1 /* $NetBSD: refclock_shm.c,v 1.10 2020/05/25 20:47:26 christos Exp $ */ 2 3 /* 4 * refclock_shm - clock driver for utc via shared memory 5 * - under construction - 6 * To add new modes: Extend or union the shmTime-struct. Do not 7 * extend/shrink size, because otherwise existing implementations 8 * will specify wrong size of shared memory-segment 9 * PB 18.3.97 10 */ 11 12 #ifdef HAVE_CONFIG_H 13 # include <config.h> 14 #endif 15 16 #include "ntp_types.h" 17 18 #if defined(REFCLOCK) && defined(CLOCK_SHM) 19 20 #include "ntpd.h" 21 #undef fileno 22 #include "ntp_io.h" 23 #undef fileno 24 #include "ntp_refclock.h" 25 #undef fileno 26 #include "timespecops.h" 27 #undef fileno 28 #include "ntp_stdlib.h" 29 #include "ntp_assert.h" 30 31 #undef fileno 32 #include <ctype.h> 33 #undef fileno 34 35 #ifndef SYS_WINNT 36 # include <sys/ipc.h> 37 # include <sys/shm.h> 38 # include <assert.h> 39 # include <unistd.h> 40 # include <stdio.h> 41 #endif 42 43 #ifdef HAVE_STDATOMIC_H 44 # include <stdatomic.h> 45 #endif /* HAVE_STDATOMIC_H */ 46 47 /* 48 * This driver supports a reference clock attached thru shared memory 49 */ 50 51 /* 52 * SHM interface definitions 53 */ 54 #define PRECISION (-1) /* precision assumed (0.5 s) */ 55 #define REFID "SHM" /* reference ID */ 56 #define DESCRIPTION "SHM/Shared memory interface" 57 58 #define NSAMPLES 3 /* stages of median filter */ 59 60 /* 61 * Mode flags 62 */ 63 #define SHM_MODE_PRIVATE 0x0001 64 65 /* 66 * Function prototypes 67 */ 68 static int shm_start (int unit, struct peer *peer); 69 static void shm_shutdown (int unit, struct peer *peer); 70 static void shm_poll (int unit, struct peer *peer); 71 static void shm_timer (int unit, struct peer *peer); 72 static void shm_clockstats (int unit, struct peer *peer); 73 static void shm_control (int unit, const struct refclockstat * in_st, 74 struct refclockstat * out_st, struct peer *peer); 75 76 /* 77 * Transfer vector 78 */ 79 struct refclock refclock_shm = { 80 shm_start, /* start up driver */ 81 shm_shutdown, /* shut down driver */ 82 shm_poll, /* transmit poll message */ 83 shm_control, /* control settings */ 84 noentry, /* not used: init */ 85 noentry, /* not used: buginfo */ 86 shm_timer, /* once per second */ 87 }; 88 89 struct shmTime { 90 int mode; /* 0 - if valid is set: 91 * use values, 92 * clear valid 93 * 1 - if valid is set: 94 * if count before and after read of values is equal, 95 * use values 96 * clear valid 97 */ 98 volatile int count; 99 time_t clockTimeStampSec; 100 int clockTimeStampUSec; 101 time_t receiveTimeStampSec; 102 int receiveTimeStampUSec; 103 int leap; 104 int precision; 105 int nsamples; 106 volatile int valid; 107 unsigned clockTimeStampNSec; /* Unsigned ns timestamps */ 108 unsigned receiveTimeStampNSec; /* Unsigned ns timestamps */ 109 int dummy[8]; 110 }; 111 112 struct shmunit { 113 struct shmTime *shm; /* pointer to shared memory segment */ 114 int forall; /* access for all UIDs? */ 115 116 /* debugging/monitoring counters - reset when printed */ 117 int ticks; /* number of attempts to read data*/ 118 int good; /* number