Print this page
6805730 some simple changes would make 'init 5' much faster
6809492 startd shouldn't let hung subprocesses impede shutdown
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/svc/startd/fork.c
+++ new/usr/src/cmd/svc/startd/fork.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
|
↓ open down ↓ |
11 lines elided |
↑ open up ↑ |
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 - * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
22 + * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 */
25 25
26 26 /*
27 27 * fork.c - safe forking for svc.startd
28 28 *
29 29 * fork_configd() and fork_sulogin() are related, special cases that handle the
30 30 * spawning of specific client processes for svc.startd.
31 31 */
32 32
33 33 #include <sys/contract/process.h>
34 34 #include <sys/corectl.h>
35 35 #include <sys/ctfs.h>
36 36 #include <sys/stat.h>
|
↓ open down ↓ |
4 lines elided |
↑ open up ↑ |
37 37 #include <sys/types.h>
38 38 #include <sys/uio.h>
39 39 #include <sys/wait.h>
40 40 #include <assert.h>
41 41 #include <errno.h>
42 42 #include <fcntl.h>
43 43 #include <libcontract.h>
44 44 #include <libcontract_priv.h>
45 45 #include <libscf_priv.h>
46 46 #include <limits.h>
47 +#include <poll.h>
47 48 #include <port.h>
48 49 #include <signal.h>
49 50 #include <stdarg.h>
50 51 #include <stdio.h>
51 52 #include <stdlib.h>
52 53 #include <string.h>
53 54 #include <unistd.h>
54 55 #include <utmpx.h>
56 +#include <spawn.h>
55 57
56 58 #include "configd_exit.h"
57 59 #include "protocol.h"
58 60 #include "startd.h"
59 61
60 62 static struct utmpx *utmpp; /* pointer for getutxent() */
61 63
62 64 pid_t
63 65 startd_fork1(int *forkerr)
64 66 {
65 67 pid_t p;
66 68
67 69 /*
68 70 * prefork stack
69 71 */
70 72 wait_prefork();
71 73
72 74 p = fork1();
73 75
74 76 if (p == -1 && forkerr != NULL)
75 77 *forkerr = errno;
76 78
77 79 /*
78 80 * postfork stack
79 81 */
80 82 wait_postfork(p);
81 83
82 84 return (p);
83 85 }
84 86
85 87 /*
86 88 * void fork_mount(char *, char *)
87 89 * Run mount(1M) with the given options and mount point. (mount(1M) has much
88 90 * hidden knowledge; it's much less correct to reimplement that logic here to
89 91 * save a fork(2)/exec(2) invocation.)
90 92 */
91 93 int
92 94 fork_mount(char *path, char *opts)
93 95 {
94 96 pid_t pid;
95 97 uint_t tries = 0;
96 98 int status;
97 99
98 100 for (pid = fork1(); pid == -1; pid = fork1()) {
99 101 if (++tries > MAX_MOUNT_RETRIES)
100 102 return (-1);
101 103
102 104 (void) sleep(tries);
103 105 }
104 106
105 107 if (pid != 0) {
106 108 (void) waitpid(pid, &status, 0);
107 109
108 110 /*
109 111 * If our mount(1M) invocation exited by peculiar means, or with
110 112 * a non-zero status, our mount likelihood is low.
111 113 */
112 114 if (!WIFEXITED(status) ||
113 115 WEXITSTATUS(status) != 0)
114 116 return (-1);
115 117
116 118 return (0);
117 119 }
118 120
119 121 (void) execl("/sbin/mount", "mount", "-o", opts, path, NULL);
120 122
121 123 return (-1);
122 124 }
123 125
124 126 /*
125 127 * pid_t fork_common(...)
126 128 * Common routine used by fork_sulogin and fork_configd to fork a
127 129 * process in a contract with the provided terms. Invokes
128 130 * fork_sulogin (with its no-fork argument set) on errors.
129 131 */
130 132 static pid_t
131 133 fork_common(const char *name, const char *svc_fmri, int retries, ctid_t *ctidp,
132 134 uint_t inf, uint_t crit, uint_t fatal, uint_t param, uint64_t cookie)
133 135 {
134 136 uint_t tries = 0;
135 137 int ctfd, err;
136 138 pid_t pid;
137 139
138 140 /*
139 141 * Establish process contract terms.
