X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/89b3af67bb32e691275bf6fa803d1834b2284115..4bd07ac2140668789aa3ee8ec4dde4a3e0a3bba5:/bsd/kern/kern_time.c diff --git a/bsd/kern/kern_time.c b/bsd/kern/kern_time.c index 906ba9ead..5da44690a 100644 --- a/bsd/kern/kern_time.c +++ b/bsd/kern/kern_time.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2005 Apple Computer, Inc. All rights reserved. + * Copyright (c) 2000-2008 Apple Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * @@ -60,6 +60,12 @@ * * @(#)kern_time.c 8.4 (Berkeley) 5/26/95 */ +/* + * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce + * support for mandatory and extensible security protections. This notice + * is included in support of clause 2.2 (b) of the Apple Public License, + * Version 2.0. + */ #include #include @@ -68,13 +74,20 @@ #include #include #include +#include +#include #include #include #include +#include /* for net_uptime2timeval() */ #include +#include #include +#if CONFIG_MACF +#include +#endif #define HZ 100 /* XXX */ @@ -103,13 +116,19 @@ int gettimeofday( __unused struct proc *p, struct gettimeofday_args *uap, - register_t *retval) + int32_t *retval) { int error = 0; struct timezone ltz; /* local copy */ - if (uap->tp) - clock_gettimeofday(&retval[0], &retval[1]); + if (uap->tp) { + clock_sec_t secs; + clock_usec_t usecs; + + clock_gettimeofday(&secs, &usecs); + retval[0] = secs; + retval[1] = usecs; + } if (uap->tzp) { lck_spin_lock(tz_slock); @@ -127,23 +146,33 @@ __unused struct proc *p, */ /* ARGSUSED */ int -settimeofday(struct proc *p, struct settimeofday_args *uap, __unused register_t *retval) +settimeofday(__unused struct proc *p, struct settimeofday_args *uap, __unused int32_t *retval) { struct timeval atv; struct timezone atz; int error; + bzero(&atv, sizeof(atv)); + +#if CONFIG_MACF + error = mac_system_check_settime(kauth_cred_get()); + if (error) + return (error); +#endif if ((error = suser(kauth_cred_get(), &p->p_acflag))) return (error); /* Verify all parameters before changing time */ if (uap->tv) { if (IS_64BIT_PROCESS(p)) { - struct user_timeval user_atv; - error = copyin(uap->tv, &user_atv, sizeof(struct user_timeval)); + struct user64_timeval user_atv; + error = copyin(uap->tv, &user_atv, sizeof(user_atv)); atv.tv_sec = user_atv.tv_sec; atv.tv_usec = user_atv.tv_usec; } else { - error = copyin(uap->tv, &atv, sizeof(struct timeval)); + struct user32_timeval user_atv; + error = copyin(uap->tv, &user_atv, sizeof(user_atv)); + atv.tv_sec = user_atv.tv_sec; + atv.tv_usec = user_atv.tv_usec; } if (error) return (error); @@ -176,20 +205,28 @@ setthetime( */ /* ARGSUSED */ int -adjtime(struct proc *p, register struct adjtime_args *uap, __unused register_t *retval) +adjtime(struct proc *p, struct adjtime_args *uap, __unused int32_t *retval) { struct timeval atv; int error; - if ((error = suser(kauth_cred_get(), &p->p_acflag))) +#if CONFIG_MACF + error = mac_system_check_settime(kauth_cred_get()); + if (error) + return (error); +#endif + if ((error = priv_check_cred(kauth_cred_get(), PRIV_ADJTIME, 0))) return (error); if (IS_64BIT_PROCESS(p)) { - struct user_timeval user_atv; - error = copyin(uap->delta, &user_atv, sizeof(struct user_timeval)); + struct user64_timeval user_atv; + error = copyin(uap->delta, &user_atv, sizeof(user_atv)); atv.tv_sec = user_atv.tv_sec; atv.tv_usec = user_atv.tv_usec; } else { - error = copyin(uap->delta, &atv, sizeof(struct timeval)); + struct user32_timeval user_atv; + error = copyin(uap->delta, &user_atv, sizeof(user_atv)); + atv.tv_sec = user_atv.tv_sec; + atv.tv_usec = user_atv.tv_usec; } if (error) return (error); @@ -197,16 +234,19 @@ adjtime(struct proc *p, register struct adjtime_args *uap, __unused register_t * /* * Compute the total correction and the rate at which to apply it. */ - clock_adjtime((int32_t *)&atv.tv_sec, &atv.tv_usec); + clock_adjtime(&atv.tv_sec, &atv.tv_usec); if (uap->olddelta) { if (IS_64BIT_PROCESS(p)) { - struct user_timeval user_atv; + struct user64_timeval user_atv; user_atv.tv_sec = atv.tv_sec; user_atv.tv_usec = atv.tv_usec; - error = copyout(&user_atv, uap->olddelta, sizeof(struct user_timeval)); + error = copyout(&user_atv, uap->olddelta, sizeof(user_atv)); } else { - error = copyout(&atv, uap->olddelta, sizeof(struct timeval)); + struct user32_timeval user_atv; + user_atv.tv_sec = atv.tv_sec; + user_atv.tv_usec = atv.tv_usec; + error = copyout(&user_atv, uap->olddelta, sizeof(user_atv)); } } @@ -245,12 +285,12 @@ inittodr( time_t boottime_sec(void) { - uint32_t sec, nanosec; - clock_get_boottime_nanotime(&sec, &nanosec); - return (sec); -} + clock_sec_t secs; + clock_nsec_t nanosecs; -uint64_t tvtoabstime(struct timeval *tvp); + clock_get_boottime_nanotime(&secs, &nanosecs); + return (secs); +} /* * Get value of an interval timer. The process virtual and @@ -261,26 +301,34 @@ uint64_t tvtoabstime(struct timeval *tvp); * is kept as an absolute time rather than as a delta, so that * it is easy to keep periodic real-time signals from drifting. * - * Virtual time timers are processed in the hardclock() routine of - * kern_clock.c. The real time timer is processed by a callout - * routine. Since a callout may be delayed in real time due to + * The real time timer is processed by a callout routine. + * Since a callout may be delayed in real time due to * other processing in the system, it is possible for the real * time callout routine (realitexpire, given below), to be delayed * in real time past when it is supposed to occur. It does not * suffice, therefore, to reload the real time .it_value from the * real time .it_interval. Rather, we compute the next time in * absolute time when the timer should go off. + * + * Returns: 0 Success + * EINVAL Invalid argument + * copyout:EFAULT Bad address */ - /* ARGSUSED */ int -getitimer(struct proc *p, register struct getitimer_args *uap, __unused register_t *retval) +getitimer(struct proc *p, struct getitimer_args *uap, __unused int32_t *retval) { struct itimerval aitv; if (uap->which > ITIMER_PROF) return(EINVAL); - if (uap->which == ITIMER_REAL) { + + bzero(&aitv, sizeof(aitv)); + + proc_spinlock(p); + switch (uap->which) { + + case ITIMER_REAL: /* * If time for real time timer has passed return 0, * else return difference between current time and @@ -300,47 +348,72 @@ getitimer(struct proc *p, register struct getitimer_args *uap, __unused register } else timerclear(&aitv.it_value); + break; + + case ITIMER_VIRTUAL: + aitv = p->p_vtimer_user; + break; + + case ITIMER_PROF: + aitv = p->p_vtimer_prof; + break; } - else - aitv = p->p_stats->p_timer[uap->which]; + + proc_spinunlock(p); if (IS_64BIT_PROCESS(p)) { - struct user_itimerval user_itv; + struct user64_itimerval user_itv; user_itv.it_interval.tv_sec = aitv.it_interval.tv_sec; user_itv.it_interval.tv_usec = aitv.it_interval.tv_usec; user_itv.it_value.tv_sec = aitv.it_value.tv_sec; user_itv.it_value.tv_usec = aitv.it_value.tv_usec; - return (copyout((caddr_t)&user_itv, uap->itv, sizeof (struct user_itimerval))); + return (copyout((caddr_t)&user_itv, uap->itv, sizeof (user_itv))); } else { - return (copyout((caddr_t)&aitv, uap->itv, sizeof (struct itimerval))); + struct user32_itimerval