k_thread_priority_set() on a pended thread wasn't re-inserting into the
waitq, causing the incorrect thread to run based on priority. When using
the scalable waitq config, this can also break assumptions of the tree
and leave the owner of a waitq still being in the waitq tree, cycles in
the tree, or a crash.
Remove and re-add a thread to a waitq to ensure the waitq remains in
order and the tree's assumptions are not violated.
To illustrate the issue, consider 4 threads in decreasing priority
order: A, B, C, and D along with two mutexes, m0 and m1. This is
implemented in the new complex_inversion mutex_api test.
1. D locks m1
2. C locks m0
3. C pends on m1
4. B pends on m1
5. A pends on m0, boosts C's priority, now tree on m1 is not sorted
6. D unlocks m1, left-most thread on tree is B. When removing B from
tree it cannot be found because it searches to the right of C due to
C's boosted priority when the node is actually on the left. rb_remove
silently fails.
7. B unlocks m1, left-most thread on tree is still B and it tries to
unpend itself, resulting in a NULL pointer dereference on
B->base.pended_on.
Signed-off-by: Josh DeWitt <josh.dewitt@garmin.com>
Introduces the Z_IS_TIMEOUT_RELATIVE() macro to help ensure that
checking for relative/absolute timeouts is consistent. Using this
macro also helps ensure that we get the correct behavior when using
32-bit timeouts (CONFIG_TIMEOUT_64BIT=n).
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Improve naming of the scheduler and call it what it is: simple. Using
'dumb' for the default scheduler algorithm in Zephyr is a bad idea.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The current_fp field in the z_kernel structure is only used
by 32-bit x86 (which does not support SMP). As such, it should
reside in the arch specific of section of _kernel.cpus[0].
This also changes the name of 'current_fp' to 'fpu_owner' to
be more consistent with other architectures.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
CONFIG_DYNAMIC_BOOTARGS currently depends on CONFIG_MULTIBOOT_INFO
and CONFIG_BUILD_OUTPUT_EFI which are x86 specific.
This change removes those dependencies so that another architecture
can use CONFIG_DYNAMIC_BOOTARGS without the x86 specifc features.
Signed-off-by: William Tambe <williamt@cadence.com>
Fix compilation with CONFIG_TIMER_READS_ITS_FREQUENCY_AT_RUNTIME=y and
CONFIG_SYS_CLOCK_HW_CYCLES_PER_SEC unset at the board/SoC level.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
Remove restrictions from device_init by allowing to perform device
initialization if the device state flags it being not initialized.
This makes the API usable in contexts where device_deinit has been
called before.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Add a new API to de-initialize a device. When a device is
de-initialized, it will release any resources it has acquired
(e.g. pins, memory, clocks, DMA channels, etc.) and its status
will be left as in its reset state.
It is the responsability of the caller to ensure that the device is
ready to be de-initialized.
For now, deinit call always initializes to NULL. New macros will be
introduced to not break existing device APIs.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Instead of passing a single init function, create
struct device_ops with the init function inside. This allows to easily
extend device's capabilities in the future without too much breakage,
e.g. to add a de-init call.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Introduce a new field to store device flags. Only device deferred init
flag has been added, replacing usage of linker hackery to know wether a
device requires initialization at boot time or not. This change will be
helpful in the near future as devices will become reference counted, so we
will need to know wether they have been initialized or not.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Such union is rather redundant, considering a simple const cast can be
done when initializing the init entry. Note that the init_entry does not
need to be touched now that struct device stores the init call. It is
merely an init entry sorted by linker scripts, so we can intertwine
devices and SYS_INIT.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Device init function is no longer taken from `struct init_entry`, so
there's no need to keep such union.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
It just complicates things. It is not C99 strandard, and since C11 is
not mandatory, it is better to play safe here.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
The 'order_key' field in the thread structure '_thread_base' is only
required when CONFIG_SCHED_SCALABLE and/or CONFIG_WAITQ_SCALABLE are
enabled (neither of which is a default setting). Making the existence
of this field conditional slightly reduces the size of the k_thread
structure when neither of those Kconfig options are selected.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
k_sleep() returns a 32 bit count of milliseconds, as that was its
historical API. But it now accepts a potentially 64 bit tick count as
an argument, leading to situations where an early wakeup will produce
sleep times that aren't representable. Clamp this instead of
truncating to an arbitrary value.
