1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * graph.c - master restarter graph engine 28 * 29 * The graph engine keeps a dependency graph of all service instances on the 30 * system, as recorded in the repository. It decides when services should 31 * be brought up or down based on service states and dependencies and sends 32 * commands to restarters to effect any changes. It also executes 33 * administrator commands sent by svcadm via the repository. 34 * 35 * The graph is stored in uu_list_t *dgraph and its vertices are 36 * graph_vertex_t's, each of which has a name and an integer id unique to 37 * its name (see dict.c). A vertex's type attribute designates the type 38 * of object it represents: GVT_INST for service instances, GVT_SVC for 39 * service objects (since service instances may depend on another service, 40 * rather than service instance), GVT_FILE for files (which services may 41 * depend on), and GVT_GROUP for dependencies on multiple objects. GVT_GROUP 42 * vertices are necessary because dependency lists may have particular 43 * grouping types (require any, require all, optional, or exclude) and 44 * event-propagation characteristics. 45 * 46 * The initial graph is built by libscf_populate_graph() invoking 47 * dgraph_add_instance() for each instance in the repository. The function 48 * adds a GVT_SVC vertex for the service if one does not already exist, adds 49 * a GVT_INST vertex named by the FMRI of the instance, and sets up the edges. 50 * The resulting web of vertices & edges associated with an instance's vertex 51 * includes 52 * 53 * - an edge from the GVT_SVC vertex for the instance's service 54 * 55 * - an edge to the GVT_INST vertex of the instance's resarter, if its 56 * restarter is not svc.startd 57 * 58 * - edges from other GVT_INST vertices if the instance is a restarter 59 * 60 * - for each dependency property group in the instance's "running" 61 * snapshot, an edge to a GVT_GROUP vertex named by the FMRI of the 62 * instance and the name of the property group 63 * 64 * - for each value of the "entities" property in each dependency property 65 * group, an edge from the corresponding GVT_GROUP vertex to a 66 * GVT_INST, GVT_SVC, or GVT_FILE vertex 67 * 68 * - edges from GVT_GROUP vertices for each dependent instance 69 * 70 * After the edges are set up the vertex's GV_CONFIGURED flag is set. If 71 * there are problems, or if a service is mentioned in a dependency but does 72 * not exist in the repository, the GV_CONFIGURED flag will be clear. 73 * 74 * The graph and all of its vertices are protected by the dgraph_lock mutex. 75 * See restarter.c for more information. 76 * 77 * The properties of an instance fall into two classes: immediate and 78 * snapshotted. Immediate properties should have an immediate effect when 79 * changed. Snapshotted properties should be read from a snapshot, so they 80 * only change when the snapshot changes. The immediate properties used by 81 * the graph engine are general/enabled, general/restarter, and the properties 82 * in the restarter_actions property group. Since they are immediate, they 83 * are not read out of a snapshot. The snapshotted properties used by the 84 * graph engine are those in the property groups with type "dependency" and 85 * are read out of the "running" snapshot. The "running" snapshot is created 86 * by the the graph engine as soon as possible, and it is updated, along with 87 * in-core copies of the data (dependency information for the graph engine) on 88 * receipt of the refresh command from svcadm. In addition, the graph engine 89 * updates the "start" snapshot from the "running" snapshot whenever a service 90 * comes online. 91 * 92 * When a DISABLE event is requested by the administrator, svc.startd shutdown 93 * the dependents first before shutting down the requested service. 94 * In graph_enable_by_vertex, we create a subtree that contains the dependent 95 * vertices by marking those vertices with the GV_TOOFFLINE flag. And we mark 96 * the vertex to disable with the GV_TODISABLE flag. Once the tree is created, 97 * we send the _ADMIN_DISABLE event to the leaves. The leaves will then 98 * transition from STATE_ONLINE/STATE_DEGRADED to STATE_OFFLINE/STATE_MAINT. 99 * In gt_enter_offline and gt_enter_maint if the vertex was in a subtree then 100 * we clear the GV_TOOFFLINE flag and walk the dependencies to offline the new 101 * exposed leaves. We do the same until we reach the last leaf (the one with 102 * the GV_TODISABLE flag). If the vertex to disable is also part of a larger 103 * subtree (eg. multiple DISABLE events on vertices in the same subtree) then 104 * once the first vertex is disabled (GV_TODISABLE flag is removed), we 105 * continue to propagate the offline event to the vertex's dependencies. 106 */ 107 108 #include <sys/uadmin.h> 109 #include <sys/wait.h> 110 111 #include <assert.h> 112 #include <errno.h> 113 #include <fcntl.h> 114 #include <libscf.h> 115 #include <libscf_priv.h> 116 #include <libuutil.h> 117 #include <locale.h> 118 #include <poll.h> 119 #include <pthread.h> 120 #include <signal.h> 121 #include <stddef.h> 122 #include <stdio.h> 123 #include <stdlib.h> 124 #include <string.h> 125 #include <strings.h> 126 #include <sys/statvfs.h> 127 #include <sys/uadmin.h> 128 #include <zone.h> 129 #if defined(__i386) 130 #include <libgrubmgmt.h> 131 #endif /* __i386 */ 132 133 #include "startd.h" 134 #include "protocol.h" 135 136 137 #define MILESTONE_NONE ((graph_vertex_t *)1) 138 139 #define CONSOLE_LOGIN_FMRI "svc:/system/console-login:default" 140 #define FS_MINIMAL_FMRI "svc:/system/filesystem/minimal:default" 141 142 #define VERTEX_REMOVED 0 /* vertex has been freed */ 143 #define VERTEX_INUSE 1 /* vertex is still in use */ 144 145 /* 146 * Services in these states are not considered 'down' by the 147 * milestone/shutdown code. 148 */ 149 #define up_state(state) ((state) == RESTARTER_STATE_ONLINE || \ 150 (state) == RESTARTER_STATE_DEGRADED || \ 151 (state) == RESTARTER_STATE_OFFLINE) 152 153 static uu_list_pool_t *graph_edge_pool, *graph_vertex_pool; 154 static uu_list_t *dgraph; 155 static pthread_mutex_t dgraph_lock; 156 157 /* 158 * milestone indicates the current subgraph. When NULL, it is the entire 159 * graph. When MILESTONE_NONE, it is the empty graph. Otherwise, it is all 160 * services on which the target vertex depends. 161 */ 162 static graph_vertex_t *milestone = NULL; 163 static boolean_t initial_milestone_set = B_FALSE; 164 static pthread_cond_t initial_milestone_cv = PTHREAD_COND_INITIALIZER; 165 166 /* protected by dgraph_lock */ 167 static boolean_t sulogin_thread_running = B_FALSE; 168 static boolean_t sulogin_running = B_FALSE; 169 static boolean_t console_login_ready = B_FALSE; 170 171 /* Number of services to come down to complete milestone transition. */ 172 static uint_t non_subgraph_svcs; 173 174 /* 175 * These variables indicate what should be done when we reach the milestone 176 * target milestone, i.e., when non_subgraph_svcs == 0. They are acted upon in 177 * dgraph_set_instance_state(). 178 */ 179 static int halting = -1; 180 static boolean_t go_single_user_mode = B_FALSE; 181 static boolean_t go_to_level1 = B_FALSE; 182 183 /* 184 * Tracks when we started halting. 185 */ 186 static time_t halting_time = 0; 187 188 /* 189 * This tracks the legacy runlevel to ensure we signal init and manage 190 * utmpx entries correctly. 191 */ 192 static char current_runlevel = '\0'; 193 194 /* Number of single user threads currently running */ 195 static pthread_mutex_t single_user_thread_lock; 196 static int single_user_thread_count = 0; 197 198 /* Statistics for dependency cycle-checking */ 199 static u_longlong_t dep_inserts = 0; 200 static u_longlong_t dep_cycle_ns = 0; 201 static u_longlong_t dep_insert_ns = 0; 202 203 204 static const char * const emsg_invalid_restarter = 205 "Transitioning %s to maintenance, restarter FMRI %s is invalid " 206 "(see 'svcs -xv' for details).\n"; 207 static const char * const console_login_fmri = CONSOLE_LOGIN_FMRI; 208 static const char * const single_user_fmri = SCF_MILESTONE_SINGLE_USER; 209 static const char * const multi_user_fmri = SCF_MILESTONE_MULTI_USER; 210 static const char * const multi_user_svr_fmri = SCF_MILESTONE_MULTI_USER_SERVER; 211 212 213 /* 214 * These services define the system being "up". If none of them can come 215 * online, then we will run sulogin on the console. Note that the install ones 216 * are for the miniroot and when installing CDs after the first. can_come_up() 217 * does the decision making, and an sulogin_thread() runs sulogin, which can be 218 * started by dgraph_set_instance_state() or single_user_thread(). 219 * 220 * NOTE: can_come_up() relies on SCF_MILESTONE_SINGLE_USER being the first 221 * entry, which is only used when booting_to_single_user (boot -s) is set. 222 * This is because when doing a "boot -s", sulogin is started from specials.c 223 * after milestone/single-user comes online, for backwards compatibility. 224 * In this case, SCF_MILESTONE_SINGLE_USER needs to be part of up_svcs 225 * to ensure sulogin will be spawned if milestone/single-user cannot be reached. 226 */ 227 static const char * const up_svcs[] = { 228 SCF_MILESTONE_SINGLE_USER, 229 CONSOLE_LOGIN_FMRI, 230 "svc:/system/install-setup:default", 231 "svc:/system/install:default", 232 NULL 233 }; 234 235 /* This array must have an element for each non-NULL element of up_svcs[]. */ 236 static graph_vertex_t *up_svcs_p[] = { NULL, NULL, NULL, NULL }; 237 238 /* These are for seed repository magic. See can_come_up(). */ 239 static const char * const manifest_import = 240 "svc:/system/manifest-import:default"; 241 static graph_vertex_t *manifest_import_p = NULL; 242 243 244 static char target_milestone_as_runlevel(void); 245 static void graph_runlevel_changed(char rl, int online); 246 static int dgraph_set_milestone(const char *, scf_handle_t *, boolean_t); 247 static boolean_t should_be_in_subgraph(graph_vertex_t *v); 248 static int mark_subtree(graph_edge_t *, void *); 249 static boolean_t insubtree_dependents_down(graph_vertex_t *); 250 251 /* 252 * graph_vertex_compare() 253 * This function can compare either int *id or * graph_vertex_t *gv 254 * values, as the vertex id is always the first element of a 255 * graph_vertex structure. 256 */ 257 /* ARGSUSED */ 258 static int 259 graph_vertex_compare(const void *lc_arg, const void *rc_arg, void *private) 260 { 261 int lc_id = ((const graph_vertex_t *)lc_arg)->gv_id; 262 int rc_id = *(int *)rc_arg; 263 264 if (lc_id > rc_id) 265 return (1); 266 if (lc_id < rc_id) 267 return (-1); 268 return (0); 269 } 270 271 void 272 graph_init() 273 { 274 graph_edge_pool = startd_list_pool_create("graph_edges", 275 sizeof (graph_edge_t), offsetof(graph_edge_t, ge_link), NULL, 276 UU_LIST_POOL_DEBUG); 277 assert(graph_edge_pool != NULL); 278 279 graph_vertex_pool = startd_list_pool_create("graph_vertices", 280 sizeof (graph_vertex_t), offsetof(graph_vertex_t, gv_link), 281 graph_vertex_compare, UU_LIST_POOL_DEBUG); 282 assert(graph_vertex_pool != NULL); 283 284 (void) pthread_mutex_init(&dgraph_lock, &mutex_attrs); 285 (void) pthread_mutex_init(&single_user_thread_lock, &mutex_attrs); 286 dgraph = startd_list_create(graph_vertex_pool, NULL, UU_LIST_SORTED); 287 assert(dgraph != NULL); 288 289 if (!st->st_initial) 290 current_runlevel = utmpx_get_runlevel(); 291 292 log_framework(LOG_DEBUG, "Initialized graph\n"); 293 } 294 295 static graph_vertex_t * 296 vertex_get_by_name(const char *name) 297 { 298 int id; 299 300 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 301 302 id = dict_lookup_byname(name); 303 if (id == -1) 304 return (NULL); 305 306 return (uu_list_find(dgraph, &id, NULL, NULL)); 307 } 308 309 static graph_vertex_t * 310 vertex_get_by_id(int id) 311 { 312 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 313 314 if (id == -1) 315 return (NULL); 316 317 return (uu_list_find(dgraph, &id, NULL, NULL)); 318 } 319 320 /* 321 * Creates a new vertex with the given name, adds it to the graph, and returns 322 * a pointer to it. The graph lock must be held by this thread on entry. 323 */ 324 static graph_vertex_t * 325 graph_add_vertex(const char *name) 326 { 327 int id; 328 graph_vertex_t *v; 329 void *p; 330 uu_list_index_t idx; 331 332 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 333 334 id = dict_insert(name); 335 336 v = startd_zalloc(sizeof (*v)); 337 338 v->gv_id = id; 339 340 v->gv_name = startd_alloc(strlen(name) + 1); 341 (void) strcpy(v->gv_name, name); 342 343 v->gv_dependencies = startd_list_create(graph_edge_pool, v, 0); 344 v->gv_dependents = startd_list_create(graph_edge_pool, v, 0); 345 346 p = uu_list_find(dgraph, &id, NULL, &idx); 347 assert(p == NULL); 348 349 uu_list_node_init(v, &v->gv_link, graph_vertex_pool); 350 uu_list_insert(dgraph, v, idx); 351 352 return (v); 353 } 354 355 /* 356 * Removes v from the graph and frees it. The graph should be locked by this 357 * thread, and v should have no edges associated with it. 358 */ 359 static void 360 graph_remove_vertex(graph_vertex_t *v) 361 { 362 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 363 364 assert(uu_list_numnodes(v->gv_dependencies) == 0); 365 assert(uu_list_numnodes(v->gv_dependents) == 0); 366 assert(v->gv_refs == 0); 367 368 startd_free(v->gv_name, strlen(v->gv_name) + 1); 369 uu_list_destroy(v->gv_dependencies); 370 uu_list_destroy(v->gv_dependents); 371 uu_list_remove(dgraph, v); 372 373 startd_free(v, sizeof (graph_vertex_t)); 374 } 375 376 static void 377 graph_add_edge(graph_vertex_t *fv, graph_vertex_t *tv) 378 { 379 graph_edge_t *e, *re; 380 int r; 381 382 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 383 384 e = startd_alloc(sizeof (graph_edge_t)); 385 re = startd_alloc(sizeof (graph_edge_t)); 386 387 e->ge_parent = fv; 388 e->ge_vertex = tv; 389 390 re->ge_parent = tv; 391 re->ge_vertex = fv; 392 393 uu_list_node_init(e, &e->ge_link, graph_edge_pool); 394 r = uu_list_insert_before(fv->gv_dependencies, NULL, e); 395 assert(r == 0); 396 397 uu_list_node_init(re, &re->ge_link, graph_edge_pool); 398 r = uu_list_insert_before(tv->gv_dependents, NULL, re); 399 assert(r == 0); 400 } 401 402 static void 403 graph_remove_edge(graph_vertex_t *v, graph_vertex_t *dv) 404 { 405 graph_edge_t *e; 406 407 for (e = uu_list_first(v->gv_dependencies); 408 e != NULL; 409 e = uu_list_next(v->gv_dependencies, e)) { 410 if (e->ge_vertex == dv) { 411 uu_list_remove(v->gv_dependencies, e); 412 startd_free(e, sizeof (graph_edge_t)); 413 break; 414 } 415 } 416 417 for (e = uu_list_first(dv->gv_dependents); 418 e != NULL; 419 e = uu_list_next(dv->gv_dependents, e)) { 420 if (e->ge_vertex == v) { 421 uu_list_remove(dv->gv_dependents, e); 422 startd_free(e, sizeof (graph_edge_t)); 423 break; 424 } 425 } 426 } 427 428 static void 429 remove_inst_vertex(graph_vertex_t *v) 430 { 431 graph_edge_t *e; 432 graph_vertex_t *sv; 433 int i; 434 435 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 436 assert(uu_list_numnodes(v->gv_dependents) == 1); 437 assert(uu_list_numnodes(v->gv_dependencies) == 0); 438 assert(v->gv_refs == 0); 439 assert((v->gv_flags & GV_CONFIGURED) == 0); 440 441 e = uu_list_first(v->gv_dependents); 442 sv = e->ge_vertex; 443 graph_remove_edge(sv, v); 444 445 for (i = 0; up_svcs[i] != NULL; ++i) { 446 if (up_svcs_p[i] == v) 447 up_svcs_p[i] = NULL; 448 } 449 450 if (manifest_import_p == v) 451 manifest_import_p = NULL; 452 453 graph_remove_vertex(v); 454 455 if (uu_list_numnodes(sv->gv_dependencies) == 0 && 456 uu_list_numnodes(sv->gv_dependents) == 0 && 457 sv->gv_refs == 0) 458 graph_remove_vertex(sv); 459 } 460 461 static void 462 graph_walk_dependents(graph_vertex_t *v, void (*func)(graph_vertex_t *, void *), 463 void *arg) 464 { 465 graph_edge_t *e; 466 467 for (e = uu_list_first(v->gv_dependents); 468 e != NULL; 469 e = uu_list_next(v->gv_dependents, e)) 470 func(e->ge_vertex, arg); 471 } 472 473 static void 474 graph_walk_dependencies(graph_vertex_t *v, void (*func)(graph_vertex_t *, 475 void *), void *arg) 476 { 477 graph_edge_t *e; 478 479 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 480 481 for (e = uu_list_first(v->gv_dependencies); 482 e != NULL; 483 e = uu_list_next(v->gv_dependencies, e)) { 484 485 func(e->ge_vertex, arg); 486 } 487 } 488 489 /* 490 * Generic graph walking function. 491 * 492 * Given a vertex, this function will walk either dependencies 493 * (WALK_DEPENDENCIES) or dependents (WALK_DEPENDENTS) of a vertex recursively 494 * for the entire graph. It will avoid cycles and never visit the same vertex 495 * twice. 496 * 497 * We avoid traversing exclusion dependencies, because they are allowed to 498 * create cycles in the graph. When propagating satisfiability, there is no 499 * need to walk exclusion dependencies because exclude_all_satisfied() doesn't 500 * test for satisfiability. 501 * 502 * The walker takes two callbacks. The first is called before examining the 503 * dependents of each vertex. The second is called on each vertex after 504 * examining its dependents. This allows is_path_to() to construct a path only 505 * after the target vertex has been found. 506 */ 507 typedef enum { 508 WALK_DEPENDENTS, 509 WALK_DEPENDENCIES 510 } graph_walk_dir_t; 511 512 typedef int (*graph_walk_cb_t)(graph_vertex_t *, void *); 513 514 typedef struct graph_walk_info { 515 graph_walk_dir_t gi_dir; 516 uchar_t *gi_visited; /* vertex bitmap */ 517 int (*gi_pre)(graph_vertex_t *, void *); 518 void (*gi_post)(graph_vertex_t *, void *); 519 void *gi_arg; /* callback arg */ 520 int gi_ret; /* return value */ 521 } graph_walk_info_t; 522 523 static int 524 graph_walk_recurse(graph_edge_t *e, graph_walk_info_t *gip) 525 { 526 uu_list_t *list; 527 int r; 528 graph_vertex_t *v = e->ge_vertex; 529 int i; 530 uint_t b; 531 532 i = v->gv_id / 8; 533 b = 1 << (v->gv_id % 8); 534 535 /* 536 * Check to see if we've visited this vertex already. 537 */ 538 if (gip->gi_visited[i] & b) 539 return (UU_WALK_NEXT); 540 541 gip->gi_visited[i] |= b; 542 543 /* 544 * Don't follow exclusions. 545 */ 546 if (v->gv_type == GVT_GROUP && v->gv_depgroup == DEPGRP_EXCLUDE_ALL) 547 return (UU_WALK_NEXT); 548 549 /* 550 * Call pre-visit callback. If this doesn't terminate the walk, 551 * continue search. 552 */ 553 if ((gip->gi_ret = gip->gi_pre(v, gip->gi_arg)) == UU_WALK_NEXT) { 554 /* 555 * Recurse using appropriate list. 556 */ 557 if (gip->gi_dir == WALK_DEPENDENTS) 558 list = v->gv_dependents; 559 else 560 list = v->gv_dependencies; 561 562 r = uu_list_walk(list, (uu_walk_fn_t *)graph_walk_recurse, 563 gip, 0); 564 assert(r == 0); 565 } 566 567 /* 568 * Callbacks must return either UU_WALK_NEXT or UU_WALK_DONE. 569 */ 570 assert(gip->gi_ret == UU_WALK_NEXT || gip->gi_ret == UU_WALK_DONE); 571 572 /* 573 * If given a post-callback, call the function for every vertex. 574 */ 575 if (gip->gi_post != NULL) 576 (void) gip->gi_post(v, gip->gi_arg); 577 578 /* 579 * Preserve the callback's return value. If the callback returns 580 * UU_WALK_DONE, then we propagate that to the caller in order to 581 * terminate the walk. 582 */ 583 return (gip->gi_ret); 584 } 585 586 static void 587 graph_walk(graph_vertex_t *v, graph_walk_dir_t dir, 588 int (*pre)(graph_vertex_t *, void *), 589 void (*post)(graph_vertex_t *, void *), void *arg) 590 { 591 graph_walk_info_t gi; 592 graph_edge_t fake; 593 size_t sz = dictionary->dict_new_id / 8 + 1; 594 595 gi.gi_visited = startd_zalloc(sz); 596 gi.gi_pre = pre; 597 gi.gi_post = post; 598 gi.gi_arg = arg; 599 gi.gi_dir = dir; 600 gi.gi_ret = 0; 601 602 /* 603 * Fake up an edge for the first iteration 604 */ 605 fake.ge_vertex = v; 606 (void) graph_walk_recurse(&fake, &gi); 607 608 startd_free(gi.gi_visited, sz); 609 } 610 611 typedef struct child_search { 612 int id; /* id of vertex to look for */ 613 uint_t depth; /* recursion depth */ 614 /* 615 * While the vertex is not found, path is NULL. After the search, if 616 * the vertex was found then path should point to a -1-terminated 617 * array of vertex id's which constitute the path to the vertex. 618 */ 619 int *path; 620 } child_search_t; 621 622 static int 623 child_pre(graph_vertex_t *v, void *arg) 624 { 625 child_search_t *cs = arg; 626 627 cs->depth++; 628 629 if (v->gv_id == cs->id) { 630 cs->path = startd_alloc((cs->depth + 1) * sizeof (int)); 631 cs->path[cs->depth] = -1; 632 return (UU_WALK_DONE); 633 } 634 635 return (UU_WALK_NEXT); 636 } 637 638 static void 639 child_post(graph_vertex_t *v, void *arg) 640 { 641 child_search_t *cs = arg; 642 643 cs->depth--; 644 645 if (cs->path != NULL) 646 cs->path[cs->depth] = v->gv_id; 647 } 648 649 /* 650 * Look for a path from from to to. If one exists, returns a pointer to 651 * a NULL-terminated array of pointers to the vertices along the path. If 652 * there is no path, returns NULL. 653 */ 654 static int * 655 is_path_to(graph_vertex_t *from, graph_vertex_t *to) 656 { 657 child_search_t cs; 658 659 cs.id = to->gv_id; 660 cs.depth = 0; 661 cs.path = NULL; 662 663 graph_walk(from, WALK_DEPENDENCIES, child_pre, child_post, &cs); 664 665 return (cs.path); 666 } 667 668 /* 669 * Given an array of int's as returned by is_path_to, allocates a string of 670 * their names joined by newlines. Returns the size of the allocated buffer 671 * in *sz and frees path. 672 */ 673 static void 674 path_to_str(int *path, char **cpp, size_t *sz) 675 { 676 int i; 677 graph_vertex_t *v; 678 size_t allocd, new_allocd; 679 char *new, *name; 680 681 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 682 assert(path[0] != -1); 683 684 allocd = 1; 685 *cpp = startd_alloc(1); 686 (*cpp)[0] = '\0'; 687 688 for (i = 0; path[i] != -1; ++i) { 689 name = NULL; 690 691 v = vertex_get_by_id(path[i]); 692 693 if (v == NULL) 694 name = "<deleted>"; 695 else if (v->gv_type == GVT_INST || v->gv_type == GVT_SVC) 696 name = v->gv_name; 697 698 if (name != NULL) { 699 new_allocd = allocd + strlen(name) + 1; 700 new = startd_alloc(new_allocd); 701 (void) strcpy(new, *cpp); 702 (void) strcat(new, name); 703 (void) strcat(new, "\n"); 704 705 startd_free(*cpp, allocd); 706 707 *cpp = new; 708 allocd = new_allocd; 709 } 710 } 711 712 startd_free(path, sizeof (int) * (i + 1)); 713 714 *sz = allocd; 715 } 716 717 718 /* 719 * This function along with run_sulogin() implements an exclusion relationship 720 * between system/console-login and sulogin. run_sulogin() will fail if 721 * system/console-login is online, and the graph engine should call 722 * graph_clogin_start() to bring system/console-login online, which defers the 723 * start if sulogin is running. 