140 142 */
141 143 if ((ctfd = open64(CTFS_ROOT "/process/template", O_RDWR)) == -1) {
142 144 fork_sulogin(B_TRUE, "Could not open process contract template "
143 145 "for %s: %s\n", name, strerror(errno));
144 146 /* NOTREACHED */
145 147 }
146 148
147 149 err = ct_tmpl_set_critical(ctfd, crit);
148 150 err |= ct_pr_tmpl_set_fatal(ctfd, fatal);
149 151 err |= ct_tmpl_set_informative(ctfd, inf);
150 152 err |= ct_pr_tmpl_set_param(ctfd, param);
151 153 err |= ct_tmpl_set_cookie(ctfd, cookie);
152 154 err |= ct_pr_tmpl_set_svc_fmri(ctfd, svc_fmri);
153 155 err |= ct_pr_tmpl_set_svc_aux(ctfd, name);
154 156 if (err) {
155 157 (void) close(ctfd);
156 158 fork_sulogin(B_TRUE, "Could not set %s process contract "
157 159 "terms\n", name);
158 160 /* NOTREACHED */
159 161 }
160 162
161 163 if (err = ct_tmpl_activate(ctfd)) {
162 164 (void) close(ctfd);
163 165 fork_sulogin(B_TRUE, "Could not activate %s process contract "
164 166 "template: %s\n", name, strerror(err));
165 167 /* NOTREACHED */
166 168 }
167 169
168 170 /*
169 171 * Attempt to fork "retries" times.
170 172 */
171 173 for (pid = fork1(); pid == -1; pid = fork1()) {
172 174 if (++tries > retries) {
173 175 /*
174 176 * When we exit the sulogin session, init(1M)
175 177 * will restart svc.startd(1M).
176 178 */
177 179 err = errno;
178 180 (void) ct_tmpl_clear(ctfd);
179 181 (void) close(ctfd);
180 182 fork_sulogin(B_TRUE, "Could not fork to start %s: %s\n",
181 183 name, strerror(err));
182 184 /* NOTREACHED */
183 185 }
184 186 (void) sleep(tries);
185 187 }
186 188
187 189 /*
188 190 * Clean up, return pid and ctid.
189 191 */
190 192 if (pid != 0 && (errno = contract_latest(ctidp)) != 0)
191 193 uu_die("Could not get new contract id for %s\n", name);
192 194 (void) ct_tmpl_clear(ctfd);
193 195 (void) close(ctfd);
194 196
195 197 return (pid);
196 198 }
197 199
198 200 /*
199 201 * void fork_sulogin(boolean_t, const char *, ...)
200 202 * When we are invoked with the -s flag from boot (or run into an unfixable
201 203 * situation), we run a private copy of sulogin. When the sulogin session
202 204 * is ended, we continue. This is the last fallback action for system
203 205 * maintenance.
204 206 *
205 207 * If immediate is true, fork_sulogin() executes sulogin(1M) directly, without
206 208 * forking.
207 209 *
208 210 * Because fork_sulogin() is needed potentially before we daemonize, we leave
209 211 * it outside the wait_register() framework.
210 212 */
211 213 /*PRINTFLIKE2*/
212 214 void
213 215 fork_sulogin(boolean_t immediate, const char *format, ...)
214 216 {
215 217 va_list args;
216 218 int fd_console;
217 219
218 220 (void) printf("Requesting System Maintenance Mode\n");
219 221
220 222 if (!booting_to_single_user)
221 223 (void) printf("(See /lib/svc/share/README for more "
222 224 "information.)\n");
223 225
224 226 va_start(args, format);
225 227 (void) vprintf(format, args);
226 228 va_end(args);
227 229
228 230 if (!immediate) {
229 231 ctid_t ctid;
230 232 pid_t pid;
231 233
232 234 pid = fork_common("sulogin", SVC_SULOGIN_FMRI,
233 235 MAX_SULOGIN_RETRIES, &ctid, CT_PR_EV_HWERR, 0,
234 236 CT_PR_EV_HWERR, CT_PR_PGRPONLY, SULOGIN_COOKIE);
235 237
236 238 if (pid != 0) {
237 239 (void) waitpid(pid, NULL, 0);
238 240 contract_abandon(ctid);
239 241 return;
240 242 }
241 243 /* close all inherited fds */
242 244 closefrom(0);
243 245 } else {
244 246 (void) printf("Directly executing sulogin.\n");
245 247 /*
246 248 * Can't call closefrom() in this MT section
247 249 * so safely close a minimum set of fds.
