* Ingo Molnar <mi...@kernel.org> wrote:
>
> * Thomas Gleixner <t...@linutronix.de> wrote:
>
> > If the timekeeping CPU is scheduled out long enough by a hypervisor the
> > clocksource delta multiplication can overflow and as a result time can go
> > backwards. That's insane to begin with, but people already triggered a
> > signed multiplication overflow, so a unsigned overflow is not necessarily
> > impossible.
> >
> > Implement optional 128bit math which can be selected by a config option.
>
> What's the rough VM interruption time that would trigger an overflow? Given
> that
> the clock shift tk_read_base::mult is often 1, isn't it 32-bit nsecs, i.e. 4
> seconds?
>
> That doesn't sound 'insanely long'.
>
> Or some other value?
Ok, wasn't fully awake yet: more realistic values of the scaling factor on x86
would allow cycles input values of up to ~70 billion with 64-bit math, which
would
allow deltas of up to about 1 minute with 64-bit math.
I think we should at least detect (and report?) the overflow and sanitize the
effects to the max offset instead of generating random overflown values.
That would also allow the 128-bit multiplication only be done in the rare case
when we overflow. Which in turn could then be made unconditional. Am I missing
something?
Thanks,
Ingo
