Print this page
14249 pseudo-terminal nomenclature should reflect POSIX
Change-Id: Ib4a3cef899ff4c71b09cb0dc6878863c5e8357bc
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/zoneadmd/zcons.c
+++ new/usr/src/cmd/zoneadmd/zcons.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
24 24 * Use is subject to license terms.
25 25 * Copyright 2012 Joyent, Inc. All rights reserved.
26 26 * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
27 27 */
28 28
29 29 /*
30 30 * Console support for zones requires a significant infrastructure. The
31 31 * core pieces are contained in this file, but other portions of note
32 32 * are in the zlogin(1M) command, the zcons(7D) driver, and in the
33 33 * devfsadm(1M) misc_link generator.
34 34 *
35 35 * Care is taken to make the console behave in an "intuitive" fashion for
36 36 * administrators. Essentially, we try as much as possible to mimic the
37 37 * experience of using a system via a tip line and system controller.
38 38 *
39 39 * The zone console architecture looks like this:
40 40 *
41 41 * Global Zone | Non-Global Zone
42 42 * .--------------. |
43 43 * .-----------. | zoneadmd -z | | .--------. .---------.
44 44 * | zlogin -C | | myzone | | | ttymon | | syslogd |
45 45 * `-----------' `--------------' | `--------' `---------'
46 46 * | | | | | | |
47 47 * User | | | | | V V
48 48 * - - - - - - - - -|- - - -|- - - -|-|- - - - - - -|- - /dev/zconsole - - -
49 49 * Kernel V V | | |
|
↓ open down ↓ |
49 lines elided |
↑ open up ↑ |
50 50 * [AF_UNIX Socket] | `--------. .-------------'
51 51 * | | |
52 52 * | V V
53 53 * | +-----------+
54 54 * | | ldterm, |
55 55 * | | etc. |
56 56 * | +-----------+
57 57 * | +-[Anchor]--+
58 58 * | | ptem |
59 59 * V +-----------+
60 - * +---master---+---slave---+
60 + * +---manager--+-subsidiary+
61 61 * | |
62 62 * | zcons driver |
63 63 * | zonename="myzone" |
64 64 * +------------------------+
65 65 *
66 66 * There are basically two major tasks which the console subsystem in
67 67 * zoneadmd accomplishes:
68 68 *
69 69 * - Setup and teardown of zcons driver instances. One zcons instance
70 70 * is maintained per zone; we take advantage of the libdevice APIs
71 71 * to online new instances of zcons as needed. Care is taken to
72 72 * prune and manage these appropriately; see init_console_dev() and
73 73 * destroy_console_dev(). The end result is the creation of the
74 - * zcons(7D) instance and an open file descriptor to the master side.
74 + * zcons(7D) instance and an open file descriptor to the manager side.
75 75 * zcons instances are associated with zones via their zonename device
76 76 * property. This the console instance to persist across reboots,
77 77 * and while the zone is halted.
78 78 *
79 79 * - Acting as a server for 'zlogin -C' instances. When zlogin -C is
80 80 * run, zlogin connects to zoneadmd via unix domain socket. zoneadmd
81 81 * functions as a two-way proxy for console I/O, relaying user input
82 - * to the master side of the console, and relaying output from the
82 + * to the manager side of the console, and relaying output from the
83 83 * zone to the user.
84 84 */
85 85
86 86 #include <sys/types.h>
87 87 #include <sys/socket.h>
88 88 #include <sys/stat.h>
89 89 #include <sys/termios.h>
90 90 #include <sys/zcons.h>
91 91 #include <sys/mkdev.h>
92 92
93 93 #include <assert.h>
94 94 #include <ctype.h>
95 95 #include <errno.h>
96 96 #include <fcntl.h>
97 97 #include <stdarg.h>
98 98 #include <stdio.h>
99 99 #include <stdlib.h>
100 100 #include <strings.h>
101 101 #include <stropts.h>
102 102 #include <thread.h>
103 103 #include <ucred.h>
104 104 #include <unistd.h>
105 105 #include <zone.h>
106 106
107 107 #include <libdevinfo.h>
108 108 #include <libdevice.h>
109 109 #include <libzonecfg.h>
110 110
111 111 #include <syslog.h>
112 112 #include <sys/modctl.h>
113 113
114 114 #include "zoneadmd.h"
115 115
116 116 #define ZCONSNEX_DEVTREEPATH "/pseudo/zconsnex@1"
117 117 #define ZCONSNEX_FILEPATH "/devices/pseudo/zconsnex@1"
118 118
119 119 #define CONSOLE_SOCKPATH ZONES_TMPDIR "/%s.console_sock"
120 120
121 121 static int serverfd = -1; /* console server unix domain socket fd */
122 122 char boot_args[BOOTARGS_MAX];
123 123 char bad_boot_arg[BOOTARGS_MAX];
124 124
125 125 /*
126 126 * The eventstream is a simple one-directional flow of messages from the
127 127 * door server to the console subsystem, implemented with a pipe.
128 128 * It is used to wake up the console poller when it needs to take action,
129 129 * message the user, die off, etc.
