1 /* 2 * Copyright (c) 1982, 1986, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)kern_time.c 8.1 (Berkeley) 6/10/93 30 */ 31 32 #include <sys/cdefs.h> 33 __FBSDID("$FreeBSD$"); 34 35 #include "opt_mac.h" 36 37 #include <sys/param.h> 38 #include <sys/systm.h> 39 #include <sys/lock.h> 40 #include <sys/mutex.h> 41 #include <sys/sysproto.h> 42 #include <sys/resourcevar.h> 43 #include <sys/signalvar.h> 44 #include <sys/kernel.h> 45 #include <sys/mac.h> 46 #include <sys/sysent.h> 47 #include <sys/proc.h> 48 #include <sys/time.h> 49 #include <sys/timetc.h> 50 #include <sys/vnode.h> 51 52 #include <vm/vm.h> 53 #include <vm/vm_extern.h> 54 55 int tz_minuteswest; 56 int tz_dsttime; 57 58 /* 59 * Time of day and interval timer support. 60 * 61 * These routines provide the kernel entry points to get and set 62 * the time-of-day and per-process interval timers. Subroutines 63 * here provide support for adding and subtracting timeval structures 64 * and decrementing interval timers, optionally reloading the interval 65 * timers when they expire. 66 */ 67 68 static int nanosleep1(struct thread *td, struct timespec *rqt, 69 struct timespec *rmt); 70 static int settime(struct thread *, struct timeval *); 71 static void timevalfix(struct timeval *); 72 static void no_lease_updatetime(int); 73 74 static void 75 no_lease_updatetime(deltat) 76 int deltat; 77 { 78 } 79 80 void (*lease_updatetime)(int) = no_lease_updatetime; 81 82 static int 83 settime(struct thread *td, struct timeval *tv) 84 { 85 struct timeval delta, tv1, tv2; 86 static struct timeval maxtime, laststep; 87 struct timespec ts; 88 int s; 89 90 s = splclock(); 91 microtime(&tv1); 92 delta = *tv; 93 timevalsub(&delta, &tv1); 94 95 /* 96 * If the system is secure, we do not allow the time to be 97 * set to a value earlier than 1 second less than the highest 98 * time we have yet seen. The worst a miscreant can do in 99 * this circumstance is "freeze" time. He couldn't go 100 * back to the past. 101 * 102 * We similarly do not allow the clock to be stepped more 103 * than one second, nor more than once per second. This allows 104 * a miscreant to make the clock march double-time, but no worse. 105 */ 106 if (securelevel_gt(td->td_ucred, 1) != 0) { 107 if (delta.tv_sec < 0 || delta.tv_usec < 0) { 108 /* 109 * Update maxtime to latest time we've seen. 110 */ 111 if (tv1.tv_sec > maxtime.tv_sec) 112 maxtime = tv1; 113 tv2 = *tv; 114 timevalsub(&tv2, &maxtime); 115 if (tv2.tv_sec < -1) { 116 tv->tv_sec = maxtime.tv_sec - 1; 117 printf("Time adjustment clamped to -1 second\n"); 118 } 119 } else { 120 if (tv1.tv_sec == laststep.tv_sec) { 121 splx(s); 122 return (EPERM); 123 } 124 if (delta.tv_sec > 1) { 125 tv->tv_sec = tv1.tv_sec + 1; 126 printf("Time adjustment clamped to +1 second\n"); 127 } 128 laststep = *tv; 129 } 130 } 131 132 ts.tv_sec = tv->tv_sec; 133 ts.tv_nsec = tv->tv_usec * 1000; 134 mtx_lock(&Giant); 135 tc_setclock(&ts); 136 (void) splsoftclock(); 137 lease_updatetime(delta.tv_sec); 138 splx(s); 139 resettodr(); 140 mtx_unlock(&Giant); 141 return (0); 142 } 143 144 #ifndef _SYS_SYSPROTO_H_ 145 struct clock_gettime_args { 146 clockid_t clock_id; 147 struct timespec *tp; 148 }; 149 #endif 150 151 /* 152 * MPSAFE 153 */ 154 /* ARGSUSED */ 155 int 156 clock_gettime(struct thread *td, struct clock_gettime_args *uap) 157 { 158 struct timespec ats; 159 160 if (uap->clock_id == CLOCK_REALTIME) 161 nanotime(&ats); 162 else if (uap->clock_id == CLOCK_MONOTONIC) 163 nanouptime(&ats); 164 else 165 return (EINVAL); 166 return (copyout(&ats, uap->tp, sizeof(ats))); 167 } 168 169 #ifndef _SYS_SYSPROTO_H_ 