1 /* 2 * Copyright (c) 1982, 1986, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)kern_time.c 8.1 (Berkeley) 6/10/93 34 */ 35 36 #include <sys/cdefs.h> 37 __FBSDID("$FreeBSD$"); 38 39 #include "opt_mac.h" 40 41 #include <sys/param.h> 42 #include <sys/systm.h> 43 #include <sys/lock.h> 44 #include <sys/mutex.h> 45 #include <sys/sysproto.h> 46 #include <sys/resourcevar.h> 47 #include <sys/signalvar.h> 48 #include <sys/kernel.h> 49 #include <sys/mac.h> 50 #include <sys/sysent.h> 51 #include <sys/proc.h> 52 #include <sys/time.h> 53 #include <sys/timetc.h> 54 #include <sys/vnode.h> 55 56 #include <vm/vm.h> 57 #include <vm/vm_extern.h> 58 59 int tz_minuteswest; 60 int tz_dsttime; 61 62 /* 63 * Time of day and interval timer support. 64 * 65 * These routines provide the kernel entry points to get and set 66 * the time-of-day and per-process interval timers. Subroutines 67 * here provide support for adding and subtracting timeval structures 68 * and decrementing interval timers, optionally reloading the interval 69 * timers when they expire. 70 */ 71 72 static int nanosleep1(struct thread *td, struct timespec *rqt, 73 struct timespec *rmt); 74 static int settime(struct thread *, struct timeval *); 75 static void timevalfix(struct timeval *); 76 static void no_lease_updatetime(int); 77 78 static void 79 no_lease_updatetime(deltat) 80 int deltat; 81 { 82 } 83 84 void (*lease_updatetime)(int) = no_lease_updatetime; 85 86 static int 87 settime(struct thread *td, struct timeval *tv) 88 { 89 struct timeval delta, tv1, tv2; 90 static struct timeval maxtime, laststep; 91 struct timespec ts; 92 int s; 93 94 s = splclock(); 95 microtime(&tv1); 96 delta = *tv; 97 timevalsub(&delta, &tv1); 98 99 /* 100 * If the system is secure, we do not allow the time to be 101 * set to a value earlier than 1 second less than the highest 102 * time we have yet seen. The worst a miscreant can do in 103 * this circumstance is "freeze" time. He couldn't go 104 * back to the past. 105 * 106 * We similarly do not allow the clock to be stepped more 107 * than one second, nor more than once per second. This allows 108 * a miscreant to make the clock march double-time, but no worse. 109 */ 110 if (securelevel_gt(td->td_ucred, 1) != 0) { 111 if (delta.tv_sec < 0 || delta.tv_usec < 0) { 112 /* 113 * Update maxtime to latest time we've seen. 114 */ 115 if (tv1.tv_sec > maxtime.tv_sec) 116 maxtime = tv1; 117 tv2 = *tv; 118 timevalsub(&tv2, &maxtime); 119 if (tv2.tv_sec < -1) { 120 tv->tv_sec = maxtime.tv_sec - 1; 121 printf("Time adjustment clamped to -1 second\n"); 122 } 123 } else { 124 if (tv1.tv_sec == laststep.tv_sec) { 125 splx(s); 126 return (EPERM); 127 } 128 if (delta.tv_sec > 1) { 129 tv->tv_sec = tv1.tv_sec + 1; 130 printf("Time adjustment clamped to +1 second\n"); 131 } 132 laststep = *tv; 133 } 134 } 135 136 ts.tv_sec = tv->tv_sec; 137 ts.tv_nsec = tv->tv_usec * 1000; 138 mtx_lock(&Giant); 139 tc_setclock(&ts); 140 (void) splsoftclock(); 141 lease_updatetime(delta.tv_sec); 142 splx(s); 143 resettodr(); 144 mtx_unlock(&Giant); 145 return (0); 146 } 147 148 #ifndef _SYS_SYSPROTO_H_ 149 struct clock_gettime_args { 150 clockid_t clock_id; 151 struct timespec *tp; 152 }; 153 #endif 154 155 /* 156 * MPSAFE 157 */ 158 /* ARGSUSED */ 159 int 160 clock_gettime(struct thread *td, struct clock_gettime_args *uap) 161 { 162 struct timespec ats; 163 164 if (uap->clock_id == CLOCK_REALTIME) 165 nanotime(&ats); 166 else if (uap->clock_id == CLOCK_MONOTONIC) 167 nanouptime(&ats); 168 else 169 return (EINVAL); 170 return (copyout(&ats, uap->tp, sizeof(ats))); 171 } 172 173 #ifndef _SYS_SYSPROTO_H_ 174 struct clock_settime_args { 175 clockid_t clock_id; 176 const struct timespec *tp; 177 }; 178 #endif 179 180 /* 181 * MPSAFE 182 */ 183 /* ARGSUSED */ 184 int 185 clock_settime(struct thread *td, struct clock_settime_args *uap) 186 { 187 struct timeval atv; 188 struct timespec ats; 189 int error; 190 191 #ifdef MAC 192 error = mac_check_system_settime(td->td_ucred); 193 if (error) 194 return (error); 195 #endif 196 if ((error = suser(td)) != 0) 197 return (error); 198 if (uap->clock_id != CLOCK_REALTIME) 199 return (EINVAL); 200 if ((error = copyin(uap->tp, &ats, sizeof(ats))) != 0) 201 return (error); 202 if (ats.tv_nsec < 0 || ats.tv_nsec >= 1000000000) 203 return (EINVAL); 204 /* XXX Don't convert nsec->usec and back */ 205 TIMESPEC_TO_TIMEVAL(&atv, &ats); 206 error = settime(td, &atv); 207 return (error); 208 } 209 210 #ifndef _SYS_SYSPROTO_H_ 211 struct clock_getres_args { 212 clockid_t clock_id; 213 struct timespec *tp; 214 }; 215 #endif 216 217 int 218 clock_getres(struct thread *td, struct clock_getres_args *uap) 219 { 220 struct timespec ts; 221 int error; 222 223 if (uap->clock_id != CLOCK_REALTIME) 224 return (EINVAL); 225 error = 0; 226 if (uap->tp) { 227 ts.tv_sec = 0; 228 /* 229 * Round up the result of the division cheaply by adding 1. 230 * Rounding up is especially important if rounding down 231 * would give 0. Perfect rounding is unimportant. 232 */ 233 ts.tv_nsec = 1000000000 / tc_getfrequency() + 1; 234 error = copyout(&ts, uap->tp, sizeof(ts)); 235 } 236 return (error); 237 } 238 239 static int nanowait; 240 241 static int 242 nanosleep1(struct thread *td, struct timespec *rqt, struct timespec *rmt) 243 { 244 struct timespec ts, ts2, ts3; 245 struct timeval tv; 246 int error; 247 248 if (rqt->tv_nsec < 0 || rqt->tv_nsec >= 1000000000) 249 return (EINVAL); 250 if (rqt->tv_sec < 0 || (rqt->tv_sec == 0 && rqt->tv_nsec == 0)) 251 return (0); 252 getnanouptime(&ts); 253 timespecadd(&ts, rqt); 254 TIMESPEC_TO_TIMEVAL(&tv, rqt); 255 for (;;) { 256 error = tsleep(&nanowait, PWAIT | PCATCH, "nanslp", 257 tvtohz(&tv)); 258 getnanouptime(&ts2); 259 if (error != EWOULDBLOCK) { 260 if (error == ERESTART) 261 error = EINTR; 262 if (rmt != NULL) { 263 timespecsub(&ts, &ts2); 264 if (ts.tv_sec < 0) 265 timespecclear(&ts); 266 *rmt = ts; 267 } 268 return (error); 269 } 270 if (timespeccmp(&ts2, &ts, >=)) 271 return (0); 272 ts3 = ts; 273 timespecsub(&ts3, &ts2); 274 TIMESPEC_TO_TIMEVAL(&tv, &ts3); 275 } 276 } 277 278 #ifndef _SYS_SYSPROTO_H_ 279 struct nanosleep_args { 280 struct timespec *rqtp; 281 struct timespec *rmtp; 282 }; 283 #endif 284 285 /* 286 * MPSAFE 287 */ 288 /* ARGSUSED */ 289 int 290 nanosleep(struct thread *td, struct nanosleep_args *uap) 291 { 292 struct timespec rmt, rqt; 293 int error; 294 295 error = copyin(uap->rqtp, &rqt, sizeof(rqt)); 296 if (error) 297 return (error); 298 299 if (uap->rmtp && 300 !useracc((caddr_t)uap->rmtp, sizeof(rmt), VM_PROT_WRITE)) 301 return (EFAULT); 302 error = nanosleep1(td, &rqt, &rmt); 303 if (error && uap->rmtp) { 304 int error2; 305 306 error2 = copyout(&rmt, uap->rmtp, sizeof(rmt)); 307 if (error2) 308 error = error2; 309 } 310 return (error); 311 } 312 313 #ifndef _SYS_SYSPROTO_H_ 314 struct gettimeofday_args { 315 struct timeval *tp; 316 struct timezone *tzp; 317 }; 318 #endif 319 /* 320 * MPSAFE 321 */ 322 /* ARGSUSED */ 323 int 324 gettimeofday(struct thread *td, struct gettimeofday_args *uap) 325 { 326 struct timeval atv; 327 struct timezone rtz; 328 int error = 0; 329 330 if (uap->tp) { 331 microtime(&atv); 332 error = copyout(&atv, uap->tp, sizeof (atv)); 