1/* 2 * refclock_shm - clock driver for utc via shared memory 3 * - under construction - 4 * To add new modes: Extend or union the shmTime-struct. Do not 5 * extend/shrink size, because otherwise existing implementations 6 * will specify wrong size of shared memory-segment 7 * PB 18.3.97 8 */ 9 10#ifdef HAVE_CONFIG_H 11# include <config.h> 12#endif 13 14#include "ntp_types.h" 15 16#if defined(REFCLOCK) && defined(CLOCK_SHM) 17 18#include "ntpd.h" 19#undef fileno 20#include "ntp_io.h" 21#undef fileno 22#include "ntp_refclock.h" 23#undef fileno 24#include "timespecops.h" 25#undef fileno 26#include "ntp_stdlib.h" 27#include "ntp_assert.h" 28 29#undef fileno 30#include <ctype.h> 31#undef fileno 32 33#ifndef SYS_WINNT 34# include <sys/ipc.h> 35# include <sys/shm.h> 36# include <assert.h> 37# include <unistd.h> 38# include <stdio.h> 39#endif 40 41#ifdef HAVE_STDATOMIC_H 42# include <stdatomic.h> 43#endif /* HAVE_STDATOMIC_H */ 44 45/* 46 * This driver supports a reference clock attached thru shared memory 47 */ 48 49/* 50 * SHM interface definitions 51 */ 52#define PRECISION (-1) /* precision assumed (0.5 s) */ 53#define REFID "SHM" /* reference ID */ 54#define DESCRIPTION "SHM/Shared memory interface" 55 56#define NSAMPLES 3 /* stages of median filter */ 57 58/* 59 * Mode flags 60 */ 61#define SHM_MODE_PRIVATE 0x0001 62 63/* 64 * Function prototypes 65 */ 66static int shm_start (int unit, struct peer *peer); 67static void shm_shutdown (int unit, struct peer *peer); 68static void shm_poll (int unit, struct peer *peer); 69static void shm_timer (int unit, struct peer *peer); 70static void shm_clockstats (int unit, struct peer *peer); 71static void shm_control (int unit, const struct refclockstat * in_st, 72 struct refclockstat * out_st, struct peer *peer); 73 74/* 75 * Transfer vector 76 */ 77struct refclock refclock_shm = { 78 shm_start, /* start up driver */ 79 shm_shutdown, /* shut down driver */ 80 shm_poll, /* transmit poll message */ 81 shm_control, /* control settings */ 82 noentry, /* not used: init */ 83 noentry, /* not used: buginfo */ 84 shm_timer, /* once per second */ 85}; 86 87struct shmTime { 88 int mode; /* 0 - if valid is set: 89 * use values, 90 * clear valid 91 * 1 - if valid is set: 92 * if count before and after read of values is equal, 93 * use values 94 * clear valid 95 */ 96 volatile int count; 97 time_t clockTimeStampSec; 98 int clockTimeStampUSec; 99 time_t receiveTimeStampSec; 100 int receiveTimeStampUSec; 101 int leap; 102 int precision; 103 int nsamples; 104 volatile int valid; 105 unsigned clockTimeStampNSec; /* Unsigned ns timestamps */ 106 unsigned receiveTimeStampNSec; /* Unsigned ns timestamps */ 107 int dummy[8]; 108}; 109 110struct shmunit { 111 struct shmTime *shm; /* pointer to shared memory segment */ 112 int forall; /* access for all UIDs? */ 113 114 /* debugging/monitoring counters - reset when printed */ 115 int ticks; /* number of attempts to read data*/ 116 int good; /* number of valid samples */ 117 int notready; /* number of peeks without data ready */ 118 int bad; /* number of invalid samples */ 119 int clash; /* number of access clashes while reading */ 120 121 time_t max_delta; /* difference limit */ 122 time_t max_delay; /* age/stale limit */ 123}; 124 125 126static struct shmTime* 127getShmTime( 128 int unit, 129 int/*BOOL*/ forall 130 ) 131{ 132 struct shmTime *p = NULL; 133 134#ifndef SYS_WINNT 135 136 int shmid; 137 138 /* 0x4e545030 is NTP0. 