1 /* $NetBSD: refclock_shm.c,v 1.8 2016/05/01 23:32:01 christos Exp $ */ 2 3 /* 4 * refclock_shm - clock driver for utc via shared memory 5 * - under construction - 6 * To add new modes: Extend or union the shmTime-struct. Do not 7 * extend/shrink size, because otherwise existing implementations 8 * will specify wrong size of shared memory-segment 9 * PB 18.3.97 10 */ 11 12 #ifdef HAVE_CONFIG_H 13 # include <config.h> 14 #endif 15 16 #include "ntp_types.h" 17 18 #if defined(REFCLOCK) && defined(CLOCK_SHM) 19 20 #include "ntpd.h" 21 #undef fileno 22 #include "ntp_io.h" 23 #undef fileno 24 #include "ntp_refclock.h" 25 #undef fileno 26 #include "timespecops.h" 27 #undef fileno 28 #include "ntp_stdlib.h" 29 #include "ntp_assert.h" 30 31 #undef fileno 32 #include <ctype.h> 33 #undef fileno 34 35 #ifndef SYS_WINNT 36 # include <sys/ipc.h> 37 # include <sys/shm.h> 38 # include <assert.h> 39 # include <unistd.h> 40 # include <stdio.h> 41 #endif 42 43 #ifdef HAVE_STDATOMIC_H 44 # include <stdatomic.h> 45 #endif /* HAVE_STDATOMIC_H */ 46 47 /* 48 * This driver supports a reference clock attached thru shared memory 49 */ 50 51 /* 52 * SHM interface definitions 53 */ 54 #define PRECISION (-1) /* precision assumed (0.5 s) */ 55 #define REFID "SHM" /* reference ID */ 56 #define DESCRIPTION "SHM/Shared memory interface" 57 58 #define NSAMPLES 3 /* stages of median filter */ 59 60 /* 61 * Mode flags 62 */ 63 #define SHM_MODE_PRIVATE 0x0001 64 65 /* 66 * Function prototypes 67 */ 68 static int shm_start (int unit, struct peer *peer); 69 static void shm_shutdown (int unit, struct peer *peer); 70 static void shm_poll (int unit, struct peer *peer); 71 static void shm_timer (int unit, struct peer *peer); 72 static void shm_clockstats (int unit, struct peer *peer); 73 static void shm_control (int unit, const struct refclockstat * in_st, 74 struct refclockstat * out_st, struct peer *peer); 75 76 /* 77 * Transfer vector 78 */ 79 struct refclock refclock_shm = { 80 shm_start, /* start up driver */ 81 shm_shutdown, /* shut down driver */ 82 shm_poll, /* transmit poll message */ 83 shm_control, /* control settings */ 84 noentry, /* not used: init */ 85 noentry, /* not used: buginfo */ 86 shm_timer, /* once per second */ 87 }; 88 89 struct shmTime { 90 int mode; /* 0 - if valid is set: 91 * use values, 92 * clear valid 93 * 1 - if valid is set: 94 * if count before and after read of values is equal, 95 * use values 96 * clear valid 97 */ 98 volatile int count; 99 time_t clockTimeStampSec; 100 int clockTimeStampUSec; 101 time_t receiveTimeStampSec; 102 int receiveTimeStampUSec; 103 int leap; 104 int precision; 105 int nsamples; 106 volatile int valid; 107 unsigned clockTimeStampNSec; /* Unsigned ns timestamps */ 108 unsigned receiveTimeStampNSec; /* Unsigned ns timestamps */ 109 int dummy[8]; 110 }; 111 112 struct shmunit { 113 struct shmTime *shm; /* pointer to shared memory segment */ 114 int forall; /* access for all UIDs? */ 115 116 /* debugging/monitoring counters - reset when printed */ 117 int ticks; /* number of attempts to read data*/ 118 int