Lines Matching refs:zone
30 * A zone is a named collection of processes, namespace constraints,
36 * (zoneid_t) are used to track zone association. Zone IDs are
37 * dynamically generated when the zone is created; if a persistent
39 * etc.), the zone name should be used.
44 * The global zone (zoneid 0) is automatically associated with all
45 * system resources that have not been bound to a user-created zone.
47 * have a global zone, and all processes, mounts, etc. are
48 * associated with that zone. The global zone is generally
55 * The states in which a zone may be in and the transitions are as
58 * ZONE_IS_UNINITIALIZED: primordial state for a zone. The partially
59 * initialized zone is added to the list of active zones on the system but
63 * not yet completed. Not possible to enter the zone, but attributes can
66 * ZONE_IS_READY: zsched (the kernel dummy process for a zone) is
67 * ready. The zone is made visible after the ZSD constructor callbacks are
68 * executed. A zone remains in this state until it transitions into
72 * init. Should that fail, the zone proceeds to the ZONE_IS_SHUTTING_DOWN
75 * ZONE_IS_RUNNING: The zone is open for business: zsched has
76 * successfully started init. A zone remains in this state until
80 * killing all processes running in the zone. The zone remains
81 * in this state until there are no more user processes running in the zone.
82 * zone_create(), zone_enter(), and zone_destroy() on this zone will fail.
84 * multiple times for the same zone_t. Setting of the zone's state to
86 * the zone's status without worrying about it being a moving target.
89 * are no more user processes in the zone. The zone remains in this
91 * zone. zone_create(), zone_enter(), and zone_destroy() on this zone will
94 * ZONE_IS_DOWN: All kernel threads doing work on behalf of the zone
96 * join the zone or create kernel threads therein.
98 * ZONE_IS_DYING: zone_destroy() has been called on the zone; zone
103 * processes or threads doing work on behalf of the zone. The zone is
105 * the zone can be recreated.
108 * callbacks are executed, and all memory associated with the zone is
111 * Threads can wait for the zone to enter a requested state by using
119 * Subsystems needing to maintain zone-specific data can store that
120 * data using the ZSD mechanism. This provides a zone-specific data
123 * to register callbacks to be invoked when a zone is created, shut
124 * down, or destroyed. This can be used to initialize zone-specific
130 * The per-zone structure (zone_t) is reference counted, and freed
139 * zone_find_by_name. Both return zone_t pointers with the zone
142 * returns the zone with which a path name is associated (global
143 * zone if the path is not within some other zone's file system
144 * hierarchy). This currently requires iterating through each zone,
151 * zone hash tables and lists. Zones cannot be created or destroyed
153 * zone_status_lock: This is a global lock protecting zone state.
155 * protects the list of kernel threads associated with a zone.
156 * zone_lock: This is a per-zone lock used to protect several fields of
157 * the zone_t (see <sys/zone.h> for details). In addition, holding
158 * this lock means that the zone cannot go away.
159 * zone_nlwps_lock: This is a per-zone lock used to protect the fields
160 * related to the zone.max-lwps rctl.
161 * zone_mem_lock: This is a per-zone lock used to protect the fields
162 * related to the zone.max-locked-memory and zone.max-swap rctls.
163 * zone_rctl_lock: This is a per-zone lock used to protect other rctls,
178 * zone locks.
183 * The zone subsystem can be managed and queried from user level with
184 * the following system calls (all subcodes of the primary "zone"
186 * - zone_create: creates a zone with selected attributes (name,
188 * - zone_enter: allows the current process to enter a zone
189 * - zone_getattr: reports attributes of a zone
190 * - zone_setattr: set attributes of a zone
191 * - zone_boot: set 'init' running for the zone
193 * - zone_lookup: looks up zone id based on name
248 #include <sys/zone.h>
256 * subsystems to release a zone's general-purpose references will wait before
257 * they log the zone's reference counts. The constant's value shouldn't
265 /* List of data link IDs which are accessible from the zone */
273 * cv used to signal that all references to the zone have been released. This
275 * wake up will free the zone_t, hence we cannot use zone->zone_cv.
279 * Lock used to serialize access to zone_cv. This could have been per-zone,
293 * Global list of registered keys. We use this when a new zone is created.
304 * The global zone (aka zone0) is the all-seeing, all-knowing zone in which the
308 * except for by code that needs to reference the global zone early on in boot,
313 zone_t *global_zone = NULL; /* Set when the global zone is initialized */
331 /* Event channel to sent zone state change notifications */
335 * This table holds the mapping from kernel zone states to
355 * (see sys/zone.h).
383 static char * const zone_prefix = "/zone/";
405 * Bump this number when you alter the zone syscall interfaces; this is
424 * Certain filesystems (such as NFS and autofs) need to know which zone
426 * ensure that a zone isn't in the process of being created/destroyed such
427 * that nfs_mount() thinks it is in the global/NGZ zone, while by the time
428 * it gets added the list of mounted zones, it ends up on the wrong zone's
429 * mount list. Since a zone can't reside on an NFS file system, we don't
434 * layer (respectively) to synchronize zone state transitions and new
435 * mounts within a zone. This syncronization is on a per-zone basis, so
436 * activity for one zone will not interfere with activity for another zone.
439 * either be multiple mounts (or zone state transitions, if that weren't
447 * "current" operation. This means that zone halt may starve if
448 * there is a rapid succession of new mounts coming in to the zone.
497 * The VFS layer is busy with a mount; this zone should wait until all
530 * callbacks to be executed when a zone is created, shutdown, or
543 * ZSD_CREATE_NEEDED and a copy of the ZSD entry added to the per-zone
613 struct zone *zone;
623 * Insert in global list of callbacks. Makes future zone creations
637 for (zone = list_head(&zone_active); zone != NULL;
638 zone = list_next(&zone_active, zone)) {
641 mutex_enter(&zone->zone_lock);
644 status = zone_status_get(zone);
647 mutex_exit(&zone->zone_lock);
651 t = zsd_find_mru(&zone->zone_zsd, key);
657 mutex_exit(&zone->zone_lock);
668 zone_t *, zone, zone_key_t, key);
670 list_insert_tail(&zone->zone_zsd, t);
671 mutex_exit(&zone->zone_lock);
682 * always successfully return the zone specific data associated
702 zone_t *zone;
714 for (zone = list_head(&zone_active); zone != NULL;
715 zone = list_next(&zone_active, zone)) {
718 mutex_enter(&zone->zone_lock);
719 del = zsd_find_mru(&zone->zone_zsd, key);
722 * Somebody else got here first e.g the zone going
725 mutex_exit(&zone->zone_lock);
734 zone_t *, zone, zone_key_t, key);
740 zone_t *, zone, zone_key_t, key);
742 mutex_exit(&zone->zone_lock);
751 /* Now we can free up the zsdp structures in each zone */
753 for (zone = list_head(&zone_active); zone != NULL;
754 zone = list_next(&zone_active, zone)) {
757 mutex_enter(&zone->zone_lock);
758 del = zsd_find(&zone->zone_zsd, key);
760 list_remove(&zone->zone_zsd, del);
764 mutex_exit(&zone->zone_lock);
780 zone_setspecific(zone_key_t key, zone_t *zone, const void *data)
784 mutex_enter(&zone->zone_lock);
785 t = zsd_find_mru(&zone->zone_zsd, key);
791 mutex_exit(&zone->zone_lock);
794 mutex_exit(&zone->zone_lock);
802 zone_getspecific(zone_key_t key, zone_t *zone)
807 mutex_enter(&zone->zone_lock);
808 t = zsd_find_mru(&zone->zone_zsd, key);
810 mutex_exit(&zone->zone_lock);
815 * Function used to initialize a zone's list of ZSD callbacks and data
816 * when the zone is being created. The callbacks are initialized from
818 * executed later (once the zone exists and with locks dropped).
821 zone_zsd_configure(zone_t *zone)
827 ASSERT(list_head(&zone->zone_zsd) == NULL);
828 mutex_enter(&zone->zone_lock);
833 * Since this zone is ZONE_IS_UNCONFIGURED, zone_key_create
836 ASSERT(zsd_find(&zone->zone_zsd, zsdp->zsd_key) == NULL);
846 zone_t *, zone, zone_key_t, zsdp->zsd_key);
848 list_insert_tail(&zone->zone_zsd, t);
851 mutex_exit(&zone->zone_lock);
860 zone_zsd_callbacks(zone_t *zone, enum zsd_callback_type ct)
865 ASSERT(ct != ZSD_SHUTDOWN || zone_status_get(zone) >= ZONE_IS_EMPTY);
866 ASSERT(ct != ZSD_DESTROY || zone_status_get(zone) >= ZONE_IS_DOWN);
869 * Run the callback solely based on what is registered for the zone
872 * callbacks for a zone that is in the process of going away.
874 mutex_enter(&zone->zone_lock);
875 for (t = list_head(&zone->zone_zsd); t != NULL;
876 t = list_next(&zone->zone_zsd, t)) {
886 zone_t *, zone, zone_key_t, key);
893 zone_t *, zone, zone_key_t, key);
897 mutex_exit(&zone->zone_lock);
900 zsd_apply_all_keys(zsd_apply_shutdown, zone);
901 zsd_apply_all_keys(zsd_apply_destroy, zone);
906 * Called when the zone is going away; free ZSD-related memory, and
910 zone_free_zsd(zone_t *zone)
915 * Free all the zsd_entry's we had on this zone.
