76 Commits

Author SHA1 Message Date
rwatson
fdf54f8541 o Modify static settime() to accept the proc * for the process requesting
a time change, and callers so that they provide td->td_proc.
o Modify settime() to use securevel_gt() for securelevel checking.

Obtained from:	TrustedBSD Project
2001-09-26 19:53:57 +00:00
julian
5596676e6c KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
dillon
91ecbe11ac Giant Pushdown
clock_gettime() clock_settime() nanosleep() settimeofday()
adjtime() getitimer() setitimer() __sysctl() ogetkerninfo()
sigaction() osigaction() sigpending() osigpending() osigvec()
osigblock() osigsetmask() sigsuspend() osigsuspend() osigstack()
sigaltstack() kill() okillpg() trapsignal() nosys()
2001-09-01 18:19:21 +00:00
markm
bcca5847d5 Undo part of the tangle of having sys/lock.h and sys/mutex.h included in
other "system" header files.

Also help the deprecation of lockmgr.h by making it a sub-include of
sys/lock.h and removing sys/lockmgr.h form kernel .c files.

Sort sys/*.h includes where possible in affected files.

OK'ed by:	bde (with reservations)
2001-05-01 08:13:21 +00:00
jhb
0bc406044c Lock the process while sending it SIGARLM and updating p_realtimer. 2001-03-07 03:02:56 +00:00
jake
9326f655fc Use callout_reset instead of timeout(9). Most callouts are statically
allocated, 2 have been added to struct proc for setitimer and sleep.

Reviewed by:	jhb, jlemon
2000-11-27 22:52:31 +00:00
phk
75e82c815e Remove unneeded <sys/buf.h> includes.
Due to some interesting cpp tricks in lockmgr, the LINT kernel shrinks
by 924 bytes.
2000-04-18 15:15:39 +00:00
phk
1a34cea0e8 Isolate the Timecounter internals in their own two files.
Make the public interface more systematically named.

Remove the alternate method, it doesn't do any good, only ruins performance.

Add counters to profile the usage of the 8 access functions.

Apply the beer-ware to my code.

The weird +/- counts are caused by two repocopies behind the scenes:
	kern/kern_clock.c -> kern/kern_tc.c
	sys/time.h -> sys/timetc.h
(thanks peter!)
2000-03-20 14:09:06 +00:00
phk
8d8f53dcdc Change useracc() and kernacc() to use VM_PROT_{READ|WRITE|EXECUTE} for the
"rw" argument, rather than hijacking B_{READ|WRITE}.

Fix two bugs (physio & cam) resulting by the confusion caused by this.

Submitted by:   Tor.Egge@fast.no
Reviewed by:    alc, ken (partly)
1999-10-30 06:32:05 +00:00
peter
3b842d34e8 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
peter
6d9ab211eb Minor tweaks to make sure (new) prerequisites for <sys/buf.h> (mostly
splbio()/splx()) are #included in time.
1999-06-27 11:44:22 +00:00
phk
16e3fbd2c1 Suser() simplification:
1:
  s/suser/suser_xxx/

2:
  Add new function: suser(struct proc *), prototyped in <sys/proc.h>.

3:
  s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/

The remaining suser_xxx() calls will be scrutinized and dealt with
later.

There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.

More changes to the suser() API will come along with the "jail" code.
1999-04-27 11:18:52 +00:00
nsayer
4d675dd8bf More secure clock management. Allow positive steps only once per second
for as much as one second, but no more. Allows a miscreant to
double-time march the clock, but no worse.

XXX Unlike putting negative deltas in a while(1), performing small
positive steps inside of a while(1) will return EPERM for the
unpermitted ones. Repeated negative deltas are clamped without
error (but the kernel does log a notice).
1999-04-07 19:48:09 +00:00
mjacob
32c3652183 Fix last delta so file would compile again- I think I got it
right. Add a clarifying (to me at least) comment. Some formatting
fixes.
1999-04-07 17:32:21 +00:00
nsayer
0144e6c736 If securelevel>1, allow the clock to be adjusted negatively only up to
1 second prior to the highest the clock has run so far. This allows
time adjusters like xntpd to do their work, but the worst a miscreant
can do is "freeze" the clock, not go back in time.

We still need to decide on an algorithm to clamp positive adjustments.
As it stands, it is possible to achieve arbitrary negative adjustments
by "wrapping" time around.

PR:		10361
1999-04-07 16:36:56 +00:00
bde
ae4dfde7bc Added a used #include (don't depend on "vnode_if.h" including <sys/buf.h>). 1999-02-25 15:54:06 +00:00
dillon
a40e0249d4 Fix warnings in preparation for adding -Wall -Wcast-qual to the
kernel compile
1999-01-27 21:50:00 +00:00
phk
13c66194f4 Nitpicking and dusting performed on a train. Removes trivial warnings
about unused variables, labels and other lint.
1998-10-25 17:44:59 +00:00
phk
3c3eaf50d5 Add a tc_ prefix to struct timecounter members.
Urged by:	bde
1998-06-09 13:10:54 +00:00
bde
2203e2156d Fixed interval calculation in realitimexpire() again. Obtained from:
rev.1.9.  Broken in: rev.1.50.

