da_monitor.h 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504
  1. /* SPDX-License-Identifier: GPL-2.0 */
  2. /*
  3. * Copyright (C) 2019-2022 Red Hat, Inc. Daniel Bristot de Oliveira <bristot@kernel.org>
  4. *
  5. * Deterministic automata (DA) monitor functions, to be used together
  6. * with automata models in C generated by the dot2k tool.
  7. *
  8. * The dot2k tool is available at tools/verification/dot2k/
  9. *
  10. * For further information, see:
  11. * Documentation/trace/rv/monitor_synthesis.rst
  12. */
  13. #ifndef _RV_DA_MONITOR_H
  14. #define _RV_DA_MONITOR_H
  15. #include <rv/automata.h>
  16. #include <linux/rv.h>
  17. #include <linux/stringify.h>
  18. #include <linux/bug.h>
  19. #include <linux/sched.h>
  20. /*
  21. * Per-cpu variables require a unique name although static in some
  22. * configurations (e.g. CONFIG_DEBUG_FORCE_WEAK_PER_CPU or alpha modules).
  23. */
  24. #define DA_MON_NAME CONCATENATE(da_mon_, MONITOR_NAME)
  25. static struct rv_monitor rv_this;
  26. static void react(enum states curr_state, enum events event)
  27. {
  28. rv_react(&rv_this,
  29. "rv: monitor %s does not allow event %s on state %s\n",
  30. __stringify(MONITOR_NAME),
  31. model_get_event_name(event),
  32. model_get_state_name(curr_state));
  33. }
  34. /*
  35. * da_monitor_reset - reset a monitor and setting it to init state
  36. */
  37. static inline void da_monitor_reset(struct da_monitor *da_mon)
  38. {
  39. da_mon->monitoring = 0;
  40. da_mon->curr_state = model_get_initial_state();
  41. }
  42. /*
  43. * da_monitor_start - start monitoring
  44. *
  45. * The monitor will ignore all events until monitoring is set to true. This
  46. * function needs to be called to tell the monitor to start monitoring.
  47. */
  48. static inline void da_monitor_start(struct da_monitor *da_mon)
  49. {
  50. da_mon->curr_state = model_get_initial_state();
  51. da_mon->monitoring = 1;
  52. }
  53. /*
  54. * da_monitoring - returns true if the monitor is processing events
  55. */
  56. static inline bool da_monitoring(struct da_monitor *da_mon)
  57. {
  58. return da_mon->monitoring;
  59. }
  60. /*
  61. * da_monitor_enabled - checks if the monitor is enabled
  62. */
  63. static inline bool da_monitor_enabled(void)
  64. {
  65. /* global switch */
  66. if (unlikely(!rv_monitoring_on()))
  67. return 0;
  68. /* monitor enabled */
  69. if (unlikely(!rv_this.enabled))
  70. return 0;
  71. return 1;
  72. }
  73. /*
  74. * da_monitor_handling_event - checks if the monitor is ready to handle events
  75. */
  76. static inline bool da_monitor_handling_event(struct da_monitor *da_mon)
  77. {
  78. if (!da_monitor_enabled())
  79. return 0;
  80. /* monitor is actually monitoring */
  81. if (unlikely(!da_monitoring(da_mon)))
  82. return 0;
  83. return 1;
  84. }
  85. #if RV_MON_TYPE == RV_MON_GLOBAL || RV_MON_TYPE == RV_MON_PER_CPU
  86. /*
  87. * Event handler for implicit monitors. Implicit monitor is the one which the
  88. * handler does not need to specify which da_monitor to manipulate. Examples
  89. * of implicit monitor are the per_cpu or the global ones.
  90. *
  91. * Retry in case there is a race between getting and setting the next state,
  92. * warn and reset the monitor if it runs out of retries. The monitor should be
  93. * able to handle various orders.
