1/*-
2 ***********************************************************************
3 * *
4 * Copyright (c) David L. Mills 1993-2001 *
5 * *
6 * Permission to use, copy, modify, and distribute this software and *
7 * its documentation for any purpose and without fee is hereby *
8 * granted, provided that the above copyright notice appears in all *
9 * copies and that both the copyright notice and this permission *
10 * notice appear in supporting documentation, and that the name *
11 * University of Delaware not be used in advertising or publicity *
12 * pertaining to distribution of the software without specific, *
13 * written prior permission. The University of Delaware makes no *
14 * representations about the suitability this software for any *
15 * purpose. It is provided "as is" without express or implied *
16 * warranty. *
17 * *
18 **********************************************************************/
19
20
21/*
22 * Adapted from the original sources for FreeBSD and timecounters by:
23 * Poul-Henning Kamp <phk@FreeBSD.org>.
24 *
25 * The 32bit version of the "LP" macros seems a bit past its "sell by"
26 * date so I have retained only the 64bit version and included it directly
27 * in this file.
28 *
29 * Only minor changes done to interface with the timecounters over in
30 * sys/kern/kern_clock.c. Some of the comments below may be (even more)
31 * confusing and/or plain wrong in that context.
32 */
33
34/*
35 * Copyright (c) 2017 Apple Computer, Inc. All rights reserved.
36 *
37 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
38 *
39 * This file contains Original Code and/or Modifications of Original Code
40 * as defined in and that are subject to the Apple Public Source License
41 * Version 2.0 (the 'License'). You may not use this file except in
42 * compliance with the License. The rights granted to you under the License
43 * may not be used to create, or enable the creation or redistribution of,
44 * unlawful or unlicensed copies of an Apple operating system, or to
45 * circumvent, violate, or enable the circumvention or violation of, any
46 * terms of an Apple operating system software license agreement.
47 *
48 * Please obtain a copy of the License at
49 * http://www.opensource.apple.com/apsl/ and read it before using this file.
50 *
51 * The Original Code and all software distributed under the License are
52 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
53 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
54 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
55 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
56 * Please see the License for the specific language governing rights and
57 * limitations under the License.
58 *
59 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
60 */
61
62#include <sys/cdefs.h>
63#include <sys/param.h>
64#include <sys/systm.h>
65#include <sys/eventhandler.h>
66#include <sys/kernel.h>
67#include <sys/priv.h>
68#include <sys/proc.h>
69#include <sys/lock.h>
70#include <sys/time.h>
71#include <sys/timex.h>
72#include <kern/clock.h>
73#include <sys/sysctl.h>
74#include <sys/sysproto.h>
75#include <sys/kauth.h>
76#include <kern/thread_call.h>
77#include <kern/timer_call.h>
78#include <machine/machine_routines.h>
79#if CONFIG_MACF
80#include <security/mac_framework.h>
81#endif
82#include <IOKit/IOBSD.h>
83#include <os/log.h>
84
85typedef int64_t l_fp;
86#define L_ADD(v, u) ((v) += (u))
87#define L_SUB(v, u) ((v) -= (u))
88#define L_ADDHI(v, a) ((v) += (int64_t)(a) << 32)
89#define L_NEG(v) ((v) = -(v))
90#define L_RSHIFT(v, n) \
91 do { \
92 if ((v) < 0) \
93 (v) = -(-(v) >> (n)); \
94 else \
95 (v) = (v) >> (n); \
96 } while (0)
97#define L_MPY(v, a) ((v) *= (a))
98#define L_CLR(v) ((v) = 0)
99#define L_ISNEG(v) ((v) < 0)
100#define L_LINT(v, a) \
101 do { \
102 if ((a) > 0) \
103 ((v) = (int64_t)(a) << 32); \
104 else \
105 ((v) = -((int64_t)(-(a)) << 32)); \
106 } while (0)
107#define L_GINT(v) ((v) < 0 ? -(-(v) >> 32) : (v) >> 32)
108
109/*
110 * Generic NTP kernel interface
111 *
112 * These routines constitute the Network Time Protocol (NTP) interfaces
113 * for user and daemon application programs. The ntp_gettime() routine
114 * provides the time, maximum error (synch distance) and estimated error
115 * (dispersion) to client user application programs. The ntp_adjtime()
116 * routine is used by the NTP daemon to adjust the calendar clock to an
117 * externally derived time. The time offset and related variables set by
118 * this routine are used by other routines in this module to adjust the
119 * phase and frequency of the clock discipline loop which controls the
120 * system clock.
