From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755288AbcLAXDV (ORCPT <rfc822;w@1wt.eu>);
        Thu, 1 Dec 2016 18:03:21 -0500
Received: from mail-oi0-f52.google.com ([209.85.218.52]:33588 "EHLO
        mail-oi0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752648AbcLAXDT (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 1 Dec 2016 18:03:19 -0500
MIME-Version: 1.0
In-Reply-To: <alpine.DEB.2.20.1612012315261.3666@nanos>
References: <1479531216-25361-1-git-send-email-john.stultz@linaro.org>
 <alpine.DEB.2.20.1611291520070.4358@nanos> <20161129235727.GA19891@umbus>
 <alpine.DEB.2.20.1611302355070.3619@nanos> <20161201021233.GI19891@umbus>
 <alpine.DEB.2.20.1612011110270.3453@nanos> <CALAqxLXSEYMrzZOPhg1ezzatqgRp9w_iyg=a_yZZXmK2rGDxOg@mail.gmail.com>
 <alpine.DEB.2.20.1612012127260.3666@nanos> <CALAqxLXg2i6uiWcq21LK-ZsPvtugbuJa7Y8U0upXczS_o9aZOQ@mail.gmail.com>
 <alpine.DEB.2.20.1612012315261.3666@nanos>
From: John Stultz <john.stultz@linaro.org>
Date: Thu, 1 Dec 2016 15:03:17 -0800
Message-ID: <CALAqxLV6EJKLgcMsT4kY6CdBrUL9TO7CCjokXmafETFxfxUXBw@mail.gmail.com>
Subject: Re: [PATCH] timekeeping: Change type of nsec variable to unsigned in
 its calculation.
To: Thomas Gleixner <tglx@linutronix.de>
Cc: David Gibson <david@gibson.dropbear.id.au>,
        lkml <linux-kernel@vger.kernel.org>, Liav Rehana <liavr@mellanox.com>,
        Chris Metcalf <cmetcalf@mellanox.com>,
        Richard Cochran <richardcochran@gmail.com>,
        Ingo Molnar <mingo@kernel.org>, Prarit Bhargava <prarit@redhat.com>,
        Laurent Vivier <lvivier@redhat.com>,
        "Christopher S . Hall" <christopher.s.hall@intel.com>,
        "4.6+" <stable@vger.kernel.org>, Peter Zijlstra <peterz@infradead.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Dec 1, 2016 at 2:44 PM, Thomas Gleixner <tglx@linutronix.de> wrote:
> On Thu, 1 Dec 2016, John Stultz wrote:
>
>> On Thu, Dec 1, 2016 at 12:46 PM, Thomas Gleixner <tglx@linutronix.de> wrote:
>> > On Thu, 1 Dec 2016, John Stultz wrote:
>> >> I would also suggest:
>> >> 3) If the systems are halted for longer then the timekeeping core
>> >> expects, the system will "miss" or "lose" some portion of that halted
>> >> time, but otherwise the system will function properly.  Which is the
>> >> result with this patch.
>> >
>> > Wrong. This is not the result with this patch.
>> >
>> > If the time advances enough to overflow the unsigned mult, which is
>> > entirely possible as it takes just twice the time of the negative overflow,
>> > then time will go backwards again and that's not 'miss' or 'lose', that's
>> > just broken.
>>
>> Eh? If you overflow the 64bits on the mult, the shift (which is likely
>> large if you're actually hitting the overflow) brings the value back
>> down to a smaller value. Time doesn't go backwards, its just smaller
>> then it ought to be (since the high bits were lost).
>
> WTF?
>
> If the mult overflows, what on earth gurantees that any of the upper bits
> is set?
>
> A very simple example:
>
> T1:
>    u64 delta = 0x1000000000 - 1;
>    u64 mult  = 0x10000000;
>    u64 res;
>
>    res = delta * mult;
>
> ==> res == 0xfffffffff0000000
>
> T2:
>    u64 delta = 0x1000000000;
>    u64 mult  = 0x10000000;
>    u64 res;
>
>    res = delta * mult;
>
> ==> res == 0
>
> because delta * mult == 1 << 64
>
> Ergo: T2 < T1, AKA: Time goes backwards.

Yes, you're right here and apologies, as I wasn't being precise.  In
this case time does go backward, but its limited to within the current
interval (just as it would be with a narrow clocksource wrapping
fully). But without this patch, when the overflow occurs, if the
signed bit is set, the signed shift pulls the sign bits down, the time
can go backwards far beyond the current interval, which causes major
wreckage.

thanks
-john