2 * refclock_shm - clock driver for utc via shared memory
3 * - under construction -
4 * To add new modes: Extend or union the shmTime-struct. Do not
5 * extend/shrink size, because otherwise existing implementations
6 * will specify wrong size of shared memory-segment
14 #include "ntp_types.h"
16 #if defined(REFCLOCK) && defined(CLOCK_SHM)
22 #include "ntp_refclock.h"
24 #include "timespecops.h"
26 #include "ntp_stdlib.h"
27 #include "ntp_assert.h"
41 #ifdef HAVE_STDATOMIC_H
42 # include <stdatomic.h>
43 #endif /* HAVE_STDATOMIC_H */
46 * This driver supports a reference clock attached thru shared memory
50 * SHM interface definitions
52 #define PRECISION (-1) /* precision assumed (0.5 s) */
53 #define REFID "SHM" /* reference ID */
54 #define DESCRIPTION "SHM/Shared memory interface"
56 #define NSAMPLES 3 /* stages of median filter */
61 #define SHM_MODE_PRIVATE 0x0001
66 static int shm_start (int unit, struct peer *peer);
67 static void shm_shutdown (int unit, struct peer *peer);
68 static void shm_poll (int unit, struct peer *peer);
69 static void shm_timer (int unit, struct peer *peer);
70 static void shm_clockstats (int unit, struct peer *peer);
71 static void shm_control (int unit, const struct refclockstat * in_st,
72 struct refclockstat * out_st, struct peer *peer);
77 struct refclock refclock_shm = {
78 shm_start, /* start up driver */
79 shm_shutdown, /* shut down driver */
80 shm_poll, /* transmit poll message */
81 shm_control, /* control settings */
82 noentry, /* not used: init */
83 noentry, /* not used: buginfo */
84 shm_timer, /* once per second */
88 int mode; /* 0 - if valid is set:
91 * 1 - if valid is set:
92 * if count before and after read of values is equal,
97 time_t clockTimeStampSec;
98 int clockTimeStampUSec;
99 time_t receiveTimeStampSec;
100 int receiveTimeStampUSec;
105 unsigned clockTimeStampNSec; /* Unsigned ns timestamps */
106 unsigned receiveTimeStampNSec; /* Unsigned ns timestamps */
111 struct shmTime *shm; /* pointer to shared memory segment */
112 int forall; /* access for all UIDs? */
114 /* debugging/monitoring counters - reset when printed */
115 int ticks; /* number of attempts to read data*/
116 int good; /* number of valid samples */
117 int notready; /* number of peeks without data ready */
118 int bad; /* number of invalid samples */
119 int clash; /* number of access clashes while reading */
121 time_t max_delta; /* difference limit */
122 time_t max_delay; /* age/stale limit */
126 static struct shmTime*
132 struct shmTime *p = NULL;
138 /* 0x4e545030 is NTP0.
139 * Big units will give non-ascii but that's OK
140 * as long as everybody does it the same way.
142 shmid=shmget(0x4e545030 + unit, sizeof (struct shmTime),
143 IPC_CREAT | (forall ? 0666 : 0600));
144 if (shmid == -1) { /* error */
145 msyslog(LOG_ERR, "SHM shmget (unit %d): %m", unit);
148 p = (struct shmTime *)shmat (shmid, 0, 0);
149 if (p == (struct shmTime *)-1) { /* error */
150 msyslog(LOG_ERR, "SHM shmat (unit %d): %m", unit);
157 static const char * nspref[2] = { "Local", "Global" };
159 LPSECURITY_ATTRIBUTES psec = 0;
161 SECURITY_DESCRIPTOR sd;
162 SECURITY_ATTRIBUTES sa;
165 numch = snprintf(buf, sizeof(buf), "%s\\NTP%d",
166 nspref[forall != 0], (unit & 0xFF));
167 if (numch >= sizeof(buf)) {
168 msyslog(LOG_ERR, "SHM name too long (unit %d)", unit);
171 if (forall) { /* world access */
172 if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) {
173 msyslog(LOG_ERR,"SHM InitializeSecurityDescriptor (unit %d): %m", unit);
176 if (!SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE)) {
177 msyslog(LOG_ERR, "SHM SetSecurityDescriptorDacl (unit %d): %m", unit);
180 sa.nLength = sizeof(SECURITY_ATTRIBUTES);
181 sa.lpSecurityDescriptor = &sd;
182 sa.bInheritHandle = FALSE;
185 shmid = CreateFileMapping ((HANDLE)0xffffffff, psec, PAGE_READWRITE,
186 0, sizeof (struct shmTime), buf);