user_itv; + user_itv.it_interval.tv_sec = aitv.it_interval.tv_sec; + user_itv.it_interval.tv_usec = aitv.it_interval.tv_usec; + user_itv.it_value.tv_sec = aitv.it_value.tv_sec; + user_itv.it_value.tv_usec = aitv.it_value.tv_usec; + return (copyout((caddr_t)&user_itv, uap->itv, sizeof (user_itv))); } } +/* + * Returns: 0 Success + * EINVAL Invalid argument + * copyin:EFAULT Bad address + * getitimer:EINVAL Invalid argument + * getitimer:EFAULT Bad address + */ /* ARGSUSED */ int -setitimer(p, uap, retval) - struct proc *p; - register struct setitimer_args *uap; - register_t *retval; +setitimer(struct proc *p, struct setitimer_args *uap, int32_t *retval) { struct itimerval aitv; user_addr_t itvp; int error; + bzero(&aitv, sizeof(aitv)); + if (uap->which > ITIMER_PROF) return (EINVAL); if ((itvp = uap->itv)) { if (IS_64BIT_PROCESS(p)) { - struct user_itimerval user_itv; - if ((error = copyin(itvp, (caddr_t)&user_itv, sizeof (struct user_itimerval)))) + struct user64_itimerval user_itv; + if ((error = copyin(itvp, (caddr_t)&user_itv, sizeof (user_itv)))) return (error); aitv.it_interval.tv_sec = user_itv.it_interval.tv_sec; aitv.it_interval.tv_usec = user_itv.it_interval.tv_usec; aitv.it_value.tv_sec = user_itv.it_value.tv_sec; aitv.it_value.tv_usec = user_itv.it_value.tv_usec; } else { - if ((error = copyin(itvp, (caddr_t)&aitv, sizeof (struct itimerval)))) + struct user32_itimerval user_itv; + if ((error = copyin(itvp, (caddr_t)&user_itv, sizeof (user_itv)))) return (error); + aitv.it_interval.tv_sec = user_itv.it_interval.tv_sec; + aitv.it_interval.tv_usec = user_itv.it_interval.tv_usec; + aitv.it_value.tv_sec = user_itv.it_value.tv_sec; + aitv.it_value.tv_usec = user_itv.it_value.tv_usec; } } if ((uap->itv = uap->oitv) && (error = getitimer(p, (struct getitimer_args *)uap, retval))) @@ -349,22 +422,51 @@ setitimer(p, uap, retval) return (0); if (itimerfix(&aitv.it_value) || itimerfix(&aitv.it_interval)) return (EINVAL); - if (uap->which == ITIMER_REAL) { - thread_call_func_cancel((thread_call_func_t)realitexpire, (void *)p->p_pid, FALSE); + + switch (uap->which) { + + case ITIMER_REAL: + proc_spinlock(p); if (timerisset(&aitv.it_value)) { microuptime(&p->p_rtime); timevaladd(&p->p_rtime, &aitv.it_value); - thread_call_func_delayed( - (thread_call_func_t)realitexpire, (void *)p->p_pid, - tvtoabstime(&p->p_rtime)); + p->p_realtimer = aitv; + if (!thread_call_enter_delayed_with_leeway(p->p_rcall, NULL, + tvtoabstime(&p->p_rtime), 0, THREAD_CALL_DELAY_USER_NORMAL)) + p->p_ractive++; + } else { + timerclear(&p->p_rtime); + p->p_realtimer = aitv; + if (thread_call_cancel(p->p_rcall)) + p->p_ractive--; } + proc_spinunlock(p); + + break; + + + case ITIMER_VIRTUAL: + if (timerisset(&aitv.it_value)) + task_vtimer_set(p->task, TASK_VTIMER_USER); + else + task_vtimer_clear(p->task, TASK_VTIMER_USER); + + proc_spinlock(p); + p->p_vtimer_user = aitv; + proc_spinunlock(p); + break; + + case ITIMER_PROF: + if (timerisset(&aitv.it_value)) + task_vtimer_set(p->task, TASK_VTIMER_PROF); else - timerclear(&p->p_rtime); + task_vtimer_clear(p->task, TASK_VTIMER_PROF); - p->p_realtimer = aitv; + proc_spinlock(p); + p->p_vtimer_prof = aitv; + proc_spinunlock(p); + break; } - else - p->p_stats->p_timer[uap->which] = aitv; return (0); } @@ -379,85 +481,100 @@ setitimer(p, uap, retval) */ void realitexpire( - void *pid) + struct proc *p) { - register struct proc *p; - struct timeval now; - boolean_t funnel_state; - - funnel_state = thread_funnel_set(kernel_flock, TRUE); - p = pfind((pid_t)pid); - if (p == NULL) { - (void) thread_funnel_set(kernel_flock, FALSE); + struct