1 /* $NetBSD: refclock_shm.c,v 1.10 2020/05/25 20:47:26 christos Exp $ */
2
3 /*
4 * refclock_shm - clock driver for utc via shared memory
5 * - under construction -
6 * To add new modes: Extend or union the shmTime-struct. Do not
7 * extend/shrink size, because otherwise existing implementations
8 * will specify wrong size of shared memory-segment
9 * PB 18.3.97
10 */
11
12 #ifdef HAVE_CONFIG_H
13 # include <config.h>
14 #endif
15
16 #include "ntp_types.h"
17
18 #if defined(REFCLOCK) && defined(CLOCK_SHM)
19
20 #include "ntpd.h"
21 #undef fileno
22 #include "ntp_io.h"
23 #undef fileno
24 #include "ntp_refclock.h"
25 #undef fileno
26 #include "timespecops.h"
27 #undef fileno
28 #include "ntp_stdlib.h"
29 #include "ntp_assert.h"
30
31 #undef fileno
32 #include <ctype.h>
33 #undef fileno
34
35 #ifndef SYS_WINNT
36 # include <sys/ipc.h>
37 # include <sys/shm.h>
38 # include <assert.h>
39 # include <unistd.h>
40 # include <stdio.h>
41 #endif
42
43 #ifdef HAVE_STDATOMIC_H
44 # include <stdatomic.h>
45 #endif /* HAVE_STDATOMIC_H */
46
47 /*
48 * This driver supports a reference clock attached thru shared memory
49 */
50
51 /*
52 * SHM interface definitions
53 */
54 #define PRECISION (-1) /* precision assumed (0.5 s) */
55 #define REFID "SHM" /* reference ID */
56 #define DESCRIPTION "SHM/Shared memory interface"
57
58 #define NSAMPLES 3 /* stages of median filter */
59
60 /*
61 * Mode flags
62 */
63 #define SHM_MODE_PRIVATE 0x0001
64
65 /*
66 * Function prototypes
67 */
68 static int shm_start (int unit, struct peer *peer);
69 static void shm_shutdown (int unit, struct peer *peer);
70 static void shm_poll (int unit, struct peer *peer);
71 static void shm_timer (int unit, struct peer *peer);
72 static void shm_clockstats (int unit, struct peer *peer);
73 static void shm_control (int unit, const struct refclockstat * in_st,
74 struct refclockstat * out_st, struct peer *peer);
75
76 /*
77 * Transfer vector
78 */
79 struct refclock refclock_shm = {
80 shm_start, /* start up driver */
81 shm_shutdown, /* shut down driver */
82 shm_poll, /* transmit poll message */
83 shm_control, /* control settings */
84 noentry, /* not used: init */
85 noentry, /* not used: buginfo */
86 shm_timer, /* once per second */
87 };
88
89 struct shmTime {
90 int mode; /* 0 - if valid is set:
91 * use values,
92 * clear valid
93 * 1 - if valid is set:
94 * if count before and after read of values is equal,
95 * use values
96 * clear valid
97 */
98 volatile int count;
99 time_t clockTimeStampSec;
100 int clockTimeStampUSec;
101 time_t receiveTimeStampSec;
102 int receiveTimeStampUSec;
103 int leap;
104 int precision;
105 int nsamples;
106 volatile int valid;
107 unsigned clockTimeStampNSec; /* Unsigned ns timestamps */
108 unsigned receiveTimeStampNSec; /* Unsigned ns timestamps */
109 int dummy[8];
110 };
111
112 struct shmunit {
113 struct shmTime *shm; /* pointer to shared memory segment */
114 int forall; /* access for all UIDs? */
115
116 /* debugging/monitoring counters - reset when printed */
117 int ticks; /* number of attempts to read data*/
118 int good; /* number of valid samples */
119 int notready; /* number of peeks without data ready */
120 int bad; /* number of invalid samples */
121 int clash; /* number of access clashes while reading */
122
123 time_t max_delta; /* difference limit */
124 time_t max_delay; /* age/stale limit */
125 };
126
127
128 static struct shmTime*
getShmTime(int unit,int forall)129 getShmTime(
130 int unit,
131 int/*BOOL*/ forall
132 )
133 {
134 struct shmTime *p = NULL;
135
136 #ifndef SYS_WINNT
137
138 int shmid;
139
140 /* 0x4e545030 is NTP0.