917 mutex_enter(&zone->zone_lock);
918 for (t = list_head(&zone->zone_zsd); t != NULL; t = next) {
919 next = list_next(&zone->zone_zsd, t);
920 list_remove(&zone->zone_zsd, t);
924 list_destroy(&zone->zone_zsd);
925 mutex_exit(&zone->zone_lock);
948 zone_t *zone;
951 zone = list_head(&zone_active);
952 while (zone != NULL) {
953 if ((applyfn)(&zonehash_lock, B_FALSE, zone, key)) {
955 zone = list_head(&zone_active);
957 zone = list_next(&zone_active, zone);
964 * Apply a function to all keys for a particular zone.
980 zsd_apply_all_keys(zsd_applyfn_t *applyfn, zone_t *zone)
984 mutex_enter(&zone->zone_lock);
985 t = list_head(&zone->zone_zsd);
987 if ((applyfn)(NULL, B_TRUE, zone, t->zsd_key)) {
989 t = list_head(&zone->zone_zsd);
991 t = list_next(&zone->zone_zsd, t);
994 mutex_exit(&zone->zone_lock);
998 * Call the create function for the zone and key if CREATE_NEEDED
1012 zone_t *zone, zone_key_t key)
1022 ASSERT(MUTEX_HELD(&zone->zone_lock));
1024 mutex_enter(&zone->zone_lock);
1027 t = zsd_find(&zone->zone_zsd, key);
1030 * Somebody else got here first e.g the zone going
1034 mutex_exit(&zone->zone_lock);
1038 if (zsd_wait_for_inprogress(zone, t, lockp))
1045 zone_t *, zone, zone_key_t, key);
1046 mutex_exit(&zone->zone_lock);
1053 zone_t *, zone, zone_key_t, key);
1055 result = (*t->zsd_create)(zone->zone_id);
1058 zone_t *, zone, voidn *, result);
1063 mutex_enter(&zone->zone_lock);
1069 zone_t *, zone, zone_key_t, key);
1072 mutex_exit(&zone->zone_lock);
1077 * Call the shutdown function for the zone and key if SHUTDOWN_NEEDED
1091 zone_t *zone, zone_key_t key)
1101 ASSERT(MUTEX_HELD(&zone->zone_lock));
1103 mutex_enter(&zone->zone_lock);
1106 t = zsd_find(&zone->zone_zsd, key);
1109 * Somebody else got here first e.g the zone going
1113 mutex_exit(&zone->zone_lock);
1117 if (zsd_wait_for_creator(zone, t, lockp))
1120 if (zsd_wait_for_inprogress(zone, t, lockp))
1127 zone_t *, zone, zone_key_t, key);
1128 mutex_exit(&zone->zone_lock);
1137 zone_t *, zone, zone_key_t, key);
1139 (t->zsd_shutdown)(zone->zone_id, data);
1141 zone_t *, zone, zone_key_t, key);
1145 mutex_enter(&zone->zone_lock);
1150 zone_t *, zone, zone_key_t, key);
1153 mutex_exit(&zone->zone_lock);
1158 * Call the destroy function for the zone and key if DESTROY_NEEDED
1172 zone_t *zone, zone_key_t key)
1182 ASSERT(MUTEX_HELD(&zone->zone_lock));
1184 mutex_enter(&zone->zone_lock);
1187 t = zsd_find(&zone->zone_zsd, key);
1190 * Somebody else got here first e.g the zone going
1194 mutex_exit(&zone->zone_lock);
1198 if (zsd_wait_for_creator(zone, t, lockp))
1201 if (zsd_wait_for_inprogress(zone, t, lockp))
1208 zone_t *, zone, zone_key_t, key);
1209 mutex_exit(&zone->zone_lock);
1217 zone_t *, zone, zone_key_t, key);
1219 (t->zsd_destroy)(zone->zone_id, data);
1221 zone_t *, zone, zone_key_t, key);
1225 mutex_enter(&zone->zone_lock);
1231 zone_t *, zone, zone_key_t, key);
1234 mutex_exit(&zone->zone_lock);
1243 zsd_wait_for_creator(zone_t *zone, struct zsd_entry *t, kmutex_t *lockp)
1249 zone_t *, zone, struct zsd_entry *, t);
1254 cv_wait(&t->zsd_cv, &zone->zone_lock);
1257 mutex_exit(&zone->zone_lock);
1259 mutex_enter(&zone->zone_lock);
1270 zsd_wait_for_inprogress(zone_t *zone, struct zsd_entry *t, kmutex_t *lockp)
1276 zone_t *, zone, struct zsd_entry *, t);
1281 cv_wait(&t->zsd_cv, &zone->zone_lock);
1284 mutex_exit(&zone->zone_lock);
1286 mutex_enter(&zone->zone_lock);
1293 * Frees memory associated with the zone dataset list.
1296 zone_free_datasets(zone_t *zone)
1300 for (t = list_head(&zone->zone_datasets); t != NULL; t = next) {
1301 next = list_next(&zone->zone_datasets, t);
1302 list_remove(&zone->zone_datasets, t);
1306 list_destroy(&zone->zone_datasets);
1310 * zone.cpu-shares resource control support.
1327 if (e->rcep_p.zone == NULL)
1330 e->rcep_p.zone->zone_shares = nv;
1342 * zone.cpu-cap resource control support.
1357 zone_t *zone = e->rcep_p.zone;
1362 if (zone == NULL)
1368 return (cpucaps_zone_set(zone, nv));
1383 zone_t *zone = p->p_zone;
1387 mutex_enter(&zone->zone_nlwps_lock);
1388 nlwps = zone->zone_nlwps;
1389 mutex_exit(&zone->zone_nlwps_lock);
1403 if (e->rcep_p.zone == NULL)
1405 ASSERT(MUTEX_HELD(&(e->rcep_p.zone->zone_nlwps_lock)));
1406 nlwps = e->rcep_p.zone->zone_nlwps;
1420 if (e->rcep_p.zone == NULL)
1422 e->rcep_p.zone->zone_nlwps_ctl = nv;
1438 zone_t *zone = p->p_zone;
1442 mutex_enter(&zone->zone_nlwps_lock);
1443 nprocs = zone->zone_nprocs;
1444 mutex_exit(&zone->zone_nlwps_lock);
1458 if (e->rcep_p.zone == NULL)
1460 ASSERT(MUTEX_HELD(&(e->rcep_p.zone->zone_nlwps_lock)));
1461 nprocs = e->rcep_p.zone->zone_nprocs;
1475 if (e->rcep_p.zone == NULL)
1477 e->rcep_p.zone->zone_nprocs_ctl = nv;
1496 v = e->rcep_p.zone->zone_shmmax + incr;
1517 v = e->rcep_p.zone->zone_ipc.ipcq_shmmni + incr;
1538 v = e->rcep_p.zone->zone_ipc.ipcq_semmni + incr;
1559 v = e->rcep_p.zone->zone_ipc.ipcq_msgmni + incr;
1592 z = e->rcep_p.zone;
1608 if (e->rcep_p.zone == NULL)
1610 e->rcep_p.zone->zone_locked_mem_ctl = nv;
1643 z = e->rcep_p.zone;
1659 if (e->rcep_p.zone == NULL)
1661 e->rcep_p.zone->zone_max_swap_ctl = nv;
1694 z = e->rcep_p.zone;
1710 if (e->rcep_p.zone == NULL)
1712 e->rcep_p.zone->zone_max_lofi_ctl = nv;
1724 * Helper function to brand the zone with a unique ID.
1727 zone_uniqid(zone_t *zone)
1732 zone->zone_uniqid = uniqid++;
1736 * Returns a held pointer to the "kcred" for the specified zone.
