1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 /*
27 * fork.c - safe forking for svc.startd
28 *
29 * fork_configd() and fork_sulogin() are related, special cases that handle the
30 * spawning of specific client processes for svc.startd.
31 */
32
33 #include <sys/contract/process.h>
34 #include <sys/corectl.h>
35 #include <sys/ctfs.h>
36 #include <sys/stat.h>
37 #include <sys/types.h>
38 #include <sys/uio.h>
39 #include <sys/wait.h>
40 #include <assert.h>
41 #include <errno.h>
42 #include <fcntl.h>
43 #include <libcontract.h>
44 #include <libcontract_priv.h>
45 #include <libscf_priv.h>
46 #include <limits.h>
47 #include <port.h>
48 #include <signal.h>
49 #include <stdarg.h>
50 #include <stdio.h>
51 #include <stdlib.h>
52 #include <string.h>
53 #include <unistd.h>
54 #include <utmpx.h>
55
56 #include "configd_exit.h"
57 #include "protocol.h"
58 #include "startd.h"
59
60 static struct utmpx *utmpp; /* pointer for getutxent() */
61
62 pid_t
63 startd_fork1(int *forkerr)
64 {
65 pid_t p;
66
67 /*
68 * prefork stack
69 */
70 wait_prefork();
71
72 p = fork1();
73
74 if (p == -1 && forkerr != NULL)
75 *forkerr = errno;
76
77 /*
78 * postfork stack
79 */
80 wait_postfork(p);
81
82 return (p);
83 }
84
85 /*
86 * void fork_mount(char *, char *)
87 * Run mount(1M) with the given options and mount point. (mount(1M) has much
88 * hidden knowledge; it's much less correct to reimplement that logic here to
89 * save a fork(2)/exec(2) invocation.)
90 */
91 int
92 fork_mount(char *path, char *opts)
93 {
94 pid_t pid;
95 uint_t tries = 0;
96 int status;
97
98 for (pid = fork1(); pid == -1; pid = fork1()) {
99 if (++tries > MAX_MOUNT_RETRIES)
100 return (-1);
101
102 (void) sleep(tries);
103 }
104
105 if (pid != 0) {
106 (void) waitpid(pid, &status, 0);
107
108 /*
109 * If our mount(1M) invocation exited by peculiar means, or with
110 * a non-zero status, our mount likelihood is low.
111 */
112 if (!WIFEXITED(status) ||
113 WEXITSTATUS(status) != 0)
114 return (-1);
115
116 return (0);
117 }
118
119 (void) execl("/sbin/mount", "mount", "-o", opts, path, NULL);
120
121 return (-1);
122 }
123
124 /*
125 * pid_t fork_common(...)
126 * Common routine used by fork_sulogin and fork_configd to fork a
127 * process in a contract with the provided terms. Invokes
128 * fork_sulogin (with its no-fork argument set) on errors.
129 */
130 static pid_t
131 fork_common(const char *name, const char *svc_fmri, int retries, ctid_t *ctidp,
132 uint_t inf, uint_t crit, uint_t fatal, uint_t param, uint64_t cookie)
133 {
134 uint_t tries = 0;
135 int ctfd, err;
136 pid_t pid;
137
138 /*
139 * Establish process contract terms.
140 */
141 if ((ctfd = open64(CTFS_ROOT "/process/template", O_RDWR)) == -1) {
142 fork_sulogin(B_TRUE, "Could not open process contract template "
143 "for %s: %s\n", name, strerror(errno));
144 /* NOTREACHED */
145 }
146
147 err = ct_tmpl_set_critical(ctfd, crit);
148 err |= ct_pr_tmpl_set_fatal(ctfd, fatal);
149 err |= ct_tmpl_set_informative(ctfd, inf);
150 err |= ct_pr_tmpl_set_param(ctfd, param);
151 err |= ct_tmpl_set_cookie(ctfd, cookie);
152 err |= ct_pr_tmpl_set_svc_fmri(ctfd, svc_fmri);
153 err |= ct_pr_tmpl_set_svc_aux(ctfd, name);
154 if (err) {
155 (void) close(ctfd);
156 fork_sulogin(B_TRUE, "Could not set %s process contract "
157 "terms\n", name);
158 /* NOTREACHED */
159 }
160
161 if (err = ct_tmpl_activate(ctfd)) {
162 (void) close(ctfd);
163 fork_sulogin(B_TRUE, "Could not activate %s process contract "
164 "template: %s\n", name, strerror(err));
165 /* NOTREACHED */
166 }
167
168 /*
169 * Attempt to fork "retries" times.
