xref: /titanic_52/usr/src/cmd/svc/startd/fork.c (revision 5c59319b8761ccd4b952eec8d5caecf298024607)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * fork.c - safe forking for svc.startd
28  *
29  * fork_configd() and fork_sulogin() are related, special cases that handle the
30  * spawning of specific client processes for svc.startd.
31  */
32 
33 #include <sys/contract/process.h>
34 #include <sys/corectl.h>
35 #include <sys/ctfs.h>
36 #include <sys/stat.h>
37 #include <sys/types.h>
38 #include <sys/uio.h>
39 #include <sys/wait.h>
40 #include <assert.h>
41 #include <errno.h>
42 #include <fcntl.h>
43 #include <libcontract.h>
44 #include <libcontract_priv.h>
45 #include <libscf_priv.h>
46 #include <limits.h>
47 #include <port.h>
48 #include <signal.h>
49 #include <stdarg.h>
50 #include <stdio.h>
51 #include <stdlib.h>
52 #include <string.h>
53 #include <unistd.h>
54 #include <utmpx.h>
55 
56 #include "configd_exit.h"
57 #include "protocol.h"
58 #include "startd.h"
59 
60 static	struct	utmpx	*utmpp;	/* pointer for getutxent() */
61 
62 pid_t
63 startd_fork1(int *forkerr)
64 {
65 	pid_t p;
66 
67 	/*
68 	 * prefork stack
69 	 */
70 	wait_prefork();
71 
72 	p = fork1();
73 
74 	if (p == -1 && forkerr != NULL)
75 		*forkerr = errno;
76 
77 	/*
78 	 * postfork stack
79 	 */
80 	wait_postfork(p);
81 
82 	return (p);
83 }
84 
85 /*
86  * void fork_mount(char *, char *)
87  *   Run mount(1M) with the given options and mount point.  (mount(1M) has much
88  *   hidden knowledge; it's much less correct to reimplement that logic here to
89  *   save a fork(2)/exec(2) invocation.)
90  */
91 int
92 fork_mount(char *path, char *opts)
93 {
94 	pid_t pid;
95 	uint_t tries = 0;
96 	int status;
97 
98 	for (pid = fork1(); pid == -1; pid = fork1()) {
99 		if (++tries > MAX_MOUNT_RETRIES)
100 			return (-1);
101 
102 		(void) sleep(tries);
103 	}
104 
105 	if (pid != 0) {
106 		(void) waitpid(pid, &status, 0);
107 
108 		/*
109 		 * If our mount(1M) invocation exited by peculiar means, or with
110 		 * a non-zero status, our mount likelihood is low.
111 		 */
112 		if (!WIFEXITED(status) ||
113 		    WEXITSTATUS(status) != 0)
114 			return (-1);
115 
116 		return (0);
117 	}
118 
119 	(void) execl("/sbin/mount", "mount", "-o", opts, path, NULL);
120 
121 	return (-1);
122 }
123 
124 /*
125  * pid_t fork_common(...)
126  *   Common routine used by fork_sulogin and fork_configd to fork a
127  *   process in a contract with the provided terms.  Invokes
128  *   fork_sulogin (with its no-fork argument set) on errors.
129  */
130 static pid_t
131 fork_common(const char *name, const char *svc_fmri, int retries, ctid_t *ctidp,
132     uint_t inf, uint_t crit, uint_t fatal, uint_t param, uint64_t cookie)
133 {
134 	uint_t tries = 0;
135 	int ctfd, err;
136 	pid_t pid;
137 
138 	/*
139 	 * Establish process contract terms.
140 	 */
141 	if ((ctfd = open64(CTFS_ROOT "/process/template", O_RDWR)) == -1) {
142 		fork_sulogin(B_TRUE, "Could not open process contract template "
143 		    "for %s: %s\n", name, strerror(errno));
144 		/* NOTREACHED */
145 	}
146 
147 	err = ct_tmpl_set_critical(ctfd, crit);
148 	err |= ct_pr_tmpl_set_fatal(ctfd, fatal);
149 	err |= ct_tmpl_set_informative(ctfd, inf);
150 	err |= ct_pr_tmpl_set_param(ctfd, param);
151 	err |= ct_tmpl_set_cookie(ctfd, cookie);
152 	err |= ct_pr_tmpl_set_svc_fmri(ctfd, svc_fmri);
153 	err |= ct_pr_tmpl_set_svc_aux(ctfd, name);
154 	if (err) {
155 		(void) close(ctfd);
156 		fork_sulogin(B_TRUE, "Could not set %s process contract "
157 		    "terms\n", name);
158 		/* NOTREACHED */
159 	}
160 
161 	if (err = ct_tmpl_activate(ctfd)) {
162 		(void) close(ctfd);
163 		fork_sulogin(B_TRUE, "Could not activate %s process contract "
164 		    "template: %s\n", name, strerror(err));
165 		/* NOTREACHED */
166 	}
167 
168 	/*
169 	 * Attempt to fork "retries" times.