121 *
122 * When the kernel time is reckoned directly in nanoseconds (NTP_NANO
123 * defined), the time at each tick interrupt is derived directly from
124 * the kernel time variable. When the kernel time is reckoned in
125 * microseconds, (NTP_NANO undefined), the time is derived from the
126 * kernel time variable together with a variable representing the
127 * leftover nanoseconds at the last tick interrupt. In either case, the
128 * current nanosecond time is reckoned from these values plus an
129 * interpolated value derived by the clock routines in another
130 * architecture-specific module. The interpolation can use either a
131 * dedicated counter or a processor cycle counter (PCC) implemented in
132 * some architectures.
133 *
134 */
135/*
136 * Phase/frequency-lock loop (PLL/FLL) definitions
137 *
138 * The nanosecond clock discipline uses two variable types, time
139 * variables and frequency variables. Both types are represented as 64-
140 * bit fixed-point quantities with the decimal point between two 32-bit
141 * halves. On a 32-bit machine, each half is represented as a single
142 * word and mathematical operations are done using multiple-precision
143 * arithmetic. On a 64-bit machine, ordinary computer arithmetic is
144 * used.
145 *
146 * A time variable is a signed 64-bit fixed-point number in ns and
147 * fraction. It represents the remaining time offset to be amortized
148 * over succeeding tick interrupts. The maximum time offset is about
149 * 0.5 s and the resolution is about 2.3e-10 ns.
150 *
151 * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
152 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
153 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
154 * |s s s| ns |
155 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
156 * | fraction |
157 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
158 *
159 * A frequency variable is a signed 64-bit fixed-point number in ns/s
160 * and fraction. It represents the ns and fraction to be added to the
161 * kernel time variable at each second. The maximum frequency offset is
162 * about +-500000 ns/s and the resolution is about 2.3e-10 ns/s.
163 *
164 * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
165 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
166 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
167 * |s s s s s s s s s s s s s| ns/s |
168 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
169 * | fraction |
170 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
171 */
172
173#define SHIFT_PLL 4
174#define SHIFT_FLL 2
175
176static int time_state = TIME_OK;
177int time_status = STA_UNSYNC;
178static long time_tai;
179static long time_constant;
180static long time_precision = 1;
181static long time_maxerror = MAXPHASE / 1000;
182static unsigned long last_time_maxerror_update;
183long time_esterror = MAXPHASE / 1000;
184static long time_reftime;
185static l_fp time_offset;
186static l_fp time_freq;
187static int64_t time_adjtime;
188static int updated;
189
