mirror of
https://github.com/zephyrproject-rtos/zephyr.git
synced 2024-12-04 10:18:24 +08:00
33bd2fed08
The task_wdt_add function changes the reload_period of the channel to a non-null value, which indicates that the channel is used. If the function is interrupted by a task_wdt_trigger running in ISR context before adding of the new channel has finished, the next timeout will be scheduled based on inconsistent channel data. Using a spinlock avoids such data races. Fixes #61004 Signed-off-by: Martin Jäger <martin@libre.solar>
244 lines
6.4 KiB
C
244 lines
6.4 KiB
C
/*
|
|
* Copyright (c) 2020 Libre Solar Technologies GmbH
|
|
*
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*/
|
|
|
|
#include <zephyr/task_wdt/task_wdt.h>
|
|
|
|
#include <zephyr/drivers/watchdog.h>
|
|
#include <zephyr/sys/reboot.h>
|
|
#include <zephyr/device.h>
|
|
#include <errno.h>
|
|
|
|
#define LOG_LEVEL CONFIG_WDT_LOG_LEVEL
|
|
#include <zephyr/logging/log.h>
|
|
LOG_MODULE_REGISTER(task_wdt);
|
|
|
|
/*
|
|
* This dummy channel is used to continue feeding the hardware watchdog if the
|
|
* task watchdog timeouts are too long for regular updates
|
|
*/
|
|
#define TASK_WDT_BACKGROUND_CHANNEL UINTPTR_MAX
|
|
|
|
/*
|
|
* Task watchdog channel data
|
|
*/
|
|
struct task_wdt_channel {
|
|
/* period in milliseconds used to reset the timeout, set to 0 to
|
|
* indicate that the channel is available
|
|
*/
|
|
uint32_t reload_period;
|
|
/* abs. ticks when this channel expires (updated by task_wdt_feed) */
|
|
int64_t timeout_abs_ticks;
|
|
/* user data passed to the callback function */
|
|
void *user_data;
|
|
/* function to be called when watchdog timer expired */
|
|
task_wdt_callback_t callback;
|
|
};
|
|
|
|
/* array of all task watchdog channels */
|
|
static struct task_wdt_channel channels[CONFIG_TASK_WDT_CHANNELS];
|
|
static struct k_spinlock channels_lock;
|
|
|
|
/* timer used for watchdog handling */
|
|
static struct k_timer timer;
|
|
|
|
#ifdef CONFIG_TASK_WDT_HW_FALLBACK
|
|
/* pointer to the hardware watchdog used as a fallback */
|
|
static const struct device *hw_wdt_dev;
|
|
static int hw_wdt_channel;
|
|
static bool hw_wdt_started;
|
|
#endif
|
|
|
|
static void schedule_next_timeout(int64_t current_ticks)
|
|
{
|
|
uintptr_t next_channel_id; /* channel which will time out next */
|
|
int64_t next_timeout; /* timeout in absolute ticks of this channel */
|
|
|
|
#ifdef CONFIG_TASK_WDT_HW_FALLBACK
|
|
next_channel_id = TASK_WDT_BACKGROUND_CHANNEL;
|
|
next_timeout = current_ticks +
|
|
k_ms_to_ticks_ceil64(CONFIG_TASK_WDT_MIN_TIMEOUT);
|
|
#else
|
|
next_channel_id = 0;
|
|
next_timeout = INT64_MAX;
|
|
#endif
|
|
|
|
/* find minimum timeout of all channels */
|
|
for (int id = 0; id < ARRAY_SIZE(channels); id++) {
|
|
if (channels[id].reload_period != 0 &&
|
|
channels[id].timeout_abs_ticks < next_timeout) {
|
|
next_channel_id = id;
|
|
next_timeout = channels[id].timeout_abs_ticks;
|
|
}
|
|
}
|
|
|
|
/* update task wdt kernel timer */
|
|
k_timer_user_data_set(&timer, (void *)next_channel_id);
|
|
k_timer_start(&timer, K_TIMEOUT_ABS_TICKS(next_timeout), K_FOREVER);
|
|
|
|
#ifdef CONFIG_TASK_WDT_HW_FALLBACK
|
|
if (hw_wdt_dev) {
|
|
wdt_feed(hw_wdt_dev, hw_wdt_channel);
|
|
}
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* @brief Task watchdog timer callback.
|
|
*
|
|
* If the device operates as intended, this function will never be called,
|
|
* as the timer is continuously restarted with the next due timeout in the
|
|
* task_wdt_feed() function.
|
|
*
|
|
* If all task watchdogs have longer timeouts than the hardware watchdog,
|
|
* this function is called regularly (via the background channel). This
|
|
* should be avoided by setting CONFIG_TASK_WDT_MIN_TIMEOUT to the minimum
|
|
* task watchdog timeout used in the application.
|
|
*
|
|
* @param timer_id Pointer to the timer which called the function
|
|
*/
|
|
static void task_wdt_trigger(struct k_timer *timer_id)
|
|
{
|
|
uintptr_t channel_id = (uintptr_t)k_timer_user_data_get(timer_id);
|
|
bool bg_channel = IS_ENABLED(CONFIG_TASK_WDT_HW_FALLBACK) &&
|
|
(channel_id == TASK_WDT_BACKGROUND_CHANNEL);
|
|
|
|
/* If the timeout expired for the background channel (so the hardware
|
|
* watchdog needs to be fed) or for a channel that has been deleted,
|
|
* only schedule a new timeout (the hardware watchdog, if used, will be
|
|
* fed right after that new timeout is scheduled).
