lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210423233954.GA3200520@paulmck-ThinkPad-P17-Gen-1>
Date:   Fri, 23 Apr 2021 16:39:54 -0700
From:   "Paul E. McKenney" <paulmck@...nel.org>
To:     Thomas Gleixner <tglx@...utronix.de>
Cc:     Feng Tang <feng.tang@...el.com>,
        Xing Zhengjun <zhengjun.xing@...ux.intel.com>,
        John Stultz <john.stultz@...aro.org>,
        Stephen Boyd <sboyd@...nel.org>,
        Jonathan Corbet <corbet@....net>,
        Mark Rutland <Mark.Rutland@....com>,
        Marc Zyngier <maz@...nel.org>, Andi Kleen <ak@...ux.intel.com>,
        Chris Mason <clm@...com>, LKML <linux-kernel@...r.kernel.org>,
        lkp@...ts.01.org, lkp@...el.com
Subject: Re: [LKP] Re: [clocksource] 6c52b5f3cf: stress-ng.opcode.ops_per_sec
 -14.4% regression

On Fri, Apr 23, 2021 at 02:14:44PM -0700, Paul E. McKenney wrote:
> On Fri, Apr 23, 2021 at 09:14:49PM +0200, Thomas Gleixner wrote:
> > On Thu, Apr 22 2021 at 07:24, Paul E. McKenney wrote:
> > > On Thu, Apr 22, 2021 at 03:41:26PM +0800, Feng Tang wrote:
> > > So what are our options?
> > >
> > > 1.	Clear CLOCK_SOURCE_MUST_VERIFY from tsc-early.
> > >
> > > 2.	#1, but add tsc-early into the watchdog list and set
> > > 	CLOCK_SOURCE_MUST_VERIFY once it is better calibrated.
> > >
> > > 3.	Add a field to struct clocksource that, if non-zero, gives
> > > 	the maximum drift in nanoseconds per half second (AKA
> > > 	WATCHDOG_INTERVAL).  If zero, the WATCHDOG_MAX_SKEW value
> > > 	is used.  Set this to (say) 150,000ns for tsc-early.
> > >
> > > 4.	As noted earlier, increase WATCHDOG_MAX_SKEW to 150 microseconds,
> > > 	which again is not a good approach given the real-world needs
> > > 	of real-world applications.
> > >
> > > 5.	Your ideas here.
> > 
> > #3 or add a flag to the clocksource which says 'frequency is guesswork' and
> > increase the threshold based on that.
> > 
> > If that flag is still set max_drift is != 0 after 20 seconds yell.
> 
> I made it 60 seconds based on recent experience with large systems,
> but sounds good!
> 
> And the calls to clocksource_unregister(&clocksource_tsc_early) mean
> that it is not necessary to actually clear the .max_drift field, if
> I understand correctly.
> 
> It looks to me that init_tsc_clocksource() is invoked at device_initcall()
> time, and that it either immediately unregisters clocksource_tsc_early
> (known TSC frequency), or schedules a delayed work to make
> tsc_refine_calibration_work() do the calibration and the unregister.
> 
> Please see below for an untested patch.

And after a bit of testing, with two of the N bugs fixed...

							Thanx, Paul

------------------------------------------------------------------------

commit e85f58eefb8e4803a3a6a0c68e5bdd82ccf2b039
Author: Paul E. McKenney <paulmck@...nel.org>
Date:   Fri Apr 23 15:53:55 2021 -0700

    clocksource: Forgive tsc_early pre-calibration drift
    
    Because the x86 tsc_early clocksource is given a quick and semi-accurate
    calibration (by design!), it might have drift rates well in excess of
    the 0.1% limit that is in the process of being adopted.
    
    Therefore, add a max_drift field to the clocksource structure that, when
    non-zero, specifies the maximum allowable drift rate in nanoseconds over
    a half-second period.  The tsc_early clocksource initializes this to five
    miliseconds, which corresponds to the 1% drift rate limit suggested by
    Xing Zhengjun.  This max_drift field is intended only for early boot,
    so clocksource_watchdog() splats if it encounters a non-zero value in
    this field more than 60 seconds after boot, inspired by a suggestion by
    Thomas Gleixner.
    
