On Wed, 19 Dec 2012, Davide Italiano wrote: > On Wed, Dec 19, 2012 at 4:18 AM, Bruce Evans <brde_at_optusnet.com.au> wrote: >> I would have tried a 32 bit format with a variable named 'ticks'. >> Something like: >> - ticks >= 0. Same meaning as now. No changes in ABIs or APIs to use >> this. The tick period would be constant but for virtual ticks and >> not too small. hz = 1000 now makes the period too small, and not a >> power of 2. So make the period 1/128 second. This gives a 1.24.7 >> binary format. 2**24 seconds is 194 days. >> - ticks < 0. The 31 value bits are now a cookie (descriptor) referring >> to a bintime or whatever. This case should rarely be used. I don't >> like it that a tickless kernel, which is needed mainly for power >> saving, has expanded into complications to support short timeouts >> which should rarely be used. > > Bruce, I don't really agree with this. > The data addressed by cookie should be still stored somewhere, and KBI > will result broken. This, indeed, is not real problem as long as > current calloutng code heavily breaks KBI, but if that was your point, > I don't see how your proposed change could help. In the old API, it is an error to pass ticks < 0, so only broken old callers are affected. Of course, if there are any then it would be hard to detect their garbage cookies. Anywy, it's too later to change to this, and maybe also to a 32.32 format. [32.32 format] >> This would make a better general format than timevals, timespecs and >> of course bintimes :-). It is a bit wasteful for timeouts since >> its extremes are rarely used. Malicious and broken callers can >> still cause overflow at 68 years, so you have to check for it and >> handle it. The limit of 194 days is just as good for timeouts. > > I think the phk's proposal is better. About your overflow objection, > I think is really unlikely to happen, but better safe than sorry. It's very easy for applications to cause kernel overflow using valid syscall args like tv_sec = TIME_T_MAX for a relative time in nanosleep(). Adding TIME_T_MAX to the current time in seconds overflow for all current times except for the first second after the Epoch. There is no difference between the overflow for 32-bit and 64-bit time_t's for this. This is now mostly handled so that the behaviour is harmless although wrong. E.g., the timeout might become negative, and then since it is not a cookie it is silently replaced by a timeout of 1 tick. In nanosleep(), IIRC there are further overflows that result in returning early instead of retrying the 1-tick timeouts endlessly. BruceReceived on Wed Dec 19 2012 - 13:21:19 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:33 UTC