kern_acct.c revision 150419 
1/*-
2 * Copyright (c) 1994 Christopher G. Demetriou
3 * Copyright (c) 1982, 1986, 1989, 1993
4 *	The Regents of the University of California.  All rights reserved.
5 * (c) UNIX System Laboratories, Inc.
6 * All or some portions of this file are derived from material licensed
7 * to the University of California by American Telephone and Telegraph
8 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
9 * the permission of UNIX System Laboratories, Inc.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 *    notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 *    notice, this list of conditions and the following disclaimer in the
18 *    documentation and/or other materials provided with the distribution.
19 * 3. All advertising materials mentioning features or use of this software
20 *    must display the following acknowledgement:
21 *	This product includes software developed by the University of
22 *	California, Berkeley and its contributors.
23 * 4. Neither the name of the University nor the names of its contributors
24 *    may be used to endorse or promote products derived from this software
25 *    without specific prior written permission.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * SUCH DAMAGE.
38 *
39 *	@(#)kern_acct.c	8.1 (Berkeley) 6/14/93
40 */
41
42#include <sys/cdefs.h>
43__FBSDID("$FreeBSD: head/sys/kern/kern_acct.c 150419 2005-09-21 15:28:07Z rwatson $");
44
45#include "opt_mac.h"
46
47#include <sys/param.h>
48#include <sys/systm.h>
49#include <sys/lock.h>
50#include <sys/mutex.h>
51#include <sys/sysproto.h>
52#include <sys/proc.h>
53#include <sys/mac.h>
54#include <sys/mount.h>
55#include <sys/vnode.h>
56#include <sys/fcntl.h>
57#include <sys/syslog.h>
58#include <sys/kernel.h>
59#include <sys/sysent.h>
60#include <sys/sysctl.h>
61#include <sys/namei.h>
62#include <sys/acct.h>
63#include <sys/resourcevar.h>
64#include <sys/tty.h>
65
66/*
67 * The routines implemented in this file are described in:
68 *      Leffler, et al.: The Design and Implementation of the 4.3BSD
69 *	    UNIX Operating System (Addison Welley, 1989)
70 * on pages 62-63.
71 *
72 * Arguably, to simplify accounting operations, this mechanism should
73 * be replaced by one in which an accounting log file (similar to /dev/klog)
74 * is read by a user process, etc.  However, that has its own problems.
75 */
76
77/*
78 * Internal accounting functions.
79 * The former's operation is described in Leffler, et al., and the latter
80 * was provided by UCB with the 4.4BSD-Lite release
81 */
82static comp_t	encode_comp_t(u_long, u_long);
83static void	acctwatch(void *);
84
85/*
86 * Accounting callout used for periodic scheduling of acctwatch.
87 */
88static struct	callout acctwatch_callout;
89
90/*
91 * Accounting vnode pointer, saved vnode pointer, and flags for each.
92 */
93static struct	vnode *acctp;
94static struct	ucred *acctcred;
95static int	acctflags;
96static struct	vnode *savacctp;
97static struct	ucred *savacctcred;
98static int	savacctflags;
99
100static struct mtx	acct_mtx;
101MTX_SYSINIT(acct, &acct_mtx, "accounting", MTX_DEF);
102
103/*
104 * Values associated with enabling and disabling accounting
105 */
106static int acctsuspend = 2;	/* stop accounting when < 2% free space left */
107SYSCTL_INT(_kern, OID_AUTO, acct_suspend, CTLFLAG_RW,
108	&acctsuspend, 0, "percentage of free disk space below which accounting stops");
109
110static int acctresume = 4;	/* resume when free space risen to > 4% */
111SYSCTL_INT(_kern, OID_AUTO, acct_resume, CTLFLAG_RW,
112	&acctresume, 0, "percentage of free disk space above which accounting resumes");
113
114static int acctchkfreq = 15;	/* frequency (in seconds) to check space */
115SYSCTL_INT(_kern, OID_AUTO, acct_chkfreq, CTLFLAG_RW,
116	&acctchkfreq, 0, "frequency for checking the free space");
117
118/*
119 * Accounting system call.  Written based on the specification and
120 * previous implementation done by Mark Tinguely.
121 *
122 * MPSAFE
123 */
124int
125acct(td, uap)
126	struct thread *td;
127	struct acct_args /* {
128		char *path;
129	} */ *uap;
130{
131	struct nameidata nd;
132	int error, flags;
133
134	/* Make sure that the caller is root. */
135	error = suser(td);
136	if (error)
137		return (error);
138
139	mtx_lock(&Giant);
140
141	/*
142	 * If accounting is to be started to a file, open that file for
143	 * appending and make sure it's a 'normal'.