190static LCK_GRP_DECLARE(ntp_lock_grp, "ntp_lock");
191static LCK_SPIN_DECLARE(ntp_lock, &ntp_lock_grp);
192
193#define NTP_LOCK(enable) \
194 enable = ml_set_interrupts_enabled(FALSE); \
195 lck_spin_lock(&ntp_lock);
196
197#define NTP_UNLOCK(enable) \
198 lck_spin_unlock(&ntp_lock);\
199 ml_set_interrupts_enabled(enable);
200
201#define NTP_ASSERT_LOCKED() LCK_SPIN_ASSERT(&ntp_lock, LCK_ASSERT_OWNED)
202
203static timer_call_data_t ntp_loop_update;
204static uint64_t ntp_loop_deadline;
205static uint32_t ntp_loop_active;
206static uint32_t ntp_loop_period;
207#define NTP_LOOP_PERIOD_INTERVAL (NSEC_PER_SEC) /*1 second interval*/
208
209void ntp_init(void);
210static void hardupdate(long offset);
211static void ntp_gettime1(struct ntptimeval *ntvp);
212static bool ntp_is_time_error(int tsl);
213
214static void ntp_loop_update_call(void);
215static void refresh_ntp_loop(void);
216static void start_ntp_loop(void);
217
218#if DEVELOPMENT || DEBUG
219uint32_t g_should_log_clock_adjustments = 0;
220SYSCTL_INT(_kern, OID_AUTO, log_clock_adjustments, CTLFLAG_RW | CTLFLAG_LOCKED, &g_should_log_clock_adjustments, 0, "enable kernel clock adjustment logging");
221#endif
222
223static bool
224ntp_is_time_error(int tsl)
225{
226 if (tsl & (STA_UNSYNC | STA_CLOCKERR)) {
227 return true;
228 }
229
230 return false;
231}
232
233static void
234ntp_gettime1(struct ntptimeval *ntvp)
235{
236 struct timespec atv;
237
238 NTP_ASSERT_LOCKED();
239
240 nanotime(ts: &atv);
241 ntvp->time.tv_sec = atv.tv_sec;
242 ntvp->time.tv_nsec = atv.tv_nsec;
243 if ((unsigned long)atv.tv_sec > last_time_maxerror_update) {
244 time_maxerror += (MAXFREQ / 1000) * (atv.tv_sec - last_time_maxerror_update);
245 last_time_maxerror_update = atv.tv_sec;
246 }
247 ntvp->maxerror = time_maxerror;
248 ntvp->esterror = time_esterror;
249 ntvp->tai = time_tai;
250 ntvp->time_state = time_state;
251
252 if (ntp_is_time_error(tsl: time_status)) {
253 ntvp->time_state = TIME_ERROR;
254 }
255}
256
257int
258ntp_gettime(struct proc *p, struct ntp_gettime_args *uap, __unused int32_t *retval)
259{
260 struct ntptimeval ntv;
261 int error;
262 boolean_t enable;
263
264 NTP_LOCK(enable);
265 ntp_gettime1(ntvp: &ntv);
266 NTP_UNLOCK(enable);
267
268 if (IS_64BIT_PROCESS(p)) {
269 struct user64_ntptimeval user_ntv = {};
270 user_ntv.time.tv_sec = ntv.time.tv_sec;
271 user_ntv.time.tv_nsec = ntv.time.tv_nsec;
272 user_ntv.maxerror = ntv.maxerror;
273 user_ntv.esterror = ntv.esterror;
274 user_ntv.tai = ntv.tai;
275 user_ntv.time_state = ntv.time_state;
276 error = copyout(&user_ntv, uap->ntvp, sizeof(user_ntv));
277 } else {
278 struct user32_ntptimeval user_ntv = {};
279 user_ntv.time.tv_sec = (user32_long_t)ntv.time.tv_sec;
280 user_ntv.time.tv_nsec = (user32_long_t)ntv.time.tv_nsec;
281 user_ntv.maxerror = (user32_long_t)ntv.maxerror;
282 user_ntv.esterror = (user32_long_t)ntv.esterror;
283 user_ntv.tai = (user32_long_t)ntv.tai;
284 user_ntv.time_state = ntv.time_state;
285 error = copyout(&user_ntv, uap->ntvp, sizeof(user_ntv));
286 }
287
288 if (error) {
289 return error;
