1
/*-
2
 * SPDX-License-Identifier: BSD-4-Clause
3
 *
4
 * Copyright (c) 1982, 1986, 1989, 1993
5
 *	The Regents of the University of California.  All rights reserved.
6
 * (c) UNIX System Laboratories, Inc.
7
 * Copyright (c) 2005 Robert N. M. Watson
8
 * All rights reserved.
9
 *
10
 * All or some portions of this file are derived from material licensed
11
 * to the University of California by American Telephone and Telegraph
12
 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
13
 * the permission of UNIX System Laboratories, Inc.
14
 *
15
 * Redistribution and use in source and binary forms, with or without
16
 * modification, are permitted provided that the following conditions
17
 * are met:
18
 * 1. Redistributions of source code must retain the above copyright
19
 *    notice, this list of conditions and the following disclaimer.
20
 * 2. Redistributions in binary form must reproduce the above copyright
21
 *    notice, this list of conditions and the following disclaimer in the
22
 *    documentation and/or other materials provided with the distribution.
23
 * 3. Neither the name of the University nor the names of its contributors
24
 *    may be used to endorse or promote products derived from this software
25
 *    without specific prior written permission.
26
 *
27
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
28
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
31
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37
 * SUCH DAMAGE.
38
 *
39
 * Copyright (c) 1994 Christopher G. Demetriou
40
 *
41
 * Redistribution and use in source and binary forms, with or without
42
 * modification, are permitted provided that the following conditions
43
 * are met:
44
 * 1. Redistributions of source code must retain the above copyright
45
 *    notice, this list of conditions and the following disclaimer.
46
 * 2. Redistributions in binary form must reproduce the above copyright
47
 *    notice, this list of conditions and the following disclaimer in the
48
 *    documentation and/or other materials provided with the distribution.
49
 * 3. All advertising materials mentioning features or use of this software
50
 *    must display the following acknowledgement:
51
 *	This product includes software developed by the University of
52
 *	California, Berkeley and its contributors.
53
 * 4. Neither the name of the University nor the names of its contributors
54
 *    may be used to endorse or promote products derived from this software
55
 *    without specific prior written permission.
56
 *
57
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
58
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
59
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
60
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
61
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
62
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
63
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
64
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
65
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
66
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
67
 * SUCH DAMAGE.
68
 */
69

70
#include <sys/param.h>
71
#include <sys/systm.h>
72
#include <sys/acct.h>
73
#include <sys/fcntl.h>
74
#include <sys/kernel.h>
75
#include <sys/kthread.h>
76
#include <sys/limits.h>
77
#include <sys/lock.h>
78
#include <sys/malloc.h>
79
#include <sys/mount.h>
80
#include <sys/mutex.h>
81
#include <sys/namei.h>
82
#include <sys/priv.h>
83
#include <sys/proc.h>
84
#include <sys/resourcevar.h>
85
#include <sys/sched.h>
86
#include <sys/sx.h>
87
#include <sys/sysctl.h>
88
#include <sys/syslog.h>
89
#include <sys/sysproto.h>
90
#include <sys/tty.h>
91
#include <sys/vnode.h>
92

93
#include <security/mac/mac_framework.h>
94

95
_Static_assert(sizeof(struct acctv3) - offsetof(struct acctv3, ac_trailer) ==
96
    sizeof(struct acctv2) - offsetof(struct acctv2, ac_trailer), "trailer");
97
_Static_assert(sizeof(struct acctv3) - offsetof(struct acctv3, ac_len2) ==
98
    sizeof(struct acctv2) - offsetof(struct acctv2, ac_len2), "len2");
99

100
/*
101
 * The routines implemented in this file are described in:
102
 *      Leffler, et al.: The Design and Implementation of the 4.3BSD
103
 *	    UNIX Operating System (Addison Welley, 1989)
104
 * on pages 62-63.
105
 * On May 2007 the historic 3 bits base 8 exponent, 13 bit fraction
106
 * compt_t representation described in the above reference was replaced
107
 * with that of IEEE-754 floats.
108
 *
109
 * Arguably, to simplify accounting operations, this mechanism should
110
 * be replaced by one in which an accounting log file (similar to /dev/klog)
111
 * is read by a user process, etc.  However, that has its own problems.
112
 */
113