141 * Big units will give non-ascii but that's OK
142 * as long as everybody does it the same way.
143 */
144 shmid=shmget(0x4e545030 + unit, sizeof (struct shmTime),
145 IPC_CREAT | (forall ? 0666 : 0600));
146 if (shmid == -1) { /* error */
147 msyslog(LOG_ERR, "SHM shmget (unit %d): %m", unit);
148 return NULL;
149 }
150 p = (struct shmTime *)shmat (shmid, 0, 0);
151 if (p == (struct shmTime *)-1) { /* error */
152 msyslog(LOG_ERR, "SHM shmat (unit %d): %m", unit);
153 return NULL;
154 }
155
156 return p;
157 #else
158
159 static const char * nspref[2] = { "Local", "Global" };
160 char buf[20];
161 LPSECURITY_ATTRIBUTES psec = 0;
162 HANDLE shmid = 0;
163 SECURITY_DESCRIPTOR sd;
164 SECURITY_ATTRIBUTES sa;
165 unsigned int numch;
166
167 numch = snprintf(buf, sizeof(buf), "%s\\NTP%d",
168 nspref[forall != 0], (unit & 0xFF));
169 if (numch >= sizeof(buf)) {
170 msyslog(LOG_ERR, "SHM name too long (unit %d)", unit);
171 return NULL;
172 }
173 if (forall) { /* world access */
174 if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) {
175 msyslog(LOG_ERR,"SHM InitializeSecurityDescriptor (unit %d): %m", unit);
176 return NULL;
177 }
178 if (!SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE)) {
179 msyslog(LOG_ERR, "SHM SetSecurityDescriptorDacl (unit %d): %m", unit);
180 return NULL;
181 }
182 sa.nLength = sizeof(SECURITY_ATTRIBUTES);
183 sa.lpSecurityDescriptor = &sd;
184 sa.bInheritHandle = FALSE;
185 psec = &sa;
186 }
187 shmid = CreateFileMapping ((HANDLE)0xffffffff, psec, PAGE_READWRITE,
188 0, sizeof (struct shmTime), buf);
189 if (shmid == NULL) { /*error*/
190 char buf[1000];
191 FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM,
192 0, GetLastError (), 0, buf, sizeof (buf), 0);
193 msyslog(LOG_ERR, "SHM CreateFileMapping (unit %d): %s", unit, buf);
194 return NULL;
195 }
196 p = (struct shmTime *)MapViewOfFile(shmid, FILE_MAP_WRITE, 0, 0,
197 sizeof (struct shmTime));
198 if (p == NULL) { /*error*/
199 char buf[1000];
200 FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM,
201 0, GetLastError (), 0, buf, sizeof (buf), 0);
202 msyslog(LOG_ERR,"SHM MapViewOfFile (unit %d): %s", unit, buf);
203 return NULL;
204 }
205
206 return p;
207 #endif
208
209 /* NOTREACHED */
210 ENSURE(!"getShmTime(): Not reached.");
211 }
212
213
214 /*
215 * shm_start - attach to shared memory
216 */
217 static int
shm_start(int unit,struct peer * peer)218 shm_start(
219 int unit,
220 struct peer *peer
221 )
222 {
223 struct refclockproc * const pp = peer->procptr;
224 struct shmunit * const up = emalloc_zero(sizeof(*up));
225
226 pp->io.clock_recv = noentry;
227 pp->io.srcclock = peer;
228 pp->io.datalen = 0;
229 pp->io.fd = -1;
230
231 up->forall = (unit >= 2) && !(peer->ttl & SHM_MODE_PRIVATE);
232
233 up->shm = getShmTime(unit, up->forall);
234
235 /*
236 * Initialize miscellaneous peer variables
237 */
238 memcpy((char *)&pp->refid, REFID, 4);
239 if (up->shm != 0) {
240 pp->unitptr = up;
241 up->shm->precision = PRECISION;
242 peer->precision = up->shm->precision;
243 up->shm->valid = 0;
244 up->shm->nsamples = NSAMPLES;
245 pp->clockdesc = DESCRIPTION;
246 /* items to be changed later in 'shm_control()': */
247 up->max_delay = 5;
248 up->max_delta = 4*3600;
249 return 1;
250 } else {
251 free(up);
252 pp->unitptr = NULL;
253 return 0;
254 }
255 }
256
257
258 /*
259 * shm_control - configure flag1/time2 params
260 *
261 * These are not yet available during 'shm_start', so we have to do any
262 * pre-computations we want to avoid during regular poll/timer callbacks
263 * in this callback.
