lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a4babfc9-f4da-4dfe-8431-eb819f5801eb@opensynergy.com>
Date: Mon, 11 Mar 2024 19:28:50 +0100
From: Peter Hilber <peter.hilber@...nsynergy.com>
To: Alexandre Belloni <alexandre.belloni@...tlin.com>
Cc: linux-kernel@...r.kernel.org, virtualization@...ts.linux.dev,
 virtio-dev@...ts.oasis-open.org, linux-rtc@...r.kernel.org,
 "Michael S. Tsirkin" <mst@...hat.com>, Jason Wang <jasowang@...hat.com>,
 Xuan Zhuo <xuanzhuo@...ux.alibaba.com>,
 Alessandro Zummo <a.zummo@...ertech.it>
Subject: Re: [RFC PATCH v3 7/7] virtio_rtc: Add RTC class driver

On 08.03.24 18:03, Alexandre Belloni wrote:
> Hello,
> 
> I'll start by saying that I'm sorry, I have a very very high level
> knowledge about what virtio is.
> 
> On 18/12/2023 08:38:45+0100, Peter Hilber wrote:
>> Expose the virtio-rtc UTC clock as an RTC clock to userspace, if it is
>> present. Support RTC alarm if the virtio-rtc alarm feature is present.
>> The
>> virtio-rtc device signals an alarm by marking an alarmq buffer as used.
>> 
>> Peculiarities
>> -------------
>> 
>> A virtio-rtc clock is a bit special for an RTC clock in that
>> 
>> - the clock may step (also backwards) autonomously at any time and
>> 
>> - the device, and its notification mechanism, will be reset during boot
>> or
>>   resume from sleep.
>> 
>> The virtio-rtc device avoids that the driver might miss an alarm. The
>> device signals an alarm whenever the clock has reached or passed the
>> alarm
>> time, and also when the device is reset (on boot or resume from sleep),
>> if
>> the alarm time is in the past.
>> 
>> Open Issue
>> ----------
>> 
>> The CLOCK_BOOTTIME_ALARM will use the RTC clock to wake up from sleep,
>> and
>> implicitly assumes that no RTC clock steps will occur during sleep. The
>> RTC
>> class driver does not know whether the current alarm is a real-time
>> alarm
>> or a boot-time alarm.
>> 
>> Perhaps this might be handled by the driver also setting a virtio-rtc
>> monotonic alarm (which uses a clock similar to CLOCK_BOOTTIME_ALARM).
>> The
>> virtio-rtc monotonic alarm would just be used to wake up in case it was
>> a
>> CLOCK_BOOTTIME_ALARM alarm.
>> 
>> Otherwise, the behavior should not differ from other RTC class drivers.
>> 
> 
> What I don't quite get is how this is actually related to RTCs. This
> would be a super imprecise mechanism to get the current time and date
> from the host to the guest which is what I think your are trying to do,
> especially since this is not supporting UIE.
> The host system clock may come from reading the RTC at some point in
> time but more likely from another source so is it really the best
> synchronization mechanism?

Hello,

thank you for your comments.

The main motivation to have the RTC class driver is the RTC alarm
(discussed below).

As for synchronization, virtio_rtc also offers a PTP clock [1] which will
be more precise, but which needs a user space daemon. As for RTC-based
initial synchronization, my idea was to propose, in a second step, an
optional op for rtc_class_ops, which would read the clock with nanosecond
precision. This optional op could then be used in rtc_hctosys(), so there
would be no need for UIE waiting.

[1] https://lore.kernel.org/all/20231218073849.35294-6-peter.hilber@opensynergy.com/

> 
> The other thing is that I don't quite get the point of the RTC alarm
> versus a regular timer in this context.

RTC alarms allow to resume from suspend and poweroff (esp. also through
alarmtimers), which is of interest in embedded virtualization. In my
understanding RTC is ATM the only way to do this.

(I was indeed thinking about adding an alternate alarmtimer backend for
CLOCK_BOOTTIME_ALARM, which should deal with the CLOCK_REALTIME_ALARM vs
CLOCK_BOOTTIME_ALARM issue which is described in the commit message.)

> 
> 
> [...]
> 
>> +static const struct rtc_class_ops viortc_class_with_alarm_ops = {
>> +	.read_time = viortc_class_read_time,
>> +	.read_alarm = viortc_class_read_alarm,
>> +	.set_alarm = viortc_class_set_alarm,
>> +	.alarm_irq_enable = viortc_class_alarm_irq_enable,
>> +};
>> +
>> +static const struct rtc_class_ops viortc_class_no_alarm_ops = {
>> +	.read_time = viortc_class_read_time,
>> +};
>> +
> 
> [...]
> 
>> +/**
>> +/**
>> + * viortc_class_init() - init RTC class wrapper and device
>> + * @viortc: device data
>> + * @vio_clk_id: virtio_rtc clock id
>> + * @have_alarm: expose alarm ops
>> + * @parent_dev: virtio device
>> + *
>> + * Context: Process context.
>> + * Return: RTC class wrapper on success, ERR_PTR otherwise.
>> + */
>> +struct viortc_class *viortc_class_init(struct viortc_dev *viortc,
>> +				       u16 vio_clk_id, bool have_alarm,
>> +				       struct device *parent_dev)
>> +{
>> +	struct viortc_class *viortc_class;
>> +	struct rtc_device *rtc;
>> +
>> +	viortc_class =
>> +		devm_kzalloc(parent_dev, sizeof(*viortc_class),
>> GFP_KERNEL);
>> +	if (!viortc_class)
>> +		return ERR_PTR(-ENOMEM);
>> +
>> +	viortc_class->viortc = viortc;
>> +
>> +	rtc = devm_rtc_allocate_device(parent_dev);
>> +	if (IS_ERR(rtc))
>> +		return ERR_PTR(PTR_ERR(rtc));
>> +
>> +	viortc_class->rtc = rtc;
>> +
>> +	clear_bit(RTC_FEATURE_UPDATE_INTERRUPT, rtc->features);
>> +
>> +	rtc->ops = have_alarm ? &viortc_class_with_alarm_ops :
>> +				&viortc_class_no_alarm_ops;
> 
> Don't do this, simply clear the alarm feature.
> 

OK (sorry, was obviously very inelegant).

Best regards,

Peter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