fix: race condition when mmapping or munmapping in esp_partition (IDFGH-14841)

[smjothen]

We have multiple tasks that do reads from encrypted partitions. This incurs quite a few calls to esp_partition_mmap, which then calls spi_flash_mmap and then esp_mmu_map. esp_mmu_map is not thread safe, however, and thus with lots of reads to encrypted partitions, some corruption can occur to the internal esp_mmu list of mapped regions.

This usually results in a panic of some sort, usually either due to trying to map an invalid address, or trying to unmap an address that has already been unmapped.

Description

To fix this there is a new mutex added in esp_partition to ensure there is no concurrent changes to mapped regions.

Related

Testing

Created an example application that has two tasks that repeatedly call esp_partition_mmap and esp_partition_munmap very frequently. The issue usually triggers within a few seconds, causing a panic of some sort.

With the fix applied, the application no longer panics.

---

Checklist

Before submitting a Pull Request, please ensure the following:

• 🚨 This PR does not introduce breaking changes.
• All CI checks (GH Actions) pass.
• Documentation is updated as needed.
• Tests are updated or added as necessary.
• Code is well-commented, especially in complex areas.
• Git history is clean — commits are squashed to the minimum necessary.

[CLAassistant]

All committers have signed the CLA.

[github-actions]

	Messages
📖	🎉 Good Job! All checks are passing!

👋 Hello smjothen, we appreciate your contribution to this project!

---

📘 Please review the project's Contributions Guide for key guidelines on code, documentation, testing, and more.

---

🖊️ Please also make sure you have read and signed the Contributor License Agreement for this project.

---

Click to see more instructions ...

This automated output is generated by the PR linter DangerJS, which checks if your Pull Request meets the project's requirements and helps you fix potential issues.

DangerJS is triggered with each push event to a Pull Request and modify the contents of this comment.

Please consider the following:
- Danger mainly focuses on the PR structure and formatting and can't understand the meaning behind your code or changes.
- Danger is not a substitute for human code reviews; it's still important to request a code review from your colleagues.
- To manually retry these Danger checks, please navigate to the Actions tab and re-run last Danger workflow.

Review and merge process you can expect ...

We do welcome contributions in the form of bug reports, feature requests and pull requests via this public GitHub repository.

This GitHub project is public mirror of our internal git repository

1. An internal issue has been created for the PR, we assign it to the relevant engineer.
2. They review the PR and either approve it or ask you for changes or clarifications.
3. Once the GitHub PR is approved, we synchronize it into our internal git repository.
4. In the internal git repository we do the final review, collect approvals from core owners and make sure all the automated tests are passing.
- At this point we may do some adjustments to the proposed change, or extend it by adding tests or documentation.
5. If the change is approved and passes the tests it is merged into the default branch.
5. On next sync from the internal git repository merged change will appear in this public GitHub repository.

Generated by 🚫 dangerJS against d15f747

[smjothen]

Here's an example application that triggers panics for me, with the pull request applied it no longer causes any panics.

mmap_race.tar.gz

[Alvin1Zhang]

Thanks for contribution again, changes have been merged with b45b29a.