  94. */
  95. static inline bool da_event(struct da_monitor *da_mon, enum events event)
  96. {
  97. enum states curr_state, next_state;
  98. curr_state = READ_ONCE(da_mon->curr_state);
  99. for (int i = 0; i < MAX_DA_RETRY_RACING_EVENTS; i++) {
  100. next_state = model_get_next_state(curr_state, event);
  101. if (next_state == INVALID_STATE) {
  102. react(curr_state, event);
  103. CONCATENATE(trace_error_, MONITOR_NAME)(
  104. model_get_state_name(curr_state),
  105. model_get_event_name(event));
  106. return false;
  107. }
  108. if (likely(try_cmpxchg(&da_mon->curr_state, &curr_state, next_state))) {
  109. CONCATENATE(trace_event_, MONITOR_NAME)(
  110. model_get_state_name(curr_state),
  111. model_get_event_name(event),
  112. model_get_state_name(next_state),
  113. model_is_final_state(next_state));
  114. return true;
  115. }
  116. }
  117. trace_rv_retries_error(__stringify(MONITOR_NAME), model_get_event_name(event));
  118. pr_warn("rv: " __stringify(MAX_DA_RETRY_RACING_EVENTS)
  119. " retries reached for event %s, resetting monitor %s",
  120. model_get_event_name(event), __stringify(MONITOR_NAME));
  121. return false;
  122. }
  123. #elif RV_MON_TYPE == RV_MON_PER_TASK
  124. /*
  125. * Event handler for per_task monitors.
  126. *
  127. * Retry in case there is a race between getting and setting the next state,
  128. * warn and reset the monitor if it runs out of retries. The monitor should be
  129. * able to handle various orders.
  130. */
  131. static inline bool da_event(struct da_monitor *da_mon, struct task_struct *tsk,
  132. enum events event)
  133. {
  134. enum states curr_state, next_state;
  135. curr_state = READ_ONCE(da_mon->curr_state);
  136. for (int i = 0; i < MAX_DA_RETRY_RACING_EVENTS; i++) {
  137. next_state = model_get_next_state(curr_state, event);
  138. if (next_state == INVALID_STATE) {
  139. react(curr_state, event);
  140. CONCATENATE(trace_error_, MONITOR_NAME)(tsk->pid,
  141. model_get_state_name(curr_state),
  142. model_get_event_name(event));
  143. return false;
  144. }
  145. if (likely(try_cmpxchg(&da_mon->curr_state, &curr_state, next_state))) {
  146. CONCATENATE(trace_event_, MONITOR_NAME)(tsk->pid,
  147. model_get_state_name(curr_state),
  148. model_get_event_name(event),
  149. model_get_state_name(next_state),
  150. model_is_final_state(next_state));
  151. return true;
  152. }
  153. }
  154. trace_rv_retries_error(__stringify(MONITOR_NAME), model_get_event_name(event));
  155. pr_warn("rv: " __stringify(MAX_DA_RETRY_RACING_EVENTS)
  156. " retries reached for event %s, resetting monitor %s",
  157. model_get_event_name(event), __stringify(MONITOR_NAME));
  158. return false;
  159. }
  160. #endif /* RV_MON_TYPE */
  161. #if RV_MON_TYPE == RV_MON_GLOBAL
  162. /*
  163. * Functions to define, init and get a global monitor.
  164. */
  165. /*
  166. * global monitor (a single variable)
  167. */
  168. static struct da_monitor DA_MON_NAME;
  169. /*
  170. * da_get_monitor - return the global monitor address
  171. */
  172. static struct da_monitor *da_get_monitor(void)
  173. {
  174. return &DA_MON_NAME;
  175. }
  176. /*
  177. * da_monitor_reset_all - reset the single monitor
  178. */
  179. static void da_monitor_reset_all(void)
  180. {
  181. da_monitor_reset(da_get_monitor());
  182. }
  183. /*
  184. * da_monitor_init - initialize a monitor
  185. */
  186. static inline int da_monitor_init(void)
  187. {
  188. da_monitor_reset_all();
  189. return 0;
  190. }
  191. /*
  192. * da_monitor_destroy - destroy the monitor
  193. */
  194. static inline void da_monitor_destroy(void) { }
  195. #elif RV_MON_TYPE == RV_MON_PER_CPU
  196. /*
  197. * Functions to define, init and get a per-cpu monitor.