130 130 */
131 131 static int eventstream[2];
132 132
133 133
134 134
135 135 int
136 136 eventstream_init()
137 137 {
138 138 if (pipe(eventstream) == -1)
139 139 return (-1);
140 140 return (0);
141 141 }
142 142
143 143 void
144 144 eventstream_write(zone_evt_t evt)
145 145 {
146 146 (void) write(eventstream[0], &evt, sizeof (evt));
147 147 }
148 148
149 149 static zone_evt_t
150 150 eventstream_read(void)
151 151 {
152 152 zone_evt_t evt = Z_EVT_NULL;
153 153
154 154 (void) read(eventstream[1], &evt, sizeof (evt));
155 155 return (evt);
156 156 }
157 157
158 158 /*
159 159 * count_console_devs() and its helper count_cb() do a walk of the
160 160 * subtree of the device tree where zone console nodes are represented.
161 161 * The goal is to count zone console instances already setup for a zone
162 162 * with the given name. More than 1 is anomolous, and our caller will
163 163 * have to deal with that if we find that's the case.
164 164 *
165 165 * Note: this algorithm is a linear search of nodes in the zconsnex subtree
166 166 * of the device tree, and could be a scalability problem, but I don't see
167 167 * how to avoid it.
168 168 */
169 169
170 170 /*
171 171 * cb_data is shared by count_cb and destroy_cb for simplicity.
172 172 */
173 173 struct cb_data {
174 174 zlog_t *zlogp;
175 175 int found;
176 176 int killed;
177 177 };
178 178
179 179 static int
180 180 count_cb(di_node_t node, void *arg)
181 181 {
182 182 struct cb_data *cb = (struct cb_data *)arg;
183 183 char *prop_data;
184 184
185 185 if (di_prop_lookup_strings(DDI_DEV_T_ANY, node, "zonename",
186 186 &prop_data) != -1) {
187 187 assert(prop_data != NULL);
188 188 if (strcmp(prop_data, zone_name) == 0) {
189 189 cb->found++;
190 190 return (DI_WALK_CONTINUE);
191 191 }
192 192 }
193 193 return (DI_WALK_CONTINUE);
194 194 }
195 195
196 196 static int
197 197 count_console_devs(zlog_t *zlogp)
198 198 {
199 199 di_node_t root;
200 200 struct cb_data cb;
201 201
202 202 bzero(&cb, sizeof (cb));
203 203 cb.zlogp = zlogp;
204 204
205 205 if ((root = di_init(ZCONSNEX_DEVTREEPATH, DINFOCPYALL)) ==
206 206 DI_NODE_NIL) {
207 207 zerror(zlogp, B_TRUE, "%s failed", "di_init");
208 208 return (-1);
209 209 }
210 210
211 211 (void) di_walk_node(root, DI_WALK_CLDFIRST, (void *)&cb, count_cb);
212 212 di_fini(root);
213 213 return (cb.found);
214 214 }
215 215
216 216 /*
217 217 * destroy_console_devs() and its helper destroy_cb() tears down any console
218 218 * instances associated with this zone. If things went very wrong, we
219 219 * might have more than one console instance hanging around. This routine
220 220 * hunts down and tries to remove all of them. Of course, if the console
221 221 * is open, the instance will not detach, which is a potential issue.
222 222 */
223 223 static int
224 224 destroy_cb(di_node_t node, void *arg)
225 225 {
226 226 struct cb_data *cb = (struct cb_data *)arg;
227 227 char *prop_data;
228 228 char *tmp;
229 229 char devpath[MAXPATHLEN];
230 230 devctl_hdl_t hdl;
231 231
232 232 if (di_prop_lookup_strings(DDI_DEV_T_ANY, node, "zonename",
233 233 &prop_data) == -1)
234 234 return (DI_WALK_CONTINUE);
235 235
236 236 assert(prop_data != NULL);
237 237 if (strcmp(prop_data, zone_name) != 0) {
238 238 /* this is the console for a different zone */
239 239 return (DI_WALK_CONTINUE);
240 240 }
241 241
242 242 cb->found++;
243 243 tmp = di_devfs_path(node);
244 244 (void) snprintf(devpath, sizeof (devpath), "/devices/%s", tmp);
245 245 di_devfs_path_free(tmp);
246 246
247 247 if ((hdl = devctl_device_acquire(devpath, 0)) == NULL) {
248 248 zerror(cb->zlogp, B_TRUE, "WARNING: console %s found, "
249 249 "but it could not be controlled.", devpath);
250 250 return (DI_WALK_CONTINUE);
251 251 }
252 252 if (devctl_device_remove(hdl) == 0) {
253 253 cb->killed++;
254 254 } else {
255 255 zerror(cb->zlogp, B_TRUE, "WARNING: console %s found, "
256 256 "but it could not be removed.", devpath);
257 257 }
|
↓ open down ↓ |
165 lines elided |
↑ open up ↑ |
258 258 devctl_release(hdl);
259 259 return (DI_WALK_CONTINUE);
260 260 }
261 261
262 262 static int
263 263 destroy_console_devs(zlog_t *zlogp)
264 264 {
265 265 char conspath[MAXPATHLEN];
266 266 di_node_t root;
267 267 struct cb_data cb;
268 - int masterfd;
269 - int slavefd;
268 + int managerfd;
269 + int subfd;
270 270
271 271 /*
272 - * Signal the master side to release its handle on the slave side by
273 - * issuing a ZC_RELEASESLAVE ioctl.
272 + * Signal the manager side to release its handle on the subsidiary side
273 + * by issuing a ZC_RELEASESUBSID ioctl.
274 274 */
275 275 (void) snprintf(conspath, sizeof (conspath), "/dev/zcons/%s/%s",
276 - zone_name, ZCONS_MASTER_NAME);
277 - if ((masterfd = open(conspath, O_RDWR | O_NOCTTY)) != -1) {
276 + zone_name, ZCONS_MANAGER_NAME);
277 + if ((managerfd = open(conspath, O_RDWR | O_NOCTTY)) != -1) {
278 278 (void) snprintf(conspath, sizeof (conspath), "/dev/zcons/%s/%s",
279 - zone_name, ZCONS_SLAVE_NAME);
280 - if ((slavefd = open(conspath, O_RDWR | O_NOCTTY)) != -1) {
281 - if (ioctl(masterfd, ZC_RELEASESLAVE,
282 - (caddr_t)(intptr_t)slavefd) != 0)
279 + zone_name, ZCONS_SUBSIDIARY_NAME);
280 + if ((subfd = open(conspath, O_RDWR | O_NOCTTY)) != -1) {
281 + if (ioctl(managerfd, ZC_RELEASESUBSID,
282 + (caddr_t)(intptr_t)subfd) != 0)
283 283 zerror(zlogp, B_TRUE, "WARNING: error while "
284 - "releasing slave handle of zone console for"
285 - " %s", zone_name);
286 - (void) close(slavefd);
284 + "releasing subsidiary handle of zone "
285 + "console for %s", zone_name);
286 + (void) close(subfd);
287 287 } else {
288 - zerror(zlogp, B_TRUE, "WARNING: could not open slave "
289 - "side of zone console for %s to release slave "
290 - "handle", zone_name);
288 + zerror(zlogp, B_TRUE, "WARNING: could not open "
289 + "subsidiary side of zone console for %s to "
290 + "release subsidiary handle", zone_name);
291 291 }
292 - (void) close(masterfd);
292 + (void) close(managerfd);
293 293 } else {
294 - zerror(zlogp, B_TRUE, "WARNING: could not open master side of "
295 - "zone console for %s to release slave handle", zone_name);
294 + zerror(zlogp, B_TRUE, "WARNING: could not open manager side of "
295 + "zone console for %s to release subsidiary handle",
296 + zone_name);
296 297 }
297 298
298 299 bzero(&cb, sizeof (cb));
299 300 cb.zlogp = zlogp;
300 301
301 302 if ((root = di_init(ZCONSNEX_DEVTREEPATH, DINFOCPYALL)) ==
302 303 DI_NODE_NIL) {
303 304 zerror(zlogp, B_TRUE, "%s failed", "di_init");
304 305 return (-1);
305 306 }
306 307
307 308 (void) di_walk_node(root, DI_WALK_CLDFIRST, (void *)&cb, destroy_cb);
308 309 if (cb.found > 1) {
309 310 zerror(zlogp, B_FALSE, "WARNING: multiple zone console "
310 311 "instances detected for zone '%s'; %d of %d "
311 312 "successfully removed.",
312 313 zone_name, cb.killed, cb.found);
313 314 }
314 315
315 316 di_fini(root);
|
↓ open down ↓ |
10 lines elided |
↑ open up ↑ |
316 317 return (0);
317 318 }
318 319
319 320 /*
320 321 * init_console_dev() drives the device-tree configuration of the zone
321 322 * console device. The general strategy is to use the libdevice (devctl)
322 323 * interfaces to instantiate a new zone console node. We do a lot of
323 324 * sanity checking, and are careful to reuse a console if one exists.
324 325 *
325 326 * Once the device is in the device tree, we kick devfsadm via di_init_devs()
326 - * to ensure that the appropriate symlinks (to the master and slave console
327 - * devices) are placed in /dev in the global zone.
327 + * to ensure that the appropriate symlinks (to the manager and subsidiary
328 + * console devices) are placed in /dev in the global zone.
328 329 */
329 330 static int
330 331 init_console_dev(zlog_t *zlogp)
331 332 {
332 333 char conspath[MAXPATHLEN];
333 334 devctl_hdl_t bus_hdl = NULL;
334 335 devctl_hdl_t dev_hdl = NULL;
335 336 devctl_ddef_t ddef_hdl = NULL;
336 337 di_devlink_handle_t dl = NULL;
337 338 int rv = -1;
338 339 int ndevs;
339 - int masterfd;
340 - int slavefd;
340 + int managerfd;
341 + int subfd;
341 342 int i;
342 343
343 344 /*
344 345 * Don't re-setup console if it is working and ready already; just
345 346 * skip ahead to making devlinks, which we do for sanity's sake.
346 347 */
347 348 ndevs = count_console_devs(zlogp);
348 349 if (ndevs == 1) {
349 350 goto devlinks;
350 351 } else if (ndevs > 1 || ndevs == -1) {
351 352 /*
352 353 * For now, this seems like a reasonable but harsh punishment.
353 354 * If needed, we could try to get clever and delete all but
354 355 * the console which is pointed at by the current symlink.
355 356 */
356 357 if (destroy_console_devs(zlogp) == -1) {
357 358 goto error;
358 359 }
359 360 }
360 361
361 362 /*
362 363 * Time to make the consoles!
