1 /* 2 * Copyright (c) 1982, 1986, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)kern_time.c 8.1 (Berkeley) 6/10/93 34 * $FreeBSD: src/sys/kern/kern_time.c,v 1.68.2.1 2002/10/01 08:00:41 bde Exp $ 35 * $DragonFly: src/sys/kern/kern_time.c,v 1.8 2003/07/28 04:29:12 hmp Exp $ 36 */ 37 38 #include <sys/param.h> 39 #include <sys/systm.h> 40 #include <sys/buf.h> 41 #include <sys/sysproto.h> 42 #include <sys/resourcevar.h> 43 #include <sys/signalvar.h> 44 #include <sys/kernel.h> 45 #include <sys/systm.h> 46 #include <sys/sysent.h> 47 #include <sys/proc.h> 48 #include <sys/time.h> 49 #include <sys/vnode.h> 50 #include <vm/vm.h> 51 #include <vm/vm_extern.h> 52 53 struct timezone tz; 54 55 /* 56 * Time of day and interval timer support. 57 * 58 * These routines provide the kernel entry points to get and set 59 * the time-of-day and per-process interval timers. Subroutines 60 * here provide support for adding and subtracting timeval structures 61 * and decrementing interval timers, optionally reloading the interval 62 * timers when they expire. 63 */ 64 65 static int nanosleep1 __P((struct timespec *rqt, 66 struct timespec *rmt)); 67 static int settime __P((struct timeval *)); 68 static void timevalfix __P((struct timeval *)); 69 static void no_lease_updatetime __P((int)); 70 71 static void 72 no_lease_updatetime(deltat) 73 int deltat; 74 { 75 } 76 77 void (*lease_updatetime) __P((int)) = no_lease_updatetime; 78 79 static int 80 settime(tv) 81 struct timeval *tv; 82 { 83 struct timeval delta, tv1, tv2; 84 static struct timeval maxtime, laststep; 85 struct timespec ts; 86 int s; 87 88 s = splclock(); 89 microtime(&tv1); 90 delta = *tv; 91 timevalsub(&delta, &tv1); 92 93 /* 94 * If the system is secure, we do not allow the time to be 95 * set to a value earlier than 1 second less than the highest 96 * time we have yet seen. The worst a miscreant can do in 97 * this circumstance is "freeze" time. He couldn't go 98 * back to the past. 99 * 100 * We similarly do not allow the clock to be stepped more 101 * than one second, nor more than once per second. This allows 102 * a miscreant to make the clock march double-time, but no worse. 103 */ 104 if (securelevel > 1) { 105 if (delta.tv_sec < 0 || delta.tv_usec < 0) { 106 /* 107 * Update maxtime to latest time we've seen. 108 */ 109 if (tv1.tv_sec > maxtime.tv_sec) 110 maxtime = tv1; 111 tv2 = *tv; 112 timevalsub(&tv2, &maxtime); 113 if (tv2.tv_sec < -1) { 114 tv->tv_sec = maxtime.tv_sec - 1; 115 printf("Time adjustment clamped to -1 second\n"); 116 } 117 } else { 118 if (tv1.tv_sec == laststep.tv_sec) { 119 splx(s); 120 return (EPERM); 121 } 122 if (delta.tv_sec > 1) { 123 tv->tv_sec = tv1.tv_sec + 1; 124 printf("Time adjustment clamped to +1 second\n"); 125 } 126 laststep = *tv; 127 } 128 } 129 130 ts.tv_sec = tv->tv_sec; 131 ts.tv_nsec = tv->tv_usec * 1000; 132 set_timecounter(&ts); 133 (void) splsoftclock(); 134 lease_updatetime(delta.tv_sec); 135 splx(s); 136 resettodr(); 137 return (0); 138 } 139 140 /* ARGSUSED */ 141 int 142 clock_gettime(struct clock_gettime_args *uap) 143 { 144 struct timespec ats; 145 146 if (SCARG(uap, clock_id) != CLOCK_REALTIME) 147 return (EINVAL); 148 nanotime(&ats); 149 return (copyout(&ats, SCARG(uap, tp), sizeof(ats))); 150 } 151 152 /* ARGSUSED */ 153 int 154 clock_settime(struct clock_settime_args *uap) 155 { 156 struct thread *td = curthread; 157 struct timeval atv; 158 struct timespec ats; 159 int error; 160 161 if ((error = suser(td)) != 0) 162 return (error); 163 if (SCARG(uap, clock_id) != CLOCK_REALTIME) 164 return (EINVAL); 165 if ((error = copyin(SCARG(uap, tp), &ats, sizeof(ats))) != 0) 166 return (error); 167 if (ats.tv_nsec < 0 || ats.tv_nsec >= 1000000000) 168 return (EINVAL); 169 /* XXX Don't convert nsec->usec and back */ 170 TIMESPEC_TO_TIMEVAL(&atv, &ats); 171 if ((error = settime(&atv))) 172 return (error); 173 return (0); 174 } 175 176 int 177 clock_getres(struct clock_getres_args *uap) 178 { 179 struct timespec ts; 180 int error; 181 182 if (SCARG(uap, clock_id) != CLOCK_REALTIME) 183 return (EINVAL); 184 error = 0; 185 if (SCARG(uap, tp)) { 186 ts.tv_sec = 0; 187 /* 188 * Round up the result of the division cheaply by adding 1. 189 * Rounding up is especially important if rounding down 190 * would give 0. Perfect rounding is unimportant. 191 */ 192 ts.tv_nsec = 1000000000 / timecounter->tc_frequency + 1; 193 error = copyout(&ts, SCARG(uap, tp), sizeof(ts)); 194 } 195 return (error); 196 } 197 198 static int nanowait; 199 200 static int 201 nanosleep1(struct timespec *rqt, struct timespec *rmt) 202 { 203 struct timespec ts, ts2, ts3; 204 struct timeval tv; 205 int error; 206 207 if (rqt->tv_nsec < 0 || rqt->tv_nsec >= 1000000000) 208 return (EINVAL); 209 if (rqt->tv_sec < 0 || (rqt->tv_sec == 0 && rqt->tv_nsec == 0)) 210 return (0); 211 getnanouptime(&ts); 212 timespecadd(&ts, rqt); 213 TIMESPEC_TO_TIMEVAL(&tv, rqt); 214 for (;;) { 215 error = tsleep(&nanowait, PCATCH, "nanslp", 216 tvtohz(&tv)); 217 getnanouptime(&ts2); 218 if (error != EWOULDBLOCK) { 219 if (error == ERESTART) 220 error = EINTR; 221 if (rmt != NULL) { 222 timespecsub(&ts, &ts2); 223 if (ts.tv_sec < 0) 224 timespecclear(&ts); 225 *rmt = ts; 226 } 227 return (error); 228 } 229 if (timespeccmp(&ts2, &ts, >=)) 230 return (0); 231 ts3 = ts; 232 timespecsub(&ts3, &ts2); 233 TIMESPEC_TO_TIMEVAL(&tv, &ts3); 234 } 235 } 236 237 /* ARGSUSED */ 238 int 239 nanosleep(struct nanosleep_args *uap) 240 { 241 struct timespec rmt, rqt; 242 int error, error2; 243 244 error = copyin(SCARG(uap, rqtp), &rqt, sizeof(rqt)); 245 if (error) 246 return (error); 247 if (SCARG(uap, rmtp)) 248 if (!useracc((caddr_t)SCARG(uap, rmtp), sizeof(rmt), 249 VM_PROT_WRITE)) 250 return (EFAULT); 251 error = nanosleep1(&rqt, &rmt); 252 if (error && SCARG(uap, rmtp)) { 253 error2 = copyout(&rmt, SCARG(uap, rmtp), sizeof(rmt)); 254 if (error2) /* XXX shouldn't happen, did useracc() above */ 255 return (error2); 256 } 257 return (error); 258 } 259 260 /* ARGSUSED */ 261 int 262 gettimeofday(struct gettimeofday_args *uap) 263 { 264 struct timeval atv; 265 int error = 0; 266 267 if (uap->tp) { 268 microtime(&atv); 269 if ((error = copyout((caddr_t)&atv, (caddr_t)uap->tp, 270 sizeof (atv)))) 271 return (error); 272 } 273 if (uap->tzp) 274 error = copyout((caddr_t)&tz, (caddr_t)uap->tzp, 275 sizeof (tz)); 276 return (error); 277 } 278 279 /* ARGSUSED */ 280 int 281 settimeofday(struct settimeofday_args *uap) 282 { 283 struct thread *td = curthread; 284 struct timeval atv; 285 struct timezone atz; 286 int error; 287 288 if ((error = suser(td))) 289 return (error); 290 /* Verify all parameters before changing time. */ 291 if (uap->tv) { 292 if ((error = copyin((caddr_t)uap->tv, (caddr_t)&atv, 293 sizeof(atv)))) 294 return (error); 295 if (atv.tv_usec < 0 || atv.tv_usec >= 1000000) 296 return (EINVAL); 297 } 298 if (uap->tzp && 299 (error = copyin((caddr_t)uap->tzp, (caddr_t)&atz, sizeof(atz)))) 300 return (error); 301 if (uap->tv && (error = settime(&atv))) 302 return (error); 303 if (uap->tzp) 304 tz = atz; 305 return (0); 306 } 307 308 int tickdelta; /* current clock skew, us. per tick */ 309 long timedelta; /* unapplied time correction, us. */ 310 static long bigadj = 1000000; /* use 10x skew above bigadj us. */ 311 312 /* ARGSUSED */ 313 int 314 adjtime(struct adjtime_args *uap) 315 { 316 struct thread *td = curthread; 317 struct timeval atv; 318 long ndelta, ntickdelta, odelta; 319 int s, error; 320 321 if ((error = suser(td))) 322 return (error); 323 if ((error = 324 copyin((caddr_t)uap->delta, (caddr_t)&atv, sizeof(struct timeval)))) 325 return (error); 326 327 /* 328 * Compute the total correction and the rate at which to apply it. 329 * Round the adjustment down to a whole multiple of the per-tick 330 * delta, so that after some number of incremental changes in 331 * hardclock(), tickdelta will become zero, lest the correction 332 * overshoot and start taking us away from the desired final time. 333 */ 334 ndelta = atv.tv_sec * 1000000 + atv.tv_usec; 335 if (ndelta > bigadj || ndelta < -bigadj) 336 ntickdelta = 10 * tickadj; 337 else 338 ntickdelta = tickadj; 339 if (ndelta % ntickdelta) 340 ndelta = ndelta / ntickdelta * ntickdelta; 341 342 /* 343 * To make hardclock()'s job easier, make the per-tick delta negative 344 * if we want time to run slower; then hardclock can simply compute 345 * tick + tickdelta, and subtract tickdelta from timedelta. 346 */ 347 if (ndelta < 0) 348 ntickdelta = -ntickdelta; 349 s = splclock(); 350 odelta = timedelta; 351 timedelta = ndelta; 352 tickdelta = ntickdelta; 353 splx(s); 354 355 if (uap->olddelta) { 356 atv.tv_sec = odelta / 1000000; 357 atv.tv_usec = odelta % 1000000; 358 (void) copyout((caddr_t)&atv, (caddr_t)uap->olddelta, 359 sizeof(struct timeval)); 360 } 361 return (0); 362 } 363 364 /* 365 * Get value of an interval timer. The process virtual and 366 * profiling virtual time timers are kept in the p_stats area, since 367 * they can be swapped out. These are kept internally in the 368 * way they are specified externally: in time until they expire. 369 * 370 * The real time interval timer is kept in the process table slot 371 * for the process, and its value (it_value) is kept as an 372 * absolute time rather than as a delta, so that it is easy to keep 373 * periodic real-time signals from drifting. 374 * 375 * Virtual time timers are processed in the hardclock() routine of 376 * kern_clock.c. The real time timer is processed by a timeout 377 * routine, called from the softclock() routine. Since a callout 378 * may be delayed in real time due to interrupt processing in the system, 379 * it is possible for the real time timeout routine (realitexpire, given below), 380 * to be delayed in real time past when it is supposed to occur. It 381 * does not suffice, therefore, to reload the real timer .it_value from the 382 * real time timers .it_interval. Rather, we compute the next time in 383 * absolute time the timer should go off. 384 */ 385 /* ARGSUSED */ 386 int 387 getitimer(struct getitimer_args *uap) 388 { 389 struct proc *p = curproc; 390 struct timeval ctv; 391 struct itimerval aitv; 392 int s; 393 394 if (uap->which > ITIMER_PROF) 395 return (EINVAL); 396 s = splclock(); /* XXX still needed ? */ 397 if (uap->which == ITIMER_REAL) { 398 /* 399 * Convert from absolute to relative time in .it_value 400 * part of real time timer. If time for real time timer 401 * has passed return 0, else return difference between 402 * current time and time for the timer to go off. 403 */ 404 aitv = p->p_realtimer; 405 if (timevalisset(&aitv.it_value)) { 406 getmicrouptime(&ctv); 407 if (timevalcmp(&aitv.it_value, &ctv, <)) 408 timevalclear(&aitv.it_value); 409 else 410 timevalsub(&aitv.it_value, &ctv); 411 } 412 } else 413 aitv = p->p_stats->p_timer[uap->which]; 414 splx(s); 415 return (copyout((caddr_t)&aitv, (caddr_t)uap->itv, 416 sizeof (struct itimerval))); 417 } 418 419 /* ARGSUSED */ 420 int 421 setitimer(struct setitimer_args *uap) 422 { 423 struct itimerval aitv; 424 struct timeval ctv; 425 struct itimerval *itvp; 426 struct proc *p = curproc; 427 int s, error; 428 429 if (uap->which > ITIMER_PROF) 430 return (EINVAL); 431 itvp = uap->itv; 432 if (itvp && (error = copyin((caddr_t)itvp, (caddr_t)&aitv, 433 sizeof(struct itimerval)))) 434 return (error); 435 if ((uap->itv = uap->oitv) && 436 (error = getitimer((struct getitimer_args *)uap))) 437 return (error); 438 if (itvp == 0) 439 return (0); 440 if (itimerfix(&aitv.it_value)) 441 return (EINVAL); 442 if (!timevalisset(&aitv.it_value)) 443 timevalclear(&aitv.it_interval); 444 else if (itimerfix(&aitv.it_interval)) 445 return (EINVAL); 446 s = splclock(); /* XXX: still needed ? */ 447 if (uap->which == ITIMER_REAL) { 448 if (timevalisset(&p->p_realtimer.it_value)) 449 untimeout(realitexpire, (caddr_t)p, p->p_ithandle); 450 if (timevalisset(&aitv.it_value)) 451 p->p_ithandle = timeout(realitexpire, (caddr_t)p, 452 tvtohz(&aitv.it_value)); 453 getmicrouptime(&ctv); 454 timevaladd(&aitv.it_value, &ctv); 455 p->p_realtimer = aitv; 456 } else 457 p->p_stats->p_timer[uap->which] = aitv; 458 splx(s); 459 return (0); 460 } 461 462 /* 463 * Real interval timer expired: 464 * send process whose timer expired an alarm signal. 465 * If time is not set up to reload, then just return. 466 * Else compute next time timer should go off which is > current time. 467 * This is where delay in processing this timeout causes multiple 468 * SIGALRM calls to be compressed into one. 469 * tvtohz() always adds 1 to allow for the time until the next clock 470 * interrupt being strictly less than 1 clock tick, but we don't want 471 * that here since we want to appear to be in sync with the clock 472 * interrupt even when we're delayed. 473 */ 474 void 475 realitexpire(arg) 476 void *arg; 477 { 478 struct proc *p; 479 struct timeval ctv, ntv; 480 int s; 481 482 p = (struct proc *)arg; 483 psignal(p, SIGALRM); 484 if (!timevalisset(&p->p_realtimer.it_interval)) { 485 timevalclear(&p->p_realtimer.it_value); 486 return; 487 } 488 for (;;) { 489 s = splclock(); /* XXX: still neeeded ? */ 490 timevaladd(&p->p_realtimer.it_value, 491 &p->p_realtimer.it_interval); 492 getmicrouptime(&ctv); 493 if (timevalcmp(&p->p_realtimer.it_value, &ctv, >)) { 494 ntv = p->p_realtimer.it_value; 495 timevalsub(&ntv, &ctv); 496 p->p_ithandle = timeout(realitexpire, (caddr_t)p, 497 tvtohz(&ntv) - 1); 498 splx(s); 499 return; 500 } 501 splx(s); 502 } 503 } 504 505 /* 506 * Check that a proposed value to load into the .it_value or 507 * .it_interval part of an interval timer is acceptable, and 508 * fix it to have at least minimal value (i.e. if it is less 509 * than the resolution of the clock, round it up.) 510 */ 511 int 512 itimerfix(tv) 513 struct timeval *tv; 514 { 515 516 if (tv->tv_sec < 0 || tv->tv_sec > 100000000 || 517 tv->tv_usec < 0 || tv->tv_usec >= 1000000) 518 return (EINVAL); 519 if (tv->tv_sec == 0 && tv->tv_usec != 0 && tv->tv_usec < tick) 520 tv->tv_usec = tick; 521 return (0); 522 } 523 524 /* 525 * Decrement an interval timer by a specified number 526 * of microseconds, which must be less than a second, 527 * i.e. < 1000000. If the timer expires, then reload 528 * it. In this case, carry over (usec - old value) to 529 * reduce the value reloaded into the timer so that 530 * the timer does not drift. This routine assumes 531 * that it is called in a context where the timers 532 * on which it is operating cannot change in value. 