1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 * Copyright 2012 Joyent, Inc. All rights reserved. 26 */ 27 28 /* 29 * Console support for zones requires a significant infrastructure. The 30 * core pieces are contained in this file, but other portions of note 31 * are in the zlogin(1M) command, the zcons(7D) driver, and in the 32 * devfsadm(1M) misc_link generator. 33 * 34 * Care is taken to make the console behave in an "intuitive" fashion for 35 * administrators. Essentially, we try as much as possible to mimic the 36 * experience of using a system via a tip line and system controller. 37 * 38 * The zone console architecture looks like this: 39 * 40 * Global Zone | Non-Global Zone 41 * .--------------. | 42 * .-----------. | zoneadmd -z | | .--------. .---------. 43 * | zlogin -C | | myzone | | | ttymon | | syslogd | 44 * `-----------' `--------------' | `--------' `---------' 45 * | | | | | | | 46 * User | | | | | V V 47 * - - - - - - - - -|- - - -|- - - -|-|- - - - - - -|- - /dev/zconsole - - - 48 * Kernel V V | | | 49 * [AF_UNIX Socket] | `--------. .-------------' 50 * | | | 51 * | V V 52 * | +-----------+ 53 * | | ldterm, | 54 * | | etc. | 55 * | +-----------+ 56 * | +-[Anchor]--+ 57 * | | ptem | 58 * V +-----------+ 59 * +---master---+---slave---+ 60 * | | 61 * | zcons driver | 62 * | zonename="myzone" | 63 * +------------------------+ 64 * 65 * There are basically two major tasks which the console subsystem in 66 * zoneadmd accomplishes: 67 * 68 * - Setup and teardown of zcons driver instances. One zcons instance 69 * is maintained per zone; we take advantage of the libdevice APIs 70 * to online new instances of zcons as needed. Care is taken to 71 * prune and manage these appropriately; see init_console_dev() and 72 * destroy_console_dev(). The end result is the creation of the 73 * zcons(7D) instance and an open file descriptor to the master side. 74 * zcons instances are associated with zones via their zonename device 75 * property. This the console instance to persist across reboots, 76 * and while the zone is halted. 77 * 78 * - Acting as a server for 'zlogin -C' instances. When zlogin -C is 79 * run, zlogin connects to zoneadmd via unix domain socket. zoneadmd 80 * functions as a two-way proxy for console I/O, relaying user input 81 * to the master side of the console, and relaying output from the 82 * zone to the user. 83 */ 84 85 #include <sys/types.h> 86 #include <sys/socket.h> 87 #include <sys/stat.h> 88 #include <sys/termios.h> 89 #include <sys/zcons.h> 90 #include <sys/mkdev.h> 91 92 #include <assert.h> 93 #include <ctype.h> 94 #include <errno.h> 95 #include <fcntl.h> 96 #include <stdarg.h> 97 #include <stdio.h> 98 #include <stdlib.h> 99 #include <strings.h> 100 #include <stropts.h> 101 #include <thread.h> 102 #include <ucred.h> 103 #include <unistd.h> 104 #include <zone.h> 105 106 #include <libdevinfo.h> 107 #include <libdevice.h> 108 #include <libzonecfg.h> 109 110 #include <syslog.h> 111 #include <sys/modctl.h> 112 113 #include "zoneadmd.h" 114 115 #define ZCONSNEX_DEVTREEPATH "/pseudo/zconsnex@1" 116 #define ZCONSNEX_FILEPATH "/devices/pseudo/zconsnex@1" 117 118 #define CONSOLE_SOCKPATH ZONES_TMPDIR "/%s.console_sock" 119 120 static int serverfd = -1; /* console server unix domain socket fd */ 121 char boot_args[BOOTARGS_MAX]; 122 char bad_boot_arg[BOOTARGS_MAX]; 123 124 /* 125 * The eventstream is a simple one-directional flow of messages