Naive code will likely do the right thing with the large return (just
sleeping an extra round), and sophisticated apps can detect INT_MAX to
enable more elaborate retry logic.
(Also fixes a somewhat unfortunate puncutation error in the docs that
implied that it returns zero on early wakeup!)
Fixes: #84669
Signed-off-by: Andy Ross <andyross@google.com>
Currently, the soc/stm32/ccm.ld is not handled in
CMAKE_LINKER_GENERATOR.
This commit adds support, making STM32 supportable by
alternative linkers such as AC6 and IAR.
This commit also renames a variable to match all other
LOADADDR symbols.
Signed-off-by: Robin Kastberg <robin.kastberg@iar.com>
Calling a (handled/ignored) panic with the scheduler lock held
produces spinlock errors in some circumstances, depending on whether
or not the swap gets reached before another context switch. Release
the lock around the call, we don't touch any scheduler state on the
path to z_swap(), so this is safe.
Signed-off-by: Andy Ross <andyross@google.com>
Setting CONFIG_NUM_PREEMPT_PRIORITIES to 128 causes the idle thread to be
assigned priority 128, which exceeds the int8_t range. This results in the
idle thread being assigned the highest priority (-128) instead of the
lowest, causing threads to not wake up from k_sleep.
Restrict the range of CONFIG_NUM_PREEMPT_PRIORITIES to 0 to 127 to ensure
the idle thread always has the lowest priority.
Signed-off-by: Jonas Spinner <jonas.spinner@burkert.com>
With spinlock debugging enabled LLEXTs need additional symbols
exported by the kernel.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
The essential thread check and panic happens at the top of
k_thread_abort(). This is arguably a performance bug: the system is
going to blow up anyway no matter where we put the test, we shouldn't
add instructions to the path taken by systems that DON'T blow up.
But really it's more of a testability/robustness glitch: if you have a
fatal error handler that wants to catch this panic (say, a test using
ztest_set_fault_valid()), then the current code will panic and
early-exit BEFORE THE THREAD IS DEAD. And so it won't actually die,
and will continue on causing mayhem when presumably the handler code
expected it to have been aborted.
It's sort of an unanswerable question as to what the "right" behavior
is here (the system is, after all, supposed to have panicked!). But
this seems preferable for definable practical reasons.
Kill the thread, then panic. Unless it's _current, in which case
panic as late as possible for maximum coverage of the abort path.
Fixes: #84460
Signed-off-by: Andy Ross <andyross@google.com>
K_KERNEL_STACK_RESERVED can be 0 which can give a warning with
-Wtype-limits. Only perform the check if ARCH_KERNEL_STACK_RESERVED
is set. Also remove the the unncessary sets in arch.h where it's
manually set to 0, it defaults to 0 anyways.
Signed-off-by: Ryan McClelland <ryanmcclelland@meta.com>
The routine k_thread_suspend() has a fast path for non-SMP when
suspending the current thread. When SMP is enabled, it is expected
that the compiler drop the entire fast path checks because the whole
expression would always evaluate to false. However, the compiler has
been observed to only drop whole fast path check when the
"!IS_ENABLED(CONFIG_SMP)" condition appears at the beginning of the
fast path check.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
z_reschedule() already has a check to determine if it is called from
the context of an ISR--no need to duplicate it in k_wakeup().
Furthermore, if the target thread is not sleeping, there is no need
to reschedule and we can do a fast return.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
1. Fixes a performance issue in k_msgq_put() to allow for a fast return
path when handling a poll event does nothing.
2. Allows for a fast return path in k_msgq_purge() when no threads were
awakened.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Updates the queue code to both allow for a fast return path in a
few routines when the operation did not wake or signal another
thread.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
When doing a condition variable broadcast, a full reschedule
is only needed if at least one thread was awakened.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Propagates the return value from z_handle_obj_poll_events()
within the message queue, pipes, queue and semaphore objects.
This allows the kernel object code to determine whether it
needs to perform a full reschedule, or if it can perform a
more optimized exit strategy.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Changes the return type of z_handle_obj_poll_events() so that it
returns true if there were polling events to handle (false
otherwise).
