| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 13 May 2014 12:18:13 -0400 From: "George Spelvin" <linux@...izon.com> To: linux@...izon.com, mathieu.desnoyers@...icios.com Cc: john.stultz@...aro.org, linux-kernel@...r.kernel.org, peterz@...radead.org, tglx@...utronix.de Subject: Re: [PATCH 4/4] timekeeping: Use printk_deferred when holding timekeeping seqlock >> I was trying to tackle the "hard problem" of making *all* time reads >> non-blocking, with monotonicity guarantees. There has to be *some* bound >> on blocking times (in particular, time between reading hardware tiemrs >> and translating them to real time), but they can be reasonably long. > What I gathered from my past discussion with John on this topic is that > virtualization blows away pretty much any assumption we can make on > "update should be reasonably short". A virtualized CPU can be preempted > for a rather long time (AFAIU not possible to bound). Well, there are two kinds of time reads: 1) "What is the current time now?" This is easy, because if we stall it's okay to return any time in the appropriate window. 2) "Some time in the past I read the hardware clock with value c. What is the time in seconds corresponding to that?" I'll call number 2 "time conversion". This can be handled as long as the time between reading the clock and doing the conversion is reasonable. Otherwise, it'll fail, with "I don't remember that part of the piecewise clock/time conversion function." Now, obviously number 1 can be implemented by reading the hardware clock and converting it. As you point out, virtualization makes it impossible to guarantee any reasonable bound on the time between the two steps. But in case 1, we can easily handle failure by retrying the read. (Or, equivalently, returning the earliest time which we know how to convert.) All we can guarantee in case 1 is that we return the timestamp of some instant between call and return. If that time is made very long by the hypervisor descheduling us, it reduces the required precision. So it's possible to allow arbirearily long delays in time writes, in current-time reads, but conversion has a risk of failure. I don't think it's possible to do better, so that's kind of the limit. >> I think I have an idea that could work, but given the hairiness of >> the timeeeping code, implementing it would be a major project. > > Indeed, timekeeping is not for the faint of heart. ;-) But at least it's interesting, with problems other than undocumented bugs in hardware. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists