From ef34d05204562b531a9740a6ea7709ff015f23d2 Mon Sep 17 00:00:00 2001 From: Ville Juven Date: Fri, 8 Nov 2024 10:58:20 +0200 Subject: [PATCH] riscv_syscall.S: Fix a massive bug in syscall dispatch logic There is an enormous error in the system call dispatch logic; if a task is inside a critical section (local interrupts disabled) there is a chance that during a context switch when the task resumes, local interrupts are erroneously ENABLED. This obviously leads to unexpected crashes and such. This happens when the CPU status has Previous Interrupt Enable (PIE) set to 1, even though Interrupt Enable (IE) is set to 0. When the system call returns via ERET, the CPU sets PIE->IE and if PIE=1 interrupts get enabled. This is fixed easily by explicitly CLEARING PIE from the register save area, if IE=0 when the system call was started. --- arch/risc-v/src/common/supervisor/riscv_syscall.S | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/risc-v/src/common/supervisor/riscv_syscall.S b/arch/risc-v/src/common/supervisor/riscv_syscall.S index bda64d3de2cfb..1d7da7ee31db8 100644 --- a/arch/risc-v/src/common/supervisor/riscv_syscall.S +++ b/arch/risc-v/src/common/supervisor/riscv_syscall.S @@ -96,8 +96,13 @@ sys_call6: and s0, s0, s1 li s1, STATUS_PIE /* set PIE */ or s0, s0, s1 + j 2f - 1: +1: + li s1, ~STATUS_PIE /* else: clear PIE */ + and s0, s0, s1 + +2: /* Set previous privilege, we are in privileged mode now */ li s1, STATUS_PPP /* set previous privilege */