    Cc: John Stultz <john.stultz@...aro.org>
    Cc: Thomas Gleixner <tglx@...utronix.de>
    Cc: Stephen Boyd <sboyd@...nel.org>
    Cc: Jonathan Corbet <corbet@....net>
    Cc: Mark Rutland <Mark.Rutland@....com>
    Cc: Marc Zyngier <maz@...nel.org>
    Cc: Andi Kleen <ak@...ux.intel.com>
    Cc: Xing Zhengjun <zhengjun.xing@...ux.intel.com>
    Cc: Feng Tang <feng.tang@...el.com>
    Signed-off-by: Paul E. McKenney <paulmck@...nel.org>

diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
index 56289170753c..7192b8950322 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -1127,6 +1127,7 @@ static int tsc_cs_enable(struct clocksource *cs)
 static struct clocksource clocksource_tsc_early = {
 	.name			= "tsc-early",
 	.rating			= 299,
+	.max_drift		= 5 * NSEC_PER_MSEC,
 	.read			= read_tsc,
 	.mask			= CLOCKSOURCE_MASK(64),
 	.flags			= CLOCK_SOURCE_IS_CONTINUOUS |
diff --git a/include/linux/clocksource.h b/include/linux/clocksource.h
index 83a3ebff7456..07d25a158d7a 100644
--- a/include/linux/clocksource.h
+++ b/include/linux/clocksource.h
@@ -42,6 +42,10 @@ struct module;
  * @shift:		Cycle to nanosecond divisor (power of two)
  * @max_idle_ns:	Maximum idle time permitted by the clocksource (nsecs)
  * @maxadj:		Maximum adjustment value to mult (~11%)
+ * @max_drift:		Maximum drift rate in nanoseconds per half second.
+ *			Zero says to use default WATCHDOG_THRESHOLD.
+ *			A non-zero value for ->max_drift more than 60 seconds after boot
+ *			will result in a splat.
  * @archdata:		Optional arch-specific data
  * @max_cycles:		Maximum safe cycle value which won't overflow on
  *			multiplication
@@ -93,6 +97,7 @@ struct clocksource {
 	u32			shift;
 	u64			max_idle_ns;
 	u32			maxadj;
+	u32			max_drift;
 #ifdef CONFIG_ARCH_CLOCKSOURCE_DATA
 	struct arch_clocksource_data archdata;
 #endif
diff --git a/kernel/time/clocksource.c b/kernel/time/clocksource.c
index a1f90e2b1039..001a9ed1edf3 100644
--- a/kernel/time/clocksource.c
+++ b/kernel/time/clocksource.c
@@ -126,6 +126,7 @@ static void __clocksource_change_rating(struct clocksource *cs, int rating);
  */
 #define WATCHDOG_INTERVAL (HZ >> 1)
 #define WATCHDOG_THRESHOLD (200 * NSEC_PER_USEC)
+#define WATCHDOG_SYNC_FORGIVENESS (HZ * 60UL)
 
 /*
  * Maximum permissible delay between two readouts of the watchdog
@@ -377,6 +378,7 @@ static void clocksource_watchdog(struct timer_list *unused)
 	int next_cpu, reset_pending;
 	int64_t wd_nsec, cs_nsec;
 	struct clocksource *cs;
+	u32 md;
 
 	spin_lock(&watchdog_lock);
 	if (!watchdog_running)
@@ -423,7 +425,13 @@ static void clocksource_watchdog(struct timer_list *unused)
 			continue;
 
 		/* Check the deviation from the watchdog clocksource. */
-		if (abs(cs_nsec - wd_nsec) > WATCHDOG_THRESHOLD) {
+		if (!cs->max_drift) {
+			md = WATCHDOG_MAX_SKEW;
+		} else {
+			WARN_ON_ONCE(time_after(jiffies, WATCHDOG_SYNC_FORGIVENESS));
+			md = cs->max_drift;
+		}
+		if (abs(cs_nsec - wd_nsec) > md) {
 			pr_warn("timekeeping watchdog on CPU%d: Marking clocksource '%s' as unstable because the skew is too large:\n",
 				smp_processor_id(), cs->name);
 			pr_warn("                      '%s' wd_now: %llx wd_last: %llx mask: %llx\n",

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