1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * graph.c - master restarter graph engine 29 * 30 * The graph engine keeps a dependency graph of all service instances on the 31 * system, as recorded in the repository. It decides when services should 32 * be brought up or down based on service states and dependencies and sends 33 * commands to restarters to effect any changes. It also executes 34 * administrator commands sent by svcadm via the repository. 35 * 36 * The graph is stored in uu_list_t *dgraph and its vertices are 37 * graph_vertex_t's, each of which has a name and an integer id unique to 38 * its name (see dict.c). A vertex's type attribute designates the type 39 * of object it represents: GVT_INST for service instances, GVT_SVC for 40 * service objects (since service instances may depend on another service, 41 * rather than service instance), GVT_FILE for files (which services may 42 * depend on), and GVT_GROUP for dependencies on multiple objects. GVT_GROUP 43 * vertices are necessary because dependency lists may have particular 44 * grouping types (require any, require all, optional, or exclude) and 45 * event-propagation characteristics. 46 * 47 * The initial graph is built by libscf_populate_graph() invoking 48 * dgraph_add_instance() for each instance in the repository. The function 49 * adds a GVT_SVC vertex for the service if one does not already exist, adds 50 * a GVT_INST vertex named by the FMRI of the instance, and sets up the edges. 51 * The resulting web of vertices & edges associated with an instance's vertex 52 * includes 53 * 54 * - an edge from the GVT_SVC vertex for the instance's service 55 * 56 * - an edge to the GVT_INST vertex of the instance's resarter, if its 57 * restarter is not svc.startd 58 * 59 * - edges from other GVT_INST vertices if the instance is a restarter 60 * 61 * - for each dependency property group in the instance's "running" 62 * snapshot, an edge to a GVT_GROUP vertex named by the FMRI of the 63 * instance and the name of the property group 64 * 65 * - for each value of the "entities" property in each dependency property 66 * group, an edge from the corresponding GVT_GROUP vertex to a 67 * GVT_INST, GVT_SVC, or GVT_FILE vertex 68 * 69 * - edges from GVT_GROUP vertices for each dependent instance 70 * 71 * After the edges are set up the vertex's GV_CONFIGURED flag is set. If 72 * there are problems, or if a service is mentioned in a dependency but does 73 * not exist in the repository, the GV_CONFIGURED flag will be clear. 74 * 75 * The graph and all of its vertices are protected by the dgraph_lock mutex. 76 * See restarter.c for more information. 77 * 78 * The properties of an instance fall into two classes: immediate and 79 * snapshotted. Immediate properties should have an immediate effect when 80 * changed. Snapshotted properties should be read from a snapshot, so they 81 * only change when the snapshot changes. The immediate properties used by 82 * the graph engine are general/enabled, general/restarter, and the properties 83 * in the restarter_actions property group. Since they are immediate, they 84 * are not read out of a snapshot. The snapshotted properties used by the 85 * graph engine are those in the property groups with type "dependency" and 86 * are read out of the "running" snapshot. The "running" snapshot is created 87 * by the the graph engine as soon as possible, and it is updated, along with 88 * in-core copies of the data (dependency information for the graph engine) on 89 * receipt of the refresh command from svcadm. In addition, the graph engine 90 * updates the "start" snapshot from the "running" snapshot whenever a service 91 * comes online. 92 * 93 * When a DISABLE event is requested by the administrator, svc.startd shutdown 94 * the dependents first before shutting down the requested service. 95 * In graph_enable_by_vertex, we create a subtree that contains the dependent 96 * vertices by marking those vertices with the GV_TOOFFLINE flag. And we mark 97 * the vertex to disable with the GV_TODISABLE flag. Once the tree is created, 98 * we send the _ADMIN_DISABLE event to the leaves. The leaves will then 99 * transition from STATE_ONLINE/STATE_DEGRADED to STATE_OFFLINE/STATE_MAINT. 100 * In gt_enter_offline and gt_enter_maint if the vertex was in a subtree then 101 * we clear the GV_TOOFFLINE flag and walk the dependencies to offline the new 102 * exposed leaves. We do the same until we reach the last leaf (the one with 103 * the GV_TODISABLE flag). If the vertex to disable is also part of a larger 104 * subtree (eg. multiple DISABLE events on vertices in the same subtree) then 105 * once the first vertex is disabled (GV_TODISABLE flag is removed), we 106 * continue to propagate the offline event to the vertex's dependencies. 107 */ 108 109 #include <sys/uadmin.h> 110 #include <sys/wait.h> 111 112 #include <assert.h> 113 #include <errno.h> 114 #include <fcntl.h> 115 #include <libscf.h> 116 #include <libscf_priv.h> 117 #include <libuutil.h> 118 #include <locale.h> 119 #include <poll.h> 120 #include <pthread.h> 121 #include <signal.h> 122 #include <stddef.h> 123 #include <stdio.h> 124 #include <stdlib.h> 125 #include <string.h> 126 #include <strings.h> 127 #include <sys/statvfs.h> 128 #include <sys/uadmin.h> 129 #include <zone.h> 130 #if defined(__i386) 131 #include <libgrubmgmt.h> 132 #endif /* __i386 */ 133 134 #include "startd.h" 135 #include "protocol.h" 136 137 138 #define MILESTONE_NONE ((graph_vertex_t *)1) 139 140 #define CONSOLE_LOGIN_FMRI "svc:/system/console-login:default" 141 #define FS_MINIMAL_FMRI "svc:/system/filesystem/minimal:default" 142 143 #define VERTEX_REMOVED 0 /* vertex has been freed */ 144 #define VERTEX_INUSE 1 /* vertex is still in use */ 145 146 /* 147 * Services in these states are not considered 'down' by the 148 * milestone/shutdown code. 149 */ 150 #define up_state(state) ((state) == RESTARTER_STATE_ONLINE || \ 151 (state) == RESTARTER_STATE_DEGRADED || \ 152 (state) == RESTARTER_STATE_OFFLINE) 153 154 static uu_list_pool_t *graph_edge_pool, *graph_vertex_pool; 155 static uu_list_t *dgraph; 156 static pthread_mutex_t dgraph_lock; 157 158 /* 159 * milestone indicates the current subgraph. When NULL, it is the entire 160 * graph. When MILESTONE_NONE, it is the empty graph. Otherwise, it is all 161 * services on which the target vertex depends. 162 */ 163 static graph_vertex_t *milestone = NULL; 164 static boolean_t initial_milestone_set = B_FALSE; 165 static pthread_cond_t initial_milestone_cv = PTHREAD_COND_INITIALIZER; 166 167 /* protected by dgraph_lock */ 168 static boolean_t sulogin_thread_running = B_FALSE; 169 static boolean_t sulogin_running = B_FALSE; 170 static boolean_t console_login_ready = B_FALSE; 171 172 /* Number of services to come down to complete milestone transition. */ 173 static uint_t non_subgraph_svcs; 174 175 /* 176 * These variables indicate what should be done when we reach the milestone 177 * target milestone, i.e., when non_subgraph_svcs == 0. They are acted upon in 178 * dgraph_set_instance_state(). 179 */ 180 static int halting = -1; 181 static boolean_t go_single_user_mode = B_FALSE; 182 static boolean_t go_to_level1 = B_FALSE; 183 184 /* 185 * Tracks when we started halting. 186 */ 187 static time_t halting_time = 0; 188 189 /* 190 * This tracks the legacy runlevel to ensure we signal init and manage 191 * utmpx entries correctly. 192 */ 193 static char current_runlevel = '\0'; 194 195 /* Number of single user threads currently running */ 196 static pthread_mutex_t single_user_thread_lock; 197 static int single_user_thread_count = 0; 198 199 /* Statistics for dependency cycle-checking */ 200 static u_longlong_t dep_inserts = 0; 201 static u_longlong_t dep_cycle_ns = 0; 202 static u_longlong_t dep_insert_ns = 0; 203 204 205 static const char * const emsg_invalid_restarter = 206 "Transitioning %s to maintenance, restarter FMRI %s is invalid " 207 "(see 'svcs -xv' for details).\n"; 208 static const char * const console_login_fmri = CONSOLE_LOGIN_FMRI; 209 static const char * const single_user_fmri = SCF_MILESTONE_SINGLE_USER; 210 static const char * const multi_user_fmri = SCF_MILESTONE_MULTI_USER; 211 static const char * const multi_user_svr_fmri = SCF_MILESTONE_MULTI_USER_SERVER; 212 213 214 /* 215 * These services define the system being "up". If none of them can come 216 * online, then we will run sulogin on the console. Note that the install ones 217 * are for the miniroot and when installing CDs after the first. can_come_up() 218 * does the decision making, and an sulogin_thread() runs sulogin, which can be 219 * started by dgraph_set_instance_state() or single_user_thread(). 220 * 221 * NOTE: can_come_up() relies on SCF_MILESTONE_SINGLE_USER being the first 222 * entry, which is only used when booting_to_single_user (boot -s) is set. 223 * This is because when doing a "boot -s", sulogin is started from specials.c 224 * after milestone/single-user comes online, for backwards compatibility. 225 * In this case, SCF_MILESTONE_SINGLE_USER needs to be part of up_svcs 226 * to ensure sulogin will be spawned if milestone/single-user cannot be reached. 227 */ 228 static const char * const up_svcs[] = { 229 SCF_MILESTONE_SINGLE_USER, 230 CONSOLE_LOGIN_FMRI, 231 "svc:/system/install-setup:default", 232 "svc:/system/install:default", 233 NULL 234 }; 235 236 /* This array must have an element for each non-NULL element of up_svcs[]. */ 237 static graph_vertex_t *up_svcs_p[] = { NULL, NULL, NULL, NULL }; 238 239 /* These are for seed repository magic. See can_come_up(). */ 240 static const char * const manifest_import = 241 "svc:/system/manifest-import:default"; 242 static graph_vertex_t *manifest_import_p = NULL; 243 244 245 static char target_milestone_as_runlevel(void); 246 static void graph_runlevel_changed(char rl, int online); 247 static int dgraph_set_milestone(const char *, scf_handle_t *, boolean_t); 248 static boolean_t should_be_in_subgraph(graph_vertex_t *v); 249 static int mark_subtree(graph_edge_t *, void *); 250 static boolean_t insubtree_dependents_down(graph_vertex_t *); 251 252 /* 253 * graph_vertex_compare() 254 * This function can compare either int *id or * graph_vertex_t *gv 255 * values, as the vertex id is always the first element of a 256 * graph_vertex structure. 257 */ 258 /* ARGSUSED */ 259 static int 260 graph_vertex_compare(const void *lc_arg, const void *rc_arg, void *private) 261 { 262 int lc_id = ((const graph_vertex_t *)lc_arg)->gv_id; 263 int rc_id = *(int *)rc_arg; 264 265 if (lc_id > rc_id) 266 return (1); 267 if (lc_id < rc_id) 268 return (-1); 269 return (0); 270 } 271 272 void 273 graph_init() 274 { 275 graph_edge_pool = startd_list_pool_create("graph_edges", 276 sizeof (graph_edge_t), offsetof(graph_edge_t, ge_link), NULL, 277 UU_LIST_POOL_DEBUG); 278 assert(graph_edge_pool != NULL); 279 280 graph_vertex_pool = startd_list_pool_create("graph_vertices", 281 sizeof (graph_vertex_t), offsetof(graph_vertex_t, gv_link), 282 graph_vertex_compare, UU_LIST_POOL_DEBUG); 283 assert(graph_vertex_pool != NULL); 284 285 (void) pthread_mutex_init(&dgraph_lock, &mutex_attrs); 286 (void) pthread_mutex_init(&single_user_thread_lock, &mutex_attrs); 287 dgraph = startd_list_create(graph_vertex_pool, NULL, UU_LIST_SORTED); 288 assert(dgraph != NULL); 289 290 if (!st->st_initial) 291 current_runlevel = utmpx_get_runlevel(); 292 293 log_framework(LOG_DEBUG, "Initialized graph\n"); 294 } 295 296 static graph_vertex_t * 297 vertex_get_by_name(const char *name) 298 { 299 int id; 300 301 assert(MUTEX_HELD(&dgraph_lock)); 302 303 id = dict_lookup_byname(name); 304 if (id == -1) 305 return (NULL); 306 307 return (uu_list_find(dgraph, &id, NULL, NULL)); 308 } 309 310 static graph_vertex_t * 311 vertex_get_by_id(int id) 312 { 313 assert(MUTEX_HELD(&dgraph_lock)); 314 315 if (id == -1) 316 return (NULL); 317 318 return (uu_list_find(dgraph, &id, NULL, NULL)); 319 } 320 321 /* 322 * Creates a new vertex with the given name, adds it to the graph, and returns 323 * a pointer to it. The graph lock must be held by this thread on entry. 324 */ 325 static graph_vertex_t * 326 graph_add_vertex(const char *name) 327 { 328 int id; 329 graph_vertex_t *v; 330 void *p; 331 uu_list_index_t idx; 332 333 assert(MUTEX_HELD(&dgraph_lock)); 334 335 id = dict_insert(name); 336 337 v = startd_zalloc(sizeof (*v)); 338 339 v->gv_id = id; 340 341 v->gv_name = startd_alloc(strlen(name) + 1); 342 (void) strcpy(v->gv_name, name); 343 344 v->gv_dependencies = startd_list_create(graph_edge_pool, v, 0); 345 v->gv_dependents = startd_list_create(graph_edge_pool, v, 0); 346 347 p = uu_list_find(dgraph, &id, NULL, &idx); 348 assert(p == NULL); 349 350 uu_list_node_init(v, &v->gv_link, graph_vertex_pool); 351 uu_list_insert(dgraph, v, idx); 352 353 return (v); 354 } 355 356 /* 357 * Removes v from the graph and frees it. The graph should be locked by this 358 * thread, and v should have no edges associated with it. 359 */ 360 static void 361 graph_remove_vertex(graph_vertex_t *v) 362 { 363 assert(MUTEX_HELD(&dgraph_lock)); 364 365 assert(uu_list_numnodes(v->gv_dependencies) == 0); 366 assert(uu_list_numnodes(v->gv_dependents) == 0); 367 assert(v->gv_refs == 0); 368 369 startd_free(v->gv_name, strlen(v->gv_name) + 1); 370 uu_list_destroy(v->gv_dependencies); 371 uu_list_destroy(v->gv_dependents); 372 uu_list_remove(dgraph, v); 373 374 startd_free(v, sizeof (graph_vertex_t)); 375 } 376 377 static void 378 graph_add_edge(graph_vertex_t *fv, graph_vertex_t *tv) 379 { 380 graph_edge_t *e, *re; 381 int r; 382 383 assert(MUTEX_HELD(&dgraph_lock)); 384 385 e = startd_alloc(sizeof (graph_edge_t)); 386 re = startd_alloc(sizeof (graph_edge_t)); 387 388 e->ge_parent = fv; 389 e->ge_vertex = tv; 390 391 re->ge_parent = tv; 392 re->ge_vertex = fv; 393 394 uu_list_node_init(e, &e->ge_link, graph_edge_pool); 395 r = uu_list_insert_before(fv->gv_dependencies, NULL, e); 396 assert(r == 0); 397 398 uu_list_node_init(re, &re->ge_link, graph_edge_pool); 399 r = uu_list_insert_before(tv->gv_dependents, NULL, re); 400 assert(r == 0); 401 } 402 403 static void 404 graph_remove_edge(graph_vertex_t *v, graph_vertex_t *dv) 405 { 406 graph_edge_t *e; 407 408 for (e = uu_list_first(v->gv_dependencies); 409 e != NULL; 410 e = uu_list_next(v->gv_dependencies, e)) { 411 if (e->ge_vertex == dv) { 412 uu_list_remove(v->gv_dependencies, e); 413 startd_free(e, sizeof (graph_edge_t)); 414 break; 415 } 416 } 417 418 for (e = uu_list_first(dv->gv_dependents); 419 e != NULL; 420 e = uu_list_next(dv->gv_dependents, e)) { 421 if (e->ge_vertex == v) { 422 uu_list_remove(dv->gv_dependents, e); 423 startd_free(e, sizeof (graph_edge_t)); 424 break; 425 } 426 } 427 } 428 429 static void 430 remove_inst_vertex(graph_vertex_t *v) 431 { 432 graph_edge_t *e; 433 graph_vertex_t *sv; 434 int i; 435 436 assert(MUTEX_HELD(&dgraph_lock)); 437 assert(uu_list_numnodes(v->gv_dependents) == 1); 438 assert(uu_list_numnodes(v->gv_dependencies) == 0); 439 assert(v->gv_refs == 0); 440 assert((v->gv_flags & GV_CONFIGURED) == 0); 441 442 e = uu_list_first(v->gv_dependents); 443 sv = e->ge_vertex; 444 graph_remove_edge(sv, v); 445 446 for (i = 0; up_svcs[i] != NULL; ++i) { 447 if (up_svcs_p[i] == v) 448 up_svcs_p[i] = NULL; 449 } 450 451 if (manifest_import_p == v) 452 manifest_import_p = NULL; 453 454 graph_remove_vertex(v); 455 456 if (uu_list_numnodes(sv->gv_dependencies) == 0 && 457 uu_list_numnodes(sv->gv_dependents) == 0 && 458 sv->gv_refs == 0) 459 graph_remove_vertex(sv); 460 } 461 462 static void 463 graph_walk_dependents(graph_vertex_t *v, void (*func)(graph_vertex_t *, void *), 464 void *arg) 465 { 466 graph_edge_t *e; 467 468 for (e = uu_list_first(v->gv_dependents); 469 e != NULL; 470 e = uu_list_next(v->gv_dependents, e)) 471 func(e->ge_vertex, arg); 472 } 473 474 static void 475 graph_walk_dependencies(graph_vertex_t *v, void (*func)(graph_vertex_t *, 476 void *), void *arg) 477 { 478 graph_edge_t *e; 479 480 assert(MUTEX_HELD(&dgraph_lock)); 481 482 for (e = uu_list_first(v->gv_dependencies); 483 e != NULL; 484 e = uu_list_next(v->gv_dependencies, e)) { 485 486 func(e->ge_vertex, arg); 487 } 488 } 489 490 /* 491 * Generic graph walking function. 492 * 493 * Given a vertex, this function will walk either dependencies 494 * (WALK_DEPENDENCIES) or dependents (WALK_DEPENDENTS) of a vertex recursively 495 * for the entire graph. It will avoid cycles and never visit the same vertex 496 * twice. 497 * 498 * We avoid traversing exclusion dependencies, because they are allowed to 499 * create cycles in the graph. When propagating satisfiability, there is no 500 * need to walk exclusion dependencies because exclude_all_satisfied() doesn't 501 * test for satisfiability. 502 * 503 * The walker takes two callbacks. The first is called before examining the 504 * dependents of each vertex. The second is called on each vertex after 505 * examining its dependents. This allows is_path_to() to construct a path only 506 * after the target vertex has been found. 507 */ 508 typedef enum { 509 WALK_DEPENDENTS, 510 WALK_DEPENDENCIES 511 } graph_walk_dir_t; 512 513 typedef int (*graph_walk_cb_t)(graph_vertex_t *, void *); 514 515 typedef struct graph_walk_info { 516 graph_walk_dir_t gi_dir; 517 uchar_t *gi_visited; /* vertex bitmap */ 518 int (*gi_pre)(graph_vertex_t *, void *); 519 void (*gi_post)(graph_vertex_t *, void *); 520 void *gi_arg; /* callback arg */ 521 int gi_ret; /* return value */ 522 } graph_walk_info_t; 523 524 static int 525 graph_walk_recurse(graph_edge_t *e, graph_walk_info_t *gip) 526 { 527 uu_list_t *list; 528 int r; 529 graph_vertex_t *v = e->ge_vertex; 530 int i; 531 uint_t b; 532 533 i = v->gv_id / 8; 534 b = 1 << (v->gv_id % 8); 535 536 /* 537 * Check to see if we've visited this vertex already. 538 */ 539 if (gip->gi_visited[i] & b) 540 return (UU_WALK_NEXT); 541 542 gip->gi_visited[i] |= b; 543 544 /* 545 * Don't follow exclusions. 546 */ 547 if (v->gv_type == GVT_GROUP && v->gv_depgroup == DEPGRP_EXCLUDE_ALL) 548 return (UU_WALK_NEXT); 549 550 /* 551 * Call pre-visit callback. If this doesn't terminate the walk, 552 * continue search. 553 */ 554 if ((gip->gi_ret = gip->gi_pre(v, gip->gi_arg)) == UU_WALK_NEXT) { 555 /* 556 * Recurse using appropriate list. 557 */ 558 if (gip->gi_dir == WALK_DEPENDENTS) 559 list = v->gv_dependents; 560 else 561 list = v->gv_dependencies; 562 563 r = uu_list_walk(list, (uu_walk_fn_t *)graph_walk_recurse, 564 gip, 0); 565 assert(r == 0); 566 } 567 568 /* 569 * Callbacks must return either UU_WALK_NEXT or UU_WALK_DONE. 570 */ 571 assert(gip->gi_ret == UU_WALK_NEXT || gip->gi_ret == UU_WALK_DONE); 572 573 /* 574 * If given a post-callback, call the function for every vertex. 575 */ 576 if (gip->gi_post != NULL) 577 (void) gip->gi_post(v, gip->gi_arg); 578 579 /* 580 * Preserve the callback's return value. If the callback returns 581 * UU_WALK_DONE, then we propagate that to the caller in order to 582 * terminate the walk. 583 */ 584 return (gip->gi_ret); 585 } 586 587 static void 588 graph_walk(graph_vertex_t *v, graph_walk_dir_t dir, 589 int (*pre)(graph_vertex_t *, void *), 590 void (*post)(graph_vertex_t *, void *), void *arg) 591 { 592 graph_walk_info_t gi; 593 graph_edge_t fake; 594 size_t sz = dictionary->dict_new_id / 8 + 1; 595 596 gi.gi_visited = startd_zalloc(sz); 597 gi.gi_pre = pre; 598 gi.gi_post = post; 599 gi.gi_arg = arg; 600 gi.gi_dir = dir; 601 gi.gi_ret = 0; 602 603 /* 604 * Fake up an edge for the first iteration 605 */ 606 fake.ge_vertex = v; 607 (void) graph_walk_recurse(&fake, &gi); 608 609 startd_free(gi.gi_visited, sz); 610 } 611 612 typedef struct child_search { 613 int id; /* id of vertex to look for */ 614 uint_t depth; /* recursion depth */ 615 /* 616 * While the vertex is not found, path is NULL. After the search, if 617 * the vertex was found then path should point to a -1-terminated 618 * array of vertex id's which constitute the path to the vertex. 619 */ 620 int *path; 621 } child_search_t; 622 623 static int 624 child_pre(graph_vertex_t *v, void *arg) 625 { 626 child_search_t *cs = arg; 627 628 cs->depth++; 629 630 if (v->gv_id == cs->id) { 631 cs->path = startd_alloc((cs->depth + 1) * sizeof (int)); 632 cs->path[cs->depth] = -1; 633 return (UU_WALK_DONE); 634 } 635 636 return (UU_WALK_NEXT); 637 } 638 639 static void 640 child_post(graph_vertex_t *v, void *arg) 641 { 642 child_search_t *cs = arg; 643 644 cs->depth--; 645 646 if (cs->path != NULL) 647 cs->path[cs->depth] = v->gv_id; 648 } 649 650 /* 651 * Look for a path from from to to. If one exists, returns a pointer to 652 * a NULL-terminated array of pointers to the vertices along the path. If 653 * there is no path, returns NULL. 654 */ 655 static int * 656 is_path_to(graph_vertex_t *from, graph_vertex_t *to) 657 { 658 child_search_t cs; 659 660 cs.id = to->gv_id; 661 cs.depth = 0; 662 cs.path = NULL; 663 664 graph_walk(from, WALK_DEPENDENCIES, child_pre, child_post, &cs); 665 666 return (cs.path); 667 } 668 669 /* 670 * Given an array of int's as returned by is_path_to, allocates a string of 671 * their names joined by newlines. Returns the size of the allocated buffer 672 * in *sz and frees path. 673 */ 674 static void 675 path_to_str(int *path, char **cpp, size_t *sz) 676 { 677 int i; 678 graph_vertex_t *v; 679 size_t allocd, new_allocd; 680 char *new, *name; 681 682 assert(MUTEX_HELD(&dgraph_lock)); 683 assert(path[0] != -1); 684 685 allocd = 1; 686 *cpp = startd_alloc(1); 687 (*cpp)[0] = '\0'; 688 689 for (i = 0; path[i] != -1; ++i) { 690 name = NULL; 691 692 v = vertex_get_by_id(path[i]); 693 694 if (v == NULL) 695 name = "<deleted>"; 696 else if (v->gv_type == GVT_INST || v->gv_type == GVT_SVC) 697 name = v->gv_name; 698 699 if (name != NULL) { 700 new_allocd = allocd + strlen(name) + 1; 701 new = startd_alloc(new_allocd); 702 (void) strcpy(new, *cpp); 703 (void) strcat(new, name); 704 (void) strcat(new, "\n"); 705 706 startd_free(*cpp, allocd); 707 708 *cpp = new; 709 allocd = new_allocd; 710 } 711 } 712 713 startd_free(path, sizeof (int) * (i + 1)); 714 715 *sz = allocd; 716 } 717 718 719 /* 720 * This function along with run_sulogin() implements an exclusion relationship 721 * between system/console-login and sulogin. run_sulogin() will fail if 722 * system/console-login is online, and the graph engine should call 723 * graph_clogin_start() to bring system/console-login online, which defers the 724 * start if sulogin is running. 