Fix Cortex-R5 IRQ/FIQ context switching and SP banking

This fixes critical bugs in context save/restore for ARM Cortex-R5:
- Mode-aware stack pointer banking (sp_svc vs sp_sys)
- Traditional exception return (MOVS pc,lr) for QEMU compatibility
- Correct ARM register ordering in LDMIA operations
- Stack frame alignment and leak prevention
- Register preservation across mode switches

Resolves system reset on custom interrupts.

Author: jserv

ports/cortex_r5/gnu/src/tx_thread_context_restore.S

@@ -26,9 +26,11 @@
 
 #ifdef TX_ENABLE_FIQ_SUPPORT
 SVC_MODE        =     0xD3               @ Disable IRQ/FIQ, SVC mode
+SYS_MODE        =     0xDF               @ Disable IRQ/FIQ, SYS mode
 IRQ_MODE        =     0xD2               @ Disable IRQ/FIQ, IRQ mode
 #else
 SVC_MODE        =     0x93               @ Disable IRQ, SVC mode
+SYS_MODE        =     0x9F               @ Disable IRQ, SYS mode
 IRQ_MODE        =     0x92               @ Disable IRQ, IRQ mode
 #endif
 @
@@ -156,37 +158,87 @@ __tx_thread_no_preempt_restore:
 @
 @    /* Restore interrupted thread or ISR.  */
 @
-@    /* Pickup the saved stack pointer.  */
+@    /* Switch to SYS mode and pickup the saved stack pointer.  */
 @    tmp_ptr =  _tx_thread_current_ptr -> tx_thread_stack_ptr;
 @
-    LDR     sp, [r0, #8]                        @ Restore thread stack pointer
+@    /* Load PC and CPSR from thread stack while in IRQ mode */
+    LDR     r1, [r0, #8]                    @ r1 = thread stack pointer
+    ADD     r2, r1, #24                     @ r2 = address of saved PC (skip 6 regs)
+    LDMIA   r2, {r3, r12}                   @ r3 = PC, r12 = CPSR
 @
-@   /* Recover the saved context and return to the point of interrupt.  */
+@    /* Load CPSR into SPSR_irq and PC into lr */
+    MSR     SPSR_cxsf, r12                  @ Load CPSR into SPSR_irq
+    MOV     lr, r3                          @ Load return address
 @
-    LDMIA   sp!, {r0, r10, r12, lr}         @ Recover SPSR, POI, and scratch regs
-    MSR     SPSR_cxsf, r0                   @ Put SPSR back
-    LDMIA   sp!, {r0-r3}                    @ Recover r0-r3
-    MOVS    pc, lr                          @ Return to point of interrupt
+@    /* Switch to thread's actual mode (not blindly SYS) */
+    MOV     r3, r12                         @ Copy CPSR to r3
+    AND     r3, r3, #0x1F                   @ Isolate mode bits
+    CMP     r3, #0x13                       @ Is thread in SVC mode?
+    BEQ     __tx_restore_svc_mode           @ Yes, use SVC mode
+@
+@    /* Thread in SYS/USR mode (0x1F or 0x10) */
+    CPS     #0x1F                           @ Switch to SYS mode
+    MOV     sp, r1                          @ Set SP_sys to thread stack
+    B       __tx_restore_continue
+@
+__tx_restore_svc_mode:
+@    /* Thread in SVC mode (0x13) */
+    CPS     #0x13                           @ Switch to SVC mode
+    MOV     sp, r1                          @ Set SP_svc to thread stack
+@
+__tx_restore_continue:
+    LDMIA   sp!, {r0-r3, r10, r12}          @ Restore r0-r3, r10, r12
+    ADD     sp, sp, #8                      @ Skip saved PC and CPSR (8 bytes)
+@
+@    /* Switch back to IRQ mode for proper exception return */
+    CPS     #0x12                           @ Switch to IRQ mode
