1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * fork.c - safe forking for svc.startd 28 * 29 * fork_configd() and fork_sulogin() are related, special cases that handle the 30 * spawning of specific client processes for svc.startd. 31 */ 32 33 #include <sys/contract/process.h> 34 #include <sys/corectl.h> 35 #include <sys/ctfs.h> 36 #include <sys/stat.h> 37 #include <sys/types.h> 38 #include <sys/uio.h> 39 #include <sys/wait.h> 40 #include <assert.h> 41 #include <errno.h> 42 #include <fcntl.h> 43 #include <libcontract.h> 44 #include <libcontract_priv.h> 45 #include <libscf_priv.h> 46 #include <limits.h> 47 #include <port.h> 48 #include <signal.h> 49 #include <stdarg.h> 50 #include <stdio.h> 51 #include <stdlib.h> 52 #include <string.h> 53 #include <unistd.h> 54 #include <utmpx.h> 55 56 #include "configd_exit.h" 57 #include "protocol.h" 58 #include "startd.h" 59 60 static struct utmpx *utmpp; /* pointer for getutxent() */ 61 62 pid_t 63 startd_fork1(int *forkerr) 64 { 65 pid_t p; 66 67 /* 68 * prefork stack 69 */ 70 wait_prefork(); 71 72 p = fork1(); 73 74 if (p == -1 && forkerr != NULL) 75 *forkerr = errno; 76 77 /* 78 * postfork stack 79 */ 80 wait_postfork(p); 81 82 return (p); 83 } 84 85 /* 86 * void fork_mount(char *, char *) 87 * Run mount(1M) with the given options and mount point. (mount(1M) has much 88 * hidden knowledge; it's much less correct to reimplement that logic here to 89 * save a fork(2)/exec(2) invocation.) 90 */ 91 int 92 fork_mount(char *path, char *opts) 93 { 94 pid_t pid; 95 uint_t tries = 0; 96 int status; 97 98 for (pid = fork1(); pid == -1; pid = fork1()) { 99 if (++tries > MAX_MOUNT_RETRIES) 100 return (-1); 101 102 (void) sleep(tries); 103 } 104 105 if (pid != 0) { 106 (void) waitpid(pid, &status, 0); 107 108 /* 109 * If our mount(1M) invocation exited by peculiar means, or with 110 * a non-zero status, our mount likelihood is low. 111 */ 112 if (!WIFEXITED(status) || 113 WEXITSTATUS(status) != 0) 114 return (-1); 115 116 return (0); 117 } 118 119 (void) execl("/sbin/mount", "mount", "-o", opts, path, NULL); 120 121 return (-1); 122 } 123 124 /* 125 * pid_t fork_common(...) 126 * Common routine used by fork_sulogin and fork_configd to fork a 127 * process in a contract with the provided terms. Invokes 128 * fork_sulogin (with its no-fork argument set) on errors. 129 */ 130 static pid_t 131 fork_common(const char *name, const char *svc_fmri, int retries, ctid_t *ctidp, 132 uint_t inf, uint_t crit, uint_t fatal, uint_t param, uint64_t cookie) 133 { 134 uint_t tries = 0; 135 int ctfd, err; 136 pid_t pid; 137 138 /* 139 * Establish process contract terms. 140 */ 141 if ((ctfd = open64(CTFS_ROOT "/process/template", O_RDWR)) == -1) { 142 fork_sulogin(B_TRUE, "Could not open process contract template " 143 "for %s: %s\n", name, strerror(errno)); 144 /* NOTREACHED */ 145 } 146 147 err = ct_tmpl_set_critical(ctfd, crit); 148 err |= ct_pr_tmpl_set_fatal(ctfd, fatal); 149 err |= ct_tmpl_set_informative(ctfd, inf); 150 err |= ct_pr_tmpl_set_param(ctfd, param); 151 err |= ct_tmpl_set_cookie(ctfd, cookie); 152 err |= ct_pr_tmpl_set_svc_fmri(ctfd, svc_fmri); 153 err |= ct_pr_tmpl_set_svc_aux(ctfd, name); 154 if (err) { 155 (void) close(ctfd); 156 fork_sulogin(B_TRUE, "Could not set %s process contract " 157 "terms\n", name); 158 /* NOTREACHED */ 159 } 160 161 if (err = ct_tmpl_activate(ctfd)) { 162 (void) close(ctfd); 163 fork_sulogin(B_TRUE, "Could not activate %s process contract " 164 "template: %s\n", name, strerror(err)); 165 /* NOTREACHED */ 166 } 167 168 /* 169 * Attempt to fork "retries" times. 