1741 zone_t *zone;
1744 if ((zone = zone_find_by_id(zoneid)) == NULL)
1746 cr = zone->zone_kcred;
1748 zone_rele(zone);
1755 zone_t *zone = ksp->ks_private;
1761 zk->zk_usage.value.ui64 = zone->zone_locked_mem;
1762 zk->zk_value.value.ui64 = zone->zone_locked_mem_ctl;
1769 zone_t *zone = ksp->ks_private;
1775 zk->zk_usage.value.ui64 = zone->zone_nprocs;
1776 zk->zk_value.value.ui64 = zone->zone_nprocs_ctl;
1783 zone_t *zone = ksp->ks_private;
1789 zk->zk_usage.value.ui64 = zone->zone_max_swap;
1790 zk->zk_value.value.ui64 = zone->zone_max_swap_ctl;
1795 zone_kstat_create_common(zone_t *zone, char *name,
1801 ksp = rctl_kstat_create_zone(zone, name, KSTAT_TYPE_NAMED,
1809 ksp->ks_data_size += strlen(zone->zone_name) + 1;
1811 kstat_named_setstr(&zk->zk_zonename, zone->zone_name);
1815 ksp->ks_private = zone;
1823 zone_t *zone = ksp->ks_private;
1830 tmp = zone->zone_utime;
1833 tmp = zone->zone_stime;
1836 tmp = zone->zone_wtime;
1840 zmp->zm_avenrun1.value.ui32 = zone->zone_avenrun[0];
1841 zmp->zm_avenrun5.value.ui32 = zone->zone_avenrun[1];
1842 zmp->zm_avenrun15.value.ui32 = zone->zone_avenrun[2];
1844 zmp->zm_ffcap.value.ui32 = zone->zone_ffcap;
1845 zmp->zm_ffnoproc.value.ui32 = zone->zone_ffnoproc;
1846 zmp->zm_ffnomem.value.ui32 = zone->zone_ffnomem;
1847 zmp->zm_ffmisc.value.ui32 = zone->zone_ffmisc;
1853 zone_misc_kstat_create(zone_t *zone)
1858 if ((ksp = kstat_create_zone("zones", zone->zone_id,
1859 zone->zone_name, "zone_misc", KSTAT_TYPE_NAMED,
1861 KSTAT_FLAG_VIRTUAL, zone->zone_id)) == NULL)
1864 if (zone->zone_id != GLOBAL_ZONEID)
1868 ksp->ks_data_size += strlen(zone->zone_name) + 1;
1869 ksp->ks_lock = &zone->zone_misc_lock;
1870 zone->zone_misc_stats = zmp;
1874 kstat_named_setstr(&zmp->zm_zonename, zone->zone_name);
1890 ksp->ks_private = zone;
1897 zone_kstat_create(zone_t *zone)
1899 zone->zone_lockedmem_kstat = zone_kstat_create_common(zone,
1901 zone->zone_swapresv_kstat = zone_kstat_create_common(zone,
1903 zone->zone_nprocs_kstat = zone_kstat_create_common(zone,
1906 if ((zone->zone_misc_ksp = zone_misc_kstat_create(zone)) == NULL) {
1907 zone->zone_misc_stats = kmem_zalloc(
1926 zone_kstat_delete(zone_t *zone)
1928 zone_kstat_delete_common(&zone->zone_lockedmem_kstat,
1930 zone_kstat_delete_common(&zone->zone_swapresv_kstat,
1932 zone_kstat_delete_common(&zone->zone_nprocs_kstat,
1934 zone_kstat_delete_common(&zone->zone_misc_ksp,
2014 * The global zone has all privileges
2018 * Add p0 to the global zone
2085 * Create ID space for zone IDs. ID 0 is reserved for the
2086 * global zone.
2091 * Initialize generic zone resource controls, if any.
2093 rc_zone_cpu_shares = rctl_register("zone.cpu-shares",
2098 rc_zone_cpu_cap = rctl_register("zone.cpu-cap",
2104 rc_zone_nlwps = rctl_register("zone.max-lwps", RCENTITY_ZONE,
2108 rc_zone_nprocs = rctl_register("zone.max-processes", RCENTITY_ZONE,
2115 rc_zone_msgmni = rctl_register("zone.max-msg-ids",
2119 rc_zone_semmni = rctl_register("zone.max-sem-ids",
2123 rc_zone_shmmni = rctl_register("zone.max-shm-ids",
2127 rc_zone_shmmax = rctl_register("zone.max-shm-memory",
2133 * this at the head of the rctl_dict_entry for ``zone.cpu-shares''.
2142 rde = rctl_dict_lookup("zone.cpu-shares");
2145 rc_zone_locked_mem = rctl_register("zone.max-locked-memory",
2150 rc_zone_max_swap = rctl_register("zone.max-swap",
2155 rc_zone_max_lofi = rctl_register("zone.max-lofi",
2161 * Initialize the ``global zone''.
2166 e.rcep_p.zone = &zone0;
2180 * take care of making sure the global zone is in the default pool.
2184 * Initialize global zone kstats
2189 * Initialize zone label.
2236 * The global zone is fully initialized (except for zone_rootvp which
2242 * Setup an event channel to send zone status change notifications on
2248 panic("Sysevent_evc_bind failed during zone setup.\n");
2253 zone_free(zone_t *zone)
2255 ASSERT(zone != global_zone);
2256 ASSERT(zone->zone_ntasks == 0);
2257 ASSERT(zone->zone_nlwps == 0);
2258 ASSERT(zone->zone_nprocs == 0);
2259 ASSERT(zone->zone_cred_ref == 0);
2260 ASSERT(zone->zone_kcred == NULL);
2261 ASSERT(zone_status_get(zone) == ZONE_IS_DEAD ||
2262 zone_status_get(zone) == ZONE_IS_UNINITIALIZED);
2263 ASSERT(list_is_empty(&zone->zone_ref_list));
2266 * Remove any zone caps.
2268 cpucaps_zone_remove(zone);
2270 ASSERT(zone->zone_cpucap == NULL);
2273 if (zone_status_get(zone) == ZONE_IS_DEAD) {
2274 ASSERT(zone->zone_ref == 0);
2276 list_remove(&zone_deathrow, zone);
2280 list_destroy(&zone->zone_ref_list);
2281 zone_free_zsd(zone);
2282 zone_free_datasets(zone);
2283 list_destroy(&zone->zone_dl_list);
2285 if (zone->zone_rootvp != NULL)
2286 VN_RELE(zone->zone_rootvp);
2287 if (zone->zone_rootpath)
2288 kmem_free(zone->zone_rootpath, zone->zone_rootpathlen);
2289 if (zone->zone_name != NULL)
2290 kmem_free(zone->zone_name, ZONENAME_MAX);
2291 if (zone->zone_slabel != NULL)
2292 label_rele(zone->zone_slabel);
2293 if (zone->zone_nodename != NULL)
2294 kmem_free(zone->zone_nodename, _SYS_NMLN);
2295 if (zone->zone_domain != NULL)
2296 kmem_free(zone->zone_domain, _SYS_NMLN);
2297 if (zone->zone_privset != NULL)
2298 kmem_free(zone->zone_privset, sizeof (priv_set_t));
2299 if (zone->zone_rctls != NULL)
2300 rctl_set_free(zone->zone_rctls);
2301 if (zone->zone_bootargs != NULL)
2302 strfree(zone->zone_bootargs);
2303 if (zone->zone_initname != NULL)
2304 strfree(zone->zone_initname);
2305 if (zone->zone_fs_allowed != NULL)
2306 strfree(zone->zone_fs_allowed);
2307 if (zone->zone_pfexecd != NULL)
2308 klpd_freelist(&zone->zone_pfexecd);
2309 id_free(zoneid_space, zone->zone_id);
2310 mutex_destroy(&zone->zone_lock);
2311 cv_destroy(&zone->zone_cv);
2312 rw_destroy(&zone->zone_mlps.mlpl_rwlock);
2313 rw_destroy(&zone->zone_mntfs_db_lock);
2314 kmem_free(zone, sizeof (zone_t));
2318 * See block comment at the top of this file for information about zone
2322 * Convenience function for setting zone status.
2325 zone_status_set(zone_t *zone, zone_status_t status)
2331 status >= zone_status_get(zone));
2334 nvlist_add_string(nvl, ZONE_CB_NAME, zone->zone_name) ||
2338 zone_status_table[zone->zone_status]) ||
2339 nvlist_add_int32(nvl, ZONE_CB_ZONEID, zone->zone_id) ||
2345 "Failed to allocate and send zone state change event.\n");
2350 zone->zone_status = status;
2352 cv_broadcast(&zone->zone_cv);
2356 * Public function to retrieve the zone status. The zone status may
2360 zone_status_get(zone_t *zone)
2362 return (zone->zone_status);
2366 zone_set_bootargs(zone_t *zone, const char *zone_bootargs)
2371 ASSERT(zone != global_zone);
2375 if (zone->zone_bootargs != NULL)
2376 strfree(zone->zone_bootargs);
2378 zone->zone_bootargs = strdup(buf);
2386 zone_set_brand(zone_t *zone, const char *brand)
2403 * This is the only place where a zone can change it's brand.
2404 * We already need to hold zone_status_lock to check the zone
2405 * status, so we'll just use that lock to serialize zone
2410 /* Re-Branding is not allowed and the zone can't be booted yet */
2411 if ((ZONE_IS_BRANDED(zone)) ||
2412 (zone_status_get(zone) >= ZONE_IS_BOOTING)) {
2419 zone->zone_brand = bp;
2420 ZBROP(zone)->b_init_brand_data(zone);
2427 zone_set_fs_allowed(zone_t *zone, const char *zone_fs_allowed)
2432 ASSERT(zone != global_zone);
2437 if (zone->zone_fs_allowed != NULL)
2438 strfree(zone->zone_fs_allowed);
2440 zone->zone_fs_allowed = strdup(buf);
2448 zone_set_initname(zone_t *zone, const char *zone_initname)
2454 ASSERT(zone != global_zone);
2458 if (zone->zone_initname != NULL)
2459 strfree(zone->zone_initname);
2461 zone->zone_initname = kmem_alloc(strlen(initname) + 1, KM_SLEEP);
2462 (void) strcpy(zone->zone_initname, initname);
2467 zone_set_phys_mcap(zone_t *zone, const uint64_t *zone_mcap)
2473 zone->zone_phys_mcap = mcap;
2479 zone_set_sched_class(zone_t *zone, const char *new_class)
2485 ASSERT(zone != global_zone);
2491 zone->zone_defaultcid = classid;
2492 ASSERT(zone->zone_defaultcid > 0 &&
2493 zone->zone_defaultcid < loaded_classes);
2502 zone_status_wait(zone_t *zone, zone_status_t status)
2507 while (zone->zone_status < status) {
2508 cv_wait(&zone->zone_cv, &zone_status_lock);
2517 zone_status_wait_cpr(zone_t *zone, zone_status_t status, char *str)
2526 while (zone->zone_status < status) {
2528 cv_wait(&zone->zone_cv, &zone_status_lock);
2538 * Block until zone enters requested state or signal is received. Return (0)
2542 zone_status_wait_sig(zone_t *zone, zone_status_t status)
2547 while (zone->zone_status < status) {
2548 if (!cv_wait_sig(&zone->zone_cv, &zone_status_lock)) {
2558 * Block until the zone enters the requested state or the timeout expires,
2563 zone_status_timedwait(zone_t *zone, clock_t tim, zone_status_t status)
2570 while (zone->zone_status < status && timeleft != -1) {
2571 timeleft = cv_timedwait(&zone->zone_cv, &zone_status_lock, tim);
2578 * Block until the zone enters the requested state, the current process is
2583 zone_status_timedwait_sig(zone_t *zone, clock_t tim, zone_status_t status)
2590 while (zone->zone_status < status) {
2591 timeleft = cv_timedwait_sig(&zone->zone_cv, &zone_status_lock,
2603 * This is so we can allow a zone to be rebooted while there are still
2606 * 0 (actually 1), but not zone_cred_ref. The zone structure itself is
2608 * than the zone id and privilege set should be accessed once the zone
2616 * Zones also provide a tracked reference counting mechanism in which zone
2618 * debuggers determine the sources of leaked zone references. See
2633 * Increment the specified zone's reference count. The zone's zone_t structure
2634 * will not be freed as long as the zone's reference count is nonzero.
