Re: [PATCH 7/9] rv: Do not rely on clean monitor when initialising HA

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Wen Yang <wen.yang@linux.dev>
To: Gabriele Monaco <gmonaco@redhat.com>,
	linux-kernel@vger.kernel.org,
	Steven Rostedt <rostedt@goodmis.org>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	Nam Cao <namcao@linutronix.de>,
	linux-trace-kernel@vger.kernel.org
Subject: Re: [PATCH 7/9] rv: Do not rely on clean monitor when initialising HA
Date: Sun, 17 May 2026 17:15:50 +0800	[thread overview]
Message-ID: <4c623c63-682d-495c-86e6-6ed8832d3480@linux.dev> (raw)
In-Reply-To: <20260512140250.262190-8-gmonaco@redhat.com>


The ha_mon_initializing flag correctly
guards the init path against stale monitoring=1 (from either a previous
different monitor type or a race during teardown of the previous instance).


Reviewed-by: Wen Yang <wen.yang@linux.dev>


On 5/12/26 22:02, Gabriele Monaco wrote:
> Hybrid Automata monitors hook into the DA implementation when doing
> da_monitor_reset(). This function is called both on initialisation and
> teardown, HA monitors try to cancel a timer only when it's initialised
> relying on the da_mon->monitoring flag. This flag could however be
> corrupted during initialisation. This happens for instance on per-task
> monitors that share the same storage with different type of monitors
> like LTL or in case of races during a previous teardown.
> 
> Stop relying on the monitoring flag during initialisation, assume that
> can have any value, so skip timer cancellation in any case when a local
> flag is set. New monitors (e.g. new tasks) are always zero-initialised
> so they are safe.
> 
> Reported-by: Wen Yang <wen.yang@linux.dev>
> Closes: https://lore.kernel.org/lkml/d02c656aada7d071f083460a5c9a454363669b61.1778522945.git.wen.yang@linux.dev
> Fixes: f5587d1b6ec9 ("rv: Add Hybrid Automata monitor type")
> Signed-off-by: Gabriele Monaco <gmonaco@redhat.com>
> ---
>   include/rv/ha_monitor.h                       | 31 ++++++++++++++++++-
>   kernel/trace/rv/monitors/nomiss/nomiss.c      |  4 +--
>   kernel/trace/rv/monitors/opid/opid.c          |  4 +--
>   kernel/trace/rv/monitors/stall/stall.c        |  4 +--
>   .../rvgen/rvgen/templates/dot2k/main.c        |  4 +--
>   5 files changed, 38 insertions(+), 9 deletions(-)
> 
> diff --git a/include/rv/ha_monitor.h b/include/rv/ha_monitor.h
> index 47ff1a41febe..11ae85bad492 100644
> --- a/include/rv/ha_monitor.h
> +++ b/include/rv/ha_monitor.h
> @@ -116,6 +116,35 @@ static enum hrtimer_restart ha_monitor_timer_callback(struct hrtimer *hrtimer);
>   #define ha_get_ns() 0
>   #endif /* HA_CLK_NS */
>   
> +static bool ha_mon_initializing;
> +
> +static int ha_monitor_init(void)
> +{
> +	int ret;
> +
> +	ha_mon_initializing = true;
> +	ret = da_monitor_init();
> +	ha_mon_initializing = false;
> +	return ret;
> +}
> +
> +static void ha_monitor_destroy(void)
> +{
> +	da_monitor_destroy();
> +}
> +
> +/*
> + * ha_monitor_uninitialized - are fields like the timer initialized?
> + *
> + * On a clean monitor, we can assume an active monitor (monitoring) is
> + * initialized, however the monitoring field cannot be trusted during
> + * initialization.
> + */
> +static inline bool ha_monitor_uninitialized(struct da_monitor *da_mon)
> +{
> +	return ha_mon_initializing || !da_monitoring(da_mon);
> +}
> +
>   /* Should be supplied by the monitor */
>   static u64 ha_get_env(struct ha_monitor *ha_mon, enum envs env, u64 time_ns);
>   static bool ha_verify_constraint(struct ha_monitor *ha_mon,
> @@ -160,7 +189,7 @@ static inline void ha_monitor_reset_env(struct da_monitor *da_mon)
>   	struct ha_monitor *ha_mon = to_ha_monitor(da_mon);
>   
>   	/* Initialisation resets the monitor before initialising the timer */
> -	if (likely(da_monitoring(da_mon)))
> +	if (likely(!ha_monitor_uninitialized(da_mon)))
>   		ha_cancel_timer(ha_mon);
>   }
>   
> diff --git a/kernel/trace/rv/monitors/nomiss/nomiss.c b/kernel/trace/rv/monitors/nomiss/nomiss.c
> index 31f90f3638d8..8ead8783c29f 100644
> --- a/kernel/trace/rv/monitors/nomiss/nomiss.c
> +++ b/kernel/trace/rv/monitors/nomiss/nomiss.c
> @@ -227,7 +227,7 @@ static int enable_nomiss(void)
>   {
>   	int retval;
>   
> -	retval = da_monitor_init();
> +	retval = ha_monitor_init();
>   	if (retval)
>   		return retval;
>   
> @@ -263,7 +263,7 @@ static void disable_nomiss(void)
>   	rv_detach_trace_probe("nomiss", sched_switch, handle_sched_switch);
>   	rv_detach_trace_probe("nomiss", sched_wakeup, handle_sched_wakeup);
>   
> -	da_monitor_destroy();
> +	ha_monitor_destroy();
>   }
>   
>   static struct rv_monitor rv_this = {
> diff --git a/kernel/trace/rv/monitors/opid/opid.c b/kernel/trace/rv/monitors/opid/opid.c
> index 4594c7c46601..2922318c6112 100644
> --- a/kernel/trace/rv/monitors/opid/opid.c
> +++ b/kernel/trace/rv/monitors/opid/opid.c
> @@ -73,7 +73,7 @@ static int enable_opid(void)
>   {
>   	int retval;
>   
> -	retval = da_monitor_init();
> +	retval = ha_monitor_init();
>   	if (retval)
>   		return retval;
>   
> @@ -90,7 +90,7 @@ static void disable_opid(void)
>   	rv_detach_trace_probe("opid", sched_set_need_resched_tp, handle_sched_need_resched);
>   	rv_detach_trace_probe("opid", sched_waking, handle_sched_waking);
>   
> -	da_monitor_destroy();
> +	ha_monitor_destroy();
>   }
>   
>   /*
> diff --git a/kernel/trace/rv/monitors/stall/stall.c b/kernel/trace/rv/monitors/stall/stall.c
> index 9ccfda6b0e73..3c38fb1a0159 100644
> --- a/kernel/trace/rv/monitors/stall/stall.c
> +++ b/kernel/trace/rv/monitors/stall/stall.c
> @@ -103,7 +103,7 @@ static int enable_stall(void)
>   {
>   	int retval;
>   
> -	retval = da_monitor_init();
> +	retval = ha_monitor_init();
>   	if (retval)
>   		return retval;
>   
> @@ -120,7 +120,7 @@ static void disable_stall(void)
>   	rv_detach_trace_probe("stall", sched_switch, handle_sched_switch);
>   	rv_detach_trace_probe("stall", sched_wakeup, handle_sched_wakeup);
>   
> -	da_monitor_destroy();
> +	ha_monitor_destroy();
>   }
>   
>   static struct rv_monitor rv_this = {
> diff --git a/tools/verification/rvgen/rvgen/templates/dot2k/main.c b/tools/verification/rvgen/rvgen/templates/dot2k/main.c
> index bf0999f6657a..889446760e3c 100644
> --- a/tools/verification/rvgen/rvgen/templates/dot2k/main.c
> +++ b/tools/verification/rvgen/rvgen/templates/dot2k/main.c
> @@ -35,7 +35,7 @@ static int enable_%%MODEL_NAME%%(void)
>   {
>   	int retval;
>   
> -	retval = da_monitor_init();
> +	retval = %%MONITOR_CLASS%%_monitor_init();
>   	if (retval)
>   		return retval;
>   
> @@ -50,7 +50,7 @@ static void disable_%%MODEL_NAME%%(void)
>   
>   %%TRACEPOINT_DETACH%%
>   
> -	da_monitor_destroy();
> +	%%MONITOR_CLASS%%_monitor_destroy();
>   }
>   
>   /*