+@
+@    /* Return from exception (SPSR_irq->CPSR, lr->PC) */
+    MOVS    pc, lr                          @ Return from exception
 @
 @    }
 @    else
 @    {
 __tx_thread_preempt_restore:
 @
-    LDR     sp, [r0, #8]                        @ Restore thread stack pointer
-    LDMIA   sp!, {r3, r10, r12, lr}         @ Recover temporarily saved registers
-    MOV     r1, lr                          @ Save lr (point of interrupt)
-    MOV     r2, #SVC_MODE                   @ Build SVC mode CPSR
-    MSR     CPSR_c, r2                      @ Enter SVC mode
+@    /* Restore context and convert to full thread frame for scheduler. */
+@    /* Context on thread stack: r0-r3, r10, r12, LR, SPSR (RFE-compatible). */
+@
+@    /* Determine thread's mode from saved CPSR */
+    LDR     r3, [r0, #8]                    @ r3 = thread stack pointer
+    LDR     r12, [r3, #28]                  @ r12 = saved CPSR
+    AND     r12, r12, #0x1F                 @ r12 = mode bits
+    CMP     r12, #0x13                      @ SVC mode?
+    BEQ     __tx_preempt_svc_mode
+@
+@    /* Thread was in SYS mode */
+    MOV     r12, #SYS_MODE                  @ SYS mode + interrupts disabled
+    MSR     CPSR_c, r12                     @ Switch to SYS mode
+    B       __tx_preempt_load_context
+@
+__tx_preempt_svc_mode:
+    MOV     r12, #SVC_MODE                  @ SVC mode + interrupts disabled
+    MSR     CPSR_c, r12                     @ Switch to SVC mode
+@
+__tx_preempt_load_context:
+    LDR     sp, [r0, #8]                    @ Restore thread stack pointer
+@
+@    /* Read the interrupt frame without destroying it yet. */
+@
+    LDM     sp, {r0-r3}                     @ Read r0-r3 (without popping)
+    ADD     sp, sp, #16                     @ Move past r0-r3 (4 regs * 4 bytes)
+    LDMIA   sp!, {r10, r12}                 @ Load r10, r12 (ascending order: 10 < 12)
+    LDMIA   sp!, {r1}                       @ Load LR->r1
+    LDR     r2, [sp], #4                    @ Load SPSR->r2 and advance SP
+@
+@    /* Now build full thread context in SVC mode. */
+@
+    MOV     r3, #SVC_MODE                   @ Build SVC mode CPSR
+    MSR     CPSR_c, r3                      @ Enter SVC mode
     STR     r1, [sp, #-4]!                  @ Save point of interrupt
-    STMDB   sp!, {r4-r12, lr}               @ Save upper half of registers
-    MOV     r4, r3                          @ Save SPSR in r4
-    MOV     r2, #IRQ_MODE                   @ Build IRQ mode CPSR
-    MSR     CPSR_c, r2                      @ Enter IRQ mode
-    LDMIA   sp!, {r0-r3}                    @ Recover r0-r3
-    MOV     r5, #SVC_MODE                   @ Build SVC mode CPSR
-    MSR     CPSR_c, r5                      @ Enter SVC mode
-    STMDB   sp!, {r0-r3}                    @ Save r0-r3 on thread's stack
+    STMDB   sp!, {r4-r12, lr}               @ Save upper half of registers (thread's r4-r12!)
+    MOV     r4, r2                          @ Move SPSR to r4 (thread's r4 already saved!)
+    STMDB   sp!, {r0-r3}                    @ Save r0-r3 on SVC stack
 @
     LDR     r1, =_tx_thread_current_ptr     @ Pickup address of current thread ptr
     LDR     r0, [r1]                        @ Pickup current thread pointer