114
/* Floating point definitions from <float.h>. */
115
#define FLT_MANT_DIG    24              /* p */
116
#define FLT_MAX_EXP     128             /* emax */
117

118
/*
119
 * Internal accounting functions.
120
 * The former's operation is described in Leffler, et al., and the latter
121
 * was provided by UCB with the 4.4BSD-Lite release
122
 */
123
static uint32_t	encode_timeval(struct timeval);
124
static uint32_t	encode_long(long);
125
static void	acctwatch(void);
126
static void	acct_thread(void *);
127
static int	acct_disable(struct thread *, int);
128

129
/*
130
 * Accounting vnode pointer, saved vnode pointer, and flags for each.
131
 * acct_sx protects against changes to the active vnode and credentials
132
 * while accounting records are being committed to disk.
133
 */
134
static int		 acct_configured;
135
static int		 acct_suspended;
136
static struct vnode	*acct_vp;
137
static struct ucred	*acct_cred;
138
static int		 acct_flags;
139
static struct sx	 acct_sx;
140

141
SX_SYSINIT(acct, &acct_sx, "acct_sx");
142

143
/*
144
 * State of the accounting kthread.
145
 */
146
static int		 acct_state;
147

148
#define	ACCT_RUNNING	1	/* Accounting kthread is running. */
149
#define	ACCT_EXITREQ	2	/* Accounting kthread should exit. */
150

151
/*
152
 * Values associated with enabling and disabling accounting
153
 */
154
static int acctsuspend = 2;	/* stop accounting when < 2% free space left */
155
SYSCTL_INT(_kern, OID_AUTO, acct_suspend, CTLFLAG_RW,
156
	&acctsuspend, 0, "percentage of free disk space below which accounting stops");
157

158
static int acctresume = 4;	/* resume when free space risen to > 4% */
159
SYSCTL_INT(_kern, OID_AUTO, acct_resume, CTLFLAG_RW,
160
	&acctresume, 0, "percentage of free disk space above which accounting resumes");
161

162
static int acctchkfreq = 15;	/* frequency (in seconds) to check space */
163

164
static int
165
sysctl_acct_chkfreq(SYSCTL_HANDLER_ARGS)
166
{
167
	int error, value;
168

169
	/* Write out the old value. */
170
	error = SYSCTL_OUT(req, &acctchkfreq, sizeof(int));
171
	if (error || req->newptr == NULL)
172
		return (error);
173

174
	/* Read in and verify the new value. */
175
	error = SYSCTL_IN(req, &value, sizeof(int));
176
	if (error)
177
		return (error);
178
	if (value <= 0)
179
		return (EINVAL);
180
	acctchkfreq = value;
181
	return (0);
182
}
183
SYSCTL_PROC(_kern, OID_AUTO, acct_chkfreq,
184
    CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, &acctchkfreq, 0,
185
    sysctl_acct_chkfreq, "I",
186
    "frequency for checking the free space");
187

188
SYSCTL_INT(_kern, OID_AUTO, acct_configured, CTLFLAG_RD, &acct_configured, 0,
189
	"Accounting configured or not");
190

191
SYSCTL_INT(_kern, OID_AUTO, acct_suspended, CTLFLAG_RD, &acct_suspended, 0,
192
	"Accounting suspended or not");
193

194
/*
195
 * Accounting system call.  Written based on the specification and previous
196
 * implementation done by Mark Tinguely.
197
 */
198
int
199
sys_acct(struct thread *td, struct acct_args *uap)
200
{
201
	struct nameidata nd;
202
	int error, flags, replacing;
203

204
	error = priv_check(td, PRIV_ACCT);
205
	if (error)
206
		return (error);
207