139 * Big units will give non-ascii but that's OK 140 * as long as everybody does it the same way. 141 */ 142 shmid=shmget(0x4e545030 + unit, sizeof (struct shmTime), 143 IPC_CREAT | (forall ? 0666 : 0600)); 144 if (shmid == -1) { /* error */ 145 msyslog(LOG_ERR, "SHM shmget (unit %d): %m", unit); 146 return NULL; 147 } 148 p = (struct shmTime *)shmat (shmid, 0, 0); 149 if (p == (struct shmTime *)-1) { /* error */ 150 msyslog(LOG_ERR, "SHM shmat (unit %d): %m", unit); 151 return NULL; 152 } 153 154 return p; 155#else 156 157 static const char * nspref[2] = { "Local", "Global" }; 158 char buf[20]; 159 LPSECURITY_ATTRIBUTES psec = 0; 160 HANDLE shmid = 0; 161 SECURITY_DESCRIPTOR sd; 162 SECURITY_ATTRIBUTES sa; 163 unsigned int numch; 164 165 numch = snprintf(buf, sizeof(buf), "%s\\NTP%d", 166 nspref[forall != 0], (unit & 0xFF)); 167 if (numch >= sizeof(buf)) { 168 msyslog(LOG_ERR, "SHM name too long (unit %d)", unit); 169 return NULL; 170 } 171 if (forall) { /* world access */ 172 if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) { 173 msyslog(LOG_ERR,"SHM InitializeSecurityDescriptor (unit %d): %m", unit); 174 return NULL; 175 } 176 if (!SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE)) { 177 msyslog(LOG_ERR, "SHM SetSecurityDescriptorDacl (unit %d): %m", unit); 178 return NULL; 179 } 180 sa.nLength = sizeof(SECURITY_ATTRIBUTES); 181 sa.lpSecurityDescriptor = &sd; 182 sa.bInheritHandle = FALSE; 183 psec = &sa; 184 } 185 shmid = CreateFileMapping ((HANDLE)0xffffffff, psec, PAGE_READWRITE, 186 0, sizeof (struct shmTime), buf); 187 if (shmid == NULL) { /*error*/ 188 char buf[1000]; 189 FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM, 190 0, GetLastError (), 0, buf, sizeof (buf), 0); 191 msyslog(LOG_ERR, "SHM CreateFileMapping (unit %d): %s", unit, buf); 192 return NULL; 193 } 194 p = (struct shmTime *)MapViewOfFile(shmid, FILE_MAP_WRITE, 0, 0, 195 sizeof (struct shmTime)); 196 if (p == NULL) { /*error*/ 197 char buf[1000]; 198 FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM, 199 0, GetLastError (), 0, buf, sizeof (buf), 0); 200 msyslog(LOG_ERR,"SHM MapViewOfFile (unit %d): %s", unit, buf); 201 return NULL; 202 } 203 204 return p; 205#endif 206 207 /* NOTREACHED */ 208 ENSURE(!"getShmTime(): Not reached."); 209} 210 211 212/* 213 * shm_start - attach to shared memory 214 */ 215static int 216shm_start( 217 int unit, 218 struct peer *peer 219 ) 220{ 221 struct refclockproc * const pp = peer->procptr; 222 struct shmunit * const up = emalloc_zero(sizeof(*up)); 223 224 pp->io.clock_recv = noentry; 225 pp->io.srcclock = peer; 226 pp->io.datalen = 0; 227 pp->io.fd = -1; 228 229 up->forall = (unit >= 2) && !