333 } 334 if (error == 0 && uap->tzp != NULL) { 335 rtz.tz_minuteswest = tz_minuteswest; 336 rtz.tz_dsttime = tz_dsttime; 337 error = copyout(&rtz, uap->tzp, sizeof (rtz)); 338 } 339 return (error); 340 } 341 342 #ifndef _SYS_SYSPROTO_H_ 343 struct settimeofday_args { 344 struct timeval *tv; 345 struct timezone *tzp; 346 }; 347 #endif 348 /* 349 * MPSAFE 350 */ 351 /* ARGSUSED */ 352 int 353 settimeofday(struct thread *td, struct settimeofday_args *uap) 354 { 355 struct timeval atv; 356 struct timezone atz; 357 int error = 0; 358 359 #ifdef MAC 360 error = mac_check_system_settime(td->td_ucred); 361 if (error) 362 return (error); 363 #endif 364 if ((error = suser(td))) 365 return (error); 366 /* Verify all parameters before changing time. */ 367 if (uap->tv) { 368 if ((error = copyin(uap->tv, &atv, sizeof(atv)))) 369 return (error); 370 if (atv.tv_usec < 0 || atv.tv_usec >= 1000000) 371 return (EINVAL); 372 } 373 if (uap->tzp && 374 (error = copyin(uap->tzp, &atz, sizeof(atz)))) 375 return (error); 376 377 if (uap->tv && (error = settime(td, &atv))) 378 return (error); 379 if (uap->tzp) { 380 tz_minuteswest = atz.tz_minuteswest; 381 tz_dsttime = atz.tz_dsttime; 382 } 383 return (error); 384 } 385 /* 386 * Get value of an interval timer. The process virtual and 387 * profiling virtual time timers are kept in the p_stats area, since 388 * they can be swapped out. These are kept internally in the 389 * way they are specified externally: in time until they expire. 390 * 391 * The real time interval timer is kept in the process table slot 392 * for the process, and its value (it_value) is kept as an 393 * absolute time rather than as a delta, so that it is easy to keep 394 * periodic real-time signals from drifting. 395 * 396 * Virtual time timers are processed in the hardclock() routine of 397 * kern_clock.c. The real time timer is processed by a timeout 398 * routine, called from the softclock() routine. Since a callout 399 * may be delayed in real time due to interrupt processing in the system, 400 * it is possible for the real time timeout routine (realitexpire, given below), 401 * to be delayed in real time past when it is supposed to occur. It 402 * does not suffice, therefore, to reload the real timer .it_value from the 403 * real time timers .it_interval. Rather, we compute the next time in 404 * absolute time the timer should go off. 405 */ 406 #ifndef _SYS_SYSPROTO_H_ 407 struct getitimer_args { 408 u_int which; 409 struct itimerval *itv; 410 }; 411 #endif 412 /* 413 * MPSAFE 414 */ 415 int 416 getitimer(struct thread *td, struct getitimer_args *uap) 417 { 418 struct proc *p = td->td_proc; 419 struct timeval ctv; 420 struct itimerval aitv; 421 422 if (uap->which > ITIMER_PROF) 423 return (EINVAL); 424 425 if (uap->which == ITIMER_REAL) { 426 /* 427 * Convert from absolute to relative time in .it_value 428 * part of real time timer. If time for real time timer 429 * has passed return 0, else return difference between 430 * current time and time for the timer to go off. 431 */ 432 PROC_LOCK(p); 433 aitv = p->p_realtimer; 434 PROC_UNLOCK(p); 435 if (timevalisset(&aitv.it_value)) { 436 getmicrouptime(&ctv); 437 if (timevalcmp(&aitv.it_value, &ctv, <)) 438 timevalclear(&aitv.it_value); 439 else 440 timevalsub(&aitv.it_value, &ctv); 441 } 442 } else { 443 mtx_lock_spin(&sched_lock); 444 aitv = p->p_stats->p_timer[uap->which]; 445 mtx_unlock_spin(&sched_lock); 446 } 447 return (copyout(&aitv, uap->itv, sizeof (struct itimerval))); 448 } 449 450 #ifndef _SYS_SYSPROTO_H_ 451 struct setitimer_args { 452 u_int which; 453 struct itimerval *itv, *oitv; 454 }; 455 #endif 456 /* 457 * MPSAFE 458 */ 459 int 460 setitimer(struct thread *td, struct setitimer_args *uap) 461 { 462 struct proc *p = td->td_proc; 463 struct itimerval aitv, oitv; 464 struct timeval ctv; 465 int error; 466 467 if (uap->itv == NULL) { 468 uap->itv = uap->oitv; 469 return (getitimer(td, (struct getitimer_args *)uap)); 470 } 471 472 if (uap->which > ITIMER_PROF) 473 return (EINVAL); 474 if ((error = copyin(uap->itv, &aitv, sizeof(struct itimerval)))) 475 return (error); 476 if (itimerfix(&aitv.it_value)) 477 return (EINVAL); 478 if (!timevalisset(&aitv.it_value)) 479 timevalclear(&aitv.it_interval); 480 else if (itimerfix(&aitv.it_interval)) 481 return (EINVAL); 482 483 if (uap->which == ITIMER_REAL) { 484 PROC_LOCK(p); 485 if (timevalisset(&p->p_realtimer.it_value)) 486 callout_stop(&p->p_itcallout); 487 getmicrouptime(&ctv); 488 if (timevalisset(&aitv.it_value)) { 489 callout_reset(&p->p_itcallout, tvtohz(&aitv.it_value), 490 realitexpire, p); 491 timevaladd(&aitv.it_value, &ctv); 492 } 493 oitv = p->p_realtimer; 494 p->p_realtimer = aitv; 495 PROC_UNLOCK(p); 496 if (timevalisset(&oitv.it_value)) { 497 if (timevalcmp(&oitv.it_value, &ctv, <)) 498 timevalclear(&oitv.it_value); 499 else 500 timevalsub(&oitv.it_value, &ctv); 501 } 502 } else { 503 mtx_lock_spin(&sched_lock); 504 oitv = p->p_stats->p_timer[uap->which]; 505 p->p_stats->p_timer[uap->which] = aitv; 506 mtx_unlock_spin(&sched_lock); 507 } 508 if (uap->oitv == NULL) 509 return (0); 510 return (copyout(&oitv, uap->oitv, sizeof(struct itimerval))); 511 } 512 513 /* 514 * Real interval timer expired: 515 * send process whose timer expired an alarm signal. 516 * If time is not set up to reload, then just return. 517 * Else compute next time timer should go off which is > current time. 518 * This is where delay in processing this timeout causes multiple 519 * SIGALRM calls to be compressed into one. 520 * tvtohz() always adds 1 to allow for the time until the next clock 521 * interrupt being strictly less than 1 clock tick, but we don't want 522 * that here since we want to appear to be in sync with the clock 523 * interrupt even when we're delayed. 524 */ 525 void 526 realitexpire(void *arg) 527 { 528 struct proc *p; 529 struct timeval ctv, ntv; 530 531 p = (struct proc *)arg; 532 PROC_LOCK(p); 533 psignal(p, SIGALRM); 534 if (!timevalisset(&p->p_realtimer.it_interval)) { 535 timevalclear(&p->p_realtimer.it_value); 536 if (p->p_flag & P_WEXIT) 537 wakeup(&p->p_itcallout); 538 PROC_UNLOCK(p); 539 return; 540 } 541 for (;;) { 542 timevaladd(&p->p_realtimer.it_value, 543 &p->p_realtimer.it_interval); 544 getmicrouptime(&ctv); 545 if (timevalcmp(&p->p_realtimer.it_value, &ctv, >)) { 546 ntv = p->p_realtimer.it_value; 547 timevalsub(&ntv, &ctv); 548 callout_reset(&p->p_itcallout, tvtohz(&ntv) - 1, 549 realitexpire, p); 550 PROC_UNLOCK(p); 551 return; 552 } 553 } 554 /*NOTREACHED*/ 555 } 556 557 /* 558 * Check that a proposed value to load into the .it_value or 559 * .it_interval part of an interval timer is acceptable, and 560 * fix it to have at least minimal value (i.e. if it is less 561 * than the resolution of the clock, round it up.) 562 */ 563 int 564 itimerfix(struct timeval *tv) 565 { 566 567 if (tv->tv_sec < 0 || tv->tv_sec > 100000000 || 568 tv->tv_usec < 0 || tv->tv_usec >= 1000000) 569 return (EINVAL); 570 if (tv->tv_sec == 0 && tv->tv_usec != 0 && tv->tv_usec < tick) 571 tv->tv_usec = tick; 572 return (0); 573 } 574 575 /* 576 * Decrement an interval timer by a specified number 577 * of microseconds, which must be less than a second, 578 * i.e. < 1000000. If the timer expires, then reload 579 * it. In this case, carry over (usec - old value) to 580 * reduce the value reloaded into the timer so that 581 * the timer does not drift. This routine assumes 582 * that it is called in a context where the timers 583 * on which it is operating cannot change in value. 