AW: [PATCH 0/7] TC-ETF support PTP clocks series

From: Meisinger, Andreas
Date: Fri Oct 09 2020 - 07:17:24 EST


Hello Mr Gleixner,
thanks for your feedback we'll fix the issues not related to the time scale topic as soon as possible.

Regarding your concerns about not using TAI timescale, we do admit that in many situations TAI makes a lot of things way more easy and therefore is the way to go.

Yet we do already have usecases where this can't be done. Additionally a lot of discussions at this topic are ongoing in 60802 profile creation too.
Some of our usecases do require a network which does not depend on any external timesource. This might be due to the network not being connected (to the internet) or just because the network may not be able to rely on or trust an external timesource. Some reasons for this might be safety, security, availability or legal implications ( e.g. if a machine builder has to guarantee operation of a machine which depends on an internal tsn network).

About your question if an application needs to be able to sync to multiple timescales. A small count of usecases even would require multiple independent timesources to be used. At the moment they all seem to be located in the area of extreme high availability. There's ongoing evaluation about this issues and we're not sure if there's a way to do this without special hardware so we didn't address it here.

Additionally to these special cases at least "reading" different timesources should be possible in all cases, e.g. to be able to log based on TAI while network operation relies on it's own clock. Of course TAI timescale wouldn't the same level of trust in this scenario.

Best regards
Andreas Meisinger

Siemens AG
Digital Industries
Process Automation
DI PA DCP TI
Gleiwitzer Str. 555
90475 Nürnberg, Deutschland
Tel.: +49 911 95822720
mailto:andreas.meisinger@xxxxxxxxxxx

www.siemens.com/ingenuityforlife

-----Ursprüngliche Nachricht-----
Von: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Gesendet: Samstag, 3. Oktober 2020 02:10
An: Vinicius Costa Gomes <vinicius.gomes@xxxxxxxxx>; Geva, Erez (ext) (DI PA CI R&D 3) <erez.geva.ext@xxxxxxxxxxx>; linux-kernel@xxxxxxxxxxxxxxx; netdev@xxxxxxxxxxxxxxx; Cong Wang <xiyou.wangcong@xxxxxxxxx>; David S . Miller <davem@xxxxxxxxxxxxx>; Jakub Kicinski <kuba@xxxxxxxxxx>; Jamal Hadi Salim <jhs@xxxxxxxxxxxx>; Jiri Pirko <jiri@xxxxxxxxxxx>; Andrei Vagin <avagin@xxxxxxxxx>; Dmitry Safonov <0x7f454c46@xxxxxxxxx>; Eric W . Biederman <ebiederm@xxxxxxxxxxxx>; Ingo Molnar <mingo@xxxxxxxxxx>; John Stultz <john.stultz@xxxxxxxxxx>; Michal Kubecek <mkubecek@xxxxxxx>; Oleg Nesterov <oleg@xxxxxxxxxx>; Peter Zijlstra <peterz@xxxxxxxxxxxxx>; Richard Cochran <richardcochran@xxxxxxxxx>; Stephen Boyd <sboyd@xxxxxxxxxx>; Vladis Dronov <vdronov@xxxxxxxxxx>; Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx>; Frederic Weisbecker <frederic@xxxxxxxxxx>; Eric Dumazet <edumazet@xxxxxxxxxx>
Cc: Jesus Sanchez-Palencia <jesus.sanchez-palencia@xxxxxxxxx>; Vedang Patel <vedang.patel@xxxxxxxxx>; Sudler, Simon (DI PA DCP TI) <simon.sudler@xxxxxxxxxxx>; Meisinger, Andreas (DI PA CI R&D 3) <andreas.meisinger@xxxxxxxxxxx>; Bucher, Andreas (DI PA DCP R&D 3) <andreas.bucher@xxxxxxxxxxx>; Schild, Henning (T RDA IOT SES-DE) <henning.schild@xxxxxxxxxxx>; Kiszka, Jan (T RDA IOT SES-DE) <jan.kiszka@xxxxxxxxxxx>; Zirkler, Andreas (T RDA IOT INN-DE) <andreas.zirkler@xxxxxxxxxxx>; Sakic, Ermin (T RDA IOT INN-DE) <ermin.sakic@xxxxxxxxxxx>; Nguyen, An Ninh (DI FA TIP AAT 2) <anninh.nguyen@xxxxxxxxxxx>; Saenger, Michael (DI PA CI R&D 4) <michael.saenger@xxxxxxxxxxx>; Maehringer, Bernd (DI PA CI R&D 4) <bernd.maehringer@xxxxxxxxxxx>; Greinert, Gisela (DI PA CI R&D 4) <gisela.greinert@xxxxxxxxxxx>; Geva, Erez (ext) (DI PA CI R&D 3) <erez.geva.ext@xxxxxxxxxxx>; Erez Geva <ErezGeva2@xxxxxxxxx>
Betreff: Re: [PATCH 0/7] TC-ETF support PTP clocks series