725 */ 726 static void 727 graph_clogin_start(graph_vertex_t *v) 728 { 729 assert(MUTEX_HELD(&dgraph_lock)); 730 731 if (sulogin_running) 732 console_login_ready = B_TRUE; 733 else 734 vertex_send_event(v, RESTARTER_EVENT_TYPE_START); 735 } 736 737 static void 738 graph_su_start(graph_vertex_t *v) 739 { 740 /* 741 * /etc/inittab used to have the initial /sbin/rcS as a 'sysinit' 742 * entry with a runlevel of 'S', before jumping to the final 743 * target runlevel (as set in initdefault). We mimic that legacy 744 * behavior here. 745 */ 746 utmpx_set_runlevel('S', '0', B_FALSE); 747 vertex_send_event(v, RESTARTER_EVENT_TYPE_START); 748 } 749 750 static void 751 graph_post_su_online(void) 752 { 753 graph_runlevel_changed('S', 1); 754 } 755 756 static void 757 graph_post_su_disable(void) 758 { 759 graph_runlevel_changed('S', 0); 760 } 761 762 static void 763 graph_post_mu_online(void) 764 { 765 graph_runlevel_changed('2', 1); 766 } 767 768 static void 769 graph_post_mu_disable(void) 770 { 771 graph_runlevel_changed('2', 0); 772 } 773 774 static void 775 graph_post_mus_online(void) 776 { 777 graph_runlevel_changed('3', 1); 778 } 779 780 static void 781 graph_post_mus_disable(void) 782 { 783 graph_runlevel_changed('3', 0); 784 } 785 786 static struct special_vertex_info { 787 const char *name; 788 void (*start_f)(graph_vertex_t *); 789 void (*post_online_f)(void); 790 void (*post_disable_f)(void); 791 } special_vertices[] = { 792 { CONSOLE_LOGIN_FMRI, graph_clogin_start, NULL, NULL }, 793 { SCF_MILESTONE_SINGLE_USER, graph_su_start, 794 graph_post_su_online, graph_post_su_disable }, 795 { SCF_MILESTONE_MULTI_USER, NULL, 796 graph_post_mu_online, graph_post_mu_disable }, 797 { SCF_MILESTONE_MULTI_USER_SERVER, NULL, 798 graph_post_mus_online, graph_post_mus_disable }, 799 { NULL }, 800 }; 801 802 803 void 804 vertex_send_event(graph_vertex_t *v, restarter_event_type_t e) 805 { 806 switch (e) { 807 case RESTARTER_EVENT_TYPE_ADD_INSTANCE: 808 assert(v->gv_state == RESTARTER_STATE_UNINIT); 809 810 MUTEX_LOCK(&st->st_load_lock); 811 st->st_load_instances++; 812 MUTEX_UNLOCK(&st->st_load_lock); 813 break; 814 815 case RESTARTER_EVENT_TYPE_ENABLE: 816 log_framework(LOG_DEBUG, "Enabling %s.\n", v->gv_name); 817 assert(v->gv_state == RESTARTER_STATE_UNINIT || 818 v->gv_state == RESTARTER_STATE_DISABLED || 819 v->gv_state == RESTARTER_STATE_MAINT); 820 break; 821 822 case RESTARTER_EVENT_TYPE_DISABLE: 823 case RESTARTER_EVENT_TYPE_ADMIN_DISABLE: 824 log_framework(LOG_DEBUG, "Disabling %s.\n", v->gv_name); 825 assert(v->gv_state != RESTARTER_STATE_DISABLED); 826 break; 827 828 case RESTARTER_EVENT_TYPE_STOP_RESET: 829 case RESTARTER_EVENT_TYPE_STOP: 830 log_framework(LOG_DEBUG, "Stopping %s.\n", v->gv_name); 831 assert(v->gv_state == RESTARTER_STATE_DEGRADED || 832 v->gv_state == RESTARTER_STATE_ONLINE); 833 break; 834 835 case RESTARTER_EVENT_TYPE_START: 836 log_framework(LOG_DEBUG, "Starting %s.\n", v->gv_name); 837 assert(v->gv_state == RESTARTER_STATE_OFFLINE); 838 break; 839 840 case RESTARTER_EVENT_TYPE_REMOVE_INSTANCE: 841 case RESTARTER_EVENT_TYPE_ADMIN_DEGRADED: 842 case RESTARTER_EVENT_TYPE_ADMIN_REFRESH: 843 case RESTARTER_EVENT_TYPE_ADMIN_RESTART: 844 case RESTARTER_EVENT_TYPE_ADMIN_MAINT_OFF: 845 case RESTARTER_EVENT_TYPE_ADMIN_MAINT_ON: 846 case RESTARTER_EVENT_TYPE_ADMIN_MAINT_ON_IMMEDIATE: 847 case RESTARTER_EVENT_TYPE_DEPENDENCY_CYCLE: 848 case RESTARTER_EVENT_TYPE_INVALID_DEPENDENCY: 849 break; 850 851 default: 852 #ifndef NDEBUG 853 uu_warn("%s:%d: Bad event %d.\n", __FILE__, __LINE__, e); 854 #endif 855 abort(); 856 } 857 858 restarter_protocol_send_event(v->gv_name, v->gv_restarter_channel, e); 859 } 860 861 static void 862 graph_unset_restarter(graph_vertex_t *v) 863 { 864 assert(MUTEX_HELD(&dgraph_lock)); 865 assert(v->gv_flags & GV_CONFIGURED); 866 867 vertex_send_event(v, RESTARTER_EVENT_TYPE_REMOVE_INSTANCE); 868 869 if (v->gv_restarter_id != -1) { 870 graph_vertex_t *rv; 871 872 rv = vertex_get_by_id(v->gv_restarter_id); 873 graph_remove_edge(v, rv); 874 } 875 876 v->gv_restarter_id = -1; 877 v->gv_restarter_channel = NULL; 878 } 879 880 /* 881 * Return VERTEX_REMOVED when the vertex passed in argument is deleted from the 882 * dgraph otherwise return VERTEX_INUSE. 883 */ 884 static int 885 free_if_unrefed(graph_vertex_t *v) 886 { 887 assert(MUTEX_HELD(&dgraph_lock)); 888 889 if (v->gv_refs > 0) 890 return (VERTEX_INUSE); 891 892 if (v->gv_type == GVT_SVC && 893 uu_list_numnodes(v->gv_dependents) == 0 && 894 uu_list_numnodes(v->gv_dependencies) == 0) { 895 graph_remove_vertex(v); 896 return (VERTEX_REMOVED); 897 } else if (v->gv_type == GVT_INST && 898 (v->gv_flags & GV_CONFIGURED) == 0 && 899 uu_list_numnodes(v->gv_dependents) == 1 && 900 uu_list_numnodes(v->gv_dependencies) == 0) { 901 remove_inst_vertex(v); 902 return (VERTEX_REMOVED); 903 } 904 905 return (VERTEX_INUSE); 906 } 907 908 static void 909 delete_depgroup(graph_vertex_t *v) 910 { 911 graph_edge_t *e; 912 graph_vertex_t *dv; 913 914 assert(MUTEX_HELD(&dgraph_lock)); 915 assert(v->gv_type == GVT_GROUP); 916 assert(uu_list_numnodes(v->gv_dependents) == 0); 917 918 while ((e = uu_list_first(v->gv_dependencies)) != NULL) { 919 dv = e->ge_vertex; 920 921 graph_remove_edge(v, dv); 922 923 switch (dv->gv_type) { 924 case GVT_INST: /* instance dependency */ 925 case GVT_SVC: /* service dependency */ 926 (void) free_if_unrefed(dv); 927 break; 928 929 case GVT_FILE: /* file dependency */ 930 assert(uu_list_numnodes(dv->gv_dependencies) == 0); 931 if (uu_list_numnodes(dv->gv_dependents) == 0) 932 graph_remove_vertex(dv); 933 break; 934 935 default: 936 #ifndef NDEBUG 937 uu_warn("%s:%d: Unexpected node type %d", __FILE__, 938 __LINE__, dv->gv_type); 939 #endif 940 abort(); 941 } 942 } 943 944 graph_remove_vertex(v); 945 } 946 947 static int 948 delete_instance_deps_cb(graph_edge_t *e, void **ptrs) 949 { 950 graph_vertex_t *v = ptrs[0]; 951 boolean_t delete_restarter_dep = (boolean_t)ptrs[1]; 952 graph_vertex_t *dv; 953 954 dv = e->ge_vertex; 955 956 /* 957 * We have four possibilities here: 958 * - GVT_INST: restarter 959 * - GVT_GROUP - GVT_INST: instance dependency 960 * - GVT_GROUP - GVT_SVC - GV_INST: service dependency 961 * - GVT_GROUP - GVT_FILE: file dependency 962 */ 963 switch (dv->gv_type) { 964 case GVT_INST: /* restarter */ 965 assert(dv->gv_id == v->gv_restarter_id); 966 if (delete_restarter_dep) 967 graph_remove_edge(v, dv); 968 break; 969 970 case GVT_GROUP: /* pg dependency */ 971 graph_remove_edge(v, dv); 972 delete_depgroup(dv); 973 break; 974 975 case GVT_FILE: 976 /* These are currently not direct dependencies */ 977 978 default: 979 #ifndef NDEBUG 980 uu_warn("%s:%d: Bad vertex type %d.\n", __FILE__, __LINE__, 981 dv->gv_type); 982 #endif 983 abort(); 984 } 985 986 return (UU_WALK_NEXT); 987 } 988 989 static void 990 delete_instance_dependencies(graph_vertex_t *v, boolean_t delete_restarter_dep) 991 { 992 void *ptrs[2]; 993 int r; 994 995 assert(MUTEX_HELD(&dgraph_lock)); 996 assert(v->gv_type == GVT_INST); 997 998 ptrs[0] = v; 999 ptrs[1] = (void *)delete_restarter_dep; 1000 1001 r = uu_list_walk(v->gv_dependencies, 1002 (uu_walk_fn_t *)delete_instance_deps_cb, &ptrs, UU_WALK_ROBUST); 1003 assert(r == 0); 1004 } 1005 1006 /* 1007 * int graph_insert_vertex_unconfigured() 1008 * Insert a vertex without sending any restarter events. If the vertex 1009 * already exists or creation is successful, return a pointer to it in *vp. 1010 * 1011 * If type is not GVT_GROUP, dt can remain unset. 1012 * 1013 * Returns 0, EEXIST, or EINVAL if the arguments are invalid (i.e., fmri 1014 * doesn't agree with type, or type doesn't agree with dt). 1015 */ 1016 static int 1017 graph_insert_vertex_unconfigured(const char *fmri, gv_type_t type, 1018 depgroup_type_t dt, restarter_error_t rt, graph_vertex_t **vp) 1019 { 1020 int r; 1021 int i; 1022 1023 assert(MUTEX_HELD(&dgraph_lock)); 1024 1025 switch (type) { 1026 case GVT_SVC: 1027 case GVT_INST: 1028 if (strncmp(fmri, "svc:", sizeof ("svc:") - 1) != 0) 1029 return (EINVAL); 1030 break; 1031 1032 case GVT_FILE: 1033 if (strncmp(fmri, "file:", sizeof ("file:") - 1) != 0) 1034 return (EINVAL); 1035 break; 1036 1037 case GVT_GROUP: 1038 if (dt <= 0 || rt < 0) 1039 return (EINVAL); 1040 break; 1041 1042 default: 1043 #ifndef NDEBUG 1044 uu_warn("%s:%d: Unknown type %d.\n", __FILE__, __LINE__, type); 1045 #endif 1046 abort(); 1047 } 1048 1049 *vp = vertex_get_by_name(fmri); 1050 if (*vp != NULL) 1051 return (EEXIST); 1052 1053 *vp = graph_add_vertex(fmri); 1054 1055 (*vp)->gv_type = type; 1056 (*vp)->gv_depgroup = dt; 1057 (*vp)->gv_restart = rt; 1058 1059 (*vp)->gv_flags = 0; 1060 (*vp)->gv_state = RESTARTER_STATE_NONE; 1061 1062 for (i = 0; special_vertices[i].name != NULL; ++i) { 1063 if (strcmp(fmri, special_vertices[i].name) == 0) { 1064 (*vp)->gv_start_f = special_vertices[i].start_f; 1065 (*vp)->gv_post_online_f = 1066 special_vertices[i].post_online_f; 1067 (*vp)->gv_post_disable_f = 1068 special_vertices[i].post_disable_f; 1069 break; 1070 } 1071 } 1072 1073 (*vp)->gv_restarter_id = -1; 1074 (*vp)->gv_restarter_channel = 0; 1075 1076 if (type == GVT_INST) { 1077 char *sfmri; 1078 graph_vertex_t *sv; 1079 1080 sfmri = inst_fmri_to_svc_fmri(fmri); 1081 sv = vertex_get_by_name(sfmri); 1082 if (sv == NULL) { 1083 r = graph_insert_vertex_unconfigured(sfmri, GVT_SVC, 0, 1084 0, &sv); 1085 assert(r == 0); 1086 } 1087 startd_free(sfmri, max_scf_fmri_size); 1088 1089 graph_add_edge(sv, *vp); 1090 } 1091 1092 /* 1093 * If this vertex is in the subgraph, mark it as so, for both 1094 * GVT_INST and GVT_SERVICE verteces. 1095 * A GVT_SERVICE vertex can only be in the subgraph if another instance 1096 * depends on it, in which case it's already been added to the graph 1097 * and marked as in the subgraph (by refresh_vertex()). If a 1098 * GVT_SERVICE vertex was freshly added (by the code above), it means 1099 * that it has no dependents, and cannot be in the subgraph. 1100 * Regardless of this, we still check that gv_flags includes 1101 * GV_INSUBGRAPH in the event that future behavior causes the above 1102 * code to add a GVT_SERVICE vertex which should be in the subgraph. 1103 */ 1104 1105 (*vp)->gv_flags |= (should_be_in_subgraph(*vp)? GV_INSUBGRAPH : 0); 1106 1107 return (0); 1108 } 1109 1110 /* 1111 * Returns 0 on success or ELOOP if the dependency would create a cycle. 1112 */ 1113 static int 1114 graph_insert_dependency(graph_vertex_t *fv, graph_vertex_t *tv, int **pathp) 1115 { 1116 hrtime_t now; 1117 1118 assert(MUTEX_HELD(&dgraph_lock)); 1119 1120 /* cycle detection */ 1121 now = gethrtime(); 1122 1123 /* Don't follow exclusions. */ 1124 if (!(fv->gv_type == GVT_GROUP && 1125 fv->gv_depgroup == DEPGRP_EXCLUDE_ALL)) { 1126 *pathp = is_path_to(tv, fv); 1127 if (*pathp) 1128 return (ELOOP); 1129 } 1130 1131 dep_cycle_ns += gethrtime() - now; 1132 ++dep_inserts; 1133 now = gethrtime(); 1134 1135 graph_add_edge(fv, tv); 1136 1137 dep_insert_ns += gethrtime() - now; 1138 1139 /* Check if the dependency adds the "to" vertex to the subgraph */ 1140 tv->gv_flags |= (should_be_in_subgraph(tv) ? GV_INSUBGRAPH : 0); 1141 1142 return (0); 1143 } 1144 1145 static int 1146 inst_running(graph_vertex_t *v) 1147 { 1148 assert(v->gv_type == GVT_INST); 1149 1150 if (v->gv_state == RESTARTER_STATE_ONLINE || 1151 v->gv_state == RESTARTER_STATE_DEGRADED) 1152 return (1); 1153 1154 return (0); 1155 } 1156 1157 /* 1158 * The dependency evaluation functions return 1159 * 1 - dependency satisfied 1160 * 0 - dependency unsatisfied 1161 * -1 - dependency unsatisfiable (without administrator intervention) 1162 * 1163 * The functions also take a boolean satbility argument. When true, the 1164 * functions may recurse in order to determine satisfiability. 1165 */ 1166 static int require_any_satisfied(graph_vertex_t *, boolean_t); 1167 static int dependency_satisfied(graph_vertex_t *, boolean_t); 1168 1169 /* 1170 * A require_all dependency is unsatisfied if any elements are unsatisfied. It 1171 * is unsatisfiable if any elements are unsatisfiable. 1172 */ 1173 static int 1174 require_all_satisfied(graph_vertex_t *groupv, boolean_t satbility) 1175 { 1176 graph_edge_t *edge; 1177 int i; 1178 boolean_t any_unsatisfied; 1179 1180 if (uu_list_numnodes(groupv->gv_dependencies) == 0) 1181 return (1); 1182 1183 any_unsatisfied = B_FALSE; 1184 1185 for (edge = uu_list_first(groupv->gv_dependencies); 1186 edge != NULL; 1187 edge = uu_list_next(groupv->gv_dependencies, edge)) { 1188 i = dependency_satisfied(edge->ge_vertex, satbility); 1189 if (i == 1) 1190 continue; 1191 1192 log_framework2(LOG_DEBUG, DEBUG_DEPENDENCIES, 1193 "require_all(%s): %s is unsatisfi%s.\n", groupv->gv_name, 1194 edge->ge_vertex->gv_name, i == 0 ? "ed" : "able"); 1195 1196 if (!satbility) 1197 return (0); 1198 1199 if (i == -1) 1200 return (-1); 1201 1202 any_unsatisfied = B_TRUE; 1203 } 1204 1205 return (any_unsatisfied ? 0 : 1); 1206 } 1207 1208 /* 1209 * A require_any dependency is satisfied if any element is satisfied. It is 1210 * satisfiable if any element is satisfiable. 1211 */ 1212 static int 1213 require_any_satisfied(graph_vertex_t *groupv, boolean_t satbility) 1214 { 1215 graph_edge_t *edge; 1216 int s; 1217 boolean_t satisfiable; 1218 1219 if (uu_list_numnodes(groupv->gv_dependencies) == 0) 1220 return (1); 1221 1222 satisfiable = B_FALSE; 1223 1224 for (edge = uu_list_first(groupv->gv_dependencies); 1225 edge != NULL; 1226 edge = uu_list_next(groupv->gv_dependencies, edge)) { 1227 s = dependency_satisfied(edge->ge_vertex, satbility); 1228 1229 if (s == 1) 1230 return (1); 1231 1232 log_framework2(LOG_DEBUG, DEBUG_DEPENDENCIES, 1233 "require_any(%s): %s is unsatisfi%s.\n", 1234 groupv->gv_name, edge->ge_vertex->gv_name, 1235 s == 0 ? "ed" : "able"); 1236 1237 if (satbility && s == 0) 1238 satisfiable = B_TRUE; 1239 } 1240 1241 return (!satbility || satisfiable ? 0 : -1); 1242 } 1243 1244 /* 1245 * An optional_all dependency only considers elements which are configured, 1246 * enabled, and not in maintenance. If any are unsatisfied, then the dependency 1247 * is unsatisfied. 1248 * 1249 * Offline dependencies which are waiting for a dependency to come online are 1250 * unsatisfied. Offline dependences which cannot possibly come online 1251 * (unsatisfiable) are always considered satisfied. 1252 */ 1253 static int 1254 optional_all_satisfied(graph_vertex_t *groupv, boolean_t satbility) 1255 { 1256 graph_edge_t *edge; 1257 graph_vertex_t *v; 1258 boolean_t any_qualified; 1259 boolean_t any_unsatisfied; 1260 int i; 1261 1262 any_qualified = B_FALSE; 1263 any_unsatisfied = B_FALSE; 1264 1265 for (edge = uu_list_first(groupv->gv_dependencies); 1266 edge != NULL; 1267 edge = uu_list_next(groupv->gv_dependencies, edge)) { 1268 v = edge->ge_vertex; 1269 1270 switch (v->gv_type) { 1271 case GVT_INST: 1272 /* Skip missing or disabled instances */ 1273 if ((v->gv_flags & (GV_CONFIGURED | GV_ENABLED)) != 1274 (GV_CONFIGURED | GV_ENABLED)) 1275 continue; 1276 1277 if (v->gv_state == RESTARTER_STATE_MAINT) 1278 continue; 1279 1280 if (v->gv_flags & GV_TOOFFLINE) 1281 continue; 1282 1283 any_qualified = B_TRUE; 1284 if (v->gv_state == RESTARTER_STATE_OFFLINE) { 1285 /* 1286 * For offline dependencies, treat unsatisfiable 1287 * as satisfied. 1288 */ 1289 i = dependency_satisfied(v, B_TRUE); 1290 if (i == -1) 1291 i = 1; 1292 } else if (v->gv_state == RESTARTER_STATE_DISABLED) { 1293 /* 1294 * The service is enabled, but hasn't 1295 * transitioned out of disabled yet. Treat it 1296 * as unsatisfied (not unsatisfiable). 1297 */ 1298 i = 0; 1299 } else { 1300 i = dependency_satisfied(v, satbility); 1301 } 1302 break; 1303 1304 case GVT_FILE: 1305 any_qualified = B_TRUE; 1306 i = dependency_satisfied(v, satbility); 1307 1308 break; 1309 1310 case GVT_SVC: { 1311 boolean_t svc_any_qualified; 1312 boolean_t svc_satisfied; 1313 boolean_t svc_satisfiable; 1314 graph_vertex_t *v2; 1315 graph_edge_t *e2; 1316 1317 svc_any_qualified = B_FALSE; 1318 svc_satisfied = B_FALSE; 1319 svc_satisfiable = B_FALSE; 1320 1321 for (e2 = uu_list_first(v->gv_dependencies); 1322 e2 != NULL; 1323 e2 = uu_list_next(v->gv_dependencies, e2)) { 1324 v2 = e2->ge_vertex; 1325 assert(v2->gv_type == GVT_INST); 1326 1327 if ((v2->gv_flags & 1328 (GV_CONFIGURED | GV_ENABLED)) != 1329 (GV_CONFIGURED | GV_ENABLED)) 1330 continue; 1331 1332 if (v2->gv_state == RESTARTER_STATE_MAINT) 1333 continue; 1334 1335 if (v2->gv_flags & GV_TOOFFLINE) 1336 continue; 1337 1338 svc_any_qualified = B_TRUE; 1339 1340 if (v2->gv_state == RESTARTER_STATE_OFFLINE) { 1341 /* 1342 * For offline dependencies, treat 1343 * unsatisfiable as satisfied. 1344 */ 1345 i = dependency_satisfied(v2, B_TRUE); 1346 if (i == -1) 1347 i = 1; 1348 } else if (v2->gv_state == 1349 RESTARTER_STATE_DISABLED) { 1350 i = 0; 1351 } else { 1352 i = dependency_satisfied(v2, satbility); 1353 } 1354 1355 if (i == 1) { 1356 svc_satisfied = B_TRUE; 1357 break; 1358 } 1359 if (i == 0) 1360 svc_satisfiable = B_TRUE; 1361 } 1362 1363 if (!svc_any_qualified) 1364 continue; 1365 any_qualified = B_TRUE; 1366 if (svc_satisfied) { 1367 i = 1; 1368 } else if (svc_satisfiable) { 1369 i = 0; 1370 } else { 1371 i = -1; 1372 } 1373 break; 1374 } 1375 1376 case GVT_GROUP: 1377 default: 1378 #ifndef NDEBUG 1379 uu_warn("%s:%d: Unexpected vertex type %d.\n", __FILE__, 1380 __LINE__, v->gv_type); 1381 #endif 1382 abort(); 1383 } 1384 1385 if (i == 1) 1386 continue; 1387 1388 log_framework2(LOG_DEBUG, DEBUG_DEPENDENCIES, 1389 "optional_all(%s): %s is unsatisfi%s.\n", groupv->gv_name, 1390 v->gv_name, i == 0 ? "ed" : "able"); 1391 1392 if (!satbility) 1393 return (0); 1394 if (i == -1) 1395 return (-1); 1396 any_unsatisfied = B_TRUE; 1397 } 1398 1399 if (!any_qualified) 1400 return (1); 1401 1402 return (any_unsatisfied ? 0 : 1); 1403 } 1404 1405 /* 1406 * An exclude_all dependency is unsatisfied if any non-service element is 1407 * satisfied or any service instance which is configured, enabled, and not in 1408 * maintenance is satisfied. Usually when unsatisfied, it is also 1409 * unsatisfiable. 1410 */ 1411 #define LOG_EXCLUDE(u, v) \ 1412 log_framework2(LOG_DEBUG, DEBUG_DEPENDENCIES, \ 1413 "exclude_all(%s): %s is satisfied.\n", \ 1414 (u)->gv_name, (v)->gv_name) 1415 1416 /* ARGSUSED */ 1417 static int 1418 exclude_all_satisfied(graph_vertex_t *groupv, boolean_t satbility) 1419 { 1420 graph_edge_t *edge, *e2; 1421 graph_vertex_t *v, *v2; 1422 1423 for (edge = uu_list_first(groupv->gv_dependencies); 1424 edge != NULL; 1425 edge = uu_list_next(groupv->gv_dependencies, edge)) { 1426 v = edge->ge_vertex; 1427 1428 switch (v->gv_type) { 1429 case GVT_INST: 1430 if ((v->gv_flags & GV_CONFIGURED) == 0) 1431 continue; 1432 1433 switch (v->gv_state) { 1434 case RESTARTER_STATE_ONLINE: 1435 case RESTARTER_STATE_DEGRADED: 1436 LOG_EXCLUDE(groupv, v); 1437 return (v->gv_flags & GV_ENABLED ? -1 : 0); 1438 1439 case RESTARTER_STATE_OFFLINE: 1440 case RESTARTER_STATE_UNINIT: 1441 LOG_EXCLUDE(groupv, v); 1442 return (0); 1443 1444 case RESTARTER_STATE_DISABLED: 1445 case RESTARTER_STATE_MAINT: 1446 continue; 1447 1448 default: 1449 #ifndef NDEBUG 1450 uu_warn("%s:%d: Unexpected vertex state %d.\n", 1451 __FILE__, __LINE__, v->gv_state); 1452 #endif 1453 abort(); 1454 } 1455 /* NOTREACHED */ 1456 1457 case GVT_SVC: 1458 break; 1459 1460 case GVT_FILE: 1461 if (!file_ready(v)) 1462 continue; 1463 LOG_EXCLUDE(groupv, v); 1464 return (-1); 1465 1466 case GVT_GROUP: 1467 default: 1468 #ifndef NDEBUG 1469 uu_warn("%s:%d: Unexpected vertex type %d.\n", __FILE__, 1470 __LINE__, v->gv_type); 1471 #endif 1472 abort(); 1473 } 1474 1475 /* v represents a service */ 1476 if (uu_list_numnodes(v->gv_dependencies) == 0) 1477 continue; 1478 1479 for (e2 = uu_list_first(v->gv_dependencies); 1480 e2 != NULL; 1481 e2 = uu_list_next(v->gv_dependencies, e2)) { 1482 v2 = e2->ge_vertex; 1483 assert(v2->gv_type == GVT_INST); 1484 1485 if ((v2->gv_flags & GV_CONFIGURED) == 0) 1486 continue; 1487 1488 switch (v2->gv_state) { 1489 case RESTARTER_STATE_ONLINE: 1490 case RESTARTER_STATE_DEGRADED: 1491 LOG_EXCLUDE(groupv, v2); 1492 return (v2->gv_flags & GV_ENABLED ? -1 : 0); 1493 1494 case RESTARTER_STATE_OFFLINE: 1495 case RESTARTER_STATE_UNINIT: 1496 LOG_EXCLUDE(groupv, v2); 1497 return (0); 1498 1499 case RESTARTER_STATE_DISABLED: 1500 case RESTARTER_STATE_MAINT: 1501 continue; 1502 1503 default: 1504 #ifndef NDEBUG 1505 uu_warn("%s:%d: Unexpected vertex type %d.\n", 1506 __FILE__, __LINE__, v2->gv_type); 1507 #endif 1508 abort(); 1509 } 1510 } 1511 } 1512 1513 return (1); 1514 } 1515 1516 /* 1517 * int instance_satisfied() 1518 * Determine if all the dependencies are satisfied for the supplied instance 1519 * vertex. Return 1 if they are, 0 if they aren't, and -1 if they won't be 1520 * without administrator intervention. 1521 */ 1522 static int 1523 instance_satisfied(graph_vertex_t *v, boolean_t satbility) 1524 { 1525 assert(v->gv_type == GVT_INST); 1526 assert(!inst_running(v)); 1527 1528 return (require_all_satisfied(v, satbility)); 1529 } 1530 1531 /* 1532 * Decide whether v can satisfy a dependency. v can either be a child of 1533 * a group vertex, or of an instance vertex. 1534 */ 1535 static int 1536 dependency_satisfied(graph_vertex_t *v, boolean_t satbility) 1537 { 1538 switch (v->gv_type) { 1539 case GVT_INST: 1540 if ((v->gv_flags & GV_CONFIGURED) == 0) { 1541 if (v->gv_flags & GV_DEATHROW) { 1542 /* 1543 * A dependency on an instance with GV_DEATHROW 1544 * flag is always considered as satisfied. 1545 */ 1546 return (1); 1547 } 1548 return (-1); 1549 } 1550 1551 /* 1552 * Any vertex with the GV_TOOFFLINE flag set is guaranteed 1553 * to have its dependencies unsatisfiable. 1554 */ 1555 if (v->gv_flags & GV_TOOFFLINE) 1556 return (-1); 1557 1558 switch (v->gv_state) { 1559 case RESTARTER_STATE_ONLINE: 1560 case RESTARTER_STATE_DEGRADED: 1561 return (1); 1562 1563 case RESTARTER_STATE_OFFLINE: 1564 if (!satbility) 1565 return (0); 1566 return (instance_satisfied(v, satbility) != -1 ? 1567 0 : -1); 1568 1569 case RESTARTER_STATE_DISABLED: 1570 case RESTARTER_STATE_MAINT: 1571 return (-1); 1572 1573 case RESTARTER_STATE_UNINIT: 1574 return (0); 1575 1576 default: 1577 #ifndef NDEBUG 1578 uu_warn("%s:%d: Unexpected vertex state %d.\n", 1579 __FILE__, __LINE__, v->gv_state); 1580 #endif 1581 abort(); 1582 /* NOTREACHED */ 1583 } 1584 1585 case GVT_SVC: 1586 if (uu_list_numnodes(v->gv_dependencies) == 0) 1587 return (-1); 1588 return (require_any_satisfied(v, satbility)); 1589 1590 case GVT_FILE: 1591 /* i.e., we assume files will not be automatically generated */ 1592 return (file_ready(v) ? 1 : -1); 1593 1594 case GVT_GROUP: 1595 break; 1596 1597 default: 1598 #ifndef NDEBUG 1599 uu_warn("%s:%d: Unexpected node type %d.\n", __FILE__, __LINE__, 1600 v->gv_type); 1601 #endif 1602 abort(); 1603 /* NOTREACHED */ 1604 } 1605 1606 switch (v->gv_depgroup) { 1607 case DEPGRP_REQUIRE_ANY: 1608 return (require_any_satisfied(v, satbility)); 1609 1610 case DEPGRP_REQUIRE_ALL: 1611 return (require_all_satisfied(v, satbility)); 1612 1613 case DEPGRP_OPTIONAL_ALL: 1614 return (optional_all_satisfied(v, satbility)); 1615 1616 case DEPGRP_EXCLUDE_ALL: 1617 return (exclude_all_satisfied(v, satbility)); 1618 1619 default: 1620 #ifndef NDEBUG 1621 uu_warn("%s:%d: Unknown dependency grouping %d.