Release g_irqchainlock before calling irq_detach to avoid holding two locks
simultaneously, which can cause thread deadlock.
The irqchain_detach function was calling irq_detach while holding g_irqchainlock,
and irq_detach attempts to acquire g_irqlock. This lock ordering violation could
lead to deadlock in multithreaded scenarios.
Fix:
- Move spin_unlock_irqrestore(&g_irqchainlock, flags) before irq_detach call
- Ensure locks are released in proper order to prevent circular wait
This is part of the irq_chain_lock feature for safer IRQ chain handling.
Signed-off-by: pangzhen1 <pangzhen1@xiaomi.com>
Add compilation condition for 'nx_vsyslog' syscall.
Export 'sched_note_printf_ip' syscall when CONFIG_SYSLOG_TO_SCHED_NOTE=y
Put the implementation of sched_note_printf_ip in libc/misc/lib_note.c
Signed-off-by: yukangzhi <yukangzhi@xiaomi.com>
Replace DEBUGASSERT checks with proper NULL pointer validation in getpid() and
task_get_info() functions. Return IDLE_PROCESS_ID or -ESRCH on NULL conditions
instead of asserting, improving robustness during early system startup and error conditions.
Signed-off-by: hujun5 <hujun5@xiaomi.com>
The return address stored in the frame should point to the instruction
after the call. To get the actual call site, we need to subtract the
instruction size (sizeof(void *)) from the saved return address.
This ensures that backtrace addresses correctly point to the calling
instruction rather than the next instruction.
Signed-off-by: yinshengkai <yinshengkai@bytedance.com>
Move pthread mutex operations from kernel-space syscall
interface to user-space implementations
to reduce syscall overhead. Relocate mutex holder list
tracking from task control block (tcb) to
thread local storage (tls) to improve memory layout and
cache efficiency. Add helper macros for
conditional mutex implementations and update syscall
interface accordingly.
Signed-off-by: hujun5 <hujun5@xiaomi.com>
If the serial port is set to isconsole,
\n will be escaped as \r\n, causing communication failure.
Signed-off-by: yinshengkai <yinshengkai@bytedance.com>
flush fixes the problem of not being able to get the lock.
call trace:
A thread: rptun thread:
lock upper_lock
lock upper_lock
rpmsg send -> wait upper_lock
unlock upper_lock
wait response <--\-- don't reponse this rpmsg request
unlock upper_lock
Signed-off-by: likun17 <likun17@xiaomi.com>
The identifier regs has been used to represent a type, and cannot be used in here. So change the "regs" to "context"
Signed-off-by: pangzhen1 <pangzhen1@xiaomi.com>
Add validation to ensure allocated stack size does not exceed TLS_MAXSTACK when
CONFIG_TLS_ALIGNED is enabled, and verify proper stack alignment using STACK_ALIGN_MASK
across all architectures. This improves stack safety and prevents potential TLS overflow conditions.
Signed-off-by: hujun5 <hujun5@xiaomi.com>
This patch fixes a Coverity issue where static objects that are only referenced
within a single function should be declared in block scope rather than file scope.
This improves code encapsulation and reduces global namespace pollution.
Changes:
- Moved 'g_irqchainpool[]' from file-level static variable to function-level
static variable within irqchain_initialize()
This ensures compliance with MISRA C-2012 Rule 8.9 which states: 'An object
should be declared in block scope if its identifier is only referenced within
one function.' The change improves code clarity, maintainability, and follows
best practices for variable scoping.
Benefits:
- Reduces file-level namespace pollution
- Improves code encapsulation
- Makes the scope of the variable immediately obvious
- Maintains static storage duration for the array
Signed-off-by: pangzhen1 <pangzhen1@xiaomi.com>
This patch fixes a Coverity issue where implicit casting from signed int to
unsigned int could lead to unexpected behavior. The fix replaces the implicit
cast with an explicit unsigned literal suffix to ensure type safety.
Changes:
- In irqchain_attach(): Changed comparison 'sq_count(&g_irqchainfreelist) < 2'
to 'sq_count(&g_irqchainfreelist) < 2u' to use explicit unsigned literal
This ensures compliance with MISRA C-2012 Rule 10.4 which prohibits implicit
conversions between signed and unsigned types. This change prevents potential
integer conversion issues and improves code correctness.
Signed-off-by: pangzhen1 <pangzhen1@xiaomi.com>
Since the macro.h may confilict with the user definition, we should
avoid including the macro.h in clock.h.
Signed-off-by: ouyangxiangzhen <ouyangxiangzhen@xiaomi.com>
Fix MISRA Rule 10.3 exist clock to sclock cause wide type implicit conversion to narrow type, NSEC_PER_USEC to l
Signed-off-by: jiangtao16 <jiangtao16@xiaomi.com>
The old implementation used a GCC extension related to variadic macros,
where a name prepends the ellipsis, which has portability issues.
Signed-off-by: chenxiaoyi <chenxiaoyi@xiaomi.com>
Add a new boardctl command BOARDIOC_MACADDR to retrieve the MAC address of the network interface.
The board_macaddr function needs to be implemented by the board logic.
Signed-off-by: daichuan <daichuan@xiaomi.com>
TESTCASE: On CPU1, create a thread with affinity CPU1. Since the priority is the same as the current thread, the newly created thread has not yet been executed. Then, call sched_setaffinity() to reset the affinity of the new thread to CPU0, and then call join to wait for the new thread to finish executing. At this point, the current system is found to be stuck. However, when I create a new thread on CPU0 and set its affinity to CPU1, it can be successfully executed.