264 */
265 static void
shm_control(int unit,const struct refclockstat * in_st,struct refclockstat * out_st,struct peer * peer)266 shm_control(
267 int unit,
268 const struct refclockstat * in_st,
269 struct refclockstat * out_st,
270 struct peer * peer
271 )
272 {
273 struct refclockproc * const pp = peer->procptr;
274 struct shmunit * const up = pp->unitptr;
275
276 UNUSED_ARG(unit);
277 UNUSED_ARG(in_st);
278 UNUSED_ARG(out_st);
279 if (NULL == up)
280 return;
281 if (pp->sloppyclockflag & CLK_FLAG1)
282 up->max_delta = 0;
283 else if (pp->fudgetime2 < 1. || pp->fudgetime2 > 86400.)
284 up->max_delta = 4*3600;
285 else
286 up->max_delta = (time_t)floor(pp->fudgetime2 + 0.5);
287 }
288
289
290 /*
291 * shm_shutdown - shut down the clock
292 */
293 static void
shm_shutdown(int unit,struct peer * peer)294 shm_shutdown(
295 int unit,
296 struct peer *peer
297 )
298 {
299 struct refclockproc * const pp = peer->procptr;
300 struct shmunit * const up = pp->unitptr;
301
302 UNUSED_ARG(unit);
303 if (NULL == up)
304 return;
305 #ifndef SYS_WINNT
306
307 /* HMS: shmdt() wants char* or const void * */
308 (void)shmdt((char *)up->shm);
309
310 #else
311
312 UnmapViewOfFile(up->shm);
313
314 #endif
315 free(up);
316 }
317
318
319 /*
320 * shm_poll - called by the transmit procedure
321 */
322 static void
shm_poll(int unit,struct peer * peer)323 shm_poll(
324 int unit,
325 struct peer *peer
326 )
327 {
328 struct refclockproc * const pp = peer->procptr;
329 struct shmunit * const up = pp->unitptr;
330 int major_error;
331
332 pp->polls++;
333
334 /* get dominant reason if we have no samples at all */
335 major_error = max(up->notready, up->bad);
336 major_error = max(major_error, up->clash);
337
338 /*
339 * Process median filter samples. If none received, see what
340 * happened, tell the core and keep going.
