| 1 | /* $NetBSD: kern_acct.c,v 1.94 2013/10/19 21:01:39 mrg Exp $ */ |
| 2 | |
| 3 | /*- |
| 4 | * Copyright (c) 1982, 1986, 1989, 1993 |
| 5 | * The Regents of the University of California. All rights reserved. |
| 6 | * (c) UNIX System Laboratories, Inc. |
| 7 | * All or some portions of this file are derived from material licensed |
| 8 | * to the University of California by American Telephone and Telegraph |
| 9 | * Co. or Unix System Laboratories, Inc. and are reproduced herein with |
| 10 | * the permission of UNIX System Laboratories, Inc. |
| 11 | * |
| 12 | * Redistribution and use in source and binary forms, with or without |
| 13 | * modification, are permitted provided that the following conditions |
| 14 | * are met: |
| 15 | * 1. Redistributions of source code must retain the above copyright |
| 16 | * notice, this list of conditions and the following disclaimer. |
| 17 | * 2. Redistributions in binary form must reproduce the above copyright |
| 18 | * notice, this list of conditions and the following disclaimer in the |
| 19 | * documentation and/or other materials provided with the distribution. |
| 20 | * 3. Neither the name of the University nor the names of its contributors |
| 21 | * may be used to endorse or promote products derived from this software |
| 22 | * without specific prior written permission. |
| 23 | * |
| 24 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
| 25 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 26 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
| 28 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 29 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 30 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 31 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 32 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 33 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 34 | * SUCH DAMAGE. |
| 35 | * |
| 36 | * @(#)kern_acct.c 8.8 (Berkeley) 5/14/95 |
| 37 | */ |
| 38 | |
| 39 | /*- |
| 40 | * Copyright (c) 1994 Christopher G. Demetriou |
| 41 | * |
| 42 | * Redistribution and use in source and binary forms, with or without |
| 43 | * modification, are permitted provided that the following conditions |
| 44 | * are met: |
| 45 | * 1. Redistributions of source code must retain the above copyright |
| 46 | * notice, this list of conditions and the following disclaimer. |
| 47 | * 2. Redistributions in binary form must reproduce the above copyright |
| 48 | * notice, this list of conditions and the following disclaimer in the |
| 49 | * documentation and/or other materials provided with the distribution. |
| 50 | * 3. All advertising materials mentioning features or use of this software |
| 51 | * must display the following acknowledgement: |
| 52 | * This product includes software developed by the University of |
| 53 | * California, Berkeley and its contributors. |
| 54 | * 4. Neither the name of the University nor the names of its contributors |
| 55 | * may be used to endorse or promote products derived from this software |
| 56 | * without specific prior written permission. |
| 57 | * |
| 58 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
| 59 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 60 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 61 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
| 62 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 63 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 64 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 65 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 66 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 67 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 68 | * SUCH DAMAGE. |
