1 /* 2 * Copyright (c) 1982, 1986, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)kern_time.c 8.1 (Berkeley) 6/10/93 34 * $FreeBSD$ 35 */ 36 37 #include "opt_mac.h" 38 39 #include <sys/param.h> 40 #include <sys/systm.h> 41 #include <sys/lock.h> 42 #include <sys/mutex.h> 43 #include <sys/sysproto.h> 44 #include <sys/resourcevar.h> 45 #include <sys/signalvar.h> 46 #include <sys/kernel.h> 47 #include <sys/mac.h> 48 #include <sys/sysent.h> 49 #include <sys/proc.h> 50 #include <sys/time.h> 51 #include <sys/timetc.h> 52 #include <sys/vnode.h> 53 54 #include <vm/vm.h> 55 #include <vm/vm_extern.h> 56 57 int tz_minuteswest; 58 int tz_dsttime; 59 60 /* 61 * Time of day and interval timer support. 62 * 63 * These routines provide the kernel entry points to get and set 64 * the time-of-day and per-process interval timers. Subroutines 65 * here provide support for adding and subtracting timeval structures 66 * and decrementing interval timers, optionally reloading the interval 67 * timers when they expire. 68 */ 69 70 static int nanosleep1(struct thread *td, struct timespec *rqt, 71 struct timespec *rmt); 72 static int settime(struct thread *, struct timeval *); 73 static void timevalfix(struct timeval *); 74 static void no_lease_updatetime(int); 75 76 static void 77 no_lease_updatetime(deltat) 78 int deltat; 79 { 80 } 81 82 void (*lease_updatetime)(int) = no_lease_updatetime; 83 84 static int 85 settime(struct thread *td, struct timeval *tv) 86 { 87 struct timeval delta, tv1, tv2; 88 static struct timeval maxtime, laststep; 89 struct timespec ts; 90 int s; 91 92 s = splclock(); 93 microtime(&tv1); 94 delta = *tv; 95 timevalsub(&delta, &tv1); 96 97 /* 98 * If the system is secure, we do not allow the time to be 99 * set to a value earlier than 1 second less than the highest 100 * time we have yet seen. The worst a miscreant can do in 101 * this circumstance is "freeze" time. He couldn't go 102 * back to the past. 103 * 104 * We similarly do not allow the clock to be stepped more 105 * than one second, nor more than once per second. This allows 106 * a miscreant to make the clock march double-time, but no worse. 107 */ 108 if (securelevel_gt(td->td_ucred, 1) != 0) { 109 if (delta.tv_sec < 0 || delta.tv_usec < 0) { 110 /* 111 * Update maxtime to latest time we've seen. 112 */ 113 if (tv1.tv_sec > maxtime.tv_sec) 114 maxtime = tv1; 115 tv2 = *tv; 116 timevalsub(&tv2, &maxtime); 117 if (tv2.tv_sec < -1) { 118 tv->tv_sec = maxtime.tv_sec - 1; 119 printf("Time adjustment clamped to -1 second\n"); 120 } 121 } else { 122 if (tv1.tv_sec == laststep.tv_sec) { 123 splx(s); 124 return (EPERM); 125 } 126 if (delta.tv_sec > 1) { 127 tv->tv_sec = tv1.tv_sec + 1; 128 printf("Time adjustment clamped to +1 second\n"); 129 } 130 laststep = *tv; 131 } 132 } 133 134 ts.tv_sec = tv->tv_sec; 135 ts.tv_nsec = tv->tv_usec * 1000; 136 mtx_lock(&Giant); 137 tc_setclock(&ts); 138 (void) splsoftclock(); 139 lease_updatetime(delta.tv_sec); 140 splx(s); 141 resettodr(); 142 mtx_unlock(&Giant); 143 return (0); 144 } 145 146 #ifndef _SYS_SYSPROTO_H_ 147 struct clock_gettime_args { 148 clockid_t clock_id; 149 struct timespec *tp; 150 }; 151 #endif 152 153 /* 154 * MPSAFE 155 */ 156 /* ARGSUSED */ 157 int 158 clock_gettime(struct thread *td, struct clock_gettime_args *uap) 159 { 160 struct timespec ats; 161 162 if (uap->clock_id == CLOCK_REALTIME) 163 nanotime(&ats); 164 else if (uap->clock_id == CLOCK_MONOTONIC) 165 nanouptime(&ats); 166 else 167 return (EINVAL); 168 return (copyout(&ats, uap->tp, sizeof(ats))); 169 } 170 171 #ifndef _SYS_SYSPROTO_H_ 172 struct