linux/kernel/time
Thomas Gleixner 76031d9536 clocksource: Make negative motion detection more robust
Guenter reported boot stalls on a emulated ARM 32-bit platform, which has a
24-bit wide clocksource.

It turns out that the calculated maximal idle time, which limits idle
sleeps to prevent clocksource wrap arounds, is close to the point where the
negative motion detection triggers.

  max_idle_ns:                    597268854 ns
  negative motion tripping point: 671088640 ns

If the idle wakeup is delayed beyond that point, the clocksource
advances far enough to trigger the negative motion detection. This
prevents the clock to advance and in the worst case the system stalls
completely if the consecutive sleeps based on the stale clock are
delayed as well.

Cure this by calculating a more robust cut-off value for negative motion,
which covers 87.5% of the actual clocksource counter width. Compare the
delta against this value to catch negative motion. This is specifically for
clock sources with a small counter width as their wrap around time is close
to the half counter width. For clock sources with wide counters this is not
a problem because the maximum idle time is far from the half counter width
due to the math overflow protection constraints.

For the case at hand this results in a tripping point of 1174405120ns.

Note, that this cannot prevent issues when the delay exceeds the 87.5%
margin, but that's not different from the previous unchecked version which
allowed arbitrary time jumps.

Systems with small counter width are prone to invalid results, but this
problem is unlikely to be seen on real hardware. If such a system
completely stalls for more than half a second, then there are other more
urgent problems than the counter wrapping around.

Fixes: c163e40af9 ("timekeeping: Always check for negative motion")
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/all/8734j5ul4x.ffs@tglx
Closes: https://lore.kernel.org/all/387b120b-d68a-45e8-b6ab-768cd95d11c2@roeck-us.net
2024-12-05 16:03:24 +01:00
..
alarmtimer.c alarmtimer: Switch to use hrtimer_setup() and hrtimer_setup_on_stack() 2024-11-07 02:47:07 +01:00
clockevents.c clockevents: Shutdown and unregister current clockevents at CPUHP_AP_TICK_DYING 2024-10-31 10:41:42 +01:00
clocksource-wdtest.c time: Add MODULE_DESCRIPTION() to time test modules 2024-06-03 11:18:50 +02:00
clocksource.c clocksource: Make negative motion detection more robust 2024-12-05 16:03:24 +01:00
hrtimer.c A rather large update for timekeeping and timers: 2024-11-19 16:35:06 -08:00
itimer.c signal: Confine POSIX_TIMERS properly 2024-10-29 11:43:18 +01:00
jiffies.c clocksource: Make clocksource watchdog test safe for slow-HZ systems 2021-08-28 17:01:32 +02:00
Kconfig timekeeping: Always check for negative motion 2024-11-02 10:14:31 +01:00
Makefile timers: Move *sleep*() and timeout functions into a separate file 2024-10-16 00:36:46 +02:00
namespace.c vdso/timens: Refactor copy-pasted find_timens_vvar_page() helper into one copy 2022-12-01 11:35:40 +01:00
ntp_internal.h ntp: Make sure RTC is synchronized when time goes backwards 2024-09-10 13:50:40 +02:00
ntp.c ntp: Remove invalid cast in time offset math 2024-11-28 12:02:38 +01:00
posix-clock.c posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() 2024-10-23 16:05:01 +02:00
posix-cpu-timers.c posix-timers: Cleanup SIG_IGN workaround leftovers 2024-11-07 02:14:45 +01:00
posix-stubs.c posix-timers: Get rid of [COMPAT_]SYS_NI() uses 2023-12-20 21:30:27 -08:00
posix-timers.c posix-timers: Cleanup SIG_IGN workaround leftovers 2024-11-07 02:14:45 +01:00
posix-timers.h posix-timers: Cleanup SIG_IGN workaround leftovers 2024-11-07 02:14:45 +01:00
sched_clock.c seqlock, treewide: Switch to non-raw seqcount_latch interface 2024-11-05 12:55:35 +01:00
sleep_timeout.c timers: Switch to use hrtimer_setup_sleeper_on_stack() 2024-11-07 02:47:06 +01:00
test_udelay.c time: Add MODULE_DESCRIPTION() to time test modules 2024-06-03 11:18:50 +02:00
tick-broadcast-hrtimer.c time/tick-broadcast: Remove RCU_NONIDLE() usage 2023-01-13 11:48:16 +01:00
tick-broadcast.c tick/broadcast: Move per CPU pointer access into the atomic section 2024-07-31 12:37:43 +02:00
tick-common.c tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() 2024-06-10 20:18:13 +02:00
tick-internal.h clockevents: Shutdown and unregister current clockevents at CPUHP_AP_TICK_DYING 2024-10-31 10:41:42 +01:00
tick-legacy.c
tick-oneshot.c time: Fix various kernel-doc problems 2023-01-03 11:07:58 +01:00
tick-sched.c A rather large update for timekeeping and timers: 2024-11-19 16:35:06 -08:00
tick-sched.h tick/sched: Fix struct tick_sched doc warnings 2024-04-01 10:36:35 +02:00
time_test.c time: Add MODULE_DESCRIPTION() to time test modules 2024-06-03 11:18:50 +02:00
time.c time: Fix references to _msecs_to_jiffies() handling of values 2024-10-25 19:50:10 +02:00
timeconst.bc
timeconv.c
timecounter.c
timekeeping_debug.c timekeeping: Add percpu counter for tracking floor swap events 2024-10-10 10:20:46 +02:00
timekeeping_internal.h clocksource: Make negative motion detection more robust 2024-12-05 16:03:24 +01:00
timekeeping.c clocksource: Make negative motion detection more robust 2024-12-05 16:03:24 +01:00
timekeeping.h
timer_list.c tick: Split nohz and highres features from nohz_mode 2024-02-26 11:37:32 +01:00
timer_migration.c timers/migration: Fix grammar in comment 2024-07-22 18:03:34 +02:00
timer_migration.h timers/migration: Rename childmask by groupmask to make naming more obvious 2024-07-22 18:03:34 +02:00
timer.c A rather large update for timekeeping and timers: 2024-11-19 16:35:06 -08:00
vsyscall.c A rather large update for timekeeping and timers: 2024-11-19 16:35:06 -08:00