1 /* $OpenBSD: kern_time.c,v 1.34 2003/06/02 23:28:06 millert Exp $ */ 2 /* $NetBSD: kern_time.c,v 1.20 1996/02/18 11:57:06 fvdl Exp $ */ 3 4 /* 5 * Copyright (c) 1982, 1986, 1989, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * @(#)kern_time.c 8.4 (Berkeley) 5/26/95 33 */ 34 35 #include <sys/param.h> 36 #include <sys/resourcevar.h> 37 #include <sys/kernel.h> 38 #include <sys/systm.h> 39 #include <sys/proc.h> 40 #include <sys/vnode.h> 41 #include <sys/signalvar.h> 42 43 #include <sys/mount.h> 44 #include <sys/syscallargs.h> 45 46 #include <machine/cpu.h> 47 48 int settime(struct timeval *); 49 void itimerround(struct timeval *); 50 51 /* 52 * Time of day and interval timer support. 53 * 54 * These routines provide the kernel entry points to get and set 55 * the time-of-day and per-process interval timers. Subroutines 56 * here provide support for adding and subtracting timeval structures 57 * and decrementing interval timers, optionally reloading the interval 58 * timers when they expire. 59 */ 60 61 /* This function is used by clock_settime and settimeofday */ 62 int 63 settime(struct timeval *tv) 64 { 65 struct timeval delta; 66 int s; 67 68 /* 69 * Don't allow the time to be set forward so far it will wrap 70 * and become negative, thus allowing an attacker to bypass 71 * the next check below. The cutoff is 1 year before rollover 72 * occurs, so even if the attacker uses adjtime(2) to move 73 * the time past the cutoff, it will take a very long time 74 * to get to the wrap point. 75 * 76 * XXX: we check against INT_MAX since on 64-bit 77 * platforms, sizeof(int) != sizeof(long) and 78 * time_t is 32 bits even when atv.tv_sec is 64 bits. 79 */ 80 if (tv->tv_sec > INT_MAX - 365*24*60*60) { 81 printf("denied attempt to set clock forward to %ld\n", 82 tv->tv_sec); 83 return (EPERM); 84 } 85 /* 86 * If the system is secure, we do not allow the time to be 87 * set to an earlier value (it may be slowed using adjtime, 88 * but not set back). This feature prevent interlopers from 89 * setting arbitrary time stamps on files. 90 */ 91 if (securelevel > 1 && timercmp(tv, &time, <)) { 92 printf("denied attempt to set clock back %ld seconds\n", 93 time.tv_sec - tv->tv_sec); 94 return (EPERM); 95 } 96 97 /* WHAT DO WE DO ABOUT PENDING REAL-TIME TIMEOUTS??? */ 98 s = splclock(); 99 timersub(tv, &time, &delta); 100 time = *tv; 101 timeradd(&boottime, &delta, &boottime); 102 timeradd(&runtime, &delta, &runtime); 103 splx(s); 104 resettodr(); 105 106 return (0); 107 } 108 109 /* ARGSUSED */ 110 int 111 sys_clock_gettime(p, v, retval) 112 struct proc *p; 113 void *v; 114 register_t *retval; 115 { 116 register struct sys_clock_gettime_args /* { 117 syscallarg(clockid_t) clock_id; 118 syscallarg(struct timespec *) tp; 119 } */ *uap = v; 120 clockid_t clock_id; 121 struct timeval atv; 122 struct timespec ats; 123 124 clock_id = SCARG(uap, clock_id); 125 if (clock_id != CLOCK_REALTIME) 126 return (EINVAL); 127 128 microtime(&atv); 129 TIMEVAL_TO_TIMESPEC(&atv,&ats); 130 131 return copyout(&ats, SCARG(uap, tp), sizeof(ats)); 132 } 133 134 /* ARGSUSED */ 135 int 136 sys_clock_settime(p, v, retval) 137 struct proc *p; 138 void *v; 139 register_t *retval; 140 { 141 register struct sys_clock_settime_args /* { 142 syscallarg(clockid_t) clock_id; 143 syscallarg(const struct timespec *) tp; 144 } */ *uap = v; 145 clockid_t clock_id; 146 struct timeval atv; 147 struct timespec ats; 148 int error; 149 150 if ((error = suser(p->p_ucred, &p->p_acflag)) != 0) 151 return (error); 152 153 clock_id = SCARG(uap, clock_id); 154 if (clock_id != CLOCK_REALTIME) 155 return (EINVAL); 156 157 if ((error = copyin(SCARG(uap, tp), &ats, sizeof(ats))) != 0) 158 return (error); 159 160 TIMESPEC_TO_TIMEVAL(&atv,&ats); 161 162 error = settime(&atv); 163 164 return (error); 165 } 166 167 int 168 sys_clock_getres(p, v, retval) 169 struct proc *p; 170 void *v; 171 register_t *retval; 172 { 173 register struct sys_clock_getres_args /* { 174 syscallarg(clockid_t) clock_id; 175 syscallarg(struct timespec *) tp; 176 } */ *uap = v; 177 clockid_t clock_id; 178 struct timespec ts; 179 int error = 0; 180 181 clock_id = SCARG(uap, clock_id); 182 if (clock_id != CLOCK_REALTIME) 183 return (EINVAL); 184 185 if (SCARG(uap, tp)) { 186 ts.tv_sec = 0; 187 ts.tv_nsec = 1000000000 / hz; 188 189 error = copyout(&ts, SCARG(uap, tp), sizeof (ts)); 190 } 191 192 return error; 193 } 194 195 /* ARGSUSED */ 196 int 197 sys_nanosleep(p, v, retval) 198 struct proc *p; 199 void *v; 200 register_t *retval; 201 { 202 static int nanowait; 203 struct sys_nanosleep_args/* { 204 syscallarg(const struct timespec *) rqtp; 205 syscallarg(struct timespec *) rmtp; 206 } */ *uap = v; 207 struct timespec rqt; 208 struct timespec rmt; 209 struct timeval stv, etv, atv; 210 int error, s, timo; 211 212 error = copyin((const void *)SCARG(uap, rqtp), (void *)&rqt, 213 sizeof(struct timespec)); 214 if (error) 215 return (error); 216 217 TIMESPEC_TO_TIMEVAL(&atv,&rqt) 218 if (itimerfix(&atv)) 219 return (EINVAL); 220 221 if (SCARG(uap, rmtp)) { 222 s = splclock(); 223 stv = mono_time; 224 splx(s); 225 } 226 227 timo = tvtohz(&atv); 228 229 /* Avoid sleeping forever. */ 230 if (timo <= 0) 231 timo = 1; 232 233 error = tsleep(&nanowait, PWAIT | PCATCH, "nanosleep", timo); 234 if (error == ERESTART) 235 error = EINTR; 236 if (error == EWOULDBLOCK) 237 error = 0; 238 239 if (SCARG(uap, rmtp)) { 240 int error; 241 242 s = splclock(); 243 etv = mono_time; 244 splx(s); 245 246 timersub(&etv, &stv, &stv); 247 timersub(&atv, &stv, &atv); 248 249 if (atv.tv_sec < 0) 250 timerclear(&atv); 251 252 TIMEVAL_TO_TIMESPEC(&atv, &rmt); 253 error = copyout((void *)&rmt, (void *)SCARG(uap,rmtp), 254 sizeof(rmt)); 255 if (error) 256 return (error); 257 } 258 259 return error; 260 } 261 262 /* ARGSUSED */ 263 int 264 sys_gettimeofday(p, v, retval) 265 struct proc *p; 266 void *v; 267 register_t *retval; 268 { 269 register struct sys_gettimeofday_args /* { 270 syscallarg(struct timeval *) tp; 271 syscallarg(struct timezone *) tzp; 272 } */ *uap = v; 273 struct timeval atv; 274 int error = 0; 275 276 if (SCARG(uap, tp)) { 277 microtime(&atv); 278 if ((error = copyout((void *)&atv, (void *)SCARG(uap, tp), 279 sizeof (atv)))) 280 return (error); 281 } 282 if (SCARG(uap, tzp)) 283 error = copyout((void *)&tz, (void *)SCARG(uap, tzp), 284 sizeof (tz)); 285 return (error); 286 } 287 288 /* ARGSUSED */ 289 int 290 sys_settimeofday(p, v, retval) 291 struct proc *p; 292 void *v; 293 register_t *retval; 294 { 295 struct sys_settimeofday_args /* { 296 syscallarg(struct timeval *) tv; 297 syscallarg(struct timezone *) tzp; 298 } */ *uap = v; 299 struct timeval atv; 300 struct timezone atz; 301 int error; 302 303 if ((error = suser(p->p_ucred, &p->p_acflag))) 304 return (error); 305 /* Verify all parameters before changing time. */ 306 if (SCARG(uap, tv) && (error = copyin((void *)SCARG(uap, tv), 307 (void *)&atv, sizeof(atv)))) 308 return (error); 309 if (SCARG(uap, tzp) && (error = copyin((void *)SCARG(uap, tzp), 310 (void *)&atz, sizeof(atz)))) 311 return (error); 312 if (SCARG(uap, tv)) { 313 if ((error = settime(&atv)) != 0) 314 return (error); 315 } 316 if (SCARG(uap, tzp)) 317 tz = atz; 318 return (0); 319 } 320 321 int tickdelta; /* current clock skew, us. per tick */ 322 long timedelta; /* unapplied time correction, us. */ 323 long bigadj = 1000000; /* use 10x skew above bigadj us. */ 324 325 /* ARGSUSED */ 326 int 327 sys_adjtime(p, v, retval) 328 struct proc *p; 329 void *v; 330 register_t *retval; 331 { 332 register struct sys_adjtime_args /* { 333 syscallarg(struct timeval *) delta; 334 syscallarg(struct timeval *) olddelta; 335 } */ *uap = v; 336 struct timeval atv; 337 register long ndelta, ntickdelta, odelta; 338 int s, error; 339 340 if ((error = suser(p->p_ucred, &p->p_acflag))) 341 return (error); 342 if ((error = copyin((void *)SCARG(uap, delta), (void *)&atv, 343 sizeof(struct timeval)))) 344 return (error); 345 346 /* 347 * Compute the total correction and the rate at which to apply it. 348 * Round the adjustment down to a whole multiple of the per-tick 349 * delta, so that after some number of incremental changes in 350 * hardclock(), tickdelta will become zero, lest the correction 351 * overshoot and start taking us away from the desired final time. 352 */ 353 ndelta = atv.tv_sec * 1000000 + atv.tv_usec; 354 if (ndelta > bigadj) 355 ntickdelta = 10 * tickadj; 356 else 357 ntickdelta = tickadj; 358 if (ndelta % ntickdelta) 359 ndelta = ndelta / ntickdelta * ntickdelta; 360 361 /* 362 * To make hardclock()'s job easier, make the per-tick delta negative 363 * if we want time to run slower; then hardclock can simply compute 364 * tick + tickdelta, and subtract tickdelta from timedelta. 365 */ 366 if (ndelta < 0) 367 ntickdelta = -ntickdelta; 368 s = splclock(); 369 odelta = timedelta; 370 timedelta = ndelta; 371 tickdelta = ntickdelta; 372 splx(s); 373 374 if (SCARG(uap, olddelta)) { 375 atv.tv_sec = odelta / 1000000; 376 atv.tv_usec = odelta % 1000000; 377 if ((error = copyout((void *)&atv, (void *)SCARG(uap, olddelta), 378 sizeof(struct timeval)))) 379 return (error); 380 } 381 return (0); 382 } 383 384 /* 385 * Get value of an interval timer. The process virtual and 386 * profiling virtual time timers are kept in the p_stats area, since 387 * they can be swapped out. These are kept internally in the 388 * way they are specified externally: in time until they expire. 389 * 390 * The real time interval timer is kept in the process table slot 391 * for the process, and its value (it_value) is kept as an 392 * absolute time rather than as a delta, so that it is easy to keep 393 * periodic real-time signals from drifting. 394 * 395 * Virtual time timers are processed in the hardclock() routine of 396 * kern_clock.c. The real time timer is processed by a timeout 397 * routine, called from the softclock() routine. Since a callout 398 * may be delayed in real time due to interrupt processing in the system, 399 * it is possible for the real time timeout routine (realitexpire, given below), 400 * to be delayed in real time past when it is supposed to occur. It 401 * does not suffice, therefore, to reload the real timer .it_value from the 402 * real time timers .it_interval. Rather, we compute the next time in 403 * absolute time the timer should go off. 404 */ 405 /* ARGSUSED */ 406 int 407 sys_getitimer(p, v, retval) 408 struct proc *p; 409 void *v; 410 register_t *retval; 411 { 412 register struct sys_getitimer_args /* { 413 syscallarg(int) which; 414 syscallarg(struct itimerval *) itv; 415 } */ *uap = v; 416 struct itimerval aitv; 417 int s; 418 419 if (SCARG(uap, which) < ITIMER_REAL || SCARG(uap, which) > ITIMER_PROF) 420 return (EINVAL); 421 s = splclock(); 422 if (SCARG(uap, which) == ITIMER_REAL) { 423 /* 424 * Convert from absolute to relative time in .it_value 425 * part of real time timer. If time for real time timer 426 * has passed return 0, else return difference between 427 * current time and time for the timer to go off. 428 */ 429 aitv = p->p_realtimer; 430 if (timerisset(&aitv.it_value)) { 431 if (timercmp(&aitv.it_value, &time, <)) 432 timerclear(&aitv.it_value); 433 else 434 timersub(&aitv.it_value, &time, 435 &aitv.it_value); 436 } 437 } else 438 aitv = p->p_stats->p_timer[SCARG(uap, which)]; 439 splx(s); 440 return (copyout((void *)&aitv, (void *)SCARG(uap, itv), 441 sizeof (struct itimerval))); 442 } 443 444 /* ARGSUSED */ 445 int 446 sys_setitimer(p, v, retval) 447 struct proc *p; 448 register void *v; 449 register_t *retval; 450 { 451 register struct sys_setitimer_args /* { 452 syscallarg(int) which; 453 syscallarg(struct itimerval *) itv; 454 syscallarg(struct itimerval *) oitv; 455 } */ *uap = v; 456 struct itimerval aitv; 457 register const struct itimerval *itvp; 458 int s, error; 459 int timo; 460 461 if (SCARG(uap, which) < ITIMER_REAL || SCARG(uap, which) > ITIMER_PROF) 462 return (EINVAL); 463 itvp = SCARG(uap, itv); 464 if (itvp && (error = copyin((void *)itvp, (void *)&aitv, 465 sizeof(struct itimerval)))) 466 return (error); 467 if ((SCARG(uap, itv) = SCARG(uap, oitv)) && 468 (error = sys_getitimer(p, uap, retval))) 469 return (error); 470 if (itvp == 0) 471 return (0); 472 if (itimerfix(&aitv.it_value) || itimerfix(&aitv.it_interval)) 473 return (EINVAL); 474 s = splclock(); 475 if (SCARG(uap, which) == ITIMER_REAL) { 476 timeout_del(&p->p_realit_to); 477 if (timerisset(&aitv.it_value)) { 478 timeradd(&aitv.it_value, &time, &aitv.it_value); 479 timo = hzto(&aitv.it_value); 480 if (timo <= 0) 481 timo = 1; 482 timeout_add(&p->p_realit_to, timo); 483 } 484 p->p_realtimer = aitv; 485 } else { 486 itimerround(&aitv.it_interval); 487 p->p_stats->p_timer[SCARG(uap, which)] = aitv; 488 } 489 splx(s); 490 return (0); 491 } 492 493 /* 494 * Real interval timer expired: 495 * send process whose timer expired an alarm signal. 496 * If time is not set up to reload, then just return. 497 * Else compute next time timer should go off which is > current time. 498 * This is where delay in processing this timeout causes multiple 499 * SIGALRM calls to be compressed into one. 500 */ 501 void 502 realitexpire(arg) 503 void *arg; 504 { 505 register struct proc *p; 506 int s, timo; 507 508 p = (struct proc *)arg; 509 psignal(p, SIGALRM); 510 if (!timerisset(&p->p_realtimer.it_interval)) { 511 timerclear(&p->p_realtimer.it_value); 512 return; 513 } 514 for (;;) { 515 s = splclock(); 516 timeradd(&p->p_realtimer.it_value, 517 &p->p_realtimer.it_interval, &p->p_realtimer.it_value); 518 if (timercmp(&p->p_realtimer.it_value, &time, >)) { 519 timo = hzto(&p->p_realtimer.it_value); 520 if (timo <= 0) 521 timo = 1; 522 timeout_add(&p->p_realit_to, timo); 523 splx(s); 524 return; 525 } 526 splx(s); 527 } 528 } 529 530 /* 531 * Check that a proposed value to load into the .it_value or 532 * .it_interval part of an interval timer is acceptable. 