248 250 */
249 251 (void) close(STDIN_FILENO);
250 252 (void) close(STDOUT_FILENO);
251 253 (void) close(STDERR_FILENO);
252 254 }
253 255
254 256 (void) setpgrp();
255 257
256 258 /* open the console for sulogin */
257 259 if ((fd_console = open("/dev/console", O_RDWR)) >= 0) {
258 260 if (fd_console != STDIN_FILENO)
259 261 while (dup2(fd_console, STDIN_FILENO) < 0 &&
260 262 errno == EINTR)
261 263 ;
262 264 if (fd_console != STDOUT_FILENO)
263 265 while (dup2(fd_console, STDOUT_FILENO) < 0 &&
264 266 errno == EINTR)
265 267 ;
266 268 if (fd_console != STDERR_FILENO)
267 269 while (dup2(fd_console, STDERR_FILENO) < 0 &&
268 270 errno == EINTR)
269 271 ;
270 272 if (fd_console > STDERR_FILENO)
271 273 (void) close(fd_console);
272 274 }
273 275
274 276 setutxent();
275 277 while ((utmpp = getutxent()) != NULL) {
276 278 if (strcmp(utmpp->ut_user, "LOGIN") != 0) {
277 279 if (strcmp(utmpp->ut_line, "console") == 0) {
278 280 (void) kill(utmpp->ut_pid, 9);
279 281 break;
280 282 }
281 283 }
282 284 }
283 285
284 286 (void) execl("/sbin/sulogin", "sulogin", NULL);
285 287
286 288 uu_warn("Could not exec() sulogin");
287 289
288 290 exit(1);
289 291 }
290 292
291 293 #define CONFIGD_PATH "/lib/svc/bin/svc.configd"
292 294
293 295 /*
294 296 * void fork_configd(int status)
295 297 * We are interested in exit events (since the parent's exiting means configd
296 298 * is ready to run and since the child's exiting indicates an error case) and
297 299 * in empty events. This means we have a unique template for initiating
298 300 * configd.
299 301 */
300 302 void
301 303 fork_configd(int exitstatus)
302 304 {
303 305 pid_t pid;
304 306 ctid_t ctid = -1;
305 307 int err;
306 308 char path[PATH_MAX];
307 309
308 310 /*
309 311 * Checking the existatus for the potential failure of the
310 312 * daemonized svc.configd. If this is not the first time
311 313 * through, but a call from the svc.configd monitoring thread
312 314 * after a failure this is the status that is expected. Other
313 315 * failures are exposed during initialization or are fixed
314 316 * by a restart (e.g door closings).
315 317 *
316 318 * If this is on-disk database corruption it will also be
317 319 * caught by a restart but could be cleared before the restart.
318 320 *
319 321 * Or this could be internal database corruption due to a
320 322 * rogue service that needs to be cleared before restart.
321 323 */
322 324 if (WEXITSTATUS(exitstatus) == CONFIGD_EXIT_DATABASE_BAD) {
323 325 fork_sulogin(B_FALSE, "svc.configd exited with database "
324 326 "corrupt error after initialization of the repository\n");
325 327 }
326 328
327 329 retry:
328 330 log_framework(LOG_DEBUG, "fork_configd trying to start svc.configd\n");
329 331
330 332 /*
331 333 * If we're retrying, we will have an old contract lying around
332 334 * from the failure. Since we're going to be creating a new
333 335 * contract shortly, we abandon the old one now.