363 364 */
364 365 if ((bus_hdl = devctl_bus_acquire(ZCONSNEX_FILEPATH, 0)) == NULL) {
365 366 zerror(zlogp, B_TRUE, "%s failed", "devctl_bus_acquire");
366 367 goto error;
367 368 }
368 369 if ((ddef_hdl = devctl_ddef_alloc("zcons", 0)) == NULL) {
369 370 zerror(zlogp, B_TRUE, "failed to allocate ddef handle");
370 371 goto error;
371 372 }
372 373 /*
373 374 * Set three properties on this node; the first is the name of the
374 375 * zone; the second is a flag which lets pseudo know that it is
375 376 * OK to automatically allocate an instance # for this device;
376 377 * the third tells the device framework not to auto-detach this
377 378 * node-- we need the node to still be there when we ask devfsadmd
378 379 * to make links, and when we need to open it.
379 380 */
380 381 if (devctl_ddef_string(ddef_hdl, "zonename", zone_name) == -1) {
381 382 zerror(zlogp, B_TRUE, "failed to create zonename property");
382 383 goto error;
383 384 }
384 385 if (devctl_ddef_int(ddef_hdl, "auto-assign-instance", 1) == -1) {
385 386 zerror(zlogp, B_TRUE, "failed to create auto-assign-instance "
386 387 "property");
387 388 goto error;
388 389 }
389 390 if (devctl_ddef_int(ddef_hdl, "ddi-no-autodetach", 1) == -1) {
390 391 zerror(zlogp, B_TRUE, "failed to create ddi-no-auto-detach "
391 392 "property");
392 393 goto error;
393 394 }
394 395 if (devctl_bus_dev_create(bus_hdl, ddef_hdl, 0, &dev_hdl) == -1) {
395 396 zerror(zlogp, B_TRUE, "failed to create console node");
396 397 goto error;
397 398 }
|
↓ open down ↓ |
47 lines elided |
↑ open up ↑ |
398 399
399 400 devlinks:
400 401 if ((dl = di_devlink_init("zcons", DI_MAKE_LINK)) != NULL) {
401 402 (void) di_devlink_fini(&dl);
402 403 } else {
403 404 zerror(zlogp, B_TRUE, "failed to create devlinks");
404 405 goto error;
405 406 }
406 407
407 408 /*
408 - * Open the master side of the console and issue the ZC_HOLDSLAVE ioctl,
409 - * which will cause the master to retain a reference to the slave.
410 - * This prevents ttymon from blowing through the slave's STREAMS anchor.
409 + * Open the manager side of the console and issue the ZC_HOLDSUBSID
410 + * ioctl, which will cause the manager to retain a reference to the
411 + * subsidiary. This prevents ttymon from blowing through the
412 + * subsidiary's STREAMS anchor.
411 413 */
412 414 (void) snprintf(conspath, sizeof (conspath), "/dev/zcons/%s/%s",
413 - zone_name, ZCONS_MASTER_NAME);
414 - if ((masterfd = open(conspath, O_RDWR | O_NOCTTY)) == -1) {
415 - zerror(zlogp, B_TRUE, "ERROR: could not open master side of "
416 - "zone console for %s to acquire slave handle", zone_name);
415 + zone_name, ZCONS_MANAGER_NAME);
416 + if ((managerfd = open(conspath, O_RDWR | O_NOCTTY)) == -1) {
417 + zerror(zlogp, B_TRUE, "ERROR: could not open manager side of "
418 + "zone console for %s to acquire subsidiary handle",
419 + zone_name);
417 420 goto error;
418 421 }
419 422 (void) snprintf(conspath, sizeof (conspath), "/dev/zcons/%s/%s",
420 - zone_name, ZCONS_SLAVE_NAME);
421 - if ((slavefd = open(conspath, O_RDWR | O_NOCTTY)) == -1) {
422 - zerror(zlogp, B_TRUE, "ERROR: could not open slave side of zone"
423 - " console for %s to acquire slave handle", zone_name);
424 - (void) close(masterfd);
423 + zone_name, ZCONS_SUBSIDIARY_NAME);
424 + if ((subfd = open(conspath, O_RDWR | O_NOCTTY)) == -1) {
425 + zerror(zlogp, B_TRUE, "ERROR: could not open subsidiary side "
426 + "of zone console for %s to acquire subsidiary handle",
427 + zone_name);
428 + (void) close(managerfd);
425 429 goto error;
426 430 }
427 431 /*
428 432 * This ioctl can occasionally return ENXIO if devfs doesn't have
429 433 * everything plumbed up yet due to heavy zone startup load. Wait for
430 434 * 1 sec. and retry a few times before we fail to boot the zone.