290 }
291
292 return ntv.time_state;
293}
294
295int
296ntp_adjtime(struct proc *p, struct ntp_adjtime_args *uap, int32_t *retval)
297{
298 struct timex ntv = {};
299 long freq;
300 unsigned int modes;
301 int error, ret = 0;
302 clock_sec_t sec;
303 clock_usec_t microsecs;
304 boolean_t enable;
305
306 if (IS_64BIT_PROCESS(p)) {
307 struct user64_timex user_ntv;
308 error = copyin(uap->tp, &user_ntv, sizeof(user_ntv));
309 ntv.modes = user_ntv.modes;
310 ntv.offset = (long)user_ntv.offset;
311 ntv.freq = (long)user_ntv.freq;
312 ntv.maxerror = (long)user_ntv.maxerror;
313 ntv.esterror = (long)user_ntv.esterror;
314 ntv.status = user_ntv.status;
315 ntv.constant = (long)user_ntv.constant;
316 ntv.precision = (long)user_ntv.precision;
317 ntv.tolerance = (long)user_ntv.tolerance;
318 } else {
319 struct user32_timex user_ntv;
320 error = copyin(uap->tp, &user_ntv, sizeof(user_ntv));
321 ntv.modes = user_ntv.modes;
322 ntv.offset = user_ntv.offset;
323 ntv.freq = user_ntv.freq;
324 ntv.maxerror = user_ntv.maxerror;
325 ntv.esterror = user_ntv.esterror;
326 ntv.status = user_ntv.status;
327 ntv.constant = user_ntv.constant;
328 ntv.precision = user_ntv.precision;
329 ntv.tolerance = user_ntv.tolerance;
330 }
331 if (error) {
332 return error;
333 }
334
335#if DEVELOPMENT || DEBUG
336 if (g_should_log_clock_adjustments) {
337 os_log(OS_LOG_DEFAULT, "%s: BEFORE modes %u offset %ld freq %ld status %d constant %ld time_adjtime %lld\n",
338 __func__, ntv.modes, ntv.offset, ntv.freq, ntv.status, ntv.constant, time_adjtime);
339 }
340#endif
341 /*
342 * Update selected clock variables - only the superuser can
343 * change anything. Note that there is no error checking here on
344 * the assumption the superuser should know what it is doing.
345 * Note that either the time constant or TAI offset are loaded
346 * from the ntv.constant member, depending on the mode bits. If
347 * the STA_PLL bit in the status word is cleared, the state and
348 * status words are reset to the initial values at boot.
349 */
350 modes = ntv.modes;
351 if (modes) {
352 /* Check that this task is entitled to set the time or it is root */
353 if (!IOCurrentTaskHasEntitlement(SETTIME_ENTITLEMENT)) {
354#if CONFIG_MACF
355 error = mac_system_check_settime(cred: kauth_cred_get());
356 if (error) {
357 return error;
358 }
359#endif
360 if ((error = priv_check_cred(cred: kauth_cred_get(), PRIV_ADJTIME, flags: 0))) {
361 return error;
362 }
363 }
364 }
365
366 NTP_LOCK(enable);
367
368 if (modes & MOD_MAXERROR) {
369 clock_gettimeofday(secs: &sec, microsecs: &microsecs);
370 time_maxerror = ntv.maxerror;
371 last_time_maxerror_update = sec;
372 }
373 if (modes & MOD_ESTERROR) {
374 time_esterror = ntv.esterror;
375 }
376 if (modes & MOD_STATUS) {
377 if (time_status & STA_PLL && !(ntv.status & STA_PLL)) {
378 time_state = TIME_OK;
379 time_status = STA_UNSYNC;
380 }
381 time_status &= STA_RONLY;
382 time_status |= ntv.status & ~STA_RONLY;
383 /*
384 * Nor PPS or leaps seconds are supported.
385 * Filter out unsupported bits.
