CLOCK_REALTIME is the only clock that often is misused in real-time applications. The other clocks either are safe for real-time uses (CLOCK_TAI, CLOCK_MONOTONIC, CLOCK_BOOTTIME) or are unlikely to be misused (CLOCK_AUX, CLOCK_PROCESS_CPUTIME_ID).
Update the monitor to only warn about CLOCK_REALTIME. While at it, update the out-of-sync documentation. Signed-off-by: Nam Cao <[email protected]> --- Documentation/trace/rv/monitor_rtapp.rst | 17 +++++--- kernel/trace/rv/monitors/sleep/sleep.c | 12 ++---- kernel/trace/rv/monitors/sleep/sleep.h | 52 +++++++++++------------ tools/verification/models/rtapp/sleep.ltl | 2 +- 4 files changed, 39 insertions(+), 44 deletions(-) diff --git a/Documentation/trace/rv/monitor_rtapp.rst b/Documentation/trace/rv/monitor_rtapp.rst index 01656bf7080a..570be67a8f3b 100644 --- a/Documentation/trace/rv/monitor_rtapp.rst +++ b/Documentation/trace/rv/monitor_rtapp.rst @@ -51,12 +51,13 @@ The `sleep` monitor reports real-time threads sleeping in a manner that may cause undesirable latency. Real-time applications should only put a real-time thread to sleep for one of the following reasons: - - Cyclic work: real-time thread sleeps waiting for the next cycle. For this - case, only the `clock_nanosleep` syscall should be used with `TIMER_ABSTIME` - (to avoid time drift) and `CLOCK_MONOTONIC` (to avoid the clock being - changed). No other method is safe for real-time. For example, threads - waiting for timerfd can be woken by softirq which provides no real-time - guarantee. + - Cyclic work: real-time thread sleeps waiting for the next + cycle. For this case, only the `clock_nanosleep` syscall should be + used with `TIMER_ABSTIME` (to avoid time drift). Additionally, + `CLOCK_REALTIME` should not be used (to avoid the clock being + changed). No other method is safe for real-time. For example, + threads waiting for timerfd can be woken by softirq which provides + no real-time guarantee. - Real-time thread waiting for something to happen (e.g. another thread releasing shared resources, or a completion signal from another thread). In this case, only futexes (FUTEX_LOCK_PI, FUTEX_LOCK_PI2 or one of @@ -99,14 +100,16 @@ The monitor's specification is:: RT_VALID_SLEEP_REASON = FUTEX_WAIT or RT_FRIENDLY_NANOSLEEP + or EPOLL_WAIT RT_FRIENDLY_NANOSLEEP = CLOCK_NANOSLEEP and NANOSLEEP_TIMER_ABSTIME - and NANOSLEEP_CLOCK_MONOTONIC + and not NANOSLEEP_CLOCK_REALTIME RT_FRIENDLY_WAKE = WOKEN_BY_EQUAL_OR_HIGHER_PRIO or WOKEN_BY_HARDIRQ or WOKEN_BY_NMI + or ABORT_SLEEP or KTHREAD_SHOULD_STOP ALLOWLIST = BLOCK_ON_RT_MUTEX diff --git a/kernel/trace/rv/monitors/sleep/sleep.c b/kernel/trace/rv/monitors/sleep/sleep.c index d6b677fab8f8..638be7d8747f 100644 --- a/kernel/trace/rv/monitors/sleep/sleep.c +++ b/kernel/trace/rv/monitors/sleep/sleep.c @@ -44,8 +44,7 @@ static void ltl_atoms_init(struct task_struct *task, struct ltl_monitor *mon, bo if (task_creation) { ltl_atom_set(mon, LTL_KTHREAD_SHOULD_STOP, false); - ltl_atom_set(mon, LTL_NANOSLEEP_CLOCK_MONOTONIC, false); - ltl_atom_set(mon, LTL_NANOSLEEP_CLOCK_TAI, false); + ltl_atom_set(mon, LTL_NANOSLEEP_CLOCK_REALTIME, false); ltl_atom_set(mon, LTL_NANOSLEEP_TIMER_ABSTIME, false); ltl_atom_set(mon, LTL_CLOCK_NANOSLEEP, false); ltl_atom_set(mon, LTL_FUTEX_WAIT, false); @@ -60,8 +59,7 @@ static void ltl_atoms_init(struct task_struct *task, struct ltl_monitor *mon, bo /* kernel tasks do not do syscall */ ltl_atom_set(mon, LTL_FUTEX_WAIT, false); ltl_atom_set(mon, LTL_FUTEX_LOCK_PI, false); - ltl_atom_set(mon, LTL_NANOSLEEP_CLOCK_MONOTONIC, false); - ltl_atom_set(mon, LTL_NANOSLEEP_CLOCK_TAI, false); + ltl_atom_set(mon, LTL_NANOSLEEP_CLOCK_REALTIME, false); ltl_atom_set(mon, LTL_NANOSLEEP_TIMER_ABSTIME, false); ltl_atom_set(mon, LTL_CLOCK_NANOSLEEP, false); ltl_atom_set(mon, LTL_EPOLL_WAIT, false); @@ -136,8 +134,7 @@ static void handle_sys_enter(void *data, struct pt_regs *regs, long id) case __NR_clock_nanosleep_time64: #endif syscall_get_arguments(current, regs, args); - ltl_atom_set(mon, LTL_NANOSLEEP_CLOCK_MONOTONIC, args[0] == CLOCK_MONOTONIC); - ltl_atom_set(mon, LTL_NANOSLEEP_CLOCK_TAI, args[0] == CLOCK_TAI); + ltl_atom_set(mon, LTL_NANOSLEEP_CLOCK_REALTIME, args[0] == CLOCK_REALTIME); ltl_atom_set(mon, LTL_NANOSLEEP_TIMER_ABSTIME, args[1] == TIMER_ABSTIME); ltl_atom_update(current, LTL_CLOCK_NANOSLEEP, true); break; @@ -178,8 +175,7 @@ static void handle_sys_exit(void *data, struct pt_regs *regs, long ret) ltl_atom_set(mon, LTL_FUTEX_LOCK_PI, false); ltl_atom_set(mon, LTL_FUTEX_WAIT, false); - ltl_atom_set(mon, LTL_NANOSLEEP_CLOCK_MONOTONIC, false); - ltl_atom_set(mon, LTL_NANOSLEEP_CLOCK_TAI, false); + ltl_atom_set(mon, LTL_NANOSLEEP_CLOCK_REALTIME, false); ltl_atom_set(mon, LTL_NANOSLEEP_TIMER_ABSTIME, false); ltl_atom_set(mon, LTL_EPOLL_WAIT, false); ltl_atom_update(current, LTL_CLOCK_NANOSLEEP, false); diff --git a/kernel/trace/rv/monitors/sleep/sleep.h b/kernel/trace/rv/monitors/sleep/sleep.h index 403dc2852c52..2fe2ec7edae8 100644 --- a/kernel/trace/rv/monitors/sleep/sleep.h +++ b/kernel/trace/rv/monitors/sleep/sleep.h @@ -20,8 +20,7 @@ enum ltl_atom { LTL_FUTEX_WAIT, LTL_KERNEL_THREAD, LTL_KTHREAD_SHOULD_STOP, - LTL_NANOSLEEP_CLOCK_MONOTONIC, - LTL_NANOSLEEP_CLOCK_TAI, + LTL_NANOSLEEP_CLOCK_REALTIME, LTL_NANOSLEEP_TIMER_ABSTIME, LTL_RT, LTL_SCHEDULE_IN, @@ -46,8 +45,7 @@ static const char *ltl_atom_str(enum ltl_atom atom) "fu_wa", "ker_th", "kth_sh_st", - "na_cl_mo", - "na_cl_ta", + "na_cl_re", "na_ti_ab", "rt", "sch_in", @@ -87,8 +85,7 @@ static void ltl_start(struct task_struct *task, struct ltl_monitor *mon) bool schedule_in = test_bit(LTL_SCHEDULE_IN, mon->atoms); bool rt = test_bit(LTL_RT, mon->atoms); bool nanosleep_timer_abstime = test_bit(LTL_NANOSLEEP_TIMER_ABSTIME, mon->atoms); - bool nanosleep_clock_tai = test_bit(LTL_NANOSLEEP_CLOCK_TAI, mon->atoms); - bool nanosleep_clock_monotonic = test_bit(LTL_NANOSLEEP_CLOCK_MONOTONIC, mon->atoms); + bool nanosleep_clock_realtime = test_bit(LTL_NANOSLEEP_CLOCK_REALTIME, mon->atoms); bool kthread_should_stop = test_bit(LTL_KTHREAD_SHOULD_STOP, mon->atoms); bool kernel_thread = test_bit(LTL_KERNEL_THREAD, mon->atoms); bool futex_wait = test_bit(LTL_FUTEX_WAIT, mon->atoms); @@ -97,17 +94,17 @@ static void ltl_start(struct task_struct *task, struct ltl_monitor *mon) bool clock_nanosleep = test_bit(LTL_CLOCK_NANOSLEEP, mon->atoms); bool block_on_rt_mutex = test_bit(LTL_BLOCK_ON_RT_MUTEX, mon->atoms); bool abort_sleep = test_bit(LTL_ABORT_SLEEP, mon->atoms); - bool val42 = task_is_rcu || task_is_migration; - bool val43 = futex_lock_pi || val42; - bool val5 = block_on_rt_mutex || val43; - bool val34 = abort_sleep || kthread_should_stop; - bool val35 = woken_by_nmi || val34; - bool val36 = woken_by_hardirq || val35; - bool