170 struct clock_settime_args { 171 clockid_t clock_id; 172 const struct timespec *tp; 173 }; 174 #endif 175 176 /* 177 * MPSAFE 178 */ 179 /* ARGSUSED */ 180 int 181 clock_settime(struct thread *td, struct clock_settime_args *uap) 182 { 183 struct timeval atv; 184 struct timespec ats; 185 int error; 186 187 #ifdef MAC 188 error = mac_check_system_settime(td->td_ucred); 189 if (error) 190 return (error); 191 #endif 192 if ((error = suser(td)) != 0) 193 return (error); 194 if (uap->clock_id != CLOCK_REALTIME) 195 return (EINVAL); 196 if ((error = copyin(uap->tp, &ats, sizeof(ats))) != 0) 197 return (error); 198 if (ats.tv_nsec < 0 || ats.tv_nsec >= 1000000000) 199 return (EINVAL); 200 /* XXX Don't convert nsec->usec and back */ 201 TIMESPEC_TO_TIMEVAL(&atv, &ats); 202 error = settime(td, &atv); 203 return (error); 204 } 205 206 #ifndef _SYS_SYSPROTO_H_ 207 struct clock_getres_args { 208 clockid_t clock_id; 209 struct timespec *tp; 210 }; 211 #endif 212 213 int 214 clock_getres(struct thread *td, struct clock_getres_args *uap) 215 { 216 struct timespec ts; 217 int error; 218 219 if (uap->clock_id != CLOCK_REALTIME) 220 return (EINVAL); 221 error = 0; 222 if (uap->tp) { 223 ts.tv_sec = 0; 224 /* 225 * Round up the result of the division cheaply by adding 1. 226 * Rounding up is especially important if rounding down 227 * would give 0. Perfect rounding is unimportant. 228 */ 229 ts.tv_nsec = 1000000000 / tc_getfrequency() + 1; 230 error = copyout(&ts, uap->tp, sizeof(ts)); 231 } 232 return (error); 233 } 234 235 static int nanowait; 236 237 static int 238 nanosleep1(struct thread *td, struct timespec *rqt, struct timespec *rmt) 239 { 240 struct timespec ts, ts2, ts3; 241 struct timeval tv; 242 int error; 243 244 if (rqt->tv_nsec < 0 || rqt->tv_nsec >= 1000000000) 245 return (EINVAL); 246 if (rqt->tv_sec < 0 || (rqt->tv_sec == 0 && rqt->tv_nsec == 0)) 247 return (0); 248 getnanouptime(&ts); 249 timespecadd(&ts, rqt); 250 TIMESPEC_TO_TIMEVAL(&tv, rqt); 251 for (;;) { 252 error = tsleep(&nanowait, PWAIT | PCATCH, "nanslp", 253 tvtohz(&tv)); 254 getnanouptime(&ts2); 255 if (error != EWOULDBLOCK) { 256 if (error == ERESTART) 257 error = EINTR; 258 if (rmt != NULL) { 259 timespecsub(&ts, &ts2); 260 if (ts.tv_sec < 0) 261 timespecclear(&ts); 262 *rmt = ts; 263 } 264 return (error); 265 } 266 if (timespeccmp(&ts2, &ts, >=)) 267 return (0); 268 ts3 = ts; 269 timespecsub(&ts3, &ts2); 270 TIMESPEC_TO_TIMEVAL(&tv, &ts3); 271 } 272 } 273 274 #ifndef _SYS_SYSPROTO_H_ 275 struct nanosleep_args { 276 struct timespec *rqtp; 277 struct timespec *rmtp; 278 }; 279 #endif 280 281 /* 282 * MPSAFE 283 */ 284 /* ARGSUSED */ 285 int 286 nanosleep(struct thread *td, struct nanosleep_args *uap) 287 { 288 struct timespec rmt, rqt; 289 int error; 290 291 error = copyin(uap->rqtp, &rqt, sizeof(rqt)); 292 if (error) 293 return (error); 294 295 if (uap->rmtp && 296 !useracc((caddr_t)uap->rmtp, sizeof(rmt), VM_PROT_WRITE)) 297 return (EFAULT); 298 error = nanosleep1(td, &rqt, &rmt); 299 if (error && uap->rmtp) { 300 int error2; 301 302 error2 = copyout(&rmt, uap->rmtp, sizeof(rmt)); 303 if (error2) 304 error = error2; 305 } 306 return (error); 307 } 308 309 #ifndef _SYS_SYSPROTO_H_ 310 struct gettimeofday_args { 311 struct timeval *tp; 312 struct timezone *tzp; 313 }; 314 #endif 315 /* 316 * MPSAFE 317 */ 318 /* ARGSUSED */ 319 int 320 gettimeofday(struct thread *td, struct gettimeofday_args *uap) 321 { 322 struct timeval atv; 323 struct timezone rtz; 324 int error = 0; 325 326 if (uap->tp) { 327 microtime(&atv); 328 error = copyout(&atv, uap->tp, sizeof (atv)); 329 } 