724 */ 725 static void 726 graph_clogin_start(graph_vertex_t *v) 727 { 728 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 729 730 if (sulogin_running) 731 console_login_ready = B_TRUE; 732 else 733 vertex_send_event(v, RESTARTER_EVENT_TYPE_START); 734 } 735 736 static void 737 graph_su_start(graph_vertex_t *v) 738 { 739 /* 740 * /etc/inittab used to have the initial /sbin/rcS as a 'sysinit' 741 * entry with a runlevel of 'S', before jumping to the final 742 * target runlevel (as set in initdefault). We mimic that legacy 743 * behavior here. 744 */ 745 utmpx_set_runlevel('S', '0', B_FALSE); 746 vertex_send_event(v, RESTARTER_EVENT_TYPE_START); 747 } 748 749 static void 750 graph_post_su_online(void) 751 { 752 graph_runlevel_changed('S', 1); 753 } 754 755 static void 756 graph_post_su_disable(void) 757 { 758 graph_runlevel_changed('S', 0); 759 } 760 761 static void 762 graph_post_mu_online(void) 763 { 764 graph_runlevel_changed('2', 1); 765 } 766 767 static void 768 graph_post_mu_disable(void) 769 { 770 graph_runlevel_changed('2', 0); 771 } 772 773 static void 774 graph_post_mus_online(void) 775 { 776 graph_runlevel_changed('3', 1); 777 } 778 779 static void 780 graph_post_mus_disable(void) 781 { 782 graph_runlevel_changed('3', 0); 783 } 784 785 static struct special_vertex_info { 786 const char *name; 787 void (*start_f)(graph_vertex_t *); 788 void (*post_online_f)(void); 789 void (*post_disable_f)(void); 790 } special_vertices[] = { 791 { CONSOLE_LOGIN_FMRI, graph_clogin_start, NULL, NULL }, 792 { SCF_MILESTONE_SINGLE_USER, graph_su_start, 793 graph_post_su_online, graph_post_su_disable }, 794 { SCF_MILESTONE_MULTI_USER, NULL, 795 graph_post_mu_online, graph_post_mu_disable }, 796 { SCF_MILESTONE_MULTI_USER_SERVER, NULL, 797 graph_post_mus_online, graph_post_mus_disable }, 798 { NULL }, 799 }; 800 801 802 void 803 vertex_send_event(graph_vertex_t *v, restarter_event_type_t e) 804 { 805 switch (e) { 806 case RESTARTER_EVENT_TYPE_ADD_INSTANCE: 807 assert(v->gv_state == RESTARTER_STATE_UNINIT); 808 809 MUTEX_LOCK(&st->st_load_lock); 810 st->st_load_instances++; 811 MUTEX_UNLOCK(&st->st_load_lock); 812 break; 813 814 case RESTARTER_EVENT_TYPE_ENABLE: 815 log_framework(LOG_DEBUG, "Enabling %s.\n", v->gv_name); 816 assert(v->gv_state == RESTARTER_STATE_UNINIT || 817 v->gv_state == RESTARTER_STATE_DISABLED || 818 v->gv_state == RESTARTER_STATE_MAINT); 819 break; 820 821 case RESTARTER_EVENT_TYPE_DISABLE: 822 case RESTARTER_EVENT_TYPE_ADMIN_DISABLE: 823 log_framework(LOG_DEBUG, "Disabling %s.\n", v->gv_name); 824 assert(v->gv_state != RESTARTER_STATE_DISABLED); 825 break; 826 827 case RESTARTER_EVENT_TYPE_STOP: 828 log_framework(LOG_DEBUG, "Stopping %s.\n", v->gv_name); 829 assert(v->gv_state == RESTARTER_STATE_DEGRADED || 830 v->gv_state == RESTARTER_STATE_ONLINE); 831 break; 832 833 case RESTARTER_EVENT_TYPE_START: 834 log_framework(LOG_DEBUG, "Starting %s.\n", v->gv_name); 835 assert(v->gv_state == RESTARTER_STATE_OFFLINE); 836 break; 837 838 case RESTARTER_EVENT_TYPE_REMOVE_INSTANCE: 839 case RESTARTER_EVENT_TYPE_ADMIN_DEGRADED: 840 case RESTARTER_EVENT_TYPE_ADMIN_REFRESH: 841 case RESTARTER_EVENT_TYPE_ADMIN_RESTART: 842 case RESTARTER_EVENT_TYPE_ADMIN_MAINT_OFF: 843 case RESTARTER_EVENT_TYPE_ADMIN_MAINT_ON: 844 case RESTARTER_EVENT_TYPE_ADMIN_MAINT_ON_IMMEDIATE: 845 case RESTARTER_EVENT_TYPE_DEPENDENCY_CYCLE: 846 case RESTARTER_EVENT_TYPE_INVALID_DEPENDENCY: 847 break; 848 849 default: 850 #ifndef NDEBUG 851 uu_warn("%s:%d: Bad event %d.\n", __FILE__, __LINE__, e); 852 #endif 853 abort(); 854 } 855 856 restarter_protocol_send_event(v->gv_name, v->gv_restarter_channel, e); 857 } 858 859 static void 860 graph_unset_restarter(graph_vertex_t *v) 861 { 862 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 863 assert(v->gv_flags & GV_CONFIGURED); 864 865 vertex_send_event(v, RESTARTER_EVENT_TYPE_REMOVE_INSTANCE); 866 867 if (v->gv_restarter_id != -1) { 868 graph_vertex_t *rv; 869 870 rv = vertex_get_by_id(v->gv_restarter_id); 871 graph_remove_edge(v, rv); 872 } 873 874 v->gv_restarter_id = -1; 875 v->gv_restarter_channel = NULL; 876 } 877 878 /* 879 * Return VERTEX_REMOVED when the vertex passed in argument is deleted from the 880 * dgraph otherwise return VERTEX_INUSE. 881 */ 882 static int 883 free_if_unrefed(graph_vertex_t *v) 884 { 885 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 886 887 if (v->gv_refs > 0) 888 return (VERTEX_INUSE); 889 890 if (v->gv_type == GVT_SVC && 891 uu_list_numnodes(v->gv_dependents) == 0 && 892 uu_list_numnodes(v->gv_dependencies) == 0) { 893 graph_remove_vertex(v); 894 return (VERTEX_REMOVED); 895 } else if (v->gv_type == GVT_INST && 896 (v->gv_flags & GV_CONFIGURED) == 0 && 897 uu_list_numnodes(v->gv_dependents) == 1 && 898 uu_list_numnodes(v->gv_dependencies) == 0) { 899 remove_inst_vertex(v); 900 return (VERTEX_REMOVED); 901 } 902 903 return (VERTEX_INUSE); 904 } 905 906 static void 907 delete_depgroup(graph_vertex_t *v) 908 { 909 graph_edge_t *e; 910 graph_vertex_t *dv; 911 912 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 913 assert(v->gv_type == GVT_GROUP); 914 assert(uu_list_numnodes(v->gv_dependents) == 0); 915 916 while ((e = uu_list_first(v->gv_dependencies)) != NULL) { 917 dv = e->ge_vertex; 918 919 graph_remove_edge(v, dv); 920 921 switch (dv->gv_type) { 922 case GVT_INST: /* instance dependency */ 923 case GVT_SVC: /* service dependency */ 924 (void) free_if_unrefed(dv); 925 break; 926 927 case GVT_FILE: /* file dependency */ 928 assert(uu_list_numnodes(dv->gv_dependencies) == 0); 929 if (uu_list_numnodes(dv->gv_dependents) == 0) 930 graph_remove_vertex(dv); 931 break; 932 933 default: 934 #ifndef NDEBUG 935 uu_warn("%s:%d: Unexpected node type %d", __FILE__, 936 __LINE__, dv->gv_type); 937 #endif 938 abort(); 939 } 940 } 941 942 graph_remove_vertex(v); 943 } 944 945 static int 946 delete_instance_deps_cb(graph_edge_t *e, void **ptrs) 947 { 948 graph_vertex_t *v = ptrs[0]; 949 boolean_t delete_restarter_dep = (boolean_t)ptrs[1]; 950 graph_vertex_t *dv; 951 952 dv = e->ge_vertex; 953 954 /* 955 * We have four possibilities here: 956 * - GVT_INST: restarter 957 * - GVT_GROUP - GVT_INST: instance dependency 958 * - GVT_GROUP - GVT_SVC - GV_INST: service dependency 959 * - GVT_GROUP - GVT_FILE: file dependency 960 */ 961 switch (dv->gv_type) { 962 case GVT_INST: /* restarter */ 963 assert(dv->gv_id == v->gv_restarter_id); 964 if (delete_restarter_dep) 965 graph_remove_edge(v, dv); 966 break; 967 968 case GVT_GROUP: /* pg dependency */ 969 graph_remove_edge(v, dv); 970 delete_depgroup(dv); 971 break; 972 973 case GVT_FILE: 974 /* These are currently not direct dependencies */ 975 976 default: 977 #ifndef NDEBUG 978 uu_warn("%s:%d: Bad vertex type %d.\n", __FILE__, __LINE__, 979 dv->gv_type); 980 #endif 981 abort(); 982 } 983 984 return (UU_WALK_NEXT); 985 } 986 987 static void 988 delete_instance_dependencies(graph_vertex_t *v, boolean_t delete_restarter_dep) 989 { 990 void *ptrs[2]; 991 int r; 992 993 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 994 assert(v->gv_type == GVT_INST); 995 996 ptrs[0] = v; 997 ptrs[1] = (void *)delete_restarter_dep; 998 999 r = uu_list_walk(v->gv_dependencies, 1000 (uu_walk_fn_t *)delete_instance_deps_cb, &ptrs, UU_WALK_ROBUST); 1001 assert(r == 0); 1002 } 1003 1004 /* 1005 * int graph_insert_vertex_unconfigured() 1006 * Insert a vertex without sending any restarter events. If the vertex 1007 * already exists or creation is successful, return a pointer to it in *vp. 1008 * 1009 * If type is not GVT_GROUP, dt can remain unset. 1010 * 1011 * Returns 0, EEXIST, or EINVAL if the arguments are invalid (i.e., fmri 1012 * doesn't agree with type, or type doesn't agree with dt). 1013 */ 1014 static int 1015 graph_insert_vertex_unconfigured(const char *fmri, gv_type_t type, 1016 depgroup_type_t dt, restarter_error_t rt, graph_vertex_t **vp) 1017 { 1018 int r; 1019 int i; 1020 1021 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 1022 1023 switch (type) { 1024 case GVT_SVC: 1025 case GVT_INST: 1026 if (strncmp(fmri, "svc:", sizeof ("svc:") - 1) != 0) 1027 return (EINVAL); 1028 break; 1029 1030 case GVT_FILE: 1031 if (strncmp(fmri, "file:", sizeof ("file:") - 1) != 0) 1032 return (EINVAL); 1033 break; 1034 1035 case GVT_GROUP: 1036 if (dt <= 0 || rt < 0) 1037 return (EINVAL); 1038 break; 1039 1040 default: 1041 #ifndef NDEBUG 1042 uu_warn("%s:%d: Unknown type %d.\n", __FILE__, __LINE__, type); 1043 #endif 1044 abort(); 1045 } 1046 1047 *vp = vertex_get_by_name(fmri); 1048 if (*vp != NULL) 1049 return (EEXIST); 1050 1051 *vp = graph_add_vertex(fmri); 1052 1053 (*vp)->gv_type = type; 1054 (*vp)->gv_depgroup = dt; 1055 (*vp)->gv_restart = rt; 1056 1057 (*vp)->gv_flags = 0; 1058 (*vp)->gv_state = RESTARTER_STATE_NONE; 1059 1060 for (i = 0; special_vertices[i].name != NULL; ++i) { 1061 if (strcmp(fmri, special_vertices[i].name) == 0) { 1062 (*vp)->gv_start_f = special_vertices[i].start_f; 1063 (*vp)->gv_post_online_f = 1064 special_vertices[i].post_online_f; 1065 (*vp)->gv_post_disable_f = 1066 special_vertices[i].post_disable_f; 1067 break; 1068 } 1069 } 1070 1071 (*vp)->gv_restarter_id = -1; 1072 (*vp)->gv_restarter_channel = 0; 1073 1074 if (type == GVT_INST) { 1075 char *sfmri; 1076 graph_vertex_t *sv; 1077 1078 sfmri = inst_fmri_to_svc_fmri(fmri); 1079 sv = vertex_get_by_name(sfmri); 1080 if (sv == NULL) { 1081 r = graph_insert_vertex_unconfigured(sfmri, GVT_SVC, 0, 1082 0, &sv); 1083 assert(r == 0); 1084 } 1085 startd_free(sfmri, max_scf_fmri_size); 1086 1087 graph_add_edge(sv, *vp); 1088 } 1089 1090 /* 1091 * If this vertex is in the subgraph, mark it as so, for both 1092 * GVT_INST and GVT_SERVICE verteces. 1093 * A GVT_SERVICE vertex can only be in the subgraph if another instance 1094 * depends on it, in which case it's already been added to the graph 1095 * and marked as in the subgraph (by refresh_vertex()). If a 1096 * GVT_SERVICE vertex was freshly added (by the code above), it means 1097 * that it has no dependents, and cannot be in the subgraph. 1098 * Regardless of this, we still check that gv_flags includes 1099 * GV_INSUBGRAPH in the event that future behavior causes the above 1100 * code to add a GVT_SERVICE vertex which should be in the subgraph. 1101 */ 1102 1103 (*vp)->gv_flags |= (should_be_in_subgraph(*vp)? GV_INSUBGRAPH : 0); 1104 1105 return (0); 1106 } 1107 1108 /* 1109 * Returns 0 on success or ELOOP if the dependency would create a cycle. 1110 */ 1111 static int 1112 graph_insert_dependency(graph_vertex_t *fv, graph_vertex_t *tv, int **pathp) 1113 { 1114 hrtime_t now; 1115 1116 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 1117 1118 /* cycle detection */ 1119 now = gethrtime(); 1120 1121 /* Don't follow exclusions. */ 1122 if (!(fv->gv_type == GVT_GROUP && 1123 fv->gv_depgroup == DEPGRP_EXCLUDE_ALL)) { 1124 *pathp = is_path_to(tv, fv); 1125 if (*pathp) 1126 return (ELOOP); 1127 } 1128 1129 dep_cycle_ns += gethrtime() - now; 1130 ++dep_inserts; 1131 now = gethrtime(); 1132 1133 graph_add_edge(fv, tv); 1134 1135 dep_insert_ns += gethrtime() - now; 1136 1137 /* Check if the dependency adds the "to" vertex to the subgraph */ 1138 tv->gv_flags |= (should_be_in_subgraph(tv) ? GV_INSUBGRAPH : 0); 1139 1140 return (0); 1141 } 1142 1143 static int 1144 inst_running(graph_vertex_t *v) 1145 { 1146 assert(v->gv_type == GVT_INST); 1147 1148 if (v->gv_state == RESTARTER_STATE_ONLINE || 1149 v->gv_state == RESTARTER_STATE_DEGRADED) 1150 return (1); 1151 1152 return (0); 1153 } 1154 1155 /* 1156 * The dependency evaluation functions return 1157 * 1 - dependency satisfied 1158 * 0 - dependency unsatisfied 1159 * -1 - dependency unsatisfiable (without administrator intervention) 1160 * 1161 * The functions also take a boolean satbility argument. When true, the 1162 * functions may recurse in order to determine satisfiability. 1163 */ 1164 static int require_any_satisfied(graph_vertex_t *, boolean_t); 1165 static int dependency_satisfied(graph_vertex_t *, boolean_t); 1166 1167 /* 1168 * A require_all dependency is unsatisfied if any elements are unsatisfied. It 1169 * is unsatisfiable if any elements are unsatisfiable. 1170 */ 1171 static int 1172 require_all_satisfied(graph_vertex_t *groupv, boolean_t satbility) 1173 { 1174 graph_edge_t *edge; 1175 int i; 1176 boolean_t any_unsatisfied; 1177 1178 if (uu_list_numnodes(groupv->gv_dependencies) == 0) 1179 return (1); 1180 1181 any_unsatisfied = B_FALSE; 1182 1183 for (edge = uu_list_first(groupv->gv_dependencies); 1184 edge != NULL; 1185 edge = uu_list_next(groupv->gv_dependencies, edge)) { 1186 i = dependency_satisfied(edge->ge_vertex, satbility); 1187 if (i == 1) 1188 continue; 1189 1190 log_framework2(LOG_DEBUG, DEBUG_DEPENDENCIES, 1191 "require_all(%s): %s is unsatisfi%s.\n", groupv->gv_name, 1192 edge->ge_vertex->gv_name, i == 0 ? "ed" : "able"); 1193 1194 if (!satbility) 1195 return (0); 1196 1197 if (i == -1) 1198 return (-1); 1199 1200 any_unsatisfied = B_TRUE; 1201 } 1202 1203 return (any_unsatisfied ? 0 : 1); 1204 } 1205 1206 /* 1207 * A require_any dependency is satisfied if any element is satisfied. It is 1208 * satisfiable if any element is satisfiable. 1209 */ 1210 static int 1211 require_any_satisfied(graph_vertex_t *groupv, boolean_t satbility) 1212 { 1213 graph_edge_t *edge; 1214 int s; 1215 boolean_t satisfiable; 1216 1217 if (uu_list_numnodes(groupv->gv_dependencies) == 0) 1218 return (1); 1219 1220 satisfiable = B_FALSE; 1221 1222 for (edge = uu_list_first(groupv->gv_dependencies); 1223 edge != NULL; 1224 edge = uu_list_next(groupv->gv_dependencies, edge)) { 1225 s = dependency_satisfied(edge->ge_vertex, satbility); 1226 1227 if (s == 1) 1228 return (1); 1229 1230 log_framework2(LOG_DEBUG, DEBUG_DEPENDENCIES, 1231 "require_any(%s): %s is unsatisfi%s.\n", 1232 groupv->gv_name, edge->ge_vertex->gv_name, 1233 s == 0 ? "ed" : "able"); 1234 1235 if (satbility && s == 0) 1236 satisfiable = B_TRUE; 1237 } 1238 1239 return (!satbility || satisfiable ? 0 : -1); 1240 } 1241 1242 /* 1243 * An optional_all dependency only considers elements which are configured, 1244 * enabled, and not in maintenance. If any are unsatisfied, then the dependency 1245 * is unsatisfied. 1246 * 1247 * Offline dependencies which are waiting for a dependency to come online are 1248 * unsatisfied. Offline dependences which cannot possibly come online 1249 * (unsatisfiable) are always considered satisfied. 1250 */ 1251 static int 1252 optional_all_satisfied(graph_vertex_t *groupv, boolean_t satbility) 1253 { 1254 graph_edge_t *edge; 1255 graph_vertex_t *v; 1256 boolean_t any_qualified; 1257 boolean_t any_unsatisfied; 1258 int i; 1259 1260 any_qualified = B_FALSE; 1261 any_unsatisfied = B_FALSE; 1262 1263 for (edge = uu_list_first(groupv->gv_dependencies); 1264 edge != NULL; 1265 edge = uu_list_next(groupv->gv_dependencies, edge)) { 1266 v = edge->ge_vertex; 1267 1268 switch (v->gv_type) { 1269 case GVT_INST: 1270 /* Skip missing or disabled instances */ 1271 if ((v->gv_flags & (GV_CONFIGURED | GV_ENABLED)) != 1272 (GV_CONFIGURED | GV_ENABLED)) 1273 continue; 1274 1275 if (v->gv_state == RESTARTER_STATE_MAINT) 1276 continue; 1277 1278 if (v->gv_flags & GV_TOOFFLINE) 1279 continue; 1280 1281 any_qualified = B_TRUE; 1282 if (v->gv_state == RESTARTER_STATE_OFFLINE) { 1283 /* 1284 * For offline dependencies, treat unsatisfiable 1285 * as satisfied. 1286 */ 1287 i = dependency_satisfied(v, B_TRUE); 1288 if (i == -1) 1289 i = 1; 1290 } else if (v->gv_state == RESTARTER_STATE_DISABLED) { 1291 /* 1292 * The service is enabled, but hasn't 1293 * transitioned out of disabled yet. Treat it 1294 * as unsatisfied (not unsatisfiable). 1295 */ 1296 i = 0; 1297 } else { 1298 i = dependency_satisfied(v, satbility); 1299 } 1300 break; 1301 1302 case GVT_FILE: 1303 any_qualified = B_TRUE; 1304 i = dependency_satisfied(v, satbility); 1305 1306 break; 1307 1308 case GVT_SVC: { 1309 boolean_t svc_any_qualified; 1310 boolean_t svc_satisfied; 1311 boolean_t svc_satisfiable; 1312 graph_vertex_t *v2; 1313 graph_edge_t *e2; 1314 1315 svc_any_qualified = B_FALSE; 1316 svc_satisfied = B_FALSE; 1317 svc_satisfiable = B_FALSE; 1318 1319 for (e2 = uu_list_first(v->gv_dependencies); 1320 e2 != NULL; 1321 e2 = uu_list_next(v->gv_dependencies, e2)) { 1322 v2 = e2->ge_vertex; 1323 assert(v2->gv_type == GVT_INST); 1324 1325 if ((v2->gv_flags & 1326 (GV_CONFIGURED | GV_ENABLED)) != 1327 (GV_CONFIGURED | GV_ENABLED)) 1328 continue; 1329 1330 if (v2->gv_state == RESTARTER_STATE_MAINT) 1331 continue; 1332 1333 if (v2->gv_flags & GV_TOOFFLINE) 1334 continue; 1335 1336 svc_any_qualified = B_TRUE; 1337 1338 if (v2->gv_state == RESTARTER_STATE_OFFLINE) { 1339 /* 1340 * For offline dependencies, treat 1341 * unsatisfiable as satisfied. 1342 */ 1343 i = dependency_satisfied(v2, B_TRUE); 1344 if (i == -1) 1345 i = 1; 1346 } else if (v2->gv_state == 1347 RESTARTER_STATE_DISABLED) { 1348 i = 0; 1349 } else { 1350 i = dependency_satisfied(v2, satbility); 1351 } 1352 1353 if (i == 1) { 1354 svc_satisfied = B_TRUE; 1355 break; 1356 } 1357 if (i == 0) 1358 svc_satisfiable = B_TRUE; 1359 } 1360 1361 if (!svc_any_qualified) 1362 continue; 1363 any_qualified = B_TRUE; 1364 if (svc_satisfied) { 1365 i = 1; 1366 } else if (svc_satisfiable) { 1367 i = 0; 1368 } else { 1369 i = -1; 1370 } 1371 break; 1372 } 1373 1374 case GVT_GROUP: 1375 default: 1376 #ifndef NDEBUG 1377 uu_warn("%s:%d: Unexpected vertex type %d.\n", __FILE__, 1378 __LINE__, v->gv_type); 1379 #endif 1380 abort(); 1381 } 1382 1383 if (i == 1) 1384 continue; 1385 1386 log_framework2(LOG_DEBUG, DEBUG_DEPENDENCIES, 1387 "optional_all(%s): %s is unsatisfi%s.\n", groupv->gv_name, 1388 v->gv_name, i == 0 ? "ed" : "able"); 1389 1390 if (!satbility) 1391 return (0); 1392 if (i == -1) 1393 return (-1); 1394 any_unsatisfied = B_TRUE; 1395 } 1396 1397 if (!any_qualified) 1398 return (1); 1399 1400 return (any_unsatisfied ? 0 : 1); 1401 } 1402 1403 /* 1404 * An exclude_all dependency is unsatisfied if any non-service element is 1405 * satisfied or any service instance which is configured, enabled, and not in 1406 * maintenance is satisfied. Usually when unsatisfied, it is also 1407 * unsatisfiable. 1408 */ 1409 #define LOG_EXCLUDE(u, v) \ 1410 log_framework2(LOG_DEBUG, DEBUG_DEPENDENCIES, \ 1411 "exclude_all(%s): %s is satisfied.\n", \ 1412 (u)->gv_name, (v)->gv_name) 1413 1414 /* ARGSUSED */ 1415 static int 1416 exclude_all_satisfied(graph_vertex_t *groupv, boolean_t satbility) 1417 { 1418 graph_edge_t *edge, *e2; 1419 graph_vertex_t *v, *v2; 1420 1421 for (edge = uu_list_first(groupv->gv_dependencies); 1422 edge != NULL; 1423 edge = uu_list_next(groupv->gv_dependencies, edge)) { 1424 v = edge->ge_vertex; 1425 1426 switch (v->gv_type) { 1427 case GVT_INST: 1428 if ((v->gv_flags & GV_CONFIGURED) == 0) 1429 continue; 1430 1431 switch (v->gv_state) { 1432 case RESTARTER_STATE_ONLINE: 1433 case RESTARTER_STATE_DEGRADED: 1434 LOG_EXCLUDE(groupv, v); 1435 return (v->gv_flags & GV_ENABLED ? -1 : 0); 1436 1437 case RESTARTER_STATE_OFFLINE: 1438 case RESTARTER_STATE_UNINIT: 1439 LOG_EXCLUDE(groupv, v); 1440 return (0); 1441 1442 case RESTARTER_STATE_DISABLED: 1443 case RESTARTER_STATE_MAINT: 1444 continue; 1445 1446 default: 1447 #ifndef NDEBUG 1448 uu_warn("%s:%d: Unexpected vertex state %d.\n", 1449 __FILE__, __LINE__, v->gv_state); 1450 #endif 1451 abort(); 1452 } 1453 /* NOTREACHED */ 1454 1455 case GVT_SVC: 1456 break; 1457 1458 case GVT_FILE: 1459 if (!file_ready(v)) 1460 continue; 1461 LOG_EXCLUDE(groupv, v); 1462 return (-1); 1463 1464 case GVT_GROUP: 1465 default: 1466 #ifndef NDEBUG 1467 uu_warn("%s:%d: Unexpected vertex type %d.\n", __FILE__, 1468 __LINE__, v->gv_type); 1469 #endif 1470 abort(); 1471 } 1472 1473 /* v represents a service */ 1474 if (uu_list_numnodes(v->gv_dependencies) == 0) 1475 continue; 1476 1477 for (e2 = uu_list_first(v->gv_dependencies); 1478 e2 != NULL; 1479 e2 = uu_list_next(v->gv_dependencies, e2)) { 1480 v2 = e2->ge_vertex; 1481 assert(v2->gv_type == GVT_INST); 1482 1483 if ((v2->gv_flags & GV_CONFIGURED) == 0) 1484 continue; 1485 1486 switch (v2->gv_state) { 1487 case RESTARTER_STATE_ONLINE: 1488 case RESTARTER_STATE_DEGRADED: 1489 LOG_EXCLUDE(groupv, v2); 1490 return (v2->gv_flags & GV_ENABLED ? -1 : 0); 1491 1492 case RESTARTER_STATE_OFFLINE: 1493 case RESTARTER_STATE_UNINIT: 1494 LOG_EXCLUDE(groupv, v2); 1495 return (0); 1496 1497 case RESTARTER_STATE_DISABLED: 1498 case RESTARTER_STATE_MAINT: 1499 continue; 1500 1501 default: 1502 #ifndef NDEBUG 1503 uu_warn("%s:%d: Unexpected vertex type %d.\n", 1504 __FILE__, __LINE__, v2->gv_type); 1505 #endif 1506 abort(); 1507 } 1508 } 1509 } 1510 1511 return (1); 1512 } 1513 1514 /* 1515 * int instance_satisfied() 1516 * Determine if all the dependencies are satisfied for the supplied instance 1517 * vertex. Return 1 if they are, 0 if they aren't, and -1 if they won't be 1518 * without administrator intervention. 1519 */ 1520 static int 1521 instance_satisfied(graph_vertex_t *v, boolean_t satbility) 1522 { 1523 assert(v->gv_type == GVT_INST); 1524 assert(!inst_running(v)); 1525 1526 return (require_all_satisfied(v, satbility)); 1527 } 1528 1529 /* 1530 * Decide whether v can satisfy a dependency. v can either be a child of 1531 * a group vertex, or of an instance vertex. 1532 */ 1533 static int 1534 dependency_satisfied(graph_vertex_t *v, boolean_t satbility) 1535 { 1536 switch (v->gv_type) { 1537 case GVT_INST: 1538 if ((v->gv_flags & GV_CONFIGURED) == 0) { 1539 if (v->gv_flags & GV_DEATHROW) { 1540 /* 1541 * A dependency on an instance with GV_DEATHROW 1542 * flag is always considered as satisfied. 1543 */ 1544 return (1); 1545 } 1546 return (-1); 1547 } 1548 1549 /* 1550 * Any vertex with the GV_TOOFFLINE flag set is guaranteed 1551 * to have its dependencies unsatisfiable. 1552 */ 1553 if (v->gv_flags & GV_TOOFFLINE) 1554 return (-1); 1555 1556 switch (v->gv_state) { 1557 case RESTARTER_STATE_ONLINE: 1558 case RESTARTER_STATE_DEGRADED: 1559 return (1); 1560 1561 case RESTARTER_STATE_OFFLINE: 1562 if (!satbility) 1563 return (0); 1564 return (instance_satisfied(v, satbility) != -1 ? 1565 0 : -1); 1566 1567 case RESTARTER_STATE_DISABLED: 1568 case RESTARTER_STATE_MAINT: 1569 return (-1); 1570 1571 case RESTARTER_STATE_UNINIT: 1572 return (0); 1573 1574 default: 1575 #ifndef NDEBUG 1576 uu_warn("%s:%d: Unexpected vertex state %d.\n", 1577 __FILE__, __LINE__, v->gv_state); 1578 #endif 1579 abort(); 1580 /* NOTREACHED */ 1581 } 1582 1583 case GVT_SVC: 1584 if (uu_list_numnodes(v->gv_dependencies) == 0) 1585 return (-1); 1586 return (require_any_satisfied(v, satbility)); 1587 1588 case GVT_FILE: 1589 /* i.e., we assume files will not be automatically generated */ 1590 return (file_ready(v) ? 1 : -1); 1591 1592 case GVT_GROUP: 1593 break; 1594 1595 default: 1596 #ifndef NDEBUG 1597 uu_warn("%s:%d: Unexpected node type %d.\n", __FILE__, __LINE__, 1598 v->gv_type); 1599 #endif 1600 abort(); 1601 /* NOTREACHED */ 1602 } 1603 1604 switch (v->gv_depgroup) { 1605 case DEPGRP_REQUIRE_ANY: 1606 return (require_any_satisfied(v, satbility)); 1607 1608 case DEPGRP_REQUIRE_ALL: 1609 return (require_all_satisfied(v, satbility)); 1610 1611 case DEPGRP_OPTIONAL_ALL: 1612 return (optional_all_satisfied(v, satbility)); 1613 1614 case DEPGRP_EXCLUDE_ALL: 1615 return (exclude_all_satisfied(v, satbility)); 1616 1617 default: 1618 #ifndef NDEBUG 1619 uu_warn("%s:%d: Unknown dependency grouping %d.\n", __FILE__, 1620 __LINE__, v->gv_depgroup); 1621 #endif 1622 abort(); 1623 } 1624 } 1625 1626 void 1627 graph_start_if_satisfied(graph_vertex_t *v) 1628 { 1629 if (v->gv_state == RESTARTER_STATE_OFFLINE && 1630 instance_satisfied(v, B_FALSE) == 1) { 1631 if (v->gv_start_f == NULL) 1632 vertex_send_event(v, RESTARTER_EVENT_TYPE_START); 1633 else 1634 v->gv_start_f(v); 1635 } 1636 } 1637 1638 /* 1639 * propagate_satbility() 1640 * 1641 * This function is used when the given vertex changes state in such a way that 1642 * one of its dependents may become unsatisfiable. This happens when an 1643 * instance transitions between offline -> online, or from !running -> 1644 * maintenance, as well as when an instance is removed from the graph. 1645 * 1646 * We have to walk all the dependents, since optional_all dependencies several 1647 * levels up could become (un)satisfied, instead of unsatisfiable. For example, 1648 * 1649 * +-----+ optional_all +-----+ require_all +-----+ 1650 * | A |--------------->| B |-------------->| C | 1651 * +-----+ +-----+ +-----+ 1652 * 1653 * offline -> maintenance 1654 * 1655 * If C goes into maintenance, it's not enough simply to check B. Because A has 1656 * an optional dependency, what was previously an unsatisfiable situation is now 1657 * satisfied (B will never come online, even though its state hasn't changed). 1658 * 1659 * Note that it's not necessary to continue examining dependents after reaching 1660 * an optional_all dependency. It's not possible for an optional_all dependency 1661 * to change satisfiability without also coming online, in which case we get a 1662 * start event and propagation continues naturally. However, it does no harm to 1663 * continue propagating satisfiability (as it is a relatively rare event), and 1664 * keeps the walker code simple and generic. 1665 */ 1666 /*ARGSUSED*/ 1667 static int 1668 satbility_cb(graph_vertex_t *v, void *arg) 1669 { 1670 if (v->gv_type == GVT_INST) 1671 graph_start_if_satisfied(v); 1672 1673 return (UU_WALK_NEXT); 1674 } 1675 1676 static void 1677 propagate_satbility(graph_vertex_t *v) 1678 { 1679 graph_walk(v, WALK_DEPENDENTS, satbility_cb, NULL, NULL); 1680 } 1681 1682 static void propagate_stop(graph_vertex_t *, void *); 1683 1684 /* ARGSUSED */ 1685 static void 1686 propagate_start(graph_vertex_t *v, void *arg) 1687 { 1688 switch (v->gv_type) { 1689 case GVT_INST: 1690 graph_start_if_satisfied(v); 1691 break; 1692 1693 case GVT_GROUP: 1694 if (v->gv_depgroup == DEPGRP_EXCLUDE_ALL) { 1695 graph_walk_dependents(v, propagate_stop, 1696 (void *)RERR_RESTART); 1697 break; 1698 } 1699 /* FALLTHROUGH */ 1700 1701 case GVT_SVC: 1702 graph_walk_dependents(v, propagate_start, NULL); 1703 break; 1704 1705 case GVT_FILE: 1706 #ifndef NDEBUG 1707 uu_warn("%s:%d: propagate_start() encountered GVT_FILE.\n", 1708 __FILE__, __LINE__); 1709 #endif 1710 abort(); 1711 /* NOTREACHED */ 1712 1713 default: 1714 #ifndef NDEBUG 1715 uu_warn("%s:%d: Unknown vertex type %d.\n", __FILE__, __LINE__, 1716 v->gv_type); 1717 #endif 1718 abort(); 1719 } 1720 } 1721 1722 static void 1723 propagate_stop(graph_vertex_t *v, void *arg) 1724 { 1725 graph_edge_t *e; 1726 graph_vertex_t *svc; 1727 restarter_error_t err = (restarter_error_t)arg; 1728 1729 switch (v->gv_type) { 1730 case GVT_INST: 1731 /* Restarter */ 1732 if (err > RERR_NONE && inst_running(v)) 1733 vertex_send_event(v, RESTARTER_EVENT_TYPE_STOP); 1734 break; 1735 1736 case GVT_SVC: 1737 graph_walk_dependents(v, propagate_stop, arg); 1738 break; 1739 1740 case GVT_FILE: 1741 #ifndef NDEBUG 1742 uu_warn("%s:%d: propagate_stop() encountered GVT_FILE.\n", 1743 __FILE__, __LINE__); 1744 #endif 1745 abort(); 1746 /* NOTREACHED */ 1747 1748 case GVT_GROUP: 1749 if (v->gv_depgroup == DEPGRP_EXCLUDE_ALL) { 1750 graph_walk_dependents(v, propagate_start, NULL); 1751 break; 1752 } 1753 1754 if (err == RERR_NONE || err > v->gv_restart) 1755 break; 1756 1757 assert(uu_list_numnodes(v->gv_dependents) == 1); 1758 e = uu_list_first(v->gv_dependents); 1759 svc = e->ge_vertex; 1760 1761 if (inst_running(svc)) 1762 vertex_send_event(svc, RESTARTER_EVENT_TYPE_STOP); 1763 break; 1764 1765 default: 1766 #ifndef NDEBUG 1767 uu_warn("%s:%d: Unknown vertex type %d.\n", __FILE__, __LINE__, 1768 v->gv_type); 1769 #endif 1770 abort(); 1771 } 1772 } 1773 1774 void 1775 offline_vertex(graph_vertex_t *v) 1776 { 1777 scf_handle_t *h = libscf_handle_create_bound_loop(); 1778 scf_instance_t *scf_inst = safe_scf_instance_create(h); 1779 scf_propertygroup_t *pg = safe_scf_pg_create(h); 1780 restarter_instance_state_t state, next_state; 1781 int r; 1782 1783 assert(v->gv_type == GVT_INST); 1784 1785 if (scf_inst == NULL) 1786 bad_error("safe_scf_instance_create", scf_error()); 1787 if (pg == NULL) 1788 bad_error("safe_scf_pg_create", scf_error()); 1789 1790 /* if the vertex is already going offline, return */ 1791 rep_retry: 1792 if (scf_handle_decode_fmri(h, v->gv_name, NULL, NULL, scf_inst, NULL, 1793 NULL, SCF_DECODE_FMRI_EXACT) != 0) { 1794 switch (scf_error()) { 1795 case SCF_ERROR_CONNECTION_BROKEN: 1796 libscf_handle_rebind(h); 1797 goto rep_retry; 1798 1799 case SCF_ERROR_NOT_FOUND: 1800 scf_pg_destroy(pg); 1801 scf_instance_destroy(scf_inst); 1802 (void) scf_handle_unbind(h); 1803 scf_handle_destroy(h); 1804 return; 1805 } 1806 uu_die("Can't decode FMRI %s: %s\n", v->gv_name, 1807 scf_strerror(scf_error())); 1808 } 1809 1810 r = scf_instance_get_pg(scf_inst, SCF_PG_RESTARTER, pg); 1811 if (r != 0) { 1812 switch (scf_error()) { 1813 case SCF_ERROR_CONNECTION_BROKEN: 1814 libscf_handle_rebind(h); 1815 goto rep_retry; 1816 1817 case SCF_ERROR_NOT_SET: 1818 case SCF_ERROR_NOT_FOUND: 1819 scf_pg_destroy(pg); 1820 scf_instance_destroy(scf_inst); 1821 (void) scf_handle_unbind(h); 1822 scf_handle_destroy(h); 1823 return; 1824 1825 default: 1826 bad_error("scf_instance_get_pg", scf_error()); 1827 } 1828 } else { 1829 r = libscf_read_states(pg, &state, &next_state); 1830 if (r == 0 && (next_state == RESTARTER_STATE_OFFLINE || 1831 next_state == RESTARTER_STATE_DISABLED)) { 1832 log_framework(LOG_DEBUG, 1833 "%s: instance is already going down.\n", 1834 v->gv_name); 1835 scf_pg_destroy(pg); 1836 scf_instance_destroy(scf_inst); 1837 (void) scf_handle_unbind(h); 1838 scf_handle_destroy(h); 1839 return; 1840 } 1841 } 1842 1843 scf_pg_destroy(pg); 1844 scf_instance_destroy(scf_inst); 1845 (void) scf_handle_unbind(h); 1846 scf_handle_destroy(h); 1847 1848 vertex_send_event(v, RESTARTER_EVENT_TYPE_STOP); 1849 } 1850 1851 /* 1852 * void graph_enable_by_vertex() 1853 * If admin is non-zero, this is an administrative request for change 1854 * of the enabled property. Thus, send the ADMIN_DISABLE rather than 1855 * a plain DISABLE restarter event. 1856 */ 1857 void 1858 graph_enable_by_vertex(graph_vertex_t *vertex, int enable, int admin) 1859 { 1860 graph_vertex_t *v; 1861 int r; 1862 1863 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 1864 assert((vertex->gv_flags & GV_CONFIGURED)); 1865 1866 vertex->gv_flags = (vertex->gv_flags & ~GV_ENABLED) | 1867 (enable ? GV_ENABLED : 0); 1868 1869 if (enable) { 1870 if (vertex->gv_state != RESTARTER_STATE_OFFLINE && 1871 vertex->gv_state != RESTARTER_STATE_DEGRADED && 1872 vertex->gv_state != RESTARTER_STATE_ONLINE) { 1873 /* 1874 * In case the vertex was notified to go down, 1875 * but now can return online, clear the _TOOFFLINE 1876 * and _TODISABLE flags. 1877 */ 1878 vertex->gv_flags &= ~GV_TOOFFLINE; 1879 vertex->gv_flags &= ~GV_TODISABLE; 1880 1881 vertex_send_event(vertex, RESTARTER_EVENT_TYPE_ENABLE); 1882 } 1883 1884 /* 1885 * Wait for state update from restarter before sending _START or 1886 * _STOP. 1887 */ 1888 1889 return; 1890 } 1891 1892 if (vertex->gv_state == RESTARTER_STATE_DISABLED) 1893 return; 1894 1895 if (!admin) { 1896 vertex_send_event(vertex, RESTARTER_EVENT_TYPE_DISABLE); 1897 1898 /* 1899 * Wait for state update from restarter before sending _START or 1900 * _STOP. 1901 */ 1902 1903 return; 1904 } 1905 1906 /* 1907 * If it is a DISABLE event requested by the administrator then we are 1908 * offlining the dependents first. 1909 */ 1910 1911 /* 1912 * Set GV_TOOFFLINE for the services we are offlining. We cannot 1913 * clear the GV_TOOFFLINE bits from all the services because 1914 * other DISABLE events might be handled at the same time. 1915 */ 1916 vertex->gv_flags |= GV_TOOFFLINE; 1917 1918 /* remember which vertex to disable... */ 1919 vertex->gv_flags |= GV_TODISABLE; 1920 1921 log_framework(LOG_DEBUG, "Marking in-subtree vertices before " 1922 "disabling %s.\n", vertex->gv_name); 1923 1924 /* set GV_TOOFFLINE for its dependents */ 1925 r = uu_list_walk(vertex->gv_dependents, (uu_walk_fn_t *)mark_subtree, 1926 NULL, 0); 1927 assert(r == 0); 1928 1929 /* disable the instance now if there is nothing else to offline */ 1930 if (insubtree_dependents_down(vertex) == B_TRUE) { 1931 vertex_send_event(vertex, RESTARTER_EVENT_TYPE_ADMIN_DISABLE); 1932 return; 1933 } 1934 1935 /* 1936 * This loop is similar to the one used for the graph reversal shutdown 1937 * and could be improved in term of performance for the subtree reversal 1938 * disable case. 1939 */ 1940 for (v = uu_list_first(dgraph); v != NULL; 1941 v = uu_list_next(dgraph, v)) { 1942 /* skip the vertex we are disabling for now */ 1943 if (v == vertex) 1944 continue; 1945 1946 if (v->gv_type != GVT_INST || 1947 (v->gv_flags & GV_CONFIGURED) == 0 || 1948 (v->gv_flags & GV_ENABLED) == 0 || 1949 (v->gv_flags & GV_TOOFFLINE) == 0) 1950 continue; 1951 1952 if ((v->gv_state != RESTARTER_STATE_ONLINE) && 1953 (v->gv_state != RESTARTER_STATE_DEGRADED)) { 1954 /* continue if there is nothing to offline */ 1955 continue; 1956 } 1957 1958 /* 1959 * Instances which are up need to come down before we're 1960 * done, but we can only offline the leaves here. An 1961 * instance is a leaf when all its dependents are down. 1962 */ 1963 if (insubtree_dependents_down(v) == B_TRUE) { 1964 log_framework(LOG_DEBUG, "Offlining in-subtree " 1965 "instance %s for %s.\n", 1966 v->gv_name, vertex->gv_name); 1967 offline_vertex(v); 1968 } 1969 } 1970 } 1971 1972 static int configure_vertex(graph_vertex_t *, scf_instance_t *); 1973 1974 /* 1975 * Set the restarter for v to fmri_arg. That is, make sure a vertex for 1976 * fmri_arg exists, make v depend on it, and send _ADD_INSTANCE for v. If 1977 * v is already configured and fmri_arg indicates the current restarter, do 1978 * nothing. If v is configured and fmri_arg is a new restarter, delete v's 1979 * dependency on the restarter, send _REMOVE_INSTANCE for v, and set the new 1980 * restarter. Returns 0 on success, EINVAL if the FMRI is invalid, 1981 * ECONNABORTED if the repository connection is broken, and ELOOP 1982 * if the dependency would create a cycle. In the last case, *pathp will 1983 * point to a -1-terminated array of ids which compose the path from v to 1984 * restarter_fmri. 1985 */ 1986 int 1987 graph_change_restarter(graph_vertex_t *v, const char *fmri_arg, scf_handle_t *h, 1988 int **pathp) 1989 { 1990 char *restarter_fmri = NULL; 1991 graph_vertex_t *rv; 1992 int err; 1993 int id; 1994 1995 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 1996 1997 if (fmri_arg[0] != '\0') { 1998 err = fmri_canonify(fmri_arg, &restarter_fmri, B_TRUE); 1999 if (err != 0) { 2000 assert(err == EINVAL); 2001 return (err); 2002 } 2003 } 2004 2005 if (restarter_fmri == NULL || 2006 strcmp(restarter_fmri, SCF_SERVICE_STARTD) == 0) { 2007 if (v->gv_flags & GV_CONFIGURED) { 2008 if (v->gv_restarter_id == -1) { 2009 if (restarter_fmri != NULL) 2010 startd_free(restarter_fmri, 2011 max_scf_fmri_size); 2012 return (0); 2013 } 2014 2015 graph_unset_restarter(v); 2016 } 2017 2018 /* Master restarter, nothing to do. */ 2019 v->gv_restarter_id = -1; 2020 v->gv_restarter_channel = NULL; 2021 vertex_send_event(v, RESTARTER_EVENT_TYPE_ADD_INSTANCE); 2022 return (0); 2023 } 2024 2025 if (v->gv_flags & GV_CONFIGURED) { 2026 id = dict_lookup_byname(restarter_fmri); 2027 if (id != -1 && v->gv_restarter_id == id) { 2028 startd_free(restarter_fmri, max_scf_fmri_size); 2029 return (0); 2030 } 2031 2032 graph_unset_restarter(v); 2033 } 2034 2035 err = graph_insert_vertex_unconfigured(restarter_fmri, GVT_INST, 0, 2036 RERR_NONE, &rv); 2037 startd_free(restarter_fmri, max_scf_fmri_size); 2038 assert(err == 0 || err == EEXIST); 2039 2040 if (rv->gv_delegate_initialized == 0) { 2041 if ((rv->gv_delegate_channel = restarter_protocol_init_delegate( 2042 rv->gv_name)) == NULL) 2043 return (EINVAL); 2044 rv->gv_delegate_initialized = 1; 2045 } 2046 v->gv_restarter_id = rv->gv_id; 2047 v->gv_restarter_channel = rv->gv_delegate_channel; 2048 2049 err = graph_insert_dependency(v, rv, pathp); 2050 if (err != 0) { 2051 assert(err == ELOOP); 2052 return (ELOOP); 2053 } 2054 2055 vertex_send_event(v, RESTARTER_EVENT_TYPE_ADD_INSTANCE); 2056 2057 if (!(rv->gv_flags & GV_CONFIGURED)) { 2058 scf_instance_t *inst; 2059 2060 err = libscf_fmri_get_instance(h, rv->gv_name, &inst); 2061 switch (err) { 2062 case 0: 2063 err = configure_vertex(rv, inst); 2064 scf_instance_destroy(inst); 2065 switch (err) { 2066 case 0: 2067 case ECANCELED: 2068 break; 2069 2070 case ECONNABORTED: 2071 return (ECONNABORTED); 2072 2073 default: 2074 bad_error("configure_vertex", err); 2075 } 2076 break; 2077 2078 case ECONNABORTED: 2079 return (ECONNABORTED); 2080 2081 case ENOENT: 2082 break; 2083 2084 case ENOTSUP: 2085 /* 2086 * The fmri doesn't specify an instance - translate 2087 * to EINVAL. 2088 */ 2089 return (EINVAL); 2090 2091 case EINVAL: 2092 default: 2093 bad_error("libscf_fmri_get_instance", err); 2094 } 2095 } 2096 2097 return (0); 2098 } 2099 2100 2101 /* 2102 * Add all of the instances of the service named by fmri to the graph. 2103 * Returns 2104 * 0 - success 2105 * ENOENT - service indicated by fmri does not exist 2106 * 2107 * In both cases *reboundp will be B_TRUE if the handle was rebound, or B_FALSE 2108 * otherwise. 2109 */ 2110 static int 2111 add_service(const char *fmri, scf_handle_t *h, boolean_t *reboundp) 2112 { 2113 scf_service_t *svc; 2114 scf_instance_t *inst; 2115 scf_iter_t *iter; 2116 char *inst_fmri; 2117 int ret, r; 2118 2119 *reboundp = B_FALSE; 2120 2121 svc = safe_scf_service_create(h); 2122 inst = safe_scf_instance_create(h); 2123 iter = safe_scf_iter_create(h); 2124 inst_fmri = startd_alloc(max_scf_fmri_size); 2125 2126 rebound: 2127 if (scf_handle_decode_fmri(h, fmri, NULL, svc, NULL, NULL, NULL, 2128 SCF_DECODE_FMRI_EXACT) != 0) { 2129 switch (scf_error()) { 2130 case SCF_ERROR_CONNECTION_BROKEN: 2131 default: 2132 libscf_handle_rebind(h); 2133 *reboundp = B_TRUE; 2134 goto rebound; 2135 2136 case SCF_ERROR_NOT_FOUND: 2137 ret = ENOENT; 2138 goto out; 2139 2140 case SCF_ERROR_INVALID_ARGUMENT: 2141 case SCF_ERROR_CONSTRAINT_VIOLATED: 2142 case SCF_ERROR_NOT_BOUND: 2143 case SCF_ERROR_HANDLE_MISMATCH: 2144 bad_error("scf_handle_decode_fmri", scf_error()); 2145 } 2146 } 2147 2148 if (scf_iter_service_instances(iter, svc) != 0) { 2149 switch (scf_error()) { 2150 case SCF_ERROR_CONNECTION_BROKEN: 2151 default: 2152 libscf_handle_rebind(h); 2153 *reboundp = B_TRUE; 2154 goto rebound; 2155 2156 case SCF_ERROR_DELETED: 2157 ret = ENOENT; 2158 goto out; 2159 2160 case SCF_ERROR_HANDLE_MISMATCH: 2161 case SCF_ERROR_NOT_BOUND: 2162 case SCF_ERROR_NOT_SET: 2163 bad_error("scf_iter_service_instances", scf_error()); 2164 } 2165 } 2166 2167 for (;;) { 2168 r = scf_iter_next_instance(iter, inst); 2169 if (r == 0) 2170 break; 2171 if (r != 1) { 2172 switch (scf_error()) { 2173 case SCF_ERROR_CONNECTION_BROKEN: 2174 default: 2175 libscf_handle_rebind(h); 2176 *reboundp = B_TRUE; 2177 goto rebound; 2178 2179 case SCF_ERROR_DELETED: 2180 ret = ENOENT; 2181 goto out; 2182 2183 case SCF_ERROR_HANDLE_MISMATCH: 2184 case SCF_ERROR_NOT_BOUND: 2185 case SCF_ERROR_NOT_SET: 2186 case SCF_ERROR_INVALID_ARGUMENT: 2187 bad_error("scf_iter_next_instance", 2188 scf_error()); 2189 } 2190 } 2191 2192 if (scf_instance_to_fmri(inst, inst_fmri, max_scf_fmri_size) < 2193 0) { 2194 switch (scf_error()) { 2195 case SCF_ERROR_CONNECTION_BROKEN: 2196 libscf_handle_rebind(h); 2197 *reboundp = B_TRUE; 2198 goto rebound; 2199 2200 case SCF_ERROR_DELETED: 2201 continue; 2202 2203 case SCF_ERROR_NOT_BOUND: 2204 case SCF_ERROR_NOT_SET: 2205 bad_error("scf_instance_to_fmri", scf_error()); 2206 } 2207 } 2208 2209 r = dgraph_add_instance(inst_fmri, inst, B_FALSE); 2210 switch (r) { 2211 case 0: 2212 case ECANCELED: 2213 break; 2214 2215 case EEXIST: 2216 continue; 2217 2218 case ECONNABORTED: 2219 libscf_handle_rebind(h); 2220 *reboundp = B_TRUE; 2221 goto rebound; 2222 2223 case EINVAL: 2224 default: 2225 bad_error("dgraph_add_instance", r); 2226 } 2227 } 2228 2229 ret = 0; 2230 2231 out: 2232 startd_free(inst_fmri, max_scf_fmri_size); 2233 scf_iter_destroy(iter); 2234 scf_instance_destroy(inst); 2235 scf_service_destroy(svc); 2236 return (ret); 2237 } 2238 2239 struct depfmri_info { 2240 graph_vertex_t *v; /* GVT_GROUP vertex */ 2241 gv_type_t type; /* type of dependency */ 2242 const char *inst_fmri; /* FMRI of parental GVT_INST vert. */ 2243 const char *pg_name; /* Name of dependency pg */ 2244 scf_handle_t *h; 2245 int err; /* return error code */ 2246 int **pathp; /* return circular dependency path */ 2247 }; 2248 2249 /* 2250 * Find or create a vertex for fmri and make info->v depend on it. 2251 * Returns 2252 * 0 - success 2253 * nonzero - failure 2254 * 2255 * On failure, sets info->err to 2256 * EINVAL - fmri is invalid 2257 * fmri does not match info->type 2258 * ELOOP - Adding the dependency creates a circular dependency. *info->pathp 2259 * will point to an array of the ids of the members of the cycle. 2260 * ECONNABORTED - repository connection was broken 2261 * ECONNRESET - succeeded, but repository connection was reset 2262 */ 2263 static int 2264 process_dependency_fmri(const char *fmri, struct depfmri_info *info) 2265 { 2266 int err; 2267 graph_vertex_t *depgroup_v, *v; 2268 char *fmri_copy, *cfmri; 2269 size_t fmri_copy_sz; 2270 const char *scope, *service, *instance, *pg; 2271 scf_instance_t *inst; 2272 boolean_t rebound; 2273 2274 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 2275 2276 /* Get or create vertex for FMRI */ 2277 depgroup_v = info->v; 2278 2279 if (strncmp(fmri, "file:", sizeof ("file:") - 1) == 0) { 2280 if (info->type != GVT_FILE) { 2281 log_framework(LOG_NOTICE, 2282 "FMRI \"%s\" is not allowed for the \"%s\" " 2283 "dependency's type of instance %s.\n", fmri, 2284 info->pg_name, info->inst_fmri); 2285 return (info->err = EINVAL); 2286 } 2287 2288 err = graph_insert_vertex_unconfigured(fmri, info->type, 0, 2289 RERR_NONE, &v); 2290 switch (err) { 2291 case 0: 2292 break; 2293 2294 case EEXIST: 2295 assert(v->gv_type == GVT_FILE); 2296 break; 2297 2298 case EINVAL: /* prevented above */ 2299 default: 2300 bad_error("graph_insert_vertex_unconfigured", err); 2301 } 2302 } else { 2303 if (info->type != GVT_INST) { 2304 log_framework(LOG_NOTICE, 2305 "FMRI \"%s\" is not allowed for the \"%s\" " 2306 "dependency's type of instance %s.\n", fmri, 2307 info->pg_name, info->inst_fmri); 2308 return (info->err = EINVAL); 2309 } 2310 2311 /* 2312 * We must canonify fmri & add a vertex for it. 2313 */ 2314 fmri_copy_sz = strlen(fmri) + 1; 2315 fmri_copy = startd_alloc(fmri_copy_sz); 2316 (void) strcpy(fmri_copy, fmri); 2317 2318 /* Determine if the FMRI is a property group or instance */ 2319 if (scf_parse_svc_fmri(fmri_copy, &scope, &service, 2320 &instance, &pg, NULL) != 0) { 2321 startd_free(fmri_copy, fmri_copy_sz); 2322 log_framework(LOG_NOTICE, 2323 "Dependency \"%s\" of %s has invalid FMRI " 2324 "\"%s\".\n", info->pg_name, info->inst_fmri, 2325 fmri); 2326 return (info->err = EINVAL); 2327 } 2328 2329 if (service == NULL || pg != NULL) { 2330 startd_free(fmri_copy, fmri_copy_sz); 2331 log_framework(LOG_NOTICE, 2332 "Dependency \"%s\" of %s does not designate a " 2333 "service or instance.\n", info->pg_name, 2334 info->inst_fmri); 2335 return (info->err = EINVAL); 2336 } 2337 2338 if (scope == NULL || strcmp(scope, SCF_SCOPE_LOCAL) == 0) { 2339 cfmri = uu_msprintf("svc:/%s%s%s", 2340 service, instance ? ":" : "", instance ? instance : 2341 ""); 2342 } else { 2343 cfmri = uu_msprintf("svc://%s/%s%s%s", 2344 scope, service, instance ? ":" : "", instance ? 2345 instance : ""); 2346 } 2347 2348 startd_free(fmri_copy, fmri_copy_sz); 2349 2350 err = graph_insert_vertex_unconfigured(cfmri, instance ? 2351 GVT_INST : GVT_SVC, instance ? 0 : DEPGRP_REQUIRE_ANY, 2352 RERR_NONE, &v); 2353 uu_free(cfmri); 2354 switch (err) { 2355 case 0: 2356 break; 2357 2358 case EEXIST: 2359 /* Verify v. */ 2360 if (instance != NULL) 2361 assert(v->gv_type == GVT_INST); 2362 else 2363 assert(v->gv_type == GVT_SVC); 2364 break; 2365 2366 default: 2367 bad_error("graph_insert_vertex_unconfigured", err); 2368 } 2369 } 2370 2371 /* Add dependency from depgroup_v to new vertex */ 2372 info->err = graph_insert_dependency(depgroup_v, v, info->pathp); 2373 switch (info->err) { 2374 case 0: 2375 break; 2376 2377 case ELOOP: 2378 return (ELOOP); 2379 2380 default: 2381 bad_error("graph_insert_dependency", info->err); 2382 } 2383 2384 /* This must be after we insert the dependency, to avoid looping. */ 2385 switch (v->gv_type) { 2386 case GVT_INST: 2387 if ((v->gv_flags & GV_CONFIGURED) != 0) 2388 break; 2389 2390 inst = safe_scf_instance_create(info->h); 2391 2392 rebound = B_FALSE; 2393 2394 rebound: 2395 err = libscf_lookup_instance(v->gv_name, inst); 2396 switch (err) { 2397 case 0: 2398 err = configure_vertex(v, inst); 2399 switch (err) { 2400 case 0: 2401 case ECANCELED: 2402 break; 2403 2404 case ECONNABORTED: 2405 libscf_handle_rebind(info->h); 2406 rebound = B_TRUE; 2407 goto rebound; 2408 2409 default: 2410 bad_error("configure_vertex", err); 2411 } 2412 break; 2413 2414 case ENOENT: 2415 break; 2416 2417 case ECONNABORTED: 2418 libscf_handle_rebind(info->h); 2419 rebound = B_TRUE; 2420 goto rebound; 2421 2422 case EINVAL: 2423 case ENOTSUP: 2424 default: 2425 bad_error("libscf_fmri_get_instance", err); 2426 } 2427 2428 scf_instance_destroy(inst); 2429 2430 if (rebound) 2431 return (info->err = ECONNRESET); 2432 break; 2433 2434 case GVT_SVC: 2435 (void) add_service(v->gv_name, info->h, &rebound); 2436 if (rebound) 2437 return (info->err = ECONNRESET); 2438 } 2439 2440 return (0); 2441 } 2442 2443 struct deppg_info { 2444 graph_vertex_t *v; /* GVT_INST vertex */ 2445 int err; /* return error */ 2446 int **pathp; /* return circular dependency path */ 2447 }; 2448 2449 /* 2450 * Make info->v depend on a new GVT_GROUP node for this property group, 2451 * and then call process_dependency_fmri() for the values of the entity 2452 * property. Return 0 on success, or if something goes wrong return nonzero 2453 * and set info->err to ECONNABORTED, EINVAL, or the error code returned by 2454 * process_dependency_fmri(). 2455 */ 2456 static int 2457 process_dependency_pg(scf_propertygroup_t *pg, struct deppg_info *info) 2458 { 2459 scf_handle_t *h; 2460 depgroup_type_t deptype; 2461 restarter_error_t rerr; 2462 struct depfmri_info linfo; 2463 char *fmri, *pg_name; 2464 size_t fmri_sz; 2465 graph_vertex_t *depgrp; 2466 scf_property_t *prop; 2467 int err; 2468 int empty; 2469 scf_error_t scferr; 2470 ssize_t len; 2471 2472 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 2473 2474 h = scf_pg_handle(pg); 2475 2476 pg_name = startd_alloc(max_scf_name_size); 2477 2478 len = scf_pg_get_name(pg, pg_name, max_scf_name_size); 2479 if (len < 0) { 2480 startd_free(pg_name, max_scf_name_size); 2481 switch (scf_error()) { 2482 case SCF_ERROR_CONNECTION_BROKEN: 2483 default: 2484 return (info->err = ECONNABORTED); 2485 2486 case SCF_ERROR_DELETED: 2487 return (info->err = 0); 2488 2489 case SCF_ERROR_NOT_SET: 2490 bad_error("scf_pg_get_name", scf_error()); 2491 } 2492 } 2493 2494 /* 2495 * Skip over empty dependency groups. Since dependency property 2496 * groups are updated atomically, they are either empty or 2497 * fully populated. 2498 */ 2499 empty = depgroup_empty(h, pg); 2500 if (empty < 0) { 2501 log_error(LOG_INFO, 2502 "Error reading dependency group \"%s\" of %s: %s\n", 2503 pg_name, info->v->gv_name, scf_strerror(scf_error())); 2504 startd_free(pg_name, max_scf_name_size); 2505 return (info->err = EINVAL); 2506 2507 } else if (empty == 1) { 2508 log_framework(LOG_DEBUG, 2509 "Ignoring empty dependency group \"%s\" of %s\n", 2510 pg_name, info->v->gv_name); 2511 startd_free(pg_name, max_scf_name_size); 2512 return (info->err = 0); 2513 } 2514 2515 fmri_sz = strlen(info->v->gv_name) + 1 + len + 1; 2516 fmri = startd_alloc(fmri_sz); 2517 2518 (void) snprintf(fmri, max_scf_name_size, "%s>%s", info->v->gv_name, 2519 pg_name); 2520 2521 /* Validate the pg before modifying the graph */ 2522 deptype = depgroup_read_grouping(h, pg); 2523 if (deptype == DEPGRP_UNSUPPORTED) { 2524 log_error(LOG_INFO, 2525 "Dependency \"%s\" of %s has an unknown grouping value.\n", 2526 pg_name, info->v->gv_name); 2527 startd_free(fmri, fmri_sz); 2528 startd_free(pg_name, max_scf_name_size); 2529 return (info->err = EINVAL); 2530 } 2531 2532 rerr = depgroup_read_restart(h, pg); 2533 if (rerr == RERR_UNSUPPORTED) { 2534 log_error(LOG_INFO, 2535 "Dependency \"%s\" of %s has an unknown restart_on value." 2536 "\n", pg_name, info->v->gv_name); 2537 startd_free(fmri, fmri_sz); 2538 startd_free(pg_name, max_scf_name_size); 2539 return (info->err = EINVAL); 2540 } 2541 2542 prop = safe_scf_property_create(h); 2543 2544 if (scf_pg_get_property(pg, SCF_PROPERTY_ENTITIES, prop) != 0) { 2545 scferr = scf_error(); 2546 scf_property_destroy(prop); 2547 if (scferr == SCF_ERROR_DELETED) { 2548 startd_free(fmri, fmri_sz); 2549 startd_free(pg_name, max_scf_name_size); 2550 return (info->err = 0); 2551 } else if (scferr != SCF_ERROR_NOT_FOUND) { 2552 startd_free(fmri, fmri_sz); 2553 startd_free(pg_name, max_scf_name_size); 2554 return (info->err = ECONNABORTED); 2555 } 2556 2557 log_error(LOG_INFO, 2558 "Dependency \"%s\" of %s is missing a \"%s\" property.\n", 2559 pg_name, info->v->gv_name, SCF_PROPERTY_ENTITIES); 2560 2561 startd_free(fmri, fmri_sz); 2562 startd_free(pg_name, max_scf_name_size); 2563 2564 return (info->err = EINVAL); 2565 } 2566 2567 /* Create depgroup vertex for pg */ 2568 err = graph_insert_vertex_unconfigured(fmri, GVT_GROUP, deptype, 2569 rerr, &depgrp); 2570 assert(err == 0); 2571 startd_free(fmri, fmri_sz); 2572 2573 /* Add dependency from inst vertex to new vertex */ 2574 err = graph_insert_dependency(info->v, depgrp, info->pathp); 2575 /* ELOOP can't happen because this should be a new vertex */ 2576 assert(err == 0); 2577 2578 linfo.v = depgrp; 2579 linfo.type = depgroup_read_scheme(h, pg); 2580 linfo.inst_fmri = info->v->gv_name; 2581 linfo.pg_name = pg_name; 2582 linfo.h = h; 2583 linfo.err = 0; 2584 linfo.pathp = info->pathp; 2585 err = walk_property_astrings(prop, (callback_t)process_dependency_fmri, 2586 &linfo); 2587 2588 scf_property_destroy(prop); 2589 startd_free(pg_name, max_scf_name_size); 2590 2591 switch (err) { 2592 case 0: 2593 case EINTR: 2594 return (info->err = linfo.err); 2595 2596 case ECONNABORTED: 2597 case EINVAL: 2598 return (info->err = err); 2599 2600 case ECANCELED: 2601 return (info->err = 0); 2602 2603 case ECONNRESET: 2604 return (info->err = ECONNABORTED); 2605 2606 default: 2607 bad_error("walk_property_astrings", err); 2608 /* NOTREACHED */ 2609 } 2610 } 2611 2612 /* 2613 * Build the dependency info for v from the repository. Returns 0 on success, 2614 * ECONNABORTED on repository disconnection, EINVAL if the repository 2615 * configuration is invalid, and ELOOP if a dependency would cause a cycle. 2616 * In the last case, *pathp will point to a -1-terminated array of ids which 2617 * constitute the rest of the dependency cycle. 2618 */ 2619 static int 2620 set_dependencies(graph_vertex_t *v, scf_instance_t *inst, int **pathp) 2621 { 2622 struct deppg_info info; 2623 int err; 2624 uint_t old_configured; 2625 2626 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 2627 2628 /* 2629 * Mark the vertex as configured during dependency insertion to avoid 2630 * dependency cycles (which can appear in the graph if one of the 2631 * vertices is an exclusion-group). 2632 */ 2633 old_configured = v->gv_flags & GV_CONFIGURED; 2634 v->gv_flags |= GV_CONFIGURED; 2635 2636 info.err = 0; 2637 info.v = v; 2638 info.pathp = pathp; 2639 2640 err = walk_dependency_pgs(inst, (callback_t)process_dependency_pg, 2641 &info); 2642 2643 if (!old_configured) 2644 v->gv_flags &= ~GV_CONFIGURED; 2645 2646 switch (err) { 2647 case 0: 2648 case EINTR: 2649 return (info.err); 2650 2651 case ECONNABORTED: 2652 return (ECONNABORTED); 2653 2654 case ECANCELED: 2655 /* Should get delete event, so return 0. */ 2656 return (0); 2657 2658 default: 2659 bad_error("walk_dependency_pgs", err); 2660 /* NOTREACHED */ 2661 } 2662 } 2663 2664 2665 static void 2666 handle_cycle(const char *fmri, int *path) 2667 { 2668 const char *cp; 2669 size_t sz; 2670 2671 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 2672 2673 path_to_str(path, (char **)&cp, &sz); 2674 2675 log_error(LOG_ERR, "Transitioning %s to maintenance " 2676 "because it completes a dependency cycle (see svcs -xv for " 2677 "details):\n%s", fmri ? fmri : "?", cp); 2678 2679 startd_free((void *)cp, sz); 2680 } 2681 2682 /* 2683 * Increment the vertex's reference count to prevent the vertex removal 2684 * from the dgraph. 2685 */ 2686 static void 2687 vertex_ref(graph_vertex_t *v) 2688 { 2689 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 2690 2691 v->gv_refs++; 2692 } 2693 2694 /* 2695 * Decrement the vertex's reference count and remove the vertex from 2696 * the dgraph when possible. 2697 * 2698 * Return VERTEX_REMOVED when the vertex has been removed otherwise 2699 * return VERTEX_INUSE. 2700 */ 2701 static int 2702 vertex_unref(graph_vertex_t *v) 2703 { 2704 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 2705 assert(v->gv_refs > 0); 2706 2707 v->gv_refs--; 2708 2709 return (free_if_unrefed(v)); 2710 } 2711 2712 /* 2713 * When run on the dependencies of a vertex, populates list with 2714 * graph_edge_t's which point to the service vertices or the instance 2715 * vertices (no GVT_GROUP nodes) on which the vertex depends. 2716 * 2717 * Increment the vertex's reference count once the vertex is inserted 2718 * in the list. The vertex won't be able to be deleted from the dgraph 2719 * while it is referenced. 2720 */ 2721 static int 2722 append_svcs_or_insts(graph_edge_t *e, uu_list_t *list) 2723 { 2724 graph_vertex_t *v = e->ge_vertex; 2725 graph_edge_t *new; 2726 int r; 2727 2728 switch (v->gv_type) { 2729 case GVT_INST: 2730 case GVT_SVC: 2731 break; 2732 2733 case GVT_GROUP: 2734 r = uu_list_walk(v->gv_dependencies, 2735 (uu_walk_fn_t *)append_svcs_or_insts, list, 0); 2736 assert(r == 0); 2737 return (UU_WALK_NEXT); 2738 2739 case GVT_FILE: 2740 return (UU_WALK_NEXT); 2741 2742 default: 2743 #ifndef NDEBUG 2744 uu_warn("%s:%d: Unexpected vertex type %d.\n", __FILE__, 2745 __LINE__, v->gv_type); 2746 #endif 2747 abort(); 2748 } 2749 2750 new = startd_alloc(sizeof (*new)); 2751 new->ge_vertex = v; 2752 uu_list_node_init(new, &new->ge_link, graph_edge_pool); 2753 r = uu_list_insert_before(list, NULL, new); 2754 assert(r == 0); 2755 2756 /* 2757 * Because we are inserting the vertex in a list, we don't want 2758 * the vertex to be freed while the list is in use. In order to 2759 * achieve that, increment the vertex's reference count. 2760 */ 2761 vertex_ref(v); 2762 2763 return (UU_WALK_NEXT); 2764 } 2765 2766 static boolean_t 2767 should_be_in_subgraph(graph_vertex_t *v) 2768 { 2769 graph_edge_t *e; 2770 2771 if (v == milestone) 2772 return (B_TRUE); 2773 2774 /* 2775 * v is in the subgraph if any of its dependents are in the subgraph. 2776 * Except for EXCLUDE_ALL dependents. And OPTIONAL dependents only 2777 * count if we're enabled. 2778 */ 2779 for (e = uu_list_first(v->gv_dependents); 2780 e != NULL; 2781 e = uu_list_next(v->gv_dependents, e)) { 2782 graph_vertex_t *dv = e->ge_vertex; 2783 2784 if (!(dv->gv_flags & GV_INSUBGRAPH)) 2785 continue; 2786 2787 /* 2788 * Don't include instances that are optional and disabled. 2789 */ 2790 if (v->gv_type == GVT_INST && dv->gv_type == GVT_SVC) { 2791 2792 int in = 0; 2793 graph_edge_t *ee; 2794 2795 for (ee = uu_list_first(dv->gv_dependents); 2796 ee != NULL; 2797 ee = uu_list_next(dv->gv_dependents, ee)) { 2798 2799 graph_vertex_t *ddv = e->ge_vertex; 2800 2801 if (ddv->gv_type == GVT_GROUP && 2802 ddv->gv_depgroup == DEPGRP_EXCLUDE_ALL) 2803 continue; 2804 2805 if (ddv->gv_type == GVT_GROUP && 2806 ddv->gv_depgroup == DEPGRP_OPTIONAL_ALL && 2807 !(v->gv_flags & GV_ENBLD_NOOVR)) 2808 continue; 2809 2810 in = 1; 2811 } 2812 if (!in) 2813 continue; 2814 } 2815 if (v->gv_type == GVT_INST && 2816 dv->gv_type == GVT_GROUP && 2817 dv->gv_depgroup == DEPGRP_OPTIONAL_ALL && 2818 !(v->gv_flags & GV_ENBLD_NOOVR)) 2819 continue; 2820 2821 /* Don't include excluded services and instances */ 2822 if (dv->gv_type == GVT_GROUP && 2823 dv->gv_depgroup == DEPGRP_EXCLUDE_ALL) 2824 continue; 2825 2826 return (B_TRUE); 2827 } 2828 2829 return (B_FALSE); 2830 } 2831 2832 /* 2833 * Ensures that GV_INSUBGRAPH is set properly for v and its descendents. If 2834 * any bits change, manipulate the repository appropriately. Returns 0 or 2835 * ECONNABORTED. 2836 */ 2837 static int 2838 eval_subgraph(graph_vertex_t *v, scf_handle_t *h) 2839 { 2840 boolean_t old = (v->gv_flags & GV_INSUBGRAPH) != 0; 2841 boolean_t new; 2842 graph_edge_t *e; 2843 scf_instance_t *inst; 2844 int ret = 0, r; 2845 2846 assert(milestone != NULL && milestone != MILESTONE_NONE); 2847 2848 new = should_be_in_subgraph(v); 2849 2850 if (new == old) 2851 return (0); 2852 2853 log_framework(LOG_DEBUG, new ? "Adding %s to the subgraph.\n" : 2854 "Removing %s from the subgraph.\n", v->gv_name); 2855 2856 v->gv_flags = (v->gv_flags & ~GV_INSUBGRAPH) | 2857 (new ? GV_INSUBGRAPH : 0); 2858 2859 if (v->gv_type == GVT_INST && (v->gv_flags & GV_CONFIGURED)) { 2860 int err; 2861 2862 get_inst: 2863 err = libscf_fmri_get_instance(h, v->gv_name, &inst); 2864 if (err != 0) { 2865 switch (err) { 2866 case ECONNABORTED: 2867 libscf_handle_rebind(h); 2868 ret = ECONNABORTED; 2869 goto get_inst; 2870 2871 case ENOENT: 2872 break; 2873 2874 case EINVAL: 2875 case ENOTSUP: 2876 default: 2877 bad_error("libscf_fmri_get_instance", err); 2878 } 2879 } else { 2880 const char *f; 2881 2882 if (new) { 2883 err = libscf_delete_enable_ovr(inst); 2884 f = "libscf_delete_enable_ovr"; 2885 } else { 2886 err = libscf_set_enable_ovr(inst, 0); 2887 f = "libscf_set_enable_ovr"; 2888 } 2889 scf_instance_destroy(inst); 2890 switch (err) { 2891 case 0: 2892 case ECANCELED: 2893 break; 2894 2895 case ECONNABORTED: 2896 libscf_handle_rebind(h); 2897 /* 2898 * We must continue so the graph is updated, 2899 * but we must return ECONNABORTED so any 2900 * libscf state held by any callers is reset. 2901 */ 2902 ret = ECONNABORTED; 2903 goto get_inst; 2904 2905 case EROFS: 2906 case EPERM: 2907 log_error(LOG_WARNING, 2908 "Could not set %s/%s for %s: %s.\n", 2909 SCF_PG_GENERAL_OVR, SCF_PROPERTY_ENABLED, 2910 v->gv_name, strerror(err)); 2911 break; 2912 2913 default: 2914 bad_error(f, err); 2915 } 2916 } 2917 } 2918 2919 for (e = uu_list_first(v->gv_dependencies); 2920 e != NULL; 2921 e = uu_list_next(v->gv_dependencies, e)) { 2922 r = eval_subgraph(e->ge_vertex, h); 2923 if (r != 0) { 2924 assert(r == ECONNABORTED); 2925 ret = ECONNABORTED; 2926 } 2927 } 2928 2929 return (ret); 2930 } 2931 2932 /* 2933 * Delete the (property group) dependencies of v & create new ones based on 2934 * inst. If doing so would create a cycle, log a message and put the instance 2935 * into maintenance. Update GV_INSUBGRAPH flags as necessary. Returns 0 or 2936 * ECONNABORTED. 2937 */ 2938 int 2939 refresh_vertex(graph_vertex_t *v, scf_instance_t *inst) 2940 { 2941 int err; 2942 int *path; 2943 char *fmri; 2944 int r; 2945 scf_handle_t *h = scf_instance_handle(inst); 2946 uu_list_t *old_deps; 2947 int ret = 0; 2948 graph_edge_t *e; 2949 graph_vertex_t *vv; 2950 2951 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 2952 assert(v->gv_type == GVT_INST); 2953 2954 log_framework(LOG_DEBUG, "Graph engine: Refreshing %s.\n", v->gv_name); 2955 2956 if (milestone > MILESTONE_NONE) { 2957 /* 2958 * In case some of v's dependencies are being deleted we must 2959 * make a list of them now for GV_INSUBGRAPH-flag evaluation 2960 * after the new dependencies are in place. 2961 */ 2962 old_deps = startd_list_create(graph_edge_pool, NULL, 0); 2963 2964 err = uu_list_walk(v->gv_dependencies, 2965 (uu_walk_fn_t *)append_svcs_or_insts, old_deps, 0); 2966 assert(err == 0); 2967 } 2968 2969 delete_instance_dependencies(v, B_FALSE); 2970 2971 err = set_dependencies(v, inst, &path); 2972 switch (err) { 2973 case 0: 2974 break; 2975 2976 case ECONNABORTED: 2977 ret = err; 2978 goto out; 2979 2980 case EINVAL: 2981 case ELOOP: 2982 r = libscf_instance_get_fmri(inst, &fmri); 2983 switch (r) { 2984 case 0: 2985 break; 2986 2987 case ECONNABORTED: 2988 ret = ECONNABORTED; 2989 goto out; 2990 2991 case ECANCELED: 2992 ret = 0; 2993 goto out; 2994 2995 default: 2996 bad_error("libscf_instance_get_fmri", r); 2997 } 2998 2999 if (err == EINVAL) { 3000 log_error(LOG_ERR, "Transitioning %s " 3001 "to maintenance due to misconfiguration.\n", 3002 fmri ? fmri : "?"); 3003 vertex_send_event(v, 3004 RESTARTER_EVENT_TYPE_INVALID_DEPENDENCY); 3005 } else { 3006 handle_cycle(fmri, path); 3007 vertex_send_event(v, 3008 RESTARTER_EVENT_TYPE_DEPENDENCY_CYCLE); 3009 } 3010 startd_free(fmri, max_scf_fmri_size); 3011 ret = 0; 3012 goto out; 3013 3014 default: 3015 bad_error("set_dependencies", err); 3016 } 3017 3018 if (milestone > MILESTONE_NONE) { 3019 boolean_t aborted = B_FALSE; 3020 3021 for (e = uu_list_first(old_deps); 3022 e != NULL; 3023 e = uu_list_next(old_deps, e)) { 3024 vv = e->ge_vertex; 3025 3026 if (vertex_unref(vv) == VERTEX_INUSE && 3027 eval_subgraph(vv, h) == ECONNABORTED) 3028 aborted = B_TRUE; 3029 } 3030 3031 for (e = uu_list_first(v->gv_dependencies); 3032 e != NULL; 3033 e = uu_list_next(v->gv_dependencies, e)) { 3034 if (eval_subgraph(e->ge_vertex, h) == 3035 ECONNABORTED) 3036 aborted = B_TRUE; 3037 } 3038 3039 if (aborted) { 3040 ret = ECONNABORTED; 3041 goto out; 3042 } 3043 } 3044 3045 graph_start_if_satisfied(v); 3046 3047 ret = 0; 3048 3049 out: 3050 if (milestone > MILESTONE_NONE) { 3051 void *cookie = NULL; 3052 3053 while ((e = uu_list_teardown(old_deps, &cookie)) != NULL) 3054 startd_free(e, sizeof (*e)); 3055 3056 uu_list_destroy(old_deps); 3057 } 3058 3059 return (ret); 3060 } 3061 3062 /* 3063 * Set up v according to inst. That is, make sure it depends on its 3064 * restarter and set up its dependencies. Send the ADD_INSTANCE command to 3065 * the restarter, and send ENABLE or DISABLE as appropriate. 3066 * 3067 * Returns 0 on success, ECONNABORTED on repository disconnection, or 3068 * ECANCELED if inst is deleted. 3069 */ 3070 static int 3071 configure_vertex(graph_vertex_t *v, scf_instance_t *inst) 3072 { 3073 scf_handle_t *h; 3074 scf_propertygroup_t *pg; 3075 scf_snapshot_t *snap; 3076 char *restarter_fmri = startd_alloc(max_scf_value_size); 3077 int enabled, enabled_ovr; 3078 int err; 3079 int *path; 3080 int deathrow; 3081 3082 restarter_fmri[0] = '\0'; 3083 3084 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 3085 assert(v->gv_type == GVT_INST); 3086 assert((v->gv_flags & GV_CONFIGURED) == 0); 3087 3088 /* GV_INSUBGRAPH should already be set properly. */ 3089 assert(should_be_in_subgraph(v) == 3090 ((v->gv_flags & GV_INSUBGRAPH) != 0)); 3091 3092 /* 3093 * If the instance fmri is in the deathrow list then set the 3094 * GV_DEATHROW flag on the vertex and create and set to true the 3095 * SCF_PROPERTY_DEATHROW boolean property in the non-persistent 3096 * repository for this instance fmri. 3097 */ 3098 if ((v->gv_flags & GV_DEATHROW) || 3099 (is_fmri_in_deathrow(v->gv_name) == B_TRUE)) { 3100 if ((v->gv_flags & GV_DEATHROW) == 0) { 3101 /* 3102 * Set flag GV_DEATHROW, create and set to true 3103 * the SCF_PROPERTY_DEATHROW property in the 3104 * non-persistent repository for this instance fmri. 3105 */ 3106 v->gv_flags |= GV_DEATHROW; 3107 3108 switch (err = libscf_set_deathrow(inst, 1)) { 3109 case 0: 3110 break; 3111 3112 case ECONNABORTED: 3113 case ECANCELED: 3114 startd_free(restarter_fmri, max_scf_value_size); 3115 return (err); 3116 3117 case EROFS: 3118 log_error(LOG_WARNING, "Could not set %s/%s " 3119 "for deathrow %s: %s.\n", 3120 SCF_PG_DEATHROW, SCF_PROPERTY_DEATHROW, 3121 v->gv_name, strerror(err)); 3122 break; 3123 3124 case EPERM: 3125 uu_die("Permission denied.\n"); 3126 /* NOTREACHED */ 3127 3128 default: 3129 bad_error("libscf_set_deathrow", err); 3130 } 3131 log_framework(LOG_DEBUG, "Deathrow, graph set %s.\n", 3132 v->gv_name); 3133 } 3134 startd_free(restarter_fmri, max_scf_value_size); 3135 return (0); 3136 } 3137 3138 h = scf_instance_handle(inst); 3139 3140 /* 3141 * Using a temporary deathrow boolean property, set through 3142 * libscf_set_deathrow(), only for fmris on deathrow, is necessary 3143 * because deathrow_fini() may already have been called, and in case 3144 * of a refresh, GV_DEATHROW may need to be set again. 3145 * libscf_get_deathrow() sets deathrow to 1 only if this instance 3146 * has a temporary boolean property named 'deathrow' valued true 3147 * in a property group 'deathrow', -1 or 0 in all other cases. 3148 */ 3149 err = libscf_get_deathrow(h, inst, &deathrow); 3150 switch (err) { 3151 case 0: 3152 break; 3153 3154 case ECONNABORTED: 3155 case ECANCELED: 3156 startd_free(restarter_fmri, max_scf_value_size); 3157 return (err); 3158 3159 default: 3160 bad_error("libscf_get_deathrow", err); 3161 } 3162 3163 if (deathrow == 1) { 3164 v->gv_flags |= GV_DEATHROW; 3165 startd_free(restarter_fmri, max_scf_value_size); 3166 return (0); 3167 } 3168 3169 log_framework(LOG_DEBUG, "Graph adding %s.\n", v->gv_name); 3170 3171 /* 3172 * If the instance does not have a restarter property group, 3173 * initialize its state to uninitialized/none, in case the restarter 3174 * is not enabled. 3175 */ 3176 pg = safe_scf_pg_create(h); 3177 3178 if (scf_instance_get_pg(inst, SCF_PG_RESTARTER, pg) != 0) { 3179 instance_data_t idata; 3180 uint_t count = 0, msecs = ALLOC_DELAY; 3181 3182 switch (scf_error()) { 3183 case SCF_ERROR_NOT_FOUND: 3184 break; 3185 3186 case SCF_ERROR_CONNECTION_BROKEN: 3187 default: 3188 scf_pg_destroy(pg); 3189 startd_free(restarter_fmri, max_scf_value_size); 3190 return (ECONNABORTED); 3191 3192 case SCF_ERROR_DELETED: 3193 scf_pg_destroy(pg); 3194 startd_free(restarter_fmri, max_scf_value_size); 3195 return (ECANCELED); 3196 3197 case SCF_ERROR_NOT_SET: 3198 bad_error("scf_instance_get_pg", scf_error()); 3199 } 3200 3201 switch (err = libscf_instance_get_fmri(inst, 3202 (char **)&idata.i_fmri)) { 3203 case 0: 3204 break; 3205 3206 case ECONNABORTED: 3207 case ECANCELED: 3208 scf_pg_destroy(pg); 3209 startd_free(restarter_fmri, max_scf_value_size); 3210 return (err); 3211 3212 default: 3213 bad_error("libscf_instance_get_fmri", err); 3214 } 3215 3216 idata.i_state = RESTARTER_STATE_NONE; 3217 idata.i_next_state = RESTARTER_STATE_NONE; 3218 3219 init_state: 3220 switch (err = _restarter_commit_states(h, &idata, 3221 RESTARTER_STATE_UNINIT, RESTARTER_STATE_NONE, NULL)) { 3222 case 0: 3223 break; 3224 3225 case ENOMEM: 3226 ++count; 3227 if (count < ALLOC_RETRY) { 3228 (void) poll(NULL, 0, msecs); 3229 msecs *= ALLOC_DELAY_MULT; 3230 goto init_state; 3231 } 3232 3233 uu_die("Insufficient memory.\n"); 3234 /* NOTREACHED */ 3235 3236 case ECONNABORTED: 3237 startd_free((void *)idata.i_fmri, max_scf_fmri_size); 3238 scf_pg_destroy(pg); 3239 startd_free(restarter_fmri, max_scf_value_size); 3240 return (ECONNABORTED); 3241 3242 case ENOENT: 3243 startd_free((void *)idata.i_fmri, max_scf_fmri_size); 3244 scf_pg_destroy(pg); 3245 startd_free(restarter_fmri, max_scf_value_size); 3246 return (ECANCELED); 3247 3248 case EPERM: 3249 case EACCES: 3250 case EROFS: 3251 log_error(LOG_NOTICE, "Could not initialize state for " 3252 "%s: %s.\n", idata.i_fmri, strerror(err)); 3253 break; 3254 3255 case EINVAL: 3256 default: 3257 bad_error("_restarter_commit_states", err); 3258 } 3259 3260 startd_free((void *)idata.i_fmri, max_scf_fmri_size); 3261 } 3262 3263 scf_pg_destroy(pg); 3264 3265 if (milestone != NULL) { 3266 /* 3267 * Make sure the enable-override is set properly before we 3268 * read whether we should be enabled. 3269 */ 3270 if (milestone == MILESTONE_NONE || 3271 !(v->gv_flags & GV_INSUBGRAPH)) { 3272 /* 3273 * This might seem unjustified after the milestone 3274 * transition has completed (non_subgraph_svcs == 0), 3275 * but it's important because when we boot to 3276 * a milestone, we set the milestone before populating 3277 * the graph, and all of the new non-subgraph services 3278 * need to be disabled here. 3279 */ 3280 switch (err = libscf_set_enable_ovr(inst, 0)) { 3281 case 0: 3282 break; 3283 3284 case ECONNABORTED: 3285 case ECANCELED: 3286 startd_free(restarter_fmri, max_scf_value_size); 3287 return (err); 3288 3289 case EROFS: 3290 log_error(LOG_WARNING, 3291 "Could not set %s/%s for %s: %s.\n", 3292 SCF_PG_GENERAL_OVR, SCF_PROPERTY_ENABLED, 3293 v->gv_name, strerror(err)); 3294 break; 3295 3296 case EPERM: 3297 uu_die("Permission denied.\n"); 3298 /* NOTREACHED */ 3299 3300 default: 3301 bad_error("libscf_set_enable_ovr", err); 3302 } 3303 } else { 3304 assert(v->gv_flags & GV_INSUBGRAPH); 3305 switch (err = libscf_delete_enable_ovr(inst)) { 3306 case 0: 3307 break; 3308 3309 case ECONNABORTED: 3310 case ECANCELED: 3311 startd_free(restarter_fmri, max_scf_value_size); 3312 return (err); 3313 3314 case EPERM: 3315 uu_die("Permission denied.\n"); 3316 /* NOTREACHED */ 3317 3318 default: 3319 bad_error("libscf_delete_enable_ovr", err); 3320 } 3321 } 3322 } 3323 3324 err = libscf_get_basic_instance_data(h, inst, v->gv_name, &enabled, 3325 &enabled_ovr, &restarter_fmri); 3326 switch (err) { 3327 case 0: 3328 break; 3329 3330 case ECONNABORTED: 3331 case ECANCELED: 3332 startd_free(restarter_fmri, max_scf_value_size); 3333 return (err); 3334 3335 case ENOENT: 3336 log_framework(LOG_DEBUG, 3337 "Ignoring %s because it has no general property group.\n", 3338 v->gv_name); 3339 startd_free(restarter_fmri, max_scf_value_size); 3340 return (0); 3341 3342 default: 3343 bad_error("libscf_get_basic_instance_data", err); 3344 } 3345 3346 if (enabled == -1) { 3347 startd_free(restarter_fmri, max_scf_value_size); 3348 return (0); 3349 } 3350 3351 v->gv_flags = (v->gv_flags & ~GV_ENBLD_NOOVR) | 3352 (enabled ? GV_ENBLD_NOOVR : 0); 3353 3354 if (enabled_ovr != -1) 3355 enabled = enabled_ovr; 3356 3357 v->gv_state = RESTARTER_STATE_UNINIT; 3358 3359 snap = libscf_get_or_make_running_snapshot(inst, v->gv_name, B_TRUE); 3360 scf_snapshot_destroy(snap); 3361 3362 /* Set up the restarter. (Sends _ADD_INSTANCE on success.) */ 3363 err = graph_change_restarter(v, restarter_fmri, h, &path); 3364 if (err != 0) { 3365 instance_data_t idata; 3366 uint_t count = 0, msecs = ALLOC_DELAY; 3367 const char *reason; 3368 3369 if (err == ECONNABORTED) { 3370 startd_free(restarter_fmri, max_scf_value_size); 3371 return (err); 3372 } 3373 3374 assert(err == EINVAL || err == ELOOP); 3375 3376 if (err == EINVAL) { 3377 log_framework(LOG_ERR, emsg_invalid_restarter, 3378 v->gv_name, restarter_fmri); 3379 reason = "invalid_restarter"; 3380 } else { 3381 handle_cycle(v->gv_name, path); 3382 reason = "dependency_cycle"; 3383 } 3384 3385 startd_free(restarter_fmri, max_scf_value_size); 3386 3387 /* 3388 * We didn't register the instance with the restarter, so we 3389 * must set maintenance mode ourselves. 3390 */ 3391 err = libscf_instance_get_fmri(inst, (char **)&idata.i_fmri); 3392 if (err != 0) { 3393 assert(err == ECONNABORTED || err == ECANCELED); 3394 return (err); 3395 } 3396 3397 idata.i_state = RESTARTER_STATE_NONE; 3398 idata.i_next_state = RESTARTER_STATE_NONE; 3399 3400 set_maint: 3401 switch (err = _restarter_commit_states(h, &idata, 3402 RESTARTER_STATE_MAINT, RESTARTER_STATE_NONE, reason)) { 3403 case 0: 3404 break; 3405 3406 case ENOMEM: 3407 ++count; 3408 if (count < ALLOC_RETRY) { 3409 (void) poll(NULL, 0, msecs); 3410 msecs *= ALLOC_DELAY_MULT; 3411 goto set_maint; 3412 } 3413 3414 uu_die("Insufficient memory.\n"); 3415 /* NOTREACHED */ 3416 3417 case ECONNABORTED: 3418 startd_free((void *)idata.i_fmri, max_scf_fmri_size); 3419 return (ECONNABORTED); 3420 3421 case ENOENT: 3422 startd_free((void *)idata.i_fmri, max_scf_fmri_size); 3423 return (ECANCELED); 3424 3425 case EPERM: 3426 case EACCES: 3427 case EROFS: 3428 log_error(LOG_NOTICE, "Could not initialize state for " 3429 "%s: %s.\n", idata.i_fmri, strerror(err)); 3430 break; 3431 3432 case EINVAL: 3433 default: 3434 bad_error("_restarter_commit_states", err); 3435 } 3436 3437 startd_free((void *)idata.i_fmri, max_scf_fmri_size); 3438 3439 v->gv_state = RESTARTER_STATE_MAINT; 3440 3441 goto out; 3442 } 3443 startd_free(restarter_fmri, max_scf_value_size); 3444 3445 /* Add all the other dependencies. */ 3446 err = refresh_vertex(v, inst); 3447 if (err != 0) { 3448 assert(err == ECONNABORTED); 3449 return (err); 3450 } 3451 3452 out: 3453 v->gv_flags |= GV_CONFIGURED; 3454 3455 graph_enable_by_vertex(v, enabled, 0); 3456 3457 return (0); 3458 } 3459 3460 3461 static void 3462 kill_user_procs(void) 3463 { 3464 (void) fputs("svc.startd: Killing user processes.\n", stdout); 3465 3466 /* 3467 * Despite its name, killall's role is to get select user processes-- 3468 * basically those representing terminal-based logins-- to die. Victims 3469 * are located by killall in the utmp database. Since these are most 3470 * often shell based logins, and many shells mask SIGTERM (but are 3471 * responsive to SIGHUP) we first HUP and then shortly thereafter 3472 * kill -9. 3473 */ 3474 (void) fork_with_timeout("/usr/sbin/killall HUP", 1, 5); 3475 (void) fork_with_timeout("/usr/sbin/killall KILL", 1, 5); 3476 3477 /* 3478 * Note the selection of user id's 0, 1 and 15, subsequently 3479 * inverted by -v. 15 is reserved for dladmd. Yes, this is a 3480 * kludge-- a better policy is needed. 3481 * 3482 * Note that fork_with_timeout will only wait out the 1 second 3483 * "grace time" if pkill actually returns 0. So if there are 3484 * no matches, this will run to completion much more quickly. 3485 */ 3486 (void) fork_with_timeout("/usr/bin/pkill -TERM -v -u 0,1,15", 1, 5); 3487 (void) fork_with_timeout("/usr/bin/pkill -KILL -v -u 0,1,15", 1, 5); 3488 } 3489 3490 static void 3491 do_uadmin(void) 3492 { 3493 const char * const resetting = "/etc/svc/volatile/resetting"; 3494 int fd; 3495 struct statvfs vfs; 3496 time_t now; 3497 struct tm nowtm; 3498 char down_buf[256], time_buf[256]; 3499 uintptr_t mdep; 3500 #if defined(__i386) 3501 grub_boot_args_t fbarg; 3502 #endif /* __i386 */ 3503 3504 mdep = NULL; 3505 fd = creat(resetting, 0777); 3506 if (fd >= 0) 3507 startd_close(fd); 3508 else 3509 uu_warn("Could not create \"%s\"", resetting); 3510 3511 /* Kill dhcpagent if we're not using nfs for root */ 3512 if ((statvfs("/", &vfs) == 0) && 3513 (strncmp(vfs.f_basetype, "nfs", sizeof ("nfs") - 1) != 0)) 3514 fork_with_timeout("/usr/bin/pkill -x -u 0 dhcpagent", 0, 5); 3515 3516 /* 3517 * Call sync(2) now, before we kill off user processes. This takes 3518 * advantage of the several seconds of pause we have before the 3519 * killalls are done. Time we can make good use of to get pages 3520 * moving out to disk. 3521 * 3522 * Inside non-global zones, we don't bother, and it's better not to 3523 * anyway, since sync(2) can have system-wide impact. 3524 */ 3525 if (getzoneid() == 0) 3526 sync(); 3527 3528 kill_user_procs(); 3529 3530 /* 3531 * Note that this must come after the killing of user procs, since 3532 * killall relies on utmpx, and this command affects the contents of 3533 * said file. 3534 */ 3535 if (access("/usr/lib/acct/closewtmp", X_OK) == 0) 3536 fork_with_timeout("/usr/lib/acct/closewtmp", 0, 5); 3537 3538 /* 3539 * For patches which may be installed as the system is shutting 3540 * down, we need to ensure, one more time, that the boot archive 3541 * really is up to date. 3542 */ 3543 if (getzoneid() == 0 && access("/usr/sbin/bootadm", X_OK) == 0) 3544 fork_with_timeout("/usr/sbin/bootadm -ea update_all", 0, 3600); 3545 3546 /* 3547 * Right now, fast reboot is supported only on i386. 3548 * scf_is_fastboot_default() should take care of it. 3549 * If somehow we got there on unsupported platform - 3550 * print warning and fall back to regular reboot. 3551 */ 3552 if (halting == AD_FASTREBOOT) { 3553 #if defined(__i386) 3554 int rc; 3555 3556 if ((rc = grub_get_boot_args(&fbarg, NULL, 3557 GRUB_ENTRY_DEFAULT)) == 0) { 3558 mdep = (uintptr_t)&fbarg.gba_bootargs; 3559 } else { 3560 /* 3561 * Failed to read GRUB menu, fall back to normal reboot 3562 */ 3563 halting = AD_BOOT; 3564 uu_warn("Failed to process GRUB menu entry " 3565 "for fast reboot.\n\t%s\n" 3566 "Falling back to regular reboot.\n", 3567 grub_strerror(rc)); 3568 } 3569 #else /* __i386 */ 3570 halting = AD_BOOT; 3571 uu_warn("Fast reboot configured, but not supported by " 3572 "this ISA\n"); 3573 #endif /* __i386 */ 3574 } 3575 3576 fork_with_timeout("/sbin/umountall -l", 0, 5); 3577 fork_with_timeout("/sbin/umount /tmp /var/adm /var/run /var " 3578 ">/dev/null 2>&1", 0, 5); 3579 3580 /* 3581 * Try to get to consistency for whatever UFS filesystems are left. 3582 * This is pretty expensive, so we save it for the end in the hopes of 3583 * minimizing what it must do. The other option would be to start in 3584 * parallel with the killall's, but lockfs tends to throw out much more 3585 * than is needed, and so subsequent commands (like umountall) take a 3586 * long time to get going again. 3587 * 3588 * Inside of zones, we don't bother, since we're not about to terminate 3589 * the whole OS instance. 3590 * 3591 * On systems using only ZFS, this call to lockfs -fa is a no-op. 3592 */ 3593 if (getzoneid() == 0) { 3594 if (access("/usr/sbin/lockfs", X_OK) == 0) 3595 fork_with_timeout("/usr/sbin/lockfs -fa", 0, 30); 3596 3597 sync(); /* once more, with feeling */ 3598 } 3599 3600 fork_with_timeout("/sbin/umount /usr >/dev/null 2>&1", 0, 5); 3601 3602 /* 3603 * Construct and emit the last words from userland: 3604 * "<timestamp> The system is down. Shutdown took <N> seconds." 3605 * 3606 * Normally we'd use syslog, but with /var and other things 3607 * potentially gone, try to minimize the external dependencies. 3608 */ 3609 now = time(NULL); 3610 (void) localtime_r(&now, &nowtm); 3611 3612 if (strftime(down_buf, sizeof (down_buf), 3613 "%b %e %T The system is down.", &nowtm) == 0) { 3614 (void) strlcpy(down_buf, "The system is down.", 3615 sizeof (down_buf)); 3616 } 3617 3618 if (halting_time != 0 && halting_time <= now) { 3619 (void) snprintf(time_buf, sizeof (time_buf), 3620 " Shutdown took %lu seconds.", now - halting_time); 3621 } else { 3622 time_buf[0] = '\0'; 3623 } 3624 (void) printf("%s%s\n", down_buf, time_buf); 3625 3626 (void) uadmin(A_SHUTDOWN, halting, mdep); 3627 uu_warn("uadmin() failed"); 3628 3629 #if defined(__i386) 3630 /* uadmin fail, cleanup grub_boot_args */ 3631 if (halting == AD_FASTREBOOT) 3632 grub_cleanup_boot_args(&fbarg); 3633 #endif /* __i386 */ 3634 3635 if (remove(resetting) != 0 && errno != ENOENT) 3636 uu_warn("Could not remove \"%s\"", resetting); 3637 } 3638 3639 /* 3640 * If any of the up_svcs[] are online or satisfiable, return true. If they are 3641 * all missing, disabled, in maintenance, or unsatisfiable, return false. 3642 */ 3643 boolean_t 3644 can_come_up(void) 3645 { 3646 int i; 3647 3648 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 3649 3650 /* 3651 * If we are booting to single user (boot -s), 3652 * SCF_MILESTONE_SINGLE_USER is needed to come up because startd 3653 * spawns sulogin after single-user is online (see specials.c). 3654 */ 3655 i = (booting_to_single_user ? 0 : 1); 3656 3657 for (; up_svcs[i] != NULL; ++i) { 3658 if (up_svcs_p[i] == NULL) { 3659 up_svcs_p[i] = vertex_get_by_name(up_svcs[i]); 3660 3661 if (up_svcs_p[i] == NULL) 3662 continue; 3663 } 3664 3665 /* 3666 * Ignore unconfigured services (the ones that have been 3667 * mentioned in a dependency from other services, but do 3668 * not exist in the repository). Services which exist 3669 * in the repository but don't have general/enabled 3670 * property will be also ignored. 3671 */ 3672 if (!(up_svcs_p[i]->gv_flags & GV_CONFIGURED)) 3673 continue; 3674 3675 switch (up_svcs_p[i]->gv_state) { 3676 case RESTARTER_STATE_ONLINE: 3677 case RESTARTER_STATE_DEGRADED: 3678 /* 3679 * Deactivate verbose boot once a login service has been 3680 * reached. 3681 */ 3682 st->st_log_login_reached = 1; 3683 /*FALLTHROUGH*/ 3684 case RESTARTER_STATE_UNINIT: 3685 return (B_TRUE); 3686 3687 case RESTARTER_STATE_OFFLINE: 3688 if (instance_satisfied(up_svcs_p[i], B_TRUE) != -1) 3689 return (B_TRUE); 3690 log_framework(LOG_DEBUG, 3691 "can_come_up(): %s is unsatisfiable.\n", 3692 up_svcs_p[i]->gv_name); 3693 continue; 3694 3695 case RESTARTER_STATE_DISABLED: 3696 case RESTARTER_STATE_MAINT: 3697 log_framework(LOG_DEBUG, 3698 "can_come_up(): %s is in state %s.\n", 3699 up_svcs_p[i]->gv_name, 3700 instance_state_str[up_svcs_p[i]->gv_state]); 3701 continue; 3702 3703 default: 3704 #ifndef NDEBUG 3705 uu_warn("%s:%d: Unexpected vertex state %d.\n", 3706 __FILE__, __LINE__, up_svcs_p[i]->gv_state); 3707 #endif 3708 abort(); 3709 } 3710 } 3711 3712 /* 3713 * In the seed repository, console-login is unsatisfiable because 3714 * services are missing. To behave correctly in that case we don't want 3715 * to return false until manifest-import is online. 3716 */ 3717 3718 if (manifest_import_p == NULL) { 3719 manifest_import_p = vertex_get_by_name(manifest_import); 3720 3721 if (manifest_import_p == NULL) 3722 return (B_FALSE); 3723 } 3724 3725 switch (manifest_import_p->gv_state) { 3726 case RESTARTER_STATE_ONLINE: 3727 case RESTARTER_STATE_DEGRADED: 3728 case RESTARTER_STATE_DISABLED: 3729 case RESTARTER_STATE_MAINT: 3730 break; 3731 3732 case RESTARTER_STATE_OFFLINE: 3733 if (instance_satisfied(manifest_import_p, B_TRUE) == -1) 3734 break; 3735 /* FALLTHROUGH */ 3736 3737 case RESTARTER_STATE_UNINIT: 3738 return (B_TRUE); 3739 } 3740 3741 return (B_FALSE); 3742 } 3743 3744 /* 3745 * Runs sulogin. Returns 3746 * 0 - success 3747 * EALREADY - sulogin is already running 3748 * EBUSY - console-login is running 3749 */ 3750 static int 3751 run_sulogin(const char *msg) 3752 { 3753 graph_vertex_t *v; 3754 3755 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 3756 3757 if (sulogin_running) 3758 return (EALREADY); 3759 3760 v = vertex_get_by_name(console_login_fmri); 3761 if (v != NULL && inst_running(v)) 3762 return (EBUSY); 3763 3764 sulogin_running = B_TRUE; 3765 3766 MUTEX_UNLOCK(&dgraph_lock); 3767 3768 fork_sulogin(B_FALSE, msg); 3769 3770 MUTEX_LOCK(&dgraph_lock); 3771 3772 sulogin_running = B_FALSE; 3773 3774 if (console_login_ready) { 3775 v = vertex_get_by_name(console_login_fmri); 3776 3777 if (v != NULL && v->gv_state == RESTARTER_STATE_OFFLINE) { 3778 if (v->gv_start_f == NULL) 3779 vertex_send_event(v, 3780 RESTARTER_EVENT_TYPE_START); 3781 else 3782 v->gv_start_f(v); 3783 } 3784 3785 console_login_ready = B_FALSE; 3786 } 3787 3788 return (0); 3789 } 3790 3791 /* 3792 * The sulogin thread runs sulogin while can_come_up() is false. run_sulogin() 3793 * keeps sulogin from stepping on console-login's toes. 3794 */ 3795 /* ARGSUSED */ 3796 static void * 3797 sulogin_thread(void *unused) 3798 { 3799 MUTEX_LOCK(&dgraph_lock); 3800 3801 assert(sulogin_thread_running); 3802 3803 do { 3804 (void) run_sulogin("Console login service(s) cannot run\n"); 3805 } while (!can_come_up()); 3806 3807 sulogin_thread_running = B_FALSE; 3808 MUTEX_UNLOCK(&dgraph_lock); 3809 3810 return (NULL); 3811 } 3812 3813 /* ARGSUSED */ 3814 void * 3815 single_user_thread(void *unused) 3816 { 3817 uint_t left; 3818 scf_handle_t *h; 3819 scf_instance_t *inst; 3820 scf_property_t *prop; 3821 scf_value_t *val; 3822 const char *msg; 3823 char *buf; 3824 int r; 3825 3826 MUTEX_LOCK(&single_user_thread_lock); 3827 single_user_thread_count++; 3828 3829 if (!booting_to_single_user) 3830 kill_user_procs(); 3831 3832 if (go_single_user_mode || booting_to_single_user) { 3833 msg = "SINGLE USER MODE\n"; 3834 } else { 3835 assert(go_to_level1); 3836 3837 fork_rc_script('1', "start", B_TRUE); 3838 3839 uu_warn("The system is ready for administration.\n"); 3840 3841 msg = ""; 3842 } 3843 3844 MUTEX_UNLOCK(&single_user_thread_lock); 3845 3846 for (;;) { 3847 MUTEX_LOCK(&dgraph_lock); 3848 r = run_sulogin(msg); 3849 MUTEX_UNLOCK(&dgraph_lock); 3850 if (r == 0) 3851 break; 3852 3853 assert(r == EALREADY || r == EBUSY); 3854 3855 left = 3; 3856 while (left > 0) 3857 left = sleep(left); 3858 } 3859 3860 MUTEX_LOCK(&single_user_thread_lock); 3861 3862 /* 3863 * If another single user thread has started, let it finish changing 3864 * the run level. 3865 */ 3866 if (single_user_thread_count > 1) { 3867 single_user_thread_count--; 3868 MUTEX_UNLOCK(&single_user_thread_lock); 3869 return (NULL); 3870 } 3871 3872 h = libscf_handle_create_bound_loop(); 3873 inst = scf_instance_create(h); 3874 prop = safe_scf_property_create(h); 3875 val = safe_scf_value_create(h); 3876 buf = startd_alloc(max_scf_fmri_size); 3877 3878 lookup: 3879 if (scf_handle_decode_fmri(h, SCF_SERVICE_STARTD, NULL, NULL, inst, 3880 NULL, NULL, SCF_DECODE_FMRI_EXACT) != 0) { 3881 switch (scf_error()) { 3882 case SCF_ERROR_NOT_FOUND: 3883 r = libscf_create_self(h); 3884 if (r == 0) 3885 goto lookup; 3886 assert(r == ECONNABORTED); 3887 /* FALLTHROUGH */ 3888 3889 case SCF_ERROR_CONNECTION_BROKEN: 3890 libscf_handle_rebind(h); 3891 goto lookup; 3892 3893 case SCF_ERROR_INVALID_ARGUMENT: 3894 case SCF_ERROR_CONSTRAINT_VIOLATED: 3895 case SCF_ERROR_NOT_BOUND: 3896 case SCF_ERROR_HANDLE_MISMATCH: 3897 default: 3898 bad_error("scf_handle_decode_fmri", scf_error()); 3899 } 3900 } 3901 3902 MUTEX_LOCK(&dgraph_lock); 3903 3904 r = scf_instance_delete_prop(inst, SCF_PG_OPTIONS_OVR, 3905 SCF_PROPERTY_MILESTONE); 3906 switch (r) { 3907 case 0: 3908 case ECANCELED: 3909 break; 3910 3911 case ECONNABORTED: 3912 MUTEX_UNLOCK(&dgraph_lock); 3913 libscf_handle_rebind(h); 3914 goto lookup; 3915 3916 case EPERM: 3917 case EACCES: 3918 case EROFS: 3919 log_error(LOG_WARNING, "Could not clear temporary milestone: " 3920 "%s.\n", strerror(r)); 3921 break; 3922 3923 default: 3924 bad_error("scf_instance_delete_prop", r); 3925 } 3926 3927 MUTEX_UNLOCK(&dgraph_lock); 3928 3929 r = libscf_get_milestone(inst, prop, val, buf, max_scf_fmri_size); 3930 switch (r) { 3931 case ECANCELED: 3932 case ENOENT: 3933 case EINVAL: 3934 (void) strcpy(buf, "all"); 3935 /* FALLTHROUGH */ 3936 3937 case 0: 3938 uu_warn("Returning to milestone %s.\n", buf); 3939 break; 3940 3941 case ECONNABORTED: 3942 libscf_handle_rebind(h); 3943 goto lookup; 3944 3945 default: 3946 bad_error("libscf_get_milestone", r); 3947 } 3948 3949 r = dgraph_set_milestone(buf, h, B_FALSE); 3950 switch (r) { 3951 case 0: 3952 case ECONNRESET: 3953 case EALREADY: 3954 case EINVAL: 3955 case ENOENT: 3956 break; 3957 3958 default: 3959 bad_error("dgraph_set_milestone", r); 3960 } 3961 3962 /* 3963 * See graph_runlevel_changed(). 3964 */ 3965 MUTEX_LOCK(&dgraph_lock); 3966 utmpx_set_runlevel(target_milestone_as_runlevel(), 'S', B_TRUE); 3967 MUTEX_UNLOCK(&dgraph_lock); 3968 3969 startd_free(buf, max_scf_fmri_size); 3970 scf_value_destroy(val); 3971 scf_property_destroy(prop); 3972 scf_instance_destroy(inst); 3973 scf_handle_destroy(h); 3974 3975 /* 3976 * We'll give ourselves 3 seconds to respond to all of the enablings 3977 * that setting the milestone should have created before checking 3978 * whether to run sulogin. 3979 */ 3980 left = 3; 3981 while (left > 0) 3982 left = sleep(left); 3983 3984 MUTEX_LOCK(&dgraph_lock); 3985 /* 3986 * Clearing these variables will allow the sulogin thread to run. We 3987 * check here in case there aren't any more state updates anytime soon. 3988 */ 3989 go_to_level1 = go_single_user_mode = booting_to_single_user = B_FALSE; 3990 if (!sulogin_thread_running && !can_come_up()) { 3991 (void) startd_thread_create(sulogin_thread, NULL); 3992 sulogin_thread_running = B_TRUE; 3993 } 3994 MUTEX_UNLOCK(&dgraph_lock); 3995 single_user_thread_count--; 3996 MUTEX_UNLOCK(&single_user_thread_lock); 3997 return (NULL); 3998 } 3999 4000 4001 /* 4002 * Dependency graph operations API. These are handle-independent thread-safe 4003 * graph manipulation functions which are the entry points for the event 4004 * threads below. 4005 */ 4006 4007 /* 4008 * If a configured vertex exists for inst_fmri, return EEXIST. If no vertex 4009 * exists for inst_fmri, add one. Then fetch the restarter from inst, make 4010 * this vertex dependent on it, and send _ADD_INSTANCE to the restarter. 4011 * Fetch whether the instance should be enabled from inst and send _ENABLE or 4012 * _DISABLE as appropriate. Finally rummage through inst's dependency 4013 * property groups and add vertices and edges as appropriate. If anything 4014 * goes wrong after sending _ADD_INSTANCE, send _ADMIN_MAINT_ON to put the 4015 * instance in maintenance. Don't send _START or _STOP until we get a state 4016 * update in case we're being restarted and the service is already running. 4017 * 4018 * To support booting to a milestone, we must also make sure all dependencies 4019 * encountered are configured, if they exist in the repository. 4020 * 4021 * Returns 0 on success, ECONNABORTED on repository disconnection, EINVAL if 4022 * inst_fmri is an invalid (or not canonical) FMRI, ECANCELED if inst is 4023 * deleted, or EEXIST if a configured vertex for inst_fmri already exists. 4024 */ 4025 int 4026 dgraph_add_instance(const char *inst_fmri, scf_instance_t *inst, 4027 boolean_t lock_graph) 4028 { 4029 graph_vertex_t *v; 4030 int err; 4031 4032 if (strcmp(inst_fmri, SCF_SERVICE_STARTD) == 0) 4033 return (0); 4034 4035 /* Check for a vertex for inst_fmri. */ 4036 if (lock_graph) { 4037 MUTEX_LOCK(&dgraph_lock); 4038 } else { 4039 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 4040 } 4041 4042 v = vertex_get_by_name(inst_fmri); 4043 4044 if (v != NULL) { 4045 assert(v->gv_type == GVT_INST); 4046 4047 if (v->gv_flags & GV_CONFIGURED) { 4048 if (lock_graph) 4049 MUTEX_UNLOCK(&dgraph_lock); 4050 return (EEXIST); 4051 } 4052 } else { 4053 /* Add the vertex. */ 4054 err = graph_insert_vertex_unconfigured(inst_fmri, GVT_INST, 0, 4055 RERR_NONE, &v); 4056 if (err != 0) { 4057 assert(err == EINVAL); 4058 if (lock_graph) 4059 MUTEX_UNLOCK(&dgraph_lock); 4060 return (EINVAL); 4061 } 4062 } 4063 4064 err = configure_vertex(v, inst); 4065 4066 if (lock_graph) 4067 MUTEX_UNLOCK(&dgraph_lock); 4068 4069 return (err); 4070 } 4071 4072 /* 4073 * Locate the vertex for this property group's instance. If it doesn't exist 4074 * or is unconfigured, call dgraph_add_instance() & return. Otherwise fetch 4075 * the restarter for the instance, and if it has changed, send 4076 * _REMOVE_INSTANCE to the old restarter, remove the dependency, make sure the 4077 * new restarter has a vertex, add a new dependency, and send _ADD_INSTANCE to 4078 * the new restarter. Then fetch whether the instance should be enabled, and 4079 * if it is different from what we had, or if we changed the restarter, send 4080 * the appropriate _ENABLE or _DISABLE command. 4081 * 4082 * Returns 0 on success, ENOTSUP if the pg's parent is not an instance, 4083 * ECONNABORTED on repository disconnection, ECANCELED if the instance is 4084 * deleted, or -1 if the instance's general property group is deleted or if 4085 * its enabled property is misconfigured. 