lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 9 Oct 2020 11:17:16 +0000
From:   "Meisinger, Andreas" <andreas.meisinger@...mens.com>
To:     "tglx@...utronix.de" <tglx@...utronix.de>,
        "vinicius.gomes@...el.com" <vinicius.gomes@...el.com>,
        "Geva, Erez" <erez.geva.ext@...mens.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "xiyou.wangcong@...il.com" <xiyou.wangcong@...il.com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "kuba@...nel.org" <kuba@...nel.org>,
        "jhs@...atatu.com" <jhs@...atatu.com>,
        "jiri@...nulli.us" <jiri@...nulli.us>,
        "avagin@...il.com" <avagin@...il.com>,
        "0x7f454c46@...il.com" <0x7f454c46@...il.com>,
        "ebiederm@...ssion.com" <ebiederm@...ssion.com>,
        "mingo@...nel.org" <mingo@...nel.org>,
        "john.stultz@...aro.org" <john.stultz@...aro.org>,
        "mkubecek@...e.cz" <mkubecek@...e.cz>,
        "oleg@...hat.com" <oleg@...hat.com>,
        "peterz@...radead.org" <peterz@...radead.org>,
        "richardcochran@...il.com" <richardcochran@...il.com>,
        "sboyd@...nel.org" <sboyd@...nel.org>,
        "vdronov@...hat.com" <vdronov@...hat.com>,
        "bigeasy@...utronix.de" <bigeasy@...utronix.de>,
        "frederic@...nel.org" <frederic@...nel.org>,
        "edumazet@...gle.com" <edumazet@...gle.com>
CC:     "jesus.sanchez-palencia@...el.com" <jesus.sanchez-palencia@...el.com>,
        "vedang.patel@...el.com" <vedang.patel@...el.com>,
        "Sudler, Simon" <simon.sudler@...mens.com>,
        "Bucher, Andreas" <andreas.bucher@...mens.com>,
        "henning.schild@...mens.com" <henning.schild@...mens.com>,
        "jan.kiszka@...mens.com" <jan.kiszka@...mens.com>,
        "Zirkler, Andreas" <andreas.zirkler@...mens.com>,
        "Sakic, Ermin" <ermin.sakic@...mens.com>,
        "anninh.nguyen@...mens.com" <anninh.nguyen@...mens.com>,
        "Saenger, Michael" <michael.saenger@...mens.com>,
        "Maehringer, Bernd" <bernd.maehringer@...mens.com>,
        "gisela.greinert@...mens.com" <gisela.greinert@...mens.com>,
        "Geva, Erez" <erez.geva.ext@...mens.com>,
        "ErezGeva2@...il.com" <ErezGeva2@...il.com>,
        "guenter.steindl@...mens.com" <guenter.steindl@...mens.com>
Subject: AW: [PATCH 0/7] TC-ETF support PTP clocks series

Hello Mr Gleixner,
thanks for your feedback we'll fix the issues not related to the time scale topic as soon as possible.

Regarding your concerns about not using TAI timescale, we do admit that in many situations TAI makes a lot of things way more easy and therefore is the way to go.

Yet we do already have usecases where this can't be done. Additionally a lot of discussions at this topic are ongoing in 60802 profile creation too.
Some of our usecases do require a network which does not depend on any external timesource. This might be due to the network not being connected (to the internet) or just because the network may not be able to rely on or trust an external timesource. Some reasons for this might be safety, security, availability or legal implications ( e.g. if a machine builder has to guarantee operation of a machine which depends on an internal tsn network).

About your question if an application needs to be able to sync to multiple timescales. A small count of usecases even would require multiple independent timesources to be used. At the moment they all seem to be located in the area of extreme high availability. There's ongoing evaluation about this issues and we're not sure if there's a way to do this without special hardware so we didn't address it here.

Additionally to these special cases at least "reading" different timesources should be possible in all cases, e.g. to be able to log based on TAI while network operation relies on it's own clock. Of course TAI timescale wouldn't the same level of trust in this scenario.

Best regards
Andreas Meisinger

Siemens AG
Digital Industries
Process Automation
DI PA DCP TI
Gleiwitzer Str. 555
90475 Nürnberg, Deutschland
Tel.: +49 911 95822720
mailto:andreas.meisinger@...mens.com