170 	 */
171 	for (pid = fork1(); pid == -1; pid = fork1()) {
172 		if (++tries > retries) {
173 			/*
174 			 * When we exit the sulogin session, init(1M)
175 			 * will restart svc.startd(1M).
176 			 */
177 			err = errno;
178 			(void) ct_tmpl_clear(ctfd);
179 			(void) close(ctfd);
180 			fork_sulogin(B_TRUE, "Could not fork to start %s: %s\n",
181 			    name, strerror(err));
182 			/* NOTREACHED */
183 		}
184 		(void) sleep(tries);
185 	}
186 
187 	/*
188 	 * Clean up, return pid and ctid.
189 	 */
190 	if (pid != 0 && (errno = contract_latest(ctidp)) != 0)
191 		uu_die("Could not get new contract id for %s\n", name);
192 	(void) ct_tmpl_clear(ctfd);
193 	(void) close(ctfd);
194 
195 	return (pid);
196 }
197 
198 /*
199  * void fork_sulogin(boolean_t, const char *, ...)
200  *   When we are invoked with the -s flag from boot (or run into an unfixable
201  *   situation), we run a private copy of sulogin.  When the sulogin session
202  *   is ended, we continue.  This is the last fallback action for system
203  *   maintenance.
204  *
205  *   If immediate is true, fork_sulogin() executes sulogin(1M) directly, without
206  *   forking.
207  *
208  *   Because fork_sulogin() is needed potentially before we daemonize, we leave
209  *   it outside the wait_register() framework.
210  */
211 /*PRINTFLIKE2*/
212 void
213 fork_sulogin(boolean_t immediate, const char *format, ...)
214 {
215 	va_list args;
216 	int fd_console;
217 
218 	(void) printf("Requesting System Maintenance Mode\n");
219 
220 	if (!booting_to_single_user)
221 		(void) printf("(See /lib/svc/share/README for more "
222 		    "information.)\n");
223 
224 	va_start(args, format);
225 	(void) vprintf(format, args);
226 	va_end(args);
227 
228 	if (!immediate) {
229 		ctid_t	ctid;
230 		pid_t	pid;
231 
232 		pid = fork_common("sulogin", SVC_SULOGIN_FMRI,
233 		    MAX_SULOGIN_RETRIES, &ctid, CT_PR_EV_HWERR, 0,
234 		    CT_PR_EV_HWERR, CT_PR_PGRPONLY, SULOGIN_COOKIE);
235 
236 		if (pid != 0) {
237 			(void) waitpid(pid, NULL, 0);
238 			contract_abandon(ctid);
239 			return;
240 		}
241 		/* close all inherited fds */
242 		closefrom(0);
243 	} else {
244 		(void) printf("Directly executing sulogin.\n");
245 		/*
246 		 * Can't call closefrom() in this MT section
247 		 * so safely close a minimum set of fds.
248 		 */
249 		(void) close(STDIN_FILENO);
250 		(void) close(STDOUT_FILENO);
251 		(void) close(STDERR_FILENO);
252 	}
253 
254 	(void) setpgrp();
255 
256 	/* open the console for sulogin */
257 	if ((fd_console = open("/dev/console", O_RDWR)) >= 0) {
258 		if (fd_console != STDIN_FILENO)
259 			while (dup2(fd_console, STDIN_FILENO) < 0 &&
260 			    errno == EINTR)
261 				;
262 		if (fd_console != STDOUT_FILENO)
263 			while (dup2(fd_console, STDOUT_FILENO) < 0 &&
264 			    errno == EINTR)
265 				;
266 		if (fd_console != STDERR_FILENO)
267 			while (dup2(fd_console, STDERR_FILENO) < 0 &&
268 			    errno == EINTR)
269 				;
270 		if (fd_console > STDERR_FILENO)
271 			(void) close(fd_console);
272 	}
273 
274 	setutxent();
275 	while ((utmpp = getutxent()) != NULL) {
276 		if (strcmp(utmpp->ut_user, "LOGIN") != 0) {
277 			if (strcmp(utmpp->ut_line, "console") == 0) {
278 				(void) kill(utmpp->ut_pid, 9);
279 				break;
280 			}
281 		}
282 	}
283 
284 	(void) execl("/sbin/sulogin", "sulogin", NULL);
285 
286 	uu_warn("Could not exec() sulogin");
287 
288 	exit(1);
289 }
290 
291 #define	CONFIGD_PATH	"/lib/svc/bin/svc.configd"
292 
293 /*
294  * void fork_configd(int status)
295  *   We are interested in exit events (since the parent's exiting means configd
296  *   is ready to run and since the child's exiting indicates an error case) and
297  *   in empty events.  This means we have a unique template for initiating
298  *   configd.