Fixed a spelling error.  Obtained from: Lite2.
1998-05-17 20:13:01 +00:00
bde
6bcab2370a Fixed stale references to hzto() in comments. 1998-05-17 20:08:05 +00:00
phk
86337bf437 s/nanoruntime/nanouptime/g
s/microruntime/microuptime/g

Reviewed by:	bde
1998-05-17 11:53:46 +00:00
peter
ac94d525c8 Nuke signanosleep(). (I've left nanosleep1() seperate to nanosleep()
as I don't want to mess with the multiple returns)
1998-05-14 11:31:08 +00:00
peter
3cca5ff2f6 Commit an old change that has been sitting around for a long while.
signanosleep() did not deal with signal masks properly.  This change was
based on a discussion with bde some time ago (at least 6 months or more).

signanosleep() should probably go away since it was never really used for
more than a few weeks and doesn't appear in released code.  It should
probably be killed before somebody uses it and it becomes a gratuitous
nonstandard feature.
1998-05-14 10:38:52 +00:00
phk
3c122bd961 Make a kernel version of the timer* functions called timerval* to be
more consistent.

OK'ed by:	bde
1998-04-06 08:26:08 +00:00
phk
2fdb617aee More fixes for the iterative case of nanosleep1 from bruce.
I hate the 2-arg time{spec|val}{add|sub} functions!
1998-04-05 12:10:41 +00:00
phk
ef09a47a6d Make the dummy timecounter run at 1 MHz rather than 100kHz (noticed by bde)
fix the itimer(REAL) handling.
1998-04-05 11:49:36 +00:00
peter
0a735b0829 If there is no error code, don't copyout the remaining time. (As
documented in the man page and the standards).  (and besides, nanosleep1
isn't setting it in this case at present anyway, so we'd be copying junk).
1998-04-05 11:17:19 +00:00
phk
08f33aeded Fix nanosleep1 based on Bruces suggestion. 1998-04-05 10:28:01 +00:00
peter
2a16d50561 tsleep() returns EWOULDBLOCK if the timeout expired. Don't return this
to usermode, otherwise sleep(3) fails, cron doesn't work, etc etc etc.
1998-04-05 07:31:44 +00:00
phk
9736ec2fbf Handle double fraction overflow in nano & microtime functions (spotted by Bruce)
Use tvtohz() a place where it fits.
1998-04-04 18:46:13 +00:00
phk
5e9a131f20 Time changes mark 2:
* Figure out UTC relative to boottime.  Four new functions provide
      time relative to boottime.

    * move "runtime" into struct proc.  This helps fix the calcru()
      problem in SMP.

    * kill mono_time.

    * add timespec{add|sub|cmp} macros to time.h.  (XXX: These may change!)

    * nanosleep, select & poll takes long sleeps one day at a time

Reviewed by:    bde
Tested by:      ache and others
1998-04-04 13:26:20 +00:00
phk
9b703b1455 Eradicate the variable "time" from the kernel, using various measures.
"time" wasn't a atomic variable, so splfoo() protection were needed
around any access to it, unless you just wanted the seconds part.

Most uses of time.tv_sec now uses the new variable time_second instead.

gettime() changed to getmicrotime(0.

Remove a couple of unneeded splfoo() protections, the new getmicrotime()
is atomic, (until Bruce sets a breakpoint in it).

A couple of places needed random data, so use read_random() instead
of mucking about with time which isn't random.

Add a new nfs_curusec() function.

Mark a couple of bogosities involving the now disappeard time variable.

Update ffs_update() to avoid the weird "== &time" checks, by fixing the
one remaining call that passwd &time as args.

Change profiling in ncr.c to use ticks instead of time.  Resolution is
the same.

Add new function "tvtohz()" to avoid the bogus "splfoo(), add time, call
hzto() which subtracts time" sequences.

Reviewed by:	bde
1998-03-30 09:56:58 +00:00
phk
00475b662a Add two new functions, get{micro|nano}time.
They are atomic, but return in essence what is in the "time" variable.
gettime() is now a macro front for getmicrotime().

Various patches to use the two new functions instead of the various
hacks used in their absence.

Some puntuation and grammer patches from Bruce.

A couple of XXX comments.
1998-03-26 20:54:05 +00:00
bde
6898166010 Fixed the calculation of `delta' in settime(). We once set all
times consistently wrong (up to 1 tick too late), but recent changes
fixed the setting of the main clock, making other times inconsistent.
The inconsistencies tended to show up as a negative resource usage
for the process that set the time.

Fixed the check for setting the clock backwards.  A stale timestamp
(`time') was checked, so it was possible to set the clock backwards
by up to almost 1 tick.  Until recently, this bug was compensated
for by setting the clock consistently wrong.

Merged the comment about setting the clock backwards from Lite2.

Removed latency micro-optimizations/speed pessimizations in settime().
microtime() and set_timecounter() are relatively expensive, and
they must be called together with clock updates blocked to get a
consistent `delta', so significant latency optimizations are not
possible.

