Package: ntpsec Version: 1.2.2+dfsg1-1+deb12u1 Severity: important Dear Maintainer,
the ntpsec service starts the ntpd binary with the option "-N|--nice" (defined in ntpsec.default (/etc/default/ntpsec) [1]. By that, the ntpd will run with the highest possible priority, which is SCHED_FIFO, prio 99. These priorities are discouraged as this can starve kernel threads. I also don't think that it is the intention of the maintainer to let it run at such a high priority. Some recent stalls of PREEMPT_RT systems we observed could be related to this. Despite this option being called "nice", it does not just set the niceness level. The corresponding code in ntpd is found in [2]. Removing this option lets the ntpd run with SCHED_OTHER, prio 20. [1] https://salsa.debian.org/debian/ntpsec/-/blob/debian/unstable/debian/ntpsec.default?ref_type=heads#L1 [2] https://github.com/ntp-project/ntp/blame/9c75327c3796ff59ac648478cd4da8b205bceb77/ntpd/ntpd.c#L446 Best regards, Felix Moessbauer Siemens AG -- System Information: Debian Release: 12.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.10.11+bpo-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ntpsec depends on: ii adduser 3.134 ii init-system-helpers 1.65.2 ii libbsd0 0.11.7-2 ii libc6 2.36-9+deb12u8 ii libcap2 1:2.66-4 ii libssl3 3.0.14-1~deb12u2 ii netbase 6.4 ii python3 3.11.2-1+b1 pn python3-ntp <none> ii sysvinit-utils [lsb-base] 3.06-4 ii tzdata 2024a-0+deb12u1 Versions of packages ntpsec recommends: ii cron [cron-daemon] 3.0pl1-162 ii systemd 252.30-1~deb12u2 Versions of packages ntpsec suggests: ii apparmor 3.0.8-3 pn certbot <none> pn ntpsec-doc <none> pn ntpsec-ntpviz <none>
