note
- * applies to uVisor internally, as the actual debug box does not need to care
- * about this. */
+/* FIXME: The halt will be replaced with a proper return code. An ACL will be
+ *        created to allow single boxes to reset the device. */
 void debug_reboot(void)
 {
-    /* FIXME: The halt will be replaced with a proper return code. An ACL will
-     *        be created to allow single boxes to reset the device. */
     if (!g_debug_box.initialized || g_active_box != g_debug_box.box_id) {
         HALT_ERROR(NOT_ALLOWED, "This function can only be called from the context of an initialized debug box.\n\r");
     }
@@ -180,8 +170,7 @@ void debug_reboot(void)
 }
 
 /* FIXME: Currently it is not possible to return to a regular execution flow
- *        after the execution of the debug box handler. It is possible to
- *        reboot, though. */
+ *        after the execution of the debug box handler. */
 static void debug_deprivilege_and_return(void * debug_handler, void * return_handler,
                                          uint32_t a0, uint32_t a1, uint32_t a2, uint32_t a3)
 {
@@ -239,8 +228,9 @@ void debug_halt_error(THaltError reason)
 
         /* The following arguments are passed to the destination function:
          *   1. reason
-         * Upon return from the debug handler, the system will reboot. */
-        debug_deprivilege_and_return(g_debug_box.driver->halt_error, __debug_reboot, reason, 0, 0, 0);
+         * Upon return from the debug handler, this function will be called
+         * again, causing the final halt. */
+        debug_deprivilege_and_return(g_debug_box.driver->halt_error, debug_halt_error, reason, 0, 0, 0);
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -156,20 +156,10 @@ void debug_fault(THaltError reason, uint32_t lr, uint32_t sp)`
`156`	`156`	`DEBUG_PRINT_END();`
`157`	`157`	`}`
`158`	`158`
`159`		`-static void __debug_reboot(void)`
`160`		`-{`
`161`		`- UVISOR_SVC(UVISOR_SVC_ID_DEBUG_REBOOT, "");`
`162`		`-}`
`163`		`-`
`164`		`-/* This function must be called as an SVCall handler.`
`165`		`- * All debug handlers that are required to reboot upon exit should use the`
`166`		`- * __debug_reboot function as return value, which triggers the SVCall. This note`
`167`		`- * applies to uVisor internally, as the actual debug box does not need to care`
`168`		`- * about this. */`
	`159`	`+/* FIXME: The halt will be replaced with a proper return code. An ACL will be`
	`160`	`+ * created to allow single boxes to reset the device. */`
`169`	`161`	`void debug_reboot(void)`
`170`	`162`	`{`
`171`		`- /* FIXME: The halt will be replaced with a proper return code. An ACL will`
`172`		`- * be created to allow single boxes to reset the device. */`
`173`	`163`	`if (!g_debug_box.initialized \|\| g_active_box != g_debug_box.box_id) {`
`174`	`164`	`HALT_ERROR(NOT_ALLOWED, "This function can only be called from the context of an initialized debug box.\n\r");`
`175`	`165`	`}`
`@@ -180,8 +170,7 @@ void debug_reboot(void)`
`180`	`170`	`}`
`181`	`171`
`182`	`172`	`/* FIXME: Currently it is not possible to return to a regular execution flow`
`183`		`- * after the execution of the debug box handler. It is possible to`
`184`		`- * reboot, though. */`
	`173`	`+ * after the execution of the debug box handler. */`
`185`	`174`	`static void debug_deprivilege_and_return(void * debug_handler, void * return_handler,`
`186`	`175`	`uint32_t a0, uint32_t a1, uint32_t a2, uint32_t a3)`
`187`	`176`	`{`
`@@ -239,8 +228,9 @@ void debug_halt_error(THaltError reason)`
`239`	`228`
`240`	`229`	`/* The following arguments are passed to the destination function:`
`241`	`230`	`* 1. reason`
`242`		`- * Upon return from the debug handler, the system will reboot. */`
`243`		`- debug_deprivilege_and_return(g_debug_box.driver->halt_error, __debug_reboot, reason, 0, 0, 0);`
	`231`	`+ * Upon return from the debug handler, this function will be called`
	`232`	`+ * again, causing the final halt. */`
	`233`	`+ debug_deprivilege_and_return(g_debug_box.driver->halt_error, debug_halt_error, reason, 0, 0, 0);`
`244`	`234`	`}`
`245`	`235`	`}`
`246`	`236`