170 */ 171 for (pid = fork1(); pid == -1; pid = fork1()) { 172 if (++tries > retries) { 173 /* 174 * When we exit the sulogin session, init(1M) 175 * will restart svc.startd(1M). 176 */ 177 err = errno; 178 (void) ct_tmpl_clear(ctfd); 179 (void) close(ctfd); 180 fork_sulogin(B_TRUE, "Could not fork to start %s: %s\n", 181 name, strerror(err)); 182 /* NOTREACHED */ 183 } 184 (void) sleep(tries); 185 } 186 187 /* 188 * Clean up, return pid and ctid. 189 */ 190 if (pid != 0 && (errno = contract_latest(ctidp)) != 0) 191 uu_die("Could not get new contract id for %s\n", name); 192 (void) ct_tmpl_clear(ctfd); 193 (void) close(ctfd); 194 195 return (pid); 196 } 197 198 /* 199 * void fork_sulogin(boolean_t, const char *, ...) 200 * When we are invoked with the -s flag from boot (or run into an unfixable 201 * situation), we run a private copy of sulogin. When the sulogin session 202 * is ended, we continue. This is the last fallback action for system 203 * maintenance. 204 * 205 * If immediate is true, fork_sulogin() executes sulogin(1M) directly, without 206 * forking. 207 * 208 * Because fork_sulogin() is needed potentially before we daemonize, we leave 209 * it outside the wait_register() framework. 210 */ 211 /*PRINTFLIKE2*/ 212 void 213 fork_sulogin(boolean_t immediate, const char *format, ...) 214 { 215 va_list args; 216 int fd_console; 217 218 (void) printf("Requesting System Maintenance Mode\n"); 219 220 if (!booting_to_single_user) 221 (void) printf("(See /lib/svc/share/README for more " 222 "information.)\n"); 223 224 va_start(args, format); 225 (void) vprintf(format, args); 226 va_end(args); 227 228 if (!immediate) { 229 ctid_t ctid; 230 pid_t pid; 231 232 pid = fork_common("sulogin", SVC_SULOGIN_FMRI, 233 MAX_SULOGIN_RETRIES, &ctid, CT_PR_EV_HWERR, 0, 234 CT_PR_EV_HWERR, CT_PR_PGRPONLY, SULOGIN_COOKIE); 235 236 if (pid != 0) { 237 (void) waitpid(pid, NULL, 0); 238 contract_abandon(ctid); 239 return; 240 } 241 /* close all inherited fds */ 242 closefrom(0); 243 } else { 244 (void) printf("Directly executing sulogin.\n"); 245 /* 246 * Can't call closefrom() in this MT section 247 * so safely close a minimum set of fds. 248 */ 249 (void) close(STDIN_FILENO); 250 (void) close(STDOUT_FILENO); 251 (void) close(STDERR_FILENO); 252 } 253 254 (void) setpgrp(); 255 256 /* open the console for sulogin */ 257 if ((fd_console = open("/dev/console", O_RDWR)) >= 0) { 258 if (fd_console != STDIN_FILENO) 259 while (dup2(fd_console, STDIN_FILENO) < 0 && 260 errno == EINTR) 261 ; 262 if (fd_console != STDOUT_FILENO) 263 while (dup2(fd_console, STDOUT_FILENO) < 0 && 264 errno == EINTR) 265 ; 266 if (fd_console != STDERR_FILENO) 267 while (dup2(fd_console, STDERR_FILENO) < 0 && 268 errno == EINTR) 269 ; 270 if (fd_console > STDERR_FILENO) 271 (void) close(fd_console); 272 } 273 274 setutxent(); 275 while ((utmpp = getutxent()) != NULL) { 276 if (strcmp(utmpp->ut_user, "LOGIN") != 0) { 277 if (strcmp(utmpp->ut_line, "console") == 0) { 278 (void) kill(utmpp->ut_pid, 9); 279 break; 280 } 281 } 282 } 283 284 (void) execl("/sbin/sulogin", "sulogin", NULL); 285 286 uu_warn("Could not exec() sulogin"); 287 288 exit(1); 289 } 290 291 #define CONFIGD_PATH "/lib/svc/bin/svc.configd" 292 293 /* 294 * void fork_configd(int status) 295 * We are interested in exit events (since the parent's exiting means configd 296 * is ready to run and since the child's exiting indicates an error case) and 297 * in empty events. This means we have a unique template for initiating 298 * configd. 