386 */
387 time_status &= STA_SUPPORTED;
388 }
389 if (modes & MOD_TIMECONST) {
390 if (ntv.constant < 0) {
391 time_constant = 0;
392 } else if (ntv.constant > MAXTC) {
393 time_constant = MAXTC;
394 } else {
395 time_constant = ntv.constant;
396 }
397 }
398 if (modes & MOD_TAI) {
399 if (ntv.constant > 0) {
400 time_tai = ntv.constant;
401 }
402 }
403 if (modes & MOD_NANO) {
404 time_status |= STA_NANO;
405 }
406 if (modes & MOD_MICRO) {
407 time_status &= ~STA_NANO;
408 }
409 if (modes & MOD_CLKB) {
410 time_status |= STA_CLK;
411 }
412 if (modes & MOD_CLKA) {
413 time_status &= ~STA_CLK;
414 }
415 if (modes & MOD_FREQUENCY) {
416 freq = (ntv.freq * 1000LL) >> 16;
417 if (freq > MAXFREQ) {
418 L_LINT(time_freq, MAXFREQ);
419 } else if (freq < -MAXFREQ) {
420 L_LINT(time_freq, -MAXFREQ);
421 } else {
422 /*
423 * ntv.freq is [PPM * 2^16] = [us/s * 2^16]
424 * time_freq is [ns/s * 2^32]
425 */
426 time_freq = ntv.freq * 1000LL * 65536LL;
427 }
428 }
429 if (modes & MOD_OFFSET) {
430 if (time_status & STA_NANO) {
431 hardupdate(offset: ntv.offset);
432 } else {
433 hardupdate(offset: ntv.offset * 1000);
434 }
435 }
436
437 ret = ntp_is_time_error(tsl: time_status) ? TIME_ERROR : time_state;
438
439#if DEVELOPMENT || DEBUG
440 if (g_should_log_clock_adjustments) {
441 os_log(OS_LOG_DEFAULT, "%s: AFTER modes %u offset %lld freq %lld status %d constant %ld time_adjtime %lld\n",
442 __func__, modes, time_offset, time_freq, time_status, time_constant, time_adjtime);
443 }
444#endif
445
446 /*
447 * Retrieve all clock variables. Note that the TAI offset is
448 * returned only by ntp_gettime();
449 */
450 if (IS_64BIT_PROCESS(p)) {
451 struct user64_timex user_ntv = {};
452
453 user_ntv.modes = modes;
454 if (time_status & STA_NANO) {
455 user_ntv.offset = L_GINT(time_offset);
456 } else {
457 user_ntv.offset = L_GINT(time_offset) / 1000;
458 }
459 if (time_freq > 0) {
460 user_ntv.freq = L_GINT(((int64_t)(time_freq / 1000LL)) << 16);
461 } else {
462 user_ntv.freq = -L_GINT(((int64_t)(-(time_freq) / 1000LL)) << 16);
463 }
464 user_ntv.maxerror = time_maxerror;
465 user_ntv.esterror = time_esterror;
466 user_ntv.status = time_status;
467 user_ntv.constant = time_constant;
468 if (time_status & STA_NANO) {
469 user_ntv.precision = time_precision;
470 } else {
471 user_ntv.precision = time_precision / 1000;
472 }
473 user_ntv.tolerance = MAXFREQ * SCALE_PPM;
474
475 /* unlock before copyout */
476 NTP_UNLOCK(enable);
477
478 error = copyout(&user_ntv, uap->tp, sizeof(user_ntv));
479 } else {
480 struct user32_timex user_ntv = {};
481
482 user_ntv.modes = modes;
483 if (time_status & STA_NANO) {
484 user_ntv.offset = L_GINT(time_offset);
485 } else {
486 user_ntv.offset = L_GINT(time_offset) / 1000;
487 }
488 if (time_freq > 0) {
489 user_ntv.freq = L_GINT((time_freq / 1000LL) << 16);
490 } else {
491 user_ntv.freq = -L_GINT((-(time_freq) / 1000LL) << 16);
492 }
493 user_ntv.maxerror = (user32_long_t)time_maxerror;
494 user_ntv.esterror = (user32_long_t)time_esterror;
495 user_ntv.status = time_status;
496 user_ntv.constant = (user32_long_t)time_constant;
497 if (time_status & STA_NANO) {
498 user_ntv.precision = (user32_long_t)time_precision;
499 } else {
500 user_ntv.precision = (user32_long_t)(time_precision / 1000);
501 }
502 user_ntv.tolerance = MAXFREQ * SCALE_PPM;
503
504 /* unlock before copyout */
505 NTP_UNLOCK(enable);
506
507 error = copyout(&user_ntv, uap->tp, sizeof(user_ntv));
508 }
509
510 if (modes) {
511 start_ntp_loop();
512 }
513
514 if (error == 0) {
515 *retval = ret;
516 }
517
518 return error;
519}
520
521int64_t
522ntp_get_freq(void)
523{
524 return time_freq;
525}
526
527/*
528 * Compute the adjustment to add to the next second.