533 */ 534 int 535 itimerfix(tv) 536 struct timeval *tv; 537 { 538 539 if (tv->tv_sec < 0 || tv->tv_sec > 100000000 || 540 tv->tv_usec < 0 || tv->tv_usec >= 1000000) 541 return (EINVAL); 542 543 return (0); 544 } 545 546 /* 547 * Timer interval smaller than the resolution of the system clock are 548 * rounded up. 549 */ 550 void 551 itimerround(tv) 552 struct timeval *tv; 553 { 554 if (tv->tv_sec == 0 && tv->tv_usec < tick) 555 tv->tv_usec = tick; 556 } 557 558 /* 559 * Decrement an interval timer by a specified number 560 * of microseconds, which must be less than a second, 561 * i.e. < 1000000. If the timer expires, then reload 562 * it. In this case, carry over (usec - old value) to 563 * reduce the value reloaded into the timer so that 564 * the timer does not drift. This routine assumes 565 * that it is called in a context where the timers 566 * on which it is operating cannot change in value. 567 */ 568 int 569 itimerdecr(itp, usec) 570 register struct itimerval *itp; 571 int usec; 572 { 573 574 if (itp->it_value.tv_usec < usec) { 575 if (itp->it_value.tv_sec == 0) { 576 /* expired, and already in next interval */ 577 usec -= itp->it_value.tv_usec; 578 goto expire; 579 } 580 itp->it_value.tv_usec += 1000000; 581 itp->it_value.tv_sec--; 582 } 583 itp->it_value.tv_usec -= usec; 584 usec = 0; 585 if (timerisset(&itp->it_value)) 586 return (1); 587 /* expired, exactly at end of interval */ 588 expire: 589 if (timerisset(&itp->it_interval)) { 590 itp->it_value = itp->it_interval; 591 itp->it_value.tv_usec -= usec; 592 if (itp->it_value.tv_usec < 0) { 593 itp->it_value.tv_usec += 1000000; 594 itp->it_value.tv_sec--; 595 } 596 } else 597 itp->it_value.tv_usec = 0; /* sec is already 0 */ 598 return (0); 599 } 600 601 /* 602 * ratecheck(): simple time-based rate-limit checking. see ratecheck(9) 603 * for usage and rationale. 604 */ 605 int 606 ratecheck(lasttime, mininterval) 607 struct timeval *lasttime; 608 const struct timeval *mininterval; 609 { 610 struct timeval tv, delta; 611 int s, rv = 0; 612 613 s = splclock(); 614 tv = mono_time; 615 splx(s); 616 617 timersub(&tv, lasttime, &delta); 618 619 /* 620 * check for 0,0 is so that the message will be seen at least once, 621 * even if interval is huge. 622 */ 623 if (timercmp(&delta, mininterval, >=) || 624 (lasttime->tv_sec == 0 && lasttime->tv_usec == 0)) { 625 *lasttime = tv; 626 rv = 1; 627 } 628 629 return (rv); 630 } 631 632 /* 633 * ppsratecheck(): packets (or events) per second limitation. 634 */ 635 int 636 ppsratecheck(lasttime, curpps, maxpps) 637 struct timeval *lasttime; 638 int *curpps; 639 int maxpps; /* maximum pps allowed */ 640 { 641 struct timeval tv, delta; 642 int s, rv; 643 644 s = splclock(); 645 tv = mono_time; 646 splx(s); 647 648 timersub(&tv, lasttime, &delta); 649 650 /* 651 * check for 0,0 is so that the message will be seen at least once. 652 * if more than one second have passed since the last update of 653 * lasttime, reset the counter. 654 * 655 * we do increment *curpps even in *curpps < maxpps case, as some may 656 * try to use *curpps for stat purposes as well. 657 */ 658 if ((lasttime->tv_sec == 0 && lasttime->tv_usec == 0) || 659 delta.tv_sec >= 1) { 660 *lasttime = tv; 661 *curpps = 0; 662 rv = 1; 663 } else if (maxpps < 0) 664 rv = 1; 665 else if (*curpps < maxpps) 666 rv = 1; 667 else 668 rv = 0; 669 670 #if 1 /*DIAGNOSTIC?*/ 671 /* be careful about wrap-around */ 672 if (*curpps + 1 > *curpps) 673 *curpps = *curpps + 1; 674 #else 675 /* 676 * assume that there's not too many calls to this function. 677 * not sure if the assumption holds, as it depends on *caller's* 678 * behavior, not the behavior of this function. 679 * IMHO it is wrong to make assumption on the caller's behavior, 680 * so the above #if is #if 1, not #ifdef DIAGNOSTIC. 681 */ 682 *curpps = *curpps + 1; 683 #endif 684 685 return (rv); 686 } 687