2635 * Decrement the zone's reference count via zone_rele().
2638 * time. Use zone_hold_ref() if the zone must be held for a long time.
2650 * is 0 or we aren't waiting for cred references, the zone is ready to
2653 #define ZONE_IS_UNREF(zone) ((zone)->zone_ref == 1 && \
2654 (!zone_wait_for_cred || (zone)->zone_cred_ref == 0))
2657 * Common zone reference release function invoked by zone_rele() and
2659 * zone's subsystem-specific reference counters are not affected by the
2661 * removed from the specified zone's reference list. ref must be non-NULL iff
2683 /* signal zone_destroy so the zone can finish halting */
2699 * Decrement the specified zone's reference count. The specified zone will
2710 * Initialize a zone reference structure. This function must be invoked for
2721 * Acquire a reference to zone z. The caller must specify the
2723 * zone_ref_t structure will represent a reference to the specified zone. Use
2727 * zone_status field is not ZONE_IS_DEAD and the zone has outstanding
2754 * Release the zone reference represented by the specified zone_ref_t.
2827 zone_task_rele(zone_t *zone)
2831 mutex_enter(&zone->zone_lock);
2832 ASSERT(zone->zone_ntasks != 0);
2833 refcnt = --zone->zone_ntasks;
2835 mutex_exit(&zone->zone_lock);
2838 zone_hold_locked(zone); /* so we can use the zone_t later */
2839 mutex_exit(&zone->zone_lock);
2842 * See if the zone is shutting down.
2845 if (zone_status_get(zone) != ZONE_IS_SHUTTING_DOWN) {
2853 mutex_enter(&zone->zone_lock);
2854 if (refcnt != zone->zone_ntasks) {
2855 mutex_exit(&zone->zone_lock);
2858 mutex_exit(&zone->zone_lock);
2861 * No more user processes in the zone. The zone is empty.
2863 zone_status_set(zone, ZONE_IS_EMPTY);
2869 * zsched has exited; the zone is dead.
2871 zone->zone_zsched = NULL; /* paranoia */
2873 zone_status_set(zone, ZONE_IS_DEAD);
2876 zone_rele(zone);
2887 * check the validity of a zone's state.
2893 zone_t *zone = NULL;
2899 zone = (zone_t *)hv;
2900 return (zone);
2907 zone_t *zone = NULL;
2917 zone = (zone_t *)hv;
2918 return (zone);
2925 zone_t *zone = NULL;
2930 zone = (zone_t *)hv;
2931 return (zone);
2935 * Public interface for looking up a zone by zoneid. Only returns the zone if
2937 * Caller must call zone_rele() once it is done with the zone.
2939 * The zone may begin the zone_destroy() sequence immediately after this
2945 zone_t *zone;
2949 if ((zone = zone_find_all_by_id(zoneid)) == NULL) {
2953 status = zone_status_get(zone);
2956 * For all practical purposes the zone doesn't exist.
2961 zone_hold(zone);
2963 return (zone);
2967 * Similar to zone_find_by_id, but using zone label as the key.
2972 zone_t *zone;
2976 if ((zone = zone_find_all_by_label(label)) == NULL) {
2981 status = zone_status_get(zone);
2984 * For all practical purposes the zone doesn't exist.
2989 zone_hold(zone);
2991 return (zone);
2995 * Similar to zone_find_by_id, but using zone name as the key.
3000 zone_t *zone;
3004 if ((zone = zone_find_all_by_name(name)) == NULL) {
3008 status = zone_status_get(zone);
3011 * For all practical purposes the zone doesn't exist.
3016 zone_hold(zone);
3018 return (zone);
3023 * if there is a zone "foo" rooted at /foo/root, and the path argument
3025 * zone "foo".
3028 * very least every path will be contained in the global zone.
3036 zone_t *zone;
3049 for (zone = list_head(&zone_active); zone != NULL;
3050 zone = list_next(&zone_active, zone)) {
3051 if (ZONE_PATH_VISIBLE(path, zone))
3052 zret = zone;
3068 * Public interface for updating per-zone load averages. Called once per
3094 /* For all practical purposes the zone doesn't exist. */
3116 * until the zone has been up for at least 10 seconds and our
3154 * Get the number of cpus visible to this zone. The system-wide global
3156 * global zone, or a NULL zone argument is passed in.
3159 zone_ncpus_get(zone_t *zone)
3161 int myncpus = zone == NULL ? 0 : zone->zone_ncpus;
3167 * Get the number of online cpus visible to this zone. The system-wide
3169 * is in the global zone, or a NULL zone argument is passed in.
3172 zone_ncpus_online_get(zone_t *zone)
3174 int myncpus_online = zone == NULL ? 0 : zone->zone_ncpus_online;
3180 * Return the pool to which the zone is currently bound.
3183 zone_pool_get(zone_t *zone)
3187 return (zone->zone_pool);
3191 * Set the zone's pool pointer and update the zone's visibility to match
3195 zone_pool_set(zone_t *zone, pool_t *pool)
3200 zone->zone_pool = pool;
3201 zone_pset_set(zone, pool->pool_pset->pset_id);
3206 * zone is currently bound. The value will be ZONE_PS_INVAL if the pools
3210 zone_pset_get(zone_t *zone)
3214 return (zone->zone_psetid);
3218 * Set the cached value of the id of the processor set to which the zone
3219 * is currently bound. Also update the zone's visibility to match the
3223 zone_pset_set(zone_t *zone, psetid_t newpsetid)
3228 oldpsetid = zone_pset_get(zone);
3233 * Global zone sees all.
3235 if (zone != global_zone) {
3236 zone->zone_psetid = newpsetid;
3238 pool_pset_visibility_add(newpsetid, zone);
3240 pool_pset_visibility_remove(oldpsetid, zone);
3247 zone->zone_ncpus = 0;
3248 zone->zone_ncpus_online = 0;
3263 zone_t *zone;
3268 for (zone = list_head(&zone_active); zone != NULL;
3269 zone = list_next(&zone_active, zone)) {
3273 status = zone_status_get(zone);
3280 ret = (*cb)(zone, data);
3289 zone_set_root(zone_t *zone, const char *upath)
3340 zone->zone_rootvp = vp; /* we hold a reference to vp */
3341 zone->zone_rootpath = path;
3342 zone->zone_rootpathlen = pathlen;
3344 zone->zone_flags |= ZF_IS_SCRATCH;
3358 zone_set_name(zone_t *zone, const char *uname)
3391 zone->zone_name = kname;
3396 * Gets the 32-bit hostid of the specified zone as an unsigned int. If 'zonep'
3397 * is NULL or it points to a zone with no hostid emulation, then the machine's
3398 * hostid (i.e., the global zone's hostid) is returned. This function returns
3399 * zero if neither the zone nor the host machine (global zone) have hostids. It
3418 * zone's zsched process (curproc->p_zone->zone_zsched) before returning.
3431 zone_t *zone = curproc->p_zone;
3432 proc_t *pp = zone->zone_zsched;
3434 zone_hold(zone); /* Reference to be dropped when thread exits */
3437 * No-one should be trying to create threads if the zone is shutting
3441 ASSERT(!(zone->zone_kthreads == NULL &&
3442 zone_status_get(zone) >= ZONE_IS_EMPTY));
3450 if (zone->zone_kthreads == NULL) {
3453 kthread_t *tx = zone->zone_kthreads;
3460 zone->zone_kthreads = t;
3490 zone_t *zone = pp->p_zone;
3508 * If the zone is empty, once the thread count
3511 * in the zone, then it must have exited before the zone
3514 * zone, the thread count is non-zero.
3516 * This really means that non-zone kernel threads should
3517 * not create zone kernel threads.
3519 zone->zone_kthreads = NULL;
3520 if (zone_status_get(zone) == ZONE_IS_EMPTY) {
3521 zone_status_set(zone, ZONE_IS_DOWN);
3523 * Remove any CPU caps on this zone.
3525 cpucaps_zone_remove(zone);
3530 if (zone->zone_kthreads == t)
3531 zone->zone_kthreads = t->t_forw;
3534 zone_rele(zone);
3612 * Non-global zone version of start_init.
3636 * global zone is shutting down.
