r2 - 2011-01-24 - 23:03:32 - CristianKleinYou are here: NTP >  Dev Web > DevelopmentIssues > NtpdAndTicklessKernels
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p12 was released on 14 August 2018. It addresses 1 low-/medium-severity security issue in ntpd, 1 low-severity security issue in ntpq and ntpdc, and provides 27 non-security bugfixes and 4 other improvements over 4.2.8p11.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

ntpd and Tickless Kernels

Related Topics: bug_small.png Bug #802

This is a long but (hopefully not too boring) explanation of: how to save power on modern CPUs, what are tickless kernels, why we need them and why isn't NTPd playing nicely with them.

Mobile and desktop users as well as low-traffic servers require the CPU to use as little power as possible when idle. CPU frequency scaling used to be the solution, however with current technology it is not sufficient. CPUs have high leakage currents, which burn a lot of coal even when the CPU is not doing anything useful.

To address this issue, deeper "sleep-states" have been added to the CPU. In these states, some parts of the CPU (e.g., the cache, the ALU, etc.) are shut down, so as to minimize leakage current. However, since shutting down / starting these CPU parts is costly (time-wise), this technique can only be used if the software is properly written, so as to allow the CPU to sleep for as long as possible. Periodic timers are the worst enemy, as they uselessly wake up the CPU and force it into power-hungry states.

For example, the Linux kernel used to have a period timer (called tick), which would trigger (mostly) scheduling decisions. Even in a perfectly idle system, the CPU would be woken up 100 times / second, thus staying in power-hungry states and wasting energy. A lot of effort has been put into making the Linux kernel "tickless", i.e., it wakes up the CPU only when necessary.

However, the kernel can only do as good a job as the user-space allows it to. Current systems are plagued with daemons which regularly wake up the CPU, without doing anything useful. Unfortunately, ntp is one of them. Currently, it generates 1 wakeup / second on every system, mostly to treat "do I have anything to do, no" events.

bug_small.png Bug #802 has been open which includes a fix. The patch adds proper timeout computations in ntp, so that the CPU is only woken up when needed. Surely, it is an intricate patch (having a periodic timer is much easier), but the gains one obtains are significant. I have personally tried the patch and the clock stays perfectly synchronised, while the ntp process generates a negligible amount of wakeups. Note that this is not a Linux specific issue. Other operating systems, such as FreeBSD and Solaris are also pursuing the goal of having a tickless kernel. Like I said, it is a constrained imposed by the current hardware in order to save watts.

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r2 < r1 | More topic actions
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback