1 /* 2 * Copyright (c) 1982, 1986, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)kern_time.c 8.1 (Berkeley) 6/10/93 34 * $FreeBSD$ 35 */ 36 37 #include "opt_mac.h" 38 39 #include <sys/param.h> 40 #include <sys/systm.h> 41 #include <sys/lock.h> 42 #include <sys/mutex.h> 43 #include <sys/sysproto.h> 44 #include <sys/resourcevar.h> 45 #include <sys/signalvar.h> 46 #include <sys/kernel.h> 47 #include <sys/mac.h> 48 #include <sys/sysent.h> 49 #include <sys/proc.h> 50 #include <sys/time.h> 51 #include <sys/timetc.h> 52 #include <sys/vnode.h> 53 54 #include <vm/vm.h> 55 #include <vm/vm_extern.h> 56 57 int tz_minuteswest; 58 int tz_dsttime; 59 60 /* 61 * Time of day and interval timer support. 62 * 63 * These routines provide the kernel entry points to get and set 64 * the time-of-day and per-process interval timers. Subroutines 65 * here provide support for adding and subtracting timeval structures 66 * and decrementing interval timers, optionally reloading the interval 67 * timers when they expire. 68 */ 69 70 static int nanosleep1(struct thread *td, struct timespec *rqt, 71 struct timespec *rmt); 72 static int settime(struct thread *, struct timeval *); 73 static void timevalfix(struct timeval *); 74 static void no_lease_updatetime(int); 75 76 static void 77 no_lease_updatetime(deltat) 78 int deltat; 79 { 80 } 81 82 void (*lease_updatetime)(int) = no_lease_updatetime; 83 84 static int 85 settime(struct thread *td, struct timeval *tv) 86 { 87 struct timeval delta, tv1, tv2; 88 static struct timeval maxtime, laststep; 89 struct timespec ts; 90 int s; 91 92 s = splclock(); 93 microtime(&tv1); 94 delta = *tv; 95 timevalsub(&delta, &tv1); 96 97 /* 98 * If the system is secure, we do not allow the time to be 99 * set to a value earlier than 1 second less than the highest 100 * time we have yet seen. The worst a miscreant can do in 101 * this circumstance is "freeze" time. He couldn't go 102 * back to the past. 103 * 104 * We similarly do not allow the clock to be stepped more 105 * than one second, nor more than once per second. This allows 106 * a miscreant to make the clock march double-time, but no worse. 107 */ 108 if (securelevel_gt(td->td_ucred, 1) != 0) { 109 if (delta.tv_sec < 0 || delta.tv_usec < 0) { 110 /* 111 * Update maxtime to latest time we've seen. 112 */ 113 if (tv1.tv_sec > maxtime.tv_sec) 114 maxtime = tv1; 115 tv2 = *tv; 116 timevalsub(&tv2, &maxtime); 117 if (tv2.tv_sec < -1) { 118 tv->tv_sec = maxtime.tv_sec - 1; 119 printf("Time adjustment clamped to -1 second\n"); 120 } 121 } else { 122 if (tv1.tv_sec == laststep.tv_sec) { 123 splx(s); 124 return (EPERM); 125 } 126 if (delta.tv_sec > 1) { 127 tv->tv_sec = tv1.tv_sec + 1; 128 printf("Time adjustment clamped to +1 second\n"); 129 } 130 laststep = *tv; 131 } 132 } 133 134 ts.tv_sec = tv->tv_sec; 135 ts.tv_nsec = tv->tv_usec * 1000; 136 mtx_lock(&Giant); 137 tc_setclock(&ts); 138 (void) splsoftclock(); 139 lease_updatetime(delta.tv_sec); 140 splx(s); 141 resettodr(); 142 mtx_unlock(&Giant); 143 return (0); 144 } 145 146 #ifndef _SYS_SYSPROTO_H_ 147 struct clock_gettime_args { 148 clockid_t clock_id; 149 struct timespec *tp; 150 }; 151 #endif 152 153 /* 154 * MPSAFE 155 */ 156 /* ARGSUSED */ 157 int 158 clock_gettime(struct thread *td, struct clock_gettime_args *uap) 159 { 160 struct timespec ats; 161 162 if (uap->clock_id == CLOCK_REALTIME) 163 nanotime(&ats); 164 else if (uap->clock_id == CLOCK_MONOTONIC) 165 nanouptime(&ats); 166 else 167 return (EINVAL); 168 return (copyout(&ats, uap->tp, sizeof(ats))); 169 } 170 171 #ifndef _SYS_SYSPROTO_H_ 172 