xref: /titanic_50/usr/src/cmd/svc/startd/fork.c (revision eedefb957fd12dc52be22145a83874a71050e784)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 /*
29  * fork.c - safe forking for svc.startd
30  *
31  * fork_configd() and fork_sulogin() are related, special cases that handle the
32  * spawning of specific client processes for svc.startd.
33  */
34 
35 #include <sys/contract/process.h>
36 #include <sys/corectl.h>
37 #include <sys/ctfs.h>
38 #include <sys/stat.h>
39 #include <sys/types.h>
40 #include <sys/uio.h>
41 #include <sys/wait.h>
42 #include <assert.h>
43 #include <errno.h>
44 #include <fcntl.h>
45 #include <libcontract.h>
46 #include <libcontract_priv.h>
47 #include <limits.h>
48 #include <port.h>
49 #include <signal.h>
50 #include <stdarg.h>
51 #include <stdio.h>
52 #include <stdlib.h>
53 #include <string.h>
54 #include <unistd.h>
55 #include <utmpx.h>
56 
57 #include "configd_exit.h"
58 #include "protocol.h"
59 #include "startd.h"
60 
61 static	struct	utmpx	*utmpp;	/* pointer for getutxent() */
62 
63 pid_t
64 startd_fork1(int *forkerr)
65 {
66 	pid_t p;
67 
68 	/*
69 	 * prefork stack
70 	 */
71 	wait_prefork();
72 
73 	p = fork1();
74 
75 	if (p == -1 && forkerr != NULL)
76 		*forkerr = errno;
77 
78 	/*
79 	 * postfork stack
80 	 */
81 	wait_postfork(p);
82 
83 	return (p);
84 }
85 
86 /*
87  * void fork_mount(char *, char *)
88  *   Run mount(1M) with the given options and mount point.  (mount(1M) has much
89  *   hidden knowledge; it's much less correct to reimplement that logic here to
90  *   save a fork(2)/exec(2) invocation.)
91  */
92 int
93 fork_mount(char *path, char *opts)
94 {
95 	pid_t pid;
96 	uint_t tries = 0;
97 	int status;
98 
99 	for (pid = fork1(); pid == -1; pid = fork1()) {
100 		if (++tries > MAX_MOUNT_RETRIES)
101 			return (-1);
102 
103 		(void) sleep(tries);
104 	}
105 
106 	if (pid != 0) {
107 		(void) waitpid(pid, &status, 0);
108 
109 		/*
110 		 * If our mount(1M) invocation exited by peculiar means, or with
111 		 * a non-zero status, our mount likelihood is low.
112 		 */
113 		if (!WIFEXITED(status) ||
114 		    WEXITSTATUS(status) != 0)
115 			return (-1);
116 
117 		return (0);
118 	}
119 
120 	(void) execl("/sbin/mount", "mount", "-o", opts, path, NULL);
121 
122 	return (-1);
123 }
124 
125 /*
126  * pid_t fork_common(...)
127  *   Common routine used by fork_sulogin and fork_configd to fork a
128  *   process in a contract with the provided terms.  Invokes
129  *   fork_sulogin (with its no-fork argument set) on errors.
130  */
131 static pid_t
132 fork_common(const char *name, int retries, ctid_t *ctidp,
133     uint_t inf, uint_t crit, uint_t fatal, uint_t param, uint64_t cookie)
134 {
135 	uint_t tries = 0;
136 	int ctfd, err;
137 	pid_t pid;
138 
139 	/*
140 	 * Establish process contract terms.
141 	 */
142 	if ((ctfd = open64(CTFS_ROOT "/process/template", O_RDWR)) == -1) {
143 		fork_sulogin(B_TRUE, "Could not open process contract template "
144 		    "for %s: %s\n", name, strerror(errno));
145 		/* NOTREACHED */
146 	}
147 
148 	err = ct_tmpl_set_critical(ctfd, crit);
149 	err |= ct_pr_tmpl_set_fatal(ctfd, fatal);
150 	err |= ct_tmpl_set_informative(ctfd, inf);
151 	err |= ct_pr_tmpl_set_param(ctfd, param);
152 	err |= ct_tmpl_set_cookie(ctfd, cookie);
153 	if (err) {
154 		(void) close(ctfd);
155 		fork_sulogin(B_TRUE, "Could not set %s process contract "
156 		    "terms\n", name);
157 		/* NOTREACHED */
158 	}
159 
160 	if (err = ct_tmpl_activate(ctfd)) {
161 		(void) close(ctfd);
162 		fork_sulogin(B_TRUE, "Could not activate %s process contract "
163 		    "template: %s\n", name, strerror(err));
164 		/* NOTREACHED */
165 	}
166 
167 	/*
168 	 * Attempt to fork "retries" times.