341 */
342 if (pp->coderecv != pp->codeproc) {
343 /* have some samples, everything OK */
344 pp->lastref = pp->lastrec;
345 refclock_report(peer, CEVNT_NOMINAL);
346 refclock_receive(peer);
347 } else if (NULL == up->shm) { /* is this possible at all? */
348 /* we're out of business without SHM access */
349 refclock_report(peer, CEVNT_FAULT);
350 } else if (major_error == up->clash) {
351 /* too many collisions is like a bad signal */
352 refclock_report(peer, CEVNT_PROP);
353 } else if (major_error == up->bad) {
354 /* too much stale/bad/garbled data */
355 refclock_report(peer, CEVNT_BADREPLY);
356 } else {
357 /* in any other case assume it's just a timeout */
358 refclock_report(peer, CEVNT_TIMEOUT);
359 }
360 /* shm_clockstats() clears the tallies, so it must be last... */
361 shm_clockstats(unit, peer);
362 }
363
364
365 enum segstat_t {
366 OK, NO_SEGMENT, NOT_READY, BAD_MODE, CLASH
367 };
368
369 struct shm_stat_t {
370 int status;
371 int mode;
372 struct timespec tvc, tvr, tvt;
373 int precision;
374 int leap;
375 };
376
memory_barrier(void)377 static inline void memory_barrier(void)
378 {
379 #ifdef HAVE_ATOMIC_THREAD_FENCE
380 atomic_thread_fence(memory_order_seq_cst);
381 #endif /* HAVE_ATOMIC_THREAD_FENCE */
382 }
383
shm_query(volatile struct shmTime * shm_in,struct shm_stat_t * shm_stat)384 static enum segstat_t shm_query(volatile struct shmTime *shm_in, struct shm_stat_t *shm_stat)
385 /* try to grab a sample from the specified SHM segment */
386 {
387 struct shmTime shmcopy;
388 volatile struct shmTime *shm = shm_in;
389 volatile int cnt;
390
391 unsigned int cns_new, rns_new;
392
393 /*
394 * This is the main routine. It snatches the time from the shm
395 * board and tacks on a local timestamp.
396 */
397 if (shm == NULL) {
398 shm_stat->status = NO_SEGMENT;
399 return NO_SEGMENT;
400 }
401
402 /*@-type@*//* splint is confused about struct timespec */
403 shm_stat->tvc.tv_sec = shm_stat->tvc.tv_nsec = 0;
404 {
405 time_t now;
406
407 time(&now);
408 shm_stat->tvc.tv_sec = now;
409 }
410
411 /* relying on word access to be atomic here */
412 if (shm->valid == 0) {
413 shm_stat->status = NOT_READY;
414 return NOT_READY;
415 }
416
417 cnt = shm->count;
418
419 /*
420 * This is proof against concurrency issues if either
421 * (a) the memory_barrier() call works on this host, or
422 * (b) memset compiles to an uninterruptible single-instruction bitblt.
423 */
424 memory_barrier();
425 memcpy(&shmcopy, (void*)(uintptr_t)shm, sizeof(struct shmTime));
426 shm->valid = 0;
427 memory_barrier();
428
429 /*
430 * Clash detection in case neither (a) nor (b) was true.
431 * Not supported in mode 0, and word access to the count field
432 * must be atomic for this to work.
433 */
434 if (shmcopy.mode > 0 && cnt != shm->count) {
435 shm_stat->status = CLASH;
436 return shm_stat->status;
437 }
438
439 shm_stat->status = OK;
440 shm_stat->mode = shmcopy.mode;
441
442 switch (shmcopy.mode) {
443 case 0:
444 shm_stat->tvr.tv_sec = shmcopy.receiveTimeStampSec;
445 shm_stat->tvr.tv_nsec = shmcopy.receiveTimeStampUSec * 1000;
446 rns_new = shmcopy.receiveTimeStampNSec;
447 shm_stat->tvt.tv_sec = shmcopy.clockTimeStampSec;
448 shm_stat->tvt.tv_nsec = shmcopy.clockTimeStampUSec * 1000;
449 cns_new = shmcopy.clockTimeStampNSec;
450
451 /* Since the following comparisons are between unsigned
452 ** variables they are always well defined, and any
453 ** (signed) underflow will turn into very large unsigned
454 ** values, well above the 1000 cutoff.
455 **
456 ** Note: The usecs *must* be a *truncated*
457 ** representation of the nsecs. This code will fail for
458 ** *rounded* usecs, and the logic to deal with
459 ** wrap-arounds in the presence of rounded values is
460 ** much more convoluted.