4086 */ 4087 static int 4088 dgraph_update_general(scf_propertygroup_t *pg) 4089 { 4090 scf_handle_t *h; 4091 scf_instance_t *inst; 4092 char *fmri; 4093 char *restarter_fmri; 4094 graph_vertex_t *v; 4095 int err; 4096 int enabled, enabled_ovr; 4097 int oldflags; 4098 4099 /* Find the vertex for this service */ 4100 h = scf_pg_handle(pg); 4101 4102 inst = safe_scf_instance_create(h); 4103 4104 if (scf_pg_get_parent_instance(pg, inst) != 0) { 4105 switch (scf_error()) { 4106 case SCF_ERROR_CONSTRAINT_VIOLATED: 4107 return (ENOTSUP); 4108 4109 case SCF_ERROR_CONNECTION_BROKEN: 4110 default: 4111 return (ECONNABORTED); 4112 4113 case SCF_ERROR_DELETED: 4114 return (0); 4115 4116 case SCF_ERROR_NOT_SET: 4117 bad_error("scf_pg_get_parent_instance", scf_error()); 4118 } 4119 } 4120 4121 err = libscf_instance_get_fmri(inst, &fmri); 4122 switch (err) { 4123 case 0: 4124 break; 4125 4126 case ECONNABORTED: 4127 scf_instance_destroy(inst); 4128 return (ECONNABORTED); 4129 4130 case ECANCELED: 4131 scf_instance_destroy(inst); 4132 return (0); 4133 4134 default: 4135 bad_error("libscf_instance_get_fmri", err); 4136 } 4137 4138 log_framework(LOG_DEBUG, 4139 "Graph engine: Reloading general properties for %s.\n", fmri); 4140 4141 MUTEX_LOCK(&dgraph_lock); 4142 4143 v = vertex_get_by_name(fmri); 4144 if (v == NULL || !(v->gv_flags & GV_CONFIGURED)) { 4145 /* Will get the up-to-date properties. */ 4146 MUTEX_UNLOCK(&dgraph_lock); 4147 err = dgraph_add_instance(fmri, inst, B_TRUE); 4148 startd_free(fmri, max_scf_fmri_size); 4149 scf_instance_destroy(inst); 4150 return (err == ECANCELED ? 0 : err); 4151 } 4152 4153 /* Read enabled & restarter from repository. */ 4154 restarter_fmri = startd_alloc(max_scf_value_size); 4155 err = libscf_get_basic_instance_data(h, inst, v->gv_name, &enabled, 4156 &enabled_ovr, &restarter_fmri); 4157 if (err != 0 || enabled == -1) { 4158 MUTEX_UNLOCK(&dgraph_lock); 4159 scf_instance_destroy(inst); 4160 startd_free(fmri, max_scf_fmri_size); 4161 4162 switch (err) { 4163 case ENOENT: 4164 case 0: 4165 startd_free(restarter_fmri, max_scf_value_size); 4166 return (-1); 4167 4168 case ECONNABORTED: 4169 case ECANCELED: 4170 startd_free(restarter_fmri, max_scf_value_size); 4171 return (err); 4172 4173 default: 4174 bad_error("libscf_get_basic_instance_data", err); 4175 } 4176 } 4177 4178 oldflags = v->gv_flags; 4179 v->gv_flags = (v->gv_flags & ~GV_ENBLD_NOOVR) | 4180 (enabled ? GV_ENBLD_NOOVR : 0); 4181 4182 if (enabled_ovr != -1) 4183 enabled = enabled_ovr; 4184 4185 /* 4186 * If GV_ENBLD_NOOVR has changed, then we need to re-evaluate the 4187 * subgraph. 4188 */ 4189 if (milestone > MILESTONE_NONE && v->gv_flags != oldflags) 4190 (void) eval_subgraph(v, h); 4191 4192 scf_instance_destroy(inst); 4193 4194 /* Ignore restarter change for now. */ 4195 4196 startd_free(restarter_fmri, max_scf_value_size); 4197 startd_free(fmri, max_scf_fmri_size); 4198 4199 /* 4200 * Always send _ENABLE or _DISABLE. We could avoid this if the 4201 * restarter didn't change and the enabled value didn't change, but 4202 * that's not easy to check and improbable anyway, so we'll just do 4203 * this. 4204 */ 4205 graph_enable_by_vertex(v, enabled, 1); 4206 4207 MUTEX_UNLOCK(&dgraph_lock); 4208 4209 return (0); 4210 } 4211 4212 /* 4213 * Delete all of the property group dependencies of v, update inst's running 4214 * snapshot, and add the dependencies in the new snapshot. If any of the new 4215 * dependencies would create a cycle, send _ADMIN_MAINT_ON. Otherwise 4216 * reevaluate v's dependencies, send _START or _STOP as appropriate, and do 4217 * the same for v's dependents. 4218 * 4219 * Returns 4220 * 0 - success 4221 * ECONNABORTED - repository connection broken 4222 * ECANCELED - inst was deleted 4223 * EINVAL - inst is invalid (e.g., missing general/enabled) 4224 * -1 - libscf_snapshots_refresh() failed 4225 */ 4226 static int 4227 dgraph_refresh_instance(graph_vertex_t *v, scf_instance_t *inst) 4228 { 4229 int r; 4230 int enabled; 4231 4232 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 4233 assert(v->gv_type == GVT_INST); 4234 4235 /* Only refresh services with valid general/enabled properties. */ 4236 r = libscf_get_basic_instance_data(scf_instance_handle(inst), inst, 4237 v->gv_name, &enabled, NULL, NULL); 4238 switch (r) { 4239 case 0: 4240 break; 4241 4242 case ECONNABORTED: 4243 case ECANCELED: 4244 return (r); 4245 4246 case ENOENT: 4247 log_framework(LOG_DEBUG, 4248 "Ignoring %s because it has no general property group.\n", 4249 v->gv_name); 4250 return (EINVAL); 4251 4252 default: 4253 bad_error("libscf_get_basic_instance_data", r); 4254 } 4255 4256 if (enabled == -1) 4257 return (EINVAL); 4258 4259 r = libscf_snapshots_refresh(inst, v->gv_name); 4260 if (r != 0) { 4261 if (r != -1) 4262 bad_error("libscf_snapshots_refresh", r); 4263 4264 /* error logged */ 4265 return (r); 4266 } 4267 4268 r = refresh_vertex(v, inst); 4269 if (r != 0 && r != ECONNABORTED) 4270 bad_error("refresh_vertex", r); 4271 return (r); 4272 } 4273 4274 /* 4275 * Returns true only if none of this service's dependents are 'up' -- online 4276 * or degraded (offline is considered down in this situation). This function 4277 * is somehow similar to is_nonsubgraph_leaf() but works on subtrees. 4278 */ 4279 static boolean_t 4280 insubtree_dependents_down(graph_vertex_t *v) 4281 { 4282 graph_vertex_t *vv; 4283 graph_edge_t *e; 4284 4285 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 4286 4287 for (e = uu_list_first(v->gv_dependents); e != NULL; 4288 e = uu_list_next(v->gv_dependents, e)) { 4289 vv = e->ge_vertex; 4290 if (vv->gv_type == GVT_INST) { 4291 if ((vv->gv_flags & GV_CONFIGURED) == 0) 4292 continue; 4293 4294 if ((vv->gv_flags & GV_TOOFFLINE) == 0) 4295 continue; 4296 4297 if ((vv->gv_state == RESTARTER_STATE_ONLINE) || 4298 (vv->gv_state == RESTARTER_STATE_DEGRADED)) 4299 return (B_FALSE); 4300 } else { 4301 /* 4302 * For dependency groups or service vertices, keep 4303 * traversing to see if instances are running. 4304 */ 4305 if (insubtree_dependents_down(vv) == B_FALSE) 4306 return (B_FALSE); 4307 } 4308 } 4309 4310 return (B_TRUE); 4311 } 4312 4313 /* 4314 * Returns true only if none of this service's dependents are 'up' -- online, 4315 * degraded, or offline. 4316 */ 4317 static int 4318 is_nonsubgraph_leaf(graph_vertex_t *v) 4319 { 4320 graph_vertex_t *vv; 4321 graph_edge_t *e; 4322 4323 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 4324 4325 for (e = uu_list_first(v->gv_dependents); 4326 e != NULL; 4327 e = uu_list_next(v->gv_dependents, e)) { 4328 4329 vv = e->ge_vertex; 4330 if (vv->gv_type == GVT_INST) { 4331 if ((vv->gv_flags & GV_CONFIGURED) == 0) 4332 continue; 4333 4334 if (vv->gv_flags & GV_INSUBGRAPH) 4335 continue; 4336 4337 if (up_state(vv->gv_state)) 4338 return (0); 4339 } else { 4340 /* 4341 * For dependency group or service vertices, keep 4342 * traversing to see if instances are running. 4343 * 4344 * We should skip exclude_all dependencies otherwise 4345 * the vertex will never be considered as a leaf 4346 * if the dependent is offline. The main reason for 4347 * this is that disable_nonsubgraph_leaves() skips 4348 * exclusion dependencies. 4349 */ 4350 if (vv->gv_type == GVT_GROUP && 4351 vv->gv_depgroup == DEPGRP_EXCLUDE_ALL) 4352 continue; 4353 4354 if (!is_nonsubgraph_leaf(vv)) 4355 return (0); 4356 } 4357 } 4358 4359 return (1); 4360 } 4361 4362 /* 4363 * Disable v temporarily. Attempt to do this by setting its enabled override 4364 * property in the repository. If that fails, send a _DISABLE command. 4365 * Returns 0 on success and ECONNABORTED if the repository connection is 4366 * broken. 4367 */ 4368 static int 4369 disable_service_temporarily(graph_vertex_t *v, scf_handle_t *h) 4370 { 4371 const char * const emsg = "Could not temporarily disable %s because " 4372 "%s. Will stop service anyways. Repository status for the " 4373 "service may be inaccurate.\n"; 4374 const char * const emsg_cbroken = 4375 "the repository connection was broken"; 4376 4377 scf_instance_t *inst; 4378 int r; 4379 4380 inst = scf_instance_create(h); 4381 if (inst == NULL) { 4382 char buf[100]; 4383 4384 (void) snprintf(buf, sizeof (buf), 4385 "scf_instance_create() failed (%s)", 4386 scf_strerror(scf_error())); 4387 log_error(LOG_WARNING, emsg, v->gv_name, buf); 4388 4389 graph_enable_by_vertex(v, 0, 0); 4390 return (0); 4391 } 4392 4393 r = scf_handle_decode_fmri(h, v->gv_name, NULL, NULL, inst, 4394 NULL, NULL, SCF_DECODE_FMRI_EXACT); 4395 if (r != 0) { 4396 switch (scf_error()) { 4397 case SCF_ERROR_CONNECTION_BROKEN: 4398 log_error(LOG_WARNING, emsg, v->gv_name, emsg_cbroken); 4399 graph_enable_by_vertex(v, 0, 0); 4400 return (ECONNABORTED); 4401 4402 case SCF_ERROR_NOT_FOUND: 4403 return (0); 4404 4405 case SCF_ERROR_HANDLE_MISMATCH: 4406 case SCF_ERROR_INVALID_ARGUMENT: 4407 case SCF_ERROR_CONSTRAINT_VIOLATED: 4408 case SCF_ERROR_NOT_BOUND: 4409 default: 4410 bad_error("scf_handle_decode_fmri", 4411 scf_error()); 4412 } 4413 } 4414 4415 r = libscf_set_enable_ovr(inst, 0); 4416 switch (r) { 4417 case 0: 4418 scf_instance_destroy(inst); 4419 return (0); 4420 4421 case ECANCELED: 4422 scf_instance_destroy(inst); 4423 return (0); 4424 4425 case ECONNABORTED: 4426 log_error(LOG_WARNING, emsg, v->gv_name, emsg_cbroken); 4427 graph_enable_by_vertex(v, 0, 0); 4428 return (ECONNABORTED); 4429 4430 case EPERM: 4431 log_error(LOG_WARNING, emsg, v->gv_name, 4432 "the repository denied permission"); 4433 graph_enable_by_vertex(v, 0, 0); 4434 return (0); 4435 4436 case EROFS: 4437 log_error(LOG_WARNING, emsg, v->gv_name, 4438 "the repository is read-only"); 4439 graph_enable_by_vertex(v, 0, 0); 4440 return (0); 4441 4442 default: 4443 bad_error("libscf_set_enable_ovr", r); 4444 /* NOTREACHED */ 4445 } 4446 } 4447 4448 /* 4449 * Of the transitive instance dependencies of v, offline those which are 4450 * in the subtree and which are leaves (i.e., have no dependents which are 4451 * "up"). 4452 */ 4453 void 4454 offline_subtree_leaves(graph_vertex_t *v, void *arg) 4455 { 4456 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 4457 4458 /* If v isn't an instance, recurse on its dependencies. */ 4459 if (v->gv_type != GVT_INST) { 4460 graph_walk_dependencies(v, offline_subtree_leaves, arg); 4461 return; 4462 } 4463 4464 /* 4465 * If v is not in the subtree, so should all of its dependencies, 4466 * so do nothing. 4467 */ 4468 if ((v->gv_flags & GV_TOOFFLINE) == 0) 4469 return; 4470 4471 /* If v isn't a leaf because it's already down, recurse. */ 4472 if (!up_state(v->gv_state)) { 4473 graph_walk_dependencies(v, offline_subtree_leaves, arg); 4474 return; 4475 } 4476 4477 /* if v is a leaf, offline it or disable it if it's the last one */ 4478 if (insubtree_dependents_down(v) == B_TRUE) { 4479 if (v->gv_flags & GV_TODISABLE) 4480 vertex_send_event(v, 4481 RESTARTER_EVENT_TYPE_ADMIN_DISABLE); 4482 else 4483 offline_vertex(v); 4484 } 4485 } 4486 4487 void 4488 graph_offline_subtree_leaves(graph_vertex_t *v, void *h) 4489 { 4490 graph_walk_dependencies(v, offline_subtree_leaves, (void *)h); 4491 } 4492 4493 4494 /* 4495 * Of the transitive instance dependencies of v, disable those which are not 4496 * in the subgraph and which are leaves (i.e., have no dependents which are 4497 * "up"). 4498 */ 4499 static void 4500 disable_nonsubgraph_leaves(graph_vertex_t *v, void *arg) 4501 { 4502 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 4503 4504 /* 4505 * We must skip exclusion dependencies because they are allowed to 4506 * complete dependency cycles. This is correct because A's exclusion 4507 * dependency on B doesn't bear on the order in which they should be 4508 * stopped. Indeed, the exclusion dependency should guarantee that 4509 * they are never online at the same time. 4510 */ 4511 if (v->gv_type == GVT_GROUP && v->gv_depgroup == DEPGRP_EXCLUDE_ALL) 4512 return; 4513 4514 /* If v isn't an instance, recurse on its dependencies. */ 4515 if (v->gv_type != GVT_INST) 4516 goto recurse; 4517 4518 if ((v->gv_flags & GV_CONFIGURED) == 0) 4519 /* 4520 * Unconfigured instances should have no dependencies, but in 4521 * case they ever get them, 4522 */ 4523 goto recurse; 4524 4525 /* 4526 * If v is in the subgraph, so should all of its dependencies, so do 4527 * nothing. 4528 */ 4529 if (v->gv_flags & GV_INSUBGRAPH) 4530 return; 4531 4532 /* If v isn't a leaf because it's already down, recurse. */ 4533 if (!up_state(v->gv_state)) 4534 goto recurse; 4535 4536 /* If v is disabled but not down yet, be patient. */ 4537 if ((v->gv_flags & GV_ENABLED) == 0) 4538 return; 4539 4540 /* If v is a leaf, disable it. */ 4541 if (is_nonsubgraph_leaf(v)) 4542 (void) disable_service_temporarily(v, (scf_handle_t *)arg); 4543 4544 return; 4545 4546 recurse: 4547 graph_walk_dependencies(v, disable_nonsubgraph_leaves, arg); 4548 } 4549 4550 /* 4551 * Find the vertex for inst_name. If it doesn't exist, return ENOENT. 4552 * Otherwise set its state to state. If the instance has entered a state 4553 * which requires automatic action, take it (Uninitialized: do 4554 * dgraph_refresh_instance() without the snapshot update. Disabled: if the 4555 * instance should be enabled, send _ENABLE. Offline: if the instance should 4556 * be disabled, send _DISABLE, and if its dependencies are satisfied, send 4557 * _START. Online, Degraded: if the instance wasn't running, update its start 4558 * snapshot. Maintenance: no action.) 4559 * 4560 * Also fails with ECONNABORTED, or EINVAL if state is invalid. 4561 */ 4562 static int 4563 dgraph_set_instance_state(scf_handle_t *h, const char *inst_name, 4564 restarter_instance_state_t state, restarter_error_t serr) 4565 { 4566 graph_vertex_t *v; 4567 int err = 0; 4568 restarter_instance_state_t old_state; 4569 4570 MUTEX_LOCK(&dgraph_lock); 4571 4572 v = vertex_get_by_name(inst_name); 4573 if (v == NULL) { 4574 MUTEX_UNLOCK(&dgraph_lock); 4575 return (ENOENT); 4576 } 4577 4578 assert(v->gv_type == GVT_INST); 4579 4580 switch (state) { 4581 case RESTARTER_STATE_UNINIT: 4582 case RESTARTER_STATE_DISABLED: 4583 case RESTARTER_STATE_OFFLINE: 4584 case RESTARTER_STATE_ONLINE: 4585 case RESTARTER_STATE_DEGRADED: 4586 case RESTARTER_STATE_MAINT: 4587 break; 4588 4589 default: 4590 MUTEX_UNLOCK(&dgraph_lock); 4591 return (EINVAL); 4592 } 4593 4594 log_framework(LOG_DEBUG, "Graph noting %s %s -> %s.\n", v->gv_name, 4595 instance_state_str[v->gv_state], instance_state_str[state]); 4596 4597 old_state = v->gv_state; 4598 v->gv_state = state; 4599 4600 err = gt_transition(h, v, serr, old_state); 4601 4602 MUTEX_UNLOCK(&dgraph_lock); 4603 return (err); 4604 } 4605 4606 /* 4607 * Handle state changes during milestone shutdown. See 4608 * dgraph_set_milestone(). If the repository connection is broken, 4609 * ECONNABORTED will be returned, though a _DISABLE command will be sent for 4610 * the vertex anyway. 4611 */ 4612 int 4613 vertex_subgraph_dependencies_shutdown(scf_handle_t *h, graph_vertex_t *v, 4614 restarter_instance_state_t old_state) 4615 { 4616 int was_up, now_up; 4617 int ret = 0; 4618 4619 assert(v->gv_type == GVT_INST); 4620 4621 /* Don't care if we're not going to a milestone. */ 4622 if (milestone == NULL) 4623 return (0); 4624 4625 /* Don't care if we already finished coming down. */ 4626 if (non_subgraph_svcs == 0) 4627 return (0); 4628 4629 /* Don't care if the service is in the subgraph. */ 4630 if (v->gv_flags & GV_INSUBGRAPH) 4631 return (0); 4632 4633 /* 4634 * Update non_subgraph_svcs. It is the number of non-subgraph 4635 * services which are in online, degraded, or offline. 4636 */ 4637 4638 was_up = up_state(old_state); 4639 now_up = up_state(v->gv_state); 4640 4641 if (!was_up && now_up) { 4642 ++non_subgraph_svcs; 4643 } else if (was_up && !now_up) { 4644 --non_subgraph_svcs; 4645 4646 if (non_subgraph_svcs == 0) { 4647 if (halting != -1) { 4648 do_uadmin(); 4649 } else if (go_single_user_mode || go_to_level1) { 4650 (void) startd_thread_create(single_user_thread, 4651 NULL); 4652 } 4653 return (0); 4654 } 4655 } 4656 4657 /* If this service is a leaf, it should be disabled. */ 4658 if ((v->gv_flags & GV_ENABLED) && is_nonsubgraph_leaf(v)) { 4659 int r; 4660 4661 r = disable_service_temporarily(v, h); 4662 switch (r) { 4663 case 0: 4664 break; 4665 4666 case ECONNABORTED: 4667 ret = ECONNABORTED; 4668 break; 4669 4670 default: 4671 bad_error("disable_service_temporarily", r); 4672 } 4673 } 4674 4675 /* 4676 * If the service just came down, propagate the disable to the newly 4677 * exposed leaves. 4678 */ 4679 if (was_up && !now_up) 4680 graph_walk_dependencies(v, disable_nonsubgraph_leaves, 4681 (void *)h); 4682 4683 return (ret); 4684 } 4685 4686 /* 4687 * Decide whether to start up an sulogin thread after a service is 4688 * finished changing state. Only need to do the full can_come_up() 4689 * evaluation if an instance is changing state, we're not halfway through 4690 * loading the thread, and we aren't shutting down or going to the single 4691 * user milestone. 4692 */ 4693 void 4694 graph_transition_sulogin(restarter_instance_state_t state, 4695 restarter_instance_state_t old_state) 4696 { 4697 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 4698 4699 if (state != old_state && st->st_load_complete && 4700 !go_single_user_mode && !go_to_level1 && 4701 halting == -1) { 4702 if (!sulogin_thread_running && !can_come_up()) { 4703 (void) startd_thread_create(sulogin_thread, NULL); 4704 sulogin_thread_running = B_TRUE; 4705 } 4706 } 4707 } 4708 4709 /* 4710 * Propagate a start, stop event, or a satisfiability event. 4711 * 4712 * PROPAGATE_START and PROPAGATE_STOP simply propagate the transition event 4713 * to direct dependents. PROPAGATE_SAT propagates a start then walks the 4714 * full dependent graph to check for newly satisfied nodes. This is 4715 * necessary for cases when non-direct dependents may be effected but direct 4716 * dependents may not (e.g. for optional_all evaluations, see the 4717 * propagate_satbility() comments). 4718 * 4719 * PROPAGATE_SAT should be used whenever a non-running service moves into 4720 * a state which can satisfy optional dependencies, like disabled or 4721 * maintenance. 4722 */ 4723 void 4724 graph_transition_propagate(graph_vertex_t *v, propagate_event_t type, 4725 restarter_error_t rerr) 4726 { 4727 if (type == PROPAGATE_STOP) { 4728 graph_walk_dependents(v, propagate_stop, (void *)rerr); 4729 } else if (type == PROPAGATE_START || type == PROPAGATE_SAT) { 4730 graph_walk_dependents(v, propagate_start, NULL); 4731 4732 if (type == PROPAGATE_SAT) 4733 propagate_satbility(v); 4734 } else { 4735 #ifndef NDEBUG 4736 uu_warn("%s:%d: Unexpected type value %d.\n", __FILE__, 4737 __LINE__, type); 4738 #endif 4739 abort(); 4740 } 4741 } 4742 4743 /* 4744 * If a vertex for fmri exists and it is enabled, send _DISABLE to the 4745 * restarter. If it is running, send _STOP. Send _REMOVE_INSTANCE. Delete 4746 * all property group dependencies, and the dependency on the restarter, 4747 * disposing of vertices as appropriate. If other vertices depend on this 4748 * one, mark it unconfigured and return. Otherwise remove the vertex. Always 4749 * returns 0. 4750 */ 4751 static int 4752 dgraph_remove_instance(const char *fmri, scf_handle_t *h) 4753 { 4754 graph_vertex_t *v; 4755 graph_edge_t *e; 4756 uu_list_t *old_deps; 4757 int err; 4758 4759 log_framework(LOG_DEBUG, "Graph engine: Removing %s.\n", fmri); 4760 4761 MUTEX_LOCK(&dgraph_lock); 4762 4763 v = vertex_get_by_name(fmri); 4764 if (v == NULL) { 4765 MUTEX_UNLOCK(&dgraph_lock); 4766 return (0); 4767 } 4768 4769 /* Send restarter delete event. */ 4770 if (v->gv_flags & GV_CONFIGURED) 4771 graph_unset_restarter(v); 4772 4773 if (milestone > MILESTONE_NONE) { 4774 /* 4775 * Make a list of v's current dependencies so we can 4776 * reevaluate their GV_INSUBGRAPH flags after the dependencies 4777 * are removed. 4778 */ 4779 old_deps = startd_list_create(graph_edge_pool, NULL, 0); 4780 4781 err = uu_list_walk(v->gv_dependencies, 4782 (uu_walk_fn_t *)append_svcs_or_insts, old_deps, 0); 4783 assert(err == 0); 4784 } 4785 4786 delete_instance_dependencies(v, B_TRUE); 4787 4788 /* 4789 * Deleting an instance can both satisfy and unsatisfy dependencies, 4790 * depending on their type. First propagate the stop as a RERR_RESTART 4791 * event -- deletion isn't a fault, just a normal stop. This gives 4792 * dependent services the chance to do a clean shutdown. Then, mark 4793 * the service as unconfigured and propagate the start event for the 4794 * optional_all dependencies that might have become satisfied. 4795 */ 4796 graph_walk_dependents(v, propagate_stop, (void *)RERR_RESTART); 4797 4798 v->gv_flags &= ~GV_CONFIGURED; 4799 v->gv_flags &= ~GV_DEATHROW; 4800 4801 graph_walk_dependents(v, propagate_start, NULL); 4802 propagate_satbility(v); 4803 4804 /* 4805 * If there are no (non-service) dependents, the vertex can be 4806 * completely removed. 4807 */ 4808 if (v != milestone && v->gv_refs == 0 && 4809 uu_list_numnodes(v->gv_dependents) == 1) 4810 remove_inst_vertex(v); 4811 4812 if (milestone > MILESTONE_NONE) { 4813 void *cookie = NULL; 4814 4815 while ((e = uu_list_teardown(old_deps, &cookie)) != NULL) { 4816 v = e->ge_vertex; 4817 4818 if (vertex_unref(v) == VERTEX_INUSE) 4819 while (eval_subgraph(v, h) == ECONNABORTED) 4820 libscf_handle_rebind(h); 4821 4822 startd_free(e, sizeof (*e)); 4823 } 4824 4825 uu_list_destroy(old_deps); 4826 } 4827 4828 MUTEX_UNLOCK(&dgraph_lock); 4829 4830 return (0); 4831 } 4832 4833 /* 4834 * Return the eventual (maybe current) milestone in the form of a 4835 * legacy runlevel. 4836 */ 4837 static char 4838 target_milestone_as_runlevel() 4839 { 4840 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 4841 4842 if (milestone == NULL) 4843 return ('3'); 4844 else if (milestone == MILESTONE_NONE) 4845 return ('0'); 4846 4847 if (strcmp(milestone->gv_name, multi_user_fmri) == 0) 4848 return ('2'); 4849 else if (strcmp(milestone->gv_name, single_user_fmri) == 0) 4850 return ('S'); 4851 else if (strcmp(milestone->gv_name, multi_user_svr_fmri) == 0) 4852 return ('3'); 4853 4854 #ifndef NDEBUG 4855 (void) fprintf(stderr, "%s:%d: Unknown milestone name \"%s\".\n", 4856 __FILE__, __LINE__, milestone->gv_name); 4857 #endif 4858 abort(); 4859 /* NOTREACHED */ 4860 } 4861 4862 static struct { 4863 char rl; 4864 int sig; 4865 } init_sigs[] = { 4866 { 'S', SIGBUS }, 4867 { '0', SIGINT }, 4868 { '1', SIGQUIT }, 4869 { '2', SIGILL }, 4870 { '3', SIGTRAP }, 4871 { '4', SIGIOT }, 4872 { '5', SIGEMT }, 4873 { '6', SIGFPE }, 4874 { 0, 0 } 4875 }; 4876 4877 static void 4878 signal_init(char rl) 4879 { 4880 pid_t init_pid; 4881 int i; 4882 4883 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 4884 4885 if (zone_getattr(getzoneid(), ZONE_ATTR_INITPID, &init_pid, 4886 sizeof (init_pid)) != sizeof (init_pid)) { 4887 log_error(LOG_NOTICE, "Could not get pid to signal init.\n"); 4888 return; 4889 } 4890 4891 for (i = 0; init_sigs[i].rl != 0; ++i) 4892 if (init_sigs[i].rl == rl) 4893 break; 4894 4895 if (init_sigs[i].rl != 0) { 4896 if (kill(init_pid, init_sigs[i].sig) != 0) { 4897 switch (errno) { 4898 case EPERM: 4899 case ESRCH: 4900 log_error(LOG_NOTICE, "Could not signal init: " 4901 "%s.