1/* $OpenBSD: kern_acct.c,v 1.48 2024/04/13 23:44:11 jsg Exp $ */ 2/* $NetBSD: kern_acct.c,v 1.42 1996/02/04 02:15:12 christos Exp $ */ 3 4/*- 5 * Copyright (c) 1994 Christopher G. Demetriou 6 * Copyright (c) 1982, 1986, 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * @(#)kern_acct.c 8.1 (Berkeley) 6/14/93 39 */ 40 41#include <sys/param.h> 42#include <sys/systm.h> 43#include <sys/proc.h> 44#include <sys/mount.h> 45#include <sys/vnode.h> 46#include <sys/fcntl.h> 47#include <sys/syslog.h> 48#include <sys/kernel.h> 49#include <sys/namei.h> 50#include <sys/errno.h> 51#include <sys/acct.h> 52#include <sys/resourcevar.h> 53#include <sys/tty.h> 54#include <sys/kthread.h> 55#include <sys/rwlock.h> 56 57#include <sys/syscallargs.h> 58 59/* 60 * The routines implemented in this file are described in: 61 * Leffler, et al.: The Design and Implementation of the 4.3BSD 62 * UNIX Operating System (Addison Welley, 1989) 63 * on pages 62-63. 64 * 65 * Arguably, to simplify accounting operations, this mechanism should 66 * be replaced by one in which an accounting log file (similar to /dev/klog) 67 * is read by a user process, etc. However, that has its own problems. 68 */ 69 70/* 71 * Internal accounting functions. 72 */ 73comp_t encode_comp_t(u_long, u_long); 74int acct_start(void); 75void acct_thread(void *); 76void acct_shutdown(void); 77 78/* 79 * Accounting vnode pointer, and saved vnode pointer. 80 */ 81struct vnode *acctp; 82struct vnode *savacctp; 83 84/* 85 * Lock protecting acctp and savacctp. 86 */ 87struct rwlock acct_lock = RWLOCK_INITIALIZER("acctlk"); 88 89/* 90 * Values associated with enabling and disabling accounting 91 */ 92int acctsuspend = 2; /* stop accounting when < 2% free space left */ 93int acctresume = 4; /* resume when free space risen to > 4% */ 94int acctrate = 15; /* delay (in seconds) between space checks */ 95 96struct proc *acct_proc; 97 98/* 99 * Accounting system call. Written based on the specification and 100 * previous implementation done by Mark Tinguely. 101 */ 102int 103sys_acct(struct proc *p, void *v, register_t *retval) 104{ 105 struct sys_acct_args /* { 106 syscallarg(const char *) path; 107 } */ *uap = v; 108 struct nameidata nd; 109 int error; 110 111 /* Make sure that the caller is root. */ 112 if ((error = suser(p)) != 0) 113 return (error); 114 115 /* 116 * If accounting is to be started to a file, open that file for 117 * writing and make sure it's 'normal'. 118 */ 119 if (SCARG(uap, path) != NULL) { 120 NDINIT(&nd, 0, 0, UIO_USERSPACE, SCARG(uap, path), p); 121 if ((error = vn_open(&nd, FWRITE|O_APPEND, 0)) != 0) 122 return (error); 123 VOP_UNLOCK(nd.ni_vp); 124 if (nd.ni_vp->v_type != VREG) { 125 vn_close(nd.ni_vp, FWRITE, p->p_ucred, p); 126 return (EACCES); 127 } 128 } 129 130 rw_enter_write(&acct_lock); 131 132 /* 133 * If accounting was previously enabled, kill the old space-watcher, 134 * close the file, and (if no new file was specified, leave). 