good; /* number of valid samples */ 119 int notready; /* number of peeks without data ready */ 120 int bad; /* number of invalid samples */ 121 int clash; /* number of access clashes while reading */ 122 123 time_t max_delta; /* difference limit */ 124 time_t max_delay; /* age/stale limit */ 125 }; 126 127 128 static struct shmTime* 129 getShmTime( 130 int unit, 131 int/*BOOL*/ forall 132 ) 133 { 134 struct shmTime *p = NULL; 135 136 #ifndef SYS_WINNT 137 138 int shmid; 139 140 /* 0x4e545030 is NTP0. 141 * Big units will give non-ascii but that's OK 142 * as long as everybody does it the same way. 143 */ 144 shmid=shmget(0x4e545030 + unit, sizeof (struct shmTime), 145 IPC_CREAT | (forall ? 0666 : 0600)); 146 if (shmid == -1) { /* error */ 147 msyslog(LOG_ERR, "SHM shmget (unit %d): %m", unit); 148 return NULL; 149 } 150 p = (struct shmTime *)shmat (shmid, 0, 0); 151 if (p == (struct shmTime *)-1) { /* error */ 152 msyslog(LOG_ERR, "SHM shmat (unit %d): %m", unit); 153 return NULL; 154 } 155 156 return p; 157 #else 158 159 static const char * nspref[2] = { "Local", "Global" }; 160 char buf[20]; 161 LPSECURITY_ATTRIBUTES psec = 0; 162 HANDLE shmid = 0; 163 SECURITY_DESCRIPTOR sd; 164 SECURITY_ATTRIBUTES sa; 165 unsigned int numch; 166 167 numch = snprintf(buf, sizeof(buf), "%s\\NTP%d", 168 nspref[forall != 0], (unit & 0xFF)); 169 if (numch >= sizeof(buf)) { 170 msyslog(LOG_ERR, "SHM name too long (unit %d)", unit); 171 return NULL; 172 } 173 if (forall) { /* world access */ 174 if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) { 175 msyslog(LOG_ERR,"SHM InitializeSecurityDescriptor (unit %d): %m", unit); 176 return NULL; 177 } 178 if (!SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE)) { 179 msyslog(LOG_ERR, "SHM SetSecurityDescriptorDacl (unit %d): %m", unit); 180 return NULL; 181 } 182 sa.nLength = sizeof(SECURITY_ATTRIBUTES); 183 sa.lpSecurityDescriptor = &sd; 184 sa.bInheritHandle = FALSE; 185 psec = &sa; 186 } 187 shmid = CreateFileMapping ((HANDLE)0xffffffff, psec, PAGE_READWRITE, 188 0, sizeof (struct shmTime), buf); 189 if (shmid == NULL) { /*error*/ 190 char buf[1000]; 191 FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM, 192 0, GetLastError (), 0, buf, sizeof (buf), 0); 193 msyslog(LOG_ERR, "SHM CreateFileMapping (unit %d): %s", unit, buf); 194 return NULL; 195 } 196 p = (struct shmTime *)MapViewOfFile(shmid, FILE_MAP_WRITE, 0, 0, 197 sizeof (struct shmTime)); 198 if (p == NULL) { /*error*/ 199 char buf[1000]; 200 FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM, 201 0, GetLastError (), 0, buf, sizeof (buf), 0); 202 msyslog(LOG_ERR,"SHM MapViewOfFile (unit %d): %s", unit, buf); 203 return NULL; 204 } 205 206 return p; 207 #endif 208 209 /* NOTREACHED */ 210 ENSURE(!"getShmTime(): Not reached."); 211 } 212 213 214 /* 215 * shm_start - attach to shared memory 216 */ 217 static int 218 shm_start( 219 int unit, 220 struct peer *peer 221 ) 222 { 223 struct refclockproc * const pp = peer->procptr; 224 struct shmunit * const up = emalloc_zero(sizeof(*up)); 225 226 pp->io.clock_recv = noentry; 227 pp->io.srcclock = peer; 228 pp->io.datalen = 0; 229 pp->io.fd = -1; 230 231 up->forall = (unit >= 2) && !(peer->ttl & SHM_MODE_PRIVATE); 232 233 up->shm = getShmTime(unit, up->forall); 234 235 /* 236 * Initialize miscellaneous peer variables 237 */ 238 memcpy((char *)&pp->refid, REFID, 4); 239 if (up->shm != 0) { 240 pp->unitptr = up; 241 up->shm->precision = PRECISION; 242 peer->precision = up->shm->precision; 243 up->shm->valid = 0; 244 up->shm->nsamples = NSAMPLES; 245 pp->clockdesc = DESCRIPTION; 246 /* items to be changed later in 'shm_control()': */ 247 up->max_delay = 5; 248 up->max_delta = 4*3600; 249 return 1; 250 } else { 251 free(up); 252 pp->unitptr = NULL; 253 return 0; 254 } 255 } 256 257 258 /* 259 * shm_control - configure flag1/time2 params 260 * 261 * These are not yet available during 'shm_start', so we have to do any 262 * pre-computations we want to avoid during regular poll/timer callbacks 263 * in this callback. 264 */ 265 static void 266 shm_control( 267 int unit, 268 const struct refclockstat * in_st, 269 struct refclockstat * out_st, 270 struct peer * peer 271 ) 272 { 273 struct refclockproc * const pp = peer->procptr; 274 struct shmunit * const up = pp->unitptr; 275 276 UNUSED_ARG(unit); 277 UNUSED_ARG(in_st); 278 UNUSED_ARG(out_st); 279 if (NULL == up) 280 return; 281 if (pp->sloppyclockflag & CLK_FLAG1) 282 up->max_delta = 0; 283 else if (pp->fudgetime2 < 1. || pp->fudgetime2 > 86400.) 284 up->max_delta = 4*3600; 285 else 286 up->max_delta = (time_t)floor(pp->fudgetime2 + 0.5); 287 } 288 289 290 /* 291 * shm_shutdown - shut down the clock 292 */ 293 static void 294 shm_shutdown( 295 int unit, 296 struct peer *peer 297 ) 298 { 299 struct refclockproc * const pp = peer->procptr; 300 struct shmunit * const up = pp->unitptr; 301 302 UNUSED_ARG(unit); 303 if (NULL == up) 304 return; 305 #ifndef SYS_WINNT 306 307 /* HMS: shmdt() wants char* or const void * */ 308 (void)shmdt((char *)up->shm); 309 310 #else 311 312 UnmapViewOfFile(up->shm); 313 314 #endif 315 free(up); 316 } 317 318 319 /* 320 * shm_poll - called by the transmit procedure 321 */ 322 static void 323 shm_poll( 324 int unit, 325 struct peer *peer 326 ) 327 { 328 struct refclockproc * const pp = peer->procptr; 329 struct shmunit * const up = pp->unitptr; 330 int major_error; 331 332 pp->polls++; 333 334 /* get dominant reason if we have no samples at all */ 335 major_error = max(up->notready, up->bad); 336 major_error = max(major_error, up->clash); 337 338 /* 339 * Process median filter samples. If none received, see what 340 * happened, tell the core and keep going. 341 */ 342 if (pp->coderecv != pp->codeproc) { 343 /* have some samples, everything OK */ 344 pp->lastref = pp->lastrec; 345 refclock_receive(peer); 346 } else if (NULL == up->shm) { /* is this possible at all? */ 347 /* we're out of business without SHM access */ 348 refclock_report(peer, CEVNT_FAULT); 349 } else if (major_error == up->clash) { 350 /* too many collisions is like a bad signal */ 351 refclock_report(peer, CEVNT_PROP); 352 } else if (major_error == up->bad) { 353 /* too much