461 */
462 if ( ((cns_new - (unsigned)shm_stat->tvt.tv_nsec) < 1000)
463 && ((rns_new - (unsigned)shm_stat->tvr.tv_nsec) < 1000)) {
464 shm_stat->tvt.tv_nsec = cns_new;
465 shm_stat->tvr.tv_nsec = rns_new;
466 }
467 /* At this point shm_stat->tvr and shm_stat->tvt contain valid ns-level
468 ** timestamps, possibly generated by extending the old
469 ** us-level timestamps
470 */
471 break;
472
473 case 1:
474
475 shm_stat->tvr.tv_sec = shmcopy.receiveTimeStampSec;
476 shm_stat->tvr.tv_nsec = shmcopy.receiveTimeStampUSec * 1000;
477 rns_new = shmcopy.receiveTimeStampNSec;
478 shm_stat->tvt.tv_sec = shmcopy.clockTimeStampSec;
479 shm_stat->tvt.tv_nsec = shmcopy.clockTimeStampUSec * 1000;
480 cns_new = shmcopy.clockTimeStampNSec;
481
482 /* See the case above for an explanation of the
483 ** following test.
484 */
485 if ( ((cns_new - (unsigned)shm_stat->tvt.tv_nsec) < 1000)
486 && ((rns_new - (unsigned)shm_stat->tvr.tv_nsec) < 1000)) {
487 shm_stat->tvt.tv_nsec = cns_new;
488 shm_stat->tvr.tv_nsec = rns_new;
489 }
490 /* At this point shm_stat->tvr and shm_stat->tvt contains valid ns-level
491 ** timestamps, possibly generated by extending the old
492 ** us-level timestamps
493 */
494 break;
495
496 default:
497 shm_stat->status = BAD_MODE;
498 break;
499 }
500 /*@-type@*/
501
502 /*
503 * leap field is not a leap offset but a leap notification code.
504 * The values are magic numbers used by NTP and set by GPSD, if at all, in
505 * the subframe code.
506 */
507 shm_stat->leap = shmcopy.leap;
508 shm_stat->precision = shmcopy.precision;
509
510 return shm_stat->status;
511 }
512
513 /*
514 * shm_timer - called once every second.
515 *
516 * This tries to grab a sample from the SHM segment, filtering bad ones
517 */
518 static void
shm_timer(int unit,struct peer * peer)519 shm_timer(
520 int unit,
521 struct peer *peer
522 )
523 {
524 struct refclockproc * const pp = peer->procptr;
525 struct shmunit * const up = pp->unitptr;
526
527 volatile struct shmTime *shm;
528
529 l_fp tsrcv;
530 l_fp tsref;
531 int c;
532
533 /* for formatting 'a_lastcode': */
534 struct calendar cd;
535 time_t tt;
536 vint64 ts;
537
538 enum segstat_t status;
539 struct shm_stat_t shm_stat;
540
541 up->ticks++;
542 if ((shm = up->shm) == NULL) {
543 /* try to map again - this may succeed if meanwhile some-
544 body has ipcrm'ed the old (unaccessible) shared mem segment */
545 shm = up->shm = getShmTime(unit, up->forall);
546 if (shm == NULL) {
547 DPRINTF(1, ("%s: no SHM segment\n",
548 refnumtoa(&peer->srcadr)));
549 return;
550 }
551 }
552
553 /* query the segment, atomically */
554 status = shm_query(shm, &shm_stat);
555
556 switch (status) {
557 case OK:
558 DPRINTF(2, ("%s: SHM type %d sample\n",
559 refnumtoa(&peer->srcadr), shm_stat.mode));
560 break;
561 case NO_SEGMENT:
562 /* should never happen, but is harmless */
563 return;
564 case NOT_READY:
565 DPRINTF(1, ("%s: SHM not ready\n",refnumtoa(&peer->srcadr)));
566 up->notready++;
567 return;
568 case BAD_MODE:
569 DPRINTF(1, ("%s: SHM type blooper, mode=%d\n",
570 refnumtoa(&peer->srcadr), shm->mode));
571 up->bad++;
572 msyslog (LOG_ERR, "SHM: bad mode found in shared memory: %d",
573 shm->mode);
574 return;
575 case CLASH:
576 DPRINTF(1, ("%s: type 1 access clash\n",
577 refnumtoa(&peer->srcadr)));
578 msyslog (LOG_NOTICE, "SHM: access clash in shared memory");
579 up->clash++;
580 return;
581 default:
582 DPRINTF(1, ("%s: internal error, unknown SHM fetch status\n",
583 refnumtoa(&peer->srcadr)));
584 msyslog (LOG_NOTICE, "internal error, unknown SHM fetch status");
585 up->bad++;
586 return;
587 }
588
589
590 /* format the last time code in human-readable form into
591 * 'pp->a_lastcode'. Someone claimed: "NetBSD has incompatible
592 * tv_sec". I can't find a base for this claim, but we can work
593 * around that potential problem. BTW, simply casting a pointer
594 * is a receipe for disaster on some architectures.