from the 126 * door server to the console subsystem, implemented with a pipe. 127 * It is used to wake up the console poller when it needs to take action, 128 * message the user, die off, etc. 129 */ 130 static int eventstream[2]; 131 132 133 134 int 135 eventstream_init() 136 { 137 if (pipe(eventstream) == -1) 138 return (-1); 139 return (0); 140 } 141 142 void 143 eventstream_write(zone_evt_t evt) 144 { 145 (void) write(eventstream[0], &evt, sizeof (evt)); 146 } 147 148 static zone_evt_t 149 eventstream_read(void) 150 { 151 zone_evt_t evt = Z_EVT_NULL; 152 153 (void) read(eventstream[1], &evt, sizeof (evt)); 154 return (evt); 155 } 156 157 /* 158 * count_console_devs() and its helper count_cb() do a walk of the 159 * subtree of the device tree where zone console nodes are represented. 160 * The goal is to count zone console instances already setup for a zone 161 * with the given name. More than 1 is anomolous, and our caller will 162 * have to deal with that if we find that's the case. 163 * 164 * Note: this algorithm is a linear search of nodes in the zconsnex subtree 165 * of the device tree, and could be a scalability problem, but I don't see 166 * how to avoid it. 167 */ 168 169 /* 170 * cb_data is shared by count_cb and destroy_cb for simplicity. 171 */ 172 struct cb_data { 173 zlog_t *zlogp; 174 int found; 175 int killed; 176 }; 177 178 static int 179 count_cb(di_node_t node, void *arg) 180 { 181 struct cb_data *cb = (struct cb_data *)arg; 182 char *prop_data; 183 184 if (di_prop_lookup_strings(DDI_DEV_T_ANY, node, "zonename", 185 &prop_data) != -1) { 186 assert(prop_data != NULL); 187 if (strcmp(prop_data, zone_name) == 0) { 188 cb->found++; 189 return (DI_WALK_CONTINUE); 190 } 191 } 192 return (DI_WALK_CONTINUE); 193 } 194 195 static int 196 count_console_devs(zlog_t *zlogp) 197 { 198 di_node_t root; 199 struct cb_data cb; 200 201 bzero(&cb, sizeof (cb)); 202 cb.zlogp = zlogp; 203 204 if ((root = di_init(ZCONSNEX_DEVTREEPATH, DINFOCPYALL)) == 205 DI_NODE_NIL) { 206 zerror(zlogp, B_TRUE, "%s failed", "di_init"); 207 return (-1); 208 } 209 210 (void) di_walk_node(root, DI_WALK_CLDFIRST, (void *)&cb, count_cb); 211 di_fini(root); 212 return (cb.found); 213 } 214 215 /* 216 * destroy_console_devs() and its helper destroy_cb() tears down any console 217 * instances associated with this zone. If things went very wrong, we 218 * might have more than one console instance hanging around. This routine 219 * hunts down and tries to remove all of them. Of course, if the console 220 * is open, the instance will not detach, which is a potential issue. 221 */ 222 static int 223 destroy_cb(di_node_t node, void *arg) 224 { 225 struct cb_data *cb = (struct cb_data *)arg; 226 char *prop_data; 227 char *tmp; 228 char devpath[MAXPATHLEN]; 229 devctl_hdl_t hdl; 230 231 if (di_prop_lookup_strings(DDI_DEV_T_ANY, node, "zonename", 232 &prop_data) == -1) 233 return (DI_WALK_CONTINUE); 234 235 assert(prop_data != NULL); 236 if (strcmp(prop_data, zone_name) != 0) { 237 /* this is the console for a different zone */ 238 return (DI_WALK_CONTINUE); 239 } 240 241 cb->found++; 242 tmp = di_devfs_path(node); 243 (void) snprintf(devpath, sizeof (devpath), "/devices/%s", tmp); 244 di_devfs_path_free(tmp); 245 246 if ((hdl = devctl_device_acquire(devpath, 0)) == NULL) { 247 zerror(cb->zlogp, B_TRUE, "WARNING: console %s found, " 248 "but it could not be controlled.", devpath); 249 return (DI_WALK_CONTINUE); 250 } 251 if (devctl_device_remove(hdl) == 0) { 252 cb->killed++; 253 } else { 254 zerror(cb->zlogp, B_TRUE, "WARNING: console %s found, " 255 "but it could not be removed.", devpath); 256 } 257 devctl_release(hdl); 258 return (DI_WALK_CONTINUE); 259 } 260 261 static int 262 destroy_console_devs(zlog_t *zlogp) 263 { 264 char conspath[MAXPATHLEN]; 265 di_node_t root; 266 struct cb_data cb; 267 int masterfd; 268 int slavefd; 269 270 /* 271 * Signal the master side to release its handle on the slave side by 272 * issuing a ZC_RELEASESLAVE ioctl. 273 */ 274 (void) snprintf(conspath, sizeof (conspath), "/dev/zcons/%s/%s", 275 zone_name, ZCONS_MASTER_NAME); 276 if ((masterfd = open(conspath, O_RDWR | O_NOCTTY)) != -1) { 277 (void) snprintf(conspath, sizeof (conspath), "/dev/zcons/%s/%s", 278 zone_name, ZCONS_SLAVE_NAME); 279 if ((slavefd = open(conspath, O_RDWR | O_NOCTTY)) != -1) { 280 if (ioctl(masterfd, ZC_RELEASESLAVE, 281 (caddr_t)(intptr_t)slavefd) != 0) 282 zerror(zlogp, B_TRUE, "WARNING: error while " 283 "releasing slave handle of zone console for" 284 " %s", zone_name); 285 (void) close(slavefd); 286 } else { 287 zerror(zlogp, B_TRUE, "WARNING: could not open slave " 288 "side of zone console for %s to release slave " 289 "handle", zone_name); 290 } 291 (void) close(masterfd); 292 } else { 293 zerror(zlogp, B_TRUE, "WARNING: could not open master side of " 294 "zone console for %s to release slave handle", zone_name); 295 } 296 297 bzero(&cb, sizeof (cb)); 298 cb.zlogp = zlogp; 299 300 if ((root = di_init(ZCONSNEX_DEVTREEPATH, DINFOCPYALL)) == 301 DI_NODE_NIL) { 302 zerror(zlogp, B_TRUE, "%s failed", "di_init"); 303 return (-1); 304 } 305 306 (void) di_walk_node(root, DI_WALK_CLDFIRST, (void *)&cb, destroy_cb); 307 if (cb.found > 1) { 308 zerror(zlogp, B_FALSE, "WARNING: multiple zone console " 309 "instances detected for zone '%s'; %d of %d " 310 "successfully removed.", 311 zone_name, cb.killed, cb.found); 312 } 313 314 di_fini(root); 315 return (0); 316 } 317 318 /* 319 * init_console_dev() drives the device-tree configuration of the zone 320 * console device. The general strategy is to use the libdevice (devctl) 321 * interfaces to instantiate a new zone console node. We do a lot of 322 * sanity checking, and are careful to reuse a console if one exists. 323 * 324 * Once the device is in the device tree, we kick devfsadm via di_init_devs() 325 * to ensure that the appropriate symlinks (to the master and slave console 326 * devices) are placed in /dev in the global zone. 327 */ 328 static int 329 init_console_dev(zlog_t *zlogp) 330 { 331 char conspath[MAXPATHLEN]; 332 devctl_hdl_t bus_hdl = NULL; 333 devctl_hdl_t dev_hdl = NULL; 334 devctl_ddef_t ddef_hdl = NULL; 335 di_devlink_handle_t dl = NULL; 336 int rv = -1; 337 int ndevs; 338 int masterfd; 339 int slavefd; 340 int i; 341 342 /* 343 * Don't re-setup console if it is working and ready already; just 344 * skip ahead to making devlinks, which we do for sanity's sake. 345 */ 346 ndevs = count_console_devs(zlogp); 347 if (ndevs == 1) { 348 goto devlinks; 349 } else if (ndevs > 1 || ndevs == -1) { 350 /* 351 * For now, this seems like a reasonable but harsh punishment. 352 * If needed, we could try to get clever and delete all but 353 * the console which is pointed at by the current symlink. 354 */ 355 if (destroy_console_devs(zlogp) == -1) { 356 goto error; 357 } 358 } 359 360 /* 361 * Time to make the consoles! 