stale/bad/garbled data */ 354 refclock_report(peer, CEVNT_BADREPLY); 355 } else { 356 /* in any other case assume it's just a timeout */ 357 refclock_report(peer, CEVNT_TIMEOUT); 358 } 359 /* shm_clockstats() clears the tallies, so it must be last... */ 360 shm_clockstats(unit, peer); 361 } 362 363 364 enum segstat_t { 365 OK, NO_SEGMENT, NOT_READY, BAD_MODE, CLASH 366 }; 367 368 struct shm_stat_t { 369 int status; 370 int mode; 371 struct timespec tvc, tvr, tvt; 372 int precision; 373 int leap; 374 }; 375 376 static inline void memory_barrier(void) 377 { 378 #ifdef HAVE_ATOMIC_THREAD_FENCE 379 atomic_thread_fence(memory_order_seq_cst); 380 #endif /* HAVE_ATOMIC_THREAD_FENCE */ 381 } 382 383 static enum segstat_t shm_query(volatile struct shmTime *shm_in, struct shm_stat_t *shm_stat) 384 /* try to grab a sample from the specified SHM segment */ 385 { 386 struct shmTime shmcopy; 387 volatile struct shmTime *shm = shm_in; 388 volatile int cnt; 389 390 unsigned int cns_new, rns_new; 391 392 /* 393 * This is the main routine. It snatches the time from the shm 394 * board and tacks on a local timestamp. 395 */ 396 if (shm == NULL) { 397 shm_stat->status = NO_SEGMENT; 398 return NO_SEGMENT; 399 } 400 401 /*@-type@*//* splint is confused about struct timespec */ 402 shm_stat->tvc.tv_sec = shm_stat->tvc.tv_nsec = 0; 403 { 404 time_t now; 405 406 time(&now); 407 shm_stat->tvc.tv_sec = now; 408 } 409 410 /* relying on word access to be atomic here */ 411 if (shm->valid == 0) { 412 shm_stat->status = NOT_READY; 413 return NOT_READY; 414 } 415 416 cnt = shm->count; 417 418 /* 419 * This is proof against concurrency issues if either 420 * (a) the memory_barrier() call works on this host, or 421 * (b) memset compiles to an uninterruptible single-instruction bitblt. 422 */ 423 memory_barrier(); 424 memcpy(&shmcopy, (void*)(uintptr_t)shm, sizeof(struct shmTime)); 425 shm->valid = 0; 426 memory_barrier(); 427 428 /* 429 * Clash detection in case neither (a) nor (b) was true. 430 * Not supported in mode 0, and word access to the count field 431 * must be atomic for this to work. 432 */ 433 if (shmcopy.mode > 0 && cnt != shm->count) { 434 shm_stat->status = CLASH; 435 return shm_stat->status; 436 } 437 438 shm_stat->status = OK; 439 shm_stat->mode = shmcopy.mode; 440 441 switch (shmcopy.mode) { 442 case 0: 443 shm_stat->tvr.tv_sec = shmcopy.receiveTimeStampSec; 444 shm_stat->tvr.tv_nsec = shmcopy.receiveTimeStampUSec * 1000; 445 rns_new = shmcopy.receiveTimeStampNSec; 446 shm_stat->tvt.tv_sec = shmcopy.clockTimeStampSec; 447 shm_stat->tvt.tv_nsec = shmcopy.clockTimeStampUSec * 1000; 448 cns_new = shmcopy.clockTimeStampNSec; 449 450 /* Since the following comparisons are between unsigned 451 ** variables they are always well defined, and any 452 ** (signed) underflow will turn into very large unsigned 453 ** values, well above the 1000 cutoff. 454 ** 455 ** Note: The usecs *must* be a *truncated* 456 ** representation of the nsecs. This code will fail for 457 ** *rounded* usecs, and the logic to deal with 458 ** wrap-arounds in the presence of rounded values is 459 ** much more convoluted. 