334 336 */
335 337 if (ctid != -1)
336 338 contract_abandon(ctid);
337 339 ctid = -1;
338 340
339 341 pid = fork_common("svc.configd", SCF_SERVICE_CONFIGD,
340 342 MAX_CONFIGD_RETRIES, &ctid, 0, CT_PR_EV_EXIT, 0,
341 343 CT_PR_INHERIT | CT_PR_REGENT, CONFIGD_COOKIE);
342 344
343 345 if (pid != 0) {
344 346 int exitstatus;
345 347
346 348 st->st_configd_pid = pid;
347 349
348 350 if (waitpid(pid, &exitstatus, 0) == -1) {
349 351 fork_sulogin(B_FALSE, "waitpid on svc.configd "
350 352 "failed: %s\n", strerror(errno));
351 353 } else if (WIFEXITED(exitstatus)) {
352 354 char *errstr;
353 355
354 356 /*
355 357 * Examine exitstatus. This will eventually get more
356 358 * complicated, as we will want to teach startd how to
357 359 * invoke configd with alternate repositories, etc.
358 360 *
359 361 * Note that exec(2) failure results in an exit status
360 362 * of 1, resulting in the default clause below.
361 363 */
362 364
363 365 /*
364 366 * Assign readable strings to cases we don't handle, or
365 367 * have error outcomes that cannot be eliminated.
366 368 */
367 369 switch (WEXITSTATUS(exitstatus)) {
368 370 case CONFIGD_EXIT_BAD_ARGS:
369 371 errstr = "bad arguments";
370 372 break;
371 373
372 374 case CONFIGD_EXIT_DATABASE_BAD:
373 375 errstr = "database corrupt";
374 376 break;
375 377
376 378 case CONFIGD_EXIT_DATABASE_LOCKED:
377 379 errstr = "database locked";
378 380 break;
379 381 case CONFIGD_EXIT_INIT_FAILED:
380 382 errstr = "initialization failure";
381 383 break;
382 384 case CONFIGD_EXIT_DOOR_INIT_FAILED:
383 385 errstr = "door initialization failure";
384 386 break;
385 387 case CONFIGD_EXIT_DATABASE_INIT_FAILED:
386 388 errstr = "database initialization failure";
387 389 break;
388 390 case CONFIGD_EXIT_NO_THREADS:
389 391 errstr = "no threads available";
390 392 break;
391 393 case CONFIGD_EXIT_LOST_MAIN_DOOR:
392 394 errstr = "lost door server attachment";
393 395 break;
394 396 case 1:
395 397 errstr = "execution failure";
396 398 break;
397 399 default:
398 400 errstr = "unknown error";
399 401 break;
400 402 }
401 403
402 404 /*
403 405 * Remedial actions for various configd failures.
404 406 */
405 407 switch (WEXITSTATUS(exitstatus)) {
406 408 case CONFIGD_EXIT_OKAY:
407 409 break;
408 410
409 411 case CONFIGD_EXIT_DATABASE_LOCKED:
410 412 /* attempt remount of / read-write */
411 413 if (fs_is_read_only("/", NULL) == 1) {
412 414 if (fs_remount("/") == -1)
413 415 fork_sulogin(B_FALSE,
414 416 "remount of root "
415 417 "filesystem failed\n");
416 418
417 419 goto retry;
418 420 }
419 421 break;
420 422
421 423 default:
422 424 fork_sulogin(B_FALSE, "svc.configd exited "
423 425 "with status %d (%s)\n",
424 426 WEXITSTATUS(exitstatus), errstr);
425 427 goto retry;
426 428 }
427 429 } else if (WIFSIGNALED(exitstatus)) {
428 430 char signame[SIG2STR_MAX];
429 431
430 432 if (sig2str(WTERMSIG(exitstatus), signame))
431 433 (void) snprintf(signame, SIG2STR_MAX,
432 434 "signum %d", WTERMSIG(exitstatus));
433 435
434 436 fork_sulogin(B_FALSE, "svc.configd signalled:"
435 437 " %s\n", signame);
436 438
437 439 goto retry;
438 440 } else {
439 441 fork_sulogin(B_FALSE, "svc.configd non-exit "
440 442 "condition: 0x%x\n", exitstatus);
441 443
442 444 goto retry;
443 445 }
444 446
445 447 /*
446 448 * Announce that we have a valid svc.configd status.