362 */ 363 if ((bus_hdl = devctl_bus_acquire(ZCONSNEX_FILEPATH, 0)) == NULL) { 364 zerror(zlogp, B_TRUE, "%s failed", "devctl_bus_acquire"); 365 goto error; 366 } 367 if ((ddef_hdl = devctl_ddef_alloc("zcons", 0)) == NULL) { 368 zerror(zlogp, B_TRUE, "failed to allocate ddef handle"); 369 goto error; 370 } 371 /* 372 * Set three properties on this node; the first is the name of the 373 * zone; the second is a flag which lets pseudo know that it is 374 * OK to automatically allocate an instance # for this device; 375 * the third tells the device framework not to auto-detach this 376 * node-- we need the node to still be there when we ask devfsadmd 377 * to make links, and when we need to open it. 378 */ 379 if (devctl_ddef_string(ddef_hdl, "zonename", zone_name) == -1) { 380 zerror(zlogp, B_TRUE, "failed to create zonename property"); 381 goto error; 382 } 383 if (devctl_ddef_int(ddef_hdl, "auto-assign-instance", 1) == -1) { 384 zerror(zlogp, B_TRUE, "failed to create auto-assign-instance " 385 "property"); 386 goto error; 387 } 388 if (devctl_ddef_int(ddef_hdl, "ddi-no-autodetach", 1) == -1) { 389 zerror(zlogp, B_TRUE, "failed to create ddi-no-auto-detach " 390 "property"); 391 goto error; 392 } 393 if (devctl_bus_dev_create(bus_hdl, ddef_hdl, 0, &dev_hdl) == -1) { 394 zerror(zlogp, B_TRUE, "failed to create console node"); 395 goto error; 396 } 397 398 devlinks: 399 if ((dl = di_devlink_init("zcons", DI_MAKE_LINK)) != NULL) { 400 (void) di_devlink_fini(&dl); 401 } else { 402 zerror(zlogp, B_TRUE, "failed to create devlinks"); 403 goto error; 404 } 405 406 /* 407 * Open the master side of the console and issue the ZC_HOLDSLAVE ioctl, 408 * which will cause the master to retain a reference to the slave. 409 * This prevents ttymon from blowing through the slave's STREAMS anchor. 410 */ 411 (void) snprintf(conspath, sizeof (conspath), "/dev/zcons/%s/%s", 412 zone_name, ZCONS_MASTER_NAME); 413 if ((masterfd = open(conspath, O_RDWR | O_NOCTTY)) == -1) { 414 zerror(zlogp, B_TRUE, "ERROR: could not open master side of " 415 "zone console for %s to acquire slave handle", zone_name); 416 goto error; 417 } 418 (void) snprintf(conspath, sizeof (conspath), "/dev/zcons/%s/%s", 419 zone_name, ZCONS_SLAVE_NAME); 420 if ((slavefd = open(conspath, O_RDWR | O_NOCTTY)) == -1) { 421 zerror(zlogp, B_TRUE, "ERROR: could not open slave side of zone" 422 " console for %s to acquire slave handle", zone_name); 423 (void) close(masterfd); 424 goto error; 425 } 426 /* 427 * This ioctl can occasionally return ENXIO if devfs doesn't have 428 * everything plumbed up yet due to heavy zone startup load. Wait for 429 * 1 sec. and retry a few times before we fail to boot the zone. 430 */ 431 for (i = 0; i < 5; i++) { 432 if (ioctl(masterfd, ZC_HOLDSLAVE, (caddr_t)(intptr_t)slavefd) 433 == 0) { 434 rv = 0; 435 break; 436 } else if (errno != ENXIO) { 437 break; 438 } 439 (void) sleep(1); 440 } 441 if (rv != 0) 442 zerror(zlogp, B_TRUE, "ERROR: error while acquiring slave " 443 "handle of zone console for %s", zone_name); 444 445 (void) close(slavefd); 446 (void) close(masterfd); 447 448 error: 449 if (ddef_hdl) 450 devctl_ddef_free(ddef_hdl); 451 if (bus_hdl) 452 devctl_release(bus_hdl); 453 if (dev_hdl) 454 devctl_release(dev_hdl); 455 return (rv); 456 } 457 458 static int 459 init_console_sock(zlog_t *zlogp) 460 { 461 int servfd; 462 struct sockaddr_un servaddr; 463 464 