Add a "panic" command to process console #2528
Conversation
This sounds like a bug in the USB driver? The stack should be in a well-defined state in the callback. I'll try to take a look. |
|
I'm not a fan of a userspace process being able to panic the kernel |
The process console is not a userspace process, it is a privileged (and optional) kernel capsule that directly exposes a console interface over a serial connection. It is present even if no userspace processes exist on the board. It also provides the ability for a user to start/stop/fault arbitrary processes, which seems about as dangerous as being able to panic the kernel |
|
Ah, you are right In which case option 3 might be the best option. I feel like Tock should be able to handle a panic call anywhere, even inside the USB stack. If that isn't feasible though then option 2 seems like the next best bet. |
|
I tested this out some, and even with the changes in this PR I do not always see panic prints complete -- they often stop after 3 or 4 buffers. Somewhat separately, I think that the Line 1133 in 1c2bcbe Line 150 in 1c2bcbe |
|
This works ok on the nano33ble if no processes are using the console, however, it seems to not print all of the panic information reliably if I have, say, the |
|
I was testing with hello_loop installed as well if I remember correctly. That sounds like something that might be good to dig into separately -- it seems possible the same issue could manifest for a normal kernel panic, depending on the state of the USB stack. |
|
Should we close this then? |
|
I still would like to add the panic command. |
|
Ok now this PR just adds the "panic" command. |
|
bors r+ |
Pull Request Overview
This pull request is supposed to be just adding a "panic" command to process console so that users can force a panic, and more importantly the debug information that comes along with it. This is a stop-gap if we can instead use the process console to display the per-process debug info without a full kernel panic someday.
Unfortunately, on the board I want to use this on (the nano33ble), just doing a normal
panic!()in process console doesn't work. The issue is that process console commands are parsed in a UART TX done callback (which on the nano33 originates from the CDC/USB stack). Since panic changes the control flow immediately, the TX done callback never finishes returning down the callback chain, and the USB driver's state is effectively corrupted.So, this implementation uses a deferred call so that the panic runs on a different callback. This makes it work on the nano33ble, but adds a deferred call for every process console user.
Testing Strategy
Using it on the nano33ble.
TODO or Help Wanted
I don't like this solution (hence why no other boards compile since I only fixed up the nano33ble). Any thoughts on a better way to handle this? Some possible options:
Option<>, and just immediately panic for boards that use aNone.Documentation Updated
/docs, or no updates are required.Formatting
make prepush.