330 if (error == 0 && uap->tzp != NULL) { 331 rtz.tz_minuteswest = tz_minuteswest; 332 rtz.tz_dsttime = tz_dsttime; 333 error = copyout(&rtz, uap->tzp, sizeof (rtz)); 334 } 335 return (error); 336 } 337 338 #ifndef _SYS_SYSPROTO_H_ 339 struct settimeofday_args { 340 struct timeval *tv; 341 struct timezone *tzp; 342 }; 343 #endif 344 /* 345 * MPSAFE 346 */ 347 /* ARGSUSED */ 348 int 349 settimeofday(struct thread *td, struct settimeofday_args *uap) 350 { 351 struct timeval atv; 352 struct timezone atz; 353 int error = 0; 354 355 #ifdef MAC 356 error = mac_check_system_settime(td->td_ucred); 357 if (error) 358 return (error); 359 #endif 360 if ((error = suser(td))) 361 return (error); 362 /* Verify all parameters before changing time. */ 363 if (uap->tv) { 364 if ((error = copyin(uap->tv, &atv, sizeof(atv)))) 365 return (error); 366 if (atv.tv_usec < 0 || atv.tv_usec >= 1000000) 367 return (EINVAL); 368 } 369 if (uap->tzp && 370 (error = copyin(uap->tzp, &atz, sizeof(atz)))) 371 return (error); 372 373 if (uap->tv && (error = settime(td, &atv))) 374 return (error); 375 if (uap->tzp) { 376 tz_minuteswest = atz.tz_minuteswest; 377 tz_dsttime = atz.tz_dsttime; 378 } 379 return (error); 380 } 381 /* 382 * Get value of an interval timer. The process virtual and 383 * profiling virtual time timers are kept in the p_stats area, since 384 * they can be swapped out. These are kept internally in the 385 * way they are specified externally: in time until they expire. 386 * 387 * The real time interval timer is kept in the process table slot 388 * for the process, and its value (it_value) is kept as an 389 * absolute time rather than as a delta, so that it is easy to keep 390 * periodic real-time signals from drifting. 391 * 392 * Virtual time timers are processed in the hardclock() routine of 393 * kern_clock.c. The real time timer is processed by a timeout 394 * routine, called from the softclock() routine. Since a callout 395 * may be delayed in real time due to interrupt processing in the system, 396 * it is possible for the real time timeout routine (realitexpire, given below), 397 * to be delayed in real time past when it is supposed to occur. It 398 * does not suffice, therefore, to reload the real timer .it_value from the 399 * real time timers .it_interval. Rather, we compute the next time in 400 * absolute time the timer should go off. 401 */ 402 #ifndef _SYS_SYSPROTO_H_ 403 struct getitimer_args { 404 u_int which; 405 struct itimerval *itv; 406 }; 407 #endif 408 /* 409 * MPSAFE 410 */ 411 int 412 getitimer(struct thread *td, struct getitimer_args *uap) 413 { 414 struct proc *p = td->td_proc; 415 struct timeval ctv; 416 struct itimerval aitv; 417 418 if (uap->which > ITIMER_PROF) 419 return (EINVAL); 420 421 if (uap->which == ITIMER_REAL) { 422 /* 423 * Convert from absolute to relative time in .it_value 424 * part of real time timer. If time for real time timer 425 * has passed return 0, else return difference between 426 * current time and time for the timer to go off. 427 */ 428 PROC_LOCK(p); 429 aitv = p->p_realtimer; 430 PROC_UNLOCK(p); 431 if (timevalisset(&aitv.it_value)) { 432 getmicrouptime(&ctv); 433 if (timevalcmp(&aitv.it_value, &ctv, <)) 434 timevalclear(&aitv.it_value); 435 else 436 timevalsub(&aitv.it_value, &ctv); 437 } 438 } else { 439 mtx_lock_spin(&sched_lock); 440 aitv = p->p_stats->p_timer[uap->which]; 441 mtx_unlock_spin(&sched_lock); 442 } 443 return (copyout(&aitv, uap->itv, sizeof (struct itimerval))); 444 } 445 446 #ifndef _SYS_SYSPROTO_H_ 447 struct setitimer_args { 448 u_int which; 449 struct itimerval *itv, *oitv; 