On 12.03.24 18:15, David Woodhouse wrote: > On Mon, 2024-03-11 at 19:24 +0100, Peter Hilber wrote: >> On 08.03.24 13:33, David Woodhouse wrote: >>> On Fri, 2024-03-08 at 11:32 +0100, Peter Hilber wrote: >>>> On 07.03.24 15:02, David Woodhouse wrote: >>>>> Hm, should we allow UTC? If you tell me the time in UTC, then >>>>> (sometimes) I still don't actually know what the time is, because some >>>>> UTC seconds occur twice. UTC only makes sense if you provide the TAI >>>>> offset, surely? Should the virtio_rtc specification make it mandatory >>>>> to provide such? >>>>> >>>>> Otherwise you're just designing it to allow crappy hypervisors to >>>>> expose incomplete information. >>>>> >>>> >>>> Hi David, >>>> >>>> (adding virtio-comment@xxxxxxxxxxxxxxxxxxxx for spec discussion), >>>> >>>> thank you for your insightful comments. I think I take a broadly similar >>>> view. The reason why the current spec and driver is like this is that I >>>> took a pragmatic approach at first and only included features which work >>>> out-of-the-box for the current Linux ecosystem. >>>> >>>> The current virtio_rtc features work similar to ptp_kvm, and therefore >>>> can work out-of-the-box with time sync daemons such as chrony. >>>> >>>> As of RFC spec v3, UTC clock only is allowed. If mandating a TAI clock >>>> as well, I am afraid that >>>> >>>> - in some (embedded) scenarios, the TAI clock may not be available >>>> >>>> - crappy hypervisors will pass off the UTC clock as the TAI clock. >>>> >>>> For the same reasons, I am also not sure about adding a *mandatory* TAI >>>> offset to each readout. I don't know user-space software which would >>>> leverage this already (at least not through the PTP clock interface). >>>> And why would such software not go straight for the TAI clock instead? >>>> >>>> How about adding a requirement to the spec that the virtio-rtc device >>>> SHOULD expose the TAI clock whenever it is available - would this >>>> address your concerns? >>> >>> I think that would be too easy for implementors to miss, or decide not >>> to obey. Or to get *wrong*, by exposing a TAI clock but actually >>> putting UTC in it. >>> >>> I think I prefer to mandate the tai_offset field with the UTC clock. >>> Crappy implementations will just set it to zero, but at least that >>> gives a clear signal to the guests that it's *their* problem to >>> resolve. >> >> To me there are some open questions regarding how this would work. Is there >> a use case for this with the v3 clock reading methods, or would it be >> enough to address this with the Virtio timekeeper? >> >> Looking at clock_adjtime(2), the tai_offset could be exposed, but probably >> best alongside some additional information about leap seconds. I am not >> aware about any user-space user. In addition, leap second smearing should >> also be addressed. >> > > Is there even a standard yet for leap-smearing? Will it be linear over > 1000 seconds like UTC-SLS? Or semi-raised-cosine over 24 hours, which I > think is what Google does? Meta does something different again, don't > they? > > Exposing UTC as the only clock reference is bad enough; when leap > seconds happen there's a whole second during which you don't *know* > which second it is. It seems odd to me, for a precision clock to be > deliberately ambiguous about what the time is! Just to be clear, the device can perfectly expose only a TAI reference clock (or both UTC and TAI), the spec is just completely open about this, as it tries to work for diverse use cases. > > But if the virtio-rtc clock is defined as UTC and then expose something > *different* in it, that's even worse. You potentially end up providing > inaccurate time for a whole *day* leading up to the leap second. > > I think you're right that leap second smearing should be addressed. At > the very least, by making it clear that the virtio-rtc clock which > advertises UTC shall be used *only* for UTC, never UTC-SLS or any other > yet-to-be-defined variant. > Agreed. > Please make it explicit that any hypervisor which wants to advertise a > smeared clock shall define a new type which specifies the precise > smearing algorithm and cannot be conflated with the one you're defining > here. > I will add a requirement that the UTC clock can never have smeared/smoothed leap seconds. I think that not every vendor would bother to first add a definition of a smearing algorithm. Also, I think in some cases knowing the precise smearing algorithm might not be important (when having the same time as the hypervisor is enough and accuracy w.r.t. actual time is less important). So maybe I should add a VIRTIO_RTC_CLOCK_UTC_SMEARED clock type, which for now could catch every UTC-like clock which smears/smoothes leap seconds, where the vendor cannot be bothered to add the smearing algorithm to spec and implementations. As for UTC-SLS, this *could* also be added, although [1] says It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." [1] https://datatracker.ietf.org/doc/html/draft-kuhn-leapsecond-00 >>> One other thing to note is I think we're being very naïve about the TSC >>> on x86 hosts. Theoretically, the TSC for every vCPU might run at a >>> different frequency, and even if they run at the same frequency they >>> might be offset from each other. I'm happy to be naïve but I think we >>> should be *explicitly* so, and just say for example that it's defined >>> against vCPU0 so if other vCPUs are different then all bets are off. >> >> ATM Virtio has no notion of vCPUs, or vCPU topology. So I wonder if you >> have an opinion on how to represent this in a platform-independent way. > > Well, it doesn't have a notion of TSCs either; you include that by > implicit reference don't you? I think I can add a SHOULD requirement which vaguely refers to vCPU 0, or boot vCPU. But the Virtio device is not necessarily hosted by a hypervisor, so the device might not even know which vCPUs there are. E.g. there is even interest to make virtio-rtc work as part of the virtio-net device (which might be implemented in hardware). Thanks for the comments, Peter