584 */ 585 int 586 itimerdecr(struct itimerval *itp, int usec) 587 { 588 589 if (itp->it_value.tv_usec < usec) { 590 if (itp->it_value.tv_sec == 0) { 591 /* expired, and already in next interval */ 592 usec -= itp->it_value.tv_usec; 593 goto expire; 594 } 595 itp->it_value.tv_usec += 1000000; 596 itp->it_value.tv_sec--; 597 } 598 itp->it_value.tv_usec -= usec; 599 usec = 0; 600 if (timevalisset(&itp->it_value)) 601 return (1); 602 /* expired, exactly at end of interval */ 603 expire: 604 if (timevalisset(&itp->it_interval)) { 605 itp->it_value = itp->it_interval; 606 itp->it_value.tv_usec -= usec; 607 if (itp->it_value.tv_usec < 0) { 608 itp->it_value.tv_usec += 1000000; 609 itp->it_value.tv_sec--; 610 } 611 } else 612 itp->it_value.tv_usec = 0; /* sec is already 0 */ 613 return (0); 614 } 615 616 /* 617 * Add and subtract routines for timevals. 618 * N.B.: subtract routine doesn't deal with 619 * results which are before the beginning, 620 * it just gets very confused in this case. 621 * Caveat emptor. 622 */ 623 void 624 timevaladd(struct timeval *t1, struct timeval *t2) 625 { 626 627 t1->tv_sec += t2->tv_sec; 628 t1->tv_usec += t2->tv_usec; 629 timevalfix(t1); 630 } 631 632 void 633 timevalsub(struct timeval *t1, struct timeval *t2) 634 { 635 636 t1->tv_sec -= t2->tv_sec; 637 t1->tv_usec -= t2->tv_usec; 638 timevalfix(t1); 639 } 640 641 static void 642 timevalfix(struct timeval *t1) 643 { 644 645 if (t1->tv_usec < 0) { 646 t1->tv_sec--; 647 t1->tv_usec += 1000000; 648 } 649 if (t1->tv_usec >= 1000000) { 650 t1->tv_sec++; 651 t1->tv_usec -= 1000000; 652 } 653 } 654 655 /* 656 * ratecheck(): simple time-based rate-limit checking. 657 */ 658 int 659 ratecheck(struct timeval *lasttime, const struct timeval *mininterval) 660 { 661 struct timeval tv, delta; 662 int rv = 0; 663 664 getmicrouptime(&tv); /* NB: 10ms precision */ 665 delta = tv; 666 timevalsub(&delta, lasttime); 667 668 /* 669 * check for 0,0 is so that the message will be seen at least once, 670 * even if interval is huge. 671 */ 672 if (timevalcmp(&delta, mininterval, >=) || 673 (lasttime->tv_sec == 0 && lasttime->tv_usec == 0)) { 674 *lasttime = tv; 675 rv = 1; 676 } 677 678 return (rv); 679 } 680 681 /* 682 * ppsratecheck(): packets (or events) per second limitation. 683 * 684 * Return 0 if the limit is to be enforced (e.g. the caller 685 * should drop a packet because of the rate limitation). 686 * 687 * maxpps of 0 always causes zero to be returned. maxpps of -1 688 * always causes 1 to be returned; this effectively defeats rate 689 * limiting. 690 * 691 * Note that we maintain the struct timeval for compatibility 692 * with other bsd systems. We reuse the storage and just monitor 693 * clock ticks for minimal overhead. 694 */ 695 int 696 ppsratecheck(struct timeval *lasttime, int *curpps, int maxpps) 697 { 698 int now; 699 700 /* 701 * Reset the last time and counter if this is the first call 702 * or more than a second has passed since the last update of 703 * lasttime. 704 */ 705 now = ticks; 706 if (lasttime->tv_sec == 0 || (u_int)(now - lasttime->tv_sec) >= hz) { 707 lasttime->tv_sec = now; 708 *curpps = 1; 709 return (maxpps != 0); 710 } else { 711 (*curpps)++; /* NB: ignore potential overflow */ 712 return (maxpps < 0 || *curpps < maxpps); 713 } 714 } 715