447 449 */
448 450 MUTEX_LOCK(&st->st_configd_live_lock);
449 451 st->st_configd_lives = 1;
450 452 err = pthread_cond_broadcast(&st->st_configd_live_cv);
451 453 assert(err == 0);
452 454 MUTEX_UNLOCK(&st->st_configd_live_lock);
453 455
454 456 log_framework(LOG_DEBUG, "fork_configd broadcasts configd is "
455 457 "live\n");
456 458 return;
457 459 }
458 460
459 461 /*
460 462 * Set our per-process core file path to leave core files in
461 463 * /etc/svc/volatile directory, named after the PID to aid in debugging.
462 464 */
463 465 (void) snprintf(path, sizeof (path),
464 466 "/etc/svc/volatile/core.configd.%%p");
465 467
466 468 (void) core_set_process_path(path, strlen(path) + 1, getpid());
467 469
468 470 log_framework(LOG_DEBUG, "executing svc.configd\n");
469 471
470 472 (void) execl(CONFIGD_PATH, CONFIGD_PATH, NULL);
471 473
472 474 /*
473 475 * Status code is used above to identify configd exec failure.
474 476 */
475 477 exit(1);
476 478 }
477 479
478 480 void *
479 481 fork_configd_thread(void *vctid)
480 482 {
481 483 int fd, err;
482 484 ctid_t configd_ctid = (ctid_t)vctid;
483 485
484 486 if (configd_ctid == -1) {
485 487 log_framework(LOG_DEBUG,
486 488 "fork_configd_thread starting svc.configd\n");
487 489 fork_configd(0);
488 490 } else {
489 491 /*
490 492 * configd_ctid is known: we broadcast and continue.
491 493 * test contract for appropriate state by verifying that
492 494 * there is one or more processes within it?
493 495 */
494 496 log_framework(LOG_DEBUG,
495 497 "fork_configd_thread accepting svc.configd with CTID %ld\n",
496 498 configd_ctid);
497 499 MUTEX_LOCK(&st->st_configd_live_lock);
498 500 st->st_configd_lives = 1;
499 501 (void) pthread_cond_broadcast(&st->st_configd_live_cv);
500 502 MUTEX_UNLOCK(&st->st_configd_live_lock);
501 503 }
502 504
503 505 fd = open64(CTFS_ROOT "/process/pbundle", O_RDONLY);
504 506 if (fd == -1)
505 507 uu_die("process bundle open failed");
506 508
507 509 /*
508 510 * Make sure we get all events (including those generated by configd
509 511 * before this thread was started).
510 512 */
511 513 err = ct_event_reset(fd);
512 514 assert(err == 0);
513 515
514 516 for (;;) {
515 517 int efd, sfd;
516 518 ct_evthdl_t ev;
517 519 uint32_t type;
518 520 ctevid_t evid;
519 521 ct_stathdl_t status;
520 522 ctid_t ctid;
521 523 uint64_t cookie;
522 524 pid_t pid;
523 525
524 526 if (err = ct_event_read_critical(fd, &ev)) {
525 527 assert(err != EINVAL && err != EAGAIN);
526 528 log_error(LOG_WARNING,
527 529 "Error reading next contract event: %s",
528 530 strerror(err));
529 531 continue;
530 532 }
531 533
532 534 evid = ct_event_get_evid(ev);
533 535 ctid = ct_event_get_ctid(ev);
534 536 type = ct_event_get_type(ev);
535 537
536 538 /* Fetch cookie. */
537 539 sfd = contract_open(ctid, "process", "status", O_RDONLY);
538 540 if (sfd < 0) {
539 541 ct_event_free(ev);
540 542 continue;
541 543 }
542 544
543 545 if (err = ct_status_read(sfd, CTD_COMMON, &status)) {
544 546 log_framework(LOG_WARNING, "Could not get status for "
545 547 "contract %ld: %s\n", ctid, strerror(err));
546 548
547 549 ct_event_free(ev);
548 550 startd_close(sfd);
549 551 continue;
550 552 }
551 553
552 554 cookie = ct_status_get_cookie(status);
553 555
554 556 ct_status_free(status);
555 557
556 558 startd_close(sfd);
557 559
558 560 /*
559 561 * Don't process events from contracts we aren't interested in.
