From aee1d785a914365e64462ce507e27ca917da9055 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Wed, 19 Apr 2017 14:12:11 -0500 Subject: [PATCH] don't let the ceiling token escape the critical section --- src/lib.rs | 8 ++++---- tests/cfail/ceiling.rs | 15 +++++++++++++++ 2 files changed, 19 insertions(+), 4 deletions(-) create mode 100644 tests/cfail/ceiling.rs diff --git a/src/lib.rs b/src/lib.rs index c1f6aa188e..280c8c20c8 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -110,7 +110,7 @@ impl Resource> { /// [Resource.borrow](struct.Resource.html#method.borrow). #[cfg(not(thumbv6m))] pub fn lock(&'static self, _priority: &P, f: F) -> R - where F: FnOnce(Ref, C) -> R, + where F: FnOnce(Ref, &C) -> R, CEILING: Cmp + Cmp + Level { unsafe { @@ -118,7 +118,7 @@ impl Resource> { basepri_max::write(::hw()); barrier!(); let ret = - f(Ref::new(&*self.data.get()), C { _marker: PhantomData }); + f(Ref::new(&*self.data.get()), &C { _marker: PhantomData }); barrier!(); basepri::write(old_basepri); ret @@ -209,7 +209,7 @@ impl Peripheral> { /// See [Resource.lock](./struct.Resource.html#method.lock) #[cfg(not(thumbv6m))] pub fn lock(&'static self, _priority: &P, f: F) -> R - where F: FnOnce(Ref, C) -> R, + where F: FnOnce(Ref, &C) -> R, CEILING: Cmp + Cmp + Level { unsafe { @@ -218,7 +218,7 @@ impl Peripheral> { barrier!(); let ret = f( Ref::new(&*self.peripheral.get()), - C { _marker: PhantomData }, + &C { _marker: PhantomData }, ); barrier!(); basepri::write(old_basepri); diff --git a/tests/cfail/ceiling.rs b/tests/cfail/ceiling.rs new file mode 100644 index 0000000000..9ddce53032 --- /dev/null +++ b/tests/cfail/ceiling.rs @@ -0,0 +1,15 @@ +extern crate cortex_m_srp; + +use cortex_m_srp::{C3, P2, Resource}; + +static R1: Resource<(), C3> = Resource::new(()); + +fn j1(prio: P2) { + let c3 = R1.lock(&prio, |r1, c3| { + // forbidden: ceiling token can't outlive critical section + c3 //~ error + }); + + // Would be bad: lockless access to a resource with ceiling = 3 + let r2 = R1.borrow(&prio, c3); +}