REASON: There is a logical judgment in the nxsched_set_affinity function called by sched_setaffinity at the bottom layer. When the affinity is changed, whether nxsched_set_priority() needs to be called to modify the task queue of each CPU. The judgment condition here is "(tcb->affinity & (1 << tcb->cpu)) == 0". If it is for a running program, this is no problem, because tcb->cpu will be assigned the correct value when the task is activated. However, for a program that has not yet run, the value of tcb->cpu is not valid, and the default value is 0. At this time, if you want to change the affinity from CPU1 to CPU0, affinity is 1, tcb->cpu is 0, then the expression (tcb->affinity & (1 << tcb->cpu)) = 1, which does not meet the judgment condition, so the nxsched_set_priority() function is not called. Therefore, it is necessary to set a CPU value that can run for the ready task.
Signed-off-by: wangzhi16 <wangzhi16@xiaomi.com>
Use mktemp to create unique path for memfd, so other thread can't find file by path.
If don't do this, error will ocurr in this case:
thread 1: thread2:
open() -- refs = 1
open() -- refs = 2
unlink()
unlink()
thread1 and thread2 will map one buffer by using file path but not fd or address of buffer.
Signed-off-by: wangzhi16 <wangzhi16@xiaomi.com>
TESTCASE: A thread running on CPU0 calls sched_setaffinity() to run on CPU1, but the execution result shows that only the value of tcb->affinity is modified, and it does not actually switch to CPU1.
REASON: The underlying function nxsched_running_setpriority() called by sched_setaffinity does not take into account that when changing CPU affinity, each CPU's task queue needs to be adjusted and context switching needs to be performed. Therefore, it is necessary to add a check to see if the new CPU affinity also includes the previously running CPU. If not, the task needs to be put into the new CPU queue and context switching needs to be performed.
Signed-off-by: wangzhi16 <wangzhi16@xiaomi.com>
There is a bug in the rw_spinlock. Each time atomic_compare_exchange_strong(object, expected, desired) is executed, the value of object is assigned to expected, so the value of expected needs to be reset each time.
Signed-off-by: wangzhi16 <wangzhi16@xiaomi.com>
For POLICY_0, when a pipe only has a reader and no writer,
if the pipe is empty, set POLLHUP.
For POLICY_1, when a pipe only has a reader but no writer,
if the pipe is empty, POLLHUP will not be set.
This change corrects poll() behavior to match the two pipe policies.
No API changes.
Signed-off-by: yukangzhi <yukangzhi@xiaomi.com>
If ns_msg->flags == RPMSG_NS_CREATE_ACK, means already know peer's address
so direclty use usr_ept->dest_addr
Signed-off-by: yintao <yintao@xiaomi.com>
fist free when rpmsg_port_unregister at rpmsg spi thread
<free+12>
<rpmsg_router_hub_ept_release+6>
<rpmsg_ept_decref+28>
<rpmsg_unregister_endpoint+120>
<rpmsg_destroy_ept+40>
<rpmsg_router_hub_unbind+22>
<rpmsg_device_destory+172>
<rpmsg_port_unregister+26>
this thread will free r:droid and r:audio at last;
But in this process,
rpmsg_destroy_ept "r:droid" will send NS_destroy to audio;
audio will response NS_destroy to ap; if r:droid has not been
removed from the ept list yet, the rptun_audio thread on ap will
occur as follows:
3 0x103016fa in kasan_check_report
4 0x103018b6 in __asan_store4_noabort
5 0x106ca352 in metal_list_del
6 in rpmsg_unregister_endpoint
7 0x106ca77a in rpmsg_destroy_ept
8 0x102db232 in rpmsg_router_hub_unbind
9 0x106cabb2 in rpmsg_virtio_ns_callback
10 0x106cad5c in rpmsg_virtio_rx_callback
11 0x106cc190 in virtqueue_notification
12 0x106ca064 in rproc_virtio_notified
13 0x106c9ad0 in remoteproc_get_notification
14 0x102dd4ba in rptun_worker at rptun/rptun.c:334
15 rptun_worker (arg=<optimized out>) at rptun/rptun.c:328
16 0x102dd974 in rptun_thread rptun/rptun.c:353
17 0x102cd558 in nxtask_start () at task/task_start.c:1
this will lead to r:audio be freed again.
Signed-off-by: yintao <yintao@xiaomi.com>
Use rpmsg_send_offchannel_raw to fix stuck issue avoid getting stuck
when remote destroy ept.
When send messages from ap to android in Rptun thread, Android may
have sent NS_DESTROY through rpmsg_port and changed ept->dst to
RPMSG_ADDR_ANY in rpmsg_port_ns_callback; So rptun thread may be
stuck at this time because rpmsg_send detected dst_ept's dst_addr
is RPMSG_ADDR_ANY.
rpmsg_virtio_thread(rptun audio):
rpmsg_virtio_rx_callback -> rpmsg_router_cb -> rpmsg_send(dst_ept)
send to android
rpmsg_port_thread (android send NS_DESTROY):
rpmsg_port_ns_callback -> dst_ept->dest_addr = RPMSG_ADDR_ANY
Signed-off-by: yintao <yintao@xiaomi.com>
when edge_ept received NS_DESTROY message to sync the behavior with
other rpmsg transport
if (ns_msg.flags == RPMSG_NS_DESTROY) {
if (_ept)
_ept->dest_addr = RPMSG_ADDR_ANY;
...
Signed-off-by: yintao <yintao@xiaomi.com>
pangzhen1
yukangzhi
hujun5
yinshengkai
wangchengdong
chenxiaoyi
Bartosz Wawrzynek
guohao15
dongjiuzhu1
likun17
ouyangxiangzhen
jiangtao16
yinshengkai
daichuan
wangzhi16
Bowen Wang
yintao
ligd