460 */ 461 if ( ((cns_new - (unsigned)shm_stat->tvt.tv_nsec) < 1000) 462 && ((rns_new - (unsigned)shm_stat->tvr.tv_nsec) < 1000)) { 463 shm_stat->tvt.tv_nsec = cns_new; 464 shm_stat->tvr.tv_nsec = rns_new; 465 } 466 /* At this point shm_stat->tvr and shm_stat->tvt contain valid ns-level 467 ** timestamps, possibly generated by extending the old 468 ** us-level timestamps 469 */ 470 break; 471 472 case 1: 473 474 shm_stat->tvr.tv_sec = shmcopy.receiveTimeStampSec; 475 shm_stat->tvr.tv_nsec = shmcopy.receiveTimeStampUSec * 1000; 476 rns_new = shmcopy.receiveTimeStampNSec; 477 shm_stat->tvt.tv_sec = shmcopy.clockTimeStampSec; 478 shm_stat->tvt.tv_nsec = shmcopy.clockTimeStampUSec * 1000; 479 cns_new = shmcopy.clockTimeStampNSec; 480 481 /* See the case above for an explanation of the 482 ** following test. 483 */ 484 if ( ((cns_new - (unsigned)shm_stat->tvt.tv_nsec) < 1000) 485 && ((rns_new - (unsigned)shm_stat->tvr.tv_nsec) < 1000)) { 486 shm_stat->tvt.tv_nsec = cns_new; 487 shm_stat->tvr.tv_nsec = rns_new; 488 } 489 /* At this point shm_stat->tvr and shm_stat->tvt contains valid ns-level 490 ** timestamps, possibly generated by extending the old 491 ** us-level timestamps 492 */ 493 break; 494 495 default: 496 shm_stat->status = BAD_MODE; 497 break; 498 } 499 /*@-type@*/ 500 501 /* 502 * leap field is not a leap offset but a leap notification code. 503 * The values are magic numbers used by NTP and set by GPSD, if at all, in 504 * the subframe code. 505 */ 506 shm_stat->leap = shmcopy.leap; 507 shm_stat->precision = shmcopy.precision; 508 509 return shm_stat->status; 510 } 511 512 /* 513 * shm_timer - called once every second. 514 * 515 * This tries to grab a sample from the SHM segment, filtering bad ones 516 */ 517 static void 518 shm_timer( 519 int unit, 520 struct peer *peer 521 ) 522 { 523 struct refclockproc * const pp = peer->procptr; 524 struct shmunit * const up = pp->unitptr; 525 526 volatile struct shmTime *shm; 527 528 l_fp tsrcv; 529 l_fp tsref; 530 int c; 531 532 /* for formatting 'a_lastcode': */ 533 struct calendar cd; 534 time_t tt; 535 vint64 ts; 536 537 enum segstat_t status; 538 struct shm_stat_t shm_stat; 539 540 up->ticks++; 541 if ((shm = up->shm) == NULL) { 542 /* try to map again - this may succeed if meanwhile some- 543 body has ipcrm'ed the old (unaccessible) shared mem segment */ 544 shm = up->shm = getShmTime(unit, up->forall); 545 if (shm == NULL) { 546 DPRINTF(1, ("%s: no SHM segment\n", 547 refnumtoa(&peer->srcadr))); 548 return; 549 } 550 } 551 552 /* query the segment, atomically */ 553 status = shm_query(shm, &shm_stat); 554 555 switch (status) { 556 case OK: 557 DPRINTF(2, ("%s: SHM type %d sample\n", 558 refnumtoa(&peer->srcadr), shm_stat.mode)); 559 break; 560 case NO_SEGMENT: 561 /* should never happen, but is harmless */ 562 return; 563 case NOT_READY: 564 DPRINTF(1, ("%s: SHM not ready\n",refnumtoa(&peer->srcadr))); 565 up->notready++; 566 return; 567 case BAD_MODE: 568 DPRINTF(1, ("%s: SHM type blooper, mode=%d\n", 569 refnumtoa(&peer->srcadr), shm->mode)); 