mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson
synced 2025-08-28 00:19:36 +00:00
9d475d80c9
DA monitor can be accessed from multiple cores simultaneously, this is likely, for instance when dealing with per-task monitors reacting on events that do not always occur on the CPU where the task is running. This can cause race conditions where two events change the next state and we see inconsistent values. E.g.: [62] event_srs: 27: sleepable x sched_wakeup -> running (final) [63] event_srs: 27: sleepable x sched_set_state_sleepable -> sleepable [63] error_srs: 27: event sched_switch_suspend not expected in the state running In this case the monitor fails because the event on CPU 62 wins against the one on CPU 63, although the correct state should have been sleepable, since the task get suspended. Detect if the current state was modified by using try_cmpxchg while storing the next value. If it was, try again reading the current state. After a maximum number of failed retries, react by calling a special tracepoint, print on the console and reset the monitor. Remove the functions da_monitor_curr_state() and da_monitor_set_state() as they only hide the underlying implementation in this case. Monitors where this type of condition can occur must be able to account for racing events in any possible order, as we cannot know the winner. Cc: Ingo Molnar <mingo@redhat.com> Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Tomas Glozar <tglozar@redhat.com> Cc: Juri Lelli <jlelli@redhat.com> Cc: Clark Williams <williams@redhat.com> Cc: John Kacur <jkacur@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Link: https://lore.kernel.org/20250728135022.255578-6-gmonaco@redhat.com Signed-off-by: Gabriele Monaco <gmonaco@redhat.com> Reviewed-by: Nam Cao <namcao@linutronix.de> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
133 lines
3.2 KiB
C
133 lines
3.2 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Runtime Verification.
|
|
*
|
|
* For futher information, see: kernel/trace/rv/rv.c.
|
|
*/
|
|
#ifndef _LINUX_RV_H
|
|
#define _LINUX_RV_H
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/list.h>
|
|
|
|
#define MAX_DA_NAME_LEN 32
|
|
#define MAX_DA_RETRY_RACING_EVENTS 3
|
|
|
|
#ifdef CONFIG_RV
|
|
#include <linux/bitops.h>
|
|
#include <linux/types.h>
|
|
#include <linux/array_size.h>
|
|
|
|
/*
|
|
* Deterministic automaton per-object variables.
|
|
*/
|
|
struct da_monitor {
|
|
bool monitoring;
|
|
unsigned int curr_state;
|
|
};
|
|
|
|
#ifdef CONFIG_RV_LTL_MONITOR
|
|
|
|
/*
|
|
* In the future, if the number of atomic propositions or the size of Buchi
|
|
* automaton is larger, we can switch to dynamic allocation. For now, the code
|
|
* is simpler this way.
|
|
*/
|
|
#define RV_MAX_LTL_ATOM 32
|
|
#define RV_MAX_BA_STATES 32
|
|
|
|
/**
|
|
* struct ltl_monitor - A linear temporal logic runtime verification monitor
|
|
* @states: States in the Buchi automaton. As Buchi automaton is a
|
|
* non-deterministic state machine, the monitor can be in multiple
|
|
* states simultaneously. This is a bitmask of all possible states.
|
|
* If this is zero, that means either:
|
|
* - The monitor has not started yet (e.g. because not all
|
|
* atomic propositions are known).
|
|
* - There is no possible state to be in. In other words, a
|
|
* violation of the LTL property is detected.
|
|
* @atoms: The values of atomic propositions.
|
|
* @unknown_atoms: Atomic propositions which are still unknown.
|
|
*/
|
|
struct ltl_monitor {
|
|
DECLARE_BITMAP(states, RV_MAX_BA_STATES);
|
|
DECLARE_BITMAP(atoms, RV_MAX_LTL_ATOM);
|
|
DECLARE_BITMAP(unknown_atoms, RV_MAX_LTL_ATOM);
|
|
};
|
|
|
|
static inline bool rv_ltl_valid_state(struct ltl_monitor *mon)
|
|
{
|
|
for (int i = 0; i < ARRAY_SIZE(mon->states); ++i) {
|
|
if (mon->states[i])
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
static inline bool rv_ltl_all_atoms_known(struct ltl_monitor *mon)
|
|
{
|
|
for (int i = 0; i < ARRAY_SIZE(mon->unknown_atoms); ++i) {
|
|
if (mon->unknown_atoms[i])
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
#else
|
|
|
|
struct ltl_monitor {};
|
|
|
|
#endif /* CONFIG_RV_LTL_MONITOR */
|
|
|
|
#define RV_PER_TASK_MONITOR_INIT (CONFIG_RV_PER_TASK_MONITORS)
|
|
|
|
union rv_task_monitor {
|
|
struct da_monitor da_mon;
|
|
struct ltl_monitor ltl_mon;
|
|
};
|
|
|
|
#ifdef CONFIG_RV_REACTORS
|
|
struct rv_reactor {
|
|
const char *name;
|
|
const char *description;
|
|
__printf(1, 2) void (*react)(const char *msg, ...);
|
|
struct list_head list;
|
|
};
|
|
#endif
|
|
|
|
struct rv_monitor {
|
|
const char *name;
|
|
const char *description;
|
|
bool enabled;
|
|
int (*enable)(void);
|
|
void (*disable)(void);
|
|
void (*reset)(void);
|
|
#ifdef CONFIG_RV_REACTORS
|
|
struct rv_reactor *reactor;
|
|
__printf(1, 2) void (*react)(const char *msg, ...);
|
|
#endif
|
|
struct list_head list;
|
|
struct rv_monitor *parent;
|
|
struct dentry *root_d;
|
|
};
|
|
|
|
bool rv_monitoring_on(void);
|
|
int rv_unregister_monitor(struct rv_monitor *monitor);
|
|
int rv_register_monitor(struct rv_monitor *monitor, struct rv_monitor *parent);
|
|
int rv_get_task_monitor_slot(void);
|
|
void rv_put_task_monitor_slot(int slot);
|
|
|
|
#ifdef CONFIG_RV_REACTORS
|
|
bool rv_reacting_on(void);
|
|
int rv_unregister_reactor(struct rv_reactor *reactor);
|
|
int rv_register_reactor(struct rv_reactor *reactor);
|
|
#else
|
|
static inline bool rv_reacting_on(void)
|
|
{
|
|
return false;
|
|
}
|
|
#endif /* CONFIG_RV_REACTORS */
|
|
|
|
#endif /* CONFIG_RV */
|
|
#endif /* _LINUX_RV_H */
|