299  */
300 void
301 fork_configd(int exitstatus)
302 {
303 	pid_t pid;
304 	ctid_t ctid = -1;
305 	int err;
306 	char path[PATH_MAX];
307 
308 	/*
309 	 * Checking the existatus for the potential failure of the
310 	 * daemonized svc.configd.  If this is not the first time
311 	 * through, but a call from the svc.configd monitoring thread
312 	 * after a failure this is the status that is expected.  Other
313 	 * failures are exposed during initialization or are fixed
314 	 * by a restart (e.g door closings).
315 	 *
316 	 * If this is on-disk database corruption it will also be
317 	 * caught by a restart but could be cleared before the restart.
318 	 *
319 	 * Or this could be internal database corruption due to a
320 	 * rogue service that needs to be cleared before restart.
321 	 */
322 	if (WEXITSTATUS(exitstatus) == CONFIGD_EXIT_DATABASE_BAD) {
323 		fork_sulogin(B_FALSE, "svc.configd exited with database "
324 		    "corrupt error after initialization of the repository\n");
325 	}
326 
327 retry:
328 	log_framework(LOG_DEBUG, "fork_configd trying to start svc.configd\n");
329 
330 	/*
331 	 * If we're retrying, we will have an old contract lying around
332 	 * from the failure.  Since we're going to be creating a new
333 	 * contract shortly, we abandon the old one now.
334 	 */
335 	if (ctid != -1)
336 		contract_abandon(ctid);
337 	ctid = -1;
338 
339 	pid = fork_common("svc.configd", SCF_SERVICE_CONFIGD,
340 	    MAX_CONFIGD_RETRIES, &ctid, 0, CT_PR_EV_EXIT, 0,
341 	    CT_PR_INHERIT | CT_PR_REGENT, CONFIGD_COOKIE);
342 
343 	if (pid != 0) {
344 		int exitstatus;
345 
346 		st->st_configd_pid = pid;
347 
348 		if (waitpid(pid, &exitstatus, 0) == -1) {
349 			fork_sulogin(B_FALSE, "waitpid on svc.configd "
350 			    "failed: %s\n", strerror(errno));
351 		} else if (WIFEXITED(exitstatus)) {
352 			char *errstr;
353 
354 			/*
355 			 * Examine exitstatus.  This will eventually get more
356 			 * complicated, as we will want to teach startd how to
357 			 * invoke configd with alternate repositories, etc.
358 			 *
359 			 * Note that exec(2) failure results in an exit status
360 			 * of 1, resulting in the default clause below.
361 			 */
362 
363 			/*
364 			 * Assign readable strings to cases we don't handle, or
365 			 * have error outcomes that cannot be eliminated.
366 			 */
367 			switch (WEXITSTATUS(exitstatus)) {
368 			case CONFIGD_EXIT_BAD_ARGS:
369 				errstr = "bad arguments";
370 				break;
371 
372 			case CONFIGD_EXIT_DATABASE_BAD:
373 				errstr = "database corrupt";
374 				break;
375 
376 			case CONFIGD_EXIT_DATABASE_LOCKED:
377 				errstr = "database locked";
378 				break;
379 			case CONFIGD_EXIT_INIT_FAILED:
380 				errstr = "initialization failure";
381 				break;
382 			case CONFIGD_EXIT_DOOR_INIT_FAILED:
383 				errstr = "door initialization failure";
384 				break;
385 			case CONFIGD_EXIT_DATABASE_INIT_FAILED:
386 				errstr = "database initialization failure";
387 				break;
388 			case CONFIGD_EXIT_NO_THREADS:
389 				errstr = "no threads available";
390 				break;
391 			case CONFIGD_EXIT_LOST_MAIN_DOOR:
392 				errstr = "lost door server attachment";
393 				break;
394 			case 1:
395 				errstr = "execution failure";
396 				break;
397 			default:
398 				errstr = "unknown error";
399 				break;
400 			}
401 
402 			/*
403 			 * Remedial actions for various configd failures.