clock_settime_args { 173 clockid_t clock_id; 174 const struct timespec *tp; 175 }; 176 #endif 177 178 /* 179 * MPSAFE 180 */ 181 /* ARGSUSED */ 182 int 183 clock_settime(struct thread *td, struct clock_settime_args *uap) 184 { 185 struct timeval atv; 186 struct timespec ats; 187 int error; 188 189 #ifdef MAC 190 error = mac_check_system_settime(td->td_ucred); 191 if (error) 192 return (error); 193 #endif 194 if ((error = suser(td)) != 0) 195 return (error); 196 if (uap->clock_id != CLOCK_REALTIME) 197 return (EINVAL); 198 if ((error = copyin(uap->tp, &ats, sizeof(ats))) != 0) 199 return (error); 200 if (ats.tv_nsec < 0 || ats.tv_nsec >= 1000000000) 201 return (EINVAL); 202 /* XXX Don't convert nsec->usec and back */ 203 TIMESPEC_TO_TIMEVAL(&atv, &ats); 204 error = settime(td, &atv); 205 return (error); 206 } 207 208 #ifndef _SYS_SYSPROTO_H_ 209 struct clock_getres_args { 210 clockid_t clock_id; 211 struct timespec *tp; 212 }; 213 #endif 214 215 int 216 clock_getres(struct thread *td, struct clock_getres_args *uap) 217 { 218 struct timespec ts; 219 int error; 220 221 if (uap->clock_id != CLOCK_REALTIME) 222 return (EINVAL); 223 error = 0; 224 if (uap->tp) { 225 ts.tv_sec = 0; 226 /* 227 * Round up the result of the division cheaply by adding 1. 228 * Rounding up is especially important if rounding down 229 * would give 0. Perfect rounding is unimportant. 230 */ 231 ts.tv_nsec = 1000000000 / tc_getfrequency() + 1; 232 error = copyout(&ts, uap->tp, sizeof(ts)); 233 } 234 return (error); 235 } 236 237 static int nanowait; 238 239 static int 240 nanosleep1(struct thread *td, struct timespec *rqt, struct timespec *rmt) 241 { 242 struct timespec ts, ts2, ts3; 243 struct timeval tv; 244 int error; 245 246 if (rqt->tv_nsec < 0 || rqt->tv_nsec >= 1000000000) 247 return (EINVAL); 248 if (rqt->tv_sec < 0 || (rqt->tv_sec == 0 && rqt->tv_nsec == 0)) 249 return (0); 250 getnanouptime(&ts); 251 timespecadd(&ts, rqt); 252 TIMESPEC_TO_TIMEVAL(&tv, rqt); 253 for (;;) { 254 error = tsleep(&nanowait, PWAIT | PCATCH, "nanslp", 255 tvtohz(&tv)); 256 getnanouptime(&ts2); 257 if (error != EWOULDBLOCK) { 258 if (error == ERESTART) 259 error = EINTR; 260 if (rmt != NULL) { 261 timespecsub(&ts, &ts2); 262 if (ts.tv_sec < 0) 263 timespecclear(&ts); 264 *rmt = ts; 265 } 266 return (error); 267 } 268 if (timespeccmp(&ts2, &ts, >=)) 269 return (0); 270 ts3 = ts; 271 timespecsub(&ts3, &ts2); 272 TIMESPEC_TO_TIMEVAL(&tv, &ts3); 273 } 274 } 275 276 #ifndef _SYS_SYSPROTO_H_ 277 struct nanosleep_args { 278 struct timespec *rqtp; 279 struct timespec *rmtp; 280 }; 281 #endif 282 283 /* 284 * MPSAFE 285 */ 286 /* ARGSUSED */ 287 int 288 nanosleep(struct thread *td, struct nanosleep_args *uap) 289 { 290 struct timespec rmt, rqt; 291 int error; 292 293 error = copyin(uap->rqtp, &rqt, sizeof(rqt)); 294 if (error) 295 return (error); 296 297 if (uap->rmtp && 298 !useracc((caddr_t)uap->rmtp, sizeof(rmt), VM_PROT_WRITE)) 299 return (EFAULT); 300 error = nanosleep1(td, &rqt, &rmt); 301 if (error && uap->rmtp) { 302 int error2; 303 304 error2 = copyout(&rmt, uap->rmtp, sizeof(rmt)); 305 if (error2) 306 error = error2; 307 } 308 return (error); 309 } 310 311 #ifndef _SYS_SYSPROTO_H_ 312 struct gettimeofday_args { 313 struct timeval *tp; 314 struct timezone *tzp; 315 }; 316 #endif 317 /* 318 * MPSAFE 319 */ 320 /* ARGSUSED */ 321 int 322 gettimeofday(struct thread *td, struct gettimeofday_args *uap) 323 { 324 struct timeval atv; 325 struct timezone rtz; 326 int error = 0; 327 328 if (uap->tp) { 329 microtime(&atv); 330 error = copyout(&atv, uap->tp, sizeof (atv)); 