of valid samples */ 119 int notready; /* number of peeks without data ready */ 120 int bad; /* number of invalid samples */ 121 int clash; /* number of access clashes while reading */ 122 123 time_t max_delta; /* difference limit */ 124 time_t max_delay; /* age/stale limit */ 125 }; 126 127 128 static struct shmTime* 129 getShmTime( 130 int unit, 131 int/*BOOL*/ forall 132 ) 133 { 134 struct shmTime *p = NULL; 135 136 #ifndef SYS_WINNT 137 138 int shmid; 139 140 /* 0x4e545030 is NTP0. 141 * Big units will give non-ascii but that's OK 142 * as long as everybody does it the same way. 143 */ 144 shmid=shmget(0x4e545030 + unit, sizeof (struct shmTime), 145 IPC_CREAT | (forall ? 0666 : 0600)); 146 if (shmid == -1) { /* error */ 147 msyslog(LOG_ERR, "SHM shmget (unit %d): %m", unit); 148 return NULL; 149 } 150 p = (struct shmTime *)shmat (shmid, 0, 0); 151 if (p == (struct shmTime *)-1) { /* error */ 152 msyslog(LOG_ERR, "SHM shmat (unit %d): %m", unit); 153 return NULL; 154 } 155 156 return p; 157 #else 158 159 static const char * nspref[2] = { "Local", "Global" }; 160 char buf[20]; 161 LPSECURITY_ATTRIBUTES psec = 0; 162 HANDLE shmid = 0; 163 SECURITY_DESCRIPTOR sd; 164 SECURITY_ATTRIBUTES sa; 165 unsigned int numch; 166 167 numch = snprintf(buf, sizeof(buf), "%s\\NTP%d", 168 nspref[forall != 0], (unit & 0xFF)); 169 if (numch >= sizeof(buf)) { 170 msyslog(LOG_ERR, "SHM name too long (unit %d)", unit); 171 return NULL; 172 } 173 if (forall) { /* world access */ 174 if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) { 175 msyslog(LOG_ERR,"SHM InitializeSecurityDescriptor (unit %d): %m", unit); 176 return NULL; 177 } 178 if (!SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE)) { 179 msyslog(LOG_ERR, "SHM SetSecurityDescriptorDacl (unit %d): %m", unit); 180 return NULL; 181 } 182 sa.nLength = sizeof(SECURITY_ATTRIBUTES); 183 sa.lpSecurityDescriptor = &sd; 184 sa.bInheritHandle = FALSE; 185 psec = &sa; 186 } 187 shmid = CreateFileMapping ((HANDLE)0xffffffff, psec, PAGE_READWRITE, 188 0, sizeof (struct shmTime), buf); 189 if (shmid == NULL) { /*error*/ 190 char buf[1000]; 191 FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM, 192 0, GetLastError (), 0, buf, sizeof (buf), 0); 193 msyslog(LOG_ERR, "SHM CreateFileMapping (unit %d): %s", unit, buf); 194 return NULL; 195 } 196 p = (struct shmTime *)MapViewOfFile(shmid, FILE_MAP_WRITE, 0, 0, 197 sizeof (struct shmTime)); 198 if (p == NULL) { /*error*/ 199 char buf[1000]; 200 FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM, 201 0, GetLastError (), 0, buf, sizeof (buf), 0); 202 msyslog(LOG_ERR,"SHM MapViewOfFile (unit %d): %s", unit, buf); 203 return NULL; 204 } 205 206 return p; 207 #endif 208 209 /* NOTREACHED */ 210 ENSURE(!"getShmTime(): Not reached."); 211 } 212 213 214 /* 215 * shm_start - attach to shared memory 216 */ 217 static int 218 shm_start( 219 int unit, 220 struct peer *peer 221 ) 222 { 223 struct refclockproc * const pp = peer->procptr; 224 struct shmunit * const up = emalloc_zero(sizeof(*up)); 225 226 pp->io.clock_recv = noentry; 227 pp->io.srcclock = peer; 228 pp->io.datalen = 0; 229 pp->io.fd = -1; 230 231 up->forall = (unit >= 2) && !