kernel/spinlock: Add a depth count to spinlock validation

Right now the validation layer catches mismatched locking, but another
common gotcha is failing to release an outer nested lock before
entering a blocking primitive.  In these cases, the OS would swap
away, and the next thread (if any) to try to take the outer lock would
hit a "not my spinlock" error, which while correct isn't very
informative.

By keeping a single per-cpu nesting count we can check this at the
point of the swap, which is more helpful.

Signed-off-by: Andy Ross <[email protected]>

Author: Andy Ross

kernel/include/kernel_structs.h

@@ -15,6 +15,7 @@
 #include <misc/rb.h>
 #include <misc/util.h>
 #include <string.h>
+#include <spinlock.h>
 #endif
 
 #define K_NUM_PRIORITIES \
@@ -107,6 +108,10 @@ struct _cpu {
 	/* True when _current is allowed to context switch */
 	u8_t swap_ok;
 #endif
+
+#ifdef SPIN_VALIDATE
+	u8_t spin_depth;
+#endif
 };
 
 typedef struct _cpu _cpu_t;

kernel/include/kswap.h

@@ -59,6 +59,10 @@ static ALWAYS_INLINE unsigned int do_swap(unsigned int key,
 
 	if (is_spinlock) {
 		k_spin_release(lock);
+#ifdef SPIN_VALIDATE
+		__ASSERT(_current_cpu->spin_depth == 0,
+			 "Swapping with spinlock held!");
+#endif
 	}
 
 	new_thread = z_get_next_ready_thread();
@@ -142,6 +146,10 @@ static inline int z_swap_irqlock(unsigned int key)
 static ALWAYS_INLINE int z_swap(struct k_spinlock *lock, k_spinlock_key_t key)
 {
 	k_spin_release(lock);
+#ifdef SPIN_VALIDATE
+	__ASSERT(_current_cpu->spin_depth == 0,
+		 "Swapping with spinlock held!");
+#endif
 	return z_swap_irqlock(key.key);
 }
 

kernel/thread.c

@@ -720,6 +720,7 @@ int z_spin_lock_valid(struct k_spinlock *l)
 		}
 	}
 	l->thread_cpu = _current_cpu->id | (u32_t)_current;
+	_current_cpu->spin_depth++;
 	return 1;
 }
 
@@ -729,6 +730,7 @@ int z_spin_unlock_valid(struct k_spinlock *l)
 		return 0;
 	}
 	l->thread_cpu = 0;
+	_current_cpu->spin_depth--;
 	return 1;
 }
 #endif