170 */
171 for (pid = fork1(); pid == -1; pid = fork1()) {
172 if (++tries > retries) {
173 /*
174 * When we exit the sulogin session, init(1M)
175 * will restart svc.startd(1M).
176 */
177 err = errno;
178 (void) ct_tmpl_clear(ctfd);
179 (void) close(ctfd);
180 fork_sulogin(B_TRUE, "Could not fork to start %s: %s\n",
181 name, strerror(err));
182 /* NOTREACHED */
183 }
184 (void) sleep(tries);
185 }
186
187 /*
188 * Clean up, return pid and ctid.
189 */
190 if (pid != 0 && (errno = contract_latest(ctidp)) != 0)
191 uu_die("Could not get new contract id for %s\n", name);
192 (void) ct_tmpl_clear(ctfd);
193 (void) close(ctfd);
194
195 return (pid);
196 }
197
198 /*
199 * void fork_sulogin(boolean_t, const char *, ...)
200 * When we are invoked with the -s flag from boot (or run into an unfixable
201 * situation), we run a private copy of sulogin. When the sulogin session
202 * is ended, we continue. This is the last fallback action for system
203 * maintenance.
204 *
205 * If immediate is true, fork_sulogin() executes sulogin(1M) directly, without
206 * forking.
207 *
208 * Because fork_sulogin() is needed potentially before we daemonize, we leave
209 * it outside the wait_register() framework.
210 */
211 /*PRINTFLIKE2*/
212 void
213 fork_sulogin(boolean_t immediate, const char *format, ...)
214 {
215 va_list args;
216 int fd_console;
217
218 (void) printf("Requesting System Maintenance Mode\n");
219
220 if (!booting_to_single_user)
221 (void) printf("(See /lib/svc/share/README for more "
222 "information.)\n");
223
224 va_start(args, format);
225 (void) vprintf(format, args);
226 va_end(args);
227
228 if (!immediate) {
229 ctid_t ctid;
230 pid_t pid;
231
232 pid = fork_common("sulogin", SVC_SULOGIN_FMRI,
233 MAX_SULOGIN_RETRIES, &ctid, CT_PR_EV_HWERR, 0,
234 CT_PR_EV_HWERR, CT_PR_PGRPONLY, SULOGIN_COOKIE);
235
236 if (pid != 0) {
237 (void) waitpid(pid, NULL, 0);
238 contract_abandon(ctid);
239 return;
240 }
241 /* close all inherited fds */
242 closefrom(0);
243 } else {
244 (void) printf("Directly executing sulogin.\n");
245 /*
246 * Can't call closefrom() in this MT section
247 * so safely close a minimum set of fds.
248 */
249 (void) close(STDIN_FILENO);
250 (void) close(STDOUT_FILENO);
251 (void) close(STDERR_FILENO);
252 }
253
254 (void) setpgrp();
255
256 /* open the console for sulogin */
257 if ((fd_console = open("/dev/console", O_RDWR)) >= 0) {
258 if (fd_console != STDIN_FILENO)
259 while (dup2(fd_console, STDIN_FILENO) < 0 &&
260 errno == EINTR)
261 ;
262 if (fd_console != STDOUT_FILENO)
263 while (dup2(fd_console, STDOUT_FILENO) < 0 &&
264 errno == EINTR)
265 ;
266 if (fd_console != STDERR_FILENO)
267 while (dup2(fd_console, STDERR_FILENO) < 0 &&
268 errno == EINTR)
269 ;
270 if (fd_console > STDERR_FILENO)
271 (void) close(fd_console);
272 }
273
274 setutxent();
275 while ((utmpp = getutxent()) != NULL) {
276 if (strcmp(utmpp->ut_user, "LOGIN") != 0) {
277 if (strcmp(utmpp->ut_line, "console") == 0) {
278 (void) kill(utmpp->ut_pid, 9);
279 break;
280 }
281 }
282 }
283
284 (void) execl("/sbin/sulogin", "sulogin", NULL);
285
286 uu_warn("Could not exec() sulogin");
287
288 exit(1);
289 }
290
291 #define CONFIGD_PATH "/lib/svc/bin/svc.configd"
292
293 /*
294 * void fork_configd(int status)
295 * We are interested in exit events (since the parent's exiting means configd
296 * is ready to run and since the child's exiting indicates an error case) and
297 * in empty events. This means we have a unique template for initiating
298 * configd.