(peer->ttl & SHM_MODE_PRIVATE); 230 231 up->shm = getShmTime(unit, up->forall); 232 233 /* 234 * Initialize miscellaneous peer variables 235 */ 236 memcpy((char *)&pp->refid, REFID, 4); 237 if (up->shm != 0) { 238 pp->unitptr = up; 239 up->shm->precision = PRECISION; 240 peer->precision = up->shm->precision; 241 up->shm->valid = 0; 242 up->shm->nsamples = NSAMPLES; 243 pp->clockdesc = DESCRIPTION; 244 /* items to be changed later in 'shm_control()': */ 245 up->max_delay = 5; 246 up->max_delta = 4*3600; 247 return 1; 248 } else { 249 free(up); 250 pp->unitptr = NULL; 251 return 0; 252 } 253} 254 255 256/* 257 * shm_control - configure flag1/time2 params 258 * 259 * These are not yet available during 'shm_start', so we have to do any 260 * pre-computations we want to avoid during regular poll/timer callbacks 261 * in this callback. 262 */ 263static void 264shm_control( 265 int unit, 266 const struct refclockstat * in_st, 267 struct refclockstat * out_st, 268 struct peer * peer 269 ) 270{ 271 struct refclockproc * const pp = peer->procptr; 272 struct shmunit * const up = pp->unitptr; 273 274 UNUSED_ARG(unit); 275 UNUSED_ARG(in_st); 276 UNUSED_ARG(out_st); 277 if (NULL == up) 278 return; 279 if (pp->sloppyclockflag & CLK_FLAG1) 280 up->max_delta = 0; 281 else if (pp->fudgetime2 < 1. || pp->fudgetime2 > 86400.) 282 up->max_delta = 4*3600; 283 else 284 up->max_delta = (time_t)floor(pp->fudgetime2 + 0.5); 285} 286 287 288/* 289 * shm_shutdown - shut down the clock 290 */ 291static void 292shm_shutdown( 293 int unit, 294 struct peer *peer 295 ) 296{ 297 struct refclockproc * const pp = peer->procptr; 298 struct shmunit * const up = pp->unitptr; 299 300 UNUSED_ARG(unit); 301 if (NULL == up) 302 return; 303#ifndef SYS_WINNT 304 305 /* HMS: shmdt() wants char* or const void * */ 306 (void)shmdt((char *)up->shm); 307 308#else 309 310 UnmapViewOfFile(up->shm); 311 312#endif 313 free(up); 314} 315 316 317/* 318 * shm_poll - called by the transmit procedure 319 */ 320static void 321shm_poll( 322 int unit, 323 struct peer *peer 324 ) 325{ 326 struct refclockproc * const pp = peer->procptr; 327 struct shmunit * const up = pp->unitptr; 328 int major_error; 329 330 pp->polls++; 331 332 /* get dominant reason if we have no samples at all */ 333 major_error = max(up->notready, up->bad); 334 major_error = max(major_error, up->clash); 335 336 /* 337 * Process median filter samples. If none received, see what 338 * happened, tell the core and keep going. 339 */ 340 if (pp->coderecv != pp->codeproc) { 341 /* have some samples, everything OK */ 342 pp->lastref = pp->lastrec; 343 refclock_report(peer, CEVNT_NOMINAL); 344 refclock_receive(peer); 345 } else if (NULL == up->shm) { /* is this possible at all? */ 346 /* we're out of business without SHM access */ 347 refclock_report(peer, CEVNT_FAULT); 348 } else if (major_error == up->clash) { 349 /* too many collisions is like a bad signal */ 350 refclock_report(peer, CEVNT_PROP); 351 } else if (major_error == up->bad) { 352 /* too much stale/bad/garbled data */ 353 refclock_report(peer, CEVNT_BADREPLY); 