331 } 332 if (error == 0 && uap->tzp != NULL) { 333 rtz.tz_minuteswest = tz_minuteswest; 334 rtz.tz_dsttime = tz_dsttime; 335 error = copyout(&rtz, uap->tzp, sizeof (rtz)); 336 } 337 return (error); 338 } 339 340 #ifndef _SYS_SYSPROTO_H_ 341 struct settimeofday_args { 342 struct timeval *tv; 343 struct timezone *tzp; 344 }; 345 #endif 346 /* 347 * MPSAFE 348 */ 349 /* ARGSUSED */ 350 int 351 settimeofday(struct thread *td, struct settimeofday_args *uap) 352 { 353 struct timeval atv; 354 struct timezone atz; 355 int error = 0; 356 357 #ifdef MAC 358 error = mac_check_system_settime(td->td_ucred); 359 if (error) 360 return (error); 361 #endif 362 if ((error = suser(td))) 363 return (error); 364 /* Verify all parameters before changing time. */ 365 if (uap->tv) { 366 if ((error = copyin(uap->tv, &atv, sizeof(atv)))) 367 return (error); 368 if (atv.tv_usec < 0 || atv.tv_usec >= 1000000) 369 return (EINVAL); 370 } 371 if (uap->tzp && 372 (error = copyin(uap->tzp, &atz, sizeof(atz)))) 373 return (error); 374 375 if (uap->tv && (error = settime(td, &atv))) 376 return (error); 377 if (uap->tzp) { 378 tz_minuteswest = atz.tz_minuteswest; 379 tz_dsttime = atz.tz_dsttime; 380 } 381 return (error); 382 } 383 /* 384 * Get value of an interval timer. The process virtual and 385 * profiling virtual time timers are kept in the p_stats area, since 386 * they can be swapped out. These are kept internally in the 387 * way they are specified externally: in time until they expire. 388 * 389 * The real time interval timer is kept in the process table slot 390 * for the process, and its value (it_value) is kept as an 391 * absolute time rather than as a delta, so that it is easy to keep 392 * periodic real-time signals from drifting. 393 * 394 * Virtual time timers are processed in the hardclock() routine of 395 * kern_clock.c. The real time timer is processed by a timeout 396 * routine, called from the softclock() routine. Since a callout 397 * may be delayed in real time due to interrupt processing in the system, 398 * it is possible for the real time timeout routine (realitexpire, given below), 399 * to be delayed in real time past when it is supposed to occur. It 400 * does not suffice, therefore, to reload the real timer .it_value from the 401 * real time timers .it_interval. Rather, we compute the next time in 402 * absolute time the timer should go off. 403 */ 404 #ifndef _SYS_SYSPROTO_H_ 405 struct getitimer_args { 406 u_int which; 407 struct itimerval *itv; 408 }; 409 #endif 410 /* 411 * MPSAFE 412 */ 413 int 414 getitimer(struct thread *td, struct getitimer_args *uap) 415 { 416 struct proc *p = td->td_proc; 417 struct timeval ctv; 418 struct itimerval aitv; 419 420 if (uap->which > ITIMER_PROF) 421 return (EINVAL); 422 423 if (uap->which == ITIMER_REAL) { 424 /* 425 * Convert from absolute to relative time in .it_value 426 * part of real time timer. If time for real time timer 427 * has passed return 0, else return difference between 428 * current time and time for the timer to go off. 429 */ 430 PROC_LOCK(p); 431 aitv = p->p_realtimer; 432 PROC_UNLOCK(p); 433 if (timevalisset(&aitv.it_value)) { 434 getmicrouptime(&ctv); 435 if (timevalcmp(&aitv.it_value, &ctv, <)) 436 timevalclear(&aitv.it_value); 437 else 438 timevalsub(&aitv.it_value, &ctv); 439 } 440 } else { 441 mtx_lock_spin(&sched_lock); 442 aitv = p->p_stats->p_timer[uap->which]; 443 mtx_unlock_spin(&sched_lock); 444 } 445 return (copyout(&aitv, uap->itv, sizeof (struct itimerval))); 446 } 447 448 #ifndef _SYS_SYSPROTO_H_ 449 struct setitimer_args { 450 u_int which; 451 struct