299 */
300 void
301 fork_configd(int exitstatus)
302 {
303 pid_t pid;
304 ctid_t ctid = -1;
305 int err;
306 char path[PATH_MAX];
307
308 /*
309 * Checking the existatus for the potential failure of the
310 * daemonized svc.configd. If this is not the first time
311 * through, but a call from the svc.configd monitoring thread
312 * after a failure this is the status that is expected. Other
313 * failures are exposed during initialization or are fixed
314 * by a restart (e.g door closings).
315 *
316 * If this is on-disk database corruption it will also be
317 * caught by a restart but could be cleared before the restart.
318 *
319 * Or this could be internal database corruption due to a
320 * rogue service that needs to be cleared before restart.
321 */
322 if (WEXITSTATUS(exitstatus) == CONFIGD_EXIT_DATABASE_BAD) {
323 fork_sulogin(B_FALSE, "svc.configd exited with database "
324 "corrupt error after initialization of the repository\n");
325 }
326
327 retry:
328 log_framework(LOG_DEBUG, "fork_configd trying to start svc.configd\n");
329
330 /*
331 * If we're retrying, we will have an old contract lying around
332 * from the failure. Since we're going to be creating a new
333 * contract shortly, we abandon the old one now.
334 */
335 if (ctid != -1)
336 contract_abandon(ctid);
337 ctid = -1;
338
339 pid = fork_common("svc.configd", SCF_SERVICE_CONFIGD,
340 MAX_CONFIGD_RETRIES, &ctid, 0, CT_PR_EV_EXIT, 0,
341 CT_PR_INHERIT | CT_PR_REGENT, CONFIGD_COOKIE);
342
343 if (pid != 0) {
344 int exitstatus;
345
346 st->st_configd_pid = pid;
347
348 if (waitpid(pid, &exitstatus, 0) == -1) {
349 fork_sulogin(B_FALSE, "waitpid on svc.configd "
350 "failed: %s\n", strerror(errno));
351 } else if (WIFEXITED(exitstatus)) {
352 char *errstr;
353
354 /*
355 * Examine exitstatus. This will eventually get more
356 * complicated, as we will want to teach startd how to
357 * invoke configd with alternate repositories, etc.
358 *
359 * Note that exec(2) failure results in an exit status
360 * of 1, resulting in the default clause below.
361 */
362
363 /*
364 * Assign readable strings to cases we don't handle, or
365 * have error outcomes that cannot be eliminated.
366 */
367 switch (WEXITSTATUS(exitstatus)) {
368 case CONFIGD_EXIT_BAD_ARGS:
369 errstr = "bad arguments";
370 break;
371
372 case CONFIGD_EXIT_DATABASE_BAD:
373 errstr = "database corrupt";
374 break;
375
376 case CONFIGD_EXIT_DATABASE_LOCKED:
377 errstr = "database locked";
378 break;
379 case CONFIGD_EXIT_INIT_FAILED:
380 errstr = "initialization failure";
381 break;
382 case CONFIGD_EXIT_DOOR_INIT_FAILED:
383 errstr = "door initialization failure";
384 break;
385 case CONFIGD_EXIT_DATABASE_INIT_FAILED:
386 errstr = "database initialization failure";
387 break;
388 case CONFIGD_EXIT_NO_THREADS:
389 errstr = "no threads available";
390 break;
391 case CONFIGD_EXIT_LOST_MAIN_DOOR:
392 errstr = "lost door server attachment";
393 break;
394 case 1:
395 errstr = "execution failure";
396 break;
397 default:
398 errstr = "unknown error";
399 break;
400 }
401
402 /*
403 * Remedial actions for various configd failures.