(peer->ttl & SHM_MODE_PRIVATE); 232 233 up->shm = getShmTime(unit, up->forall); 234 235 /* 236 * Initialize miscellaneous peer variables 237 */ 238 memcpy((char *)&pp->refid, REFID, 4); 239 if (up->shm != 0) { 240 pp->unitptr = up; 241 up->shm->precision = PRECISION; 242 peer->precision = up->shm->precision; 243 up->shm->valid = 0; 244 up->shm->nsamples = NSAMPLES; 245 pp->clockdesc = DESCRIPTION; 246 /* items to be changed later in 'shm_control()': */ 247 up->max_delay = 5; 248 up->max_delta = 4*3600; 249 return 1; 250 } else { 251 free(up); 252 pp->unitptr = NULL; 253 return 0; 254 } 255 } 256 257 258 /* 259 * shm_control - configure flag1/time2 params 260 * 261 * These are not yet available during 'shm_start', so we have to do any 262 * pre-computations we want to avoid during regular poll/timer callbacks 263 * in this callback. 264 */ 265 static void 266 shm_control( 267 int unit, 268 const struct refclockstat * in_st, 269 struct refclockstat * out_st, 270 struct peer * peer 271 ) 272 { 273 struct refclockproc * const pp = peer->procptr; 274 struct shmunit * const up = pp->unitptr; 275 276 UNUSED_ARG(unit); 277 UNUSED_ARG(in_st); 278 UNUSED_ARG(out_st); 279 if (NULL == up) 280 return; 281 if (pp->sloppyclockflag & CLK_FLAG1) 282 up->max_delta = 0; 283 else if (pp->fudgetime2 < 1. || pp->fudgetime2 > 86400.) 284 up->max_delta = 4*3600; 285 else 286 up->max_delta = (time_t)floor(pp->fudgetime2 + 0.5); 287 } 288 289 290 /* 291 * shm_shutdown - shut down the clock 292 */ 293 static void 294 shm_shutdown( 295 int unit, 296 struct peer *peer 297 ) 298 { 299 struct refclockproc * const pp = peer->procptr; 300 struct shmunit * const up = pp->unitptr; 301 302 UNUSED_ARG(unit); 303 if (NULL == up) 304 return; 305 #ifndef SYS_WINNT 306 307 /* HMS: shmdt() wants char* or const void * */ 308 (void)shmdt((char *)up->shm); 309 310 #else 311 312 UnmapViewOfFile(up->shm); 313 314 #endif 315 free(up); 316 } 317 318 319 /* 320 * shm_poll - called by the transmit procedure 321 */ 322 static void 323 shm_poll( 324 int unit, 325 struct peer *peer 326 ) 327 { 328 struct refclockproc * const pp = peer->procptr; 329 struct shmunit * const up = pp->unitptr; 330 int major_error; 331 332 pp->polls++; 333 334 /* get dominant reason if we have no samples at all */ 335 major_error = max(up->notready, up->bad); 336 major_error = max(major_error, up->clash); 337 338 /* 339 * Process median filter samples. If none received, see what 340 * happened, tell the core and keep going. 341 */ 342 if (pp->coderecv != pp->codeproc) { 343 /* have some samples, everything OK */ 344 pp->lastref = pp->lastrec; 345 refclock_report(peer, CEVNT_NOMINAL); 346 refclock_receive(peer); 347 } else if (NULL == up->shm) { /* is this possible at all? */ 348 /* we're out of business without SHM access */ 349 refclock_report(peer, CEVNT_FAULT); 350 } else if (major_error == up->clash) { 351 /* too many collisions is like a bad signal */ 352 refclock_report(peer, CEVNT_PROP); 353 } else if (major_error == up->bad) { 