354 } else { 355 /* in any other case assume it's just a timeout */ 356 refclock_report(peer, CEVNT_TIMEOUT); 357 } 358 /* shm_clockstats() clears the tallies, so it must be last... */ 359 shm_clockstats(unit, peer); 360} 361 362 363enum segstat_t { 364 OK, NO_SEGMENT, NOT_READY, BAD_MODE, CLASH 365}; 366 367struct shm_stat_t { 368 int status; 369 int mode; 370 struct timespec tvc, tvr, tvt; 371 int precision; 372 int leap; 373}; 374 375static inline void memory_barrier(void) 376{ 377#ifdef HAVE_ATOMIC_THREAD_FENCE 378 atomic_thread_fence(memory_order_seq_cst); 379#endif /* HAVE_ATOMIC_THREAD_FENCE */ 380} 381 382static enum segstat_t shm_query(volatile struct shmTime *shm_in, struct shm_stat_t *shm_stat) 383/* try to grab a sample from the specified SHM segment */ 384{ 385 struct shmTime shmcopy; 386 volatile struct shmTime *shm = shm_in; 387 volatile int cnt; 388 389 unsigned int cns_new, rns_new; 390 391 /* 392 * This is the main routine. It snatches the time from the shm 393 * board and tacks on a local timestamp. 394 */ 395 if (shm == NULL) { 396 shm_stat->status = NO_SEGMENT; 397 return NO_SEGMENT; 398 } 399 400 /*@-type@*//* splint is confused about struct timespec */ 401 shm_stat->tvc.tv_sec = shm_stat->tvc.tv_nsec = 0; 402 { 403 time_t now; 404 405 time(&now); 406 shm_stat->tvc.tv_sec = now; 407 } 408 409 /* relying on word access to be atomic here */ 410 if (shm->valid == 0) { 411 shm_stat->status = NOT_READY; 412 return NOT_READY; 413 } 414 415 cnt = shm->count; 416 417 /* 418 * This is proof against concurrency issues if either 419 * (a) the memory_barrier() call works on this host, or 420 * (b) memset compiles to an uninterruptible single-instruction bitblt. 421 */ 422 memory_barrier(); 423 memcpy(&shmcopy, (void*)(uintptr_t)shm, sizeof(struct shmTime)); 424 shm->valid = 0; 425 memory_barrier(); 426 427 /* 428 * Clash detection in case neither (a) nor (b) was true. 429 * Not supported in mode 0, and word access to the count field 430 * must be atomic for this to work. 431 */ 432 if (shmcopy.mode > 0 && cnt != shm->count) { 433 shm_stat->status = CLASH; 434 return shm_stat->status; 435 } 436 437 shm_stat->status = OK; 438 shm_stat->mode = shmcopy.mode; 439 440 switch (shmcopy.mode) { 441 case 0: 442 shm_stat->tvr.tv_sec = shmcopy.receiveTimeStampSec; 443 shm_stat->tvr.tv_nsec = shmcopy.receiveTimeStampUSec * 1000; 444 rns_new = shmcopy.receiveTimeStampNSec; 445 shm_stat->tvt.tv_sec = shmcopy.clockTimeStampSec; 446 shm_stat->tvt.tv_nsec = shmcopy.clockTimeStampUSec * 1000; 447 cns_new = shmcopy.clockTimeStampNSec; 448 449 /* Since the following comparisons are between unsigned 450 ** variables they are always well defined, and any 451 ** (signed) underflow will turn into very large unsigned 452 ** values, well above the 1000 cutoff. 453 ** 454 ** Note: The usecs *must* be a *truncated* 455 ** representation of the nsecs. This code will fail for 456 ** *rounded* usecs, and the logic to deal with 457 ** wrap-arounds in the presence of rounded values is 458 ** much more convoluted. 