404 */
405 switch (WEXITSTATUS(exitstatus)) {
406 case CONFIGD_EXIT_OKAY:
407 break;
408
409 case CONFIGD_EXIT_DATABASE_LOCKED:
410 /* attempt remount of / read-write */
411 if (fs_is_read_only("/", NULL) == 1) {
412 if (fs_remount("/") == -1)
413 fork_sulogin(B_FALSE,
414 "remount of root "
415 "filesystem failed\n");
416
417 goto retry;
418 }
419 break;
420
421 default:
422 fork_sulogin(B_FALSE, "svc.configd exited "
423 "with status %d (%s)\n",
424 WEXITSTATUS(exitstatus), errstr);
425 goto retry;
426 }
427 } else if (WIFSIGNALED(exitstatus)) {
428 char signame[SIG2STR_MAX];
429
430 if (sig2str(WTERMSIG(exitstatus), signame))
431 (void) snprintf(signame, SIG2STR_MAX,
432 "signum %d", WTERMSIG(exitstatus));
433
434 fork_sulogin(B_FALSE, "svc.configd signalled:"
435 " %s\n", signame);
436
437 goto retry;
438 } else {
439 fork_sulogin(B_FALSE, "svc.configd non-exit "
440 "condition: 0x%x\n", exitstatus);
441
442 goto retry;
443 }
444
445 /*
446 * Announce that we have a valid svc.configd status.
447 */
448 MUTEX_LOCK(&st->st_configd_live_lock);
449 st->st_configd_lives = 1;
450 err = pthread_cond_broadcast(&st->st_configd_live_cv);
451 assert(err == 0);
452 MUTEX_UNLOCK(&st->st_configd_live_lock);
453
454 log_framework(LOG_DEBUG, "fork_configd broadcasts configd is "
455 "live\n");
456 return;
457 }
458
459 /*
460 * Set our per-process core file path to leave core files in
461 * /etc/svc/volatile directory, named after the PID to aid in debugging.
462 */
463 (void) snprintf(path, sizeof (path),
464 "/etc/svc/volatile/core.configd.%%p");
465
466 (void) core_set_process_path(path, strlen(path) + 1, getpid());
467
468 log_framework(LOG_DEBUG, "executing svc.configd\n");
469
470 (void) execl(CONFIGD_PATH, CONFIGD_PATH, NULL);
471
472 /*
473 * Status code is used above to identify configd exec failure.
474 */
475 exit(1);
476 }
477
478 void *
479 fork_configd_thread(void *vctid)
480 {
481 int fd, err;
482 ctid_t configd_ctid = (ctid_t)vctid;
483
484 if (configd_ctid == -1) {
485 log_framework(LOG_DEBUG,
486 "fork_configd_thread starting svc.configd\n");
487 fork_configd(0);
488 } else {
489 /*
490 * configd_ctid is known: we broadcast and continue.
491 * test contract for appropriate state by verifying that
492 * there is one or more processes within it?
493 */
494 log_framework(LOG_DEBUG,
495 "fork_configd_thread accepting svc.configd with CTID %ld\n",
496 configd_ctid);
497 MUTEX_LOCK(&st->st_configd_live_lock);
498 st->st_configd_lives = 1;
499 (void) pthread_cond_broadcast(&st->st_configd_live_cv);
500 MUTEX_UNLOCK(&st->st_configd_live_lock);
501 }
502
503 fd = open64(CTFS_ROOT "/process/pbundle", O_RDONLY);
504 if (fd == -1)
505 uu_die("process bundle open failed");
506
507 /*
508 * Make sure we get all events (including those generated by configd
509 * before this thread was started).