bzero(&servaddr, sizeof (servaddr)); 465 servaddr.sun_family = AF_UNIX; 466 (void) snprintf(servaddr.sun_path, sizeof (servaddr.sun_path), 467 CONSOLE_SOCKPATH, zone_name); 468 469 if ((servfd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { 470 zerror(zlogp, B_TRUE, "console setup: could not create socket"); 471 return (-1); 472 } 473 (void) unlink(servaddr.sun_path); 474 475 if (bind(servfd, (struct sockaddr *)&servaddr, 476 sizeof (servaddr)) == -1) { 477 zerror(zlogp, B_TRUE, 478 "console setup: could not bind to socket"); 479 goto out; 480 } 481 482 if (listen(servfd, 4) == -1) { 483 zerror(zlogp, B_TRUE, 484 "console setup: could not listen on socket"); 485 goto out; 486 } 487 return (servfd); 488 489 out: 490 (void) unlink(servaddr.sun_path); 491 (void) close(servfd); 492 return (-1); 493 } 494 495 static void 496 destroy_console_sock(int servfd) 497 { 498 char path[MAXPATHLEN]; 499 500 (void) snprintf(path, sizeof (path), CONSOLE_SOCKPATH, zone_name); 501 (void) unlink(path); 502 (void) shutdown(servfd, SHUT_RDWR); 503 (void) close(servfd); 504 } 505 506 /* 507 * Read the "ident" string from the client's descriptor; this routine also 508 * tolerates being called with pid=NULL, for times when you want to "eat" 509 * the ident string from a client without saving it. 510 */ 511 static int 512 get_client_ident(int clifd, pid_t *pid, char *locale, size_t locale_len) 513 { 514 char buf[BUFSIZ], *bufp; 515 size_t buflen = sizeof (buf); 516 char c = '\0'; 517 int i = 0, r; 518 519 /* "eat up the ident string" case, for simplicity */ 520 if (pid == NULL) { 521 assert(locale == NULL && locale_len == 0); 522 while (read(clifd, &c, 1) == 1) { 523 if (c == '\n') 524 return (0); 525 } 526 } 527 528 bzero(buf, sizeof (buf)); 529 while ((buflen > 1) && (r = read(clifd, &c, 1)) == 1) { 530 buflen--; 531 if (c == '\n') 532 break; 533 534 buf[i] = c; 535 i++; 536 } 537 if (r == -1) 538 return (-1); 539 540 /* 541 * We've filled the buffer, but still haven't seen \n. Keep eating 542 * until we find it; we don't expect this to happen, but this is 543 * defensive. 544 */ 545 if (c != '\n') { 546 while ((r = read(clifd, &c, sizeof (c))) > 0) 547 if (c == '\n') 548 break; 549 } 550 551 /* 552 * Parse buffer for message of the form: IDENT <pid> <locale> 553 */ 554 bufp = buf; 555 if (strncmp(bufp, "IDENT ", 6) != 0) 556 return (-1); 557 bufp += 6; 558 errno = 0; 559 *pid = strtoll(bufp, &bufp, 10); 560 if (errno != 0) 561 return (-1); 562 563 while (*bufp != '\0' && isspace(*bufp)) 564 bufp++; 565 (void) strlcpy(locale, bufp, locale_len); 566 567 return (0); 568 } 569 570 static int 571 accept_client(int servfd, pid_t *pid, char *locale, size_t locale_len) 572 { 573 int connfd; 574 struct sockaddr_un cliaddr; 575 socklen_t clilen; 576 577 clilen = sizeof (cliaddr); 578 connfd = accept(servfd, (struct sockaddr *)&cliaddr, &clilen); 579 if (connfd == -1) 580 return (-1); 581 if (get_client_ident(connfd, pid, locale, locale_len) == -1) { 582 (void) shutdown(connfd, SHUT_RDWR); 583 (void) close(connfd); 584 return (-1); 585 } 586 (void) write(connfd, "OK\n", 3); 587 return (connfd); 588 } 589 590 static void 591 reject_client(int servfd, pid_t clientpid) 592 { 593 int connfd; 594 struct sockaddr_un cliaddr; 595 socklen_t clilen; 596 char nak[MAXPATHLEN]; 597 598 clilen = sizeof (cliaddr); 599 connfd = accept(servfd, (struct sockaddr *)&cliaddr, &clilen); 600 601 /* 602 * After hear its ident