3665 zone_t *zone;
3670 * Per-zone "sched" workalike. The similarity to "sched" doesn't have
3672 * per-zone kernel threads are parented to zsched, just like regular
3675 * zsched is also responsible for launching init for the zone.
3683 zone_t *zone = za->zone;
3704 * We are this zone's "zsched" process. As the zone isn't generally
3708 zone_hold(zone); /* this hold is released by zone_destroy() */
3709 zone->zone_zsched = pp;
3711 pp->p_zone = zone;
3738 upcount_inc(crgetruid(kcred), zone->zone_id);
3742 * getting out of global zone, so decrement lwp and process counts
3753 * Decrement locked memory counts on old zone and project.
3761 * Create and join a new task in project '0' of this zone.
3768 tk = task_create(0, zone);
3774 mutex_enter(&zone->zone_mem_lock);
3775 zone->zone_locked_mem += pp->p_locked_mem;
3777 mutex_exit(&zone->zone_mem_lock);
3780 * add lwp and process counts to zsched's zone, and increment
3784 mutex_enter(&zone->zone_nlwps_lock);
3787 zone->zone_nlwps += pp->p_lwpcnt;
3789 zone->zone_nprocs++;
3790 mutex_exit(&zone->zone_nlwps_lock);
3797 * The process was created by a process in the global zone, hence the
3800 cr = zone->zone_kcred;
3821 zone_chdir(zone->zone_rootvp, &PTOU(pp)->u_cdir, pp);
3822 zone_chdir(zone->zone_rootvp, &PTOU(pp)->u_rdir, pp);
3825 * Initialize zone's rctl set.
3830 e.rcep_p.zone = zone;
3832 zone->zone_rctls = rctl_set_init(RCENTITY_ZONE, pp, &e, set, gp);
3892 * At this point we want to set the zone status to ZONE_IS_INITIALIZED
3893 * and atomically set the zone's processor set visibility. Once
3894 * we drop pool_lock() this zone will automatically get updated
3899 * now proceed and observe the zone. That is the reason for doing a
3905 zone_uniqid(zone);
3906 zone_zsd_configure(zone);
3908 zone_pset_set(zone, pool_default->pool_pset->pset_id);
3910 ASSERT(zone_status_get(zone) == ZONE_IS_UNINITIALIZED);
3911 zone_status_set(zone, ZONE_IS_INITIALIZED);
3918 zsd_apply_all_keys(zsd_apply_create, zone);
3922 ASSERT(zone_status_get(zone) == ZONE_IS_INITIALIZED);
3923 zone_status_set(zone, ZONE_IS_READY);
3927 * Once we see the zone transition to the ZONE_IS_BOOTING state,
3930 zone_status_wait_cpr(zone, ZONE_IS_BOOTING, "zsched");
3932 if (zone_status_get(zone) == ZONE_IS_BOOTING) {
3937 * zone's pool's scheduling class ID; note that by now, we
3940 * state). *But* the scheduling class for the zone's 'init'
3950 if (zone->zone_defaultcid > 0)
3951 cid = zone->zone_defaultcid;
3953 cid = pool_get_class(zone->zone_pool);
3959 * state of the zone will be set to SHUTTING_DOWN-- userland
3960 * will have to tear down the zone, and fail, or try again.
3962 if ((zone->zone_boot_err = newproc(zone_start_init, NULL, cid,
3965 zone_status_set(zone, ZONE_IS_SHUTTING_DOWN);
3968 zone->zone_boot_time = gethrestime_sec();
3978 zone_status_wait_cpr(zone, ZONE_IS_DYING, "zsched");
3996 crfree(zone->zone_kcred);
3997 zone->zone_kcred = NULL;
4004 * provided path. Used to make sure the zone doesn't "inherit" any
4042 * Helper function to make sure that a zone created on 'rootpath'
4048 zone_t *zone;
4061 for (zone = list_head(&zone_active); zone != NULL;
4062 zone = list_next(&zone_active, zone)) {
4063 if (zone == global_zone)
4065 len = strlen(zone->zone_rootpath);
4066 if (strncmp(rootpath, zone->zone_rootpath,
4074 zone_set_privset(zone_t *zone, const priv_set_t *zone_privs,
4089 zone->zone_privset = privs;
4143 if (strncmp(nvpair_name(nvp), "zone.", sizeof ("zone.") - 1)
4182 zone_set_label(zone_t *zone, const bslabel_t *lab, uint32_t doi)
4194 zone->zone_slabel = tsl;
4199 * Parses a comma-separated list of ZFS datasets into a per-zone dictionary.
4202 parse_zfs(zone_t *zone, caddr_t ubuf, size_t buflen)
4235 list_insert_head(&zone->zone_datasets, zd);
4248 * System call to create/initialize a new zone named 'zone_name', rooted
4249 * at 'zone_root', with a zone-wide privilege limit set of 'zone_privs',
4250 * and initialized with the zone-wide rctls described in 'rctlbuf', and
4267 zone_t *zone, *ztmp;
4278 /* can't boot zone from within chroot environment */
4283 zone = kmem_zalloc(sizeof (zone_t), KM_SLEEP);
4284 zoneid = zone->zone_id = id_alloc(zoneid_space);
4285 zone->zone_status = ZONE_IS_UNINITIALIZED;
4286 zone->zone_pool = pool_default;
4287 zone->zone_pool_mod = gethrtime();
4288 zone->zone_psetid = ZONE_PS_INVAL;
4289 zone->zone_ncpus = 0;
4290 zone->zone_ncpus_online = 0;
4291 zone->zone_restart_init = B_TRUE;
4292 zone->zone_brand = &native_brand;
4293 zone->zone_initname = NULL;
4294 mutex_init(&zone->zone_lock, NULL, MUTEX_DEFAULT, NULL);
4295 mutex_init(&zone->zone_nlwps_lock, NULL, MUTEX_DEFAULT, NULL);
4296 mutex_init(&zone->zone_mem_lock, NULL, MUTEX_DEFAULT, NULL);
4297 cv_init(&zone->zone_cv, NULL, CV_DEFAULT, NULL);
4298 list_create(&zone->zone_ref_list, sizeof (zone_ref_t),
4300 list_create(&zone->zone_zsd, sizeof (struct zsd_entry),
4302 list_create(&zone->zone_datasets, sizeof (zone_dataset_t),
4304 list_create(&zone->zone_dl_list, sizeof (zone_dl_t),
4306 rw_init(&zone->zone_mlps.mlpl_rwlock, NULL, RW_DEFAULT, NULL);
4307 rw_init(&zone->zone_mntfs_db_lock, NULL, RW_DEFAULT, NULL);
4310 zone->zone_flags |= ZF_NET_EXCL;
4313 if ((error = zone_set_name(zone, zone_name)) != 0) {
4314 zone_free(zone);
4318 if ((error = zone_set_root(zone, zone_root)) != 0) {
4319 zone_free(zone);
4322 if ((error = zone_set_privset(zone, zone_privs, zone_privssz)) != 0) {
4323 zone_free(zone);
4327 /* initialize node name to be the same as zone name */
4328 zone->zone_nodename = kmem_alloc(_SYS_NMLN, KM_SLEEP);
4329 (void) strncpy(zone->zone_nodename, zone->zone_name, _SYS_NMLN);
4330 zone->zone_nodename[_SYS_NMLN - 1] = '\0';
4332 zone->zone_domain = kmem_alloc(_SYS_NMLN, KM_SLEEP);
4333 zone->zone_domain[0] = '\0';
4334 zone->zone_hostid = HW_INVALID_HOSTID;
4335 zone->zone_shares = 1;
4336 zone->zone_shmmax = 0;
4337 zone->zone_ipc.ipcq_shmmni = 0;
4338 zone->zone_ipc.ipcq_semmni = 0;
4339 zone->zone_ipc.ipcq_msgmni = 0;
4340 zone->zone_bootargs = NULL;
4341 zone->zone_fs_allowed = NULL;
4342 zone->zone_initname =
4344 (void) strcpy(zone->zone_initname, zone_default_initname);
4345 zone->zone_nlwps = 0;
4346 zone->zone_nlwps_ctl = INT_MAX;
4347 zone->zone_nprocs = 0;
4348 zone->zone_nprocs_ctl = INT_MAX;
4349 zone->zone_locked_mem = 0;
4350 zone->zone_locked_mem_ctl = UINT64_MAX;
4351 zone->zone_max_swap = 0;
4352 zone->zone_max_swap_ctl = UINT64_MAX;
4353 zone->zone_max_lofi = 0;
4354 zone->zone_max_lofi_ctl = UINT64_MAX;
4361 zone->zone_rctls = NULL;
4364 zone_free(zone);
4368 if ((error = parse_zfs(zone, zfsbuf, zfsbufsz)) != 0) {
4369 zone_free(zone);
4377 zone->zone_match = match;
4378 if (is_system_labeled() && !(zone->zone_flags & ZF_IS_SCRATCH)) {
4381 zone_free(zone);
4384 /* Always apply system's doi to the zone */
4385 error = zone_set_label(zone, label, default_doi);
4387 zone_free(zone);
4393 zone->zone_slabel = l_admin_low;
4404 zone_free(zone);
4409 if (block_mounts(zone) == 0) {
4414 zone_free(zone);
4424 zone->zone_kcred = crdup(kcred);
4425 crsetzone(zone->zone_kcred, zone);
4426 priv_intersect(zone->zone_privset, &CR_PPRIV(zone->zone_kcred));
4427 priv_intersect(zone->zone_privset, &CR_EPRIV(zone->zone_kcred));
4428 priv_intersect(zone->zone_privset, &CR_IPRIV(zone->zone_kcred));
4429 priv_intersect(zone->zone_privset, &CR_LPRIV(zone->zone_kcred));
4433 * Make sure zone doesn't already exist.