|
|
*/
|
|
if (bg_channel || channels[channel_id].reload_period == 0) {
|
|
schedule_next_timeout(sys_clock_tick_get());
|
|
return;
|
|
}
|
|
|
|
if (channels[channel_id].callback) {
|
|
channels[channel_id].callback(channel_id,
|
|
channels[channel_id].user_data);
|
|
} else {
|
|
sys_reboot(SYS_REBOOT_COLD);
|
|
}
|
|
}
|
|
|
|
int task_wdt_init(const struct device *hw_wdt)
|
|
{
|
|
if (hw_wdt) {
|
|
#ifdef CONFIG_TASK_WDT_HW_FALLBACK
|
|
struct wdt_timeout_cfg wdt_config;
|
|
|
|
wdt_config.flags = WDT_FLAG_RESET_SOC;
|
|
wdt_config.window.min = 0U;
|
|
wdt_config.window.max = CONFIG_TASK_WDT_MIN_TIMEOUT +
|
|
CONFIG_TASK_WDT_HW_FALLBACK_DELAY;
|
|
wdt_config.callback = NULL;
|
|
|
|
hw_wdt_dev = hw_wdt;
|
|
hw_wdt_channel = wdt_install_timeout(hw_wdt_dev, &wdt_config);
|
|
if (hw_wdt_channel < 0) {
|
|
LOG_ERR("hw_wdt install timeout failed: %d", hw_wdt_channel);
|
|
return hw_wdt_channel;
|
|
}
|
|
#else
|
|
return -ENOTSUP;
|
|
#endif
|
|
}
|
|
|
|
k_timer_init(&timer, task_wdt_trigger, NULL);
|
|
|
|
return 0;
|
|
}
|
|
|
|
int task_wdt_add(uint32_t reload_period, task_wdt_callback_t callback,
|
|
void *user_data)
|
|
{
|
|
k_spinlock_key_t key;
|
|
|
|
if (reload_period == 0) {
|
|
return -EINVAL;
|
|
}
|
|
|
|
/*
|
|
* k_spin_lock instead of k_sched_lock required here to avoid being interrupted by a
|
|
* triggering other task watchdog channel (executed in ISR context).
|
|
*/
|
|
key = k_spin_lock(&channels_lock);
|
|
|
|
/* look for unused channel (reload_period set to 0) */
|
|
for (int id = 0; id < ARRAY_SIZE(channels); id++) {
|
|
if (channels[id].reload_period == 0) {
|
|
channels[id].reload_period = reload_period;
|
|
channels[id].user_data = user_data;
|
|
channels[id].timeout_abs_ticks = K_TICKS_FOREVER;
|
|
channels[id].callback = callback;
|
|
|
|
#ifdef CONFIG_TASK_WDT_HW_FALLBACK
|
|
if (!hw_wdt_started && hw_wdt_dev) {
|
|
/* also start fallback hw wdt */
|
|
wdt_setup(hw_wdt_dev,
|
|
WDT_OPT_PAUSE_HALTED_BY_DBG);
|
|
hw_wdt_started = true;
|
|
}
|
|
#endif
|
|
/* must be called after hw wdt has been started */
|
|
task_wdt_feed(id);
|
|
|
|
k_spin_unlock(&channels_lock, key);
|
|
|
|
return id;
|
|
}
|
|
}
|
|
|
|
k_spin_unlock(&channels_lock, key);
|
|
|
|
return -ENOMEM;
|
|
}
|
|
|
|
int task_wdt_delete(int channel_id)
|
|
{
|
|
k_spinlock_key_t key;
|
|
|
|
if (channel_id < 0 || channel_id >= ARRAY_SIZE(channels)) {
|
|
return -EINVAL;
|
|
}
|
|
|
|
key = k_spin_lock(&channels_lock);
|
|
|
|
channels[channel_id].reload_period = 0;
|
|
|
|
k_spin_unlock(&channels_lock, key);
|
|
|
|
return 0;
|
|
}
|
|
|
|
int task_wdt_feed(int channel_id)
|
|
{
|
|
int64_t current_ticks;
|
|
|
|
if (channel_id < 0 || channel_id >= ARRAY_SIZE(channels)) {
|
|
return -EINVAL;
|
|
}
|
|
|
|
/*
|
|
* We need a critical section instead of a mutex while updating the
|
|
* channels array in order to prevent priority inversion. Otherwise,
|
|
* a low priority thread could be preempted before releasing the mutex
|
|
* and block a high priority thread that wants to feed its task wdt.
|
|
*/
|
|
k_sched_lock();
|
|
|
|
current_ticks = sys_clock_tick_get();
|
|
|
|
/* feed the specified channel */
|
|
channels[channel_id].timeout_abs_ticks = current_ticks +
|
|
k_ms_to_ticks_ceil64(channels[channel_id].reload_period);
|
|
|
|
schedule_next_timeout(current_ticks);
|
|
|
|
k_sched_unlock();
|
|
|
|
return 0;
|
|
}
|