diff --git a/app/donglet/app-g031.toml b/app/donglet/app-g031.toml index 94f077e58b..0b83bc050a 100644 --- a/app/donglet/app-g031.toml +++ b/app/donglet/app-g031.toml @@ -17,6 +17,7 @@ max-sizes = {flash = 4096, ram = 512} start = true stacksize = 368 notifications = ["fault", "timer"] +features = ["no-panic"] [tasks.sys] name = "drv-stm32xx-sys" diff --git a/task/jefe/Cargo.toml b/task/jefe/Cargo.toml index 820b47b596..bae3c207f8 100644 --- a/task/jefe/Cargo.toml +++ b/task/jefe/Cargo.toml @@ -31,6 +31,7 @@ build-util = { path = "../../build/util" } [features] dump = [] nano = [ "ringbuf/disabled" ] +no-panic = [ "userlib/no-panic" ] # This section is here to discourage RLS/rust-analyzer from doing test builds, # since test builds don't work for cross compilation. diff --git a/task/jefe/src/main.rs b/task/jefe/src/main.rs index 2d48acd1de..5d5651e36c 100644 --- a/task/jefe/src/main.rs +++ b/task/jefe/src/main.rs @@ -310,9 +310,20 @@ impl idol_runtime::NotificationHandler for ServerImpl<'_> { let mut next_task = 1; while let Some(fault_index) = kipc::find_faulted_task(next_task) { let fault_index = usize::from(fault_index); - next_task = fault_index + 1; - - let status = &mut self.task_states[fault_index]; + // This addition cannot overflow in practice, because the number + // of tasks in the system is very much smaller than 2**32. So we + // use wrapping add, because currently the compiler doesn't + // understand this property. + next_task = fault_index.wrapping_add(1); + + // Safety: `fault_index` is from the kernel, and the kernel will + // not give us an out-of-range task index. + // + // TODO: it might be nice to fold this into a utility function + // in kipc or something + let status = unsafe { + self.task_states.get_unchecked_mut(fault_index) + }; // If we're aware that this task is in a fault state, don't // bother making a syscall to enquire.