Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755288AbcLAXDV (ORCPT ); Thu, 1 Dec 2016 18:03:21 -0500 Received: from mail-oi0-f52.google.com ([209.85.218.52]:33588 "EHLO mail-oi0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752648AbcLAXDT (ORCPT ); Thu, 1 Dec 2016 18:03:19 -0500 MIME-Version: 1.0 In-Reply-To: References: <1479531216-25361-1-git-send-email-john.stultz@linaro.org> <20161129235727.GA19891@umbus> <20161201021233.GI19891@umbus> From: John Stultz Date: Thu, 1 Dec 2016 15:03:17 -0800 Message-ID: Subject: Re: [PATCH] timekeeping: Change type of nsec variable to unsigned in its calculation. To: Thomas Gleixner Cc: David Gibson , lkml , Liav Rehana , Chris Metcalf , Richard Cochran , Ingo Molnar , Prarit Bhargava , Laurent Vivier , "Christopher S . Hall" , "4.6+" , Peter Zijlstra Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2027 Lines: 62 On Thu, Dec 1, 2016 at 2:44 PM, Thomas Gleixner wrote: > On Thu, 1 Dec 2016, John Stultz wrote: > >> On Thu, Dec 1, 2016 at 12:46 PM, Thomas Gleixner wrote: >> > On Thu, 1 Dec 2016, John Stultz wrote: >> >> I would also suggest: >> >> 3) If the systems are halted for longer then the timekeeping core >> >> expects, the system will "miss" or "lose" some portion of that halted >> >> time, but otherwise the system will function properly. Which is the >> >> result with this patch. >> > >> > Wrong. This is not the result with this patch. >> > >> > If the time advances enough to overflow the unsigned mult, which is >> > entirely possible as it takes just twice the time of the negative overflow, >> > then time will go backwards again and that's not 'miss' or 'lose', that's >> > just broken. >> >> Eh? If you overflow the 64bits on the mult, the shift (which is likely >> large if you're actually hitting the overflow) brings the value back >> down to a smaller value. Time doesn't go backwards, its just smaller >> then it ought to be (since the high bits were lost). > > WTF? > > If the mult overflows, what on earth gurantees that any of the upper bits > is set? > > A very simple example: > > T1: > u64 delta = 0x1000000000 - 1; > u64 mult = 0x10000000; > u64 res; > > res = delta * mult; > > ==> res == 0xfffffffff0000000 > > T2: > u64 delta = 0x1000000000; > u64 mult = 0x10000000; > u64 res; > > res = delta * mult; > > ==> res == 0 > > because delta * mult == 1 << 64 > > Ergo: T2 < T1, AKA: Time goes backwards. Yes, you're right here and apologies, as I wasn't being precise. In this case time does go backward, but its limited to within the current interval (just as it would be with a narrow clocksource wrapping fully). But without this patch, when the overflow occurs, if the signed bit is set, the signed shift pulls the sign bits down, the time can go backwards far beyond the current interval, which causes major wreckage. thanks -john