529 */
530void
531ntp_update_second(int64_t *adjustment, clock_sec_t secs)
532{
533 int tickrate;
534 l_fp time_adj;
535 l_fp ftemp, old_time_adjtime, old_offset;
536
537 NTP_ASSERT_LOCKED();
538
539 if (secs > last_time_maxerror_update) {
540 time_maxerror += (MAXFREQ / 1000) * (secs - last_time_maxerror_update);
541 last_time_maxerror_update = secs;
542 }
543
544 old_offset = time_offset;
545 old_time_adjtime = time_adjtime;
546
547 ftemp = time_offset;
548 L_RSHIFT(ftemp, SHIFT_PLL + time_constant);
549 time_adj = ftemp;
550 L_SUB(time_offset, ftemp);
551 L_ADD(time_adj, time_freq);
552
553 /*
554 * Apply any correction from adjtime. If more than one second
555 * off we slew at a rate of 5ms/s (5000 PPM) else 500us/s (500PPM)
556 * until the last second is slewed the final < 500 usecs.
557 */
558 if (time_adjtime != 0) {
559 if (time_adjtime > 1000000) {
560 tickrate = 5000;
561 } else if (time_adjtime < -1000000) {
562 tickrate = -5000;
563 } else if (time_adjtime > 500) {
564 tickrate = 500;
565 } else if (time_adjtime < -500) {
566 tickrate = -500;
567 } else {
568 tickrate = (int)time_adjtime;
569 }
570 time_adjtime -= tickrate;
571 L_LINT(ftemp, tickrate * 1000);
572 L_ADD(time_adj, ftemp);
573 }
574
575 if (old_time_adjtime || ((time_offset || old_offset) && (time_offset != old_offset))) {
576 updated = 1;
577 } else {
578 updated = 0;
579 }
580
581#if DEVELOPMENT || DEBUG
582 if (g_should_log_clock_adjustments) {
583 int64_t nano = (time_adj > 0)? time_adj >> 32 : -((-time_adj) >> 32);
584 int64_t frac = (time_adj > 0)? ((uint32_t) time_adj) : -((uint32_t) (-time_adj));
585
586 os_log(OS_LOG_DEFAULT, "%s:AFTER offset %lld (%lld) freq %lld status %d "
587 "constant %ld time_adjtime %lld nano %lld frac %lld adj %lld\n",
588 __func__, time_offset, (time_offset > 0)? time_offset >> 32 : -((-time_offset) >> 32),
589 time_freq, time_status, time_constant, time_adjtime, nano, frac, time_adj);
590 }
591#endif
592
593 *adjustment = time_adj;
594}
595
596/*
597 * hardupdate() - local clock update
598 *
599 * This routine is called by ntp_adjtime() when an offset is provided
600 * to update the local clock phase and frequency.
601 * The implementation is of an adaptive-parameter, hybrid
602 * phase/frequency-lock loop (PLL/FLL). The routine computes new
603 * time and frequency offset estimates for each call.
604 * Presumably, calls to ntp_adjtime() occur only when the caller
605 * believes the local clock is valid within some bound (+-128 ms with
606 * NTP).
