kernel: mem_domain: add/remove partition funcs to return errors

This changes both k_mem_domain_add_partition() and
k_mem_domain_remove_partition() to return errors instead of
asserting when errors are encountered. This gives the application
chance to recover.

The arch_mem_domain_parition_add()/_remove() will be modified
later together with all the other arch_mem_domain_*() changes
since the architecture code for partition addition and removal
functions usually cannot be separately changed.

Signed-off-by: Daniel Leung <[email protected]>

Author: dcpleung

include/app_memory/mem_domain.h

@@ -151,8 +151,12 @@ extern int k_mem_domain_init(struct k_mem_domain *domain, uint8_t num_parts,
  *
  * @param domain The memory domain to be added a memory partition.
  * @param part The memory partition to be added
+ *
+ * @retval 0 if successful
+ * @retval -EINVAL if invalid parameters supplied
+ * @retval -ENOSPC if no free partition slots available
  */
-extern void k_mem_domain_add_partition(struct k_mem_domain *domain,
+extern int k_mem_domain_add_partition(struct k_mem_domain *domain,
 				      struct k_mem_partition *part);
 
 /**
@@ -162,8 +166,12 @@ extern void k_mem_domain_add_partition(struct k_mem_domain *domain,
  *
  * @param domain The memory domain to be removed a memory partition.
  * @param part The memory partition to be removed
+ *
+ * @retval 0 if successful
+ * @retval -EINVAL if invalid parameters supplied
+ * @retval -ENOENT if no matching partition found
  */
-extern void k_mem_domain_remove_partition(struct k_mem_domain *domain,
+extern int k_mem_domain_remove_partition(struct k_mem_domain *domain,
 					 struct k_mem_partition *part);
 
 /**

kernel/mem_domain.c

@@ -151,15 +151,23 @@ int k_mem_domain_init(struct k_mem_domain *domain, uint8_t num_parts,
 	return ret;
 }
 
-void k_mem_domain_add_partition(struct k_mem_domain *domain,
-				struct k_mem_partition *part)
+int k_mem_domain_add_partition(struct k_mem_domain *domain,
+			       struct k_mem_partition *part)
 {
 	int p_idx;
 	k_spinlock_key_t key;
+	int ret = 0;
 
-	__ASSERT_NO_MSG(domain != NULL);
-	__ASSERT(check_add_partition(domain, part),
-		 "invalid partition %p", part);
+	CHECKIF(domain == NULL) {
+		ret = -EINVAL;
+		goto out;
+	}
+
+	CHECKIF(!check_add_partition(domain, part)) {
+		LOG_ERR("invalid partition %p", part);
+		ret = -EINVAL;
+		goto out;
+	}
 
 	key = k_spin_lock(&z_mem_domain_lock);
 
@@ -170,8 +178,11 @@ void k_mem_domain_add_partition(struct k_mem_domain *domain,
 		}
 	}
 
-	__ASSERT(p_idx < max_partitions,
-		 "no free partition slots available");
+	CHECKIF(!(p_idx < max_partitions)) {
+		LOG_ERR("no free partition slots available");
+		ret = -ENOSPC;
+		goto unlock_out;
+	}
 
 	LOG_DBG("add partition base %lx size %zu to domain %p\n",
 		part->start, part->size, domain);
@@ -185,17 +196,25 @@ void k_mem_domain_add_partition(struct k_mem_domain *domain,
 #ifdef CONFIG_ARCH_MEM_DOMAIN_SYNCHRONOUS_API
 	arch_mem_domain_partition_add(domain, p_idx);
 #endif
+
+unlock_out:
 	k_spin_unlock(&z_mem_domain_lock, key);
+
+out:
+	return ret;
 }
 
-void k_mem_domain_remove_partition(struct k_mem_domain *domain,
+int k_mem_domain_remove_partition(struct k_mem_domain *domain,
 				  struct k_mem_partition *part)
 {
 	int p_idx;
 	k_spinlock_key_t key;
+	int ret = 0;
 
-	__ASSERT_NO_MSG(domain != NULL);
-	__ASSERT_NO_MSG(part != NULL);
+	CHECKIF((domain == NULL) || (part == NULL)) {
+		ret = -EINVAL;
+		goto out;
+	}
 
 	key = k_spin_lock(&z_mem_domain_lock);
 
@@ -207,7 +226,11 @@ void k_mem_domain_remove_partition(struct k_mem_domain *domain,
 		}
 	}
 
-	__ASSERT(p_idx < max_partitions, "no matching partition found");
+	CHECKIF(!(p_idx < max_partitions)) {
+		LOG_ERR("no matching partition found");
+		ret = -ENOENT;
+		goto unlock_out;
+	}
 
 	LOG_DBG("remove partition base %lx size %zu from domain %p\n",
 		part->start, part->size, domain);
@@ -221,7 +244,11 @@ void k_mem_domain_remove_partition(struct k_mem_domain *domain,
 
 	domain->num_partitions--;
 