404 			 */
405 			switch (WEXITSTATUS(exitstatus)) {
406 			case CONFIGD_EXIT_OKAY:
407 				break;
408 
409 			case CONFIGD_EXIT_DATABASE_LOCKED:
410 				/* attempt remount of / read-write */
411 				if (fs_is_read_only("/", NULL) == 1) {
412 					if (fs_remount("/") == -1)
413 						fork_sulogin(B_FALSE,
414 						    "remount of root "
415 						    "filesystem failed\n");
416 
417 					goto retry;
418 				}
419 				break;
420 
421 			default:
422 				fork_sulogin(B_FALSE, "svc.configd exited "
423 				    "with status %d (%s)\n",
424 				    WEXITSTATUS(exitstatus), errstr);
425 				goto retry;
426 			}
427 		} else if (WIFSIGNALED(exitstatus)) {
428 			char signame[SIG2STR_MAX];
429 
430 			if (sig2str(WTERMSIG(exitstatus), signame))
431 				(void) snprintf(signame, SIG2STR_MAX,
432 				    "signum %d", WTERMSIG(exitstatus));
433 
434 			fork_sulogin(B_FALSE, "svc.configd signalled:"
435 			    " %s\n", signame);
436 
437 			goto retry;
438 		} else {
439 			fork_sulogin(B_FALSE, "svc.configd non-exit "
440 			    "condition: 0x%x\n", exitstatus);
441 
442 			goto retry;
443 		}
444 
445 		/*
446 		 * Announce that we have a valid svc.configd status.
447 		 */
448 		MUTEX_LOCK(&st->st_configd_live_lock);
449 		st->st_configd_lives = 1;
450 		err = pthread_cond_broadcast(&st->st_configd_live_cv);
451 		assert(err == 0);
452 		MUTEX_UNLOCK(&st->st_configd_live_lock);
453 
454 		log_framework(LOG_DEBUG, "fork_configd broadcasts configd is "
455 		    "live\n");
456 		return;
457 	}
458 
459 	/*
460 	 * Set our per-process core file path to leave core files in
461 	 * /etc/svc/volatile directory, named after the PID to aid in debugging.
462 	 */
463 	(void) snprintf(path, sizeof (path),
464 	    "/etc/svc/volatile/core.configd.%%p");
465 
466 	(void) core_set_process_path(path, strlen(path) + 1, getpid());
467 
468 	log_framework(LOG_DEBUG, "executing svc.configd\n");
469 
470 	(void) execl(CONFIGD_PATH, CONFIGD_PATH, NULL);
471 
472 	/*
473 	 * Status code is used above to identify configd exec failure.
474 	 */
475 	exit(1);
476 }
477 
478 void *
479 fork_configd_thread(void *vctid)
480 {
481 	int fd, err;
482 	ctid_t configd_ctid = (ctid_t)vctid;
483 
484 	if (configd_ctid == -1) {
485 		log_framework(LOG_DEBUG,
486 		    "fork_configd_thread starting svc.configd\n");
487 		fork_configd(0);
488 	} else {
489 		/*
490 		 * configd_ctid is known:  we broadcast and continue.
491 		 * test contract for appropriate state by verifying that
492 		 * there is one or more processes within it?
493 		 */
494 		log_framework(LOG_DEBUG,
495 		    "fork_configd_thread accepting svc.configd with CTID %ld\n",
496 		    configd_ctid);
497 		MUTEX_LOCK(&st->st_configd_live_lock);
498 		st->st_configd_lives = 1;
499 		(void) pthread_cond_broadcast(&st->st_configd_live_cv);
500 		MUTEX_UNLOCK(&st->st_configd_live_lock);
501 	}
502 
503 	fd = open64(CTFS_ROOT "/process/pbundle", O_RDONLY);
504 	if (fd == -1)
505 		uu_die("process bundle open failed");
506 
507 	/*
508 	 * Make sure we get all events (including those generated by configd
509 	 * before this thread was started).
510 	 */
511 	err = ct_event_reset(fd);
512 	assert(err == 0);
513 
514 	for (;;) {
515 		int efd, sfd;
516 		ct_evthdl_t ev;
517 		uint32_t type;
518 		ctevid_t evid;
519 		ct_stathdl_t status;
520 		ctid_t ctid;
521 		uint64_t cookie;
522 		pid_t pid;
523 
524 		if (err = ct_event_read_critical(fd, &ev)) {
525 			assert(err != EINVAL && err != EAGAIN);
526 			log_error(LOG_WARNING,
527 			    "Error reading next contract event: %s",
528 			    strerror(err));
529 			continue;
530 		}
531 
532 		evid = ct_event_get_evid(ev);
533 		ctid = ct_event_get_ctid(ev);
534 		type = ct_event_get_type(ev);
535 
536 		/* Fetch cookie. */
537 		sfd = contract_open(ctid, "process", "status", O_RDONLY);
538 		if (sfd < 0) {
539 			ct_event_free(ev);
540 			continue;
541 		}
542 
543 		if (err = ct_status_read(sfd, CTD_COMMON, &status)) {
544 			log_framework(LOG_WARNING, "Could not get status for "
545 			    "contract %ld: %s\n", ctid, strerror(err));
546 
547 			ct_event_free(ev);
548 			startd_close(sfd);
549 			continue;
550 		}
551 
552 		cookie = ct_status_get_cookie(status);
553 
554 		ct_status_free(status);
555 
556 		startd_close(sfd);
557 
558 		/*
559 		 * Don't process events from contracts we aren't interested in.