ports/cortex_r5/gnu/src/tx_thread_context_save.S

@@ -22,6 +22,16 @@
 #include "tx_user.h"
 #endif
 
+#ifdef TX_ENABLE_FIQ_SUPPORT
+SVC_MODE        =     0xD3               @ Disable IRQ/FIQ, SVC mode
+SYS_MODE        =     0xDF               @ Disable IRQ/FIQ, SYS mode
+IRQ_MODE        =     0xD2               @ Disable IRQ/FIQ, IRQ mode
+#else
+SVC_MODE        =     0x93               @ Disable IRQ, SVC mode
+SYS_MODE        =     0x9F               @ Disable IRQ, SYS mode
+IRQ_MODE        =     0x92               @ Disable IRQ, IRQ mode
+#endif
+@
     .global     _tx_thread_system_state
     .global     _tx_thread_current_ptr
     .global     _tx_irq_processing_return
@@ -120,7 +130,7 @@ _tx_thread_context_save:
     POP     {lr}                            @ Recover ISR lr
 #endif
 
-    B       __tx_irq_processing_return      @ Continue IRQ processing 
+    B       __tx_irq_processing_return      @ Continue IRQ processing
 @
 __tx_thread_not_nested_save:
 @    }
@@ -134,26 +144,61 @@ __tx_thread_not_nested_save:
     LDR     r1, =_tx_thread_current_ptr     @ Pickup address of current thread ptr
     LDR     r0, [r1]                        @ Pickup current thread pointer
     CMP     r0, #0                          @ Is it NULL?
-    BEQ     __tx_thread_idle_system_save    @ If so, interrupt occurred in 
+    BEQ     __tx_thread_idle_system_save    @ If so, interrupt occurred in
                                             @   scheduling loop - nothing needs saving!
 @
-@    /* Save minimal context of interrupted thread.  */
+@    /* Save minimal context of interrupted thread on thread's stack.  */
+@    /* Stack frame: r0-r3, r10, r12, PC, CPSR (32 bytes) */
 @
-    MRS     r2, SPSR                        @ Pickup saved SPSR
-    SUB     lr, lr, #4                      @ Adjust point of interrupt
-    STMDB   sp!, {r2, r10, r12, lr}         @ Store other registers
+    MOV     r2, sp                          @ r2 = IRQ stack pointer (has saved r0-r3)
 @
-@    /* Save the current stack pointer in the thread's control block.  */
-@    _tx_thread_current_ptr -> tx_thread_stack_ptr =  sp;
+@    /* Pickup SPSR and adjust return address BEFORE switching modes */
+    MRS     r3, SPSR                        @ r3 = saved SPSR (thread's CPSR)
+    SUB     lr, lr, #4                      @ Adjust point of interrupt (lr_irq)
+    MOV     r1, lr                          @ Save lr_irq in r1 (before mode switch!)
+@
+@    /* Switch to the thread's actual mode (from SPSR) to access its stack */