string, tell client to get lost. 603 */ 604 if (get_client_ident(connfd, NULL, NULL, 0) == 0) { 605 (void) snprintf(nak, sizeof (nak), "%lu\n", 606 clientpid); 607 (void) write(connfd, nak, strlen(nak)); 608 } 609 (void) shutdown(connfd, SHUT_RDWR); 610 (void) close(connfd); 611 } 612 613 static void 614 event_message(int clifd, char *clilocale, zone_evt_t evt) 615 { 616 char *str, *lstr = NULL; 617 char lmsg[BUFSIZ]; 618 char outbuf[BUFSIZ]; 619 620 if (clifd == -1) 621 return; 622 623 switch (evt) { 624 case Z_EVT_ZONE_BOOTING: 625 if (*boot_args == '\0') { 626 str = "NOTICE: Zone booting up"; 627 break; 628 } 629 /*LINTED*/ 630 (void) snprintf(lmsg, sizeof (lmsg), localize_msg(clilocale, 631 "NOTICE: Zone booting up with arguments: %s"), boot_args); 632 lstr = lmsg; 633 break; 634 case Z_EVT_ZONE_READIED: 635 str = "NOTICE: Zone readied"; 636 break; 637 case Z_EVT_ZONE_HALTED: 638 str = "NOTICE: Zone halted"; 639 break; 640 case Z_EVT_ZONE_REBOOTING: 641 if (*boot_args == '\0') { 642 str = "NOTICE: Zone rebooting"; 643 break; 644 } 645 /*LINTED*/ 646 (void) snprintf(lmsg, sizeof (lmsg), localize_msg(clilocale, 647 "NOTICE: Zone rebooting with arguments: %s"), boot_args); 648 lstr = lmsg; 649 break; 650 case Z_EVT_ZONE_UNINSTALLING: 651 str = "NOTICE: Zone is being uninstalled. Disconnecting..."; 652 break; 653 case Z_EVT_ZONE_BOOTFAILED: 654 str = "NOTICE: Zone boot failed"; 655 break; 656 case Z_EVT_ZONE_BADARGS: 657 /*LINTED*/ 658 (void) snprintf(lmsg, sizeof (lmsg), 659 localize_msg(clilocale, 660 "WARNING: Ignoring invalid boot arguments: %s"), 661 bad_boot_arg); 662 lstr = lmsg; 663 break; 664 default: 665 return; 666 } 667 668 if (lstr == NULL) 669 lstr = localize_msg(clilocale, str); 670 (void) snprintf(outbuf, sizeof (outbuf), "\r\n[%s]\r\n", lstr); 671 (void) write(clifd, outbuf, strlen(outbuf)); 672 } 673 674 /* 675 * Check to see if the client at the other end of the socket is still 676 * alive; we know it is not if it throws EPIPE at us when we try to write 677 * an otherwise harmless 0-length message to it. 678 */ 679 static int 680 test_client(int clifd) 681 { 682 if ((write(clifd, "", 0) == -1) && errno == EPIPE) 683 return (-1); 684 return (0); 685 } 686 687 /* 688 * This routine drives the console I/O loop. It polls for input from the 689 * master side of the console (output to the console), and from the client 690 * (input from the console user). Additionally, it polls on the server fd, 691 * and disconnects any clients that might try to hook up with the zone while 692 * the console is in use. 693 * 694 * When the client first calls us up, it is expected to send a line giving 695 * its "identity"; this consists of the string 'IDENT <pid> <locale>'. 696 * This is so that we can report that the console is busy along with 697 * some diagnostics about who has it busy; the locale is used so that 698 * asynchronous messages about zone state (like the NOTICE: zone halted 699 * messages) can be output in the user's locale. 