\n", __FILE__, 1622 __LINE__, v->gv_depgroup); 1623 #endif 1624 abort(); 1625 } 1626 } 1627 1628 void 1629 graph_start_if_satisfied(graph_vertex_t *v) 1630 { 1631 if (v->gv_state == RESTARTER_STATE_OFFLINE && 1632 instance_satisfied(v, B_FALSE) == 1) { 1633 if (v->gv_start_f == NULL) 1634 vertex_send_event(v, RESTARTER_EVENT_TYPE_START); 1635 else 1636 v->gv_start_f(v); 1637 } 1638 } 1639 1640 /* 1641 * propagate_satbility() 1642 * 1643 * This function is used when the given vertex changes state in such a way that 1644 * one of its dependents may become unsatisfiable. This happens when an 1645 * instance transitions between offline -> online, or from !running -> 1646 * maintenance, as well as when an instance is removed from the graph. 1647 * 1648 * We have to walk all the dependents, since optional_all dependencies several 1649 * levels up could become (un)satisfied, instead of unsatisfiable. For example, 1650 * 1651 * +-----+ optional_all +-----+ require_all +-----+ 1652 * | A |--------------->| B |-------------->| C | 1653 * +-----+ +-----+ +-----+ 1654 * 1655 * offline -> maintenance 1656 * 1657 * If C goes into maintenance, it's not enough simply to check B. Because A has 1658 * an optional dependency, what was previously an unsatisfiable situation is now 1659 * satisfied (B will never come online, even though its state hasn't changed). 1660 * 1661 * Note that it's not necessary to continue examining dependents after reaching 1662 * an optional_all dependency. It's not possible for an optional_all dependency 1663 * to change satisfiability without also coming online, in which case we get a 1664 * start event and propagation continues naturally. However, it does no harm to 1665 * continue propagating satisfiability (as it is a relatively rare event), and 1666 * keeps the walker code simple and generic. 1667 */ 1668 /*ARGSUSED*/ 1669 static int 1670 satbility_cb(graph_vertex_t *v, void *arg) 1671 { 1672 if (v->gv_type == GVT_INST) 1673 graph_start_if_satisfied(v); 1674 1675 return (UU_WALK_NEXT); 1676 } 1677 1678 static void 1679 propagate_satbility(graph_vertex_t *v) 1680 { 1681 graph_walk(v, WALK_DEPENDENTS, satbility_cb, NULL, NULL); 1682 } 1683 1684 static void propagate_stop(graph_vertex_t *, void *); 1685 1686 /* ARGSUSED */ 1687 static void 1688 propagate_start(graph_vertex_t *v, void *arg) 1689 { 1690 switch (v->gv_type) { 1691 case GVT_INST: 1692 graph_start_if_satisfied(v); 1693 break; 1694 1695 case GVT_GROUP: 1696 if (v->gv_depgroup == DEPGRP_EXCLUDE_ALL) { 1697 graph_walk_dependents(v, propagate_stop, 1698 (void *)RERR_RESTART); 1699 break; 1700 } 1701 /* FALLTHROUGH */ 1702 1703 case GVT_SVC: 1704 graph_walk_dependents(v, propagate_start, NULL); 1705 break; 1706 1707 case GVT_FILE: 1708 #ifndef NDEBUG 1709 uu_warn("%s:%d: propagate_start() encountered GVT_FILE.\n", 1710 __FILE__, __LINE__); 1711 #endif 1712 abort(); 1713 /* NOTREACHED */ 1714 1715 default: 1716 #ifndef NDEBUG 1717 uu_warn("%s:%d: Unknown vertex type %d.\n", __FILE__, __LINE__, 1718 v->gv_type); 1719 #endif 1720 abort(); 1721 } 1722 } 1723 1724 static void 1725 propagate_stop(graph_vertex_t *v, void *arg) 1726 { 1727 graph_edge_t *e; 1728 graph_vertex_t *svc; 1729 restarter_error_t err = (restarter_error_t)arg; 1730 1731 switch (v->gv_type) { 1732 case GVT_INST: 1733 /* Restarter */ 1734 if (err > RERR_NONE && inst_running(v)) { 1735 if (err == RERR_RESTART || err == RERR_REFRESH) { 1736 vertex_send_event(v, 1737 RESTARTER_EVENT_TYPE_STOP_RESET); 1738 } else { 1739 vertex_send_event(v, RESTARTER_EVENT_TYPE_STOP); 1740 } 1741 } 1742 break; 1743 1744 case GVT_SVC: 1745 graph_walk_dependents(v, propagate_stop, arg); 1746 break; 1747 1748 case GVT_FILE: 1749 #ifndef NDEBUG 1750 uu_warn("%s:%d: propagate_stop() encountered GVT_FILE.\n", 1751 __FILE__, __LINE__); 1752 #endif 1753 abort(); 1754 /* NOTREACHED */ 1755 1756 case GVT_GROUP: 1757 if (v->gv_depgroup == DEPGRP_EXCLUDE_ALL) { 1758 graph_walk_dependents(v, propagate_start, NULL); 1759 break; 1760 } 1761 1762 if (err == RERR_NONE || err > v->gv_restart) 1763 break; 1764 1765 assert(uu_list_numnodes(v->gv_dependents) == 1); 1766 e = uu_list_first(v->gv_dependents); 1767 svc = e->ge_vertex; 1768 1769 if (inst_running(svc)) { 1770 if (err == RERR_RESTART || err == RERR_REFRESH) { 1771 vertex_send_event(svc, 1772 RESTARTER_EVENT_TYPE_STOP_RESET); 1773 } else { 1774 vertex_send_event(svc, 1775 RESTARTER_EVENT_TYPE_STOP); 1776 } 1777 } 1778 break; 1779 1780 default: 1781 #ifndef NDEBUG 1782 uu_warn("%s:%d: Unknown vertex type %d.\n", __FILE__, __LINE__, 1783 v->gv_type); 1784 #endif 1785 abort(); 1786 } 1787 } 1788 1789 void 1790 offline_vertex(graph_vertex_t *v) 1791 { 1792 scf_handle_t *h = libscf_handle_create_bound_loop(); 1793 scf_instance_t *scf_inst = safe_scf_instance_create(h); 1794 scf_propertygroup_t *pg = safe_scf_pg_create(h); 1795 restarter_instance_state_t state, next_state; 1796 int r; 1797 1798 assert(v->gv_type == GVT_INST); 1799 1800 if (scf_inst == NULL) 1801 bad_error("safe_scf_instance_create", scf_error()); 1802 if (pg == NULL) 1803 bad_error("safe_scf_pg_create", scf_error()); 1804 1805 /* if the vertex is already going offline, return */ 1806 rep_retry: 1807 if (scf_handle_decode_fmri(h, v->gv_name, NULL, NULL, scf_inst, NULL, 1808 NULL, SCF_DECODE_FMRI_EXACT) != 0) { 1809 switch (scf_error()) { 1810 case SCF_ERROR_CONNECTION_BROKEN: 1811 libscf_handle_rebind(h); 1812 goto rep_retry; 1813 1814 case SCF_ERROR_NOT_FOUND: 1815 scf_pg_destroy(pg); 1816 scf_instance_destroy(scf_inst); 1817 (void) scf_handle_unbind(h); 1818 scf_handle_destroy(h); 1819 return; 1820 } 1821 uu_die("Can't decode FMRI %s: %s\n", v->gv_name, 1822 scf_strerror(scf_error())); 1823 } 1824 1825 r = scf_instance_get_pg(scf_inst, SCF_PG_RESTARTER, pg); 1826 if (r != 0) { 1827 switch (scf_error()) { 1828 case SCF_ERROR_CONNECTION_BROKEN: 1829 libscf_handle_rebind(h); 1830 goto rep_retry; 1831 1832 case SCF_ERROR_NOT_SET: 1833 case SCF_ERROR_NOT_FOUND: 1834 scf_pg_destroy(pg); 1835 scf_instance_destroy(scf_inst); 1836 (void) scf_handle_unbind(h); 1837 scf_handle_destroy(h); 1838 return; 1839 1840 default: 1841 bad_error("scf_instance_get_pg", scf_error()); 1842 } 1843 } else { 1844 r = libscf_read_states(pg, &state, &next_state); 1845 if (r == 0 && (next_state == RESTARTER_STATE_OFFLINE || 1846 next_state == RESTARTER_STATE_DISABLED)) { 1847 log_framework(LOG_DEBUG, 1848 "%s: instance is already going down.\n", 1849 v->gv_name); 1850 scf_pg_destroy(pg); 1851 scf_instance_destroy(scf_inst); 1852 (void) scf_handle_unbind(h); 1853 scf_handle_destroy(h); 1854 return; 1855 } 1856 } 1857 1858 scf_pg_destroy(pg); 1859 scf_instance_destroy(scf_inst); 1860 (void) scf_handle_unbind(h); 1861 scf_handle_destroy(h); 1862 1863 vertex_send_event(v, RESTARTER_EVENT_TYPE_STOP_RESET); 1864 } 1865 1866 /* 1867 * void graph_enable_by_vertex() 1868 * If admin is non-zero, this is an administrative request for change 1869 * of the enabled property. Thus, send the ADMIN_DISABLE rather than 1870 * a plain DISABLE restarter event. 1871 */ 1872 void 1873 graph_enable_by_vertex(graph_vertex_t *vertex, int enable, int admin) 1874 { 1875 graph_vertex_t *v; 1876 int r; 1877 1878 assert(MUTEX_HELD(&dgraph_lock)); 1879 assert((vertex->gv_flags & GV_CONFIGURED)); 1880 1881 vertex->gv_flags = (vertex->gv_flags & ~GV_ENABLED) | 1882 (enable ? GV_ENABLED : 0); 1883 1884 if (enable) { 1885 if (vertex->gv_state != RESTARTER_STATE_OFFLINE && 1886 vertex->gv_state != RESTARTER_STATE_DEGRADED && 1887 vertex->gv_state != RESTARTER_STATE_ONLINE) { 1888 /* 1889 * In case the vertex was notified to go down, 1890 * but now can return online, clear the _TOOFFLINE 1891 * and _TODISABLE flags. 1892 */ 1893 vertex->gv_flags &= ~GV_TOOFFLINE; 1894 vertex->gv_flags &= ~GV_TODISABLE; 1895 1896 vertex_send_event(vertex, RESTARTER_EVENT_TYPE_ENABLE); 1897 } 1898 1899 /* 1900 * Wait for state update from restarter before sending _START or 1901 * _STOP. 1902 */ 1903 1904 return; 1905 } 1906 1907 if (vertex->gv_state == RESTARTER_STATE_DISABLED) 1908 return; 1909 1910 if (!admin) { 1911 vertex_send_event(vertex, RESTARTER_EVENT_TYPE_DISABLE); 1912 1913 /* 1914 * Wait for state update from restarter before sending _START or 1915 * _STOP. 1916 */ 1917 1918 return; 1919 } 1920 1921 /* 1922 * If it is a DISABLE event requested by the administrator then we are 1923 * offlining the dependents first. 1924 */ 1925 1926 /* 1927 * Set GV_TOOFFLINE for the services we are offlining. We cannot 1928 * clear the GV_TOOFFLINE bits from all the services because 1929 * other DISABLE events might be handled at the same time. 1930 */ 1931 vertex->gv_flags |= GV_TOOFFLINE; 1932 1933 /* remember which vertex to disable... */ 1934 vertex->gv_flags |= GV_TODISABLE; 1935 1936 log_framework(LOG_DEBUG, "Marking in-subtree vertices before " 1937 "disabling %s.\n", vertex->gv_name); 1938 1939 /* set GV_TOOFFLINE for its dependents */ 1940 r = uu_list_walk(vertex->gv_dependents, (uu_walk_fn_t *)mark_subtree, 1941 NULL, 0); 1942 assert(r == 0); 1943 1944 /* disable the instance now if there is nothing else to offline */ 1945 if (insubtree_dependents_down(vertex) == B_TRUE) { 1946 vertex_send_event(vertex, RESTARTER_EVENT_TYPE_ADMIN_DISABLE); 1947 return; 1948 } 1949 1950 /* 1951 * This loop is similar to the one used for the graph reversal shutdown 1952 * and could be improved in term of performance for the subtree reversal 1953 * disable case. 1954 */ 1955 for (v = uu_list_first(dgraph); v != NULL; 1956 v = uu_list_next(dgraph, v)) { 1957 /* skip the vertex we are disabling for now */ 1958 if (v == vertex) 1959 continue; 1960 1961 if (v->gv_type != GVT_INST || 1962 (v->gv_flags & GV_CONFIGURED) == 0 || 1963 (v->gv_flags & GV_ENABLED) == 0 || 1964 (v->gv_flags & GV_TOOFFLINE) == 0) 1965 continue; 1966 1967 if ((v->gv_state != RESTARTER_STATE_ONLINE) && 1968 (v->gv_state != RESTARTER_STATE_DEGRADED)) { 1969 /* continue if there is nothing to offline */ 1970 continue; 1971 } 1972 1973 /* 1974 * Instances which are up need to come down before we're 1975 * done, but we can only offline the leaves here. An 1976 * instance is a leaf when all its dependents are down. 1977 */ 1978 if (insubtree_dependents_down(v) == B_TRUE) { 1979 log_framework(LOG_DEBUG, "Offlining in-subtree " 1980 "instance %s for %s.\n", 1981 v->gv_name, vertex->gv_name); 1982 offline_vertex(v); 1983 } 1984 } 1985 } 1986 1987 static int configure_vertex(graph_vertex_t *, scf_instance_t *); 1988 1989 /* 1990 * Set the restarter for v to fmri_arg. That is, make sure a vertex for 1991 * fmri_arg exists, make v depend on it, and send _ADD_INSTANCE for v. If 1992 * v is already configured and fmri_arg indicates the current restarter, do 1993 * nothing. If v is configured and fmri_arg is a new restarter, delete v's 1994 * dependency on the restarter, send _REMOVE_INSTANCE for v, and set the new 1995 * restarter. Returns 0 on success, EINVAL if the FMRI is invalid, 1996 * ECONNABORTED if the repository connection is broken, and ELOOP 1997 * if the dependency would create a cycle. In the last case, *pathp will 1998 * point to a -1-terminated array of ids which compose the path from v to 1999 * restarter_fmri. 2000 */ 2001 int 2002 graph_change_restarter(graph_vertex_t *v, const char *fmri_arg, scf_handle_t *h, 2003 int **pathp) 2004 { 2005 char *restarter_fmri = NULL; 2006 graph_vertex_t *rv; 2007 int err; 2008 int id; 2009 2010 assert(MUTEX_HELD(&dgraph_lock)); 2011 2012 if (fmri_arg[0] != '\0') { 2013 err = fmri_canonify(fmri_arg, &restarter_fmri, B_TRUE); 2014 if (err != 0) { 2015 assert(err == EINVAL); 2016 return (err); 2017 } 2018 } 2019 2020 if (restarter_fmri == NULL || 2021 strcmp(restarter_fmri, SCF_SERVICE_STARTD) == 0) { 2022 if (v->gv_flags & GV_CONFIGURED) { 2023 if (v->gv_restarter_id == -1) { 2024 if (restarter_fmri != NULL) 2025 startd_free(restarter_fmri, 2026 max_scf_fmri_size); 2027 return (0); 2028 } 2029 2030 graph_unset_restarter(v); 2031 } 2032 2033 /* Master restarter, nothing to do. */ 2034 v->gv_restarter_id = -1; 2035 v->gv_restarter_channel = NULL; 2036 vertex_send_event(v, RESTARTER_EVENT_TYPE_ADD_INSTANCE); 2037 return (0); 2038 } 2039 2040 if (v->gv_flags & GV_CONFIGURED) { 2041 id = dict_lookup_byname(restarter_fmri); 2042 if (id != -1 && v->gv_restarter_id == id) { 2043 startd_free(restarter_fmri, max_scf_fmri_size); 2044 return (0); 2045 } 2046 2047 graph_unset_restarter(v); 2048 } 2049 2050 err = graph_insert_vertex_unconfigured(restarter_fmri, GVT_INST, 0, 2051 RERR_NONE, &rv); 2052 startd_free(restarter_fmri, max_scf_fmri_size); 2053 assert(err == 0 || err == EEXIST); 2054 2055 if (rv->gv_delegate_initialized == 0) { 2056 if ((rv->gv_delegate_channel = restarter_protocol_init_delegate( 2057 rv->gv_name)) == NULL) 2058 return (EINVAL); 2059 rv->gv_delegate_initialized = 1; 2060 } 2061 v->gv_restarter_id = rv->gv_id; 2062 v->gv_restarter_channel = rv->gv_delegate_channel; 2063 2064 err = graph_insert_dependency(v, rv, pathp); 2065 if (err != 0) { 2066 assert(err == ELOOP); 2067 return (ELOOP); 2068 } 2069 2070 vertex_send_event(v, RESTARTER_EVENT_TYPE_ADD_INSTANCE); 2071 2072 if (!(rv->gv_flags & GV_CONFIGURED)) { 2073 scf_instance_t *inst; 2074 2075 err = libscf_fmri_get_instance(h, rv->gv_name, &inst); 2076 switch (err) { 2077 case 0: 2078 err = configure_vertex(rv, inst); 2079 scf_instance_destroy(inst); 2080 switch (err) { 2081 case 0: 2082 case ECANCELED: 2083 break; 2084 2085 case ECONNABORTED: 2086 return (ECONNABORTED); 2087 2088 default: 2089 bad_error("configure_vertex", err); 2090 } 2091 break; 2092 2093 case ECONNABORTED: 2094 return (ECONNABORTED); 2095 2096 case ENOENT: 2097 break; 2098 2099 case ENOTSUP: 2100 /* 2101 * The fmri doesn't specify an instance - translate 2102 * to EINVAL. 2103 */ 2104 return (EINVAL); 2105 2106 case EINVAL: 2107 default: 2108 bad_error("libscf_fmri_get_instance", err); 2109 } 2110 } 2111 2112 return (0); 2113 } 2114 2115 2116 /* 2117 * Add all of the instances of the service named by fmri to the graph. 2118 * Returns 2119 * 0 - success 2120 * ENOENT - service indicated by fmri does not exist 2121 * 2122 * In both cases *reboundp will be B_TRUE if the handle was rebound, or B_FALSE 2123 * otherwise. 2124 */ 2125 static int 2126 add_service(const char *fmri, scf_handle_t *h, boolean_t *reboundp) 2127 { 2128 scf_service_t *svc; 2129 scf_instance_t *inst; 2130 scf_iter_t *iter; 2131 char *inst_fmri; 2132 int ret, r; 2133 2134 *reboundp = B_FALSE; 2135 2136 svc = safe_scf_service_create(h); 2137 inst = safe_scf_instance_create(h); 2138 iter = safe_scf_iter_create(h); 2139 inst_fmri = startd_alloc(max_scf_fmri_size); 2140 2141 rebound: 2142 if (scf_handle_decode_fmri(h, fmri, NULL, svc, NULL, NULL, NULL, 2143 SCF_DECODE_FMRI_EXACT) != 0) { 2144 switch (scf_error()) { 2145 case SCF_ERROR_CONNECTION_BROKEN: 2146 default: 2147 libscf_handle_rebind(h); 2148 *reboundp = B_TRUE; 2149 goto rebound; 2150 2151 case SCF_ERROR_NOT_FOUND: 2152 ret = ENOENT; 2153 goto out; 2154 2155 case SCF_ERROR_INVALID_ARGUMENT: 2156 case SCF_ERROR_CONSTRAINT_VIOLATED: 2157 case SCF_ERROR_NOT_BOUND: 2158 case SCF_ERROR_HANDLE_MISMATCH: 2159 bad_error("scf_handle_decode_fmri", scf_error()); 2160 } 2161 } 2162 2163 if (scf_iter_service_instances(iter, svc) != 0) { 2164 switch (scf_error()) { 2165 case SCF_ERROR_CONNECTION_BROKEN: 2166 default: 2167 libscf_handle_rebind(h); 2168 *reboundp = B_TRUE; 2169 goto rebound; 2170 2171 case SCF_ERROR_DELETED: 2172 ret = ENOENT; 2173 goto out; 2174 2175 case SCF_ERROR_HANDLE_MISMATCH: 2176 case SCF_ERROR_NOT_BOUND: 2177 case SCF_ERROR_NOT_SET: 2178 bad_error("scf_iter_service_instances", scf_error()); 2179 } 2180 } 2181 2182 for (;;) { 2183 r = scf_iter_next_instance(iter, inst); 2184 if (r == 0) 2185 break; 2186 if (r != 1) { 2187 switch (scf_error()) { 2188 case SCF_ERROR_CONNECTION_BROKEN: 2189 default: 2190 libscf_handle_rebind(h); 2191 *reboundp = B_TRUE; 2192 goto rebound; 2193 2194 case SCF_ERROR_DELETED: 2195 ret = ENOENT; 2196 goto out; 2197 2198 case SCF_ERROR_HANDLE_MISMATCH: 2199 case SCF_ERROR_NOT_BOUND: 2200 case SCF_ERROR_NOT_SET: 2201 case SCF_ERROR_INVALID_ARGUMENT: 2202 bad_error("scf_iter_next_instance", 2203 scf_error()); 2204 } 2205 } 2206 2207 if (scf_instance_to_fmri(inst, inst_fmri, max_scf_fmri_size) < 2208 0) { 2209 switch (scf_error()) { 2210 case SCF_ERROR_CONNECTION_BROKEN: 2211 libscf_handle_rebind(h); 2212 *reboundp = B_TRUE; 2213 goto rebound; 2214 2215 case SCF_ERROR_DELETED: 2216 continue; 2217 2218 case SCF_ERROR_NOT_BOUND: 2219 case SCF_ERROR_NOT_SET: 2220 bad_error("scf_instance_to_fmri", scf_error()); 2221 } 2222 } 2223 2224 r = dgraph_add_instance(inst_fmri, inst, B_FALSE); 2225 switch (r) { 2226 case 0: 2227 case ECANCELED: 2228 break; 2229 2230 case EEXIST: 2231 continue; 2232 2233 case ECONNABORTED: 2234 libscf_handle_rebind(h); 2235 *reboundp = B_TRUE; 2236 goto rebound; 2237 2238 case EINVAL: 2239 default: 2240 bad_error("dgraph_add_instance", r); 2241 } 2242 } 2243 2244 ret = 0; 2245 2246 out: 2247 startd_free(inst_fmri, max_scf_fmri_size); 2248 scf_iter_destroy(iter); 2249 scf_instance_destroy(inst); 2250 scf_service_destroy(svc); 2251 return (ret); 2252 } 2253 2254 struct depfmri_info { 2255 graph_vertex_t *v; /* GVT_GROUP vertex */ 2256 gv_type_t type; /* type of dependency */ 2257 const char *inst_fmri; /* FMRI of parental GVT_INST vert. */ 2258 const char *pg_name; /* Name of dependency pg */ 2259 scf_handle_t *h; 2260 int err; /* return error code */ 2261 int **pathp; /* return circular dependency path */ 2262 }; 2263 2264 /* 2265 * Find or create a vertex for fmri and make info->v depend on it. 2266 * Returns 2267 * 0 - success 2268 * nonzero - failure 2269 * 2270 * On failure, sets info->err to 2271 * EINVAL - fmri is invalid 2272 * fmri does not match info->type 2273 * ELOOP - Adding the dependency creates a circular dependency. *info->pathp 2274 * will point to an array of the ids of the members of the cycle. 2275 * ECONNABORTED - repository connection was broken 2276 * ECONNRESET - succeeded, but repository connection was reset 2277 */ 2278 static int 2279 process_dependency_fmri(const char *fmri, struct depfmri_info *info) 2280 { 2281 int err; 2282 graph_vertex_t *depgroup_v, *v; 2283 char *fmri_copy, *cfmri; 2284 size_t fmri_copy_sz; 2285 const char *scope, *service, *instance, *pg; 2286 scf_instance_t *inst; 2287 boolean_t rebound; 2288 2289 assert(MUTEX_HELD(&dgraph_lock)); 2290 2291 /* Get or create vertex for FMRI */ 2292 depgroup_v = info->v; 2293 2294 if (strncmp(fmri, "file:", sizeof ("file:") - 1) == 0) { 2295 if (info->type != GVT_FILE) { 2296 log_framework(LOG_NOTICE, 2297 "FMRI \"%s\" is not allowed for the \"%s\" " 2298 "dependency's type of instance %s.\n", fmri, 2299 info->pg_name, info->inst_fmri); 2300 return (info->err = EINVAL); 2301 } 2302 2303 err = graph_insert_vertex_unconfigured(fmri, info->type, 0, 2304 RERR_NONE, &v); 2305 switch (err) { 2306 case 0: 2307 break; 2308 2309 case EEXIST: 2310 assert(v->gv_type == GVT_FILE); 2311 break; 2312 2313 case EINVAL: /* prevented above */ 2314 default: 2315 bad_error("graph_insert_vertex_unconfigured", err); 2316 } 2317 } else { 2318 if (info->type != GVT_INST) { 2319 log_framework(LOG_NOTICE, 2320 "FMRI \"%s\" is not allowed for the \"%s\" " 2321 "dependency's type of instance %s.\n", fmri, 2322 info->pg_name, info->inst_fmri); 2323 return (info->err = EINVAL); 2324 } 2325 2326 /* 2327 * We must canonify fmri & add a vertex for it. 2328 */ 2329 fmri_copy_sz = strlen(fmri) + 1; 2330 fmri_copy = startd_alloc(fmri_copy_sz); 2331 (void) strcpy(fmri_copy, fmri); 2332 2333 /* Determine if the FMRI is a property group or instance */ 2334 if (scf_parse_svc_fmri(fmri_copy, &scope, &service, 2335 &instance, &pg, NULL) != 0) { 2336 startd_free(fmri_copy, fmri_copy_sz); 2337 log_framework(LOG_NOTICE, 2338 "Dependency \"%s\" of %s has invalid FMRI " 2339 "\"%s\".\n", info->pg_name, info->inst_fmri, 2340 fmri); 2341 return (info->err = EINVAL); 2342 } 2343 2344 if (service == NULL || pg != NULL) { 2345 startd_free(fmri_copy, fmri_copy_sz); 2346 log_framework(LOG_NOTICE, 2347 "Dependency \"%s\" of %s does not designate a " 2348 "service or instance.\n", info->pg_name, 2349 info->inst_fmri); 2350 return (info->err = EINVAL); 2351 } 2352 2353 if (scope == NULL || strcmp(scope, SCF_SCOPE_LOCAL) == 0) { 2354 cfmri = uu_msprintf("svc:/%s%s%s", 2355 service, instance ? ":" : "", instance ? instance : 2356 ""); 2357 } else { 2358 cfmri = uu_msprintf("svc://%s/%s%s%s", 2359 scope, service, instance ? ":" : "", instance ? 2360 instance : ""); 2361 } 2362 2363 startd_free(fmri_copy, fmri_copy_sz); 2364 2365 err = graph_insert_vertex_unconfigured(cfmri, instance ? 2366 GVT_INST : GVT_SVC, instance ? 0 : DEPGRP_REQUIRE_ANY, 2367 RERR_NONE, &v); 2368 uu_free(cfmri); 2369 switch (err) { 2370 case 0: 2371 break; 2372 2373 case EEXIST: 2374 /* Verify v. */ 2375 if (instance != NULL) 2376 assert(v->gv_type == GVT_INST); 2377 else 2378 assert(v->gv_type == GVT_SVC); 2379 break; 2380 2381 default: 2382 bad_error("graph_insert_vertex_unconfigured", err); 2383 } 2384 } 2385 2386 /* Add dependency from depgroup_v to new vertex */ 2387 info->err = graph_insert_dependency(depgroup_v, v, info->pathp); 2388 switch (info->err) { 2389 case 0: 2390 break; 2391 2392 case ELOOP: 2393 return (ELOOP); 2394 2395 default: 2396 bad_error("graph_insert_dependency", info->err); 2397 } 2398 2399 /* This must be after we insert the dependency, to avoid looping. */ 2400 switch (v->gv_type) { 2401 case GVT_INST: 2402 if ((v->gv_flags & GV_CONFIGURED) != 0) 2403 break; 2404 2405 inst = safe_scf_instance_create(info->h); 2406 2407 rebound = B_FALSE; 2408 2409 rebound: 2410 err = libscf_lookup_instance(v->gv_name, inst); 2411 switch (err) { 2412 case 0: 2413 err = configure_vertex(v, inst); 2414 switch (err) { 2415 case 0: 2416 case ECANCELED: 2417 break; 2418 2419 case ECONNABORTED: 2420 libscf_handle_rebind(info->h); 2421 rebound = B_TRUE; 2422 goto rebound; 2423 2424 default: 2425 bad_error("configure_vertex", err); 2426 } 2427 break; 2428 2429 case ENOENT: 2430 break; 2431 2432 case ECONNABORTED: 2433 libscf_handle_rebind(info->h); 2434 rebound = B_TRUE; 2435 goto rebound; 2436 2437 case EINVAL: 2438 case ENOTSUP: 2439 default: 2440 bad_error("libscf_fmri_get_instance", err); 2441 } 2442 2443 scf_instance_destroy(inst); 2444 2445 if (rebound) 2446 return (info->err = ECONNRESET); 2447 break; 2448 2449 case GVT_SVC: 2450 (void) add_service(v->gv_name, info->h, &rebound); 2451 if (rebound) 2452 return (info->err = ECONNRESET); 2453 } 2454 2455 return (0); 2456 } 2457 2458 struct deppg_info { 2459 graph_vertex_t *v; /* GVT_INST vertex */ 2460 int err; /* return error */ 2461 int **pathp; /* return circular dependency path */ 2462 }; 2463 2464 /* 2465 * Make info->v depend on a new GVT_GROUP node for this property group, 2466 * and then call process_dependency_fmri() for the values of the entity 2467 * property. Return 0 on success, or if something goes wrong return nonzero 2468 * and set info->err to ECONNABORTED, EINVAL, or the error code returned by 2469 * process_dependency_fmri(). 