+@    /* r3 contains SPSR_irq = thread's saved CPSR */
+    AND     r4, r3, #0x1F                   @ r4 = thread's mode bits
+    CMP     r4, #0x13                       @ Was thread in SVC mode?
+    BEQ     __tx_save_svc_mode
+@
+@    /* Thread was in SYS/USR mode - switch to SYS mode */
+@    /* Note: USR and SYS share the same sp/lr register bank */
+    MOV     r4, #SYS_MODE                   @ SYS mode + interrupts disabled
+    MSR     CPSR_c, r4                      @ Switch to SYS mode
+    B       __tx_save_context_on_stack
+@
+__tx_save_svc_mode:
+@    /* Thread was in SVC mode - switch to SVC mode */
+    MOV     r4, #SVC_MODE                   @ SVC mode + interrupts disabled
+    MSR     CPSR_c, r4                      @ Switch to SVC mode
+@
+__tx_save_context_on_stack:
+@    /* Now sp = thread's actual stack pointer (sp_sys or sp_svc) */
+@
+@    /* Save SPSR and PC to stack */
+    STR     r3, [sp, #-4]!                  @ Push SPSR at [SP-4]
+    STR     r1, [sp, #-4]!                  @ Push lr_irq (as PC) at [SP-8]
 @
-    LDR     r1, =_tx_thread_system_stack_ptr    @ Pickup system stack pointer address
-    STR     sp, [r0, #8]                        @ Save thread stack pointer
+@    /* Recover original r0-r3 from IRQ stack (r2 still points to IRQ stack) */
+    LDMIA   r2, {r0-r3}                     @ Recover thread's r0-r3 from IRQ stack
 @
-@    /* Switch to the system stack.  */
-@    sp =  _tx_thread_system_stack_ptr@
+@    /* Save remaining registers */
+    STMDB   sp!, {r0-r3, r10, r12}          @ Save r0-r3, r10, r12 (final SP = base-32)
 @
-    LDR     sp, [r1]                            @ Switch to system stack
-    MOV     r10, #0                             @ Clear stack limit
+@    /* Save the thread's stack pointer in the thread's control block.  */
+@    _tx_thread_current_ptr -> tx_thread_stack_ptr =  sp;
+@
+    LDR     r1, =_tx_thread_current_ptr     @ Reload current thread pointer address
+    LDR     r0, [r1]                        @ Get current thread pointer
+    STR     sp, [r0, #8]                    @ Save updated thread stack pointer
+@
+@    /* Switch to IRQ mode to use dedicated IRQ stack for ISR execution.  */
+    MOV     r4, #IRQ_MODE                   @ IRQ mode + interrupts disabled
+    MSR     CPSR_c, r4                      @ Switch to IRQ mode
+    ADD     sp, sp, #16                     @ Pop stale r0-r3 from IRQ stack (4 regs * 4 bytes)
+    MOV     r10, #0                         @ Clear stack limit
 
