mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2026-03-22 07:27:12 +08:00
9d475d80c9
DA monitor can be accessed from multiple cores simultaneously, this is likely, for instance when dealing with per-task monitors reacting on events that do not always occur on the CPU where the task is running. This can cause race conditions where two events change the next state and we see inconsistent values. E.g.: [62] event_srs: 27: sleepable x sched_wakeup -> running (final) [63] event_srs: 27: sleepable x sched_set_state_sleepable -> sleepable [63] error_srs: 27: event sched_switch_suspend not expected in the state running In this case the monitor fails because the event on CPU 62 wins against the one on CPU 63, although the correct state should have been sleepable, since the task get suspended. Detect if the current state was modified by using try_cmpxchg while storing the next value. If it was, try again reading the current state. After a maximum number of failed retries, react by calling a special tracepoint, print on the console and reset the monitor. Remove the functions da_monitor_curr_state() and da_monitor_set_state() as they only hide the underlying implementation in this case. Monitors where this type of condition can occur must be able to account for racing events in any possible order, as we cannot know the winner. Cc: Ingo Molnar <mingo@redhat.com> Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Tomas Glozar <tglozar@redhat.com> Cc: Juri Lelli <jlelli@redhat.com> Cc: Clark Williams <williams@redhat.com> Cc: John Kacur <jkacur@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Link: https://lore.kernel.org/20250728135022.255578-6-gmonaco@redhat.com Signed-off-by: Gabriele Monaco <gmonaco@redhat.com> Reviewed-by: Nam Cao <namcao@linutronix.de> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
94 lines
2.5 KiB
Plaintext
94 lines
2.5 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
#
|
|
config RV_MON_EVENTS
|
|
bool
|
|
|
|
config RV_MON_MAINTENANCE_EVENTS
|
|
bool
|
|
|
|
config DA_MON_EVENTS_IMPLICIT
|
|
select RV_MON_EVENTS
|
|
select RV_MON_MAINTENANCE_EVENTS
|
|
bool
|
|
|
|
config DA_MON_EVENTS_ID
|
|
select RV_MON_EVENTS
|
|
select RV_MON_MAINTENANCE_EVENTS
|
|
bool
|
|
|
|
config LTL_MON_EVENTS_ID
|
|
select RV_MON_EVENTS
|
|
bool
|
|
|
|
config RV_LTL_MONITOR
|
|
bool
|
|
|
|
menuconfig RV
|
|
bool "Runtime Verification"
|
|
select TRACING
|
|
help
|
|
Enable the kernel runtime verification infrastructure. RV is a
|
|
lightweight (yet rigorous) method that complements classical
|
|
exhaustive verification techniques (such as model checking and
|
|
theorem proving). RV works by analyzing the trace of the system's
|
|
actual execution, comparing it against a formal specification of
|
|
the system behavior.
|
|
|
|
For further information, see:
|
|
Documentation/trace/rv/runtime-verification.rst
|
|
|
|
config RV_PER_TASK_MONITORS
|
|
int "Maximum number of per-task monitor"
|
|
depends on RV
|
|
range 1 8
|
|
default 2
|
|
help
|
|
This option configures the maximum number of per-task RV monitors that can run
|
|
simultaneously.
|
|
|
|
source "kernel/trace/rv/monitors/wip/Kconfig"
|
|
source "kernel/trace/rv/monitors/wwnr/Kconfig"
|
|
|
|
source "kernel/trace/rv/monitors/sched/Kconfig"
|
|
source "kernel/trace/rv/monitors/tss/Kconfig"
|
|
source "kernel/trace/rv/monitors/sco/Kconfig"
|
|
source "kernel/trace/rv/monitors/snroc/Kconfig"
|
|
source "kernel/trace/rv/monitors/scpd/Kconfig"
|
|
source "kernel/trace/rv/monitors/snep/Kconfig"
|
|
source "kernel/trace/rv/monitors/sncid/Kconfig"
|
|
# Add new sched monitors here
|
|
|
|
source "kernel/trace/rv/monitors/rtapp/Kconfig"
|
|
source "kernel/trace/rv/monitors/pagefault/Kconfig"
|
|
source "kernel/trace/rv/monitors/sleep/Kconfig"
|
|
# Add new rtapp monitors here
|
|
|
|
# Add new monitors here
|
|
|
|
config RV_REACTORS
|
|
bool "Runtime verification reactors"
|
|
default y
|
|
depends on RV
|
|
help
|
|
Enables the online runtime verification reactors. A runtime
|
|
monitor can cause a reaction to the detection of an exception
|
|
on the model's execution. By default, the monitors have
|
|
tracing reactions, printing the monitor output via tracepoints,
|
|
but other reactions can be added (on-demand) via this interface.
|
|
|
|
config RV_REACT_PRINTK
|
|
bool "Printk reactor"
|
|
depends on RV_REACTORS
|
|
default y
|
|
help
|
|
Enables the printk reactor. The printk reactor emits a printk()
|
|
message if an exception is found.
|
|
|
|
config RV_REACT_PANIC
|
|
bool "Panic reactor"
|
|
depends on RV_REACTORS
|
|
default y
|
|
help
|
|
Enables the panic reactor. The panic reactor emits a printk()
|
|
message if an exception is found and panic()s the system.
|