2470 */ 2471 static int 2472 process_dependency_pg(scf_propertygroup_t *pg, struct deppg_info *info) 2473 { 2474 scf_handle_t *h; 2475 depgroup_type_t deptype; 2476 restarter_error_t rerr; 2477 struct depfmri_info linfo; 2478 char *fmri, *pg_name; 2479 size_t fmri_sz; 2480 graph_vertex_t *depgrp; 2481 scf_property_t *prop; 2482 int err; 2483 int empty; 2484 scf_error_t scferr; 2485 ssize_t len; 2486 2487 assert(MUTEX_HELD(&dgraph_lock)); 2488 2489 h = scf_pg_handle(pg); 2490 2491 pg_name = startd_alloc(max_scf_name_size); 2492 2493 len = scf_pg_get_name(pg, pg_name, max_scf_name_size); 2494 if (len < 0) { 2495 startd_free(pg_name, max_scf_name_size); 2496 switch (scf_error()) { 2497 case SCF_ERROR_CONNECTION_BROKEN: 2498 default: 2499 return (info->err = ECONNABORTED); 2500 2501 case SCF_ERROR_DELETED: 2502 return (info->err = 0); 2503 2504 case SCF_ERROR_NOT_SET: 2505 bad_error("scf_pg_get_name", scf_error()); 2506 } 2507 } 2508 2509 /* 2510 * Skip over empty dependency groups. Since dependency property 2511 * groups are updated atomically, they are either empty or 2512 * fully populated. 2513 */ 2514 empty = depgroup_empty(h, pg); 2515 if (empty < 0) { 2516 log_error(LOG_INFO, 2517 "Error reading dependency group \"%s\" of %s: %s\n", 2518 pg_name, info->v->gv_name, scf_strerror(scf_error())); 2519 startd_free(pg_name, max_scf_name_size); 2520 return (info->err = EINVAL); 2521 2522 } else if (empty == 1) { 2523 log_framework(LOG_DEBUG, 2524 "Ignoring empty dependency group \"%s\" of %s\n", 2525 pg_name, info->v->gv_name); 2526 startd_free(pg_name, max_scf_name_size); 2527 return (info->err = 0); 2528 } 2529 2530 fmri_sz = strlen(info->v->gv_name) + 1 + len + 1; 2531 fmri = startd_alloc(fmri_sz); 2532 2533 (void) snprintf(fmri, max_scf_name_size, "%s>%s", info->v->gv_name, 2534 pg_name); 2535 2536 /* Validate the pg before modifying the graph */ 2537 deptype = depgroup_read_grouping(h, pg); 2538 if (deptype == DEPGRP_UNSUPPORTED) { 2539 log_error(LOG_INFO, 2540 "Dependency \"%s\" of %s has an unknown grouping value.\n", 2541 pg_name, info->v->gv_name); 2542 startd_free(fmri, fmri_sz); 2543 startd_free(pg_name, max_scf_name_size); 2544 return (info->err = EINVAL); 2545 } 2546 2547 rerr = depgroup_read_restart(h, pg); 2548 if (rerr == RERR_UNSUPPORTED) { 2549 log_error(LOG_INFO, 2550 "Dependency \"%s\" of %s has an unknown restart_on value." 2551 "\n", pg_name, info->v->gv_name); 2552 startd_free(fmri, fmri_sz); 2553 startd_free(pg_name, max_scf_name_size); 2554 return (info->err = EINVAL); 2555 } 2556 2557 prop = safe_scf_property_create(h); 2558 2559 if (scf_pg_get_property(pg, SCF_PROPERTY_ENTITIES, prop) != 0) { 2560 scferr = scf_error(); 2561 scf_property_destroy(prop); 2562 if (scferr == SCF_ERROR_DELETED) { 2563 startd_free(fmri, fmri_sz); 2564 startd_free(pg_name, max_scf_name_size); 2565 return (info->err = 0); 2566 } else if (scferr != SCF_ERROR_NOT_FOUND) { 2567 startd_free(fmri, fmri_sz); 2568 startd_free(pg_name, max_scf_name_size); 2569 return (info->err = ECONNABORTED); 2570 } 2571 2572 log_error(LOG_INFO, 2573 "Dependency \"%s\" of %s is missing a \"%s\" property.\n", 2574 pg_name, info->v->gv_name, SCF_PROPERTY_ENTITIES); 2575 2576 startd_free(fmri, fmri_sz); 2577 startd_free(pg_name, max_scf_name_size); 2578 2579 return (info->err = EINVAL); 2580 } 2581 2582 /* Create depgroup vertex for pg */ 2583 err = graph_insert_vertex_unconfigured(fmri, GVT_GROUP, deptype, 2584 rerr, &depgrp); 2585 assert(err == 0); 2586 startd_free(fmri, fmri_sz); 2587 2588 /* Add dependency from inst vertex to new vertex */ 2589 err = graph_insert_dependency(info->v, depgrp, info->pathp); 2590 /* ELOOP can't happen because this should be a new vertex */ 2591 assert(err == 0); 2592 2593 linfo.v = depgrp; 2594 linfo.type = depgroup_read_scheme(h, pg); 2595 linfo.inst_fmri = info->v->gv_name; 2596 linfo.pg_name = pg_name; 2597 linfo.h = h; 2598 linfo.err = 0; 2599 linfo.pathp = info->pathp; 2600 err = walk_property_astrings(prop, (callback_t)process_dependency_fmri, 2601 &linfo); 2602 2603 scf_property_destroy(prop); 2604 startd_free(pg_name, max_scf_name_size); 2605 2606 switch (err) { 2607 case 0: 2608 case EINTR: 2609 return (info->err = linfo.err); 2610 2611 case ECONNABORTED: 2612 case EINVAL: 2613 return (info->err = err); 2614 2615 case ECANCELED: 2616 return (info->err = 0); 2617 2618 case ECONNRESET: 2619 return (info->err = ECONNABORTED); 2620 2621 default: 2622 bad_error("walk_property_astrings", err); 2623 /* NOTREACHED */ 2624 } 2625 } 2626 2627 /* 2628 * Build the dependency info for v from the repository. Returns 0 on success, 2629 * ECONNABORTED on repository disconnection, EINVAL if the repository 2630 * configuration is invalid, and ELOOP if a dependency would cause a cycle. 2631 * In the last case, *pathp will point to a -1-terminated array of ids which 2632 * constitute the rest of the dependency cycle. 2633 */ 2634 static int 2635 set_dependencies(graph_vertex_t *v, scf_instance_t *inst, int **pathp) 2636 { 2637 struct deppg_info info; 2638 int err; 2639 uint_t old_configured; 2640 2641 assert(MUTEX_HELD(&dgraph_lock)); 2642 2643 /* 2644 * Mark the vertex as configured during dependency insertion to avoid 2645 * dependency cycles (which can appear in the graph if one of the 2646 * vertices is an exclusion-group). 2647 */ 2648 old_configured = v->gv_flags & GV_CONFIGURED; 2649 v->gv_flags |= GV_CONFIGURED; 2650 2651 info.err = 0; 2652 info.v = v; 2653 info.pathp = pathp; 2654 2655 err = walk_dependency_pgs(inst, (callback_t)process_dependency_pg, 2656 &info); 2657 2658 if (!old_configured) 2659 v->gv_flags &= ~GV_CONFIGURED; 2660 2661 switch (err) { 2662 case 0: 2663 case EINTR: 2664 return (info.err); 2665 2666 case ECONNABORTED: 2667 return (ECONNABORTED); 2668 2669 case ECANCELED: 2670 /* Should get delete event, so return 0. */ 2671 return (0); 2672 2673 default: 2674 bad_error("walk_dependency_pgs", err); 2675 /* NOTREACHED */ 2676 } 2677 } 2678 2679 2680 static void 2681 handle_cycle(const char *fmri, int *path) 2682 { 2683 const char *cp; 2684 size_t sz; 2685 2686 assert(MUTEX_HELD(&dgraph_lock)); 2687 2688 path_to_str(path, (char **)&cp, &sz); 2689 2690 log_error(LOG_ERR, "Transitioning %s to maintenance " 2691 "because it completes a dependency cycle (see svcs -xv for " 2692 "details):\n%s", fmri ? fmri : "?", cp); 2693 2694 startd_free((void *)cp, sz); 2695 } 2696 2697 /* 2698 * Increment the vertex's reference count to prevent the vertex removal 2699 * from the dgraph. 2700 */ 2701 static void 2702 vertex_ref(graph_vertex_t *v) 2703 { 2704 assert(MUTEX_HELD(&dgraph_lock)); 2705 2706 v->gv_refs++; 2707 } 2708 2709 /* 2710 * Decrement the vertex's reference count and remove the vertex from 2711 * the dgraph when possible. 2712 * 2713 * Return VERTEX_REMOVED when the vertex has been removed otherwise 2714 * return VERTEX_INUSE. 2715 */ 2716 static int 2717 vertex_unref(graph_vertex_t *v) 2718 { 2719 assert(MUTEX_HELD(&dgraph_lock)); 2720 assert(v->gv_refs > 0); 2721 2722 v->gv_refs--; 2723 2724 return (free_if_unrefed(v)); 2725 } 2726 2727 /* 2728 * When run on the dependencies of a vertex, populates list with 2729 * graph_edge_t's which point to the service vertices or the instance 2730 * vertices (no GVT_GROUP nodes) on which the vertex depends. 2731 * 2732 * Increment the vertex's reference count once the vertex is inserted 2733 * in the list. The vertex won't be able to be deleted from the dgraph 2734 * while it is referenced. 2735 */ 2736 static int 2737 append_svcs_or_insts(graph_edge_t *e, uu_list_t *list) 2738 { 2739 graph_vertex_t *v = e->ge_vertex; 2740 graph_edge_t *new; 2741 int r; 2742 2743 switch (v->gv_type) { 2744 case GVT_INST: 2745 case GVT_SVC: 2746 break; 2747 2748 case GVT_GROUP: 2749 r = uu_list_walk(v->gv_dependencies, 2750 (uu_walk_fn_t *)append_svcs_or_insts, list, 0); 2751 assert(r == 0); 2752 return (UU_WALK_NEXT); 2753 2754 case GVT_FILE: 2755 return (UU_WALK_NEXT); 2756 2757 default: 2758 #ifndef NDEBUG 2759 uu_warn("%s:%d: Unexpected vertex type %d.\n", __FILE__, 2760 __LINE__, v->gv_type); 2761 #endif 2762 abort(); 2763 } 2764 2765 new = startd_alloc(sizeof (*new)); 2766 new->ge_vertex = v; 2767 uu_list_node_init(new, &new->ge_link, graph_edge_pool); 2768 r = uu_list_insert_before(list, NULL, new); 2769 assert(r == 0); 2770 2771 /* 2772 * Because we are inserting the vertex in a list, we don't want 2773 * the vertex to be freed while the list is in use. In order to 2774 * achieve that, increment the vertex's reference count. 2775 */ 2776 vertex_ref(v); 2777 2778 return (UU_WALK_NEXT); 2779 } 2780 2781 static boolean_t 2782 should_be_in_subgraph(graph_vertex_t *v) 2783 { 2784 graph_edge_t *e; 2785 2786 if (v == milestone) 2787 return (B_TRUE); 2788 2789 /* 2790 * v is in the subgraph if any of its dependents are in the subgraph. 2791 * Except for EXCLUDE_ALL dependents. And OPTIONAL dependents only 2792 * count if we're enabled. 2793 */ 2794 for (e = uu_list_first(v->gv_dependents); 2795 e != NULL; 2796 e = uu_list_next(v->gv_dependents, e)) { 2797 graph_vertex_t *dv = e->ge_vertex; 2798 2799 if (!(dv->gv_flags & GV_INSUBGRAPH)) 2800 continue; 2801 2802 /* 2803 * Don't include instances that are optional and disabled. 2804 */ 2805 if (v->gv_type == GVT_INST && dv->gv_type == GVT_SVC) { 2806 2807 int in = 0; 2808 graph_edge_t *ee; 2809 2810 for (ee = uu_list_first(dv->gv_dependents); 2811 ee != NULL; 2812 ee = uu_list_next(dv->gv_dependents, ee)) { 2813 2814 graph_vertex_t *ddv = e->ge_vertex; 2815 2816 if (ddv->gv_type == GVT_GROUP && 2817 ddv->gv_depgroup == DEPGRP_EXCLUDE_ALL) 2818 continue; 2819 2820 if (ddv->gv_type == GVT_GROUP && 2821 ddv->gv_depgroup == DEPGRP_OPTIONAL_ALL && 2822 !(v->gv_flags & GV_ENBLD_NOOVR)) 2823 continue; 2824 2825 in = 1; 2826 } 2827 if (!in) 2828 continue; 2829 } 2830 if (v->gv_type == GVT_INST && 2831 dv->gv_type == GVT_GROUP && 2832 dv->gv_depgroup == DEPGRP_OPTIONAL_ALL && 2833 !(v->gv_flags & GV_ENBLD_NOOVR)) 2834 continue; 2835 2836 /* Don't include excluded services and instances */ 2837 if (dv->gv_type == GVT_GROUP && 2838 dv->gv_depgroup == DEPGRP_EXCLUDE_ALL) 2839 continue; 2840 2841 return (B_TRUE); 2842 } 2843 2844 return (B_FALSE); 2845 } 2846 2847 /* 2848 * Ensures that GV_INSUBGRAPH is set properly for v and its descendents. If 2849 * any bits change, manipulate the repository appropriately. Returns 0 or 2850 * ECONNABORTED. 2851 */ 2852 static int 2853 eval_subgraph(graph_vertex_t *v, scf_handle_t *h) 2854 { 2855 boolean_t old = (v->gv_flags & GV_INSUBGRAPH) != 0; 2856 boolean_t new; 2857 graph_edge_t *e; 2858 scf_instance_t *inst; 2859 int ret = 0, r; 2860 2861 assert(milestone != NULL && milestone != MILESTONE_NONE); 2862 2863 new = should_be_in_subgraph(v); 2864 2865 if (new == old) 2866 return (0); 2867 2868 log_framework(LOG_DEBUG, new ? "Adding %s to the subgraph.\n" : 2869 "Removing %s from the subgraph.\n", v->gv_name); 2870 2871 v->gv_flags = (v->gv_flags & ~GV_INSUBGRAPH) | 2872 (new ? GV_INSUBGRAPH : 0); 2873 2874 if (v->gv_type == GVT_INST && (v->gv_flags & GV_CONFIGURED)) { 2875 int err; 2876 2877 get_inst: 2878 err = libscf_fmri_get_instance(h, v->gv_name, &inst); 2879 if (err != 0) { 2880 switch (err) { 2881 case ECONNABORTED: 2882 libscf_handle_rebind(h); 2883 ret = ECONNABORTED; 2884 goto get_inst; 2885 2886 case ENOENT: 2887 break; 2888 2889 case EINVAL: 2890 case ENOTSUP: 2891 default: 2892 bad_error("libscf_fmri_get_instance", err); 2893 } 2894 } else { 2895 const char *f; 2896 2897 if (new) { 2898 err = libscf_delete_enable_ovr(inst); 2899 f = "libscf_delete_enable_ovr"; 2900 } else { 2901 err = libscf_set_enable_ovr(inst, 0); 2902 f = "libscf_set_enable_ovr"; 2903 } 2904 scf_instance_destroy(inst); 2905 switch (err) { 2906 case 0: 2907 case ECANCELED: 2908 break; 2909 2910 case ECONNABORTED: 2911 libscf_handle_rebind(h); 2912 /* 2913 * We must continue so the graph is updated, 2914 * but we must return ECONNABORTED so any 2915 * libscf state held by any callers is reset. 2916 */ 2917 ret = ECONNABORTED; 2918 goto get_inst; 2919 2920 case EROFS: 2921 case EPERM: 2922 log_error(LOG_WARNING, 2923 "Could not set %s/%s for %s: %s.\n", 2924 SCF_PG_GENERAL_OVR, SCF_PROPERTY_ENABLED, 2925 v->gv_name, strerror(err)); 2926 break; 2927 2928 default: 2929 bad_error(f, err); 2930 } 2931 } 2932 } 2933 2934 for (e = uu_list_first(v->gv_dependencies); 2935 e != NULL; 2936 e = uu_list_next(v->gv_dependencies, e)) { 2937 r = eval_subgraph(e->ge_vertex, h); 2938 if (r != 0) { 2939 assert(r == ECONNABORTED); 2940 ret = ECONNABORTED; 2941 } 2942 } 2943 2944 return (ret); 2945 } 2946 2947 /* 2948 * Delete the (property group) dependencies of v & create new ones based on 2949 * inst. If doing so would create a cycle, log a message and put the instance 2950 * into maintenance. Update GV_INSUBGRAPH flags as necessary. Returns 0 or 2951 * ECONNABORTED. 2952 */ 2953 int 2954 refresh_vertex(graph_vertex_t *v, scf_instance_t *inst) 2955 { 2956 int err; 2957 int *path; 2958 char *fmri; 2959 int r; 2960 scf_handle_t *h = scf_instance_handle(inst); 2961 uu_list_t *old_deps; 2962 int ret = 0; 2963 graph_edge_t *e; 2964 graph_vertex_t *vv; 2965 2966 assert(MUTEX_HELD(&dgraph_lock)); 2967 assert(v->gv_type == GVT_INST); 2968 2969 log_framework(LOG_DEBUG, "Graph engine: Refreshing %s.\n", v->gv_name); 2970 2971 if (milestone > MILESTONE_NONE) { 2972 /* 2973 * In case some of v's dependencies are being deleted we must 2974 * make a list of them now for GV_INSUBGRAPH-flag evaluation 2975 * after the new dependencies are in place. 2976 */ 2977 old_deps = startd_list_create(graph_edge_pool, NULL, 0); 2978 2979 err = uu_list_walk(v->gv_dependencies, 2980 (uu_walk_fn_t *)append_svcs_or_insts, old_deps, 0); 2981 assert(err == 0); 2982 } 2983 2984 delete_instance_dependencies(v, B_FALSE); 2985 2986 err = set_dependencies(v, inst, &path); 2987 switch (err) { 2988 case 0: 2989 break; 2990 2991 case ECONNABORTED: 2992 ret = err; 2993 goto out; 2994 2995 case EINVAL: 2996 case ELOOP: 2997 r = libscf_instance_get_fmri(inst, &fmri); 2998 switch (r) { 2999 case 0: 3000 break; 3001 3002 case ECONNABORTED: 3003 ret = ECONNABORTED; 3004 goto out; 3005 3006 case ECANCELED: 3007 ret = 0; 3008 goto out; 3009 3010 default: 3011 bad_error("libscf_instance_get_fmri", r); 3012 } 3013 3014 if (err == EINVAL) { 3015 log_error(LOG_ERR, "Transitioning %s " 3016 "to maintenance due to misconfiguration.\n", 3017 fmri ? fmri : "?"); 3018 vertex_send_event(v, 3019 RESTARTER_EVENT_TYPE_INVALID_DEPENDENCY); 3020 } else { 3021 handle_cycle(fmri, path); 3022 vertex_send_event(v, 3023 RESTARTER_EVENT_TYPE_DEPENDENCY_CYCLE); 3024 } 3025 startd_free(fmri, max_scf_fmri_size); 3026 ret = 0; 3027 goto out; 3028 3029 default: 3030 bad_error("set_dependencies", err); 3031 } 3032 3033 if (milestone > MILESTONE_NONE) { 3034 boolean_t aborted = B_FALSE; 3035 3036 for (e = uu_list_first(old_deps); 3037 e != NULL; 3038 e = uu_list_next(old_deps, e)) { 3039 vv = e->ge_vertex; 3040 3041 if (vertex_unref(vv) == VERTEX_INUSE && 3042 eval_subgraph(vv, h) == ECONNABORTED) 3043 aborted = B_TRUE; 3044 } 3045 3046 for (e = uu_list_first(v->gv_dependencies); 3047 e != NULL; 3048 e = uu_list_next(v->gv_dependencies, e)) { 3049 if (eval_subgraph(e->ge_vertex, h) == 3050 ECONNABORTED) 3051 aborted = B_TRUE; 3052 } 3053 3054 if (aborted) { 3055 ret = ECONNABORTED; 3056 goto out; 3057 } 3058 } 3059 3060 graph_start_if_satisfied(v); 3061 3062 ret = 0; 3063 3064 out: 3065 if (milestone > MILESTONE_NONE) { 3066 void *cookie = NULL; 3067 3068 while ((e = uu_list_teardown(old_deps, &cookie)) != NULL) 3069 startd_free(e, sizeof (*e)); 3070 3071 uu_list_destroy(old_deps); 3072 } 3073 3074 return (ret); 3075 } 3076 3077 /* 3078 * Set up v according to inst. That is, make sure it depends on its 3079 * restarter and set up its dependencies. Send the ADD_INSTANCE command to 3080 * the restarter, and send ENABLE or DISABLE as appropriate. 3081 * 3082 * Returns 0 on success, ECONNABORTED on repository disconnection, or 3083 * ECANCELED if inst is deleted. 3084 */ 3085 static int 3086 configure_vertex(graph_vertex_t *v, scf_instance_t *inst) 3087 { 3088 scf_handle_t *h; 3089 scf_propertygroup_t *pg; 3090 scf_snapshot_t *snap; 3091 char *restarter_fmri = startd_alloc(max_scf_value_size); 3092 int enabled, enabled_ovr; 3093 int err; 3094 int *path; 3095 int deathrow; 3096 3097 restarter_fmri[0] = '\0'; 3098 3099 assert(MUTEX_HELD(&dgraph_lock)); 3100 assert(v->gv_type == GVT_INST); 3101 assert((v->gv_flags & GV_CONFIGURED) == 0); 3102 3103 /* GV_INSUBGRAPH should already be set properly. */ 3104 assert(should_be_in_subgraph(v) == 3105 ((v->gv_flags & GV_INSUBGRAPH) != 0)); 3106 3107 /* 3108 * If the instance fmri is in the deathrow list then set the 3109 * GV_DEATHROW flag on the vertex and create and set to true the 3110 * SCF_PROPERTY_DEATHROW boolean property in the non-persistent 3111 * repository for this instance fmri. 3112 */ 3113 if ((v->gv_flags & GV_DEATHROW) || 3114 (is_fmri_in_deathrow(v->gv_name) == B_TRUE)) { 3115 if ((v->gv_flags & GV_DEATHROW) == 0) { 3116 /* 3117 * Set flag GV_DEATHROW, create and set to true 3118 * the SCF_PROPERTY_DEATHROW property in the 3119 * non-persistent repository for this instance fmri. 3120 */ 3121 v->gv_flags |= GV_DEATHROW; 3122 3123 switch (err = libscf_set_deathrow(inst, 1)) { 3124 case 0: 3125 break; 3126 3127 case ECONNABORTED: 3128 case ECANCELED: 3129 startd_free(restarter_fmri, max_scf_value_size); 3130 return (err); 3131 3132 case EROFS: 3133 log_error(LOG_WARNING, "Could not set %s/%s " 3134 "for deathrow %s: %s.\n", 3135 SCF_PG_DEATHROW, SCF_PROPERTY_DEATHROW, 3136 v->gv_name, strerror(err)); 3137 break; 3138 3139 case EPERM: 3140 uu_die("Permission denied.\n"); 3141 /* NOTREACHED */ 3142 3143 default: 3144 bad_error("libscf_set_deathrow", err); 3145 } 3146 log_framework(LOG_DEBUG, "Deathrow, graph set %s.\n", 3147 v->gv_name); 3148 } 3149 startd_free(restarter_fmri, max_scf_value_size); 3150 return (0); 3151 } 3152 3153 h = scf_instance_handle(inst); 3154 3155 /* 3156 * Using a temporary deathrow boolean property, set through 3157 * libscf_set_deathrow(), only for fmris on deathrow, is necessary 3158 * because deathrow_fini() may already have been called, and in case 3159 * of a refresh, GV_DEATHROW may need to be set again. 3160 * libscf_get_deathrow() sets deathrow to 1 only if this instance 3161 * has a temporary boolean property named 'deathrow' valued true 3162 * in a property group 'deathrow', -1 or 0 in all other cases. 3163 */ 3164 err = libscf_get_deathrow(h, inst, &deathrow); 3165 switch (err) { 3166 case 0: 3167 break; 3168 3169 case ECONNABORTED: 3170 case ECANCELED: 3171 startd_free(restarter_fmri, max_scf_value_size); 3172 return (err); 3173 3174 default: 3175 bad_error("libscf_get_deathrow", err); 3176 } 3177 3178 if (deathrow == 1) { 3179 v->gv_flags |= GV_DEATHROW; 3180 startd_free(restarter_fmri, max_scf_value_size); 3181 return (0); 3182 } 3183 3184 log_framework(LOG_DEBUG, "Graph adding %s.\n", v->gv_name); 3185 3186 /* 3187 * If the instance does not have a restarter property group, 3188 * initialize its state to uninitialized/none, in case the restarter 3189 * is not enabled. 3190 */ 3191 pg = safe_scf_pg_create(h); 3192 3193 if (scf_instance_get_pg(inst, SCF_PG_RESTARTER, pg) != 0) { 3194 instance_data_t idata; 3195 uint_t count = 0, msecs = ALLOC_DELAY; 3196 3197 switch (scf_error()) { 3198 case SCF_ERROR_NOT_FOUND: 3199 break; 3200 3201 case SCF_ERROR_CONNECTION_BROKEN: 3202 default: 3203 scf_pg_destroy(pg); 3204 startd_free(restarter_fmri, max_scf_value_size); 3205 return (ECONNABORTED); 3206 3207 case SCF_ERROR_DELETED: 3208 scf_pg_destroy(pg); 3209 startd_free(restarter_fmri, max_scf_value_size); 3210 return (ECANCELED); 3211 3212 case SCF_ERROR_NOT_SET: 3213 bad_error("scf_instance_get_pg", scf_error()); 3214 } 3215 3216 switch (err = libscf_instance_get_fmri(inst, 3217 (char **)&idata.i_fmri)) { 3218 case 0: 3219 break; 3220 3221 case ECONNABORTED: 3222 case ECANCELED: 3223 scf_pg_destroy(pg); 3224 startd_free(restarter_fmri, max_scf_value_size); 3225 return (err); 3226 3227 default: 3228 bad_error("libscf_instance_get_fmri", err); 3229 } 3230 3231 idata.i_state = RESTARTER_STATE_NONE; 3232 idata.i_next_state = RESTARTER_STATE_NONE; 3233 3234 init_state: 3235 switch (err = _restarter_commit_states(h, &idata, 3236 RESTARTER_STATE_UNINIT, RESTARTER_STATE_NONE, NULL)) { 3237 case 0: 3238 break; 3239 3240 case ENOMEM: 3241 ++count; 3242 if (count < ALLOC_RETRY) { 3243 (void) poll(NULL, 0, msecs); 3244 msecs *= ALLOC_DELAY_MULT; 3245 goto init_state; 3246 } 3247 3248 uu_die("Insufficient memory.\n"); 3249 /* NOTREACHED */ 3250 3251 case ECONNABORTED: 3252 startd_free((void *)idata.i_fmri, max_scf_fmri_size); 3253 scf_pg_destroy(pg); 3254 startd_free(restarter_fmri, max_scf_value_size); 3255 return (ECONNABORTED); 3256 3257 case ENOENT: 3258 startd_free((void *)idata.i_fmri, max_scf_fmri_size); 3259 scf_pg_destroy(pg); 3260 startd_free(restarter_fmri, max_scf_value_size); 3261 return (ECANCELED); 3262 3263 case EPERM: 3264 case EACCES: 3265 case EROFS: 3266 log_error(LOG_NOTICE, "Could not initialize state for " 3267 "%s: %s.\n", idata.i_fmri, strerror(err)); 3268 break; 3269 3270 case EINVAL: 3271 default: 3272 bad_error("_restarter_commit_states", err); 3273 } 3274 3275 startd_free((void *)idata.i_fmri, max_scf_fmri_size); 3276 } 3277 3278 scf_pg_destroy(pg); 3279 3280 if (milestone != NULL) { 3281 /* 3282 * Make sure the enable-override is set properly before we 3283 * read whether we should be enabled. 3284 */ 3285 if (milestone == MILESTONE_NONE || 3286 !(v->gv_flags & GV_INSUBGRAPH)) { 3287 /* 3288 * This might seem unjustified after the milestone 3289 * transition has completed (non_subgraph_svcs == 0), 3290 * but it's important because when we boot to 3291 * a milestone, we set the milestone before populating 3292 * the graph, and all of the new non-subgraph services 3293 * need to be disabled here. 3294 */ 3295 switch (err = libscf_set_enable_ovr(inst, 0)) { 3296 case 0: 3297 break; 3298 3299 case ECONNABORTED: 3300 case ECANCELED: 3301 startd_free(restarter_fmri, max_scf_value_size); 3302 return (err); 3303 3304 case EROFS: 3305 log_error(LOG_WARNING, 3306 "Could not set %s/%s for %s: %s.\n", 3307 SCF_PG_GENERAL_OVR, SCF_PROPERTY_ENABLED, 3308 v->gv_name, strerror(err)); 3309 break; 3310 3311 case EPERM: 3312 uu_die("Permission denied.\n"); 3313 /* NOTREACHED */ 3314 3315 default: 3316 bad_error("libscf_set_enable_ovr", err); 3317 } 3318 } else { 3319 assert(v->gv_flags & GV_INSUBGRAPH); 3320 switch (err = libscf_delete_enable_ovr(inst)) { 3321 case 0: 3322 break; 3323 3324 case ECONNABORTED: 3325 case ECANCELED: 3326 startd_free(restarter_fmri, max_scf_value_size); 3327 return (err); 3328 3329 case EPERM: 3330 uu_die("Permission denied.\n"); 3331 /* NOTREACHED */ 3332 3333 default: 3334 bad_error("libscf_delete_enable_ovr", err); 3335 } 3336 } 3337 } 3338 3339 err = libscf_get_basic_instance_data(h, inst, v->gv_name, &enabled, 3340 &enabled_ovr, &restarter_fmri); 3341 switch (err) { 3342 case 0: 3343 break; 3344 3345 case ECONNABORTED: 3346 case ECANCELED: 3347 startd_free(restarter_fmri, max_scf_value_size); 3348 return (err); 3349 3350 case ENOENT: 3351 log_framework(LOG_DEBUG, 3352 "Ignoring %s because it has no general property group.\n", 3353 v->gv_name); 3354 startd_free(restarter_fmri, max_scf_value_size); 3355 return (0); 3356 3357 default: 3358 bad_error("libscf_get_basic_instance_data", err); 3359 } 3360 3361 if (enabled == -1) { 3362 startd_free(restarter_fmri, max_scf_value_size); 3363 return (0); 3364 } 3365 3366 v->gv_flags = (v->gv_flags & ~GV_ENBLD_NOOVR) | 3367 (enabled ? GV_ENBLD_NOOVR : 0); 3368 3369 if (enabled_ovr != -1) 3370 enabled = enabled_ovr; 3371 3372 v->gv_state = RESTARTER_STATE_UNINIT; 3373 3374 snap = libscf_get_or_make_running_snapshot(inst, v->gv_name, B_TRUE); 3375 scf_snapshot_destroy(snap); 3376 3377 /* Set up the restarter. (Sends _ADD_INSTANCE on success.) */ 3378 err = graph_change_restarter(v, restarter_fmri, h, &path); 3379 if (err != 0) { 3380 instance_data_t idata; 3381 uint_t count = 0, msecs = ALLOC_DELAY; 3382 const char *reason; 3383 3384 if (err == ECONNABORTED) { 3385 startd_free(restarter_fmri, max_scf_value_size); 3386 return (err); 3387 } 3388 3389 assert(err == EINVAL || err == ELOOP); 3390 3391 if (err == EINVAL) { 3392 log_framework(LOG_ERR, emsg_invalid_restarter, 3393 v->gv_name, restarter_fmri); 3394 reason = "invalid_restarter"; 3395 } else { 3396 handle_cycle(v->gv_name, path); 3397 reason = "dependency_cycle"; 3398 } 3399 3400 startd_free(restarter_fmri, max_scf_value_size); 3401 3402 /* 3403 * We didn't register the instance with the restarter, so we 3404 * must set maintenance mode ourselves. 3405 */ 3406 err = libscf_instance_get_fmri(inst, (char **)&idata.i_fmri); 3407 if (err != 0) { 3408 assert(err == ECONNABORTED || err == ECANCELED); 3409 return (err); 3410 } 3411 3412 idata.i_state = RESTARTER_STATE_NONE; 3413 idata.i_next_state = RESTARTER_STATE_NONE; 3414 3415 set_maint: 3416 switch (err = _restarter_commit_states(h, &idata, 3417 RESTARTER_STATE_MAINT, RESTARTER_STATE_NONE, reason)) { 3418 case 0: 3419 break; 3420 3421 case ENOMEM: 3422 ++count; 3423 if (count < ALLOC_RETRY) { 3424 (void) poll(NULL, 0, msecs); 3425 msecs *= ALLOC_DELAY_MULT; 3426 goto set_maint; 3427 } 3428 3429 uu_die("Insufficient memory.\n"); 3430 /* NOTREACHED */ 3431 3432 case ECONNABORTED: 3433 startd_free((void *)idata.i_fmri, max_scf_fmri_size); 3434 return (ECONNABORTED); 3435 3436 case ENOENT: 3437 startd_free((void *)idata.i_fmri, max_scf_fmri_size); 3438 return (ECANCELED); 3439 3440 case EPERM: 3441 case EACCES: 3442 case EROFS: 3443 log_error(LOG_NOTICE, "Could not initialize state for " 3444 "%s: %s.\n", idata.i_fmri, strerror(err)); 3445 break; 3446 3447 case EINVAL: 3448 default: 3449 bad_error("_restarter_commit_states", err); 3450 } 3451 3452 startd_free((void *)idata.i_fmri, max_scf_fmri_size); 3453 3454 v->gv_state = RESTARTER_STATE_MAINT; 3455 3456 goto out; 3457 } 3458 startd_free(restarter_fmri, max_scf_value_size); 3459 3460 /* Add all the other dependencies. */ 3461 err = refresh_vertex(v, inst); 3462 if (err != 0) { 3463 assert(err == ECONNABORTED); 3464 return (err); 3465 } 3466 3467 out: 3468 v->gv_flags |= GV_CONFIGURED; 3469 3470 graph_enable_by_vertex(v, enabled, 0); 3471 3472 return (0); 3473 } 3474 3475 3476 static void 3477 kill_user_procs(void) 3478 { 3479 (void) fputs("svc.startd: Killing user processes.\n", stdout); 3480 3481 /* 3482 * Despite its name, killall's role is to get select user processes-- 3483 * basically those representing terminal-based logins-- to die. Victims 3484 * are located by killall in the utmp database. Since these are most 3485 * often shell based logins, and many shells mask SIGTERM (but are 3486 * responsive to SIGHUP) we first HUP and then shortly thereafter 3487 * kill -9. 3488 */ 3489 (void) fork_with_timeout("/usr/sbin/killall HUP", 1, 5); 3490 (void) fork_with_timeout("/usr/sbin/killall KILL", 1, 5); 3491 3492 /* 3493 * Note the selection of user id's 0, 1 and 15, subsequently 3494 * inverted by -v. 15 is reserved for dladmd. Yes, this is a 3495 * kludge-- a better policy is needed. 3496 * 3497 * Note that fork_with_timeout will only wait out the 1 second 3498 * "grace time" if pkill actually returns 0. So if there are 3499 * no matches, this will run to completion much more quickly. 3500 */ 3501 (void) fork_with_timeout("/usr/bin/pkill -TERM -v -u 0,1,15", 1, 5); 3502 (void) fork_with_timeout("/usr/bin/pkill -KILL -v -u 0,1,15", 1, 5); 3503 } 3504 3505 static void 3506 do_uadmin(void) 3507 { 3508 const char * const resetting = "/etc/svc/volatile/resetting"; 3509 int fd; 3510 struct statvfs vfs; 3511 time_t now; 3512 struct tm nowtm; 3513 char down_buf[256], time_buf[256]; 3514 uintptr_t mdep; 3515 #if defined(__i386) 3516 grub_boot_args_t fbarg; 3517 #endif /* __i386 */ 3518 3519 mdep = NULL; 3520 fd = creat(resetting, 0777); 3521 if (fd >= 0) 3522 startd_close(fd); 3523 else 3524 uu_warn("Could not create \"%s\"", resetting); 3525 3526 /* Kill dhcpagent if we're not using nfs for root */ 3527 if ((statvfs("/", &vfs) == 0) && 3528 (strncmp(vfs.f_basetype, "nfs", sizeof ("nfs") - 1) != 0)) 3529 fork_with_timeout("/usr/bin/pkill -x -u 0 dhcpagent", 0, 5); 3530 3531 /* 3532 * Call sync(2) now, before we kill off user processes. This takes 3533 * advantage of the several seconds of pause we have before the 3534 * killalls are done. Time we can make good use of to get pages 3535 * moving out to disk. 3536 * 3537 * Inside non-global zones, we don't bother, and it's better not to 3538 * anyway, since sync(2) can have system-wide impact. 3539 */ 3540 if (getzoneid() == 0) 3541 sync(); 3542 3543 kill_user_procs(); 3544 3545 /* 3546 * Note that this must come after the killing of user procs, since 3547 * killall relies on utmpx, and this command affects the contents of 3548 * said file. 3549 */ 3550 if (access("/usr/lib/acct/closewtmp", X_OK) == 0) 3551 fork_with_timeout("/usr/lib/acct/closewtmp", 0, 5); 3552 3553 /* 3554 * For patches which may be installed as the system is shutting 3555 * down, we need to ensure, one more time, that the boot archive 3556 * really is up to date. 3557 */ 3558 if (getzoneid() == 0 && access("/usr/sbin/bootadm", X_OK) == 0) 3559 fork_with_timeout("/usr/sbin/bootadm -ea update_all", 0, 3600); 3560 3561 /* 3562 * Right now, fast reboot is supported only on i386. 3563 * scf_is_fastboot_default() should take care of it. 3564 * If somehow we got there on unsupported platform - 3565 * print warning and fall back to regular reboot. 3566 */ 3567 if (halting == AD_FASTREBOOT) { 3568 #if defined(__i386) 3569 int rc; 3570 3571 if ((rc = grub_get_boot_args(&fbarg, NULL, 3572 GRUB_ENTRY_DEFAULT)) == 0) { 3573 mdep = (uintptr_t)&fbarg.gba_bootargs; 3574 } else { 3575 /* 3576 * Failed to read GRUB menu, fall back to normal reboot 3577 */ 3578 halting = AD_BOOT; 3579 uu_warn("Failed to process GRUB menu entry " 3580 "for fast reboot.\n\t%s\n" 3581 "Falling back to regular reboot.\n", 3582 grub_strerror(rc)); 3583 } 3584 #else /* __i386 */ 3585 halting = AD_BOOT; 3586 uu_warn("Fast reboot configured, but not supported by " 3587 "this ISA\n"); 3588 #endif /* __i386 */ 3589 } 3590 3591 fork_with_timeout("/sbin/umountall -l", 0, 5); 3592 fork_with_timeout("/sbin/umount /tmp /var/adm /var/run /var " 3593 ">/dev/null 2>&1", 0, 5); 3594 3595 /* 3596 * Try to get to consistency for whatever UFS filesystems are left. 3597 * This is pretty expensive, so we save it for the end in the hopes of 3598 * minimizing what it must do. The other option would be to start in 3599 * parallel with the killall's, but lockfs tends to throw out much more 3600 * than is needed, and so subsequent commands (like umountall) take a 3601 * long time to get going again. 3602 * 3603 * Inside of zones, we don't bother, since we're not about to terminate 3604 * the whole OS instance. 3605 * 3606 * On systems using only ZFS, this call to lockfs -fa is a no-op. 3607 */ 3608 if (getzoneid() == 0) { 3609 if (access("/usr/sbin/lockfs", X_OK) == 0) 3610 fork_with_timeout("/usr/sbin/lockfs -fa", 0, 30); 3611 3612 sync(); /* once more, with feeling */ 3613 } 3614 3615 fork_with_timeout("/sbin/umount /usr >/dev/null 2>&1", 0, 5); 3616 3617 /* 3618 * Construct and emit the last words from userland: 3619 * "<timestamp> The system is down. Shutdown took <N> seconds." 3620 * 3621 * Normally we'd use syslog, but with /var and other things 3622 * potentially gone, try to minimize the external dependencies. 3623 */ 3624 now = time(NULL); 3625 (void) localtime_r(&now, &nowtm); 3626 3627 if (strftime(down_buf, sizeof (down_buf), 3628 "%b %e %T The system is down.", &nowtm) == 0) { 3629 (void) strlcpy(down_buf, "The system is down.", 3630 sizeof (down_buf)); 3631 } 3632 3633 if (halting_time != 0 && halting_time <= now) { 3634 (void) snprintf(time_buf, sizeof (time_buf), 3635 " Shutdown took %lu seconds.", now - halting_time); 3636 } else { 3637 time_buf[0] = '\0'; 3638 } 3639 (void) printf("%s%s\n", down_buf, time_buf); 3640 3641 (void) uadmin(A_SHUTDOWN, halting, mdep); 3642 uu_warn("uadmin() failed"); 3643 3644 #if defined(__i386) 3645 /* uadmin fail, cleanup grub_boot_args */ 3646 if (halting == AD_FASTREBOOT) 3647 grub_cleanup_boot_args(&fbarg); 3648 #endif /* __i386 */ 3649 3650 if (remove(resetting) != 0 && errno != ENOENT) 3651 uu_warn("Could not remove \"%s\"", resetting); 3652 } 3653 3654 /* 3655 * If any of the up_svcs[] are online or satisfiable, return true. If they are 3656 * all missing, disabled, in maintenance, or unsatisfiable, return false. 3657 */ 3658 boolean_t 3659 can_come_up(void) 3660 { 3661 int i; 3662 3663 assert(MUTEX_HELD(&dgraph_lock)); 3664 3665 /* 3666 * If we are booting to single user (boot -s), 3667 * SCF_MILESTONE_SINGLE_USER is needed to come up because startd 3668 * spawns sulogin after single-user is online (see specials.c). 3669 */ 3670 i = (booting_to_single_user ? 0 : 1); 3671 3672 for (; up_svcs[i] != NULL; ++i) { 3673 if (up_svcs_p[i] == NULL) { 3674 up_svcs_p[i] = vertex_get_by_name(up_svcs[i]); 3675 3676 if (up_svcs_p[i] == NULL) 3677 continue; 3678 } 3679 3680 /* 3681 * Ignore unconfigured services (the ones that have been 3682 * mentioned in a dependency from other services, but do 3683 * not exist in the repository). Services which exist 3684 * in the repository but don't have general/enabled 3685 * property will be also ignored. 3686 */ 3687 if (!(up_svcs_p[i]->gv_flags & GV_CONFIGURED)) 3688 continue; 3689 3690 switch (up_svcs_p[i]->gv_state) { 3691 case RESTARTER_STATE_ONLINE: 3692 case RESTARTER_STATE_DEGRADED: 3693 /* 3694 * Deactivate verbose boot once a login service has been 3695 * reached. 3696 */ 3697 st->st_log_login_reached = 1; 3698 /*FALLTHROUGH*/ 3699 case RESTARTER_STATE_UNINIT: 3700 return (B_TRUE); 3701 3702 case RESTARTER_STATE_OFFLINE: 3703 if (instance_satisfied(up_svcs_p[i], B_TRUE) != -1) 3704 return (B_TRUE); 3705 log_framework(LOG_DEBUG, 3706 "can_come_up(): %s is unsatisfiable.\n", 3707 up_svcs_p[i]->gv_name); 3708 continue; 3709 3710 case RESTARTER_STATE_DISABLED: 3711 case RESTARTER_STATE_MAINT: 3712 log_framework(LOG_DEBUG, 3713 "can_come_up(): %s is in state %s.\n", 3714 up_svcs_p[i]->gv_name, 3715 instance_state_str[up_svcs_p[i]->gv_state]); 3716 continue; 3717 3718 default: 3719 #ifndef NDEBUG 3720 uu_warn("%s:%d: Unexpected vertex state %d.\n", 3721 __FILE__, __LINE__, up_svcs_p[i]->gv_state); 3722 #endif 3723 abort(); 3724 } 3725 } 3726 3727 /* 3728 * In the seed repository, console-login is unsatisfiable because 3729 * services are missing. To behave correctly in that case we don't want 3730 * to return false until manifest-import is online. 3731 */ 3732 3733 if (manifest_import_p == NULL) { 3734 manifest_import_p = vertex_get_by_name(manifest_import); 3735 3736 if (manifest_import_p == NULL) 3737 return (B_FALSE); 3738 } 3739 3740 switch (manifest_import_p->gv_state) { 3741 case RESTARTER_STATE_ONLINE: 3742 case RESTARTER_STATE_DEGRADED: 3743 case RESTARTER_STATE_DISABLED: 3744 case RESTARTER_STATE_MAINT: 3745 break; 3746 3747 case RESTARTER_STATE_OFFLINE: 3748 if (instance_satisfied(manifest_import_p, B_TRUE) == -1) 3749 break; 3750 /* FALLTHROUGH */ 3751 3752 case RESTARTER_STATE_UNINIT: 3753 return (B_TRUE); 3754 } 3755 3756 return (B_FALSE); 3757 } 3758 3759 /* 3760 * Runs sulogin. Returns 3761 * 0 - success 3762 * EALREADY - sulogin is already running 3763 * EBUSY - console-login is running 3764 */ 3765 static int 3766 run_sulogin(const char *msg) 3767 { 3768 graph_vertex_t *v; 3769 3770 assert(MUTEX_HELD(&dgraph_lock)); 3771 3772 if (sulogin_running) 3773 return (EALREADY); 3774 3775 v = vertex_get_by_name(console_login_fmri); 3776 if (v != NULL && inst_running(v)) 3777 return (EBUSY); 3778 3779 sulogin_running = B_TRUE; 3780 3781 MUTEX_UNLOCK(&dgraph_lock); 3782 3783 fork_sulogin(B_FALSE, msg); 3784 3785 MUTEX_LOCK(&dgraph_lock); 3786 3787 sulogin_running = B_FALSE; 3788 3789 if (console_login_ready) { 3790 v = vertex_get_by_name(console_login_fmri); 3791 3792 if (v != NULL && v->gv_state == RESTARTER_STATE_OFFLINE) { 3793 if (v->gv_start_f == NULL) 3794 vertex_send_event(v, 3795 RESTARTER_EVENT_TYPE_START); 3796 else 3797 v->gv_start_f(v); 3798 } 3799 3800 console_login_ready = B_FALSE; 3801 } 3802 3803 return (0); 3804 } 3805 3806 /* 3807 * The sulogin thread runs sulogin while can_come_up() is false. run_sulogin() 3808 * keeps sulogin from stepping on console-login's toes. 3809 */ 3810 /* ARGSUSED */ 3811 static void * 3812 sulogin_thread(void *unused) 3813 { 3814 MUTEX_LOCK(&dgraph_lock); 3815 3816 assert(sulogin_thread_running); 3817 3818 do { 3819 (void) run_sulogin("Console login service(s) cannot run\n"); 3820 } while (!can_come_up()); 3821 3822 sulogin_thread_running = B_FALSE; 3823 MUTEX_UNLOCK(&dgraph_lock); 3824 3825 return (NULL); 3826 } 3827 3828 /* ARGSUSED */ 3829 void * 3830 single_user_thread(void *unused) 3831 { 3832 uint_t left; 3833 scf_handle_t *h; 3834 scf_instance_t *inst; 3835 scf_property_t *prop; 3836 scf_value_t *val; 3837 const char *msg; 3838 char *buf; 3839 int r; 3840 3841 MUTEX_LOCK(&single_user_thread_lock); 3842 single_user_thread_count++; 3843 3844 if (!booting_to_single_user) 3845 kill_user_procs(); 3846 3847 if (go_single_user_mode || booting_to_single_user) { 3848 msg = "SINGLE USER MODE\n"; 3849 } else { 3850 assert(go_to_level1); 3851 3852 fork_rc_script('1', "start", B_TRUE); 3853 3854 uu_warn("The system is ready for administration.\n"); 3855 3856 msg = ""; 3857 } 3858 3859 MUTEX_UNLOCK(&single_user_thread_lock); 3860 3861 for (;;) { 3862 MUTEX_LOCK(&dgraph_lock); 3863 r = run_sulogin(msg); 3864 MUTEX_UNLOCK(&dgraph_lock); 3865 if (r == 0) 3866 break; 3867 3868 assert(r == EALREADY || r == EBUSY); 3869 3870 left = 3; 3871 while (left > 0) 3872 left = sleep(left); 3873 } 3874 3875 MUTEX_LOCK(&single_user_thread_lock); 3876 3877 /* 3878 * If another single user thread has started, let it finish changing 3879 * the run level. 3880 */ 3881 if (single_user_thread_count > 1) { 3882 single_user_thread_count--; 3883 MUTEX_UNLOCK(&single_user_thread_lock); 3884 return (NULL); 3885 } 3886 3887 h = libscf_handle_create_bound_loop(); 3888 inst = scf_instance_create(h); 3889 prop = safe_scf_property_create(h); 3890 val = safe_scf_value_create(h); 3891 buf = startd_alloc(max_scf_fmri_size); 3892 3893 lookup: 3894 if (scf_handle_decode_fmri(h, SCF_SERVICE_STARTD, NULL, NULL, inst, 3895 NULL, NULL, SCF_DECODE_FMRI_EXACT) != 0) { 3896 switch (scf_error()) { 3897 case SCF_ERROR_NOT_FOUND: 3898 r = libscf_create_self(h); 3899 if (r == 0) 3900 goto lookup; 3901 assert(r == ECONNABORTED); 3902 /* FALLTHROUGH */ 3903 3904 case SCF_ERROR_CONNECTION_BROKEN: 3905 libscf_handle_rebind(h); 3906 goto lookup; 3907 3908 case SCF_ERROR_INVALID_ARGUMENT: 3909 case SCF_ERROR_CONSTRAINT_VIOLATED: 3910 case SCF_ERROR_NOT_BOUND: 3911 case SCF_ERROR_HANDLE_MISMATCH: 3912 default: 3913 bad_error("scf_handle_decode_fmri", scf_error()); 3914 } 3915 } 3916 3917 MUTEX_LOCK(&dgraph_lock); 3918 3919 r = scf_instance_delete_prop(inst, SCF_PG_OPTIONS_OVR, 3920 SCF_PROPERTY_MILESTONE); 3921 switch (r) { 3922 case 0: 3923 case ECANCELED: 3924 break; 3925 3926 case ECONNABORTED: 3927 MUTEX_UNLOCK(&dgraph_lock); 3928 libscf_handle_rebind(h); 3929 goto lookup; 3930 3931 case EPERM: 3932 case EACCES: 3933 case EROFS: 3934 log_error(LOG_WARNING, "Could not clear temporary milestone: " 3935 "%s.\n", strerror(r)); 3936 break; 3937 3938 default: 3939 bad_error("scf_instance_delete_prop", r); 3940 } 3941 3942 MUTEX_UNLOCK(&dgraph_lock); 3943 3944 r = libscf_get_milestone(inst, prop, val, buf, max_scf_fmri_size); 3945 switch (r) { 3946 case ECANCELED: 3947 case ENOENT: 3948 case EINVAL: 3949 (void) strcpy(buf, "all"); 3950 /* FALLTHROUGH */ 3951 3952 case 0: 3953 uu_warn("Returning to milestone %s.\n", buf); 3954 break; 3955 3956 case ECONNABORTED: 3957 libscf_handle_rebind(h); 3958 goto lookup; 3959 3960 default: 3961 bad_error("libscf_get_milestone", r); 3962 } 3963 3964 r = dgraph_set_milestone(buf, h, B_FALSE); 3965 switch (r) { 3966 case 0: 3967 case ECONNRESET: 3968 case EALREADY: 3969 case EINVAL: 3970 case ENOENT: 3971 break; 3972 3973 default: 3974 bad_error("dgraph_set_milestone", r); 3975 } 3976 3977 /* 3978 * See graph_runlevel_changed(). 3979 */ 3980 MUTEX_LOCK(&dgraph_lock); 3981 utmpx_set_runlevel(target_milestone_as_runlevel(), 'S', B_TRUE); 3982 MUTEX_UNLOCK(&dgraph_lock); 3983 3984 startd_free(buf, max_scf_fmri_size); 3985 scf_value_destroy(val); 3986 scf_property_destroy(prop); 3987 scf_instance_destroy(inst); 3988 scf_handle_destroy(h); 3989 3990 /* 3991 * We'll give ourselves 3 seconds to respond to all of the enablings 3992 * that setting the milestone should have created before checking 3993 * whether to run sulogin. 3994 */ 3995 left = 3; 3996 while (left > 0) 3997 left = sleep(left); 3998 3999 MUTEX_LOCK(&dgraph_lock); 4000 /* 4001 * Clearing these variables will allow the sulogin thread to run. We 4002 * check here in case there aren't any more state updates anytime soon. 4003 */ 4004 go_to_level1 = go_single_user_mode = booting_to_single_user = B_FALSE; 4005 if (!sulogin_thread_running && !can_come_up()) { 4006 (void) startd_thread_create(sulogin_thread, NULL); 4007 sulogin_thread_running = B_TRUE; 4008 } 4009 MUTEX_UNLOCK(&dgraph_lock); 4010 single_user_thread_count--; 4011 MUTEX_UNLOCK(&single_user_thread_lock); 4012 return (NULL); 4013 } 4014 4015 4016 /* 4017 * Dependency graph operations API. These are handle-independent thread-safe 4018 * graph manipulation functions which are the entry points for the event 4019 * threads below. 4020 */ 4021 4022 /* 4023 * If a configured vertex exists for inst_fmri, return EEXIST. If no vertex 4024 * exists for inst_fmri, add one. Then fetch the restarter from inst, make 4025 * this vertex dependent on it, and send _ADD_INSTANCE to the restarter. 4026 * Fetch whether the instance should be enabled from inst and send _ENABLE or 4027 * _DISABLE as appropriate. Finally rummage through inst's dependency 4028 * property groups and add vertices and edges as appropriate. If anything 4029 * goes wrong after sending _ADD_INSTANCE, send _ADMIN_MAINT_ON to put the 4030 * instance in maintenance. Don't send _START or _STOP until we get a state 4031 * update in case we're being restarted and the service is already running. 4032 * 4033 * To support booting to a milestone, we must also make sure all dependencies 4034 * encountered are configured, if they exist in the repository. 4035 * 4036 * Returns 0 on success, ECONNABORTED on repository disconnection, EINVAL if 4037 * inst_fmri is an invalid (or not canonical) FMRI, ECANCELED if inst is 4038 * deleted, or EEXIST if a configured vertex for inst_fmri already exists. 4039 */ 4040 int 4041 dgraph_add_instance(const char *inst_fmri, scf_instance_t *inst, 4042 boolean_t lock_graph) 4043 { 4044 graph_vertex_t *v; 4045 int err; 4046 4047 if (strcmp(inst_fmri, SCF_SERVICE_STARTD) == 0) 4048 return (0); 4049 4050 /* Check for a vertex for inst_fmri. */ 4051 if (lock_graph) { 4052 MUTEX_LOCK(&dgraph_lock); 4053 } else { 4054 assert(MUTEX_HELD(&dgraph_lock)); 4055 } 4056 4057 v = vertex_get_by_name(inst_fmri); 4058 4059 if (v != NULL) { 4060 assert(v->gv_type == GVT_INST); 4061 4062 if (v->gv_flags & GV_CONFIGURED) { 4063 if (lock_graph) 4064 MUTEX_UNLOCK(&dgraph_lock); 4065 return (EEXIST); 4066 } 4067 } else { 4068 /* Add the vertex. */ 4069 err = graph_insert_vertex_unconfigured(inst_fmri, GVT_INST, 0, 4070 RERR_NONE, &v); 4071 if (err != 0) { 4072 assert(err == EINVAL); 4073 if (lock_graph) 4074 MUTEX_UNLOCK(&dgraph_lock); 4075 return (EINVAL); 4076 } 4077 } 4078 4079 err = configure_vertex(v, inst); 4080 4081 if (lock_graph) 4082 MUTEX_UNLOCK(&dgraph_lock); 4083 4084 return (err); 4085 } 4086 4087 /* 4088 * Locate the vertex for this property group's instance. If it doesn't exist 4089 * or is unconfigured, call dgraph_add_instance() & return. Otherwise fetch 4090 * the restarter for the instance, and if it has changed, send 4091 * _REMOVE_INSTANCE to the old restarter, remove the dependency, make sure the 4092 * new restarter has a vertex, add a new dependency, and send _ADD_INSTANCE to 4093 * the new restarter. Then fetch whether the instance should be enabled, and 4094 * if it is different from what we had, or if we changed the restarter, send 4095 * the appropriate _ENABLE or _DISABLE command. 4096 * 4097 * Returns 0 on success, ENOTSUP if the pg's parent is not an instance, 4098 * ECONNABORTED on repository disconnection, ECANCELED if the instance is 4099 * deleted, or -1 if the instance's general property group is deleted or if 4100 * its enabled property is misconfigured. 4101 */ 4102 static int 4103 dgraph_update_general(scf_propertygroup_t *pg) 4104 { 4105 scf_handle_t *h; 4106 scf_instance_t *inst; 4107 char *fmri; 4108 char *restarter_fmri; 4109 graph_vertex_t *v; 4110 int err; 4111 int enabled, enabled_ovr; 4112 int oldflags; 4113 4114 /* Find the vertex for this service */ 4115 h = scf_pg_handle(pg); 4116 4117 inst = safe_scf_instance_create(h); 4118 4119 if (scf_pg_get_parent_instance(pg, inst) != 0) { 4120 switch (scf_error()) { 4121 case SCF_ERROR_CONSTRAINT_VIOLATED: 4122 return (ENOTSUP); 4123 4124 case SCF_ERROR_CONNECTION_BROKEN: 4125 default: 4126 return (ECONNABORTED); 4127 4128 case SCF_ERROR_DELETED: 4129 return (0); 4130 4131 case SCF_ERROR_NOT_SET: 4132 bad_error("scf_pg_get_parent_instance", scf_error()); 4133 } 4134 } 4135 4136 err = libscf_instance_get_fmri(inst, &fmri); 4137 switch (err) { 4138 case 0: 4139 break; 4140 4141 case ECONNABORTED: 4142 scf_instance_destroy(inst); 4143 return (ECONNABORTED); 4144 4145 case ECANCELED: 4146 scf_instance_destroy(inst); 4147 return (0); 4148 4149 default: 4150 bad_error("libscf_instance_get_fmri", err); 4151 } 4152 4153 log_framework(LOG_DEBUG, 4154 "Graph engine: Reloading general properties for %s.\n", fmri); 4155 4156 MUTEX_LOCK(&dgraph_lock); 4157 4158 v = vertex_get_by_name(fmri); 4159 if (v == NULL || !(v->gv_flags & GV_CONFIGURED)) { 4160 /* Will get the up-to-date properties. */ 4161 MUTEX_UNLOCK(&dgraph_lock); 4162 err = dgraph_add_instance(fmri, inst, B_TRUE); 4163 startd_free(fmri, max_scf_fmri_size); 4164 scf_instance_destroy(inst); 4165 return (err == ECANCELED ? 0 : err); 4166 } 4167 4168 /* Read enabled & restarter from repository. */ 4169 restarter_fmri = startd_alloc(max_scf_value_size); 4170 err = libscf_get_basic_instance_data(h, inst, v->gv_name, &enabled, 4171 &enabled_ovr, &restarter_fmri); 4172 if (err != 0 || enabled == -1) { 4173 MUTEX_UNLOCK(&dgraph_lock); 4174 scf_instance_destroy(inst); 4175 startd_free(fmri, max_scf_fmri_size); 4176 4177 switch (err) { 4178 case ENOENT: 4179 case 0: 4180 startd_free(restarter_fmri, max_scf_value_size); 4181 return (-1); 4182 4183 case ECONNABORTED: 4184 case ECANCELED: 4185 startd_free(restarter_fmri, max_scf_value_size); 4186 return (err); 4187 4188 default: 4189 bad_error("libscf_get_basic_instance_data", err); 4190 } 4191 } 4192 4193 oldflags = v->gv_flags; 4194 v->gv_flags = (v->gv_flags & ~GV_ENBLD_NOOVR) | 4195 (enabled ? GV_ENBLD_NOOVR : 0); 4196 4197 if (enabled_ovr != -1) 4198 enabled = enabled_ovr; 4199 4200 /* 4201 * If GV_ENBLD_NOOVR has changed, then we need to re-evaluate the 4202 * subgraph. 4203 */ 4204 if (milestone > MILESTONE_NONE && v->gv_flags != oldflags) 4205 (void) eval_subgraph(v, h); 4206 4207 scf_instance_destroy(inst); 4208 4209 /* Ignore restarter change for now. */ 4210 4211 startd_free(restarter_fmri, max_scf_value_size); 4212 startd_free(fmri, max_scf_fmri_size); 4213 4214 /* 4215 * Always send _ENABLE or _DISABLE. We could avoid this if the 4216 * restarter didn't change and the enabled value didn't change, but 4217 * that's not easy to check and improbable anyway, so we'll just do 4218 * this. 4219 */ 4220 graph_enable_by_vertex(v, enabled, 1); 4221 4222 MUTEX_UNLOCK(&dgraph_lock); 4223 4224 return (0); 4225 } 4226 4227 /* 4228 * Delete all of the property group dependencies of v, update inst's running 4229 * snapshot, and add the dependencies in the new snapshot. If any of the new 4230 * dependencies would create a cycle, send _ADMIN_MAINT_ON. Otherwise 4231 * reevaluate v's dependencies, send _START or _STOP as appropriate, and do 4232 * the same for v's dependents. 4233 * 4234 * Returns 4235 * 0 - success 4236 * ECONNABORTED - repository connection broken 4237 * ECANCELED - inst was deleted 4238 * EINVAL - inst is invalid (e.g., missing general/enabled) 4239 * -1 - libscf_snapshots_refresh() failed 4240 */ 4241 static int 4242 dgraph_refresh_instance(graph_vertex_t *v, scf_instance_t *inst) 4243 { 4244 int r; 4245 int enabled; 4246 4247 assert(MUTEX_HELD(&dgraph_lock)); 4248 assert(v->gv_type == GVT_INST); 4249 4250 /* Only refresh services with valid general/enabled properties. */ 4251 r = libscf_get_basic_instance_data(scf_instance_handle(inst), inst, 4252 v->gv_name, &enabled, NULL, NULL); 4253 switch (r) { 4254 case 0: 4255 break; 4256 4257 case ECONNABORTED: 4258 case ECANCELED: 4259 return (r); 4260 4261 case ENOENT: 4262 log_framework(LOG_DEBUG, 4263 "Ignoring %s because it has no general property group.\n", 4264 v->gv_name); 4265 return (EINVAL); 4266 4267 default: 4268 bad_error("libscf_get_basic_instance_data", r); 4269 } 4270 4271 if (enabled == -1) 4272 return (EINVAL); 4273 4274 r = libscf_snapshots_refresh(inst, v->gv_name); 4275 if (r != 0) { 4276 if (r != -1) 4277 bad_error("libscf_snapshots_refresh", r); 4278 4279 /* error logged */ 4280 return (r); 4281 } 4282 4283 r = refresh_vertex(v, inst); 4284 if (r != 0 && r != ECONNABORTED) 4285 bad_error("refresh_vertex", r); 4286 return (r); 4287 } 4288 4289 /* 4290 * Returns true only if none of this service's dependents are 'up' -- online 4291 * or degraded (offline is considered down in this situation). This function 4292 * is somehow similar to is_nonsubgraph_leaf() but works on subtrees. 4293 */ 4294 static boolean_t 4295 insubtree_dependents_down(graph_vertex_t *v) 4296 { 4297 graph_vertex_t *vv; 4298 graph_edge_t *e; 4299 4300 assert(MUTEX_HELD(&dgraph_lock)); 4301 4302 for (e = uu_list_first(v->gv_dependents); e != NULL; 4303 e = uu_list_next(v->gv_dependents, e)) { 4304 vv = e->ge_vertex; 4305 if (vv->gv_type == GVT_INST) { 4306 if ((vv->gv_flags & GV_CONFIGURED) == 0) 4307 continue; 4308 4309 if ((vv->gv_flags & GV_TOOFFLINE) == 0) 4310 continue; 4311 4312 if ((vv->gv_state == RESTARTER_STATE_ONLINE) || 4313 (vv->gv_state == RESTARTER_STATE_DEGRADED)) 4314 return (B_FALSE); 4315 } else { 4316 /* 4317 * For dependency groups or service vertices, keep 4318 * traversing to see if instances are running. 4319 */ 4320 if (insubtree_dependents_down(vv) == B_FALSE) 4321 return (B_FALSE); 4322 } 4323 } 4324 4325 return (B_TRUE); 4326 } 4327 4328 /* 4329 * Returns true only if none of this service's dependents are 'up' -- online, 4330 * degraded, or offline. 4331 */ 4332 static int 4333 is_nonsubgraph_leaf(graph_vertex_t *v) 4334 { 4335 graph_vertex_t *vv; 4336 graph_edge_t *e; 4337 4338 assert(MUTEX_HELD(&dgraph_lock)); 4339 4340 for (e = uu_list_first(v->gv_dependents); 4341 e != NULL; 4342 e = uu_list_next(v->gv_dependents, e)) { 4343 4344 vv = e->ge_vertex; 4345 if (vv->gv_type == GVT_INST) { 4346 if ((vv->gv_flags & GV_CONFIGURED) == 0) 4347 continue; 4348 4349 if (vv->gv_flags & GV_INSUBGRAPH) 4350 continue; 4351 4352 if (up_state(vv->gv_state)) 4353 return (0); 4354 } else { 4355 /* 4356 * For dependency group or service vertices, keep 4357 * traversing to see if instances are running. 4358 * 4359 * We should skip exclude_all dependencies otherwise 4360 * the vertex will never be considered as a leaf 4361 * if the dependent is offline. The main reason for 4362 * this is that disable_nonsubgraph_leaves() skips 4363 * exclusion dependencies. 4364 */ 4365 if (vv->gv_type == GVT_GROUP && 4366 vv->gv_depgroup == DEPGRP_EXCLUDE_ALL) 4367 continue; 4368 4369 if (!is_nonsubgraph_leaf(vv)) 4370 return (0); 4371 } 4372 } 4373 4374 return (1); 4375 } 4376 4377 /* 4378 * Disable v temporarily. Attempt to do this by setting its enabled override 4379 * property in the repository. If that fails, send a _DISABLE command. 4380 * Returns 0 on success and ECONNABORTED if the repository connection is 4381 * broken. 4382 */ 4383 static int 4384 disable_service_temporarily(graph_vertex_t *v, scf_handle_t *h) 4385 { 4386 const char * const emsg = "Could not temporarily disable %s because " 4387 "%s. Will stop service anyways. Repository status for the " 4388 "service may be inaccurate.\n"; 4389 const char * const emsg_cbroken = 4390 "the repository connection was broken"; 4391 4392 scf_instance_t *inst; 4393 int r; 4394 4395 inst = scf_instance_create(h); 4396 if (inst == NULL) { 4397 char buf[100]; 4398 4399 (void) snprintf(buf, sizeof (buf), 4400 "scf_instance_create() failed (%s)", 4401 scf_strerror(scf_error())); 4402 log_error(LOG_WARNING, emsg, v->gv_name, buf); 4403 4404 graph_enable_by_vertex(v, 0, 0); 4405 return (0); 4406 } 4407 4408 r = scf_handle_decode_fmri(h, v->gv_name, NULL, NULL, inst, 4409 NULL, NULL, SCF_DECODE_FMRI_EXACT); 4410 if (r != 0) { 4411 switch (scf_error()) { 4412 case SCF_ERROR_CONNECTION_BROKEN: 4413 log_error(LOG_WARNING, emsg, v->gv_name, emsg_cbroken); 4414 graph_enable_by_vertex(v, 0, 0); 4415 return (ECONNABORTED); 4416 4417 case SCF_ERROR_NOT_FOUND: 4418 return (0); 4419 4420 case SCF_ERROR_HANDLE_MISMATCH: 4421 case SCF_ERROR_INVALID_ARGUMENT: 4422 case SCF_ERROR_CONSTRAINT_VIOLATED: 4423 case SCF_ERROR_NOT_BOUND: 4424 default: 4425 bad_error("scf_handle_decode_fmri", 4426 scf_error()); 4427 } 4428 } 4429 4430 r = libscf_set_enable_ovr(inst, 0); 4431 switch (r) { 4432 case 0: 4433 scf_instance_destroy(inst); 4434 return (0); 4435 4436 case ECANCELED: 4437 scf_instance_destroy(inst); 4438 return (0); 4439 4440 case ECONNABORTED: 4441 log_error(LOG_WARNING, emsg, v->gv_name, emsg_cbroken); 4442 graph_enable_by_vertex(v, 0, 0); 4443 return (ECONNABORTED); 4444 4445 case EPERM: 4446 log_error(LOG_WARNING, emsg, v->gv_name, 4447 "the repository denied permission"); 4448 graph_enable_by_vertex(v, 0, 0); 4449 return (0); 4450 4451 case EROFS: 4452 log_error(LOG_WARNING, emsg, v->gv_name, 4453 "the repository is read-only"); 4454 graph_enable_by_vertex(v, 0, 0); 4455 return (0); 4456 4457 default: 4458 bad_error("libscf_set_enable_ovr", r); 4459 /* NOTREACHED */ 4460 } 4461 } 4462 4463 /* 4464 * Of the transitive instance dependencies of v, offline those which are 4465 * in the subtree and which are leaves (i.e., have no dependents which are 4466 * "up"). 4467 */ 4468 void 4469 offline_subtree_leaves(graph_vertex_t *v, void *arg) 4470 { 4471 assert(MUTEX_HELD(&dgraph_lock)); 4472 4473 /* If v isn't an instance, recurse on its dependencies. */ 4474 if (v->gv_type != GVT_INST) { 4475 graph_walk_dependencies(v, offline_subtree_leaves, arg); 4476 return; 4477 } 4478 4479 /* 4480 * If v is not in the subtree, so should all of its dependencies, 4481 * so do nothing. 4482 */ 4483 if ((v->gv_flags & GV_TOOFFLINE) == 0) 4484 return; 4485 4486 /* If v isn't a leaf because it's already down, recurse. */ 4487 if (!up_state(v->gv_state)) { 4488 graph_walk_dependencies(v, offline_subtree_leaves, arg); 4489 return; 4490 } 4491 4492 /* if v is a leaf, offline it or disable it if it's the last one */ 4493 if (insubtree_dependents_down(v) == B_TRUE) { 4494 if (v->gv_flags & GV_TODISABLE) 4495 vertex_send_event(v, 4496 RESTARTER_EVENT_TYPE_ADMIN_DISABLE); 4497 else 4498 offline_vertex(v); 4499 } 4500 } 4501 4502 void 4503 graph_offline_subtree_leaves(graph_vertex_t *v, void *h) 4504 { 4505 graph_walk_dependencies(v, offline_subtree_leaves, (void *)h); 4506 } 4507 4508 4509 /* 4510 * Of the transitive instance dependencies of v, disable those which are not 4511 * in the subgraph and which are leaves (i.e., have no dependents which are 4512 * "up"). 4513 */ 4514 static void 4515 disable_nonsubgraph_leaves(graph_vertex_t *v, void *arg) 4516 { 4517 assert(MUTEX_HELD(&dgraph_lock)); 4518 4519 /* 4520 * We must skip exclusion dependencies because they are allowed to 4521 * complete dependency cycles. This is correct because A's exclusion 4522 * dependency on B doesn't bear on the order in which they should be 4523 * stopped. Indeed, the exclusion dependency should guarantee that 4524 * they are never online at the same time. 4525 */ 4526 if (v->gv_type == GVT_GROUP && v->gv_depgroup == DEPGRP_EXCLUDE_ALL) 4527 return; 4528 4529 /* If v isn't an instance, recurse on its dependencies. */ 4530 if (v->gv_type != GVT_INST) 4531 goto recurse; 4532 4533 if ((v->gv_flags & GV_CONFIGURED) == 0) 4534 /* 4535 * Unconfigured instances should have no dependencies, but in 4536 * case they ever get them, 4537 */ 4538 goto recurse; 4539 4540 /* 4541 * If v is in the subgraph, so should all of its dependencies, so do 4542 * nothing. 4543 */ 4544 if (v->gv_flags & GV_INSUBGRAPH) 4545 return; 4546 4547 /* If v isn't a leaf because it's already down, recurse. */ 4548 if (!up_state(v->gv_state)) 4549 goto recurse; 4550 4551 /* If v is disabled but not down yet, be patient. */ 4552 if ((v->gv_flags & GV_ENABLED) == 0) 4553 return; 4554 4555 /* If v is a leaf, disable it. */ 4556 if (is_nonsubgraph_leaf(v)) 4557 (void) disable_service_temporarily(v, (scf_handle_t *)arg); 4558 4559 return; 4560 4561 recurse: 4562 graph_walk_dependencies(v, disable_nonsubgraph_leaves, arg); 4563 } 4564 4565 /* 4566 * Find the vertex for inst_name. If it doesn't exist, return ENOENT. 4567 * Otherwise set its state to state. If the instance has entered a state 4568 * which requires automatic action, take it (Uninitialized: do 4569 * dgraph_refresh_instance() without the snapshot update. Disabled: if the 4570 * instance should be enabled, send _ENABLE. Offline: if the instance should 4571 * be disabled, send _DISABLE, and if its dependencies are satisfied, send 4572 * _START. Online, Degraded: if the instance wasn't running, update its start 4573 * snapshot. Maintenance: no action.) 4574 * 4575 * Also fails with ECONNABORTED, or EINVAL if state is invalid. 4576 */ 4577 static int 4578 dgraph_set_instance_state(scf_handle_t *h, const char *inst_name, 4579 restarter_instance_state_t state, restarter_error_t serr) 4580 { 4581 graph_vertex_t *v; 4582 int err = 0; 4583 restarter_instance_state_t old_state; 4584 4585 MUTEX_LOCK(&dgraph_lock); 4586 4587 v = vertex_get_by_name(inst_name); 4588 if (v == NULL) { 4589 MUTEX_UNLOCK(&dgraph_lock); 4590 return (ENOENT); 4591 } 4592 4593 assert(v->gv_type == GVT_INST); 4594 4595 switch (state) { 4596 case RESTARTER_STATE_UNINIT: 4597 case RESTARTER_STATE_DISABLED: 4598 case RESTARTER_STATE_OFFLINE: 4599 case RESTARTER_STATE_ONLINE: 4600 case RESTARTER_STATE_DEGRADED: 4601 case RESTARTER_STATE_MAINT: 4602 break; 4603 4604 default: 4605 MUTEX_UNLOCK(&dgraph_lock); 4606 return (EINVAL); 4607 } 4608 4609 log_framework(LOG_DEBUG, "Graph noting %s %s -> %s.\n", v->gv_name, 4610 instance_state_str[v->gv_state], instance_state_str[state]); 4611 4612 old_state = v->gv_state; 4613 v->gv_state = state; 4614 4615 err = gt_transition(h, v, serr, old_state); 4616 4617 MUTEX_UNLOCK(&dgraph_lock); 4618 return (err); 4619 } 4620 4621 /* 4622 * Handle state changes during milestone shutdown. See 4623 * dgraph_set_milestone(). If the repository connection is broken, 4624 * ECONNABORTED will be returned, though a _DISABLE command will be sent for 4625 * the vertex anyway. 4626 */ 4627 int 4628 vertex_subgraph_dependencies_shutdown(scf_handle_t *h, graph_vertex_t *v, 4629 restarter_instance_state_t old_state) 4630 { 4631 int was_up, now_up; 4632 int ret = 0; 4633 4634 assert(v->gv_type == GVT_INST); 4635 4636 /* Don't care if we're not going to a milestone. */ 4637 if (milestone == NULL) 4638 return (0); 4639 4640 /* Don't care if we already finished coming down. */ 4641 if (non_subgraph_svcs == 0) 4642 return (0); 4643 4644 /* Don't care if the service is in the subgraph. */ 4645 if (v->gv_flags & GV_INSUBGRAPH) 4646 return (0); 4647 4648 /* 4649 * Update non_subgraph_svcs. It is the number of non-subgraph 4650 * services which are in online, degraded, or offline. 4651 */ 4652 4653 was_up = up_state(old_state); 4654 now_up = up_state(v->gv_state); 4655 4656 if (!was_up && now_up) { 4657 ++non_subgraph_svcs; 4658 } else if (was_up && !now_up) { 4659 --non_subgraph_svcs; 4660 4661 if (non_subgraph_svcs == 0) { 4662 if (halting != -1) { 4663 do_uadmin(); 4664 } else if (go_single_user_mode || go_to_level1) { 4665 (void) startd_thread_create(single_user_thread, 4666 NULL); 4667 } 4668 return (0); 4669 } 4670 } 4671 4672 /* If this service is a leaf, it should be disabled. */ 4673 if ((v->gv_flags & GV_ENABLED) && is_nonsubgraph_leaf(v)) { 4674 int r; 4675 4676 r = disable_service_temporarily(v, h); 4677 switch (r) { 4678 case 0: 4679 break; 4680 4681 case ECONNABORTED: 4682 ret = ECONNABORTED; 4683 break; 4684 4685 default: 4686 bad_error("disable_service_temporarily", r); 4687 } 4688 } 4689 4690 /* 4691 * If the service just came down, propagate the disable to the newly 4692 * exposed leaves. 4693 */ 4694 if (was_up && !now_up) 4695 graph_walk_dependencies(v, disable_nonsubgraph_leaves, 4696 (void *)h); 4697 4698 return (ret); 4699 } 4700 4701 /* 4702 * Decide whether to start up an sulogin thread after a service is 4703 * finished changing state. Only need to do the full can_come_up() 4704 * evaluation if an instance is changing state, we're not halfway through 4705 * loading the thread, and we aren't shutting down or going to the single 4706 * user milestone. 4707 */ 4708 void 4709 graph_transition_sulogin(restarter_instance_state_t state, 4710 restarter_instance_state_t old_state) 4711 { 4712 assert(MUTEX_HELD(&dgraph_lock)); 4713 4714 if (state != old_state && st->st_load_complete && 4715 !go_single_user_mode && !go_to_level1 && 4716 halting == -1) { 4717 if (!sulogin_thread_running && !can_come_up()) { 4718 (void) startd_thread_create(sulogin_thread, NULL); 4719 sulogin_thread_running = B_TRUE; 4720 } 4721 } 4722 } 4723 4724 /* 4725 * Propagate a start, stop event, or a satisfiability event. 4726 * 4727 * PROPAGATE_START and PROPAGATE_STOP simply propagate the transition event 4728 * to direct dependents. PROPAGATE_SAT propagates a start then walks the 4729 * full dependent graph to check for newly satisfied nodes. This is 4730 * necessary for cases when non-direct dependents may be effected but direct 4731 * dependents may not (e.g. for optional_all evaluations, see the 4732 * propagate_satbility() comments). 4733 * 4734 * PROPAGATE_SAT should be used whenever a non-running service moves into 4735 * a state which can satisfy optional dependencies, like disabled or 4736 * maintenance. 4737 */ 4738 void 4739 graph_transition_propagate(graph_vertex_t *v, propagate_event_t type, 4740 restarter_error_t rerr) 4741 { 4742 if (type == PROPAGATE_STOP) { 4743 graph_walk_dependents(v, propagate_stop, (void *)rerr); 4744 } else if (type == PROPAGATE_START || type == PROPAGATE_SAT) { 4745 graph_walk_dependents(v, propagate_start, NULL); 4746 4747 if (type == PROPAGATE_SAT) 4748 propagate_satbility(v); 4749 } else { 4750 #ifndef NDEBUG 4751 uu_warn("%s:%d: Unexpected type value %d.\n", __FILE__, 4752 __LINE__, type); 4753 #endif 4754 abort(); 4755 } 4756 } 4757 4758 /* 4759 * If a vertex for fmri exists and it is enabled, send _DISABLE to the 4760 * restarter. If it is running, send _STOP. Send _REMOVE_INSTANCE. Delete 4761 * all property group dependencies, and the dependency on the restarter, 4762 * disposing of vertices as appropriate. If other vertices depend on this 4763 * one, mark it unconfigured and return. Otherwise remove the vertex. Always 4764 * returns 0. 4765 */ 4766 static int 4767 dgraph_remove_instance(const char *fmri, scf_handle_t *h) 4768 { 4769 graph_vertex_t *v; 4770 graph_edge_t *e; 4771 uu_list_t *old_deps; 4772 int err; 4773 4774 log_framework(LOG_DEBUG, "Graph engine: Removing %s.\n", fmri); 4775 4776 MUTEX_LOCK(&dgraph_lock); 4777 4778 v = vertex_get_by_name(fmri); 4779 if (v == NULL) { 4780 MUTEX_UNLOCK(&dgraph_lock); 4781 return (0); 4782 } 4783 4784 /* Send restarter delete event. */ 4785 if (v->gv_flags & GV_CONFIGURED) 4786 graph_unset_restarter(v); 4787 4788 if (milestone > MILESTONE_NONE) { 4789 /* 4790 * Make a list of v's current dependencies so we can 4791 * reevaluate their GV_INSUBGRAPH flags after the dependencies 4792 * are removed. 4793 */ 4794 old_deps = startd_list_create(graph_edge_pool, NULL, 0); 4795 4796 err = uu_list_walk(v->gv_dependencies, 4797 (uu_walk_fn_t *)append_svcs_or_insts, old_deps, 0); 4798 assert(err == 0); 4799 } 4800 4801 delete_instance_dependencies(v, B_TRUE); 4802 4803 /* 4804 * Deleting an instance can both satisfy and unsatisfy dependencies, 4805 * depending on their type. First propagate the stop as a RERR_RESTART 4806 * event -- deletion isn't a fault, just a normal stop. This gives 4807 * dependent services the chance to do a clean shutdown. Then, mark 4808 * the service as unconfigured and propagate the start event for the 4809 * optional_all dependencies that might have become satisfied. 4810 */ 4811 graph_walk_dependents(v, propagate_stop, (void *)RERR_RESTART); 4812 4813 v->gv_flags &= ~GV_CONFIGURED; 4814 v->gv_flags &= ~GV_DEATHROW; 4815 4816 graph_walk_dependents(v, propagate_start, NULL); 4817 propagate_satbility(v); 4818 4819 /* 4820 * If there are no (non-service) dependents, the vertex can be 4821 * completely removed. 4822 */ 4823 if (v != milestone && v->gv_refs == 0 && 4824 uu_list_numnodes(v->gv_dependents) == 1) 4825 remove_inst_vertex(v); 4826 4827 if (milestone > MILESTONE_NONE) { 4828 void *cookie = NULL; 4829 4830 while ((e = uu_list_teardown(old_deps, &cookie)) != NULL) { 4831 v = e->ge_vertex; 4832 4833 if (vertex_unref(v) == VERTEX_INUSE) 4834 while (eval_subgraph(v, h) == ECONNABORTED) 4835 libscf_handle_rebind(h); 4836 4837 startd_free(e, sizeof (*e)); 4838 } 4839 4840 uu_list_destroy(old_deps); 4841 } 4842 4843 MUTEX_UNLOCK(&dgraph_lock); 4844 4845 return (0); 4846 } 4847 4848 /* 4849 * Return the eventual (maybe current) milestone in the form of a 4850 * legacy runlevel. 4851 */ 4852 static char 4853 target_milestone_as_runlevel() 4854 { 4855 assert(MUTEX_HELD(&dgraph_lock)); 4856 4857 if (milestone == NULL) 4858 return ('3'); 4859 else if (milestone == MILESTONE_NONE) 4860 return ('0'); 4861 4862 if (strcmp(milestone->gv_name, multi_user_fmri) == 0) 4863 return ('2'); 4864 else if (strcmp(milestone->gv_name, single_user_fmri) == 0) 4865 return ('S'); 4866 else if (strcmp(milestone->gv_name, multi_user_svr_fmri) == 0) 4867 return ('3'); 4868 4869 #ifndef NDEBUG 4870 (void) fprintf(stderr, "%s:%d: Unknown milestone name \"%s\".\n", 4871 __FILE__, __LINE__, milestone->gv_name); 4872 #endif 4873 abort(); 4874 /* NOTREACHED */ 4875 } 4876 4877 static struct { 4878 char rl; 4879 int sig; 4880 } init_sigs[] = { 4881 { 'S', SIGBUS }, 4882 { '0', SIGINT }, 4883 { '1', SIGQUIT }, 4884 { '2', SIGILL }, 4885 { '3', SIGTRAP }, 4886 { '4', SIGIOT }, 4887 { '5', SIGEMT }, 4888 { '6', SIGFPE }, 4889 { 0, 0 } 4890 }; 4891 4892 static void 4893 signal_init(char rl) 4894 { 4895 pid_t init_pid; 4896 int i; 4897 4898 assert(MUTEX_HELD(&dgraph_lock)); 4899 4900 if (zone_getattr(getzoneid(), ZONE_ATTR_INITPID, &init_pid, 4901 sizeof (init_pid)) != sizeof (init_pid)) { 4902 log_error(LOG_NOTICE, "Could not get pid to signal init.\n"); 4903 return; 4904 } 4905 4906 for (i = 0; init_sigs[i].rl != 0; ++i) 4907 if (init_sigs[i].rl == rl) 4908 break; 4909 4910 if (init_sigs[i].rl != 0) { 4911 if (kill(init_pid, init_sigs[i].sig) != 0) { 4912 switch (errno) { 4913 case EPERM: 4914 case ESRCH: 4915 log_error(LOG_NOTICE, "Could not signal init: " 4916 "%s.