dp bugfix: wait till dp thread stops in thread cancel

[marcinszkudlinski]

There's a race posiibility in DP when stopping a pipeline:

• dp starts processing
• incoming IPC - pause the pipeline. IPC has higher priority
  than DP, so DP is preempted
• pipeline is stopping, module "reset" is called. Some of resources
  may be freed here
• when IPC finishes, DP thread continues processing

Sollution: wait for DP to finish processing and terminate DP thread
before calling "reset" method in module

To do this:

1. call "thread cancel" before calling "reset"
2. modify "thread cancel" to mark the thread to terminate and
   execute k_thread_join()
3. terminated thread cannot be restarted, so thread creation must be
   moved from "init" to "schedule". There's no need to reallocate memory
   zephyr guarantees that resources may be re-used when a thread
   is terminated.

[kv2019i]

Looks good, one clarifying question inline (plus few minor comments).

[kv2019i]

Is this check safe? I mean task is cancelled, where is task set to null? It's initially NULL, so this check will cover DP tasks never started, but how about a DP task that has already ended?

[marcinszkudlinski]

If the task is cancel - its OK, calling cancel again is safe and won't have any effect
If task if freed:

static inline void comp_free(struct comp_dev *dev)
{
	assert(dev->drv->ops.free);

	/* free task if shared component or DP task*/
	if ((dev->is_shared || dev->ipc_config.proc_domain == COMP_PROCESSING_DOMAIN_DP) &&
	    dev->task) {
		schedule_task_free(dev->task);
		rfree(dev->task);
		dev->task = NULL;
	}

	dev->drv->ops.free(dev);
}

free and reset are both called from IPC thread, so it looks safe. Anyway, I can change it to safer:

		volatile task * _task = dev->task;
		dev->task = NULL;
		schedule_task_free(_task);
		rfree(_task);

EDIT:
is it safer? Can't the compiler change order of lines in optimalization? Is it needed?
Free is called when a module is really being destroyed, calling "reset" during or after free operation would be fatal anyway

[lyakh]

SOF is relying on IPC serialisation. So if both these functions are only called from within IPCs, they cannot race.

[kv2019i]

@marcinszkudlinski @lyakh I was actually thinking of the case where "dev->task" is a dangling pointer. I couldn't immediately find where dev->task is zeroed, so not sure if this check can ensure task is a valid task object.

[marcinszkudlinski]

@lyakh you're right with IPC serialization, no need for double-over-protection. @kv2019i - as you see pointer is zeroized when task is freed, No changes required here

[kv2019i]

minor: some typoes in commit, "s/posiibility/possibility", "s/sollution/solution/",

[marc-hb]

As a funny coincidence, this old IPC3 issue was just exposed now:

• [BUG] [stable-v2.2] [NOCODEC] ERROR pipeline_comp_reset(): failed to recover (multiple-pipeline-all) #9135

[lyakh]

I see that errors in thread handling are just moved over from another location, but let's use this opportunity to fix them too

[lyakh]

SOF is relying on IPC serialisation. So if both these functions are only called from within IPCs, they cannot race.

[lyakh]

if the task is a lower priority thread, however, this won't switch to running that other task immediately

[marcinszkudlinski]

it won't at this point, it will when k_thread_join() is called

[lyakh]

this check will always return true

[marcinszkudlinski]

yes, but only because the first possible jump to err is after thread is initialized. I would leave this "overprotection" as is - cost is just a few bytes of code.

[lyakh]

@marcinszkudlinski but before it's initialised it's undefined, so this check would be meaningless too and the compiler would warn you about that.

[kv2019i]

Fine to me now, thanks.

[marcinszkudlinski]

changing to [DNM], waiting for logs from stress test with DP AEC

[lgirdwood]

changing to [DNM], waiting for logs from stress test with DP AEC

Will tag for v2.10 so we can get this fix.

[lyakh]

do I understand it correctly, that previously DP tasks were terminated from comp_free() by calling schedule_task_free()? Now scheduler_dp_task_cancel() will (potentially) be called twice - from here and from schedule_task_free(). Should be safe for now, at least as long as list_del() also initialises the list item.

[marcinszkudlinski]

Yes., it is called twice, nobody guarantees that cancel had been called before free.

as long as list_del() also initialises the list item

it does:

static inline void list_item_del(struct list_item *item)
{
	item->next->prev = item->prev;
	item->prev->next = item->next;
	list_init(item);
}

[lyakh]

@marcinszkudlinski yes, sorry, that's exactly what I meant: as long as list_init() is there, then calling it twice is ok, but if we once decide to remove it since technically it isn't needed there, then this (and probably a couple of other places) will break

comments addressed, thanks

[marcinszkudlinski]

please go ahead with merging

[kv2019i]

One more review needed to be able to merge.

[kv2019i]

@wszypelt @marcinszkudlinski Can you take a look at the quickbuild build fail for this PR. This is fixing an issue that showing as quickbuild failure for other PRs frequently.

[lgirdwood]

changing to [DNM], waiting for logs from stress test with DP AEC

@marcinszkudlinski any update, can we merged for v2.10 or still WIP ?

[marcinszkudlinski]

checking CI, please wait

[lgirdwood]

@marcinszkudlinski jenkins looks OK, looks like a long queue on internal CI ?

[wszypelt]

@lgirdwood results from internal CI should be available within 40 minutes

[marcinszkudlinski]

another problem in CI, fix in progress...

[marcinszkudlinski]

fix - crash if a task had been deleted before was scheduled.
I.e. when pipeline was created and deleted, but not started
In this case zephyr thread wasn't created and null pointer dereference occured

[lgirdwood]

fix - crash if a task had been deleted before was scheduled. I.e. when pipeline was created and deleted, but not started In this case zephyr thread wasn't created and null pointer dereference occured

@marcinszkudlinski ok, do you mean now you are happy with stress testing and we are good to go ?

[marcinszkudlinski]

@lgirdwood I believe so, pls go ahead with merging