• T
    x86: tsc prevent time going backwards · d8bb6f4c
    Thomas Gleixner 提交于
    We already catch most of the TSC problems by sanity checks, but there
    is a subtle bug which has been in the code forever. This can cause
    time jumps in the range of hours.
    
    This was reported in:
         http://lkml.org/lkml/2007/8/23/96
    and
         http://lkml.org/lkml/2008/3/31/23
    
    I was able to reproduce the problem with a gettimeofday loop test on a
    dual core and a quad core machine which both have sychronized
    TSCs. The TSCs seems not to be perfectly in sync though, but the
    kernel is not able to detect the slight delta in the sync check. Still
    there exists an extremly small window where this delta can be observed
    with a real big time jump. So far I was only able to reproduce this
    with the vsyscall gettimeofday implementation, but in theory this
    might be observable with the syscall based version as well.
    
    CPU 0 updates the clock source variables under xtime/vyscall lock and
    CPU1, where the TSC is slighty behind CPU0, is reading the time right
    after the seqlock was unlocked.
    
    The clocksource reference data was updated with the TSC from CPU0 and
    the value which is read from TSC on CPU1 is less than the reference
    data. This results in a huge delta value due to the unsigned
    subtraction of the TSC value and the reference value. This algorithm
    can not be changed due to the support of wrapping clock sources like
    pm timer.
    
    The huge delta is converted to nanoseconds and added to xtime, which
    is then observable by the caller. The next gettimeofday call on CPU1
    will show the correct time again as now the TSC has advanced above the
    reference value.
    
    To prevent this TSC specific wreckage we need to compare the TSC value
    against the reference value and return the latter when it is larger
    than the actual TSC value.
    
    I pondered to mark the TSC unstable when the readout is smaller than
    the reference value, but this would render an otherwise good and fast
    clocksource unusable without a real good reason.
    Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
    Signed-off-by: NIngo Molnar <mingo@elte.hu>
    d8bb6f4c
timekeeping.c 13.4 KB