On Thu, 2009-06-11 at 16:34 -0400, Douglas Bailey wrote:
> The InterruptEnable/InterruptDisable functions on SH are implemented by
> setting the SR.IMASK field to mask out interrupts.  Which works fine for
> everything except NMIs -- they are not masked.  If an NMI happens and
> gets processed while we think we have interrupts disabled, we're
> pooched.
> 
> Easy enough to say we don't support the use of NMIs but we provide NMI
> callouts in our startup lib and many of our board support packages make
> use of these callouts.  I suppose it might be valid for a customer to
> use an NMI as a reset mechanism, but it cannot be valid to continue to
> run after an NMI has been processed, because an NMI could have
> interrupted the kernel when it thought interrupts were disabled.
> 
> The fact that we provide NMI support in our BSPs makes me wonder if
> customers have been using NMIs when they shouldn't.  This is tempered by
> the fact that the NMI masking/unmasking done in the NMI callouts looks
> to be quite busted, so I'm hoping that a customer that used NMIs
> incorrectly would have run into other problems, that would have already
> forced us to notice this issue.
> 
> I guess I'm wondering where to go from here.  I don't like the fact that
> the BSPs we provide suggest that the use of NMIs is safe when in fact
> they aren't, but I don't know for certain if any customers are using
> NMIs.
> 
> Any thoughts?

Nothing to do with the bug but I will make clear in the assumptions we
make about the manner in which applications make use of our Safe Kernel
that NMIs must not be used (even in x86). Is that reasonable,
particularly in the x86 case---I heard that even the x86 support for
NMIs might be flakey.

Chris
> 
> 
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post31559
> 

Looking at the callout code, it would appear that there are cases where we
can get spurious NMIs, since it immediately leaves the callout with a -1
return value.

So I would assume that we NEED to have the callout to handle said spurious
interrupts, otherwise we'll get an unexpected interrupt exception (since they
by definition can't be masked)

The callout appears to do something to mask further nmis (Alanis would love
this chip) but that doesn't help user code that calls InterruptDisable()

Douglas Bailey wrote:
> The InterruptEnable/InterruptDisable functions on SH are implemented by
> setting the SR.IMASK field to mask out interrupts.  Which works fine for
> everything except NMIs -- they are not masked.  If an NMI happens and
> gets processed while we think we have interrupts disabled, we're
> pooched.
> 
> Easy enough to say we don't support the use of NMIs but we provide NMI
> callouts in our startup lib and many of our board support packages make
> use of these callouts.  I suppose it might be valid for a customer to
> use an NMI as a reset mechanism, but it cannot be valid to continue to
> run after an NMI has been processed, because an NMI could have
> interrupted the kernel when it thought interrupts were disabled.
> 
> The fact that we provide NMI support in our BSPs makes me wonder if
> customers have been using NMIs when they shouldn't.  This is tempered by
> the fact that the NMI masking/unmasking done in the NMI callouts looks
> to be quite busted, so I'm hoping that a customer that used NMIs
> incorrectly would have run into other problems, that would have already
> forced us to notice this issue.
> 
> I guess I'm wondering where to go from here.  I don't like the fact that
> the BSPs we provide suggest that the use of NMIs is safe when in fact
> they aren't, but I don't know for certain if any customers are using
> NMIs.
> 
> Any thoughts?
> 
> 
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post31559
> 

-- 
cburgess@qnx.com

While not SH4, NMIs are used by some customers on the x86 (IGT I  
believe does).

Some customers abuse it as a "important interrupt" and they are  
usually corrected but in other cases, NMI is used as trigger for a  
failover mechanism (hardware gone wrong/bad state) and there has to be  
some software control.

Are you saying the NMI handling is busted everywhere or just SH4?
-Adam

On 11-Jun-09, at 4:34 PM, Douglas Bailey wrote:

>
> The InterruptEnable/InterruptDisable functions on SH are implemented  
> by
> setting the SR.IMASK field to mask out interrupts.  Which works fine  
> for
> everything except NMIs -- they are not masked.  If an NMI happens and
> gets processed while we think we have interrupts disabled, we're
> pooched.
>
> Easy enough to say we don't support the use of NMIs but we provide NMI
> callouts in our startup lib and many of our board support packages  
> make
> use of these callouts.  I suppose it might be valid for a customer to
> use an NMI as a reset mechanism, but it cannot be valid to continue to
> run after an NMI has been processed, because an NMI could have
> interrupted the kernel when it thought interrupts were disabled.
>
> The fact that we provide NMI support in our BSPs makes me wonder if
> customers have been using NMIs when they shouldn't.  This is  
> tempered by
> the fact that the NMI masking/unmasking done in the NMI callouts looks
> to be quite busted, so I'm hoping that a customer that used NMIs
> incorrectly would have run into other problems, that would have  
> already
> forced us to notice this issue.
>
> I guess I'm wondering where to go from here.  I don't like the fact  
> that
> the BSPs we provide suggest that the use of NMIs is safe when in fact
> they aren't, but I don't know for certain if any customers are using
> NMIs.
>
> Any thoughts?
>
>
> _______________________________________________
> OSTech
> http://community.qnx.com/sf/go/post31559
>

--
Cheers,
    Adam

   QNX Software Systems
   [ amallory@qnx.com ]
   ---------------------------------------------------
   With a PC, I always felt limited by the software available.
   On Unix, I am limited only by my knowledge.
       --Peter J. Schoenster