val14 = woken_by_equal_or_higher_prio || val36; + bool val41 = task_is_rcu || task_is_migration; + bool val42 = futex_lock_pi || val41; + bool val5 = block_on_rt_mutex || val42; + bool val33 = abort_sleep || kthread_should_stop; + bool val34 = woken_by_nmi || val33; + bool val35 = woken_by_hardirq || val34; + bool val14 = woken_by_equal_or_higher_prio || val35; bool val13 = !schedule_in; - bool val26 = nanosleep_clock_monotonic || nanosleep_clock_tai; - bool val27 = nanosleep_timer_abstime && val26; - bool val18 = clock_nanosleep && val27; + bool val25 = !nanosleep_clock_realtime; + bool val26 = nanosleep_timer_abstime && val25; + bool val18 = clock_nanosleep && val26; bool val20 = val18 || epoll_wait; bool val9 = futex_wait || val20; bool val11 = val9 || kernel_thread; @@ -138,8 +135,7 @@ ltl_possible_next_states(struct ltl_monitor *mon, unsigned int state, unsigned l bool schedule_in = test_bit(LTL_SCHEDULE_IN, mon->atoms); bool rt = test_bit(LTL_RT, mon->atoms); bool nanosleep_timer_abstime = test_bit(LTL_NANOSLEEP_TIMER_ABSTIME, mon->atoms); - bool nanosleep_clock_tai = test_bit(LTL_NANOSLEEP_CLOCK_TAI, mon->atoms); - bool nanosleep_clock_monotonic = test_bit(LTL_NANOSLEEP_CLOCK_MONOTONIC, mon->atoms); + bool nanosleep_clock_realtime = test_bit(LTL_NANOSLEEP_CLOCK_REALTIME, mon->atoms); bool kthread_should_stop = test_bit(LTL_KTHREAD_SHOULD_STOP, mon->atoms); bool kernel_thread = test_bit(LTL_KERNEL_THREAD, mon->atoms); bool futex_wait = test_bit(LTL_FUTEX_WAIT, mon->atoms); @@ -148,17 +144,17 @@ ltl_possible_next_states(struct ltl_monitor *mon, unsigned int state, unsigned l bool clock_nanosleep = test_bit(LTL_CLOCK_NANOSLEEP, mon->atoms); bool block_on_rt_mutex = test_bit(LTL_BLOCK_ON_RT_MUTEX, mon->atoms); bool abort_sleep = test_bit(LTL_ABORT_SLEEP, mon->atoms); - bool val42 = task_is_rcu || task_is_migration; - bool val43 = futex_lock_pi || val42; - bool val5 = block_on_rt_mutex || val43; - bool val34 = abort_sleep || kthread_should_stop; - bool val35 = woken_by_nmi || val34; - bool val36 = woken_by_hardirq || val35; - bool val14 = woken_by_equal_or_higher_prio || val36; + bool val41 = task_is_rcu || task_is_migration; + bool val42 = futex_lock_pi || val41; + bool val5 = block_on_rt_mutex || val42; + bool val33 = abort_sleep || kthread_should_stop; + bool val34 = woken_by_nmi || val33; + bool val35 = woken_by_hardirq || val34; + bool val14 = woken_by_equal_or_higher_prio || val35; bool val13 = !schedule_in; - bool val26 = nanosleep_clock_monotonic || nanosleep_clock_tai; - bool val27 = nanosleep_timer_abstime && val26; - bool val18 = clock_nanosleep && val27; + bool val25 = !nanosleep_clock_realtime; + bool val26 = nanosleep_timer_abstime && val25; + bool val18 = clock_nanosleep && val26; bool val20 = val18 || epoll_wait; bool val9 = futex_wait || val20; bool val11 = val9 || kernel_thread; diff --git a/tools/verification/models/rtapp/sleep.ltl b/tools/verification/models/rtapp/sleep.ltl index 464c84b9df87..5923e58d7810 100644 --- a/tools/verification/models/rtapp/sleep.ltl +++ b/tools/verification/models/rtapp/sleep.ltl @@ -9,7 +9,7 @@ RT_VALID_SLEEP_REASON = FUTEX_WAIT RT_FRIENDLY_NANOSLEEP = CLOCK_NANOSLEEP and NANOSLEEP_TIMER_ABSTIME - and (NANOSLEEP_CLOCK_MONOTONIC or NANOSLEEP_CLOCK_TAI) + and not NANOSLEEP_CLOCK_REALTIME RT_FRIENDLY_WAKE = WOKEN_BY_EQUAL_OR_HIGHER_PRIO or WOKEN_BY_HARDIRQ -- 2.47.3