431 435 */
432 436 for (i = 0; i < 5; i++) {
433 - if (ioctl(masterfd, ZC_HOLDSLAVE, (caddr_t)(intptr_t)slavefd)
437 + if (ioctl(managerfd, ZC_HOLDSUBSID, (caddr_t)(intptr_t)subfd)
434 438 == 0) {
435 439 rv = 0;
436 440 break;
437 441 } else if (errno != ENXIO) {
438 442 break;
439 443 }
440 444 (void) sleep(1);
441 445 }
442 446 if (rv != 0)
443 - zerror(zlogp, B_TRUE, "ERROR: error while acquiring slave "
444 - "handle of zone console for %s", zone_name);
447 + zerror(zlogp, B_TRUE, "ERROR: error while acquiring "
448 + "subsidiary handle of zone console for %s", zone_name);
445 449
446 - (void) close(slavefd);
447 - (void) close(masterfd);
450 + (void) close(subfd);
451 + (void) close(managerfd);
448 452
449 453 error:
450 454 if (ddef_hdl)
451 455 devctl_ddef_free(ddef_hdl);
452 456 if (bus_hdl)
453 457 devctl_release(bus_hdl);
454 458 if (dev_hdl)
455 459 devctl_release(dev_hdl);
456 460 return (rv);
457 461 }
458 462
459 463 static int
460 464 init_console_sock(zlog_t *zlogp)
461 465 {
462 466 int servfd;
463 467 struct sockaddr_un servaddr;
464 468
465 469 bzero(&servaddr, sizeof (servaddr));
466 470 servaddr.sun_family = AF_UNIX;
467 471 (void) snprintf(servaddr.sun_path, sizeof (servaddr.sun_path),
468 472 CONSOLE_SOCKPATH, zone_name);
469 473
470 474 if ((servfd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
471 475 zerror(zlogp, B_TRUE, "console setup: could not create socket");
472 476 return (-1);
473 477 }
474 478 (void) unlink(servaddr.sun_path);
475 479
476 480 if (bind(servfd, (struct sockaddr *)&servaddr,
477 481 sizeof (servaddr)) == -1) {
478 482 zerror(zlogp, B_TRUE,
479 483 "console setup: could not bind to socket");
480 484 goto out;
481 485 }
482 486
483 487 if (listen(servfd, 4) == -1) {
484 488 zerror(zlogp, B_TRUE,
485 489 "console setup: could not listen on socket");
486 490 goto out;
487 491 }
488 492 return (servfd);
489 493
490 494 out:
491 495 (void) unlink(servaddr.sun_path);
492 496 (void) close(servfd);
493 497 return (-1);
494 498 }
495 499
496 500 static void
497 501 destroy_console_sock(int servfd)
498 502 {
499 503 char path[MAXPATHLEN];
500 504
501 505 (void) snprintf(path, sizeof (path), CONSOLE_SOCKPATH, zone_name);
502 506 (void) unlink(path);
503 507 (void) shutdown(servfd, SHUT_RDWR);
504 508 (void) close(servfd);
505 509 }
506 510
507 511 /*
508 512 * Read the "ident" string from the client's descriptor; this routine also
509 513 * tolerates being called with pid=NULL, for times when you want to "eat"
510 514 * the ident string from a client without saving it.
511 515 */
512 516 static int
513 517 get_client_ident(int clifd, pid_t *pid, char *locale, size_t locale_len,
514 518 int *disconnect)
515 519 {
516 520 char buf[BUFSIZ], *bufp;
517 521 size_t buflen = sizeof (buf);
518 522 char c = '\0';
519 523 int i = 0, r;
520 524
521 525 /* "eat up the ident string" case, for simplicity */
522 526 if (pid == NULL) {
523 527 assert(locale == NULL && locale_len == 0);
524 528 while (read(clifd, &c, 1) == 1) {
525 529 if (c == '\n')
526 530 return (0);
527 531 }
528 532 }
529 533
530 534 bzero(buf, sizeof (buf));
531 535 while ((buflen > 1) && (r = read(clifd, &c, 1)) == 1) {
532 536 buflen--;
533 537 if (c == '\n')
534 538 break;
535 539
536 540 buf[i] = c;
537 541 i++;
538 542 }
539 543 if (r == -1)
540 544 return (-1);
541 545
542 546 /*
543 547 * We've filled the buffer, but still haven't seen \n. Keep eating
544 548 * until we find it; we don't expect this to happen, but this is
545 549 * defensive.
546 550 */
547 551 if (c != '\n') {
548 552 while ((r = read(clifd, &c, sizeof (c))) > 0)
549 553 if (c == '\n')
550 554 break;
551 555 }
552 556
553 557 /*
554 558 * Parse buffer for message of the form:
555 559 * IDENT <pid> <locale> <disconnect flag>
556 560 */
557 561 bufp = buf;
558 562 if (strncmp(bufp, "IDENT ", 6) != 0)
559 563 return (-1);
560 564 bufp += 6;
561 565 errno = 0;
562 566 *pid = strtoll(bufp, &bufp, 10);
563 567 if (errno != 0)
564 568 return (-1);
565 569
566 570 while (*bufp != '\0' && isspace(*bufp))
567 571 bufp++;
568 572 buflen = strlen(bufp) - 1;
569 573 *disconnect = atoi(&bufp[buflen]);
570 574 bufp[buflen - 1] = '\0';
571 575 (void) strlcpy(locale, bufp, locale_len);
572 576
573 577 return (0);
574 578 }
575 579
576 580 static int
577 581 accept_client(int servfd, pid_t *pid, char *locale, size_t locale_len,
578 582 int *disconnect)
579 583 {
580 584 int connfd;
581 585 struct sockaddr_un cliaddr;
582 586 socklen_t clilen;
583 587
584 588 clilen = sizeof (cliaddr);
585 589 connfd = accept(servfd, (struct sockaddr *)&cliaddr, &clilen);
586 590 if (connfd == -1)
587 591 return (-1);
588 592 if (get_client_ident(connfd, pid, locale, locale_len,
589 593 disconnect) == -1) {
590 594 (void) shutdown(connfd, SHUT_RDWR);
591 595 (void) close(connfd);
592 596 return (-1);
593 597 }
594 598 (void) write(connfd, "OK\n", 3);
595 599 return (connfd);
596 600 }
597 601
598 602 static void
599 603 reject_client(int servfd, pid_t clientpid)
600 604 {
601 605 int connfd;
602 606 struct sockaddr_un cliaddr;
603 607 socklen_t clilen;
604 608 char nak[MAXPATHLEN];
605 609
606 610 clilen = sizeof (cliaddr);
607 611 connfd = accept(servfd, (struct sockaddr *)&cliaddr, &clilen);
608 612
609 613 /*
610 614 * After hear its ident string, tell client to get lost.