607 *
608 * For uncompensated quartz crystal oscillators and nominal update
609 * intervals less than 256 s, operation should be in phase-lock mode,
610 * where the loop is disciplined to phase. For update intervals greater
611 * than 1024 s, operation should be in frequency-lock mode, where the
612 * loop is disciplined to frequency. Between 256 s and 1024 s, the mode
613 * is selected by the STA_MODE status bit.
614 */
615static void
616hardupdate(long offset)
617{
618 long mtemp = 0;
619 long time_monitor;
620 clock_sec_t time_uptime;
621 l_fp ftemp;
622
623 NTP_ASSERT_LOCKED();
624
625 if (!(time_status & STA_PLL)) {
626 return;
627 }
628
629 if (offset > MAXPHASE) {
630 time_monitor = MAXPHASE;
631 } else if (offset < -MAXPHASE) {
632 time_monitor = -MAXPHASE;
633 } else {
634 time_monitor = offset;
635 }
636 L_LINT(time_offset, time_monitor);
637
638 clock_get_calendar_uptime(secs: &time_uptime);
639
640 if (time_status & STA_FREQHOLD || time_reftime == 0) {
641 time_reftime = time_uptime;
642 }
643
644 mtemp = time_uptime - time_reftime;
645 L_LINT(ftemp, time_monitor);
646 L_RSHIFT(ftemp, (SHIFT_PLL + 2 + time_constant) << 1);
647 L_MPY(ftemp, mtemp);
648 L_ADD(time_freq, ftemp);
649 time_status &= ~STA_MODE;
650 if (mtemp >= MINSEC && (time_status & STA_FLL || mtemp >
651 MAXSEC)) {
652 if (time_monitor > 0) {
653 L_LINT(ftemp, (time_monitor << 4) / mtemp);
654 } else {
655 L_LINT(ftemp, -((int64_t)(-(time_monitor)) << 4) / mtemp);
656 }
657 L_RSHIFT(ftemp, SHIFT_FLL + 4);
658 L_ADD(time_freq, ftemp);
659 time_status |= STA_MODE;
660 }
661 time_reftime = time_uptime;
662
663 if (L_GINT(time_freq) > MAXFREQ) {
664 L_LINT(time_freq, MAXFREQ);
665 } else if (L_GINT(time_freq) < -MAXFREQ) {
666 L_LINT(time_freq, -MAXFREQ);
667 }
668}
669
670
671static int
672kern_adjtime(struct timeval *delta)
673{
674 struct timeval atv;
675 int64_t ltr, ltw;
676 boolean_t enable;
677
678 if (delta == NULL) {
679 return EINVAL;
680 }
681
682 ltw = (int64_t)delta->tv_sec * (int64_t)USEC_PER_SEC + delta->tv_usec;
683
684 NTP_LOCK(enable);
685 ltr = time_adjtime;
686 time_adjtime = ltw;
687#if DEVELOPMENT || DEBUG
688 if (g_should_log_clock_adjustments) {
689 os_log(OS_LOG_DEFAULT, "%s:AFTER offset %lld freq %lld status %d constant %ld time_adjtime %lld\n",
690 __func__, time_offset, time_freq, time_status, time_constant, time_adjtime);
691 }
692#endif
693 NTP_UNLOCK(enable);
694
695 atv.tv_sec = (__darwin_time_t)(ltr / (int64_t)USEC_PER_SEC);
696 atv.tv_usec = ltr % (int64_t)USEC_PER_SEC;
697 if (atv.tv_usec < 0) {
698 atv.tv_usec += (suseconds_t)USEC_PER_SEC;
699 atv.tv_sec--;
700 }
701
702 *delta = atv;
703
704 start_ntp_loop();
705
706 return 0;
707}
708
709int
710adjtime(struct proc *p, struct adjtime_args *uap, __unused int32_t *retval)
711{
712 struct timeval atv;
713 int error;
714
715 /* Check that this task is entitled to set the time or it is root */
716 if (!IOCurrentTaskHasEntitlement(SETTIME_ENTITLEMENT)) {
717#if CONFIG_MACF
718 error = mac_system_check_settime(cred: kauth_cred_get());
719 if (error) {
720 return error;
721 }
722#endif
723 if ((error = priv_check_cred(cred: kauth_cred_get(), PRIV_ADJTIME, flags: 0))) {
724 return error;
725 }
726 }
727
728 if (IS_64BIT_PROCESS(p)) {
729 struct user64_timeval user_atv;
730 error = copyin(uap->delta, &user_atv, sizeof(user_atv));
731 atv.tv_sec = (__darwin_time_t)user_atv.tv_sec;
732 atv.tv_usec = user_atv.tv_usec;
733 } else {
734 struct user32_timeval user_atv;
735 error = copyin(uap->delta, &user_atv, sizeof(user_atv));
736 atv.tv_sec = user_atv.tv_sec;
737 atv.tv_usec = user_atv.tv_usec;
738 }
739 if (error) {
740 return error;
741 }
742
743 kern_adjtime(delta: &atv);
744
745 if (uap->olddelta) {
746 if (IS_64BIT_PROCESS(p)) {
747 struct user64_timeval user_atv = {};
748 user_atv.tv_sec = atv.tv_sec;
749 user_atv.tv_usec = atv.tv_usec;
750 error = copyout(&user_atv, uap->olddelta, sizeof(user_atv));
751 } else {
752 struct user32_timeval user_atv = {};
753 user_atv.tv_sec = (user32_time_t)atv.tv_sec;
754 user_atv.tv_usec = atv.tv_usec;
755 error = copyout(&user_atv, uap->olddelta, sizeof(user_atv));
756 }
757 }
758
759 return error;
760}
761
762static void
763ntp_loop_update_call(void)
764{
765 boolean_t enable;
766
767 NTP_LOCK(enable);
768
769 /*
770 * Update the scale factor used by clock_calend.
771 * NOTE: clock_update_calendar will call ntp_update_second to compute the next adjustment.
772 */
773 clock_update_calendar();
774
775 refresh_ntp_loop();
776
777 NTP_UNLOCK(enable);
778}
779
780static void
781refresh_ntp_loop(void)
782{
783 NTP_ASSERT_LOCKED();
784 if (--ntp_loop_active == 0) {
785 /*
786 * Activate the timer only if the next second adjustment might change.
787 * ntp_update_second checks it and sets updated accordingly.
788 */
789 if (updated) {
790 clock_deadline_for_periodic_event(interval: ntp_loop_period, abstime: mach_absolute_time(), deadline: &ntp_loop_deadline);
791
792 if (!timer_call_enter(call: &ntp_loop_update, deadline: ntp_loop_deadline, TIMER_CALL_SYS_CRITICAL)) {
793 ntp_loop_active++;
794 }
795 }
796 }
797}
798
799/*
800 * This function triggers a timer that each second will calculate the adjustment to
801 * provide to clock_calendar to scale the time (used by gettimeofday-family syscalls).
802 * The periodic timer will stop when the adjustment will reach a stable value.
803 */
804static void
805start_ntp_loop(void)
806{
807 boolean_t enable;
808
809 NTP_LOCK(enable);
810
811 ntp_loop_deadline = mach_absolute_time() + ntp_loop_period;
812
813 if (!timer_call_enter(call: &ntp_loop_update, deadline: ntp_loop_deadline, TIMER_CALL_SYS_CRITICAL)) {
814 ntp_loop_active++;
815 }
816
817 NTP_UNLOCK(enable);
818}
819
820
821static void
822init_ntp_loop(void)
823{
824 uint64_t abstime;
825
826 ntp_loop_active = 0;
827 nanoseconds_to_absolutetime(NTP_LOOP_PERIOD_INTERVAL, result: &abstime);
828 ntp_loop_period = (uint32_t)abstime;
829 timer_call_setup(call: &ntp_loop_update, func: (timer_call_func_t)ntp_loop_update_call, NULL);
830}
831
832void
833ntp_init(void)
834{
835 init_ntp_loop();
836}
837