Jason Xing wrote:

On Tue, Aug 27, 2024 at 2:43 AM Willem de Bruijn
[off-list ref] wrote:

quoted

Jason Xing wrote:

quoted

On Tue, Aug 27, 2024 at 12:03 AM Willem de Bruijn
[off-list ref] wrote:

quoted

Jason Xing wrote:

quoted

Hello Willem,

On Mon, Aug 26, 2024 at 9:24 PM Willem de Bruijn
[off-list ref] wrote:

quoted

Jason Xing wrote:

quoted

From: Jason Xing <kernelxing@tencent.com>

Normally, if we want to record and print the rx timestamp after
tcp_recvmsg_locked(), we must enable both SOF_TIMESTAMPING_SOFTWARE
and SOF_TIMESTAMPING_RX_SOFTWARE flags, from which we also can notice
through running rxtimestamp binary in selftests (see testcase 7).

However, there is one particular case that fails the selftests with
"./rxtimestamp: Expected swtstamp to not be set." error printing in
testcase 6.

How does it happen? When we keep running a thread starting a socket
and set SOF_TIMESTAMPING_RX_HARDWARE option first, then running
./rxtimestamp, it will fail. The reason is the former thread
switching on netstamp_needed_key that makes the feature global,
every skb going through netif_receive_skb_list_internal() function
will get a current timestamp in net_timestamp_check(). So the skb
will have timestamp regardless of whether its socket option has
SOF_TIMESTAMPING_RX_SOFTWARE or not.

After this patch, we can pass the selftest and control each socket
as we want when using rx timestamp feature.

Signed-off-by: Jason Xing <kernelxing@tencent.com>
---
 net/ipv4/tcp.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 8514257f4ecd..49e73d66c57d 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c

@@ -2235,6 +2235,7 @@ void tcp_recv_timestamp(struct msghdr *msg, const struct sock *sk,
                      struct scm_timestamping_internal *tss)
 {
      int new_tstamp = sock_flag(sk, SOCK_TSTAMP_NEW);
+     u32 tsflags = READ_ONCE(sk->sk_tsflags);
      bool has_timestamping = false;

      if (tss->ts[0].tv_sec || tss->ts[0].tv_nsec) {

@@ -2274,14 +2275,19 @@ void tcp_recv_timestamp(struct msghdr *msg, const struct sock *sk,
                      }
              }

-             if (READ_ONCE(sk->sk_tsflags) & SOF_TIMESTAMPING_SOFTWARE)
+             /* skb may contain timestamp because another socket
+              * turned on netstamp_needed_key which allows generate
+              * the timestamp. So we need to check the current socket.
+              */
+             if (tsflags & SOF_TIMESTAMPING_SOFTWARE &&
+                 tsflags & SOF_TIMESTAMPING_RX_SOFTWARE)
                      has_timestamping = true;
              else
                      tss->ts[0] = (struct timespec64) {0};
      }

The current behavior is as described in
Documentation/networking/timestamping.rst:

"The socket option configures timestamp generation for individual
sk_buffs (1.3.1), timestamp reporting to the socket's error
queue (1.3.2)"

SOF_TIMESTAMPING_RX_SOFTWARE is a timestamp generation option.
SOF_TIMESTAMPING_SOFTWARE is a timestamp reporting option.

Thanks for your review.

Yes, it's true.

quoted

This patch changes that clearly defined behavior.

Why?

Because it repurposes generation flag SOF_TIMESTAMPING_RX_SOFTWARE in
timestamp reporting.

If a single flag configures both generation and reporting, why bother
with two flags at all.

Thanks for your full and detailed explanation :)

I probably understand what you're saying. You think we should strictly
distinguish these two concepts "generation" and "reporting".

In my opinion, they are just concepts. We can make it clear by writing
some sentences in the Documentation.

quoted

quoted

I don't get it. Please see those testcase in
tools/testing/selftests/net/rxtimestamp.c.

quoted

On Tx the separation between generation and reporting has value, as it
allows setting the generation on a per packet basis with SCM_TSTAMP_*.

I didn't break the logic on the tx path. tcp_recv_timestamp() is only
related to the rx path.

Regarding the tx path, I carefully take care of this logic in
patch[2/2], so now the series only handles the issue happening in the
rx path.

quoted

On Rx it is more subtle, but the two are still tested at different
points in the path, and can be updated by setsockopt in between a
packet arrival and a recvmsg().

The interaction between sockets on software timestamping is a
longstanding issue. I don't think there is any urgency to change this

Oh, now I see.

quoted

now. This proposed change makes the API less consistent, and may
also affect applications that depend on the current behavior.

Maybe. But, it's not the original design which we expect, right?

It is. Your argument is against the current API design. This is not
a bug where behavior diverges from the intended interface. The doc is
clear on this.

The API makes a distinction between generation and reporting bits. The
shared generation early in the Rx path is a long standing known issue.

I'm not saying that the API is perfect. But it is clear in its use of
the bits. Muddling the distinction between reporting and generation
bits in one of the four cases makes the API less consistent and harder
to understand.

If you think the API as is is wrong, then at a minimum that would
require an update to timestamping.rst. But I think that medicine may
be worse than the ailment.

At least, I think it is against the use of setsockopt, that's the key
reason: making people confused and thinking the setsockopt is not a
per-socket fine-grained design. Don't you think it's a little bit
strange?

That is moot. This design was made many years ago and is now expected.

I also don't see it as a huge issue.

Sure, it's not a big problem.

quoted

The effect you point out in rxtimestamp.c was known and reported in
the test commit itself.

Perhaps a more interesting argument would be
SOF_TIMESTAMPING_SOFTWARE | SOF_TIMESTAMPING_TX_SOFTWARE. But
spurious software rx timestamps are trivially ignored.

quoted

Besides those two concepts you mentioned, could you explain if there
are side effects that the series has and what kind of bad consequences
that the series could bring?

It doesn't do the same for hardware timestamping, creating
inconsistency.

Taking a closer look at the code, there are actually already two weird
special cases here.

SOF_TIMESTAMPING_RX_HARDWARE never has to be passed, as rx hardware
timestamp generation is configured through SIOCSHWTSTAMP.

SOF_TIMESTAMPING_RX_SOFTWARE already enables timestamp reporting from
sock_recv_timestamp(), while reporting should not be conditional on
this generation flag.

        /*
         * generate control messages if
         * - receive time stamping in software requested
         * - software time stamp available and wanted
         * - hardware time stamps available and wanted
         */
        if (sock_flag(sk, SOCK_RCVTSTAMP) ||
            (tsflags & SOF_TIMESTAMPING_RX_SOFTWARE) ||
            (kt && tsflags & SOF_TIMESTAMPING_SOFTWARE) ||
            (hwtstamps->hwtstamp &&
             (tsflags & SOF_TIMESTAMPING_RAW_HARDWARE)))
                __sock_recv_timestamp(msg, sk, skb);

I evidently already noticed this back in 2014, when I left a note in
commit b9f40e21ef42 ("net-timestamp: move timestamp flags out of
sk_flags"):

    SOCK_TIMESTAMPING_RX_SOFTWARE is also used to toggle the receive
    timestamp logic (netstamp_needed). That can be simplified and this
    last key removed, but will leave that for a separate patch.

But I do not see __sock_recv_timestamp toggling the feature either
then or now, so I think this is vestigial and can be removed.

quoted

Changing established interfaces always risks production issues. In
this case, I'm not convinced that the benefit outweighs this risk.

I got it.

I'm thinking that I'm not the first one and the last one who know/find
this long standing "issue", could we at least documentented it
somewhere, like adding comments in the selftests or Documentation, to
avoid the similar confusion in the future? Or change the behaviour in
the rxtimestamp.c test? What do you think about it? Adding
documentation or comments is the simplest way:)

I can see the value of your extra filter. Given the above examples, it
won't be the first subtle variance from the API design, either.

So either way is fine with me: change it or leave it.

But in both ways, yes: please update the documentation accordingly.

And if you do choose to change it, please be ready to revert on report
of breakage. Applications that only pass SOF_TIMESTAMPING_SOFTWARE,
because that always worked as they subtly relied on another daemon to
enable SOF_TIMESTAMPING_RX_SOFTWARE, for instance.

Thanks,
Jason

quoted

quoted

I tried to make it more logical and also don't want to break the
existing use behaviour of applications.

I believe that what I wrote doesn't have an impact on other cases and
perfects what should be perfected. No offense. If the series does no
harm and we keep it in the right direction, are there other reasons
stopping it getting approved, I wonder.

Thanks,
Jason

quoted

quoted

I can make sure this series can fix the issue. This series is trying
to ask users to use/set both flags to receive an expected timestamp.
The purpose of using setsockopt is to control the socket itself
insteading of interfering with others.

About the breakage issue, let me assume, if the user only sets the
SOF_TIMESTAMPING_SOFTWARE flag, he cannot expect the socket will
receive a timestamp, right? So what might happen if we fix the issue?
I think the logics in the rxtimestamp.c selftest are very clear :)

Besides, test case 6 will fail under this circumstance

Sorry about that. My team added that test, and we expanded it over
time. Crucially, the test was added well after the SO_TIMESTAMPING
API, so it was never intended to be prescriptive.

Commit 0558c3960407 ("selftests/net: plug rxtimestamp test into
kselftest framework") actually mentions this issue:

    Also ignore failures of test case #6 by default. This case verifies
    that a receive timestamp is not reported if timestamp reporting is
    enabled for a socket, but generation is disabled. Receive timestamp
    generation has to be enabled globally, as no associated socket is
    known yet. A background process that enables rx timestamp generation
    therefore causes a false positive. Ntpd is one example that does.

    Add a "--strict" option to cause failure in the event that any test
    case fails, including test #6. This is useful for environments that
    are known to not have such background processes.