299 */ 300 void 301 fork_configd(int exitstatus) 302 { 303 pid_t pid; 304 ctid_t ctid = -1; 305 int err; 306 char path[PATH_MAX]; 307 308 /* 309 * Checking the existatus for the potential failure of the 310 * daemonized svc.configd. If this is not the first time 311 * through, but a call from the svc.configd monitoring thread 312 * after a failure this is the status that is expected. Other 313 * failures are exposed during initialization or are fixed 314 * by a restart (e.g door closings). 315 * 316 * If this is on-disk database corruption it will also be 317 * caught by a restart but could be cleared before the restart. 318 * 319 * Or this could be internal database corruption due to a 320 * rogue service that needs to be cleared before restart. 321 */ 322 if (WEXITSTATUS(exitstatus) == CONFIGD_EXIT_DATABASE_BAD) { 323 fork_sulogin(B_FALSE, "svc.configd exited with database " 324 "corrupt error after initialization of the repository\n"); 325 } 326 327 retry: 328 log_framework(LOG_DEBUG, "fork_configd trying to start svc.configd\n"); 329 330 /* 331 * If we're retrying, we will have an old contract lying around 332 * from the failure. Since we're going to be creating a new 333 * contract shortly, we abandon the old one now. 334 */ 335 if (ctid != -1) 336 contract_abandon(ctid); 337 ctid = -1; 338 339 pid = fork_common("svc.configd", SCF_SERVICE_CONFIGD, 340 MAX_CONFIGD_RETRIES, &ctid, 0, CT_PR_EV_EXIT, 0, 341 CT_PR_INHERIT | CT_PR_REGENT, CONFIGD_COOKIE); 342 343 if (pid != 0) { 344 int exitstatus; 345 346 st->st_configd_pid = pid; 347 348 if (waitpid(pid, &exitstatus, 0) == -1) { 349 fork_sulogin(B_FALSE, "waitpid on svc.configd " 350 "failed: %s\n", strerror(errno)); 351 } else if (WIFEXITED(exitstatus)) { 352 char *errstr; 353 354 /* 355 * Examine exitstatus. This will eventually get more 356 * complicated, as we will want to teach startd how to 357 * invoke configd with alternate repositories, etc. 358 * 359 * Note that exec(2) failure results in an exit status 360 * of 1, resulting in the default clause below. 361 */ 362 363 /* 364 * Assign readable strings to cases we don't handle, or 365 * have error outcomes that cannot be eliminated. 366 */ 367 switch (WEXITSTATUS(exitstatus)) { 368 case CONFIGD_EXIT_BAD_ARGS: 369 errstr = "bad arguments"; 370 break; 371 372 case CONFIGD_EXIT_DATABASE_BAD: 373 errstr = "database corrupt"; 374 break; 375 376 case CONFIGD_EXIT_DATABASE_LOCKED: 377 errstr = "database locked"; 378 break; 379 case CONFIGD_EXIT_INIT_FAILED: 380 errstr = "initialization failure"; 381 break; 382 case CONFIGD_EXIT_DOOR_INIT_FAILED: 383 errstr = "door initialization failure"; 384 break; 385 case CONFIGD_EXIT_DATABASE_INIT_FAILED: 386 errstr = "database initialization failure"; 387 break; 388 case CONFIGD_EXIT_NO_THREADS: 389 errstr = "no threads available"; 390 break; 391 case CONFIGD_EXIT_LOST_MAIN_DOOR: 392 errstr = "lost door server attachment"; 393 break; 394 case 1: 395 errstr = "execution failure"; 396 break; 397 default: 398 errstr = "unknown error"; 399 break; 400 } 401 402 /* 403 * Remedial actions for various configd failures. 404 */ 405 switch (WEXITSTATUS(exitstatus)) { 406 case CONFIGD_EXIT_OKAY: 407 break; 408 409 case CONFIGD_EXIT_DATABASE_LOCKED: 410 /* attempt remount of / read-write */ 411 if (fs_is_read_only("/", NULL) == 1) { 412 if (fs_remount("/") == -1) 413 fork_sulogin(B_FALSE, 414 "remount of root " 415 "filesystem failed\n"); 416 417 goto retry; 418 } 419 break; 420 421 default: 422 fork_sulogin(B_FALSE, "svc.configd exited " 423 "with status %d (%s)\n", 424 WEXITSTATUS(exitstatus), errstr); 425 goto retry; 426 } 427 } else if (WIFSIGNALED(exitstatus)) { 428 char signame[SIG2STR_MAX]; 429 430 if (sig2str(WTERMSIG(exitstatus), signame)) 431 (void) snprintf(signame, SIG2STR_MAX, 432 "signum %d", WTERMSIG(exitstatus)); 433 434 fork_sulogin(B_FALSE, "svc.configd signalled:" 435 " %s\n", signame); 436 437 goto retry; 438 } else { 439 fork_sulogin(B_FALSE, "svc.configd non-exit " 440 "condition: 0x%x\n", exitstatus); 441 442 goto retry; 443 } 444 445 /* 446 * Announce that we have a valid svc.configd status. 447 */ 448 MUTEX_LOCK(&st->st_configd_live_lock); 449 st->st_configd_lives = 1; 450 err = pthread_cond_broadcast(&st->st_configd_live_cv); 451 assert(err == 0); 452 MUTEX_UNLOCK(&st->st_configd_live_lock); 453 454 log_framework(LOG_DEBUG, "fork_configd broadcasts configd is " 455 "live\n"); 456 return; 457 } 458 459 /* 460 * Set our per-process core file path to leave core files in 461 * /etc/svc/volatile directory, named after the PID to aid in debugging. 462 */ 463 (void) snprintf(path, sizeof (path), 464 "/etc/svc/volatile/core.configd.%%p"); 465 466 (void) core_set_process_path(path, strlen(path) + 1, getpid()); 467 468 log_framework(LOG_DEBUG, "executing svc.configd\n"); 469 470 (void) execl(CONFIGD_PATH, CONFIGD_PATH, NULL); 471 472 /* 473 * Status code is used above to identify configd exec failure. 474 */ 475 exit(1); 476 } 477 478 void * 479 fork_configd_thread(void *vctid) 480 { 481 int fd, err; 482 ctid_t configd_ctid = (ctid_t)vctid; 483 484 if (configd_ctid == -1) { 485 log_framework(LOG_DEBUG, 486 "fork_configd_thread starting svc.configd\n"); 487 fork_configd(0); 488 } else { 489 /* 490 * configd_ctid is known: we broadcast and continue. 491 * test contract for appropriate state by verifying that 492 * there is one or more processes within it? 493 */ 494 log_framework(LOG_DEBUG, 495 "fork_configd_thread accepting svc.configd with CTID %ld\n", 496 configd_ctid); 497 MUTEX_LOCK(&st->st_configd_live_lock); 498 st->st_configd_lives = 1; 499 (void) pthread_cond_broadcast(&st->st_configd_live_cv); 500 MUTEX_UNLOCK(&st->st_configd_live_lock); 501 } 502 503 fd = open64(CTFS_ROOT "/process/pbundle", O_RDONLY); 504 if (fd == -1) 505 uu_die("process bundle open failed"); 506 507 /* 508 * Make sure we get all events (including those generated by configd 509 * before this thread was started). 510 */ 511 err = ct_event_reset(fd); 512 assert(err == 0); 513 514 for (;;) { 515 int efd, sfd; 516 ct_evthdl_t ev; 517 uint32_t type; 518 ctevid_t evid; 519 ct_stathdl_t status; 520 ctid_t ctid; 521 uint64_t cookie; 522 pid_t pid; 523 524 if (err = ct_event_read_critical(fd, &ev)) { 525 assert(err != EINVAL && err != EAGAIN); 526 log_error(LOG_WARNING, 527 "Error reading next contract event: %s", 528 strerror(err)); 529 continue; 530 } 531 532 evid = ct_event_get_evid(ev); 533 ctid = ct_event_get_ctid(ev); 534 type = ct_event_get_type(ev); 535 536 /* Fetch cookie. */ 537 sfd = contract_open(ctid, "process", "status", O_RDONLY); 538 if (sfd < 0) { 539 ct_event_free(ev); 540 continue; 541 } 542 543 if (err = ct_status_read(sfd, CTD_COMMON, &status)) { 544 log_framework(LOG_WARNING, "Could not get status for " 545 "contract %ld: %s\n", ctid, strerror(err)); 546 547 ct_event_free(ev); 548 startd_close(sfd); 549 continue; 550 } 551 552 cookie = ct_status_get_cookie(status); 553 554 ct_status_free(status); 555 556 startd_close(sfd); 557 558 /* 559 * Don't process events from contracts we aren't interested in. 560 */ 561 if (cookie != CONFIGD_COOKIE) { 562 ct_event_free(ev); 563 continue; 564 } 565 566 if (type == CT_PR_EV_EXIT) { 567 int exitstatus; 568 569 (void) ct_pr_event_get_pid(ev, &pid); 570 (void) ct_pr_event_get_exitstatus(ev, 571 &exitstatus); 572 573 if (st->st_configd_pid != pid) { 574 /* 575 * This is the child exiting, so we 576 * abandon the contract and restart 577 * configd. 578 */ 579 contract_abandon(ctid); 580 fork_configd(exitstatus); 581 } 582 } 583 584 efd = contract_open(ctid, "process", "ctl", O_WRONLY); 585 if (efd != -1) { 586 (void) ct_ctl_ack(efd, evid); 587 startd_close(efd); 588 } 589 590 ct_event_free(ev); 591 592 } 593 594 /*NOTREACHED*/ 595 return (NULL); 596 } 597 598 void 599 fork_rc_script(char rl, const char *arg, boolean_t wait) 600 { 601 pid_t pid; 602 int tmpl, err, stat; 603 char path[20] = "/sbin/rc.", log[20] = "rc..log", timebuf[20]; 604 time_t now; 605 struct tm ltime; 606 size_t sz; 607 char *pathenv; 608 char **nenv; 609 610 path[8] = rl; 611 612 tmpl = open64(CTFS_ROOT "/process/template", O_RDWR); 613 if (tmpl >= 0) { 614 err = ct_tmpl_set_critical(tmpl, 0); 615 assert(err == 0); 616 617 err = ct_tmpl_set_informative(tmpl, 0); 618 assert(err == 0); 619 620 err = ct_pr_tmpl_set_fatal(tmpl, 0); 621 assert(err == 0); 622 623 err = ct_tmpl_activate(tmpl); 624 assert(err == 0); 625 626 err = close(tmpl); 627 assert(err == 0); 628 } else { 629 uu_warn("Could not create contract template for %s.\n", path); 630 } 631 632 pid = startd_fork1(NULL); 633 if (pid < 0) { 634 return; 635 } else if (pid != 0) { 636 /* parent */ 637 if (wait) { 638 do 639 err = waitpid(pid, &stat, 0); 640 while (err != 0 && errno == EINTR) 641 ; 642 643 if (!WIFEXITED(stat)) { 644 log_framework(LOG_INFO, 645 "%s terminated with waitpid() status %d.\n", 646 path, stat); 647 } else if (WEXITSTATUS(stat) != 0) { 648 log_framework(LOG_INFO, 649 "%s failed with status %d.\n", path, 650 WEXITSTATUS(stat)); 651 } 652 } 653 654 return; 655 } 656 657 /* child */ 658 659 log[2] = rl; 660 661 setlog(log); 662 663 now = time(NULL); 664 sz = strftime(timebuf, sizeof (timebuf), "%b %e %T", 665 localtime_r(&now, <ime)); 666 assert(sz != 0); 667 668 (void) fprintf(stderr, "%s Executing %s %s\n", timebuf, path, arg); 669 670 if (rl == 'S') 671 pathenv = "PATH=/sbin:/usr/sbin:/usr/bin"; 672 else 673 pathenv = "PATH=/usr/sbin:/usr/bin"; 674 675 nenv = set_smf_env(NULL, 0, pathenv, NULL, NULL); 676 677 (void) execle(path, path, arg, 0, nenv); 678 679 perror("exec"); 680 exit(0); 681 } 682