struct clock_settime_args { 173 clockid_t clock_id; 174 const struct timespec *tp; 175 }; 176 #endif 177 178 /* 179 * MPSAFE 180 */ 181 /* ARGSUSED */ 182 int 183 clock_settime(struct thread *td, struct clock_settime_args *uap) 184 { 185 struct timeval atv; 186 struct timespec ats; 187 int error; 188 189 #ifdef MAC 190 error = mac_check_system_settime(td->td_ucred); 191 if (error) 192 return (error); 193 #endif 194 if ((error = suser(td)) != 0) 195 return (error); 196 if (uap->clock_id != CLOCK_REALTIME) 197 return (EINVAL); 198 if ((error = copyin(uap->tp, &ats, sizeof(ats))) != 0) 199 return (error); 200 if (ats.tv_nsec < 0 || ats.tv_nsec >= 1000000000) 201 return (EINVAL); 202 /* XXX Don't convert nsec->usec and back */ 203 TIMESPEC_TO_TIMEVAL(&atv, &ats); 204 error = settime(td, &atv); 205 return (error); 206 } 207 208 #ifndef _SYS_SYSPROTO_H_ 209 struct clock_getres_args { 210 clockid_t clock_id; 211 struct timespec *tp; 212 }; 213 #endif 214 215 int 216 clock_getres(struct thread *td, struct clock_getres_args *uap) 217 { 218 struct timespec ts; 219 int error; 220 221 if (uap->clock_id != CLOCK_REALTIME) 222 return (EINVAL); 223 error = 0; 224 if (uap->tp) { 225 ts.tv_sec = 0; 226 /* 227 * Round up the result of the division cheaply by adding 1. 228 * Rounding up is especially important if rounding down 229 * would give 0. Perfect rounding is unimportant. 230 */ 231 ts.tv_nsec = 1000000000 / tc_getfrequency() + 1; 232 error = copyout(&ts, uap->tp, sizeof(ts)); 233 } 234 return (error); 235 } 236 237 static int nanowait; 238 239 static int 240 nanosleep1(struct thread *td, struct timespec *rqt, struct timespec *rmt) 241 { 242 struct timespec ts, ts2, ts3; 243 struct timeval tv; 244 int error; 245 246 if (rqt->tv_nsec < 0 || rqt->tv_nsec >= 1000000000) 247 return (EINVAL); 248 if (rqt->tv_sec < 0 || (rqt->tv_sec == 0 && rqt->tv_nsec == 0)) 249 return (0); 250 getnanouptime(&ts); 251 timespecadd(&ts, rqt); 252 TIMESPEC_TO_TIMEVAL(&tv, rqt); 253 for (;;) { 254 error = tsleep(&nanowait, PWAIT | PCATCH, "nanslp", 255 tvtohz(&tv)); 256 getnanouptime(&ts2); 257 if (error != EWOULDBLOCK) { 258 if (error == ERESTART) 259 error = EINTR; 260 if (rmt != NULL) { 261 timespecsub(&ts, &ts2); 262 if (ts.tv_sec < 0) 263 timespecclear(&ts); 264 *rmt = ts; 265 } 266 return (error); 267 } 268 if (timespeccmp(&ts2, &ts, >=)) 269 return (0); 270 ts3 = ts; 271 timespecsub(&ts3, &ts2); 272 TIMESPEC_TO_TIMEVAL(&tv, &ts3); 273 } 274 } 275 276 #ifndef _SYS_SYSPROTO_H_ 277 struct nanosleep_args { 278 struct timespec *rqtp; 279 struct timespec *rmtp; 280 }; 281 #endif 282 283 /* 284 * MPSAFE 285 */ 286 /* ARGSUSED */ 287 int 288 nanosleep(struct thread *td, struct nanosleep_args *uap) 289 { 290 struct timespec rmt, rqt; 291 int error; 292 293 error = copyin(uap->rqtp, &rqt, sizeof(rqt)); 294 if (error) 295 return (error); 296 297 if (uap->rmtp && 298 !useracc((caddr_t)uap->rmtp, sizeof(rmt), VM_PROT_WRITE)) 299 return (EFAULT); 300 error = nanosleep1(td, &rqt, &rmt); 301 if (error && uap->rmtp) { 302 int error2; 303 304 error2 = copyout(&rmt, uap->rmtp, sizeof(rmt)); 305 if (error2) 306 error = error2; 307 } 308 return (error); 309 } 310 311 #ifndef _SYS_SYSPROTO_H_ 312 struct gettimeofday_args { 313 struct timeval *tp; 314 struct timezone *tzp; 315 }; 316 #endif 317 /* 318 * MPSAFE 319 */ 320 /* ARGSUSED */ 321 int 322 gettimeofday(struct thread *td, struct gettimeofday_args *uap) 323 { 324 struct timeval atv; 325 struct timezone rtz; 326 int error = 0; 327 328 if (uap->tp) { 329 microtime(&atv); 330 error = copyout(&atv, uap->tp, sizeof (atv)); 