Removed some stale comments.
1998-02-25 04:10:32 +00:00
phk
044e1e6296 Replace TOD clock code with more systematic approach.
Highlights:
    * Simple model for underlying hardware.
    * Hardware basis for timekeeping can be changed on the fly.
    * Only one hardware clock responsible for TOD keeping.
    * Provides a real nanotime() function.
    * Time granularity: .232E-18 seconds.
    * Frequency granularity:  .238E-12 s/s
    * Frequency adjustment is continuous in time.
    * Less overhead for frequency adjustment.
    * Improves xntpd performance.

Reviewed by:    bde, bde, bde
1998-02-20 16:36:17 +00:00
phk
4d26888936 Remove a bunch of variables which were unused both in GENERIC and LINT.
Found by:	-Wunused
1997-11-07 08:53:44 +00:00
phk
4c8218a5c7 Move the "retval" (3rd) parameter from all syscall functions and put
it in struct proc instead.

This fixes a boatload of compiler warning, and removes a lot of cruft
from the sources.

I have not removed the /*ARGSUSED*/, they will require some looking at.

libkvm, ps and other userland struct proc frobbing programs will need
recompiled.
1997-11-06 19:29:57 +00:00
phk
07d68f3e52 Simplify the lease_check stuff. 1997-10-26 20:26:33 +00:00
ache
29c8244921 Fix returned sleep period for large values
Submitted by: bde
1997-10-20 18:43:49 +00:00
peter
d842f3f837 Sigh. Signal handlers are executed on leaving the system call, not
at moment of delivery.  Restoring the signal mask after the tsleep()
is next to useless since the signal is still queued.. This was interacting
with usleep(3) on receipt of a SIGALRM causing it to near busy loop.

Now, we set the new signal mask "permanently" for signanosleep().

Problem noted by:  bde
1997-10-15 13:58:52 +00:00
gibbs
52ace446d2 init_main.c subr_autoconf.c:
Add support for "interrupt driven configuration hooks".
	A component of the kernel can register a hook, most likely
	during auto-configuration, and receive a callback once
	interrupt services are available.  This callback will occur before
	the root and dump devices are configured, so the configuration
	task can affect the selection of those two devices or complete
	any tasks that need to be performed prior to launching init.
	System boot is posponed so long as a hook is registered.  The
	hook owner is responsible for removing the hook once their task
	is complete or the system boot can continue.

kern_acct.c kern_clock.c kern_exit.c kern_synch.c kern_time.c:
	Change the interface and implementation for the kernel callout
	service.  The new implemntaion is based on the work of
	Adam M. Costello and George Varghese, published in a technical
	report entitled "Redesigning the BSD Callout and Timer Facilities".
	The interface used in FreeBSD is a little different than the one
	outlined in the paper.  The new function prototypes are:

	struct callout_handle timeout(void (*func)(void *),
				      void *arg, int ticks);

	void untimeout(void (*func)(void *), void *arg,
		       struct callout_handle handle);

	If a client wishes to remove a timeout, it must store the
	callout_handle returned by timeout and pass it to untimeout.

	The new implementation gives 0(1) insert and removal of callouts
	making this interface scale well even for applications that
	keep 100s of callouts outstanding.

	See the updated timeout.9 man page for more details.
1997-09-21 22:00:25 +00:00
bde
6ffb8bf9af Removed unused #includes. 1997-09-02 20:06:59 +00:00
bde
c86802a2ae Don't return EINVAL for negative timespecs in the nanosleep functions.
Negative timespecs are perfectly valid.  Just return 0 immediately
for them.  Also, return 0 immediately for zero timespecs.

Fixed some style bugs.
1997-08-26 00:40:04 +00:00
ache
4ef0ac8df9 setitimer: if it_value == 0 clear it_interval now
non-zero it_interval values have no sense if it_value == 0 but
checked by itimerfix which may cause EINVAL return
1997-08-14 08:15:12 +00:00
ache
17e05ba7e2 Bypass itimerfix 100000000 limit in nanosleep1 using loop through timeouts 1997-08-13 17:55:11 +00:00
bde
6cd5fb9a8c Fixed syscall arg checking in clock_settime(). Stack garbage was
checked to be >= 0.  This bug was introduced in rev.1.26.

Reported by:	John Hay <jhay@mikom.csir.co.za>
1997-08-03 07:26:50 +00:00
jhay
e5e83a408d Add tickadj to struct clockinfo, like NetBSD and OpenBSD.
NOTE: libc, time, kgmon and rpc.rstatd will have to be recompiled.
1997-06-24 18:21:09 +00:00
peter
f7b084ef3d oops, fix a braino that I noticed during the commit.. Don't verify the
remaining time pointer if it's NULL, since we don't write back in that
case! (*blush*!)
1997-06-01 09:05:19 +00:00
peter
e6f08b56a8 - implement signanosleep(2) by moving common code from nanosleep() into a
shared function.
- use p->p_sleepend to try and get more accurate "time remaining" results
when the time has been adjusted.
- verify writeability of return address so that we can fail before sleeping
if the address for the result is bogus.
1997-06-01 09:01:07 +00:00