  198. */
  199. /*
  200. * per-cpu monitor variables
  201. */
  202. static DEFINE_PER_CPU(struct da_monitor, DA_MON_NAME);
  203. /*
  204. * da_get_monitor - return current CPU monitor address
  205. */
  206. static struct da_monitor *da_get_monitor(void)
  207. {
  208. return this_cpu_ptr(&DA_MON_NAME);
  209. }
  210. /*
  211. * da_monitor_reset_all - reset all CPUs' monitor
  212. */
  213. static void da_monitor_reset_all(void)
  214. {
  215. struct da_monitor *da_mon;
  216. int cpu;
  217. for_each_cpu(cpu, cpu_online_mask) {
  218. da_mon = per_cpu_ptr(&DA_MON_NAME, cpu);
  219. da_monitor_reset(da_mon);
  220. }
  221. }
  222. /*
  223. * da_monitor_init - initialize all CPUs' monitor
  224. */
  225. static inline int da_monitor_init(void)
  226. {
  227. da_monitor_reset_all();
  228. return 0;
  229. }
  230. /*
  231. * da_monitor_destroy - destroy the monitor
  232. */
  233. static inline void da_monitor_destroy(void) { }
  234. #elif RV_MON_TYPE == RV_MON_PER_TASK
  235. /*
  236. * Functions to define, init and get a per-task monitor.
  237. */
  238. /*
  239. * The per-task monitor is stored a vector in the task struct. This variable
  240. * stores the position on the vector reserved for this monitor.
  241. */
  242. static int task_mon_slot = RV_PER_TASK_MONITOR_INIT;
  243. /*
  244. * da_get_monitor - return the monitor in the allocated slot for tsk
  245. */
  246. static inline struct da_monitor *da_get_monitor(struct task_struct *tsk)
  247. {
  248. return &tsk->rv[task_mon_slot].da_mon;
  249. }
  250. static void da_monitor_reset_all(void)
  251. {
  252. struct task_struct *g, *p;
  253. int cpu;
  254. read_lock(&tasklist_lock);
  255. for_each_process_thread(g, p)
  256. da_monitor_reset(da_get_monitor(p));
  257. for_each_present_cpu(cpu)
  258. da_monitor_reset(da_get_monitor(idle_task(cpu)));
  259. read_unlock(&tasklist_lock);
  260. }
  261. /*
  262. * da_monitor_init - initialize the per-task monitor
  263. *
  264. * Try to allocate a slot in the task's vector of monitors. If there
  265. * is an available slot, use it and reset all task's monitor.
  266. */
  267. static int da_monitor_init(void)
  268. {
  269. int slot;
  270. slot = rv_get_task_monitor_slot();
  271. if (slot < 0 || slot >= RV_PER_TASK_MONITOR_INIT)
  272. return slot;
  273. task_mon_slot = slot;
  274. da_monitor_reset_all();
  275. return 0;
  276. }
  277. /*
  278. * da_monitor_destroy - return the allocated slot
  279. */
  280. static inline void da_monitor_destroy(void)
  281. {
  282. if (task_mon_slot == RV_PER_TASK_MONITOR_INIT) {
  283. WARN_ONCE(1, "Disabling a disabled monitor: " __stringify(MONITOR_NAME));
  284. return;
  285. }
  286. rv_put_task_monitor_slot(task_mon_slot);
  287. task_mon_slot = RV_PER_TASK_MONITOR_INIT;
  288. }
  289. #endif /* RV_MON_TYPE */
  290. #if RV_MON_TYPE == RV_MON_GLOBAL || RV_MON_TYPE == RV_MON_PER_CPU
  291. /*
  292. * Handle event for implicit monitor: da_get_monitor() will figure out
  293. * the monitor.
  294. */
  295. static inline void __da_handle_event(struct da_monitor *da_mon,
  296. enum events event)
  297. {
  298. bool retval;
  299. retval = da_event(da_mon, event);
  300. if (!retval)
  301. da_monitor_reset(da_mon);
  302. }
  303. /*
  304. * da_handle_event - handle an event
  305. */
  306. static inline void da_handle_event(enum events event)
  307. {
  308. struct da_monitor *da_mon = da_get_monitor();
  309. bool retval;
  310. retval = da_monitor_handling_event(da_mon);
  311. if (!retval)
  312. return;
  313. __da_handle_event(da_mon, event);
  314. }
  315. /*
  316. * da_handle_start_event - start monitoring or handle event
  317. *
  318. * This function is used to notify the monitor that the system is returning
  319. * to the initial state, so the monitor can start monitoring in the next event.