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Fix a void* to k_thread_entry_t conversion (that is silent in GCC but
not so in some other tools) in _is_valid_prio()
Signed-off-by: Björn Bergman <bjorn.bergman@iar.com>
Adds a note about the timeout_lock to aid future developers
in following the rules to help prevent deadlocks involving the
timeout and scheduler spinlocks.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
The check for an active timeout in z_is_thread_ready() was originally
added to cover the case of a sleeping thread. However, since there is
now a bit in the thread state that indicates if the thread is sleeping
we can drop that superfluous check.
Making this change necessitates moving k_wakeup()'s call to
z_abort_thread_timeout() so that it is within the locked
_sched_spinlock section to ensure that we do not end up with
a stray thread timeout in the timeout list.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Removes an unnecessary clearing of the current CPU's swap_ok field
in do_swap() as that clearing is already done at the end of next_up()
which was just called by z_swap_next_thread() a little earlier.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
SMP does not need to mark the current thread as queued in
k_yield() as that will naturally get done in do_swap().
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
When the PM subsystem is enabled, the idle thread locks the scheduler for
the duration the system is suspended. If a meta-IRQ preempts the idle
thread in this state, the idle thread is tracked in `metairq_preempted`.
However, when returning from the preemption, the idle thread is not removed
from `metairq_preempted`, unlike all the other threads. As a result, the
scheduler keeps running the idle thread even if there are higher priority
threads ready to run.
This change treats the idle thread the same way as all other threads when
returning from a meta-IRQ preemption.
Fixes#64705
Signed-off-by: Kalle Kietäväinen <kalle.kietavainen@silabs.com>
The compiler complains that:
```
zephyr/kernel/include/kernel_internal.h:121:29:
error: 'reader' may be used uninitialized [-Werror=maybe-uninitialized]
121 | thread->swap_retval = value;
| ~~~~~~~~~~~~~~~~~~~~^~~~~~~
zephyr/kernel/pipe.c: In function 'copy_to_pending_readers':
zephyr/kernel/pipe.c:92:26: note: 'reader' was declared here
92 | struct k_thread *reader;
| ^~~~~~
```
The static analyzer fails to see through the `LOCK_SCHED_SPINLOCK`
construct that the `reader` pointer is always initialized.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Systems that enabled this option don't have their stacks in coherent
memory. Given our pipe_buf_spec is stored on the stack, and readers may
also have their destination buffer on their stack too, it is not worth
going to the trouble of supporting direct-to-readers copy with them.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
We are waking up threads but failed to let them run if they are
higher priority. Add missing calls to z_reschedule().
Also wake up all pending writers as we don't know how many there might
be. It is more efficient to wake them all when the ring buffer is full
before reading from it rather than waking them one by one whenever there is
more room in it.
Thanks to Peter Mitsis for noticing those issues.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
If there are pending readers, it is best to perform a single data copy
directly into their final destination buffer rather than doing one copy
into the ring buffer just to immediately copy the same data out of it.
Incidentally, this allows for supporting pipes with no ring buffer at all.
The pipe implementation being deprecated has a similar capability so better
have it here too.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Dispense with the call to sys_timepoint_expired() by leveraging
swap_retval to distinguish between notifications and timeouts when
z_pend_curr() returns.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Simplify the logic, avoid repeated conditionals, avoid superfluous
scheduler calls, make the code more efficient and easier to read.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Change:
commit cc6317d7ac
Author: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Date: Fri Nov 1 14:03:32 2019 +0200
kernel: poll: Allow 0 event input
Allows `k_poll` to be user with 0 events, which is useful for allowing just
a sleep without having to create artificial events.
Allow the same for `k_work_submit_to_queue()` and `k_work_submit()`.
Signed-off-by: David Brown <david.brown@linaro.org>
This commit adds new test cases for the pipe API rework.
* basic.c: Sanity check for pipe operations.
* concurrency.c: Test pipe operations with multiple threads.
* stress.c: Test pipe operations under stress conditions.
And moves the old pipe test cases to the deprecated folder.
Signed-off-by: Måns Ansgariusson <Mansgariusson@gmail.com>