570 up->bad++; 571 msyslog (LOG_ERR, "SHM: bad mode found in shared memory: %d", 572 shm->mode); 573 return; 574 case CLASH: 575 DPRINTF(1, ("%s: type 1 access clash\n", 576 refnumtoa(&peer->srcadr))); 577 msyslog (LOG_NOTICE, "SHM: access clash in shared memory"); 578 up->clash++; 579 return; 580 default: 581 DPRINTF(1, ("%s: internal error, unknown SHM fetch status\n", 582 refnumtoa(&peer->srcadr))); 583 msyslog (LOG_NOTICE, "internal error, unknown SHM fetch status"); 584 up->bad++; 585 return; 586 } 587 588 589 /* format the last time code in human-readable form into 590 * 'pp->a_lastcode'. Someone claimed: "NetBSD has incompatible 591 * tv_sec". I can't find a base for this claim, but we can work 592 * around that potential problem. BTW, simply casting a pointer 593 * is a receipe for disaster on some architectures. 594 */ 595 tt = (time_t)shm_stat.tvt.tv_sec; 596 ts = time_to_vint64(&tt); 597 ntpcal_time_to_date(&cd, &ts); 598 599 /* add ntpq -c cv timecode in ISO 8601 format */ 600 c = snprintf(pp->a_lastcode, sizeof(pp->a_lastcode), 601 "%04u-%02u-%02uT%02u:%02u:%02u.%09ldZ", 602 cd.year, cd.month, cd.monthday, 603 cd.hour, cd.minute, cd.second, 604 (long)shm_stat.tvt.tv_nsec); 605 pp->lencode = (c > 0 && (size_t)c < sizeof(pp->a_lastcode)) ? c : 0; 606 607 /* check 1: age control of local time stamp */ 608 tt = shm_stat.tvc.tv_sec - shm_stat.tvr.tv_sec; 609 if (tt < 0 || tt > up->max_delay) { 610 DPRINTF(1, ("%s:SHM stale/bad receive time, delay=%llds\n", 611 refnumtoa(&peer->srcadr), (long long)tt)); 612 up->bad++; 613 msyslog (LOG_ERR, "SHM: stale/bad receive time, delay=%llds", 614 (long long)tt); 615 return; 616 } 617 618 /* check 2: delta check */ 619 tt = shm_stat.tvr.tv_sec - shm_stat.tvt.tv_sec - (shm_stat.tvr.tv_nsec < shm_stat.tvt.tv_nsec); 620 if (tt < 0) 621 tt = -tt; 622 if (up->max_delta > 0 && tt > up->max_delta) { 623 DPRINTF(1, ("%s: SHM diff limit exceeded, delta=%llds\n", 624 refnumtoa(&peer->srcadr), (long long)tt)); 625 up->bad++; 626 msyslog (LOG_ERR, "SHM: difference limit exceeded, delta=%llds\n", 627 (long long)tt); 628 return; 629 } 630 631 /* if we really made it to this point... we're winners! */ 632 DPRINTF(2, ("%s: SHM feeding data\n", 633 refnumtoa(&peer->srcadr))); 634 tsrcv = tspec_stamp_to_lfp(shm_stat.tvr); 635 tsref = tspec_stamp_to_lfp(shm_stat.tvt); 636 pp->leap = shm_stat.leap; 637 peer->precision = shm_stat.precision; 638 refclock_process_offset(pp, tsref, tsrcv, pp->fudgetime1); 639 up->good++; 640 } 641 642 /* 643 * shm_clockstats - dump and reset counters 644 */ 645 static void shm_clockstats( 646 int unit, 647 struct peer *peer 648 ) 649 { 650 struct refclockproc * const pp = peer->procptr; 651 struct shmunit * const up = pp->unitptr; 652 653 UNUSED_ARG(unit); 654 if (pp->sloppyclockflag & CLK_FLAG4) { 655 mprintf_clock_stats( 656 &peer->srcadr, "%3d %3d %3d %3d %3d", 657 up->ticks, up->good, up->notready, 658 up->bad, up->clash); 659 } 660 up->ticks = up->good = up->notready = up->bad = up->clash = 0; 661 } 662 663 #else 664 NONEMPTY_TRANSLATION_UNIT 665 #endif /* REFCLOCK */ 666