xref: /netbsd/sys/kern/kern_acct.c (revision bf9ec67e) 
1 /*	$NetBSD: kern_acct.c,v 1.50 2001/11/12 15:25:05 lukem Exp $	*/
2 
3 /*-
4  * Copyright (c) 1994 Christopher G. Demetriou
5  * Copyright (c) 1982, 1986, 1989, 1993
6  *	The Regents of the University of California.  All rights reserved.
7  * (c) UNIX System Laboratories, Inc.
8  * All or some portions of this file are derived from material licensed
9  * to the University of California by American Telephone and Telegraph
10  * Co. or Unix System Laboratories, Inc. and are reproduced herein with
11  * the permission of UNIX System Laboratories, Inc.
12  *
13  * Redistribution and use in source and binary forms, with or without
14  * modification, are permitted provided that the following conditions
15  * are met:
16  * 1. Redistributions of source code must retain the above copyright
17  *    notice, this list of conditions and the following disclaimer.
18  * 2. Redistributions in binary form must reproduce the above copyright
19  *    notice, this list of conditions and the following disclaimer in the
20  *    documentation and/or other materials provided with the distribution.
21  * 3. All advertising materials mentioning features or use of this software
22  *    must display the following acknowledgement:
23  *	This product includes software developed by the University of
24  *	California, Berkeley and its contributors.
25  * 4. Neither the name of the University nor the names of its contributors
26  *    may be used to endorse or promote products derived from this software
27  *    without specific prior written permission.
28  *
29  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
30  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
31  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
32  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
33  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
34  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
35  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
36  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
37  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
38  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39  * SUCH DAMAGE.
40  *
41  *	@(#)kern_acct.c	8.8 (Berkeley) 5/14/95
42  */
43 
44 #include <sys/cdefs.h>
45 __KERNEL_RCSID(0, "$NetBSD: kern_acct.c,v 1.50 2001/11/12 15:25:05 lukem Exp $");
46 
47 #include <sys/param.h>
48 #include <sys/systm.h>
49 #include <sys/proc.h>
50 #include <sys/mount.h>
51 #include <sys/vnode.h>
52 #include <sys/file.h>
53 #include <sys/syslog.h>
54 #include <sys/kernel.h>
55 #include <sys/kthread.h>
56 #include <sys/lock.h>
57 #include <sys/malloc.h>
58 #include <sys/namei.h>
59 #include <sys/errno.h>
60 #include <sys/acct.h>
61 #include <sys/resourcevar.h>
62 #include <sys/ioctl.h>
63 #include <sys/tty.h>
64 
65 #include <sys/syscallargs.h>
66 
67 /*
68  * The routines implemented in this file are described in:
69  *      Leffler, et al.: The Design and Implementation of the 4.3BSD
70  *	    UNIX Operating System (Addison Welley, 1989)
71  * on pages 62-63.
72  *
73  * Arguably, to simplify accounting operations, this mechanism should
74  * be replaced by one in which an accounting log file (similar to /dev/klog)
75  * is read by a user process, etc.  However, that has its own problems.
76  */
77 
78 /*
79  * The global accounting state and related data.  Gain the lock before
80  * accessing these variables.
81  */
82 enum {
83 	ACCT_STOP,
84 	ACCT_ACTIVE,
85 	ACCT_SUSPENDED
86 } acct_state;				/* The current accounting state. */
87 struct vnode *acct_vp;			/* Accounting vnode pointer. */
88 struct ucred *acct_ucred;		/* Credential of accounting file
89 					   owner (i.e root).  Used when
90  					   accounting file i/o.  */
91 struct proc *acct_dkwatcher;		/* Free disk space checker. */
92 
93 /*
94  * Lock to serialize system calls and kernel threads.
95  */
96 struct	lock acct_lock;
97 #define	ACCT_LOCK()						\
98 do {								\
99 	(void) lockmgr(&acct_lock, LK_EXCLUSIVE, NULL);		\
100 } while (/* CONSTCOND */0)
101 #define	ACCT_UNLOCK()						\
102 do {								\
103 	(void) lockmgr(&acct_lock, LK_RELEASE, NULL);		\
104 } while (/* CONSTCOND */0)
105 
106 /*
107  * Internal accounting functions.
108  * The former's operation is described in Leffler, et al., and the latter
109  * was provided by UCB with the 4.4BSD-Lite release
110  */
111 comp_t	encode_comp_t __P((u_long, u_long));
112 void	acctwatch __P((void *));
113 void	acct_stop __P((void));
114 int	acct_chkfree __P((void));
115 
116 /*
117  * Values associated with enabling and disabling accounting
118  */
119 int	acctsuspend = 2;	/* stop accounting when < 2% free space left */
120 int	acctresume = 4;		/* resume when free space risen to > 4% */
121 int	acctchkfreq = 15;	/* frequency (in seconds) to check space */
122 
123 void
124 acct_init()
125 {
126 
127 	acct_state = ACCT_STOP;
128 	acct_vp = NULLVP;
129 	acct_ucred = NULL;
130 	lockinit(&acct_lock, PWAIT, "acctlk", 0, 0);
131 }
132 
133 void
134 acct_stop()
135 {
136 	int error;
137 
138 	if (acct_vp != NULLVP && acct_vp->v_type != VBAD) {
139 		error = vn_close(acct_vp, FWRITE, acct_ucred, NULL);
140 #ifdef DIAGNOSTIC
141 		if (error != 0)
142 			printf("acct_stop: failed to close, errno = %d\n",
143 			    error);
144 #endif
145 		acct_vp = NULLVP;
146 	}
147 	if (acct_ucred != NULL) {
148 		crfree(acct_ucred);
149 		acct_ucred = NULL;
150 	}
151 	acct_state = ACCT_STOP;
152 }
153 
154 int
155 acct_chkfree()
156 {
157 	int error;
158 	struct statfs sb;
159 
160 	error = VFS_STATFS(acct_vp->v_mount, &sb, NULL);
161 	if (error != 0)
162 		return (error);
163 
164 	switch (acct_state) {
165 	case ACCT_SUSPENDED:
166 		if (sb.f_bavail > acctresume * sb.f_blocks / 100) {
167 			acct_state = ACCT_ACTIVE;
168 			log(LOG_NOTICE, "Accounting resumed\n");
169 		}
170 		break;
171 	case ACCT_ACTIVE:
172 		if (sb.f_bavail <= acctsuspend * sb.f_blocks / 100) {
173 			acct_state = ACCT_SUSPENDED;
174 			log(LOG_NOTICE, "Accounting suspended\n");
175 		}
176 		break;
177 	case ACCT_STOP:
178 		break;
179 	}
180 	return (0);
181 }
182 
183 /*
184  * Accounting system call.  Written based on the specification and
185  * previous implementation done by Mark Tinguely.
186  */
187 int
188 sys_acct(p, v, retval)
189 	struct proc *p;
190 	void *v;
191 	register_t *retval;
192 {
193 	struct sys_acct_args /* {
194 		syscallarg(const char *) path;
195 	} */ *uap = v;
196 	struct nameidata nd;
197 	int error;
198 
199 	/* Make sure that the caller is root. */
200 	if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
201 		return (error);
202 
203 	/*
204 	 * If accounting is to be started to a file, open that file for
205 	 * writing and make sure it's a 'normal'.
206 	 */
207 	if (SCARG(uap, path) != NULL) {
208 		NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, SCARG(uap, path),
209 		    p);
210 		if ((error = vn_open(&nd, FWRITE, 0)) != 0)
211 			return (error);
212 		VOP_UNLOCK(nd.ni_vp, 0);
213 		if (nd.ni_vp->v_type != VREG) {
214 			vn_close(nd.ni_vp, FWRITE, p->p_ucred, p);
215 			return (EACCES);
216 		}
217 	}
218 
219 	ACCT_LOCK();
220 
221 	/*
222 	 * If accounting was previously enabled, kill the old space-watcher,
223 	 * free credential for accounting file i/o,
224 	 * ... (and, if no new file was specified, leave).
225 	 */
226 	acct_stop();
227 	if (SCARG(uap, path) == NULL)
228 		goto out;
229 
230 	/*
231 	 * Save the new accounting file vnode and credential,
232 	 * and schedule the new free space watcher.
233 	 */
234 	acct_state = ACCT_ACTIVE;
235 	acct_vp = nd.ni_vp;
236 	acct_ucred = p->p_ucred;
237 	crhold(acct_ucred);
238 
239 	error = acct_chkfree();		/* Initial guess. */
240 	if (error != 0) {
241 		acct_stop();
242 		goto out;
243 	}
244 
245 	if (acct_dkwatcher == NULL) {
246 		error = kthread_create1(acctwatch, NULL, &acct_dkwatcher,
247 		    "acctwatch");
248 		if (error != 0)
249 			acct_stop();
250 	}
251 
252  out:
253 	ACCT_UNLOCK();
254 	return (error);
255 }
256 
257 /*
258  * Write out process accounting information, on process exit.
259  * Data to be written out is specified in Leffler, et al.
260  * and are enumerated below.  (They're also noted in the system
261  * "acct.h" header file.)
262  */
263 int
264 acct_process(p)
265 	struct proc *p;
266 {
267 	struct acct acct;
268 	struct rusage *r;
269 	struct timeval ut, st, tmp;
270 	int s, t, error = 0;
271 	struct plimit *oplim = NULL;
272 
273 	ACCT_LOCK();
274 
275 	/* If accounting isn't enabled, don't bother */
276 	if (acct_state != ACCT_ACTIVE)
277 		goto out;
278 
279 	/*
280 	 * Raise the file limit so that accounting can't be stopped by
281 	 * the user.
282 	 *
283 	 * XXX We should think about the CPU limit, too.
284 	 */
285 	if (p->p_limit->p_refcnt > 1) {
286 		oplim = p->p_limit;
287 		p->p_limit = limcopy(p->p_limit);
288 	}
289 	p->p_rlimit[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY;
290 
291 	/*
292 	 * Get process accounting information.
293 	 */
294 
295 	/* (1) The name of the command that ran */
296 	memcpy(acct.ac_comm, p->p_comm, sizeof(acct.ac_comm));
297 
298 	/* (2) The amount of user and system time that was used */
299 	calcru(p, &ut, &st, NULL);
300 	acct.ac_utime = encode_comp_t(ut.tv_sec, ut.tv_usec);
301 	acct.ac_stime = encode_comp_t(st.tv_sec, st.tv_usec);
302 
303 	/* (3) The elapsed time the commmand ran (and its starting time) */
304 	acct.ac_btime = p->p_stats->p_start.tv_sec;
305 	s = splclock();
306 	timersub(&time, &p->p_stats->p_start, &tmp);
307 	splx(s);
308 	acct.ac_etime = encode_comp_t(tmp.tv_sec, tmp.tv_usec);
309 
310 	/* (4) The average amount of memory used */
311 	r = &p->p_stats->p_ru;
312 	timeradd(&ut, &st, &tmp);
313 	t = tmp.tv_sec * hz + tmp.tv_usec / tick;
314 	if (t)
315 		acct.ac_mem = (r->ru_ixrss + r->ru_idrss + r->ru_isrss) / t;
316 	else
317 		acct.ac_mem = 0;
318 
319 	/* (5) The number of disk I/O operations done */
320 	acct.ac_io = encode_comp_t(r->ru_inblock + r->ru_oublock, 0);
321 
322 	/* (6) The UID and GID of the process */
323 	acct.ac_uid = p->p_cred->p_ruid;
324 	acct.ac_gid = p->p_cred->p_rgid;
325 
326 	/* (7) The terminal from which the process was started */
327 	if ((p->p_flag & P_CONTROLT) && p->p_pgrp->pg_session->s_ttyp)
328 		acct.ac_tty = p->p_pgrp->pg_session->s_ttyp->t_dev;
329 	else
330 		acct.ac_tty = NODEV;
331 
332 	/* (8) The boolean flags that tell how the process terminated, etc. */
333 	acct.ac_flag = p->p_acflag;
334 
335 	/*
336 	 * Now, just write the accounting information to the file.
337 	 */
338 	VOP_LEASE(acct_vp, p, p->p_ucred, LEASE_WRITE);
339 	error = vn_rdwr(UIO_WRITE, acct_vp, (caddr_t)&acct,
340 	    sizeof(acct), (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT,
341 	    acct_ucred, NULL, p);
342 	if (error != 0)
343 		log(LOG_ERR, "Accounting: write failed %d\n", error);
344 
345 	if (oplim) {
346 		limfree(p->p_limit);
347 		p->p_limit = oplim;
348 	}
349 
350  out:
351 	ACCT_UNLOCK();
352 	return (error);
353 }
354 
355 /*
356  * Encode_comp_t converts from ticks in seconds and microseconds
357  * to ticks in 1/AHZ seconds.  The encoding is described in
358  * Leffler, et al., on page 63.
359  */
360 
361 #define	MANTSIZE	13			/* 13 bit mantissa. */
362 #define	EXPSIZE		3			/* Base 8 (3 bit) exponent. */
363 #define	MAXFRACT	((1 << MANTSIZE) - 1)	/* Maximum fractional value. */
364 
365 comp_t
366 encode_comp_t(s, us)
367 	u_long s, us;
368 {
369 	int exp, rnd;
370 
371 	exp = 0;
372 	rnd = 0;
373 	s *= AHZ;
374 	s += us / (1000000 / AHZ);	/* Maximize precision. */
375 
376 	while (s > MAXFRACT) {
377 	rnd = s & (1 << (EXPSIZE - 1));	/* Round up? */
378 		s >>= EXPSIZE;		/* Base 8 exponent == 3 bit shift. */
379 		exp++;
380 	}
381 
382 	/* If we need to round up, do it (and handle overflow correctly). */
383 	if (rnd && (++s > MAXFRACT)) {
384 		s >>= EXPSIZE;
385 		exp++;
386 	}
387 
388 	/* Clean it up and polish it off. */
389 	exp <<= MANTSIZE;		/* Shift the exponent into place */
390 	exp += s;			/* and add on the mantissa. */
391 	return (exp);
392 }
393 
394 /*
395  * Periodically check the file system to see if accounting
396  * should be turned on or off.  Beware the case where the vnode
397  * has been vgone()'d out from underneath us, e.g. when the file
398  * system containing the accounting file has been forcibly unmounted.
399  */
400 void
401 acctwatch(arg)
402 	void *arg;
403 {
404 	int error;
405 
406 	log(LOG_NOTICE, "Accounting started\n");
407 	ACCT_LOCK();
408 	while (acct_state != ACCT_STOP) {
409 		if (acct_vp->v_type == VBAD) {
410 			log(LOG_NOTICE, "Accounting terminated\n");
411 			acct_stop();
412 			continue;
413 		}
414 
415 		error = acct_chkfree();
416 #ifdef DIAGNOSTIC
417 		if (error != 0)
418 			printf("acctwatch: failed to statfs, error = %d\n",
419 			    error);
420 #endif
421 
422 		ACCT_UNLOCK();
423 		error = tsleep(acctwatch, PSWP, "actwat", acctchkfreq * hz);
424 		ACCT_LOCK();
425 #ifdef DIAGNOSTIC
426 		if (error != 0 && error != EWOULDBLOCK)
427 			printf("acctwatch: sleep error %d\n", error);
428 #endif
429 	}
430 	acct_dkwatcher = NULL;
431 	ACCT_UNLOCK();
432 
433 	kthread_exit(0);
434 }
435