459 */ 460 if ( ((cns_new - (unsigned)shm_stat->tvt.tv_nsec) < 1000) 461 && ((rns_new - (unsigned)shm_stat->tvr.tv_nsec) < 1000)) { 462 shm_stat->tvt.tv_nsec = cns_new; 463 shm_stat->tvr.tv_nsec = rns_new; 464 } 465 /* At this point shm_stat->tvr and shm_stat->tvt contain valid ns-level 466 ** timestamps, possibly generated by extending the old 467 ** us-level timestamps 468 */ 469 break; 470 471 case 1: 472 473 shm_stat->tvr.tv_sec = shmcopy.receiveTimeStampSec; 474 shm_stat->tvr.tv_nsec = shmcopy.receiveTimeStampUSec * 1000; 475 rns_new = shmcopy.receiveTimeStampNSec; 476 shm_stat->tvt.tv_sec = shmcopy.clockTimeStampSec; 477 shm_stat->tvt.tv_nsec = shmcopy.clockTimeStampUSec * 1000; 478 cns_new = shmcopy.clockTimeStampNSec; 479 480 /* See the case above for an explanation of the 481 ** following test. 482 */ 483 if ( ((cns_new - (unsigned)shm_stat->tvt.tv_nsec) < 1000) 484 && ((rns_new - (unsigned)shm_stat->tvr.tv_nsec) < 1000)) { 485 shm_stat->tvt.tv_nsec = cns_new; 486 shm_stat->tvr.tv_nsec = rns_new; 487 } 488 /* At this point shm_stat->tvr and shm_stat->tvt contains valid ns-level 489 ** timestamps, possibly generated by extending the old 490 ** us-level timestamps 491 */ 492 break; 493 494 default: 495 shm_stat->status = BAD_MODE; 496 break; 497 } 498 /*@-type@*/ 499 500 /* 501 * leap field is not a leap offset but a leap notification code. 502 * The values are magic numbers used by NTP and set by GPSD, if at all, in 503 * the subframe code. 504 */ 505 shm_stat->leap = shmcopy.leap; 506 shm_stat->precision = shmcopy.precision; 507 508 return shm_stat->status; 509} 510 511/* 512 * shm_timer - called once every second. 513 * 514 * This tries to grab a sample from the SHM segment, filtering bad ones 515 */ 516static void 517shm_timer( 518 int unit, 519 struct peer *peer 520 ) 521{ 522 struct refclockproc * const pp = peer->procptr; 523 struct shmunit * const up = pp->unitptr; 524 525 volatile struct shmTime *shm; 526 527 l_fp tsrcv; 528 l_fp tsref; 529 int c; 530 531 /* for formatting 'a_lastcode': */ 532 struct calendar cd; 533 time_t tt; 534 vint64 ts; 535 536 enum segstat_t status; 537 struct shm_stat_t shm_stat; 538 539 up->ticks++; 540 if ((shm = up->shm) == NULL) { 541 /* try to map again - this may succeed if meanwhile some- 542 body has ipcrm'ed the old (unaccessible) shared mem segment */ 543 shm = up->shm = getShmTime(unit, up->forall); 544 if (shm == NULL) { 545 DPRINTF(1, ("%s: no SHM segment\n", 546 refnumtoa(&peer->srcadr))); 547 return; 548 } 549 } 550 551 /* query the segment, atomically */ 552 status = shm_query(shm, &shm_stat); 553 554 switch (status) { 555 case OK: 556 DPRINTF(2, ("%s: SHM type %d sample\n", 557 refnumtoa(&peer->srcadr), shm_stat.mode)); 558 break; 559 case NO_SEGMENT: 560 /* should never happen, but is harmless */ 561 return; 562 case NOT_READY: 563 DPRINTF(1, ("%s: SHM not ready\n",refnumtoa(&peer->srcadr))); 564 up->notready++; 565 return; 566 case BAD_MODE: 567 DPRINTF(1, ("%s: SHM type blooper, mode=%d\n", 568 refnumtoa(&peer->srcadr), shm->mode)); 569 up->bad++; 