\n", strerror(errno)); 4917 break; 4918 4919 case EINVAL: 4920 default: 4921 bad_error("kill", errno); 4922 } 4923 } 4924 } 4925 } 4926 4927 /* 4928 * This is called when one of the major milestones changes state, or when 4929 * init is signalled and tells us it was told to change runlevel. We wait 4930 * to reach the milestone because this allows /etc/inittab entries to retain 4931 * some boot ordering: historically, entries could place themselves before/after 4932 * the running of /sbin/rcX scripts but we can no longer make the 4933 * distinction because the /sbin/rcX scripts no longer exist as punctuation 4934 * marks in /etc/inittab. 4935 * 4936 * Also, we only trigger an update when we reach the eventual target 4937 * milestone: without this, an /etc/inittab entry marked only for 4938 * runlevel 2 would be executed for runlevel 3, which is not how 4939 * /etc/inittab entries work. 4940 * 4941 * If we're single user coming online, then we set utmpx to the target 4942 * runlevel so that legacy scripts can work as expected. 4943 */ 4944 static void 4945 graph_runlevel_changed(char rl, int online) 4946 { 4947 char trl; 4948 4949 assert(MUTEX_HELD(&dgraph_lock)); 4950 4951 trl = target_milestone_as_runlevel(); 4952 4953 if (online) { 4954 if (rl == trl) { 4955 current_runlevel = trl; 4956 signal_init(trl); 4957 } else if (rl == 'S') { 4958 /* 4959 * At boot, set the entry early for the benefit of the 4960 * legacy init scripts. 4961 */ 4962 utmpx_set_runlevel(trl, 'S', B_FALSE); 4963 } 4964 } else { 4965 if (rl == '3' && trl == '2') { 4966 current_runlevel = trl; 4967 signal_init(trl); 4968 } else if (rl == '2' && trl == 'S') { 4969 current_runlevel = trl; 4970 signal_init(trl); 4971 } 4972 } 4973 } 4974 4975 /* 4976 * Move to a backwards-compatible runlevel by executing the appropriate 4977 * /etc/rc?.d/K* scripts and/or setting the milestone. 4978 * 4979 * Returns 4980 * 0 - success 4981 * ECONNRESET - success, but handle was reset 4982 * ECONNABORTED - repository connection broken 4983 * ECANCELED - pg was deleted 4984 */ 4985 static int 4986 dgraph_set_runlevel(scf_propertygroup_t *pg, scf_property_t *prop) 4987 { 4988 char rl; 4989 scf_handle_t *h; 4990 int r; 4991 const char *ms = NULL; /* what to commit as options/milestone */ 4992 boolean_t rebound = B_FALSE; 4993 int mark_rl = 0; 4994 4995 const char * const stop = "stop"; 4996 4997 r = libscf_extract_runlevel(prop, &rl); 4998 switch (r) { 4999 case 0: 5000 break; 5001 5002 case ECONNABORTED: 5003 case ECANCELED: 5004 return (r); 5005 5006 case EINVAL: 5007 case ENOENT: 5008 log_error(LOG_WARNING, "runlevel property is misconfigured; " 5009 "ignoring.\n"); 5010 /* delete the bad property */ 5011 goto nolock_out; 5012 5013 default: 5014 bad_error("libscf_extract_runlevel", r); 5015 } 5016 5017 switch (rl) { 5018 case 's': 5019 rl = 'S'; 5020 /* FALLTHROUGH */ 5021 5022 case 'S': 5023 case '2': 5024 case '3': 5025 /* 5026 * These cases cause a milestone change, so 5027 * graph_runlevel_changed() will eventually deal with 5028 * signalling init. 5029 */ 5030 break; 5031 5032 case '0': 5033 case '1': 5034 case '4': 5035 case '5': 5036 case '6': 5037 mark_rl = 1; 5038 break; 5039 5040 default: 5041 log_framework(LOG_NOTICE, "Unknown runlevel '%c'.\n", rl); 5042 ms = NULL; 5043 goto nolock_out; 5044 } 5045 5046 h = scf_pg_handle(pg); 5047 5048 MUTEX_LOCK(&dgraph_lock); 5049 5050 /* 5051 * Since this triggers no milestone changes, force it by hand. 5052 */ 5053 if (current_runlevel == '4' && rl == '3') 5054 mark_rl = 1; 5055 5056 /* 5057 * 1. If we are here after an "init X": 5058 * 5059 * init X 5060 * init/lscf_set_runlevel() 5061 * process_pg_event() 5062 * dgraph_set_runlevel() 5063 * 5064 * then we haven't passed through graph_runlevel_changed() yet, 5065 * therefore 'current_runlevel' has not changed for sure but 'rl' has. 5066 * In consequence, if 'rl' is lower than 'current_runlevel', we change 5067 * the system runlevel and execute the appropriate /etc/rc?.d/K* scripts 5068 * past this test. 5069 * 5070 * 2. On the other hand, if we are here after a "svcadm milestone": 5071 * 5072 * svcadm milestone X 5073 * dgraph_set_milestone() 5074 * handle_graph_update_event() 5075 * dgraph_set_instance_state() 5076 * graph_post_X_[online|offline]() 5077 * graph_runlevel_changed() 5078 * signal_init() 5079 * init/lscf_set_runlevel() 5080 * process_pg_event() 5081 * dgraph_set_runlevel() 5082 * 5083 * then we already passed through graph_runlevel_changed() (by the way 5084 * of dgraph_set_milestone()) and 'current_runlevel' may have changed 5085 * and already be equal to 'rl' so we are going to return immediately 5086 * from dgraph_set_runlevel() without changing the system runlevel and 5087 * without executing the /etc/rc?.d/K* scripts. 5088 */ 5089 if (rl == current_runlevel) { 5090 ms = NULL; 5091 goto out; 5092 } 5093 5094 log_framework(LOG_DEBUG, "Changing to runlevel '%c'.\n", rl); 5095 5096 /* 5097 * Make sure stop rc scripts see the new settings via who -r. 5098 */ 5099 utmpx_set_runlevel(rl, current_runlevel, B_TRUE); 5100 5101 /* 5102 * Some run levels don't have a direct correspondence to any 5103 * milestones, so we have to signal init directly. 5104 */ 5105 if (mark_rl) { 5106 current_runlevel = rl; 5107 signal_init(rl); 5108 } 5109 5110 switch (rl) { 5111 case 'S': 5112 uu_warn("The system is coming down for administration. " 5113 "Please wait.\n"); 5114 fork_rc_script(rl, stop, B_FALSE); 5115 ms = single_user_fmri; 5116 go_single_user_mode = B_TRUE; 5117 break; 5118 5119 case '0': 5120 halting_time = time(NULL); 5121 fork_rc_script(rl, stop, B_TRUE); 5122 halting = AD_HALT; 5123 goto uadmin; 5124 5125 case '5': 5126 halting_time = time(NULL); 5127 fork_rc_script(rl, stop, B_TRUE); 5128 halting = AD_POWEROFF; 5129 goto uadmin; 5130 5131 case '6': 5132 halting_time = time(NULL); 5133 fork_rc_script(rl, stop, B_TRUE); 5134 if (scf_is_fastboot_default() && getzoneid() == GLOBAL_ZONEID) 5135 halting = AD_FASTREBOOT; 5136 else 5137 halting = AD_BOOT; 5138 5139 uadmin: 5140 uu_warn("The system is coming down. Please wait.\n"); 5141 ms = "none"; 5142 5143 /* 5144 * We can't wait until all services are offline since this 5145 * thread is responsible for taking them offline. Instead we 5146 * set halting to the second argument for uadmin() and call 5147 * do_uadmin() from dgraph_set_instance_state() when 5148 * appropriate. 5149 */ 5150 break; 5151 5152 case '1': 5153 if (current_runlevel != 'S') { 5154 uu_warn("Changing to state 1.\n"); 5155 fork_rc_script(rl, stop, B_FALSE); 5156 } else { 5157 uu_warn("The system is coming up for administration. " 5158 "Please wait.\n"); 5159 } 5160 ms = single_user_fmri; 5161 go_to_level1 = B_TRUE; 5162 break; 5163 5164 case '2': 5165 if (current_runlevel == '3' || current_runlevel == '4') 5166 fork_rc_script(rl, stop, B_FALSE); 5167 ms = multi_user_fmri; 5168 break; 5169 5170 case '3': 5171 case '4': 5172 ms = "all"; 5173 break; 5174 5175 default: 5176 #ifndef NDEBUG 5177 (void) fprintf(stderr, "%s:%d: Uncaught case %d ('%c').\n", 5178 __FILE__, __LINE__, rl, rl); 5179 #endif 5180 abort(); 5181 } 5182 5183 out: 5184 MUTEX_UNLOCK(&dgraph_lock); 5185 5186 nolock_out: 5187 switch (r = libscf_clear_runlevel(pg, ms)) { 5188 case 0: 5189 break; 5190 5191 case ECONNABORTED: 5192 libscf_handle_rebind(h); 5193 rebound = B_TRUE; 5194 goto nolock_out; 5195 5196 case ECANCELED: 5197 break; 5198 5199 case EPERM: 5200 case EACCES: 5201 case EROFS: 5202 log_error(LOG_NOTICE, "Could not delete \"%s/%s\" property: " 5203 "%s.\n", SCF_PG_OPTIONS, "runlevel", strerror(r)); 5204 break; 5205 5206 default: 5207 bad_error("libscf_clear_runlevel", r); 5208 } 5209 5210 return (rebound ? ECONNRESET : 0); 5211 } 5212 5213 /* 5214 * mark_subtree walks the dependents and add the GV_TOOFFLINE flag 5215 * to the instances that are supposed to go offline during an 5216 * administrative disable operation. 5217 */ 5218 static int 5219 mark_subtree(graph_edge_t *e, void *arg) 5220 { 5221 graph_vertex_t *v; 5222 int r; 5223 5224 v = e->ge_vertex; 5225 5226 /* If it's already in the subgraph, skip. */ 5227 if (v->gv_flags & GV_TOOFFLINE) 5228 return (UU_WALK_NEXT); 5229 5230 switch (v->gv_type) { 5231 case GVT_INST: 5232 /* If the instance is already disabled, skip it. */ 5233 if (!(v->gv_flags & GV_ENABLED)) 5234 return (UU_WALK_NEXT); 5235 5236 v->gv_flags |= GV_TOOFFLINE; 5237 log_framework(LOG_DEBUG, "%s added to subtree\n", v->gv_name); 5238 break; 5239 case GVT_GROUP: 5240 /* 5241 * Skip all excluded and optional_all dependencies and decide 5242 * whether to offline the service based on restart_on attribute. 5243 */ 5244 if (v->gv_depgroup == DEPGRP_EXCLUDE_ALL || 5245 v->gv_depgroup == DEPGRP_OPTIONAL_ALL || 5246 v->gv_restart < RERR_RESTART) 5247 return (UU_WALK_NEXT); 5248 break; 5249 } 5250 5251 r = uu_list_walk(v->gv_dependents, (uu_walk_fn_t *)mark_subtree, arg, 5252 0); 5253 assert(r == 0); 5254 return (UU_WALK_NEXT); 5255 } 5256 5257 static int 5258 mark_subgraph(graph_edge_t *e, void *arg) 5259 { 5260 graph_vertex_t *v; 5261 int r; 5262 int optional = (int)arg; 5263 5264 v = e->ge_vertex; 5265 5266 /* If it's already in the subgraph, skip. */ 5267 if (v->gv_flags & GV_INSUBGRAPH) 5268 return (UU_WALK_NEXT); 5269 5270 /* 5271 * Keep track if walk has entered an optional dependency group 5272 */ 5273 if (v->gv_type == GVT_GROUP && v->gv_depgroup == DEPGRP_OPTIONAL_ALL) { 5274 optional = 1; 5275 } 5276 /* 5277 * Quit if we are in an optional dependency group and the instance 5278 * is disabled 5279 */ 5280 if (optional && (v->gv_type == GVT_INST) && 5281 (!(v->gv_flags & GV_ENBLD_NOOVR))) 5282 return (UU_WALK_NEXT); 5283 5284 v->gv_flags |= GV_INSUBGRAPH; 5285 5286 /* Skip all excluded dependencies. */ 5287 if (v->gv_type == GVT_GROUP && v->gv_depgroup == DEPGRP_EXCLUDE_ALL) 5288 return (UU_WALK_NEXT); 5289 5290 r = uu_list_walk(v->gv_dependencies, (uu_walk_fn_t *)mark_subgraph, 5291 (void *)optional, 0); 5292 assert(r == 0); 5293 return (UU_WALK_NEXT); 5294 } 5295 5296 /* 5297 * Bring down all services which are not dependencies of fmri. The 5298 * dependencies of fmri (direct & indirect) will constitute the "subgraph", 5299 * and will have the GV_INSUBGRAPH flag set. The rest must be brought down, 5300 * which means the state is "disabled", "maintenance", or "uninitialized". We 5301 * could consider "offline" to be down, and refrain from sending start 5302 * commands for such services, but that's not strictly necessary, so we'll 5303 * decline to intrude on the state machine. It would probably confuse users 5304 * anyway. 5305 * 5306 * The services should be brought down in reverse-dependency order, so we 5307 * can't do it all at once here. We initiate by override-disabling the leaves 5308 * of the dependency tree -- those services which are up but have no 5309 * dependents which are up. When they come down, 5310 * vertex_subgraph_dependencies_shutdown() will override-disable the newly 5311 * exposed leaves. Perseverance will ensure completion. 5312 * 5313 * Sometimes we need to take action when the transition is complete, like 5314 * start sulogin or halt the system. To tell when we're done, we initialize 5315 * non_subgraph_svcs here to be the number of services which need to come 5316 * down. As each does, we decrement the counter. When it hits zero, we take 5317 * the appropriate action. See vertex_subgraph_dependencies_shutdown(). 5318 * 5319 * In case we're coming up, we also remove any enable-overrides for the 5320 * services which are dependencies of fmri. 5321 * 5322 * If norepository is true, the function will not change the repository. 5323 * 5324 * The decision to change the system run level in accordance with the milestone 5325 * is taken in dgraph_set_runlevel(). 5326 * 5327 * Returns 5328 * 0 - success 5329 * ECONNRESET - success, but handle was rebound 5330 * EINVAL - fmri is invalid (error is logged) 5331 * EALREADY - the milestone is already set to fmri 5332 * ENOENT - a configured vertex does not exist for fmri (an error is logged) 5333 */ 5334 static int 5335 dgraph_set_milestone(const char *fmri, scf_handle_t *h, boolean_t norepository) 5336 { 5337 const char *cfmri, *fs; 5338 graph_vertex_t *nm, *v; 5339 int ret = 0, r; 5340 scf_instance_t *inst; 5341 boolean_t isall, isnone, rebound = B_FALSE; 5342 5343 /* Validate fmri */ 5344 isall = (strcmp(fmri, "all") == 0); 5345 isnone = (strcmp(fmri, "none") == 0); 5346 5347 if (!isall && !isnone) { 5348 if (fmri_canonify(fmri, (char **)&cfmri, B_FALSE) == EINVAL) 5349 goto reject; 5350 5351 if (strcmp(cfmri, single_user_fmri) != 0 && 5352 strcmp(cfmri, multi_user_fmri) != 0 && 5353 strcmp(cfmri, multi_user_svr_fmri) != 0) { 5354 startd_free((void *)cfmri, max_scf_fmri_size); 5355 reject: 5356 log_framework(LOG_WARNING, 5357 "Rejecting request for invalid milestone \"%s\".\n", 5358 fmri); 5359 return (EINVAL); 5360 } 5361 } 5362 5363 inst = safe_scf_instance_create(h); 5364 5365 MUTEX_LOCK(&dgraph_lock); 5366 5367 if (milestone == NULL) { 5368 if (isall) { 5369 log_framework(LOG_DEBUG, 5370 "Milestone already set to all.\n"); 5371 ret = EALREADY; 5372 goto out; 5373 } 5374 } else if (milestone == MILESTONE_NONE) { 5375 if (isnone) { 5376 log_framework(LOG_DEBUG, 5377 "Milestone already set to none.\n"); 5378 ret = EALREADY; 5379 goto out; 5380 } 5381 } else { 5382 if (!isall && !isnone && 5383 strcmp(cfmri, milestone->gv_name) == 0) { 5384 log_framework(LOG_DEBUG, 5385 "Milestone already set to %s.\n", cfmri); 5386 ret = EALREADY; 5387 goto out; 5388 } 5389 } 5390 5391 if (!isall && !isnone) { 5392 nm = vertex_get_by_name(cfmri); 5393 if (nm == NULL || !(nm->gv_flags & GV_CONFIGURED)) { 5394 log_framework(LOG_WARNING, "Cannot set milestone to %s " 5395 "because no such service exists.\n", cfmri); 5396 ret = ENOENT; 5397 goto out; 5398 } 5399 } 5400 5401 log_framework(LOG_DEBUG, "Changing milestone to %s.\n", fmri); 5402 5403 /* 5404 * Set milestone, removing the old one if this was the last reference. 5405 */ 5406 if (milestone > MILESTONE_NONE) 5407 (void) vertex_unref(milestone); 5408 5409 if (isall) 5410 milestone = NULL; 5411 else if (isnone) 5412 milestone = MILESTONE_NONE; 5413 else { 5414 milestone = nm; 5415 /* milestone should count as a reference */ 5416 vertex_ref(milestone); 5417 } 5418 5419 /* Clear all GV_INSUBGRAPH bits. */ 5420 for (v = uu_list_first(dgraph); v != NULL; v = uu_list_next(dgraph, v)) 5421 v->gv_flags &= ~GV_INSUBGRAPH; 5422 5423 if (!isall && !isnone) { 5424 /* Set GV_INSUBGRAPH for milestone & descendents. */ 5425 milestone->gv_flags |= GV_INSUBGRAPH; 5426 5427 r = uu_list_walk(milestone->gv_dependencies, 5428 (uu_walk_fn_t *)mark_subgraph, NULL, 0); 5429 assert(r == 0); 5430 } 5431 5432 /* Un-override services in the subgraph & override-disable the rest. */ 5433 if (norepository) 5434 goto out; 5435 5436 non_subgraph_svcs = 0; 5437 for (v = uu_list_first(dgraph); 5438 v != NULL; 5439 v = uu_list_next(dgraph, v)) { 5440 if (v->gv_type != GVT_INST || 5441 (v->gv_flags & GV_CONFIGURED) == 0) 5442 continue; 5443 5444 again: 5445 r = scf_handle_decode_fmri(h, v->gv_name, NULL, NULL, inst, 5446 NULL, NULL, SCF_DECODE_FMRI_EXACT); 5447 if (r != 0) { 5448 switch (scf_error()) { 5449 case SCF_ERROR_CONNECTION_BROKEN: 5450 default: 5451 libscf_handle_rebind(h); 5452 rebound = B_TRUE; 5453 goto again; 5454 5455 case SCF_ERROR_NOT_FOUND: 5456 continue; 5457 5458 case SCF_ERROR_HANDLE_MISMATCH: 5459 case SCF_ERROR_INVALID_ARGUMENT: 5460 case SCF_ERROR_CONSTRAINT_VIOLATED: 5461 case SCF_ERROR_NOT_BOUND: 5462 bad_error("scf_handle_decode_fmri", 5463 scf_error()); 5464 } 5465 } 5466 5467 if (isall || (v->gv_flags & GV_INSUBGRAPH)) { 5468 r = libscf_delete_enable_ovr(inst); 5469 fs = "libscf_delete_enable_ovr"; 5470 } else { 5471 assert(isnone || (v->gv_flags & GV_INSUBGRAPH) == 0); 5472 5473 /* 5474 * Services which are up need to come down before 5475 * we're done, but we can only disable the leaves 5476 * here. 5477 */ 5478 5479 if (up_state(v->gv_state)) 5480 ++non_subgraph_svcs; 5481 5482 /* If it's already disabled, don't bother. */ 5483 if ((v->gv_flags & GV_ENABLED) == 0) 5484 continue; 5485 5486 if (!is_nonsubgraph_leaf(v)) 5487 continue; 5488 5489 r = libscf_set_enable_ovr(inst, 0); 5490 fs = "libscf_set_enable_ovr"; 5491 } 5492 switch (r) { 5493 case 0: 5494 case ECANCELED: 5495 break; 5496 5497 case ECONNABORTED: 5498 libscf_handle_rebind(h); 5499 rebound = B_TRUE; 5500 goto again; 5501 5502 case EPERM: 5503 case EROFS: 5504 log_error(LOG_WARNING, 5505 "Could not set %s/%s for %s: %s.\n", 5506 SCF_PG_GENERAL_OVR, SCF_PROPERTY_ENABLED, 5507 v->gv_name, strerror(r)); 5508 break; 5509 5510 default: 5511 bad_error(fs, r); 5512 } 5513 } 5514 5515 if (halting != -1) { 5516 if (non_subgraph_svcs > 1) 5517 uu_warn("%d system services are now being stopped.\n", 5518 non_subgraph_svcs); 5519 else if (non_subgraph_svcs == 1) 5520 uu_warn("One system service is now being stopped.\n"); 5521 else if (non_subgraph_svcs == 0) 5522 do_uadmin(); 5523 } 5524 5525 ret = rebound ? ECONNRESET : 0; 5526 5527 out: 5528 MUTEX_UNLOCK(&dgraph_lock); 5529 if (!isall && !isnone) 5530 startd_free((void *)cfmri, max_scf_fmri_size); 5531 scf_instance_destroy(inst); 5532 return (ret); 5533 } 5534 5535 5536 /* 5537 * Returns 0, ECONNABORTED, or EINVAL. 5538 */ 5539 static int 5540 handle_graph_update_event(scf_handle_t *h, graph_protocol_event_t *e) 5541 { 5542 int r; 5543 5544 switch (e->gpe_type) { 5545 case GRAPH_UPDATE_RELOAD_GRAPH: 5546 log_error(LOG_WARNING, 5547 "graph_event: reload graph unimplemented\n"); 5548 break; 5549 5550 case GRAPH_UPDATE_STATE_CHANGE: { 5551 protocol_states_t *states = e->gpe_data; 5552 5553 switch (r = dgraph_set_instance_state(h, e->gpe_inst, 5554 states->ps_state, states->ps_err)) { 5555 case 0: 5556 case ENOENT: 5557 break; 5558 5559 case ECONNABORTED: 5560 return (ECONNABORTED); 5561 5562 case EINVAL: 5563 default: 5564 #ifndef NDEBUG 5565 (void) fprintf(stderr, "dgraph_set_instance_state() " 5566 "failed with unexpected error %d at %s:%d.\n", r, 5567 __FILE__, __LINE__); 5568 #endif 5569 abort(); 5570 } 5571 5572 startd_free(states, sizeof (protocol_states_t)); 5573 break; 5574 } 5575 5576 default: 5577 log_error(LOG_WARNING, 5578 "graph_event_loop received an unknown event: %d\n", 5579 e->gpe_type); 5580 break; 5581 } 5582 5583 return (0); 5584 } 5585 5586 /* 5587 * graph_event_thread() 5588 * Wait for state changes from the restarters. 5589 */ 5590 /*ARGSUSED*/ 5591 void * 5592 graph_event_thread(void *unused) 5593 { 5594 scf_handle_t *h; 5595 int err; 5596 5597 h = libscf_handle_create_bound_loop(); 5598 5599 /*CONSTCOND*/ 5600 while (1) { 5601 graph_protocol_event_t *e; 5602 5603 MUTEX_LOCK(&gu->gu_lock); 5604 5605 while (gu->gu_wakeup == 0) 5606 (void) pthread_cond_wait(&gu->gu_cv, &gu->gu_lock); 5607 5608 gu->gu_wakeup = 0; 5609 5610 while ((e = graph_event_dequeue()) != NULL) { 5611 MUTEX_LOCK(&e->gpe_lock); 5612 MUTEX_UNLOCK(&gu->gu_lock); 5613 5614 while ((err = handle_graph_update_event(h, e)) == 5615 ECONNABORTED) 5616 libscf_handle_rebind(h); 5617 5618 if (err == 0) 5619 graph_event_release(e); 5620 else 5621 graph_event_requeue(e); 5622 5623 MUTEX_LOCK(&gu->gu_lock); 5624 } 5625 5626 MUTEX_UNLOCK(&gu->gu_lock); 5627 } 5628 5629 /* 5630 * Unreachable for now -- there's currently no graceful cleanup 5631 * called on exit(). 5632 */ 5633 MUTEX_UNLOCK(&gu->gu_lock); 5634 scf_handle_destroy(h); 5635 return (NULL); 5636 } 5637 5638 static void 5639 set_initial_milestone(scf_handle_t *h) 5640 { 5641 scf_instance_t *inst; 5642 char *fmri, *cfmri; 5643 size_t sz; 5644 int r; 5645 5646 inst = safe_scf_instance_create(h); 5647 fmri = startd_alloc(max_scf_fmri_size); 5648 5649 /* 5650 * If -m milestone= was specified, we want to set options_ovr/milestone 5651 * to it. Otherwise we want to read what the milestone should be set 5652 * to. Either way we need our inst. 5653 */ 5654 get_self: 5655 if (scf_handle_decode_fmri(h, SCF_SERVICE_STARTD, NULL, NULL, inst, 5656 NULL, NULL, SCF_DECODE_FMRI_EXACT) != 0) { 5657 switch (scf_error()) { 5658 case SCF_ERROR_CONNECTION_BROKEN: 5659 libscf_handle_rebind(h); 5660 goto get_self; 5661 5662 case SCF_ERROR_NOT_FOUND: 5663 if (st->st_subgraph != NULL && 5664 st->st_subgraph[0] != '\0') { 5665 sz = strlcpy(fmri, st->st_subgraph, 5666 max_scf_fmri_size); 5667 assert(sz < max_scf_fmri_size); 5668 } else { 5669 fmri[0] = '\0'; 5670 } 5671 break; 5672 5673 case SCF_ERROR_INVALID_ARGUMENT: 5674 case SCF_ERROR_CONSTRAINT_VIOLATED: 5675 case SCF_ERROR_HANDLE_MISMATCH: 5676 default: 5677 bad_error("scf_handle_decode_fmri", scf_error()); 5678 } 5679 } else { 5680 if (st->st_subgraph != NULL && st->st_subgraph[0] != '\0') { 5681 scf_propertygroup_t *pg; 5682 5683 pg = safe_scf_pg_create(h); 5684 5685 sz = strlcpy(fmri, st->st_subgraph, max_scf_fmri_size); 5686 assert(sz < max_scf_fmri_size); 5687 5688 r = libscf_inst_get_or_add_pg(inst, SCF_PG_OPTIONS_OVR, 5689 SCF_PG_OPTIONS_OVR_TYPE, SCF_PG_OPTIONS_OVR_FLAGS, 5690 pg); 5691 switch (r) { 5692 case 0: 5693 break; 5694 5695 case ECONNABORTED: 5696 libscf_handle_rebind(h); 5697 goto get_self; 5698 5699 case EPERM: 5700 case EACCES: 5701 case EROFS: 5702 log_error(LOG_WARNING, "Could not set %s/%s: " 5703 "%s.\n", SCF_PG_OPTIONS_OVR, 5704 SCF_PROPERTY_MILESTONE, strerror(r)); 5705 /* FALLTHROUGH */ 5706 5707 case ECANCELED: 5708 sz = strlcpy(fmri, st->st_subgraph, 5709 max_scf_fmri_size); 5710 assert(sz < max_scf_fmri_size); 5711 break; 5712 5713 default: 5714 bad_error("libscf_inst_get_or_add_pg", r); 5715 } 5716 5717 r = libscf_clear_runlevel(pg, fmri); 5718 switch (r) { 5719 case 0: 5720 break; 5721 5722 case ECONNABORTED: 5723 libscf_handle_rebind(h); 5724 goto get_self; 5725 5726 case EPERM: 5727 case EACCES: 5728 case EROFS: 5729 log_error(LOG_WARNING, "Could not set %s/%s: " 5730 "%s.\n", SCF_PG_OPTIONS_OVR, 5731 SCF_PROPERTY_MILESTONE, strerror(r)); 5732 /* FALLTHROUGH */ 5733 5734 case ECANCELED: 5735 sz = strlcpy(fmri, st->st_subgraph, 5736 max_scf_fmri_size); 5737 assert(sz < max_scf_fmri_size); 5738 break; 5739 5740 default: 5741 bad_error("libscf_clear_runlevel", r); 5742 } 5743 5744 scf_pg_destroy(pg); 5745 } else { 5746 scf_property_t *prop; 5747 scf_value_t *val; 5748 5749 prop = safe_scf_property_create(h); 5750 val = safe_scf_value_create(h); 5751 5752 r = libscf_get_milestone(inst, prop, val, fmri, 5753 max_scf_fmri_size); 5754 switch (r) { 5755 case 0: 5756 break; 5757 5758 case ECONNABORTED: 5759 libscf_handle_rebind(h); 5760 goto get_self; 5761 5762 case EINVAL: 5763 log_error(LOG_WARNING, "Milestone property is " 5764 "misconfigured. Defaulting to \"all\".