331 } 332 if (error == 0 && uap->tzp != NULL) { 333 rtz.tz_minuteswest = tz_minuteswest; 334 rtz.tz_dsttime = tz_dsttime; 335 error = copyout(&rtz, uap->tzp, sizeof (rtz)); 336 } 337 return (error); 338 } 339 340 #ifndef _SYS_SYSPROTO_H_ 341 struct settimeofday_args { 342 struct timeval *tv; 343 struct timezone *tzp; 344 }; 345 #endif 346 /* 347 * MPSAFE 348 */ 349 /* ARGSUSED */ 350 int 351 settimeofday(struct thread *td, struct settimeofday_args *uap) 352 { 353 struct timeval atv; 354 struct timezone atz; 355 int error = 0; 356 357 #ifdef MAC 358 error = mac_check_system_settime(td->td_ucred); 359 if (error) 360 return (error); 361 #endif 362 if ((error = suser(td))) 363 return (error); 364 /* Verify all parameters before changing time. */ 365 if (uap->tv) { 366 if ((error = copyin(uap->tv, &atv, sizeof(atv)))) 367 return (error); 368 if (atv.tv_usec < 0 || atv.tv_usec >= 1000000) 369 return (EINVAL); 370 } 371 if (uap->tzp && 372 (error = copyin(uap->tzp, &atz, sizeof(atz)))) 373 return (error); 374 375 if (uap->tv && (error = settime(td, &atv))) 376 return (error); 377 if (uap->tzp) { 378 tz_minuteswest = atz.tz_minuteswest; 379 tz_dsttime = atz.tz_dsttime; 380 } 381 return (error); 382 } 383 /* 384 * Get value of an interval timer. The process virtual and 385 * profiling virtual time timers are kept in the p_stats area, since 386 * they can be swapped out. These are kept internally in the 387 * way they are specified externally: in time until they expire. 388 * 389 * The real time interval timer is kept in the process table slot 390 * for the process, and its value (it_value) is kept as an 391 * absolute time rather than as a delta, so that it is easy to keep 392 * periodic real-time signals from drifting. 393 * 394 * Virtual time timers are processed in the hardclock() routine of 395 * kern_clock.c. The real time timer is processed by a timeout 396 * routine, called from the softclock() routine. Since a callout 397 * may be delayed in real time due to interrupt processing in the system, 398 * it is possible for the real time timeout routine (realitexpire, given below), 399 * to be delayed in real time past when it is supposed to occur. It 400 * does not suffice, therefore, to reload the real timer .it_value from the 401 * real time timers .it_interval. Rather, we compute the next time in 402 * absolute time the timer should go off. 403 */ 404 #ifndef _SYS_SYSPROTO_H_ 405 struct getitimer_args { 406 u_int which; 407 struct itimerval *itv; 408 }; 409 #endif 410 /* 411 * MPSAFE 412 */ 413 int 414 getitimer(struct thread *td, struct getitimer_args *uap) 415 { 416 struct proc *p = td->td_proc; 417 struct timeval ctv; 418 struct itimerval aitv; 419 420 if (uap->which > ITIMER_PROF) 421 return (EINVAL); 422 423 if (uap->which == ITIMER_REAL) { 424 /* 425 * Convert from absolute to relative time in .it_value 426 * part of real time timer. If time for real time timer 427 * has passed return 0, else return difference between 428 * current time and time for the timer to go off. 429 */ 430 PROC_LOCK(p); 431 aitv = p->p_realtimer; 432 PROC_UNLOCK(p); 433 if (timevalisset(&aitv.it_value)) { 434 getmicrouptime(&ctv); 435 if (timevalcmp(&aitv.it_value, &ctv, <)) 436 timevalclear(&aitv.it_value); 437 else 438 timevalsub(&aitv.it_value, &ctv); 439 } 440 } else { 441 mtx_lock_spin(&sched_lock); 442 aitv = p->p_stats->p_timer[uap->which]; 443 mtx_unlock_spin(&sched_lock); 444 } 445 return (copyout(&aitv, uap->itv, sizeof (struct itimerval))); 446 } 447 448 #ifndef _SYS_SYSPROTO_H_ 449 struct setitimer_args { 450 u_int which; 451 