208
	/*
209
	 * If accounting is to be started to a file, open that file for
210
	 * appending and make sure it's a 'normal'.
211
	 */
212
	if (uap->path != NULL) {
213
		NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
214
		    uap->path);
215
		flags = FWRITE | O_APPEND;
216
		error = vn_open(&nd, &flags, 0, NULL);
217
		if (error)
218
			return (error);
219
		NDFREE_PNBUF(&nd);
220
#ifdef MAC
221
		error = mac_system_check_acct(td->td_ucred, nd.ni_vp);
222
		if (error) {
223
			VOP_UNLOCK(nd.ni_vp);
224
			vn_close(nd.ni_vp, flags, td->td_ucred, td);
225
			return (error);
226
		}
227
#endif
228
		VOP_UNLOCK(nd.ni_vp);
229
		if (nd.ni_vp->v_type != VREG) {
230
			vn_close(nd.ni_vp, flags, td->td_ucred, td);
231
			return (EACCES);
232
		}
233
#ifdef MAC
234
	} else {
235
		error = mac_system_check_acct(td->td_ucred, NULL);
236
		if (error)
237
			return (error);
238
#endif
239
	}
240

241
	/*
242
	 * Disallow concurrent access to the accounting vnode while we swap
243
	 * it out, in order to prevent access after close.
244
	 */
245
	sx_xlock(&acct_sx);
246

247
	/*
248
	 * Don't log spurious disable/enable messages if we are
249
	 * switching from one accounting file to another due to log
250
	 * rotation.
251
	 */
252
	replacing = (acct_vp != NULL && uap->path != NULL);
253

254
	/*
255
	 * If accounting was previously enabled, kill the old space-watcher,
256
	 * close the file, and (if no new file was specified, leave).  Reset
257
	 * the suspended state regardless of whether accounting remains
258
	 * enabled.
259
	 */
260
	acct_suspended = 0;
261
	if (acct_vp != NULL)
262
		error = acct_disable(td, !replacing);
263
	if (uap->path == NULL) {
264
		if (acct_state & ACCT_RUNNING) {
265
			acct_state |= ACCT_EXITREQ;
266
			wakeup(&acct_state);
267
		}
268
		sx_xunlock(&acct_sx);
269
		return (error);
270
	}
271

272
	/*
273
	 * Save the new accounting file vnode, and schedule the new
274
	 * free space watcher.
275
	 */
276
	acct_vp = nd.ni_vp;
277
	acct_cred = crhold(td->td_ucred);
278
	acct_flags = flags;
279
	if (acct_state & ACCT_RUNNING)
280
		acct_state &= ~ACCT_EXITREQ;
281
	else {
282
		/*
283
		 * Try to start up an accounting kthread.  We may start more
284
		 * than one, but if so the extras will commit suicide as
285
		 * soon as they start up.
286
		 */
287
		error = kproc_create(acct_thread, NULL, NULL, 0, 0,
288
		    "accounting");
289
		if (error) {
290
			(void) acct_disable(td, 0);
291
			sx_xunlock(&acct_sx);
292
			log(LOG_NOTICE, "Unable to start accounting thread\n");
293
			return (error);
294
		}
295
	}
296
	acct_configured = 1;
297
	sx_xunlock(&acct_sx);
298
	if (!replacing)
299
		log(LOG_NOTICE, "Accounting enabled\n");
300
	return (error);
301
}
302

303
/*
304
 * Disable currently in-progress accounting by closing the vnode, dropping
305
 * our reference to the credential, and clearing the vnode's flags.
306
 */
307
static int
308
acct_disable(struct thread *td, int logging)
309
{
310
	int error;
311

312
	sx_assert(&acct_sx, SX_XLOCKED);
313
	error = vn_close(acct_vp, acct_flags, acct_cred, td);
314
	crfree(acct_cred);
315
	acct_configured = 0;
316
	acct_vp = NULL;
317
	acct_cred = NULL;
318
	acct_flags = 0;
319
	if (logging)
320
		log(LOG_NOTICE, "Accounting disabled\n");
321
	return (error);
322
}
323

