From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753798AbcLIE3M (ORCPT <rfc822;w@1wt.eu>);
        Thu, 8 Dec 2016 23:29:12 -0500
Received: from mail-wj0-f196.google.com ([209.85.210.196]:32768 "EHLO
        mail-wj0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752447AbcLIE3J (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 8 Dec 2016 23:29:09 -0500
Date: Fri, 9 Dec 2016 05:29:05 +0100
From: Ingo Molnar <mingo@kernel.org>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: LKML <linux-kernel@vger.kernel.org>,
        John Stultz <john.stultz@linaro.org>,
        Peter Zijlstra <peterz@infradead.org>,
        David Gibson <david@gibson.dropbear.id.au>,
        Liav Rehana <liavr@mellanox.com>,
        Chris Metcalf <cmetcalf@mellanox.com>,
        Richard Cochran <richardcochran@gmail.com>,
        Parit Bhargava <prarit@redhat.com>,
        Laurent Vivier <lvivier@redhat.com>,
        "Christopher S. Hall" <christopher.s.hall@intel.com>,
        Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [patch 5/6] [RFD] timekeeping: Provide optional 128bit math
Message-ID: <20161209042905.GA11001@gmail.com>
References: <20161208202623.883855034@linutronix.de>
 <20161208204229.005418487@linutronix.de>
 <20161209040826.GA2595@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20161209040826.GA2595@gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


* Ingo Molnar <mingo@kernel.org> wrote:

> 
> * Thomas Gleixner <tglx@linutronix.de> wrote:
> 
> > If the timekeeping CPU is scheduled out long enough by a hypervisor the
> > clocksource delta multiplication can overflow and as a result time can go
> > backwards. That's insane to begin with, but people already triggered a
> > signed multiplication overflow, so a unsigned overflow is not necessarily
> > impossible.
> > 
> > Implement optional 128bit math which can be selected by a config option.
> 
> What's the rough VM interruption time that would trigger an overflow? Given that 
> the clock shift tk_read_base::mult is often 1, isn't it 32-bit nsecs, i.e. 4 
> seconds?
> 
> That doesn't sound 'insanely long'.
> 
> Or some other value?

Ok, wasn't fully awake yet: more realistic values of the scaling factor on x86 
would allow cycles input values of up to ~70 billion with 64-bit math, which would 
allow deltas of up to about 1 minute with 64-bit math.

I think we should at least detect (and report?) the overflow and sanitize the 
effects to the max offset instead of generating random overflown values.

That would also allow the 128-bit multiplication only be done in the rare case 
when we overflow. Which in turn could then be made unconditional. Am I missing 
something?

Thanks,

	Ingo