144	 */
145	if (uap->path != NULL) {
146		NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
147		flags = FWRITE | O_APPEND;
148		error = vn_open(&nd, &flags, 0, -1);
149		if (error)
150			goto done2;
151		NDFREE(&nd, NDF_ONLY_PNBUF);
152#ifdef MAC
153		error = mac_check_system_acct(td->td_ucred, nd.ni_vp);
154		if (error) {
155			VOP_UNLOCK(nd.ni_vp, 0, td);
156			vn_close(nd.ni_vp, flags, td->td_ucred, td);
157			goto done2;
158		}
159#endif
160		VOP_UNLOCK(nd.ni_vp, 0, td);
161		if (nd.ni_vp->v_type != VREG) {
162			vn_close(nd.ni_vp, flags, td->td_ucred, td);
163			error = EACCES;
164			goto done2;
165		}
166#ifdef MAC
167	} else {
168		error = mac_check_system_acct(td->td_ucred, NULL);
169		if (error)
170			goto done2;
171#endif
172	}
173
174	mtx_lock(&acct_mtx);
175
176	/*
177	 * If accounting was previously enabled, kill the old space-watcher,
178	 * close the file, and (if no new file was specified, leave).
179	 *
180	 * XXX arr: should not hold lock over vnode operation.
181	 */
182	if (acctp != NULLVP || savacctp != NULLVP) {
183		callout_stop(&acctwatch_callout);
184		error = vn_close((acctp != NULLVP ? acctp : savacctp),
185		    (acctp != NULLVP ? acctflags : savacctflags),
186		    (acctcred != NOCRED ? acctcred : savacctcred), td);
187		acctp = savacctp = NULLVP;
188		crfree(acctcred != NOCRED ? acctcred : savacctcred);
189		acctcred = savacctcred = NOCRED;
190		log(LOG_NOTICE, "Accounting disabled\n");
191	}
192	if (uap->path == NULL) {
193		mtx_unlock(&acct_mtx);
194		goto done2;
195	}
196
197	/*
198	 * Save the new accounting file vnode, and schedule the new
199	 * free space watcher.
200	 */
201	acctp = nd.ni_vp;
202	acctcred = crhold(td->td_ucred);
203	acctflags = flags;
204	callout_init(&acctwatch_callout, 0);
205	mtx_unlock(&acct_mtx);
206	log(LOG_NOTICE, "Accounting enabled\n");
207	acctwatch(NULL);
208
209done2:
210	mtx_unlock(&Giant);
211	return (error);
212}
213
214/*
215 * Write out process accounting information, on process exit.
216 * Data to be written out is specified in Leffler, et al.
217 * and are enumerated below.  (They're also noted in the system
218 * "acct.h" header file.)
219 */
220int
221acct_process(td)
222	struct thread *td;
223{
224	struct acct acct;
225	struct timeval ut, st, tmp;
226	struct plimit *newlim, *oldlim;
227	struct proc *p;
228	struct rusage *r;
229	struct ucred *uc;
230	struct vnode *vp;
231	int t, ret;
232
233	/*
234	 * Lockless check of accounting condition before doing the hard
235	 * work.
236	 */
237	if (acctp == NULLVP)
238		return (0);
239
240	mtx_lock(&acct_mtx);
241
242	/*
243	 * If accounting isn't enabled, don't bother.  Have to check again
244	 * once we own the lock in case we raced with disabling of accounting
245	 * by another thread.
246	 */
247	vp = acctp;
248	if (vp == NULLVP) {
249		mtx_unlock(&acct_mtx);
250		return (0);
251	}
252
253	p = td->td_proc;
254
255	/*
256	 * Get process accounting information.
257	 */
258
259	PROC_LOCK(p);
260	/* (1) The name of the command that ran */
261	bcopy(p->p_comm, acct.ac_comm, sizeof acct.ac_comm);
262
263	/* (2) The amount of user and system time that was used */
264	calcru(p, &ut, &st);
265	acct.ac_utime = encode_comp_t(ut.tv_sec, ut.tv_usec);
266	acct.ac_stime = encode_comp_t(st.tv_sec, st.tv_usec);
267
268	/* (3) The elapsed time the command ran (and its starting time) */
269	tmp = boottime;
270	timevaladd(&tmp, &p->p_stats->p_start);
271	acct.ac_btime = tmp.tv_sec;
272	microuptime(&tmp);
273	timevalsub(&tmp, &p->p_stats->p_start);
274	acct.ac_etime = encode_comp_t(tmp.tv_sec, tmp.tv_usec);
275
276	/* (4) The average amount of memory used */
277	r = &p->p_stats->p_ru;
278	tmp = ut;
279	timevaladd(&tmp, &st);
280	t = tmp.tv_sec * hz + tmp.tv_usec / tick;
281	if (t)
282		acct.ac_mem = (r->ru_ixrss + r->ru_idrss + r->ru_isrss) / t;
283	else
284		acct.ac_mem = 0;
285
286	/* (5) The number of disk I/O operations done */
287	acct.ac_io = encode_comp_t(r->ru_inblock + r->ru_oublock, 0);
288
289	/* (6) The UID and GID of the process */
290	acct.ac_uid = p->p_ucred->cr_ruid;
291	acct.ac_gid = p->p_ucred->cr_rgid;
292
293	/* (7) The terminal from which the process was started */
294	SESS_LOCK(p->p_session);
295	if ((p->p_flag & P_CONTROLT) && p->p_pgrp->pg_session->s_ttyp)
296		acct.ac_tty = dev2udev(p->p_pgrp->pg_session->s_ttyp->t_dev);
297	else
298		acct.ac_tty = NODEV;
299	SESS_UNLOCK(p->p_session);
300
301	/* (8) The boolean flags that tell how the process terminated, etc. */
302	acct.ac_flag = p->p_acflag;
303	PROC_UNLOCK(p);
304
305	/*
306	 * Finish doing things that require acct_mtx, and release acct_mtx.
307	 */
308	uc = crhold(acctcred);
309	vref(vp);
310	mtx_unlock(&acct_mtx);
311
312	/*
313	 * Eliminate any file size rlimit.
314	 */
315	newlim = lim_alloc();
316	PROC_LOCK(p);
317	oldlim = p->p_limit;
318	lim_copy(newlim, oldlim);
319	newlim->pl_rlimit[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY;
320	p->p_limit = newlim;
321	PROC_UNLOCK(p);
322	lim_free(oldlim);
323
324	/*
325	 * Write the accounting information to the file.
326	 */
327	VOP_LEASE(vp, td, uc, LEASE_WRITE);
328	ret = vn_rdwr(UIO_WRITE, vp, (caddr_t)&acct, sizeof (acct),
329	    (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, uc, NOCRED,
330	    (int *)0, td);
331	vrele(vp);
332	crfree(uc);
333	return (ret);
334}
335
336/*
337 * Encode_comp_t converts from ticks in seconds and microseconds
338 * to ticks in 1/AHZ seconds.  The encoding is described in
339 * Leffler, et al., on page 63.
340 */
341
342#define	MANTSIZE	13			/* 13 bit mantissa. */
343#define	EXPSIZE		3			/* Base 8 (3 bit) exponent. */
344#define	MAXFRACT	((1 << MANTSIZE) - 1)	/* Maximum fractional value. */
345
346static comp_t
347encode_comp_t(s, us)
348	u_long s, us;
349{
350	int exp, rnd;
351
352	exp = 0;
353	rnd = 0;
354	s *= AHZ;
355	s += us / (1000000 / AHZ);	/* Maximize precision. */
356
357	while (s > MAXFRACT) {
358	rnd = s & (1 << (EXPSIZE - 1));	/* Round up? */
359		s >>= EXPSIZE;		/* Base 8 exponent == 3 bit shift. */
360		exp++;
361	}
362
363	/* If we need to round up, do it (and handle overflow correctly). */
364	if (rnd && (++s > MAXFRACT)) {
365		s >>= EXPSIZE;
366		exp++;
367	}
368
369	/* Clean it up and polish it off. */
370	exp <<= MANTSIZE;		/* Shift the exponent into place */
371	exp += s;			/* and add on the mantissa. */
372	return (exp);
373}
374
375/*
376 * Periodically check the filesystem to see if accounting
377 * should be turned on or off.  Beware the case where the vnode
378 * has been vgone()'d out from underneath us, e.g. when the file
379 * system containing the accounting file has been forcibly unmounted.
380 */
381/* ARGSUSED */
382static void
383acctwatch(a)
384	void *a;
385{
386	struct statfs sb;
387
388	mtx_lock(&acct_mtx);
389
390	/*
391	 * XXX arr: need to fix the issue of holding acct_mtx over
392	 * the below vnode operations.
393	 */
394	if (savacctp != NULLVP) {
395		if (savacctp->v_type == VBAD) {
396			(void) vn_close(savacctp, savacctflags, savacctcred,
397			    NULL);
398			savacctp = NULLVP;
399			savacctcred = NOCRED;
400			mtx_unlock(&acct_mtx);
401			return;
402		}
403		(void)VFS_STATFS(savacctp->v_mount, &sb, curthread);
404		if (sb.f_bavail > acctresume * sb.f_blocks / 100) {
405			acctp = savacctp;
406			acctcred = savacctcred;
407			acctflags = savacctflags;
408			savacctp = NULLVP;
409			savacctcred = NOCRED;
410			log(LOG_NOTICE, "Accounting resumed\n");
411		}
412	} else {
413		if (acctp == NULLVP) {
414			mtx_unlock(&acct_mtx);
415			return;
416		}
417		if (acctp->v_type == VBAD) {
418			(void) vn_close(acctp, acctflags, acctcred, NULL);
419			acctp = NULLVP;
420			crfree(acctcred);
421			acctcred = NOCRED;
422			mtx_unlock(&acct_mtx);
423			return;
424		}
425		(void)VFS_STATFS(acctp->v_mount, &sb, curthread);
426		if (sb.f_bavail <= acctsuspend * sb.f_blocks / 100) {
427			savacctp = acctp;
428			savacctflags = acctflags;
429			savacctcred = acctcred;
430			acctp = NULLVP;
431			acctcred = NOCRED;
432			log(LOG_NOTICE, "Accounting suspended\n");
433		}
434	}
435	callout_reset(&acctwatch_callout, acctchkfreq * hz, acctwatch, NULL);
436	mtx_unlock(&acct_mtx);
437}
438