611 615 */
612 616 if (get_client_ident(connfd, NULL, NULL, 0, NULL) == 0) {
613 617 (void) snprintf(nak, sizeof (nak), "%lu\n",
614 618 clientpid);
615 619 (void) write(connfd, nak, strlen(nak));
616 620 }
617 621 (void) shutdown(connfd, SHUT_RDWR);
618 622 (void) close(connfd);
619 623 }
620 624
621 625 static void
622 626 event_message(int clifd, char *clilocale, zone_evt_t evt, int dflag)
623 627 {
624 628 char *str, *lstr = NULL;
625 629 char lmsg[BUFSIZ];
626 630 char outbuf[BUFSIZ];
627 631
628 632 if (clifd == -1)
629 633 return;
630 634
631 635 switch (evt) {
632 636 case Z_EVT_ZONE_BOOTING:
633 637 if (*boot_args == '\0') {
634 638 str = "NOTICE: Zone booting up";
635 639 break;
636 640 }
637 641 /*LINTED*/
638 642 (void) snprintf(lmsg, sizeof (lmsg), localize_msg(clilocale,
639 643 "NOTICE: Zone booting up with arguments: %s"), boot_args);
640 644 lstr = lmsg;
641 645 break;
642 646 case Z_EVT_ZONE_READIED:
643 647 str = "NOTICE: Zone readied";
644 648 break;
645 649 case Z_EVT_ZONE_HALTED:
646 650 if (dflag)
647 651 str = "NOTICE: Zone halted. Disconnecting...";
648 652 else
649 653 str = "NOTICE: Zone halted";
650 654 break;
651 655 case Z_EVT_ZONE_REBOOTING:
652 656 if (*boot_args == '\0') {
653 657 str = "NOTICE: Zone rebooting";
654 658 break;
655 659 }
656 660 /*LINTED*/
657 661 (void) snprintf(lmsg, sizeof (lmsg), localize_msg(clilocale,
658 662 "NOTICE: Zone rebooting with arguments: %s"), boot_args);
659 663 lstr = lmsg;
660 664 break;
661 665 case Z_EVT_ZONE_UNINSTALLING:
662 666 str = "NOTICE: Zone is being uninstalled. Disconnecting...";
663 667 break;
664 668 case Z_EVT_ZONE_BOOTFAILED:
665 669 if (dflag)
666 670 str = "NOTICE: Zone boot failed. Disconnecting...";
667 671 else
668 672 str = "NOTICE: Zone boot failed";
669 673 break;
670 674 case Z_EVT_ZONE_BADARGS:
671 675 /*LINTED*/
672 676 (void) snprintf(lmsg, sizeof (lmsg),
673 677 localize_msg(clilocale,
674 678 "WARNING: Ignoring invalid boot arguments: %s"),
675 679 bad_boot_arg);
676 680 lstr = lmsg;
677 681 break;
678 682 default:
679 683 return;
680 684 }
681 685
682 686 if (lstr == NULL)
683 687 lstr = localize_msg(clilocale, str);
684 688 (void) snprintf(outbuf, sizeof (outbuf), "\r\n[%s]\r\n", lstr);
685 689 (void) write(clifd, outbuf, strlen(outbuf));
686 690 }
687 691
688 692 /*
689 693 * Check to see if the client at the other end of the socket is still
690 694 * alive; we know it is not if it throws EPIPE at us when we try to write
691 695 * an otherwise harmless 0-length message to it.
692 696 */
|
↓ open down ↓ |
235 lines elided |
↑ open up ↑ |
693 697 static int
694 698 test_client(int clifd)
695 699 {
696 700 if ((write(clifd, "", 0) == -1) && errno == EPIPE)
697 701 return (-1);
698 702 return (0);
699 703 }
700 704
701 705 /*
702 706 * This routine drives the console I/O loop. It polls for input from the
703 - * master side of the console (output to the console), and from the client
707 + * manager side of the console (output to the console), and from the client
704 708 * (input from the console user). Additionally, it polls on the server fd,
705 709 * and disconnects any clients that might try to hook up with the zone while
706 710 * the console is in use.
707 711 *
708 712 * When the client first calls us up, it is expected to send a line giving
709 713 * its "identity"; this consists of the string 'IDENT <pid> <locale>'.
710 714 * This is so that we can report that the console is busy along with
711 715 * some diagnostics about who has it busy; the locale is used so that
712 716 * asynchronous messages about zone state (like the NOTICE: zone halted
713 717 * messages) can be output in the user's locale.
714 718 */
715 719 static void
716 720 do_console_io(zlog_t *zlogp, int consfd, int servfd)
717 721 {
718 722 struct pollfd pollfds[4];
719 723 char ibuf[BUFSIZ];
720 724 int cc, ret;
721 725 int clifd = -1;
722 726 int pollerr = 0;
723 727 char clilocale[MAXPATHLEN];
724 728 pid_t clipid = 0;
725 729 int disconnect = 0;
726 730
727 731 /* console side, watch for read events */
728 732 pollfds[0].fd = consfd;
729 733 pollfds[0].events = POLLIN | POLLRDNORM | POLLRDBAND |
730 734 POLLPRI | POLLERR | POLLHUP | POLLNVAL;
731 735
732 736 /* client side, watch for read events */
733 737 pollfds[1].fd = clifd;
734 738 pollfds[1].events = pollfds[0].events;
735 739
736 740 /* the server socket; watch for events (new connections) */
737 741 pollfds[2].fd = servfd;
738 742 pollfds[2].events = pollfds[0].events;
739 743
740 744 /* the eventstram; watch for events (e.g.: zone halted) */
741 745 pollfds[3].fd = eventstream[1];
742 746 pollfds[3].events = pollfds[0].events;
743 747
744 748 for (;;) {
745 749 pollfds[0].revents = pollfds[1].revents = 0;
746 750 pollfds[2].revents = pollfds[3].revents = 0;
747 751
748 752 ret = poll(pollfds,
749 753 sizeof (pollfds) / sizeof (struct pollfd), -1);
750 754 if (ret == -1 && errno != EINTR) {
751 755 zerror(zlogp, B_TRUE, "poll failed");
752 756 /* we are hosed, close connection */
753 757 break;
754 758 }
755 759
756 760 /* event from console side */
757 761 if (pollfds[0].revents) {
758 762 if (pollfds[0].revents &
759 763 (POLLIN | POLLRDNORM | POLLRDBAND | POLLPRI)) {
760 764 errno = 0;
761 765 cc = read(consfd, ibuf, BUFSIZ);
762 766 if (cc <= 0 && (errno != EINTR) &&
763 767 (errno != EAGAIN))
764 768 break;
765 769 /*
766 770 * Lose I/O if no one is listening
767 771 */
768 772 if (clifd != -1 && cc > 0)
769 773 (void) write(clifd, ibuf, cc);
770 774 } else {
771 775 pollerr = pollfds[0].revents;
772 776 zerror(zlogp, B_FALSE,
773 777 "closing connection with (console) "
774 778 "pollerr %d\n", pollerr);
775 779 break;
776 780 }
777 781 }
778 782
779 783 /* event from client side */
780 784 if (pollfds[1].revents) {
781 785 if (pollfds[1].revents &
782 786 (POLLIN | POLLRDNORM | POLLRDBAND | POLLPRI)) {
783 787 errno = 0;
784 788 cc = read(clifd, ibuf, BUFSIZ);
785 789 if (cc <= 0 && (errno != EINTR) &&
786 790 (errno != EAGAIN))
787 791 break;
788 792 (void) write(consfd, ibuf, cc);
789 793 } else {
790 794 pollerr = pollfds[1].revents;
791 795 zerror(zlogp, B_FALSE,
792 796 "closing connection with (client) "
793 797 "pollerr %d\n", pollerr);
794 798 break;
795 799 }
796 800 }
797 801
798 802 /* event from server socket */
799 803 if (pollfds[2].revents &&
800 804 (pollfds[2].revents & (POLLIN | POLLRDNORM))) {
801 805 if (clifd != -1) {
802 806 /*
803 807 * Test the client to see if it is really
804 808 * still alive. If it has died but we
805 809 * haven't yet detected that, we might
806 810 * deny a legitimate connect attempt. If it
807 811 * is dead, we break out; once we tear down
808 812 * the old connection, the new connection
809 813 * will happen.
810 814 */
811 815 if (test_client(clifd) == -1) {
812 816 break;
813 817 }
814 818 /* we're already handling a client */
815 819 reject_client(servfd, clipid);
816 820
817 821
818 822 } else if ((clifd = accept_client(servfd, &clipid,
819 823 clilocale, sizeof (clilocale),
820 824 &disconnect)) != -1) {
821 825 pollfds[1].fd = clifd;
822 826
823 827 } else {
824 828 break;
825 829 }
826 830 }
827 831
828 832 /*
829 833 * Watch for events on the eventstream. This is how we get
830 834 * notified of the zone halting, etc. It provides us a
831 835 * "wakeup" from poll when important things happen, which
832 836 * is good.
833 837 */
834 838 if (pollfds[3].revents) {
835 839 int evt = eventstream_read();
836 840 /*
837 841 * After we drain out the event, if we aren't servicing
838 842 * a console client, we hop back out to our caller,
839 843 * which will check to see if it is time to shutdown
840 844 * the daemon, or if we should take another console
841 845 * service lap.
842 846 */
843 847 if (clifd == -1) {
844 848 break;
845 849 }
846 850 event_message(clifd, clilocale, evt, disconnect);
847 851 /*
848 852 * Special handling for the message that the zone is
849 853 * uninstalling; we boot the client, then break out
850 854 * of this function. When we return to the
851 855 * serve_console loop, we will see that the zone is
852 856 * in a state < READY, and so zoneadmd will shutdown.