| 69 | * |
| 70 | * @(#)kern_acct.c 8.8 (Berkeley) 5/14/95 |
| 71 | */ |
| 72 | |
| 73 | #include <sys/cdefs.h> |
| 74 | __KERNEL_RCSID(0, "$NetBSD: kern_acct.c,v 1.94 2013/10/19 21:01:39 mrg Exp $" ); |
| 75 | |
| 76 | #include <sys/param.h> |
| 77 | #include <sys/systm.h> |
| 78 | #include <sys/proc.h> |
| 79 | #include <sys/mount.h> |
| 80 | #include <sys/vnode.h> |
| 81 | #include <sys/file.h> |
| 82 | #include <sys/syslog.h> |
| 83 | #include <sys/kernel.h> |
| 84 | #include <sys/kthread.h> |
| 85 | #include <sys/kmem.h> |
| 86 | #include <sys/namei.h> |
| 87 | #include <sys/errno.h> |
| 88 | #include <sys/acct.h> |
| 89 | #include <sys/resourcevar.h> |
| 90 | #include <sys/ioctl.h> |
| 91 | #include <sys/tty.h> |
| 92 | #include <sys/kauth.h> |
| 93 | |
| 94 | #include <sys/syscallargs.h> |
| 95 | |
| 96 | /* |
| 97 | * The routines implemented in this file are described in: |
| 98 | * Leffler, et al.: The Design and Implementation of the 4.3BSD |
| 99 | * UNIX Operating System (Addison Welley, 1989) |
| 100 | * on pages 62-63. |
| 101 | * |
| 102 | * Arguably, to simplify accounting operations, this mechanism should |
| 103 | * be replaced by one in which an accounting log file (similar to /dev/klog) |
| 104 | * is read by a user process, etc. However, that has its own problems. |
| 105 | */ |
| 106 | |
| 107 | /* |
| 108 | * Lock to serialize system calls and kernel threads. |
| 109 | */ |
| 110 | krwlock_t acct_lock; |
| 111 | |
| 112 | /* |
| 113 | * The global accounting state and related data. Gain the mutex before |
| 114 | * accessing these variables. |
| 115 | */ |
| 116 | static enum { |
| 117 | ACCT_STOP, |
| 118 | ACCT_ACTIVE, |
| 119 | ACCT_SUSPENDED |
| 120 | } acct_state; /* The current accounting state. */ |
| 121 | static struct vnode *acct_vp; /* Accounting vnode pointer. */ |
| 122 | static kauth_cred_t acct_cred; /* Credential of accounting file |
| 123 | owner (i.e root). Used when |
| 124 | accounting file i/o. */ |
| 125 | static struct lwp *acct_dkwatcher; /* Free disk space checker. */ |
| 126 | |
| 127 | /* |
| 128 | * Values associated with enabling and disabling accounting |
| 129 | */ |
| 130 | int acctsuspend = 2; /* stop accounting when < 2% free space left */ |
| 131 | int acctresume = 4; /* resume when free space risen to > 4% */ |
| 132 | int acctchkfreq = 15; /* frequency (in seconds) to check space */ |
| 133 | |
| 134 | /* |
| 135 | * Encode_comp_t converts from ticks in seconds and microseconds |
| 136 | * to ticks in 1/AHZ seconds. The encoding is described in |
| 137 | * Leffler, et al., on page 63. |
| 138 | */ |
| 139 | |
| 140 | #define MANTSIZE 13 /* 13 bit mantissa. */ |
| 141 | #define EXPSIZE 3 /* Base 8 (3 bit) exponent. */ |
| 142 | #define MAXFRACT ((1 << MANTSIZE) - 1) /* Maximum fractional value. */ |
| 143 | |
| 144 | static comp_t |
| 145 | encode_comp_t(u_long s, u_long us) |
| 146 | { |
| 147 | int exp, rnd; |
| 148 | |
| 149 | exp = 0; |
| 150 | rnd = 0; |
| 151 | s *= AHZ; |
| 152 | s += us / (1000000 / AHZ); /* Maximize precision. */ |
| 153 | |
| 154 | while (s > MAXFRACT) { |
| 155 | rnd = s & (1 << (EXPSIZE - 1)); /* Round up? */ |
| 156 | s >>= EXPSIZE; /* Base 8 exponent == 3 bit shift. */ |
| 157 | exp++; |
| 158 | } |
| 159 | |
| 160 | /* If we need to round up, do it (and handle overflow correctly). */ |
| 161 | if (rnd && (++s > MAXFRACT)) { |
| 162 | s >>= EXPSIZE; |
| 163 | exp++; |
| 164 | } |
| 165 | |
| 166 | /* Clean it up and polish it off. */ |