354 /* too much stale/bad/garbled data */ 355 refclock_report(peer, CEVNT_BADREPLY); 356 } else { 357 /* in any other case assume it's just a timeout */ 358 refclock_report(peer, CEVNT_TIMEOUT); 359 } 360 /* shm_clockstats() clears the tallies, so it must be last... */ 361 shm_clockstats(unit, peer); 362 } 363 364 365 enum segstat_t { 366 OK, NO_SEGMENT, NOT_READY, BAD_MODE, CLASH 367 }; 368 369 struct shm_stat_t { 370 int status; 371 int mode; 372 struct timespec tvc, tvr, tvt; 373 int precision; 374 int leap; 375 }; 376 377 static inline void memory_barrier(void) 378 { 379 #ifdef HAVE_ATOMIC_THREAD_FENCE 380 atomic_thread_fence(memory_order_seq_cst); 381 #endif /* HAVE_ATOMIC_THREAD_FENCE */ 382 } 383 384 static enum segstat_t shm_query(volatile struct shmTime *shm_in, struct shm_stat_t *shm_stat) 385 /* try to grab a sample from the specified SHM segment */ 386 { 387 struct shmTime shmcopy; 388 volatile struct shmTime *shm = shm_in; 389 volatile int cnt; 390 391 unsigned int cns_new, rns_new; 392 393 /* 394 * This is the main routine. It snatches the time from the shm 395 * board and tacks on a local timestamp. 396 */ 397 if (shm == NULL) { 398 shm_stat->status = NO_SEGMENT; 399 return NO_SEGMENT; 400 } 401 402 /*@-type@*//* splint is confused about struct timespec */ 403 shm_stat->tvc.tv_sec = shm_stat->tvc.tv_nsec = 0; 404 { 405 time_t now; 406 407 time(&now); 408 shm_stat->tvc.tv_sec = now; 409 } 410 411 /* relying on word access to be atomic here */ 412 if (shm->valid == 0) { 413 shm_stat->status = NOT_READY; 414 return NOT_READY; 415 } 416 417 cnt = shm->count; 418 419 /* 420 * This is proof against concurrency issues if either 421 * (a) the memory_barrier() call works on this host, or 422 * (b) memset compiles to an uninterruptible single-instruction bitblt. 423 */ 424 memory_barrier(); 425 memcpy(&shmcopy, (void*)(uintptr_t)shm, sizeof(struct shmTime)); 426 shm->valid = 0; 427 memory_barrier(); 428 429 /* 430 * Clash detection in case neither (a) nor (b) was true. 431 * Not supported in mode 0, and word access to the count field 432 * must be atomic for this to work. 433 */ 434 if (shmcopy.mode > 0 && cnt != shm->count) { 435 shm_stat->status = CLASH; 436 return shm_stat->status; 437 } 438 439 shm_stat->status = OK; 440 shm_stat->mode = shmcopy.mode; 441 442 switch (shmcopy.mode) { 443 case 0: 444 shm_stat->tvr.tv_sec = shmcopy.receiveTimeStampSec; 445 shm_stat->tvr.tv_nsec = shmcopy.receiveTimeStampUSec * 1000; 446 rns_new = shmcopy.receiveTimeStampNSec; 447 shm_stat->tvt.tv_sec = shmcopy.clockTimeStampSec; 448 shm_stat->tvt.tv_nsec = shmcopy.clockTimeStampUSec * 1000; 449 cns_new = shmcopy.clockTimeStampNSec; 450 451 /* Since the following comparisons are between unsigned 452 ** variables they are always well defined, and any 453 ** (signed) underflow will turn into very large unsigned 454 ** values, well above the 1000 cutoff. 455 ** 456 ** Note: The usecs *must* be a *truncated* 457 ** representation of the nsecs. This code will fail for 458 ** *rounded* usecs, and the logic to deal with 459 ** wrap-arounds in the presence of rounded values is 460 ** much more convoluted. 