135 */ 136 if (acctp != NULL || savacctp != NULL) { 137 wakeup(&acct_proc); 138 (void)vn_close((acctp != NULL ? acctp : savacctp), FWRITE, 139 p->p_ucred, p); 140 acctp = savacctp = NULL; 141 } 142 if (SCARG(uap, path) == NULL) 143 goto out; 144 145 /* 146 * Save the new accounting file vnode, and schedule the new 147 * free space watcher. 148 */ 149 acctp = nd.ni_vp; 150 if ((error = acct_start()) != 0) { 151 acctp = NULL; 152 (void)vn_close(nd.ni_vp, FWRITE, p->p_ucred, p); 153 } 154 155out: 156 rw_exit_write(&acct_lock); 157 return (error); 158} 159 160/* 161 * Write out process accounting information, on process exit. 162 * Data to be written out is specified in Leffler, et al. 163 * and are enumerated below. (They're also noted in the system 164 * "acct.h" header file.) 165 */ 166int 167acct_process(struct proc *p) 168{ 169 struct acct acct; 170 struct process *pr = p->p_p; 171 struct rusage *r; 172 struct timespec booted, elapsed, realstart, st, tmp, uptime, ut; 173 int t; 174 struct vnode *vp; 175 int error = 0; 176 177 /* If accounting isn't enabled, don't bother */ 178 if (acctp == NULL) 179 return (0); 180 181 rw_enter_read(&acct_lock); 182 183 /* 184 * Check the vnode again in case accounting got disabled while waiting 185 * for the lock. 186 */ 187 vp = acctp; 188 if (vp == NULL) 189 goto out; 190 191 /* 192 * Get process accounting information. 193 */ 194 195 /* (1) The name of the command that ran */ 196 memcpy(acct.ac_comm, pr->ps_comm, sizeof acct.ac_comm); 197 198 /* (2) The amount of user and system time that was used */ 199 calctsru(&pr->ps_tu, &ut, &st, NULL); 200 acct.ac_utime = encode_comp_t(ut.tv_sec, ut.tv_nsec); 201 acct.ac_stime = encode_comp_t(st.tv_sec, st.tv_nsec); 202 203 /* (3) The elapsed time the command ran (and its starting time) */ 204 nanouptime(&uptime); 205 nanoboottime(&booted); 206 timespecadd(&booted, &pr->ps_start, &realstart); 207 acct.ac_btime = realstart.tv_sec; 208 timespecsub(&uptime, &pr->ps_start, &elapsed); 209 acct.ac_etime = encode_comp_t(elapsed.tv_sec, elapsed.tv_nsec); 210 211 /* (4) The average amount of memory used */ 212 r = &p->p_ru; 213 timespecadd(&ut, &st, &tmp); 214 t = tmp.tv_sec * hz + tmp.tv_nsec / (1000 * tick); 215 if (t) 216 acct.ac_mem = (r->ru_ixrss + r->ru_idrss + r->ru_isrss) / t; 217 else 218 acct.ac_mem = 0; 219 220 /* (5) The number of disk I/O operations done */ 221 acct.ac_io = encode_comp_t(r->ru_inblock + r->ru_oublock, 0); 222 223 /* (6) The UID and GID of the process */ 224 acct.ac_uid = pr->ps_ucred->cr_ruid; 225 acct.ac_gid = pr->ps_ucred->cr_rgid; 226 227 /* (7) The terminal from which the process was started */ 228 if ((pr->ps_flags & PS_CONTROLT) && 229 pr->ps_pgrp->pg_session->s_ttyp) 230 acct.ac_tty = pr->ps_pgrp->pg_session->s_ttyp->t_dev; 231 else 232 acct.ac_tty = -1; 233 234 /* (8) The boolean flags that tell how process terminated or misbehaved. */ 235 acct.ac_flag = pr->ps_acflag; 236 237 /* Extensions */ 238 acct.ac_pid = pr->ps_pid; 239 240 /* 241 * Now, just write the accounting information to the file. 242 */ 243 error = vn_rdwr(UIO_WRITE, vp, (caddr_t)&acct, sizeof (acct), 244 (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT|IO_NOLIMIT, 245 p->p_ucred, NULL, p); 246 247out: 248 rw_exit_read(&acct_lock); 249 return (error); 250} 251 252/* 253 * Encode_comp_t converts from ticks in seconds and microseconds 254 * to ticks in 1/AHZ seconds. The encoding is described in 255 * Leffler, et al., on page 63. 