struct itimerval *itv, *oitv; 452 }; 453 #endif 454 /* 455 * MPSAFE 456 */ 457 int 458 setitimer(struct thread *td, struct setitimer_args *uap) 459 { 460 struct proc *p = td->td_proc; 461 struct itimerval aitv, oitv; 462 struct timeval ctv; 463 int error; 464 465 if (uap->itv == NULL) { 466 uap->itv = uap->oitv; 467 return (getitimer(td, (struct getitimer_args *)uap)); 468 } 469 470 if (uap->which > ITIMER_PROF) 471 return (EINVAL); 472 if ((error = copyin(uap->itv, &aitv, sizeof(struct itimerval)))) 473 return (error); 474 if (itimerfix(&aitv.it_value)) 475 return (EINVAL); 476 if (!timevalisset(&aitv.it_value)) 477 timevalclear(&aitv.it_interval); 478 else if (itimerfix(&aitv.it_interval)) 479 return (EINVAL); 480 481 if (uap->which == ITIMER_REAL) { 482 PROC_LOCK(p); 483 if (timevalisset(&p->p_realtimer.it_value)) 484 callout_stop(&p->p_itcallout); 485 if (timevalisset(&aitv.it_value)) 486 callout_reset(&p->p_itcallout, tvtohz(&aitv.it_value), 487 realitexpire, p); 488 getmicrouptime(&ctv); 489 timevaladd(&aitv.it_value, &ctv); 490 oitv = p->p_realtimer; 491 p->p_realtimer = aitv; 492 PROC_UNLOCK(p); 493 if (timevalisset(&oitv.it_value)) { 494 if (timevalcmp(&oitv.it_value, &ctv, <)) 495 timevalclear(&oitv.it_value); 496 else 497 timevalsub(&oitv.it_value, &ctv); 498 } 499 } else { 500 mtx_lock_spin(&sched_lock); 501 oitv = p->p_stats->p_timer[uap->which]; 502 p->p_stats->p_timer[uap->which] = aitv; 503 mtx_unlock_spin(&sched_lock); 504 } 505 if (uap->oitv == NULL) 506 return (0); 507 return (copyout(&oitv, uap->oitv, sizeof(struct itimerval))); 508 } 509 510 /* 511 * Real interval timer expired: 512 * send process whose timer expired an alarm signal. 513 * If time is not set up to reload, then just return. 514 * Else compute next time timer should go off which is > current time. 515 * This is where delay in processing this timeout causes multiple 516 * SIGALRM calls to be compressed into one. 517 * tvtohz() always adds 1 to allow for the time until the next clock 518 * interrupt being strictly less than 1 clock tick, but we don't want 519 * that here since we want to appear to be in sync with the clock 520 * interrupt even when we're delayed. 521 */ 522 void 523 realitexpire(void *arg) 524 { 525 struct proc *p; 526 struct timeval ctv, ntv; 527 528 p = (struct proc *)arg; 529 PROC_LOCK(p); 530 psignal(p, SIGALRM); 531 if (!timevalisset(&p->p_realtimer.it_interval)) { 532 timevalclear(&p->p_realtimer.it_value); 533 PROC_UNLOCK(p); 534 return; 535 } 536 for (;;) { 537 timevaladd(&p->p_realtimer.it_value, 538 &p->p_realtimer.it_interval); 539 getmicrouptime(&ctv); 540 if (timevalcmp(&p->p_realtimer.it_value, &ctv, >)) { 541 ntv = p->p_realtimer.it_value; 542 timevalsub(&ntv, &ctv); 543 callout_reset(&p->p_itcallout, tvtohz(&ntv) - 1, 544 realitexpire, p); 545 PROC_UNLOCK(p); 546 return; 547 } 548 } 549 /*NOTREACHED*/ 550 } 551 552 /* 553 * Check that a proposed value to load into the .it_value or 554 * .it_interval part of an interval timer is acceptable, and 555 * fix it to have at least minimal value (i.e. if it is less 556 * than the resolution of the clock, round it up.) 557 */ 558 int 559 itimerfix(struct timeval *tv) 560 { 561 562 if (tv->tv_sec < 0 || tv->tv_sec > 100000000 || 563 tv->tv_usec < 0 || tv->tv_usec >= 1000000) 564 return (EINVAL); 565 if (tv->tv_sec == 0 && tv->tv_usec != 0 && tv->tv_usec < tick) 566 tv->tv_usec = tick; 567 return (0); 568 } 569 570 /* 571 * Decrement an interval timer by a specified number 572 * of microseconds, which must be less than a second, 573 * i.e. < 1000000. If the timer expires, then reload 574 * it. In this case, carry over (usec - old value) to 575 * reduce the value reloaded into the timer so that 576 * the timer does not drift. This routine assumes 577 * that it is called in a context where the timers 578 * on which it is operating cannot change in value. 