 #ifdef TX_ENABLE_EXECUTION_CHANGE_NOTIFY
 @
@@ -164,7 +209,7 @@ __tx_thread_not_nested_save:
     POP     {lr}                            @ Recover ISR lr
 #endif
 
-    B       __tx_irq_processing_return      @ Continue IRQ processing 
+    B       __tx_irq_processing_return      @ Continue IRQ processing
 @
 @    }
 @    else
@@ -173,9 +218,6 @@ __tx_thread_not_nested_save:
 __tx_thread_idle_system_save:
 @
 @    /* Interrupt occurred in the scheduling loop.  */
-@
-@    /* Not much to do here, just adjust the stack pointer, and return to IRQ 
-@       processing.  */
 @
     MOV     r10, #0                         @ Clear stack limit
 
@@ -189,10 +231,7 @@ __tx_thread_idle_system_save:
 #endif
 
     ADD     sp, sp, #16                     @ Recover saved registers
-    B       __tx_irq_processing_return      @ Continue IRQ processing  
+    B       __tx_irq_processing_return      @ Continue IRQ processing
 @
 @    }
 @}
-
-
-

ports/cortex_r5/gnu/src/tx_thread_fiq_context_restore.S

@@ -158,36 +158,59 @@ __tx_thread_fiq_no_preempt_restore:
 @
 @    /* Restore interrupted thread or ISR.  */
 @
-@    /* Pickup the saved stack pointer.  */
+@    /* Use traditional exception return from FIQ mode */
+@    /* Stack frame: r0-r3, r10, r12, PC, CPSR */
 @    tmp_ptr =  _tx_thread_current_ptr -> tx_thread_stack_ptr;
 @
-    LDR     sp, [r0, #8]                        @ Restore thread stack pointer
+@    /* Load PC and CPSR from thread stack while in FIQ mode */
+    LDR     r1, [r0, #8]                        @ r1 = thread stack pointer
+    ADD     r2, r1, #24                         @ r2 = address of saved PC (skip 6 regs)
+    LDMIA   r2, {r3, r12}                       @ r3 = PC, r12 = CPSR
 @
-@    /* Recover the saved context and return to the point of interrupt.  */
+@    /* Load CPSR into SPSR_fiq and PC into lr */
+    MSR     SPSR_cxsf, r12                      @ Load CPSR into SPSR_fiq
+    MOV     lr, r3                              @ Load return address
 @
-    LDMIA   sp!, {r0, lr}                       @ Recover SPSR, POI, and scratch regs
-    MSR     SPSR_cxsf, r0                       @ Put SPSR back
-    LDMIA   sp!, {r0-r3}                        @ Recover r0-r3
-    MOVS    pc, lr                              @ Return to point of interrupt
+@    /* Switch to thread's actual mode (not blindly SYS) */
+    MOV     r3, r12                             @ Copy CPSR to r3
+    AND     r3, r3, #0x1F                       @ Isolate mode bits
+    CMP     r3, #0x13                           @ Is thread in SVC mode?
+    BEQ     __tx_fiq_restore_svc_mode           @ Yes, use SVC mode
+@
+@    /* Thread in SYS/USR mode (0x1F or 0x10) */
+    CPS     #0x1F                               @ Switch to SYS mode
+    MOV     sp, r1                              @ Set SP_sys to thread stack
+    B       __tx_fiq_restore_continue
+@
+__tx_fiq_restore_svc_mode:
+@    /* Thread in SVC mode (0x13) */
+    CPS     #0x13                               @ Switch to SVC mode
+    MOV     sp, r1                              @ Set SP_svc to thread stack
+@
+__tx_fiq_restore_continue:
+    LDMIA   sp!, {r0-r3, r10, r12}              @ Restore r0-r3, r10, r12
+    ADD     sp, sp, #8                          @ Skip saved PC and CPSR (8 bytes)
+@
+@    /* Switch back to FIQ mode for proper exception return */
+    CPS     #0x11                               @ Switch to FIQ mode
+@
+@    /* Return from exception (SPSR_fiq->CPSR, lr->PC) */
+    MOVS    pc, lr                              @ Return from exception
 @
 @    }
 @    else
 @    {
 __tx_thread_fiq_preempt_restore:
 @
+    CPS     #0x1F                               @ Switch to SYS mode
     LDR     sp, [r0, #8]                        @ Restore thread stack pointer
-    LDMIA   sp!, {r3, lr}                       @ Recover temporarily saved registers
-    MOV     r1, lr                              @ Save lr (point of interrupt)
+    LDM     sp, {r0-r3, r10, r12}               @ Read registers (without popping)
+    ADD     sp, sp, #24                         @ Move past saved registers
+    LDMIA   sp!, {r1, r4}                       @ r1 = LR, r4 = SPSR
     MOV     r2, #SVC_MODE                       @ Build SVC mode CPSR
     MSR     CPSR_c, r2                          @ Enter SVC mode
     STR     r1, [sp, #-4]!                      @ Save point of interrupt
     STMDB   sp!, {r4-r12, lr}                   @ Save upper half of registers
-    MOV     r4, r3                              @ Save SPSR in r4
-    MOV     r2, #FIQ_MODE                       @ Build FIQ mode CPSR
-    MSR     CPSR_c, r2                          @ Reenter FIQ mode
-    LDMIA   sp!, {r0-r3}                        @ Recover r0-r3
-    MOV     r5, #SVC_MODE                       @ Build SVC mode CPSR
-    MSR     CPSR_c, r5                          @ Enter SVC mode
     STMDB   sp!, {r0-r3}                        @ Save r0-r3 on thread's stack
     MOV     r3, #1                              @ Build interrupt stack type
     STMDB   sp!, {r3, r4}                       @ Save interrupt stack type and SPSR