256 */ 257 258#define MANTSIZE 13 /* 13 bit mantissa. */ 259#define EXPSIZE 3 /* Base 8 (3 bit) exponent. */ 260#define MAXFRACT ((1 << MANTSIZE) - 1) /* Maximum fractional value. */ 261 262comp_t 263encode_comp_t(u_long s, u_long ns) 264{ 265 int exp, rnd; 266 267 exp = 0; 268 rnd = 0; 269 s *= AHZ; 270 s += ns / (1000000000 / AHZ); /* Maximize precision. */ 271 272 while (s > MAXFRACT) { 273 rnd = s & (1 << (EXPSIZE - 1)); /* Round up? */ 274 s >>= EXPSIZE; /* Base 8 exponent == 3 bit shift. */ 275 exp++; 276 } 277 278 /* If we need to round up, do it (and handle overflow correctly). */ 279 if (rnd && (++s > MAXFRACT)) { 280 s >>= EXPSIZE; 281 exp++; 282 } 283 284 /* Clean it up and polish it off. */ 285 exp <<= MANTSIZE; /* Shift the exponent into place */ 286 exp += s; /* and add on the mantissa. */ 287 return (exp); 288} 289 290int 291acct_start(void) 292{ 293 /* Already running. */ 294 if (acct_proc != NULL) 295 return (0); 296 297 return (kthread_create(acct_thread, NULL, &acct_proc, "acct")); 298} 299 300/* 301 * Periodically check the file system to see if accounting 302 * should be turned on or off. Beware the case where the vnode 303 * has been vgone()'d out from underneath us, e.g. when the file 304 * system containing the accounting file has been forcibly unmounted. 305 */ 306void 307acct_thread(void *arg) 308{ 309 struct statfs sb; 310 struct proc *p = curproc; 311 312 rw_enter_write(&acct_lock); 313 for (;;) { 314 if (savacctp != NULL) { 315 if (savacctp->v_type == VBAD) { 316 (void) vn_close(savacctp, FWRITE, NOCRED, p); 317 savacctp = NULL; 318 break; 319 } 320 (void)VFS_STATFS(savacctp->v_mount, &sb, NULL); 321 if (sb.f_bavail > acctresume * sb.f_blocks / 100) { 322 acctp = savacctp; 323 savacctp = NULL; 324 log(LOG_NOTICE, "Accounting resumed\n"); 325 } 326 } else if (acctp != NULL) { 327 if (acctp->v_type == VBAD) { 328 (void) vn_close(acctp, FWRITE, NOCRED, p); 329 acctp = NULL; 330 break; 331 } 332 (void)VFS_STATFS(acctp->v_mount, &sb, NULL); 333 if (sb.f_bavail <= acctsuspend * sb.f_blocks / 100) { 334 savacctp = acctp; 335 acctp = NULL; 336 log(LOG_NOTICE, "Accounting suspended\n"); 337 } 338 } else { 339 break; 340 } 341 rwsleep_nsec(&acct_proc, &acct_lock, PPAUSE, "acct", 342 SEC_TO_NSEC(acctrate)); 343 } 344 acct_proc = NULL; 345 rw_exit_write(&acct_lock); 346 kthread_exit(0); 347} 348 349void 350acct_shutdown(void) 351{ 352 353 struct proc *p = curproc; 354 355 rw_enter_write(&acct_lock); 356 if (acctp != NULL || savacctp != NULL) { 357 vn_close((acctp != NULL ? acctp : savacctp), FWRITE, 358 NOCRED, p); 359 acctp = savacctp = NULL; 360 } 361 rw_exit_write(&acct_lock); 362} 363