| blob | b587f1b480e49d38bff78f82595c4c663129e960 |
1 /*
2 * systime -- routines to fiddle a UNIX clock.
3 *
4 * ATTENTION: Get approval from Dave Mills on all changes to this file!
5 *
6 */
15 #ifndef USE_COMPILETIME_PIVOT
16 # define USE_COMPILETIME_PIVOT 1
17 #endif
19 /*
20 * These routines (get_systime, step_systime, adj_systime) implement an
21 * interface between the system independent NTP clock and the Unix
22 * system clock in various architectures and operating systems. Time is
23 * a precious quantity in these routines and every effort is made to
24 * minimize errors by unbiased rounding and amortizing adjustment
25 * residues.
26 *
27 * In order to improve the apparent resolution, provide unbiased
28 * rounding and most importantly ensure that the readings cannot be
29 * predicted, the low-order unused portion of the time below the minimum
30 * time to read the clock is filled with an unbiased random fuzz.
31 *
32 * The sys_tick variable specifies the system clock tick interval in
33 * seconds, for stepping clocks, defined as those which return times
34 * less than MINSTEP greater than the previous reading. For systems that
35 * use a high-resolution counter such that each clock reading is always
36 * at least MINSTEP greater than the prior, sys_tick is the time to read
37 * the system clock.
38 *
39 * The sys_fuzz variable measures the minimum time to read the system
40 * clock, regardless of its precision. When reading the system clock
41 * using get_systime() after sys_tick and sys_fuzz have been determined,
42 * ntpd ensures each unprocessed clock reading is no less than sys_fuzz
43 * later than the prior unprocessed reading, and then fuzzes the bits
44 * below sys_fuzz in the timestamp returned, ensuring each of its
45 * resulting readings is strictly later than the previous.
46 *
47 * When slewing the system clock using adj_systime() (with the kernel
48 * loop discipline unavailable or disabled), adjtime() offsets are
49 * quantized to sys_tick, if sys_tick is greater than sys_fuzz, which
50 * is to say if the OS presents a stepping clock. Otherwise, offsets
51 * are quantized to the microsecond resolution of adjtime()'s timeval
52 * input. The remaining correction sys_residual is carried into the
53 * next adjtime() and meanwhile is also factored into get_systime()
54 * readings.
55 *
56 * adj_systime() and step_systime() will behave sanely with these
57 * variables not set, but the adjustments may be in larger steps.
58 */
59 time_stepped_callback step_callback;
66 static void
69 )
70 {
75 #ifndef __COVERITY__
80 }
82 }
85 /*
86 * get_systime - return system time in NTP timestamp format.
87 */
88 void
91 )
92 {
96 }
99 /*
100 * adj_systime - adjust system time by the argument.
101 */
106 )
107 {
111 doubletime_t dtemp;
115 /*
116 * FIXME: With the legacy Windows port gone, this might be removable.
117 * See also the related FIXME comment in ntpd/ntp_loopfilter.c.
118 *
119 * The Windows port adj_systime() depended on being called each
120 * second even when there's no additional correction, to allow
121 * emulation of adjtime() behavior on top of an API that simply
122 * sets the current rate. This POSIX implementation needs to
123 * ignore invocations with zero correction, otherwise ongoing
124 * EVNT_NSET adjtime() can be aborted by a tiny adjtime()
125 * triggered by sys_residual.
126 */
130 /*
131 * Most Unix adjtime() implementations adjust the system clock
132 * in microsecond quanta, but some adjust in 10-ms quanta. We
133 * carefully round the adjustment to the nearest quantum, then
134 * adjust in quanta and keep the residue for later.
135 */
140 }
146 /* The rounding in the conversions could push us over the
147 * limits: make sure the result is properly normalised!
148 * note: sign comes later, all numbers non-negative here.
149 */
154 }
155 /* set the new residual with leftover from correction */
158 /*
159 * Convert to signed seconds and microseconds for the Unix
160 * adjtime() system call. Note we purposely lose the adjtime()
161 * leftover.
162 */
167 }
172 }
173 }
175 }
178 /*
179 * step_systime - step the system clock.
180 *
181 * if your timespec has a 64 bit time_t then you are 2038 ready.
182 * if your timespec has a 32 bit time_t, be sure to duck in 2038
183 */
185 bool
187 doubletime_t step
188 )
189 {
196 /*
197 * Get pivot time for NTP era unfolding. Since we don't step
198 * very often, we can afford to do the whole calculation from
199 * scratch. And we're not in the time-critical path yet.
200 */
201 #if NTP_SIZEOF_TIME_T > 4
202 /*
203 * This code makes sure the resulting time stamp for the new
204 * system time is in the 2^32 seconds starting at 1970-01-01,
205 * 00:00:00 UTC.
206 */
208 #if USE_COMPILETIME_PIVOT
209 /*
210 * Add the compile time minus 10 years to get a possible target
211 * area of (compile time - 10 years) to (compile time + 126
212 * years). This should be sufficient for a given binary of
213 * NTPD.
214 */
221 }
222 #else
225 #else
227 /* This makes sure the resulting time stamp is on or after
228 * 1969-12-31/23:59:59 UTC and gives us additional two years,
229 * from the change of NTP era in 2036 to the UNIX rollover in
230 * 2038. (Minus one second, but that won't hurt.) We *really*
231 * need a longer 'time_t' after that! Or a different baseline,
232 * but that would cause other serious trouble, too.
233 */
235 #endif
237 /* get the complete jump distance as l_fp */
242 /* ---> time-critical path starts ---> */
244 /* get the current time as l_fp (without fuzz) and as struct timespec */
249 /* get the target time as l_fp */
252 /* unfold the new system time */
256 /* now set new system time */
260 }
262 /* <--- time-critical path ended with call to the settime hook <--- */
266 /* Get the full year (both old and new) into the log file.
267 * Issue #474 */
274 }
281 }
286 }
292 }