qemu-timer: Call clock reset notifiers on forward jumps

Commit 691a0c9c introduced a mechanism by which QEMU_CLOCK_HOST can
notify other parts of the emulator when the host clock has jumped
backward.  This is used to avoid stalling timers that were scheduled
based on the host clock.

However, if the host clock jumps forward, then timers that were
scheduled based on the host clock may fire rapidly and cause other
problems.  For example, the mc146818rtc periodic timer will block
execution of the VM and consume host CPU while firing every interrupt
for the time period that was skipped by the host clock.

To correct that problem, this commit fires the reset notification if the
host clock jumps forward by more than a hard-coded limit.  The limit is
currently set to a value of 60 seconds, which should be small enough to
prevent excessive timer loops, but large enough to avoid frequent resets
in idle VMs.

Signed-off-by: Paul Donohue <qemu-git@PaulSD.com>
Message-Id: <20150612140845.GD2749@TopQuark.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

include/qemu/timer.h

@@ -787,6 +787,15 @@ static inline int64_t get_ticks_per_sec(void)
     return 1000000000LL;
 }
 
+static inline int64_t get_max_clock_jump(void)
+{
+    /* This should be small enough to prevent excessive interrupts from being
+     * generated by the RTC on clock jumps, but large enough to avoid frequent
+     * unnecessary resets in idle VMs.
+     */
+    return 60 * get_ticks_per_sec();
+}
+
 /*
  * Low level clock functions
  */

qemu-timer.c

@@ -573,7 +573,7 @@ int64_t qemu_clock_get_ns(QEMUClockType type)
         now = get_clock_realtime();
         last = clock->last;
         clock->last = now;
-        if (now < last) {
+        if (now < last || now > (last + get_max_clock_jump())) {
             notifier_list_notify(&clock->reset_notifiers, &now);
         }
         return now;