324
/*
325
 * Write out process accounting information, on process exit.
326
 * Data to be written out is specified in Leffler, et al.
327
 * and are enumerated below.  (They're also noted in the system
328
 * "acct.h" header file.)
329
 */
330
int
331
acct_process(struct thread *td)
332
{
333
	struct acctv3 acct;
334
	struct timeval ut, st, tmp;
335
	struct proc *p;
336
	struct rusage ru;
337
	int t, ret;
338

339
	/*
340
	 * Lockless check of accounting condition before doing the hard
341
	 * work.
342
	 */
343
	if (acct_vp == NULL || acct_suspended)
344
		return (0);
345

346
	memset(&acct, 0, sizeof(acct));
347

348
	sx_slock(&acct_sx);
349

350
	/*
351
	 * If accounting isn't enabled, don't bother.  Have to check again
352
	 * once we own the lock in case we raced with disabling of accounting
353
	 * by another thread.
354
	 */
355
	if (acct_vp == NULL || acct_suspended) {
356
		sx_sunlock(&acct_sx);
357
		return (0);
358
	}
359

360
	p = td->td_proc;
361
	td->td_pflags2 |= TDP2_ACCT;
362

363
	/*
364
	 * Get process accounting information.
365
	 */
366

367
	sx_slock(&proctree_lock);
368
	PROC_LOCK(p);
369

370
	/* (1) The terminal from which the process was started */
371
	if ((p->p_flag & P_CONTROLT) && p->p_pgrp->pg_session->s_ttyp)
372
		acct.ac_tty = tty_udev(p->p_pgrp->pg_session->s_ttyp);
373
	else
374
		acct.ac_tty = NODEV;
375
	sx_sunlock(&proctree_lock);
376

377
	/* (2) The name of the command that ran */
378
	bcopy(p->p_comm, acct.ac_comm, sizeof acct.ac_comm);
379

380
	/* (3) The amount of user and system time that was used */
381
	rufetchcalc(p, &ru, &ut, &st);
382
	acct.ac_utime = encode_timeval(ut);
383
	acct.ac_stime = encode_timeval(st);
384

385
	/* (4) The elapsed time the command ran (and its starting time) */
386
	getboottime(&tmp);
387
	timevaladd(&tmp, &p->p_stats->p_start);
388
	acct.ac_btime = tmp.tv_sec;
389
	microuptime(&tmp);
390
	timevalsub(&tmp, &p->p_stats->p_start);
391
	acct.ac_etime = encode_timeval(tmp);
392

393
	/* (5) The average amount of memory used */
394
	tmp = ut;
395
	timevaladd(&tmp, &st);
396
	/* Convert tmp (i.e. u + s) into hz units to match ru_i*. */
397
	t = tmp.tv_sec * hz + tmp.tv_usec / tick;
398
	if (t)
399
		acct.ac_mem = encode_long((ru.ru_ixrss + ru.ru_idrss +
400
		    + ru.ru_isrss) / t);
401
	else
402
		acct.ac_mem = 0;
403

404
	/* (6) The number of disk I/O operations done */
405
	acct.ac_io = encode_long(ru.ru_inblock + ru.ru_oublock);
406

407
	/* (7) The UID and GID of the process */
408
	acct.ac_uid = p->p_ucred->cr_ruid;
409
	acct.ac_gid = p->p_ucred->cr_rgid;
410

411
	/* (8) The boolean flags that tell how the process terminated, etc. */
412
	acct.ac_flagx = p->p_acflag;
413

414
	PROC_UNLOCK(p);
415

416
	/* Setup ancillary structure fields. */
417
	acct.ac_flagx |= ANVER;
418
	acct.ac_zero = 0;
419
	acct.ac_version = 3;
420
	acct.ac_len = acct.ac_len2 = sizeof(acct);
421

422
	/*
423
	 * Write the accounting information to the file.
424
	 */
425
	ret = vn_rdwr(UIO_WRITE, acct_vp, (caddr_t)&acct, sizeof (acct),
426
	    (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, acct_cred, NOCRED,
427
	    NULL, td);
428
	sx_sunlock(&acct_sx);
429
	td->td_pflags2 &= ~TDP2_ACCT;
430
	return (ret);
431
}
432