\n"); 5765 /* FALLTHROUGH */ 5766 5767 case ECANCELED: 5768 case ENOENT: 5769 fmri[0] = '\0'; 5770 break; 5771 5772 default: 5773 bad_error("libscf_get_milestone", r); 5774 } 5775 5776 scf_value_destroy(val); 5777 scf_property_destroy(prop); 5778 } 5779 } 5780 5781 if (fmri[0] == '\0' || strcmp(fmri, "all") == 0) 5782 goto out; 5783 5784 if (strcmp(fmri, "none") != 0) { 5785 retry: 5786 if (scf_handle_decode_fmri(h, fmri, NULL, NULL, inst, NULL, 5787 NULL, SCF_DECODE_FMRI_EXACT) != 0) { 5788 switch (scf_error()) { 5789 case SCF_ERROR_INVALID_ARGUMENT: 5790 log_error(LOG_WARNING, 5791 "Requested milestone \"%s\" is invalid. " 5792 "Reverting to \"all\".\n", fmri); 5793 goto out; 5794 5795 case SCF_ERROR_CONSTRAINT_VIOLATED: 5796 log_error(LOG_WARNING, "Requested milestone " 5797 "\"%s\" does not specify an instance. " 5798 "Reverting to \"all\".\n", fmri); 5799 goto out; 5800 5801 case SCF_ERROR_CONNECTION_BROKEN: 5802 libscf_handle_rebind(h); 5803 goto retry; 5804 5805 case SCF_ERROR_NOT_FOUND: 5806 log_error(LOG_WARNING, "Requested milestone " 5807 "\"%s\" not in repository. Reverting to " 5808 "\"all\".\n", fmri); 5809 goto out; 5810 5811 case SCF_ERROR_HANDLE_MISMATCH: 5812 default: 5813 bad_error("scf_handle_decode_fmri", 5814 scf_error()); 5815 } 5816 } 5817 5818 r = fmri_canonify(fmri, &cfmri, B_FALSE); 5819 assert(r == 0); 5820 5821 r = dgraph_add_instance(cfmri, inst, B_TRUE); 5822 startd_free(cfmri, max_scf_fmri_size); 5823 switch (r) { 5824 case 0: 5825 break; 5826 5827 case ECONNABORTED: 5828 goto retry; 5829 5830 case EINVAL: 5831 log_error(LOG_WARNING, 5832 "Requested milestone \"%s\" is invalid. " 5833 "Reverting to \"all\".\n", fmri); 5834 goto out; 5835 5836 case ECANCELED: 5837 log_error(LOG_WARNING, 5838 "Requested milestone \"%s\" not " 5839 "in repository. Reverting to \"all\".\n", 5840 fmri); 5841 goto out; 5842 5843 case EEXIST: 5844 default: 5845 bad_error("dgraph_add_instance", r); 5846 } 5847 } 5848 5849 log_console(LOG_INFO, "Booting to milestone \"%s\".\n", fmri); 5850 5851 r = dgraph_set_milestone(fmri, h, B_FALSE); 5852 switch (r) { 5853 case 0: 5854 case ECONNRESET: 5855 case EALREADY: 5856 break; 5857 5858 case EINVAL: 5859 case ENOENT: 5860 default: 5861 bad_error("dgraph_set_milestone", r); 5862 } 5863 5864 out: 5865 startd_free(fmri, max_scf_fmri_size); 5866 scf_instance_destroy(inst); 5867 } 5868 5869 void 5870 set_restart_milestone(scf_handle_t *h) 5871 { 5872 scf_instance_t *inst; 5873 scf_property_t *prop; 5874 scf_value_t *val; 5875 char *fmri; 5876 int r; 5877 5878 inst = safe_scf_instance_create(h); 5879 5880 get_self: 5881 if (scf_handle_decode_fmri(h, SCF_SERVICE_STARTD, NULL, NULL, 5882 inst, NULL, NULL, SCF_DECODE_FMRI_EXACT) != 0) { 5883 switch (scf_error()) { 5884 case SCF_ERROR_CONNECTION_BROKEN: 5885 libscf_handle_rebind(h); 5886 goto get_self; 5887 5888 case SCF_ERROR_NOT_FOUND: 5889 break; 5890 5891 case SCF_ERROR_INVALID_ARGUMENT: 5892 case SCF_ERROR_CONSTRAINT_VIOLATED: 5893 case SCF_ERROR_HANDLE_MISMATCH: 5894 default: 5895 bad_error("scf_handle_decode_fmri", scf_error()); 5896 } 5897 5898 scf_instance_destroy(inst); 5899 return; 5900 } 5901 5902 prop = safe_scf_property_create(h); 5903 val = safe_scf_value_create(h); 5904 fmri = startd_alloc(max_scf_fmri_size); 5905 5906 r = libscf_get_milestone(inst, prop, val, fmri, max_scf_fmri_size); 5907 switch (r) { 5908 case 0: 5909 break; 5910 5911 case ECONNABORTED: 5912 libscf_handle_rebind(h); 5913 goto get_self; 5914 5915 case ECANCELED: 5916 case ENOENT: 5917 case EINVAL: 5918 goto out; 5919 5920 default: 5921 bad_error("libscf_get_milestone", r); 5922 } 5923 5924 r = dgraph_set_milestone(fmri, h, B_TRUE); 5925 switch (r) { 5926 case 0: 5927 case ECONNRESET: 5928 case EALREADY: 5929 case EINVAL: 5930 case ENOENT: 5931 break; 5932 5933 default: 5934 bad_error("dgraph_set_milestone", r); 5935 } 5936 5937 out: 5938 startd_free(fmri, max_scf_fmri_size); 5939 scf_value_destroy(val); 5940 scf_property_destroy(prop); 5941 scf_instance_destroy(inst); 5942 } 5943 5944 /* 5945 * void *graph_thread(void *) 5946 * 5947 * Graph management thread. 5948 */ 5949 /*ARGSUSED*/ 5950 void * 5951 graph_thread(void *arg) 5952 { 5953 scf_handle_t *h; 5954 int err; 5955 5956 h = libscf_handle_create_bound_loop(); 5957 5958 if (st->st_initial) 5959 set_initial_milestone(h); 5960 5961 MUTEX_LOCK(&dgraph_lock); 5962 initial_milestone_set = B_TRUE; 5963 err = pthread_cond_broadcast(&initial_milestone_cv); 5964 assert(err == 0); 5965 MUTEX_UNLOCK(&dgraph_lock); 5966 5967 libscf_populate_graph(h); 5968 5969 if (!st->st_initial) 5970 set_restart_milestone(h); 5971 5972 MUTEX_LOCK(&st->st_load_lock); 5973 st->st_load_complete = 1; 5974 (void) pthread_cond_broadcast(&st->st_load_cv); 5975 MUTEX_UNLOCK(&st->st_load_lock); 5976 5977 MUTEX_LOCK(&dgraph_lock); 5978 /* 5979 * Now that we've set st_load_complete we need to check can_come_up() 5980 * since if we booted to a milestone, then there won't be any more 5981 * state updates. 5982 */ 5983 if (!go_single_user_mode && !go_to_level1 && 5984 halting == -1) { 5985 if (!sulogin_thread_running && !can_come_up()) { 5986 (void) startd_thread_create(sulogin_thread, NULL); 5987 sulogin_thread_running = B_TRUE; 5988 } 5989 } 5990 MUTEX_UNLOCK(&dgraph_lock); 5991 5992 (void) pthread_mutex_lock(&gu->gu_freeze_lock); 5993 5994 /*CONSTCOND*/ 5995 while (1) { 5996 (void) pthread_cond_wait(&gu->gu_freeze_cv, 5997 &gu->gu_freeze_lock); 5998 } 5999 6000 /* 6001 * Unreachable for now -- there's currently no graceful cleanup 6002 * called on exit(). 6003 */ 6004 (void) pthread_mutex_unlock(&gu->gu_freeze_lock); 6005 scf_handle_destroy(h); 6006 6007 return (NULL); 6008 } 6009 6010 6011 /* 6012 * int next_action() 6013 * Given an array of timestamps 'a' with 'num' elements, find the 6014 * lowest non-zero timestamp and return its index. If there are no 6015 * non-zero elements, return -1. 6016 */ 6017 static int 6018 next_action(hrtime_t *a, int num) 6019 { 6020 hrtime_t t = 0; 6021 int i = 0, smallest = -1; 6022 6023 for (i = 0; i < num; i++) { 6024 if (t == 0) { 6025 t = a[i]; 6026 smallest = i; 6027 } else if (a[i] != 0 && a[i] < t) { 6028 t = a[i]; 6029 smallest = i; 6030 } 6031 } 6032 6033 if (t == 0) 6034 return (-1); 6035 else 6036 return (smallest); 6037 } 6038 6039 /* 6040 * void process_actions() 6041 * Process actions requested by the administrator. Possibilities include: 6042 * refresh, restart, maintenance mode off, maintenance mode on, 6043 * maintenance mode immediate, and degraded. 6044 * 6045 * The set of pending actions is represented in the repository as a 6046 * per-instance property group, with each action being a single property 6047 * in that group. This property group is converted to an array, with each 6048 * action type having an array slot. The actions in the array at the 6049 * time process_actions() is called are acted on in the order of the 6050 * timestamp (which is the value stored in the slot). A value of zero 6051 * indicates that there is no pending action of the type associated with 6052 * a particular slot. 6053 * 6054 * Sending an action event multiple times before the restarter has a 6055 * chance to process that action will force it to be run at the last 6056 * timestamp where it appears in the ordering. 6057 * 6058 * Turning maintenance mode on trumps all other actions. 6059 * 6060 * Returns 0 or ECONNABORTED. 6061 */ 6062 static int 6063 process_actions(scf_handle_t *h, scf_propertygroup_t *pg, scf_instance_t *inst) 6064 { 6065 scf_property_t *prop = NULL; 6066 scf_value_t *val = NULL; 6067 scf_type_t type; 6068 graph_vertex_t *vertex; 6069 admin_action_t a; 6070 int i, ret = 0, r; 6071 hrtime_t action_ts[NACTIONS]; 6072 char *inst_name; 6073 6074 r = libscf_instance_get_fmri(inst, &inst_name); 6075 switch (r) { 6076 case 0: 6077 break; 6078 6079 case ECONNABORTED: 6080 return (ECONNABORTED); 6081 6082 case ECANCELED: 6083 return (0); 6084 6085 default: 6086 bad_error("libscf_instance_get_fmri", r); 6087 } 6088 6089 MUTEX_LOCK(&dgraph_lock); 6090 6091 vertex = vertex_get_by_name(inst_name); 6092 if (vertex == NULL) { 6093 MUTEX_UNLOCK(&dgraph_lock); 6094 log_framework(LOG_DEBUG, "%s: Can't find graph vertex. " 6095 "The instance must have been removed.\n", inst_name); 6096 startd_free(inst_name, max_scf_fmri_size); 6097 return (0); 6098 } 6099 6100 prop = safe_scf_property_create(h); 6101 val = safe_scf_value_create(h); 6102 6103 for (i = 0; i < NACTIONS; i++) { 6104 if (scf_pg_get_property(pg, admin_actions[i], prop) != 0) { 6105 switch (scf_error()) { 6106 case SCF_ERROR_CONNECTION_BROKEN: 6107 default: 6108 ret = ECONNABORTED; 6109 goto out; 6110 6111 case SCF_ERROR_DELETED: 6112 goto out; 6113 6114 case SCF_ERROR_NOT_FOUND: 6115 action_ts[i] = 0; 6116 continue; 6117 6118 case SCF_ERROR_HANDLE_MISMATCH: 6119 case SCF_ERROR_INVALID_ARGUMENT: 6120 case SCF_ERROR_NOT_SET: 6121 bad_error("scf_pg_get_property", scf_error()); 6122 } 6123 } 6124 6125 if (scf_property_type(prop, &type) != 0) { 6126 switch (scf_error()) { 6127 case SCF_ERROR_CONNECTION_BROKEN: 6128 default: 6129 ret = ECONNABORTED; 6130 goto out; 6131 6132 case SCF_ERROR_DELETED: 6133 action_ts[i] = 0; 6134 continue; 6135 6136 case SCF_ERROR_NOT_SET: 6137 bad_error("scf_property_type", scf_error()); 6138 } 6139 } 6140 6141 if (type != SCF_TYPE_INTEGER) { 6142 action_ts[i] = 0; 6143 continue; 6144 } 6145 6146 if (scf_property_get_value(prop, val) != 0) { 6147 switch (scf_error()) { 6148 case SCF_ERROR_CONNECTION_BROKEN: 6149 default: 6150 ret = ECONNABORTED; 6151 goto out; 6152 6153 case SCF_ERROR_DELETED: 6154 goto out; 6155 6156 case SCF_ERROR_NOT_FOUND: 6157 case SCF_ERROR_CONSTRAINT_VIOLATED: 6158 action_ts[i] = 0; 6159 continue; 6160 6161 case SCF_ERROR_NOT_SET: 6162 case SCF_ERROR_PERMISSION_DENIED: 6163 bad_error("scf_property_get_value", 6164 scf_error()); 6165 } 6166 } 6167 6168 r = scf_value_get_integer(val, &action_ts[i]); 6169 assert(r == 0); 6170 } 6171 6172 a = ADMIN_EVENT_MAINT_ON_IMMEDIATE; 6173 if (action_ts[ADMIN_EVENT_MAINT_ON_IMMEDIATE] || 6174 action_ts[ADMIN_EVENT_MAINT_ON]) { 6175 a = action_ts[ADMIN_EVENT_MAINT_ON_IMMEDIATE] ? 6176 ADMIN_EVENT_MAINT_ON_IMMEDIATE : ADMIN_EVENT_MAINT_ON; 6177 6178 vertex_send_event(vertex, admin_events[a]); 6179 r = libscf_unset_action(h, pg, a, action_ts[a]); 6180 switch (r) { 6181 case 0: 6182 case EACCES: 6183 break; 6184 6185 case ECONNABORTED: 6186 ret = ECONNABORTED; 6187 goto out; 6188 6189 case EPERM: 6190 uu_die("Insufficient privilege.\n"); 6191 /* NOTREACHED */ 6192 6193 default: 6194 bad_error("libscf_unset_action", r); 6195 } 6196 } 6197 6198 while ((a = next_action(action_ts, NACTIONS)) != -1) { 6199 log_framework(LOG_DEBUG, 6200 "Graph: processing %s action for %s.\n", admin_actions[a], 6201 inst_name); 6202 6203 if (a == ADMIN_EVENT_REFRESH) { 6204 r = dgraph_refresh_instance(vertex, inst); 6205 switch (r) { 6206 case 0: 6207 case ECANCELED: 6208 case EINVAL: 6209 case -1: 6210 break; 6211 6212 case ECONNABORTED: 6213 /* pg & inst are reset now, so just return. */ 6214 ret = ECONNABORTED; 6215 goto out; 6216 6217 default: 6218 bad_error("dgraph_refresh_instance", r); 6219 } 6220 } 6221 6222 vertex_send_event(vertex, admin_events[a]); 6223 6224 r = libscf_unset_action(h, pg, a, action_ts[a]); 6225 switch (r) { 6226 case 0: 6227 case EACCES: 6228 break; 6229 6230 case ECONNABORTED: 6231 ret = ECONNABORTED; 6232 goto out; 6233 6234 case EPERM: 6235 uu_die("Insufficient privilege.\n"); 6236 /* NOTREACHED */ 6237 6238 default: 6239 bad_error("libscf_unset_action", r); 6240 } 6241 6242 action_ts[a] = 0; 6243 } 6244 6245 out: 6246 MUTEX_UNLOCK(&dgraph_lock); 6247 6248 scf_property_destroy(prop); 6249 scf_value_destroy(val); 6250 startd_free(inst_name, max_scf_fmri_size); 6251 return (ret); 6252 } 6253 6254 /* 6255 * inst and pg_name are scratch space, and are unset on entry. 6256 * Returns 6257 * 0 - success 6258 * ECONNRESET - success, but repository handle rebound 6259 * ECONNABORTED - repository connection broken 6260 */ 6261 static int 6262 process_pg_event(scf_handle_t *h, scf_propertygroup_t *pg, scf_instance_t *inst, 6263 char *pg_name) 6264 { 6265 int r; 6266 scf_property_t *prop; 6267 scf_value_t *val; 6268 char *fmri; 6269 boolean_t rebound = B_FALSE, rebind_inst = B_FALSE; 6270 6271 if (scf_pg_get_name(pg, pg_name, max_scf_value_size) < 0) { 6272 switch (scf_error()) { 6273 case SCF_ERROR_CONNECTION_BROKEN: 6274 default: 6275 return (ECONNABORTED); 6276 6277 case SCF_ERROR_DELETED: 6278 return (0); 6279 6280 case SCF_ERROR_NOT_SET: 6281 bad_error("scf_pg_get_name", scf_error()); 6282 } 6283 } 6284 6285 if (strcmp(pg_name, SCF_PG_GENERAL) == 0 || 6286 strcmp(pg_name, SCF_PG_GENERAL_OVR) == 0) { 6287 r = dgraph_update_general(pg); 6288 switch (r) { 6289 case 0: 6290 case ENOTSUP: 6291 case ECANCELED: 6292 return (0); 6293 6294 case ECONNABORTED: 6295 return (ECONNABORTED); 6296 6297 case -1: 6298 /* Error should have been logged. */ 6299 return (0); 6300 6301 default: 6302 bad_error("dgraph_update_general", r); 6303 } 6304 } else if (strcmp(pg_name, SCF_PG_RESTARTER_ACTIONS) == 0) { 6305 if (scf_pg_get_parent_instance(pg, inst) != 0) { 6306 switch (scf_error()) { 6307 case SCF_ERROR_CONNECTION_BROKEN: 6308 return (ECONNABORTED); 6309 6310 case SCF_ERROR_DELETED: 6311 case SCF_ERROR_CONSTRAINT_VIOLATED: 6312 /* Ignore commands on services. */ 6313 return (0); 6314 6315 case SCF_ERROR_NOT_BOUND: 6316 case SCF_ERROR_HANDLE_MISMATCH: 6317 case SCF_ERROR_NOT_SET: 6318 default: 6319 bad_error("scf_pg_get_parent_instance", 6320 scf_error()); 6321 } 6322 } 6323 6324 return (process_actions(h, pg, inst)); 6325 } 6326 6327 if (strcmp(pg_name, SCF_PG_OPTIONS) != 0 && 6328 strcmp(pg_name, SCF_PG_OPTIONS_OVR) != 0) 6329 return (0); 6330 6331 /* 6332 * We only care about the options[_ovr] property groups of our own 6333 * instance, so get the fmri and compare. Plus, once we know it's 6334 * correct, if the repository connection is broken we know exactly what 6335 * property group we were operating on, and can look it up again. 6336 */ 6337 if (scf_pg_get_parent_instance(pg, inst) != 0) { 6338 switch (scf_error()) { 6339 case SCF_ERROR_CONNECTION_BROKEN: 6340 return (ECONNABORTED); 6341 6342 case SCF_ERROR_DELETED: 6343 case SCF_ERROR_CONSTRAINT_VIOLATED: 6344 return (0); 6345 6346 case SCF_ERROR_HANDLE_MISMATCH: 6347 case SCF_ERROR_NOT_BOUND: 6348 case SCF_ERROR_NOT_SET: 6349 default: 6350 bad_error("scf_pg_get_parent_instance", 6351 scf_error()); 6352 } 6353 } 6354 6355 switch (r = libscf_instance_get_fmri(inst, &fmri)) { 6356 case 0: 6357 break; 6358 6359 case ECONNABORTED: 6360 return (ECONNABORTED); 6361 6362 case ECANCELED: 6363 return (0); 6364 6365 default: 6366 bad_error("libscf_instance_get_fmri", r); 6367 } 6368 6369 if (strcmp(fmri, SCF_SERVICE_STARTD) != 0) { 6370 startd_free(fmri, max_scf_fmri_size); 6371 return (0); 6372 } 6373 6374 prop = safe_scf_property_create(h); 6375 val = safe_scf_value_create(h); 6376 6377 if (strcmp(pg_name, SCF_PG_OPTIONS_OVR) == 0) { 6378 /* See if we need to set the runlevel. */ 6379 /* CONSTCOND */ 6380 if (0) { 6381 rebind_pg: 6382 libscf_handle_rebind(h); 6383 rebound = B_TRUE; 6384 6385 r = libscf_lookup_instance(SCF_SERVICE_STARTD, inst); 6386 switch (r) { 6387 case 0: 6388 break; 6389 6390 case ECONNABORTED: 6391 goto rebind_pg; 6392 6393 case ENOENT: 6394 goto out; 6395 6396 case EINVAL: 6397 case ENOTSUP: 6398 bad_error("libscf_lookup_instance", r); 6399 } 6400 6401 if (scf_instance_get_pg(inst, pg_name, pg) != 0) { 6402 switch (scf_error()) { 6403 case SCF_ERROR_DELETED: 6404 case SCF_ERROR_NOT_FOUND: 6405 goto out; 6406 6407 case SCF_ERROR_CONNECTION_BROKEN: 6408 goto rebind_pg; 6409 6410 case SCF_ERROR_HANDLE_MISMATCH: 6411 case SCF_ERROR_NOT_BOUND: 6412 case SCF_ERROR_NOT_SET: 6413 case SCF_ERROR_INVALID_ARGUMENT: 6414 default: 6415 bad_error("scf_instance_get_pg", 6416 scf_error()); 6417 } 6418 } 6419 } 6420 6421 if (scf_pg_get_property(pg, "runlevel", prop) == 0) { 6422 r = dgraph_set_runlevel(pg, prop); 6423 switch (r) { 6424 case ECONNRESET: 6425 rebound = B_TRUE; 6426 rebind_inst = B_TRUE; 6427 /* FALLTHROUGH */ 6428 6429 case 0: 6430 break; 6431 6432 case ECONNABORTED: 6433 goto rebind_pg; 6434 6435 case ECANCELED: 6436 goto out; 6437 6438 default: 6439 bad_error("dgraph_set_runlevel", r); 6440 } 6441 } else { 6442 switch (scf_error()) { 6443 case SCF_ERROR_CONNECTION_BROKEN: 6444 default: 6445 goto rebind_pg; 6446 6447 case SCF_ERROR_DELETED: 6448 goto out; 6449 6450 case SCF_ERROR_NOT_FOUND: 6451 break; 6452 6453 case SCF_ERROR_INVALID_ARGUMENT: 6454 case SCF_ERROR_HANDLE_MISMATCH: 6455 case SCF_ERROR_NOT_BOUND: 6456 case SCF_ERROR_NOT_SET: 6457 bad_error("scf_pg_get_property", scf_error()); 6458 } 6459 } 6460 } 6461 6462 if (rebind_inst) { 6463 lookup_inst: 6464 r = libscf_lookup_instance(SCF_SERVICE_STARTD, inst); 6465 switch (r) { 6466 case 0: 6467 break; 6468 6469 case ECONNABORTED: 6470 libscf_handle_rebind(h); 6471 rebound = B_TRUE; 6472 goto lookup_inst; 6473 6474 case ENOENT: 6475 goto out; 6476 6477 case EINVAL: 6478 case ENOTSUP: 6479 bad_error("libscf_lookup_instance", r); 6480 } 6481 } 6482 6483 r = libscf_get_milestone(inst, prop, val, fmri, max_scf_fmri_size); 6484 switch (r) { 6485 case 0: 6486 break; 6487 6488 case ECONNABORTED: 6489 libscf_handle_rebind(h); 6490 rebound = B_TRUE; 6491 goto lookup_inst; 6492 6493 case EINVAL: 6494 log_error(LOG_NOTICE, 6495 "%s/%s property of %s is misconfigured.\n", pg_name, 6496 SCF_PROPERTY_MILESTONE, SCF_SERVICE_STARTD); 6497 /* FALLTHROUGH */ 6498 6499 case ECANCELED: 6500 case ENOENT: 6501 (void) strcpy(fmri, "all"); 6502 break; 6503 6504 default: 6505 bad_error("libscf_get_milestone", r); 6506 } 6507 6508 r = dgraph_set_milestone(fmri, h, B_FALSE); 6509 switch (r) { 6510 case 0: 6511 case ECONNRESET: 6512 case EALREADY: 6513 break; 6514 6515 case EINVAL: 6516 log_error(LOG_WARNING, "Milestone %s is invalid.\n", fmri); 6517 break; 6518 6519 case ENOENT: 6520 log_error(LOG_WARNING, "Milestone %s does not exist.\n", fmri); 6521 break; 6522 6523 default: 6524 bad_error("dgraph_set_milestone", r); 6525 } 6526 6527 out: 6528 startd_free(fmri, max_scf_fmri_size); 6529 scf_value_destroy(val); 6530 scf_property_destroy(prop); 6531 6532 return (rebound ? ECONNRESET : 0); 6533 } 6534 6535 /* 6536 * process_delete() deletes an instance from the dgraph if 'fmri' is an 6537 * instance fmri or if 'fmri' matches the 'general' property group of an 6538 * instance (or the 'general/enabled' property). 6539 * 6540 * 'fmri' may be overwritten and cannot be trusted on return by the caller. 6541 */ 6542 static void 6543 process_delete(char *fmri, scf_handle_t *h) 6544 { 6545 char *lfmri, *end_inst_fmri; 6546 const char *inst_name = NULL; 6547 const char *pg_name = NULL; 6548 const char *prop_name = NULL; 6549 6550 lfmri = safe_strdup(fmri); 6551 6552 /* Determine if the FMRI is a property group or instance */ 6553 if (scf_parse_svc_fmri(lfmri, NULL, NULL, &inst_name, &pg_name, 6554 &prop_name) != SCF_SUCCESS) { 6555 log_error(LOG_WARNING, 6556 "Received invalid FMRI \"%s\" from repository server.\n", 6557 fmri); 6558 } else if (inst_name != NULL && pg_name == NULL) { 6559 (void) dgraph_remove_instance(fmri, h); 6560 } else if (inst_name != NULL && pg_name != NULL) { 6561 /* 6562 * If we're deleting the 'general' property group or 6563 * 'general/enabled' property then the whole instance 6564 * must be removed from the dgraph. 6565 */ 6566 if (strcmp(pg_name, SCF_PG_GENERAL) != 0) { 6567 free(lfmri); 6568 return; 6569 } 6570 6571 if (prop_name != NULL && 6572 strcmp(prop_name, SCF_PROPERTY_ENABLED) != 0) { 6573 free(lfmri); 6574 return; 6575 } 6576 6577 /* 6578 * Because the instance has already been deleted from the 6579 * repository, we cannot use any scf_ functions to retrieve 6580 * the instance FMRI however we can easily reconstruct it 6581 * manually. 6582 */ 6583 end_inst_fmri = strstr(fmri, SCF_FMRI_PROPERTYGRP_PREFIX); 6584 if (end_inst_fmri == NULL) 6585 bad_error("process_delete", 0); 6586 6587 end_inst_fmri[0] = '\0'; 6588 6589 (void) dgraph_remove_instance(fmri, h); 6590 } 6591 6592 free(lfmri); 6593 } 6594 6595 /*ARGSUSED*/ 6596 void * 6597 repository_event_thread(void *unused) 6598 { 6599 scf_handle_t *h; 6600 scf_propertygroup_t *pg; 6601 scf_instance_t *inst; 6602 char *fmri = startd_alloc(max_scf_fmri_size); 6603 char *pg_name = startd_alloc(max_scf_value_size); 6604 int r; 6605 6606 h = libscf_handle_create_bound_loop(); 6607 6608 pg = safe_scf_pg_create(h); 6609 inst = safe_scf_instance_create(h); 6610 6611 retry: 6612 if (_scf_notify_add_pgtype(h, SCF_GROUP_FRAMEWORK) != SCF_SUCCESS) { 6613 if (scf_error() == SCF_ERROR_CONNECTION_BROKEN) { 6614 libscf_handle_rebind(h); 6615 } else { 6616 log_error(LOG_WARNING, 6617 "Couldn't set up repository notification " 6618 "for property group type %s: %s\n", 6619 SCF_GROUP_FRAMEWORK, scf_strerror(scf_error())); 6620 6621 (void) sleep(1); 6622 } 6623 6624 goto retry; 6625 } 6626 6627 /*CONSTCOND*/ 6628 while (1) { 6629 ssize_t res; 6630 6631 /* Note: fmri is only set on delete events. */ 6632 res = _scf_notify_wait(pg, fmri, max_scf_fmri_size); 6633 if (res < 0) { 6634 libscf_handle_rebind(h); 6635 goto retry; 6636 } else if (res == 0) { 6637 /* 6638 * property group modified. inst and pg_name are 6639 * pre-allocated scratch space. 6640 */ 6641 if (scf_pg_update(pg) < 0) { 6642 switch (scf_error()) { 6643 case SCF_ERROR_DELETED: 6644 continue; 6645 6646 case SCF_ERROR_CONNECTION_BROKEN: 6647 log_error(LOG_WARNING, 6648 "Lost repository event due to " 6649 "disconnection.\n"); 6650 libscf_handle_rebind(h); 6651 goto retry; 6652 6653 case SCF_ERROR_NOT_BOUND: 6654 case SCF_ERROR_NOT_SET: 6655 default: 6656 bad_error("scf_pg_update", scf_error()); 6657 } 6658 } 6659 6660 r = process_pg_event(h, pg, inst, pg_name); 6661 switch (r) { 6662 case 0: 6663 break; 6664 6665 case ECONNABORTED: 6666 log_error(LOG_WARNING, "Lost repository event " 6667 "due to disconnection.\n"); 6668 libscf_handle_rebind(h); 6669 /* FALLTHROUGH */ 6670 6671 case ECONNRESET: 6672 goto retry; 6673 6674 default: 6675 bad_error("process_pg_event", r); 6676 } 6677 } else { 6678 /* 6679 * Service, instance, or pg deleted. 6680 * Don't trust fmri on return. 6681 */ 6682 process_delete(fmri, h); 6683 } 6684 } 6685 6686 /*NOTREACHED*/ 6687 return (NULL); 6688 } 6689 6690 void 6691 graph_engine_start() 6692 { 6693 int err; 6694 6695 (void) startd_thread_create(graph_thread, NULL); 6696 6697 MUTEX_LOCK(&dgraph_lock); 6698 while (!initial_milestone_set) { 6699 err = pthread_cond_wait(&initial_milestone_cv, &dgraph_lock); 6700 assert(err == 0); 6701 } 6702 MUTEX_UNLOCK(&dgraph_lock); 6703 6704 (void) startd_thread_create(repository_event_thread, NULL); 6705 (void) startd_thread_create(graph_event_thread, NULL); 6706 } 6707
Indexes created Wed Feb 10 04:24:43 UTC 2010
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Site Map |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
© 2010, Oracle Corporation and/or its affiliates