560 		 */
561 		if (cookie != CONFIGD_COOKIE) {
562 			ct_event_free(ev);
563 			continue;
564 		}
565 
566 		if (type == CT_PR_EV_EXIT) {
567 			int exitstatus;
568 
569 			(void) ct_pr_event_get_pid(ev, &pid);
570 			(void) ct_pr_event_get_exitstatus(ev,
571 			    &exitstatus);
572 
573 			if (st->st_configd_pid != pid) {
574 				/*
575 				 * This is the child exiting, so we
576 				 * abandon the contract and restart
577 				 * configd.
578 				 */
579 				contract_abandon(ctid);
580 				fork_configd(exitstatus);
581 			}
582 		}
583 
584 		efd = contract_open(ctid, "process", "ctl", O_WRONLY);
585 		if (efd != -1) {
586 			(void) ct_ctl_ack(efd, evid);
587 			startd_close(efd);
588 		}
589 
590 		ct_event_free(ev);
591 
592 	}
593 
594 	/*NOTREACHED*/
595 	return (NULL);
596 }
597 
598 void
599 fork_rc_script(char rl, const char *arg, boolean_t wait)
600 {
601 	pid_t pid;
602 	int tmpl, err, stat;
603 	char path[20] = "/sbin/rc.", log[20] = "rc..log", timebuf[20];
604 	time_t now;
605 	struct tm ltime;
606 	size_t sz;
607 	char *pathenv;
608 	char **nenv;
609 
610 	path[8] = rl;
611 
612 	tmpl = open64(CTFS_ROOT "/process/template", O_RDWR);
613 	if (tmpl >= 0) {
614 		err = ct_tmpl_set_critical(tmpl, 0);
615 		assert(err == 0);
616 
617 		err = ct_tmpl_set_informative(tmpl, 0);
618 		assert(err == 0);
619 
620 		err = ct_pr_tmpl_set_fatal(tmpl, 0);
621 		assert(err == 0);
622 
623 		err = ct_tmpl_activate(tmpl);
624 		assert(err == 0);
625 
626 		err = close(tmpl);
627 		assert(err == 0);
628 	} else {
629 		uu_warn("Could not create contract template for %s.\n", path);
630 	}
631 
632 	pid = startd_fork1(NULL);
633 	if (pid < 0) {
634 		return;
635 	} else if (pid != 0) {
636 		/* parent */
637 		if (wait) {
638 			do
639 				err = waitpid(pid, &stat, 0);
640 			while (err != 0 && errno == EINTR)
641 				;
642 
643 			if (!WIFEXITED(stat)) {
644 				log_framework(LOG_INFO,
645 				    "%s terminated with waitpid() status %d.\n",
646 				    path, stat);
647 			} else if (WEXITSTATUS(stat) != 0) {
648 				log_framework(LOG_INFO,
649 				    "%s failed with status %d.\n", path,
650 				    WEXITSTATUS(stat));
651 			}
652 		}
653 
654 		return;
655 	}
656 
657 	/* child */
658 
659 	log[2] = rl;
660 
661 	setlog(log);
662 
663 	now = time(NULL);
664 	sz = strftime(timebuf, sizeof (timebuf), "%b %e %T",
665 	    localtime_r(&now, &ltime));
666 	assert(sz != 0);
667 
668 	(void) fprintf(stderr, "%s Executing %s %s\n", timebuf, path, arg);
669 
670 	if (rl == 'S')
671 		pathenv = "PATH=/sbin:/usr/sbin:/usr/bin";
672 	else
673 		pathenv = "PATH=/usr/sbin:/usr/bin";
674 
675 	nenv = set_smf_env(NULL, 0, pathenv, NULL, NULL);
676 
677 	(void) execle(path, path, arg, 0, nenv);
678 
679 	perror("exec");
680 	exit(0);
681 }
682