lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALAqxLV4AeGnxSjRqsN4Oge4+KHJ6gxm3oXM+uNEx6btuAc2wA@mail.gmail.com>
Date:   Mon, 22 May 2017 12:06:04 -0700
From:   John Stultz <john.stultz@...aro.org>
To:     Michael Ellerman <mpe@...erman.id.au>
Cc:     lkml <linux-kernel@...r.kernel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...nel.org>,
        Miroslav Lichvar <mlichvar@...hat.com>,
        Richard Cochran <richardcochran@...il.com>,
        Prarit Bhargava <prarit@...hat.com>,
        Marcelo Tosatti <mtosatti@...hat.com>,
        Paul Mackerras <paulus@...ba.org>,
        Anton Blanchard <anton@...ba.org>,
        Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        Tony Luck <tony.luck@...el.com>,
        Fenghua Yu <fenghua.yu@...el.com>
Subject: Re: [RFC][PATCH] time: Add warning about imminent deprecation of CONFIG_GENERIC_TIME_VSYSCALL_OLD

On Sun, May 21, 2017 at 5:58 PM, Michael Ellerman <mpe@...erman.id.au> wrote:
> John Stultz <john.stultz@...aro.org> writes:
>
>> CONFIG_GENERIC_TIME_VSYSCALL_OLD was introduced five years ago
>> to allow a transition from the old vsyscall implementations to
>> the new method (which simplified internal accounting and made
>> timekeeping more precise).
>
> I'm sure it's completely obvious to everyone except me what needs to be
> done, but can you spell it out for me? Keeping in mind that I don't know
> anything about the time keeping code.

No. Apologies, I probably should have included something like this.

Basically long ago, timekeeping was handled (roughly) like:

clock_gettime():
    now = tk->clock->read()
    offset_ns = ((now - tk->cycle_last) * tk->clock->mult) >> tk->clock->shift;
    return timespec_add_ns(tk->xtime, offset_ns);

But since for error handling use sub-ns precision, combined with that
for update performance, we accumulate in fixed intervals, there are
situations where in the update, we could accumulate half of a
nanosecond into the base tk->xtime value and leaving half of a
nanosecond in the offset.   This caused the split nanosecond to be
truncated out by the math, causing 1ns discontinuities.

So to address this, we came up with sort of a hack, which when we
accumulate rounds up that partial nanosecond, and adds the amount we
rounded up to the error (which will cause the freq correction code to
slow the clock down slightly). This is the code that is now done in
the old_vsyscall_fixup() logic.

Unfortunately this fix (which generates up to a nanosecond of error
per tick) then made the freq correction code do more work and made it
more difficult to have a stable clock.

So we went for a more proper fix, which was to properly handle the
sub-nanosecond portion of the timekeeping throughout the logic, doing
the truncation last.

clock_gettime():
    now = tk->clock->read()
    ret.tv_sec = tk->xtime_sec;
    offset_sns = (now - tk->cycle_last) * tk->clock->mult;
    ret.tv_nsec = (offset_sns + tk->tkr_mono.xtime_nsec) >> tk->clock->shift;
    return ret;

So in the above, we now use the tk->tkr_mono.xtime_nsec (which despite
its unfortunate name, stores the accumulated shifted nanoseconds), and
add it to the (current_cycle_delta * clock->mult), then we do the
shift last to preserve as much precision as we can.

Unfortunately we need all the reader code to do the same, which wasn't
easy to transition in some cases. So we provided the
CONFIG_GENERIC_TIME_VSYSCALL_OLD option to preserve the old round-up
behavior while arch maintainers could make the transition.


>> However, PPC and IA64 have yet to make the transition, despite
>> in some cases me sending test patches to try to help it along.
>>
>> http://patches.linaro.org/patch/30501/
>> http://patches.linaro.org/patch/35412/
>
> I've never seen a PPC patch, did you send one?

Yea. The PPC patch I never felt comfortable enough with to send.


>> If its helpful, my last pass at the patches can be found here:
>> https://git.linaro.org/people/john.stultz/linux.git dev/oldvsyscall-cleanup
>
> Looks like it's just a draft for PPC. Do you think that should work and
> it just needs testing? The comment about the vdso being "slightly
> behind" is a little concerning.

So, long ago I talked w/ Paul Mackerras about the ppc vdso code, as
ppc has some other legacy "userspace time" code that has to be
maintained as well (I believe there's not code page, just data page
that userspace pulls directly from). So for that case, we have the
problem where we can't do this sub-ns accounting, so the hack there is
rather then rounding-up and adding to ntp_error in the accumulation
code (which then causes the mult to slow), we're basically doing it
in the reader, slowing down mult by one. This will cause userspace
time to have "steps" where after an accumulation time jumps forward a
bit, but avoids the possibility of a discontinuity where time jumps
backwards.

But again, I don't want to pretend I'm not an expert on the ppc side.
This draft patch doesn't even touch the __kernel_clock_gettime()
implementations, and was trying to preserve the existing ppc logic
while transitioning the core code. Its likely that a better fix should
be done deeper in the ppc side (likely splitting the legacy userspace
data formats out so any hacks only apply to them).

thanks
-john

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