+unlock_out:
 	k_spin_unlock(&z_mem_domain_lock, key);
+
+out:
+	return ret;
 }
 
 static void add_thread_locked(struct k_mem_domain *domain,
@@ -301,7 +328,9 @@ static int init_mem_domain_module(const struct device *arg)
 	__ASSERT(ret == 0, "failed to init default mem domain");
 
 #ifdef Z_LIBC_PARTITION_EXISTS
-	k_mem_domain_add_partition(&k_mem_domain_default, &z_libc_partition);
+	ret = k_mem_domain_add_partition(&k_mem_domain_default,
+					 &z_libc_partition);
+	__ASSERT(ret == 0, "failed to add default libc mem partition");
 #endif /* Z_LIBC_PARTITION_EXISTS */
 
 	return 0;

samples/userspace/prod_consumer/src/app_b.c

@@ -76,12 +76,27 @@ static void processor_thread(void *p1, void *p2, void *p3)
 
 void app_b_entry(void *p1, void *p2, void *p3)
 {
+	int ret;
+
 	/* Much like how we are reusing the main thread as this application's
 	 * processor thread, we will re-use the default memory domain as the
 	 * domain for application B.
 	 */
-	k_mem_domain_add_partition(&k_mem_domain_default, &app_b_partition);
-	k_mem_domain_add_partition(&k_mem_domain_default, &shared_partition);
+	ret = k_mem_domain_add_partition(&k_mem_domain_default,
+					 &app_b_partition);
+	if (ret != 0) {
+		LOG_ERR("Failed to add app_b_partition to mem domain (%d)",
+			ret);
+		k_oops();
+	}
+
+	ret = k_mem_domain_add_partition(&k_mem_domain_default,
+					 &shared_partition);
+	if (ret != 0) {
+		LOG_ERR("Failed to add shared_partition to mem domain (%d)",
+			ret);
+		k_oops();
+	}
 
 	/* Assign a resource pool to serve for kernel-side allocations on
 	 * behalf of application A. Needed for k_queue_alloc_append().

samples/userspace/shared_mem/src/main.c

@@ -158,10 +158,20 @@ void main(void)
 	k_thread_access_grant(tCT, &allforone);
 	printk("CT Thread Created %p\n", tCT);
 	/* Re-using the default memory domain for CT */
-	k_mem_domain_add_partition(&k_mem_domain_default, &ct_part);
-	k_mem_domain_add_partition(&k_mem_domain_default, &blk_part);
+	ret = k_mem_domain_add_partition(&k_mem_domain_default, &ct_part);
+	if (ret != 0) {
+		printk("Failed to add ct_part to mem domain (%d)\n", ret);
+		k_oops();
+	}
 	printk("ct partitions installed\n");
 
+	ret = k_mem_domain_add_partition(&k_mem_domain_default, &blk_part);
+	if (ret != 0) {
+		printk("Failed to add blk_part to mem domain (%d)\n", ret);
+		k_oops();
+	}
+	printk("blk partitions installed\n");
+
 	k_thread_start(&enc_thread);
 	/* need to start all three threads.  let enc go first to perform init step */
 

subsys/testsuite/ztest/src/ztest.c

@@ -509,17 +509,29 @@ int main(void)
 void main(void)
 {
 #ifdef CONFIG_USERSPACE
+	int ret;
+
 	/* Partition containing globals tagged with ZTEST_DMEM and ZTEST_BMEM
 	 * macros. Any variables that user code may reference need to be
 	 * placed in this partition if no other memory domain configuration
 	 * is made.
 	 */
-	k_mem_domain_add_partition(&k_mem_domain_default,
-				   &ztest_mem_partition);
+	ret = k_mem_domain_add_partition(&k_mem_domain_default,
+					 &ztest_mem_partition);
+	if (ret != 0) {
+		PRINT("ERROR: failed to add ztest_mem_partition to mem domain (%d)\n",
+		      ret);
+		k_oops();
+	}
 #ifdef Z_MALLOC_PARTITION_EXISTS
 	/* Allow access to malloc() memory */
-	k_mem_domain_add_partition(&k_mem_domain_default,
-				   &z_malloc_partition);
+	ret = k_mem_domain_add_partition(&k_mem_domain_default,
+					 &z_malloc_partition);
+	if (ret != 0) {
+		PRINT("ERROR: failed to add z_malloc_partition to mem domain (%d)\n",
+		      ret);
+		k_oops();
+	}
 #endif
 #endif /* CONFIG_USERSPACE */
 

tests/crypto/mbedtls/src/main.c

@@ -13,7 +13,12 @@ extern void test_mbedtls(void);
 void test_main(void)
 {
 #ifdef CONFIG_USERSPACE
-	k_mem_domain_add_partition(&k_mem_domain_default, &k_mbedtls_partition);
+	int ret = k_mem_domain_add_partition(&k_mem_domain_default,
+					     &k_mbedtls_partition);
+	if (ret != 0) {
+		printk("Failed to add memory partition (%d)\n", ret);
+		k_oops();
+	}
 #endif
 	ztest_test_suite(test_mbedtls_fn,
 		ztest_user_unit_test(test_mbedtls));