ThreadX: Fix context switch logic

ianstcdns · ianstcdns · commit c256915e8223 · 2026-04-10T14:28:36.000-07:00
- Disable interrupts prior to allocating a large exception frame;
  only reenable them after deallocating the extra memory.
- Any user tasks with stacks based on TX_MINIMUM_STACK do not
  have sufficient space for both a context switch frame and an ISR
  frame; ill-timed interrupts were causing stack overruns.
diff --git a/ports/xtensa/xcc/src/tx_thread_schedule.S b/ports/xtensa/xcc/src/tx_thread_schedule.S
@@ -229,14 +229,24 @@ _tx_thread_schedule:
     rsync                               /* ensure wsr.CPENABLE has completed */
     #endif
 
-    wsr     a3,  PS                     /* no need to sync PS, delay is OK */
-
-    /* This does not return to its caller, but to the selected thread. */
+    /* De-allocate the remainder of the frame before reenabling interrupts
+     * to avoid overrunning a task stack of TX_MINIMUM_STACK bytes, which
+     * can only handle one XT_STK_FRMSZ.
+     */
     #ifdef __XTENSA_CALL0_ABI__
     /* 'addi sp, sp, imm' could turn into 'addmi, addi' sequence and make */
     /* the sp briefly point to an illegal stack location. Avoid that.     */
-    addi    a2,  sp, XT_STK_FRMSZ
+    addi    a2,  sp, XT_STK_FRMSZ       /* fully deallocate stack frame */
     mov     sp,  a2
+    #else
+    addi    a2,  sp, XT_STK_FRMSZ - 48  /* initial SP at solicited entry; */
+    movsp   sp,  a2                     /* retw will deallocate remainder */
+    #endif
+
+    wsr     a3,  PS                     /* no need to sync PS, delay is OK */
+
+    /* This does not return to its caller, but to the selected thread. */
+    #ifdef __XTENSA_CALL0_ABI__
     ret
     #else
     retw
diff --git a/ports/xtensa/xcc/src/tx_thread_system_return.S b/ports/xtensa/xcc/src/tx_thread_system_return.S
@@ -70,20 +70,14 @@ _tx_thread_system_return:
     Since this is solicited, no need to save regs compiler doesn't preserve.
     */
 
-#if XCHAL_HAVE_XEA3
     #ifdef __XTENSA_CALL0_ABI__
-    addi    sp, sp, -16
+    addi    a2, sp, -16                     /* avoid addi/addmi relaxation that */
+    mov     sp, a2                          /* might temporarily move sp up     */
     #else
     entry   sp, 48
     #endif
+#if XCHAL_HAVE_XEA3
     s32i    a0, sp, 0                       /* save return address */
-#else
-    #ifdef __XTENSA_CALL0_ABI__
-    addi    a2, sp, -XT_STK_FRMSZ           /* avoid addi/addmi relaxation that */
-    mov     sp, a2                          /* might temporarily move sp up     */
-    #else
-    entry   sp, XT_STK_FRMSZ
-    #endif
 #endif
 
 #if (defined(TX_ENABLE_EXECUTION_CHANGE_NOTIFY) || defined(TX_EXECUTION_PROFILE_ENABLE))
@@ -109,6 +103,7 @@ _tx_thread_system_return:
     interrupts enabled, but we will have to revert SP to point above
     the exception frame because that is what the dispatch code expects.
     Must disable interrupts before that.
+    TODO: disable interrupts prior to stack allocation as we do for XEA2
     */
 
     movi    a0, .Lret
@@ -185,7 +180,27 @@ _tx_thread_system_return:
 
 #else /* XEA1 or XEA2 */
 
+    /* Disable interrupts before allocating the full stack frame.  Taking
+     * an interrupt will allocate a second exception stack frame, which will
+     * overrun a task stack of TX_MINIMUM_STACK bytes.
+     * Read PS so it can be saved off after stack adjustment.
+     */
     rsr     a2,  PS
+    XT_INTS_DISABLE(a3)
+
+    /* Allocate the remainder of the frame here; we already allocated
+     * 16 bytes for call0 or 48 bytes for windowed upon entry.
+     * This memory will be deallocated in the solicited exit logic prior
+     * to reenabling interrupts.
+     */
+    #ifdef __XTENSA_CALL0_ABI__
+    addi    a3, sp, -XT_STK_FRMSZ + 16              // avoid addi/addmi relaxation again
+    mov     sp, a3
+    #else
+    addi    a3, sp, -XT_STK_FRMSZ + 48
+    movsp   sp, a3
+    #endif
+
     s32i    a0,  sp, XT_STK_PC
     s32i    a2,  sp, XT_STK_PS
     #ifdef __XTENSA_CALL0_ABI__
@@ -205,8 +220,6 @@ _tx_thread_system_return:
     wsr     a2, PS
     rsync
     call0   xthal_window_spill_nw
-    l32i    a0,  sp, XT_STK_PS
-    wsr     a0,  PS                                 // Restore PS value
     rsync
     #endif
 
@@ -226,10 +239,9 @@ _tx_thread_system_return:
         a4  = &_tx_timer_time_slice
     */
 
-    /* Lock out interrupts (except hi-pri). */
+    /* Already locked out interrupts (except hi-pri). */
     /* Grab thread control block of current thread. */
     movi    a2, _tx_thread_current_ptr      /* a2 = &_tx_thread_current_ptr */
-    XT_INTS_DISABLE(a0)
     l32i    a3, a2, 0                       /* a3 points to TCB */
 
     /* Mark as having solicited entry to kernel (used on exit). */