450 }; 451 #endif 452 /* 453 * MPSAFE 454 */ 455 int 456 setitimer(struct thread *td, struct setitimer_args *uap) 457 { 458 struct proc *p = td->td_proc; 459 struct itimerval aitv, oitv; 460 struct timeval ctv; 461 int error; 462 463 if (uap->itv == NULL) { 464 uap->itv = uap->oitv; 465 return (getitimer(td, (struct getitimer_args *)uap)); 466 } 467 468 if (uap->which > ITIMER_PROF) 469 return (EINVAL); 470 if ((error = copyin(uap->itv, &aitv, sizeof(struct itimerval)))) 471 return (error); 472 if (itimerfix(&aitv.it_value)) 473 return (EINVAL); 474 if (!timevalisset(&aitv.it_value)) 475 timevalclear(&aitv.it_interval); 476 else if (itimerfix(&aitv.it_interval)) 477 return (EINVAL); 478 479 if (uap->which == ITIMER_REAL) { 480 PROC_LOCK(p); 481 if (timevalisset(&p->p_realtimer.it_value)) 482 callout_stop(&p->p_itcallout); 483 getmicrouptime(&ctv); 484 if (timevalisset(&aitv.it_value)) { 485 callout_reset(&p->p_itcallout, tvtohz(&aitv.it_value), 486 realitexpire, p); 487 timevaladd(&aitv.it_value, &ctv); 488 } 489 oitv = p->p_realtimer; 490 p->p_realtimer = aitv; 491 PROC_UNLOCK(p); 492 if (timevalisset(&oitv.it_value)) { 493 if (timevalcmp(&oitv.it_value, &ctv, <)) 494 timevalclear(&oitv.it_value); 495 else 496 timevalsub(&oitv.it_value, &ctv); 497 } 498 } else { 499 mtx_lock_spin(&sched_lock); 500 oitv = p->p_stats->p_timer[uap->which]; 501 p->p_stats->p_timer[uap->which] = aitv; 502 mtx_unlock_spin(&sched_lock); 503 } 504 if (uap->oitv == NULL) 505 return (0); 506 return (copyout(&oitv, uap->oitv, sizeof(struct itimerval))); 507 } 508 509 /* 510 * Real interval timer expired: 511 * send process whose timer expired an alarm signal. 512 * If time is not set up to reload, then just return. 513 * Else compute next time timer should go off which is > current time. 514 * This is where delay in processing this timeout causes multiple 515 * SIGALRM calls to be compressed into one. 516 * tvtohz() always adds 1 to allow for the time until the next clock 517 * interrupt being strictly less than 1 clock tick, but we don't want 518 * that here since we want to appear to be in sync with the clock 519 * interrupt even when we're delayed. 520 */ 521 void 522 realitexpire(void *arg) 523 { 524 struct proc *p; 525 struct timeval ctv, ntv; 526 527 p = (struct proc *)arg; 528 PROC_LOCK(p); 529 psignal(p, SIGALRM); 530 if (!timevalisset(&p->p_realtimer.it_interval)) { 531 timevalclear(&p->p_realtimer.it_value); 532 if (p->p_flag & P_WEXIT) 533 wakeup(&p->p_itcallout); 534 PROC_UNLOCK(p); 535 return; 536 } 537 for (;;) { 538 timevaladd(&p->p_realtimer.it_value, 539 &p->p_realtimer.it_interval); 540 getmicrouptime(&ctv); 541 if (timevalcmp(&p->p_realtimer.it_value, &ctv, >)) { 542 ntv = p->p_realtimer.it_value; 543 timevalsub(&ntv, &ctv); 544 callout_reset(&p->p_itcallout, tvtohz(&ntv) - 1, 545 realitexpire, p); 546 PROC_UNLOCK(p); 547 return; 548 } 549 } 550 /*NOTREACHED*/ 551 } 552 553 /* 554 * Check that a proposed value to load into the .it_value or 555 * .it_interval part of an interval timer is acceptable, and 556 * fix it to have at least minimal value (i.e. if it is less 557 * than the resolution of the clock, round it up.) 558 */ 559 int 560 itimerfix(struct timeval *tv) 561 { 562 563 if (tv->tv_sec < 0 || tv->tv_sec > 100000000 || 564 tv->tv_usec < 0 || tv->tv_usec >= 1000000) 565 return (EINVAL); 566 if (tv->tv_sec == 0 && tv->tv_usec != 0 && tv->tv_usec < tick) 567 tv->tv_usec = tick; 568 return (0); 569 } 570 571 /* 572 * Decrement an interval timer by a specified number 573 * of microseconds, which must be less than a second, 574 * i.e. < 1000000. If the timer expires, then reload 575 * it. In this case, carry over (usec - old value) to 576 * reduce the value reloaded into the timer so that 577 * the timer does not drift. This routine assumes 578 * that it is called in a context where the timers 579 * on which it is operating cannot change in value. 