4435 * If the system and zone are labeled,
4436 * make sure no other zone exists that has the same label.
4438 if ((ztmp = zone_find_all_by_name(zone->zone_name)) != NULL ||
4440 (ztmp = zone_find_all_by_label(zone->zone_slabel)) != NULL)) {
4456 * Don't allow zone creations which would cause one zone's rootpath to
4457 * be accessible from that of another (non-global) zone.
4459 if (zone_is_nested(zone->zone_rootpath)) {
4470 if (zone_mount_count(zone->zone_rootpath) != 0) {
4478 * zsched() initializes this zone's kernel process. We
4479 * optimistically add the zone to the hashtable and associated
4481 * same zone.
4485 (mod_hash_key_t)(uintptr_t)zone->zone_id,
4486 (mod_hash_val_t)(uintptr_t)zone);
4487 str = kmem_alloc(strlen(zone->zone_name) + 1, KM_SLEEP);
4488 (void) strcpy(str, zone->zone_name);
4490 (mod_hash_val_t)(uintptr_t)zone);
4493 (mod_hash_key_t)zone->zone_slabel, (mod_hash_val_t)zone);
4494 zone->zone_flags |= ZF_HASHED_LABEL;
4499 * on the zone, but everyone else knows not to use it, so we can
4503 list_insert_tail(&zone_active, zone);
4506 zarg.zone = zone;
4520 list_remove(&zone_active, zone);
4521 if (zone->zone_flags & ZF_HASHED_LABEL) {
4522 ASSERT(zone->zone_slabel != NULL);
4524 (mod_hash_key_t)zone->zone_slabel);
4527 (mod_hash_key_t)(uintptr_t)zone->zone_name);
4529 (mod_hash_key_t)(uintptr_t)zone->zone_id);
4540 * Create zone kstats
4542 zone_kstat_create(zone);
4553 * Wait for zsched to finish initializing the zone.
4555 zone_status_wait(zone, ZONE_IS_READY);
4557 * The zone is fully visible, so we can let mounts progress.
4559 resume_mounts(zone);
4574 resume_mounts(zone);
4577 * There is currently one reference to the zone, a cred_ref from
4578 * zone_kcred. To free the zone, we call crfree, which will call
4581 ASSERT(zone->zone_cred_ref == 1);
4582 ASSERT(zone->zone_kcred->cr_ref == 1);
4583 ASSERT(zone->zone_ref == 0);
4584 zkcr = zone->zone_kcred;
4585 zone->zone_kcred = NULL;
4591 * Cause the zone to boot. This is pretty simple, since we let zoneadmd do
4593 * at the "top" of the zone; if this is NULL, we use the system default,
4600 zone_t *zone;
4609 * Look for zone under hash lock to prevent races with calls to
4612 if ((zone = zone_find_all_by_id(zoneid)) == NULL) {
4618 if (zone_status_get(zone) != ZONE_IS_READY) {
4623 zone_status_set(zone, ZONE_IS_BOOTING);
4626 zone_hold(zone); /* so we can use the zone_t later */
4629 if (zone_status_wait_sig(zone, ZONE_IS_RUNNING) == 0) {
4630 zone_rele(zone);
4635 * Boot (starting init) might have failed, in which case the zone
4637 * be placed in zone->zone_boot_err, and so we return that.
4639 err = zone->zone_boot_err;
4640 zone_rele(zone);
4645 * Kills all user processes in the zone, waiting for them all to exit
4649 zone_empty(zone_t *zone)
4659 while ((waitstatus = zone_status_timedwait_sig(zone,
4661 killall(zone->zone_id);
4672 * This function implements the policy for zone visibility.
4674 * In standard Solaris, a non-global zone can only see itself.
4676 * In Trusted Extensions, a labeled zone can lookup any zone whose label
4677 * it dominates. For this test, the label of the global zone is treated as
4680 * Returns true if zone attributes are viewable, false otherwise.
4683 zone_list_access(zone_t *zone)
4687 curproc->p_zone == zone) {
4689 } else if (is_system_labeled() && !(zone->zone_flags & ZF_IS_SCRATCH)) {
4694 zone_label = label2bslabel(zone->zone_slabel);
4696 if (zone->zone_id != GLOBAL_ZONEID &&
4708 * Systemcall to start the zone's halt sequence. By the time this
4711 * and the zone status set to ZONE_IS_DOWN.
4714 * parent of any process running in the zone, and doesn't have SIGCHLD blocked.
4720 zone_t *zone;
4730 * Look for zone under hash lock to prevent races with other
4733 if ((zone = zone_find_all_by_id(zoneid)) == NULL) {
4740 * Hold the zone so we can continue to use the zone_t.
4742 zone_hold(zone);
4747 * the zone's status with regards to ZONE_IS_SHUTTING down.
4749 * e.g. NFS can fail the mount if it determines that the zone
4753 if (block_mounts(zone) == 0) {
4754 zone_rele(zone);
4760 status = zone_status_get(zone);
4762 * Fail if the zone isn't fully initialized yet.
4767 resume_mounts(zone);
4768 zone_rele(zone);
4778 resume_mounts(zone);
4779 zone_rele(zone);
4790 mutex_enter(&zone->zone_lock);
4791 if ((ntasks = zone->zone_ntasks) != 1) {
4795 zone_status_set(zone, ZONE_IS_SHUTTING_DOWN);
4797 mutex_exit(&zone->zone_lock);
4802 * zonehash_lock. The zone is empty.
4804 if (zone->zone_kthreads == NULL) {
4808 zone_status_set(zone, ZONE_IS_DOWN);
4810 zone_status_set(zone, ZONE_IS_EMPTY);
4816 resume_mounts(zone);
4818 if (error = zone_empty(zone)) {
4819 zone_rele(zone);
4823 * After the zone status goes to ZONE_IS_DOWN this zone will no
4831 * This rebinding of the zone can happen multiple times
4836 zone_rele(zone);
4841 zone_pool_set(zone, pool_default);
4843 * The zone no longer needs to be able to see any cpus.
4845 zone_pset_set(zone, ZONE_PS_INVAL);
4854 zone_zsd_callbacks(zone, ZSD_SHUTDOWN);
4857 if (zone->zone_kthreads == NULL && zone_status_get(zone) < ZONE_IS_DOWN)
4858 zone_status_set(zone, ZONE_IS_DOWN);
4864 if (!zone_status_wait_sig(zone, ZONE_IS_DOWN)) {
4865 zone_rele(zone);
4875 zone_rele(zone);
4880 * Log the specified zone's reference counts. The caller should not be
4881 * holding the zone's zone_lock.
4884 zone_log_refcounts(zone_t *zone)
4906 * NOTE: We have to grab the zone's zone_lock to create a consistent
4907 * snapshot of the zone's reference counters.
4913 mutex_enter(&zone->zone_lock);
4914 zone->zone_flags |= ZF_REFCOUNTS_LOGGED;
4915 ref = zone->zone_ref;
4916 cred_ref = zone->zone_cred_ref;
4918 if (zone->zone_subsys_ref[index] != 0)
4927 mutex_exit(&zone->zone_lock);
4929 "Zone '%s' (ID: %d) is shutting down, but %u zone "
4931 zone->zone_name, zone->zone_id, ref, cred_ref);
4953 if (zone->zone_subsys_ref[index] != 0)
4956 zone->zone_subsys_ref[index]);
4958 mutex_exit(&zone->zone_lock);
4968 "Zone '%s' (ID: %d) is shutting down, but %u zone references and "
4969 "%u credential references are still extant %s", zone->zone_name,
4970 zone->zone_id, ref, cred_ref, buffer);
4975 * Systemcall entry point to finalize the zone halt process. The caller
4978 * Upon successful completion, the zone will have been fully destroyed:
4979 * zsched will have exited, destructor callbacks executed, and the zone
4986 zone_t *zone;
4998 * Look for zone under hash lock to prevent races with other
5001 if ((zone = zone_find_all_by_id(zoneid)) == NULL) {
5006 if (zone_mount_count(zone->zone_rootpath) != 0) {
5011 status = zone_status_get(zone);
5017 zone_status_set(zone, ZONE_IS_DYING); /* Tell zsched to exit */
5020 zone_hold(zone);
5026 zone_status_wait(zone, ZONE_IS_DEAD);
5027 zone_zsd_callbacks(zone, ZSD_DESTROY);
5028 zone->zone_netstack = NULL;
5029 uniqid = zone->zone_uniqid;
5030 zone_rele(zone);
5031 zone = NULL; /* potentially free'd */
5040 if ((zone = zone_find_all_by_id(zoneid)) == NULL ||
5041 zone->zone_uniqid != uniqid) {
5043 * The zone has gone away. Necessary conditions
5049 mutex_enter(&zone->zone_lock);
5050 unref = ZONE_IS_UNREF(zone);
5051 refs_have_been_logged = (zone->zone_flags &
5053 mutex_exit(&zone->zone_lock);
5056 * There is only one reference to the zone -- that
5057 * added when the zone was added to the hashtables --
5060 * zone.
5068 * some zone's general-purpose reference count reaches one.
5070 * on zone_destroy_cv, then log the zone's reference counts and
5079 * seconds) for the zone's references to clear.
5090 * wait timed out. The zone might have
5105 * destroyed the zone.
5107 * If the zone still exists and has more than
5109 * then log the zone's reference counts.
5117 * waiting for subsystems to release the zone's last
5118 * general-purpose references. Log the zone's reference
5121 zone_log_refcounts(zone);
5131 * Remove CPU cap for this zone now since we're not going to
5134 cpucaps_zone_remove(zone);
5136 /* Get rid of the zone's kstats */
5137 zone_kstat_delete(zone);
5140 if (zone->zone_pfexecd != NULL) {
5141 klpd_freelist(&zone->zone_pfexecd);
5142 zone->zone_pfexecd = NULL;
5146 if (ZONE_IS_BRANDED(zone))
5147 ZBROP(zone)->b_free_brand_data(zone);
5150 brand_unregister_zone(zone->zone_brand);
5153 * It is now safe to let the zone be recreated; remove it from the
5157 ASSERT(zonecount > 1); /* must be > 1; can't destroy global zone */
5160 list_remove(&zone_active, zone);
5162 (mod_hash_key_t)zone->zone_name);
5164 (mod_hash_key_t)(uintptr_t)zone->zone_id);
5165 if (zone->zone_flags & ZF_HASHED_LABEL)
5167 (mod_hash_key_t)zone->zone_slabel);
5174 if (zone->zone_rootvp != NULL) {
5175 VN_RELE(zone->zone_rootvp);
5176 zone->zone_rootvp = NULL;
5181 list_insert_tail(&zone_deathrow, zone);
5186 * free the zone unless there are outstanding cred references.
5188 zone_rele(zone);
5200 zone_t *zone;
5211 if ((zone = zone_find_all_by_id(zoneid)) == NULL) {
5215 zone_status = zone_status_get(zone);
5220 zone_hold(zone);
5224 * If not in the global zone, don't show information about other zones,
5225 * unless the system is labeled and the local zone's label dominates
5226 * the other zone.
5228 if (!zone_list_access(zone)) {
5229 zone_rele(zone);
5238 * the global zone).
5240 if (zone != global_zone)
5241 size = zone->zone_rootpathlen - 1;
5243 size = zone->zone_rootpathlen;
5245 bcopy(zone->zone_rootpath, zonepath, size);
5250 * Caller is not in the global zone.
5251 * if the query is on the current zone
5253 * just return faked-up path for current zone.
5259 * Return related path for current zone.
5262 int zname_len = strlen(zone->zone_name);
5267 bcopy(zone->zone_name, zonepath +
5284 size = strlen(zone->zone_name) + 1;
5288 err = copyoutstr(zone->zone_name, buf, bufsize, NULL);
5296 * Since we're not holding zonehash_lock, the zone status
5302 zone_status = zone_status_get(zone);
5308 size = sizeof (zone->zone_flags);
5311 flags = zone->zone_flags;
5321 copyout(zone->zone_privset, buf, bufsize) != 0)
5325 size = sizeof (zone->zone_uniqid);
5329 copyout(&zone->zone_uniqid, buf, bufsize) != 0)
5341 pool = zone_pool_get(zone);
5355 if (zone->zone_slabel == NULL)
5358 copyout(label2bslabel(zone->zone_slabel), buf,
5366 initpid = zone->zone_proc_initpid;
5376 size = strlen(zone->zone_brand->b_name) + 1;
5381 err = copyoutstr(zone->zone_brand->b_name, buf,
5388 size = strlen(zone->zone_initname) + 1;
5392 err = copyoutstr(zone->zone_initname, buf, bufsize,
5399 if (zone->zone_bootargs == NULL)
5402 outstr = zone->zone_bootargs;
5413 size = sizeof (zone->zone_phys_mcap);
5417 copyout(&zone->zone_phys_mcap, buf, bufsize) != 0)
5423 if (zone->zone_defaultcid >= loaded_classes)
5426 outstr = sclass[zone->zone_defaultcid].cl_name;
5439 if (zone->zone_hostid != HW_INVALID_HOSTID &&
5440 bufsize == sizeof (zone->zone_hostid)) {
5441 size = sizeof (zone->zone_hostid);
5442 if (buf != NULL && copyout(&zone->zone_hostid, buf,
5450 if (zone->zone_fs_allowed == NULL)
5453 outstr = zone->zone_fs_allowed;
5475 if ((attr >= ZONE_ATTR_BRAND_ATTRS) && ZONE_IS_BRANDED(zone)) {
5477 error = ZBROP(zone)->b_getattr(zone, attr, buf, &size);
5482 zone_rele(zone);
5496 zone_t *zone;
5506 * global zone.
5513 if ((zone = zone_find_all_by_id(zoneid)) == NULL) {
5517 zone_hold(zone);
5524 zone_status = zone_status_get(zone);
5532 err = zone_set_initname(zone, (const char *)buf);
5535 zone->zone_restart_init = B_FALSE;
5539 err = zone_set_bootargs(zone, (const char *)buf);
5542 err = zone_set_brand(zone, (const char *)buf);
5545 err = zone_set_fs_allowed(zone, (const char *)buf);
5548 err = zone_set_phys_mcap(zone, (const uint64_t *)buf);
5551 err = zone_set_sched_class(zone, (const char *)buf);
5554 if (bufsize == sizeof (zone->zone_hostid)) {
5555 if (copyin(buf, &zone->zone_hostid, bufsize) == 0)
5578 if ((attr >= ZONE_ATTR_BRAND_ATTRS) && ZONE_IS_BRANDED(zone))
5579 err = ZBROP(zone)->b_setattr(zone, attr, buf, bufsize);
5585 zone_rele(zone);
5595 * swap. This is because the counting for zone.max-swap does not allow swap
5596 * reservation to be shared between zones. zone swap reservation is counted
5597 * on zone->zone_max_swap.
5613 * Cannot enter zone with shared anon memory which
5658 * The current process is injected into said zone. In the process
5660 * zone-wide rctls, and pool association to match those of the zone.
5662 * The first zone_enter() called while the zone is in the ZONE_IS_READY
5664 * enter a zone that is "ready" or "running".
5669 zone_t *zone;
5720 zone = zone_find_all_by_id(zoneid);
5721 if (zone == NULL) {
5728 * To prevent processes in a zone from holding contracts on
5751 * restarted init (or other zone-penetrating process) its
5758 if (contract_getzuniqid(next) != zone->zone_uniqid) {
5771 status = zone_status_get(zone);
5784 if (!priv_issubset(zone->zone_privset, &CR_OPPRIV(CRED()))) {
5792 * since the zone can't disappear (we have a hold on it).
5794 zone_hold(zone);
5800 * until we join the zone.
5803 zone_rele(zone);
5809 * Bind ourselves to the pool currently associated with the zone.
5812 newpool = zone_pool_get(zone);
5817 zone_rele(zone);
5828 * Make sure the zone hasn't moved on since we dropped zonehash_lock.
5830 if (zone_status_get(zone) >= ZONE_IS_SHUTTING_DOWN) {
5841 zone_rele(zone);
5848 * reservation from the global zone to the non global zone because
5856 zone_proj0 = zone->zone_zsched->p_task->tk_proj;
5858 mutex_enter(&zone->zone_nlwps_lock);
5859 /* add new lwps to zone and zone's proj0 */
5861 zone->zone_nlwps += pp->p_lwpcnt;
5862 /* add 1 task to zone's proj0 */
5866 zone->zone_nprocs++;
5867 mutex_exit(&zone->zone_nlwps_lock);
5869 mutex_enter(&zone->zone_mem_lock);
5870 zone->zone_locked_mem += pp->p_locked_mem;
5872 zone->zone_max_swap += swap;
5873 mutex_exit(&zone->zone_mem_lock);
5879 /* remove lwps and process from proc's old zone and old project */
5898 pp->p_zone = zone;
5903 * Joining the zone cannot fail from now on.
5912 * extra zone information, svc_fmri in this case
5921 * Reset the encapsulating process contract's zone.
5924 contract_setzuniqid(ct, zone->zone_uniqid);
5930 * We might as well be in project 0; the global zone's projid doesn't
5931 * make much sense in a zone anyhow.
5935 tk = task_create(0, zone);
5942 e.rcep_p.zone = zone;
5944 (void) rctl_set_dup(NULL, NULL, pp, &e, zone->zone_rctls, NULL,
5950 * the process and zone aren't going away, we know its session isn't
5954 * global zone of init's sid being the pid of sched. We extend this
5958 sp = zone->zone_zsched->p_sessp;
5959 sess_hold(zone->zone_zsched);
5964 pgjoin(pp, zone->zone_zsched->p_pidp);
5967 * If any threads are scheduled to be placed on zone wait queue they
5989 * If there is a default scheduling class for the zone and it is not
5994 if (zone->zone_defaultcid > 0 &&
5995 zone->zone_defaultcid != curthread->t_cid) {
5998 pcparms.pc_cid = zone->zone_defaultcid;
6002 * If setting the class fails, we still want to enter the zone.
6016 * We're firmly in the zone; let pools progress.
6021 * We don't need to retain a hold on the zone since we already
6022 * incremented zone_ntasks, so the zone isn't going anywhere.
6024 zone_rele(zone);
6029 vp = zone->zone_rootvp;
6040 crsetzone(newcr, zone);
6044 * Restrict all process privilege sets to zone limit
6046 priv_intersect(zone->zone_privset, &CR_PPRIV(newcr));
6047 priv_intersect(zone->zone_privset, &CR_EPRIV(newcr));
6048 priv_intersect(zone->zone_privset, &CR_IPRIV(newcr));
6049 priv_intersect(zone->zone_privset, &CR_LPRIV(newcr));
6054 * Adjust upcount to reflect zone entry.
6082 * Processes running in a (non-global) zone only see themselves.
6089 zone_t *zone, *myzone;
6102 /* just return current zone */
6115 for (zone = list_head(&zone_active);
6116 zone != NULL;
6117 zone = list_next(&zone_active, zone)) {
6118 if (zone->zone_id == GLOBAL_ZONEID)
6120 if (zone != myzone &&
6121 (zone->zone_flags & ZF_IS_SCRATCH))
6129 label2bslabel(zone->zone_slabel))) {
6131 zone->zone_id;
6144 for (zone = list_head(&zone_active); zone != NULL;
6145 zone = list_next(&zone_active, zone))
6146 zoneids[domi_nzones++] = zone->zone_id;
6187 zone_t *zone;
6192 /* return caller's zone id */
6203 zone = zone_find_all_by_name(kname);
6206 * In a non-global zone, can only lookup global and own name.
6207 * In Trusted Extensions zone label dominance rules apply.
6209 if (zone == NULL ||
6210 zone_status_get(zone) < ZONE_IS_READY ||
6211 !zone_list_access(zone)) {
6215 zoneid = zone->zone_id;
6233 zone(int cmd, void *arg1, void *arg2, void *arg3, void *arg4)
6330 zone_t *zone;
6364 zone_t *zone;
6371 zone = zargp->zone;
6375 zone_namelen = strlen(zone->zone_name) + 1;
6377 bcopy(zone->zone_name, zone_name, zone_namelen);
6378 zoneid = zone->zone_id;
6379 uniqid = zone->zone_uniqid;
6381 * zoneadmd may be down, but at least we can empty out the zone.
6386 (void) zone_empty(zone);
6387 ASSERT(zone_status_get(zone) >= ZONE_IS_EMPTY);
6388 zone_rele(zone);
6400 * Since we're not holding a reference to the zone, any number of
6401 * things can go wrong, including the zone disappearing before we get a
6446 if ((zone = zone_find_by_id(zoneid)) == NULL) {
6452 if (zone->zone_uniqid != uniqid) {
6456 zone_rele(zone);
6464 zone_rele(zone);
6477 * Entry point for uadmin() to tell the zone to go away or reboot. Analog to
6478 * kadmin(). The caller is a process in the zone.
6480 * In order to shutdown the zone, we will hand off control to zoneadmd
6481 * (running in the global zone) via a door. We do a half-hearted job at
6482 * killing all processes in the zone, create a kernel thread to contact
6483 * zoneadmd, and make note of the "uniqid" of the zone. The uniqid is
6485 * zone_destroy()) know exactly which zone they're re talking about.
6492 zone_t *zone;
6494 zone = curproc->p_zone;
6536 * is in the zone.
6538 ASSERT(zone_status_get(zone) < ZONE_IS_EMPTY);
6539 if (zone_status_get(zone) > ZONE_IS_RUNNING) {
6541 * This zone is already on its way down.
6549 zone_status_set(zone, ZONE_IS_SHUTTING_DOWN);
6557 killall(zone->zone_id);
6560 * work. This thread can't be created in our zone otherwise
6565 zargp->arg.uniqid = zone->zone_uniqid;
6566 zargp->zone = zone;
6572 zone_hold(zone);
6582 * Entry point so kadmin(A_SHUTDOWN, ...) can set the global zone's
6597 /* Modify the global zone's status first. */
6604 * could cause assertions to fail (e.g., assertions about a zone's
6607 * fail to boot the new zones when they see that the global zone is
6620 * Returns true if the named dataset is visible in the current zone.
6629 zone_t *zone = curproc->p_zone;
6641 for (zd = list_head(&zone->zone_datasets); zd != NULL;
6642 zd = list_next(&zone->zone_datasets, zd)) {
6662 for (zd = list_head(&zone->zone_datasets); zd != NULL;
6663 zd = list_next(&zone->zone_datasets, zd)) {
6681 * zone_vfslist of this zone. If found, return true and note that it is
6695 vfsp = zone->zone_vfslist;
6727 } while (vfsp != zone->zone_vfslist);
6737 * effectively compares against zone paths rather than zonerootpath
6740 * paths, whether zone-visible or not, including those which are parallel
6743 * If the specified path does not fall under any zone path then global
6744 * zone is returned.
6750 * The caller is responsible for zone_rele of the returned zone.
6755 zone_t *zone;
6769 for (zone = list_head(&zone_active); zone != NULL;
6770 zone = list_next(&zone_active, zone)) {
6775 if (zone == global_zone) /* skip global zone */
6779 c = zone->zone_rootpath + zone->zone_rootpathlen - 2;
6784 pathlen = c - zone->zone_rootpath + 1 - path_offset;
6785 rootpath_start = (zone->zone_rootpath + path_offset);
6789 if (zone == NULL)
6790 zone = global_zone;
6791 zone_hold(zone);
6793 return (zone);
6797 * Finds a zone_dl_t with the given linkid in the given zone. Returns the
6801 zone_find_dl(zone_t *zone, datalink_id_t linkid)
6805 ASSERT(mutex_owned(&zone->zone_lock));
6806 for (zdl = list_head(&zone->zone_dl_list); zdl != NULL;
6807 zdl = list_next(&zone->zone_dl_list, zdl)) {
6815 zone_dl_exists(zone_t *zone, datalink_id_t linkid)
6819 mutex_enter(&zone->zone_lock);
6820 exists = (zone_find_dl(zone, linkid) != NULL);
6821 mutex_exit(&zone->zone_lock);
6826 * Add an data link name for the zone.
6832 zone_t *zone;
6838 /* Verify that the datalink ID doesn't already belong to a zone. */
6840 for (zone = list_head(&zone_active); zone != NULL;
6841 zone = list_next(&zone_active, zone)) {
6842 if (zone_dl_exists(zone, linkid)) {
6845 return (set_errno((zone == thiszone) ? EEXIST : EPERM));
6864 zone_t *zone;
6867 if ((zone = zone_find_by_id(zoneid)) == NULL)
6870 mutex_enter(&zone->zone_lock);
6871 if ((zdl = zone_find_dl(zone, linkid)) == NULL) {
6874 list_remove(&zone->zone_dl_list, zdl);
6878 mutex_exit(&zone->zone_lock);
6879 zone_rele(zone);
6884 * Using the zoneidp as ALL_ZONES, we can lookup which zone has been assigned
6891 zone_t *zone;
6895 if ((zone = zone_find_by_id(*zoneidp)) != NULL) {
6896 if (zone_dl_exists(zone, linkid))
6898 zone_rele(zone);
6904 for (zone = list_head(&zone_active); zone != NULL;
6905 zone = list_next(&zone_active, zone)) {
6906 if (zone_dl_exists(zone, linkid)) {
6907 *zoneidp = zone->zone_id;
6917 * Get the list of datalink IDs assigned to a zone.
6929 zone_t *zone;
6935 if ((zone = zone_find_by_id(zoneid)) == NULL)
6939 mutex_enter(&zone->zone_lock);
6940 for (zdl = list_head(&zone->zone_dl_list); zdl != NULL;
6941 zdl = list_next(&zone->zone_dl_list, zdl)) {
6949 mutex_exit(&zone->zone_lock);
6950 zone_rele(zone);
6955 mutex_exit(&zone->zone_lock);
6956 zone_rele(zone);
6967 * Public interface for looking up a zone by zoneid. It's a customized version
6969 * callbacks, since it doesn't have reference on the zone structure hence if
6970 * it is called elsewhere the zone could disappear after the zonehash_lock
6974 * 1. Doesn't check the status of the zone.
6978 * 3. Returns without the zone being held.
6983 zone_t *zone;
6987 zone = &zone0;
6989 zone = zone_find_all_by_id(zoneid);
6991 return (zone);
6995 * Walk the datalinks for a given zone
7001 zone_t *zone;
7007 if ((zone = zone_find_by_id(zoneid)) == NULL)
7014 mutex_enter(&zone->zone_lock);
7015 for (zdl = list_head(&zone->zone_dl_list); zdl != NULL;
7016 zdl = list_next(&zone->zone_dl_list, zdl)) {
7021 mutex_exit(&zone->zone_lock);
7022 zone_rele(zone);
7028 mutex_exit(&zone->zone_lock);
7029 zone_rele(zone);
7033 for (i = 0, zdl = list_head(&zone->zone_dl_list); zdl != NULL;
7034 i++, zdl = list_next(&zone->zone_dl_list, zdl)) {
7038 mutex_exit(&zone->zone_lock);
7045 zone_rele(zone);
7066 zone_t *zone;
7087 if ((zone = zone_find_by_id(zoneid)) == NULL) {
7091 mutex_enter(&zone->zone_lock);
7092 if ((zdl = zone_find_dl(zone, linkid)) == NULL) {
7111 mutex_exit(&zone->zone_lock);
7112 zone_rele(zone);
7122 zone_t *zone;
7142 if ((zone = zone_find_by_id(zoneid)) == NULL)
7145 mutex_enter(&zone->zone_lock);
7146 if ((zdl = zone_find_dl(zone, linkid)) == NULL) {
7164 mutex_exit(&zone->zone_lock);
7165 zone_rele(zone);