\n", strerror(errno)); 4902 break; 4903 4904 case EINVAL: 4905 default: 4906 bad_error("kill", errno); 4907 } 4908 } 4909 } 4910 } 4911 4912 /* 4913 * This is called when one of the major milestones changes state, or when 4914 * init is signalled and tells us it was told to change runlevel. We wait 4915 * to reach the milestone because this allows /etc/inittab entries to retain 4916 * some boot ordering: historically, entries could place themselves before/after 4917 * the running of /sbin/rcX scripts but we can no longer make the 4918 * distinction because the /sbin/rcX scripts no longer exist as punctuation 4919 * marks in /etc/inittab. 4920 * 4921 * Also, we only trigger an update when we reach the eventual target 4922 * milestone: without this, an /etc/inittab entry marked only for 4923 * runlevel 2 would be executed for runlevel 3, which is not how 4924 * /etc/inittab entries work. 4925 * 4926 * If we're single user coming online, then we set utmpx to the target 4927 * runlevel so that legacy scripts can work as expected. 4928 */ 4929 static void 4930 graph_runlevel_changed(char rl, int online) 4931 { 4932 char trl; 4933 4934 assert(PTHREAD_MUTEX_HELD(&dgraph_lock)); 4935 4936 trl = target_milestone_as_runlevel(); 4937 4938 if (online) { 4939 if (rl == trl) { 4940 current_runlevel = trl; 4941 signal_init(trl); 4942 } else if (rl == 'S') { 4943 /* 4944 * At boot, set the entry early for the benefit of the 4945 * legacy init scripts. 4946 */ 4947 utmpx_set_runlevel(trl, 'S', B_FALSE); 4948 } 4949 } else { 4950 if (rl == '3' && trl == '2') { 4951 current_runlevel = trl; 4952 signal_init(trl); 4953 } else if (rl == '2' && trl == 'S') { 4954 current_runlevel = trl; 4955 signal_init(trl); 4956 } 4957 } 4958 } 4959 4960 /* 4961 * Move to a backwards-compatible runlevel by executing the appropriate 4962 * /etc/rc?.d/K* scripts and/or setting the milestone. 4963 * 4964 * Returns 4965 * 0 - success 4966 * ECONNRESET - success, but handle was reset 4967 * ECONNABORTED - repository connection broken 4968 * ECANCELED - pg was deleted 4969 */ 4970 static int 4971 dgraph_set_runlevel(scf_propertygroup_t *pg, scf_property_t *prop) 4972 { 4973 char rl; 4974 scf_handle_t *h; 4975 int r; 4976 const char *ms = NULL; /* what to commit as options/milestone */ 4977 boolean_t rebound = B_FALSE; 4978 int mark_rl = 0; 4979 4980 const char * const stop = "stop"; 4981 4982 r = libscf_extract_runlevel(prop, &rl); 4983 switch (r) { 4984 case 0: 4985 break; 4986 4987 case ECONNABORTED: 4988 case ECANCELED: 4989 return (r); 4990 4991 case EINVAL: 4992 case ENOENT: 4993 log_error(LOG_WARNING, "runlevel property is misconfigured; " 4994 "ignoring.\n"); 4995 /* delete the bad property */ 4996 goto nolock_out; 4997 4998 default: 4999 bad_error("libscf_extract_runlevel", r); 5000 } 5001 5002 switch (rl) { 5003 case 's': 5004 rl = 'S'; 5005 /* FALLTHROUGH */ 5006 5007 case 'S': 5008 case '2': 5009 case '3': 5010 /* 5011 * These cases cause a milestone change, so 5012 * graph_runlevel_changed() will eventually deal with 5013 * signalling init. 5014 */ 5015 break; 5016 5017 case '0': 5018 case '1': 5019 case '4': 5020 case '5': 5021 case '6': 5022 mark_rl = 1; 5023 break; 5024 5025 default: 5026 log_framework(LOG_NOTICE, "Unknown runlevel '%c'.\n", rl); 5027 ms = NULL; 5028 goto nolock_out; 5029 } 5030 5031 h = scf_pg_handle(pg); 5032 5033 MUTEX_LOCK(&dgraph_lock); 5034 5035 /* 5036 * Since this triggers no milestone changes, force it by hand. 5037 */ 5038 if (current_runlevel == '4' && rl == '3') 5039 mark_rl = 1; 5040 5041 /* 5042 * 1. If we are here after an "init X": 5043 * 5044 * init X 5045 * init/lscf_set_runlevel() 5046 * process_pg_event() 5047 * dgraph_set_runlevel() 5048 * 5049 * then we haven't passed through graph_runlevel_changed() yet, 5050 * therefore 'current_runlevel' has not changed for sure but 'rl' has. 5051 * In consequence, if 'rl' is lower than 'current_runlevel', we change 5052 * the system runlevel and execute the appropriate /etc/rc?.d/K* scripts 5053 * past this test. 5054 * 5055 * 2. On the other hand, if we are here after a "svcadm milestone": 5056 * 5057 * svcadm milestone X 5058 * dgraph_set_milestone() 5059 * handle_graph_update_event() 5060 * dgraph_set_instance_state() 5061 * graph_post_X_[online|offline]() 5062 * graph_runlevel_changed() 5063 * signal_init() 5064 * init/lscf_set_runlevel() 5065 * process_pg_event() 5066 * dgraph_set_runlevel() 5067 * 5068 * then we already passed through graph_runlevel_changed() (by the way 5069 * of dgraph_set_milestone()) and 'current_runlevel' may have changed 5070 * and already be equal to 'rl' so we are going to return immediately 5071 * from dgraph_set_runlevel() without changing the system runlevel and 5072 * without executing the /etc/rc?.d/K* scripts. 5073 */ 5074 if (rl == current_runlevel) { 5075 ms = NULL; 5076 goto out; 5077 } 5078 5079 log_framework(LOG_DEBUG, "Changing to runlevel '%c'.\n", rl); 5080 5081 /* 5082 * Make sure stop rc scripts see the new settings via who -r. 5083 */ 5084 utmpx_set_runlevel(rl, current_runlevel, B_TRUE); 5085 5086 /* 5087 * Some run levels don't have a direct correspondence to any 5088 * milestones, so we have to signal init directly. 5089 */ 5090 if (mark_rl) { 5091 current_runlevel = rl; 5092 signal_init(rl); 5093 } 5094 5095 switch (rl) { 5096 case 'S': 5097 uu_warn("The system is coming down for administration. " 5098 "Please wait.\n"); 5099 fork_rc_script(rl, stop, B_FALSE); 5100 ms = single_user_fmri; 5101 go_single_user_mode = B_TRUE; 5102 break; 5103 5104 case '0': 5105 halting_time = time(NULL); 5106 fork_rc_script(rl, stop, B_TRUE); 5107 halting = AD_HALT; 5108 goto uadmin; 5109 5110 case '5': 5111 halting_time = time(NULL); 5112 fork_rc_script(rl, stop, B_TRUE); 5113 halting = AD_POWEROFF; 5114 goto uadmin; 5115 5116 case '6': 5117 halting_time = time(NULL); 5118 fork_rc_script(rl, stop, B_TRUE); 5119 if (scf_is_fastboot_default() && getzoneid() == GLOBAL_ZONEID) 5120 halting = AD_FASTREBOOT; 5121 else 5122 halting = AD_BOOT; 5123 5124 uadmin: 5125 uu_warn("The system is coming down. Please wait.\n"); 5126 ms = "none"; 5127 5128 /* 5129 * We can't wait until all services are offline since this 5130 * thread is responsible for taking them offline. Instead we 5131 * set halting to the second argument for uadmin() and call 5132 * do_uadmin() from dgraph_set_instance_state() when 5133 * appropriate. 5134 */ 5135 break; 5136 5137 case '1': 5138 if (current_runlevel != 'S') { 5139 uu_warn("Changing to state 1.\n"); 5140 fork_rc_script(rl, stop, B_FALSE); 5141 } else { 5142 uu_warn("The system is coming up for administration. " 5143 "Please wait.\n"); 5144 } 5145 ms = single_user_fmri; 5146 go_to_level1 = B_TRUE; 5147 break; 5148 5149 case '2': 5150 if (current_runlevel == '3' || current_runlevel == '4') 5151 fork_rc_script(rl, stop, B_FALSE); 5152 ms = multi_user_fmri; 5153 break; 5154 5155 case '3': 5156 case '4': 5157 ms = "all"; 5158 break; 5159 5160 default: 5161 #ifndef NDEBUG 5162 (void) fprintf(stderr, "%s:%d: Uncaught case %d ('%c').\n", 5163 __FILE__, __LINE__, rl, rl); 5164 #endif 5165 abort(); 5166 } 5167 5168 out: 5169 MUTEX_UNLOCK(&dgraph_lock); 5170 5171 nolock_out: 5172 switch (r = libscf_clear_runlevel(pg, ms)) { 5173 case 0: 5174 break; 5175 5176 case ECONNABORTED: 5177 libscf_handle_rebind(h); 5178 rebound = B_TRUE; 5179 goto nolock_out; 5180 5181 case ECANCELED: 5182 break; 5183 5184 case EPERM: 5185 case EACCES: 5186 case EROFS: 5187 log_error(LOG_NOTICE, "Could not delete \"%s/%s\" property: " 5188 "%s.\n", SCF_PG_OPTIONS, "runlevel", strerror(r)); 5189 break; 5190 5191 default: 5192 bad_error("libscf_clear_runlevel", r); 5193 } 5194 5195 return (rebound ? ECONNRESET : 0); 5196 } 5197 5198 /* 5199 * mark_subtree walks the dependents and add the GV_TOOFFLINE flag 5200 * to the instances that are supposed to go offline during an 5201 * administrative disable operation. 5202 */ 5203 static int 5204 mark_subtree(graph_edge_t *e, void *arg) 5205 { 5206 graph_vertex_t *v; 5207 int r; 5208 5209 v = e->ge_vertex; 5210 5211 /* If it's already in the subgraph, skip. */ 5212 if (v->gv_flags & GV_TOOFFLINE) 5213 return (UU_WALK_NEXT); 5214 5215 switch (v->gv_type) { 5216 case GVT_INST: 5217 /* If the instance is already disabled, skip it. */ 5218 if (!(v->gv_flags & GV_ENABLED)) 5219 return (UU_WALK_NEXT); 5220 5221 v->gv_flags |= GV_TOOFFLINE; 5222 log_framework(LOG_DEBUG, "%s added to subtree\n", v->gv_name); 5223 break; 5224 case GVT_GROUP: 5225 /* 5226 * Skip all excluded and optional_all dependencies and decide 5227 * whether to offline the service based on restart_on attribute. 5228 */ 5229 if (v->gv_depgroup == DEPGRP_EXCLUDE_ALL || 5230 v->gv_depgroup == DEPGRP_OPTIONAL_ALL || 5231 v->gv_restart < RERR_RESTART) 5232 return (UU_WALK_NEXT); 5233 break; 5234 } 5235 5236 r = uu_list_walk(v->gv_dependents, (uu_walk_fn_t *)mark_subtree, arg, 5237 0); 5238 assert(r == 0); 5239 return (UU_WALK_NEXT); 5240 } 5241 5242 static int 5243 mark_subgraph(graph_edge_t *e, void *arg) 5244 { 5245 graph_vertex_t *v; 5246 int r; 5247 int optional = (int)arg; 5248 5249 v = e->ge_vertex; 5250 5251 /* If it's already in the subgraph, skip. */ 5252 if (v->gv_flags & GV_INSUBGRAPH) 5253 return (UU_WALK_NEXT); 5254 5255 /* 5256 * Keep track if walk has entered an optional dependency group 5257 */ 5258 if (v->gv_type == GVT_GROUP && v->gv_depgroup == DEPGRP_OPTIONAL_ALL) { 5259 optional = 1; 5260 } 5261 /* 5262 * Quit if we are in an optional dependency group and the instance 5263 * is disabled 5264 */ 5265 if (optional && (v->gv_type == GVT_INST) && 5266 (!(v->gv_flags & GV_ENBLD_NOOVR))) 5267 return (UU_WALK_NEXT); 5268 5269 v->gv_flags |= GV_INSUBGRAPH; 5270 5271 /* Skip all excluded dependencies. */ 5272 if (v->gv_type == GVT_GROUP && v->gv_depgroup == DEPGRP_EXCLUDE_ALL) 5273 return (UU_WALK_NEXT); 5274 5275 r = uu_list_walk(v->gv_dependencies, (uu_walk_fn_t *)mark_subgraph, 5276 (void *)optional, 0); 5277 assert(r == 0); 5278 return (UU_WALK_NEXT); 5279 } 5280 5281 /* 5282 * Bring down all services which are not dependencies of fmri. The 5283 * dependencies of fmri (direct & indirect) will constitute the "subgraph", 5284 * and will have the GV_INSUBGRAPH flag set. The rest must be brought down, 5285 * which means the state is "disabled", "maintenance", or "uninitialized". We 5286 * could consider "offline" to be down, and refrain from sending start 5287 * commands for such services, but that's not strictly necessary, so we'll 5288 * decline to intrude on the state machine. It would probably confuse users 5289 * anyway. 5290 * 5291 * The services should be brought down in reverse-dependency order, so we 5292 * can't do it all at once here. We initiate by override-disabling the leaves 5293 * of the dependency tree -- those services which are up but have no 5294 * dependents which are up. When they come down, 5295 * vertex_subgraph_dependencies_shutdown() will override-disable the newly 5296 * exposed leaves. Perseverance will ensure completion. 5297 * 5298 * Sometimes we need to take action when the transition is complete, like 5299 * start sulogin or halt the system. To tell when we're done, we initialize 5300 * non_subgraph_svcs here to be the number of services which need to come 5301 * down. As each does, we decrement the counter. When it hits zero, we take 5302 * the appropriate action. See vertex_subgraph_dependencies_shutdown(). 5303 * 5304 * In case we're coming up, we also remove any enable-overrides for the 5305 * services which are dependencies of fmri. 5306 * 5307 * If norepository is true, the function will not change the repository. 5308 * 5309 * The decision to change the system run level in accordance with the milestone 5310 * is taken in dgraph_set_runlevel(). 5311 * 5312 * Returns 5313 * 0 - success 5314 * ECONNRESET - success, but handle was rebound 5315 * EINVAL - fmri is invalid (error is logged) 5316 * EALREADY - the milestone is already set to fmri 5317 * ENOENT - a configured vertex does not exist for fmri (an error is logged) 5318 */ 5319 static int 5320 dgraph_set_milestone(const char *fmri, scf_handle_t *h, boolean_t norepository) 5321 { 5322 const char *cfmri, *fs; 5323 graph_vertex_t *nm, *v; 5324 int ret = 0, r; 5325 scf_instance_t *inst; 5326 boolean_t isall, isnone, rebound = B_FALSE; 5327 5328 /* Validate fmri */ 5329 isall = (strcmp(fmri, "all") == 0); 5330 isnone = (strcmp(fmri, "none") == 0); 5331 5332 if (!isall && !isnone) { 5333 if (fmri_canonify(fmri, (char **)&cfmri, B_FALSE) == EINVAL) 5334 goto reject; 5335 5336 if (strcmp(cfmri, single_user_fmri) != 0 && 5337 strcmp(cfmri, multi_user_fmri) != 0 && 5338 strcmp(cfmri, multi_user_svr_fmri) != 0) { 5339 startd_free((void *)cfmri, max_scf_fmri_size); 5340 reject: 5341 log_framework(LOG_WARNING, 5342 "Rejecting request for invalid milestone \"%s\".\n", 5343 fmri); 5344 return (EINVAL); 5345 } 5346 } 5347 5348 inst = safe_scf_instance_create(h); 5349 5350 MUTEX_LOCK(&dgraph_lock); 5351 5352 if (milestone == NULL) { 5353 if (isall) { 5354 log_framework(LOG_DEBUG, 5355 "Milestone already set to all.\n"); 5356 ret = EALREADY; 5357 goto out; 5358 } 5359 } else if (milestone == MILESTONE_NONE) { 5360 if (isnone) { 5361 log_framework(LOG_DEBUG, 5362 "Milestone already set to none.\n"); 5363 ret = EALREADY; 5364 goto out; 5365 } 5366 } else { 5367 if (!isall && !isnone && 5368 strcmp(cfmri, milestone->gv_name) == 0) { 5369 log_framework(LOG_DEBUG, 5370 "Milestone already set to %s.\n", cfmri); 5371 ret = EALREADY; 5372 goto out; 5373 } 5374 } 5375 5376 if (!isall && !isnone) { 5377 nm = vertex_get_by_name(cfmri); 5378 if (nm == NULL || !(nm->gv_flags & GV_CONFIGURED)) { 5379 log_framework(LOG_WARNING, "Cannot set milestone to %s " 5380 "because no such service exists.\n", cfmri); 5381 ret = ENOENT; 5382 goto out; 5383 } 5384 } 5385 5386 log_framework(LOG_DEBUG, "Changing milestone to %s.\n", fmri); 5387 5388 /* 5389 * Set milestone, removing the old one if this was the last reference. 5390 */ 5391 if (milestone > MILESTONE_NONE) 5392 (void) vertex_unref(milestone); 5393 5394 if (isall) 5395 milestone = NULL; 5396 else if (isnone) 5397 milestone = MILESTONE_NONE; 5398 else { 5399 milestone = nm; 5400 /* milestone should count as a reference */ 5401 vertex_ref(milestone); 5402 } 5403 5404 /* Clear all GV_INSUBGRAPH bits. */ 5405 for (v = uu_list_first(dgraph); v != NULL; v = uu_list_next(dgraph, v)) 5406 v->gv_flags &= ~GV_INSUBGRAPH; 5407 5408 if (!isall && !isnone) { 5409 /* Set GV_INSUBGRAPH for milestone & descendents. */ 5410 milestone->gv_flags |= GV_INSUBGRAPH; 5411 5412 r = uu_list_walk(milestone->gv_dependencies, 5413 (uu_walk_fn_t *)mark_subgraph, NULL, 0); 5414 assert(r == 0); 5415 } 5416 5417 /* Un-override services in the subgraph & override-disable the rest. */ 5418 if (norepository) 5419 goto out; 5420 5421 non_subgraph_svcs = 0; 5422 for (v = uu_list_first(dgraph); 5423 v != NULL; 5424 v = uu_list_next(dgraph, v)) { 5425 if (v->gv_type != GVT_INST || 5426 (v->gv_flags & GV_CONFIGURED) == 0) 5427 continue; 5428 5429 again: 5430 r = scf_handle_decode_fmri(h, v->gv_name, NULL, NULL, inst, 5431 NULL, NULL, SCF_DECODE_FMRI_EXACT); 5432 if (r != 0) { 5433 switch (scf_error()) { 5434 case SCF_ERROR_CONNECTION_BROKEN: 5435 default: 5436 libscf_handle_rebind(h); 5437 rebound = B_TRUE; 5438 goto again; 5439 5440 case SCF_ERROR_NOT_FOUND: 5441 continue; 5442 5443 case SCF_ERROR_HANDLE_MISMATCH: 5444 case SCF_ERROR_INVALID_ARGUMENT: 5445 case SCF_ERROR_CONSTRAINT_VIOLATED: 5446 case SCF_ERROR_NOT_BOUND: 5447 bad_error("scf_handle_decode_fmri", 5448 scf_error()); 5449 } 5450 } 5451 5452 if (isall || (v->gv_flags & GV_INSUBGRAPH)) { 5453 r = libscf_delete_enable_ovr(inst); 5454 fs = "libscf_delete_enable_ovr"; 5455 } else { 5456 assert(isnone || (v->gv_flags & GV_INSUBGRAPH) == 0); 5457 5458 /* 5459 * Services which are up need to come down before 5460 * we're done, but we can only disable the leaves 5461 * here. 5462 */ 5463 5464 if (up_state(v->gv_state)) 5465 ++non_subgraph_svcs; 5466 5467 /* If it's already disabled, don't bother. */ 5468 if ((v->gv_flags & GV_ENABLED) == 0) 5469 continue; 5470 5471 if (!is_nonsubgraph_leaf(v)) 5472 continue; 5473 5474 r = libscf_set_enable_ovr(inst, 0); 5475 fs = "libscf_set_enable_ovr"; 5476 } 5477 switch (r) { 5478 case 0: 5479 case ECANCELED: 5480 break; 5481 5482 case ECONNABORTED: 5483 libscf_handle_rebind(h); 5484 rebound = B_TRUE; 5485 goto again; 5486 5487 case EPERM: 5488 case EROFS: 5489 log_error(LOG_WARNING, 5490 "Could not set %s/%s for %s: %s.\n", 5491 SCF_PG_GENERAL_OVR, SCF_PROPERTY_ENABLED, 5492 v->gv_name, strerror(r)); 5493 break; 5494 5495 default: 5496 bad_error(fs, r); 5497 } 5498 } 5499 5500 if (halting != -1) { 5501 if (non_subgraph_svcs > 1) 5502 uu_warn("%d system services are now being stopped.\n", 5503 non_subgraph_svcs); 5504 else if (non_subgraph_svcs == 1) 5505 uu_warn("One system service is now being stopped.\n"); 5506 else if (non_subgraph_svcs == 0) 5507 do_uadmin(); 5508 } 5509 5510 ret = rebound ? ECONNRESET : 0; 5511 5512 out: 5513 MUTEX_UNLOCK(&dgraph_lock); 5514 if (!isall && !isnone) 5515 startd_free((void *)cfmri, max_scf_fmri_size); 5516 scf_instance_destroy(inst); 5517 return (ret); 5518 } 5519 5520 5521 /* 5522 * Returns 0, ECONNABORTED, or EINVAL. 5523 */ 5524 static int 5525 handle_graph_update_event(scf_handle_t *h, graph_protocol_event_t *e) 5526 { 5527 int r; 5528 5529 switch (e->gpe_type) { 5530 case GRAPH_UPDATE_RELOAD_GRAPH: 5531 log_error(LOG_WARNING, 5532 "graph_event: reload graph unimplemented\n"); 5533 break; 5534 5535 case GRAPH_UPDATE_STATE_CHANGE: { 5536 protocol_states_t *states = e->gpe_data; 5537 5538 switch (r = dgraph_set_instance_state(h, e->gpe_inst, 5539 states->ps_state, states->ps_err)) { 5540 case 0: 5541 case ENOENT: 5542 break; 5543 5544 case ECONNABORTED: 5545 return (ECONNABORTED); 5546 5547 case EINVAL: 5548 default: 5549 #ifndef NDEBUG 5550 (void) fprintf(stderr, "dgraph_set_instance_state() " 5551 "failed with unexpected error %d at %s:%d.\n", r, 5552 __FILE__, __LINE__); 5553 #endif 5554 abort(); 5555 } 5556 5557 startd_free(states, sizeof (protocol_states_t)); 5558 break; 5559 } 5560 5561 default: 5562 log_error(LOG_WARNING, 5563 "graph_event_loop received an unknown event: %d\n", 5564 e->gpe_type); 5565 break; 5566 } 5567 5568 return (0); 5569 } 5570 5571 /* 5572 * graph_event_thread() 5573 * Wait for state changes from the restarters. 5574 */ 5575 /*ARGSUSED*/ 5576 void * 5577 graph_event_thread(void *unused) 5578 { 5579 scf_handle_t *h; 5580 int err; 5581 5582 h = libscf_handle_create_bound_loop(); 5583 5584 /*CONSTCOND*/ 5585 while (1) { 5586 graph_protocol_event_t *e; 5587 5588 MUTEX_LOCK(&gu->gu_lock); 5589 5590 while (gu->gu_wakeup == 0) 5591 (void) pthread_cond_wait(&gu->gu_cv, &gu->gu_lock); 5592 5593 gu->gu_wakeup = 0; 5594 5595 while ((e = graph_event_dequeue()) != NULL) { 5596 MUTEX_LOCK(&e->gpe_lock); 5597 MUTEX_UNLOCK(&gu->gu_lock); 5598 5599 while ((err = handle_graph_update_event(h, e)) == 5600 ECONNABORTED) 5601 libscf_handle_rebind(h); 5602 5603 if (err == 0) 5604 graph_event_release(e); 5605 else 5606 graph_event_requeue(e); 5607 5608 MUTEX_LOCK(&gu->gu_lock); 5609 } 5610 5611 MUTEX_UNLOCK(&gu->gu_lock); 5612 } 5613 5614 /* 5615 * Unreachable for now -- there's currently no graceful cleanup 5616 * called on exit(). 5617 */ 5618 MUTEX_UNLOCK(&gu->gu_lock); 5619 scf_handle_destroy(h); 5620 return (NULL); 5621 } 5622 5623 static void 5624 set_initial_milestone(scf_handle_t *h) 5625 { 5626 scf_instance_t *inst; 5627 char *fmri, *cfmri; 5628 size_t sz; 5629 int r; 5630 5631 inst = safe_scf_instance_create(h); 5632 fmri = startd_alloc(max_scf_fmri_size); 5633 5634 /* 5635 * If -m milestone= was specified, we want to set options_ovr/milestone 5636 * to it. Otherwise we want to read what the milestone should be set 5637 * to. Either way we need our inst. 5638 */ 5639 get_self: 5640 if (scf_handle_decode_fmri(h, SCF_SERVICE_STARTD, NULL, NULL, inst, 5641 NULL, NULL, SCF_DECODE_FMRI_EXACT) != 0) { 5642 switch (scf_error()) { 5643 case SCF_ERROR_CONNECTION_BROKEN: 5644 libscf_handle_rebind(h); 5645 goto get_self; 5646 5647 case SCF_ERROR_NOT_FOUND: 5648 if (st->st_subgraph != NULL && 5649 st->st_subgraph[0] != '\0') { 5650 sz = strlcpy(fmri, st->st_subgraph, 5651 max_scf_fmri_size); 5652 assert(sz < max_scf_fmri_size); 5653 } else { 5654 fmri[0] = '\0'; 5655 } 5656 break; 5657 5658 case SCF_ERROR_INVALID_ARGUMENT: 5659 case SCF_ERROR_CONSTRAINT_VIOLATED: 5660 case SCF_ERROR_HANDLE_MISMATCH: 5661 default: 5662 bad_error("scf_handle_decode_fmri", scf_error()); 5663 } 5664 } else { 5665 if (st->st_subgraph != NULL && st->st_subgraph[0] != '\0') { 5666 scf_propertygroup_t *pg; 5667 5668 pg = safe_scf_pg_create(h); 5669 5670 sz = strlcpy(fmri, st->st_subgraph, max_scf_fmri_size); 5671 assert(sz < max_scf_fmri_size); 5672 5673 r = libscf_inst_get_or_add_pg(inst, SCF_PG_OPTIONS_OVR, 5674 SCF_PG_OPTIONS_OVR_TYPE, SCF_PG_OPTIONS_OVR_FLAGS, 5675 pg); 5676 switch (r) { 5677 case 0: 5678 break; 5679 5680 case ECONNABORTED: 5681 libscf_handle_rebind(h); 5682 goto get_self; 5683 5684 case EPERM: 5685 case EACCES: 5686 case EROFS: 5687 log_error(LOG_WARNING, "Could not set %s/%s: " 5688 "%s.\n", SCF_PG_OPTIONS_OVR, 5689 SCF_PROPERTY_MILESTONE, strerror(r)); 5690 /* FALLTHROUGH */ 5691 5692 case ECANCELED: 5693 sz = strlcpy(fmri, st->st_subgraph, 5694 max_scf_fmri_size); 5695 assert(sz < max_scf_fmri_size); 5696 break; 5697 5698 default: 5699 bad_error("libscf_inst_get_or_add_pg", r); 5700 } 5701 5702 r = libscf_clear_runlevel(pg, fmri); 5703 switch (r) { 5704 case 0: 5705 break; 5706 5707 case ECONNABORTED: 5708 libscf_handle_rebind(h); 5709 goto get_self; 5710 5711 case EPERM: 5712 case EACCES: 5713 case EROFS: 5714 log_error(LOG_WARNING, "Could not set %s/%s: " 5715 "%s.\n", SCF_PG_OPTIONS_OVR, 5716 SCF_PROPERTY_MILESTONE, strerror(r)); 5717 /* FALLTHROUGH */ 5718 5719 case ECANCELED: 5720 sz = strlcpy(fmri, st->st_subgraph, 5721 max_scf_fmri_size); 5722 assert(sz < max_scf_fmri_size); 5723 break; 5724 5725 default: 5726 bad_error("libscf_clear_runlevel", r); 5727 } 5728 5729 scf_pg_destroy(pg); 5730 } else { 5731 scf_property_t *prop; 5732 scf_value_t *val; 5733 5734 prop = safe_scf_property_create(h); 5735 val = safe_scf_value_create(h); 5736 5737 r = libscf_get_milestone(inst, prop, val, fmri, 5738 max_scf_fmri_size); 5739 switch (r) { 5740 case 0: 5741 break; 5742 5743 case ECONNABORTED: 5744 libscf_handle_rebind(h); 5745 goto get_self; 5746 5747 case EINVAL: 5748 log_error(LOG_WARNING, "Milestone property is " 5749 "misconfigured. Defaulting to \"all\".