580 */ 581 int 582 itimerdecr(struct itimerval *itp, int usec) 583 { 584 585 if (itp->it_value.tv_usec < usec) { 586 if (itp->it_value.tv_sec == 0) { 587 /* expired, and already in next interval */ 588 usec -= itp->it_value.tv_usec; 589 goto expire; 590 } 591 itp->it_value.tv_usec += 1000000; 592 itp->it_value.tv_sec--; 593 } 594 itp->it_value.tv_usec -= usec; 595 usec = 0; 596 if (timevalisset(&itp->it_value)) 597 return (1); 598 /* expired, exactly at end of interval */ 599 expire: 600 if (timevalisset(&itp->it_interval)) { 601 itp->it_value = itp->it_interval; 602 itp->it_value.tv_usec -= usec; 603 if (itp->it_value.tv_usec < 0) { 604 itp->it_value.tv_usec += 1000000; 605 itp->it_value.tv_sec--; 606 } 607 } else 608 itp->it_value.tv_usec = 0; /* sec is already 0 */ 609 return (0); 610 } 611 612 /* 613 * Add and subtract routines for timevals. 614 * N.B.: subtract routine doesn't deal with 615 * results which are before the beginning, 616 * it just gets very confused in this case. 617 * Caveat emptor. 618 */ 619 void 620 timevaladd(struct timeval *t1, const struct timeval *t2) 621 { 622 623 t1->tv_sec += t2->tv_sec; 624 t1->tv_usec += t2->tv_usec; 625 timevalfix(t1); 626 } 627 628 void 629 timevalsub(struct timeval *t1, const struct timeval *t2) 630 { 631 632 t1->tv_sec -= t2->tv_sec; 633 t1->tv_usec -= t2->tv_usec; 634 timevalfix(t1); 635 } 636 637 static void 638 timevalfix(struct timeval *t1) 639 { 640 641 if (t1->tv_usec < 0) { 642 t1->tv_sec--; 643 t1->tv_usec += 1000000; 644 } 645 if (t1->tv_usec >= 1000000) { 646 t1->tv_sec++; 647 t1->tv_usec -= 1000000; 648 } 649 } 650 651 /* 652 * ratecheck(): simple time-based rate-limit checking. 653 */ 654 int 655 ratecheck(struct timeval *lasttime, const struct timeval *mininterval) 656 { 657 struct timeval tv, delta; 658 int rv = 0; 659 660 getmicrouptime(&tv); /* NB: 10ms precision */ 661 delta = tv; 662 timevalsub(&delta, lasttime); 663 664 /* 665 * check for 0,0 is so that the message will be seen at least once, 666 * even if interval is huge. 667 */ 668 if (timevalcmp(&delta, mininterval, >=) || 669 (lasttime->tv_sec == 0 && lasttime->tv_usec == 0)) { 670 *lasttime = tv; 671 rv = 1; 672 } 673 674 return (rv); 675 } 676 677 /* 678 * ppsratecheck(): packets (or events) per second limitation. 679 * 680 * Return 0 if the limit is to be enforced (e.g. the caller 681 * should drop a packet because of the rate limitation). 682 * 683 * maxpps of 0 always causes zero to be returned. maxpps of -1 684 * always causes 1 to be returned; this effectively defeats rate 685 * limiting. 686 * 687 * Note that we maintain the struct timeval for compatibility 688 * with other bsd systems. We reuse the storage and just monitor 689 * clock ticks for minimal overhead. 690 */ 691 int 692 ppsratecheck(struct timeval *lasttime, int *curpps, int maxpps) 693 { 694 int now; 695 696 /* 697 * Reset the last time and counter if this is the first call 698 * or more than a second has passed since the last update of 699 * lasttime. 700 */ 701 now = ticks; 702 if (lasttime->tv_sec == 0 || (u_int)(now - lasttime->tv_sec) >= hz) { 703 lasttime->tv_sec = now; 704 *curpps = 1; 705 return (maxpps != 0); 706 } else { 707 (*curpps)++; /* NB: ignore potential overflow */ 708 return (maxpps < 0 || *curpps < maxpps); 709 } 710 } 711