sys/pm: Correctly access pm_blocker

[maribu]

Contribution description

Replace volatile access to pm_blocker by guarding the accesses with irq_disable() ... irq_restore().

volatile does only guarantee that no compiler optimizations are performed on a variable access, but does not provide atomic access. E.g. on systems with a memory bus of less than 32 bit, the access to pm_blocker cannot be done with a single CPU instruction. Thus, resorting to disabling IRQs is the easiest and most portable way to actually achieve atomic access.

Testing procedure

tests/periph_pm should still work

Issues/PRs references

Split out of #13973

Depends on and contains #13976

[benpicco]

This should only be necessary on non-32 bit machines, no?

[maribu]

There sadly is no guarantee, that the compiler will generate a single read whenever possible. There were examples on GCC generating two 32 bit stores on x86_64 when writing to a volatile, as two stores with an immediate where faster than preparing the correct value in a register and writing that back to memory. As a result, some linux drivers stopped working when compiled with that GCC version. I think it is safe to say that the Linux kernel guys convinced the compiler guys that their compilers have no host to run on if they break kernels by splitting a single volatile accesses into two accesses. But for non-volatile accesses we should still be careful to do any assumptions on how the generated assembly looks like.

So what we could IMO safely do is something like this:

pm_blocker_t pm_get_blocker(void)
{
    pm_blocker_t result;
    if (ARCH_32BIT) {
        volatile uint32_t *tmp = &pm_blocker.val_u32;
        result.val_u32 = *tmp;
    }
    else {
        unsigned state = irq_disable();
        result = pm_blocker;
        irq_restore(state);
    }
    return result;
}

It would be nice to make the FEATURES like arch32_bit available to C code for this. The compiler should than drop the dead branch.

[fjmolinas]

ARCH_32_BIT is now available, can you adapt to your suggestion?

[fjmolinas]

ping @maribu :)

[maribu]

Sorry for the delay. I still had #14331 in the pipeline, which is a better solution than what I suggested above.

I'm not sure if we should just stall this PR until #14331 is merged, or get it in without the optimization for now.

[fjmolinas]

I would merge without optimizations, that PR can take time and this is still potential source for issues.

[fjmolinas]

Tested on nucleo-l152re

2020-06-16 13:46:25,100 #  help
2020-06-16 13:46:25,102 # Command              Description
2020-06-16 13:46:25,106 # ---------------------------------------
2020-06-16 13:46:25,113 # unblock_rtc          temporarily unblock power mode
2020-06-16 13:46:25,115 # reboot               Reboot the node
2020-06-16 13:46:25,119 # version              Prints current RIOT_VERSION
2020-06-16 13:46:25,124 # pm                   interact with layered PM subsystem
2020-06-16 13:46:25,126 # rtc                  control RTC peripheral interface
pm unblock 1
2020-06-16 13:46:32,541 #  pm unblock 1
2020-06-16 13:46:32,547 # Unblocking power mode 1.
> unblock_rtc 1 5
2020-06-16 13:46:36,423 #  unblock_rtc 1 5
2020-06-16 13:46:36,430 # Unblocking power mode 1 for 5 seconds.
> a
a
a

help
2020-06-16 13:46:43,047 #  help
2020-06-16 13:46:43,048 # Command              Description
2020-06-16 13:46:43,054 # ---------------------------------------
2020-06-16 13:46:43,059 # unblock_rtc          temporarily unblock power mode
2020-06-16 13:46:43,061 # reboot               Reboot the node
2020-06-16 13:46:43,072 # version              Prints current RIOT_VERSION
2020-06-16 13:46:43,074 # pm                   interact with layered PM subsystem
2020-06-16 13:46:43,077 # rtc                  control RTC peripheral interface

[fjmolinas]

@maribu can you push to trigger github-actions on this one as well?

[fjmolinas]

ACK, there are possible optimization for 32bit platforms as mentioned in #13977 (comment), it was agreed to postpone those to after #14331 is in.

[maribu]

Thanks :-)