next prev parent reply	other threads:[~2026-05-17  9:16 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-12 14:02 [PATCH 0/9] rv: Fixes on Deterministic and Hybrid Automata Gabriele Monaco
2026-05-12 14:02 ` [PATCH 1/9] rv: Fix __user specifier usage in extract_params() Gabriele Monaco
2026-05-17  8:48   ` Wen Yang
2026-05-12 14:02 ` [PATCH 2/9] rv: Fix read_lock scope in per-task DA cleanup Gabriele Monaco
2026-05-17  8:51   ` Wen Yang
2026-05-12 14:02 ` [PATCH 3/9] rv: Reset per-task DA monitors before releasing the slot Gabriele Monaco
2026-05-17  8:55   ` Wen Yang
2026-05-12 14:02 ` [PATCH 4/9] rv: Prevent task migration while handling per-CPU events Gabriele Monaco
2026-05-17  8:57   ` Wen Yang
2026-05-12 14:02 ` [PATCH 5/9] rv: Ensure all pending probes terminate on per-obj monitor destroy Gabriele Monaco
2026-05-17  9:01   ` Wen Yang
2026-05-12 14:02 ` [PATCH 6/9] rv: Ensure synchronous cleanup for HA monitors Gabriele Monaco
2026-05-17  9:12   ` Wen Yang
2026-05-18 11:54     ` Gabriele Monaco
2026-05-19  9:31       ` Gabriele Monaco
2026-05-19 16:48       ` Wen Yang
2026-05-20 11:22         ` Gabriele Monaco
2026-05-26 17:27           ` Wen Yang
2026-05-12 14:02 ` [PATCH 7/9] rv: Do not rely on clean monitor when initialising HA Gabriele Monaco
2026-05-17  9:15   ` Wen Yang [this message]
2026-05-12 14:02 ` [PATCH 8/9] rv: Add automatic cleanup handlers for per-task HA monitors Gabriele Monaco
2026-05-17  9:40   ` Wen Yang
2026-05-18 12:18     ` Gabriele Monaco
2026-05-12 14:02 ` [PATCH 9/9] rv: Mandate deallocation for per-obj monitors Gabriele Monaco
2026-05-17  9:52   ` Wen Yang
2026-05-18  6:36     ` Gabriele Monaco
2026-05-18 15:40       ` Wen Yang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4c623c63-682d-495c-86e6-6ed8832d3480@linux.dev \
    --to=wen.yang@linux.dev \
    --cc=gmonaco@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-trace-kernel@vger.kernel.org \
    --cc=mhiramat@kernel.org \
    --cc=namcao@linutronix.de \
    --cc=rostedt@goodmis.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.