187 if (shmid == NULL) { /*error*/
189 FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM,
190 0, GetLastError (), 0, buf, sizeof (buf), 0);
191 msyslog(LOG_ERR, "SHM CreateFileMapping (unit %d): %s", unit, buf);
194 p = (struct shmTime *)MapViewOfFile(shmid, FILE_MAP_WRITE, 0, 0,
195 sizeof (struct shmTime));
196 if (p == NULL) { /*error*/
198 FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM,
199 0, GetLastError (), 0, buf, sizeof (buf), 0);
200 msyslog(LOG_ERR,"SHM MapViewOfFile (unit %d): %s", unit, buf);
208 ENSURE(!"getShmTime(): Not reached.");
213 * shm_start - attach to shared memory
221 struct refclockproc * const pp = peer->procptr;
222 struct shmunit * const up = emalloc_zero(sizeof(*up));
224 pp->io.clock_recv = noentry;
225 pp->io.srcclock = peer;
229 up->forall = (unit >= 2) && !(peer->ttl & SHM_MODE_PRIVATE);
231 up->shm = getShmTime(unit, up->forall);
234 * Initialize miscellaneous peer variables
236 memcpy((char *)&pp->refid, REFID, 4);
239 up->shm->precision = PRECISION;
240 peer->precision = up->shm->precision;
242 up->shm->nsamples = NSAMPLES;
243 pp->clockdesc = DESCRIPTION;
244 /* items to be changed later in 'shm_control()': */
246 up->max_delta = 4*3600;
257 * shm_control - configure flag1/time2 params
259 * These are not yet available during 'shm_start', so we have to do any
260 * pre-computations we want to avoid during regular poll/timer callbacks
266 const struct refclockstat * in_st,
267 struct refclockstat * out_st,
271 struct refclockproc * const pp = peer->procptr;
272 struct shmunit * const up = pp->unitptr;
279 if (pp->sloppyclockflag & CLK_FLAG1)
281 else if (pp->fudgetime2 < 1. || pp->fudgetime2 > 86400.)
282 up->max_delta = 4*3600;
284 up->max_delta = (time_t)floor(pp->fudgetime2 + 0.5);
289 * shm_shutdown - shut down the clock
297 struct refclockproc * const pp = peer->procptr;
298 struct shmunit * const up = pp->unitptr;
305 /* HMS: shmdt() wants char* or const void * */
306 (void)shmdt((char *)up->shm);
310 UnmapViewOfFile(up->shm);
318 * shm_poll - called by the transmit procedure
326 struct refclockproc * const pp = peer->procptr;
327 struct shmunit * const up = pp->unitptr;
332 /* get dominant reason if we have no samples at all */
333 major_error = max(up->notready, up->bad);
334 major_error = max(major_error, up->clash);
337 * Process median filter samples. If none received, see what
338 * happened, tell the core and keep going.
340 if (pp->coderecv != pp->codeproc) {
341 /* have some samples, everything OK */
342 pp->lastref = pp->lastrec;
343 refclock_report(peer, CEVNT_NOMINAL);
344 refclock_receive(peer);
345 } else if (NULL == up->shm) { /* is this possible at all? */
346 /* we're out of business without SHM access */
347 refclock_report(peer, CEVNT_FAULT);
348 } else if (major_error == up->clash) {
349 /* too many collisions is like a bad signal */
350 refclock_report(peer, CEVNT_PROP);
351 } else if (major_error == up->bad) {
352 /* too much stale/bad/garbled data */
353 refclock_report(peer, CEVNT_BADREPLY);
355 /* in any other case assume it's just a timeout */
356 refclock_report(peer, CEVNT_TIMEOUT);
358 /* shm_clockstats() clears the tallies, so it must be last... */
359 shm_clockstats(unit, peer);
364 OK, NO_SEGMENT, NOT_READY, BAD_MODE, CLASH
370 struct timespec tvc, tvr, tvt;
375 static inline void memory_barrier(void)
377 #ifdef HAVE_ATOMIC_THREAD_FENCE
378 atomic_thread_fence(memory_order_seq_cst);
379 #endif /* HAVE_ATOMIC_THREAD_FENCE */
382 static enum segstat_t shm_query(volatile struct shmTime *shm_in, struct shm_stat_t *shm_stat)
383 /* try to grab a sample from the specified SHM segment */
385 struct shmTime shmcopy;
386 volatile struct shmTime *shm = shm_in;
389 unsigned int cns_new, rns_new;
392 * This is the main routine. It snatches the time from the shm
393 * board and tacks on a local timestamp.
396 shm_stat->status = NO_SEGMENT;
400 /*@-type@*//* splint is confused about struct timespec */
401 shm_stat->tvc.tv_sec = shm_stat->tvc.tv_nsec = 0;
406 shm_stat->tvc.tv_sec = now;
409 /* relying on word access to be atomic here */
410 if (shm->valid == 0) {
411 shm_stat->status = NOT_READY;
418 * This is proof against concurrency issues if either
419 * (a) the memory_barrier() call works on this host, or
420 * (b) memset compiles to an uninterruptible single-instruction bitblt.
423 memcpy(&shmcopy, (void*)(uintptr_t)shm, sizeof(struct shmTime));
428 * Clash detection in case neither (a) nor (b) was true.
429 * Not supported in mode 0, and word access to the count field
430 * must be atomic for this to work.
432 if (shmcopy.mode > 0 && cnt != shm->count) {
433 shm_stat->status = CLASH;
434 return shm_stat->status;
437 shm_stat->status = OK;
438 shm_stat->mode = shmcopy.mode;
440 switch (shmcopy.mode) {
442 shm_stat->tvr.tv_sec = shmcopy.receiveTimeStampSec;
443 shm_stat->tvr.tv_nsec = shmcopy.receiveTimeStampUSec * 1000;
444 rns_new = shmcopy.receiveTimeStampNSec;
445 shm_stat->tvt.tv_sec = shmcopy.clockTimeStampSec;
446 shm_stat->tvt.tv_nsec = shmcopy.clockTimeStampUSec * 1000;
447 cns_new = shmcopy.clockTimeStampNSec;
449 /* Since the following comparisons are between unsigned
450 ** variables they are always well defined, and any
451 ** (signed) underflow will turn into very large unsigned
452 ** values, well above the 1000 cutoff.
454 ** Note: The usecs *must* be a *truncated*
455 ** representation of the nsecs. This code will fail for
456 ** *rounded* usecs, and the logic to deal with
457 ** wrap-arounds in the presence of rounded values is
458 ** much more convoluted.
460 if ( ((cns_new - (unsigned)shm_stat->tvt.tv_nsec) < 1000)
461 && ((rns_new - (unsigned)shm_stat->tvr.tv_nsec) < 1000)) {
462 shm_stat->tvt.tv_nsec = cns_new;
463 shm_stat->tvr.tv_nsec = rns_new;
465 /* At this point shm_stat->tvr and shm_stat->tvt contain valid ns-level
466 ** timestamps, possibly generated by extending the old
467 ** us-level timestamps
473 shm_stat->tvr.tv_sec = shmcopy.receiveTimeStampSec;
474 shm_stat->tvr.tv_nsec = shmcopy.receiveTimeStampUSec * 1000;
475 rns_new = shmcopy.receiveTimeStampNSec;
476 shm_stat->tvt.tv_sec = shmcopy.clockTimeStampSec;
477 shm_stat->tvt.tv_nsec = shmcopy.clockTimeStampUSec * 1000;
478 cns_new = shmcopy.clockTimeStampNSec;
480 /* See the case above for an explanation of the
483 if ( ((cns_new - (unsigned)shm_stat->tvt.tv_nsec) < 1000)
484 && ((rns_new - (unsigned)shm_stat->tvr.tv_nsec) < 1000)) {
485 shm_stat->tvt.tv_nsec = cns_new;
486 shm_stat->tvr.tv_nsec = rns_new;
488 /* At this point shm_stat->tvr and shm_stat->tvt contains valid ns-level
489 ** timestamps, possibly generated by extending the old
490 ** us-level timestamps
495 shm_stat->status = BAD_MODE;
501 * leap field is not a leap offset but a leap notification code.
502 * The values are magic numbers used by NTP and set by GPSD, if at all, in
505 shm_stat->leap = shmcopy.leap;
506 shm_stat->precision = shmcopy.precision;
508 return shm_stat->status;
512 * shm_timer - called once every second.