579 */ 580 int 581 itimerdecr(struct itimerval *itp, int usec) 582 { 583 584 if (itp->it_value.tv_usec < usec) { 585 if (itp->it_value.tv_sec == 0) { 586 /* expired, and already in next interval */ 587 usec -= itp->it_value.tv_usec; 588 goto expire; 589 } 590 itp->it_value.tv_usec += 1000000; 591 itp->it_value.tv_sec--; 592 } 593 itp->it_value.tv_usec -= usec; 594 usec = 0; 595 if (timevalisset(&itp->it_value)) 596 return (1); 597 /* expired, exactly at end of interval */ 598 expire: 599 if (timevalisset(&itp->it_interval)) { 600 itp->it_value = itp->it_interval; 601 itp->it_value.tv_usec -= usec; 602 if (itp->it_value.tv_usec < 0) { 603 itp->it_value.tv_usec += 1000000; 604 itp->it_value.tv_sec--; 605 } 606 } else 607 itp->it_value.tv_usec = 0; /* sec is already 0 */ 608 return (0); 609 } 610 611 /* 612 * Add and subtract routines for timevals. 613 * N.B.: subtract routine doesn't deal with 614 * results which are before the beginning, 615 * it just gets very confused in this case. 616 * Caveat emptor. 617 */ 618 void 619 timevaladd(struct timeval *t1, struct timeval *t2) 620 { 621 622 t1->tv_sec += t2->tv_sec; 623 t1->tv_usec += t2->tv_usec; 624 timevalfix(t1); 625 } 626 627 void 628 timevalsub(struct timeval *t1, struct timeval *t2) 629 { 630 631 t1->tv_sec -= t2->tv_sec; 632 t1->tv_usec -= t2->tv_usec; 633 timevalfix(t1); 634 } 635 636 static void 637 timevalfix(struct timeval *t1) 638 { 639 640 if (t1->tv_usec < 0) { 641 t1->tv_sec--; 642 t1->tv_usec += 1000000; 643 } 644 if (t1->tv_usec >= 1000000) { 645 t1->tv_sec++; 646 t1->tv_usec -= 1000000; 647 } 648 } 649 650 /* 651 * ratecheck(): simple time-based rate-limit checking. 652 */ 653 int 654 ratecheck(struct timeval *lasttime, const struct timeval *mininterval) 655 { 656 struct timeval tv, delta; 657 int rv = 0; 658 659 getmicrouptime(&tv); /* NB: 10ms precision */ 660 delta = tv; 661 timevalsub(&delta, lasttime); 662 663 /* 664 * check for 0,0 is so that the message will be seen at least once, 665 * even if interval is huge. 666 */ 667 if (timevalcmp(&delta, mininterval, >=) || 668 (lasttime->tv_sec == 0 && lasttime->tv_usec == 0)) { 669 *lasttime = tv; 670 rv = 1; 671 } 672 673 return (rv); 674 } 675 676 /* 677 * ppsratecheck(): packets (or events) per second limitation. 678 * 679 * Return 0 if the limit is to be enforced (e.g. the caller 680 * should drop a packet because of the rate limitation). 681 * 682 * maxpps of 0 always causes zero to be returned. maxpps of -1 683 * always causes 1 to be returned; this effectively defeats rate 684 * limiting. 685 * 686 * Note that we maintain the struct timeval for compatibility 687 * with other bsd systems. We reuse the storage and just monitor 688 * clock ticks for minimal overhead. 689 */ 690 int 691 ppsratecheck(struct timeval *lasttime, int *curpps, int maxpps) 692 { 693 int now; 694 695 /* 696 * Reset the last time and counter if this is the first call 697 * or more than a second has passed since the last update of 698 * lasttime. 699 */ 700 now = ticks; 701 if (lasttime->tv_sec == 0 || (u_int)(now - lasttime->tv_sec) >= hz) { 702 lasttime->tv_sec = now; 703 *curpps = 1; 704 return (maxpps != 0); 705 } else { 706 (*curpps)++; /* NB: ignore potential overflow */ 707 return (maxpps < 0 || *curpps < maxpps); 708 } 709 } 710