X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=bertos%2Fkern%2Fproc.h;h=5c26465257f075b4ef71213095266f421e5396cd;hb=98cd348c9401ddbc14452941faa931118fc3984e;hp=f8de758ffeec511879400f20d750311d3b3c992b;hpb=2670d520a86faa8372952207fed4ef097ff2e726;p=bertos.git

diff --git a/bertos/kern/proc.h b/bertos/kern/proc.h
index f8de758f..5c264652 100644
--- a/bertos/kern/proc.h
+++ b/bertos/kern/proc.h
@@ -85,9 +85,6 @@ const char *proc_currentName(void);
 	}
 #endif
 
-/** Global preemption disable nesting counter. */
-extern int preempt_forbid_cnt;
-
 /**
  * Disable preemptive task switching.
  *
@@ -98,6 +95,9 @@ extern int preempt_forbid_cnt;
  * \note Calling functions that could sleep while task switching is disabled
  * is dangerous and unsupported.
  *
+ * \note calling proc_forbid() from within an interrupt is illegal and
+ * meaningless.
+ *
  * \note proc_permit() expands inline to 1-2 asm instructions, so it's a
  * very efficient locking primitive in simple but performance-critical
  * situations.  In all other cases, semaphores offer a more flexible and
@@ -108,11 +108,34 @@ extern int preempt_forbid_cnt;
 INLINE void proc_forbid(void)
 {
 	#if CONFIG_KERN_PREEMPT
-		// No need to protect against interrupts here.
-		++preempt_forbid_cnt;
+		extern int _preempt_forbid_cnt;
+		/*
+		 * We don't need to protect the counter against other processes.
+		 * The reason why is a bit subtle.
+		 *
+		 * If a process gets here, preempt_forbid_cnt can be either 0,
+		 * or != 0.  In the latter case, preemption is already disabled
+		 * and no concurrency issues can occur.
+		 *
+		 * In the former case, we could be preempted just after reading the
+		 * value 0 from memory, and a concurrent process might, in fact,
+		 * bump the value of preempt_forbid_cnt under our nose!
+		 *
+		 * BUT: if this ever happens, then we won't get another chance to
+		 * run until the other process calls proc_permit() to re-enable
+		 * preemption.  At this point, the value of preempt_forbid_cnt
+		 * must be back to 0, and thus what we had originally read from
+		 * memory happens to be valid.
+		 *
+		 * No matter how hard you think about it, and how complicated you
+		 * make your scenario, the above holds true as long as
+		 * "preempt_forbid_cnt != 0" means that no task switching is
+		 * possible.
+		 */
+		++_preempt_forbid_cnt;
 
 		/*
-		 * Make sure preempt_forbid_cnt is flushed to memory so the
+		 * Make sure _preempt_forbid_cnt is flushed to memory so the
 		 * preemption softirq will see the correct value from now on.
 		 */
 		MEMORY_BARRIER;
@@ -133,13 +156,13 @@ INLINE void proc_permit(void)
 		 * flushed to memory before task switching is re-enabled.
 		 */
 		MEMORY_BARRIER;
-
+		extern int _preempt_forbid_cnt;
 		/* No need to protect against interrupts here. */
-		--preempt_forbid_cnt;
-		ASSERT(preempt_forbid_cnt >= 0);
+		ASSERT(_preempt_forbid_cnt != 0);
+		--_preempt_forbid_cnt;
 
 		/*
-		 * This ensures preempt_forbid_cnt is flushed to memory immediately
+		 * This ensures _preempt_forbid_cnt is flushed to memory immediately
 		 * so the preemption interrupt sees the correct value.
 		 */
 		MEMORY_BARRIER;
@@ -147,6 +170,21 @@ INLINE void proc_permit(void)
 	#endif
 }
 
+/**
+ * \return true if preemptive task switching is allowed.
+ * \note This accessor is needed because _preempt_forbid_cnt
+ *       must be absoultely private.
+ */
+INLINE bool proc_allowed(void)
+{
+	#if CONFIG_KERN_PREEMPT
+		extern int _preempt_forbid_cnt;
+		return (_preempt_forbid_cnt == 0);
+	#else
+		return true;
+	#endif
+}
+
 /**
  * Execute a block of \a CODE atomically with respect to task scheduling.
  */