570 msyslog (LOG_ERR, "SHM: bad mode found in shared memory: %d", 571 shm->mode); 572 return; 573 case CLASH: 574 DPRINTF(1, ("%s: type 1 access clash\n", 575 refnumtoa(&peer->srcadr))); 576 msyslog (LOG_NOTICE, "SHM: access clash in shared memory"); 577 up->clash++; 578 return; 579 default: 580 DPRINTF(1, ("%s: internal error, unknown SHM fetch status\n", 581 refnumtoa(&peer->srcadr))); 582 msyslog (LOG_NOTICE, "internal error, unknown SHM fetch status"); 583 up->bad++; 584 return; 585 } 586 587 588 /* format the last time code in human-readable form into 589 * 'pp->a_lastcode'. Someone claimed: "NetBSD has incompatible 590 * tv_sec". I can't find a base for this claim, but we can work 591 * around that potential problem. BTW, simply casting a pointer 592 * is a receipe for disaster on some architectures. 593 */ 594 tt = (time_t)shm_stat.tvt.tv_sec; 595 ts = time_to_vint64(&tt); 596 ntpcal_time_to_date(&cd, &ts); 597 598 /* add ntpq -c cv timecode in ISO 8601 format */ 599 c = snprintf(pp->a_lastcode, sizeof(pp->a_lastcode), 600 "%04u-%02u-%02uT%02u:%02u:%02u.%09ldZ", 601 cd.year, cd.month, cd.monthday, 602 cd.hour, cd.minute, cd.second, 603 (long)shm_stat.tvt.tv_nsec); 604 pp->lencode = (c > 0 && (size_t)c < sizeof(pp->a_lastcode)) ? c : 0; 605 606 /* check 1: age control of local time stamp */ 607 tt = shm_stat.tvc.tv_sec - shm_stat.tvr.tv_sec; 608 if (tt < 0 || tt > up->max_delay) { 609 DPRINTF(1, ("%s:SHM stale/bad receive time, delay=%llds\n", 610 refnumtoa(&peer->srcadr), (long long)tt)); 611 up->bad++; 612 msyslog (LOG_ERR, "SHM: stale/bad receive time, delay=%llds", 613 (long long)tt); 614 return; 615 } 616 617 /* check 2: delta check */ 618 tt = shm_stat.tvr.tv_sec - shm_stat.tvt.tv_sec - (shm_stat.tvr.tv_nsec < shm_stat.tvt.tv_nsec); 619 if (tt < 0) 620 tt = -tt; 621 if (up->max_delta > 0 && tt > up->max_delta) { 622 DPRINTF(1, ("%s: SHM diff limit exceeded, delta=%llds\n", 623 refnumtoa(&peer->srcadr), (long long)tt)); 624 up->bad++; 625 msyslog (LOG_ERR, "SHM: difference limit exceeded, delta=%llds\n", 626 (long long)tt); 627 return; 628 } 629 630 /* if we really made it to this point... we're winners! */ 631 DPRINTF(2, ("%s: SHM feeding data\n", 632 refnumtoa(&peer->srcadr))); 633 tsrcv = tspec_stamp_to_lfp(shm_stat.tvr); 634 tsref = tspec_stamp_to_lfp(shm_stat.tvt); 635 pp->leap = shm_stat.leap; 636 peer->precision = shm_stat.precision; 637 refclock_process_offset(pp, tsref, tsrcv, pp->fudgetime1); 638 up->good++; 639} 640 641/* 642 * shm_clockstats - dump and reset counters 643 */ 644static void shm_clockstats( 645 int unit, 646 struct peer *peer 647 ) 648{ 649 struct refclockproc * const pp = peer->procptr; 650 struct shmunit * const up = pp->unitptr; 651 652 UNUSED_ARG(unit); 653 if (pp->sloppyclockflag & CLK_FLAG4) { 654 mprintf_clock_stats( 655 &peer->srcadr, "%3d %3d %3d %3d %3d", 656 up->ticks, up->good, up->notready, 657 up->bad, up->clash); 658 } 659 up->ticks = up->good = up->notready = up->bad = up->clash = 0; 660} 661 662#else 663NONEMPTY_TRANSLATION_UNIT 664#endif /* REFCLOCK */ 665