On 10/30/20 4:06 PM, Thomas Gleixner wrote: > On Fri, Oct 30 2020 at 12:58, Carlos O'Donell wrote: >> I expect that more requests for further time isolation will happen >> given the utility of this in containers. > > There was a lengthy discussion about this and the only "usecase" which > was brought up was having different NTP servers in name spaces, i.e. the > leap second ones and the smearing ones.
In the non-"request for ponies" category: * Running legacy 32-bit applications in containers with CLOCK_REALTIME set to some value below y2038. * Testing kernel and userspace clock handling code without needing to run on bare-metal, VM, or other. > Now imagine 1000 containers each running their own NTP. Guess what the > host does in each timer interrupt? Chasing 1000 containers and update > their notion of CLOCK_REALTIME. In the remaining 5% CPU time the 1000 > containers can do their computations. How is this different than balancing any other resource that you give to a container/vm on a host? Can you enable 1000 containers running smbd/nmbd and expect to get great IO performance? > But even if you restrict it to a trivial offset without NTP > capabilities, what's the semantics of that offset when the host time is > set? Now you're talking about an implementation. This thread is simply "Would we implement CLOCK_REALTIME?" Is the answer "Maybe, if we solve all these other problems?" >> If we have to use qemu today then that's where we're at, but again >> I expect our use case is representative of more than just glibc. > > For testing purposes it might be. For real world use cases not so > much. People tend to rely on the coordinated nature of CLOCK_TAI and > CLOCK_REALTIME. Except we have two real world use cases, at the top of this email, that could extend to a lot of software. We know legacy 32-bit applications exist that will break with CLOCK_REALTIME past y2038. Software exists that manipulates time and needs testing with specific time values e.g. month crossings, day crossings, leap year crossings, etc. >> Does checkpointing work robustly when userspace APIS use >> CLOCK_REALTIME (directly or indirectly) in the container? > > AFAICT, yes. That was the conclusion over the lenghty discussion about > time name spaces and their requirements. If this is the case then have we established behaviours that happen when such processes are migrated to other systems with different CLOCK_REALTIME clocks? Would these behaviours serve as the basis of how CLOCK_REALTIME in a namespace would behave? That is to say that migrating a container to a system with a different CLOCK_REALTIME should behave similarly to what happens when CLOCK_REALTIME is changed locally and you have a container with a unique CLOCK_REALTIME? > Here is the Linux plumber session related to that: > https://www.youtube.com/watch?v=sjRUiqJVzOA Thanks. I watched the session. Informative :-) -- Cheers, Carlos.