www.siemens.com/ingenuityforlife

-----Ursprüngliche Nachricht-----
Von: Thomas Gleixner <tglx@...utronix.de>
Gesendet: Samstag, 3. Oktober 2020 02:10
An: Vinicius Costa Gomes <vinicius.gomes@...el.com>; Geva, Erez (ext) (DI PA CI R&D 3) <erez.geva.ext@...mens.com>; linux-kernel@...r.kernel.org; netdev@...r.kernel.org; Cong Wang <xiyou.wangcong@...il.com>; David S . Miller <davem@...emloft.net>; Jakub Kicinski <kuba@...nel.org>; Jamal Hadi Salim <jhs@...atatu.com>; Jiri Pirko <jiri@...nulli.us>; Andrei Vagin <avagin@...il.com>; Dmitry Safonov <0x7f454c46@...il.com>; Eric W . Biederman <ebiederm@...ssion.com>; Ingo Molnar <mingo@...nel.org>; John Stultz <john.stultz@...aro.org>; Michal Kubecek <mkubecek@...e.cz>; Oleg Nesterov <oleg@...hat.com>; Peter Zijlstra <peterz@...radead.org>; Richard Cochran <richardcochran@...il.com>; Stephen Boyd <sboyd@...nel.org>; Vladis Dronov <vdronov@...hat.com>; Sebastian Andrzej Siewior <bigeasy@...utronix.de>; Frederic Weisbecker <frederic@...nel.org>; Eric Dumazet <edumazet@...gle.com>
Cc: Jesus Sanchez-Palencia <jesus.sanchez-palencia@...el.com>; Vedang Patel <vedang.patel@...el.com>; Sudler, Simon (DI PA DCP TI) <simon.sudler@...mens.com>; Meisinger, Andreas (DI PA CI R&D 3) <andreas.meisinger@...mens.com>; Bucher, Andreas (DI PA DCP R&D 3) <andreas.bucher@...mens.com>; Schild, Henning (T RDA IOT SES-DE) <henning.schild@...mens.com>; Kiszka, Jan (T RDA IOT SES-DE) <jan.kiszka@...mens.com>; Zirkler, Andreas (T RDA IOT INN-DE) <andreas.zirkler@...mens.com>; Sakic, Ermin (T RDA IOT INN-DE) <ermin.sakic@...mens.com>; Nguyen, An Ninh (DI FA TIP AAT 2) <anninh.nguyen@...mens.com>; Saenger, Michael (DI PA CI R&D 4) <michael.saenger@...mens.com>; Maehringer, Bernd (DI PA CI R&D 4) <bernd.maehringer@...mens.com>; Greinert, Gisela (DI PA CI R&D 4) <gisela.greinert@...mens.com>; Geva, Erez (ext) (DI PA CI R&D 3) <erez.geva.ext@...mens.com>; Erez Geva <ErezGeva2@...il.com>
Betreff: Re: [PATCH 0/7] TC-ETF support PTP clocks series

Vinicius,

On Fri, Oct 02 2020 at 12:01, Vinicius Costa Gomes wrote:
> I think that there's an underlying problem/limitation that is the
> cause of the issue (or at least a step in the right direction) you are
> trying to solve: the issue is that PTP clocks can't be used as hrtimers.

That's only an issue if PTP time != CLOCK_TAI, which is insane to begin with.

As I know that these insanities exists in real world setups, e.g. grand clock masters which start at the epoch which causes complete disaster when any of the slave devices booted earlier. Obviously people came up with system designs which are even more insane.

> I didn't spend a lot of time thinking about how to solve this (the
> only thing that comes to mind is having a timecounter, or similar,
> "software view" over the PHC clock).

There are two aspects:

 1) What's the overall time coordination especially for applications?

    PTP is for a reason based on TAI which allows a universal
    representation of time. Strict monotonic, no time zones, no leap
    seconds, no bells and whistels.

    Using TAI in distributed systems solved a gazillion of hard problems
    in one go.

    TSN depends on PTP and that obviously makes CLOCK_TAI _the_ clock of
    choice for schedules and whatever is needed. It just solves the
    problem nicely and we spent a great amount of time to make
    application development for TSN reasonable and hardware agnostic.

    Now industry comes along and decides to introducde independent time
    universes. The result is a black hole for programmers because they
    now have to waste effort - again - on solving the incredibly hard
    problems of warping space and time.

    The amount of money saved by not having properly coordinated time
    bases in such systems is definitely marginal compared to the amount
    of non-sensical work required to fix it in software.

 2) How can an OS provide halfways usable interfaces to handle this
    trainwreck?

    Access to the various time universes is already available through
    the dynamic POSIX clocks. But these interfaces have been designed
    for the performance insensitive work of PTP daemons and not for the
    performance critical work of applications dealing with real-time
    requirements of all sorts.

    As these raw PTP clocks are hardware dependend and only known at
    boot / device discovery time they cannot be exposed to the kernel
    internaly in any sane way. Also the user space interface has to be
    dynamic which rules out the ability to assign fixed CLOCK_* ids.

    As a consequence these clocks cannot provide timers like the regular
    CLOCK_* variants do, which makes it insanely hard to develop sane
    and portable applications.

    What comes to my mind (without spending much thought on it) is:

       1) Utilize and extend the existing PTP mechanisms to calculate
          the time relationship between the system wide CLOCK_TAI and
          the uncoordinated time universe. As offset is a constant and
          frequency drift is not a high speed problem this can be done
          with a userspace daemon of some sorts.

        2) Provide CLOCK_TAI_PRIVATE which defaults to CLOCK_TAI,
           i.e. offset = 0 and frequency ratio = 1 : 1

        3) (Ab)use the existing time namespace to provide a mechanism to
           adjust the offset and frequency ratio of CLOCK_TAI_PRIVATE
           which is calculated by #1

           This is the really tricky part and comes with severe
           limitations:

             - We can't walk task list to find tasks which have their
               CLOCK_TAI_PRIVATE associated with a particular
               incarnation of PCH/PTP universe, so some sane referencing
               of the underlying parameters to convert TAI to
               TAI_PRIVATE and vice versa has to be found. Life time
               problems are going to be interesting to deal with.

             - An application cannot coordinate multiple PCH/PTP domains
               and has to restrict itself to pick ONE disjunct time
               universe.

               Whether that's a reasonable limitation I don't know
               simply because the information provided in this patch
               series is close to zero.

             - Preventing early timer expiration caused by frequency
               drift is not trivial either.

      TBH, just thinking about all of that makes me shudder and my knee
      jerk reaction is: NO WAY!

Why the heck can't hardware people and system designers finally understand that time is not something they can define at their own peril?

The "Let's solve it in software so I don't have to think about it"
design approach strikes again. This caused headaches for the past five decades, but people obviously never learn.

That said, I'm open for solutions which are at least in the proximity of sane, but that needs a lot more information about the use cases and the implications and not just some handwavy 'we screwed up our system design and therefore we need to inflict insanity on everyone' blurb.

Thanks,

        tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