Vinicius,

On Fri, Oct 02 2020 at 12:01, Vinicius Costa Gomes wrote:
> I think that there's an underlying problem/limitation that is the
> cause of the issue (or at least a step in the right direction) you are
> trying to solve: the issue is that PTP clocks can't be used as hrtimers.

That's only an issue if PTP time != CLOCK_TAI, which is insane to begin with.

As I know that these insanities exists in real world setups, e.g. grand clock masters which start at the epoch which causes complete disaster when any of the slave devices booted earlier. Obviously people came up with system designs which are even more insane.

> I didn't spend a lot of time thinking about how to solve this (the
> only thing that comes to mind is having a timecounter, or similar,
> "software view" over the PHC clock).

There are two aspects:

1) What's the overall time coordination especially for applications?

PTP is for a reason based on TAI which allows a universal
representation of time. Strict monotonic, no time zones, no leap
seconds, no bells and whistels.

Using TAI in distributed systems solved a gazillion of hard problems
in one go.

TSN depends on PTP and that obviously makes CLOCK_TAI _the_ clock of
choice for schedules and whatever is needed. It just solves the
problem nicely and we spent a great amount of time to make
application development for TSN reasonable and hardware agnostic.

Now industry comes along and decides to introducde independent time
universes. The result is a black hole for programmers because they
now have to waste effort - again - on solving the incredibly hard
problems of warping space and time.

The amount of money saved by not having properly coordinated time
bases in such systems is definitely marginal compared to the amount
of non-sensical work required to fix it in software.

2) How can an OS provide halfways usable interfaces to handle this
trainwreck?

Access to the various time universes is already available through
the dynamic POSIX clocks. But these interfaces have been designed
for the performance insensitive work of PTP daemons and not for the
performance critical work of applications dealing with real-time
requirements of all sorts.

As these raw PTP clocks are hardware dependend and only known at
boot / device discovery time they cannot be exposed to the kernel
internaly in any sane way. Also the user space interface has to be
dynamic which rules out the ability to assign fixed CLOCK_* ids.

As a consequence these clocks cannot provide timers like the regular
CLOCK_* variants do, which makes it insanely hard to develop sane
and portable applications.

What comes to my mind (without spending much thought on it) is:

1) Utilize and extend the existing PTP mechanisms to calculate
the time relationship between the system wide CLOCK_TAI and
the uncoordinated time universe. As offset is a constant and
frequency drift is not a high speed problem this can be done
with a userspace daemon of some sorts.

2) Provide CLOCK_TAI_PRIVATE which defaults to CLOCK_TAI,
i.e. offset = 0 and frequency ratio = 1 : 1

3) (Ab)use the existing time namespace to provide a mechanism to
adjust the offset and frequency ratio of CLOCK_TAI_PRIVATE
which is calculated by #1

This is the really tricky part and comes with severe
limitations:

- We can't walk task list to find tasks which have their
CLOCK_TAI_PRIVATE associated with a particular
incarnation of PCH/PTP universe, so some sane referencing
of the underlying parameters to convert TAI to
TAI_PRIVATE and vice versa has to be found. Life time
problems are going to be interesting to deal with.

- An application cannot coordinate multiple PCH/PTP domains
and has to restrict itself to pick ONE disjunct time
universe.

Whether that's a reasonable limitation I don't know
simply because the information provided in this patch
series is close to zero.

- Preventing early timer expiration caused by frequency
drift is not trivial either.

TBH, just thinking about all of that makes me shudder and my knee
jerk reaction is: NO WAY!

Why the heck can't hardware people and system designers finally understand that time is not something they can define at their own peril?

The "Let's solve it in software so I don't have to think about it"
design approach strikes again. This caused headaches for the past five decades, but people obviously never learn.

That said, I'm open for solutions which are at least in the proximity of sane, but that needs a lot more information about the use cases and the implications and not just some handwavy 'we screwed up our system design and therefore we need to inflict insanity on everyone' blurb.

Thanks,

tglx