700 */ 701 static void 702 do_console_io(zlog_t *zlogp, int consfd, int servfd) 703 { 704 struct pollfd pollfds[4]; 705 char ibuf[BUFSIZ]; 706 int cc, ret; 707 int clifd = -1; 708 int pollerr = 0; 709 char clilocale[MAXPATHLEN]; 710 pid_t clipid = 0; 711 712 /* console side, watch for read events */ 713 pollfds[0].fd = consfd; 714 pollfds[0].events = POLLIN | POLLRDNORM | POLLRDBAND | 715 POLLPRI | POLLERR | POLLHUP | POLLNVAL; 716 717 /* client side, watch for read events */ 718 pollfds[1].fd = clifd; 719 pollfds[1].events = pollfds[0].events; 720 721 /* the server socket; watch for events (new connections) */ 722 pollfds[2].fd = servfd; 723 pollfds[2].events = pollfds[0].events; 724 725 /* the eventstram; watch for events (e.g.: zone halted) */ 726 pollfds[3].fd = eventstream[1]; 727 pollfds[3].events = pollfds[0].events; 728 729 for (;;) { 730 pollfds[0].revents = pollfds[1].revents = 0; 731 pollfds[2].revents = pollfds[3].revents = 0; 732 733 ret = poll(pollfds, 734 sizeof (pollfds) / sizeof (struct pollfd), -1); 735 if (ret == -1 && errno != EINTR) { 736 zerror(zlogp, B_TRUE, "poll failed"); 737 /* we are hosed, close connection */ 738 break; 739 } 740 741 /* event from console side */ 742 if (pollfds[0].revents) { 743 if (pollfds[0].revents & 744 (POLLIN | POLLRDNORM | POLLRDBAND | POLLPRI)) { 745 errno = 0; 746 cc = read(consfd, ibuf, BUFSIZ); 747 if (cc <= 0 && (errno != EINTR) && 748 (errno != EAGAIN)) 749 break; 750 /* 751 * Lose I/O if no one is listening 752 */ 753 if (clifd != -1 && cc > 0) 754 (void) write(clifd, ibuf, cc); 755 } else { 756 pollerr = pollfds[0].revents; 757 zerror(zlogp, B_FALSE, 758 "closing connection with (console) " 759 "pollerr %d\n", pollerr); 760 break; 761 } 762 } 763 764 /* event from client side */ 765 if (pollfds[1].revents) { 766 if (pollfds[1].revents & 767 (POLLIN | POLLRDNORM | POLLRDBAND | POLLPRI)) { 768 errno = 0; 769 cc = read(clifd, ibuf, BUFSIZ); 770 if (cc <= 0 && (errno != EINTR) && 771 (errno != EAGAIN)) 772 break; 773 (void) write(consfd, ibuf, cc); 774 } else { 775 pollerr = pollfds[1].revents; 776 zerror(zlogp, B_FALSE, 777 "closing connection with (client) " 778 "pollerr %d\n", pollerr); 779 break; 780 } 781 } 782 783 /* event from server socket */ 784 if (pollfds[2].revents && 785 (pollfds[2].revents & (POLLIN | POLLRDNORM))) { 786 if (clifd != -1) { 787 /* 788 * Test the client to see if it is really 789 * still alive. If it has died but we 790 * haven't yet detected that, we might 791 * deny a legitimate connect attempt. If it 792 * is dead, we break out; once we tear down 793 * the old connection, the new connection 794 * will happen. 795 */ 796 if (test_client(clifd) == -1) { 797 break; 798 } 799 /* we're already handling a client */ 800 reject_client(servfd, clipid); 801 802 803 } else if ((clifd = accept_client(servfd, &clipid, 804 clilocale, sizeof (clilocale))) != -1) { 805 pollfds[1].fd = clifd; 806 807 } else { 808 break; 809 } 810 } 811 812 /* 813 * Watch for events on the eventstream. This is how we get 814 * notified of the zone halting, etc. It provides us a 815 * "wakeup" from poll when important things happen, which 816 * is good. 817 */ 818 if (pollfds[3].revents) { 819 int evt = eventstream_read(); 820 /* 821 * After we drain out the event, if we aren't servicing 822 * a console client, we hop back out to our caller, 823 * which will check to see if it is time to shutdown 824 * the daemon, or if we should take another console 825 * service lap. 826 */ 827 if (clifd == -1) { 828 break; 829 } 830 event_message(clifd, clilocale, evt); 831 /* 832 * Special handling for the message that the zone is 833 * uninstalling; we boot the client, then break out 834 * of this function. When we return to the 835 * serve_console loop, we will see that the zone is 836 * in a state < READY, and so zoneadmd will shutdown. 