510 */
511 err = ct_event_reset(fd);
512 assert(err == 0);
513
514 for (;;) {
515 int efd, sfd;
516 ct_evthdl_t ev;
517 uint32_t type;
518 ctevid_t evid;
519 ct_stathdl_t status;
520 ctid_t ctid;
521 uint64_t cookie;
522 pid_t pid;
523
524 if (err = ct_event_read_critical(fd, &ev)) {
525 assert(err != EINVAL && err != EAGAIN);
526 log_error(LOG_WARNING,
527 "Error reading next contract event: %s",
528 strerror(err));
529 continue;
530 }
531
532 evid = ct_event_get_evid(ev);
533 ctid = ct_event_get_ctid(ev);
534 type = ct_event_get_type(ev);
535
536 /* Fetch cookie. */
537 sfd = contract_open(ctid, "process", "status", O_RDONLY);
538 if (sfd < 0) {
539 ct_event_free(ev);
540 continue;
541 }
542
543 if (err = ct_status_read(sfd, CTD_COMMON, &status)) {
544 log_framework(LOG_WARNING, "Could not get status for "
545 "contract %ld: %s\n", ctid, strerror(err));
546
547 ct_event_free(ev);
548 startd_close(sfd);
549 continue;
550 }
551
552 cookie = ct_status_get_cookie(status);
553
554 ct_status_free(status);
555
556 startd_close(sfd);
557
558 /*
559 * Don't process events from contracts we aren't interested in.
560 */
561 if (cookie != CONFIGD_COOKIE) {
562 ct_event_free(ev);
563 continue;
564 }
565
566 if (type == CT_PR_EV_EXIT) {
567 int exitstatus;
568
569 (void) ct_pr_event_get_pid(ev, &pid);
570 (void) ct_pr_event_get_exitstatus(ev,
571 &exitstatus);
572
573 if (st->st_configd_pid != pid) {
574 /*
575 * This is the child exiting, so we
576 * abandon the contract and restart
577 * configd.
578 */
579 contract_abandon(ctid);
580 fork_configd(exitstatus);
581 }
582 }
583
584 efd = contract_open(ctid, "process", "ctl", O_WRONLY);
585 if (efd != -1) {
586 (void) ct_ctl_ack(efd, evid);
587 startd_close(efd);
588 }
589
590 ct_event_free(ev);
591
592 }
593
594 /*NOTREACHED*/
595 return (NULL);
596 }
597
598 void
599 fork_rc_script(char rl, const char *arg, boolean_t wait)
600 {
601 pid_t pid;
602 int tmpl, err, stat;
603 char path[20] = "/sbin/rc.", log[20] = "rc..log", timebuf[20];
604 time_t now;
605 struct tm ltime;
606 size_t sz;
607 char *pathenv;
608 char **nenv;
609
610 path[8] = rl;
611
612 tmpl = open64(CTFS_ROOT "/process/template", O_RDWR);
613 if (tmpl >= 0) {
614 err = ct_tmpl_set_critical(tmpl, 0);
615 assert(err == 0);
616
617 err = ct_tmpl_set_informative(tmpl, 0);
618 assert(err == 0);
619
620 err = ct_pr_tmpl_set_fatal(tmpl, 0);
621 assert(err == 0);
622
623 err = ct_tmpl_activate(tmpl);
624 assert(err == 0);
625
626 err = close(tmpl);
627 assert(err == 0);
628 } else {
629 uu_warn("Could not create contract template for %s.\n", path);
630 }
631
632 pid = startd_fork1(NULL);
633 if (pid < 0) {
634 return;
635 } else if (pid != 0) {
636 /* parent */
637 if (wait) {
638 do
639 err = waitpid(pid, &stat, 0);
640 while (err != 0 && errno == EINTR)
641 ;
642
643 if (!WIFEXITED(stat)) {
644 log_framework(LOG_INFO,
645 "%s terminated with waitpid() status %d.\n",
646 path, stat);
647 } else if (WEXITSTATUS(stat) != 0) {
648 log_framework(LOG_INFO,
649 "%s failed with status %d.\n", path,
650 WEXITSTATUS(stat));
651 }
652 }
653
654 return;
655 }
656
657 /* child */
658
659 log[2] = rl;
660
661 setlog(log);
662
663 now = time(NULL);
664 sz = strftime(timebuf, sizeof (timebuf), "%b %e %T",
665 localtime_r(&now, <ime));
666 assert(sz != 0);
667
668 (void) fprintf(stderr, "%s Executing %s %s\n", timebuf, path, arg);
669
670 if (rl == 'S')
671 pathenv = "PATH=/sbin:/usr/sbin:/usr/bin";
672 else
673 pathenv = "PATH=/usr/sbin:/usr/bin";
674
675 nenv = set_smf_env(NULL, 0, pathenv, NULL, NULL);
676
677 (void) execle(path, path, arg, 0, nenv);
678
679 perror("exec");
680 exit(0);
681 }