[
https://issues.apache.org/jira/browse/KUDU-3521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17782887#comment-17782887
]
ASF subversion and git services commented on KUDU-3521:
-------------------------------------------------------
Commit 79bb84893745d330b710fb461e5f89a5d22b324e in kudu's branch
refs/heads/branch-1.16.x from Alexey Serbin
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=79bb84893 ]
[clock] KUDU-3521 fix crash when clock is synchronized by PTPd
There was an earlier attempt to address the issue [1], but the fix
hasn't received +2 since there was not enough evidence behind the
root cause analysis. With the report on #kudu-general Slack
channel [2], from the analysis of the code [3] it's easy to see there
isn't any other way to get such a manifestation of the issue but
a negative value for the 'maxerror' field of the 'timex' structure
returned by the ntp_adjtime()/adjtimex() system call.
The essence of the problem is that in Kudu the maximum error is supposed
to be a non-negative number. This patch addresses the issue.
[1] https://gerrit.cloudera.org/#/c/12149/
[2] https://getkudu.slack.com/archives/C0CPXJ3CH/p1698246065354269
[3]
https://github.com/apache/kudu/blob/04fdbd0974f4418295d57c0daa4b67de3e777a43/src/kudu/clock/hybrid_clock.cc#L627-L706
Change-Id: Ibbe1a50c4857b9742d2ffde35440d0dee082edc0
Reviewed-on: http://gerrit.cloudera.org:8080/20626
Tested-by: Kudu Jenkins
Reviewed-by: Yingchun Lai <laiyingc...@apache.org>
Reviewed-by: Abhishek Chennaka <achenn...@cloudera.com>
(cherry picked from commit 4859d290277bf36f0bd84891c4764194c2cf9521)
Conflicts:
src/kudu/clock/system_ntp.cc
Reviewed-on: http://gerrit.cloudera.org:8080/20650
> Kudu servers sometimes crash when host clock is synchronized by PTPd
> --------------------------------------------------------------------
>
> Key: KUDU-3521
> URL: https://issues.apache.org/jira/browse/KUDU-3521
> Project: Kudu
> Issue Type: Bug
> Reporter: Alexey Serbin
> Assignee: Alexey Serbin
> Priority: Major
> Fix For: 1.18.0, 1.17.1
>
>
> This issue has been reported on the [\#kudu-general Slack
> channel|https://getkudu.slack.com/archives/C0CPXJ3CH/p1698246065354269]. A
> Kudu server of 1.16.0 version (not sure whether it was {{kudu-master}} or
> {{kudu-tserver}}, but it doesn't matter) crashed with the following error:
> {noformat}
> F1024 22:32:06.866636 3323203 hybrid_clock.cc:452] Check failed: _s.ok()
> unable to get current timestamp with error bound: Service unavailable: clock
> error estimate (18446744073709551615us) too high (clock considered
> synchronized by the kernel)
> {noformat}
> From the analysis of the [code in
> hybrid_clock.cc|https://github.com/apache/kudu/blob/04fdbd0974f4418295d57c0daa4b67de3e777a43/src/kudu/clock/hybrid_clock.cc#L627-L705],
> the only case it could happen is when {{t.maxerror}} turned to be a negative
> number (e.g., -1) in [this
> code|https://github.com/apache/kudu/blob/aeaec84df536cbd9a55e5e09998d64a961f5d706/src/kudu/clock/system_ntp.cc#L176].
> Negative values of the {{timex::maxerror}} field have never been seen when
> using ntpd or chronyd for clock synchronization, but it's necessary to update
> the code to adapt for such situations: apparently, PTP might set the
> {{maxerror}} field of the {{timex}} structure to a negative value and then
> call {{adjtimex()}}. That's obvious from [the PTPd's
> code|https://github.com/ptpd/ptpd/blob/1ec9e650b03e6bd75dd3179fb5f09862ebdc54bf/src/dep/sys.c#L1969-L1984].
> The essence of the issue is using unsigned integers for clock error in the
> Kudu code, but {{timex.maxerror}} is a signed number, and at least PTPd sets
> it to a negative number when calling {{adjtimex()}}. Also, nowhere in [the
> documentation for
> adjtimex()|https://www.man7.org/linux/man-pages/man2/adjtimex.2.html] it's
> stated that the {{maxerror}} field's value should be a non-negative number.
> As a side note, there was [a prior attempt to address this
> issue|https://gerrit.cloudera.org/#/c/12149/], but not enough evidence was
> presented for the RCA.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