proc *r; + struct timeval t; + + r = proc_find(p->p_pid); + + proc_spinlock(p); + + if (--p->p_ractive > 0 || r != p) { + proc_spinunlock(p); + + if (r != NULL) + proc_rele(r); return; } - + if (!timerisset(&p->p_realtimer.it_interval)) { timerclear(&p->p_rtime); - psignal(p, SIGALRM); + proc_spinunlock(p); - (void) thread_funnel_set(kernel_flock, FALSE); + psignal(p, SIGALRM); + proc_rele(p); return; } - microuptime(&now); + microuptime(&t); timevaladd(&p->p_rtime, &p->p_realtimer.it_interval); - if (timercmp(&p->p_rtime, &now, <=)) { - if ((p->p_rtime.tv_sec + 2) >= now.tv_sec) { + if (timercmp(&p->p_rtime, &t, <=)) { + if ((p->p_rtime.tv_sec + 2) >= t.tv_sec) { for (;;) { timevaladd(&p->p_rtime, &p->p_realtimer.it_interval); - if (timercmp(&p->p_rtime, &now, >)) + if (timercmp(&p->p_rtime, &t, >)) break; } } else { p->p_rtime = p->p_realtimer.it_interval; - timevaladd(&p->p_rtime, &now); + timevaladd(&p->p_rtime, &t); } } - psignal(p, SIGALRM); - - thread_call_func_delayed((thread_call_func_t)realitexpire, pid, tvtoabstime(&p->p_rtime)); + if (!thread_call_enter_delayed(p->p_rcall, tvtoabstime(&p->p_rtime))) + p->p_ractive++; + proc_spinunlock(p); - (void) thread_funnel_set(kernel_flock, FALSE); + psignal(p, SIGALRM); + proc_rele(p); } /* * Check that a proposed value to load into the .it_value or - * .it_interval part of an interval timer is acceptable, and - * fix it to have at least minimal value (i.e. if it is less - * than the resolution of the clock, round it up.) + * .it_interval part of an interval timer is acceptable. */ int -itimerfix(tv) - struct timeval *tv; +itimerfix( + struct timeval *tv) { if (tv->tv_sec < 0 || tv->tv_sec > 100000000 || tv->tv_usec < 0 || tv->tv_usec >= 1000000) return (EINVAL); - if (tv->tv_sec == 0 && tv->tv_usec != 0 && tv->tv_usec < tick) - tv->tv_usec = tick; return (0); } +int +timespec_is_valid(const struct timespec *ts) +{ + /* The INT32_MAX limit ensures the timespec is safe for clock_*() functions + * which accept 32-bit ints. */ + if (ts->tv_sec < 0 || ts->tv_sec > INT32_MAX || + ts->tv_nsec < 0 || (unsigned long long)ts->tv_nsec > NSEC_PER_SEC) { + return 0; + } + return 1; +} + /* * Decrement an interval timer by a specified number * of microseconds, which must be less than a second, * i.e. < 1000000. If the timer expires, then reload * it. In this case, carry over (usec - old value) to - * reducint the value reloaded into the timer so that + * reduce the value reloaded into the timer so that * the timer does not drift. This routine assumes * that it is called in a context where the timers * on which it is operating cannot change in value. */ int -itimerdecr(itp, usec) - register struct itimerval *itp; - int usec; +itimerdecr(proc_t p, + struct itimerval *itp, int usec) { + proc_spinlock(p); + if (itp->it_value.tv_usec < usec) { if (itp->it_value.tv_sec == 0) { /* expired, and already in next interval */ @@ -469,19 +586,24 @@ itimerdecr(itp, usec) } itp->it_value.tv_usec -= usec; usec = 0; - if (timerisset(&itp->it_value)) + if (timerisset(&itp->it_value)) { + proc_spinunlock(p); return (1); + } /* expired, exactly at end of interval */ expire: if (timerisset(&itp->it_interval)) { itp->it_value = itp->it_interval; + if (itp->it_value.tv_sec > 0) { itp->it_value.tv_usec -= usec; if (itp->it_value.tv_usec < 0) { itp->it_value.tv_usec += 1000000; itp->it_value.tv_sec--; + } } } else itp->it_value.tv_usec = 0; /* sec is already 0 */ + proc_spinunlock(p); return (0); } @@ -535,14 +657,39 @@ void microtime( struct timeval *tvp) { - clock_get_calendar_microtime((uint32_t *)&tvp->tv_sec, &tvp->tv_usec); + clock_sec_t tv_sec; + clock_usec_t tv_usec; + + clock_get_calendar_microtime(&tv_sec, &tv_usec); + + tvp->tv_sec = tv_sec; + tvp->tv_usec = tv_usec; +} + +void +microtime_with_abstime( + struct timeval *tvp, uint64_t *abstime) +{ + clock_sec_t tv_sec; + clock_usec_t tv_usec; + + clock_get_calendar_absolute_and_microtime(&tv_sec, &tv_usec, abstime); + + tvp->tv_sec = tv_sec; + tvp->tv_usec = tv_usec; } void microuptime( struct timeval *tvp) { - clock_get_system_microtime((uint32_t *)&tvp->tv_sec, &tvp->tv_usec); + clock_sec_t tv_sec; + clock_usec_t tv_usec; + + clock_get_system_microtime(&tv_sec, &tv_usec); + + tvp->tv_sec = tv_sec; + tvp->tv_usec = tv_usec; } /* @@ -552,14 +699,26 @@ void nanotime( struct timespec *tsp) { - clock_get_calendar_nanotime((uint32_t *)&tsp->tv_sec, (uint32_t *)&tsp->tv_nsec); + clock_sec_t tv_sec; + clock_nsec_t tv_nsec; + + clock_get_calendar_nanotime(&tv_sec, &tv_nsec); + + tsp->tv_sec = tv_sec; + tsp->tv_nsec = tv_nsec; } void nanouptime( struct timespec *tsp) { - clock_get_system_nanotime((uint32_t *)&tsp->tv_sec, (uint32_t *)&tsp->tv_nsec); + clock_sec_t tv_sec; + clock_nsec_t tv_nsec; + + clock_get_system_nanotime(&tv_sec, &tv_nsec); + + tsp->tv_sec = tv_sec; + tsp->tv_nsec = tv_nsec; } uint64_t @@ -575,6 +734,95 @@ tvtoabstime( return (result + usresult); } + +uint64_t +tstoabstime(struct timespec *ts) +{ + uint64_t abstime_s, abstime_ns; + clock_interval_to_absolutetime_interval(ts->tv_sec, NSEC_PER_SEC, &abstime_s); + clock_interval_to_absolutetime_interval(ts->tv_nsec, 1, &abstime_ns); + return abstime_s + abstime_ns; +} + +#if NETWORKING +/* + * ratecheck(): simple time-based rate-limit checking. + */ +int +ratecheck(struct timeval *lasttime, const struct timeval *mininterval) +{ + struct timeval tv, delta; + int rv = 0; + + net_uptime2timeval(&tv); + delta = tv; + timevalsub(&delta, lasttime); + + /* + * check for 0,0 is so that the message will be seen at least once, + * even if interval is huge. + */ + if (timevalcmp(&delta, mininterval, >=) || + (lasttime->tv_sec == 0 && lasttime->tv_usec == 0)) { + *lasttime = tv; + rv = 1; + } + + return (rv); +} + +/* + * ppsratecheck(): packets (or events) per second limitation. + */ +int +ppsratecheck(struct timeval *lasttime, int *curpps, int maxpps) +{ + struct timeval tv, delta; + int rv; + + net_uptime2timeval(&tv); + + timersub(&tv, lasttime, &delta); + + /* + * Check for 0,0 so that the message will be seen at least once. + * If more than one second has passed since the last update of + * lasttime, reset the counter. + * + * we do increment *curpps even in *curpps < maxpps case, as some may + * try to use *curpps for stat purposes as well. + */ + if ((lasttime->tv_sec == 0 && lasttime->tv_usec == 0) || + delta.tv_sec >= 1) { + *lasttime = tv; + *curpps = 0; + rv = 1; + } else if (maxpps < 0) + rv = 1; + else if (*curpps < maxpps) + rv = 1; + else + rv = 0; + +#if 1 /* DIAGNOSTIC? */ + /* be careful about wrap-around */ + if (*curpps + 1 > 0) + *curpps = *curpps + 1; +#else + /* + * assume that there's not too many calls to this function. + * not sure if the assumption holds, as it depends on *caller's* + * behavior, not the behavior of this function. + * IMHO it is wrong to make assumption on the caller's behavior, + * so the above #if is #if 1, not #ifdef DIAGNOSTIC. + */ + *curpps = *curpps + 1; +#endif + + return (rv); +} +#endif /* NETWORKING */ + void time_zone_slock_init(void) { @@ -589,4 +837,3 @@ time_zone_slock_init(void) /* Allocate the spin lock */ tz_slock = lck_spin_alloc_init(tz_slock_grp, tz_slock_attr); } -