| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Oct 2020 18:19:38 -0400
From: Carlos O'Donell <carlos@...hat.com>
To: Thomas Gleixner <tglx@...utronix.de>,
Zack Weinberg <zackw@...ix.com>, Cyril Hrubis <chrubis@...e.cz>
Cc: Dmitry Safonov <dima@...sta.com>, Andrei Vagin <avagin@...il.com>,
GNU C Library <libc-alpha@...rceware.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [Y2038][time namespaces] Question regarding CLOCK_REALTIME
support plans in Linux time namespaces
On 10/30/20 4:06 PM, Thomas Gleixner wrote:
> On Fri, Oct 30 2020 at 12:58, Carlos O'Donell wrote:
>> I expect that more requests for further time isolation will happen
>> given the utility of this in containers.
>
> There was a lengthy discussion about this and the only "usecase" which
> was brought up was having different NTP servers in name spaces, i.e. the
> leap second ones and the smearing ones.
In the non-"request for ponies" category:
* Running legacy 32-bit applications in containers with CLOCK_REALTIME set
to some value below y2038.
* Testing kernel and userspace clock handling code without needing to
run on bare-metal, VM, or other.
> Now imagine 1000 containers each running their own NTP. Guess what the
> host does in each timer interrupt? Chasing 1000 containers and update
> their notion of CLOCK_REALTIME. In the remaining 5% CPU time the 1000
> containers can do their computations.
How is this different than balancing any other resource that you give
to a container/vm on a host?
Can you enable 1000 containers running smbd/nmbd and expect to get
great IO performance?
> But even if you restrict it to a trivial offset without NTP
> capabilities, what's the semantics of that offset when the host time is
> set?
Now you're talking about an implementation. This thread is simply
"Would we implement CLOCK_REALTIME?" Is the answer "Maybe, if we solve
all these other problems?"
>> If we have to use qemu today then that's where we're at, but again
>> I expect our use case is representative of more than just glibc.
>
> For testing purposes it might be. For real world use cases not so
> much. People tend to rely on the coordinated nature of CLOCK_TAI and
> CLOCK_REALTIME.
Except we have two real world use cases, at the top of this email,
that could extend to a lot of software. We know legacy 32-bit
applications exist that will break with CLOCK_REALTIME past
y2038. Software exists that manipulates time and needs testing
with specific time values e.g. month crossings, day crossings,
leap year crossings, etc.
>> Does checkpointing work robustly when userspace APIS use
>> CLOCK_REALTIME (directly or indirectly) in the container?
>
> AFAICT, yes. That was the conclusion over the lenghty discussion about
> time name spaces and their requirements.
If this is the case then have we established behaviours that
happen when such processes are migrated to other systems with
different CLOCK_REALTIME clocks? Would these behaviours serve
as the basis of how CLOCK_REALTIME in a namespace would behave?
That is to say that migrating a container to a system with a
different CLOCK_REALTIME should behave similarly to what happens
when CLOCK_REALTIME is changed locally and you have a container
with a unique CLOCK_REALTIME?
> Here is the Linux plumber session related to that:
> https://www.youtube.com/watch?v=sjRUiqJVzOA
Thanks. I watched the session. Informative :-)
--
Cheers,
Carlos.
Powered by blists - more mailing lists