169 	 */
170 	for (pid = fork1(); pid == -1; pid = fork1()) {
171 		if (++tries > retries) {
172 			/*
173 			 * When we exit the sulogin session, init(1M)
174 			 * will restart svc.startd(1M).
175 			 */
176 			err = errno;
177 			(void) ct_tmpl_clear(ctfd);
178 			(void) close(ctfd);
179 			fork_sulogin(B_TRUE, "Could not fork to start %s: %s\n",
180 			    name, strerror(err));
181 			/* NOTREACHED */
182 		}
183 		(void) sleep(tries);
184 	}
185 
186 	/*
187 	 * Clean up, return pid and ctid.
188 	 */
189 	if (pid != 0 && (errno = contract_latest(ctidp)) != 0)
190 		uu_die("Could not get new contract id for %s\n", name);
191 	(void) ct_tmpl_clear(ctfd);
192 	(void) close(ctfd);
193 
194 	return (pid);
195 }
196 
197 /*
198  * void fork_sulogin(boolean_t, const char *, ...)
199  *   When we are invoked with the -s flag from boot (or run into an unfixable
200  *   situation), we run a private copy of sulogin.  When the sulogin session
201  *   is ended, we continue.  This is the last fallback action for system
202  *   maintenance.
203  *
204  *   If immediate is true, fork_sulogin() executes sulogin(1M) directly, without
205  *   forking.
206  *
207  *   Because fork_sulogin() is needed potentially before we daemonize, we leave
208  *   it outside the wait_register() framework.
209  */
210 /*PRINTFLIKE2*/
211 void
212 fork_sulogin(boolean_t immediate, const char *format, ...)
213 {
214 	va_list args;
215 	int fd_console;
216 
217 	(void) printf("Requesting System Maintenance Mode\n");
218 
219 	if (!booting_to_single_user)
220 		(void) printf("(See /lib/svc/share/README for more "
221 		    "information.)\n");
222 
223 	va_start(args, format);
224 	(void) vprintf(format, args);
225 	va_end(args);
226 
227 	if (!immediate) {
228 		ctid_t	ctid;
229 		pid_t	pid;
230 
231 		pid = fork_common("sulogin", MAX_SULOGIN_RETRIES, &ctid,
232 		    CT_PR_EV_HWERR, 0, CT_PR_EV_HWERR, CT_PR_PGRPONLY,
233 		    SULOGIN_COOKIE);
234 
235 		if (pid != 0) {
236 			(void) waitpid(pid, NULL, 0);
237 			contract_abandon(ctid);
238 			return;
239 		}
240 		/* close all inherited fds */
241 		closefrom(0);
242 	} else {
243 		(void) printf("Directly executing sulogin.\n");
244 		/*
245 		 * Can't call closefrom() in this MT section
246 		 * so safely close a minimum set of fds.
247 		 */
248 		(void) close(STDIN_FILENO);
249 		(void) close(STDOUT_FILENO);
250 		(void) close(STDERR_FILENO);
251 	}
252 
253 	(void) setpgrp();
254 
255 	/* open the console for sulogin */
256 	if ((fd_console = open("/dev/console", O_RDWR)) >= 0) {
257 		if (fd_console != STDIN_FILENO)
258 			while (dup2(fd_console, STDIN_FILENO) < 0 &&
259 			    errno == EINTR)
260 				;
261 		if (fd_console != STDOUT_FILENO)
262 			while (dup2(fd_console, STDOUT_FILENO) < 0 &&
263 			    errno == EINTR)
264 				;
265 		if (fd_console != STDERR_FILENO)
266 			while (dup2(fd_console, STDERR_FILENO) < 0 &&
267 			    errno == EINTR)
268 				;
269 		if (fd_console > STDERR_FILENO)
270 			(void) close(fd_console);
271 	}
272 
273 	setutxent();
274 	while ((utmpp = getutxent()) != NULL) {
275 		if (strcmp(utmpp->ut_user, "LOGIN") != 0) {
276 			if (strcmp(utmpp->ut_line, "console") == 0) {
277 				(void) kill(utmpp->ut_pid, 9);
278 				break;
279 			}
280 		}
281 	}
282 
283 	(void) execl("/sbin/sulogin", "sulogin", NULL);
284 
285 	uu_warn("Could not exec() sulogin");
286 
287 	exit(1);
288 }
289 
290 #define	CONFIGD_PATH	"/lib/svc/bin/svc.configd"
291 
292 /*
293  * void fork_configd(int status)
294  *   We are interested in exit events (since the parent's exiting means configd
295  *   is ready to run and since the child's exiting indicates an error case) and
296  *   in empty events.  This means we have a unique template for initiating
297  *   configd.
298  */
299 /*ARGSUSED*/
300 void
301 fork_configd(int exitstatus)
302 {
303 	pid_t pid;
304 	ctid_t ctid = -1;
305 	int err;
306 	char path[PATH_MAX];
307 
308 retry:
309 	log_framework(LOG_DEBUG, "fork_configd trying to start svc.configd\n");
310 
311 	/*
312 	 * If we're retrying, we will have an old contract lying around
313 	 * from the failure.  Since we're going to be creating a new
314 	 * contract shortly, we abandon the old one now.
315 	 */
316 	if (ctid != -1)
317 		contract_abandon(ctid);
318 	ctid = -1;
319 
320 	pid = fork_common("svc.configd", MAX_CONFIGD_RETRIES, &ctid,
321 	    0, CT_PR_EV_EXIT, 0, CT_PR_INHERIT | CT_PR_REGENT, CONFIGD_COOKIE);
322 
323 	if (pid != 0) {
324 		int exitstatus;
325 
326 		st->st_configd_pid = pid;
327 
328 		if (waitpid(pid, &exitstatus, 0) == -1) {
329 			fork_sulogin(B_FALSE, "waitpid on svc.configd "
330 			    "failed: %s\n", strerror(errno));
331 		} else if (WIFEXITED(exitstatus)) {
332 			char *errstr;
333 
334 			/*
335 			 * Examine exitstatus.  This will eventually get more
336 			 * complicated, as we will want to teach startd how to
337 			 * invoke configd with alternate repositories, etc.
338 			 *
339 			 * Note that exec(2) failure results in an exit status
340 			 * of 1, resulting in the default clause below.
341 			 */
342 
343 			/*
344 			 * Assign readable strings to cases we don't handle, or
345 			 * have error outcomes that cannot be eliminated.
346 			 */
347 			switch (WEXITSTATUS(exitstatus)) {
348 			case CONFIGD_EXIT_BAD_ARGS:
349 				errstr = "bad arguments";
350 				break;
351 
352 			case CONFIGD_EXIT_DATABASE_BAD:
353 				errstr = "database corrupt";
354 				break;
355 
356 			case CONFIGD_EXIT_DATABASE_LOCKED:
357 				errstr = "database locked";
358 				break;
359 			case CONFIGD_EXIT_INIT_FAILED:
360 				errstr = "initialization failure";
361 				break;
362 			case CONFIGD_EXIT_DOOR_INIT_FAILED:
363 				errstr = "door initialization failure";
364 				break;
365 			case CONFIGD_EXIT_DATABASE_INIT_FAILED:
366 				errstr = "database initialization failure";
367 				break;
368 			case CONFIGD_EXIT_NO_THREADS:
369 				errstr = "no threads available";
370 				break;
371 			case CONFIGD_EXIT_LOST_MAIN_DOOR:
372 				errstr = "lost door server attachment";
373 				break;
374 			case 1:
375 				errstr = "execution failure";
376 				break;
377 			default:
378 				errstr = "unknown error";
379 				break;
380 			}
381 
382 			/*
383 			 * Remedial actions for various configd failures.