itimerval *itv, *oitv; 452 }; 453 #endif 454 /* 455 * MPSAFE 456 */ 457 int 458 setitimer(struct thread *td, struct setitimer_args *uap) 459 { 460 struct proc *p = td->td_proc; 461 struct itimerval aitv, oitv; 462 struct timeval ctv; 463 int error; 464 465 if (uap->itv == NULL) { 466 uap->itv = uap->oitv; 467 return (getitimer(td, (struct getitimer_args *)uap)); 468 } 469 470 if (uap->which > ITIMER_PROF) 471 return (EINVAL); 472 if ((error = copyin(uap->itv, &aitv, sizeof(struct itimerval)))) 473 return (error); 474 if (itimerfix(&aitv.it_value)) 475 return (EINVAL); 476 if (!timevalisset(&aitv.it_value)) 477 timevalclear(&aitv.it_interval); 478 else if (itimerfix(&aitv.it_interval)) 479 return (EINVAL); 480 481 if (uap->which == ITIMER_REAL) { 482 PROC_LOCK(p); 483 if (timevalisset(&p->p_realtimer.it_value)) 484 callout_stop(&p->p_itcallout); 485 getmicrouptime(&ctv); 486 if (timevalisset(&aitv.it_value)) { 487 callout_reset(&p->p_itcallout, tvtohz(&aitv.it_value), 488 realitexpire, p); 489 timevaladd(&aitv.it_value, &ctv); 490 } 491 oitv = p->p_realtimer; 492 p->p_realtimer = aitv; 493 PROC_UNLOCK(p); 494 if (timevalisset(&oitv.it_value)) { 495 if (timevalcmp(&oitv.it_value, &ctv, <)) 496 timevalclear(&oitv.it_value); 497 else 498 timevalsub(&oitv.it_value, &ctv); 499 } 500 } else { 501 mtx_lock_spin(&sched_lock); 502 oitv = p->p_stats->p_timer[uap->which]; 503 p->p_stats->p_timer[uap->which] = aitv; 504 mtx_unlock_spin(&sched_lock); 505 } 506 if (uap->oitv == NULL) 507 return (0); 508 return (copyout(&oitv, uap->oitv, sizeof(struct itimerval))); 509 } 510 511 /* 512 * Real interval timer expired: 513 * send process whose timer expired an alarm signal. 514 * If time is not set up to reload, then just return. 515 * Else compute next time timer should go off which is > current time. 516 * This is where delay in processing this timeout causes multiple 517 * SIGALRM calls to be compressed into one. 518 * tvtohz() always adds 1 to allow for the time until the next clock 519 * interrupt being strictly less than 1 clock tick, but we don't want 520 * that here since we want to appear to be in sync with the clock 521 * interrupt even when we're delayed. 522 */ 523 void 524 realitexpire(void *arg) 525 { 526 struct proc *p; 527 struct timeval ctv, ntv; 528 529 p = (struct proc *)arg; 530 PROC_LOCK(p); 531 psignal(p, SIGALRM); 532 if (!timevalisset(&p->p_realtimer.it_interval)) { 533 timevalclear(&p->p_realtimer.it_value); 534 PROC_UNLOCK(p); 535 return; 536 } 537 for (;;) { 538 timevaladd(&p->p_realtimer.it_value, 539 &p->p_realtimer.it_interval); 540 getmicrouptime(&ctv); 541 if (timevalcmp(&p->p_realtimer.it_value, &ctv, >)) { 542 ntv = p->p_realtimer.it_value; 543 timevalsub(&ntv, &ctv); 544 callout_reset(&p->p_itcallout, tvtohz(&ntv) - 1, 545 realitexpire, p); 546 PROC_UNLOCK(p); 547 return; 548 } 549 } 550 /*NOTREACHED*/ 551 } 552 553 /* 554 * Check that a proposed value to load into the .it_value or 555 * .it_interval part of an interval timer is acceptable, and 556 * fix it to have at least minimal value (i.e. if it is less 557 * than the resolution of the clock, round it up.) 558 */ 559 int 560 itimerfix(struct timeval *tv) 561 { 562 563 if (tv->tv_sec < 0 || tv->tv_sec > 100000000 || 564 tv->tv_usec < 0 || tv->tv_usec >= 1000000) 565 return (EINVAL); 566 if (tv->tv_sec == 0 && tv->tv_usec != 0 && tv->tv_usec < tick) 567 tv->tv_usec = tick; 568 return (0); 569 } 570 571 /* 572 * Decrement an interval timer by a specified number 573 * of microseconds, which must be less than a second, 574 * i.e. < 1000000. If the timer expires, then reload 575 * it. In this case, carry over (usec - old value) to 576 * reduce the value reloaded into the timer so that 577 * the timer does not drift. This routine assumes 578 * that it is called in a context where the timers 579 * on which it is operating cannot change in value. 580 */ 581 int 582 itimerdecr(struct itimerval *itp, int usec) 583 { 584 585 if (itp->it_value.tv_usec < usec) { 586 if (itp->it_value.tv_sec == 0) { 587 /* expired, and already in next interval */ 588 usec -= itp->it_value.tv_usec; 589 goto expire; 590 } 591 itp->it_value.tv_usec += 1000000; 592 itp->it_value.tv_sec--; 593 } 594 itp->it_value.tv_usec -= usec; 595 usec = 0; 596 if (timevalisset(&itp->it_value)) 597 return (1); 598 /* expired, exactly at end of interval */ 599 expire: 600 if (timevalisset(&itp->it_interval)) { 601 itp->it_value = itp->it_interval; 602 itp->it_value.tv_usec -= usec; 603 if (itp->it_value.tv_usec < 0) { 604 itp->it_value.tv_usec += 1000000; 605 itp->it_value.tv_sec--; 606 } 607 } else 608 itp->it_value.tv_usec = 0; /* sec is already 0 */ 609 return (0); 610 } 611 612 /* 613 * Add and subtract routines for timevals. 614 * N.B.: subtract routine doesn't deal with 615 * results which are before the beginning, 616 * it just gets very confused in this case. 617 * Caveat emptor. 618 */ 619 void 620 timevaladd(struct timeval *t1, struct timeval *t2) 621 { 622 623 t1->tv_sec += t2->tv_sec; 624 t1->tv_usec += t2->tv_usec; 625 timevalfix(t1); 626 } 627 628 void 629 timevalsub(struct timeval *t1, struct timeval *t2) 630 { 631 632 t1->tv_sec -= t2->tv_sec; 633 t1->tv_usec -= t2->tv_usec; 634 timevalfix(t1); 635 } 636 637 static void 638 timevalfix(struct timeval *t1) 639 { 640 641 if (t1->tv_usec < 0) { 642 t1->tv_sec--; 643 t1->tv_usec += 1000000; 644 } 645 if (t1->tv_usec >= 1000000) { 646 t1->tv_sec++; 647 t1->tv_usec -= 1000000; 648 } 649 } 650 651 /* 652 * ratecheck(): simple time-based rate-limit checking. 653 */ 654 int 655 ratecheck(struct timeval *lasttime, const struct timeval *mininterval) 656 { 657 struct timeval tv, delta; 658 int rv = 0; 659 660 getmicrouptime(&tv); /* NB: 10ms precision */ 661 delta = tv; 662 timevalsub(&delta, lasttime); 663 664 /* 665 * check for 0,0 is so that the message will be seen at least once, 666 * even if interval is huge. 667 */ 668 if (timevalcmp(&delta, mininterval, >=) || 669 (lasttime->tv_sec == 0 && lasttime->tv_usec == 0)) { 670 *lasttime = tv; 671 rv = 1; 672 } 673 674 return (rv); 675 } 676 677 /* 678 * ppsratecheck(): packets (or events) per second limitation. 679 * 680 * Return 0 if the limit is to be enforced (e.g. the caller 681 * should drop a packet because of the rate limitation). 682 * 683 * maxpps of 0 always causes zero to be returned. maxpps of -1 684 * always causes 1 to be returned; this effectively defeats rate 685 * limiting. 686 * 687 * Note that we maintain the struct timeval for compatibility 688 * with other bsd systems. We reuse the storage and just monitor 689 * clock ticks for minimal overhead. 690 */ 691 int 692 ppsratecheck(struct timeval *lasttime, int *curpps, int maxpps) 693 { 694 int now; 695 696 /* 697 * Reset the last time and counter if this is the first call 698 * or more than a second has passed since the last update of 699 * lasttime. 700 */ 701 now = ticks; 702 if (lasttime->tv_sec == 0 || (u_int)(now - lasttime->tv_sec) >= hz) { 703 lasttime->tv_sec = now; 704 *curpps = 1; 705 return (maxpps != 0); 706 } else { 707 (*curpps)++; /* NB: ignore potential overflow */ 708 return (maxpps < 0 || *curpps < maxpps); 709 } 710 } 711