837 */ 838 if (evt == Z_EVT_ZONE_UNINSTALLING) { 839 break; 840 } 841 } 842 843 } 844 845 if (clifd != -1) { 846 (void) shutdown(clifd, SHUT_RDWR); 847 (void) close(clifd); 848 } 849 } 850 851 int 852 init_console(zlog_t *zlogp) 853 { 854 if (init_console_dev(zlogp) == -1) { 855 zerror(zlogp, B_FALSE, 856 "console setup: device initialization failed"); 857 return (-1); 858 } 859 860 if ((serverfd = init_console_sock(zlogp)) == -1) { 861 zerror(zlogp, B_FALSE, 862 "console setup: socket initialization failed"); 863 return (-1); 864 } 865 return (0); 866 } 867 868 /* 869 * serve_console() is the master loop for driving console I/O. It is also the 870 * routine which is ultimately responsible for "pulling the plug" on zoneadmd 871 * when it realizes that the daemon should shut down. 872 * 873 * The rules for shutdown are: there must be no console client, and the zone 874 * state must be < ready. However, we need to give things a chance to actually 875 * get going when the daemon starts up-- otherwise the daemon would immediately 876 * exit on startup if the zone was in the installed state, so we first drop 877 * into the do_console_io() loop in order to give *something* a chance to 878 * happen. 879 */ 880 void 881 serve_console(zlog_t *zlogp) 882 { 883 int masterfd; 884 zone_state_t zstate; 885 char conspath[MAXPATHLEN]; 886 887 (void) snprintf(conspath, sizeof (conspath), 888 "/dev/zcons/%s/%s", zone_name, ZCONS_MASTER_NAME); 889 890 for (;;) { 891 masterfd = open(conspath, O_RDWR|O_NONBLOCK|O_NOCTTY); 892 if (masterfd == -1) { 893 zerror(zlogp, B_TRUE, "failed to open console master"); 894 (void) mutex_lock(&lock); 895 goto death; 896 } 897 898 /* 899 * Setting RPROTDIS on the stream means that the control 900 * portion of messages received (which we don't care about) 901 * will be discarded by the stream head. If we allowed such 902 * messages, we wouldn't be able to use read(2), as it fails 903 * (EBADMSG) when a message with a control element is received. 904 */ 905 if (ioctl(masterfd, I_SRDOPT, RNORM|RPROTDIS) == -1) { 906 zerror(zlogp, B_TRUE, "failed to set options on " 907 "console master"); 908 (void) mutex_lock(&lock); 909 goto death; 910 } 911 912 do_console_io(zlogp, masterfd, serverfd); 913 914 /* 915 * We would prefer not to do this, but hostile zone processes 916 * can cause the stream to become tainted, and reads will 917 * fail. So, in case something has gone seriously ill, 918 * we dismantle the stream and reopen the console when we 919 * take another lap. 920 */ 921 (void) close(masterfd); 922 923 (void) mutex_lock(&lock); 924 /* 925 * We need to set death_throes (see below) atomically with 926 * respect to noticing that (a) we have no console client and 927 * (b) the zone is not installed. Otherwise we could get a 928 * request to boot during this time. Once we set death_throes, 929 * any incoming door stuff will be turned away. 930 */ 931 if (zone_get_state(zone_name, &zstate) == Z_OK) { 932 if (zstate < ZONE_STATE_READY) 933 goto death; 934 } else { 935 zerror(zlogp, B_FALSE, 936 "unable to determine state of zone"); 937 goto death; 938 } 939 /* 940 * Even if zone_get_state() fails, stay conservative, and 941 * take another lap. 942 */ 943 (void) mutex_unlock(&lock); 944 } 945 946 death: 947 assert(MUTEX_HELD(&lock)); 948 in_death_throes = B_TRUE; 949 (void) mutex_unlock(&lock); 950 951 destroy_console_sock(serverfd); 952 (void) destroy_console_devs(zlogp); 953 } 954