  320. * Thus:
  321. *
  322. * If the monitor already started, handle the event.
  323. * If the monitor did not start yet, start the monitor but skip the event.
  324. */
  325. static inline bool da_handle_start_event(enum events event)
  326. {
  327. struct da_monitor *da_mon;
  328. if (!da_monitor_enabled())
  329. return 0;
  330. da_mon = da_get_monitor();
  331. if (unlikely(!da_monitoring(da_mon))) {
  332. da_monitor_start(da_mon);
  333. return 0;
  334. }
  335. __da_handle_event(da_mon, event);
  336. return 1;
  337. }
  338. /*
  339. * da_handle_start_run_event - start monitoring and handle event
  340. *
  341. * This function is used to notify the monitor that the system is in the
  342. * initial state, so the monitor can start monitoring and handling event.
  343. */
  344. static inline bool da_handle_start_run_event(enum events event)
  345. {
  346. struct da_monitor *da_mon;
  347. if (!da_monitor_enabled())
  348. return 0;
  349. da_mon = da_get_monitor();
  350. if (unlikely(!da_monitoring(da_mon)))
  351. da_monitor_start(da_mon);
  352. __da_handle_event(da_mon, event);
  353. return 1;
  354. }
  355. #elif RV_MON_TYPE == RV_MON_PER_TASK
  356. /*
  357. * Handle event for per task.
  358. */
  359. static inline void __da_handle_event(struct da_monitor *da_mon,
  360. struct task_struct *tsk, enum events event)
  361. {
  362. bool retval;
  363. retval = da_event(da_mon, tsk, event);
  364. if (!retval)
  365. da_monitor_reset(da_mon);
  366. }
  367. /*
  368. * da_handle_event - handle an event
  369. */
  370. static inline void da_handle_event(struct task_struct *tsk, enum events event)
  371. {
  372. struct da_monitor *da_mon = da_get_monitor(tsk);
  373. bool retval;
  374. retval = da_monitor_handling_event(da_mon);
  375. if (!retval)
  376. return;
  377. __da_handle_event(da_mon, tsk, event);
  378. }
  379. /*
  380. * da_handle_start_event - start monitoring or handle event
  381. *
  382. * This function is used to notify the monitor that the system is returning
  383. * to the initial state, so the monitor can start monitoring in the next event.
  384. * Thus:
  385. *
  386. * If the monitor already started, handle the event.
  387. * If the monitor did not start yet, start the monitor but skip the event.
  388. */
  389. static inline bool da_handle_start_event(struct task_struct *tsk,
  390. enum events event)
  391. {
  392. struct da_monitor *da_mon;
  393. if (!da_monitor_enabled())
  394. return 0;
  395. da_mon = da_get_monitor(tsk);
  396. if (unlikely(!da_monitoring(da_mon))) {
  397. da_monitor_start(da_mon);
  398. return 0;
  399. }
  400. __da_handle_event(da_mon, tsk, event);
  401. return 1;
  402. }
  403. /*
  404. * da_handle_start_run_event - start monitoring and handle event
  405. *
  406. * This function is used to notify the monitor that the system is in the
  407. * initial state, so the monitor can start monitoring and handling event.
  408. */
  409. static inline bool da_handle_start_run_event(struct task_struct *tsk,
  410. enum events event)
  411. {
  412. struct da_monitor *da_mon;
  413. if (!da_monitor_enabled())
  414. return 0;
  415. da_mon = da_get_monitor(tsk);
  416. if (unlikely(!da_monitoring(da_mon)))
  417. da_monitor_start(da_mon);
  418. __da_handle_event(da_mon, tsk, event);
  419. return 1;
  420. }
  421. #endif /* RV_MON_TYPE */
  422. #endif