853 857 */
854 858 if (evt == Z_EVT_ZONE_UNINSTALLING) {
855 859 break;
856 860 }
857 861 /*
858 862 * Diconnect if -C and -d options were specified and
859 863 * zone was halted or failed to boot.
860 864 */
861 865 if ((evt == Z_EVT_ZONE_HALTED ||
862 866 evt == Z_EVT_ZONE_BOOTFAILED) && disconnect) {
863 867 break;
864 868 }
865 869 }
866 870
867 871 }
868 872
869 873 if (clifd != -1) {
870 874 (void) shutdown(clifd, SHUT_RDWR);
871 875 (void) close(clifd);
872 876 }
873 877 }
874 878
875 879 int
876 880 init_console(zlog_t *zlogp)
877 881 {
878 882 if (init_console_dev(zlogp) == -1) {
879 883 zerror(zlogp, B_FALSE,
880 884 "console setup: device initialization failed");
881 885 return (-1);
882 886 }
883 887
884 888 if ((serverfd = init_console_sock(zlogp)) == -1) {
885 889 zerror(zlogp, B_FALSE,
886 890 "console setup: socket initialization failed");
887 891 return (-1);
888 892 }
889 893 return (0);
890 894 }
891 895
892 896 /*
893 897 * serve_console() is the master loop for driving console I/O. It is also the
894 898 * routine which is ultimately responsible for "pulling the plug" on zoneadmd
895 899 * when it realizes that the daemon should shut down.
896 900 *
|
↓ open down ↓ |
183 lines elided |
↑ open up ↑ |
897 901 * The rules for shutdown are: there must be no console client, and the zone
898 902 * state must be < ready. However, we need to give things a chance to actually
899 903 * get going when the daemon starts up-- otherwise the daemon would immediately
900 904 * exit on startup if the zone was in the installed state, so we first drop
901 905 * into the do_console_io() loop in order to give *something* a chance to
902 906 * happen.
903 907 */
904 908 void
905 909 serve_console(zlog_t *zlogp)
906 910 {
907 - int masterfd;
911 + int managerfd;
908 912 zone_state_t zstate;
909 913 char conspath[MAXPATHLEN];
910 914
911 915 (void) snprintf(conspath, sizeof (conspath),
912 - "/dev/zcons/%s/%s", zone_name, ZCONS_MASTER_NAME);
916 + "/dev/zcons/%s/%s", zone_name, ZCONS_MANAGER_NAME);
913 917
914 918 for (;;) {
915 - masterfd = open(conspath, O_RDWR|O_NONBLOCK|O_NOCTTY);
916 - if (masterfd == -1) {
917 - zerror(zlogp, B_TRUE, "failed to open console master");
919 + managerfd = open(conspath, O_RDWR|O_NONBLOCK|O_NOCTTY);
920 + if (managerfd == -1) {
921 + zerror(zlogp, B_TRUE, "failed to open console manager");
918 922 (void) mutex_lock(&lock);
919 923 goto death;
920 924 }
921 925
922 926 /*
923 927 * Setting RPROTDIS on the stream means that the control
924 928 * portion of messages received (which we don't care about)
925 929 * will be discarded by the stream head. If we allowed such
926 930 * messages, we wouldn't be able to use read(2), as it fails
927 931 * (EBADMSG) when a message with a control element is received.
928 932 */
929 - if (ioctl(masterfd, I_SRDOPT, RNORM|RPROTDIS) == -1) {
933 + if (ioctl(managerfd, I_SRDOPT, RNORM|RPROTDIS) == -1) {
930 934 zerror(zlogp, B_TRUE, "failed to set options on "
931 - "console master");
935 + "console manager");
932 936 (void) mutex_lock(&lock);
933 937 goto death;
934 938 }
935 939
936 - do_console_io(zlogp, masterfd, serverfd);
940 + do_console_io(zlogp, managerfd, serverfd);
937 941
938 942 /*
939 943 * We would prefer not to do this, but hostile zone processes
940 944 * can cause the stream to become tainted, and reads will
941 945 * fail. So, in case something has gone seriously ill,
942 946 * we dismantle the stream and reopen the console when we
943 947 * take another lap.
944 948 */
945 - (void) close(masterfd);
949 + (void) close(managerfd);
946 950
947 951 (void) mutex_lock(&lock);
948 952 /*
949 953 * We need to set death_throes (see below) atomically with
950 954 * respect to noticing that (a) we have no console client and
951 955 * (b) the zone is not installed. Otherwise we could get a
952 956 * request to boot during this time. Once we set death_throes,
953 957 * any incoming door stuff will be turned away.
954 958 */
955 959 if (zone_get_state(zone_name, &zstate) == Z_OK) {
956 960 if (zstate < ZONE_STATE_READY)
957 961 goto death;
958 962 } else {
959 963 zerror(zlogp, B_FALSE,
960 964 "unable to determine state of zone");
961 965 goto death;
962 966 }
963 967 /*
964 968 * Even if zone_get_state() fails, stay conservative, and
965 969 * take another lap.
966 970 */
967 971 (void) mutex_unlock(&lock);
968 972 }
969 973
970 974 death:
971 975 assert(MUTEX_HELD(&lock));
972 976 in_death_throes = B_TRUE;
973 977 (void) mutex_unlock(&lock);
974 978
975 979 destroy_console_sock(serverfd);
976 980 (void) destroy_console_devs(zlogp);
977 981 }
|
↓ open down ↓ |
22 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX