tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

clocksource: Make watchdog and suspend-timing multiplication overflow safe

Kernel timekeeping is designed to keep the change in cycles (since the last
timer interrupt) below max_cycles, which prevents multiplication overflow
when converting cycles to nanoseconds. However, if timer interrupts stop,
the clocksource_cyc2ns() calculation will eventually overflow.

Add protection against that. Simplify by folding together
clocksource_delta() and clocksource_cyc2ns() into cycles_to_nsec_safe().
Check against max_cycles, falling back to a slower higher precision
calculation.

Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20240325064023.2997-20-adrian.hunter@intel.com

authored by

Adrian Hunter and committed by
Thomas Gleixner d0304569 135225a3

+20 -22
+20 -22
kernel/time/clocksource.c
··· 20 20 #include "tick-internal.h" 21 21 #include "timekeeping_internal.h" 22 22 23 + static noinline u64 cycles_to_nsec_safe(struct clocksource *cs, u64 start, u64 end) 24 + { 25 + u64 delta = clocksource_delta(end, start, cs->mask); 26 + 27 + if (likely(delta < cs->max_cycles)) 28 + return clocksource_cyc2ns(delta, cs->mult, cs->shift); 29 + 30 + return mul_u64_u32_shr(delta, cs->mult, cs->shift); 31 + } 32 + 23 33 /** 24 34 * clocks_calc_mult_shift - calculate mult/shift factors for scaled math of clocks 25 35 * @mult: pointer to mult variable ··· 232 222 static enum wd_read_status cs_watchdog_read(struct clocksource *cs, u64 *csnow, u64 *wdnow) 233 223 { 234 224 unsigned int nretries, max_retries; 235 - u64 wd_end, wd_end2, wd_delta; 236 225 int64_t wd_delay, wd_seq_delay; 226 + u64 wd_end, wd_end2; 237 227 238 228 max_retries = clocksource_get_max_watchdog_retry(); 239 229 for (nretries = 0; nretries <= max_retries; nretries++) { ··· 244 234 wd_end2 = watchdog->read(watchdog); 245 235 local_irq_enable(); 246 236 247 - wd_delta = clocksource_delta(wd_end, *wdnow, watchdog->mask); 248 - wd_delay = clocksource_cyc2ns(wd_delta, watchdog->mult, 249 - watchdog->shift); 237 + wd_delay = cycles_to_nsec_safe(watchdog, *wdnow, wd_end); 250 238 if (wd_delay <= WATCHDOG_MAX_SKEW) { 251 239 if (nretries > 1 || nretries >= max_retries) { 252 240 pr_warn("timekeeping watchdog on CPU%d: %s retried %d times before success\n", ··· 262 254 * report system busy, reinit the watchdog and skip the current 263 255 * watchdog test. 264 256 */ 265 - wd_delta = clocksource_delta(wd_end2, wd_end, watchdog->mask); 266 - wd_seq_delay = clocksource_cyc2ns(wd_delta, watchdog->mult, watchdog->shift); 257 + wd_seq_delay = cycles_to_nsec_safe(watchdog, wd_end, wd_end2); 267 258 if (wd_seq_delay > WATCHDOG_MAX_SKEW/2) 268 259 goto skip_test; 269 260 } ··· 373 366 delta = (csnow_end - csnow_mid) & cs->mask; 374 367 if (delta < 0) 375 368 cpumask_set_cpu(cpu, &cpus_ahead); 376 - delta = clocksource_delta(csnow_end, csnow_begin, cs->mask); 377 - cs_nsec = clocksource_cyc2ns(delta, cs->mult, cs->shift); 369 + cs_nsec = cycles_to_nsec_safe(cs, csnow_begin, csnow_end); 378 370 if (cs_nsec > cs_nsec_max) 379 371 cs_nsec_max = cs_nsec; 380 372 if (cs_nsec < cs_nsec_min) ··· 404 398 405 399 static void clocksource_watchdog(struct timer_list *unused) 406 400 { 407 - u64 csnow, wdnow, cslast, wdlast, delta; 408 401 int64_t wd_nsec, cs_nsec, interval; 402 + u64 csnow, wdnow, cslast, wdlast; 409 403 int next_cpu, reset_pending; 410 404 struct clocksource *cs; 411 405 enum wd_read_status read_ret; ··· 462 456 continue; 463 457 } 464 458 465 - delta = clocksource_delta(wdnow, cs->wd_last, watchdog->mask); 466 - wd_nsec = clocksource_cyc2ns(delta, watchdog->mult, 467 - watchdog->shift); 468 - 469 - delta = clocksource_delta(csnow, cs->cs_last, cs->mask); 470 - cs_nsec = clocksource_cyc2ns(delta, cs->mult, cs->shift); 459 + wd_nsec = cycles_to_nsec_safe(watchdog, cs->wd_last, wdnow); 460 + cs_nsec = cycles_to_nsec_safe(cs, cs->cs_last, csnow); 471 461 wdlast = cs->wd_last; /* save these in case we print them */ 472 462 cslast = cs->cs_last; 473 463 cs->cs_last = csnow; ··· 834 832 */ 835 833 u64 clocksource_stop_suspend_timing(struct clocksource *cs, u64 cycle_now) 836 834 { 837 - u64 now, delta, nsec = 0; 835 + u64 now, nsec = 0; 838 836 839 837 if (!suspend_clocksource) 840 838 return 0; ··· 849 847 else 850 848 now = suspend_clocksource->read(suspend_clocksource); 851 849 852 - if (now > suspend_start) { 853 - delta = clocksource_delta(now, suspend_start, 854 - suspend_clocksource->mask); 855 - nsec = mul_u64_u32_shr(delta, suspend_clocksource->mult, 856 - suspend_clocksource->shift); 857 - } 850 + if (now > suspend_start) 851 + nsec = cycles_to_nsec_safe(suspend_clocksource, suspend_start, now); 858 852 859 853 /* 860 854 * Disable the suspend timer to save power if current clocksource is