533 */ 534 int 535 itimerdecr(itp, usec) 536 struct itimerval *itp; 537 int usec; 538 { 539 540 if (itp->it_value.tv_usec < usec) { 541 if (itp->it_value.tv_sec == 0) { 542 /* expired, and already in next interval */ 543 usec -= itp->it_value.tv_usec; 544 goto expire; 545 } 546 itp->it_value.tv_usec += 1000000; 547 itp->it_value.tv_sec--; 548 } 549 itp->it_value.tv_usec -= usec; 550 usec = 0; 551 if (timevalisset(&itp->it_value)) 552 return (1); 553 /* expired, exactly at end of interval */ 554 expire: 555 if (timevalisset(&itp->it_interval)) { 556 itp->it_value = itp->it_interval; 557 itp->it_value.tv_usec -= usec; 558 if (itp->it_value.tv_usec < 0) { 559 itp->it_value.tv_usec += 1000000; 560 itp->it_value.tv_sec--; 561 } 562 } else 563 itp->it_value.tv_usec = 0; /* sec is already 0 */ 564 return (0); 565 } 566 567 /* 568 * Add and subtract routines for timevals. 569 * N.B.: subtract routine doesn't deal with 570 * results which are before the beginning, 571 * it just gets very confused in this case. 572 * Caveat emptor. 573 */ 574 void 575 timevaladd(t1, t2) 576 struct timeval *t1, *t2; 577 { 578 579 t1->tv_sec += t2->tv_sec; 580 t1->tv_usec += t2->tv_usec; 581 timevalfix(t1); 582 } 583 584 void 585 timevalsub(t1, t2) 586 struct timeval *t1, *t2; 587 { 588 589 t1->tv_sec -= t2->tv_sec; 590 t1->tv_usec -= t2->tv_usec; 591 timevalfix(t1); 592 } 593 594 static void 595 timevalfix(t1) 596 struct timeval *t1; 597 { 598 599 if (t1->tv_usec < 0) { 600 t1->tv_sec--; 601 t1->tv_usec += 1000000; 602 } 603 if (t1->tv_usec >= 1000000) { 604 t1->tv_sec++; 605 t1->tv_usec -= 1000000; 606 } 607 } 608 609 /* 610 * ratecheck(): simple time-based rate-limit checking. 611 */ 612 int 613 ratecheck(struct timeval *lasttime, const struct timeval *mininterval) 614 { 615 struct timeval tv, delta; 616 int rv = 0; 617 618 getmicrouptime(&tv); /* NB: 10ms precision */ 619 delta = tv; 620 timevalsub(&delta, lasttime); 621 622 /* 623 * check for 0,0 is so that the message will be seen at least once, 624 * even if interval is huge. 625 */ 626 if (timevalcmp(&delta, mininterval, >=) || 627 (lasttime->tv_sec == 0 && lasttime->tv_usec == 0)) { 628 *lasttime = tv; 629 rv = 1; 630 } 631 632 return (rv); 633 } 634 635 /* 636 * ppsratecheck(): packets (or events) per second limitation. 637 * 638 * Return 0 if the limit is to be enforced (e.g. the caller 639 * should drop a packet because of the rate limitation). 640 * 641 * maxpps of 0 always causes zero to be returned. maxpps of -1 642 * always causes 1 to be returned; this effectively defeats rate 643 * limiting. 644 * 645 * Note that we maintain the struct timeval for compatibility 646 * with other bsd systems. We reuse the storage and just monitor 647 * clock ticks for minimal overhead. 648 */ 649 int 650 ppsratecheck(struct timeval *lasttime, int *curpps, int maxpps) 651 { 652 int now; 653 654 /* 655 * Reset the last time and counter if this is the first call 656 * or more than a second has passed since the last update of 657 * lasttime. 658 */ 659 now = ticks; 660 if (lasttime->tv_sec == 0 || (u_int)(now - lasttime->tv_sec) >= hz) { 661 lasttime->tv_sec = now; 662 *curpps = 1; 663 return (maxpps != 0); 664 } else { 665 (*curpps)++; /* NB: ignore potential overflow */ 666 return (maxpps < 0 || *curpps < maxpps); 667 } 668 } 669 670