[PATCH RFC] clocksource: Detect a watchdog overflow

From: Gratian Crisan
Date: Tue Mar 15 2016 - 14:51:04 EST


The clocksource watchdog can falsely trigger and disable the main
clocksource when the watchdog wraps around.

The reason is that an interrupt storm and/or high priority (FIFO/RR) tasks
can preempt the timer softirq long enough for the watchdog to wrap around
if it has a limited number of bits available by comparison to the main
clocksource. One observed example is on a Intel Baytrail platform where TSC
is the main clocksource, HPET is disabled due to a hardware bug and acpi_pm
gets selected as the watchdog clocksource.

Calculate the maximum number of nanoseconds the watchdog clocksource can
represent without overflow and do not disqualify the main clocksource if
the delta since the last time we have checked exceeds the measurement
capabilities of the watchdog clocksource.

Signed-off-by: Gratian Crisan <gratian.crisan@xxxxxx>
Cc: John Stultz <john.stultz@xxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
---
kernel/time/clocksource.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/kernel/time/clocksource.c b/kernel/time/clocksource.c
index 56ece14..597132e 100644
--- a/kernel/time/clocksource.c
+++ b/kernel/time/clocksource.c
@@ -170,7 +170,7 @@ static void clocksource_watchdog(unsigned long data)
{
struct clocksource *cs;
cycle_t csnow, wdnow, cslast, wdlast, delta;
- int64_t wd_nsec, cs_nsec;
+ int64_t wd_nsec, wd_max_nsec, cs_nsec;
int next_cpu, reset_pending;

spin_lock(&watchdog_lock);
@@ -178,6 +178,8 @@ static void clocksource_watchdog(unsigned long data)
goto out;

reset_pending = atomic_read(&watchdog_reset_pending);
+ wd_max_nsec = clocksource_cyc2ns(watchdog->max_cycles, watchdog->mult,
+ watchdog->shift);

list_for_each_entry(cs, &watchdog_list, wd_list) {

@@ -216,8 +218,12 @@ static void clocksource_watchdog(unsigned long data)
if (atomic_read(&watchdog_reset_pending))
continue;

- /* Check the deviation from the watchdog clocksource. */
- if (abs(cs_nsec - wd_nsec) > WATCHDOG_THRESHOLD) {
+ /*
+ * Check the deviation from the watchdog clocksource,
+ * accounting for a possible watchdog overflow.
+ */
+ if (abs(cs_nsec - wd_nsec) > WATCHDOG_THRESHOLD &&
+ cs_nsec < wd_max_nsec) {
pr_warn("timekeeping watchdog on CPU%d: Marking clocksource '%s' as unstable because the skew is too large:\n",
smp_processor_id(), cs->name);
pr_warn(" '%s' wd_now: %llx wd_last: %llx mask: %llx\n",
--
2.7.1