ports/cortex_r5/gnu/src/tx_thread_fiq_context_save.S

@@ -134,27 +134,48 @@ __tx_thread_fiq_not_nested_save:
     BEQ     __tx_thread_fiq_idle_system_save    @ If so, interrupt occurred in 
 @                                               @   scheduling loop - nothing needs saving! 
 @
-@    /* Save minimal context of interrupted thread.  */
+@    /* Save minimal context of interrupted thread on thread's stack.  */
+@    /* Must switch to SYS mode and set SP before saving context */
+@    /* Stack frame ordered for RFE compatibility: r0-r3, r10, r12, PC, CPSR */
+@    /* Note: FIQ mode has banked r8-r12, so we save thread's r10/r12 from SYS mode. */
 @
-    MRS     r2, SPSR                            @ Pickup saved SPSR
-    SUB     lr, lr, #4                          @ Adjust point of interrupt
-    STMDB   sp!, {r2, lr}                       @ Store other registers, Note that we don't
-@                                               @   need to save sl and ip since FIQ has
-@                                               @   copies of these registers.  Nested
-@                                               @   interrupt processing does need to save
-@                                               @   these registers.
+@    /* Get thread's stack pointer from TCB (r0 = current thread ptr) */
+    MOV     r2, sp                              @ r2 = FIQ stack pointer (has saved r0-r3)
+    LDR     r1, [r0, #8]                        @ r1 = thread stack pointer from TCB
 @
-@    /* Save the current stack pointer in the thread's control block.  */
+@    /* Pickup SPSR and adjust return address BEFORE switching modes */
+    MRS     r3, SPSR                            @ r3 = saved SPSR
+    SUB     lr, lr, #4                          @ Adjust point of interrupt (lr_fiq)
+    MOV     r1, lr                              @ Save lr_fiq in r1 (before mode switch!)
+@
+@    /* Switch to SYS mode and set SP to thread's stack pointer */
+    CPS     #0x1F                               @ Switch to SYS mode
+    LDR     sp, [r0, #8]                        @ Load thread SP directly into sp
+@
+@    /* Save SPSR and LR to final stack positions (r2 still points to FIQ stack) */
+    STR     r3, [sp, #-4]!                      @ Push SPSR at [SP-4]
+    STR     r1, [sp, #-4]!                      @ Push lr_fiq (as PC) at [SP-8]
+@
+@    /* Now recover original r0-r3 from exception stack (r2 reg not yet modified) */
+    LDMIA   r2, {r0-r3}                         @ Recover thread's r0-r3 from FIQ stack
+@
+@    /* Save remaining registers below LR */
+    STMDB   sp!, {r0-r3, r10, r12}              @ Save r0-r3, r10, r12 (final SP = base-32)
+@
+@    /* Save the thread's stack pointer in the thread's control block.  */
 @    _tx_thread_current_ptr -> tx_thread_stack_ptr =  sp;
 @
-    LDR     r1, =_tx_thread_system_stack_ptr    @ Pickup system stack pointer address
-    STR     sp, [r0, #8]                        @ Save thread stack pointer
+    LDR     r1, =_tx_thread_current_ptr         @ Reload current thread pointer address
+    LDR     r0, [r1]                            @ Get current thread pointer
+    STR     sp, [r0, #8]                        @ Save updated thread stack pointer
 @
-@    /* Switch to the system stack.  */
-@    sp =  _tx_thread_system_stack_ptr;
+@    /* Switch to FIQ mode to use dedicated FIQ stack for ISR execution.  */
+@    /* This prevents thread stack overflow during deep interrupt nesting. */
+@    /* Note: r0-r3 on FIQ stack are now stale but will be popped on return. */
 @
-    LDR     sp, [r1]                            @ Switch to system stack
-    MOV     r10, #0                             @ Clear stack limit
+    CPS     #0x11                               @ Switch to FIQ mode
+    ADD     sp, sp, #16                         @ Pop stale r0-r3 from FIQ stack (4 regs * 4 bytes)
+    MOV     r10, #0                             @ Clear stack limit (also saved to thread stack)
 
 #ifdef TX_ENABLE_EXECUTION_CHANGE_NOTIFY
 @