| 167 | exp <<= MANTSIZE; /* Shift the exponent into place */ |
| 168 | exp += s; /* and add on the mantissa. */ |
| 169 | return (exp); |
| 170 | } |
| 171 | |
| 172 | static int |
| 173 | acct_chkfree(void) |
| 174 | { |
| 175 | int error; |
| 176 | struct statvfs *sb; |
| 177 | fsblkcnt_t bavail; |
| 178 | |
| 179 | sb = kmem_alloc(sizeof(*sb), KM_SLEEP); |
| 180 | if (sb == NULL) |
| 181 | return (ENOMEM); |
| 182 | error = VFS_STATVFS(acct_vp->v_mount, sb); |
| 183 | if (error != 0) { |
| 184 | kmem_free(sb, sizeof(*sb)); |
| 185 | return (error); |
| 186 | } |
| 187 | |
| 188 | if (sb->f_bfree < sb->f_bresvd) { |
| 189 | bavail = 0; |
| 190 | } else { |
| 191 | bavail = sb->f_bfree - sb->f_bresvd; |
| 192 | } |
| 193 | |
| 194 | switch (acct_state) { |
| 195 | case ACCT_SUSPENDED: |
| 196 | if (bavail > acctresume * sb->f_blocks / 100) { |
| 197 | acct_state = ACCT_ACTIVE; |
| 198 | log(LOG_NOTICE, "Accounting resumed\n" ); |
| 199 | } |
| 200 | break; |
| 201 | case ACCT_ACTIVE: |
| 202 | if (bavail <= acctsuspend * sb->f_blocks / 100) { |
| 203 | acct_state = ACCT_SUSPENDED; |
| 204 | log(LOG_NOTICE, "Accounting suspended\n" ); |
| 205 | } |
| 206 | break; |
| 207 | case ACCT_STOP: |
| 208 | break; |
| 209 | } |
| 210 | kmem_free(sb, sizeof(*sb)); |
| 211 | return (0); |
| 212 | } |
| 213 | |
| 214 | static void |
| 215 | acct_stop(void) |
| 216 | { |
| 217 | int error; |
| 218 | |
| 219 | KASSERT(rw_write_held(&acct_lock)); |
| 220 | |
| 221 | if (acct_vp != NULLVP && acct_vp->v_type != VBAD) { |
| 222 | error = vn_close(acct_vp, FWRITE, acct_cred); |
| 223 | #ifdef DIAGNOSTIC |
| 224 | if (error != 0) |
| 225 | printf("acct_stop: failed to close, errno = %d\n" , |
| 226 | error); |
| 227 | #else |
| 228 | __USE(error); |
| 229 | #endif |
| 230 | acct_vp = NULLVP; |
| 231 | } |
| 232 | if (acct_cred != NULL) { |
| 233 | kauth_cred_free(acct_cred); |
| 234 | acct_cred = NULL; |
| 235 | } |
| 236 | acct_state = ACCT_STOP; |
| 237 | } |
| 238 | |
| 239 | /* |
| 240 | * Periodically check the file system to see if accounting |
| 241 | * should be turned on or off. Beware the case where the vnode |
| 242 | * has been vgone()'d out from underneath us, e.g. when the file |
| 243 | * system containing the accounting file has been forcibly unmounted. |
| 244 | */ |
| 245 | static void |
| 246 | acctwatch(void *arg) |
| 247 | { |
| 248 | int error; |
| 249 | |
| 250 | log(LOG_NOTICE, "Accounting started\n" ); |
| 251 | rw_enter(&acct_lock, RW_WRITER); |
| 252 | while (acct_state != ACCT_STOP) { |
| 253 | if (acct_vp->v_type == VBAD) { |
| 254 | log(LOG_NOTICE, "Accounting terminated\n" ); |
| 255 | acct_stop(); |
| 256 | continue; |
| 257 | } |
| 258 | |
| 259 | error = acct_chkfree(); |
| 260 | #ifdef DIAGNOSTIC |
| 261 | if (error != 0) |
| 262 | printf("acctwatch: failed to statvfs, error = %d\n" , |
| 263 | error); |
| 264 | #else |
| 265 | __USE(error); |
| 266 | #endif |
| 267 | rw_exit(&acct_lock); |
| 268 | error = kpause("actwat" , false, acctchkfreq * hz, NULL); |
| 269 | rw_enter(&acct_lock, RW_WRITER); |
| 270 | #ifdef DIAGNOSTIC |
| 271 | if (error != 0 && error != EWOULDBLOCK) |
| 272 | printf("acctwatch: sleep error %d\n" , error); |
| 273 | #endif |
| 274 | } |
| 275 | acct_dkwatcher = NULL; |
| 276 | rw_exit(&acct_lock); |
| 277 | |
| 278 | kthread_exit(0); |
| 279 | } |
| 280 | |
| 281 | void |
| 282 | acct_init(void) |
| 283 | { |
| 284 | |
| 285 | acct_state = ACCT_STOP; |
| 286 | acct_vp = NULLVP; |
| 287 | acct_cred = NULL; |
| 288 | rw_init(&acct_lock); |
| 289 | } |
| 290 | |
| 291 | /* |
| 292 | * Accounting system call. Written based on the specification and |
| 293 | * previous implementation done by Mark Tinguely. |
| 294 | */ |
| 295 | int |
| 296 | sys_acct(struct lwp *l, const struct sys_acct_args *uap, register_t *retval) |
| 297 | { |
| 298 | /* { |
| 299 | syscallarg(const char *) path; |
| 300 | } */ |
| 301 | struct pathbuf *pb; |
| 302 | struct nameidata nd; |
| 303 | int error; |
| 304 | |
| 305 | /* Make sure that the caller is root. */ |
| 306 | if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_ACCOUNTING, |
| 307 | 0, NULL, NULL, NULL))) |
| 308 | return (error); |
| 309 | |
| 310 | /* |
| 311 | * If accounting is to be started to a file, open that file for |
| 312 | * writing and make sure it's a 'normal'. |
| 313 | */ |
| 314 | if (SCARG(uap, path) != NULL) { |
| 315 | struct vattr va; |
| 316 | size_t pad; |
| 317 | |
| 318 | error = pathbuf_copyin(SCARG(uap, path), &pb); |
| 319 | if (error) { |
| 320 | return error; |
| 321 | } |
| 322 | NDINIT(&nd, LOOKUP, FOLLOW | TRYEMULROOT, pb); |
| 323 | if ((error = vn_open(&nd, FWRITE|O_APPEND, 0)) != 0) { |
| 324 | pathbuf_destroy(pb); |
| 325 | return error; |
| 326 | } |
| 327 | if (nd.ni_vp->v_type != VREG) { |
| 328 | VOP_UNLOCK(nd.ni_vp); |
| 329 | error = EACCES; |
| 330 | goto bad; |
| 331 | } |
| 332 | if ((error = VOP_GETATTR(nd.ni_vp, &va, l->l_cred)) != 0) { |
| 333 | VOP_UNLOCK(nd.ni_vp); |
| 334 | goto bad; |
| 335 | } |
| 336 | |
| 337 | if ((pad = (va.va_size % sizeof(struct acct))) != 0) { |
| 338 | u_quad_t size = va.va_size - pad; |
| 339 | #ifdef DIAGNOSTIC |
| 340 | printf("Size of accounting file not a multiple of " |
| 341 | "%lu - incomplete record truncated\n" , |
| 342 | (unsigned long)sizeof(struct acct)); |
| 343 | #endif |
| 344 | vattr_null(&va); |
| 345 | va.va_size = size; |
| 346 | error = VOP_SETATTR(nd.ni_vp, &va, l->l_cred); |
| 347 | if (error != 0) { |
| 348 | VOP_UNLOCK(nd.ni_vp); |
| 349 | goto bad; |
| 350 | } |
| 351 | } |
| 352 | VOP_UNLOCK(nd.ni_vp); |
| 353 | } |
| 354 | |
| 355 | rw_enter(&acct_lock, RW_WRITER); |
| 356 | |
| 357 | /* |
| 358 | * If accounting was previously enabled, kill the old space-watcher, |
| 359 | * free credential for accounting file i/o, |
| 360 | * ... (and, if no new file was specified, leave). |
| 361 | */ |
| 362 | acct_stop(); |
| 363 | if (SCARG(uap, path) == NULL) |
| 364 | goto out; |
| 365 | |
| 366 | /* |
| 367 | * Save the new accounting file vnode and credential, |
| 368 | * and schedule the new free space watcher. |
| 369 | */ |
| 370 | acct_state = ACCT_ACTIVE; |
| 371 | acct_vp = nd.ni_vp; |
| 372 | acct_cred = l->l_cred; |
| 373 | kauth_cred_hold(acct_cred); |
| 374 | |
| 375 | pathbuf_destroy(pb); |
| 376 | |
| 377 | error = acct_chkfree(); /* Initial guess. */ |
| 378 | if (error != 0) { |
| 379 | acct_stop(); |
| 380 | goto out; |
| 381 | } |
| 382 | |
| 383 | if (acct_dkwatcher == NULL) { |
| 384 | error = kthread_create(PRI_NONE, KTHREAD_MPSAFE, NULL, |
| 385 | acctwatch, NULL, &acct_dkwatcher, "acctwatch" ); |
| 386 | if (error != 0) |
| 387 | acct_stop(); |
| 388 | } |
| 389 | |
| 390 | out: |
| 391 | rw_exit(&acct_lock); |
| 392 | return (error); |
| 393 | bad: |
| 394 | vn_close(nd.ni_vp, FWRITE, l->l_cred); |
| 395 | pathbuf_destroy(pb); |
| 396 | return error; |
| 397 | } |
| 398 | |
| 399 | /* |
| 400 | * Write out process accounting information, on process exit. |
| 401 | * Data to be written out is specified in Leffler, et al. |
| 402 | * and are enumerated below. (They're also noted in the system |
| 403 | * "acct.h" header file.) |
