wengzhe opened a new pull request, #8832:
URL: https://github.com/apache/nuttx/pull/8832
## Summary
### TL;DR
When semcount is subtracted to negative number in work_cancel, it cannot put
work_thread back to waiting from ready state, so the work_thread still runs
with empty work after work cancellation, which cause semcount become wrong
state.
### Problem
If a work is queued and cancelled in high priority threads (or queued by
timer and cancelled by another high priority thread) before work_thread runs,
the queue operation will mark work_thread as ready to run, but the cancel
operation minus the semcount back to -1 and makes wqueue->q empty. Then the
work_thread still runs, found empty queue, and wait sem again, then semcount
becomes -2 (being minused by 1)
This can be done multiple times, then semcount can become very small value.
Test case to produce incorrect semcount:
```c
high_priority_task()
{
for (int i = 0; i < 10000; i++)
{
work_queue(LPWORK, &work, worker, NULL, 0);
work_cancel(LPWORK, &work);
usleep(1);
}
/* Now the g_lpwork.sem.semcount is a value near -10000 */
}
```
With incorrect semcount, any queue operation when the work_thread is busy,
will only increase semcount and push work into queue, but cannot trigger
work_thread (semcount is negative but work_thread is not waiting), then there
will be more and more works left in queue while the work_thread is waiting sem
and cannot call them.
## Impact
Try fix work queue logic in special state.
## Testing
Manually & CI
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