384 			 */
385 			switch (WEXITSTATUS(exitstatus)) {
386 			case CONFIGD_EXIT_OKAY:
387 				break;
388 
389 			case CONFIGD_EXIT_DATABASE_LOCKED:
390 				/* attempt remount of / read-write */
391 				if (fs_is_read_only("/", NULL) == 1) {
392 					if (fs_remount("/") == -1)
393 						fork_sulogin(B_FALSE,
394 						    "remount of root "
395 						    "filesystem failed\n");
396 
397 					goto retry;
398 				}
399 				break;
400 
401 			default:
402 				fork_sulogin(B_FALSE, "svc.configd exited "
403 				    "with status %d (%s)\n",
404 				    WEXITSTATUS(exitstatus), errstr);
405 				goto retry;
406 			}
407 		} else if (WIFSIGNALED(exitstatus)) {
408 			char signame[SIG2STR_MAX];
409 
410 			if (sig2str(WTERMSIG(exitstatus), signame))
411 				(void) snprintf(signame, SIG2STR_MAX,
412 				    "signum %d", WTERMSIG(exitstatus));
413 
414 			fork_sulogin(B_FALSE, "svc.configd signalled:"
415 			    " %s\n", signame);
416 
417 			goto retry;
418 		} else {
419 			fork_sulogin(B_FALSE, "svc.configd non-exit "
420 			    "condition: 0x%x\n", exitstatus);
421 
422 			goto retry;
423 		}
424 
425 		/*
426 		 * Announce that we have a valid svc.configd status.
427 		 */
428 		MUTEX_LOCK(&st->st_configd_live_lock);
429 		st->st_configd_lives = 1;
430 		err = pthread_cond_broadcast(&st->st_configd_live_cv);
431 		assert(err == 0);
432 		MUTEX_UNLOCK(&st->st_configd_live_lock);
433 
434 		log_framework(LOG_DEBUG, "fork_configd broadcasts configd is "
435 		    "live\n");
436 		return;
437 	}
438 
439 	/*
440 	 * Set our per-process core file path to leave core files in
441 	 * /etc/svc/volatile directory, named after the PID to aid in debugging.
442 	 */
443 	(void) snprintf(path, sizeof (path),
444 	    "/etc/svc/volatile/core.configd.%%p");
445 
446 	(void) core_set_process_path(path, strlen(path) + 1, getpid());
447 
448 	log_framework(LOG_DEBUG, "executing svc.configd\n");
449 
450 	(void) execl(CONFIGD_PATH, CONFIGD_PATH, NULL);
451 
452 	/*
453 	 * Status code is used above to identify configd exec failure.
454 	 */
455 	exit(1);
456 }
457 
458 void *
459 fork_configd_thread(void *vctid)
460 {
461 	int fd, err;
462 	ctid_t configd_ctid = (ctid_t)vctid;
463 
464 	if (configd_ctid == -1) {
465 		log_framework(LOG_DEBUG,
466 		    "fork_configd_thread starting svc.configd\n");
467 		fork_configd(0);
468 	} else {
469 		/*
470 		 * configd_ctid is known:  we broadcast and continue.
471 		 * test contract for appropriate state by verifying that
472 		 * there is one or more processes within it?
473 		 */
474 		log_framework(LOG_DEBUG,
475 		    "fork_configd_thread accepting svc.configd with CTID %ld\n",
476 		    configd_ctid);
477 		MUTEX_LOCK(&st->st_configd_live_lock);
478 		st->st_configd_lives = 1;
479 		(void) pthread_cond_broadcast(&st->st_configd_live_cv);
480 		MUTEX_UNLOCK(&st->st_configd_live_lock);
481 	}
482 
483 	fd = open64(CTFS_ROOT "/process/pbundle", O_RDONLY);
484 	if (fd == -1)
485 		uu_die("process bundle open failed");
486 
487 	/*
488 	 * Make sure we get all events (including those generated by configd
489 	 * before this thread was started).
490 	 */
491 	err = ct_event_reset(fd);
492 	assert(err == 0);
493 
494 	for (;;) {
495 		int efd, sfd;
496 		ct_evthdl_t ev;
497 		uint32_t type;
498 		ctevid_t evid;
499 		ct_stathdl_t status;
500 		ctid_t ctid;
501 		uint64_t cookie;
502 		pid_t pid;
503 
504 		if (err = ct_event_read_critical(fd, &ev)) {
505 			assert(err != EINVAL && err != EAGAIN);
506 			log_error(LOG_WARNING,
507 			    "Error reading next contract event: %s",
508 			    strerror(err));
509 			continue;
510 		}
511 
512 		evid = ct_event_get_evid(ev);
513 		ctid = ct_event_get_ctid(ev);
514 		type = ct_event_get_type(ev);
515 
516 		/* Fetch cookie. */
517 		sfd = contract_open(ctid, "process", "status", O_RDONLY);
518 		if (sfd < 0) {
519 			ct_event_free(ev);
520 			continue;
521 		}
522 
523 		if (err = ct_status_read(sfd, CTD_COMMON, &status)) {
524 			log_framework(LOG_WARNING, "Could not get status for "
525 			    "contract %ld: %s\n", ctid, strerror(err));
526 
527 			ct_event_free(ev);
528 			startd_close(sfd);
529 			continue;
530 		}
531 
532 		cookie = ct_status_get_cookie(status);
533 
534 		ct_status_free(status);
535 
536 		startd_close(sfd);
537 
538 		/*
539 		 * Don't process events from contracts we aren't interested in.
540 		 */
541 		if (cookie != CONFIGD_COOKIE) {
542 			ct_event_free(ev);
543 			continue;
544 		}
545 
546 		if (type == CT_PR_EV_EXIT) {
547 			int exitstatus;
548 
549 			(void) ct_pr_event_get_pid(ev, &pid);
550 			(void) ct_pr_event_get_exitstatus(ev,
551 			    &exitstatus);
552 
553 			if (st->st_configd_pid != pid) {
554 				/*
555 				 * This is the child exiting, so we
556 				 * abandon the contract and restart
557 				 * configd.
558 				 */
559 				contract_abandon(ctid);
560 				fork_configd(exitstatus);
561 			}
562 		}
563 
564 		efd = contract_open(ctid, "process", "ctl", O_WRONLY);
565 		if (efd != -1) {
566 			(void) ct_ctl_ack(efd, evid);
567 			startd_close(efd);
568 		}
569 
570 		ct_event_free(ev);
571 
572 	}
573 
574 	/*NOTREACHED*/
575 	return (NULL);
576 }
577 
578 void
579 fork_rc_script(char rl, const char *arg, boolean_t wait)
580 {
581 	pid_t pid;
582 	int tmpl, err, stat;
583 	char path[20] = "/sbin/rc.", log[20] = "rc..log", timebuf[20];
584 	time_t now;
585 	struct tm ltime;
586 	size_t sz;
587 	char *pathenv;
588 	char **nenv;
589 
590 	path[8] = rl;
591 
592 	tmpl = open64(CTFS_ROOT "/process/template", O_RDWR);
593 	if (tmpl >= 0) {
594 		err = ct_tmpl_set_critical(tmpl, 0);
595 		assert(err == 0);
596 
597 		err = ct_tmpl_set_informative(tmpl, 0);
598 		assert(err == 0);
599 
600 		err = ct_pr_tmpl_set_fatal(tmpl, 0);
601 		assert(err == 0);
602 
603 		err = ct_tmpl_activate(tmpl);
604 		assert(err == 0);
605 
606 		err = close(tmpl);
607 		assert(err == 0);
608 	} else {
609 		uu_warn("Could not create contract template for %s.\n", path);
610 	}
611 
612 	pid = startd_fork1(NULL);
613 	if (pid < 0) {
614 		return;
615 	} else if (pid != 0) {
616 		/* parent */
617 		if (wait) {
618 			do
619 				err = waitpid(pid, &stat, 0);
620 			while (err != 0 && errno == EINTR)
621 				;
622 
623 			if (!WIFEXITED(stat)) {
624 				log_framework(LOG_INFO,
625 				    "%s terminated with waitpid() status %d.\n",
626 				    path, stat);
627 			} else if (WEXITSTATUS(stat) != 0) {
628 				log_framework(LOG_INFO,
629 				    "%s failed with status %d.\n", path,
630 				    WEXITSTATUS(stat));
631 			}
632 		}
633 
634 		return;
635 	}
636 
637 	/* child */
638 
639 	log[2] = rl;
640 
641 	setlog(log);
642 
643 	now = time(NULL);
644 	sz = strftime(timebuf, sizeof (timebuf), "%b %e %T",
645 	    localtime_r(&now, &ltime));
646 	assert(sz != 0);
647 
648 	(void) fprintf(stderr, "%s Executing %s %s\n", timebuf, path, arg);
649 
650 	if (rl == 'S')
651 		pathenv = "PATH=/sbin:/usr/sbin:/usr/bin";
652 	else
653 		pathenv = "PATH=/usr/sbin:/usr/bin";
654 
655 	nenv = set_smf_env(NULL, 0, pathenv, NULL, NULL);
656 
657 	(void) execle(path, path, arg, 0, nenv);
658 
659 	perror("exec");
660 	exit(0);
661 }
662