461 */ 462 if ( ((cns_new - (unsigned)shm_stat->tvt.tv_nsec) < 1000) 463 && ((rns_new - (unsigned)shm_stat->tvr.tv_nsec) < 1000)) { 464 shm_stat->tvt.tv_nsec = cns_new; 465 shm_stat->tvr.tv_nsec = rns_new; 466 } 467 /* At this point shm_stat->tvr and shm_stat->tvt contain valid ns-level 468 ** timestamps, possibly generated by extending the old 469 ** us-level timestamps 470 */ 471 break; 472 473 case 1: 474 475 shm_stat->tvr.tv_sec = shmcopy.receiveTimeStampSec; 476 shm_stat->tvr.tv_nsec = shmcopy.receiveTimeStampUSec * 1000; 477 rns_new = shmcopy.receiveTimeStampNSec; 478 shm_stat->tvt.tv_sec = shmcopy.clockTimeStampSec; 479 shm_stat->tvt.tv_nsec = shmcopy.clockTimeStampUSec * 1000; 480 cns_new = shmcopy.clockTimeStampNSec; 481 482 /* See the case above for an explanation of the 483 ** following test. 484 */ 485 if ( ((cns_new - (unsigned)shm_stat->tvt.tv_nsec) < 1000) 486 && ((rns_new - (unsigned)shm_stat->tvr.tv_nsec) < 1000)) { 487 shm_stat->tvt.tv_nsec = cns_new; 488 shm_stat->tvr.tv_nsec = rns_new; 489 } 490 /* At this point shm_stat->tvr and shm_stat->tvt contains valid ns-level 491 ** timestamps, possibly generated by extending the old 492 ** us-level timestamps 493 */ 494 break; 495 496 default: 497 shm_stat->status = BAD_MODE; 498 break; 499 } 500 /*@-type@*/ 501 502 /* 503 * leap field is not a leap offset but a leap notification code. 504 * The values are magic numbers used by NTP and set by GPSD, if at all, in 505 * the subframe code. 506 */ 507 shm_stat->leap = shmcopy.leap; 508 shm_stat->precision = shmcopy.precision; 509 510 return shm_stat->status; 511 } 512 513 /* 514 * shm_timer - called once every second. 515 * 516 * This tries to grab a sample from the SHM segment, filtering bad ones 517 */ 518 static void 519 shm_timer( 520 int unit, 521 struct peer *peer 522 ) 523 { 524 struct refclockproc * const pp = peer->procptr; 525 struct shmunit * const up = pp->unitptr; 526 527 volatile struct shmTime *shm; 528 529 l_fp tsrcv; 530 l_fp tsref; 531 int c; 532 533 /* for formatting 'a_lastcode': */ 534 struct calendar cd; 535 time_t tt; 536 vint64 ts; 537 538 enum segstat_t status; 539 struct shm_stat_t shm_stat; 540 541 up->ticks++; 542 if ((shm = up->shm) == NULL) { 543 /* try to map again - this may succeed if meanwhile some- 544 body has ipcrm'ed the old (unaccessible) shared mem segment */ 545 shm = up->shm = getShmTime(unit, up->forall); 546 if (shm == NULL) { 547 DPRINTF(1, ("%s: no SHM segment\n", 548 refnumtoa(&peer->srcadr))); 549 return; 550 } 551 } 552 553 /* query the segment, atomically */ 554 status = shm_query(shm, &shm_stat); 555 556 switch (status) { 557 case OK: 558 DPRINTF(2, ("%s: SHM type %d sample\n", 559 refnumtoa(&peer->srcadr), shm_stat.mode)); 560 break; 561 case NO_SEGMENT: 562 /* should never happen, but is harmless */ 563 return; 564 case NOT_READY: 565 DPRINTF(1, ("%s: SHM not ready\n",refnumtoa(&peer->srcadr))); 566 up->notready++; 567 return; 568 case BAD_MODE: 569 DPRINTF(1, ("%s: SHM type blooper, mode=%d\n", 570 refnumtoa(&peer->srcadr), shm->mode)); 