The task_wdt_add function changes the reload_period of the channel to a
non-null value, which indicates that the channel is used. If the
function is interrupted by a task_wdt_trigger running in ISR context
before adding of the new channel has finished, the next timeout will be
scheduled based on inconsistent channel data.
Using a spinlock avoids such data races.
Fixes#61004
Signed-off-by: Martin Jäger <martin@libre.solar>
When building for 64-bit platform (tested on native_posix_64), there
was a cast warning for different sizes.
A void * is used to store a simple ID, fixed by using uintptr_t instead.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
Adds few missing zephyr/ prefixes to leftover #include statements that
either got added recently or were using double quote format.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
In order to bring consistency in-tree, migrate all subsystems code to
the new prefix <zephyr/...>. Note that the conversion has been scripted,
refer to zephyrproject-rtos#45388 for more details.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
The task_wdt was getting stuck after approx. 36 hours on e.g. nRF52840,
which has a SysTick with 32768 Hz. This corresponds to an overflow of
the uint32_t current_ticks in schedule_next_timeout.
This commit fixes the accidentally introduced narrowing conversion.
Fixes#40152
Signed-off-by: Martin Jäger <martin@libre.solar>
If a fallback hardware watchdog is used, it is fed together with the
task watchdog in task_wdt_feed. However, the hardware watchdog was
not yet set up before the first call to task_wdt_feed.
This commit fixes the order of wdt_setup and task_wdt_feed calls.
Fixes#39523
Signed-off-by: Martin Jäger <martin@libre.solar>
The task_wdt_init() API can fail to install a timeout for the fallback
hardware WDT (hw_wdt) without returning an error code. This patch
enables task_wdt_init() to return the hw_wdt install timeout error code
if the hw_wdt install timeout fails.
Signed-off-by: Nick Ward <nick.ward@setec.com.au>
Do not use periodic executions of the timer handler, as in certain
circumstances (the fallback hardware watchdog used, one or more
task_wdt channel activated but none of them being ever fed) this
would lead to no callback/reset being executed for any channel.
Instead, schedule the next timeout from the timer handler function
when the function is executed for the dummy background channel or
for a channel that was deleted.
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
Enable the option to pause the fallback hardware watchdog if the MCU is
halted by a debugger.
This fixes issue #33509 where some boards with Nordic MCUs could not be
flashed anymore after using the task watchdog sample.
Signed-off-by: Martin Jäger <martin@libre.solar>
The hardware watchdog was always fed with channel ID 0. This is correct
in most cases, but we should still use the actual ID returned from
wdt_install_timeout.
Signed-off-by: Martin Jäger <martin@libre.solar>
Reboot functionality has nothing to do with PM, so move it out to the
subsys/os folder.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
This new subsystem can be used to supervise individual threads. It
is based on a regularly updated kernel timer, whose ISR is never
actually called in regular system operation.
An existing hardware watchdog can be used as an optional fallback if
the task watchdog itself gets stuck.
Signed-off-by: Martin Jäger <martin@libre.solar>