514 * This tries to grab a sample from the SHM segment, filtering bad ones
522 struct refclockproc * const pp = peer->procptr;
523 struct shmunit * const up = pp->unitptr;
525 volatile struct shmTime *shm;
531 /* for formatting 'a_lastcode': */
536 enum segstat_t status;
537 struct shm_stat_t shm_stat;
540 if ((shm = up->shm) == NULL) {
541 /* try to map again - this may succeed if meanwhile some-
542 body has ipcrm'ed the old (unaccessible) shared mem segment */
543 shm = up->shm = getShmTime(unit, up->forall);
545 DPRINTF(1, ("%s: no SHM segment\n",
546 refnumtoa(&peer->srcadr)));
551 /* query the segment, atomically */
552 status = shm_query(shm, &shm_stat);
556 DPRINTF(2, ("%s: SHM type %d sample\n",
557 refnumtoa(&peer->srcadr), shm_stat.mode));
560 /* should never happen, but is harmless */
563 DPRINTF(1, ("%s: SHM not ready\n",refnumtoa(&peer->srcadr)));
567 DPRINTF(1, ("%s: SHM type blooper, mode=%d\n",
568 refnumtoa(&peer->srcadr), shm->mode));
570 msyslog (LOG_ERR, "SHM: bad mode found in shared memory: %d",
574 DPRINTF(1, ("%s: type 1 access clash\n",
575 refnumtoa(&peer->srcadr)));
576 msyslog (LOG_NOTICE, "SHM: access clash in shared memory");
580 DPRINTF(1, ("%s: internal error, unknown SHM fetch status\n",
581 refnumtoa(&peer->srcadr)));
582 msyslog (LOG_NOTICE, "internal error, unknown SHM fetch status");
588 /* format the last time code in human-readable form into
589 * 'pp->a_lastcode'. Someone claimed: "NetBSD has incompatible
590 * tv_sec". I can't find a base for this claim, but we can work
591 * around that potential problem. BTW, simply casting a pointer
592 * is a receipe for disaster on some architectures.
594 tt = (time_t)shm_stat.tvt.tv_sec;
595 ts = time_to_vint64(&tt);
596 ntpcal_time_to_date(&cd, &ts);
598 /* add ntpq -c cv timecode in ISO 8601 format */
599 c = snprintf(pp->a_lastcode, sizeof(pp->a_lastcode),
600 "%04u-%02u-%02uT%02u:%02u:%02u.%09ldZ",
601 cd.year, cd.month, cd.monthday,
602 cd.hour, cd.minute, cd.second,
603 (long)shm_stat.tvt.tv_nsec);
604 pp->lencode = (c > 0 && (size_t)c < sizeof(pp->a_lastcode)) ? c : 0;
606 /* check 1: age control of local time stamp */
607 tt = shm_stat.tvc.tv_sec - shm_stat.tvr.tv_sec;
608 if (tt < 0 || tt > up->max_delay) {
609 DPRINTF(1, ("%s:SHM stale/bad receive time, delay=%llds\n",
610 refnumtoa(&peer->srcadr), (long long)tt));
612 msyslog (LOG_ERR, "SHM: stale/bad receive time, delay=%llds",
617 /* check 2: delta check */
618 tt = shm_stat.tvr.tv_sec - shm_stat.tvt.tv_sec - (shm_stat.tvr.tv_nsec < shm_stat.tvt.tv_nsec);
621 if (up->max_delta > 0 && tt > up->max_delta) {
622 DPRINTF(1, ("%s: SHM diff limit exceeded, delta=%llds\n",
623 refnumtoa(&peer->srcadr), (long long)tt));
625 msyslog (LOG_ERR, "SHM: difference limit exceeded, delta=%llds\n",
630 /* if we really made it to this point... we're winners! */
631 DPRINTF(2, ("%s: SHM feeding data\n",
632 refnumtoa(&peer->srcadr)));
633 tsrcv = tspec_stamp_to_lfp(shm_stat.tvr);
634 tsref = tspec_stamp_to_lfp(shm_stat.tvt);
635 pp->leap = shm_stat.leap;
636 peer->precision = shm_stat.precision;
637 refclock_process_offset(pp, tsref, tsrcv, pp->fudgetime1);
642 * shm_clockstats - dump and reset counters
644 static void shm_clockstats(
649 struct refclockproc * const pp = peer->procptr;
650 struct shmunit * const up = pp->unitptr;
653 if (pp->sloppyclockflag & CLK_FLAG4) {
655 &peer->srcadr, "%3d %3d %3d %3d %3d",
656 up->ticks, up->good, up->notready,
659 up->ticks = up->good = up->notready = up->bad = up->clash = 0;
663 NONEMPTY_TRANSLATION_UNIT
664 #endif /* REFCLOCK */