• Paul Mackerras's avatar
    powerpc: Rework VDSO gettimeofday to prevent time going backwards · 0e469db8
    Paul Mackerras authored
    Currently it is possible for userspace to see the result of
    gettimeofday() going backwards by 1 microsecond, assuming that
    userspace is using the gettimeofday() in the VDSO.  The VDSO
    gettimeofday() algorithm computes the time in "xsecs", which are
    units of 2^-20 seconds, or approximately 0.954 microseconds,
    using the algorithm
    
    	now = (timebase - tb_orig_stamp) * tb_to_xs + stamp_xsec
    
    and then converts the time in xsecs to seconds and microseconds.
    
    The kernel updates the tb_orig_stamp and stamp_xsec values every
    tick in update_vsyscall().  If the length of the tick is not an
    integer number of xsecs, then some precision is lost in converting
    the current time to xsecs.  For example, with CONFIG_HZ=1000, the
    tick is 1ms long, which is 1048.576 xsecs.  That means that
    stamp_xsec will advance by either 1048 or 1049 on each tick.
    With the right conditions, it is possible for userspace to get
    (timebase - tb_orig_stamp) * tb_to_xs being 1049 if the kernel is
    slightly late in updating the vdso_datapage, and then for stamp_xsec
    to advance by 1048 when the kernel does update it, and for userspace
    to then see (timebase - tb_orig_stamp) * tb_to_xs being zero due to
    integer truncation.  The result is that time appears to go backwards
    by 1 microsecond.
    
    To fix this we change the VDSO gettimeofday to use a new field in the
    VDSO datapage which stores the nanoseconds part of the time as a
    fractional number of seconds in a 0.32 binary fraction format.
    (Or put another way, as a 32-bit number in units of 0.23283 ns.)
    This is convenient because we can use the mulhwu instruction to
    convert it to either microseconds or nanoseconds.
    
    Since it turns out that computing the time of day using this new field
    is simpler than either using stamp_xsec (as gettimeofday does) or
    stamp_xtime.tv_nsec (as clock_gettime does), this converts both
    gettimeofday and clock_gettime to use the new field.  The existing
    __do_get_tspec function is converted to use the new field and take
    a parameter in r7 that indicates the desired resolution, 1,000,000
    for microseconds or 1,000,000,000 for nanoseconds.  The __do_get_xsec
    function is then unused and is deleted.
    
    The new algorithm is
    
    	now = ((timebase - tb_orig_stamp) << 12) * tb_to_xs
    		+ (stamp_xtime_seconds << 32) + stamp_sec_fraction
    
    with 'now' in units of 2^-32 seconds.  That is then converted to
    seconds and either microseconds or nanoseconds with
    
    	seconds = now >> 32
    	partseconds = ((now & 0xffffffff) * resolution) >> 32
    
    The 32-bit VDSO code also makes a further simplification: it ignores
    the bottom 32 bits of the tb_to_xs value, which is a 0.64 format binary
    fraction.  Doing so gets rid of 4 multiply instructions.  Assuming
    a timebase frequency of 1GHz or less and an update interval of no
    more than 10ms, the upper 32 bits of tb_to_xs will be at least
    4503599, so the error from ignoring the low 32 bits will be at most
    2.2ns, which is more than an order of magnitude less than the time
    taken to do gettimeofday or clock_gettime on our fastest processors,
    so there is no possibility of seeing inconsistent values due to this.
    
    This also moves update_gtod() down next to its only caller, and makes
    update_vsyscall use the time passed in via the wall_time argument rather
    than accessing xtime directly.  At present, wall_time always points to
    xtime, but that could change in future.
    Signed-off-by: default avatarPaul Mackerras <paulus@samba.org>
    Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
    0e469db8
vdso_datapage.h 4.29 KB