571 up->bad++; 572 msyslog (LOG_ERR, "SHM: bad mode found in shared memory: %d", 573 shm->mode); 574 return; 575 case CLASH: 576 DPRINTF(1, ("%s: type 1 access clash\n", 577 refnumtoa(&peer->srcadr))); 578 msyslog (LOG_NOTICE, "SHM: access clash in shared memory"); 579 up->clash++; 580 return; 581 default: 582 DPRINTF(1, ("%s: internal error, unknown SHM fetch status\n", 583 refnumtoa(&peer->srcadr))); 584 msyslog (LOG_NOTICE, "internal error, unknown SHM fetch status"); 585 up->bad++; 586 return; 587 } 588 589 590 /* format the last time code in human-readable form into 591 * 'pp->a_lastcode'. Someone claimed: "NetBSD has incompatible 592 * tv_sec". I can't find a base for this claim, but we can work 593 * around that potential problem. BTW, simply casting a pointer 594 * is a receipe for disaster on some architectures. 595 */ 596 tt = (time_t)shm_stat.tvt.tv_sec; 597 ts = time_to_vint64(&tt); 598 ntpcal_time_to_date(&cd, &ts); 599 600 /* add ntpq -c cv timecode in ISO 8601 format */ 601 c = snprintf(pp->a_lastcode, sizeof(pp->a_lastcode), 602 "%04u-%02u-%02uT%02u:%02u:%02u.%09ldZ", 603 cd.year, cd.month, cd.monthday, 604 cd.hour, cd.minute, cd.second, 605 (long)shm_stat.tvt.tv_nsec); 606 pp->lencode = (c > 0 && (size_t)c < sizeof(pp->a_lastcode)) ? c : 0; 607 608 /* check 1: age control of local time stamp */ 609 tt = shm_stat.tvc.tv_sec - shm_stat.tvr.tv_sec; 610 if (tt < 0 || tt > up->max_delay) { 611 DPRINTF(1, ("%s:SHM stale/bad receive time, delay=%llds\n", 612 refnumtoa(&peer->srcadr), (long long)tt)); 613 up->bad++; 614 msyslog (LOG_ERR, "SHM: stale/bad receive time, delay=%llds", 615 (long long)tt); 616 return; 617 } 618 619 /* check 2: delta check */ 620 tt = shm_stat.tvr.tv_sec - shm_stat.tvt.tv_sec - (shm_stat.tvr.tv_nsec < shm_stat.tvt.tv_nsec); 621 if (tt < 0) 622 tt = -tt; 623 if (up->max_delta > 0 && tt > up->max_delta) { 624 DPRINTF(1, ("%s: SHM diff limit exceeded, delta=%llds\n", 625 refnumtoa(&peer->srcadr), (long long)tt)); 626 up->bad++; 627 msyslog (LOG_ERR, "SHM: difference limit exceeded, delta=%llds\n", 628 (long long)tt); 629 return; 630 } 631 632 /* if we really made it to this point... we're winners! */ 633 DPRINTF(2, ("%s: SHM feeding data\n", 634 refnumtoa(&peer->srcadr))); 635 tsrcv = tspec_stamp_to_lfp(shm_stat.tvr); 636 tsref = tspec_stamp_to_lfp(shm_stat.tvt); 637 pp->leap = shm_stat.leap; 638 peer->precision = shm_stat.precision; 639 refclock_process_offset(pp, tsref, tsrcv, pp->fudgetime1); 640 up->good++; 641 } 642 643 /* 644 * shm_clockstats - dump and reset counters 645 */ 646 static void shm_clockstats( 647 int unit, 648 struct peer *peer 649 ) 650 { 651 struct refclockproc * const pp = peer->procptr; 652 struct shmunit * const up = pp->unitptr; 653 654 UNUSED_ARG(unit); 655 if (pp->sloppyclockflag & CLK_FLAG4) { 656 mprintf_clock_stats( 657 &peer->srcadr, "%3d %3d %3d %3d %3d", 658 up->ticks, up->good, up->notready, 659 up->bad, up->clash); 660 } 661 up->ticks = up->good = up->notready = up->bad = up->clash = 0; 662 } 663 664 #else 665 NONEMPTY_TRANSLATION_UNIT 666 #endif /* REFCLOCK */ 667