595 */
596 tt = (time_t)shm_stat.tvt.tv_sec;
597 ts = time_to_vint64(&tt);
598 ntpcal_time_to_date(&cd, &ts);
599
600 /* add ntpq -c cv timecode in ISO 8601 format */
601 c = snprintf(pp->a_lastcode, sizeof(pp->a_lastcode),
602 "%04u-%02u-%02uT%02u:%02u:%02u.%09ldZ",
603 cd.year, cd.month, cd.monthday,
604 cd.hour, cd.minute, cd.second,
605 (long)shm_stat.tvt.tv_nsec);
606 pp->lencode = (c > 0 && (size_t)c < sizeof(pp->a_lastcode)) ? c : 0;
607
608 /* check 1: age control of local time stamp */
609 tt = shm_stat.tvc.tv_sec - shm_stat.tvr.tv_sec;
610 if (tt < 0 || tt > up->max_delay) {
611 DPRINTF(1, ("%s:SHM stale/bad receive time, delay=%llds\n",
612 refnumtoa(&peer->srcadr), (long long)tt));
613 up->bad++;
614 msyslog (LOG_ERR, "SHM: stale/bad receive time, delay=%llds",
615 (long long)tt);
616 return;
617 }
618
619 /* check 2: delta check */
620 tt = shm_stat.tvr.tv_sec - shm_stat.tvt.tv_sec - (shm_stat.tvr.tv_nsec < shm_stat.tvt.tv_nsec);
621 if (tt < 0)
622 tt = -tt;
623 if (up->max_delta > 0 && tt > up->max_delta) {
624 DPRINTF(1, ("%s: SHM diff limit exceeded, delta=%llds\n",
625 refnumtoa(&peer->srcadr), (long long)tt));
626 up->bad++;
627 msyslog (LOG_ERR, "SHM: difference limit exceeded, delta=%llds\n",
628 (long long)tt);
629 return;
630 }
631
632 /* if we really made it to this point... we're winners! */
633 DPRINTF(2, ("%s: SHM feeding data\n",
634 refnumtoa(&peer->srcadr)));
635 tsrcv = tspec_stamp_to_lfp(shm_stat.tvr);
636 tsref = tspec_stamp_to_lfp(shm_stat.tvt);
637 pp->leap = shm_stat.leap;
638 peer->precision = shm_stat.precision;
639 refclock_process_offset(pp, tsref, tsrcv, pp->fudgetime1);
640 up->good++;
641 }
642
643 /*
644 * shm_clockstats - dump and reset counters
645 */
shm_clockstats(int unit,struct peer * peer)646 static void shm_clockstats(
647 int unit,
648 struct peer *peer
649 )
650 {
651 struct refclockproc * const pp = peer->procptr;
652 struct shmunit * const up = pp->unitptr;
653
654 UNUSED_ARG(unit);
655 if (pp->sloppyclockflag & CLK_FLAG4) {
656 mprintf_clock_stats(
657 &peer->srcadr, "%3d %3d %3d %3d %3d",
658 up->ticks, up->good, up->notready,
659 up->bad, up->clash);
660 }
661 up->ticks = up->good = up->notready = up->bad = up->clash = 0;
662 }
663
664 #else
665 NONEMPTY_TRANSLATION_UNIT
666 #endif /* REFCLOCK */
667