560 562 */
561 563 if (cookie != CONFIGD_COOKIE) {
562 564 ct_event_free(ev);
563 565 continue;
564 566 }
565 567
566 568 if (type == CT_PR_EV_EXIT) {
567 569 int exitstatus;
568 570
569 571 (void) ct_pr_event_get_pid(ev, &pid);
570 572 (void) ct_pr_event_get_exitstatus(ev,
571 573 &exitstatus);
572 574
573 575 if (st->st_configd_pid != pid) {
574 576 /*
575 577 * This is the child exiting, so we
576 578 * abandon the contract and restart
577 579 * configd.
578 580 */
579 581 contract_abandon(ctid);
580 582 fork_configd(exitstatus);
581 583 }
582 584 }
583 585
584 586 efd = contract_open(ctid, "process", "ctl", O_WRONLY);
585 587 if (efd != -1) {
586 588 (void) ct_ctl_ack(efd, evid);
587 589 startd_close(efd);
588 590 }
589 591
590 592 ct_event_free(ev);
591 593
592 594 }
593 595
594 596 /*NOTREACHED*/
595 597 return (NULL);
596 598 }
597 599
598 600 void
599 601 fork_rc_script(char rl, const char *arg, boolean_t wait)
600 602 {
601 603 pid_t pid;
602 604 int tmpl, err, stat;
603 605 char path[20] = "/sbin/rc.", log[20] = "rc..log", timebuf[20];
604 606 time_t now;
605 607 struct tm ltime;
606 608 size_t sz;
607 609 char *pathenv;
608 610 char **nenv;
609 611
610 612 path[8] = rl;
611 613
612 614 tmpl = open64(CTFS_ROOT "/process/template", O_RDWR);
613 615 if (tmpl >= 0) {
614 616 err = ct_tmpl_set_critical(tmpl, 0);
615 617 assert(err == 0);
616 618
617 619 err = ct_tmpl_set_informative(tmpl, 0);
618 620 assert(err == 0);
619 621
620 622 err = ct_pr_tmpl_set_fatal(tmpl, 0);
621 623 assert(err == 0);
622 624
623 625 err = ct_tmpl_activate(tmpl);
624 626 assert(err == 0);
625 627
626 628 err = close(tmpl);
627 629 assert(err == 0);
628 630 } else {
629 631 uu_warn("Could not create contract template for %s.\n", path);
630 632 }
631 633
632 634 pid = startd_fork1(NULL);
633 635 if (pid < 0) {
634 636 return;
635 637 } else if (pid != 0) {
636 638 /* parent */
637 639 if (wait) {
638 640 do
639 641 err = waitpid(pid, &stat, 0);
640 642 while (err != 0 && errno == EINTR)
641 643 ;
642 644
643 645 if (!WIFEXITED(stat)) {
644 646 log_framework(LOG_INFO,
645 647 "%s terminated with waitpid() status %d.\n",
646 648 path, stat);
647 649 } else if (WEXITSTATUS(stat) != 0) {
648 650 log_framework(LOG_INFO,
649 651 "%s failed with status %d.\n", path,
650 652 WEXITSTATUS(stat));
651 653 }
652 654 }
653 655
654 656 return;
655 657 }
656 658
657 659 /* child */
658 660
659 661 log[2] = rl;
660 662
661 663 setlog(log);
662 664
663 665 now = time(NULL);
664 666 sz = strftime(timebuf, sizeof (timebuf), "%b %e %T",
665 667 localtime_r(&now, <ime));
666 668 assert(sz != 0);
667 669
668 670 (void) fprintf(stderr, "%s Executing %s %s\n", timebuf, path, arg);
669 671
670 672 if (rl == 'S')
|
↓ open down ↓ |
606 lines elided |
↑ open up ↑ |
671 673 pathenv = "PATH=/sbin:/usr/sbin:/usr/bin";
672 674 else
673 675 pathenv = "PATH=/usr/sbin:/usr/bin";
674 676
675 677 nenv = set_smf_env(NULL, 0, pathenv, NULL, NULL);
676 678
677 679 (void) execle(path, path, arg, 0, nenv);
678 680
679 681 perror("exec");
680 682 exit(0);
683 +}
684 +
685 +extern char **environ;
686 +
687 +/*
688 + * A local variation on system(3c) which accepts a timeout argument. This
689 + * allows us to better ensure that the system will actually shut down.
690 + *
691 + * gracetime specifies an amount of time in seconds which the routine must wait
692 + * after the command exits, to allow for asynchronous effects (like sent
693 + * signals) to take effect. This can be zero.
694 + */
695 +void
696 +fork_with_timeout(const char *cmd, uint_t gracetime, uint_t timeout)
697 +{
698 + int err = 0;
699 + pid_t pid;
700 + char *argv[4];
701 + posix_spawnattr_t attr;
702 + posix_spawn_file_actions_t factions;
703 +
704 + sigset_t mask, savemask;
705 + uint_t msec_timeout;
706 + uint_t msec_spent = 0;
707 + uint_t msec_gracetime;
708 + int status;
709 +
710 + msec_timeout = timeout * 1000;
711 + msec_gracetime = gracetime * 1000;
712 +
713 + /*
714 + * See also system(3c) in libc. This is very similar, except
715 + * that we avoid some unneeded complexity.
716 + */
717 + err = posix_spawnattr_init(&attr);
718 + if (err == 0)
719 + err = posix_spawnattr_setflags(&attr,
720 + POSIX_SPAWN_SETSIGMASK | POSIX_SPAWN_SETSIGDEF |
721 + POSIX_SPAWN_NOSIGCHLD_NP | POSIX_SPAWN_WAITPID_NP |
722 + POSIX_SPAWN_NOEXECERR_NP);
723 +
724 + /*
725 + * We choose to close fd's above 2, a deviation from system.
726 + */
727 + if (err == 0)
728 + err = posix_spawn_file_actions_init(&factions);
729 + if (err == 0)
730 + err = posix_spawn_file_actions_addclosefrom_np(&factions,
731 + STDERR_FILENO + 1);
732 +
733 + (void) sigemptyset(&mask);
734 + (void) sigaddset(&mask, SIGCHLD);
735 + (void) thr_sigsetmask(SIG_BLOCK, &mask, &savemask);
736 +
737 + argv[0] = "/bin/sh";
738 + argv[1] = "-c";
739 + argv[2] = (char *)cmd;
740 + argv[3] = NULL;
741 +
742 + if (err == 0)
743 + err = posix_spawn(&pid, "/bin/sh", &factions, &attr,
744 + (char *const *)argv, (char *const *)environ);
745 +
746 + (void) posix_spawnattr_destroy(&attr);
747 + (void) posix_spawn_file_actions_destroy(&factions);
748 +
749 + if (err) {
750 + uu_warn("Failed to spawn %s: %s\n", cmd, strerror(err));
751 + } else {
752 + for (;;) {
753 + int w;
754 + w = waitpid(pid, &status, WNOHANG);
755 + if (w == -1 && errno != EINTR)
756 + break;
757 + if (w > 0) {
758 + /*
759 + * Command succeeded, so give it gracetime
760 + * seconds for it to have an effect.
761 + */
762 + if (status == 0 && msec_gracetime != 0)
763 + (void) poll(NULL, 0, msec_gracetime);
764 + break;
765 + }
766 +
767 + (void) poll(NULL, 0, 100);
768 + msec_spent += 100;
769 + /*
770 + * If we timed out, kill off the process, then try to
771 + * wait for it-- it's possible that we could accumulate
772 + * a zombie here since we don't allow waitpid to hang,
773 + * but it's better to let that happen and continue to
774 + * make progress.
775 + */
776 + if (msec_spent >= msec_timeout) {
777 + uu_warn("'%s' timed out after %d "
778 + "seconds. Killing.\n", cmd,
779 + timeout);
780 + (void) kill(pid, SIGTERM);
781 + (void) poll(NULL, 0, 100);
782 + (void) kill(pid, SIGKILL);
783 + (void) poll(NULL, 0, 100);
784 + (void) waitpid(pid, &status, WNOHANG);
785 + break;
786 + }
787 + }
788 + }
789 + (void) thr_sigsetmask(SIG_BLOCK, &savemask, NULL);
681 790 }
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX