diff options
Diffstat (limited to 'usr/src')
| -rw-r--r-- | usr/src/man/man3c/timer_create.3c | 22 | ||||
| -rw-r--r-- | usr/src/man/man3c/timer_settime.3c | 21 | ||||
| -rw-r--r-- | usr/src/man/man5/privileges.5 | 4 | ||||
| -rw-r--r-- | usr/src/uts/common/os/clock_highres.c | 61 |
4 files changed, 61 insertions, 47 deletions
diff --git a/usr/src/man/man3c/timer_create.3c b/usr/src/man/man3c/timer_create.3c index 36b115c94d..63b57e0a41 100644 --- a/usr/src/man/man3c/timer_create.3c +++ b/usr/src/man/man3c/timer_create.3c @@ -44,11 +44,10 @@ .\" Portions Copyright (c) 1992, X/Open Company Limited. All Rights Reserved. .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved. .\" -.TH TIMER_CREATE 3C "Sep 15, 2015" +.TH TIMER_CREATE 3C "Mar 24, 2016" .SH NAME timer_create \- create a timer .SH SYNOPSIS -.LP .nf #include <signal.h> #include <time.h> @@ -58,7 +57,6 @@ timer_create \- create a timer .fi .SH DESCRIPTION -.LP The \fBtimer_create()\fR function creates a timer using the specified clock, \fIclock_id\fR, as the timing base. The \fBtimer_create()\fR function returns, in the location referenced by \fItimerid\fR, a timer \fBID\fR of type @@ -131,14 +129,12 @@ Timers are not inherited by a child process across a \fBfork\fR(2) and are disarmed and deleted by a call to one of the \fBexec\fR functions (see \fBexec\fR(2)). .SH RETURN VALUES -.LP Upon successful completion, \fBtimer_create()\fR returns \fB0\fR and updates the location referenced by \fItimerid\fR to a \fBtimer_t\fR, which can be passed to the per-process timer calls. If an error occurs, the function returns \fB\(mi1\fR and sets \fBerrno\fR to indicate the error. The value of \fItimerid\fR is undefined if an error occurs. .SH ERRORS -.LP The \fBtimer_create()\fR function will fail if: .sp .ne 2 @@ -160,19 +156,7 @@ system. The specified clock \fBID\fR, \fIclock_id\fR, is not defined. .RE -.sp -.ne 2 -.na -\fB\fBEPERM\fR\fR -.ad -.RS 10n -The specified clock \fBID\fR, \fIclock_id\fR, is \fBCLOCK_HIGHRES\fR and the -{\fBPRIV_PROC_CLOCK_HIGHRES\fR} is not asserted in the effective set of the -calling process. -.RE - .SH ATTRIBUTES -.LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -191,8 +175,6 @@ Standard See \fBstandards\fR(5). .TE .SH SEE ALSO -.LP \fBexec\fR(2), \fBfork\fR(2), \fBtime\fR(2), \fBclock_settime\fR(3C), \fBsignal\fR(3C), \fBsignal.h\fR(3HEAD), \fBtimer_delete\fR(3C), -\fBtimer_settime\fR(3C), \fBattributes\fR(5), \fBprivileges\fR(5), -\fBstandards\fR(5) +\fBtimer_settime\fR(3C), \fBattributes\fR(5), \fBstandards\fR(5) diff --git a/usr/src/man/man3c/timer_settime.3c b/usr/src/man/man3c/timer_settime.3c index de4c0599a2..3813a9d86d 100644 --- a/usr/src/man/man3c/timer_settime.3c +++ b/usr/src/man/man3c/timer_settime.3c @@ -43,12 +43,12 @@ .\" Copyright 1989 AT&T .\" Portions Copyright (c) 1992, X/Open Company Limited. All Rights Reserved. .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved. +.\" Copyright 2016, Joyent, Inc. .\" -.TH TIMER_SETTIME 3C "Feb 5, 2008" +.TH TIMER_SETTIME 3C "Mar 24, 2016" .SH NAME timer_settime, timer_gettime, timer_getoverrun \- per-process timers .SH SYNOPSIS -.LP .nf #include <time.h> @@ -68,8 +68,6 @@ timer_settime, timer_gettime, timer_getoverrun \- per-process timers .fi .SH DESCRIPTION -.sp -.LP The \fBtimer_settime()\fR function sets the time until the next expiration of the timer specified by \fItimerid\fR from the \fBit_value\fR member of the \fIvalue\fR argument and arm the timer if the \fBit_value\fR member of @@ -138,17 +136,19 @@ set to \fBDELAYTIMER_MAX\fR. The value returned by \fBtimer_getoverrun()\fR applies to the most recent expiration signal delivery or acceptance for the timer. If no expiration signal has been delivered for the timer, the meaning of the overrun count returned is undefined. -.SH RETURN VALUES .sp .LP +If the specified timer is of type \fBCLOCK_HIGHRES\fR and the time value is +smaller than a system defined threshold, then {\fBPRIV_PROC_CLOCK_HIGHRES\fR} +must be asserted in the effective set of the calling process or the time values +will be adjusted up to the threshold value. +.SH RETURN VALUES If the \fBtimer_settime()\fR or \fBtimer_gettime()\fR functions succeed, \fB0\fR is returned. If an error occurs for either of these functions, \fB\(mi1\fR is returned, and \fBerrno\fR is set to indicate the error. If the \fBtimer_getoverrun()\fR function succeeds, it returns the timer expiration overrun count as explained above. .SH ERRORS -.sp -.LP The \fBtimer_settime()\fR, \fBtimer_gettime()\fR and \fBtimer_getoverrun()\fR functions will fail if: .sp @@ -183,8 +183,6 @@ than or equal to 1000 million. .RE .SH ATTRIBUTES -.sp -.LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -203,7 +201,6 @@ Standard See \fBstandards\fR(5). .TE .SH SEE ALSO -.sp -.LP \fBtime.h\fR(3HEAD), \fBclock_settime\fR(3C), \fBtimer_create\fR(3C), -\fBtimer_delete\fR(3C), \fBattributes\fR(5), \fBstandards\fR(5) +\fBtimer_delete\fR(3C), \fBattributes\fR(5), \fBprivileges\fR(5), +\fBstandards\fR(5) diff --git a/usr/src/man/man5/privileges.5 b/usr/src/man/man5/privileges.5 index 048482f2ad..ad6e40d170 100644 --- a/usr/src/man/man5/privileges.5 +++ b/usr/src/man/man5/privileges.5 @@ -1,6 +1,6 @@ '\" te .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved. -.\" Copyright 2015, Joyent, Inc. All Rights Reserved. +.\" Copyright 2016, Joyent, Inc. All Rights Reserved. .\" Copyright 2019 Peter Tribble .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with @@ -475,7 +475,7 @@ Allow a process to change its root directory. .ad .sp .6 .RS 4n -Allow a process to use high resolution timers. +Allow a process to use high resolution timers with very small time values. .RE .sp diff --git a/usr/src/uts/common/os/clock_highres.c b/usr/src/uts/common/os/clock_highres.c index 805813037d..27bc319ee6 100644 --- a/usr/src/uts/common/os/clock_highres.c +++ b/usr/src/uts/common/os/clock_highres.c @@ -25,7 +25,7 @@ */ /* - * Copyright (c) 2015, Joyent Inc. All rights reserved. + * Copyright 2016, Joyent Inc. */ #include <sys/timer.h> @@ -41,6 +41,9 @@ static clock_backend_t clock_highres; +/* minimum non-privileged interval (200us) */ +long clock_highres_interval_min = 200000; + /*ARGSUSED*/ static int clock_highres_settime(timespec_t *ts) @@ -68,17 +71,6 @@ clock_highres_getres(timespec_t *ts) static int clock_highres_timer_create(itimer_t *it, void (*fire)(itimer_t *)) { - /* - * CLOCK_HIGHRES timers of sufficiently high resolution can deny - * service; only allow privileged users to create such timers. - * Sites that do not wish to have this restriction should - * give users the "proc_clock_highres" privilege. - */ - if (secpolicy_clock_highres(CRED()) != 0) { - it->it_arg = NULL; - return (EPERM); - } - it->it_arg = kmem_zalloc(sizeof (cyclic_id_t), KM_SLEEP); it->it_fire = fire; @@ -101,7 +93,7 @@ clock_highres_fire(void *arg) static int clock_highres_timer_settime(itimer_t *it, int flags, - const struct itimerspec *when) + const struct itimerspec *when) { cyclic_id_t cyc, *cycp = it->it_arg; proc_t *p = curproc; @@ -111,6 +103,49 @@ clock_highres_timer_settime(itimer_t *it, int flags, cpu_t *cpu; cpupart_t *cpupart; int pset; + boolean_t value_need_clamp = B_FALSE; + boolean_t intval_need_clamp = B_FALSE; + cred_t *cr = CRED(); + struct itimerspec clamped; + + /* + * CLOCK_HIGHRES timers of sufficiently high resolution can deny + * service; only allow privileged users to create such timers. + * Non-privileged users (those without the "proc_clock_highres" + * privilege) can create timers with lower resolution but if they + * attempt to use a very low time value (< 200us) then their + * timer will be clamped at 200us. + */ + if (when->it_value.tv_sec == 0 && + when->it_value.tv_nsec > 0 && + when->it_value.tv_nsec < clock_highres_interval_min) + value_need_clamp = B_TRUE; + + if (when->it_interval.tv_sec == 0 && + when->it_interval.tv_nsec > 0 && + when->it_interval.tv_nsec < clock_highres_interval_min) + intval_need_clamp = B_TRUE; + + if ((value_need_clamp || intval_need_clamp) && + secpolicy_clock_highres(cr) != 0) { + clamped.it_value.tv_sec = when->it_value.tv_sec; + clamped.it_interval.tv_sec = when->it_interval.tv_sec; + + if (value_need_clamp) { + clamped.it_value.tv_nsec = clock_highres_interval_min; + } else { + clamped.it_value.tv_nsec = when->it_value.tv_nsec; + } + + if (intval_need_clamp) { + clamped.it_interval.tv_nsec = + clock_highres_interval_min; + } else { + clamped.it_interval.tv_nsec = when->it_interval.tv_nsec; + } + + when = &clamped; + } cyctime.cyt_when = ts2hrt(&when->it_value); cyctime.cyt_interval = ts2hrt(&when->it_interval); |