\n"); 5750 /* FALLTHROUGH */ 5751 5752 case ECANCELED: 5753 case ENOENT: 5754 fmri[0] = '\0'; 5755 break; 5756 5757 default: 5758 bad_error("libscf_get_milestone", r); 5759 } 5760 5761 scf_value_destroy(val); 5762 scf_property_destroy(prop); 5763 } 5764 } 5765 5766 if (fmri[0] == '\0' || strcmp(fmri, "all") == 0) 5767 goto out; 5768 5769 if (strcmp(fmri, "none") != 0) { 5770 retry: 5771 if (scf_handle_decode_fmri(h, fmri, NULL, NULL, inst, NULL, 5772 NULL, SCF_DECODE_FMRI_EXACT) != 0) { 5773 switch (scf_error()) { 5774 case SCF_ERROR_INVALID_ARGUMENT: 5775 log_error(LOG_WARNING, 5776 "Requested milestone \"%s\" is invalid. " 5777 "Reverting to \"all\".\n", fmri); 5778 goto out; 5779 5780 case SCF_ERROR_CONSTRAINT_VIOLATED: 5781 log_error(LOG_WARNING, "Requested milestone " 5782 "\"%s\" does not specify an instance. " 5783 "Reverting to \"all\".\n", fmri); 5784 goto out; 5785 5786 case SCF_ERROR_CONNECTION_BROKEN: 5787 libscf_handle_rebind(h); 5788 goto retry; 5789 5790 case SCF_ERROR_NOT_FOUND: 5791 log_error(LOG_WARNING, "Requested milestone " 5792 "\"%s\" not in repository. Reverting to " 5793 "\"all\".\n", fmri); 5794 goto out; 5795 5796 case SCF_ERROR_HANDLE_MISMATCH: 5797 default: 5798 bad_error("scf_handle_decode_fmri", 5799 scf_error()); 5800 } 5801 } 5802 5803 r = fmri_canonify(fmri, &cfmri, B_FALSE); 5804 assert(r == 0); 5805 5806 r = dgraph_add_instance(cfmri, inst, B_TRUE); 5807 startd_free(cfmri, max_scf_fmri_size); 5808 switch (r) { 5809 case 0: 5810 break; 5811 5812 case ECONNABORTED: 5813 goto retry; 5814 5815 case EINVAL: 5816 log_error(LOG_WARNING, 5817 "Requested milestone \"%s\" is invalid. " 5818 "Reverting to \"all\".\n", fmri); 5819 goto out; 5820 5821 case ECANCELED: 5822 log_error(LOG_WARNING, 5823 "Requested milestone \"%s\" not " 5824 "in repository. Reverting to \"all\".\n", 5825 fmri); 5826 goto out; 5827 5828 case EEXIST: 5829 default: 5830 bad_error("dgraph_add_instance", r); 5831 } 5832 } 5833 5834 log_console(LOG_INFO, "Booting to milestone \"%s\".\n", fmri); 5835 5836 r = dgraph_set_milestone(fmri, h, B_FALSE); 5837 switch (r) { 5838 case 0: 5839 case ECONNRESET: 5840 case EALREADY: 5841 break; 5842 5843 case EINVAL: 5844 case ENOENT: 5845 default: 5846 bad_error("dgraph_set_milestone", r); 5847 } 5848 5849 out: 5850 startd_free(fmri, max_scf_fmri_size); 5851 scf_instance_destroy(inst); 5852 } 5853 5854 void 5855 set_restart_milestone(scf_handle_t *h) 5856 { 5857 scf_instance_t *inst; 5858 scf_property_t *prop; 5859 scf_value_t *val; 5860 char *fmri; 5861 int r; 5862 5863 inst = safe_scf_instance_create(h); 5864 5865 get_self: 5866 if (scf_handle_decode_fmri(h, SCF_SERVICE_STARTD, NULL, NULL, 5867 inst, NULL, NULL, SCF_DECODE_FMRI_EXACT) != 0) { 5868 switch (scf_error()) { 5869 case SCF_ERROR_CONNECTION_BROKEN: 5870 libscf_handle_rebind(h); 5871 goto get_self; 5872 5873 case SCF_ERROR_NOT_FOUND: 5874 break; 5875 5876 case SCF_ERROR_INVALID_ARGUMENT: 5877 case SCF_ERROR_CONSTRAINT_VIOLATED: 5878 case SCF_ERROR_HANDLE_MISMATCH: 5879 default: 5880 bad_error("scf_handle_decode_fmri", scf_error()); 5881 } 5882 5883 scf_instance_destroy(inst); 5884 return; 5885 } 5886 5887 prop = safe_scf_property_create(h); 5888 val = safe_scf_value_create(h); 5889 fmri = startd_alloc(max_scf_fmri_size); 5890 5891 r = libscf_get_milestone(inst, prop, val, fmri, max_scf_fmri_size); 5892 switch (r) { 5893 case 0: 5894 break; 5895 5896 case ECONNABORTED: 5897 libscf_handle_rebind(h); 5898 goto get_self; 5899 5900 case ECANCELED: 5901 case ENOENT: 5902 case EINVAL: 5903 goto out; 5904 5905 default: 5906 bad_error("libscf_get_milestone", r); 5907 } 5908 5909 r = dgraph_set_milestone(fmri, h, B_TRUE); 5910 switch (r) { 5911 case 0: 5912 case ECONNRESET: 5913 case EALREADY: 5914 case EINVAL: 5915 case ENOENT: 5916 break; 5917 5918 default: 5919 bad_error("dgraph_set_milestone", r); 5920 } 5921 5922 out: 5923 startd_free(fmri, max_scf_fmri_size); 5924 scf_value_destroy(val); 5925 scf_property_destroy(prop); 5926 scf_instance_destroy(inst); 5927 } 5928 5929 /* 5930 * void *graph_thread(void *) 5931 * 5932 * Graph management thread. 5933 */ 5934 /*ARGSUSED*/ 5935 void * 5936 graph_thread(void *arg) 5937 { 5938 scf_handle_t *h; 5939 int err; 5940 5941 h = libscf_handle_create_bound_loop(); 5942 5943 if (st->st_initial) 5944 set_initial_milestone(h); 5945 5946 MUTEX_LOCK(&dgraph_lock); 5947 initial_milestone_set = B_TRUE; 5948 err = pthread_cond_broadcast(&initial_milestone_cv); 5949 assert(err == 0); 5950 MUTEX_UNLOCK(&dgraph_lock); 5951 5952 libscf_populate_graph(h); 5953 5954 if (!st->st_initial) 5955 set_restart_milestone(h); 5956 5957 MUTEX_LOCK(&st->st_load_lock); 5958 st->st_load_complete = 1; 5959 (void) pthread_cond_broadcast(&st->st_load_cv); 5960 MUTEX_UNLOCK(&st->st_load_lock); 5961 5962 MUTEX_LOCK(&dgraph_lock); 5963 /* 5964 * Now that we've set st_load_complete we need to check can_come_up() 5965 * since if we booted to a milestone, then there won't be any more 5966 * state updates. 5967 */ 5968 if (!go_single_user_mode && !go_to_level1 && 5969 halting == -1) { 5970 if (!sulogin_thread_running && !can_come_up()) { 5971 (void) startd_thread_create(sulogin_thread, NULL); 5972 sulogin_thread_running = B_TRUE; 5973 } 5974 } 5975 MUTEX_UNLOCK(&dgraph_lock); 5976 5977 (void) pthread_mutex_lock(&gu->gu_freeze_lock); 5978 5979 /*CONSTCOND*/ 5980 while (1) { 5981 (void) pthread_cond_wait(&gu->gu_freeze_cv, 5982 &gu->gu_freeze_lock); 5983 } 5984 5985 /* 5986 * Unreachable for now -- there's currently no graceful cleanup 5987 * called on exit(). 5988 */ 5989 (void) pthread_mutex_unlock(&gu->gu_freeze_lock); 5990 scf_handle_destroy(h); 5991 5992 return (NULL); 5993 } 5994 5995 5996 /* 5997 * int next_action() 5998 * Given an array of timestamps 'a' with 'num' elements, find the 5999 * lowest non-zero timestamp and return its index. If there are no 6000 * non-zero elements, return -1. 6001 */ 6002 static int 6003 next_action(hrtime_t *a, int num) 6004 { 6005 hrtime_t t = 0; 6006 int i = 0, smallest = -1; 6007 6008 for (i = 0; i < num; i++) { 6009 if (t == 0) { 6010 t = a[i]; 6011 smallest = i; 6012 } else if (a[i] != 0 && a[i] < t) { 6013 t = a[i]; 6014 smallest = i; 6015 } 6016 } 6017 6018 if (t == 0) 6019 return (-1); 6020 else 6021 return (smallest); 6022 } 6023 6024 /* 6025 * void process_actions() 6026 * Process actions requested by the administrator. Possibilities include: 6027 * refresh, restart, maintenance mode off, maintenance mode on, 6028 * maintenance mode immediate, and degraded. 6029 * 6030 * The set of pending actions is represented in the repository as a 6031 * per-instance property group, with each action being a single property 6032 * in that group. This property group is converted to an array, with each 6033 * action type having an array slot. The actions in the array at the 6034 * time process_actions() is called are acted on in the order of the 6035 * timestamp (which is the value stored in the slot). A value of zero 6036 * indicates that there is no pending action of the type associated with 6037 * a particular slot. 6038 * 6039 * Sending an action event multiple times before the restarter has a 6040 * chance to process that action will force it to be run at the last 6041 * timestamp where it appears in the ordering. 6042 * 6043 * Turning maintenance mode on trumps all other actions. 6044 * 6045 * Returns 0 or ECONNABORTED. 6046 */ 6047 static int 6048 process_actions(scf_handle_t *h, scf_propertygroup_t *pg, scf_instance_t *inst) 6049 { 6050 scf_property_t *prop = NULL; 6051 scf_value_t *val = NULL; 6052 scf_type_t type; 6053 graph_vertex_t *vertex; 6054 admin_action_t a; 6055 int i, ret = 0, r; 6056 hrtime_t action_ts[NACTIONS]; 6057 char *inst_name; 6058 6059 r = libscf_instance_get_fmri(inst, &inst_name); 6060 switch (r) { 6061 case 0: 6062 break; 6063 6064 case ECONNABORTED: 6065 return (ECONNABORTED); 6066 6067 case ECANCELED: 6068 return (0); 6069 6070 default: 6071 bad_error("libscf_instance_get_fmri", r); 6072 } 6073 6074 MUTEX_LOCK(&dgraph_lock); 6075 6076 vertex = vertex_get_by_name(inst_name); 6077 if (vertex == NULL) { 6078 MUTEX_UNLOCK(&dgraph_lock); 6079 log_framework(LOG_DEBUG, "%s: Can't find graph vertex. " 6080 "The instance must have been removed.\n", inst_name); 6081 startd_free(inst_name, max_scf_fmri_size); 6082 return (0); 6083 } 6084 6085 prop = safe_scf_property_create(h); 6086 val = safe_scf_value_create(h); 6087 6088 for (i = 0; i < NACTIONS; i++) { 6089 if (scf_pg_get_property(pg, admin_actions[i], prop) != 0) { 6090 switch (scf_error()) { 6091 case SCF_ERROR_CONNECTION_BROKEN: 6092 default: 6093 ret = ECONNABORTED; 6094 goto out; 6095 6096 case SCF_ERROR_DELETED: 6097 goto out; 6098 6099 case SCF_ERROR_NOT_FOUND: 6100 action_ts[i] = 0; 6101 continue; 6102 6103 case SCF_ERROR_HANDLE_MISMATCH: 6104 case SCF_ERROR_INVALID_ARGUMENT: 6105 case SCF_ERROR_NOT_SET: 6106 bad_error("scf_pg_get_property", scf_error()); 6107 } 6108 } 6109 6110 if (scf_property_type(prop, &type) != 0) { 6111 switch (scf_error()) { 6112 case SCF_ERROR_CONNECTION_BROKEN: 6113 default: 6114 ret = ECONNABORTED; 6115 goto out; 6116 6117 case SCF_ERROR_DELETED: 6118 action_ts[i] = 0; 6119 continue; 6120 6121 case SCF_ERROR_NOT_SET: 6122 bad_error("scf_property_type", scf_error()); 6123 } 6124 } 6125 6126 if (type != SCF_TYPE_INTEGER) { 6127 action_ts[i] = 0; 6128 continue; 6129 } 6130 6131 if (scf_property_get_value(prop, val) != 0) { 6132 switch (scf_error()) { 6133 case SCF_ERROR_CONNECTION_BROKEN: 6134 default: 6135 ret = ECONNABORTED; 6136 goto out; 6137 6138 case SCF_ERROR_DELETED: 6139 goto out; 6140 6141 case SCF_ERROR_NOT_FOUND: 6142 case SCF_ERROR_CONSTRAINT_VIOLATED: 6143 action_ts[i] = 0; 6144 continue; 6145 6146 case SCF_ERROR_NOT_SET: 6147 case SCF_ERROR_PERMISSION_DENIED: 6148 bad_error("scf_property_get_value", 6149 scf_error()); 6150 } 6151 } 6152 6153 r = scf_value_get_integer(val, &action_ts[i]); 6154 assert(r == 0); 6155 } 6156 6157 a = ADMIN_EVENT_MAINT_ON_IMMEDIATE; 6158 if (action_ts[ADMIN_EVENT_MAINT_ON_IMMEDIATE] || 6159 action_ts[ADMIN_EVENT_MAINT_ON]) { 6160 a = action_ts[ADMIN_EVENT_MAINT_ON_IMMEDIATE] ? 6161 ADMIN_EVENT_MAINT_ON_IMMEDIATE : ADMIN_EVENT_MAINT_ON; 6162 6163 vertex_send_event(vertex, admin_events[a]); 6164 r = libscf_unset_action(h, pg, a, action_ts[a]); 6165 switch (r) { 6166 case 0: 6167 case EACCES: 6168 break; 6169 6170 case ECONNABORTED: 6171 ret = ECONNABORTED; 6172 goto out; 6173 6174 case EPERM: 6175 uu_die("Insufficient privilege.\n"); 6176 /* NOTREACHED */ 6177 6178 default: 6179 bad_error("libscf_unset_action", r); 6180 } 6181 } 6182 6183 while ((a = next_action(action_ts, NACTIONS)) != -1) { 6184 log_framework(LOG_DEBUG, 6185 "Graph: processing %s action for %s.\n", admin_actions[a], 6186 inst_name); 6187 6188 if (a == ADMIN_EVENT_REFRESH) { 6189 r = dgraph_refresh_instance(vertex, inst); 6190 switch (r) { 6191 case 0: 6192 case ECANCELED: 6193 case EINVAL: 6194 case -1: 6195 break; 6196 6197 case ECONNABORTED: 6198 /* pg & inst are reset now, so just return. */ 6199 ret = ECONNABORTED; 6200 goto out; 6201 6202 default: 6203 bad_error("dgraph_refresh_instance", r); 6204 } 6205 } 6206 6207 vertex_send_event(vertex, admin_events[a]); 6208 6209 r = libscf_unset_action(h, pg, a, action_ts[a]); 6210 switch (r) { 6211 case 0: 6212 case EACCES: 6213 break; 6214 6215 case ECONNABORTED: 6216 ret = ECONNABORTED; 6217 goto out; 6218 6219 case EPERM: 6220 uu_die("Insufficient privilege.\n"); 6221 /* NOTREACHED */ 6222 6223 default: 6224 bad_error("libscf_unset_action", r); 6225 } 6226 6227 action_ts[a] = 0; 6228 } 6229 6230 out: 6231 MUTEX_UNLOCK(&dgraph_lock); 6232 6233 scf_property_destroy(prop); 6234 scf_value_destroy(val); 6235 startd_free(inst_name, max_scf_fmri_size); 6236 return (ret); 6237 } 6238 6239 /* 6240 * inst and pg_name are scratch space, and are unset on entry. 6241 * Returns 6242 * 0 - success 6243 * ECONNRESET - success, but repository handle rebound 6244 * ECONNABORTED - repository connection broken 6245 */ 6246 static int 6247 process_pg_event(scf_handle_t *h, scf_propertygroup_t *pg, scf_instance_t *inst, 6248 char *pg_name) 6249 { 6250 int r; 6251 scf_property_t *prop; 6252 scf_value_t *val; 6253 char *fmri; 6254 boolean_t rebound = B_FALSE, rebind_inst = B_FALSE; 6255 6256 if (scf_pg_get_name(pg, pg_name, max_scf_value_size) < 0) { 6257 switch (scf_error()) { 6258 case SCF_ERROR_CONNECTION_BROKEN: 6259 default: 6260 return (ECONNABORTED); 6261 6262 case SCF_ERROR_DELETED: 6263 return (0); 6264 6265 case SCF_ERROR_NOT_SET: 6266 bad_error("scf_pg_get_name", scf_error()); 6267 } 6268 } 6269 6270 if (strcmp(pg_name, SCF_PG_GENERAL) == 0 || 6271 strcmp(pg_name, SCF_PG_GENERAL_OVR) == 0) { 6272 r = dgraph_update_general(pg); 6273 switch (r) { 6274 case 0: 6275 case ENOTSUP: 6276 case ECANCELED: 6277 return (0); 6278 6279 case ECONNABORTED: 6280 return (ECONNABORTED); 6281 6282 case -1: 6283 /* Error should have been logged. */ 6284 return (0); 6285 6286 default: 6287 bad_error("dgraph_update_general", r); 6288 } 6289 } else if (strcmp(pg_name, SCF_PG_RESTARTER_ACTIONS) == 0) { 6290 if (scf_pg_get_parent_instance(pg, inst) != 0) { 6291 switch (scf_error()) { 6292 case SCF_ERROR_CONNECTION_BROKEN: 6293 return (ECONNABORTED); 6294 6295 case SCF_ERROR_DELETED: 6296 case SCF_ERROR_CONSTRAINT_VIOLATED: 6297 /* Ignore commands on services. */ 6298 return (0); 6299 6300 case SCF_ERROR_NOT_BOUND: 6301 case SCF_ERROR_HANDLE_MISMATCH: 6302 case SCF_ERROR_NOT_SET: 6303 default: 6304 bad_error("scf_pg_get_parent_instance", 6305 scf_error()); 6306 } 6307 } 6308 6309 return (process_actions(h, pg, inst)); 6310 } 6311 6312 if (strcmp(pg_name, SCF_PG_OPTIONS) != 0 && 6313 strcmp(pg_name, SCF_PG_OPTIONS_OVR) != 0) 6314 return (0); 6315 6316 /* 6317 * We only care about the options[_ovr] property groups of our own 6318 * instance, so get the fmri and compare. Plus, once we know it's 6319 * correct, if the repository connection is broken we know exactly what 6320 * property group we were operating on, and can look it up again. 6321 */ 6322 if (scf_pg_get_parent_instance(pg, inst) != 0) { 6323 switch (scf_error()) { 6324 case SCF_ERROR_CONNECTION_BROKEN: 6325 return (ECONNABORTED); 6326 6327 case SCF_ERROR_DELETED: 6328 case SCF_ERROR_CONSTRAINT_VIOLATED: 6329 return (0); 6330 6331 case SCF_ERROR_HANDLE_MISMATCH: 6332 case SCF_ERROR_NOT_BOUND: 6333 case SCF_ERROR_NOT_SET: 6334 default: 6335 bad_error("scf_pg_get_parent_instance", 6336 scf_error()); 6337 } 6338 } 6339 6340 switch (r = libscf_instance_get_fmri(inst, &fmri)) { 6341 case 0: 6342 break; 6343 6344 case ECONNABORTED: 6345 return (ECONNABORTED); 6346 6347 case ECANCELED: 6348 return (0); 6349 6350 default: 6351 bad_error("libscf_instance_get_fmri", r); 6352 } 6353 6354 if (strcmp(fmri, SCF_SERVICE_STARTD) != 0) { 6355 startd_free(fmri, max_scf_fmri_size); 6356 return (0); 6357 } 6358 6359 prop = safe_scf_property_create(h); 6360 val = safe_scf_value_create(h); 6361 6362 if (strcmp(pg_name, SCF_PG_OPTIONS_OVR) == 0) { 6363 /* See if we need to set the runlevel. */ 6364 /* CONSTCOND */ 6365 if (0) { 6366 rebind_pg: 6367 libscf_handle_rebind(h); 6368 rebound = B_TRUE; 6369 6370 r = libscf_lookup_instance(SCF_SERVICE_STARTD, inst); 6371 switch (r) { 6372 case 0: 6373 break; 6374 6375 case ECONNABORTED: 6376 goto rebind_pg; 6377 6378 case ENOENT: 6379 goto out; 6380 6381 case EINVAL: 6382 case ENOTSUP: 6383 bad_error("libscf_lookup_instance", r); 6384 } 6385 6386 if (scf_instance_get_pg(inst, pg_name, pg) != 0) { 6387 switch (scf_error()) { 6388 case SCF_ERROR_DELETED: 6389 case SCF_ERROR_NOT_FOUND: 6390 goto out; 6391 6392 case SCF_ERROR_CONNECTION_BROKEN: 6393 goto rebind_pg; 6394 6395 case SCF_ERROR_HANDLE_MISMATCH: 6396 case SCF_ERROR_NOT_BOUND: 6397 case SCF_ERROR_NOT_SET: 6398 case SCF_ERROR_INVALID_ARGUMENT: 6399 default: 6400 bad_error("scf_instance_get_pg", 6401 scf_error()); 6402 } 6403 } 6404 } 6405 6406 if (scf_pg_get_property(pg, "runlevel", prop) == 0) { 6407 r = dgraph_set_runlevel(pg, prop); 6408 switch (r) { 6409 case ECONNRESET: 6410 rebound = B_TRUE; 6411 rebind_inst = B_TRUE; 6412 /* FALLTHROUGH */ 6413 6414 case 0: 6415 break; 6416 6417 case ECONNABORTED: 6418 goto rebind_pg; 6419 6420 case ECANCELED: 6421 goto out; 6422 6423 default: 6424 bad_error("dgraph_set_runlevel", r); 6425 } 6426 } else { 6427 switch (scf_error()) { 6428 case SCF_ERROR_CONNECTION_BROKEN: 6429 default: 6430 goto rebind_pg; 6431 6432 case SCF_ERROR_DELETED: 6433 goto out; 6434 6435 case SCF_ERROR_NOT_FOUND: 6436 break; 6437 6438 case SCF_ERROR_INVALID_ARGUMENT: 6439 case SCF_ERROR_HANDLE_MISMATCH: 6440 case SCF_ERROR_NOT_BOUND: 6441 case SCF_ERROR_NOT_SET: 6442 bad_error("scf_pg_get_property", scf_error()); 6443 } 6444 } 6445 } 6446 6447 if (rebind_inst) { 6448 lookup_inst: 6449 r = libscf_lookup_instance(SCF_SERVICE_STARTD, inst); 6450 switch (r) { 6451 case 0: 6452 break; 6453 6454 case ECONNABORTED: 6455 libscf_handle_rebind(h); 6456 rebound = B_TRUE; 6457 goto lookup_inst; 6458 6459 case ENOENT: 6460 goto out; 6461 6462 case EINVAL: 6463 case ENOTSUP: 6464 bad_error("libscf_lookup_instance", r); 6465 } 6466 } 6467 6468 r = libscf_get_milestone(inst, prop, val, fmri, max_scf_fmri_size); 6469 switch (r) { 6470 case 0: 6471 break; 6472 6473 case ECONNABORTED: 6474 libscf_handle_rebind(h); 6475 rebound = B_TRUE; 6476 goto lookup_inst; 6477 6478 case EINVAL: 6479 log_error(LOG_NOTICE, 6480 "%s/%s property of %s is misconfigured.\n", pg_name, 6481 SCF_PROPERTY_MILESTONE, SCF_SERVICE_STARTD); 6482 /* FALLTHROUGH */ 6483 6484 case ECANCELED: 6485 case ENOENT: 6486 (void) strcpy(fmri, "all"); 6487 break; 6488 6489 default: 6490 bad_error("libscf_get_milestone", r); 6491 } 6492 6493 r = dgraph_set_milestone(fmri, h, B_FALSE); 6494 switch (r) { 6495 case 0: 6496 case ECONNRESET: 6497 case EALREADY: 6498 break; 6499 6500 case EINVAL: 6501 log_error(LOG_WARNING, "Milestone %s is invalid.\n", fmri); 6502 break; 6503 6504 case ENOENT: 6505 log_error(LOG_WARNING, "Milestone %s does not exist.\n", fmri); 6506 break; 6507 6508 default: 6509 bad_error("dgraph_set_milestone", r); 6510 } 6511 6512 out: 6513 startd_free(fmri, max_scf_fmri_size); 6514 scf_value_destroy(val); 6515 scf_property_destroy(prop); 6516 6517 return (rebound ? ECONNRESET : 0); 6518 } 6519 6520 /* 6521 * process_delete() deletes an instance from the dgraph if 'fmri' is an 6522 * instance fmri or if 'fmri' matches the 'general' property group of an 6523 * instance (or the 'general/enabled' property). 6524 * 6525 * 'fmri' may be overwritten and cannot be trusted on return by the caller. 6526 */ 6527 static void 6528 process_delete(char *fmri, scf_handle_t *h) 6529 { 6530 char *lfmri, *end_inst_fmri; 6531 const char *inst_name = NULL; 6532 const char *pg_name = NULL; 6533 const char *prop_name = NULL; 6534 6535 lfmri = safe_strdup(fmri); 6536 6537 /* Determine if the FMRI is a property group or instance */ 6538 if (scf_parse_svc_fmri(lfmri, NULL, NULL, &inst_name, &pg_name, 6539 &prop_name) != SCF_SUCCESS) { 6540 log_error(LOG_WARNING, 6541 "Received invalid FMRI \"%s\" from repository server.\n", 6542 fmri); 6543 } else if (inst_name != NULL && pg_name == NULL) { 6544 (void) dgraph_remove_instance(fmri, h); 6545 } else if (inst_name != NULL && pg_name != NULL) { 6546 /* 6547 * If we're deleting the 'general' property group or 6548 * 'general/enabled' property then the whole instance 6549 * must be removed from the dgraph. 6550 */ 6551 if (strcmp(pg_name, SCF_PG_GENERAL) != 0) { 6552 free(lfmri); 6553 return; 6554 } 6555 6556 if (prop_name != NULL && 6557 strcmp(prop_name, SCF_PROPERTY_ENABLED) != 0) { 6558 free(lfmri); 6559 return; 6560 } 6561 6562 /* 6563 * Because the instance has already been deleted from the 6564 * repository, we cannot use any scf_ functions to retrieve 6565 * the instance FMRI however we can easily reconstruct it 6566 * manually. 6567 */ 6568 end_inst_fmri = strstr(fmri, SCF_FMRI_PROPERTYGRP_PREFIX); 6569 if (end_inst_fmri == NULL) 6570 bad_error("process_delete", 0); 6571 6572 end_inst_fmri[0] = '\0'; 6573 6574 (void) dgraph_remove_instance(fmri, h); 6575 } 6576 6577 free(lfmri); 6578 } 6579 6580 /*ARGSUSED*/ 6581 void * 6582 repository_event_thread(void *unused) 6583 { 6584 scf_handle_t *h; 6585 scf_propertygroup_t *pg; 6586 scf_instance_t *inst; 6587 char *fmri = startd_alloc(max_scf_fmri_size); 6588 char *pg_name = startd_alloc(max_scf_value_size); 6589 int r; 6590 6591 h = libscf_handle_create_bound_loop(); 6592 6593 pg = safe_scf_pg_create(h); 6594 inst = safe_scf_instance_create(h); 6595 6596 retry: 6597 if (_scf_notify_add_pgtype(h, SCF_GROUP_FRAMEWORK) != SCF_SUCCESS) { 6598 if (scf_error() == SCF_ERROR_CONNECTION_BROKEN) { 6599 libscf_handle_rebind(h); 6600 } else { 6601 log_error(LOG_WARNING, 6602 "Couldn't set up repository notification " 6603 "for property group type %s: %s\n", 6604 SCF_GROUP_FRAMEWORK, scf_strerror(scf_error())); 6605 6606 (void) sleep(1); 6607 } 6608 6609 goto retry; 6610 } 6611 6612 /*CONSTCOND*/ 6613 while (1) { 6614 ssize_t res; 6615 6616 /* Note: fmri is only set on delete events. */ 6617 res = _scf_notify_wait(pg, fmri, max_scf_fmri_size); 6618 if (res < 0) { 6619 libscf_handle_rebind(h); 6620 goto retry; 6621 } else if (res == 0) { 6622 /* 6623 * property group modified. inst and pg_name are 6624 * pre-allocated scratch space. 6625 */ 6626 if (scf_pg_update(pg) < 0) { 6627 switch (scf_error()) { 6628 case SCF_ERROR_DELETED: 6629 continue; 6630 6631 case SCF_ERROR_CONNECTION_BROKEN: 6632 log_error(LOG_WARNING, 6633 "Lost repository event due to " 6634 "disconnection.\n"); 6635 libscf_handle_rebind(h); 6636 goto retry; 6637 6638 case SCF_ERROR_NOT_BOUND: 6639 case SCF_ERROR_NOT_SET: 6640 default: 6641 bad_error("scf_pg_update", scf_error()); 6642 } 6643 } 6644 6645 r = process_pg_event(h, pg, inst, pg_name); 6646 switch (r) { 6647 case 0: 6648 break; 6649 6650 case ECONNABORTED: 6651 log_error(LOG_WARNING, "Lost repository event " 6652 "due to disconnection.\n"); 6653 libscf_handle_rebind(h); 6654 /* FALLTHROUGH */ 6655 6656 case ECONNRESET: 6657 goto retry; 6658 6659 default: 6660 bad_error("process_pg_event", r); 6661 } 6662 } else { 6663 /* 6664 * Service, instance, or pg deleted. 6665 * Don't trust fmri on return. 6666 */ 6667 process_delete(fmri, h); 6668 } 6669 } 6670 6671 /*NOTREACHED*/ 6672 return (NULL); 6673 } 6674 6675 void 6676 graph_engine_start() 6677 { 6678 int err; 6679 6680 (void) startd_thread_create(graph_thread, NULL); 6681 6682 MUTEX_LOCK(&dgraph_lock); 6683 while (!initial_milestone_set) { 6684 err = pthread_cond_wait(&initial_milestone_cv, &dgraph_lock); 6685 assert(err == 0); 6686 } 6687 MUTEX_UNLOCK(&dgraph_lock); 6688 6689 (void) startd_thread_create(repository_event_thread, NULL); 6690 (void) startd_thread_create(graph_event_thread, NULL); 6691 } 6692
Indexes created Sun Nov 22 02:16:54 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.