1 /* 2 * Copyright (c) 1982, 1986, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)kern_time.c 8.1 (Berkeley) 6/10/93 34 * $FreeBSD$ 35 */ 36 37 #include "opt_mac.h" 38 39 #include <sys/param.h> 40 #include <sys/systm.h> 41 #include <sys/lock.h> 42 #include <sys/mutex.h> 43 #include <sys/sysproto.h> 44 #include <sys/resourcevar.h> 45 #include <sys/signalvar.h> 46 #include <sys/kernel.h> 47 #include <sys/mac.h> 48 #include <sys/systm.h> 49 #include <sys/sysent.h> 50 #include <sys/proc.h> 51 #include <sys/time.h> 52 #include <sys/timetc.h> 53 #include <sys/vnode.h> 54 55 #include <vm/vm.h> 56 #include <vm/vm_extern.h> 57 58 struct timezone tz; 59 60 /* 61 * Time of day and interval timer support. 62 * 63 * These routines provide the kernel entry points to get and set 64 * the time-of-day and per-process interval timers. Subroutines 65 * here provide support for adding and subtracting timeval structures 66 * and decrementing interval timers, optionally reloading the interval 67 * timers when they expire. 68 */ 69 70 static int nanosleep1(struct thread *td, struct timespec *rqt, 71 struct timespec *rmt); 72 static int settime(struct thread *, struct timeval *); 73 static void timevalfix(struct timeval *); 74 static void no_lease_updatetime(int); 75 76 static void 77 no_lease_updatetime(deltat) 78 int deltat; 79 { 80 } 81 82 void (*lease_updatetime)(int) = no_lease_updatetime; 83 84 static int 85 settime(struct thread *td, struct timeval *tv) 86 { 87 struct timeval delta, tv1, tv2; 88 static struct timeval maxtime, laststep; 89 struct timespec ts; 90 int s; 91 92 s = splclock(); 93 microtime(&tv1); 94 delta = *tv; 95 timevalsub(&delta, &tv1); 96 97 /* 98 * If the system is secure, we do not allow the time to be 99 * set to a value earlier than 1 second less than the highest 100 * time we have yet seen. The worst a miscreant can do in 101 * this circumstance is "freeze" time. He couldn't go 102 * back to the past. 103 * 104 * We similarly do not allow the clock to be stepped more 105 * than one second, nor more than once per second. This allows 106 * a miscreant to make the clock march double-time, but no worse. 107 */ 108 if (securelevel_gt(td->td_ucred, 1) != 0) { 109 if (delta.tv_sec < 0 || delta.tv_usec < 0) { 110 /* 111 * Update maxtime to latest time we've seen. 112 */ 113 if (tv1.tv_sec > maxtime.tv_sec) 114 maxtime = tv1; 115 tv2 = *tv; 116 timevalsub(&tv2, &maxtime); 117 if (tv2.tv_sec < -1) { 118 tv->tv_sec = maxtime.tv_sec - 1; 119 printf("Time adjustment clamped to -1 second\n"); 120 } 121 } else { 122 if (tv1.tv_sec == laststep.tv_sec) { 123 splx(s); 124 return (EPERM); 125 } 126 if (delta.tv_sec > 1) { 127 tv->tv_sec = tv1.tv_sec + 1; 128 printf("Time adjustment clamped to +1 second\n"); 129 } 130 laststep = *tv; 131 } 132 } 133 134 ts.tv_sec = tv->tv_sec; 135 ts.tv_nsec = tv->tv_usec * 1000; 136 mtx_lock(&Giant); 137 tc_setclock(&ts); 138 (void) splsoftclock(); 139 lease_updatetime(delta.tv_sec); 140 splx(s); 141 resettodr(); 142 mtx_unlock(&Giant); 143 return (0); 144 } 145 146 #ifndef _SYS_SYSPROTO_H_ 147 struct clock_gettime_args { 148 clockid_t clock_id; 149 struct timespec *tp; 150 }; 151 #endif 152 153 /* 154 * MPSAFE 155 */ 156 /* ARGSUSED */ 157 int 158 clock_gettime(struct thread *td, struct clock_gettime_args *uap) 159 { 160 struct timespec ats; 161 162 if (uap->clock_id != CLOCK_REALTIME) 163 return (EINVAL); 164 nanotime(&ats); 165 return (copyout(&ats, uap->tp, sizeof(ats))); 166 } 167 168 #ifndef _SYS_SYSPROTO_H_ 169 struct clock_settime_args { 170 clockid_t clock_id; 171 const struct timespec *tp; 172 }; 173 #endif 174 175 /* 176 * MPSAFE 177 */ 178 /* ARGSUSED */ 179 int 180 clock_settime(struct thread *td, struct clock_settime_args *uap) 181 { 182 struct timeval atv; 183 struct timespec ats; 184 int error; 185 186 #ifdef MAC 187 error = mac_check_system_settime(td->td_ucred); 188 if (error) 189 return (error); 190 #endif 191 if ((error = suser(td)) != 0) 192 return (error); 193 if (uap->clock_id != CLOCK_REALTIME) 194 return (EINVAL); 195 if ((error = copyin(uap->tp, &ats, sizeof(ats))) != 0) 196 return (error); 197 if (ats.tv_nsec < 0 || ats.tv_nsec >= 1000000000) 198 return (EINVAL); 199 /* XXX Don't convert nsec->usec and back */ 200 TIMESPEC_TO_TIMEVAL(&atv, &ats); 201 error = settime(td, &atv); 202 return (error); 203 } 204 205 #ifndef _SYS_SYSPROTO_H_ 206 struct clock_getres_args { 207 clockid_t clock_id; 208 struct timespec *tp; 209 }; 210 #endif 211 212 int 213 clock_getres(struct thread *td, struct clock_getres_args *uap) 214 { 215 struct timespec ts; 216 int error; 217 218 if (uap->clock_id != CLOCK_REALTIME) 219 return (EINVAL); 220 error = 0; 221 if (uap->tp) { 222 ts.tv_sec = 0; 223 /* 224 * Round up the result of the division cheaply by adding 1. 225 * Rounding up is especially important if rounding down 226 * would give 0. Perfect rounding is unimportant. 227 */ 228 ts.tv_nsec = 1000000000 / tc_getfrequency() + 1; 229 error = copyout(&ts, uap->tp, sizeof(ts)); 230 } 231 return (error); 232 } 233 234 static int nanowait; 235 236 static int 237 nanosleep1(struct thread *td, struct timespec *rqt, struct timespec *rmt) 238 { 239 struct timespec ts, ts2, ts3; 240 struct timeval tv; 241 int error; 242 243 if (rqt->tv_nsec < 0 || rqt->tv_nsec >= 1000000000) 244 return (EINVAL); 245 if (rqt->tv_sec < 0 || (rqt->tv_sec == 0 && rqt->tv_nsec == 0)) 246 return (0); 247 getnanouptime(&ts); 248 timespecadd(&ts, rqt); 249 TIMESPEC_TO_TIMEVAL(&tv, rqt); 250 for (;;) { 251 error = tsleep(&nanowait, PWAIT | PCATCH, "nanslp", 252 tvtohz(&tv)); 253 getnanouptime(&ts2); 254 if (error != EWOULDBLOCK) { 255 if (error == ERESTART) 256 error = EINTR; 257 if (rmt != NULL) { 258 timespecsub(&ts, &ts2); 259 if (ts.tv_sec < 0) 260 timespecclear(&ts); 261 *rmt = ts; 262 } 263 return (error); 264 } 265 if (timespeccmp(&ts2, &ts, >=)) 266 return (0); 267 ts3 = ts; 268 timespecsub(&ts3, &ts2); 269 TIMESPEC_TO_TIMEVAL(&tv, &ts3); 270 } 271 } 272 273 #ifndef _SYS_SYSPROTO_H_ 274 struct nanosleep_args { 275 struct timespec *rqtp; 276 struct timespec *rmtp; 277 }; 278 #endif 279 280 /* 281 * MPSAFE 282 */ 283 /* ARGSUSED */ 284 int 285 nanosleep(struct thread *td, struct nanosleep_args *uap) 286 { 287 struct timespec rmt, rqt; 288 int error; 289 290 error = copyin(uap->rqtp, &rqt, sizeof(rqt)); 291 if (error) 292 return (error); 293 294 if (uap->rmtp && 295 !useracc((caddr_t)uap->rmtp, sizeof(rmt), VM_PROT_WRITE)) 296 return (EFAULT); 297 mtx_lock(&Giant); 298 error = nanosleep1(td, &rqt, &rmt); 299 mtx_unlock(&Giant); 300 if (error && uap->rmtp) { 301 int error2; 302 303 error2 = copyout(&rmt, uap->rmtp, sizeof(rmt)); 304 if (error2) 305 error = error2; 306 } 307 return (error); 308 } 309 310 #ifndef _SYS_SYSPROTO_H_ 311 struct gettimeofday_args { 312 struct timeval *tp; 313 struct timezone *tzp; 314 }; 315 #endif 316 /* 317 * MPSAFE 318 */ 319 /* ARGSUSED */ 320 int 321 gettimeofday(struct thread *td, struct gettimeofday_args *uap) 322 { 323 struct timeval atv; 324 int error = 0; 325 326 if (uap->tp) { 327 microtime(&atv); 328 error = copyout(&atv, uap->tp, sizeof (atv)); 329 } 330 if (error == 0 && uap->tzp != NULL) { 331 mtx_lock(&Giant); 332 error = copyout(&tz, uap->tzp, sizeof (tz)); 333 mtx_unlock(&Giant); 334 } 335 return (error); 336 } 337 338 #ifndef _SYS_SYSPROTO_H_ 339 struct settimeofday_args { 340 struct timeval *tv; 341 struct timezone *tzp; 342 }; 343 #endif 344 /* 345 * MPSAFE 346 */ 347 /* ARGSUSED */ 348 int 349 settimeofday(struct thread *td, struct settimeofday_args *uap) 350 { 351 struct timeval atv; 352 struct timezone atz; 353 int error = 0; 354 355 #ifdef MAC 356 error = mac_check_system_settime(td->td_ucred); 357 if (error) 358 return (error); 359 #endif 360 if ((error = suser(td))) 361 return (error); 362 /* Verify all parameters before changing time. */ 363 if (uap->tv) { 364 if ((error = copyin(uap->tv, &atv, sizeof(atv)))) 365 return (error); 366 if (atv.tv_usec < 0 || atv.tv_usec >= 1000000) 367 return (EINVAL); 368 } 369 if (uap->tzp && 370 (error = copyin(uap->tzp, &atz, sizeof(atz)))) 371 return (error); 372 373 if (uap->tv && (error = settime(td, &atv))) 374 return (error); 375 if (uap->tzp) { 376 mtx_lock(&Giant); 377 tz = atz; 378 mtx_unlock(&Giant); 379 } 380 return (error); 381 } 382 /* 383 * Get value of an interval timer. The process virtual and 384 * profiling virtual time timers are kept in the p_stats area, since 385 * they can be swapped out. These are kept internally in the 386 * way they are specified externally: in time until they expire. 387 * 388 * The real time interval timer is kept in the process table slot 389 * for the process, and its value (it_value) is kept as an 390 * absolute time rather than as a delta, so that it is easy to keep 391 * periodic real-time signals from drifting. 392 * 393 * Virtual time timers are processed in the hardclock() routine of 394 * kern_clock.c. The real time timer is processed by a timeout 395 * routine, called from the softclock() routine. Since a callout 396 * may be delayed in real time due to interrupt processing in the system, 397 * it is possible for the real time timeout routine (realitexpire, given below), 398 * to be delayed in real time past when it is supposed to occur. It 399 * does not suffice, therefore, to reload the real timer .it_value from the 400 * real time timers .it_interval. Rather, we compute the next time in 401 * absolute time the timer should go off. 402 */ 403 #ifndef _SYS_SYSPROTO_H_ 404 struct getitimer_args { 405 u_int which; 406 struct itimerval *itv; 407 }; 408 #endif 409 /* 410 * MPSAFE 411 */ 412 /* ARGSUSED */ 413 int 414 getitimer(struct thread *td, struct getitimer_args *uap) 415 { 416 struct proc *p = td->td_proc; 417 struct timeval ctv; 418 struct itimerval aitv; 419 int s; 420 int error; 421 422 if (uap->which > ITIMER_PROF) 423 return (EINVAL); 424 425 mtx_lock(&Giant); 426 427 s = splclock(); /* XXX still needed ? */ 428 if (uap->which == ITIMER_REAL) { 429 /* 430 * Convert from absolute to relative time in .it_value 431 * part of real time timer. If time for real time timer 432 * has passed return 0, else return difference between 433 * current time and time for the timer to go off. 434 */ 435 aitv = p->p_realtimer; 436 if (timevalisset(&aitv.it_value)) { 437 getmicrouptime(&ctv); 438 if (timevalcmp(&aitv.it_value, &ctv, <)) 439 timevalclear(&aitv.it_value); 440 else 441 timevalsub(&aitv.it_value, &ctv); 442 } 443 } else { 444 aitv = p->p_stats->p_timer[uap->which]; 445 } 446 splx(s); 447 error = copyout(&aitv, uap->itv, sizeof (struct itimerval)); 448 mtx_unlock(&Giant); 449 return(error); 450 } 451 452 #ifndef _SYS_SYSPROTO_H_ 453 struct setitimer_args { 454 u_int which; 455 struct itimerval *itv, *oitv; 456 }; 457 #endif 458 /* 459 * MPSAFE 460 */ 461 /* ARGSUSED */ 462 int 463 setitimer(struct thread *td, struct setitimer_args *uap) 464 { 465 struct proc *p = td->td_proc; 466 struct itimerval aitv; 467 struct timeval ctv; 468 struct itimerval *itvp; 469 int s, error = 0; 470 471 if (uap->which > ITIMER_PROF) 472 return (EINVAL); 473 itvp = uap->itv; 474 if (itvp && (error = copyin(itvp, &aitv, sizeof(struct itimerval)))) 475 return (error); 476 477 mtx_lock(&Giant); 478 479 if ((uap->itv = uap->oitv) && 480 (error = getitimer(td, (struct getitimer_args *)uap))) { 481 goto done2; 482 } 483 if (itvp == 0) { 484 error = 0; 485 goto done2; 486 } 487 if (itimerfix(&aitv.it_value)) { 488 error = EINVAL; 489 goto done2; 490 } 491 if (!timevalisset(&aitv.it_value)) { 492 timevalclear(&aitv.it_interval); 493 } else if (itimerfix(&aitv.it_interval)) { 494 error = EINVAL; 495 goto done2; 496 } 497 s = splclock(); /* XXX: still needed ? */ 498 if (uap->which == ITIMER_REAL) { 499 if (timevalisset(&p->p_realtimer.it_value)) 500 callout_stop(&p->p_itcallout); 501 if (timevalisset(&aitv.it_value)) 502 callout_reset(&p->p_itcallout, tvtohz(&aitv.it_value), 503 realitexpire, p); 504 getmicrouptime(&ctv); 505 timevaladd(&aitv.it_value, &ctv); 506 p->p_realtimer = aitv; 507 } else { 508 p->p_stats->p_timer[uap->which] = aitv; 509 } 510 splx(s); 511 done2: 512 mtx_unlock(&Giant); 513 return (error); 514 } 515 516 /* 517 * Real interval timer expired: 518 * send process whose timer expired an alarm signal. 519 * If time is not set up to reload, then just return. 520 * Else compute next time timer should go off which is > current time. 521 * This is where delay in processing this timeout causes multiple 522 * SIGALRM calls to be compressed into one. 523 * tvtohz() always adds 1 to allow for the time until the next clock 524 * interrupt being strictly less than 1 clock tick, but we don't want 525 * that here since we want to appear to be in sync with the clock 526 * interrupt even when we're delayed. 527 */ 528 void 529 realitexpire(void *arg) 530 { 531 struct proc *p; 532 struct timeval ctv, ntv; 533 int s; 534 535 p = (struct proc *)arg; 536 PROC_LOCK(p); 537 psignal(p, SIGALRM); 538 if (!timevalisset(&p->p_realtimer.it_interval)) { 539 timevalclear(&p->p_realtimer.it_value); 540 PROC_UNLOCK(p); 541 return; 542 } 543 for (;;) { 544 s = splclock(); /* XXX: still neeeded ? */ 545 timevaladd(&p->p_realtimer.it_value, 546 &p->p_realtimer.it_interval); 547 getmicrouptime(&ctv); 548 if (timevalcmp(&p->p_realtimer.it_value, &ctv, >)) { 549 ntv = p->p_realtimer.it_value; 550 timevalsub(&ntv, &ctv); 551 callout_reset(&p->p_itcallout, tvtohz(&ntv) - 1, 552 realitexpire, p); 553 splx(s); 554 PROC_UNLOCK(p); 555 return; 556 } 557 splx(s); 558 } 559 /*NOTREACHED*/ 560 } 561 562 /* 563 * Check that a proposed value to load into the .it_value or 564 * .it_interval part of an interval timer is acceptable, and 565 * fix it to have at least minimal value (i.e. if it is less 566 * than the resolution of the clock, round it up.) 567 */ 568 int 569 itimerfix(struct timeval *tv) 570 { 571 572 if (tv->tv_sec < 0 || tv->tv_sec > 100000000 || 573 tv->tv_usec < 0 || tv->tv_usec >= 1000000) 574 return (EINVAL); 575 if (tv->tv_sec == 0 && tv->tv_usec != 0 && tv->tv_usec < tick) 576 tv->tv_usec = tick; 577 return (0); 578 } 579 580 /* 581 * Decrement an interval timer by a specified number 582 * of microseconds, which must be less than a second, 583 * i.e. < 1000000. If the timer expires, then reload 584 * it. In this case, carry over (usec - old value) to 585 * reduce the value reloaded into the timer so that 586 * the timer does not drift. This routine assumes 587 * that it is called in a context where the timers 588 * on which it is operating cannot change in value. 589 */ 590 int 591 itimerdecr(struct itimerval *itp, int usec) 592 { 593 594 if (itp->it_value.tv_usec < usec) { 595 if (itp->it_value.tv_sec == 0) { 596 /* expired, and already in next interval */ 597 usec -= itp->it_value.tv_usec; 598 goto expire; 599 } 600 itp->it_value.tv_usec += 1000000; 601 itp->it_value.tv_sec--; 602 } 603 itp->it_value.tv_usec -= usec; 604 usec = 0; 605 if (timevalisset(&itp->it_value)) 606 return (1); 607 /* expired, exactly at end of interval */ 608 expire: 609 if (timevalisset(&itp->it_interval)) { 610 itp->it_value = itp->it_interval; 611 itp->it_value.tv_usec -= usec; 612 if (itp->it_value.tv_usec < 0) { 613 itp->it_value.tv_usec += 1000000; 614 itp->it_value.tv_sec--; 615 } 616 } else 617 itp->it_value.tv_usec = 0; /* sec is already 0 */ 618 return (0); 619 } 620 621 /* 622 * Add and subtract routines for timevals. 623 * N.B.: subtract routine doesn't deal with 624 * results which are before the beginning, 625 * it just gets very confused in this case. 626 * Caveat emptor. 627 */ 628 void 629 timevaladd(struct timeval *t1, struct timeval *t2) 630 { 631 632 t1->tv_sec += t2->tv_sec; 633 t1->tv_usec += t2->tv_usec; 634 timevalfix(t1); 635 } 636 637 void 638 timevalsub(struct timeval *t1, struct timeval *t2) 639 { 640 641 t1->tv_sec -= t2->tv_sec; 642 t1->tv_usec -= t2->tv_usec; 643 timevalfix(t1); 644 } 645 646 static void 647 timevalfix(struct timeval *t1) 648 { 649 650 if (t1->tv_usec < 0) { 651 t1->tv_sec--; 652 t1->tv_usec += 1000000; 653 } 654 if (t1->tv_usec >= 1000000) { 655 t1->tv_sec++; 656 t1->tv_usec -= 1000000; 657 } 658 } 659 660 /* 661 * ratecheck(): simple time-based rate-limit checking. 662 */ 663 int 664 ratecheck(struct timeval *lasttime, const struct timeval *mininterval) 665 { 666 struct timeval tv, delta; 667 int rv = 0; 668 669 getmicrouptime(&tv); /* NB: 10ms precision */ 670 delta = tv; 671 timevalsub(&delta, lasttime); 672 673 /* 674 * check for 0,0 is so that the message will be seen at least once, 675 * even if interval is huge. 676 */ 677 if (timevalcmp(&delta, mininterval, >=) || 678 (lasttime->tv_sec == 0 && lasttime->tv_usec == 0)) { 679 *lasttime = tv; 680 rv = 1; 681 } 682 683 return (rv); 684 } 685 686 /* 687 * ppsratecheck(): packets (or events) per second limitation. 688 * 689 * Return 0 if the limit is to be enforced (e.g. the caller 690 * should drop a packet because of the rate limitation). 691 * 692 * Note that we maintain the struct timeval for compatibility 693 * with other bsd systems. We reuse the storage and just monitor 694 * clock ticks for minimal overhead. 695 */ 696 int 697 ppsratecheck(struct timeval *lasttime, int *curpps, int maxpps) 698 { 699 int now; 700 701 /* 702 * Reset the last time and counter if this is the first call 703 * or more than a second has passed since the last update of 704 * lasttime. 705 */ 706 now = ticks; 707 if (lasttime->tv_sec == 0 || (u_int)(now - lasttime->tv_sec) >= hz) { 708 lasttime->tv_sec = now; 709 *curpps = 1; 710 return (1); 711 } else { 712 (*curpps)++; /* NB: ignore potential overflow */ 713 return (maxpps < 0 || *curpps < maxpps); 714 } 715 } 716