| 404 | */ |
| 405 | int |
| 406 | acct_process(struct lwp *l) |
| 407 | { |
| 408 | struct acct acct; |
| 409 | struct timeval ut, st, tmp; |
| 410 | struct rusage *r; |
| 411 | int t, error = 0; |
| 412 | struct rlimit orlim; |
| 413 | struct proc *p = l->l_proc; |
| 414 | |
| 415 | if (acct_state != ACCT_ACTIVE) |
| 416 | return 0; |
| 417 | |
| 418 | memset(&acct, 0, sizeof(acct)); /* to zerofill padded data */ |
| 419 | |
| 420 | rw_enter(&acct_lock, RW_READER); |
| 421 | |
| 422 | /* If accounting isn't enabled, don't bother */ |
| 423 | if (acct_state != ACCT_ACTIVE) |
| 424 | goto out; |
| 425 | |
| 426 | /* |
| 427 | * Temporarily raise the file limit so that accounting can't |
| 428 | * be stopped by the user. |
| 429 | * |
| 430 | * XXX We should think about the CPU limit, too. |
| 431 | */ |
| 432 | lim_privatise(p); |
| 433 | orlim = p->p_rlimit[RLIMIT_FSIZE]; |
| 434 | /* Set current and max to avoid illegal values */ |
| 435 | p->p_rlimit[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY; |
| 436 | p->p_rlimit[RLIMIT_FSIZE].rlim_max = RLIM_INFINITY; |
| 437 | |
| 438 | /* |
| 439 | * Get process accounting information. |
| 440 | */ |
| 441 | |
| 442 | /* (1) The name of the command that ran */ |
| 443 | strncpy(acct.ac_comm, p->p_comm, sizeof(acct.ac_comm)); |
| 444 | |
| 445 | /* (2) The amount of user and system time that was used */ |
| 446 | mutex_enter(p->p_lock); |
| 447 | calcru(p, &ut, &st, NULL, NULL); |
| 448 | mutex_exit(p->p_lock); |
| 449 | acct.ac_utime = encode_comp_t(ut.tv_sec, ut.tv_usec); |
| 450 | acct.ac_stime = encode_comp_t(st.tv_sec, st.tv_usec); |
| 451 | |
| 452 | /* (3) The elapsed time the commmand ran (and its starting time) */ |
| 453 | acct.ac_btime = p->p_stats->p_start.tv_sec; |
| 454 | getmicrotime(&tmp); |
| 455 | timersub(&tmp, &p->p_stats->p_start, &tmp); |
| 456 | acct.ac_etime = encode_comp_t(tmp.tv_sec, tmp.tv_usec); |
| 457 | |
| 458 | /* (4) The average amount of memory used */ |
| 459 | r = &p->p_stats->p_ru; |
| 460 | timeradd(&ut, &st, &tmp); |
| 461 | t = tmp.tv_sec * hz + tmp.tv_usec / tick; |
| 462 | if (t) |
| 463 | acct.ac_mem = (r->ru_ixrss + r->ru_idrss + r->ru_isrss) / t; |
| 464 | else |
| 465 | acct.ac_mem = 0; |
| 466 | |
| 467 | /* (5) The number of disk I/O operations done */ |
| 468 | acct.ac_io = encode_comp_t(r->ru_inblock + r->ru_oublock, 0); |
| 469 | |
| 470 | /* (6) The UID and GID of the process */ |
| 471 | acct.ac_uid = kauth_cred_getuid(l->l_cred); |
| 472 | acct.ac_gid = kauth_cred_getgid(l->l_cred); |
| 473 | |
| 474 | /* (7) The terminal from which the process was started */ |
| 475 | mutex_enter(proc_lock); |
| 476 | if ((p->p_lflag & PL_CONTROLT) && p->p_pgrp->pg_session->s_ttyp) |
| 477 | acct.ac_tty = p->p_pgrp->pg_session->s_ttyp->t_dev; |
| 478 | else |
| 479 | acct.ac_tty = NODEV; |
| 480 | mutex_exit(proc_lock); |
| 481 | |
| 482 | /* (8) The boolean flags that tell how the process terminated, etc. */ |
| 483 | acct.ac_flag = p->p_acflag; |
| 484 | |
| 485 | /* |
| 486 | * Now, just write the accounting information to the file. |
| 487 | */ |
| 488 | error = vn_rdwr(UIO_WRITE, acct_vp, (void *)&acct, |
| 489 | sizeof(acct), (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, |
| 490 | acct_cred, NULL, NULL); |
| 491 | if (error != 0) |
| 492 | log(LOG_ERR, "Accounting: write failed %d\n" , error); |
| 493 | |
| 494 | /* Restore limit - rather pointless since process is about to exit */ |
| 495 | p->p_rlimit[RLIMIT_FSIZE] = orlim; |
| 496 | |
| 497 | out: |
| 498 | rw_exit(&acct_lock); |
| 499 | return (error); |
| 500 | } |
| 501 | |