433
/* FLOAT_CONVERSION_START (Regression testing; don't remove this line.) */
434

435
/* Convert timevals and longs into IEEE-754 bit patterns. */
436

437
/* Mantissa mask (MSB is implied, so subtract 1). */
438
#define MANT_MASK ((1 << (FLT_MANT_DIG - 1)) - 1)
439

440
/*
441
 * We calculate integer values to a precision of approximately
442
 * 28 bits.
443
 * This is high-enough precision to fill the 24 float bits
444
 * and low-enough to avoid overflowing the 32 int bits.
445
 */
446
#define CALC_BITS 28
447

448
/* log_2(1000000). */
449
#define LOG2_1M 20
450

451
/*
452
 * Convert the elements of a timeval into a 32-bit word holding
453
 * the bits of a IEEE-754 float.
454
 * The float value represents the timeval's value in microsecond units.
455
 */
456
static uint32_t
457
encode_timeval(struct timeval tv)
458
{
459
	int log2_s;
460
	int val, exp;	/* Unnormalized value and exponent */
461
	int norm_exp;	/* Normalized exponent */
462
	int shift;
463

464
	/*
465
	 * First calculate value and exponent to about CALC_BITS precision.
466
	 * Note that the following conditionals have been ordered so that
467
	 * the most common cases appear first.
468
	 */
469
	if (tv.tv_sec == 0) {
470
		if (tv.tv_usec == 0)
471
			return (0);
472
		exp = 0;
473
		val = tv.tv_usec;
474
	} else {
475
		/*
476
		 * Calculate the value to a precision of approximately
477
		 * CALC_BITS.
478
		 */
479
		log2_s = fls(tv.tv_sec) - 1;
480
		if (log2_s + LOG2_1M < CALC_BITS) {
481
			exp = 0;
482
			val = 1000000 * tv.tv_sec + tv.tv_usec;
483
		} else {
484
			exp = log2_s + LOG2_1M - CALC_BITS;
485
			val = (unsigned int)(((uint64_t)1000000 * tv.tv_sec +
486
			    tv.tv_usec) >> exp);
487
		}
488
	}
489
	/* Now normalize and pack the value into an IEEE-754 float. */
490
	norm_exp = fls(val) - 1;
491
	shift = FLT_MANT_DIG - norm_exp - 1;
492
#ifdef ACCT_DEBUG
493
	printf("val=%d exp=%d shift=%d log2(val)=%d\n",
494
	    val, exp, shift, norm_exp);
495
	printf("exp=%x mant=%x\n", FLT_MAX_EXP - 1 + exp + norm_exp,
496
	    ((shift > 0 ? (val << shift) : (val >> -shift)) & MANT_MASK));
497
#endif
498
	return (((FLT_MAX_EXP - 1 + exp + norm_exp) << (FLT_MANT_DIG - 1)) |
499
	    ((shift > 0 ? val << shift : val >> -shift) & MANT_MASK));
500
}
501

502
/*
503
 * Convert a non-negative long value into the bit pattern of
504
 * an IEEE-754 float value.
505
 */
506
static uint32_t
507
encode_long(long val)
508
{
509
	int norm_exp;	/* Normalized exponent */
510
	int shift;
511

512
	if (val == 0)
513
		return (0);
514
	if (val < 0) {
515
		log(LOG_NOTICE,
516
		    "encode_long: negative value %ld in accounting record\n",
517
		    val);
518
		val = LONG_MAX;
519
	}
520
	norm_exp = fls(val) - 1;
521
	shift = FLT_MANT_DIG - norm_exp - 1;
522
#ifdef ACCT_DEBUG
523
	printf("val=%d shift=%d log2(val)=%d\n",
524
	    val, shift, norm_exp);
525
	printf("exp=%x mant=%x\n", FLT_MAX_EXP - 1 + exp + norm_exp,
526
	    ((shift > 0 ? (val << shift) : (val >> -shift)) & MANT_MASK));
527
#endif
528
	return (((FLT_MAX_EXP - 1 + norm_exp) << (FLT_MANT_DIG - 1)) |
529
	    ((shift > 0 ? val << shift : val >> -shift) & MANT_MASK));
530
}
531

532
/* FLOAT_CONVERSION_END (Regression testing; don't remove this line.) */
533

534
/*
535
 * Periodically check the filesystem to see if accounting
536
 * should be turned on or off.  Beware the case where the vnode
537
 * has been vgone()'d out from underneath us, e.g. when the file
538
 * system containing the accounting file has been forcibly unmounted.
539
 */
540
/* ARGSUSED */
541
static void
542
acctwatch(void)
543
{
544
	struct statfs *sp;
545

546
	sx_assert(&acct_sx, SX_XLOCKED);
547

548
	/*
549
	 * If accounting was disabled before our kthread was scheduled,
550
	 * then acct_vp might be NULL.  If so, just ask our kthread to
551
	 * exit and return.
552
	 */
553
	if (acct_vp == NULL) {
554
		acct_state |= ACCT_EXITREQ;
555
		return;
556
	}
557

558
	/*
559
	 * If our vnode is no longer valid, tear it down and signal the
560
	 * accounting thread to die.
561
	 */
562
	if (acct_vp->v_type == VBAD) {
563
		(void) acct_disable(NULL, 1);
564
		acct_state |= ACCT_EXITREQ;
565
		return;
566
	}
567

568
	/*
569
	 * Stopping here is better than continuing, maybe it will be VBAD
570
	 * next time around.
571
	 */
572
	sp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
573
	if (VFS_STATFS(acct_vp->v_mount, sp) < 0) {
574
		free(sp, M_STATFS);
575
		return;
576
	}
577
	if (acct_suspended) {
578
		if (sp->f_bavail > (int64_t)(acctresume * sp->f_blocks /
579
		    100)) {
580
			acct_suspended = 0;
581
			log(LOG_NOTICE, "Accounting resumed\n");
582
		}
583
	} else {
584
		if (sp->f_bavail <= (int64_t)(acctsuspend * sp->f_blocks /
585
		    100)) {
586
			acct_suspended = 1;
587
			log(LOG_NOTICE, "Accounting suspended\n");
588
		}
589
	}
590
	free(sp, M_STATFS);
591
}
592

593
/*
594
 * The main loop for the dedicated kernel thread that periodically calls
595
 * acctwatch().
596
 */
597
static void
598
acct_thread(void *dummy)
599
{
600
	u_char pri;
601

602
	/* This is a low-priority kernel thread. */
603
	pri = PRI_MAX_KERN;
604
	thread_lock(curthread);
605
	sched_prio(curthread, pri);
606
	thread_unlock(curthread);
607

608
	/* If another accounting kthread is already running, just die. */
609
	sx_xlock(&acct_sx);
610
	if (acct_state & ACCT_RUNNING) {
611
		sx_xunlock(&acct_sx);
612
		kproc_exit(0);
613
	}
614
	acct_state |= ACCT_RUNNING;
615

616
	/* Loop until we are asked to exit. */
617
	while (!(acct_state & ACCT_EXITREQ)) {
618
		/* Perform our periodic checks. */
619
		acctwatch();
620

621
		/*
622
		 * We check this flag again before sleeping since the
623
		 * acctwatch() might have shut down accounting and asked us
624
		 * to exit.
625
		 */
626
		if (!(acct_state & ACCT_EXITREQ)) {
627
			sx_sleep(&acct_state, &acct_sx, 0, "-",
628
			    acctchkfreq * hz);
629
		}
630
	}
631

632
	/*
633
	 * Acknowledge the exit request and shutdown.  We clear both the
634
	 * exit request and running flags.
635
	 */
636
	acct_state = 0;
637
	sx_xunlock(&acct_sx);
638
	kproc_exit(0);
639
}
640

641